Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp737475ybc;
        Sat, 16 Nov 2019 07:50:12 -0800 (PST)
X-Google-Smtp-Source: APXvYqzCve6uS+SeQs7MiXmV0D1Qo+MeHOhtxkfj6yaLPFLarmPZMu/XxFGpeZRBLUchu2h5Ieu8
X-Received: by 2002:a17:906:1c4d:: with SMTP id l13mr10568763ejg.308.1573919412460;
        Sat, 16 Nov 2019 07:50:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573919412; cv=none;
        d=google.com; s=arc-20160816;
        b=AdKMorSoBflt4p3Vu7YWSjTkxeWhsoSw/jmIyPuBwJJgFOsNgsOQCXATwEO0M/rtW3
         WHy/peTacSrwsI2C2LqazKel9PhiJmdf8rUEqXQmNnuHzrg18Zt8a66McRVgG6fv/Skf
         ECmrwk6RmtzGP8HHYhoCdC74SLfZpfYDk8J42UDkoKRhRYlu3jUOYj+x0C6ZLRML3pym
         kc3uPDdpcTBZ6LBIT46yTq14NAZ+6j4If14hxr9lOnnNGV68KUUxpxCL59LT76wScRwH
         HMstZ1LDPTEo0ljoULOAvkjBaFGQg3fXvfcc8UOBeIinO4tA7ZfLpae48BMRQdJ+es2Z
         0Wcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=dx5aDYVNjXE61g64yghmkPr8xY5fp5qEbSnBzh2liac=;
        b=IKxCWmdsyIweWHkec1JnL54ibQh3/0xsfUFRMz9j7Z5kC5fv1ldogY3FDHUNb4inRr
         6nDu1a3Gxq5swoU6HQem/nZWdaf59KhPNPav2PPoVfdbCWaI9EvlygILIOa7sxjknYZj
         mDxPSggKTWZ4iCRNXil6StsbQOUdAeEjvj/rV0FsPSuG5IDTID44orJwK8vNYM+0nmeX
         WprQ87/hPoEyRtRGDFwL3lAks241guRr3vgQmcBNiL4SgpjUwz45QUcO7cLtq0ltUwBv
         iXT8Fbz+hsxk/J6vzf1zMtmiubwzfJV3UVPzXNXp/BlMAnqCsVcXUzpf72ifPvkb6jaG
         MMCQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=oQi3bC73;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f10si8057451ejq.289.2019.11.16.07.49.48;
        Sat, 16 Nov 2019 07:50:12 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=oQi3bC73;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729725AbfKPPrf (ORCPT <rfc822;fezhang.suse@gmail.com>
        + 99 others); Sat, 16 Nov 2019 10:47:35 -0500
Received: from mail.kernel.org ([198.145.29.99]:53484 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728698AbfKPPqw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 16 Nov 2019 10:46:52 -0500
Received: from sasha-vm.mshome.net (unknown [50.234.116.4])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id A746C20B7C;
        Sat, 16 Nov 2019 15:46:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1573919212;
        bh=cY1lYufDsOuH9eYiHBsjkA1HrylGeF39ZhwcLFZxWqg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=oQi3bC73I2Y1JkuJH8bXDR21JNgeEGeqAFOmAEui+TwxlA3OQfaAYhueRq0ou6I6k
         /tQpRjpcU04EpDUjLbnG9uzTeIBGZpaw4sCc0JnBvp/G7gr9X6AvfJ4i5uaL+W/zT2
         wq61dK2ONFjvmmcO1YH5WQOgGR7evs4NEw/3m1+s=
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Mike Manning <mmanning@vyatta.att-mail.com>,
        David Ahern <dsahern@gmail.com>,
        "David S . Miller" <davem@davemloft.net>,
        Sasha Levin <sashal@kernel.org>, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 218/237] vrf: mark skb for multicast or link-local as enslaved to VRF
Date:   Sat, 16 Nov 2019 10:40:53 -0500
Message-Id: <20191116154113.7417-218-sashal@kernel.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20191116154113.7417-1-sashal@kernel.org>
References: <20191116154113.7417-1-sashal@kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mike Manning <mmanning@vyatta.att-mail.com>

[ Upstream commit 6f12fa775530195a501fb090d092c637f32d0cc5 ]

The skb for packets that are multicast or to a link-local address are
not marked as being enslaved to a VRF, if they are received on a socket
bound to the VRF. This is needed for ND and it is preferable for the
kernel not to have to deal with the additional use-cases if ll or mcast
packets are handled as enslaved. However, this does not allow service
instances listening on unbound and bound to VRF sockets to distinguish
the VRF used, if packets are sent as multicast or to a link-local
address. The fix is for the VRF driver to also mark these skb as being
enslaved to the VRF.

Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/vrf.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index 9f895083bc0aa..7f5ee6bb44300 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -993,24 +993,23 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev,
 				   struct sk_buff *skb)
 {
 	int orig_iif = skb->skb_iif;
-	bool need_strict;
+	bool need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr);
+	bool is_ndisc = ipv6_ndisc_frame(skb);
 
-	/* loopback traffic; do not push through packet taps again.
-	 * Reset pkt_type for upper layers to process skb
+	/* loopback, multicast & non-ND link-local traffic; do not push through
+	 * packet taps again. Reset pkt_type for upper layers to process skb
 	 */
-	if (skb->pkt_type == PACKET_LOOPBACK) {
+	if (skb->pkt_type == PACKET_LOOPBACK || (need_strict && !is_ndisc)) {
 		skb->dev = vrf_dev;
 		skb->skb_iif = vrf_dev->ifindex;
 		IP6CB(skb)->flags |= IP6SKB_L3SLAVE;
-		skb->pkt_type = PACKET_HOST;
+		if (skb->pkt_type == PACKET_LOOPBACK)
+			skb->pkt_type = PACKET_HOST;
 		goto out;
 	}
 
-	/* if packet is NDISC or addressed to multicast or link-local
-	 * then keep the ingress interface
-	 */
-	need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr);
-	if (!ipv6_ndisc_frame(skb) && !need_strict) {
+	/* if packet is NDISC then keep the ingress interface */
+	if (!is_ndisc) {
 		vrf_rx_stats(vrf_dev, skb->len);
 		skb->dev = vrf_dev;
 		skb->skb_iif = vrf_dev->ifindex;
-- 
2.20.1