Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp6015220ybc; Wed, 27 Nov 2019 13:26:08 -0800 (PST) X-Google-Smtp-Source: APXvYqzVt5StQBNnJJE9h5o68XPlwlnxFsF/4nTK0iGv7vR/nvG2gTXsTn8uDjHAueE2BaZ8SgsH X-Received: by 2002:aa7:c59a:: with SMTP id g26mr34399299edq.109.1574889968875; Wed, 27 Nov 2019 13:26:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574889968; cv=none; d=google.com; s=arc-20160816; b=eKzYIsXXFLhAA4iCvx3Ev2MFRWyJLczjE+RQkySC7XizDV7jipIrx7S0sFJOh947AE hGy0/SO7ETeRdFuYogNk2MGb/CRbf9OX2H7J1gF9/rvVOwvDNuu/rcOzX4OIhlV70Xd4 J4A7YVILUby3kI63CzxLINWurzKrC2h3AP99rEjBsXlEbkfQpgxoLixd56UCURTCHFFw oKbZEDvK3mv4yplEqgbRDtyN1OBppQA3C2RZb4ipIV78jJPRxd/XKi1V9OpRV4FpXiat gtlHhGp3HJcolM7LszIaoLio/KaATywsE/WvZWUkRPEN7vaHaPdf9cmWEMOxUyj3Ezfc 2neA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dx5aDYVNjXE61g64yghmkPr8xY5fp5qEbSnBzh2liac=; b=esRbgKuWyqb7Y9g57H0M9S3AeCGsn9UgH/qSkPeA927IQGD0sjZ/OUSfmDkulgNyO4 KLlgAjBg2DEsYqxwuZVg2gX4Ri1ph7m3c36pz1VtZru+R+c/6exyr8PFx97om0yZs7pg ceaJxi5TevJ5s+1KXfBMlLkwSGbe5rHh6TrLoZurxgson2I6yp0jtl0L0pJ4nMyHgowm QQ0lLh1Bcvknfd5PjkVmiN8eFDpQG2fo01c4c8NgP6KgGnJleEdN+MSc/8z/CXrYuFeP HcZjk3hflg0BY1zlaheVWv2KC8xJDBhxjY8g5tFfMhdt2oYJX+hik6CpisoAFBwT4JwP U6pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=c8sW0VMi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z65si12570220ede.388.2019.11.27.13.25.45; Wed, 27 Nov 2019 13:26:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=c8sW0VMi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732054AbfK0VFp (ORCPT + 99 others); Wed, 27 Nov 2019 16:05:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:59528 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727372AbfK0VFn (ORCPT ); Wed, 27 Nov 2019 16:05:43 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2B92F21741; Wed, 27 Nov 2019 21:05:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574888742; bh=cY1lYufDsOuH9eYiHBsjkA1HrylGeF39ZhwcLFZxWqg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c8sW0VMiH2xnpLeOpGcZjQ2WpdnLR6lK91dlvkTZi8G4JX1XYcQAmP7x2IFpQXxSz Zo2avjEj6swz3f0c2aL3NEbWZYFdEc5LKpaBPhP1c4CZ2rsE8Ru6+kWTbEl3hdtJ9P HvOKjEC1BDwVHoLjHvrkjWjlM8fnBnwU1RUggz6o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mike Manning , David Ahern , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 235/306] vrf: mark skb for multicast or link-local as enslaved to VRF Date: Wed, 27 Nov 2019 21:31:25 +0100 Message-Id: <20191127203132.178090957@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127203114.766709977@linuxfoundation.org> References: <20191127203114.766709977@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mike Manning [ Upstream commit 6f12fa775530195a501fb090d092c637f32d0cc5 ] The skb for packets that are multicast or to a link-local address are not marked as being enslaved to a VRF, if they are received on a socket bound to the VRF. This is needed for ND and it is preferable for the kernel not to have to deal with the additional use-cases if ll or mcast packets are handled as enslaved. However, this does not allow service instances listening on unbound and bound to VRF sockets to distinguish the VRF used, if packets are sent as multicast or to a link-local address. The fix is for the VRF driver to also mark these skb as being enslaved to the VRF. Signed-off-by: Mike Manning Reviewed-by: David Ahern Tested-by: David Ahern Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/vrf.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 9f895083bc0aa..7f5ee6bb44300 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -993,24 +993,23 @@ static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev, struct sk_buff *skb) { int orig_iif = skb->skb_iif; - bool need_strict; + bool need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr); + bool is_ndisc = ipv6_ndisc_frame(skb); - /* loopback traffic; do not push through packet taps again. - * Reset pkt_type for upper layers to process skb + /* loopback, multicast & non-ND link-local traffic; do not push through + * packet taps again. Reset pkt_type for upper layers to process skb */ - if (skb->pkt_type == PACKET_LOOPBACK) { + if (skb->pkt_type == PACKET_LOOPBACK || (need_strict && !is_ndisc)) { skb->dev = vrf_dev; skb->skb_iif = vrf_dev->ifindex; IP6CB(skb)->flags |= IP6SKB_L3SLAVE; - skb->pkt_type = PACKET_HOST; + if (skb->pkt_type == PACKET_LOOPBACK) + skb->pkt_type = PACKET_HOST; goto out; } - /* if packet is NDISC or addressed to multicast or link-local - * then keep the ingress interface - */ - need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr); - if (!ipv6_ndisc_frame(skb) && !need_strict) { + /* if packet is NDISC then keep the ingress interface */ + if (!is_ndisc) { vrf_rx_stats(vrf_dev, skb->len); skb->dev = vrf_dev; skb->skb_iif = vrf_dev->ifindex; -- 2.20.1