aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/backport-4.9
diff options
context:
space:
mode:
authorHans Dedecker <dedeckeh@gmail.com>2018-12-17 21:26:22 +0100
committerHans Dedecker <dedeckeh@gmail.com>2018-12-17 21:42:23 +0100
commitb0414d718862fae48d601e8549054a82d2cc4fde (patch)
treea0b094a6c3e54062e57c90a1809d829a2a2079bb /target/linux/generic/backport-4.9
parent3f7de917be3216785f039c921cfedf72b9989f49 (diff)
downloadupstream-b0414d718862fae48d601e8549054a82d2cc4fde.tar.gz
upstream-b0414d718862fae48d601e8549054a82d2cc4fde.tar.bz2
upstream-b0414d718862fae48d601e8549054a82d2cc4fde.zip
kernel: preserve oif of IPv6 link scope packets
Backort upstream patch which preserves oif of IPv6 link scoped packets. The outgoing interface of IPv6 link scope packets can be changed by the function ip6_route_me_harder. This is unwanted behavior for link local packets and multicast packets as the outgoing interface is fixed and must not be altered as it can break neighbor discovery and multicast listener discovery. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Diffstat (limited to 'target/linux/generic/backport-4.9')
-rw-r--r--target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..bfb7690dec
--- /dev/null
+++ b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+ - link-local scoped packets sent by neighbor discovery
+ - multicast packets sent by MLD host
+ - multicast packets send by MLD proxy daemon that sets outgoing
+ interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net,
+ unsigned int hh_len;
+ struct dst_entry *dst;
+ struct flowi6 fl6 = {
+- .flowi6_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
++ .flowi6_oif = skb->sk && skb->sk->sk_bound_dev_if ? skb->sk->sk_bound_dev_if :
++ rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ .flowi6_mark = skb->mark,
+ .daddr = iph->daddr,
+ .saddr = iph->saddr,
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 00:32:01 +0000