diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-06-06 12:37:53 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2021-06-22 23:29:12 +0200 |
commit | ec780bdb9201182423688e38abd1f1959d32ae47 (patch) | |
tree | f08677ff4d3972924592e3b6be5214cc6006e4eb /target/linux/generic/backport-5.4/080-wireguard-0128-wireguard-selftests-make-sure-rp_filter-is-disabled-.patch | |
parent | 82c700de67dc03bb71a739e1b40f08d84ea24e5d (diff) | |
download | upstream-ec780bdb9201182423688e38abd1f1959d32ae47.tar.gz upstream-ec780bdb9201182423688e38abd1f1959d32ae47.tar.bz2 upstream-ec780bdb9201182423688e38abd1f1959d32ae47.zip |
kernel-5.4: backport latest patches for wireguard
These are the latest patches that just landed upstream for 5.13, will be
backported by Greg into 5.10 (because of stable@), and are now in the
5.4 backport branch of wireguard: https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y
Cc: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 2a3b2f59fec10d7c08f90f019b310db418e775bf)
Diffstat (limited to 'target/linux/generic/backport-5.4/080-wireguard-0128-wireguard-selftests-make-sure-rp_filter-is-disabled-.patch')
-rw-r--r-- | target/linux/generic/backport-5.4/080-wireguard-0128-wireguard-selftests-make-sure-rp_filter-is-disabled-.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/target/linux/generic/backport-5.4/080-wireguard-0128-wireguard-selftests-make-sure-rp_filter-is-disabled-.patch b/target/linux/generic/backport-5.4/080-wireguard-0128-wireguard-selftests-make-sure-rp_filter-is-disabled-.patch new file mode 100644 index 0000000000..22d0f3e32e --- /dev/null +++ b/target/linux/generic/backport-5.4/080-wireguard-0128-wireguard-selftests-make-sure-rp_filter-is-disabled-.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" <Jason@zx2c4.com> +Date: Fri, 4 Jun 2021 17:17:31 +0200 +Subject: [PATCH] wireguard: selftests: make sure rp_filter is disabled on + vethc + +commit f8873d11d4121aad35024f9379e431e0c83abead upstream. + +Some distros may enable strict rp_filter by default, which will prevent +vethc from receiving the packets with an unrouteable reverse path address. + +Reported-by: Hangbin Liu <liuhangbin@gmail.com> +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Cc: stable@vger.kernel.org +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> +--- + tools/testing/selftests/wireguard/netns.sh | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/wireguard/netns.sh ++++ b/tools/testing/selftests/wireguard/netns.sh +@@ -363,6 +363,7 @@ ip1 -6 rule add table main suppress_pref + ip1 -4 route add default dev wg0 table 51820 + ip1 -4 rule add not fwmark 51820 table 51820 + ip1 -4 rule add table main suppress_prefixlength 0 ++n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/vethc/rp_filter' + # Flood the pings instead of sending just one, to trigger routing table reference counting bugs. + n1 ping -W 1 -c 100 -f 192.168.99.7 + n1 ping -W 1 -c 100 -f abab::1111 |