diff options
Diffstat (limited to 'target/linux/generic/backport-4.9')
-rw-r--r-- | target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch new file mode 100644 index 0000000000..bfb7690dec --- /dev/null +++ b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch @@ -0,0 +1,32 @@ +From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001 +From: Alin Nastac <alin.nastac@gmail.com> +Date: Wed, 21 Nov 2018 14:00:30 +0100 +Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif + +When ip6_route_me_harder is invoked, it resets outgoing interface of: + - link-local scoped packets sent by neighbor discovery + - multicast packets sent by MLD host + - multicast packets send by MLD proxy daemon that sets outgoing + interface through IPV6_PKTINFO ipi6_ifindex + +Link-local and multicast packets must keep their original oif after +ip6_route_me_harder is called. + +Signed-off-by: Alin Nastac <alin.nastac@gmail.com> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + net/ipv6/netfilter.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/ipv6/netfilter.c ++++ b/net/ipv6/netfilter.c +@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net, + unsigned int hh_len; + struct dst_entry *dst; + struct flowi6 fl6 = { +- .flowi6_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0, ++ .flowi6_oif = skb->sk && skb->sk->sk_bound_dev_if ? skb->sk->sk_bound_dev_if : ++ rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0, + .flowi6_mark = skb->mark, + .daddr = iph->daddr, + .saddr = iph->saddr, |