| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Feb 2018 10:09:18 -0700
From: David Ahern <dsahern@...il.com>
To: Stephen Suryaputra <ssuryaextr@...il.com>
Cc: netdev@...r.kernel.org
Subject: Re: VRF destination unreachable
On 2/27/18 9:09 AM, Stephen Suryaputra wrote:
> Thanks David for confirming that this is unintended.
>
> Given that, I think the fix isn't complete because when forwarding
> isn't enabled on the original incoming netdev, the ICMP shouldn't be
> generated. This diff fixes that case:
>
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index a4f44d8..dc40a94 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -937,13 +937,20 @@ static int ip_error(struct sk_buff *skb)
> struct net *net;
> bool send;
> int code;
> + int in_dev_forward;
declarations are in reverse xmas tree order. ie., put this new one after
peer.
>
> /* IP on this device is disabled. */
> if (!in_dev)
> goto out;
>
> net = dev_net(rt->dst.dev);
> - if (!IN_DEV_FORWARD(in_dev)) {
> + if (netif_is_l3_master(skb->dev)) {
> + in_dev_forward = IN_DEV_FORWARD(
> + __in_dev_get_rcu(__dev_get_by_index(net,
> IPCB(skb)->iif)));
> + } else {
> + in_dev_forward = IN_DEV_FORWARD(in_dev);
> + }
That looks correct.
> + if (!in_dev_forward) {
> switch (rt->dst.error) {
> case EHOSTUNREACH:
> __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
>
> I can put a formal patch if you like.
>
please do.
Powered by blists - more mailing lists