| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Mar 2018 14:24:38 -0400 (EDT) From: David Miller <davem@...emloft.net> To: dsahern@...il.com Cc: netdev@...r.kernel.org, sharpd@...ulusnetworks.com Subject: Re: [PATCH net] net/ipv6: Fix route leaking between VRFs From: David Ahern <dsahern@...il.com> Date: Thu, 29 Mar 2018 17:44:57 -0700 > Donald reported that IPv6 route leaking between VRFs is not working. > The root cause is the strict argument in the call to rt6_lookup when > validating the nexthop spec. > > ip6_route_check_nh validates the gateway and device (if given) of a > route spec. It in turn could call rt6_lookup (e.g., lookup in a given > table did not succeed so it falls back to a full lookup) and if so > sets the strict argument to 1. That means if the egress device is given, > the route lookup needs to return a result with the same device. This > strict requirement does not work with VRFs (IPv4 or IPv6) because the > oif in the flow struct is overridden with the index of the VRF device > to trigger a match on the l3mdev rule and force the lookup to its table. > > The right long term solution is to add an l3mdev index to the flow > struct such that the oif is not overridden. That solution will not > backport well, so this patch aims for a simpler solution to relax the > strict argument if the route spec device is an l3mdev slave. As done > in other places, use the FLOWI_FLAG_SKIP_NH_OIF to know that the > RT6_LOOKUP_F_IFACE flag needs to be removed. > > Reported-by: Donald Sharp <sharpd@...ulusnetworks.com> > Signed-off-by: David Ahern <dsahern@...il.com> Applied, with fixes tag added, and queued up for -stable. Thanks.
Powered by blists - more mailing lists