lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Wed,  7 Oct 2015 08:40:13 -0700
From:	David Ahern <>
Cc:, David Ahern <>
Subject: [PATCH net-next] net: Do not drop to make_route if oif is l3mdev

Commit deaa0a6a930 ("net: Lookup actual route when oif is VRF device")
exposed a bug in __ip_route_output_key_hash for VRF devices: on FIB lookup
failure if the oif is specified the current logic drops to make_route on
the assumption that the route tables are wrong. For VRF/L3 master devices
this leads to wrong dst entries and route lookups. For example:
    $ ip route ls table vrf-red
    unreachable default
    broadcast dev eth1  proto kernel  scope link  src dev eth1  proto kernel  scope link  src
    local dev eth1  proto kernel  scope host  src
    broadcast dev eth1  proto kernel  scope link  src

    $ ip route get oif vrf-red dev vrf-red  src

With this patch:
    $  ip route get oif vrf-red
    RTNETLINK answers: No route to host

which is the correct response based on the default route

Signed-off-by: David Ahern <>
 net/ipv4/route.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index bf1486bd7e81..f10ad88bfb89 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2196,7 +2196,8 @@ struct rtable *__ip_route_output_key_hash(struct net *net, struct flowi4 *fl4,
 	if (err) { = NULL;
 		res.table = NULL;
-		if (fl4->flowi4_oif) {
+		if (fl4->flowi4_oif &&
+		    !netif_index_is_l3_master(net, fl4->flowi4_oif)) {
 			/* Apparently, routing tables are wrong. Assume,
 			   that the destination is on link.

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists