lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 24 Nov 2022 20:00:24 -0800
From:   David Ahern <dsahern@...nel.org>
To:     Richard Gobert <richardbgobert@...il.com>, davem@...emloft.net,
        yoshfuji@...ux-ipv6.org, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: setsockopt: fix IPV6_UNICAST_IF option for connected
 sockets

On 11/24/22 4:48 AM, Richard Gobert wrote:
> Change the behaviour of ip6_datagram_connect to consider the interface
> set by the IPV6_UNICAST_IF socket option, similarly to udpv6_sendmsg.
> 
> This change is the IPv6 counterpart of the fix for IP_UNICAST_IF.
> The tests introduced by that patch showed that the incorrect
> behavior is present in IPv6 as well.
> This patch fixes the broken test.
> 
> Reported-by: kernel test robot <oliver.sang@...el.com>
> Link: https://lore.kernel.org/r/202210062117.c7eef1a3-oliver.sang@intel.com
> 

Fixes tag here.

> Signed-off-by: Richard Gobert <richardbgobert@...il.com>
> ---
>  net/ipv6/datagram.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
> index 7c7155b48f17..c3999f9e3545 100644
> --- a/net/ipv6/datagram.c
> +++ b/net/ipv6/datagram.c
> @@ -42,24 +42,30 @@ static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
>  {
>  	struct inet_sock *inet = inet_sk(sk);
>  	struct ipv6_pinfo *np = inet6_sk(sk);
> +	int oif;

	int oif = sk->sk_bound_dev_if;
>  
>  	memset(fl6, 0, sizeof(*fl6));
>  	fl6->flowi6_proto = sk->sk_protocol;
>  	fl6->daddr = sk->sk_v6_daddr;
>  	fl6->saddr = np->saddr;
> -	fl6->flowi6_oif = sk->sk_bound_dev_if;
> +	oif = sk->sk_bound_dev_if;

and then drop this line in the middle of all of the fl6 setup.

>  	fl6->flowi6_mark = sk->sk_mark;
>  	fl6->fl6_dport = inet->inet_dport;
>  	fl6->fl6_sport = inet->inet_sport;
>  	fl6->flowlabel = np->flow_label;
>  	fl6->flowi6_uid = sk->sk_uid;
>  
> -	if (!fl6->flowi6_oif)
> -		fl6->flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
> +	if (!oif)
> +		oif = np->sticky_pktinfo.ipi6_ifindex;
>  
> -	if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr))
> -		fl6->flowi6_oif = np->mcast_oif;
> +	if (!oif) {
> +		if (ipv6_addr_is_multicast(&fl6->daddr))
> +			oif = np->mcast_oif;
> +		else
> +			oif = np->ucast_oif;
> +	}
>  
> +	fl6->flowi6_oif = oif;
>  	security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
>  }
>  

thanks for the fix.

Besides the nit,
Reviewed-by: David Ahern <dsahern@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ