lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251208102434.3379379-1-nicolas.dichtel@6wind.com>
Date: Mon,  8 Dec 2025 11:24:34 +0100
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: "David S . Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Eric Dumazet <edumazet@...gle.com>,
	David Lebrun <david.lebrun@...ouvain.be>,
	Andrea Mayer <andrea.mayer@...roma2.it>,
	Paolo Lungaroni <paolo.lungaroni@...roma2.it>,
	David Ahern <dsahern@...nel.org>
Cc: netdev@...r.kernel.org,
	Nicolas Dichtel <nicolas.dichtel@...nd.com>
Subject: [PATCH net] seg6: fix route leak for encap routes

The goal is to take into account the device used to set up the route.
Before this commit, it was mandatory but ignored. After encapsulation, a
second route lookup is performed using the encapsulated IPv6 address.
This route lookup is now done in the vrf where the route device is set.

The l3vpn tests show the inconsistency; they are updated to reflect the
fix. Before the commit, the route to 'fc00:21:100::6046' was put in the
vrf-100 table while the encap route was pointing to veth0, which is not
associated with a vrf.

Before:
> $ ip -n rt_2-Rh5GP7 -6 r list vrf vrf-100 | grep fc00:21:100::6046
> cafe::1  encap seg6 mode encap segs 1 [ fc00:21:100::6046 ] dev veth0 metric 1024 pref medium
> fc00:21:100::6046 via fd00::1 dev veth0 metric 1024 pref medium

After:
> $ ip -n rt_2-Rh5GP7 -6 r list vrf vrf-100 | grep fc00:21:100::6046
> cafe::1  encap seg6 mode encap segs 1 [ fc00:21:100::6046 ] dev veth0 metric 1024 pref medium
> $ ip -n rt_2-Rh5GP7 -6 r list | grep fc00:21:100::6046
> fc00:21:100::6046 via fd00::1 dev veth0 metric 1024 pref medium

Fixes: 6c8702c60b88 ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
---
 net/ipv6/seg6_iptunnel.c                                | 6 ++++++
 tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh | 2 +-
 tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh  | 2 +-
 tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh  | 2 +-
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/seg6_iptunnel.c b/net/ipv6/seg6_iptunnel.c
index 3e1b9991131a..9535aea28357 100644
--- a/net/ipv6/seg6_iptunnel.c
+++ b/net/ipv6/seg6_iptunnel.c
@@ -484,6 +484,12 @@ static int seg6_input_core(struct net *net, struct sock *sk,
 	 * now and use it later as a comparison.
 	 */
 	lwtst = orig_dst->lwtstate;
+	if (orig_dst->dev) {
+		rcu_read_lock();
+		skb->dev = l3mdev_master_dev_rcu(orig_dst->dev) ?:
+			dev_net(skb->dev)->loopback_dev;
+		rcu_read_unlock();
+	}
 
 	slwt = seg6_lwt_lwtunnel(lwtst);
 
diff --git a/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh
index a5e959a080bb..682fb5b4509d 100755
--- a/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh
+++ b/tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh
@@ -333,7 +333,7 @@ setup_vpn_config()
 		encap seg6 mode encap segs ${vpn_sid} dev veth0
 	ip -netns ${rtsrc_name} -4 route add ${IPv4_HS_NETWORK}.${hsdst}/32 vrf vrf-${tid} \
 		encap seg6 mode encap segs ${vpn_sid} dev veth0
-	ip -netns ${rtsrc_name} -6 route add ${vpn_sid}/128 vrf vrf-${tid} \
+	ip -netns ${rtsrc_name} -6 route add ${vpn_sid}/128 \
 		via fd00::${rtdst} dev veth0
 
 	# set the decap route for decapsulating packets which arrive from
diff --git a/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh
index a649dba3cb77..11f693c65169 100755
--- a/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh
+++ b/tools/testing/selftests/net/srv6_end_dt4_l3vpn_test.sh
@@ -287,7 +287,7 @@ setup_vpn_config()
 	# host hssrc and destined to the access router rtsrc.
 	ip -netns ${rtsrc_name} -4 route add ${IPv4_HS_NETWORK}.${hsdst}/32 vrf vrf-${tid} \
 		encap seg6 mode encap segs ${vpn_sid} dev veth0
-	ip -netns ${rtsrc_name} -6 route add ${vpn_sid}/128 vrf vrf-${tid} \
+	ip -netns ${rtsrc_name} -6 route add ${vpn_sid}/128 \
 		via fd00::${rtdst} dev veth0
 
 	# set the decap route for decapsulating packets which arrive from
diff --git a/tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh b/tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh
index e408406d8489..7d7e056c645c 100755
--- a/tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh
+++ b/tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh
@@ -297,7 +297,7 @@ setup_vpn_config()
 	# host hssrc and destined to the access router rtsrc.
 	ip -netns ${rtsrc_name} -6 route add ${IPv6_HS_NETWORK}::${hsdst}/128 vrf vrf-${tid} \
 		encap seg6 mode encap segs ${vpn_sid} dev veth0
-	ip -netns ${rtsrc_name} -6 route add ${vpn_sid}/128 vrf vrf-${tid} \
+	ip -netns ${rtsrc_name} -6 route add ${vpn_sid}/128 \
 		via fd00::${rtdst} dev veth0
 
 	# set the decap route for decapsulating packets which arrive from
-- 
2.47.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ