lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <099019ee-05f4-457b-a82b-0fac55d8dd48@gmail.com>
Date: Wed, 7 Jan 2026 12:05:15 -0500
From: Brian Haley <haleyb.dev@...il.com>
To: Fernando Fernandez Mancera <fmancera@...e.de>, netdev@...r.kernel.org
Cc: davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
 pabeni@...hat.com, horms@...nel.org, shuah@...nel.org,
 linux-kselftest@...r.kernel.org
Subject: Re: [PATCH 1/2 net-next v2] ipv6: use the right ifindex when replying
 to icmpv6 from localhost

Hi Fernando,

On 1/7/26 10:38 AM, Fernando Fernandez Mancera wrote:
> When replying to a ICMPv6 echo request that comes from localhost address
> the right output ifindex is 1 (lo) and not rt6i_idev dev index. Use the
> skb device ifindex instead. This fixes pinging to a local address from
> localhost source address.
> 
> $ ping6 -I ::1 2001:1:1::2 -c 3
> PING 2001:1:1::2 (2001:1:1::2) from ::1 : 56 data bytes
> 64 bytes from 2001:1:1::2: icmp_seq=1 ttl=64 time=0.037 ms
> 64 bytes from 2001:1:1::2: icmp_seq=2 ttl=64 time=0.069 ms
> 64 bytes from 2001:1:1::2: icmp_seq=3 ttl=64 time=0.122 ms
> 
> 2001:1:1::2 ping statistics
> 3 packets transmitted, 3 received, 0% packet loss, time 2032ms
> rtt min/avg/max/mdev = 0.037/0.076/0.122/0.035 ms
> 
> Fixes: 1b70d792cf67 ("ipv6: Use rt6i_idev index for echo replies to a local address")
> Signed-off-by: Fernando Fernandez Mancera <fmancera@...e.de>
> ---
> v2: no changes
> ---
>   net/ipv6/icmp.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
> index 5d2f90babaa5..5de254043133 100644
> --- a/net/ipv6/icmp.c
> +++ b/net/ipv6/icmp.c
> @@ -965,7 +965,9 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
>   	fl6.daddr = ipv6_hdr(skb)->saddr;
>   	if (saddr)
>   		fl6.saddr = *saddr;
> -	fl6.flowi6_oif = icmp6_iif(skb);
> +	fl6.flowi6_oif = ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LOOPBACK ?
> +			 skb->dev->ifindex :
> +			 icmp6_iif(skb);
>   	fl6.fl6_icmp_type = type;
>   	fl6.flowi6_mark = mark;
>   	fl6.flowi6_uid = sock_net_uid(net, NULL);

Using ipv6_addr_loopback(&fl6.daddr) might be more efficient as it does 
a direct comparison of the address.

-Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ