lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f308ff67-5de1-452a-999c-e9230fc31e35@suse.de>
Date: Thu, 8 Jan 2026 12:27:23 +0100
From: Fernando Fernandez Mancera <fmancera@...e.de>
To: Brian Haley <haleyb.dev@...il.com>, netdev@...r.kernel.org
Cc: davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
 pabeni@...hat.com, horms@...nel.org, shuah@...nel.org,
 linux-kselftest@...r.kernel.org
Subject: Re: [PATCH 1/2 net-next v2] ipv6: use the right ifindex when replying
 to icmpv6 from localhost

On 1/7/26 6:05 PM, Brian Haley wrote:
> Hi Fernando,
> 
> On 1/7/26 10:38 AM, Fernando Fernandez Mancera wrote:
>> When replying to a ICMPv6 echo request that comes from localhost address
>> the right output ifindex is 1 (lo) and not rt6i_idev dev index. Use the
>> skb device ifindex instead. This fixes pinging to a local address from
>> localhost source address.
>>
>> $ ping6 -I ::1 2001:1:1::2 -c 3
>> PING 2001:1:1::2 (2001:1:1::2) from ::1 : 56 data bytes
>> 64 bytes from 2001:1:1::2: icmp_seq=1 ttl=64 time=0.037 ms
>> 64 bytes from 2001:1:1::2: icmp_seq=2 ttl=64 time=0.069 ms
>> 64 bytes from 2001:1:1::2: icmp_seq=3 ttl=64 time=0.122 ms
>>
>> 2001:1:1::2 ping statistics
>> 3 packets transmitted, 3 received, 0% packet loss, time 2032ms
>> rtt min/avg/max/mdev = 0.037/0.076/0.122/0.035 ms
>>
>> Fixes: 1b70d792cf67 ("ipv6: Use rt6i_idev index for echo replies to a 
>> local address")
>> Signed-off-by: Fernando Fernandez Mancera <fmancera@...e.de>
>> ---
>> v2: no changes
>> ---
>>   net/ipv6/icmp.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
>> index 5d2f90babaa5..5de254043133 100644
>> --- a/net/ipv6/icmp.c
>> +++ b/net/ipv6/icmp.c
>> @@ -965,7 +965,9 @@ static enum skb_drop_reason 
>> icmpv6_echo_reply(struct sk_buff *skb)
>>       fl6.daddr = ipv6_hdr(skb)->saddr;
>>       if (saddr)
>>           fl6.saddr = *saddr;
>> -    fl6.flowi6_oif = icmp6_iif(skb);
>> +    fl6.flowi6_oif = ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LOOPBACK ?
>> +             skb->dev->ifindex :
>> +             icmp6_iif(skb);
>>       fl6.fl6_icmp_type = type;
>>       fl6.flowi6_mark = mark;
>>       fl6.flowi6_uid = sock_net_uid(net, NULL);
> 
> Using ipv6_addr_loopback(&fl6.daddr) might be more efficient as it does 
> a direct comparison of the address.
> 

Yes, I think you are right.

Thanks!
Fernando.

> -Brian
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ