Re: [PATCH] netfilter: ipv6: Don't preserve original oif for loopback address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On 5 Feb 2019, at 15:09, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> 
> On Mon, Jan 21, 2019 at 06:45:27PM +0800, Eli Cooper wrote:
>> Commit 508b09046c0f ("netfilter: ipv6: Preserve link scope traffic
>> original oif") made ip6_route_me_harder() keep the original oif for
>> link-local and multicast packets. However, it also affected packets
>> for the loopback address because it used rt6_need_strict().
>> 
>> REDIRECT rules in the OUTPUT chain rewrite the destination to loopback
>> address; thus its oif should not be preserved. This commit fixes the bug
>> that redirected local packets are being dropped.
> 
> Applied, thanks.

Commit 508b09046c0f was also backported to the stable trees (4.19.y, 4.14.y) as well as the original 4.20 which now has its own stable tree.   Was this fix cc'd to stable?

jch

PS and thanks for fixing this, it bit me on Fedora.

Attachment: signature.asc
Description: Message signed with OpenPGP


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux