Patch "wireguard: selftests: make sure rp_filter is disabled on vethc" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    wireguard: selftests: make sure rp_filter is disabled on vethc

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     wireguard-selftests-make-sure-rp_filter-is-disabled-on-vethc.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From f8873d11d4121aad35024f9379e431e0c83abead Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Date: Fri, 4 Jun 2021 17:17:31 +0200
Subject: wireguard: selftests: make sure rp_filter is disabled on vethc

From: Jason A. Donenfeld <Jason@xxxxxxxxx>

commit f8873d11d4121aad35024f9379e431e0c83abead upstream.

Some distros may enable strict rp_filter by default, which will prevent
vethc from receiving the packets with an unrouteable reverse path address.

Reported-by: Hangbin Liu <liuhangbin@xxxxxxxxx>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 tools/testing/selftests/wireguard/netns.sh |    1 +
 1 file changed, 1 insertion(+)

--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -363,6 +363,7 @@ ip1 -6 rule add table main suppress_pref
 ip1 -4 route add default dev wg0 table 51820
 ip1 -4 rule add not fwmark 51820 table 51820
 ip1 -4 rule add table main suppress_prefixlength 0
+n1 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/vethc/rp_filter'
 # Flood the pings instead of sending just one, to trigger routing table reference counting bugs.
 n1 ping -W 1 -c 100 -f 192.168.99.7
 n1 ping -W 1 -c 100 -f abab::1111


Patches currently in stable-queue which might be from Jason@xxxxxxxxx are

queue-5.10/wireguard-use-synchronize_net-rather-than-synchronize_rcu.patch
queue-5.10/wireguard-do-not-use-o3.patch
queue-5.10/wireguard-allowedips-allocate-nodes-in-kmem_cache.patch
queue-5.10/wireguard-allowedips-initialize-list-head-in-selftest.patch
queue-5.10/wireguard-selftests-remove-old-conntrack-kconfig-value.patch
queue-5.10/wireguard-peer-allocate-in-kmem_cache.patch
queue-5.10/wireguard-allowedips-remove-nodes-in-o-1.patch
queue-5.10/wireguard-selftests-make-sure-rp_filter-is-disabled-on-vethc.patch
queue-5.10/wireguard-allowedips-free-empty-intermediate-nodes-when-removing-single-node.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux