This is a note to let you know that I've just added the patch titled
ipv6: restrict neighbor entry creation to output flow
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ipv6-restrict-neighbor-entry-creation-to-output-flow.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From fad2fa08df45a84bd4e0a97ac7d6acad8c90c9fa Mon Sep 17 00:00:00 2001
From: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
Date: Tue, 8 Oct 2013 16:41:13 +0200
Subject: ipv6: restrict neighbor entry creation to output flow
From: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
This patch is based on 3.2.y branch, the one used by reporter. Please let me
know if it should be different. Thanks.
The patch which introduced the regression was applied on stables:
3.0.64 3.4.31 3.7.8 3.2.39
The patch which introduced the regression was for stable trees only.
---8<---
Commit 0d6a77079c475033cb622c07c5a880b392ef664e "ipv6: do not create
neighbor entries for local delivery" introduced a regression on
which routes to local delivery would not work anymore. Like this:
$ ip -6 route add local 2001::/64 dev lo
$ ping6 -c1 2001::9
PING 2001::9(2001::9) 56 data bytes
ping: sendmsg: Invalid argument
As this is a local delivery, that commit would not allow the creation of a
neighbor entry and thus the packet cannot be sent.
But as TPROXY scenario actually needs to avoid the neighbor entry creation only
for input flow, this patch now limits previous patch to input flow, keeping
output as before that patch.
Reported-by: Debabrata Banerjee <dbavatar@xxxxxxxxx>
Signed-off-by: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
Signed-off-by: Jiri Pirko <jiri@xxxxxxxxxxx>
Acked-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
CC: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/ipv6/route.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -818,7 +818,7 @@ static struct rt6_info *rt6_alloc_clone(
}
static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif,
- struct flowi6 *fl6, int flags)
+ struct flowi6 *fl6, int flags, bool input)
{
struct fib6_node *fn;
struct rt6_info *rt, *nrt;
@@ -826,8 +826,11 @@ static struct rt6_info *ip6_pol_route(st
int attempts = 3;
int err;
int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
+ int local = RTF_NONEXTHOP;
strict |= flags & RT6_LOOKUP_F_IFACE;
+ if (input)
+ local |= RTF_LOCAL;
relookup:
read_lock_bh(&table->tb6_lock);
@@ -847,7 +850,7 @@ restart:
read_unlock_bh(&table->tb6_lock);
if (!dst_get_neighbour_noref_raw(&rt->dst) &&
- !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL)))
+ !(rt->rt6i_flags & local))
nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr);
else if (!(rt->dst.flags & DST_HOST))
nrt = rt6_alloc_clone(rt, &fl6->daddr);
@@ -891,7 +894,7 @@ out2:
static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table,
struct flowi6 *fl6, int flags)
{
- return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags);
+ return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags, true);
}
static struct dst_entry *ip6_route_input_lookup(struct net *net,
@@ -924,7 +927,7 @@ void ip6_route_input(struct sk_buff *skb
static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table,
struct flowi6 *fl6, int flags)
{
- return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags);
+ return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags, false);
}
struct dst_entry * ip6_route_output(struct net *net, const struct sock *sk,
Patches currently in stable-queue which might be from mleitner@xxxxxxxxxx are
queue-3.4/ipv6-restrict-neighbor-entry-creation-to-output-flow.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html