]>
Commit | Line | Data |
---|---|---|
9464be53 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
49b6d164 | 2 | From: David Ahern <dsahern@gmail.com> |
9464be53 TL |
3 | Date: Mon, 18 Jun 2018 12:30:37 -0700 |
4 | Subject: [PATCH] net/tcp: Fix socket lookups with SO_BINDTODEVICE | |
49b6d164 AD |
5 | |
6 | Similar to 69678bcd4d2d ("udp: fix SO_BINDTODEVICE"), TCP socket lookups | |
7 | need to fail if dev_match is not true. Currently, a packet to a given port | |
8 | can match a socket bound to device when it should not. In the VRF case, | |
9 | this causes the lookup to hit a VRF socket and not a global socket | |
10 | resulting in a response trying to go through the VRF when it should it. | |
11 | ||
12 | Fixes: 3fa6f616a7a4d ("net: ipv4: add second dif to inet socket lookups") | |
13 | Fixes: 4297a0ef08572 ("net: ipv6: add second dif to inet6 socket lookups") | |
14 | Reported-by: Lou Berger <lberger@labn.net> | |
15 | Diagnosed-by: Renato Westphal <renato@opensourcerouting.org> | |
16 | Tested-by: Renato Westphal <renato@opensourcerouting.org> | |
17 | Signed-off-by: David Ahern <dsahern@gmail.com> | |
18 | --- | |
19 | net/ipv4/inet_hashtables.c | 4 ++-- | |
20 | net/ipv6/inet6_hashtables.c | 4 ++-- | |
21 | 2 files changed, 4 insertions(+), 4 deletions(-) | |
22 | ||
23 | diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c | |
9464be53 | 24 | index e7d15fb0d94d..24b066c32e06 100644 |
49b6d164 AD |
25 | --- a/net/ipv4/inet_hashtables.c |
26 | +++ b/net/ipv4/inet_hashtables.c | |
9464be53 | 27 | @@ -188,9 +188,9 @@ static inline int compute_score(struct sock *sk, struct net *net, |
49b6d164 AD |
28 | bool dev_match = (sk->sk_bound_dev_if == dif || |
29 | sk->sk_bound_dev_if == sdif); | |
30 | ||
31 | - if (exact_dif && !dev_match) | |
32 | + if (!dev_match) | |
33 | return -1; | |
34 | - if (sk->sk_bound_dev_if && dev_match) | |
35 | + if (sk->sk_bound_dev_if) | |
36 | score += 4; | |
37 | } | |
38 | if (sk->sk_incoming_cpu == raw_smp_processor_id()) | |
39 | diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c | |
9464be53 | 40 | index b01858f5deb1..6dc93ac28261 100644 |
49b6d164 AD |
41 | --- a/net/ipv6/inet6_hashtables.c |
42 | +++ b/net/ipv6/inet6_hashtables.c | |
43 | @@ -113,9 +113,9 @@ static inline int compute_score(struct sock *sk, struct net *net, | |
44 | bool dev_match = (sk->sk_bound_dev_if == dif || | |
45 | sk->sk_bound_dev_if == sdif); | |
46 | ||
47 | - if (exact_dif && !dev_match) | |
48 | + if (!dev_match) | |
49 | return -1; | |
50 | - if (sk->sk_bound_dev_if && dev_match) | |
51 | + if (sk->sk_bound_dev_if) | |
52 | score++; | |
53 | } | |
54 | if (sk->sk_incoming_cpu == raw_smp_processor_id()) |