git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 25 Jul 2018 19:38:43 +0000 (21:38 +0200)
committer	Juerg Haefliger <juergh@canonical.com>
	Wed, 24 Jul 2019 01:46:29 +0000 (19:46 -0600)
commit	c7c5eb30e5e1e12d43124d84a158d36b911dd1e5
tree	4d51a6f7258be30798eafada7d44d5296ea59aa7	tree
parent	e2df64837f144985c51fcfe38d35b2dec1eec233	commit \| diff

netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses

BugLink: https://bugs.launchpad.net/bugs/1835972
[ Upstream commit da786717e0894886301ed2536843c13f9e8fd53e ]

Roman reports that DHCPv6 client no longer sees replies from server
due to

ip6tables -t raw -A PREROUTING -m rpfilter --invert -j DROP

rule. We need to set the F_IFACE flag for linklocal addresses, they
are scoped per-device.

Fixes: 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups")
Reported-by: Roman Mamedov <rm@romanrm.net>
Tested-by: Roman Mamedov <rm@romanrm.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>