asedeno.scripts.mit.edu Git - linux.git/commit

author	Cong Wang <xiyou.wangcong@gmail.com>
	Wed, 17 Jul 2019 21:41:58 +0000 (14:41 -0700)
committer	David S. Miller <davem@davemloft.net>
	Wed, 17 Jul 2019 22:23:39 +0000 (15:23 -0700)
commit	66f8209547cc11d8e139d45cb7c937c1bbcce182
tree	ca3ef80a0396f6f1ca6347f2ea8db8cfc6832197	tree \| snapshot
parent	f1bf3e2ab42d20a7683e1c689f3ce8e942da03d4	commit \| diff

fib: relax source validation check for loopback packets

In a rare case where we redirect local packets from veth to lo,
these packets fail to pass the source validation when rp_filter
is turned on, as the tracing shows:

<...>-311708 [040] ..s1 7951180.957825: fib_table_lookup: table 254 oif 0 iif 1 src 10.53.180.130 dst 10.53.180.130 tos 0 scope 0 flags 0
<...>-311708 [040] ..s1 7951180.957826: fib_table_lookup_nh: nexthop dev eth0 oif 4 src 10.53.180.130

So, the fib table lookup returns eth0 as the nexthop even though
the packets are local and should be routed to loopback nonetheless,
but they can't pass the dev match check in fib_info_nh_uses_dev()
without this patch.

It should be safe to relax this check for this special case, as
normally packets coming out of loopback device still have skb_dst
so they won't even hit this slow path.

Cc: Julian Anastasov <ja@ssi.bg>
Cc: David Ahern <dsahern@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>