asedeno.scripts.mit.edu Git - linux.git/commit

author	Duncan Eastoe <deastoe@vyatta.att-mail.com>
	Wed, 7 Nov 2018 15:36:06 +0000 (15:36 +0000)
committer	David S. Miller <davem@davemloft.net>
	Thu, 8 Nov 2018 00:12:39 +0000 (16:12 -0800)
commit	7055420fb6a1cb754a64be99ddcabd45bd902d99
tree	469b838c4b00ccfc04f3583805eb5ebbf52ab14f	tree \| snapshot
parent	6897445fb194c8ad046df4a13e1ee9f080a5a21e	commit \| diff

net: fix raw socket lookup device bind matching with VRFs

When there exist a pair of raw sockets one unbound and one bound
to a VRF but equal in all other respects, when a packet is received
in the VRF context, __raw_v4_lookup() matches on both sockets.

This results in the packet being delivered over both sockets,
instead of only the raw socket bound to the VRF. The bound device
checks in __raw_v4_lookup() are replaced with a call to
raw_sk_bound_dev_eq() which correctly handles whether the packet
should be delivered over the unbound socket in such cases.

In __raw_v6_lookup() the match on the device binding of the socket is
similarly updated to use raw_sk_bound_dev_eq() which matches the
handling in __raw_v4_lookup().

Importantly raw_sk_bound_dev_eq() takes the raw_l3mdev_accept sysctl
into account.

Signed-off-by: Duncan Eastoe <deastoe@vyatta.att-mail.com>
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/raw.h		diff \| blob \| history
net/ipv4/raw.c		diff \| blob \| history
net/ipv6/raw.c		diff \| blob \| history