Skip to content

Commit

Permalink
ipv4: fix source address selection with route leak
Browse files Browse the repository at this point in the history
By default, an address assigned to the output interface is selected when
the source address is not specified. This is problematic when a route,
configured in a vrf, uses an interface from another vrf (aka route leak).
The original vrf does not own the selected source address.

Let's add a check against the output interface and call the appropriate
function to select the source address.

CC: stable@vger.kernel.org
Fixes: 8cbb512 ("net: Add source address lookup op for VRF")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240710081521.3809742-2-nicolas.dichtel@6wind.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  • Loading branch information
Nicolas Dichtel authored and Jakub Kicinski committed Jul 14, 2024
1 parent f67a90a commit 6807352
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions net/ipv4/fib_semantics.c
Original file line number Diff line number Diff line change
Expand Up @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res,
fib_select_default(fl4, res);

check_saddr:
if (!fl4->saddr)
fl4->saddr = fib_result_prefsrc(net, res);
if (!fl4->saddr) {
struct net_device *l3mdev;

l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev);

if (!l3mdev ||
l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev)
fl4->saddr = fib_result_prefsrc(net, res);
else
fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK);
}
}

0 comments on commit 6807352

Please sign in to comment.