Skip to content

Commit

Permalink
vrf: Fix IPv6 with qdisc and xfrm
Browse files Browse the repository at this point in the history 
When a qdisc is attached to the VRF device, the packet goes down the ndo
xmit function which is setup to send the packet back to the VRF driver
which does a lookup to send the packet out. The lookup in the VRF driver
is not considering xfrm policies. Change it to use ip6_dst_lookup_flow
rather than ip6_route_output.

Fixes: 35402e3 ("net: Add IPv6 support to VRF device")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
David Ahern authored and David S. Miller committed Apr 23, 2020
1 parent 5cc4adb commit a53c102
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions drivers/net/vrf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,8 +188,8 @@ static netdev_tx_t vrf_process_v6_outbound(struct sk_buff *skb,
fl6.flowi6_proto = iph->nexthdr;
fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF;

dst = ip6_route_output(net, NULL, &fl6);
if (dst == dst_null)
dst = ip6_dst_lookup_flow(net, NULL, &fl6, NULL);
if (IS_ERR(dst) || dst == dst_null)
goto err;

skb_dst_drop(skb);
Expand Down

0 comments on commit a53c102

Please sign in to comment.