ipv6: Fix redirect with VRF

[ Upstream commit 31680ac265802397937d75461a2809a067b9fb93 ] IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB entries looking for an exact match on ifindex. With VRF the flowi6_oif is updated by l3mdev_update_flow to the l3mdev index and the FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the device match. For redirects the device match is requires so use that flag to know when the oif needs to be reset to the skb device index. Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack") Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: David Ahern <dsahern@gmail.com> 2019-05-22 15:12:18 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-06-04 08:01:26 +0200
commit: f57f35f1334796f7c57e2751f7c57539ea560fe9 (patch)
tree: 29f01935e14c3f7408bd190830ab640ee50cc134
parent: f2c8b1fc6a8542d9596fb402ee3394076fde78d1 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b471afce1330..457a27016e74 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2448,6 +2448,12 @@ static struct rt6_info *__ip6_route_redirect(struct net *net,
 	struct fib6_info *rt;
 	struct fib6_node *fn;
 
+	/* l3mdev_update_flow overrides oif if the device is enslaved; in
+	 * this case we must match on the real ingress device, so reset it
+	 */
+	if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF)
+		fl6->flowi6_oif = skb->dev->ifindex;
+
 	/* Get the "current" route for this destination and
 	 * check if the redirect has come from appropriate router.
 	 *
author	David Ahern <dsahern@gmail.com>	2019-05-22 15:12:18 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-06-04 08:01:26 +0200
commit	f57f35f1334796f7c57e2751f7c57539ea560fe9 (patch)
tree	29f01935e14c3f7408bd190830ab640ee50cc134
parent	f2c8b1fc6a8542d9596fb402ee3394076fde78d1 (diff)