mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 07:04:24 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Mathieu Desnoyers 170a838966 ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) 
commit e1e84eb58e upstream.

As per RFC792, ICMP errors should be sent to the source host.

However, in configurations with Virtual Routing and Forwarding tables,
looking up which routing table to use is currently done by using the
destination net_device.

commit 9d1a6c4ea4 ("net: icmp_route_lookup should use rt dev to
determine L3 domain") changes the interface passed to
l3mdev_master_ifindex() and inet_addr_type_dev_table() from skb_in->dev
to skb_dst(skb_in)->dev. This effectively uses the destination device
rather than the source device for choosing which routing table should be
used to lookup where to send the ICMP error.

Therefore, if the source and destination interfaces are within separate
VRFs, or one in the global routing table and the other in a VRF, looking
up the source host in the destination interface's routing table will
fail if the destination interface's routing table contains no route to
the source host.

One observable effect of this issue is that traceroute does not work in
the following cases:

- Route leaking between global routing table and VRF
- Route leaking between VRFs

Preferably use the source device routing table when sending ICMP error
messages. If no source device is set, fall-back on the destination
device routing table. Else, use the main routing table (index 0).

[ It has been pointed out that a similar issue may exist with ICMP
  errors triggered when forwarding between network namespaces. It would
  be worthwhile to investigate, but is outside of the scope of this
  investigation. ]

[ It has also been pointed out that a similar issue exists with
  unreachable / fragmentation needed messages, which can be triggered by
  changing the MTU of eth1 in r1 to 1400 and running:

  ip netns exec h1 ping -s 1450 -Mdo -c1 172.16.2.2

  Some investigation points to raw_icmp_error() and raw_err() as being
  involved in this last scenario. The focus of this patch is TTL expired
  ICMP messages, which go through icmp_route_lookup.
  Investigation of failure modes related to raw_icmp_error() is beyond
  this investigation's scope. ]

Fixes: 9d1a6c4ea4 ("net: icmp_route_lookup should use rt dev to determine L3 domain")
Link: https://tools.ietf.org/html/rfc792
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-09-22 11:45:16 +02:00
..
6lowpan 6lowpan: Off by one handling ->nexthdr 2020-01-27 14:46:30 +01:00
9p net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid 2020-11-05 11:06:57 +01:00
802 net/802/garp: fix memleak in garp_request_join() 2021-08-04 12:22:14 +02:00
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 13:58:58 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 12:47:02 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:12:42 +02:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 16:44:44 +02:00
batman-adv batman-adv: Avoid WARN_ON timing related checks 2021-06-30 08:48:48 -04:00
bluetooth Bluetooth: hidp: use correct wait queue when removing ctrl_wait 2021-08-26 08:37:08 -04:00
bpf
bridge net: bridge: fix memleak in br_add_if() 2021-08-26 08:37:02 -04:00
caif net: fix uninit-value in caif_seqpkt_sendmsg 2021-07-28 11:12:18 +02:00
can can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF 2021-08-04 12:22:15 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:07:03 +01:00
core net: Fix zero-copy head len calculation. 2021-08-08 08:53:29 +02:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:48:46 +01:00
dccp dccp: add do-while-0 stubs for dccp_pr_debug macros 2021-08-26 08:37:08 -04:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 11:12:18 +02:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-24 08:01:25 +02:00
dsa net: dsa: Fix duplicate frames flooded by learning 2020-04-02 16:34:24 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:17:59 +01:00
hsr hsr: use netdev_err() instead of WARN_ONCE() 2021-05-22 10:57:24 +02:00
ieee802154 net: Fix memory leak in ieee802154_raw_deliver 2021-08-26 08:37:02 -04:00
ife
ipv4 ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) 2021-09-22 11:45:16 +02:00
ipv6 ipv6: tcp: drop silly ICMPv6 packet too big messages 2021-07-28 11:12:16 +02:00
ipx
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-12-08 10:17:32 +01:00
kcm
key af_key: relax availability checks for skb size calculation 2021-02-23 14:00:29 +01:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:22:19 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:12:08 +01:00
llc net: llc: fix skb_over_panic 2021-08-04 12:22:17 +02:00
mac80211 mac80211: drop data frames without key on encrypted links 2021-08-26 08:37:05 -04:00
mac802154 net: mac802154: Fix general protection fault 2021-04-16 11:57:52 +02:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-17 16:34:28 +01:00
ncsi net/ncsi: Avoid GFP_KERNEL in response handler 2021-04-16 11:57:51 +02:00
netfilter netfilter: nft_exthdr: fix endianness of tcp option cast 2021-08-26 08:37:10 -04:00
netlabel netlabel: Fix memory leak in netlbl_mgmt_add_common 2021-07-20 16:17:36 +02:00
netlink netlink: disable IRQs for netlink_lock_table() 2021-06-16 11:53:01 +02:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-28 11:12:18 +02:00
nfc net/nfc/rawsock.c: fix a permission check bug 2021-06-16 11:53:00 +02:00
nsh
openvswitch openvswitch: fix stack OOB read while fragmenting IPv4 packets 2021-05-22 10:57:21 +02:00
packet net/packet: annotate accesses to po->ifindex 2021-06-30 08:48:58 -04:00
phonet
psample net: psample: fix skb_over_panic 2019-12-05 15:38:15 +01:00
qrtr net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() 2021-03-30 14:40:12 +02:00
rds net/rds: dma_map_sg is entitled to merge entries 2021-09-03 09:56:26 +02:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:11:57 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:17:32 +01:00
rxrpc rxrpc: Fix handling of an unsupported token type in rxrpc_read() 2021-01-23 15:48:47 +01:00
sched net: sched: fix warning in tcindex_alloc_perfect_hash 2021-07-20 16:17:38 +02:00
sctp sctp: fix return value check in __sctp_rcv_asconf_lookup 2021-08-04 12:22:17 +02:00
smc net/smc: check for valid ib_client_data 2020-03-20 10:54:20 +01:00
strparser
sunrpc SUNRPC: Should wake up the privileged task firstly. 2021-07-20 16:17:29 +02:00
switchdev
tipc tipc: fix sleeping in tipc accept routine 2021-08-04 12:22:16 +02:00
tls
unix af_unix: fix garbage collect vs MSG_PEEK 2021-08-04 12:22:14 +02:00
vmw_vsock vsock/virtio: avoid potential deadlock when vsock device remove 2021-08-26 08:37:02 -04:00
wimax
wireless cfg80211: Fix possible memory leak in function cfg80211_bss_update 2021-08-04 12:22:16 +02:00
x25 net/x25: Return the correct errno code 2021-06-30 08:48:47 -04:00
xfrm xfrm: Fix error reporting in xfrm_state_construct. 2021-07-20 16:17:44 +02:00
compat.c net: Return the correct errno code 2021-06-30 08:48:47 -04:00
Kconfig
Makefile net: split out functions related to registering inflight socket files 2021-08-04 12:22:14 +02:00
socket.c net: Set fput_needed iff FDPUT_FPUT is set 2020-08-21 09:48:14 +02:00
sysctl_net.c