| Message ID | 20240705145302.1717632-4-nicolas.dichtel@6wind.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | vrf: fix source address selection with route leak | expand |
On 7/5/24 8:52 AM, Nicolas Dichtel wrote: > When the source address is selected, the scope must be checked. For > example, if a loopback address is assigned to the vrf device, it must not > be chosen for packets sent outside. > > CC: stable@vger.kernel.org > Fixes: afbac6010aec ("net: ipv6: Address selection needs to consider L3 domains") > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > --- > net/ipv6/addrconf.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > Reviewed-by: David Ahern <dsahern@kernel.org>
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 5c424a0e7232..4f2c5cc31015 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1873,7 +1873,8 @@ int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev, master, &dst, scores, hiscore_idx); - if (scores[hiscore_idx].ifa) + if (scores[hiscore_idx].ifa && + scores[hiscore_idx].scopedist >= 0) goto out; }
When the source address is selected, the scope must be checked. For example, if a loopback address is assigned to the vrf device, it must not be chosen for packets sent outside. CC: stable@vger.kernel.org Fixes: afbac6010aec ("net: ipv6: Address selection needs to consider L3 domains") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> --- net/ipv6/addrconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)