ipv6: allow ping to link-local address in VRF
authorMike Manning <mmanning@vyatta.att-mail.com>
Wed, 7 Nov 2018 15:36:08 +0000 (15:36 +0000)
committerDavid S. Miller <davem@davemloft.net>
Thu, 8 Nov 2018 00:12:39 +0000 (16:12 -0800)
If link-local packets are marked as enslaved to a VRF, then to allow
ping to the link-local from a vrf, the error handling for IPV6_PKTINFO
needs to be relaxed to also allow the pkt ipi6_ifindex to be that of a
slave device to the vrf.

Note that the real device also needs to be retrieved in icmp6_iif()
to set the ipv6 flow oif to this for icmp echo reply handling. The
recent commit 24b711edfc34 ("net/ipv6: Fix linklocal to global address
with VRF") takes care of this, so the sdif does not need checking here.

This fix makes ping to link-local consistent with that to global
addresses, in that this can now be done from within the same VRF that
the address is in.

Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/ipv6_sockglue.c

index 381ce38940aee2deb7e9725ff7f2aa35bc3ba12b..973e215c3114a3f4b5af51dc44e593b0168e2ef3 100644 (file)
@@ -486,7 +486,7 @@ sticky_done:
                                retv = -EFAULT;
                                break;
                }
-               if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
+               if (!sk_dev_equal_l3scope(sk, pkt.ipi6_ifindex))
                        goto e_inval;
 
                np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex;