[IPV6]: Check interface bindings on IPv6 raw socket reception
Take account of whether a socket is bound to a particular device when selecting an IPv6 raw socket to receive a packet. Also perform this check when receiving IPv6 packets with router alert options. Signed-off-by: Andrew McDonald <andrew@mcdonald.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
7af4cc3fa1
commit
0bd1b59b15
4 changed files with 15 additions and 6 deletions
|
@ -10,7 +10,8 @@ extern rwlock_t raw_v6_lock;
|
||||||
extern void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr);
|
extern void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr);
|
||||||
|
|
||||||
extern struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
|
extern struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
|
||||||
struct in6_addr *loc_addr, struct in6_addr *rmt_addr);
|
struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
|
||||||
|
int dif);
|
||||||
|
|
||||||
extern int rawv6_rcv(struct sock *sk,
|
extern int rawv6_rcv(struct sock *sk,
|
||||||
struct sk_buff *skb);
|
struct sk_buff *skb);
|
||||||
|
|
|
@ -551,7 +551,8 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, u32 info)
|
||||||
|
|
||||||
read_lock(&raw_v6_lock);
|
read_lock(&raw_v6_lock);
|
||||||
if ((sk = sk_head(&raw_v6_htable[hash])) != NULL) {
|
if ((sk = sk_head(&raw_v6_htable[hash])) != NULL) {
|
||||||
while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr))) {
|
while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr,
|
||||||
|
skb->dev->ifindex))) {
|
||||||
rawv6_err(sk, skb, NULL, type, code, inner_offset, info);
|
rawv6_err(sk, skb, NULL, type, code, inner_offset, info);
|
||||||
sk = sk_next(sk);
|
sk = sk_next(sk);
|
||||||
}
|
}
|
||||||
|
|
|
@ -277,7 +277,9 @@ static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
|
||||||
read_lock(&ip6_ra_lock);
|
read_lock(&ip6_ra_lock);
|
||||||
for (ra = ip6_ra_chain; ra; ra = ra->next) {
|
for (ra = ip6_ra_chain; ra; ra = ra->next) {
|
||||||
struct sock *sk = ra->sk;
|
struct sock *sk = ra->sk;
|
||||||
if (sk && ra->sel == sel) {
|
if (sk && ra->sel == sel &&
|
||||||
|
(!sk->sk_bound_dev_if ||
|
||||||
|
sk->sk_bound_dev_if == skb->dev->ifindex)) {
|
||||||
if (last) {
|
if (last) {
|
||||||
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
|
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
|
||||||
if (skb2)
|
if (skb2)
|
||||||
|
|
|
@ -81,7 +81,8 @@ static void raw_v6_unhash(struct sock *sk)
|
||||||
|
|
||||||
/* Grumble... icmp and ip_input want to get at this... */
|
/* Grumble... icmp and ip_input want to get at this... */
|
||||||
struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
|
struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
|
||||||
struct in6_addr *loc_addr, struct in6_addr *rmt_addr)
|
struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
|
||||||
|
int dif)
|
||||||
{
|
{
|
||||||
struct hlist_node *node;
|
struct hlist_node *node;
|
||||||
int is_multicast = ipv6_addr_is_multicast(loc_addr);
|
int is_multicast = ipv6_addr_is_multicast(loc_addr);
|
||||||
|
@ -94,6 +95,9 @@ struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
|
||||||
!ipv6_addr_equal(&np->daddr, rmt_addr))
|
!ipv6_addr_equal(&np->daddr, rmt_addr))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
|
||||||
|
continue;
|
||||||
|
|
||||||
if (!ipv6_addr_any(&np->rcv_saddr)) {
|
if (!ipv6_addr_any(&np->rcv_saddr)) {
|
||||||
if (ipv6_addr_equal(&np->rcv_saddr, loc_addr))
|
if (ipv6_addr_equal(&np->rcv_saddr, loc_addr))
|
||||||
goto found;
|
goto found;
|
||||||
|
@ -160,7 +164,7 @@ void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
|
||||||
if (sk == NULL)
|
if (sk == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr);
|
sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr, skb->dev->ifindex);
|
||||||
|
|
||||||
while (sk) {
|
while (sk) {
|
||||||
if (nexthdr != IPPROTO_ICMPV6 || !icmpv6_filter(sk, skb)) {
|
if (nexthdr != IPPROTO_ICMPV6 || !icmpv6_filter(sk, skb)) {
|
||||||
|
@ -170,7 +174,8 @@ void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
|
||||||
if (clone)
|
if (clone)
|
||||||
rawv6_rcv(sk, clone);
|
rawv6_rcv(sk, clone);
|
||||||
}
|
}
|
||||||
sk = __raw_v6_lookup(sk_next(sk), nexthdr, daddr, saddr);
|
sk = __raw_v6_lookup(sk_next(sk), nexthdr, daddr, saddr,
|
||||||
|
skb->dev->ifindex);
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
read_unlock(&raw_v6_lock);
|
read_unlock(&raw_v6_lock);
|
||||||
|
|
Loading…
Reference in a new issue