summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew McDonald <andrew@mcdonald.org.uk>2005-08-10 04:44:42 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2005-08-30 00:37:06 +0200
commit0bd1b59b15e4057101c89d4db15a3683c0d897f7 (patch)
tree1912652fdf55f1bcc703ae9a3dcb93036dcfca67
parent[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink (diff)
downloadlinux-0bd1b59b15e4057101c89d4db15a3683c0d897f7.tar.xz
linux-0bd1b59b15e4057101c89d4db15a3683c0d897f7.zip
[IPV6]: Check interface bindings on IPv6 raw socket reception
Take account of whether a socket is bound to a particular device when selecting an IPv6 raw socket to receive a packet. Also perform this check when receiving IPv6 packets with router alert options. Signed-off-by: Andrew McDonald <andrew@mcdonald.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/rawv6.h3
-rw-r--r--net/ipv6/icmp.c3
-rw-r--r--net/ipv6/ip6_output.c4
-rw-r--r--net/ipv6/raw.c11
4 files changed, 15 insertions, 6 deletions
diff --git a/include/net/rawv6.h b/include/net/rawv6.h
index 23fd9a6a221a..887009aa1f88 100644
--- a/include/net/rawv6.h
+++ b/include/net/rawv6.h
@@ -10,7 +10,8 @@ extern rwlock_t raw_v6_lock;
extern void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr);
extern struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
- struct in6_addr *loc_addr, struct in6_addr *rmt_addr);
+ struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
+ int dif);
extern int rawv6_rcv(struct sock *sk,
struct sk_buff *skb);
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index ff3ec9822e36..ee9f1d36346c 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -551,7 +551,8 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, u32 info)
read_lock(&raw_v6_lock);
if ((sk = sk_head(&raw_v6_htable[hash])) != NULL) {
- while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr))) {
+ while((sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr,
+ skb->dev->ifindex))) {
rawv6_err(sk, skb, NULL, type, code, inner_offset, info);
sk = sk_next(sk);
}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index a7fcbcc83576..00f85148b85f 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -277,7 +277,9 @@ static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
read_lock(&ip6_ra_lock);
for (ra = ip6_ra_chain; ra; ra = ra->next) {
struct sock *sk = ra->sk;
- if (sk && ra->sel == sel) {
+ if (sk && ra->sel == sel &&
+ (!sk->sk_bound_dev_if ||
+ sk->sk_bound_dev_if == skb->dev->ifindex)) {
if (last) {
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
if (skb2)
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 1d4d75b34d32..9db0de81f074 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -81,7 +81,8 @@ static void raw_v6_unhash(struct sock *sk)
/* Grumble... icmp and ip_input want to get at this... */
struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
- struct in6_addr *loc_addr, struct in6_addr *rmt_addr)
+ struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
+ int dif)
{
struct hlist_node *node;
int is_multicast = ipv6_addr_is_multicast(loc_addr);
@@ -94,6 +95,9 @@ struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
!ipv6_addr_equal(&np->daddr, rmt_addr))
continue;
+ if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
+ continue;
+
if (!ipv6_addr_any(&np->rcv_saddr)) {
if (ipv6_addr_equal(&np->rcv_saddr, loc_addr))
goto found;
@@ -160,7 +164,7 @@ void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
if (sk == NULL)
goto out;
- sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr);
+ sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr, skb->dev->ifindex);
while (sk) {
if (nexthdr != IPPROTO_ICMPV6 || !icmpv6_filter(sk, skb)) {
@@ -170,7 +174,8 @@ void ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
if (clone)
rawv6_rcv(sk, clone);
}
- sk = __raw_v6_lookup(sk_next(sk), nexthdr, daddr, saddr);
+ sk = __raw_v6_lookup(sk_next(sk), nexthdr, daddr, saddr,
+ skb->dev->ifindex);
}
out:
read_unlock(&raw_v6_lock);