diff options
author | Mike Manning <mmanning@vyatta.att-mail.com> | 2018-11-07 16:36:08 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-11-08 01:12:39 +0100 |
commit | d839a0ebeb4e81a4f2923f581c28b41e1238bdfe (patch) | |
tree | 9554a5c8997c42ee8278b697c5cf8e51a06f7d7f /net/ipv6/ipv6_sockglue.c | |
parent | vrf: mark skb for multicast or link-local as enslaved to VRF (diff) | |
download | linux-d839a0ebeb4e81a4f2923f581c28b41e1238bdfe.tar.xz linux-d839a0ebeb4e81a4f2923f581c28b41e1238bdfe.zip |
ipv6: allow ping to link-local address in VRF
If link-local packets are marked as enslaved to a VRF, then to allow
ping to the link-local from a vrf, the error handling for IPV6_PKTINFO
needs to be relaxed to also allow the pkt ipi6_ifindex to be that of a
slave device to the vrf.
Note that the real device also needs to be retrieved in icmp6_iif()
to set the ipv6 flow oif to this for icmp echo reply handling. The
recent commit 24b711edfc34 ("net/ipv6: Fix linklocal to global address
with VRF") takes care of this, so the sdif does not need checking here.
This fix makes ping to link-local consistent with that to global
addresses, in that this can now be done from within the same VRF that
the address is in.
Signed-off-by: Mike Manning <mmanning@vyatta.att-mail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Tested-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ipv6_sockglue.c')
-rw-r--r-- | net/ipv6/ipv6_sockglue.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 381ce38940ae..973e215c3114 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -486,7 +486,7 @@ sticky_done: retv = -EFAULT; break; } - if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) + if (!sk_dev_equal_l3scope(sk, pkt.ipi6_ifindex)) goto e_inval; np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; |