git.baikalelectronics.ru Git - kernel.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Fri, 29 Jan 2016 11:30:19 +0000 (12:30 +0100)
committer	David S. Miller <davem@davemloft.net>
	Sat, 30 Jan 2016 04:31:26 +0000 (20:31 -0800)
commit	42314ba0501f62b2c7f1be55b8f619d7f0f80ae7
tree	ff2e2fbf07eb56dc35a57d700d8a8f4df94da171	tree \| snapshot
parent	701ec3a765d88e9abeb8f43ebc32e6d473e0bde3	commit \| diff

ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()

The current implementation of ip6_dst_lookup_tail basically
ignore the egress ifindex match: if the saddr is set,
ip6_route_output() purposefully ignores flowi6_oif, due
to the commit baf00fa9a3d6 ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE
flag if saddr set"), if the saddr is 'any' the first route lookup
in ip6_dst_lookup_tail fails, but upon failure a second lookup will
be performed with saddr set, thus ignoring the ifindex constraint.

This commit adds an output route lookup function variant, which
allows the caller to specify lookup flags, and modify
ip6_dst_lookup_tail() to enforce the ifindex match on the second
lookup via said helper.

ip6_route_output() becames now a static inline function build on
top of ip6_route_output_flags(); as a side effect, out-of-tree
modules need now a GPL license to access the output route lookup
functionality.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/ip6_route.h		diff \| blob \| history
net/ipv6/ip6_output.c		diff \| blob \| history
net/ipv6/route.c		diff \| blob \| history