git.baikalelectronics.ru Git - kernel.git/commit

author	Robert Shearman <rshearma@brocade.com>
	Thu, 26 Jan 2017 18:02:24 +0000 (18:02 +0000)
committer	David S. Miller <davem@davemloft.net>
	Mon, 30 Jan 2017 20:00:58 +0000 (15:00 -0500)
commit	51e08476ae242a9d9de79b1429c368c51dcde81e
tree	5707ae376777271ab2d77411fed89afb515f0257	tree \| snapshot
parent	4caa21bf244eab9c5c90b1bd4ef03d9acd00855c	commit \| diff

net: Avoid receiving packets with an l3mdev on unbound UDP sockets

Packets arriving in a VRF currently are delivered to UDP sockets that
aren't bound to any interface. TCP defaults to not delivering packets
arriving in a VRF to unbound sockets. IP route lookup and socket
transmit both assume that unbound means using the default table and
UDP applications that haven't been changed to be aware of VRFs may not
function correctly in this case since they may not be able to handle
overlapping IP address ranges, or be able to send packets back to the
original sender if required.

So add a sysctl, udp_l3mdev_accept, to control this behaviour with it
being analgous to the existing tcp_l3mdev_accept, namely to allow a
process to have a VRF-global listen socket. Have this default to off
as this is the behaviour that users will expect, given that there is
no explicit mechanism to set unmodified VRF-unaware application into a
default VRF.

Signed-off-by: Robert Shearman <rshearma@brocade.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Tested-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Documentation/networking/ip-sysctl.txt		diff \| blob \| history
Documentation/networking/vrf.txt		diff \| blob \| history
include/net/netns/ipv4.h		diff \| blob \| history
net/ipv4/sysctl_net_ipv4.c		diff \| blob \| history
net/ipv4/udp.c		diff \| blob \| history
net/ipv6/udp.c		diff \| blob \| history