• Paolo Abeni's avatar
    ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail() · 6f21c96a
    Paolo Abeni authored
    The current implementation of ip6_dst_lookup_tail basically
    ignore the egress ifindex match: if the saddr is set,
    ip6_route_output() purposefully ignores flowi6_oif, due
    to the commit d46a9d67 ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE
    flag if saddr set"), if the saddr is 'any' the first route lookup
    in ip6_dst_lookup_tail fails, but upon failure a second lookup will
    be performed with saddr set, thus ignoring the ifindex constraint.
    This commit adds an output route lookup function variant, which
    allows the caller to specify lookup flags, and modify
    ip6_dst_lookup_tail() to enforce the ifindex match on the second
    lookup via said helper.
    ip6_route_output() becames now a static inline function build on
    top of ip6_route_output_flags(); as a side effect, out-of-tree
    modules need now a GPL license to access the output route lookup
    Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
    Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
    Acked-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
ip6_route.h 5.82 KB