diff options
author | Xin Long <lucien.xin@gmail.com> | 2017-05-12 14:39:52 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-05-12 10:50:32 -0400 |
commit | dbc2b5e9a09e9a6664679a667ff81cff6e5f2641 (patch) | |
tree | 7d3e659c02e946e1950b7b6d8d2a78427bfb0068 /security | |
parent | df0c8d911abf6ba97b2c2fc3c5a12769e0b081a3 (diff) | |
download | talos-obmc-linux-dbc2b5e9a09e9a6664679a667ff81cff6e5f2641.tar.gz talos-obmc-linux-dbc2b5e9a09e9a6664679a667ff81cff6e5f2641.zip |
sctp: fix src address selection if using secondary addresses for ipv6
Commit 0ca50d12fe46 ("sctp: fix src address selection if using secondary
addresses") has fixed a src address selection issue when using secondary
addresses for ipv4.
Now sctp ipv6 also has the similar issue. When using a secondary address,
sctp_v6_get_dst tries to choose the saddr which has the most same bits
with the daddr by sctp_v6_addr_match_len. It may make some cases not work
as expected.
hostA:
[1] fd21:356b:459a:cf10::11 (eth1)
[2] fd21:356b:459a:cf20::11 (eth2)
hostB:
[a] fd21:356b:459a:cf30::2 (eth1)
[b] fd21:356b:459a:cf40::2 (eth2)
route from hostA to hostB:
fd21:356b:459a:cf30::/64 dev eth1 metric 1024 mtu 1500
The expected path should be:
fd21:356b:459a:cf10::11 <-> fd21:356b:459a:cf30::2
But addr[2] matches addr[a] more bits than addr[1] does, according to
sctp_v6_addr_match_len. It causes the path to be:
fd21:356b:459a:cf20::11 <-> fd21:356b:459a:cf30::2
This patch is to fix it with the same way as Marcelo's fix for sctp ipv4.
As no ip_dev_find for ipv6, this patch is to use ipv6_chk_addr to check
if the saddr is in a dev instead.
Note that for backwards compatibility, it will still do the addr_match_len
check here when no optimal is found.
Reported-by: Patrick Talbert <ptalbert@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions