netfilter: don't set F_IFACE on ipv6 fib lookups

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

"fib" starts to behave strangely when an ipv6 default route is
added - the FIB lookup returns a route using 'oif' in this case.

This behaviour was inherited from ip6tables rpfilter so change
this as well.

Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1221
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 8 years ago 47b7e7f8 2412d897

+2 -14

2 changed files

expand all

net

ipv6

netfilter

ip6t_rpfilter.c

nft_fib_ipv6.c

-4

net/ipv6/netfilter/ip6t_rpfilter.c

··· 48 48 } 49 49 50 50 fl6.flowi6_mark = flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0; 51 - if ((flags & XT_RPFILTER_LOOSE) == 0) { 52 - fl6.flowi6_oif = dev->ifindex; 53 - lookup_flags |= RT6_LOOKUP_F_IFACE; 54 - } 55 51 56 52 rt = (void *) ip6_route_lookup(net, &fl6, lookup_flags); 57 53 if (rt->dst.error)

+2 -10

net/ipv6/netfilter/nft_fib_ipv6.c

··· 180 180 } 181 181 182 182 *dest = 0; 183 - again: 184 183 rt = (void *)ip6_route_lookup(nft_net(pkt), &fl6, lookup_flags); 185 184 if (rt->dst.error) 186 185 goto put_rt_err; ··· 188 189 if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL)) 189 190 goto put_rt_err; 190 191 191 - if (oif && oif != rt->rt6i_idev->dev) { 192 - /* multipath route? Try again with F_IFACE */ 193 - if ((lookup_flags & RT6_LOOKUP_F_IFACE) == 0) { 194 - lookup_flags |= RT6_LOOKUP_F_IFACE; 195 - fl6.flowi6_oif = oif->ifindex; 196 - ip6_rt_put(rt); 197 - goto again; 198 - } 199 - } 192 + if (oif && oif != rt->rt6i_idev->dev) 193 + goto put_rt_err; 200 194 201 195 switch (priv->result) { 202 196 case NFT_FIB_RESULT_OIF: