From: Mark Tomlinson <mark.tomlin...@alliedtelesis.co.nz> Date: Thu, 15 Sep 2016 11:40:05 +1200
> The function ip_rcv_finish() calls l3mdev_ip_rcv(). On any VRF except > the global VRF, this replaces skb->dev with the VRF master interface. > When calling ip_route_input_noref() from here, the checks for forwarding > look at this master device instead of the initial ingress interface. > This will allow packets to be routed which normally would be dropped. > For example, an interface that is not assigned an IP address should > drop packets, but because the checking is against the master device, the > packet will be forwarded. > > The fix here is to still call l3mdev_ip_rcv(), but remember the initial > net_device. This is passed to the other functions within ip_rcv_finish, > so they still see the original interface. > > Signed-off-by: Mark Tomlinson <mark.tomlin...@alliedtelesis.co.nz> > Acked-by: David Ahern <d...@cumulusnetworks.com> Applied.
