On 11/7/18 8:36 AM, Mike Manning wrote: > From: Duncan Eastoe <deas...@vyatta.att-mail.com> > > When there exist a pair of raw sockets one unbound and one bound > to a VRF but equal in all other respects, when a packet is received > in the VRF context, __raw_v4_lookup() matches on both sockets. > > This results in the packet being delivered over both sockets, > instead of only the raw socket bound to the VRF. The bound device > checks in __raw_v4_lookup() are replaced with a call to > raw_sk_bound_dev_eq() which correctly handles whether the packet > should be delivered over the unbound socket in such cases. > > In __raw_v6_lookup() the match on the device binding of the socket is > similarly updated to use raw_sk_bound_dev_eq() which matches the > handling in __raw_v4_lookup(). > > Importantly raw_sk_bound_dev_eq() takes the raw_l3mdev_accept sysctl > into account. > > Signed-off-by: Duncan Eastoe <deas...@vyatta.att-mail.com> > Signed-off-by: Mike Manning <mmann...@vyatta.att-mail.com> > --- > include/net/raw.h | 13 ++++++++++++- > net/ipv4/raw.c | 3 +-- > net/ipv6/raw.c | 5 ++--- > 3 files changed, 15 insertions(+), 6 deletions(-) >
Reviewed-by: David Ahern <dsah...@gmail.com> Tested-by: David Ahern <dsah...@gmail.com>
