On 1/27/16 6:45 AM, Paolo Abeni wrote:
The current implementation of ip6_dst_lookup_tail() basically
ignore the egress ifindex match: if the saddr is set,
ip6_route_output() purposefully ignores flowi6_oif, due
to the commit d46a9d678e4c ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE
flag if saddr set"), if the saddr is 'any' the first route lookup
in ip6_dst_lookup_tail fails, but upon failure a second lookup will
be performed with saddr set, thus ignoring the ifindex constraint.
This commit adds an output route lookup function variant, which
allows the caller to specify additional lookup flags, and modify
ip6_dst_lookup_tail() to enforce the ifindex match on the second
lookup via said helper.
Fixes: d46a9d678e4c ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE flag if saddr set")
Signed-off-by: Paolo Abeni <pab...@redhat.com>
I don't agree with that 'Fixes:' tag.
ip6_route_output did not add the RT6_LOOKUP_F_IFACE flag until
741a11d9e410; d46a9d678e4c is a follow on to limit adding the flag only
if no source address is given.
Since ip6_dst_lookup_tail never considered the flowi6_oif this is a
general bug fix rather than a fix of d46a9d678e4c.
