• Sébastien Barré's avatar
    ipv4: Restore accept_local behaviour in fib_validate_source() · 1dced6a8
    Sébastien Barré authored
    Commit 7a9bc9b8 ("ipv4: Elide fib_validate_source() completely when possible.")
    introduced a short-circuit to avoid calling fib_validate_source when not
    needed. That change took rp_filter into account, but not accept_local.
    This resulted in a change of behaviour: with rp_filter and accept_local
    off, incoming packets with a local address in the source field should be
    dropped.
    
    Here is how to reproduce the change pre/post 7a9bc9b8 commit:
    -configure the same IPv4 address on hosts A and B.
    -try to send an ARP request from B to A.
    -The ARP request will be dropped before that commit, but accepted and answered
    after that commit.
    
    This adds a check for ACCEPT_LOCAL, to maintain full
    fib validation in case it is 0. We also leave __fib_validate_source() earlier
    when possible, based on the same check as fib_validate_source(), once the
    accept_local stuff is verified.
    
    Cc: Gregory Detal <gregory.detal@uclouvain.be>
    Cc: Christoph Paasch <christoph.paasch@uclouvain.be>
    Cc: Hannes Frederic Sowa <hannes@redhat.com>
    Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
    Signed-off-by: default avatarSébastien Barré <sebastien.barre@uclouvain.be>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    1dced6a8
fib_frontend.c 27.3 KB