• Guillaume Nault's avatar
    l2tp: fix lookup for sockets not bound to a device in l2tp_ip · df90e688
    Guillaume Nault authored
    When looking up an l2tp socket, we must consider a null netdevice id as
    wild card. There are currently two problems caused by
    __l2tp_ip_bind_lookup() not considering 'dif' as wild card when set to 0:
    
      * A socket bound to a device (i.e. with sk->sk_bound_dev_if != 0)
        never receives any packet. Since __l2tp_ip_bind_lookup() is called
        with dif == 0 in l2tp_ip_recv(), sk->sk_bound_dev_if is always
        different from 'dif' so the socket doesn't match.
    
      * Two sockets, one bound to a device but not the other, can be bound
        to the same address. If the first socket binding to the address is
        the one that is also bound to a device, the second socket can bind
        to the same address without __l2tp_ip_bind_lookup() noticing the
        overlap.
    
    To fix this issue, we need to consider that any null device index, be
    it 'sk->sk_bound_dev_if' or 'dif', matches with any other value.
    We also need to pass the input device index to __l2tp_ip_bind_lookup()
    on reception so that sockets bound to a device never receive packets
    from other devices.
    
    This patch fixes l2tp_ip6 in the same way.
    Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    df90e688
l2tp_ip.c 15.9 KB