Commit 43ec962d authored by Tim Beale's avatar Tim Beale Committed by Greg Kroah-Hartman

udp: only choose unbound UDP socket for multicast when not in a VRF

[ Upstream commit 82ba25c6 ]

By default, packets received in another VRF should not be passed to an
unbound socket in the default VRF. This patch updates the IPv4 UDP
multicast logic to match the unicast VRF logic (in compute_score()),
as well as the IPv6 mcast logic (in __udp_v6_is_mcast_sock()).

The particular case I noticed was DHCP discover packets going
to the 255.255.255.255 address, which are handled by
__udp4_lib_mcast_deliver(). The previous code meant that running
multiple different DHCP server or relay agent instances across VRFs
did not work correctly - any server/relay agent in the default VRF
received DHCP discover packets for all other VRFs.

Fixes: 6da5b0f0 ("net: ensure unbound datagram socket to be chosen when not in a VRF")
Signed-off-by: default avatarTim Beale <timbeale@catalyst.net.nz>
Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7c3234ec
...@@ -538,8 +538,7 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk, ...@@ -538,8 +538,7 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk,
(inet->inet_dport != rmt_port && inet->inet_dport) || (inet->inet_dport != rmt_port && inet->inet_dport) ||
(inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) || (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) ||
ipv6_only_sock(sk) || ipv6_only_sock(sk) ||
(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif && !udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
sk->sk_bound_dev_if != sdif))
return false; return false;
if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif, sdif)) if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif, sdif))
return false; return false;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment