linux/net
lucien cc4998febd netfilter: ipt_rpfilter: remove the nh_scope test in rpfilter_lookup_reverse
--accept-local  option works for res.type == RTN_LOCAL, which should be
from the local table, but there, the fib_info's nh->nh_scope =
RT_SCOPE_NOWHERE ( > RT_SCOPE_HOST). in fib_create_info().

	if (cfg->fc_scope == RT_SCOPE_HOST) {
		struct fib_nh *nh = fi->fib_nh;

		/* Local address is added. */
		if (nhs != 1 || nh->nh_gw)
			goto err_inval;
		nh->nh_scope = RT_SCOPE_NOWHERE;   <===
		nh->nh_dev = dev_get_by_index(net, fi->fib_nh->nh_oif);
		err = -ENODEV;
		if (!nh->nh_dev)
			goto failure;

but in our rpfilter_lookup_reverse():

	if (dev_match || flags & XT_RPFILTER_LOOSE)
		return FIB_RES_NH(res).nh_scope <= RT_SCOPE_HOST;

if nh->nh_scope > RT_SCOPE_HOST, it will fail. --accept-local option
will never be passed.

it seems the test is bogus and can be removed to fix this issue.

	if (dev_match || flags & XT_RPFILTER_LOOSE)
		return FIB_RES_NH(res).nh_scope <= RT_SCOPE_HOST;

ipv6 does not have this issue.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-10-12 17:27:48 +02:00
..
6lowpan 6lowpan: move module_init into core functionality 2015-08-11 22:05:36 +02:00
9p net/9p: Remove ib_get_dma_mr calls 2015-08-30 18:12:36 -04:00
802
8021q net: 8021q: convert to using IFF_NO_QUEUE 2015-08-18 11:55:06 -07:00
appletalk net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
atm atm: deal with setting entry before mkip was called 2015-09-17 22:13:32 -07:00
ax25 NET: AX.25: Stop heartbeat timer on disconnect. 2015-07-15 15:59:58 -07:00
batman-adv batman-adv: turn batadv_neigh_node_get() into local function 2015-08-27 20:15:34 +02:00
bluetooth Bluetooth: Delay check for conn->smp in smp_conn_security() 2015-09-17 12:28:27 +02:00
bridge bridge: fix igmpv3 / mldv2 report parsing 2015-09-11 15:08:20 -07:00
caif net: caif: convert to using IFF_NO_QUEUE 2015-08-18 11:55:07 -07:00
can can: replace timestamp as unique skb attribute 2015-07-12 21:13:22 +02:00
ceph libceph: don't access invalid memory in keepalive2 path 2015-09-17 20:14:15 +03:00
core skbuff: Fix skb checksum partial check. 2015-09-29 16:48:46 -07:00
dcb
dccp tcp/dccp: fix timewait races in timer handling 2015-09-21 16:32:29 -07:00
decnet net: ipv6: use common fib_default_rule_pref 2015-09-09 14:19:50 -07:00
dns_resolver
dsa net: dsa: fix preparation of a port STP update 2015-09-29 21:36:01 -07:00
ethernet flow_dissector: Add flags argument to skb_flow_dissector functions 2015-09-01 15:06:22 -07:00
hsr net: hsr: convert to using IFF_NO_QUEUE 2015-08-18 11:55:07 -07:00
ieee802154 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2015-08-29 13:15:03 -07:00
ipv4 netfilter: ipt_rpfilter: remove the nh_scope test in rpfilter_lookup_reverse 2015-10-12 17:27:48 +02:00
ipv6 netfilter: fix Kconfig dependencies for nf_dup_ipv{4,6} 2015-10-01 00:19:54 +02:00
ipx net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
irda irda: use msecs_to_jiffies for conversion to jiffies 2015-05-25 17:46:21 -04:00
iucv net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
key net: Fix RCU splat in af_key 2015-08-24 14:48:10 -07:00
l2tp l2tp: protect tunnel->del_work by ref_count 2015-09-28 22:39:10 -07:00
lapb
llc tcp: fix recv with flags MSG_WAITALL | MSG_PEEK 2015-07-27 01:06:53 -07:00
mac80211 mac80211: reset CQM history upon reconfiguration 2015-09-22 15:22:50 +02:00
mac802154 ieee802154: add ack request default handling 2015-08-10 20:43:06 +02:00
mpls mpls: fix mpls_net_init memory leak 2015-08-31 12:45:09 -07:00
netfilter netfilter: nf_log: wait for rcu grace after logger unregistration 2015-09-17 13:37:31 +02:00
netlabel
netlink netlink: Replace rhash_portid with bound 2015-09-24 12:07:08 -07:00
netrom netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00
nfc nfc: netlink: Add capability to reply to vendor_cmd with data 2015-08-20 22:00:11 +02:00
openvswitch openvswitch: Zero flows on allocation. 2015-09-22 17:33:41 -07:00
packet Fix AF_PACKET ABI breakage in 4.2 2015-09-23 14:33:55 -07:00
phonet net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-09-10 13:53:15 -07:00
rfkill rfkill: Copy "all" global state to other types 2015-09-04 14:26:56 +02:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-24 02:58:51 -07:00
rxrpc net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
sched net: revert "net_sched: move tp->root allocation into fw_init()" 2015-09-24 14:33:30 -07:00
sctp net: sctp: Don't use 64 kilobyte lookup table for four elements 2015-09-28 22:52:21 -07:00
sunrpc NFS client bugfixes for Linux 4.3 2015-09-25 11:33:52 -07:00
switchdev switchdev: fix return value of switchdev_port_fdb_dump in case of error 2015-09-05 22:02:11 -07:00
tipc tipc: reinitialize pointer after skb linearize 2015-09-20 22:31:20 -07:00
unix af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag 2015-09-29 13:47:08 -07:00
vmw_vsock net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
wimax net:wimax: Fix doucble word "the the" in networking.xml 2015-08-09 22:43:52 -07:00
wireless cfg80211: regulatory: restore proper user alpha2 2015-09-04 14:29:25 +02:00
x25 net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-09-03 08:08:17 -07:00
compat.c net: switch importing msghdr from userland to {compat_,}import_iovec() 2015-04-09 00:02:26 -04:00
Kconfig lwtunnel: infrastructure for handling light weight tunnels like mpls 2015-07-21 10:39:03 -07:00
Makefile
socket.c net: Add a struct net parameter to sock_create_kern 2015-05-11 10:50:17 -04:00
sysctl_net.c