diff options
author | David Ahern <dsa@cumulusnetworks.com> | 2016-11-09 10:25:05 -0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-24 12:47:08 +0100 |
commit | 00b4422fe363cc7cadc51c50c5a0c3c510f0fa14 (patch) | |
tree | d4c5a12b34a0366d05ea770d202acc3f43c677a7 /Documentation | |
parent | 6d8b49c3a3a3e1f11b52edd3b9beb6693bb8061d (diff) |
netfilter: Update nf_send_reset6 to consider L3 domain
nf_send_reset6 is not considering the L3 domain and lookups are sent
to the wrong table. For example consider the following output rule:
ip6tables -A OUTPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset
using perf to analyze lookups via the fib6_table_lookup tracepoint shows:
swapper 0 [001] 248.787816: fib6:fib6_table_lookup: table 255 oif 0 iif 1 src 2100:1::3 dst 2100:1:
ffffffff81439cdc perf_trace_fib6_table_lookup ([kernel.kallsyms])
ffffffff814c1ce3 trace_fib6_table_lookup ([kernel.kallsyms])
ffffffff814c3e89 ip6_pol_route ([kernel.kallsyms])
ffffffff814c40d5 ip6_pol_route_output ([kernel.kallsyms])
ffffffff814e7b6f fib6_rule_action ([kernel.kallsyms])
ffffffff81437f60 fib_rules_lookup ([kernel.kallsyms])
ffffffff814e7c79 fib6_rule_lookup ([kernel.kallsyms])
ffffffff814c2541 ip6_route_output_flags ([kernel.kallsyms])
528 nf_send_reset6 ([nf_reject_ipv6])
The lookup is directed to table 255 rather than the table associated with
the device via the L3 domain. Update nf_send_reset6 to pull the L3 domain
from the dst currently attached to the skb.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions