On Tue, Jan 23, 2018 at 7:13 PM, David Ahern <dsah...@gmail.com> wrote:
> IPv6 allows routes to be installed when the device is not up (admin up).
> Worse, it does not mark it as LINKDOWN. IPv4 does not allow it and really
> there is no reason for IPv6 to allow it, so check the flags and deny if
> device is admin down.
>
> Signed-off-by: David Ahern <dsah...@gmail.com>
> ---
> net/ipv6/route.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index f85da2f1e729..689670713744 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2734,6 +2734,11 @@ static struct rt6_info *ip6_route_info_create(struct
> fib6_config *cfg,
> if (!dev)
> goto out;
>
> + if (!(dev->flags & IFF_UP)) {
> + NL_SET_ERR_MSG(extack, "Nexthop device is not up");
> + goto out;
> + }
looks like it will need a -ENETDOWN too ?
> +
> if (!ipv6_addr_any(&cfg->fc_prefsrc)) {
> if (!ipv6_chk_addr(net, &cfg->fc_prefsrc, dev, 0)) {
> NL_SET_ERR_MSG(extack, "Invalid source address");
> --
> 2.11.0
>
