On 7/17/19 3:41 PM, Cong Wang wrote: > In a rare case where we redirect local packets from veth to lo, > these packets fail to pass the source validation when rp_filter > is turned on, as the tracing shows: > > <...>-311708 [040] ..s1 7951180.957825: fib_table_lookup: table 254 oif 0 > iif 1 src 10.53.180.130 dst 10.53.180.130 tos 0 scope 0 flags 0 > <...>-311708 [040] ..s1 7951180.957826: fib_table_lookup_nh: nexthop dev > eth0 oif 4 src 10.53.180.130 > > So, the fib table lookup returns eth0 as the nexthop even though > the packets are local and should be routed to loopback nonetheless, > but they can't pass the dev match check in fib_info_nh_uses_dev() > without this patch. > > It should be safe to relax this check for this special case, as > normally packets coming out of loopback device still have skb_dst > so they won't even hit this slow path. > > Cc: Julian Anastasov <j...@ssi.bg> > Cc: David Ahern <dsah...@gmail.com> > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> > --- > net/ipv4/fib_frontend.c | 5 +++++ > 1 file changed, 5 insertions(+) >
Seems ok to me. Reviewed-by: David Ahern <dsah...@gmail.com>
