[WireGuard] Source address fib invalidation on IPv6

Jason A. Donenfeld Jason at zx2c4.com
Sat Nov 12 20:08:24 CET 2016


Hi David,

On Sat, Nov 12, 2016 at 7:14 PM, David Ahern <dsa at cumulusnetworks.com> wrote:
> I believe that is coming from __ip_route_output_key_hash(), line 2232 with __ip_dev_find not finding a device with that address.

It's possible we simply are looking at different source trees, but I
have the -EINVAL return in 4.8 route.c sources happening due to the
assignment on line 2175 and the jump on line 2220.

> Not applicable for your use case, but __ip_dev_find does not have any checks on which L3 domain the device belongs to so the check does not handle VRF for example. I'll take a look at fixing this next week.

Interesting.

>
> Gotcha. I don't see any checks that the saddr is valid similar to what IPv4 does.
>
> I think the right place to add a check is in ip6_dst_lookup_tail():
>     if (!ipv6_addr_any(&fl6->saddr)) {
>         // saddr is valid for L3 domain
>     }

Right. It should probably do the check here, and return
ERR_PTR(-EINVAL), the same as the v4 version, so that ret codes can be
checked consistently.

Thanks for looking into this. If you're backed up and would like me to
submit a patch, just let me know, and I'll give it my best shot.

Regards,
Jason


More information about the WireGuard mailing list