ipv6: Reject routes configurations that specify dsfield (tos)

The ->rtm_tos option is normally used to route packets based on both
the destination address and the DS field. However it's ignored for
IPv6 routes. Setting ->rtm_tos for IPv6 is thus invalid as the route
is going to work only on the destination address anyway, so it won't
behave as specified.

Suggested-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f4884cd..dd98a11 100644 (file)
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5009,6 +5009,12 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
        err = -EINVAL;
        rtm = nlmsg_data(nlh);
 
+       if (rtm->rtm_tos) {
+               NL_SET_ERR_MSG(extack,
+                              "Invalid dsfield (tos): option not available for IPv6");
+               goto errout;
+       }
+
        *cfg = (struct fib6_config){
                .fc_table = rtm->rtm_table,
                .fc_dst_len = rtm->rtm_dst_len,

diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh
index bb73235..e2690cc 100755 (executable)
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -988,12 +988,25 @@ ipv6_rt_replace()
        ipv6_rt_replace_mpath
 }
 
+ipv6_rt_dsfield()
+{
+       echo
+       echo "IPv6 route with dsfield tests"
+
+       run_cmd "$IP -6 route flush 2001:db8:102::/64"
+
+       # IPv6 doesn't support routing based on dsfield
+       run_cmd "$IP -6 route add 2001:db8:102::/64 dsfield 0x04 via 2001:db8:101::2"
+       log_test $? 2 "Reject route with dsfield"
+}
+
 ipv6_route_test()
 {
        route_setup
 
        ipv6_rt_add
        ipv6_rt_replace
+       ipv6_rt_dsfield
 
        route_cleanup
 }