From: David Ahern <dsahern@gmail.com>
Date: Tue, 6 Feb 2018 20:14:12 +0000 (-0800)
Subject: net/ipv6: Handle reject routes with onlink flag
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=58e354c01b1906b603dcdb28ec35250b09eac625;p=linux.git

net/ipv6: Handle reject routes with onlink flag

Verification of nexthops with onlink flag need to handle unreachable
routes. The lookup is only intended to validate the gateway address
is not a local address and if the gateway resolves the egress device
must match the given device. Hence, hitting any default reject route
is ok.

Fixes: fc1e64e1092f ("net/ipv6: Add support for onlink flag")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index fb2d251c05003..69c43d289c699 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2488,7 +2488,8 @@ static int ip6_route_check_nh_onlink(struct net *net,
 	err = 0;
 	grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0);
 	if (grt) {
-		if (grt->rt6i_flags & flags || dev != grt->dst.dev) {
+		if (!grt->dst.error &&
+		    (grt->rt6i_flags & flags || dev != grt->dst.dev)) {
 			NL_SET_ERR_MSG(extack, "Nexthop has invalid gateway");
 			err = -EINVAL;
 		}