ipv4: don’t set IPv6 only flags to IPv4 addresses [Linux 4.4.187]

This Linux kernel change "ipv4: don’t set IPv6 only flags to IPv4 addresses" is included in the Linux 4.4.187 release. This change is authored by Matteo Croce <mcroce [at] redhat.com> on Mon Jul 1 19:01:55 2019 +0200. The commit for this change in Linux stable tree is 0efd6f2 (patch) which is from upstream commit 2e60546. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 2e60546.

ipv4: don't set IPv6 only flags to IPv4 addresses

[ Upstream commit 2e60546368165c2449564d71f6005dda9205b5fb ]

Avoid the situation where an IPV6 only flag is applied to an IPv4 address:

    # ip addr add 192.0.2.1/24 dev dummy0 nodad home mngtmpaddr noprefixroute
    # ip -4 addr show dev dummy0
    2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
        inet 192.0.2.1/24 scope global noprefixroute dummy0
           valid_lft forever preferred_lft forever

Or worse, by sending a malicious netlink command:

    # ip -4 addr show dev dummy0
    2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
        inet 192.0.2.1/24 scope global nodad optimistic dadfailed home tentative mngtmpaddr noprefixroute stable-privacy dummy0
           valid_lft forever preferred_lft forever

Signed-off-by: Matteo Croce <mcroce@redhat.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There are 8 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/ipv4/devinet.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 63f99e9..4472329 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -67,6 +67,11 @@

 #include "fib_lookup.h"

+#define IPV6ONLY_FLAGS \
+       (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
+        IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
+        IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
+
 static struct ipv4_devconf ipv4_devconf = {
    .data = {
        [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
@@ -453,6 +458,9 @@ static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
    ifa->ifa_flags &= ~IFA_F_SECONDARY;
    last_primary = &in_dev->ifa_list;

+   /* Don't set IPv6 only flags to IPv4 addresses */
+   ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
+
    for (ifap = &in_dev->ifa_list; (ifa1 = *ifap) != NULL;
         ifap = &ifa1->ifa_next) {
        if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&

Leave a Reply

Your email address will not be published. Required fields are marked *