From: Jiri Pirko <jpirko@redhat.com> Date: Wed, 3 Jun 2009 17:10:27 +0200 Subject: [net] icmp: fix icmp_errors_use_inbound_ifaddr sysctl Message-id: 20090603151026.GF3804@psychotron.englab.brq.redhat.com O-Subject: [RHEL5.5 patch] BZ502822 net: icmp: Fix icmp_errors_use_inbound_ifaddr sysctl Bugzilla: 502822 RH-Acked-by: Neil Horman <nhorman@redhat.com> RH-Acked-by: David Miller <davem@redhat.com> [RHEL5.5 patch] BZ502822 net: icmp: Fix icmp_errors_use_inbound_ifaddr sysctl BZ502822 https://bugzilla.redhat.com/show_bug.cgi?id=502822 Description: When icmp_send is called on the local output path before the packet hits ip_output, skb->dev is not set, causing a crash when sysctl_icmp_errors_use_inbound_ifaddr is set. This can happen with the netfilter REJECT target or IPsec tunnels. Fix this by doing an interface lookup on rt->dst.iif and using that device. Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d8cf27287ac7fb5cbfcc4139917a997c39d841ca http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e1d91039becc9d5bcd046d8c709dbaf471220e3 Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=1824534 Test: Booted on x86_64, tested by the reporter. Jirka Signed-off-by: Jiri Pirko <jpirko@redhat.com> diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 69c7734..241c7be 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -510,9 +510,15 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info) saddr = iph->daddr; if (!(rt->rt_flags & RTCF_LOCAL)) { - if (sysctl_icmp_errors_use_inbound_ifaddr) - saddr = inet_select_addr(skb_in->dev, 0, RT_SCOPE_LINK); - else + struct net_device *dev = NULL; + + if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr) + dev = dev_get_by_index(rt->fl.iif); + + if (dev) { + saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); + dev_put(dev); + } else saddr = 0; }