From: Jiri Pirko <jpirko@redhat.com>
Date: Wed, 3 Jun 2009 17:10:27 +0200
Subject: [net] icmp: fix icmp_errors_use_inbound_ifaddr sysctl
Message-id: 20090603151026.GF3804@psychotron.englab.brq.redhat.com
O-Subject: [RHEL5.5 patch] BZ502822 net: icmp: Fix icmp_errors_use_inbound_ifaddr sysctl
Bugzilla: 502822
RH-Acked-by: Neil Horman <nhorman@redhat.com>
RH-Acked-by: David Miller <davem@redhat.com>

[RHEL5.5 patch] BZ502822 net: icmp: Fix icmp_errors_use_inbound_ifaddr sysctl

BZ502822
https://bugzilla.redhat.com/show_bug.cgi?id=502822

Description:
When icmp_send is called on the local output path before the
packet hits ip_output, skb->dev is not set, causing a crash
when sysctl_icmp_errors_use_inbound_ifaddr is set. This can
happen with the netfilter REJECT target or IPsec tunnels.

Fix this by doing an interface lookup on rt->dst.iif and using that device.

Upstream:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d8cf27287ac7fb5cbfcc4139917a997c39d841ca
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e1d91039becc9d5bcd046d8c709dbaf471220e3

Brew:
https://brewweb.devel.redhat.com/taskinfo?taskID=1824534

Test:
Booted on x86_64, tested by the reporter.

Jirka

Signed-off-by: Jiri Pirko <jpirko@redhat.com>

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 69c7734..241c7be 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -510,9 +510,15 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info)
 
 	saddr = iph->daddr;
 	if (!(rt->rt_flags & RTCF_LOCAL)) {
-		if (sysctl_icmp_errors_use_inbound_ifaddr)
-			saddr = inet_select_addr(skb_in->dev, 0, RT_SCOPE_LINK);
-		else
+		struct net_device *dev = NULL;
+
+		if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr)
+			dev = dev_get_by_index(rt->fl.iif);
+
+		if (dev) {
+			saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK);
+			dev_put(dev);
+		} else
 			saddr = 0;
 	}