Commit 01ba16d6 authored Oct 24, 2013 by Hannes Frederic Sowa Committed by David S. Miller Oct 25, 2013

ipv6: reset dst.expires value when clearing expire flag



On receiving a packet too big icmp error we update the expire value by
calling rt6_update_expires. This function uses dst_set_expires which is
implemented that it can only reduce the expiration value of the dst entry.

If we insert new routing non-expiry information into the ipv6 fib where
we already have a matching rt6_info we only clear the RTF_EXPIRES flag
in rt6i_flags and leave the dst.expires value as is.

When new mtu information arrives for that cached dst_entry we again
call dst_set_expires. This time it won't update the dst.expire value
because we left the dst.expire value intact from the last update. So
dst_set_expires won't touch dst.expires.

Fix this by resetting dst.expires when clearing the RTF_EXPIRE flag.
dst_set_expires checks for a zero expiration and updates the
dst.expires.

In the past this (not updating dst.expires) was necessary because
dst.expire was placed in a union with the dst_entry *from reference
and rt6_clean_expires did assign NULL to it. This split happend in
ecd98837 ("ipv6: fix race condition
regarding dst->expires and dst->from").

Reported-by: Steinar H. Gunderson <sgunderson@bigfoot.com>
Reported-by: Valentijn Sessink <valentyn@blub.net>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Tested-by: Valentijn Sessink <valentyn@blub.net>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 8fb479a4

include/net/ip6_fib.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -165,6 +165,7 @@ static inline struct inet6_dev ip6_dst_idev(struct dst_entry dst)
		static inline void rt6_clean_expires(struct rt6_info *rt)
		{
		rt->rt6i_flags &= ~RTF_EXPIRES;
		rt->dst.expires = 0;
		}

		static inline void rt6_set_expires(struct rt6_info *rt, unsigned long expires)

Admin message