BATMAN compares ifindex with dev_get_iflink to detect devices that don't have a parent, but that's wrong, since a device can have the same index as its parent if it's created in a different network namespace:
ip netns add main ip netns add peer ip -net main link add dummy0 type dummy # keep ifindex in sync between the namespaces ip -net peer link add eatidx type dummy
ip netns exec main batctl if add dummy0 # macsec0 and bat0 have the same ifindex ip -net main link add link bat0 netns peer type macsec ip netns exec peer batctl if add macsec0
That last command would fail if we didn't keep the ifindex in sync between the two namespaces, and should also fail when the macsec0 device has the same ifindex as its link. Let's use the presence of a ndo_get_iflink operation, rather than the value it returns, to detect a device without a link.
Fixes: b7eddd0b3950 ("batman-adv: prevent using any virtual device created on batman-adv as hard-interface") Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- net/batman-adv/hard-interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c index fa06b51c0144..0d87c5d56844 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c @@ -159,7 +159,7 @@ static bool batadv_is_on_batman_iface(const struct net_device *net_dev)
/* no more parents..stop recursion */ if (dev_get_iflink(net_dev) == 0 || - dev_get_iflink(net_dev) == net_dev->ifindex) + !(net_dev->netdev_ops && net_dev->netdev_ops->ndo_get_iflink)) return false;
parent_net = batadv_getlink_net(net_dev, net);