From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.1 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB331C433E0 for ; Tue, 11 Aug 2020 19:50:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9098920756 for ; Tue, 11 Aug 2020 19:50:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=efficios.com header.i=@efficios.com header.b="Sx0JsDe1" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726586AbgHKTuS (ORCPT ); Tue, 11 Aug 2020 15:50:18 -0400 Received: from mail.efficios.com ([167.114.26.124]:58242 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726479AbgHKTuO (ORCPT ); Tue, 11 Aug 2020 15:50:14 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id B6C042CFB27; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 1GnV_Lvrq8dV; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id 7867C2CFA35; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com 7867C2CFA35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1597175413; bh=hirGB7719ENx0a4MEmZZHjARmO79aShnRe+cHp8/M/w=; h=From:To:Date:Message-Id; b=Sx0JsDe1+j8ij9qqcdv+jlM6j8P30aT4ypK9yRwRD2F5/Y6ZCSWQ0CtQ/6KQONjX6 Q7m7YQ5exvOD4DgZDkrz6Eh1aXeUrm/W5WbE8iTnxfAUh1h6gpGD7WpG8CsKkOwxn3 q4wqLNKBtWo5ge5ZYA1AB01IMGrJYLWEx4uUcDTquxJymo6R5/nG82fO7DLb6le0PC ISSfTaosfyii+w9hQrRzTqbCmJB9qGnmycMjDD3b2MSFdF6++eWa3mdm9ln7nfRz6P eWd38XCc2aRiBYnI7nr+2egpWN4YOUmiuDEHODUvPN9a11zz0TxpYKO6f1wC5bvNFv qf28K1x3uFVNA== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SCAqtuGKfgP0; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) Received: from localhost.localdomain (192-222-181-218.qc.cable.ebox.net [192.222.181.218]) by mail.efficios.com (Postfix) with ESMTPSA id 28BA32CFB26; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) From: Mathieu Desnoyers To: David Ahern Cc: linux-kernel@vger.kernel.org, Mathieu Desnoyers , "David S . Miller" , netdev@vger.kernel.org Subject: [PATCH 3/3] ipv6/icmp: l3mdev: Perform icmp error route lookup on source device routing table Date: Tue, 11 Aug 2020 15:50:03 -0400 Message-Id: <20200811195003.1812-4-mathieu.desnoyers@efficios.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200811195003.1812-1-mathieu.desnoyers@efficios.com> References: <20200811195003.1812-1-mathieu.desnoyers@efficios.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As per RFC4443, the destination address field for ICMPv6 error messages is copied from the source address field of the invoking packet. In configurations with Virtual Routing and Forwarding tables, looking up which routing table to use for sending ICMPv6 error messages is currently done by using the destination net_device. If the source and destination interfaces are within separate VRFs, or one in the global routing table and the other in a VRF, looking up the source address of the invoking packet in the destination interface's routing table will fail if the destination interface's routing table contains no route to the invoking packet's source address. One observable effect of this issue is that traceroute6 does not work in the following cases: - Route leaking between global routing table and VRF - Route leaking between VRFs Preferably use the source device routing table when sending ICMPv6 error messages. If no source device is set, fall-back on the destination device routing table. Link: https://tools.ietf.org/html/rfc4443 Signed-off-by: Mathieu Desnoyers Cc: David Ahern Cc: David S. Miller Cc: netdev@vger.kernel.org --- net/ipv6/icmp.c | 15 +++++++++++++-- net/ipv6/ip6_output.c | 2 -- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index a4e4912ad607..a971b58b0371 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -501,8 +501,19 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, if (__ipv6_addr_needs_scope_id(addr_type)) { iif = icmp6_iif(skb); } else { - dst = skb_dst(skb); - iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev); + struct net_device *route_lookup_dev = NULL; + + /* + * The device used for looking up which routing table to use is + * preferably the source whenever it is set, which should + * ensure the icmp error can be sent to the source host, else + * fallback on the destination device. + */ + if (skb->dev) + route_lookup_dev = skb->dev; + else if (skb_dst(skb)) + route_lookup_dev = skb_dst(skb)->dev; + iif = l3mdev_master_ifindex(route_lookup_dev); } /* diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index c78e67d7747f..cd623068de53 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -468,8 +468,6 @@ int ip6_forward(struct sk_buff *skb) * check and decrement ttl */ if (hdr->hop_limit <= 1) { - /* Force OUTPUT device used as source address */ - skb->dev = dst->dev; icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); -- 2.17.1