ip rule suppress_prefixlength

ip rule suppress_prefixlength

[Matthias Peter Walther]

Dear Linux-friends,

I asked this question before on the netdev-Mailinglist, but never got an 
answer (Link: 
https://www.mail-archive.com/netdev at vger.kernel.org/msg133574.html). 
Maybe someone here can help me.

I have a configuration like this:

root at des1 ~ # ip rule
0:    from all lookup local
32765:    from all iif lo lookup ffnet suppress_prefixlength 0
32766:    from all lookup main
32767:    from all lookup default
(ffnet is table 42)
root at des1 ~ # ip r s
default via 5.9.86.151 dev eth0
5.9.86.151 dev eth0  proto kernel  scope link  src 5.9.86.144
root at des1 ~ # ip r s t 42
blackhole default

I have the default routing table, and a routing table number 42. I could 
use an ip rule filtering by destination ip, but I wanted to try 
suppress_prefixlength.

Let's say I want to ping 8.8.8.8. What I expect is, that the package is 
put into routing table 42 by the ip rule 32765. As there is no more 
specific route for 8.8.8.8 than the default route in table 42, I expect 
the suppress_prefixlength 0 option to put it back to the default routing 
table and then to be send out through eth0.

Instead this configuration takes the whole machine offline:

root at des1 ~ # ping 8.8.8.8
connect: Invalid argument

When I delete the ip rule 32765 containing the suppress_prefixlength, 
the machine is back online.

Do I not understand the suppress_prefixlength-feature correctly or is 
this a bug? I tested with Kernel 4.7 and 4.6, both show the same 
behaviour as described above.

Thanks for any replies in advance.

Regards,
Matthias

ip rule suppress_prefixlength

[Valdis.Kletnieks at vt.edu]

On Sun, 30 Oct 2016 12:25:50 +0100, Matthias Peter Walther said:

> root at des1 ~ # ip rule
> 0:    from all lookup local
> 32765:    from all iif lo lookup ffnet suppress_prefixlength 0
> 32766:    from all lookup main
> 32767:    from all lookup default
> (ffnet is table 42)
> root at des1 ~ # ip r s
> default via 5.9.86.151 dev eth0
> 5.9.86.151 dev eth0  proto kernel  scope link  src 5.9.86.144
> root at des1 ~ # ip r s t 42
> blackhole default

> Let's say I want to ping 8.8.8.8. What I expect is, that the package is
> put into routing table 42 by the ip rule 32765. As there is no more
> specific route for 8.8.8.8 than the default route in table 42, I expect
> the suppress_prefixlength 0 option to put it back to the default routing
> table and then to be send out through eth0.

Note your table 42 is a blackhole.  I suspect that using 'suppress_prefixlength
0' is acting differently than you expect - you've told it to use table 42 which
has only a blackhole, and when it suppresses that route, there is no *other*
route in table 42 to select - leaving you with a 'no route' situation.  I don't
think it's supposed to make the 'lookup ffnet' part go away, only entries *IN*
that table that are longer than specified (which for 0 means "all of them").

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20161031/4008132e/attachment.bin 

ip rule suppress_prefixlength

[Matthias Peter Walther]

Hello Valdis,

thanks for your reply. You're right, table 42 can't route a package,
because the default route is suppressed.

But from what I understand, if table 42 (and so ip rule 32765) doesn't
fit on the package, the next rule (32766) is called and the package
should be routed based on the main table, which has a default route
(default via 5.9.86.151 dev eth0).

Maybe you're right, and I misunderstood the concept here. Could you
explain the second part to me again? Why isn't the package switched back
to the main routing table, like rule 32766 says.

Regards,
Matthias

On 31.10.2016 23:24, Valdis.Kletnieks at vt.edu wrote:
> On Sun, 30 Oct 2016 12:25:50 +0100, Matthias Peter Walther said:
>
>> root at des1 ~ # ip rule
>> 0:    from all lookup local
>> 32765:    from all iif lo lookup ffnet suppress_prefixlength 0
>> 32766:    from all lookup main
>> 32767:    from all lookup default
>> (ffnet is table 42)
>> root at des1 ~ # ip r s
>> default via 5.9.86.151 dev eth0
>> 5.9.86.151 dev eth0  proto kernel  scope link  src 5.9.86.144
>> root at des1 ~ # ip r s t 42
>> blackhole default
>> Let's say I want to ping 8.8.8.8. What I expect is, that the package is
>> put into routing table 42 by the ip rule 32765. As there is no more
>> specific route for 8.8.8.8 than the default route in table 42, I expect
>> the suppress_prefixlength 0 option to put it back to the default routing
>> table and then to be send out through eth0.
> Note your table 42 is a blackhole.  I suspect that using 'suppress_prefixlength
> 0' is acting differently than you expect - you've told it to use table 42 which
> has only a blackhole, and when it suppresses that route, there is no *other*
> route in table 42 to select - leaving you with a 'no route' situation.  I don't
> think it's supposed to make the 'lookup ffnet' part go away, only entries *IN*
> that table that are longer than specified (which for 0 means "all of them").
>