stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH net] ipv6: fix reachability confirmation with proxy_ndp
@ 2023-01-19 13:40 Gergely Risko
  2023-01-23 11:20 ` patchwork-bot+netdevbpf
  0 siblings, 1 reply; 2+ messages in thread
From: Gergely Risko @ 2023-01-19 13:40 UTC (permalink / raw)
  To: netdev
  Cc: davem, yoshfuji, dsahern, edumazet, kuba, pabeni, Gergely Risko, stable

When proxying IPv6 NDP requests, the adverts to the initial multicast
solicits are correct and working.  On the other hand, when later a
reachability confirmation is requested (on unicast), no reply is sent.

This causes the neighbor entry expiring on the sending node, which is
mostly a non-issue, as a new multicast request is sent.  There are
routers, where the multicast requests are intentionally delayed, and in
these environments the current implementation causes periodic packet
loss for the proxied endpoints.

The root cause is the erroneous decrease of the hop limit, as this
is checked in ndisc.c and no answer is generated when it's 254 instead
of the correct 255.

Cc: stable@vger.kernel.org
Fixes: 46c7655f0b56 ("ipv6: decrease hop limit counter in ip6_forward()")
Signed-off-by: Gergely Risko <gergely.risko@gmail.com>
Tested-by: Gergely Risko <gergely.risko@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
---
 net/ipv6/ip6_output.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 60fd91bb5171..c314fdde0097 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -547,7 +547,20 @@ int ip6_forward(struct sk_buff *skb)
 	    pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
 		int proxied = ip6_forward_proxy_check(skb);
 		if (proxied > 0) {
-			hdr->hop_limit--;
+			/* It's tempting to decrease the hop limit
+			 * here by 1, as we do at the end of the
+			 * function too.
+			 *
+			 * But that would be incorrect, as proxying is
+			 * not forwarding.  The ip6_input function
+			 * will handle this packet locally, and it
+			 * depends on the hop limit being unchanged.
+			 *
+			 * One example is the NDP hop limit, that
+			 * always has to stay 255, but other would be
+			 * similar checks around RA packets, where the
+			 * user can even change the desired limit.
+			 */
 			return ip6_input(skb);
 		} else if (proxied < 0) {
 			__IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
-- 
2.39.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH net] ipv6: fix reachability confirmation with proxy_ndp
  2023-01-19 13:40 [PATCH net] ipv6: fix reachability confirmation with proxy_ndp Gergely Risko
@ 2023-01-23 11:20 ` patchwork-bot+netdevbpf
  0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-01-23 11:20 UTC (permalink / raw)
  To: Gergely Risko
  Cc: netdev, davem, yoshfuji, dsahern, edumazet, kuba, pabeni, stable

Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Thu, 19 Jan 2023 14:40:41 +0100 you wrote:
> When proxying IPv6 NDP requests, the adverts to the initial multicast
> solicits are correct and working.  On the other hand, when later a
> reachability confirmation is requested (on unicast), no reply is sent.
> 
> This causes the neighbor entry expiring on the sending node, which is
> mostly a non-issue, as a new multicast request is sent.  There are
> routers, where the multicast requests are intentionally delayed, and in
> these environments the current implementation causes periodic packet
> loss for the proxied endpoints.
> 
> [...]

Here is the summary with links:
  - [net] ipv6: fix reachability confirmation with proxy_ndp
    https://git.kernel.org/netdev/net/c/9f535c870e49

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-01-23 11:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-19 13:40 [PATCH net] ipv6: fix reachability confirmation with proxy_ndp Gergely Risko
2023-01-23 11:20 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).