From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: David Ahern <dsahern@gmail.com>, Michael Jeanson <mjeanson@efficios.com>
Cc: "David S. Miller" <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes
Date: Mon, 21 Sep 2020 15:33:41 -0400 (EDT) [thread overview]
Message-ID: <1383129694.37216.1600716821449.JavaMail.zimbra@efficios.com> (raw)
In-Reply-To: <dd1caf15-2ef0-f557-b9a8-26c46739f20b@gmail.com>
----- On Sep 21, 2020, at 3:11 PM, David Ahern dsahern@gmail.com wrote:
> On 9/21/20 12:44 PM, Mathieu Desnoyers wrote:
>> ----- On Sep 21, 2020, at 2:36 PM, David Ahern dsahern@gmail.com wrote:
>>
>>> On 9/18/20 12:17 PM, Mathieu Desnoyers wrote:
>>>> Hi,
>>>>
>>>> Here is an updated series of fixes for ipv4 and ipv6 which which ensure
>>>> the route lookup is performed on the right routing table in VRF
>>>> configurations when sending TTL expired icmp errors (useful for
>>>> traceroute).
>>>>
>>>> It includes tests for both ipv4 and ipv6.
>>>>
>>>> These fixes address specifically address the code paths involved in
>>>> sending TTL expired icmp errors. As detailed in the individual commit
>>>> messages, those fixes do not address similar issues related to network
>>>> namespaces and unreachable / fragmentation needed messages, which appear
>>>> to use different code paths.
>>>>
>>>
>>> New selftests are failing:
>>> TEST: Ping received ICMP frag needed [FAIL]
>>>
>>> Both IPv4 and IPv6 versions are failing.
>>
>> Indeed, this situation is discussed in each patch commit message:
>>
>> ipv4:
>>
>> [ It has also been pointed out that a similar issue exists with
>> unreachable / fragmentation needed messages, which can be triggered by
>> changing the MTU of eth1 in r1 to 1400 and running:
>>
>> ip netns exec h1 ping -s 1450 -Mdo -c1 172.16.2.2
>>
>> Some investigation points to raw_icmp_error() and raw_err() as being
>> involved in this last scenario. The focus of this patch is TTL expired
>> ICMP messages, which go through icmp_route_lookup.
>> Investigation of failure modes related to raw_icmp_error() is beyond
>> this investigation's scope. ]
>>
>> ipv6:
>>
>> [ Testing shows that similar issues exist with ipv6 unreachable /
>> fragmentation needed messages. However, investigation of this
>> additional failure mode is beyond this investigation's scope. ]
>>
>> I do not have the time to investigate further unfortunately, so I
>> thought it best to post what I have.
>>
>
> the test setup is bad. You have r1 dropping the MTU in VRF red, but not
> telling VRF red how to send back the ICMP. e.g., for IPv4 add:
>
> ip -netns r1 ro add vrf red 172.16.1.0/24 dev blue
>
> do the same for v6.
>
> Also, I do not see a reason for r2; I suggest dropping it. What you are
> testing is icmp crossing VRF with route leaking, so there should not be
> a need for r2 which leads to asymmetrical routing (172.16.1.0 via r1 and
> the return via r2).
CCing Michael Jeanson, author of the selftests patch.
Thanks for your feedback,
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
next prev parent reply other threads:[~2020-09-21 19:33 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-18 18:17 [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes Mathieu Desnoyers
2020-09-18 18:17 ` [RFC PATCH v2 1/3] ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) Mathieu Desnoyers
2020-09-18 18:18 ` [RFC PATCH v2 2/3] ipv6/icmp: " Mathieu Desnoyers
2020-09-18 18:18 ` [RFC PATCH v2 3/3] selftests: Add VRF icmp error route lookup test Mathieu Desnoyers
2020-09-21 18:36 ` [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes David Ahern
2020-09-21 18:44 ` Mathieu Desnoyers
2020-09-21 19:11 ` David Ahern
2020-09-21 19:33 ` Mathieu Desnoyers [this message]
2020-09-22 13:52 ` Michael Jeanson
2020-09-23 1:59 ` David Ahern
2020-09-23 16:04 ` Michael Jeanson
2020-09-23 17:03 ` Michael Jeanson
2020-09-23 18:46 ` David Ahern
2020-09-23 19:12 ` Michael Jeanson
2020-09-23 20:04 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1383129694.37216.1600716821449.JavaMail.zimbra@efficios.com \
--to=mathieu.desnoyers@efficios.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mjeanson@efficios.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.