From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Stephen Suryaputra <ssuryaextr@gmail.com>,
David Ahern <dsahern@kernel.org>,
Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 5.4 05/34] vrf: packets with lladdr src needs dst at input with orig_iif when needs strict
Date: Sat, 19 Dec 2020 14:03:02 +0100 [thread overview]
Message-ID: <20201219125341.641622993@linuxfoundation.org> (raw)
In-Reply-To: <20201219125341.384025953@linuxfoundation.org>
From: Stephen Suryaputra <ssuryaextr@gmail.com>
[ Upstream commit 205704c618af0ab2366015d2281a3b0814d918a0 ]
Depending on the order of the routes to fe80::/64 are installed on the
VRF table, the NS for the source link-local address of the originator
might be sent to the wrong interface.
This patch ensures that packets with link-local addr source is doing a
lookup with the orig_iif when the destination addr indicates that it
is strict.
Add the reproducer as a use case in self test script fcnal-test.sh.
Fixes: b4869aa2f881 ("net: vrf: ipv6 support for local traffic to local addresses")
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20201204030604.18828-1-ssuryaextr@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vrf.c | 10 ++-
tools/testing/selftests/net/fcnal-test.sh | 95 ++++++++++++++++++++++++++++++
2 files changed, 103 insertions(+), 2 deletions(-)
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -1038,11 +1038,17 @@ static struct sk_buff *vrf_ip6_rcv(struc
int orig_iif = skb->skb_iif;
bool need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr);
bool is_ndisc = ipv6_ndisc_frame(skb);
+ bool is_ll_src;
/* loopback, multicast & non-ND link-local traffic; do not push through
- * packet taps again. Reset pkt_type for upper layers to process skb
+ * packet taps again. Reset pkt_type for upper layers to process skb.
+ * for packets with lladdr src, however, skip so that the dst can be
+ * determine at input using original ifindex in the case that daddr
+ * needs strict
*/
- if (skb->pkt_type == PACKET_LOOPBACK || (need_strict && !is_ndisc)) {
+ is_ll_src = ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL;
+ if (skb->pkt_type == PACKET_LOOPBACK ||
+ (need_strict && !is_ndisc && !is_ll_src)) {
skb->dev = vrf_dev;
skb->skb_iif = vrf_dev->ifindex;
IP6CB(skb)->flags |= IP6SKB_L3SLAVE;
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -239,6 +239,28 @@ setup_cmd_nsb()
fi
}
+setup_cmd_nsc()
+{
+ local cmd="$*"
+ local rc
+
+ run_cmd_nsc ${cmd}
+ rc=$?
+ if [ $rc -ne 0 ]; then
+ # show user the command if not done so already
+ if [ "$VERBOSE" = "0" ]; then
+ echo "setup command: $cmd"
+ fi
+ echo "failed. stopping tests"
+ if [ "${PAUSE_ON_FAIL}" = "yes" ]; then
+ echo
+ echo "hit enter to continue"
+ read a
+ fi
+ exit $rc
+ fi
+}
+
# set sysctl values in NS-A
set_sysctl()
{
@@ -447,6 +469,36 @@ setup()
sleep 1
}
+setup_lla_only()
+{
+ # make sure we are starting with a clean slate
+ kill_procs
+ cleanup 2>/dev/null
+
+ log_debug "Configuring network namespaces"
+ set -e
+
+ create_ns ${NSA} "-" "-"
+ create_ns ${NSB} "-" "-"
+ create_ns ${NSC} "-" "-"
+ connect_ns ${NSA} ${NSA_DEV} "-" "-" \
+ ${NSB} ${NSB_DEV} "-" "-"
+ connect_ns ${NSA} ${NSA_DEV2} "-" "-" \
+ ${NSC} ${NSC_DEV} "-" "-"
+
+ NSA_LINKIP6=$(get_linklocal ${NSA} ${NSA_DEV})
+ NSB_LINKIP6=$(get_linklocal ${NSB} ${NSB_DEV})
+ NSC_LINKIP6=$(get_linklocal ${NSC} ${NSC_DEV})
+
+ create_vrf ${NSA} ${VRF} ${VRF_TABLE} "-" "-"
+ ip -netns ${NSA} link set dev ${NSA_DEV} vrf ${VRF}
+ ip -netns ${NSA} link set dev ${NSA_DEV2} vrf ${VRF}
+
+ set +e
+
+ sleep 1
+}
+
################################################################################
# IPv4
@@ -3329,10 +3381,53 @@ use_case_br()
setup_cmd_nsb ip li del vlan100 2>/dev/null
}
+# VRF only.
+# ns-A device is connected to both ns-B and ns-C on a single VRF but only has
+# LLA on the interfaces
+use_case_ping_lla_multi()
+{
+ setup_lla_only
+ # only want reply from ns-A
+ setup_cmd_nsb sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
+ setup_cmd_nsc sysctl -qw net.ipv6.icmp.echo_ignore_multicast=1
+
+ log_start
+ run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
+ log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Pre cycle, ping out ns-B"
+
+ run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
+ log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Pre cycle, ping out ns-C"
+
+ # cycle/flap the first ns-A interface
+ setup_cmd ip link set ${NSA_DEV} down
+ setup_cmd ip link set ${NSA_DEV} up
+ sleep 1
+
+ log_start
+ run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
+ log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-B"
+ run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
+ log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV}, ping out ns-C"
+
+ # cycle/flap the second ns-A interface
+ setup_cmd ip link set ${NSA_DEV2} down
+ setup_cmd ip link set ${NSA_DEV2} up
+ sleep 1
+
+ log_start
+ run_cmd_nsb ping -c1 -w1 ${MCAST}%${NSB_DEV}
+ log_test_addr ${MCAST}%${NSB_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-B"
+ run_cmd_nsc ping -c1 -w1 ${MCAST}%${NSC_DEV}
+ log_test_addr ${MCAST}%${NSC_DEV} $? 0 "Post cycle ${NSA} ${NSA_DEV2}, ping out ns-C"
+}
+
use_cases()
{
log_section "Use cases"
+ log_subsection "Device enslaved to bridge"
use_case_br
+ log_subsection "Ping LLA with multiple interfaces"
+ use_case_ping_lla_multi
}
################################################################################
next prev parent reply other threads:[~2020-12-19 13:06 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-19 13:02 [PATCH 5.4 00/34] 5.4.85-rc1 review Greg Kroah-Hartman
2020-12-19 13:02 ` [PATCH 5.4 01/34] ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() Greg Kroah-Hartman
2020-12-19 13:02 ` [PATCH 5.4 02/34] ipv4: fix error return code in rtm_to_fib_config() Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 03/34] mac80211: mesh: fix mesh_pathtbl_init() error path Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 04/34] net: bridge: vlan: fix error return code in __vlan_add() Greg Kroah-Hartman
2020-12-19 13:03 ` Greg Kroah-Hartman [this message]
2020-12-19 13:03 ` [PATCH 5.4 06/34] net: hns3: remove a misused pragma packed Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 07/34] udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 08/34] enetc: Fix reporting of h/w packet counters Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 09/34] bridge: Fix a deadlock when enabling multicast snooping Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 10/34] net: stmmac: free tx skb buffer in stmmac_resume() Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 11/34] tcp: select sane initial rcvq_space.space for big MSS Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 12/34] tcp: fix cwnd-limited bug for TSO deferral where we send nothing Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 13/34] net/mlx4_en: Avoid scheduling restart task if it is already running Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 14/34] lan743x: fix for potential NULL pointer dereference with bare card Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 15/34] net/mlx4_en: Handle TX error CQE Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 16/34] net: ll_temac: Fix potential NULL dereference in temac_probe() Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 17/34] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 18/34] net: stmmac: delete the eee_ctrl_timer after napi disabled Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 19/34] ktest.pl: If size of log is too big to email, email error message Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 20/34] USB: dummy-hcd: Fix uninitialized array use in init() Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 21/34] USB: add RESET_RESUME quirk for Snapscan 1212 Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 22/34] ALSA: usb-audio: Fix potential out-of-bounds shift Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 23/34] ALSA: usb-audio: Fix control access overflow errors from chmap Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 24/34] xhci: Give USB2 ports time to enter U3 in bus suspend Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 25/34] xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 26/34] USB: UAS: introduce a quirk to set no_write_same Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 27/34] USB: sisusbvga: Make console support depend on BROKEN Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 28/34] ALSA: pcm: oss: Fix potential out-of-bounds shift Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 29/34] serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 30/34] KVM: mmu: Fix SPTE encoding of MMIO generation upper half Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 31/34] Revert "selftests/ftrace: check for do_sys_openat2 in user-memory test" Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 32/34] membarrier: Explicitly sync remote cores when SYNC_CORE is requested Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 33/34] x86/resctrl: Remove unused struct mbm_state::chunks_bw Greg Kroah-Hartman
2020-12-19 13:03 ` [PATCH 5.4 34/34] x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled Greg Kroah-Hartman
2020-12-19 21:49 ` [PATCH 5.4 00/34] 5.4.85-rc1 review Guenter Roeck
2020-12-20 3:58 ` Naresh Kamboju
2020-12-20 13:18 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201219125341.641622993@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dsahern@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ssuryaextr@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.