Re: [PATCH v2 6/6] ipv6: Do route updating for redirect in ndisc layer

[Duan Jiong <duanj.fnst@cn.fujitsu.com>]

于 2013年09月18日 12:13, Hannes Frederic Sowa 写道:
> On Wed, Sep 18, 2013 at 09:52:42AM +0800, Duan Jiong wrote:
>> 于 2013年09月18日 09:39, Hannes Frederic Sowa 写道:
>>> On Tue, Sep 17, 2013 at 08:29:36PM -0400, David Miller wrote:
>>>> From: Duan Jiong <duanj.fnst@cn.fujitsu.com>
>>>> Date: Fri, 13 Sep 2013 11:03:07 +0800
>>>>
>>>>> From: Duan Jiong <duanj.fnst@cn.fujitsu.com>
>>>>>
>>>>> Do the whole verification and route updating in ndisc
>>>>> lay and then just call into icmpv6_notify() to notify
>>>>> the upper protocols.
>>>>>
>>>>> Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
>>>>
>>>> This is completely broken, and I believe your patch set fundamentally
>>>> is too.
>>>>
>>>> We absolutely _must_ handle the redirect at the socket level when
>>>> we are able to, otherwise we cannot specify the mark properly and
>>>> the mark is an essential part of the key used to find the correct
>>>> route to work with.
>>>>
>>>> I am not applying this patch series until you deal with this
>>>> deficiency.  I am not willing to consider changes which stop using the
>>>> more precise keying information available from a socket.
>>>
>>> Oh, Duan, I am very sorry for not catching this earlier. We use the
>>> sk->mark to select the proper routing table where we clone the rt6_info into.
>>> And we only get that value out of the sockets. I missed that. We should leave
>>> the redirect logic in the socket layer where it is possible.
>>>
>>> But parts of this series are still valid. We need to fix redirects for tunnels
>>> and I do think we can still simplify some code in the error handlers.
>>>
>>
>> I got it.
> 
> I gave it a bit more thought:
> 
> RFC 4861 8.3:
> "
>    Redirect messages apply to all flows that are being sent to a given
>    destination.  That is, upon receipt of a Redirect for a Destination
>    Address, all Destination Cache entries to that address should be
>    updated to use the specified next-hop, regardless of the contents of
>    the Flow Label field that appears in the Redirected Header option.
> "
> 
> Especially because redirects also help in the on-link determination (same
> RFC, section 8), I changed my mind and am still in favour of updating it
> in the ndisc layer. In my opinion we just have to consider all routing
> tables and apply the update to every one which carries a valid next hop
> to the source of the redirect (under consideration of the destination).
> 
> This will be important if we actually try to get linux to correctly
> implement the ipv6 subnet model (RFC 5942, Section 4 Rule 1). In that
> case we are not allowed to assume nodes on-link even if they would match
> the same prefix as a locally configured address.
> 

I think this need a little time to discuss with David Miller, so i will send
the other patchs to fix redirects for tunnels and to fix the sk->sk_err
problems in udpv6_err()/rawv6_err().

Thanks,
  Duan