From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Ignat Korchagin <ignat@cloudflare.com>,
Amir Razmjou <arazmjou@cloudflare.com>,
David Ahern <dsahern@kernel.org>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>,
davem@davemloft.net, yoshfuji@linux-ipv6.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.16 07/19] sit: allow encapsulated IPv6 traffic to be delivered locally
Date: Sat, 22 Jan 2022 19:11:00 -0500 [thread overview]
Message-ID: <20220123001113.2460140-7-sashal@kernel.org> (raw)
In-Reply-To: <20220123001113.2460140-1-sashal@kernel.org>
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit ed6ae5ca437d9d238117d90e95f7f2cc27da1b31 ]
While experimenting with FOU encapsulation Amir noticed that encapsulated IPv6
traffic fails to be delivered, if the peer IP address is configured locally.
It can be easily verified by creating a sit interface like below:
$ sudo ip link add name fou_test type sit remote 127.0.0.1 encap fou encap-sport auto encap-dport 1111
$ sudo ip link set fou_test up
and sending some IPv4 and IPv6 traffic to it
$ ping -I fou_test -c 1 1.1.1.1
$ ping6 -I fou_test -c 1 fe80::d0b0:dfff:fe4c:fcbc
"tcpdump -i any udp dst port 1111" will confirm that only the first IPv4 ping
was encapsulated and attempted to be delivered.
This seems like a limitation: for example, in a cloud environment the "peer"
service may be arbitrarily scheduled on any server within the cluster, where all
nodes are trying to send encapsulated traffic. And the unlucky node will not be
able to. Moreover, delivering encapsulated IPv4 traffic locally is allowed.
But I may not have all the context about this restriction and this code predates
the observable git history.
Reported-by: Amir Razmjou <arazmjou@cloudflare.com>
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220107123842.211335-1-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/sit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 8a3618a30632a..72968d4188b93 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -956,7 +956,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb,
dst_cache_set_ip4(&tunnel->dst_cache, &rt->dst, fl4.saddr);
}
- if (rt->rt_type != RTN_UNICAST) {
+ if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
ip_rt_put(rt);
dev->stats.tx_carrier_errors++;
goto tx_error_icmp;
--
2.34.1
next prev parent reply other threads:[~2022-01-23 0:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-23 0:10 [PATCH AUTOSEL 5.16 01/19] remoteproc: coredump: Correct argument 2 type for memcpy_fromio Sasha Levin
2022-01-23 0:10 ` [PATCH AUTOSEL 5.16 02/19] hwspinlock: stm32: enable clock at probe Sasha Levin
2022-01-23 0:10 ` [PATCH AUTOSEL 5.16 03/19] f2fs: don't drop compressed page cache in .{invalidate,release}page Sasha Levin
2022-01-23 0:10 ` [PATCH AUTOSEL 5.16 04/19] riscv: dts: microchip: mpfs: Fix reference clock node Sasha Levin
2022-01-23 0:10 ` [PATCH AUTOSEL 5.16 05/19] ksmbd: smbd: call rdma_accept() under CM handler Sasha Levin
2022-01-23 0:10 ` [PATCH AUTOSEL 5.16 06/19] x86/PCI: Ignore E820 reservations for bridge windows on newer systems Sasha Levin
2022-01-23 0:11 ` Sasha Levin [this message]
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 08/19] ceph: don't check for quotas on MDS stray dirs Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 09/19] net/smc: Resolve the race between link group access and termination Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 10/19] net/smc: Resolve the race between SMC-R link access and clear Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 11/19] net: apple: mace: Fix build since dev_addr constification Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 12/19] net: apple: bmac: " Sasha Levin
2022-01-24 15:52 ` Jakub Kicinski
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 13/19] net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 14/19] virtio-pci: fix the confusing error message Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 15/19] vhost/test: fix memory leak of vhost virtqueues Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 16/19] vdpa: clean up get_config_size ret value handling Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 17/19] vdpa/mlx5: Fix is_index_valid() to refer to features Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 18/19] io_uring: perform poll removal even if async work removal is successful Sasha Levin
2022-01-23 0:11 ` [PATCH AUTOSEL 5.16 19/19] block: Fix wrong offset in bio_truncate() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220123001113.2460140-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=arazmjou@cloudflare.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=ignat@cloudflare.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).