[PATCHv2 next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6

[PATCHv2 next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6

[Mahesh Bandewar]

ICMPv6 error packets are not sent to the anycast destinations and this
prevents things like traceroute from working. So create a setting similar
to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast).

Signed-off-by: Mahesh Bandewar <maheshb@google.com>
CC: Maciej Żenczykowski <maze@google.com>
---
 Documentation/networking/ip-sysctl.rst |  7 +++++++
 include/net/netns/ipv6.h               |  1 +
 net/ipv6/af_inet6.c                    |  1 +
 net/ipv6/icmp.c                        | 15 +++++++++++++--
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index 87dd1c5283e6..b2a563ef0789 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -2719,6 +2719,13 @@ echo_ignore_anycast - BOOLEAN
 
 	Default: 0
 
+error_anycast_as_unicast - BOOLEAN
+	If set to 1, then the kernel will respond with ICMP Errors
+	resulting from requests sent to it over the IPv6 protocol destined
+	to anycast address essentially treating anycast as unicast.
+
+	Default: 0
+
 xfrm6_gc_thresh - INTEGER
 	(Obsolete since linux-4.14)
 	The threshold at which we will start garbage collecting for IPv6
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index b4af4837d80b..3cceb3e9320b 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -55,6 +55,7 @@ struct netns_sysctl_ipv6 {
 	u64 ioam6_id_wide;
 	bool skip_notify_on_dev_down;
 	u8 fib_notify_on_flag_change;
+	u8 icmpv6_error_anycast_as_unicast;
 };
 
 struct netns_ipv6 {
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 38689bedfce7..2b7ac752afc2 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -952,6 +952,7 @@ static int __net_init inet6_net_init(struct net *net)
 	net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;
 	net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;
 	net->ipv6.sysctl.icmpv6_echo_ignore_anycast = 0;
+	net->ipv6.sysctl.icmpv6_error_anycast_as_unicast = 0;
 
 	/* By default, rate limit error messages.
 	 * Except for pmtu discovery, it would break it.
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index f32bc98155bf..1465a211e592 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -362,9 +362,10 @@ static struct dst_entry *icmpv6_route_lookup(struct net *net,
 
 	/*
 	 * We won't send icmp if the destination is known
-	 * anycast.
+	 * anycast unless we need to treat anycast as unicast.
 	 */
-	if (ipv6_anycast_destination(dst, &fl6->daddr)) {
+	if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) &&
+	    ipv6_anycast_destination(dst, &fl6->daddr)) {
 		net_dbg_ratelimited("icmp6_send: acast source\n");
 		dst_release(dst);
 		return ERR_PTR(-EINVAL);
@@ -1192,6 +1193,15 @@ static struct ctl_table ipv6_icmp_table_template[] = {
 		.mode		= 0644,
 		.proc_handler = proc_do_large_bitmap,
 	},
+	{
+		.procname	= "error_anycast_as_unicast",
+		.data		= &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast,
+		.maxlen		= sizeof(u8),
+		.mode		= 0644,
+		.proc_handler	= proc_dou8vec_minmax,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_ONE,
+	},
 	{ },
 };
 
@@ -1209,6 +1219,7 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
 		table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
 		table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
 		table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
+		table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast;
 	}
 	return table;
 }
-- 
2.40.0.634.g4ca3ef3211-goog

Re: [PATCHv2 next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6

[David Ahern]

On 4/18/23 7:32 PM, Mahesh Bandewar wrote:
> ICMPv6 error packets are not sent to the anycast destinations and this
> prevents things like traceroute from working. So create a setting similar
> to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast).
> 
> Signed-off-by: Mahesh Bandewar <maheshb@google.com>
> CC: Maciej Żenczykowski <maze@google.com>
> ---
>  Documentation/networking/ip-sysctl.rst |  7 +++++++
>  include/net/netns/ipv6.h               |  1 +
>  net/ipv6/af_inet6.c                    |  1 +
>  net/ipv6/icmp.c                        | 15 +++++++++++++--
>  4 files changed, 22 insertions(+), 2 deletions(-)
> 


Reviewed-by: David Ahern <dsahern@kernel.org>

Re: [PATCHv2 next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6

[Maciej Żenczykowski]

Reviewed-by: Maciej Żenczykowski <maze@google.com>

Though I am wondering if it would make more sense to put the check
inside ipv6_anycast_destination()
'treat_anycast_as_unicast' or something.

On Thu, Apr 20, 2023 at 8:55 PM David Ahern <dsahern@kernel.org> wrote:
>
> On 4/18/23 7:32 PM, Mahesh Bandewar wrote:
> > ICMPv6 error packets are not sent to the anycast destinations and this
> > prevents things like traceroute from working. So create a setting similar
> > to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast).
> >
> > Signed-off-by: Mahesh Bandewar <maheshb@google.com>
> > CC: Maciej Żenczykowski <maze@google.com>
> > ---
> >  Documentation/networking/ip-sysctl.rst |  7 +++++++
> >  include/net/netns/ipv6.h               |  1 +
> >  net/ipv6/af_inet6.c                    |  1 +
> >  net/ipv6/icmp.c                        | 15 +++++++++++++--
> >  4 files changed, 22 insertions(+), 2 deletions(-)
> >
>
>
> Reviewed-by: David Ahern <dsahern@kernel.org>
>

Re: [PATCHv2 next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6

[Mahesh Bandewar (महेश बंडेवार)]

On Thu, Apr 20, 2023 at 12:12 PM Maciej Żenczykowski <maze@google.com> wrote:
>
> Reviewed-by: Maciej Żenczykowski <maze@google.com>
>
> Though I am wondering if it would make more sense to put the check
> inside ipv6_anycast_destination()
> 'treat_anycast_as_unicast' or something.
>
I prefer the current form as it maintains the current semantics of
'ipv6_anycast_destination' which is used at other places as well.

> On Thu, Apr 20, 2023 at 8:55 PM David Ahern <dsahern@kernel.org> wrote:
> >
> > On 4/18/23 7:32 PM, Mahesh Bandewar wrote:
> > > ICMPv6 error packets are not sent to the anycast destinations and this
> > > prevents things like traceroute from working. So create a setting similar
> > > to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast).
> > >
> > > Signed-off-by: Mahesh Bandewar <maheshb@google.com>
> > > CC: Maciej Żenczykowski <maze@google.com>
> > > ---
> > >  Documentation/networking/ip-sysctl.rst |  7 +++++++
> > >  include/net/netns/ipv6.h               |  1 +
> > >  net/ipv6/af_inet6.c                    |  1 +
> > >  net/ipv6/icmp.c                        | 15 +++++++++++++--
> > >  4 files changed, 22 insertions(+), 2 deletions(-)
> > >
> >
> >
> > Reviewed-by: David Ahern <dsahern@kernel.org>
> >

Re: [PATCHv2 next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 18 Apr 2023 18:32:38 -0700 you wrote:
> ICMPv6 error packets are not sent to the anycast destinations and this
> prevents things like traceroute from working. So create a setting similar
> to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast).
> 
> Signed-off-by: Mahesh Bandewar <maheshb@google.com>
> CC: Maciej Żenczykowski <maze@google.com>
> 
> [...]

Here is the summary with links:
  - [PATCHv2,next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6
    https://git.kernel.org/netdev/net-next/c/7ab75456be14

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html