Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[Pekka Savola]

(Re-sending as netdev was non-operational yesterday.)

On Fri, 16 Jan 2004, Ville Nuorvala wrote:
> > It's still at the starting phase -- now would be an excellent time to
> > bring this up.
> 
> OK, I guess I'll send a question to the ipv6 list.

Please do -- I've already raised too many issues in that spec :-)

> Let's assume the proxy handles (both link-local and global) NUD
> probes correctly. What will it do with the rest of the unicast packets?
> 
> Packets to a global address may be routed to the proxied node if the
> router has a route to it, but what should it do to link-local packets? The
> desired behavior isn't described in RFC2461, but the MIPv6 draft has a
> proposal.

Right.
 
> No, *assuming* we have a proxy capable of capturing NUD probes, my patch
> will send an Address Unreachable message in response to all link-local
> unicast traffic *except* ND, since it is already handled separately.
> Since ND works normally, my patch doesn't limit link-local proxying. It
> just warns the sender that any link-local traffic it is trying to send
> can't be delivered to the destination.

OK.
 
> > It can give back ICMP error messages, if necessary.  I don't know
> > which path a Thaler proxy would use though.
> 
> It can't really use ip6_forward() anyway, since the funtion decreases the
> hop limit of the packet and drops all traffic from a link-local source
> address etc, etc.
> 
> Since the Thaler proxy clearly needs some other forwarding function than
> ip6_forward(), my proposed patch doesn't affect its behavior in any way.

Ok, if your modification is in ip6_forward() (I didn't check), I guess 
it would OK, with a sufficient comment to bring up that a future 
implementation might treat link-local proxying differently.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[Ville Nuorvala]

On Sat, 17 Jan 2004, Pekka Savola wrote:

> > Since the Thaler proxy clearly needs some other forwarding function than
> > ip6_forward(), my proposed patch doesn't affect its behavior in any way.
>
> Ok, if your modification is in ip6_forward() (I didn't check), I guess
> it would OK, with a sufficient comment to bring up that a future
> implementation might treat link-local proxying differently.

Dave, since even Pekka is now convinced this patch doesn't break anything,
would you consider applying it? :)

Slightly (cleaned up version of) patch below.

Thanks,
Ville

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.1521  -> 1.1522
#	net/ipv6/ip6_output.c	1.49    -> 1.50
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 04/01/27	vnuorval@dsl-hkigw1o3c.dial.inet.fi	1.1522
# The MIPv6 specification requires we send an ICMPv6 Destination Unreachable,
# Address Unreachable, message in response to traffic to a proxied link-local address
# --------------------------------------------
#
diff -Nru a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
--- a/net/ipv6/ip6_output.c	Tue Jan 27 22:05:56 2004
+++ b/net/ipv6/ip6_output.c	Tue Jan 27 22:05:56 2004
@@ -385,6 +385,15 @@
 	if (!xfrm6_route_forward(skb))
 		goto drop;

+	/* The proxying router can't forward traffic sent to a link-local
+	   address, so signal the sender and discard the packet. This
+	   behavior is required by the MIPv6 specification. */
+
+	if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL &&
+	    skb->dev && pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) {
+		dst_link_failure(skb);
+		goto drop;
+	}
 	/* IPv6 specs say nothing about it, but it is clear that we cannot
 	   send redirects to source routed frames.
 	 */
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[YOSHIFUJI Hideaki / 吉藤英明]

In article <Pine.LNX.4.58.0401272259160.28384@rhea.tcs.hut.fi> (at Tue, 27 Jan 2004 23:11:20 +0200 (EET)), Ville Nuorvala <vnuorval@tcs.hut.fi> says:

> Dave, since even Pekka is now convinced this patch doesn't break anything,
:

> +	/* The proxying router can't forward traffic sent to a link-local
> +	   address, so signal the sender and discard the packet. This
> +	   behavior is required by the MIPv6 specification. */

Would you please clarify the word "can't" and its reasons?
won't? don't? or whatever?

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[Pekka Savola]

On Wed, 28 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] ^[$B5HF#1QL@^[(B wrote:
> In article <Pine.LNX.4.58.0401272259160.28384@rhea.tcs.hut.fi> (at Tue, 27 Jan 2004 23:11:20 +0200 (EET)), Ville Nuorvala <vnuorval@tcs.hut.fi> says:
> > +	/* The proxying router can't forward traffic sent to a link-local
> > +	   address, so signal the sender and discard the packet. This
> > +	   behavior is required by the MIPv6 specification. */
> 
> Would you please clarify the word "can't" and its reasons?
> won't? don't? or whatever?

I think "can't" in this context means, "it can't be _forwarded_
because it's link-local".  It could be proxied using some other
function than ip6_forward, though.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[Ville Nuorvala]

On Wed, 28 Jan 2004, Pekka Savola wrote:

> On Wed, 28 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] µÈÆ£±ÑÌÀ wrote:
> > In article <Pine.LNX.4.58.0401272259160.28384@rhea.tcs.hut.fi> (at Tue, 27 Jan 2004 23:11:20 +0200 (EET)), Ville Nuorvala <vnuorval@tcs.hut.fi> says:
> > > +	/* The proxying router can't forward traffic sent to a link-local
> > > +	   address, so signal the sender and discard the packet. This
> > > +	   behavior is required by the MIPv6 specification. */
> >
> > Would you please clarify the word "can't" and its reasons?
> > won't? don't? or whatever?
>
> I think "can't" in this context means, "it can't be _forwarded_
> because it's link-local".  It could be proxied using some other
> function than ip6_forward, though.

Yes.

--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[David S. Miller]

On Tue, 27 Jan 2004 23:11:20 +0200 (EET)
Ville Nuorvala <vnuorval@tcs.hut.fi> wrote:

> Dave, since even Pekka is now convinced this patch doesn't break anything,
> would you consider applying it? :)

Yoshfuji asked for some time, so let us give it to him so he
may analyze your change without rushing.

Thanks.

Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[YOSHIFUJI Hideaki / 吉藤英明]

In article <20040128115910.0a83e906.davem@redhat.com> (at Wed, 28 Jan 2004 11:59:10 -0800), "David S. Miller" <davem@redhat.com> says:

> On Tue, 27 Jan 2004 23:11:20 +0200 (EET)
> Ville Nuorvala <vnuorval@tcs.hut.fi> wrote:
> 
> > Dave, since even Pekka is now convinced this patch doesn't break anything,
> > would you consider applying it? :)
> 
> Yoshfuji asked for some time, so let us give it to him so he
> may analyze your change without rushing.

David, I'm (or we're) ok with this patch. Please apply. Thanks.
(But I still do not eat the proxy ND patch.)

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: (usagi-core 17336) Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[YOSHIFUJI Hideaki / 吉藤英明]

In article <20040203.171952.105535895.yoshfuji@linux-ipv6.org> (at Tue, 03 Feb 2004 17:19:52 +0900 (JST)), YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> says:

> In article <20040128115910.0a83e906.davem@redhat.com> (at Wed, 28 Jan 2004 11:59:10 -0800), "David S. Miller" <davem@redhat.com> says:
> 
> > On Tue, 27 Jan 2004 23:11:20 +0200 (EET)
> > Ville Nuorvala <vnuorval@tcs.hut.fi> wrote:
> > 
> > > Dave, since even Pekka is now convinced this patch doesn't break anything,
> > > would you consider applying it? :)
> > 
> > Yoshfuji asked for some time, so let us give it to him so he
> > may analyze your change without rushing.
> 
> David, I'm (or we're) ok with this patch. Please apply. Thanks.
> (But I still do not eat the proxy ND patch.)

Oops, I need to say something.
I however think this should be postponed after linux-2.6.2 is up
since this patch is not so "critical" fix.

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: (usagi-core 17336) Re: [PATCH|RFC] IPv6: have a proxy discard link-local traffic

[David S. Miller]

On Tue, 03 Feb 2004 17:24:19 +0900 (JST)
YOSHIFUJI Hideaki / ^[$B5HF#1QL@^[(B <yoshfuji@linux-ipv6.org> wrote:

> I however think this should be postponed after linux-2.6.2 is up
> since this patch is not so "critical" fix.

I agree, Ville please resubmit once 2.6.2 is out.