From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Hemminger <stephen@networkplumber.org>
Subject: Fw: [Bug 198521] New: VRF: VRF device does not egress all
 broadcast(255.255.255.255) destined packet
Date: Fri, 19 Jan 2018 08:17:10 -0800
Message-ID: <20180119081710.5b951a9b@xeon-e3>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: netdev@vger.kernel.org
To: David Ahern <dsahern@gmail.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pf0-f175.google.com ([209.85.192.175]:36146 "EHLO
        mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755830AbeASSkh (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 19 Jan 2018 13:40:37 -0500
Received: by mail-pf0-f175.google.com with SMTP id 23so1987989pfp.3
        for <netdev@vger.kernel.org>; Fri, 19 Jan 2018 10:40:37 -0800 (PST)
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>



Begin forwarded message:

Date: Fri, 19 Jan 2018 12:59:23 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 198521] New: VRF: VRF device does not egress all broadcast(25=
5.255.255.255) destined packet


https://bugzilla.kernel.org/show_bug.cgi?id=3D198521

            Bug ID: 198521
           Summary: VRF: VRF device does not egress all
                    broadcast(255.255.255.255) destined packet
           Product: Networking
           Version: 2.5
    Kernel Version: Linux version 4.9.71
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: blocking
          Priority: P1
         Component: IPV4
          Assignee: stephen@networkplumber.org
          Reporter: sukumarg1973@gmail.com
        Regression: No

CONFIGURATION AND PACKET FLOW:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D

1) Created VRF device(VRF_258) and enslaved network device(v2_F4252) to this
VRF.

/exos/bin # ip link show vrf_258
13: vrf_258: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP mo=
de
DEFAULT group default qlen 1000
    link/ether 00:04:96:9a:b4:f7 brd ff:ff:ff:ff:ff:ff


/exos/bin # ip link show v2_F4252
150: v2_F4252: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue mas=
ter
vrf_258 state UNKNOWN mode DEFAULT group default qlen 1
    link/ether 00:04:96:9a:b4:f7 brd ff:ff:ff:ff:ff:ff

/exos/bin # ifconfig -a v2_F4252
v2_F4252  Link encap:Ethernet  HWaddr 00:04:96:9A:B4:F7 =20
          inet addr:20.20.20.10  Bcast:20.20.20.255  Mask:255.255.255.0
          inet6 addr: 2001::1/64 Scope:Global
          inet6 addr: fe80::204:96ff:fe9a:b4f7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1=20
          RX bytes:12628 (12.3 KiB)  TX bytes:1184 (1.1 KiB)

/exos/bin # ifconfig -a vrf_258
vrf_258   Link encap:Ethernet  HWaddr 00:04:96:9A:B4:F7 =20
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP RUNNING NOARP MASTER  MTU:65536  Metric:1
          RX packets:96 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000=20
          RX bytes:28368 (27.7 KiB)  TX bytes:14592 (14.2 KiB)


/exos/bin # ip route show  table 258
default via 20.20.20.1 dev v2_F4252 proto gated metric 10=20
unreachable default metric 8192=20
broadcast 20.20.20.0 dev v2_F4252 proto kernel scope link src 20.20.20.10=20
20.20.20.0/24 dev v2_F4252 proto kernel scope link src 20.20.20.10=20
local 20.20.20.10 dev v2_F4252 proto kernel scope host src 20.20.20.10=20
broadcast 20.20.20.255 dev v2_F4252 proto kernel scope link src 20.20.20.10=
=20
local 90.90.90.10 dev v9_F4254 proto kernel scope host src 90.90.90.10=20
broadcast 127.0.0.0 dev vrf_258 proto kernel scope link src 127.0.0.1=20
127.0.0.0/8 dev vrf_258 proto kernel scope link src 127.0.0.1=20
local 127.0.0.1 dev vrf_258 proto kernel scope host src 127.0.0.1=20
broadcast 127.255.255.255 dev vrf_258 proto kernel scope link src 127.0.0.1=
=20


2) Opened UDP socket SO_BINDTODEVICE to VRF_258 device, enabled SO_BROADCAST
setsockoption.
Transmitting UDP packet with SrcIP =3D 20.20.20.10 and DstIP=3D255.255.255.=
255 on
v2_F4252 mentioned in pktinfo cmsg header

3) udp_sendmsg() receives the packet then packet given to VRF processing.=20
vrf_ip_out() function divert only mulicast packet but broadcast has not been
diverted so VRF device started processing
the broadcast packet destined to 255.255.255.255.

4) vrf_ip_out() function  gets vrf->rth dst entry and invokes vrf_output().

5) finally packet enters vrf_process_v4_outbound() function. Here route loo=
kup
is performed
    ip_route_output_flow() for this flow on VRF_258.
    Lookup returned=20
          routes rt->rt_gateway =3D 0,=20
          rt_type =3D 3(BROADCAST),=20
          rt->rt_flags=3D 90000000(BROADCAST and LOCAL),=20
          rt->dst.dev =3D VRF_258

    Instead of packet egressing, below check ( rt->dst.dev =3D=3D vrf_dev) =
forcing
the packet to Rx path so packet got
    looped back and not egressing.
    if (rt->dst.dev =3D=3D net->loopback_dev || rt->dst.dev =3D=3D vrf_dev =
) {
    }


Workaround:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

 1) is 255.255.255.255 routeable address ? if not, then packet should not be
given to VRF processing
 2) This packet also to be diverted similar to broadcast packet. following
patch solved the issue

   static struct sk_buff *vrf_ip_out(struct net_device *vrf_dev, struct
        sock *sk, struct sk_buff *skb) {

        /* don=E2=80=99t divert multicast */
        if (ipv4_is_multicast(ip_hdr(skb)->daddr))
        return skb;

        /* MY PATCH BEGIN */
        /* don=E2=80=99t divert broadcast */
        if (ipv4_is_lbcast(ip_hdr(skb)->daddr))
         return skb;
        /* MY PATCH END */

--=20
You are receiving this mail because:
You are the assignee for the bug.