From: David Ahern <dsahern@gmail.com>
To: netdev@vger.kernel.org
Cc: idosch@idosch.org, David Ahern <dsahern@gmail.com>
Subject: [PATCH v3 net-next 0/5] net/ipv6: Address checks need to consider the L3 domain
Date: Tue, 6 Mar 2018 19:58:36 -0800 [thread overview]
Message-ID: <20180307035841.774-1-dsahern@gmail.com> (raw)
IPv6 prohibits a local address from being used as a gateway for a route.
However, it is ok for the local address to be in a different L3 domain
(e.g., VRF); this allows, for example, veth pairs to connect VRFs.
ip6_route_info_create calls ipv6_chk_addr_and_flags for gateway addresses
to determine if the address is a local one, but ipv6_chk_addr_and_flags
does not currently consider L3 domains. As a result routes can not be
added in one VRF with a nexthop that points to a local address in a
second VRF.
Resolve by comparing the l3mdev for the passed in device and requiring an
l3mdev match with the device containing an address. The intent of checking
for an address on the specified device versus any device in the domain is
mantained by a new argument to skip the check between the passed in device
and the device with the address.
Patch 1 moves the gateway validation from ip6_route_info_create into a
helper; the function is long enough and refactoring drops the indent
level.
Patch 2 adds l3mdev checks to ipv6_chk_addr_and_flags and fixes up
a few ipv6_chk_addr callers that pass a NULL device.
Patches 3 and 4 do some refactoring to the fib_tests script and then
patch 5 adds nexthop validation tests.
v3
- set skip_dev_check in ipv6_chk_addr based on dev == NULL
v2
- handle 2 variations of route spec with sane error path
- add test cases
David Ahern (5):
net/ipv6: Refactor gateway validation on route add
net/ipv6: Address checks need to consider the L3 domain
selftests: fib_tests: Use an alias for ip command
selftests: fib_tests: Allow user to run a specific test
selftests: fib_tests: Add IPv6 nexthop spec tests
include/net/addrconf.h | 4 +-
net/ipv6/addrconf.c | 26 ++-
net/ipv6/anycast.c | 9 +-
net/ipv6/datagram.c | 5 +-
net/ipv6/ip6_tunnel.c | 12 +-
net/ipv6/ndisc.c | 2 +-
net/ipv6/route.c | 139 +++++++-----
tools/testing/selftests/net/fib_tests.sh | 359 +++++++++++++++++++++++--------
8 files changed, 397 insertions(+), 159 deletions(-)
--
2.11.0
next reply other threads:[~2018-03-07 3:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-07 3:58 David Ahern [this message]
2018-03-07 3:58 ` [PATCH v3 net-next 1/5] net/ipv6: Refactor gateway validation on route add David Ahern
2018-03-07 3:58 ` [PATCH v3 net-next 2/5] net/ipv6: Address checks need to consider the L3 domain David Ahern
2018-03-07 11:53 ` Kirill Tkhai
2018-03-07 11:59 ` Kirill Tkhai
2018-03-07 17:28 ` David Ahern
2018-03-07 19:53 ` David Ahern
2018-03-07 3:58 ` [PATCH v3 net-next 3/5] selftests: fib_tests: Use an alias for ip command David Ahern
2018-03-07 3:58 ` [PATCH v3 net-next 4/5] selftests: fib_tests: Allow user to run a specific test David Ahern
2018-03-07 3:58 ` [PATCH v3 net-next 5/5] selftests: fib_tests: Add IPv6 nexthop spec tests David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180307035841.774-1-dsahern@gmail.com \
--to=dsahern@gmail.com \
--cc=idosch@idosch.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).