From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eyal Birger Subject: Re: [PATCH ipsec, resend 1/1] xfrm: Make set-mark default behavior backward compatible Date: Tue, 15 Jan 2019 07:11:33 +0200 Message-ID: <20190115071133.768075a4@jimi> References: <20190114192438.198153-1-benedictwong@google.com> <20190114192438.198153-2-benedictwong@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: netdev@vger.kernel.org, steffen.klassert@secunet.com, tobias@strongswan.org, lorenzo@google.com, nharold@google.com, maze@google.com To: Benedict Wong Return-path: Received: from mail-wr1-f66.google.com ([209.85.221.66]:44815 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726842AbfAOFLl (ORCPT ); Tue, 15 Jan 2019 00:11:41 -0500 Received: by mail-wr1-f66.google.com with SMTP id z5so1399059wrt.11 for ; Mon, 14 Jan 2019 21:11:40 -0800 (PST) In-Reply-To: <20190114192438.198153-2-benedictwong@google.com> Sender: netdev-owner@vger.kernel.org List-ID: Hi Benedict, On Mon, 14 Jan 2019 11:24:38 -0800 Benedict Wong wrote: > Fixes 9b42c1f179a6, which changed the default route lookup behavior > for tunnel mode SAs in the outbound direction to use the skb mark, > whereas previously mark=3D0 was used if the output mark was > unspecified. In mark-based routing schemes such as Android=E2=80=99s, this > change in default behavior causes routing loops or lookup failures. >=20 > This patch restores the default behavior of using a 0 mark while still > incorporating the skb mark if the SET_MARK (and SET_MARK_MASK) is > specified. It's a little sad that we didn't distinguish between 'no-mark-provided' and 'mark =3D mask =3D 0'. IIUC before this fix, explicitly setting mark, mask to a) mark =3D 0, mask =3D 0xffffffff and b) mark =3D 0, mask =3D 0 be= haved differently, whereas after this fix they will act the same. But as it seems there was never support for the (b) scenario and commit 9b42c1f179a6 broke the existing behavior, so I'm ok with this fix. Thanks! Eyal. >=20 > Tested with additions to Android's kernel unit test suite: > https://android-review.googlesource.com/c/kernel/tests/+/860150 >=20 > Fixes: 9b42c1f179a6 ("xfrm: Extend the output_mark to support input > direction and masking") Signed-off-by: Benedict Wong > --- > net/xfrm/xfrm_policy.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) >=20 > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c > index 934492bad8e0..5f574ede1332 100644 > --- a/net/xfrm/xfrm_policy.c > +++ b/net/xfrm/xfrm_policy.c > @@ -2600,7 +2600,10 @@ static struct dst_entry > *xfrm_bundle_create(struct xfrm_policy *policy, > dst_copy_metrics(dst1, dst);=20 > if (xfrm[i]->props.mode !=3D XFRM_MODE_TRANSPORT) { > - __u32 mark =3D xfrm_smark_get(fl->flowi_mark, > xfrm[i]); > + __u32 mark =3D 0; > + > + if (xfrm[i]->props.smark.v || > xfrm[i]->props.smark.m) > + mark =3D > xfrm_smark_get(fl->flowi_mark, xfrm[i]);=20 > family =3D xfrm[i]->props.family; > dst =3D xfrm_dst_lookup(xfrm[i], tos, > fl->flowi_oif,