From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <netdev-owner@vger.kernel.org>
Received: from mail-pl0-f51.google.com ([209.85.160.51]:32977 "EHLO
        mail-pl0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751307AbeB0RJV (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 27 Feb 2018 12:09:21 -0500
Received: by mail-pl0-f51.google.com with SMTP id c11-v6so8326009plo.0
        for <netdev@vger.kernel.org>; Tue, 27 Feb 2018 09:09:21 -0800 (PST)
Subject: Re: VRF destination unreachable
To: Stephen Suryaputra <ssuryaextr@gmail.com>
Cc: netdev@vger.kernel.org
References: <CAHapkUjkKioeB33HsKLpk3N=TC5TV=cH+JinKwv5FpiUiWqQBg@mail.gmail.com>
 <ea64f398-48bf-b2ba-0cd5-5d7ed113d3d8@gmail.com>
 <CAHapkUgiZwAaG8FA+BcTwc--UYmXQ-cD0-_3Ews7F6-PrCymcw@mail.gmail.com>
From: David Ahern <dsahern@gmail.com>
Message-ID: <7542e99d-7cc1-ac6d-c266-d75a60047df8@gmail.com>
Date: Tue, 27 Feb 2018 10:09:18 -0700
MIME-Version: 1.0
In-Reply-To: <CAHapkUgiZwAaG8FA+BcTwc--UYmXQ-cD0-_3Ews7F6-PrCymcw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On 2/27/18 9:09 AM, Stephen Suryaputra wrote:
> Thanks David for confirming that this is unintended.
> 
> Given that, I think the fix isn't complete because when forwarding
> isn't enabled on the original incoming netdev, the ICMP shouldn't be
> generated. This diff fixes that case:
> 
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index a4f44d8..dc40a94 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -937,13 +937,20 @@ static int ip_error(struct sk_buff *skb)
>         struct net *net;
>         bool send;
>         int code;
> +       int in_dev_forward;

declarations are in reverse xmas tree order. ie., put this new one after
peer.


> 
>         /* IP on this device is disabled. */
>         if (!in_dev)
>                 goto out;
> 
>         net = dev_net(rt->dst.dev);
> -       if (!IN_DEV_FORWARD(in_dev)) {
> +       if (netif_is_l3_master(skb->dev)) {
> +               in_dev_forward = IN_DEV_FORWARD(
> +                       __in_dev_get_rcu(__dev_get_by_index(net,
> IPCB(skb)->iif)));
> +       } else {
> +               in_dev_forward = IN_DEV_FORWARD(in_dev);
> +       }

That looks correct.

> +       if (!in_dev_forward) {
>                 switch (rt->dst.error) {
>                 case EHOSTUNREACH:
>                         __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
> 
> I can put a formal patch if you like.
> 

please do.