From: Andrew Lunn <andrew@lunn.ch>
To: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: David Miller <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
David Ahern <dsahern@kernel.org>,
James Prestwood <prestwoj@gmail.com>,
Justin Iurman <justin.iurman@uliege.be>,
Praveen Chaudhary <praveen5582@gmail.com>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Eric Dumazet <edumazet@google.com>,
netdev <netdev@vger.kernel.org>
Subject: Re: [patch RFC net-next 2/3] icmp: ICMPV6: Examine invoking packet for Segment Route Headers.
Date: Wed, 1 Dec 2021 20:03:02 +0100 [thread overview]
Message-ID: <YafG5hboD7itUddn@lunn.ch> (raw)
In-Reply-To: <CA+FuTSce_Q=uyn9brCDmwijf5-zOp3G9QDqSAaU=PC7=oCxUPQ@mail.gmail.com>
On Wed, Dec 01, 2021 at 10:22:38AM -0800, Willem de Bruijn wrote:
> > > > +static void icmpv6_notify_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
> > > > +{
> > > > + struct sk_buff *skb_orig;
> > > > + struct ipv6_sr_hdr *srh;
> > > > +
> > > > + skb_orig = skb_clone(skb, GFP_ATOMIC);
> > > > + if (!skb_orig)
> > > > + return;
> > >
> > > Is this to be allowed to write to skb->cb? Or because seg6_get_srh
> > > calls pskb_may_pull to parse the headers?
> >
> > This is an ICMP error message. So we have an IP packet, skb, which
> > contains in the message body the IP packet which invoked the error. If
> > we pass skb to seg6_get_srh() it will look in the received ICMP
> > packet. But we actually want to find the SRH in the packet which
> > invoked the error, the one which is in the message body. So the code
> > makes a clone of the skb, and then updates the pointers so that it
> > points to the invoking packet within the ICMP packet. Then we can use
> > seg6_get_srh() on this inner packet, since it just looks like an
> > ordinary IP packet.
>
> Ah of course. I clearly did not appreciate the importance of that
> skb_reset_network_header.
So i should probably add a comment here. If we stick with this design.
> > Yes, i checked that. Because the skb has been cloned, if it needs to
> > rearrange the packet because it goes over a fragment boundary,
> > pskb_may_pull() will return false. And then we won't find the
> > SRH.
>
> Great. So the feature only works if the SRH is in the linear header.
Yes, traceroute will remain broken if the invoking SRH header is not
in the linear header.
> Then if the packet is not shared, you can just temporarily reset the
> network header and revert it after?
Maybe. I was worried about any side affects of such an
operation. Working on a clone seemed a lot less risky.
Is it safe to due such games with the network header?
Andrew
next prev parent reply other threads:[~2021-12-01 19:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-01 16:32 [patch RFC net-next 0/3] Fix traceroute in the presence of SRv6 Andrew Lunn
2021-12-01 16:32 ` [patch RFC net-next 1/3] seg6: export get_srh() for ICMP handling Andrew Lunn
2021-12-01 16:32 ` [patch RFC net-next 2/3] icmp: ICMPV6: Examine invoking packet for Segment Route Headers Andrew Lunn
2021-12-01 17:33 ` Willem de Bruijn
2021-12-01 18:10 ` Andrew Lunn
2021-12-01 18:22 ` Willem de Bruijn
2021-12-01 19:03 ` Andrew Lunn [this message]
2021-12-01 19:19 ` Willem de Bruijn
2021-12-01 16:32 ` [patch RFC net-next 3/3] udp6: Use Segment Routing Header for dest address if present Andrew Lunn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YafG5hboD7itUddn@lunn.ch \
--to=andrew@lunn.ch \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=justin.iurman@uliege.be \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=praveen5582@gmail.com \
--cc=prestwoj@gmail.com \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).