Re: [PATCH net-next 0/8] ipv4: icmp: Fix source IP derivation in presence of VRFs

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Ido Schimmel <idosch@nvidia.com>
To: netdev@vger.kernel.org, kuba@kernel.org, pabeni@redhat.com
Cc: davem@davemloft.net, edumazet@google.com, horms@kernel.org,
	paul@paul-moore.com, dsahern@kernel.org, petrm@nvidia.com,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH net-next 0/8] ipv4: icmp: Fix source IP derivation in presence of VRFs
Date: Mon, 1 Sep 2025 11:40:26 +0300	[thread overview]
Message-ID: <aLVb-ujDn_KhOt4V@shredder> (raw)
In-Reply-To: <20250901083027.183468-1-idosch@nvidia.com>

On Mon, Sep 01, 2025 at 11:30:19AM +0300, Ido Schimmel wrote:
> Align IPv4 with IPv6 and in the presence of VRFs generate ICMP error
> messages with a source IP that is derived from the receiving interface
> and not from its VRF master. This is especially important when the error
> messages are "Time Exceeded" messages as it means that utilities like
> traceroute will show an incorrect packet path.
> 
> Patches #1-#2 are preparations.
> 
> Patch #3 is the actual change.
> 
> Patches #4-#7 make small improvements in the existing traceroute test.
> 
> Patch #8 extends the traceroute test with VRF test cases for both IPv4
> and IPv6.

Jakub / Paolo, patch #2 is going to conflict with the following net
patch:

https://lore.kernel.org/all/20250828091435.161962-1-fabian@blaese.de/

Resolution is below. Please let me know if you prefer that I repost next
week in order to avoid the conflict.

@@ -799,15 +800,16 @@ EXPORT_SYMBOL(__icmp_send);
 void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
 {
        struct sk_buff *cloned_skb = NULL;
-       struct ip_options opts = { 0 };
        enum ip_conntrack_info ctinfo;
        enum ip_conntrack_dir dir;
+       struct inet_skb_parm parm;
        struct nf_conn *ct;
        __be32 orig_ip;
 
+       memset(&parm, 0, sizeof(parm));
        ct = nf_ct_get(skb_in, &ctinfo);
        if (!ct || !(READ_ONCE(ct->status) & IPS_NAT_MASK)) {
-               __icmp_send(skb_in, type, code, info, &opts);
+               __icmp_send(skb_in, type, code, info, &parm);
                return;
        }
 
@@ -823,7 +825,7 @@ void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
        orig_ip = ip_hdr(skb_in)->saddr;
        dir = CTINFO2DIR(ctinfo);
        ip_hdr(skb_in)->saddr = ct->tuplehash[dir].tuple.src.u3.ip;
-       __icmp_send(skb_in, type, code, info, &opts);
+       __icmp_send(skb_in, type, code, info, &parm);
        ip_hdr(skb_in)->saddr = orig_ip;
 out:
        consume_skb(cloned_skb);

next prev parent reply	other threads:[~2025-09-01  8:40 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-01  8:30 [PATCH net-next 0/8] ipv4: icmp: Fix source IP derivation in presence of VRFs Ido Schimmel
2025-09-01  8:30 ` [PATCH net-next 1/8] ipv4: cipso: Simplify IP options handling in cipso_v4_error() Ido Schimmel
2025-09-02  2:36   ` David Ahern
2025-09-04 21:46   ` Paul Moore
2025-09-01  8:30 ` [PATCH net-next 2/8] ipv4: icmp: Pass IPv4 control block structure as an argument to __icmp_send() Ido Schimmel
2025-09-02  2:36   ` David Ahern
2025-09-01  8:30 ` [PATCH net-next 3/8] ipv4: icmp: Fix source IP derivation in presence of VRFs Ido Schimmel
2025-09-02  2:37   ` David Ahern
2025-09-01  8:30 ` [PATCH net-next 4/8] selftests: traceroute: Return correct value on failure Ido Schimmel
2025-09-02  2:37   ` David Ahern
2025-09-01  8:30 ` [PATCH net-next 5/8] selftests: traceroute: Use require_command() Ido Schimmel
2025-09-02  2:38   ` David Ahern
2025-09-01  8:30 ` [PATCH net-next 6/8] selftests: traceroute: Reword comment Ido Schimmel
2025-09-01  8:30 ` [PATCH net-next 7/8] selftests: traceroute: Test traceroute with different source IPs Ido Schimmel
2025-09-02  2:39   ` David Ahern
2025-09-01  8:30 ` [PATCH net-next 8/8] selftests: traceroute: Add VRF tests Ido Schimmel
2025-09-02  2:40   ` David Ahern
2025-09-01  8:40 ` Ido Schimmel [this message]
2025-09-01 18:43   ` [PATCH net-next 0/8] ipv4: icmp: Fix source IP derivation in presence of VRFs Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aLVb-ujDn_KhOt4V@shredder \
    --to=idosch@nvidia.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@kernel.org \
    --cc=edumazet@google.com \
    --cc=horms@kernel.org \
    --cc=kuba@kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=petrm@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox