2022-02-09 12:21:29

by Jeffrey Ji

[permalink] [raw]
Subject: [PATCH v7 net-next] net-core: add InDropOtherhost counter

From: jeffreyji <[email protected]>

Increment InDropOtherhost counter when packet dropped due to incorrect dest
MAC addr.

An example when this drop can occur is when manually crafting raw
packets that will be consumed by a user space application via a tap
device. For testing purposes local traffic was generated using trafgen
for the client and netcat to start a server

example output from nstat:
\~# nstat -a | grep InMac
Ip6InDropOtherhost 0 0.0
IpExtInDropOtherhost 1 0.0

Tested: Created 2 netns, sent 1 packet using trafgen from 1 to the other
with "{eth(daddr=$INCORRECT_MAC...}", verified that nstat showed the
counter was incremented.

changelog:
v7: change InMacError -> InDropOtherhost

v6: rebase onto net-next

v5:
Change from SKB_DROP_REASON_BAD_DEST_MAC to SKB_DROP_REASON_OTHERHOST

v3-4:
Remove Change-Id

v2:
Use skb_free_reason() for tracing
Add real-life example in patch msg

Signed-off-by: Brian Vazquez <[email protected]>
Signed-off-by: jeffreyji <[email protected]>
---
Documentation/networking/snmp_counter.rst | 5 +++++
include/uapi/linux/snmp.h | 1 +
net/ipv4/ip_input.c | 5 +++--
net/ipv4/proc.c | 1 +
net/ipv6/ip6_input.c | 12 +++++++-----
net/ipv6/proc.c | 1 +
6 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/Documentation/networking/snmp_counter.rst b/Documentation/networking/snmp_counter.rst
index 423d138b5ff3..674f736e4e8b 100644
--- a/Documentation/networking/snmp_counter.rst
+++ b/Documentation/networking/snmp_counter.rst
@@ -214,6 +214,11 @@ wrong. Kernel verifies the checksum after updating the IcmpInMsgs and
before updating IcmpMsgInType[N]. If a packet has bad checksum, the
IcmpInMsgs would be updated but none of IcmpMsgInType[N] would be updated.

+* IcmpInDropOtherhost
+
+This counter indicates that the packet was dropped because the destination
+MAC address was incorrect.
+
* IcmpInErrors and IcmpOutErrors

Defined by `RFC1213 icmpInErrors`_ and `RFC1213 icmpOutErrors`_
diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index 904909d020e2..4f247d406b1a 100644
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -57,6 +57,7 @@ enum
IPSTATS_MIB_ECT0PKTS, /* InECT0Pkts */
IPSTATS_MIB_CEPKTS, /* InCEPkts */
IPSTATS_MIB_REASM_OVERLAPS, /* ReasmOverlaps */
+ IPSTATS_MIB_INDROPOTHERHOST, /* InDropOtherhost */
__IPSTATS_MIB_MAX
};

diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index d94f9f7e60c3..db4c36c008ff 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -450,8 +450,9 @@ static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net)
* that it receives, do not try to analyse it.
*/
if (skb->pkt_type == PACKET_OTHERHOST) {
- drop_reason = SKB_DROP_REASON_OTHERHOST;
- goto drop;
+ __IP_INC_STATS(net, IPSTATS_MIB_INDROPOTHERHOST);
+ kfree_skb_reason(skb, SKB_DROP_REASON_OTHERHOST);
+ return NULL;
}

__IP_UPD_PO_STATS(net, IPSTATS_MIB_IN, skb->len);
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 28836071f0a6..2ffa43cff799 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -117,6 +117,7 @@ static const struct snmp_mib snmp4_ipextstats_list[] = {
SNMP_MIB_ITEM("InECT0Pkts", IPSTATS_MIB_ECT0PKTS),
SNMP_MIB_ITEM("InCEPkts", IPSTATS_MIB_CEPKTS),
SNMP_MIB_ITEM("ReasmOverlaps", IPSTATS_MIB_REASM_OVERLAPS),
+ SNMP_MIB_ITEM("InDropOtherhost", IPSTATS_MIB_INDROPOTHERHOST),
SNMP_MIB_SENTINEL
};

diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index d4b1e2c5aa76..480896e13041 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -149,15 +149,17 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev,
u32 pkt_len;
struct inet6_dev *idev;

- if (skb->pkt_type == PACKET_OTHERHOST) {
- kfree_skb(skb);
- return NULL;
- }
-
rcu_read_lock();

idev = __in6_dev_get(skb->dev);

+ if (skb->pkt_type == PACKET_OTHERHOST) {
+ __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDROPOTHERHOST);
+ rcu_read_unlock();
+ kfree_skb_reason(skb, SKB_DROP_REASON_OTHERHOST);
+ return NULL;
+ }
+
__IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_IN, skb->len);

if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index d6306aa46bb1..c2d963122d1e 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -84,6 +84,7 @@ static const struct snmp_mib snmp6_ipstats_list[] = {
SNMP_MIB_ITEM("Ip6InECT1Pkts", IPSTATS_MIB_ECT1PKTS),
SNMP_MIB_ITEM("Ip6InECT0Pkts", IPSTATS_MIB_ECT0PKTS),
SNMP_MIB_ITEM("Ip6InCEPkts", IPSTATS_MIB_CEPKTS),
+ SNMP_MIB_ITEM("Ip6InDropOtherhost", IPSTATS_MIB_INDROPOTHERHOST),
SNMP_MIB_SENTINEL
};

--
2.35.0.263.gb82422642f-goog