Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp702853pxa; Tue, 11 Aug 2020 12:51:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxXg+1U6FWz54harfUjzagXviOVdsqOwWo6Q3XAD0edqUVM1BvSuWUc5VIhX5ud8jG2lq3B X-Received: by 2002:a17:906:aed4:: with SMTP id me20mr29292469ejb.141.1597175485637; Tue, 11 Aug 2020 12:51:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597175485; cv=none; d=google.com; s=arc-20160816; b=fmpoAtHmZKReLkN8434wGF6SOM0ZGkvOO1lHAK4POgg18bFOh4Ycv+7YH2WRPzwFTk U8BovWSsmJgUEWrDmERzfFhOYQEbpz/tHZrumMs0v5nmpM7zBn7WPI6VUnJk79lhp31K TYdmdYgshiIK3tmH10Xy1YEllgdX93XQM0nPgLHb6+caolAYx9fOMzaM8uKnTlWSVIHG lXIgNorMYVX5GZwL1fE0NhDUvGgSQJe44SYvl93GhqU52ZrcxJ17rEpaWsO7+s9qVm9p k6PIJglODQ876CdDo1GxjKz9vtjkOzlUg//jruV7qnSjlwhB3Iwd5FKDM35TqLRHiAdx OAgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:dkim-filter; bh=hirGB7719ENx0a4MEmZZHjARmO79aShnRe+cHp8/M/w=; b=YPKIVTBw9NXkw81a/K6dVVKlwdzfNOwJXlCXavcY6XMu5v+rGklbvPOh60g9EiByR7 DJd5OvkX+alwm0RxohGqwgHV8c+LS/sH9i7qTB8ZJtegq6kO/pYKZFICxQ+vaWej/Ahp b2OFx/oGEMbiERtGZMpskemTIHJoiybP1Nwq6/FCls34ZUlYAWo1uJ67qzyU0zP3R7qh N0a1vYr61xU9YsLaPNsM147S2D45JcYLlcvh6+k3yWsIOptjLp2NbQjBATYdWSkMXfq7 JxvL9L+92t9dCTNrxydnxM0KgApVPYzagSeEuuj8lxiB46AhCBObj3MkPmWIQ9uFd3Tt +tuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=Sx0JsDe1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v8si16421405edl.307.2020.08.11.12.51.02; Tue, 11 Aug 2020 12:51:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=Sx0JsDe1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726558AbgHKTuS (ORCPT + 99 others); Tue, 11 Aug 2020 15:50:18 -0400 Received: from mail.efficios.com ([167.114.26.124]:58242 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726479AbgHKTuO (ORCPT ); Tue, 11 Aug 2020 15:50:14 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id B6C042CFB27; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 1GnV_Lvrq8dV; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id 7867C2CFA35; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com 7867C2CFA35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1597175413; bh=hirGB7719ENx0a4MEmZZHjARmO79aShnRe+cHp8/M/w=; h=From:To:Date:Message-Id; b=Sx0JsDe1+j8ij9qqcdv+jlM6j8P30aT4ypK9yRwRD2F5/Y6ZCSWQ0CtQ/6KQONjX6 Q7m7YQ5exvOD4DgZDkrz6Eh1aXeUrm/W5WbE8iTnxfAUh1h6gpGD7WpG8CsKkOwxn3 q4wqLNKBtWo5ge5ZYA1AB01IMGrJYLWEx4uUcDTquxJymo6R5/nG82fO7DLb6le0PC ISSfTaosfyii+w9hQrRzTqbCmJB9qGnmycMjDD3b2MSFdF6++eWa3mdm9ln7nfRz6P eWd38XCc2aRiBYnI7nr+2egpWN4YOUmiuDEHODUvPN9a11zz0TxpYKO6f1wC5bvNFv qf28K1x3uFVNA== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SCAqtuGKfgP0; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) Received: from localhost.localdomain (192-222-181-218.qc.cable.ebox.net [192.222.181.218]) by mail.efficios.com (Postfix) with ESMTPSA id 28BA32CFB26; Tue, 11 Aug 2020 15:50:13 -0400 (EDT) From: Mathieu Desnoyers To: David Ahern Cc: linux-kernel@vger.kernel.org, Mathieu Desnoyers , "David S . Miller" , netdev@vger.kernel.org Subject: [PATCH 3/3] ipv6/icmp: l3mdev: Perform icmp error route lookup on source device routing table Date: Tue, 11 Aug 2020 15:50:03 -0400 Message-Id: <20200811195003.1812-4-mathieu.desnoyers@efficios.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200811195003.1812-1-mathieu.desnoyers@efficios.com> References: <20200811195003.1812-1-mathieu.desnoyers@efficios.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As per RFC4443, the destination address field for ICMPv6 error messages is copied from the source address field of the invoking packet. In configurations with Virtual Routing and Forwarding tables, looking up which routing table to use for sending ICMPv6 error messages is currently done by using the destination net_device. If the source and destination interfaces are within separate VRFs, or one in the global routing table and the other in a VRF, looking up the source address of the invoking packet in the destination interface's routing table will fail if the destination interface's routing table contains no route to the invoking packet's source address. One observable effect of this issue is that traceroute6 does not work in the following cases: - Route leaking between global routing table and VRF - Route leaking between VRFs Preferably use the source device routing table when sending ICMPv6 error messages. If no source device is set, fall-back on the destination device routing table. Link: https://tools.ietf.org/html/rfc4443 Signed-off-by: Mathieu Desnoyers Cc: David Ahern Cc: David S. Miller Cc: netdev@vger.kernel.org --- net/ipv6/icmp.c | 15 +++++++++++++-- net/ipv6/ip6_output.c | 2 -- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index a4e4912ad607..a971b58b0371 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -501,8 +501,19 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, if (__ipv6_addr_needs_scope_id(addr_type)) { iif = icmp6_iif(skb); } else { - dst = skb_dst(skb); - iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev); + struct net_device *route_lookup_dev = NULL; + + /* + * The device used for looking up which routing table to use is + * preferably the source whenever it is set, which should + * ensure the icmp error can be sent to the source host, else + * fallback on the destination device. + */ + if (skb->dev) + route_lookup_dev = skb->dev; + else if (skb_dst(skb)) + route_lookup_dev = skb_dst(skb)->dev; + iif = l3mdev_master_ifindex(route_lookup_dev); } /* diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index c78e67d7747f..cd623068de53 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -468,8 +468,6 @@ int ip6_forward(struct sk_buff *skb) * check and decrement ttl */ if (hdr->hop_limit <= 1) { - /* Force OUTPUT device used as source address */ - skb->dev = dst->dev; icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); -- 2.17.1