Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3398643pxk; Mon, 21 Sep 2020 12:37:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyxDwUMKLSGy40W9BwXmeDYQQxAOx/wJYVkpxV2dcZZAuUrQe+4MYweHNf45hy95yA+OGCz X-Received: by 2002:a05:6402:1818:: with SMTP id g24mr499662edy.332.1600717037803; Mon, 21 Sep 2020 12:37:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600717037; cv=none; d=google.com; s=arc-20160816; b=G35E+my70YyzaOtP4k+lsGUkFLrUfh0i8WfjtKdcFaVG05e4ka8bVnhASfwsWEvtFp gWzw1XKI0nIiidPi+vTZ1sdFvJy6UAKIivR/+ZjMIMVi2UXze3t12g1u18+2ghMMbcek FtNJgIulleIicQ9Ofr0KKGyqH9xs7OAphMGHQ2ov12JGtjPsrOrnvWfx4uMzWBDAVGIP KZhPoew1xxRkYDoZ6YGkWF+8U07bB4NnOjWkmDa0hKl70tX6aXMUa2JrvDkRPG06/a5a AqFQLywk8Y/4ImnslA4N78Z+/NpWKOTlB20jB7kGqa+L9hUhWsniu96F9VWxX1Gsp/OT EMbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:dkim-signature:dkim-filter; bh=h88mv0FQ3OhKhiNjYOnq0mQrk0XSJtXcZ4X4L7aUy/s=; b=kqcDkA9ZqrGvqdBCIPQfbhj1AHlxGzLAvK1vvzZVDUtDc6SD0t9Bk4SFgRdhXnrAk/ L31URx6aFT8jmYgQOFsobyDZ7E8LoCGcKgNopSECYpvanPvH9JChmNc1gVZ66vw0T8aC iQfXOoXIsg023lyHBKCDDB2PiHg5r7OiC5JLFRSDMWWtcNMzDke+x1txa+w+oTK6oaz6 0wY0OSxYWNcEXEh0Rncon8SYqkuNr1X5PxLQRsUZ+12Z5C1nDVmesxAcXzEOMgDdFp+8 VdggnnfW2TeXJ5X4PfzgQUX3wgS+C6+r7atckwzEaPa4KwZLoNBB8+5Lg1nsE2ZO4Dsi XvXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=olBRC4jF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q23si9230763ejn.400.2020.09.21.12.36.53; Mon, 21 Sep 2020 12:37:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@efficios.com header.s=default header.b=olBRC4jF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=efficios.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728215AbgIUTdn (ORCPT + 99 others); Mon, 21 Sep 2020 15:33:43 -0400 Received: from mail.efficios.com ([167.114.26.124]:33714 "EHLO mail.efficios.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727197AbgIUTdn (ORCPT ); Mon, 21 Sep 2020 15:33:43 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id BD1732CE2C5; Mon, 21 Sep 2020 15:33:41 -0400 (EDT) Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id oTjYbC3pBeDf; Mon, 21 Sep 2020 15:33:41 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mail.efficios.com (Postfix) with ESMTP id 805DD2CDC6F; Mon, 21 Sep 2020 15:33:41 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.efficios.com 805DD2CDC6F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficios.com; s=default; t=1600716821; bh=h88mv0FQ3OhKhiNjYOnq0mQrk0XSJtXcZ4X4L7aUy/s=; h=Date:From:To:Message-ID:MIME-Version; b=olBRC4jFV81xtcGsuEpSQZPuSK3a4yxMPBCyFXDDjWdH7r9s26tWbSrYuK+BjS2fH BrPDnw66cpY0V+UkdgJCTX3p9D69DsX11xCahblzALKpt8galWZbS6FwYrTq1fAtbw Zn34D4iIEfnwRTAX0vSD3wpkqU6oeWWu8nBup8ucpADiKH8y9t8h7/sig1G0qYA3zj 5VMS14HgqjWv6k/pqBDNTLMST0EvQi4Gik8hYrXXZaNGtoBvT/rmgO2Ob9ZExovluI ZK2fZt0J+hQ1Q74T2LAhs4WkXe7h9JBhTCrBCIKePatu6w8Ss6FklEwflRjMeZaXku KOMPyNm4IYw0g== X-Virus-Scanned: amavisd-new at efficios.com Received: from mail.efficios.com ([127.0.0.1]) by localhost (mail03.efficios.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id N3QvS-qFQ2BA; Mon, 21 Sep 2020 15:33:41 -0400 (EDT) Received: from mail03.efficios.com (mail03.efficios.com [167.114.26.124]) by mail.efficios.com (Postfix) with ESMTP id 764462CE2C4; Mon, 21 Sep 2020 15:33:41 -0400 (EDT) Date: Mon, 21 Sep 2020 15:33:41 -0400 (EDT) From: Mathieu Desnoyers To: David Ahern , Michael Jeanson Cc: "David S. Miller" , netdev , linux-kernel Message-ID: <1383129694.37216.1600716821449.JavaMail.zimbra@efficios.com> In-Reply-To: References: <20200918181801.2571-1-mathieu.desnoyers@efficios.com> <390b230b-629b-7f96-e7c9-b28f8b592102@gmail.com> <1453768496.36855.1600713879236.JavaMail.zimbra@efficios.com> Subject: Re: [RFC PATCH v2 0/3] l3mdev icmp error route lookup fixes MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [167.114.26.124] X-Mailer: Zimbra 8.8.15_GA_3965 (ZimbraWebClient - FF80 (Linux)/8.8.15_GA_3963) Thread-Topic: l3mdev icmp error route lookup fixes Thread-Index: oGKu+N8sth3SnnZ9IlBxnz5gbNJQTg== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- On Sep 21, 2020, at 3:11 PM, David Ahern dsahern@gmail.com wrote: > On 9/21/20 12:44 PM, Mathieu Desnoyers wrote: >> ----- On Sep 21, 2020, at 2:36 PM, David Ahern dsahern@gmail.com wrote: >> >>> On 9/18/20 12:17 PM, Mathieu Desnoyers wrote: >>>> Hi, >>>> >>>> Here is an updated series of fixes for ipv4 and ipv6 which which ensure >>>> the route lookup is performed on the right routing table in VRF >>>> configurations when sending TTL expired icmp errors (useful for >>>> traceroute). >>>> >>>> It includes tests for both ipv4 and ipv6. >>>> >>>> These fixes address specifically address the code paths involved in >>>> sending TTL expired icmp errors. As detailed in the individual commit >>>> messages, those fixes do not address similar issues related to network >>>> namespaces and unreachable / fragmentation needed messages, which appear >>>> to use different code paths. >>>> >>> >>> New selftests are failing: >>> TEST: Ping received ICMP frag needed [FAIL] >>> >>> Both IPv4 and IPv6 versions are failing. >> >> Indeed, this situation is discussed in each patch commit message: >> >> ipv4: >> >> [ It has also been pointed out that a similar issue exists with >> unreachable / fragmentation needed messages, which can be triggered by >> changing the MTU of eth1 in r1 to 1400 and running: >> >> ip netns exec h1 ping -s 1450 -Mdo -c1 172.16.2.2 >> >> Some investigation points to raw_icmp_error() and raw_err() as being >> involved in this last scenario. The focus of this patch is TTL expired >> ICMP messages, which go through icmp_route_lookup. >> Investigation of failure modes related to raw_icmp_error() is beyond >> this investigation's scope. ] >> >> ipv6: >> >> [ Testing shows that similar issues exist with ipv6 unreachable / >> fragmentation needed messages. However, investigation of this >> additional failure mode is beyond this investigation's scope. ] >> >> I do not have the time to investigate further unfortunately, so I >> thought it best to post what I have. >> > > the test setup is bad. You have r1 dropping the MTU in VRF red, but not > telling VRF red how to send back the ICMP. e.g., for IPv4 add: > > ip -netns r1 ro add vrf red 172.16.1.0/24 dev blue > > do the same for v6. > > Also, I do not see a reason for r2; I suggest dropping it. What you are > testing is icmp crossing VRF with route leaking, so there should not be > a need for r2 which leads to asymmetrical routing (172.16.1.0 via r1 and > the return via r2). CCing Michael Jeanson, author of the selftests patch. Thanks for your feedback, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com