Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3593964pxv; Mon, 28 Jun 2021 08:10:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyPNrlEwvUcYLHpeGhvdyCb6TZw6adP2h+Yg+WY1DXYZYs50jH5otyaadJRwvVsPYRv/mcc X-Received: by 2002:a02:9a1a:: with SMTP id b26mr58001jal.122.1624893036780; Mon, 28 Jun 2021 08:10:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624893036; cv=none; d=google.com; s=arc-20160816; b=p4Yo3ye2wZn0F+ueE3vPoNbfeSC1n8tdCh3mymmz7EdNXjZ6ypZjR0BOPBBo5a0YYo qe4v0gyS5tTRnaPoLA/6/ugAoxgilCxdfJVEwnHDvnrXCbTjU4ZOnkDXI5S6SVaOwzF3 r90QVi/8AWPMW5z0RsG3uYP5w1IE0iWptgUCeTxGsVd7CFbqWfv7vJalZ3bsUOeFTuHA l023HdPuSOzpLpre8PZh7Fk5Yz3Dz+OG3f/ndSkx+YtFzc6BFLXl4euX4kZCQVIAavQX VbH9jwgWyfJlOJI7kJm4v1vplC07vGsedp2SqfTpvSbEGIIqzJegJhQoxuG2Or4XSYrw lRCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1wJCLg+bYWyovVsqaj2UkaLi286NQcN3D/6GClDXm1A=; b=EYIfe3hnyxQm5WIDwWHAToMKL9fzBP4OlcUu+d0tYBneN2USYY3GyOKT09DulB+cRx vAKq9tZoCGZJz1NsXbUh43yvwDibBvgkU9mFnKicW6XWp0Q+LfX3a8RoNeR21dbY2jqA t/maFYW6aA2637R/Owq346WYDk3cPhlaS0YqNdOHk6O8pv61Fb2L3AFQ8xiEd9Y2s9Md +59L+4rtiraje/wp2MR7tcGDZzdWlyRKlrJn1ZZmKxzFFnwwfYjmuJ5EuhwrzaMq1ROf PB6edRNof1ZFVz9u3eqx2V2sH7wEp55Zo/bx9zYkOAsyGuZgAsy+fz25mTQ/UsThMIp3 skGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KX7HMgwf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a4si5470625ilj.44.2021.06.28.08.10.19; Mon, 28 Jun 2021 08:10:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KX7HMgwf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234511AbhF1PLN (ORCPT + 99 others); Mon, 28 Jun 2021 11:11:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:54444 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234028AbhF1Ouz (ORCPT ); Mon, 28 Jun 2021 10:50:55 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0A71961CB6; Mon, 28 Jun 2021 14:37:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1624891024; bh=WBJL4316UsyM7dv6DZFAOS02No8A0yY3pSzuk1RuKW0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KX7HMgwftwrdlCMJifa2ie/Dvpwv+BxpznhQZNJNVGenhbPowa6k/44iTS30HLa6R eXRhmNWTIEMalAMkJMOvJKt96uyBDSNSL+y1CaelG2QOZHr++nR1Ej+Eji7T6ZvSQz YKgFNEUe1XHzmdw2OyLxVWFcrwT0Hx4bW+sQlQV/WfNPj5M8bBSEhFlRomXTGeZyvE W1v7MB5ekSd6YQrTu240RXQHKpcYhdW5denE+0clHWNkyCCkT53uHAl1x2qDIMQXth TeQYFOC2SZjJqWcz8L28DWZpQpAx5orXHwNFTeaoGwFAsjjIuOvQFjb0l9Fu2Mf62a HAtz7uu82qL+A== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= , Juliusz Chroboczek , David Ahern , "David S . Miller" , Sasha Levin Subject: [PATCH 4.14 39/88] icmp: don't send out ICMP messages with a source address of 0.0.0.0 Date: Mon, 28 Jun 2021 10:35:39 -0400 Message-Id: <20210628143628.33342-40-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210628143628.33342-1-sashal@kernel.org> References: <20210628143628.33342-1-sashal@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.238-rc1.gz X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git X-KernelTest-Branch: linux-4.14.y X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git X-KernelTest-Version: 4.14.238-rc1 X-KernelTest-Deadline: 2021-06-30T14:36+00:00 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Toke Høiland-Jørgensen [ Upstream commit 321827477360934dc040e9d3c626bf1de6c3ab3c ] When constructing ICMP response messages, the kernel will try to pick a suitable source address for the outgoing packet. However, if no IPv4 addresses are configured on the system at all, this will fail and we end up producing an ICMP message with a source address of 0.0.0.0. This can happen on a box routing IPv4 traffic via v6 nexthops, for instance. Since 0.0.0.0 is not generally routable on the internet, there's a good chance that such ICMP messages will never make it back to the sender of the original packet that the ICMP message was sent in response to. This, in turn, can create connectivity and PMTUd problems for senders. Fortunately, RFC7600 reserves a dummy address to be used as a source for ICMP messages (192.0.0.8/32), so let's teach the kernel to substitute that address as a last resort if the regular source address selection procedure fails. Below is a quick example reproducing this issue with network namespaces: ip netns add ns0 ip l add type veth peer netns ns0 ip l set dev veth0 up ip a add 10.0.0.1/24 dev veth0 ip a add fc00:dead:cafe:42::1/64 dev veth0 ip r add 10.1.0.0/24 via inet6 fc00:dead:cafe:42::2 ip -n ns0 l set dev veth0 up ip -n ns0 a add fc00:dead:cafe:42::2/64 dev veth0 ip -n ns0 r add 10.0.0.0/24 via inet6 fc00:dead:cafe:42::1 ip netns exec ns0 sysctl -w net.ipv4.icmp_ratelimit=0 ip netns exec ns0 sysctl -w net.ipv4.ip_forward=1 tcpdump -tpni veth0 -c 2 icmp & ping -w 1 10.1.0.1 > /dev/null tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on veth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes IP 10.0.0.1 > 10.1.0.1: ICMP echo request, id 29, seq 1, length 64 IP 0.0.0.0 > 10.0.0.1: ICMP net 10.1.0.1 unreachable, length 92 2 packets captured 2 packets received by filter 0 packets dropped by kernel With this patch the above capture changes to: IP 10.0.0.1 > 10.1.0.1: ICMP echo request, id 31127, seq 1, length 64 IP 192.0.0.8 > 10.0.0.1: ICMP net 10.1.0.1 unreachable, length 92 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Juliusz Chroboczek Reviewed-by: David Ahern Signed-off-by: Toke Høiland-Jørgensen Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- include/uapi/linux/in.h | 3 +++ net/ipv4/icmp.c | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h index 48e8a225b985..2a66ab49f14d 100644 --- a/include/uapi/linux/in.h +++ b/include/uapi/linux/in.h @@ -280,6 +280,9 @@ struct sockaddr_in { /* Address indicating an error return. */ #define INADDR_NONE ((unsigned long int) 0xffffffff) +/* Dummy address for src of ICMP replies if no real address is set (RFC7600). */ +#define INADDR_DUMMY ((unsigned long int) 0xc0000008) + /* Network number for local host loopback. */ #define IN_LOOPBACKNET 127 diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 96ee1fbd999e..ba07f128d7ad 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -743,6 +743,13 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, icmp_param.data_len = room; icmp_param.head_len = sizeof(struct icmphdr); + /* if we don't have a source address at this point, fall back to the + * dummy address instead of sending out a packet with a source address + * of 0.0.0.0 + */ + if (!fl4.saddr) + fl4.saddr = htonl(INADDR_DUMMY); + icmp_push_reply(&icmp_param, &fl4, &ipc, &rt); ende: ip_rt_put(rt); -- 2.30.2