Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp2536777pxb;
        Sun, 23 Jan 2022 07:48:08 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwfvHZVU63EzkweNGcpRtHg+sc3Mgf7oe+08oPmK6jOIqB7HRuGGfJrHXLwQFhnMYaNzjSF
X-Received: by 2002:a17:902:bcc8:b0:14b:14c8:e82c with SMTP id o8-20020a170902bcc800b0014b14c8e82cmr10810794pls.24.1642952887930;
        Sun, 23 Jan 2022 07:48:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642952887; cv=none;
        d=google.com; s=arc-20160816;
        b=VjjN00X/UL3BWr/uG3z7nmNgO5ImXKFY/Rf0X2salNOeYR7mogryVBB0dMMdic7GZJ
         VCEPH1o5eyIqjajrakZ0q/NP8s7GPv2p37UpBR8owqvph8eM3IBDhsxzjAFBvkd5yNbO
         bBIOZbLA4EviB3imRXKmfETpGSfQ84CojdRv5LgYK1i6AS12sLXb4EMx0zywSXZRKaM6
         ViFig9OPhys1OhqGVglCiycKQ6BA4k+rdaxvblOPaZe663VBwAtrJVuGYY/bx/28lUlI
         Xd5VELWYcNI98JqWaME1FymVVI5abeoy9p1lOrPe1dz9wCO2/VQiV+/YlERryr6ARdYY
         68mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=ZZZQTciRfN1sjU7YQW/E7YrHDSlBjBDg3ej+76MWnb0=;
        b=aDtJLXmB0Ebm6WhbiQHqaY1/TC/EQj3ff2bPLrDoxrYOjcXma0wMF/NXvBit9Nyuqq
         cooEyT4e4DxGNcvjMBWPpCcTNykeOCaR6aZUF7MBDfBoT7imgKWTLPbxnWN0q2LMDFpl
         e1VOqSRfHCDeBq1QJHWnv4jaeGLZsgRGIruiYnZuWlNYh2ZtNNu9+8e7gUo/7NEKqQor
         z/MDFdSVNeda8FxE3E90iFQC6DhvuCYvkoIs+9WjAMoWTRcAr23Ae1TyrihJTbaYHwuc
         5AFsoB1oXSvSwohD25fYNFGjmWi6C3e1tuBPFDB3VgErCmvzNPoYlsg5F6jJRAFaoxrR
         Sy1g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g83bsyQN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k6si12586154pgs.247.2022.01.23.07.47.56;
        Sun, 23 Jan 2022 07:48:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=g83bsyQN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236069AbiAWAPo (ORCPT <rfc822;troverman@gmail.com> + 99 others);
        Sat, 22 Jan 2022 19:15:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36896 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235477AbiAWAO1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jan 2022 19:14:27 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D309C061788;
        Sat, 22 Jan 2022 16:13:11 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 1D6E760F9F;
        Sun, 23 Jan 2022 00:13:11 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7FBB4C340EA;
        Sun, 23 Jan 2022 00:13:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1642896790;
        bh=8YhMF9n/5Mxn8xZsLWfMDxc71WSqOIyTuusNeOqsYI8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=g83bsyQNelBe5K9ZZFcMDKPiv8LlulXVQ9DL0ieSZVuXVTaXIy2CxainZGXXJQ/pF
         2vfb9P1/sJ+V981uf1yLbESyj134rNxydJPaN07+y/J/xS3Du93xokPYhbvPmCdZMX
         Eb9B2qrfIF+JLzrw91xGTFvV+nRP/aUIrff98EcbQinG25aKU7p06RRJCL1DadLW4g
         APavZ7liuKMbTdfDhVke0D7O49NhxPVFI4SKioVaTBlvQJvL21SRJGOUqQY9SPg+FH
         dfS7FaWBLhpwjziRhfKm1F72ZP5V8zuOUGArP7hGZpBxXPVAJoqGuzAH6vs8nvIzFT
         uBQOfccoDzNig==
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Ignat Korchagin <ignat@cloudflare.com>,
        Amir Razmjou <arazmjou@cloudflare.com>,
        David Ahern <dsahern@kernel.org>,
        Jakub Kicinski <kuba@kernel.org>,
        Sasha Levin <sashal@kernel.org>, davem@davemloft.net,
        yoshfuji@linux-ipv6.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.10 3/9] sit: allow encapsulated IPv6 traffic to be delivered locally
Date:   Sat, 22 Jan 2022 19:12:52 -0500
Message-Id: <20220123001258.2460594-3-sashal@kernel.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220123001258.2460594-1-sashal@kernel.org>
References: <20220123001258.2460594-1-sashal@kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ignat Korchagin <ignat@cloudflare.com>

[ Upstream commit ed6ae5ca437d9d238117d90e95f7f2cc27da1b31 ]

While experimenting with FOU encapsulation Amir noticed that encapsulated IPv6
traffic fails to be delivered, if the peer IP address is configured locally.

It can be easily verified by creating a sit interface like below:

$ sudo ip link add name fou_test type sit remote 127.0.0.1 encap fou encap-sport auto encap-dport 1111
$ sudo ip link set fou_test up

and sending some IPv4 and IPv6 traffic to it

$ ping -I fou_test -c 1 1.1.1.1
$ ping6 -I fou_test -c 1 fe80::d0b0:dfff:fe4c:fcbc

"tcpdump -i any udp dst port 1111" will confirm that only the first IPv4 ping
was encapsulated and attempted to be delivered.

This seems like a limitation: for example, in a cloud environment the "peer"
service may be arbitrarily scheduled on any server within the cluster, where all
nodes are trying to send encapsulated traffic. And the unlucky node will not be
able to. Moreover, delivering encapsulated IPv4 traffic locally is allowed.

But I may not have all the context about this restriction and this code predates
the observable git history.

Reported-by: Amir Razmjou <arazmjou@cloudflare.com>
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220107123842.211335-1-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv6/sit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index bab0e99f6e356..db098d3f9d6fc 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -949,7 +949,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb,
 		dst_cache_set_ip4(&tunnel->dst_cache, &rt->dst, fl4.saddr);
 	}
 
-	if (rt->rt_type != RTN_UNICAST) {
+	if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
 		ip_rt_put(rt);
 		dev->stats.tx_carrier_errors++;
 		goto tx_error_icmp;
-- 
2.34.1