Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4429132imw; Tue, 19 Jul 2022 06:31:25 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uwIbwo/dJ01omITFReSgWFagOsqB6ZfRaQ1iE+KgdIKdX7RC0RJgmY2S5aIHQFQhKYCG9b X-Received: by 2002:a05:6870:b024:b0:10d:2197:20ff with SMTP id y36-20020a056870b02400b0010d219720ffmr9851962oae.246.1658237484932; Tue, 19 Jul 2022 06:31:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658237484; cv=none; d=google.com; s=arc-20160816; b=nBAJeeKYXEERvM1ki7cY2Og8XlqZEhi0ZkwFL4cQ7PFltCW6r409wtaY1j9rGzzlVK mXm42vF3QLgp0ttykM92OI3JnTYHDx+RNGyIUCPSaIJqe8sAGzy9X9fkaKOJBqg0k654 NNaV7HUdXTQ+y6lJImz0gvYNZRFj7D+krltiH8Fd2twha2nrgxE2i4D74LhlL8EPai2m 8E48d7i9LZ1Ge1tY7k1KcVqoFE+H+22H16GsS+RPs1qsBXRQPe+QxBFrDfd5lvvlnkHR E9U6yFDM/OAE6x17I34mvLBPS58t/v3YvbamFLPmwyH1D/BYjkNvdSnDZR71Crux5PVs HlAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=E78nFCobDTM7me2aw4lSmILUGbVmSHOZ6UikRCWgqUc=; b=S65RDr7gRDUjQB2TDyAjD3Mt6GwlFIUfDUkTb8SRwSq+zt0ZYJzFl+siYkoJf22yME zEhIHcDR1dZ3clE6QduW6Re/TxSfBR4vB0XCuzquS8OogxlX0oDMFb1cl4QUGxMaPZEW j12UiyEdQ+1PBc2+0Tbn08LgNXArgUlazFayLHuWV7hi8SWILJhYIzo3XIlrGk3YI8di dy4qMDVxuC3q/bMNBl2K+4Ryc0ZD/WeQEzgUxg3DEeZm6RdhxQ4bjArYuxUPL2i0Kbda aKOIO2r7LAsVkrUpCGVi7YIJAJa5BZRv6LUR34yscnDBS+9fgtlRG2B0xy4Z1dcmEg8V nLKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="WcX/mfg6"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v6-20020a056870b50600b000f1be2642besi13024573oap.110.2022.07.19.06.31.10; Tue, 19 Jul 2022 06:31:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="WcX/mfg6"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239039AbiGSMRU (ORCPT + 99 others); Tue, 19 Jul 2022 08:17:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239045AbiGSMOD (ORCPT ); Tue, 19 Jul 2022 08:14:03 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 816CCDF13; Tue, 19 Jul 2022 05:05:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id ABCBAB81B34; Tue, 19 Jul 2022 12:05:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 07150C341C6; Tue, 19 Jul 2022 12:05:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1658232305; bh=XIm1RDUKTEYzVPpNcWAkSKsc29TR4NM5H29PrGSnlME=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WcX/mfg6e/gYv/UeFNuQX44xgQxC0sehH6I87KeI1zyClEQ8VjMBJKaVj4W985nPd PuVnqc49N4FISO0eYxBbaINpIS1qGpwOLS92ctSLVOxyZCO0eq9cXoYkeh+iPYYpa2 7WK/68GUCF5Mp45L9KCaU77lHmXg/O5dZGC8SyYY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Edwin Brossette , Nicolas Dichtel , Paolo Abeni Subject: [PATCH 5.10 012/112] ip: fix dflt addr selection for connected nexthop Date: Tue, 19 Jul 2022 13:53:05 +0200 Message-Id: <20220719114627.180500158@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220719114626.156073229@linuxfoundation.org> References: <20220719114626.156073229@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nicolas Dichtel commit 747c14307214b55dbd8250e1ab44cad8305756f1 upstream. When a nexthop is added, without a gw address, the default scope was set to 'host'. Thus, when a source address is selected, 127.0.0.1 may be chosen but rejected when the route is used. When using a route without a nexthop id, the scope can be configured in the route, thus the problem doesn't exist. To explain more deeply: when a user creates a nexthop, it cannot specify the scope. To create it, the function nh_create_ipv4() calls fib_check_nh() with scope set to 0. fib_check_nh() calls fib_check_nh_nongw() wich was setting scope to 'host'. Then, nh_create_ipv4() calls fib_info_update_nhc_saddr() with scope set to 'host'. The src addr is chosen before the route is inserted. When a 'standard' route (ie without a reference to a nexthop) is added, fib_create_info() calls fib_info_update_nhc_saddr() with the scope set by the user. iproute2 set the scope to 'link' by default. Here is a way to reproduce the problem: ip netns add foo ip -n foo link set lo up ip netns add bar ip -n bar link set lo up sleep 1 ip -n foo link add name eth0 type dummy ip -n foo link set eth0 up ip -n foo address add 192.168.0.1/24 dev eth0 ip -n foo link add name veth0 type veth peer name veth1 netns bar ip -n foo link set veth0 up ip -n bar link set veth1 up ip -n bar address add 192.168.1.1/32 dev veth1 ip -n bar route add default dev veth1 ip -n foo nexthop add id 1 dev veth0 ip -n foo route add 192.168.1.1 nhid 1 Try to get/use the route: > $ ip -n foo route get 192.168.1.1 > RTNETLINK answers: Invalid argument > $ ip netns exec foo ping -c1 192.168.1.1 > ping: connect: Invalid argument Try without nexthop group (iproute2 sets scope to 'link' by dflt): ip -n foo route del 192.168.1.1 ip -n foo route add 192.168.1.1 dev veth0 Try to get/use the route: > $ ip -n foo route get 192.168.1.1 > 192.168.1.1 dev veth0 src 192.168.0.1 uid 0 > cache > $ ip netns exec foo ping -c1 192.168.1.1 > PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. > 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.039 ms > > --- 192.168.1.1 ping statistics --- > 1 packets transmitted, 1 received, 0% packet loss, time 0ms > rtt min/avg/max/mdev = 0.039/0.039/0.039/0.000 ms CC: stable@vger.kernel.org Fixes: 597cfe4fc339 ("nexthop: Add support for IPv4 nexthops") Reported-by: Edwin Brossette Signed-off-by: Nicolas Dichtel Link: https://lore.kernel.org/r/20220713114853.29406-1-nicolas.dichtel@6wind.com Signed-off-by: Paolo Abeni Signed-off-by: Greg Kroah-Hartman --- net/ipv4/fib_semantics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -1229,7 +1229,7 @@ static int fib_check_nh_nongw(struct net nh->fib_nh_dev = in_dev->dev; dev_hold(nh->fib_nh_dev); - nh->fib_nh_scope = RT_SCOPE_HOST; + nh->fib_nh_scope = RT_SCOPE_LINK; if (!netif_carrier_ok(nh->fib_nh_dev)) nh->fib_nh_flags |= RTNH_F_LINKDOWN; err = 0;