Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3742807rwb; Tue, 16 Aug 2022 08:06:38 -0700 (PDT) X-Google-Smtp-Source: AA6agR5Z3Rp0IXomMr7kJdqEsdd7fO1S/Q63tU/0zHPWEPKf2ofoL9+ThBF6GCsjr2jzQiMurX6h X-Received: by 2002:a05:6402:3492:b0:43e:9666:ece2 with SMTP id v18-20020a056402349200b0043e9666ece2mr19484119edc.65.1660662398068; Tue, 16 Aug 2022 08:06:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660662398; cv=none; d=google.com; s=arc-20160816; b=X8/ePlkfBGDMymkWPw8PwPlyxCKQLcNdNsUCSGj08pYDijGEBobR041bOF7P2FEh4l Nv/XY3gLHfWeyQoeHrw21s73u2hATl/hdRjPKNjy6I3G0G4Q7FsBNTWytm8SXgsKiDDP iu3lfbFBs64UtsBTLomaN09sQO5a6E51ZSv2ifAkn7aFBfY49o88MB5SdT5iDlj09/DI ArFF2dodl/PpdJcBXhL9Kv40VzNkoDJyiOTLlxhaVjcq6uNiUOy2/e99TGIkx5iKjq7u 7Wwb1TPS6BH/UvYK79if0TUqMQo+dyJqWzHe7DnLt7fVq60GSdmCF7M7etVGGjkTSnJD auWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=h3EmMfFSSsyNkzew1dfFY9Ofcl9m+lhYwUeJAHWJUP0=; b=SR1YkrEcB6ayC9wuSLkjV/a/GIQaTfcIo8NEMFel3rIbxC1gVbVEO8uSZ1WdAQTnM0 5ZJ7M8UqEk1aL87vrGj21jok+Qu4l74bzIPPp//Xv4Ctk4jg4HR5YP9tkG3/TqwY21Ad OAtwzIwo77P55lQiw8lXLBGBUaqiRx6T7QCs39vMq+x/xo1tLELNU6OwxDhBrG+074oQ Z0ijvGcLEWrmjmtU0zX97zV9W1MOoO0+Hi7Xu8ZVzFV2FJjsk1YCasWfHwqSpNshCEts Oe9mDQHnGlXFazEPSs6CaemtmuABF9FnvxLFJdyYR2KLCRqImjoJRy2pSmeI52N/FGL4 1E9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@isovalent-com.20210112.gappssmtp.com header.s=20210112 header.b=UDT7qAYD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=isovalent.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y4-20020a056402358400b0043d3a571d3fsi11687340edc.445.2022.08.16.08.06.10; Tue, 16 Aug 2022 08:06:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@isovalent-com.20210112.gappssmtp.com header.s=20210112 header.b=UDT7qAYD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=isovalent.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233961AbiHPOgD (ORCPT + 99 others); Tue, 16 Aug 2022 10:36:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234310AbiHPOgB (ORCPT ); Tue, 16 Aug 2022 10:36:01 -0400 Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0EB2AFAC9 for ; Tue, 16 Aug 2022 07:35:59 -0700 (PDT) Received: by mail-lf1-x132.google.com with SMTP id u1so15198437lfq.4 for ; Tue, 16 Aug 2022 07:35:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isovalent-com.20210112.gappssmtp.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc; bh=h3EmMfFSSsyNkzew1dfFY9Ofcl9m+lhYwUeJAHWJUP0=; b=UDT7qAYDtWoHIdbzdwuiR4MqI4jCJNa9i/Rm6NJ3OEGLsbHmTfI3yeI3yCPOsRZ+vI UvqeCv9dKy+TvX+q+3xheeWjFk712BkbH6OigFuJT89EzYgZSfqyYY3+vgdNmrrmz8ev IsyRPJz8vMe+16vlHrNQqo19fMiSMmkmGTYf6WstAAQMgnkdrUcIJ51lcZ0+gpAknNbu BvhZl0E4QAgWQ7ZIUZJ1Gvmsc+ZzmZfaH4CqeiigCub7KYxXMtjNJgreTDInt6PgFBY5 qstvevcgxujPhMV+n1JQW6AwNRhisKa1mZ/ujUqPHWwty4j6XESMer6sTzOPrtYz+4Kq c5WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc; bh=h3EmMfFSSsyNkzew1dfFY9Ofcl9m+lhYwUeJAHWJUP0=; b=62HphwZjaERvpwbPVQ4FCT4SU4JHHD13k+4r8y8DQTDxBWZ7ZUWI2/RIzfZxZUvZHv WOQ00Mzvr4dBTnsWbpj39o4vBbR4P92eQ5bzS8wsYCCiD722W8A6Z1Yn13ZWU5fl9zk6 YN3kAmoVphE6IFQ0uHvgSN0+uT43CTX8TBUklQPKW213wbn7uW5UIbojmUtoHJPbDF1l tSnpLwfq44025epM4qlwy2mJD8ngsufhiI0mKwtqMXjaChnXuMaZWI3ZML7Xu4jwQfKv QKMImHwaSkZ5PvnAyRwMvziMQvcdurYEtKwIFBq3QRs2WbMTRbqb9a1JSrA2Nh5SvnFg l6ng== X-Gm-Message-State: ACgBeo361pWLu9Aem4Zi5ucRSe1Jl+aAGi8HQXd0vFQ7VbbtE9q/aRQ3 K+AhCimsuZSrHQB4829Ba5Ak X-Received: by 2002:ac2:4562:0:b0:48b:2a91:e59 with SMTP id k2-20020ac24562000000b0048b2a910e59mr7063354lfm.91.1660660558178; Tue, 16 Aug 2022 07:35:58 -0700 (PDT) Received: from Mem (2a01cb0890e296006905f2f810da8415.ipv6.abo.wanadoo.fr. [2a01:cb08:90e2:9600:6905:f2f8:10da:8415]) by smtp.gmail.com with ESMTPSA id q16-20020a2eb4b0000000b0025d75995a07sm1824061ljm.24.2022.08.16.07.35.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Aug 2022 07:35:57 -0700 (PDT) Date: Tue, 16 Aug 2022 16:35:54 +0200 From: Paul Chaignon To: Greg Kroah-Hartman , linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org, Daniel Borkmann , Nikolay Aleksandrov , Martin KaFai Lau , Sasha Levin Subject: Re: [PATCH 5.19 0537/1157] bpf: Set flow flag to allow any source IP in bpf_tunnel_key Message-ID: <20220816143554.GA67569@Mem> References: <20220815180439.416659447@linuxfoundation.org> <20220815180501.149595269@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220815180501.149595269@linuxfoundation.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 15, 2022 at 07:58:13PM +0200, Greg Kroah-Hartman wrote: > From: Paul Chaignon > > [ Upstream commit b8fff748521c7178b9a7d32b5a34a81cec8396f3 ] > > Commit 26101f5ab6bd ("bpf: Add source ip in "struct bpf_tunnel_key"") > added support for getting and setting the outer source IP of encapsulated > packets via the bpf_skb_{get,set}_tunnel_key BPF helper. This change > allows BPF programs to set any IP address as the source, including for > example the IP address of a container running on the same host. > > In that last case, however, the encapsulated packets are dropped when > looking up the route because the source IP address isn't assigned to any > interface on the host. To avoid this, we need to set the > FLOWI_FLAG_ANYSRC flag. This fix will also require upstream commits 861396ac0b47 ("geneve: Use ip_tunnel_key flow flags in route lookups") and 7e2fb8bc7ef6 ("vxlan: Use ip_tunnel_key flow flags in route lookups") to have the intended effect. In short, these two commits "consume" the new field introduced in 451ef36bd229 ("ip_tunnels: Add new flow flags field to ip_tunnel_key") and populated in the present commit. > > Fixes: 26101f5ab6bd ("bpf: Add source ip in "struct bpf_tunnel_key"") > Signed-off-by: Paul Chaignon > Signed-off-by: Daniel Borkmann > Reviewed-by: Nikolay Aleksandrov > Acked-by: Martin KaFai Lau > Link: https://lore.kernel.org/bpf/76873d384e21288abe5767551a0799ac93ec07fb.1658759380.git.paul@isovalent.com > Signed-off-by: Sasha Levin > --- > net/core/filter.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/core/filter.c b/net/core/filter.c > index 7950f7520765..5978984b752f 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -4653,6 +4653,7 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb, > } else { > info->key.u.ipv4.dst = cpu_to_be32(from->remote_ipv4); > info->key.u.ipv4.src = cpu_to_be32(from->local_ipv4); > + info->key.flow_flags = FLOWI_FLAG_ANYSRC; > } > > return 0; > -- > 2.35.1 > > >