[RFC,3/3] ipv6:fix the outgoing interface selection order in udpv6_sendmsg()

1.When no interface is specified in an IPV6_PKTINFO ancillary data
  item, the interface specified in an IPV6_PKTINFO sticky optionis 
  is used.

RFC3542:
6.7.  Summary of Outgoing Interface Selection

   This document and [RFC-3493] specify various methods that affect the
   selection of the packet's outgoing interface.  This subsection
   summarizes the ordering among those in order to ensure deterministic
   behavior.

   For a given outgoing packet on a given socket, the outgoing interface
   is determined in the following order:

   1. if an interface is specified in an IPV6_PKTINFO ancillary data
      item, the interface is used.

   2. otherwise, if an interface is specified in an IPV6_PKTINFO sticky
      option, the interface is used.

Signed-off-by: Yang Hongyang<yanghy@cn.fujitsu.com>
---
 net/ipv6/udp.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

On Tuesday 09 December 2008 09:12:59 ext Yang Hongyang, you wrote:
> 1.When no interface is specified in an IPV6_PKTINFO ancillary data
>   item, the interface specified in an IPV6_PKTINFO sticky optionis
>   is used.

> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index 8b48512..addd856 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -761,6 +761,9 @@ do_udp_sendmsg:
>  	}
>
>  	if (!fl.oif)
> +		fl.oif = np->sticky_pktinfo.ipi6_ifindex;
> +
> +	if (!fl.oif)
>  		fl.oif = sk->sk_bound_dev_if;
>
>  	if (msg->msg_controllen) {

I believe overriding the outgoing interface is only allowed for link-local 
destinations, _or_ with privileges (as with SO_BINDTODEVICE).

This patch seems to change this, and I am not convinced it's a good idea.

Rémi Denis-Courmont wrote:
> On Tuesday 09 December 2008 09:12:59 ext Yang Hongyang, you wrote:
>> 1.When no interface is specified in an IPV6_PKTINFO ancillary data
>>   item, the interface specified in an IPV6_PKTINFO sticky optionis
>>   is used.
> 
>> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
>> index 8b48512..addd856 100644
>> --- a/net/ipv6/udp.c
>> +++ b/net/ipv6/udp.c
>> @@ -761,6 +761,9 @@ do_udp_sendmsg:
>>  	}
>>
>>  	if (!fl.oif)
>> +		fl.oif = np->sticky_pktinfo.ipi6_ifindex;
>> +
>> +	if (!fl.oif)
>>  		fl.oif = sk->sk_bound_dev_if;
>>
>>  	if (msg->msg_controllen) {
> 
> I believe overriding the outgoing interface is only allowed for link-local 
> destinations, _or_ with privileges (as with SO_BINDTODEVICE).
> 
> This patch seems to change this, and I am not convinced it's a good idea.
> 

It does not overriding the outgoing interface.
when no interface is specified in an IPV6_PKTINFO ancillary data item(as with
 SO_BINDTODEVICE), the interface specified in an IPV6_PKTINFO sticky 
optionins  is used.

If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo
the outgoing interface is exactly what SO_BINDTODEVICE set,because in my
first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE
is checked:

+		if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
+			goto e_inval;


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From: Yang Hongyang <yanghy@cn.fujitsu.com>
Date: Wed, 10 Dec 2008 08:42:20 +0800

> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo
> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my
> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE
> is checked:
> 
> +		if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
> +			goto e_inval;
> 

You may be checking this, but these two values can become out of sync
if the application next makes a SO_BINDTODEVICE setsockopt() call to
change the index setting.

Nothing makes sure the sticky ipv6 socket information is updated
if that happens.  And the most obvious ways to handle that are
very ugly, doing some kind of call into ipv6 from the generic
socket SO_BINDTODEVICE setsockopt() handler.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Miller wrote:
> From: Yang Hongyang <yanghy@cn.fujitsu.com>
> Date: Wed, 10 Dec 2008 08:42:20 +0800
> 
>> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo
>> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my
>> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE
>> is checked:
>>
>> +		if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
>> +			goto e_inval;
>>
> 
> You may be checking this, but these two values can become out of sync
> if the application next makes a SO_BINDTODEVICE setsockopt() call to
> change the index setting.
> 
> Nothing makes sure the sticky ipv6 socket information is updated
> if that happens.  And the most obvious ways to handle that are
> very ugly, doing some kind of call into ipv6 from the generic
> socket SO_BINDTODEVICE setsockopt() handler.
> 
> 

Hum..can we just ignore the sync of the sticky option and the SO_BINDTODEVICE,
when send a message,first check sk_bound_dev_if,If it is specified,use it,otherwise
use sticky option?This was what i ment. and in my patch ,the outgoing interface 
specified by sticky options will be overrided by the interface specified by 
SO_BINDTODEVICE.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Yang Hongyang wrote:
> David Miller wrote:
>> From: Yang Hongyang <yanghy@cn.fujitsu.com>
>> Date: Wed, 10 Dec 2008 08:42:20 +0800
>>
>>> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo
>>> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my
>>> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE
>>> is checked:
>>>
>>> +		if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
>>> +			goto e_inval;
>>>
>> You may be checking this, but these two values can become out of sync
>> if the application next makes a SO_BINDTODEVICE setsockopt() call to
>> change the index setting.
>>
>> Nothing makes sure the sticky ipv6 socket information is updated
>> if that happens.  And the most obvious ways to handle that are
>> very ugly, doing some kind of call into ipv6 from the generic
>> socket SO_BINDTODEVICE setsockopt() handler.
>>
>>
> 
> Hum..can we just ignore the sync of the sticky option and the SO_BINDTODEVICE,
> when send a message,first check sk_bound_dev_if,If it is specified,use it,otherwise
> use sticky option?This was what i ment. and in my patch ,the outgoing interface 
> specified by sticky options will be overrided by the interface specified by 
> SO_BINDTODEVICE.

If this is the solution, i'll post a updated patch.

> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From: Yang Hongyang <yanghy@cn.fujitsu.com>
Date: Wed, 10 Dec 2008 14:38:25 +0800

> Yang Hongyang wrote:
> > David Miller wrote:
> >> From: Yang Hongyang <yanghy@cn.fujitsu.com>
> >> Date: Wed, 10 Dec 2008 08:42:20 +0800
> >>
> >>> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo
> >>> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my
> >>> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE
> >>> is checked:
> >>>
> >>> +		if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if)
> >>> +			goto e_inval;
> >>>
> >> You may be checking this, but these two values can become out of sync
> >> if the application next makes a SO_BINDTODEVICE setsockopt() call to
> >> change the index setting.
> >>
> >> Nothing makes sure the sticky ipv6 socket information is updated
> >> if that happens.  And the most obvious ways to handle that are
> >> very ugly, doing some kind of call into ipv6 from the generic
> >> socket SO_BINDTODEVICE setsockopt() handler.
> >>
> >>
> > 
> > Hum..can we just ignore the sync of the sticky option and the SO_BINDTODEVICE,
> > when send a message,first check sk_bound_dev_if,If it is specified,use it,otherwise
> > use sticky option?This was what i ment. and in my patch ,the outgoing interface 
> > specified by sticky options will be overrided by the interface specified by 
> > SO_BINDTODEVICE.
> 
> If this is the solution, i'll post a updated patch.

Please do, this sounds like the correct approach.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html