Patchwork TEE broken in 3.6

login
register
mail settings
Submitter Eric Dumazet
Date Oct. 16, 2012, 8 p.m.
Message ID <1350417618.3954.1494.camel@edumazet-glaptop>
Download mbox | patch
Permalink /patch/191881/
State Superseded
Headers show

Comments

Eric Dumazet - Oct. 16, 2012, 8 p.m.
On Tue, 2012-10-16 at 21:13 +0200, Torsten Luettgert wrote:
> Hi,
> 
> today, I found that the TEE target doesn't work any longer in 3.6 and
> following kernels. The problem is that it tries to ARP-lookup the
> original destination address of the forwarded packet, not the address
> of the gateway.
> 
> I git bisected and found that this commit broke it:
> 
> commit f8126f1d5136be1ca1a3536d43ad7a710b5620f8
> Author: David S. Miller <davem@davemloft.net>
> Date:   Fri Jul 13 05:03:45 2012 -0700
> 
>     ipv4: Adjust semantics of rt->rt_gateway.
>     
>     In order to allow prefixed routes, we have to adjust how rt_gateway
>     is set and interpreted.
>     
>     The new interpretation is:
>     
>     1) rt_gateway == 0, destination is on-link, nexthop is iph->daddr
>     
>     2) rt_gateway != 0, destination requires a nexthop gateway
>     
>     Abstract the fetching of the proper nexthop value using a new
>     inline helper, rt_nexthop(), as suggested by Joe Perches.
>     
>     Signed-off-by: David S. Miller <davem@davemloft.net>
>     Tested-by: Vijay Subramanian <subramanian.vijay@gmail.com>
> 
> which seems plausible. I'm not versed enough in netfilter/routing code
> to fix it myself. Could any of you wizards help?

Hmm...

Could you try latest tree, with the following patch ?





--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Torsten Luettgert - Oct. 17, 2012, 7:45 a.m.
On Tue, 16 Oct 2012 22:00:18 +0200
Eric Dumazet <eric.dumazet@gmail.com> wrote:

> Could you try latest tree, with the following patch ?

Yeah, that works.

I'm still a bit sad, though, since I'll have to wait for 3.7 now (no
FLOWI_FLAG_KNOWN_NH in 3.6.*), or is there any solution for those "old"
kernels, too?

Regards,
Torsten
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Dumazet - Oct. 17, 2012, 7:48 a.m.
On Wed, 2012-10-17 at 09:45 +0200, Torsten Luettgert wrote:
> On Tue, 16 Oct 2012 22:00:18 +0200
> Eric Dumazet <eric.dumazet@gmail.com> wrote:
> 
> > Could you try latest tree, with the following patch ?
> 
> Yeah, that works.
> 
> I'm still a bit sad, though, since I'll have to wait for 3.7 now (no
> FLOWI_FLAG_KNOWN_NH in 3.6.*), or is there any solution for those "old"
> kernels, too?
> 
> Regards,
> Torsten

I believe its stable material, it will reach 3.6.3 or 3.6.4 dont worry.

Thanks


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - Oct. 17, 2012, 8:15 a.m.
On Wed, Oct 17, 2012 at 09:48:51AM +0200, Eric Dumazet wrote:
> On Wed, 2012-10-17 at 09:45 +0200, Torsten Luettgert wrote:
> > On Tue, 16 Oct 2012 22:00:18 +0200
> > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > 
> > > Could you try latest tree, with the following patch ?
> > 
> > Yeah, that works.
> > 
> > I'm still a bit sad, though, since I'll have to wait for 3.7 now (no
> > FLOWI_FLAG_KNOWN_NH in 3.6.*), or is there any solution for those "old"
> > kernels, too?
> > 
> > Regards,
> > Torsten
> 
> I believe its stable material, it will reach 3.6.3 or 3.6.4 dont worry.

Sure. I'll pass this to -stable once it hits Linus' tree. It may take
a while though.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index ee2e5bc..bd93e51 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -70,6 +70,7 @@  tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
 	fl4.daddr = info->gw.ip;
 	fl4.flowi4_tos = RT_TOS(iph->tos);
 	fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
+	fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;
 	rt = ip_route_output_key(net, &fl4);
 	if (IS_ERR(rt))
 		return false;