Message ID | 1501172736-13685-1-git-send-email-liuhangbin@gmail.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
On 7/27/17 10:25 AM, Hangbin Liu wrote: > After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib > result when requested"). When we get a prohibit ertry, we will return > -EACCES directly instead of dump route info. > > Fix it by remove the rt->dst.error check. > > Before fix: > \# ip -6 route add prohibit 2003::/64 dev eth1 > \# ip -6 route get fibmatch 2003::1 > RTNETLINK answers: Permission denied > \# ip -6 route add unreachable 2004::/64 dev eth1 > \# ip -6 route get fibmatch 2004::1 > RTNETLINK answers: No route to host > > After fix: > \# ip -6 route add prohibit 2003::/64 dev eth1 > \# ip -6 route get fibmatch 2003::1 > prohibit 2003::/64 dev lo metric 1024 error -13 pref medium > \# ip -6 route add unreachable 2004::/64 dev eth1 > \# ip -6 route get fibmatch 2004::1 > unreachable 2004::/64 dev lo metric 1024 error -113 pref medium > > Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- > net/ipv6/route.c | 6 ------ > 1 file changed, 6 deletions(-) > Acked-by: David Ahern <dsahern@gmail.com>
On Thu, Jul 27, 2017 at 9:25 AM, Hangbin Liu <liuhangbin@gmail.com> wrote: > After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib > result when requested"). When we get a prohibit ertry, we will return > -EACCES directly instead of dump route info. > > Fix it by remove the rt->dst.error check. > > Before fix: > \# ip -6 route add prohibit 2003::/64 dev eth1 > \# ip -6 route get fibmatch 2003::1 > RTNETLINK answers: Permission denied > \# ip -6 route add unreachable 2004::/64 dev eth1 > \# ip -6 route get fibmatch 2004::1 > RTNETLINK answers: No route to host > > After fix: > \# ip -6 route add prohibit 2003::/64 dev eth1 > \# ip -6 route get fibmatch 2003::1 > prohibit 2003::/64 dev lo metric 1024 error -13 pref medium > \# ip -6 route add unreachable 2004::/64 dev eth1 > \# ip -6 route get fibmatch 2004::1 > unreachable 2004::/64 dev lo metric 1024 error -113 pref medium > > Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
On 7/27/17 12:03 PM, David Ahern wrote: > On 7/27/17 10:25 AM, Hangbin Liu wrote: >> After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib >> result when requested"). When we get a prohibit ertry, we will return >> -EACCES directly instead of dump route info. >> >> Fix it by remove the rt->dst.error check. >> >> Before fix: >> \# ip -6 route add prohibit 2003::/64 dev eth1 >> \# ip -6 route get fibmatch 2003::1 >> RTNETLINK answers: Permission denied >> \# ip -6 route add unreachable 2004::/64 dev eth1 >> \# ip -6 route get fibmatch 2004::1 >> RTNETLINK answers: No route to host >> >> After fix: >> \# ip -6 route add prohibit 2003::/64 dev eth1 >> \# ip -6 route get fibmatch 2003::1 >> prohibit 2003::/64 dev lo metric 1024 error -13 pref medium >> \# ip -6 route add unreachable 2004::/64 dev eth1 >> \# ip -6 route get fibmatch 2004::1 >> unreachable 2004::/64 dev lo metric 1024 error -113 pref medium >> >> Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") >> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> >> --- >> net/ipv6/route.c | 6 ------ >> 1 file changed, 6 deletions(-) >> > > Acked-by: David Ahern <dsahern@gmail.com> > Dave: please hold off on applying this patch.
From: Hangbin Liu <liuhangbin@gmail.com> Date: Fri, 28 Jul 2017 00:25:36 +0800 > After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib > result when requested"). When we get a prohibit ertry, we will return > -EACCES directly instead of dump route info. > > Fix it by remove the rt->dst.error check. ... > Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> David A., where are we on this?
On 7/31/17 5:22 PM, David Miller wrote: > From: Hangbin Liu <liuhangbin@gmail.com> > Date: Fri, 28 Jul 2017 00:25:36 +0800 > >> After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib >> result when requested"). When we get a prohibit ertry, we will return >> -EACCES directly instead of dump route info. >> >> Fix it by remove the rt->dst.error check. > ... >> Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") >> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > > David A., where are we on this? > Dizzy from running in circles. Question I posed to you Saturday morning, 8:41 MDT [1]: "... Roopa's fibmatch patches caused a change in user behavior in IPv6 getroute for prohibit, blackhole and unreachable route entries. Opinions on whether we should limit that new behavior to just the fibmatch lookup in which case a patch is needed or take the new behavior and consistency in which case nothing is needed?" Personally, after all the discussion I think the behavior as it is right now is best. [1] https://www.spinics.net/lists/netdev/msg446571.html
From: David Ahern <dsahern@gmail.com> Date: Mon, 31 Jul 2017 17:34:09 -0600 > On 7/31/17 5:22 PM, David Miller wrote: >> From: Hangbin Liu <liuhangbin@gmail.com> >> Date: Fri, 28 Jul 2017 00:25:36 +0800 >> >>> After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib >>> result when requested"). When we get a prohibit ertry, we will return >>> -EACCES directly instead of dump route info. >>> >>> Fix it by remove the rt->dst.error check. >> ... >>> Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") >>> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> >> >> David A., where are we on this? >> > > Dizzy from running in circles. :-) > Question I posed to you Saturday morning, 8:41 MDT [1]: > > "... Roopa's fibmatch patches caused a change in user behavior in IPv6 > getroute for prohibit, blackhole and unreachable route entries. Opinions > on whether we should limit that new behavior to just the fibmatch lookup > in which case a patch is needed or take the new behavior and consistency > in which case nothing is needed?" > > Personally, after all the discussion I think the behavior as it is right > now is best. > > [1] https://www.spinics.net/lists/netdev/msg446571.html I agree with you that we should keep the behavior as is.
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 4d30c96..8fc52de 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -3637,12 +3637,6 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, dst = ip6_route_lookup(net, &fl6, 0); rt = container_of(dst, struct rt6_info, dst); - if (rt->dst.error) { - err = rt->dst.error; - ip6_rt_put(rt); - goto errout; - } - if (rt == net->ipv6.ip6_null_entry) { err = rt->dst.error; ip6_rt_put(rt);
After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib result when requested"). When we get a prohibit ertry, we will return -EACCES directly instead of dump route info. Fix it by remove the rt->dst.error check. Before fix: \# ip -6 route add prohibit 2003::/64 dev eth1 \# ip -6 route get fibmatch 2003::1 RTNETLINK answers: Permission denied \# ip -6 route add unreachable 2004::/64 dev eth1 \# ip -6 route get fibmatch 2004::1 RTNETLINK answers: No route to host After fix: \# ip -6 route add prohibit 2003::/64 dev eth1 \# ip -6 route get fibmatch 2003::1 prohibit 2003::/64 dev lo metric 1024 error -13 pref medium \# ip -6 route add unreachable 2004::/64 dev eth1 \# ip -6 route get fibmatch 2004::1 unreachable 2004::/64 dev lo metric 1024 error -113 pref medium Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> --- net/ipv6/route.c | 6 ------ 1 file changed, 6 deletions(-)