From patchwork Fri Sep 6 09:54:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Dichtel X-Patchwork-Id: 1158918 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=6wind.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46PtFx5GFTz9sNf; Fri, 6 Sep 2019 19:55:01 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i6AxF-0003SX-66; Fri, 06 Sep 2019 09:54:57 +0000 Received: from host.76.145.23.62.rev.coltfrance.com ([62.23.145.76] helo=proxy.6wind.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i6AxD-0003SM-18 for kernel-team@lists.ubuntu.com; Fri, 06 Sep 2019 09:54:55 +0000 Received: from bretzel.dev.6wind.com (unknown [10.16.0.19]) by proxy.6wind.com (Postfix) with ESMTP id 110BF3141A1; Fri, 6 Sep 2019 11:54:54 +0200 (CEST) From: Nicolas Dichtel To: kernel-team@lists.ubuntu.com Subject: [SRU bionic PATCH 1/2] ipv6: constify rt6_nexthop() Date: Fri, 6 Sep 2019 11:54:43 +0200 Message-Id: <20190906095444.21932-1-nicolas.dichtel@6wind.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190826173312.GD1673@whence.com> References: <20190826173312.GD1673@whence.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kamal@canonical.com, jean-mickael.guerin@6wind.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1834465 There is no functional change in this patch, it only prepares the next one. rt6_nexthop() will be used by ip6_dst_lookup_neigh(), which uses const variables. Signed-off-by: Nicolas Dichtel Reported-by: kbuild test robot Acked-by: Nick Desaulniers Signed-off-by: David S. Miller (cherry picked from commit 9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70) Signed-off-by: Nicolas Dichtel Acked-by: Kleber Sacilotto de Souza --- drivers/net/vrf.c | 2 +- include/net/ip6_route.h | 4 ++-- net/bluetooth/6lowpan.c | 4 ++-- net/ipv6/ip6_output.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index ac40924fe437..f24f135dd537 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -351,8 +351,8 @@ static int vrf_finish_output6(struct net *net, struct sock *sk, { struct dst_entry *dst = skb_dst(skb); struct net_device *dev = dst->dev; + const struct in6_addr *nexthop; struct neighbour *neigh; - struct in6_addr *nexthop; int ret; nf_reset(skb); diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index 5c9732fdbecf..ba85be3f4f71 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -242,8 +242,8 @@ static inline bool ip6_sk_ignore_df(const struct sock *sk) inet6_sk(sk)->pmtudisc == IPV6_PMTUDISC_OMIT; } -static inline struct in6_addr *rt6_nexthop(struct rt6_info *rt, - struct in6_addr *daddr) +static inline const struct in6_addr *rt6_nexthop(const struct rt6_info *rt, + const struct in6_addr *daddr) { if (rt->rt6i_flags & RTF_GATEWAY) return &rt->rt6i_gateway; diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index 4e2576fc0c59..a28e3fdb3e5b 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c @@ -167,10 +167,10 @@ static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_btle_dev *dev, struct in6_addr *daddr, struct sk_buff *skb) { - struct lowpan_peer *peer; - struct in6_addr *nexthop; struct rt6_info *rt = (struct rt6_info *)skb_dst(skb); int count = atomic_read(&dev->peer_count); + const struct in6_addr *nexthop; + struct lowpan_peer *peer; BT_DBG("peers %d addr %pI6c rt %p", count, daddr, rt); diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 7ca8264cbdf9..11789f2bab90 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -63,8 +63,8 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * { struct dst_entry *dst = skb_dst(skb); struct net_device *dev = dst->dev; + const struct in6_addr *nexthop; struct neighbour *neigh; - struct in6_addr *nexthop; int ret; if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { From patchwork Fri Sep 6 09:54:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Dichtel X-Patchwork-Id: 1158919 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=6wind.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46PtFz6whLz9sNT; Fri, 6 Sep 2019 19:55:03 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i6AxI-0003U2-FL; Fri, 06 Sep 2019 09:55:00 +0000 Received: from host.76.145.23.62.rev.coltfrance.com ([62.23.145.76] helo=proxy.6wind.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i6AxH-0003Ti-3J for kernel-team@lists.ubuntu.com; Fri, 06 Sep 2019 09:54:59 +0000 Received: from bretzel.dev.6wind.com (unknown [10.16.0.19]) by proxy.6wind.com (Postfix) with ESMTP id 0C4073141A2; Fri, 6 Sep 2019 11:54:59 +0200 (CEST) From: Nicolas Dichtel To: kernel-team@lists.ubuntu.com Subject: [SRU bionic PATCH 2/2] ipv6: fix neighbour resolution with raw socket Date: Fri, 6 Sep 2019 11:54:44 +0200 Message-Id: <20190906095444.21932-2-nicolas.dichtel@6wind.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190906095444.21932-1-nicolas.dichtel@6wind.com> References: <20190826173312.GD1673@whence.com> <20190906095444.21932-1-nicolas.dichtel@6wind.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kamal@canonical.com, jean-mickael.guerin@6wind.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1834465 The scenario is the following: the user uses a raw socket to send an ipv6 packet, destinated to a not-connected network, and specify a connected nh. Here is the corresponding python script to reproduce this scenario: import socket IPPROTO_RAW = 255 send_s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, IPPROTO_RAW) # scapy # p = IPv6(src='fd00:100::1', dst='fd00:200::fa')/ICMPv6EchoRequest() # str(p) req = b'`\x00\x00\x00\x00\x08:@\xfd\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfd\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfa\x80\x00\x81\xc0\x00\x00\x00\x00' send_s.sendto(req, ('fd00:175::2', 0, 0, 0)) fd00:175::/64 is a connected route and fd00:200::fa is not a connected host. With this scenario, the kernel starts by sending a NS to resolve fd00:175::2. When it receives the NA, it flushes its queue and try to send the initial packet. But instead of sending it, it sends another NS to resolve fd00:200::fa, which obvioulsy fails, thus the packet is dropped. If the user sends again the packet, it now uses the right nh (fd00:175::2). The problem is that ip6_dst_lookup_neigh() uses the rt6i_gateway, which is :: because the associated route is a connected route, thus it uses the dst addr of the packet. Let's use rt6_nexthop() to choose the right nh. Signed-off-by: Nicolas Dichtel Signed-off-by: David S. Miller (cherry picked from commit 2c6b55f45d53420d8310d41310e0e2cd41fe073f) The upstream patch was slightly modified because ip6_dst_lookup_neigh() does not exist in v4.15. It has been introduced in v4.18 by the upstream commit f8a1b43b709d ("net/ipv6: Create a neigh_lookup for FIB entries"). In fact, ip6_dst_lookup_neigh() just calls ip6_neigh_lookup(). Signed-off-by: Nicolas Dichtel --- net/ipv6/route.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 28d39567c26a..df5cadc6423d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -201,12 +201,10 @@ static u32 *ipv6_cow_metrics(struct dst_entry *dst, unsigned long old) return dst_cow_metrics_generic(dst, old); } -static inline const void *choose_neigh_daddr(struct rt6_info *rt, +static inline const void *choose_neigh_daddr(const struct in6_addr *p, struct sk_buff *skb, const void *daddr) { - struct in6_addr *p = &rt->rt6i_gateway; - if (!ipv6_addr_any(p)) return (const void *) p; else if (skb) @@ -221,7 +219,7 @@ static struct neighbour *ip6_neigh_lookup(const struct dst_entry *dst, struct rt6_info *rt = (struct rt6_info *) dst; struct neighbour *n; - daddr = choose_neigh_daddr(rt, skb, daddr); + daddr = choose_neigh_daddr(rt6_nexthop(rt, &in6addr_any), skb, daddr); n = __ipv6_neigh_lookup(dst->dev, daddr); if (n) return n; @@ -233,7 +231,7 @@ static void ip6_confirm_neigh(const struct dst_entry *dst, const void *daddr) struct net_device *dev = dst->dev; struct rt6_info *rt = (struct rt6_info *)dst; - daddr = choose_neigh_daddr(rt, NULL, daddr); + daddr = choose_neigh_daddr(&rt->rt6i_gateway, NULL, daddr); if (!daddr) return; if (dev->flags & (IFF_NOARP | IFF_LOOPBACK))