From patchwork Sat Nov 2 00:12:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matteo Croce X-Patchwork-Id: 1188277 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.b="fJ4QgPWY"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 474fdW1Djdz9sP3 for ; Sat, 2 Nov 2019 11:12:31 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728080AbfKBAM3 (ORCPT ); Fri, 1 Nov 2019 20:12:29 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:44596 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727966AbfKBAM3 (ORCPT ); Fri, 1 Nov 2019 20:12:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572653548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=24Z5Dmk2W6pqkfE5O4Ag7+iuU/YlK1vTn8paqS2R4cA=; b=fJ4QgPWYsLmkBJLqCxu+I7rXRHvVGyIOJ7EihpXPKOFWAZpUpb3IzY416x+buvremjHLbI WTyjS3o4S7ZiYdkWL/9mndZmZWl26nO1/6FQv12tOMg5lZT44O3P6ZUTeqHNNWyBGdv1/0 IYo4kICdt87tzBlh+qQOk7DqMfX49+c= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-81-O5ZseZpOP1-HzwlPXbGNnw-1; Fri, 01 Nov 2019 20:12:26 -0400 Received: by mail-wr1-f70.google.com with SMTP id m17so6455035wrb.20 for ; Fri, 01 Nov 2019 17:12:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=imZgvp23lfZ+nv681BvgXkR6J3pvu0v66299B/OZGnI=; b=AIZYNz7SAOb6uQcvr8A6+moRbJ4yFIpPJT3iFHlqQEEO4jTJJJ3pM2kV0avlUGD1gI yHoRADGIiF0mC5FmnpZ4QWMOSEUM0aY5tUfZx8QRbMJMqY8u0JYfWRhwFyvtXpuHvXsl D+cMweTUPFOdFoh7ag1SCN42/5Tv22gx7qap9veCh1uwFN3nxtVlGlYfAEPSDbyGgxJU KadyNtkgid4Rp8v1PNGi7kdcEGLrRqTG0GXQS0i+zwDkAID5OoPq6AjbCbQ2quUR/O+f IrVmwZPpCAG2huJh4U7bAbPCPa6txN/TRE8k8hLRSGSXS98UiWDU3yLm59p9KTsP0Wz8 UKFw== X-Gm-Message-State: APjAAAWqIssQ+YsPtfpqD9Ls30PRdfO3Pk9TV8cdvDBP1jyArH+qekgQ sm5w2Cukrps5aCzBzD6cOSp4rkqLI0Ob4YNWKj3bVtqvMr05qnJhmvAVKUKvR/GOXUjmlBJqG0w 7CslJagI5oghMEIoo X-Received: by 2002:a05:6000:350:: with SMTP id e16mr13725130wre.276.1572653544509; Fri, 01 Nov 2019 17:12:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqzrrgm+aZgrekUoxbZhWGa28h831L3PmKrlzPbLge7raoNp6P+19vb+UswK4a+j1f1IkqU1Bg== X-Received: by 2002:a05:6000:350:: with SMTP id e16mr13725109wre.276.1572653544302; Fri, 01 Nov 2019 17:12:24 -0700 (PDT) Received: from raver.teknoraver.net (net-109-115-41-234.cust.vodafonedsl.it. [109.115.41.234]) by smtp.gmail.com with ESMTPSA id z189sm13915168wmc.25.2019.11.01.17.12.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Nov 2019 17:12:23 -0700 (PDT) From: Matteo Croce To: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI , linux-kernel@vger.kernel.org Subject: [PATCH net-next 1/2] icmp: add helpers to recognize ICMP error packets Date: Sat, 2 Nov 2019 01:12:03 +0100 Message-Id: <20191102001204.83883-2-mcroce@redhat.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191102001204.83883-1-mcroce@redhat.com> References: <20191102001204.83883-1-mcroce@redhat.com> MIME-Version: 1.0 X-MC-Unique: O5ZseZpOP1-HzwlPXbGNnw-1 X-Mimecast-Spam-Score: 0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add two helper functions, one for IPv4 and one for IPv6, to recognize the ICMP packets which are error responses. This packets are special because they have as payload the original header of the packet which generated it (RFC 792 says at least 8 bytes, but Linux actually includes much more than that). Signed-off-by: Matteo Croce --- include/linux/icmp.h | 15 +++++++++++++++ include/linux/icmpv6.h | 14 ++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/include/linux/icmp.h b/include/linux/icmp.h index 2d8aaf7d4b9e..81ca84ce3119 100644 --- a/include/linux/icmp.h +++ b/include/linux/icmp.h @@ -20,4 +20,19 @@ static inline struct icmphdr *icmp_hdr(const struct sk_buff *skb) { return (struct icmphdr *)skb_transport_header(skb); } + +static inline bool icmp_is_err(int type) +{ + switch (type) { + case ICMP_DEST_UNREACH: + case ICMP_SOURCE_QUENCH: + case ICMP_REDIRECT: + case ICMP_TIME_EXCEEDED: + case ICMP_PARAMETERPROB: + return true; + } + + return false; +} + #endif /* _LINUX_ICMP_H */ diff --git a/include/linux/icmpv6.h b/include/linux/icmpv6.h index a8f888976137..ef1cbb5f454f 100644 --- a/include/linux/icmpv6.h +++ b/include/linux/icmpv6.h @@ -46,4 +46,18 @@ extern void icmpv6_flow_init(struct sock *sk, const struct in6_addr *saddr, const struct in6_addr *daddr, int oif); + +static inline bool icmpv6_is_err(int type) +{ + switch (type) { + case ICMPV6_DEST_UNREACH: + case ICMPV6_PKT_TOOBIG: + case ICMPV6_TIME_EXCEED: + case ICMPV6_PARAMPROB: + return true; + } + + return false; +} + #endif From patchwork Sat Nov 2 00:12:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matteo Croce X-Patchwork-Id: 1188279 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.b="HZdaFd0W"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 474fdr28tXz9sP3 for ; Sat, 2 Nov 2019 11:12:48 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728171AbfKBAMq (ORCPT ); Fri, 1 Nov 2019 20:12:46 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:43242 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727025AbfKBAMp (ORCPT ); Fri, 1 Nov 2019 20:12:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572653563; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xS0gGjv6iMlxX4rkF9w/Sr3jIbDT7i0xNvkGl3SCIG4=; b=HZdaFd0WDuDxi4qjdplTe2Ms7MDLCJwR/cvIxAJLHvp68sWPE5gdgC/tA8Gs5m9jaZRqtM w8PtTdu4EEh87AF1lOheh3h2CvoNb5BIr5sGfmXRuTGi9BB2QVRJPj6E3w4boYmS7eejBb s0/KbuHDqAAycN2y6frvRt61CMk5wzE= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-258-Kx9ax-G5OriqGdQ4FKxR5g-1; Fri, 01 Nov 2019 20:12:38 -0400 Received: by mail-wm1-f69.google.com with SMTP id g17so4862644wmc.4 for ; Fri, 01 Nov 2019 17:12:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TPhKHvT3az+LN4tzL4Ab13kYC7t6UbHWZLXwUYXDHsw=; b=m0BGkPwv4AyAGRWxy/VRm8jURzoDBU8Imq/Im21/91Q8V54gF5h/7UJmkUShqitcs5 2jVhElVt0BIfZrFuCW8ErVz6lrj4wS/TLO2UfVhyZ3WmDIS3ixiDtPjcWr4t4r2upFgz RlUoMOeINTyrup/x0A4ogPirdEdbWXCAx8tKBAq+XUimBoOkzan2JAlDj46Hnj9CZuq7 adQFEnYWQ6C5GGOQNdeWB1sUWFSshDJWplXIS+HQgw9/aVMzVZa+pUoD7DT+/Jlis6IB hCfQ0UGgAr68T5UovsHyDwQdXbf0LgHo0svXSkVDAmfLrcKwJJoKJ9J9XS3G8Gi7Y/w9 Famw== X-Gm-Message-State: APjAAAV1Lq4ZEDEq1nrxpBFNgy2dGbrACEKTlNm/rdzhgdLLDq1IH+Es zgZ7UejiFNFxbnI9XgRxB3rf8L+Tp/upeE1t3G63w8T1w/HdgwI8M6lGG4f6XK4FPaZzfZtX4mN I+QvAll7mbPTzsVlJ X-Received: by 2002:a1c:650b:: with SMTP id z11mr12398837wmb.149.1572653556959; Fri, 01 Nov 2019 17:12:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqzGzwlL1BmpHGqMa5YujOM+Ri+mxFUH/onLw/RykU/GB1adIBjHhPV9XtS1itc2Amri94aT9g== X-Received: by 2002:a1c:650b:: with SMTP id z11mr12398815wmb.149.1572653556671; Fri, 01 Nov 2019 17:12:36 -0700 (PDT) Received: from raver.teknoraver.net (net-109-115-41-234.cust.vodafonedsl.it. [109.115.41.234]) by smtp.gmail.com with ESMTPSA id c14sm8323774wru.24.2019.11.01.17.12.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Nov 2019 17:12:36 -0700 (PDT) From: Matteo Croce To: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI , linux-kernel@vger.kernel.org Subject: [PATCH net-next 2/2] icmp: remove duplicate code Date: Sat, 2 Nov 2019 01:12:04 +0100 Message-Id: <20191102001204.83883-3-mcroce@redhat.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191102001204.83883-1-mcroce@redhat.com> References: <20191102001204.83883-1-mcroce@redhat.com> MIME-Version: 1.0 X-MC-Unique: Kx9ax-G5OriqGdQ4FKxR5g-1 X-Mimecast-Spam-Score: 0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The same code which recognizes ICMP error packets is duplicated several times. Use the icmp_is_err() and icmpv6_is_err() helpers instead, which do the same thing. ip_multipath_l3_keys() and tcf_nat_act() didn't check for all the error types, assume that they should instead. Signed-off-by: Matteo Croce --- net/ipv4/netfilter/nf_socket_ipv4.c | 10 +--------- net/ipv4/route.c | 5 +---- net/ipv6/route.c | 5 +---- net/netfilter/nf_conntrack_proto_icmp.c | 6 +----- net/netfilter/xt_HMARK.c | 6 +----- net/sched/act_nat.c | 4 +--- 6 files changed, 6 insertions(+), 30 deletions(-) diff --git a/net/ipv4/netfilter/nf_socket_ipv4.c b/net/ipv4/netfilter/nf_socket_ipv4.c index 36a28d46149c..c94445b44d8c 100644 --- a/net/ipv4/netfilter/nf_socket_ipv4.c +++ b/net/ipv4/netfilter/nf_socket_ipv4.c @@ -31,16 +31,8 @@ extract_icmp4_fields(const struct sk_buff *skb, u8 *protocol, if (icmph == NULL) return 1; - switch (icmph->type) { - case ICMP_DEST_UNREACH: - case ICMP_SOURCE_QUENCH: - case ICMP_REDIRECT: - case ICMP_TIME_EXCEEDED: - case ICMP_PARAMETERPROB: - break; - default: + if (!icmp_is_err(icmph->type)) return 1; - } inside_iph = skb_header_pointer(skb, outside_hdrlen + sizeof(struct icmphdr), diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 621f83434b24..dcc4fa10138d 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1894,10 +1894,7 @@ static void ip_multipath_l3_keys(const struct sk_buff *skb, if (!icmph) goto out; - if (icmph->type != ICMP_DEST_UNREACH && - icmph->type != ICMP_REDIRECT && - icmph->type != ICMP_TIME_EXCEEDED && - icmph->type != ICMP_PARAMETERPROB) + if (!icmp_is_err(icmph->type)) goto out; inner_iph = skb_header_pointer(skb, diff --git a/net/ipv6/route.c b/net/ipv6/route.c index a63ff85fe141..3f3085ab2832 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2291,10 +2291,7 @@ static void ip6_multipath_l3_keys(const struct sk_buff *skb, if (!icmph) goto out; - if (icmph->icmp6_type != ICMPV6_DEST_UNREACH && - icmph->icmp6_type != ICMPV6_PKT_TOOBIG && - icmph->icmp6_type != ICMPV6_TIME_EXCEED && - icmph->icmp6_type != ICMPV6_PARAMPROB) + if (!icmpv6_is_err(icmph->icmp6_type)) goto out; inner_iph = skb_header_pointer(skb, diff --git a/net/netfilter/nf_conntrack_proto_icmp.c b/net/netfilter/nf_conntrack_proto_icmp.c index 097deba7441a..c2e3dff773bc 100644 --- a/net/netfilter/nf_conntrack_proto_icmp.c +++ b/net/netfilter/nf_conntrack_proto_icmp.c @@ -235,11 +235,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, } /* Need to track icmp error message? */ - if (icmph->type != ICMP_DEST_UNREACH && - icmph->type != ICMP_SOURCE_QUENCH && - icmph->type != ICMP_TIME_EXCEEDED && - icmph->type != ICMP_PARAMETERPROB && - icmph->type != ICMP_REDIRECT) + if (!icmp_is_err(icmph->type)) return NF_ACCEPT; memset(&outer_daddr, 0, sizeof(outer_daddr)); diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c index be7798a50546..713fb38541df 100644 --- a/net/netfilter/xt_HMARK.c +++ b/net/netfilter/xt_HMARK.c @@ -239,11 +239,7 @@ static int get_inner_hdr(const struct sk_buff *skb, int iphsz, int *nhoff) return 0; /* Error message? */ - if (icmph->type != ICMP_DEST_UNREACH && - icmph->type != ICMP_SOURCE_QUENCH && - icmph->type != ICMP_TIME_EXCEEDED && - icmph->type != ICMP_PARAMETERPROB && - icmph->type != ICMP_REDIRECT) + if (!icmp_is_err(icmph->type)) return 0; *nhoff += iphsz + sizeof(_ih); diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c index 88a1b79a1848..855a6fa16a62 100644 --- a/net/sched/act_nat.c +++ b/net/sched/act_nat.c @@ -206,9 +206,7 @@ static int tcf_nat_act(struct sk_buff *skb, const struct tc_action *a, icmph = (void *)(skb_network_header(skb) + ihl); - if ((icmph->type != ICMP_DEST_UNREACH) && - (icmph->type != ICMP_TIME_EXCEEDED) && - (icmph->type != ICMP_PARAMETERPROB)) + if (!icmp_is_err(icmph->type)) break; if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph) +