From patchwork Tue Feb 11 19:47:05 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 1236444
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=zx2c4.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha1
	header.s=mail header.b=vR+mNDlp; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 48HCwf4Rphz9s3x
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 12 Feb 2020 06:47:30 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731092AbgBKTr3 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 11 Feb 2020 14:47:29 -0500
Received: from frisell.zx2c4.com ([192.95.5.64]:52685 "EHLO
	frisell.zx2c4.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1728448AbgBKTr2 (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 11 Feb 2020 14:47:28 -0500
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5d47fe09;
	Tue, 11 Feb 2020 19:45:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding; s=mail; bh=hRaB6i1t8LKCzPm0iPB3G6/bk
	EU=; b=vR+mNDlpNSwSZrFMMjn4Fy86AmWFV08nNTIzECrulmO1iYgFYQzVWypFD
	+hNSpP3q38u46XY4dnu7D+7zG4/bpg1vPjFrriyHpL/ELdMMUCmqGCO6mApkuMsO
	aD3fvLCc9mdWzXCUEXY1Nwk3K/NqY7HpIbMe7u2FTgUmkn3Ra0CbbO6Eg8fp9575
	s9OK1hEPFpySPf1mIo7RjJe57pNEu+u29QNJC0vsU3/goCs2TVjG1XCTlaD13V+X
	GlI3maEtYQC2ZzYhznFdi1z/gRZ5OYdvEKUZ25EJtZoaD3TYV8fpPnT1vf/Dmyzj
	WpgcCslduE7/SwW6SYPlsUeXcsfoQ==
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id edc6fcd0
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO);
	Tue, 11 Feb 2020 19:45:41 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: netdev@vger.kernel.org, davem@davemloft.net
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>, Florian Westphal <fw@strlen.de>
Subject: [PATCH v4 net 1/5] icmp: introduce helper for nat'd source address
	in network device context
Date: Tue, 11 Feb 2020 20:47:05 +0100
Message-Id: <20200211194709.723383-2-Jason@zx2c4.com>
In-Reply-To: <20200211194709.723383-1-Jason@zx2c4.com>
References: <20200211194709.723383-1-Jason@zx2c4.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This introduces a helper function to be called only by network drivers
that wraps calls to icmp[v6]_send in a conntrack transformation, in case
NAT has been used. We don't want to pollute the non-driver path, though,
so we introduce this as a helper to be called by places that actually
make use of this, as suggested by Florian.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Florian Westphal <fw@strlen.de>
---
 include/linux/icmpv6.h |  6 ++++++
 include/net/icmp.h     |  6 ++++++
 net/ipv4/icmp.c        | 33 +++++++++++++++++++++++++++++++++
 net/ipv6/ip6_icmp.c    | 34 ++++++++++++++++++++++++++++++++++
 4 files changed, 79 insertions(+)

diff --git a/include/linux/icmpv6.h b/include/linux/icmpv6.h
index ef1cbb5f454f..93338fd54af8 100644
--- a/include/linux/icmpv6.h
+++ b/include/linux/icmpv6.h
@@ -31,6 +31,12 @@ static inline void icmpv6_send(struct sk_buff *skb,
 }
 #endif
 
+#if IS_ENABLED(CONFIG_NF_NAT)
+void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info);
+#else
+#define icmpv6_ndo_send icmpv6_send
+#endif
+
 extern int				icmpv6_init(void);
 extern int				icmpv6_err_convert(u8 type, u8 code,
 							   int *err);
diff --git a/include/net/icmp.h b/include/net/icmp.h
index 5d4bfdba9adf..9ac2d2672a93 100644
--- a/include/net/icmp.h
+++ b/include/net/icmp.h
@@ -43,6 +43,12 @@ static inline void icmp_send(struct sk_buff *skb_in, int type, int code, __be32
 	__icmp_send(skb_in, type, code, info, &IPCB(skb_in)->opt);
 }
 
+#if IS_ENABLED(CONFIG_NF_NAT)
+void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info);
+#else
+#define icmp_ndo_send icmp_send
+#endif
+
 int icmp_rcv(struct sk_buff *skb);
 int icmp_err(struct sk_buff *skb, u32 info);
 int icmp_init(void);
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 18068ed42f25..f369e7ce685b 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -748,6 +748,39 @@ out:;
 }
 EXPORT_SYMBOL(__icmp_send);
 
+#if IS_ENABLED(CONFIG_NF_NAT)
+#include <net/netfilter/nf_conntrack.h>
+void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
+{
+	struct sk_buff *cloned_skb = NULL;
+	enum ip_conntrack_info ctinfo;
+	struct nf_conn *ct;
+	__be32 orig_ip;
+
+	ct = nf_ct_get(skb_in, &ctinfo);
+	if (!ct || !(ct->status & IPS_SRC_NAT)) {
+		icmp_send(skb_in, type, code, info);
+		return;
+	}
+
+	if (skb_shared(skb_in))
+		skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC);
+
+	if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head ||
+	    (skb_network_header(skb_in) + sizeof(struct iphdr)) >
+	    skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in,
+	    skb_network_offset(skb_in) + sizeof(struct iphdr))))
+		goto out;
+
+	orig_ip = ip_hdr(skb_in)->saddr;
+	ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip;
+	icmp_send(skb_in, type, code, info);
+	ip_hdr(skb_in)->saddr = orig_ip;
+out:
+	consume_skb(cloned_skb);
+}
+EXPORT_SYMBOL(icmp_ndo_send);
+#endif
 
 static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
 {
diff --git a/net/ipv6/ip6_icmp.c b/net/ipv6/ip6_icmp.c
index 02045494c24c..e0086758b6ee 100644
--- a/net/ipv6/ip6_icmp.c
+++ b/net/ipv6/ip6_icmp.c
@@ -45,4 +45,38 @@ void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
 	rcu_read_unlock();
 }
 EXPORT_SYMBOL(icmpv6_send);
+
+#if IS_ENABLED(CONFIG_NF_NAT)
+#include <net/netfilter/nf_conntrack.h>
+void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info)
+{
+	struct sk_buff *cloned_skb = NULL;
+	enum ip_conntrack_info ctinfo;
+	struct in6_addr orig_ip;
+	struct nf_conn *ct;
+
+	ct = nf_ct_get(skb_in, &ctinfo);
+	if (!ct || !(ct->status & IPS_SRC_NAT)) {
+		icmpv6_send(skb_in, type, code, info);
+		return;
+	}
+
+	if (skb_shared(skb_in))
+		skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC);
+
+	if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head ||
+	    (skb_network_header(skb_in) + sizeof(struct ipv6hdr)) >
+	    skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in,
+	    skb_network_offset(skb_in) + sizeof(struct ipv6hdr))))
+		goto out;
+
+	orig_ip = ipv6_hdr(skb_in)->saddr;
+	ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6;
+	icmpv6_send(skb_in, type, code, info);
+	ipv6_hdr(skb_in)->saddr = orig_ip;
+out:
+	consume_skb(cloned_skb);
+}
+EXPORT_SYMBOL(icmpv6_ndo_send);
+#endif
 #endif

From patchwork Tue Feb 11 19:47:06 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 1236445
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=zx2c4.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha1
	header.s=mail header.b=P2ychzB1; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 48HCwh4MLWz9s3x
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 12 Feb 2020 06:47:32 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731100AbgBKTrb (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 11 Feb 2020 14:47:31 -0500
Received: from frisell.zx2c4.com ([192.95.5.64]:52685 "EHLO
	frisell.zx2c4.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1729525AbgBKTr3 (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 11 Feb 2020 14:47:29 -0500
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6b9363c0;
	Tue, 11 Feb 2020 19:45:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding; s=mail; bh=JzV6toZzstw9vzB/ziu+YJh5G
	mY=; b=P2ychzB1fiPpHbKLH5pu3loY8Fdgy1/VeuQN9mRxc4/Y2chhz3n8aXP0N
	3XH29lQRMIpwnaDTQFP1rfZMIQSWVbwjeHirTpGeKym62d0VHo90RR3kjUB9QPDX
	m1w7BVuZBihtJevm6XKMSFaW5LBUV3jaQbPrv6bGzZ3nbcsM9YSlYDIsMf4RQ7Mt
	4YDkQOz9juORcDjTsXRJq+3NW2lE5pWe7N1lOjC6m1q82OuKA40/BjOzY9/ZBlru
	Fyr9V+coNxRKLV+P4EkJfVeb9eYisP4ytWzbL6S7liBZS1BHvhJFkFKyLr+rXN0O
	zVuM6dgWcLBZrV+MZvy8Mw7oV7jNA==
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id cd5744c0
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO);
	Tue, 11 Feb 2020 19:45:43 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: netdev@vger.kernel.org, davem@davemloft.net
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	Harald Welte <laforge@gnumonks.org>
Subject: [PATCH v4 net 2/5] gtp: use icmp_ndo_send helper
Date: Tue, 11 Feb 2020 20:47:06 +0100
Message-Id: <20200211194709.723383-3-Jason@zx2c4.com>
In-Reply-To: <20200211194709.723383-1-Jason@zx2c4.com>
References: <20200211194709.723383-1-Jason@zx2c4.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Because gtp is calling icmp from network device context, it should use
the ndo helper so that the rate limiting applies correctly.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Harald Welte <laforge@gnumonks.org>
---
 drivers/net/gtp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
index af07ea760b35..672cd2caf2fb 100644
--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c
@@ -546,8 +546,8 @@ static int gtp_build_skb_ip4(struct sk_buff *skb, struct net_device *dev,
 	    mtu < ntohs(iph->tot_len)) {
 		netdev_dbg(dev, "packet too big, fragmentation needed\n");
 		memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
-			  htonl(mtu));
+		icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+			      htonl(mtu));
 		goto err_rt;
 	}
 

From patchwork Tue Feb 11 19:47:07 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 1236446
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=zx2c4.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha1
	header.s=mail header.b=xOveijOX; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 48HCwk1MnCz9s3x
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 12 Feb 2020 06:47:34 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731116AbgBKTrd (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 11 Feb 2020 14:47:33 -0500
Received: from frisell.zx2c4.com ([192.95.5.64]:52685 "EHLO
	frisell.zx2c4.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1731108AbgBKTrc (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 11 Feb 2020 14:47:32 -0500
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c50135e5;
	Tue, 11 Feb 2020 19:45:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding; s=mail; bh=6IxQnhqna6P4699fOE6/+Cvkl
	kY=; b=xOveijOXTkIEdHJN31LXPsz6zMxHiT/5NJ4MT7zNyReDn27GfbLbt9JP+
	N0C0vd3vdziwS+fDrgHBSGqdgJUSVT70ODgN0zTWX4mtO2hdGEoaL6TIaK0IKT7A
	R0Z/LSw2FAR+exGfR34VfFe2kay1ofqo+QZ26a+IGGbHt9MdVs/Ox6/PO5tSp8gt
	4+PR0XGxqy+qGCMYML1vIsH5q63v5D8cH1XpARdhuWU4Fl+r47yZY1RFDrlvurt+
	bJ3/Pj2mbxk78diOsmluQDlouVP2RculAFSMYpBSI48hdyNfXxtabuWjHl/16Ubj
	rb9UlcPUuoefozlDdQ5NWo5UC7MoQ==
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 9b6d0f0b
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO);
	Tue, 11 Feb 2020 19:45:44 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: netdev@vger.kernel.org, davem@davemloft.net
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	Shannon Nelson <shannon.nelson@oracle.com>
Subject: [PATCH v4 net 3/5] sunvnet: use icmp_ndo_send helper
Date: Tue, 11 Feb 2020 20:47:07 +0100
Message-Id: <20200211194709.723383-4-Jason@zx2c4.com>
In-Reply-To: <20200211194709.723383-1-Jason@zx2c4.com>
References: <20200211194709.723383-1-Jason@zx2c4.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Because sunvnet is calling icmp from network device context, it should use
the ndo helper so that the rate limiting applies correctly. While we're
at it, doing the additional route lookup before calling icmp_ndo_send is
superfluous, since this is the job of the icmp code in the first place.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Shannon Nelson <shannon.nelson@oracle.com>
---
 drivers/net/ethernet/sun/sunvnet_common.c | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/drivers/net/ethernet/sun/sunvnet_common.c b/drivers/net/ethernet/sun/sunvnet_common.c
index c23ce838ff63..8dc6c9ff22e1 100644
--- a/drivers/net/ethernet/sun/sunvnet_common.c
+++ b/drivers/net/ethernet/sun/sunvnet_common.c
@@ -1350,27 +1350,12 @@ sunvnet_start_xmit_common(struct sk_buff *skb, struct net_device *dev,
 		if (vio_version_after_eq(&port->vio, 1, 3))
 			localmtu -= VLAN_HLEN;
 
-		if (skb->protocol == htons(ETH_P_IP)) {
-			struct flowi4 fl4;
-			struct rtable *rt = NULL;
-
-			memset(&fl4, 0, sizeof(fl4));
-			fl4.flowi4_oif = dev->ifindex;
-			fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos);
-			fl4.daddr = ip_hdr(skb)->daddr;
-			fl4.saddr = ip_hdr(skb)->saddr;
-
-			rt = ip_route_output_key(dev_net(dev), &fl4);
-			if (!IS_ERR(rt)) {
-				skb_dst_set(skb, &rt->dst);
-				icmp_send(skb, ICMP_DEST_UNREACH,
-					  ICMP_FRAG_NEEDED,
-					  htonl(localmtu));
-			}
-		}
+		if (skb->protocol == htons(ETH_P_IP))
+			icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+				      htonl(localmtu));
 #if IS_ENABLED(CONFIG_IPV6)
 		else if (skb->protocol == htons(ETH_P_IPV6))
-			icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, localmtu);
+			icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, localmtu);
 #endif
 		goto out_dropped;
 	}

From patchwork Tue Feb 11 19:47:08 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 1236447
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=zx2c4.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha1
	header.s=mail header.b=v889WBPm; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 48HCwp0QjNz9s3x
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 12 Feb 2020 06:47:38 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731663AbgBKTrh (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 11 Feb 2020 14:47:37 -0500
Received: from frisell.zx2c4.com ([192.95.5.64]:52685 "EHLO
	frisell.zx2c4.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1731108AbgBKTre (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 11 Feb 2020 14:47:34 -0500
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 69e48d18;
	Tue, 11 Feb 2020 19:45:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding; s=mail; bh=Y+hV0WUS8UMO6USWQpk1nhjSX
	XA=; b=v889WBPm1nzWavrkXjzlxPc+lOd1usdRf2SGkCefa/++XwoeSJAUaIacN
	6ZZvDhOWGyhylPRQQ8Lpu65JmeDiLLEBn9THmjm7ksx6NomrXGFHyQ6wHknI2Nml
	ZS3r9Ib98JskZCsYIn/Tz6sd/185Ba2uBIHzXuDNMQvTtn75Yz7G2t6cnUmqhMCv
	KAPbrwLIOmx/xZcG9DoXccU/dOefxUA8rZDfYlZIzqFl7JVogBhHztMduJLEWZKc
	Bw8/qCDAy0+HIKYOYxpukpc8CtCF/C1RIUaldgPb1+CkOAJcGZZAAVrPBb9n+hUQ
	G0xgwqTfEnctOWO/7u0Z0U+hkPGKw==
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 20cf6139
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO);
	Tue, 11 Feb 2020 19:45:46 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: netdev@vger.kernel.org, davem@davemloft.net
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH v4 net 4/5] wireguard: device: use icmp_ndo_send helper
Date: Tue, 11 Feb 2020 20:47:08 +0100
Message-Id: <20200211194709.723383-5-Jason@zx2c4.com>
In-Reply-To: <20200211194709.723383-1-Jason@zx2c4.com>
References: <20200211194709.723383-1-Jason@zx2c4.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Because wireguard is calling icmp from network device context, it should
use the ndo helper so that the rate limiting applies correctly.  This
commit adds a small test to the wireguard test suite to ensure that the
new functions continue doing the right thing in the context of
wireguard. It does this by setting up a condition that will definately
evoke an icmp error message from the driver, but along a nat'd path.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 drivers/net/wireguard/device.c             |  4 ++--
 tools/testing/selftests/wireguard/netns.sh | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c
index 16b19824b9ad..43db442b1373 100644
--- a/drivers/net/wireguard/device.c
+++ b/drivers/net/wireguard/device.c
@@ -203,9 +203,9 @@ static netdev_tx_t wg_xmit(struct sk_buff *skb, struct net_device *dev)
 err:
 	++dev->stats.tx_errors;
 	if (skb->protocol == htons(ETH_P_IP))
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
+		icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
 	else if (skb->protocol == htons(ETH_P_IPV6))
-		icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
+		icmpv6_ndo_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
 	kfree_skb(skb);
 	return ret;
 }
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
index f5ab1cda8bb5..138d46b3f330 100755
--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -24,6 +24,7 @@
 set -e
 
 exec 3>&1
+export LANG=C
 export WG_HIDE_KEYS=never
 netns0="wg-test-$$-0"
 netns1="wg-test-$$-1"
@@ -297,7 +298,17 @@ ip1 -4 rule add table main suppress_prefixlength 0
 n1 ping -W 1 -c 100 -f 192.168.99.7
 n1 ping -W 1 -c 100 -f abab::1111
 
+# Have ns2 NAT into wg0 packets from ns0, but return an icmp error along the right route.
+n2 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 192.168.241.0/24 -j SNAT --to 192.168.241.2
+n0 iptables -t filter -A INPUT \! -s 10.0.0.0/24 -i vethrs -j DROP # Manual rpfilter just to be explicit.
+n2 bash -c 'printf 1 > /proc/sys/net/ipv4/ip_forward'
+ip0 -4 route add 192.168.241.1 via 10.0.0.100
+n2 wg set wg0 peer "$pub1" remove
+[[ $(! n0 ping -W 1 -c 1 192.168.241.1 || false) == *"From 10.0.0.100 icmp_seq=1 Destination Host Unreachable"* ]]
+
 n0 iptables -t nat -F
+n0 iptables -t filter -F
+n2 iptables -t nat -F
 ip0 link del vethrc
 ip0 link del vethrs
 ip1 link del wg0

From patchwork Tue Feb 11 19:47:09 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Jason A. Donenfeld" <Jason@zx2c4.com>
X-Patchwork-Id: 1236448
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org; spf=none (no SPF record)
	smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67;
	helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=zx2c4.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha1
	header.s=mail header.b=kGfPYgI7; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 48HCwp5NCXz9sPJ
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 12 Feb 2020 06:47:38 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731711AbgBKTrh (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 11 Feb 2020 14:47:37 -0500
Received: from frisell.zx2c4.com ([192.95.5.64]:52685 "EHLO
	frisell.zx2c4.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1728843AbgBKTrh (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 11 Feb 2020 14:47:37 -0500
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b3c86b54;
	Tue, 11 Feb 2020 19:45:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc
	:subject:date:message-id:in-reply-to:references:mime-version
	:content-transfer-encoding; s=mail; bh=wfT3X7qXqNUU0/0EQjnwE4gcH
	QY=; b=kGfPYgI7khpGxqrgvKyOGHqF0lGCviqfszWdwuieFH6l41wtG5s5Kl3AR
	Ix6fbuk/2GGPbIHh2QNc01I0vw96ARsi+5D3Q+4wKP2u5aGcDUemn41vViih+avn
	wX+F20HNzgnZ89vgsVW1PZ+BwKSvK6DFZUbP38mQVzhRSIAxZ7MLcDaIJddhUaky
	Xe2c10DIfAtXpU3RCarAv+KMGOIMMIMr/gy452hHxX2E0HwMrz2Tap7BwIbXjFXj
	yvwXKucj116ddU3LnWdGDHrzCdrtXIkw0sANJW36jfIi0x8ePt8+US2OKCddZTbF
	ZpbrSeSlQzwpo0BGsF33fWKGqhHIg==
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0d49104b
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO);
	Tue, 11 Feb 2020 19:45:48 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: netdev@vger.kernel.org, davem@davemloft.net
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	Nicolas Dichtel <nicolas.dichtel@6wind.com>,
	Steffen Klassert <steffen.klassert@secunet.com>
Subject: [PATCH v4 net 5/5] xfrm: interface: use icmp_ndo_send helper
Date: Tue, 11 Feb 2020 20:47:09 +0100
Message-Id: <20200211194709.723383-6-Jason@zx2c4.com>
In-Reply-To: <20200211194709.723383-1-Jason@zx2c4.com>
References: <20200211194709.723383-1-Jason@zx2c4.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Because xfrmi is calling icmp from network device context, it should use
the ndo helper so that the rate limiting applies correctly.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/xfrm/xfrm_interface.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index dc651a628dcf..3361e3ac5714 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -300,10 +300,10 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 			if (mtu < IPV6_MIN_MTU)
 				mtu = IPV6_MIN_MTU;
 
-			icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+			icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 		} else {
-			icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
-				  htonl(mtu));
+			icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+				      htonl(mtu));
 		}
 
 		dst_release(dst);