From patchwork Mon Jul 23 11:51:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 947701 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="IGcBHMf4"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41Z0GN2qq7z9s3N for ; Mon, 23 Jul 2018 21:52:12 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388100AbeGWMxB (ORCPT ); Mon, 23 Jul 2018 08:53:01 -0400 Received: from mail-pl0-f66.google.com ([209.85.160.66]:42565 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387816AbeGWMxA (ORCPT ); Mon, 23 Jul 2018 08:53:00 -0400 Received: by mail-pl0-f66.google.com with SMTP id z7-v6so122130plo.9 for ; Mon, 23 Jul 2018 04:52:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=+ICsavzAioYfYBDS5uEv09D1+VfBk7cYl6y5PSe03rA=; b=IGcBHMf4k3y9zkhHB1zgx7gbKdXraZXPyMkRUnhoPVQZdoVCb53CmEKWfr6CUXSTb6 K4MaX+nXvoqAFVf5Lk/ydzq5n9jhoIbjfrcsnfT+XXV2/YxFFq3+jatu/ELtNldxB6ma lfLI6EwKE7pErAqCODe1LWVK1MhwVe+9VP/QLO5yUmlrPHGtdbqFMaGRfkC+aBJpLCu+ m9maHht3exDrq2clhuTmMS92KyBmADK/5cd5tJbSLr848Duc8AniqUzsNsCBtuQKrcQH 3xQiewHRuzoIhsvBge2LA+N6OGnmM6OQLBWGAz+KwEmuDKoqY9bX4Ydm/IkVelgXdrE2 +UWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=+ICsavzAioYfYBDS5uEv09D1+VfBk7cYl6y5PSe03rA=; b=UbJlcvlFEZaAnkuz2R/Or1VVAP/FIXJvpLUWvAcafrcfj2QvWHVwdBNy8RTJk8tigT ALuwF6H9Uexd6vPackD+9CnNAOMlD96g/5WXKh+JUilD51RwI3B1kVDnJvUgbHH0efFs OXPgp8GKPfq8ddv535S47Uu+2Ryz9WUlMGK7/NnOwGW19UTF9ZCTome34if7bcY5IVXW xMnqvNVFLuktt9mdYJ6yrA9d9AxwHir7/yUIh6+IS3xJ4shfRUz5mOc1UPsBHJAqS7px IbREwhRlECbD/pebGNHWUExcjYRr8x2QV8dLHU7zgwaCO0CRyGTjtH1Qfc+R5bvZ2Esf fmzQ== X-Gm-Message-State: AOUpUlGRpgi9TVSrrcv0OkUdMa/+rFvG+N9Ul5o5M67l+hgh1+MkAK38 Kxxctjwnxuz+RKub1ytStoWVotEr X-Google-Smtp-Source: AAOMgpcqUrGZgzX1braJKiqxHhIocZ5aRzc1TAhKw245jF/98NKM3NdAQvsLuF1V5fl+z8AvIYrvNA== X-Received: by 2002:a17:902:22:: with SMTP id 31-v6mr12721741pla.332.1532346730236; Mon, 23 Jul 2018 04:52:10 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id r23-v6sm8530225pfj.5.2018.07.23.04.52.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Jul 2018 04:52:09 -0700 (PDT) From: Xin Long To: network dev Cc: davem@davemloft.net, David Ahern , Davide Caratti , idosch@idosch.org Subject: [PATCHv3 net-next 1/2] route: add support for directed broadcast forwarding Date: Mon, 23 Jul 2018 19:51:53 +0800 Message-Id: <8b30fcb80234d6d0f96e703487cf4a4195fc1c48.1532346504.git.lucien.xin@gmail.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: References: In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch implements the feature described in rfc1812#section-5.3.5.2 and rfc2644. It allows the router to forward directed broadcast when sysctl bc_forwarding is enabled. Note that this feature could be done by iptables -j TEE, but it would cause some problems: - target TEE's gateway param has to be set with a specific address, and it's not flexible especially when the route wants forward all directed broadcasts. - this duplicates the directed broadcasts so this may cause side effects to applications. Besides, to keep consistent with other os router like BSD, it's also necessary to implement it in the route rx path. Note that route cache needs to be flushed when bc_forwarding is changed. Signed-off-by: Xin Long --- include/linux/inetdevice.h | 1 + include/uapi/linux/ip.h | 1 + include/uapi/linux/netconf.h | 1 + net/ipv4/devinet.c | 11 +++++++++++ net/ipv4/route.c | 6 +++++- 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h index 27650f1..c759d1c 100644 --- a/include/linux/inetdevice.h +++ b/include/linux/inetdevice.h @@ -93,6 +93,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev) #define IN_DEV_FORWARD(in_dev) IN_DEV_CONF_GET((in_dev), FORWARDING) #define IN_DEV_MFORWARD(in_dev) IN_DEV_ANDCONF((in_dev), MC_FORWARDING) +#define IN_DEV_BFORWARD(in_dev) IN_DEV_ANDCONF((in_dev), BC_FORWARDING) #define IN_DEV_RPFILTER(in_dev) IN_DEV_MAXCONF((in_dev), RP_FILTER) #define IN_DEV_SRC_VMARK(in_dev) IN_DEV_ORCONF((in_dev), SRC_VMARK) #define IN_DEV_SOURCE_ROUTE(in_dev) IN_DEV_ANDCONF((in_dev), \ diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h index b24a742..e42d13b 100644 --- a/include/uapi/linux/ip.h +++ b/include/uapi/linux/ip.h @@ -168,6 +168,7 @@ enum IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN, IPV4_DEVCONF_DROP_UNICAST_IN_L2_MULTICAST, IPV4_DEVCONF_DROP_GRATUITOUS_ARP, + IPV4_DEVCONF_BC_FORWARDING, __IPV4_DEVCONF_MAX }; diff --git a/include/uapi/linux/netconf.h b/include/uapi/linux/netconf.h index c84fcdf..fac4edd 100644 --- a/include/uapi/linux/netconf.h +++ b/include/uapi/linux/netconf.h @@ -18,6 +18,7 @@ enum { NETCONFA_PROXY_NEIGH, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, NETCONFA_INPUT, + NETCONFA_BC_FORWARDING, __NETCONFA_MAX }; #define NETCONFA_MAX (__NETCONFA_MAX - 1) diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index d7585ab..ea4bd8a 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -1827,6 +1827,8 @@ static int inet_netconf_msgsize_devconf(int type) size += nla_total_size(4); if (all || type == NETCONFA_MC_FORWARDING) size += nla_total_size(4); + if (all || type == NETCONFA_BC_FORWARDING) + size += nla_total_size(4); if (all || type == NETCONFA_PROXY_NEIGH) size += nla_total_size(4); if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) @@ -1873,6 +1875,10 @@ static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, nla_put_s32(skb, NETCONFA_MC_FORWARDING, IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0) goto nla_put_failure; + if ((all || type == NETCONFA_BC_FORWARDING) && + nla_put_s32(skb, NETCONFA_BC_FORWARDING, + IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0) + goto nla_put_failure; if ((all || type == NETCONFA_PROXY_NEIGH) && nla_put_s32(skb, NETCONFA_PROXY_NEIGH, IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0) @@ -2143,6 +2149,10 @@ static int devinet_conf_proc(struct ctl_table *ctl, int write, if ((new_value == 0) && (old_value != 0)) rt_cache_flush(net); + if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && + new_value != old_value) + rt_cache_flush(net); + if (i == IPV4_DEVCONF_RP_FILTER - 1 && new_value != old_value) { ifindex = devinet_conf_ifindex(net, cnf); @@ -2259,6 +2269,7 @@ static struct devinet_sysctl_table { DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", devinet_sysctl_forward), DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), + DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 1df6e97..b678466 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1996,8 +1996,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, goto no_route; } - if (res->type == RTN_BROADCAST) + if (res->type == RTN_BROADCAST) { + if (IN_DEV_BFORWARD(in_dev)) + goto make_route; goto brd_input; + } if (res->type == RTN_LOCAL) { err = fib_validate_source(skb, saddr, daddr, tos, @@ -2014,6 +2017,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (res->type != RTN_UNICAST) goto martian_destination; +make_route: err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys); out: return err; From patchwork Mon Jul 23 11:51:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 947702 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="WHITHgvk"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41Z0GX6SjDz9s2M for ; Mon, 23 Jul 2018 21:52:20 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388105AbeGWMxJ (ORCPT ); Mon, 23 Jul 2018 08:53:09 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:46206 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387816AbeGWMxJ (ORCPT ); Mon, 23 Jul 2018 08:53:09 -0400 Received: by mail-pg1-f196.google.com with SMTP id p23-v6so199015pgv.13 for ; Mon, 23 Jul 2018 04:52:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=e+WejOlVM59RQV2NnRfstlMfFnPjjNakQctaluMlLe0=; b=WHITHgvkGs3CBASUpuBrkbkVqnsV1OJXeYJuPY8ckLMLTl6H8rtPuqP9y7FC4WByGi Lm0WO7TLLwRgEwBGI3Z3EHdVh6yOQx+BRzVVB4E33IvNKANNz8Y4H7rQH6nauNC+D5SP ndrdf5KXIfKh/mFyRI59isaa1U1xEdZXCGXufcf9KCbEKHCFZImrttueitApRMo77OYh ibuAWh5+7fVnoaGmDOT60+2ssWo68ZjUhMh/KWav8ltg/34gPpTMy6rS1sltGUfx9/0S Ed8hrLIvaXrZaSqzxX9NKGRLTnUF6OkxLsxw9rsuDXUH8s2nuR4MTjQlQa77hVuXuvk5 PKEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=e+WejOlVM59RQV2NnRfstlMfFnPjjNakQctaluMlLe0=; b=DjY7ehF42lvh94N7WwR29f5r0IFoU3Gl+hurIkbiyHI97yufdtv0+tqV0mI0qReTOk poezhagaMJrk+V6SbCp6K93XsOYubDzl4ND9fMIGTKr3cGragtfUycneK9dP1WN0udFY YKEPH7qifumGgAT6FNNjnTUasYvxJkJdkVZBlOHJq2vAdbhF7lFOVkjtTFaKCBbgR6UJ G19iF5mMFLc/dpF/MI+00yvoEQn8M0XIcLervC4dugmalYxa1XEMXta1srYrUm9HaPJM Vg30JUcmJS/SsAC/AeO7rIIVlemMJL8sEXA57Qn4nbrsAs/LDg+CGp9W4dBwIf6pvSEi 56Ww== X-Gm-Message-State: AOUpUlH2VK6b6kld1dYBinpVu+cgesSMA5wr3umdOR9ABrcGSTseZ3Ya txNxgPn+gBxT1gy8UebAplczlVLZ X-Google-Smtp-Source: AAOMgpdqwZBERfXqev7q/KWkw2qOkVxc/XNUcNn/NMIdZIQTpg0sruo+Q5YOzXMd94+bU88/9aEr6Q== X-Received: by 2002:a63:4924:: with SMTP id w36-v6mr12040992pga.143.1532346738204; Mon, 23 Jul 2018 04:52:18 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id 1-v6sm16127837pfm.145.2018.07.23.04.52.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Jul 2018 04:52:17 -0700 (PDT) From: Xin Long To: network dev Cc: davem@davemloft.net, David Ahern , Davide Caratti , idosch@idosch.org Subject: [PATCHv3 net-next 2/2] selftests: add a selftest for directed broadcast forwarding Date: Mon, 23 Jul 2018 19:51:54 +0800 Message-Id: X-Mailer: git-send-email 2.1.0 In-Reply-To: <8b30fcb80234d6d0f96e703487cf4a4195fc1c48.1532346504.git.lucien.xin@gmail.com> References: <8b30fcb80234d6d0f96e703487cf4a4195fc1c48.1532346504.git.lucien.xin@gmail.com> In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org As Ido's suggestion, this patch is to add a selftest for directed broadcast forwarding with vrf. It does the assertion by checking the src IP of the echo-reply packet in ping_test_from. Signed-off-by: Xin Long --- .../selftests/net/forwarding/router_broadcast.sh | 215 +++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100755 tools/testing/selftests/net/forwarding/router_broadcast.sh diff --git a/tools/testing/selftests/net/forwarding/router_broadcast.sh b/tools/testing/selftests/net/forwarding/router_broadcast.sh new file mode 100755 index 0000000..f2a5a51 --- /dev/null +++ b/tools/testing/selftests/net/forwarding/router_broadcast.sh @@ -0,0 +1,215 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +ALL_TESTS="ping_ipv4" +NUM_NETIFS=6 +source lib.sh + +h1_create() +{ + vrf_create "vrf-h1" + ip link set dev $h1 master vrf-h1 + + ip link set dev vrf-h1 up + ip link set dev $h1 up + + ip address add 192.0.2.2/24 dev $h1 + + ip route add 198.51.100.0/24 vrf vrf-h1 nexthop via 192.0.2.1 + ip route add 198.51.200.0/24 vrf vrf-h1 nexthop via 192.0.2.1 +} + +h1_destroy() +{ + ip route del 198.51.200.0/24 vrf vrf-h1 + ip route del 198.51.100.0/24 vrf vrf-h1 + + ip address del 192.0.2.2/24 dev $h1 + + ip link set dev $h1 down + vrf_destroy "vrf-h1" +} + +h2_create() +{ + vrf_create "vrf-h2" + ip link set dev $h2 master vrf-h2 + + ip link set dev vrf-h2 up + ip link set dev $h2 up + + ip address add 198.51.100.2/24 dev $h2 + + ip route add 192.0.2.0/24 vrf vrf-h2 nexthop via 198.51.100.1 + ip route add 198.51.200.0/24 vrf vrf-h2 nexthop via 198.51.100.1 +} + +h2_destroy() +{ + ip route del 198.51.200.0/24 vrf vrf-h2 + ip route del 192.0.2.0/24 vrf vrf-h2 + + ip address del 198.51.100.2/24 dev $h2 + + ip link set dev $h2 down + vrf_destroy "vrf-h2" +} + +h3_create() +{ + vrf_create "vrf-h3" + ip link set dev $h3 master vrf-h3 + + ip link set dev vrf-h3 up + ip link set dev $h3 up + + ip address add 198.51.200.2/24 dev $h3 + + ip route add 192.0.2.0/24 vrf vrf-h3 nexthop via 198.51.200.1 + ip route add 198.51.100.0/24 vrf vrf-h3 nexthop via 198.51.200.1 +} + +h3_destroy() +{ + ip route del 198.51.100.0/24 vrf vrf-h3 + ip route del 192.0.2.0/24 vrf vrf-h3 + + ip address del 198.51.200.2/24 dev $h3 + + ip link set dev $h3 down + vrf_destroy "vrf-h3" +} + +router_create() +{ + ip link set dev $rp1 up + ip link set dev $rp2 up + ip link set dev $rp3 up + + ip address add 192.0.2.1/24 dev $rp1 + + ip address add 198.51.100.1/24 dev $rp2 + ip address add 198.51.200.1/24 dev $rp3 +} + +router_destroy() +{ + ip address del 198.51.200.1/24 dev $rp3 + ip address del 198.51.100.1/24 dev $rp2 + + ip address del 192.0.2.1/24 dev $rp1 + + ip link set dev $rp3 down + ip link set dev $rp2 down + ip link set dev $rp1 down +} + +setup_prepare() +{ + h1=${NETIFS[p1]} + rp1=${NETIFS[p2]} + + rp2=${NETIFS[p3]} + h2=${NETIFS[p4]} + + rp3=${NETIFS[p5]} + h3=${NETIFS[p6]} + + vrf_prepare + + h1_create + h2_create + h3_create + + router_create + + forwarding_enable +} + +cleanup() +{ + pre_cleanup + + forwarding_restore + + router_destroy + + h3_destroy + h2_destroy + h1_destroy + + vrf_cleanup +} + +bc_forwarding_disable() +{ + sysctl_set net.ipv4.conf.all.bc_forwarding 0 + sysctl_set net.ipv4.conf.$rp1.bc_forwarding 0 +} + +bc_forwarding_enable() +{ + sysctl_set net.ipv4.conf.all.bc_forwarding 1 + sysctl_set net.ipv4.conf.$rp1.bc_forwarding 1 +} + +bc_forwarding_restore() +{ + sysctl_restore net.ipv4.conf.$rp1.bc_forwarding + sysctl_restore net.ipv4.conf.all.bc_forwarding +} + +ping_test_from() +{ + local oif=$1 + local dip=$2 + local from=$3 + local fail=${4:-0} + + RET=0 + + ip vrf exec $(master_name_get $oif) \ + $PING -I $oif $dip -c 10 -i 0.1 -w 2 -b 2>&1 | grep $from &> /dev/null + check_err_fail $fail $? + log_test "ping_test_from" +} + +ping_ipv4() +{ + sysctl_set net.ipv4.icmp_echo_ignore_broadcasts 0 + + bc_forwarding_disable + ping_test_from $h1 198.51.100.255 192.0.2.1 + ping_test_from $h1 198.51.200.255 192.0.2.1 + ping_test_from $h1 192.0.2.255 192.0.2.1 + ping_test_from $h1 255.255.255.255 192.0.2.1 + + ping_test_from $h2 192.0.2.255 198.51.100.1 + ping_test_from $h2 198.51.200.255 198.51.100.1 + ping_test_from $h2 198.51.100.255 198.51.100.1 + ping_test_from $h2 255.255.255.255 198.51.100.1 + bc_forwarding_restore + + bc_forwarding_enable + ping_test_from $h1 198.51.100.255 198.51.100.2 + ping_test_from $h1 198.51.200.255 198.51.200.2 + ping_test_from $h1 192.0.2.255 192.0.2.1 1 + ping_test_from $h1 255.255.255.255 192.0.2.1 + + ping_test_from $h2 192.0.2.255 192.0.2.2 + ping_test_from $h2 198.51.200.255 198.51.200.2 + ping_test_from $h2 198.51.100.255 198.51.100.1 1 + ping_test_from $h2 255.255.255.255 198.51.100.1 + bc_forwarding_restore + + sysctl_restore net.ipv4.icmp_echo_ignore_broadcasts +} + +trap cleanup EXIT + +setup_prepare +setup_wait + +tests_run + +exit $EXIT_STATUS