| Message ID | 1500562286-14312-1-git-send-email-liuhangbin@gmail.com |
|---|---|
| State | Superseded, archived |
| Delegated to: | David Miller |
| Headers | show |
Hi Roopa, Cong, 2017-07-20 22:51 GMT+08:00 Hangbin Liu <liuhangbin@gmail.com>: > After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib > result when requested"). When we get a prohibit ertry, we will return > -EACCES directly. > > Before: > + ip netns exec client ip -6 route get 2003::1 > prohibit 2003::1 dev lo table unspec proto kernel src 2001::1 metric > 4294967295 error -13 > > After: > + ip netns exec server ip -6 route get 2002::1 > RTNETLINK answers: Network is unreachable > > Since we will check the ip6_null_entry later. There is not sense > to check the dst.error after get rt. > > Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- > net/ipv6/route.c | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/net/ipv6/route.c b/net/ipv6/route.c > index 4d30c96..8fc52de 100644 > --- a/net/ipv6/route.c > +++ b/net/ipv6/route.c > @@ -3637,12 +3637,6 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, > dst = ip6_route_lookup(net, &fl6, 0); > > rt = container_of(dst, struct rt6_info, dst); > - if (rt->dst.error) { > - err = rt->dst.error; > - ip6_rt_put(rt); > - goto errout; > - } hmm... or instead of remove this check, should we check all the entry? Like if ((rt->dst.error && rt != net->ipv6.ip6_null_entry && rt != net->ipv6.ip6_blk_hole_entry) || rt == net->ipv6.ip6_null_entry ) What do you think? Thanks Hangbin
On Thu, Jul 20, 2017 at 7:51 AM, Hangbin Liu <liuhangbin@gmail.com> wrote: > After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib > result when requested"). When we get a prohibit ertry, we will return > -EACCES directly. > > Before: > + ip netns exec client ip -6 route get 2003::1 > prohibit 2003::1 dev lo table unspec proto kernel src 2001::1 metric > 4294967295 error -13 > > After: > + ip netns exec server ip -6 route get 2002::1 > RTNETLINK answers: Network is unreachable > > Since we will check the ip6_null_entry later. There is not sense > to check the dst.error after get rt. > > Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com> thanks.
Hi Roopa, On Sat, Jul 22, 2017 at 09:55:51PM -0700, Roopa Prabhu wrote: > On Thu, Jul 20, 2017 at 7:51 AM, Hangbin Liu <liuhangbin@gmail.com> wrote: > > After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib > > result when requested"). When we get a prohibit ertry, we will return > > -EACCES directly. > > > > Before: > > + ip netns exec client ip -6 route get 2003::1 > > prohibit 2003::1 dev lo table unspec proto kernel src 2001::1 metric > > 4294967295 error -13 > > > > After: > > + ip netns exec server ip -6 route get 2002::1 > > RTNETLINK answers: Network is unreachable Sorry, I have a copy/paste error here, the return error should be + ip netns exec server ip -6 route get 2002::1 RTNETLINK answers: Permission denied I fixed it in v2 patch, but forgot to add #ifdef CONFIG_IPV6_MULTIPLE_TABLES before net->ipv6.ip6_prohibit_entry. Since you acked this patch. I will post a v3 patch with fixed comment. > > > > Since we will check the ip6_null_entry later. There is not sense > > to check the dst.error after get rt. > > > > Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") > > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > > --- > > Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com> Thanks Hangbin
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 4d30c96..8fc52de 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -3637,12 +3637,6 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, dst = ip6_route_lookup(net, &fl6, 0); rt = container_of(dst, struct rt6_info, dst); - if (rt->dst.error) { - err = rt->dst.error; - ip6_rt_put(rt); - goto errout; - } - if (rt == net->ipv6.ip6_null_entry) { err = rt->dst.error; ip6_rt_put(rt);
After commit 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib result when requested"). When we get a prohibit ertry, we will return -EACCES directly. Before: + ip netns exec client ip -6 route get 2003::1 prohibit 2003::1 dev lo table unspec proto kernel src 2001::1 metric 4294967295 error -13 After: + ip netns exec server ip -6 route get 2002::1 RTNETLINK answers: Network is unreachable Since we will check the ip6_null_entry later. There is not sense to check the dst.error after get rt. Fixes: 18c3a61c4264 ("net: ipv6: RTM_GETROUTE: return matched fib...") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> --- net/ipv6/route.c | 6 ------ 1 file changed, 6 deletions(-)