| Message ID | 20230419013238.2691167-1-maheshb@google.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 7ab75456be144a354fbb3df1516d82fc24d3d67d |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [PATCHv2,next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6 | expand |
On 4/18/23 7:32 PM, Mahesh Bandewar wrote: > ICMPv6 error packets are not sent to the anycast destinations and this > prevents things like traceroute from working. So create a setting similar > to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast). > > Signed-off-by: Mahesh Bandewar <maheshb@google.com> > CC: Maciej Żenczykowski <maze@google.com> > --- > Documentation/networking/ip-sysctl.rst | 7 +++++++ > include/net/netns/ipv6.h | 1 + > net/ipv6/af_inet6.c | 1 + > net/ipv6/icmp.c | 15 +++++++++++++-- > 4 files changed, 22 insertions(+), 2 deletions(-) > Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Maciej Żenczykowski <maze@google.com> Though I am wondering if it would make more sense to put the check inside ipv6_anycast_destination() 'treat_anycast_as_unicast' or something. On Thu, Apr 20, 2023 at 8:55 PM David Ahern <dsahern@kernel.org> wrote: > > On 4/18/23 7:32 PM, Mahesh Bandewar wrote: > > ICMPv6 error packets are not sent to the anycast destinations and this > > prevents things like traceroute from working. So create a setting similar > > to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast). > > > > Signed-off-by: Mahesh Bandewar <maheshb@google.com> > > CC: Maciej Żenczykowski <maze@google.com> > > --- > > Documentation/networking/ip-sysctl.rst | 7 +++++++ > > include/net/netns/ipv6.h | 1 + > > net/ipv6/af_inet6.c | 1 + > > net/ipv6/icmp.c | 15 +++++++++++++-- > > 4 files changed, 22 insertions(+), 2 deletions(-) > > > > > Reviewed-by: David Ahern <dsahern@kernel.org> >
On Thu, Apr 20, 2023 at 12:12 PM Maciej Żenczykowski <maze@google.com> wrote: > > Reviewed-by: Maciej Żenczykowski <maze@google.com> > > Though I am wondering if it would make more sense to put the check > inside ipv6_anycast_destination() > 'treat_anycast_as_unicast' or something. > I prefer the current form as it maintains the current semantics of 'ipv6_anycast_destination' which is used at other places as well. > On Thu, Apr 20, 2023 at 8:55 PM David Ahern <dsahern@kernel.org> wrote: > > > > On 4/18/23 7:32 PM, Mahesh Bandewar wrote: > > > ICMPv6 error packets are not sent to the anycast destinations and this > > > prevents things like traceroute from working. So create a setting similar > > > to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast). > > > > > > Signed-off-by: Mahesh Bandewar <maheshb@google.com> > > > CC: Maciej Żenczykowski <maze@google.com> > > > --- > > > Documentation/networking/ip-sysctl.rst | 7 +++++++ > > > include/net/netns/ipv6.h | 1 + > > > net/ipv6/af_inet6.c | 1 + > > > net/ipv6/icmp.c | 15 +++++++++++++-- > > > 4 files changed, 22 insertions(+), 2 deletions(-) > > > > > > > > > Reviewed-by: David Ahern <dsahern@kernel.org> > >
Hello: This patch was applied to netdev/net-next.git (main) by Jakub Kicinski <kuba@kernel.org>: On Tue, 18 Apr 2023 18:32:38 -0700 you wrote: > ICMPv6 error packets are not sent to the anycast destinations and this > prevents things like traceroute from working. So create a setting similar > to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast). > > Signed-off-by: Mahesh Bandewar <maheshb@google.com> > CC: Maciej Żenczykowski <maze@google.com> > > [...] Here is the summary with links: - [PATCHv2,next] ipv6: add icmpv6_error_anycast_as_unicast for ICMPv6 https://git.kernel.org/netdev/net-next/c/7ab75456be14 You are awesome, thank you!
diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 87dd1c5283e6..b2a563ef0789 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -2719,6 +2719,13 @@ echo_ignore_anycast - BOOLEAN Default: 0 +error_anycast_as_unicast - BOOLEAN + If set to 1, then the kernel will respond with ICMP Errors + resulting from requests sent to it over the IPv6 protocol destined + to anycast address essentially treating anycast as unicast. + + Default: 0 + xfrm6_gc_thresh - INTEGER (Obsolete since linux-4.14) The threshold at which we will start garbage collecting for IPv6 diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index b4af4837d80b..3cceb3e9320b 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h @@ -55,6 +55,7 @@ struct netns_sysctl_ipv6 { u64 ioam6_id_wide; bool skip_notify_on_dev_down; u8 fib_notify_on_flag_change; + u8 icmpv6_error_anycast_as_unicast; }; struct netns_ipv6 { diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 38689bedfce7..2b7ac752afc2 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -952,6 +952,7 @@ static int __net_init inet6_net_init(struct net *net) net->ipv6.sysctl.icmpv6_echo_ignore_all = 0; net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0; net->ipv6.sysctl.icmpv6_echo_ignore_anycast = 0; + net->ipv6.sysctl.icmpv6_error_anycast_as_unicast = 0; /* By default, rate limit error messages. * Except for pmtu discovery, it would break it. diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index f32bc98155bf..1465a211e592 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -362,9 +362,10 @@ static struct dst_entry *icmpv6_route_lookup(struct net *net, /* * We won't send icmp if the destination is known - * anycast. + * anycast unless we need to treat anycast as unicast. */ - if (ipv6_anycast_destination(dst, &fl6->daddr)) { + if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) && + ipv6_anycast_destination(dst, &fl6->daddr)) { net_dbg_ratelimited("icmp6_send: acast source\n"); dst_release(dst); return ERR_PTR(-EINVAL); @@ -1192,6 +1193,15 @@ static struct ctl_table ipv6_icmp_table_template[] = { .mode = 0644, .proc_handler = proc_do_large_bitmap, }, + { + .procname = "error_anycast_as_unicast", + .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast, + .maxlen = sizeof(u8), + .mode = 0644, + .proc_handler = proc_dou8vec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_ONE, + }, { }, }; @@ -1209,6 +1219,7 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast; table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast; table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr; + table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast; } return table; }
ICMPv6 error packets are not sent to the anycast destinations and this prevents things like traceroute from working. So create a setting similar to ECHO when dealing with Anycast sources (icmpv6_echo_ignore_anycast). Signed-off-by: Mahesh Bandewar <maheshb@google.com> CC: Maciej Żenczykowski <maze@google.com> --- Documentation/networking/ip-sysctl.rst | 7 +++++++ include/net/netns/ipv6.h | 1 + net/ipv6/af_inet6.c | 1 + net/ipv6/icmp.c | 15 +++++++++++++-- 4 files changed, 22 insertions(+), 2 deletions(-)