| Message ID | 20230724075051.20081-1-liuhangbin@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [PATCHv3,net-next] IPv6: add extack info for IPv6 address add/delete | expand |
On 7/24/23 1:50 AM, Hangbin Liu wrote: > Add extack info for IPv6 address add/delete, which would be useful for > users to understand the problem without having to read kernel code. > > Suggested-by: Beniamino Galvani <bgalvani@redhat.com> > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- > v3: * Update extack message. Pass extack to addrconf_f6i_alloc(). > * Return "IPv6 is disabled" for addrconf_add_dev(), as the same > with ndisc_allow_add() does. > * Set dup addr extack message in inet6_rtm_newaddr() instead of > ipv6_add_addr_hash(). > v2: Update extack msg for dead dev. Remove msg for NOBUFS error. > Add extack for ipv6_add_addr_hash() > --- > include/net/ip6_route.h | 2 +- > net/ipv6/addrconf.c | 63 +++++++++++++++++++++++++++++------------ > net/ipv6/anycast.c | 2 +- > net/ipv6/route.c | 5 ++-- > 4 files changed, 50 insertions(+), 22 deletions(-) > This patch is getting long enough, so: Reviewed-by: David Ahern <dsahern@kernel.org> Followup requests below. Thanks, > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index 19eb4b3d26ea..53dea18a4a07 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -1068,15 +1068,19 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, > !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) || > (!(idev->dev->flags & IFF_LOOPBACK) && > !netif_is_l3_master(idev->dev) && > - addr_type & IPV6_ADDR_LOOPBACK)) > + addr_type & IPV6_ADDR_LOOPBACK)) { > + NL_SET_ERR_MSG(extack, "Cannot assign requested address"); > return ERR_PTR(-EADDRNOTAVAIL); > + } It would be good to split the above checks into separate ones with more specific messages. > > if (idev->dead) { > - err = -ENODEV; /*XXX*/ > + NL_SET_ERR_MSG(extack, "IPv6 device is going away"); > + err = -ENODEV; > goto out; > } > > if (idev->cnf.disable_ipv6) { > + NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device"); > err = -EACCES; > goto out; > } ... > > if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) { > int ret = ipv6_mc_config(net->ipv6.mc_autojoin_sk, > true, cfg->pfx, ifindex); and pass extack to this one for better message as well. > > - if (ret < 0) > + if (ret < 0) { > + NL_SET_ERR_MSG(extack, "Multicast auto join failed"); > return ret; > + } > } > > cfg->scope = ipv6_addr_scope(cfg->pfx);
On Mon, Jul 24, 2023 at 09:02:42AM -0600, David Ahern wrote: > On 7/24/23 1:50 AM, Hangbin Liu wrote: > > Add extack info for IPv6 address add/delete, which would be useful for > > users to understand the problem without having to read kernel code. > > > > Suggested-by: Beniamino Galvani <bgalvani@redhat.com> > > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > > --- > > v3: * Update extack message. Pass extack to addrconf_f6i_alloc(). > > * Return "IPv6 is disabled" for addrconf_add_dev(), as the same > > with ndisc_allow_add() does. > > * Set dup addr extack message in inet6_rtm_newaddr() instead of > > ipv6_add_addr_hash(). > > v2: Update extack msg for dead dev. Remove msg for NOBUFS error. > > Add extack for ipv6_add_addr_hash() > > --- > > include/net/ip6_route.h | 2 +- > > net/ipv6/addrconf.c | 63 +++++++++++++++++++++++++++++------------ > > net/ipv6/anycast.c | 2 +- > > net/ipv6/route.c | 5 ++-- > > 4 files changed, 50 insertions(+), 22 deletions(-) > > > > This patch is getting long enough, so: > Reviewed-by: David Ahern <dsahern@kernel.org> > Thanks a lot for your review. > Followup requests below. Thanks, > > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > > index 19eb4b3d26ea..53dea18a4a07 100644 > > --- a/net/ipv6/addrconf.c > > +++ b/net/ipv6/addrconf.c > > @@ -1068,15 +1068,19 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, > > !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) || > > (!(idev->dev->flags & IFF_LOOPBACK) && > > !netif_is_l3_master(idev->dev) && > > - addr_type & IPV6_ADDR_LOOPBACK)) > > + addr_type & IPV6_ADDR_LOOPBACK)) { > > + NL_SET_ERR_MSG(extack, "Cannot assign requested address"); > > return ERR_PTR(-EADDRNOTAVAIL); > > + } > > It would be good to split the above checks into separate ones with more > specific messages. How about this. diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 53dea18a4a07..e6c3fe413441 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1063,13 +1063,17 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, struct fib6_info *f6i = NULL; int err = 0; - if (addr_type == IPV6_ADDR_ANY || - (addr_type & IPV6_ADDR_MULTICAST && - !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) || - (!(idev->dev->flags & IFF_LOOPBACK) && - !netif_is_l3_master(idev->dev) && - addr_type & IPV6_ADDR_LOOPBACK)) { - NL_SET_ERR_MSG(extack, "Cannot assign requested address"); + if (addr_type == IPV6_ADDR_ANY) { + NL_SET_ERR_MSG(extack, "IPv6: Cannot assign unspecified address"); + return ERR_PTR(-EADDRNOTAVAIL); + } else if (addr_type & IPV6_ADDR_MULTICAST && + !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) { + NL_SET_ERR_MSG(extack, "IPv6: Cannot assign multicast address without \"IFA_F_MCAUTOJOIN\" flag"); + return ERR_PTR(-EADDRNOTAVAIL); + } else if (!(idev->dev->flags & IFF_LOOPBACK) && + !netif_is_l3_master(idev->dev) && + addr_type & IPV6_ADDR_LOOPBACK) { + NL_SET_ERR_MSG(extack, "IPv6: Cannot assign loopback address on this device"); return ERR_PTR(-EADDRNOTAVAIL); } > ... > > > > > if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) { > > int ret = ipv6_mc_config(net->ipv6.mc_autojoin_sk, > > true, cfg->pfx, ifindex); > > and pass extack to this one for better message as well. This one looks a little deep. We need pass extack to - ipv6_mc_config - ipv6_sock_mc_join - __ipv6_sock_mc_join - __ipv6_dev_mc_inc maybe also this one?? to get more detailed message. And all these are "Join multicast group failed". Do you still want to do this? Thanks Hangbin > > > > > - if (ret < 0) > > + if (ret < 0) { > > + NL_SET_ERR_MSG(extack, "Multicast auto join failed"); > > return ret; > > + } > > } > > > > cfg->scope = ipv6_addr_scope(cfg->pfx); > >
On Mon, Jul 24, 2023 at 03:50:51PM +0800, Hangbin Liu wrote: > Add extack info for IPv6 address add/delete, which would be useful for > users to understand the problem without having to read kernel code. > > Suggested-by: Beniamino Galvani <bgalvani@redhat.com> > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com>
On 7/25/23 1:45 AM, Hangbin Liu wrote: >>> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c >>> index 19eb4b3d26ea..53dea18a4a07 100644 >>> --- a/net/ipv6/addrconf.c >>> +++ b/net/ipv6/addrconf.c >>> @@ -1068,15 +1068,19 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, >>> !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) || >>> (!(idev->dev->flags & IFF_LOOPBACK) && >>> !netif_is_l3_master(idev->dev) && >>> - addr_type & IPV6_ADDR_LOOPBACK)) >>> + addr_type & IPV6_ADDR_LOOPBACK)) { >>> + NL_SET_ERR_MSG(extack, "Cannot assign requested address"); >>> return ERR_PTR(-EADDRNOTAVAIL); >>> + } >> >> It would be good to split the above checks into separate ones with more >> specific messages. > > How about this. > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index 53dea18a4a07..e6c3fe413441 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -1063,13 +1063,17 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, > struct fib6_info *f6i = NULL; > int err = 0; > > - if (addr_type == IPV6_ADDR_ANY || > - (addr_type & IPV6_ADDR_MULTICAST && > - !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) || > - (!(idev->dev->flags & IFF_LOOPBACK) && > - !netif_is_l3_master(idev->dev) && > - addr_type & IPV6_ADDR_LOOPBACK)) { > - NL_SET_ERR_MSG(extack, "Cannot assign requested address"); > + if (addr_type == IPV6_ADDR_ANY) { > + NL_SET_ERR_MSG(extack, "IPv6: Cannot assign unspecified address"); Maybe just "IPv6: Invalid address". Also, that reminds me that IPv6 should be using NL_SET_ERR_MSG_MOD which will add the IPv6 part. > + return ERR_PTR(-EADDRNOTAVAIL); > + } else if (addr_type & IPV6_ADDR_MULTICAST && > + !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) { > + NL_SET_ERR_MSG(extack, "IPv6: Cannot assign multicast address without \"IFA_F_MCAUTOJOIN\" flag"); > + return ERR_PTR(-EADDRNOTAVAIL); > + } else if (!(idev->dev->flags & IFF_LOOPBACK) && > + !netif_is_l3_master(idev->dev) && > + addr_type & IPV6_ADDR_LOOPBACK) { > + NL_SET_ERR_MSG(extack, "IPv6: Cannot assign loopback address on this device"); > return ERR_PTR(-EADDRNOTAVAIL); > } > >> ... >> >>> >>> if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) { >>> int ret = ipv6_mc_config(net->ipv6.mc_autojoin_sk, >>> true, cfg->pfx, ifindex); >> >> and pass extack to this one for better message as well. > > This one looks a little deep. We need pass extack to > - ipv6_mc_config > - ipv6_sock_mc_join > - __ipv6_sock_mc_join > - __ipv6_dev_mc_inc maybe also this one?? > > to get more detailed message. And all these are "Join multicast group failed". > Do you still want to do this? ok, staring at the errors for that stack, not much value I guess.
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index 3556595ce59a..b32539bb0fb0 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -156,7 +156,7 @@ void fib6_force_start_gc(struct net *net); struct fib6_info *addrconf_f6i_alloc(struct net *net, struct inet6_dev *idev, const struct in6_addr *addr, bool anycast, - gfp_t gfp_flags); + gfp_t gfp_flags, struct netlink_ext_ack *extack); struct rt6_info *ip6_dst_alloc(struct net *net, struct net_device *dev, int flags); diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 19eb4b3d26ea..53dea18a4a07 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1068,15 +1068,19 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) || (!(idev->dev->flags & IFF_LOOPBACK) && !netif_is_l3_master(idev->dev) && - addr_type & IPV6_ADDR_LOOPBACK)) + addr_type & IPV6_ADDR_LOOPBACK)) { + NL_SET_ERR_MSG(extack, "Cannot assign requested address"); return ERR_PTR(-EADDRNOTAVAIL); + } if (idev->dead) { - err = -ENODEV; /*XXX*/ + NL_SET_ERR_MSG(extack, "IPv6 device is going away"); + err = -ENODEV; goto out; } if (idev->cnf.disable_ipv6) { + NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device"); err = -EACCES; goto out; } @@ -1103,7 +1107,7 @@ ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, goto out; } - f6i = addrconf_f6i_alloc(net, idev, cfg->pfx, false, gfp_flags); + f6i = addrconf_f6i_alloc(net, idev, cfg->pfx, false, gfp_flags, extack); if (IS_ERR(f6i)) { err = PTR_ERR(f6i); f6i = NULL; @@ -2921,30 +2925,40 @@ static int inet6_addr_add(struct net *net, int ifindex, ASSERT_RTNL(); - if (cfg->plen > 128) + if (cfg->plen > 128) { + NL_SET_ERR_MSG(extack, "Invalid prefix length"); return -EINVAL; + } /* check the lifetime */ - if (!cfg->valid_lft || cfg->preferred_lft > cfg->valid_lft) + if (!cfg->valid_lft || cfg->preferred_lft > cfg->valid_lft) { + NL_SET_ERR_MSG(extack, "IPv6 address lifetime invalid"); return -EINVAL; + } - if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR && cfg->plen != 64) + if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR && cfg->plen != 64) { + NL_SET_ERR_MSG(extack, "IPv6 address with \"mngtmpaddr\" flag must have a prefix length of 64"); return -EINVAL; + } dev = __dev_get_by_index(net, ifindex); if (!dev) return -ENODEV; idev = addrconf_add_dev(dev); - if (IS_ERR(idev)) + if (IS_ERR(idev)) { + NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device"); return PTR_ERR(idev); + } if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) { int ret = ipv6_mc_config(net->ipv6.mc_autojoin_sk, true, cfg->pfx, ifindex); - if (ret < 0) + if (ret < 0) { + NL_SET_ERR_MSG(extack, "Multicast auto join failed"); return ret; + } } cfg->scope = ipv6_addr_scope(cfg->pfx); @@ -3001,22 +3015,29 @@ static int inet6_addr_add(struct net *net, int ifindex, } static int inet6_addr_del(struct net *net, int ifindex, u32 ifa_flags, - const struct in6_addr *pfx, unsigned int plen) + const struct in6_addr *pfx, unsigned int plen, + struct netlink_ext_ack *extack) { struct inet6_ifaddr *ifp; struct inet6_dev *idev; struct net_device *dev; - if (plen > 128) + if (plen > 128) { + NL_SET_ERR_MSG(extack, "Invalid prefix length"); return -EINVAL; + } dev = __dev_get_by_index(net, ifindex); - if (!dev) + if (!dev) { + NL_SET_ERR_MSG(extack, "Unable to find the interface"); return -ENODEV; + } idev = __in6_dev_get(dev); - if (!idev) + if (!idev) { + NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device"); return -ENXIO; + } read_lock_bh(&idev->lock); list_for_each_entry(ifp, &idev->addr_list, if_list) { @@ -3039,6 +3060,8 @@ static int inet6_addr_del(struct net *net, int ifindex, u32 ifa_flags, } } read_unlock_bh(&idev->lock); + + NL_SET_ERR_MSG(extack, "IPv6 address not found"); return -EADDRNOTAVAIL; } @@ -3081,7 +3104,7 @@ int addrconf_del_ifaddr(struct net *net, void __user *arg) rtnl_lock(); err = inet6_addr_del(net, ireq.ifr6_ifindex, 0, &ireq.ifr6_addr, - ireq.ifr6_prefixlen); + ireq.ifr6_prefixlen, NULL); rtnl_unlock(); return err; } @@ -3484,7 +3507,7 @@ static int fixup_permanent_addr(struct net *net, struct fib6_info *f6i, *prev; f6i = addrconf_f6i_alloc(net, idev, &ifp->addr, false, - GFP_ATOMIC); + GFP_ATOMIC, NULL); if (IS_ERR(f6i)) return PTR_ERR(f6i); @@ -4694,7 +4717,7 @@ inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, ifa_flags &= IFA_F_MANAGETEMPADDR; return inet6_addr_del(net, ifm->ifa_index, ifa_flags, pfx, - ifm->ifa_prefixlen); + ifm->ifa_prefixlen, extack); } static int modify_prefix_route(struct inet6_ifaddr *ifp, @@ -4899,8 +4922,10 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, } dev = __dev_get_by_index(net, ifm->ifa_index); - if (!dev) + if (!dev) { + NL_SET_ERR_MSG(extack, "Unable to find the interface"); return -ENODEV; + } if (tb[IFA_FLAGS]) cfg.ifa_flags = nla_get_u32(tb[IFA_FLAGS]); @@ -4935,10 +4960,12 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, } if (nlh->nlmsg_flags & NLM_F_EXCL || - !(nlh->nlmsg_flags & NLM_F_REPLACE)) + !(nlh->nlmsg_flags & NLM_F_REPLACE)) { + NL_SET_ERR_MSG(extack, "IPv6 address already assigned"); err = -EEXIST; - else + } else { err = inet6_addr_modify(net, ifa, &cfg); + } in6_ifa_put(ifa); diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c index dacdea7fcb62..bb17f484ee2c 100644 --- a/net/ipv6/anycast.c +++ b/net/ipv6/anycast.c @@ -305,7 +305,7 @@ int __ipv6_dev_ac_inc(struct inet6_dev *idev, const struct in6_addr *addr) } net = dev_net(idev->dev); - f6i = addrconf_f6i_alloc(net, idev, addr, true, GFP_ATOMIC); + f6i = addrconf_f6i_alloc(net, idev, addr, true, GFP_ATOMIC, NULL); if (IS_ERR(f6i)) { err = PTR_ERR(f6i); goto out; diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 64e873f5895f..c90700aed3a1 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -4543,7 +4543,8 @@ static int ip6_pkt_prohibit_out(struct net *net, struct sock *sk, struct sk_buff struct fib6_info *addrconf_f6i_alloc(struct net *net, struct inet6_dev *idev, const struct in6_addr *addr, - bool anycast, gfp_t gfp_flags) + bool anycast, gfp_t gfp_flags, + struct netlink_ext_ack *extack) { struct fib6_config cfg = { .fc_table = l3mdev_fib_table(idev->dev) ? : RT6_TABLE_LOCAL, @@ -4565,7 +4566,7 @@ struct fib6_info *addrconf_f6i_alloc(struct net *net, cfg.fc_flags |= RTF_LOCAL; } - f6i = ip6_route_info_create(&cfg, gfp_flags, NULL); + f6i = ip6_route_info_create(&cfg, gfp_flags, extack); if (!IS_ERR(f6i)) { f6i->dst_nocount = true;
Add extack info for IPv6 address add/delete, which would be useful for users to understand the problem without having to read kernel code. Suggested-by: Beniamino Galvani <bgalvani@redhat.com> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> --- v3: * Update extack message. Pass extack to addrconf_f6i_alloc(). * Return "IPv6 is disabled" for addrconf_add_dev(), as the same with ndisc_allow_add() does. * Set dup addr extack message in inet6_rtm_newaddr() instead of ipv6_add_addr_hash(). v2: Update extack msg for dead dev. Remove msg for NOBUFS error. Add extack for ipv6_add_addr_hash() --- include/net/ip6_route.h | 2 +- net/ipv6/addrconf.c | 63 +++++++++++++++++++++++++++++------------ net/ipv6/anycast.c | 2 +- net/ipv6/route.c | 5 ++-- 4 files changed, 50 insertions(+), 22 deletions(-)