From patchwork Wed Dec 1 20:25:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Lunn X-Patchwork-Id: 12650965 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 816F6C433F5 for ; Wed, 1 Dec 2021 20:25:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245665AbhLAU3C (ORCPT ); Wed, 1 Dec 2021 15:29:02 -0500 Received: from vps0.lunn.ch ([185.16.172.187]:34402 "EHLO vps0.lunn.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245633AbhLAU3B (ORCPT ); Wed, 1 Dec 2021 15:29:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lunn.ch; s=20171124; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:From:Sender:Reply-To:Subject:Date: Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Content-Disposition:In-Reply-To:References; bh=ypSed0sEyaMeNav/P/YI+niKhONo2775OHpJjKBVnfs=; b=vkXiMltcid9TySPLbcaK7ask35 952tKGbSSgwp2/t7ZtUAcuqu66pU5YUUGcHllNhZVxUpH5V4Cg7qq7kCtp6cEX06Y4sq+tJJHlHdy FOFPuTscFb+qP/md3YOT3vVZUGw4ibqLhOTnDFT+VFgMwOPFysn0jZPLlY17Dk0gEs9k=; Received: from andrew by vps0.lunn.ch with local (Exim 4.94.2) (envelope-from ) id 1msWAS-00FGAA-9N; Wed, 01 Dec 2021 21:25:28 +0100 From: Andrew Lunn Cc: David Miller , Jakub Kicinski , Hideaki YOSHIFUJI , David Ahern , Willem de Bruijn , James Prestwood , Justin Iurman , Praveen Chaudhary , "Jason A . Donenfeld" , Eric Dumazet , netdev , Andrew Lunn Subject: [patch RFC net-next v2 1/3] seg6: export get_srh() for ICMP handling Date: Wed, 1 Dec 2021 21:25:17 +0100 Message-Id: <20211201202519.3637005-2-andrew@lunn.ch> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211201202519.3637005-1-andrew@lunn.ch> References: <20211201202519.3637005-1-andrew@lunn.ch> MIME-Version: 1.0 To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC An ICMP error message can contain in its message body part of an IPv6 packet which invoked the error. Such a packet might contain a segment router header. Export get_srh() so the ICMP code can make use of it. Since his changes the scope of the function from local to global, add the seg6_ prefix to keep the namespace clean. And move it into seg6.c so it is always available, not just when IPV6_SEG6_LWTUNNEL is enabled. Signed-off-by: Andrew Lunn --- include/net/seg6.h | 1 + net/ipv6/seg6.c | 29 +++++++++++++++++++++++++++++ net/ipv6/seg6_local.c | 33 ++------------------------------- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/include/net/seg6.h b/include/net/seg6.h index 9d19c15e8545..da85ebc5ae99 100644 --- a/include/net/seg6.h +++ b/include/net/seg6.h @@ -58,6 +58,7 @@ extern int seg6_local_init(void); extern void seg6_local_exit(void); extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced); +struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags); extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto); extern int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh); diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c index a8b5784afb1a..5bc9bf892199 100644 --- a/net/ipv6/seg6.c +++ b/net/ipv6/seg6.c @@ -75,6 +75,35 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced) return true; } +struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags) +{ + struct ipv6_sr_hdr *srh; + int len, srhoff = 0; + + if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0) + return NULL; + + if (!pskb_may_pull(skb, srhoff + sizeof(*srh))) + return NULL; + + srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); + + len = (srh->hdrlen + 1) << 3; + + if (!pskb_may_pull(skb, srhoff + len)) + return NULL; + + /* note that pskb_may_pull may change pointers in header; + * for this reason it is necessary to reload them when needed. + */ + srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); + + if (!seg6_validate_srh(srh, len, true)) + return NULL; + + return srh; +} + static struct genl_family seg6_genl_family; static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = { diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index 2dc40b3f373e..ef88489c71f5 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -150,40 +150,11 @@ static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt) return (struct seg6_local_lwt *)lwt->data; } -static struct ipv6_sr_hdr *get_srh(struct sk_buff *skb, int flags) -{ - struct ipv6_sr_hdr *srh; - int len, srhoff = 0; - - if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0) - return NULL; - - if (!pskb_may_pull(skb, srhoff + sizeof(*srh))) - return NULL; - - srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); - - len = (srh->hdrlen + 1) << 3; - - if (!pskb_may_pull(skb, srhoff + len)) - return NULL; - - /* note that pskb_may_pull may change pointers in header; - * for this reason it is necessary to reload them when needed. - */ - srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); - - if (!seg6_validate_srh(srh, len, true)) - return NULL; - - return srh; -} - static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb) { struct ipv6_sr_hdr *srh; - srh = get_srh(skb, IP6_FH_F_SKIP_RH); + srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH); if (!srh) return NULL; @@ -200,7 +171,7 @@ static bool decap_and_validate(struct sk_buff *skb, int proto) struct ipv6_sr_hdr *srh; unsigned int off = 0; - srh = get_srh(skb, 0); + srh = seg6_get_srh(skb, 0); if (srh && srh->segments_left > 0) return false; From patchwork Wed Dec 1 20:25:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Lunn X-Patchwork-Id: 12650971 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 174DAC43219 for ; Wed, 1 Dec 2021 20:25:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352870AbhLAU3I (ORCPT ); Wed, 1 Dec 2021 15:29:08 -0500 Received: from vps0.lunn.ch ([185.16.172.187]:34406 "EHLO vps0.lunn.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245644AbhLAU3B (ORCPT ); Wed, 1 Dec 2021 15:29:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lunn.ch; s=20171124; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:From:Sender:Reply-To:Subject:Date: Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Content-Disposition:In-Reply-To:References; bh=9t/wI0fc03WGikVl5r6griFu6GhMxVqIqcBIT/nUnSw=; b=yW5Zzo8ZSNzha3AwTDZ+IkOxA/ PE7+O6LLH9alDco1Oig1w5U/CNVUeaWRi3QZ9aQirxiQK/o8Wz4W3eaWPqxubu+P/jJeFe4aVcXQ6 yvHOkMebluhd/2hTXq9xNnWlNbmXBY8Sn5rIgl5AuAiQmyeki51qBbHOMc+Cq0VVZmBE=; Received: from andrew by vps0.lunn.ch with local (Exim 4.94.2) (envelope-from ) id 1msWAS-00FGAD-Au; Wed, 01 Dec 2021 21:25:28 +0100 From: Andrew Lunn Cc: David Miller , Jakub Kicinski , Hideaki YOSHIFUJI , David Ahern , Willem de Bruijn , James Prestwood , Justin Iurman , Praveen Chaudhary , "Jason A . Donenfeld" , Eric Dumazet , netdev , Andrew Lunn Subject: [patch RFC net-next v2 2/3] icmp: ICMPV6: Examine invoking packet for Segment Route Headers. Date: Wed, 1 Dec 2021 21:25:18 +0100 Message-Id: <20211201202519.3637005-3-andrew@lunn.ch> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211201202519.3637005-1-andrew@lunn.ch> References: <20211201202519.3637005-1-andrew@lunn.ch> MIME-Version: 1.0 To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC RFC8754 says: ICMP error packets generated within the SR domain are sent to source nodes within the SR domain. The invoking packet in the ICMP error message may contain an SRH. Since the destination address of a packet with an SRH changes as each segment is processed, it may not be the destination used by the socket or application that generated the invoking packet. For the source of an invoking packet to process the ICMP error message, the ultimate destination address of the IPv6 header may be required. The following logic is used to determine the destination address for use by protocol-error handlers. * Walk all extension headers of the invoking IPv6 packet to the routing extension header preceding the upper-layer header. - If routing header is type 4 Segment Routing Header (SRH) o The SID at Segment List[0] may be used as the destination address of the invoking packet. Mangle the skb so the network header points to the invoking packet inside the ICMP packet. The seg6 helpers can then be used on the skb to find any segment routing headers. If found, mark this fact in the IPv6 control block of the skb, and store the offset into the packet of the SRH. Then restore the skb back to its old state. Signed-off-by: Andrew Lunn --- include/linux/ipv6.h | 2 ++ net/ipv6/icmp.c | 36 +++++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index 20c1f968da7c..a59d25f19385 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -133,6 +133,7 @@ struct inet6_skb_parm { __u16 dsthao; #endif __u16 frag_max_size; + __u16 srhoff; #define IP6SKB_XFRM_TRANSFORMED 1 #define IP6SKB_FORWARDED 2 @@ -142,6 +143,7 @@ struct inet6_skb_parm { #define IP6SKB_HOPBYHOP 32 #define IP6SKB_L3SLAVE 64 #define IP6SKB_JUMBOGRAM 128 +#define IP6SKB_SEG6 256 }; #if defined(CONFIG_NET_L3_MASTER_DEV) diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index a7c31ab67c5d..dd1fe8a822e3 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -57,6 +57,7 @@ #include #include #include +#include #include #include #include @@ -818,9 +819,40 @@ static void icmpv6_echo_reply(struct sk_buff *skb) local_bh_enable(); } +/* Determine if the invoking packet contains a segment routing header. + * If it does, extract the true destination address, which is in the + * first segment address + */ +static void icmpv6_notify_srh(struct sk_buff *skb, struct inet6_skb_parm *opt) +{ + __u16 network_header = skb->network_header; + struct ipv6_sr_hdr *srh; + + /* Update network header to point to the invoking packet + * inside the ICMP packet, so we can use the seg6_get_srh() + * helper. + */ + skb_reset_network_header(skb); + + srh = seg6_get_srh(skb, 0); + if (!srh) + goto out; + + if (srh->type != IPV6_SRCRT_TYPE_4) + goto out; + + opt->flags |= IP6SKB_SEG6; + opt->srhoff = (unsigned char *)srh - skb->data; + +out: + /* Restore the network header back to the ICMP packet */ + skb->network_header = network_header; +} + void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) { const struct inet6_protocol *ipprot; + struct inet6_skb_parm *opt = IP6CB(skb); int inner_offset; __be16 frag_off; u8 nexthdr; @@ -829,6 +861,8 @@ void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) goto out; + icmpv6_notify_srh(skb, opt); + nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; if (ipv6_ext_hdr(nexthdr)) { /* now skip over extension headers */ @@ -853,7 +887,7 @@ void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) ipprot = rcu_dereference(inet6_protos[nexthdr]); if (ipprot && ipprot->err_handler) - ipprot->err_handler(skb, NULL, type, code, inner_offset, info); + ipprot->err_handler(skb, opt, type, code, inner_offset, info); raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); return; From patchwork Wed Dec 1 20:25:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Lunn X-Patchwork-Id: 12650967 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89E86C433EF for ; Wed, 1 Dec 2021 20:25:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245633AbhLAU3E (ORCPT ); Wed, 1 Dec 2021 15:29:04 -0500 Received: from vps0.lunn.ch ([185.16.172.187]:34404 "EHLO vps0.lunn.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245634AbhLAU3B (ORCPT ); Wed, 1 Dec 2021 15:29:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lunn.ch; s=20171124; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:From:Sender:Reply-To:Subject:Date: Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Content-Disposition:In-Reply-To:References; bh=PDkGo42W9CyFWJ3+gCVfJVB+qAGoQmWBqGyzwCPKWaM=; b=UjSgTjzJy5qHc/gdQrgBwdW78U PuLxCJBD2X1wuam9935rzb2Ns/VsiZ61tLUJzlX+1PjmYmabwASEXLtpcbN9qfOHh0xnAyt+3VIKJ 0G6gri3RsgiajAp5aXvrCIqh2ZkqMewT0c5Z5auMStO2u214BEXBAuEek/nB5zCiVOVI=; Received: from andrew by vps0.lunn.ch with local (Exim 4.94.2) (envelope-from ) id 1msWAS-00FGAG-CK; Wed, 01 Dec 2021 21:25:28 +0100 From: Andrew Lunn Cc: David Miller , Jakub Kicinski , Hideaki YOSHIFUJI , David Ahern , Willem de Bruijn , James Prestwood , Justin Iurman , Praveen Chaudhary , "Jason A . Donenfeld" , Eric Dumazet , netdev , Andrew Lunn Subject: [patch RFC net-next v2 3/3] udp6: Use Segment Routing Header for dest address if present Date: Wed, 1 Dec 2021 21:25:19 +0100 Message-Id: <20211201202519.3637005-4-andrew@lunn.ch> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211201202519.3637005-1-andrew@lunn.ch> References: <20211201202519.3637005-1-andrew@lunn.ch> MIME-Version: 1.0 To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC When finding the socket to report an error on, if the invoking packet is using Segment Routing, the IPv6 destination address is that of an intermediate router, not the end destination. Extract the ultimate destination address from the segment address. This change allows traceroute to function in the presence of Segment Routing. Signed-off-by: Andrew Lunn --- net/ipv6/udp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 6a0e569f0bb8..6a2288e7ddda 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include @@ -563,12 +564,18 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt, const struct in6_addr *saddr = &hdr->saddr; const struct in6_addr *daddr = &hdr->daddr; struct udphdr *uh = (struct udphdr *)(skb->data+offset); + struct ipv6_sr_hdr *srh; bool tunnel = false; struct sock *sk; int harderr; int err; struct net *net = dev_net(skb->dev); + if (opt->flags & IP6SKB_SEG6) { + srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff); + daddr = &srh->segments[0]; + } + sk = __udp6_lib_lookup(net, daddr, uh->dest, saddr, uh->source, inet6_iif(skb), inet6_sdif(skb), udptable, NULL);