From patchwork Thu Sep 19 09:41:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807593 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98AD919B5A3; Thu, 19 Sep 2024 09:42:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726738992; cv=none; b=YlZDaePye6Pp1AlDyzlSX8rFEIzVTTZkZ5jr1w0ZkMc5B5pSSsTQQCn14gdy8Y7lgOKdt+3pUi/PB4wQ4u+N+qbmQVF5Eimx7nxxTgZmu7CHfwpSRAlI5D6K6+bIEnjiZBAZZoQ631h//fPVbz+pbtaN4K0zbyTx53QagbToTXg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726738992; c=relaxed/simple; bh=bi9qHUYSYj5R5/Cy89PHJiTTpuqSNTzbMTJblylefAU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=snhT6wF9S4amot2idY9ikcMvOdTIFkv69x5s+DwuSshE0L//neqe8baxmSy6hBfh5rSHoldplL9NwOdM2yljDWkS2LUX0/SYVByFO2LCUMNBJ6h3jNkzuMuRZADfx0hJNld/y9lsLema7V1sCXQWwvf8zax7oEtVElrBYwc+GSc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SBRvs/DZ; arc=none smtp.client-ip=209.85.210.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SBRvs/DZ" Received: by mail-pf1-f196.google.com with SMTP id d2e1a72fcca58-71923d87be4so454549b3a.0; Thu, 19 Sep 2024 02:42:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738968; x=1727343768; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Qdv5HIXyXj+s2ZfUexwxXp65XLHAbGKyjQZiJwWQfHQ=; b=SBRvs/DZg/zwaztzUtrUu+D2pE4FTvo4j2769UdEVLN1Ckc1USWqbl+BHS2P/BQ9E8 VTChEc9PLBM1b9tfIc2XR0mX3AYH4/sSflbFyp0W3qp+6hJbRHAlErIkOKg52dX5wxBu b9fU1p22tCIFy7ePwDGNLhJ32BTkeZwmstzybj/A/Kc57FxAuzt0aMBqMsQF/dOLFYvS ITHFX6ScrGZWwDGVHERzhRIsy8zuh9eo8C9OOqhtoS1ePo/fkgqZea8AYMUhM0FaGe0A qNidM26hXG7+DS5D0pe2TEkaeAPtt7Y8vxQFcLRmD1qPZDC3/Skp0u9pqLO8CvQxqmRV sQiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738968; x=1727343768; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Qdv5HIXyXj+s2ZfUexwxXp65XLHAbGKyjQZiJwWQfHQ=; b=w1KbKzWXASMEihM8KjFDFdAK1E81a5u5ZrYBCditCfdFIwqSxdiu5BC62w47XBx1nm HGqEjlCXHN00gPWRPrcvWpA+ukIXzxmRguYdFI9yPjXnKQGXmSqKoeXTtPdn43I1ltcz e/m+DJkFSZg6yM7sOHlAFZrmxWWZrkAZvf9VH/z/K4SIeiSvqixnXpxO/B5HsiJT+JYq 2A5z0Yrm21HTwIaLqxe5zTk72AJD5RlCSIumK4S2fiAduAgZv6jnnbwcEBWWovUXkLmo ERmV++Q+tERJl+YjSoG3UcnJtwjiJdOAl3jSclhEd+JnohBNzAg00L6zH+aRnudoKhop nmqw== X-Forwarded-Encrypted: i=1; AJvYcCUeFZ1d2m2+8wyIv9w+4ifEkzUv0l1MUawqiN4Pfsfq8/cMI7iB62haJ4AWmPtc+vexRrMXqd8q@vger.kernel.org, AJvYcCXNVTtyPSJfle/lx9oTev7lgsb8SR882OQQb1MZUNQebIDilg5MM2N+5hZkiu+7+qYMeVU=@vger.kernel.org, AJvYcCXYagAv3cFOV9OItIoqavc+MGJnZib2tauPkPwrNr1tqNuJ7dv1yfZs+P9+r8Hk6GqIn7Vqi9XeXP6ZGWKE@vger.kernel.org X-Gm-Message-State: AOJu0YxLRF1Ub8LZlg/ayNSjLnWb0D5wGtUsXI1d5dO2Y9XUgSn7o0pb w6acZ/EZdLgGrXdN8+2vCbuMfJLx7L+GZF7F3P0XyDpCSvGs2tjN X-Google-Smtp-Source: AGHT+IEaghm/PKlv4pWD+V10NvlwF9cqV5TGy84i0y5asM8Fy5rVh8rnsA83ELFce6Qr5SzWhxzVZg== X-Received: by 2002:a05:6a20:c707:b0:1cf:2ef7:b396 with SMTP id adf61e73a8af0-1d112b339d8mr34052623637.6.1726738967640; Thu, 19 Sep 2024 02:42:47 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.42.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:42:47 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 1/7] net: ip: add drop reason to ip_route_input_noref() Date: Thu, 19 Sep 2024 17:41:41 +0800 Message-Id: <20240919094147.328737-2-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC The errno which ip_route_input_noref() returns can be used and checked by the caller, so it's complex to make ip_route_input_noref() return drop reason. Instead, we add the pointer of the skb drop reason to the function arguments of ip_route_input_noref, and adjust all the callers of it. Then, we can pass the skb drop reasons to the caller. Signed-off-by: Menglong Dong --- drivers/net/ipvlan/ipvlan_l3s.c | 2 +- include/net/route.h | 5 +++-- net/core/lwt_bpf.c | 2 +- net/ipv4/arp.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_input.c | 7 +++---- net/ipv4/route.c | 3 ++- net/ipv4/xfrm4_input.c | 2 +- net/ipv4/xfrm4_protocol.c | 2 +- 9 files changed, 14 insertions(+), 13 deletions(-) diff --git a/drivers/net/ipvlan/ipvlan_l3s.c b/drivers/net/ipvlan/ipvlan_l3s.c index d5b05e803219..fbfdd8c00056 100644 --- a/drivers/net/ipvlan/ipvlan_l3s.c +++ b/drivers/net/ipvlan/ipvlan_l3s.c @@ -52,7 +52,7 @@ static struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, int err; err = ip_route_input_noref(skb, ip4h->daddr, ip4h->saddr, - ip4h->tos, sdev); + ip4h->tos, sdev, NULL); if (unlikely(err)) goto out; break; diff --git a/include/net/route.h b/include/net/route.h index 1789f1e6640b..cb9f31080517 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -202,7 +202,8 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev, struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 src, - u8 tos, struct net_device *devin); + u8 tos, struct net_device *devin, + enum skb_drop_reason *reason); int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, u8 tos, struct net_device *devin, const struct sk_buff *hint); @@ -213,7 +214,7 @@ static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, int err; rcu_read_lock(); - err = ip_route_input_noref(skb, dst, src, tos, devin); + err = ip_route_input_noref(skb, dst, src, tos, devin, NULL); if (!err) { skb_dst_force(skb); if (!skb_dst(skb)) diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c index 1a14f915b7a4..df50f2977c90 100644 --- a/net/core/lwt_bpf.c +++ b/net/core/lwt_bpf.c @@ -96,7 +96,7 @@ static int bpf_lwt_input_reroute(struct sk_buff *skb) dev_hold(dev); skb_dst_drop(skb); err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, dev); + iph->tos, dev, NULL); dev_put(dev); } else if (skb->protocol == htons(ETH_P_IPV6)) { skb_dst_drop(skb); diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index 11c1519b3699..a9dac0ef2be6 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -835,7 +835,7 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) } if (arp->ar_op == htons(ARPOP_REQUEST) && - ip_route_input_noref(skb, tip, sip, 0, dev) == 0) { + ip_route_input_noref(skb, tip, sip, 0, dev, NULL) == 0) { rt = skb_rtable(skb); addr_type = rt->rt_type; diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index a92664a5ef2e..cdc75cfc1826 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -176,7 +176,7 @@ static void ip_expire(struct timer_list *t) /* skb has no dst, perform route lookup again */ iph = ip_hdr(head); err = ip_route_input_noref(head, iph->daddr, iph->saddr, - iph->tos, head->dev); + iph->tos, head->dev, NULL); if (err) goto out; diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index b6e7d4921309..dc062ae49137 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -318,12 +318,11 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, struct sk_buff *skb, struct net_device *dev, const struct sk_buff *hint) { + enum skb_drop_reason drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; const struct iphdr *iph = ip_hdr(skb); - int err, drop_reason; + int err; struct rtable *rt; - drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; - if (ip_can_use_hint(skb, iph, hint)) { err = ip_route_use_hint(skb, iph->daddr, iph->saddr, iph->tos, dev, hint); @@ -363,7 +362,7 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, */ if (!skb_valid_dst(skb)) { err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, dev); + iph->tos, dev, &drop_reason); if (unlikely(err)) goto drop_error; } else { diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 723ac9181558..f1767e0cc9d9 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2465,7 +2465,8 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev) + u8 tos, struct net_device *dev, + enum skb_drop_reason *reason) { struct fib_result res; int err; diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index a620618cc568..14990cc30c68 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c @@ -33,7 +33,7 @@ static inline int xfrm4_rcv_encap_finish(struct net *net, struct sock *sk, const struct iphdr *iph = ip_hdr(skb); if (ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, skb->dev)) + iph->tos, skb->dev, NULL)) goto drop; } diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index b146ce88c5d0..9678ff876169 100644 --- a/net/ipv4/xfrm4_protocol.c +++ b/net/ipv4/xfrm4_protocol.c @@ -76,7 +76,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, const struct iphdr *iph = ip_hdr(skb); if (ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, skb->dev)) + iph->tos, skb->dev, NULL)) goto drop; } From patchwork Thu Sep 19 09:41:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807594 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B924E199FC9; Thu, 19 Sep 2024 09:42:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726738995; cv=none; b=sY4cwOctauY9568hveWHB2ffLV1XqC+8u+p/tNFFMju1SOA8c4HxIEGyofgJhyl/BvdQTCVYbli7RGvC50TD7GgWsQO1bYeu90mA+dy66wjztRExchnIyvvtACxUkfHGESxdWP3YCk33UB7yt+N+fvETPQIo0vRK8t6YV+sLMog= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726738995; c=relaxed/simple; bh=zvB8Xh9fDLbp9WfQKRxYAZgiU3vdvZ9bHwKeXqUqhC0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ZVSXfn4+1e48xwdtwY38mRzOjgerPFkbV5WDFRLN5WqRWn1+S/W8ywMfxKzTxaU+lsksIXcyxjNLlB3CBLnMuAzOh9biWYuLbXlUFX4ekGsEvmUTSkq++e+VrMCoQDhe7AweS2qjimYabboff0nbgNjLnkf0Soq6/T8PUG6YD14= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CAAH60m3; arc=none smtp.client-ip=209.85.215.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CAAH60m3" Received: by mail-pg1-f195.google.com with SMTP id 41be03b00d2f7-7d4f85766f0so492322a12.2; Thu, 19 Sep 2024 02:42:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738972; x=1727343772; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DrcolmE9x3EsGlnudoge00ElKatztC69V36dDAFu6ds=; b=CAAH60m3BA/p2Q79j2NjW/S+ok+IfXRPbBrXe7fjhhDwe7D+kXKrC97exKPsX4h2qC Xfyfuj/8FRos0kK/AhXS+SABJx8YF4hZjxlu5YR86F47r8xn6ukdLiprY/8eoOBjMxRL 7SY/JFwraKERg+prWwN7rVMz5QVemzrgKXJ69GTQQDq/EznuehPRiWBMwhHuRxVBgCOn P+MnpnQhIl7vj4078yS+U2Xm61+p2FHk0aOMaxHG3gtquuUSHJYRzhg9CviRGlZ1FtBV 23aLHOzUVTeC1fof97Eoej0dYhZnyVpFe4+RyOCYRUTCX9/hMOScSzFsxdyExdwvo2Lk JMEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738972; x=1727343772; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DrcolmE9x3EsGlnudoge00ElKatztC69V36dDAFu6ds=; b=R6jZRdIuHEkzdoo/snP8kRAGs08gUR1JLvC+m5mvIu5CmNtFA7J7V5J5TFdzZ3fqcE SSmCtVlLpwIB1mF2WaEiz3kM1SVvQD4ohUYf/SJOVDoHmBllGVzdWN29FFHBm3Vysc71 9GFQfXzWeN9kdaCiw/aTaCGkyBrep/Z1feNmvEk/XjBNeLA36K/at/JFNYYGwF69+bvo XHXWtOY8pGSDg3jO36PZww2uTBjpO4U1oJQw+BswDYeLUSc/aOtOlaBB6oxI78ab7IlD S5pmgLtFAdCoC6kADitTqipnuuML9h7CylOKay1GItn+5bceLlVO7zqMcDd4BHj5gUJ6 v+cg== X-Forwarded-Encrypted: i=1; AJvYcCUZuMDA50TcC63TQ03kD3vj+P1eJLIfqnqLA5LSGH39JOPmxZWYrTIGyRnFPXwYu8o1bCqBRSaZ@vger.kernel.org, AJvYcCUpxbrX+mBksXh4VqAXbWclwIBsJ7yS2sm6BRoMtxqXkUee4I6mABiD5knu5JPVyZA/XSJdb9lXfBsQACCQ@vger.kernel.org, AJvYcCXbBVu8HomOFptybIxY4zEiECZGko77ImdW/jvKUAUQElRQXjm/6TPQWpR0TEMeDkCygW8=@vger.kernel.org X-Gm-Message-State: AOJu0YxTaj6d4ezVcC5eJ4oJVqDXcqZ+ZRhTEH34RTl4xW9WbFfvNTHi SsmRZOktl9hJXqlKDKgvrpYj16Z94n53Gb7+k0n8jHs+3lvgEhfW X-Google-Smtp-Source: AGHT+IGBKDjP2YdqEPEr0dR0+FTOQdTVyCZ5sAHSk7tNBUUCY2CcvUWtFa+bFFgC/zYBjSy/jGidAA== X-Received: by 2002:a05:6a20:1b08:b0:1d2:e1cc:649c with SMTP id adf61e73a8af0-1d2e1cc6617mr10816659637.15.1726738971628; Thu, 19 Sep 2024 02:42:51 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.42.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:42:51 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 2/7] net: ip: add drop reason to ip_route_input_rcu() Date: Thu, 19 Sep 2024 17:41:42 +0800 Message-Id: <20240919094147.328737-3-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Add the pointer of the skb drop reason to the function arguments of ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f1767e0cc9d9..385efe6d71a7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2415,7 +2415,8 @@ out: return err; /* called with rcu_read_lock held */ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, struct fib_result *res) + u8 tos, struct net_device *dev, struct fib_result *res, + enum skb_drop_reason *reason) { /* Multicast recognition logic is moved from route cache to here. * The problem was that too many Ethernet cards have broken/missing @@ -2473,7 +2474,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, tos &= INET_DSCP_MASK; rcu_read_lock(); - err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res); + err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res, reason); rcu_read_unlock(); return err; @@ -3288,7 +3289,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, skb->mark = mark; err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos & INET_DSCP_MASK, dev, - &res); + &res, NULL); rt = skb_rtable(skb); if (err == 0 && rt->dst.error) From patchwork Thu Sep 19 09:41:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807596 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2A4A19CD0F; Thu, 19 Sep 2024 09:42:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.193 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739001; cv=none; b=PoKLzSou/mAXxJ6nKMPd9a1YChcYUJ/tnYvnn93QPmim+V+APhxpzkLTYZMtyQ5KLJlR9Km8kD6jdHxqfDpcOcnqAZpNade/m+2/ZxPmZKR8enm9CMGG0JN80KinM/9i82SGB56nTSzvHdelPC/mG5di8riWt5hzaNrjwEU0OwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739001; c=relaxed/simple; bh=YqEogfeJLe9c/3bfq2XxyWEglvHt5kZYl7TE1QySazM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nhhFkhCJ/AB+OdVxzM4Yk1ek8C2cWiBJIYoDEDTDNArcJXcYF1zRQL+9mYyOvcHu/lG1pHVsc8GsW3lK9X0Bnt3+23q2b1w07TQZexTxuvYSDUkn0ixLLod6u45Fce3dsVAwMocIpA0u45dTr/jO/CIrdjEvXHKyS5fnWrQ/Tw8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Om9r37ag; arc=none smtp.client-ip=209.85.210.193 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Om9r37ag" Received: by mail-pf1-f193.google.com with SMTP id d2e1a72fcca58-718e3c98b5aso452842b3a.0; Thu, 19 Sep 2024 02:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738976; x=1727343776; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RiHzu+ulvjky3wzgvQb46nJbDFBRKyZby3oN41FMw90=; b=Om9r37agyzlNK0ODYoQ7y7Hz3W3aANEC5JNt8gESy4FIvKqybXJbH1uw/A+izohIXz DGkbPadTKXBoO8SR1stpWa9hIoTVvmCXYe7Iz8TogEjfmwgFmujr16EqP/3XJRijUVpD lmm+S3YGHXnj9jdJjKUuqxIv8e/vRvzhu8Cfg3m5M9vS9NZWfs30ux22QlItYcgKgZrk 1q6MXz/EmOiOSFcT99bb/T06+w+dJmtEx1VuSs5fMDj1biiQPH1E0kmTjHRaW3eEYnek osNYn/ZRqe0hxySkvSgbRJ4KDjOSlRimdxbzdVOfx6wBkSuXXK19+av2xrMkOOJNNulM vteQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738976; x=1727343776; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RiHzu+ulvjky3wzgvQb46nJbDFBRKyZby3oN41FMw90=; b=FZyDGQUG1y1yes+OiO/09K8quaCvpg2WxV6wFbX4cid1gY15IAcqYO9nClk+z2E5Xr 96wNUz6WytNgsW1lUdh1VOc8kS72eJ0qq1kPC9+Ow4ieZLdMy1f6kJn14gRJ038mAPQt w5aSluhA+ihbe3SecLsqFto+Vkwj0VPMatEkLLNxI04d0c6012aQ372TE7vJvuRH1luZ n5Z6lq492/L0NL1ToyVO/akvFr6Q18L3ssBzA1TLwisMyKgiLPsPzE37HfgTWVwZB7Ee QIX2NO7MYREYY5I6uz1Llnx5hNKHojmWq1CdBvEkq8gvf924hbr90nJHZXhvsr14h04X pzoQ== X-Forwarded-Encrypted: i=1; AJvYcCUPl6jmTMhQ34wcebB0s9Hdrq9lppZi3yJ22NL58/H8GXm0Dr3fzNoiTAWghpHf4ID12ADT8KnjrvYZdHsf@vger.kernel.org, AJvYcCXKZcwN/mUZYRJxI2e6bwNoU71JK9Xg5PVdTg/FrDxpafFAaZw6X9XzytkkdjG2c4+rEPw=@vger.kernel.org, AJvYcCXQX0t5jJ1RDg88+NPMSmJVv4wAeBmdkfDltcd+fKU+hQZx71kEqIorOgtc9iscS+ChUvq+nIAq@vger.kernel.org X-Gm-Message-State: AOJu0YwLHUs7PTKpeO+nzFnWOx0Q73CYjYq5ojhdXD+vL8cZ/zeXrxqi ASVrcNYZPU1kmvoy8CBmTz3wYXeXoEwXKJDYphNXTMzp2a73H5ER X-Google-Smtp-Source: AGHT+IH7ANk7LXkUzm00s2JI1I12YeLDmyWArXvS90FG/fLxbxsSuUjx0W37x6a0U8NFoAGyW2g0fA== X-Received: by 2002:a05:6a00:1a93:b0:717:9154:b5d6 with SMTP id d2e1a72fcca58-719261cb441mr36998322b3a.22.1726738975778; Thu, 19 Sep 2024 02:42:55 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.42.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:42:55 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 3/7] net: ip: add drop reason to ip_route_input_slow() Date: Thu, 19 Sep 2024 17:41:43 +0800 Message-Id: <20240919094147.328737-4-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC In this commit, we make ip_route_input_slow() support skb drop reason by adding the pointer of drop reason to its functions aeguments. Following new skb drop reasons are added: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE SKB_DROP_REASON_IP_INVALID_DEST SKB_DROP_REASON_IP_LOCALNET Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 19 +++++++++++++++++++ net/ipv4/route.c | 32 ++++++++++++++++++++++++-------- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 4748680e8c88..3d1b09f70bbd 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -76,6 +76,10 @@ FN(INVALID_PROTO) \ FN(IP_INADDRERRORS) \ FN(IP_INNOROUTES) \ + FN(IP_LOCAL_SOURCE) \ + FN(IP_INVALID_SOURCE) \ + FN(IP_INVALID_DEST) \ + FN(IP_LOCALNET) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -365,6 +369,21 @@ enum skb_drop_reason { * IPSTATS_MIB_INADDRERRORS */ SKB_DROP_REASON_IP_INNOROUTES, + /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */ + SKB_DROP_REASON_IP_LOCAL_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_SOURCE: the source ip is invalid: + * 1) source ip is multicast or limited broadcast + * 2) source ip is zero and not IGMP + */ + SKB_DROP_REASON_IP_INVALID_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_DEST: the dest ip is invalid: + * 1) dest ip is 0 + */ + SKB_DROP_REASON_IP_INVALID_DEST, + /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ + SKB_DROP_REASON_IP_LOCALNET, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 385efe6d71a7..ab70917c62e5 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2202,8 +2202,10 @@ static struct net_device *ip_rt_get_dev(struct net *net, static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev, - struct fib_result *res) + struct fib_result *res, + enum skb_drop_reason *reason) { + enum skb_drop_reason __reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); struct flow_keys *flkeys = NULL, _flkeys; struct net *net = dev_net(dev); @@ -2231,8 +2233,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, fl4.flowi4_tun_key.tun_id = 0; skb_dst_drop(skb); - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + __reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } res->fi = NULL; res->table = NULL; @@ -2242,21 +2246,29 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, /* Accept zero addresses only to limited broadcast; * I even do not know to fix it or not. Waiting for complains :-) */ - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + __reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } - if (ipv4_is_zeronet(daddr)) + if (ipv4_is_zeronet(daddr)) { + __reason = SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(), * and call it once if daddr or/and saddr are loopback addresses */ if (ipv4_is_loopback(daddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + __reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_destination; + } } else if (ipv4_is_loopback(saddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + __reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } } /* @@ -2315,7 +2327,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, make_route: err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys); -out: return err; +out: + if (reason && err) + *reason = __reason; + return err; brd_input: if (skb->protocol != htons(ETH_P_IP)) @@ -2406,6 +2421,7 @@ out: return err; e_nobufs: err = -ENOBUFS; + __reason = SKB_DROP_REASON_NOMEM; goto out; martian_source: @@ -2462,7 +2478,7 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, return err; } - return ip_route_input_slow(skb, daddr, saddr, tos, dev, res); + return ip_route_input_slow(skb, daddr, saddr, tos, dev, res, reason); } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, From patchwork Thu Sep 19 09:41:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807595 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4190019CC18; Thu, 19 Sep 2024 09:43:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739001; cv=none; b=W/6yhIrBNt8g7LIwvxU+gwI6gPBfips0XcyG8xTCCJTw9HE0LS+MwlsY/bjyGQ1jBq7yeR8t5TNqwojxdSym5GNZDahnqxm5pmDigc4QpYU2aM+EzMf8SsW7jt3Ul/BPIENmRjlpFikR6MyZuIcB8KbRJwsGabfMYec/UXtCDlI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739001; c=relaxed/simple; bh=d3HvNr5Uv6zRmT0BJX/m1cHJMfPBhhVo3oaWKjmncic=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DfFD2hi4lY5vwlIgj+2a65XI4QbAOrMzD+FWK09imV+2Dwgt88IwWnWcu0b+C+U8GsDxUaanNBGxHj51cT1Zx7Um7ahxXsg6doHVqASawu76kRD7xhrkLek7EATvHnwKg9Y0iub7PIRcTmbp8ZvxQeXBFiBdgTJ0sqBjXlHi8zE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cgwibEVw; arc=none smtp.client-ip=209.85.210.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cgwibEVw" Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-7197970e2aeso432812b3a.2; Thu, 19 Sep 2024 02:43:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738980; x=1727343780; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MA/2gib5aEwXowh4Zb3tw2IHR3ChieAV3weMhIRamWQ=; b=cgwibEVwepQm88BRazzMASkzvy2EQWGqBA6jl/3KKS9vP6Hs/vAJW0Of8sXgi5Za+R x2KM9EmGVPwNLC8zrKi6Od0Z5HvEKEgo8wEj6dsRB6jsSW3i3YZ6E6ZnvbEQlSrBG64e BLG470FZ5WfPXI+FDKKnOMJd+RlWO1cr6IJHya/XKxKpfonied5DznavwmPJcScyxH1d HhZruxaUvaVIT6qCX+Q4ahVBuQohfKLg9CoyqAHz8NR+ely1Okhx8z84DTFRpY5jm7lQ JQR/wdRNpffcMI6WIiKOGidRu6C3XGVnxfQ9I81a2KRs7os7kpg89Lz9SG/Grl4GA4ex RBUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738980; x=1727343780; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MA/2gib5aEwXowh4Zb3tw2IHR3ChieAV3weMhIRamWQ=; b=IiW9LWkF247s0dJ2DY0lvwfURx9dZ39J8FzRcfl22Cxd6sWVZ2LwQo7WR1Eg+6NtI5 I9Tx23O8OF4FFlllQ0qISYvzkwd9ubwAemYIcH4xzpER+unePOlP0iuA8TK3zCm5ZN99 37+i37msLG391HzCObaOJorqf5vXmooy4EGbQ8qo3Mvl2bMtIuPcP8yx802e9xuMZh94 i3hcqyECXvhdMpZM0MwssQIy6rOd+hVr1iYuUbVGdZBJBDMjjOt1fXeMHfMBOFF9JH9m ruxLzJSpeQ+BvN/dxGcZgeyf4GcRtcxNP+mqwSpwqacZQTQV635QwqwoJSPdCeZllSsV NzTQ== X-Forwarded-Encrypted: i=1; AJvYcCUf8aCceQUH/bGp+CaS5VxeInL/7akJ0dZyWolIxnFBWXsJZmPNTYig8CaVg67HOIuo94aM4u58J25Z1ZmX@vger.kernel.org, AJvYcCWPk3RIj/ZeOrMR6Lmc8TTjl1ndtt9abov/Ox4Jb66iSk8STXYhRP+5heqSB5msoksOL/g=@vger.kernel.org, AJvYcCXzld4NXS3Y9SPEDw7IX0L2SYYV5LmmPZETLpvrf82mI9QSt/7MlZce8Q0TVNoKiRIwe1bAkFyM@vger.kernel.org X-Gm-Message-State: AOJu0YzqAqoFQnweOUpHfx+jMuCoGI6oR8HE/ZS32x91KsMaoVnYj8he uHMrQUhIcUQLPriERv/6vaFweuOvEjrN4U/X9fAJmnV+kKzUCJpN X-Google-Smtp-Source: AGHT+IGX/eoHZJwZe5ddJiHbodmkBrNjnA93JGb5CYL7b4kt50T3ftjZqawUOQ9E1aXOrU1vDkR4IQ== X-Received: by 2002:a05:6a00:8c7:b0:717:8eb7:6c57 with SMTP id d2e1a72fcca58-71936afb999mr30401247b3a.19.1726738979968; Thu, 19 Sep 2024 02:42:59 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.42.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:42:59 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 4/7] net: ip: make fib_validate_source() return drop reason Date: Thu, 19 Sep 2024 17:41:44 +0800 Message-Id: <20240919094147.328737-5-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC In this commit, we make fib_validate_source/__fib_validate_source return -reason instead of errno on error. As the return value of them can be -errno, 0, and 1, we can't make it return enum skb_drop_reason directly. In the origin logic, if __fib_validate_source() return -EXDEV, LINUX_MIB_IPRPFILTER will be counted. And now, we need to adjust it by checking "reason == SKB_DROP_REASON_IP_RPFILTER". We set the errno to -EINVAL when fib_validate_source() is called and the validation fails, as the errno can be checked in the caller and now its value is -reason, which can lead misunderstand. Signed-off-by: Menglong Dong --- net/ipv4/fib_frontend.c | 19 +++++++++++++------ net/ipv4/ip_input.c | 4 +--- net/ipv4/route.c | 15 ++++++++++++--- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 793e6781399a..779c90de3a54 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -346,6 +346,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, int rpf, struct in_device *idev, u32 *itag) { struct net *net = dev_net(dev); + enum skb_drop_reason reason; struct flow_keys flkeys; int ret, no_addr; struct fib_result res; @@ -377,9 +378,15 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, if (fib_lookup(net, &fl4, &res, 0)) goto last_resort; - if (res.type != RTN_UNICAST && - (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) - goto e_inval; + if (res.type != RTN_UNICAST) { + if (res.type != RTN_LOCAL) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; + goto e_inval; + } else if (!IN_DEV_ACCEPT_LOCAL(idev)) { + reason = SKB_DROP_REASON_IP_LOCAL_SOURCE; + goto e_inval; + } + } fib_combine_itag(itag, &res); dev_match = fib_info_nh_uses_dev(res.fi, dev); @@ -412,9 +419,9 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, return 0; e_inval: - return -EINVAL; + return -reason; e_rpf: - return -EXDEV; + return -SKB_DROP_REASON_IP_RPFILTER; } /* Ignore rp_filter for packets protected by IPsec. */ @@ -440,7 +447,7 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, * and the same host but different containers are not. */ if (inet_lookup_ifaddr_rcu(net, src)) - return -EINVAL; + return -SKB_DROP_REASON_IP_LOCAL_SOURCE; ok: *itag = 0; diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index dc062ae49137..aac0575bb1a4 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -424,10 +424,8 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, return NET_RX_DROP; drop_error: - if (err == -EXDEV) { - drop_reason = SKB_DROP_REASON_IP_RPFILTER; + if (drop_reason == SKB_DROP_REASON_IP_RPFILTER) __NET_INC_STATS(net, LINUX_MIB_IPRPFILTER); - } goto drop; } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ab70917c62e5..89b498bd9752 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1788,6 +1788,7 @@ static int __mkroute_input(struct sk_buff *skb, err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { + err = -EINVAL; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -2162,8 +2163,10 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, tos &= INET_DSCP_MASK; err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &tag); - if (err < 0) + if (err < 0) { + err = -EINVAL; goto martian_source; + } skip_validate_source: skb_dst_copy(skb, hint); @@ -2313,8 +2316,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (res->type == RTN_LOCAL) { err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &itag); - if (err < 0) + if (err < 0) { + __reason = -err; + err = -EINVAL; goto martian_source; + } goto local_input; } @@ -2339,8 +2345,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (!ipv4_is_zeronet(saddr)) { err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, &itag); - if (err < 0) + if (err < 0) { + err = -EINVAL; + __reason = -err; goto martian_source; + } } flags |= RTCF_BROADCAST; res->type = RTN_BROADCAST; From patchwork Thu Sep 19 09:41:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807598 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com [209.85.215.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69BA919ABB7; Thu, 19 Sep 2024 09:43:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739011; cv=none; b=EvPA18H/E+8p68dgsHUbkclqZy0lJV8dPjpbMOlSEG5BaAt2ZmceV+SrftOPLaDHQmfDA3ahh81cy3GTgj6N0c2uy5VU9u735UHCc3kSXM9xNCfFI794/u3dzz/d5QisE2ai9N7uUxzugCqgDoWbAz0Vbv9PC0Gl9ip1nfv4Elc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739011; c=relaxed/simple; bh=ygDIUVguhvUUlD+q1fPFNHG78N/uaop98AOq8nYMtK8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=G395BPdvvSV42PwF2Fpbn1a95J6OlJZuPPyMZsUvGxmgt9BiCojCycTgzDnjHqK3Eg1DdKYp4QlIQh1mTazUc/1uRYtrHUxz0TOnYUTrr5Ahu7oZ9Qmszw/Vi7Rr7gRFvdEqn/q8lAqa66zLAswnxpH+FrjgqvycZjai0pw7Nz0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CIzp5wj2; arc=none smtp.client-ip=209.85.215.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CIzp5wj2" Received: by mail-pg1-f196.google.com with SMTP id 41be03b00d2f7-7db4f323b12so320050a12.1; Thu, 19 Sep 2024 02:43:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738984; x=1727343784; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NfG1gPBCDmahTiIg8wcVbKxBcbnaI0pXkmFsdr6cl6w=; b=CIzp5wj2rIZ08iNMT3pywa/x7xOqBXjW5Z60SjlDUnP72G0NZxnoy13TwcNTYHm502 8QNGO0Z1mubjYvpLppwYCbDhvi6mIQoOwkYMaDnxjdzWyqVDBYGs8Rx/bD+lp2cWQ5ks RQu2gruYlPecjnuVu6pQx7F287hQM6MG3L+ablJclYfkVOgrRf1S/RPtOyL33+sA/FNC uhVWTFlGTy+iPi5j265XX9Z8GdWEuU9pvh4zpfDdfQ/pfn3KGr9E368xAnfBgW3ZHNRt W/zdQBrEsOweNBdTRGvNNdS1vyQb6cBwcqrnX5uSfVXWYzQbsCTShesFWtKgtpgE/SDs 8nzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738984; x=1727343784; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NfG1gPBCDmahTiIg8wcVbKxBcbnaI0pXkmFsdr6cl6w=; b=uMjqTVPFlqdLxjVSLvBhD0lehUdL+otxT5TND6ucXyTFCWOFbxRkxtHeW2PlJdmfqZ K187Jps0wbvJrz+EcxKCUuJSEDa7miZ7qC4963mKqxU5cvUwB57SeEomphSooEbXYStU eW54fwEhubPI7kwa3tFq1TwL2FBVlOGw236Lsw4qTim8/uASTmIQR2pEp0DYrKMuZtZY qDYV4UOF7JKYDxIK0l0wq8aEiQ5Scme7YNxAUaE3DCt0AyNDjEO1Hrd0QY0kn9d8t87H CNX05R3qrcRKCSa4qAaXjDpMmKVWqoZHDi8MTnvF2OsqY6zn3pfepGsk+tbYZ25+deWn lUzg== X-Forwarded-Encrypted: i=1; AJvYcCU3Kt3Fp3mBSmsr3IFQvFWhxCYcRf1wWqL8OuQ98EunlwaRvwQ/dJw5CjoZAgR30Bw0vO76ezOW@vger.kernel.org, AJvYcCUaijtRG3ARGZdwyFw+bum7FT/x6T9qg6nSC4AgE3pGJ71DbHrxvgBxlcbrUumtmrBJPAQ=@vger.kernel.org, AJvYcCVBdHPGF4RfMXTyYZrwtKxzn+jjUr9oz4U+SQvc68YVaNFxyQztz0KhpnIHCrrlPSYjlo8zPRKXIUCRzgxa@vger.kernel.org X-Gm-Message-State: AOJu0Yzrwzi8RheW7f/+mz7HJH+58IL27iAh2hLA6SkOJvUGrZneop4j xqcqa4tEgX1wWcyXf19usJvAEs/uE3FqKWQa2+/jc38EigU4Dbrk X-Google-Smtp-Source: AGHT+IHI17plJZDoTpizWv7sXaV3B9qvSJqOn6vvB4MA0FegjUiCa+dEjiNCogZ7t623yNvGNX0NVQ== X-Received: by 2002:a05:6a20:cf8f:b0:1d2:bbd9:4646 with SMTP id adf61e73a8af0-1d2bbd946c4mr26385496637.38.1726738984551; Thu, 19 Sep 2024 02:43:04 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.43.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:43:04 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 5/7] net: ip: make ip_route_input_mc() return drop reason Date: Thu, 19 Sep 2024 17:41:45 +0800 Message-Id: <20240919094147.328737-6-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Make ip_route_input_mc() return drop reason, and adjust the call of it in ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 89b498bd9752..3e11a1849ac0 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1696,8 +1696,9 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, } /* called in rcu_read_lock() section */ -static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, int our) +static enum skb_drop_reason +ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, int our) { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; @@ -1718,7 +1719,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, false); if (!rth) - return -ENOBUFS; + return SKB_DROP_REASON_NOMEM; #ifdef CONFIG_IP_ROUTE_CLASSID rth->dst.tclassid = itag; @@ -1734,7 +1735,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, skb_dst_drop(skb); skb_dst_set(skb, &rth->dst); - return 0; + return SKB_NOT_DROPPED_YET; } @@ -2455,12 +2456,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, * route cache entry is created eventually. */ if (ipv4_is_multicast(daddr)) { + enum skb_drop_reason __reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); int our = 0; - int err = -EINVAL; if (!in_dev) - return err; + return -EINVAL; our = ip_check_mc_rcu(in_dev, daddr, saddr, ip_hdr(skb)->protocol); @@ -2481,10 +2482,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, IN_DEV_MFORWARD(in_dev)) #endif ) { - err = ip_route_input_mc(skb, daddr, saddr, - tos, dev, our); + __reason = ip_route_input_mc(skb, daddr, saddr, + tos, dev, our); } - return err; + if (reason && __reason) + *reason = __reason; + return __reason ? -EINVAL : 0; } return ip_route_input_slow(skb, daddr, saddr, tos, dev, res, reason); From patchwork Thu Sep 19 09:41:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807597 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-oo1-f65.google.com (mail-oo1-f65.google.com [209.85.161.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DF8919C56D; Thu, 19 Sep 2024 09:43:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739009; cv=none; b=Ic+hRluDahGCWMEKhwQRmusN/xCwtsPdK0hPPP3ocm3w4k0Zv3pSLDHJ0sZj+1FX0kVIoLQQuzZNlfvUzl/AtRm1PcSQbQP19RtemUTUdIoReP/2RYBkzv/zVKLpgddmyQnBKaqaozgL789VEIk2DI5Pm/IKv3v+DVRhbqn4EjI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739009; c=relaxed/simple; bh=01sg2zMVd1oVMDp9kVXp8rgM1zgRtpG8t/SrRBvKPko=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=LnNHR9RMEhAi8blpY9OD7ObEOUwHK4eOj9EbE371S1iOfuAgb8DS9koIO9CpccF+IwVQbCkqna2CabrK9q6h8rNJ60+Ow0Lp0LfHQRYPQwJSjVdZ7p7RZLQkFVsNP7+QWy2AshBRoSCLHC3pmZX0HnpX97S2q3A/RkEMx+v/RdI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OfGK/3p9; arc=none smtp.client-ip=209.85.161.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OfGK/3p9" Received: by mail-oo1-f65.google.com with SMTP id 006d021491bc7-5dfaccba946so343675eaf.1; Thu, 19 Sep 2024 02:43:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738989; x=1727343789; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ePcqGTH0Kg0x3qgdAakqngmH7w8Gex0rfBmpVr2hqzg=; b=OfGK/3p9DGtOyWWxQe24Dr+vDH8OUx9VvsEfdYOVCTwAop5iackFxFB5sNByZu5qlH 3vuk0ZIeyy5gVMsi5dbRHSGvQ1bvdL7itvp0WKLLzDogzkSRsq4kUfmxfdFD/lOYN/Jp Fkx4cJMZtaoLWpiwDe/BDJ6BzAtnYUP3EBk3SZuxycvMAU+jrbiex/FJiUs75fDPuZT8 7FdDrxIpego0kPF0lnF6Krma2JhANYkqjWhHcCgPXlqPVwKxr7nOiA1MzxX7GgT3W7di aWB79oKaB0rPuegJ8xm/cETdJKxwHDxW+xFv4f29Q+9yMtgCoQnQGI7GyT2X6lTeuwZX zuig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738989; x=1727343789; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ePcqGTH0Kg0x3qgdAakqngmH7w8Gex0rfBmpVr2hqzg=; b=grlGUrtCAVALLxb5HuslF10oL0gPVBWFZMVSpiV40QHGwdBcqo8d3k5cyJjYBMFZ5v pzLnwH8JJOhYDExaRU8+bKfMhIBybmPiSUbruTADjPDDafxAsLRMQsFwaz2H5cPzeq8G UmZrQqxSORv7BZGi3HZUHxhiWmEeVA6BchKYXRWQrH6pZeptnkilfQJTrV+m0iNzYSnR Q7WHW185tMNjP6jH4pIrR0oZQRvg4bAPmwgNf6quYg8WXlGlJAbfqGifEiosOwLxntEj 7IxAXRh8wj0zeKDFr3CX7REtjSX5fLOSJDtoooxb0H7p+ARwB8TYOwx3pLYd6OeURFUw YMdQ== X-Forwarded-Encrypted: i=1; AJvYcCUU6gmUqxtnKkOGSNb6oAsQmcfNWrR/vt2zF9JcWpTOg2eGdmrEmhj7Q/zmy/NnLOYVTeYQXg7J+Bpui1//@vger.kernel.org, AJvYcCWHhXEu1JnYvHslws7OkcDk0b0sA09uHTl2xeZy6DWsicdJJIFmZ+6H0g8hHbuDILmt1ujeNj98@vger.kernel.org, AJvYcCWM9O3Nmy40cDhF/9sdP5gmIy7eKiYmvMbZb9YbYBLA4RO17y4vm8QYMDXj1WLhWZfqvQc=@vger.kernel.org X-Gm-Message-State: AOJu0YwR6Ox5sZkt6u7Wy9of/WboS5wOi68J50YrcorfRO5jNZvnUbeH iTxCZYOjVuWBJvKBFVwz+mrcyLtxJlIJiuo513E8anBuLMuglAuU X-Google-Smtp-Source: AGHT+IGT+GB8jczoNpoAA8VLFkChC4I98TyZ15dJ+fhyfuQZ0MmfMbuU20DB3/3Ip/QBhuYmXxKxJw== X-Received: by 2002:a05:6870:a3d0:b0:270:1d71:f596 with SMTP id 586e51a60fabf-27c3f6a9bc2mr13021450fac.45.1726738988781; Thu, 19 Sep 2024 02:43:08 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.43.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:43:08 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 6/7] net: ip: make ip_mc_validate_source() return drop reason Date: Thu, 19 Sep 2024 17:41:46 +0800 Message-Id: <20240919094147.328737-7-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC Make ip_mc_validate_source() return drop reason, and adjust the call of it in ip_route_input_mc(). Another caller of it is ip_rcv_finish_core->udp_v4_early_demux, and the errno is not checked in detail, so we don't do more adjustment for it. Signed-off-by: Menglong Dong --- include/net/route.h | 7 ++++--- net/ipv4/route.c | 33 ++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index cb9f31080517..cd0f585dacf0 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -198,9 +198,10 @@ static inline struct rtable *ip_route_output_gre(struct net *net, struct flowi4 fl4->fl4_gre_key = gre_key; return ip_route_output_key(net, fl4); } -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, - struct in_device *in_dev, u32 *itag); +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, + struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 src, u8 tos, struct net_device *devin, enum skb_drop_reason *reason); diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 3e11a1849ac0..fa27f2120334 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1665,34 +1665,37 @@ struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt) EXPORT_SYMBOL(rt_dst_clone); /* called in rcu_read_lock() section */ -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, - struct in_device *in_dev, u32 *itag) +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, + struct in_device *in_dev, u32 *itag) { int err; /* Primary sanity checks. */ if (!in_dev) - return -EINVAL; + return SKB_DROP_REASON_NOT_SPECIFIED; - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) || - skb->protocol != htons(ETH_P_IP)) - return -EINVAL; + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + return SKB_DROP_REASON_IP_INVALID_SOURCE; + + if (skb->protocol != htons(ETH_P_IP)) + return SKB_DROP_REASON_INVALID_PROTO; if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev)) - return -EINVAL; + return SKB_DROP_REASON_IP_LOCALNET; if (ipv4_is_zeronet(saddr)) { if (!ipv4_is_local_multicast(daddr) && ip_hdr(skb)->protocol != IPPROTO_IGMP) - return -EINVAL; + return SKB_DROP_REASON_IP_INVALID_SOURCE; } else { err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, itag); if (err < 0) - return err; + return -err; } - return 0; + return SKB_NOT_DROPPED_YET; } /* called in rcu_read_lock() section */ @@ -1701,14 +1704,14 @@ ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev, int our) { struct in_device *in_dev = __in_dev_get_rcu(dev); + enum skb_drop_reason reason; unsigned int flags = RTCF_MULTICAST; struct rtable *rth; u32 itag = 0; - int err; - err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); - if (err) - return err; + reason = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); + if (reason) + return reason; if (our) flags |= RTCF_LOCAL; From patchwork Thu Sep 19 09:41:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13807599 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE81919DF4C; Thu, 19 Sep 2024 09:43:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739014; cv=none; b=V3pDta3vXl35ds6zBhKZS78jd60w6AbbjEYC0cfIxk8wbI5AFQVPLj+ui8reQgXF9+aNJmlm6HgfruGh6XoSmvvim5+3YozstTm7UYDad+XIs7Zxz9LR5Jd3WrpcIYLYRLnFMvQwI98Oc5pLjPTX9cHkRSOX4lUaAsnJFNYgz78= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726739014; c=relaxed/simple; bh=ieuL/O3/265wxoAQ9SYV+ZrakZmm8ntMC/lUQH0jiok=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=cKEACobH1/UN+n3A7VHuszoE2Z64RCbB2VNw874z8rNTkCLjsMjG1zvzdB6dTP2jg4G5yAB5wseD9PjGTt/eQd9mKKwKLJ6htFqA4hN8umiltBJQ3end5Px2BveoAyL6AIpx3gZrPCKSFk5M4I+1v7/ZD7q16LHP1X1pfIT39YQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=B0/2UBAw; arc=none smtp.client-ip=209.85.210.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="B0/2UBAw" Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-71798a15ce5so1357626b3a.0; Thu, 19 Sep 2024 02:43:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726738993; x=1727343793; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Rfr8GHfpAnekQQsJ9DXbNrw9ejSWEOElOr5R5vluBYQ=; b=B0/2UBAwma0VutdNcINHEGSOz7zx/GIYaWWqDwYJA/iu0aDIEJmvcqj1wHE/JHyjXb JLpawxRcFngs7m6CXEdnxAUhwqhN11Bwza70UuFiInPyChXyBXDSvGyXKl1jZVnb4xUR qckkYBy8TzwGVcajZRQLbnd6tv+mIZXyoBqkmtFvKX2qTY/3Ccii1vxBwkm5e4K42PlL 9Cgg4xvva9Fyl9MixcYHi34QPZ42fk+0MVQABvAQc8VU0XtySWMp5rViVR+ku9GxpAhJ +bKUpB8O6vY1i4jT5Kp/Rxv/Tbs+dgSTl5fxCAlwHRlUfNzDsoXOm4Dn0xau098EqZz+ 9RYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726738993; x=1727343793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rfr8GHfpAnekQQsJ9DXbNrw9ejSWEOElOr5R5vluBYQ=; b=TO/Pm7fxQvUAxN7vrcididwKo9qHEdSpJIW8eCX2qd9ExR2KrkveO1hY7/hp6PaIqG wNjSGZ4NewfcylRoCqNBiFTey+jqSubbxm01dHerqltY57/+F53dllk5UI/yvvyvPQwR l4g7Vnvgyd7RcuMW/tk7LQFV6ZYrDdw1BDZz+gUKIPvUiCuRA8Y+HMF7pBzIMG+pF79c +NgpsjT+PeCqxcpFWk6r8Ciy65NP98i636+m4h/Riyu1bv5bZO59DOaoHkLsKGq1A8Hn ig1Wu2qVQMwIe+HQT+mDTeHmq+rYHi74jwIvKGvABYVSfe9tZIo5FNogVm2EZod/uNxP hOiw== X-Forwarded-Encrypted: i=1; AJvYcCW0IW4s1r3KDnokPEXiSOvxGhwn1WRsMLGJIKNcnSd10b8rCBk5mJ/yw81+5t1zPndzRoEp3mW6Pp137Rfi@vger.kernel.org, AJvYcCWfRaAYKmkMcv0ayAm15K9GyjhZFruwJmOtYStj620FxS04OewKd2kn6oLQP6rBoSbxmrVHSWNk@vger.kernel.org, AJvYcCXGA7MWWWtfSDFCLjaHMF7bm2LG9tLNE1iBbGGJkIdQJ24OHLVNEOpFTRebhvSvYbGKzhQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzuKV8ZB5nmkeIaM983T6H6BAvWXpazuSzs0sM/XbsM4GCzvQ93 Z6zVgxETDRDYh8rs3cjOpRuCM9t4AXTAS2vF7KczE/IBdYEO4356 X-Google-Smtp-Source: AGHT+IFX1KD+RvJbrJVzp6geUXTu7trq7flY/gtaClnP3+TUmI1zNKnGzoDcQrqHbOfBTw4UhC+0rw== X-Received: by 2002:a05:6a21:168d:b0:1cf:6d67:fe55 with SMTP id adf61e73a8af0-1d2fca179c2mr3744940637.5.1726738992908; Thu, 19 Sep 2024 02:43:12 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71944ab4b36sm7927086b3a.47.2024.09.19.02.43.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Sep 2024 02:43:12 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [RFC PATCH net-next 7/7] net: ip: fix typo in the doc of SKB_DROP_REASON_IP_INNOROUTES Date: Thu, 19 Sep 2024 17:41:47 +0800 Message-Id: <20240919094147.328737-8-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20240919094147.328737-1-dongml2@chinatelecom.cn> References: <20240919094147.328737-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC This is a copy error, and SKB_DROP_REASON_IP_INNOROUTES should correspond to IPSTATS_MIB_INADDRERRORS in the comment. Just fix it Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 3d1b09f70bbd..a68235240f6a 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -366,7 +366,7 @@ enum skb_drop_reason { SKB_DROP_REASON_IP_INADDRERRORS, /** * @SKB_DROP_REASON_IP_INNOROUTES: network unreachable, corresponding to - * IPSTATS_MIB_INADDRERRORS + * IPSTATS_MIB_INNOROUTES */ SKB_DROP_REASON_IP_INNOROUTES, /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */