From patchwork Tue Oct 1 05:59:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817491 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f194.google.com (mail-pl1-f194.google.com [209.85.214.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 373203201; Tue, 1 Oct 2024 06:00:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.194 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762454; cv=none; b=RQJ+lmhPAevgb+ImDBV6JqkpLuZyGe2dgg3ut3f1tr/NJw0Hc4zE7gOu3ZW2wyepOdvEnA4KjRzfbZGF1df9EuQnHhjFfexPgU4uGkBflW09eRZOhzTFxH8xDsttPCnJHYEiRuBDZPUevUrfgYbvelSlVUv9KH6QLZtkzygpbUo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762454; c=relaxed/simple; bh=bi9qHUYSYj5R5/Cy89PHJiTTpuqSNTzbMTJblylefAU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=C0iP9GusetzOsxaPYWbMtfyBtQBnouunJJzZENjn2Vvn6WQN8i3/Lir5vSoGlnPOOLHld1df56t79M01RCNNAZITy9W6tQLtvXzOCNWsHDEH8ttigd2K3c9bLaQcvO0bvGTIpHgLDVqNRXR4G+e0CBgIjVCy+Y8E5jhf3Zhzguo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AIN6JpjO; arc=none smtp.client-ip=209.85.214.194 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AIN6JpjO" Received: by mail-pl1-f194.google.com with SMTP id d9443c01a7336-20b7259be6fso22347885ad.0; Mon, 30 Sep 2024 23:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762450; x=1728367250; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Qdv5HIXyXj+s2ZfUexwxXp65XLHAbGKyjQZiJwWQfHQ=; b=AIN6JpjO9zCqEPalqVZqcogGnhuz/p/OHT6C9g/ESf/BxZkmNI+YI4QlnDzno2pKu4 2gREXGBpliFmHtBFuIGrIIDCcrPPxmxWnmxcQ9UPbkVcSRZi4s+WsA38EjIVFk9dcVsq ORQyskT4wTDrUq+aKfNl2ku+jiPmvvbJzCoJbbasadwBjKcbAn5KDZ/Y8FVzLc2mcG0k +0G5gZFbPjWqojefUTqQJ/yoaa3WUpYdSV8xnJBWno+73rtSmvSvyxW6uw+rlsa7xSHe NhpNScsajJcJE7nF/4TRkCIZtIf20M3v3upinEf816xgyldru5jWYkR2WJtziYmdGe4w GgAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762450; x=1728367250; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Qdv5HIXyXj+s2ZfUexwxXp65XLHAbGKyjQZiJwWQfHQ=; b=gfZFYLni9d6A63KaCC8qYSAz6He3BI986LezeqBs7cWz+wVwVToRD1Oum2LjtJdvkl qAJK9A4eLN7TxHNMEN8gjWuq9InBfmVIAx3fGQE4D1T4wfTklT0+RVY/JvdAPMiNjiMV T8iLBYhrw662DESaGeCcLV+2VteG3FhD9esSCfnPSKv1NsKKaMlTEpODUVrJJ8Vis8df emSLWWOpS2lDk15Xkv8TnMoWss6PyP78uRg4+vQQAMkNcYzP9V8+sCRW2s4o3YCURQ90 E4hfN/tftVVai24UnKRnCGibkq7imVV5K9VSyZmddL+yYrahNZLNqU2dp9UtCF17m/ex A2Vg== X-Forwarded-Encrypted: i=1; AJvYcCV0mElBpEVbgLXyb20duRZMU8osdtgJCzHebQT4kkJqzyF8jkQ8rmFrKDzdYkz8vFSpfyIIR6IxlfEZfCEt@vger.kernel.org, AJvYcCVU0i6f5zfHJ1WuLlThIcIR+om43mFKKJUm7qBcPPn25kUYFGJ/bvhwc/6uPwRz01PqNRrWyUYn@vger.kernel.org, AJvYcCVXtvO4CETD/kyCBJZVZzUrNXGChBzTF+i57V4POUx621KyXb4AedjTeJUiGsSojLSx6WY=@vger.kernel.org X-Gm-Message-State: AOJu0Yy/88nXW8mmWnuaG5FZhNW1kCibfao5nXh/O3tDYI9bm3ohWnhF AypnLYeJpuP0TudB/X4TBpca4jGGX5BRmjRX3QThM4VGpa+rAz/2 X-Google-Smtp-Source: AGHT+IHvaW3MaFGSFy9uaS3fy6I05gRp/vBshzI/8wk5lXRbhoNPGVz56IpzT1YfXaYtgCndDScOzA== X-Received: by 2002:a17:903:1ca:b0:20b:4d9b:e4fe with SMTP id d9443c01a7336-20b4d9beaa6mr188282145ad.45.1727762450362; Mon, 30 Sep 2024 23:00:50 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.00.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:00:50 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 1/7] net: ip: add drop reason to ip_route_input_noref() Date: Tue, 1 Oct 2024 13:59:59 +0800 Message-Id: <20241001060005.418231-2-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org The errno which ip_route_input_noref() returns can be used and checked by the caller, so it's complex to make ip_route_input_noref() return drop reason. Instead, we add the pointer of the skb drop reason to the function arguments of ip_route_input_noref, and adjust all the callers of it. Then, we can pass the skb drop reasons to the caller. Signed-off-by: Menglong Dong --- drivers/net/ipvlan/ipvlan_l3s.c | 2 +- include/net/route.h | 5 +++-- net/core/lwt_bpf.c | 2 +- net/ipv4/arp.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_input.c | 7 +++---- net/ipv4/route.c | 3 ++- net/ipv4/xfrm4_input.c | 2 +- net/ipv4/xfrm4_protocol.c | 2 +- 9 files changed, 14 insertions(+), 13 deletions(-) diff --git a/drivers/net/ipvlan/ipvlan_l3s.c b/drivers/net/ipvlan/ipvlan_l3s.c index d5b05e803219..fbfdd8c00056 100644 --- a/drivers/net/ipvlan/ipvlan_l3s.c +++ b/drivers/net/ipvlan/ipvlan_l3s.c @@ -52,7 +52,7 @@ static struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, int err; err = ip_route_input_noref(skb, ip4h->daddr, ip4h->saddr, - ip4h->tos, sdev); + ip4h->tos, sdev, NULL); if (unlikely(err)) goto out; break; diff --git a/include/net/route.h b/include/net/route.h index 1789f1e6640b..cb9f31080517 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -202,7 +202,8 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev, struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 src, - u8 tos, struct net_device *devin); + u8 tos, struct net_device *devin, + enum skb_drop_reason *reason); int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, u8 tos, struct net_device *devin, const struct sk_buff *hint); @@ -213,7 +214,7 @@ static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, int err; rcu_read_lock(); - err = ip_route_input_noref(skb, dst, src, tos, devin); + err = ip_route_input_noref(skb, dst, src, tos, devin, NULL); if (!err) { skb_dst_force(skb); if (!skb_dst(skb)) diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c index 1a14f915b7a4..df50f2977c90 100644 --- a/net/core/lwt_bpf.c +++ b/net/core/lwt_bpf.c @@ -96,7 +96,7 @@ static int bpf_lwt_input_reroute(struct sk_buff *skb) dev_hold(dev); skb_dst_drop(skb); err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, dev); + iph->tos, dev, NULL); dev_put(dev); } else if (skb->protocol == htons(ETH_P_IPV6)) { skb_dst_drop(skb); diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index 11c1519b3699..a9dac0ef2be6 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -835,7 +835,7 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) } if (arp->ar_op == htons(ARPOP_REQUEST) && - ip_route_input_noref(skb, tip, sip, 0, dev) == 0) { + ip_route_input_noref(skb, tip, sip, 0, dev, NULL) == 0) { rt = skb_rtable(skb); addr_type = rt->rt_type; diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index a92664a5ef2e..cdc75cfc1826 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -176,7 +176,7 @@ static void ip_expire(struct timer_list *t) /* skb has no dst, perform route lookup again */ iph = ip_hdr(head); err = ip_route_input_noref(head, iph->daddr, iph->saddr, - iph->tos, head->dev); + iph->tos, head->dev, NULL); if (err) goto out; diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index b6e7d4921309..dc062ae49137 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -318,12 +318,11 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, struct sk_buff *skb, struct net_device *dev, const struct sk_buff *hint) { + enum skb_drop_reason drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; const struct iphdr *iph = ip_hdr(skb); - int err, drop_reason; + int err; struct rtable *rt; - drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; - if (ip_can_use_hint(skb, iph, hint)) { err = ip_route_use_hint(skb, iph->daddr, iph->saddr, iph->tos, dev, hint); @@ -363,7 +362,7 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, */ if (!skb_valid_dst(skb)) { err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, dev); + iph->tos, dev, &drop_reason); if (unlikely(err)) goto drop_error; } else { diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 723ac9181558..f1767e0cc9d9 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2465,7 +2465,8 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev) + u8 tos, struct net_device *dev, + enum skb_drop_reason *reason) { struct fib_result res; int err; diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index a620618cc568..14990cc30c68 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c @@ -33,7 +33,7 @@ static inline int xfrm4_rcv_encap_finish(struct net *net, struct sock *sk, const struct iphdr *iph = ip_hdr(skb); if (ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, skb->dev)) + iph->tos, skb->dev, NULL)) goto drop; } diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index b146ce88c5d0..9678ff876169 100644 --- a/net/ipv4/xfrm4_protocol.c +++ b/net/ipv4/xfrm4_protocol.c @@ -76,7 +76,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, const struct iphdr *iph = ip_hdr(skb); if (ip_route_input_noref(skb, iph->daddr, iph->saddr, - iph->tos, skb->dev)) + iph->tos, skb->dev, NULL)) goto drop; } From patchwork Tue Oct 1 06:00:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817492 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f65.google.com (mail-pj1-f65.google.com [209.85.216.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CE581BC9E9; Tue, 1 Oct 2024 06:00:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762458; cv=none; b=AmZjz0RoEt+2aw6n5+YhQjq7Lg2rMZ3jB+Vcu/JIvq4DF8d5/xISGwAl+IIRLdw0Ck4cgiU3lyzup46rBGdh62FP8S3lxn28bIpRBtLD4Q6oYbAJsrNoGeJK7F9vCNmWP1pXhulepqaUhnDuds2Jl+V+GXSmJzsjiBkkaGWl2S4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762458; c=relaxed/simple; bh=zvB8Xh9fDLbp9WfQKRxYAZgiU3vdvZ9bHwKeXqUqhC0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SB/wDaPYd8lVnbCNyst8uBqjxajgLger55+PRVCRXWEWmOAon6/eHSPfLsD8WXdIgfpnE9QuP9LZW8xRjR8lgxxIudQGkapWnvOHIWK+OEYEjmuOaJMRB+jVFetEnsT3j4H4aPJrWNWgF19aYWoP4Jq2dKEl5E69poGVmI3cpUA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eW/d9oLN; arc=none smtp.client-ip=209.85.216.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eW/d9oLN" Received: by mail-pj1-f65.google.com with SMTP id 98e67ed59e1d1-2e09fe0a878so3411644a91.1; Mon, 30 Sep 2024 23:00:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762456; x=1728367256; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DrcolmE9x3EsGlnudoge00ElKatztC69V36dDAFu6ds=; b=eW/d9oLNU0JOS7DQPFGP4DdrjC6jmvmXkG6RUR7ZeY0fKhZVTHMXM+N6Kv0AKTiNsU nBobuBHdnjdPR5omyHMP5jtrxLNUwNmn+vlWHZ1ZraqpE7A5j3SG8cY10rLLbgSpCCyK U6OxQPdvR9Ds/NX8xWtQYIxmbfIqy0X3R9s5oHffXEqj+vtGoXEfws6QWUa1/Qd0z2LE RHBsyZExJQphCSpEZPZgJS5U0NYAATtHbteQJw5f70r0uSpfdw22vZ11a7Ogas4kryh0 3YE3d+EHWzQr0TzAI/dHaZRuoXluJdARE+SXcwlgKAt0/wsFjpeswwwjwNn/xGSbLM7i 7G1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762456; x=1728367256; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DrcolmE9x3EsGlnudoge00ElKatztC69V36dDAFu6ds=; b=Njygoo+FW2yPGfnXC/9RhlVODR8j+jfsyx0lI+zJhKxuZ+fMPJSsBA7gnXBtz+Z1Z7 mbXE4NB7chcFp6dkaxwMcd2uvvsxP+C7TS70o+/+NkxLwCd04pC9Gpzvpv3cwbafSte/ /AGe8p/6BaTZmjnND3U1VDi+sSWB9UvI+YJsKJcXV45hX1Y6VKWAtjdzAA8QDzNWIjOy 4Dl1DAmwuEf+DMjiU7q9Z6Ev7nLijeS2dErmjr+NVyLtCT+oJzWvDb3Z06DPBUxkn/cg e22YEUujT3U97uAUKHiXy153Bupi3Z4Y1UJm08C9/3FrCfj7fR0vl7R7b0UCnP+Vcaeu u8FQ== X-Forwarded-Encrypted: i=1; AJvYcCVm3zrJKcNN9da6ggVggg8wTf9x17O7R9R+pl5CRCNBvURziFUiIebgy83oJd+YOvc7hOIH2JFSR8PxjDd+@vger.kernel.org, AJvYcCW6kJ+Mwp9h85G/sZJ3QBcY26s9MH1y9v+JttRmN7kLmfZYtiZBAu9Hwa8+5NIQlVLWstU=@vger.kernel.org, AJvYcCWvKEWGIGPgTw36deIfPcs1UZiTWfPllzuwdZZOvbiBk93OPuHmknmydF7Qhi55eFP1+bSuC4+2@vger.kernel.org X-Gm-Message-State: AOJu0Yze/llIxI5G9ABFY7qGxvQNOPvI/3qsFd5SGaoJQrrve7qNHgqY 33GkgKylWNQuiVK3GOrlv4+3m874Q19Co6rEdqL87SQ8iLnsSaHQ X-Google-Smtp-Source: AGHT+IGcZQQgOw04X55Pu+VemUxvEiTVGoDC/zOXtfxRwUl+zVFoxoELNp66iiJT0ZW9D8XQExnY7w== X-Received: by 2002:a17:90a:398e:b0:2d8:8c82:10a with SMTP id 98e67ed59e1d1-2e0b8865133mr16333972a91.5.1727762455705; Mon, 30 Sep 2024 23:00:55 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.00.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:00:55 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 2/7] net: ip: add drop reason to ip_route_input_rcu() Date: Tue, 1 Oct 2024 14:00:00 +0800 Message-Id: <20241001060005.418231-3-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Add the pointer of the skb drop reason to the function arguments of ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f1767e0cc9d9..385efe6d71a7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2415,7 +2415,8 @@ out: return err; /* called with rcu_read_lock held */ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, struct fib_result *res) + u8 tos, struct net_device *dev, struct fib_result *res, + enum skb_drop_reason *reason) { /* Multicast recognition logic is moved from route cache to here. * The problem was that too many Ethernet cards have broken/missing @@ -2473,7 +2474,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, tos &= INET_DSCP_MASK; rcu_read_lock(); - err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res); + err = ip_route_input_rcu(skb, daddr, saddr, tos, dev, &res, reason); rcu_read_unlock(); return err; @@ -3288,7 +3289,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, skb->mark = mark; err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos & INET_DSCP_MASK, dev, - &res); + &res, NULL); rt = skb_rtable(skb); if (err == 0 && rt->dst.error) From patchwork Tue Oct 1 06:00:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817493 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f66.google.com (mail-pj1-f66.google.com [209.85.216.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5689F1BD031; Tue, 1 Oct 2024 06:01:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.66 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762463; cv=none; b=qHTSUIoKYTk2Xefx+xH4/8OFO97YMP9MqPP7Iej/F39zQeGOH3zkTaXgMgh5V+fkpBGRe/lRNAen04AuUKuJrH7LquLn9OESVjrwB5AUAcBX+OSsmUjk1QqkBI1j8RBelIAG03inouNUhePtDlT+EmI41yabI/cI9ARUDPbISCs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762463; c=relaxed/simple; bh=YqEogfeJLe9c/3bfq2XxyWEglvHt5kZYl7TE1QySazM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Y4pN/AE/6oMQJEapC+EqnErLl2iKE6hTmzC9rBQs/E5JdoFOJc5MpoMJ6aT8EJmjBvCOM6q40UHTGOuDkHrX09CxlU9EN76EgwsHXa3lisvqEqo9gnaUSffecl9MA3fpqGXl5Iweh0DDmghkDU8dJbX9zyTZBkurUSwNjc79ml8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dxCv8I8K; arc=none smtp.client-ip=209.85.216.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dxCv8I8K" Received: by mail-pj1-f66.google.com with SMTP id 98e67ed59e1d1-2e0a950e2f2so4049084a91.2; Mon, 30 Sep 2024 23:01:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762462; x=1728367262; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RiHzu+ulvjky3wzgvQb46nJbDFBRKyZby3oN41FMw90=; b=dxCv8I8KoyFDlFPyd4+nZKDHoPd2yVF5ua2xJCn7zSnCsbdLaiLbe2njRy0IzRxq/7 eeNDAfe7tI8KOj8hw/LXh4HsgNb/boafe9e0Y7UzAlACqHMF5IU3TIZoFAMoeu7Ph6oz muEKCXFXM0+3F5zEV5TavpUV29gm1vdxKUYp1JamU04cz/0oi4b5xa2tzQ4UsDU1Vyjx nKDMYCgCqLWEzBPrZp2u556AZEackrbQW9xYI58685ixQ4KeLmHaqqzSTJGyZoqPsyeS MJ4Zwwf4b2HFbtBVAJQHlXyslhSAMGJ1lHv2w6hqoJfOR6nrBF8jc6KrTVxmiR798as4 qchw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762462; x=1728367262; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RiHzu+ulvjky3wzgvQb46nJbDFBRKyZby3oN41FMw90=; b=uzTTFCxt8ROAwNUw5aW3MDjyxdQ+6afZUvLanRejGXjZVMnvw/ZIF3OuTVqQ1kWAjf A0yXLmY6gKdhLtx23EoPEW5PSz7sqFjlJYbJ82SRfAWksO+yLtIwvbFU0Nu5l8CfSSKx hjIvRelwqpnzcPqrBbPiGMjnR47A7rL4hOFKpae4emgyWul4t4pXK/n+b4bkSiYbY0/V u12D7VYnX+lM3RyqXV9+TaP/+bzCOa0iNtnGWrZ89/UcbbUHbhTOB7JCjrg9i0tHLPpV lyBec4X8BFNFn5v7jBFgf/8T8ExIXWNomEHgqUix1Ewreb2FJj5BK5+5wLMhKY5NccNn z8Qg== X-Forwarded-Encrypted: i=1; AJvYcCUP1UFdUl2yiYmn4KqM+//UFZPuO160YcGgB2qwG8LAkOMhBD39lXKu4UlFZFmToCKn+SZw/tvp@vger.kernel.org, AJvYcCUg/mfBDXcxhSUhveUYeU7jCK+wl3vLSgZ28sa2LB9xfb3x6e8UDaG2dVFZZIGkA6IZWfGpUF6pYr6VU9Pq@vger.kernel.org, AJvYcCXR3eJytNs9cFSbzTVOCnMCXNorezed504wlHdLkb0kTbRNoJmpwmPhpp7LGa1Wo0RdeSM=@vger.kernel.org X-Gm-Message-State: AOJu0Yx8woUmzvw4QRABEXuCbCbafEwAQZrzdZ21iRqgH1sPczT/r50R w9Ii20MxtOdn0+755lJBphHe87EqpmaiHJFkp9nnYtdpjGfNhDqa X-Google-Smtp-Source: AGHT+IGxcp33HKAcRKYo2olYX1EnTuL6eZiMVBrOhxAu/Ez4aMIx0IbRoxiePDmgWrqHJXJmllCczw== X-Received: by 2002:a17:90a:3486:b0:2d8:89ad:a67e with SMTP id 98e67ed59e1d1-2e0b88903famr18880996a91.1.1727762461479; Mon, 30 Sep 2024 23:01:01 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.00.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:01:00 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 3/7] net: ip: add drop reason to ip_route_input_slow() Date: Tue, 1 Oct 2024 14:00:01 +0800 Message-Id: <20241001060005.418231-4-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_slow() support skb drop reason by adding the pointer of drop reason to its functions aeguments. Following new skb drop reasons are added: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE SKB_DROP_REASON_IP_INVALID_DEST SKB_DROP_REASON_IP_LOCALNET Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 19 +++++++++++++++++++ net/ipv4/route.c | 32 ++++++++++++++++++++++++-------- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 4748680e8c88..3d1b09f70bbd 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -76,6 +76,10 @@ FN(INVALID_PROTO) \ FN(IP_INADDRERRORS) \ FN(IP_INNOROUTES) \ + FN(IP_LOCAL_SOURCE) \ + FN(IP_INVALID_SOURCE) \ + FN(IP_INVALID_DEST) \ + FN(IP_LOCALNET) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -365,6 +369,21 @@ enum skb_drop_reason { * IPSTATS_MIB_INADDRERRORS */ SKB_DROP_REASON_IP_INNOROUTES, + /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */ + SKB_DROP_REASON_IP_LOCAL_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_SOURCE: the source ip is invalid: + * 1) source ip is multicast or limited broadcast + * 2) source ip is zero and not IGMP + */ + SKB_DROP_REASON_IP_INVALID_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_DEST: the dest ip is invalid: + * 1) dest ip is 0 + */ + SKB_DROP_REASON_IP_INVALID_DEST, + /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ + SKB_DROP_REASON_IP_LOCALNET, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 385efe6d71a7..ab70917c62e5 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2202,8 +2202,10 @@ static struct net_device *ip_rt_get_dev(struct net *net, static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev, - struct fib_result *res) + struct fib_result *res, + enum skb_drop_reason *reason) { + enum skb_drop_reason __reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); struct flow_keys *flkeys = NULL, _flkeys; struct net *net = dev_net(dev); @@ -2231,8 +2233,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, fl4.flowi4_tun_key.tun_id = 0; skb_dst_drop(skb); - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + __reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } res->fi = NULL; res->table = NULL; @@ -2242,21 +2246,29 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, /* Accept zero addresses only to limited broadcast; * I even do not know to fix it or not. Waiting for complains :-) */ - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + __reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } - if (ipv4_is_zeronet(daddr)) + if (ipv4_is_zeronet(daddr)) { + __reason = SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(), * and call it once if daddr or/and saddr are loopback addresses */ if (ipv4_is_loopback(daddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + __reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_destination; + } } else if (ipv4_is_loopback(saddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + __reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } } /* @@ -2315,7 +2327,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, make_route: err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, tos, flkeys); -out: return err; +out: + if (reason && err) + *reason = __reason; + return err; brd_input: if (skb->protocol != htons(ETH_P_IP)) @@ -2406,6 +2421,7 @@ out: return err; e_nobufs: err = -ENOBUFS; + __reason = SKB_DROP_REASON_NOMEM; goto out; martian_source: @@ -2462,7 +2478,7 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, return err; } - return ip_route_input_slow(skb, daddr, saddr, tos, dev, res); + return ip_route_input_slow(skb, daddr, saddr, tos, dev, res, reason); } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, From patchwork Tue Oct 1 06:00:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817494 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f68.google.com (mail-pj1-f68.google.com [209.85.216.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4BA81BC073; Tue, 1 Oct 2024 06:01:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762470; cv=none; b=g0rudayrzgRy4qOQFjBwGy+rzLkLhVkkRfHZnFKZpCu8yigrqV8PcIxJW/wCNJJEHxuZmYacC441x38ifVDboBCexBHkfyuh+lJ2f0sGcaJItyHNa83V9RKbKqUCLR+1H1plOHQ01siMyw8qO+NYJIAKs0EcFBBxhAjFJILqsE8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762470; c=relaxed/simple; bh=aHFVAhSauYhcaI4Qxqi6+hVTR2IUnewnJG9ZCTMkUYc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JSUj/LxX3Cz7jFy2aCt1iJF1kRK26W8zp8zeHjsoR4cWlRJ9KARr/Af05s5dmjQjXf7iK6JIHY3n2ChjN8yGaFr2dWGzFctSvL1tWYug4rh0O5DZWVXy0/0qshYYfy4eW6kUIuz3pK48um+6O59VSh04GHbqWHmo28Xy2sFeKys= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XJZAkfAv; arc=none smtp.client-ip=209.85.216.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XJZAkfAv" Received: by mail-pj1-f68.google.com with SMTP id 98e67ed59e1d1-2e06f5d4bc7so4382155a91.2; Mon, 30 Sep 2024 23:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762468; x=1728367268; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VYpoCxYLAImw/g0O6S5ba1T5oz021gTBCQ/UN1xsnUk=; b=XJZAkfAvtwi7djN1wfMY29KaMSTJnGDtclqv83kDAVGT0UmF5/4g4ROOsX8lxrSiSW iUe8EkIzuYYMMUB8ArTbe3nB0p2JVVYCtXR1zD5U/PJMB7FhXerqppscYbm5ug4CKPbH eaFpt9wNW6iPAvBIKNL1JGYhP8NBImsx2BWJpHN1Kr/kEOwRDsKcpLsyXH9WTdCvB05i PhEWgn55yTzXUuqZa4ezzZia/Wwx5WBUBdwafbkmaTtXvM483RCn599DHPXyPiZZzPyZ OQJ71Xf/sSDOsXBHZ2aBxAnzl3+Lds9fytmNDm97cLo4DM2R0VCBE3EtgAHIrUVezd9/ vaaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762468; x=1728367268; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VYpoCxYLAImw/g0O6S5ba1T5oz021gTBCQ/UN1xsnUk=; b=ihOsxW7h0zeRD8GLh0BPwxSR7u+okctlv6vl8fRMxAVyTSShAEzADHKu+sQK/xhnLK GaAkMdVdJr9i1DU6bQHg1b/30rwMRKFw0uF1cia+4RsdTOVuLF/XfwkB9AOWc777bO9w csk3P1fR+d1xqCP3hTH4Mcf2lcFDIX8fmILRFwcaZ9+9/rDr+/UbaJ/uVtzeA24BYToA d0T0uFRXiMTaD2hy0x0aAc1gmqmvjb5rL10K35JEcPL+BpuJ+/P/K+GXsCbYv1vqRI80 oGlwkAimWTjd/UZEN/n6wtARPaU/7e989+Z2wcE1zcMzc2ienl8vhtNUgwI1amhIX9qf 8IpQ== X-Forwarded-Encrypted: i=1; AJvYcCVYLcz96mchlG+16vIRnWdlHyK8YWxIsbR6juIc1dCIPkHv+6WxqFOjWgpv8PwmxZw1Wdc=@vger.kernel.org, AJvYcCVp9muAl39u6AfBBMzMQ9IdQ/5eK0KMyLhqNJErSoHCLOYmeHDgaGWru4iEWYlR10eBXTX4Kfe0PqHqrJJT@vger.kernel.org, AJvYcCXajOT156CIWkLObYkDN3I/fZ0UfnMkrs6Y0CvXV2U+kV0ZjpXz+hO4n8sJrYcLVTSYkuGvclA3@vger.kernel.org X-Gm-Message-State: AOJu0YyOm8EGqequnfzHb05AETL3Q6umBxqUNoKUzupoBCefs1MHXEZ7 5r+1Mvizmzl5XloHaowVWKtbXoibLuHmS52oxGxIhqEIxZ5ZwbAP0Z/b+raW X-Google-Smtp-Source: AGHT+IHn1ToQ3k6iUZaeM1D4hzw48Kca4247nxPSj0gjkQYcCt8MkqBMWA7bFTJ50AHOQ1TZR2qTkA== X-Received: by 2002:a17:90b:d98:b0:2d3:d063:bdb6 with SMTP id 98e67ed59e1d1-2e0b89a2d65mr16684678a91.4.1727762467954; Mon, 30 Sep 2024 23:01:07 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.01.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:01:07 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 4/7] net: ip: make fib_validate_source() return drop reason Date: Tue, 1 Oct 2024 14:00:02 +0800 Message-Id: <20241001060005.418231-5-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make fib_validate_source/__fib_validate_source return -reason instead of errno on error. As the return value of them can be -errno, 0, and 1, we can't make it return enum skb_drop_reason directly. In the origin logic, if __fib_validate_source() return -EXDEV, LINUX_MIB_IPRPFILTER will be counted. And now, we need to adjust it by checking "reason == SKB_DROP_REASON_IP_RPFILTER". We set the errno to -EINVAL when fib_validate_source() is called and the validation fails, as the errno can be checked in the caller and now its value is -reason, which can lead misunderstand. Signed-off-by: Menglong Dong --- net/ipv4/fib_frontend.c | 19 +++++++++++++------ net/ipv4/ip_input.c | 4 +--- net/ipv4/route.c | 17 +++++++++++++---- 3 files changed, 27 insertions(+), 13 deletions(-) diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 793e6781399a..779c90de3a54 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -346,6 +346,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, int rpf, struct in_device *idev, u32 *itag) { struct net *net = dev_net(dev); + enum skb_drop_reason reason; struct flow_keys flkeys; int ret, no_addr; struct fib_result res; @@ -377,9 +378,15 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, if (fib_lookup(net, &fl4, &res, 0)) goto last_resort; - if (res.type != RTN_UNICAST && - (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) - goto e_inval; + if (res.type != RTN_UNICAST) { + if (res.type != RTN_LOCAL) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; + goto e_inval; + } else if (!IN_DEV_ACCEPT_LOCAL(idev)) { + reason = SKB_DROP_REASON_IP_LOCAL_SOURCE; + goto e_inval; + } + } fib_combine_itag(itag, &res); dev_match = fib_info_nh_uses_dev(res.fi, dev); @@ -412,9 +419,9 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, return 0; e_inval: - return -EINVAL; + return -reason; e_rpf: - return -EXDEV; + return -SKB_DROP_REASON_IP_RPFILTER; } /* Ignore rp_filter for packets protected by IPsec. */ @@ -440,7 +447,7 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, * and the same host but different containers are not. */ if (inet_lookup_ifaddr_rcu(net, src)) - return -EINVAL; + return -SKB_DROP_REASON_IP_LOCAL_SOURCE; ok: *itag = 0; diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index dc062ae49137..aac0575bb1a4 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -424,10 +424,8 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, return NET_RX_DROP; drop_error: - if (err == -EXDEV) { - drop_reason = SKB_DROP_REASON_IP_RPFILTER; + if (drop_reason == SKB_DROP_REASON_IP_RPFILTER) __NET_INC_STATS(net, LINUX_MIB_IPRPFILTER); - } goto drop; } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ab70917c62e5..9de85051463b 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1690,7 +1690,7 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, itag); if (err < 0) - return err; + return -EINVAL; } return 0; } @@ -1788,6 +1788,7 @@ static int __mkroute_input(struct sk_buff *skb, err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { + err = -EINVAL; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -2162,8 +2163,10 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, tos &= INET_DSCP_MASK; err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &tag); - if (err < 0) + if (err < 0) { + err = -EINVAL; goto martian_source; + } skip_validate_source: skb_dst_copy(skb, hint); @@ -2313,8 +2316,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (res->type == RTN_LOCAL) { err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &itag); - if (err < 0) + if (err < 0) { + __reason = -err; + err = -EINVAL; goto martian_source; + } goto local_input; } @@ -2339,8 +2345,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (!ipv4_is_zeronet(saddr)) { err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, &itag); - if (err < 0) + if (err < 0) { + __reason = -err; + err = -EINVAL; goto martian_source; + } } flags |= RTCF_BROADCAST; res->type = RTN_BROADCAST; From patchwork Tue Oct 1 06:00:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817495 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pj1-f68.google.com (mail-pj1-f68.google.com [209.85.216.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E66621BC07D; Tue, 1 Oct 2024 06:01:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762476; cv=none; b=iOVBROONVc0D106R/Swr4Avf2D0HEg8aOoWq+fZjs/cmuxhl6BBYDn3z+H63axnkx2eArrfy953cPX04RvCKCmkAINvLwwvczEwNtDNcpsKGXSwIIPO6U5NY8MmzQTuckjd6NmvymI2FloFeOmTuE0H5zONI2olAlrDX93X0zH4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762476; c=relaxed/simple; bh=tbqvRbrw1RjNz1z+80bZjGq2kW1Hepr/9XwWvg0Kr38=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=HSMvaSt9+ZGmTnKN2I6/uT2V63t4eIZ8HL7Ew+YtpH+VxES3pgLgmkc4GBoPUU7gS02JcIj19gIur7AaMzFma3BCkKx4wwRduZaV9D2DIBzKp95qreKfzElnYAXVW/Lf9w7OFF7UUpULCyMZBzyWd/OgXkTVEGWI9MXR+IM5HIM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gj3UDKep; arc=none smtp.client-ip=209.85.216.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gj3UDKep" Received: by mail-pj1-f68.google.com with SMTP id 98e67ed59e1d1-2e07d85e956so4380252a91.3; Mon, 30 Sep 2024 23:01:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762473; x=1728367273; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yxfX5kMCBU6PnxHPyQyfr0yY+I8adUvz9J1OqvvM57k=; b=gj3UDKepf0XJtzIhxOV/ERLsTnhBzccpJ77zhqppBJ3rmr9LmSXlC8N4MAAlsP/gM/ zz14079dFpQLAF9LB3e0R6yUMcLHNh1ClL3M+YobNifELlQObxWptoumnz44MWb9D2vz eWFZwW3hgHmmu8UQSAtLmtZA1ccVvvjzHz0RW5mfupRv2pBjV4OONtFNXISeEIUTZA3G uMpdfEcS/wNTdp/SSKe9bumu/ZQC5XI++UPzZXgHQMVBzA2dMM+DYlyPKN4Ty7XR4KeX /UjosGGHYGbSGs7SMVtFgaUcygBNqw3j/UIZlG0h5UDjyh6tX0mmcBP6DT2xmqJ0WTLr kHNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762473; x=1728367273; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yxfX5kMCBU6PnxHPyQyfr0yY+I8adUvz9J1OqvvM57k=; b=ZPbZ+vDzPZB3SskQ0JtzTKTx8X1xdXk22x9xT8cO6uUj7yTxZhzSB/asKEcrKMBDG2 jo6lUE3rR5a2ZSFHFQ5HdmkQ9egfEbCeLGOSFcjtj2BpyoGJ7093KOCS5sHhmFIfndgU zIMI87BqxJiWTPWaIPZCNTY+qK0vdlg5SxKxxWQx+PIxWB1mvMgrpHzHkeOLgPJst4LH gv3RZ7c5XI2pbs4if4HpgbA7RvXg3mtW6WDyd6nhDhNBylo/nXisYXDIBp/Iwf99+qTS +SmLhgZccstood6uQkknNDCvf8sr0yiCfInciwldtlUtW0NRtwFGDsrPGgRdL5v/jnKn M8EQ== X-Forwarded-Encrypted: i=1; AJvYcCV0UK+EnYGJNp5C8cPCuVoCJ7JCXBMpXS4f1BaxwgN2DbYkWQl/nRvZDkGr3hxuXZ5oItQ=@vger.kernel.org, AJvYcCWJaMe9sYd+LYh7ifpiyRz2bebZVAwXna9EGzJvnzQA5LUSsSf3DqkYThVt8QJ4hJlI3L+z3iX5@vger.kernel.org, AJvYcCXBT17QETWrhDd46H/bmT/wu7qp/dFDTvCIZHaNPRltH6zzcoLOoNyYmfERYVWpYUA2/UqHrv9HlaAmFN1U@vger.kernel.org X-Gm-Message-State: AOJu0YwHlx5JbIIML0yV7sRJ3+UYtGH/Y9QIO15H9PR4oZN9DNaOX9aO pR5SdZObZhbgAMmSOQAdh68yl+rnMN/GXE9+a+YpiSOsvlOkOO5V X-Google-Smtp-Source: AGHT+IGm4YLpwAmi2xMA/Da5bnFPDS63PDzPodznmvqVhBrYlqTWb+5nWy49OzncasiGvQUnbck0XA== X-Received: by 2002:a17:90b:190b:b0:2dd:66a8:8ab0 with SMTP id 98e67ed59e1d1-2e0b89e2343mr16095285a91.16.1727762473214; Mon, 30 Sep 2024 23:01:13 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.01.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:01:12 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 5/7] net: ip: make ip_route_input_mc() return drop reason Date: Tue, 1 Oct 2024 14:00:03 +0800 Message-Id: <20241001060005.418231-6-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Make ip_route_input_mc() return drop reason, and adjust the call of it in ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 9de85051463b..f577012985c5 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1696,8 +1696,9 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, } /* called in rcu_read_lock() section */ -static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, int our) +static enum skb_drop_reason +ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, int our) { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; @@ -1707,7 +1708,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); if (err) - return err; + return SKB_DROP_REASON_NOT_SPECIFIED; if (our) flags |= RTCF_LOCAL; @@ -1718,7 +1719,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, false); if (!rth) - return -ENOBUFS; + return SKB_DROP_REASON_NOMEM; #ifdef CONFIG_IP_ROUTE_CLASSID rth->dst.tclassid = itag; @@ -1734,7 +1735,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, skb_dst_drop(skb); skb_dst_set(skb, &rth->dst); - return 0; + return SKB_NOT_DROPPED_YET; } @@ -2455,12 +2456,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, * route cache entry is created eventually. */ if (ipv4_is_multicast(daddr)) { + enum skb_drop_reason __reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); int our = 0; - int err = -EINVAL; if (!in_dev) - return err; + return -EINVAL; our = ip_check_mc_rcu(in_dev, daddr, saddr, ip_hdr(skb)->protocol); @@ -2481,10 +2482,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, IN_DEV_MFORWARD(in_dev)) #endif ) { - err = ip_route_input_mc(skb, daddr, saddr, - tos, dev, our); + __reason = ip_route_input_mc(skb, daddr, saddr, + tos, dev, our); } - return err; + if (reason && __reason) + *reason = __reason; + return __reason ? -EINVAL : 0; } return ip_route_input_slow(skb, daddr, saddr, tos, dev, res, reason); From patchwork Tue Oct 1 06:00:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817496 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com [209.85.215.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18C7A1BBBD7; Tue, 1 Oct 2024 06:01:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.194 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762481; cv=none; b=HfJ24P+XpUb/QCsgPGFb8yXe2YmSn5FKGnq7V0OfCBPf4enuLjv3XyIUS2YqZ59oXYG8G9n63iG+xPTV/qV0Ne2iAjvZvZd4xPZzoMUNC8doxvfoomkzazDWYOO0GpWM2QyI6HYX+JG/baYGkWHk1/NvFUWMUsSG2ypIRFqueq0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762481; c=relaxed/simple; bh=AqI7arKaEVMpTT2qhZmIJZA5E+txg/W+R4/pPMw2DaI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=rvtboWywFSO0I6WsEp/nWIAT/y2/t6RRbmbiYfSsVxYIKsnMX9jPCS1cwFiwc/tw4I1/JbyDAE3i3xUF5QrzSAWhlxh6nb0+i+NBpqKH74vZVU8tOQjMW6/8gGsS+VrOEjzAh1ToUQWS1G8159QGIdFISwmVlkJCZM3fkX5d01M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=UULuon5K; arc=none smtp.client-ip=209.85.215.194 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UULuon5K" Received: by mail-pg1-f194.google.com with SMTP id 41be03b00d2f7-7d50e7a3652so3441120a12.3; Mon, 30 Sep 2024 23:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762479; x=1728367279; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VbPGgSOikK+F605onoyc1YqeJXlzGc1QhlYtJFewpEo=; b=UULuon5K2hhOO/MvMC1iND6N4ePe2AKyv4d1UJXnFJGxagii+xeGFvQ9KTu9v5dvTN iSZ8zgjalzbL6chu9rAD+2PsT8PKUOAbIdeTZgDBBrjkHV5aEM63aJv+B09coal6NzMg gKekc+uTAn+kLMSMVgOwDrxunTMlhZ7jS7TG7DiasLReenqTZ3wWN8sF+aK9nIYCo8kv OZTdZLD5XjGq0KHK65kY31d73nnDFknsClo3E2/Y1q3hMDoQF5IqFx8kM3g6zuzqP9sp LjXMkJbIzMXZh8sfhWnPRgS0RtWw7sL5XuDRRb99ps1tkZw+8Z3581DS3fQnOZCNOhtI fliA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762479; x=1728367279; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VbPGgSOikK+F605onoyc1YqeJXlzGc1QhlYtJFewpEo=; b=MKXRikUxBxaKKlY4LU1Ol1fAxKyrKsFZByDbgNy0zFleGW9bIAxu0+h8rjiLEgRIVu lPYwn4AUbmRKizw5mjYHxa57B8to20THVsVV/WSSnD0Ma5WxvJWr1WCIHWqxrjE1C+d7 i3AhjDaU3GDD2kNyVtAztrLJsybrO2O/9eRf9ENG92eMlNfnPf4FrVb9p7mzuKY91mcl fyViUcFVd9wSjNYMkHWdcOI1xZC6XJm3ctS3YK3om/GIAt34WNEDkmjzkhBpx93QXes3 Ef6+xhK3XbfcPNxazio8LxiCOFA0+fYLDtTQRk5OrwRuDrSYgGq//YnyMbTVqIt4HmbX ZQ1A== X-Forwarded-Encrypted: i=1; AJvYcCU1hXS0ko0Bm8YLZoTqVgfmi+GZN7UI9NzG1iTXuVrCUzYUARYPOXQB9Y1vQvT9gCMgPCNB2IpJbRJdD0G+@vger.kernel.org, AJvYcCVCf71HlPCILDwSquZHy1L6Lck3cqMLBgsPP75MhF/fCwy8fjsoJqVe/ILncqDetGySrLs=@vger.kernel.org, AJvYcCVE0a+UjjN4a8dfHDztL0/bR+Wi2rQj2aOaPxKYjJ1IjQfS++gNT/f/vdrOgQvby3laD+pDouiG@vger.kernel.org X-Gm-Message-State: AOJu0YwhcwomUfK3gCD/faE7zNOIxjRe7LXA/UmYjDS+jS8KBcasYI02 tuBAAz7v8otB761F7xKO32eG8i8CRXJ0dYduE0Y46pP4y/AWx6vJ X-Google-Smtp-Source: AGHT+IFMaUccJG2q6m6uvtlz1CAeZzt/87PRSN0BUde3JiMNj/hQhrk337sjxmHRYIrjlH0Rr5BT7w== X-Received: by 2002:a05:6a20:cf84:b0:1cf:49a6:9933 with SMTP id adf61e73a8af0-1d4fa6c2f99mr18043236637.20.1727762479311; Mon, 30 Sep 2024 23:01:19 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.01.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:01:18 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 6/7] net: ip: make ip_mc_validate_source() return drop reason Date: Tue, 1 Oct 2024 14:00:04 +0800 Message-Id: <20241001060005.418231-7-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Make ip_mc_validate_source() return drop reason, and adjust the call of it in ip_route_input_mc(). Another caller of it is ip_rcv_finish_core->udp_v4_early_demux, and the errno is not checked in detail, so we don't do more adjustment for it. Signed-off-by: Menglong Dong --- include/net/route.h | 7 ++++--- net/ipv4/route.c | 33 ++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index cb9f31080517..cd0f585dacf0 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -198,9 +198,10 @@ static inline struct rtable *ip_route_output_gre(struct net *net, struct flowi4 fl4->fl4_gre_key = gre_key; return ip_route_output_key(net, fl4); } -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, - struct in_device *in_dev, u32 *itag); +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, + struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 dst, __be32 src, u8 tos, struct net_device *devin, enum skb_drop_reason *reason); diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f577012985c5..89f97637af20 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1665,34 +1665,37 @@ struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt) EXPORT_SYMBOL(rt_dst_clone); /* called in rcu_read_lock() section */ -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, - struct in_device *in_dev, u32 *itag) +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, + struct in_device *in_dev, u32 *itag) { int err; /* Primary sanity checks. */ if (!in_dev) - return -EINVAL; + return SKB_DROP_REASON_NOT_SPECIFIED; - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) || - skb->protocol != htons(ETH_P_IP)) - return -EINVAL; + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + return SKB_DROP_REASON_IP_INVALID_SOURCE; + + if (skb->protocol != htons(ETH_P_IP)) + return SKB_DROP_REASON_INVALID_PROTO; if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev)) - return -EINVAL; + return SKB_DROP_REASON_IP_LOCALNET; if (ipv4_is_zeronet(saddr)) { if (!ipv4_is_local_multicast(daddr) && ip_hdr(skb)->protocol != IPPROTO_IGMP) - return -EINVAL; + return SKB_DROP_REASON_IP_INVALID_SOURCE; } else { err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, itag); if (err < 0) - return -EINVAL; + return -err; } - return 0; + return SKB_NOT_DROPPED_YET; } /* called in rcu_read_lock() section */ @@ -1702,13 +1705,13 @@ ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; + enum skb_drop_reason reason; struct rtable *rth; u32 itag = 0; - int err; - err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); - if (err) - return SKB_DROP_REASON_NOT_SPECIFIED; + reason = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); + if (reason) + return reason; if (our) flags |= RTCF_LOCAL; From patchwork Tue Oct 1 06:00:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13817497 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 24AC11BBBD9; Tue, 1 Oct 2024 06:01:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762487; cv=none; b=H9rlTTl23VhifmIfMH3wKwEVj1MJHudA0Id71pQXwGpTYrTQNhsHm4GwWKOrj6NG2kl313LGUJdt5PyjX9C6RRWEldZaaFxzxCsetTAw06Ax/2nR6tyrwvWIUSLub1MkAk9PkfDe/IXOrgAMkxmQKeGRzqC3HFqdPqaaC6C3NkY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727762487; c=relaxed/simple; bh=ieuL/O3/265wxoAQ9SYV+ZrakZmm8ntMC/lUQH0jiok=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=B2Iz7baQUr88DngwaRmVD6n528TR0bGft7G1tdu80LVf1pb40oY7Nm1reEMxrnn15loSaNhp4m0MWDm6Gm/yw1Bd5J697XfH/t2H7iYjaCV8XrJr7WeEP9upaLs4uMt1/5UI+ycnmm/NxCMbeYlpE4SIVr84plPbqsnMMq6XbBk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=h583iV8y; arc=none smtp.client-ip=209.85.214.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="h583iV8y" Received: by mail-pl1-f195.google.com with SMTP id d9443c01a7336-20b833f9b35so16508235ad.2; Mon, 30 Sep 2024 23:01:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727762485; x=1728367285; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Rfr8GHfpAnekQQsJ9DXbNrw9ejSWEOElOr5R5vluBYQ=; b=h583iV8ynLNhuIOaOC5UgUkHL6yiC86V7Tkv+X1DpMBUtGXPJwRCHoqTR77zo3wtpF YT9yOwrIvBLZT4DvCCRdzLQxLR+LIEI2qIXJ1EEl1+kqaDftX1qEZpPvca4ajKqXrq2m LshIEmdJD5FCVslHt2GfgtfIQ22noNPQsa5KT7Vh+8dQVUxQnH9HhEiP1Vp4TPGcNWXR +yHfrzd8/wZCHLGduwYfY4Of01XxB4tyxHbRlGCD8SV9MJz6E1zuBu2j8i1e0jNHr7aH coRujU/Pfwj3IeiNnV4Yzre96cO5Su2SNouxB9oQDurUW7DKDQoGzKf8l2RPSVmH5sZZ 7dlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727762485; x=1728367285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rfr8GHfpAnekQQsJ9DXbNrw9ejSWEOElOr5R5vluBYQ=; b=kofcji4eDnewwhx1kyxuFonYSgnYbwGlMJrogekikjwXiIkM+oohCgVLMYhNhiAszC 8eOm1Q3EqFo/mWkJWg5SsEIJgc+gZ8sBWAU0i9ffRMcNU/H0V4RFDXdCC6EpLSkXnVK1 UlvtyJOgsUC3Gp9Jhs30yVDaE75JUgc/1u11k6GHlkaZtWHRlTLYsUHS3mS6Ft/Bxv8R wvqzP0nqBYYk65utHASsaDxXgPkalwa3v+V/dF1z12SmPTloaBkiKQZ4o5UxXs33NP74 ZQHwmYI+hzGomC18tXONHA8HR5zfrlD02vdAB8up0/jZPEgUFQLLms5zHNt0ALUuR0Wt PSkA== X-Forwarded-Encrypted: i=1; AJvYcCUFsm2+mDgFtYs5m60+V7a9bHeQ7h/L69YozkhqM+SBfzIm0WNEYPF9MKWuo82Jr/a+Kwo1T6e/@vger.kernel.org, AJvYcCW0RsXuU+zYn1O+wfTMVKv1a8DnfIIl1wLZBoSXUoYJ6NObjQ8JFfxzFbsNIw1bcsr/alOaFWK9rifk+VC3@vger.kernel.org, AJvYcCXgla/dc3t/iFC9a3gz0mU9Zr3hI/tpob1HKuadoDYUNBy2nSF1nGOdMT5nm+512BRK2ko=@vger.kernel.org X-Gm-Message-State: AOJu0YyBXf8BxBDMdsyPckBH96G4gusNtxiNFndIPsV4YZtYXWx2DNcW 090qK0MEb1x1g9Hfqj2JQ4TTEmEZHUV5jtE417uL+TYinx2tJ8Qm X-Google-Smtp-Source: AGHT+IF0pqg6cHdPQNZUnpp0KY3LqcCogvQjVaDIbEAdyFcDi8rMUdKYWPzepWjPauNArtxkGDit+w== X-Received: by 2002:a17:903:1208:b0:20b:2eb3:97ac with SMTP id d9443c01a7336-20b36ad2914mr4118545ad.24.1727762485308; Mon, 30 Sep 2024 23:01:25 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e0b6c4bc46sm9055950a91.7.2024.09.30.23.01.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 23:01:24 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, atenart@kernel.org Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 7/7] net: ip: fix typo in the doc of SKB_DROP_REASON_IP_INNOROUTES Date: Tue, 1 Oct 2024 14:00:05 +0800 Message-Id: <20241001060005.418231-8-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001060005.418231-1-dongml2@chinatelecom.cn> References: <20241001060005.418231-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This is a copy error, and SKB_DROP_REASON_IP_INNOROUTES should correspond to IPSTATS_MIB_INADDRERRORS in the comment. Just fix it Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 3d1b09f70bbd..a68235240f6a 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -366,7 +366,7 @@ enum skb_drop_reason { SKB_DROP_REASON_IP_INADDRERRORS, /** * @SKB_DROP_REASON_IP_INNOROUTES: network unreachable, corresponding to - * IPSTATS_MIB_INADDRERRORS + * IPSTATS_MIB_INNOROUTES */ SKB_DROP_REASON_IP_INNOROUTES, /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */