From patchwork Mon Oct 7 07:46:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824273 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f196.google.com (mail-pl1-f196.google.com [209.85.214.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 676BA13E40F; Mon, 7 Oct 2024 07:47:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287254; cv=none; b=D/g6UVHR4c7GWj/Voks9FXz6I/ZveFF06wPSkqpzXsfAs408rJJUqJG5rRC2xpKfuiZntOX7lh9NS1kKx7o39fUsq0DgBB1mDp3nku5pooqcsZmjobWPxzvDvmnDXPw4BUfs58wOXLxHoOeJuMqQvWalp8bijqeiPRg1m2eYgv8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287254; c=relaxed/simple; bh=Fo+ptBtT6UPPnDahPnacUgXk1sFrEC0JlQw244eQ8aM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FoiMjJkeG0N9U/0zWbr4lz04jRF75CKjhwniaCcJqEusOqO4hzYctX4RdSADZm0q3iKZ7BN8NAS+rjBOtsyTDH0k3CwRL2lnzokNGKuQMvc3o+p06/2Cdw0+iBqrJC4esi10Y3FYAvcvN7o6R24y6goEJ3ds/e/LR+LVaZee7IQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eiF3oA0G; arc=none smtp.client-ip=209.85.214.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eiF3oA0G" Received: by mail-pl1-f196.google.com with SMTP id d9443c01a7336-20b8be13cb1so43913645ad.1; Mon, 07 Oct 2024 00:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287251; x=1728892051; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PG1gKM6LqD/QEAjCSVvStNkTZW3iw+H01oEnAiBabsA=; b=eiF3oA0GmXc0mTZOpA8ETuYWLunkvT2+UD0pu907PcoNQi3v05vmcYYrW9NzDPQJKO yOSp0z/2T2zuCaIufXjXkEltNeE+GcS/yGQc8jeP6woIZcqh427bkNO5oJ3dxjR5IhTK mpS/UXXmxiOqtsnhuQKgR9mPRykOXWy78eu3Sw4nE75QTo+LS2jdNjgv3HeyvATCKY52 34sIRSCfYzzuj17N8vNCYXziTKZzlAvp7Fd1ZXuSYQQMzK1Xa7frBKFjQb/CBpTGdMKk a6fqRfVR5g391DYLoPU1xsRsIMnkHuJULi4xwFVax8YYqabJjKoKaZcZSlI9KOAykvAB z/WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287251; x=1728892051; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PG1gKM6LqD/QEAjCSVvStNkTZW3iw+H01oEnAiBabsA=; b=jUOr6f2jaq2WmR4TEjhQZkEfGFfaLJjCThnxTsRIUdSMWORe83ALyR4yfSx8elFbrw KhazHdKUsxG/wIKUeLg+GE7S9NIZnhQvy745MfBusr4bip5RtaHiTB0z+jVgZ+K0NzgK dmKCry0jDXrV8XwN0grlY/8G3911NiYgsk0YsC3bZ7X5cx+aFYu43Sbzn2EbdBetGj4W GZlJgrGQJX6BbJLDmavKVLIGLcxkfuskjDaT/3BBbGe0bbWjOW/gv98KoWO45n5vKRl9 jymn3XFHM8X5ACwtQh8TQP8i+JfQKpIw3C9UaGRBV2FPVnLA0VH2cl+R3yD8+LNdnm6a RZWg== X-Forwarded-Encrypted: i=1; AJvYcCUTDA1aXfdIP1ulYjAYq1hXZJCd/nyRSIE4P+kMPqKTAAYNY4ayU7AB0n9PhCdsPwfrVysRdB8g9QKxinTT@vger.kernel.org, AJvYcCVPew7xyXQKJ/9qfZXAzIGakwPT8LU+bqYMQ4LuLJYiykkN/HlzHxjChWyiv0V9WVhlGCkAsIus@vger.kernel.org, AJvYcCVnONPRDO6Ik9OM/FQ+HEsDVR0WAM+tJRULB2FL0U2k3zSDose1tKGz7SGkeeVyWKU97rA=@vger.kernel.org X-Gm-Message-State: AOJu0YwfGtjBhSDDXJIG1doV0zcMCwORowjgg1S6YxxAoP1/JEos+cBa EcNLl3VbtgXJ0Y+A2jTrATO6m/skMgZ3yEj2RE8TYbOTv4BicNYP X-Google-Smtp-Source: AGHT+IGy2D36iKuftjttk2FrDhorl/s8RhZNMmtf9iFoBikAeEISY5rprKA3oT8OVgjbSFXH8aKkDw== X-Received: by 2002:a17:903:32c1:b0:20b:58f2:e1a0 with SMTP id d9443c01a7336-20bfdfd4340mr147887695ad.18.1728287250665; Mon, 07 Oct 2024 00:47:30 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:47:30 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 1/7] net: ip: make fib_validate_source() return drop reason Date: Mon, 7 Oct 2024 15:46:56 +0800 Message-Id: <20241007074702.249543-2-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make fib_validate_source/__fib_validate_source return -reason instead of errno on error. As the return value of them can be -errno, 0, and 1, we can't make it return enum skb_drop_reason directly. In the origin logic, if __fib_validate_source() return -EXDEV, LINUX_MIB_IPRPFILTER will be counted. And now, we need to adjust it by checking "reason == SKB_DROP_REASON_IP_RPFILTER". However, this will take effect only after the patch "net: ip: make ip_route_input_noref() return drop reasons", as we can't pass the drop reasons from fib_validate_source() to ip_rcv_finish_core() in this patch. We set the errno to -EINVAL when fib_validate_source() is called and the validation fails, as the errno can be checked in the caller and now its value is -reason, which can lead misunderstand. Following new drop reasons are added in this patch: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 10 ++++++++++ net/ipv4/fib_frontend.c | 19 +++++++++++++------ net/ipv4/ip_input.c | 4 +--- net/ipv4/route.c | 15 +++++++++++---- 4 files changed, 35 insertions(+), 13 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 4748680e8c88..76504e25d581 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -76,6 +76,8 @@ FN(INVALID_PROTO) \ FN(IP_INADDRERRORS) \ FN(IP_INNOROUTES) \ + FN(IP_LOCAL_SOURCE) \ + FN(IP_INVALID_SOURCE) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -365,6 +367,14 @@ enum skb_drop_reason { * IPSTATS_MIB_INADDRERRORS */ SKB_DROP_REASON_IP_INNOROUTES, + /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */ + SKB_DROP_REASON_IP_LOCAL_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_SOURCE: the source ip is invalid: + * 1) source ip is multicast or limited broadcast + * 2) source ip is zero and not IGMP + */ + SKB_DROP_REASON_IP_INVALID_SOURCE, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 793e6781399a..779c90de3a54 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -346,6 +346,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, int rpf, struct in_device *idev, u32 *itag) { struct net *net = dev_net(dev); + enum skb_drop_reason reason; struct flow_keys flkeys; int ret, no_addr; struct fib_result res; @@ -377,9 +378,15 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, if (fib_lookup(net, &fl4, &res, 0)) goto last_resort; - if (res.type != RTN_UNICAST && - (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) - goto e_inval; + if (res.type != RTN_UNICAST) { + if (res.type != RTN_LOCAL) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; + goto e_inval; + } else if (!IN_DEV_ACCEPT_LOCAL(idev)) { + reason = SKB_DROP_REASON_IP_LOCAL_SOURCE; + goto e_inval; + } + } fib_combine_itag(itag, &res); dev_match = fib_info_nh_uses_dev(res.fi, dev); @@ -412,9 +419,9 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, return 0; e_inval: - return -EINVAL; + return -reason; e_rpf: - return -EXDEV; + return -SKB_DROP_REASON_IP_RPFILTER; } /* Ignore rp_filter for packets protected by IPsec. */ @@ -440,7 +447,7 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, * and the same host but different containers are not. */ if (inet_lookup_ifaddr_rcu(net, src)) - return -EINVAL; + return -SKB_DROP_REASON_IP_LOCAL_SOURCE; ok: *itag = 0; diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index c0a2490eb7c1..a6f5bfc274ee 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -425,10 +425,8 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, return NET_RX_DROP; drop_error: - if (err == -EXDEV) { - drop_reason = SKB_DROP_REASON_IP_RPFILTER; + if (drop_reason == SKB_DROP_REASON_IP_RPFILTER) __NET_INC_STATS(net, LINUX_MIB_IPRPFILTER); - } goto drop; } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 6e1cd0065b87..e49b4ce1804a 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1690,7 +1690,7 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, itag); if (err < 0) - return err; + return -EINVAL; } return 0; } @@ -1788,6 +1788,7 @@ static int __mkroute_input(struct sk_buff *skb, err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { + err = -EINVAL; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -2162,8 +2163,10 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, tos &= INET_DSCP_MASK; err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &tag); - if (err < 0) + if (err < 0) { + err = -EINVAL; goto martian_source; + } skip_validate_source: skb_dst_copy(skb, hint); @@ -2302,8 +2305,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = fib_validate_source(skb, saddr, daddr, inet_dscp_to_dsfield(dscp), 0, dev, in_dev, &itag); - if (err < 0) + if (err < 0) { + err = -EINVAL; goto martian_source; + } goto local_input; } @@ -2327,8 +2332,10 @@ out: return err; err = fib_validate_source(skb, saddr, 0, inet_dscp_to_dsfield(dscp), 0, dev, in_dev, &itag); - if (err < 0) + if (err < 0) { + err = -EINVAL; goto martian_source; + } } flags |= RTCF_BROADCAST; res->type = RTN_BROADCAST; From patchwork Mon Oct 7 07:46:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824274 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 101EA17622F; Mon, 7 Oct 2024 07:47:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.193 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287257; cv=none; b=m14juAzq07ZLchLm55MdgdTL3JoZP7qRNCvmPHVllAuNP5WFDeWf3g30pKInxvAIpwH1xazB7ELlPXEuv0FPeG3auSwn9Rzj2Q0uO66uU2wmcRgilf6CAcJkXunQWq6sKLKb6bc6sjofl8ZuGgvBSoyllrwSVxr5haEiFdlzekI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287257; c=relaxed/simple; bh=YNCtkgPLk5vixANYLvHvRat7WChfPnSZ2kkrOZT5uOc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qlBiQjSFbE2SO3DNDj0cMotkD0ag+ZBYK2SCaT94yttTTunUjYG9FqR01now8lGcX86uq4fuovW7ZG7lHuYPQysn0Qsq9etYYa7k2OUwJ2AOR5EuzXbxXUjwK03n/ryUoac+L6MZ+8xzmJHbyHmpg90uRKccGqcGvQMdtaSzvrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CHJGVYgo; arc=none smtp.client-ip=209.85.214.193 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CHJGVYgo" Received: by mail-pl1-f193.google.com with SMTP id d9443c01a7336-207115e3056so36483795ad.2; Mon, 07 Oct 2024 00:47:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287255; x=1728892055; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3j6xFB2yFKO5XV/9BnNs+EofRW0XdrjU9aIO3XW5rMk=; b=CHJGVYgoWAKqvB6HpGxsh/oO8Nvvp2j7EQWia2BNOE1cqrCUTV3N4nUCzcUWVECugU a0HBOjICKijsFUVOEkCXrPUCjzg1cCdkbe3zu5fA4ON+FmnQ/s3DFjGrT4FlC198fdZf uzVFnl32u0PY/YXFIzcMkBmDAzEKMhJBHxBK7i2lscvc7y4aNHgUyJvUT4GuHTKX9KC5 kjKCen5PRUpHQU0bBVuudyJ45Z4mPcOmcQjKR01YEVlFlvZ/UmJ4KK9yk0qCmGeK249X 6GaljX3GyHM1tDdAl83B/cZNNiZUFVI3rXQKwPq3+f4r5MXhZs5mTswTCg8cpvbge3h7 bDkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287255; x=1728892055; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3j6xFB2yFKO5XV/9BnNs+EofRW0XdrjU9aIO3XW5rMk=; b=jryQ9lHdQTQ7vxsHEueiLlyjwvN+RWj4/if6Z7GBc5UqMd485IDzRLdHnud1KirFaF qN1HLgQs0BKrtsFJzbnn7VajDo3AcPVFVjBRB/hnpXHtAPqxJCEwv/3XMpMyLqAh4hse lezb4Ajkz08Lv7L+FQv3QCDmMRITnbkaZJvE6puKAMRapiAZwYugVarSRYvFFFJVEni7 BB3Mw0mpUVSe4xDVPQA66xVUzKgJHGLmJYik4A9XzkSG+B18J7Hp/kC60TsJRpUIWZEj KtWQxhlyXRszLleI43rCIRjKKqZzsUYVK3WWiGtz2XbnKAC9JAnvS7X40UJMW8N5LNo5 3W9Q== X-Forwarded-Encrypted: i=1; AJvYcCU0g6QN2Bg5i/jYhFrV6ny8PYUHWOpcSFA+tNlWzHvkE5Gv1gFEASeIyR7jTJVOuVtLwysyBVrh@vger.kernel.org, AJvYcCVTHdoGVkiyWB6YQwuxO2r0nM1DGUtpY47DsJi1nsM5gaqP+a2mGT8jyOuE245HJGylDIQ=@vger.kernel.org, AJvYcCX4xcu+qEgeZyWO8UoYsKymE4HF1ztvo5+3rjPr5XPhH6GkRhP4dCT2eB7mZBAdcfXCR/ydqOAILJIBBQ8g@vger.kernel.org X-Gm-Message-State: AOJu0Yy7/h60f9gnAYtSNIPmyRYwj73Lr4FpB/TcxGF2FDwbGhmmie91 ZHzUrX3JtR6vgDO+jgTjS3nl4T1GWIJu9YN9gvHcH0ThLWHzBn+S X-Google-Smtp-Source: AGHT+IFZNdqmDMRaWeQrZGDy9jZ2H4fh7Yw5Q5rECkDHnj7pEjZGZvxIviCpZ1AmC/vQlz7wTzvSFA== X-Received: by 2002:a17:902:ce88:b0:206:a913:96a7 with SMTP id d9443c01a7336-20bff04acb3mr144662455ad.44.1728287255352; Mon, 07 Oct 2024 00:47:35 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:47:34 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 2/7] net: ip: make ip_route_input_mc() return drop reason Date: Mon, 7 Oct 2024 15:46:57 +0800 Message-Id: <20241007074702.249543-3-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Make ip_route_input_mc() return drop reason, and adjust the call of it in ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index e49b4ce1804a..76940ca7c178 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1696,8 +1696,9 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, } /* called in rcu_read_lock() section */ -static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, int our) +static enum skb_drop_reason +ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, int our) { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; @@ -1707,7 +1708,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); if (err) - return err; + return SKB_DROP_REASON_NOT_SPECIFIED; if (our) flags |= RTCF_LOCAL; @@ -1718,7 +1719,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, false); if (!rth) - return -ENOBUFS; + return SKB_DROP_REASON_NOMEM; #ifdef CONFIG_IP_ROUTE_CLASSID rth->dst.tclassid = itag; @@ -1734,7 +1735,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, skb_dst_drop(skb); skb_dst_set(skb, &rth->dst); - return 0; + return SKB_NOT_DROPPED_YET; } @@ -2440,12 +2441,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, * route cache entry is created eventually. */ if (ipv4_is_multicast(daddr)) { + enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); int our = 0; - int err = -EINVAL; if (!in_dev) - return err; + return -EINVAL; our = ip_check_mc_rcu(in_dev, daddr, saddr, ip_hdr(skb)->protocol); @@ -2466,11 +2467,11 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, IN_DEV_MFORWARD(in_dev)) #endif ) { - err = ip_route_input_mc(skb, daddr, saddr, - inet_dscp_to_dsfield(dscp), - dev, our); + reason = ip_route_input_mc(skb, daddr, saddr, + inet_dscp_to_dsfield(dscp), + dev, our); } - return err; + return reason ? -EINVAL : 0; } return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); From patchwork Mon Oct 7 07:46:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824275 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2F9718BB93; Mon, 7 Oct 2024 07:47:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287262; cv=none; b=m0Y0lmx/aNHTYZ1On7ZsizcaPNF6G12dFe4dh5JCy0t1cLwQWDb9bS4c+ih36g+dTJyNsl7U5zYCKLQqyzo69snEbGdweHTljUV+zIBmk8NQEkJlgLf4mCOf3DY+uNe59DTKKryPm4T16Hjqv5i+Bplkd3jZZ0puZRcJG5ubZ6s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287262; c=relaxed/simple; bh=uLj2cAm5rTKQ0+BYQBhpNHYDVfwryxhdgiEvOhpTf90=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=s6fx98kItZYNfFOS+4InYddIaHd7/9mJdJiputvXxcI4S2MYWCg7iQLIqNrHYYFDVf8NNzezeWpHHVNSmuTiI8a8HsGPGGVUaLeJ3rEg6tBUDTn2OfuSzphOQLc1PlcUof3GcU5arschOgKtd84XLvbj/i28DFb8YBZ7NCG9z74= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NH9M+rko; arc=none smtp.client-ip=209.85.214.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NH9M+rko" Received: by mail-pl1-f195.google.com with SMTP id d9443c01a7336-20b7eb9e81eso48103405ad.2; Mon, 07 Oct 2024 00:47:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287260; x=1728892060; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n8WPQR7zChu9vGAKKT3gtEp8vmWGx/ATFJW+z7i1Xzc=; b=NH9M+rkoKsQL+sXB1jbTOmf9JdiO3zEg09IrgyJK7EfivtdP/uTqwHd3bAF4SeLmuv /uo8aBAxJt0JXcWyqdUsY9uJWEjtmzfo2d7Q7CeHTWUraovn+8k2pafAdSZtbG32f86P s+EZl3dJK6yQYIzltRFhva68d/Egh8LhPEiRRqn8xZM7xlWqASPiT8ehEgh6iEUZlfdo B6aReVC/X68j8Qg5wHIwOFX/oBZqurIvJz6UnfhbgJ3/mnHTmpb2/Adn1hkqwNECYXL2 Mooc9PeZd/pkA6qvuGPasY0gIG863bmmTgP47hXTG+mHFiHkUinKLddkTZkFOM5aPdKk ohPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287260; x=1728892060; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n8WPQR7zChu9vGAKKT3gtEp8vmWGx/ATFJW+z7i1Xzc=; b=iF7OMb80b2xhquY4J5Bz0DK776MCtD78Tizj2zPS3Rm2MqpiBf/j4bQMwFtmnRhqef 56wUnQqla85fbl2luYjjwZk0R6b/o6ChfOZYgHTU9Pn1mRrxg42AbhyFqkLRI4Fa8Tzj D3ZAgQx9mVKXpm5Jlgv/gWYlXggV8HMCzDF8cwGhs5zmZhcD4CrMHxIeqYoYtn1YDQ2a rKqmkmyogheAtVHWm568JV7q3+4+Rn480blpPNGqfgFqPYgvMro5SLT66fkPSGGdLDbk OHfI+L97YnEgUXeGi3ime34Mxn96Ljac2EjBJhMXG0jNGYylfstzmrSibF86YmFSTY3l Lf8Q== X-Forwarded-Encrypted: i=1; AJvYcCUhoo8KBJ9Od6XPUDv2eqFoBCAeUE5H3uvSCnQgyfLdIauRkqe2WVZAMh1t3YLrOgqM2VG+nzaJ@vger.kernel.org, AJvYcCWYFqZ84u72EsDAUR1i3Enhe5Z5gY5T2mP5zLM1VxkSe6+wo1YO7CSDeP8aGxzbhm4kr2YWok2j4v9O3N8Z@vger.kernel.org, AJvYcCXaRD+v3U/DsA6dYJP3ATkdFMx9KYFs4uCqkRO2tJEBOPjBIbSc5FDe4GWA0lpQSiQbgsU=@vger.kernel.org X-Gm-Message-State: AOJu0YycyHTP/uqKRQqpayD2JhJEKGxQmZkT8+CA3eug4xzzaKOsrZqq LCy7bI4DTRqACEZfoSlkzCExrrK4C5fTyvwaaLZGyqhkrGhLIY+H X-Google-Smtp-Source: AGHT+IFFw8N6yA2W0Bz8cAi33a85qMhkcn99BQC0OWw4EtgWLoM/l6pgMAiJBWwJ/xUIJ/SuteH+Hw== X-Received: by 2002:a17:902:ec8a:b0:20b:449c:8978 with SMTP id d9443c01a7336-20bfe0357b5mr153007545ad.31.1728287260113; Mon, 07 Oct 2024 00:47:40 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:47:39 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 3/7] net: ip: make ip_mc_validate_source() return drop reason Date: Mon, 7 Oct 2024 15:46:58 +0800 Message-Id: <20241007074702.249543-4-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Make ip_mc_validate_source() return drop reason, and adjust the call of it in ip_route_input_mc(). Another caller of it is ip_rcv_finish_core->udp_v4_early_demux, and the errno is not checked in detail, so we don't do more adjustment for it. The drop reason "SKB_DROP_REASON_IP_LOCALNET" is added in this commit. Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 3 +++ include/net/route.h | 7 ++++--- net/ipv4/route.c | 33 ++++++++++++++++++--------------- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 76504e25d581..32d9fcb54af9 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -78,6 +78,7 @@ FN(IP_INNOROUTES) \ FN(IP_LOCAL_SOURCE) \ FN(IP_INVALID_SOURCE) \ + FN(IP_LOCALNET) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -375,6 +376,8 @@ enum skb_drop_reason { * 2) source ip is zero and not IGMP */ SKB_DROP_REASON_IP_INVALID_SOURCE, + /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ + SKB_DROP_REASON_IP_LOCALNET, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/include/net/route.h b/include/net/route.h index 5e4374d66927..35bc12146960 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -198,9 +198,10 @@ static inline struct rtable *ip_route_output_gre(struct net *net, struct flowi4 fl4->fl4_gre_key = gre_key; return ip_route_output_key(net, fl4); } -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, - struct in_device *in_dev, u32 *itag); +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, + struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 76940ca7c178..b41bb9be18e2 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1665,34 +1665,37 @@ struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt) EXPORT_SYMBOL(rt_dst_clone); /* called in rcu_read_lock() section */ -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, - struct in_device *in_dev, u32 *itag) +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + u8 tos, struct net_device *dev, + struct in_device *in_dev, u32 *itag) { int err; /* Primary sanity checks. */ if (!in_dev) - return -EINVAL; + return SKB_DROP_REASON_NOT_SPECIFIED; - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) || - skb->protocol != htons(ETH_P_IP)) - return -EINVAL; + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + return SKB_DROP_REASON_IP_INVALID_SOURCE; + + if (skb->protocol != htons(ETH_P_IP)) + return SKB_DROP_REASON_INVALID_PROTO; if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev)) - return -EINVAL; + return SKB_DROP_REASON_IP_LOCALNET; if (ipv4_is_zeronet(saddr)) { if (!ipv4_is_local_multicast(daddr) && ip_hdr(skb)->protocol != IPPROTO_IGMP) - return -EINVAL; + return SKB_DROP_REASON_IP_INVALID_SOURCE; } else { err = fib_validate_source(skb, saddr, 0, tos, 0, dev, in_dev, itag); if (err < 0) - return -EINVAL; + return -err; } - return 0; + return SKB_NOT_DROPPED_YET; } /* called in rcu_read_lock() section */ @@ -1702,13 +1705,13 @@ ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; + enum skb_drop_reason reason; struct rtable *rth; u32 itag = 0; - int err; - err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); - if (err) - return SKB_DROP_REASON_NOT_SPECIFIED; + reason = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); + if (reason) + return reason; if (our) flags |= RTCF_LOCAL; From patchwork Mon Oct 7 07:46:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824276 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f194.google.com (mail-pl1-f194.google.com [209.85.214.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8D3518C00D; Mon, 7 Oct 2024 07:47:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.194 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287267; cv=none; b=hw1UhO0es5WWIwr8QcBrOXWZ5oyVH9cMVYD28iLvy386xRTNlL00rXd/DYODlA6NlpTSycrtNx3u9tQGId4PTQQprd4yOEEVdSqr7Zr5rEnoG9onxFczckBweRCKFiASGQIIQ0VBsqAs7uIxi49t6zuMbHSgiy/HXUyCAihIBW8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287267; c=relaxed/simple; bh=PcBRA/xqFnL+MQ07gHCcLehxHh4Rb4BzAYlM5Dxl7aU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ZFUnH5VIl9OV6oRZq1IUsArAVzxEhSD16eu+Y+gVr/DVorddmBlSHbB5O3CijCBuEr943dJnmZSWDklgq8l8oiK2/OfmosgEgErxrudNiU6loGiNeJeNBIJhO8vjY3WdoGpDZjAx5j5l6tYqMEzxBWXVETS26U8s2YjTf8fjF7k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Zoc67R8v; arc=none smtp.client-ip=209.85.214.194 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Zoc67R8v" Received: by mail-pl1-f194.google.com with SMTP id d9443c01a7336-20b7463dd89so43441965ad.2; Mon, 07 Oct 2024 00:47:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287265; x=1728892065; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hfQ47ggmFri0VQv7FK4Zlb4Ak1exGMOdHKZ5pgC6MzE=; b=Zoc67R8vUKLj6QiS7B3NCEYdVgOmDOmlUrOgPaLvZEbRA9tPfWTLwFq8Rzd7Iz5GU1 VQed9vzKFaBLAgXz1N2QLpnDRnI+sQsEUb1YcUMPhx8/ZZI7eTdJXdmG8Z0QMDfNj7kO p9phTUyhzNRS9jj95HCtaywqC0eP7fMgEuOYpDseCyMLUmH0wU/UuJmtaO0a8/WFq9hg 0L8wkQTTRStKEMLeZBIfqugXSYlIwzbnG+qKX0PQHzPQTQjEsm6DvrfWkUFhYBs3xYh/ Tl7c+OYUlqJLLxseh5mA7fHJn7soxyMf/kwjHxmhKzCKEFdXSktQ36gMI2BHStJjHh7H 4DyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287265; x=1728892065; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hfQ47ggmFri0VQv7FK4Zlb4Ak1exGMOdHKZ5pgC6MzE=; b=CwX+Bj6r2nmeND+6lQWJe0oN0fUrSaK/V0YdQgn/qXIIFrxOm4LEgyakLi/0s8W+5P /JRf2oYAh1bTr2k/56t33YUxEibCuPJ9RIB6bDUD/6tidBBn73pIxci5mcllnviZZguM 2483o1euJzIxZQbgb/Jok/3Po0FQFpgTGICURdKiiZEhfJOYRn0aTtzgGjZ32RWe016A guKuNs7uMahuAKMIrOWsAf4if8t6DgxHFJGJjgFpcLd124vIu9QyTyVHGYJPbZdtqIp5 VVqhVWJFDVGEU/3/9XeZ8X11bAhpI5Lzlt331vLlqnsg7PXHwehJuAAY/p7bID8nsnHr FeMA== X-Forwarded-Encrypted: i=1; AJvYcCU79KYZxOC5N22cOrF+rP36wUVCga5vPyBZxe6fcUuY4OJ2r/XFJ9ABCAfJ25U3kd9hcPoWLtKzoBIIXc5a@vger.kernel.org, AJvYcCXFFqIxwwj7bQkTMUo572Ax4F8c89gCh7roRIHofkM71R0xANlWciz0gWC2+zx8vOC7zLQ=@vger.kernel.org, AJvYcCXWUHPwVuMRVyVGb7mx0BZUA+A3sZBsZJw/GWeogyRfTPUjfQFDhpFn2vI+3iT12aC528Z6YkFc@vger.kernel.org X-Gm-Message-State: AOJu0Yz8XK3huSLEy21YNLtiAusQnLwsrHKGG7eESv1M7B1QLOEOXBTk 0aVRjODeBRSx7TAdecOLBts4WbaVM/jTXzsDCd+K+7Lo8y/b+yJg X-Google-Smtp-Source: AGHT+IFKkPjceCn3dCoGeUfXxEm+Qd5/Ckkg2CB2n81ZyGDLB+2/5J4Ua1mC/Zq2eFgTrR9xxcG5rw== X-Received: by 2002:a17:902:ce88:b0:20b:6457:31db with SMTP id d9443c01a7336-20bfe044da1mr153723435ad.30.1728287265043; Mon, 07 Oct 2024 00:47:45 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:47:44 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 4/7] net: ip: make ip_route_input_slow() return drop reasons Date: Mon, 7 Oct 2024 15:46:59 +0800 Message-Id: <20241007074702.249543-5-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_slow() return skb drop reasons, and following new skb drop reasons are added: SKB_DROP_REASON_IP_INVALID_DEST The only caller of ip_route_input_slow() is ip_route_input_rcu(), and we adjust it by making it return -EINVAL on error. Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 6 +++++ net/ipv4/route.c | 51 +++++++++++++++++++++-------------- 2 files changed, 37 insertions(+), 20 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 32d9fcb54af9..e53f3d944e04 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -79,6 +79,7 @@ FN(IP_LOCAL_SOURCE) \ FN(IP_INVALID_SOURCE) \ FN(IP_LOCALNET) \ + FN(IP_INVALID_DEST) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -378,6 +379,11 @@ enum skb_drop_reason { SKB_DROP_REASON_IP_INVALID_SOURCE, /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ SKB_DROP_REASON_IP_LOCALNET, + /** + * @SKB_DROP_REASON_IP_INVALID_DEST: the dest ip is invalid: + * 1) dest ip is 0 + */ + SKB_DROP_REASON_IP_INVALID_DEST, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index b41bb9be18e2..9b3f7bebcd86 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2207,10 +2207,12 @@ static struct net_device *ip_rt_get_dev(struct net *net, * called with rcu_read_lock() */ -static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct fib_result *res) +static enum skb_drop_reason +ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { + enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); struct flow_keys *flkeys = NULL, _flkeys; struct net *net = dev_net(dev); @@ -2238,8 +2240,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, fl4.flowi4_tun_key.tun_id = 0; skb_dst_drop(skb); - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } res->fi = NULL; res->table = NULL; @@ -2249,21 +2253,29 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, /* Accept zero addresses only to limited broadcast; * I even do not know to fix it or not. Waiting for complains :-) */ - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } - if (ipv4_is_zeronet(daddr)) + if (ipv4_is_zeronet(daddr)) { + reason = SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(), * and call it once if daddr or/and saddr are loopback addresses */ if (ipv4_is_loopback(daddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_destination; + } } else if (ipv4_is_loopback(saddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } } /* @@ -2310,7 +2322,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, inet_dscp_to_dsfield(dscp), 0, dev, in_dev, &itag); if (err < 0) { - err = -EINVAL; + reason = -err; goto martian_source; } goto local_input; @@ -2326,18 +2338,21 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, make_route: err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, inet_dscp_to_dsfield(dscp), flkeys); -out: return err; + if (!err) + reason = SKB_NOT_DROPPED_YET; + +out: return reason; brd_input: if (skb->protocol != htons(ETH_P_IP)) - goto e_inval; + goto out; if (!ipv4_is_zeronet(saddr)) { err = fib_validate_source(skb, saddr, 0, inet_dscp_to_dsfield(dscp), 0, dev, in_dev, &itag); if (err < 0) { - err = -EINVAL; + reason = -err; goto martian_source; } } @@ -2356,7 +2371,7 @@ out: return err; rth = rcu_dereference(nhc->nhc_rth_input); if (rt_cache_valid(rth)) { skb_dst_set_noref(skb, &rth->dst); - err = 0; + reason = SKB_NOT_DROPPED_YET; goto out; } } @@ -2393,7 +2408,7 @@ out: return err; rt_add_uncached_list(rth); } skb_dst_set(skb, &rth->dst); - err = 0; + reason = SKB_NOT_DROPPED_YET; goto out; no_route: @@ -2414,12 +2429,8 @@ out: return err; &daddr, &saddr, dev->name); #endif -e_inval: - err = -EINVAL; - goto out; - e_nobufs: - err = -ENOBUFS; + reason = SKB_DROP_REASON_NOMEM; goto out; martian_source: @@ -2477,7 +2488,7 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, return reason ? -EINVAL : 0; } - return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); + return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res) ? -EINVAL : 0; } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, From patchwork Mon Oct 7 07:47:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824277 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f194.google.com (mail-pl1-f194.google.com [209.85.214.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C486118C00D; Mon, 7 Oct 2024 07:47:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.194 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287273; cv=none; b=pKO/TsiTXhw/8SxJlgf7UswIZ0sg1VgJl9lbZ5urI0+bQkODxGVN9Tca6t0K+/sGsFN3lUplK3wohWMnMDgpj20WDx2q4qsoWXuWJXd4esTG3pvNjcO14cPv8KSsfnU44C/7aNmP3EDFsfPa7MOo7d9E576OPShAn8+blRcecIo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287273; c=relaxed/simple; bh=sxNsyzxLuCMZK6+D+DlL45J8fo/1coelPi2WFJqDz4Y=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bzUF3N4cmq0Oi7t2l/6Hp6CgVwVOShxnxmuevkVKcoxhhpGg6UBYSuiyCZo5Ce/9+x1v0wQYCM3nyWcYaHnep9JwqlEBiUA8nYYX0pUB4nBCGP6Zmw3ACOFY3Otapck20kdTKvg0d0LSXS0Mo4oJ9yBVhCIt6ZSgn3kIXHcG56Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Nut1PKQe; arc=none smtp.client-ip=209.85.214.194 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Nut1PKQe" Received: by mail-pl1-f194.google.com with SMTP id d9443c01a7336-20b7a4336easo29382925ad.3; Mon, 07 Oct 2024 00:47:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287271; x=1728892071; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wQaiVJWmvcIfsn12maTEx9RMWPk2LP/M/KAqPR16eM4=; b=Nut1PKQeGkzQ9L/0Ev5ICSq9/46odUXvgLz6kdf9UnKcmdEvE61M+zcUB1tIx8azxV 4e+jwqEqNZt9ZLesh3jL368/jD+ewLs1uIS44BTXSbyyDK5uuHleIPAz/ysAhTJIBPub U11N3bNu3d7ob75DhAKFGousqNN0sAztnF3Ck83fZQRoMwZNC57xEWWEs9JFrdU6KnD8 F0uFh028oQLVEe7bMjQQ4TlB5BpjlGkgQNHaT0D5b7y+LUcxwxur11aNmUkGpf3sm7vK tUEBaEnk9lHbBeEoUoQzrwEmk1bs9AcTIJqyWQJKRrtuY+iCWzhmsZ+v/RqdfPtHdjim Y4Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287271; x=1728892071; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wQaiVJWmvcIfsn12maTEx9RMWPk2LP/M/KAqPR16eM4=; b=KRSvykdDLWWnCBY2J3k6o8iNl/uYFtTTtETgPRlzzGMIYgHuVv0z2IoxoMzTHlVk33 riDlixiG9+twNMRTGNKEPaBp2v+sMo9+ue357WRlfchqUSaFUst3JCPe/kvonnp8Ntsl HR8Dl7zU6WylsM2s1MNYHHm5ceHADOs5HAIACPJ4uyKo6ulgDkw8esrXmsbAUOdvUsVK cRk7Pw6YCeIer7qpH4awBMi0olI6w2HYi4LrxD1xOVmmibhsX5u5Vx8ElpWDMREARuI3 Qqdj8NwsQLS+MNAGbILjU7BgPiPUxCxBSBOmc5B0KCyz8NTkTTzmx34Jwmdr7YcFpvZ3 KE/Q== X-Forwarded-Encrypted: i=1; AJvYcCUB0Ti1dnh77sMd+VNSkSy2hjqlvgLAY7P/A/8vljkv19eAl74/kQiDdI+/yoZIpP988tU=@vger.kernel.org, AJvYcCVv4/lRkghQ+3P0X7HEkGPqKOLMm9Kyj6ZBsyXfucM66o5vD7yworU32SlCZQgv00b5sv7jyLVW@vger.kernel.org, AJvYcCXrvNI3czOfKi8sNM6lPktszHb+SIJUQbEwRpMF6czOaomPQgmfUg9V7woVtNVL3aPe//GQ6EGimwmsJ8+a@vger.kernel.org X-Gm-Message-State: AOJu0YyjcYZ4JUVx/C88x42mGYNOqYDbXqb8FupsUCqQrGsDi8mbTunq gkZV4xfjaWx3Fv1k5kJ2VzD2sTKjvDqpOtSJ8BPp3asL0SXH9jkNJvzMmXo0 X-Google-Smtp-Source: AGHT+IFr660uiVmoH0l70a1m4ey/6uGJ588TuModB7Z8souAdt6GbddUVdIMOh7K6QAbhw2k+NXDgw== X-Received: by 2002:a17:902:e848:b0:205:4e15:54ce with SMTP id d9443c01a7336-20bfdfc0564mr193949975ad.20.1728287271183; Mon, 07 Oct 2024 00:47:51 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:47:50 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 5/7] net: ip: make ip_route_input_rcu() return drop reasons Date: Mon, 7 Oct 2024 15:47:00 +0800 Message-Id: <20241007074702.249543-6-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_rcu() return drop reasons, which come from ip_route_input_mc() and ip_route_input_slow(). The only caller of ip_route_input_rcu() is ip_route_input_noref(). We adjust it by making it return -EINVAL on error and ignore the reasons that ip_route_input_rcu() returns. In the following patch, we will make ip_route_input_noref() returns the drop reasons. Signed-off-by: Menglong Dong --- net/ipv4/route.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 9b3f7bebcd86..56a1ebddde24 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2439,9 +2439,10 @@ out: return reason; } /* called with rcu_read_lock held */ -static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct fib_result *res) +static enum skb_drop_reason +ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { /* Multicast recognition logic is moved from route cache to here. * The problem was that too many Ethernet cards have broken/missing @@ -2485,23 +2486,23 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, inet_dscp_to_dsfield(dscp), dev, our); } - return reason ? -EINVAL : 0; + return reason; } - return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res) ? -EINVAL : 0; + return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev) { + enum skb_drop_reason reason; struct fib_result res; - int err; rcu_read_lock(); - err = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); + reason = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); - return err; + return reason ? -EINVAL : 0; } EXPORT_SYMBOL(ip_route_input_noref); @@ -3314,6 +3315,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, err = ip_route_input_rcu(skb, dst, src, inet_dsfield_to_dscp(rtm->rtm_tos), dev, &res); + err = err ? -EINVAL : 0; rt = skb_rtable(skb); if (err == 0 && rt->dst.error) From patchwork Mon Oct 7 07:47:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824278 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f194.google.com (mail-pl1-f194.google.com [209.85.214.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98DD018C345; Mon, 7 Oct 2024 07:47:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.194 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287278; cv=none; b=KKOj7hcaGnFHaZW6dS92jVHvTWUSEMBmq2qq2GCWud7wHwLU51bvHTP2Lr1Iqef6pCXfkejhOHQ03J3QAzysiJplCNc+1bWEPprkYZSIgQjjWjtTLhXmCvRxOrXLW+jk6szZxuB0faaYiiBsqyUUWuuzcopWFfLQX9i+xO3Hz40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287278; c=relaxed/simple; bh=0mkZZrHN/gwpxej8fgqezYlhQ3jB5OoSLalPv0uqQbQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ByJ7x53n0OlbxoXak66Vhctr5lq3B93HZjKcUniz14XB/zkMo1oJAbId/P/dTWkz5YqsbH+Yq6shjV+SQcZP5sASUUKQdE19frdmwqUnbqF9d4xtZmJb8AdeMAbs/lqyYSIk+nP5jo0tNzmbhILdHV67ND5Fy36lRBV4G9rMOMI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Q/ABahJM; arc=none smtp.client-ip=209.85.214.194 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Q/ABahJM" Received: by mail-pl1-f194.google.com with SMTP id d9443c01a7336-20b5fb2e89dso29982125ad.1; Mon, 07 Oct 2024 00:47:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287276; x=1728892076; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=76zvHd9GTjQjT7mAWVL0ptl3w/fNexDfvtqrobrhzGQ=; b=Q/ABahJMZSrkriNO9kmsmoi7PJvGpw3WS9FCl+AXUbPJ3zPiSkGPnK5YoYutnDkat2 VY7owwFUBXkXiuk2i6EZYN+6KgK81/NHGGA11rRB/+/nzG9xJWpxDUN5fSD+/tJRwl+s cSBTdSfO3O0N8qt+LJXczSbi6tKqugjpxsxZ8FA3iBzvL/Qo1j2QB6ElUtkJAI59WO9s Od/uxaTx6gdTm74Pmzy/tGkYPRg6O7gllTXjf7OkIgrxiF1RFv+u4NZgnQdDJHiRESH6 NF9FXePMj/3HWPjjfjy09dJIK5UMjzwB2kDIZudW9FOOVX9l5xIdLfI8plr1XXpwCIAb npgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287276; x=1728892076; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=76zvHd9GTjQjT7mAWVL0ptl3w/fNexDfvtqrobrhzGQ=; b=Oblu//+AptcFedWVto7AG+M1FyiqXNgw9EpZPOIQgVp1Z7foU5g/FqsVmtazz6EDEZ 4ijFS0FteoJpLm4J2YGI13iQ5e5bAXQ8yFWNmb33iRmSiZIhEagnusKY9eld2Zqjnctg 2Mkin1KmY4t4oFHzFn0wrtkhltgMVhQdngOX+GL9D7g3Y8BcKVoxH0Yq4pcWLMw5I6KD bT50SdCVDqPCMZSGAT4fh/X0j3X/nFcxyARsmSjRn+h7k7fLWgHu9POuKkJjh1DApxgT pvwwTw9V4Mw7Dl0no5LNVMMdSGnIvNb4t8eVf4OzehHqyCllqPdIdJEBd4lVGvU7Jrga qQ5g== X-Forwarded-Encrypted: i=1; AJvYcCVUYlmaJ/YsIZ55ezxDQwZQEX/3HvciD0VxWi+1NXrNOcCvoT8Csy6wkhldQyvqBuSUMIE=@vger.kernel.org, AJvYcCWSzPfhtaKUomWiPS1bvmFtaT4vmUE5t4WcHFoT8BHbIa2k4pncLpGiUs9ZWkjFHdRTnAO4zE7P@vger.kernel.org, AJvYcCWVRIPqLeWrIQU5QeMgxXd5MtsrRl8S7+I88So0GbJOOXGG3lbR0gPYfc1PSp867WSE14scUNGiaqlF3CNB@vger.kernel.org X-Gm-Message-State: AOJu0YzrKN5K3SkpRSkAIxwaIYXNVXHNqvTOKqWgWHM4dc74B8Vwxp/U tPT3C0NcuVUhYxqfjLWFKnumI5CqDsXUh2/egihuPA0EF/n4p5Wn X-Google-Smtp-Source: AGHT+IEj7oLYOrrtfJ+9IIi88QVobTgP4b+TyrmLdVb1feMH/NjH1HVEykfIB3d8WhT0shFEZ33gWw== X-Received: by 2002:a17:903:40ce:b0:20b:59be:77a with SMTP id d9443c01a7336-20bfe496042mr143677485ad.28.1728287275899; Mon, 07 Oct 2024 00:47:55 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:47:55 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 6/7] net: ip: make ip_route_input_noref() return drop reasons Date: Mon, 7 Oct 2024 15:47:01 +0800 Message-Id: <20241007074702.249543-7-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_noref() return drop reasons, which come from ip_route_input_rcu(). We need adjust the callers of ip_route_input_noref() to make sure the return value of ip_route_input_noref() is used properly. The errno that ip_route_input_noref() returns in the origin logic is returned by ip_route_input and bpf_lwt_input_reroute, and we make them return -EINVAL on error instead. In the following patch, we will make ip_route_input() returns drop reasons too. Signed-off-by: Menglong Dong --- include/net/route.h | 15 ++++++++------- net/core/lwt_bpf.c | 1 + net/ipv4/ip_fragment.c | 12 +++++++----- net/ipv4/ip_input.c | 7 ++++--- net/ipv4/route.c | 7 ++++--- 5 files changed, 24 insertions(+), 18 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index 35bc12146960..c0b1b5fb9b59 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -202,8 +202,9 @@ enum skb_drop_reason ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, u8 tos, struct net_device *dev, struct in_device *in_dev, u32 *itag); -int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev); +enum skb_drop_reason +ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev); int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, u8 tos, struct net_device *devin, const struct sk_buff *hint); @@ -211,18 +212,18 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, struct net_device *devin) { - int err; + enum skb_drop_reason reason; rcu_read_lock(); - err = ip_route_input_noref(skb, dst, src, dscp, devin); - if (!err) { + reason = ip_route_input_noref(skb, dst, src, dscp, devin); + if (!reason) { skb_dst_force(skb); if (!skb_dst(skb)) - err = -EINVAL; + reason = SKB_DROP_REASON_NOT_SPECIFIED; } rcu_read_unlock(); - return err; + return reason ? -EINVAL : 0; } void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, int oif, diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c index e0ca24a58810..a4652f2a103a 100644 --- a/net/core/lwt_bpf.c +++ b/net/core/lwt_bpf.c @@ -98,6 +98,7 @@ static int bpf_lwt_input_reroute(struct sk_buff *skb) skb_dst_drop(skb); err = ip_route_input_noref(skb, iph->daddr, iph->saddr, ip4h_dscp(iph), dev); + err = err ? -EINVAL : 0; dev_put(dev); } else if (skb->protocol == htons(ETH_P_IPV6)) { skb_dst_drop(skb); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 48e2810f1f27..52b991e976ba 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -132,12 +132,12 @@ static bool frag_expire_skip_icmp(u32 user) */ static void ip_expire(struct timer_list *t) { + enum skb_drop_reason reason = SKB_DROP_REASON_FRAG_REASM_TIMEOUT; struct inet_frag_queue *frag = from_timer(frag, t, timer); const struct iphdr *iph; struct sk_buff *head = NULL; struct net *net; struct ipq *qp; - int err; qp = container_of(frag, struct ipq, q); net = qp->q.fqdir->net; @@ -175,10 +175,12 @@ static void ip_expire(struct timer_list *t) /* skb has no dst, perform route lookup again */ iph = ip_hdr(head); - err = ip_route_input_noref(head, iph->daddr, iph->saddr, ip4h_dscp(iph), - head->dev); - if (err) + reason = ip_route_input_noref(head, iph->daddr, iph->saddr, + ip4h_dscp(iph), head->dev); + if (reason) goto out; + else + reason = SKB_DROP_REASON_FRAG_REASM_TIMEOUT; /* Only an end host needs to send an ICMP * "Fragment Reassembly Timeout" message, per RFC792. @@ -195,7 +197,7 @@ static void ip_expire(struct timer_list *t) spin_unlock(&qp->q.lock); out_rcu_unlock: rcu_read_unlock(); - kfree_skb_reason(head, SKB_DROP_REASON_FRAG_REASM_TIMEOUT); + kfree_skb_reason(head, reason); ipq_put(qp); } diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index a6f5bfc274ee..aeb71675052c 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -362,10 +362,11 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, * how the packet travels inside Linux networking. */ if (!skb_valid_dst(skb)) { - err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); - if (unlikely(err)) + drop_reason = ip_route_input_noref(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + if (unlikely(drop_reason)) goto drop_error; + drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; } else { struct in_device *in_dev = __in_dev_get_rcu(dev); diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 56a1ebddde24..6baaaf0bcb3e 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2492,8 +2492,9 @@ ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); } -int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev) +enum skb_drop_reason ip_route_input_noref(struct sk_buff *skb, __be32 daddr, + __be32 saddr, dscp_t dscp, + struct net_device *dev) { enum skb_drop_reason reason; struct fib_result res; @@ -2502,7 +2503,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, reason = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); - return reason ? -EINVAL : 0; + return reason; } EXPORT_SYMBOL(ip_route_input_noref); From patchwork Mon Oct 7 07:47:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13824279 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f195.google.com (mail-pl1-f195.google.com [209.85.214.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48D7D188CB7; Mon, 7 Oct 2024 07:48:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287284; cv=none; b=mudoYDW63Zg1sHPSsObqvHtwpEwsKkAW0OTYVaayqjj2GTQ61BuoRLfmtJq77IoZo2sDql1uTl+RwlABvB1ZQz/u00XBZZ6qjeIxOD4Ip2PP/CQvuGAuxFeek1O5r+s/4ihKL7v1XBHvuB808QpuslL80BrzNt4qh1A9h2RhEss= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728287284; c=relaxed/simple; bh=AFtinQhikZyKitdPfZNlcdt31jcLu6Yv1Ja9JGIMARQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=keCGbpxtJ5xfFEDqWqBCoCs58WanFZ6GWige43bVhCA8XoGFYuqbhdTlzjkwDW0ewOKc7QwKp0r9g6iiKysmaL7lXCsI2Q8y+HU2GSc1CehreLlJUu2P3rJWI4xBq8Mv3O/N/Gi8unQtg5Ubu/fwwqlSkW1f1vP929okmGDYwts= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=fA1Ad1ne; arc=none smtp.client-ip=209.85.214.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fA1Ad1ne" Received: by mail-pl1-f195.google.com with SMTP id d9443c01a7336-20ba8d92af9so29867565ad.3; Mon, 07 Oct 2024 00:48:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728287282; x=1728892082; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wyp3LmvP1ogw5p4ky3MkRZN9RsleA4VcicUieYoXaao=; b=fA1Ad1neHv790sl7YlyP53QqXqCZAql5nHGZh2lLiE8LKOSgwD8AJJcEaZ3WyiNpWw 3j2xDQ7dabw/A3uENkYNiIqnyBm69xRB3n/UQdC+UJPI55btZoRTLfeNd7CFPoREeYed 10FVNBE/zac7haB5z1dOrbMr3MAJGbdKssUsFXy9VLjTFqocR8I6N9QYHlA37xwHRA8s tXEsj66uavSonBfS5qC9c1a0RFh00DZ6W+3vLlhWe5yMC1qJOiJXEe/LtckYwO2WpuHI pBTm63V/pistTHx+mqJDfRSvm1NWErtHbEVhvhwXZTxDFAn4ftmv+S3a8kvnsvWE3LYP Qh+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728287282; x=1728892082; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wyp3LmvP1ogw5p4ky3MkRZN9RsleA4VcicUieYoXaao=; b=DCbFnGvQPMwWk1OUmmXepvqtDL0GsdUzG7YrNzntUObXWIj4u1LvDq/ZTgL+0/ShEG t/bh3vPaCJc12aeVraZNih/xP+8ssHVbiGGIR/1QS1wAOqJvk7rJIOeVhNqApevuKUe3 KzTf0ccypN7bHdAXeALo4nYq5zp8lhc1tFJeqdM4LFfsn9OTGd78HxjQ73qb8PWJF91K lJ6uO/apkCackITqjULXFKn6JnoW9VFwTQKKoORoAKLyemTsY1EtY8wxiyzr4RXVV2GC uVoI2x1iQQKwtHgwNseXwYWjEZ+pR6E6kf30IPq0cyC225U/IRFCcCxIje+8CgBleeTH lhfg== X-Forwarded-Encrypted: i=1; AJvYcCUp95wOGcRFXTgXyRpTHYX7fffyKCCASXg2GerQ+drCHaeOqM2HEj1Qs4Yi4cJtrJQYJQyqNuzU@vger.kernel.org, AJvYcCW7C6bnWfan2i7LpWZQISYox4WpJ7xyQtWRCyz8BHyOFQUkANs/THbnAxsw3XvxK6dBRnDdZLh+2ivyR9df@vger.kernel.org, AJvYcCXG3kSIctkwAjrycTxijGiWRnmAJI+TMiybtKWrsVcGPz99pewIVq08X6aDqUjYhleyBcM=@vger.kernel.org X-Gm-Message-State: AOJu0Yyy1Hq1x1TS9RCjSvGM1AnNSRPMtD8UK8DAyvxXgVCLYVAECbuC bkWjmvxYyC5Ub691dFbveN4U9hY664dwo/eYBDF2m0B/jbZYlGNK X-Google-Smtp-Source: AGHT+IHwrjE/SnjfkzYiNUS/YvoOeTq8epmjrCoTM4gX34wia0xyYe74rL6fiPjkr6JnxSxiotfjNg== X-Received: by 2002:a17:902:e547:b0:20b:b75d:e8c1 with SMTP id d9443c01a7336-20bfde5567cmr190170345ad.4.1728287281651; Mon, 07 Oct 2024 00:48:01 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20c1393a15fsm34375395ad.121.2024.10.07.00.47.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 00:48:01 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: edumazet@google.com, kuba@kernel.org Cc: davem@davemloft.net, pabeni@redhat.com, dsahern@kernel.org, steffen.klassert@secunet.com, herbert@gondor.apana.org.au, dongml2@chinatelecom.cn, bigeasy@linutronix.de, toke@redhat.com, idosch@nvidia.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next v2 7/7] net: ip: make ip_route_input() return drop reasons Date: Mon, 7 Oct 2024 15:47:02 +0800 Message-Id: <20241007074702.249543-8-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241007074702.249543-1-dongml2@chinatelecom.cn> References: <20241007074702.249543-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input() return skb drop reasons that come from ip_route_input_noref(). Meanwhile, adjust all the call to it. Signed-off-by: Menglong Dong --- include/net/route.h | 7 ++++--- net/bridge/br_netfilter_hooks.c | 11 ++++++----- net/ipv4/icmp.c | 1 + 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index c0b1b5fb9b59..87d2c103616e 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -209,8 +209,9 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, u8 tos, struct net_device *devin, const struct sk_buff *hint); -static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, - dscp_t dscp, struct net_device *devin) +static inline enum skb_drop_reason +ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, + struct net_device *devin) { enum skb_drop_reason reason; @@ -223,7 +224,7 @@ static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, } rcu_read_unlock(); - return reason ? -EINVAL : 0; + return reason; } void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, int oif, diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index c6bab2b5e834..ab4b9c6ae34b 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -372,8 +372,8 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); struct net_device *dev = skb->dev, *br_indev; const struct iphdr *iph = ip_hdr(skb); + enum skb_drop_reason reason; struct rtable *rt; - int err; br_indev = nf_bridge_get_physindev(skb, net); if (!br_indev) { @@ -389,9 +389,9 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ } nf_bridge->in_prerouting = 0; if (br_nf_ipv4_daddr_was_changed(skb, nf_bridge)) { - err = ip_route_input(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); - if (err) { + reason = ip_route_input(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + if (reason) { struct in_device *in_dev = __in_dev_get_rcu(dev); /* If err equals -EHOSTUNREACH the error is due to a @@ -401,7 +401,8 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ * martian destinations: loopback destinations and destination * 0.0.0.0. In both cases the packet will be dropped because the * destination is the loopback device and not the bridge. */ - if (err != -EHOSTUNREACH || !in_dev || IN_DEV_FORWARD(in_dev)) + if (reason != SKB_DROP_REASON_IP_INADDRERRORS || !in_dev || + IN_DEV_FORWARD(in_dev)) goto free_skb; rt = ip_route_output(net, iph->daddr, 0, diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 23664434922e..c3bafff093e0 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -546,6 +546,7 @@ static struct rtable *icmp_route_lookup(struct net *net, struct flowi4 *fl4, skb_dst_set(skb_in, NULL); err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr, dscp, rt2->dst.dev); + err = err ? -EINVAL : 0; dst_release(&rt2->dst); rt2 = skb_rtable(skb_in);