From patchwork Thu Nov 7 12:55:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866388 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40640210198; Thu, 7 Nov 2024 12:56:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984211; cv=none; b=q1D3rWEd9JphA2CDOT6lW2tCf7JQlgkFgEG2zZNEHDugwyHrL43ByE+ixPKyePteRlBR+Ljbj3OkxhHzi4sA6JHa0pbZ3W/vMGo0PvEAFVcJHdha/wH+Y9pwB74OSrb3XaqYj35N59cTBCx+RRiCjCgTu6R2XL2E1VoUcX5Ag54= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984211; c=relaxed/simple; bh=VRFZX0PxZ+x+OxZ+v3J66P8Bzgc+fTvBmulPtkU+gqY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=aXTrYSkVFtcFpzICkpqV7CIzeo/TcoXn8eMzz1KsEJj0VLxhRh/73GRfA8SeX8DRWHP39xGbtX/YN9cLDvaR/eHGhHtml+iJvv+OpHBC9PcjrL0ft5Jys2ZONv/VOXIM/vEVGQJGZoSU4+7g3Hg7b6H58PHAjQ0cu4uCIJRVzgE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=jChOgILa; arc=none smtp.client-ip=209.85.210.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jChOgILa" Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-720d14c8dbfso711714b3a.0; Thu, 07 Nov 2024 04:56:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984209; x=1731589009; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6G2CC+sHGPF4Txdej5kZadhy+Szsb6AhNP7Za8Jlvvk=; b=jChOgILaYGu0yDtrsh3vz+Km6VHGeVoVa9i+3guLmEleKnUOpc4SuNVHU/mNJgjBCo YYKmaDecVWTUIZ6mEKMcvXHotW4VFouVtJcmEXq+Di9o6oPN3rc9/M+LwY/qX9eqbof2 QF4QYPKhmPFho7UOhv7C1w/UWE+5RdcpndNMf0wGxxSjaklECcAJhp6u8kAxUmUvDw4l ULAJP/pxl8rOsCeWe4+eH/fOlKYCvZqNuWeebRDEGDYaXp8ESlEJIPut1B7vHErSiLt+ 1M55avYjBydquKENnV429RGN8hH3/ze8tkiVvuU/EHwRVxL72KALh3UDWNkomAWqjipU TyhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984209; x=1731589009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6G2CC+sHGPF4Txdej5kZadhy+Szsb6AhNP7Za8Jlvvk=; b=qqsRlYiepfo1RdP9vNlgpVRpE1Qpg6ttafVb91DvOn4yrSErcR7C+fEueckp1eR/hD qtDCv4a+tdc7Ax2TQ4yMXPGdKD9UzPyyUtG9cxBXIzu40uYsuqhzhinq8Sq7agRYTgRh KVmjiMi4pY9hf26vEfjLkC6n9kviWZPSvHobxcSycecqq5F/iAYxeW/zefk1OZFRCsCY 1AQcf4AH5eG6rlJLZO3uLdli5U7e+IKbbNgQFBOXTVJl/e33d6sL7Im8vtD2XN3OdOfq 1uAsVabdNdxbbkL6gahee5FulZmJlTX3Cr7/LGO5tU56uVOWr+4WI0hOc1qpMGiWv/HL Xv2w== X-Forwarded-Encrypted: i=1; AJvYcCU3o6MOfcvVzrsnqmwIeedvr7KJINFp5j3xqTuja21sta+rmPi+jxWWWYx0XgLS9XcaKUXeDA61el2ET1H1@vger.kernel.org, AJvYcCUHKODIOYt8bKSHNcqIb+mpsx7TAFlK+gYx36sa2s/4xQV47dfa3c/5JXj8A6GVj/QbEy8=@vger.kernel.org, AJvYcCXrhEJ/Ghp9yRLmzzPeJeDAIpEsliMbIBN3Cku24y5rnyQWPvRMC2cKSlE46fEMX9gfbBs4sF9ZrRPb7JYEZf4b@vger.kernel.org, AJvYcCXsGEFkean84RPUWH2YHYBq/PbcikK/4fecgsTI4BY0p+vfvI4olmBr9VS1OcsyMKLKDXYCaINl@vger.kernel.org X-Gm-Message-State: AOJu0YyVkybRXxeCYswgPsEBnx4B8ObE4JnnubOebqwDrnHuhkBnL8hT eQ4KcfMEkCad8/kGOJ360YSSNnVZqZHplE4eHXupcpNsopcoIBMm X-Google-Smtp-Source: AGHT+IHLFBcTBrHyLFQ+zhJ46XQjTNNwOxfse01LfUXbkhPkh8gt9DOvj7vsWJDsF3rCIFHVjsSBig== X-Received: by 2002:a05:6a00:843:b0:71e:5fa1:d3e4 with SMTP id d2e1a72fcca58-7240cdcd278mr1093669b3a.2.1730984209347; Thu, 07 Nov 2024 04:56:49 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.56.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:56:48 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 1/9] net: ip: make fib_validate_source() support drop reasons Date: Thu, 7 Nov 2024 20:55:53 +0800 Message-Id: <20241107125601.1076814-2-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make fib_validate_source() and __fib_validate_source() return -reason instead of errno on error. The return value of fib_validate_source can be -errno, 0, and 1. It's hard to make fib_validate_source() return drop reasons directly. The fib_validate_source() will return 1 if the scope of the source(revert) route is HOST. And the __mkroute_input() will mark the skb with IPSKB_DOREDIRECT in this case (combine with some other conditions). And then, a REDIRECT ICMP will be sent in ip_forward() if this flag exists. We can't pass this information to __mkroute_input if we make fib_validate_source() return drop reasons. Therefore, we introduce the wrapper fib_validate_source_reason() for fib_validate_source(), which will return the drop reasons on error. In the origin logic, LINUX_MIB_IPRPFILTER will be counted if fib_validate_source() return -EXDEV. And now, we need to adjust it by checking "reason == SKB_DROP_REASON_IP_RPFILTER". However, this will take effect only after the patch "net: ip: make ip_route_input_noref() return drop reasons", as we can't pass the drop reasons from fib_validate_source() to ip_rcv_finish_core() in this patch. Following new drop reasons are added in this patch: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE Signed-off-by: Menglong Dong --- v4: - don't refactor fib_validate_source/__fib_validate_source, and introduce a wrapper for fib_validate_source() instead. v2: - make fib_validate_source() return drop reasons, instead of -reason. --- include/net/dropreason-core.h | 10 ++++++++++ include/net/ip_fib.h | 12 ++++++++++++ net/ipv4/fib_frontend.c | 17 ++++++++++++----- net/ipv4/ip_input.c | 4 +--- net/ipv4/route.c | 33 +++++++++++++++++++-------------- 5 files changed, 54 insertions(+), 22 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index d59bb96c5a02..62a60be1db84 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -76,6 +76,8 @@ FN(INVALID_PROTO) \ FN(IP_INADDRERRORS) \ FN(IP_INNOROUTES) \ + FN(IP_LOCAL_SOURCE) \ + FN(IP_INVALID_SOURCE) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -373,6 +375,14 @@ enum skb_drop_reason { * IPSTATS_MIB_INADDRERRORS */ SKB_DROP_REASON_IP_INNOROUTES, + /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */ + SKB_DROP_REASON_IP_LOCAL_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_SOURCE: the source ip is invalid: + * 1) source ip is multicast or limited broadcast + * 2) source ip is zero and not IGMP + */ + SKB_DROP_REASON_IP_INVALID_SOURCE, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index b6e44f4eaa4c..a113c11ab56b 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -452,6 +452,18 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, dscp_t dscp, int oif, struct net_device *dev, struct in_device *idev, u32 *itag); +static inline enum skb_drop_reason +fib_validate_source_reason(struct sk_buff *skb, __be32 src, __be32 dst, + dscp_t dscp, int oif, struct net_device *dev, + struct in_device *idev, u32 *itag) +{ + int err = fib_validate_source(skb, src, dst, dscp, oif, dev, idev, + itag); + if (err < 0) + return -err; + return SKB_NOT_DROPPED_YET; +} + #ifdef CONFIG_IP_ROUTE_CLASSID static inline int fib_num_tclassid_users(struct net *net) { diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 0c9ce934b490..87bb36a5bdec 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -346,6 +346,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, int rpf, struct in_device *idev, u32 *itag) { struct net *net = dev_net(dev); + enum skb_drop_reason reason; struct flow_keys flkeys; int ret, no_addr; struct fib_result res; @@ -377,9 +378,15 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, if (fib_lookup(net, &fl4, &res, 0)) goto last_resort; - if (res.type != RTN_UNICAST && - (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) - goto e_inval; + if (res.type != RTN_UNICAST) { + if (res.type != RTN_LOCAL) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; + goto e_inval; + } else if (!IN_DEV_ACCEPT_LOCAL(idev)) { + reason = SKB_DROP_REASON_IP_LOCAL_SOURCE; + goto e_inval; + } + } fib_combine_itag(itag, &res); dev_match = fib_info_nh_uses_dev(res.fi, dev); @@ -412,9 +419,9 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, return 0; e_inval: - return -EINVAL; + return -reason; e_rpf: - return -EXDEV; + return -SKB_DROP_REASON_IP_RPFILTER; } /* Ignore rp_filter for packets protected by IPsec. */ diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 89bb63da6852..c40a26972884 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -425,10 +425,8 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, return NET_RX_DROP; drop_error: - if (err == -EXDEV) { - drop_reason = SKB_DROP_REASON_IP_RPFILTER; + if (drop_reason == SKB_DROP_REASON_IP_RPFILTER) __NET_INC_STATS(net, LINUX_MIB_IPRPFILTER); - } goto drop; } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 763398e08b7d..f64c0221c221 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1669,7 +1669,7 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, struct in_device *in_dev, u32 *itag) { - int err; + enum skb_drop_reason reason; /* Primary sanity checks. */ if (!in_dev) @@ -1687,10 +1687,10 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, ip_hdr(skb)->protocol != IPPROTO_IGMP) return -EINVAL; } else { - err = fib_validate_source(skb, saddr, 0, dscp, 0, dev, in_dev, - itag); - if (err < 0) - return err; + reason = fib_validate_source_reason(skb, saddr, 0, dscp, 0, + dev, in_dev, itag); + if (reason) + return -EINVAL; } return 0; } @@ -1788,6 +1788,7 @@ static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, err = fib_validate_source(skb, saddr, daddr, dscp, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { + err = -EINVAL; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -2140,6 +2141,7 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, struct in_device *in_dev = __in_dev_get_rcu(dev); struct rtable *rt = skb_rtable(hint); struct net *net = dev_net(dev); + enum skb_drop_reason reason; int err = -EINVAL; u32 tag = 0; @@ -2158,9 +2160,9 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (rt->rt_type != RTN_LOCAL) goto skip_validate_source; - err = fib_validate_source(skb, saddr, daddr, dscp, 0, dev, in_dev, - &tag); - if (err < 0) + reason = fib_validate_source_reason(skb, saddr, daddr, dscp, 0, dev, + in_dev, &tag); + if (reason) goto martian_source; skip_validate_source: @@ -2202,6 +2204,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, struct fib_result *res) { + enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); struct flow_keys *flkeys = NULL, _flkeys; struct net *net = dev_net(dev); @@ -2296,10 +2299,11 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, goto brd_input; } + err = -EINVAL; if (res->type == RTN_LOCAL) { - err = fib_validate_source(skb, saddr, daddr, dscp, 0, dev, - in_dev, &itag); - if (err < 0) + reason = fib_validate_source_reason(skb, saddr, daddr, dscp, + 0, dev, in_dev, &itag); + if (reason) goto martian_source; goto local_input; } @@ -2320,9 +2324,10 @@ out: return err; goto e_inval; if (!ipv4_is_zeronet(saddr)) { - err = fib_validate_source(skb, saddr, 0, dscp, 0, dev, in_dev, - &itag); - if (err < 0) + err = -EINVAL; + reason = fib_validate_source_reason(skb, saddr, 0, dscp, 0, + dev, in_dev, &itag); + if (reason) goto martian_source; } flags |= RTCF_BROADCAST; From patchwork Thu Nov 7 12:55:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866389 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26007212F12; Thu, 7 Nov 2024 12:56:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984217; cv=none; b=udeYZ2JptMlvtHG/weDr63qKUdv9py4gNYjrW6Dw4lftChx6Nr5T4BgGpvd7Q6qSs5Hekk6Yd3XM4zY8v1FbAcz87zF/NyUs6c7jfqMoTk+YmhusQOpOFCerUkSVmbZzQ+8meOqOiPlv4ktMv63KmXTV2+xzZdxv/+ThsJMthbo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984217; c=relaxed/simple; bh=jalKiGNYxieOdmuauWZ46l1HYvkQABXljddM93EYgn4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=suHInQ6JVf6l/m3XwO4mwlZwsqoiB4ANthyWs3ZlGxZ9KfwglFy8bI+E4jQCA8Qr0mE+RrQbLtC8XGbzs++0yvOO51i8ZDMD3e3DjHkxeRZ5VlfACb8mpBUBJWpx8NDaq8mdImCDgaEoTXESaov4jmS8HShWeFVZfriIxgK050U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IGXnH+tt; arc=none smtp.client-ip=209.85.210.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IGXnH+tt" Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-71e49ad46b1so726802b3a.1; Thu, 07 Nov 2024 04:56:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984215; x=1731589015; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YCNnhtybNfvt04iDpo5zyre6+yqd+pwPbIIAs/JSjPU=; b=IGXnH+tt3Aj/SvVzzm8esRRUDdLI5bQFbE0HCe78m3AJhwAI8HUqH0JVrb4O2H20PF StMTwCxlqPnX2rEWApYnxvu4TtPMjEgR3656s4R7wVZxlj+BmdY9m7uUFSWurEvwgk6h AqaFQEcgvQv5LVNDuivTZaOJ51NNm9l/VnxHNpdmzqhFYpmAVmMyYS7jV/j66E67UGAb 36aO0B6KkCOcqAqKukP70Bw+qCO0VUVXgi7w2SUK+gNkP+hdrSa0zzfVjciy7ZoSyOCj 2F1mSr7lJIJPxNbfbnZPBQSIS1Bh+It2jpiW2JKkIl/mDBfpWvz0J7GNAfzwz0Pb+L2G +Xig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984215; x=1731589015; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YCNnhtybNfvt04iDpo5zyre6+yqd+pwPbIIAs/JSjPU=; b=h5v4NdUPMX70+f8yezvZ5Z5FQ/1uhbI52BEYqzVdCqOy6aGOpXHsXr7Wtw+9Qkd+Z/ WpNOleMEYsBcluai2n2hf5jrrpS1RCTRxg2Y0B9D7t05unLNLC+AUmGUsBACqcol3bRA n0Vx15FjIHcunmSfWlOUrA8EpUNwv+6XT7y+2sgG7aVnTG6Fh8PSr40wx3fm80TVYiGe lcFj1VGP+1iWryrqIyLgSGz6TgnV+iqncsTT7wVbWVeqV/LgAEjbwwtHVyjr8Nmx+t3A yXb8sQzwI3/8hdLSxfEWxp2Gr+Nchpbvmr6s3cSLq6XQJ0+5ZwF44Eje8WnVqXpx3qeZ +vWA== X-Forwarded-Encrypted: i=1; AJvYcCUCVdeJN4HFQCTPLH5DeCdyIBJHtT53+AhcGtKqQIJ71ouKE6aXApH0MbR4BR5j2tQlu/0=@vger.kernel.org, AJvYcCVviQLDSOgD4en7JqL5kkht4YjRd0dwdqe3Qv/oPtVbRNMcF/0BZ/Bkb4M1R21SHgGwnDQCvWxX@vger.kernel.org, AJvYcCW4p/9HZm/VXmad70kfjBiSoAgjG/SWZotqlf5FZiui6xeKzaE+xi78Qrz2crNp8TWzMP462HhwFQGqTbJFi3pb@vger.kernel.org, AJvYcCWjOgS0LO7OZamSbKer3Fyjxxp1abI+uB4PW/KIEXT2TRhPqmQnShV5vDyAR+jeKi1E+f6ZCWqzmxY8NaDt@vger.kernel.org X-Gm-Message-State: AOJu0YzXeQGL8oj7V6YzT+kl7JVt/dtLDRO9qB2cYhp/oNVtGZj09Yqr NQ0UkBPGiwYlB95NM4C/SwVpQzKvQPxMt6LMZiO78tINACap2s5K X-Google-Smtp-Source: AGHT+IHeCdO4Mk8XM+g3M+PuhA6QC1V3CjuvQ5OxvLfarz4l+oMySgbRHgUpRjZFu1qRaDeoTU2ZdQ== X-Received: by 2002:a05:6a00:2305:b0:71e:7046:c0f8 with SMTP id d2e1a72fcca58-72063095e6emr51487563b3a.26.1730984215331; Thu, 07 Nov 2024 04:56:55 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.56.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:56:54 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 2/9] net: ip: make ip_route_input_mc() return drop reason Date: Thu, 7 Nov 2024 20:55:54 +0800 Message-Id: <20241107125601.1076814-3-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Make ip_route_input_mc() return drop reason, and adjust the call of it in ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f64c0221c221..ccbaf6207299 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1696,8 +1696,9 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, } /* called in rcu_read_lock() section */ -static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, int our) +static enum skb_drop_reason +ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, int our) { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; @@ -1708,7 +1709,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, &itag); if (err) - return err; + return SKB_DROP_REASON_NOT_SPECIFIED; if (our) flags |= RTCF_LOCAL; @@ -1719,7 +1720,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, false); if (!rth) - return -ENOBUFS; + return SKB_DROP_REASON_NOMEM; #ifdef CONFIG_IP_ROUTE_CLASSID rth->dst.tclassid = itag; @@ -1735,7 +1736,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, skb_dst_drop(skb); skb_dst_set(skb, &rth->dst); - return 0; + return SKB_NOT_DROPPED_YET; } @@ -2433,12 +2434,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, * route cache entry is created eventually. */ if (ipv4_is_multicast(daddr)) { + enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); int our = 0; - int err = -EINVAL; if (!in_dev) - return err; + return -EINVAL; our = ip_check_mc_rcu(in_dev, daddr, saddr, ip_hdr(skb)->protocol); @@ -2459,10 +2460,10 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, IN_DEV_MFORWARD(in_dev)) #endif ) { - err = ip_route_input_mc(skb, daddr, saddr, dscp, dev, - our); + reason = ip_route_input_mc(skb, daddr, saddr, dscp, + dev, our); } - return err; + return reason ? -EINVAL : 0; } return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); From patchwork Thu Nov 7 12:55:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866390 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 942142139C7; Thu, 7 Nov 2024 12:57:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.193 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984225; cv=none; b=CLcfY0eQZXS1J59d2hP+BOAkGs2gmtJY4aV77pFDtg1GxJXWwDsB7GO+4XiGj3DRhoesYj0bz+8uwTSoMC8uwM3u+G6plhVpYu6gHzJycvarsLyw1Ip3gkP1zXpP1UUB2h5RL2N83SSI4giYdwvTRGAJEyW9LVSW6dfQyukI8y4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984225; c=relaxed/simple; bh=Hwlyk1RkZ8H0cJe0cYToxVJgBU3qh+yZ7+dZVE9YlwY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=h9+Slqak4J8AeLrWed25s4eA7818C/oDLKFWu36HqJWbRT+Frd5VmeHnr1Xd5tra22JtdEhvBtxIR57bBuFhkyvDjiiAGRoJVkMbYD2ZgR+gWaz5PLneYFJd7AubUHVdTEH4v/pZ8GI5itVkRjHzBU1Djlui3K/VthJ/ZfCbCz0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dPzqrs1F; arc=none smtp.client-ip=209.85.210.193 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dPzqrs1F" Received: by mail-pf1-f193.google.com with SMTP id d2e1a72fcca58-7205b6f51f3so667940b3a.1; Thu, 07 Nov 2024 04:57:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984223; x=1731589023; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PTqkz36ekB+JArtkSWdZup78l4dvG65c4a97rkbFY2g=; b=dPzqrs1FqPjRr9XV8qqUUcofOfEP7KyvbrIIA3ApDiDH4XnCYS0WoV/jcGtbdoin2W WezhozgX9NcU7IhEGVVvydklz7ltFuYIfd58vaUUKLj1xOwcpHz16eZWUUSu1kNdG7Q1 A4sLsAcBVlE88owGM16b9fBRNROhnu7muKR2KvxjT0jccOssw3FinMOmg87a6GA748zr vbL/qbUxUcPPbuK/C62zepa+JEwP2aBxuIQOOWUpGv2zVlCrly1G084YZKubGgurB6nq iJdB9eH3vQOr3RRCV0VWgCGCGWoMb5fYqeOLknd8tk21SPWdPfxjzwxLKYMLthyEkE7P 3fEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984223; x=1731589023; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PTqkz36ekB+JArtkSWdZup78l4dvG65c4a97rkbFY2g=; b=rHUPyKXqQKJVoiUslx4n8I+d48LpSx8J64MaNqi3z3j7hQqhRrNIQ9xJrFT460Dc8p Zv0Vs8kk9c1Fto7yRlpKjVDUk3PEpl/zz8JVGueGqFHVlu+95smA9O8rvVpcscdbeFxg TCZMZe6T0UTgDXgHdJ278fVy5hP4UgHYtcR+nahjlypX+PZGT+aAOztzEAaMy4tE0Vq3 sUa7fShUNWsGp6BKASUqx4F2h92xwAW2bdHjyW/kYw4VuLLLwYcFr8LzrMO1fZS/oTKZ CfmoWmhRH9BlKfEHFXO428pPpE8ZM2Co+Tx4B+pTszmrh/AqbG0BMWWxYjQMIfAiI37L rZ/Q== X-Forwarded-Encrypted: i=1; AJvYcCUVWNFEqKVXh/WrP2R9GnvrMbxK/l1JZ8DhyIxbEpNWKaJGSrHqHev1Wv4t7o/YejzHeiqtIV7t@vger.kernel.org, AJvYcCV+rtP9KvqrRluJ5II3H4q0WhltMWB0BUYZREpNspJERbbFZUNAxQWDB5AzNVLVwklmpfyZA7RwhIrUsRJu@vger.kernel.org, AJvYcCVKaq4cc+iWrwT/W2qD8Q4e895nxsC6o+UMvcTdERTaIFi9rePC5uvi2quEQvVjHqKDPOo=@vger.kernel.org, AJvYcCWOEQxf+zy4g01LNZXE3cHUIkZUx6FAxVgE/B1f5rTtxj+PQRcN7Wa5UJLV4AhycaDKE44GM5Zb0jj6VG1/R8bL@vger.kernel.org X-Gm-Message-State: AOJu0YzoKSmOsFzW2cPrZJ5r/F9ctLUAVilwNlsxSBCgAqh50IP7JHdu aWNf3Z99L54Y7BV3A+LpV5GFRVJNbsVjaLDYI6KFZG6+R7RdbXrS X-Google-Smtp-Source: AGHT+IF2zGAUBIBaXz3X1zvbLv2DoqVWAuK2tyX4mIgaYAkA4p1rjVUF8Y9Cn80G6QcS+PeexU17lw== X-Received: by 2002:a05:6a00:3d0b:b0:71e:e4f:3e58 with SMTP id d2e1a72fcca58-720c998d909mr31610613b3a.17.1730984222858; Thu, 07 Nov 2024 04:57:02 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.56.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:02 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 3/9] net: ip: make ip_mc_validate_source() return drop reason Date: Thu, 7 Nov 2024 20:55:55 +0800 Message-Id: <20241107125601.1076814-4-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Make ip_mc_validate_source() return drop reason, and adjust the call of it in ip_route_input_mc(). Another caller of it is ip_rcv_finish_core->udp_v4_early_demux, and the errno is not checked in detail, so we don't do more adjustment for it. The drop reason "SKB_DROP_REASON_IP_LOCALNET" is added in this commit. Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 3 +++ include/net/route.h | 7 ++++--- net/ipv4/route.c | 35 +++++++++++++++++++---------------- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 62a60be1db84..a2a1fb90e0e5 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -78,6 +78,7 @@ FN(IP_INNOROUTES) \ FN(IP_LOCAL_SOURCE) \ FN(IP_INVALID_SOURCE) \ + FN(IP_LOCALNET) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -383,6 +384,8 @@ enum skb_drop_reason { * 2) source ip is zero and not IGMP */ SKB_DROP_REASON_IP_INVALID_SOURCE, + /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ + SKB_DROP_REASON_IP_LOCALNET, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/include/net/route.h b/include/net/route.h index 586e59f7ed8a..a828a17a6313 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -199,9 +199,10 @@ static inline struct rtable *ip_route_output_gre(struct net *net, struct flowi4 return ip_route_output_key(net, fl4); } -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct in_device *in_dev, u32 *itag); +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ccbaf6207299..566acd08aedf 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1665,34 +1665,37 @@ struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt) EXPORT_SYMBOL(rt_dst_clone); /* called in rcu_read_lock() section */ -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct in_device *in_dev, u32 *itag) +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct in_device *in_dev, u32 *itag) { enum skb_drop_reason reason; /* Primary sanity checks. */ if (!in_dev) - return -EINVAL; + return SKB_DROP_REASON_NOT_SPECIFIED; - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) || - skb->protocol != htons(ETH_P_IP)) - return -EINVAL; + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + return SKB_DROP_REASON_IP_INVALID_SOURCE; + + if (skb->protocol != htons(ETH_P_IP)) + return SKB_DROP_REASON_INVALID_PROTO; if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev)) - return -EINVAL; + return SKB_DROP_REASON_IP_LOCALNET; if (ipv4_is_zeronet(saddr)) { if (!ipv4_is_local_multicast(daddr) && ip_hdr(skb)->protocol != IPPROTO_IGMP) - return -EINVAL; + return SKB_DROP_REASON_IP_INVALID_SOURCE; } else { reason = fib_validate_source_reason(skb, saddr, 0, dscp, 0, dev, in_dev, itag); if (reason) - return -EINVAL; + return reason; } - return 0; + return SKB_NOT_DROPPED_YET; } /* called in rcu_read_lock() section */ @@ -1702,14 +1705,14 @@ ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; + enum skb_drop_reason reason; struct rtable *rth; u32 itag = 0; - int err; - err = ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, - &itag); - if (err) - return SKB_DROP_REASON_NOT_SPECIFIED; + reason = ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, + &itag); + if (reason) + return reason; if (our) flags |= RTCF_LOCAL; From patchwork Thu Nov 7 12:55:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866391 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 797222144A6; Thu, 7 Nov 2024 12:57:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.193 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984233; cv=none; b=KMqS8whJ8y0HcnBN1snPkzrD1hm4hO/b3yHcsY8EyLVqPcZrnrsIHWBGwtHcgHgkdttNW+4CTcOr2I+LFCDxwsHdVrEMrsH1lsOAkcTX7f+Z+NJ1palzWbajjh2RBoDihMh/HhnkuAt4mhYgecGHeRKiRrRacoJMqutbrgraozY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984233; c=relaxed/simple; bh=LAqzk3ZeLSZRqj1ByixV8/2cQzVAafDYcEAPajrW45Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=d7aVV2lJDgPiBQYNpNy9YC4xNwGheBystNqWjIV9vNWnwg2n49x8N+w8ZYbPoV3JZLqQOhX1nc9VQ30sWv3d8QaRPYm2PqIRu2FT+/M7IAN6x3dGYo7B+yu/clmu37CgcpoZCnbcD1D6Mp0Hn4+zv54gtS3EeYRz5G71qT6jaBA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZYCNnSe0; arc=none smtp.client-ip=209.85.215.193 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZYCNnSe0" Received: by mail-pg1-f193.google.com with SMTP id 41be03b00d2f7-7f3f1849849so700989a12.1; Thu, 07 Nov 2024 04:57:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984231; x=1731589031; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O9fMwGGcbp4z4vwxeeXuhogVmcPVJ1v4SFojuZQbris=; b=ZYCNnSe0JPuBXo8pc//2wZ9moX8/YsZ4hpqN0I8wVt+mAok4ByIFN/59TzzvaJfE/5 gwhSbjZrCetdvOMXc7ES9DR1JBbRAo7VxGMnCDjq2zvBfjSMwtAA3q7UfMUfW/k55dfA BpgN/S9SAchzE/GAc7r4ga/mnQwwts4cgBt4jyVcuIwRzFjEFDhjYgDt2n5L+5Qb12As ZUqU5Za7bnc+IaBzmdcAi9ZG+9fhZ1zUjTy4pHiwW/s/S5SL69tOJvySDOWW8CmXfeaF uZkq39wwOxlchX5aE3/Xtc0VAwv0uUBE3+v3hFtTaGUV4I2W/5X/jLKfNU8IcG61axGJ nD4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984231; x=1731589031; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O9fMwGGcbp4z4vwxeeXuhogVmcPVJ1v4SFojuZQbris=; b=cxDuTF6ib9GTqsjZ3gNd6QMMqng5v2hXFIv8ogUiOjsNDm2n6VEDMxkJkK3UFr5733 4oL4FVh3DZdctYdeBKcU6JeP2rqPTZJcfFPMWm+SSZCfFEldiZZEwNPwaayne5MIpbXo IqfI/8bsWb05HRfpoJm3c221sP2m0sbL9NfAoB/AxJP/HRr8HocTZSkZCsuefe+bW9N/ yjfV6CVLiyQ2v4OPosF5aQsTNw1nOhoAjukJjSEUMoxJ8gaepqdlVbZ6PwkcoE1HnqBM 1RRtsUWOtwLn3Y9dgqFQxP7yKPmJtUiIO5HqbGk0GfPTy3Sc3RgjilieGiZzOFrOQZP0 HkeA== X-Forwarded-Encrypted: i=1; AJvYcCVeDUMSj8YKopByYkLqq5naroyjTIwlswfwSuXCP19TDv/VK/9+ziGlLTzlAcz7tsHiriSdebZw@vger.kernel.org, AJvYcCW9OcBTXJB8qwVkA09ORpr++QSCBlgHBPcs/M/ihOz7rD7pPjjQTyUvjsV7k8i9am4tuko=@vger.kernel.org, AJvYcCWU4eeJcCX/HSQwTCvY3WUuRR0hb9plA7BuZLqHPhU5nwAPnm+V7HzeplyN0PTQpuBT70nF/iDrfreqQnVGNxnX@vger.kernel.org, AJvYcCWs7qxuOh3fmvf1xzqu55WI4ZyrCXqHmxUvGEVicdIIrwiP8nS4HFJ203W0JGwMi10YvdoN2DD2MvMDQ4Iy@vger.kernel.org X-Gm-Message-State: AOJu0Yz9+60e5RNVmLH0pooc9daZhDIX2BW3l3GjSNTmpeLyxhLTFYjA ylIeXyEsYTjViyBw5d46MyygKFKaNPp+ZjjDcxi6cUj4+5+3noVe X-Google-Smtp-Source: AGHT+IG+QOHt0ycOAwDcbC8TJ8OplkTJg1hkCdA4fgS8r4ZISfqNi0rcD93EkYDnOCy7nljxHuRf4Q== X-Received: by 2002:a05:6a21:3384:b0:1db:dcc6:dd39 with SMTP id adf61e73a8af0-1dc17a82fb1mr1314337637.26.1730984230627; Thu, 07 Nov 2024 04:57:10 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.57.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:10 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 4/9] net: ip: make ip_route_input_slow() return drop reasons Date: Thu, 7 Nov 2024 20:55:56 +0800 Message-Id: <20241107125601.1076814-5-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_slow() return skb drop reasons, and following new skb drop reasons are added: SKB_DROP_REASON_IP_INVALID_DEST The only caller of ip_route_input_slow() is ip_route_input_rcu(), and we adjust it by making it return -EINVAL on error. Signed-off-by: Menglong Dong --- v4: - use indentation after the out label --- include/net/dropreason-core.h | 6 ++++ net/ipv4/route.c | 56 ++++++++++++++++++++++------------- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index a2a1fb90e0e5..74624d369d48 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -79,6 +79,7 @@ FN(IP_LOCAL_SOURCE) \ FN(IP_INVALID_SOURCE) \ FN(IP_LOCALNET) \ + FN(IP_INVALID_DEST) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -386,6 +387,11 @@ enum skb_drop_reason { SKB_DROP_REASON_IP_INVALID_SOURCE, /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ SKB_DROP_REASON_IP_LOCALNET, + /** + * @SKB_DROP_REASON_IP_INVALID_DEST: the dest ip is invalid: + * 1) dest ip is 0 + */ + SKB_DROP_REASON_IP_INVALID_DEST, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 566acd08aedf..1c4727504909 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2204,9 +2204,10 @@ static struct net_device *ip_rt_get_dev(struct net *net, * called with rcu_read_lock() */ -static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct fib_result *res) +static enum skb_drop_reason +ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); @@ -2236,8 +2237,10 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, fl4.flowi4_tun_key.tun_id = 0; skb_dst_drop(skb); - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } res->fi = NULL; res->table = NULL; @@ -2247,21 +2250,29 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, /* Accept zero addresses only to limited broadcast; * I even do not know to fix it or not. Waiting for complains :-) */ - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } - if (ipv4_is_zeronet(daddr)) + if (ipv4_is_zeronet(daddr)) { + reason = SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(), * and call it once if daddr or/and saddr are loopback addresses */ if (ipv4_is_loopback(daddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_destination; + } } else if (ipv4_is_loopback(saddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } } /* @@ -2316,19 +2327,26 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, err = -EHOSTUNREACH; goto no_route; } - if (res->type != RTN_UNICAST) + if (res->type != RTN_UNICAST) { + reason = SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } make_route: err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, flkeys); -out: return err; + if (!err) + reason = SKB_NOT_DROPPED_YET; + +out: + return reason; brd_input: - if (skb->protocol != htons(ETH_P_IP)) - goto e_inval; + if (skb->protocol != htons(ETH_P_IP)) { + reason = SKB_DROP_REASON_INVALID_PROTO; + goto out; + } if (!ipv4_is_zeronet(saddr)) { - err = -EINVAL; reason = fib_validate_source_reason(skb, saddr, 0, dscp, 0, dev, in_dev, &itag); if (reason) @@ -2349,7 +2367,7 @@ out: return err; rth = rcu_dereference(nhc->nhc_rth_input); if (rt_cache_valid(rth)) { skb_dst_set_noref(skb, &rth->dst); - err = 0; + reason = SKB_NOT_DROPPED_YET; goto out; } } @@ -2386,7 +2404,7 @@ out: return err; rt_add_uncached_list(rth); } skb_dst_set(skb, &rth->dst); - err = 0; + reason = SKB_NOT_DROPPED_YET; goto out; no_route: @@ -2407,12 +2425,8 @@ out: return err; &daddr, &saddr, dev->name); #endif -e_inval: - err = -EINVAL; - goto out; - e_nobufs: - err = -ENOBUFS; + reason = SKB_DROP_REASON_NOMEM; goto out; martian_source: @@ -2469,7 +2483,7 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, return reason ? -EINVAL : 0; } - return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); + return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res) ? -EINVAL : 0; } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, From patchwork Thu Nov 7 12:55:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866392 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com [209.85.215.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B02E9215C46; Thu, 7 Nov 2024 12:57:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984241; cv=none; b=DtW07a+Cdo5oB4HR/6BZgdnpsJ7HZgtIAWnWW3wUewPboRJwL6Pd5uKx6T7uzRvabc98ijNAa8tt1ZLURJG/ufWEv53zeD8/5HJKS2XgSTKygkxxCcSSjHtjsz6THkZJ/VqsUg9vxM/5C5ngLHKM/DEanIW6O40omOnLIh1jx3U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984241; c=relaxed/simple; bh=A/n+tA2LV99QwIElK+AO6/wgstFiziRfCh0zEBgGADk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IZJe2OD2igKX65ip3qAqdavp/49kbQyxfiVu14iRAoNIlx1Kg4sszKfA6KMEDbKyeAMgXfDLPqjeRlp7NaMcjsIjxIMaUOz0SJPXrkk5ZOroqVAPOXzYzmOEFcKrhzOhSnVq4hBa87PI/L1cpc7YNPvSmgyDNdXugYWxLQHMvF4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mwJvvdyG; arc=none smtp.client-ip=209.85.215.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mwJvvdyG" Received: by mail-pg1-f196.google.com with SMTP id 41be03b00d2f7-7eda47b7343so676723a12.0; Thu, 07 Nov 2024 04:57:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984238; x=1731589038; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VsqFsNdo4NVKbN05C2RYi/RSEJVp+Ni3JWGZTDWcFI8=; b=mwJvvdyGdNFoYQZYHaoQ1e35WLm9wf2LZ9gXAhH/lx4rI2OoLTsc9dCi+M5nmvpE4V o5Wbjz/S5vvCUnqcQ0GE+Qc/DOZJwNJtLhBHwAi8yNjTY51fIifq5kolz8YVKDSbUv0H h/mtYX8RpRGgGlZ+PwqwlE3DWrYh1/acJdmLmK6MS/+Dum5hfhU+NKwMYLJYCpXMpHMC rM7OtdApnglYZRtE6fQ2txC2v/ZkqO8GQCnoFu79HIq9LPNAKEo8AmuNDoG4iumEc7TV HjifRpREGiiZjBxhLR6cMb2WQM6eJAjFAS4M7OXtdSy+t163cGYDhkig37VQFy41iNah GcYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984238; x=1731589038; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VsqFsNdo4NVKbN05C2RYi/RSEJVp+Ni3JWGZTDWcFI8=; b=t+WlS3h5OcJ5MCMZVlpd2fp4u5xKqp6MdfaW/SKuL9AwJSdHYqwOb/27vYi5ZD6cfj FBRsV8xprhp6Q4Er4JbgWPCHbba0sR3tLGuUeMQWhQFTS8EJsSKczXZVMvk/0KvvrpwP my02ttNm8AgNvM/E3wzH3gGrHXdERsMnGkELsS9s2SyQSNQb45F/TTWjesmVRaf+vbEV NJmUeiPNC/+wngUhbys9ft08jMtOI/PXR57J9uHtQa3GrlJv9T2rr8XkH6Wkpj7e9uMU c+uuFrxKakg3V8jrXXCM/FO1lYO7WnH5t8w0HWLok7HLOwTvipOWX9ReS9hwJSLM9yEF zVmA== X-Forwarded-Encrypted: i=1; AJvYcCU35v6Q9Ho9s0CiCljr7L27GmL1shMdop2LQhAowPPAHyHgJ3J/QC9iVdyPAPMIHZbXV48mcOht@vger.kernel.org, AJvYcCU4UsvURRJ+YY0+6eqCddaUzp9+wmCzq4lpGh7sGsIvRU3QR6jGcOSfI0sx9NX6R5qIS6M=@vger.kernel.org, AJvYcCUNnJpClVS7i3kl1y3miofSn6b9FKDSKKNinxdw8bQ1TWi/kvHcFqNdUlcHS4CbHNSunyzN/vr+UxEyREZl@vger.kernel.org, AJvYcCXkRwM78xm6g5HdUFMbSUZi68CzsuGqtFu89Jj/J30oooG3NazQd1QMg4mpfftdBtCOTI/aujTk0ZJONALw7muL@vger.kernel.org X-Gm-Message-State: AOJu0YxmsPqa1DMfOUhAGJ/vVr8UG6iB77PVGpEyOAQNb+8dUSVM1Xux 0vxu96HRGb77zz4hTM0XQRkNCjvyytyYYG2AI8LcHsU5feTXZ7YC X-Google-Smtp-Source: AGHT+IEM0orGjnsXZ39bCCPI3eXWNBAkK3qH9tMOnfcMoHpor7kACaDKwRqanDDKMEb4STUHWrZx4Q== X-Received: by 2002:a05:6a20:b925:b0:1d9:6a6b:faf4 with SMTP id adf61e73a8af0-1d9a83d6639mr43154191637.15.1730984238019; Thu, 07 Nov 2024 04:57:18 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.57.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:17 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 5/9] net: ip: make ip_route_input_rcu() return drop reasons Date: Thu, 7 Nov 2024 20:55:57 +0800 Message-Id: <20241107125601.1076814-6-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_rcu() return drop reasons, which come from ip_route_input_mc() and ip_route_input_slow(). The only caller of ip_route_input_rcu() is ip_route_input_noref(). We adjust it by making it return -EINVAL on error and ignore the reasons that ip_route_input_rcu() returns. In the following patch, we will make ip_route_input_noref() returns the drop reasons. Signed-off-by: Menglong Dong --- v4: - collapse the 2 lines that we modify in inet_rtm_getroute() --- net/ipv4/route.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 1c4727504909..1926a8a1a83a 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2435,9 +2435,10 @@ ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, } /* called with rcu_read_lock held */ -static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct fib_result *res) +static enum skb_drop_reason +ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { /* Multicast recognition logic is moved from route cache to here. * The problem was that too many Ethernet cards have broken/missing @@ -2480,23 +2481,23 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, reason = ip_route_input_mc(skb, daddr, saddr, dscp, dev, our); } - return reason ? -EINVAL : 0; + return reason; } - return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res) ? -EINVAL : 0; + return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev) { + enum skb_drop_reason reason; struct fib_result res; - int err; rcu_read_lock(); - err = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); + reason = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); - return err; + return reason ? -EINVAL : 0; } EXPORT_SYMBOL(ip_route_input_noref); @@ -3308,7 +3309,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, skb->mark = mark; err = ip_route_input_rcu(skb, dst, src, inet_dsfield_to_dscp(rtm->rtm_tos), - dev, &res); + dev, &res) ? -EINVAL : 0; rt = skb_rtable(skb); if (err == 0 && rt->dst.error) From patchwork Thu Nov 7 12:55:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866393 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 492682161E0; Thu, 7 Nov 2024 12:57:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984246; cv=none; b=hj0hX3OuddF/eh+ujnbekhfG5ePkjghbgscUNq73RFRyJipZBwqAaY1zI4a9QHc4iYfDYpzK8a0B9SZgrxmUVR7qN19lV6AShmfXWn9iXrS43a+63njp3ZIZ1RLr/I6qNN7p4o0iFL55hmx7bQHFn4teRR0+N/dKFlXEm3zevEk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984246; c=relaxed/simple; bh=AzPTQheRHnGID2X5Qc1c3SAFD2DAdxHcXKCfAmPhexI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QUytR1sSvyXsTq6ie5hftSsS3/lWiLkXjnjUd9Uz88CTMbxzCDtSOpOsAArWvvRG2ysqrjT/5F+47FSDh5UMJyeDZvcPX20Ab9RhuPc6+Lgr0kHbvob4DTaEm6krF2bjYrcE/4YWDOI4S8p1X4ZhCXsfvvIEFFvrmZeCQyA3xZk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NYgIPsjD; arc=none smtp.client-ip=209.85.210.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NYgIPsjD" Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-71e953f4e7cso662787b3a.3; Thu, 07 Nov 2024 04:57:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984244; x=1731589044; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rp/nxzIF5mrvbeuLb6xwFDuD/3J2mYKGgGC5M8ByCE8=; b=NYgIPsjDcDGWhxYi6P6yrBJq180LPwpad7qF/5PkNm+XZkh5C/LFMTP5wu1RfZcJI8 QlV7ZreR/uYFNJO8aJJ9oFTXp/KJEQWr/+cCozkz3kRBPMZK7wIXcHOw93I+4ddX+mvP xA04xWTLNyutBDWOR8zlCfO/c++FyA0XY0rwUc0l30dO7dhuJPXpdeOPa9RhufEF7LLZ zk1TjrIWXwUVSkWUM0JkmHAHoCevkh6h7SWhhbXzv96nBNLEVbv78zbIAv77/0xXbM3H uaQ/VRTrDpqJJBaCrVrh8/un6isuIcIzkWJa74bmRCYwRtWTBRnBz0ieQT5CIm8zYnXK CjBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984244; x=1731589044; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rp/nxzIF5mrvbeuLb6xwFDuD/3J2mYKGgGC5M8ByCE8=; b=rFtdPZjWbCgQKAodt2eVbBUWzMNlWpfrL9lot+dqEaVZq/xygATLqgDgwZGvsgInl4 /e/QcfYlAAk/F7/gdMxRmnUDoFctzPKq+nXcBC1t2yyT2Y/oI6HEkaPmodbZysseeo/s YNcQEGYDHYAK2Dq0rnCpSyZhFzC5wS8k9WoDg/2gWycGK+PSd6NIwzTPb3+npeGE9tfs PB3IqApSzOO8XbEVqPetkxq3wJ3bwklJkieDQvh5M6gMLyMUUUs4WMVjGRxvaGcfvr08 fhHFWTDppCX+sKpPLbY1GHI76qoQ8+z82IyFH2j6jowmjkcNLB5IJ43PZuj06beDwfsy SDPA== X-Forwarded-Encrypted: i=1; AJvYcCU/V+VkX/bi851zlmfgvLfkiT1p7KrOEGluI5nZBiGvCmmhMBwGC+ebS61ky1e0o6aop8eK+IV6@vger.kernel.org, AJvYcCUcAUd7P/0WKg+bE8K95n6g/emneo4DVF492pPBFUKIMIOSmuB9+Jsrn5ZQk94RsYD0rnM=@vger.kernel.org, AJvYcCVLUxaajV0ZOmVBDA+AD0ZbOQlnZo/CgMPVhLOH66wEMjM0j2vpqj9p+ZuCTiF0xLlwwHatODy+WYbMZxMUv//D@vger.kernel.org, AJvYcCWUTBMYYWpt3X+RB5TpmDQdZ/R0oIH2Rxf1BtpScfctft2KJBmPHES4U20w3wIrUmLfZ92EWBQy3+u1VjX0@vger.kernel.org X-Gm-Message-State: AOJu0Yzur6SqZMQkvAzkkz63sU06aXE78Vd74schanmqktyAZxJQQUUN mZDZjgb9TjraBrf6kr4BSuRLGDY5w5NNZQ/4FG99x+wgKh/GWxwK X-Google-Smtp-Source: AGHT+IGvQWsp2b9BeJixZrZUic2hwe5Ix/dR3FT5oeBUy72rHMjXsnL+6qxfDFfM3mnKmw02UNS1+Q== X-Received: by 2002:a05:6a00:174b:b0:71e:19a:c48b with SMTP id d2e1a72fcca58-720c99915bamr29597108b3a.22.1730984244436; Thu, 07 Nov 2024 04:57:24 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.57.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:24 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 6/9] net: ip: make ip_route_input_noref() return drop reasons Date: Thu, 7 Nov 2024 20:55:58 +0800 Message-Id: <20241107125601.1076814-7-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input_noref() return drop reasons, which come from ip_route_input_rcu(). We need adjust the callers of ip_route_input_noref() to make sure the return value of ip_route_input_noref() is used properly. The errno that ip_route_input_noref() returns comes from ip_route_input and bpf_lwt_input_reroute in the origin logic, and we make them return -EINVAL on error instead. In the following patch, we will make ip_route_input() returns drop reasons too. Signed-off-by: Menglong Dong --- v5: - remove the unneeded "else" in ip_expire() v4: - introduce the variable "reason" in bpf_lwt_input_reroute() to make things clear --- include/net/route.h | 15 ++++++++------- net/core/lwt_bpf.c | 6 ++++-- net/ipv4/ip_fragment.c | 11 ++++++----- net/ipv4/ip_input.c | 7 ++++--- net/ipv4/route.c | 7 ++++--- 5 files changed, 26 insertions(+), 20 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index a828a17a6313..11674f7c6be6 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -203,8 +203,9 @@ enum skb_drop_reason ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, struct in_device *in_dev, u32 *itag); -int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev); +enum skb_drop_reason +ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev); int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, const struct sk_buff *hint); @@ -212,18 +213,18 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, struct net_device *devin) { - int err; + enum skb_drop_reason reason; rcu_read_lock(); - err = ip_route_input_noref(skb, dst, src, dscp, devin); - if (!err) { + reason = ip_route_input_noref(skb, dst, src, dscp, devin); + if (!reason) { skb_dst_force(skb); if (!skb_dst(skb)) - err = -EINVAL; + reason = SKB_DROP_REASON_NOT_SPECIFIED; } rcu_read_unlock(); - return err; + return reason ? -EINVAL : 0; } void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, int oif, diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c index e0ca24a58810..8a78bff53b2c 100644 --- a/net/core/lwt_bpf.c +++ b/net/core/lwt_bpf.c @@ -88,6 +88,7 @@ static int run_lwt_bpf(struct sk_buff *skb, struct bpf_lwt_prog *lwt, static int bpf_lwt_input_reroute(struct sk_buff *skb) { + enum skb_drop_reason reason; int err = -EINVAL; if (skb->protocol == htons(ETH_P_IP)) { @@ -96,8 +97,9 @@ static int bpf_lwt_input_reroute(struct sk_buff *skb) dev_hold(dev); skb_dst_drop(skb); - err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); + reason = ip_route_input_noref(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + err = reason ? -EINVAL : 0; dev_put(dev); } else if (skb->protocol == htons(ETH_P_IPV6)) { skb_dst_drop(skb); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 48e2810f1f27..07036a2943c1 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -132,12 +132,12 @@ static bool frag_expire_skip_icmp(u32 user) */ static void ip_expire(struct timer_list *t) { + enum skb_drop_reason reason = SKB_DROP_REASON_FRAG_REASM_TIMEOUT; struct inet_frag_queue *frag = from_timer(frag, t, timer); const struct iphdr *iph; struct sk_buff *head = NULL; struct net *net; struct ipq *qp; - int err; qp = container_of(frag, struct ipq, q); net = qp->q.fqdir->net; @@ -175,14 +175,15 @@ static void ip_expire(struct timer_list *t) /* skb has no dst, perform route lookup again */ iph = ip_hdr(head); - err = ip_route_input_noref(head, iph->daddr, iph->saddr, ip4h_dscp(iph), - head->dev); - if (err) + reason = ip_route_input_noref(head, iph->daddr, iph->saddr, + ip4h_dscp(iph), head->dev); + if (reason) goto out; /* Only an end host needs to send an ICMP * "Fragment Reassembly Timeout" message, per RFC792. */ + reason = SKB_DROP_REASON_FRAG_REASM_TIMEOUT; if (frag_expire_skip_icmp(qp->q.key.v4.user) && (skb_rtable(head)->rt_type != RTN_LOCAL)) goto out; @@ -195,7 +196,7 @@ static void ip_expire(struct timer_list *t) spin_unlock(&qp->q.lock); out_rcu_unlock: rcu_read_unlock(); - kfree_skb_reason(head, SKB_DROP_REASON_FRAG_REASM_TIMEOUT); + kfree_skb_reason(head, reason); ipq_put(qp); } diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index c40a26972884..513eb0c6435a 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -362,10 +362,11 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, * how the packet travels inside Linux networking. */ if (!skb_valid_dst(skb)) { - err = ip_route_input_noref(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); - if (unlikely(err)) + drop_reason = ip_route_input_noref(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + if (unlikely(drop_reason)) goto drop_error; + drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; } else { struct in_device *in_dev = __in_dev_get_rcu(dev); diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 1926a8a1a83a..ce1201dbf464 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2487,8 +2487,9 @@ ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); } -int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev) +enum skb_drop_reason ip_route_input_noref(struct sk_buff *skb, __be32 daddr, + __be32 saddr, dscp_t dscp, + struct net_device *dev) { enum skb_drop_reason reason; struct fib_result res; @@ -2497,7 +2498,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, reason = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); - return reason ? -EINVAL : 0; + return reason; } EXPORT_SYMBOL(ip_route_input_noref); From patchwork Thu Nov 7 12:55:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866394 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0453B216A0A; Thu, 7 Nov 2024 12:57:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984256; cv=none; b=b1Z7mmePQd/t8tfHCjtureARUtNhv059e/LIKSSaoY8VzfJLq6MmpDQcBYLj4kKUEAH8azfSKsEQghg3vJMoaX1I0XeaM67kRMiAUold19izeUFb6veBvm6Pv8EXygJyoMJ+RT2gEpgiICmP2GZWpLTijqRyQ2j5tKWFW5eWn7M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984256; c=relaxed/simple; bh=Dxf+YjSfF9s66wnRYYKzNGRdTBF+f3o1p3CcPZ9IKMU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=hSwpKgEehzXmirD+FYa+btskJpS9MegrWKczWAUhe32Y5iNzXPnxN+UdMvvDZbf8hFvJcY0+ZOmwDKFptcWF7latkbI0y9kZrC1RRHYejI06ARCzsaLBTT22ZLg3xzIzjlnaryOjacLHKfL5UVyEsvzuwRi4O4ZyrsRyr7KTxj8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dQ8QmTrM; arc=none smtp.client-ip=209.85.210.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dQ8QmTrM" Received: by mail-pf1-f196.google.com with SMTP id d2e1a72fcca58-71e52582cf8so657850b3a.2; Thu, 07 Nov 2024 04:57:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984253; x=1731589053; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nHha3jxrqpGXunHNpntG6RFQwcyCzV6dVXG5YPCOYY8=; b=dQ8QmTrMliQVB56GsFOXNMJuFj5qtU4hwOjb9lDlcPv7JnvU5/whbhSRz5bDYf3/dk FT/6kOkryG6fDq4xYi5vGxI66Oo02nEfucuwN02TmwChR1MD6gLpifEegXPi8wbYfg+T l61ebgK7wX5Mg1egZmNohEjOfCj28l39Pmi2datTJ0F+2JYUoHv0pm62jT0bsmlKGNG9 4C4LM7hv9wZ5rEgMLTHF0FDGTMqWh3RgpWDa8jIwdD/3mGkFaR9tSzPoSGsxmt1nTnU9 HYZRxWOm1DMoEJPOvmaqTLJpYdkMjHxi7Bw8+o1EvYOEg7TXolI+rfRmQy5MPt4EjX8N ZSGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984253; x=1731589053; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nHha3jxrqpGXunHNpntG6RFQwcyCzV6dVXG5YPCOYY8=; b=mK0iDt6ncubg3De1RbDGVRRPN9nl38Y2Y+V8ln0Cfimm0+taAQoNQhT8OksRaNxob2 RkD6V/Vd5f5S2R2zoRBTduQCzA2QY/n1z7BepMqKK0ovj4OnJrdndhhMrkzlh+wnrW0W XRw/KiaiBgd9AuOwUXxLlfMiwM0F0QBISlLlt7MtfQi54X0UPmInGCso78CoWBejEP35 tQbHyDir9g+El8YyMz/RPpIkmU0yKH+jxgGrPsOnVX9sWTbAntjHzzkwMD16Gy0N25qL s2filzQrVCfco4EB3g5Z0Y1QzdLJqI5FpYQmrO2In4j5640AbcWT7pujMM9HbZmg479v GSvA== X-Forwarded-Encrypted: i=1; AJvYcCVKLeBZJtin/EgdXWo0jv3OQxyE2r4+GJC/j0Y+OLh5ZTcv07UO6lZFTd+nPxh8p1Jw8kwG31Xn3EqIxFm5@vger.kernel.org, AJvYcCWOINosrENTHdtcxw3grJlIlfqtlMTUd1gx6sSilcpSsHh9SxTBpYaAYVSs/tvFQr4Tnn8dqtTN+qp5grKggCV6@vger.kernel.org, AJvYcCX5b+aRbCiYqbV9Kd/nchC0H+BwkL6MDcJGhBkTj/AoeEGF6ZTLjHN82zZwOYq/V/fWbtie8msx@vger.kernel.org, AJvYcCXELhaW2OVjNQQno69R2pwakkY3W+mSEW2k4blf+GyUedhrXrhk9eYwCtPQIDw+oeKjQTA=@vger.kernel.org X-Gm-Message-State: AOJu0YxFVug2WiZQXH+VUZYBdsar5gnLxxiZ/jzhb6WIe+e65HdqCt/I vHEpiaIRlP8gBxeH1AGDfmPk2PabwbkHpnKwoVqg1wJm3ZSKBR3t X-Google-Smtp-Source: AGHT+IE3eEOgJ1qWU18w+8ZWk4W8v2UIMOmASaaI5mv+vDl7yedq5Q1v/jaYiqKiIcGj1dcxqIst6Q== X-Received: by 2002:aa7:88c6:0:b0:71e:104d:62fe with SMTP id d2e1a72fcca58-720c99b80b2mr33334379b3a.20.1730984253181; Thu, 07 Nov 2024 04:57:33 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.57.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:32 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 7/9] net: ip: make ip_route_input() return drop reasons Date: Thu, 7 Nov 2024 20:55:59 +0800 Message-Id: <20241107125601.1076814-8-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_input() return skb drop reasons that come from ip_route_input_noref(). Meanwhile, adjust all the call to it. Signed-off-by: Menglong Dong --- v4: - replace the variable "err" with "reason" for the return value of ip_route_input() --- include/net/route.h | 7 ++++--- net/bridge/br_netfilter_hooks.c | 11 ++++++----- net/ipv4/icmp.c | 2 +- net/ipv4/ip_options.c | 2 +- net/ipv6/seg6_local.c | 14 +++++++------- 5 files changed, 19 insertions(+), 17 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index 11674f7c6be6..f4ab5412c9c9 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -210,8 +210,9 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, const struct sk_buff *hint); -static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, - dscp_t dscp, struct net_device *devin) +static inline enum skb_drop_reason +ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, + struct net_device *devin) { enum skb_drop_reason reason; @@ -224,7 +225,7 @@ static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, } rcu_read_unlock(); - return reason ? -EINVAL : 0; + return reason; } void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, int oif, diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 17a5f5923d61..110cffc24a1d 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -373,8 +373,8 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); struct net_device *dev = skb->dev, *br_indev; const struct iphdr *iph = ip_hdr(skb); + enum skb_drop_reason reason; struct rtable *rt; - int err; br_indev = nf_bridge_get_physindev(skb, net); if (!br_indev) { @@ -390,9 +390,9 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ } nf_bridge->in_prerouting = 0; if (br_nf_ipv4_daddr_was_changed(skb, nf_bridge)) { - err = ip_route_input(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); - if (err) { + reason = ip_route_input(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + if (reason) { struct in_device *in_dev = __in_dev_get_rcu(dev); /* If err equals -EHOSTUNREACH the error is due to a @@ -402,7 +402,8 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ * martian destinations: loopback destinations and destination * 0.0.0.0. In both cases the packet will be dropped because the * destination is the loopback device and not the bridge. */ - if (err != -EHOSTUNREACH || !in_dev || IN_DEV_FORWARD(in_dev)) + if (reason != SKB_DROP_REASON_IP_INADDRERRORS || !in_dev || + IN_DEV_FORWARD(in_dev)) goto free_skb; rt = ip_route_output(net, iph->daddr, 0, diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 33eec844a5a0..4f088fa1c2f2 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -545,7 +545,7 @@ static struct rtable *icmp_route_lookup(struct net *net, struct flowi4 *fl4, orefdst = skb_in->_skb_refdst; /* save old refdst */ skb_dst_set(skb_in, NULL); err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr, - dscp, rt2->dst.dev); + dscp, rt2->dst.dev) ? -EINVAL : 0; dst_release(&rt2->dst); rt2 = skb_rtable(skb_in); diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 81e86e5defee..e3321932bec0 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c @@ -618,7 +618,7 @@ int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev) orefdst = skb->_skb_refdst; skb_dst_set(skb, NULL); err = ip_route_input(skb, nexthop, iph->saddr, ip4h_dscp(iph), - dev); + dev) ? -EINVAL : 0; rt2 = skb_rtable(skb); if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) { skb_dst_drop(skb); diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index c74705ead984..ac1dbd492c22 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -954,10 +954,10 @@ static int input_action_end_dx4_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { struct dst_entry *orig_dst = skb_dst(skb); + enum skb_drop_reason reason; struct seg6_local_lwt *slwt; struct iphdr *iph; __be32 nhaddr; - int err; slwt = seg6_local_lwtunnel(orig_dst->lwtstate); @@ -967,9 +967,9 @@ static int input_action_end_dx4_finish(struct net *net, struct sock *sk, skb_dst_drop(skb); - err = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev); - if (err) { - kfree_skb(skb); + reason = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev); + if (reason) { + kfree_skb_reason(skb, reason); return -EINVAL; } @@ -1174,8 +1174,8 @@ static struct sk_buff *end_dt_vrf_core(struct sk_buff *skb, static int input_action_end_dt4(struct sk_buff *skb, struct seg6_local_lwt *slwt) { + enum skb_drop_reason reason; struct iphdr *iph; - int err; if (!decap_and_validate(skb, IPPROTO_IPIP)) goto drop; @@ -1193,8 +1193,8 @@ static int input_action_end_dt4(struct sk_buff *skb, iph = ip_hdr(skb); - err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev); - if (unlikely(err)) + reason = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev); + if (unlikely(reason)) goto drop; return dst_input(skb); From patchwork Thu Nov 7 12:56:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866395 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F0B3216A3D; Thu, 7 Nov 2024 12:57:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984263; cv=none; b=bZlsSJW/H/Ji5o7iq8qduTXvbQ4VajYlQP7i/2OsdVjXpV23L45H0U2O6C9TB6cVVBCHn0hJXjUKeMF/p5trHQAA7ikpBOMf9DVnA3PDReCN9Z0hueCHu6zOXGS0K09WxRDYJxopmBvjVeHpWo3ZmXouAom989xQTP0RlksPMJU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984263; c=relaxed/simple; bh=XS2m++Sgf3ghY+FnwaWLEeDYZlpTGeMq5gxC//6ynBs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=P0DZIU2xZNHp1LEBVCz8VyTZ8eIuHk1dJ1wMrYkLYcdVzEp+TtKHwZ3/Zb32bthS3ksvzKMfI3Lf96KDexbQc1P72jMAv6It22j1/aoYce4ZC4MUhhFEQsGji/jdFNB7WiiXoZnrriv+r5w/GcLFF8YIhuwaU1r3xpAWIlpiH8k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=khMipVli; arc=none smtp.client-ip=209.85.215.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="khMipVli" Received: by mail-pg1-f195.google.com with SMTP id 41be03b00d2f7-7f3f1849849so701325a12.1; Thu, 07 Nov 2024 04:57:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984261; x=1731589061; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ejigKO8ihJK0woNi79sU/LHHXIyrY4qa7/hgbBk06OE=; b=khMipVliOSQrcR43+GtWS/5/C4nuCz/Hw1u2JwVZHWKYL7zHGNuTRwFOJfGwxASjxm u/XLXIL86jJM1r9Hppj0TSzW0Az45KMIuih8qMDWUo8y4iK9n3Bb6VrJJs+9OJBhqR+V oD4C/D3DeR2qgBk2xFSaTMkN975GKl003cY2GRoubp7H3KBYhOIXtdQdBG9mmCICGooc ATQHlj9ZWlZlvqvRkt7iRwlKF4azIHaBXi39a9tSJgEjS8tdn05cBBOyocEoY1kebCP9 C0wLp96emJu29tkwdw7kNpYsKoYMPqkqF8WCeDNfcWYYzYi3lGl8jGkZADzZs6OEd3wJ Qk6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984261; x=1731589061; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ejigKO8ihJK0woNi79sU/LHHXIyrY4qa7/hgbBk06OE=; b=VzWnnCyiumozv79/LmcyqWO5gBgFWQfLt1417JqqlDvQLksAQZiDsMZz3X3NLGH7LY E8VVFLVsBu0w44+5Yd482NqknQZ2Kx9CEIwOik7GQydjta4PD04pk5D5JgrI42Ld8fnW iawKtmAPdb/3Mpy2ldFgv3/ppVZTExe7/WpG8Nm9pIUCrYQgeASQkCixqjJbVWBsJfqm xC+JKXRwleTxWdvJS16dMXnRd7c43gkYPWOIQgnGj0dPqEZKc3HzGGnFtrF81hgsW0aD iCeo/kh9tiFsdTwqXfmE6zR2u8bByFggz4JksxzUXrjbRnzElKFuYtMFAH/fzykpqJ+q MKgg== X-Forwarded-Encrypted: i=1; AJvYcCVkErgn7kb9FpPtZRhbByRnU+QaLQmsPprHKX1W3QiGI9KkriXlXHKNVKN/xMpzHGKOQwrloGKp@vger.kernel.org, AJvYcCWQhCkoDcf6bEbPIpxbcM5F7JY+c10jiEryBhjs7lUe4BG5sY1JV9ozArKu6d+upcDVCZQ=@vger.kernel.org, AJvYcCWiwFmHpO60EAt69IrbPBRU07T32XuYF7waAVvUDJU8Az4bP78BosHoU2qJhtZd+EDLqFbEdMJp+AGvdnkT@vger.kernel.org, AJvYcCXF8LCx1k9K27ifUc5kCPfm+Zjk07EuuRW2l5IgNXo9QS8/96UrRqYtZDXx/PLeafV0CaQwuS84mTUyDTSE+Pfv@vger.kernel.org X-Gm-Message-State: AOJu0Ywh5FC37MZ6KHcqjK7bsAPYEdQshwGixKGBKeo4jQ1xqniS+6Se 5EqmOIi13WujfUCuON2a+5cFzWh3hTccLxZir1gNUX/S+fyGiBQA X-Google-Smtp-Source: AGHT+IEU6zXbGJYonMbPl97a7r0f0+B1j6/MR40EUxdwoG8IsQ9GwfQX/JcxBrCjiLtl5vbF8FLzUQ== X-Received: by 2002:a05:6a20:a104:b0:1d9:d04:586d with SMTP id adf61e73a8af0-1dc17b5fa12mr1126789637.38.1730984261012; Thu, 07 Nov 2024 04:57:41 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.57.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:40 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 8/9] net: ip: make ip_mkroute_input/__mkroute_input return drop reasons Date: Thu, 7 Nov 2024 20:56:00 +0800 Message-Id: <20241107125601.1076814-9-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_mkroute_input() and __mkroute_input() return drop reasons. The drop reason "SKB_DROP_REASON_ARP_PVLAN_DISABLE" is introduced for the case: the packet which is not IP is forwarded to the in_dev, and the proxy_arp_pvlan is not enabled. Signed-off-by: Menglong Dong --- This name "SKB_DROP_REASON_ARP_PVLAN_DISABLE" is ugly, and I have not figured out a suitable name for this case yet :/ v5: - delete the unneeded comment in __mkroute_input() --- include/net/dropreason-core.h | 7 +++++++ net/ipv4/route.c | 34 ++++++++++++++++++---------------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 74624d369d48..6c5a1ea209a2 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -104,6 +104,7 @@ FN(IP_TUNNEL_ECN) \ FN(TUNNEL_TXINFO) \ FN(LOCAL_MAC) \ + FN(ARP_PVLAN_DISABLE) \ FNe(MAX) /** @@ -477,6 +478,12 @@ enum skb_drop_reason { * the MAC address of the local netdev. */ SKB_DROP_REASON_LOCAL_MAC, + /** + * @SKB_DROP_REASON_ARP_PVLAN_DISABLE: packet which is not IP is + * forwarded to the in_dev, and the proxy_arp_pvlan is not + * enabled. + */ + SKB_DROP_REASON_ARP_PVLAN_DISABLE, /** * @SKB_DROP_REASON_MAX: the maximum of core drop reasons, which * shouldn't be used as a real 'reason' - only for tracing code gen diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ce1201dbf464..5061a935ce62 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1769,10 +1769,12 @@ static void ip_handle_martian_source(struct net_device *dev, } /* called in rcu_read_lock() section */ -static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, - struct in_device *in_dev, __be32 daddr, - __be32 saddr, dscp_t dscp) +static enum skb_drop_reason +__mkroute_input(struct sk_buff *skb, const struct fib_result *res, + struct in_device *in_dev, __be32 daddr, + __be32 saddr, dscp_t dscp) { + enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct fib_nh_common *nhc = FIB_RES_NHC(*res); struct net_device *dev = nhc->nhc_dev; struct fib_nh_exception *fnhe; @@ -1786,13 +1788,13 @@ static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, out_dev = __in_dev_get_rcu(dev); if (!out_dev) { net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n"); - return -EINVAL; + return reason; } err = fib_validate_source(skb, saddr, daddr, dscp, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { - err = -EINVAL; + reason = -err; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -1820,7 +1822,7 @@ static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, */ if (out_dev == in_dev && IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) { - err = -EINVAL; + reason = SKB_DROP_REASON_ARP_PVLAN_DISABLE; goto cleanup; } } @@ -1843,7 +1845,7 @@ static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, rth = rt_dst_alloc(out_dev->dev, 0, res->type, IN_DEV_ORCONF(out_dev, NOXFRM)); if (!rth) { - err = -ENOBUFS; + reason = SKB_DROP_REASON_NOMEM; goto cleanup; } @@ -1857,9 +1859,9 @@ static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, lwtunnel_set_redirect(&rth->dst); skb_dst_set(skb, &rth->dst); out: - err = 0; - cleanup: - return err; + reason = SKB_NOT_DROPPED_YET; +cleanup: + return reason; } #ifdef CONFIG_IP_ROUTE_MULTIPATH @@ -2117,9 +2119,10 @@ int fib_multipath_hash(const struct net *net, const struct flowi4 *fl4, } #endif /* CONFIG_IP_ROUTE_MULTIPATH */ -static int ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, - struct in_device *in_dev, __be32 daddr, - __be32 saddr, dscp_t dscp, struct flow_keys *hkeys) +static enum skb_drop_reason +ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, + struct in_device *in_dev, __be32 daddr, + __be32 saddr, dscp_t dscp, struct flow_keys *hkeys) { #ifdef CONFIG_IP_ROUTE_MULTIPATH if (res->fi && fib_info_num_path(res->fi) > 1) { @@ -2333,9 +2336,8 @@ ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, } make_route: - err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, flkeys); - if (!err) - reason = SKB_NOT_DROPPED_YET; + reason = ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, + flkeys); out: return reason; From patchwork Thu Nov 7 12:56:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Menglong Dong X-Patchwork-Id: 13866429 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 826042161E6; Thu, 7 Nov 2024 12:57:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.193 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984273; cv=none; b=OMv8jtGyKJmoe83ouEy5/AILVuzKtySSBYen36mSRaAD8pcfCjiPyY3AebrL2P2zXw49QGK+D/ebTLR1GX1Pg9BZ8XAaMLDDtpyW/02wmuJPZS1Lcy9C1jpTysdBsGbMMUSjta7q+Z3txqC3gaATf8tYQUejOdAqE0LIWS8EHcM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730984273; c=relaxed/simple; bh=IYn5S1cwhtaOTvDqjZaJaEnCKsh15AhHI5yVgkDK9C0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=hVrmDsujs5RVSY9vnZeL7GA9nq9oi0o8M89xZ0k+4o8ecmW3XCIo+xIcQ1H2JKTKoGvKANnruN/vKif8A0DXWClL0KueH1cEGjdGKE+BRnqw0M3mJ4jbHgaWLg7seGYCtslEguX2apxWuqnn7olqK//I0V1CuLKpRyx6HPgpYaA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=B1lWcwnz; arc=none smtp.client-ip=209.85.210.193 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="B1lWcwnz" Received: by mail-pf1-f193.google.com with SMTP id d2e1a72fcca58-723f37dd76cso822512b3a.0; Thu, 07 Nov 2024 04:57:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730984271; x=1731589071; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fHVagOVhSGH6WueHgFMGm5lkR8eH7OQCXVH1PePUNsk=; b=B1lWcwnzcTWtxmIf7lEoNvDci1+pjEHE6M3cflYgFp5BdHXT78xi/11/L1334k5dhu jMo+EJr7UWZgVNRX+jrQNtBHSdNNQ9CnZqCOTiHIiv10Qu1ZjF0e8nfGymQ1wiIhVHWo Vo32jbXAS91PBI8JyZ3MZicyRzRpyPxwGWU6B9w0opH/rquqSFBI5/CH1BpWgxC0Ik0V p0FoRNyor1a5RKLD6iE9xfj6WfoMwyH7dswaEKKBxHwBdYp/cogAGr/6yWddW1ReMk1h mNcO2b5ossqeHYG2clqG6QDn7anlbPqgffF7BB8bsSEF8lRTpFA9GYq3K+yxz9SnLtMV dc+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730984271; x=1731589071; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fHVagOVhSGH6WueHgFMGm5lkR8eH7OQCXVH1PePUNsk=; b=niy73DlIMfEQDQxxXAxn0gEpD4Y/4MobV+5ijO+ctTYrzOlKR9R0DUoREyZkwjLjOq irfMa8udRt4PGCAM/nZEHuAQXY/6AZ0TA3xU9Lx5JufYE170kiEcJ78xl4OcictNcxoq x+86cYDvtfIJFg8Fl1TTUzsaFLlv4o0XKY5iDQx7EAssehRLxF9BDSJhmNJCgueCt8/W Jbk+0S2O3fzZ4Ji7gYu/Ov9zTOf4zeWWxIN6QpAlRn6Nysam9G3xVL5Rnvz4qLOIr6Yv PQgR7hQ3AEFc7kvhUa0VLWB7zICZ81f87Q0W6vBQjFLjAx1gDazYIV6Vh3SpgKKlCrXd +rjA== X-Forwarded-Encrypted: i=1; AJvYcCV7olNwgGb1cShHYVGxkwZmxzb4j4nw1y60BSVVRzHZQKK+jY/pHiDBsmbQmRqAdyNLTfgL+gQA3oh2CCBTioCa@vger.kernel.org, AJvYcCW21VZbGnRkHA4H6qH3RHeu6YOO9BFpCjFVpoTqHxx0ZB0qmrQMwaqmJt6j+Gc3jO256AYoFOHx@vger.kernel.org, AJvYcCW4bs/xATchbZtuT/wPfXjpMST5vkhqSI82afRp7mvnLJvJocj3jkjIsBfMrz7CDRFvb2I=@vger.kernel.org, AJvYcCWcyU0YsurY1k3oGw3KxAso/dvGZYmYbapOEom1B1gSVj4Px6MKcAdkFCL/1ooN5sVDOTGhqA0C3pJhQQZl@vger.kernel.org X-Gm-Message-State: AOJu0YybtQ1E5G+XGirSUd6ygy+k0vkmwM59wqetYhu5LlFOc3aBHIHo /Q//ZaJbujJOE5qbqC7Vgutaha2R4+4W5TIXqmwwVkmcA9+6Bcjx X-Google-Smtp-Source: AGHT+IF6AoyPkVC2cAAzV84e4L7QNNOe4LnFK0pviynupGO5O8bo/1kcyphCsBxr8Xqaoavaqu60DA== X-Received: by 2002:a05:6a20:7488:b0:1d2:e888:3a8e with SMTP id adf61e73a8af0-1dc17a2a834mr1201478637.18.1730984270964; Thu, 07 Nov 2024 04:57:50 -0800 (PST) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7240785ffeesm1441651b3a.3.2024.11.07.04.57.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Nov 2024 04:57:50 -0800 (PST) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH net-next v5 9/9] net: ip: make ip_route_use_hint() return drop reasons Date: Thu, 7 Nov 2024 20:56:01 +0800 Message-Id: <20241107125601.1076814-10-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241107125601.1076814-1-dongml2@chinatelecom.cn> References: <20241107125601.1076814-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In this commit, we make ip_route_use_hint() return drop reasons. The drop reasons that we return are similar to what we do in ip_route_input_slow(), and no drop reasons are added in this commit. Signed-off-by: Menglong Dong --- v5: - replace "return 0" with "return SKB_NOT_DROPPED_YET" in ip_route_use_hint() --- include/net/route.h | 7 ++++--- net/ipv4/ip_input.c | 9 ++++----- net/ipv4/route.c | 28 +++++++++++++++++----------- 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index f4ab5412c9c9..4debc335d276 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -206,9 +206,10 @@ ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, enum skb_drop_reason ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); -int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - const struct sk_buff *hint); +enum skb_drop_reason +ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + const struct sk_buff *hint); static inline enum skb_drop_reason ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 513eb0c6435a..f0a4dda246ab 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -322,15 +322,14 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, int err, drop_reason; struct rtable *rt; - drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; - if (ip_can_use_hint(skb, iph, hint)) { - err = ip_route_use_hint(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev, hint); - if (unlikely(err)) + drop_reason = ip_route_use_hint(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev, hint); + if (unlikely(drop_reason)) goto drop_error; } + drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; if (READ_ONCE(net->ipv4.sysctl_ip_early_demux) && !skb_dst(skb) && !skb->sk && diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 5061a935ce62..d1c4367d3c20 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2141,28 +2141,34 @@ ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, * assuming daddr is valid and the destination is not a local broadcast one. * Uses the provided hint instead of performing a route lookup. */ -int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - const struct sk_buff *hint) +enum skb_drop_reason +ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + const struct sk_buff *hint) { + enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev = __in_dev_get_rcu(dev); struct rtable *rt = skb_rtable(hint); struct net *net = dev_net(dev); - enum skb_drop_reason reason; - int err = -EINVAL; u32 tag = 0; if (!in_dev) - return -EINVAL; + return reason; - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + reason = SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } - if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason = SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } if (rt->rt_type != RTN_LOCAL) goto skip_validate_source; @@ -2174,11 +2180,11 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, skip_validate_source: skb_dst_copy(skb, hint); - return 0; + return SKB_NOT_DROPPED_YET; martian_source: ip_handle_martian_source(dev, in_dev, skb, daddr, saddr); - return err; + return reason; } /* get device for dst_alloc with local routes */