In this commit, we make ip_route_use_hint() return drop reasons. The
drop reasons that we return are similar to what we do in
ip_route_input_slow(), and no drop reasons are added in this commit.

Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>
---
 include/net/route.h |  7 ++++---
 net/ipv4/ip_input.c |  9 ++++-----
 net/ipv4/route.c    | 26 ++++++++++++++++----------
 3 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/include/net/route.h b/include/net/route.h
index f4ab5412c9c9..4debc335d276 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -206,9 +206,10 @@ ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 enum skb_drop_reason
 ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 		     dscp_t dscp, struct net_device *dev);
-int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
-		      dscp_t dscp, struct net_device *dev,
-		      const struct sk_buff *hint);
+enum skb_drop_reason
+ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
+		  dscp_t dscp, struct net_device *dev,
+		  const struct sk_buff *hint);
 
 static inline enum skb_drop_reason
 ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp,
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 513eb0c6435a..f0a4dda246ab 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -322,15 +322,14 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk,
 	int err, drop_reason;
 	struct rtable *rt;
 
-	drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
-
 	if (ip_can_use_hint(skb, iph, hint)) {
-		err = ip_route_use_hint(skb, iph->daddr, iph->saddr,
-					ip4h_dscp(iph), dev, hint);
-		if (unlikely(err))
+		drop_reason = ip_route_use_hint(skb, iph->daddr, iph->saddr,
+						ip4h_dscp(iph), dev, hint);
+		if (unlikely(drop_reason))
 			goto drop_error;
 	}
 
+	drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
 	if (READ_ONCE(net->ipv4.sysctl_ip_early_demux) &&
 	    !skb_dst(skb) &&
 	    !skb->sk &&
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index e248e5577d0e..7f969c865c81 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2142,28 +2142,34 @@ ip_mkroute_input(struct sk_buff *skb, struct fib_result *res,
  * assuming daddr is valid and the destination is not a local broadcast one.
  * Uses the provided hint instead of performing a route lookup.
  */
-int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
-		      dscp_t dscp, struct net_device *dev,
-		      const struct sk_buff *hint)
+enum skb_drop_reason
+ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
+		  dscp_t dscp, struct net_device *dev,
+		  const struct sk_buff *hint)
 {
+	enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
 	struct in_device *in_dev = __in_dev_get_rcu(dev);
 	struct rtable *rt = skb_rtable(hint);
 	struct net *net = dev_net(dev);
-	enum skb_drop_reason reason;
-	int err = -EINVAL;
 	u32 tag = 0;
 
 	if (!in_dev)
-		return -EINVAL;
+		return reason;
 
-	if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
+	if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) {
+		reason = SKB_DROP_REASON_IP_INVALID_SOURCE;
 		goto martian_source;
+	}
 
-	if (ipv4_is_zeronet(saddr))
+	if (ipv4_is_zeronet(saddr)) {
+		reason = SKB_DROP_REASON_IP_INVALID_SOURCE;
 		goto martian_source;
+	}
 
-	if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
+	if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) {
+		reason = SKB_DROP_REASON_IP_LOCALNET;
 		goto martian_source;
+	}
 
 	if (rt->rt_type != RTN_LOCAL)
 		goto skip_validate_source;
@@ -2179,7 +2185,7 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 
 martian_source:
 	ip_handle_martian_source(dev, in_dev, skb, daddr, saddr);
-	return err;
+	return reason;
 }
 
 /* get device for dst_alloc with local routes */
-- 
2.39.5

On 10/30/24 02:41, Menglong Dong wrote:
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index e248e5577d0e..7f969c865c81 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -2142,28 +2142,34 @@ ip_mkroute_input(struct sk_buff *skb, struct fib_result *res,
>   * assuming daddr is valid and the destination is not a local broadcast one.
>   * Uses the provided hint instead of performing a route lookup.
>   */
> -int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> -		      dscp_t dscp, struct net_device *dev,
> -		      const struct sk_buff *hint)
> +enum skb_drop_reason
> +ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> +		  dscp_t dscp, struct net_device *dev,
> +		  const struct sk_buff *hint)
>  {
> +	enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
>  	struct in_device *in_dev = __in_dev_get_rcu(dev);
>  	struct rtable *rt = skb_rtable(hint);
>  	struct net *net = dev_net(dev);
> -	enum skb_drop_reason reason;
> -	int err = -EINVAL;
>  	u32 tag = 0;
>  
>  	if (!in_dev)
> -		return -EINVAL;
> +		return reason;
>  
> -	if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
> +	if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) {
> +		reason = SKB_DROP_REASON_IP_INVALID_SOURCE;
>  		goto martian_source;
> +	}
>  
> -	if (ipv4_is_zeronet(saddr))
> +	if (ipv4_is_zeronet(saddr)) {
> +		reason = SKB_DROP_REASON_IP_INVALID_SOURCE;
>  		goto martian_source;
> +	}
>  
> -	if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
> +	if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) {
> +		reason = IP_LOCALNET;
>  		goto martian_source;
> +	}
>  
>  	if (rt->rt_type != RTN_LOCAL)
>  		goto skip_validate_source;

Please explicitly replace also the

	return 0;

with

	return SKB_NOT_DROPPED_YET;

So that is clear the drop reason is always specified.

Thanks,

Paolo

On Tue, Nov 5, 2024 at 7:28 PM Paolo Abeni <pabeni@redhat.com> wrote:
>
> On 10/30/24 02:41, Menglong Dong wrote:
> > diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> > index e248e5577d0e..7f969c865c81 100644
> > --- a/net/ipv4/route.c
> > +++ b/net/ipv4/route.c
> > @@ -2142,28 +2142,34 @@ ip_mkroute_input(struct sk_buff *skb, struct fib_result *res,
> >   * assuming daddr is valid and the destination is not a local broadcast one.
> >   * Uses the provided hint instead of performing a route lookup.
> >   */
> > -int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> > -                   dscp_t dscp, struct net_device *dev,
> > -                   const struct sk_buff *hint)
> > +enum skb_drop_reason
> > +ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr,
> > +               dscp_t dscp, struct net_device *dev,
> > +               const struct sk_buff *hint)
> >  {
> > +     enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
> >       struct in_device *in_dev = __in_dev_get_rcu(dev);
> >       struct rtable *rt = skb_rtable(hint);
> >       struct net *net = dev_net(dev);
> > -     enum skb_drop_reason reason;
> > -     int err = -EINVAL;
> >       u32 tag = 0;
> >
> >       if (!in_dev)
> > -             return -EINVAL;
> > +             return reason;
> >
> > -     if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr))
> > +     if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) {
> > +             reason = SKB_DROP_REASON_IP_INVALID_SOURCE;
> >               goto martian_source;
> > +     }
> >
> > -     if (ipv4_is_zeronet(saddr))
> > +     if (ipv4_is_zeronet(saddr)) {
> > +             reason = SKB_DROP_REASON_IP_INVALID_SOURCE;
> >               goto martian_source;
> > +     }
> >
> > -     if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net))
> > +     if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) {
> > +             reason = IP_LOCALNET;
> >               goto martian_source;
> > +     }
> >
> >       if (rt->rt_type != RTN_LOCAL)
> >               goto skip_validate_source;
>
> Please explicitly replace also the
>
>         return 0;
>
> with
>
>         return SKB_NOT_DROPPED_YET;
>
> So that is clear the drop reason is always specified.

Okay!

Thanks!
Menglong Dong


> Thanks,
>
> Paolo
>