From nobody Mon Nov 25 04:55:54 2024 Received: from mail-il1-f196.google.com (mail-il1-f196.google.com [209.85.166.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92CD5BE46; Wed, 30 Oct 2024 01:43:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252585; cv=none; b=FVuYUE2YHbtH6AGtrs1qUfKojP9fGinVghOZ/Y1kU3w8kX6WMxvTQ1tF6K/YHqGZEqcCBF2RCfNJAQ+nCqNWTguZal10ad6biC5x9w4so3XCb7o9ioyqNuEohqGztymgWsa0teP+Yl/OJfleDXxs0ALcNX31WS1Om95Q+UL+W68= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252585; c=relaxed/simple; bh=VRFZX0PxZ+x+OxZ+v3J66P8Bzgc+fTvBmulPtkU+gqY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=S6ETEhQ0C6wJ4030NUUiPdDbZC1SeRiifWsRtDn/8ItCaWcKd34P8MAFPpZCgWToaDOsronEDeI4ZkRNXcXk709522qu1M4ByrN9MfCeNgNjAIBb3ijc6XQC0TISKz5lABxBxY4hD0rTFEucR/iLan+tmZin/c5HvaxVlciCy78= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IENMWcKV; arc=none smtp.client-ip=209.85.166.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IENMWcKV" Received: by mail-il1-f196.google.com with SMTP id e9e14a558f8ab-3a3b6b281d4so24621935ab.0; Tue, 29 Oct 2024 18:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252581; x=1730857381; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6G2CC+sHGPF4Txdej5kZadhy+Szsb6AhNP7Za8Jlvvk=; b=IENMWcKVLslPqdUJ1CeS8/1QAkRyWumczcVitv+Mepc/YeOOAd9sWnb461bfF5hg2f q/6DCiZSL4jfWzwWRcwnD+PV4hAORUj177V12OS48NvYt4ONjCDJT9ft/UzQnJwZrfpo bX8CmA0uNR4RoIEUYuFgZzuX3kUY/BPtZPReKCnhOdGJHWNVMT9Eq2mL5mx4FqzW8PKp J8Y/sq2PiaY4VfW+39uHrGTzleRp+WUuh+hSAjoYbozI3KxjfVg5wPxz3uqX5DWlZni+ ScxSnb4iWDkKIvrbN9bACXtHicgE8EOYhdz9cg0bGFHbaz7f8SJlmtjHBG+usg4rcdRQ f/Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252581; x=1730857381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6G2CC+sHGPF4Txdej5kZadhy+Szsb6AhNP7Za8Jlvvk=; b=LWs9slhRzVRTIHo2csm5m7u3SlzM950GjYOpO49ah7dN/N4XdnTJr04Lw0TFQx3V1o HqenGfS7qmOTJE1hAE4bUVOLejUo+sw/Hina3Vivw4cIxCZYN695UD7ZpBjfnaH1v37r wnN1ZRWgmdKlfrlxk5LaMlS+UohdmtWqjT2Ks4Nbw0CN8/5cVajM8soQjsSnu3oMWJWo S0jLY5WKrh9ngy1TFS3YmJ9eDz6fBej0mPqjlxeIZLzMnf58ED9wqdHsSOso4bodDuEw COKW8UEqXOh+SkLdZrQMbHclNoD4VOHAwt00w2/Z51aV2flx76rD/LAQifk2UafVMbhH 64pg== X-Forwarded-Encrypted: i=1; AJvYcCU98wWbTY5jBa0tt0JteifNC/gttEOrWYW/ncsYSuDh2yd3g/2YksP3VOUDnpgzcuKd3vxFkq1Av6X+j/B5nN6T@vger.kernel.org, AJvYcCUGyBQrDJmdUulXwThDvac8caTxVkNd+fQRz9WLSm1/cTNPBfaccb5CPHCDtHcBTkEPzpA8USFnLhmQA90u@vger.kernel.org, AJvYcCXH3S0mO3mSGGU1+Cw4TagS2N+zXwhQnNdXIry1FhFfGWL7lUmqFtpXkQIbfasXo0hLMdxq1Eq8@vger.kernel.org, AJvYcCXVuo3LQDeaNvsQfheRHVvAkh8ZFDxZ+XST0OMvF6u6GCF1iSsR6SdJRMPu3zPEdYAiJl8=@vger.kernel.org X-Gm-Message-State: AOJu0YxO/rMwtdIeCI0LVPrZyQEsML37LW+wcVeLF0pEaI+pb4LMzOP3 N7jBZongwOKQZg8HZI/JI0Wo2ZVvTNXiqGyqtdgBQGHhHWkCEytR X-Google-Smtp-Source: AGHT+IGK/Bom/ziWuMrmOalMch1SIV5PLSJf5PfU79hyLLPx7QQeAwQNfud9F8HBJLvUQiUq63287A== X-Received: by 2002:a05:6e02:19ca:b0:3a4:e38f:5ba5 with SMTP id e9e14a558f8ab-3a4ed2a9d8emr143755305ab.15.1730252580599; Tue, 29 Oct 2024 18:43:00 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.42.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:00 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 1/9] net: ip: make fib_validate_source() support drop reasons Date: Wed, 30 Oct 2024 09:41:37 +0800 Message-Id: <20241030014145.1409628-2-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make fib_validate_source() and __fib_validate_source() return -reason instead of errno on error. The return value of fib_validate_source can be -errno, 0, and 1. It's hard to make fib_validate_source() return drop reasons directly. The fib_validate_source() will return 1 if the scope of the source(revert) route is HOST. And the __mkroute_input() will mark the skb with IPSKB_DOREDIRECT in this case (combine with some other conditions). And then, a REDIRECT ICMP will be sent in ip_forward() if this flag exists. We can't pass this information to __mkroute_input if we make fib_validate_source() return drop reasons. Therefore, we introduce the wrapper fib_validate_source_reason() for fib_validate_source(), which will return the drop reasons on error. In the origin logic, LINUX_MIB_IPRPFILTER will be counted if fib_validate_source() return -EXDEV. And now, we need to adjust it by checking "reason =3D=3D SKB_DROP_REASON_IP_RPFILTER". However, this will ta= ke effect only after the patch "net: ip: make ip_route_input_noref() return drop reasons", as we can't pass the drop reasons from fib_validate_source() to ip_rcv_finish_core() in this patch. Following new drop reasons are added in this patch: SKB_DROP_REASON_IP_LOCAL_SOURCE SKB_DROP_REASON_IP_INVALID_SOURCE Signed-off-by: Menglong Dong --- v4: - don't refactor fib_validate_source/__fib_validate_source, and introduce a wrapper for fib_validate_source() instead. v2: - make fib_validate_source() return drop reasons, instead of -reason. --- include/net/dropreason-core.h | 10 ++++++++++ include/net/ip_fib.h | 12 ++++++++++++ net/ipv4/fib_frontend.c | 17 ++++++++++++----- net/ipv4/ip_input.c | 4 +--- net/ipv4/route.c | 33 +++++++++++++++++++-------------- 5 files changed, 54 insertions(+), 22 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index d59bb96c5a02..62a60be1db84 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -76,6 +76,8 @@ FN(INVALID_PROTO) \ FN(IP_INADDRERRORS) \ FN(IP_INNOROUTES) \ + FN(IP_LOCAL_SOURCE) \ + FN(IP_INVALID_SOURCE) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -373,6 +375,14 @@ enum skb_drop_reason { * IPSTATS_MIB_INADDRERRORS */ SKB_DROP_REASON_IP_INNOROUTES, + /** @SKB_DROP_REASON_IP_LOCAL_SOURCE: the source ip is local */ + SKB_DROP_REASON_IP_LOCAL_SOURCE, + /** + * @SKB_DROP_REASON_IP_INVALID_SOURCE: the source ip is invalid: + * 1) source ip is multicast or limited broadcast + * 2) source ip is zero and not IGMP + */ + SKB_DROP_REASON_IP_INVALID_SOURCE, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index b6e44f4eaa4c..a113c11ab56b 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -452,6 +452,18 @@ int fib_validate_source(struct sk_buff *skb, __be32 sr= c, __be32 dst, dscp_t dscp, int oif, struct net_device *dev, struct in_device *idev, u32 *itag); =20 +static inline enum skb_drop_reason +fib_validate_source_reason(struct sk_buff *skb, __be32 src, __be32 dst, + dscp_t dscp, int oif, struct net_device *dev, + struct in_device *idev, u32 *itag) +{ + int err =3D fib_validate_source(skb, src, dst, dscp, oif, dev, idev, + itag); + if (err < 0) + return -err; + return SKB_NOT_DROPPED_YET; +} + #ifdef CONFIG_IP_ROUTE_CLASSID static inline int fib_num_tclassid_users(struct net *net) { diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 0c9ce934b490..87bb36a5bdec 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -346,6 +346,7 @@ static int __fib_validate_source(struct sk_buff *skb, _= _be32 src, __be32 dst, int rpf, struct in_device *idev, u32 *itag) { struct net *net =3D dev_net(dev); + enum skb_drop_reason reason; struct flow_keys flkeys; int ret, no_addr; struct fib_result res; @@ -377,9 +378,15 @@ static int __fib_validate_source(struct sk_buff *skb, = __be32 src, __be32 dst, =20 if (fib_lookup(net, &fl4, &res, 0)) goto last_resort; - if (res.type !=3D RTN_UNICAST && - (res.type !=3D RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) - goto e_inval; + if (res.type !=3D RTN_UNICAST) { + if (res.type !=3D RTN_LOCAL) { + reason =3D SKB_DROP_REASON_IP_INVALID_SOURCE; + goto e_inval; + } else if (!IN_DEV_ACCEPT_LOCAL(idev)) { + reason =3D SKB_DROP_REASON_IP_LOCAL_SOURCE; + goto e_inval; + } + } fib_combine_itag(itag, &res); =20 dev_match =3D fib_info_nh_uses_dev(res.fi, dev); @@ -412,9 +419,9 @@ static int __fib_validate_source(struct sk_buff *skb, _= _be32 src, __be32 dst, return 0; =20 e_inval: - return -EINVAL; + return -reason; e_rpf: - return -EXDEV; + return -SKB_DROP_REASON_IP_RPFILTER; } =20 /* Ignore rp_filter for packets protected by IPsec. */ diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 89bb63da6852..c40a26972884 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -425,10 +425,8 @@ static int ip_rcv_finish_core(struct net *net, struct = sock *sk, return NET_RX_DROP; =20 drop_error: - if (err =3D=3D -EXDEV) { - drop_reason =3D SKB_DROP_REASON_IP_RPFILTER; + if (drop_reason =3D=3D SKB_DROP_REASON_IP_RPFILTER) __NET_INC_STATS(net, LINUX_MIB_IPRPFILTER); - } goto drop; } =20 diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 763398e08b7d..f64c0221c221 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1669,7 +1669,7 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32= daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, struct in_device *in_dev, u32 *itag) { - int err; + enum skb_drop_reason reason; =20 /* Primary sanity checks. */ if (!in_dev) @@ -1687,10 +1687,10 @@ int ip_mc_validate_source(struct sk_buff *skb, __be= 32 daddr, __be32 saddr, ip_hdr(skb)->protocol !=3D IPPROTO_IGMP) return -EINVAL; } else { - err =3D fib_validate_source(skb, saddr, 0, dscp, 0, dev, in_dev, - itag); - if (err < 0) - return err; + reason =3D fib_validate_source_reason(skb, saddr, 0, dscp, 0, + dev, in_dev, itag); + if (reason) + return -EINVAL; } return 0; } @@ -1788,6 +1788,7 @@ static int __mkroute_input(struct sk_buff *skb, const= struct fib_result *res, err =3D fib_validate_source(skb, saddr, daddr, dscp, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { + err =3D -EINVAL; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); =20 @@ -2140,6 +2141,7 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 dad= dr, __be32 saddr, struct in_device *in_dev =3D __in_dev_get_rcu(dev); struct rtable *rt =3D skb_rtable(hint); struct net *net =3D dev_net(dev); + enum skb_drop_reason reason; int err =3D -EINVAL; u32 tag =3D 0; =20 @@ -2158,9 +2160,9 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 dad= dr, __be32 saddr, if (rt->rt_type !=3D RTN_LOCAL) goto skip_validate_source; =20 - err =3D fib_validate_source(skb, saddr, daddr, dscp, 0, dev, in_dev, - &tag); - if (err < 0) + reason =3D fib_validate_source_reason(skb, saddr, daddr, dscp, 0, dev, + in_dev, &tag); + if (reason) goto martian_source; =20 skip_validate_source: @@ -2202,6 +2204,7 @@ static int ip_route_input_slow(struct sk_buff *skb, _= _be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, struct fib_result *res) { + enum skb_drop_reason reason =3D SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev =3D __in_dev_get_rcu(dev); struct flow_keys *flkeys =3D NULL, _flkeys; struct net *net =3D dev_net(dev); @@ -2296,10 +2299,11 @@ static int ip_route_input_slow(struct sk_buff *skb,= __be32 daddr, __be32 saddr, goto brd_input; } =20 + err =3D -EINVAL; if (res->type =3D=3D RTN_LOCAL) { - err =3D fib_validate_source(skb, saddr, daddr, dscp, 0, dev, - in_dev, &itag); - if (err < 0) + reason =3D fib_validate_source_reason(skb, saddr, daddr, dscp, + 0, dev, in_dev, &itag); + if (reason) goto martian_source; goto local_input; } @@ -2320,9 +2324,10 @@ out: return err; goto e_inval; =20 if (!ipv4_is_zeronet(saddr)) { - err =3D fib_validate_source(skb, saddr, 0, dscp, 0, dev, in_dev, - &itag); - if (err < 0) + err =3D -EINVAL; + reason =3D fib_validate_source_reason(skb, saddr, 0, dscp, 0, + dev, in_dev, &itag); + if (reason) goto martian_source; } flags |=3D RTCF_BROADCAST; --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-oa1-f68.google.com (mail-oa1-f68.google.com [209.85.160.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD4C01946DA; Wed, 30 Oct 2024 01:43:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252589; cv=none; b=MmY1F7aNYb/I5BJE/oCebfPlD8wROmf/x6oO4PCCHnFGz8Yy79j2YfL2MOYvvVM4cErLFTr8CfsyDiFJ9HyIeQbHPekMDKgF847a2c8vG2rCKY2D4Uc4s8qhpxRki+htrt55oL/JCRLECWcx6QMdATlL5+2Vl8iEZ9RIOJEirYQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252589; c=relaxed/simple; bh=jalKiGNYxieOdmuauWZ46l1HYvkQABXljddM93EYgn4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=scffEXbfNdnF22npUwsRL9Q9clR2JzYEf03unOw/U2FZwMc+nEWy5ocLw8oUB8S8ecIo1ccU70xvF/5SBUazNzhb804MqlzMV1825jJvACLiNxOuXp9VXvdeojbf2wmhZTuzgjqqMs5SIfBsJFKoCJuj25zhXqTkZVrK3qqjY1I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lWstQQNC; arc=none smtp.client-ip=209.85.160.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lWstQQNC" Received: by mail-oa1-f68.google.com with SMTP id 586e51a60fabf-27beb2496f4so2157014fac.1; Tue, 29 Oct 2024 18:43:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252587; x=1730857387; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YCNnhtybNfvt04iDpo5zyre6+yqd+pwPbIIAs/JSjPU=; b=lWstQQNCFg5Yc+SH+fKKaQmr86FDtU7GJYjBW9xtR14tQabEiz6hR7fjNOnNcLlV+x KmHMckct7IG95PiLlbvRajNw+jnt1vCBFT8l6cNgPkfMjtRcrjQSTFqEZP/mXqPBvt1K 6BTy1H+uEqp4Ff1/l+lAVEe+aRpUSIhwtOLDKercCjJTC6jyuVrfsiZQSxduCOygVFol Rscwi0KaIj6yL7dKJx7KVZZYN8Muoh131Ng85Dy/LDQGUGw5fnFo5KjQOGKDswHihknC j4y/Wf8E1AAwc6Ass/8KiTTWDccvlig6Qy9rt2JKmY7dKKvBEx0+xcP79zm/gxnXqW0U EbvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252587; x=1730857387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YCNnhtybNfvt04iDpo5zyre6+yqd+pwPbIIAs/JSjPU=; b=MU6X/fBl9qKPgnwwlQGYHU8c4P3pBDVKTjOkgZ7oY2QMep03Ind1AmVTYIdiId6k2r lSg1/UQLA8LPZOM0WkJoJVJyhcJewbKEbkfzmRaT13L1M/GDe65zURgxP5D1hCozqSnJ Rrs0/VyeUFCq0V1W2NKrzIpEvOVCNvPPpHH/qEyGsdaMRqVUpDDo9OgGhJsHd0FtAvrU m0oLvckPH0hMfFXD+VXV5yef9fEiqGEPDiguQNNVA582Tsb1Oofusmd2zKn7+rOwUmvI tI1BIJEIXn8HxNK2Lx91MyB53jYTUO+1DOZbhWwb1Wocx6cm2CDLGlf+Rto/WM0/Sh0Y f4YQ== X-Forwarded-Encrypted: i=1; AJvYcCUReyO7V65qZTUQDfuI+hr1kg91fXYdiLk9okg8AlJ8RHITs+q0TRp+q1a1gtqvI7jEv9pCYNRE8E682fVH8TEn@vger.kernel.org, AJvYcCVlQszUs2ohNBBT4ZHZQ2S6AN5WYCYUx9E/RgR3oBkc+r9XS9stbfev3F+GVDv7oLSmP+U=@vger.kernel.org, AJvYcCWkFd48DwlcL8n69UitqhKDAgJjlmCondIR5pFnovZBaeyycX4ik5w26F1WrWcnyscGiSGEzaPkuJ1uVZfB@vger.kernel.org, AJvYcCXxeURpKFjmQ0FJiKxMvVe6nCfNG3RBcmizgUA5i0ITJmK/uSI6GgFG9oZprPiF7CWpUmDujf5c@vger.kernel.org X-Gm-Message-State: AOJu0Yy8S/hT9+RGa4Vynx5b1TeidpWWmqzZOqUMycFofY4jqrGx54ok 0m60VGs9T+wtdrVxO301zTbWfffpI0NyH/b29fyxnFs12zkWuDKM X-Google-Smtp-Source: AGHT+IH8gM6H0784jdmZBrZyrQbLM9r7PuEpBa67ybDtGWd3l7ClBj6fVFjmhgiCBl1je3xf2Fcysg== X-Received: by 2002:a05:6870:4191:b0:277:fdce:6759 with SMTP id 586e51a60fabf-29051d49f6emr12807010fac.31.1730252586843; Tue, 29 Oct 2024 18:43:06 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:06 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 2/9] net: ip: make ip_route_input_mc() return drop reason Date: Wed, 30 Oct 2024 09:41:38 +0800 Message-Id: <20241030014145.1409628-3-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Make ip_route_input_mc() return drop reason, and adjust the call of it in ip_route_input_rcu(). Signed-off-by: Menglong Dong --- net/ipv4/route.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f64c0221c221..ccbaf6207299 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1696,8 +1696,9 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32= daddr, __be32 saddr, } =20 /* called in rcu_read_lock() section */ -static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 sad= dr, - dscp_t dscp, struct net_device *dev, int our) +static enum skb_drop_reason +ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, int our) { struct in_device *in_dev =3D __in_dev_get_rcu(dev); unsigned int flags =3D RTCF_MULTICAST; @@ -1708,7 +1709,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __b= e32 daddr, __be32 saddr, err =3D ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, &itag); if (err) - return err; + return SKB_DROP_REASON_NOT_SPECIFIED; =20 if (our) flags |=3D RTCF_LOCAL; @@ -1719,7 +1720,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __b= e32 daddr, __be32 saddr, rth =3D rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, false); if (!rth) - return -ENOBUFS; + return SKB_DROP_REASON_NOMEM; =20 #ifdef CONFIG_IP_ROUTE_CLASSID rth->dst.tclassid =3D itag; @@ -1735,7 +1736,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __b= e32 daddr, __be32 saddr, =20 skb_dst_drop(skb); skb_dst_set(skb, &rth->dst); - return 0; + return SKB_NOT_DROPPED_YET; } =20 =20 @@ -2433,12 +2434,12 @@ static int ip_route_input_rcu(struct sk_buff *skb, = __be32 daddr, __be32 saddr, * route cache entry is created eventually. */ if (ipv4_is_multicast(daddr)) { + enum skb_drop_reason reason =3D SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev =3D __in_dev_get_rcu(dev); int our =3D 0; - int err =3D -EINVAL; =20 if (!in_dev) - return err; + return -EINVAL; our =3D ip_check_mc_rcu(in_dev, daddr, saddr, ip_hdr(skb)->protocol); =20 @@ -2459,10 +2460,10 @@ static int ip_route_input_rcu(struct sk_buff *skb, = __be32 daddr, __be32 saddr, IN_DEV_MFORWARD(in_dev)) #endif ) { - err =3D ip_route_input_mc(skb, daddr, saddr, dscp, dev, - our); + reason =3D ip_route_input_mc(skb, daddr, saddr, dscp, + dev, our); } - return err; + return reason ? -EINVAL : 0; } =20 return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68ED31946DA; Wed, 30 Oct 2024 01:43:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.194 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252595; cv=none; b=htcBUbJGw05x0eKpvVmnu+g8PA6kQERTetHB3F2YexNu93jBwy0zlLblg+1sjx4WHA0lopNsDMlj5UtDC8MElkOuHBpkm9/peMez+aADFDU+R8MNmvwb42IcRuZjSoFpR8cPlIRnxzGmJEKYoMpAVismhE/uPr7ei5AR0nFsZGc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252595; c=relaxed/simple; bh=Hwlyk1RkZ8H0cJe0cYToxVJgBU3qh+yZ7+dZVE9YlwY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=hHa4ydY5+RCAKNQbs+/6Fc10g5CCiI9QFfdL+ECrubM9KmOi56uPSohAh6dvrJp+FLnQhQAt8r13+r0LPOZTPemahpijCJmqL2ganpy3lOWRyqbfXktSSl3hOynwqfbj+kHVelTEcogNCOUfZjrgx2YZob2A4tVAlgYD3XG5HBc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WBc/TwO5; arc=none smtp.client-ip=209.85.210.194 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WBc/TwO5" Received: by mail-pf1-f194.google.com with SMTP id d2e1a72fcca58-71ec12160f6so4415021b3a.3; Tue, 29 Oct 2024 18:43:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252593; x=1730857393; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PTqkz36ekB+JArtkSWdZup78l4dvG65c4a97rkbFY2g=; b=WBc/TwO5542SPGWNruX5lVBQspzzJGHENSno+6CODcsYcfFJHC3WR/xNqYqit5G0GU lxKUcU87cvJOkEffbCeOmo1rFFH3NWoFAbZsnUEJ+busrKdDEx9MjCZfjdL7snHIawa+ 9KnhpJWiF49A2KSWFQRtFPdkmiRTQXo7fiZgbTO0kcBRi3Ffv1Y1uvIUC9vOwh7nj+8+ KPVbworFHUxvUCsNFRqyz00OXTArARUD60DI4XJUJsCSrCu+pJOXQm8Xzjdt6QqETTur on7dtfJQ2MVuluvhuB0CRYsTimdPCsEsi9oDG987CLzGbsF3EV9YyJitEsymtfsa3JOp G9ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252593; x=1730857393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PTqkz36ekB+JArtkSWdZup78l4dvG65c4a97rkbFY2g=; b=YFfsQ8ZDexAgdRvaH2dVoWQgLqFGuTsyiOgz/WHc2u/vinZlUN13K4IEm2F7OBQ+Ax HuEV6uWLRZrp8pfO4dzxKtUL7OgMmOOWdpi0hlcoeNpQG3FPzHr/oLIeeet1nPy+pQAi g6IKwJkveOXPhGp6WyNSazqUe7YlgiEzxJNNvcS71Dtxn1aEQbev3eqoSTP3GUbU4AlL cu+ERed0zSpxruG9yOuog588wcKNZM1Db4h2LxP08EkEBx24yR3rWS9up9IXdec7kJO0 suu8MD1IWwN0AFpzaUKZcFfa4mRtgnOZIkjJlmqih/9C68ykdPdRI31lIQN6qffzleFd kFzg== X-Forwarded-Encrypted: i=1; AJvYcCU2umFSC711B/ceRi21lMZ3LvkZxq9blGGKZi9l8K1cYJXfeK7pcf1UJ/RAMLFR5lYHv5PIXfpzcDYoBcbG@vger.kernel.org, AJvYcCUUyDYjFNRxjv6CYC0SVgu4VnaItZSwBDsbhehs3D94BYnpVTVyfbbozHGY6BtVPnGATUE=@vger.kernel.org, AJvYcCUj6q14zQCPPDFKDSEXygsbjfico1NHVvubqbngNu4Gvh7q50FTxtfYRaciF9V2x1ViYxOrrm57lkvR2o1GPJ5r@vger.kernel.org, AJvYcCXoYRjFPNf1EHFVrajcSzXDbI7n+B1lB9+HHetdTPrYuIds5PV1KwNE4wPz39/cPJ04wpl7Jabf@vger.kernel.org X-Gm-Message-State: AOJu0YxzKW/TdvpKtrnRy0OEoWwnnW4fbF0kyI6oQnBcRvIzAWYK3rp0 daLThrIQn7SovJtUhz5kxem9IyKqQwAULpVuTB5g1ixAoGqmzutf X-Google-Smtp-Source: AGHT+IH4v8/G90ooRXuHL5VL3WvFQh+cZ0sV0/VQGuWaSAFe5MRXQsSg9uniFnbOt8/gKoCGGc1uKg== X-Received: by 2002:a05:6a20:b40b:b0:1d9:651:7d6c with SMTP id adf61e73a8af0-1d9a84d97famr19686543637.38.1730252592646; Tue, 29 Oct 2024 18:43:12 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:12 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 3/9] net: ip: make ip_mc_validate_source() return drop reason Date: Wed, 30 Oct 2024 09:41:39 +0800 Message-Id: <20241030014145.1409628-4-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Make ip_mc_validate_source() return drop reason, and adjust the call of it in ip_route_input_mc(). Another caller of it is ip_rcv_finish_core->udp_v4_early_demux, and the errno is not checked in detail, so we don't do more adjustment for it. The drop reason "SKB_DROP_REASON_IP_LOCALNET" is added in this commit. Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 3 +++ include/net/route.h | 7 ++++--- net/ipv4/route.c | 35 +++++++++++++++++++---------------- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 62a60be1db84..a2a1fb90e0e5 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -78,6 +78,7 @@ FN(IP_INNOROUTES) \ FN(IP_LOCAL_SOURCE) \ FN(IP_INVALID_SOURCE) \ + FN(IP_LOCALNET) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -383,6 +384,8 @@ enum skb_drop_reason { * 2) source ip is zero and not IGMP */ SKB_DROP_REASON_IP_INVALID_SOURCE, + /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ + SKB_DROP_REASON_IP_LOCALNET, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/include/net/route.h b/include/net/route.h index 586e59f7ed8a..a828a17a6313 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -199,9 +199,10 @@ static inline struct rtable *ip_route_output_gre(struc= t net *net, struct flowi4 return ip_route_output_key(net, fl4); } =20 -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct in_device *in_dev, u32 *itag); +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ccbaf6207299..566acd08aedf 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1665,34 +1665,37 @@ struct rtable *rt_dst_clone(struct net_device *dev,= struct rtable *rt) EXPORT_SYMBOL(rt_dst_clone); =20 /* called in rcu_read_lock() section */ -int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - struct in_device *in_dev, u32 *itag) +enum skb_drop_reason +ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct in_device *in_dev, u32 *itag) { enum skb_drop_reason reason; =20 /* Primary sanity checks. */ if (!in_dev) - return -EINVAL; + return SKB_DROP_REASON_NOT_SPECIFIED; =20 - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr) || - skb->protocol !=3D htons(ETH_P_IP)) - return -EINVAL; + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + return SKB_DROP_REASON_IP_INVALID_SOURCE; + + if (skb->protocol !=3D htons(ETH_P_IP)) + return SKB_DROP_REASON_INVALID_PROTO; =20 if (ipv4_is_loopback(saddr) && !IN_DEV_ROUTE_LOCALNET(in_dev)) - return -EINVAL; + return SKB_DROP_REASON_IP_LOCALNET; =20 if (ipv4_is_zeronet(saddr)) { if (!ipv4_is_local_multicast(daddr) && ip_hdr(skb)->protocol !=3D IPPROTO_IGMP) - return -EINVAL; + return SKB_DROP_REASON_IP_INVALID_SOURCE; } else { reason =3D fib_validate_source_reason(skb, saddr, 0, dscp, 0, dev, in_dev, itag); if (reason) - return -EINVAL; + return reason; } - return 0; + return SKB_NOT_DROPPED_YET; } =20 /* called in rcu_read_lock() section */ @@ -1702,14 +1705,14 @@ ip_route_input_mc(struct sk_buff *skb, __be32 daddr= , __be32 saddr, { struct in_device *in_dev =3D __in_dev_get_rcu(dev); unsigned int flags =3D RTCF_MULTICAST; + enum skb_drop_reason reason; struct rtable *rth; u32 itag =3D 0; - int err; =20 - err =3D ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, - &itag); - if (err) - return SKB_DROP_REASON_NOT_SPECIFIED; + reason =3D ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, + &itag); + if (reason) + return reason; =20 if (our) flags |=3D RTCF_LOCAL; --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 477A222315; Wed, 30 Oct 2024 01:43:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252602; cv=none; b=VpsruBEjTGWYRwttmMOl7bYIgb24fFj0QhJFvtahpfWwpHrGPg1mtX0ge8GRfBZqEjEPxk+LaBwb2uDqsG/K3ynYV8WtpeCcV7/CJqJ/88Y6t4zrfjHNuzN7oHhrF3TOSx0BIohWrttRJcTSPz6wDmXsK/tDYLYcIa+cH9ID7fI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252602; c=relaxed/simple; bh=LAqzk3ZeLSZRqj1ByixV8/2cQzVAafDYcEAPajrW45Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=KX8JyJCBGmhS0mL7OeaCxCnLx07xTChMjckNuiBfvW1MdxweFJNrlqMEn2K5I3/muCljq6wZVwhCpAEfNKlBZUT30H3o+SS+Ki1sW14BvcQ3USC0rhZZaX+iQ2nO43bCPDh665w86RD6d0VoPqVs7Cu1euzCRWRwhPMznSqwApA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RN8jIu06; arc=none smtp.client-ip=209.85.210.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RN8jIu06" Received: by mail-pf1-f196.google.com with SMTP id d2e1a72fcca58-71e4c2e36daso288757b3a.0; Tue, 29 Oct 2024 18:43:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252598; x=1730857398; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O9fMwGGcbp4z4vwxeeXuhogVmcPVJ1v4SFojuZQbris=; b=RN8jIu06OCTDKkn05tLSwaX+XbLC86gkpK9CvT1o/EtVz1/VTfTemgJnC45t8LRe/d +SRRNleOo92kwKJKTLabFuU0W5qJRpFP1jMYa5riodfUklERykgQQm9STDvApDhpUxx2 RVBYvpAj+GCQqOzLSYyCJ9UbTTqT4fnOPhj6Mw4BO4dQdhv8ukikTxjzEC39AW5NR5AG zrkWUna/rIu3jhdkv4fghc5PdiIgso2281yR07vDUZkDvnmcHoXVMlndLm3FNPokHbSw Ekv38Rggp/0a/WFWj1qN1v6ny+G7L6kwWjlaRnOPg80FARUQaVeHz3jkdN8RDKYLY2AS cVQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252598; x=1730857398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O9fMwGGcbp4z4vwxeeXuhogVmcPVJ1v4SFojuZQbris=; b=uusp+scwXapgzCqvXi7ltJfUZXLdNRs9/MP/RVPFaFuOBepL7V53WFcHrLjy7uIN/X IrsBeYjJqX202PczNes8g+FR8iyWM6Ene7pd3MTf7bhX0/u6TjOZ70dRDNcSy9Feib2m 2COwLwjJBkFFnwbRUe5lmnd/yvCAGVaYDZCKUfKflUkyfIjZGgw8VgHvzE8AQfD/PYLO AcZOGObEn4lKv4Xz8ypbbbvEJ051as85F+TIqjZIErDawYXwjATryuWmiTmY4FuW3ulW VKhbKCoMv7NbItMBNieEaDyX8qDp6cuWK9deurg+CSFeMj1U+vWmZth2k0ANO+yoKRTu 8A+w== X-Forwarded-Encrypted: i=1; AJvYcCVRw/2QeCAu7yeTtgvn+jNAa4LJEWhU/pn/ucACTsI1vNWvtRxFw05rQFprkU+ITZBJlkH1gAQK@vger.kernel.org, AJvYcCWjxt06cjzzGvQ0TXHH6OMttMg29j1N0fOIMR5KBV3G3u3S2dzRq226vRyQH81FxDjs224=@vger.kernel.org, AJvYcCWxKz4y31hLhy2m8JXd+pZfzYsZYtmPo361PHghqQ8QYHNqJFeZpIeSH9t4xToyD36oaOXb54M6Hj0uARSY@vger.kernel.org, AJvYcCXUgM5XKQ5wjTEH7Vi8GuLfi4M+GScPDeeMmapVTwX+WF8HdJnjRWe4dfBFt4iLggVQC8zXB0bfoqvDwShdvyUj@vger.kernel.org X-Gm-Message-State: AOJu0Yw4D1pZHiGz6E1APymwoSXPYh/jeJCEk286OGCy8Jsw2M85XpHk GwUfDzh/F1j6ubiPh+cyYheoZYkqn5JK8Hd74TalViSgxPxZp3Hj X-Google-Smtp-Source: AGHT+IFoKDoHpmJaD6yE4W2N1U45T+EI0QyMYYxv0LMNxM6JTH/xn+k5ujEZNnagKfIwfoDj5uadqQ== X-Received: by 2002:a05:6a20:748e:b0:1d8:fb32:1cec with SMTP id adf61e73a8af0-1db7fd9230fmr1285218637.5.1730252598399; Tue, 29 Oct 2024 18:43:18 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:18 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 4/9] net: ip: make ip_route_input_slow() return drop reasons Date: Wed, 30 Oct 2024 09:41:40 +0800 Message-Id: <20241030014145.1409628-5-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make ip_route_input_slow() return skb drop reasons, and following new skb drop reasons are added: SKB_DROP_REASON_IP_INVALID_DEST The only caller of ip_route_input_slow() is ip_route_input_rcu(), and we adjust it by making it return -EINVAL on error. Signed-off-by: Menglong Dong --- v4: - use indentation after the out label --- include/net/dropreason-core.h | 6 ++++ net/ipv4/route.c | 56 ++++++++++++++++++++++------------- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index a2a1fb90e0e5..74624d369d48 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -79,6 +79,7 @@ FN(IP_LOCAL_SOURCE) \ FN(IP_INVALID_SOURCE) \ FN(IP_LOCALNET) \ + FN(IP_INVALID_DEST) \ FN(PKT_TOO_BIG) \ FN(DUP_FRAG) \ FN(FRAG_REASM_TIMEOUT) \ @@ -386,6 +387,11 @@ enum skb_drop_reason { SKB_DROP_REASON_IP_INVALID_SOURCE, /** @SKB_DROP_REASON_IP_LOCALNET: source or dest ip is local net */ SKB_DROP_REASON_IP_LOCALNET, + /** + * @SKB_DROP_REASON_IP_INVALID_DEST: the dest ip is invalid: + * 1) dest ip is 0 + */ + SKB_DROP_REASON_IP_INVALID_DEST, /** * @SKB_DROP_REASON_PKT_TOO_BIG: packet size is too big (maybe exceed the * MTU) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 566acd08aedf..1c4727504909 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2204,9 +2204,10 @@ static struct net_device *ip_rt_get_dev(struct net *= net, * called with rcu_read_lock() */ =20 -static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 s= addr, - dscp_t dscp, struct net_device *dev, - struct fib_result *res) +static enum skb_drop_reason +ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { enum skb_drop_reason reason =3D SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev =3D __in_dev_get_rcu(dev); @@ -2236,8 +2237,10 @@ static int ip_route_input_slow(struct sk_buff *skb, = __be32 daddr, __be32 saddr, fl4.flowi4_tun_key.tun_id =3D 0; skb_dst_drop(skb); =20 - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + reason =3D SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } =20 res->fi =3D NULL; res->table =3D NULL; @@ -2247,21 +2250,29 @@ static int ip_route_input_slow(struct sk_buff *skb,= __be32 daddr, __be32 saddr, /* Accept zero addresses only to limited broadcast; * I even do not know to fix it or not. Waiting for complains :-) */ - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + reason =3D SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } =20 - if (ipv4_is_zeronet(daddr)) + if (ipv4_is_zeronet(daddr)) { + reason =3D SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } =20 /* Following code try to avoid calling IN_DEV_NET_ROUTE_LOCALNET(), * and call it once if daddr or/and saddr are loopback addresses */ if (ipv4_is_loopback(daddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason =3D SKB_DROP_REASON_IP_LOCALNET; goto martian_destination; + } } else if (ipv4_is_loopback(saddr)) { - if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (!IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason =3D SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } } =20 /* @@ -2316,19 +2327,26 @@ static int ip_route_input_slow(struct sk_buff *skb,= __be32 daddr, __be32 saddr, err =3D -EHOSTUNREACH; goto no_route; } - if (res->type !=3D RTN_UNICAST) + if (res->type !=3D RTN_UNICAST) { + reason =3D SKB_DROP_REASON_IP_INVALID_DEST; goto martian_destination; + } =20 make_route: err =3D ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, flkeys); -out: return err; + if (!err) + reason =3D SKB_NOT_DROPPED_YET; + +out: + return reason; =20 brd_input: - if (skb->protocol !=3D htons(ETH_P_IP)) - goto e_inval; + if (skb->protocol !=3D htons(ETH_P_IP)) { + reason =3D SKB_DROP_REASON_INVALID_PROTO; + goto out; + } =20 if (!ipv4_is_zeronet(saddr)) { - err =3D -EINVAL; reason =3D fib_validate_source_reason(skb, saddr, 0, dscp, 0, dev, in_dev, &itag); if (reason) @@ -2349,7 +2367,7 @@ out: return err; rth =3D rcu_dereference(nhc->nhc_rth_input); if (rt_cache_valid(rth)) { skb_dst_set_noref(skb, &rth->dst); - err =3D 0; + reason =3D SKB_NOT_DROPPED_YET; goto out; } } @@ -2386,7 +2404,7 @@ out: return err; rt_add_uncached_list(rth); } skb_dst_set(skb, &rth->dst); - err =3D 0; + reason =3D SKB_NOT_DROPPED_YET; goto out; =20 no_route: @@ -2407,12 +2425,8 @@ out: return err; &daddr, &saddr, dev->name); #endif =20 -e_inval: - err =3D -EINVAL; - goto out; - e_nobufs: - err =3D -ENOBUFS; + reason =3D SKB_DROP_REASON_NOMEM; goto out; =20 martian_source: @@ -2469,7 +2483,7 @@ static int ip_route_input_rcu(struct sk_buff *skb, __= be32 daddr, __be32 saddr, return reason ? -EINVAL : 0; } =20 - return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); + return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res) ? -EINVAL := 0; } =20 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-oi1-f195.google.com (mail-oi1-f195.google.com [209.85.167.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 347BB1C3F04; Wed, 30 Oct 2024 01:43:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252607; cv=none; b=WMtmFq7/ZRC/Il5qAaSxDAuoEY1rrYVOWk/EH2eLb98kOB+hC7f2DOqAESpsuN3c3anAgff7SnSXTLfdMl1CFjS3V15Mb7TGtE0HGp3tNnE34iVvc891qvmCf/naZKyNPpsT4ICqF45rY9k1CLY0900UX7QujzPGetgu9kM84KI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252607; c=relaxed/simple; bh=A/n+tA2LV99QwIElK+AO6/wgstFiziRfCh0zEBgGADk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JieyU+U7z5tgcLAPm58Rnpy9DLYWbQgR1mIoLjx1rVo8z34xh35v0sruBx/hukuSodBdf2MLl0hZ5ZmGq2EGmyxHtnSBB/VD+3bD/IilGx9XiXGC+JjtspZXbo1uHlIbfhncZgCIRPICC8ZrMFq2cV69BE1FpnWCVk9RDsCr93A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KPZWKhWl; arc=none smtp.client-ip=209.85.167.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KPZWKhWl" Received: by mail-oi1-f195.google.com with SMTP id 5614622812f47-3e5f86e59f1so3187936b6e.1; Tue, 29 Oct 2024 18:43:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252604; x=1730857404; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VsqFsNdo4NVKbN05C2RYi/RSEJVp+Ni3JWGZTDWcFI8=; b=KPZWKhWlqrHGkmq6qP3OHWG1eqiOSkGBWpfmll5MRfElOzuIR4WlvQdOXhi8v0T3fY ESQWvCswq38LAgZUSNZJ46lh+wHXFAwT+xhG6u7oEXE9VACOKaghm6YKNLXjkfmD00X3 RftUmzqNsXCPlPgwVbXUUVBX3YWiUpysJ/XHZo89fVfj1cosXJ959HXNw911uD4memkg m9jpdkfBE4UsktG6QV9cUP0uvlaqb3o4ezuq1XuHMvXJwI9KjxQVuwUu/+jOSccqqhQ9 bu3ITcvLd9vXcguis2HrwD6jrf5W87pyFJffUg+nqj4YmVbtgjSyTqlf406vxw/cWPza 37dA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252604; x=1730857404; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VsqFsNdo4NVKbN05C2RYi/RSEJVp+Ni3JWGZTDWcFI8=; b=c/e/O068y3BPLb2OUvrwapqSDOk/ruOd2Xa41QlfT1LSJA4UttOtGBd3SGMqIwDTf3 Xb9sH9NkOJvgOFovdDs7kw0cO8nce4p/74jqyafbw8xMylbNN2N809g0prHZFuIT2AOo dtTl6vNfsbHQvuXLbcwk+1hlXj/1X04Gudw7UxejhZCkXLcORwGvxZItj+4xdFjV4/Fg nyKnLqxZK37F7EzSWCJw3d25I3xImbxBVkTPJuYrU+oBixD+HmGO065SSsNy6zX4TnIy UGV70Sq1ICKgyLwj3XDgKZXHBXSEYkQjohReB6bpclM98sLhkM6C2TpcBFaPbdLEngKZ H7KA== X-Forwarded-Encrypted: i=1; AJvYcCUPozgSmk4Dm4X+4SWKVYG1l/WgyX5uocc22haLEIIMi+Y8uVLIpp080pghdYiGKGjWlL3LVTl5@vger.kernel.org, AJvYcCUtDwEHuH/CzVRH/KMu/WDMNlpXIymzROONV8fav/rmUEAH8mHdI5fJTmMCbAYf7/iH3PM=@vger.kernel.org, AJvYcCVf+2BaKun45MQd1QUBfyqmOJxpcp0qssIzT+VEN8N0rUdc7wF4HEIP901b46YJ6g9DDBZR3SspkPCD7Eo0@vger.kernel.org, AJvYcCVqJnv5H090ehSOaems2XbKHGijEYxnTDKs0d0DcTWLW+JrVb4p0pgVaX9P+9XRMBIORKFuwGzZ49D6ca1wap7R@vger.kernel.org X-Gm-Message-State: AOJu0YzaffljxezuJlTmE+JUUwlx7MT+QebSAekY1m8HyBamgPVRRr0w TP9rpBTOTMlzIGTNPcSx1PUcIJKWSUJfN2fN/a8vRyNsH5TusjwO X-Google-Smtp-Source: AGHT+IFRqo3e3L4yXTv3rX5bR7Hg6ifzhHqEYCt+WbgiCc4zN+xOObjiqS/gASg+PXrO7UKBKJyK+A== X-Received: by 2002:a05:6808:1649:b0:3e6:4d87:8f02 with SMTP id 5614622812f47-3e64d879ac9mr5753123b6e.12.1730252604097; Tue, 29 Oct 2024 18:43:24 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:23 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 5/9] net: ip: make ip_route_input_rcu() return drop reasons Date: Wed, 30 Oct 2024 09:41:41 +0800 Message-Id: <20241030014145.1409628-6-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make ip_route_input_rcu() return drop reasons, which come from ip_route_input_mc() and ip_route_input_slow(). The only caller of ip_route_input_rcu() is ip_route_input_noref(). We adjust it by making it return -EINVAL on error and ignore the reasons that ip_route_input_rcu() returns. In the following patch, we will make ip_route_input_noref() returns the drop reasons. Signed-off-by: Menglong Dong --- v4: - collapse the 2 lines that we modify in inet_rtm_getroute() --- net/ipv4/route.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 1c4727504909..1926a8a1a83a 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2435,9 +2435,10 @@ ip_route_input_slow(struct sk_buff *skb, __be32 dadd= r, __be32 saddr, } =20 /* called with rcu_read_lock held */ -static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 sa= ddr, - dscp_t dscp, struct net_device *dev, - struct fib_result *res) +static enum skb_drop_reason +ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { /* Multicast recognition logic is moved from route cache to here. * The problem was that too many Ethernet cards have broken/missing @@ -2480,23 +2481,23 @@ static int ip_route_input_rcu(struct sk_buff *skb, = __be32 daddr, __be32 saddr, reason =3D ip_route_input_mc(skb, daddr, saddr, dscp, dev, our); } - return reason ? -EINVAL : 0; + return reason; } =20 - return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res) ? -EINVAL := 0; + return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); } =20 int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev) { + enum skb_drop_reason reason; struct fib_result res; - int err; =20 rcu_read_lock(); - err =3D ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); + reason =3D ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); =20 - return err; + return reason ? -EINVAL : 0; } EXPORT_SYMBOL(ip_route_input_noref); =20 @@ -3308,7 +3309,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, = struct nlmsghdr *nlh, skb->mark =3D mark; err =3D ip_route_input_rcu(skb, dst, src, inet_dsfield_to_dscp(rtm->rtm_tos), - dev, &res); + dev, &res) ? -EINVAL : 0; =20 rt =3D skb_rtable(skb); if (err =3D=3D 0 && rt->dst.error) --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-oa1-f66.google.com (mail-oa1-f66.google.com [209.85.160.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B111A1C9ECE; Wed, 30 Oct 2024 01:43:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.66 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252612; cv=none; b=WUY0DMx4Bjg3g4i6soXXBBf6VHeao/3qMUdiWT1nDVeSv6jZhPQbCqdzAeJKZ1Oe70Dzz5Hkgq2hMsT9cmgwEgJIR5qRYcPQa7MPnKhaMOYwzIzrrhrb7UamLPQjOmTNTgGXJWqn3YHNxORjWGZ3Im4kukkiRtIzdZ80p/ZLJaQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252612; c=relaxed/simple; bh=Scqf0jV7tVnl422Zyw+rn0UJrjxy9FoVtlwHN5lUbik=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=BgRVvJWEq5Na0483a8R3QiAlvzOQtoAC77h9xhlXbqP2aOAAYQVNmwp/SVV98BzTcMbECkikJx9bFYlNh5TMC5atfmX7XZHLY9Wp/REB3qWmg08+pii9RosY8t1hVPjdzPjH1C6+a4EeTtnLZwVFPq8ZZ5GMBR+lp8ZFp31lTho= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Fv+KSwKf; arc=none smtp.client-ip=209.85.160.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Fv+KSwKf" Received: by mail-oa1-f66.google.com with SMTP id 586e51a60fabf-288916b7fceso3287300fac.3; Tue, 29 Oct 2024 18:43:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252610; x=1730857410; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fplqt3hHi98v9bYNP9CGpDhBaJTQ+L4T3dia3Fq4odk=; b=Fv+KSwKfCVT1IaDWNzcAOI0Zb8DZ1notfxPQnmNj38pJ0S5Dhjflk+/eN8l5s+uUoC /rq3razBN9um6uEz3RavQDJShnC+cEMZJguC7hLbsWyYZS1POmWRJE+JJK5qtzAtg9gt Nk3CgmNn8JUZ0VRYUR5vTOC9eyNVamMPEu8IlSYbWBDqR0/E0c3xv1zvVi8gQHc8FIEc dzH645zHRXoJsNbC5LvlruBar+ivt+07Q0KoWK2TXZV5ghT+vgfkjxfTeR4Ypd8UNLih GVkRE9IFwNW0c21wKL8BtpD0BZq0SkJJOGg5B6e9Hs/AkDTLTSWA9Pb8B3Xpyfx8j0rc kNbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252610; x=1730857410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fplqt3hHi98v9bYNP9CGpDhBaJTQ+L4T3dia3Fq4odk=; b=YSw3mXtksCzgOOe3LSiyln3vh5pff1cEoHAzh+/g67eJvVQj8Ev//VhppKcYbTgyrW d9Lu5237EE7wuUe+ygVni0ouNGZ1RZWSeWMjUnySQpdzoiDBThXnVTj9MWJTk3iJYKQ2 144lp7OlDoMcdBCXiNpny0czLTG1vBbqIelsE12XCH1VEJ/WJLGAUywLRPE1B4g/YQWo wvAMk4DKeAaQjTKQndCjb6PD2UnPDp0/N4SUEgq2Axt1tF9/vZvxx0iiJUbftH9xw1wB eXP9x5EgIthwut3+RcXVeK3OUfVpM7KnUgTX50PJpNhhvZ/j4iHBZwjmRlXkF2ZV9VKJ qv5Q== X-Forwarded-Encrypted: i=1; AJvYcCUc1hH1MbXtxa1vaxPCBtT++8SO2H7c0WOqpLb74taznhoHPO4P2M8JpKLT5h1W0fSXrf8FIU/hRonpVavK@vger.kernel.org, AJvYcCWsg5+6oon7soDxOamO3Zk7IXWBYQzbBFTe/wVlXTzfkIDVmggegUW7WD2VUC7lZAufcpPYVE6L@vger.kernel.org, AJvYcCX0j+zQV0+dMVN2BpgcWu4NSVZOsqi9BPJHx74c1YCJgoXt74ckgi8ULS1X16oZeOrBrTA=@vger.kernel.org, AJvYcCXy1xdYuZ1YH+f+nhUATIOzvQvUZuvF4EZThORpsK2v6vnUJ/lYOJb49vyh5I9k9d6jPU5/lPmCOmsg9bgUrjO6@vger.kernel.org X-Gm-Message-State: AOJu0Yw8/0vOj0DTD6/w+JoE0ZFqDa4z0Tv+Nkg3+/GNElwwzUvOJSav MN9rMU5k2CWSvz4Ww6ssGqzM5xn2BeWuRiAdq0NCllEGUFjNqH/J X-Google-Smtp-Source: AGHT+IGsZoEVW0JcVbBUSmiB8lr4N5b/WoG/+LUc4OuJ/6mStCSPFyUGuDfoAu61vAO/Z5Zy76b54Q== X-Received: by 2002:a05:6870:15d5:b0:278:978:9e9 with SMTP id 586e51a60fabf-29051e0360bmr13656946fac.44.1730252609677; Tue, 29 Oct 2024 18:43:29 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:29 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 6/9] net: ip: make ip_route_input_noref() return drop reasons Date: Wed, 30 Oct 2024 09:41:42 +0800 Message-Id: <20241030014145.1409628-7-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make ip_route_input_noref() return drop reasons, which come from ip_route_input_rcu(). We need adjust the callers of ip_route_input_noref() to make sure the return value of ip_route_input_noref() is used properly. The errno that ip_route_input_noref() returns comes from ip_route_input and bpf_lwt_input_reroute in the origin logic, and we make them return -EINVAL on error instead. In the following patch, we will make ip_route_input() returns drop reasons too. Signed-off-by: Menglong Dong --- v4: - introduce the variable "reason" in bpf_lwt_input_reroute() to make things clear --- include/net/route.h | 15 ++++++++------- net/core/lwt_bpf.c | 6 ++++-- net/ipv4/ip_fragment.c | 12 +++++++----- net/ipv4/ip_input.c | 7 ++++--- net/ipv4/route.c | 7 ++++--- 5 files changed, 27 insertions(+), 20 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index a828a17a6313..11674f7c6be6 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -203,8 +203,9 @@ enum skb_drop_reason ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, struct in_device *in_dev, u32 *itag); -int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev); +enum skb_drop_reason +ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev); int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev, const struct sk_buff *hint); @@ -212,18 +213,18 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 dad= dr, __be32 saddr, static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 s= rc, dscp_t dscp, struct net_device *devin) { - int err; + enum skb_drop_reason reason; =20 rcu_read_lock(); - err =3D ip_route_input_noref(skb, dst, src, dscp, devin); - if (!err) { + reason =3D ip_route_input_noref(skb, dst, src, dscp, devin); + if (!reason) { skb_dst_force(skb); if (!skb_dst(skb)) - err =3D -EINVAL; + reason =3D SKB_DROP_REASON_NOT_SPECIFIED; } rcu_read_unlock(); =20 - return err; + return reason ? -EINVAL : 0; } =20 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, int o= if, diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c index e0ca24a58810..8a78bff53b2c 100644 --- a/net/core/lwt_bpf.c +++ b/net/core/lwt_bpf.c @@ -88,6 +88,7 @@ static int run_lwt_bpf(struct sk_buff *skb, struct bpf_lw= t_prog *lwt, =20 static int bpf_lwt_input_reroute(struct sk_buff *skb) { + enum skb_drop_reason reason; int err =3D -EINVAL; =20 if (skb->protocol =3D=3D htons(ETH_P_IP)) { @@ -96,8 +97,9 @@ static int bpf_lwt_input_reroute(struct sk_buff *skb) =20 dev_hold(dev); skb_dst_drop(skb); - err =3D ip_route_input_noref(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); + reason =3D ip_route_input_noref(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + err =3D reason ? -EINVAL : 0; dev_put(dev); } else if (skb->protocol =3D=3D htons(ETH_P_IPV6)) { skb_dst_drop(skb); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 48e2810f1f27..52b991e976ba 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -132,12 +132,12 @@ static bool frag_expire_skip_icmp(u32 user) */ static void ip_expire(struct timer_list *t) { + enum skb_drop_reason reason =3D SKB_DROP_REASON_FRAG_REASM_TIMEOUT; struct inet_frag_queue *frag =3D from_timer(frag, t, timer); const struct iphdr *iph; struct sk_buff *head =3D NULL; struct net *net; struct ipq *qp; - int err; =20 qp =3D container_of(frag, struct ipq, q); net =3D qp->q.fqdir->net; @@ -175,10 +175,12 @@ static void ip_expire(struct timer_list *t) =20 /* skb has no dst, perform route lookup again */ iph =3D ip_hdr(head); - err =3D ip_route_input_noref(head, iph->daddr, iph->saddr, ip4h_dscp(iph), - head->dev); - if (err) + reason =3D ip_route_input_noref(head, iph->daddr, iph->saddr, + ip4h_dscp(iph), head->dev); + if (reason) goto out; + else + reason =3D SKB_DROP_REASON_FRAG_REASM_TIMEOUT; =20 /* Only an end host needs to send an ICMP * "Fragment Reassembly Timeout" message, per RFC792. @@ -195,7 +197,7 @@ static void ip_expire(struct timer_list *t) spin_unlock(&qp->q.lock); out_rcu_unlock: rcu_read_unlock(); - kfree_skb_reason(head, SKB_DROP_REASON_FRAG_REASM_TIMEOUT); + kfree_skb_reason(head, reason); ipq_put(qp); } =20 diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index c40a26972884..513eb0c6435a 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -362,10 +362,11 @@ static int ip_rcv_finish_core(struct net *net, struct= sock *sk, * how the packet travels inside Linux networking. */ if (!skb_valid_dst(skb)) { - err =3D ip_route_input_noref(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); - if (unlikely(err)) + drop_reason =3D ip_route_input_noref(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + if (unlikely(drop_reason)) goto drop_error; + drop_reason =3D SKB_DROP_REASON_NOT_SPECIFIED; } else { struct in_device *in_dev =3D __in_dev_get_rcu(dev); =20 diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 1926a8a1a83a..ce1201dbf464 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2487,8 +2487,9 @@ ip_route_input_rcu(struct sk_buff *skb, __be32 daddr,= __be32 saddr, return ip_route_input_slow(skb, daddr, saddr, dscp, dev, res); } =20 -int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev) +enum skb_drop_reason ip_route_input_noref(struct sk_buff *skb, __be32 dadd= r, + __be32 saddr, dscp_t dscp, + struct net_device *dev) { enum skb_drop_reason reason; struct fib_result res; @@ -2497,7 +2498,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 = daddr, __be32 saddr, reason =3D ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); =20 - return reason ? -EINVAL : 0; + return reason; } EXPORT_SYMBOL(ip_route_input_noref); =20 --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com [209.85.215.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9C561CC88D; Wed, 30 Oct 2024 01:43:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252618; cv=none; b=hnjGh0KkZng3DJtyMaE162mF1+FwqizPIMpR1AQvFHxMe3oLm2ZeSFKMOGZr+TIQ5O6TovZ4B+vltk4iDKCYm5BjnSSk9ODRcYjMzDWPj72JTQ9AjTBfr85gw/jU0ToTAEhADykgzsX/fooyFemjjZQr0JiCa95LjbGHDZ7MWg8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252618; c=relaxed/simple; bh=Dxf+YjSfF9s66wnRYYKzNGRdTBF+f3o1p3CcPZ9IKMU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ifiV+r7DWf05/zL6gzQFZZTfHDXbeHpdpyknGl3xnVXOSNbIRDcZn+l0doweyDSqUp8Q7Xb2OXUYQZ87MDbx+l00ipTKK25+SlAQyMAzDtAFOts6/o3n4Ty+zdxY9ww2rJJSbeSE/Yb65ER9rckl10HLvbm4m8lEZZNOW2WbEX0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZzJyIoF9; arc=none smtp.client-ip=209.85.215.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZzJyIoF9" Received: by mail-pg1-f196.google.com with SMTP id 41be03b00d2f7-7ea7ad1e01fso325672a12.0; Tue, 29 Oct 2024 18:43:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252615; x=1730857415; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nHha3jxrqpGXunHNpntG6RFQwcyCzV6dVXG5YPCOYY8=; b=ZzJyIoF99+/D2An+E4//AvB33QqV8aAY0wvdSFborjak+7tA62x1s6JRuZC54tFDRA 3ahuc9mYqNY/8O5/1DrOzFPLgeP+DnlVQOztM0nLmiFhhr3XZoUDex/XP5ecw4kW89yL 1xInJzwegIjScj/lrXy5d9IB/p+hikYa0uQoApZlCVLYKRsEjZqfspdKmaHhOiHO8ZtI 9hg6RtUPMxfwJHmP8FkmipvSOTCoyio/qFrpifU7btNP0AiUebZsfbHpdM41VOUl+AYW RzhOytnWRjM/DQae7qyGkVWx/vc7D9ZPww1Ql4C4TmMqLWYORBQJQ9dc08CWjFUayZqj HKJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252615; x=1730857415; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nHha3jxrqpGXunHNpntG6RFQwcyCzV6dVXG5YPCOYY8=; b=vT8caD1ok1saEAJCPeYBrwHnJ2tbKK8ldWZ/14mknVH7Kgb59PoIMUUKlRudTCoMSz rdoGszCmG2aWgmQWMSSRSPj4vObSsVMXlEl3ueKilG/J/xc8OuuhPe/dgKzBuunr+VT8 VLJc6EtyAmsbH0WoAUtK3s/PVnzzzyFdFOkz40oPI3ybwmdizDg9puJRFZO33v4nacx8 YKi45AaESAU+YXH2uVaUQN/cFvXw6C51Xg4I98PiR3FxfBkppfwBxbpPwhlfuU4+OETq o552hJohHaYzEVRycZrlyPJaznJmqZi+mtNOwe9JBlrWmwGon6tZghzsWzvdH/KZYjgf rkrg== X-Forwarded-Encrypted: i=1; AJvYcCUdK43nYGrT/mNHJ5l3ntzddOq4mbmptetNVa/9PvQvSqRTWUP0vWDHbCKTyL4hAhShCSs=@vger.kernel.org, AJvYcCUfmDnnKpScAmkXyg9uej6rEIVc1uK7OPMhgdytVNPf+xDu7azTInEvoJmovps38SG0gDs6TyXc@vger.kernel.org, AJvYcCWfWmiqdtgAgRrLZw6ykov4YESiBdh1tY1tXP5aTL90iuUbkmW/gyUJ8GCyPPuntrF9EMjUOnvWd6iQCixP@vger.kernel.org, AJvYcCXBTMLbOCcIplNfDALisdZJlIkpIXcVVSfWfnzIH0gUSA+R9l9H/AsJ9QCOYMmVb0+W4ERNeC5FGsdLgQ/H0ywg@vger.kernel.org X-Gm-Message-State: AOJu0YxbIrWc2BeRJbqk5w69VRtGav73d6fp1cbwipNIGjxJCuH+izI6 lbicpstjEy0H6OKYC7Qbn4LoqewC2vmaI6o8cKDMVpt1aKAqnCKX0hHR7jZC X-Google-Smtp-Source: AGHT+IFJJUSCB//39VAXd17haAZ2/OpwKzfzvKZ8vtIdhSrK7HsIGTHuQWmpfO3gxw0dkEqo9pfwwg== X-Received: by 2002:a05:6a21:33a4:b0:1d9:e5af:a600 with SMTP id adf61e73a8af0-1db7fe09c92mr1060617637.10.1730252615119; Tue, 29 Oct 2024 18:43:35 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:34 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 7/9] net: ip: make ip_route_input() return drop reasons Date: Wed, 30 Oct 2024 09:41:43 +0800 Message-Id: <20241030014145.1409628-8-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make ip_route_input() return skb drop reasons that come from ip_route_input_noref(). Meanwhile, adjust all the call to it. Signed-off-by: Menglong Dong --- v4: - replace the variable "err" with "reason" for the return value of ip_route_input() --- include/net/route.h | 7 ++++--- net/bridge/br_netfilter_hooks.c | 11 ++++++----- net/ipv4/icmp.c | 2 +- net/ipv4/ip_options.c | 2 +- net/ipv6/seg6_local.c | 14 +++++++------- 5 files changed, 19 insertions(+), 17 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index 11674f7c6be6..f4ab5412c9c9 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -210,8 +210,9 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr= , __be32 saddr, dscp_t dscp, struct net_device *dev, const struct sk_buff *hint); =20 -static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 s= rc, - dscp_t dscp, struct net_device *devin) +static inline enum skb_drop_reason +ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, + struct net_device *devin) { enum skb_drop_reason reason; =20 @@ -224,7 +225,7 @@ static inline int ip_route_input(struct sk_buff *skb, _= _be32 dst, __be32 src, } rcu_read_unlock(); =20 - return reason ? -EINVAL : 0; + return reason; } =20 void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, int o= if, diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hook= s.c index 17a5f5923d61..110cffc24a1d 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -373,8 +373,8 @@ static int br_nf_pre_routing_finish(struct net *net, st= ruct sock *sk, struct sk_ struct nf_bridge_info *nf_bridge =3D nf_bridge_info_get(skb); struct net_device *dev =3D skb->dev, *br_indev; const struct iphdr *iph =3D ip_hdr(skb); + enum skb_drop_reason reason; struct rtable *rt; - int err; =20 br_indev =3D nf_bridge_get_physindev(skb, net); if (!br_indev) { @@ -390,9 +390,9 @@ static int br_nf_pre_routing_finish(struct net *net, st= ruct sock *sk, struct sk_ } nf_bridge->in_prerouting =3D 0; if (br_nf_ipv4_daddr_was_changed(skb, nf_bridge)) { - err =3D ip_route_input(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev); - if (err) { + reason =3D ip_route_input(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev); + if (reason) { struct in_device *in_dev =3D __in_dev_get_rcu(dev); =20 /* If err equals -EHOSTUNREACH the error is due to a @@ -402,7 +402,8 @@ static int br_nf_pre_routing_finish(struct net *net, st= ruct sock *sk, struct sk_ * martian destinations: loopback destinations and destination * 0.0.0.0. In both cases the packet will be dropped because the * destination is the loopback device and not the bridge. */ - if (err !=3D -EHOSTUNREACH || !in_dev || IN_DEV_FORWARD(in_dev)) + if (reason !=3D SKB_DROP_REASON_IP_INADDRERRORS || !in_dev || + IN_DEV_FORWARD(in_dev)) goto free_skb; =20 rt =3D ip_route_output(net, iph->daddr, 0, diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 33eec844a5a0..4f088fa1c2f2 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -545,7 +545,7 @@ static struct rtable *icmp_route_lookup(struct net *net= , struct flowi4 *fl4, orefdst =3D skb_in->_skb_refdst; /* save old refdst */ skb_dst_set(skb_in, NULL); err =3D ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr, - dscp, rt2->dst.dev); + dscp, rt2->dst.dev) ? -EINVAL : 0; =20 dst_release(&rt2->dst); rt2 =3D skb_rtable(skb_in); diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 81e86e5defee..e3321932bec0 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c @@ -618,7 +618,7 @@ int ip_options_rcv_srr(struct sk_buff *skb, struct net_= device *dev) orefdst =3D skb->_skb_refdst; skb_dst_set(skb, NULL); err =3D ip_route_input(skb, nexthop, iph->saddr, ip4h_dscp(iph), - dev); + dev) ? -EINVAL : 0; rt2 =3D skb_rtable(skb); if (err || (rt2->rt_type !=3D RTN_UNICAST && rt2->rt_type !=3D RTN_LOCAL= )) { skb_dst_drop(skb); diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index c74705ead984..ac1dbd492c22 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -954,10 +954,10 @@ static int input_action_end_dx4_finish(struct net *ne= t, struct sock *sk, struct sk_buff *skb) { struct dst_entry *orig_dst =3D skb_dst(skb); + enum skb_drop_reason reason; struct seg6_local_lwt *slwt; struct iphdr *iph; __be32 nhaddr; - int err; =20 slwt =3D seg6_local_lwtunnel(orig_dst->lwtstate); =20 @@ -967,9 +967,9 @@ static int input_action_end_dx4_finish(struct net *net,= struct sock *sk, =20 skb_dst_drop(skb); =20 - err =3D ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev); - if (err) { - kfree_skb(skb); + reason =3D ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev); + if (reason) { + kfree_skb_reason(skb, reason); return -EINVAL; } =20 @@ -1174,8 +1174,8 @@ static struct sk_buff *end_dt_vrf_core(struct sk_buff= *skb, static int input_action_end_dt4(struct sk_buff *skb, struct seg6_local_lwt *slwt) { + enum skb_drop_reason reason; struct iphdr *iph; - int err; =20 if (!decap_and_validate(skb, IPPROTO_IPIP)) goto drop; @@ -1193,8 +1193,8 @@ static int input_action_end_dt4(struct sk_buff *skb, =20 iph =3D ip_hdr(skb); =20 - err =3D ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev); - if (unlikely(err)) + reason =3D ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev); + if (unlikely(reason)) goto drop; =20 return dst_input(skb); --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9756A1CF5DA; Wed, 30 Oct 2024 01:43:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252623; cv=none; b=ZrFGWXH8L2gCXx0CGlxZgAFlqJGrFzpzI0QjGyVUkHnRf6V5efYwPtc/Au+sbE3MQgtOc7l5D0AEPr3Cgd1I2hR0H7rTy01pjIh9nNMlszfzfM68Jje9haNbbWCjPk6u01Ml71oGbei1AA9Xo+MogESybf+GmrYHjUVb902aq2s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252623; c=relaxed/simple; bh=/GcSCadI+T3M4bQiXCZC/77mXVWFv6oknRB1DDIOeQM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=kvotp0tw22gY+vEG+RRyHZDNtSdmiPqlMpVvcqfH/9m3hPrcFQj/tlxugJ7mf+RPlJke4ncRClYKCYCNEJvqgmv8ClGCcyjmXHbJxz3AhOX7lsz17YP7MSJTZdYWoFt12k2XtPVkAZI+AP57tMNLqEYB+c/S8Rm3ESG3CLHi34o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K8jgz4rn; arc=none smtp.client-ip=209.85.215.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K8jgz4rn" Received: by mail-pg1-f195.google.com with SMTP id 41be03b00d2f7-7ea0ff74b15so4080596a12.3; Tue, 29 Oct 2024 18:43:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252621; x=1730857421; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=quVTfbnmhzjpXfeFKcq30xkkA8wdU+ycNi4wYR5plLw=; b=K8jgz4rngudEQ7TSprQP1aXz38NgE4HVK8dEAi5ZbFdumfcYcjvVitVafIagrcPB7p etETZ+Kw/QWMIPl/0hi0Lh0/L8CHjaTfTLvNi6FZRh4Ts5+hiH8y+yrMeu73zTjQalKM Xr6mJbAvqDjsEoVFKMp7+Hkl0nZcJqLHbnWsjvOzVoivqEFZT166ZRHctz5WEoXFLYX1 UqCb3UvdO5YHtg0pWePNf36R6Xi5qE6tbZRvWj1+NPPcLNayncGqNvu1vT+YkQZ8OGpy lmyZcYNo1/vvI3PcssCcMfzcof4JKq2Tqk6z2IQiCXC1UbChA20Ik7CciLvcxEDt+ifB +DLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252621; x=1730857421; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=quVTfbnmhzjpXfeFKcq30xkkA8wdU+ycNi4wYR5plLw=; b=Gz4kSZV8iYKwvSp5VxvpMSrh+OfVhVNqHm+rFRYIVKuh/amWjC0WLcaYk7i+SSeJlc ybllHUT5my1OT8g1zSFhnQUyfnwNFH1ezHCm8QH5oa2XJIWJS7P+7UYfRTFUtr0J49Nl TQ3ZEdWW+TQou1myAHw+rSQbAn5IIHXN9g8fUZuJWjCNgkeX8oY9/mf3f9NmZBh9HlJj C7oVYCfCvR1xV9OlAmeHzgBEMMoO2xPktamXoKFuMEToG1zehPrRI8X+EfPejPTmu4k3 Q05SsBoYuQZkw0w0idJLXbpjqLybdW4zKA1SmFr2Au9AhxtTINTL0MefCep68E8lyC9c 3Xow== X-Forwarded-Encrypted: i=1; AJvYcCV99hW1gEgSeRo+cNTq2IHYMiU/Z35giwMpfI8u+lwqSZpRNtWpxqt7MKz8Of8QnXDGhc8=@vger.kernel.org, AJvYcCWA7nCwp0uPuzUdFOeuMiyvayQAz09HmdaZ+PsVRGENDU19S/5UYZcHanBbjmE6gsgLlhH+r8CHOQGFwgdO@vger.kernel.org, AJvYcCWIkH7d0E71a9IShFfrGjAHtx6k/PqvnEvN2SVCCWt6gLeFJ6v9PbgHjpRjJx2JWXuG2OAyWFksieM575wt9pB7@vger.kernel.org, AJvYcCWKo7mx9aDawzlaaZcRpT3e+6SYu1dOmHu4xCJGiu+4AXCmOXdyrTUX/dXJcvzVt0cYggJobJEM@vger.kernel.org X-Gm-Message-State: AOJu0Yy9KId3k0jrZx5apQFbIT9FXMPO+OkVDTwkzRkujLw0n39iP7Hj VHRuphJL2YTSN1y04JfaJN7WPPEVl3+bj5EtApaf0qsUvEyOjIsb X-Google-Smtp-Source: AGHT+IHhiU/6+Ny8kIfRXHQkoKymamNt3NomfP/xyekCv09z+G1vXTFEUB9Bg+nsKvYXx4+/hfEMiA== X-Received: by 2002:a05:6a20:4389:b0:1d9:28ae:5e88 with SMTP id adf61e73a8af0-1d9a85354d0mr13771177637.50.1730252620796; Tue, 29 Oct 2024 18:43:40 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:40 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 8/9] net: ip: make ip_mkroute_input/__mkroute_input return drop reasons Date: Wed, 30 Oct 2024 09:41:44 +0800 Message-Id: <20241030014145.1409628-9-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make ip_mkroute_input() and __mkroute_input() return drop reasons. The drop reason "SKB_DROP_REASON_ARP_PVLAN_DISABLE" is introduced for the case: the packet which is not IP is forwarded to the in_dev, and the proxy_arp_pvlan is not enabled. This name is ugly, and I have not figure out a suitable name for this case yet :/ Signed-off-by: Menglong Dong --- include/net/dropreason-core.h | 7 +++++++ net/ipv4/route.c | 35 +++++++++++++++++++---------------- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h index 74624d369d48..6c5a1ea209a2 100644 --- a/include/net/dropreason-core.h +++ b/include/net/dropreason-core.h @@ -104,6 +104,7 @@ FN(IP_TUNNEL_ECN) \ FN(TUNNEL_TXINFO) \ FN(LOCAL_MAC) \ + FN(ARP_PVLAN_DISABLE) \ FNe(MAX) =20 /** @@ -477,6 +478,12 @@ enum skb_drop_reason { * the MAC address of the local netdev. */ SKB_DROP_REASON_LOCAL_MAC, + /** + * @SKB_DROP_REASON_ARP_PVLAN_DISABLE: packet which is not IP is + * forwarded to the in_dev, and the proxy_arp_pvlan is not + * enabled. + */ + SKB_DROP_REASON_ARP_PVLAN_DISABLE, /** * @SKB_DROP_REASON_MAX: the maximum of core drop reasons, which * shouldn't be used as a real 'reason' - only for tracing code gen diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ce1201dbf464..e248e5577d0e 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1769,10 +1769,12 @@ static void ip_handle_martian_source(struct net_dev= ice *dev, } =20 /* called in rcu_read_lock() section */ -static int __mkroute_input(struct sk_buff *skb, const struct fib_result *r= es, - struct in_device *in_dev, __be32 daddr, - __be32 saddr, dscp_t dscp) +static enum skb_drop_reason +__mkroute_input(struct sk_buff *skb, const struct fib_result *res, + struct in_device *in_dev, __be32 daddr, + __be32 saddr, dscp_t dscp) { + enum skb_drop_reason reason =3D SKB_DROP_REASON_NOT_SPECIFIED; struct fib_nh_common *nhc =3D FIB_RES_NHC(*res); struct net_device *dev =3D nhc->nhc_dev; struct fib_nh_exception *fnhe; @@ -1786,13 +1788,13 @@ static int __mkroute_input(struct sk_buff *skb, con= st struct fib_result *res, out_dev =3D __in_dev_get_rcu(dev); if (!out_dev) { net_crit_ratelimited("Bug in ip_route_input_slow(). Please report.\n"); - return -EINVAL; + return reason; } =20 err =3D fib_validate_source(skb, saddr, daddr, dscp, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { - err =3D -EINVAL; + reason =3D -err; ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); =20 @@ -1820,7 +1822,8 @@ static int __mkroute_input(struct sk_buff *skb, const= struct fib_result *res, */ if (out_dev =3D=3D in_dev && IN_DEV_PROXY_ARP_PVLAN(in_dev) =3D=3D 0) { - err =3D -EINVAL; + /* what do we name this situation? */ + reason =3D SKB_DROP_REASON_ARP_PVLAN_DISABLE; goto cleanup; } } @@ -1843,7 +1846,7 @@ static int __mkroute_input(struct sk_buff *skb, const= struct fib_result *res, rth =3D rt_dst_alloc(out_dev->dev, 0, res->type, IN_DEV_ORCONF(out_dev, NOXFRM)); if (!rth) { - err =3D -ENOBUFS; + reason =3D SKB_DROP_REASON_NOMEM; goto cleanup; } =20 @@ -1857,9 +1860,9 @@ static int __mkroute_input(struct sk_buff *skb, const= struct fib_result *res, lwtunnel_set_redirect(&rth->dst); skb_dst_set(skb, &rth->dst); out: - err =3D 0; - cleanup: - return err; + reason =3D SKB_NOT_DROPPED_YET; +cleanup: + return reason; } =20 #ifdef CONFIG_IP_ROUTE_MULTIPATH @@ -2117,9 +2120,10 @@ int fib_multipath_hash(const struct net *net, const = struct flowi4 *fl4, } #endif /* CONFIG_IP_ROUTE_MULTIPATH */ =20 -static int ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, - struct in_device *in_dev, __be32 daddr, - __be32 saddr, dscp_t dscp, struct flow_keys *hkeys) +static enum skb_drop_reason +ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, + struct in_device *in_dev, __be32 daddr, + __be32 saddr, dscp_t dscp, struct flow_keys *hkeys) { #ifdef CONFIG_IP_ROUTE_MULTIPATH if (res->fi && fib_info_num_path(res->fi) > 1) { @@ -2333,9 +2337,8 @@ ip_route_input_slow(struct sk_buff *skb, __be32 daddr= , __be32 saddr, } =20 make_route: - err =3D ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, flkeys); - if (!err) - reason =3D SKB_NOT_DROPPED_YET; + reason =3D ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, + flkeys); =20 out: return reason; --=20 2.39.5 From nobody Mon Nov 25 04:55:54 2024 Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44F971D0146; Wed, 30 Oct 2024 01:43:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.195 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252629; cv=none; b=W3m1QJBzY32xpswcHNQylQUCvjiy3E1KyZ8KdQvstb0wayxW1QcUW+K4z/ZaJLX7l5gYM09FneLQa9Vlm0pcnalWvB9FV3jrcBI7YLhiRdEX1fhQJqjd3l41HvMRc8/7PNedc7EfRhNA51KHG0byHYiHLy/AtRNElGBIdNFfk7A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730252629; c=relaxed/simple; bh=EMREDF0iOw1a8AUc1cBDT7vV5AQ/kyb1iJVNxRQBLoE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TBjEOgXAoqrhJtT/xtgnxXvzsOjcW9xf5wU4pSwMZ5kfZ5Le2+lzFmUhpUA+zj3/khEBOUWjADml+UX7KScIrwTMQiuGhH2Mpnk9c3Vl+s8AfoavhLXg08fVKdXgB2V3MxPuLqfPHABAsVlyzLgJrOqQBVw1n+MxXt4s5Qge4B4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mPq6wEsC; arc=none smtp.client-ip=209.85.215.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mPq6wEsC" Received: by mail-pg1-f195.google.com with SMTP id 41be03b00d2f7-7ea16c7759cso3110612a12.1; Tue, 29 Oct 2024 18:43:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730252626; x=1730857426; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BKE65jm2ZhKpehsNXTCP/V6ZnTRszfwNpxwi3OTB6Pg=; b=mPq6wEsC3VaF0cNMqS8E2O4qb+s7YUK2QOWSXb417v1w+rAVU6U3s0Uobkwpd+q8HK YSL60w7RPv9EU2HKksqh+MdC7QSBc5gNg6Jw1vDjer46c9gV4TEn9BEHgXm44mednJ/s yyYtmLLrveaXEOi/TcKLVKwi9aWExTkWLmYKgCxgpO85UkJPU74MBDRozOT7ySRv541d 7PKsgd1JADJ77/Udokjypm1JWrGGTkzyN/aMziSsqr1r1sBf6s1AtgbAuyGb6/D5NuOe N2ZYjGEuirZfJXztF6XClJYq8y3WUc/tfPsPhRGAPTXA8lHZykZbn72KpiDqp5NLSPqd mXEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730252626; x=1730857426; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BKE65jm2ZhKpehsNXTCP/V6ZnTRszfwNpxwi3OTB6Pg=; b=BQ4/vqmYRCuhRAgCMI0wEAlW6lEwKEbcqKXU7wAe/yvF8GTrHso/XbYssGH5ee3iPm m4gxzWmBjSX1mAbdkm3KLrJbEjKnzU8EapatBVJjuxvn+AO3hNO2M3WEq2AZv0dwzcDo thcR7vtkai505UlIr6t9HP4oPIvGFm2SkN6eFlkX3djGiodWeB+Gt9NoxFfFS13KikFJ UoNFaxmeg1A4ZGrQfFxQ6qJSRmu2H1FM9cG3HI+2FpwTeIiNEgMJeFRFB7p2eVzR8uv/ dMHxHSfgTcoqfpSMPftLshCBTCHKmiCHOyjKMAFVEGP161Ebpz1p6q79dPXcz9Ax5ZJp MwiQ== X-Forwarded-Encrypted: i=1; AJvYcCUw3dmxa5WD+NRmjCE5D4OCDPl8D+Dzawg5oePI0+bpaesf88sHCfF0ywK/xg/4lHGA8Dg=@vger.kernel.org, AJvYcCVR3FrwqQCkuozHwubDksLppwqkD5hLhn5j7tCefHDNOX65pYZxyYpd19lVNFNHldddlI2AvfEUJ6megXuW0eur@vger.kernel.org, AJvYcCX6fla8hl8sSVR0Q45arLfT2h+cFcJjiEKT7VJ78RFmjQhSPYbObyZRDAuCbP8SQLK+Ghgjd/d5y7P2lDeU@vger.kernel.org, AJvYcCXPcWJK37ptqQcDreNET4GZEeh/sxvOlz5F7F58qTe9rv1mtT7WM+z75rDqLtzmu1YHqA2QXVvD@vger.kernel.org X-Gm-Message-State: AOJu0Yx6RjpmOQ++ZI1ylhESwx4reCw2oL66DSRJn8VF/MX0Wd6jUDHX CgLKEon6on1PTolPU8BjIzcqcLfg5eNEK/pheGTDTuF0Onu5/sin X-Google-Smtp-Source: AGHT+IEvIzgXUf05JXSQhRN/QPYHDdkNnuHWw6LIIFNVmixhsH0arx2gxEoTUbpvghWxKbrNn90HSw== X-Received: by 2002:a05:6a21:2d85:b0:1c4:9f31:ac9e with SMTP id adf61e73a8af0-1d9a8514483mr17967010637.42.1730252626407; Tue, 29 Oct 2024 18:43:46 -0700 (PDT) Received: from localhost.localdomain ([43.129.25.208]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7edc866906dsm8138407a12.10.2024.10.29.18.43.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 18:43:46 -0700 (PDT) From: Menglong Dong X-Google-Original-From: Menglong Dong To: pabeni@redhat.com Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, roopa@nvidia.com, razor@blackwall.org, gnault@redhat.com, bigeasy@linutronix.de, hawk@kernel.org, idosch@nvidia.com, dongml2@chinatelecom.cn, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, bpf@vger.kernel.org Subject: [PATCH RESEND net-next v4 9/9] net: ip: make ip_route_use_hint() return drop reasons Date: Wed, 30 Oct 2024 09:41:45 +0800 Message-Id: <20241030014145.1409628-10-dongml2@chinatelecom.cn> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241030014145.1409628-1-dongml2@chinatelecom.cn> References: <20241030014145.1409628-1-dongml2@chinatelecom.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In this commit, we make ip_route_use_hint() return drop reasons. The drop reasons that we return are similar to what we do in ip_route_input_slow(), and no drop reasons are added in this commit. Signed-off-by: Menglong Dong --- include/net/route.h | 7 ++++--- net/ipv4/ip_input.c | 9 ++++----- net/ipv4/route.c | 26 ++++++++++++++++---------- 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index f4ab5412c9c9..4debc335d276 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -206,9 +206,10 @@ ip_mc_validate_source(struct sk_buff *skb, __be32 dadd= r, __be32 saddr, enum skb_drop_reason ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); -int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - const struct sk_buff *hint); +enum skb_drop_reason +ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + const struct sk_buff *hint); =20 static inline enum skb_drop_reason ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, dscp_t dscp, diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 513eb0c6435a..f0a4dda246ab 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -322,15 +322,14 @@ static int ip_rcv_finish_core(struct net *net, struct= sock *sk, int err, drop_reason; struct rtable *rt; =20 - drop_reason =3D SKB_DROP_REASON_NOT_SPECIFIED; - if (ip_can_use_hint(skb, iph, hint)) { - err =3D ip_route_use_hint(skb, iph->daddr, iph->saddr, - ip4h_dscp(iph), dev, hint); - if (unlikely(err)) + drop_reason =3D ip_route_use_hint(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev, hint); + if (unlikely(drop_reason)) goto drop_error; } =20 + drop_reason =3D SKB_DROP_REASON_NOT_SPECIFIED; if (READ_ONCE(net->ipv4.sysctl_ip_early_demux) && !skb_dst(skb) && !skb->sk && diff --git a/net/ipv4/route.c b/net/ipv4/route.c index e248e5577d0e..7f969c865c81 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2142,28 +2142,34 @@ ip_mkroute_input(struct sk_buff *skb, struct fib_re= sult *res, * assuming daddr is valid and the destination is not a local broadcast on= e. * Uses the provided hint instead of performing a route lookup. */ -int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, - dscp_t dscp, struct net_device *dev, - const struct sk_buff *hint) +enum skb_drop_reason +ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, + const struct sk_buff *hint) { + enum skb_drop_reason reason =3D SKB_DROP_REASON_NOT_SPECIFIED; struct in_device *in_dev =3D __in_dev_get_rcu(dev); struct rtable *rt =3D skb_rtable(hint); struct net *net =3D dev_net(dev); - enum skb_drop_reason reason; - int err =3D -EINVAL; u32 tag =3D 0; =20 if (!in_dev) - return -EINVAL; + return reason; =20 - if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) + if (ipv4_is_multicast(saddr) || ipv4_is_lbcast(saddr)) { + reason =3D SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } =20 - if (ipv4_is_zeronet(saddr)) + if (ipv4_is_zeronet(saddr)) { + reason =3D SKB_DROP_REASON_IP_INVALID_SOURCE; goto martian_source; + } =20 - if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) + if (ipv4_is_loopback(saddr) && !IN_DEV_NET_ROUTE_LOCALNET(in_dev, net)) { + reason =3D SKB_DROP_REASON_IP_LOCALNET; goto martian_source; + } =20 if (rt->rt_type !=3D RTN_LOCAL) goto skip_validate_source; @@ -2179,7 +2185,7 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 dad= dr, __be32 saddr, =20 martian_source: ip_handle_martian_source(dev, in_dev, skb, daddr, saddr); - return err; + return reason; } =20 /* get device for dst_alloc with local routes */ --=20 2.39.5