mirror of
https://github.com/torvalds/linux.git
synced 2024-11-27 06:31:52 +00:00
Merge branch 'srv6-traceroute'
Andrew Lunn says: ==================== Fix traceroute in the presence of SRv6 When using SRv6 the destination IP address in the IPv6 header is not always the true destination, it can be a router along the path that SRv6 is using. When ICMP reports an error, e.g, time exceeded, which is what traceroute uses, it included the packet which invoked the error into the ICMP message body. Upon receiving such an ICMP packet, the invoking packet is examined and an attempt is made to find the socket which sent the packet, so the error can be reported. Lookup is performed using the source and destination address. If the intermediary router IP address from the IP header is used, the lookup fails. It is necessary to dig into the header and find the true destination address in the Segment Router header, SRH. v2: Play games with the skb->network_header rather than clone the skb v3: Move helpers into seg6.c v4: Move short helper into header file. Rework getting SRH destination address v5: Fix comment to describe function, not caller Patch 1 exports a helper which can find the SRH in a packet Patch 2 does the actual examination of the invoking packet Patch 3 makes use of the results when trying to find the socket. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
d2d9a6d0b4
@ -133,6 +133,7 @@ struct inet6_skb_parm {
|
||||
__u16 dsthao;
|
||||
#endif
|
||||
__u16 frag_max_size;
|
||||
__u16 srhoff;
|
||||
|
||||
#define IP6SKB_XFRM_TRANSFORMED 1
|
||||
#define IP6SKB_FORWARDED 2
|
||||
@ -142,6 +143,7 @@ struct inet6_skb_parm {
|
||||
#define IP6SKB_HOPBYHOP 32
|
||||
#define IP6SKB_L3SLAVE 64
|
||||
#define IP6SKB_JUMBOGRAM 128
|
||||
#define IP6SKB_SEG6 256
|
||||
};
|
||||
|
||||
#if defined(CONFIG_NET_L3_MASTER_DEV)
|
||||
|
@ -58,9 +58,30 @@ extern int seg6_local_init(void);
|
||||
extern void seg6_local_exit(void);
|
||||
|
||||
extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced);
|
||||
extern struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags);
|
||||
extern void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt);
|
||||
extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
|
||||
int proto);
|
||||
extern int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh);
|
||||
extern int seg6_lookup_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
|
||||
u32 tbl_id);
|
||||
|
||||
/* If the packet which invoked an ICMP error contains an SRH return
|
||||
* the true destination address from within the SRH, otherwise use the
|
||||
* destination address in the IP header.
|
||||
*/
|
||||
static inline const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
|
||||
struct inet6_skb_parm *opt)
|
||||
{
|
||||
struct ipv6_sr_hdr *srh;
|
||||
|
||||
if (opt->flags & IP6SKB_SEG6) {
|
||||
srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
|
||||
return &srh->segments[0];
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
#endif
|
||||
|
@ -57,6 +57,7 @@
|
||||
#include <net/protocol.h>
|
||||
#include <net/raw.h>
|
||||
#include <net/rawv6.h>
|
||||
#include <net/seg6.h>
|
||||
#include <net/transp_v6.h>
|
||||
#include <net/ip6_route.h>
|
||||
#include <net/addrconf.h>
|
||||
@ -820,6 +821,7 @@ out_bh_enable:
|
||||
|
||||
void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
|
||||
{
|
||||
struct inet6_skb_parm *opt = IP6CB(skb);
|
||||
const struct inet6_protocol *ipprot;
|
||||
int inner_offset;
|
||||
__be16 frag_off;
|
||||
@ -829,6 +831,8 @@ void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
|
||||
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
|
||||
goto out;
|
||||
|
||||
seg6_icmp_srh(skb, opt);
|
||||
|
||||
nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
|
||||
if (ipv6_ext_hdr(nexthdr)) {
|
||||
/* now skip over extension headers */
|
||||
@ -853,7 +857,7 @@ void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
|
||||
|
||||
ipprot = rcu_dereference(inet6_protos[nexthdr]);
|
||||
if (ipprot && ipprot->err_handler)
|
||||
ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
|
||||
ipprot->err_handler(skb, opt, type, code, inner_offset, info);
|
||||
|
||||
raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
|
||||
return;
|
||||
|
@ -75,6 +75,65 @@ bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced)
|
||||
return true;
|
||||
}
|
||||
|
||||
struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags)
|
||||
{
|
||||
struct ipv6_sr_hdr *srh;
|
||||
int len, srhoff = 0;
|
||||
|
||||
if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0)
|
||||
return NULL;
|
||||
|
||||
if (!pskb_may_pull(skb, srhoff + sizeof(*srh)))
|
||||
return NULL;
|
||||
|
||||
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
|
||||
|
||||
len = (srh->hdrlen + 1) << 3;
|
||||
|
||||
if (!pskb_may_pull(skb, srhoff + len))
|
||||
return NULL;
|
||||
|
||||
/* note that pskb_may_pull may change pointers in header;
|
||||
* for this reason it is necessary to reload them when needed.
|
||||
*/
|
||||
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
|
||||
|
||||
if (!seg6_validate_srh(srh, len, true))
|
||||
return NULL;
|
||||
|
||||
return srh;
|
||||
}
|
||||
|
||||
/* Determine if an ICMP invoking packet contains a segment routing
|
||||
* header. If it does, extract the offset to the true destination
|
||||
* address, which is in the first segment address.
|
||||
*/
|
||||
void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
|
||||
{
|
||||
__u16 network_header = skb->network_header;
|
||||
struct ipv6_sr_hdr *srh;
|
||||
|
||||
/* Update network header to point to the invoking packet
|
||||
* inside the ICMP packet, so we can use the seg6_get_srh()
|
||||
* helper.
|
||||
*/
|
||||
skb_reset_network_header(skb);
|
||||
|
||||
srh = seg6_get_srh(skb, 0);
|
||||
if (!srh)
|
||||
goto out;
|
||||
|
||||
if (srh->type != IPV6_SRCRT_TYPE_4)
|
||||
goto out;
|
||||
|
||||
opt->flags |= IP6SKB_SEG6;
|
||||
opt->srhoff = (unsigned char *)srh - skb->data;
|
||||
|
||||
out:
|
||||
/* Restore the network header back to the ICMP packet */
|
||||
skb->network_header = network_header;
|
||||
}
|
||||
|
||||
static struct genl_family seg6_genl_family;
|
||||
|
||||
static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
|
||||
|
@ -150,40 +150,11 @@ static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt)
|
||||
return (struct seg6_local_lwt *)lwt->data;
|
||||
}
|
||||
|
||||
static struct ipv6_sr_hdr *get_srh(struct sk_buff *skb, int flags)
|
||||
{
|
||||
struct ipv6_sr_hdr *srh;
|
||||
int len, srhoff = 0;
|
||||
|
||||
if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0)
|
||||
return NULL;
|
||||
|
||||
if (!pskb_may_pull(skb, srhoff + sizeof(*srh)))
|
||||
return NULL;
|
||||
|
||||
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
|
||||
|
||||
len = (srh->hdrlen + 1) << 3;
|
||||
|
||||
if (!pskb_may_pull(skb, srhoff + len))
|
||||
return NULL;
|
||||
|
||||
/* note that pskb_may_pull may change pointers in header;
|
||||
* for this reason it is necessary to reload them when needed.
|
||||
*/
|
||||
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
|
||||
|
||||
if (!seg6_validate_srh(srh, len, true))
|
||||
return NULL;
|
||||
|
||||
return srh;
|
||||
}
|
||||
|
||||
static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb)
|
||||
{
|
||||
struct ipv6_sr_hdr *srh;
|
||||
|
||||
srh = get_srh(skb, IP6_FH_F_SKIP_RH);
|
||||
srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH);
|
||||
if (!srh)
|
||||
return NULL;
|
||||
|
||||
@ -200,7 +171,7 @@ static bool decap_and_validate(struct sk_buff *skb, int proto)
|
||||
struct ipv6_sr_hdr *srh;
|
||||
unsigned int off = 0;
|
||||
|
||||
srh = get_srh(skb, 0);
|
||||
srh = seg6_get_srh(skb, 0);
|
||||
if (srh && srh->segments_left > 0)
|
||||
return false;
|
||||
|
||||
|
@ -40,6 +40,7 @@
|
||||
#include <net/transp_v6.h>
|
||||
#include <net/ip6_route.h>
|
||||
#include <net/raw.h>
|
||||
#include <net/seg6.h>
|
||||
#include <net/tcp_states.h>
|
||||
#include <net/ip6_checksum.h>
|
||||
#include <net/ip6_tunnel.h>
|
||||
@ -561,7 +562,7 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
|
||||
struct ipv6_pinfo *np;
|
||||
const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
|
||||
const struct in6_addr *saddr = &hdr->saddr;
|
||||
const struct in6_addr *daddr = &hdr->daddr;
|
||||
const struct in6_addr *daddr = seg6_get_daddr(skb, opt) ? : &hdr->daddr;
|
||||
struct udphdr *uh = (struct udphdr *)(skb->data+offset);
|
||||
bool tunnel = false;
|
||||
struct sock *sk;
|
||||
|
Loading…
Reference in New Issue
Block a user