linux

mainlining shenanigans

Go to file

Toke Høiland-Jørgensen 3218274773 icmp: don't send out ICMP messages with a source address of 0.0.0.0 When constructing ICMP response messages, the kernel will try to pick a suitable source address for the outgoing packet. However, if no IPv4 addresses are configured on the system at all, this will fail and we end up producing an ICMP message with a source address of 0.0.0.0. This can happen on a box routing IPv4 traffic via v6 nexthops, for instance. Since 0.0.0.0 is not generally routable on the internet, there's a good chance that such ICMP messages will never make it back to the sender of the original packet that the ICMP message was sent in response to. This, in turn, can create connectivity and PMTUd problems for senders. Fortunately, RFC7600 reserves a dummy address to be used as a source for ICMP messages (192.0.0.8/32), so let's teach the kernel to substitute that address as a last resort if the regular source address selection procedure fails. Below is a quick example reproducing this issue with network namespaces: ip netns add ns0 ip l add type veth peer netns ns0 ip l set dev veth0 up ip a add 10.0.0.1/24 dev veth0 ip a add fc00:dead:cafe:42::1/64 dev veth0 ip r add 10.1.0.0/24 via inet6 fc00:dead:cafe:42::2 ip -n ns0 l set dev veth0 up ip -n ns0 a add fc00:dead:cafe:42::2/64 dev veth0 ip -n ns0 r add 10.0.0.0/24 via inet6 fc00:dead:cafe:42::1 ip netns exec ns0 sysctl -w net.ipv4.icmp_ratelimit=0 ip netns exec ns0 sysctl -w net.ipv4.ip_forward=1 tcpdump -tpni veth0 -c 2 icmp & ping -w 1 10.1.0.1 > /dev/null tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on veth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes IP 10.0.0.1 > 10.1.0.1: ICMP echo request, id 29, seq 1, length 64 IP 0.0.0.0 > 10.0.0.1: ICMP net 10.1.0.1 unreachable, length 92 2 packets captured 2 packets received by filter 0 packets dropped by kernel With this patch the above capture changes to: IP 10.0.0.1 > 10.1.0.1: ICMP echo request, id 31127, seq 1, length 64 IP 192.0.0.8 > 10.0.0.1: ICMP net 10.1.0.1 unreachable, length 92 Fixes: `1da177e4c3` ("Linux-2.6.12-rc2") Reported-by: Juliusz Chroboczek <jch@irif.fr> Reviewed-by: David Ahern <dsahern@kernel.org> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2021-06-18 12:13:24 -07:00
arch	Networking fixes for 5.13-rc4, including fixes from bpf, netfilter,	2021-05-26 17:44:49 -10:00
block	block-5.13-2021-05-22	2021-05-22 07:40:34 -10:00
certs	Kbuild updates for v5.13 (2nd)	2021-05-08 10:00:11 -07:00
crypto	for-5.13/drivers-2021-04-27	2021-04-28 14:39:37 -07:00
Documentation	Networking fixes for 5.13-rc4, including fixes from bpf, netfilter,	2021-05-26 17:44:49 -10:00
drivers	net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY	2021-06-18 12:11:51 -07:00
fs	proc: Check /proc/$pid/attr/ writes against file opener	2021-05-25 10:24:41 -10:00
include	icmp: don't send out ICMP messages with a source address of 0.0.0.0	2021-06-18 12:13:24 -07:00
init	Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf	2021-05-11 16:05:56 -07:00
ipc	ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry	2021-05-22 15:09:07 -10:00
kernel	bpf: Fix leakage under speculation on mispredicted branches	2021-06-14 23:06:10 +02:00
lib	lib: kunit: suppress a compilation warning of frame size	2021-05-22 15:09:07 -10:00
LICENSES	LICENSES: Add the CC-BY-4.0 license	2020-12-08 10:33:27 -07:00
mm	userfaultfd: hugetlbfs: fix new flag usage in error path	2021-05-22 15:09:07 -10:00
net	icmp: don't send out ICMP messages with a source address of 0.0.0.0	2021-06-18 12:13:24 -07:00
samples	Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf	2021-05-11 16:05:56 -07:00
scripts	kbuild: Quote OBJCOPY var to avoid a pahole call break the build	2021-05-27 11:32:56 -07:00
security	trusted-keys: match tpm_get_ops on all return paths	2021-05-12 22:36:37 +03:00
sound	sound fixes for 5.13-rc3	2021-05-20 06:42:21 -10:00
tools	selftests: net: use bash to run udpgro_fwd test case	2021-06-16 12:56:10 -07:00
usr	.gitignore: prefix local generated files with a slash	2021-05-02 00:43:35 +09:00
virt	kvm: Cap halt polling at kvm->max_halt_poll_ns	2021-05-07 06:06:22 -04:00
.clang-format	cxl for 5.12	2021-02-24 09:38:36 -08:00
.cocciconfig
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	.gitignore: ignore only top-level modules.builtin	2021-05-02 00:43:35 +09:00
.mailmap	Merge drm/drm-fixes into drm-misc-fixes	2021-05-11 13:35:52 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: move Murali Karicheri to credits	2021-04-29 15:47:30 -07:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	MAINTAINERS: add Guvenc as SMC maintainer	2021-06-18 12:05:52 -07:00
Makefile	Linux 5.13-rc3	2021-05-23 11:42:48 -10:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.