vrf: Use orig netdev to count Ip6InNoRoutes and a fresh route lookup when sending dest unreach
When there is no route to an IPv6 dest addr, skb_dst(skb) points to loopback dev in the case of that the IP6CB(skb)->iif is enslaved to a vrf. This causes Ip6InNoRoutes to be incremented on the loopback dev. This also causes the lookup to fail on icmpv6_send() and the dest unreachable to not sent and Ip6OutNoRoutes gets incremented on the loopback dev. To reproduce: * Gateway configuration: ip link add dev vrf_258 type vrf table 258 ip link set dev enp0s9 master vrf_258 ip addr add 66:1/64 dev enp0s9 ip -6 route add unreachable default metric 8192 table 258 sysctl -w net.ipv6.conf.all.forwarding=1 sysctl -w net.ipv6.conf.enp0s9.forwarding=1 * Sender configuration: ip addr add 66::2/64 dev enp0s9 ip -6 route add default via 66::1 and ping 67::1 for example from the sender. Fix this by counting on the original netdev and reset the skb dst to force a fresh lookup. v2: Fix typo of destination address in the repro steps. v3: Simplify the loopback check (per David Ahern) and use reverse Christmas tree format (per David Miller). Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Reviewed-by: David Ahern <dsahern@gmail.com> Tested-by: David Ahern <dsahern@gmail.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
ca2fe2956a
commit
1d3fd8a10b
@ -3668,23 +3668,34 @@ int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
|
||||
|
||||
static int ip6_pkt_drop(struct sk_buff *skb, u8 code, int ipstats_mib_noroutes)
|
||||
{
|
||||
int type;
|
||||
struct dst_entry *dst = skb_dst(skb);
|
||||
struct net *net = dev_net(dst->dev);
|
||||
struct inet6_dev *idev;
|
||||
int type;
|
||||
|
||||
if (netif_is_l3_master(skb->dev) &&
|
||||
dst->dev == net->loopback_dev)
|
||||
idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
|
||||
else
|
||||
idev = ip6_dst_idev(dst);
|
||||
|
||||
switch (ipstats_mib_noroutes) {
|
||||
case IPSTATS_MIB_INNOROUTES:
|
||||
type = ipv6_addr_type(&ipv6_hdr(skb)->daddr);
|
||||
if (type == IPV6_ADDR_ANY) {
|
||||
IP6_INC_STATS(dev_net(dst->dev),
|
||||
__in6_dev_get_safely(skb->dev),
|
||||
IPSTATS_MIB_INADDRERRORS);
|
||||
IP6_INC_STATS(net, idev, IPSTATS_MIB_INADDRERRORS);
|
||||
break;
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
case IPSTATS_MIB_OUTNOROUTES:
|
||||
IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
|
||||
ipstats_mib_noroutes);
|
||||
IP6_INC_STATS(net, idev, ipstats_mib_noroutes);
|
||||
break;
|
||||
}
|
||||
|
||||
/* Start over by dropping the dst for l3mdev case */
|
||||
if (netif_is_l3_master(skb->dev))
|
||||
skb_dst_drop(skb);
|
||||
|
||||
icmpv6_send(skb, ICMPV6_DEST_UNREACH, code, 0);
|
||||
kfree_skb(skb);
|
||||
return 0;
|
||||
|
Loading…
x
Reference in New Issue
Block a user