diff mbox series

[[PATCH,net-next,v3] 3/3] udp6: Use Segment Routing Header for dest address if present

Message ID 20211203162926.3680281-4-andrew@lunn.ch (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series [[PATCH,net-next,v3] 3/3] udp6: Use Segment Routing Header for dest address if present | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net-next
netdev/apply fail Patch does not apply to net-next

Commit Message

Andrew Lunn Dec. 3, 2021, 4:29 p.m. UTC 
When finding the socket to report an error on, if the invoking packet
is using Segment Routing, the IPv6 destination address is that of an
intermediate router, not the end destination. Extract the ultimate
destination address from the segment address.

This change allows traceroute to function in the presence of Segment
Routing.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
---
 include/net/seg6.h |  2 ++
 net/ipv6/seg6.c    | 21 +++++++++++++++++++++
 net/ipv6/udp.c     |  3 ++-
 3 files changed, 25 insertions(+), 1 deletion(-)

Comments

David Ahern Dec. 3, 2021, 4:49 p.m. UTC | #1 
On 12/3/21 9:29 AM, Andrew Lunn wrote:
> diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
> index 73aaabf0e966..4fd7d3793c1b 100644
> --- a/net/ipv6/seg6.c
> +++ b/net/ipv6/seg6.c
> @@ -134,6 +134,27 @@ void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
>  	skb->network_header = network_header;
>  }
>  
> +/* If the packet which invoked an ICMP error contains an SRH return
> + * the true destination address from within the SRH, otherwise use the
> + * destination address in the IP header.
> + */
> +const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
> +				      struct inet6_skb_parm *opt)
> +{
> +	/* ipv6_hdr() does not work here, since this IP header is
> +	 * nested inside an ICMP error report packet
> +	 */
> +	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> +	struct ipv6_sr_hdr *srh;
> +
> +	if (opt->flags & IP6SKB_SEG6) {
> +		srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
> +		return  &srh->segments[0];
> +	}
> +
> +	return &hdr->daddr;
> +}
> +
>  static struct genl_family seg6_genl_family;
>  
>  static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index 6a0e569f0bb8..47125d83920a 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -40,6 +40,7 @@
>  #include <net/transp_v6.h>
>  #include <net/ip6_route.h>
>  #include <net/raw.h>
> +#include <net/seg6.h>
>  #include <net/tcp_states.h>
>  #include <net/ip6_checksum.h>
>  #include <net/ip6_tunnel.h>
> @@ -560,8 +561,8 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
>  {
>  	struct ipv6_pinfo *np;
>  	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> +	const struct in6_addr *daddr = seg6_get_daddr(skb, opt);
>  	const struct in6_addr *saddr = &hdr->saddr;
> -	const struct in6_addr *daddr = &hdr->daddr;
>  	struct udphdr *uh = (struct udphdr *)(skb->data+offset);
>  	bool tunnel = false;
>  	struct sock *sk;
> 

I was thinking something like:

	const struct in6_addr *daddr

	daddr = seg6_get_daddr(skb, opt) ? : &hdr->daddr;

where seg6_get_daddr returns NULL if it is not returning an address due
to SR6 and in that case the lookup uses the daddr from the ipv6 hdr.
That keeps the SR6 logic independent.
David Ahern Dec. 3, 2021, 4:51 p.m. UTC | #2 
On 12/3/21 9:29 AM, Andrew Lunn wrote:
> diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
> index 73aaabf0e966..4fd7d3793c1b 100644
> --- a/net/ipv6/seg6.c
> +++ b/net/ipv6/seg6.c
> @@ -134,6 +134,27 @@ void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
>  	skb->network_header = network_header;
>  }
>  
> +/* If the packet which invoked an ICMP error contains an SRH return
> + * the true destination address from within the SRH, otherwise use the
> + * destination address in the IP header.
> + */
> +const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
> +				      struct inet6_skb_parm *opt)
> +{
> +	/* ipv6_hdr() does not work here, since this IP header is
> +	 * nested inside an ICMP error report packet
> +	 */
> +	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
> +	struct ipv6_sr_hdr *srh;
> +
> +	if (opt->flags & IP6SKB_SEG6) {
> +		srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
> +		return  &srh->segments[0];
> +	}
> +
> +	return &hdr->daddr;
> +}
> +

also, that could be an inline in net/seg6.h given how short it is.
diff mbox series

Patch

diff --git a/include/net/seg6.h b/include/net/seg6.h
index 02b0cd305787..384956e9d4a3 100644
--- a/include/net/seg6.h
+++ b/include/net/seg6.h
@@ -60,6 +60,8 @@  extern void seg6_local_exit(void);
 extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced);
 extern struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags);
 extern void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt);
+extern const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
+					     struct inet6_skb_parm *opt);
 extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
 			     int proto);
 extern int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh);
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index 73aaabf0e966..4fd7d3793c1b 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -134,6 +134,27 @@  void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
 	skb->network_header = network_header;
 }
 
+/* If the packet which invoked an ICMP error contains an SRH return
+ * the true destination address from within the SRH, otherwise use the
+ * destination address in the IP header.
+ */
+const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
+				      struct inet6_skb_parm *opt)
+{
+	/* ipv6_hdr() does not work here, since this IP header is
+	 * nested inside an ICMP error report packet
+	 */
+	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
+	struct ipv6_sr_hdr *srh;
+
+	if (opt->flags & IP6SKB_SEG6) {
+		srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
+		return  &srh->segments[0];
+	}
+
+	return &hdr->daddr;
+}
+
 static struct genl_family seg6_genl_family;
 
 static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 6a0e569f0bb8..47125d83920a 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -40,6 +40,7 @@ 
 #include <net/transp_v6.h>
 #include <net/ip6_route.h>
 #include <net/raw.h>
+#include <net/seg6.h>
 #include <net/tcp_states.h>
 #include <net/ip6_checksum.h>
 #include <net/ip6_tunnel.h>
@@ -560,8 +561,8 @@  int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 {
 	struct ipv6_pinfo *np;
 	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
+	const struct in6_addr *daddr = seg6_get_daddr(skb, opt);
 	const struct in6_addr *saddr = &hdr->saddr;
-	const struct in6_addr *daddr = &hdr->daddr;
 	struct udphdr *uh = (struct udphdr *)(skb->data+offset);
 	bool tunnel = false;
 	struct sock *sk;