Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi Hannes, On Sun, Nov 13, 2016 at 1:51 AM, Hannes Frederic Sowa wrote: > You probably need some combination of ipv6_chk_addr and/or > ipv6_check_addr_and_flags (where dev can also be NULL). Be careful if a > IFA_HOST or IFA_LINK address switches from one interface to

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi Hannes, On Sun, Nov 13, 2016 at 1:51 AM, Hannes Frederic Sowa wrote: > You probably need some combination of ipv6_chk_addr and/or > ipv6_check_addr_and_flags (where dev can also be NULL). Be careful if a > IFA_HOST or IFA_LINK address switches from one interface to another. I can confirm

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Hannes Frederic Sowa
On Sun, Nov 13, 2016, at 01:43, Jason A. Donenfeld wrote: > On Sat, Nov 12, 2016 at 8:08 PM, Jason A. Donenfeld > wrote: > >> Gotcha. I don't see any checks that the saddr is valid similar to what > >> IPv4 does. > >> > >> I think the right place to add a check is in

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
On Sun, Nov 13, 2016 at 1:43 AM, Jason A. Donenfeld wrote: > In perusing through the v6 FIB code, I don't even see an analog of > __ip_dev_find... Hm? Of all places, the iscsi code actually has a nice side-by-side comparison. So far as I can see, the other protocols just omit

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Hannes Frederic Sowa
On Sun, Nov 13, 2016, at 01:43, Jason A. Donenfeld wrote: > On Sat, Nov 12, 2016 at 8:08 PM, Jason A. Donenfeld > wrote: > >> Gotcha. I don't see any checks that the saddr is valid similar to what > >> IPv4 does. > >> > >> I think the right place to add a check is in ip6_dst_lookup_tail(): > >>

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
On Sun, Nov 13, 2016 at 1:43 AM, Jason A. Donenfeld wrote: > In perusing through the v6 FIB code, I don't even see an analog of > __ip_dev_find... Hm? Of all places, the iscsi code actually has a nice side-by-side comparison. So far as I can see, the other protocols just omit this check in the

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
On Sat, Nov 12, 2016 at 8:08 PM, Jason A. Donenfeld wrote: >> Gotcha. I don't see any checks that the saddr is valid similar to what IPv4 >> does. >> >> I think the right place to add a check is in ip6_dst_lookup_tail(): >> if (!ipv6_addr_any(>saddr)) { >> // saddr

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
On Sat, Nov 12, 2016 at 8:08 PM, Jason A. Donenfeld wrote: >> Gotcha. I don't see any checks that the saddr is valid similar to what IPv4 >> does. >> >> I think the right place to add a check is in ip6_dst_lookup_tail(): >> if (!ipv6_addr_any(>saddr)) { >> // saddr is valid for L3

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi David, On Sat, Nov 12, 2016 at 7:14 PM, David Ahern wrote: > I believe that is coming from __ip_route_output_key_hash(), line 2232 with > __ip_dev_find not finding a device with that address. It's possible we simply are looking at different source trees, but I have

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi David, On Sat, Nov 12, 2016 at 7:14 PM, David Ahern wrote: > I believe that is coming from __ip_route_output_key_hash(), line 2232 with > __ip_dev_find not finding a device with that address. It's possible we simply are looking at different source trees, but I have the -EINVAL return in 4.8

Re: Source address fib invalidation on IPv6

2016-11-12 Thread David Ahern
On 11/12/16 8:40 AM, Jason A. Donenfeld wrote: > Hi again, > > I've done some pretty in depth debugging now to determine exactly what > the behavior of ipv6_stub->ipv6_dst_lookup is. First I'll start with > ip_route_output_flow, which I believe to be well behaved, and then > I'll show

Re: Source address fib invalidation on IPv6

2016-11-12 Thread David Ahern
On 11/12/16 8:40 AM, Jason A. Donenfeld wrote: > Hi again, > > I've done some pretty in depth debugging now to determine exactly what > the behavior of ipv6_stub->ipv6_dst_lookup is. First I'll start with > ip_route_output_flow, which I believe to be well behaved, and then > I'll show

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi again, I've done some pretty in depth debugging now to determine exactly what the behavior of ipv6_stub->ipv6_dst_lookup is. First I'll start with ip_route_output_flow, which I believe to be well behaved, and then I'll show ipv6_stub->ipv6_dst_lookup, which seems ill-behaved: Userspace:

Re: Source address fib invalidation on IPv6

2016-11-12 Thread Jason A. Donenfeld
Hi again, I've done some pretty in depth debugging now to determine exactly what the behavior of ipv6_stub->ipv6_dst_lookup is. First I'll start with ip_route_output_flow, which I believe to be well behaved, and then I'll show ipv6_stub->ipv6_dst_lookup, which seems ill-behaved: Userspace:

Re: Source address fib invalidation on IPv6

2016-11-11 Thread Jason A. Donenfeld
Hi David, On Fri, Nov 11, 2016 at 11:14 PM, David Ahern wrote: > What do you mean by 'valid dst'? ipv6 returns net->ipv6.ip6_null_entry on > lookup failures so yes dst is non-NULL but that does not mean the lookup > succeeded. What I mean is that it returns an

Re: Source address fib invalidation on IPv6

2016-11-11 Thread Jason A. Donenfeld
Hi David, On Fri, Nov 11, 2016 at 11:14 PM, David Ahern wrote: > What do you mean by 'valid dst'? ipv6 returns net->ipv6.ip6_null_entry on > lookup failures so yes dst is non-NULL but that does not mean the lookup > succeeded. What I mean is that it returns an ordinary dst, as if that souce

Re: Source address fib invalidation on IPv6

2016-11-11 Thread David Ahern
On 11/11/16 12:29 PM, Jason A. Donenfeld wrote: > Hi folks, > > If I'm replying to a UDP packet, I generally want to use a source > address that's the same as the destination address of the packet to > which I'm replying. For example: > > Peer A sends packet: src = 10.0.0.1, dst = 10.0.0.3 >

Re: Source address fib invalidation on IPv6

2016-11-11 Thread David Ahern
On 11/11/16 12:29 PM, Jason A. Donenfeld wrote: > Hi folks, > > If I'm replying to a UDP packet, I generally want to use a source > address that's the same as the destination address of the packet to > which I'm replying. For example: > > Peer A sends packet: src = 10.0.0.1, dst = 10.0.0.3 >

Source address fib invalidation on IPv6

2016-11-11 Thread Jason A. Donenfeld
Hi folks, If I'm replying to a UDP packet, I generally want to use a source address that's the same as the destination address of the packet to which I'm replying. For example: Peer A sends packet: src = 10.0.0.1, dst = 10.0.0.3 Peer B replies with: src = 10.0.0.3, dst = 10.0.0.1 But let's

Source address fib invalidation on IPv6

2016-11-11 Thread Jason A. Donenfeld
Hi folks, If I'm replying to a UDP packet, I generally want to use a source address that's the same as the destination address of the packet to which I'm replying. For example: Peer A sends packet: src = 10.0.0.1, dst = 10.0.0.3 Peer B replies with: src = 10.0.0.3, dst = 10.0.0.1 But let's