Merge branch 'SO_MARK-routing'

Jakub Kicinski says:

====================
udp6: allow SO_MARK ctrl msg to affect routing

Looks like SO_MARK from cmsg does not affect routing policy.
This seems accidental.

I opted for net because of the discrepancy between IPv4
and IPv6, but it never worked and doesn't cause crashes..
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2021-11-01 13:12:48 +00:00
Родитель 6de6e46d27 b0ced8f290
Коммит 7be49d242b
5 изменённых файлов: 132 добавлений и 1 удалений

Просмотреть файл

@ -1435,7 +1435,6 @@ do_udp_sendmsg:
if (!fl6.flowi6_oif)
fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex;
fl6.flowi6_mark = ipc6.sockc.mark;
fl6.flowi6_uid = sk->sk_uid;
if (msg->msg_controllen) {
@ -1471,6 +1470,7 @@ do_udp_sendmsg:
ipc6.opt = opt;
fl6.flowi6_proto = sk->sk_protocol;
fl6.flowi6_mark = ipc6.sockc.mark;
fl6.daddr = *daddr;
if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr))
fl6.saddr = np->saddr;

1
tools/testing/selftests/net/.gitignore поставляемый
Просмотреть файл

@ -35,3 +35,4 @@ test_unix_oob
gro
ioam6_parser
toeplitz
cmsg_so_mark

Просмотреть файл

@ -28,6 +28,7 @@ TEST_PROGS += veth.sh
TEST_PROGS += ioam6.sh
TEST_PROGS += gro.sh
TEST_PROGS += gre_gso.sh
TEST_PROGS += cmsg_so_mark.sh
TEST_PROGS_EXTENDED := in_netns.sh
TEST_GEN_FILES = socket nettest
TEST_GEN_FILES += psock_fanout psock_tpacket msg_zerocopy reuseport_addr_any
@ -44,6 +45,7 @@ TEST_GEN_FILES += gro
TEST_GEN_PROGS = reuseport_bpf reuseport_bpf_cpu reuseport_bpf_numa
TEST_GEN_PROGS += reuseport_dualstack reuseaddr_conflict tls
TEST_GEN_FILES += toeplitz
TEST_GEN_FILES += cmsg_so_mark
TEST_FILES := settings

Просмотреть файл

@ -0,0 +1,67 @@
// SPDX-License-Identifier: GPL-2.0-or-later
#include <errno.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <linux/types.h>
#include <sys/socket.h>
int main(int argc, const char **argv)
{
char cbuf[CMSG_SPACE(sizeof(__u32))];
struct addrinfo hints, *ai;
struct cmsghdr *cmsg;
struct iovec iov[1];
struct msghdr msg;
int mark;
int err;
int fd;
if (argc != 4) {
fprintf(stderr, "Usage: %s <dst_ip> <port> <mark>\n", argv[0]);
return 1;
}
mark = atoi(argv[3]);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
ai = NULL;
err = getaddrinfo(argv[1], argv[2], &hints, &ai);
if (err) {
fprintf(stderr, "Can't resolve address: %s\n", strerror(errno));
return 1;
}
fd = socket(ai->ai_family, SOCK_DGRAM, IPPROTO_UDP);
if (fd < 0) {
fprintf(stderr, "Can't open socket: %s\n", strerror(errno));
freeaddrinfo(ai);
return 1;
}
iov[0].iov_base = "bla";
iov[0].iov_len = 4;
msg.msg_name = ai->ai_addr;
msg.msg_namelen = ai->ai_addrlen;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
msg.msg_control = cbuf;
msg.msg_controllen = sizeof(cbuf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SO_MARK;
cmsg->cmsg_len = CMSG_LEN(sizeof(__u32));
*(__u32 *)CMSG_DATA(cmsg) = mark;
err = sendmsg(fd, &msg, 0);
close(fd);
freeaddrinfo(ai);
return err != 4;
}

Просмотреть файл

@ -0,0 +1,61 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
NS=ns
IP4=172.16.0.1/24
TGT4=172.16.0.2
IP6=2001:db8:1::1/64
TGT6=2001:db8:1::2
MARK=1000
cleanup()
{
ip netns del $NS
}
trap cleanup EXIT
# Namespaces
ip netns add $NS
# Connectivity
ip -netns $NS link add type dummy
ip -netns $NS link set dev dummy0 up
ip -netns $NS addr add $IP4 dev dummy0
ip -netns $NS addr add $IP6 dev dummy0
ip -netns $NS rule add fwmark $MARK lookup 300
ip -6 -netns $NS rule add fwmark $MARK lookup 300
ip -netns $NS route add prohibit any table 300
ip -6 -netns $NS route add prohibit any table 300
# Test
BAD=0
TOTAL=0
check_result() {
((TOTAL++))
if [ $1 -ne $2 ]; then
echo " Case $3 returned $1, expected $2"
((BAD++))
fi
}
ip netns exec $NS ./cmsg_so_mark $TGT4 1234 $((MARK + 1))
check_result $? 0 "IPv4 pass"
ip netns exec $NS ./cmsg_so_mark $TGT6 1234 $((MARK + 1))
check_result $? 0 "IPv6 pass"
ip netns exec $NS ./cmsg_so_mark $TGT4 1234 $MARK
check_result $? 1 "IPv4 rejection"
ip netns exec $NS ./cmsg_so_mark $TGT6 1234 $MARK
check_result $? 1 "IPv6 rejection"
# Summary
if [ $BAD -ne 0 ]; then
echo "FAIL - $BAD/$TOTAL cases failed"
exit 1
else
echo "OK"
exit 0
fi