[PATCH Yakkety SRU 0/1] net: fix incorrect original ingress device index in PKTINFO

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH Yakkety SRU 0/1] net: fix incorrect original ingress device index in PKTINFO

jorge.niedbalski
From: Jorge Niedbalski <[hidden email]>

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1683982

[Description]

We identified a bug in one of the utilities provided by dnsmasq, the 'dhcp_release' utility which
is executed as part of the DHCP lease cleanup mechanism by Neutron once a network resource is freed.
We noticed that some packets were discarded by the DHCP server (dnsmasq) in Ubuntu systems
running a kernel >= 4.7. The reason was the ipi_ifindex field on the pktinfo was incorrectly assumed to be 1 (loopback),
this causes the message to be ignored by the dnsmasq daemon since isn't the interface on which dnsmasq is bind to.

[Fix]

Upstream commit:
https://github.com/torvalds/linux/commit/f0c16ba8933ed217c2688b277410b2a37ba81591

[Test Case]

1) Configure a dnsmasq instance to server DHCP

(Example):

$ sudo dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/host --addn-hosts=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/opts --dhcp-leasefile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=ns-1cb1b7c7-c0 --dhcp-range=set:tag0,192.168.21.0,static,86400s --dhcp-option-force=option:mtu,1458 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --domain=openstacklocal

2) Boot a VM or container on the bridge/interface on which dnsmasq is bind to.
2) Use the dhcp_release utility to release the lease.

(Example):
$ sudo dhcp_release ns-1cb1b7c7-c0 192.168.21.8 fa:16:3e:f3:b2:fe

The expected result: The lease is freed.
Current results: dnsmasq ignored the DHCP Release message.


Wei Zhang (1):
  net: fix incorrect original ingress device index in PKTINFO

 net/ipv4/ip_sockglue.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH Yakkety SRU 1/1] net: fix incorrect original ingress device index in PKTINFO

jorge.niedbalski
From: Wei Zhang <[hidden email]>

When we send a packet for our own local address on a non-loopback
interface (e.g. eth0), due to the change had been introduced from
commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the
original ingress device index would be set as the loopback interface.
However, the packet should be considered as if it is being arrived via the
sending interface (eth0), otherwise it would break the expectation of the
userspace application (e.g. the DHCPRELEASE message from dhcp_release
binary would be ignored by the dnsmasq daemon, since it come from lo which
is not the interface dnsmasq bind to)

Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO")
Acked-by: David Ahern <[hidden email]>
Signed-off-by: Wei Zhang <[hidden email]>
Signed-off-by: David S. Miller <[hidden email]>
Signed-off-by: Jorge Niedbalski <[hidden email]>
---
 net/ipv4/ip_sockglue.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 11ef96e..5519205 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1199,8 +1199,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
  * which has interface index (iif) as the first member of the
  * underlying inet{6}_skb_parm struct. This code then overlays
  * PKTINFO_SKB_CB and in_pktinfo also has iif as the first
- * element so the iif is picked up from the prior IPCB
+ * element so the iif is picked up from the prior IPCB. If iif
+ * is the loopback interface, then return the sending interface
+ * (e.g., process binds socket to eth0 for Tx which is
+ * redirected to loopback in the rtable/dst).
  */
+ if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX)
+ pktinfo->ipi_ifindex = inet_iif(skb);
+
  pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
  } else {
  pktinfo->ipi_ifindex = 0;
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH Yakkety SRU 0/1] net: fix incorrect original ingress device index in PKTINFO

Kamal Mostafa-2
In reply to this post by jorge.niedbalski
Reply | Threaded
Open this post in threaded view
|

ACK w/cmt: [PATCH Yakkety SRU 1/1] net: fix incorrect original ingress device index in PKTINFO

Seth Forshee
In reply to this post by jorge.niedbalski
On Thu, Apr 20, 2017 at 06:02:33PM -0300, [hidden email] wrote:

> From: Wei Zhang <[hidden email]>
>
> When we send a packet for our own local address on a non-loopback
> interface (e.g. eth0), due to the change had been introduced from
> commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the
> original ingress device index would be set as the loopback interface.
> However, the packet should be considered as if it is being arrived via the
> sending interface (eth0), otherwise it would break the expectation of the
> userspace application (e.g. the DHCPRELEASE message from dhcp_release
> binary would be ignored by the dnsmasq daemon, since it come from lo which
> is not the interface dnsmasq bind to)
>
> Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO")
> Acked-by: David Ahern <[hidden email]>
> Signed-off-by: Wei Zhang <[hidden email]>
> Signed-off-by: David S. Miller <[hidden email]>
> Signed-off-by: Jorge Niedbalski <[hidden email]>

Patch is fine, but needs to include the buglink and the "(cherry picked
from ...)" line in the commit message. Passing -x to git cherry-pick
will get you the latter.

With those added:

Acked-by: Seth Forshee <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: ACK w/cmt: [PATCH Yakkety SRU 1/1] net: fix incorrect original ingress device index in PKTINFO

jorge.niedbalski
Hello Seth,

On Thu, Apr 20, 2017 at 6:44 PM, Seth Forshee
<[hidden email]> wrote:

> On Thu, Apr 20, 2017 at 06:02:33PM -0300, [hidden email] wrote:
>> From: Wei Zhang <[hidden email]>
>>
>> When we send a packet for our own local address on a non-loopback
>> interface (e.g. eth0), due to the change had been introduced from
>> commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the
>> original ingress device index would be set as the loopback interface.
>> However, the packet should be considered as if it is being arrived via the
>> sending interface (eth0), otherwise it would break the expectation of the
>> userspace application (e.g. the DHCPRELEASE message from dhcp_release
>> binary would be ignored by the dnsmasq daemon, since it come from lo which
>> is not the interface dnsmasq bind to)
>>
>> Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO")
>> Acked-by: David Ahern <[hidden email]>
>> Signed-off-by: Wei Zhang <[hidden email]>
>> Signed-off-by: David S. Miller <[hidden email]>
>> Signed-off-by: Jorge Niedbalski <[hidden email]>
>
> Patch is fine, but needs to include the buglink and the "(cherry picked
> from ...)" line in the commit message. Passing -x to git cherry-pick
> will get you the latter.
>
> With those added:
>
> Acked-by: Seth Forshee <[hidden email]>

Thanks for reviewing, addressed your comments as part of
[PATCH v2 Yakkety SRU 1/1] net: fix incorrect original ingress device
index in PKTINFO

--
Jorge Niedbalski R.
STS - Engineering Team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team