Quantcast

[PATCH v2 Yakkety SRU 0/1] net: fix incorrect original ingress device index in PKTINFO

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH v2 Yakkety SRU 0/1] net: fix incorrect original ingress device index in PKTINFO

jorge.niedbalski
From: Jorge Niedbalski <[hidden email]>

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1683982

[Description]

We identified a bug in one of the utilities provided by dnsmasq, the 'dhcp_release' utility which
is executed as part of the DHCP lease cleanup mechanism by Neutron once a network resource is freed.
We noticed that some packets were discarded by the DHCP server (dnsmasq) in Ubuntu systems
running a kernel >= 4.7. The reason was the ipi_ifindex field on the pktinfo was incorrectly assumed to be 1 (loopback),
this causes the message to be ignored by the dnsmasq daemon since isn't the interface on which dnsmasq is bind to.

[Fix]

Upstream commit:
https://github.com/torvalds/linux/commit/f0c16ba8933ed217c2688b277410b2a37ba81591

[Test Case]

1) Configure a dnsmasq instance to server DHCP

(Example):

$ sudo dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/host --addn-hosts=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/opts --dhcp-leasefile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=ns-1cb1b7c7-c0 --dhcp-range=set:tag0,192.168.21.0,static,86400s --dhcp-option-force=option:mtu,1458 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --domain=openstacklocal

2) Boot a VM or container on the bridge/interface on which dnsmasq is bind to.
2) Use the dhcp_release utility to release the lease.

(Example):
$ sudo dhcp_release ns-1cb1b7c7-c0 192.168.21.8 fa:16:3e:f3:b2:fe

The expected result: The lease is freed.
Current results: dnsmasq ignored the DHCP Release message.

Wei Zhang (1):
  net: fix incorrect original ingress device index in PKTINFO

 net/ipv4/ip_sockglue.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH v2 Yakkety SRU 1/1] net: fix incorrect original ingress device index in PKTINFO

jorge.niedbalski
From: Wei Zhang <[hidden email]>

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1683982

When we send a packet for our own local address on a non-loopback
interface (e.g. eth0), due to the change had been introduced from
commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the
original ingress device index would be set as the loopback interface.
However, the packet should be considered as if it is being arrived via the
sending interface (eth0), otherwise it would break the expectation of the
userspace application (e.g. the DHCPRELEASE message from dhcp_release
binary would be ignored by the dnsmasq daemon, since it come from lo which
is not the interface dnsmasq bind to)

Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO")
Acked-by: David Ahern <[hidden email]>
Signed-off-by: Wei Zhang <[hidden email]>
Signed-off-by: David S. Miller <[hidden email]>
(cherry picked from commit f0c16ba8933ed217c2688b277410b2a37ba81591)
Signed-off-by: Jorge Niedbalski <[hidden email]>
---
 net/ipv4/ip_sockglue.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 11ef96e..5519205 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1199,8 +1199,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
  * which has interface index (iif) as the first member of the
  * underlying inet{6}_skb_parm struct. This code then overlays
  * PKTINFO_SKB_CB and in_pktinfo also has iif as the first
- * element so the iif is picked up from the prior IPCB
+ * element so the iif is picked up from the prior IPCB. If iif
+ * is the loopback interface, then return the sending interface
+ * (e.g., process binds socket to eth0 for Tx which is
+ * redirected to loopback in the rtable/dst).
  */
+ if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX)
+ pktinfo->ipi_ifindex = inet_iif(skb);
+
  pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
  } else {
  pktinfo->ipi_ifindex = 0;
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [PATCH v2 Yakkety SRU 1/1] net: fix incorrect original ingress device index in PKTINFO

Seth Forshee
On Thu, Apr 20, 2017 at 07:40:17PM -0300, [hidden email] wrote:

> From: Wei Zhang <[hidden email]>
>
> BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1683982
>
> When we send a packet for our own local address on a non-loopback
> interface (e.g. eth0), due to the change had been introduced from
> commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the
> original ingress device index would be set as the loopback interface.
> However, the packet should be considered as if it is being arrived via the
> sending interface (eth0), otherwise it would break the expectation of the
> userspace application (e.g. the DHCPRELEASE message from dhcp_release
> binary would be ignored by the dnsmasq daemon, since it come from lo which
> is not the interface dnsmasq bind to)
>
> Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO")
> Acked-by: David Ahern <[hidden email]>
> Signed-off-by: Wei Zhang <[hidden email]>
> Signed-off-by: David S. Miller <[hidden email]>
> (cherry picked from commit f0c16ba8933ed217c2688b277410b2a37ba81591)
> Signed-off-by: Jorge Niedbalski <[hidden email]>

Acked-by: Seth Forshee <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH v2 Yakkety SRU 1/1] net: fix incorrect original ingress device index in PKTINFO

Colin Ian King-2
In reply to this post by jorge.niedbalski
On 20/04/17 23:40, [hidden email] wrote:

> From: Wei Zhang <[hidden email]>
>
> BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1683982
>
> When we send a packet for our own local address on a non-loopback
> interface (e.g. eth0), due to the change had been introduced from
> commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the
> original ingress device index would be set as the loopback interface.
> However, the packet should be considered as if it is being arrived via the
> sending interface (eth0), otherwise it would break the expectation of the
> userspace application (e.g. the DHCPRELEASE message from dhcp_release
> binary would be ignored by the dnsmasq daemon, since it come from lo which
> is not the interface dnsmasq bind to)
>
> Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO")
> Acked-by: David Ahern <[hidden email]>
> Signed-off-by: Wei Zhang <[hidden email]>
> Signed-off-by: David S. Miller <[hidden email]>
> (cherry picked from commit f0c16ba8933ed217c2688b277410b2a37ba81591)
> Signed-off-by: Jorge Niedbalski <[hidden email]>
> ---
>  net/ipv4/ip_sockglue.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
> index 11ef96e..5519205 100644
> --- a/net/ipv4/ip_sockglue.c
> +++ b/net/ipv4/ip_sockglue.c
> @@ -1199,8 +1199,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
>   * which has interface index (iif) as the first member of the
>   * underlying inet{6}_skb_parm struct. This code then overlays
>   * PKTINFO_SKB_CB and in_pktinfo also has iif as the first
> - * element so the iif is picked up from the prior IPCB
> + * element so the iif is picked up from the prior IPCB. If iif
> + * is the loopback interface, then return the sending interface
> + * (e.g., process binds socket to eth0 for Tx which is
> + * redirected to loopback in the rtable/dst).
>   */
> + if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX)
> + pktinfo->ipi_ifindex = inet_iif(skb);
> +
>   pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
>   } else {
>   pktinfo->ipi_ifindex = 0;
>

Upstream cherry pick, fixes a known issue, good testing. So..

Acked-by: Colin Ian King <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

APPLIED: [PATCH v2 Yakkety SRU 0/1] net: fix incorrect original ingress device index in PKTINFO

Thadeu Lima de Souza Cascardo-3
In reply to this post by jorge.niedbalski
Applied to yakkety master-next branch.

Thanks.
Cascardo.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Loading...