* Regression from "ipv4: Cache ip_error() routes even when not forwarding."
@ 2015-01-17 0:07 Francesco Ruggeri
2015-01-17 0:59 ` David Miller
2015-01-17 8:25 ` Julian Anastasov
0 siblings, 2 replies; 5+ messages in thread
From: Francesco Ruggeri @ 2015-01-17 0:07 UTC (permalink / raw
To: fruggeri, davem, netdev
Commit 251da413("ipv4: Cache ip_error() routes even when not forwarding."),
later slightly modified by cd0f0b95("ipv4: distinguish EHOSTUNREACH from
the ENETUNREACH"), introduced a regression where an ip_error route is cached
when an ARP request is received on a non-forwarding non matching interface,
and it affects later legitimate packets for the same destination even if
coming over different interfaces.
Attached are two scripts that show the problem. The first one does basic
forwarding, and the second one does proxy arp.
In both cases a dummy interface is created for the sole purpose of receiving
an ARP request that results in the ip_error route to be cached. The offending
ARP request is generated by using a 'ping -c 1' (commented out in the scripts).
Verified in 3.16 build.
Francesco Ruggeri
#########################################################
# Basic routing 1.1.1.2@host1 -> 2.2.2.2@host2 via router
ip netns add dummy
ip netns exec dummy bash
ip netns add host1
ip netns add host2
ip netns add router
ip link add eth0 type veth peer name rtr-eth0 netns router
ip link add eth1 type veth peer name rtr-eth1 netns router
ip link set eth1 netns host1
ip link add eth2 type veth peer name rtr-eth2 netns router
ip link set eth2 netns host2
ip netns exec host1 bash
ip link set up lo
ip link set up eth1 ; ip addr add 1.1.1.2/24 dev eth1
ip route add default via 1.1.1.1
exit
ip netns exec host2 bash
ip link set up lo
ip link set up eth2 ; ip addr add 2.2.2.2/24 dev eth2
ip route add default via 2.2.2.1
exit
ip netns exec router bash
ip link set up lo
ip link set up rtr-eth0 ; ip addr add 1.2.3.4/24 dev rtr-eth0
ip link set up rtr-eth1 ; ip addr add 1.1.1.1/24 dev rtr-eth1
ip link set up rtr-eth2 ; ip addr add 2.2.2.1/24 dev rtr-eth2
echo 0 > /proc/sys/net/ipv4/conf/rtr-eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/rtr-eth1/forwarding
echo 1 > /proc/sys/net/ipv4/conf/rtr-eth2/forwarding
exit
ip link set up lo
ip link set up eth0 ; ip addr add 2.2.2.1/24 dev eth0
# Uncommenting line below makes following ping return Host Unreachable
#ping -c 1 2.2.2.2
ip netns exec host1 ping -c 3 2.2.2.2
ip netns del host1
ip netns del host2
ip netns del router
exit
ip netns del dummy
######################################################
# Proxy ARP
ip netns add router
ip netns exec router bash
ip netns add host1
ip link add rtr-h1 type veth peer name host1-e0 netns host1
ip link set up rtr-h1
ip netns exec host1 bash
ip link set up lo
ip link set up host1-e0
ip addr add 10.10.1.2/16 dev host1-e0
exit
echo 1 > /proc/sys/net/ipv4/conf/rtr-h1/forwarding
echo 1 > /proc/sys/net/ipv4/conf/rtr-h1/proxy_arp
ip addr add 10.10.1.1/24 dev rtr-h1
ip netns add host2
ip link add rtr-h2 type veth peer name host2-e0 netns host2
ip link set up rtr-h2
ip netns exec host2 bash
ip link set up lo
ip link set up host2-e0
ip addr add 10.10.2.2/16 dev host2-e0
exit
echo 1 > /proc/sys/net/ipv4/conf/rtr-h2/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/rtr-h2/forwarding
ip addr add 10.10.2.1/24 dev rtr-h2
ip netns add host3
ip link add rtr-h3 type veth peer name host3-e0 netns host3
ip link set up rtr-h3
ip netns exec host3 bash
ip link set up lo
ip link set up host3-e0
ip addr add 10.10.1.2/16 dev host3-e0
exit
echo 8 > /proc/sys/net/ipv4/conf/rtr-h3/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/rtr-h3/forwarding
ip addr add 1.2.3.4/24 dev rtr-h3
# Uncommenting line below makes following ping fail
#ip netns exec host3 ping -c 1 10.10.2.2
ip netns exec host1 ping -c 3 10.10.2.2
ip netns del host1
ip netns del host2
ip netns del host3
exit
ip netns del router
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Regression from "ipv4: Cache ip_error() routes even when not forwarding."
2015-01-17 0:07 Regression from "ipv4: Cache ip_error() routes even when not forwarding." Francesco Ruggeri
@ 2015-01-17 0:59 ` David Miller
2015-01-17 8:25 ` Julian Anastasov
1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2015-01-17 0:59 UTC (permalink / raw
To: fruggeri; +Cc: fruggeri, netdev, duanj.fnst
From: fruggeri@aristanetworks.com (Francesco Ruggeri)
Date: Fri, 16 Jan 2015 16:07:55 -0800
>
> Commit 251da413("ipv4: Cache ip_error() routes even when not forwarding."),
> later slightly modified by cd0f0b95("ipv4: distinguish EHOSTUNREACH from
> the ENETUNREACH"), introduced a regression where an ip_error route is cached
> when an ARP request is received on a non-forwarding non matching interface,
> and it affects later legitimate packets for the same destination even if
> coming over different interfaces.
Always CC: the authors of the changes you feel are responsible for
a problem. Adding, Duan Jiong.
> Attached are two scripts that show the problem. The first one does basic
> forwarding, and the second one does proxy arp.
> In both cases a dummy interface is created for the sole purpose of receiving
> an ARP request that results in the ip_error route to be cached. The offending
> ARP request is generated by using a 'ping -c 1' (commented out in the scripts).
> Verified in 3.16 build.
>
> Francesco Ruggeri
>
> #########################################################
> # Basic routing 1.1.1.2@host1 -> 2.2.2.2@host2 via router
>
> ip netns add dummy
> ip netns exec dummy bash
>
> ip netns add host1
> ip netns add host2
> ip netns add router
> ip link add eth0 type veth peer name rtr-eth0 netns router
> ip link add eth1 type veth peer name rtr-eth1 netns router
> ip link set eth1 netns host1
> ip link add eth2 type veth peer name rtr-eth2 netns router
> ip link set eth2 netns host2
>
> ip netns exec host1 bash
> ip link set up lo
> ip link set up eth1 ; ip addr add 1.1.1.2/24 dev eth1
> ip route add default via 1.1.1.1
> exit
>
> ip netns exec host2 bash
> ip link set up lo
> ip link set up eth2 ; ip addr add 2.2.2.2/24 dev eth2
> ip route add default via 2.2.2.1
> exit
>
> ip netns exec router bash
> ip link set up lo
> ip link set up rtr-eth0 ; ip addr add 1.2.3.4/24 dev rtr-eth0
> ip link set up rtr-eth1 ; ip addr add 1.1.1.1/24 dev rtr-eth1
> ip link set up rtr-eth2 ; ip addr add 2.2.2.1/24 dev rtr-eth2
> echo 0 > /proc/sys/net/ipv4/conf/rtr-eth0/forwarding
> echo 1 > /proc/sys/net/ipv4/conf/rtr-eth1/forwarding
> echo 1 > /proc/sys/net/ipv4/conf/rtr-eth2/forwarding
> exit
>
> ip link set up lo
> ip link set up eth0 ; ip addr add 2.2.2.1/24 dev eth0
> # Uncommenting line below makes following ping return Host Unreachable
> #ping -c 1 2.2.2.2
> ip netns exec host1 ping -c 3 2.2.2.2
>
> ip netns del host1
> ip netns del host2
> ip netns del router
> exit
> ip netns del dummy
>
> ######################################################
> # Proxy ARP
>
> ip netns add router
> ip netns exec router bash
>
> ip netns add host1
> ip link add rtr-h1 type veth peer name host1-e0 netns host1
> ip link set up rtr-h1
> ip netns exec host1 bash
> ip link set up lo
> ip link set up host1-e0
> ip addr add 10.10.1.2/16 dev host1-e0
> exit
> echo 1 > /proc/sys/net/ipv4/conf/rtr-h1/forwarding
> echo 1 > /proc/sys/net/ipv4/conf/rtr-h1/proxy_arp
> ip addr add 10.10.1.1/24 dev rtr-h1
>
> ip netns add host2
> ip link add rtr-h2 type veth peer name host2-e0 netns host2
> ip link set up rtr-h2
> ip netns exec host2 bash
> ip link set up lo
> ip link set up host2-e0
> ip addr add 10.10.2.2/16 dev host2-e0
> exit
> echo 1 > /proc/sys/net/ipv4/conf/rtr-h2/proxy_arp
> echo 1 > /proc/sys/net/ipv4/conf/rtr-h2/forwarding
> ip addr add 10.10.2.1/24 dev rtr-h2
>
> ip netns add host3
> ip link add rtr-h3 type veth peer name host3-e0 netns host3
> ip link set up rtr-h3
> ip netns exec host3 bash
> ip link set up lo
> ip link set up host3-e0
> ip addr add 10.10.1.2/16 dev host3-e0
> exit
> echo 8 > /proc/sys/net/ipv4/conf/rtr-h3/arp_ignore
> echo 0 > /proc/sys/net/ipv4/conf/rtr-h3/forwarding
> ip addr add 1.2.3.4/24 dev rtr-h3
>
> # Uncommenting line below makes following ping fail
> #ip netns exec host3 ping -c 1 10.10.2.2
> ip netns exec host1 ping -c 3 10.10.2.2
>
> ip netns del host1
> ip netns del host2
> ip netns del host3
> exit
> ip netns del router
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Regression from "ipv4: Cache ip_error() routes even when not forwarding."
2015-01-17 0:07 Regression from "ipv4: Cache ip_error() routes even when not forwarding." Francesco Ruggeri
2015-01-17 0:59 ` David Miller
@ 2015-01-17 8:25 ` Julian Anastasov
2015-01-17 16:30 ` Francesco Ruggeri
1 sibling, 1 reply; 5+ messages in thread
From: Julian Anastasov @ 2015-01-17 8:25 UTC (permalink / raw
To: Francesco Ruggeri; +Cc: fruggeri, davem, netdev
Hello,
On Fri, 16 Jan 2015, Francesco Ruggeri wrote:
> Commit 251da413("ipv4: Cache ip_error() routes even when not forwarding."),
> later slightly modified by cd0f0b95("ipv4: distinguish EHOSTUNREACH from
> the ENETUNREACH"), introduced a regression where an ip_error route is cached
> when an ARP request is received on a non-forwarding non matching interface,
> and it affects later legitimate packets for the same destination even if
> coming over different interfaces.
> Attached are two scripts that show the problem. The first one does basic
> forwarding, and the second one does proxy arp.
> In both cases a dummy interface is created for the sole purpose of receiving
> an ARP request that results in the ip_error route to be cached. The offending
> ARP request is generated by using a 'ping -c 1' (commented out in the scripts).
> Verified in 3.16 build.
3.16? Just in case, can you check if this
fix from 3.18 helps:
commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58
Author: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Date: Thu Oct 30 10:09:53 2014 +0100
ipv4: Do not cache routing failures due to disabled forwarding.
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Regression from "ipv4: Cache ip_error() routes even when not forwarding."
2015-01-17 8:25 ` Julian Anastasov
@ 2015-01-17 16:30 ` Francesco Ruggeri
2015-01-19 6:08 ` Francesco Ruggeri
0 siblings, 1 reply; 5+ messages in thread
From: Francesco Ruggeri @ 2015-01-17 16:30 UTC (permalink / raw
To: Julian Anastasov; +Cc: Francesco Ruggeri, David Miller, netdev
On Sat, Jan 17, 2015 at 12:25 AM, Julian Anastasov <ja@ssi.bg> wrote:
>
> Hello,
>
> On Fri, 16 Jan 2015, Francesco Ruggeri wrote:
>
>> Commit 251da413("ipv4: Cache ip_error() routes even when not forwarding."),
>> later slightly modified by cd0f0b95("ipv4: distinguish EHOSTUNREACH from
>> the ENETUNREACH"), introduced a regression where an ip_error route is cached
>> when an ARP request is received on a non-forwarding non matching interface,
>> and it affects later legitimate packets for the same destination even if
>> coming over different interfaces.
>> Attached are two scripts that show the problem. The first one does basic
>> forwarding, and the second one does proxy arp.
>> In both cases a dummy interface is created for the sole purpose of receiving
>> an ARP request that results in the ip_error route to be cached. The offending
>> ARP request is generated by using a 'ping -c 1' (commented out in the scripts).
>> Verified in 3.16 build.
>
> 3.16? Just in case, can you check if this
> fix from 3.18 helps:
Thanks, I will.
Francesco
>
> commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58
> Author: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
> Date: Thu Oct 30 10:09:53 2014 +0100
>
> ipv4: Do not cache routing failures due to disabled forwarding.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Regression from "ipv4: Cache ip_error() routes even when not forwarding."
2015-01-17 16:30 ` Francesco Ruggeri
@ 2015-01-19 6:08 ` Francesco Ruggeri
0 siblings, 0 replies; 5+ messages in thread
From: Francesco Ruggeri @ 2015-01-19 6:08 UTC (permalink / raw
To: Julian Anastasov; +Cc: Francesco Ruggeri, David Miller, netdev, duanj.fnst
On Sat, Jan 17, 2015 at 8:30 AM, Francesco Ruggeri <fruggeri@arista.com> wrote:
> On Sat, Jan 17, 2015 at 12:25 AM, Julian Anastasov <ja@ssi.bg> wrote:
>>
>> Hello,
>>
>> On Fri, 16 Jan 2015, Francesco Ruggeri wrote:
>>
>>> Commit 251da413("ipv4: Cache ip_error() routes even when not forwarding."),
>>> later slightly modified by cd0f0b95("ipv4: distinguish EHOSTUNREACH from
>>> the ENETUNREACH"), introduced a regression where an ip_error route is cached
>>> when an ARP request is received on a non-forwarding non matching interface,
>>> and it affects later legitimate packets for the same destination even if
>>> coming over different interfaces.
>>> Attached are two scripts that show the problem. The first one does basic
>>> forwarding, and the second one does proxy arp.
>>> In both cases a dummy interface is created for the sole purpose of receiving
>>> an ARP request that results in the ip_error route to be cached. The offending
>>> ARP request is generated by using a 'ping -c 1' (commented out in the scripts).
>>> Verified in 3.16 build.
>>
>> 3.16? Just in case, can you check if this
>> fix from 3.18 helps:
>
> Thanks, I will.
>
Thanks Julian, the commit you pointed me to did fix my problem.
Francesco
> Francesco
>
>>
>> commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58
>> Author: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
>> Date: Thu Oct 30 10:09:53 2014 +0100
>>
>> ipv4: Do not cache routing failures due to disabled forwarding.
>>
>> Regards
>>
>> --
>> Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-01-19 6:08 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-17 0:07 Regression from "ipv4: Cache ip_error() routes even when not forwarding." Francesco Ruggeri
2015-01-17 0:59 ` David Miller
2015-01-17 8:25 ` Julian Anastasov
2015-01-17 16:30 ` Francesco Ruggeri
2015-01-19 6:08 ` Francesco Ruggeri
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.