Re: [PATCH net-next] ipv6: Reject routes configurations that specify dsfield (tos)

Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> · Thu, 10 Feb 2022 15:15:34 -0700

On 2/10/22 3:05 PM, Guillaume Nault wrote:
On Thu, Feb 10, 2022 at 11:23:20AM -0700, Shuah Khan wrote:
On 2/10/22 8:08 AM, Guillaume Nault wrote:
The ->rtm_tos option is normally used to route packets based on both
the destination address and the DS field. However it's ignored for
IPv6 routes. Setting ->rtm_tos for IPv6 is thus invalid as the route
is going to work only on the destination address anyway, so it won't
behave as specified.

Suggested-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
Signed-off-by: Guillaume Nault <gnault@xxxxxxxxxx>
---
The same problem exists for ->rtm_scope. I'm working only on ->rtm_tos
here because IPv4 recently started to validate this option too (as part
of the DSCP/ECN clarification effort).
I'll give this patch some soak time, then send another one for
rejecting ->rtm_scope in IPv6 routes if nobody complains.

   net/ipv6/route.c                         |  6 ++++++
   tools/testing/selftests/net/fib_tests.sh | 13 +++++++++++++
   2 files changed, 19 insertions(+)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index f4884cda13b9..dd98a11fbdb6 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5009,6 +5009,12 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
   	err = -EINVAL;
   	rtm = nlmsg_data(nlh);
+	if (rtm->rtm_tos) {
+		NL_SET_ERR_MSG(extack,
+			       "Invalid dsfield (tos): option not available for IPv6");

Is this an expected failure on ipv6, in which case should this test report
pass? Should it print "failed as expected" or is returning fail from errout
is what should happen?

This is an expected failure. When ->rtm_tos is set, iproute2 fails with
error code 2 and prints
"Error: Invalid dsfield (tos): option not available for IPv6.".

The selftest redirects stderr to /dev/null by default (unless -v is
passed on the command line) and expects the command to fail and
return 2. So the default output is just:

IPv6 route with dsfield tests
     TEST: Reject route with dsfield                                     [ OK ]

Of course, on a kernel that accepts non-null ->rtm_tos, "[ OK ]"
becomes "[FAIL]", and the the failed tests couter is incremented.


Sounds good to me.


With the above comment addressed or explained.

Reviewed-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>


thanks,
-- Shuah









