From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 4E7343CB35 for ; Mon, 28 Dec 2020 22:18:22 -0500 (EST) Received: by mail-io1-xd2b.google.com with SMTP id r9so11052236ioo.7 for ; Mon, 28 Dec 2020 19:18:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=qCcBdbCPuT6qzcbfmHYUwXEfHIGb1EGNRkx9DYLC7GU=; b=gh69ro3y6zqsg784QSLnWvcAomk65IHCTeRuMlfvfLbiIVAfwGhLB8voTMHGFyDHLh n6bCkwIpNJk2n8C+utH+hC0fxjESPy6EKwCKaPYztzRoG5uj3L5CYboFLSLn1yHWvLnX pDrrZU3lubcol6YIoDySFOqeM+vRMDRJFSdL4/rZ8xXtAzLF6xVzoAfhv+DOlMwnPNyp IHCO7Wm45ONuYDrp8gjZiids8z+nFz480Yc/tISrvABsYa3nDxd1vSUOPms+9i9O9aSO qrLBgWG9RUDTpbo+NZhiEBBUUP9rvW0OmnNYJo+qNIQjIbtdJW6exBhhay3NiTv9sEw9 ZD9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=qCcBdbCPuT6qzcbfmHYUwXEfHIGb1EGNRkx9DYLC7GU=; b=rItsX0mq6vT+xsyF+bmQmbYkCLHczjKhMrOi9nD4gaOqL6PDXyzQR1g7dtxbcxyU7m y9LvwURB2xDnTseAuxXy36zjbxHMJipdik/5TAgdTh0XQfs0llF9rc3rCreskvgwicCW /eb9YjZFZ1hd7wPvJ2nBHcjwgmo6kBiTg8ho/S6g5KG5zPpoDGumdeHaY+1nhZzDx50E ngztpdsltBnAMuKIlUdbXeDbJd773kICwybp27jiqCUKiO2MGgUbBNAXqOkvvCADRJK7 bLnbg99IdXF1i+0GFPWdPSy2YKNdx33mZ6KGpI+e2EPwhk7GwAXDX/eO6aAJYDdlgttW OOZQ== X-Gm-Message-State: AOAM530oAHX74AALVCpMi16Z5H4kspItNjjHpvqT0vBXEdiO0AbLpH0E 72EGjH7ERpt2ohL/lB2toESenWBoXb1d3fpCiKqFWo1gAz4= X-Google-Smtp-Source: ABdhPJwOtd8f14Ce+7HO02Ua7sVy7bA89bG3Jryiw2+dxdRu3OeH2N0dVQhnUnuvNkFMaUsNV7Y9SP9CSLn/NlkBo2c= X-Received: by 2002:a02:63cd:: with SMTP id j196mr40755742jac.61.1609211901399; Mon, 28 Dec 2020 19:18:21 -0800 (PST) MIME-Version: 1.0 References: <49ff39b1f55c914847cd58678bae6282112db701.1608836260.git.gnault@redhat.com> In-Reply-To: <49ff39b1f55c914847cd58678bae6282112db701.1608836260.git.gnault@redhat.com> From: Dave Taht Date: Mon, 28 Dec 2020 19:18:10 -0800 Message-ID: To: ECN-Sane Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [Ecn-sane] Fwd: [PATCH net] ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() X-BeenThere: ecn-sane@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion of explicit congestion notification's impact on the Internet List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2020 03:18:22 -0000 ---------- Forwarded message --------- From: Guillaume Nault Date: Thu, Dec 24, 2020 at 11:05 AM Subject: [PATCH net] ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() To: David Miller , Jakub Kicinski Cc: RT_TOS() only clears one of the ECN bits. Therefore, when fib_compute_spec_dst() resorts to a fib lookup, it can return different results depending on the value of the second ECN bit. For example, ECT(0) and ECT(1) packets could be treated differently. $ ip netns add ns0 $ ip netns add ns1 $ ip link add name veth01 netns ns0 type veth peer name veth10 netns ns1 $ ip -netns ns0 link set dev lo up $ ip -netns ns1 link set dev lo up $ ip -netns ns0 link set dev veth01 up $ ip -netns ns1 link set dev veth10 up $ ip -netns ns0 address add 192.0.2.10/24 dev veth01 $ ip -netns ns1 address add 192.0.2.11/24 dev veth10 $ ip -netns ns1 address add 192.0.2.21/32 dev lo $ ip -netns ns1 route add 192.0.2.10/32 tos 4 dev veth10 src 192.0.2.21 $ ip netns exec ns1 sysctl -wq net.ipv4.icmp_echo_ignore_broadcasts=3D0 With TOS 4 and ECT(1), ns1 replies using source address 192.0.2.21 (ping uses -Q to set all TOS and ECN bits): $ ip netns exec ns0 ping -c 1 -b -Q 5 192.0.2.255 [...] 64 bytes from 192.0.2.21: icmp_seq=3D1 ttl=3D64 time=3D0.544 ms But with TOS 4 and ECT(0), ns1 replies using source address 192.0.2.11 because the "tos 4" route isn't matched: $ ip netns exec ns0 ping -c 1 -b -Q 6 192.0.2.255 [...] 64 bytes from 192.0.2.11: icmp_seq=3D1 ttl=3D64 time=3D0.597 ms After this patch the ECN bits don't affect the result anymore: $ ip netns exec ns0 ping -c 1 -b -Q 6 192.0.2.255 [...] 64 bytes from 192.0.2.21: icmp_seq=3D1 ttl=3D64 time=3D0.591 ms Fixes: 35ebf65e851c ("ipv4: Create and use fib_compute_spec_dst() helper.") Signed-off-by: Guillaume Nault --- net/ipv4/fib_frontend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index cdf6ec5aa45d..84bb707bd88d 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -292,7 +292,7 @@ __be32 fib_compute_spec_dst(struct sk_buff *skb) .flowi4_iif =3D LOOPBACK_IFINDEX, .flowi4_oif =3D l3mdev_master_ifindex_rcu(dev), .daddr =3D ip_hdr(skb)->saddr, - .flowi4_tos =3D RT_TOS(ip_hdr(skb)->tos), + .flowi4_tos =3D ip_hdr(skb)->tos & IPTOS_RT_MASK, .flowi4_scope =3D scope, .flowi4_mark =3D vmark ? skb->mark : 0, }; -- 2.21.3 --=20 "For a successful technology, reality must take precedence over public relations, for Mother Nature cannot be fooled" - Richard Feynman dave@taht.net CTO, TekLibre, LLC Tel: 1-831-435-0729