| From a4a66c44eddb4cfbbf5341588646d90dee96dc84 Mon Sep 17 00:00:00 2001 |
| From: Tim Stallard <code@timstallard.me.uk> |
| Date: Fri, 3 Apr 2020 21:26:21 +0100 |
| Subject: [PATCH] net: ipv6: do not consider routes via gateways for anycast |
| address check |
| |
| commit 03e2a984b6165621f287fadf5f4b5cd8b58dcaba upstream. |
| |
| The behaviour for what is considered an anycast address changed in |
| commit 45e4fd26683c ("ipv6: Only create RTF_CACHE routes after |
| encountering pmtu exception"). This now considers the first |
| address in a subnet where there is a route via a gateway |
| to be an anycast address. |
| |
| This breaks path MTU discovery and traceroutes when a host in a |
| remote network uses the address at the start of a prefix |
| (eg 2600:: advertised as 2600::/48 in the DFZ) as ICMP errors |
| will not be sent to anycast addresses. |
| |
| This patch excludes any routes with a gateway, or via point to |
| point links, like the behaviour previously from |
| rt6_is_gw_or_nonexthop in net/ipv6/route.c. |
| |
| This can be tested with: |
| ip link add v1 type veth peer name v2 |
| ip netns add test |
| ip netns exec test ip link set lo up |
| ip link set v2 netns test |
| ip link set v1 up |
| ip netns exec test ip link set v2 up |
| ip addr add 2001:db8::1/64 dev v1 nodad |
| ip addr add 2001:db8:100:: dev lo nodad |
| ip netns exec test ip addr add 2001:db8::2/64 dev v2 nodad |
| ip netns exec test ip route add unreachable 2001:db8:1::1 |
| ip netns exec test ip route add 2001:db8:100::/64 via 2001:db8::1 |
| ip netns exec test sysctl net.ipv6.conf.all.forwarding=1 |
| ip route add 2001:db8:1::1 via 2001:db8::2 |
| ping -I 2001:db8::1 2001:db8:1::1 -c1 |
| ping -I 2001:db8:100:: 2001:db8:1::1 -c1 |
| ip addr delete 2001:db8:100:: dev lo |
| ip netns delete test |
| |
| Currently the first ping will get back a destination unreachable ICMP |
| error, but the second will never get a response, with "icmp6_send: |
| acast source" logged. After this patch, both get destination |
| unreachable ICMP replies. |
| |
| Fixes: 45e4fd26683c ("ipv6: Only create RTF_CACHE routes after encountering pmtu exception") |
| Signed-off-by: Tim Stallard <code@timstallard.me.uk> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h |
| index ee7405e759ba..77c5a171703d 100644 |
| --- a/include/net/ip6_route.h |
| +++ b/include/net/ip6_route.h |
| @@ -235,6 +235,7 @@ static inline bool ipv6_anycast_destination(const struct dst_entry *dst, |
| |
| return rt->rt6i_flags & RTF_ANYCAST || |
| (rt->rt6i_dst.plen < 127 && |
| + !(rt->rt6i_flags & (RTF_GATEWAY | RTF_NONEXTHOP)) && |
| ipv6_addr_equal(&rt->rt6i_dst.addr, daddr)); |
| } |
| |
| -- |
| 2.7.4 |
| |