Message ID | 493E1A7B.9070208@cn.fujitsu.com |
---|---|
State | Superseded, archived |
Delegated to: | David Miller |
Headers | show |
On Tuesday 09 December 2008 09:12:59 ext Yang Hongyang, you wrote: > 1.When no interface is specified in an IPV6_PKTINFO ancillary data > item, the interface specified in an IPV6_PKTINFO sticky optionis > is used. > diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c > index 8b48512..addd856 100644 > --- a/net/ipv6/udp.c > +++ b/net/ipv6/udp.c > @@ -761,6 +761,9 @@ do_udp_sendmsg: > } > > if (!fl.oif) > + fl.oif = np->sticky_pktinfo.ipi6_ifindex; > + > + if (!fl.oif) > fl.oif = sk->sk_bound_dev_if; > > if (msg->msg_controllen) { I believe overriding the outgoing interface is only allowed for link-local destinations, _or_ with privileges (as with SO_BINDTODEVICE). This patch seems to change this, and I am not convinced it's a good idea.
Rémi Denis-Courmont wrote: > On Tuesday 09 December 2008 09:12:59 ext Yang Hongyang, you wrote: >> 1.When no interface is specified in an IPV6_PKTINFO ancillary data >> item, the interface specified in an IPV6_PKTINFO sticky optionis >> is used. > >> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c >> index 8b48512..addd856 100644 >> --- a/net/ipv6/udp.c >> +++ b/net/ipv6/udp.c >> @@ -761,6 +761,9 @@ do_udp_sendmsg: >> } >> >> if (!fl.oif) >> + fl.oif = np->sticky_pktinfo.ipi6_ifindex; >> + >> + if (!fl.oif) >> fl.oif = sk->sk_bound_dev_if; >> >> if (msg->msg_controllen) { > > I believe overriding the outgoing interface is only allowed for link-local > destinations, _or_ with privileges (as with SO_BINDTODEVICE). > > This patch seems to change this, and I am not convinced it's a good idea. > It does not overriding the outgoing interface. when no interface is specified in an IPV6_PKTINFO ancillary data item(as with SO_BINDTODEVICE), the interface specified in an IPV6_PKTINFO sticky optionins is used. If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo the outgoing interface is exactly what SO_BINDTODEVICE set,because in my first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE is checked: + if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) + goto e_inval; -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Yang Hongyang <yanghy@cn.fujitsu.com> Date: Wed, 10 Dec 2008 08:42:20 +0800 > If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo > the outgoing interface is exactly what SO_BINDTODEVICE set,because in my > first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE > is checked: > > + if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) > + goto e_inval; > You may be checking this, but these two values can become out of sync if the application next makes a SO_BINDTODEVICE setsockopt() call to change the index setting. Nothing makes sure the sticky ipv6 socket information is updated if that happens. And the most obvious ways to handle that are very ugly, doing some kind of call into ipv6 from the generic socket SO_BINDTODEVICE setsockopt() handler. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller wrote: > From: Yang Hongyang <yanghy@cn.fujitsu.com> > Date: Wed, 10 Dec 2008 08:42:20 +0800 > >> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo >> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my >> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE >> is checked: >> >> + if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) >> + goto e_inval; >> > > You may be checking this, but these two values can become out of sync > if the application next makes a SO_BINDTODEVICE setsockopt() call to > change the index setting. > > Nothing makes sure the sticky ipv6 socket information is updated > if that happens. And the most obvious ways to handle that are > very ugly, doing some kind of call into ipv6 from the generic > socket SO_BINDTODEVICE setsockopt() handler. > > Hum..can we just ignore the sync of the sticky option and the SO_BINDTODEVICE, when send a message,first check sk_bound_dev_if,If it is specified,use it,otherwise use sticky option?This was what i ment. and in my patch ,the outgoing interface specified by sticky options will be overrided by the interface specified by SO_BINDTODEVICE. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Yang Hongyang wrote: > David Miller wrote: >> From: Yang Hongyang <yanghy@cn.fujitsu.com> >> Date: Wed, 10 Dec 2008 08:42:20 +0800 >> >>> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo >>> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my >>> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE >>> is checked: >>> >>> + if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) >>> + goto e_inval; >>> >> You may be checking this, but these two values can become out of sync >> if the application next makes a SO_BINDTODEVICE setsockopt() call to >> change the index setting. >> >> Nothing makes sure the sticky ipv6 socket information is updated >> if that happens. And the most obvious ways to handle that are >> very ugly, doing some kind of call into ipv6 from the generic >> socket SO_BINDTODEVICE setsockopt() handler. >> >> > > Hum..can we just ignore the sync of the sticky option and the SO_BINDTODEVICE, > when send a message,first check sk_bound_dev_if,If it is specified,use it,otherwise > use sticky option?This was what i ment. and in my patch ,the outgoing interface > specified by sticky options will be overrided by the interface specified by > SO_BINDTODEVICE. If this is the solution, i'll post a updated patch. > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Yang Hongyang <yanghy@cn.fujitsu.com> Date: Wed, 10 Dec 2008 14:38:25 +0800 > Yang Hongyang wrote: > > David Miller wrote: > >> From: Yang Hongyang <yanghy@cn.fujitsu.com> > >> Date: Wed, 10 Dec 2008 08:42:20 +0800 > >> > >>> If outgoing interface is set with SO_BINDTODEVICE and also sticky pktinfo > >>> the outgoing interface is exactly what SO_BINDTODEVICE set,because in my > >>> first patch,when set sticy pktinfo,outgoing interface set by SO_BINDTODEVICE > >>> is checked: > >>> > >>> + if(sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) > >>> + goto e_inval; > >>> > >> You may be checking this, but these two values can become out of sync > >> if the application next makes a SO_BINDTODEVICE setsockopt() call to > >> change the index setting. > >> > >> Nothing makes sure the sticky ipv6 socket information is updated > >> if that happens. And the most obvious ways to handle that are > >> very ugly, doing some kind of call into ipv6 from the generic > >> socket SO_BINDTODEVICE setsockopt() handler. > >> > >> > > > > Hum..can we just ignore the sync of the sticky option and the SO_BINDTODEVICE, > > when send a message,first check sk_bound_dev_if,If it is specified,use it,otherwise > > use sticky option?This was what i ment. and in my patch ,the outgoing interface > > specified by sticky options will be overrided by the interface specified by > > SO_BINDTODEVICE. > > If this is the solution, i'll post a updated patch. Please do, this sounds like the correct approach. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 8b48512..addd856 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -761,6 +761,9 @@ do_udp_sendmsg: } if (!fl.oif) + fl.oif = np->sticky_pktinfo.ipi6_ifindex; + + if (!fl.oif) fl.oif = sk->sk_bound_dev_if; if (msg->msg_controllen) {
1.When no interface is specified in an IPV6_PKTINFO ancillary data item, the interface specified in an IPV6_PKTINFO sticky optionis is used. RFC3542: 6.7. Summary of Outgoing Interface Selection This document and [RFC-3493] specify various methods that affect the selection of the packet's outgoing interface. This subsection summarizes the ordering among those in order to ensure deterministic behavior. For a given outgoing packet on a given socket, the outgoing interface is determined in the following order: 1. if an interface is specified in an IPV6_PKTINFO ancillary data item, the interface is used. 2. otherwise, if an interface is specified in an IPV6_PKTINFO sticky option, the interface is used. Signed-off-by: Yang Hongyang<yanghy@cn.fujitsu.com> --- net/ipv6/udp.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)