Hello,
On Sun, 15 Mar 2020, Haishuang Yan wrote:
> After strip GRE/UDP tunnel header for icmp errors, it's better to show
> "ICMP for GRE/UDP" instead of "ICMP for IPIP" in debug message.
>
> Signed-off-by: Haishuang Yan <yanhaishuang@xxxxxxxxxxxxxxxxxxxx>
> ---
> net/netfilter/ipvs/ip_vs_core.c | 41
> +++++++++++++++++++++++------------------
> 1 file changed, 23 insertions(+), 18 deletions(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
> index 512259f..f39ae6b 100644
> --- a/net/netfilter/ipvs/ip_vs_core.c
> +++ b/net/netfilter/ipvs/ip_vs_core.c
> @@ -1703,8 +1707,8 @@ static int ipvs_gre_decap(struct netns_ipvs *ipvs,
> struct sk_buff *skb,
> return NF_ACCEPT; /* The packet looks wrong, ignore */
> raddr = (union nf_inet_addr *)&cih->daddr;
>
> - /* Special case for errors for IPIP packets */
> - ipip = false;
> + /* Special case for errors for IPIP/UDP/GRE tunnel packets */
> + tunnel = false;
At this point it is safe to store cih->protocol in some new
var, eg. outer_proto...
> @@ -1809,17 +1813,18 @@ static int ipvs_gre_decap(struct netns_ipvs *ipvs,
> struct sk_buff *skb,
> u32 mtu = ntohs(ic->un.frag.mtu);
> __be16 frag_off = cih->frag_off;
>
> - /* Strip outer IP and ICMP, go to IPIP header */
> + /* Strip outer IP and ICMP, go to IPIP/UDP/GRE header */
> if (pskb_pull(skb, ihl + sizeof(_icmph)) == NULL)
> - goto ignore_ipip;
> + goto ignore_tunnel;
> offset2 -= ihl + sizeof(_icmph);
> skb_reset_network_header(skb);
> - IP_VS_DBG(12, "ICMP for IPIP %pI4->%pI4: mtu=%u\n",
> - &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr, mtu);
> + IP_VS_DBG(12, "ICMP for %s %pI4->%pI4: mtu=%u\n",
> + ip_vs_proto_name(cih->protocol),
Because here cih points to the embedded UDP/TCP/SCTP IP header, so
we can not see GRE here. Or it is even better if we do not add more code
to ip_vs_proto_name(), just use char *outer_proto and assign it with
"IPIP" (where ipip was set) and "UDP"/"GRE" (where ulen was set) and print
outer_proto here.
> + &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
> mtu);
Regards
--
Julian Anastasov <ja@xxxxxx>
|