Re: [babel] Investigating ICMP behaviour of the Linux kernel in IPv6-only mode

Toke Høiland-Jørgensen <toke@toke.dk> Tue, 15 June 2021 12:59 UTC

Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFF03A2F72 for <babel@ietfa.amsl.com>; Tue, 15 Jun 2021 05:59:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wqAnI_PkJ6Gq for <babel@ietfa.amsl.com>; Tue, 15 Jun 2021 05:59:24 -0700 (PDT)
Received: from mail.toke.dk (mail.toke.dk [IPv6:2a0c:4d80:42:2001::664]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D95A3A2F6D for <babel@ietf.org>; Tue, 15 Jun 2021 05:59:24 -0700 (PDT)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1623761958; bh=ugnKrI2SkkuHa/rebJhVFvRllQlE+cppVcY8m+DBsx4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=mzR6GFXHeH4MDw+vymvvMC2gpOw44Pj0wcKBiFTCYSAqB9qjr4u4iuugr3HPdaybp qffW476qsrQhbU1duB8zdMtQGrRfx2elLN37Wn9jojAqiPsIlUVBvqQVV9tcQ+WkhI xTjUDSAquzJYQOEid4WBfM6CqC0O8VcB5QwpZZ3J1inNLIENITClBTtqJ+HYyitQO9 2dqRqvX0HwmijNIyoBg+wGKGd7a3wQGJpTBxut29wY+kZbwlsKfyDlALTqzTuC6k4z heXDzoWQPvGkkXtVU92KbBPtYWb59bfH/IoLRcGjXjAURQxHlURTghGxHsPMIA0sNz BxIevGQyqh4yQ==
To: Juliusz Chroboczek <jch@irif.fr>
Cc: babel@ietf.org
In-Reply-To: <87mtrrwc81.wl-jch@irif.fr>
References: <87a6nrs6gv.fsf@toke.dk> <87mtrrwc81.wl-jch@irif.fr>
Date: Tue, 15 Jun 2021 14:59:18 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <874kdzs2qh.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/YMjdEGm30V-ghdNt0PfOi7hItqo>
Subject: Re: [babel] Investigating ICMP behaviour of the Linux kernel in IPv6-only mode
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 12:59:30 -0000

Juliusz Chroboczek <jch@irif.fr> writes:

>> I've submitted a patch[0] to make the kernel fall back to the dummy
>> address specified in RFC7600.
>
>> [0] https://lore.kernel.org/netdev/20210615110709.541499-1-toke@redhat.com/
>
> Thanks a lot, Toke.  After spending a few hours going through the maze
> that is the Linux ICMP code, I decided I needed help from somebody
> competent.

You're welcome! And yeah, that code does offer all the best in
kernel-style indirection :)

>> What I found was that the kernel is perfectly happy to send out ICMP
>> messages with an all-zero source address if no real address is
>> configured on any interface.
>
> The question is -- what is the behaviour of PMTUd implementations when
> they receive such an ICMP packet?  Do they reduce the PMTU, or do they
> drop the ICMP as obviously incorrect?

As far as I can tell by poking around in the code, the kernel will
generally drop packets with an all-zero source; see for instance this
check:

https://elixir.bootlin.com/linux/latest/source/net/ipv4/route.c#L2139

I'll leave actually testing this as an exercise for the reader ;)

> I'm going to merge the v4via6 code (I've reviewed it, and I think it
> needs a few fixes), and going to enable it automatically if there's at
> least one IPv4 address somewhere, including the loopback interface.
> Thanks a lot for the information above, that's very helpful.

Cool! You're welcome :)

-Toke