linux/net/ipv6
Dmitry Butskoy f13ec93fba [IPV6]: MSG_ERRQUEUE messages do not pass to connected raw sockets
From: Dmitry Butskoy <dmitry@butskoy.name>

Taken from http://bugzilla.kernel.org/show_bug.cgi?id=8747

Problem Description:

It is related to the possibility to obtain MSG_ERRQUEUE messages from the udp
and raw sockets, both connected and unconnected.

There is a little typo in net/ipv6/icmp.c code, which prevents such messages
to be delivered to the errqueue of the correspond raw socket, when the socket
is CONNECTED.  The typo is due to swap of local/remote addresses.

Consider __raw_v6_lookup() function from net/ipv6/raw.c. When a raw socket is
looked up usual way, it is something like:

sk = __raw_v6_lookup(sk, nexthdr, daddr, saddr, IP6CB(skb)->iif);

where "daddr" is a destination address of the incoming packet (IOW our local
address), "saddr" is a source address of the incoming packet (the remote end).

But when the raw socket is looked up for some icmp error report, in
net/ipv6/icmp.c:icmpv6_notify() , daddr/saddr are obtained from the echoed
fragment of the "bad" packet, i.e.  "daddr" is the original destination
address of that packet, "saddr" is our local address.  Hence, for
icmpv6_notify() must use "saddr, daddr" in its arguments, not "daddr, saddr"
...

Steps to reproduce:

Create some raw socket, connect it to an address, and cause some error
situation: f.e. set ttl=1 where the remote address is more than 1 hop to reach.
Set IPV6_RECVERR .
Then send something and wait for the error (f.e. poll() with POLLERR|POLLIN).
You should receive "time exceeded" icmp message (because of "ttl=1"), but the
socket do not receive it.

If you do not connect your raw socket, you will receive MSG_ERRQUEUE
successfully.  (The reason is that for unconnected socket there are no actual
checks for local/remote addresses).

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-14 23:53:08 -07:00
..
netfilter [NETFILTER]: nf_conntrack: mark protocols __read_mostly 2007-07-14 20:48:19 -07:00
addrconf_core.c
addrconf.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
af_inet6.c [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
ah6.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
anycast.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
datagram.c [IPV6]: Do not send RH0 anymore. 2007-07-10 22:55:49 -07:00
esp6.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
exthdrs_core.c
exthdrs.c [IPV6]: Do not send RH0 anymore. 2007-07-10 22:55:49 -07:00
fib6_rules.c [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
icmp.c [IPV6]: MSG_ERRQUEUE messages do not pass to connected raw sockets 2007-07-14 23:53:08 -07:00
inet6_connection_sock.c
inet6_hashtables.c [IPV6] HASHTABLES: Use appropriate seed for caluculating ehash index. 2007-02-12 20:26:39 -08:00
ip6_fib.c [IPV6]: Fix build warning. 2007-05-31 01:23:31 -07:00
ip6_flowlabel.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
ip6_input.c [IPV6]: Reverse sense of promisc tests in ip6_mc_input 2007-05-14 03:00:27 -07:00
ip6_output.c [NETFILTER]: x_tables: add TRACE target 2007-07-10 22:17:14 -07:00
ip6_tunnel.c [NET]: Avoid copying writable clones in tunnel drivers 2007-07-10 22:19:05 -07:00
ipcomp6.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
ipv6_sockglue.c [IPV6]: Make IPV6_{RECV,2292}RTHDR boolean options. 2007-07-10 22:56:31 -07:00
Kconfig [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
Makefile [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
mcast.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
mip6.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
ndisc.c [IPV6] NDISC: Fix thinko to control Router Preference support. 2007-06-22 16:07:04 -07:00
netfilter.c [SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h 2007-04-25 22:25:14 -07:00
proc.c [IPV6]: Track device renames in snmp6. 2007-04-28 21:16:39 -07:00
protocol.c [IPV6]: Decentralize EXPORT_SYMBOLs. 2007-04-25 22:23:36 -07:00
raw.c [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
reassembly.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
route.c [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
sit.c [NET]: Avoid copying writable clones in tunnel drivers 2007-07-10 22:19:05 -07:00
sysctl_net_ipv6.c
tcp_ipv6.c [IPV6]: Do not send RH0 anymore. 2007-07-10 22:55:49 -07:00
tunnel6.c
udp_impl.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udp.c [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udplite.c [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
xfrm6_input.c [IPSEC]: Fix panic when using inter address familiy IPsec on loopback. 2007-05-31 01:23:28 -07:00
xfrm6_mode_beet.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm6_mode_ro.c [SK_BUFF]: Some more layer header conversions 2007-04-25 22:26:03 -07:00
xfrm6_mode_transport.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm6_mode_tunnel.c [IPSEC]: Fix panic when using inter address familiy IPsec on loopback. 2007-05-31 01:23:28 -07:00
xfrm6_output.c [SK_BUFF]: Introduce skb_reset_network_header(skb) 2007-04-25 22:24:46 -07:00
xfrm6_policy.c [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
xfrm6_state.c [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
xfrm6_tunnel.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00