Re: [PATCH] ipv4: add description about martian source
From: Randy Dunlap
Date: Sun Feb 13 2022 - 22:06:12 EST
Hi--
On 2/13/22 19:01, cgel.zte@xxxxxxxxx wrote:
> From: Zhang Yunkai <zhang.yunkai@xxxxxxxxxx>
>
> When multiple containers are running in the environment and multiple
> macvlan network port are configured in each container, a lot of martian
> source prints will appear after martian_log is enabled.
Does it need to use one of the printk_ratelimited() calls?
or are they all unique?
> Such as:
> IPv4: martian source 173.254.95.16 from 173.254.100.109,
> on dev eth0
> ll header: 00000000: ff ff ff ff ff ff 40 00 ad fe 64 6d
> 08 06 ......@...dm..
> IPv4: martian source 173.254.95.16 from 173.254.100.109,
> on dev eth1
> ll header: 00000000: ff ff ff ff ff ff 40 00 ad fe 64 6d
> 08 06 ......@...dm..
>
> There is no description of this kind of source in the RFC1812.
>
> Signed-off-by: Zhang Yunkai <zhang.yunkai@xxxxxxxxxx>
> ---
> net/ipv4/fib_frontend.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
> index 4d61ddd8a0ec..3564308e849a 100644
> --- a/net/ipv4/fib_frontend.c
> +++ b/net/ipv4/fib_frontend.c
> @@ -436,6 +436,9 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
> if (net->ipv4.fib_has_custom_local_routes ||
> fib4_has_custom_rules(net))
> goto full_check;
> + /* Within the same container,it is regarded as a martian source,
Please add a space after the comma: , it is
> + * and the same host but different containers are not.
> + */
> if (inet_lookup_ifaddr_rcu(net, src))
> return -EINVAL;
>
--
~Randy