On 22/03/15 19:12, Eric W. Biederman wrote:

Robert Shearman [off-list ref] writes:

quoted

Popping the last label on the stack does not necessarily imply
performing penultimate hop popping. There is no reason why this
couldn't be the last hop in the network, so remove the comment.

So this change I will disagree with.

What the code implements is Penultimate hop popping.  Even if you send
the packets over loopback that is what the code is doing.

No, RFC3031 s3.16 (https://tools.ietf.org/html/rfc3031#page-18) talks in 
terms of LSRs (label switch routers), not passes through the forwarding 
code.

This is relevant because I think the code may actually be wrong in the
local reception case.  By preforming penultimate hop popping and
receving the code on loopback I think this code allows bypassing
iptables rules that apply to incoming ip packets.  Certainly there is a
loss of information as to which hardware interface the packet came in on
that it may be desirable to correct.

Indeed, but network operators may well want to apply different rules to 
traffic coming in as IP versus traffic coming in as MPLS.

This may well merit a comment of its own, but this isn't directly 
relevant to the comment I'm removing.

Thanks,
Rob

Eric

quoted

Cc: "Eric W. Biederman" <redacted>
Signed-off-by: Robert Shearman <redacted>
---
  net/mpls/af_mpls.c | 1 -
  1 file changed, 1 deletion(-)

diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
index 0d6763a..bf3459a 100644
--- a/net/mpls/af_mpls.c
+++ b/net/mpls/af_mpls.c

@@ -199,7 +199,6 @@ static int mpls_forward(struct sk_buff *skb, struct net_device *dev,
  	skb->protocol = htons(ETH_P_MPLS_UC);

  	if (unlikely(!new_header_size && dec.bos)) {
-		/* Penultimate hop popping */
  		if (!mpls_egress(rt, skb, dec))
  			goto drop;
  	} else {