Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 809389,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/809389/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504477589-12045-6-git-send-email-pablo@netfilter.org/",
    "project": {
        "id": 26,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/26/?format=api",
        "name": "Netfilter Development",
        "link_name": "netfilter-devel",
        "list_id": "netfilter-devel.vger.kernel.org",
        "list_email": "netfilter-devel@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1504477589-12045-6-git-send-email-pablo@netfilter.org>",
    "list_archive_url": null,
    "date": "2017-09-03T22:25:47",
    "name": "[05/47] netfilter: nf_tables: fib: use skb_header_pointer",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": false,
    "hash": "64e1aec18edf1116ece481ceb14e50a39e05ac86",
    "submitter": {
        "id": 1315,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/1315/?format=api",
        "name": "Pablo Neira Ayuso",
        "email": "pablo@netfilter.org"
    },
    "delegate": {
        "id": 6139,
        "url": "http://patchwork.ozlabs.org/api/1.2/users/6139/?format=api",
        "username": "pablo",
        "first_name": "Pablo",
        "last_name": "Neira",
        "email": "pablo@netfilter.org"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504477589-12045-6-git-send-email-pablo@netfilter.org/mbox/",
    "series": [
        {
            "id": 1280,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/1280/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=1280",
            "date": "2017-09-03T22:25:42",
            "name": "[01/47] netfilter: expect: add to hash table after expect init",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/1280/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/809389/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/809389/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<netfilter-devel-owner@vger.kernel.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xlnfl4HPvz9s06\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon,  4 Sep 2017 08:27:43 +1000 (AEST)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753215AbdICW1Y (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 3 Sep 2017 18:27:24 -0400",
            "from mail.us.es ([193.147.175.20]:50806 \"EHLO mail.us.es\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1753154AbdICW0m (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);\n\tSun, 3 Sep 2017 18:26:42 -0400",
            "from antivirus1-rhel7.int (unknown [192.168.2.11])\n\tby mail.us.es (Postfix) with ESMTP id 93E46190F6C\n\tfor <netfilter-devel@vger.kernel.org>;\n\tMon,  4 Sep 2017 00:26:15 +0200 (CEST)",
            "from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 7E17DB502D\n\tfor <netfilter-devel@vger.kernel.org>;\n\tMon,  4 Sep 2017 00:26:15 +0200 (CEST)",
            "by antivirus1-rhel7.int (Postfix, from userid 99)\n\tid 739A4B5027; Mon,  4 Sep 2017 00:26:15 +0200 (CEST)",
            "from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 581F6B5028;\n\tMon,  4 Sep 2017 00:26:13 +0200 (CEST)",
            "from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int\n\t(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); \n\tMon, 04 Sep 2017 00:26:13 +0200 (CEST)",
            "from salvia.here (unknown [31.4.193.113])\n\t(Authenticated sender: pneira@us.es)\n\tby entrada.int (Postfix) with ESMTPA id 035614265A22;\n\tMon,  4 Sep 2017 00:26:12 +0200 (CEST)"
        ],
        "X-Spam-Checker-Version": "SpamAssassin 3.4.1 (2015-04-28) on\n\tantivirus1-rhel7.int",
        "X-Spam-Level": "",
        "X-Spam-Status": "No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,\n\tSMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1",
        "X-Virus-Status": "clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)",
        "X-SMTPAUTHUS": "auth mail.us.es",
        "From": "Pablo Neira Ayuso <pablo@netfilter.org>",
        "To": "netfilter-devel@vger.kernel.org",
        "Cc": "davem@davemloft.net, netdev@vger.kernel.org",
        "Subject": "[PATCH 05/47] netfilter: nf_tables: fib: use skb_header_pointer",
        "Date": "Mon,  4 Sep 2017 00:25:47 +0200",
        "Message-Id": "<1504477589-12045-6-git-send-email-pablo@netfilter.org>",
        "X-Mailer": "git-send-email 2.1.4",
        "In-Reply-To": "<1504477589-12045-1-git-send-email-pablo@netfilter.org>",
        "References": "<1504477589-12045-1-git-send-email-pablo@netfilter.org>",
        "X-Virus-Scanned": "ClamAV using ClamSMTP",
        "Sender": "netfilter-devel-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netfilter-devel.vger.kernel.org>",
        "X-Mailing-List": "netfilter-devel@vger.kernel.org"
    },
    "content": "From: \"Pablo M. Bermudo Garay\" <pablombg@gmail.com>\n\nThis is a preparatory patch for adding fib support to the netdev family.\n\nThe netdev family receives the packets from ingress hook. At this point\nwe have no guarantee that the ip header is linear. So this patch\nreplaces ip_hdr with skb_header_pointer in order to address that\npossible situation.\n\nSigned-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n net/ipv4/netfilter/nft_fib_ipv4.c | 20 ++++++++++++++++----\n net/ipv6/netfilter/nft_fib_ipv6.c | 29 +++++++++++++++++++++++------\n 2 files changed, 39 insertions(+), 10 deletions(-)",
    "diff": "diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c\nindex de3681df2ce7..e50976e3c213 100644\n--- a/net/ipv4/netfilter/nft_fib_ipv4.c\n+++ b/net/ipv4/netfilter/nft_fib_ipv4.c\n@@ -32,9 +32,10 @@ void nft_fib4_eval_type(const struct nft_expr *expr, struct nft_regs *regs,\n \t\t\tconst struct nft_pktinfo *pkt)\n {\n \tconst struct nft_fib *priv = nft_expr_priv(expr);\n+\tint noff = skb_network_offset(pkt->skb);\n \tu32 *dst = &regs->data[priv->dreg];\n \tconst struct net_device *dev = NULL;\n-\tconst struct iphdr *iph;\n+\tstruct iphdr *iph, _iph;\n \t__be32 addr;\n \n \tif (priv->flags & NFTA_FIB_F_IIF)\n@@ -42,7 +43,12 @@ void nft_fib4_eval_type(const struct nft_expr *expr, struct nft_regs *regs,\n \telse if (priv->flags & NFTA_FIB_F_OIF)\n \t\tdev = nft_out(pkt);\n \n-\tiph = ip_hdr(pkt->skb);\n+\tiph = skb_header_pointer(pkt->skb, noff, sizeof(_iph), &_iph);\n+\tif (!iph) {\n+\t\tregs->verdict.code = NFT_BREAK;\n+\t\treturn;\n+\t}\n+\n \tif (priv->flags & NFTA_FIB_F_DADDR)\n \t\taddr = iph->daddr;\n \telse\n@@ -61,8 +67,9 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,\n \t\t   const struct nft_pktinfo *pkt)\n {\n \tconst struct nft_fib *priv = nft_expr_priv(expr);\n+\tint noff = skb_network_offset(pkt->skb);\n \tu32 *dest = &regs->data[priv->dreg];\n-\tconst struct iphdr *iph;\n+\tstruct iphdr *iph, _iph;\n \tstruct fib_result res;\n \tstruct flowi4 fl4 = {\n \t\t.flowi4_scope = RT_SCOPE_UNIVERSE,\n@@ -95,7 +102,12 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,\n \t\treturn;\n \t}\n \n-\tiph = ip_hdr(pkt->skb);\n+\tiph = skb_header_pointer(pkt->skb, noff, sizeof(_iph), &_iph);\n+\tif (!iph) {\n+\t\tregs->verdict.code = NFT_BREAK;\n+\t\treturn;\n+\t}\n+\n \tif (ipv4_is_zeronet(iph->saddr)) {\n \t\tif (ipv4_is_lbcast(iph->daddr) ||\n \t\t    ipv4_is_local_multicast(iph->daddr)) {\ndiff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c\nindex 43f91d9b086c..54b5899543ef 100644\n--- a/net/ipv6/netfilter/nft_fib_ipv6.c\n+++ b/net/ipv6/netfilter/nft_fib_ipv6.c\n@@ -25,9 +25,9 @@ static int get_ifindex(const struct net_device *dev)\n \n static int nft_fib6_flowi_init(struct flowi6 *fl6, const struct nft_fib *priv,\n \t\t\t       const struct nft_pktinfo *pkt,\n-\t\t\t       const struct net_device *dev)\n+\t\t\t       const struct net_device *dev,\n+\t\t\t       struct ipv6hdr *iph)\n {\n-\tconst struct ipv6hdr *iph = ipv6_hdr(pkt->skb);\n \tint lookup_flags = 0;\n \n \tif (priv->flags & NFTA_FIB_F_DADDR) {\n@@ -55,7 +55,8 @@ static int nft_fib6_flowi_init(struct flowi6 *fl6, const struct nft_fib *priv,\n }\n \n static u32 __nft_fib6_eval_type(const struct nft_fib *priv,\n-\t\t\t\tconst struct nft_pktinfo *pkt)\n+\t\t\t\tconst struct nft_pktinfo *pkt,\n+\t\t\t\tstruct ipv6hdr *iph)\n {\n \tconst struct net_device *dev = NULL;\n \tconst struct nf_ipv6_ops *v6ops;\n@@ -77,7 +78,7 @@ static u32 __nft_fib6_eval_type(const struct nft_fib *priv,\n \telse if (priv->flags & NFTA_FIB_F_OIF)\n \t\tdev = nft_out(pkt);\n \n-\tnft_fib6_flowi_init(&fl6, priv, pkt, dev);\n+\tnft_fib6_flowi_init(&fl6, priv, pkt, dev, iph);\n \n \tv6ops = nf_get_ipv6_ops();\n \tif (dev && v6ops && v6ops->chk_addr(nft_net(pkt), &fl6.daddr, dev, true))\n@@ -131,9 +132,17 @@ void nft_fib6_eval_type(const struct nft_expr *expr, struct nft_regs *regs,\n \t\t\tconst struct nft_pktinfo *pkt)\n {\n \tconst struct nft_fib *priv = nft_expr_priv(expr);\n+\tint noff = skb_network_offset(pkt->skb);\n \tu32 *dest = &regs->data[priv->dreg];\n+\tstruct ipv6hdr *iph, _iph;\n \n-\t*dest = __nft_fib6_eval_type(priv, pkt);\n+\tiph = skb_header_pointer(pkt->skb, noff, sizeof(_iph), &_iph);\n+\tif (!iph) {\n+\t\tregs->verdict.code = NFT_BREAK;\n+\t\treturn;\n+\t}\n+\n+\t*dest = __nft_fib6_eval_type(priv, pkt, iph);\n }\n EXPORT_SYMBOL_GPL(nft_fib6_eval_type);\n \n@@ -141,8 +150,10 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,\n \t\t   const struct nft_pktinfo *pkt)\n {\n \tconst struct nft_fib *priv = nft_expr_priv(expr);\n+\tint noff = skb_network_offset(pkt->skb);\n \tconst struct net_device *oif = NULL;\n \tu32 *dest = &regs->data[priv->dreg];\n+\tstruct ipv6hdr *iph, _iph;\n \tstruct flowi6 fl6 = {\n \t\t.flowi6_iif = LOOPBACK_IFINDEX,\n \t\t.flowi6_proto = pkt->tprot,\n@@ -155,7 +166,13 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,\n \telse if (priv->flags & NFTA_FIB_F_OIF)\n \t\toif = nft_out(pkt);\n \n-\tlookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif);\n+\tiph = skb_header_pointer(pkt->skb, noff, sizeof(_iph), &_iph);\n+\tif (!iph) {\n+\t\tregs->verdict.code = NFT_BREAK;\n+\t\treturn;\n+\t}\n+\n+\tlookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif, iph);\n \n \tif (nft_hook(pkt) == NF_INET_PRE_ROUTING &&\n \t    nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {\n",
    "prefixes": [
        "05/47"
    ]
}