From patchwork Sat Jul  2 10:43:14 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jamal Hadi Salim <jhs@mojatatu.com>
X-Patchwork-Id: 643452
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3rhVHl5mrpz9sdn
	for <patchwork-incoming@ozlabs.org>;
	Sat,  2 Jul 2016 20:43:31 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=mojatatu-com.20150623.gappssmtp.com
	header.i=@mojatatu-com.20150623.gappssmtp.com
	header.b=v3r21MgH; dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752014AbcGBKn2 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sat, 2 Jul 2016 06:43:28 -0400
Received: from mail-io0-f194.google.com ([209.85.223.194]:35246 "EHLO
	mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750804AbcGBKn1 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sat, 2 Jul 2016 06:43:27 -0400
Received: by mail-io0-f194.google.com with SMTP id u25so13852114iou.2
	for <netdev@vger.kernel.org>; Sat, 02 Jul 2016 03:43:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=mojatatu-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=IvZbcFqw+r7GlHru9BVQdtD/ecBkMOOO0WaQoMs460U=;
	b=v3r21MgHFoqVV4GttfuSE/UXfR6kdV7rrciuBnwsSexF6ldD24dzi1HtaVFZGMCjUT
	Nvwz861Rd5zi9eSypDwTXOiXpa2O+VWt727Ry3LC4tXNvnZ6m84H/NxNTOsDzD5W1I7I
	O7BndCL+xqdTTJro4UNUJWONSOpsc2lvUTJyU1mWLUDHhWpbjnWKFySF9VTrV+5QL/5V
	zmFNvAan0LJDJ47qaeURKghhxOAVePYfvY4vfoenk0HYknXCfU51IVih/x3upkW0+kvE
	7V2dmCUmPe9Jk8blfeMggooX9+f4HHV8xDB2lYCZg9V62nMBVBr+/kJlRGqFtvdCdB3u
	iJSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=IvZbcFqw+r7GlHru9BVQdtD/ecBkMOOO0WaQoMs460U=;
	b=B14J7XgPb+RzEUm6o3YA17i2mxLRWOqKZS66K5k1DCb+6EDEBJDiCnPOvI1hZoSiEL
	tMd7dfRPScVUpXCR7nuPapPoppWGr24G1Qjgw6KxZPYfWuWwuONnhfn4jZ+vJ5pAuWGf
	o1j0mGG31/LCJFkRI73TCtjbKRWywVNf8V615ujyGuIDnNj1QpgTvbkSjWwiGwI9uf6s
	CRVH2BCAmDdZxRYkiCKlJ42T11glBMD2GvqsYK/7nK30ObFLNCwTH+2OfToz3egRum4/
	sIhhBwAjc4hiuXEi75EPXnYV174f8Izs1gHfsmInNhnUetqDqwLytI2X5ayq5+BIYu5c
	F5rw==
X-Gm-Message-State: 
 ALyK8tJHHkdvsQ4aheqib0bFoiwCnEj1g0N2wmPmHgEI59JpLVrJwmLW/7eKUvbntAyBqA==
X-Received: by 10.107.11.163 with SMTP id 35mr2314665iol.184.1467456206429;
	Sat, 02 Jul 2016 03:43:26 -0700 (PDT)
Received: from jhs-UX303LB.lan ([23.233.30.50])
	by smtp.gmail.com with ESMTPSA id
	z205sm14841141itc.11.2016.07.02.03.43.25
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sat, 02 Jul 2016 03:43:25 -0700 (PDT)
From: Jamal Hadi Salim <jhs@mojatatu.com>
X-Google-Original-From: Jamal Hadi Salim <jhs@emojatatu.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, daniel@iogearbox.net,
	xiyou.wangcong@gmail.com, fw@strlen.de,
	Jamal Hadi Salim <jhs@mojatatu.com>
Subject: [PATCH v2 net-next 1/3] net: simplify and make pkt_type_ok()
	available for other users
Date: Sat,  2 Jul 2016 06:43:14 -0400
Message-Id: <1467456196-25712-1-git-send-email-jhs@emojatatu.com>
X-Mailer: git-send-email 1.9.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Jamal Hadi Salim <jhs@mojatatu.com>

Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
---
 include/linux/skbuff.h   | 10 ++++++++++
 net/netfilter/nft_meta.c |  9 +--------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index dc0fca7..638b0e0 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -37,6 +37,7 @@
 #include <net/flow_dissector.h>
 #include <linux/splice.h>
 #include <linux/in6.h>
+#include <linux/if_packet.h>
 #include <net/flow.h>
 
 /* The interface for checksum offload between the stack and networking drivers
@@ -881,6 +882,15 @@ static inline struct rtable *skb_rtable(const struct sk_buff *skb)
 	return (struct rtable *)skb_dst(skb);
 }
 
+/* For mangling skb->pkt_type from user space side from applications
+ * such as nft, tc, etc, we only allow a conservative subset of
+ * possible pkt_types to be set.
+*/
+static inline bool skb_pkt_type_ok(u32 ptype)
+{
+	return ptype <= PACKET_OTHERHOST;
+}
+
 void kfree_skb(struct sk_buff *skb);
 void kfree_skb_list(struct sk_buff *segs);
 void skb_tx_error(struct sk_buff *skb);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 16c50b0..03e5e33 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -199,13 +199,6 @@ err:
 }
 EXPORT_SYMBOL_GPL(nft_meta_get_eval);
 
-/* don't change or set _LOOPBACK, _USER, etc. */
-static bool pkt_type_ok(u32 p)
-{
-	return p == PACKET_HOST || p == PACKET_BROADCAST ||
-	       p == PACKET_MULTICAST || p == PACKET_OTHERHOST;
-}
-
 void nft_meta_set_eval(const struct nft_expr *expr,
 		       struct nft_regs *regs,
 		       const struct nft_pktinfo *pkt)
@@ -223,7 +216,7 @@ void nft_meta_set_eval(const struct nft_expr *expr,
 		break;
 	case NFT_META_PKTTYPE:
 		if (skb->pkt_type != value &&
-		    pkt_type_ok(value) && pkt_type_ok(skb->pkt_type))
+		    skb_pkt_type_ok(value) && skb_pkt_type_ok(skb->pkt_type))
 			skb->pkt_type = value;
 		break;
 	case NFT_META_NFTRACE: