From patchwork Thu Oct 11 18:46:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taehee Yoo X-Patchwork-Id: 982648 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="eH1PNiup"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42WKgg5TjCz9s7T for ; Fri, 12 Oct 2018 05:46:39 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729034AbeJLCPF (ORCPT ); Thu, 11 Oct 2018 22:15:05 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:47038 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727944AbeJLCPF (ORCPT ); Thu, 11 Oct 2018 22:15:05 -0400 Received: by mail-pl1-f193.google.com with SMTP id v5-v6so4634948plz.13 for ; Thu, 11 Oct 2018 11:46:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=CmhGbV6g1dbggoDHLAJ9rAHz+/Fq91Z8DDXo3pH6M+o=; b=eH1PNiupDqW2KkzsfohUob6kn0QeKnZP1S5RGs+ALheu2Oj0lQgJxZkS3Bofh7shsu 84hD7A7H8ffS9I9AvgesJdO5loOCUXWDhsss5/ZMevwlt/LvRX1YCdaCyQffsZoyG6Gt dRxf9GUxGm9z7xXZ5jhsh1phaGxtHAmmKScSFZ1LPwKdPYqeZUFCbbGOgdWgoJ70SiUf EWuRUOwnVEW4RgWXeFMCx4wBGwsVIi1SRoK92raN5O44dGV+m4uTVfqwc1x9ktd2a8Zf shaXwRgc+bzWmPmi5Pr4+jIRuV2aCNocOjP7fPTvVRG6gYH8MB9KE52dWGletp3EefMF iDLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=CmhGbV6g1dbggoDHLAJ9rAHz+/Fq91Z8DDXo3pH6M+o=; b=cZRyCDgVBoo0v6KAQpzdT5JMp3JcIBDR8XzDtc0bDL60FVq7iQJXtrxv9yPB5n6Xud IRQYMjjFJeOUqT+GfCpOEysQlHq5bvwvfdRkK//woY86L2OivA6JxRexQCEkscQc1OZr 79baXptaOsjFQyb5DCbkagCbu1fZ8kUYCv8bPU0E/q/XWe8ep4M1O8P+deQEF+esTe8m LUbp0NHSofnYFLjIc97Etnj0VDeY5dwbsYg56dH0bLrEXYBHwEdZZOgCoSu0p7KCEIhl o6NrEwHfeaGuY6ISBoZz4Ux2edMa1VjCilNMXpxgldeoCbNsnyInzFMcVchYNouO6WKY ZNiw== X-Gm-Message-State: ABuFfogk179e3qDQBZkHfgC2nVqHi242X8xZRbyyu/5LK1S5HT0RlJ+F WiG2PeqaArmlVC31gwAE3s4= X-Google-Smtp-Source: ACcGV60heMgkeMAdaGdsWTk2D6TIieO9LT7kI9c3zPuU8Z+CrRTtp+CMU3Wmsyd5gMDfMdJbKNWM1w== X-Received: by 2002:a17:902:6948:: with SMTP id k8-v6mr2654343plt.75.1539283597729; Thu, 11 Oct 2018 11:46:37 -0700 (PDT) Received: from ap-To-be-filled-by-O-E-M.8.8.8.8 ([125.130.197.10]) by smtp.gmail.com with ESMTPSA id 187-v6sm47399611pfu.129.2018.10.11.11.46.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 11:46:36 -0700 (PDT) From: Taehee Yoo To: pablo@netfilter.org, netfilter-devel@vger.kernel.org Cc: ap420073@gmail.com Subject: [PATCH nf v2] netfilter: nf_flow_table: do not remove offload when other netns's interface is down Date: Fri, 12 Oct 2018 03:46:29 +0900 Message-Id: <20181011184629.28016-1-ap420073@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org When interface is down, offload cleanup function(nf_flow_table_do_cleanup) is called and that checks whether interface index of offload and index of link down interface is same. but only interface index checking is not enough because flowtable is not pernet list. So that, if other netns's interface that has index is same with offload is down, that offload will be removed. This patch adds netns checking code to the offload cleanup routine. Fixes: 59c466dd68e7 ("netfilter: nf_flow_table: add a new flow state for tearing down offloading") Signed-off-by: Taehee Yoo --- v2: do not modify unnecessary code (Pablo Neira Ayuso) v1: Initial patch net/netfilter/nf_flow_table_core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index d8125616edc7..c188e27972c7 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -478,14 +478,17 @@ EXPORT_SYMBOL_GPL(nf_flow_table_init); static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) { struct net_device *dev = data; + struct flow_offload_entry *e; + + e = container_of(flow, struct flow_offload_entry, flow); if (!dev) { flow_offload_teardown(flow); return; } - - if (flow->tuplehash[0].tuple.iifidx == dev->ifindex || - flow->tuplehash[1].tuple.iifidx == dev->ifindex) + if (net_eq(nf_ct_net(e->ct), dev_net(dev)) && + (flow->tuplehash[0].tuple.iifidx == dev->ifindex || + flow->tuplehash[1].tuple.iifidx == dev->ifindex)) flow_offload_dead(flow); }