diff mbox

[RFC,net-next,1/2] dev: introduce dev_cleanup_skb()

Message ID 1372083239-9451-2-git-send-email-nicolas.dichtel@6wind.com
State RFC, archived
Delegated to: David Miller
Headers show

Commit Message

Nicolas Dichtel June 24, 2013, 2:13 p.m. UTC 
The goal of this new function is to perform all needed cleanup before sending
an skb into another netns.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 include/linux/netdevice.h |  1 +
 net/core/dev.c            | 34 ++++++++++++++++++++++++----------
 2 files changed, 25 insertions(+), 10 deletions(-)

Comments

Ben Hutchings June 24, 2013, 6:13 p.m. UTC | #1 
On Mon, 2013-06-24 at 16:13 +0200, Nicolas Dichtel wrote:
> The goal of this new function is to perform all needed cleanup before sending
> an skb into another netns.
[...]

To 'cleanup' an object often means to destroy or free it.  So perhaps
you could find an alternate verb that doesn't have that association,
e.g. 'sanitise' or 'unmark'.

Ben.
Eric W. Biederman June 24, 2013, 7:05 p.m. UTC | #2 
Ben Hutchings <bhutchings@solarflare.com> writes:

> On Mon, 2013-06-24 at 16:13 +0200, Nicolas Dichtel wrote:
>> The goal of this new function is to perform all needed cleanup before sending
>> an skb into another netns.
> [...]
>
> To 'cleanup' an object often means to destroy or free it.  So perhaps
> you could find an alternate verb that doesn't have that association,
> e.g. 'sanitise' or 'unmark'.

skb_scrub_packet sounds good to me.    It has the right connotation
and it is shorter. :)

Eric
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 09b4188..9b72d87 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2321,6 +2321,7 @@  extern int		dev_hard_start_xmit(struct sk_buff *skb,
 					    struct netdev_queue *txq);
 extern int		dev_forward_skb(struct net_device *dev,
 					struct sk_buff *skb);
+extern void		dev_cleanup_skb(struct sk_buff *skb);
 
 extern int		netdev_budget;
 
diff --git a/net/core/dev.c b/net/core/dev.c
index 722f633..d30bc22 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1625,6 +1625,29 @@  static inline bool is_skb_forwardable(struct net_device *dev,
 }
 
 /**
+ * dev_cleanup_skb - cleanup an skb before sending it to another netns
+ *
+ * @skb: buffer to clean
+ *
+ * dev_cleanup_skb can be used to clean an skb before injecting it in
+ * another namespace. We have to clear all information in the skb that
+ * could impact namespace isolation.
+ */
+void dev_cleanup_skb(struct sk_buff *skb)
+{
+	skb_orphan(skb);
+	skb->tstamp.tv64 = 0;
+	skb->pkt_type = PACKET_HOST;
+	skb->skb_iif = 0;
+	skb_dst_drop(skb);
+	skb->mark = 0;
+	secpath_reset(skb);
+	nf_reset(skb);
+	nf_reset_trace(skb);
+}
+EXPORT_SYMBOL_GPL(dev_cleanup_skb);
+
+/**
  * dev_forward_skb - loopback an skb to another netif
  *
  * @dev: destination network device
@@ -1652,22 +1675,13 @@  int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
 		}
 	}
 
-	skb_orphan(skb);
-
 	if (unlikely(!is_skb_forwardable(dev, skb))) {
 		atomic_long_inc(&dev->rx_dropped);
 		kfree_skb(skb);
 		return NET_RX_DROP;
 	}
-	skb->skb_iif = 0;
-	skb_dst_drop(skb);
-	skb->tstamp.tv64 = 0;
-	skb->pkt_type = PACKET_HOST;
+	dev_cleanup_skb(skb);
 	skb->protocol = eth_type_trans(skb, dev);
-	skb->mark = 0;
-	secpath_reset(skb);
-	nf_reset(skb);
-	nf_reset_trace(skb);
 	return netif_rx(skb);
 }
 EXPORT_SYMBOL_GPL(dev_forward_skb);