| Message ID | 20220127091308.91401-5-imagedong@tencent.com |
|---|---|
| State | Handled Elsewhere |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | net: use kfree_skb_reason() for ip/udp packet receive | expand |
On 1/27/22 2:13 AM, menglong8.dong@gmail.com wrote: > diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c > index 3a025c011971..7f64c5432cba 100644 > --- a/net/ipv4/ip_input.c > +++ b/net/ipv4/ip_input.c > @@ -436,13 +436,18 @@ static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) > static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net) > { > const struct iphdr *iph; > + int drop_reason; > u32 len; > > + drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; > + > /* When the interface is in promisc. mode, drop all the crap > * that it receives, do not try to analyse it. > */ > - if (skb->pkt_type == PACKET_OTHERHOST) > + if (skb->pkt_type == PACKET_OTHERHOST) { > + drop_reason = SKB_DROP_REASON_OTHERHOST; > goto drop; > + } > > __IP_UPD_PO_STATS(net, IPSTATS_MIB_IN, skb->len); > > @@ -516,11 +521,13 @@ static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net) There's another path: len = ntohs(iph->tot_len); if (skb->len < len) { __IP_INC_STATS(net, IPSTATS_MIB_INTRUNCATEDPKTS); goto drop; } else if (len < (iph->ihl*4)) ... where reason = SKB_DROP_REASON_PKT_TOO_SMALL rest looks ok to me. > return skb; > > csum_error: > + drop_reason = SKB_DROP_REASON_IP_CSUM; > __IP_INC_STATS(net, IPSTATS_MIB_CSUMERRORS); > inhdr_error: > + drop_reason = drop_reason ?: SKB_DROP_REASON_IP_INHDR; > __IP_INC_STATS(net, IPSTATS_MIB_INHDRERRORS); > drop: > - kfree_skb(skb); > + kfree_skb_reason(skb, drop_reason); > out: > return NULL; > }
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 786ea2c2334e..2e87da91424f 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -321,6 +321,15 @@ enum skb_drop_reason { SKB_DROP_REASON_SOCKET_FILTER, /* dropped by socket filter */ SKB_DROP_REASON_UDP_CSUM, /* UDP checksum error */ SKB_DROP_REASON_NETFILTER_DROP, /* dropped by netfilter */ + SKB_DROP_REASON_OTHERHOST, /* packet don't belong to current + * host (interface is in promisc + * mode) + */ + SKB_DROP_REASON_IP_CSUM, /* IP checksum error */ + SKB_DROP_REASON_IP_INHDR, /* there is something wrong with + * IP header (see + * IPSTATS_MIB_INHDRERRORS) + */ SKB_DROP_REASON_MAX, }; diff --git a/include/trace/events/skb.h b/include/trace/events/skb.h index 3d89f7b09a43..f2b1778485f0 100644 --- a/include/trace/events/skb.h +++ b/include/trace/events/skb.h @@ -17,6 +17,9 @@ EM(SKB_DROP_REASON_SOCKET_FILTER, SOCKET_FILTER) \ EM(SKB_DROP_REASON_UDP_CSUM, UDP_CSUM) \ EM(SKB_DROP_REASON_NETFILTER_DROP, NETFILTER_DROP) \ + EM(SKB_DROP_REASON_OTHERHOST, OTHERHOST) \ + EM(SKB_DROP_REASON_IP_CSUM, IP_CSUM) \ + EM(SKB_DROP_REASON_IP_INHDR, IP_INHDR) \ EMe(SKB_DROP_REASON_MAX, MAX) #undef EM diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 3a025c011971..7f64c5432cba 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -436,13 +436,18 @@ static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net) { const struct iphdr *iph; + int drop_reason; u32 len; + drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; + /* When the interface is in promisc. mode, drop all the crap * that it receives, do not try to analyse it. */ - if (skb->pkt_type == PACKET_OTHERHOST) + if (skb->pkt_type == PACKET_OTHERHOST) { + drop_reason = SKB_DROP_REASON_OTHERHOST; goto drop; + } __IP_UPD_PO_STATS(net, IPSTATS_MIB_IN, skb->len); @@ -516,11 +521,13 @@ static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net) return skb; csum_error: + drop_reason = SKB_DROP_REASON_IP_CSUM; __IP_INC_STATS(net, IPSTATS_MIB_CSUMERRORS); inhdr_error: + drop_reason = drop_reason ?: SKB_DROP_REASON_IP_INHDR; __IP_INC_STATS(net, IPSTATS_MIB_INHDRERRORS); drop: - kfree_skb(skb); + kfree_skb_reason(skb, drop_reason); out: return NULL; }