Message ID | 20210729125118.10902-2-tim.gardner@canonical.com |
---|---|
State | New |
Headers | show |
Series | dev_forward_skb: do not scrub skb mark within the same name space | expand |
On 29.07.21 14:51, Tim Gardner wrote: > From: Nicolas Dichtel <nicolas.dichtel@6wind.com> > > BugLink: https://bugs.launchpad.net/bugs/1935040 > > The goal is to keep the mark during a bpf_redirect(), like it is done for > legacy encapsulation / decapsulation, when there is no x-netns. > This was initially done in commit 213dd74aee76 ("skbuff: Do not scrub skb > mark within the same name space"). > > When the call to skb_scrub_packet() was added in dev_forward_skb() (commit > 8b27f27797ca ("skb: allow skb_scrub_packet() to be used by tunnels")), the > second argument (xnet) was set to true to force a call to skb_orphan(). At > this time, the mark was always cleanned up by skb_scrub_packet(), whatever > xnet value was. > This call to skb_orphan() was removed later in commit > 9c4c325252c5 ("skbuff: preserve sock reference when scrubbing the skb."). > But this 'true' stayed here without any real reason. > > Let's correctly set xnet in ____dev_forward_skb(), this function has access > to the previous interface and to the new interface. > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > Signed-off-by: David S. Miller <davem@davemloft.net> > (cherry picked from commit ff70202b2d1ad522275c6aadc8c53519b6a22c57) > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Thanks > --- > include/linux/netdevice.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h > index 11a52f2fa35de..edd3806fe944f 100644 > --- a/include/linux/netdevice.h > +++ b/include/linux/netdevice.h > @@ -3750,7 +3750,7 @@ static __always_inline int ____dev_forward_skb(struct net_device *dev, > return NET_RX_DROP; > } > > - skb_scrub_packet(skb, true); > + skb_scrub_packet(skb, !net_eq(dev_net(dev), dev_net(skb->dev))); > skb->priority = 0; > return 0; > } >
On 29.07.21 14:51, Tim Gardner wrote: > From: Nicolas Dichtel <nicolas.dichtel@6wind.com> > > BugLink: https://bugs.launchpad.net/bugs/1935040 > > The goal is to keep the mark during a bpf_redirect(), like it is done for > legacy encapsulation / decapsulation, when there is no x-netns. > This was initially done in commit 213dd74aee76 ("skbuff: Do not scrub skb > mark within the same name space"). > > When the call to skb_scrub_packet() was added in dev_forward_skb() (commit > 8b27f27797ca ("skb: allow skb_scrub_packet() to be used by tunnels")), the > second argument (xnet) was set to true to force a call to skb_orphan(). At > this time, the mark was always cleanned up by skb_scrub_packet(), whatever > xnet value was. > This call to skb_orphan() was removed later in commit > 9c4c325252c5 ("skbuff: preserve sock reference when scrubbing the skb."). > But this 'true' stayed here without any real reason. > > Let's correctly set xnet in ____dev_forward_skb(), this function has access > to the previous interface and to the new interface. > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > Signed-off-by: David S. Miller <davem@davemloft.net> > (cherry picked from commit ff70202b2d1ad522275c6aadc8c53519b6a22c57) > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > include/linux/netdevice.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h > index 11a52f2fa35de..edd3806fe944f 100644 > --- a/include/linux/netdevice.h > +++ b/include/linux/netdevice.h > @@ -3750,7 +3750,7 @@ static __always_inline int ____dev_forward_skb(struct net_device *dev, > return NET_RX_DROP; > } > > - skb_scrub_packet(skb, true); > + skb_scrub_packet(skb, !net_eq(dev_net(dev), dev_net(skb->dev))); > skb->priority = 0; > return 0; > } >
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 11a52f2fa35de..edd3806fe944f 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -3750,7 +3750,7 @@ static __always_inline int ____dev_forward_skb(struct net_device *dev, return NET_RX_DROP; } - skb_scrub_packet(skb, true); + skb_scrub_packet(skb, !net_eq(dev_net(dev), dev_net(skb->dev))); skb->priority = 0; return 0; }