subject:"\[PATCH v2 net\] net\/ipv4\: Initialize proto and ports in flow struct"

Re: [PATCH v2 net] net/ipv4: Initialize proto and ports in flow struct

2018-05-17 Thread David Miller

From: David Ahern 
Date: Wed, 16 May 2018 13:36:40 -0700

> Updating the FIB tracepoint for the recent change to allow rules using
> the protocol and ports exposed a few places where the entries in the flow
> struct are not initialized.
> 
> For __fib_validate_source add the call to fib4_rules_early_flow_dissect
> since it is invoked for the input path. For netfilter, add the memset on
> the flow struct to avoid future problems like this. In ip_route_input_slow
> need to set the fields if the skb dissection does not happen.
> 
> Fixes: bfff4862653b ("net: fib_rules: support for match on ip_proto, sport 
> and dport")
> Signed-off-by: David Ahern 
> ---
> Have not seen any problems with the IPv6 version
> 
> v2
> - do not remove tracepoint in __fib_validate_source (sent the net-next
>   version of this patch)
> - add set of ports and proto to ip_route_input_slow if skb dissect
>   is not done

Applied, thanks David.

Re: [PATCH v2 net] net/ipv4: Initialize proto and ports in flow struct

2018-05-16 Thread Roopa Prabhu

On Wed, May 16, 2018 at 1:36 PM, David Ahern  wrote:
> Updating the FIB tracepoint for the recent change to allow rules using
> the protocol and ports exposed a few places where the entries in the flow
> struct are not initialized.
>
> For __fib_validate_source add the call to fib4_rules_early_flow_dissect
> since it is invoked for the input path. For netfilter, add the memset on
> the flow struct to avoid future problems like this. In ip_route_input_slow
> need to set the fields if the skb dissection does not happen.
>
> Fixes: bfff4862653b ("net: fib_rules: support for match on ip_proto, sport 
> and dport")
> Signed-off-by: David Ahern 
> ---

LGTM,
Acked-by: Roopa Prabhu

[PATCH v2 net] net/ipv4: Initialize proto and ports in flow struct

2018-05-16 Thread David Ahern

Updating the FIB tracepoint for the recent change to allow rules using
the protocol and ports exposed a few places where the entries in the flow
struct are not initialized.

For __fib_validate_source add the call to fib4_rules_early_flow_dissect
since it is invoked for the input path. For netfilter, add the memset on
the flow struct to avoid future problems like this. In ip_route_input_slow
need to set the fields if the skb dissection does not happen.

Fixes: bfff4862653b ("net: fib_rules: support for match on ip_proto, sport and 
dport")
Signed-off-by: David Ahern 
---
Have not seen any problems with the IPv6 version

v2
- do not remove tracepoint in __fib_validate_source (sent the net-next
  version of this patch)
- add set of ports and proto to ip_route_input_slow if skb dissect
  is not done

 net/ipv4/fib_frontend.c   | 8 +++-
 net/ipv4/netfilter/ipt_rpfilter.c | 2 +-
 net/ipv4/route.c  | 7 ++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index f05afaf3235c..4d622112bf95 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -326,10 +326,11 @@ static int __fib_validate_source(struct sk_buff *skb, 
__be32 src, __be32 dst,
 u8 tos, int oif, struct net_device *dev,
 int rpf, struct in_device *idev, u32 *itag)
 {
+   struct net *net = dev_net(dev);
+   struct flow_keys flkeys;
int ret, no_addr;
struct fib_result res;
struct flowi4 fl4;
-   struct net *net = dev_net(dev);
bool dev_match;
 
fl4.flowi4_oif = 0;
@@ -347,6 +348,11 @@ static int __fib_validate_source(struct sk_buff *skb, 
__be32 src, __be32 dst,
no_addr = idev->ifa_list == NULL;
 
fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0;
+   if (!fib4_rules_early_flow_dissect(net, skb, , )) {
+   fl4.flowi4_proto = 0;
+   fl4.fl4_sport = 0;
+   fl4.fl4_dport = 0;
+   }
 
trace_fib_validate_source(dev, );
 
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c 
b/net/ipv4/netfilter/ipt_rpfilter.c
index fd01f13c896a..12843c9ef142 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -89,10 +89,10 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct 
xt_action_param *par)
return true ^ invert;
}
 
+   memset(, 0, sizeof(flow));
flow.flowi4_iif = LOOPBACK_IFINDEX;
flow.daddr = iph->saddr;
flow.saddr = rpfilter_get_saddr(iph->daddr);
-   flow.flowi4_oif = 0;
flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
flow.flowi4_tos = RT_TOS(iph->tos);
flow.flowi4_scope = RT_SCOPE_UNIVERSE;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 29268efad247..2cfa1b518f8d 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1961,8 +1961,13 @@ static int ip_route_input_slow(struct sk_buff *skb, 
__be32 daddr, __be32 saddr,
fl4.saddr = saddr;
fl4.flowi4_uid = sock_net_uid(net, NULL);
 
-   if (fib4_rules_early_flow_dissect(net, skb, , &_flkeys))
+   if (fib4_rules_early_flow_dissect(net, skb, , &_flkeys)) {
flkeys = &_flkeys;
+   } else {
+   fl4.flowi4_proto = 0;
+   fl4.fl4_sport = 0;
+   fl4.fl4_dport = 0;
+   }
 
err = fib_lookup(net, , res, 0);
if (err != 0) {
-- 
2.11.0

Re: [PATCH v2 net] net/ipv4: Initialize proto and ports in flow struct

Re: [PATCH v2 net] net/ipv4: Initialize proto and ports in flow struct

[PATCH v2 net] net/ipv4: Initialize proto and ports in flow struct

3 matches

Site Navigation

Mail list logo

Footer information