diff options
| author | David Miller <davem@davemloft.net> | 2015-04-05 22:19:04 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-04-07 15:25:55 -0400 |
| commit | 7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab (patch) | |
| tree | 3e11ed0f186ea6066a3f7efecb88d85bc732ee51 /include/linux/netdevice.h | |
| parent | 1c984f8a5df085bcf35364a8a870bd4db4da4ed3 (diff) | |
netfilter: Pass socket pointer down through okfn().
On the output paths in particular, we have to sometimes deal with two
socket contexts. First, and usually skb->sk, is the local socket that
generated the frame.
And second, is potentially the socket used to control a tunneling
socket, such as one the encapsulates using UDP.
We do not want to disassociate skb->sk when encapsulating in order
to fix this, because that would break socket memory accounting.
The most extreme case where this can cause huge problems is an
AF_PACKET socket transmitting over a vxlan device. We hit code
paths doing checks that assume they are dealing with an ipv4
socket, but are actually operating upon the AF_PACKET one.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/netdevice.h')
| -rw-r--r-- | include/linux/netdevice.h | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 41bf58a2b936..45823db2efb0 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h | |||
| @@ -2165,8 +2165,12 @@ int dev_open(struct net_device *dev); | |||
| 2165 | int dev_close(struct net_device *dev); | 2165 | int dev_close(struct net_device *dev); |
| 2166 | int dev_close_many(struct list_head *head, bool unlink); | 2166 | int dev_close_many(struct list_head *head, bool unlink); |
| 2167 | void dev_disable_lro(struct net_device *dev); | 2167 | void dev_disable_lro(struct net_device *dev); |
| 2168 | int dev_loopback_xmit(struct sk_buff *newskb); | 2168 | int dev_loopback_xmit(struct sock *sk, struct sk_buff *newskb); |
| 2169 | int dev_queue_xmit(struct sk_buff *skb); | 2169 | int dev_queue_xmit_sk(struct sock *sk, struct sk_buff *skb); |
| 2170 | static inline int dev_queue_xmit(struct sk_buff *skb) | ||
| 2171 | { | ||
| 2172 | return dev_queue_xmit_sk(skb->sk, skb); | ||
| 2173 | } | ||
| 2170 | int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); | 2174 | int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); |
| 2171 | int register_netdevice(struct net_device *dev); | 2175 | int register_netdevice(struct net_device *dev); |
| 2172 | void unregister_netdevice_queue(struct net_device *dev, struct list_head *head); | 2176 | void unregister_netdevice_queue(struct net_device *dev, struct list_head *head); |
| @@ -2927,7 +2931,11 @@ static inline void dev_consume_skb_any(struct sk_buff *skb) | |||
| 2927 | 2931 | ||
| 2928 | int netif_rx(struct sk_buff *skb); | 2932 | int netif_rx(struct sk_buff *skb); |
| 2929 | int netif_rx_ni(struct sk_buff *skb); | 2933 | int netif_rx_ni(struct sk_buff *skb); |
| 2930 | int netif_receive_skb(struct sk_buff *skb); | 2934 | int netif_receive_skb_sk(struct sock *sk, struct sk_buff *skb); |
| 2935 | static inline int netif_receive_skb(struct sk_buff *skb) | ||
| 2936 | { | ||
| 2937 | return netif_receive_skb_sk(skb->sk, skb); | ||
| 2938 | } | ||
| 2931 | gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); | 2939 | gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); |
| 2932 | void napi_gro_flush(struct napi_struct *napi, bool flush_old); | 2940 | void napi_gro_flush(struct napi_struct *napi, bool flush_old); |
| 2933 | struct sk_buff *napi_get_frags(struct napi_struct *napi); | 2941 | struct sk_buff *napi_get_frags(struct napi_struct *napi); |