diff options
| author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2013-09-02 09:34:56 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-09-04 00:27:25 -0400 |
| commit | 8b27f27797cac5ed9b2f3e63dac89a7ae70e70a7 (patch) | |
| tree | c77b49fdf6883aab5bea6988d89f7e204f49329b | |
| parent | 117961878cc1386923cfddcdd9016b777827c8dd (diff) | |
skb: allow skb_scrub_packet() to be used by tunnels
This function was only used when a packet was sent to another netns. Now, it can
also be used after tunnel encapsulation or decapsulation.
Only skb_orphan() should not be done when a packet is not crossing netns.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/skbuff.h | 2 | ||||
| -rw-r--r-- | net/core/dev.c | 2 | ||||
| -rw-r--r-- | net/core/skbuff.c | 19 | ||||
| -rw-r--r-- | net/ipv4/ip_tunnel.c | 4 | ||||
| -rw-r--r-- | net/ipv6/ip6_tunnel.c | 4 | ||||
| -rw-r--r-- | net/ipv6/sit.c | 4 |
6 files changed, 20 insertions, 15 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 6f1330af1ebb..2ddb48d9312c 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
| @@ -2392,7 +2392,7 @@ extern void skb_split(struct sk_buff *skb, | |||
| 2392 | struct sk_buff *skb1, const u32 len); | 2392 | struct sk_buff *skb1, const u32 len); |
| 2393 | extern int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, | 2393 | extern int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, |
| 2394 | int shiftlen); | 2394 | int shiftlen); |
| 2395 | extern void skb_scrub_packet(struct sk_buff *skb); | 2395 | extern void skb_scrub_packet(struct sk_buff *skb, bool xnet); |
| 2396 | 2396 | ||
| 2397 | extern struct sk_buff *skb_segment(struct sk_buff *skb, | 2397 | extern struct sk_buff *skb_segment(struct sk_buff *skb, |
| 2398 | netdev_features_t features); | 2398 | netdev_features_t features); |
diff --git a/net/core/dev.c b/net/core/dev.c index 6fbb0c90849b..07684e880a5d 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
| @@ -1697,7 +1697,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) | |||
| 1697 | * call skb_scrub_packet() after it to clear pkt_type _after_ calling | 1697 | * call skb_scrub_packet() after it to clear pkt_type _after_ calling |
| 1698 | * eth_type_trans(). | 1698 | * eth_type_trans(). |
| 1699 | */ | 1699 | */ |
| 1700 | skb_scrub_packet(skb); | 1700 | skb_scrub_packet(skb, true); |
| 1701 | 1701 | ||
| 1702 | return netif_rx(skb); | 1702 | return netif_rx(skb); |
| 1703 | } | 1703 | } |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 2c3d0f53d198..d81cff119f73 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
| @@ -3500,17 +3500,22 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, | |||
| 3500 | EXPORT_SYMBOL(skb_try_coalesce); | 3500 | EXPORT_SYMBOL(skb_try_coalesce); |
| 3501 | 3501 | ||
| 3502 | /** | 3502 | /** |
| 3503 | * skb_scrub_packet - scrub an skb before sending it to another netns | 3503 | * skb_scrub_packet - scrub an skb |
| 3504 | * | 3504 | * |
| 3505 | * @skb: buffer to clean | 3505 | * @skb: buffer to clean |
| 3506 | * | 3506 | * @xnet: packet is crossing netns |
| 3507 | * skb_scrub_packet can be used to clean an skb before injecting it in | 3507 | * |
| 3508 | * another namespace. We have to clear all information in the skb that | 3508 | * skb_scrub_packet can be used after encapsulating or decapsulting a packet |
| 3509 | * could impact namespace isolation. | 3509 | * into/from a tunnel. Some information have to be cleared during these |
| 3510 | * operations. | ||
| 3511 | * skb_scrub_packet can also be used to clean a skb before injecting it in | ||
| 3512 | * another namespace (@xnet == true). We have to clear all information in the | ||
| 3513 | * skb that could impact namespace isolation. | ||
| 3510 | */ | 3514 | */ |
| 3511 | void skb_scrub_packet(struct sk_buff *skb) | 3515 | void skb_scrub_packet(struct sk_buff *skb, bool xnet) |
| 3512 | { | 3516 | { |
| 3513 | skb_orphan(skb); | 3517 | if (xnet) |
| 3518 | skb_orphan(skb); | ||
| 3514 | skb->tstamp.tv64 = 0; | 3519 | skb->tstamp.tv64 = 0; |
| 3515 | skb->pkt_type = PACKET_HOST; | 3520 | skb->pkt_type = PACKET_HOST; |
| 3516 | skb->skb_iif = 0; | 3521 | skb->skb_iif = 0; |
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 0a6cf0e69478..b0e74e17088f 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c | |||
| @@ -462,7 +462,7 @@ int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb, | |||
| 462 | } | 462 | } |
| 463 | 463 | ||
| 464 | if (!net_eq(tunnel->net, dev_net(tunnel->dev))) | 464 | if (!net_eq(tunnel->net, dev_net(tunnel->dev))) |
| 465 | skb_scrub_packet(skb); | 465 | skb_scrub_packet(skb, true); |
| 466 | 466 | ||
| 467 | gro_cells_receive(&tunnel->gro_cells, skb); | 467 | gro_cells_receive(&tunnel->gro_cells, skb); |
| 468 | return 0; | 468 | return 0; |
| @@ -615,7 +615,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, | |||
| 615 | } | 615 | } |
| 616 | 616 | ||
| 617 | if (!net_eq(tunnel->net, dev_net(dev))) | 617 | if (!net_eq(tunnel->net, dev_net(dev))) |
| 618 | skb_scrub_packet(skb); | 618 | skb_scrub_packet(skb, true); |
| 619 | 619 | ||
| 620 | if (tunnel->err_count > 0) { | 620 | if (tunnel->err_count > 0) { |
| 621 | if (time_before(jiffies, | 621 | if (time_before(jiffies, |
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index d6e00a39274c..72372ac90159 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c | |||
| @@ -830,7 +830,7 @@ static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol, | |||
| 830 | tstats->rx_bytes += skb->len; | 830 | tstats->rx_bytes += skb->len; |
| 831 | 831 | ||
| 832 | if (!net_eq(t->net, dev_net(t->dev))) | 832 | if (!net_eq(t->net, dev_net(t->dev))) |
| 833 | skb_scrub_packet(skb); | 833 | skb_scrub_packet(skb, true); |
| 834 | 834 | ||
| 835 | netif_rx(skb); | 835 | netif_rx(skb); |
| 836 | 836 | ||
| @@ -1002,7 +1002,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb, | |||
| 1002 | } | 1002 | } |
| 1003 | 1003 | ||
| 1004 | if (!net_eq(t->net, dev_net(dev))) | 1004 | if (!net_eq(t->net, dev_net(dev))) |
| 1005 | skb_scrub_packet(skb); | 1005 | skb_scrub_packet(skb, true); |
| 1006 | 1006 | ||
| 1007 | /* | 1007 | /* |
| 1008 | * Okay, now see if we can stuff it in the buffer as-is. | 1008 | * Okay, now see if we can stuff it in the buffer as-is. |
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 1d1458a3b7c4..b2e44f478e14 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c | |||
| @@ -622,7 +622,7 @@ static int ipip6_rcv(struct sk_buff *skb) | |||
| 622 | tstats->rx_bytes += skb->len; | 622 | tstats->rx_bytes += skb->len; |
| 623 | 623 | ||
| 624 | if (!net_eq(tunnel->net, dev_net(tunnel->dev))) | 624 | if (!net_eq(tunnel->net, dev_net(tunnel->dev))) |
| 625 | skb_scrub_packet(skb); | 625 | skb_scrub_packet(skb, true); |
| 626 | netif_rx(skb); | 626 | netif_rx(skb); |
| 627 | 627 | ||
| 628 | return 0; | 628 | return 0; |
| @@ -861,7 +861,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb, | |||
| 861 | } | 861 | } |
| 862 | 862 | ||
| 863 | if (!net_eq(tunnel->net, dev_net(dev))) | 863 | if (!net_eq(tunnel->net, dev_net(dev))) |
| 864 | skb_scrub_packet(skb); | 864 | skb_scrub_packet(skb, true); |
| 865 | 865 | ||
| 866 | /* | 866 | /* |
| 867 | * Okay, now see if we can stuff it in the buffer as-is. | 867 | * Okay, now see if we can stuff it in the buffer as-is. |