diff mbox series

[ipsec-next] xfrm: no need to set DST_NOPOLICY in IPv4

Message ID 20220520104845.2644470-1-eyal.birger@gmail.com (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series [ipsec-next] xfrm: no need to set DST_NOPOLICY in IPv4 | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 2041 this patch: 2041
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 320 this patch: 320
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 2168 this patch: 2168
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 108 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Eyal Birger May 20, 2022, 10:48 a.m. UTC 
This is a cleanup patch following commit e6175a2ed1f1
("xfrm: fix "disable_policy" flag use when arriving from different devices")
which made DST_NOPOLICY no longer be used for inbound policy checks.

On outbound the flag was set, but never used.

As such, avoid setting it altogether and remove the nopolicy argument
from rt_dst_alloc().

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>

---

This patch assumes ipsec-next is aligned with net-next and commit
e6175a2ed1f1 is already merged.
---
 drivers/net/vrf.c   |  2 +-
 include/net/route.h |  3 +--
 net/ipv4/route.c    | 24 ++++++++----------------
 3 files changed, 10 insertions(+), 19 deletions(-)

Comments

Nicolas Dichtel May 20, 2022, 12:01 p.m. UTC | #1 
Le 20/05/2022 à 12:48, Eyal Birger a écrit :
> This is a cleanup patch following commit e6175a2ed1f1
> ("xfrm: fix "disable_policy" flag use when arriving from different devices")
> which made DST_NOPOLICY no longer be used for inbound policy checks.
> 
> On outbound the flag was set, but never used.
> 
> As such, avoid setting it altogether and remove the nopolicy argument
> from rt_dst_alloc().
> 
> Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Nicolas Dichtel May 20, 2022, 12:02 p.m. UTC | #2 
Le 20/05/2022 à 12:48, Eyal Birger a écrit :
> This is a cleanup patch following commit e6175a2ed1f1
> ("xfrm: fix "disable_policy" flag use when arriving from different devices")
> which made DST_NOPOLICY no longer be used for inbound policy checks.
Thanks for the follow-up.

Nicolas
Steffen Klassert June 23, 2022, 10:48 a.m. UTC | #3 
On Fri, May 20, 2022 at 02:01:19PM +0200, Nicolas Dichtel wrote:
> 
> Le 20/05/2022 à 12:48, Eyal Birger a écrit :
> > This is a cleanup patch following commit e6175a2ed1f1
> > ("xfrm: fix "disable_policy" flag use when arriving from different devices")
> > which made DST_NOPOLICY no longer be used for inbound policy checks.
> > 
> > On outbound the flag was set, but never used.
> > 
> > As such, avoid setting it altogether and remove the nopolicy argument
> > from rt_dst_alloc().
> > 
> > Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
> Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Now applied to ipsec-next, thanks everyone!
diff mbox series

Patch

diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
index cfc30ce4c6e1..3c99de582c09 100644
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -1077,7 +1077,7 @@  static int vrf_rtable_create(struct net_device *dev)
 		return -ENOMEM;
 
 	/* create a dst for routing packets out through a VRF device */
-	rth = rt_dst_alloc(dev, 0, RTN_UNICAST, 1, 1);
+	rth = rt_dst_alloc(dev, 0, RTN_UNICAST, 1);
 	if (!rth)
 		return -ENOMEM;
 
diff --git a/include/net/route.h b/include/net/route.h
index 991a3985712d..b6743ff88e30 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -244,8 +244,7 @@  void ip_rt_multicast_event(struct in_device *);
 int ip_rt_ioctl(struct net *, unsigned int cmd, struct rtentry *rt);
 void ip_rt_get_source(u8 *src, struct sk_buff *skb, struct rtable *rt);
 struct rtable *rt_dst_alloc(struct net_device *dev,
-			     unsigned int flags, u16 type,
-			     bool nopolicy, bool noxfrm);
+			    unsigned int flags, u16 type, bool noxfrm);
 struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt);
 
 struct in_ifaddr;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 356f535f3443..d990bb3b1587 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1627,12 +1627,11 @@  static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
 
 struct rtable *rt_dst_alloc(struct net_device *dev,
 			    unsigned int flags, u16 type,
-			    bool nopolicy, bool noxfrm)
+			    bool noxfrm)
 {
 	struct rtable *rt;
 
 	rt = dst_alloc(&ipv4_dst_ops, dev, 1, DST_OBSOLETE_FORCE_CHK,
-		       (nopolicy ? DST_NOPOLICY : 0) |
 		       (noxfrm ? DST_NOXFRM : 0));
 
 	if (rt) {
@@ -1727,7 +1726,6 @@  static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 	struct in_device *in_dev = __in_dev_get_rcu(dev);
 	unsigned int flags = RTCF_MULTICAST;
 	struct rtable *rth;
-	bool no_policy;
 	u32 itag = 0;
 	int err;
 
@@ -1738,12 +1736,11 @@  static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 	if (our)
 		flags |= RTCF_LOCAL;
 
-	no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
-	if (no_policy)
+	if (IN_DEV_ORCONF(in_dev, NOPOLICY))
 		IPCB(skb)->flags |= IPSKB_NOPOLICY;
 
 	rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
-			   no_policy, false);
+			   false);
 	if (!rth)
 		return -ENOBUFS;
 
@@ -1802,7 +1799,7 @@  static int __mkroute_input(struct sk_buff *skb,
 	struct rtable *rth;
 	int err;
 	struct in_device *out_dev;
-	bool do_cache, no_policy;
+	bool do_cache;
 	u32 itag = 0;
 
 	/* get a working reference to the output device */
@@ -1847,8 +1844,7 @@  static int __mkroute_input(struct sk_buff *skb,
 		}
 	}
 
-	no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
-	if (no_policy)
+	if (IN_DEV_ORCONF(in_dev, NOPOLICY))
 		IPCB(skb)->flags |= IPSKB_NOPOLICY;
 
 	fnhe = find_exception(nhc, daddr);
@@ -1863,7 +1859,7 @@  static int __mkroute_input(struct sk_buff *skb,
 		}
 	}
 
-	rth = rt_dst_alloc(out_dev->dev, 0, res->type, no_policy,
+	rth = rt_dst_alloc(out_dev->dev, 0, res->type,
 			   IN_DEV_ORCONF(out_dev, NOXFRM));
 	if (!rth) {
 		err = -ENOBUFS;
@@ -2238,7 +2234,6 @@  static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 	struct rtable	*rth;
 	struct flowi4	fl4;
 	bool do_cache = true;
-	bool no_policy;
 
 	/* IP on this device is disabled. */
 
@@ -2357,8 +2352,7 @@  out:	return err;
 	RT_CACHE_STAT_INC(in_brd);
 
 local_input:
-	no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
-	if (no_policy)
+	if (IN_DEV_ORCONF(in_dev, NOPOLICY))
 		IPCB(skb)->flags |= IPSKB_NOPOLICY;
 
 	do_cache &= res->fi && !itag;
@@ -2374,8 +2368,7 @@  out:	return err;
 	}
 
 	rth = rt_dst_alloc(ip_rt_get_dev(net, res),
-			   flags | RTCF_LOCAL, res->type,
-			   no_policy, false);
+			   flags | RTCF_LOCAL, res->type, false);
 	if (!rth)
 		goto e_nobufs;
 
@@ -2598,7 +2591,6 @@  static struct rtable *__mkroute_output(const struct fib_result *res,
 
 add:
 	rth = rt_dst_alloc(dev_out, flags, type,
-			   IN_DEV_ORCONF(in_dev, NOPOLICY),
 			   IN_DEV_ORCONF(in_dev, NOXFRM));
 	if (!rth)
 		return ERR_PTR(-ENOBUFS);