From patchwork Mon Sep 20 10:19:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 12505061 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA191C433EF for ; Mon, 20 Sep 2021 10:19:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C96DF60FC1 for ; Mon, 20 Sep 2021 10:19:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235712AbhITKUy (ORCPT ); Mon, 20 Sep 2021 06:20:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234973AbhITKUv (ORCPT ); Mon, 20 Sep 2021 06:20:51 -0400 Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 757F4C061760 for ; Mon, 20 Sep 2021 03:19:25 -0700 (PDT) Received: by mail-qk1-x730.google.com with SMTP id a10so40706896qka.12 for ; Mon, 20 Sep 2021 03:19:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=owsya/fAc4fC+5PO3VaM2gMWH9/gcNYLcnGTc5c6gMI=; b=dmJJatofPyUDttQb7mA0XbmpfYIkfmQctAk6+blkE06fNgM2cGXjCnDMJ2G9Shgkx7 ymsaKg968hiZVvn53+TJVbmvVD2wIhAxRyuZNqYxxDaIqSSze19jAhuciCXdOvZzR+Vr py6SxGoH4iV7dIPSKzrVT7w08/kS8/iuBOuFTE5u+GwsKVt7xRwhMYmJP+8FkK6swGo1 9l8AiD2W0REcfVgKJTIFZuhwgaiB94awJ80qaiNmYcQ2u7qHieKqkgf8B8vXommOmubK emSAoD4yZpNv6nbgRtO8MrcuYFbLkbg7hiSmN9zJRYwt0SvgDRbuas3iTMFj+w2oTJsC f1Iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=owsya/fAc4fC+5PO3VaM2gMWH9/gcNYLcnGTc5c6gMI=; b=kY82bAnoskR6Z7kO8q7/ab/okcA2P+jI3HeItRF2zR2GVn+57h1dlzZV6FouehtvCD A9xhUcZn6Mysd3tOvbNq1xpQc4kmEIKSFxXEa/nM13tubCQakfjo6nzZtsWHdR8eHYdT zz/mHzFRjOodPxL97mhtO+qWtPvuXtXTz6mEBeftK33/SNspDxCbo/Is5xw2J1zh8HA+ vPpb8zWKyggQFr1+cbP0uksYepHqUgG0PyR6e8x6bneZb8hEY7z55n9GLltGzEXKI6ZS /Q3ziwH39bMTOJViOn5/7r+N5FvjzQoBD4Wp21z98MYN7olmPg6U6Txa5d/2gNoruIpx j83g== X-Gm-Message-State: AOAM533Dwau5uARO4jUtofub0MQhkKO3hmoMqPRupPaj1ZksEdovvXp4 FraraDQJ2B9yzb2kP7+Ubzoylf6N/0AqoA== X-Google-Smtp-Source: ABdhPJxWT2Ra6OsbRDugggOqsr//iLJ+TjaoK7xcHsWVP0q/xGKAt9BTXTRmwXtA1H0ssbTt/VXYEA== X-Received: by 2002:a05:620a:430f:: with SMTP id u15mr23488968qko.32.1632133164470; Mon, 20 Sep 2021 03:19:24 -0700 (PDT) Received: from wsfd-netdev15.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id u9sm4637985qke.91.2021.09.20.03.19.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Sep 2021 03:19:24 -0700 (PDT) From: Xin Long To: network dev , davem@davemloft.net, kuba@kernel.org Cc: Marcelo Ricardo Leitner , Davide Caratti , Hangbin Liu Subject: [PATCH net 1/2] net: sched: drop ct for the packets toward ingress only in act_mirred Date: Mon, 20 Sep 2021 06:19:21 -0400 Message-Id: <13c7b29126171310739195264d5e619b62d27f92.1632133123.git.lucien.xin@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org nf_reset_ct() called in tcf_mirred_act() is supposed to drop ct for those packets that are mirred or redirected to only ingress, not ingress and egress. This patch is to move nf_reset_ct() to tcf_mirred_forward() and to be called only when want_ingress is true. Fixes: d09c548dbf3b ("net: sched: act_mirred: Reset ct info when mirror") Signed-off-by: Xin Long --- net/sched/act_mirred.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index d64b0eeccbe4..46dff1f1e7c8 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -205,14 +205,12 @@ static int tcf_mirred_init(struct net *net, struct nlattr *nla, static int tcf_mirred_forward(bool want_ingress, struct sk_buff *skb) { - int err; - if (!want_ingress) - err = tcf_dev_queue_xmit(skb, dev_queue_xmit); - else - err = netif_receive_skb(skb); + return tcf_dev_queue_xmit(skb, dev_queue_xmit); - return err; + nf_reset_ct(skb); + + return netif_receive_skb(skb); } static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, @@ -271,9 +269,6 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, goto out; } - /* All mirred/redirected skbs should clear previous ct info */ - nf_reset_ct(skb2); - want_ingress = tcf_mirred_act_wants_ingress(m_eaction); expects_nh = want_ingress || !m_mac_header_xmit; From patchwork Mon Sep 20 10:19:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xin Long X-Patchwork-Id: 12505063 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 236ABC433FE for ; Mon, 20 Sep 2021 10:19:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0391660F9B for ; Mon, 20 Sep 2021 10:19:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235714AbhITKU6 (ORCPT ); Mon, 20 Sep 2021 06:20:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235702AbhITKUw (ORCPT ); Mon, 20 Sep 2021 06:20:52 -0400 Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5956AC061574 for ; Mon, 20 Sep 2021 03:19:26 -0700 (PDT) Received: by mail-qk1-x729.google.com with SMTP id p4so40673776qki.3 for ; Mon, 20 Sep 2021 03:19:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mpa9RboK8bSXJaugfzTpZs6uSVX02G6AQbuiFVw65i0=; b=p4S2pZji7kwcdFfVR3tYr0I2WxlJINDDmreE/dbHG4QUMqALhbb0EeetYzxjDSSU1j v824Qv4TO1lf3q3Jo/5YlSw4iMSJebb1uZHq/2coOquyWYapLogjgGRT8haQA7+jnRKp BRzTvRh1kawV21yQiwKkRV3hU04GaJDSKG75qolNSZrqs8kF8wzYe4PveIHtA0ojerdn kkqW90NpEMTNOQYYCDtXI+/9qlPcIxhTnkyWrUpmKYQe3EPgkhrZit9kRSB/rokQjbPR mzr9aAfeZb1eAIm+eegnpFaR7Gi2rrJcej4G1lPSX6MkVv6JJ8rPMZ/zAarEx485nLkf kW0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mpa9RboK8bSXJaugfzTpZs6uSVX02G6AQbuiFVw65i0=; b=V8vKav6znVSIr/nIJ3xKZBUS+axhdgaU1MH2bynDx7wS6m81bZ3TVJdAmKLGGCqtHA UjVR0ZexhkYhfEn32ny6F6OSvEh5Y1AdpMT0oyYwpuyW3qDdbx6f3vHHzW/KjKe1AhcL T30iyKZxVbsfLdWoCSxJwrmNxjkK1hstaxwVi16mcO51zJudRptxHee77S5n9NwpPGg/ uHn96a7cRC3BtLuc95+FoVuzon0NgpwPrRsw1nKLAgSL5wkjKsxoRNKBGUxTb/PjLNPt JUhvijdztJ7BpQnNp+8cIjEIL3VTLu1C9MtAmslnwV26unF1H2kQvGgVxHiqN7f50NGV oXIA== X-Gm-Message-State: AOAM530/Jebar92/yGfrS/xzb7H5EuT4qcv36Ouj4EKCZ9LSPlp/iv9/ Ji4Oc46oY5x/zZR3rqEkhosHPksxmC/OSw== X-Google-Smtp-Source: ABdhPJzxiEJhm9z/AIx0iyg1KZUOr+ka48F25GTPGhwG7R1zUqtfK1p5rnSDz36n4hKSZ0duVOTdqQ== X-Received: by 2002:a05:620a:14a2:: with SMTP id x2mr23649890qkj.194.1632133165326; Mon, 20 Sep 2021 03:19:25 -0700 (PDT) Received: from wsfd-netdev15.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id u9sm4637985qke.91.2021.09.20.03.19.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Sep 2021 03:19:24 -0700 (PDT) From: Xin Long To: network dev , davem@davemloft.net, kuba@kernel.org Cc: Marcelo Ricardo Leitner , Davide Caratti , Hangbin Liu Subject: [PATCH net 2/2] net: sched: also drop dst for the packets toward ingress in act_mirred Date: Mon, 20 Sep 2021 06:19:22 -0400 Message-Id: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Without dropping dst, the packets sent from local mirred/redirected to ingress will may still use the old dst. ip_rcv() will drop it as the old dst is for output and its .input is dst_discard. This patch is to fix by also dropping dst for those packets that are mirred or redirected to ingress in act_mirred. Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") Signed-off-by: Xin Long --- net/sched/act_mirred.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 46dff1f1e7c8..5e30b3e64b63 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -209,6 +210,7 @@ static int tcf_mirred_forward(bool want_ingress, struct sk_buff *skb) return tcf_dev_queue_xmit(skb, dev_queue_xmit); nf_reset_ct(skb); + skb_dst_drop(skb); return netif_receive_skb(skb); }