From patchwork Wed Jan 10 11:00:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13515966 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2112.outbound.protection.outlook.com [40.107.104.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9840E45C1F; Wed, 10 Jan 2024 11:05:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="SRzYYAKZ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MvCiglLInss5Dz4PfaVyq6SQH2izIymECnA2gPDU1pQUbXfhZFpPhV5JyRwjn4GRIdmcbtt9kIdn0o6GGwFFn/kTVmQUvpvBRoDDDg1K0fZDoxy/LsT9enpZ+Fqr/Y0b4+Tll6wpsvJLwX/VUCWf7mxzzetJbFJkgL/5Gt2k6I142Q/1AJU0tGImJaXsgEsYt39Q3W5Kh9O4aRSfQXcdqKoh9vnazUWus46UFGc7RfrL9Wx184lFLDR03NWZUmSLQ8237hQUkDFA5a5ixLMIj4W7qTWvKy7N9HDPzFAMK8v8DLziCqZnt8291Jq+nHKHdfq+WpdtQGzLGGhbI/BJpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dHFID7yZPMUZ0kqhXE4bLvAGq4gFBZ1ilWbpG7XzBNg=; b=RJWHsmo2NmgVjgde3RTJk5TFw/tIiVH0LLJOUAj8YcgpFaBmCVcFnHNsOlnSruOWzKkUkH3/cfo7Ax2ZjkmA6OsimGAM5IIb9tMhCSt0A4G1OOeH/v6j+EQM3++t5SEvhHf2MOBgBTAk8P4JhSqMpzCTD+m+ilMhkpbK90fAA3mtajnj2iIUJO5uzUj84ks50Kp+IbHgAjo5nZrbAsaJs4M5zE3KV1yRgg9YQEI+Er286Zc2hjitVMaT6PEM8V2M3bTDTTCsNsOicOPOB509kgEdIapvClyohR0S3d0eyGh52fSUYqLVNG+grlZoeXYNGhGkvHEQn1QV/jXibj/M6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dHFID7yZPMUZ0kqhXE4bLvAGq4gFBZ1ilWbpG7XzBNg=; b=SRzYYAKZDlY5edaAcAVA04T9kWgOvNgXAT7NBF45CnvcJ3gfSlNeq0j7+3Ql/gR+MfvAgjXzIg4ajw+Gm3edI8f0w8AN++rDlewaqe6fyMsB/XY+p35tBIp2hP/vSDHOzZvX37cqEME7F9hTVYGE/8dcVKO/Ui5y8cQ5f9bND/PpsMMmqV0lWjirKxoDQx8R4nFEWYZhAV2J3QfaOt4ZA/UkF1k32uNrtfPHLWMjryj6zvCDmBLVjO0o1DuIsC32B5yB40wVOpD2BUIV6r8uLMxE+w98nrO/UKsrIM1+vZs1vPxMEuJYLSIdtgpbZOeXh8AyKZsUTKqOO78Y3pflWA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by AS8PR08MB5990.eurprd08.prod.outlook.com (2603:10a6:20b:296::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Wed, 10 Jan 2024 11:05:16 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Wed, 10 Jan 2024 11:05:16 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH 1/4] netfilter: nfnetlink_log: use proper helper for fetching physinif Date: Wed, 10 Jan 2024 19:00:11 +0800 Message-ID: <20240110110451.5473-2-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> References: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KU1PR03CA0041.apcprd03.prod.outlook.com (2603:1096:802:19::29) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|AS8PR08MB5990:EE_ X-MS-Office365-Filtering-Correlation-Id: 9aa885cc-3d70-496d-a2fe-08dc11cc0668 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OthMp17te05x7zltSBSCFSCKl0Baqh2blxzDnQ9xGm7hdS35WDyUJco8cps/fsuFIAyUtnmZa8tjqSUSrMZ07bJLN56XERh761+VCho1UziQNGG6cXs4+7JeilUvat+mJRfL+lMRsqtwD73XN6kuuv7odNsjE01s0bHd4rPHWXXbDo2UgbKHkAuDrCVmwYCSHU7g91tNtFLarbH2amCilY5QTp/nvsOyya/oBFf3fhwp+h/9xjAbDwKoZbNNyNKtlcBjZ2wTktKjPunotYSv7Q53aKudSpcyWVob9FYNCBo5lF0SJDZ+68vkO5sO9W/9FGMpCEkHUBDbaa7V0S/4sriGcgghqJ97Vh7cAOyRDKI8e5iMxQmwvwOqBkgva/oTsPLwapRRNRg7LMnQ7CD6fGotT30Y4LHhuzwpPZnSmUJPc+Gc7wANC6N01Mko/RVvjGy1E4DjjMqIZcJDGQnubD1hrxpajEelZelR90Itfim1RfFDl/NoWrN4E1lj78OnnY1Wxj1V6CSx0fls541Y9CeqnNf+StvZh6uL2y+tP+EAY3BBF+SnzfVMvmGXE7OW X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(396003)(376002)(136003)(39850400004)(366004)(346002)(230922051799003)(451199024)(1800799012)(186009)(64100799003)(6512007)(1076003)(83380400001)(36756003)(86362001)(38100700002)(5660300002)(4326008)(6666004)(52116002)(6506007)(2616005)(107886003)(8676002)(316002)(110136005)(8936002)(66946007)(66556008)(66476007)(41300700001)(2906002)(6486002)(478600001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 1eJ75sM1Fq6qriWRwcQ9PATQA20dlIjdYrpA+KsEDIy3XF99bGeS1QR3x7RRgRx1u2IqpqxWrRiTVJNaPkmoV9JXdV1T91bbqV4v5p9EL9CRiOJA+EZkRCNhRkcWSCT7yY29bRM+/zygxC+9uk4VKfKT8l2chJ9DUIECqFH5MhZkC14DItM//PZ7ehBpD7rtyB/mvAeRCWyk1WEQnj7WIZwkoxm3fVsjCHuuolHWtCxXwLoor/s+K9xbfE4TExS24YBi2tM7IoEsW0i9qtx3b+6fHm0D8HSSc/R5cFitmgzyONmEMxr9y/mzophCJgTaxuY5QQbu7s13sAeydf+qcJm9jG+HGc1W+wYe4GendRrAWg6rBsbsldUUuA7nHUop21sUC7kvlL9H1T/P4TKSMknENFiTKpcZj/oLyRjgWUMp0VcxnsYJxl9UspPqFndaqku+ZaICBP8gzD9VI20TrVRWOGb+A3fSKl8lWv6w7GD+wRRIl/SLN/b9pAZ6IJSR6p7dhCpcYgJ+ghO5uO+yuVGUbA/nfD02ZGHMAQPQMOOqRXBgk6vA8ENU4mTSZcta8p8nJDlj4fkK6m12PvfswX6s9pX7RhBLRDIr8GgZUCAioO08NP7e1FY4x4eOJqMd0B3PrL+D9shQ9VMnBIbeE4tUJPXW2uiL7v+dVb6iwWLshqYdybmX2DJ6UTwIic0h0Tu4G5Onj5JAsr1+ukOfcym4Uu9PqjfPe/sdPTvpGGxcrJOFssYMpvuGZOb8nlTXZA2E11BeiHYVVELqiS0tHA1AT4BuEM/XPrftrBzLrhTTdeOQuPBu1CKpIbuNAe6/frnlY/SJ9qWI3xPJ8Ojz+TZi1WU9AAn+FZuL6770Le26WICArFQ0Pb/fYBuIDHPxx8he0ddnbHM2nnt3y9LzPXz0fVl63+CxANRV+Wx/9m2uiCb2txj6HfeytDU3iVYi0AS9xHtULHLsBT0Wh3anF8bgKuZTL6x9k4kBZNZvWDCRxivZ4udys5A8qJk0zHgt20H0rHoMY+9O5FBiAEvLn8/MTlHQ/hIf719r5eGM3M1HkoBvd9uzm3foSFH5k1KCBWvrKPXN4EmUhmNlp6/Er1dd82iZiiEaIZXzzu+ZDISAfRu+Nq8L3eHriTjOl+WnklJL44PjjMiCOQfccoH/qM6p9NXo+NCf0yE24YpBx+Z+FPRbLkjMGu1haO+3UveY+vxQExCGO0ZV7d0JsZl20gFAItk9JqlK67eLw5Ke3Yp99orQtaE0+wj/kF3mL2kT98ME//pmQ9Ai7QlG5GRZBZm8/kjd/kS3imhbT896I+Q1LB8pAqsnpJxu19ZVa3ZpTWXBaXhWuDfP7A6BAm07GFxGTxfBkNpaSZwfK1n+ZA96hoAEaYoHLGRoTHvbPigxeasGiupk7KiYA4fTIXReLXDNFKIGehrszhvveXrTMO5AonGJKB6ZrnnDwYmeAe3xSP5yvrFyLZVnfLXOaEjdze/H36cOnt8PBFw4tcwYxgmBk7hgOeqS1ij8L4eHLW0YOUIG2V2y6owL4YIjPdwHO+iwp03uZiNlRMjSH4RNLE5JjLmyPxOJ5tl6eyxdp1PZdTUx3uNLz5o8BuWADkzIRGE+6twHKeJvwiIxH6GSOtASBScHJ2VZeMqFr3qXFzZZ2ZTsAJXUJIJjC4ZEs9xMmQ== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9aa885cc-3d70-496d-a2fe-08dc11cc0668 X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2024 11:05:16.1331 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dW1X6rbMZ+/drMyafQmy2sB8OUFMO7YtWgqq/90mus7Bpc//r5ivYwmgDqgVJZuAmL3fGSF9TvL25W+CBIkKo5TCjpp3z8sfsVx5F68Rgyw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB5990 X-Patchwork-Delegate: kuba@kernel.org We don't use physindev in __build_packet_message except for getting physinif from it. So let's switch to nf_bridge_get_physinif to get what we want directly. Signed-off-by: Pavel Tikhomirov --- net/netfilter/nfnetlink_log.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index f03f4d4d7d889..134e05d31061e 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -508,7 +508,7 @@ __build_packet_message(struct nfnl_log_net *log, htonl(br_port_get_rcu(indev)->br->dev->ifindex))) goto nla_put_failure; } else { - struct net_device *physindev; + int physinif; /* Case 2: indev is bridge group, we need to look for * physical device (when called from ipv4) */ @@ -516,10 +516,10 @@ __build_packet_message(struct nfnl_log_net *log, htonl(indev->ifindex))) goto nla_put_failure; - physindev = nf_bridge_get_physindev(skb); - if (physindev && + physinif = nf_bridge_get_physinif(skb); + if (physinif && nla_put_be32(inst->skb, NFULA_IFINDEX_PHYSINDEV, - htonl(physindev->ifindex))) + htonl(physinif))) goto nla_put_failure; } #endif From patchwork Wed Jan 10 11:00:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13515967 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2112.outbound.protection.outlook.com [40.107.104.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 979C14778B; Wed, 10 Jan 2024 11:05:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="XyixGhcg" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NU++4Fp0M5F0kWvtX4tlUkbRfPjSk9DlwAQEEVQdaCILZ2kZmJoncN1BPRcIKgWmXISEran8NatzEnDrr6ti7eU1J4vXktb0x4WJClDL9PDmjF62somZJA0rRoaIZyDumoOrluQvup/gljiDk9vsxowesmYCNIEfgvCTds6ffHHd7VCj2XvR+0CZQaA+0aiwlSnTzNz9fdHTDR64ypBF1fSyb3xNrc1f/nALw1DCRxDJR9ci/bx05vnVrFxernnSRLJiXlmJNSOGR1rT3yY5aKU18VviTgUroIhn/QT+dQuOuAZvi6g1kw5jEdQXCQV2oP0hHWCXMqr2yCr0xgJoag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l4BfzmwSxr4jbT6fnQLS3qcLXzyjFaelTsxNum5s3BU=; b=kunzCpWgtbTAf+FjfGV+Uq4unnBi+6LVYQnehQSH/ZvDjqJTNoVS3fhWgQZvGq+obYKl3hK/jnZXa/A2HZ3Caj0Jm8wrQWOArNeZhFaYR7RWliVGTKuuLDqGYWXtsmbHc5jVygIutL9u6K7s3RPb6Cix0GUgA6DsJapGsbIKppM7db0lE2TyEavq3p/TSzQk4sbzUv4bDTlwC88dZqx/Olk968hH2iIA6tL9i1VNiZGX3t66K9D3CBLyEhj45Lf7aDguJNvd2d8TbbCIGEQ0tnfWQHYs77uyxi7jq5ZLN1j1qUIhRElHa/zzuwHfYCVVKlxII6ml19Gr+63MF6w9eQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l4BfzmwSxr4jbT6fnQLS3qcLXzyjFaelTsxNum5s3BU=; b=XyixGhcge53RYl9yU5J1i63mo93WLFiCWLeSrlKQ4Iy0YcwBO7rpHl7zSbreYtm5VJ8ufIzYG4JPeOmsly83RXrZ2PBvkl/GAyldmUHuRNhMDg6o29MaeVNiMzf+vbRoMHa487txYUFz/pT1mASGpj7m4x5NwK5DgAwbCymY/OYkJkchV1bamQZbWXm3E2DJCbJcfNdDwxil7q740J0+11WIf5hZ/ywNLVT4GUptIFZHNnW949X6PgjfI3hNTwr+iKkBHVqh3IrKDGWYFITPpcjHSMZ/YdxlVwssvAY+IYCYkzqxKf+bCDSGj+77Rofn8kYoeE0oGEFlzRt5/Iac7Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by AS8PR08MB5990.eurprd08.prod.outlook.com (2603:10a6:20b:296::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Wed, 10 Jan 2024 11:05:18 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Wed, 10 Jan 2024 11:05:18 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH 2/4] netfilter: nf_queue: remove excess nf_bridge variable Date: Wed, 10 Jan 2024 19:00:12 +0800 Message-ID: <20240110110451.5473-3-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> References: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KU1PR03CA0041.apcprd03.prod.outlook.com (2603:1096:802:19::29) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|AS8PR08MB5990:EE_ X-MS-Office365-Filtering-Correlation-Id: 7a1a5e26-d572-4c67-f30f-08dc11cc07fd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 69tJsB7otRatboVOXj/f2lLDRgek7DXIKccMwZcrL048Ss6WryJyxXbT9lL3pvrbzeXjfGYo5vz28v0YlQqJx72UVgaB2gh+2CgftI5eR84EJNrMt6DxceEczCDTaSEr/TECdYgOoAeMnAvAXuWAfV6Q8LeeIVNn7Oc0aHPidETKszfJ2tHf0LU1LymQBQfS42TAlpMwC0TS6SuzKh+uDPxnmfu3fG6tDu8V4sNNAweGvOCEiks1ZDfEYJEslwnUFhgKF8+Nb2tJGptSs8oN0GQfP6gbEYC5HK2R++vncPlF7g+bGLCRIhe6w2dLKbTKnZxGSNrE6mbgYq5X+gpS9edBhMATAuTVZKZUp9FgJhxk5iqCzBfoLk8lCzVYRXI9n0mA+ly00VFdhMOc976mNbRu2RQRVDcezVaPg5iJp/WC7wO4oNq/UfL0/G6F8Z9rnIdeVTvAvONzD2RDxz+vhhqWSjy3/U5fyVxqykGAgCirOrIrwvielCsyFQFqs4gLLtTmN4baYeeOYXUlIfQ8Y2WFuJRjFxCt72JCaoxQ1loTR1bqHS/mM5eLOSYlXLSA X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(396003)(376002)(136003)(39850400004)(366004)(346002)(230922051799003)(451199024)(1800799012)(186009)(64100799003)(6512007)(1076003)(83380400001)(36756003)(86362001)(38100700002)(5660300002)(4326008)(4744005)(6666004)(52116002)(6506007)(2616005)(107886003)(8676002)(316002)(110136005)(8936002)(66946007)(66556008)(66476007)(41300700001)(2906002)(6486002)(478600001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: hkrJ1rlJBmOL54YRBQe93sGySjyXSOnTcEtWIZRT74i0kKcKeaeQWWIEbLD7OIJ2dZtMZNObT1JfW92fqujwaLmcfB5SiE+87PzRGEKKZ0qvp4Z6gpu9p8wCQ+Mwmsd39ioojld0BsermzQ39ALPsp1VK0FPpYfde3x9Q1Jy6gZVnvPWu1jRjK8R8tbQKaDSZYHNyyAMNZO4vu0JVT83K9+sUCmPsOH7SnnVpDHkr2J9Nr/eCtkeXxPGbnDl8MgTSX0yAT8Wfa+ieWwgPQ3eJHERJ30a3ZM5awJtNVA+ouSV8ITdTOQ7fIs7SWX6mico802tB/nypRG90dXE+jHyavdgO2qnzzTdQXM64AG+3pMbYdKErNnIzgWxZS/do689VXRs86zU5jGyGJOwy8Sn78awDbRgkkPPgoLv84G8QbvxiM/4E3EhikVjF9KqLYIzNbLTfJir6c2ByIQvEbUyAt2skaxwKtbb0rAt+gYp+PmN+ov85vL6vsLBA8hQPTZ01G8vWa2ylsNBq1mso4/l5qMjZ7JebX/HnnmmXi8Jer5E7Z4yvU6nwKDt6rg+QyPRfR5eSq8a5vmul0qNxeRPeARenokK8Yw3XdmBao/uZqng+9nExCg4x6+DDb1IM7WnUDPM9Eg3wgR3Zy5NHMZh3MjauH5gNr9F7t2ActRRADxZDcgInIk0mfR7zyoxo6YBrVUTLKFpn1zJUlxnI1azMy7tpOrOJw2eTBcwEGcfP8z2O4PjjmGd2Q3A9TTG9bGLSz6tVS+JSLlsw4s1T7TfEIiDNiX0bXNkqMSLiKt8f+qpHy3yq91BAjvKgggfr4rXofqDQFXvKPu/jdQ0JKFHzRUApyxU0PtpOG1ByGrL5fHgm5mhb2YlGBoEJxwqBUcFxO6oPWApp2ACZX/mODwgA0H8gR5yi107gVW9NFb8UosXUCAP4kwV0MNXaGPFgZxTgbOvec/fh9IiQD8075FDwzxa6k9BfpGssBoSZhbs8632VKxtzCCneQzWdK7kHc1uhgn4lgu0Bg0ahYKH3atmo5Povc5E4NbzqISI7SFkw+Qnfd/pRiZ38bhezmAJ+x6v8MPOomSTQduW/X7L39ko7n4A3IqdTlV4bDtL1w2DiMCFn8gNLfK1i5gCXTPeg+NIfmsXBlL8SlJ+D6BG42NGLst/aczSFuzjht60XkLTJe1ZlINAhMG6abxd7kH7TkI0NKzZAGDf+UmOzZXjRonpo7ys31E4woecuvmZMAER8UB/PoID2M22Ep9q7Qk36DPyl79TshennoMxGL9XyyydaQ7dx/IiVX0vwwVy6sx+/tVgLo5xR/cSswxynjkez28yKfyIjxOumEa5jRdgZGVXp18QqAxWLyP3rtG0DcMYKPSieEjgJNLn/XoW93aBLYonvaUB854LtDJZJ6nz927fHZMGLzmHpF4WJynoCG2lGIot2vXh9jElMZXnyGkxiq0ffC+v2E2+PrtOh6PjKa4JrXZyUdHd9feQ0QtkvjuB0EnbFGYVdwSFG0Gez1N86tsafQywN/EK4msAaoAE9qhg9yREzkKNnpO7oSvSeR36jyODiujGd1V6a1bVgoMoWUsCC+cvMpERvmLOfF8uW0dPRWRJVgoCOMuSsy0aAVodl9HCvDCokYjy1zOevK8oFTnQZwggRcfe08+kcG2YjW2NqA== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7a1a5e26-d572-4c67-f30f-08dc11cc07fd X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2024 11:05:18.8203 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eUPiaaY8yMHlDPm9yHRYadVFX2W3JcZukoLQRJhZa4wuixTm637u5JfNUkWyBY90eA/bHS20gdin4j2FWbsUqZhURVbXJ6sQxMV9n1rQQi0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB5990 X-Patchwork-Delegate: kuba@kernel.org We don't really need nf_bridge variable here. And nf_bridge_info_exists is better replacement for nf_bridge_info_get in case we are only checking for existance. Signed-off-by: Pavel Tikhomirov --- net/netfilter/nf_queue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 63d1516816b1f..3dfcb3ac5cb44 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -82,10 +82,8 @@ static void __nf_queue_entry_init_physdevs(struct nf_queue_entry *entry) { #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) const struct sk_buff *skb = entry->skb; - struct nf_bridge_info *nf_bridge; - nf_bridge = nf_bridge_info_get(skb); - if (nf_bridge) { + if (nf_bridge_info_exists(skb)) { entry->physin = nf_bridge_get_physindev(skb); entry->physout = nf_bridge_get_physoutdev(skb); } else { From patchwork Wed Jan 10 11:00:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13515968 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2112.outbound.protection.outlook.com [40.107.104.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 874C447A76; Wed, 10 Jan 2024 11:05:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="rDyCniIK" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Be7pupxgcGNEAi00MdqSVhjCic+e6Lnn6Acc338mCs0pR4/K/DOPLxvTbiWL6TyODP9eTbva2Qzk9Qt1t6yp1OimsyF6ttkTpSfoZDW2GX6fjOHwfw9Yyx71aOB39i541rkZ96KBkCkrGy2wZipbfcrdHSFyCYKKR6FcmI3/1aMx1hJep/t1pkLV3O1fAj+Y0ubadHu37YF43q5pTNbuRCnkVmQXVSXI1N3Fh/L0SrYenDHCCv0jscXQMwP9CsZaCRWbxZGh602cdcLEkVr/y283ukct3f+LYolzdxhZoqJlUtzhf0m5SU1THEKRxqgK27Z9Miv9A4DIcZ+9B6JKkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pe3cO7GjcJxW3na/CdSgUBO8HWJMSJUYmkXZwOyIE30=; b=bQY/bIPmUTUksQpN2YyOk4Rtt4bYoL6K+M8uTTVs+0TIZrGBloHAvRlql8z9NqiU70dWszwUPmUIzhVehTRlVH/EC/eKP4T8UlwV+RREejBXiC7xmJK9SRqkh1L3ICxA08+60LKz5jsAXm7AxMDIhKfie4WB6OsakOaTeYvVegafwn8H5cYeamAFTJpUOew71tcBQaeKdv3e5YiDKFKaxinn0opN3bMs4nSuGkszs6aCdMbMUD2csrfg6HR8973J4EzWLbWdabflRWfu/YWmQdPy+GjNaDI9iqwGgDbxCvOuhMy0yzfoRD5QWPRdJiaIv9lfXSQperdr1cEC+4gCrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pe3cO7GjcJxW3na/CdSgUBO8HWJMSJUYmkXZwOyIE30=; b=rDyCniIKsf0UWsyXFIbPg3Utmf1d93bZhtXP3Y9kf5HBsdl4MtUmoUFNTgthLXCAExQhpeCnPGklToe79aA66H9D2/C1p8Y+MwX1U6HPrT3dh20IWzULOZv5u7lp7IeJ9wphLFYQyroHAq+M7OgRHjt6dEelqTQD0t2sWinO7aeQOc5Y/ybBmTcZvn0sO2eUDJLnBIPM5gdeFxoTOwL+/COzRp+x2QRQgw+mPueGk42wiiQKnwv/ST1yCIeafTQ9BalR8zYrqE0xxY+3WT/pk+LMT+D1QRnis+ar8Eytt3BraTuu0xxPAyYNA9/clFumlaA5mpGl/csKyJZnJ6//HA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by AS8PR08MB5990.eurprd08.prod.outlook.com (2603:10a6:20b:296::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Wed, 10 Jan 2024 11:05:21 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Wed, 10 Jan 2024 11:05:21 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH 3/4] netfilter: propagate net to nf_bridge_get_physindev Date: Wed, 10 Jan 2024 19:00:13 +0800 Message-ID: <20240110110451.5473-4-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> References: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KU1PR03CA0041.apcprd03.prod.outlook.com (2603:1096:802:19::29) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|AS8PR08MB5990:EE_ X-MS-Office365-Filtering-Correlation-Id: 29ebc161-e4d6-4e7e-1cb0-08dc11cc098c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dJLwRJLDN8ctTpmdIpbRlofhVwbWHE/O0fgHQrJPUT3en0gOgGNuGZkJ4ROaM3cYh8kKwpWXYkuYkAuCDylhx+Gd21RR/eresVGWXu1NRv5bXXVQeIT9XcGfrqjjRHkBICnTuv+6ddnTS/P45yXubKTEvZ1j8v4uMFKr0Z/5C0vUSR+ss7+ztduFToC9gj0OynA36DjsJ5aL5NDJ69z5DzlrP0wP+bKlP14qTstCuzrqL7iM77z8DNHVyosKXt8U/tmVfVGlm84jkJfKH5CikH/tOZX2NZPjL4JjskR/94+Kw6sfyPu8heO4F51yg6mWwvp9ajq559re4bZx/wDrBo0LqoZ2ITfaH4LXw/nIwgmGzstp1lMkRVRDj1nn7cZ/DJTGRRJ6JnVsmv9ZgxdZOYXtTX/V48Y3fo5kowaYFgJIYjaNRyJhRYBjpS8WlEI7MyUsEPEIztnZFEy/Y0d7RPHYYtJvYOeXfRbm17eDGI+wOokIf8J5z0jd3i+br2RFvgndi25FRnLLixkdwwwCa3dJZsK66jw+0kDDAXuDqClG/4prI8WcUYsDCsnBRGSO X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(396003)(376002)(136003)(39850400004)(366004)(346002)(230922051799003)(451199024)(1800799012)(186009)(64100799003)(6512007)(1076003)(83380400001)(36756003)(86362001)(38100700002)(5660300002)(4326008)(6666004)(52116002)(6506007)(2616005)(107886003)(8676002)(316002)(110136005)(8936002)(66946007)(66556008)(66476007)(41300700001)(2906002)(6486002)(478600001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: C2Thc/jgWhBdAO8rTszOQMOa56aurQOvLLJsEYC+3+L5LkqmTJ1k6ys0vKZDIt243KrM37l4iHVT1ieDkcFwgRoe/lpkD2F4TFfClo2mWEVZpN4bdK6pl4BsefcGxFMLvwjkNWkdXaJsNVjiLUpcfvBQzTD82qoA5P1P2AJ+PGrhF0YVLvzk9iZrevVTgVeZ+1541nGUbY1mw/dS28VS//va0DK7/yKXUmxDI3alCBd1QwH4Fo85tN4EApAIG1lMb2b8sO3kwUJtN+26vSvfIdREyqVeMz4n3ttcYI9tPliFi0EpxxwoxeMaS1PzcqmRjWNjwbDcPUXFqF/S4gldwnRnTV7ZNdhbfIlkBiQpzNP0s6eOekwYqGHSTcyoDty42UuSatJl/GXAAYqTG8ZTRYkSAZU5GeuotOZyMPeJm9OOmv5o4xdRVYi0aLMTAGw0NCLB+41vB4lvbodqD/Hz4dECkKMkBcwY5fyX5LMRp00Av4FahBPE508rXqFKalC2c8mojmGAN8ylBThuLbbi5IMzjA3vdnwSsXAEPMJHmzKtDyBDGqAF52DjyFxcsvLMODyOFARW9XlF40fMbIStGZbf/aZ/ytXwBJhKgn6Vkc8MxRwiAjM0QWn3/MZD+3n8ozsSRTc8U/68GKzhWOmX6tnAEYzvlePUd8XDcbiTd6BosXW+3S+85XRNmCmZd1+3nRh4bK9gnNaq7VOe/9Y4zkDrfg57cb3DRQBPwoLwKBetnfkGSkWQwjoY7fo2xsGZ+git5pC/MPZEZdV8NHdefU5FquaJko50srB0gLp2F8Fq9a96+QTTWzNWMNO6A61jWAlTl3/8sGqLw2AwgD3GuQbcgQ+Qz5Uoi3wIZHtY0FCpnDF8E2iAZLwbngY1Zsyh1VOWvCXcxuDf21U+B8rL/pZtzxgVdtVwUKIMBIg0J+YZQAmin2wtH39xXzVdb7JKebTnz8UZigzfhbQ7EquHHjdCCbIplTh3rgeU0GTr3a9MEsKxUY3OZ/YHWRkri4HtfErMd6m1P1JjqjAhfPdKdoSspdkNTTJeFw8T6PG9DcHzfKtFVGFfJUSPu/G4DtDA8wXKUZ8qeSG5zuHn43udfvYxjJZ824wEDaF+BJhW18w9sO4mOGUw7w9iOFYgfQheY01yE6uLYy8xzdRqEXoRI247brWZsnZLr9zsAj8x1WPL+Kv7z/PhHC0prTwfXBYlbPJ66ekvKbpESM1fl+npqA4a+hV992uWd6T4IHbFEXeVys7M+bCW4Bs+LomiZEpLBEIioj4PldETY/KtbRK7OJgyApniEZ35JXLPo7Xks+PkBQh/mlGUPMYXmAtx2qUdgaP/zvokMRS1zmHNgtRa0hpQI9lxsbFbCoG6A0M0Td8eVLZCF3xB5UT9t/0SnL+ihpVR/K9H+qTjIx4bwe62dZexRSMYGLE2dDp57APKf7QbE3T05tFpn76tMBw/kyxJVJAtpk1/ffvke5/fC0aVgO6eqIru1vCe6hZWZRceKzo1jIX55MR0iChFs1QFEaArxXV8jgIHrAYD3g0/9pbHoqzt98TQm+5DfVxt5BJK3YadB3TLoV6ywQbYTsk4mv9yxarFj9+RLMA/JpNiX9GyEnyHk4WmDuENCui+WsYI6reaq4th9IY/ay82lN+oLswdWQ2EKUt9rRcmOK5mGPZ/Nw== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 29ebc161-e4d6-4e7e-1cb0-08dc11cc098c X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2024 11:05:21.3637 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3ailSpB743b9yviqeuPlki9OHjculBU/G/oA60jFI7ErZlE6nJZq3UvQN1rREYC1RyWkwVTzrz8V756ukOUgQfj2V9nzv1EWfak2n5dgp3M= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB5990 X-Patchwork-Delegate: kuba@kernel.org This is a preparation patch for replacing physindev with physinif on nf_bridge_info structure. We will use dev_get_by_index_rcu to resolve device, when needed, and it requires net. Signed-off-by: Pavel Tikhomirov Acked-by: Florian Westphal --- include/linux/netfilter_bridge.h | 2 +- net/ipv4/netfilter/nf_reject_ipv4.c | 2 +- net/ipv6/netfilter/nf_reject_ipv6.c | 2 +- net/netfilter/ipset/ip_set_hash_netiface.c | 8 ++++---- net/netfilter/nf_log_syslog.c | 13 +++++++------ net/netfilter/nf_queue.c | 2 +- net/netfilter/nfnetlink_log.c | 5 +++-- net/netfilter/xt_physdev.c | 2 +- 8 files changed, 19 insertions(+), 17 deletions(-) diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index f980edfdd2783..e927b9a15a556 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h @@ -56,7 +56,7 @@ static inline int nf_bridge_get_physoutif(const struct sk_buff *skb) } static inline struct net_device * -nf_bridge_get_physindev(const struct sk_buff *skb) +nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net) { const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c index f01b038fc1cda..86e7d390671af 100644 --- a/net/ipv4/netfilter/nf_reject_ipv4.c +++ b/net/ipv4/netfilter/nf_reject_ipv4.c @@ -289,7 +289,7 @@ void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb); + br_indev = nf_bridge_get_physindev(oldskb, net); if (br_indev) { struct ethhdr *oeth = eth_hdr(oldskb); diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c index d45bc54b7ea55..27b2164f4c439 100644 --- a/net/ipv6/netfilter/nf_reject_ipv6.c +++ b/net/ipv6/netfilter/nf_reject_ipv6.c @@ -354,7 +354,7 @@ void nf_send_reset6(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb); + br_indev = nf_bridge_get_physindev(oldskb, net); if (br_indev) { struct ethhdr *oeth = eth_hdr(oldskb); diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c index 95aeb31c60e0d..30a655e5c4fdc 100644 --- a/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/net/netfilter/ipset/ip_set_hash_netiface.c @@ -138,9 +138,9 @@ hash_netiface4_data_next(struct hash_netiface4_elem *next, #include "ip_set_hash_gen.h" #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) -static const char *get_physindev_name(const struct sk_buff *skb) +static const char *get_physindev_name(const struct sk_buff *skb, struct net *net) { - struct net_device *dev = nf_bridge_get_physindev(skb); + struct net_device *dev = nf_bridge_get_physindev(skb, net); return dev ? dev->name : NULL; } @@ -177,7 +177,7 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb, if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - const char *eiface = SRCDIR ? get_physindev_name(skb) : + const char *eiface = SRCDIR ? get_physindev_name(skb, xt_net(par)) : get_physoutdev_name(skb); if (!eiface) @@ -395,7 +395,7 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb, if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - const char *eiface = SRCDIR ? get_physindev_name(skb) : + const char *eiface = SRCDIR ? get_physindev_name(skb, xt_net(par)) : get_physoutdev_name(skb); if (!eiface) diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c index c66689ad2b491..58402226045e8 100644 --- a/net/netfilter/nf_log_syslog.c +++ b/net/netfilter/nf_log_syslog.c @@ -111,7 +111,8 @@ nf_log_dump_packet_common(struct nf_log_buf *m, u8 pf, unsigned int hooknum, const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, - const struct nf_loginfo *loginfo, const char *prefix) + const struct nf_loginfo *loginfo, const char *prefix, + struct net *net) { const struct net_device *physoutdev __maybe_unused; const struct net_device *physindev __maybe_unused; @@ -121,7 +122,7 @@ nf_log_dump_packet_common(struct nf_log_buf *m, u8 pf, in ? in->name : "", out ? out->name : ""); #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - physindev = nf_bridge_get_physindev(skb); + physindev = nf_bridge_get_physindev(skb, net); if (physindev && in != physindev) nf_log_buf_add(m, "PHYSIN=%s ", physindev->name); physoutdev = nf_bridge_get_physoutdev(skb); @@ -148,7 +149,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, - prefix); + prefix, net); dump_arp_packet(m, loginfo, skb, skb_network_offset(skb)); nf_log_buf_close(m); @@ -845,7 +846,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, - out, loginfo, prefix); + out, loginfo, prefix, net); if (in) dump_mac_header(m, loginfo, skb); @@ -880,7 +881,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, - loginfo, prefix); + loginfo, prefix, net); if (in) dump_mac_header(m, loginfo, skb); @@ -916,7 +917,7 @@ static void nf_log_unknown_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, - prefix); + prefix, net); dump_mac_header(m, loginfo, skb); diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 3dfcb3ac5cb44..e2f334f70281f 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -84,7 +84,7 @@ static void __nf_queue_entry_init_physdevs(struct nf_queue_entry *entry) const struct sk_buff *skb = entry->skb; if (nf_bridge_info_exists(skb)) { - entry->physin = nf_bridge_get_physindev(skb); + entry->physin = nf_bridge_get_physindev(skb, entry->state.net); entry->physout = nf_bridge_get_physoutdev(skb); } else { entry->physin = NULL; diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 134e05d31061e..ad93dd77e6071 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -463,7 +463,8 @@ __build_packet_message(struct nfnl_log_net *log, const struct net_device *outdev, const char *prefix, unsigned int plen, const struct nfnl_ct_hook *nfnl_ct, - struct nf_conn *ct, enum ip_conntrack_info ctinfo) + struct nf_conn *ct, enum ip_conntrack_info ctinfo, + struct net *net) { struct nfulnl_msg_packet_hdr pmsg; struct nlmsghdr *nlh; @@ -804,7 +805,7 @@ nfulnl_log_packet(struct net *net, __build_packet_message(log, inst, skb, data_len, pf, hooknum, in, out, prefix, plen, - nfnl_ct, ct, ctinfo); + nfnl_ct, ct, ctinfo, net); if (inst->qlen >= qthreshold) __nfulnl_flush(inst); diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index ec6ed6fda96c5..343e65f377d44 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c @@ -59,7 +59,7 @@ physdev_mt(const struct sk_buff *skb, struct xt_action_param *par) (!!outdev ^ !(info->invert & XT_PHYSDEV_OP_BRIDGED))) return false; - physdev = nf_bridge_get_physindev(skb); + physdev = nf_bridge_get_physindev(skb, xt_net(par)); indev = physdev ? physdev->name : NULL; if ((info->bitmask & XT_PHYSDEV_OP_ISIN && From patchwork Wed Jan 10 11:00:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13515969 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2093.outbound.protection.outlook.com [40.107.20.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60B8C481A2; Wed, 10 Jan 2024 11:05:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="fQikDrRd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KQlq00Tzq7P/mMU56rZMU87LnsAH7sBdzeQrvmmiP1Kx0hnhlC9Gb83QCc4iKjXdMXVEwaQDmzsVo8iOsMZqefo9nRMhwSA1dJuFIqYwSL3oylHkHW6BROpSediUvy8cyycVHUnfAWsHjZQiElarHBTRlruUh9yo7gafcywVUQYznibI2hN1lPO9PFwy3VvySEDNQL+Ey/oBfRUBgvqmdzw1BGHtzX/p+d7kpU51DIX0rrsvP7E4cnKljiRt+szXsLDstqdfmzcUh5cMarHcjvlzywRoH2GOJuidIf88qw8nb55uDv5fK9eVqk5nXtmPqsNl6APeQosrtXL8DhOKcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=34SaKBO8OIgvatMNnolEBX4W5FSr2id9kZsI7FyTqys=; b=ZPUy55Xwr8KTCW1iLqcFf1CG4O7vz9zZ/LVtdwAmUY+H+GTxv/1wNke3zRvkpY7sxlfWiytnPN5kgHETEgr8wi1lLdNonhcsrsk3O4yW4PfJd2tfcAAqCnk1ejtgDz5CdE2NVc1vv0tGtHEJD5Ri33QHufiGtLEuZQI8fF5HXzZLjDaB6R+oOZSBxB2GVqCvEJoABOBwVwjfZlaD/WIYJ9VMpwHFAaD7IuVDQd313x81Z08RtWAkhT0+Z4nvLxPnlqsAYWg8tw4Jym5lJd2DdCdCItoqWhaivYCtUzKH1c5xuSk68lUfFT6mt7lhMg5Izj5thnJlF9TgDJGnaoqeDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=34SaKBO8OIgvatMNnolEBX4W5FSr2id9kZsI7FyTqys=; b=fQikDrRd6XiLN8CsN7EiPssmZbnrfoyf6XwhpNlkxKxA8ksYhmtdnG83YPXb+Cq0hiZb1sck/nXvEzeEffkwWCFB9GGTGTaqQfdc27KUZYgZpleMjXtptMo33HVjX1arZlMBEvX5z4/T4TXqwFgEffy91+ax8bTUPYOXVDQLR38VEV5QJsyWVF45bC449AgAH7+R66eAGZNc7TRZFBesf7VUsdXc+b5vSYl8gNCc249gmTaMQCsDVKzq/6QGfpDkn7ZUBSvtnpI9MIwL5WwL6Lm+4mLb66UZwBl8oNrHwAQWazgF6ZH0wqUhWpUS9d31r4wrgiJmmej9tVsDxnqNnA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by AS4PR08MB7532.eurprd08.prod.outlook.com (2603:10a6:20b:4fb::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.17; Wed, 10 Jan 2024 11:05:24 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Wed, 10 Jan 2024 11:05:23 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH 4/4] netfilter: bridge: replace physindev with physinif in nf_bridge_info Date: Wed, 10 Jan 2024 19:00:14 +0800 Message-ID: <20240110110451.5473-5-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> References: <20240110110451.5473-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KU1PR03CA0041.apcprd03.prod.outlook.com (2603:1096:802:19::29) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|AS4PR08MB7532:EE_ X-MS-Office365-Filtering-Correlation-Id: 65b2cbca-5443-4bb7-3193-08dc11cc0b26 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2DoP/lVTTg00MsOIF6OSyiHhYpbVWe5TiVSYFIjnlPtl/AOoieGap9Jay8RkE+Vn4dIm8DQDOZuLgOK8CV+dBusvbIkfP3+/ejlp07NkZWfrncagAMLJ2vDw4X+2C3u88+FKWs/2vv2JRb1ONaKstMnM3Xg8J+IBST+RZbLQYhuW+qWMc84yQCOMF8cYwUHYAvGSbqeOK8JqSyjvlOD9TilS+2mIX0nG12GtF7J1gGRrNzei80n1jhoKrCAjdUgPPyhPY7leRIb3Az2aiFuH7FnK4/8QLlBhFQjCu0Z4jCDH2wBdfcSNnbASv/ArNEVywkGCdj+gzTKo9Op+YOa4s0g/gPadaKCmIuZ1uwvEM+FXGj4dtYrZNmXHmtR83nx+Zwy8AMwKasnXwQNbY5GfurKy6fjAE/uWIp8X56bxbSKhrl47woRppBaoNKbouP/weAfXa8Fq+qN6ZLXwbhVHv55Ns0kGbay3/pqM/7aSa4gGUmFIkQsYiSeDWLOKvhdLU6yZUcWoqKEx6SiCrWXf2q+OXioKLow9Q0VsXDBm3QA8OPTcFUJMqSm6SlHO9L7d X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(376002)(366004)(136003)(346002)(396003)(39850400004)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(83380400001)(41300700001)(86362001)(36756003)(38100700002)(1076003)(2616005)(107886003)(6512007)(6506007)(5660300002)(6486002)(2906002)(66946007)(66556008)(66476007)(316002)(478600001)(52116002)(110136005)(8936002)(4326008)(8676002)(30864003)(6666004);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Qkrc64uKJu2w+WqKAqtP8EVTn96ALJJpU/cpHGeusMPRkCJtres1YDhCq+ezyfeoeztYRchoJt/5uhG0CDDsM75ngmgpQjE/GhqzkW+rFP5DPuHTQJbNXhMQk0qvdalhysQC6Y/jbrhC0GvJXTRq17s9DMJFtXkWF4c/kF/8555CAXfCMxn+3mWPAQ7M9f35phK0fPHrNf1+eJtIzMfhokrgGUR0Hh87UrQIUiU+o2EmhwqtVJwLnTF/zeyZCe20ZUzjQQpuGeYzpRut1tEvAcFl+VOa7B5NN/f1Lvt7gIqfVSr7PBTaOaKzqZ+UvJly83Z9BoEFUbS+SgKCkX0ITnMZkC3ose+hQ2zLs5zGjl+3m6Hik3+umuKsAYnVjZvV1K7OvXBHvmF/EPZoxXgKgGZ3kLP+q8Ejdc6GR3cQ8EUiZuOYnHA6wOgJP/1uEEtwXkYXIA6E4AGJppgsXL0N5x79Z5oOrp9009Vz25HsmmuUUXTs8wkRKQ0ycCuO5KyIXo5NCrL2cgJVWa1PzEbqubc2TVkNsEECdJ0ORv0jo04Cndl1rKqzHz8DmFQ1oQbvd6O1lKXcZrKnV/4RwMFFsFp4HgSzzZaAgdWQoNwuSToJPSmpQHfbyVyj4PbSHVYdxxuC/kjbw5I6v8VV31FcSagvcsuYju561O3PkoRUOif7qey8tplaNzp3Y5YX0DAIPuGAUy/TuPbKOmSPVdijzgU13q93TLurigsqgeF81DbtXkSWhNZ20jJ8ZSYTMplTukjqlK8FloW0DldndMEm2wW8zuHqKwoZZ1Mej09EZopBzo3crq824g06CnsbQiQE1IXp2ZdGloo1qlghl1Cq6ycw/mMPmSoHGF5YfdZTo/UXVIhahjFuP8pNvphCzRF15gsO0gsJ9Cf49qv/pRpw9I2+Tw2uBbQ3wUw63UadkGSoSwa9WP/9/7HMCg/USz3djQ2ExGfmek8Ag4HeDD8/y2hLpDIvnTNPVB8WMYjBAfcUCOGUeKSkz2xwFiYTcR33ogM4CMPCX5cGZRucUFHxxg2SRs7h/Pb8+rLBbXPcibsQNBItdfmXp3ZoBrvRofciFWdGGqUTM8DRcbsIqk6YTtKz6IQwEPCF36Eq8ZzkJw1TguQ3BflfvEPata3e/QY5v9Gu5Uzfv+PSMPggX7eZ//Y98M1u74nan0iCtv957mha/TF7RsrIRILGt8ruLACWrli3/1uxh+cvXQ9kUN0WgekdT2lueMlkRqJzUchPVyg4/qJHnBq2RFdVsY9QCdUljSUB8B+1xyHwpAXdCwmmuk8xAB60ewPrcA/Nlvk9Co25+yg1vODyI49HG/mfaKa+wde9LIpId1SyVPqqUBmpUoUqzaDdntfa6HHD+iBw+WcWuLXyeTW6aEJUZJCfXH73AJBePvlP/vXA/UjkX8WssepSD0fvYy82KRJ98qWrYO3XSmSl4RReSMKqGSpoqk74WAOGargJQLON6cj2Ta1eVue3Nb97LazimSufqHQxIuETcbj/aSVB1tGFMaFEt1XjzkQAwHcjUHSJFAQqihbXJ070NyjekOYzkw3E44cEVktMPFKWUojBv+MxJDA1V0I2DPu3qEbX/W4VKx7w33eaIl+95T30i/hixNHf50yKLK5THsE8/ES7+3ypv7tl9nsIhJPivSEfARANsekCn66/Yw== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65b2cbca-5443-4bb7-3193-08dc11cc0b26 X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2024 11:05:23.9004 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JXtKvBAF/nrfjjBNkS6bzq7kjAC3KW95n97k1lbgFEOcx+4mi+Hdqb3mrcQbukXcXqDLJxKkqMQYmkdO9zRdFMjTabEs1GnwdKEBvlnlR08= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR08MB7532 X-Patchwork-Delegate: kuba@kernel.org An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neigh_flush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arp_process neigh_update skb = __skb_dequeue(&neigh->arp_queue) neigh_resolve_output(..., skb) ... br_nf_dev_xmit br_nf_pre_routing_finish_bridge_slow skb->dev = nf_bridge->physindev br_handle_frame_finish Let's use plain ifindex instead of net_device link. To peek into the original net_device we will use dev_get_by_index_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb. Suggested-by: Florian Westphal Signed-off-by: Pavel Tikhomirov --- I'm not fully sure, but likely it: Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") --- include/linux/netfilter_bridge.h | 4 +-- include/linux/skbuff.h | 2 +- net/bridge/br_netfilter_hooks.c | 42 +++++++++++++++++++++++------ net/bridge/br_netfilter_ipv6.c | 14 +++++++--- net/ipv4/netfilter/nf_reject_ipv4.c | 9 ++++--- net/ipv6/netfilter/nf_reject_ipv6.c | 11 +++++--- 6 files changed, 61 insertions(+), 21 deletions(-) diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index e927b9a15a556..743475ca7e9d5 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h @@ -42,7 +42,7 @@ static inline int nf_bridge_get_physinif(const struct sk_buff *skb) if (!nf_bridge) return 0; - return nf_bridge->physindev ? nf_bridge->physindev->ifindex : 0; + return nf_bridge->physinif; } static inline int nf_bridge_get_physoutif(const struct sk_buff *skb) @@ -60,7 +60,7 @@ nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net) { const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); - return nf_bridge ? nf_bridge->physindev : NULL; + return nf_bridge ? dev_get_by_index_rcu(net, nf_bridge->physinif) : NULL; } static inline struct net_device * diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index a5ae952454c89..2dde34c29203b 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -295,7 +295,7 @@ struct nf_bridge_info { u8 bridged_dnat:1; u8 sabotage_in_done:1; __u16 frag_max_size; - struct net_device *physindev; + int physinif; /* always valid & non-NULL from FORWARD on, for physdev match */ struct net_device *physoutdev; diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 6adcb45bca75d..ed17208907578 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -279,8 +279,17 @@ int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_ if ((READ_ONCE(neigh->nud_state) & NUD_CONNECTED) && READ_ONCE(neigh->hh.hh_len)) { + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(skb, net); + if (!br_indev) { + neigh_release(neigh); + goto free_skb; + } + neigh_hh_bridge(&neigh->hh, skb); - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; + ret = br_handle_frame_finish(net, sk, skb); } else { /* the neighbour function below overwrites the complete @@ -352,12 +361,18 @@ br_nf_ipv4_daddr_was_changed(const struct sk_buff *skb, */ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { - struct net_device *dev = skb->dev; + struct net_device *dev = skb->dev, *br_indev; struct iphdr *iph = ip_hdr(skb); struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); struct rtable *rt; int err; + br_indev = nf_bridge_get_physindev(skb, net); + if (!br_indev) { + kfree_skb(skb); + return 0; + } + nf_bridge->frag_max_size = IPCB(skb)->frag_max_size; if (nf_bridge->pkt_otherhost) { @@ -397,7 +412,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ } else { if (skb_dst(skb)->dev == dev) { bridged_dnat: - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, @@ -410,7 +425,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ skb->pkt_type = PACKET_HOST; } } else { - rt = bridge_parent_rtable(nf_bridge->physindev); + rt = bridge_parent_rtable(br_indev); if (!rt) { kfree_skb(skb); return 0; @@ -419,7 +434,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ skb_dst_set_noref(skb, &rt->dst); } - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, net, sk, skb, skb->dev, NULL, @@ -456,7 +471,7 @@ struct net_device *setup_pre_routing(struct sk_buff *skb, const struct net *net) } nf_bridge->in_prerouting = 1; - nf_bridge->physindev = skb->dev; + nf_bridge->physinif = skb->dev->ifindex; skb->dev = brnf_get_logical_dev(skb, skb->dev, net); if (skb->protocol == htons(ETH_P_8021Q)) @@ -553,7 +568,11 @@ static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff if (skb->protocol == htons(ETH_P_IPV6)) nf_bridge->frag_max_size = IP6CB(skb)->frag_max_size; - in = nf_bridge->physindev; + in = nf_bridge_get_physindev(skb, net); + if (!in) { + kfree_skb(skb); + return 0; + } if (nf_bridge->pkt_otherhost) { skb->pkt_type = PACKET_OTHERHOST; nf_bridge->pkt_otherhost = false; @@ -899,6 +918,13 @@ static unsigned int ip_sabotage_in(void *priv, static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) { struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(skb, dev_net(skb->dev)); + if (!br_indev) { + kfree_skb(skb); + return; + } skb_pull(skb, ETH_HLEN); nf_bridge->bridged_dnat = 0; @@ -908,7 +934,7 @@ static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) skb_copy_to_linear_data_offset(skb, -(ETH_HLEN - ETH_ALEN), nf_bridge->neigh_header, ETH_HLEN - ETH_ALEN); - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge->physoutdev = NULL; br_handle_frame_finish(dev_net(skb->dev), NULL, skb); diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c index 2e24a743f9173..e0421eaa3abc7 100644 --- a/net/bridge/br_netfilter_ipv6.c +++ b/net/bridge/br_netfilter_ipv6.c @@ -102,9 +102,15 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc { struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); struct rtable *rt; - struct net_device *dev = skb->dev; + struct net_device *dev = skb->dev, *br_indev; const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); + br_indev = nf_bridge_get_physindev(skb, net); + if (!br_indev) { + kfree_skb(skb); + return 0; + } + nf_bridge->frag_max_size = IP6CB(skb)->frag_max_size; if (nf_bridge->pkt_otherhost) { @@ -122,7 +128,7 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc } if (skb_dst(skb)->dev == dev) { - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, @@ -133,7 +139,7 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc ether_addr_copy(eth_hdr(skb)->h_dest, dev->dev_addr); skb->pkt_type = PACKET_HOST; } else { - rt = bridge_parent_rtable(nf_bridge->physindev); + rt = bridge_parent_rtable(br_indev); if (!rt) { kfree_skb(skb); return 0; @@ -142,7 +148,7 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc skb_dst_set_noref(skb, &rt->dst); } - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, net, sk, skb, diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c index 86e7d390671af..04504b2b51df5 100644 --- a/net/ipv4/netfilter/nf_reject_ipv4.c +++ b/net/ipv4/netfilter/nf_reject_ipv4.c @@ -239,7 +239,6 @@ static int nf_reject_fill_skb_dst(struct sk_buff *skb_in) void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, int hook) { - struct net_device *br_indev __maybe_unused; struct sk_buff *nskb; struct iphdr *niph; const struct tcphdr *oth; @@ -289,9 +288,13 @@ void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb, net); - if (br_indev) { + if (nf_bridge_info_exists(oldskb)) { struct ethhdr *oeth = eth_hdr(oldskb); + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(oldskb, net); + if (!br_indev) + goto free_nskb; nskb->dev = br_indev; niph->tot_len = htons(nskb->len); diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c index 27b2164f4c439..196dd4ecb5e21 100644 --- a/net/ipv6/netfilter/nf_reject_ipv6.c +++ b/net/ipv6/netfilter/nf_reject_ipv6.c @@ -278,7 +278,6 @@ static int nf_reject6_fill_skb_dst(struct sk_buff *skb_in) void nf_send_reset6(struct net *net, struct sock *sk, struct sk_buff *oldskb, int hook) { - struct net_device *br_indev __maybe_unused; struct sk_buff *nskb; struct tcphdr _otcph; const struct tcphdr *otcph; @@ -354,9 +353,15 @@ void nf_send_reset6(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb, net); - if (br_indev) { + if (nf_bridge_info_exists(oldskb)) { struct ethhdr *oeth = eth_hdr(oldskb); + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(oldskb, net); + if (!br_indev) { + kfree_skb(nskb); + return; + } nskb->dev = br_indev; nskb->protocol = htons(ETH_P_IPV6);