From patchwork Thu Jan 11 15:06:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13517512 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2096.outbound.protection.outlook.com [40.107.20.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F8934EB52; Thu, 11 Jan 2024 15:07:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="X7Zj/aYi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eU+FhpiS0Q0SLj7v5EkmEu0yF09yfscBrs6hI+9ZmTfZbqbtgO/prJQnOhoIz1T3eEbRqf7dy5Hwv5WuIrymwC81lpnY6JcSFIFQKfJJF49OfOIwT4H9cmYbLr34IJemFDEYUOUXrI9Yekn5Aq9xkwHQz0z2SJegP39Jb9wERBEIUzhnDn1XVg8zG6iOtuq75yev79XN8TdeM3iJgvVuIxiucWJSWafTgp9S3tduBvyqjFyDDqsidcm0ep1NhVtK7WpT8VPHU6uAk+Sso6tv03I/oywEVNEh6cbMwZgpcr1m5PYPMMBOdDjP4k0+IGDAN/TXjZmFJlMQQM/AWzlYZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dHFID7yZPMUZ0kqhXE4bLvAGq4gFBZ1ilWbpG7XzBNg=; b=K1WcZE9EXDciJIwboqhoWC1ytm/oQ8Sd0/4o1xTqCxOop/Kht7UUmGhlxzAg63v5/NG7yIMHHxLTUlVAy2YlLdgexHLiAOKShqNq63Nec9K8jVqgjubn8zbl+a7de4nxRBGqRaRlenIePe5aceb8PXRj4o6r1zw4uuE883E9UJjkIjOv5E6FoePasebRtjLb7SraUwuGOeEwZrAvo6Psypy25xcuQTkwR8RPo2WJatJfTyzo6Rndnb91K5s1lyVO5fQ+mQOCmvj8EF8KjbcQCUeEvtQLI+gaejyL7Bz1NWavN+NXJqA+sWBmwpDYj4ZCp17xvaEsJ6A+r5mttCwUtA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dHFID7yZPMUZ0kqhXE4bLvAGq4gFBZ1ilWbpG7XzBNg=; b=X7Zj/aYih9C5Y9DuzbRaieuoxUfbTRpxQ3upvxZB3sruYFVa3f+g21Xx6uykE+zZG1nfsp47b/dvnteT02lU2BAmmCjZVPDriKbjYoAEyNPQ6EAzf7b6ZojGj9NBgXg/y2mr+KN0Xx4piCFOC5HGowQvaYRAYgPoAxpDIEAJgEgzGv/HtekPjC0ppnJKPlksPiBEErp/tMrhlqsJedz0BfBsZ2NRerNY+BP95KK1rYzngbtYhdbTAVCw+9JjAPoZWe29mxyYT+PcZrbkWN1jyQsyWXC1AW9AZy4TLMQK1tkyOIJK9a677y+CZea7A4HpdM9nnHqtRS0JeNyy+3WLvQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by DB4PR08MB9238.eurprd08.prod.outlook.com (2603:10a6:10:3fa::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Thu, 11 Jan 2024 15:07:07 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Thu, 11 Jan 2024 15:07:07 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal , David Ahern , Jozsef Kadlecsik , Kees Cook , Nikolay Aleksandrov , Pablo Neira Ayuso , Roopa Prabhu Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH v3 1/4] netfilter: nfnetlink_log: use proper helper for fetching physinif Date: Thu, 11 Jan 2024 23:06:37 +0800 Message-ID: <20240111150645.85637-2-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> References: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KL1PR01CA0132.apcprd01.prod.exchangelabs.com (2603:1096:820:4::24) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|DB4PR08MB9238:EE_ X-MS-Office365-Filtering-Correlation-Id: 5924aa60-941f-41d9-0e32-08dc12b6fa5b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Bh5mPl26c7fl88e/lOFs1XxrMNTVfpzwgFfXWh7T50FYvwys6t4ImH0lJmQjlWwQ1B+IuAJTcZIegfMVSsGsMIMQ/Md3lUzLgYIVRU7DdQ3OWKrp8gS1Vft27tmuoCHkDHJ4v4a7ZzLBNBOgAVb/M7exbbPIS5MqqEE3aQwk/8KfyZ4cNsmCA+gtAY4tsRf1bq8McfH5PRheqEWLmRofL8w2ItiXfb8jtWMSusdWU8Y8aAjIbJgSB4MZ1xQzdespE8BrHBZo5/bwOyJr3zOD8iBmDQWVb6ZenK+7WS+jzIUaLToLTd4bj+3iiIA9UWcrGVLRwImZUFqL9+rPQUu1Lv6ErIVMsvaCoD1T4zxMmZIkfmN9q/JEWDchXJIMNhhd2y2wWvaOymZoqOJQpbSXcqqRKYNHBBNJbOnSqzjwAVNUblUS21tLamUa66kwrMOSTxodyJxbAAI0bMPvLkudt+PPiO4zTVb+FSPWk/mJnlV8r0d6hT1MWhtA6qr8fBypj0FjZdtmQGF8BU1n0vJlvOQwyxdbNteoMaknkAIaGKCJQOxybyk4vxHjaDx4eNMHuMgK8wElO6DAK+Jxafg6pvNmUNYjJ8epGMHFi0+zoJM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(346002)(366004)(376002)(396003)(136003)(39840400004)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(83380400001)(41300700001)(36756003)(921011)(86362001)(66946007)(38100700002)(107886003)(316002)(2616005)(1076003)(6512007)(66556008)(478600001)(52116002)(2906002)(110136005)(4326008)(6486002)(6666004)(66476007)(6506007)(8676002)(8936002)(7416002)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 7Z6PY8uxaH9N/CVrGrYnRbRMXakdebll+nPs2K/EwkdfCTySD3yC+0hzye8EqhwE6LvVluepOE10q+EcocN4dr9tBuO7wN4XoIGz+JDE1ZpIkSb5GS2Qscb3k1LQmJdM2SV4dj1eXtuaJXYXKfuVwiPKC/dggdsWCEdE15UX8BmZsK0WDSLorvJbUcyhrEkot2xRWRfZBzcQG2skm+kvlBt9WNWHLCuQFQFqposUMNpHR6Cv5y3sbaLayqz6/VDY05i4rwBrBUKm+sbOAit/ihKv9ix25SAu/iV5lGN7o6w7p9ZRM0/NPFJ7/oE3Ao7Yui8JQYBUwtIkX4BkCfpGvDvr5lhK35uG45LWji+RZsa2S9MEbbB6/qOrptUCFgF8D34/H4x9ihJ0VkAY5lUfAjOsb++xePxRXYMOkZdnR9TJONnepOZq6oGIYeem4tXh9eq0Z+u+qO2RGTTSsoqpSwYsNjE5Rj+Jl2et8Qo00OZu+S0JRYZQDyuUsx9stpXqYlXpLr4vEKF2o6qlO8237qSzNWU9FKk0w4CofTYTX6g29MlQ1yniojGHh6YoREb75ku75QYaIBFF++kcqgYGXynmEjSmontN+QyIG9OMu+mwHl1wNPx6sPBfwmiIUarz1FF2EVxd8yVijedStVa86/HvUib/d/b8K6DF4rRQmqbOc9yJBqo+T+U2WGdHmR1KbMjHiYQbY3IIdqk9fmago1bwAe1QupBF3bSbDN6WQoVpaJh7lMXJercmmex5on2vM41Su8DiSM0ufJwGeQbImt+mALYdbR7rNQQwDfhSU2OgaHhIxWUevuMDvEzAripqu6pqoAzk36dKj5LL0rbfRKJd4NpllsaoBZPXByQy1xsmByhrx9pDh34pvBjrkVhhajpjwNUsdVNzmMnGlNKJmm14580GI01qwbBLJoiK5nDAprnBXV3YaYZIE4kRiI2W1AFCjHDIY5KhGm90SHgO45Ft+KKcW8q4dutPvOq2C8hHS64knnDzhMDu5jnh5netTWxWGZTD3bOxPRE2uNc0UYnyxXR7uGJ5fopOjf4DX8jEAGbeqlp7S5arWgZNAL3HeIlhxzGRaeI9fDWM1LU21TZV+EdOWHjf4+Dx6izFC4N3G85mjwBkEnbKriP3Z3wRsj4Rlqnnht+uNo6TWQrXffwEhsrdGMqy2fvpoEiD1aoAKbVIZPx48/wt7dflMR+rwbwJLQZLHQOR7dkA9mWbcjCwERZRp/PKTCN35PVRMSxHLhR/yxzG/3DLfh4LW9gewQ8F3jm7UZNg5NM1uSYzTSiUbVb6+n3dmmu5cheIBVKK99QXAp2aEhd219iquzit0O3nCDBM5mn+bv9bzQf6F5KQ41oClE9c4HsYoFonzOZZ+J9uTBnKauYt3J0adSFPWp0uFJSUkUZVDrHNStNqtV96MxEYvhi6kr1+oh8PbvO0oqE7UCXbNI/gdg8GfmeMjIC2CG4q6QH4nwKFsGSR3snYu1LDmeTkCBnQ4toyQUEbNIjro6QSs0Dgib5OgFLJoE6T8IOVhYK7Gm2FO9cdrNZcM9EyXqG+JswsEd6wfCk8NHny/Lb7rr73iJzaL7ktUcE+zse28WQRUAYAE4F1gIuljnHsvZYOkDoTatveQQ6xoNIeOw95BZRK/IPpWKr9pm6jMA7kXP55FoW3fsK+bA== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5924aa60-941f-41d9-0e32-08dc12b6fa5b X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2024 15:07:07.6425 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NbMAvFUE5hXFSENVCG8BNOFNDzDX9ot2ymF5ZB0StIkMEsUnMTQUdJDlzr5fcnZqLARPFZE+sqAzkDcnZLpPNWyjAgyYk5/A7c9zlN3fw/w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR08MB9238 X-Patchwork-Delegate: kuba@kernel.org We don't use physindev in __build_packet_message except for getting physinif from it. So let's switch to nf_bridge_get_physinif to get what we want directly. Signed-off-by: Pavel Tikhomirov Reviewed-by: Simon Horman --- net/netfilter/nfnetlink_log.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index f03f4d4d7d889..134e05d31061e 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -508,7 +508,7 @@ __build_packet_message(struct nfnl_log_net *log, htonl(br_port_get_rcu(indev)->br->dev->ifindex))) goto nla_put_failure; } else { - struct net_device *physindev; + int physinif; /* Case 2: indev is bridge group, we need to look for * physical device (when called from ipv4) */ @@ -516,10 +516,10 @@ __build_packet_message(struct nfnl_log_net *log, htonl(indev->ifindex))) goto nla_put_failure; - physindev = nf_bridge_get_physindev(skb); - if (physindev && + physinif = nf_bridge_get_physinif(skb); + if (physinif && nla_put_be32(inst->skb, NFULA_IFINDEX_PHYSINDEV, - htonl(physindev->ifindex))) + htonl(physinif))) goto nla_put_failure; } #endif From patchwork Thu Jan 11 15:06:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13517513 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2122.outbound.protection.outlook.com [40.107.20.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B87E4F8AE; Thu, 11 Jan 2024 15:07:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="gL4dqjCp" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fZhrcNrqNTmHfGAkTXSa3JhYIsb6a3dFsfZ0P/fWInIOUcyR7QSOmKBcnxAXlk9PIVH421GOGKQP3sJvmeundEOjKOQhsf6kHn7DRYgnnfTB3ib+eqtN3EOs8WIFmkpedT+C8MbQNilehSBj1kVoGZ2mP5coc4B/nHIaIqFgD8mb2NdILrEsd3LFXzcXY3OG4n6Z8AqUdmF+kR7t1nLM+6hshpx86dNrdFeBwdvSsgwfE/T5QYy6vegLuZUNHyT2DyR7/AZHrYTjv9mA9N5G0MlH/Ly3P9SyOAgi0yng/GzCfvvYHTQjwWQsznMFjYEZBSrgECcqp+Rp5kXN0Ggiig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kVI05A05vZ9RZ3xCdO/vIitX03AtEFJSRyZlFjianXw=; b=hFOuNwWOjknTKCruZmIBa5WUik5ca/CwYCE0FO1GE8UQQAwIzF1pxxsbLI8/rbTIgzVOY5oJrwSk4LS/4CHZfTk2xekR+T7X27Xj0lmgOE7dStZ2lESnq9C7RcinPK8K0HhJWOjwWE3cHrACHpiKUx9q8xGbltG5TXDJM4QVN3q+QDmrnXen/g9Aky2R8lH0Ww76cYu/DZgx6jrc5D7DIi0SBdVuQnZ8dj0eHrog72B/2PC/bnuhNHE99Cndt/fZ+1PLiGcFCmDEuwODpLnrKJEV59K/FSZN9nDIs/a+YZXPOE9+T2XI3dAxPRBFW0s9j4JGJ4B4h3ZivqUw8YWrGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kVI05A05vZ9RZ3xCdO/vIitX03AtEFJSRyZlFjianXw=; b=gL4dqjCpSFTFznMd/fI36okyKbLZ2Jicycy0SLvdJTc8fE5vx4XA5DEuiwy966MpL4TSwKfkFbz13U9xNJ77cb7hMmtHRSc6lGe2UxySX3h10j6EzqBMS9QrPo1yLvQpw15wNdOUw4dkVjNDbAF+5vovtiTVnHMjkX6umcCaltInvjQNfJBR11iy1N4a+e/utT5zTM7FAdIDO20wZXW+doeIQW56+TWGuJwIvYreAcoBx0a/kfxqfcDKORj9Lo966s9m1e+ABWhsASnFY6fBVrFa0sz5ZD0Kh+2qMxPO0kIYjzIBdeQ5sr3teMOpWWgTPnaT4MT00PW05l0pAF2Njw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by DB4PR08MB9238.eurprd08.prod.outlook.com (2603:10a6:10:3fa::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Thu, 11 Jan 2024 15:07:12 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Thu, 11 Jan 2024 15:07:12 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal , David Ahern , Jozsef Kadlecsik , Kees Cook , Nikolay Aleksandrov , Pablo Neira Ayuso , Roopa Prabhu Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH v3 2/4] netfilter: nf_queue: remove excess nf_bridge variable Date: Thu, 11 Jan 2024 23:06:38 +0800 Message-ID: <20240111150645.85637-3-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> References: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KL1PR01CA0132.apcprd01.prod.exchangelabs.com (2603:1096:820:4::24) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|DB4PR08MB9238:EE_ X-MS-Office365-Filtering-Correlation-Id: b0ed4336-4013-44f3-6723-08dc12b6fcfb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3M5oj5wKRpSilxHXdMr8I79tN6UlgzfUb9vr13vfNgLn3+FFrwRltdTeLMcjfFUsnIFyGwiXUEC7VbFDgErmbBSz3LUIxxE9LQuEKvG97Px+K7VBHU05giZp3DvssczceLbNTO1OWH9igNK3tI1r7jovXI2sWdmSFDeAXp81Jh6ck9Foeho6Wj9x9U8BqkuN6QV/yhmdu5vcZy9Z13zhI3T6P6SpzKBrJgzlA09b8NGtljMWLFI8X2hVqaOTip4AOr7HKGF7PwNZJjICpOE+O4nlvID2VoZYo0UgL3oLBt/62jdBaEnsmwVZtKjJ+/ZDbL+xok9CU/yxCdVqKlxllksNanafQ6z7MkC7utCarEVewbkurukDZUNhH15aPN4d8yp+hJ6GDr/vuO3eunr+rr1So0wLolTDICbFxTiLjSFqqE9H7qXITjjArIkgi5TF5mKuO7NCSxaOI/UT9VND9nNFP6dMY+RPcA5Vyjnn8Gj7IUh8wByl1UVbaOYGXdk4PNffm6TwtNCgJX4aZ+yUOt4ZaTJg/lkdnsF5MhyTNF519JXV4AXgkwEGkqXt7BzZFVfh+atpGyk/o7UBAALE9aOF055cyygcEDKRv4UDueY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(346002)(366004)(376002)(396003)(136003)(39840400004)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(83380400001)(41300700001)(36756003)(921011)(86362001)(66946007)(38100700002)(107886003)(316002)(2616005)(1076003)(6512007)(66556008)(478600001)(52116002)(2906002)(110136005)(4326008)(6486002)(6666004)(66476007)(6506007)(8676002)(4744005)(8936002)(7416002)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +YXdh8xgmUvTNpAlV0a1OBdvsbxnna1CftVsBkgTkE/vG6jzfJnxwMYrsTnfaNxvgL9p7QHQSNebX1eFTEYEU9LPEtXQCCMeHLrbHcZUJs5c6bs9U83egfad5P4YZicLpPF6YM0UkZvsex3beCEboXSko13RSzOmBQIydE6+8e1mh7GaQsXngSksXiXIjG2znh2rOEfqWa+3E3I/wmfgbjjnfqQHQznJagFUvS1HV/9afIdDE40DWOHVlF3fwhIBGjCJGWQoGlu25ktNJTFwgIspE3U1AZyro5o1zI1Wyb/o4CMshxEIGnaMZQ5WeXlMdsouMB9Gbuc5v8e2JRfSwjRRUExsuJvtan5Mwa+jWualMXqCcQM3OLrJXt4m34G62uG8x6AUF0YKA5YfOh2/pf3N7vUZyQ2PU9k4X0W8vstwN22S8/0Rsno9eYz2fbw8EU269tXAMlzJ2OKTtlg5MuHRest3gJyCkU3dkgD5DoDSMd0s5H3nNckL1K0vcI5joGUbEO23nMprCKrWGwzZpaJsNjNnt/9eKojEJgDXn1BH+f+IG2fbI3YHqLkaB7+knfLPxu+GWQXtXSpibQdxo8EEHb0HrVqIGIX6dmzL6wVsyO8VAQEuTcToiRo8r2b5fbHXkAc+daC3GOgivCewkhQFd73UH+H2Lm5tzHkEawTm2Qu7MdrDxiW9tTQbW7A/2AATspfayqD+j4VLsbkLRgTCSnUdrZKdDESbkq+BCW7BtVtLU9QXZz1zGqRWm8qgUq/zOgmiLU/SZTUogyx6BMupS2n13z7tY5NltqNZtAjKVhO8U2mk+4BiKp2LaY+qJkWo9kQkrlY3JZqPB7uTq5kGmLizBzG7Xp+dreR06IkNHy7zyqjq0+ragd0OrhXBRjrg1DUrmRzwQdUq5e93h2XG4R8cNhpf/YTd0jvdKtULEjo+3GP8MwUlFzUYkQh3u0KuUtlFtJSpOsdEWWZgGBYHVxMg6yVbxRIJGvAp7OrOq/ZVM52n6A5qEUEIy54/agRUN7myQP/4naO8fkKK+9DQ/5QAsH69eShd2ZIwdI5KchxrGoYPrKxWITEPatiXf9yhlcdK3E/Pri0RNN7uNg83h5KgnrH09oxHxgzChkAL9WTTw2/tXpdJS0OYxItRuMKUUNNNO7VRk1ymVOYYyv4gIM0EoVzqxjz7aMJpmLR53M+uXrf2gUwdeC6MWz0xfJu87bTzdD7WzA1xKaZ0mPeE1roHsZfPajPYPhmfoZvUgKY/mwbEprUAwBj1wvnZPj1rVu7H5xItBrg2aGWaMugdiJwgi3Ip7e3Z/3lwTdmGBll+x+uHkieRVNJ1jccJQSTqKbzollcNrFTrNLEJYYJvo6tdIBmDjVf0uO5wWuwljvf6p5OzkmsNNehDK8Gm2fjfHdmQzzRVuMmtpFJS0FaCIlEf1QHWkq3OkL65JhaWsVoDyutF6An2JVXTuU2Q52qdD7zJ7+Gu7k2fjHC4B8dxy1m/HsE7YiJKeX9tV+QbdWRUzmnqwmkDVmC9q0LNZR9lYhVwYbTktbUFnYm9Dmik8e+aaeMjjWMvO6yDx957MIS7NlAc2CPbAuYKk0qb04xgyQbIPMKxYRR/0qIWQtPFYLeBXg8iXjVUHKQwqhG26pmn0WFqJJCjG4+YA7bBVseghqxy+qsuC8shCMQ6yg== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0ed4336-4013-44f3-6723-08dc12b6fcfb X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2024 15:07:12.0616 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ffxMfEXsEhfucciuvIITgelkKeSa0JW+3E0aHh1fdoiFJCxW1nV2rvNxXgRrS1Bu+QjuDPAHNQTtP2M94yCFioI3w62RYUAigjB5FmwVtrc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR08MB9238 X-Patchwork-Delegate: kuba@kernel.org We don't really need nf_bridge variable here. And nf_bridge_info_exists is better replacement for nf_bridge_info_get in case we are only checking for existence. Signed-off-by: Pavel Tikhomirov Reviewed-by: Simon Horman --- v3: fix spelling in commit message --- net/netfilter/nf_queue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 63d1516816b1f..3dfcb3ac5cb44 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -82,10 +82,8 @@ static void __nf_queue_entry_init_physdevs(struct nf_queue_entry *entry) { #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) const struct sk_buff *skb = entry->skb; - struct nf_bridge_info *nf_bridge; - nf_bridge = nf_bridge_info_get(skb); - if (nf_bridge) { + if (nf_bridge_info_exists(skb)) { entry->physin = nf_bridge_get_physindev(skb); entry->physout = nf_bridge_get_physoutdev(skb); } else { From patchwork Thu Jan 11 15:06:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13517514 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2121.outbound.protection.outlook.com [40.107.20.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B43F4D5AA; Thu, 11 Jan 2024 15:07:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="BaiRlxNE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C36QW/jkvADCjhdnbQUom+2l5fRGnU4t8GM/mcNP0O7jFFcmhXIYNeXPq3H7uoPNc8WRAqXLVqFpZB5r7lu36gmDaq5BOWBsn4uQgRYCSOh3+7OYPHa5pcGm8FJV6sUUN+4Z7iw71WmmcgfJ/SGHFyzFSh1jGqxTeUuyqDkXr/01uB9oYpMr0CLLY2OCzLi5xcKF8JFQ8qsw7l919meUUTF6Kvwn3G/h7LMOmMXCPreNc5O9oSgKSrNoZ2IWNDnM3yOdBMpJDpAm1YHKAvbczVa8o2QWlgZUReSRAgpJ707IXhEeopdWwhy1uGIdq0zQ5uKHNgoQ2r0e0+2NQ55LMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y4NwxlJedQ0ViagwLWRxjwGMdLz7Ows/lbaapIOMz74=; b=gcspO0lNuWYmLGaWng9h85nX3zuD6rF1s+M1MxPIMz5J6LWb5/UTfZipcigdu7ZWlnCvIz5TNk9Odt8KsxNrrdOoe/1KIUab4Zaw6afjcP4+E+4Xs44QZtfX9DFyvv91yu4oZCiE6v/tDQ5rY614TiixJRm/kzVANVWC6ArjQP6+xfIjucUQ7ZTa8z/lE9VfQncrd8HuQep6/OTni8rBIr+G+ss1PnA21oAl4WQzaB3h+uJgbRP698JtPVXAQc5MoqXwFR02cwDfaaZsZ2D2ZhAeHHWSKA8PCAh8u88ZGeDTfHMiNQ7coSHIYmB8zpDD7TZvSEEe9qiTISTn8vLuyg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y4NwxlJedQ0ViagwLWRxjwGMdLz7Ows/lbaapIOMz74=; b=BaiRlxNE18t+wAto8YTYQEq6TDyVpHF8RqKj+1x3IDv6phagh7JcAzTOghU3COXSGtCd/lj6WI1mfKeMcnvPFbbrcqhKMBDKEehNd/TtitJRC6xjPRxI4TvqXpIEaphat7uGsL27p3R1BnCDIVeO/w9yBStdJw0ntI6gLQoDpyEze7I5j40DfXWt7/hleNuqnIxsH9/CLFsJZCcrC6cgNN3bFP+U8qqZXRm7x6pAQt04fTdPR5Sgd14J8WE0BAaqR1YJzD8wJLUErpUP3EIADYIfHi8ijxghOwdRf9b22pSs4rxOuBlF/O+sppAFaAFVxMH7ZuljN9VY5uDnKahlxw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by DB4PR08MB9238.eurprd08.prod.outlook.com (2603:10a6:10:3fa::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Thu, 11 Jan 2024 15:07:16 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Thu, 11 Jan 2024 15:07:16 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal , David Ahern , Jozsef Kadlecsik , Kees Cook , Nikolay Aleksandrov , Pablo Neira Ayuso , Roopa Prabhu Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH v3 3/4] netfilter: propagate net to nf_bridge_get_physindev Date: Thu, 11 Jan 2024 23:06:39 +0800 Message-ID: <20240111150645.85637-4-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> References: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KL1PR01CA0132.apcprd01.prod.exchangelabs.com (2603:1096:820:4::24) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|DB4PR08MB9238:EE_ X-MS-Office365-Filtering-Correlation-Id: d654b1de-78da-4a58-21db-08dc12b6ff9e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: byDxSmtw+1nxTcasxYV4oZmEgrgCZqAcDnQ1vV4VPHtz4lroWMZB2hjc0Shpx/qM5w5ZnnwQa5Iouo3SnVqftZgMYIp5NrYtvu9BBG0KEFULwO0kTo/ymnXbvOPckz/kGi2hew1tZuSWPht9yH+HXjSLVPl5Q48NdXnRxlF9VzCzBRy8DnqTB/j7kiGwx4r4fYTcZj2/BDJ5Hk5waEopkslPMhuY6zGUtIvPRHOuvcEVNZME6bIhEvl8fIAx2aHYGvfspnMQf3QBVVwpRQ+52JnALttvEOvRg1Ff59fcRp9OjDHxlS778KlH8+wGm7SJjUUzjzkzLKln0YFpQ9MCPJzGaNtz0qmyTpxisOldLJy1WiT2NdW5s/8ImFzrrXnvP77e2DG1bctwh9HgzEgfofAUkzILDyaNF7vwsFpxjSt43YE0YhWOjmzDiCoZG1AMlpmE8L2JURGqTZZLWCEylltlKksoicR8D+ik8Ai+55hZwWZnYkT3bzXmUEA7QzjLPdj0js+zF/5A+hkBH9NNccWXKeWTLsS0wRjFchpSgSgOAhcnwEEI6/oDM91ub2nLO2JgNAA17zmsUad1+IKeeU01u/3VnJmEsytYpLl8dKY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(346002)(366004)(376002)(396003)(136003)(39840400004)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(83380400001)(41300700001)(36756003)(921011)(86362001)(66946007)(38100700002)(107886003)(316002)(2616005)(1076003)(6512007)(66556008)(478600001)(52116002)(2906002)(110136005)(4326008)(6486002)(6666004)(66476007)(6506007)(8676002)(8936002)(7416002)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 1GPtmgXcE9GmxZLxRQfE7xvTmk4USs1xT3O2xHzYBykmMORKhSkyHCOgRTTO9QMkXqkrCoIw/PqwM2h29cmW5BDu7tdBhK9iubt/ITfbG1nsmKeFwgmaf3LNtQKjIo8LhOhP+QPHW9kgY6Ba0rymb39E8eN1DYPmTtZNm6U6bSJPvxJOB2U75aoiuCxgz3Bj5D+qraJLmP0a/csjGOGhdJzSaLlBiUVhS71i331JPcSRbJsr0LWpAq61NjmAI7uIOr8h3B+UwS0883MQVIrlDpFBxylFVCoKe+FGf/EkhxHijK6sJn4PLYQ3AG2XPPf4KmhCI7cvY2uNpJbxTZSFgJor3wGBHnCDaXfK5UpGBWw3QGO+1w2qmhI2OIcopbKZF0tWfyrwUO79J1l626SSC4EfpqK3lQENyvpPtvjhnraitRP+ohwNG2Lo4MAs+cFZau0YEWwSqx15ORwv1nYzykpUS+wZtePEwkXbGMbV1zDuO0RTfa0XwUZV36DhB4bzb07oHzAa99zNdnJoablZDGJ5JKWWpogJXXDt/AQ1jcUMNI5wXMLfXEwp0cfBJXjZKhYsKvMsU9p5KG+jEOJp1g8epeZq1RwyIuEIfHv4spxdtP7YVay6Y3r29VT642MWK+6mX/uPAEPXYhoa4jOgYi26OYHn2mWcO741XvE3N01LZ1308YpHrUAgJLOkrh5Ro3nzq716N/YleICopJlj2I/7qpTe2mnRfOHiZ6JTADrHdqfCjuBmFMEEcALffhN0q9lxcyJ8LGkQxfqIwCa/xtkRGPXY9eFpybVdJ3J0kddO7dD4rwsph4vLj/+9tkZD2H8vCyliLOPesPy6LuhwT1m8CtZFujRV2UQocDRekUQ8bUwyZriySVEcq4Cwor23Qb4YryNMByjfAN/aABXS+M/8Z0l/yCJErJnZ5Z87F6oNL5FeyIvSTc2sGhf1L1HYJSY87a+7hkdTozgXO8HqBtwnwEEVOUmfw22Er7nh0McYAGlE1vow8IrHUS6TxYwg4oeXQGPOTSBoETvpTwWMa8nj+1X488pC71jW25b8Fny0UchBDl6/BWwjKEnfOSo0iOVdpuuAxQ5UHMnvAukJhWmzTnNcxnHeCSmnH/PtFsRlPw8pCuUKQboXKtNXKZFY3+hp/nAqPbe+A8rBkg8v8JplkK1bW/zLFWAxMIrydG1IkgStZT5RWeAyEME/Ri0HQQxN3Sz2M+HQnlwbWkoaGdFgqUh36fBEJBavrM7apmyFFy7U//Pup3iyBt3K5DEJbLK1+PCVjvm6n9rSWuLyaDmxQt2liiCIS37z8ZTPmJCdz8iNWhZ307ewbKa2guvVfaZkjPS04JFoSDd+jLZL5A2YdMbKihotiCtBN/MTLrif0Aki2VoH8YrPyuP/r/SkeZ30vNAnsaq7ZRV7/1KyqXQw5/ycqOxWAn01vmtXgStNVBQc3Q4rSg3XYlaSiBVNffn8ibT1o1a9BWHw8DawHdjwNhXLrIAFzCmbvsMqX8nJl+cLXkYTXv9Frioe+B5HZAym8+K43U72iiHBv4Pra+ib4k6xPvcc8yaGcqPzibRB0N7U9XCgNKrMsW8NeCOcotUBa+oBx+Xl+rFRIJYoJNPPk0pCQ2YmGN31YpGlO4VRpJnxerxKFd/jvbZLpN5WfzR5GPHi3YMyt/cF+MZMQw== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: d654b1de-78da-4a58-21db-08dc12b6ff9e X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2024 15:07:16.4206 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AGbQmPG9s3k3FuSjp1VoPMNAxItCTcGS2YDOu62Yik37WRv6jgOzk7Fp9Lh3RG+EIXSmzkadXuujtrD7ZACt8nm/3Ffvjp00TaZEEret0N8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR08MB9238 X-Patchwork-Delegate: kuba@kernel.org This is a preparation patch for replacing physindev with physinif on nf_bridge_info structure. We will use dev_get_by_index_rcu to resolve device, when needed, and it requires net to be available. Signed-off-by: Pavel Tikhomirov Reviewed-by: Simon Horman --- v2: remove leftover net propagation to __build_packet_message --- include/linux/netfilter_bridge.h | 2 +- net/ipv4/netfilter/nf_reject_ipv4.c | 2 +- net/ipv6/netfilter/nf_reject_ipv6.c | 2 +- net/netfilter/ipset/ip_set_hash_netiface.c | 8 ++++---- net/netfilter/nf_log_syslog.c | 13 +++++++------ net/netfilter/nf_queue.c | 2 +- net/netfilter/xt_physdev.c | 2 +- 7 files changed, 16 insertions(+), 15 deletions(-) diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index f980edfdd2783..e927b9a15a556 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h @@ -56,7 +56,7 @@ static inline int nf_bridge_get_physoutif(const struct sk_buff *skb) } static inline struct net_device * -nf_bridge_get_physindev(const struct sk_buff *skb) +nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net) { const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c index f01b038fc1cda..86e7d390671af 100644 --- a/net/ipv4/netfilter/nf_reject_ipv4.c +++ b/net/ipv4/netfilter/nf_reject_ipv4.c @@ -289,7 +289,7 @@ void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb); + br_indev = nf_bridge_get_physindev(oldskb, net); if (br_indev) { struct ethhdr *oeth = eth_hdr(oldskb); diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c index d45bc54b7ea55..27b2164f4c439 100644 --- a/net/ipv6/netfilter/nf_reject_ipv6.c +++ b/net/ipv6/netfilter/nf_reject_ipv6.c @@ -354,7 +354,7 @@ void nf_send_reset6(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb); + br_indev = nf_bridge_get_physindev(oldskb, net); if (br_indev) { struct ethhdr *oeth = eth_hdr(oldskb); diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c index 95aeb31c60e0d..30a655e5c4fdc 100644 --- a/net/netfilter/ipset/ip_set_hash_netiface.c +++ b/net/netfilter/ipset/ip_set_hash_netiface.c @@ -138,9 +138,9 @@ hash_netiface4_data_next(struct hash_netiface4_elem *next, #include "ip_set_hash_gen.h" #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) -static const char *get_physindev_name(const struct sk_buff *skb) +static const char *get_physindev_name(const struct sk_buff *skb, struct net *net) { - struct net_device *dev = nf_bridge_get_physindev(skb); + struct net_device *dev = nf_bridge_get_physindev(skb, net); return dev ? dev->name : NULL; } @@ -177,7 +177,7 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb, if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - const char *eiface = SRCDIR ? get_physindev_name(skb) : + const char *eiface = SRCDIR ? get_physindev_name(skb, xt_net(par)) : get_physoutdev_name(skb); if (!eiface) @@ -395,7 +395,7 @@ hash_netiface6_kadt(struct ip_set *set, const struct sk_buff *skb, if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - const char *eiface = SRCDIR ? get_physindev_name(skb) : + const char *eiface = SRCDIR ? get_physindev_name(skb, xt_net(par)) : get_physoutdev_name(skb); if (!eiface) diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c index c66689ad2b491..58402226045e8 100644 --- a/net/netfilter/nf_log_syslog.c +++ b/net/netfilter/nf_log_syslog.c @@ -111,7 +111,8 @@ nf_log_dump_packet_common(struct nf_log_buf *m, u8 pf, unsigned int hooknum, const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, - const struct nf_loginfo *loginfo, const char *prefix) + const struct nf_loginfo *loginfo, const char *prefix, + struct net *net) { const struct net_device *physoutdev __maybe_unused; const struct net_device *physindev __maybe_unused; @@ -121,7 +122,7 @@ nf_log_dump_packet_common(struct nf_log_buf *m, u8 pf, in ? in->name : "", out ? out->name : ""); #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) - physindev = nf_bridge_get_physindev(skb); + physindev = nf_bridge_get_physindev(skb, net); if (physindev && in != physindev) nf_log_buf_add(m, "PHYSIN=%s ", physindev->name); physoutdev = nf_bridge_get_physoutdev(skb); @@ -148,7 +149,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, - prefix); + prefix, net); dump_arp_packet(m, loginfo, skb, skb_network_offset(skb)); nf_log_buf_close(m); @@ -845,7 +846,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, - out, loginfo, prefix); + out, loginfo, prefix, net); if (in) dump_mac_header(m, loginfo, skb); @@ -880,7 +881,7 @@ static void nf_log_ip6_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, - loginfo, prefix); + loginfo, prefix, net); if (in) dump_mac_header(m, loginfo, skb); @@ -916,7 +917,7 @@ static void nf_log_unknown_packet(struct net *net, u_int8_t pf, loginfo = &default_loginfo; nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, - prefix); + prefix, net); dump_mac_header(m, loginfo, skb); diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 3dfcb3ac5cb44..e2f334f70281f 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -84,7 +84,7 @@ static void __nf_queue_entry_init_physdevs(struct nf_queue_entry *entry) const struct sk_buff *skb = entry->skb; if (nf_bridge_info_exists(skb)) { - entry->physin = nf_bridge_get_physindev(skb); + entry->physin = nf_bridge_get_physindev(skb, entry->state.net); entry->physout = nf_bridge_get_physoutdev(skb); } else { entry->physin = NULL; diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index ec6ed6fda96c5..343e65f377d44 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c @@ -59,7 +59,7 @@ physdev_mt(const struct sk_buff *skb, struct xt_action_param *par) (!!outdev ^ !(info->invert & XT_PHYSDEV_OP_BRIDGED))) return false; - physdev = nf_bridge_get_physindev(skb); + physdev = nf_bridge_get_physindev(skb, xt_net(par)); indev = physdev ? physdev->name : NULL; if ((info->bitmask & XT_PHYSDEV_OP_ISIN && From patchwork Thu Jan 11 15:06:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Tikhomirov X-Patchwork-Id: 13517515 X-Patchwork-Delegate: kuba@kernel.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2123.outbound.protection.outlook.com [40.107.20.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2BE751005; Thu, 11 Jan 2024 15:07:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=virtuozzo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=virtuozzo.com header.i=@virtuozzo.com header.b="fHdbotv5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ihi/w0x8UjR8uPeHFUwpZQ+b8i9o5z4BYTmpnw07DGsEOdI+ky4oHrsaW47eeAa8Y69VQQB1mk5gwuFxmk+LwnKJSVFlrNuRFL7/Mx1QBUL9Np1u5J10x6tgVZAMHAZ2YXTpLbOJ+gttR8rQOe1oLm/zrjt1rkSnpWSL+XuqnuOgF90QWWI3lMef/tEMkGtGOcRFH417YPkanYew2pMQnyu0tz9PZSARkphJWpeXZN5mAfyJUOrDLdO1rTyup7LV7BogDbJYJBeL66I7vfSzlUV2yxokYNKh/ubIzvGyA7UKUyHwMxW3C/cL+fT30CCMzJgtvw9KfBPoAszbJ45ORA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=34SaKBO8OIgvatMNnolEBX4W5FSr2id9kZsI7FyTqys=; b=incspqBsYmvjpGxhaTQFemi1GeusFARQInRrdj4T5SnM08drDoT0VfSC1pIvrddRh4bSj2fdhqRswnHP+33O/pD6eWc/M1GBjIC2O+HmR89D+vSauertnJ6mlUqaWMyn+z34TN4kNbq8c6D+Jun6bxLOmla3b1w+fmjQihCgtX98Fd1nw1g6y53KtCrEM1XfjViE5N+hbuE88kx/f4dYIRbRbkvwNemPRstrjhYlAoZwClHT4GsdGd5F9TfgnnDuOfgkVleq8HjnBNK8nrI6Vwp0Xyyh1Id1D3Htmrg/Ii5pWQ2vkA6xKUY68BY1RCbjahuUEPzXr0yQt1YD1rl1qw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=virtuozzo.com; dmarc=pass action=none header.from=virtuozzo.com; dkim=pass header.d=virtuozzo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=34SaKBO8OIgvatMNnolEBX4W5FSr2id9kZsI7FyTqys=; b=fHdbotv52OsH6ydjsWbibXqHT+P/7eGl7RhFNzUxSO6ikywv7toPxWp3/9Zqqb0wau/v00Y29iXKUq1aEH1TrfCWveIZccPitVzOeFCtPeEGunobfeNLeOGmIVi1cq7EXaPMcLehzTYGIomZwXowq0Q6F6EqFjkukE6Iwqj8nJTwV7Je2P02+9uMB9qIiPl6O8FwixQFIVcYinBS4Wnqtlx+wE5evzsfZ0hOrG9ry4wpySlS/+RK7RUJAD//8Z2xYjb/el0+h0tD+kfV2tYbJtXV5un3pOGwcimsNI0uug3ublcUrBtMedJL4UN2q6xWWQ6W/PjADy/qnYnwYbm+mg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=virtuozzo.com; Received: from DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) by DB4PR08MB9238.eurprd08.prod.outlook.com (2603:10a6:10:3fa::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Thu, 11 Jan 2024 15:07:20 +0000 Received: from DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba]) by DU0PR08MB9003.eurprd08.prod.outlook.com ([fe80::72c4:98fc:4d1b:b9ba%5]) with mapi id 15.20.7181.015; Thu, 11 Jan 2024 15:07:20 +0000 From: Pavel Tikhomirov To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Florian Westphal , David Ahern , Jozsef Kadlecsik , Kees Cook , Nikolay Aleksandrov , Pablo Neira Ayuso , Roopa Prabhu Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux.dev, kernel@openvz.org, Pavel Tikhomirov Subject: [PATCH v3 4/4] netfilter: bridge: replace physindev with physinif in nf_bridge_info Date: Thu, 11 Jan 2024 23:06:40 +0800 Message-ID: <20240111150645.85637-5-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> References: <20240111150645.85637-1-ptikhomirov@virtuozzo.com> X-ClientProxiedBy: KL1PR01CA0132.apcprd01.prod.exchangelabs.com (2603:1096:820:4::24) To DU0PR08MB9003.eurprd08.prod.outlook.com (2603:10a6:10:471::13) Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR08MB9003:EE_|DB4PR08MB9238:EE_ X-MS-Office365-Filtering-Correlation-Id: 424f9b44-2176-469b-05aa-08dc12b70229 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9V6KPw0lXC2rYBE9NeZMRvApYKCJqZUtPflGd7iZctgqxlHS00m48S0AvAqJNxuBoyYWjYH5NR4zSX6BtMGXWcCE/nOuj5nly9V3HQBlqxvC/Ilr5P7MNoZlcEx3VKL0LdAyiCqjt2Zf+LxHh4NuL8t3Kf0EA2jR/ZRLPdyZf6go0JqnxlYGz1V+lobQjw3bQEdGRFBAJKKomZPveqxX5THDA08VaPN01Yd1NgnkWg61lEY9tKk6/Eb25IwAd9ZSGcsFxa+AB3OSnzm3rq2mV1gv6gcN82n3xU0nfyrwUHnGzWbssNln1YyJpVv76Y+lIsUEvS56IPCFs3xmUU7G/6OqpkYS3kY4W+QKSLk9SzLK6zg9DwbSCwR6R5dTbTxozpGOtPNPo2bLw1YX7AOd7mtkeJdnqJOCEBNwbcUuMZVTOFc0/8V33EKI0mt9aAdBOmVlrDnZykent405OYKVguyMNAUoaidFImClXJeRKquxLr7L4/g/veJ+OBXiAl16pSbxD4O30/cOI2jNbAi8NqbIlI/rBkx6Zxf+ayAHpDYIZ0YLlaKimeRXunw2hVWlgTTfIofrZb8XOPy15U4+NQcoTfDaGHSackxhakTa36s= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR08MB9003.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(346002)(366004)(376002)(396003)(136003)(39840400004)(230922051799003)(1800799012)(451199024)(186009)(64100799003)(83380400001)(41300700001)(36756003)(921011)(86362001)(66946007)(38100700002)(107886003)(316002)(2616005)(1076003)(6512007)(66556008)(478600001)(52116002)(2906002)(110136005)(4326008)(6486002)(6666004)(66476007)(6506007)(8676002)(8936002)(30864003)(7416002)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +Dkyt6DB4cAhK6unzPlNeYFZuKBEcfrjDcpGERS6uvu6ZwsllCxKrNpaT32k5FJDtc5xb++Z4d4/5uFIwNTcHTfKoCgWtz6I/myNZLEfKxJp4qCNDxJjFuiAQdqe1+ZfKv1Ic94Acn1yuSh1H2apeyEqDsHkWYyO4LAhr+/Y+tsXAh3ynsgnLyRsIQFqNFvQcgKVO+6eS2vxMN10KOArS2LSmqKf+pn7mVu8Y96s2Ec1Jrm2pmY1XcgUpuk16Qan3Vni9fkDH+mvgA0CJ89oHog79ZuidK2/1jnwhZ3K+Ob5G+uRsY3aIgLH2bEHHLeFPJtUjW7N8xj0m7ZeAfg0SXWQVEf6KLpgw2w6LSbrbNdhtB8SfebycboJZ+o2GUxoJgBd7bWWfAjWi7tBV83v38KD/cX9Y34z8KfDzabR0wV1Bv6D5IkNl0bi0uZu7uLTbYhnvOa8IFvg1Uhh9kpLiE1k5yC9yV2Dl1znMo6mH8I8zLLgrbkDN5Vjd1RhbxVo5N/BWb1C9aTSokMeLg81wgrUq1kdJXzMM8+U4Hoy1SEyxNxJjojnZ0K5MprhtIeHP/dBaL2YuHgKvcGq3t4zfYEu7LGGxAuBBErgUOcFtZdfuFWK65XyvJBofWCeqn0SlS+mcuS1PfL6ALM0wTtfrW/WV98jKaYqzVL0j67iw6KVDThej07W42c2QjEiDF0Tl9Tgb38+ob5gAIKxrYcQkVcpIPoH/WvX2VkGdqOU5wEFbDs4zUTirycdlU8obf2ToGTJshScBJnMj/XkEY1sbcSQAsJ4fSW7FTYzRblrqOb5MOCmxfc8DDPYPPEAYuDTUxQH/MD2Iq3JsoKt6W61nZ+nWMmVQN8EyksqMvQCbeRyfBVvy1cqcpAmGrULc6SskM5PjMQctGTuah2ILyNJfqSlGZP5x7htma86+Z4Qbp0akuEYOklVMnacFndwTP5ICqKDip2yfLAsdFHnEoPEwNa3uX+EO5e+VyosWtY6CsOmuSUcr0467b4jT4UlAAiqEqu7w6d7y5Yky9eGiwHPrJCobObMXSvN4BpqtSL2dYWW/2UQ3a26rb3mbR7iMUBCkRDzIx7HLWhKwJPbjQDb/9J0d/wEAV1AYg6NbkbcoISRlJuFHefEMjmKMa4RpgNxag9AH3CEis5mRWGDWuzvLLNyNXFUPfu/n80+PUWhSeAtqRyk1A6GoxkLjQb7ggjdZloK5SFMK5YYTE3eMR0HR9eJ1vCAq8zltHdssERoC7mpge9bOZt5dkbMlAm4aztzk4xDnAN6uyiP/hU907kTpS3KGXjB2avVMXZf3RlYY//7bJmcmzqM/RUxYy1v6JLWRSfgM2R7+B45zRo+QuZmtTTCZa1udlv3PxVkAefe2/+5sIn3thDg8nSzvN6/VFCkK+x2fEBstEdvICLHBEubh6+2WnvhwezbxBjHM+7wM0kpHqSAztHkdWQaykFwTfhj6VWVD8TCsg/Gj6iZ1KrWD5c1jlTYV3qgt4mW1WGvhPjJiYqwD+0u0oKHpTUdSIpD+e9Y57SwsK/YVcG9k/5QCjL3mRjIVszTBQ8BTNlU2NuoPyXKTB9oP3tzOSSfTzA4Y4O5lJ9meKeACko1MY3IS/rVxhj/3YBmvYdbOgphcGVjRglCSKkm8BmrCn/iqBKgdJFR9ZFhO+OVkkRRa0ZqOQ== X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: 424f9b44-2176-469b-05aa-08dc12b70229 X-MS-Exchange-CrossTenant-AuthSource: DU0PR08MB9003.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2024 15:07:20.6373 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mUWl+OV++rJ7b+++TdlGbkSpmRgpO2V1Z6dmkVwFpS4x+4XF6/jmUL1x/2O13olsgRuADpSAu9DGZWbvt9sVjuS4H1CN5bBxxmficz88ryE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR08MB9238 X-Patchwork-Delegate: kuba@kernel.org An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neigh_flush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arp_process neigh_update skb = __skb_dequeue(&neigh->arp_queue) neigh_resolve_output(..., skb) ... br_nf_dev_xmit br_nf_pre_routing_finish_bridge_slow skb->dev = nf_bridge->physindev br_handle_frame_finish Let's use plain ifindex instead of net_device link. To peek into the original net_device we will use dev_get_by_index_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb. Suggested-by: Florian Westphal Signed-off-by: Pavel Tikhomirov --- I'm not fully sure, but likely it: Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") --- include/linux/netfilter_bridge.h | 4 +-- include/linux/skbuff.h | 2 +- net/bridge/br_netfilter_hooks.c | 42 +++++++++++++++++++++++------ net/bridge/br_netfilter_ipv6.c | 14 +++++++--- net/ipv4/netfilter/nf_reject_ipv4.c | 9 ++++--- net/ipv6/netfilter/nf_reject_ipv6.c | 11 +++++--- 6 files changed, 61 insertions(+), 21 deletions(-) diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index e927b9a15a556..743475ca7e9d5 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h @@ -42,7 +42,7 @@ static inline int nf_bridge_get_physinif(const struct sk_buff *skb) if (!nf_bridge) return 0; - return nf_bridge->physindev ? nf_bridge->physindev->ifindex : 0; + return nf_bridge->physinif; } static inline int nf_bridge_get_physoutif(const struct sk_buff *skb) @@ -60,7 +60,7 @@ nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net) { const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); - return nf_bridge ? nf_bridge->physindev : NULL; + return nf_bridge ? dev_get_by_index_rcu(net, nf_bridge->physinif) : NULL; } static inline struct net_device * diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index a5ae952454c89..2dde34c29203b 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -295,7 +295,7 @@ struct nf_bridge_info { u8 bridged_dnat:1; u8 sabotage_in_done:1; __u16 frag_max_size; - struct net_device *physindev; + int physinif; /* always valid & non-NULL from FORWARD on, for physdev match */ struct net_device *physoutdev; diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 6adcb45bca75d..ed17208907578 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -279,8 +279,17 @@ int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_ if ((READ_ONCE(neigh->nud_state) & NUD_CONNECTED) && READ_ONCE(neigh->hh.hh_len)) { + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(skb, net); + if (!br_indev) { + neigh_release(neigh); + goto free_skb; + } + neigh_hh_bridge(&neigh->hh, skb); - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; + ret = br_handle_frame_finish(net, sk, skb); } else { /* the neighbour function below overwrites the complete @@ -352,12 +361,18 @@ br_nf_ipv4_daddr_was_changed(const struct sk_buff *skb, */ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { - struct net_device *dev = skb->dev; + struct net_device *dev = skb->dev, *br_indev; struct iphdr *iph = ip_hdr(skb); struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); struct rtable *rt; int err; + br_indev = nf_bridge_get_physindev(skb, net); + if (!br_indev) { + kfree_skb(skb); + return 0; + } + nf_bridge->frag_max_size = IPCB(skb)->frag_max_size; if (nf_bridge->pkt_otherhost) { @@ -397,7 +412,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ } else { if (skb_dst(skb)->dev == dev) { bridged_dnat: - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, @@ -410,7 +425,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ skb->pkt_type = PACKET_HOST; } } else { - rt = bridge_parent_rtable(nf_bridge->physindev); + rt = bridge_parent_rtable(br_indev); if (!rt) { kfree_skb(skb); return 0; @@ -419,7 +434,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_ skb_dst_set_noref(skb, &rt->dst); } - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, net, sk, skb, skb->dev, NULL, @@ -456,7 +471,7 @@ struct net_device *setup_pre_routing(struct sk_buff *skb, const struct net *net) } nf_bridge->in_prerouting = 1; - nf_bridge->physindev = skb->dev; + nf_bridge->physinif = skb->dev->ifindex; skb->dev = brnf_get_logical_dev(skb, skb->dev, net); if (skb->protocol == htons(ETH_P_8021Q)) @@ -553,7 +568,11 @@ static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff if (skb->protocol == htons(ETH_P_IPV6)) nf_bridge->frag_max_size = IP6CB(skb)->frag_max_size; - in = nf_bridge->physindev; + in = nf_bridge_get_physindev(skb, net); + if (!in) { + kfree_skb(skb); + return 0; + } if (nf_bridge->pkt_otherhost) { skb->pkt_type = PACKET_OTHERHOST; nf_bridge->pkt_otherhost = false; @@ -899,6 +918,13 @@ static unsigned int ip_sabotage_in(void *priv, static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) { struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(skb, dev_net(skb->dev)); + if (!br_indev) { + kfree_skb(skb); + return; + } skb_pull(skb, ETH_HLEN); nf_bridge->bridged_dnat = 0; @@ -908,7 +934,7 @@ static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) skb_copy_to_linear_data_offset(skb, -(ETH_HLEN - ETH_ALEN), nf_bridge->neigh_header, ETH_HLEN - ETH_ALEN); - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge->physoutdev = NULL; br_handle_frame_finish(dev_net(skb->dev), NULL, skb); diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c index 2e24a743f9173..e0421eaa3abc7 100644 --- a/net/bridge/br_netfilter_ipv6.c +++ b/net/bridge/br_netfilter_ipv6.c @@ -102,9 +102,15 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc { struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); struct rtable *rt; - struct net_device *dev = skb->dev; + struct net_device *dev = skb->dev, *br_indev; const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); + br_indev = nf_bridge_get_physindev(skb, net); + if (!br_indev) { + kfree_skb(skb); + return 0; + } + nf_bridge->frag_max_size = IP6CB(skb)->frag_max_size; if (nf_bridge->pkt_otherhost) { @@ -122,7 +128,7 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc } if (skb_dst(skb)->dev == dev) { - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, @@ -133,7 +139,7 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc ether_addr_copy(eth_hdr(skb)->h_dest, dev->dev_addr); skb->pkt_type = PACKET_HOST; } else { - rt = bridge_parent_rtable(nf_bridge->physindev); + rt = bridge_parent_rtable(br_indev); if (!rt) { kfree_skb(skb); return 0; @@ -142,7 +148,7 @@ static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struc skb_dst_set_noref(skb, &rt->dst); } - skb->dev = nf_bridge->physindev; + skb->dev = br_indev; nf_bridge_update_protocol(skb); nf_bridge_push_encap_header(skb); br_nf_hook_thresh(NF_BR_PRE_ROUTING, net, sk, skb, diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c index 86e7d390671af..04504b2b51df5 100644 --- a/net/ipv4/netfilter/nf_reject_ipv4.c +++ b/net/ipv4/netfilter/nf_reject_ipv4.c @@ -239,7 +239,6 @@ static int nf_reject_fill_skb_dst(struct sk_buff *skb_in) void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, int hook) { - struct net_device *br_indev __maybe_unused; struct sk_buff *nskb; struct iphdr *niph; const struct tcphdr *oth; @@ -289,9 +288,13 @@ void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb, net); - if (br_indev) { + if (nf_bridge_info_exists(oldskb)) { struct ethhdr *oeth = eth_hdr(oldskb); + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(oldskb, net); + if (!br_indev) + goto free_nskb; nskb->dev = br_indev; niph->tot_len = htons(nskb->len); diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c index 27b2164f4c439..196dd4ecb5e21 100644 --- a/net/ipv6/netfilter/nf_reject_ipv6.c +++ b/net/ipv6/netfilter/nf_reject_ipv6.c @@ -278,7 +278,6 @@ static int nf_reject6_fill_skb_dst(struct sk_buff *skb_in) void nf_send_reset6(struct net *net, struct sock *sk, struct sk_buff *oldskb, int hook) { - struct net_device *br_indev __maybe_unused; struct sk_buff *nskb; struct tcphdr _otcph; const struct tcphdr *otcph; @@ -354,9 +353,15 @@ void nf_send_reset6(struct net *net, struct sock *sk, struct sk_buff *oldskb, * build the eth header using the original destination's MAC as the * source, and send the RST packet directly. */ - br_indev = nf_bridge_get_physindev(oldskb, net); - if (br_indev) { + if (nf_bridge_info_exists(oldskb)) { struct ethhdr *oeth = eth_hdr(oldskb); + struct net_device *br_indev; + + br_indev = nf_bridge_get_physindev(oldskb, net); + if (!br_indev) { + kfree_skb(nskb); + return; + } nskb->dev = br_indev; nskb->protocol = htons(ETH_P_IPV6);