Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f8c60f7a authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Greg Kroah-Hartman
Browse files

net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 



commit 2c64605b590edadb3fb46d1ec6badb49e940b479 upstream.

net/netfilter/nft_fwd_netdev.c: In function ‘nft_fwd_netdev_eval’:
    net/netfilter/nft_fwd_netdev.c:32:10: error: ‘struct sk_buff’ has no member named ‘tc_redirected’
      pkt->skb->tc_redirected = 1;
              ^~
    net/netfilter/nft_fwd_netdev.c:33:10: error: ‘struct sk_buff’ has no member named ‘tc_from_ingress’
      pkt->skb->tc_from_ingress = 1;
              ^~

To avoid a direct dependency with tc actions from netfilter, wrap the
redirect bits around CONFIG_NET_REDIRECT and move helpers to
include/linux/skbuff.h. Turn on this toggle from the ifb driver, the
only existing client of these bits in the tree.

This patch adds skb_set_redirected() that sets on the redirected bit
on the skbuff, it specifies if the packet was redirect from ingress
and resets the timestamp (timestamp reset was originally missing in the
netfilter bugfix).

Fixes: bcfabee1afd99484 ("netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress")
Reported-by: default avatar <noreply@ellerman.id.au>
Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 5f80d17c

drivers/net/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -106,6 +106,7 @@ config NET_FC 
config IFB

	tristate "Intermediate Functional Block support"

	depends on NET_CLS_ACT

	select NET_REDIRECT

	---help---

	  This is an intermediate driver that allows sharing of

	  resources.

drivers/net/ifb.c

+3 −3
Original line number Diff line number Diff line
@@ -75,7 +75,7 @@ static void ifb_ri_tasklet(unsigned long _txp) 
	}



	while ((skb = __skb_dequeue(&txp->tq)) != NULL) {

		skb->tc_redirected = 0;

		skb->redirected = 0;

		skb->tc_skip_classify = 1;



		u64_stats_update_begin(&txp->tsync);
@@ -96,7 +96,7 @@ static void ifb_ri_tasklet(unsigned long _txp) 
		rcu_read_unlock();

		skb->skb_iif = txp->dev->ifindex;



		if (!skb->tc_from_ingress) {

		if (!skb->from_ingress) {

			dev_queue_xmit(skb);

		} else {

			skb_pull_rcsum(skb, skb->mac_len);
@@ -243,7 +243,7 @@ static netdev_tx_t ifb_xmit(struct sk_buff *skb, struct net_device *dev) 
	txp->rx_bytes += skb->len;

	u64_stats_update_end(&txp->rsync);



	if (!skb->tc_redirected || !skb->skb_iif) {

	if (!skb->redirected || !skb->skb_iif) {

		dev_kfree_skb(skb);

		dev->stats.rx_dropped++;

		return NETDEV_TX_OK;

include/linux/skbuff.h

+32 −4
Original line number Diff line number Diff line
@@ -634,8 +634,8 @@ typedef unsigned char *sk_buff_data_t; 
 *	@offload_l3_fwd_mark: Packet was L3-forwarded in hardware

 *	@tc_skip_classify: do not classify packet. set by IFB device

 *	@tc_at_ingress: used within tc_classify to distinguish in/egress

 *	@tc_redirected: packet was redirected by a tc action

 *	@tc_from_ingress: if tc_redirected, tc_at_ingress at time of redirect

 *	@redirected: packet was redirected by packet classifier

 *	@from_ingress: packet was redirected from the ingress path

 *	@peeked: this packet has been seen already, so stats have been

 *		done for it, don't do them again

 *	@nf_trace: netfilter packet trace flag
@@ -816,8 +816,10 @@ struct sk_buff { 
#ifdef CONFIG_NET_CLS_ACT

	__u8			tc_skip_classify:1;

	__u8			tc_at_ingress:1;

	__u8			tc_redirected:1;

	__u8			tc_from_ingress:1;

#endif

#ifdef CONFIG_NET_REDIRECT

	__u8			redirected:1;

	__u8			from_ingress:1;

#endif

#ifdef CONFIG_TLS_DEVICE

	__u8			decrypted:1;
@@ -4514,5 +4516,31 @@ static inline __wsum lco_csum(struct sk_buff *skb) 
	return csum_partial(l4_hdr, csum_start - l4_hdr, partial);

}



static inline bool skb_is_redirected(const struct sk_buff *skb)

{

#ifdef CONFIG_NET_REDIRECT

	return skb->redirected;

#else

	return false;

#endif

}



static inline void skb_set_redirected(struct sk_buff *skb, bool from_ingress)

{

#ifdef CONFIG_NET_REDIRECT

	skb->redirected = 1;

	skb->from_ingress = from_ingress;

	if (skb->from_ingress)

		skb->tstamp = 0;

#endif

}



static inline void skb_reset_redirect(struct sk_buff *skb)

{

#ifdef CONFIG_NET_REDIRECT

	skb->redirected = 0;

#endif

}



#endif	/* __KERNEL__ */

#endif	/* _LINUX_SKBUFF_H */

include/net/sch_generic.h

+0 −16
Original line number Diff line number Diff line
@@ -675,22 +675,6 @@ void __qdisc_calculate_pkt_len(struct sk_buff *skb, 
			       const struct qdisc_size_table *stab);

int skb_do_redirect(struct sk_buff *);



static inline void skb_reset_tc(struct sk_buff *skb)

{

#ifdef CONFIG_NET_CLS_ACT

	skb->tc_redirected = 0;

#endif

}



static inline bool skb_is_tc_redirected(const struct sk_buff *skb)

{

#ifdef CONFIG_NET_CLS_ACT

	return skb->tc_redirected;

#else

	return false;

#endif

}



static inline bool skb_at_tc_ingress(const struct sk_buff *skb)

{

#ifdef CONFIG_NET_CLS_ACT

net/Kconfig

+3 −0
Original line number Diff line number Diff line
@@ -52,6 +52,9 @@ config NET_INGRESS 
config NET_EGRESS

	bool



config NET_REDIRECT

	bool



config SKB_EXTENSIONS

	bool