Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7a46095 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'netns-defrag' 



Eric W. Biederman says:

====================
net: Pass net into defragmentation

This is the next installment of my work to pass struct net through the
output path so the code does not need to guess how to figure out which
network namespace it is in, and ultimately routes can have output
devices in another network namespace.

In netfilter and af_packet we defragment packets in the output path,
and there is the usual amount of confusion about how to compute which
net we are processing the packets in.  This patchset clears that
confusion up by explicitly passing in struct net in ip_defrag,
ip_check_defrag, and nf_ct_frag6_gather.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 161642e2 b7277597

drivers/net/macvlan.c

+1 −1
Original line number Diff line number Diff line
@@ -412,7 +412,7 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb) 


	port = macvlan_port_get_rcu(skb->dev);

	if (is_multicast_ether_addr(eth->h_dest)) {

		skb = ip_check_defrag(skb, IP_DEFRAG_MACVLAN);

		skb = ip_check_defrag(dev_net(skb->dev), skb, IP_DEFRAG_MACVLAN);

		if (!skb)

			return RX_HANDLER_CONSUMED;

		eth = eth_hdr(skb);

include/net/ip.h

+3 −3
Original line number Diff line number Diff line
@@ -506,11 +506,11 @@ static inline bool ip_defrag_user_in_between(u32 user, 
	return user >= lower_bond && user <= upper_bond;

}



int ip_defrag(struct sk_buff *skb, u32 user);

int ip_defrag(struct net *net, struct sk_buff *skb, u32 user);

#ifdef CONFIG_INET

struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user);

struct sk_buff *ip_check_defrag(struct net *net, struct sk_buff *skb, u32 user);

#else

static inline struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user)

static inline struct sk_buff *ip_check_defrag(struct net *net, struct sk_buff *skb, u32 user)

{

	return skb;

}

include/net/netfilter/ipv6/nf_defrag_ipv6.h

+1 −1
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ void nf_defrag_ipv6_enable(void); 


int nf_ct_frag6_init(void);

void nf_ct_frag6_cleanup(void);

struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user);

struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user);

void nf_ct_frag6_consume_orig(struct sk_buff *skb);



struct inet_frags_ctl;

net/ipv4/ip_fragment.c

+3 −4
Original line number Diff line number Diff line
@@ -654,11 +654,10 @@ out_fail: 
}



/* Process an incoming IP datagram fragment. */

int ip_defrag(struct sk_buff *skb, u32 user)

int ip_defrag(struct net *net, struct sk_buff *skb, u32 user)

{

	struct net_device *dev = skb->dev ? : skb_dst(skb)->dev;

	int vif = l3mdev_master_ifindex_rcu(dev);

	struct net *net = dev_net(dev);

	struct ipq *qp;



	IP_INC_STATS_BH(net, IPSTATS_MIB_REASMREQDS);
@@ -683,7 +682,7 @@ int ip_defrag(struct sk_buff *skb, u32 user) 
}

EXPORT_SYMBOL(ip_defrag);



struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user)

struct sk_buff *ip_check_defrag(struct net *net, struct sk_buff *skb, u32 user)

{

	struct iphdr iph;

	int netoff;
@@ -712,7 +711,7 @@ struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user) 
			if (pskb_trim_rcsum(skb, netoff + len))

				return skb;

			memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));

			if (ip_defrag(skb, user))

			if (ip_defrag(net, skb, user))

				return NULL;

			skb_clear_hash(skb);

		}

net/ipv4/ip_input.c

+6 −4
Original line number Diff line number Diff line
@@ -157,6 +157,7 @@ bool ip_call_ra_chain(struct sk_buff *skb) 
	u8 protocol = ip_hdr(skb)->protocol;

	struct sock *last = NULL;

	struct net_device *dev = skb->dev;

	struct net *net = dev_net(dev);



	for (ra = rcu_dereference(ip_ra_chain); ra; ra = rcu_dereference(ra->next)) {

		struct sock *sk = ra->sk;
@@ -167,9 +168,9 @@ bool ip_call_ra_chain(struct sk_buff *skb) 
		if (sk && inet_sk(sk)->inet_num == protocol &&

		    (!sk->sk_bound_dev_if ||

		     sk->sk_bound_dev_if == dev->ifindex) &&

		    net_eq(sock_net(sk), dev_net(dev))) {

		    net_eq(sock_net(sk), net)) {

			if (ip_is_fragment(ip_hdr(skb))) {

				if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN))

				if (ip_defrag(net, skb, IP_DEFRAG_CALL_RA_CHAIN))

					return true;

			}

			if (last) {
@@ -246,14 +247,15 @@ int ip_local_deliver(struct sk_buff *skb) 
	/*

	 *	Reassemble IP fragments.

	 */

	struct net *net = dev_net(skb->dev);



	if (ip_is_fragment(ip_hdr(skb))) {

		if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))

		if (ip_defrag(net, skb, IP_DEFRAG_LOCAL_DELIVER))

			return 0;

	}



	return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN,

		       dev_net(skb->dev), NULL, skb, skb->dev, NULL,

		       net, NULL, skb, skb->dev, NULL,

		       ip_local_deliver_finish);

}