Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b27f277 authored by Nicolas Dichtel's avatar Nicolas Dichtel Committed by David S. Miller
Browse files

skb: allow skb_scrub_packet() to be used by tunnels



This function was only used when a packet was sent to another netns. Now, it can
also be used after tunnel encapsulation or decapsulation.

Only skb_orphan() should not be done when a packet is not crossing netns.

Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 11796187
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -2392,7 +2392,7 @@ extern void skb_split(struct sk_buff *skb,
				 struct sk_buff *skb1, const u32 len);
extern int	       skb_shift(struct sk_buff *tgt, struct sk_buff *skb,
				 int shiftlen);
extern void	       skb_scrub_packet(struct sk_buff *skb);
extern void	       skb_scrub_packet(struct sk_buff *skb, bool xnet);

extern struct sk_buff *skb_segment(struct sk_buff *skb,
				   netdev_features_t features);
+1 −1
Original line number Diff line number Diff line
@@ -1697,7 +1697,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
	 * call skb_scrub_packet() after it to clear pkt_type _after_ calling
	 * eth_type_trans().
	 */
	skb_scrub_packet(skb);
	skb_scrub_packet(skb, true);

	return netif_rx(skb);
}
+12 −7
Original line number Diff line number Diff line
@@ -3500,16 +3500,21 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
EXPORT_SYMBOL(skb_try_coalesce);

/**
 * skb_scrub_packet - scrub an skb before sending it to another netns
 * skb_scrub_packet - scrub an skb
 *
 * @skb: buffer to clean
 * @xnet: packet is crossing netns
 *
 * skb_scrub_packet can be used to clean an skb before injecting it in
 * another namespace. We have to clear all information in the skb that
 * could impact namespace isolation.
 * skb_scrub_packet can be used after encapsulating or decapsulting a packet
 * into/from a tunnel. Some information have to be cleared during these
 * operations.
 * skb_scrub_packet can also be used to clean a skb before injecting it in
 * another namespace (@xnet == true). We have to clear all information in the
 * skb that could impact namespace isolation.
 */
void skb_scrub_packet(struct sk_buff *skb)
void skb_scrub_packet(struct sk_buff *skb, bool xnet)
{
	if (xnet)
		skb_orphan(skb);
	skb->tstamp.tv64 = 0;
	skb->pkt_type = PACKET_HOST;
+2 −2
Original line number Diff line number Diff line
@@ -462,7 +462,7 @@ int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
	}

	if (!net_eq(tunnel->net, dev_net(tunnel->dev)))
		skb_scrub_packet(skb);
		skb_scrub_packet(skb, true);

	gro_cells_receive(&tunnel->gro_cells, skb);
	return 0;
@@ -615,7 +615,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
	}

	if (!net_eq(tunnel->net, dev_net(dev)))
		skb_scrub_packet(skb);
		skb_scrub_packet(skb, true);

	if (tunnel->err_count > 0) {
		if (time_before(jiffies,
+2 −2
Original line number Diff line number Diff line
@@ -830,7 +830,7 @@ static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol,
		tstats->rx_bytes += skb->len;

		if (!net_eq(t->net, dev_net(t->dev)))
			skb_scrub_packet(skb);
			skb_scrub_packet(skb, true);

		netif_rx(skb);

@@ -1002,7 +1002,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
	}

	if (!net_eq(t->net, dev_net(dev)))
		skb_scrub_packet(skb);
		skb_scrub_packet(skb, true);

	/*
	 * Okay, now see if we can stuff it in the buffer as-is.
Loading