Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b27f277 authored by Nicolas Dichtel's avatar Nicolas Dichtel Committed by David S. Miller
Browse files

skb: allow skb_scrub_packet() to be used by tunnels 



This function was only used when a packet was sent to another netns. Now, it can
also be used after tunnel encapsulation or decapsulation.

Only skb_orphan() should not be done when a packet is not crossing netns.

Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 11796187

include/linux/skbuff.h

+1 −1
Original line number Diff line number Diff line
@@ -2392,7 +2392,7 @@ extern void skb_split(struct sk_buff *skb, 
				 struct sk_buff *skb1, const u32 len);

extern int	       skb_shift(struct sk_buff *tgt, struct sk_buff *skb,

				 int shiftlen);

extern void	       skb_scrub_packet(struct sk_buff *skb);

extern void	       skb_scrub_packet(struct sk_buff *skb, bool xnet);



extern struct sk_buff *skb_segment(struct sk_buff *skb,

				   netdev_features_t features);

net/core/dev.c

+1 −1
Original line number Diff line number Diff line
@@ -1697,7 +1697,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) 
	 * call skb_scrub_packet() after it to clear pkt_type _after_ calling

	 * eth_type_trans().

	 */

	skb_scrub_packet(skb);

	skb_scrub_packet(skb, true);



	return netif_rx(skb);

}

net/core/skbuff.c

+12 −7
Original line number Diff line number Diff line
@@ -3500,16 +3500,21 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, 
EXPORT_SYMBOL(skb_try_coalesce);



/**

 * skb_scrub_packet - scrub an skb before sending it to another netns

 * skb_scrub_packet - scrub an skb

 *

 * @skb: buffer to clean

 * @xnet: packet is crossing netns

 *

 * skb_scrub_packet can be used to clean an skb before injecting it in

 * another namespace. We have to clear all information in the skb that

 * could impact namespace isolation.

 * skb_scrub_packet can be used after encapsulating or decapsulting a packet

 * into/from a tunnel. Some information have to be cleared during these

 * operations.

 * skb_scrub_packet can also be used to clean a skb before injecting it in

 * another namespace (@xnet == true). We have to clear all information in the

 * skb that could impact namespace isolation.

 */

void skb_scrub_packet(struct sk_buff *skb)

void skb_scrub_packet(struct sk_buff *skb, bool xnet)

{

	if (xnet)

		skb_orphan(skb);

	skb->tstamp.tv64 = 0;

	skb->pkt_type = PACKET_HOST;

net/ipv4/ip_tunnel.c

+2 −2
Original line number Diff line number Diff line
@@ -462,7 +462,7 @@ int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb, 
	}



	if (!net_eq(tunnel->net, dev_net(tunnel->dev)))

		skb_scrub_packet(skb);

		skb_scrub_packet(skb, true);



	gro_cells_receive(&tunnel->gro_cells, skb);

	return 0;
@@ -615,7 +615,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, 
	}



	if (!net_eq(tunnel->net, dev_net(dev)))

		skb_scrub_packet(skb);

		skb_scrub_packet(skb, true);



	if (tunnel->err_count > 0) {

		if (time_before(jiffies,

net/ipv6/ip6_tunnel.c

+2 −2
Original line number Diff line number Diff line
@@ -830,7 +830,7 @@ static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol, 
		tstats->rx_bytes += skb->len;



		if (!net_eq(t->net, dev_net(t->dev)))

			skb_scrub_packet(skb);

			skb_scrub_packet(skb, true);



		netif_rx(skb);
@@ -1002,7 +1002,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb, 
	}



	if (!net_eq(t->net, dev_net(dev)))

		skb_scrub_packet(skb);

		skb_scrub_packet(skb, true);



	/*

	 * Okay, now see if we can stuff it in the buffer as-is.