Commit 5b2af5ff authored Oct 26, 2017 by Ye Yin Committed by Greg Kroah-Hartman Nov 24, 2017

netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed




[ Upstream commit 2b5ec1a5f9738ee7bf8f5ec0526e75e00362c48f ]

When run ipvs in two different network namespace at the same host, and one
ipvs transport network traffic to the other network namespace ipvs.
'ipvs_property' flag will make the second ipvs take no effect. So we should
clear 'ipvs_property' when SKB network namespace changed.

Fixes: 621e84d6 ("dev: introduce skb_scrub_packet()")
Signed-off-by: Ye Yin <hustcat@gmail.com>
Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 475b9905

include/linux/skbuff.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -3117,6 +3117,13 @@ static inline void nf_reset_trace(struct sk_buff *skb)
		#endif
		}

		static inline void ipvs_reset(struct sk_buff *skb)
		{
		#if IS_ENABLED(CONFIG_IP_VS)
		skb->ipvs_property = 0;
		#endif
		}

		/* Note: This doesn't put any conntrack and bridge info in dst. */
		static inline void __nf_copy(struct sk_buff dst, const struct sk_buff src,
		bool copy)

net/core/skbuff.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -4069,6 +4069,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet)
		if (!xnet)
		return;

		ipvs_reset(skb);
		skb_orphan(skb);
		skb->mark = 0;
		}