* [PATCH] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
@ 2017-10-26 8:57 Ye Yin
2017-10-28 10:33 ` Julian Anastasov
0 siblings, 1 reply; 4+ messages in thread
From: Ye Yin @ 2017-10-26 8:57 UTC (permalink / raw)
To: davem
Cc: willemb, edumazet, johannes.berg, dcaratti, pabeni, f.fainelli,
fw, soheil, dwindsor, elena.reshetova, tom, Jason, linux-kernel,
netdev, Ye Yin, Wei Zhou
When run ipvs in two different network namespace at the same host, and one
ipvs transport network traffic to the other network namespace ipvs.
'ipvs_property' flag will make the second ipvs take no effect. So we should
clear 'ipvs_property' when SKB network namespace changed.
Signed-off-by: Ye Yin <hustcat@gmail.com>
Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
---
include/linux/skbuff.h | 7 +++++++
net/core/skbuff.c | 1 +
2 files changed, 8 insertions(+)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 72299ef..d448a48 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -3770,6 +3770,13 @@ static inline void nf_reset_trace(struct sk_buff *skb)
#endif
}
+static inline void ipvs_reset(struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IP_VS)
+ skb->ipvs_property = 0;
+#endif
+}
+
/* Note: This doesn't put any conntrack and bridge info in dst. */
static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src,
bool copy)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 2465607..e140ba4 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4864,6 +4864,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet)
if (!xnet)
return;
+ ipvs_reset(skb);
skb_orphan(skb);
skb->mark = 0;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
2017-10-26 8:57 [PATCH] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed Ye Yin
@ 2017-10-28 10:33 ` Julian Anastasov
2017-11-02 14:46 ` Simon Horman
0 siblings, 1 reply; 4+ messages in thread
From: Julian Anastasov @ 2017-10-28 10:33 UTC (permalink / raw)
To: Ye Yin
Cc: David S. Miller, willemb, edumazet, johannes.berg, dcaratti,
pabeni, f.fainelli, fw, soheil, dwindsor, elena.reshetova, tom,
Jason, linux-kernel, netdev, Wei Zhou, Wensong Zhang,
Simon Horman, lvs-devel
Hello,
On Thu, 26 Oct 2017, Ye Yin wrote:
> When run ipvs in two different network namespace at the same host, and one
> ipvs transport network traffic to the other network namespace ipvs.
> 'ipvs_property' flag will make the second ipvs take no effect. So we should
> clear 'ipvs_property' when SKB network namespace changed.
>
> Signed-off-by: Ye Yin <hustcat@gmail.com>
> Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
Patch looks good to me. ipvs_property was added long ago
but skb_scrub_packet() is more recent (3.11), so:
Fixes: 621e84d6f373 ("dev: introduce skb_scrub_packet()")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
I guess, DaveM can apply it directly as a bugfix
to the net tree.
> ---
> include/linux/skbuff.h | 7 +++++++
> net/core/skbuff.c | 1 +
> 2 files changed, 8 insertions(+)
>
> diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> index 72299ef..d448a48 100644
> --- a/include/linux/skbuff.h
> +++ b/include/linux/skbuff.h
> @@ -3770,6 +3770,13 @@ static inline void nf_reset_trace(struct sk_buff *skb)
> #endif
> }
>
> +static inline void ipvs_reset(struct sk_buff *skb)
> +{
> +#if IS_ENABLED(CONFIG_IP_VS)
> + skb->ipvs_property = 0;
> +#endif
> +}
> +
> /* Note: This doesn't put any conntrack and bridge info in dst. */
> static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src,
> bool copy)
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 2465607..e140ba4 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -4864,6 +4864,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet)
> if (!xnet)
> return;
>
> + ipvs_reset(skb);
> skb_orphan(skb);
> skb->mark = 0;
> }
> --
> 1.7.12.4
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
2017-10-28 10:33 ` Julian Anastasov
@ 2017-11-02 14:46 ` Simon Horman
2017-11-04 13:38 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Simon Horman @ 2017-11-02 14:46 UTC (permalink / raw)
To: Julian Anastasov
Cc: Ye Yin, David S. Miller, willemb, edumazet, johannes.berg,
dcaratti, pabeni, f.fainelli, fw, soheil, dwindsor,
elena.reshetova, tom, Jason, linux-kernel, netdev, Wei Zhou,
Wensong Zhang, lvs-devel
On Sat, Oct 28, 2017 at 01:33:09PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 26 Oct 2017, Ye Yin wrote:
>
> > When run ipvs in two different network namespace at the same host, and one
> > ipvs transport network traffic to the other network namespace ipvs.
> > 'ipvs_property' flag will make the second ipvs take no effect. So we should
> > clear 'ipvs_property' when SKB network namespace changed.
> >
> > Signed-off-by: Ye Yin <hustcat@gmail.com>
> > Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
>
> Patch looks good to me. ipvs_property was added long ago
> but skb_scrub_packet() is more recent (3.11), so:
>
> Fixes: 621e84d6f373 ("dev: introduce skb_scrub_packet()")
> Signed-off-by: Julian Anastasov <ja@ssi.bg>
>
> I guess, DaveM can apply it directly as a bugfix
> to the net tree.
Sounds like a good plan to me, Dave?
Signed-off-by: Simon Horman <horms@verge.net.au>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
2017-11-02 14:46 ` Simon Horman
@ 2017-11-04 13:38 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2017-11-04 13:38 UTC (permalink / raw)
To: horms
Cc: ja, hustcat, willemb, edumazet, johannes.berg, dcaratti, pabeni,
f.fainelli, fw, soheil, dwindsor, elena.reshetova, tom, Jason,
linux-kernel, netdev, chouryzhou, wensong, lvs-devel
From: Simon Horman <horms@verge.net.au>
Date: Thu, 2 Nov 2017 15:46:50 +0100
> On Sat, Oct 28, 2017 at 01:33:09PM +0300, Julian Anastasov wrote:
>>
>> Hello,
>>
>> On Thu, 26 Oct 2017, Ye Yin wrote:
>>
>> > When run ipvs in two different network namespace at the same host, and one
>> > ipvs transport network traffic to the other network namespace ipvs.
>> > 'ipvs_property' flag will make the second ipvs take no effect. So we should
>> > clear 'ipvs_property' when SKB network namespace changed.
>> >
>> > Signed-off-by: Ye Yin <hustcat@gmail.com>
>> > Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
>>
>> Patch looks good to me. ipvs_property was added long ago
>> but skb_scrub_packet() is more recent (3.11), so:
>>
>> Fixes: 621e84d6f373 ("dev: introduce skb_scrub_packet()")
>> Signed-off-by: Julian Anastasov <ja@ssi.bg>
>>
>> I guess, DaveM can apply it directly as a bugfix
>> to the net tree.
>
> Sounds like a good plan to me, Dave?
>
> Signed-off-by: Simon Horman <horms@verge.net.au>
Sure, applied and queued up for -stable, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-04 13:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-26 8:57 [PATCH] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed Ye Yin
2017-10-28 10:33 ` Julian Anastasov
2017-11-02 14:46 ` Simon Horman
2017-11-04 13:38 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).