From: Nikolay Aleksandrov <razor@blackwall.org>
To: Xin Long <lucien.xin@gmail.com>, network dev <netdev@vger.kernel.org>
Cc: davem@davemloft.net, kuba@kernel.org,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, David Ahern <dsahern@gmail.com>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Pravin B Shelar <pshelar@ovn.org>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
Jiri Pirko <jiri@resnulli.us>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Ilya Maximets <i.maximets@ovn.org>,
Aaron Conole <aconole@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>,
Mahesh Bandewar <maheshb@google.com>,
Paul Moore <paul@paul-moore.com>,
Guillaume Nault <gnault@redhat.com>
Subject: Re: [PATCHv4 net-next 02/10] bridge: use skb_ip_totlen in br netfilter
Date: Tue, 31 Jan 2023 17:01:36 +0200 [thread overview]
Message-ID: <8bb06e1b-6ec2-4e7c-5ce1-49814704ddb4@blackwall.org> (raw)
In-Reply-To: <4542573738ca3499bd15b2e9980c0176db442dc7.1674921359.git.lucien.xin@gmail.com>
On 28/01/2023 17:58, Xin Long wrote:
> These 3 places in bridge netfilter are called on RX path after GRO
> and IPv4 TCP GSO packets may come through, so replace iph tot_len
> accessing with skb_ip_totlen() in there.
>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
> ---
> net/bridge/br_netfilter_hooks.c | 2 +-
> net/bridge/netfilter/nf_conntrack_bridge.c | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
> index f20f4373ff40..b67c9c98effa 100644
> --- a/net/bridge/br_netfilter_hooks.c
> +++ b/net/bridge/br_netfilter_hooks.c
> @@ -214,7 +214,7 @@ static int br_validate_ipv4(struct net *net, struct sk_buff *skb)
> if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
> goto csum_error;
>
> - len = ntohs(iph->tot_len);
> + len = skb_ip_totlen(skb);
> if (skb->len < len) {
> __IP_INC_STATS(net, IPSTATS_MIB_INTRUNCATEDPKTS);
> goto drop;
> diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c
> index 5c5dd437f1c2..71056ee84773 100644
> --- a/net/bridge/netfilter/nf_conntrack_bridge.c
> +++ b/net/bridge/netfilter/nf_conntrack_bridge.c
> @@ -212,7 +212,7 @@ static int nf_ct_br_ip_check(const struct sk_buff *skb)
> iph->version != 4)
> return -1;
>
> - len = ntohs(iph->tot_len);
> + len = skb_ip_totlen(skb);
> if (skb->len < nhoff + len ||
> len < (iph->ihl * 4))
> return -1;
> @@ -256,7 +256,7 @@ static unsigned int nf_ct_bridge_pre(void *priv, struct sk_buff *skb,
> if (!pskb_may_pull(skb, sizeof(struct iphdr)))
> return NF_ACCEPT;
>
> - len = ntohs(ip_hdr(skb)->tot_len);
> + len = skb_ip_totlen(skb);
> if (pskb_trim_rcsum(skb, len))
> return NF_ACCEPT;
>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
next prev parent reply other threads:[~2023-01-31 15:06 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-28 15:58 [PATCHv4 net-next 00/10] net: support ipv4 big tcp Xin Long
2023-01-28 15:58 ` [PATCHv4 net-next 01/10] net: add a couple of helpers for iph tot_len Xin Long
2023-02-01 15:31 ` David Ahern
2023-01-28 15:58 ` [PATCHv4 net-next 02/10] bridge: use skb_ip_totlen in br netfilter Xin Long
2023-01-31 15:01 ` Nikolay Aleksandrov [this message]
2023-01-28 15:58 ` [PATCHv4 net-next 03/10] openvswitch: use skb_ip_totlen in conntrack Xin Long
2023-02-01 13:29 ` Aaron Conole
2023-01-28 15:58 ` [PATCHv4 net-next 04/10] net: sched: use skb_ip_totlen and iph_totlen Xin Long
2023-01-28 15:58 ` [PATCHv4 net-next 05/10] netfilter: " Xin Long
2023-01-28 15:58 ` [PATCHv4 net-next 06/10] cipso_ipv4: use iph_set_totlen in skbuff_setattr Xin Long
2023-01-28 15:58 ` [PATCHv4 net-next 07/10] ipvlan: use skb_ip_totlen in ipvlan_get_L3_hdr Xin Long
2023-01-28 15:58 ` [PATCHv4 net-next 08/10] packet: add TP_STATUS_GSO_TCP for tp_status Xin Long
2023-02-01 15:32 ` David Ahern
2023-01-28 15:58 ` [PATCHv4 net-next 09/10] net: add gso_ipv4_max_size and gro_ipv4_max_size per device Xin Long
2023-01-31 14:59 ` Paolo Abeni
2023-01-31 17:55 ` Xin Long
2023-02-01 15:36 ` David Ahern
2023-01-28 15:58 ` [PATCHv4 net-next 10/10] net: add support for ipv4 big tcp Xin Long
2023-02-01 15:38 ` David Ahern
2023-02-02 9:24 ` [PATCHv4 net-next 10/10] net: add support for ipv4 big tcp: manual merge Matthieu Baerts
2023-02-01 8:53 ` [PATCHv4 net-next 00/10] net: support ipv4 big tcp Eric Dumazet
2023-02-01 15:39 ` David Ahern
2023-02-02 5:10 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8bb06e1b-6ec2-4e7c-5ce1-49814704ddb4@blackwall.org \
--to=razor@blackwall.org \
--cc=aconole@redhat.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=gnault@redhat.com \
--cc=i.maximets@ovn.org \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=lucien.xin@gmail.com \
--cc=maheshb@google.com \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=paul@paul-moore.com \
--cc=pshelar@ovn.org \
--cc=roopa@nvidia.com \
--cc=xiyou.wangcong@gmail.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.