* [PATCH net] net/ipv4: Initialize proto and ports in flow struct
@ 2018-05-16 18:18 David Ahern
2018-05-16 18:48 ` David Ahern
0 siblings, 1 reply; 2+ messages in thread
From: David Ahern @ 2018-05-16 18:18 UTC (permalink / raw)
To: netdev; +Cc: roopa, David Ahern
Updating the FIB tracepoint for the recent change to allow rules using
the protocol and ports exposed a few places where the entries in the flow
struct are not initialized.
For __fib_validate_source add the call to fib4_rules_early_flow_dissect
since it is invoked for the input path. For netfilter, add the memset on
the flow struct to avoid future problems like this.
Fixes: bfff4862653b ("net: fib_rules: support for match on ip_proto, sport and dport")
Signed-off-by: David Ahern <dsahern@gmail.com>
---
net/ipv4/fib_frontend.c | 10 +++++++---
net/ipv4/netfilter/ipt_rpfilter.c | 2 +-
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index f05afaf3235c..58696b829065 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -326,10 +326,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
u8 tos, int oif, struct net_device *dev,
int rpf, struct in_device *idev, u32 *itag)
{
+ struct net *net = dev_net(dev);
+ struct flow_keys flkeys;
int ret, no_addr;
struct fib_result res;
struct flowi4 fl4;
- struct net *net = dev_net(dev);
bool dev_match;
fl4.flowi4_oif = 0;
@@ -347,8 +348,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
no_addr = idev->ifa_list == NULL;
fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0;
-
- trace_fib_validate_source(dev, &fl4);
+ if (!fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys)) {
+ fl4.flowi4_proto = 0;
+ fl4.fl4_sport = 0;
+ fl4.fl4_dport = 0;
+ }
if (fib_lookup(net, &fl4, &res, 0))
goto last_resort;
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
index fd01f13c896a..12843c9ef142 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -89,10 +89,10 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
return true ^ invert;
}
+ memset(&flow, 0, sizeof(flow));
flow.flowi4_iif = LOOPBACK_IFINDEX;
flow.daddr = iph->saddr;
flow.saddr = rpfilter_get_saddr(iph->daddr);
- flow.flowi4_oif = 0;
flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
flow.flowi4_tos = RT_TOS(iph->tos);
flow.flowi4_scope = RT_SCOPE_UNIVERSE;
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net] net/ipv4: Initialize proto and ports in flow struct
2018-05-16 18:18 [PATCH net] net/ipv4: Initialize proto and ports in flow struct David Ahern
@ 2018-05-16 18:48 ` David Ahern
0 siblings, 0 replies; 2+ messages in thread
From: David Ahern @ 2018-05-16 18:48 UTC (permalink / raw)
To: netdev; +Cc: roopa
On 5/16/18 12:18 PM, David Ahern wrote:
> @@ -347,8 +348,11 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
> no_addr = idev->ifa_list == NULL;
>
> fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0;
> -
> - trace_fib_validate_source(dev, &fl4);
Looks like I sent the net-next version; did not mean to remove that
tracepoint in net. Will send v2
> + if (!fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys)) {
> + fl4.flowi4_proto = 0;
> + fl4.fl4_sport = 0;
> + fl4.fl4_dport = 0;
> + }
>
> if (fib_lookup(net, &fl4, &res, 0))
> goto last_resort;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-05-16 18:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-16 18:18 [PATCH net] net/ipv4: Initialize proto and ports in flow struct David Ahern
2018-05-16 18:48 ` David Ahern
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.