From: Lorenz Bauer <lmb@cloudflare.com>
To: herbert@gondor.apana.org.au
Cc: netdev@vger.kernel.org
Subject: Question re. skb_orphan for TPROXY
Date: Tue, 16 Apr 2019 15:49:17 +0100 [thread overview]
Message-ID: <CACAyw9-pYyvkUBOzdD+XQBEKdGGB9foJ5ph5sdjiuE4_uyEoJg@mail.gmail.com> (raw)
Hello Herbert (and List),
Apologies for contacting you out of the blue. I'm currently trying to
understand how TPROXY works under the hood. As part of this endeavour,
I've stumbled upon the commit attached to this email.
From the commit message I infer that somewhere, TPROXY relies on a
check of skb->sk == NULL to function. However, I can't figure out
where! I've traced TPROXY from NF_HOOK(NF_INET_PRE_ROUTING) just after
the call to skb_orphan to __inet_lookup_skb / skb_steal_sock called
from the TCP and UDP receive functions, and as far as I can tell there
is no such check. Can you maybe shed some light on this?
The commit is a fix for https://bugzilla.kernel.org/show_bug.cgi?id=13627
commit 71f9dacd2e4d233029e9e956ca3f79531f411827
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri Jun 26 19:22:37 2009 -0700
inet: Call skb_orphan before tproxy activates
As transparent proxying looks up the socket early and assigns
it to the skb for later processing, we must drop any existing
socket ownership prior to that in order to distinguish between
the case where tproxy is active and where it is not.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 490ce20faf38..db46b4b5b2b9 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -440,6 +440,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device
*dev, struct packet_type *pt,
/* Remove any debris in the socket control block */
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
+ /* Must drop socket now because of tproxy. */
+ skb_orphan(skb);
+
return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
ip_rcv_finish);
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index c3a07d75b5f5..6d6a4277c677 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -139,6 +139,9 @@ int ipv6_rcv(struct sk_buff *skb, struct
net_device *dev, struct packet_type *pt
rcu_read_unlock();
+ /* Must drop socket now because of tproxy. */
+ skb_orphan(skb);
+
return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
ip6_rcv_finish);
err:
--
Lorenz Bauer | Systems Engineer
25 Lavington St., London SE1 0NZ
www.cloudflare.com
next reply other threads:[~2019-04-16 14:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 14:49 Lorenz Bauer [this message]
2019-04-16 15:00 ` Question re. skb_orphan for TPROXY Florian Westphal
2019-04-18 12:01 ` Lorenz Bauer
2019-05-02 17:50 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACAyw9-pYyvkUBOzdD+XQBEKdGGB9foJ5ph5sdjiuE4_uyEoJg@mail.gmail.com \
--to=lmb@cloudflare.com \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).