Skip to content

Commit c3aaa06

Browse files
Mahesh Bandewardavem330
Mahesh Bandewar
authored and
davem330
committed
ipvlan: scrub skb before routing in L3 mode.
Scrub skb before hitting the iptable hooks to ensure packets hit these hooks. Set the xnet param only when the packet is crossing the ns boundry so if the IPvlan slave and master belong to the same ns, the param will be set to false. Signed-off-by: Mahesh Bandewar <maheshb@google.com> CC: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 86310cc commit c3aaa06

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

drivers/net/ipvlan/ipvlan_core.c

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -342,7 +342,7 @@ static struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port,
342342
return addr;
343343
}
344344

345-
static int ipvlan_process_v4_outbound(struct sk_buff *skb)
345+
static int ipvlan_process_v4_outbound(struct sk_buff *skb, bool xnet)
346346
{
347347
const struct iphdr *ip4h = ip_hdr(skb);
348348
struct net_device *dev = skb->dev;
@@ -365,7 +365,7 @@ static int ipvlan_process_v4_outbound(struct sk_buff *skb)
365365
ip_rt_put(rt);
366366
goto err;
367367
}
368-
skb_dst_drop(skb);
368+
skb_scrub_packet(skb, xnet);
369369
skb_dst_set(skb, &rt->dst);
370370
err = ip_local_out(net, skb->sk, skb);
371371
if (unlikely(net_xmit_eval(err)))
@@ -380,7 +380,7 @@ static int ipvlan_process_v4_outbound(struct sk_buff *skb)
380380
return ret;
381381
}
382382

383-
static int ipvlan_process_v6_outbound(struct sk_buff *skb)
383+
static int ipvlan_process_v6_outbound(struct sk_buff *skb, bool xnet)
384384
{
385385
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
386386
struct net_device *dev = skb->dev;
@@ -403,7 +403,7 @@ static int ipvlan_process_v6_outbound(struct sk_buff *skb)
403403
dst_release(dst);
404404
goto err;
405405
}
406-
skb_dst_drop(skb);
406+
skb_scrub_packet(skb, xnet);
407407
skb_dst_set(skb, dst);
408408
err = ip6_local_out(net, skb->sk, skb);
409409
if (unlikely(net_xmit_eval(err)))
@@ -418,8 +418,7 @@ static int ipvlan_process_v6_outbound(struct sk_buff *skb)
418418
return ret;
419419
}
420420

421-
static int ipvlan_process_outbound(struct sk_buff *skb,
422-
const struct ipvl_dev *ipvlan)
421+
static int ipvlan_process_outbound(struct sk_buff *skb, bool xnet)
423422
{
424423
struct ethhdr *ethh = eth_hdr(skb);
425424
int ret = NET_XMIT_DROP;
@@ -443,9 +442,9 @@ static int ipvlan_process_outbound(struct sk_buff *skb,
443442
}
444443

445444
if (skb->protocol == htons(ETH_P_IPV6))
446-
ret = ipvlan_process_v6_outbound(skb);
445+
ret = ipvlan_process_v6_outbound(skb, xnet);
447446
else if (skb->protocol == htons(ETH_P_IP))
448-
ret = ipvlan_process_v4_outbound(skb);
447+
ret = ipvlan_process_v4_outbound(skb, xnet);
449448
else {
450449
pr_warn_ratelimited("Dropped outbound packet type=%x\n",
451450
ntohs(skb->protocol));
@@ -481,6 +480,7 @@ static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
481480
void *lyr3h;
482481
struct ipvl_addr *addr;
483482
int addr_type;
483+
bool xnet;
484484

485485
lyr3h = ipvlan_get_L3_hdr(skb, &addr_type);
486486
if (!lyr3h)
@@ -491,8 +491,9 @@ static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
491491
return ipvlan_rcv_frame(addr, &skb, true);
492492

493493
out:
494+
xnet = !net_eq(dev_net(skb->dev), dev_net(ipvlan->phy_dev));
494495
skb->dev = ipvlan->phy_dev;
495-
return ipvlan_process_outbound(skb, ipvlan);
496+
return ipvlan_process_outbound(skb, xnet);
496497
}
497498

498499
static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)

0 commit comments

Comments
 (0)