Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

iptunnel: scrub packet in iptunnel_pull_header

Part of skb_scrub_packet was open coded in iptunnel_pull_header. Let it call
skb_scrub_packet directly instead.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Benc 9 years ago
parent
c9e78efb6f
commit
7f290c9435
7 changed files with 12 additions and 13 deletions
Unified View Show Diff Stats
  1. 2 2
      drivers/net/geneve.c
  2. 2 2
      drivers/net/vxlan.c
  3. 2 1
      include/net/ip_tunnels.h
  4. 1 1
      net/ipv4/ip_gre.c
  5. 3 5
      net/ipv4/ip_tunnel_core.c
  6. 1 1
      net/ipv4/ipip.c
  7. 1 1
      net/ipv6/sit.c

+ 2 - 2
drivers/net/geneve.c
View File 

@@ -237,7 +237,6 @@ static void geneve_rx(struct geneve_dev *geneve, struct geneve_sock *gs,
 
 	}
 
 	}
 
 
 
 	skb_reset_mac_header(skb);
 
 	skb_reset_mac_header(skb);
 
-	skb_scrub_packet(skb, !net_eq(geneve->net, dev_net(geneve->dev)));
 
 	skb->protocol = eth_type_trans(skb, geneve->dev);
 
 	skb->protocol = eth_type_trans(skb, geneve->dev);
 
 	skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
 
 	skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
 
 
 
@@ -356,7 +355,8 @@ static int geneve_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
 
 
 
 	opts_len = geneveh->opt_len * 4;
 
 	opts_len = geneveh->opt_len * 4;
 
 	if (iptunnel_pull_header(skb, GENEVE_BASE_HLEN + opts_len,
 
 	if (iptunnel_pull_header(skb, GENEVE_BASE_HLEN + opts_len,
 
-				 htons(ETH_P_TEB)))
 
+				 htons(ETH_P_TEB),
 
+				 !net_eq(geneve->net, dev_net(geneve->dev))))
 
 		goto drop;
 
 		goto drop;
 
 
 
 	geneve_rx(geneve, gs, skb);
 
 	geneve_rx(geneve, gs, skb);

+ 2 - 2
drivers/net/vxlan.c
View File 

@@ -1198,7 +1198,6 @@ static void vxlan_rcv(struct vxlan_dev *vxlan, struct vxlan_sock *vs,
 
 	int err = 0;
 
 	int err = 0;
 
 
 
 	skb_reset_mac_header(skb);
 
 	skb_reset_mac_header(skb);
 
-	skb_scrub_packet(skb, !net_eq(vxlan->net, dev_net(vxlan->dev)));
 
 	skb->protocol = eth_type_trans(skb, vxlan->dev);
 
 	skb->protocol = eth_type_trans(skb, vxlan->dev);
 
 	skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
 
 	skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
 
 
 
@@ -1305,7 +1304,8 @@ static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
 
 	if (!vxlan)
 
 	if (!vxlan)
 
 		goto drop;
 
 		goto drop;
 
 
 
-	if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB)))
 
+	if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB),
 
+				 !net_eq(vxlan->net, dev_net(vxlan->dev))))
 
 		goto drop;
 
 		goto drop;
 
 
 
 	if (vxlan_collect_metadata(vs)) {
 
 	if (vxlan_collect_metadata(vs)) {

+ 2 - 1
include/net/ip_tunnels.h
View File 

@@ -270,7 +270,8 @@ static inline u8 ip_tunnel_ecn_encap(u8 tos, const struct iphdr *iph,
 
 	return INET_ECN_encapsulate(tos, inner);
 
 	return INET_ECN_encapsulate(tos, inner);
 
 }
 
 }
 
 
 
-int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto);
 
+int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto,
 
+			 bool xnet);
 
 void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb,
 
 void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb,
 
 		   __be32 src, __be32 dst, u8 proto,
 
 		   __be32 src, __be32 dst, u8 proto,
 
 		   u8 tos, u8 ttl, __be16 df, bool xnet);
 
 		   u8 tos, u8 ttl, __be16 df, bool xnet);

+ 1 - 1
net/ipv4/ip_gre.c
View File 

@@ -238,7 +238,7 @@ static int parse_gre_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
 
 				return -EINVAL;
 
 				return -EINVAL;
 
 		}
 
 		}
 
 	}
 
 	}
 
-	return iptunnel_pull_header(skb, hdr_len, tpi->proto);
 
+	return iptunnel_pull_header(skb, hdr_len, tpi->proto, false);
 
 }
 
 }
 
 
 
 static void ipgre_err(struct sk_buff *skb, u32 info,
 
 static void ipgre_err(struct sk_buff *skb, u32 info,

+ 3 - 5
net/ipv4/ip_tunnel_core.c
View File 

@@ -86,7 +86,8 @@ void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb,
 
 }
 
 }
 
 EXPORT_SYMBOL_GPL(iptunnel_xmit);
 
 EXPORT_SYMBOL_GPL(iptunnel_xmit);
 
 
 
-int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
 
+int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto,
 
+			 bool xnet)
 
 {
 
 {
 
 	if (unlikely(!pskb_may_pull(skb, hdr_len)))
 
 	if (unlikely(!pskb_may_pull(skb, hdr_len)))
 
 		return -ENOMEM;
 
 		return -ENOMEM;
 
@@ -109,13 +110,10 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
 
 		skb->protocol = inner_proto;
 
 		skb->protocol = inner_proto;
 
 	}
 
 	}
 
 
 
-	nf_reset(skb);
 
-	secpath_reset(skb);
 
 	skb_clear_hash_if_not_l4(skb);
 
 	skb_clear_hash_if_not_l4(skb);
 
-	skb_dst_drop(skb);
 
 	skb->vlan_tci = 0;
 
 	skb->vlan_tci = 0;
 
 	skb_set_queue_mapping(skb, 0);
 
 	skb_set_queue_mapping(skb, 0);
 
-	skb->pkt_type = PACKET_HOST;
 
+	skb_scrub_packet(skb, xnet);
 
 	return 0;
 
 	return 0;
 
 }
 
 }
 
 EXPORT_SYMBOL_GPL(iptunnel_pull_header);
 
 EXPORT_SYMBOL_GPL(iptunnel_pull_header);

+ 1 - 1
net/ipv4/ipip.c
View File 

@@ -195,7 +195,7 @@ static int ipip_rcv(struct sk_buff *skb)
 
 	if (tunnel) {
 
 	if (tunnel) {
 
 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 
 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 
 			goto drop;
 
 			goto drop;
 
-		if (iptunnel_pull_header(skb, 0, tpi.proto))
 
+		if (iptunnel_pull_header(skb, 0, tpi.proto, false))
 
 			goto drop;
 
 			goto drop;
 
 		return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
 
 		return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
 
 	}
 
 	}

+ 1 - 1
net/ipv6/sit.c
View File 

@@ -740,7 +740,7 @@ static int ipip_rcv(struct sk_buff *skb)
 
 
 
 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 
 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 
 			goto drop;
 
 			goto drop;
 
-		if (iptunnel_pull_header(skb, 0, tpi.proto))
 
+		if (iptunnel_pull_header(skb, 0, tpi.proto, false))
 
 			goto drop;
 
 			goto drop;
 
 		return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
 
 		return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
 
 	}
 
 	}