net: ip: add skb drop reasons to ip forwarding

Replace kfree_skb() which is used in ip6_forward() and ip_forward()
with kfree_skb_reason().

The new drop reason 'SKB_DROP_REASON_PKT_TOO_BIG' is introduced for
the case that the length of the packet exceeds MTU and can't
fragment.

Signed-off-by: Menglong Dong <imagedong@tencent.com>
Reviewed-by: Jiang Biao <benbjiang@tencent.com>
Reviewed-by: Hao Peng <flyingpeng@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 886e83ac4b70d06c3bd850e61d182ef26ed0836b..0ef11df1bc67f26a454a809396bd93299ce787ad 100644 (file)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -453,6 +453,9 @@ enum skb_drop_reason {
        SKB_DROP_REASON_IP_INNOROUTES,  /* network unreachable, corresponding
                                         * to IPSTATS_MIB_INADDRERRORS
                                         */
+       SKB_DROP_REASON_PKT_TOO_BIG,    /* packet size is too big (maybe exceed
+                                        * the MTU)
+                                        */
        SKB_DROP_REASON_MAX,
 };
 

diff --git a/include/trace/events/skb.h b/include/trace/events/skb.h
index 0acac7e5a019fd065c3ebf2cb58a2489a6ed8783..2da72a9a576462bee9f3415141dfffd2eec8c258 100644 (file)
--- a/include/trace/events/skb.h
+++ b/include/trace/events/skb.h
@@ -65,6 +65,7 @@
        EM(SKB_DROP_REASON_INVALID_PROTO, INVALID_PROTO)        \
        EM(SKB_DROP_REASON_IP_INADDRERRORS, IP_INADDRERRORS)    \
        EM(SKB_DROP_REASON_IP_INNOROUTES, IP_INNOROUTES)        \
+       EM(SKB_DROP_REASON_PKT_TOO_BIG, PKT_TOO_BIG)            \
        EMe(SKB_DROP_REASON_MAX, MAX)
 
 #undef EM

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 92ba3350274bc37b26eca3898e72e4d61ade577d..e3aa436a1bdf8f5349b5ab7f8ef3c91a6cd2c3bd 100644 (file)
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -90,6 +90,7 @@ int ip_forward(struct sk_buff *skb)
        struct rtable *rt;      /* Route we use */
        struct ip_options *opt  = &(IPCB(skb)->opt);
        struct net *net;
+       SKB_DR(reason);
 
        /* that should never happen */
        if (skb->pkt_type != PACKET_HOST)
@@ -101,8 +102,10 @@ int ip_forward(struct sk_buff *skb)
        if (skb_warn_if_lro(skb))
                goto drop;
 
-       if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb))
+       if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
+               SKB_DR_SET(reason, XFRM_POLICY);
                goto drop;
+       }
 
        if (IPCB(skb)->opt.router_alert && ip_call_ra_chain(skb))
                return NET_RX_SUCCESS;
@@ -118,8 +121,10 @@ int ip_forward(struct sk_buff *skb)
        if (ip_hdr(skb)->ttl <= 1)
                goto too_many_hops;
 
-       if (!xfrm4_route_forward(skb))
+       if (!xfrm4_route_forward(skb)) {
+               SKB_DR_SET(reason, XFRM_POLICY);
                goto drop;
+       }
 
        rt = skb_rtable(skb);
 
@@ -132,6 +137,7 @@ int ip_forward(struct sk_buff *skb)
                IP_INC_STATS(net, IPSTATS_MIB_FRAGFAILS);
                icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
                          htonl(mtu));
+               SKB_DR_SET(reason, PKT_TOO_BIG);
                goto drop;
        }
 
@@ -169,7 +175,8 @@ too_many_hops:
        /* Tell the sender its packet died... */
        __IP_INC_STATS(net, IPSTATS_MIB_INHDRERRORS);
        icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
+       SKB_DR_SET(reason, IP_INHDR);
 drop:
-       kfree_skb(skb);
+       kfree_skb_reason(skb, reason);
        return NET_RX_DROP;
 }

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index e23f058166af582af3adf9ce1267286cf334ff7b..3e729cee648671352b0715f39d20f9913336a915 100644 (file)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -469,6 +469,7 @@ int ip6_forward(struct sk_buff *skb)
        struct inet6_skb_parm *opt = IP6CB(skb);
        struct net *net = dev_net(dst->dev);
        struct inet6_dev *idev;
+       SKB_DR(reason);
        u32 mtu;
 
        idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
@@ -518,7 +519,7 @@ int ip6_forward(struct sk_buff *skb)
                icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
                __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
 
-               kfree_skb(skb);
+               kfree_skb_reason(skb, SKB_DROP_REASON_IP_INHDR);
                return -ETIMEDOUT;
        }
 
@@ -537,6 +538,7 @@ int ip6_forward(struct sk_buff *skb)
 
        if (!xfrm6_route_forward(skb)) {
                __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
+               SKB_DR_SET(reason, XFRM_POLICY);
                goto drop;
        }
        dst = skb_dst(skb);
@@ -596,7 +598,7 @@ int ip6_forward(struct sk_buff *skb)
                __IP6_INC_STATS(net, idev, IPSTATS_MIB_INTOOBIGERRORS);
                __IP6_INC_STATS(net, ip6_dst_idev(dst),
                                IPSTATS_MIB_FRAGFAILS);
-               kfree_skb(skb);
+               kfree_skb_reason(skb, SKB_DROP_REASON_PKT_TOO_BIG);
                return -EMSGSIZE;
        }
 
@@ -618,8 +620,9 @@ int ip6_forward(struct sk_buff *skb)
 
 error:
        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INADDRERRORS);
+       SKB_DR_SET(reason, IP_INADDRERRORS);
 drop:
-       kfree_skb(skb);
+       kfree_skb_reason(skb, reason);
        return -EINVAL;
 }