+++ /dev/null
-From 2c64605b590edadb3fb46d1ec6badb49e940b479 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Wed, 25 Mar 2020 13:47:18 +0100
-Subject: net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-
-commit 2c64605b590edadb3fb46d1ec6badb49e940b479 upstream.
-
-net/netfilter/nft_fwd_netdev.c: In function ‘nft_fwd_netdev_eval’:
- net/netfilter/nft_fwd_netdev.c:32:10: error: ‘struct sk_buff’ has no member named ‘tc_redirected’
- pkt->skb->tc_redirected = 1;
- ^~
- net/netfilter/nft_fwd_netdev.c:33:10: error: ‘struct sk_buff’ has no member named ‘tc_from_ingress’
- pkt->skb->tc_from_ingress = 1;
- ^~
-
-To avoid a direct dependency with tc actions from netfilter, wrap the
-redirect bits around CONFIG_NET_REDIRECT and move helpers to
-include/linux/skbuff.h. Turn on this toggle from the ifb driver, the
-only existing client of these bits in the tree.
-
-This patch adds skb_set_redirected() that sets on the redirected bit
-on the skbuff, it specifies if the packet was redirect from ingress
-and resets the timestamp (timestamp reset was originally missing in the
-netfilter bugfix).
-
-Fixes: bcfabee1afd99484 ("netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress")
-Reported-by: noreply@ellerman.id.au
-Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/Kconfig | 1 +
- drivers/net/ifb.c | 6 +++---
- include/linux/skbuff.h | 36 ++++++++++++++++++++++++++++++++----
- include/net/sch_generic.h | 16 ----------------
- net/Kconfig | 3 +++
- net/core/dev.c | 4 ++--
- net/core/pktgen.c | 2 +-
- net/netfilter/nft_fwd_netdev.c | 5 ++---
- net/sched/act_mirred.c | 3 +--
- 9 files changed, 45 insertions(+), 31 deletions(-)
-
---- a/drivers/net/Kconfig
-+++ b/drivers/net/Kconfig
-@@ -105,6 +105,7 @@ config NET_FC
- config IFB
- tristate "Intermediate Functional Block support"
- depends on NET_CLS_ACT
-+ select NET_REDIRECT
- ---help---
- This is an intermediate driver that allows sharing of
- resources.
---- a/drivers/net/ifb.c
-+++ b/drivers/net/ifb.c
-@@ -78,7 +78,7 @@ static void ifb_ri_tasklet(unsigned long
- }
-
- while ((skb = __skb_dequeue(&txp->tq)) != NULL) {
-- skb->tc_redirected = 0;
-+ skb->redirected = 0;
- skb->tc_skip_classify = 1;
-
- u64_stats_update_begin(&txp->tsync);
-@@ -99,7 +99,7 @@ static void ifb_ri_tasklet(unsigned long
- rcu_read_unlock();
- skb->skb_iif = txp->dev->ifindex;
-
-- if (!skb->tc_from_ingress) {
-+ if (!skb->from_ingress) {
- dev_queue_xmit(skb);
- } else {
- skb_pull_rcsum(skb, skb->mac_len);
-@@ -246,7 +246,7 @@ static netdev_tx_t ifb_xmit(struct sk_bu
- txp->rx_bytes += skb->len;
- u64_stats_update_end(&txp->rsync);
-
-- if (!skb->tc_redirected || !skb->skb_iif) {
-+ if (!skb->redirected || !skb->skb_iif) {
- dev_kfree_skb(skb);
- dev->stats.rx_dropped++;
- return NETDEV_TX_OK;
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -615,8 +615,8 @@ typedef unsigned char *sk_buff_data_t;
- * @ipvs_property: skbuff is owned by ipvs
- * @tc_skip_classify: do not classify packet. set by IFB device
- * @tc_at_ingress: used within tc_classify to distinguish in/egress
-- * @tc_redirected: packet was redirected by a tc action
-- * @tc_from_ingress: if tc_redirected, tc_at_ingress at time of redirect
-+ * @redirected: packet was redirected by packet classifier
-+ * @from_ingress: packet was redirected from the ingress path
- * @peeked: this packet has been seen already, so stats have been
- * done for it, don't do them again
- * @nf_trace: netfilter packet trace flag
-@@ -793,8 +793,10 @@ struct sk_buff {
- #ifdef CONFIG_NET_CLS_ACT
- __u8 tc_skip_classify:1;
- __u8 tc_at_ingress:1;
-- __u8 tc_redirected:1;
-- __u8 tc_from_ingress:1;
-+#endif
-+#ifdef CONFIG_NET_REDIRECT
-+ __u8 redirected:1;
-+ __u8 from_ingress:1;
- #endif
- #ifdef CONFIG_TLS_DEVICE
- __u8 decrypted:1;
-@@ -4220,5 +4222,31 @@ static inline __wsum lco_csum(struct sk_
- return csum_partial(l4_hdr, csum_start - l4_hdr, partial);
- }
-
-+static inline bool skb_is_redirected(const struct sk_buff *skb)
-+{
-+#ifdef CONFIG_NET_REDIRECT
-+ return skb->redirected;
-+#else
-+ return false;
-+#endif
-+}
-+
-+static inline void skb_set_redirected(struct sk_buff *skb, bool from_ingress)
-+{
-+#ifdef CONFIG_NET_REDIRECT
-+ skb->redirected = 1;
-+ skb->from_ingress = from_ingress;
-+ if (skb->from_ingress)
-+ skb->tstamp = 0;
-+#endif
-+}
-+
-+static inline void skb_reset_redirect(struct sk_buff *skb)
-+{
-+#ifdef CONFIG_NET_REDIRECT
-+ skb->redirected = 0;
-+#endif
-+}
-+
- #endif /* __KERNEL__ */
- #endif /* _LINUX_SKBUFF_H */
---- a/include/net/sch_generic.h
-+++ b/include/net/sch_generic.h
-@@ -569,22 +569,6 @@ void __qdisc_calculate_pkt_len(struct sk
- const struct qdisc_size_table *stab);
- int skb_do_redirect(struct sk_buff *);
-
--static inline void skb_reset_tc(struct sk_buff *skb)
--{
--#ifdef CONFIG_NET_CLS_ACT
-- skb->tc_redirected = 0;
--#endif
--}
--
--static inline bool skb_is_tc_redirected(const struct sk_buff *skb)
--{
--#ifdef CONFIG_NET_CLS_ACT
-- return skb->tc_redirected;
--#else
-- return false;
--#endif
--}
--
- static inline bool skb_at_tc_ingress(const struct sk_buff *skb)
- {
- #ifdef CONFIG_NET_CLS_ACT
---- a/net/Kconfig
-+++ b/net/Kconfig
-@@ -51,6 +51,9 @@ config NET_INGRESS
- config NET_EGRESS
- bool
-
-+config NET_REDIRECT
-+ bool
-+
- menu "Networking options"
-
- source "net/packet/Kconfig"
---- a/net/core/dev.c
-+++ b/net/core/dev.c
-@@ -4306,7 +4306,7 @@ static u32 netif_receive_generic_xdp(str
- /* Reinjected packets coming from act_mirred or similar should
- * not get XDP generic processing.
- */
-- if (skb_is_tc_redirected(skb))
-+ if (skb_is_redirected(skb))
- return XDP_PASS;
-
- /* XDP packets must be linear and must have sufficient headroom
-@@ -4851,7 +4851,7 @@ skip_taps:
- goto out;
- }
- #endif
-- skb_reset_tc(skb);
-+ skb_reset_redirect(skb);
- skip_classify:
- if (pfmemalloc && !skb_pfmemalloc_protocol(skb))
- goto drop;
---- a/net/core/pktgen.c
-+++ b/net/core/pktgen.c
-@@ -3368,7 +3368,7 @@ static void pktgen_xmit(struct pktgen_de
- /* skb was 'freed' by stack, so clean few
- * bits and reuse it
- */
-- skb_reset_tc(skb);
-+ skb_reset_redirect(skb);
- } while (--burst > 0);
- goto out; /* Skips xmit_mode M_START_XMIT */
- } else if (pkt_dev->xmit_mode == M_QUEUE_XMIT) {
---- a/net/netfilter/nft_fwd_netdev.c
-+++ b/net/netfilter/nft_fwd_netdev.c
-@@ -30,9 +30,8 @@ static void nft_fwd_netdev_eval(const st
- struct nft_fwd_netdev *priv = nft_expr_priv(expr);
- int oif = regs->data[priv->sreg_dev];
-
-- /* These are used by ifb only. */
-- pkt->skb->tc_redirected = 1;
-- pkt->skb->tc_from_ingress = 1;
-+ /* This is used by ifb only. */
-+ skb_set_redirected(pkt->skb, true);
-
- nf_fwd_netdev_egress(pkt, oif);
- regs->verdict.code = NF_STOLEN;
---- a/net/sched/act_mirred.c
-+++ b/net/sched/act_mirred.c
-@@ -260,8 +260,7 @@ static int tcf_mirred_act(struct sk_buff
-
- /* mirror is always swallowed */
- if (is_redirect) {
-- skb2->tc_redirected = 1;
-- skb2->tc_from_ingress = skb2->tc_at_ingress;
-+ skb_set_redirected(skb2, skb2->tc_at_ingress);
-
- /* let's the caller reinsert the packet, if possible */
- if (use_reinsert) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
