diff mbox series

[net-next,1/2] ipv6: add ipv6_fragment hook in ipv6_stub

Message ID 1598524792-30597-2-git-send-email-wenxu@ucloud.cn
State Changes Requested
Delegated to: David Miller
Headers show
Series [net-next,1/2] ipv6: add ipv6_fragment hook in ipv6_stub | expand

Commit Message

wenxu Aug. 27, 2020, 10:39 a.m. UTC 
From: wenxu <wenxu@ucloud.cn>

Add ipv6_fragment to ipv6_stub to avoid calling netfilter when
access ip6_fragment.

Signed-off-by: wenxu <wenxu@ucloud.cn>
---
 include/net/ipv6_stubs.h | 3 +++
 net/ipv6/af_inet6.c      | 1 +
 2 files changed, 4 insertions(+)

Comments

David Miller Aug. 27, 2020, 2:51 p.m. UTC | #1 
From: wenxu@ucloud.cn
Date: Thu, 27 Aug 2020 18:39:51 +0800

> From: wenxu <wenxu@ucloud.cn>
> 
> Add ipv6_fragment to ipv6_stub to avoid calling netfilter when
> access ip6_fragment.
> 
> Signed-off-by: wenxu <wenxu@ucloud.cn>

Please test these changes with ipv6 disabled.

It will crash, you have to update the default stub in
net/ipv6/addrconf_core.c as well.
Marcelo Ricardo Leitner Aug. 27, 2020, 10:38 p.m. UTC | #2 
On Thu, Aug 27, 2020 at 07:51:47AM -0700, David Miller wrote:
> From: wenxu@ucloud.cn
> Date: Thu, 27 Aug 2020 18:39:51 +0800
> 
> > From: wenxu <wenxu@ucloud.cn>
> > 
> > Add ipv6_fragment to ipv6_stub to avoid calling netfilter when
> > access ip6_fragment.
> > 
> > Signed-off-by: wenxu <wenxu@ucloud.cn>
> 
> Please test these changes with ipv6 disabled.
> 
> It will crash, you have to update the default stub in
> net/ipv6/addrconf_core.c as well.

I didn't test it myself but I'm not seeing how the crash could happen.
The next patch does check for it being NULL before using it:

-               if (!v6ops)
+               if (!ipv6_stub->ipv6_fragment)
                        goto err;

Wenxu?

  Marcelo
wenxu Aug. 27, 2020, 11:33 p.m. UTC | #3 
Yes, I check the ipv6_stub->ipv6_fragment. And in the case

if there is no ipv6_stub->ipv6_fragment it means no ipv6 fragment support

and it should free the skb.

Maybe sometimes  not all the calling remember to check with this? So

it should add a default one with following?

+static int eafnosupport_ipv6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
+                                     int (*output)(struct net *, struct sock *, struct sk_buff *))
+{
+       kfree_skb(skb);
+       return -EAFNOSUPPORT;
+}
+

在 2020/8/28 6:38, Marcelo Ricardo Leitner 写道:
> On Thu, Aug 27, 2020 at 07:51:47AM -0700, David Miller wrote:
>> From: wenxu@ucloud.cn
>> Date: Thu, 27 Aug 2020 18:39:51 +0800
>>
>>> From: wenxu <wenxu@ucloud.cn>
>>>
>>> Add ipv6_fragment to ipv6_stub to avoid calling netfilter when
>>> access ip6_fragment.
>>>
>>> Signed-off-by: wenxu <wenxu@ucloud.cn>
>> Please test these changes with ipv6 disabled.
>>
>> It will crash, you have to update the default stub in
>> net/ipv6/addrconf_core.c as well.
> I didn't test it myself but I'm not seeing how the crash could happen.
> The next patch does check for it being NULL before using it:
>
> -               if (!v6ops)
> +               if (!ipv6_stub->ipv6_fragment)
>                         goto err;
>
> Wenxu?
>
>   Marcelo
>
diff mbox series

Patch

diff --git a/include/net/ipv6_stubs.h b/include/net/ipv6_stubs.h
index d7a7f7c..8fce558 100644
--- a/include/net/ipv6_stubs.h
+++ b/include/net/ipv6_stubs.h
@@ -63,6 +63,9 @@  struct ipv6_stub {
 			       int encap_type);
 #endif
 	struct neigh_table *nd_tbl;
+
+	int (*ipv6_fragment)(struct net *net, struct sock *sk, struct sk_buff *skb,
+			     int (*output)(struct net *, struct sock *, struct sk_buff *));
 };
 extern const struct ipv6_stub *ipv6_stub __read_mostly;
 
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index d9a1493..e648fbe 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -1027,6 +1027,7 @@  static int ipv6_route_input(struct sk_buff *skb)
 	.xfrm6_rcv_encap = xfrm6_rcv_encap,
 #endif
 	.nd_tbl	= &nd_tbl,
+	.ipv6_fragment = ip6_fragment,
 };
 
 static const struct ipv6_bpf_stub ipv6_bpf_stub_impl = {