Message ID | 1598524792-30597-2-git-send-email-wenxu@ucloud.cn |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | [net-next,1/2] ipv6: add ipv6_fragment hook in ipv6_stub | expand |
From: wenxu@ucloud.cn Date: Thu, 27 Aug 2020 18:39:51 +0800 > From: wenxu <wenxu@ucloud.cn> > > Add ipv6_fragment to ipv6_stub to avoid calling netfilter when > access ip6_fragment. > > Signed-off-by: wenxu <wenxu@ucloud.cn> Please test these changes with ipv6 disabled. It will crash, you have to update the default stub in net/ipv6/addrconf_core.c as well.
On Thu, Aug 27, 2020 at 07:51:47AM -0700, David Miller wrote: > From: wenxu@ucloud.cn > Date: Thu, 27 Aug 2020 18:39:51 +0800 > > > From: wenxu <wenxu@ucloud.cn> > > > > Add ipv6_fragment to ipv6_stub to avoid calling netfilter when > > access ip6_fragment. > > > > Signed-off-by: wenxu <wenxu@ucloud.cn> > > Please test these changes with ipv6 disabled. > > It will crash, you have to update the default stub in > net/ipv6/addrconf_core.c as well. I didn't test it myself but I'm not seeing how the crash could happen. The next patch does check for it being NULL before using it: - if (!v6ops) + if (!ipv6_stub->ipv6_fragment) goto err; Wenxu? Marcelo
Yes, I check the ipv6_stub->ipv6_fragment. And in the case if there is no ipv6_stub->ipv6_fragment it means no ipv6 fragment support and it should free the skb. Maybe sometimes not all the calling remember to check with this? So it should add a default one with following? +static int eafnosupport_ipv6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, + int (*output)(struct net *, struct sock *, struct sk_buff *)) +{ + kfree_skb(skb); + return -EAFNOSUPPORT; +} + 在 2020/8/28 6:38, Marcelo Ricardo Leitner 写道: > On Thu, Aug 27, 2020 at 07:51:47AM -0700, David Miller wrote: >> From: wenxu@ucloud.cn >> Date: Thu, 27 Aug 2020 18:39:51 +0800 >> >>> From: wenxu <wenxu@ucloud.cn> >>> >>> Add ipv6_fragment to ipv6_stub to avoid calling netfilter when >>> access ip6_fragment. >>> >>> Signed-off-by: wenxu <wenxu@ucloud.cn> >> Please test these changes with ipv6 disabled. >> >> It will crash, you have to update the default stub in >> net/ipv6/addrconf_core.c as well. > I didn't test it myself but I'm not seeing how the crash could happen. > The next patch does check for it being NULL before using it: > > - if (!v6ops) > + if (!ipv6_stub->ipv6_fragment) > goto err; > > Wenxu? > > Marcelo >
diff --git a/include/net/ipv6_stubs.h b/include/net/ipv6_stubs.h index d7a7f7c..8fce558 100644 --- a/include/net/ipv6_stubs.h +++ b/include/net/ipv6_stubs.h @@ -63,6 +63,9 @@ struct ipv6_stub { int encap_type); #endif struct neigh_table *nd_tbl; + + int (*ipv6_fragment)(struct net *net, struct sock *sk, struct sk_buff *skb, + int (*output)(struct net *, struct sock *, struct sk_buff *)); }; extern const struct ipv6_stub *ipv6_stub __read_mostly; diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index d9a1493..e648fbe 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -1027,6 +1027,7 @@ static int ipv6_route_input(struct sk_buff *skb) .xfrm6_rcv_encap = xfrm6_rcv_encap, #endif .nd_tbl = &nd_tbl, + .ipv6_fragment = ip6_fragment, }; static const struct ipv6_bpf_stub ipv6_bpf_stub_impl = {