From patchwork Wed Jun 26 11:58:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122710 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="D3aPt8/M"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YhSr69KRz9sCJ for ; Wed, 26 Jun 2019 22:01:16 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726965AbfFZMBI (ORCPT ); Wed, 26 Jun 2019 08:01:08 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:34761 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726157AbfFZMBF (ORCPT ); Wed, 26 Jun 2019 08:01:05 -0400 Received: by mail-wm1-f66.google.com with SMTP id w9so4478278wmd.1 for ; Wed, 26 Jun 2019 05:01:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gUAsyBC+YyCn6Chz7Qnk989iaecFlEUtVr7lsQ7ziVw=; b=D3aPt8/M7dlnGwHdMMjOJ6+zEV+tnY5tR+8OlimQXLAdCABGG6NqIhgjwSPmpu4cfB c5mpBMktTLpHZ6iBtGnT0Y14q1Qw90kVlLQMA0T2NJjKmRBcQ3o1CHDeqzL3uxQ5yAaa kT/8BxfrBOULiiy7q662mSSGdevMFFZFzYA5E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gUAsyBC+YyCn6Chz7Qnk989iaecFlEUtVr7lsQ7ziVw=; b=QrdSjicfAsqmKc90QJiiNNCpImU/U2plc9es+/vnoFwG1hs9Pii4q7KmA2MYPPpo3U NBzIx8TrWvA/1UfqrqB3D04M3NCvUaff0SJuEfyacrbOPmti1r3rrVALyPWqg6+Gcu56 UzIviROwwel8hTnTd0SPMwygse4a27fsQ9iSjccmiAHhSCqKxB6k1asq+VgBYLBH82N7 Ol769fNHd+WeykleK+Uo9eahZqQGKVuX+uIyTI24Rv2SmtjCaEGolhfozPDr6DDuc7X4 0L/Z6QU6+1Ro/c8xkfHrlv3B4OG7KSdmsXsIgJCUiAbP1d16H4AIK70RVPlXHk7WW2UI MNxA== X-Gm-Message-State: APjAAAVEH2E8AvOSfDoTDrLbSZDt/s7LL79Pjrg/kaSiXl7YomAmdxlO aKZJaLrasWntaNeL6QCSh9m4rtwWiUI= X-Google-Smtp-Source: APXvYqy7a1yqcvajdECGqvpDuCSkHeKB4s+Rkvk/oRwrrdOqifTM2m32mhuol+Z7cT+8s4QVdTHZyQ== X-Received: by 2002:a05:600c:214e:: with SMTP id v14mr2612118wml.96.1561550463236; Wed, 26 Jun 2019 05:01:03 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id f190sm1676818wmg.13.2019.06.26.05.01.02 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 05:01:02 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next 1/5] net: sched: em_ipt: match only on ip/ipv6 traffic Date: Wed, 26 Jun 2019 14:58:51 +0300 Message-Id: <20190626115855.13241-2-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626115855.13241-1-nikolay@cumulusnetworks.com> References: <20190626115855.13241-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Restrict matching only to ip/ipv6 traffic and make sure we can use the headers, otherwise matches will be attempted on any protocol which can be unexpected by the xt matches. Currently policy supports only ipv4/6. Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 243fd22f2248..64dbafe4e94c 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -185,6 +185,19 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, struct nf_hook_state state; int ret; + switch (tc_skb_protocol(skb)) { + case htons(ETH_P_IP): + if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) + return 0; + break; + case htons(ETH_P_IPV6): + if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) + return 0; + break; + default: + return 0; + } + rcu_read_lock(); if (skb->skb_iif) From patchwork Wed Jun 26 11:58:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122707 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="QO+cJqgD"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YhSl0wXgz9sCJ for ; Wed, 26 Jun 2019 22:01:11 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727242AbfFZMBJ (ORCPT ); Wed, 26 Jun 2019 08:01:09 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:35311 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726104AbfFZMBH (ORCPT ); Wed, 26 Jun 2019 08:01:07 -0400 Received: by mail-wr1-f65.google.com with SMTP id f15so2446371wrp.2 for ; Wed, 26 Jun 2019 05:01:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ai3FeunYCpfKeTd/zNryFE9l4/0ZIZ4EfuS3mJJ2Q80=; b=QO+cJqgDgbEMPZyLd3OEQrQN49q2odfXwaMbDOtDf+DxpJI2/JoY0zGCVxJiHH8KIk IqbuG6yPzAPQfk4q7ChhWG4jxSKyv/iO+Y7OU/hlnevxY4mbp9s+dYw9HBgoHGNv4Tsv 7EKDXrInAnkTOyS7b4M/Dhp0o3ogVLvHnoxQU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ai3FeunYCpfKeTd/zNryFE9l4/0ZIZ4EfuS3mJJ2Q80=; b=p8px/ilKxq/ZPn7rA+trGFbTz31SEDxX+Go3QorbysCHcz2M/BQwS6W7DH5rZMtxnQ Vm1nytCLg85Qg4N9gBJiUEf0rCZXBl2xfYgF8dmCZ135f7rp1tgQQdux+hrIh7GPeWpA eHMPnFC0pCzGYOpJIeJ0mZrJtza3dIo2sTer33/HA4lemF9/i9Ocp6Z3j+4ws9rGWBpN y9qmwOuDoHfKrQZRS/WFpOruW4Ay0JlFCAYCWGtHkYOivHBrm+ZWe/xj5qhmjT95eEwY zCHCB/JBBg12GZfDd/Dr/kJ8ijXG/jTcOr+T8tPHZXMSQPI7NIJDMvK7/6XxWIV/P0G8 G4Wg== X-Gm-Message-State: APjAAAXz+N3oACj7cXG6+Ww1I9bdGkncrMLzH0+up3rtrF8NbEoyqLYz 4/qr9iIW1LwH1xWdymRFAaYvwbZ8IPg= X-Google-Smtp-Source: APXvYqyEzC0gNJjXiXMl9WmIAEN1Us0MBg8M+ENNr+aB/jzDqd2oy2U+9Hjf8r8g/fK0urCAJE8DTg== X-Received: by 2002:a05:6000:106:: with SMTP id o6mr3555560wrx.4.1561550464599; Wed, 26 Jun 2019 05:01:04 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id f190sm1676818wmg.13.2019.06.26.05.01.03 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 05:01:04 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next 2/5] net: sched: em_ipt: set the family based on the protocol when matching Date: Wed, 26 Jun 2019 14:58:52 +0300 Message-Id: <20190626115855.13241-3-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626115855.13241-1-nikolay@cumulusnetworks.com> References: <20190626115855.13241-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Set the family based on the protocol otherwise protocol-neutral matches will have wrong information (e.g. NFPROTO_UNSPEC). In preparation for using NFPROTO_UNSPEC xt matches. Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 64dbafe4e94c..23965a071177 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -189,10 +189,12 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, case htons(ETH_P_IP): if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; + state.pf = NFPROTO_IPV4; break; case htons(ETH_P_IPV6): if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; + state.pf = NFPROTO_IPV6; break; default: return 0; @@ -203,7 +205,7 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, if (skb->skb_iif) indev = dev_get_by_index_rcu(em->net, skb->skb_iif); - nf_hook_state_init(&state, im->hook, im->match->family, + nf_hook_state_init(&state, im->hook, state.pf, indev ?: skb->dev, skb->dev, NULL, em->net, NULL); acpar.match = im->match; From patchwork Wed Jun 26 11:58:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122706 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="W0aYU5qY"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YhSk4DGLz9s4V for ; Wed, 26 Jun 2019 22:01:10 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727177AbfFZMBJ (ORCPT ); Wed, 26 Jun 2019 08:01:09 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:36864 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726462AbfFZMBI (ORCPT ); Wed, 26 Jun 2019 08:01:08 -0400 Received: by mail-wr1-f68.google.com with SMTP id v14so2425594wrr.4 for ; Wed, 26 Jun 2019 05:01:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wBkXEAqwMnSxxeLSgwJjoxk2OEVMXkqCws+sukFYxxU=; b=W0aYU5qYe54/4mu/t/f+rBP/wrXmxBc6Lk48a0Om5ZBqjnanb15qlscMHD7IH3knbB lTMjlSlcNDQcj9yzZV8wap3b22esRUJ7QzuTFPBZy9PMp8mBZ/JbIW4tdIEX2E6s0/LS sUDK5mewpcAYBNJK51D5guvCHJQx19EAXOfis= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wBkXEAqwMnSxxeLSgwJjoxk2OEVMXkqCws+sukFYxxU=; b=OyV/9eZ+/Wqj7rgBgIS1iX/un0yuXJD7lMSHmLv+wGdbufN202MXmjJ0q/YIfdtM14 c0SyRg0hmT11UvUF6qpFCpdFkWjO/WHfR07M9E9aVFuCYS7C4YAccLfiLL/S6jfcbO5A GR41DGK5ENZcQLrPb0ChJdQUMk50Euof1WiFcBwUAyghvqE0aMUXRTsqY/4vDxKq7OsI +2CWEGl/CRLJsokL7masrKDtWdKLmDRzAgsv1prW5clTi2Y0yNjC2rNHKuC7+2Oyor+R djIJ91hWfIiTPgkDCRHDooA13ri2+4ULwdUF5tOrFsiLlLFLfMygIdtckEeFq82thoaJ e4iQ== X-Gm-Message-State: APjAAAXsdIaeuTWw4pU+j5Y7b3JFqpTtAy7v5djOrUH5xzCElJArSo++ mUSwfEZwgkVd0W0j+9yxHLlhMVUt4dw= X-Google-Smtp-Source: APXvYqxVTZEiihXjtaodvNWXroNGIRbBBW/TKyhnhgPf+2r2GH6kvmK/tZlA4aQwDDXhlOgEZ3LSdg== X-Received: by 2002:adf:f812:: with SMTP id s18mr3686796wrp.32.1561550465849; Wed, 26 Jun 2019 05:01:05 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id f190sm1676818wmg.13.2019.06.26.05.01.04 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 05:01:05 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next 3/5] net: sched: em_ipt: restrict matching to the respective protocol Date: Wed, 26 Jun 2019 14:58:53 +0300 Message-Id: <20190626115855.13241-4-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626115855.13241-1-nikolay@cumulusnetworks.com> References: <20190626115855.13241-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently a match will continue even if the user-specified nfproto doesn't match the packet's, so restrict it only to when they're equal or the protocol is unspecified. Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index 23965a071177..d4257f5f1d94 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -187,11 +187,17 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, switch (tc_skb_protocol(skb)) { case htons(ETH_P_IP): + if (im->match->family != NFPROTO_UNSPEC && + im->match->family != NFPROTO_IPV4) + return 0; if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; state.pf = NFPROTO_IPV4; break; case htons(ETH_P_IPV6): + if (im->match->family != NFPROTO_UNSPEC && + im->match->family != NFPROTO_IPV6) + return 0; if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; state.pf = NFPROTO_IPV6; From patchwork Wed Jun 26 11:58:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122709 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="eeTG0w9C"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YhSq3PN9z9s4V for ; Wed, 26 Jun 2019 22:01:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727279AbfFZMBO (ORCPT ); Wed, 26 Jun 2019 08:01:14 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:35518 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726484AbfFZMBJ (ORCPT ); Wed, 26 Jun 2019 08:01:09 -0400 Received: by mail-wm1-f66.google.com with SMTP id c6so1836805wml.0 for ; Wed, 26 Jun 2019 05:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7qDwGd3c4sCeMFAHDkfhj5K9wEcGkgb2UjwAg5DULeM=; b=eeTG0w9CT9gOGjHPMGWI+9YQEodVniHH8P0VXgJkiLr4++9XObLSA58+crSD1te9ZT KGoGmj589qHciQmsGacOhJvmk9tGurUjDkKlzFiXbc/jZN6PZ7HsOV0+RxB0qrXpSULB 6i7zQn4wfiNgxe7pXcM6uNPvOpX9bfmMJffUw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7qDwGd3c4sCeMFAHDkfhj5K9wEcGkgb2UjwAg5DULeM=; b=nDglhimf8bla/I958NqY37ck//NKtdSgur9sMObAAJEeVTJ7Ej4nO97O/bqn75NX86 dSFpv63e46UbKZs+orYCpElPoRVUooim63bd3lGDjHt1KwE0PxC1Bv6Tcz+IxuqmhH5S ZhhpEmWCYfmtjq6KslDE+7xcRwWfIb5bfsyrsrMWhZOVXci/pAO0KVywNuxw6FB23wHD fKQkIRCPpWlTZF7HixVdBk8qpiyYW2Dc8aPaESktEbehhPGbaApSlmKdXFIToVrkoBNu Skj6r1zj8C3lujnScAyf3I60/zgx30HXQJT/D6qFZ0NCiLilJhNBys2BLRCddFhUZ2i+ 922Q== X-Gm-Message-State: APjAAAXnVRnrzTY8cnN9cfOFON8s7rkAVYzO9HtXewciCT2r+P4aFnZ3 KoSJOZ8YUnGCTim85TfKAJnWaOUuMeU= X-Google-Smtp-Source: APXvYqwx+/iGub3M6V6nApiz4nq4pt17vBYkg6boSXqPOsJqjZYXxwE1km0RXVIckI8/2glKAKYxNg== X-Received: by 2002:a1c:c145:: with SMTP id r66mr2497082wmf.139.1561550467026; Wed, 26 Jun 2019 05:01:07 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id f190sm1676818wmg.13.2019.06.26.05.01.05 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 05:01:06 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next 4/5] net: sched: em_ipt: keep the user-specified nfproto and use it Date: Wed, 26 Jun 2019 14:58:54 +0300 Message-Id: <20190626115855.13241-5-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626115855.13241-1-nikolay@cumulusnetworks.com> References: <20190626115855.13241-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org For NFPROTO_UNSPEC xt_matches there's no way to restrict the matching to a specific family, in order to do so we record the user-specified family and later enforce it while doing the match. Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index d4257f5f1d94..cfb93ce340da 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -21,6 +21,7 @@ struct em_ipt_match { const struct xt_match *match; u32 hook; + u8 nfproto; u8 match_data[0] __aligned(8); }; @@ -115,6 +116,7 @@ static int em_ipt_change(struct net *net, void *data, int data_len, struct em_ipt_match *im = NULL; struct xt_match *match; int mdata_len, ret; + u8 nfproto; ret = nla_parse_deprecated(tb, TCA_EM_IPT_MAX, data, data_len, em_ipt_policy, NULL); @@ -125,6 +127,16 @@ static int em_ipt_change(struct net *net, void *data, int data_len, !tb[TCA_EM_IPT_MATCH_DATA] || !tb[TCA_EM_IPT_NFPROTO]) return -EINVAL; + nfproto = nla_get_u8(tb[TCA_EM_IPT_NFPROTO]); + switch (nfproto) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + case NFPROTO_UNSPEC: + break; + default: + return -EINVAL; + } + match = get_xt_match(tb); if (IS_ERR(match)) { pr_err("unable to load match\n"); @@ -140,6 +152,7 @@ static int em_ipt_change(struct net *net, void *data, int data_len, im->match = match; im->hook = nla_get_u32(tb[TCA_EM_IPT_HOOK]); + im->nfproto = nfproto; nla_memcpy(im->match_data, tb[TCA_EM_IPT_MATCH_DATA], mdata_len); ret = check_match(net, im, mdata_len); @@ -187,16 +200,16 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em, switch (tc_skb_protocol(skb)) { case htons(ETH_P_IP): - if (im->match->family != NFPROTO_UNSPEC && - im->match->family != NFPROTO_IPV4) + if (im->nfproto != NFPROTO_UNSPEC && + im->nfproto != NFPROTO_IPV4) return 0; if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; state.pf = NFPROTO_IPV4; break; case htons(ETH_P_IPV6): - if (im->match->family != NFPROTO_UNSPEC && - im->match->family != NFPROTO_IPV6) + if (im->nfproto != NFPROTO_UNSPEC && + im->nfproto != NFPROTO_IPV6) return 0; if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; @@ -234,7 +247,7 @@ static int em_ipt_dump(struct sk_buff *skb, struct tcf_ematch *em) return -EMSGSIZE; if (nla_put_u8(skb, TCA_EM_IPT_MATCH_REVISION, im->match->revision) < 0) return -EMSGSIZE; - if (nla_put_u8(skb, TCA_EM_IPT_NFPROTO, im->match->family) < 0) + if (nla_put_u8(skb, TCA_EM_IPT_NFPROTO, im->nfproto) < 0) return -EMSGSIZE; if (nla_put(skb, TCA_EM_IPT_MATCH_DATA, im->match->usersize ?: im->match->matchsize, From patchwork Wed Jun 26 11:58:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1122708 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="eEMk9hrf"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45YhSn2BJtz9s4V for ; Wed, 26 Jun 2019 22:01:13 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727258AbfFZMBM (ORCPT ); Wed, 26 Jun 2019 08:01:12 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:38554 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726462AbfFZMBK (ORCPT ); Wed, 26 Jun 2019 08:01:10 -0400 Received: by mail-wm1-f65.google.com with SMTP id s15so1818741wmj.3 for ; Wed, 26 Jun 2019 05:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=cAEDwnEStKSeqdXMmpna4aYmiIA2+ZGDjRpHTpM4HlE=; b=eEMk9hrf6+cZbUebCcsYn86gayG4w5qEUehD5a7q4vdSkctlDOMFMuhqweWPUFBovP 9U6m4qFV6BG3erBBZXRVdghwYWie0qILUVVmswGwM7ram87xcSlKFwx1VKOTsA6cXrlY aW90bXJbRbCuMUXg11KEFt4cjdxpsL9JlAWuA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cAEDwnEStKSeqdXMmpna4aYmiIA2+ZGDjRpHTpM4HlE=; b=K0y6f9c1Lph5VqhPgdxFNyNNjOH5lycYlY4TIyoyT7NBi/TmNucyvlPJzN3or6HTCd thWSWVmspmeHd/TjeF0c6uF5jfrj54YGxxRYk5iTKt6NU2Wty2ics6/aUV63QzYG9csU 0frAXLBcbPa71Qlul5v+KUuVQoWnVz+i1lPyBuq40zElE7d7AT8R5AkvCvjKDIhDoO2Q b88b12jqnCE6t2glfNJBs+1nuT5oV7xgV/9H2zQFJsAYiD06pyxtIr2uXAGhVcV3y57R ZIoORjm1B9br9VC0pgyz3o13SkWtRmdAhQjKPr3wAaURUT++R1oYtQnmWNI7TvJ6GMUU L10A== X-Gm-Message-State: APjAAAUGc6YyPlBVUlB58vBp4g4BugLeLvP4kv0K3jXPfcAQnBvYITRx 2tee0j5nNf/bI+GlX+wLFXKcLlCA5jo= X-Google-Smtp-Source: APXvYqxkF4XaKDMwYbbiUnKxyNPPGK6B+IK/ZV9EWa8yJPN9zclkK+VGeCyiELqrUaZRWPDj5eiTMw== X-Received: by 2002:a1c:c70f:: with SMTP id x15mr2390966wmf.59.1561550468279; Wed, 26 Jun 2019 05:01:08 -0700 (PDT) Received: from localhost.localdomain ([78.128.78.220]) by smtp.gmail.com with ESMTPSA id f190sm1676818wmg.13.2019.06.26.05.01.07 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 26 Jun 2019 05:01:07 -0700 (PDT) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, pablo@netfilter.org, xiyou.wangcong@gmail.com, davem@davemloft.net, jiri@resnulli.us, jhs@mojatatu.com, eyal.birger@gmail.com, Nikolay Aleksandrov Subject: [PATCH net-next 5/5] net: sched: em_ipt: add support for addrtype matching Date: Wed, 26 Jun 2019 14:58:55 +0300 Message-Id: <20190626115855.13241-6-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190626115855.13241-1-nikolay@cumulusnetworks.com> References: <20190626115855.13241-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow em_ipt to use addrtype for matching. Restrict the use only to revision 1 which has IPv6 support. Since it's a NFPROTO_UNSPEC xt match we use the user-specified nfproto for matching, in case it's unspecified both v4/v6 will be matched by the rule. Signed-off-by: Nikolay Aleksandrov --- net/sched/em_ipt.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c index cfb93ce340da..ce0798f6f1f7 100644 --- a/net/sched/em_ipt.c +++ b/net/sched/em_ipt.c @@ -72,11 +72,25 @@ static int policy_validate_match_data(struct nlattr **tb, u8 mrev) return 0; } +static int addrtype_validate_match_data(struct nlattr **tb, u8 mrev) +{ + if (mrev != 1) { + pr_err("only addrtype match revision 1 supported"); + return -EINVAL; + } + + return 0; +} + static const struct em_ipt_xt_match em_ipt_xt_matches[] = { { .match_name = "policy", .validate_match_data = policy_validate_match_data }, + { + .match_name = "addrtype", + .validate_match_data = addrtype_validate_match_data + }, {} };