From patchwork Sun Mar 15 14:15:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haishuang Yan X-Patchwork-Id: 1255055 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48gM0X1stsz9sRY for ; Mon, 16 Mar 2020 01:15:40 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728274AbgCOOPg (ORCPT ); Sun, 15 Mar 2020 10:15:36 -0400 Received: from cmccmta3.chinamobile.com ([221.176.66.81]:4864 "EHLO cmccmta3.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgCOOPg (ORCPT ); Sun, 15 Mar 2020 10:15:36 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.15]) by rmmx-syy-dmz-app10-12010 (RichMail) with SMTP id 2eea5e6e38750a0-cade5; Sun, 15 Mar 2020 22:15:19 +0800 (CST) X-RM-TRANSID: 2eea5e6e38750a0-cade5 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.241]) by rmsmtp-syy-appsvr08-12008 (RichMail) with SMTP id 2ee85e6e386fc0d-23340; Sun, 15 Mar 2020 22:15:19 +0800 (CST) X-RM-TRANSID: 2ee85e6e386fc0d-23340 From: Haishuang Yan To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH 1/4] netfilter: nf_flow_table: reload ipv6h in nf_flow_nat_ipv6 Date: Sun, 15 Mar 2020 22:15:02 +0800 Message-Id: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Since nf_flow_snat_port and nf_flow_snat_ipv6 call pskb_may_pull() which may change skb->data, so we need to reload ipv6h at the right palce. Fixes: a908fdec3dda ("netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table") Signed-off-by: Haishuang Yan --- net/netfilter/nf_flow_table_ip.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 5272721..2e6ebbe 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -417,11 +417,12 @@ static int nf_flow_nat_ipv6(const struct flow_offload *flow, if (test_bit(NF_FLOW_SNAT, &flow->flags) && (nf_flow_snat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || - nf_flow_snat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) + nf_flow_snat_ipv6(flow, skb, ipv6_hdr(skb), thoff, dir) < 0)) return -1; + ip6h = ipv6_hdr(skb); if (test_bit(NF_FLOW_DNAT, &flow->flags) && (nf_flow_dnat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || - nf_flow_dnat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) + nf_flow_dnat_ipv6(flow, skb, ipv6_hdr(skb), thoff, dir) < 0)) return -1; return 0; From patchwork Sun Mar 15 14:15:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haishuang Yan X-Patchwork-Id: 1255057 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48gM0f11x7z9sRY for ; Mon, 16 Mar 2020 01:15:46 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728735AbgCOOPn (ORCPT ); Sun, 15 Mar 2020 10:15:43 -0400 Received: from cmccmta1.chinamobile.com ([221.176.66.79]:3358 "EHLO cmccmta1.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgCOOPn (ORCPT ); Sun, 15 Mar 2020 10:15:43 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app02-12002 (RichMail) with SMTP id 2ee25e6e3882121-caef4; Sun, 15 Mar 2020 22:15:31 +0800 (CST) X-RM-TRANSID: 2ee25e6e3882121-caef4 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.241]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee95e6e387bd82-25633; Sun, 15 Mar 2020 22:15:30 +0800 (CST) X-RM-TRANSID: 2ee95e6e387bd82-25633 From: Haishuang Yan To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH 2/4] netfilter: nf_flow_table: reload iph in nf_flow_nat_ip Date: Sun, 15 Mar 2020 22:15:03 +0800 Message-Id: <1584281705-26228-2-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> References: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Since nf_flow_snat_port and nf_flow_snat_ip call pskb_may_pull() which may change skb->data, so we need to reload iph at the right place. Fixes: 7d2086871762 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table") Signed-off-by: Haishuang Yan --- net/netfilter/nf_flow_table_ip.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 2e6ebbe..942bda5 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -146,11 +146,12 @@ static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, if (test_bit(NF_FLOW_SNAT, &flow->flags) && (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || - nf_flow_snat_ip(flow, skb, iph, thoff, dir) < 0)) + nf_flow_snat_ip(flow, skb, ip_hdr(skb), thoff, dir) < 0)) return -1; + iph = ip_hdr(skb); if (test_bit(NF_FLOW_DNAT, &flow->flags) && (nf_flow_dnat_port(flow, skb, thoff, iph->protocol, dir) < 0 || - nf_flow_dnat_ip(flow, skb, iph, thoff, dir) < 0)) + nf_flow_dnat_ip(flow, skb, ip_hdr(skb), thoff, dir) < 0)) return -1; return 0; From patchwork Sun Mar 15 14:15:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haishuang Yan X-Patchwork-Id: 1255059 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48gM1C2VLMz9sR4 for ; Mon, 16 Mar 2020 01:16:15 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728763AbgCOOQN (ORCPT ); Sun, 15 Mar 2020 10:16:13 -0400 Received: from cmccmta3.chinamobile.com ([221.176.66.81]:3995 "EHLO cmccmta3.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgCOOQM (ORCPT ); Sun, 15 Mar 2020 10:16:12 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.13]) by rmmx-syy-dmz-app09-12009 (RichMail) with SMTP id 2ee95e6e389bf93-cac14; Sun, 15 Mar 2020 22:15:55 +0800 (CST) X-RM-TRANSID: 2ee95e6e389bf93-cac14 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.241]) by rmsmtp-syy-appsvr07-12007 (RichMail) with SMTP id 2ee75e6e38888e7-22076; Sun, 15 Mar 2020 22:15:55 +0800 (CST) X-RM-TRANSID: 2ee75e6e38888e7-22076 From: Haishuang Yan To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH 3/4] netfilter: nf_flow_table: reload ipv6h in nf_flow_tuple_ipv6 Date: Sun, 15 Mar 2020 22:15:04 +0800 Message-Id: <1584281705-26228-3-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> References: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Since pskb_may_pull may change skb->data, so we need to reload ipv6h at the right place. Fixes: a908fdec3dda ("netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table") Signed-off-by: Haishuang Yan --- net/netfilter/nf_flow_table_ip.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 942bda5..954737f 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -452,6 +452,7 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev, if (!pskb_may_pull(skb, thoff + sizeof(*ports))) return -1; + ip6h = ipv6_hdr(skb); ports = (struct flow_ports *)(skb_network_header(skb) + thoff); tuple->src_v6 = ip6h->saddr; From patchwork Sun Mar 15 14:15:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haishuang Yan X-Patchwork-Id: 1255061 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48gM1N1HSFz9sR4 for ; Mon, 16 Mar 2020 01:16:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728781AbgCOOQU (ORCPT ); Sun, 15 Mar 2020 10:16:20 -0400 Received: from cmccmta1.chinamobile.com ([221.176.66.79]:3134 "EHLO cmccmta1.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgCOOQU (ORCPT ); Sun, 15 Mar 2020 10:16:20 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.7]) by rmmx-syy-dmz-app04-12004 (RichMail) with SMTP id 2ee45e6e38a5144-caed9; Sun, 15 Mar 2020 22:16:07 +0800 (CST) X-RM-TRANSID: 2ee45e6e38a5144-caed9 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.241]) by rmsmtp-syy-appsvr04-12004 (RichMail) with SMTP id 2ee45e6e38a0e85-2436e; Sun, 15 Mar 2020 22:16:07 +0800 (CST) X-RM-TRANSID: 2ee45e6e38a0e85-2436e From: Haishuang Yan To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH 4/4] netfilter: nf_flow_table: reload iph in nf_flow_tuple_ip Date: Sun, 15 Mar 2020 22:15:05 +0800 Message-Id: <1584281705-26228-4-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> References: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Since pskb_may_pull may change skb->data, so we need to reload iph at the right place. Fixes: 7d2086871762 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table") Signed-off-by: Haishuang Yan --- net/netfilter/nf_flow_table_ip.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 954737f..610c60a 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -190,6 +190,7 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev, if (!pskb_may_pull(skb, thoff + sizeof(*ports))) return -1; + iph = ip_hdr(skb); ports = (struct flow_ports *)(skb_network_header(skb) + thoff); tuple->src_v4.s_addr = iph->saddr;