From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ye Yin <hustcat@gmail.com>,
Wei Zhou <chouryzhou@gmail.com>, Julian Anastasov <ja@ssi.bg>,
Simon Horman <horms@verge.net.au>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 02/16] netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
Date: Wed, 22 Nov 2017 11:11:55 +0100 [thread overview]
Message-ID: <20171122101110.903293000@linuxfoundation.org> (raw)
In-Reply-To: <20171122101110.784746358@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ye Yin <hustcat@gmail.com>
[ Upstream commit 2b5ec1a5f9738ee7bf8f5ec0526e75e00362c48f ]
When run ipvs in two different network namespace at the same host, and one
ipvs transport network traffic to the other network namespace ipvs.
'ipvs_property' flag will make the second ipvs take no effect. So we should
clear 'ipvs_property' when SKB network namespace changed.
Fixes: 621e84d6f373 ("dev: introduce skb_scrub_packet()")
Signed-off-by: Ye Yin <hustcat@gmail.com>
Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/skbuff.h | 7 +++++++
net/core/skbuff.c | 1 +
2 files changed, 8 insertions(+)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -3400,6 +3400,13 @@ static inline void nf_reset_trace(struct
#endif
}
+static inline void ipvs_reset(struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IP_VS)
+ skb->ipvs_property = 0;
+#endif
+}
+
/* Note: This doesn't put any conntrack and bridge info in dst. */
static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src,
bool copy)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4229,6 +4229,7 @@ void skb_scrub_packet(struct sk_buff *sk
if (!xnet)
return;
+ ipvs_reset(skb);
skb_orphan(skb);
skb->mark = 0;
}
next prev parent reply other threads:[~2017-11-22 10:13 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-22 10:11 [PATCH 4.4 00/16] 4.4.101-stable review Greg Kroah-Hartman
2017-11-22 10:11 ` [PATCH 4.4 01/16] tcp: do not mangle skb->cb[] in tcp_make_synack() Greg Kroah-Hartman
2017-11-22 10:11 ` Greg Kroah-Hartman [this message]
2017-11-22 10:11 ` [PATCH 4.4 03/16] bonding: discard lowest hash bit for 802.3ad layer3+4 Greg Kroah-Hartman
2017-11-22 10:11 ` [PATCH 4.4 04/16] vlan: fix a use-after-free in vlan_device_event() Greg Kroah-Hartman
2017-11-22 10:11 ` [PATCH 4.4 05/16] af_netlink: ensure that NLMSG_DONE never fails in dumps Greg Kroah-Hartman
2017-11-22 10:11 ` [PATCH 4.4 06/16] sctp: do not peel off an assoc from one netns to another one Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 07/16] fealnx: Fix building error on MIPS Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 08/16] net/sctp: Always set scope_id in sctp_inet6_skb_msgname Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 09/16] ima: do not update security.ima if appraisal status is not INTEGRITY_PASS Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 10/16] serial: omap: Fix EFR write on RTS deassertion Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 11/16] arm64: fix dump_instr when PAN and UAO are in use Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 12/16] [PATCH-stable] nvme: Fix memory order on async queue deletion Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 13/16] ocfs2: should wait dio before inode lock in ocfs2_setattr() Greg Kroah-Hartman
2017-12-05 15:49 ` Ben Hutchings
2017-12-06 1:02 ` alex chen
2017-12-06 16:36 ` Greg Kroah-Hartman
2017-12-07 18:25 ` Ben Hutchings
2017-12-08 0:39 ` alex chen
2017-12-08 2:26 ` Ben Hutchings
2017-12-08 4:03 ` alex chen
2017-12-08 5:36 ` Ben Hutchings
2017-12-08 6:16 ` alex chen
2017-12-08 10:04 ` Changwei Ge
2017-12-12 1:34 ` alex chen
2017-11-22 10:12 ` [PATCH 4.4 14/16] ipmi: fix unsigned long underflow Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 15/16] mm/page_alloc.c: broken deferred calculation Greg Kroah-Hartman
2017-11-22 10:12 ` [PATCH 4.4 16/16] coda: fix kernel memory exposure attempt in fsync Greg Kroah-Hartman
2017-11-22 15:29 ` [PATCH 4.4 00/16] 4.4.101-stable review Nathan Chancellor
2017-11-22 17:05 ` Greg Kroah-Hartman
2017-11-22 17:38 ` Nathan Chancellor
2017-11-22 21:32 ` Guenter Roeck
2017-11-23 14:28 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171122101110.903293000@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chouryzhou@gmail.com \
--cc=davem@davemloft.net \
--cc=horms@verge.net.au \
--cc=hustcat@gmail.com \
--cc=ja@ssi.bg \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.