From: Florian Westphal <fw@strlen.de>
To: Willem de Bruijn <willemb@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>,
Christoph Paasch <cpaasch@apple.com>,
Netfilter <netfilter-devel@vger.kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, daniel@iogearbox.net,
Stanislav Fomichev <sdf@google.com>
Subject: Re: [PATCH nf] netfilter: nf_reject: init skb->dev for reset packet
Date: Thu, 6 Jun 2024 10:39:05 +0200 [thread overview]
Message-ID: <20240606083905.GA4688@breakpoint.cc> (raw)
In-Reply-To: <CA+FuTSfAhHDedA68LOiiUpbBtQKV9E-W5o4TJibpCWokYii69A@mail.gmail.com>
Willem de Bruijn <willemb@google.com> wrote:
> On Wed, Jun 5, 2024 at 3:45 PM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> >
> > On Wed, Jun 05, 2024 at 09:08:33PM +0200, Florian Westphal wrote:
> > > So there are several options here:
> > > 1. remove the WARN_ON_ONCE and be done with it
> > > 2. remove the WARN_ON_ONCE and pretend net was init_net
> > > 3. also look at skb_dst(skb)->dev if skb->dev is unset, then back to 1)
> > > or 2)
> > > 4. stop using skb_get_hash() from netfilter (but there are likely other
> > > callers that might hit this).
> > > 5. fix up callers, one by one
> > > 6. assign skb->dev inside netfilter if its unset
>
> Is 6 a realistic option?
The output hook has to outdev available (its skb_dst(skb)->dev, passed
in from __ip_local_out()).
So we could set skb->dev = outdev, before calling skb_get_hash and
__skb_get_hash_symmetric.
next prev parent reply other threads:[~2024-06-06 8:39 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 12:03 [PATCH nf] netfilter: nf_reject: init skb->dev for reset packet Florian Westphal
[not found] ` <FF8A506F-6F0F-440E-9F52-B27D05731B77@apple.com>
2024-06-05 18:14 ` Florian Westphal
2024-06-05 18:38 ` Pablo Neira Ayuso
2024-06-05 19:08 ` Florian Westphal
2024-06-05 19:45 ` Pablo Neira Ayuso
2024-06-05 21:38 ` Willem de Bruijn
2024-06-05 22:16 ` Pablo Neira Ayuso
2024-06-06 1:54 ` Willem de Bruijn
2024-06-06 6:20 ` Pablo Neira Ayuso
2024-06-06 8:39 ` Florian Westphal [this message]
2024-06-06 9:26 ` Florian Westphal
2024-06-06 13:04 ` Florian Westphal
2024-06-06 14:09 ` Willem de Bruijn
2024-06-06 14:15 ` Florian Westphal
2024-06-06 14:28 ` Willem de Bruijn
2024-06-06 14:38 ` Florian Westphal
2024-06-06 14:43 ` Willem de Bruijn
2024-06-06 14:52 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240606083905.GA4688@breakpoint.cc \
--to=fw@strlen.de \
--cc=cpaasch@apple.com \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=sdf@google.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.