From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org, willemb@google.com
Subject: [PATCH net-next 0/2] net: flow dissector: allow explicit passing of netns
Date: Fri, 7 Jun 2024 10:31:58 +0200 [thread overview]
Message-ID: <20240607083205.3000-1-fw@strlen.de> (raw)
Years ago flow dissector gained ability to delegate flow dissection
to a bpf program, scoped per netns.
The netns is derived from skb->dev, and if that is not available, from
skb->sk. If neither is set, we hit a (benign) WARN_ON_ONCE().
This WARN_ON_ONCE can be triggered from netfilter.
Known skb origins are nf_send_reset and ipv4 stack generated IGMP
messages.
Lets allow callers to pass the current netns explicitly and make
nf_tables use those instead.
This targets net-next instead of net because the WARN is benign and this
is not a regression.
Florian Westphal (2):
net: add and use skb_get_hash_net
net: add and use __skb_get_hash_symmetric_net
include/linux/skbuff.h | 20 +++++++++++++++++---
net/core/flow_dissector.c | 20 +++++++++++++-------
net/netfilter/nf_tables_trace.c | 2 +-
net/netfilter/nft_hash.c | 3 ++-
4 files changed, 33 insertions(+), 12 deletions(-)
--
2.44.2
next reply other threads:[~2024-06-07 8:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-07 8:31 Florian Westphal [this message]
2024-06-07 8:31 ` [PATCH net-next 1/2] net: add and use skb_get_hash_net Florian Westphal
2024-06-07 9:25 ` Eric Dumazet
2024-06-07 14:13 ` Willem de Bruijn
2024-06-08 22:17 ` Florian Westphal
2024-06-07 12:33 ` kernel test robot
2024-06-07 8:32 ` [PATCH net-next 2/2] net: add and use __skb_get_hash_symmetric_net Florian Westphal
2024-06-07 9:26 ` Eric Dumazet
2024-06-07 14:14 ` Willem de Bruijn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240607083205.3000-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.