Re: [PATCH 72/84] netfilter: xtables: inclusion of xt_TEE

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: davem@davemloft.net, netfilter-devel@vger.kernel.org,
	netdev@vger.kernel.org
Subject: Re: [PATCH 72/84] netfilter: xtables: inclusion of xt_TEE
Date: Tue, 11 May 2010 13:42:02 +0200	[thread overview]
Message-ID: <4BE9428A.5090402@trash.net> (raw)
In-Reply-To: <1273524779.2590.236.camel@edumazet-laptop>

Eric Dumazet wrote:
> Le lundi 10 mai 2010 à 22:18 +0200, kaber@trash.net a écrit :
>> From: Jan Engelhardt <jengelh@medozas.de>
>>
>> xt_TEE can be used to clone and reroute a packet. This can for
>> example be used to copy traffic at a router for logging purposes
>> to another dedicated machine.
>>
>> References: http://www.gossamer-threads.com/lists/iptables/devel/68781
>> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
>> Signed-off-by: Patrick McHardy <kaber@trash.net>
>> ---
> 
>> +static bool tee_tg_route_oif(struct flowi *f, struct net *net,
>> +			     const struct xt_tee_tginfo *info)
>> +{
>> +	const struct net_device *dev;
>> +
>> +	if (*info->oif != '\0')
>> +		return true;
>> +	dev = dev_get_by_name(net, info->oif);
>> +	if (dev == NULL)
>> +		return false;
>> +	f->oif = dev->ifindex;
>> +	return true;
>> +}
>> +
> 
> This leaks a refcount on device.
> 
> But I see patch 76/84 replaces the whole thing, so this is probably
> harmless.

Correct, that patch replaces the per-packet lookup and uses
netdevice notifiers to store the ifindex of the output device,
without keeping a reference at all.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2010-05-11 11:42 UTC|newest]

Thread overview: 89+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-10 20:17 [PATCH 00/84] netfilter: netfilter update for 2.6.35 kaber
2010-05-10 20:17 ` [PATCH 01/84] netfilter: include/linux/netfilter/nf_conntrack_tuple_common.h: Checkpatch cleanup kaber
2010-05-10 20:17 ` [PATCH 02/84] netfilter: ebt_ip6: Use ipv6_masked_addr_cmp() kaber
2010-05-10 20:17 ` [PATCH 03/84] netfilter: remove stale declaration for ip6_masked_addrcmp() kaber
2010-05-10 20:17 ` [PATCH 04/84] netfilter: net/netfilter/ipvs/ip_vs_ftp.c: Remove use of NIPQUAD kaber
2010-05-10 20:17 ` [PATCH 05/84] netfilter: xt_CT: par->family is an nfproto kaber
2010-05-10 20:17 ` [PATCH 06/84] netfilter: xt_NFQUEUE: consolidate v4/v6 targets into one kaber
2010-05-10 20:17 ` [PATCH 07/84] netfilter: xtables: add comment markers to Xtables Kconfig kaber
2010-05-10 20:17 ` [PATCH 08/84] netfilter: xtables: merge xt_MARK into xt_mark kaber
2010-05-10 20:17 ` [PATCH 09/84] netfilter: xtables: merge xt_CONNMARK into xt_connmark kaber
2010-05-10 20:17 ` [PATCH 10/84] netfilter: xtables: schedule xt_NOTRACK for removal kaber
2010-05-10 20:17 ` [PATCH 11/84] netfilter: update my email address kaber
2010-05-10 20:17 ` [PATCH 12/84] netfilter: ebt_ip6: add principal maintainer in a MODULE_AUTHOR tag kaber
2010-05-10 20:17 ` [PATCH 13/84] netfilter: xt_recent: update description kaber
2010-05-10 20:17 ` [PATCH 14/84] netfilter: xt_recent: remove old proc directory kaber
2010-05-10 20:17 ` [PATCH 15/84] netfilter: xt_recent: add an entry reaper kaber
2010-05-10 20:17 ` [PATCH 16/84] netfilter: xt_recent: check for unsupported user space flags kaber
2010-05-10 20:17 ` [PATCH 17/84] netfilter: remove unused headers in net/netfilter/nfnetlink.c kaber
2010-05-10 20:17 ` [PATCH 18/84] netfilter: xtables: do without explicit XT_ALIGN kaber
2010-05-10 20:17 ` [PATCH 19/84] netfilter: xtables: clean up xt_mac match routine kaber
2010-05-10 20:17 ` [PATCH 20/84] netfilter: xtables: limit xt_mac to ethernet devices kaber
2010-05-10 20:17 ` [PATCH 21/84] netfilter: xtables: resort osf kconfig text kaber
2010-05-10 20:17 ` [PATCH 22/84] netfilter: xtables: make use of caller family rather than match family kaber
2010-05-10 20:17 ` [PATCH 23/84] netfilter: update documentation fields of x_tables.h kaber
2010-05-10 20:17 ` [PATCH 24/84] netfilter: xtables: remove almost-unused xt_match_param.data member kaber
2010-05-10 20:17 ` [PATCH 25/84] netfilter: xtables: reduce holes in struct xt_target kaber
2010-05-10 20:17 ` [PATCH 26/84] netfilter: xtables: do not print any messages on ENOMEM kaber
2010-05-10 20:17 ` [PATCH 27/84] netfilter: xtables: replace custom duprintf with pr_debug kaber
2010-05-10 20:17 ` [PATCH 28/84] netfilter: xt extensions: use pr_<level> kaber
2010-05-10 20:18 ` [PATCH 29/84] netfilter: remove unused headers in net/ipv6/netfilter/ip6t_LOG.c kaber
2010-05-10 20:18 ` [PATCH 30/84] netfilter: remove unused headers in net/ipv4/netfilter/nf_nat_h323.c kaber
2010-05-10 20:18 ` [PATCH 31/84] netfilter: xtables: make use of caller family rather than target family kaber
2010-05-10 20:18 ` [PATCH 32/84] netfilter: xt extensions: use pr_<level> (2) kaber
2010-05-10 20:18 ` [PATCH 33/84] netfilter: xtables: make use of xt_request_find_target kaber
2010-05-10 20:18 ` [PATCH 34/84] netfilter: xtables: consolidate code into xt_request_find_match kaber
2010-05-10 20:18 ` [PATCH 35/84] netfilter: xt_recent: allow changing ip_list_[ug]id at runtime kaber
2010-05-10 20:18 ` [PATCH 36/84] netfilter: bridge: use NFPROTO values for NF_HOOK invocation kaber
2010-05-10 20:18 ` [PATCH 37/84] netfilter: ipv4: " kaber
2010-05-10 20:18 ` [PATCH 38/84] netfilter: ipv6: " kaber
2010-05-10 20:18 ` [PATCH 39/84] netfilter: decnet: " kaber
2010-05-10 20:18 ` [PATCH 40/84] netfilter: ipvs: " kaber
2010-05-11  3:07   ` Simon Horman
2010-05-10 20:18 ` [PATCH 41/84] netfilter: xtables: untangle spaghetti if clauses in checkentry kaber
2010-05-10 20:18 ` [PATCH 42/84] netfilter: xtables: change xt_match.checkentry return type kaber
2010-05-10 20:18 ` [PATCH 43/84] netfilter: xtables: change xt_target.checkentry " kaber
2010-05-10 20:18 ` [PATCH 44/84] netfilter: xtables: change matches to return error code kaber
2010-05-10 20:18 ` [PATCH 45/84] netfilter: xtables: change targets " kaber
2010-05-10 20:18 ` [PATCH 46/84] netfilter: xtables: slightly better error reporting kaber
2010-05-10 20:18 ` [PATCH 47/84] netfilter: xtables: shorten up return clause kaber
2010-05-10 20:18 ` [PATCH 48/84] netfilter: xtables: remove xt_hashlimit revision 0 kaber
2010-05-10 20:18 ` [PATCH 49/84] netfilter: xtables: remove xt_multiport " kaber
2010-05-10 20:18 ` [PATCH 50/84] netfilter: xtables: remove xt_string " kaber
2010-05-10 20:18 ` [PATCH 51/84] netfilter: xtables: merge registration structure to NFPROTO_UNSPEC kaber
2010-05-10 20:18 ` [PATCH 52/84] netfilter: ctnetlink: compute message size properly kaber
2010-05-10 20:18 ` [PATCH 53/84] netfilter: CLUSTERIP: clusterip_seq_stop() fix kaber
2010-05-10 20:18 ` [PATCH 54/84] netfilter: xt_hashlimit: RCU conversion kaber
2010-05-10 20:18 ` [PATCH 55/84] IPVS: fix potential stack overflow with overly long protocol names kaber
2010-05-10 20:18 ` [PATCH 56/84] netfilter: only do skb_checksum_help on CHECKSUM_PARTIAL in ip_queue kaber
2010-05-10 20:18 ` [PATCH 57/84] netfilter: only do skb_checksum_help on CHECKSUM_PARTIAL in ip6_queue kaber
2010-05-10 20:18 ` [PATCH 58/84] netfilter: only do skb_checksum_help on CHECKSUM_PARTIAL in nfnetlink_queue kaber
2010-05-10 20:18 ` [PATCH 59/84] netfilter: remove invalid rcu_dereference() calls kaber
2010-05-10 20:18 ` [PATCH 60/84] netfilter: xt_LED: add refcounts to LED target kaber
2010-05-10 20:18 ` [PATCH 61/84] netfilter: xtables: make XT_ALIGN() usable in exported headers by exporting __ALIGN_KERNEL() kaber
2010-05-10 20:18 ` [PATCH 62/84] netfilter: fix some coding styles and remove moduleparam.h kaber
2010-05-10 20:18 ` [PATCH 63/84] netfilter: bridge-netfilter: cleanup br_netfilter.c kaber
2010-05-10 20:18 ` [PATCH 64/84] netfilter: bridge-netfilter: update a comment in br_forward.c about ip_fragment() kaber
2010-05-10 20:18 ` [PATCH 65/84] Restore __ALIGN_MASK() kaber
2010-05-10 20:18 ` [PATCH 66/84] netfilter: ipv6: move POSTROUTING invocation before fragmentation kaber
2010-05-10 20:18 ` [PATCH 67/84] netfilter: ipv6: add IPSKB_REROUTED exclusion to NF_HOOK/POSTROUTING invocation kaber
2010-05-10 20:18 ` [PATCH 68/84] netfilter: bridge-netfilter: simplify IP DNAT kaber
2010-05-10 20:18 ` [PATCH 69/84] netfilter: bridge-netfilter: Fix MAC header handling with " kaber
2010-05-10 20:18 ` [PATCH 70/84] netfilter: ipv6: move xfrm_lookup at end of ip6_route_me_harder kaber
2010-05-10 20:18 ` [PATCH 71/84] netfilter: ipt_LOG/ip6t_LOG: use more appropriate log level as default kaber
2010-05-10 20:18 ` [PATCH 72/84] netfilter: xtables: inclusion of xt_TEE kaber
2010-05-10 20:52   ` Eric Dumazet
2010-05-11 11:42     ` Patrick McHardy [this message]
2010-05-10 20:18 ` [PATCH 73/84] netfilter: xtables: make ip_tables reentrant kaber
2010-05-10 20:18 ` [PATCH 74/84] netfilter: xt_TEE: have cloned packet travel through Xtables too kaber
2010-05-10 20:18 ` [PATCH 75/84] netfilter: xtables: remove old comments about reentrancy kaber
2010-05-10 20:18 ` [PATCH 76/84] netfilter: xt_TEE: resolve oif using netdevice notifiers kaber
2010-05-10 20:18 ` [PATCH 77/84] netfilter: bridge-netfilter: fix refragmenting IP traffic encapsulated in PPPoE traffic kaber
2010-05-10 20:18 ` [PATCH 78/84] netfilter: x_tables: move sleeping allocation outside BH-disabled region kaber
2010-05-10 20:18 ` [PATCH 79/84] netfilter: ip_tables: convert pr_devel() to pr_debug() kaber
2010-05-10 20:18 ` [PATCH 80/84] netfilter: nf_conntrack: extend with extra stat counter kaber
2010-05-10 20:18 ` [PATCH 81/84] netfilter: x_tables: rectify XT_FUNCTION_MAXNAMELEN usage kaber
2010-05-10 20:18 ` [PATCH 82/84] netfilter: nf_ct_h323: switch "incomplete TPKT" message to pr_debug() kaber
2010-05-10 20:18 ` [PATCH 83/84] netfilter: nf_conntrack_proto: fix warning with CONFIG_PROVE_RCU kaber
2010-05-10 20:18 ` [PATCH 84/84] netfilter: use rcu_dereference_protected() kaber
2010-05-11  6:14 ` [PATCH 00/84] netfilter: netfilter update for 2.6.35 David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4BE9428A.5090402@trash.net \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.