[PATCH net] core/dev: do not ignore dmac in dev_forward_skb()

[PATCH net] core/dev: do not ignore dmac in dev_forward_skb()

[Alexei Starovoitov]

commit 06a23fe31ca3
("core/dev: set pkt_type after eth_type_trans() in dev_forward_skb()")
and refactoring 64261f230a91
("dev: move skb_scrub_packet() after eth_type_trans()")

are forcing pkt_type to be PACKET_HOST when skb traverses veth.

which means that ip forwarding will kick in inside netns
even if skb->eth->h_dest != dev->dev_addr

Revert offending commit

Fixes: 06a23fe31ca3 ("core/dev: set pkt_type after eth_type_trans() in dev_forward_skb()")
CC: Maciej Zenczykowski <zenczykowski@gmail.com>
CC: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
---

commit-06a23fe31ca3's testcase is still working,
since pkt_type is now set by ip tunnel

the diff is for 3.12
imo the bug is severe enough that worth queueing for 3.11

 net/core/dev.c |    6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 3430b1e..2afc521 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1691,13 +1691,9 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
 		kfree_skb(skb);
 		return NET_RX_DROP;
 	}
-	skb->protocol = eth_type_trans(skb, dev);
 
-	/* eth_type_trans() can set pkt_type.
-	 * call skb_scrub_packet() after it to clear pkt_type _after_ calling
-	 * eth_type_trans().
-	 */
 	skb_scrub_packet(skb, true);
+	skb->protocol = eth_type_trans(skb, dev);
 
 	return netif_rx(skb);
 }
-- 
1.7.9.5

Re: [PATCH net] core/dev: do not ignore dmac in dev_forward_skb()

[Maciej Żenczykowski]

Ack.

I'm sure this breaks whatever the original commit was trying to 'fix',
however it does so in a clearly incorrect manner by effectively
disabling dst mac address filtering.

Re: [PATCH net] core/dev: do not ignore dmac in dev_forward_skb()

[Alexei Starovoitov]

On Mon, Nov 11, 2013 at 4:39 PM, Maciej Żenczykowski
<zenczykowski@gmail.com> wrote:
> Ack.
>
> I'm sure this breaks whatever the original commit was trying to 'fix',
> however it does so in a clearly incorrect manner by effectively
> disabling dst mac address filtering.

actually it doesn't break it. Isaku's testcase works for me.

Re: [PATCH net] core/dev: do not ignore dmac in dev_forward_skb()

[Isaku Yamahata]

On Mon, Nov 11, 2013 at 05:12:10PM -0800,
Alexei Starovoitov <ast@plumgrid.com> wrote:

> On Mon, Nov 11, 2013 at 4:39 PM, Maciej Żenczykowski
> <zenczykowski@gmail.com> wrote:
> > Ack.
> >
> > I'm sure this breaks whatever the original commit was trying to 'fix',
> > however it does so in a clearly incorrect manner by effectively
> > disabling dst mac address filtering.
> 
> actually it doesn't break it. Isaku's testcase works for me.

The changeset of 963a88b31ddbbe99f38502239b1a46601773d217
  "tunnels: harmonize cleanup done on skb on xmit path"
addresses the issue by calling skb_scrub_packet() when sending skb
through tunnel. So it is safe to revert it.

thanks,
-- 
Isaku Yamahata <isaku.yamahata@gmail.com>

Re: [PATCH net] core/dev: do not ignore dmac in dev_forward_skb()

[Nicolas Dichtel]

Le 11/11/2013 22:52, Alexei Starovoitov a écrit :
> commit 06a23fe31ca3
> ("core/dev: set pkt_type after eth_type_trans() in dev_forward_skb()")
> and refactoring 64261f230a91
> ("dev: move skb_scrub_packet() after eth_type_trans()")
>
> are forcing pkt_type to be PACKET_HOST when skb traverses veth.
>
> which means that ip forwarding will kick in inside netns
> even if skb->eth->h_dest != dev->dev_addr
>
> Revert offending commit
>
> Fixes: 06a23fe31ca3 ("core/dev: set pkt_type after eth_type_trans() in dev_forward_skb()")
> CC: Maciej Zenczykowski <zenczykowski@gmail.com>
> CC: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
skb_scrub_packet() is also called after eth_type_trans() in ip_tunnel_rcv().
I do it to be consistent with dev_forward_skb(), thus it should be inverted too.