From: Hannes Frederic Sowa <hannes@redhat.com>
To: Joe Stringer <joestringer@nicira.com>, netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, pablo@netfilter.org,
kaber@trash.net, jpettit@nicira.com, pshelar@nicira.com,
azhou@nicira.com, jesse@nicira.com, fwestpha@redhat.com,
tgraf@noironetworks.com
Subject: Re: [PATCH net-next 1/9] openvswitch: Scrub packet in ovs_vport_receive()
Date: Fri, 31 Jul 2015 16:34:54 +0200 [thread overview]
Message-ID: <1438353294.20479.7.camel@redhat.com> (raw)
In-Reply-To: <1438279963-29563-2-git-send-email-joestringer@nicira.com>
On Thu, 2015-07-30 at 11:12 -0700, Joe Stringer wrote:
> Signed-off-by: Joe Stringer <joestringer@nicira.com>
> ---
> net/openvswitch/vport.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/openvswitch/vport.c b/net/openvswitch/vport.c
> index d14f594..baa018f 100644
> --- a/net/openvswitch/vport.c
> +++ b/net/openvswitch/vport.c
> @@ -475,6 +475,9 @@ void ovs_vport_receive(struct vport *vport, struct
> sk_buff *skb,
> struct sw_flow_key key;
> int error;
>
> + if (!skb->sk || (sock_net(skb->sk) != read_pnet(&vport->dp
> ->net)))
> + skb_scrub_packet(skb, true);
> +
> stats = this_cpu_ptr(vport->percpu_stats);
> u64_stats_update_begin(&stats->syncp);
> stats->rx_packets++;
In general, this shouldn't be necessary as the packet should already be
scrubbed before they arrive here.
Could you maybe add a WARN_ON and check how those skbs with conntrack
data traverse the stack? I also didn't understand why make it dependent
on the socket.
Thanks,
Hannes
next prev parent reply other threads:[~2015-07-31 14:35 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-30 18:12 [PATCH net-next 0/9] OVS conntrack support Joe Stringer
2015-07-30 18:12 ` [PATCH net-next 1/9] openvswitch: Scrub packet in ovs_vport_receive() Joe Stringer
2015-07-30 18:40 ` Thomas Graf
2015-07-30 23:16 ` Joe Stringer
2015-07-31 7:38 ` Thomas Graf
2015-07-31 3:43 ` Pravin Shelar
2015-07-31 14:34 ` Hannes Frederic Sowa [this message]
2015-07-31 17:51 ` Joe Stringer
2015-08-01 19:17 ` Thomas Graf
2015-08-05 4:40 ` Joe Stringer
2015-08-07 22:07 ` Jesse Gross
2015-07-30 18:12 ` [PATCH net-next 2/9] openvswitch: Serialize acts with original netlink len Joe Stringer
2015-07-30 19:35 ` Thomas Graf
2015-07-30 18:12 ` [PATCH net-next 3/9] openvswitch: Move MASKED* macros to datapath.h Joe Stringer
2015-07-30 19:36 ` Thomas Graf
2015-07-30 18:12 ` [PATCH net-next 4/9] ipv6: Export nf_ct_frag6_gather() Joe Stringer
2015-07-30 19:36 ` Thomas Graf
2015-07-30 18:12 ` [PATCH net-next 5/9] openvswitch: Add conntrack action Joe Stringer
2015-07-31 14:52 ` Hannes Frederic Sowa
2015-07-31 18:35 ` Joe Stringer
2015-07-31 15:26 ` Hannes Frederic Sowa
2015-07-31 20:14 ` Joe Stringer
2015-08-01 2:08 ` Pravin Shelar
2015-08-03 22:58 ` Joe Stringer
2015-07-30 18:12 ` [PATCH net-next 6/9] openvswitch: Allow matching on conntrack mark Joe Stringer
2015-07-30 18:12 ` [PATCH net-next 7/9] netfilter: Always export nf_connlabels_replace() Joe Stringer
2015-07-30 18:12 ` [PATCH net-next 8/9] openvswitch: Allow matching on conntrack label Joe Stringer
2015-07-31 13:20 ` Florian Westphal
2015-07-31 23:07 ` Joe Stringer
2015-07-30 18:12 ` [PATCH net-next 9/9] openvswitch: Allow attaching helpers to ct action Joe Stringer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1438353294.20479.7.camel@redhat.com \
--to=hannes@redhat.com \
--cc=azhou@nicira.com \
--cc=fwestpha@redhat.com \
--cc=jesse@nicira.com \
--cc=joestringer@nicira.com \
--cc=jpettit@nicira.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=pshelar@nicira.com \
--cc=tgraf@noironetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).