From: "David S. Miller" <davem@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: jmorris@redhat.com, netdev@oss.sgi.com
Subject: Re: pskb change in dst->output
Date: Wed, 7 Jul 2004 17:17:59 -0700 [thread overview]
Message-ID: <20040707171759.025eb13b.davem@redhat.com> (raw)
In-Reply-To: <20040708000421.GA30918@gondor.apana.org.au>
On Thu, 8 Jul 2004 10:04:21 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Wed, Jul 07, 2004 at 07:33:18PM -0400, James Morris wrote:
> >
> > > So is there a caller to dst_output that does this as well?
> >
> > The TCP code often clones skbs to be transmitted.
>
> Thanks for the pointer.
This isn't the case that prompted James's changes though.
It's a UDP packet, to multicast, with hw checksumming enabled,
that gets looped back via ip_mc_output() here:
if (rt->rt_flags&RTCF_MULTICAST) {
if ((!sk || inet_sk(sk)->mc_loop)
#ifdef CONFIG_IP_MROUTE
/* Small optimization: do not loopback not local frames,
which returned after forwarding; they will be dropped
by ip_mr_input in any case.
Note, that local frames are looped back to be delivered
to local recipients.
This check is duplicated in ip_mr_input at the moment.
*/
&& ((rt->rt_flags&RTCF_LOCAL) || !(IPCB(skb)->flags&IPSKB_FORWARDED))
#endif
) {
struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
if (newskb)
NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL,
newskb->dev,
ip_dev_loopback_xmit);
}
If this goes through netfilter, before James's changes, in any way
shape or form, the checksum of the original SKB will be corrupted.
This breaks dhcp for example, and it's really common because if you
just build selinux even without using any rules, packets go through
netfilter.
That is what James's changes, to move the actual packet mucking deeper
in the netfilter call chain (to where packet modifications really happen)
so that we can fix the above described case without unneeded expense
added.
next prev parent reply other threads:[~2004-07-08 0:17 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-07 13:06 pskb change in dst->output Herbert Xu
2004-07-07 14:58 ` James Morris
2004-07-07 21:28 ` Herbert Xu
2004-07-07 22:01 ` David S. Miller
2004-07-07 23:12 ` Herbert Xu
2004-07-07 23:33 ` James Morris
2004-07-08 0:04 ` Herbert Xu
2004-07-08 0:17 ` David S. Miller [this message]
2004-07-08 0:35 ` Herbert Xu
2004-07-08 1:05 ` James Morris
2004-07-08 1:11 ` Herbert Xu
2004-07-08 1:19 ` James Morris
2004-07-08 3:34 ` James Morris
2004-07-08 4:02 ` Herbert Xu
2004-07-09 8:14 ` Herbert Xu
2004-07-09 14:02 ` James Morris
2004-07-09 19:36 ` David S. Miller
2004-07-09 20:42 ` Herbert Xu
2004-07-09 21:07 ` Herbert Xu
2004-07-09 21:21 ` David S. Miller
2004-07-09 21:43 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040707171759.025eb13b.davem@redhat.com \
--to=davem@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jmorris@redhat.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).