From: Steffen Klassert <steffen.klassert@secunet.com>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: netdev@vger.kernel.org,
Christophe Gouault <christophe.gouault@6wind.com>,
Saurabh Mohan <saurabh.mohan@vyatta.com>
Subject: Re: [PATCH RFC 8/9] vti: Update the ipv4 side to use it's own receive hook.
Date: Fri, 13 Dec 2013 10:56:48 +0100 [thread overview]
Message-ID: <20131213095648.GN31491@secunet.com> (raw)
In-Reply-To: <52A9E3CF.7040204@6wind.com>
On Thu, Dec 12, 2013 at 05:26:55PM +0100, Nicolas Dichtel wrote:
> Le 05/12/2013 13:05, Steffen Klassert a écrit :
> >
> >-/* We dont digest the packet therefore let the packet pass */
> > static int vti_rcv(struct sk_buff *skb)
> > {
> > struct ip_tunnel *tunnel;
> >@@ -60,48 +61,72 @@ static int vti_rcv(struct sk_buff *skb)
> > tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
> > iph->saddr, iph->daddr, 0);
> > if (tunnel != NULL) {
> >- struct pcpu_tstats *tstats;
> >- u32 oldmark = skb->mark;
> >- int ret;
> >+ if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
> >+ goto drop;
> >+
> >+ XFRM_TUNNEL_SKB_CB(skb)->tunnel = tunnel;
> >+
> >+ /* Partially clear the buffer, the rest is done by xfrm_input. */
> >+ if (!net_eq(tunnel->net, dev_net(tunnel->dev)))
> >+ skb_orphan(skb);
> >+ skb->tstamp.tv64 = 0;
> >+ skb->pkt_type = PACKET_HOST;
> >+ skb->skb_iif = 0;
> >+ nf_reset_trace(skb);
> >+ secpath_reset(skb);
> Is it not better to call skb_scrub_packet() (if necessary adding a new
> argument to skip some operations)?
Yes, looks like we can simply use skb_scrub_packet(). xfrm_input()
will do nf_reset() and skb_dst_drop() again, but this should not
harm too much.
I'll incorporate this into the v2 patchest.
Thanks!
next prev parent reply other threads:[~2013-12-13 9:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-05 12:00 [PATCH RFC 0/9] vti4: prepare namespace and interfamily support Steffen Klassert
2013-12-05 12:01 ` [PATCH RFC 1/9] xfrm4: Add IPsec protocol multiplexer Steffen Klassert
2013-12-05 12:01 ` [PATCH RFC 2/9] esp4: Use the IPsec protocol multiplexer API Steffen Klassert
2013-12-05 12:02 ` [PATCH RFC 3/9] esp4: Export esp4_err Steffen Klassert
2013-12-05 12:02 ` [PATCH RFC 4/9] ah4: Use the IPsec protocol multiplexer API Steffen Klassert
2013-12-05 12:03 ` [PATCH RFC 5/9] ah4: Export ah4_err Steffen Klassert
2013-12-05 12:03 ` [PATCH RFC 6/9] xfrm: Add xfrm_tunnel_skb_cb to the skb common buffer Steffen Klassert
2013-12-05 12:04 ` [PATCH RFC 7/9] ip_tunnel: Make vti work with i_key set Steffen Klassert
2013-12-05 12:05 ` [PATCH RFC 8/9] vti: Update the ipv4 side to use it's own receive hook Steffen Klassert
2013-12-12 16:26 ` Nicolas Dichtel
2013-12-13 9:56 ` Steffen Klassert [this message]
2013-12-05 12:05 ` [PATCH RFC 9/9] xfrm4: Remove xfrm_tunnel_notifier Steffen Klassert
2013-12-05 17:27 ` [PATCH RFC 0/9] vti4: prepare namespace and interfamily support Stephen Hemminger
2013-12-06 20:20 ` David Miller
2013-12-09 9:17 ` Christophe Gouault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131213095648.GN31491@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=christophe.gouault@6wind.com \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=saurabh.mohan@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).