From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net-next 2/2] net: sched: add em_ipt ematch for calling xtables matches Date: Wed, 24 Jan 2018 16:37:16 -0500 (EST) Message-ID: <20180124.163716.301711852222011274.davem@davemloft.net> References: <1516699052-19259-1-git-send-email-eyal.birger@gmail.com> <1516699052-19259-3-git-send-email-eyal.birger@gmail.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: jhs@mojatatu.com, xiyou.wangcong@gmail.com, netdev@vger.kernel.org, pablo@netfilter.org, shmulik@metanetworks.com, eyal@metanetworks.com To: eyal.birger@gmail.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:50536 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932474AbeAXVhS (ORCPT ); Wed, 24 Jan 2018 16:37:18 -0500 In-Reply-To: <1516699052-19259-3-git-send-email-eyal.birger@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Eyal Birger Date: Tue, 23 Jan 2018 11:17:32 +0200 > + network_offset = skb_network_offset(skb); > + skb_pull(skb, network_offset); > + > + rcu_read_lock(); > + > + if (skb->skb_iif) > + indev = dev_get_by_index_rcu(em->net, skb->skb_iif); > + > + nf_hook_state_init(&state, im->hook, im->nfproto, indev ?: skb->dev, > + skb->dev, NULL, em->net, NULL); > + > + acpar.match = im->match; > + acpar.matchinfo = im->match_data; > + acpar.state = &state; > + > + ret = im->match->match(skb, &acpar); > + > + rcu_read_unlock(); > + > + skb_push(skb, network_offset); If the SKB is shared in any way, this pull/push around the NF hook invocation is illegal.