From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jiri Pirko Subject: Re: [PATCH net] net: skb_scrub_packet(): Scrub offload_fwd_mark Date: Tue, 20 Nov 2018 12:41:53 +0100 Message-ID: <20181120114153.GB2264@nanopsycho> References: <1bc608bd028b41a21c99c982f459b7434f0948ed.1542712365.git.petrm@mellanox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "netdev@vger.kernel.org" , "davem@davemloft.net" , Ido Schimmel To: Petr Machata Return-path: Received: from mail-wr1-f66.google.com ([209.85.221.66]:41496 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728997AbeKTWRU (ORCPT ); Tue, 20 Nov 2018 17:17:20 -0500 Received: by mail-wr1-f66.google.com with SMTP id x10so1631494wrs.8 for ; Tue, 20 Nov 2018 03:48:34 -0800 (PST) Content-Disposition: inline In-Reply-To: <1bc608bd028b41a21c99c982f459b7434f0948ed.1542712365.git.petrm@mellanox.com> Sender: netdev-owner@vger.kernel.org List-ID: Tue, Nov 20, 2018 at 12:39:56PM CET, petrm@mellanox.com wrote: >When a packet is trapped and the corresponding SKB marked as >already-forwarded, it retains this marking even after it is forwarded >across veth links into another bridge. There, since it ingresses the >bridge over veth, which doesn't have offload_fwd_mark, it triggers a >warning in nbp_switchdev_frame_mark(). > >Then nbp_switchdev_allowed_egress() decides not to allow egress from >this bridge through another veth, because the SKB is already marked, and >the mark (of 0) of course matches. Thus the packet is incorrectly >blocked. > >Solve by resetting offload_fwd_mark() in skb_scrub_packet(). That >function is called from tunnels and also from veth, and thus catches the >cases where traffic is forwarded between bridges and transformed in a >way that invalidates the marking. > >Fixes: 6bc506b4fb06 ("bridge: switchdev: Add forward mark support for stacked devices") >Fixes: abf4bb6b63d0 ("skbuff: Add the offload_mr_fwd_mark field") >Signed-off-by: Petr Machata >Suggested-by: Ido Schimmel Acked-by: Jiri Pirko