* [PATCH 10/25] netns ct: fix ip_route_me_harder() for REEJCT, NAT et al
@ 2008-06-22 1:09 Alexey Dobriyan
2008-06-23 10:40 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Alexey Dobriyan @ 2008-06-22 1:09 UTC (permalink / raw)
To: kaber
Cc: netdev, netfilter-devel, den, xemul, ebiederm, benjamin.thery,
dlezcano
ip_route_me_harder() is called on output codepaths:
1) IPVS: honestly, not sure, it can be called during forwarding
2) IPv4 REJECT: refreshing comment re skb->dst is valid
and assigment of skb->dst right before call :^)
3) NAT: called in LOCAL_OUT hook
4) iptable_mangle: LOCAL_OUT hook
5) nf_ip_reroute(): LOCAL_OUT hook (no clue about queueing packets to luserspace)
P.S.: IPv6 version is also called by mangling code on input, what's the story
behind this discrepancy?
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
net/ipv4/netfilter.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -12,6 +12,7 @@
/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
{
+ struct net *net = dev_net(skb->dst->dev);
const struct iphdr *iph = ip_hdr(skb);
struct rtable *rt;
struct flowi fl = {};
@@ -19,7 +20,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
unsigned int hh_len;
unsigned int type;
- type = inet_addr_type(&init_net, iph->saddr);
+ type = inet_addr_type(net, iph->saddr);
if (addr_type == RTN_UNSPEC)
addr_type = type;
@@ -33,7 +34,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
fl.mark = skb->mark;
- if (ip_route_output_key(&init_net, &rt, &fl) != 0)
+ if (ip_route_output_key(net, &rt, &fl) != 0)
return -1;
/* Drop old route. */
@@ -43,7 +44,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
/* non-local src, find valid iif to satisfy
* rp-filter when calling ip_route_input. */
fl.nl_u.ip4_u.daddr = iph->saddr;
- if (ip_route_output_key(&init_net, &rt, &fl) != 0)
+ if (ip_route_output_key(net, &rt, &fl) != 0)
return -1;
odst = skb->dst;
--
1.5.4.5
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH 10/25] netns ct: fix ip_route_me_harder() for REEJCT, NAT et al
2008-06-22 1:09 [PATCH 10/25] netns ct: fix ip_route_me_harder() for REEJCT, NAT et al Alexey Dobriyan
@ 2008-06-23 10:40 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2008-06-23 10:40 UTC (permalink / raw)
To: Alexey Dobriyan
Cc: netdev, netfilter-devel, den, xemul, ebiederm, benjamin.thery,
dlezcano
Alexey Dobriyan wrote:
> ip_route_me_harder() is called on output codepaths:
> 1) IPVS: honestly, not sure, it can be called during forwarding
> 2) IPv4 REJECT: refreshing comment re skb->dst is valid
> and assigment of skb->dst right before call :^)
> 3) NAT: called in LOCAL_OUT hook
> 4) iptable_mangle: LOCAL_OUT hook
> 5) nf_ip_reroute(): LOCAL_OUT hook (no clue about queueing packets to luserspace)
skb->dst->dev seems OK in all these cases.
> P.S.: IPv6 version is also called by mangling code on input, what's the story
> behind this discrepancy?
That looks wrong, I think the reason for this bug is that
IPv6 originally didn't support routing rules, so the call
was #ifdef 0'ed, then enabled without checking the hooks.
I'll queue up a fix.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-06-23 10:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-22 1:09 [PATCH 10/25] netns ct: fix ip_route_me_harder() for REEJCT, NAT et al Alexey Dobriyan
2008-06-23 10:40 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).