[PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb
@ 2024-05-28 10:37 Donald Hunter
  2024-05-31 16:14 ` Simon Horman
  0 siblings, 1 reply; 4+ messages in thread
From: Donald Hunter @ 2024-05-28 10:37 UTC (permalink / raw)
  To: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
	Paolo Abeni, Pablo Neira Ayuso, Jozsef Kadlecsik, netfilter-devel
  Cc: donald.hunter, Donald Hunter

Use consume_skb in the batch code path to avoid generating spurious
NOT_SPECIFIED skb drop reasons.

Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
---
 net/netfilter/nfnetlink.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 4abf660c7baf..c164abcc326b 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -402,27 +402,27 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 		{
 			nfnl_unlock(subsys_id);
 			netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
-			return kfree_skb(skb);
+			return consume_skb(skb);
 		}
 	}
 
 	if (!ss->valid_genid || !ss->commit || !ss->abort) {
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
-		return kfree_skb(skb);
+		return consume_skb(skb);
 	}
 
 	if (!try_module_get(ss->owner)) {
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
-		return kfree_skb(skb);
+		return consume_skb(skb);
 	}
 
 	if (!ss->valid_genid(net, genid)) {
 		module_put(ss->owner);
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -ERESTART, NULL);
-		return kfree_skb(skb);
+		return consume_skb(skb);
 	}
 
 	nfnl_unlock(subsys_id);
@@ -565,7 +565,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 	if (status & NFNL_BATCH_REPLAY) {
 		ss->abort(net, oskb, NFNL_ABORT_AUTOLOAD);
 		nfnl_err_reset(&err_list);
-		kfree_skb(skb);
+		consume_skb(skb);
 		module_put(ss->owner);
 		goto replay;
 	} else if (status == NFNL_BATCH_DONE) {
@@ -590,7 +590,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 		err = ss->abort(net, oskb, abort_action);
 		if (err == -EAGAIN) {
 			nfnl_err_reset(&err_list);
-			kfree_skb(skb);
+			consume_skb(skb);
 			module_put(ss->owner);
 			status |= NFNL_BATCH_FAILURE;
 			goto replay_abort;
@@ -598,7 +598,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 	}
 
 	nfnl_err_deliver(&err_list, oskb);
-	kfree_skb(skb);
+	consume_skb(skb);
 	module_put(ss->owner);
 }
 
-- 
2.44.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb
  2024-05-28 10:37 [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb Donald Hunter
@ 2024-05-31 16:14 ` Simon Horman
  2024-06-03  9:19   ` Donald Hunter
  0 siblings, 1 reply; 4+ messages in thread
From: Simon Horman @ 2024-05-31 16:14 UTC (permalink / raw)
  To: Donald Hunter
  Cc: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
	Paolo Abeni, Pablo Neira Ayuso, Jozsef Kadlecsik, netfilter-devel,
	donald.hunter

On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote:
> Use consume_skb in the batch code path to avoid generating spurious
> NOT_SPECIFIED skb drop reasons.
> 
> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>

Hi Donald,

I do wonder if this is the correct approach. I'm happy to stand corrected,
but my understanding is that consume_skb() is for situations where the skb
is no longer needed for reasons other than errors. But some of these
call-sites do appear to be error paths of sorts.

...

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb
  2024-05-31 16:14 ` Simon Horman
@ 2024-06-03  9:19   ` Donald Hunter
  2024-06-03 12:09     ` Simon Horman
  0 siblings, 1 reply; 4+ messages in thread
From: Donald Hunter @ 2024-06-03  9:19 UTC (permalink / raw)
  To: Simon Horman
  Cc: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
	Paolo Abeni, Pablo Neira Ayuso, Jozsef Kadlecsik, netfilter-devel,
	donald.hunter

Simon Horman <horms@kernel.org> writes:

> On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote:
>> Use consume_skb in the batch code path to avoid generating spurious
>> NOT_SPECIFIED skb drop reasons.
>> 
>> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
>
> Hi Donald,
>
> I do wonder if this is the correct approach. I'm happy to stand corrected,
> but my understanding is that consume_skb() is for situations where the skb
> is no longer needed for reasons other than errors. But some of these
> call-sites do appear to be error paths of sorts.
>
> ...

Hi Simon,

They all look to be application layer errors which are either
communicated back to the client or cause a replay. My understanding is
that consume_skb() should be used here since kfree_skb() now implies a
(transport?) drop.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb
  2024-06-03  9:19   ` Donald Hunter
@ 2024-06-03 12:09     ` Simon Horman
  0 siblings, 0 replies; 4+ messages in thread
From: Simon Horman @ 2024-06-03 12:09 UTC (permalink / raw)
  To: Donald Hunter
  Cc: netdev, Jakub Kicinski, David S. Miller, Eric Dumazet,
	Paolo Abeni, Pablo Neira Ayuso, Jozsef Kadlecsik, netfilter-devel,
	donald.hunter

On Mon, Jun 03, 2024 at 10:19:27AM +0100, Donald Hunter wrote:
> Simon Horman <horms@kernel.org> writes:
> 
> > On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote:
> >> Use consume_skb in the batch code path to avoid generating spurious
> >> NOT_SPECIFIED skb drop reasons.
> >> 
> >> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
> >
> > Hi Donald,
> >
> > I do wonder if this is the correct approach. I'm happy to stand corrected,
> > but my understanding is that consume_skb() is for situations where the skb
> > is no longer needed for reasons other than errors. But some of these
> > call-sites do appear to be error paths of sorts.
> >
> > ...
> 
> Hi Simon,
> 
> They all look to be application layer errors which are either
> communicated back to the client or cause a replay. My understanding is
> that consume_skb() should be used here since kfree_skb() now implies a
> (transport?) drop.

Hi Donald,

Thanks, that makes sense to me.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-06-03 12:09 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-28 10:37 [PATCH net-next v1] netfilter: nfnetlink: convert kfree_skb to consume_skb Donald Hunter
2024-05-31 16:14 ` Simon Horman
2024-06-03  9:19   ` Donald Hunter
2024-06-03 12:09     ` Simon Horman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).