From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 89D403B29E for ; Fri, 27 Dec 2019 19:45:12 -0500 (EST) Received: by mail-il1-x12d.google.com with SMTP id f10so23547404ils.8 for ; Fri, 27 Dec 2019 16:45:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=G9Imi8lpYz0eG1QmrrC1zVRVYhVnKQX12P9MqjSxO2Q=; b=FH4lF7BE5WtifQ5adoFNKd4lD+0yz3YDC280G/t4ov6QN3HvKsIV3/4OWYz0sSWBkZ 7XKO8Nb6iGbwiPD3GvLCHBKGWO/MOetaHjycZsCRjq3ALhW8wygWToChVUtnyNC1U41F cy8ha9Hf5jdWtFxm17KxV+qwk+DU6DnQg6CLAikZpGaj4EbDv3B4gQsocRnDTnQra9Mv tHv5uuzWXc3FafKhL5D/oXHWzdYXfBsIyrEh7M9j/vtaC3bOmLj+O2Oq26lC5LeSxpaU EGmMyE7UaUR9PFa+tIsckmLNGueOgAObJNAXVt45p7428CykNKCUAIl2It69MS3hCNk+ WtDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=G9Imi8lpYz0eG1QmrrC1zVRVYhVnKQX12P9MqjSxO2Q=; b=ALxaXIOqtqf/oq9MasJk59ES8M4jp8L/pfJkrU/2PTHzJ4VHseBnpbbZpS3k5IO45/ A8TrPqbhdU19gzgM5jOqQ9KAI+PzC0JNU9nSLC8surWYgdv57jbnuVWyyNtjke3saiPM DndIRGT9rZkEBJ+4hHopDmAankAeM0LOAmuVeYsQ/DOWGjXlwFMbf6OYKcckhUx4PLqc KFYZ23q6ZzvbaXh767yuazo0EOXTzvcna8mpHeRBRzR84aaqSOmq48mdxEE3XrXPWJS4 UPTyjKO9saTxSagRsd4CNrsCB7u0sX01CejadOIJeWk825bp21DHWrdT8K/Is1MCXEzc YSqg== X-Gm-Message-State: APjAAAVtMM0A0T5fiKgdXF8ruvFdzZWZNW/QIDGN99lj86M1KaB9ndrc 44yaQHlV3Py9LDGdJ3p5pLAH/C6UuyEBdp7PD7VFtAsE X-Google-Smtp-Source: APXvYqxGz2HYJqZqXu8PW/mesoBxDUOm1K2PsGRCobFLaSZ6uF24ffXS3+dlKM3pfB6jfUiAtUq18pmf3Rn96eE9B2s= X-Received: by 2002:a05:6e02:5c8:: with SMTP id l8mr48474924ils.287.1577493911609; Fri, 27 Dec 2019 16:45:11 -0800 (PST) MIME-Version: 1.0 References: <20191225085101.19696-1-sladkani@proofpoint.com> In-Reply-To: <20191225085101.19696-1-sladkani@proofpoint.com> From: Dave Taht Date: Fri, 27 Dec 2019 16:45:00 -0800 Message-ID: To: Cake List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [Cake] Fwd: [PATCH net] net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Dec 2019 00:45:12 -0000 not sure how long this has existed. ---------- Forwarded message --------- From: Date: Wed, Dec 25, 2019 at 12:51 AM Subject: [PATCH net] net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device To: Jamal Hadi Salim , Cong Wang , Jiri Pirko Cc: David S . Miller , , , Shmulik Ladkani From: Shmulik Ladkani There's no skb_pull performed when a mirred action is set at egress of a mac device, with a target device/action that expects skb->data to point at the network header. As a result, either the target device is errornously given an skb with data pointing to the mac (egress case), or the net stack receives the skb with data pointing to the mac (ingress case). E.g: # tc qdisc add dev eth9 root handle 1: prio # tc filter add dev eth9 parent 1: prio 9 protocol ip handle 9 basic \ action mirred egress redirect dev tun0 (tun0 is a tun device. result: tun0 errornously gets the eth header instead of the iph) Revise the push/pull logic of tcf_mirred_act() to not rely on the skb_at_tc_ingress() vs tcf_mirred_act_wants_ingress() comparison, as it does not cover all "pull" cases. Instead, calculate whether the required action on the target device requires the data to point at the network header, and compare this to whether skb->data points to network header - and make the push/pull adjustments as necessary. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Shmulik Ladkani Tested-by: Jamal Hadi Salim Acked-by: Jamal Hadi Salim --- net/sched/act_mirred.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 1e3eb3a97532..1ad300e6dbc0 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -219,8 +219,10 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, bool use_reinsert; bool want_ingress; bool is_redirect; + bool expects_nh; int m_eaction; int mac_len; + bool at_nh; rec_level =3D __this_cpu_inc_return(mirred_rec_level); if (unlikely(rec_level > MIRRED_RECURSION_LIMIT)) { @@ -261,19 +263,19 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, goto out; } - /* If action's target direction differs than filter's direction, - * and devices expect a mac header on xmit, then mac push/pull is - * needed. - */ want_ingress =3D tcf_mirred_act_wants_ingress(m_eaction); - if (skb_at_tc_ingress(skb) !=3D want_ingress && m_mac_header_xmit) = { - if (!skb_at_tc_ingress(skb)) { - /* caught at egress, act ingress: pull mac */ - mac_len =3D skb_network_header(skb) - skb_mac_heade= r(skb); + + expects_nh =3D want_ingress || !m_mac_header_xmit; + at_nh =3D skb->data =3D=3D skb_network_header(skb); + if (at_nh !=3D expects_nh) { + mac_len =3D skb_at_tc_ingress(skb) ? skb->mac_len : + skb_network_header(skb) - skb_mac_header(skb); + if (expects_nh) { + /* target device/action expect data at nh */ skb_pull_rcsum(skb2, mac_len); } else { - /* caught at ingress, act egress: push mac */ - skb_push_rcsum(skb2, skb->mac_len); + /* target device/action expect data at mac */ + skb_push_rcsum(skb2, mac_len); } } -- 2.24.1 --=20 Make Music, Not War Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-435-0729