net: Discard and warn about LRO'd skbs received for forwarding
Add skb_warn_if_lro() to test whether an skb was received with LRO and warn if so. Change br_forward(), ip_forward() and ip6_forward() to call it) and discard the skb if it returns true. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Ben Hutchings
David S. Miller
Родитель
0187bdfb05
Коммит
4497b0763c
|
|
@ -1702,6 +1702,20 @@ static inline int skb_is_gso_v6(const struct sk_buff *skb)
|
|||
return skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6;
|
||||
}
|
||||
|
||||
extern void __skb_warn_lro_forwarding(const struct sk_buff *skb);
|
||||
|
||||
static inline bool skb_warn_if_lro(const struct sk_buff *skb)
|
||||
{
|
||||
/* LRO sets gso_size but not gso_type, whereas if GSO is really
|
||||
* wanted then gso_type will be set. */
|
||||
struct skb_shared_info *shinfo = skb_shinfo(skb);
|
||||
if (shinfo->gso_size != 0 && unlikely(shinfo->gso_type == 0)) {
|
||||
__skb_warn_lro_forwarding(skb);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
static inline void skb_forward_csum(struct sk_buff *skb)
|
||||
{
|
||||
/* Unfortunately we don't support this one. Any brave souls? */
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
|
|||
/* called with rcu_read_lock */
|
||||
void br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
|
||||
{
|
||||
if (should_deliver(to, skb)) {
|
||||
if (!skb_warn_if_lro(skb) && should_deliver(to, skb)) {
|
||||
__br_forward(to, skb);
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2583,6 +2583,13 @@ bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
|
|||
return true;
|
||||
}
|
||||
|
||||
void __skb_warn_lro_forwarding(const struct sk_buff *skb)
|
||||
{
|
||||
if (net_ratelimit())
|
||||
pr_warning("%s: received packets cannot be forwarded"
|
||||
" while LRO is enabled\n", skb->dev->name);
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(___pskb_trim);
|
||||
EXPORT_SYMBOL(__kfree_skb);
|
||||
EXPORT_SYMBOL(kfree_skb);
|
||||
|
|
@ -2616,6 +2623,7 @@ EXPORT_SYMBOL(skb_seq_read);
|
|||
EXPORT_SYMBOL(skb_abort_seq_read);
|
||||
EXPORT_SYMBOL(skb_find_text);
|
||||
EXPORT_SYMBOL(skb_append_datato_frags);
|
||||
EXPORT_SYMBOL(__skb_warn_lro_forwarding);
|
||||
|
||||
EXPORT_SYMBOL_GPL(skb_to_sgvec);
|
||||
EXPORT_SYMBOL_GPL(skb_cow_data);
|
||||
|
|
|
|||
|
|
@ -56,6 +56,9 @@ int ip_forward(struct sk_buff *skb)
|
|||
struct rtable *rt; /* Route we use */
|
||||
struct ip_options * opt = &(IPCB(skb)->opt);
|
||||
|
||||
if (skb_warn_if_lro(skb))
|
||||
goto drop;
|
||||
|
||||
if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb))
|
||||
goto drop;
|
||||
|
||||
|
|
|
|||
|
|
@ -407,6 +407,9 @@ int ip6_forward(struct sk_buff *skb)
|
|||
if (ipv6_devconf.forwarding == 0)
|
||||
goto error;
|
||||
|
||||
if (skb_warn_if_lro(skb))
|
||||
goto drop;
|
||||
|
||||
if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
|
||||
IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
|
||||
goto drop;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче