| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Mar 2020 07:34:25 +0800
From: wenxu@...oud.cn
To: netdev@...r.kernel.org
Cc: netfilter-devel@...r.kernel.org
Subject: [PATCH net-next v2] netfilter: Fix incorrect tc_setup_type type for flowtable offload
From: wenxu <wenxu@...oud.cn>
Flowtable offload setup flow_offlod_block in TC_SETP_FT. The indr block
offload of flowtable also should setup in TC_SETUP_FT.
But flow_indr_block_call always sets the tc_set_up_type as TC_SETUP_BLOCK.
So function flow_indr_block_call should expose a parameters to set
the tc_setup_type for each offload subsystem.
Fixes: b5140a36da78 ("netfilter: flowtable: add indr block setup support")
Signed-off-by: wenxu <wenxu@...oud.cn>
---
v2: modify the comments
include/net/flow_offload.h | 3 ++-
net/core/flow_offload.c | 6 +++---
net/netfilter/nf_flow_table_offload.c | 2 +-
net/netfilter/nf_tables_offload.c | 2 +-
net/sched/cls_api.c | 2 +-
5 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index 51b9893..7e4e089 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -522,6 +522,7 @@ void flow_indr_block_cb_unregister(struct net_device *dev,
void flow_indr_block_call(struct net_device *dev,
struct flow_block_offload *bo,
- enum flow_block_command command);
+ enum flow_block_command command,
+ enum tc_setup_type type);
#endif /* _NET_FLOW_OFFLOAD_H */
diff --git a/net/core/flow_offload.c b/net/core/flow_offload.c
index 7440e61..e951b74 100644
--- a/net/core/flow_offload.c
+++ b/net/core/flow_offload.c
@@ -511,7 +511,8 @@ void flow_indr_block_cb_unregister(struct net_device *dev,
void flow_indr_block_call(struct net_device *dev,
struct flow_block_offload *bo,
- enum flow_block_command command)
+ enum flow_block_command command,
+ enum tc_setup_type type)
{
struct flow_indr_block_cb *indr_block_cb;
struct flow_indr_block_dev *indr_dev;
@@ -521,8 +522,7 @@ void flow_indr_block_call(struct net_device *dev,
return;
list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
- indr_block_cb->cb(dev, indr_block_cb->cb_priv, TC_SETUP_BLOCK,
- bo);
+ indr_block_cb->cb(dev, indr_block_cb->cb_priv, type, bo);
}
EXPORT_SYMBOL_GPL(flow_indr_block_call);
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index ad54931..cd5bd23 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -938,7 +938,7 @@ static int nf_flow_table_indr_offload_cmd(struct flow_block_offload *bo,
{
nf_flow_table_block_offload_init(bo, dev_net(dev), cmd, flowtable,
extack);
- flow_indr_block_call(dev, bo, cmd);
+ flow_indr_block_call(dev, bo, cmd, TC_SETUP_FT);
if (list_empty(&bo->cb_list))
return -EOPNOTSUPP;
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 2bb2848..954bccb 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -313,7 +313,7 @@ static int nft_indr_block_offload_cmd(struct nft_base_chain *chain,
nft_flow_block_offload_init(&bo, dev_net(dev), cmd, chain, &extack);
- flow_indr_block_call(dev, &bo, cmd);
+ flow_indr_block_call(dev, &bo, cmd, TC_SETUP_BLOCK);
if (list_empty(&bo.cb_list))
return -EOPNOTSUPP;
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index fb6c366..bf4dd4d 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -708,7 +708,7 @@ static void tc_indr_block_call(struct tcf_block *block,
};
INIT_LIST_HEAD(&bo.cb_list);
- flow_indr_block_call(dev, &bo, command);
+ flow_indr_block_call(dev, &bo, command, TC_SETUP_BLOCK);
tcf_block_setup(block, &bo);
}
--
1.8.3.1
Powered by blists - more mailing lists