| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 Feb 2022 15:47:37 +0800
From: menglong8.dong@...il.com
To: dsahern@...nel.org, kuba@...nel.org
Cc: rostedt@...dmis.org, mingo@...hat.com, davem@...emloft.net,
yoshfuji@...ux-ipv6.org, pablo@...filter.org, kadlec@...filter.org,
fw@...len.de, edumazet@...gle.com, alobakin@...me, ast@...nel.org,
imagedong@...cent.com, pabeni@...hat.com, keescook@...omium.org,
talalahmad@...gle.com, haokexin@...il.com,
ilias.apalodimas@...aro.org, memxor@...il.com,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
paulb@...dia.com, cong.wang@...edance.com, mengensun@...cent.com
Subject: [PATCH v4 net-next 5/7] net: ipv4: use kfree_skb_reason() in ip_protocol_deliver_rcu()
From: Menglong Dong <imagedong@...cent.com>
Replace kfree_skb() with kfree_skb_reason() in ip_protocol_deliver_rcu().
Following new drop reasons are introduced:
SKB_DROP_REASON_XFRM_POLICY
SKB_DROP_REASON_IP_NOPROTO
Signed-off-by: Menglong Dong <imagedong@...cent.com>
Reviewed-by: David Ahern <dsahern@...nel.org>
---
v2:
- add document for the introduced drop reasons
---
include/linux/skbuff.h | 2 ++
include/trace/events/skb.h | 2 ++
net/ipv4/ip_input.c | 5 +++--
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 4baba45f223d..2a64afa97910 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -339,6 +339,8 @@ enum skb_drop_reason {
* is multicast, but L3 is
* unicast.
*/
+ SKB_DROP_REASON_XFRM_POLICY, /* xfrm policy check failed */
+ SKB_DROP_REASON_IP_NOPROTO, /* no support for IP protocol */
SKB_DROP_REASON_MAX,
};
diff --git a/include/trace/events/skb.h b/include/trace/events/skb.h
index 485a1d3034a4..985e481c092d 100644
--- a/include/trace/events/skb.h
+++ b/include/trace/events/skb.h
@@ -23,6 +23,8 @@
EM(SKB_DROP_REASON_IP_RPFILTER, IP_RPFILTER) \
EM(SKB_DROP_REASON_UNICAST_IN_L2_MULTICAST, \
UNICAST_IN_L2_MULTICAST) \
+ EM(SKB_DROP_REASON_XFRM_POLICY, XFRM_POLICY) \
+ EM(SKB_DROP_REASON_IP_NOPROTO, IP_NOPROTO) \
EMe(SKB_DROP_REASON_MAX, MAX)
#undef EM
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index d5222c0fa87c..d94f9f7e60c3 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -196,7 +196,8 @@ void ip_protocol_deliver_rcu(struct net *net, struct sk_buff *skb, int protocol)
if (ipprot) {
if (!ipprot->no_policy) {
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
- kfree_skb(skb);
+ kfree_skb_reason(skb,
+ SKB_DROP_REASON_XFRM_POLICY);
return;
}
nf_reset_ct(skb);
@@ -215,7 +216,7 @@ void ip_protocol_deliver_rcu(struct net *net, struct sk_buff *skb, int protocol)
icmp_send(skb, ICMP_DEST_UNREACH,
ICMP_PROT_UNREACH, 0);
}
- kfree_skb(skb);
+ kfree_skb_reason(skb, SKB_DROP_REASON_IP_NOPROTO);
} else {
__IP_INC_STATS(net, IPSTATS_MIB_INDELIVERS);
consume_skb(skb);
--
2.34.1
Powered by blists - more mailing lists