| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Apr 2023 20:03:19 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: <yang.yang29@....com.cn>
Cc: <davem@...emloft.net>, <edumazet@...gle.com>, <pabeni@...hat.com>,
<roopa@...dia.com>, <linux-kernel@...r.kernel.org>,
<netdev@...r.kernel.org>, <bridge@...ts.linux-foundation.org>,
<zhang.yunkai@....com.cn>, <jiang.xuexin@....com.cn>
Subject: Re: [PATCH net-next] net/bridge: add drop reasons for bridge
forwarding
On Thu, 6 Apr 2023 19:30:34 +0800 (CST) yang.yang29@....com.cn wrote:
> From: xu xin <xu.xin16@....com.cn>
>
> This creates six drop reasons as follows, which will help users know the
> specific reason why bridge drops the packets when forwarding.
>
> 1) SKB_DROP_REASON_BRIDGE_FWD_NO_BACKUP_PORT: failed to get a backup
> port link when the destination port is down.
>
> 2) SKB_DROP_REASON_BRIDGE_FWD_SAME_PORT: destination port is the same
> with originating port when forwarding by a bridge.
>
> 3) SKB_DROP_REASON_BRIDGE_NON_FORWARDING_STATE: the bridge's state is
> not forwarding.
>
> 4) SKB_DROP_REASON_BRIDGE_NOT_ALLOWED_EGRESS: the packet is not allowed
> to go out through the port due to vlan filtering.
>
> 5) SKB_DROP_REASON_BRIDGE_SWDEV_NOT_ALLOWED_EGRESS: the packet is not
> allowed to go out through the port which is offloaded by a hardware
> switchdev, checked by nbp_switchdev_allowed_egress().
>
> 6) SKB_DROP_REASON_BRIDGE_BOTH_PORT_ISOLATED: both source port and dest
> port are in BR_ISOLATED state when bridge forwarding.
> @@ -338,6 +344,33 @@ enum skb_drop_reason {
> * for another host.
> */
> SKB_DROP_REASON_IPV6_NDISC_NS_OTHERHOST,
> + /** @SKB_DROP_REASON_BRIDGE_FWD_NO_BACKUP_PORT: failed to get a backup
> + * port link when the destination port is down.
> + */
That's not valid kdoc. Text can be on the same line as the value only
in one-line comments. Otherwise:
/**
* @VALUE: bla bla bla
* more blas.
*/
> +static inline bool should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb,
> + enum skb_drop_reason *need_reason)
> {
> struct net_bridge_vlan_group *vg;
> + enum skb_drop_reason reason;
>
> vg = nbp_vlan_group_rcu(p);
> - return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
> - p->state == BR_STATE_FORWARDING && br_allowed_egress(vg, skb) &&
> - nbp_switchdev_allowed_egress(p, skb) &&
> - !br_skb_isolated(p, skb);
> + if (!(p->flags & BR_HAIRPIN_MODE) && skb->dev == p->dev) {
> + reason = SKB_DROP_REASON_BRIDGE_FWD_SAME_PORT;
> + goto undeliverable;
> + }
> + if (p->state != BR_STATE_FORWARDING) {
> + reason = SKB_DROP_REASON_BRIDGE_NON_FORWARDING_STATE;
> + goto undeliverable;
> + }
> + if (!br_allowed_egress(vg, skb)) {
> + reason = SKB_DROP_REASON_BRIDGE_NOT_ALLOWED_EGRESS;
> + goto undeliverable;
> + }
> + if (!nbp_switchdev_allowed_egress(p, skb)) {
> + reason = SKB_DROP_REASON_BRIDGE_SWDEV_NOT_ALLOWED_EGRESS;
> + goto undeliverable;
> + }
> + if (br_skb_isolated(p, skb)) {
> + reason = SKB_DROP_REASON_BRIDGE_BOTH_PORT_ISOLATED;
> + goto undeliverable;
> + }
> + return true;
> +
> +undeliverable:
> + if (need_reason)
> + *need_reason = reason;
> + return false;
You can return the reason from this function. That's the whole point of
SKB_NOT_DROPPED_YET existing and being equal to 0.
Which is not to say that I know whether the reasons are worth adding
here. We'll need to hear from bridge experts on that.
Powered by blists - more mailing lists