| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <367b1642-c09a-4bc6-ac63-7692b716174d@virtuozzo.com>
Date: Wed, 10 Jan 2024 21:48:15 +0800
From: Pavel Tikhomirov <ptikhomirov@...tuozzo.com>
To: Florian Westphal <fw@...len.de>
Cc: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel@...nvz.org
Subject: Re: [PATCH 1/4] netfilter: nfnetlink_log: use proper helper for
fetching physinif
On 10/01/2024 21:33, Florian Westphal wrote:
> Pavel Tikhomirov <ptikhomirov@...tuozzo.com> wrote:
>> We don't use physindev in __build_packet_message except for getting
>> physinif from it. So let's switch to nf_bridge_get_physinif to get what
>> we want directly.
>>
>> Signed-off-by: Pavel Tikhomirov <ptikhomirov@...tuozzo.com>
>> ---
>> net/netfilter/nfnetlink_log.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
>> index f03f4d4d7d889..134e05d31061e 100644
>> --- a/net/netfilter/nfnetlink_log.c
>> +++ b/net/netfilter/nfnetlink_log.c
>> @@ -508,7 +508,7 @@ __build_packet_message(struct nfnl_log_net *log,
>> htonl(br_port_get_rcu(indev)->br->dev->ifindex)))
>> goto nla_put_failure;
>> } else {
>> - struct net_device *physindev;
>> + int physinif;
>>
>> /* Case 2: indev is bridge group, we need to look for
>> * physical device (when called from ipv4) */
>> @@ -516,10 +516,10 @@ __build_packet_message(struct nfnl_log_net *log,
>> htonl(indev->ifindex)))
>> goto nla_put_failure;
>>
>> - physindev = nf_bridge_get_physindev(skb);
>> - if (physindev &&
>> + physinif = nf_bridge_get_physinif(skb);
>> + if (physinif &&
>> nla_put_be32(inst->skb, NFULA_IFINDEX_PHYSINDEV,
>> - htonl(physindev->ifindex)))
>> + htonl(physinif)))
>
> I think you can drop this patch and make the last patch pass
> nf_bridge_info->physinif directly.
The whole Idea of this patch was to replace nf_bridge_get_physindev with
nf_bridge_get_physinif before the patch which propagates net, so that we
don't need to propagate net first and then in later patch remove it when
replacing with nf_bridge_get_physinif.
But I spoiled it by forgetting to remove net propagation to
__build_packet_message...
Is it ok if I leave this patch as is, but instead remove:
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 134e05d31061e..ad93dd77e6071 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -463,7 +463,8 @@ __build_packet_message(struct nfnl_log_net *log,
const struct net_device *outdev,
const char *prefix, unsigned int plen,
const struct nfnl_ct_hook *nfnl_ct,
- struct nf_conn *ct, enum ip_conntrack_info ctinfo)
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo,
+ struct net *net)
{
struct nfulnl_msg_packet_hdr pmsg;
struct nlmsghdr *nlh;
@@ -804,7 +805,7 @@ nfulnl_log_packet(struct net *net,
__build_packet_message(log, inst, skb, data_len, pf,
hooknum, in, out, prefix, plen,
- nfnl_ct, ct, ctinfo);
+ nfnl_ct, ct, ctinfo, net);
if (inst->qlen >= qthreshold)
__nfulnl_flush(inst);
from third patch?
--
Best regards, Tikhomirov Pavel
Senior Software Developer, Virtuozzo.
Powered by blists - more mailing lists