net: Discard and warn about LRO'd skbs received for forwarding
Add skb_warn_if_lro() to test whether an skb was received with LRO and warn if so. Change br_forward(), ip_forward() and ip6_forward() to call it) and discard the skb if it returns true. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0187bdfb05
commit
4497b0763c
@ -1702,6 +1702,20 @@ static inline int skb_is_gso_v6(const struct sk_buff *skb)
|
|||||||
return skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6;
|
return skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
extern void __skb_warn_lro_forwarding(const struct sk_buff *skb);
|
||||||
|
|
||||||
|
static inline bool skb_warn_if_lro(const struct sk_buff *skb)
|
||||||
|
{
|
||||||
|
/* LRO sets gso_size but not gso_type, whereas if GSO is really
|
||||||
|
* wanted then gso_type will be set. */
|
||||||
|
struct skb_shared_info *shinfo = skb_shinfo(skb);
|
||||||
|
if (shinfo->gso_size != 0 && unlikely(shinfo->gso_type == 0)) {
|
||||||
|
__skb_warn_lro_forwarding(skb);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
static inline void skb_forward_csum(struct sk_buff *skb)
|
static inline void skb_forward_csum(struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
/* Unfortunately we don't support this one. Any brave souls? */
|
/* Unfortunately we don't support this one. Any brave souls? */
|
||||||
|
@ -89,7 +89,7 @@ void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
|
|||||||
/* called with rcu_read_lock */
|
/* called with rcu_read_lock */
|
||||||
void br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
|
void br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
if (should_deliver(to, skb)) {
|
if (!skb_warn_if_lro(skb) && should_deliver(to, skb)) {
|
||||||
__br_forward(to, skb);
|
__br_forward(to, skb);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -2583,6 +2583,13 @@ bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void __skb_warn_lro_forwarding(const struct sk_buff *skb)
|
||||||
|
{
|
||||||
|
if (net_ratelimit())
|
||||||
|
pr_warning("%s: received packets cannot be forwarded"
|
||||||
|
" while LRO is enabled\n", skb->dev->name);
|
||||||
|
}
|
||||||
|
|
||||||
EXPORT_SYMBOL(___pskb_trim);
|
EXPORT_SYMBOL(___pskb_trim);
|
||||||
EXPORT_SYMBOL(__kfree_skb);
|
EXPORT_SYMBOL(__kfree_skb);
|
||||||
EXPORT_SYMBOL(kfree_skb);
|
EXPORT_SYMBOL(kfree_skb);
|
||||||
@ -2616,6 +2623,7 @@ EXPORT_SYMBOL(skb_seq_read);
|
|||||||
EXPORT_SYMBOL(skb_abort_seq_read);
|
EXPORT_SYMBOL(skb_abort_seq_read);
|
||||||
EXPORT_SYMBOL(skb_find_text);
|
EXPORT_SYMBOL(skb_find_text);
|
||||||
EXPORT_SYMBOL(skb_append_datato_frags);
|
EXPORT_SYMBOL(skb_append_datato_frags);
|
||||||
|
EXPORT_SYMBOL(__skb_warn_lro_forwarding);
|
||||||
|
|
||||||
EXPORT_SYMBOL_GPL(skb_to_sgvec);
|
EXPORT_SYMBOL_GPL(skb_to_sgvec);
|
||||||
EXPORT_SYMBOL_GPL(skb_cow_data);
|
EXPORT_SYMBOL_GPL(skb_cow_data);
|
||||||
|
@ -56,6 +56,9 @@ int ip_forward(struct sk_buff *skb)
|
|||||||
struct rtable *rt; /* Route we use */
|
struct rtable *rt; /* Route we use */
|
||||||
struct ip_options * opt = &(IPCB(skb)->opt);
|
struct ip_options * opt = &(IPCB(skb)->opt);
|
||||||
|
|
||||||
|
if (skb_warn_if_lro(skb))
|
||||||
|
goto drop;
|
||||||
|
|
||||||
if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb))
|
if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb))
|
||||||
goto drop;
|
goto drop;
|
||||||
|
|
||||||
|
@ -407,6 +407,9 @@ int ip6_forward(struct sk_buff *skb)
|
|||||||
if (ipv6_devconf.forwarding == 0)
|
if (ipv6_devconf.forwarding == 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
if (skb_warn_if_lro(skb))
|
||||||
|
goto drop;
|
||||||
|
|
||||||
if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
|
if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
|
||||||
IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
|
IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
|
||||||
goto drop;
|
goto drop;
|
||||||
|
Loading…
Reference in New Issue
Block a user