diff options
| author | Jiri Pirko <jiri@resnulli.us> | 2016-10-11 22:09:08 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-10-11 22:09:08 +0200 |
| commit | f0c110ecc4b8b04e1bbf6766284d3bf52cd73a30 (patch) | |
| tree | c316da5f31598e8dffff938979e1950fc30ed42b /kernel | |
| parent | 15d7b6d7a3615c897438955257a7a4f0390ff1d8 (diff) | |
net: sched: fix skb->protocol use in case of accelerated vlan path
tc code implicitly considers skb->protocol even in case of accelerated
vlan paths and expects vlan protocol type here. However, on rx path,
if the vlan header was already stripped, skb->protocol contains value
of next header. Similar situation is on tx path.
So for skbs that use skb->vlan_tci for tagging, use skb->vlan_proto instead.
Reported-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set_compat.h.in | 11 | ||||
| -rw-r--r-- | kernel/net/sched/em_ipset.c | 2 |
2 files changed, 12 insertions, 1 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index fe24255..062becb 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -33,6 +33,7 @@ #@HAVE_NLA_PUT_IN_ADDR@ HAVE_NLA_PUT_IN_ADDR #@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN #@HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H@ HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H +#@HAVE_TC_SKB_PROTOCOL@ HAVE_TC_SKB_PROTOCOL #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #include <linux/module.h> @@ -273,6 +274,16 @@ static inline int nla_put_in6_addr(struct sk_buff *skb, int attrtype, #define IPSET_SOCK_NET(net, ctnl) sock_net(ctnl) #endif +#ifndef HAVE_TC_SKB_PROTOCOL +#include <linux/if_vlan.h> +static inline __be16 tc_skb_protocol(const struct sk_buff *skb) +{ + if (vlan_tx_tag_present(skb)) + return skb->vlan_proto; + return skb->protocol; +} +#endif + #ifndef smp_mb__before_atomic #define smp_mb__before_atomic() smp_mb() #define smp_mb__after_atomic() smp_mb() diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c index bc1a2f1..87b8419 100644 --- a/kernel/net/sched/em_ipset.c +++ b/kernel/net/sched/em_ipset.c @@ -77,7 +77,7 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em, struct net_device *dev, *indev = NULL; int ret, network_offset; - switch (skb->protocol) { + switch (tc_skb_protocol(skb)) { case htons(ETH_P_IP): acpar.family = NFPROTO_IPV4; if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) |