Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4183857ybp; Mon, 14 Oct 2019 00:09:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpk8KxPiKtCoJCw0KfWzXYtv09RYUPFVn5ap/4m8zZ141o4Iyma2vZvjjlG9d816ceRMPy X-Received: by 2002:a17:906:b74f:: with SMTP id fx15mr27076391ejb.69.1571036995949; Mon, 14 Oct 2019 00:09:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571036995; cv=none; d=google.com; s=arc-20160816; b=wr6Su+JvbcCGmCgRxtt3DmYHE4Rmj7XZLAuWsz7gIC0dC6ztgtJVV0rboTlojL3kSv heFyLZ7cEhqiVsXdLoKCN+e9W8bvJefT+zkLWA/kwuQXfs1KDaTzH+5qh5zvOvQF3+1D RPWmBzzc29xD49bxxu+Y7e97VNHHTZeDIlGlsCmlvLy3u2PGFCMLTOzV5/IlA7XePK1F 362C2TXs5qYVZLqGFzuvSMswUfcg8izHEMCABO53rDoPdoxXsOv1e4/0whbrA/E84q5/ fX8Dlir+UoUs6GmW8AV2bYyxDirkzBAFmS6AlQJHBtJkd669MtTq4vRz3wpEnzq1YCVd y4LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=KpOz/JH1wzN43oHB3UDF3LTBeQwLO/a+NnbiF5bkVBI=; b=B8GxGBwLna898C0t3IzKRt2S2iSk6wOq3vsMGSTa3WDx3LgDN5w1HMmix+0etSSnwx q8p0NYBs1XbYEOSSewkYxD5kWrqIZY6cGjWHgb7U0AO47se6RoQwTflm+Za8J5iEJM+2 MsFLGMJvMwZI1HqxmxDkiPpKw5AAdcVyh9+y0UciLAh6ffco2XKbSEpuJjg6gPIKhWwc ClFXgj/QcPDdZMrPyk0aZwGTb3LApuC0osk2R+0wisl86bgjwHdIofB9SRVpYGu1pRDx Ar4/QYMFYzM+f3rJJtsJrgPGpYzIS24zOF+pEVNy7CEXvSPPfYcWmmmNz0986lxEv6Ug eadg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gq15si10890163ejb.209.2019.10.14.00.09.33; Mon, 14 Oct 2019 00:09:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730311AbfJNHI2 (ORCPT + 99 others); Mon, 14 Oct 2019 03:08:28 -0400 Received: from out4436.biz.mail.alibaba.com ([47.88.44.36]:39568 "EHLO out4436.biz.mail.alibaba.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730275AbfJNHI1 (ORCPT ); Mon, 14 Oct 2019 03:08:27 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R311e4;CH=green;DM=||false|;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e07417;MF=zhiyuan2048@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0Tez4T-K_1571036879; Received: from houzhiyuandeMacBook-Pro.local(mailfrom:zhiyuan2048@linux.alibaba.com fp:SMTPD_---0Tez4T-K_1571036879) by smtp.aliyun-inc.com(127.0.0.1); Mon, 14 Oct 2019 15:08:13 +0800 Subject: Re: [PATCH net] net: sched: act_mirred: drop skb's dst_entry in ingress redirection To: Eric Dumazet , Jamal Hadi Salim , Cong Wang , Jiri Pirko , "David S . Miller" Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <20191012071620.8595-1-zhiyuan2048@linux.alibaba.com> <2d816fb6-befb-aaeb-328b-539507022a22@gmail.com> From: Zhiyuan Hou Message-ID: <31b4e85e-bdf8-6462-dc79-06ff8d98b6cf@linux.alibaba.com> Date: Mon, 14 Oct 2019 15:07:59 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: <2d816fb6-befb-aaeb-328b-539507022a22@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/10/12 6:59 下午, Eric Dumazet wrote: > > On 10/12/19 12:16 AM, Zhiyuan Hou wrote: >> In act_mirred's ingress redirection, if the skb's dst_entry is valid >> when call function netif_receive_skb, the fllowing l3 stack process >> (ip_rcv_finish_core) will check dst_entry and skip the routing >> decision. Using the old dst_entry is unexpected and may discard the >> skb in some case. For example dst->dst_input points to dst_discard. >> >> This patch drops the skb's dst_entry before calling netif_receive_skb >> so that the skb can be made routing decision like a normal ingress >> skb. >> >> Signed-off-by: Zhiyuan Hou >> --- >> net/sched/act_mirred.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c >> index 9ce073a05414..6108a64c0cd5 100644 >> --- a/net/sched/act_mirred.c >> +++ b/net/sched/act_mirred.c >> @@ -18,6 +18,7 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> #include >> @@ -298,8 +299,10 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, >> >> if (!want_ingress) >> err = dev_queue_xmit(skb2); >> - else >> + else { >> + skb_dst_drop(skb2); >> err = netif_receive_skb(skb2); >> + } >> >> if (err) { >> out: >> > Why is dst_discard used ? When send a skb from local to external, the dst->dst_input will be assigned dst_discard after routing decision. So if we redirect these skbs to ingress stack, it will be dropped. For ipvlan l2 mode or macvlan, clsact egress filters on master deivce may also meet these skbs even if they came from slave device. Ingress redirection on these skbs may drop them on l3 stack. > This could actually drop packets, for loopback. > > A Fixes: tag would tremendously help, I wonder if you are not working around > the other issue Wei was tracking yesterday ( https://www.spinics.net/lists/netdev/msg604397.html ) No, this is a different issue ^_^.