Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp6390535ybp; Tue, 15 Oct 2019 14:18:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqwKxfpIhgW+qy3xS566THlqG4HZtdF6KwrKNZT8hNk7G7E7gjeWjd/9eGH955aYYbr+sM+w X-Received: by 2002:aa7:d687:: with SMTP id d7mr36257755edr.143.1571174326822; Tue, 15 Oct 2019 14:18:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571174326; cv=none; d=google.com; s=arc-20160816; b=nCaGvqu+ISRLU4rrJD0wO9jrgOZNaAQojvNvbQ9wDaVpyX3VwsgqxjgdcyxiT+Mw35 zZpaxqzqqkstEbJ1A5rd8lsuk4Mw+9XpkyIOKtA7LUI765rN2BqPZ+TzvlnDkpCb3MVj fuFoWIVoNzH1Z2E9F1WHQ0OWSkGOrTb3P33oSVBnLDU1YTLG9CVqtnxKWDV758EAQDFi 1c2By0B53Axdj35E5wNatR9griKu9fWRptp4jKOn5bgsYPqUN2jLVYRwmIcfO5+c/z97 TueCIRSK3QGSIUORN2JaKA0h7Qk8+gJxOXFr72kjdtpL5QyV6DKNWPYTc3VOzo5Iu9YB 6SDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=/zAb2ZEHSFnG9YQI2tO2AHy4dzh80Hr401JE+XCdABQ=; b=slZ1x93rmtvleKXu/SfZIn+TWfSq6/Wmsc0G/1Ss/7puFHAHppPDDHjfHKg3OmRqyL Pa/GL4GLBakHffJYqXMvw7MO1J43QAwiog81DTPkRNrOt5u2MMz4K9i/PhCO1nH7J6EL lLaTFd+o9vOHlwoMeiCeLXYxRyQiknx6xyV3quHPvBf9omqaGh09v5CepSJTCq2jSUEg sRnUsXX7MN8qg8fxRU41e8GoxHdBKGsDj/R1ufbuf2SR60jr0cZumRBPjmjaxRS+V3qv lWiKbm1ca0W6y9zqb6KmUMTEQcRIv5Xzrd8Yhr4E3psRPC8u6M4OyfTWjueH8SJrvLV0 TcCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w58si15827471edc.312.2019.10.15.14.18.23; Tue, 15 Oct 2019 14:18:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731412AbfJORWG (ORCPT + 99 others); Tue, 15 Oct 2019 13:22:06 -0400 Received: from out30-43.freemail.mail.aliyun.com ([115.124.30.43]:56055 "EHLO out30-43.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726125AbfJORWF (ORCPT ); Tue, 15 Oct 2019 13:22:05 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04423;MF=zhiyuan2048@linux.alibaba.com;NM=1;PH=DS;RN=6;SR=0;TI=SMTPD_---0Tf9iD7o_1571160121; Received: from 192.168.1.9(mailfrom:zhiyuan2048@linux.alibaba.com fp:SMTPD_---0Tf9iD7o_1571160121) by smtp.aliyun-inc.com(127.0.0.1); Wed, 16 Oct 2019 01:22:02 +0800 Subject: Re: [PATCH net] net: sched: act_mirred: drop skb's dst_entry in ingress redirection To: Cong Wang Cc: Jamal Hadi Salim , Jiri Pirko , "David S . Miller" , Linux Kernel Network Developers , LKML References: <20191012071620.8595-1-zhiyuan2048@linux.alibaba.com> From: Zhiyuan Hou Message-ID: Date: Wed, 16 Oct 2019 01:22:01 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/10/15 1:57 上午, Cong Wang wrote: > On Sat, Oct 12, 2019 at 12:16 AM Zhiyuan Hou > wrote: >> diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c >> index 9ce073a05414..6108a64c0cd5 100644 >> --- a/net/sched/act_mirred.c >> +++ b/net/sched/act_mirred.c >> @@ -18,6 +18,7 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> #include >> @@ -298,8 +299,10 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, >> >> if (!want_ingress) >> err = dev_queue_xmit(skb2); >> - else >> + else { >> + skb_dst_drop(skb2); >> err = netif_receive_skb(skb2); >> + } > Good catch! > > I don't want to be picky, but it seems this is only needed > when redirecting from egress to ingress, right? That is, > ingress to ingress, or ingress to egress is okay? If not, > please fix all the cases while you are on it? Sure. But I think this patch is also needed when redirecting from ingress to ingress. Because we cannot assure that a skb has null dst in ingress redirection path. For example, if redirecting a skb from loopback's ingress to other device's ingress, the skb will take a dst. As commit logs point out, skb with valid dst cannot be made routing decision in following process. original dst may cause skb loss or other unexpected behavior. > > Thanks.