Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3226485pxu; Tue, 8 Dec 2020 06:48:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJxhVbD8k/ieB0Dxg6kBU5Ap7s+HEa+H4tbcVrY6ZunqUD0EP89OPeM1gfLe//7ddKYEe48D X-Received: by 2002:a17:906:6c94:: with SMTP id s20mr23751912ejr.0.1607438914684; Tue, 08 Dec 2020 06:48:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607438914; cv=none; d=google.com; s=arc-20160816; b=TIhWfcL6gsuXcHUM1OWiJd0BVahtUPa41y+Rb6eCHr824aBGPwwh4gNA5gFyXlskuv IJ99e8Q0A7r2VQzrdKyRf9m81Qv35stRQmxfc9gnLOw6WDi3g0gP1qlT6+qqXGnM1jG8 odh+FyhQ1Us5HkMOnIAo0u3HVhGHcdVs4EklIlvV3tS4+7+8gosxoFm1hU+sinTlmfYR 2+DGz9gPXRtztJ/wVWapI5bl++GkRZ+TeIz0UCnlF5RjkhP7C1thYNr/RgNubEWZY0QT 8Uvpx6csoYvVZp7dg82lfm9ZSU7hQPXjQOmAqi0i4Lx6pZiqHAgUPskHLNLONC9pwkMy b5LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:organization :from:references:to:subject:reply-to:dkim-signature; bh=3XNO/f3By/6slfoGMEGF4/3HOHm+FDzXIGSmzjkSrZw=; b=RLybABrkE3n/ZPr9Vc5X7c7uJTKii0rjLWSmxuECVqmA+pkuhwcathWzCntWXQt04V +iyMSJ9eREoxeHUooIay8G9gWDvxYQOvBmCieAjrn8xbuFTp1GOz8oxMQDK8qFaK6yVO wuNUy8fQIP5npZpeZBX2MQsE9z31jvWF5XJnqKP/PllgB9BKAEuC62gY7oGPqFxwX1xL tnrA9FfZ6gYxlOtDLO7Lt6QuM2ZTBvVFt42Owh+5rHoeSOhoc+T+gMeMWP6OJs30a8qS M+5+/aw9wPVPBnA1QEzH3h8DYCrutvt0VuXiEz013kAYbNzSuBgkIpHKGia7gHgGj4fR zHow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@6wind.com header.s=google header.b=Oto9br1O; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f12si8309991edx.584.2020.12.08.06.48.10; Tue, 08 Dec 2020 06:48:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@6wind.com header.s=google header.b=Oto9br1O; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729815AbgLHOqT (ORCPT + 99 others); Tue, 8 Dec 2020 09:46:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40084 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729802AbgLHOqS (ORCPT ); Tue, 8 Dec 2020 09:46:18 -0500 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B37FC061793 for ; Tue, 8 Dec 2020 06:45:38 -0800 (PST) Received: by mail-wr1-x444.google.com with SMTP id x6so12560410wro.11 for ; Tue, 08 Dec 2020 06:45:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google; h=reply-to:subject:to:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=3XNO/f3By/6slfoGMEGF4/3HOHm+FDzXIGSmzjkSrZw=; b=Oto9br1Ol3WYYN1kUebJjI9+/z+umS0HIbUUg81KaxP1wgvLD21TIOPeja62VGkkGB ViMRfj++ZRNkzZurKxVRdTQu4F+Sa3jOl1aqTvm4BSXb6hbaUCLMPF7snQg0VrCjSKzc d/eYcgfEnnnK108pPWr1+2KYsD/X52FdQIeM6IsdwEldQFnuIt1W6uHWGuaFmg0Pvn8y wML+hvI7c/QRLGUUgk7AOKeGj/vy/yCNfjDeVMrg1+zGCdOp/9Q35aPj0vBElkAluJcM yT+Ge5rt4gcGPYJyREgYUfh1gTh4Skmvlb5hfO2mnKeEiik2AOzUeK1+16G4z4tGE2d9 vjdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=3XNO/f3By/6slfoGMEGF4/3HOHm+FDzXIGSmzjkSrZw=; b=X3sGnBATslTE7Bzmt7p5ksR9kioNiUVfhdcfyNcUHz0kuHJ3J/HjJf/qDbiyw8M6d5 bSrE9lYy1W4fPJ3ns1TrQaV9IbnsLDltJBNdcXXQS/nshe5OZ6Wb018my4YaBbKMRLE9 DGARrSGx+/L1CjdGqcMfC7PHuwCyvk/phzPdhBojOHLxvr9cOelLcsk0k+fGOUPDMZu1 SKrX2miYk4NHUkLj5hqCS0U37DGwJLKtjGxaFLeCHRJIdW4kkPeyWMpA3CqkEwNl5V4u X0+PWJ+1cvQP6HNtg0PWHXumDH/RfjshVDyxD6PDkyHwNeA/bIp6PRUwtAu7I+jNjFA/ W9ww== X-Gm-Message-State: AOAM532NgQrAqXmJLh+MudoXHsfhOh2ieLP0Ug0PWgLVbOFk8J+MPQea fP/amy8DMLEGX/BtMXzy25Ys8Q== X-Received: by 2002:a5d:504d:: with SMTP id h13mr4570094wrt.246.1607438736991; Tue, 08 Dec 2020 06:45:36 -0800 (PST) Received: from ?IPv6:2a01:e0a:410:bb00:c0bd:aca3:59fd:a9c1? ([2a01:e0a:410:bb00:c0bd:aca3:59fd:a9c1]) by smtp.gmail.com with ESMTPSA id n12sm10710949wrg.76.2020.12.08.06.45.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 08 Dec 2020 06:45:36 -0800 (PST) Reply-To: nicolas.dichtel@6wind.com Subject: Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter To: Phil Sutter , Steffen Klassert , linux-crypto@vger.kernel.org, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org References: <20201207134309.16762-1-phil@nwl.cc> <9d9cb6dc-32a3-ff1a-5111-7688ce7a2897@6wind.com> <20201208140013.GX4647@orbyte.nwl.cc> From: Nicolas Dichtel Organization: 6WIND Message-ID: <29cef7a5-ca02-d07a-4f6f-c029cd32cbb6@6wind.com> Date: Tue, 8 Dec 2020 15:45:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20201208140013.GX4647@orbyte.nwl.cc> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Le 08/12/2020 à 15:00, Phil Sutter a écrit : > Hi Nicolas, > > On Tue, Dec 08, 2020 at 10:02:16AM +0100, Nicolas Dichtel wrote: >> Le 07/12/2020 à 14:43, Phil Sutter a écrit : > [...] >>> diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c >>> index aa4cdcf69d471..24af61c95b4d4 100644 >>> --- a/net/xfrm/xfrm_interface.c >>> +++ b/net/xfrm/xfrm_interface.c >>> @@ -317,7 +317,8 @@ xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) >>> skb_dst_set(skb, dst); >>> skb->dev = tdev; >>> >>> - err = dst_output(xi->net, skb->sk, skb); >>> + err = NF_HOOK(skb_dst(skb)->ops->family, NF_INET_LOCAL_OUT, xi->net, >> skb->protocol must be correctly set, maybe better to use it instead of >> skb_dst(skb)->ops->family? > > skb->protocol holds ETH_P_* values in network byte order, NF_HOOK() > expects an NFPROTO_* value, so this would at least not be a simple Yes, right. I forgot that. > >>> + skb->sk, skb, NULL, skb_dst(skb)->dev, dst_output); >> And here, tdev instead of skb_dst(skb)->dev ? > > Well yes, tdev was set to dst->dev earlier. Likewise I could use dst > directly instead of skb_dst(skb) to simplify the call a bit further. > OTOH I like how in the version above it is clear that skb's dst should > be used, irrespective of the code above (and any later changes that may > receive). No strong opinion though, so if your version is regarded the > preferred one, I'm fine with that. I would vote for tdev, because: - the reader don't have to wonder why tdev is used for dst->dev and not for NF_HOOK(); - tdev has probably been declared so that dst->dev is dereferenced only once; - using the same variable everywhere in the function eases code reading. Thank you, Nicolas