On 2/28/18 9:55 AM, Stephen Suryaputra wrote:
> The concern only applies when the skb->dev is an l3mdev master, right?
> After I sent v2, I'm worried that rt shouldn't be derefrenced if
> in_dev is NULL. Even though I think it should be ok, it's better to
> keep the original execution order. So, how about this before I put
> another patch? The net for the iif is derived from skb->dev.
>
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index a4f44d8..9a29225 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -930,14 +930,23 @@ void ip_rt_send_redirect(struct sk_buff *skb)
>
> static int ip_error(struct sk_buff *skb)
> {
> - struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
> struct rtable *rt = skb_rtable(skb);
> + struct net_device *dev = skb->dev;
> + struct in_device *in_dev;
> struct inet_peer *peer;
> unsigned long now;
> struct net *net;
> bool send;
> int code;
>
> + if (netif_is_l3_master(skb->dev)) {
> + dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
> + if (!dev)
> + goto out;
> + }
> +
> + in_dev = __in_dev_get_rcu(dev);
> +
> /* IP on this device is disabled. */
> if (!in_dev)
> goto out;
>
Using dev_net from skb is fine, preferable really since the real ingress
device and the VRF device have to be in the same network namespace.
