On Mon, 7 Jan 2008, Paul Moore wrote: > Both NetLabel and SELinux (other LSMs may grow to use it as well) rely on the > 'iif' field to determine the receiving network interface of inbound packets. > Unfortunately, at present this field is not preserved across a skb clone > operation which can lead to garbage values if the cloned skb is sent back > through the network stack. This patch corrects this problem by properly > copying the 'iif' field in __skb_clone() and removing the 'iif' field > assignment from skb_act_clone() since it is no longer needed. > > Also, while we are here, put the assignments in the same order as the offsets > to reduce cacheline bounces. > > Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
Dave, perhaps this one should pushed to Linus now as a bugfix? > --- > > include/net/sch_generic.h | 1 - > net/core/skbuff.c | 11 ++++++----- > 2 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h > index c926551..4c3b351 100644 > --- a/include/net/sch_generic.h > +++ b/include/net/sch_generic.h > @@ -325,7 +325,6 @@ static inline struct sk_buff *skb_act_clone(struct > sk_buff *skb, gfp_t gfp_mask) > n->tc_verd = SET_TC_VERD(n->tc_verd, 0); > n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd); > n->tc_verd = CLR_TC_MUNGED(n->tc_verd); > - n->iif = skb->iif; > } > return n; > } > diff --git a/net/core/skbuff.c b/net/core/skbuff.c > index 5b4ce9b..b628377 100644 > --- a/net/core/skbuff.c > +++ b/net/core/skbuff.c > @@ -416,16 +416,17 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, > struct sk_buff *skb) > C(len); > C(data_len); > C(mac_len); > - n->cloned = 1; > n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len; > + n->cloned = 1; > n->nohdr = 0; > n->destructor = NULL; > - C(truesize); > - atomic_set(&n->users, 1); > - C(head); > - C(data); > + C(iif); > C(tail); > C(end); > + C(head); > + C(data); > + C(truesize); > + atomic_set(&n->users, 1); > > atomic_inc(&(skb_shinfo(skb)->dataref)); > skb->cloned = 1; > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- James Morris <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
