Le 15/04/2015 12:01, Herbert Xu a écrit :
The commit ea23192e8e577dfc51e0f4fc5ca113af334edff9 ("tunnels:
harmonize cleanup done on skb on rx path") broke anyone trying to
use netfilter marking across IPv4 tunnels. As the commit message
did not give any justification for this (in fact it shouldn't
even be touching the tx path), I can only assume that it was a typo.
If I remember well, this was discussed on netdev (CC Eric). The goal of this
patch was, like the title said, to hamonize packets processing in tunnels.
I'm not against to keep the mark, but I think patching skb_scrub_packet is
better. With your patch, ip6tnl, gre6, etc. still drops the mark. And at the
end, it's not consistant.
What about something like this:
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 3b6e5830256e..1d5f6bd0e383 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4124,14 +4124,15 @@ EXPORT_SYMBOL(skb_try_coalesce);
*/
void skb_scrub_packet(struct sk_buff *skb, bool xnet)
{
- if (xnet)
+ if (xnet) {
skb_orphan(skb);
+ skb->mark = 0;
+ }
skb->tstamp.tv64 = 0;
skb->pkt_type = PACKET_HOST;
skb->skb_iif = 0;
skb->ignore_df = 0;
skb_dst_drop(skb);
- skb->mark = 0;
skb_sender_cpu_clear(skb);
skb_init_secmark(skb);
secpath_reset(skb);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
