Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-12-07 Thread Nicolas Dichtel
Le 02/12/2020 à 14:18, Steffen Klassert a écrit : > On Fri, Nov 27, 2020 at 03:10:48PM +0100, Phil Sutter wrote: [snip] >> diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c >> index aa4cdcf69d471..24af61c95b4d4 100644 >> --- a/net/xfrm/xfrm_interface.c >> +++ b/net/xfrm/xfrm_interf

Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-12-07 Thread Phil Sutter
Hi Steffen, On Wed, Dec 02, 2020 at 02:18:47PM +0100, Steffen Klassert wrote: > On Fri, Nov 27, 2020 at 03:10:48PM +0100, Phil Sutter wrote: [...] > > diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c > > index aa4cdcf69d471..24af61c95b4d4 100644 > > --- a/net/xfrm/xfrm_interface.

Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-12-07 Thread Steffen Klassert
On Fri, Nov 27, 2020 at 03:10:48PM +0100, Phil Sutter wrote: > On Fri, Nov 27, 2020 at 10:55:11AM +0100, Steffen Klassert wrote: > > On Thu, Nov 26, 2020 at 02:12:00PM +0100, Phil Sutter wrote: > > > > > > > > > > Is this a bug or an expected quirk when using XFRM interface? > > > > > > > > This

Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-11-27 Thread Phil Sutter
On Fri, Nov 27, 2020 at 10:55:11AM +0100, Steffen Klassert wrote: > On Thu, Nov 26, 2020 at 02:12:00PM +0100, Phil Sutter wrote: > > > > > > > > Is this a bug or an expected quirk when using XFRM interface? > > > > > > This is expected behaviour. The xfrm interfaces are plaintext devices, > > > t

Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-11-27 Thread Steffen Klassert
On Thu, Nov 26, 2020 at 02:12:00PM +0100, Phil Sutter wrote: > > > > > > Is this a bug or an expected quirk when using XFRM interface? > > > > This is expected behaviour. The xfrm interfaces are plaintext devices, > > the plaintext packets are routed to the xfrm interface which guarantees > > tra

Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-11-26 Thread Phil Sutter
Hi Steffen, On Thu, Nov 26, 2020 at 10:40:21AM +0100, Steffen Klassert wrote: > On Wed, Nov 25, 2020 at 12:23:42PM +0100, Phil Sutter wrote: > > I am working on a ticket complaining about netfilter policy match > > missing packets in OUTPUT chain if XFRM interface is being used. > > > > I don't f

Re: XFRM interface and NF_INET_LOCAL_OUT hook

2020-11-26 Thread Steffen Klassert
Hi Phil, On Wed, Nov 25, 2020 at 12:23:42PM +0100, Phil Sutter wrote: > Hi Steffen, > > I am working on a ticket complaining about netfilter policy match > missing packets in OUTPUT chain if XFRM interface is being used. > > I don't fully overlook the relevant code path, but it seems like > skb_

XFRM interface and NF_INET_LOCAL_OUT hook

2020-11-25 Thread Phil Sutter
Hi Steffen, I am working on a ticket complaining about netfilter policy match missing packets in OUTPUT chain if XFRM interface is being used. I don't fully overlook the relevant code path, but it seems like skb_dest(skb)->xfrm is not yet assigned when the skb is routed towards XFRM interface and