Commit 4497b076 authored by Ben Hutchings's avatar Ben Hutchings Committed by David S. Miller

net: Discard and warn about LRO'd skbs received for forwarding

Add skb_warn_if_lro() to test whether an skb was received with LRO and
warn if so.

Change br_forward(), ip_forward() and ip6_forward() to call it) and
discard the skb if it returns true.
Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0187bdfb
...@@ -1702,6 +1702,20 @@ static inline int skb_is_gso_v6(const struct sk_buff *skb) ...@@ -1702,6 +1702,20 @@ static inline int skb_is_gso_v6(const struct sk_buff *skb)
return skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6; return skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6;
} }
extern void __skb_warn_lro_forwarding(const struct sk_buff *skb);
static inline bool skb_warn_if_lro(const struct sk_buff *skb)
{
/* LRO sets gso_size but not gso_type, whereas if GSO is really
* wanted then gso_type will be set. */
struct skb_shared_info *shinfo = skb_shinfo(skb);
if (shinfo->gso_size != 0 && unlikely(shinfo->gso_type == 0)) {
__skb_warn_lro_forwarding(skb);
return true;
}
return false;
}
static inline void skb_forward_csum(struct sk_buff *skb) static inline void skb_forward_csum(struct sk_buff *skb)
{ {
/* Unfortunately we don't support this one. Any brave souls? */ /* Unfortunately we don't support this one. Any brave souls? */
......
...@@ -89,7 +89,7 @@ void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) ...@@ -89,7 +89,7 @@ void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
/* called with rcu_read_lock */ /* called with rcu_read_lock */
void br_forward(const struct net_bridge_port *to, struct sk_buff *skb) void br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
{ {
if (should_deliver(to, skb)) { if (!skb_warn_if_lro(skb) && should_deliver(to, skb)) {
__br_forward(to, skb); __br_forward(to, skb);
return; return;
} }
......
...@@ -2583,6 +2583,13 @@ bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off) ...@@ -2583,6 +2583,13 @@ bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
return true; return true;
} }
void __skb_warn_lro_forwarding(const struct sk_buff *skb)
{
if (net_ratelimit())
pr_warning("%s: received packets cannot be forwarded"
" while LRO is enabled\n", skb->dev->name);
}
EXPORT_SYMBOL(___pskb_trim); EXPORT_SYMBOL(___pskb_trim);
EXPORT_SYMBOL(__kfree_skb); EXPORT_SYMBOL(__kfree_skb);
EXPORT_SYMBOL(kfree_skb); EXPORT_SYMBOL(kfree_skb);
...@@ -2616,6 +2623,7 @@ EXPORT_SYMBOL(skb_seq_read); ...@@ -2616,6 +2623,7 @@ EXPORT_SYMBOL(skb_seq_read);
EXPORT_SYMBOL(skb_abort_seq_read); EXPORT_SYMBOL(skb_abort_seq_read);
EXPORT_SYMBOL(skb_find_text); EXPORT_SYMBOL(skb_find_text);
EXPORT_SYMBOL(skb_append_datato_frags); EXPORT_SYMBOL(skb_append_datato_frags);
EXPORT_SYMBOL(__skb_warn_lro_forwarding);
EXPORT_SYMBOL_GPL(skb_to_sgvec); EXPORT_SYMBOL_GPL(skb_to_sgvec);
EXPORT_SYMBOL_GPL(skb_cow_data); EXPORT_SYMBOL_GPL(skb_cow_data);
......
...@@ -56,6 +56,9 @@ int ip_forward(struct sk_buff *skb) ...@@ -56,6 +56,9 @@ int ip_forward(struct sk_buff *skb)
struct rtable *rt; /* Route we use */ struct rtable *rt; /* Route we use */
struct ip_options * opt = &(IPCB(skb)->opt); struct ip_options * opt = &(IPCB(skb)->opt);
if (skb_warn_if_lro(skb))
goto drop;
if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb)) if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb))
goto drop; goto drop;
......
...@@ -407,6 +407,9 @@ int ip6_forward(struct sk_buff *skb) ...@@ -407,6 +407,9 @@ int ip6_forward(struct sk_buff *skb)
if (ipv6_devconf.forwarding == 0) if (ipv6_devconf.forwarding == 0)
goto error; goto error;
if (skb_warn_if_lro(skb))
goto drop;
if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
goto drop; goto drop;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment