Commit 7c8a60a9 authored by Jason Wang's avatar Jason Wang Committed by Greg Kroah-Hartman

act_mirred: do not drop packets when fails to mirror it

[ Upstream commit 16c0b164 ]

We drop packet unconditionally when we fail to mirror it. This is not intended
in some cases. Consdier for kvm guest, we may mirror the traffic of the bridge
to a tap device used by a VM. When kernel fails to mirror the packet in
conditions such as when qemu crashes or stop polling the tap, it's hard for the
management software to detect such condition and clean the the mirroring
before. This would lead all packets to the bridge to be dropped and break the
netowrk of other virtual machines.

To solve the issue, the patch does not drop packets when kernel fails to mirror
it, and only drop the redirected packets.
Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent dfe37ad5
...@@ -201,13 +201,12 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a, ...@@ -201,13 +201,12 @@ static int tcf_mirred(struct sk_buff *skb, const struct tc_action *a,
out: out:
if (err) { if (err) {
m->tcf_qstats.overlimits++; m->tcf_qstats.overlimits++;
/* should we be asking for packet to be dropped? if (m->tcfm_eaction != TCA_EGRESS_MIRROR)
* may make sense for redirect case only retval = TC_ACT_SHOT;
*/ else
retval = TC_ACT_SHOT; retval = m->tcf_action;
} else { } else
retval = m->tcf_action; retval = m->tcf_action;
}
spin_unlock(&m->tcf_lock); spin_unlock(&m->tcf_lock);
return retval; return retval;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment