Commit 895b5c9f authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: drop bridge nf reset from nf_reset 



commit 174e2381
("sk_buff: drop all skb extensions on free and skb scrubbing") made napi
recycle always drop skb extensions.  The additional skb_ext_del() that is
performed via nf_reset on napi skb recycle is not needed anymore.

Most nf_reset() calls in the stack are there so queued skb won't block
'rmmod nf_conntrack' indefinitely.

This removes the skb_ext_del from nf_reset, and renames it to a more
fitting nf_reset_ct().

In a few selected places, add a call to skb_ext_reset to make sure that
no active extensions remain.

I am submitting this for "net", because we're still early in the release
cycle.  The patch applies to net-next too, but I think the rename causes
needless divergence between those trees.

Suggested-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 9cfc3702

drivers/net/ppp/pptp.c

+2 −2
Original line number Diff line number Diff line
@@ -238,7 +238,7 @@ static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) 
	skb_dst_drop(skb);

	skb_dst_set(skb, &rt->dst);



	nf_reset(skb);

	nf_reset_ct(skb);



	skb->ip_summed = CHECKSUM_NONE;

	ip_select_ident(net, skb, NULL);
@@ -358,7 +358,7 @@ static int pptp_rcv(struct sk_buff *skb) 
	po = lookup_chan(htons(header->call_id), iph->saddr);

	if (po) {

		skb_dst_drop(skb);

		nf_reset(skb);

		nf_reset_ct(skb);

		return sk_receive_skb(sk_pppox(po), skb, 0);

	}

drop:

drivers/net/tun.c

+1 −1
Original line number Diff line number Diff line
@@ -1104,7 +1104,7 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev) 
	 */

	skb_orphan(skb);



	nf_reset(skb);

	nf_reset_ct(skb);



	if (ptr_ring_produce(&tfile->tx_ring, skb))

		goto drop;

drivers/net/virtio_net.c

+1 −1
Original line number Diff line number Diff line
@@ -1585,7 +1585,7 @@ static netdev_tx_t start_xmit(struct sk_buff *skb, struct net_device *dev) 
	/* Don't wait up for transmitted skbs to be freed. */

	if (!use_napi) {

		skb_orphan(skb);

		nf_reset(skb);

		nf_reset_ct(skb);

	}



	/* If running out of space, stop queue to avoid getting packets that we

drivers/net/vrf.c

+4 −4
Original line number Diff line number Diff line
@@ -366,7 +366,7 @@ static int vrf_finish_output6(struct net *net, struct sock *sk, 
	struct neighbour *neigh;

	int ret;



	nf_reset(skb);

	nf_reset_ct(skb);



	skb->protocol = htons(ETH_P_IPV6);

	skb->dev = dev;
@@ -459,7 +459,7 @@ static struct sk_buff *vrf_ip6_out_direct(struct net_device *vrf_dev, 


	/* reset skb device */

	if (likely(err == 1))

		nf_reset(skb);

		nf_reset_ct(skb);

	else

		skb = NULL;
@@ -560,7 +560,7 @@ static int vrf_finish_output(struct net *net, struct sock *sk, struct sk_buff *s 
	bool is_v6gw = false;

	int ret = -EINVAL;



	nf_reset(skb);

	nf_reset_ct(skb);



	/* Be paranoid, rather than too clever. */

	if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
@@ -670,7 +670,7 @@ static struct sk_buff *vrf_ip_out_direct(struct net_device *vrf_dev, 


	/* reset skb device */

	if (likely(err == 1))

		nf_reset(skb);

		nf_reset_ct(skb);

	else

		skb = NULL;

drivers/net/wireless/mac80211_hwsim.c

+2 −2
Original line number Diff line number Diff line
@@ -1261,8 +1261,8 @@ static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw, 
	skb_orphan(skb);

	skb_dst_drop(skb);

	skb->mark = 0;

	secpath_reset(skb);

	nf_reset(skb);

	skb_ext_reset(skb);

	nf_reset_ct(skb);



	/*

	 * Get absolute mactime here so all HWs RX at the "same time", and

CRA Git | Maintained and supported by SUSTech CRA and CCSE