| From foo@baz Tue Nov 21 15:37:44 CET 2017 |
| From: Ye Yin <hustcat@gmail.com> |
| Date: Thu, 26 Oct 2017 16:57:05 +0800 |
| Subject: netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed |
| |
| From: Ye Yin <hustcat@gmail.com> |
| |
| |
| [ Upstream commit 2b5ec1a5f9738ee7bf8f5ec0526e75e00362c48f ] |
| |
| When run ipvs in two different network namespace at the same host, and one |
| ipvs transport network traffic to the other network namespace ipvs. |
| 'ipvs_property' flag will make the second ipvs take no effect. So we should |
| clear 'ipvs_property' when SKB network namespace changed. |
| |
| Fixes: 621e84d6f373 ("dev: introduce skb_scrub_packet()") |
| Signed-off-by: Ye Yin <hustcat@gmail.com> |
| Signed-off-by: Wei Zhou <chouryzhou@gmail.com> |
| Signed-off-by: Julian Anastasov <ja@ssi.bg> |
| Signed-off-by: Simon Horman <horms@verge.net.au> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| include/linux/skbuff.h | 7 +++++++ |
| net/core/skbuff.c | 1 + |
| 2 files changed, 8 insertions(+) |
| |
| --- a/include/linux/skbuff.h |
| +++ b/include/linux/skbuff.h |
| @@ -3117,6 +3117,13 @@ static inline void nf_reset_trace(struct |
| #endif |
| } |
| |
| +static inline void ipvs_reset(struct sk_buff *skb) |
| +{ |
| +#if IS_ENABLED(CONFIG_IP_VS) |
| + skb->ipvs_property = 0; |
| +#endif |
| +} |
| + |
| /* Note: This doesn't put any conntrack and bridge info in dst. */ |
| static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, |
| bool copy) |
| --- a/net/core/skbuff.c |
| +++ b/net/core/skbuff.c |
| @@ -4069,6 +4069,7 @@ void skb_scrub_packet(struct sk_buff *sk |
| if (!xnet) |
| return; |
| |
| + ipvs_reset(skb); |
| skb_orphan(skb); |
| skb->mark = 0; |
| } |
