Re: [PATCH net-next v2 3/4] net: sched: em_ipt: keep the user-specified nfproto and use it
From: Eyal Birger <hidden>
Date: 2019-06-26 16:19:08
Hi Nik, On Wed, 26 Jun 2019 18:56:14 +0300 Nikolay Aleksandrov [off-list ref] wrote:
For NFPROTO_UNSPEC xt_matches there's no way to restrict the matching to a specific family, in order to do so we record the user-specified family and later enforce it while doing the match. v2: adjust changes to missing patch, was patch 04 in v1 Signed-off-by: Nikolay Aleksandrov <redacted> --- net/sched/em_ipt.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-)
..snip..
quoted hunk ↗ jump to hunk
@@ -182,8 +195,8 @@ static int em_ipt_match(struct sk_buff *skb,struct tcf_ematch *em, const struct em_ipt_match *im = (const void *)em->data; struct xt_action_param acpar = {}; struct net_device *indev = NULL; - u8 nfproto = im->match->family; struct nf_hook_state state; + u8 nfproto = im->nfproto;
Maybe I'm missing something now - but it's not really clear to me now why keeping im->nfproto would be useful: If NFPROTO_UNSPEC was provided by userspace then the actual nfproto used will be taken from the packet, and if NFPROTO_IPV4/IPV6 was specified from userspace then it will equal im->match->family. Is there any case where the resulting nfproto would differ as a result of this patch? Otherwise the patchset looks excellent to me. Thanks! Eyal.