[Devel] [PATCH RH7] venet: Clear skb->mark on entering to VE's IP stack
Kirill Tkhai
ktkhai at virtuozzo.com
Thu Sep 10 13:03:12 MSK 2020
Tasks inside VE may add their own netfilter rules based
on skb->mark. Since they expect that incomming skb has
zero mark, the added rules may conflict with the mark
we add in venet_acct_classify_add_outgoing(). So, we have
to clear the mark on enter to VE, and it become looks like
"fresh" skb came from hardware.
https://jira.sw.ru/browse/PSBM-107742
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
kernel/ve/vznetstat/vznetstat.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/kernel/ve/vznetstat/vznetstat.c b/kernel/ve/vznetstat/vznetstat.c
index 79605fe846e2..f366325bd91b 100644
--- a/kernel/ve/vznetstat/vznetstat.c
+++ b/kernel/ve/vznetstat/vznetstat.c
@@ -715,9 +715,21 @@ static int acct_one_skb(struct venet_stat *stat, struct sk_buff *skb, int dir, i
return class;
}
+static inline void venet_clear_mark(struct sk_buff *skb)
+{
+#ifdef CONFIG_NETFILTER
+ skb->mark = 0;
+#endif
+}
+
void venet_acct_classify_add_incoming(struct venet_stat *stat, struct sk_buff *skb)
{
acct_one_skb(stat, skb, ACCT_IN, venet_acct_skb_size(skb));
+ /*
+ * Every incomming skb must have zero mark, since here is its first
+ * come into VE's IP stack.
+ */
+ venet_clear_mark(skb);
}
static inline void venet_acct_mark(struct venet_stat *stat,
More information about the Devel
mailing list