[RHEL7,COMMIT] vznetstat: Clear skb->mark on entering to VE's IP stack

Submitted by Vasily Averin on Sept. 10, 2020, 1:36 p.m.


Message ID 202009101336.08ADafaU001301@vz7build.vvs.sw.ru
State New
Series "venet: Clear skb->mark on entering to VE's IP stack"
Headers show

Commit Message

Vasily Averin Sept. 10, 2020, 1:36 p.m.
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.19
commit f4943221d710f0fd17100179da401c8d18ed1341
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date:   Thu Sep 10 16:36:41 2020 +0300

    vznetstat: Clear skb->mark on entering to VE's IP stack
    Tasks inside VE may add their own netfilter rules based
    on skb->mark. Since they expect that incomming skb has
    zero mark, the added rules may conflict with the mark
    we add in venet_acct_classify_add_outgoing(). So, we have
    to clear the mark on enter to VE, and it become looks like
    "fresh" skb came from hardware.
    Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
 kernel/ve/vznetstat/vznetstat.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/ve/vznetstat/vznetstat.c b/kernel/ve/vznetstat/vznetstat.c
index 79605fe..f366325 100644
--- a/kernel/ve/vznetstat/vznetstat.c
+++ b/kernel/ve/vznetstat/vznetstat.c
@@ -715,9 +715,21 @@  static int acct_one_skb(struct venet_stat *stat, struct sk_buff *skb, int dir, i
 	return class;
+static inline void venet_clear_mark(struct sk_buff *skb)
+	skb->mark = 0;
 void venet_acct_classify_add_incoming(struct venet_stat *stat, struct sk_buff *skb)
 	acct_one_skb(stat, skb, ACCT_IN, venet_acct_skb_size(skb));
+	/*
+	 * Every incomming skb must have zero mark, since here is its first
+	 * come into VE's IP stack.
+	 */
+	venet_clear_mark(skb);
 static inline void venet_acct_mark(struct venet_stat *stat,