e578d9c025
Seems all we want here is to avoid endless 'goto reclassify' loop. tc_classify_compat even resets this counter when something other than TC_ACT_RECLASSIFY is returned, so this skb-counter doesn't break hypothetical loops induced by something other than perpetual TC_ACT_RECLASSIFY return values. skb_act_clone is now identical to skb_clone, so just use that. Tested with following (bogus) filter: tc filter add dev eth0 parent ffff: \ protocol ip u32 match u32 0 0 police rate 10Kbit burst \ 64000 mtu 1500 action reclassify Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
25 lines
893 B
Plaintext
25 lines
893 B
Plaintext
|
|
The "environmental" rules for authors of any new tc actions are:
|
|
|
|
1) If you stealeth or borroweth any packet thou shalt be branching
|
|
from the righteous path and thou shalt cloneth.
|
|
|
|
For example if your action queues a packet to be processed later,
|
|
or intentionally branches by redirecting a packet, then you need to
|
|
clone the packet.
|
|
|
|
2) If you munge any packet thou shalt call pskb_expand_head in the case
|
|
someone else is referencing the skb. After that you "own" the skb.
|
|
|
|
3) Dropping packets you don't own is a no-no. You simply return
|
|
TC_ACT_SHOT to the caller and they will drop it.
|
|
|
|
The "environmental" rules for callers of actions (qdiscs etc) are:
|
|
|
|
*) Thou art responsible for freeing anything returned as being
|
|
TC_ACT_SHOT/STOLEN/QUEUED. If none of TC_ACT_SHOT/STOLEN/QUEUED is
|
|
returned, then all is great and you don't need to do anything.
|
|
|
|
Post on netdev if something is unclear.
|
|
|