Skip to content

Commit

Permalink
net: netfilter: use kfree_drop_reason() for NF_DROP
Browse files Browse the repository at this point in the history
Replace kfree_skb() with kfree_skb_reason() in nf_hook_slow() when
skb is dropped by reason of NF_DROP. Following new drop reasons
are introduced:

SKB_DROP_REASON_NETFILTER_DROP

Signed-off-by: Menglong Dong <imagedong@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
menglongdong authored and davem330 committed Feb 7, 2022
1 parent 88590b3 commit 2df3041
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 1 deletion.
1 change: 1 addition & 0 deletions include/linux/skbuff.h
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,7 @@ enum skb_drop_reason {
SKB_DROP_REASON_TCP_CSUM, /* TCP checksum error */
SKB_DROP_REASON_SOCKET_FILTER, /* dropped by socket filter */
SKB_DROP_REASON_UDP_CSUM, /* UDP checksum error */
SKB_DROP_REASON_NETFILTER_DROP, /* dropped by netfilter */
SKB_DROP_REASON_MAX,
};

Expand Down
1 change: 1 addition & 0 deletions include/trace/events/skb.h
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
EM(SKB_DROP_REASON_TCP_CSUM, TCP_CSUM) \
EM(SKB_DROP_REASON_SOCKET_FILTER, SOCKET_FILTER) \
EM(SKB_DROP_REASON_UDP_CSUM, UDP_CSUM) \
EM(SKB_DROP_REASON_NETFILTER_DROP, NETFILTER_DROP) \
EMe(SKB_DROP_REASON_MAX, MAX)

#undef EM
Expand Down
3 changes: 2 additions & 1 deletion net/netfilter/core.c
Original file line number Diff line number Diff line change
Expand Up @@ -621,7 +621,8 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,
case NF_ACCEPT:
break;
case NF_DROP:
kfree_skb(skb);
kfree_skb_reason(skb,
SKB_DROP_REASON_NETFILTER_DROP);
ret = NF_DROP_GETERR(verdict);
if (ret == 0)
ret = -EPERM;
Expand Down

0 comments on commit 2df3041

Please sign in to comment.