В Чт, 04/06/2015 в 16:44 +0300, Andrew Vagin пишет:
> On Thu, Jun 04, 2015 at 02:29:50PM +0300, Kirill Tkhai wrote:
> > Hi, Andrew,
> >
> > please, see the comment below
> >
> > В Чт, 28/05/2015 в 15:06 +0400, Andrew Vagin пишет:
> > > Only if the NETIF_F_VENET flag is set.
> > >
> > > A containers doesn't get and send packages with an mac address
> > > which doesn't belong to it.
> > >
> > > Signed-off-by: Andrew Vagin <ava...@openvz.org>
> > > ---
> > > drivers/net/veth.c | 30 ++++++++++++++++++++++++++++++
> > > 1 files changed, 30 insertions(+), 0 deletions(-)
> > >
> > > diff --git a/drivers/net/veth.c b/drivers/net/veth.c
> > > index 7f64043..7f98a05 100644
> > > --- a/drivers/net/veth.c
> > > +++ b/drivers/net/veth.c
> > > @@ -19,6 +19,7 @@
> > > #include <net/xfrm.h>
> > > #include <linux/veth.h>
> > > #include <linux/module.h>
> > > +#include "../../net/bridge/br_private.h"
> > >
> > > #define DRV_NAME "veth"
> > > #define DRV_VERSION "1.0"
> > > @@ -105,6 +106,31 @@ static const struct ethtool_ops veth_ethtool_ops = {
> > > .get_ethtool_stats = veth_get_ethtool_stats,
> > > };
> > >
> > > +static int vzethdev_filter(struct sk_buff *skb, struct net_device *dev,
> > > struct net_device *rcv)
> > > +{
> > > + /* Filtering */
> > > + if (ve_is_super(dev_net(dev)->owner_ve) &&
> > > + dev->features & NETIF_F_FIXED_ADDR) {
> > > + /* from VE0 to VEX */
> > > + if (ve_is_super(dev_net(rcv)->owner_ve))
> > > + return 1;
> > > + if (is_multicast_ether_addr(
> > > + ((struct ethhdr *)skb->data)->h_dest))
> > > + return 1;
> > > + if (!br_port_get_rcu(rcv) &&
> >
> > won't we receive RCU lockdep warnings here, because of rcu_read_lock() is
> > not held?
>
> veth_xmit() is called from veth_xmit where we take rcu_read_lock()
Ok, I see. For the whole series:
Reviewed-by: Kirill Tkhai <ktk...@odin.com>
>
> >
> > > + compare_ether_addr(((struct ethhdr
> > > *)skb->data)->h_dest, rcv->dev_addr))
> > > + return 0;
> > > + } else if (!ve_is_super(dev_net(dev)->owner_ve) &&
> > > + dev->features & NETIF_F_FIXED_ADDR) {
> > > + /* from VEX to VE0 */
> > > + if (!br_port_get_rcu(dev) &&
> > > + compare_ether_addr(((struct ethhdr
> > > *)skb->data)->h_source, dev->dev_addr))
> > > + return 0;
> > > + }
> > > +
> > > + return 1;
> > > +}
> > > +
> > > static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
> > > {
> > > struct veth_priv *priv = netdev_priv(dev);
> > > @@ -124,6 +150,10 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb,
> > > struct net_device *dev)
> > > rcv->features & NETIF_F_RXCSUM)
> > > skb->ip_summed = CHECKSUM_UNNECESSARY;
> > >
> > > +
> > > + if (dev->features & NETIF_F_VENET && !vzethdev_filter(skb, dev, rcv))
> > > + goto drop;
> > > +
> > > if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
> > > struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);
> > >
> >
> >
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
