On Fri, May 29, 2020 at 9:15 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> On Fri, May 29, 2020 at 01:03:28PM +0200, Laura Garcia Liebana wrote:
> [...]
> > diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c
> > index 2361fdac2c43..b5b7633d9433 100644
> > --- a/net/ipv4/netfilter/nf_reject_ipv4.c
> > +++ b/net/ipv4/netfilter/nf_reject_ipv4.c
> > @@ -96,6 +96,22 @@ void nf_reject_ip_tcphdr_put(struct sk_buff *nskb, const struct sk_buff *oldskb,
> > }
> > EXPORT_SYMBOL_GPL(nf_reject_ip_tcphdr_put);
> >
> > +static int nf_reject_fill_skb_dst(struct sk_buff *skb_in)
> > +{
> > + struct dst_entry *dst = NULL;
> > + struct flowi fl;
> > + struct flowi4 *fl4 = &fl.u.ip4;
> > +
> > + memset(fl4, 0, sizeof(*fl4));
> > + fl4->daddr = ip_hdr(skb_in)->saddr;
> > + nf_route(dev_net(skb_in->dev), &dst, &fl, false, AF_INET);
> > + if (!dst)
> > + return -1;
> > +
> > + skb_dst_set(skb_in, dst);
> > + return 0;
> > +}
>
> Probably slightly simplify this? I'd suggest:
>
> * make calls to nf_ip_route() and nf_ip6_route() instead of the nf_route()
> wrapper.
>
> * use flowi structure, no need to add struct flowi4 ? Probably:
>
> static int nf_reject_fill_skb_dst(struct sk_buff *skb_in)
> {
> struct dst_entry *dst = NULL;
> struct flowi fl;
>
> memset(fl, 0, sizeof(*fl));
> fl.u.ip4 = ip_hdr(skb_in)->saddr;
> nf_ip_route(dev_net(skb_in->dev), &dst, &fl, false);
> if (!dst)
> return -1;
>
> skb_dst_set(skb_in, dst);
> return 0;
> }
>
> Another possibility would be to use C99 structure initialization. But
> I think the code above should be fine.
>
> Thanks.
It looks better, I'll apply the changes.
Thanks.
