]> git.ipfire.org Git - people/arne_f/kernel.git/commitdiff
projects / people / arne_f / kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 29dcea8)
netfilter: nf_flow_table: attach dst to skbs
authorJason A. Donenfeld <Jason@zx2c4.com>
Wed, 30 May 2018 18:43:15 +0000 (20:43 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 11 Jun 2018 20:43:17 +0000 (22:43 +0200)
commit 2a79fd3908acd88e6cb0e620c314d7b1fee56a02 upstream.

Some drivers, such as vxlan and wireguard, use the skb's dst in order to
determine things like PMTU. They therefore loose functionality when flow
offloading is enabled. So, we ensure the skb has it before xmit'ing it
in the offloading path.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ipv4/netfilter/nf_flow_table_ipv4.c patch | blob | blame | history
net/ipv6/netfilter/nf_flow_table_ipv6.c patch | blob | blame | history

diff --git a/net/ipv4/netfilter/nf_flow_table_ipv4.c b/net/ipv4/netfilter/nf_flow_table_ipv4.c
index 0cd46bffa46914efab9f26b7d85d7612f1b41450..fc3923932edafde8e78da7105d8e3cf502b609e4 100644 (file)
--- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
@@ -213,7 +213,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
        enum flow_offload_tuple_dir dir;
        struct flow_offload *flow;
        struct net_device *outdev;
-       const struct rtable *rt;
+       struct rtable *rt;
        struct iphdr *iph;
        __be32 nexthop;
 
@@ -234,7 +234,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
        dir = tuplehash->tuple.dir;
        flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
 
-       rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
+       rt = (struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
        if (unlikely(nf_flow_exceeds_mtu(skb, rt)))
                return NF_ACCEPT;
 
@@ -251,6 +251,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
 
        skb->dev = outdev;
        nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
+       skb_dst_set_noref(skb, &rt->dst);
        neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
 
        return NF_STOLEN;
diff --git a/net/ipv6/netfilter/nf_flow_table_ipv6.c b/net/ipv6/netfilter/nf_flow_table_ipv6.c
index 207cb35569b1c3c382560088aeb6ecdd75a236b2..2d6652146bba05889ceaabaa4cca093e7f214152 100644 (file)
--- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
@@ -243,6 +243,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
 
        skb->dev = outdev;
        nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
+       skb_dst_set_noref(skb, &rt->dst);
        neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
 
        return NF_STOLEN;
Arne's tree of linux kernel.