git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Weiming Shi <bestswngs@gmail.com>
	Mon, 27 Apr 2026 12:34:50 +0000 (14:34 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 29 Apr 2026 22:57:42 +0000 (00:57 +0200)
commit	1d47b55b36d2ec73fe6901212c8b28a593c3b27c
tree	5df3d0d59698a6c71c546548f74623649b40e18d	tree \| snapshot
parent	0a0b35f0bf10b4c2be607465f5c9c12c8681305b	commit \| diff

netfilter: nft_fwd_netdev: use recursion counter in neigh egress path

nft_fwd_neigh can be used in egress chains (NF_NETDEV_EGRESS). When the
forwarding rule targets the same device or two devices forward to each
other, neigh_xmit() triggers dev_queue_xmit() which re-enters
nf_hook_egress(), causing infinite recursion and stack overflow.

Move the nf_get_nf_dup_skb_recursion() accessor and NF_RECURSION_LIMIT
to the shared header nf_dup_netdev.h as a static inline, so that
nft_fwd_netdev can use the recursion counter directly without exported
function call overhead. Guard neigh_xmit() with the same recursion
limit already used in nf_do_netdev_egress().

[ Updated to cache the nf_get_nf_dup_skb_recursion pointer. --pablo ]

Fixes: f87b9464d152 ("netfilter: nft_fwd_netdev: Support egress hook")
Reported-by: Xiang Mei <xmei5@asu.edu>
Signed-off-by: Weiming Shi <bestswngs@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_dup_netdev.h		diff \| blob \| blame \| history
net/netfilter/nf_dup_netdev.c		diff \| blob \| blame \| history
net/netfilter/nft_fwd_netdev.c		diff \| blob \| blame \| history