netfilter: nf_flow_table_ip: reset mac header before vlan push

With double vlan tagged packets in the fastpath, getting the error:

skb_vlan_push got skb with skb->data not at mac header (offset 18)

Call skb_reset_mac_header() before calling skb_vlan_push().

Fixes: c653d5a78f34 ("netfilter: flowtable: inline vlan encapsulation in xmit path")
Signed-off-by: Eric Woudstra <ericwouds@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 3fdb10d9bf7f2cea7dcef10ce6895dba843991a3..fd56d663cb5b02e77480672452b238ee19f67f23 100644 (file)
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -738,6 +738,7 @@ static int nf_flow_encap_push(struct sk_buff *skb,
                switch (tuple->encap[i].proto) {
                case htons(ETH_P_8021Q):
                case htons(ETH_P_8021AD):
+                       skb_reset_mac_header(skb);
                        if (skb_vlan_push(skb, tuple->encap[i].proto,
                                          tuple->encap[i].id) < 0)
                                return -1;