+++ /dev/null
-From bcfabee1afd99484b6ba067361b8678e28bbc065 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Mon, 23 Mar 2020 19:53:10 +0100
-Subject: netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
-
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-
-commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream.
-
-Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet.
-Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress
-path after leaving the ifb egress path.
-
-This patch inconditionally sets on these two skb fields that are
-meaningful to the ifb driver. The existing forward action is guaranteed
-to run from ingress path.
-
-Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/netfilter/nft_fwd_netdev.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/net/netfilter/nft_fwd_netdev.c
-+++ b/net/netfilter/nft_fwd_netdev.c
-@@ -26,6 +26,10 @@ static void nft_fwd_netdev_eval(const st
- struct nft_fwd_netdev *priv = nft_expr_priv(expr);
- int oif = regs->data[priv->sreg_dev];
-
-+ /* These are used by ifb only. */
-+ pkt->skb->tc_redirected = 1;
-+ pkt->skb->tc_from_ingress = 1;
-+
- nf_fwd_netdev_egress(pkt, oif);
- regs->verdict.code = NF_STOLEN;
- }
xfrm-add-the-missing-verify_sec_ctx_len-check-in-xfrm_add_acquire.patch
xfrm-policy-fix-doulbe-free-in-xfrm_policy_timer.patch
netfilter-nft_fwd_netdev-validate-family-and-chain-type.patch
-netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch
vti6-fix-memory-leak-of-skb-if-input-policy-check-fails.patch
input-raydium_i2c_ts-use-true-and-false-for-boolean-.patch
input-raydium_i2c_ts-fix-error-codes-in-raydium_i2c_.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
