From: Greg Kroah-Hartman Date: Tue, 31 Mar 2020 12:25:34 +0000 (+0200) Subject: drop queue-4.14/netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch X-Git-Tag: v5.6.1~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e791ce379a9196b92a5bf84e54fceada8d981263;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-4.14/netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch --- diff --git a/queue-4.14/netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch b/queue-4.14/netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch deleted file mode 100644 index 8ca63c3bc42..00000000000 --- a/queue-4.14/netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch +++ /dev/null @@ -1,38 +0,0 @@ -From bcfabee1afd99484b6ba067361b8678e28bbc065 Mon Sep 17 00:00:00 2001 -From: Pablo Neira Ayuso -Date: Mon, 23 Mar 2020 19:53:10 +0100 -Subject: netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress - -From: Pablo Neira Ayuso - -commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream. - -Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet. -Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress -path after leaving the ifb egress path. - -This patch inconditionally sets on these two skb fields that are -meaningful to the ifb driver. The existing forward action is guaranteed -to run from ingress path. - -Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family") -Signed-off-by: Pablo Neira Ayuso -Signed-off-by: Greg Kroah-Hartman - ---- - net/netfilter/nft_fwd_netdev.c | 4 ++++ - 1 file changed, 4 insertions(+) - ---- a/net/netfilter/nft_fwd_netdev.c -+++ b/net/netfilter/nft_fwd_netdev.c -@@ -26,6 +26,10 @@ static void nft_fwd_netdev_eval(const st - struct nft_fwd_netdev *priv = nft_expr_priv(expr); - int oif = regs->data[priv->sreg_dev]; - -+ /* These are used by ifb only. */ -+ pkt->skb->tc_redirected = 1; -+ pkt->skb->tc_from_ingress = 1; -+ - nf_fwd_netdev_egress(pkt, oif); - regs->verdict.code = NF_STOLEN; - } diff --git a/queue-4.14/series b/queue-4.14/series index 31450311b55..1ae7b223f04 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -107,7 +107,6 @@ xfrm-fix-uctx-len-check-in-verify_sec_ctx_len.patch xfrm-add-the-missing-verify_sec_ctx_len-check-in-xfrm_add_acquire.patch xfrm-policy-fix-doulbe-free-in-xfrm_policy_timer.patch netfilter-nft_fwd_netdev-validate-family-and-chain-type.patch -netfilter-nft_fwd_netdev-allow-to-redirect-to-ifb-via-ingress.patch vti6-fix-memory-leak-of-skb-if-input-policy-check-fails.patch input-raydium_i2c_ts-use-true-and-false-for-boolean-.patch input-raydium_i2c_ts-fix-error-codes-in-raydium_i2c_.patch