From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:60570 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750878AbdALUs2 (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 12 Jan 2017 15:48:28 -0500
Subject: Patch "net: vrf: Fix NAT within a VRF" has been added to the 4.9-stable tree
To: dsa@cumulusnetworks.com, davem@davemloft.net,
        gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Thu, 12 Jan 2017 21:39:00 +0100
Message-ID: <14842535403173@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    net: vrf: Fix NAT within a VRF

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-vrf-fix-nat-within-a-vrf.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From foo@baz Thu Jan 12 21:37:26 CET 2017
From: David Ahern <dsa@cumulusnetworks.com>
Date: Wed, 14 Dec 2016 11:06:18 -0800
Subject: net: vrf: Fix NAT within a VRF

From: David Ahern <dsa@cumulusnetworks.com>


[ Upstream commit a0f37efa82253994b99623dbf41eea8dd0ba169b ]

Connection tracking with VRF is broken because the pass through the VRF
device drops the connection tracking info. Removing the call to nf_reset
allows DNAT and MASQUERADE to work across interfaces within a VRF.

Fixes: 73e20b761acf ("net: vrf: Add support for PREROUTING rules on vrf device")
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/vrf.c |    2 --
 1 file changed, 2 deletions(-)

--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -850,8 +850,6 @@ static struct sk_buff *vrf_rcv_nfhook(u8
 {
 	struct net *net = dev_net(dev);
 
-	nf_reset(skb);
-
 	if (NF_HOOK(pf, hook, net, NULL, skb, dev, NULL, vrf_rcv_finish) < 0)
 		skb = NULL;    /* kfree_skb(skb) handled by nf code */
 


Patches currently in stable-queue which might be from dsa@cumulusnetworks.com are

queue-4.9/net-vrf-drop-conntrack-data-after-pass-through-vrf-device-on-tx.patch
queue-4.9/net-ipv4-fix-multipath-selection-with-vrf.patch
queue-4.9/net-ipv4-dst-for-local-input-routes-should-use-l3mdev-if-relevant.patch
queue-4.9/net-vrf-add-missing-rx-counters.patch
queue-4.9/net-vrf-do-not-allow-table-id-0.patch
queue-4.9/net-vrf-fix-nat-within-a-vrf.patch
queue-4.9/net-fix-incorrect-original-ingress-device-index-in-pktinfo.patch