* [PATCH nf] netfilter: nf_flow_table_ip: reset mac header before vlan push
@ 2026-03-10 14:39 Eric Woudstra
2026-03-11 16:14 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Eric Woudstra @ 2026-03-10 14:39 UTC (permalink / raw)
To: Pablo Neira Ayuso, Florian Westphal, Phil Sutter, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Simon Horman
Cc: netfilter-devel, netdev, Eric Woudstra
With double vlan tagged packets in the fastpath, getting the error:
skb_vlan_push got skb with skb->data not at mac header (offset 18)
Call skb_reset_mac_header() before calling skb_vlan_push().
Signed-off-by: Eric Woudstra <ericwouds@gmail.com>
---
This patch replaces:
"netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()"
net/netfilter/nf_flow_table_ip.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 3fdb10d9bf7f..fd56d663cb5b 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -738,6 +738,7 @@ static int nf_flow_encap_push(struct sk_buff *skb,
switch (tuple->encap[i].proto) {
case htons(ETH_P_8021Q):
case htons(ETH_P_8021AD):
+ skb_reset_mac_header(skb);
if (skb_vlan_push(skb, tuple->encap[i].proto,
tuple->encap[i].id) < 0)
return -1;
--
2.53.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf] netfilter: nf_flow_table_ip: reset mac header before vlan push
2026-03-10 14:39 [PATCH nf] netfilter: nf_flow_table_ip: reset mac header before vlan push Eric Woudstra
@ 2026-03-11 16:14 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2026-03-11 16:14 UTC (permalink / raw)
To: Eric Woudstra
Cc: Florian Westphal, Phil Sutter, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Simon Horman, netfilter-devel,
netdev
On Tue, Mar 10, 2026 at 03:39:33PM +0100, Eric Woudstra wrote:
> With double vlan tagged packets in the fastpath, getting the error:
>
> skb_vlan_push got skb with skb->data not at mac header (offset 18)
>
> Call skb_reset_mac_header() before calling skb_vlan_push().
Fixes: c653d5a78f34 ("netfilter: flowtable: inline vlan encapsulation in xmit path")
> Signed-off-by: Eric Woudstra <ericwouds@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>
> This patch replaces:
>
> "netfilter: nf_flow_table_ip: Introduce nf_flow_vlan_push()"
>
> net/netfilter/nf_flow_table_ip.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
> index 3fdb10d9bf7f..fd56d663cb5b 100644
> --- a/net/netfilter/nf_flow_table_ip.c
> +++ b/net/netfilter/nf_flow_table_ip.c
> @@ -738,6 +738,7 @@ static int nf_flow_encap_push(struct sk_buff *skb,
> switch (tuple->encap[i].proto) {
> case htons(ETH_P_8021Q):
> case htons(ETH_P_8021AD):
> + skb_reset_mac_header(skb);
> if (skb_vlan_push(skb, tuple->encap[i].proto,
> tuple->encap[i].id) < 0)
> return -1;
> --
> 2.53.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-11 16:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-10 14:39 [PATCH nf] netfilter: nf_flow_table_ip: reset mac header before vlan push Eric Woudstra
2026-03-11 16:14 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox