* [PATCH 4.16.y] netfilter: nf_flow_table: attach dst to skbs
@ 2018-06-07 15:01 Jason A. Donenfeld
2018-06-07 16:15 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Jason A. Donenfeld @ 2018-06-07 15:01 UTC (permalink / raw)
To: stable, pablo; +Cc: Jason A. Donenfeld
commit 2a79fd3908acd88e6cb0e620c314d7b1fee56a02 upstream.
Some drivers, such as vxlan and wireguard, use the skb's dst in order to
determine things like PMTU. They therefore loose functionality when flow
offloading is enabled. So, we ensure the skb has it before xmit'ing it
in the offloading path.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
net/ipv4/netfilter/nf_flow_table_ipv4.c | 5 +++--
net/ipv6/netfilter/nf_flow_table_ipv6.c | 1 +
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/nf_flow_table_ipv4.c b/net/ipv4/netfilter/nf_flow_table_ipv4.c
index 0cd46bffa469..fc3923932eda 100644
--- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
@@ -213,7 +213,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
enum flow_offload_tuple_dir dir;
struct flow_offload *flow;
struct net_device *outdev;
- const struct rtable *rt;
+ struct rtable *rt;
struct iphdr *iph;
__be32 nexthop;
@@ -234,7 +234,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
dir = tuplehash->tuple.dir;
flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
- rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
+ rt = (struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
if (unlikely(nf_flow_exceeds_mtu(skb, rt)))
return NF_ACCEPT;
@@ -251,6 +251,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
skb->dev = outdev;
nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
+ skb_dst_set_noref(skb, &rt->dst);
neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
return NF_STOLEN;
diff --git a/net/ipv6/netfilter/nf_flow_table_ipv6.c b/net/ipv6/netfilter/nf_flow_table_ipv6.c
index 207cb35569b1..2d6652146bba 100644
--- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
@@ -243,6 +243,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
skb->dev = outdev;
nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
+ skb_dst_set_noref(skb, &rt->dst);
neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
return NF_STOLEN;
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 4.16.y] netfilter: nf_flow_table: attach dst to skbs
2018-06-07 15:01 [PATCH 4.16.y] netfilter: nf_flow_table: attach dst to skbs Jason A. Donenfeld
@ 2018-06-07 16:15 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2018-06-07 16:15 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: stable, pablo
On Thu, Jun 07, 2018 at 05:01:54PM +0200, Jason A. Donenfeld wrote:
> commit 2a79fd3908acd88e6cb0e620c314d7b1fee56a02 upstream.
>
> Some drivers, such as vxlan and wireguard, use the skb's dst in order to
> determine things like PMTU. They therefore loose functionality when flow
> offloading is enabled. So, we ensure the skb has it before xmit'ing it
> in the offloading path.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> net/ipv4/netfilter/nf_flow_table_ipv4.c | 5 +++--
> net/ipv6/netfilter/nf_flow_table_ipv6.c | 1 +
> 2 files changed, 4 insertions(+), 2 deletions(-)
Thanks for the backports, both now queued up.
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-06-07 16:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-06-07 15:01 [PATCH 4.16.y] netfilter: nf_flow_table: attach dst to skbs Jason A. Donenfeld
2018-06-07 16:15 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).