1 From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2 Date: Wed, 30 May 2018 20:43:15 +0200
3 Subject: [PATCH] netfilter: nf_flow_table: attach dst to skbs
5 Some drivers, such as vxlan and wireguard, use the skb's dst in order to
6 determine things like PMTU. They therefore loose functionality when flow
7 offloading is enabled. So, we ensure the skb has it before xmit'ing it
8 in the offloading path.
10 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
14 --- a/net/netfilter/nf_flow_table_ip.c
15 +++ b/net/netfilter/nf_flow_table_ip.c
16 @@ -220,7 +220,7 @@ nf_flow_offload_ip_hook(void *priv, stru
17 enum flow_offload_tuple_dir dir;
18 struct flow_offload *flow;
19 struct net_device *outdev;
20 - const struct rtable *rt;
25 @@ -241,7 +241,7 @@ nf_flow_offload_ip_hook(void *priv, stru
27 dir = tuplehash->tuple.dir;
28 flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
29 - rt = (const struct rtable *)flow->tuplehash[!dir].tuple.dst_cache;
30 + rt = (struct rtable *)flow->tuplehash[!dir].tuple.dst_cache;
32 if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
33 (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
34 @@ -264,6 +264,7 @@ nf_flow_offload_ip_hook(void *priv, stru
37 nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
38 + skb_dst_set_noref(skb, &rt->dst);
39 neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
42 @@ -480,6 +481,7 @@ nf_flow_offload_ipv6_hook(void *priv, st
45 nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
46 + skb_dst_set_noref(skb, &rt->dst);
47 neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
projects / librecmc / librecmc.git / blob