Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2228967/?format=api
{ "id": 2228967, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2228967/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260427150500.13754-2-pablo@netfilter.org/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260427150500.13754-2-pablo@netfilter.org>", "date": "2026-04-27T15:04:59", "name": "[nf,v6,2/3] netfilter: nft_fwd_netdev: add device and headroom validate with neigh forwarding", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": false, "hash": "555c4cacd1a41906359059aece7eb43667870b57", "submitter": { "id": 1315, "url": "http://patchwork.ozlabs.org/api/1.1/people/1315/?format=api", "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260427150500.13754-2-pablo@netfilter.org/mbox/", "series": [ { "id": 501670, "url": "http://patchwork.ozlabs.org/api/1.1/series/501670/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501670", "date": "2026-04-27T15:04:58", "name": "[nf,v6,1/3] netfilter: nft_fwd_netdev: add device and headroom validate with neigh forwarding", "version": 6, "mbox": "http://patchwork.ozlabs.org/series/501670/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2228967/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2228967/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12221-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=dgpudO23;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.234.253.10; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12221-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"dgpudO23\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org [172.234.253.10])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g46TL34l9z1yHX\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 01:11:02 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id CEECE3081A2E\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 27 Apr 2026 15:05:11 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 73FDD3246F4;\n\tMon, 27 Apr 2026 15:05:08 +0000 (UTC)", "from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F97931F98B\n\tfor <netfilter-devel@vger.kernel.org>; Mon, 27 Apr 2026 15:05:06 +0000 (UTC)", "from localhost.localdomain (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with ESMTPSA id 9B7DA60254\n\tfor <netfilter-devel@vger.kernel.org>; Mon, 27 Apr 2026 17:05:04 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777302308; cv=none;\n b=i8geO6Hsa2DrcuOTTAkSsZ2YEwMFsHjObfgz/wTjfMT9UiwKwbh9iKPCncsBZoo9VA2IsjatypNEciQWMXaR8wL5Lb1+iPM5pGv8BasnBIelL6OtqjAyChOH2vnrE/T07tsdGDPWGxGqWi/FByT3oS5TlFk/Q1UY0vzbVLzhbns=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777302308; c=relaxed/simple;\n\tbh=+o9lRJiwLvjUUTVmmChwvZpLGipGAkQRAeqR7pf/n08=;\n\th=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=iMXbIQwziBTH1MOhcuAL0VtpWMwVAx5q2ogAbaGFrAb/oIxnXL7ml+4SR5OFszURXC3s5zbnel2NwS5JKIsLFa717t8DGTpbxgkr4NIjrAqhFaJ9opI8tLJ0u1c/p1+JnnFOKEHCUOebpMVM910bYmA9mnxZRHfljozJROLaigo=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=dgpudO23; arc=none smtp.client-ip=217.70.190.124", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1777302304;\n\tbh=DTm8/y9EdR+sWf0X9Kb/4I/BsEC7MdwNf2XTVP9IoF8=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=dgpudO23sjg+ZsjECcSxRZhD7M7SJFTwETQcVqWGF4x6JUJaOA9Iutx7tHO2R2Mg+\n\t J3w+4wgdGi6DNGvSer62zwkNQEam5b5Syvm9iedoVGsAi325HvI/Q1X5RiDein9oAv\n\t TwZCYByN4boUblnUOek7lia4Ps0ARuLDPREh08KBFJoWCmh0w0Jl1UsW31+jwaCFli\n\t NOrKOfNXeN7I1TxGKMo1OF20+nf1Jj6JQNfCKGyN/PyZQYIn6Fy2HdXrUJVwYyiyHT\n\t Ly7sVDCtrCZlKozvxeN6MeZHbjG/ZaQSxsjL0+ZxJs1QJMfv8HI7tquiDtemTyN6H2\n\t +hbGaU1fzYWlQ==", "From": "Pablo Neira Ayuso <pablo@netfilter.org>", "To": "netfilter-devel@vger.kernel.org", "Subject": "[PATCH nf,v6 2/3] netfilter: nft_fwd_netdev: add device and headroom\n validate with neigh forwarding", "Date": "Mon, 27 Apr 2026 17:04:59 +0200", "Message-ID": "<20260427150500.13754-2-pablo@netfilter.org>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260427150500.13754-1-pablo@netfilter.org>", "References": "<20260427150500.13754-1-pablo@netfilter.org>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "The ttl field has been decremented already and evaluation of this rule\nwould proceed, just drop this packet instead if there is no destination\ndevice to forwards this packet. This is exactly what nf_dup already does\nin this case.\n\nMoreover, check for headroom and call skb_expand_head() like in the IP\noutput path to ensure there is sufficient headroom when forwarding this\nvia neigh_xmit().\n\nFixes: d32de98ea70f (\"netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer\")\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\nv6: use similar idiom that is used in the IP output path.\n\n net/netfilter/nft_fwd_netdev.c | 16 ++++++++++++++--\n 1 file changed, 14 insertions(+), 2 deletions(-)", "diff": "diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c\nindex 2cc809303ce8..c484a757cfb5 100644\n--- a/net/netfilter/nft_fwd_netdev.c\n+++ b/net/netfilter/nft_fwd_netdev.c\n@@ -102,6 +102,7 @@ static void nft_fwd_neigh_eval(const struct nft_expr *expr,\n \tstruct sk_buff *skb = pkt->skb;\n \tint nhoff = skb_network_offset(skb);\n \tstruct net_device *dev;\n+\tunsigned int hh_len;\n \tint neigh_table;\n \n \tswitch (priv->nfproto) {\n@@ -153,8 +154,19 @@ static void nft_fwd_neigh_eval(const struct nft_expr *expr,\n \t}\n \n \tdev = dev_get_by_index_rcu(nft_net(pkt), oif);\n-\tif (dev == NULL)\n-\t\treturn;\n+\tif (dev == NULL) {\n+\t\tverdict = NF_DROP;\n+\t\tgoto out;\n+\t}\n+\n+\thh_len = LL_RESERVED_SPACE(dev);\n+\tif (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {\n+\t\tskb = skb_expand_head(skb, hh_len);\n+\t\tif (!skb) {\n+\t\t\tverdict = NF_DROP;\n+\t\t\tgoto out;\n+\t\t}\n+\t}\n \n \tskb->dev = dev;\n \tskb_clear_tstamp(skb);\n", "prefixes": [ "nf", "v6", "2/3" ] }