Patchwork TEE broken in 3.6

login
register
mail settings
Submitter Pablo Neira
Date Oct. 17, 2012, 8:23 a.m.
Message ID <20121017082323.GA13289@1984>
Download mbox | patch
Permalink /patch/191984/
State Superseded
Headers show

Comments

Pablo Neira - Oct. 17, 2012, 8:23 a.m.
On Wed, Oct 17, 2012 at 09:48:51AM +0200, Eric Dumazet wrote:
> On Wed, 2012-10-17 at 09:45 +0200, Torsten Luettgert wrote:
> > On Tue, 16 Oct 2012 22:00:18 +0200
> > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > 
> > > Could you try latest tree, with the following patch ?
> > 
> > Yeah, that works.
> > 
> > I'm still a bit sad, though, since I'll have to wait for 3.7 now (no
> > FLOWI_FLAG_KNOWN_NH in 3.6.*), or is there any solution for those "old"
> > kernels, too?
> > 
> > Regards,
> > Torsten
> 
> I believe its stable material, it will reach 3.6.3 or 3.6.4 dont worry.

@Eric: I've included the description to the patch (just to save you
some time to make it yourself).

Let me know if you're OK with the one attached. If not, feel free to
pass me yours.
Eric Dumazet - Oct. 17, 2012, 8:34 a.m.
On Wed, 2012-10-17 at 10:23 +0200, Pablo Neira Ayuso wrote:
> On Wed, Oct 17, 2012 at 09:48:51AM +0200, Eric Dumazet wrote:
> > On Wed, 2012-10-17 at 09:45 +0200, Torsten Luettgert wrote:
> > > On Tue, 16 Oct 2012 22:00:18 +0200
> > > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > > 
> > > > Could you try latest tree, with the following patch ?
> > > 
> > > Yeah, that works.
> > > 
> > > I'm still a bit sad, though, since I'll have to wait for 3.7 now (no
> > > FLOWI_FLAG_KNOWN_NH in 3.6.*), or is there any solution for those "old"
> > > kernels, too?
> > > 
> > > Regards,
> > > Torsten
> > 
> > I believe its stable material, it will reach 3.6.3 or 3.6.4 dont worry.
> 
> @Eric: I've included the description to the patch (just to save you
> some time to make it yourself).
> 
> Let me know if you're OK with the one attached. If not, feel free to
> pass me yours.

Oops, sorry I missed that, feel free to chose your version or mine !

Thanks


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

From d977416de1ceb9ec960b34c0202d711a9a6dead4 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 17 Oct 2012 10:18:15 +0200
Subject: [PATCH] netfilter: xt_TEE: fix routing due to rt_gateway semantic
 changes

Since (f8126f1 ipv4: Adjust semantics of rt->rt_gateway.), xt_TEE
stopped working.

The problem is that it tries to ARP lookup the original destination
address of the forwarded packet, not the address of the gateway.

Reported-by: Torsten Luettgert <ml-netfilter@enda.eu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/xt_TEE.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index ee2e5bc..bd93e51 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -70,6 +70,7 @@  tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
 	fl4.daddr = info->gw.ip;
 	fl4.flowi4_tos = RT_TOS(iph->tos);
 	fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
+	fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;
 	rt = ip_route_output_key(net, &fl4);
 	if (IS_ERR(rt))
 		return false;
-- 
1.7.10.4