[16/20] netfilter: nf_flow_table: attach dst to skbs

Message ID	20180602002259.4024-17-pablo@netfilter.org
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 9C3954265A4E; Sat, 2 Jun 2018 02:22:05 +0200 (CEST) From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 16/20] netfilter: nf_flow_table: attach dst to skbs Date: Sat, 2 Jun 2018 02:22:55 +0200 Message-Id: <20180602002259.4024-17-pablo@netfilter.org> In-Reply-To: <20180602002259.4024-1-pablo@netfilter.org> References: <20180602002259.4024-1-pablo@netfilter.org> Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	[01/20] netfilter: add includes to nf_socket.h \| expand [01/20] netfilter: add includes to nf_socket.h [02/20] netfilter: nat: merge ipv4/ipv6 masquerade code into main nat module [03/20] netfilter: nat: merge nf_nat_redirect into nf_nat [04/20] netfilter: nfnetlink: allow commit to fail [05/20] netfilter: nf_tables: remove synchronize_rcu in commit phase [06/20] netfilter: nat: make symbol nat_hook static [07/20] netfilter: nft_compat: use call_rcu for nfnl_compat_get [08/20] netfilter: nf_tables: fix endian mismatch in return type [09/20] netfilter: nf_tables: fail batch if fatal signal is pending [10/20] netfilter: nf_tables: use call_rcu in netlink dumps [11/20] netfilter: nf_tables: remove unused variables [12/20] netfilter: fix ptr_ret.cocci warnings [13/20] netfilter: nf_tables: add support for native socket matching [14/20] netfilter: nf_tables: Add audit support to log statement [15/20] netfilter: nf_tables: fix chain dependency validation [16/20] netfilter: nf_flow_table: attach dst to skbs [17/20] netfilter: nfnetlink: Remove VLA usage [18/20] netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer [19/20] ipvs: add full ipv6 support to nfct [20/20] ipvs: add ipv6 support to ftp

Message ID

20180602002259.4024-17-pablo@netfilter.org

State

Accepted, archived

Delegated to:

David Miller

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 16/20] netfilter: nf_flow_table: attach dst to skbs
Date: Sat,  2 Jun 2018 02:22:55 +0200
Message-Id: <20180602002259.4024-17-pablo@netfilter.org>
In-Reply-To: <20180602002259.4024-1-pablo@netfilter.org>
References: <20180602002259.4024-1-pablo@netfilter.org>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

[01/20] netfilter: add includes to nf_socket.h | expand

Commit Message

Pablo Neira Ayuso June 2, 2018, 12:22 a.m. UTC

From: "Jason A. Donenfeld" <Jason@zx2c4.com>

Some drivers, such as vxlan and wireguard, use the skb's dst in order to
determine things like PMTU. They therefore loose functionality when flow
offloading is enabled. So, we ensure the skb has it before xmit'ing it
in the offloading path.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_flow_table_ip.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 82451b7e0acb..15ed91309992 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -220,7 +220,7 @@  nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
 	enum flow_offload_tuple_dir dir;
 	struct flow_offload *flow;
 	struct net_device *outdev;
-	const struct rtable *rt;
+	struct rtable *rt;
 	unsigned int thoff;
 	struct iphdr *iph;
 	__be32 nexthop;
@@ -241,7 +241,7 @@  nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
 
 	dir = tuplehash->tuple.dir;
 	flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
-	rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
+	rt = (struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
 
 	if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
 	    (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
@@ -264,6 +264,7 @@  nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
 
 	skb->dev = outdev;
 	nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
+	skb_dst_set_noref(skb, &rt->dst);
 	neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
 
 	return NF_STOLEN;
@@ -480,6 +481,7 @@  nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
 
 	skb->dev = outdev;
 	nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
+	skb_dst_set_noref(skb, &rt->dst);
 	neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
 
 	return NF_STOLEN;

[16/20] netfilter: nf_flow_table: attach dst to skbs

Commit Message

Patch