[nft,v2] conntrack: Fix gre tunneling over ipv6

Message ID	20210304090959.GA301692@r1.mshome.net
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> sender: linuxludo@free.fr) by smtp2-g21.free.fr (Postfix) with ESMTPSA id C223B20036C; Thu, 4 Mar 2021 10:10:51 +0100 (CET) Date: Thu, 4 Mar 2021 04:10:50 -0500 From: Ludovic Senecaux <linuxludo@free.fr> To: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6 Message-ID: <20210304090959.GA301692@r1.mshome.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk
Series	[nft,v2] conntrack: Fix gre tunneling over ipv6 \| expand [nft,v2] conntrack: Fix gre tunneling over ipv6

Message ID

20210304090959.GA301692@r1.mshome.net

State

Accepted

Delegated to:

Pablo Neira

Headers

Date: Thu, 4 Mar 2021 04:10:50 -0500
From: Ludovic Senecaux <linuxludo@free.fr>
To: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de
Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org
Subject: [PATCH][nft,v2] conntrack: Fix gre tunneling over ipv6
Message-ID: <20210304090959.GA301692@r1.mshome.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk

Series

[nft,v2] conntrack: Fix gre tunneling over ipv6 | expand

This fix permits gre connections to be tracked within ip6tables rules Signed-off-by: Ludovic Senecaux <linuxludo@free.fr> --- net/netfilter/nf_conntrack_proto_gre.c | 3 --- 1 file changed, 3 deletions(-)

Comments

Florian Westphal March 4, 2021, 9:31 a.m. UTC | #1

Ludovic Senecaux <linuxludo@free.fr> wrote:
> This fix permits gre connections to be tracked within ip6tables rules

Acked-by: Florian Westphal <fw@strlen.de>

Pablo Neira Ayuso March 17, 2021, 11:39 p.m. UTC | #2

On Thu, Mar 04, 2021 at 04:10:50AM -0500, Ludovic Senecaux wrote:
> This fix permits gre connections to be tracked within ip6tables rules

Applied, thanks.

diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index 5b05487a60d2..db11e403d818 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -218,9 +218,6 @@  int nf_conntrack_gre_packet(struct nf_conn *ct,
 			    enum ip_conntrack_info ctinfo,
 			    const struct nf_hook_state *state)
 {
-	if (state->pf != NFPROTO_IPV4)
-		return -NF_ACCEPT;
-
 	if (!nf_ct_is_confirmed(ct)) {
 		unsigned int *timeouts = nf_ct_timeout_lookup(ct);

[nft,v2] conntrack: Fix gre tunneling over ipv6

Commit Message

Comments

Patch