{"id":2227073,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2227073/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260423072155.352333-2-pablo@netfilter.org/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.1/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260423072155.352333-2-pablo@netfilter.org>","date":"2026-04-23T07:21:54","name":"[nf,v4,2/3] netfilter: nft_fwd_netdev: drop packet if no device found when forwarding via neigh","commit_ref":null,"pull_url":null,"state":"changes-requested","archived":false,"hash":"0923ee6a5b3d5a528b4e4aa6813cfdfa8d653aa4","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/1.1/people/1315/?format=json","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260423072155.352333-2-pablo@netfilter.org/mbox/","series":[{"id":501153,"url":"http://patchwork.ozlabs.org/api/1.1/series/501153/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501153","date":"2026-04-23T07:21:54","name":"[nf,v4,1/3] netfilter: replace skb_try_make_writable() by skb_ensure_writable()","version":4,"mbox":"http://patchwork.ozlabs.org/series/501153/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2227073/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2227073/checks/","tags":{},"headers":{"Return-Path":"\n <netfilter-devel+bounces-12146-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=puJjq7pQ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12146-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"puJjq7pQ\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g1SLk6YnPz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 17:26:06 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 875C130115A5\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 07:22:05 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id C8C881E0B9C;\n\tThu, 23 Apr 2026 07:22:04 +0000 (UTC)","from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 55040238C0A\n\tfor <netfilter-devel@vger.kernel.org>; Thu, 23 Apr 2026 07:22:02 +0000 (UTC)","from localhost.localdomain (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with ESMTPSA id 9FF4E602CA\n\tfor <netfilter-devel@vger.kernel.org>; Thu, 23 Apr 2026 09:22:00 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776928924; cv=none;\n b=aGZV1922QqsV+7AMwaXFW6BNOeaoyEgRtz+xKxKFZxrYxJA/GOgQPKlLJ89ILHD+KlXPcB7p9nvAb18GZ2C+eLI0qju/uCV6AWVOzHAGD4fxlcjWhTGNuZmtUodsmIMCGxgHDBNEdozKx8+MvUC7l4nomcyks7U8/3tpEP9Dedk=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776928924; c=relaxed/simple;\n\tbh=SI0QM7qbmXQa/aVjec3B77pZnifRywfTEoDJBZ/KUTw=;\n\th=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=YJ9BTC1KwDT3kHadwdbqAAgbBuyZGGTzZu2z5OX5ACVR8khAReVj+KXtiJMta4yg0L0KPWSHXgeCQ0S0rhzW27cCDKnKTZbwaX6ZrLTfeCX9RfLG0Q5L84cU0ccLiwrTf8NwNe9398KH1QPvv1kPbZeDFC9Z4gNV8hJwi80yMCY=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=puJjq7pQ; arc=none smtp.client-ip=217.70.190.124","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1776928920;\n\tbh=PZme9hDgRZ1+3hXMc7WMqkuFJgaBgvmK7FR596/Rozw=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=puJjq7pQpgq/l/XA9kpeaawoTF596TSTrPHSHP8NoDjAGdb+ONtdimL9juFO/lfL2\n\t d3pBNgd3sAc4sW4b8hiwE+wNgwTXksOPknODRM/ZmVayTb/L/j+B7ZpDw8hJMVwiZv\n\t aQPHDoyz0jy0yXwuHeJvtt33ueugbywQy768Wt8vWga8wT2ZOh4ypxDbVCIGbTlH/P\n\t 2QxDNwAEfXX2Kl/PpGlxZXGofJiE6IJfc6P6zAxJYBDkqTuRHT0pP9HoJCDRINiV/i\n\t ANO88AfVP6uwekWJbXwXDiFowx568DJTGYCSoUMTIwJXLzHQ2RvUE7SNLLU/0h7pND\n\t jKeQTorKtGdqQ==","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"netfilter-devel@vger.kernel.org","Subject":"[PATCH nf,v4 2/3] netfilter: nft_fwd_netdev: drop packet if no device\n found when forwarding via neigh","Date":"Thu, 23 Apr 2026 09:21:54 +0200","Message-ID":"<20260423072155.352333-2-pablo@netfilter.org>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<20260423072155.352333-1-pablo@netfilter.org>","References":"<20260423072155.352333-1-pablo@netfilter.org>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"The ttl field has been decremented already and evaluate of this rule\nwould proceed, just drop this packet instead if there is no destination\ndevice to forwards this packet. This is exactly what nf_dup already does\nin this case.\n\nFixes: d32de98ea70f (\"netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer\")\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\nv4: no changes.\n\n net/netfilter/nft_fwd_netdev.c | 6 ++++--\n 1 file changed, 4 insertions(+), 2 deletions(-)","diff":"diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c\nindex 2cc809303ce8..80416017a2d5 100644\n--- a/net/netfilter/nft_fwd_netdev.c\n+++ b/net/netfilter/nft_fwd_netdev.c\n@@ -153,8 +153,10 @@ static void nft_fwd_neigh_eval(const struct nft_expr *expr,\n \t}\n \n \tdev = dev_get_by_index_rcu(nft_net(pkt), oif);\n-\tif (dev == NULL)\n-\t\treturn;\n+\tif (dev == NULL) {\n+\t\tverdict = NF_DROP;\n+\t\tgoto out;\n+\t}\n \n \tskb->dev = dev;\n \tskb_clear_tstamp(skb);\n","prefixes":["nf","v4","2/3"]}