{"id":2226127,"url":"http://patchwork.ozlabs.org/api/patches/2226127/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260422094444.198178-2-pablo@netfilter.org/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422094444.198178-2-pablo@netfilter.org>","list_archive_url":null,"date":"2026-04-22T09:44:43","name":"[nf,v2,2/3] netfilter: nft_fwd_netdev: drop packet if no device found when forwarding via neigh","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"0923ee6a5b3d5a528b4e4aa6813cfdfa8d653aa4","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/?format=json","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260422094444.198178-2-pablo@netfilter.org/mbox/","series":[{"id":500956,"url":"http://patchwork.ozlabs.org/api/series/500956/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=500956","date":"2026-04-22T09:44:43","name":"[nf,v2,1/3] netfilter: replace skb_try_make_writable() by skb_ensure_writable()","version":2,"mbox":"http://patchwork.ozlabs.org/series/500956/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226127/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226127/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <netfilter-devel+bounces-12125-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=shiVZX6y;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12125-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"shiVZX6y\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"],"Received":["from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0vYk5fCPz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 19:48:42 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id B07CA3029678\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 09:44:57 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 61CA7329E79;\n\tWed, 22 Apr 2026 09:44:54 +0000 (UTC)","from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 89D2A3BF677\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 22 Apr 2026 09:44:52 +0000 (UTC)","from localhost.localdomain (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with ESMTPSA id E88656017A\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 22 Apr 2026 11:44:50 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776851094; cv=none;\n b=CkfldUZToLJQmgWNubFhnmW+VJwQvmcFyZua0O18z5vJGdg3zWPyMiYATOgWwTSO/VlFBRnv8/V8uyaAVVOVpq49c5ZWVwldYwewNtMJVjNf+pSXcOJzU1+qq/z6M4180MJq7d5QgLItrB50VhLccJb1K1LC2ujJCgfjB2vInYA=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776851094; c=relaxed/simple;\n\tbh=cDuHU2vDd7HJQ/4drs7R7DnQRcwpAsSDE/FdsCyqVIw=;\n\th=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=SkU9gmVqtFVMjPkLvnfXd7R9BdlC+ufCzjUP3YSsDYNWKtkLKKez3ReTyvZF9tTfg3jXpxOtQCVIERDLsoCgotlrJ8td62GHilfPfv8zlLwd2vE+HP9XerJ0IvWvrDpKjHiOBP4Npa71GJBEE/hEm0VfNrxGrMPGJZpUWN0oApI=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=shiVZX6y; arc=none smtp.client-ip=217.70.190.124","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1776851091;\n\tbh=B9uGnF/debDGHWsdBrNly2IQkTnji1ov9aT57vH2s2Y=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=shiVZX6yn0jRYRnmsbtlURccc4hdM8CXdRxW7dtpPIO6bea52XAeyJs+d6Mrg7rgR\n\t j5r3ek+x1wwxsYQOWqRza2ux73Mn91LU8miQmO+HAkEAN1KVISHs7c6xJttKI+qkiH\n\t 7bGzEwP1y9FKOe599jYw59lsFApNwcl1Rq1vckiM307E3wHdZG8ywEBBll3sKjwiVq\n\t 7HDXvWPX/CPLEisGkapml/oq/gAYVayg4Bur46MI+AOnHwyhK/iqkzlNQGUtWCMZ+h\n\t xVgdyL94Q1G50ZvNkhljsTvmLEAOV3dPUj5PW32x/lo3MaMWp53crRsr6lZp4Kk0Uy\n\t PEuJPLDVgJ/Tw==","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"netfilter-devel@vger.kernel.org","Subject":"[PATCH nf,v2 2/3] netfilter: nft_fwd_netdev: drop packet if no device\n found when forwarding via neigh","Date":"Wed, 22 Apr 2026 11:44:43 +0200","Message-ID":"<20260422094444.198178-2-pablo@netfilter.org>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<20260422094444.198178-1-pablo@netfilter.org>","References":"<20260422094444.198178-1-pablo@netfilter.org>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"The ttl field has been decremented already and evaluate of this rule\nwould proceed, just drop this packet instead if there is no destination\ndevice to forwards this packet. This is exactly what nf_dup already does\nin this case.\n\nFixes: d32de98ea70f (\"netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer\")\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\nv2: no changes\n\n net/netfilter/nft_fwd_netdev.c | 6 ++++--\n 1 file changed, 4 insertions(+), 2 deletions(-)","diff":"diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c\nindex 516287ce7f9b..95b2af3eede4 100644\n--- a/net/netfilter/nft_fwd_netdev.c\n+++ b/net/netfilter/nft_fwd_netdev.c\n@@ -153,8 +153,10 @@ static void nft_fwd_neigh_eval(const struct nft_expr *expr,\n \t}\n \n \tdev = dev_get_by_index_rcu(nft_net(pkt), oif);\n-\tif (dev == NULL)\n-\t\treturn;\n+\tif (dev == NULL) {\n+\t\tverdict = NF_DROP;\n+\t\tgoto out;\n+\t}\n \n \tskb->dev = dev;\n \tskb_clear_tstamp(skb);\n","prefixes":["nf","v2","2/3"]}