| Message ID | 20230131133158.4052-2-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [net,1/2] netfilter: br_netfilter: disable sabotage_in hook after first suppression | expand |
Hello: This series was applied to netdev/net.git (master) by Pablo Neira Ayuso <pablo@netfilter.org>: On Tue, 31 Jan 2023 14:31:57 +0100 you wrote: > From: Florian Westphal <fw@strlen.de> > > When using a xfrm interface in a bridged setup (the outgoing device is > bridged), the incoming packets in the xfrm interface are only tracked > in the outgoing direction. > > $ brctl show > bridge name interfaces > br_eth1 eth1 > > [...] Here is the summary with links: - [net,1/2] netfilter: br_netfilter: disable sabotage_in hook after first suppression https://git.kernel.org/netdev/net/c/2b272bb558f1 - [net,2/2] Revert "netfilter: conntrack: fix bug in for_each_sctp_chunk" https://git.kernel.org/netdev/net/c/bd0e06f0def7 You are awesome, thank you!
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index f20f4373ff40..9554abcfd5b4 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -871,6 +871,7 @@ static unsigned int ip_sabotage_in(void *priv, if (nf_bridge && !nf_bridge->in_prerouting && !netif_is_l3_master(skb->dev) && !netif_is_l3_slave(skb->dev)) { + nf_bridge_info_free(skb); state->okfn(state->net, state->sk, skb); return NF_STOLEN; }