diff options
| author | David S. Miller <davem@davemloft.net> | 2019-05-23 17:45:36 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-05-23 17:45:36 -0400 |
| commit | 71e15f76f8df7ca01cfa87ed895b194feee90dd4 (patch) | |
| tree | 626335e8c5d41b0c9dec6adc1b88a32308dd71f1 /net/ipv6 | |
| parent | b5730061d1056abf317caea823b94d6e12b5b4f6 (diff) | |
| parent | 2de03b45236f3af1800755614fd434d347adf046 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter/IPVS fixes for net
The following patchset contains Netfilter/IPVS fixes for your net tree:
1) Fix crash when dumping rules after conversion to RCU,
from Florian Westphal.
2) Fix incorrect hook reinjection from nf_queue in case NF_REPEAT,
from Jagdish Motwani.
3) Fix check for route existence in fib extension, from Phil Sutter.
4) Fix use after free in ip_vs_in() hook, from YueHaibing.
5) Check for veth existence from netfilter selftests,
from Jeffrin Jose T.
6) Checksum corruption in UDP NAT helpers due to typo,
from Florian Westphal.
7) Pass up packets to classic forwarding path regardless of
IPv4 DF bit, patch for the flowtable infrastructure from Florian.
8) Set liberal TCP tracking for flows that are placed in the
flowtable, in case they need to go back to classic forwarding path,
also from Florian.
9) Don't add flow with sequence adjustment to flowtable, from Florian.
10) Skip IPv4 options from IPv6 datapath in flowtable, from Florian.
11) Add selftest for the flowtable infrastructure, from Florian.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nft_fib_ipv6.c | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c index 73cdc0bc63f7..ec068b0cffca 100644 --- a/net/ipv6/netfilter/nft_fib_ipv6.c +++ b/net/ipv6/netfilter/nft_fib_ipv6.c | |||
| @@ -169,8 +169,7 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs, | |||
| 169 | 169 | ||
| 170 | if (nft_hook(pkt) == NF_INET_PRE_ROUTING && | 170 | if (nft_hook(pkt) == NF_INET_PRE_ROUTING && |
| 171 | nft_fib_is_loopback(pkt->skb, nft_in(pkt))) { | 171 | nft_fib_is_loopback(pkt->skb, nft_in(pkt))) { |
| 172 | nft_fib_store_result(dest, priv, pkt, | 172 | nft_fib_store_result(dest, priv, nft_in(pkt)); |
| 173 | nft_in(pkt)->ifindex); | ||
| 174 | return; | 173 | return; |
| 175 | } | 174 | } |
| 176 | 175 | ||
| @@ -187,18 +186,7 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs, | |||
| 187 | if (oif && oif != rt->rt6i_idev->dev) | 186 | if (oif && oif != rt->rt6i_idev->dev) |
| 188 | goto put_rt_err; | 187 | goto put_rt_err; |
| 189 | 188 | ||
| 190 | switch (priv->result) { | 189 | nft_fib_store_result(dest, priv, rt->rt6i_idev->dev); |
| 191 | case NFT_FIB_RESULT_OIF: | ||
| 192 | *dest = rt->rt6i_idev->dev->ifindex; | ||
| 193 | break; | ||
| 194 | case NFT_FIB_RESULT_OIFNAME: | ||
| 195 | strncpy((char *)dest, rt->rt6i_idev->dev->name, IFNAMSIZ); | ||
| 196 | break; | ||
| 197 | default: | ||
| 198 | WARN_ON_ONCE(1); | ||
| 199 | break; | ||
| 200 | } | ||
| 201 | |||
| 202 | put_rt_err: | 190 | put_rt_err: |
| 203 | ip6_rt_put(rt); | 191 | ip6_rt_put(rt); |
| 204 | } | 192 | } |