diff options
author | Ben Greear <greearb@candelatech.com> | 2010-07-22 05:54:47 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-07-26 00:58:46 -0400 |
commit | c736eefadb71a01a5e61e0de700f28f6952b4444 (patch) | |
tree | d6a7cb06755e24bb5a1a44b68802577c1ca303d8 /net/core | |
parent | 3b87956ea645fb4de7e59c7d0aa94de04be72615 (diff) |
net: dev_forward_skb should call nf_reset
With conn-track zones and probably with different network
namespaces, the netfilter logic needs to be re-calculated
on packet receive. If the netfilter logic is not reset,
it will not be recalculated properly. This patch adds
the nf_reset logic to dev_forward_skb.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
-rw-r--r-- | net/core/dev.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/core/dev.c b/net/core/dev.c index 0ea10f849be8..1f466e82ac33 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -1488,6 +1488,7 @@ static inline void net_timestamp_check(struct sk_buff *skb) | |||
1488 | int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) | 1488 | int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) |
1489 | { | 1489 | { |
1490 | skb_orphan(skb); | 1490 | skb_orphan(skb); |
1491 | nf_reset(skb); | ||
1491 | 1492 | ||
1492 | if (!(dev->flags & IFF_UP) || | 1493 | if (!(dev->flags & IFF_UP) || |
1493 | (skb->len > (dev->mtu + dev->hard_header_len))) { | 1494 | (skb->len > (dev->mtu + dev->hard_header_len))) { |