Message ID | 20220519220206.722153-2-pablo@netfilter.org (mailing list archive) |
---|---|
State | Accepted |
Commit | 2c50fc04757f16427e6213989cee9182c50e2c8a |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net-next,01/11] netfilter: Use l3mdev flow key when re-routing mangled packets | expand |
Context | Check | Description |
---|---|---|
netdev/tree_selection | success | Clearly marked for net-next |
netdev/apply | fail | Patch does not apply to net-next |
Hello: This series was applied to netdev/net-next.git (master) by Florian Westphal <fw@strlen.de>: On Fri, 20 May 2022 00:01:56 +0200 you wrote: > From: Martin Willi <martin@strongswan.org> > > Commit 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif > reset for port devices") introduces a flow key specific for layer 3 > domains, such as a VRF master device. This allows for explicit VRF domain > selection instead of abusing the oif flow key. > > [...] Here is the summary with links: - [net-next,01/11] netfilter: Use l3mdev flow key when re-routing mangled packets https://git.kernel.org/netdev/net-next/c/2c50fc04757f - [net-next,02/11] netfilter: nf_conncount: reduce unnecessary GC https://git.kernel.org/netdev/net-next/c/d265929930e2 - [net-next,03/11] netfilter: conntrack: remove pr_debug callsites from tcp tracker https://git.kernel.org/netdev/net-next/c/f74360d3440c - [net-next,04/11] netfilter: ctnetlink: fix up for "netfilter: conntrack: remove unconfirmed list" https://git.kernel.org/netdev/net-next/c/58a94a62a53f - [net-next,05/11] net/sched: act_ct: set 'net' pointer when creating new nf_flow_table (no matching commit) - [net-next,06/11] netfilter: nf_flow_table: count and limit hw offloaded entries (no matching commit) - [net-next,07/11] netfilter: nf_flow_table: count pending offload workqueue tasks (no matching commit) - [net-next,08/11] netfilter: nfnetlink: fix warn in nfnetlink_unbind (no matching commit) - [net-next,09/11] netfilter: conntrack: re-fetch conntrack after insertion (no matching commit) - [net-next,10/11] netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit (no matching commit) - [net-next,11/11] netfilter: nf_tables: set element extended ACK reporting support (no matching commit) You are awesome, thank you!
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index aff707988e23..bd135165482a 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c @@ -45,8 +45,7 @@ int ip_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb, un fl4.saddr = saddr; fl4.flowi4_tos = RT_TOS(iph->tos); fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0; - if (!fl4.flowi4_oif) - fl4.flowi4_oif = l3mdev_master_ifindex(dev); + fl4.flowi4_l3mdev = l3mdev_master_ifindex(dev); fl4.flowi4_mark = skb->mark; fl4.flowi4_flags = flags; fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys); diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 8ce60ab89015..857713d7a38a 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c @@ -31,6 +31,7 @@ int ip6_route_me_harder(struct net *net, struct sock *sk_partial, struct sk_buff int strict = (ipv6_addr_type(&iph->daddr) & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL)); struct flowi6 fl6 = { + .flowi6_l3mdev = l3mdev_master_ifindex(dev), .flowi6_mark = skb->mark, .flowi6_uid = sock_net_uid(net, sk), .daddr = iph->daddr, @@ -42,8 +43,6 @@ int ip6_route_me_harder(struct net *net, struct sock *sk_partial, struct sk_buff fl6.flowi6_oif = sk->sk_bound_dev_if; else if (strict) fl6.flowi6_oif = dev->ifindex; - else - fl6.flowi6_oif = l3mdev_master_ifindex(dev); fib6_rules_early_flow_dissect(net, skb, &fl6, &flkeys); dst = ip6_route_output(net, sk, &fl6);