Message ID | 20230621100731.68068-2-pablo@netfilter.org (mailing list archive) |
---|---|
State | Accepted |
Commit | d7fce52fdf96663ddc2eb21afecff3775588612a |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net,01/14] ipvs: align inner_mac_header for encapsulation | expand |
Hello: This series was applied to netdev/net.git (main) by Pablo Neira Ayuso <pablo@netfilter.org>: On Wed, 21 Jun 2023 12:07:18 +0200 you wrote: > From: Terin Stock <terin@cloudflare.com> > > When using encapsulation the original packet's headers are copied to the > inner headers. This preserves the space for an inner mac header, which > is not used by the inner payloads for the encapsulation types supported > by IPVS. If a packet is using GUE or GRE encapsulation and needs to be > segmented, flow can be passed to __skb_udp_tunnel_segment() which > calculates a negative tunnel header length. A negative tunnel header > length causes pskb_may_pull() to fail, dropping the packet. > > [...] Here is the summary with links: - [net,01/14] ipvs: align inner_mac_header for encapsulation https://git.kernel.org/netdev/net/c/d7fce52fdf96 - [net,02/14] netfilter: nf_tables: fix chain binding transaction logic https://git.kernel.org/netdev/net/c/4bedf9eee016 - [net,03/14] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain https://git.kernel.org/netdev/net/c/26b5a5712eb8 - [net,04/14] netfilter: nf_tables: drop map element references from preparation phase https://git.kernel.org/netdev/net/c/628bd3e49cba - [net,05/14] netfilter: nft_set_pipapo: .walk does not deal with generations https://git.kernel.org/netdev/net/c/2b84e215f874 - [net,06/14] netfilter: nf_tables: fix underflow in object reference counter https://git.kernel.org/netdev/net/c/d6b478666ffa - [net,07/14] netfilter: nf_tables: disallow element updates of bound anonymous sets https://git.kernel.org/netdev/net/c/c88c535b592d - [net,08/14] netfilter: nf_tables: reject unbound anonymous set before commit phase https://git.kernel.org/netdev/net/c/938154b93be8 - [net,09/14] netfilter: nf_tables: reject unbound chain set before commit phase https://git.kernel.org/netdev/net/c/62e1e94b246e - [net,10/14] netfilter: nf_tables: disallow updates of anonymous sets https://git.kernel.org/netdev/net/c/b770283c98e0 - [net,11/14] netfilter: nf_tables: disallow timeout for anonymous sets https://git.kernel.org/netdev/net/c/e26d3009efda - [net,12/14] netfilter: nf_tables: drop module reference after updating chain https://git.kernel.org/netdev/net/c/043d2acf5722 - [net,13/14] netfilter: nfnetlink_osf: fix module autoload https://git.kernel.org/netdev/net/c/62f9a68a36d4 - [net,14/14] netfilter: nf_tables: Fix for deleting base chains with payload https://git.kernel.org/netdev/net/c/42e344f01688 You are awesome, thank you!
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c index feb1d7fcb09f..a80b960223e1 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -1207,6 +1207,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, skb->transport_header = skb->network_header; skb_set_inner_ipproto(skb, next_protocol); + skb_set_inner_mac_header(skb, skb_inner_network_offset(skb)); if (tun_type == IP_VS_CONN_F_TUNNEL_TYPE_GUE) { bool check = false; @@ -1349,6 +1350,7 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, skb->transport_header = skb->network_header; skb_set_inner_ipproto(skb, next_protocol); + skb_set_inner_mac_header(skb, skb_inner_network_offset(skb)); if (tun_type == IP_VS_CONN_F_TUNNEL_TYPE_GUE) { bool check = false;