netfilter pull request 24-04-25

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmYqG18ACgkQ1V2XiooU
 IOT2fg/+Ir0uSBi5YldKlCqVGVTEAVoUuvo8yuzuUktYI5s+YpyNptFcNJHgJuP1
 H94qccf4K6yJuyb0dNaBooxkVY4kiPIDs2+XuI6fz9bJNI3kypITfhvUKIkLiKvX
 cwqvAG+v0HZ1CKMD/icCftF/gOK3+MSasPhqz6I0U9xp86shw5ImFwmg0n7rtgmB
 +WxKbGzVSw2f6QLWpYunhZI7HUxnsiR5l3YyqPP4HHh+8e1rNjfolS6yX/4MmrfH
 5TR7MkwjAxiXOy6JsC8TQqEc5hUASY0loKMfrEJjwol2ksmx7OBw8X8ivfv/PnnA
 gfaVzTC5WovHQotFFQ+Z4EKgMDkHZsZbxjsoWA5MPlrxYha/YYo6OzEvvjZYWe2Z
 5kKxSpBAF9IMY/wQfjicpTILhFW6/CjffzFQU6RESau6tn6YcFoTpJozq4Fyq6CX
 XI8vc21l8n/h5Ne03axN/+6FxPuSatYDBrvstcTuf2o1sefw91Ak4TYlERKTiynq
 xmlsq/3PqoTzPLeQcUzyuwKTsJmzKn5qt95NnWbzdo5ZicnrMGMCAxjVr/wyvhnK
 HHqMRG6EcdBH+608XpialmvyQ9/kMEoH2YBMJG4cHkxF/y0OKSXMs9lfNq4cxGLf
 KIWShd13MpgdA64uQNZ80OQulhU9/KKxOC5NGG4cZONmM3bogqw=
 =YK6G
 -----END PGP SIGNATURE-----

Merge tag 'nf-24-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains two Netfilter/IPVS fixes for net:

Patch #1 fixes SCTP checksumming for IPVS with gso packets,
	 from Ismael Luceno.

Patch #2 honor dormant flag from netdev event path to fix a possible
	 double hook unregistration.

* tag 'nf-24-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: honor table dormant flag from netdev release event path
  ipvs: Fix checksumming on GSO of SCTP packets
====================

Link: https://lore.kernel.org/r/20240425090149.1359547-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jakub Kicinski 2024-04-25 08:46:53 -07:00
commit e8baa63f87
2 changed files with 7 additions and 3 deletions

View File

@ -126,7 +126,8 @@ sctp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
if (sctph->source != cp->vport || payload_csum || if (sctph->source != cp->vport || payload_csum ||
skb->ip_summed == CHECKSUM_PARTIAL) { skb->ip_summed == CHECKSUM_PARTIAL) {
sctph->source = cp->vport; sctph->source = cp->vport;
sctp_nat_csum(skb, sctph, sctphoff); if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb))
sctp_nat_csum(skb, sctph, sctphoff);
} else { } else {
skb->ip_summed = CHECKSUM_UNNECESSARY; skb->ip_summed = CHECKSUM_UNNECESSARY;
} }
@ -174,7 +175,8 @@ sctp_dnat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
(skb->ip_summed == CHECKSUM_PARTIAL && (skb->ip_summed == CHECKSUM_PARTIAL &&
!(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) { !(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) {
sctph->dest = cp->dport; sctph->dest = cp->dport;
sctp_nat_csum(skb, sctph, sctphoff); if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb))
sctp_nat_csum(skb, sctph, sctphoff);
} else if (skb->ip_summed != CHECKSUM_PARTIAL) { } else if (skb->ip_summed != CHECKSUM_PARTIAL) {
skb->ip_summed = CHECKSUM_UNNECESSARY; skb->ip_summed = CHECKSUM_UNNECESSARY;
} }

View File

@ -338,7 +338,9 @@ static void nft_netdev_event(unsigned long event, struct net_device *dev,
return; return;
if (n > 1) { if (n > 1) {
nf_unregister_net_hook(ctx->net, &found->ops); if (!(ctx->chain->table->flags & NFT_TABLE_F_DORMANT))
nf_unregister_net_hook(ctx->net, &found->ops);
list_del_rcu(&found->list); list_del_rcu(&found->list);
kfree_rcu(found, rcu); kfree_rcu(found, rcu);
return; return;