netfilter pull request 24-04-25
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmYqG18ACgkQ1V2XiooU IOT2fg/+Ir0uSBi5YldKlCqVGVTEAVoUuvo8yuzuUktYI5s+YpyNptFcNJHgJuP1 H94qccf4K6yJuyb0dNaBooxkVY4kiPIDs2+XuI6fz9bJNI3kypITfhvUKIkLiKvX cwqvAG+v0HZ1CKMD/icCftF/gOK3+MSasPhqz6I0U9xp86shw5ImFwmg0n7rtgmB +WxKbGzVSw2f6QLWpYunhZI7HUxnsiR5l3YyqPP4HHh+8e1rNjfolS6yX/4MmrfH 5TR7MkwjAxiXOy6JsC8TQqEc5hUASY0loKMfrEJjwol2ksmx7OBw8X8ivfv/PnnA gfaVzTC5WovHQotFFQ+Z4EKgMDkHZsZbxjsoWA5MPlrxYha/YYo6OzEvvjZYWe2Z 5kKxSpBAF9IMY/wQfjicpTILhFW6/CjffzFQU6RESau6tn6YcFoTpJozq4Fyq6CX XI8vc21l8n/h5Ne03axN/+6FxPuSatYDBrvstcTuf2o1sefw91Ak4TYlERKTiynq xmlsq/3PqoTzPLeQcUzyuwKTsJmzKn5qt95NnWbzdo5ZicnrMGMCAxjVr/wyvhnK HHqMRG6EcdBH+608XpialmvyQ9/kMEoH2YBMJG4cHkxF/y0OKSXMs9lfNq4cxGLf KIWShd13MpgdA64uQNZ80OQulhU9/KKxOC5NGG4cZONmM3bogqw= =YK6G -----END PGP SIGNATURE----- Merge tag 'nf-24-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains two Netfilter/IPVS fixes for net: Patch #1 fixes SCTP checksumming for IPVS with gso packets, from Ismael Luceno. Patch #2 honor dormant flag from netdev event path to fix a possible double hook unregistration. * tag 'nf-24-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: honor table dormant flag from netdev release event path ipvs: Fix checksumming on GSO of SCTP packets ==================== Link: https://lore.kernel.org/r/20240425090149.1359547-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
commit
e8baa63f87
@ -126,7 +126,8 @@ sctp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
|
|||||||
if (sctph->source != cp->vport || payload_csum ||
|
if (sctph->source != cp->vport || payload_csum ||
|
||||||
skb->ip_summed == CHECKSUM_PARTIAL) {
|
skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||||
sctph->source = cp->vport;
|
sctph->source = cp->vport;
|
||||||
sctp_nat_csum(skb, sctph, sctphoff);
|
if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb))
|
||||||
|
sctp_nat_csum(skb, sctph, sctphoff);
|
||||||
} else {
|
} else {
|
||||||
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
||||||
}
|
}
|
||||||
@ -174,7 +175,8 @@ sctp_dnat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
|
|||||||
(skb->ip_summed == CHECKSUM_PARTIAL &&
|
(skb->ip_summed == CHECKSUM_PARTIAL &&
|
||||||
!(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) {
|
!(skb_dst(skb)->dev->features & NETIF_F_SCTP_CRC))) {
|
||||||
sctph->dest = cp->dport;
|
sctph->dest = cp->dport;
|
||||||
sctp_nat_csum(skb, sctph, sctphoff);
|
if (!skb_is_gso(skb) || !skb_is_gso_sctp(skb))
|
||||||
|
sctp_nat_csum(skb, sctph, sctphoff);
|
||||||
} else if (skb->ip_summed != CHECKSUM_PARTIAL) {
|
} else if (skb->ip_summed != CHECKSUM_PARTIAL) {
|
||||||
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
||||||
}
|
}
|
||||||
|
@ -338,7 +338,9 @@ static void nft_netdev_event(unsigned long event, struct net_device *dev,
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
if (n > 1) {
|
if (n > 1) {
|
||||||
nf_unregister_net_hook(ctx->net, &found->ops);
|
if (!(ctx->chain->table->flags & NFT_TABLE_F_DORMANT))
|
||||||
|
nf_unregister_net_hook(ctx->net, &found->ops);
|
||||||
|
|
||||||
list_del_rcu(&found->list);
|
list_del_rcu(&found->list);
|
||||||
kfree_rcu(found, rcu);
|
kfree_rcu(found, rcu);
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user