iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: flowtable: incorrect pppoe tuple

Browse Source 
[ Upstream commit 6db5dc7b35 ]

pppoe traffic reaching ingress path does not match the flowtable entry
because the pppoe header is expected to be at the network header offset.
This bug causes a mismatch in the flow table lookup, so pppoe packets
enter the classical forwarding path.

Fixes: 72efd585f7 ("netfilter: flowtable: add pppoe support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Pablo Neira Ayuso
2024-04-11 00:09:00 +02:00
committed by Greg Kroah-Hartman
parent 8bf7c76a2a
commit f1c3c61701
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/netfilter/nf_flow_table_ip.c
View File

@ -156,7 +156,7 @@ static void nf_flow_tuple_encap(struct sk_buff *skb,
tuple->encap[i].proto = skb->protocol; tuple->encap[i].proto = skb->protocol;
break; break;
case htons(ETH_P_PPP_SES): case htons(ETH_P_PPP_SES):
phdr = (struct pppoe_hdr *)skb_mac_header(skb); phdr = (struct pppoe_hdr *)skb_network_header(skb);
tuple->encap[i].id = ntohs(phdr->sid); tuple->encap[i].id = ntohs(phdr->sid);
tuple->encap[i].proto = skb->protocol; tuple->encap[i].proto = skb->protocol;
break; break;