target/linux/generic/backport-4.14/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch

   1 From: "Jason A. Donenfeld" <Jason@zx2c4.com>
   2 Date: Wed, 30 May 2018 20:43:15 +0200
   3 Subject: [PATCH] netfilter: nf_flow_table: attach dst to skbs
   4
   5 Some drivers, such as vxlan and wireguard, use the skb's dst in order to
   6 determine things like PMTU. They therefore loose functionality when flow
   7 offloading is enabled. So, we ensure the skb has it before xmit'ing it
   8 in the offloading path.
   9
  10 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
  11 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  12 ---
  13
  14 --- a/net/netfilter/nf_flow_table_ip.c
  15 +++ b/net/netfilter/nf_flow_table_ip.c
  16 @@ -220,7 +220,7 @@ nf_flow_offload_ip_hook(void *priv, stru
  17         enum flow_offload_tuple_dir dir;
  18         struct flow_offload *flow;
  19         struct net_device *outdev;
  20 -       const struct rtable *rt;
  21 +       struct rtable *rt;
  22         unsigned int thoff;
  23         struct iphdr *iph;
  24         __be32 nexthop;
  25 @@ -241,7 +241,7 @@ nf_flow_offload_ip_hook(void *priv, stru
  26
  27         dir = tuplehash->tuple.dir;
  28         flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
  29 -       rt = (const struct rtable *)flow->tuplehash[!dir].tuple.dst_cache;
  30 +       rt = (struct rtable *)flow->tuplehash[!dir].tuple.dst_cache;
  31
  32         if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
  33             (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
  34 @@ -264,6 +264,7 @@ nf_flow_offload_ip_hook(void *priv, stru
  35
  36         skb->dev = outdev;
  37         nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
  38 +       skb_dst_set_noref(skb, &rt->dst);
  39         neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
  40
  41         return NF_STOLEN;
  42 @@ -480,6 +481,7 @@ nf_flow_offload_ipv6_hook(void *priv, st
  43
  44         skb->dev = outdev;
  45         nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
  46 +       skb_dst_set_noref(skb, &rt->dst);
  47         neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
  48
  49         return NF_STOLEN;