tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

netfilter: flowtable: use tuple address to calculate next hop

This simplifies IPIP tunnel support coming in follow up patches.

No function changes are intended.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso a0d98b64 030feea3

+12 -4
+12 -4
net/netfilter/nf_flow_table_ip.c
··· 480 480 { 481 481 struct flow_offload_tuple_rhash *tuplehash; 482 482 struct nf_flowtable *flow_table = priv; 483 + struct flow_offload_tuple *other_tuple; 483 484 enum flow_offload_tuple_dir dir; 484 485 struct nf_flowtable_ctx ctx = { 485 486 .in = state->in, ··· 489 488 struct flow_offload *flow; 490 489 struct neighbour *neigh; 491 490 struct rtable *rt; 491 + __be32 ip_daddr; 492 492 int ret; 493 493 494 494 tuplehash = nf_flow_offload_lookup(&ctx, flow_table, skb); ··· 512 510 513 511 dir = tuplehash->tuple.dir; 514 512 flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); 513 + other_tuple = &flow->tuplehash[!dir].tuple; 514 + ip_daddr = other_tuple->src_v4.s_addr; 515 515 516 - if (nf_flow_encap_push(skb, &flow->tuplehash[!dir].tuple) < 0) 516 + if (nf_flow_encap_push(skb, other_tuple) < 0) 517 517 return NF_DROP; 518 518 519 519 switch (tuplehash->tuple.xmit_type) { ··· 526 522 flow_offload_teardown(flow); 527 523 return NF_DROP; 528 524 } 529 - neigh = ip_neigh_gw4(rt->dst.dev, rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr)); 525 + neigh = ip_neigh_gw4(rt->dst.dev, rt_nexthop(rt, ip_daddr)); 530 526 if (IS_ERR(neigh)) { 531 527 flow_offload_teardown(flow); 532 528 return NF_DROP; ··· 791 787 { 792 788 struct flow_offload_tuple_rhash *tuplehash; 793 789 struct nf_flowtable *flow_table = priv; 790 + struct flow_offload_tuple *other_tuple; 794 791 enum flow_offload_tuple_dir dir; 795 792 struct nf_flowtable_ctx ctx = { 796 793 .in = state->in, 797 794 }; 798 795 struct nf_flow_xmit xmit = {}; 796 + struct in6_addr *ip6_daddr; 799 797 struct flow_offload *flow; 800 798 struct neighbour *neigh; 801 799 struct rt6_info *rt; ··· 823 817 824 818 dir = tuplehash->tuple.dir; 825 819 flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); 820 + other_tuple = &flow->tuplehash[!dir].tuple; 821 + ip6_daddr = &other_tuple->src_v6; 826 822 827 - if (nf_flow_encap_push(skb, &flow->tuplehash[!dir].tuple) < 0) 823 + if (nf_flow_encap_push(skb, other_tuple) < 0) 828 824 return NF_DROP; 829 825 830 826 switch (tuplehash->tuple.xmit_type) { ··· 837 829 flow_offload_teardown(flow); 838 830 return NF_DROP; 839 831 } 840 - neigh = ip_neigh_gw6(rt->dst.dev, rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6)); 832 + neigh = ip_neigh_gw6(rt->dst.dev, rt6_nexthop(rt, ip6_daddr)); 841 833 if (IS_ERR(neigh)) { 842 834 flow_offload_teardown(flow); 843 835 return NF_DROP;