]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 791fd7c) | patch
netfilter: flowtable: move dst_check to packet path
authorRitaro Takenaka <ritarot634@gmail.com>
Tue, 17 May 2022 10:55:30 +0000 (12:55 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 18 May 2022 15:34:26 +0000 (17:34 +0200)
commit77e067154416b38c968e53a97229304c914d3d16
treea7d192ce684e8e9b070cc62fc936388647d27e41tree | snapshot
parent791fd7c7e8eb47a0c8431bfa034c88c0bffc5d8fcommit | diff
netfilter: flowtable: move dst_check to packet path

Fixes sporadic IPv6 packet loss when flow offloading is enabled.

IPv6 route GC and flowtable GC are not synchronized.
When dst_cache becomes stale and a packet passes through the flow before
the flowtable GC teardowns it, the packet can be dropped.
So, it is necessary to check dst every time in packet path.

Fixes: a7e275dd8482 ("netfilter: nf_flowtable: skip device lookup from interface index")
Signed-off-by: Ritaro Takenaka <ritarot634@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_flow_table_core.c diff | blob | history
net/netfilter/nf_flow_table_ip.c diff | blob | history
Linux Kernel Source Tree.