projects / wrapfs-5.10.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ae3edbd) | patch
netfilter: flowtable: move dst_check to packet path
authorRitaro Takenaka <ritarot634@gmail.com>
Tue, 17 May 2022 10:55:30 +0000 (12:55 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 25 May 2022 07:59:11 +0000 (09:59 +0200)
commit8e0d7162bc6313d65403b9327b446c6106bd4fac
tree19b2e9ce40809c185a5f910d2ea30b98814b4b07tree | snapshot
parentae3edbdf06bbcfb569991870564e9adbd0a6dd20commit | diff
netfilter: flowtable: move dst_check to packet path

[ Upstream commit 2738d9d963bd1f06d5114c2b4fa5771a95703991 ]

Fixes sporadic IPv6 packet loss when flow offloading is enabled.

IPv6 route GC and flowtable GC are not synchronized.
When dst_cache becomes stale and a packet passes through the flow before
the flowtable GC teardowns it, the packet can be dropped.
So, it is necessary to check dst every time in packet path.

Fixes: 227e1e4d0d6c ("netfilter: nf_flowtable: skip device lookup from interface index")
Signed-off-by: Ritaro Takenaka <ritarot634@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/netfilter/nf_flow_table_core.c diff | blob | history
net/netfilter/nf_flow_table_ip.c diff | blob | history
wrapfs-5.10.y