Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp8139893ybl; Thu, 16 Jan 2020 11:18:48 -0800 (PST) X-Google-Smtp-Source: APXvYqxv7dUN0je/gUfT/O7x4xdlhn4FckkHFdLJTL7xXYfjNg7hc6GEr1BUkQRmEDeuRKGq4l+o X-Received: by 2002:a05:6830:13da:: with SMTP id e26mr3128305otq.97.1579202328229; Thu, 16 Jan 2020 11:18:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579202328; cv=none; d=google.com; s=arc-20160816; b=CO3g3lTCO4zUHYocP4mNg61LDNsOsYVvTWQLSbomV6K1/zTTrzRdY3/f9/LYVoZO4R qyL62U79mvghodS1KRhtTTIpEcVo/vp5ojnJtsBuJyaupiaDxjpzB0o4ydxTUrwFMPkj HmiGEGDwZQ3GgKWU+Wx1cD6rhc8tiiR9YLynmf3nVCtYd8HXdkEgqdMD4HRoEMiDEXw0 RDtrxsdyeL6edZU67cgS3N+TfdEOkjc5kw6H88e/nKwjI2uID3WJMevxDZAk/XEobBpd +QG7paYJdbVXQzVrlA/bR7FY4SqD4rH6QkJT2nb+kCOLVN8sY68vf0TQHgfMcdzNEpOi xm0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=N01ZsvidQOmIVd85tUNMZSI8bXvVdn1+4pUtKcwIXgc=; b=piW7rwSqGO3xF2TabnHhGhGSJzlX4Nv2L1/rOs2qw5XeOquSbxN5xqsCN8JfUsIERB D+Gp/c9f+R73Ji06vJRqiGqFmCcA3lUIZKvUaToTH2bo1MfD4yvVFiRNVoxf8WWizGao /KfywFQ59Wv5sjgouCsusKCJgEWk/RUOZ7akvmcmUW5L51dQexdKu5yQJu96iVvXfWSC w0IhTh7HPnw4/pcd4dqrZaXCHA7EwF8+rqkErhd6cw6e7sMP9t3AZBIE0SJsoeCUcnzi GkfHhP6fERJTBCvnweRWOZQtTW0KbglWxI7LZTsHVPISekADoleYKUhoYzw6Q3MnwOPz nDpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WZ8aqI+J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q2si13753267otn.220.2020.01.16.11.18.35; Thu, 16 Jan 2020 11:18:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WZ8aqI+J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2407271AbgAPTQK (ORCPT + 99 others); Thu, 16 Jan 2020 14:16:10 -0500 Received: from mail.kernel.org ([198.145.29.99]:41440 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732777AbgAPQzr (ORCPT ); Thu, 16 Jan 2020 11:55:47 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 59C9A20730; Thu, 16 Jan 2020 16:55:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579193747; bh=Qo96X3SSaZ1LtA/89TScd5NsivCR6oe1aoBgbuVYLwE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WZ8aqI+JQGXYSBnkABvzKBeNjPYe4jev6RF2ur+os0DP3aYBsfzUvTW9ejpKT5Efj oPNl6v4zcwds0S0QC7shqqoKW7ZtXWrTpkpheQTFQuSe/vpEvb4GugwpNy4fU7aN+2 lYOapDeACY6qEehP3Cb3rzEHVMSd8E0YxFLDC2oE= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Taehee Yoo , Pablo Neira Ayuso , Sasha Levin , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 037/671] netfilter: nf_flow_table: do not remove offload when other netns's interface is down Date: Thu, 16 Jan 2020 11:44:28 -0500 Message-Id: <20200116165502.8838-37-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200116165502.8838-1-sashal@kernel.org> References: <20200116165502.8838-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Taehee Yoo [ Upstream commit a3fb3698cadf27dc142b24394c401625e14d80d0 ] When interface is down, offload cleanup function(nf_flow_table_do_cleanup) is called and that checks whether interface index of offload and index of link down interface is same. but only interface index checking is not enough because flowtable is not pernet list. So that, if other netns's interface that has index is same with offload is down, that offload will be removed. This patch adds netns checking code to the offload cleanup routine. Fixes: 59c466dd68e7 ("netfilter: nf_flow_table: add a new flow state for tearing down offloading") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/nf_flow_table_core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 70bd730ca059..890799c16aa4 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -491,14 +491,17 @@ EXPORT_SYMBOL_GPL(nf_flow_table_init); static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) { struct net_device *dev = data; + struct flow_offload_entry *e; + + e = container_of(flow, struct flow_offload_entry, flow); if (!dev) { flow_offload_teardown(flow); return; } - - if (flow->tuplehash[0].tuple.iifidx == dev->ifindex || - flow->tuplehash[1].tuple.iifidx == dev->ifindex) + if (net_eq(nf_ct_net(e->ct), dev_net(dev)) && + (flow->tuplehash[0].tuple.iifidx == dev->ifindex || + flow->tuplehash[1].tuple.iifidx == dev->ifindex)) flow_offload_dead(flow); } -- 2.20.1