Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1626959ybh; Sun, 15 Mar 2020 07:16:29 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtCnkNM020lwqxZjWp1ft4j872k3SoX+s4Z4AoRIWl6Ch3x91p4dW3au3Bc0Vm3caDo5GvM X-Received: by 2002:aca:4997:: with SMTP id w145mr14472050oia.58.1584281789871; Sun, 15 Mar 2020 07:16:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584281789; cv=none; d=google.com; s=arc-20160816; b=U5TVIKpZMfEvc+NoUhFlt1nWxEgo1Am636t3Kcv0Z1XF5M4YHfWE6ptTbvl6wHasHP J8PcofSw8iSMFlh4/l0IwtlNRiR71Z4tQHqMkWJnqknlX9QMcz0mpGqmz4RsZwAeZxLf nrmDa9dTfpUvqf7W19ql4CoggVIPkXHqjUJ8T7YhlzMYajDJpbe6SqkKk59jrvlg0Eaw RPzrAHz3GR504yk4zy6UyHskRLGBiWbkNISIIaTVkqpEbS1OXQokZHl7swQ/hoxNI8KT uO0M58CaL3KYRhjcv0jkcsfyWu/hPS7jo3jHjvhAsfcmg/YE1XAidsWuoem06atp2RnG 2/6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=xTcYJmLedHC1D/P7r5+W5wffgAYXqdwIqHem6ez22GI=; b=Rwz1A9zVnblmp2449u1EGHlEsrLWsqXDelq2D64FHpoocqLqz/laWMi1fQPWreXF48 AIXlpGEGd6Vl/8gKL8nGg8R02bjZpYeE6eXsaKjjuAM2moFTshqwiZxIiY6P2FbB/CLn +Q1t/V4sGJsOrJbCG7GODRKmmMCCN3VNlSvLZqKPOQyO2cfyZXDeY9rEFpb5XX+cDxcf yGi1FZ/AaWugqFVK/B4/LY/a2/EpaJvYEG9vZWlYGyqr8r8GpsbJ+9dpYHdFZh16hInN xn5/qjlIQZ+9PoyPVua5tJQhbCzLa1meI3kv5zdoNsY8DNHz4KaJ2iXUv8iJFBv3zeNz hJFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c6si8158843otm.298.2020.03.15.07.16.18; Sun, 15 Mar 2020 07:16:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728734AbgCOOPn (ORCPT + 99 others); Sun, 15 Mar 2020 10:15:43 -0400 Received: from cmccmta1.chinamobile.com ([221.176.66.79]:3358 "EHLO cmccmta1.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgCOOPn (ORCPT ); Sun, 15 Mar 2020 10:15:43 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app02-12002 (RichMail) with SMTP id 2ee25e6e3882121-caef4; Sun, 15 Mar 2020 22:15:31 +0800 (CST) X-RM-TRANSID: 2ee25e6e3882121-caef4 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.241]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee95e6e387bd82-25633; Sun, 15 Mar 2020 22:15:30 +0800 (CST) X-RM-TRANSID: 2ee95e6e387bd82-25633 From: Haishuang Yan To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH 2/4] netfilter: nf_flow_table: reload iph in nf_flow_nat_ip Date: Sun, 15 Mar 2020 22:15:03 +0800 Message-Id: <1584281705-26228-2-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> References: <1584281705-26228-1-git-send-email-yanhaishuang@cmss.chinamobile.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since nf_flow_snat_port and nf_flow_snat_ip call pskb_may_pull() which may change skb->data, so we need to reload iph at the right place. Fixes: 7d2086871762 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table") Signed-off-by: Haishuang Yan --- net/netfilter/nf_flow_table_ip.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 2e6ebbe..942bda5 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -146,11 +146,12 @@ static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, if (test_bit(NF_FLOW_SNAT, &flow->flags) && (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || - nf_flow_snat_ip(flow, skb, iph, thoff, dir) < 0)) + nf_flow_snat_ip(flow, skb, ip_hdr(skb), thoff, dir) < 0)) return -1; + iph = ip_hdr(skb); if (test_bit(NF_FLOW_DNAT, &flow->flags) && (nf_flow_dnat_port(flow, skb, thoff, iph->protocol, dir) < 0 || - nf_flow_dnat_ip(flow, skb, iph, thoff, dir) < 0)) + nf_flow_dnat_ip(flow, skb, ip_hdr(skb), thoff, dir) < 0)) return -1; return 0; -- 1.8.3.1