Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp3246123ybh; Mon, 16 Mar 2020 19:06:19 -0700 (PDT) X-Google-Smtp-Source: ADFU+vt2/xDVz2nOWj3I7TMHhscbzhU7TiUhy6rgsFQ6ew3gw0e4vlyNDBx5gxi8HEAJ7GWe0QAO X-Received: by 2002:aca:7517:: with SMTP id q23mr1869519oic.23.1584410779166; Mon, 16 Mar 2020 19:06:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584410779; cv=none; d=google.com; s=arc-20160816; b=zlJ2UsCXgyAhqzODvK9k5YnRaNeHpJsX3MDHl5MkNb965RcYLvHWuF4fs/McfNoV24 bTrghtzh1HxuCyjcNsbKz84TiuDfvjDME6L25ThjvNBUZBp21n5+h59Sfr1MnytKiGoY mz5c72Aw2hISoEX5TK3O9mJT3E87DZMJyKCKgNGa+VBvA3MmWkR67JHs3X/RH1CT30lJ pWccU9cjUQWNVZ1upNFz9XzrQxRWPL0F4sFJtVIeBPPw9fHjlvl4WNiBJ/E0fxv1HFnB lmy7UB3CZe2kJm3kbr/WL68iCnVrzOo8GHAjWjUUPCXFtr6gW2mNRGXAkRsrjKuCwLxP MLuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=p5AWiV0LiiAtVhCtnJOzI6i3BQkUkzGgU+8Agx0hGm8=; b=yH4I+Qj0VG2ASEqzlCXLhl9CU9tPUrxfMbuWq8X/tQdCBdrEpn8/9siIlJDLeFdXRH 8okUZ2cCNkcUXQVtnuPagMaJwiV1MIXxFB0kltU8kRUUsr6y9IifUHJcVttge52BHdFl /V4+vVGod/8HhlYCYI52mVrqvfiuLKwPIdwFfaR7Z3EStH2nBx4reqfYfUK054qhvN8/ 5KH08seSB9zR/8wZx86AyHvCWanumgV0oQ3A7lGVaIFv0KY+G3IjPOCzfQthn+NleZ/1 yqZlpLgqaC4i9wc3mXt+plaFwSMygS4nc+vMu5yY9tKpOzy4pJZ9QgOVqPIN4xcMeiVC uS6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s21si969177otp.225.2020.03.16.19.06.07; Mon, 16 Mar 2020 19:06:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726803AbgCQCDi (ORCPT + 99 others); Mon, 16 Mar 2020 22:03:38 -0400 Received: from cmccmta3.chinamobile.com ([221.176.66.81]:9062 "EHLO cmccmta3.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725995AbgCQCDi (ORCPT ); Mon, 16 Mar 2020 22:03:38 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.19]) by rmmx-syy-dmz-app12-12012 (RichMail) with SMTP id 2eec5e702fd7356-ec074; Tue, 17 Mar 2020 10:03:04 +0800 (CST) X-RM-TRANSID: 2eec5e702fd7356-ec074 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.241]) by rmsmtp-syy-appsvr10-12010 (RichMail) with SMTP id 2eea5e702fd7558-f80c0; Tue, 17 Mar 2020 10:03:04 +0800 (CST) X-RM-TRANSID: 2eea5e702fd7558-f80c0 From: Haishuang Yan To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH v2 1/2] netfilter: nf_flow_table: reload ip{v6}h in nf_flow_nat_ip{v6} Date: Tue, 17 Mar 2020 10:02:52 +0800 Message-Id: <1584410573-6812-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since nf_flow_snat_port and nf_flow_snat_ip{v6} call pskb_may_pull() which may change skb->data, so we need to reload ip{v6}h at the right palce. Fixes: a908fdec3dda ("netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table") Fixes: 7d2086871762 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table") Signed-off-by: Haishuang Yan --- v2: collapse the patches --- net/netfilter/nf_flow_table_ip.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 5272721..942bda5 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -146,11 +146,12 @@ static int nf_flow_nat_ip(const struct flow_offload *flow, struct sk_buff *skb, if (test_bit(NF_FLOW_SNAT, &flow->flags) && (nf_flow_snat_port(flow, skb, thoff, iph->protocol, dir) < 0 || - nf_flow_snat_ip(flow, skb, iph, thoff, dir) < 0)) + nf_flow_snat_ip(flow, skb, ip_hdr(skb), thoff, dir) < 0)) return -1; + iph = ip_hdr(skb); if (test_bit(NF_FLOW_DNAT, &flow->flags) && (nf_flow_dnat_port(flow, skb, thoff, iph->protocol, dir) < 0 || - nf_flow_dnat_ip(flow, skb, iph, thoff, dir) < 0)) + nf_flow_dnat_ip(flow, skb, ip_hdr(skb), thoff, dir) < 0)) return -1; return 0; @@ -417,11 +418,12 @@ static int nf_flow_nat_ipv6(const struct flow_offload *flow, if (test_bit(NF_FLOW_SNAT, &flow->flags) && (nf_flow_snat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || - nf_flow_snat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) + nf_flow_snat_ipv6(flow, skb, ipv6_hdr(skb), thoff, dir) < 0)) return -1; + ip6h = ipv6_hdr(skb); if (test_bit(NF_FLOW_DNAT, &flow->flags) && (nf_flow_dnat_port(flow, skb, thoff, ip6h->nexthdr, dir) < 0 || - nf_flow_dnat_ipv6(flow, skb, ip6h, thoff, dir) < 0)) + nf_flow_dnat_ipv6(flow, skb, ipv6_hdr(skb), thoff, dir) < 0)) return -1; return 0; -- 1.8.3.1