Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3288051ybb;
        Tue, 31 Mar 2020 02:09:39 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vuDOZbce9PVbQ2v/kXRfAqIZl8Q0ltHljD44KI4NyzzbJcLuiw2lR1OyNc56xSWb0voNHDQ
X-Received: by 2002:aca:5317:: with SMTP id h23mr1426400oib.33.1585645776772;
        Tue, 31 Mar 2020 02:09:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1585645776; cv=none;
        d=google.com; s=arc-20160816;
        b=G5z7KE5Fyv+VR52d24F6JB+vu8hkfdvnHSuXvWB6YibDEkJBGrh32Gv0s5Nx3Ml7mQ
         5xKzGAmvSYzoPKnzw7SGAuaG4iw1EFXCrtUwzmwNTrePbAqbGUVJkmY809OTMsu6caYd
         dTP2YqXJoaGzJULY12qp/FX4x4qYKCoKQeyMUulgFTpYgsjLYq6FUsMuUWO1UO18yoOh
         hCYKU5+VR6Xc5tO2OMFmL3beMWPk1W14mYq3ePxuBCGj1tosWny9QjC4LzPtnDPXKaHY
         QMmtMQ8fX6Yl+FwuePJ5JhlX1AEgsnKoTdgNEo444ztmDhZp64ga1cM+vMM5m4AZEtBQ
         IbqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=R4acclEDVtdeVjTgFDvgSpZm08+4HIW/Mq6P4ZyP5IM=;
        b=SGuhqeRSfV18jA+9TZn8K7N1VjupUoXahUyfTPXwIXpK1xflI6/fiU0i6OeVC7vJUN
         Xzwv0IhrRrgVQa069BoKJB9B9XvVM5gZdlNmntjY2mfWR27exRcN/Zy1rq7yVctNZSCq
         UosNkQltvetfogZ0JcLHyioE+XHAfJTav7MlN8hAIU1LGfa8TmKfEyQken4RM825UWXS
         eku7HOvh2ttqFxhVUKKL7mf87UllKOp4Ji2IJ6kG6FCIS8h54E1aWoNo/UJHO/LJK24K
         DwnLJlIFOXYKzr8+pjfeJ6H8sHIBmVWDCYUUZX09V3S1hMGUk0iG03Lhz6sJcq6SjWIs
         fhKA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=L5n4ExNB;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 63si7538404otm.66.2020.03.31.02.09.24;
        Tue, 31 Mar 2020 02:09:36 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=L5n4ExNB;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731239AbgCaJI1 (ORCPT <rfc822;rafael.sjavar@gmail.com>
        + 99 others); Tue, 31 Mar 2020 05:08:27 -0400
Received: from mail.kernel.org ([198.145.29.99]:50850 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731127AbgCaJIZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 31 Mar 2020 05:08:25 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 8538A2072E;
        Tue, 31 Mar 2020 09:08:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1585645705;
        bh=LUr+Qy3SYx/y4w3WfYIPeBIObF+JeJjDiX67mmvdWiM=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=L5n4ExNBQqTVI0W8EnUglYyLDkR9ZTBGaG8VhR5FL86TNVOZOEbH4iQ9AsKfQVPOa
         nLqYfxQkVIVAoS6rsCeXvK3r0YSpPPPIjSLv7Qs5i5k7gPkYtHe/gWpCY0VBFRj/WC
         NdhYqhQNINXDsyDw4xYuKTiFjAkiXCbVrskJLtfc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress
Date:   Tue, 31 Mar 2020 10:59:12 +0200
Message-Id: <20200331085438.148415210@linuxfoundation.org>
X-Mailer: git-send-email 2.26.0
In-Reply-To: <20200331085423.990189598@linuxfoundation.org>
References: <20200331085423.990189598@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Pablo Neira Ayuso <pablo@netfilter.org>

commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream.

Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet.
Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress
path after leaving the ifb egress path.

This patch inconditionally sets on these two skb fields that are
meaningful to the ifb driver. The existing forward action is guaranteed
to run from ingress path.

Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nft_fwd_netdev.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/net/netfilter/nft_fwd_netdev.c
+++ b/net/netfilter/nft_fwd_netdev.c
@@ -28,6 +28,10 @@ static void nft_fwd_netdev_eval(const st
 	struct nft_fwd_netdev *priv = nft_expr_priv(expr);
 	int oif = regs->data[priv->sreg_dev];
 
+	/* These are used by ifb only. */
+	pkt->skb->tc_redirected = 1;
+	pkt->skb->tc_from_ingress = 1;
+
 	nf_fwd_netdev_egress(pkt, oif);
 	regs->verdict.code = NF_STOLEN;
 }