Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3441705ybb; Tue, 31 Mar 2020 05:28:25 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtMQcIHxnTlmMfvMuG9xHrpk0mCyv2ZoDutypNnHyOJ4No4CrQEOnIlvVFlT8Qsfxv6i2mj X-Received: by 2002:aca:d40f:: with SMTP id l15mr1792470oig.90.1585657705263; Tue, 31 Mar 2020 05:28:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585657705; cv=none; d=google.com; s=arc-20160816; b=CQIpxmiXNn5V45ywkMgKcXByGYlur/f8xGhoBAr09NigxaUS3fywChWsCLTphPylQw N9zZ8PQS0rTM15gAPnsWYe3dTo6XLndPdA5aoXi3fvn7Mf5zQMvZpSUxyv2LGdaiwnOp 98+RliDIaI2wDyVgQtGbdGiZxoaQR5n2daIR2fTKW5bjKOgbNbNTBZMTmEY+2LsPXZR9 UlPj0sYBH9sW+/vg9FzZo1t3FbdyiNLH7gvEXODmILNzPWSsd4uxuQWcqk0ySH4aIwcQ EJfg4EZV8KcIRwCcXK60ukFszHb/Qk50B+Aed+dOnOfng+l0e3L5jQBHvm2cBOrcGC1O wgGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=yzhHQLHUeLRQTplvuSLSXHcTcDze+bSiFunx63ScrYU=; b=EIpaY+0SgqHK3caUIxe8u5UyNWSNC63whtOyw/0UqxbKuY5Yqz8z4sfsOIR040Btin sjF86M5bObww7DSSXGpnutOX2c46XsbD+c8aOL6To33W4W53vRHtO+r0T0LRp9mhrt7h cm27xh+qIDCJMyil9qx8V6pMo4XaEzdNtKUni3O1nA6P1bdx4S9CZ6XS1WcwWegj50GI z7BpStjaUVw9nY3RUGfcil2OkxEEmGqiqDWLp5fz59N8mq+H5SMhzmuR4l65HUb7P+Ed ttisISxVpYlOtMwG8o9IXMh+wezxK5DDmy3oixSRUziTB1UttvCxM0vw8WvEpz7hshwe eTpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Xq3N5hZp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9si7225367oia.47.2020.03.31.05.28.12; Tue, 31 Mar 2020 05:28:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Xq3N5hZp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730851AbgCaM03 (ORCPT + 99 others); Tue, 31 Mar 2020 08:26:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:56352 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730343AbgCaM02 (ORCPT ); Tue, 31 Mar 2020 08:26:28 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F2E7420848; Tue, 31 Mar 2020 12:26:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585657588; bh=ARYr/LKj+yZwEU4iRvbH7FzrNzmdYr/PkmH9b2I+f04=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Xq3N5hZp0GIAPSlbTvfr9BXe+y4LG9Uv3UovNY6Yk0YIOKwgVfPY8EgPzaDoKW2wd vSVoDGymgwdCPsZ71SZRea/1NWtuKq69d3jLgndLZgXHbCs5wgttrZgiQhTEhFWfll uO8myYXyLDlkGXOuzt5Hxw9vtfHh2ORTVvvFJdpw= Date: Tue, 31 Mar 2020 14:12:28 +0200 From: Greg Kroah-Hartman To: Pablo Neira Ayuso Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: Re: [PATCH 5.5 138/170] netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress Message-ID: <20200331121228.GB1617997@kroah.com> References: <20200331085423.990189598@linuxfoundation.org> <20200331085438.148415210@linuxfoundation.org> <20200331101603.wmsbhgmjc6vf4esk@salvia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200331101603.wmsbhgmjc6vf4esk@salvia> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 31, 2020 at 12:16:03PM +0200, Pablo Neira Ayuso wrote: > On Tue, Mar 31, 2020 at 10:59:12AM +0200, Greg Kroah-Hartman wrote: > > From: Pablo Neira Ayuso > > > > commit bcfabee1afd99484b6ba067361b8678e28bbc065 upstream. > > > > Set skb->tc_redirected to 1, otherwise the ifb driver drops the packet. > > Set skb->tc_from_ingress to 1 to reinject the packet back to the ingress > > path after leaving the ifb egress path. > > > > This patch inconditionally sets on these two skb fields that are > > meaningful to the ifb driver. The existing forward action is guaranteed > > to run from ingress path. > > > > Fixes: 39e6dea28adc ("netfilter: nf_tables: add forward expression to the netdev family") > > Signed-off-by: Pablo Neira Ayuso > > Signed-off-by: Greg Kroah-Hartman > > > > --- > > net/netfilter/nft_fwd_netdev.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > --- a/net/netfilter/nft_fwd_netdev.c > > +++ b/net/netfilter/nft_fwd_netdev.c > > @@ -28,6 +28,10 @@ static void nft_fwd_netdev_eval(const st > > struct nft_fwd_netdev *priv = nft_expr_priv(expr); > > int oif = regs->data[priv->sreg_dev]; > > > > + /* These are used by ifb only. */ > > + pkt->skb->tc_redirected = 1; > > + pkt->skb->tc_from_ingress = 1; > > This patch also requires: > > 2c64605b590e net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build > > Otherwise build breaks with CONFIG_NET_CLS_ACT=n. Thanks for the hint, will go do that now. greg k-h