Commit 458bf63d authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge tag 'nf-25-02-13' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following batch contains one revert for:

1) Revert flowtable entry teardown cycle when skbuff exceeds mtu to
   deal with DF flag unset scenarios. This is reverts a patch coming
   in the previous merge window (available in 6.14-rc releases).

* tag 'nf-25-02-13' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  Revert "netfilter: flowtable: teardown flow if cached mtu is stale"
====================

Link: https://patch.msgid.link/20250213100502.3983-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 0892b840 cf56aa8d

net/netfilter/nf_flow_table_ip.c

+2 −6
Original line number Diff line number Diff line
@@ -381,10 +381,8 @@ static int nf_flow_offload_forward(struct nf_flowtable_ctx *ctx, 
	flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);



	mtu = flow->tuplehash[dir].tuple.mtu + ctx->offset;

	if (unlikely(nf_flow_exceeds_mtu(skb, mtu))) {

		flow_offload_teardown(flow);

	if (unlikely(nf_flow_exceeds_mtu(skb, mtu)))

		return 0;

	}



	iph = (struct iphdr *)(skb_network_header(skb) + ctx->offset);

	thoff = (iph->ihl * 4) + ctx->offset;
@@ -662,10 +660,8 @@ static int nf_flow_offload_ipv6_forward(struct nf_flowtable_ctx *ctx, 
	flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);



	mtu = flow->tuplehash[dir].tuple.mtu + ctx->offset;

	if (unlikely(nf_flow_exceeds_mtu(skb, mtu))) {

		flow_offload_teardown(flow);

	if (unlikely(nf_flow_exceeds_mtu(skb, mtu)))

		return 0;

	}



	ip6h = (struct ipv6hdr *)(skb_network_header(skb) + ctx->offset);

	thoff = sizeof(*ip6h) + ctx->offset;