From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Taehee Yoo <ap420073@gmail.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 037/671] netfilter: nf_flow_table: do not remove offload when other netns's interface is down
Date: Thu, 16 Jan 2020 11:44:28 -0500 [thread overview]
Message-ID: <20200116165502.8838-37-sashal@kernel.org> (raw)
In-Reply-To: <20200116165502.8838-1-sashal@kernel.org>
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit a3fb3698cadf27dc142b24394c401625e14d80d0 ]
When interface is down, offload cleanup function(nf_flow_table_do_cleanup)
is called and that checks whether interface index of offload and
index of link down interface is same. but only interface index checking
is not enough because flowtable is not pernet list.
So that, if other netns's interface that has index is same with offload
is down, that offload will be removed.
This patch adds netns checking code to the offload cleanup routine.
Fixes: 59c466dd68e7 ("netfilter: nf_flow_table: add a new flow state for tearing down offloading")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_flow_table_core.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 70bd730ca059..890799c16aa4 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -491,14 +491,17 @@ EXPORT_SYMBOL_GPL(nf_flow_table_init);
static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
{
struct net_device *dev = data;
+ struct flow_offload_entry *e;
+
+ e = container_of(flow, struct flow_offload_entry, flow);
if (!dev) {
flow_offload_teardown(flow);
return;
}
-
- if (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||
- flow->tuplehash[1].tuple.iifidx == dev->ifindex)
+ if (net_eq(nf_ct_net(e->ct), dev_net(dev)) &&
+ (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||
+ flow->tuplehash[1].tuple.iifidx == dev->ifindex))
flow_offload_dead(flow);
}
--
2.20.1
next prev parent reply other threads:[~2020-01-16 19:16 UTC|newest]
Thread overview: 118+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-16 16:43 [PATCH AUTOSEL 4.19 001/671] drm/sti: do not remove the drm_bridge that was never added Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 002/671] ARM: dts: at91: nattis: set the PRLUD and HIPOW signals low Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 003/671] ARM: dts: at91: nattis: make the SD-card slot work Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 004/671] ixgbe: don't clear IPsec sa counters on HW clearing Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 005/671] drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 006/671] iio: fix position relative kernel version Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 007/671] apparmor: Fix network performance issue in aa_label_sk_perm Sasha Levin
2020-01-16 16:43 ` [PATCH AUTOSEL 4.19 008/671] ALSA: hda: fix unused variable warning Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 009/671] apparmor: don't try to replace stale label in ptrace access check Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 010/671] ARM: qcom_defconfig: Enable MAILBOX Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 011/671] firmware: coreboot: Let OF core populate platform device Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 012/671] PCI: iproc: Remove PAXC slot check to allow VF support Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 013/671] bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 014/671] drm/hisilicon: hibmc: Don't overwrite fb helper surface depth Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 015/671] signal/ia64: Use the generic force_sigsegv in setup_frame Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 016/671] signal/ia64: Use the force_sig(SIGSEGV,...) in ia64_rt_sigreturn Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 017/671] ASoC: wm9712: fix unused variable warning Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 018/671] mailbox: mediatek: Add check for possible failure of kzalloc Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 019/671] IB/rxe: replace kvfree with vfree Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 020/671] IB/hfi1: Add mtu check for operational data VLs Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 021/671] genirq/debugfs: Reinstate full OF path for domain name Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 022/671] usb: dwc3: add EXTCON dependency for qcom Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 023/671] usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 024/671] cfg80211: regulatory: make initialization more robust Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 025/671] regulator: fixed: Default enable high on DT regulators Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 026/671] mei: replace POLL* with EPOLL* for write queues Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 027/671] drm/msm: fix unsigned comparison with less than zero Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 028/671] of: Fix property name in of_node_get_device_type Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 029/671] ALSA: usb-audio: update quirk for B&W PX to remove microphone Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 030/671] iwlwifi: nvm: get num of hw addresses from firmware Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 031/671] staging: comedi: ni_mio_common: protect register write overflow Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 032/671] netfilter: nft_osf: usage from output path is not valid Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 033/671] pwm: lpss: Release runtime-pm reference from the driver's remove callback Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 034/671] powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 035/671] rtlwifi: rtl8821ae: replace _rtl8821ae_mrate_idx_to_arfr_id with generic version Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 036/671] RDMA/bnxt_re: Add missing spin lock initialization Sasha Levin
2020-01-16 16:44 ` Sasha Levin [this message]
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 038/671] powerpc/kgdb: add kgdb_arch_set/remove_breakpoint() Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 039/671] tipc: eliminate message disordering during binding table update Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 040/671] net: socionext: Add dummy PHY register read in phy_write() Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 041/671] drm/sun4i: hdmi: Fix double flag assignation Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 042/671] net: hns3: add error handler for hns3_nic_init_vector_data() Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 043/671] mlxsw: reg: QEEC: Add minimum shaper fields Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 044/671] mlxsw: spectrum: Set minimum shaper on MC TCs Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 045/671] NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 046/671] ASoC: wm97xx: fix uninitialized regmap pointer problem Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 047/671] ARM: dts: bcm283x: Correct mailbox register sizes Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 048/671] pcrypt: use format specifier in kobject_add Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 049/671] ASoC: sun8i-codec: add missing route for ADC Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 050/671] pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 051/671] bus: ti-sysc: Add mcasp optional clocks flag Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 052/671] exportfs: fix 'passing zero to ERR_PTR()' warning Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 053/671] drm: rcar-du: Fix the return value in case of error in 'rcar_du_crtc_set_crc_source()' Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 054/671] drm: rcar-du: Fix vblank initialization Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 055/671] net: always initialize pagedlen Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 056/671] drm/dp_mst: Skip validating ports during destruction, just ref Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 057/671] arm64: dts: meson-gx: Add hdmi_5v regulator as hdmi tx supply Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 058/671] arm64: dts: renesas: r8a7795-es1: Add missing power domains to IPMMU nodes Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 059/671] net: phy: Fix not to call phy_resume() if PHY is not attached Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 060/671] IB/hfi1: Correctly process FECN and BECN in packets Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 061/671] OPP: Fix missing debugfs supply directory for OPPs Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 062/671] IB/rxe: Fix incorrect cache cleanup in error flow Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 063/671] mailbox: ti-msgmgr: Off by one in ti_msgmgr_of_xlate() Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 064/671] staging: bcm2835-camera: Abort probe if there is no camera Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 065/671] staging: bcm2835-camera: fix module autoloading Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 066/671] switchtec: Remove immediate status check after submitting MRPC command Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 067/671] ipv6: add missing tx timestamping on IPPROTO_RAW Sasha Levin
2020-01-16 16:44 ` [PATCH AUTOSEL 4.19 068/671] pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 069/671] pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 070/671] pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 071/671] pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 072/671] pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 073/671] pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 074/671] pinctrl: sh-pfc: r8a77970: Add missing MOD_SEL0 field Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 075/671] pinctrl: sh-pfc: r8a77980: " Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 076/671] pinctrl: sh-pfc: sh7734: Add missing IPSR11 field Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 077/671] pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 078/671] pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 079/671] pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 080/671] net: hns3: fix error handling int the hns3_get_vector_ring_chain Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 081/671] vxlan: changelink: Fix handling of default remotes Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 082/671] Input: nomadik-ske-keypad - fix a loop timeout test Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 083/671] fork,memcg: fix crash in free_thread_stack on memcg charge fail Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 084/671] clk: highbank: fix refcount leak in hb_clk_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 085/671] clk: qoriq: fix refcount leak in clockgen_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 086/671] clk: ti: fix refcount leak in ti_dt_clocks_register() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 087/671] clk: socfpga: fix refcount leak Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 088/671] clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 089/671] clk: imx6q: fix refcount leak in imx6q_clocks_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 090/671] clk: imx6sx: fix refcount leak in imx6sx_clocks_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 091/671] clk: imx7d: fix refcount leak in imx7d_clocks_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 092/671] clk: vf610: fix refcount leak in vf610_clocks_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 093/671] clk: armada-370: fix refcount leak in a370_clk_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 094/671] clk: kirkwood: fix refcount leak in kirkwood_clk_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 095/671] clk: armada-xp: fix refcount leak in axp_clk_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 096/671] clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 097/671] clk: dove: fix refcount leak in dove_clk_init() Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 098/671] MIPS: BCM63XX: drop unused and broken DSP platform device Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 099/671] arm64: defconfig: Re-enable bcm2835-thermal driver Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 100/671] remoteproc: qcom: q6v5-mss: Add missing clocks for MSM8996 Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 101/671] remoteproc: qcom: q6v5-mss: Add missing regulator " Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 102/671] drm: Fix error handling in drm_legacy_addctx Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 103/671] ARM: dts: r8a7743: Remove generic compatible string from iic3 Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 104/671] ARM: dts: r8a7743: Fix sorting of rwdt node Sasha Levin
2020-01-17 9:32 ` Sergei Shtylyov
2020-01-23 14:19 ` Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 105/671] drm/etnaviv: fix some off by one bugs Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 106/671] drm/fb-helper: generic: Fix setup error path Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 107/671] fork, memcg: fix cached_stacks case Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 108/671] IB/usnic: Fix out of bounds index check in query pkey Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 109/671] RDMA/ocrdma: " Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 110/671] RDMA/qedr: " Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 111/671] drm/shmob: Fix return value check in shmob_drm_probe Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 112/671] arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 113/671] spi: cadence: Correct initialisation of runtime PM Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 114/671] RDMA/iw_cxgb4: Fix the unchecked ep dereference Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 115/671] net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031 Sasha Levin
2020-01-16 16:45 ` [PATCH AUTOSEL 4.19 116/671] memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200116165502.8838-37-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ap420073@gmail.com \
--cc=coreteam@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).