Prev: [net 0/2] Clean up netfilter cache on xmit-to-self.
Next: [PATCH] Fix corruption of skb csum field in pskb_expand_head() of net/core/skbuff.c
From: Ben Greear on 22 Jul 2010 15:20
With conn-track zones and probably with different network
namespaces, the netfilter logic needs to be re-calculated
on packet receive. If the netfilter logic is not reset,
it will not be recalculated properly. This patch adds
the nf_reset logic to dev_forward_skb.

Signed-off-by: Ben Greear <greearb(a)candelatech.com>
---
:100644 100644 7ac33e5... 22eee4e... M net/core/dev.c
net/core/dev.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 7ac33e5..22eee4e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1482,6 +1482,7 @@ static inline void net_timestamp(struct sk_buff *skb)
int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
{
skb_orphan(skb);
+ nf_reset(skb);

if (!(dev->flags & IFF_UP) ||
(skb->len > (dev->mtu + dev->hard_header_len))) {
--
1.6.2.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [net 0/2] Clean up netfilter cache on xmit-to-self.
Next: [PATCH] Fix corruption of skb csum field in pskb_expand_head() of net/core/skbuff.c