Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
netfilter: nf_reject: init skb->dev for reset packet
skb_get_hash() triggers a (harmless) warn when neither skb->sk or skb->dev is set. In case of nf-generated tcp reset, both sk and dev are NULL: WARNING: .. net/core/flow_dissector.c:1104 [..] skb_flow_dissect_flow_keys include/linux/skbuff.h:1536 [inline] skb_get_hash include/linux/skbuff.h:1578 [inline] nft_trace_init+0x7d/0x120 net/netfilter/nf_tables_trace.c:320 nft_do_chain+0xb26/0xb90 net/netfilter/nf_tables_core.c:268 nft_do_chain_ipv4+0x7a/0xa0 net/netfilter/nft_chain_filter.c:23 nf_hook_slow+0x57/0x160 net/netfilter/core.c:626 __ip_local_out+0x21d/0x260 net/ipv4/ip_output.c:118 ip_local_out+0x26/0x1e0 net/ipv4/ip_output.c:127 nf_send_reset+0x58c/0x700 net/ipv4/netfilter/nf_reject_ipv4.c:308 nft_reject_ipv4_eval+0x53/0x90 net/ipv4/netfilter/nft_reject_ipv4.c:30 [..] Fixes: d0e13a1 ("flow_dissector: lookup netns by skb->sk if skb->dev is NULL") Reported-by: Christoph Paasch <[email protected]> Suggested-by: Paolo Abeni <[email protected]> Closes: multipath-tcp/mptcp_net-next#494 Signed-off-by: Florian Westphal <[email protected]>
- Loading branch information
1 parent
13c7c94
commit 6b03e69