diff options
author | Florian Westphal <fw@strlen.de> | 2023-10-04 18:09:51 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2023-10-06 08:31:53 +0200 |
commit | 2b1dc6285c3f6e6fcc9e25bf8cd0ca66f2443697 (patch) | |
tree | 02438f922910930eba9b0b4b368c2b38377f2eac /net/netfilter | |
parent | Merge branch 'xfrm: Support GRO decapsulation for ESP in UDP encapsulation' (diff) | |
download | linux-2b1dc6285c3f6e6fcc9e25bf8cd0ca66f2443697.tar.xz linux-2b1dc6285c3f6e6fcc9e25bf8cd0ca66f2443697.zip |
xfrm: pass struct net to xfrm_decode_session wrappers
Preparation patch, extra arg is not used.
No functional changes intended.
This is needed to replace the xfrm session decode functions with
the flow dissector.
skb_flow_dissect() cannot be used as-is, because it attempts to deduce the
'struct net' to use for bpf program fetch from skb->sk or skb->dev, but
xfrm code path can see skbs that have neither sk or dev filled in.
So either flow dissector needs to try harder, e.g. by also trying
skb->dst->dev, or we have to pass the struct net explicitly.
Passing the struct net doesn't look too bad to me, most places
already have it available or can derive it from the output device.
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/netdev/202309271628.27fd2187-oliver.sang@intel.com/
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_nat_proto.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c index 48cc60084d28..c77963517bf8 100644 --- a/net/netfilter/nf_nat_proto.c +++ b/net/netfilter/nf_nat_proto.c @@ -668,7 +668,7 @@ static int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int struct flowi fl; int err; - err = xfrm_decode_session(skb, &fl, family); + err = xfrm_decode_session(net, skb, &fl, family); if (err < 0) return err; |