diff options
| author |   Jakub Kicinski <kuba@kernel.org> | 2020-10-31 17:28:17 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2020-10-31 17:34:19 -0700 |
| commit | 859191b234f86b5f36cbe384baca1067a2221eb7 (patch) | |
| tree | 07633504033079aca158db2c4fb988ca757629b9 /net/ipv4/netfilter/iptable_mangle.c | |
| parent | ip_tunnel: fix over-mtu packet send fail without TUNNEL_DONT_FRAGMENT flags (diff) | |
| parent | netfilter: ipset: Update byte and packet counters regardless of whether they match (diff) | |
| download | wireguard-linux-859191b234f86b5f36cbe384baca1067a2221eb7.tar.xz wireguard-linux-859191b234f86b5f36cbe384baca1067a2221eb7.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Incorrect netlink report logic in flowtable and genID.
2) Add a selftest to check that wireguard passes the right sk
to ip_route_me_harder, from Jason A. Donenfeld.
3) Pass the actual sk to ip_route_me_harder(), also from Jason.
4) Missing expression validation of updates via nft --check.
5) Update byte and packet counters regardless of whether they
match, from Stefano Brivio.
====================
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to '')
| -rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index f703a717ab1d..833079589273 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c @@ -62,7 +62,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state) iph->daddr != daddr || skb->mark != mark || iph->tos != tos) { - err = ip_route_me_harder(state->net, skb, RTN_UNSPEC); + err = ip_route_me_harder(state->net, state->sk, skb, RTN_UNSPEC); if (err < 0) ret = NF_DROP_ERR(err); } |