Apply payload changes on the software fast path nf_flow_offload_ip_hook. Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx> --- net/netfilter/nf_flow_table_ip.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c index 19efba1e51ef..5eb2ed8e1f74 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -13,6 +13,7 @@ #include <net/ip6_route.h> #include <net/neighbour.h> #include <net/netfilter/nf_flow_table.h> +#include <net/netfilter/nf_tables.h> #include <net/netfilter/nf_conntrack_acct.h> /* For layer 4 checksum field offset. */ #include <linux/tcp.h> @@ -391,6 +392,8 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, iph = ip_hdr(skb); nf_flow_nat_ip(flow, skb, thoff, dir, iph); + if (nf_flow_offload_apply_payload(skb, flow->ct, dir, thoff)) + return NF_DROP; ip_decrease_ttl(iph); skb_clear_tstamp(skb); -- 2.32.0
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
