Years ago flow dissector gained ability to delegate flow dissection to a bpf program, scoped per netns. The netns is derived from skb->dev, and if that is not available, from skb->sk. If neither is set, we hit a (benign) WARN_ON_ONCE(). This WARN_ON_ONCE can be triggered from netfilter. Known skb origins are nf_send_reset and ipv4 stack generated IGMP messages. Lets allow callers to pass the current netns explicitly and make nf_tables use those instead. This targets net-next instead of net because the WARN is benign and this is not a regression. Florian Westphal (2): net: add and use skb_get_hash_net net: add and use __skb_get_hash_symmetric_net include/linux/skbuff.h | 20 +++++++++++++++++--- net/core/flow_dissector.c | 20 +++++++++++++------- net/netfilter/nf_tables_trace.c | 2 +- net/netfilter/nft_hash.c | 3 ++- 4 files changed, 33 insertions(+), 12 deletions(-) -- 2.44.2
