Hello:
This series was applied to netdev/net.git (main)
by Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>:
On Wed, 28 Aug 2024 23:47:07 +0200 you wrote:
> Subtract network offset to skb->len before performing IPv4 header sanity
> checks, then adjust transport offset from offset from mac header.
>
> Jorge Ortiz says:
>
> When small UDP packets (< 4 bytes payload) are sent from eth0,
> `meta l4proto udp` condition is not met because `NFT_PKTINFO_L4PROTO` is
> not set. This happens because there is a comparison that checks if the
> transport header offset exceeds the total length. This comparison does
> not take into account the fact that the skb network offset might be
> non-zero in egress mode (e.g., 14 bytes for Ethernet header).
>
> [...]
Here is the summary with links:
- [net,1/2] netfilter: nf_tables: restore IP sanity checks for netdev/egress
https://git.kernel.org/netdev/net/c/5fd062891897
- [net,2/2] netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation
https://git.kernel.org/netdev/net/c/70c261d50095
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
