diff options
author | Ye Yin <hustcat@gmail.com> | 2017-10-26 16:57:05 +0800 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2018-01-01 20:52:04 +0000 |
commit | 81ecd600d8dbb8799faa6d9d680790c6e4827019 (patch) | |
tree | 8c9bf2cd4ad5c265f6874a931c2865b394b2e5dc /include | |
parent | 7e50d80f29f010bef1b8e247550e555623ab8ab6 (diff) |
netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
commit 2b5ec1a5f9738ee7bf8f5ec0526e75e00362c48f upstream.
When run ipvs in two different network namespace at the same host, and one
ipvs transport network traffic to the other network namespace ipvs.
'ipvs_property' flag will make the second ipvs take no effect. So we should
clear 'ipvs_property' when SKB network namespace changed.
Fixes: 621e84d6f373 ("dev: introduce skb_scrub_packet()")
Signed-off-by: Ye Yin <hustcat@gmail.com>
Signed-off-by: Wei Zhou <chouryzhou@gmail.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/skbuff.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 63c9d381e0d9..93431a42f2f9 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -2965,6 +2965,13 @@ static inline void nf_reset_trace(struct sk_buff *skb) #endif } +static inline void ipvs_reset(struct sk_buff *skb) +{ +#if IS_ENABLED(CONFIG_IP_VS) + skb->ipvs_property = 0; +#endif +} + /* Note: This doesn't put any conntrack and bridge info in dst. */ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) { |