netfilter: replace skb_try_make_writable() by skb_ensure_writable() - kernel/linux.git

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2026-04-27 15:34:45 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2026-04-30 01:57:42 +0300
commit	1049970d7583194eedc30e45a3c898b2cb1c30ba (patch)
tree	1da39d97fe437e06f7ec924c7f332f05a5fcdce5 /include/linux/execmem.h
parent	0c7a5ba011d336df4fcd1f667fcc16ea5549be12 (diff)
download	linux-1049970d7583194eedc30e45a3c898b2cb1c30ba.tar.xz

netfilter: replace skb_try_make_writable() by skb_ensure_writable()

skb_try_make_writable() only works on clones and uncloned packets might have their network header in paged fragments. nft_fwd needs to work for the ingress and egress hooks, but the egress hook where skb->data points to the mac header, use skb_network_offset() to include the mac header. The flowtable is fine since it already uses the transport offset. Fixes: d32de98ea70f ("netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer") Fixes: 7d2086871762 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include/linux/execmem.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: