netfilter: nft_flow_offload: IPCB is only valid for ipv4 family (c549680e) · Commits · e / devices / android_kernel_xiaomi_nabu

net/netfilter/nft_flow_offload.c

+11 −6

Original line number	Diff line number	Diff line
		@@ -48,14 +48,19 @@ static int nft_flow_route(const struct nft_pktinfo *pkt,
		return 0;
		}

		static bool nft_flow_offload_skip(struct sk_buff *skb)
		static bool nft_flow_offload_skip(struct sk_buff *skb, int family)
		{
		struct ip_options *opt = &(IPCB(skb)->opt);
		if (skb_sec_path(skb))
		return true;

		if (family == NFPROTO_IPV4) {
		const struct ip_options *opt;

		opt = &(IPCB(skb)->opt);

		if (unlikely(opt->optlen))
		return true;
		if (skb_sec_path(skb))
		return true;
		}

		return false;
		}
		@@ -74,7 +79,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
		struct nf_conn *ct;
		int ret;

		if (nft_flow_offload_skip(pkt->skb))
		if (nft_flow_offload_skip(pkt->skb, nft_pf(pkt)))
		goto out;

		ct = nf_ct_get(pkt->skb, &ctinfo);