• David Miller's avatar
    netfilter: Pass socket pointer down through okfn(). · 7026b1dd
    David Miller authored
    On the output paths in particular, we have to sometimes deal with two
    socket contexts.  First, and usually skb->sk, is the local socket that
    generated the frame.
    
    And second, is potentially the socket used to control a tunneling
    socket, such as one the encapsulates using UDP.
    
    We do not want to disassociate skb->sk when encapsulating in order
    to fix this, because that would break socket memory accounting.
    
    The most extreme case where this can cause huge problems is an
    AF_PACKET socket transmitting over a vxlan device.  We hit code
    paths doing checks that assume they are dealing with an ipv4
    socket, but are actually operating upon the AF_PACKET one.
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    7026b1dd
xfrm_output.c 4.81 KB