target/linux/generic/backport-5.15/741-v6.9-02-netfilter-flowtable-incorrect-pppoe-tuple.patch

   1 From: Pablo Neira Ayuso <pablo@netfilter.org>
   2 Date: Thu, 11 Apr 2024 13:29:00 +0200
   3 Subject: [PATCH] netfilter: flowtable: incorrect pppoe tuple
   4
   5 pppoe traffic reaching ingress path does not match the flowtable entry
   6 because the pppoe header is expected to be at the network header offset.
   7 This bug causes a mismatch in the flow table lookup, so pppoe packets
   8 enter the classical forwarding path.
   9
  10 Fixes: 72efd585f714 ("netfilter: flowtable: add pppoe support")
  11 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  12 ---
  13
  14 --- a/net/netfilter/nf_flow_table_ip.c
  15 +++ b/net/netfilter/nf_flow_table_ip.c
  16 @@ -156,7 +156,7 @@ static void nf_flow_tuple_encap(struct s
  17                 tuple->encap[i].proto = skb->protocol;
  18                 break;
  19         case htons(ETH_P_PPP_SES):
  20 -               phdr = (struct pppoe_hdr *)skb_mac_header(skb);
  21 +               phdr = (struct pppoe_hdr *)skb_network_header(skb);
  22                 tuple->encap[i].id = ntohs(phdr->sid);
  23                 tuple->encap[i].proto = skb->protocol;
  24                 break;