Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

Hi all, The following Patch on top of a  4.19.208 is working in our test system since Jan 5. cheerio Steve Am 27.01.22 um 22:59 schrieb Florian Westphal: > Salvatore Bonaccorso wrote: >> Hi, >> >> On Thu, Jan 27, 2022 at 06:26:10PM +0100, Steffen Weinreich wrote: >>

Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

4 checksum updates. > > Fixes: 1814096980bb ("netfilter: nft_payload: layer 4 checksum adjustment for > pseudoheader fields") > Reported-and-tested-by: Steffen Weinreich > Signed-off-by: Pablo Neira Ayuso > Signed-off-by: Sasha Levin > --- > net/netfilter/nft_payload.c

Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

Hi! >> Regarding 4.19, the patch does not work there since the struct pkt does >> not have a member fragoff. I suppose this is hidden deeply in the skbuf >> structure... > Sad. You might ask the maintainers if they can consider the fix as > well for older stable series, mentioneing back the one

Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

Am 04.01.22 um 17:31 schrieb Salvatore Bonaccorso: > Awesome. Can you confirm that as well on the upstrem thread, so i > guess the maintainers will finalize the change for inclusion in > mainline? For 5.16 I did. Regarding 4.19, the patch does not work there since the struct pkt does not have

Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

fragmented UDP packets Datum: Fri, 31 Dec 2021 14:39:02 +0100 Von:Pablo Neira Ayuso An: Steffen Weinreich Kopie (CC): netfil...@vger.kernel.org On Fri, Dec 31, 2021 at 02:37:47PM +0100, Pablo Neira Ayuso wrote: > Hi, > > On Fri, Dec 31, 2021 at 01:02:13PM +0100, Steffen Weinre

Bug#1002706: nftables stateless NAT in raw table mangles fragmented UDP packets also reproducible in linux-image-5.16.0-rc7-amd64-unsigned

Am 31.12.21 um 11:51 schrieb Salvatore Bonaccorso: > > Can you report this to upstream and keep this downstream bug into the > loop (or updated)? Yes I will. Do you have a pointer to the right upstream for me? cheerio Steve

Bug#1002706: nftables stateless NAT in raw table mangles fragmented UDP packets also reproducible in linux-image-5.16.0-rc7-amd64-unsigned

Hi The same behavior is reproducible in Linux debian 5.16.0-rc7-amd64 #1 SMP PREEMPT Debian 5.16~rc7-1~exp1 (2021-12-26) x86_64 GNU/Linux Package: linux-image-5.16.0-rc7-amd64-unsigned Version: 5.16~rc7-1~exp1 Priority: optional Section: kernel Source: linux Maintainer: Debian Kernel Team

Bug#1002706: linux-image-5.10.0-10-amd64: nftables stateless NAT in raw table mangles fragmented UDP packets

Package: src:linux Version: 5.10.84-1 Severity: important Dear Maintainer, We have using kernel linux-image-5.10.0-10-amd64 and nftables(0.9.8-3.1) for a stateless NAT GW. We are using the nftables "raw" tables to replace statically source and destination addresses for pakets traversing the