Hi Sebastian,
On Mon, May 12, 2025 at 12:28:44PM +0200, Sebastian Andrzej Siewior wrote:
[...]
> diff --git a/net/ipv6/netfilter/nf_dup_ipv6.c b/net/ipv6/netfilter/nf_dup_ipv6.c
> index 0c39c77fe8a8a..b903c62c00c9e 100644
> --- a/net/ipv6/netfilter/nf_dup_ipv6.c
> +++ b/net/ipv6/netfilter/nf_dup_ipv6.c
> @@ -48,7 +48,7 @@ void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
> const struct in6_addr *gw, int oif)
> {
> local_bh_disable();
> - if (this_cpu_read(nf_skb_duplicated))
> + if (current->in_nf_duplicate)
Netfilter runs from the forwarding path too, where no current process
is available.
> goto out;
> skb = pskb_copy(skb, GFP_ATOMIC);
> if (skb == NULL)
> @@ -64,9 +64,9 @@ void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
> --iph->hop_limit;
> }
> if (nf_dup_ipv6_route(net, skb, gw, oif)) {
> - __this_cpu_write(nf_skb_duplicated, true);
> + current->in_nf_duplicate = true;
> ip6_local_out(net, skb->sk, skb);
> - __this_cpu_write(nf_skb_duplicated, false);
> + current->in_nf_duplicate = false;
> } else {
> kfree_skb(skb);
> }
