On 2025-05-21 16:24:59 [+0200], Pablo Neira Ayuso wrote:
> Hi Sebastian,
Hi Pablo,
> On Mon, May 12, 2025 at 12:28:44PM +0200, Sebastian Andrzej Siewior wrote:
> [...]
> > diff --git a/net/ipv6/netfilter/nf_dup_ipv6.c b/net/ipv6/netfilter/nf_dup_ipv6.c
> > index 0c39c77fe8a8a..b903c62c00c9e 100644
> > --- a/net/ipv6/netfilter/nf_dup_ipv6.c
> > +++ b/net/ipv6/netfilter/nf_dup_ipv6.c
> > @@ -48,7 +48,7 @@ void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
> > const struct in6_addr *gw, int oif)
> > {
> > local_bh_disable();
> > - if (this_cpu_read(nf_skb_duplicated))
> > + if (current->in_nf_duplicate)
>
> Netfilter runs from the forwarding path too, where no current process
> is available.
If you refer to in-softirq with no task running then there is the idle
task/ swapper which is pointed to by current in this case. There is one
idle task for each CPU, they don't migrate.
> > goto out;
> > skb = pskb_copy(skb, GFP_ATOMIC);
> > if (skb == NULL)
> > @@ -64,9 +64,9 @@ void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
> > --iph->hop_limit;
> > }
> > if (nf_dup_ipv6_route(net, skb, gw, oif)) {
> > - __this_cpu_write(nf_skb_duplicated, true);
> > + current->in_nf_duplicate = true;
> > ip6_local_out(net, skb->sk, skb);
> > - __this_cpu_write(nf_skb_duplicated, false);
> > + current->in_nf_duplicate = false;
> > } else {
> > kfree_skb(skb);
> > }
Sebastian
