In case the route is stale, pass up the packet to the classic forwarding
path for re-evaluation and schedule this flow entry for removal.
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_flow_table_ip.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 714dc083f093..3a8423899def 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -197,14 +197,6 @@ static bool nf_flow_exceeds_mtu(const struct sk_buff *skb,
unsigned int mtu)
return true;
}
-static int nf_flow_offload_dst_check(struct dst_entry *dst)
-{
- if (unlikely(dst_xfrm(dst)))
- return dst_check(dst, 0) ? 0 : -1;
-
- return 0;
-}
-
static unsigned int nf_flow_xmit_xfrm(struct sk_buff *skb,
const struct nf_hook_state *state,
struct dst_entry *dst)
@@ -256,7 +248,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
flow_offload_refresh(flow_table, flow);
- if (nf_flow_offload_dst_check(&rt->dst)) {
+ if (!dst_check(&rt->dst, 0)) {
flow_offload_teardown(flow);
return NF_ACCEPT;
}
@@ -476,7 +468,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
flow_offload_refresh(flow_table, flow);
- if (nf_flow_offload_dst_check(&rt->dst)) {
+ if (!dst_check(&rt->dst, 0)) {
flow_offload_teardown(flow);
return NF_ACCEPT;
}
--
2.20.1
