Hi all,
The following Patch on top of a 4.19.208 is working in our test system
since Jan 5.
cheerio
Steve
Am 27.01.22 um 22:59 schrieb Florian Westphal:
> Salvatore Bonaccorso <car...@debian.org> wrote:
>> Hi,
>>
>> On Thu, Jan 27, 2022 at 06:26:10PM +0100, Steffen Weinreich wrote:
>>> Hi all,
>>>
>>> The patch made its way to mainline / latest
>>>
>>> Any chance to get it backported to 4.19?
>> It would be need to have a backport sent sta...@vger.kernel.org . Once
>> it lands in the older stable series, we can include it as well
>> downstream in Debian. What does Pablo say on the backport for the
>> older series? I see it has been applied to 5.15.17 and 5.16.3, but is
>> not yet queued for older series.
> Thats because the patch won't compile as-is on those older kernels,
> it needs a minor change. I can try to do it tomorrow and send it to
> stable.
--- linux-source-4.19/net/netfilter/nft_payload.c.orig 2021-09-26 11:39:49.000000000 +0000
+++ linux-source-4.19/net/netfilter/nft_payload.c 2022-01-04 18:53:04.888219213 +0000
@@ -194,6 +194,9 @@
struct sk_buff *skb,
unsigned int *l4csum_offset)
{
+ if (pkt->xt.fragoff)
+ return -1;
+
switch (pkt->tprot) {
case IPPROTO_TCP:
*l4csum_offset = offsetof(struct tcphdr, check);
