netfilter: flowtable: call dst_check() to fall back to classic forwarding

In case the route is stale, pass up the packet to the classic forwarding
path for re-evaluation and schedule this flow entry for removal.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 714dc083f09330df8a125a3da22acaed842dc539..3a8423899defcb0b190236be69b6a240a81e1c5d 100644 (file)
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -197,14 +197,6 @@ static bool nf_flow_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
        return true;
 }
 
-static int nf_flow_offload_dst_check(struct dst_entry *dst)
-{
-       if (unlikely(dst_xfrm(dst)))
-               return dst_check(dst, 0) ? 0 : -1;
-
-       return 0;
-}
-
 static unsigned int nf_flow_xmit_xfrm(struct sk_buff *skb,
                                      const struct nf_hook_state *state,
                                      struct dst_entry *dst)
@@ -256,7 +248,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
 
        flow_offload_refresh(flow_table, flow);
 
-       if (nf_flow_offload_dst_check(&rt->dst)) {
+       if (!dst_check(&rt->dst, 0)) {
                flow_offload_teardown(flow);
                return NF_ACCEPT;
        }
@@ -476,7 +468,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
 
        flow_offload_refresh(flow_table, flow);
 
-       if (nf_flow_offload_dst_check(&rt->dst)) {
+       if (!dst_check(&rt->dst, 0)) {
                flow_offload_teardown(flow);
                return NF_ACCEPT;
        }