git.baikalelectronics.ru Git - kernel.git/commit

author	Paul Blakey <paulb@nvidia.com>
	Mon, 28 Feb 2022 09:23:49 +0000 (11:23 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 1 Mar 2022 21:08:31 +0000 (22:08 +0100)
commit	1647f51521a2bf64b4f1189aa5984116cf13c1e0
tree	75cd5808538a49d12710b3cfc9170e08bbc5f8f8	tree \| snapshot
parent	6cfda8929dd9f8539cee802d9c444af149a9ccc8	commit \| diff

net/sched: act_ct: Fix flow table lookup failure with no originating ifindex

After cited commit optimizted hw insertion, flow table entries are
populated with ifindex information which was intended to only be used
for HW offload. This tuple ifindex is hashed in the flow table key, so
it must be filled for lookup to be successful. But tuple ifindex is only
relevant for the netfilter flowtables (nft), so it's not filled in
act_ct flow table lookup, resulting in lookup failure, and no SW
offload and no offload teardown for TCP connection FIN/RST packets.

To fix this, add new tc ifindex field to tuple, which will
only be used for offloading, not for lookup, as it will not be
part of the tuple hash.

Fixes: e1f3a44f5ede ("net/sched: act_ct: Fill offloading tuple iifidx")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_flow_table.h		diff \| blob \| history
net/netfilter/nf_flow_table_offload.c		diff \| blob \| history
net/sched/act_ct.c		diff \| blob \| history