TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cd7bcfab4e
twx-linux/include/net/netfilter
History
Paul Blakey db6140e5e3 net/sched: act_ct: Fix flow table lookup failure with no originating ifindex 
After cited commit optimizted hw insertion, flow table entries are
populated with ifindex information which was intended to only be used
for HW offload. This tuple ifindex is hashed in the flow table key, so
it must be filled for lookup to be successful. But tuple ifindex is only
relevant for the netfilter flowtables (nft), so it's not filled in
act_ct flow table lookup, resulting in lookup failure, and no SW
offload and no offload teardown for TCP connection FIN/RST packets.

To fix this, add new tc ifindex field to tuple, which will
only be used for offloading, not for lookup, as it will not be
part of the tuple hash.

Fixes: 9795ded7f924 ("net/sched: act_ct: Fill offloading tuple iifidx")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-03-01 22:08:31 +01:00
..
ipv4 netfilter: disable defrag once its no longer needed 2021-04-26 03:20:07 +02:00
ipv6 netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1 2021-09-28 13:04:55 +02:00
br_netfilter.h
nf_conntrack_acct.h netfilter: conntrack: add nf_ct_acct_add() 2020-03-30 02:05:39 +02:00
nf_conntrack_act_ct.h net/sched: act_ct: Fill offloading tuple iifidx 2022-01-04 12:12:55 +00:00
nf_conntrack_bridge.h
nf_conntrack_core.h netfilter: conntrack: nf_ct_gre_keymap_flush() removal 2021-07-02 02:07:01 +02:00
nf_conntrack_count.h
nf_conntrack_ecache.h netfilter: ecache: remove nf_exp_event_notifier structure 2021-08-25 12:50:38 +02:00
nf_conntrack_expect.h
nf_conntrack_extend.h net/sched: act_ct: Fill offloading tuple iifidx 2022-01-04 12:12:55 +00:00
nf_conntrack_helper.h
nf_conntrack_l4proto.h netfilter: conntrack: pass hook state to log functions 2021-06-18 14:47:43 +02:00
nf_conntrack_labels.h
nf_conntrack_seqadj.h
nf_conntrack_synproxy.h
nf_conntrack_timeout.h netfilter: Replace zero-length array with flexible-array member 2020-03-15 15:20:16 +01:00
nf_conntrack_timestamp.h
nf_conntrack_tuple.h
nf_conntrack_zones.h
nf_conntrack.h netfilter: conntrack: avoid useless indirection during conntrack destruction 2022-01-09 23:30:13 +01:00
nf_dup_netdev.h
nf_flow_table.h net/sched: act_ct: Fix flow table lookup failure with no originating ifindex 2022-03-01 22:08:31 +01:00
nf_hooks_lwtunnel.h netfilter: add netfilter hooks to SRv6 data plane 2021-08-30 01:51:36 +02:00
nf_log.h netfilter: nf_log_common: merge with nf_log_syslog 2021-03-31 22:34:10 +02:00
nf_nat_helper.h
nf_nat_masquerade.h
nf_nat_redirect.h
nf_nat.h netfilter: nat: move nf_xfrm_me_harder to where it is used 2021-04-26 03:20:07 +02:00
nf_queue.h netfilter: nf_queue: fix possible use-after-free 2022-03-01 11:50:35 +01:00
nf_reject.h
nf_socket.h
nf_synproxy.h
nf_tables_core.h netfilter: nf_tables: make counter support built-in 2021-12-23 01:07:35 +01:00
nf_tables_ipv4.h netfilter: nf_tables: convert pktinfo->tprot_set to flags field 2021-11-01 09:30:20 +01:00
nf_tables_ipv6.h netfilter: nf_tables: convert pktinfo->tprot_set to flags field 2021-11-01 09:30:20 +01:00
nf_tables_offload.h netfilter: nf_tables_offload: incorrect flow offload action array size 2022-02-20 01:22:20 +01:00
nf_tables.h netfilter: nf_tables_offload: incorrect flow offload action array size 2022-02-20 01:22:20 +01:00
nf_tproxy.h
nft_fib.h netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_meta.h netfilter: nftables: add nft_parse_register_store() and use it 2021-01-27 23:16:02 +01:00
nft_reject.h
xt_rateest.h net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types 2021-10-18 12:54:41 +01:00