2024-02-14 16:21:36 +01:00
|
|
|
From: Felix Fietkau <nbd@nbd.name>
|
|
|
|
Date: Wed, 14 Feb 2024 15:24:41 +0100
|
|
|
|
Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression
|
|
|
|
|
|
|
|
Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
|
|
|
|
made unidirectional flow offload possible, while completely ignoring (and
|
|
|
|
breaking) bidirectional flow offload for nftables.
|
|
|
|
Add the missing flag that was left out as an exercise for the reader :)
|
|
|
|
|
|
|
|
Cc: Vlad Buslov <vladbu@nvidia.com>
|
|
|
|
Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
---
|
|
|
|
|
|
|
|
--- a/net/netfilter/nft_flow_offload.c
|
|
|
|
+++ b/net/netfilter/nft_flow_offload.c
|
2024-03-01 22:08:40 +01:00
|
|
|
@@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const
|
2024-02-14 16:21:36 +01:00
|
|
|
ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
|
|
|
|
ret = flow_offload_add(flowtable, flow);
|
|
|
|
if (ret < 0)
|
|
|
|
goto err_flow_add;
|