superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include
History
Pablo Neira Ayuso 2bb4ecb334 netfilter: flowtable: GC pushes back packets to classic path 
[ Upstream commit 735795f68b ]

Since 41f2c7c342 ("net/sched: act_ct: Fix promotion of offloaded
unreplied tuple"), flowtable GC pushes back flows with IPS_SEEN_REPLY
back to classic path in every run, ie. every second. This is because of
a new check for NF_FLOW_HW_ESTABLISHED which is specific of sched/act_ct.

In Netfilter's flowtable case, NF_FLOW_HW_ESTABLISHED never gets set on
and IPS_SEEN_REPLY is unreliable since users decide when to offload the
flow before, such bit might be set on at a later stage.

Fix it by adding a custom .gc handler that sched/act_ct can use to
deal with its NF_FLOW_HW_ESTABLISHED bit.

Fixes: 41f2c7c342 ("net/sched: act_ct: Fix promotion of offloaded unreplied tuple")
Reported-by: Vladimir Smelhaus <vl.sm@email.cz>
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 125f1c7f26 ("net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table")
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-01-10 17:10:34 +01:00
..
acpi
asm-generic asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation 2023-12-20 17:00:24 +01:00
clocksource
crypto
drm gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET 2023-11-08 14:11:00 +01:00
dt-bindings
keys
kunit kunit: add macro to allow conditionally exposing static symbols to tests 2023-11-20 11:52:08 +01:00
kvm
linux genirq/affinity: Move group_cpus_evenly() into lib/ 2024-01-10 17:10:33 +01:00
math-emu
media
memory
misc
net netfilter: flowtable: GC pushes back packets to classic path 2024-01-10 17:10:34 +01:00
pcmcia
ras
rdma RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz 2023-12-13 18:39:15 +01:00
rv
scsi scsi: sd: Fix system start for ATA devices 2023-12-08 08:51:14 +01:00
soc
sound ASoC: SOF: Pass PCI SSID to machine driver 2023-11-28 17:06:58 +00:00
target
trace 9p: prevent read overrun in protocol dump tracepoint 2024-01-01 12:39:05 +00:00
uapi netfilter: nft_exthdr: add boolean DCCP option matching 2023-12-13 18:39:10 +01:00
ufs
vdso
video
xen xen: simplify evtchn_do_upcall() call maze 2023-12-08 08:51:20 +01:00