* [PATCH net] netfilter: nf_tables: fix bidirectional offload regression
@ 2024-02-14 14:42 Felix Fietkau
2024-02-14 15:40 ` Pablo Neira Ayuso
2024-02-15 12:00 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Felix Fietkau @ 2024-02-14 14:42 UTC (permalink / raw)
To: netdev, Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Vlad Buslov
Cc: Daniel Golle, netfilter-devel, coreteam, linux-kernel
Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
made unidirectional flow offload possible, while completely ignoring (and
breaking) bidirectional flow offload for nftables.
Add the missing flag that was left out as an exercise for the reader :)
Cc: Vlad Buslov <vladbu@nvidia.com>
Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
Reported-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/netfilter/nft_flow_offload.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 397351fa4d5f..ab9576098701 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
}
+ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
ret = flow_offload_add(flowtable, flow);
if (ret < 0)
goto err_flow_add;
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net] netfilter: nf_tables: fix bidirectional offload regression
2024-02-14 14:42 [PATCH net] netfilter: nf_tables: fix bidirectional offload regression Felix Fietkau
@ 2024-02-14 15:40 ` Pablo Neira Ayuso
2024-02-15 12:00 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2024-02-14 15:40 UTC (permalink / raw)
To: Felix Fietkau
Cc: netdev, Jozsef Kadlecsik, Florian Westphal, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Vlad Buslov,
Daniel Golle, netfilter-devel, coreteam, linux-kernel
On Wed, Feb 14, 2024 at 03:42:35PM +0100, Felix Fietkau wrote:
> Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
> made unidirectional flow offload possible, while completely ignoring (and
> breaking) bidirectional flow offload for nftables.
> Add the missing flag that was left out as an exercise for the reader :)
Thanks for fixing up this, patch is fine.
> Cc: Vlad Buslov <vladbu@nvidia.com>
> Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
> Reported-by: Daniel Golle <daniel@makrotopia.org>
> Signed-off-by: Felix Fietkau <nbd@nbd.name>
> ---
> net/netfilter/nft_flow_offload.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
> index 397351fa4d5f..ab9576098701 100644
> --- a/net/netfilter/nft_flow_offload.c
> +++ b/net/netfilter/nft_flow_offload.c
> @@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
> ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
> }
>
> + __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
> ret = flow_offload_add(flowtable, flow);
> if (ret < 0)
> goto err_flow_add;
> --
> 2.43.0
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] netfilter: nf_tables: fix bidirectional offload regression
2024-02-14 14:42 [PATCH net] netfilter: nf_tables: fix bidirectional offload regression Felix Fietkau
2024-02-14 15:40 ` Pablo Neira Ayuso
@ 2024-02-15 12:00 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-02-15 12:00 UTC (permalink / raw)
To: Felix Fietkau
Cc: netdev, pablo, kadlec, fw, davem, edumazet, kuba, pabeni, vladbu,
daniel, netfilter-devel, coreteam, linux-kernel
Hello:
This patch was applied to netdev/net.git (main)
by Pablo Neira Ayuso <pablo@netfilter.org>:
On Wed, 14 Feb 2024 15:42:35 +0100 you wrote:
> Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
> made unidirectional flow offload possible, while completely ignoring (and
> breaking) bidirectional flow offload for nftables.
> Add the missing flag that was left out as an exercise for the reader :)
>
> Cc: Vlad Buslov <vladbu@nvidia.com>
> Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
> Reported-by: Daniel Golle <daniel@makrotopia.org>
> Signed-off-by: Felix Fietkau <nbd@nbd.name>
>
> [...]
Here is the summary with links:
- [net] netfilter: nf_tables: fix bidirectional offload regression
https://git.kernel.org/netdev/net/c/84443741faab
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-15 12:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-14 14:42 [PATCH net] netfilter: nf_tables: fix bidirectional offload regression Felix Fietkau
2024-02-14 15:40 ` Pablo Neira Ayuso
2024-02-15 12:00 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).