review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 24 Oct 2023 19:09:47 +0000 (21:09 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 25 Oct 2023 09:35:46 +0000 (11:35 +0200)
commit	735795f68b37e9bb49f642407a0d49b1631ea1c7
tree	db5d84ee8206b6df761114f647a233c6b091979d	tree \| snapshot
parent	d2a0fc372aca561556e765d0a9ec365c7c12f0ad	commit \| diff

netfilter: flowtable: GC pushes back packets to classic path

Since 41f2c7c342d3 ("net/sched: act_ct: Fix promotion of offloaded
unreplied tuple"), flowtable GC pushes back flows with IPS_SEEN_REPLY
back to classic path in every run, ie. every second. This is because of
a new check for NF_FLOW_HW_ESTABLISHED which is specific of sched/act_ct.

In Netfilter's flowtable case, NF_FLOW_HW_ESTABLISHED never gets set on
and IPS_SEEN_REPLY is unreliable since users decide when to offload the
flow before, such bit might be set on at a later stage.

Fix it by adding a custom .gc handler that sched/act_ct can use to
deal with its NF_FLOW_HW_ESTABLISHED bit.

Fixes: 41f2c7c342d3 ("net/sched: act_ct: Fix promotion of offloaded unreplied tuple")
Reported-by: Vladimir Smelhaus <vl.sm@email.cz>
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_flow_table.h		diff \| blob \| history
net/netfilter/nf_flow_table_core.c		diff \| blob \| history
net/sched/act_ct.c		diff \| blob \| history