review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Paul Blakey <paulb@nvidia.com>
	Thu, 6 Jan 2022 15:38:04 +0000 (17:38 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 27 Jan 2022 10:04:02 +0000 (11:04 +0100)
commit	cf2ce93a7afa96659c5980ae114c5f2ee3510a8d
tree	b971c3cce101ced60db707d24df4f0cbf2bf60e7	tree \| snapshot
parent	e7b33ff6439ac071ade78b49d3a9dd6519ddb78d	commit \| diff

net: openvswitch: Fix ct_state nat flags for conns arriving from tc

[ Upstream commit 6f022c2ddbcefaee79502ce5386dfe351d457070 ]

Netfilter conntrack maintains NAT flags per connection indicating
whether NAT was configured for the connection. Openvswitch maintains
NAT flags on the per packet flow key ct_state field, indicating
whether NAT was actually executed on the packet.

When a packet misses from tc to ovs the conntrack NAT flags are set.
However, NAT was not necessarily executed on the packet because the
connection's state might still be in NEW state. As such, openvswitch
wrongly assumes that NAT was executed and sets an incorrect flow key
NAT flags.

Fix this, by flagging to openvswitch which NAT was actually done in
act_ct via tc_skb_ext and tc_skb_cb to the openvswitch module, so
the packet flow key NAT flags will be correctly set.

Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20220106153804.26451-1-paulb@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/linux/skbuff.h		diff \| blob \| history
include/net/pkt_sched.h		diff \| blob \| history
net/openvswitch/flow.c		diff \| blob \| history
net/sched/act_ct.c		diff \| blob \| history
net/sched/cls_api.c		diff \| blob \| history