• wenxu's avatar
    netfilter: nft_flow_offload: fix interaction with vrf slave device · 6b08e8a0
    wenxu authored
    [ Upstream commit 10f4e765 ]
    
    In the forward chain, the iif is changed from slave device to master vrf
    device. Thus, flow offload does not find a match on the lower slave
    device.
    
    This patch uses the cached route, ie. dst->dev, to update the iif and
    oif fields in the flow entry.
    
    After this patch, the following example works fine:
    
     # ip addr add dev eth0 1.1.1.1/24
     # ip addr add dev eth1 10.0.0.1/24
     # ip link add user1 type vrf table 1
     # ip l set user1 up
     # ip l set dev eth0 master user1
     # ip l set dev eth1 master user1
    
     # nft add table firewall
     # nft add flowtable f fb1 { hook ingress priority 0 \; devices = { eth0, eth1 } \; }
     # nft add chain f ftb-all {type filter hook forward priority 0 \; policy accept \; }
     # nft add rule f ftb-all ct zone 1 ip protocol tcp flow offload @fb1
     # nft add rule f ftb-all ct zone 1 ip protocol udp flow offload @fb1Signed-off-by: 's avatarwenxu <wenxu@ucloud.cn>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    6b08e8a0
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.clang-format Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...