• wenxu's avatar
    netfilter: nft_flow_offload: fix interaction with vrf slave device · 6b08e8a0
    wenxu authored
    [ Upstream commit 10f4e765 ]
    
    In the forward chain, the iif is changed from slave device to master vrf
    device. Thus, flow offload does not find a match on the lower slave
    device.
    
    This patch uses the cached route, ie. dst->dev, to update the iif and
    oif fields in the flow entry.
    
    After this patch, the following example works fine:
    
     # ip addr add dev eth0 1.1.1.1/24
     # ip addr add dev eth1 10.0.0.1/24
     # ip link add user1 type vrf table 1
     # ip l set user1 up
     # ip l set dev eth0 master user1
     # ip l set dev eth1 master user1
    
     # nft add table firewall
     # nft add flowtable f fb1 { hook ingress priority 0 \; devices = { eth0, eth1 } \; }
     # nft add chain f ftb-all {type filter hook forward priority 0 \; policy accept \; }
     # nft add rule f ftb-all ct zone 1 ip protocol tcp flow offload @fb1
     # nft add rule f ftb-all ct zone 1 ip protocol udp flow offload @fb1Signed-off-by: 's avatarwenxu <wenxu@ucloud.cn>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    6b08e8a0
Name
Last commit
Last update
..
9p Loading commit data...
bluetooth Loading commit data...
caif Loading commit data...
iucv Loading commit data...
netfilter Loading commit data...
netns Loading commit data...
nfc Loading commit data...
phonet Loading commit data...
sctp Loading commit data...
tc_act Loading commit data...
6lowpan.h Loading commit data...
Space.h Loading commit data...
act_api.h Loading commit data...
addrconf.h Loading commit data...
af_ieee802154.h Loading commit data...
af_rxrpc.h Loading commit data...
af_unix.h Loading commit data...
af_vsock.h Loading commit data...
ah.h Loading commit data...
arp.h Loading commit data...
atmclip.h Loading commit data...
ax25.h Loading commit data...
ax88796.h Loading commit data...
bond_3ad.h Loading commit data...
bond_alb.h Loading commit data...
bond_options.h Loading commit data...
bonding.h Loading commit data...
busy_poll.h Loading commit data...
calipso.h Loading commit data...
cfg80211-wext.h Loading commit data...
cfg80211.h Loading commit data...
cfg802154.h Loading commit data...
checksum.h Loading commit data...
cipso_ipv4.h Loading commit data...
cls_cgroup.h Loading commit data...
codel.h Loading commit data...
codel_impl.h Loading commit data...
codel_qdisc.h Loading commit data...
compat.h Loading commit data...
datalink.h Loading commit data...
dcbevent.h Loading commit data...
dcbnl.h Loading commit data...
devlink.h Loading commit data...
dn.h Loading commit data...
dn_dev.h Loading commit data...
dn_fib.h Loading commit data...
dn_neigh.h Loading commit data...
dn_nsp.h Loading commit data...
dn_route.h Loading commit data...
dsa.h Loading commit data...
dsfield.h Loading commit data...
dst.h Loading commit data...
dst_cache.h Loading commit data...
dst_metadata.h Loading commit data...
dst_ops.h Loading commit data...
erspan.h Loading commit data...
esp.h Loading commit data...
ethoc.h Loading commit data...
failover.h Loading commit data...
fib_notifier.h Loading commit data...
fib_rules.h Loading commit data...
firewire.h Loading commit data...
flow.h Loading commit data...
flow_dissector.h Loading commit data...
fou.h Loading commit data...
fq.h Loading commit data...
fq_impl.h Loading commit data...
garp.h Loading commit data...
gen_stats.h Loading commit data...
genetlink.h Loading commit data...
geneve.h Loading commit data...
gre.h Loading commit data...
gro_cells.h Loading commit data...
gtp.h Loading commit data...
gue.h Loading commit data...
hwbm.h Loading commit data...
icmp.h Loading commit data...
ieee80211_radiotap.h Loading commit data...
ieee802154_netdev.h Loading commit data...
if_inet6.h Loading commit data...
ife.h Loading commit data...
ila.h Loading commit data...
inet6_connection_sock.h Loading commit data...
inet6_hashtables.h Loading commit data...
inet_common.h Loading commit data...
inet_connection_sock.h Loading commit data...
inet_ecn.h Loading commit data...
inet_frag.h Loading commit data...
inet_hashtables.h Loading commit data...
inet_sock.h Loading commit data...
inet_timewait_sock.h Loading commit data...
inetpeer.h Loading commit data...
ip.h Loading commit data...
ip6_checksum.h Loading commit data...
ip6_fib.h Loading commit data...
ip6_route.h Loading commit data...
ip6_tunnel.h Loading commit data...
ip_fib.h Loading commit data...
ip_tunnels.h Loading commit data...
ip_vs.h Loading commit data...
ipcomp.h Loading commit data...
ipconfig.h Loading commit data...
ipv6.h Loading commit data...
ipv6_frag.h Loading commit data...
ipx.h Loading commit data...
iw_handler.h Loading commit data...
kcm.h Loading commit data...
l3mdev.h Loading commit data...
lag.h Loading commit data...
lapb.h Loading commit data...
lib80211.h Loading commit data...
llc.h Loading commit data...
llc_c_ac.h Loading commit data...
llc_c_ev.h Loading commit data...
llc_c_st.h Loading commit data...
llc_conn.h Loading commit data...
llc_if.h Loading commit data...
llc_pdu.h Loading commit data...
llc_s_ac.h Loading commit data...
llc_s_ev.h Loading commit data...
llc_s_st.h Loading commit data...
llc_sap.h Loading commit data...
lwtunnel.h Loading commit data...
mac80211.h Loading commit data...
mac802154.h Loading commit data...
mip6.h Loading commit data...
mld.h Loading commit data...
mpls.h Loading commit data...
mpls_iptunnel.h Loading commit data...
mrp.h Loading commit data...
ncsi.h Loading commit data...
ndisc.h Loading commit data...
neighbour.h Loading commit data...
net_failover.h Loading commit data...
net_namespace.h Loading commit data...
net_ratelimit.h Loading commit data...
netevent.h Loading commit data...
netlabel.h Loading commit data...
netlink.h Loading commit data...
netprio_cgroup.h Loading commit data...
netrom.h Loading commit data...
nexthop.h Loading commit data...
nl802154.h Loading commit data...
nsh.h Loading commit data...
p8022.h Loading commit data...
page_pool.h Loading commit data...
ping.h Loading commit data...
pkt_cls.h Loading commit data...
pkt_sched.h Loading commit data...
pptp.h Loading commit data...
protocol.h Loading commit data...
psample.h Loading commit data...
psnap.h Loading commit data...
raw.h Loading commit data...
rawv6.h Loading commit data...
red.h Loading commit data...
regulatory.h Loading commit data...
request_sock.h Loading commit data...
rose.h Loading commit data...
route.h Loading commit data...
rsi_91x.h Loading commit data...
rtnetlink.h Loading commit data...
sch_generic.h Loading commit data...
scm.h Loading commit data...
secure_seq.h Loading commit data...
seg6.h Loading commit data...
seg6_hmac.h Loading commit data...
seg6_local.h Loading commit data...
slhc_vj.h Loading commit data...
smc.h Loading commit data...
snmp.h Loading commit data...
sock.h Loading commit data...
sock_reuseport.h Loading commit data...
stp.h Loading commit data...
strparser.h Loading commit data...
switchdev.h Loading commit data...
tcp.h Loading commit data...
tcp_states.h Loading commit data...
timewait_sock.h Loading commit data...
tipc.h Loading commit data...
tls.h Loading commit data...
transp_v6.h Loading commit data...
tso.h Loading commit data...
tun_proto.h Loading commit data...
udp.h Loading commit data...
udp_tunnel.h Loading commit data...
udplite.h Loading commit data...
vsock_addr.h Loading commit data...
vxlan.h Loading commit data...
wext.h Loading commit data...
wimax.h Loading commit data...
x25.h Loading commit data...
x25device.h Loading commit data...
xdp.h Loading commit data...
xdp_sock.h Loading commit data...
xfrm.h Loading commit data...