From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.netfilter.org (mail.netfilter.org [217.70.188.207]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 720F61419A0; Wed, 14 Feb 2024 23:38:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.188.207 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707953914; cv=none; b=Ac+nCK8O0JgY4uX5mK7/aoQfzxvhTdlL06Mzq45oR0kt6d+yqQlT0UrCzSxl2V5waMpSB/w3R2D9TDdOSHdzQ6mFD6XL5NnHDpqMDJsVTbiq0gLoaDwCphcWCBzWFCeF/un+ntpv61ATmkakmjDNc12LDtuo1+E+0CpusVN8kcc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707953914; c=relaxed/simple; bh=cusHiibxw7scG0b928hwhY4fmI5SGcnm2+HPyqulOhQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=o9Hbk1yv7hkkf1mHQ9y7iv77ty7OvUnItnixxCvWQYWKVkgQjx353cqtUxpG54hwq7/KBh08pIwtKxg/lXuAzeR5zFIKx0658qsw+IdLf03UWwyQ6X5QZUcxxKwfdunzFS4yy1fYT+32hvGnBG+dYRrO+2gTnKVlLFQrQFj5tTc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=netfilter.org; spf=pass smtp.mailfrom=netfilter.org; arc=none smtp.client-ip=217.70.188.207 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=netfilter.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=netfilter.org From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org, pabeni@redhat.com, edumazet@google.com, fw@strlen.de Subject: [PATCH net 3/3] netfilter: nf_tables: fix bidirectional offload regression Date: Thu, 15 Feb 2024 00:38:18 +0100 Message-Id: <20240214233818.7946-4-pablo@netfilter.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240214233818.7946-1-pablo@netfilter.org> References: <20240214233818.7946-1-pablo@netfilter.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Felix Fietkau Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules") made unidirectional flow offload possible, while completely ignoring (and breaking) bidirectional flow offload for nftables. Add the missing flag that was left out as an exercise for the reader :) Cc: Vlad Buslov Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules") Reported-by: Daniel Golle Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nft_flow_offload.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 397351fa4d5f..ab9576098701 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; } + __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags); ret = flow_offload_add(flowtable, flow); if (ret < 0) goto err_flow_add; -- 2.30.2