mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 12:57:53 +00:00
9bc64bd0cd
Referenced commit doesn't always set iifidx when offloading the flow to hardware. Fix the following cases: - nf_conn_act_ct_ext_fill() is called before extension is created with nf_conn_act_ct_ext_add() in tcf_ct_act(). This can cause rule offload with unspecified iifidx when connection is offloaded after only single original-direction packet has been processed by tc data path. Always fill the new nf_conn_act_ct_ext instance after creating it in nf_conn_act_ct_ext_add(). - Offloading of unidirectional UDP NEW connections is now supported, but ct flow iifidx field is not updated when connection is promoted to bidirectional which can result reply-direction iifidx to be zero when refreshing the connection. Fill in the extension and update flow iifidx before calling flow_offload_refresh(). Fixes: |
||
|---|---|---|
| .. | ||
| ipv4 | ||
| ipv6 | ||
| br_netfilter.h | ||
| nf_bpf_link.h | ||
| nf_conntrack.h | ||
| nf_conntrack_acct.h | ||
| nf_conntrack_act_ct.h | ||
| nf_conntrack_bpf.h | ||
| nf_conntrack_bridge.h | ||
| nf_conntrack_core.h | ||
| nf_conntrack_count.h | ||
| nf_conntrack_ecache.h | ||
| nf_conntrack_expect.h | ||
| nf_conntrack_extend.h | ||
| nf_conntrack_helper.h | ||
| nf_conntrack_l4proto.h | ||
| nf_conntrack_labels.h | ||
| nf_conntrack_seqadj.h | ||
| nf_conntrack_synproxy.h | ||
| nf_conntrack_timeout.h | ||
| nf_conntrack_timestamp.h | ||
| nf_conntrack_tuple.h | ||
| nf_conntrack_zones.h | ||
| nf_dup_netdev.h | ||
| nf_flow_table.h | ||
| nf_hooks_lwtunnel.h | ||
| nf_log.h | ||
| nf_nat.h | ||
| nf_nat_helper.h | ||
| nf_nat_masquerade.h | ||
| nf_nat_redirect.h | ||
| nf_queue.h | ||
| nf_reject.h | ||
| nf_socket.h | ||
| nf_synproxy.h | ||
| nf_tables.h | ||
| nf_tables_core.h | ||
| nf_tables_ipv4.h | ||
| nf_tables_ipv6.h | ||
| nf_tables_offload.h | ||
| nf_tproxy.h | ||
| nft_fib.h | ||
| nft_meta.h | ||
| nft_reject.h | ||
| xt_rateest.h | ||