[openwrt/openwrt] kernel: fix bidirectional hardware flow offload

LEDE Commits lede-commits at lists.infradead.org
Wed Feb 14 07:23:13 PST 2024 

nbd pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/869df9ecdf0aeaa0fe1c97c1a1801340086f9ab3

commit 869df9ecdf0aeaa0fe1c97c1a1801340086f9ab3
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Wed Feb 14 16:21:36 2024 +0100

    kernel: fix bidirectional hardware flow offload
    
    Fix a bug that was introduced upstream
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
 .../650-netfilter-add-xt_FLOWOFFLOAD-target.patch  |  3 ++-
 ...f_tables-fix-bidirectional-offload-regres.patch | 24 ++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index 9ff45a414e..f753b590e7 100644
--- a/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -36,7 +36,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,698 @@
+@@ -0,0 +1,699 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd at nbd.name>
 + *
@@ -574,6 +574,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
 +	if (!net)
 +		write_pnet(&table->ft.net, xt_net(par));
 +
++	__set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
 +	if (flow_offload_add(&table->ft, flow) < 0)
 +		goto err_flow_add;
 +
diff --git a/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch b/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch
new file mode 100644
index 0000000000..70724cb3a2
--- /dev/null
+++ b/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch
@@ -0,0 +1,24 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Wed, 14 Feb 2024 15:24:41 +0100
+Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression
+
+Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
+made unidirectional flow offload possible, while completely ignoring (and
+breaking) bidirectional flow offload for nftables.
+Add the missing flag that was left out as an exercise for the reader :)
+
+Cc: Vlad Buslov <vladbu at nvidia.com>
+Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/netfilter/nft_flow_offload.c
++++ b/net/netfilter/nft_flow_offload.c
+@@ -357,6 +357,7 @@ static void nft_flow_offload_eval(const
+ 		ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ 	}
+ 
++	__set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
+ 	ret = flow_offload_add(flowtable, flow);
+ 	if (ret < 0)
+ 		goto err_flow_add;

More information about the lede-commits mailing list