diff options
| author | Paul Blakey <paulb@nvidia.com> | 2022-02-17 12:30:48 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-02 13:47:57 +0300 |
| commit | a95ea90deb3071c1ded77a05e91cfebc5238d908 (patch) | |
| tree | 83f1045c2c10e0782f043a1ce1fb3f61f0d3ed7c /net/sched | |
| parent | d064d0c39405a7f0fc76d9b70ce9fb3bf434fe05 (diff) | |
| download | linux-a95ea90deb3071c1ded77a05e91cfebc5238d908.tar.xz | |
net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
commit 2f131de361f6d0eaff17db26efdb844c178432f8 upstream.
Flow table lookup is skipped if packet either went through ct clear
action (which set the IP_CT_UNTRACKED flag on the packet), or while
switching zones and there is already a connection associated with
the packet. This will result in no SW offload of the connection,
and the and connection not being removed from flow table with
TCP teardown (fin/rst packet).
To fix the above, remove these unneccary checks in flow
table lookup.
Fixes: 46475bb20f4b ("net/sched: act_ct: Software offload of established flows")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/sched')
| -rw-r--r-- | net/sched/act_ct.c | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 2a17eb77c904..4ffea1290ce1 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -516,11 +516,6 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p, struct nf_conn *ct; u8 dir; - /* Previously seen or loopback */ - ct = nf_ct_get(skb, &ctinfo); - if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED) - return false; - switch (family) { case NFPROTO_IPV4: if (!tcf_ct_flow_table_fill_tuple_ipv4(skb, &tuple, &tcph)) |