Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2225191/?format=api
{ "id": 2225191, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2225191/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260420-nft-flowtable-priority-v1-1-6603fbbf1366@kernel.org/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260420-nft-flowtable-priority-v1-1-6603fbbf1366@kernel.org>", "date": "2026-04-20T13:39:08", "name": "[RFC,nf-next] netfilter: flowtable_offload: propagate CT mark to hardware offload path", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "dc81fbb590c455b5184a3f012423926fa3bd9702", "submitter": { "id": 76007, "url": "http://patchwork.ozlabs.org/api/1.1/people/76007/?format=api", "name": "Lorenzo Bianconi", "email": "lorenzo@kernel.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260420-nft-flowtable-priority-v1-1-6603fbbf1366@kernel.org/mbox/", "series": [ { "id": 500619, "url": "http://patchwork.ozlabs.org/api/1.1/series/500619/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=500619", "date": "2026-04-20T13:39:08", "name": "[RFC,nf-next] netfilter: flowtable_offload: propagate CT mark to hardware offload path", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500619/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2225191/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2225191/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12064-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=IG7gre5P;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12064-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"IG7gre5P\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzpqr0fzYz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 21 Apr 2026 01:12:08 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 4098C3226854\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 20 Apr 2026 14:44:12 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id DCCAA3D7D8E;\n\tMon, 20 Apr 2026 13:39:42 +0000 (UTC)", "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 6657C3D75AB;\n\tMon, 20 Apr 2026 13:39:42 +0000 (UTC)", "by smtp.kernel.org (Postfix) with ESMTPSA id AB8FAC19425;\n\tMon, 20 Apr 2026 13:39:41 +0000 (UTC)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776692382; cv=none;\n b=dHxwylxrHAcBCfFqCNBr6Gfq1a4o6YR/G9vwlIQy6Qd336aBFbouzRlQuIfyLgshbkFl+27C+fFRINb4n1xvHUjetfHgBGLmyhQvOldECg0xvB9cPgb2nhg64PDeXszx3JHEE0Y7XEuZYmPfn+FeQtaIEzjcNJ4wqTu7cXe2t1U=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776692382; c=relaxed/simple;\n\tbh=2apI9q1rG+ui2BIKoGC3UZUi3aOcHG39oSwEJgtXR/8=;\n\th=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc;\n b=FRWpK/HdytxsWE3V9svvncNHKtnRpGJFpGZxMQnyqJkfXzf3hFkfR2pm0AxKMhHEMPSKOvuOnp/Lq88q6nKTG2Pnq08L2ILLR0NHemFYPoTs5J2rH6R/435kiSMcmZqCpK+ZPpA2pHXZbCxWkYJds2Wm0AtXtYcZ99+7wUzrDao=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=IG7gre5P; arc=none smtp.client-ip=10.30.226.201", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1776692382;\n\tbh=2apI9q1rG+ui2BIKoGC3UZUi3aOcHG39oSwEJgtXR/8=;\n\th=From:Date:Subject:To:Cc:From;\n\tb=IG7gre5P8zuhyokbHZF5eeCwOnhVF52IH1qPoY+vzbkkuOe72X5r/LtVSWi5CWimJ\n\t apA2vR5MBZXTvI4/35GuWdWP124+dOV9F3s/IXNOGEUKN79nDTFcrOCMO92GWnxnox\n\t aAKpYm6DEI5KR2RuCE57lYv+pGJMkcq05YDu6JDfrQe4o7voPauEtOtu2AeTzTWmUg\n\t P2vVINaKL528yX1SO5bi0cSBdQkqjDTKwB9yxEira7gGXvcNmIZqtPbtIzdogehUXv\n\t bzSXK+VsI/l2Kade+EVqKcy8JVik5R9HC25TsCqQ9SJGfqoYINIdZQvntKKKrnrlvV\n\t em1nlnxNbvG/A==", "From": "Lorenzo Bianconi <lorenzo@kernel.org>", "Date": "Mon, 20 Apr 2026 15:39:08 +0200", "Subject": "[PATCH RFC nf-next] netfilter: flowtable_offload: propagate CT\n mark to hardware offload path", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "7bit", "Message-Id": "<20260420-nft-flowtable-priority-v1-1-6603fbbf1366@kernel.org>", "X-B4-Tracking": "v=1; b=H4sIAAAAAAAC/x3MwQrCMAyA4VcpORuowQ30KvgAXoeH6hINjHSkR\n Sdj727x+B3+f4XCrlzgFFZwfmvRbA37XYDHK9mTUcdmoEh9PFBEk4oy5U9N94lxds2u9Ys9sxw\n jjdR1CVo8O4su//EA18s5mKDxUuG2bT9Ch8j+dQAAAA==", "X-Change-ID": "20260420-nft-flowtable-priority-6eef902d255a", "To": "Pablo Neira Ayuso <pablo@netfilter.org>,\n Florian Westphal <fw@strlen.de>, Phil Sutter <phil@nwl.cc>,\n \"David S. Miller\" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,\n Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,\n Simon Horman <horms@kernel.org>", "Cc": "netfilter-devel@vger.kernel.org, coreteam@netfilter.org,\n netdev@vger.kernel.org, Lorenzo Bianconi <lorenzo@kernel.org>", "X-Mailer": "b4 0.14.3" }, "content": "When a user-space process sets the Connection Tracking (CT) mark on a\nflow via nft_ct or xt_CONNMARK, that mark should be visible to the\nhardware offload path when the flow is accelerated through the flowtable\ninfrastructure.\nExtend the flowtable offload attribute set to include the ct mark field\nwhen it has been explicitly set on the conntrack entry.\n\nSigned-off-by: Lorenzo Bianconi <lorenzo@kernel.org>\n---\n net/netfilter/nf_flow_table_offload.c | 20 ++++++++++++++++++++\n 1 file changed, 20 insertions(+)\n\n\n---\nbase-commit: 3f3a2aefbc661b837c8e344f944982d61c2ae037\nchange-id: 20260420-nft-flowtable-priority-6eef902d255a\n\nBest regards,", "diff": "diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c\nindex 002ec15d988b..d5fe35b1a647 100644\n--- a/net/netfilter/nf_flow_table_offload.c\n+++ b/net/netfilter/nf_flow_table_offload.c\n@@ -679,6 +679,22 @@ static int flow_offload_decap_tunnel(const struct flow_offload *flow,\n \treturn 0;\n }\n \n+static void nf_flow_rule_ct_meta_mark(const struct flow_offload *flow,\n+\t\t\t\t struct nf_flow_rule *flow_rule)\n+{\n+#if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)\n+\tu32 mark = flow->ct ? READ_ONCE(flow->ct->mark) : 0;\n+\n+\tif (mark) {\n+\t\tstruct flow_action_entry *entry;\n+\n+\t\tentry = flow_action_entry_next(flow_rule);\n+\t\tentry->id = FLOW_ACTION_CT_METADATA;\n+\t\tentry->ct_metadata.mark = mark;\n+\t}\n+#endif /* IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) */\n+}\n+\n static int\n nf_flow_rule_route_common(struct net *net, const struct flow_offload *flow,\n \t\t\t enum flow_offload_tuple_dir dir,\n@@ -747,6 +763,8 @@ int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,\n \tif (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0)\n \t\treturn -1;\n \n+\tnf_flow_rule_ct_meta_mark(flow, flow_rule);\n+\n \tif (test_bit(NF_FLOW_SNAT, &flow->flags)) {\n \t\tif (flow_offload_ipv4_snat(net, flow, dir, flow_rule) < 0 ||\n \t\t flow_offload_port_snat(net, flow, dir, flow_rule) < 0)\n@@ -776,6 +794,8 @@ int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,\n \tif (nf_flow_rule_route_common(net, flow, dir, flow_rule) < 0)\n \t\treturn -1;\n \n+\tnf_flow_rule_ct_meta_mark(flow, flow_rule);\n+\n \tif (test_bit(NF_FLOW_SNAT, &flow->flags)) {\n \t\tif (flow_offload_ipv6_snat(net, flow, dir, flow_rule) < 0 ||\n \t\t flow_offload_port_snat(net, flow, dir, flow_rule) < 0)\n", "prefixes": [ "RFC", "nf-next" ] }