| Message ID | 20210619001006.2067-1-pablo@netfilter.org |
|---|---|
| State | Superseded |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nf] netfilter: nf_tables_offload: skip VLAN handling if FLOW_DISSECTOR_KEY_CONTROL is unset | expand |
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index a48c5fd53a80..6fc29f9cc11e 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -56,8 +56,10 @@ static void nft_flow_rule_transfer_vlan(struct nft_offload_ctx *ctx, struct nft_flow_match *match = &flow->match; struct nft_offload_ethertype ethertype; - if (match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL) && - match->key.basic.n_proto != htons(ETH_P_8021Q) && + if (!(match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL))) + return; + + if (match->key.basic.n_proto != htons(ETH_P_8021Q) && match->key.basic.n_proto != htons(ETH_P_8021AD)) return;
Restore hardware offload support for rules that provide no matching ethertype through FLOW_DISSECTOR_KEY_CONTROL. Fixes: 783003f3bb8a ("netfilter: nftables_offload: special ethertype handling for VLAN") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nf_tables_offload.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)