From patchwork Fri Mar 23 18:15:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Fietkau X-Patchwork-Id: 890095 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nbd.name Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=nbd.name header.i=@nbd.name header.b="Cc8p+bYi"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 407BYG40Lqz9s08 for ; Sat, 24 Mar 2018 05:15:46 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752199AbeCWSPp (ORCPT ); Fri, 23 Mar 2018 14:15:45 -0400 Received: from nbd.name ([46.4.11.11]:35860 "EHLO nbd.name" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751888AbeCWSPp (ORCPT ); Fri, 23 Mar 2018 14:15:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=g5VqMgqkiVu30qpcRZAQWXNR1M7BKGJ18CutDw9+NYw=; b=Cc8p+bYi51EzmAS0uZiejT+gRO R7tAWBiZoMeMNHz7rdXUf/cb8QU39wKdHvegMkLiLy8peB5uiXUiHRThxdRwdmNEZbYhi3X+Y0XGb 3ywonIlq4zhNCUcrGIv7Dc4FW3eT/pA5ytr1UJFnJ6Zu+H/aLIkpohQL6l67uXQ4vmnw=; Received: by maeck.lan (Postfix, from userid 501) id 911FF1DBDA7B; Fri, 23 Mar 2018 19:15:38 +0100 (CET) From: Felix Fietkau To: netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org, nbd@nbd.name Subject: [PATCH 2/2] netfilter: nf_flow_table: fix offloading connections with SNAT+DNAT Date: Fri, 23 Mar 2018 19:15:38 +0100 Message-Id: <20180323181538.14247-2-nbd@nbd.name> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180323181538.14247-1-nbd@nbd.name> References: <20180323181538.14247-1-nbd@nbd.name> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Pass all NAT types to the flow offload struct, otherwise parts of the address/port pair do not get translated properly, causing connection stalls Signed-off-by: Felix Fietkau --- net/netfilter/nf_flow_table_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 0699981a8511..eb0d1658ac05 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -84,7 +84,7 @@ flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) if (ct->status & IPS_SRC_NAT) flow->flags |= FLOW_OFFLOAD_SNAT; - else if (ct->status & IPS_DST_NAT) + if (ct->status & IPS_DST_NAT) flow->flags |= FLOW_OFFLOAD_DNAT; return flow;