From 869df9ecdf0aeaa0fe1c97c1a1801340086f9ab3 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 14 Feb 2024 16:21:36 +0100 Subject: [PATCH] kernel: fix bidirectional hardware flow offload Fix a bug that was introduced upstream Signed-off-by: Felix Fietkau --- ...-netfilter-add-xt_FLOWOFFLOAD-target.patch | 3 ++- ...les-fix-bidirectional-offload-regres.patch | 24 +++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch diff --git a/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch index 9ff45a414ee0..f753b590e70b 100644 --- a/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch +++ b/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch @@ -36,7 +36,7 @@ Signed-off-by: Felix Fietkau obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,698 @@ +@@ -0,0 +1,699 @@ +/* + * Copyright (C) 2018-2021 Felix Fietkau + * @@ -574,6 +574,7 @@ Signed-off-by: Felix Fietkau + if (!net) + write_pnet(&table->ft.net, xt_net(par)); + ++ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags); + if (flow_offload_add(&table->ft, flow) < 0) + goto err_flow_add; + diff --git a/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch b/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch new file mode 100644 index 000000000000..70724cb3a2d9 --- /dev/null +++ b/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch @@ -0,0 +1,24 @@ +From: Felix Fietkau +Date: Wed, 14 Feb 2024 15:24:41 +0100 +Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression + +Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules") +made unidirectional flow offload possible, while completely ignoring (and +breaking) bidirectional flow offload for nftables. +Add the missing flag that was left out as an exercise for the reader :) + +Cc: Vlad Buslov +Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules") +Signed-off-by: Felix Fietkau +--- + +--- a/net/netfilter/nft_flow_offload.c ++++ b/net/netfilter/nft_flow_offload.c +@@ -357,6 +357,7 @@ static void nft_flow_offload_eval(const + ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; + } + ++ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags); + ret = flow_offload_add(flowtable, flow); + if (ret < 0) + goto err_flow_add;