kernel: fix bidirectional hardware flow offload

[openwrt/staging/robimarko.git] / target / linux / generic / pending-6.1 / 704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch

diff --git a/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch b/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch
new file mode 100644 (file)
index 0000000..70724cb
--- /dev/null
+++ b/target/linux/generic/pending-6.1/704-netfilter-nf_tables-fix-bidirectional-offload-regres.patch
@@ -0,0 +1,24 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 14 Feb 2024 15:24:41 +0100
+Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression
+
+Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
+made unidirectional flow offload possible, while completely ignoring (and
+breaking) bidirectional flow offload for nftables.
+Add the missing flag that was left out as an exercise for the reader :)
+
+Cc: Vlad Buslov <vladbu@nvidia.com>
+Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/netfilter/nft_flow_offload.c
++++ b/net/netfilter/nft_flow_offload.c
+@@ -357,6 +357,7 @@ static void nft_flow_offload_eval(const
+               ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+       }
+ 
++      __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
+       ret = flow_offload_add(flowtable, flow);
+       if (ret < 0)
+               goto err_flow_add;