1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Wed, 14 Feb 2024 15:24:41 +0100
3 Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression
5 Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
6 made unidirectional flow offload possible, while completely ignoring (and
7 breaking) bidirectional flow offload for nftables.
8 Add the missing flag that was left out as an exercise for the reader :)
10 Cc: Vlad Buslov <vladbu@nvidia.com>
11 Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
12 Signed-off-by: Felix Fietkau <nbd@nbd.name>
15 --- a/net/netfilter/nft_flow_offload.c
16 +++ b/net/netfilter/nft_flow_offload.c
17 @@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const
18 ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
21 + __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
22 ret = flow_offload_add(flowtable, flow);