Commit 2f131de3 authored Feb 17, 2022 by Paul Blakey Committed by David S. Miller Feb 18, 2022

net/sched: act_ct: Fix flow table lookup after ct clear or switching zones



Flow table lookup is skipped if packet either went through ct clear
action (which set the IP_CT_UNTRACKED flag on the packet), or while
switching zones and there is already a connection associated with
the packet. This will result in no SW offload of the connection,
and the and connection not being removed from flow table with
TCP teardown (fin/rst packet).

To fix the above, remove these unneccary checks in flow
table lookup.

Fixes: 46475bb2 ("net/sched: act_ct: Software offload of established flows")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 4224cfd7

net/sched/act_ct.c

+0 −5

Original line number	Diff line number	Diff line
		@@ -533,11 +533,6 @@ static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
		struct nf_conn *ct;
		u8 dir;

		/* Previously seen or loopback */
		ct = nf_ct_get(skb, &ctinfo);
		if ((ct && !nf_ct_is_template(ct)) \|\| ctinfo == IP_CT_UNTRACKED)
		return false;

		switch (family) {
		case NFPROTO_IPV4:
		if (!tcf_ct_flow_table_fill_tuple_ipv4(skb, &tuple, &tcph))