diff mbox series

[net,1/1] net/sched: act_ct: Fix flow table lookup after ct clear or switching zones

Message ID 20220217093048.23392-1-paulb@nvidia.com (mailing list archive)
State Accepted
Commit 2f131de361f6d0eaff17db26efdb844c178432f8
Delegated to: Netdev Maintainers
Headers show
Series [net,1/1] net/sched: act_ct: Fix flow table lookup after ct clear or switching zones | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers fail 2 blamed authors not CCed: jiri@resnulli.us paulb@mellanox.com; 2 maintainers not CCed: jiri@resnulli.us paulb@mellanox.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 11 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Paul Blakey Feb. 17, 2022, 9:30 a.m. UTC 
Flow table lookup is skipped if packet either went through ct clear
action (which set the IP_CT_UNTRACKED flag on the packet), or while
switching zones and there is already a connection associated with
the packet. This will result in no SW offload of the connection,
and the and connection not being removed from flow table with
TCP teardown (fin/rst packet).

To fix the above, remove these unneccary checks in flow
table lookup.

Fixes: 46475bb20f4b ("net/sched: act_ct: Software offload of established flows")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
---
 net/sched/act_ct.c | 5 -----
 1 file changed, 5 deletions(-)

Comments

Marcelo Ricardo Leitner Feb. 17, 2022, 11:09 p.m. UTC | #1 
On Thu, Feb 17, 2022 at 11:30:48AM +0200, Paul Blakey wrote:
> Flow table lookup is skipped if packet either went through ct clear
> action (which set the IP_CT_UNTRACKED flag on the packet), or while
> switching zones and there is already a connection associated with
> the packet. This will result in no SW offload of the connection,
> and the and connection not being removed from flow table with
> TCP teardown (fin/rst packet).
> 
> To fix the above, remove these unneccary checks in flow
> table lookup.
> 
> Fixes: 46475bb20f4b ("net/sched: act_ct: Software offload of established flows")
> Signed-off-by: Paul Blakey <paulb@nvidia.com>

Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
patchwork-bot+netdevbpf@kernel.org Feb. 18, 2022, 11:10 a.m. UTC | #2 
Hello:

This patch was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:

On Thu, 17 Feb 2022 11:30:48 +0200 you wrote:
> Flow table lookup is skipped if packet either went through ct clear
> action (which set the IP_CT_UNTRACKED flag on the packet), or while
> switching zones and there is already a connection associated with
> the packet. This will result in no SW offload of the connection,
> and the and connection not being removed from flow table with
> TCP teardown (fin/rst packet).
> 
> [...]

Here is the summary with links:
  - [net,1/1] net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
    https://git.kernel.org/netdev/net/c/2f131de361f6

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index f99247fc6468..33e70d60f0bf 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -533,11 +533,6 @@  static bool tcf_ct_flow_table_lookup(struct tcf_ct_params *p,
 	struct nf_conn *ct;
 	u8 dir;
 
-	/* Previously seen or loopback */
-	ct = nf_ct_get(skb, &ctinfo);
-	if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED)
-		return false;
-
 	switch (family) {
 	case NFPROTO_IPV4:
 		if (!tcf_ct_flow_table_fill_tuple_ipv4(skb, &tuple, &tcph))