netfilter pull request 24-02-15
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmXNTiwACgkQ1V2XiooU IORw4RAAmr6WYYKyKL9TLXtdxp2c5Aj2BClIrMS/mtLBT9RKjxvL5/m2ePFCvz7N /i7Om+dquZ4m5bS8Dk6MO61fhaKEmNWYigvfIYs4fc4qYj5WTV6XMzhY2lCRIgns UQXZ0zbb2+BbmsXL/izYcXwM3VMp2l8PLhb/OeGtUtLDMZXF+INXrn3krYLc3TxS 4UEeLiCwxy8hgGCyS1w73GctfkznQ5vd2Zb6sD6TJ0pG1H4LmhxGDaQPMEtR9DaV l+gxC9+Igw6r1Gmv9c1QZ//dvw4Jb+0ZuYEifeD/xqT//M56AKh8UB1/Nil6Kazq r/VroMxQcuTJIPcx72F14U94M6r1BVRDIpBjVcpWBCrWjkgaJZkl2tcwfmn8Cihb GWRy0zGbYoBynlsseSQUWvfJBGn0D8aFCaoroHYkFfg67Gj8aom5/hIuP2OblN3a d+9VQ9FbEkoddv/JAF0Dp6+VVPi6DRxUOj8zC9+Ynl/+AMtx8xZ9B4yUf3n8pEag 7+OWDEnVHV7aFyfSeBETUQOPLSi+k4wpvp02QilbKIJ8s7Pp4v9KKw3CvHD59nrI Ci9Z7PhWICoh+cZXYgradZVbyoJ6iRv2LskG/RlRpHxilZ5os+pcOiUR7dEARX05 tPRLagMiHsMsy7lsYhe+YBKtYZ1FMxGU+5p63hpkSDUVvOoV+R4= =G4r8 -----END PGP SIGNATURE----- Merge tag 'nf-24-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following batch contains Netfilter fixes for net: 1) Missing : in kdoc field in nft_set_pipapo. 2) Restore default DNAT behavior When a DNAT rule is configured via iptables with different port ranges, from Kyle Swenson. 3) Restore flowtable hardware offload for bidirectional flows by setting NF_FLOW_HW_BIDIRECTIONAL flag, from Felix Fietkau. netfilter pull request 24-02-15 * tag 'nf-24-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: fix bidirectional offload regression netfilter: nat: restore default DNAT behavior netfilter: nft_set_pipapo: fix missing : in kdoc ==================== Link: https://lore.kernel.org/r/20240214233818.7946-1-pablo@netfilter.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
This commit is contained in:
commit
d74b23d0c2
@ -551,8 +551,11 @@ static void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
|
||||
find_free_id:
|
||||
if (range->flags & NF_NAT_RANGE_PROTO_OFFSET)
|
||||
off = (ntohs(*keyptr) - ntohs(range->base_proto.all));
|
||||
else
|
||||
else if ((range->flags & NF_NAT_RANGE_PROTO_RANDOM_ALL) ||
|
||||
maniptype != NF_NAT_MANIP_DST)
|
||||
off = get_random_u16();
|
||||
else
|
||||
off = 0;
|
||||
|
||||
attempts = range_size;
|
||||
if (attempts > NF_NAT_MAX_ATTEMPTS)
|
||||
|
@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
|
||||
ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||
}
|
||||
|
||||
__set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
|
||||
ret = flow_offload_add(flowtable, flow);
|
||||
if (ret < 0)
|
||||
goto err_flow_add;
|
||||
|
@ -144,10 +144,10 @@ struct nft_pipapo_scratch {
|
||||
|
||||
/**
|
||||
* struct nft_pipapo_match - Data used for lookup and matching
|
||||
* @field_count Amount of fields in set
|
||||
* @field_count: Amount of fields in set
|
||||
* @scratch: Preallocated per-CPU maps for partial matching results
|
||||
* @bsize_max: Maximum lookup table bucket size of all fields, in longs
|
||||
* @rcu Matching data is swapped on commits
|
||||
* @rcu: Matching data is swapped on commits
|
||||
* @f: Fields, with lookup and mapping tables
|
||||
*/
|
||||
struct nft_pipapo_match {
|
||||
|
Loading…
Reference in New Issue
Block a user