[SRU][F:linux-bluefield][PATCH 0/4] Fix ignoring ct state match of OVS offload to TC/HW
Bodong Wang
bodong at nvidia.com
Thu Sep 30 20:51:16 UTC 2021
When using OVS with tc to offload connection tracking flows, if user matches on
ct_state other then trk and est, such as ct_state +rpl, it will be silently
ignored by TC/HW and might result in wrong actions being executed.
This series from upstream fixed the bug.
Jakub Kicinski (1):
netlink: add mask validation
wenxu (3):
net/sched: cls_flower: Reject invalid ct_state flags rules
net/sched: cls_flower: validate ct_state for invalid and reply flags
net/sched: cls_flower: fix only mask bit check in the
validate_ct_state
include/net/netlink.h | 16 +++++++++++++
include/uapi/linux/pkt_cls.h | 2 ++
lib/nlattr.c | 36 +++++++++++++++++++++++++++++
net/sched/cls_flower.c | 54 ++++++++++++++++++++++++++++++++++++++++++--
4 files changed, 106 insertions(+), 2 deletions(-)
--
1.8.3.1
More information about the kernel-team
mailing list