netfilter: flowtable: dst_check() from garbage collector path

Move dst_check() to the garbage collector path. Stale routes trigger the flow entry teardown state which makes affected flows go back to the classic forwarding path to re-evaluate flow offloading. IPv6 requires the dst cookie to work, store it in the flow_tuple, otherwise dst_check() always fails. Fixes: e5075c0badaa ("netfilter: flowtable: call dst_check() to fall back to classic forwarding") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-03-28 23:08:55 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-03-31 22:34:11 +0200
commit: 8b9229d15877ec77775633f058d14145f6eb98fa (patch)
tree: fce382c7beb58215e6e6ad99bc8b36a8999fda87 /include
parent: netfilter: ipset: Remove duplicate declaration (diff)
download: linux-8b9229d15877ec77775633f058d14145f6eb98fa.tar.xz
linux-8b9229d15877ec77775633f058d14145f6eb98fa.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index 4d991c1e93ef..583b327d8fc0 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -129,7 +129,10 @@ struct flow_offload_tuple {
 					in_vlan_ingress:2;
 	u16				mtu;
 	union {
-		struct dst_entry	*dst_cache;
+		struct {
+			struct dst_entry *dst_cache;
+			u32		dst_cookie;
+		};
 		struct {
 			u32		ifidx;
 			u32		hw_ifidx;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-03-28 23:08:55 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-03-31 22:34:11 +0200
commit	8b9229d15877ec77775633f058d14145f6eb98fa (patch)
tree	fce382c7beb58215e6e6ad99bc8b36a8999fda87 /include
parent	netfilter: ipset: Remove duplicate declaration (diff)
download	linux-8b9229d15877ec77775633f058d14145f6eb98fa.tar.xz linux-8b9229d15877ec77775633f058d14145f6eb98fa.zip