diff options
author | Henry Yen <henry.yen@mediatek.com> | 2019-01-14 10:59:43 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-14 12:50:59 +0100 |
commit | 2314e879747e82896f51cce4488f6a00f3e1af7b (patch) | |
tree | 89704152d4ea1fcbdb38eed1702772f839129764 /net/bridge | |
parent | netfilter: nft_flow_offload: fix interaction with vrf slave device (diff) | |
download | linux-2314e879747e82896f51cce4488f6a00f3e1af7b.tar.xz linux-2314e879747e82896f51cce4488f6a00f3e1af7b.zip |
netfilter: nft_flow_offload: fix checking method of conntrack helper
This patch uses nfct_help() to detect whether an established connection
needs conntrack helper instead of using test_bit(IPS_HELPER_BIT,
&ct->status).
The reason is that IPS_HELPER_BIT is only set when using explicit CT
target.
However, in the case that a device enables conntrack helper via command
"echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper", the status of
IPS_HELPER_BIT will not present any change, and consequently it loses
the checking ability in the context.
Signed-off-by: Henry Yen <henry.yen@mediatek.com>
Reviewed-by: Ryder Lee <ryder.lee@mediatek.com>
Tested-by: John Crispin <john@phrozen.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge')
0 files changed, 0 insertions, 0 deletions