Paul Blakey db6140e5e3 net/sched: act_ct: Fix flow table lookup failure with no originating ifindex ... After cited commit optimizted hw insertion, flow table entries are populated with ifindex information which was intended to only be used for HW offload. This tuple ifindex is hashed in the flow table key, so it must be filled for lookup to be successful. But tuple ifindex is only relevant for the netfilter flowtables (nft), so it's not filled in act_ct flow table lookup, resulting in lookup failure, and no SW offload and no offload teardown for TCP connection FIN/RST packets. To fix this, add new tc ifindex field to tuple, which will only be used for offloading, not for lookup, as it will not be part of the tuple hash. Fixes: 9795ded7f9 ("net/sched: act_ct: Fill offloading tuple iifidx") Signed-off-by: Paul Blakey <paulb@nvidia.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2022-03-01 22:08:31 +01:00
..
ipset
ipvs	ipvs: remove unused variable for ip_vs_new_dest	2021-11-30 22:46:08 +01:00
core.c	netfilter: fix use-after-free in __nf_register_net_hook()	2022-02-28 22:34:04 +01:00
Kconfig	netfilter: nf_tables: make counter support built-in	2021-12-23 01:07:35 +01:00
Makefile	netfilter: nf_tables: make counter support built-in	2021-12-23 01:07:35 +01:00
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c	netfilter: conntrack: don't increment invalid counter on NF_REPEAT	2022-01-16 00:55:27 +01:00
nf_conntrack_ecache.c
nf_conntrack_expect.c	netfilter: conntrack: convert to refcount_t api	2022-01-09 23:30:13 +01:00
nf_conntrack_extend.c
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c	netfilter: nf_conntrack_netbios_ns: fix helper module alias	2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c	netfilter: ctnetlink: disable helper autoassign	2022-02-04 05:39:57 +01:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_icmp.c
nf_conntrack_proto_icmpv6.c
nf_conntrack_proto_sctp.c	netfilter: conntrack: don't refresh sctp entries in closed state	2022-02-04 05:38:15 +01:00
nf_conntrack_proto_tcp.c	netfilter: conntrack: re-init state for retransmitted syn-ack	2022-02-04 05:39:51 +01:00
nf_conntrack_proto_udp.c
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c
nf_conntrack_snmp.c
nf_conntrack_standalone.c	netfilter: conntrack: convert to refcount_t api	2022-01-09 23:30:13 +01:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c
nf_flow_table_core.c	netfilter: conntrack: convert to refcount_t api	2022-01-09 23:30:13 +01:00
nf_flow_table_inet.c	netfilter: flowtable: remove ipv4/ipv6 modules	2021-12-23 01:07:44 +01:00
nf_flow_table_ip.c
nf_flow_table_offload.c	net/sched: act_ct: Fix flow table lookup failure with no originating ifindex	2022-03-01 22:08:31 +01:00
nf_hooks_lwtunnel.c
nf_internals.h
nf_log.c
nf_log_syslog.c
nf_nat_amanda.c
nf_nat_core.c	netfilter: make function op structures const	2022-01-09 23:30:13 +01:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c	netfilter: nf_nat_masquerade: add netns refcount tracker to masq_dev_work	2021-12-16 12:49:34 +01:00
nf_nat_proto.c
nf_nat_redirect.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c	netfilter: nf_queue: handle socket prefetch	2022-03-01 11:51:15 +01:00
nf_sockopt.c
nf_synproxy_core.c	netfilter: conntrack: convert to refcount_t api	2022-01-09 23:30:13 +01:00
nf_tables_api.c	netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant	2022-02-23 09:22:46 +01:00
nf_tables_core.c	netfilter: nf_tables: add rule blob layout	2022-01-09 23:35:17 +01:00
nf_tables_offload.c	netfilter: nf_tables_offload: incorrect flow offload action array size	2022-02-20 01:22:20 +01:00
nf_tables_trace.c	netfilter: nf_tables: add rule blob layout	2022-01-09 23:35:17 +01:00
nfnetlink.c
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_hook.c	net: Don't include filter.h from net/sock.h	2021-12-29 08:48:14 -08:00
nfnetlink_log.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next	2022-01-09 15:59:23 -08:00
nfnetlink_osf.c
nfnetlink_queue.c	netfilter: nf_queue: fix possible use-after-free	2022-03-01 11:50:35 +01:00
nft_bitwise.c	netfilter: nft_bitwise: track register operations	2022-01-09 23:35:17 +01:00
nft_byteorder.c	netfilter: nft_byteorder: track register operations	2022-01-27 00:07:24 +01:00
nft_chain_filter.c
nft_chain_nat.c
nft_chain_route.c
nft_cmp.c
nft_compat.c
nft_connlimit.c	netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails	2022-01-13 12:26:04 +01:00
nft_counter.c	netfilter: nf_tables: make counter support built-in	2021-12-23 01:07:35 +01:00
nft_ct.c	netfilter: nft_ct: fix use after free when attaching zone template	2022-01-27 00:03:09 +01:00
nft_dup_netdev.c	netfilter: nf_tables_offload: incorrect flow offload action array size	2022-02-20 01:22:20 +01:00
nft_dynset.c
nft_exthdr.c	netfilter: nft_payload: don't allow th access for fragments	2022-02-04 05:38:15 +01:00
nft_fib.c
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c
nft_fwd_netdev.c	netfilter: nf_tables_offload: incorrect flow offload action array size	2022-02-20 01:22:20 +01:00
nft_hash.c
nft_immediate.c	netfilter: nf_tables_offload: incorrect flow offload action array size	2022-02-20 01:22:20 +01:00
nft_last.c	netfilter: nf_tables: typo NULL check in _clone() function	2022-01-10 21:09:43 -08:00
nft_limit.c	netfilter: nft_limit: fix stateful object memory leak	2022-02-21 15:52:14 +01:00
nft_log.c
nft_lookup.c
nft_masq.c
nft_meta.c	netfilter: nft_meta: cancel register tracking after meta update	2022-01-09 23:35:17 +01:00
nft_nat.c
nft_numgen.c	netfilter: nft_numgen: move stateful fields out of expression data	2022-01-09 23:35:16 +01:00
nft_objref.c
nft_osf.c
nft_payload.c	netfilter: nft_payload: don't allow th access for fragments	2022-02-04 05:38:15 +01:00
nft_queue.c
nft_quota.c	netfilter: nf_tables: typo NULL check in _clone() function	2022-01-10 21:09:43 -08:00
nft_range.c
nft_redir.c
nft_reject.c
nft_reject_inet.c
nft_reject_netdev.c	net: Don't include filter.h from net/sock.h	2021-12-29 08:48:14 -08:00
nft_rt.c
nft_set_bitmap.c
nft_set_hash.c
nft_set_pipapo.c	netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone	2022-01-06 10:43:24 +01:00
nft_set_pipapo.h
nft_set_pipapo_avx2.c	netfilter: nft_set_pipapo_avx2: remove redundant pointer lt	2021-12-24 16:58:17 +01:00
nft_set_pipapo_avx2.h
nft_set_rbtree.c
nft_socket.c
nft_synproxy.c	netfilter: nft_synproxy: unregister hooks on init error path	2022-02-10 16:33:57 +01:00
nft_tproxy.c
nft_tunnel.c
nft_xfrm.c
utils.c
x_tables.c	proc: remove PDE_DATA() completely	2022-01-22 08:33:37 +02:00
xt_addrtype.c
xt_AUDIT.c
xt_bpf.c
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c	netfilter: conntrack: convert to refcount_t api	2022-01-09 23:30:13 +01:00
xt_dccp.c
xt_devgroup.c
xt_DSCP.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c	proc: remove PDE_DATA() completely	2022-01-22 08:33:37 +02:00
xt_helper.c
xt_HL.c
xt_hl.c
xt_HMARK.c
xt_IDLETIMER.c	netfilter: xt_IDLETIMER: replace snprintf in show functions with sysfs_emit	2021-11-08 12:14:05 +01:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c
xt_LOG.c
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_RATEEST.c
xt_rateest.c
xt_realm.c
xt_recent.c	proc: remove PDE_DATA() completely	2022-01-22 08:33:37 +02:00
xt_REDIRECT.c
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c
xt_socket.c	netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES dependency	2022-02-13 23:55:48 +01:00
xt_state.c
xt_statistic.c
xt_string.c
xt_TCPMSS.c
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c
xt_TPROXY.c
xt_TRACE.c
xt_u32.c