netfilter: nf_tables: fix bidirectional offload regression

Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules") made unidirectional flow offload possible, while completely ignoring (and breaking) bidirectional flow offload for nftables. Add the missing flag that was left out as an exercise for the reader :) Cc: Vlad Buslov <[email protected]> Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules") Reported-by: Daniel Golle <[email protected]> Signed-off-by: Felix Fietkau <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
author: Felix Fietkau <[email protected]> 2024-02-14 15:42:35 +0100
committer: Pablo Neira Ayuso <[email protected]> 2024-02-15 00:20:00 +0100
commit: 84443741faab9045d53f022a9ac6a6633067a481 (patch)
tree: 5812ca30be397c72527fd10216d1d39edb124d09
parent: 0f1ae2821fa4b13ab0f5ad7ff89fa57efcb04fe0 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 397351fa4d5f..ab9576098701 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -361,6 +361,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
 		ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
 	}
 
+	__set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
 	ret = flow_offload_add(flowtable, flow);
 	if (ret < 0)
 		goto err_flow_add;
author	Felix Fietkau <[email protected]>	2024-02-14 15:42:35 +0100
committer	Pablo Neira Ayuso <[email protected]>	2024-02-15 00:20:00 +0100
commit	84443741faab9045d53f022a9ac6a6633067a481 (patch)
tree	5812ca30be397c72527fd10216d1d39edb124d09
parent	0f1ae2821fa4b13ab0f5ad7ff89fa57efcb04fe0 (diff)