git.ipfire.org Git - thirdparty/kernel/stable.git/commit

vrf: don't run conntrack on vrf with !dflt qdisc

commit d43b75fbc23f0ac1ef9c14a5a166d3ccb761a451 upstream.

After the below patch, the conntrack attached to skb is set to "notrack" in
the context of vrf device, for locally generated packets.
But this is true only when the default qdisc is set to the vrf device. When
changing the qdisc, notrack is not set anymore.
In fact, there is a shortcut in the vrf driver, when the default qdisc is
set, see commit dcdd43c41e60 ("net: vrf: performance improvements for
IPv4") for more details.

This patch ensures that the behavior is always the same, whatever the qdisc
is.

To demonstrate the difference, a new test is added in conntrack_vrf.sh.

Fixes: 8c9c296adfae ("vrf: run conntrack only in context of lower/physdev for locally generated packets")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Florian Westphal <fw@strlen.de>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Nicolas Dichtel <nicolas.dichtel@6wind.com>
	Fri, 26 Nov 2021 14:36:12 +0000 (15:36 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 14 Dec 2021 13:48:59 +0000 (14:48 +0100)
commit	15f987473d331b5722cc1ada5a13b35f58679c8b
tree	0db79676fbf9cd8725dc1c5326abbe1ed7ece95b	tree \| snapshot
parent	8d3563ecbca3526fcc6639065c9fb11b2f234706	commit \| diff

drivers/net/vrf.c		diff \| blob \| blame \| history
tools/testing/selftests/netfilter/conntrack_vrf.sh		diff \| blob \| blame \| history