git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 6 Jun 2022 15:31:29 +0000 (17:31 +0200)
committer	Stefan Bader <stefan.bader@canonical.com>
	Fri, 26 Aug 2022 08:52:57 +0000 (10:52 +0200)
commit	bb6a3a2a1c0d0cb2b77051623dbd402eb17cfd60
tree	2345ccb63b55ba9e231f523493998aedc5fe6fcb	tree
parent	77e660db0486e0cb69900a2980569d2798fd158a	commit \| diff

netfilter: nf_tables: bail out early if hardware offload is not supported

BugLink: https://bugs.launchpad.net/bugs/1982968
[ Upstream commit 3a41c64d9c1185a2f3a184015e2a9b78bfc99c71 ]

If user requests for NFT_CHAIN_HW_OFFLOAD, then check if either device
provides the .ndo_setup_tc interface or there is an indirect flow block
that has been registered. Otherwise, bail out early from the preparation
phase. Moreover, validate that family == NFPROTO_NETDEV and hook is
NF_NETDEV_INGRESS.

Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

include/net/flow_offload.h		diff \| blob \| blame \| history
include/net/netfilter/nf_tables_offload.h		diff \| blob \| blame \| history
net/core/flow_offload.c		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nf_tables_offload.c		diff \| blob \| blame \| history