netfilter: flowtable: Support GRE

Support GREv0 without NAT. Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Toshiaki Makita <toshiaki.makita1@gmail.com> 2022-02-25 10:53:07 +0900
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-03 15:20:51 +0100
commit: 4e8d9584d154479d357327f76d4e49486915c9c9 (patch)
tree: 3ea57b1ebe26013b5235a5546cb8a6180d8a005a /net/netfilter/nft_flow_offload.c
parent: f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 0af34ad41479..731b5d87ef45 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -298,6 +298,19 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
 		break;
 	case IPPROTO_UDP:
 		break;
+#ifdef CONFIG_NF_CT_PROTO_GRE
+	case IPPROTO_GRE: {
+		struct nf_conntrack_tuple *tuple;
+
+		if (ct->status & IPS_NAT_MASK)
+			goto out;
+		tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
+		/* No support for GRE v1 */
+		if (tuple->src.u.gre.key || tuple->dst.u.gre.key)
+			goto out;
+		break;
+	}
+#endif
 	default:
 		goto out;
 	}
author	Toshiaki Makita <toshiaki.makita1@gmail.com>	2022-02-25 10:53:07 +0900
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-03 15:20:51 +0100
commit	4e8d9584d154479d357327f76d4e49486915c9c9 (patch)
tree	3ea57b1ebe26013b5235a5546cb8a6180d8a005a /net/netfilter/nft_flow_offload.c
parent	f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 (diff)