Restore hardware offload support for rules that provide no matching
ethertype through FLOW_DISSECTOR_KEY_CONTROL.
Fixes: 783003f3bb8a ("netfilter: nftables_offload: special ethertype handling for VLAN")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nf_tables_offload.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index a48c5fd53a80..6fc29f9cc11e 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -56,8 +56,10 @@ static void nft_flow_rule_transfer_vlan(struct nft_offload_ctx *ctx,
struct nft_flow_match *match = &flow->match;
struct nft_offload_ethertype ethertype;
- if (match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL) &&
- match->key.basic.n_proto != htons(ETH_P_8021Q) &&
+ if (!(match->dissector.used_keys & BIT(FLOW_DISSECTOR_KEY_CONTROL)))
+ return;
+
+ if (match->key.basic.n_proto != htons(ETH_P_8021Q) &&
match->key.basic.n_proto != htons(ETH_P_8021AD))
return;
--
2.30.2
