On 06/10/2021 17:03, Florian Westphal wrote:
It looks like Jinpu Wang <jinpu.wang@xxxxxxxxx> has found the offending commit, it's 09e856d54bda5f28 "vrf: Reset skb conntrack connection on VRF rcv" from Aug 15 2021.This change is very recent, you reported failure between 5.4 and 5.10, or was that already backported? This change doesn't influcence matching either, but it does zap the ct zone association afaics.
Yes, looks like it was backported to Debian/Ubuntu kernels Jinpu reported that reverting the change restores the "old" behaviour. But we have not yet checked how it affects SNAT.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
