Eugene Crosser <crosser@xxxxxxxxxxx> wrote: > On 06/10/2021 17:03, Florian Westphal wrote: > > > > It looks like Jinpu Wang <jinpu.wang@xxxxxxxxx> has found the offending > > > commit, it's 09e856d54bda5f28 "vrf: Reset skb conntrack connection on VRF > > > rcv" from Aug 15 2021. > > > > This change is very recent, you reported failure between 5.4 and 5.10, or was > > that already backported? > > > > This change doesn't influcence matching either, but it does zap the ct > > zone association afaics. > > Yes, looks like it was backported to Debian/Ubuntu kernels > > Jinpu reported that reverting the change restores the "old" behaviour. > > But we have not yet checked how it affects SNAT. Can you start a new thread on netdev and CC author of that commit and l3m/vrf maintainers/authors? I'm afraid you won't find anyone on the netfilter lists that can make any statements on what the VRF expectations are.