Re: In raw prerouting, `iif` matches different interfaces in different kernels when enslaved in a vrf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eugene Crosser <crosser@xxxxxxxxxxx> wrote:
> On 06/10/2021 17:03, Florian Westphal wrote:
> 
> > > It looks like Jinpu Wang <jinpu.wang@xxxxxxxxx> has found the offending
> > > commit, it's 09e856d54bda5f28 "vrf: Reset skb conntrack connection on VRF
> > > rcv" from Aug 15 2021.
> > 
> > This change is very recent, you reported failure between 5.4 and 5.10, or was
> > that already backported?
> > 
> > This change doesn't influcence matching either, but it does zap the ct
> > zone association afaics.
> 
> Yes, looks like it was backported to Debian/Ubuntu kernels
> 
> Jinpu reported that reverting the change restores the "old" behaviour.
> 
> But we have not yet checked how it affects SNAT.

Can you start a new thread on netdev and CC author of that commit
and l3m/vrf maintainers/authors?

I'm afraid you won't find anyone on the netfilter lists that can make
any statements on what the VRF expectations are.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux