Re: [REGRESSION] Unable to NAT own TCP packets from another VRF with tcp_l3mdev_accept = 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/30/22 6:42 PM, Jakub Kicinski wrote:
> Adding netfilter and vrf experts.
> 
> On Wed, 28 Sep 2022 16:02:43 +0200 Maximilien Cuony wrote:
>> Hello,
>>
>> We're using VRF with a machine used as a router and have a specific 
>> issue where the router doesn't handle his own packets correctly during 
>> NATing if the packet is coming from a different VRF.
>>
>> We had the issue with debian buster (4.19), but the issue solved itself 
>> when we updated to debian bullseye (5.10.92).
>>
>> However, during an upgrade of debian bullseye to the latest kernel, the 
>> issue appeared again (5.10.140).
>>
>> We did a bisection and this leaded us to 
>> "b0d67ef5b43aedbb558b9def2da5b4fffeb19966 net: allow unbound socket for 
>> packets in VRF when tcp_l3mdev_accept set [ Upstream commit 
>> 944fd1aeacb627fa617f85f8e5a34f7ae8ea4d8e ]".
>>

This is the discussion that led up to that commit:

https://lore.kernel.org/netdev/940fa370-08ce-1d39-d5cc-51de8e853b47@xxxxxxxxx/

In short, users complained of the opposite problem.

Not sure how we can appease both wants.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux