On 9/30/22 6:42 PM, Jakub Kicinski wrote: > Adding netfilter and vrf experts. > > On Wed, 28 Sep 2022 16:02:43 +0200 Maximilien Cuony wrote: >> Hello, >> >> We're using VRF with a machine used as a router and have a specific >> issue where the router doesn't handle his own packets correctly during >> NATing if the packet is coming from a different VRF. >> >> We had the issue with debian buster (4.19), but the issue solved itself >> when we updated to debian bullseye (5.10.92). >> >> However, during an upgrade of debian bullseye to the latest kernel, the >> issue appeared again (5.10.140). >> >> We did a bisection and this leaded us to >> "b0d67ef5b43aedbb558b9def2da5b4fffeb19966 net: allow unbound socket for >> packets in VRF when tcp_l3mdev_accept set [ Upstream commit >> 944fd1aeacb627fa617f85f8e5a34f7ae8ea4d8e ]". >> This is the discussion that led up to that commit: https://lore.kernel.org/netdev/940fa370-08ce-1d39-d5cc-51de8e853b47@xxxxxxxxx/ In short, users complained of the opposite problem. Not sure how we can appease both wants.
