On Wed, May 03, 2023 at 07:33:35PM +0800, Rvfg wrote:
>
>
> On 5/3/23 16:19, Florian Westphal wrote:
> > Thanks, the BREAK in the referenced patch is the problem.
> >
> > Please give this fix a try:
> >
> > diff --git a/net/netfilter/nft_ct_fast.c b/net/netfilter/nft_ct_fast.c
> > --- a/net/netfilter/nft_ct_fast.c
> > +++ b/net/netfilter/nft_ct_fast.c
> > @@ -15,10 +15,6 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr,
> > unsigned int state;
> > ct = nf_ct_get(pkt->skb, &ctinfo);
> > - if (!ct) {
> > - regs->verdict.code = NFT_BREAK;
> > - return;
> > - }
> > switch (priv->key) {
> > case NFT_CT_STATE:
> > @@ -30,6 +26,16 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr,
> > state = NF_CT_STATE_INVALID_BIT;
> > *dest = state;
> > return;
> > + default:
> > + break;
> > + }
> > +
> > + if (!ct) {
> > + regs->verdict.code = NFT_BREAK;
> > + return;
> > + }
> > +
> > + switch (priv->key) {
> > case NFT_CT_DIRECTION:
> > nft_reg_store8(dest, CTINFO2DIR(ctinfo));
> > return;
>
> This patch fixed my problem on 6.3.0 kernel. Thank you!
I don't see this patch in 6.3.2. Is it in the queue anywhere?
Cheers ... Duncan.
