diff options
| author | Dudu Lu <phx0fer@gmail.com> | 2026-04-13 14:00:41 +0300 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2026-04-16 14:13:03 +0300 |
| commit | f9e40664706927d7ae22a448a3383e23c38a4c0b (patch) | |
| tree | 722993b3a92daeffc1f838aa068b8950a9ae2017 /include/linux/timerqueue.h | |
| parent | df4601653201de21b487c3e7fffd464790cab808 (diff) | |
| download | linux-f9e40664706927d7ae22a448a3383e23c38a4c0b.tar.xz | |
net/sched: sch_cake: fix NAT destination port not being updated in cake_update_flowkeys
cake_update_flowkeys() is supposed to update the flow dissector keys
with the NAT-translated addresses and ports from conntrack, so that
CAKE's per-flow fairness correctly identifies post-NAT flows as
belonging to the same connection.
For the source port, this works correctly:
keys->ports.src = port;
But for the destination port, the assignment is reversed:
port = keys->ports.dst;
This means the NAT destination port is never updated in the flow keys.
As a result, when multiple connections are NATed to the same destination,
CAKE treats them as separate flows because the original (pre-NAT)
destination ports differ. This breaks CAKE's NAT-aware flow isolation
when using the "nat" mode.
The bug was introduced in commit b0c19ed6088a ("sch_cake: Take advantage
of skb->hash where appropriate") which refactored the original direct
assignment into a compare-and-conditionally-update pattern, but wrote
the destination port update backwards.
Fix by reversing the assignment direction to match the source port
pattern.
Fixes: b0c19ed6088a ("sch_cake: Take advantage of skb->hash where appropriate")
Signed-off-by: Dudu Lu <phx0fer@gmail.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Link: https://patch.msgid.link/20260413110041.44704-1-phx0fer@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'include/linux/timerqueue.h')
0 files changed, 0 insertions, 0 deletions