FS#3200 - Software flowoffload doesn't work with marked packets #8028
Labels
flyspray
kernel
pull request/issue with Linux kernel related changes
release/19.07
pull request/issue targeted (also) for OpenWrt 19.07 release
sgolod:
Software offload doesn't work when custom routing table used:
How to examine:
create ipset
ipset create IPNET hash:net
ipset add IPNET 139.59.209.225/32
check ipset
ipset list IPNET
...
Number of entries: 1
Members:
139.59.209.225
mark packets with dst to IPNET
iptables -t mangle -A PREROUTING -i br-lan -m set --match-set IPNET dst -j MARK --set-mark 0x1111
iptables -t mangle -A OUTPUT -m set --match-set IPNET dst -j MARK --set-mark 0x1111
add custom routing table for marked packets
ip ru add fwmark 0x1111 lookup 8888 prio 10000
add route for custom table 8888
ip route add default via 192.168.30.1 table 8888
enable flow offload in /etc/config/firewall
config defaults
....
option flow_offloading '1'
/etc/init.d/firewall reload
check iptables:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 1947 forwarding_rule all -- any any anywhere anywhere /* !fw3: Custom forwarding rule chain /
22 1819 FLOWOFFLOAD all -- any any anywhere anywhere / !fw3: Traffic offloading / ctstate RELATED,ESTABLISHED FLOWOFFLOAD
22 1819 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED / !fw3 /
2 128 zone_lan_forward all -- br-lan any anywhere anywhere / !fw3 /
0 0 zone_wan_forward all -- pppoe-wan any anywhere anywhere / !fw3 /
0 0 zone_wan_forward all -- l2tpv3-hetzner any anywhere anywhere / !fw3 /
0 0 zone_wan_forward all -- wg0 any anywhere anywhere / !fw3 /
0 0 reject all -- any any anywhere anywhere / !fw3 */
But packets with RELATED,ESTABLISHED don't use custom routing (it seems what flowoffload don't remember custom routing and try to send packets on table main). When I add manually custom route to main table - flow offload work again
The text was updated successfully, but these errors were encountered: