Conntrack bridge only tracks untagged and 802.1q. To make the bridge-fastpath experience more similar to the forward-fastpath experience, add double vlan, pppoe and pppoe-in-q tagged packets to bridge conntrack and to bridge filter chain.
Changes in v11: - nft_do_chain_bridge(): Proper readout of encapsulated proto. - nft_do_chain_bridge(): Use skb_set_network_header() instead of thoff. - removed test script, it is now in separate patch. v10 split from patch-set: bridge-fastpath and related improvements v9 Eric Woudstra (2): netfilter: bridge: Add conntrack double vlan and pppoe netfilter: nft_chain_filter: Add bridge double vlan and pppoe net/bridge/netfilter/nf_conntrack_bridge.c | 83 ++++++++++++++++++---- net/netfilter/nft_chain_filter.c | 37 ++++++++++ 2 files changed, 108 insertions(+), 12 deletions(-) -- 2.47.1
