netfilter: nf_conntrack: Add allow_clash to generic protocol handler

[ Upstream commit 8a49fc8d8a3e83dc51ec05bcd4007bdea3c56eec ] The upstream commit, 71d8c47fc653711c41bc3282e5b0e605b3727956 ("netfilter: conntrack: introduce clash resolution on insertion race"), sets allow_clash=true in the UDP/UDPLITE protocol handler but does not set it in the generic protocol handler. As a result, packets composed of connectionless protocols at each layer, such as UDP over IP-in-IP, still drop packets due to conflicts during conntrack insertion. To resolve this, this patch sets allow_clash in the nf_conntrack_l4proto_generic. Signed-off-by: Yuto Hamaguchi <Hamaguchi.Yuto@da.MitsubishiElectric.co.jp> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Yuto Hamaguchi <Hamaguchi.Yuto@da.MitsubishiElectric.co.jp> 2025-12-19 20:53:51 +0900
committer: Sasha Levin <sashal@kernel.org> 2026-03-04 07:20:26 -0500
commit: 0cf4fc3a88ced47b7596370d587303a1de12cc41 (patch)
tree: 9c4bb665c3d736d3bbeb5cef8f5fd5d7a0776e33 /net
parent: 23c6cba4156491cba133b845cc9baa2ac588a24b (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index e831637bc8ca..cb260eb3d012 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -67,6 +67,7 @@ void nf_conntrack_generic_init_net(struct net *net)
 const struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
 {
 	.l4proto		= 255,
+	.allow_clash            = true,
 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= generic_timeout_nlattr_to_obj,
author	Yuto Hamaguchi <Hamaguchi.Yuto@da.MitsubishiElectric.co.jp>	2025-12-19 20:53:51 +0900
committer	Sasha Levin <sashal@kernel.org>	2026-03-04 07:20:26 -0500
commit	0cf4fc3a88ced47b7596370d587303a1de12cc41 (patch)
tree	9c4bb665c3d736d3bbeb5cef8f5fd5d7a0776e33 /net
parent	23c6cba4156491cba133b845cc9baa2ac588a24b (diff)