From ee99d86706b50034cab08d2486489a5fd9aa44af Mon Sep 17 00:00:00 2001
From: Federico Cabiddu <fcabiddu@libon.com>
Date: Fri, 3 Apr 2026 12:36:55 +0200
Subject: [PATCH] MT#55283 kernel-module: zero queue_mapping before forwarding
 to fix Cilium throttle drop

Change-Id: Ib559d291023bcb3ca691f0c8bd66a634ed451aff
---
 kernel-module/nft_rtpengine.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/kernel-module/nft_rtpengine.c b/kernel-module/nft_rtpengine.c
index 01e54cf5f..a46c16f75 100644
--- a/kernel-module/nft_rtpengine.c
+++ b/kernel-module/nft_rtpengine.c
@@ -5017,6 +5017,13 @@ static int send_proxy_packet4(struct sk_buff *skb, const struct re_address *src,
 	}
 
 	ip_select_ident(net, skb, NULL);
+	/* Zero queue_mapping: the skb is a copy of the received packet and
+	 * inherits the NIC RX queue index.  On Cilium/GKE DPv2 nodes the
+	 * egress TC BPF program (cil_to_netdev) uses queue_mapping as an EDT
+	 * bandwidth-throttle aggregate key; a non-zero value enters the
+	 * throttle code path which can tail-call into TC_ACT_SHOT when the
+	 * aggregate slot is uninitialised. */
+	skb->queue_mapping = 0;
 	ip_local_out(net, skb->sk, skb);
 
 	return 0;
@@ -5107,6 +5114,9 @@ static int send_proxy_packet6(struct sk_buff *skb, const struct re_address *src,
 		skb->ip_summed = CHECKSUM_COMPLETE;
 	}
 
+	/* Same reasoning as send_proxy_packet4: zero queue_mapping before
+	 * handing the packet to the egress TC BPF program. */
+	skb->queue_mapping = 0;
 	ip6_local_out(net, skb->sk, skb);
 
 	return 0;