From cc968a5b63d22c3c5ea4fb4b3611ee7baff1127f Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 23 Mar 2023 21:44:10 +0100
Subject: [PATCH] kernel: enable conntrack counter updates for iptables
 xt_FLOWOFFLOAD

Ensures that packet/byte counters in /proc/net/nf_conntrack are updated

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 .../650-netfilter-add-xt_FLOWOFFLOAD-target.patch         | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index b9adb545f..aa6c66855 100644
--- a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,696 @@
+@@ -0,0 +1,698 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@@ -293,11 +293,12 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +			  struct flow_offload *flow, void *data)
 +{
 +	struct xt_flowoffload_table *table;
-+	table = container_of(flowtable, struct xt_flowoffload_table, ft);
 +	struct flow_offload_tuple *tuple0 = &flow->tuplehash[0].tuple;
 +	struct flow_offload_tuple *tuple1 = &flow->tuplehash[1].tuple;
 +	struct xt_flowoffload_hook *hook;
 +
++	table = container_of(flowtable, struct xt_flowoffload_table, ft);
++
 +	spin_lock_bh(&hooks_lock);
 +	hlist_for_each_entry(hook, &table->hooks, list) {
 +		if (hook->ops.dev->ifindex != tuple0->iifidx &&
@@ -751,6 +752,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +{
 +	INIT_DELAYED_WORK(&tbl->work, xt_flowoffload_hook_work);
 +	tbl->ft.type = &flowtable_inet;
++	tbl->ft.flags = NF_FLOWTABLE_COUNTER;
 +
 +	return nf_flow_table_init(&tbl->ft);
 +}
@@ -769,7 +771,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (ret)
 +		goto cleanup;
 +
-+	flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD;
++	flowtable[1].ft.flags |= NF_FLOWTABLE_HW_OFFLOAD;
 +
 +	ret = xt_register_target(&offload_tg_reg);
 +	if (ret)