kernel: enable conntrack counter updates for iptables xt_FLOWOFFLOAD

Ensures that packet/byte counters in /proc/net/nf_conntrack are updated Signed-off-by: Felix Fietkau <nbd@nbd.name>
2025-04-16 04:13:31 +00:00 · 2023-03-23 21:44:10 +01:00 · 2023-03-23 21:44:10 +01:00 · cc968a5b63
commit cc968a5b63
parent 3a82ee8b05
1 changed files with 5 additions and 3 deletions
--- a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,696 @@
+@@ -0,0 +1,698 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@ -293,11 +293,12 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +			  struct flow_offload *flow, void *data)
 +{
 +	struct xt_flowoffload_table *table;
-+	table = container_of(flowtable, struct xt_flowoffload_table, ft);
 +	struct flow_offload_tuple *tuple0 = &flow->tuplehash[0].tuple;
 +	struct flow_offload_tuple *tuple1 = &flow->tuplehash[1].tuple;
 +	struct xt_flowoffload_hook *hook;
 +
+	table = container_of(flowtable, struct xt_flowoffload_table, ft);
+
 +	spin_lock_bh(&hooks_lock);
 +	hlist_for_each_entry(hook, &table->hooks, list) {
 +		if (hook->ops.dev->ifindex != tuple0->iifidx &&
@ -751,6 +752,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +{
 +	INIT_DELAYED_WORK(&tbl->work, xt_flowoffload_hook_work);
 +	tbl->ft.type = &flowtable_inet;
+	tbl->ft.flags = NF_FLOWTABLE_COUNTER;
 +
 +	return nf_flow_table_init(&tbl->ft);
 +}
@ -769,7 +771,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (ret)
 +		goto cleanup;
 +
-+	flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD;
+	flowtable[1].ft.flags |= NF_FLOWTABLE_HW_OFFLOAD;
 +
 +	ret = xt_register_target(&offload_tg_reg);
 +	if (ret)