mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-16 04:13:31 +00:00
coolsnowwolf
parent
d75705cfc4
commit
f903cc8970
@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
||||||
@@ -0,0 +1,698 @@
|
@@ -0,0 +1,696 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
|
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
|
||||||
+ *
|
+ *
|
||||||
@ -622,8 +622,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
+ if (!flow)
|
+ if (!flow)
|
||||||
+ goto err_flow_alloc;
|
+ goto err_flow_alloc;
|
||||||
+
|
+
|
||||||
+ if (flow_offload_route_init(flow, &route) < 0)
|
+ flow_offload_route_init(flow, &route);
|
||||||
+ goto err_flow_add;
|
|
||||||
+
|
+
|
||||||
+ if (tcph) {
|
+ if (tcph) {
|
||||||
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||||
@ -642,13 +641,12 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
+ xt_flowoffload_check_device(table, devs[0]);
|
+ xt_flowoffload_check_device(table, devs[0]);
|
||||||
+ xt_flowoffload_check_device(table, devs[1]);
|
+ xt_flowoffload_check_device(table, devs[1]);
|
||||||
+
|
+
|
||||||
+ dst_release(route.tuple[!dir].dst);
|
|
||||||
+
|
|
||||||
+ return XT_CONTINUE;
|
+ return XT_CONTINUE;
|
||||||
+
|
+
|
||||||
+err_flow_add:
|
+err_flow_add:
|
||||||
+ flow_offload_free(flow);
|
+ flow_offload_free(flow);
|
||||||
+err_flow_alloc:
|
+err_flow_alloc:
|
||||||
|
+ dst_release(route.tuple[dir].dst);
|
||||||
+ dst_release(route.tuple[!dir].dst);
|
+ dst_release(route.tuple[!dir].dst);
|
||||||
+err_flow_route:
|
+err_flow_route:
|
||||||
+ clear_bit(IPS_OFFLOAD_BIT, &ct->status);
|
+ clear_bit(IPS_OFFLOAD_BIT, &ct->status);
|
||||||
|
|||||||
@ -59,7 +59,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
||||||
@@ -0,0 +1,698 @@
|
@@ -0,0 +1,697 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
|
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
|
||||||
+ *
|
+ *
|
||||||
@ -583,8 +583,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
+ if (!flow)
|
+ if (!flow)
|
||||||
+ goto err_flow_alloc;
|
+ goto err_flow_alloc;
|
||||||
+
|
+
|
||||||
+ if (flow_offload_route_init(flow, &route) < 0)
|
+ flow_offload_route_init(flow, &route);
|
||||||
+ goto err_flow_add;
|
|
||||||
+
|
+
|
||||||
+ if (tcph) {
|
+ if (tcph) {
|
||||||
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||||
@ -597,19 +596,19 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
+ if (!net)
|
+ if (!net)
|
||||||
+ write_pnet(&table->ft.net, xt_net(par));
|
+ write_pnet(&table->ft.net, xt_net(par));
|
||||||
+
|
+
|
||||||
|
+ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
|
||||||
+ if (flow_offload_add(&table->ft, flow) < 0)
|
+ if (flow_offload_add(&table->ft, flow) < 0)
|
||||||
+ goto err_flow_add;
|
+ goto err_flow_add;
|
||||||
+
|
+
|
||||||
+ xt_flowoffload_check_device(table, devs[0]);
|
+ xt_flowoffload_check_device(table, devs[0]);
|
||||||
+ xt_flowoffload_check_device(table, devs[1]);
|
+ xt_flowoffload_check_device(table, devs[1]);
|
||||||
+
|
+
|
||||||
+ dst_release(route.tuple[!dir].dst);
|
|
||||||
+
|
|
||||||
+ return XT_CONTINUE;
|
+ return XT_CONTINUE;
|
||||||
+
|
+
|
||||||
+err_flow_add:
|
+err_flow_add:
|
||||||
+ flow_offload_free(flow);
|
+ flow_offload_free(flow);
|
||||||
+err_flow_alloc:
|
+err_flow_alloc:
|
||||||
|
+ dst_release(route.tuple[dir].dst);
|
||||||
+ dst_release(route.tuple[!dir].dst);
|
+ dst_release(route.tuple[!dir].dst);
|
||||||
+err_flow_route:
|
+err_flow_route:
|
||||||
+ clear_bit(IPS_OFFLOAD_BIT, &ct->status);
|
+ clear_bit(IPS_OFFLOAD_BIT, &ct->status);
|
||||||
|
|||||||
@ -0,0 +1,24 @@
|
|||||||
|
From: Felix Fietkau <nbd@nbd.name>
|
||||||
|
Date: Wed, 14 Feb 2024 15:24:41 +0100
|
||||||
|
Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression
|
||||||
|
|
||||||
|
Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
|
||||||
|
made unidirectional flow offload possible, while completely ignoring (and
|
||||||
|
breaking) bidirectional flow offload for nftables.
|
||||||
|
Add the missing flag that was left out as an exercise for the reader :)
|
||||||
|
|
||||||
|
Cc: Vlad Buslov <vladbu@nvidia.com>
|
||||||
|
Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
|
||||||
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
|
---
|
||||||
|
|
||||||
|
--- a/net/netfilter/nft_flow_offload.c
|
||||||
|
+++ b/net/netfilter/nft_flow_offload.c
|
||||||
|
@@ -357,6 +357,7 @@ static void nft_flow_offload_eval(const
|
||||||
|
ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
|
||||||
|
ret = flow_offload_add(flowtable, flow);
|
||||||
|
if (ret < 0)
|
||||||
|
goto err_flow_add;
|
||||||
Loading…
Reference in New Issue
Block a user