mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-16 14:23:38 +00:00
coolsnowwolf
parent
d75705cfc4
commit
f903cc8970
@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
||||
--- /dev/null
|
||||
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
||||
@@ -0,0 +1,698 @@
|
||||
@@ -0,0 +1,696 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
|
||||
+ *
|
||||
@ -622,8 +622,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
+ if (!flow)
|
||||
+ goto err_flow_alloc;
|
||||
+
|
||||
+ if (flow_offload_route_init(flow, &route) < 0)
|
||||
+ goto err_flow_add;
|
||||
+ flow_offload_route_init(flow, &route);
|
||||
+
|
||||
+ if (tcph) {
|
||||
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||
@ -642,13 +641,12 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
+ xt_flowoffload_check_device(table, devs[0]);
|
||||
+ xt_flowoffload_check_device(table, devs[1]);
|
||||
+
|
||||
+ dst_release(route.tuple[!dir].dst);
|
||||
+
|
||||
+ return XT_CONTINUE;
|
||||
+
|
||||
+err_flow_add:
|
||||
+ flow_offload_free(flow);
|
||||
+err_flow_alloc:
|
||||
+ dst_release(route.tuple[dir].dst);
|
||||
+ dst_release(route.tuple[!dir].dst);
|
||||
+err_flow_route:
|
||||
+ clear_bit(IPS_OFFLOAD_BIT, &ct->status);
|
||||
|
||||
@ -59,7 +59,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
||||
--- /dev/null
|
||||
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
||||
@@ -0,0 +1,698 @@
|
||||
@@ -0,0 +1,697 @@
|
||||
+/*
|
||||
+ * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
|
||||
+ *
|
||||
@ -583,8 +583,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
+ if (!flow)
|
||||
+ goto err_flow_alloc;
|
||||
+
|
||||
+ if (flow_offload_route_init(flow, &route) < 0)
|
||||
+ goto err_flow_add;
|
||||
+ flow_offload_route_init(flow, &route);
|
||||
+
|
||||
+ if (tcph) {
|
||||
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||
@ -597,19 +596,19 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
+ if (!net)
|
||||
+ write_pnet(&table->ft.net, xt_net(par));
|
||||
+
|
||||
+ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
|
||||
+ if (flow_offload_add(&table->ft, flow) < 0)
|
||||
+ goto err_flow_add;
|
||||
+
|
||||
+ xt_flowoffload_check_device(table, devs[0]);
|
||||
+ xt_flowoffload_check_device(table, devs[1]);
|
||||
+
|
||||
+ dst_release(route.tuple[!dir].dst);
|
||||
+
|
||||
+ return XT_CONTINUE;
|
||||
+
|
||||
+err_flow_add:
|
||||
+ flow_offload_free(flow);
|
||||
+err_flow_alloc:
|
||||
+ dst_release(route.tuple[dir].dst);
|
||||
+ dst_release(route.tuple[!dir].dst);
|
||||
+err_flow_route:
|
||||
+ clear_bit(IPS_OFFLOAD_BIT, &ct->status);
|
||||
|
||||
@ -0,0 +1,24 @@
|
||||
From: Felix Fietkau <nbd@nbd.name>
|
||||
Date: Wed, 14 Feb 2024 15:24:41 +0100
|
||||
Subject: [PATCH] netfilter: nf_tables: fix bidirectional offload regression
|
||||
|
||||
Commit 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
|
||||
made unidirectional flow offload possible, while completely ignoring (and
|
||||
breaking) bidirectional flow offload for nftables.
|
||||
Add the missing flag that was left out as an exercise for the reader :)
|
||||
|
||||
Cc: Vlad Buslov <vladbu@nvidia.com>
|
||||
Fixes: 8f84780b84d6 ("netfilter: flowtable: allow unidirectional rules")
|
||||
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
---
|
||||
|
||||
--- a/net/netfilter/nft_flow_offload.c
|
||||
+++ b/net/netfilter/nft_flow_offload.c
|
||||
@@ -357,6 +357,7 @@ static void nft_flow_offload_eval(const
|
||||
ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
||||
}
|
||||
|
||||
+ __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
|
||||
ret = flow_offload_add(flowtable, flow);
|
||||
if (ret < 0)
|
||||
goto err_flow_add;
|
||||
Loading…
Reference in New Issue
Block a user