kernel: port another missing upstream change to xt_FLOWOFFLOAD on 4.19

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2019-09-25 14:09:45 +02:00
parent b2c55d50f8
commit a438eac9ac

View File

@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null --- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c +++ b/net/netfilter/xt_FLOWOFFLOAD.c
@@ -0,0 +1,383 @@ @@ -0,0 +1,387 @@
+/* +/*
+ * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name> + * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
+ * + *
@ -344,13 +344,13 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par) +flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par)
+{ +{
+ const struct xt_flowoffload_target_info *info = par->targinfo; + const struct xt_flowoffload_target_info *info = par->targinfo;
+ struct tcphdr _tcph, *tcph = NULL;
+ enum ip_conntrack_info ctinfo; + enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir; + enum ip_conntrack_dir dir;
+ struct nf_flow_route route; + struct nf_flow_route route;
+ struct flow_offload *flow; + struct flow_offload *flow;
+ struct nf_conn *ct; + struct nf_conn *ct;
+ struct net *net; + struct net *net;
+ bool is_tcp = false;
+ +
+ if (xt_flowoffload_skip(skb, xt_family(par))) + if (xt_flowoffload_skip(skb, xt_family(par)))
+ return XT_CONTINUE; + return XT_CONTINUE;
@ -363,7 +363,11 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+ case IPPROTO_TCP: + case IPPROTO_TCP:
+ if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) + if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
+ return XT_CONTINUE; + return XT_CONTINUE;
+ is_tcp = true; +
+ tcph = skb_header_pointer(skb, par->thoff,
+ sizeof(_tcph), &_tcph);
+ if (unlikely(!tcph || tcph->fin || tcph->rst))
+ return XT_CONTINUE;
+ break; + break;
+ case IPPROTO_UDP: + case IPPROTO_UDP:
+ break; + break;
@ -393,7 +397,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+ if (!flow) + if (!flow)
+ goto err_flow_alloc; + goto err_flow_alloc;
+ +
+ if (is_tcp) { + if (tcph) {
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; + ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; + ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ } + }