aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2018-03-13 09:16:20 +0100
committerFelix Fietkau <nbd@nbd.name>2018-03-23 20:56:34 +0100
commit2c7b0e9f31630c97f4864ee729be64a2b7ba98e4 (patch)
treecc2b3ab59a13ab5072d74c6ea14d9f8f8f9f7524
parentaf3a9566fe83dbfad6d587a4000b264d315d9374 (diff)
downloadupstream-2c7b0e9f31630c97f4864ee729be64a2b7ba98e4.tar.gz
upstream-2c7b0e9f31630c97f4864ee729be64a2b7ba98e4.tar.bz2
upstream-2c7b0e9f31630c97f4864ee729be64a2b7ba98e4.zip
kernel: flow-offload: only offload connections that have been fully established
Signed-off-by: Felix Fietkau <nbd@nbd.name>
-rw-r--r--target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch5
1 files changed, 4 insertions, 1 deletions
diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
index 40f89d4d91..5c40961c37 100644
--- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,335 @@
+@@ -0,0 +1,338 @@
+/*
+ * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
+ *
@@ -337,6 +337,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+
+ switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) {
+ case IPPROTO_TCP:
++ if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
++ return XT_CONTINUE;
++ break;
+ case IPPROTO_UDP:
+ break;
+ default: