diff options
author | Felix Fietkau <nbd@nbd.name> | 2018-04-05 19:22:43 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2018-04-05 19:23:46 +0200 |
commit | 1c37cbbbecacbcd624f67ee7c18d76dcb478ba21 (patch) | |
tree | 226e90ee87492e52bf72eb44c2b8c7212dd88b3a | |
parent | 6a621f4bd900b42fb1560691d676d0b3cc51b731 (diff) | |
download | upstream-1c37cbbbecacbcd624f67ee7c18d76dcb478ba21.tar.gz upstream-1c37cbbbecacbcd624f67ee7c18d76dcb478ba21.tar.bz2 upstream-1c37cbbbecacbcd624f67ee7c18d76dcb478ba21.zip |
kernel: fix xtables flow offload issues
- avoid using garbage stack values as dst pointer if lookup fails
- provide the source address for ipv6 dst lookup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
-rw-r--r-- | target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch index a322e605a2..7f78d521f8 100644 --- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch +++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch @@ -70,7 +70,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> help This option adds the flow table core infrastructure. -@@ -959,6 +958,15 @@ config NETFILTER_XT_TARGET_NOTRACK +@@ -968,6 +967,15 @@ config NETFILTER_XT_TARGET_NOTRACK depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_CT @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> depends on NETFILTER_ADVANCED --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -133,6 +133,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF +@@ -134,6 +134,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,364 @@ +@@ -0,0 +1,365 @@ +/* + * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name> + * @@ -295,7 +295,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> +xt_flowoffload_dst(const struct nf_conn *ct, enum ip_conntrack_dir dir, + const struct xt_action_param *par) +{ -+ struct dst_entry *dst; ++ struct dst_entry *dst = NULL; + struct flowi fl; + + memset(&fl, 0, sizeof(fl)); @@ -304,6 +304,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> + fl.u.ip4.daddr = ct->tuplehash[dir].tuple.src.u3.ip; + break; + case NFPROTO_IPV6: ++ fl.u.ip6.saddr = ct->tuplehash[dir].tuple.dst.u3.in6; + fl.u.ip6.daddr = ct->tuplehash[dir].tuple.src.u3.in6; + break; + } |