diff options
author | Felix Fietkau <nbd@openwrt.org> | 2015-03-20 22:13:34 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2015-03-20 22:13:34 +0000 |
commit | db3b862d1cbfa2bca49b41384870fd2d1f55bd41 (patch) | |
tree | ea7e99ee4df8047e30da471c980eb9a15b166da9 | |
parent | 34eb384597a628350a7db75ae62bd580bd341c36 (diff) | |
download | upstream-db3b862d1cbfa2bca49b41384870fd2d1f55bd41.tar.gz upstream-db3b862d1cbfa2bca49b41384870fd2d1f55bd41.tar.bz2 upstream-db3b862d1cbfa2bca49b41384870fd2d1f55bd41.zip |
kernel: fix ipsec related regression in the netfilter rtcache patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 44913
4 files changed, 20 insertions, 4 deletions
diff --git a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch index ebe573f576..104a82cfd2 100644 --- a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,386 @@ +@@ -0,0 +1,390 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch index 61a1411e4e..9f23db6a79 100644 --- a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch index 347bfaf1f6..f4783fd381 100644 --- a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch index 347bfaf1f6..f4783fd381 100644 --- a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; |