kernel: backport netfilter NAT offload support to 4.14

This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 22 insertions, 0 deletions

diff --git a/target/linux/generic/backport-4.14/358-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch
new file mode 100644
index 0000000000..d4b746d0e9
--- /dev/null
+++ b/target/linux/generic/backport-4.14/358-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch
@@ -0,0 +1,22 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 20 Feb 2018 14:48:51 +0100
+Subject: [PATCH] netfilter: nf_flow_table: fix priv pointer for netdev hook
+
+The offload ip hook expects a pointer to the flowtable, not to the
+rhashtable. Since the rhashtable is the first member, this is safe for
+the moment, but breaks as soon as the structure layout changes
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -4879,7 +4879,7 @@ static int nf_tables_flowtable_parse_hoo
+ 		flowtable->ops[i].pf		= NFPROTO_NETDEV;
+ 		flowtable->ops[i].hooknum	= hooknum;
+ 		flowtable->ops[i].priority	= priority;
+-		flowtable->ops[i].priv		= &flowtable->data.rhashtable;
++		flowtable->ops[i].priv		= &flowtable->data;
+ 		flowtable->ops[i].hook		= flowtable->data.type->hook;
+ 		flowtable->ops[i].dev		= dev_array[i];
+ 	}