diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2022-03-05 19:08:27 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-08-14 00:29:20 +0200 |
| commit | 6c901ec97d73a7835c2bb7525e51cc3d3614f344 (patch) | |
| tree | f6c40f3a1f677c49855e17a4b28a53690fb48672 /target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch | |
| parent | 6a638c134d790413ea2c6976caaa89f73375310c (diff) | |
| download | upstream-6c901ec97d73a7835c2bb7525e51cc3d3614f344.tar.gz upstream-6c901ec97d73a7835c2bb7525e51cc3d3614f344.tar.bz2 upstream-6c901ec97d73a7835c2bb7525e51cc3d3614f344.zip | |
kernel: Backport upstream flowtable patches from 5.15
This backports some patches from kernel 5.15 to fix issues with
flowtable offloading in kernel 5.10. OpenWrt backports most of the
patches related to flowtable offloading from kernel 5.15 already, but we
are missing some of the extra fixes.
This fixes some connection tracking problems when a flow gets removed
from the offload and added to the normal SW path again.
The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was
extended manually with the nf_conntrack_tcp_established() function.
All changes are already included in kernel 5.15.
Fixes: #8776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 96ef2dabce1a5f102d53a15f33383193b47fd297)
Diffstat (limited to 'target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch')
| -rw-r--r-- | target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch b/target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch new file mode 100644 index 0000000000..72accec50c --- /dev/null +++ b/target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch @@ -0,0 +1,47 @@ +From 92fb15513edc6ae1eb51f717e70d4d3d538c2d09 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Mon, 19 Jul 2021 18:04:01 +0200 +Subject: [PATCH] netfilter: flowtable: remove nf_ct_l4proto_find() call + +TCP and UDP are built-in conntrack protocol trackers and the flowtable +only supports for TCP and UDP, remove this call. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + net/netfilter/nf_flow_table_core.c | 10 ---------- + 1 file changed, 10 deletions(-) + +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -180,15 +180,10 @@ static void flow_offload_fixup_tcp(struc + + static void flow_offload_fixup_ct_timeout(struct nf_conn *ct) + { +- const struct nf_conntrack_l4proto *l4proto; + struct net *net = nf_ct_net(ct); + int l4num = nf_ct_protonum(ct); + unsigned int timeout; + +- l4proto = nf_ct_l4proto_find(l4num); +- if (!l4proto) +- return; +- + if (l4num == IPPROTO_TCP) { + struct nf_tcp_net *tn = nf_tcp_pernet(net); + +@@ -273,15 +268,10 @@ static const struct rhashtable_params nf + + unsigned long flow_offload_get_timeout(struct flow_offload *flow) + { +- const struct nf_conntrack_l4proto *l4proto; + unsigned long timeout = NF_FLOW_TIMEOUT; + struct net *net = nf_ct_net(flow->ct); + int l4num = nf_ct_protonum(flow->ct); + +- l4proto = nf_ct_l4proto_find(l4num); +- if (!l4proto) +- return timeout; +- + if (l4num == IPPROTO_TCP) { + struct nf_tcp_net *tn = nf_tcp_pernet(net); + |