diff options
| author | Felix Fietkau <nbd@nbd.name> | 2019-01-31 18:26:30 +0100 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2019-02-09 14:37:30 +0100 |
| commit | 945bcaf6ec0f32bfe8949601e82cb146e7f90660 (patch) | |
| tree | 503635d4a015543bd2f1b61c007095adb2a7e4e2 /target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch | |
| parent | 33b690216e766f2157871aa64190f9bb72334049 (diff) | |
| download | upstream-945bcaf6ec0f32bfe8949601e82cb146e7f90660.tar.gz upstream-945bcaf6ec0f32bfe8949601e82cb146e7f90660.tar.bz2 upstream-945bcaf6ec0f32bfe8949601e82cb146e7f90660.zip | |
kernel: fold xt_FLOWOFFLOAD fixes into the main patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch')
| -rw-r--r-- | target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch b/target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch deleted file mode 100644 index 1afa3e3c1d..0000000000 --- a/target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch +++ /dev/null @@ -1,51 +0,0 @@ -From addf8974ce9987e2946e04624fe806a98390786e Mon Sep 17 00:00:00 2001 -From: HsiuWen Yen <y.hsiuwen@gmail.com> -Date: Wed, 30 Jan 2019 11:45:25 +0800 -Subject: [PATCH] fix checking method of conntrack helper - -This patch uses nfct_help() to detect whether an established connection -needs conntrack helper instead of using test_bit(IPS_HELPER_BIT, -&ct->status). - -The reason for this modification is that IPS_HELPER_BIT is only set when -the conntrack helper is attached by explicit CT target. - -However, in the case that a device enables conntrack helper via the other -ways (e.g., command "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper") -, the status of IPS_HELPER_BIT will not present any change. That means the -IPS_HELPER_BIT might lose the checking ability in the context. - -Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com> ---- - net/netfilter/xt_FLOWOFFLOAD.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - ---- a/net/netfilter/xt_FLOWOFFLOAD.c -+++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -12,6 +12,7 @@ - #include <net/ip.h> - #include <net/netfilter/nf_conntrack.h> - #include <net/netfilter/nf_flow_table.h> -+#include <net/netfilter/nf_conntrack_helper.h> - - static struct nf_flowtable nf_flowtable; - static HLIST_HEAD(hooks); -@@ -245,6 +246,7 @@ flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par) - struct nf_flow_route route; - struct flow_offload *flow; - struct nf_conn *ct; -+ const struct nf_conn_help *help; - - if (xt_flowoffload_skip(skb)) - return XT_CONTINUE; -@@ -264,7 +266,8 @@ flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par) - return XT_CONTINUE; - } - -- if (test_bit(IPS_HELPER_BIT, &ct->status)) -+ help = nfct_help(ct); -+ if (help) - return XT_CONTINUE; - - if (ctinfo == IP_CT_NEW || - |