kernel: add hardware offload patch for flow tables support

Supports offloading through VLAN, bridge and PPPoE devices as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 37 insertions, 0 deletions

diff --git a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
new file mode 100644
index 0000000000..8da15bc336
--- /dev/null
+++ b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
@@ -0,0 +1,37 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sun, 25 Mar 2018 21:10:55 +0200
+Subject: [PATCH] netfilter: nf_flow_table: rework hardware offload timeout
+ handling
+
+Some offload implementations send keepalive packets + explicit
+notifications of TCP FIN/RST packets. In this case it is more convenient
+to simply let the driver update flow->timeout handling and use the
+regular flow offload gc step.
+
+For drivers that manage their own lifetime, a separate flag can be set
+to avoid gc timeouts.
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/include/net/netfilter/nf_flow_table.h
++++ b/include/net/netfilter/nf_flow_table.h
+@@ -76,6 +76,7 @@ struct flow_offload_tuple_rhash {
+ #define FLOW_OFFLOAD_DYING	0x4
+ #define FLOW_OFFLOAD_TEARDOWN	0x8
+ #define FLOW_OFFLOAD_HW		0x10
++#define FLOW_OFFLOAD_KEEP	0x20
+ 
+ struct flow_offload {
+ 	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
+--- a/net/netfilter/nf_flow_table_core.c
++++ b/net/netfilter/nf_flow_table_core.c
+@@ -332,7 +332,7 @@ static int nf_flow_offload_gc_step(struc
+ 		teardown = flow->flags & (FLOW_OFFLOAD_DYING |
+ 					  FLOW_OFFLOAD_TEARDOWN);
+ 
+-		if (nf_flow_in_hw(flow) && !teardown)
++		if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)
+ 			continue;
+ 
+ 		if (nf_flow_has_expired(flow) || teardown)