kernel: fix regression on 4.19 with 613-netfilter_optional_tcp_window_check.patch (FS#2253)

Since ct->proto.tcp.last_win isn't updated when nf_ct_tcp_no_window_check is
enabled, the retransmission timeout check needs to be bypassed.

Based on patch by Rob Mosher

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 9 insertions, 0 deletions

diff --git a/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch b/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch
index aa53309394..2bc48f87cf 100644
--- a/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch
+++ b/target/linux/generic/pending-4.19/613-netfilter_optional_tcp_window_check.patch
@@ -28,6 +28,15 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	/*
  	 * Get the required data from the packet.
  	 */
+@@ -1057,7 +1063,7 @@ static int tcp_packet(struct nf_conn *ct
+ 		 IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED &&
+ 		 timeouts[new_state] > timeouts[TCP_CONNTRACK_UNACK])
+ 		timeout = timeouts[TCP_CONNTRACK_UNACK];
+-	else if (ct->proto.tcp.last_win == 0 &&
++	else if (!nf_ct_tcp_no_window_check && ct->proto.tcp.last_win == 0 &&
+ 		 timeouts[new_state] > timeouts[TCP_CONNTRACK_RETRANS])
+ 		timeout = timeouts[TCP_CONNTRACK_RETRANS];
+ 	else
 @@ -1506,6 +1512,13 @@ static struct ctl_table tcp_sysctl_table
  		.mode		= 0644,
  		.proc_handler	= proc_dointvec,