diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2022-03-05 19:08:27 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-08-14 00:29:20 +0200 |
| commit | 6c901ec97d73a7835c2bb7525e51cc3d3614f344 (patch) | |
| tree | f6c40f3a1f677c49855e17a4b28a53690fb48672 /target/linux/generic/pending-5.10 | |
| parent | 6a638c134d790413ea2c6976caaa89f73375310c (diff) | |
| download | upstream-6c901ec97d73a7835c2bb7525e51cc3d3614f344.tar.gz upstream-6c901ec97d73a7835c2bb7525e51cc3d3614f344.tar.bz2 upstream-6c901ec97d73a7835c2bb7525e51cc3d3614f344.zip | |
kernel: Backport upstream flowtable patches from 5.15
This backports some patches from kernel 5.15 to fix issues with
flowtable offloading in kernel 5.10. OpenWrt backports most of the
patches related to flowtable offloading from kernel 5.15 already, but we
are missing some of the extra fixes.
This fixes some connection tracking problems when a flow gets removed
from the offload and added to the normal SW path again.
The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was
extended manually with the nf_conntrack_tcp_established() function.
All changes are already included in kernel 5.15.
Fixes: #8776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 96ef2dabce1a5f102d53a15f33383193b47fd297)
Diffstat (limited to 'target/linux/generic/pending-5.10')
2 files changed, 3 insertions, 3 deletions
diff --git a/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch b/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch index 4cf07a3e2c..458b6761bc 100644 --- a/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch +++ b/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch @@ -49,7 +49,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> static bool enable_hooks __read_mostly; MODULE_PARM_DESC(enable_hooks, "Always enable conntrack hooks"); module_param(enable_hooks, bool, 0000); -@@ -660,6 +663,7 @@ enum nf_ct_sysctl_index { +@@ -658,6 +661,7 @@ enum nf_ct_sysctl_index { NF_SYSCTL_CT_PROTO_TIMEOUT_GRE_STREAM, #endif @@ -57,7 +57,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> __NF_SYSCTL_CT_LAST_SYSCTL, }; -@@ -1014,6 +1018,13 @@ static struct ctl_table nf_ct_sysctl_tab +@@ -1000,6 +1004,13 @@ static struct ctl_table nf_ct_sysctl_tab .proc_handler = proc_dointvec_jiffies, }, #endif diff --git a/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch b/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch index c15f090f71..67a72f825a 100644 --- a/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch +++ b/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -331,8 +331,10 @@ void flow_offload_refresh(struct nf_flow +@@ -318,8 +318,10 @@ void flow_offload_refresh(struct nf_flow u32 timeout; timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow); |