aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2018-06-05 10:16:49 +0200
committerFelix Fietkau <nbd@nbd.name>2018-06-05 10:18:58 +0200
commit2f3b1dddeaef82ed8c69d697570ece5bd903f702 (patch)
tree8dd9937626c0647a6ec65df74e7167a4f6753c3b /target/linux/generic
parent7d8681ccb99730ca0b35a5c341b468a86cadbf35 (diff)
downloadupstream-2f3b1dddeaef82ed8c69d697570ece5bd903f702.tar.gz
upstream-2f3b1dddeaef82ed8c69d697570ece5bd903f702.tar.bz2
upstream-2f3b1dddeaef82ed8c69d697570ece5bd903f702.zip
kernel: backport patch to fix dst handling for offloaded connections
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'target/linux/generic')
-rw-r--r--target/linux/generic/backport-4.14/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch b/target/linux/generic/backport-4.14/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch
new file mode 100644
index 0000000000..35d099097a
--- /dev/null
+++ b/target/linux/generic/backport-4.14/369-v4.18-netfilter-nf_flow_table-attach-dst-to-skbs.patch
@@ -0,0 +1,49 @@
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Wed, 30 May 2018 20:43:15 +0200
+Subject: [PATCH] netfilter: nf_flow_table: attach dst to skbs
+
+Some drivers, such as vxlan and wireguard, use the skb's dst in order to
+determine things like PMTU. They therefore loose functionality when flow
+offloading is enabled. So, we ensure the skb has it before xmit'ing it
+in the offloading path.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+
+--- a/net/netfilter/nf_flow_table_ip.c
++++ b/net/netfilter/nf_flow_table_ip.c
+@@ -220,7 +220,7 @@ nf_flow_offload_ip_hook(void *priv, stru
+ enum flow_offload_tuple_dir dir;
+ struct flow_offload *flow;
+ struct net_device *outdev;
+- const struct rtable *rt;
++ struct rtable *rt;
+ unsigned int thoff;
+ struct iphdr *iph;
+ __be32 nexthop;
+@@ -241,7 +241,7 @@ nf_flow_offload_ip_hook(void *priv, stru
+
+ dir = tuplehash->tuple.dir;
+ flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
+- rt = (const struct rtable *)flow->tuplehash[!dir].tuple.dst_cache;
++ rt = (struct rtable *)flow->tuplehash[!dir].tuple.dst_cache;
+
+ if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
+ (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
+@@ -264,6 +264,7 @@ nf_flow_offload_ip_hook(void *priv, stru
+
+ skb->dev = outdev;
+ nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
++ skb_dst_set_noref(skb, &rt->dst);
+ neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
+
+ return NF_STOLEN;
+@@ -480,6 +481,7 @@ nf_flow_offload_ipv6_hook(void *priv, st
+
+ skb->dev = outdev;
+ nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
++ skb_dst_set_noref(skb, &rt->dst);
+ neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
+
+ return NF_STOLEN;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 08:03:12 +0000