diff options
4 files changed, 20 insertions, 4 deletions
diff --git a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch index ebe573f576..104a82cfd2 100644 --- a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,386 @@ +@@ -0,0 +1,390 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch index 61a1411e4e..9f23db6a79 100644 --- a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch index 347bfaf1f6..f4783fd381 100644 --- a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch index 347bfaf1f6..f4783fd381 100644 --- a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de> obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de> + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; |