diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch')
| -rw-r--r-- | target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch index 53993ffe56..de88825802 100644 --- a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch +++ b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch @@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -925,6 +925,9 @@ static unsigned int early_drop_list(stru +@@ -960,6 +960,9 @@ static unsigned int early_drop_list(stru hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) { tmp = nf_ct_tuplehash_to_ctrack(h); @@ -57,7 +57,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_ct_is_expired(tmp)) { nf_ct_gc_expired(tmp); continue; -@@ -1002,6 +1005,18 @@ static bool gc_worker_can_early_drop(con +@@ -1037,6 +1040,18 @@ static bool gc_worker_can_early_drop(con return false; } @@ -76,7 +76,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void gc_worker(struct work_struct *work) { unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); -@@ -1038,6 +1053,11 @@ static void gc_worker(struct work_struct +@@ -1073,6 +1088,11 @@ static void gc_worker(struct work_struct tmp = nf_ct_tuplehash_to_ctrack(h); scanned++; @@ -90,7 +90,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> expired_count++; --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c -@@ -1120,6 +1120,14 @@ static const struct nla_policy ct_nla_po +@@ -1123,6 +1123,14 @@ static const struct nla_policy ct_nla_po .len = NF_CT_LABELS_MAX_SIZE }, }; @@ -105,7 +105,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int ctnetlink_flush_conntrack(struct net *net, const struct nlattr * const cda[], u32 portid, int report) -@@ -1132,7 +1140,7 @@ static int ctnetlink_flush_conntrack(str +@@ -1135,7 +1143,7 @@ static int ctnetlink_flush_conntrack(str return PTR_ERR(filter); } @@ -114,7 +114,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> portid, report); kfree(filter); -@@ -1178,6 +1186,11 @@ static int ctnetlink_del_conntrack(struc +@@ -1181,6 +1189,11 @@ static int ctnetlink_del_conntrack(struc ct = nf_ct_tuplehash_to_ctrack(h); @@ -124,8 +124,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + } + if (cda[CTA_ID]) { - u_int32_t id = ntohl(nla_get_be32(cda[CTA_ID])); - if (id != (u32)(unsigned long)ct) { + __be32 id = nla_get_be32(cda[CTA_ID]); + --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -305,6 +305,9 @@ static bool tcp_invert_tuple(struct nf_c |