diff options
Diffstat (limited to 'target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch')
-rw-r--r-- | target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch b/target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch new file mode 100644 index 0000000000..30cebfac60 --- /dev/null +++ b/target/linux/generic/backport-4.19/361-v4.18-netfilter-nf_flow_table-add-a-new-flow-state-for-tea.patch @@ -0,0 +1,83 @@ +From: Felix Fietkau <nbd@nbd.name> +Date: Sun, 25 Feb 2018 15:38:31 +0100 +Subject: [PATCH] netfilter: nf_flow_table: add a new flow state for + tearing down offloading + +Will be used to tear down the offload entry while keeping the conntrack +entry alive. + +Signed-off-by: Felix Fietkau <nbd@nbd.name> +--- + +--- a/include/net/netfilter/nf_flow_table.h ++++ b/include/net/netfilter/nf_flow_table.h +@@ -68,6 +68,7 @@ struct flow_offload_tuple_rhash { + #define FLOW_OFFLOAD_SNAT 0x1 + #define FLOW_OFFLOAD_DNAT 0x2 + #define FLOW_OFFLOAD_DYING 0x4 ++#define FLOW_OFFLOAD_TEARDOWN 0x8 + + struct flow_offload { + struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; +@@ -103,6 +104,7 @@ void nf_flow_table_cleanup(struct net *n + int nf_flow_table_init(struct nf_flowtable *flow_table); + void nf_flow_table_free(struct nf_flowtable *flow_table); + ++void flow_offload_teardown(struct flow_offload *flow); + static inline void flow_offload_dead(struct flow_offload *flow) + { + flow->flags |= FLOW_OFFLOAD_DYING; +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -174,6 +174,12 @@ static void flow_offload_del(struct nf_f + flow_offload_free(flow); + } + ++void flow_offload_teardown(struct flow_offload *flow) ++{ ++ flow->flags |= FLOW_OFFLOAD_TEARDOWN; ++} ++EXPORT_SYMBOL_GPL(flow_offload_teardown); ++ + struct flow_offload_tuple_rhash * + flow_offload_lookup(struct nf_flowtable *flow_table, + struct flow_offload_tuple *tuple) +@@ -226,11 +232,6 @@ static inline bool nf_flow_has_expired(c + return (__s32)(flow->timeout - (u32)jiffies) <= 0; + } + +-static inline bool nf_flow_is_dying(const struct flow_offload *flow) +-{ +- return flow->flags & FLOW_OFFLOAD_DYING; +-} +- + static int nf_flow_offload_gc_step(struct nf_flowtable *flow_table) + { + struct flow_offload_tuple_rhash *tuplehash; +@@ -258,7 +259,8 @@ static int nf_flow_offload_gc_step(struc + flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); + + if (nf_flow_has_expired(flow) || +- nf_flow_is_dying(flow)) ++ (flow->flags & (FLOW_OFFLOAD_DYING | ++ FLOW_OFFLOAD_TEARDOWN))) + flow_offload_del(flow_table, flow); + } + out: +@@ -419,10 +421,14 @@ static void nf_flow_table_do_cleanup(str + { + struct net_device *dev = data; + +- if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) ++ if (!dev) { ++ flow_offload_teardown(flow); + return; ++ } + +- flow_offload_dead(flow); ++ if (flow->tuplehash[0].tuple.iifidx == dev->ifindex || ++ flow->tuplehash[1].tuple.iifidx == dev->ifindex) ++ flow_offload_dead(flow); + } + + static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, |