diff options
Diffstat (limited to 'target/linux/generic/hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch')
| -rw-r--r-- | target/linux/generic/hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/target/linux/generic/hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch b/target/linux/generic/hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch index 2d3fe01a75..c368c4ae3b 100644 --- a/target/linux/generic/hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch +++ b/target/linux/generic/hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch @@ -109,7 +109,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> __u8 invert; --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c -@@ -24,12 +24,13 @@ MODULE_ALIAS("ipt_connmark"); +@@ -24,13 +24,13 @@ MODULE_ALIAS("ipt_connmark"); MODULE_ALIAS("ip6t_connmark"); static unsigned int @@ -120,20 +120,22 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> u_int32_t new_targetmark; struct nf_conn *ct; u_int32_t newmark; +- u_int32_t oldmark; + u_int8_t dscp; ct = nf_ct_get(skb, &ctinfo); if (ct == NULL) -@@ -37,12 +38,24 @@ connmark_tg_shift(struct sk_buff *skb, c +@@ -38,13 +38,24 @@ connmark_tg_shift(struct sk_buff *skb, c switch (info->mode) { case XT_CONNMARK_SET: -- newmark = (ct->mark & ~info->ctmask) ^ info->ctmark; +- oldmark = READ_ONCE(ct->mark); +- newmark = (oldmark & ~info->ctmask) ^ info->ctmark; - if (info->shift_dir == D_SHIFT_RIGHT) - newmark >>= info->shift_bits; - else - newmark <<= info->shift_bits; -+ newmark = ct->mark; ++ newmark = READ_ONCE(ct->mark); + if (info->func & XT_CONNMARK_VALUE) { + newmark = (newmark & ~info->ctmask) ^ info->ctmark; + if (info->shift_dir == D_SHIFT_RIGHT) @@ -151,10 +153,10 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> + newmark = (newmark & ~info->ctmark) | + (info->ctmask | (dscp << info->shift_bits)); + } - if (ct->mark != newmark) { - ct->mark = newmark; + if (READ_ONCE(ct->mark) != newmark) { + WRITE_ONCE(ct->mark, newmark); nf_conntrack_event_cache(IPCT_MARK, ct); -@@ -81,20 +94,36 @@ static unsigned int +@@ -83,20 +94,36 @@ static unsigned int connmark_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_connmark_tginfo1 *info = par->targinfo; @@ -193,7 +195,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> return connmark_tg_shift(skb, info); } -@@ -165,6 +194,16 @@ static struct xt_target connmark_tg_reg[ +@@ -167,6 +194,16 @@ static struct xt_target connmark_tg_reg[ .targetsize = sizeof(struct xt_connmark_tginfo2), .destroy = connmark_tg_destroy, .me = THIS_MODULE, |