aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
Commit message (Collapse)AuthorAgeFilesLines
* kernel: generic: Fix nftables inet table breakageBrett Mastbergen2018-09-221-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Commit b7265c59ab7d ("kernel: backport a series of netfilter cleanup patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use- multihook-infrast.patch. That patch switches the netfilter core in the kernel to use the new native NFPROTO_INET support. Unfortunately, the new native NFPROTO_INET support does not exist in 4.14 and was not backported along with this patchset. As such, nftables inet tables never see any traffic. As an example the following nft counter rule should increment for every packet coming into the box, but never will: nft add table inet foo nft add chain inet foo bar { type filter hook input priority 0\; } nft add rule inet foo bar counter This commit pulls in the required backport patches to add the new native NFPROTO_INET support, and thus restore nftables inet table functionality. Tested on Turris Omnia (mvebu) Fixes: b7265c59ab7d ("kernel: backport a series of netfilter cleanup ...") Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
* kernel: bump 4.14 to 4.14.51Kevin Darbyshire-Bryant2018-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Refresh patches. Remove patch that can be reverse applied: mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch Update patch that no longer applied: ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch Compiled-tested-for: lantiq, ramips Run-tested-on: lantiq BT hh5a, ramips MIR3g Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Michael Yartys <michael.yartys@protonmail.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: avoid flow offload for connections with xfrm on the dst entry ↵Felix Fietkau2018-06-131-1/+4
| | | | | | (should fix IPSec) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix xtables flow offload issuesFelix Fietkau2018-04-051-4/+5
| | | | | | | - avoid using garbage stack values as dst pointer if lookup fails - provide the source address for ipv6 dst lookup Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add support for enabling hardware flow offload via iptablesFelix Fietkau2018-04-051-1/+34
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: netfilter: fix dst entries in flowtable offloadFelix Fietkau2018-03-231-11/+22
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix crash in flow offload when removing net devicesFelix Fietkau2018-03-231-3/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: flow-offload: only offload connections that have been fully establishedFelix Fietkau2018-03-231-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix crash in flow offload code when cleaning up unregistered hooksFelix Fietkau2018-02-251-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove nf_flow_table hardware offload patch (it is not ready yet)Felix Fietkau2018-02-251-2/+2
| | | | | | | It also does not have any users yet. It will be addde back when the core API issues have been sorted out Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload supportFelix Fietkau2018-02-211-0/+446
This makes it possible to add an iptables rule that offloads routing/NAT packet processing to a software fast path. This fast path is much quicker than running packets through the regular tables/chains. Requires Linux 4.14 Signed-off-by: Felix Fietkau <nbd@nbd.name>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 03:38:12 +0000