aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2015-03-20 22:13:34 +0000
committerFelix Fietkau <nbd@openwrt.org>2015-03-20 22:13:34 +0000
commit13954e18579b10072e9e1d03761f10070a2ee4a0 (patch)
tree43e6f462c95726d6e7da7511f8b3247c32d12716
parent6fa31d3efec5b386b18ce93dc74fa760538f7e64 (diff)
downloadupstream-13954e18579b10072e9e1d03761f10070a2ee4a0.tar.gz
upstream-13954e18579b10072e9e1d03761f10070a2ee4a0.tar.bz2
upstream-13954e18579b10072e9e1d03761f10070a2ee4a0.zip
kernel: fix ipsec related regression in the netfilter rtcache patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44913 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch6
-rw-r--r--target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch6
-rw-r--r--target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch6
-rw-r--r--target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch6
4 files changed, 20 insertions, 4 deletions
diff --git a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
index ebe573f576..104a82cfd2 100644
--- a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,386 @@
+@@ -0,0 +1,390 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
++ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
++ if (dst && dst_xfrm(dst))
++ return NF_ACCEPT;
++
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;
diff --git a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
index 61a1411e4e..9f23db6a79 100644
--- a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
++ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
++ if (dst && dst_xfrm(dst))
++ return NF_ACCEPT;
++
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;
diff --git a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
index 347bfaf1f6..f4783fd381 100644
--- a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
++ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
++ if (dst && dst_xfrm(dst))
++ return NF_ACCEPT;
++
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;
diff --git a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
index 347bfaf1f6..f4783fd381 100644
--- a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
++ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
++ if (dst && dst_xfrm(dst))
++ return NF_ACCEPT;
++
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;