aio-3399b/ImmortalWrt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e4977f614f
ImmortalWrt/target/linux/generic/backport-5.10/613-v5.15-01-netfilter-flowtable-remove-nf_ct_l4proto_find-call.patch
Hauke Mehrtens 96ef2dabce kernel: Backport upstream flowtable patches from 5.15 
This backports some patches from kernel 5.15 to fix issues with
flowtable offloading in kernel 5.10. OpenWrt backports most of the
patches related to flowtable offloading from kernel 5.15 already, but we
are missing some of the extra fixes.

This fixes some connection tracking problems when a flow gets removed
from the offload and added to the normal SW path again.

The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was
extended manually with the nf_conntrack_tcp_established() function.

All changes are already included in kernel 5.15.

Fixes: #8776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-12 00:00:13 +02:00

48 lines
1.4 KiB
Diff
Raw Blame History

From 92fb15513edc6ae1eb51f717e70d4d3d538c2d09 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 19 Jul 2021 18:04:01 +0200
Subject: [PATCH] netfilter: flowtable: remove nf_ct_l4proto_find() call
TCP and UDP are built-in conntrack protocol trackers and the flowtable
only supports for TCP and UDP, remove this call.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_flow_table_core.c | 10 ----------
1 file changed, 10 deletions(-)
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -180,15 +180,10 @@ static void flow_offload_fixup_tcp(struc
static void flow_offload_fixup_ct_timeout(struct nf_conn *ct)
{
- const struct nf_conntrack_l4proto *l4proto;
struct net *net = nf_ct_net(ct);
int l4num = nf_ct_protonum(ct);
unsigned int timeout;
- l4proto = nf_ct_l4proto_find(l4num);
- if (!l4proto)
- return;
-
if (l4num == IPPROTO_TCP) {
struct nf_tcp_net *tn = nf_tcp_pernet(net);
@@ -273,15 +268,10 @@ static const struct rhashtable_params nf
unsigned long flow_offload_get_timeout(struct flow_offload *flow)
{
- const struct nf_conntrack_l4proto *l4proto;
unsigned long timeout = NF_FLOW_TIMEOUT;
struct net *net = nf_ct_net(flow->ct);
int l4num = nf_ct_protonum(flow->ct);
- l4proto = nf_ct_l4proto_find(l4num);
- if (!l4proto)
- return timeout;
-
if (l4num == IPPROTO_TCP) {
struct nf_tcp_net *tn = nf_tcp_pernet(net);
Reference in New Issue View Git Blame Copy Permalink