KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

kernel: fix ipsec related regression in the netfilter rtcache patch

Browse source 
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44913
This commit is contained in:
Felix Fietkau 2015-03-20 22:13:34 +00:00
parent 34eb384597
commit db3b862d1c
4 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
View file

@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
@@ -0,0 +1,386 @@
@@ -0,0 +1,390 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
+ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
+ if (dst && dst_xfrm(dst))
+ return NF_ACCEPT;
+
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;

6
target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
View file

@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
@@ -0,0 +1,387 @@
@@ -0,0 +1,391 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
+ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
+ if (dst && dst_xfrm(dst))
+ return NF_ACCEPT;
+
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;

6
target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
View file

@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
@@ -0,0 +1,387 @@
@@ -0,0 +1,391 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
+ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
+ if (dst && dst_xfrm(dst))
+ return NF_ACCEPT;
+
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;

6
target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
View file

@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
--- /dev/null
+++ b/net/netfilter/nf_conntrack_rtcache.c
@@ -0,0 +1,387 @@
@@ -0,0 +1,391 @@
+/* route cache for netfilter.
+ *
+ * (C) 2014 Red Hat GmbH
@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_conn *ct;
+ struct dst_entry *dst = skb_dst(skb);
+ int iif;
+
+ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ return NF_ACCEPT;
+
+ if (dst && dst_xfrm(dst))
+ return NF_ACCEPT;
+
+ if (!nf_ct_is_confirmed(ct)) {
+ if (WARN_ON(nf_ct_rtcache_find(ct)))
+ return NF_ACCEPT;