kernel: fix offloading connections with SNAT + DNAT

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-23 19:15:58 +01:00 · 2018-03-23 19:15:58 +01:00 · 99d511dcd3
commit 99d511dcd3
parent 48d17551b6
1 changed files with 23 additions and 0 deletions
--- a/target/linux/generic/backport-4.14/368-netfilter-nf_flow_table-fix-offloading-connections-w.patch
+++ b/target/linux/generic/backport-4.14/368-netfilter-nf_flow_table-fix-offloading-connections-w.patch
@ -0,0 +1,23 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 23 Mar 2018 19:12:30 +0100
+Subject: [PATCH] netfilter: nf_flow_table: fix offloading connections with
+ SNAT+DNAT
+
+Pass all NAT types to the flow offload struct, otherwise parts of the
+address/port pair do not get translated properly, causing connection
+stalls
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
+@@ -83,7 +83,7 @@ flow_offload_alloc(struct nf_conn *ct, s
+ 
+ 	if (ct->status & IPS_SRC_NAT)
+ 		flow->flags |= FLOW_OFFLOAD_SNAT;
+-	else if (ct->status & IPS_DST_NAT)
+	if (ct->status & IPS_DST_NAT)
+ 		flow->flags |= FLOW_OFFLOAD_DNAT;
+ 
+ 	return flow;