openwrtv4/target/linux/generic/pending-4.9/616-net_optimize_xfrm_calls.patch
Stijn Tintel 2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00

20 lines
553 B
Diff

From: Felix Fietkau <nbd@nbd.name>
Subject: kernel: add a small xfrm related performance optimization
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/netfilter/nf_nat_core.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -95,6 +95,9 @@ int nf_xfrm_me_harder(struct net *net, s
struct dst_entry *dst;
int err;
+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT])
+ return 0;
+
err = xfrm_decode_session(skb, &fl, family);
if (err < 0)
return err;