From db3b862d1cbfa2bca49b41384870fd2d1f55bd41 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Fri, 20 Mar 2015 22:13:34 +0000
Subject: kernel: fix ipsec related regression in the netfilter rtcache patch

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44913
---
 .../linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch')

diff --git a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
index 61a1411e4e..9f23db6a79 100644
--- a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
  obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
 --- /dev/null
 +++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
 +/* route cache for netfilter.
 + *
 + * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
 +	enum ip_conntrack_info ctinfo;
 +	enum ip_conntrack_dir dir;
 +	struct nf_conn *ct;
++	struct dst_entry *dst = skb_dst(skb);
 +	int iif;
 +
 +	ct = nf_ct_get(skb, &ctinfo);
 +	if (!ct)
 +		return NF_ACCEPT;
 +
++	if (dst && dst_xfrm(dst))
++		return NF_ACCEPT;
++
 +	if (!nf_ct_is_confirmed(ct)) {
 +		if (WARN_ON(nf_ct_rtcache_find(ct)))
 +			return NF_ACCEPT;
-- 
cgit v1.2.3