aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2018-03-23 19:15:58 +0100
committerFelix Fietkau <nbd@nbd.name>2018-03-23 19:16:23 +0100
commit99d511dcd39c3ce56d424c56e4096c7fc59590bb (patch)
treef1317c65149b08933aa175af3b54eb387676a4ae
parent48d17551b6a191b596d87a9b64ed69e96b55f1d8 (diff)
downloadupstream-99d511dcd39c3ce56d424c56e4096c7fc59590bb.tar.gz
upstream-99d511dcd39c3ce56d424c56e4096c7fc59590bb.tar.bz2
upstream-99d511dcd39c3ce56d424c56e4096c7fc59590bb.zip
kernel: fix offloading connections with SNAT + DNAT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
-rw-r--r--target/linux/generic/backport-4.14/368-netfilter-nf_flow_table-fix-offloading-connections-w.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/368-netfilter-nf_flow_table-fix-offloading-connections-w.patch b/target/linux/generic/backport-4.14/368-netfilter-nf_flow_table-fix-offloading-connections-w.patch
new file mode 100644
index 0000000000..28c3817c70
--- /dev/null
+++ b/target/linux/generic/backport-4.14/368-netfilter-nf_flow_table-fix-offloading-connections-w.patch
@@ -0,0 +1,23 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 23 Mar 2018 19:12:30 +0100
+Subject: [PATCH] netfilter: nf_flow_table: fix offloading connections with
+ SNAT+DNAT
+
+Pass all NAT types to the flow offload struct, otherwise parts of the
+address/port pair do not get translated properly, causing connection
+stalls
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/netfilter/nf_flow_table_core.c
++++ b/net/netfilter/nf_flow_table_core.c
+@@ -83,7 +83,7 @@ flow_offload_alloc(struct nf_conn *ct, s
+
+ if (ct->status & IPS_SRC_NAT)
+ flow->flags |= FLOW_OFFLOAD_SNAT;
+- else if (ct->status & IPS_DST_NAT)
++ if (ct->status & IPS_DST_NAT)
+ flow->flags |= FLOW_OFFLOAD_DNAT;
+
+ return flow;