aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux')
-rw-r--r--target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch12
1 files changed, 8 insertions, 4 deletions
diff --git a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
index bc5a5eba58..80bc1cdeff 100644
--- a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,383 @@
+@@ -0,0 +1,387 @@
+/*
+ * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
+ *
@@ -344,13 +344,13 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par)
+{
+ const struct xt_flowoffload_target_info *info = par->targinfo;
++ struct tcphdr _tcph, *tcph = NULL;
+ enum ip_conntrack_info ctinfo;
+ enum ip_conntrack_dir dir;
+ struct nf_flow_route route;
+ struct flow_offload *flow;
+ struct nf_conn *ct;
+ struct net *net;
-+ bool is_tcp = false;
+
+ if (xt_flowoffload_skip(skb, xt_family(par)))
+ return XT_CONTINUE;
@@ -363,7 +363,11 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+ case IPPROTO_TCP:
+ if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
+ return XT_CONTINUE;
-+ is_tcp = true;
++
++ tcph = skb_header_pointer(skb, par->thoff,
++ sizeof(_tcph), &_tcph);
++ if (unlikely(!tcph || tcph->fin || tcph->rst))
++ return XT_CONTINUE;
+ break;
+ case IPPROTO_UDP:
+ break;
@@ -393,7 +397,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
+ if (!flow)
+ goto err_flow_alloc;
+
-+ if (is_tcp) {
++ if (tcph) {
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
+ }