From 6c901ec97d73a7835c2bb7525e51cc3d3614f344 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 5 Mar 2022 19:08:27 +0100 Subject: kernel: Backport upstream flowtable patches from 5.15 This backports some patches from kernel 5.15 to fix issues with flowtable offloading in kernel 5.10. OpenWrt backports most of the patches related to flowtable offloading from kernel 5.15 already, but we are missing some of the extra fixes. This fixes some connection tracking problems when a flow gets removed from the offload and added to the normal SW path again. The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was extended manually with the nf_conntrack_tcp_established() function. All changes are already included in kernel 5.15. Fixes: #8776 Signed-off-by: Hauke Mehrtens (cherry picked from commit 96ef2dabce1a5f102d53a15f33383193b47fd297) --- .../pending-5.10/613-netfilter_optional_tcp_window_check.patch | 4 ++-- .../704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'target/linux/generic/pending-5.10') diff --git a/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch b/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch index 4cf07a3e2c..458b6761bc 100644 --- a/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch +++ b/target/linux/generic/pending-5.10/613-netfilter_optional_tcp_window_check.patch @@ -49,7 +49,7 @@ Signed-off-by: Felix Fietkau static bool enable_hooks __read_mostly; MODULE_PARM_DESC(enable_hooks, "Always enable conntrack hooks"); module_param(enable_hooks, bool, 0000); -@@ -660,6 +663,7 @@ enum nf_ct_sysctl_index { +@@ -658,6 +661,7 @@ enum nf_ct_sysctl_index { NF_SYSCTL_CT_PROTO_TIMEOUT_GRE_STREAM, #endif @@ -57,7 +57,7 @@ Signed-off-by: Felix Fietkau __NF_SYSCTL_CT_LAST_SYSCTL, }; -@@ -1014,6 +1018,13 @@ static struct ctl_table nf_ct_sysctl_tab +@@ -1000,6 +1004,13 @@ static struct ctl_table nf_ct_sysctl_tab .proc_handler = proc_dointvec_jiffies, }, #endif diff --git a/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch b/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch index c15f090f71..67a72f825a 100644 --- a/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch +++ b/target/linux/generic/pending-5.10/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -331,8 +331,10 @@ void flow_offload_refresh(struct nf_flow +@@ -318,8 +318,10 @@ void flow_offload_refresh(struct nf_flow u32 timeout; timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow); -- cgit v1.2.3