[openwrt/openwrt] kernel: fix xtables flow offload issues
LEDE Commits
lede-commits at lists.infradead.org
Thu Apr 5 10:24:49 PDT 2018
nbd pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/1c37cbbbecacbcd624f67ee7c18d76dcb478ba21
commit 1c37cbbbecacbcd624f67ee7c18d76dcb478ba21
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Thu Apr 5 19:22:43 2018 +0200
kernel: fix xtables flow offload issues
- avoid using garbage stack values as dst pointer if lookup fails
- provide the source address for ipv6 dst lookup
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
.../generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
index a322e60..7f78d52 100644
--- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
@@ -70,7 +70,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
help
This option adds the flow table core infrastructure.
-@@ -959,6 +958,15 @@ config NETFILTER_XT_TARGET_NOTRACK
+@@ -968,6 +967,15 @@ config NETFILTER_XT_TARGET_NOTRACK
depends on NETFILTER_ADVANCED
select NETFILTER_XT_TARGET_CT
@@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
depends on NETFILTER_ADVANCED
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
-@@ -133,6 +133,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF
+@@ -134,6 +134,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF
obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o
obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,364 @@
+@@ -0,0 +1,365 @@
+/*
+ * Copyright (C) 2018 Felix Fietkau <nbd at nbd.name>
+ *
@@ -295,7 +295,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
+xt_flowoffload_dst(const struct nf_conn *ct, enum ip_conntrack_dir dir,
+ const struct xt_action_param *par)
+{
-+ struct dst_entry *dst;
++ struct dst_entry *dst = NULL;
+ struct flowi fl;
+
+ memset(&fl, 0, sizeof(fl));
@@ -304,6 +304,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
+ fl.u.ip4.daddr = ct->tuplehash[dir].tuple.src.u3.ip;
+ break;
+ case NFPROTO_IPV6:
++ fl.u.ip6.saddr = ct->tuplehash[dir].tuple.dst.u3.in6;
+ fl.u.ip6.daddr = ct->tuplehash[dir].tuple.src.u3.in6;
+ break;
+ }
More information about the lede-commits
mailing list