[openwrt/openwrt] kernel: flow-offload: only offload connections that have been fully established
LEDE Commits
lede-commits at lists.infradead.org
Fri Mar 23 12:57:00 PDT 2018
nbd pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/2c7b0e9f31630c97f4864ee729be64a2b7ba98e4
commit 2c7b0e9f31630c97f4864ee729be64a2b7ba98e4
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Tue Mar 13 09:16:20 2018 +0100
kernel: flow-offload: only offload connections that have been fully established
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
.../generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
index 40f89d4..5c40961 100644
--- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
--- /dev/null
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,335 @@
+@@ -0,0 +1,338 @@
+/*
+ * Copyright (C) 2018 Felix Fietkau <nbd at nbd.name>
+ *
@@ -337,6 +337,9 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
+
+ switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) {
+ case IPPROTO_TCP:
++ if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
++ return XT_CONTINUE;
++ break;
+ case IPPROTO_UDP:
+ break;
+ default:
More information about the lede-commits
mailing list