lantiq: disable building of ZyXEL P-2812HNU F1

[openwrt/openwrt.git] / target / linux / generic / hack-6.1 / 650-netfilter-add-xt_FLOWOFFLOAD-target.patch

diff --git a/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index 476c5948ab00f5b97c90998e1e6b3cb1cbed6032..0822b1a2ddeb8f330bc68d1ffad341787baa9e47 100644 (file)
--- a/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -8,7 +8,15 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/netfilter/Kconfig
 +++ b/net/netfilter/Kconfig
-@@ -1011,6 +1010,15 @@ config NETFILTER_XT_TARGET_NOTRACK
+@@ -726,7 +726,6 @@ config NF_FLOW_TABLE
+       tristate "Netfilter flow table module"
+       depends on NETFILTER_INGRESS
+       depends on NF_CONNTRACK
+-      depends on NF_TABLES
+       help
+         This option adds the flow table core infrastructure.
+ 
+@@ -1023,6 +1022,15 @@ config NETFILTER_XT_TARGET_NOTRACK
        depends on NETFILTER_ADVANCED
        select NETFILTER_XT_TARGET_CT
  
@@ -26,7 +34,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
        depends on NETFILTER_ADVANCED
 --- a/net/netfilter/Makefile
 +++ b/net/netfilter/Makefile
-@@ -143,6 +143,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF
+@@ -154,6 +154,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIF
  obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
@@ -36,7 +44,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,698 @@
+@@ -0,0 +1,703 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@@ -101,7 +109,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +              proto = veth->h_vlan_encapsulated_proto;
 +              break;
 +      case htons(ETH_P_PPP_SES):
-+              proto = nf_flow_pppoe_proto(skb);
++              if (!nf_flow_pppoe_proto(skb, &proto))
++                      return NF_ACCEPT;
 +              break;
 +      default:
 +              proto = skb->protocol;
@@ -482,9 +491,14 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +              break;
 +      }
 +
++      if (!dst_hold_safe(this_dst))
++              return -ENOENT;
++
 +      nf_route(xt_net(par), &other_dst, &fl, false, xt_family(par));
-+      if (!other_dst)
++      if (!other_dst) {
++              dst_release(this_dst);
 +              return -ENOENT;
++      }
 +
 +      nf_default_forward_path(route, this_dst, dir, devs);
 +      nf_default_forward_path(route, other_dst, !dir, devs);
@@ -542,6 +556,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      if (!nf_ct_is_confirmed(ct))
 +              return XT_CONTINUE;
 +
++      dir = CTINFO2DIR(ctinfo);
++
 +      devs[dir] = xt_out(par);
 +      devs[!dir] = xt_in(par);
 +
@@ -551,8 +567,6 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status))
 +              return XT_CONTINUE;
 +
-+      dir = CTINFO2DIR(ctinfo);
-+
 +      if (xt_flowoffload_route(skb, ct, par, &route, dir, devs) < 0)
 +              goto err_flow_route;
 +
@@ -560,8 +574,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      if (!flow)
 +              goto err_flow_alloc;
 +
-+      if (flow_offload_route_init(flow, &route) < 0)
-+              goto err_flow_add;
++      flow_offload_route_init(flow, &route);
 +
 +      if (tcph) {
 +              ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
@@ -574,19 +587,19 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      if (!net)
 +              write_pnet(&table->ft.net, xt_net(par));
 +
++      __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags);
 +      if (flow_offload_add(&table->ft, flow) < 0)
 +              goto err_flow_add;
 +
 +      xt_flowoffload_check_device(table, devs[0]);
 +      xt_flowoffload_check_device(table, devs[1]);
 +
-+      dst_release(route.tuple[!dir].dst);
-+
 +      return XT_CONTINUE;
 +
 +err_flow_add:
 +      flow_offload_free(flow);
 +err_flow_alloc:
++      dst_release(route.tuple[dir].dst);
 +      dst_release(route.tuple[!dir].dst);
 +err_flow_route:
 +      clear_bit(IPS_OFFLOAD_BIT, &ct->status);
@@ -654,7 +667,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +};
 +
 +static int nf_flow_rule_route_inet(struct net *net,
-+                                 const struct flow_offload *flow,
++                                 struct flow_offload *flow,
 +                                 enum flow_offload_tuple_dir dir,
 +                                 struct nf_flow_rule *flow_rule)
 +{
@@ -745,7 +758,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #include <net/netfilter/nf_flow_table.h>
  #include <net/netfilter/nf_conntrack.h>
  #include <net/netfilter/nf_conntrack_core.h>
-@@ -380,8 +379,7 @@ flow_offload_lookup(struct nf_flowtable
+@@ -374,8 +373,7 @@ flow_offload_lookup(struct nf_flowtable
  }
  EXPORT_SYMBOL_GPL(flow_offload_lookup);
  
@@ -755,13 +768,13 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
                      void (*iter)(struct nf_flowtable *flowtable,
                                   struct flow_offload *flow, void *data),
                      void *data)
-@@ -435,6 +433,7 @@ static void nf_flow_offload_gc_step(stru
+@@ -436,6 +434,7 @@ static void nf_flow_offload_gc_step(stru
                nf_flow_offload_stats(flow_table, flow);
        }
  }
 +EXPORT_SYMBOL_GPL(nf_flow_table_iterate);
  
- static void nf_flow_offload_work_gc(struct work_struct *work)
+ void nf_flow_table_gc_run(struct nf_flowtable *flow_table)
  {
 --- /dev/null
 +++ b/include/uapi/linux/netfilter/xt_FLOWOFFLOAD.h
@@ -785,7 +798,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +#endif /* _XT_FLOWOFFLOAD_H */
 --- a/include/net/netfilter/nf_flow_table.h
 +++ b/include/net/netfilter/nf_flow_table.h
-@@ -275,6 +275,11 @@ void nf_flow_table_free(struct nf_flowta
+@@ -293,6 +293,11 @@ void nf_flow_table_free(struct nf_flowta
  
  void flow_offload_teardown(struct flow_offload *flow);