kernel: enable conntrack counter updates for iptables xt_FLOWOFFLOAD

Ensures that packet/byte counters in /proc/net/nf_conntrack are updated

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index 961a930bb38fb3e4d4b8712496e7a524752dfd22..aa6c668558ab938f3c2aa3af1eb2b569f7d41eab 100644 (file)
--- a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,697 @@
+@@ -0,0 +1,698 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@@ -752,6 +752,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +{
 +      INIT_DELAYED_WORK(&tbl->work, xt_flowoffload_hook_work);
 +      tbl->ft.type = &flowtable_inet;
++      tbl->ft.flags = NF_FLOWTABLE_COUNTER;
 +
 +      return nf_flow_table_init(&tbl->ft);
 +}
@@ -770,7 +771,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      if (ret)
 +              goto cleanup;
 +
-+      flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD;
++      flowtable[1].ft.flags |= NF_FLOWTABLE_HW_OFFLOAD;
 +
 +      ret = xt_register_target(&offload_tg_reg);
 +      if (ret)