git.openwrt.org Git - openwrt/staging/mans0n.git/blob

   1 From: Pablo Neira Ayuso <pablo@netfilter.org>
   2 Date: Tue, 23 Mar 2021 00:56:27 +0100
   3 Subject: [PATCH] netfilter: flowtable: refresh timeout after dst and
   4  writable checks
   5
   6 Refresh the timeout (and retry hardware offload) once the skbuff dst
   7 is confirmed to be current and after the skbuff is made writable.
   8
   9 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  10 ---
  11
  12 --- a/net/netfilter/nf_flow_table_ip.c
  13 +++ b/net/netfilter/nf_flow_table_ip.c
  14 @@ -246,8 +246,6 @@ nf_flow_offload_ip_hook(void *priv, stru
  15         if (nf_flow_state_check(flow, iph->protocol, skb, thoff))
  16                 return NF_ACCEPT;
  17
  18 -       flow_offload_refresh(flow_table, flow);
  19 -
  20         if (!dst_check(&rt->dst, 0)) {
  21                 flow_offload_teardown(flow);
  22                 return NF_ACCEPT;
  23 @@ -256,6 +254,8 @@ nf_flow_offload_ip_hook(void *priv, stru
  24         if (skb_try_make_writable(skb, thoff + hdrsize))
  25                 return NF_DROP;
  26
  27 +       flow_offload_refresh(flow_table, flow);
  28 +
  29         iph = ip_hdr(skb);
  30         nf_flow_nat_ip(flow, skb, thoff, dir, iph);
  31
  32 @@ -466,8 +466,6 @@ nf_flow_offload_ipv6_hook(void *priv, st
  33                                 sizeof(*ip6h)))
  34                 return NF_ACCEPT;
  35
  36 -       flow_offload_refresh(flow_table, flow);
  37 -
  38         if (!dst_check(&rt->dst, 0)) {
  39                 flow_offload_teardown(flow);
  40                 return NF_ACCEPT;
  41 @@ -476,6 +474,8 @@ nf_flow_offload_ipv6_hook(void *priv, st
  42         if (skb_try_make_writable(skb, sizeof(*ip6h) + hdrsize))
  43                 return NF_DROP;
  44
  45 +       flow_offload_refresh(flow_table, flow);
  46 +
  47         ip6h = ipv6_hdr(skb);
  48         nf_flow_nat_ipv6(flow, skb, dir, ip6h);
  49