kernel: fix ipsec related regression in the netfilter rtcache patch

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 44913

diff --git a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
index ebe573f5764c6ddf4519aa1834cf924eff2af807..104a82cfd28dab944038f91d8ab6356d13198dbb 100644 (file)
--- a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
  obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
 --- /dev/null
 +++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,386 @@
+@@ -0,0 +1,390 @@
 +/* route cache for netfilter.
 + *
 + * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
 +      enum ip_conntrack_info ctinfo;
 +      enum ip_conntrack_dir dir;
 +      struct nf_conn *ct;
++      struct dst_entry *dst = skb_dst(skb);
 +      int iif;
 +
 +      ct = nf_ct_get(skb, &ctinfo);
 +      if (!ct)
 +              return NF_ACCEPT;
 +
++      if (dst && dst_xfrm(dst))
++              return NF_ACCEPT;
++
 +      if (!nf_ct_is_confirmed(ct)) {
 +              if (WARN_ON(nf_ct_rtcache_find(ct)))
 +                      return NF_ACCEPT;

diff --git a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
index 61a1411e4eba0763635b444c672efcb4e8a48a6a..9f23db6a79b5b4ee0e2dfb36e1d250017a6fab2c 100644 (file)
--- a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
  obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
 --- /dev/null
 +++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
 +/* route cache for netfilter.
 + *
 + * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
 +      enum ip_conntrack_info ctinfo;
 +      enum ip_conntrack_dir dir;
 +      struct nf_conn *ct;
++      struct dst_entry *dst = skb_dst(skb);
 +      int iif;
 +
 +      ct = nf_ct_get(skb, &ctinfo);
 +      if (!ct)
 +              return NF_ACCEPT;
 +
++      if (dst && dst_xfrm(dst))
++              return NF_ACCEPT;
++
 +      if (!nf_ct_is_confirmed(ct)) {
 +              if (WARN_ON(nf_ct_rtcache_find(ct)))
 +                      return NF_ACCEPT;

diff --git a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
index 347bfaf1f64d96e3a501e083f78d6ceb29d99d20..f4783fd38145ea1e8dbcf4ea6329891fb73dbe0b 100644 (file)
--- a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
  obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
 --- /dev/null
 +++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
 +/* route cache for netfilter.
 + *
 + * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
 +      enum ip_conntrack_info ctinfo;
 +      enum ip_conntrack_dir dir;
 +      struct nf_conn *ct;
++      struct dst_entry *dst = skb_dst(skb);
 +      int iif;
 +
 +      ct = nf_ct_get(skb, &ctinfo);
 +      if (!ct)
 +              return NF_ACCEPT;
 +
++      if (dst && dst_xfrm(dst))
++              return NF_ACCEPT;
++
 +      if (!nf_ct_is_confirmed(ct)) {
 +              if (WARN_ON(nf_ct_rtcache_find(ct)))
 +                      return NF_ACCEPT;

diff --git a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
index 347bfaf1f64d96e3a501e083f78d6ceb29d99d20..f4783fd38145ea1e8dbcf4ea6329891fb73dbe0b 100644 (file)
--- a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
+++ b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch
@@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
  obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o
 --- /dev/null
 +++ b/net/netfilter/nf_conntrack_rtcache.c
-@@ -0,0 +1,387 @@
+@@ -0,0 +1,391 @@
 +/* route cache for netfilter.
 + *
 + * (C) 2014 Red Hat GmbH
@@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal <fw@strlen.de>
 +      enum ip_conntrack_info ctinfo;
 +      enum ip_conntrack_dir dir;
 +      struct nf_conn *ct;
++      struct dst_entry *dst = skb_dst(skb);
 +      int iif;
 +
 +      ct = nf_ct_get(skb, &ctinfo);
 +      if (!ct)
 +              return NF_ACCEPT;
 +
++      if (dst && dst_xfrm(dst))
++              return NF_ACCEPT;
++
 +      if (!nf_ct_is_confirmed(ct)) {
 +              if (WARN_ON(nf_ct_rtcache_find(ct)))
 +                      return NF_ACCEPT;