From db3b862d1cbfa2bca49b41384870fd2d1f55bd41 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 20 Mar 2015 22:13:34 +0000 Subject: [PATCH] kernel: fix ipsec related regression in the netfilter rtcache patch Signed-off-by: Felix Fietkau SVN-Revision: 44913 --- .../patches-3.14/090-backport_netfilter_rtcache.patch | 6 +++++- .../patches-3.18/050-backport_netfilter_rtcache.patch | 6 +++++- .../patches-3.19/050-backport_netfilter_rtcache.patch | 6 +++++- .../patches-4.0/050-backport_netfilter_rtcache.patch | 6 +++++- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch index ebe573f576..104a82cfd2 100644 --- a/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.14/090-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,386 @@ +@@ -0,0 +1,390 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch index 61a1411e4e..9f23db6a79 100644 --- a/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.18/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch index 347bfaf1f6..f4783fd381 100644 --- a/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-3.19/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; diff --git a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch index 347bfaf1f6..f4783fd381 100644 --- a/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch +++ b/target/linux/generic/patches-4.0/050-backport_netfilter_rtcache.patch @@ -115,7 +115,7 @@ Signed-off-by: Florian Westphal obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o --- /dev/null +++ b/net/netfilter/nf_conntrack_rtcache.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,391 @@ +/* route cache for netfilter. + * + * (C) 2014 Red Hat GmbH @@ -307,12 +307,16 @@ Signed-off-by: Florian Westphal + enum ip_conntrack_info ctinfo; + enum ip_conntrack_dir dir; + struct nf_conn *ct; ++ struct dst_entry *dst = skb_dst(skb); + int iif; + + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return NF_ACCEPT; + ++ if (dst && dst_xfrm(dst)) ++ return NF_ACCEPT; ++ + if (!nf_ct_is_confirmed(ct)) { + if (WARN_ON(nf_ct_rtcache_find(ct))) + return NF_ACCEPT; -- 2.30.2