From f84c94060fda7f8400f5ef1d94e072dce98977ad Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 23 Mar 2023 21:44:10 +0100 Subject: [PATCH] kernel: enable conntrack counter updates for iptables xt_FLOWOFFLOAD Ensures that packet/byte counters in /proc/net/nf_conntrack are updated Signed-off-by: Felix Fietkau --- .../hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch index 961a930bb38f..aa6c668558ab 100644 --- a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch +++ b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,697 @@ +@@ -0,0 +1,698 @@ +/* + * Copyright (C) 2018-2021 Felix Fietkau + * @@ -752,6 +752,7 @@ Signed-off-by: Felix Fietkau +{ + INIT_DELAYED_WORK(&tbl->work, xt_flowoffload_hook_work); + tbl->ft.type = &flowtable_inet; ++ tbl->ft.flags = NF_FLOWTABLE_COUNTER; + + return nf_flow_table_init(&tbl->ft); +} @@ -770,7 +771,7 @@ Signed-off-by: Felix Fietkau + if (ret) + goto cleanup; + -+ flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD; ++ flowtable[1].ft.flags |= NF_FLOWTABLE_HW_OFFLOAD; + + ret = xt_register_target(&offload_tg_reg); + if (ret) -- 2.30.2