kernel: add minimal TCP state tracking to flow offload support

[openwrt/staging/lynxis.git] / target / linux / generic / backport-4.14 / 362-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch

diff --git a/target/linux/generic/backport-4.14/362-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch b/target/linux/generic/backport-4.14/362-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch
new file mode 100644 (file)
index 0000000..e6d7dd8
--- /dev/null
+++ b/target/linux/generic/backport-4.14/362-netfilter-nf_flow_table-in-flow_offload_lookup-skip-.patch
@@ -0,0 +1,36 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sun, 25 Feb 2018 15:39:56 +0100
+Subject: [PATCH] netfilter: nf_flow_table: in flow_offload_lookup, skip
+ entries being deleted
+
+Preparation for sending flows back to the slow path
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/netfilter/nf_flow_table_core.c
++++ b/net/netfilter/nf_flow_table_core.c
+@@ -178,8 +178,21 @@ struct flow_offload_tuple_rhash *
+ flow_offload_lookup(struct nf_flowtable *flow_table,
+                   struct flow_offload_tuple *tuple)
+ {
+-      return rhashtable_lookup_fast(&flow_table->rhashtable, tuple,
+-                                    nf_flow_offload_rhash_params);
++      struct flow_offload_tuple_rhash *tuplehash;
++      struct flow_offload *flow;
++      int dir;
++
++      tuplehash = rhashtable_lookup_fast(&flow_table->rhashtable, tuple,
++                                         nf_flow_offload_rhash_params);
++      if (!tuplehash)
++              return NULL;
++
++      dir = tuplehash->tuple.dir;
++      flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
++      if (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN))
++              return NULL;
++
++      return tuplehash;
+ }
+ EXPORT_SYMBOL_GPL(flow_offload_lookup);
+