netfilter: fix crash in flow offload by adding netns support

[openwrt/staging/blogic.git] / target / linux / generic / hack-4.19 / 650-netfilter-add-xt_OFFLOAD-target.patch

diff --git a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
index 8ebea32a822d7b7e25d6fd2572b6fcb34565cbfe..b207f9d084a7243d65d1fd185cc649b584fffc29 100644 (file)
--- a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,366 @@
+@@ -0,0 +1,371 @@
 +/*
 + * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
 + *
@@ -344,6 +344,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      struct nf_flow_route route;
 +      struct flow_offload *flow;
 +      struct nf_conn *ct;
++      struct net *net;
 +
 +      if (xt_flowoffload_skip(skb))
 +              return XT_CONTINUE;
@@ -391,6 +392,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      xt_flowoffload_check_device(xt_in(par));
 +      xt_flowoffload_check_device(xt_out(par));
 +
++      net = read_pnet(&nf_flowtable.ft_net);
++      if (!net)
++              write_pnet(&nf_flowtable.ft_net, xt_net(par));
++
 +      if (info->flags & XT_FLOWOFFLOAD_HW)
 +              nf_flow_offload_hw_add(xt_net(par), flow, ct);
 +