generic: 5.15: backport support for Marvell 88E6361 switch

[openwrt/openwrt.git] / target / linux / generic / hack-5.15 / 650-netfilter-add-xt_FLOWOFFLOAD-target.patch

diff --git a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
index 81432bbeab9f26ca2d9bccb43df5ea98f3fa7b58..aa6c668558ab938f3c2aa3af1eb2b569f7d41eab 100644 (file)
--- a/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -47,7 +47,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
        depends on !NF_CONNTRACK || NF_CONNTRACK
 --- a/net/netfilter/Kconfig
 +++ b/net/netfilter/Kconfig
-@@ -708,8 +708,6 @@ config NFT_REJECT_NETDEV
+@@ -707,8 +707,6 @@ config NFT_REJECT_NETDEV
  
  endif # NF_TABLES_NETDEV
  
@@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  config NF_FLOW_TABLE_INET
        tristate "Netfilter flow table mixed IPv4/IPv6 module"
        depends on NF_FLOW_TABLE
-@@ -718,11 +716,12 @@ config NF_FLOW_TABLE_INET
+@@ -717,11 +715,12 @@ config NF_FLOW_TABLE_INET
  
          To compile it as a module, choose M here.
  
@@ -70,7 +70,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
        help
          This option adds the flow table core infrastructure.
  
-@@ -1011,6 +1010,15 @@ config NETFILTER_XT_TARGET_NOTRACK
+@@ -1010,6 +1009,15 @@ config NETFILTER_XT_TARGET_NOTRACK
        depends on NETFILTER_ADVANCED
        select NETFILTER_XT_TARGET_CT
  
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,694 @@
+@@ -0,0 +1,698 @@
 +/*
 + * Copyright (C) 2018-2021 Felix Fietkau <nbd@nbd.name>
 + *
@@ -289,13 +289,16 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +}
 +
 +static void
-+xt_flowoffload_check_hook(struct flow_offload *flow, void *data)
++xt_flowoffload_check_hook(struct nf_flowtable *flowtable,
++                        struct flow_offload *flow, void *data)
 +{
-+      struct xt_flowoffload_table *table = data;
++      struct xt_flowoffload_table *table;
 +      struct flow_offload_tuple *tuple0 = &flow->tuplehash[0].tuple;
 +      struct flow_offload_tuple *tuple1 = &flow->tuplehash[1].tuple;
 +      struct xt_flowoffload_hook *hook;
 +
++      table = container_of(flowtable, struct xt_flowoffload_table, ft);
++
 +      spin_lock_bh(&hooks_lock);
 +      hlist_for_each_entry(hook, &table->hooks, list) {
 +              if (hook->ops.dev->ifindex != tuple0->iifidx &&
@@ -323,7 +326,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      spin_unlock_bh(&hooks_lock);
 +
 +      err = nf_flow_table_iterate(&table->ft, xt_flowoffload_check_hook,
-+                                  table);
++                                  NULL);
 +      if (err && err != -EAGAIN)
 +              goto out;
 +
@@ -749,6 +752,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +{
 +      INIT_DELAYED_WORK(&tbl->work, xt_flowoffload_hook_work);
 +      tbl->ft.type = &flowtable_inet;
++      tbl->ft.flags = NF_FLOWTABLE_COUNTER;
 +
 +      return nf_flow_table_init(&tbl->ft);
 +}
@@ -767,7 +771,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +      if (ret)
 +              goto cleanup;
 +
-+      flowtable[1].ft.flags = NF_FLOWTABLE_HW_OFFLOAD;
++      flowtable[1].ft.flags |= NF_FLOWTABLE_HW_OFFLOAD;
 +
 +      ret = xt_register_target(&offload_tg_reg);
 +      if (ret)
@@ -803,23 +807,23 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #include <net/netfilter/nf_flow_table.h>
  #include <net/netfilter/nf_conntrack.h>
  #include <net/netfilter/nf_conntrack_core.h>
-@@ -399,8 +398,7 @@ flow_offload_lookup(struct nf_flowtable
+@@ -380,8 +379,7 @@ flow_offload_lookup(struct nf_flowtable
  }
  EXPORT_SYMBOL_GPL(flow_offload_lookup);
  
 -static int
 -nf_flow_table_iterate(struct nf_flowtable *flow_table,
 +int nf_flow_table_iterate(struct nf_flowtable *flow_table,
-                     void (*iter)(struct flow_offload *flow, void *data),
+                     void (*iter)(struct nf_flowtable *flowtable,
+                                  struct flow_offload *flow, void *data),
                      void *data)
- {
-@@ -432,6 +430,7 @@ nf_flow_table_iterate(struct nf_flowtabl
- 
-       return err;
+@@ -435,6 +433,7 @@ static void nf_flow_offload_gc_step(stru
+               nf_flow_offload_stats(flow_table, flow);
+       }
  }
 +EXPORT_SYMBOL_GPL(nf_flow_table_iterate);
  
- static void nf_flow_offload_gc_step(struct flow_offload *flow, void *data)
+ void nf_flow_table_gc_run(struct nf_flowtable *flow_table)
  {
 --- /dev/null
 +++ b/include/uapi/linux/netfilter/xt_FLOWOFFLOAD.h
@@ -843,13 +847,14 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +#endif /* _XT_FLOWOFFLOAD_H */
 --- a/include/net/netfilter/nf_flow_table.h
 +++ b/include/net/netfilter/nf_flow_table.h
-@@ -275,6 +275,10 @@ void nf_flow_table_free(struct nf_flowta
+@@ -276,6 +276,11 @@ void nf_flow_table_free(struct nf_flowta
  
  void flow_offload_teardown(struct flow_offload *flow);
  
 +int nf_flow_table_iterate(struct nf_flowtable *flow_table,
-+                        void (*iter)(struct flow_offload *flow, void *data),
-+                        void *data);
++                      void (*iter)(struct nf_flowtable *flowtable,
++                                   struct flow_offload *flow, void *data),
++                      void *data);
 +
  void nf_flow_snat_port(const struct flow_offload *flow,
                       struct sk_buff *skb, unsigned int thoff,