kernel: Backport upstream flowtable patches from 5.15

This backports some patches from kernel 5.15 to fix issues with flowtable offloading in kernel 5.10. OpenWrt backports most of the patches related to flowtable offloading from kernel 5.15 already, but we are missing some of the extra fixes. This fixes some connection tracking problems when a flow gets removed from the offload and added to the normal SW path again. The patch 614-v5.18-netfilter-flowtable-fix-TCP-flow-teardown.patch was extended manually with the nf_conntrack_tcp_established() function. All changes are already included in kernel 5.15. Fixes: #8776 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-03-05 19:08:27 +01:00
parent 5238a87c20
commit 96ef2dabce
9 changed files with 446 additions and 8 deletions
--- a/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
+++ b/target/linux/generic/hack-5.10/650-netfilter-add-xt_FLOWOFFLOAD-target.patch
@@ -821,7 +821,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 #include <net/netfilter/nf_flow_table.h>
 #include <net/netfilter/nf_conntrack.h>
 #include <net/netfilter/nf_conntrack_core.h>
-@@ -401,8 +400,7 @@ flow_offload_lookup(struct nf_flowtable
+@@ -380,8 +379,7 @@ flow_offload_lookup(struct nf_flowtable
 }
 EXPORT_SYMBOL_GPL(flow_offload_lookup);
 
@@ -831,7 +831,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 		      void (*iter)(struct flow_offload *flow, void *data),
 		      void *data)
 {
-@@ -434,6 +432,7 @@ nf_flow_table_iterate(struct nf_flowtabl
+@@ -413,6 +411,7 @@ nf_flow_table_iterate(struct nf_flowtabl
 
 	return err;
 }
@@ -861,7 +861,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +#endif /* _XT_FLOWOFFLOAD_H */
 --- a/include/net/netfilter/nf_flow_table.h
 +++ b/include/net/netfilter/nf_flow_table.h
-@@ -270,6 +270,10 @@ void nf_flow_table_free(struct nf_flowta
+@@ -271,6 +271,10 @@ void nf_flow_table_free(struct nf_flowta
 
 void flow_offload_teardown(struct flow_offload *flow);