|
|
|
|
@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/net/netfilter/xt_FLOWOFFLOAD.c
|
|
|
|
|
@@ -0,0 +1,383 @@
|
|
|
|
|
@@ -0,0 +1,387 @@
|
|
|
|
|
+/*
|
|
|
|
|
+ * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
+ *
|
|
|
|
|
@ -344,13 +344,13 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
+flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|
|
|
|
+{
|
|
|
|
|
+ const struct xt_flowoffload_target_info *info = par->targinfo;
|
|
|
|
|
+ struct tcphdr _tcph, *tcph = NULL;
|
|
|
|
|
+ enum ip_conntrack_info ctinfo;
|
|
|
|
|
+ enum ip_conntrack_dir dir;
|
|
|
|
|
+ struct nf_flow_route route;
|
|
|
|
|
+ struct flow_offload *flow;
|
|
|
|
|
+ struct nf_conn *ct;
|
|
|
|
|
+ struct net *net;
|
|
|
|
|
+ bool is_tcp = false;
|
|
|
|
|
+
|
|
|
|
|
+ if (xt_flowoffload_skip(skb, xt_family(par)))
|
|
|
|
|
+ return XT_CONTINUE;
|
|
|
|
|
@ -363,7 +363,11 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
+ case IPPROTO_TCP:
|
|
|
|
|
+ if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED)
|
|
|
|
|
+ return XT_CONTINUE;
|
|
|
|
|
+ is_tcp = true;
|
|
|
|
|
+
|
|
|
|
|
+ tcph = skb_header_pointer(skb, par->thoff,
|
|
|
|
|
+ sizeof(_tcph), &_tcph);
|
|
|
|
|
+ if (unlikely(!tcph || tcph->fin || tcph->rst))
|
|
|
|
|
+ return XT_CONTINUE;
|
|
|
|
|
+ break;
|
|
|
|
|
+ case IPPROTO_UDP:
|
|
|
|
|
+ break;
|
|
|
|
|
@ -393,7 +397,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
+ if (!flow)
|
|
|
|
|
+ goto err_flow_alloc;
|
|
|
|
|
+
|
|
|
|
|
+ if (is_tcp) {
|
|
|
|
|
+ if (tcph) {
|
|
|
|
|
+ ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
|
|
|
|
+ ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL;
|
|
|
|
|
+ }
|
|
|
|
|
|
Felix Fietkau
5 years ago