diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch index 2044bfaeb8..b78ba1f53f 100644 --- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch +++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,368 @@ +@@ -0,0 +1,403 @@ +/* + * Copyright (C) 2018 Felix Fietkau + * @@ -113,6 +113,7 @@ Signed-off-by: Felix Fietkau +#include +#include +#include ++#include + +static struct nf_flowtable nf_flowtable; +static HLIST_HEAD(hooks); @@ -346,6 +347,7 @@ Signed-off-by: Felix Fietkau + struct nf_flow_route route; + struct flow_offload *flow; + struct nf_conn *ct; ++ const struct nf_conn_help *help; + + if (xt_flowoffload_skip(skb)) + return XT_CONTINUE; @@ -365,7 +367,8 @@ Signed-off-by: Felix Fietkau + return XT_CONTINUE; + } + -+ if (test_bit(IPS_HELPER_BIT, &ct->status)) ++ help = nfct_help(ct); ++ if (help) + return XT_CONTINUE; + + if (ctinfo == IP_CT_NEW || @@ -441,10 +444,41 @@ Signed-off-by: Felix Fietkau + nf_flow_table_free(table); +} + ++static int flow_offload_netdev_event(struct notifier_block *this, ++ unsigned long event, void *ptr) ++{ ++ struct xt_flowoffload_hook *hook = NULL; ++ struct net_device *dev = netdev_notifier_info_to_dev(ptr); ++ ++ if (event != NETDEV_UNREGISTER) ++ return NOTIFY_DONE; ++ ++ spin_lock_bh(&hooks_lock); ++ hook = flow_offload_lookup_hook(dev); ++ if (hook) { ++ hlist_del(&hook->list); ++ } ++ spin_unlock_bh(&hooks_lock); ++ if (hook) { ++ nf_unregister_net_hook(hook->net, &hook->ops); ++ kfree(hook); ++ } ++ ++ nf_flow_table_cleanup(dev_net(dev), dev); ++ ++ return NOTIFY_DONE; ++} ++ ++static struct notifier_block flow_offload_netdev_notifier = { ++ .notifier_call = flow_offload_netdev_event, ++}; ++ +static int __init xt_flowoffload_tg_init(void) +{ + int ret; + ++ register_netdevice_notifier(&flow_offload_netdev_notifier); ++ + INIT_DELAYED_WORK(&hook_work, xt_flowoffload_hook_work); + + ret = xt_flowoffload_table_init(&nf_flowtable); @@ -462,6 +496,7 @@ Signed-off-by: Felix Fietkau +{ + xt_unregister_target(&offload_tg_reg); + xt_flowoffload_table_cleanup(&nf_flowtable); ++ unregister_netdevice_notifier(&flow_offload_netdev_notifier); +} + +MODULE_LICENSE("GPL"); diff --git a/target/linux/generic/hack-4.14/940-cleanup-offload-hooks-on-netdev-unregister.patch b/target/linux/generic/hack-4.14/940-cleanup-offload-hooks-on-netdev-unregister.patch deleted file mode 100644 index 6638a5e949..0000000000 --- a/target/linux/generic/hack-4.14/940-cleanup-offload-hooks-on-netdev-unregister.patch +++ /dev/null @@ -1,91 +0,0 @@ -From ae56e27e30122f82d244f9eb35fcab8fa60e0d31 Mon Sep 17 00:00:00 2001 -From: Chen Minqiang -Date: Sun, 29 Apr 2018 14:08:57 +0800 -Subject: [PATCH] cleanup offload hooks on netdev unregister - -This should fix crashdump on reboot when FLOWOFFLOAD enabled - -kmsg: -[ 84.188081] Workqueue: events_power_efficient xt_flowoffload_hook_work [xt_FLOWOFFLOAD] -[ 84.209326] task: ffff88000ecd0c80 task.stack: ffffc90000068000 -[ 84.224706] RIP: 0010:__nf_unregister_net_hook+0x1/0x90 -[ 84.242911] RSP: 0018:ffffc9000006be30 EFLAGS: 00010202 -[ 84.257405] RAX: 0000000000000000 RBX: ffff88000c5b3228 RCX: 0000000100170001 -[ 84.292175] RDX: ffff88000ecd0c80 RSI: ffff88000c5b3228 RDI: 6b6b6b6b6b6b6b6b -[ 84.305095] RBP: ffffc9000006be58 R08: ffff88000c5b3578 R09: ffff88000c5b3538 -[ 84.325980] R10: ffffc9000006be50 R11: ffff88000fc1f310 R12: ffffffff81e6c580 -[ 84.396514] R13: ffff88000d1723d0 R14: ffff88000ec0fc00 R15: 0000000000000000 -[ 84.459500] FS: 0000000000000000(0000) GS:ffff88000fc00000(0000) knlGS:0000000000000000 -[ 84.525121] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 -[ 84.565460] CR2: 0000000000a931d8 CR3: 0000000001e08006 CR4: 00000000000606f0 -[ 84.638311] Call Trace: -[ 84.655229] ? nf_unregister_net_hook+0x88/0xd0 -[ 84.706898] xt_flowoffload_hook_work+0x12a/0x17a [xt_FLOWOFFLOAD] -[ 84.765504] process_one_work+0x1c4/0x310 -[ 84.799558] worker_thread+0x20b/0x3c0 -[ 84.850119] kthread+0x112/0x120 -[ 84.884839] ? process_one_work+0x310/0x310 -[ 84.923571] ? kthread_create_on_node+0x40/0x40 -[ 84.966100] ret_from_fork+0x35/0x40 -[ 84.981738] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 48 8b 05 c1 f1 99 00 55 48 89 e5 48 85 c0 75 02 0f 0b e8 b9 f6 30 00 5d c3 0f 1f 80 00 00 00 00 55 <0f> b7 0f 48 89 e5 48 89 c8 48 c1 e0 04 48 8d 54 07 08 31 c0 eb -[ 85.100453] RIP: __nf_unregister_net_hook+0x1/0x90 RSP: ffffc9000006be30 -[ 85.111658] ---[ end trace 5c25a390045cac75 ]--- -[ 85.124535] Kernel panic - not syncing: Fatal exception - -Signed-off-by: Chen Minqiang ---- - net/netfilter/xt_FLOWOFFLOAD.c | 32 ++++++++++++++++++++++++++++++++ - 1 file changed, 32 insertions(+) - ---- a/net/netfilter/xt_FLOWOFFLOAD.c -+++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -340,10 +340,41 @@ static void xt_flowoffload_table_cleanup - nf_flow_table_free(table); - } - -+static int flow_offload_netdev_event(struct notifier_block *this, -+ unsigned long event, void *ptr) -+{ -+ struct xt_flowoffload_hook *hook = NULL; -+ struct net_device *dev = netdev_notifier_info_to_dev(ptr); -+ -+ if (event != NETDEV_UNREGISTER) -+ return NOTIFY_DONE; -+ -+ spin_lock_bh(&hooks_lock); -+ hook = flow_offload_lookup_hook(dev); -+ if (hook) { -+ hlist_del(&hook->list); -+ } -+ spin_unlock_bh(&hooks_lock); -+ if (hook) { -+ nf_unregister_net_hook(hook->net, &hook->ops); -+ kfree(hook); -+ } -+ -+ nf_flow_table_cleanup(dev_net(dev), dev); -+ -+ return NOTIFY_DONE; -+} -+ -+static struct notifier_block flow_offload_netdev_notifier = { -+ .notifier_call = flow_offload_netdev_event, -+}; -+ - static int __init xt_flowoffload_tg_init(void) - { - int ret; - -+ register_netdevice_notifier(&flow_offload_netdev_notifier); -+ - INIT_DELAYED_WORK(&hook_work, xt_flowoffload_hook_work); - - ret = xt_flowoffload_table_init(&nf_flowtable); -@@ -361,6 +392,7 @@ static void __exit xt_flowoffload_tg_exi - { - xt_unregister_target(&offload_tg_reg); - xt_flowoffload_table_cleanup(&nf_flowtable); -+ unregister_netdevice_notifier(&flow_offload_netdev_notifier); - } - - MODULE_LICENSE("GPL"); diff --git a/target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch b/target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch deleted file mode 100644 index 1afa3e3c1d..0000000000 --- a/target/linux/generic/hack-4.14/941-fix-checking-method-of-conntrack-helper.patch +++ /dev/null @@ -1,51 +0,0 @@ -From addf8974ce9987e2946e04624fe806a98390786e Mon Sep 17 00:00:00 2001 -From: HsiuWen Yen -Date: Wed, 30 Jan 2019 11:45:25 +0800 -Subject: [PATCH] fix checking method of conntrack helper - -This patch uses nfct_help() to detect whether an established connection -needs conntrack helper instead of using test_bit(IPS_HELPER_BIT, -&ct->status). - -The reason for this modification is that IPS_HELPER_BIT is only set when -the conntrack helper is attached by explicit CT target. - -However, in the case that a device enables conntrack helper via the other -ways (e.g., command "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper") -, the status of IPS_HELPER_BIT will not present any change. That means the -IPS_HELPER_BIT might lose the checking ability in the context. - -Signed-off-by: HsiuWen Yen ---- - net/netfilter/xt_FLOWOFFLOAD.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - ---- a/net/netfilter/xt_FLOWOFFLOAD.c -+++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -12,6 +12,7 @@ - #include - #include - #include -+#include - - static struct nf_flowtable nf_flowtable; - static HLIST_HEAD(hooks); -@@ -245,6 +246,7 @@ flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par) - struct nf_flow_route route; - struct flow_offload *flow; - struct nf_conn *ct; -+ const struct nf_conn_help *help; - - if (xt_flowoffload_skip(skb)) - return XT_CONTINUE; -@@ -264,7 +266,8 @@ flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par) - return XT_CONTINUE; - } - -- if (test_bit(IPS_HELPER_BIT, &ct->status)) -+ help = nfct_help(ct); -+ if (help) - return XT_CONTINUE; - - if (ctinfo == IP_CT_NEW || -