Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
tbblgm119
lede
提交
cd59b498
L
lede
项目概览
tbblgm119
/
lede
与 Fork 源项目一致
从无法访问的项目Fork
通知
7
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
lede
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cd59b498
编写于
3月 13, 2020
作者:
L
lean
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
mt7621: TCP and UDP traffic is forwarded correctly by HWNAT (1% CPU usage)
上级
372f5983
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
119 addition
and
0 deletion
+119
-0
target/linux/generic/pending-4.14/647-netfilter-nf_flow_table_hw-fix-incorrect-ethernet-ds.patch
...etfilter-nf_flow_table_hw-fix-incorrect-ethernet-ds.patch
+87
-0
target/linux/generic/pending-4.14/648-netfilter-nf_flow_table_hw-check-the-status-of-dst_n.patch
...etfilter-nf_flow_table_hw-check-the-status-of-dst_n.patch
+32
-0
未找到文件。
target/linux/generic/pending-4.14/647-netfilter-nf_flow_table_hw-fix-incorrect-ethernet-ds.patch
0 → 100644
浏览文件 @
cd59b498
From: Konstantin Vasin <tempest921@gmail.com>
Date: Mon, 9 Mar 2020 18:38:54 +0300
Subject: [PATCH] netfilter: nf_flow_table_hw: fix incorrect ethernet dst
address
Ethernet destination for original traffic takes the source ethernet
address in the reply direction. For reply traffic, this takes
the source ethernet address of the original destination.
This fix is based on the upstream commit 1b67e506:
("netfilter:
nf_flow_table_offload: fix incorrect ethernet dst address")
from wenxu <wenxu@ucloud.cn>
Signed-off-by: Konstantin Vasin <tempest921@gmail.com>
---
--- a/net/netfilter/nf_flow_table_hw.c
+++ b/net/netfilter/nf_flow_table_hw.c
@@ -24,17 +24,23 @@
struct flow_offload_hw {
struct flow_offload_hw_path dest;
};
-static void flow_offload_check_ethernet(struct flow_offload_tuple *tuple,
+static void flow_offload_check_ethernet(struct flow_offload *flow,
+ enum flow_offload_tuple_dir dir,
struct flow_offload_hw_path *path)
{
struct net_device *dev = path->dev;
struct neighbour *n;
+ const void *daddr;
+ const struct dst_entry *dst_cache;
if (dev->type != ARPHRD_ETHER)
return;
memcpy(path->eth_src, path->dev->dev_addr, ETH_ALEN);
- n = dst_neigh_lookup(tuple->dst_cache, &tuple->src_v4);
+
+ daddr = &flow->tuplehash[dir].tuple.src_v4;
+ dst_cache = flow->tuplehash[!dir].tuple.dst_cache;
+ n = dst_neigh_lookup(dst_cache, daddr);
if (!n)
return;
@@ -44,17 +50,18 @@
static void flow_offload_check_ethernet(struct flow_offload_tuple *tuple,
}
static int flow_offload_check_path(struct net *net,
- struct flow_offload_tuple *tuple,
+ struct flow_offload *flow,
+ enum flow_offload_tuple_dir dir,
struct flow_offload_hw_path *path)
{
struct net_device *dev;
- dev = dev_get_by_index_rcu(net, tuple->iifidx);
+ dev = dev_get_by_index_rcu(net, flow->tuplehash[dir].tuple.iifidx);
if (!dev)
return -ENOENT;
path->dev = dev;
- flow_offload_check_ethernet(tuple, path);
+ flow_offload_check_ethernet(flow, dir, path);
if (dev->netdev_ops->ndo_flow_offload_check)
return dev->netdev_ops->ndo_flow_offload_check(path);
@@ -133,17 +140,14 @@
flow_offload_hw_prepare(struct net *net, struct flow_offload *flow)
{
struct flow_offload_hw_path src = {};
struct flow_offload_hw_path dest = {};
- struct flow_offload_tuple *tuple;
struct flow_offload_hw *offload = NULL;
rcu_read_lock_bh();
- tuple = &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple;
- if (flow_offload_check_path(net, tuple, &src))
+ if (flow_offload_check_path(net, flow, FLOW_OFFLOAD_DIR_ORIGINAL, &src))
goto out;
- tuple = &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple;
- if (flow_offload_check_path(net, tuple, &dest))
+ if (flow_offload_check_path(net, flow, FLOW_OFFLOAD_DIR_REPLY, &dest))
goto out;
if (!src.dev->netdev_ops->ndo_flow_offload)
target/linux/generic/pending-4.14/648-netfilter-nf_flow_table_hw-check-the-status-of-dst_n.patch
0 → 100644
浏览文件 @
cd59b498
From: Konstantin Vasin <tempest921@gmail.com>
Date: Mon, 9 Mar 2020 17:41:22 +0300
Subject: [PATCH] netfilter: nf_flow_table_hw: check the status of
dst_neigh
It's better to check the nud_state is VALID.
If there is not neigh previos, the lookup will
create a non NUD_VALID with 00:00:00:00:00:00 mac.
This fix is based on the upstream commit f31ad71c44
("netfilter:
nf_flow_table_offload: check the status of dst_neigh")
from wenxu <wenxu@ucloud.cn>
Signed-off-by: Konstantin Vasin <tempest921@gmail.com>
---
index e831c8830e91..1238d675a316 100644
--- a/net/netfilter/nf_flow_table_hw.c
+++ b/net/netfilter/nf_flow_table_hw.c
@@ -44,8 +44,10 @@
static void flow_offload_check_ethernet(struct flow_offload *flow,
if (!n)
return;
- memcpy(path->eth_dest, n->ha, ETH_ALEN);
- path->flags |= FLOW_OFFLOAD_PATH_ETHERNET;
+ if (n->nud_state & NUD_VALID) {
+ memcpy(path->eth_dest, n->ha, ETH_ALEN);
+ path->flags |= FLOW_OFFLOAD_PATH_ETHERNET;
+ }
neigh_release(n);
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
