1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter.git synced 2025-03-09 15:40:20 +00:00
This commit is contained in:
suyuan 2022-08-05 10:30:00 +08:00
parent 7e327316a8
commit a6d7f240d9
2 changed files with 3 additions and 24 deletions

View file

@ -183,16 +183,6 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
flow_offload_free(flow); flow_offload_free(flow);
} }
@@ -361,6 +370,9 @@ static void nf_flow_offload_gc_step(stru
if (!teardown)
nf_ct_offload_timeout(flow);
+ if (nf_flow_in_hw(flow) && !teardown)
+ return;
+
if (nf_flow_has_expired(flow) || teardown)
flow_offload_del(flow_table, flow);
}
@@ -490,10 +502,43 @@ int nf_flow_dnat_port(const struct flow_ @@ -490,10 +502,43 @@ int nf_flow_dnat_port(const struct flow_
} }
EXPORT_SYMBOL_GPL(nf_flow_dnat_port); EXPORT_SYMBOL_GPL(nf_flow_dnat_port);
@ -506,7 +496,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+MODULE_ALIAS("nf-flow-table-hw"); +MODULE_ALIAS("nf-flow-table-hw");
--- a/net/netfilter/nf_tables_api.c --- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c
@@ -5748,6 +5748,13 @@ static int nf_tables_flowtable_parse_hoo @@ -5743,6 +5743,13 @@ static int nf_tables_flowtable_parse_hoo
if (err < 0) if (err < 0)
return err; return err;
@ -520,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ops = kcalloc(n, sizeof(struct nf_hook_ops), GFP_KERNEL); ops = kcalloc(n, sizeof(struct nf_hook_ops), GFP_KERNEL);
if (!ops) if (!ops)
return -ENOMEM; return -ENOMEM;
@@ -5878,10 +5885,19 @@ static int nf_tables_newflowtable(struct @@ -5873,10 +5880,19 @@ static int nf_tables_newflowtable(struct
} }
flowtable->data.type = type; flowtable->data.type = type;
@ -540,7 +530,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
flowtable); flowtable);
if (err < 0) if (err < 0)
@@ -6007,7 +6023,8 @@ static int nf_tables_fill_flowtable_info @@ -6002,7 +6018,8 @@ static int nf_tables_fill_flowtable_info
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),

View file

@ -24,14 +24,3 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct flow_offload { struct flow_offload {
struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX];
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -370,7 +370,7 @@ static void nf_flow_offload_gc_step(stru
if (!teardown)
nf_ct_offload_timeout(flow);
- if (nf_flow_in_hw(flow) && !teardown)
+ if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)
return;
if (nf_flow_has_expired(flow) || teardown)