From: Felix Fietkau Date: Tue, 13 Mar 2018 08:16:20 +0000 (+0100) Subject: kernel: flow-offload: only offload connections that have been fully established X-Git-Tag: v18.06.0-rc1~558 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=2c7b0e9f31630c97f4864ee729be64a2b7ba98e4;p=openwrt%2Fstaging%2Fchunkeey.git kernel: flow-offload: only offload connections that have been fully established Signed-off-by: Felix Fietkau --- diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch index 40f89d4d91..5c40961c37 100644 --- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch +++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,335 @@ +@@ -0,0 +1,338 @@ +/* + * Copyright (C) 2018 Felix Fietkau + * @@ -337,6 +337,9 @@ Signed-off-by: Felix Fietkau + + switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) { + case IPPROTO_TCP: ++ if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) ++ return XT_CONTINUE; ++ break; + case IPPROTO_UDP: + break; + default: