On 23-12-14 20:11, Andre Valentin wrote:
> Hi!
>
> I just recompiled the module and loaded it on the router. But it seems that
> this does not fix the error. 5 minutes later I got several alerts (ping
> checks).
The workaround below seems to work for me. How did you apply this patch
to the OpenWrt code
>> Untested workaround.
>> I'll look into this in more detail over the holidays.
>>
>> netfilter: rtcache: don't cache dst for skb with active transformer
>>
>> diff --git a/net/netfilter/nf_conntrack_rtcache.c
>> b/net/netfilter/nf_conntrack_rtcache.c
>> --- a/net/netfilter/nf_conntrack_rtcache.c
>> +++ b/net/netfilter/nf_conntrack_rtcache.c
>> @@ -19,6 +19,7 @@
>> #include <linux/module.h>
>>
>> #include <net/dst.h>
>> +#include <net/xfrm.h>
>>
>> #include <net/netfilter/nf_conntrack.h>
>> #include <net/netfilter/nf_conntrack_core.h>
>> @@ -191,6 +192,9 @@ static unsigned int nf_rtcache_forward(const struct
>> nf_hook_ops *ops,
>> struct nf_conn *ct;
>> int iif;
>>
>> + if (secpath_exists(skb))
>> + return NF_ACCEPT;
>> +
>> ct = nf_ct_get(skb, &ctinfo);
>> if (!ct)
>> return NF_ACCEPT;
Kind regards,
Stijn
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
