gl-infra-builder-FUjr/patches-siflower-18.x/0303-fix-disable-hwnat-on-vpn-or-tethering.patch

From 97778894bc310687d1dfd4ccdb46bb3cbe77143c Mon Sep 17 00:00:00 2001
From: "GL.iNet-Xinfa.Deng" <xinfa.deng@gl-inet.com>
Date: Mon, 15 Nov 2021 10:08:38 +0800
Subject: [PATCH] fix: disable hwnat on vpn or tethering

---
 .../linux-4.14.90/net/netfilter/xt_FLOWOFFLOAD.c           | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/linux-4.14.90-dev/linux-4.14.90/net/netfilter/xt_FLOWOFFLOAD.c b/linux-4.14.90-dev/linux-4.14.90/net/netfilter/xt_FLOWOFFLOAD.c
index be92545..fced9a3 100644
--- a/linux-4.14.90-dev/linux-4.14.90/net/netfilter/xt_FLOWOFFLOAD.c
+++ b/linux-4.14.90-dev/linux-4.14.90/net/netfilter/xt_FLOWOFFLOAD.c
@@ -531,6 +531,14 @@ flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	if (xt_flowoffload_skip(skb, xt_family(par)))
 		return XT_CONTINUE;
 
+	if (!xt_in(par) || !xt_out(par))
+		return XT_CONTINUE;
+
+	if ((xt_in(par)->type == ARPHRD_NONE) || (xt_out(par)->type == ARPHRD_NONE))
+		return XT_CONTINUE;
+
+	if (!strcmp(xt_in(par)->name,"3g-modem_1_1") || !strcmp(xt_out(par)->name,"3g-modem_1_1"))
+		return XT_CONTINUE;
 
 	ct = nf_ct_get(skb, &ctinfo);
 	if (ct == NULL)
@@ -602,6 +610,12 @@ flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	if (flow_offload_add(&nf_flowtable, flow) < 0)
 		goto err_flow_add;
 
+	if (!strcmp(xt_in(par)->name,"eth1") || !strcmp(xt_out(par)->name,"eth1"))
+		return XT_CONTINUE;
+
+	if (!strcmp(xt_in(par)->name,"usb0") || !strcmp(xt_out(par)->name,"usb0"))
+		return XT_CONTINUE;
+
 	if ((info->flags & XT_FLOWOFFLOAD_HW) && (atomic_read(&(nf_flowtable.nf_count.hw_total_count)) < FLOWOFFLOAD_HW_MAX)) {
 		if (!check_flow_in_blacklist(xt_net(par), flow))
 			nf_flow_offload_hw_add(xt_net(par), flow, ct, &nf_flowtable.nf_count);
-- 
2.7.4