firewall4: fix adding offloading device

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> (cherry picked from commit 897a98dd6c)
2023-12-08 03:24:53 +08:00 · 2023-12-08 03:24:53 +08:00 · a802984f89
commit a802984f89
parent f236c1c4f5
2 changed files with 24 additions and 11 deletions
--- a/package/network/config/firewall4/patches/001-firewall4-add-support-for-fullcone-nat.patch
+++ b/package/network/config/firewall4/patches/001-firewall4-add-support-for-fullcone-nat.patch
@ -35,9 +35,9 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 	option name		lan
 --- a/root/usr/share/firewall4/templates/ruleset.uc
 +++ b/root/usr/share/firewall4/templates/ruleset.uc
-@@ -320,6 +320,12 @@ table inet fw4 {
+@@ -327,6 +327,12 @@ table inet fw4 {
 {%   for (let redirect in fw4.redirects(`dstnat_${zone.name}`)): %}
- 		{%+ include("redirect.uc", { fw4, redirect }) %}
+ 		{%+ include("redirect.uc", { fw4, zone, redirect }) %}
 {%   endfor %}
 +{%   if (zone.masq && fw4.default_option("fullcone")): %}
 +		{%+ include("zone-fullcone.uc", { fw4, zone, family: 4, direction: "dstnat" }) %}
@ -48,9 +48,9 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 {%   fw4.includes('chain-append', `dstnat_${zone.name}`) %}
 	}
 
-@@ -330,20 +336,26 @@ table inet fw4 {
+@@ -337,20 +343,26 @@ table inet fw4 {
 {%   for (let redirect in fw4.redirects(`srcnat_${zone.name}`)): %}
- 		{%+ include("redirect.uc", { fw4, redirect }) %}
+ 		{%+ include("redirect.uc", { fw4, zone, redirect }) %}
 {%   endfor %}
 -{%   if (zone.masq): %}
 +{%   if (zone.masq && !fw4.default_option("fullcone")): %}
@ -92,7 +92,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 const fs = require("fs");
 const uci = require("uci");
 const ubus = require("ubus");
-@@ -490,6 +492,25 @@ function nft_try_hw_offload(devices) {
+@@ -489,6 +491,25 @@ function nft_try_hw_offload(devices) {
 	return (rc == 0);
 }
 
@ -118,7 +118,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 
 return {
 	read_kernel_version: function() {
-@@ -840,6 +861,18 @@ return {
+@@ -832,6 +853,18 @@ return {
 			warn(`[!] ${msg}\n`);
 	},
 
@ -137,7 +137,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 	get: function(sid, opt) {
 		return this.cursor.get("firewall", sid, opt);
 	},
-@@ -1021,6 +1054,21 @@ return {
+@@ -1013,6 +1046,21 @@ return {
 		}
 	},
 
@ -159,7 +159,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 	parse_policy: function(val) {
 		return this.parse_enum(val, [
 			"accept",
-@@ -1460,6 +1508,7 @@ return {
+@@ -1452,6 +1500,7 @@ return {
 			"dnat",
 			"snat",
 			"masquerade",
@ -167,7 +167,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 			"accept",
 			"reject",
 			"drop"
-@@ -1927,6 +1976,8 @@ return {
+@@ -1923,6 +1972,8 @@ return {
 		}
 
 		let defs = this.parse_options(data, {
@ -176,7 +176,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 			input: [ "policy", "drop" ],
 			output: [ "policy", "drop" ],
 			forward: [ "policy", "drop" ],
-@@ -1961,6 +2012,11 @@ return {
+@@ -1957,6 +2008,11 @@ return {
 
 		delete defs.syn_flood;
 
@ -188,7 +188,7 @@ Renew: ZiMing Mo <msylgj@immortalwrt.org>
 		this.state.defaults = defs;
 	},
 
-@@ -2186,10 +2242,23 @@ return {
+@@ -2182,10 +2238,23 @@ return {
 		zone.related_subnets = related_subnets;
 		zone.related_physdevs = related_physdevs;
 
--- a/package/network/config/firewall4/patches/002-fix-adding-offloading-device.patch
+++ b/package/network/config/firewall4/patches/002-fix-adding-offloading-device.patch
@ -0,0 +1,13 @@
+--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
+@@ -2101,8 +2101,8 @@ return {
+ 					});
+ 				}
+ 
+-				if (net.physdev && !e.invert)
+-					push(related_physdevs, net.physdev);
+				if (net.up && net.device && !e.invert)
+					push(related_physdevs, net.device);
+ 
+ 				push(related_subnets, ...(net.ipaddrs || []));
+ 			}