--- zzzz-none-000/linux-4.4.60/net/netfilter/xt_DSCP.c 2017-04-08 07:53:53.000000000 +0000 +++ dragonfly-4020-701/linux-4.4.60/net/netfilter/xt_DSCP.c 2018-11-08 13:36:17.000000000 +0000 @@ -18,6 +18,7 @@ #include #include +#include MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification"); @@ -32,6 +33,10 @@ { const struct xt_DSCP_info *dinfo = par->targinfo; u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; +#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT + struct nf_conn *ct; + enum ip_conntrack_info ctinfo; +#endif if (dscp != dinfo->dscp) { if (!skb_make_writable(skb, sizeof(struct iphdr))) @@ -41,6 +46,13 @@ (__force __u8)(~XT_DSCP_MASK), dinfo->dscp << XT_DSCP_SHIFT); +#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return XT_CONTINUE; + + nf_conntrack_dscpremark_ext_set_dscp_rule_valid(ct); +#endif } return XT_CONTINUE; } @@ -50,7 +62,10 @@ { const struct xt_DSCP_info *dinfo = par->targinfo; u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; - +#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT + struct nf_conn *ct; + enum ip_conntrack_info ctinfo; +#endif if (dscp != dinfo->dscp) { if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) return NF_DROP; @@ -58,6 +73,14 @@ ipv6_change_dsfield(ipv6_hdr(skb), (__force __u8)(~XT_DSCP_MASK), dinfo->dscp << XT_DSCP_SHIFT); + +#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT + ct = nf_ct_get(skb, &ctinfo); + if (!ct) + return XT_CONTINUE; + + nf_conntrack_dscpremark_ext_set_dscp_rule_valid(ct); +#endif } return XT_CONTINUE; }