kernel: mark source kernel for netfilter backports

This helps keeping track on patches & adding new kernels in the future.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

1 files changed, 142 insertions, 0 deletions

diff --git a/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch b/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch
new file mode 100644
index 0000000000..7f6e90470a
--- /dev/null
+++ b/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch
@@ -0,0 +1,142 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Fri, 3 Nov 2017 16:26:32 +0100
+Subject: [PATCH] netfilter: conntrack: move nf_ct_netns_{get,put}() to core
+
+So we can call this from other expression that need conntrack in place
+to work.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Acked-by: Florian Westphal <fw@strlen.de>
+---
+
+--- a/net/netfilter/nf_conntrack_proto.c
++++ b/net/netfilter/nf_conntrack_proto.c
+@@ -125,7 +125,7 @@ void nf_ct_l3proto_module_put(unsigned s
+ }
+ EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
+ 
+-int nf_ct_netns_get(struct net *net, u8 nfproto)
++static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
+ {
+ 	const struct nf_conntrack_l3proto *l3proto;
+ 	int ret;
+@@ -150,9 +150,33 @@ int nf_ct_netns_get(struct net *net, u8
+ 
+ 	return ret;
+ }
++
++int nf_ct_netns_get(struct net *net, u8 nfproto)
++{
++	int err;
++
++	if (nfproto == NFPROTO_INET) {
++		err = nf_ct_netns_do_get(net, NFPROTO_IPV4);
++		if (err < 0)
++			goto err1;
++		err = nf_ct_netns_do_get(net, NFPROTO_IPV6);
++		if (err < 0)
++			goto err2;
++	} else {
++		err = nf_ct_netns_do_get(net, nfproto);
++		if (err < 0)
++			goto err1;
++	}
++	return 0;
++
++err2:
++	nf_ct_netns_put(net, NFPROTO_IPV4);
++err1:
++	return err;
++}
+ EXPORT_SYMBOL_GPL(nf_ct_netns_get);
+ 
+-void nf_ct_netns_put(struct net *net, u8 nfproto)
++static void nf_ct_netns_do_put(struct net *net, u8 nfproto)
+ {
+ 	const struct nf_conntrack_l3proto *l3proto;
+ 
+@@ -171,6 +195,15 @@ void nf_ct_netns_put(struct net *net, u8
+ 
+ 	nf_ct_l3proto_module_put(nfproto);
+ }
++
++void nf_ct_netns_put(struct net *net, uint8_t nfproto)
++{
++	if (nfproto == NFPROTO_INET) {
++		nf_ct_netns_do_put(net, NFPROTO_IPV4);
++		nf_ct_netns_do_put(net, NFPROTO_IPV6);
++	} else
++		nf_ct_netns_do_put(net, nfproto);
++}
+ EXPORT_SYMBOL_GPL(nf_ct_netns_put);
+ 
+ const struct nf_conntrack_l4proto *
+--- a/net/netfilter/nft_ct.c
++++ b/net/netfilter/nft_ct.c
+@@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_po
+ 	[NFTA_CT_SREG]		= { .type = NLA_U32 },
+ };
+ 
+-static int nft_ct_netns_get(struct net *net, uint8_t family)
+-{
+-	int err;
+-
+-	if (family == NFPROTO_INET) {
+-		err = nf_ct_netns_get(net, NFPROTO_IPV4);
+-		if (err < 0)
+-			goto err1;
+-		err = nf_ct_netns_get(net, NFPROTO_IPV6);
+-		if (err < 0)
+-			goto err2;
+-	} else {
+-		err = nf_ct_netns_get(net, family);
+-		if (err < 0)
+-			goto err1;
+-	}
+-	return 0;
+-
+-err2:
+-	nf_ct_netns_put(net, NFPROTO_IPV4);
+-err1:
+-	return err;
+-}
+-
+-static void nft_ct_netns_put(struct net *net, uint8_t family)
+-{
+-	if (family == NFPROTO_INET) {
+-		nf_ct_netns_put(net, NFPROTO_IPV4);
+-		nf_ct_netns_put(net, NFPROTO_IPV6);
+-	} else
+-		nf_ct_netns_put(net, family);
+-}
+-
+ #ifdef CONFIG_NF_CONNTRACK_ZONES
+ static void nft_ct_tmpl_put_pcpu(void)
+ {
+@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct
+ 	if (err < 0)
+ 		return err;
+ 
+-	err = nft_ct_netns_get(ctx->net, ctx->afi->family);
++	err = nf_ct_netns_get(ctx->net, ctx->afi->family);
+ 	if (err < 0)
+ 		return err;
+ 
+@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct
+ 	if (err < 0)
+ 		goto err1;
+ 
+-	err = nft_ct_netns_get(ctx->net, ctx->afi->family);
++	err = nf_ct_netns_get(ctx->net, ctx->afi->family);
+ 	if (err < 0)
+ 		goto err1;
+ 
+@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str
+ 	struct nft_ct *priv = nft_expr_priv(expr);
+ 
+ 	__nft_ct_set_destroy(ctx, priv);
+-	nft_ct_netns_put(ctx->net, ctx->afi->family);
++	nf_ct_netns_put(ctx->net, ctx->afi->family);
+ }
+ 
+ static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)