diff options
author | Felix Fietkau <nbd@nbd.name> | 2018-02-05 13:35:24 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2018-02-21 20:12:42 +0100 |
commit | 103335644265d96c656a7de3d5994fbd11246300 (patch) | |
tree | 2b19dea75e812b8240d6a458f0ed6dd22a8148b2 /target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch | |
parent | b7265c59ab7dd0ec5dccb96e7b0dc1432404feb7 (diff) | |
download | upstream-103335644265d96c656a7de3d5994fbd11246300.tar.gz upstream-103335644265d96c656a7de3d5994fbd11246300.tar.bz2 upstream-103335644265d96c656a7de3d5994fbd11246300.zip |
kernel: backport netfilter NAT offload support to 4.14
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch new file mode 100644 index 0000000000..a9f13c45df --- /dev/null +++ b/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -0,0 +1,80 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Tue, 19 Dec 2017 12:17:52 +0100 +Subject: [PATCH] netfilter: nf_tables: no need for struct nft_af_info to + enable/disable table + +nf_tables_table_enable() and nf_tables_table_disable() take a pointer to +struct nft_af_info that is never used, remove it. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -611,10 +611,7 @@ err: + return err; + } + +-static void _nf_tables_table_disable(struct net *net, +- const struct nft_af_info *afi, +- struct nft_table *table, +- u32 cnt) ++static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt) + { + struct nft_chain *chain; + u32 i = 0; +@@ -632,9 +629,7 @@ static void _nf_tables_table_disable(str + } + } + +-static int nf_tables_table_enable(struct net *net, +- const struct nft_af_info *afi, +- struct nft_table *table) ++static int nf_tables_table_enable(struct net *net, struct nft_table *table) + { + struct nft_chain *chain; + int err, i = 0; +@@ -654,15 +649,13 @@ static int nf_tables_table_enable(struct + return 0; + err: + if (i) +- _nf_tables_table_disable(net, afi, table, i); ++ nft_table_disable(net, table, i); + return err; + } + +-static void nf_tables_table_disable(struct net *net, +- const struct nft_af_info *afi, +- struct nft_table *table) ++static void nf_tables_table_disable(struct net *net, struct nft_table *table) + { +- _nf_tables_table_disable(net, afi, table, 0); ++ nft_table_disable(net, table, 0); + } + + static int nf_tables_updtable(struct nft_ctx *ctx) +@@ -691,7 +684,7 @@ static int nf_tables_updtable(struct nft + nft_trans_table_enable(trans) = false; + } else if (!(flags & NFT_TABLE_F_DORMANT) && + ctx->table->flags & NFT_TABLE_F_DORMANT) { +- ret = nf_tables_table_enable(ctx->net, ctx->afi, ctx->table); ++ ret = nf_tables_table_enable(ctx->net, ctx->table); + if (ret >= 0) { + ctx->table->flags &= ~NFT_TABLE_F_DORMANT; + nft_trans_table_enable(trans) = true; +@@ -5719,7 +5712,6 @@ static int nf_tables_commit(struct net * + if (nft_trans_table_update(trans)) { + if (!nft_trans_table_enable(trans)) { + nf_tables_table_disable(net, +- trans->ctx.afi, + trans->ctx.table); + trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; + } +@@ -5881,7 +5873,6 @@ static int nf_tables_abort(struct net *n + if (nft_trans_table_update(trans)) { + if (nft_trans_table_enable(trans)) { + nf_tables_table_disable(net, +- trans->ctx.afi, + trans->ctx.table); + trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; + } |