diff options
author | Felix Fietkau <nbd@nbd.name> | 2018-02-05 13:35:24 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2018-02-21 20:12:42 +0100 |
commit | 103335644265d96c656a7de3d5994fbd11246300 (patch) | |
tree | 2b19dea75e812b8240d6a458f0ed6dd22a8148b2 /target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch | |
parent | b7265c59ab7dd0ec5dccb96e7b0dc1432404feb7 (diff) | |
download | upstream-103335644265d96c656a7de3d5994fbd11246300.tar.gz upstream-103335644265d96c656a7de3d5994fbd11246300.tar.bz2 upstream-103335644265d96c656a7de3d5994fbd11246300.zip |
kernel: backport netfilter NAT offload support to 4.14
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch new file mode 100644 index 0000000000..5bfa5aa833 --- /dev/null +++ b/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch @@ -0,0 +1,100 @@ +From: Vasily Averin <vvs@virtuozzo.com> +Date: Sun, 12 Nov 2017 14:32:37 +0300 +Subject: [PATCH] netfilter: exit_net cleanup check added + +Be sure that lists initialized in net_init hook was return to initial +state. + +Signed-off-by: Vasily Averin <vvs@virtuozzo.com> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c ++++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c +@@ -819,6 +819,7 @@ static void clusterip_net_exit(struct ne + cn->procdir = NULL; + #endif + nf_unregister_net_hook(net, &cip_arp_ops); ++ WARN_ON_ONCE(!list_empty(&cn->configs)); + } + + static struct pernet_operations clusterip_net_ops = { +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -6468,6 +6468,12 @@ static int __net_init nf_tables_init_net + return 0; + } + ++static void __net_exit nf_tables_exit_net(struct net *net) ++{ ++ WARN_ON_ONCE(!list_empty(&net->nft.af_info)); ++ WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); ++} ++ + int __nft_release_basechain(struct nft_ctx *ctx) + { + struct nft_rule *rule, *nr; +@@ -6545,6 +6551,7 @@ static void __nft_release_afinfo(struct + + static struct pernet_operations nf_tables_net_ops = { + .init = nf_tables_init_net, ++ .exit = nf_tables_exit_net, + }; + + static int __init nf_tables_module_init(void) +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -1093,10 +1093,15 @@ static int __net_init nfnl_log_net_init( + + static void __net_exit nfnl_log_net_exit(struct net *net) + { ++ struct nfnl_log_net *log = nfnl_log_pernet(net); ++ unsigned int i; ++ + #ifdef CONFIG_PROC_FS + remove_proc_entry("nfnetlink_log", net->nf.proc_netfilter); + #endif + nf_log_unset(net, &nfulnl_logger); ++ for (i = 0; i < INSTANCE_BUCKETS; i++) ++ WARN_ON_ONCE(!hlist_empty(&log->instance_table[i])); + } + + static struct pernet_operations nfnl_log_net_ops = { +--- a/net/netfilter/nfnetlink_queue.c ++++ b/net/netfilter/nfnetlink_queue.c +@@ -1512,10 +1512,15 @@ static int __net_init nfnl_queue_net_ini + + static void __net_exit nfnl_queue_net_exit(struct net *net) + { ++ struct nfnl_queue_net *q = nfnl_queue_pernet(net); ++ unsigned int i; ++ + nf_unregister_queue_handler(net); + #ifdef CONFIG_PROC_FS + remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter); + #endif ++ for (i = 0; i < INSTANCE_BUCKETS; i++) ++ WARN_ON_ONCE(!hlist_empty(&q->instance_table[i])); + } + + static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list) +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -1714,8 +1714,17 @@ static int __net_init xt_net_init(struct + return 0; + } + ++static void __net_exit xt_net_exit(struct net *net) ++{ ++ int i; ++ ++ for (i = 0; i < NFPROTO_NUMPROTO; i++) ++ WARN_ON_ONCE(!list_empty(&net->xt.tables[i])); ++} ++ + static struct pernet_operations xt_net_ops = { + .init = xt_net_init, ++ .exit = xt_net_exit, + }; + + static int __init xt_init(void) |