diff options
author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2018-07-10 11:52:53 +0200 |
---|---|---|
committer | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2018-07-11 16:02:24 +0200 |
commit | ba2b0f0ac6de840ed5eefdf1e32d28bb2d00fbb3 (patch) | |
tree | 08147ff780b67b82254ce61f88aa34410b142899 /target/linux/generic/backport-4.14 | |
parent | 954faac7bc1dd34047bc4132cd28a96089fcce4e (diff) | |
download | upstream-ba2b0f0ac6de840ed5eefdf1e32d28bb2d00fbb3.tar.gz upstream-ba2b0f0ac6de840ed5eefdf1e32d28bb2d00fbb3.tar.bz2 upstream-ba2b0f0ac6de840ed5eefdf1e32d28bb2d00fbb3.zip |
kernel: bump 4.14 to 4.14.54
Rereshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'target/linux/generic/backport-4.14')
21 files changed, 267 insertions, 267 deletions
diff --git a/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch b/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch index 711eca0352..5ae8f8f1ed 100644 --- a/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch +++ b/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch @@ -135,7 +135,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> new->hooks[nhooks] = old->hooks[i]; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1400,6 +1400,8 @@ static int nf_tables_addchain(struct nft +@@ -1431,6 +1431,8 @@ static int nf_tables_addchain(struct nft ops->hook = hookfn; if (afi->hook_ops_init) afi->hook_ops_init(ops, i); diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 81f140441f..f2210259e8 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -892,8 +892,6 @@ struct nft_stats { +@@ -897,8 +897,6 @@ struct nft_stats { struct u64_stats_sync syncp; }; @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /** * struct nft_base_chain - nf_tables base chain * -@@ -905,7 +903,7 @@ struct nft_stats { +@@ -910,7 +908,7 @@ struct nft_stats { * @dev_name: device name that this base chain is attached to (if any) */ struct nft_base_chain { @@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nf_chain_type *type; u8 policy; u8 flags; -@@ -966,8 +964,6 @@ enum nft_af_flags { +@@ -971,8 +969,6 @@ enum nft_af_flags { * @owner: module owner * @tables: used internally * @flags: family flags @@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @hooks: hookfn overrides for packet validation */ struct nft_af_info { -@@ -977,9 +973,6 @@ struct nft_af_info { +@@ -982,9 +978,6 @@ struct nft_af_info { struct module *owner; struct list_head tables; u32 flags; @@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) -@@ -595,8 +592,7 @@ static void _nf_tables_table_disable(str +@@ -624,8 +621,7 @@ static void _nf_tables_table_disable(str if (cnt && i++ == cnt) break; @@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -613,8 +609,7 @@ static int nf_tables_table_enable(struct +@@ -642,8 +638,7 @@ static int nf_tables_table_enable(struct if (!nft_is_base_chain(chain)) continue; @@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) goto err; -@@ -1026,7 +1021,7 @@ static int nf_tables_fill_chain_info(str +@@ -1055,7 +1050,7 @@ static int nf_tables_fill_chain_info(str if (nft_is_base_chain(chain)) { const struct nft_base_chain *basechain = nft_base_chain(chain); @@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nlattr *nest; nest = nla_nest_start(skb, NFTA_CHAIN_HOOK); -@@ -1252,8 +1247,8 @@ static void nf_tables_chain_destroy(stru +@@ -1283,8 +1278,8 @@ static void nf_tables_chain_destroy(stru free_percpu(basechain->stats); if (basechain->stats) static_branch_dec(&nft_counters_enabled); @@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> kfree(chain->name); kfree(basechain); } else { -@@ -1349,7 +1344,6 @@ static int nf_tables_addchain(struct nft +@@ -1380,7 +1375,6 @@ static int nf_tables_addchain(struct nft struct nft_stats __percpu *stats; struct net *net = ctx->net; struct nft_chain *chain; @@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int err; if (table->use == UINT_MAX) -@@ -1388,21 +1382,18 @@ static int nf_tables_addchain(struct nft +@@ -1419,21 +1413,18 @@ static int nf_tables_addchain(struct nft basechain->type = hook.type; chain = &basechain->chain; @@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> chain->flags |= NFT_BASE_CHAIN; basechain->policy = policy; -@@ -1420,7 +1411,7 @@ static int nf_tables_addchain(struct nft +@@ -1451,7 +1442,7 @@ static int nf_tables_addchain(struct nft goto err1; } @@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) goto err1; -@@ -1434,7 +1425,7 @@ static int nf_tables_addchain(struct nft +@@ -1465,7 +1456,7 @@ static int nf_tables_addchain(struct nft return 0; err2: @@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err1: nf_tables_chain_destroy(chain); -@@ -1447,14 +1438,13 @@ static int nf_tables_updchain(struct nft +@@ -1478,14 +1469,13 @@ static int nf_tables_updchain(struct nft const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; struct nft_chain *chain = ctx->chain; @@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nla[NFTA_CHAIN_HOOK]) { if (!nft_is_base_chain(chain)) -@@ -1471,14 +1461,12 @@ static int nf_tables_updchain(struct nft +@@ -1502,14 +1492,12 @@ static int nf_tables_updchain(struct nft return -EBUSY; } @@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5069,10 +5057,9 @@ static int nf_tables_commit(struct net * +@@ -5112,10 +5100,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5209,10 +5196,9 @@ static int nf_tables_abort(struct net *n +@@ -5252,10 +5239,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5313,7 +5299,7 @@ int nft_chain_validate_hooks(const struc +@@ -5358,7 +5344,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5795,8 +5781,7 @@ int __nft_release_basechain(struct nft_c +@@ -5840,8 +5826,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5825,8 +5810,7 @@ static void __nft_release_afinfo(struct +@@ -5870,8 +5855,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) @@ -353,7 +353,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> strncpy(basechain->dev_name, dev->name, IFNAMSIZ); --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c -@@ -169,7 +169,7 @@ nft_target_set_tgchk_param(struct xt_tgc +@@ -186,7 +186,7 @@ nft_target_set_tgchk_param(struct xt_tgc if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -362,7 +362,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> par->hook_mask = 1 << ops->hooknum; } else { -@@ -302,7 +302,7 @@ static int nft_target_validate(const str +@@ -317,7 +317,7 @@ static int nft_target_validate(const str if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook_mask = 1 << ops->hooknum; if (target->hooks && !(hook_mask & target->hooks)) -@@ -383,7 +383,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -414,7 +414,7 @@ nft_match_set_mtchk_param(struct xt_mtch if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -380,7 +380,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> par->hook_mask = 1 << ops->hooknum; } else { -@@ -481,7 +481,7 @@ static int nft_match_validate(const stru +@@ -564,7 +564,7 @@ static int nft_match_validate(const stru if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); diff --git a/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch b/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch index dd969c12a6..3ee8ad9d33 100644 --- a/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch +++ b/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch @@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -870,7 +870,7 @@ enum nft_chain_type { +@@ -875,7 +875,7 @@ enum nft_chain_type { * @family: address family * @owner: module owner * @hook_mask: mask of valid hooks @@ -19,7 +19,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> */ struct nf_chain_type { const char *name; -@@ -964,7 +964,6 @@ enum nft_af_flags { +@@ -969,7 +969,6 @@ enum nft_af_flags { * @owner: module owner * @tables: used internally * @flags: family flags @@ -27,7 +27,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> */ struct nft_af_info { struct list_head list; -@@ -973,7 +972,6 @@ struct nft_af_info { +@@ -978,7 +977,6 @@ struct nft_af_info { struct module *owner; struct list_head tables; u32 flags; @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int __init nf_tables_ipv6_init(void) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1352,7 +1352,6 @@ static int nf_tables_addchain(struct nft +@@ -1383,7 +1383,6 @@ static int nf_tables_addchain(struct nft if (nla[NFTA_CHAIN_HOOK]) { struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = nft_chain_parse_hook(net, nla, afi, &hook, create); if (err < 0) -@@ -1378,7 +1377,6 @@ static int nf_tables_addchain(struct nft +@@ -1409,7 +1408,6 @@ static int nf_tables_addchain(struct nft static_branch_inc(&nft_counters_enabled); } @@ -167,7 +167,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> basechain->type = hook.type; chain = &basechain->chain; -@@ -1387,10 +1385,8 @@ static int nf_tables_addchain(struct nft +@@ -1418,10 +1416,8 @@ static int nf_tables_addchain(struct nft ops->hooknum = hook.num; ops->priority = hook.priority; ops->priv = chain; diff --git a/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch b/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch index d755c17fc3..7aab67fc2c 100644 --- a/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch +++ b/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch @@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> default: WARN_ON(1); goto err; -@@ -308,6 +313,11 @@ int nft_meta_get_init(const struct nft_c +@@ -310,6 +315,11 @@ int nft_meta_get_init(const struct nft_c prandom_init_once(&nft_prandom_state); len = sizeof(u32); break; @@ -52,7 +52,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> default: return -EOPNOTSUPP; } -@@ -318,6 +328,38 @@ int nft_meta_get_init(const struct nft_c +@@ -320,6 +330,38 @@ int nft_meta_get_init(const struct nft_c } EXPORT_SYMBOL_GPL(nft_meta_get_init); @@ -91,7 +91,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int nft_meta_set_validate(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nft_data **data) -@@ -434,6 +476,7 @@ static const struct nft_expr_ops nft_met +@@ -436,6 +478,7 @@ static const struct nft_expr_ops nft_met .eval = nft_meta_get_eval, .init = nft_meta_get_init, .dump = nft_meta_get_dump, diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 9bdacd914f..8266562a82 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #include <net/netlink.h> #define NFT_JUMP_STACK_SIZE 16 -@@ -933,6 +934,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -938,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt * @chains: chains in the table * @sets: sets in the table * @objects: stateful objects in the table @@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @hgenerator: handle generator state * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) -@@ -944,6 +946,7 @@ struct nft_table { +@@ -949,6 +951,7 @@ struct nft_table { struct list_head chains; struct list_head sets; struct list_head objects; @@ -66,7 +66,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u64 hgenerator; u32 use; u16 flags:14, -@@ -1075,6 +1078,44 @@ int nft_register_obj(struct nft_object_t +@@ -1080,6 +1083,44 @@ int nft_register_obj(struct nft_object_t void nft_unregister_obj(struct nft_object_type *obj_type); /** @@ -111,7 +111,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * struct nft_traceinfo - nft tracing information and state * * @pkt: pktinfo currently processed -@@ -1310,4 +1351,11 @@ struct nft_trans_obj { +@@ -1315,4 +1356,11 @@ struct nft_trans_obj { #define nft_trans_obj(trans) \ (((struct nft_trans_obj *)trans->data)->obj) @@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /** * nft_register_afinfo - register nf_tables address family info -@@ -345,6 +347,40 @@ static int nft_delobj(struct nft_ctx *ct +@@ -374,6 +376,40 @@ static int nft_delobj(struct nft_ctx *ct return err; } @@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* * Tables */ -@@ -728,6 +764,7 @@ static int nf_tables_newtable(struct net +@@ -757,6 +793,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->chains); INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> table->flags = flags; nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -@@ -749,10 +786,11 @@ err1: +@@ -778,10 +815,11 @@ err1: static int nft_flush_table(struct nft_ctx *ctx) { @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &ctx->table->chains, list) { if (!nft_is_active_next(ctx->net, chain)) -@@ -778,6 +816,12 @@ static int nft_flush_table(struct nft_ct +@@ -807,6 +845,12 @@ static int nft_flush_table(struct nft_ct goto out; } @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4774,6 +4818,605 @@ static void nf_tables_obj_notify(const s +@@ -4817,6 +4861,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4804,6 +5447,49 @@ nla_put_failure: +@@ -4847,6 +5490,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -4956,6 +5642,21 @@ static const struct nfnl_callback nf_tab +@@ -4999,6 +5685,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5001,6 +5702,9 @@ static void nf_tables_commit_release(str +@@ -5044,6 +5745,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5118,6 +5822,21 @@ static int nf_tables_commit(struct net * +@@ -5161,6 +5865,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5155,6 +5874,9 @@ static void nf_tables_abort_release(stru +@@ -5198,6 +5917,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5244,6 +5966,17 @@ static int nf_tables_abort(struct net *n +@@ -5289,6 +6011,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5794,6 +6527,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5839,6 +6572,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5807,6 +6541,9 @@ static void __nft_release_afinfo(struct +@@ -5852,6 +6586,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,8 +1048,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5817,6 +6554,11 @@ static void __nft_release_afinfo(struct - nf_tables_rule_destroy(&ctx, rule); +@@ -5862,6 +6599,11 @@ static void __nft_release_afinfo(struct + nf_tables_rule_release(&ctx, rule); } } + list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) { @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5860,6 +6602,8 @@ static int __init nf_tables_module_init( +@@ -5905,6 +6647,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5874,6 +6618,7 @@ static void __exit nf_tables_module_exit +@@ -5919,6 +6663,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index d1b12ad0d1..307749763a 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -963,7 +963,6 @@ enum nft_af_flags { +@@ -968,7 +968,6 @@ enum nft_af_flags { * * @list: used internally * @family: address family @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @owner: module owner * @tables: used internally * @flags: family flags -@@ -971,7 +970,6 @@ enum nft_af_flags { +@@ -976,7 +975,6 @@ enum nft_af_flags { struct nft_af_info { struct list_head list; int family; @@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1328,9 +1328,6 @@ static int nft_chain_parse_hook(struct n +@@ -1359,9 +1359,6 @@ static int nft_chain_parse_hook(struct n return -EINVAL; hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4926,7 +4923,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4969,7 +4966,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 1cfa0ae1c4..94e69790d8 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5350,7 +5350,7 @@ static int nf_tables_getflowtable(struct +@@ -5393,7 +5393,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch b/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch index 42aa7b1b0d..c599ad79c2 100644 --- a/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch +++ b/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch @@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -954,10 +954,6 @@ struct nft_table { +@@ -959,10 +959,6 @@ struct nft_table { char *name; }; @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /** * struct nft_af_info - nf_tables address family info * -@@ -965,14 +961,12 @@ enum nft_af_flags { +@@ -970,14 +966,12 @@ enum nft_af_flags { * @family: address family * @owner: module owner * @tables: used internally @@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int nft_register_afinfo(struct net *, struct nft_af_info *); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1345,7 +1345,7 @@ static int nft_chain_parse_hook(struct n +@@ -1376,7 +1376,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index b4d0130a78..ce46e69d43 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -611,10 +611,7 @@ err: +@@ -640,10 +640,7 @@ err: return err; } @@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_chain *chain; u32 i = 0; -@@ -632,9 +629,7 @@ static void _nf_tables_table_disable(str +@@ -661,9 +658,7 @@ static void _nf_tables_table_disable(str } } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_chain *chain; int err, i = 0; -@@ -654,15 +649,13 @@ static int nf_tables_table_enable(struct +@@ -683,15 +678,13 @@ static int nf_tables_table_enable(struct return 0; err: if (i) @@ -53,7 +53,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } static int nf_tables_updtable(struct nft_ctx *ctx) -@@ -691,7 +684,7 @@ static int nf_tables_updtable(struct nft +@@ -720,7 +713,7 @@ static int nf_tables_updtable(struct nft nft_trans_table_enable(trans) = false; } else if (!(flags & NFT_TABLE_F_DORMANT) && ctx->table->flags & NFT_TABLE_F_DORMANT) { @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5728,7 +5721,6 @@ static int nf_tables_commit(struct net * +@@ -5771,7 +5764,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5890,7 +5882,6 @@ static int nf_tables_abort(struct net *n +@@ -5933,7 +5925,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch b/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch index 158f987fef..086178ae20 100644 --- a/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch +++ b/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -423,7 +423,7 @@ static inline u64 nf_tables_alloc_handle +@@ -452,7 +452,7 @@ static inline u64 nf_tables_alloc_handle static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; static const struct nf_chain_type * @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { int i; -@@ -436,22 +436,20 @@ __nf_tables_chain_type_lookup(int family +@@ -465,22 +465,20 @@ __nf_tables_chain_type_lookup(int family } static const struct nf_chain_type * @@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (type != NULL) return ERR_PTR(-EAGAIN); } -@@ -1325,8 +1323,8 @@ static int nft_chain_parse_hook(struct n +@@ -1356,8 +1354,8 @@ static int nft_chain_parse_hook(struct n type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; if (nla[NFTA_CHAIN_TYPE]) { diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 14921f92a6..91118198ac 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5269,8 +5269,10 @@ static int nf_tables_dump_flowtable_done +@@ -5312,8 +5312,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 787f62ef8f..59bffa2ada 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> bool report; }; -@@ -939,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -944,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) * @genmask: generation mask @@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @name: name of the table */ struct nft_table { -@@ -951,6 +952,7 @@ struct nft_table { +@@ -956,6 +957,7 @@ struct nft_table { u32 use; u16 flags:14, genmask:2; @@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> char *name; }; -@@ -960,13 +962,11 @@ struct nft_table { +@@ -965,13 +967,11 @@ struct nft_table { * @list: used internally * @family: address family * @owner: module owner @@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ctx->table = table; ctx->chain = chain; ctx->nla = nla; -@@ -385,30 +384,31 @@ static int nft_delflowtable(struct nft_c +@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c * Tables */ @@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (table != NULL) return table; -@@ -507,7 +507,7 @@ static void nf_tables_table_notify(const +@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const goto err; err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -524,7 +524,6 @@ static int nf_tables_dump_tables(struct +@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct net *net = sock_net(skb->sk); -@@ -533,30 +532,27 @@ static int nf_tables_dump_tables(struct +@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } done: rcu_read_unlock(); -@@ -588,7 +584,8 @@ static int nf_tables_gettable(struct net +@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -719,7 +716,7 @@ static int nf_tables_newtable(struct net +@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net return PTR_ERR(afi); name = nla[NFTA_TABLE_NAME]; @@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -729,7 +726,7 @@ static int nf_tables_newtable(struct net +@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nf_tables_updtable(&ctx); } -@@ -756,14 +753,15 @@ static int nf_tables_newtable(struct net +@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); INIT_LIST_HEAD(&table->flowtables); @@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; err4: kfree(table->name); -@@ -837,30 +835,28 @@ out: +@@ -866,30 +864,28 @@ out: static int nft_flush(struct nft_ctx *ctx, int family) { @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } out: return err; -@@ -878,7 +874,7 @@ static int nf_tables_deltable(struct net +@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); -@@ -886,7 +882,8 @@ static int nf_tables_deltable(struct net +@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -894,7 +891,7 @@ static int nf_tables_deltable(struct net +@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ctx.table = table; return nft_flush_table(&ctx); -@@ -906,7 +903,7 @@ static void nf_tables_table_destroy(stru +@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1107,7 +1104,7 @@ static void nf_tables_chain_notify(const +@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const goto err; err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ctx->chain); if (err < 0) { kfree_skb(skb); -@@ -1125,7 +1122,6 @@ static int nf_tables_dump_chains(struct +@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; const struct nft_chain *chain; unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1135,31 +1131,30 @@ static int nf_tables_dump_chains(struct +@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -1193,7 +1188,8 @@ static int nf_tables_getchain(struct net +@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1301,8 +1297,8 @@ struct nft_chain_hook { +@@ -1332,8 +1328,8 @@ struct nft_chain_hook { static int nft_chain_parse_hook(struct net *net, const struct nlattr * const nla[], @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nlattr *ha[NFTA_HOOK_MAX + 1]; const struct nf_chain_type *type; -@@ -1321,10 +1317,10 @@ static int nft_chain_parse_hook(struct n +@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); @@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) return PTR_ERR(type); } -@@ -1336,7 +1332,7 @@ static int nft_chain_parse_hook(struct n +@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> char ifname[IFNAMSIZ]; if (!ha[NFTA_HOOK_DEV]) { -@@ -1371,7 +1367,6 @@ static int nf_tables_addchain(struct nft +@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft { const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; @@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_base_chain *basechain; struct nft_stats __percpu *stats; struct net *net = ctx->net; -@@ -1385,7 +1380,7 @@ static int nf_tables_addchain(struct nft +@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) return err; -@@ -1478,7 +1473,7 @@ static int nf_tables_updchain(struct nft +@@ -1509,7 +1504,7 @@ static int nf_tables_updchain(struct nft if (!nft_is_base_chain(chain)) return -EBUSY; @@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> create); if (err < 0) return err; -@@ -1571,7 +1566,8 @@ static int nf_tables_newchain(struct net +@@ -1602,7 +1597,8 @@ static int nf_tables_newchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1611,7 +1607,7 @@ static int nf_tables_newchain(struct net +@@ -1642,7 +1638,7 @@ static int nf_tables_newchain(struct net } } @@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1645,7 +1641,8 @@ static int nf_tables_delchain(struct net +@@ -1676,7 +1672,8 @@ static int nf_tables_delchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1657,7 +1654,7 @@ static int nf_tables_delchain(struct net +@@ -1688,7 +1685,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -1822,7 +1819,7 @@ static int nf_tables_expr_parse(const st +@@ -1853,7 +1850,7 @@ static int nf_tables_expr_parse(const st if (err < 0) return err; @@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) return PTR_ERR(type); -@@ -2045,7 +2042,7 @@ static void nf_tables_rule_notify(const +@@ -2077,7 +2074,7 @@ static void nf_tables_rule_notify(const goto err; err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ctx->chain, rule); if (err < 0) { kfree_skb(skb); -@@ -2069,7 +2066,6 @@ static int nf_tables_dump_rules(struct s +@@ -2101,7 +2098,6 @@ static int nf_tables_dump_rules(struct s { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); const struct nft_rule_dump_ctx *ctx = cb->data; @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2080,39 +2076,37 @@ static int nf_tables_dump_rules(struct s +@@ -2112,39 +2108,37 @@ static int nf_tables_dump_rules(struct s rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } } -@@ -2190,7 +2184,8 @@ static int nf_tables_getrule(struct net +@@ -2222,7 +2216,8 @@ static int nf_tables_getrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2267,7 +2262,8 @@ static int nf_tables_newrule(struct net +@@ -2306,7 +2301,8 @@ static int nf_tables_newrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2306,7 +2302,7 @@ static int nf_tables_newrule(struct net +@@ -2345,7 +2341,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> n = 0; size = 0; -@@ -2446,7 +2442,8 @@ static int nf_tables_delrule(struct net +@@ -2485,7 +2481,8 @@ static int nf_tables_delrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2457,7 +2454,7 @@ static int nf_tables_delrule(struct net +@@ -2496,7 +2493,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2655,13 +2652,13 @@ static int nft_ctx_init_from_setattr(str +@@ -2694,13 +2691,13 @@ static int nft_ctx_init_from_setattr(str if (afi == NULL) return -EAFNOSUPPORT; @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2788,7 +2785,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2827,7 +2824,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2880,10 +2877,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2919,10 +2916,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2892,51 +2887,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2931,51 +2926,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } cb->args[1] = 1; done: -@@ -3146,11 +3134,12 @@ static int nf_tables_newset(struct net * +@@ -3185,11 +3173,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3417,12 +3406,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3458,12 +3447,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3527,7 +3516,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3568,7 +3557,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3539,21 +3527,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3580,21 +3568,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; } -@@ -3573,7 +3559,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3614,7 +3600,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3675,7 +3661,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3716,7 +3702,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3919,7 +3905,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3960,7 +3946,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4466,7 +4452,8 @@ static int nf_tables_newobj(struct net * +@@ -4509,7 +4495,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4484,7 +4471,7 @@ static int nf_tables_newobj(struct net * +@@ -4527,7 +4514,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4561,7 +4548,6 @@ struct nft_obj_filter { +@@ -4604,7 +4591,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4576,38 +4562,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4619,38 +4605,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -914,7 +914,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> - if (idx > s_idx) - memset(&cb->args[1], 0, - sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table[0] && +- if (filter && filter->table && - strcmp(filter->table, table->name)) - goto cont; - if (filter && @@ -929,7 +929,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + if (idx > s_idx) + memset(&cb->args[1], 0, + sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table[0] && ++ if (filter && filter->table && + strcmp(filter->table, table->name)) + goto cont; + if (filter && @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -4694,7 +4679,8 @@ static int nf_tables_getobj(struct net * +@@ -4737,7 +4722,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4754,7 +4740,8 @@ static int nf_tables_delobj(struct net * +@@ -4797,7 +4783,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4765,7 +4752,7 @@ static int nf_tables_delobj(struct net * +@@ -4808,7 +4795,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4803,7 +4790,7 @@ static void nf_tables_obj_notify(const s +@@ -4846,7 +4833,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } /* -@@ -4993,7 +4980,7 @@ void nft_flow_table_iterate(struct net * +@@ -5036,7 +5023,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5041,7 +5028,8 @@ static int nf_tables_newflowtable(struct +@@ -5084,7 +5071,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5058,7 +5046,7 @@ static int nf_tables_newflowtable(struct +@@ -5101,7 +5089,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5139,7 +5127,8 @@ static int nf_tables_delflowtable(struct +@@ -5182,7 +5170,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5150,7 +5139,7 @@ static int nf_tables_delflowtable(struct +@@ -5193,7 +5182,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5219,40 +5208,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5262,40 +5251,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + if (idx > s_idx) + memset(&cb->args[1], 0, + sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table[0] && ++ if (filter && filter->table && + strcmp(filter->table, table->name)) + goto cont; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5337,7 +5323,8 @@ static int nf_tables_getflowtable(struct +@@ -5380,7 +5366,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5380,7 +5367,7 @@ static void nf_tables_flowtable_notify(s +@@ -5423,7 +5410,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5458,17 +5445,14 @@ static int nf_tables_flowtable_event(str +@@ -5501,17 +5488,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6487,6 +6471,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6532,6 +6516,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6523,10 +6508,10 @@ static void __nft_release_afinfo(struct +@@ -6568,10 +6553,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -1210,7 +1210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfnl_unlock(NFNL_SUBSYS_NFTABLES); --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c -@@ -144,7 +144,7 @@ nft_target_set_tgchk_param(struct xt_tgc +@@ -161,7 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgc { par->net = ctx->net; par->table = ctx->table->name; @@ -1219,7 +1219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> case AF_INET: entry->e4.ip.proto = proto; entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -175,7 +175,7 @@ nft_target_set_tgchk_param(struct xt_tgc +@@ -192,7 +192,7 @@ nft_target_set_tgchk_param(struct xt_tgc } else { par->hook_mask = 0; } @@ -1228,7 +1228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> par->nft_compat = true; } -@@ -267,7 +267,7 @@ nft_target_destroy(const struct nft_ctx +@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx par.net = ctx->net; par.target = target; par.targinfo = info; @@ -1237,7 +1237,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (par.target->destroy != NULL) par.target->destroy(&par); -@@ -358,7 +358,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch { par->net = ctx->net; par->table = ctx->table->name; @@ -1246,7 +1246,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> case AF_INET: entry->e4.ip.proto = proto; entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch } else { par->hook_mask = 0; } @@ -1255,7 +1255,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> par->nft_compat = true; } -@@ -446,7 +446,7 @@ nft_match_destroy(const struct nft_ctx * +@@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx par.net = ctx->net; par.match = match; par.matchinfo = info; @@ -1264,7 +1264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (par.match->destroy != NULL) par.match->destroy(&par); -@@ -648,7 +648,7 @@ nft_match_select_ops(const struct nft_ct +@@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct mt_name = nla_data(tb[NFTA_MATCH_NAME]); rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); @@ -1273,7 +1273,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* Re-use the existing match if it's already loaded. */ list_for_each_entry(nft_match, &nft_match_list, head) { -@@ -733,7 +733,7 @@ nft_target_select_ops(const struct nft_c +@@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c tg_name = nla_data(tb[NFTA_TARGET_NAME]); rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); @@ -1408,7 +1408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c -@@ -339,7 +339,7 @@ static int nft_meta_get_validate(const s +@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s if (priv->key != NFT_META_SECPATH) return 0; @@ -1417,7 +1417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> case NFPROTO_NETDEV: hooks = 1 << NF_NETDEV_INGRESS; break; -@@ -370,7 +370,7 @@ int nft_meta_set_validate(const struct n +@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n if (priv->key != NFT_META_PKTTYPE) return 0; diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index 431098fa09..37975ae038 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6477,6 +6477,12 @@ static int __net_init nf_tables_init_net +@@ -6522,6 +6522,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6554,6 +6560,7 @@ static void __nft_release_afinfo(struct +@@ -6599,6 +6605,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index 1db472dd6a..2683f5b031 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -969,8 +969,8 @@ struct nft_af_info { +@@ -974,8 +974,8 @@ struct nft_af_info { struct module *owner; }; @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (afi->family == family) return afi; } -@@ -4975,15 +4973,12 @@ void nft_flow_table_iterate(struct net * +@@ -5018,15 +5016,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6468,21 +6463,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6513,21 +6508,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6503,8 +6483,7 @@ int __nft_release_basechain(struct nft_c +@@ -6548,8 +6528,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6514,10 +6493,11 @@ static void __nft_release_afinfo(struct +@@ -6559,10 +6538,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6558,6 +6538,21 @@ static void __nft_release_afinfo(struct +@@ -6603,6 +6583,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 031f67e5b3..544dfb92ab 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -950,28 +950,12 @@ struct nft_table { +@@ -955,28 +955,12 @@ struct nft_table { struct list_head flowtables; u64 hgenerator; u32 use; @@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int nft_register_chain_type(const struct nf_chain_type *); void nft_unregister_chain_type(const struct nf_chain_type *); -@@ -1139,9 +1123,6 @@ void nft_trace_notify(struct nft_tracein +@@ -1144,9 +1128,6 @@ void nft_trace_notify(struct nft_tracein #define nft_dereference(p) \ nfnl_dereference(p, NFNL_SUBSYS_NFTABLES) @@ -323,7 +323,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -390,7 +325,7 @@ static struct nft_table *nft_table_looku +@@ -419,7 +354,7 @@ static struct nft_table *nft_table_looku list_for_each_entry(table, &net->nft.tables, list) { if (!nla_strcmp(nla, table->name) && @@ -332,7 +332,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nft_active_genmask(table, genmask)) return table; } -@@ -531,7 +466,7 @@ static int nf_tables_dump_tables(struct +@@ -560,7 +495,7 @@ static int nf_tables_dump_tables(struct cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -341,7 +341,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (idx < s_idx) -@@ -545,7 +480,7 @@ static int nf_tables_dump_tables(struct +@@ -574,7 +509,7 @@ static int nf_tables_dump_tables(struct NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, NFT_MSG_NEWTABLE, NLM_F_MULTI, @@ -350,7 +350,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -565,7 +500,6 @@ static int nf_tables_gettable(struct net +@@ -594,7 +529,6 @@ static int nf_tables_gettable(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -358,7 +358,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int family = nfmsg->nfgen_family; -@@ -578,11 +512,7 @@ static int nf_tables_gettable(struct net +@@ -607,11 +541,7 @@ static int nf_tables_gettable(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -702,19 +632,14 @@ static int nf_tables_newtable(struct net +@@ -731,19 +661,14 @@ static int nf_tables_newtable(struct net const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); const struct nlattr *name; @@ -392,7 +392,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -724,7 +649,7 @@ static int nf_tables_newtable(struct net +@@ -753,7 +678,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -401,7 +401,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nf_tables_updtable(&ctx); } -@@ -734,40 +659,34 @@ static int nf_tables_newtable(struct net +@@ -763,40 +688,34 @@ static int nf_tables_newtable(struct net return -EINVAL; } @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return err; } -@@ -838,10 +757,10 @@ static int nft_flush(struct nft_ctx *ctx +@@ -867,10 +786,10 @@ static int nft_flush(struct nft_ctx *ctx int err = 0; list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { @@ -463,7 +463,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!nft_is_active_next(ctx->net, table)) continue; -@@ -867,7 +786,6 @@ static int nf_tables_deltable(struct net +@@ -896,7 +815,6 @@ static int nf_tables_deltable(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -471,7 +471,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; int family = nfmsg->nfgen_family; struct nft_ctx ctx; -@@ -876,11 +794,7 @@ static int nf_tables_deltable(struct net +@@ -905,11 +823,7 @@ static int nf_tables_deltable(struct net if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); @@ -484,7 +484,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -889,7 +803,7 @@ static int nf_tables_deltable(struct net +@@ -918,7 +832,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -493,7 +493,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ctx.table = table; return nft_flush_table(&ctx); -@@ -901,7 +815,6 @@ static void nf_tables_table_destroy(stru +@@ -930,7 +844,6 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -501,7 +501,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1130,7 +1043,7 @@ static int nf_tables_dump_chains(struct +@@ -1159,7 +1072,7 @@ static int nf_tables_dump_chains(struct cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -510,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(chain, &table->chains, list) { -@@ -1146,7 +1059,7 @@ static int nf_tables_dump_chains(struct +@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct cb->nlh->nlmsg_seq, NFT_MSG_NEWCHAIN, NLM_F_MULTI, @@ -519,7 +519,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> chain) < 0) goto done; -@@ -1168,7 +1081,6 @@ static int nf_tables_getchain(struct net +@@ -1197,7 +1110,6 @@ static int nf_tables_getchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -527,7 +527,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; const struct nft_chain *chain; struct sk_buff *skb2; -@@ -1182,11 +1094,7 @@ static int nf_tables_getchain(struct net +@@ -1211,11 +1123,7 @@ static int nf_tables_getchain(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1550,7 +1458,6 @@ static int nf_tables_newchain(struct net +@@ -1581,7 +1489,6 @@ static int nf_tables_newchain(struct net const struct nlattr * uninitialized_var(name); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_chain *chain; u8 policy = NF_ACCEPT; -@@ -1560,11 +1467,7 @@ static int nf_tables_newchain(struct net +@@ -1591,11 +1498,7 @@ static int nf_tables_newchain(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1605,7 +1508,7 @@ static int nf_tables_newchain(struct net +@@ -1636,7 +1539,7 @@ static int nf_tables_newchain(struct net } } @@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1626,7 +1529,6 @@ static int nf_tables_delchain(struct net +@@ -1657,7 +1560,6 @@ static int nf_tables_delchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule; -@@ -1635,11 +1537,7 @@ static int nf_tables_delchain(struct net +@@ -1666,11 +1568,7 @@ static int nf_tables_delchain(struct net u32 use; int err; @@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1652,7 +1550,7 @@ static int nf_tables_delchain(struct net +@@ -1683,7 +1581,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -2075,7 +1973,7 @@ static int nf_tables_dump_rules(struct s +@@ -2107,7 +2005,7 @@ static int nf_tables_dump_rules(struct s cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) -@@ -2098,7 +1996,7 @@ static int nf_tables_dump_rules(struct s +@@ -2130,7 +2028,7 @@ static int nf_tables_dump_rules(struct s cb->nlh->nlmsg_seq, NFT_MSG_NEWRULE, NLM_F_MULTI | NLM_F_APPEND, @@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> table, chain, rule) < 0) goto done; -@@ -2134,7 +2032,6 @@ static int nf_tables_getrule(struct net +@@ -2166,7 +2064,6 @@ static int nf_tables_getrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2178,11 +2075,7 @@ static int nf_tables_getrule(struct net +@@ -2210,11 +2107,7 @@ static int nf_tables_getrule(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2240,7 +2133,7 @@ static int nf_tables_newrule(struct net +@@ -2279,7 +2172,7 @@ static int nf_tables_newrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule, *old_rule = NULL; -@@ -2256,11 +2149,7 @@ static int nf_tables_newrule(struct net +@@ -2295,11 +2188,7 @@ static int nf_tables_newrule(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2300,7 +2189,7 @@ static int nf_tables_newrule(struct net +@@ -2339,7 +2228,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> n = 0; size = 0; -@@ -2429,18 +2318,13 @@ static int nf_tables_delrule(struct net +@@ -2468,18 +2357,13 @@ static int nf_tables_delrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2452,7 +2336,7 @@ static int nf_tables_delrule(struct net +@@ -2491,7 +2375,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2637,26 +2521,17 @@ static int nft_ctx_init_from_setattr(str +@@ -2676,26 +2560,17 @@ static int nft_ctx_init_from_setattr(str u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2887,7 +2762,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2926,7 +2801,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx->table && ctx->table != table) -@@ -2908,7 +2783,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2947,7 +2822,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3020,8 +2895,8 @@ static int nf_tables_newset(struct net * +@@ -3059,8 +2934,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3128,16 +3003,12 @@ static int nf_tables_newset(struct net * +@@ -3167,16 +3042,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3397,19 +3268,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3438,19 +3309,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3527,7 +3394,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3568,7 +3435,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (table != dump_ctx->ctx.table) -@@ -3557,7 +3424,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3598,7 +3465,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4434,7 +4301,6 @@ static int nf_tables_newobj(struct net * +@@ -4477,7 +4344,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4446,11 +4312,7 @@ static int nf_tables_newobj(struct net * +@@ -4489,11 +4355,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4469,7 +4331,7 @@ static int nf_tables_newobj(struct net * +@@ -4512,7 +4374,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4561,7 +4423,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4604,7 +4466,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4584,7 +4446,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4627,7 +4489,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj, reset) < 0) goto done; -@@ -4642,7 +4504,6 @@ static int nf_tables_getobj(struct net * +@@ -4685,7 +4547,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4673,11 +4534,7 @@ static int nf_tables_getobj(struct net * +@@ -4716,11 +4577,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4724,7 +4581,6 @@ static int nf_tables_delobj(struct net * +@@ -4767,7 +4624,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4734,11 +4590,7 @@ static int nf_tables_delobj(struct net * +@@ -4777,11 +4633,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4750,7 +4602,7 @@ static int nf_tables_delobj(struct net * +@@ -4793,7 +4645,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4935,33 +4787,31 @@ err1: +@@ -4978,33 +4830,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return ERR_PTR(-EAGAIN); } #endif -@@ -5009,7 +4859,6 @@ static int nf_tables_newflowtable(struct +@@ -5052,7 +4902,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5019,12 +4868,8 @@ static int nf_tables_newflowtable(struct +@@ -5062,12 +4911,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5041,7 +4886,7 @@ static int nf_tables_newflowtable(struct +@@ -5084,7 +4929,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5054,7 +4899,7 @@ static int nf_tables_newflowtable(struct +@@ -5097,7 +4942,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5114,16 +4959,11 @@ static int nf_tables_delflowtable(struct +@@ -5157,16 +5002,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5134,7 +4974,7 @@ static int nf_tables_delflowtable(struct +@@ -5177,7 +5017,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5209,7 +5049,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5252,7 +5092,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5228,7 +5068,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5271,7 +5111,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5288,7 +5128,6 @@ static int nf_tables_getflowtable(struct +@@ -5331,7 +5171,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5314,12 +5153,8 @@ static int nf_tables_getflowtable(struct +@@ -5357,12 +5196,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6483,7 +6318,7 @@ int __nft_release_basechain(struct nft_c +@@ -6528,7 +6363,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6496,7 +6331,7 @@ static void __nft_release_afinfo(struct +@@ -6541,7 +6376,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6548,7 +6383,7 @@ static int __net_init nf_tables_init_net +@@ -6593,7 +6428,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 3e8dccf0eb..0572c2fcd9 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4825,13 +4825,13 @@ void nft_flow_table_iterate(struct net * +@@ -4868,13 +4868,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index d0f6b7aa33..bd935b971d 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5210,17 +5210,12 @@ err: +@@ -5253,17 +5253,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index 22720aa727..a7ce0df5cf 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -12,7 +12,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -369,6 +369,7 @@ void nft_unregister_set(struct nft_set_t +@@ -370,6 +370,7 @@ void nft_unregister_set(struct nft_set_t * @list: table set list node * @bindings: list of set bindings * @name: name of the set @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @ktype: key type (numeric type defined by userspace, not used in the kernel) * @dtype: data type (verdict or numeric type defined by userspace) * @objtype: object type (see NFT_OBJECT_* definitions) -@@ -391,6 +392,7 @@ struct nft_set { +@@ -392,6 +393,7 @@ struct nft_set { struct list_head list; struct list_head bindings; char *name; @@ -28,7 +28,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 ktype; u32 dtype; u32 objtype; -@@ -936,6 +938,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -941,6 +943,7 @@ unsigned int nft_do_chain(struct nft_pkt * @objects: stateful objects in the table * @flowtables: flow tables in the table * @hgenerator: handle generator state @@ -36,7 +36,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) * @genmask: generation mask -@@ -949,6 +952,7 @@ struct nft_table { +@@ -954,6 +957,7 @@ struct nft_table { struct list_head objects; struct list_head flowtables; u64 hgenerator; @@ -44,7 +44,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 use; u16 family:6, flags:8, -@@ -973,9 +977,9 @@ int nft_verdict_dump(struct sk_buff *skb +@@ -978,9 +982,9 @@ int nft_verdict_dump(struct sk_buff *skb * @name: name of this stateful object * @genmask: generation mask * @use: number of references to this stateful object @@ -56,7 +56,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> */ struct nft_object { struct list_head list; -@@ -983,6 +987,7 @@ struct nft_object { +@@ -988,6 +992,7 @@ struct nft_object { struct nft_table *table; u32 genmask:2, use:30; @@ -64,7 +64,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* runtime data below here */ const struct nft_object_ops *ops ____cacheline_aligned; unsigned char data[] -@@ -1064,6 +1069,7 @@ void nft_unregister_obj(struct nft_objec +@@ -1069,6 +1074,7 @@ void nft_unregister_obj(struct nft_objec * @ops_len: number of hooks in array * @genmask: generation mask * @use: number of references to this flow table @@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @data: rhashtable and garbage collector * @ops: array of hooks */ -@@ -1076,6 +1082,7 @@ struct nft_flowtable { +@@ -1081,6 +1087,7 @@ struct nft_flowtable { int ops_len; u32 genmask:2, use:30; @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -332,6 +333,20 @@ static struct nft_table *nft_table_looku +@@ -361,6 +362,20 @@ static struct nft_table *nft_table_looku return NULL; } @@ -172,7 +172,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_table *nf_tables_table_lookup(const struct net *net, const struct nlattr *nla, u8 family, u8 genmask) -@@ -348,6 +363,22 @@ static struct nft_table *nf_tables_table +@@ -377,6 +392,22 @@ static struct nft_table *nf_tables_table return ERR_PTR(-ENOENT); } @@ -195,7 +195,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static inline u64 nf_tables_alloc_handle(struct nft_table *table) { return ++table->hgenerator; -@@ -394,6 +425,7 @@ static const struct nla_policy nft_table +@@ -423,6 +454,7 @@ static const struct nla_policy nft_table [NFTA_TABLE_NAME] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, [NFTA_TABLE_FLAGS] = { .type = NLA_U32 }, @@ -203,7 +203,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, -@@ -415,7 +447,9 @@ static int nf_tables_fill_table_info(str +@@ -444,7 +476,9 @@ static int nf_tables_fill_table_info(str if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) || nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) || @@ -214,7 +214,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -674,6 +708,7 @@ static int nf_tables_newtable(struct net +@@ -703,6 +737,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->flowtables); table->family = family; table->flags = flags; @@ -222,7 +222,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); -@@ -791,11 +826,18 @@ static int nf_tables_deltable(struct net +@@ -820,11 +855,18 @@ static int nf_tables_deltable(struct net struct nft_ctx ctx; nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); @@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1534,6 +1576,7 @@ static int nf_tables_delchain(struct net +@@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net struct nft_rule *rule; int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 use; int err; -@@ -1542,7 +1585,12 @@ static int nf_tables_delchain(struct net +@@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net if (IS_ERR(table)) return PTR_ERR(table); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(chain)) return PTR_ERR(chain); -@@ -2508,6 +2556,7 @@ static const struct nla_policy nft_set_p +@@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p [NFTA_SET_USERDATA] = { .type = NLA_BINARY, .len = NFT_USERDATA_MAXLEN }, [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, @@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2551,6 +2600,22 @@ static struct nft_set *nf_tables_set_loo +@@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo return ERR_PTR(-ENOENT); } @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2666,6 +2731,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2705,6 +2770,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3074,6 +3142,7 @@ static int nf_tables_newset(struct net * +@@ -3113,6 +3181,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3133,7 +3202,10 @@ static int nf_tables_delset(struct net * +@@ -3172,7 +3241,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4189,6 +4261,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4232,6 +4304,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4196,6 +4283,7 @@ static const struct nla_policy nft_obj_p +@@ -4239,6 +4326,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4343,6 +4431,8 @@ static int nf_tables_newobj(struct net * +@@ -4386,6 +4474,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4389,7 +4479,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4432,7 +4522,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4587,7 +4679,7 @@ static int nf_tables_delobj(struct net * +@@ -4630,7 +4722,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4596,7 +4688,12 @@ static int nf_tables_delobj(struct net * +@@ -4639,7 +4731,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4668,6 +4765,7 @@ static const struct nla_policy nft_flowt +@@ -4711,6 +4808,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4685,6 +4783,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4728,6 +4826,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4893,6 +5005,8 @@ static int nf_tables_newflowtable(struct +@@ -4936,6 +5048,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -4967,8 +5081,14 @@ static int nf_tables_delflowtable(struct +@@ -5010,8 +5124,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5001,7 +5121,9 @@ static int nf_tables_fill_flowtable_info +@@ -5044,7 +5164,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 278947644f..2af2fbe284 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5020,40 +5020,38 @@ static int nf_tables_newflowtable(struct +@@ -5063,40 +5063,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5334,10 +5332,8 @@ err: +@@ -5377,10 +5375,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index fcf206de37..9481d16ba5 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4886,7 +4886,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4929,7 +4929,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 3530eb6c24..2dc50f8358 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> struct delayed_work gc_work; --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -1091,9 +1091,6 @@ struct nft_flowtable { +@@ -1096,9 +1096,6 @@ struct nft_flowtable { struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, const struct nlattr *nla, u8 genmask); @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4930,23 +4930,6 @@ static const struct nf_flowtable_type *n +@@ -4973,23 +4973,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } |