diff options
author | Adrian Schmutzler <freifunk@adrianschmutzler.de> | 2020-10-09 21:53:35 +0200 |
---|---|---|
committer | Adrian Schmutzler <freifunk@adrianschmutzler.de> | 2020-10-30 19:29:59 +0100 |
commit | 278512665094888d3c007fdd74e090496d6c811d (patch) | |
tree | 6d4f2cdddef316e07829b89c1c1a790d0db92fc3 /target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch | |
parent | 3824fa26d256d162fc0e02e46714eda7816cae4a (diff) | |
download | upstream-278512665094888d3c007fdd74e090496d6c811d.tar.gz upstream-278512665094888d3c007fdd74e090496d6c811d.tar.bz2 upstream-278512665094888d3c007fdd74e090496d6c811d.zip |
kernel: remove support for kernel 4.19
We use 5.4 on all targets by default, and 4.19 has never been released
in a stable version. There is no reason to keep it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Diffstat (limited to 'target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch')
-rw-r--r-- | target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch b/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch deleted file mode 100644 index fa32f88e17..0000000000 --- a/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch +++ /dev/null @@ -1,88 +0,0 @@ -From: Felix Fietkau <nbd@nbd.name> -Subject: netfilter: add support for flushing conntrack via /proc - -lede-commit 8193bbe59a74d34d6a26d4a8cb857b1952905314 -Signed-off-by: Felix Fietkau <nbd@nbd.name> ---- - net/netfilter/nf_conntrack_standalone.c | 59 ++++++++++++++++++++++++++++++++- - 1 file changed, 58 insertions(+), 1 deletion(-) - ---- a/net/netfilter/nf_conntrack_standalone.c -+++ b/net/netfilter/nf_conntrack_standalone.c -@@ -9,6 +9,7 @@ - #include <linux/percpu.h> - #include <linux/netdevice.h> - #include <linux/security.h> -+#include <linux/inet.h> - #include <net/net_namespace.h> - #ifdef CONFIG_SYSCTL - #include <linux/sysctl.h> -@@ -433,6 +434,56 @@ static int ct_cpu_seq_show(struct seq_fi - return 0; - } - -+struct kill_request { -+ u16 family; -+ union nf_inet_addr addr; -+}; -+ -+static int kill_matching(struct nf_conn *i, void *data) -+{ -+ struct kill_request *kr = data; -+ struct nf_conntrack_tuple *t1 = &i->tuplehash[IP_CT_DIR_ORIGINAL].tuple; -+ struct nf_conntrack_tuple *t2 = &i->tuplehash[IP_CT_DIR_REPLY].tuple; -+ -+ if (!kr->family) -+ return 1; -+ -+ if (t1->src.l3num != kr->family) -+ return 0; -+ -+ return (nf_inet_addr_cmp(&kr->addr, &t1->src.u3) || -+ nf_inet_addr_cmp(&kr->addr, &t1->dst.u3) || -+ nf_inet_addr_cmp(&kr->addr, &t2->src.u3) || -+ nf_inet_addr_cmp(&kr->addr, &t2->dst.u3)); -+} -+ -+static int ct_file_write(struct file *file, char *buf, size_t count) -+{ -+ struct seq_file *seq = file->private_data; -+ struct net *net = seq_file_net(seq); -+ struct kill_request kr = { }; -+ -+ if (count == 0) -+ return 0; -+ -+ if (count >= INET6_ADDRSTRLEN) -+ count = INET6_ADDRSTRLEN - 1; -+ -+ if (strnchr(buf, count, ':')) { -+ kr.family = AF_INET6; -+ if (!in6_pton(buf, count, (void *)&kr.addr, '\n', NULL)) -+ return -EINVAL; -+ } else if (strnchr(buf, count, '.')) { -+ kr.family = AF_INET; -+ if (!in4_pton(buf, count, (void *)&kr.addr, '\n', NULL)) -+ return -EINVAL; -+ } -+ -+ nf_ct_iterate_cleanup_net(net, kill_matching, &kr, 0, 0); -+ -+ return 0; -+} -+ - static const struct seq_operations ct_cpu_seq_ops = { - .start = ct_cpu_seq_start, - .next = ct_cpu_seq_next, -@@ -446,8 +497,9 @@ static int nf_conntrack_standalone_init_ - kuid_t root_uid; - kgid_t root_gid; - -- pde = proc_create_net("nf_conntrack", 0440, net->proc_net, &ct_seq_ops, -- sizeof(struct ct_iter_state)); -+ pde = proc_create_net_data_write("nf_conntrack", 0440, net->proc_net, -+ &ct_seq_ops, &ct_file_write, -+ sizeof(struct ct_iter_state), NULL); - if (!pde) - goto out_nf_conntrack; - |