diff options
author | Daniel Golle <daniel@makrotopia.org> | 2019-06-12 01:14:25 +0200 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2019-06-12 01:18:52 +0200 |
commit | 000d400baa0af2e42c9a462e42df7dc9abde1ec7 (patch) | |
tree | a11c2dd570e8f02c4a141f135fc8db1e1d391ef2 /target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch | |
parent | c4e727f01cc40bd57274d0b885b0f75cde9c4683 (diff) | |
download | upstream-000d400baa0af2e42c9a462e42df7dc9abde1ec7.tar.gz upstream-000d400baa0af2e42c9a462e42df7dc9abde1ec7.tar.bz2 upstream-000d400baa0af2e42c9a462e42df7dc9abde1ec7.zip |
kernel: drop everything not on kernel version 4.14
* Remove testing patches for kernel version 4.19
* remove targets ar7, ixp4xx, orion
Those targets are still on kernel 4.9, patches for 4.14 were not ready
in time. They may be readded once people prepare and test patches for
kernel 4.14.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch')
-rw-r--r-- | target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch deleted file mode 100644 index d3a6afa804..0000000000 --- a/target/linux/generic/pending-4.9/610-netfilter_match_bypass_default_checks.patch +++ /dev/null @@ -1,110 +0,0 @@ -From: Felix Fietkau <nbd@nbd.name> -Subject: kernel: add a new version of my netfilter speedup patches for linux 2.6.39 and 3.0 - -Signed-off-by: Felix Fietkau <nbd@nbd.name> ---- - include/uapi/linux/netfilter_ipv4/ip_tables.h | 1 + - net/ipv4/netfilter/ip_tables.c | 37 +++++++++++++++++++++++++++ - 2 files changed, 38 insertions(+) - ---- a/include/uapi/linux/netfilter_ipv4/ip_tables.h -+++ b/include/uapi/linux/netfilter_ipv4/ip_tables.h -@@ -88,6 +88,7 @@ struct ipt_ip { - #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ - #define IPT_F_GOTO 0x02 /* Set if jump is a goto */ - #define IPT_F_MASK 0x03 /* All possible flag bits mask. */ -+#define IPT_F_NO_DEF_MATCH 0x80 /* Internal: no default match rules present */ - - /* Values for "inv" field in struct ipt_ip. */ - #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ ---- a/net/ipv4/netfilter/ip_tables.c -+++ b/net/ipv4/netfilter/ip_tables.c -@@ -58,6 +58,9 @@ ip_packet_match(const struct iphdr *ip, - { - unsigned long ret; - -+ if (ipinfo->flags & IPT_F_NO_DEF_MATCH) -+ return true; -+ - if (NF_INVF(ipinfo, IPT_INV_SRCIP, - (ip->saddr & ipinfo->smsk.s_addr) != ipinfo->src.s_addr) || - NF_INVF(ipinfo, IPT_INV_DSTIP, -@@ -88,6 +91,29 @@ ip_packet_match(const struct iphdr *ip, - return true; - } - -+static void -+ip_checkdefault(struct ipt_ip *ip) -+{ -+ static const char iface_mask[IFNAMSIZ] = {}; -+ -+ if (ip->invflags || ip->flags & IPT_F_FRAG) -+ return; -+ -+ if (memcmp(ip->iniface_mask, iface_mask, IFNAMSIZ) != 0) -+ return; -+ -+ if (memcmp(ip->outiface_mask, iface_mask, IFNAMSIZ) != 0) -+ return; -+ -+ if (ip->smsk.s_addr || ip->dmsk.s_addr) -+ return; -+ -+ if (ip->proto) -+ return; -+ -+ ip->flags |= IPT_F_NO_DEF_MATCH; -+} -+ - static bool - ip_checkentry(const struct ipt_ip *ip) - { -@@ -550,6 +576,8 @@ find_check_entry(struct ipt_entry *e, st - struct xt_mtchk_param mtpar; - struct xt_entry_match *ematch; - -+ ip_checkdefault(&e->ip); -+ - if (!xt_percpu_counter_alloc(alloc_state, &e->counters)) - return -ENOMEM; - -@@ -830,6 +858,7 @@ copy_entries_to_user(unsigned int total_ - const struct xt_table_info *private = table->private; - int ret = 0; - const void *loc_cpu_entry; -+ u8 flags; - - counters = alloc_counters(table); - if (IS_ERR(counters)) -@@ -857,6 +886,14 @@ copy_entries_to_user(unsigned int total_ - goto free_counters; - } - -+ flags = e->ip.flags & IPT_F_MASK; -+ if (copy_to_user(userptr + off -+ + offsetof(struct ipt_entry, ip.flags), -+ &flags, sizeof(flags)) != 0) { -+ ret = -EFAULT; -+ goto free_counters; -+ } -+ - for (i = sizeof(struct ipt_entry); - i < e->target_offset; - i += m->u.match_size) { -@@ -1246,12 +1283,15 @@ compat_copy_entry_to_user(struct ipt_ent - compat_uint_t origsize; - const struct xt_entry_match *ematch; - int ret = 0; -+ u8 flags = e->ip.flags & IPT_F_MASK; - - origsize = *size; - ce = (struct compat_ipt_entry __user *)*dstptr; - if (copy_to_user(ce, e, sizeof(struct ipt_entry)) != 0 || - copy_to_user(&ce->counters, &counters[i], -- sizeof(counters[i])) != 0) -+ sizeof(counters[i])) != 0 || -+ copy_to_user(&ce->ip.flags, &flags, -+ sizeof(flags)) != 0) - return -EFAULT; - - *dstptr += sizeof(struct compat_ipt_entry); |