diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch new file mode 100644 index 0000000000..26a93c40ae --- /dev/null +++ b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch @@ -0,0 +1,67 @@ +From bb4badf3a3dc81190f7c1c1fa063cdefb18df45f Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Thu, 7 Dec 2017 16:28:25 +0100 +Subject: [PATCH 07/11] netfilter: don't allocate space for decnet hooks unless + needed + +no need to define hook points if the family isn't supported. + +Signed-off-by: Florian Westphal <fw@strlen.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + include/linux/netfilter.h | 2 ++ + include/net/netns/netfilter.h | 2 ++ + net/netfilter/core.c | 4 ++++ + 3 files changed, 8 insertions(+) + +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -219,9 +219,11 @@ static inline int nf_hook(u_int8_t pf, u + case NFPROTO_BRIDGE: + hook_head = rcu_dereference(net->nf.hooks_bridge[hook]); + break; ++#if IS_ENABLED(CONFIG_DECNET) + case NFPROTO_DECNET: + hook_head = rcu_dereference(net->nf.hooks_decnet[hook]); + break; ++#endif + default: + WARN_ON_ONCE(1); + break; +--- a/include/net/netns/netfilter.h ++++ b/include/net/netns/netfilter.h +@@ -21,7 +21,9 @@ struct netns_nf { + struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS]; + struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS]; + struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS]; ++#if IS_ENABLED(CONFIG_DECNET) + struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS]; ++#endif + #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) + bool defrag_ipv4; + #endif +--- a/net/netfilter/core.c ++++ b/net/netfilter/core.c +@@ -283,10 +283,12 @@ static struct nf_hook_entries __rcu **nf + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum)) + return NULL; + return net->nf.hooks_ipv6 + reg->hooknum; ++#if IS_ENABLED(CONFIG_DECNET) + case NFPROTO_DECNET: + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum)) + return NULL; + return net->nf.hooks_decnet + reg->hooknum; ++#endif + default: + WARN_ON_ONCE(1); + return NULL; +@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init + __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); + __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); + __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); ++#if IS_ENABLED(CONFIG_DECNET) + __netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet)); ++#endif + + #ifdef CONFIG_PROC_FS + net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", |