diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 81f140441f..f2210259e8 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -892,8 +892,6 @@ struct nft_stats { +@@ -897,8 +897,6 @@ struct nft_stats { struct u64_stats_sync syncp; }; @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /** * struct nft_base_chain - nf_tables base chain * -@@ -905,7 +903,7 @@ struct nft_stats { +@@ -910,7 +908,7 @@ struct nft_stats { * @dev_name: device name that this base chain is attached to (if any) */ struct nft_base_chain { @@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nf_chain_type *type; u8 policy; u8 flags; -@@ -966,8 +964,6 @@ enum nft_af_flags { +@@ -971,8 +969,6 @@ enum nft_af_flags { * @owner: module owner * @tables: used internally * @flags: family flags @@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @hooks: hookfn overrides for packet validation */ struct nft_af_info { -@@ -977,9 +973,6 @@ struct nft_af_info { +@@ -982,9 +978,6 @@ struct nft_af_info { struct module *owner; struct list_head tables; u32 flags; @@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) -@@ -595,8 +592,7 @@ static void _nf_tables_table_disable(str +@@ -624,8 +621,7 @@ static void _nf_tables_table_disable(str if (cnt && i++ == cnt) break; @@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -613,8 +609,7 @@ static int nf_tables_table_enable(struct +@@ -642,8 +638,7 @@ static int nf_tables_table_enable(struct if (!nft_is_base_chain(chain)) continue; @@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) goto err; -@@ -1026,7 +1021,7 @@ static int nf_tables_fill_chain_info(str +@@ -1055,7 +1050,7 @@ static int nf_tables_fill_chain_info(str if (nft_is_base_chain(chain)) { const struct nft_base_chain *basechain = nft_base_chain(chain); @@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nlattr *nest; nest = nla_nest_start(skb, NFTA_CHAIN_HOOK); -@@ -1252,8 +1247,8 @@ static void nf_tables_chain_destroy(stru +@@ -1283,8 +1278,8 @@ static void nf_tables_chain_destroy(stru free_percpu(basechain->stats); if (basechain->stats) static_branch_dec(&nft_counters_enabled); @@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> kfree(chain->name); kfree(basechain); } else { -@@ -1349,7 +1344,6 @@ static int nf_tables_addchain(struct nft +@@ -1380,7 +1375,6 @@ static int nf_tables_addchain(struct nft struct nft_stats __percpu *stats; struct net *net = ctx->net; struct nft_chain *chain; @@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int err; if (table->use == UINT_MAX) -@@ -1388,21 +1382,18 @@ static int nf_tables_addchain(struct nft +@@ -1419,21 +1413,18 @@ static int nf_tables_addchain(struct nft basechain->type = hook.type; chain = &basechain->chain; @@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> chain->flags |= NFT_BASE_CHAIN; basechain->policy = policy; -@@ -1420,7 +1411,7 @@ static int nf_tables_addchain(struct nft +@@ -1451,7 +1442,7 @@ static int nf_tables_addchain(struct nft goto err1; } @@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) goto err1; -@@ -1434,7 +1425,7 @@ static int nf_tables_addchain(struct nft +@@ -1465,7 +1456,7 @@ static int nf_tables_addchain(struct nft return 0; err2: @@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err1: nf_tables_chain_destroy(chain); -@@ -1447,14 +1438,13 @@ static int nf_tables_updchain(struct nft +@@ -1478,14 +1469,13 @@ static int nf_tables_updchain(struct nft const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; struct nft_chain *chain = ctx->chain; @@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nla[NFTA_CHAIN_HOOK]) { if (!nft_is_base_chain(chain)) -@@ -1471,14 +1461,12 @@ static int nf_tables_updchain(struct nft +@@ -1502,14 +1492,12 @@ static int nf_tables_updchain(struct nft return -EBUSY; } @@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5069,10 +5057,9 @@ static int nf_tables_commit(struct net * +@@ -5112,10 +5100,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5209,10 +5196,9 @@ static int nf_tables_abort(struct net *n +@@ -5252,10 +5239,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5313,7 +5299,7 @@ int nft_chain_validate_hooks(const struc +@@ -5358,7 +5344,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5795,8 +5781,7 @@ int __nft_release_basechain(struct nft_c +@@ -5840,8 +5826,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5825,8 +5810,7 @@ static void __nft_release_afinfo(struct +@@ -5870,8 +5855,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) @@ -353,7 +353,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> strncpy(basechain->dev_name, dev->name, IFNAMSIZ); --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c -@@ -169,7 +169,7 @@ nft_target_set_tgchk_param(struct xt_tgc +@@ -186,7 +186,7 @@ nft_target_set_tgchk_param(struct xt_tgc if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -362,7 +362,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> par->hook_mask = 1 << ops->hooknum; } else { -@@ -302,7 +302,7 @@ static int nft_target_validate(const str +@@ -317,7 +317,7 @@ static int nft_target_validate(const str if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook_mask = 1 << ops->hooknum; if (target->hooks && !(hook_mask & target->hooks)) -@@ -383,7 +383,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -414,7 +414,7 @@ nft_match_set_mtchk_param(struct xt_mtch if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -380,7 +380,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> par->hook_mask = 1 << ops->hooknum; } else { -@@ -481,7 +481,7 @@ static int nft_match_validate(const stru +@@ -564,7 +564,7 @@ static int nft_match_validate(const stru if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); |