diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch')
| -rw-r--r-- | target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 9bdacd914f..8266562a82 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #include <net/netlink.h> #define NFT_JUMP_STACK_SIZE 16 -@@ -933,6 +934,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -938,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt * @chains: chains in the table * @sets: sets in the table * @objects: stateful objects in the table @@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @hgenerator: handle generator state * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) -@@ -944,6 +946,7 @@ struct nft_table { +@@ -949,6 +951,7 @@ struct nft_table { struct list_head chains; struct list_head sets; struct list_head objects; @@ -66,7 +66,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u64 hgenerator; u32 use; u16 flags:14, -@@ -1075,6 +1078,44 @@ int nft_register_obj(struct nft_object_t +@@ -1080,6 +1083,44 @@ int nft_register_obj(struct nft_object_t void nft_unregister_obj(struct nft_object_type *obj_type); /** @@ -111,7 +111,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * struct nft_traceinfo - nft tracing information and state * * @pkt: pktinfo currently processed -@@ -1310,4 +1351,11 @@ struct nft_trans_obj { +@@ -1315,4 +1356,11 @@ struct nft_trans_obj { #define nft_trans_obj(trans) \ (((struct nft_trans_obj *)trans->data)->obj) @@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /** * nft_register_afinfo - register nf_tables address family info -@@ -345,6 +347,40 @@ static int nft_delobj(struct nft_ctx *ct +@@ -374,6 +376,40 @@ static int nft_delobj(struct nft_ctx *ct return err; } @@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* * Tables */ -@@ -728,6 +764,7 @@ static int nf_tables_newtable(struct net +@@ -757,6 +793,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->chains); INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> table->flags = flags; nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -@@ -749,10 +786,11 @@ err1: +@@ -778,10 +815,11 @@ err1: static int nft_flush_table(struct nft_ctx *ctx) { @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &ctx->table->chains, list) { if (!nft_is_active_next(ctx->net, chain)) -@@ -778,6 +816,12 @@ static int nft_flush_table(struct nft_ct +@@ -807,6 +845,12 @@ static int nft_flush_table(struct nft_ct goto out; } @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4774,6 +4818,605 @@ static void nf_tables_obj_notify(const s +@@ -4817,6 +4861,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4804,6 +5447,49 @@ nla_put_failure: +@@ -4847,6 +5490,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -4956,6 +5642,21 @@ static const struct nfnl_callback nf_tab +@@ -4999,6 +5685,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5001,6 +5702,9 @@ static void nf_tables_commit_release(str +@@ -5044,6 +5745,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5118,6 +5822,21 @@ static int nf_tables_commit(struct net * +@@ -5161,6 +5865,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5155,6 +5874,9 @@ static void nf_tables_abort_release(stru +@@ -5198,6 +5917,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5244,6 +5966,17 @@ static int nf_tables_abort(struct net *n +@@ -5289,6 +6011,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5794,6 +6527,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5839,6 +6572,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5807,6 +6541,9 @@ static void __nft_release_afinfo(struct +@@ -5852,6 +6586,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,8 +1048,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5817,6 +6554,11 @@ static void __nft_release_afinfo(struct - nf_tables_rule_destroy(&ctx, rule); +@@ -5862,6 +6599,11 @@ static void __nft_release_afinfo(struct + nf_tables_rule_release(&ctx, rule); } } + list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) { @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5860,6 +6602,8 @@ static int __init nf_tables_module_init( +@@ -5905,6 +6647,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5874,6 +6618,7 @@ static void __exit nf_tables_module_exit +@@ -5919,6 +6663,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); |