diff options
Diffstat (limited to 'target/linux/generic/backport-4.14')
15 files changed, 43 insertions, 214 deletions
diff --git a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch index 03c0b53655..89117bd874 100644 --- a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch +++ b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch @@ -74,7 +74,7 @@ Cc: Kir Kolyshkin <kir@openvz.org> sk->sk_gso_max_size - 1 - MAX_TCP_HEADER); /* Goal is to send at least one packet per ms, -@@ -2145,7 +2145,7 @@ static bool tcp_small_queue_check(struct +@@ -2172,7 +2172,7 @@ static bool tcp_small_queue_check(struct { unsigned int limit; diff --git a/target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch b/target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch deleted file mode 100644 index 530a9e8a85..0000000000 --- a/target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch +++ /dev/null @@ -1,147 +0,0 @@ -From c6bdd0d302119819de72439972d0462c26ef9eda Mon Sep 17 00:00:00 2001 -From: Felix Janda <felix.janda@posteo.de> -Date: Sun, 12 Nov 2017 13:30:17 -0500 -Subject: uapi libc compat: add fallback for unsupported libcs - -libc-compat.h aims to prevent symbol collisions between uapi and libc -headers for each supported libc. This requires continuous coordination -between them. - -The goal of this commit is to improve the situation for libcs (such as -musl) which are not yet supported and/or do not wish to be explicitly -supported, while not affecting supported libcs. More precisely, with -this commit, unsupported libcs can request the suppression of any -specific uapi definition by defining the correspondings _UAPI_DEF_* -macro as 0. This can fix symbol collisions for them, as long as the -libc headers are included before the uapi headers. Inclusion in the -other order is outside the scope of this commit. - -All infrastructure in order to enable this fallback for unsupported -libcs is already in place, except that libc-compat.h unconditionally -defines all _UAPI_DEF_* macros to 1 for all unsupported libcs so that -any previous definitions are ignored. In order to fix this, this commit -merely makes these definitions conditional. - -This commit together with the musl libc commit - -http://git.musl-libc.org/cgit/musl/commit/?id=04983f2272382af92eb8f8838964ff944fbb8258 - -fixes for example the following compiler errors when <linux/in6.h> is -included after musl's <netinet/in.h>: - -./linux/in6.h:32:8: error: redefinition of 'struct in6_addr' -./linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6' -./linux/in6.h:59:8: error: redefinition of 'struct ipv6_mreq' - -The comments referencing glibc are still correct, but this file is not -only used for glibc any more. - -Signed-off-by: Felix Janda <felix.janda@posteo.de> -Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de> ---- - include/uapi/linux/libc-compat.h | 55 +++++++++++++++++++++++++++++++++++++++- - 1 file changed, 54 insertions(+), 1 deletion(-) - ---- a/include/uapi/linux/libc-compat.h -+++ b/include/uapi/linux/libc-compat.h -@@ -168,46 +168,99 @@ - - /* If we did not see any headers from any supported C libraries, - * or we are being included in the kernel, then define everything -- * that we need. */ -+ * that we need. Check for previous __UAPI_* definitions to give -+ * unsupported C libraries a way to opt out of any kernel definition. */ - #else /* !defined(__GLIBC__) */ - - /* Definitions for if.h */ -+#ifndef __UAPI_DEF_IF_IFCONF - #define __UAPI_DEF_IF_IFCONF 1 -+#endif -+#ifndef __UAPI_DEF_IF_IFMAP - #define __UAPI_DEF_IF_IFMAP 1 -+#endif -+#ifndef __UAPI_DEF_IF_IFNAMSIZ - #define __UAPI_DEF_IF_IFNAMSIZ 1 -+#endif -+#ifndef __UAPI_DEF_IF_IFREQ - #define __UAPI_DEF_IF_IFREQ 1 -+#endif - /* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */ -+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS - #define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1 -+#endif - /* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */ -+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO - #define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1 -+#endif - - /* Definitions for in.h */ -+#ifndef __UAPI_DEF_IN_ADDR - #define __UAPI_DEF_IN_ADDR 1 -+#endif -+#ifndef __UAPI_DEF_IN_IPPROTO - #define __UAPI_DEF_IN_IPPROTO 1 -+#endif -+#ifndef __UAPI_DEF_IN_PKTINFO - #define __UAPI_DEF_IN_PKTINFO 1 -+#endif -+#ifndef __UAPI_DEF_IP_MREQ - #define __UAPI_DEF_IP_MREQ 1 -+#endif -+#ifndef __UAPI_DEF_SOCKADDR_IN - #define __UAPI_DEF_SOCKADDR_IN 1 -+#endif -+#ifndef __UAPI_DEF_IN_CLASS - #define __UAPI_DEF_IN_CLASS 1 -+#endif - - /* Definitions for in6.h */ -+#ifndef __UAPI_DEF_IN6_ADDR - #define __UAPI_DEF_IN6_ADDR 1 -+#endif -+#ifndef __UAPI_DEF_IN6_ADDR_ALT - #define __UAPI_DEF_IN6_ADDR_ALT 1 -+#endif -+#ifndef __UAPI_DEF_SOCKADDR_IN6 - #define __UAPI_DEF_SOCKADDR_IN6 1 -+#endif -+#ifndef __UAPI_DEF_IPV6_MREQ - #define __UAPI_DEF_IPV6_MREQ 1 -+#endif -+#ifndef __UAPI_DEF_IPPROTO_V6 - #define __UAPI_DEF_IPPROTO_V6 1 -+#endif -+#ifndef __UAPI_DEF_IPV6_OPTIONS - #define __UAPI_DEF_IPV6_OPTIONS 1 -+#endif -+#ifndef __UAPI_DEF_IN6_PKTINFO - #define __UAPI_DEF_IN6_PKTINFO 1 -+#endif -+#ifndef __UAPI_DEF_IP6_MTUINFO - #define __UAPI_DEF_IP6_MTUINFO 1 -+#endif - - /* Definitions for ipx.h */ -+#ifndef __UAPI_DEF_SOCKADDR_IPX - #define __UAPI_DEF_SOCKADDR_IPX 1 -+#endif -+#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION - #define __UAPI_DEF_IPX_ROUTE_DEFINITION 1 -+#endif -+#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION - #define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1 -+#endif -+#ifndef __UAPI_DEF_IPX_CONFIG_DATA - #define __UAPI_DEF_IPX_CONFIG_DATA 1 -+#endif -+#ifndef __UAPI_DEF_IPX_ROUTE_DEF - #define __UAPI_DEF_IPX_ROUTE_DEF 1 -+#endif - - /* Definitions for xattr.h */ -+#ifndef __UAPI_DEF_XATTR - #define __UAPI_DEF_XATTR 1 -+#endif - - #endif /* __GLIBC__ */ - diff --git a/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 6395dd0795..37c63ec6c6 100644 --- a/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5060,10 +5048,9 @@ static int nf_tables_commit(struct net * +@@ -5062,10 +5050,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5200,10 +5187,9 @@ static int nf_tables_abort(struct net *n +@@ -5202,10 +5189,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5304,7 +5290,7 @@ int nft_chain_validate_hooks(const struc +@@ -5306,7 +5292,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5786,8 +5772,7 @@ int __nft_release_basechain(struct nft_c +@@ -5788,8 +5774,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5816,8 +5801,7 @@ static void __nft_release_afinfo(struct +@@ -5818,8 +5803,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 8a0d2f0fb7..2a5025855a 100644 --- a/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4765,6 +4809,605 @@ static void nf_tables_obj_notify(const s +@@ -4767,6 +4811,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4795,6 +5438,49 @@ nla_put_failure: +@@ -4797,6 +5440,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -4947,6 +5633,21 @@ static const struct nfnl_callback nf_tab +@@ -4949,6 +5635,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -4992,6 +5693,9 @@ static void nf_tables_commit_release(str +@@ -4994,6 +5695,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5109,6 +5813,21 @@ static int nf_tables_commit(struct net * +@@ -5111,6 +5815,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5146,6 +5865,9 @@ static void nf_tables_abort_release(stru +@@ -5148,6 +5867,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5235,6 +5957,17 @@ static int nf_tables_abort(struct net *n +@@ -5237,6 +5959,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5785,6 +6518,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5787,6 +6520,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5798,6 +6532,9 @@ static void __nft_release_afinfo(struct +@@ -5800,6 +6534,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5808,6 +6545,11 @@ static void __nft_release_afinfo(struct +@@ -5810,6 +6547,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_destroy(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5851,6 +6593,8 @@ static int __init nf_tables_module_init( +@@ -5853,6 +6595,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5865,6 +6609,7 @@ static void __exit nf_tables_module_exit +@@ -5867,6 +6611,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index 344671961a..ac38477ca6 100644 --- a/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4917,7 +4914,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4919,7 +4916,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index b5c1b19a59..dc62dd37a7 100644 --- a/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5341,7 +5341,7 @@ static int nf_tables_getflowtable(struct +@@ -5343,7 +5343,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index a9f13c45df..2b7260c53d 100644 --- a/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5719,7 +5712,6 @@ static int nf_tables_commit(struct net * +@@ -5721,7 +5714,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5881,7 +5873,6 @@ static int nf_tables_abort(struct net *n +@@ -5883,7 +5875,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch b/target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch deleted file mode 100644 index a123d236ab..0000000000 --- a/target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Tue, 19 Dec 2017 12:01:21 +0100 -Subject: [PATCH] netfilter: nf_tables: fix chain filter in - nf_tables_dump_rules() - -ctx->chain may be null now that we have very large object names, -so we cannot check for ctx->chain[0] here. - -Fixes: b7263e071aba7 ("netfilter: nf_tables: Allow table names of up to 255 chars") -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> -Acked-by: Phil Sutter <phil@nwl.cc> ---- - ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -2090,7 +2090,7 @@ static int nf_tables_dump_rules(struct s - continue; - - list_for_each_entry_rcu(chain, &table->chains, list) { -- if (ctx && ctx->chain[0] && -+ if (ctx && ctx->chain && - strcmp(ctx->chain, chain->name) != 0) - continue; - diff --git a/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 57e9b53301..59c419e003 100644 --- a/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,9 +15,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4614,8 +4614,10 @@ static int nf_tables_dump_obj_done(struc - { - struct nft_obj_filter *filter = cb->data; +@@ -5262,8 +5262,10 @@ static int nf_tables_dump_flowtable_done + if (!filter) + return 0; - kfree(filter->table); - kfree(filter); diff --git a/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index b090935cdf..6fedd00eb0 100644 --- a/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5328,7 +5314,8 @@ static int nf_tables_getflowtable(struct +@@ -5330,7 +5316,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5371,7 +5358,7 @@ static void nf_tables_flowtable_notify(s +@@ -5373,7 +5360,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5449,17 +5436,14 @@ static int nf_tables_flowtable_event(str +@@ -5451,17 +5438,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6478,6 +6462,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6480,6 +6464,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6514,10 +6499,10 @@ static void __nft_release_afinfo(struct +@@ -6516,10 +6501,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch index 45dfec1f00..8a2dbd8d5e 100644 --- a/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6468,6 +6468,12 @@ static int __net_init nf_tables_init_net +@@ -6470,6 +6470,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6545,6 +6551,7 @@ static void __nft_release_afinfo(struct +@@ -6547,6 +6553,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch index 28ce2dcf0b..87f804af01 100644 --- a/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6459,21 +6454,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6461,21 +6456,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6494,8 +6474,7 @@ int __nft_release_basechain(struct nft_c +@@ -6496,8 +6476,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6505,10 +6484,11 @@ static void __nft_release_afinfo(struct +@@ -6507,10 +6486,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6549,6 +6529,21 @@ static void __nft_release_afinfo(struct +@@ -6551,6 +6531,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 9e72b7b32d..73cdab0be0 100644 --- a/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5279,7 +5119,6 @@ static int nf_tables_getflowtable(struct +@@ -5281,7 +5121,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5305,12 +5144,8 @@ static int nf_tables_getflowtable(struct +@@ -5307,12 +5146,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6474,7 +6309,7 @@ int __nft_release_basechain(struct nft_c +@@ -6476,7 +6311,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6487,7 +6322,7 @@ static void __nft_release_afinfo(struct +@@ -6489,7 +6324,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6539,7 +6374,7 @@ static int __net_init nf_tables_init_net +@@ -6541,7 +6376,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch index 334a81474d..b16eff6789 100644 --- a/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5201,17 +5201,12 @@ err: +@@ -5203,17 +5203,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 75cbda6baf..c783884f86 100644 --- a/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5325,10 +5323,8 @@ err: +@@ -5327,10 +5325,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { |