aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/backport-4.14
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/generic/backport-4.14')
-rw-r--r--target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch2
-rw-r--r--target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch147
-rw-r--r--target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch10
-rw-r--r--target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch24
-rw-r--r--target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch2
-rw-r--r--target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch2
-rw-r--r--target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch4
-rw-r--r--target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch24
-rw-r--r--target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch6
-rw-r--r--target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch10
-rw-r--r--target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch4
-rw-r--r--target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch8
-rw-r--r--target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch10
-rw-r--r--target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch2
-rw-r--r--target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch2
15 files changed, 43 insertions, 214 deletions
diff --git a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch
index 03c0b53655..89117bd874 100644
--- a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch
+++ b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch
@@ -74,7 +74,7 @@ Cc: Kir Kolyshkin <kir@openvz.org>
sk->sk_gso_max_size - 1 - MAX_TCP_HEADER);
/* Goal is to send at least one packet per ms,
-@@ -2145,7 +2145,7 @@ static bool tcp_small_queue_check(struct
+@@ -2172,7 +2172,7 @@ static bool tcp_small_queue_check(struct
{
unsigned int limit;
diff --git a/target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch b/target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch
deleted file mode 100644
index 530a9e8a85..0000000000
--- a/target/linux/generic/backport-4.14/270-uapi-libc-compat-add-fallback-for-unsupported-libcs.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From c6bdd0d302119819de72439972d0462c26ef9eda Mon Sep 17 00:00:00 2001
-From: Felix Janda <felix.janda@posteo.de>
-Date: Sun, 12 Nov 2017 13:30:17 -0500
-Subject: uapi libc compat: add fallback for unsupported libcs
-
-libc-compat.h aims to prevent symbol collisions between uapi and libc
-headers for each supported libc. This requires continuous coordination
-between them.
-
-The goal of this commit is to improve the situation for libcs (such as
-musl) which are not yet supported and/or do not wish to be explicitly
-supported, while not affecting supported libcs. More precisely, with
-this commit, unsupported libcs can request the suppression of any
-specific uapi definition by defining the correspondings _UAPI_DEF_*
-macro as 0. This can fix symbol collisions for them, as long as the
-libc headers are included before the uapi headers. Inclusion in the
-other order is outside the scope of this commit.
-
-All infrastructure in order to enable this fallback for unsupported
-libcs is already in place, except that libc-compat.h unconditionally
-defines all _UAPI_DEF_* macros to 1 for all unsupported libcs so that
-any previous definitions are ignored. In order to fix this, this commit
-merely makes these definitions conditional.
-
-This commit together with the musl libc commit
-
-http://git.musl-libc.org/cgit/musl/commit/?id=04983f2272382af92eb8f8838964ff944fbb8258
-
-fixes for example the following compiler errors when <linux/in6.h> is
-included after musl's <netinet/in.h>:
-
-./linux/in6.h:32:8: error: redefinition of 'struct in6_addr'
-./linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6'
-./linux/in6.h:59:8: error: redefinition of 'struct ipv6_mreq'
-
-The comments referencing glibc are still correct, but this file is not
-only used for glibc any more.
-
-Signed-off-by: Felix Janda <felix.janda@posteo.de>
-Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
----
- include/uapi/linux/libc-compat.h | 55 +++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 54 insertions(+), 1 deletion(-)
-
---- a/include/uapi/linux/libc-compat.h
-+++ b/include/uapi/linux/libc-compat.h
-@@ -168,46 +168,99 @@
-
- /* If we did not see any headers from any supported C libraries,
- * or we are being included in the kernel, then define everything
-- * that we need. */
-+ * that we need. Check for previous __UAPI_* definitions to give
-+ * unsupported C libraries a way to opt out of any kernel definition. */
- #else /* !defined(__GLIBC__) */
-
- /* Definitions for if.h */
-+#ifndef __UAPI_DEF_IF_IFCONF
- #define __UAPI_DEF_IF_IFCONF 1
-+#endif
-+#ifndef __UAPI_DEF_IF_IFMAP
- #define __UAPI_DEF_IF_IFMAP 1
-+#endif
-+#ifndef __UAPI_DEF_IF_IFNAMSIZ
- #define __UAPI_DEF_IF_IFNAMSIZ 1
-+#endif
-+#ifndef __UAPI_DEF_IF_IFREQ
- #define __UAPI_DEF_IF_IFREQ 1
-+#endif
- /* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
-+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS
- #define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
-+#endif
- /* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
-+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
- #define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
-+#endif
-
- /* Definitions for in.h */
-+#ifndef __UAPI_DEF_IN_ADDR
- #define __UAPI_DEF_IN_ADDR 1
-+#endif
-+#ifndef __UAPI_DEF_IN_IPPROTO
- #define __UAPI_DEF_IN_IPPROTO 1
-+#endif
-+#ifndef __UAPI_DEF_IN_PKTINFO
- #define __UAPI_DEF_IN_PKTINFO 1
-+#endif
-+#ifndef __UAPI_DEF_IP_MREQ
- #define __UAPI_DEF_IP_MREQ 1
-+#endif
-+#ifndef __UAPI_DEF_SOCKADDR_IN
- #define __UAPI_DEF_SOCKADDR_IN 1
-+#endif
-+#ifndef __UAPI_DEF_IN_CLASS
- #define __UAPI_DEF_IN_CLASS 1
-+#endif
-
- /* Definitions for in6.h */
-+#ifndef __UAPI_DEF_IN6_ADDR
- #define __UAPI_DEF_IN6_ADDR 1
-+#endif
-+#ifndef __UAPI_DEF_IN6_ADDR_ALT
- #define __UAPI_DEF_IN6_ADDR_ALT 1
-+#endif
-+#ifndef __UAPI_DEF_SOCKADDR_IN6
- #define __UAPI_DEF_SOCKADDR_IN6 1
-+#endif
-+#ifndef __UAPI_DEF_IPV6_MREQ
- #define __UAPI_DEF_IPV6_MREQ 1
-+#endif
-+#ifndef __UAPI_DEF_IPPROTO_V6
- #define __UAPI_DEF_IPPROTO_V6 1
-+#endif
-+#ifndef __UAPI_DEF_IPV6_OPTIONS
- #define __UAPI_DEF_IPV6_OPTIONS 1
-+#endif
-+#ifndef __UAPI_DEF_IN6_PKTINFO
- #define __UAPI_DEF_IN6_PKTINFO 1
-+#endif
-+#ifndef __UAPI_DEF_IP6_MTUINFO
- #define __UAPI_DEF_IP6_MTUINFO 1
-+#endif
-
- /* Definitions for ipx.h */
-+#ifndef __UAPI_DEF_SOCKADDR_IPX
- #define __UAPI_DEF_SOCKADDR_IPX 1
-+#endif
-+#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
- #define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
-+#endif
-+#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
- #define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
-+#endif
-+#ifndef __UAPI_DEF_IPX_CONFIG_DATA
- #define __UAPI_DEF_IPX_CONFIG_DATA 1
-+#endif
-+#ifndef __UAPI_DEF_IPX_ROUTE_DEF
- #define __UAPI_DEF_IPX_ROUTE_DEF 1
-+#endif
-
- /* Definitions for xattr.h */
-+#ifndef __UAPI_DEF_XATTR
- #define __UAPI_DEF_XATTR 1
-+#endif
-
- #endif /* __GLIBC__ */
-
diff --git a/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
index 6395dd0795..37c63ec6c6 100644
--- a/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
+++ b/target/linux/generic/backport-4.14/303-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
@@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
nft_chain_release_hook(&hook);
}
-@@ -5060,10 +5048,9 @@ static int nf_tables_commit(struct net *
+@@ -5062,10 +5050,9 @@ static int nf_tables_commit(struct net *
case NFT_MSG_DELCHAIN:
list_del_rcu(&trans->ctx.chain->list);
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
@@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
break;
case NFT_MSG_NEWRULE:
nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5200,10 +5187,9 @@ static int nf_tables_abort(struct net *n
+@@ -5202,10 +5189,9 @@ static int nf_tables_abort(struct net *n
} else {
trans->ctx.table->use--;
list_del_rcu(&trans->ctx.chain->list);
@@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
break;
case NFT_MSG_DELCHAIN:
-@@ -5304,7 +5290,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5306,7 +5292,7 @@ int nft_chain_validate_hooks(const struc
if (nft_is_base_chain(chain)) {
basechain = nft_base_chain(chain);
@@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
return -EOPNOTSUPP;
-@@ -5786,8 +5772,7 @@ int __nft_release_basechain(struct nft_c
+@@ -5788,8 +5774,7 @@ int __nft_release_basechain(struct nft_c
BUG_ON(!nft_is_base_chain(ctx->chain));
@@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
list_del(&rule->list);
ctx->chain->use--;
-@@ -5816,8 +5801,7 @@ static void __nft_release_afinfo(struct
+@@ -5818,8 +5803,7 @@ static void __nft_release_afinfo(struct
list_for_each_entry_safe(table, nt, &afi->tables, list) {
list_for_each_entry(chain, &table->chains, list)
diff --git a/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch
index 8a0d2f0fb7..2a5025855a 100644
--- a/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch
+++ b/target/linux/generic/backport-4.14/321-netfilter-nf_tables-add-flow-table-netlink-frontend.patch
@@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
err = nft_delobj(ctx, obj);
if (err < 0)
-@@ -4765,6 +4809,605 @@ static void nf_tables_obj_notify(const s
+@@ -4767,6 +4811,605 @@ static void nf_tables_obj_notify(const s
ctx->afi->family, ctx->report, GFP_KERNEL);
}
@@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
u32 portid, u32 seq)
{
-@@ -4795,6 +5438,49 @@ nla_put_failure:
+@@ -4797,6 +5440,49 @@ nla_put_failure:
return -EMSGSIZE;
}
@@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
int event)
{
-@@ -4947,6 +5633,21 @@ static const struct nfnl_callback nf_tab
+@@ -4949,6 +5635,21 @@ static const struct nfnl_callback nf_tab
.attr_count = NFTA_OBJ_MAX,
.policy = nft_obj_policy,
},
@@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
};
static void nft_chain_commit_update(struct nft_trans *trans)
-@@ -4992,6 +5693,9 @@ static void nf_tables_commit_release(str
+@@ -4994,6 +5695,9 @@ static void nf_tables_commit_release(str
case NFT_MSG_DELOBJ:
nft_obj_destroy(nft_trans_obj(trans));
break;
@@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
kfree(trans);
}
-@@ -5109,6 +5813,21 @@ static int nf_tables_commit(struct net *
+@@ -5111,6 +5815,21 @@ static int nf_tables_commit(struct net *
nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
NFT_MSG_DELOBJ);
break;
@@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
-@@ -5146,6 +5865,9 @@ static void nf_tables_abort_release(stru
+@@ -5148,6 +5867,9 @@ static void nf_tables_abort_release(stru
case NFT_MSG_NEWOBJ:
nft_obj_destroy(nft_trans_obj(trans));
break;
@@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
kfree(trans);
}
-@@ -5235,6 +5957,17 @@ static int nf_tables_abort(struct net *n
+@@ -5237,6 +5959,17 @@ static int nf_tables_abort(struct net *n
nft_clear(trans->ctx.net, nft_trans_obj(trans));
nft_trans_destroy(trans);
break;
@@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
-@@ -5785,6 +6518,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
+@@ -5787,6 +6520,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
{
@@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_table *table, *nt;
struct nft_chain *chain, *nc;
struct nft_object *obj, *ne;
-@@ -5798,6 +6532,9 @@ static void __nft_release_afinfo(struct
+@@ -5800,6 +6534,9 @@ static void __nft_release_afinfo(struct
list_for_each_entry_safe(table, nt, &afi->tables, list) {
list_for_each_entry(chain, &table->chains, list)
nf_tables_unregister_hook(net, table, chain);
@@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/* No packets are walking on these chains anymore. */
ctx.table = table;
list_for_each_entry(chain, &table->chains, list) {
-@@ -5808,6 +6545,11 @@ static void __nft_release_afinfo(struct
+@@ -5810,6 +6547,11 @@ static void __nft_release_afinfo(struct
nf_tables_rule_destroy(&ctx, rule);
}
}
@@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry_safe(set, ns, &table->sets, list) {
list_del(&set->list);
table->use--;
-@@ -5851,6 +6593,8 @@ static int __init nf_tables_module_init(
+@@ -5853,6 +6595,8 @@ static int __init nf_tables_module_init(
if (err < 0)
goto err3;
@@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
return register_pernet_subsys(&nf_tables_net_ops);
err3:
-@@ -5865,6 +6609,7 @@ static void __exit nf_tables_module_exit
+@@ -5867,6 +6611,7 @@ static void __exit nf_tables_module_exit
{
unregister_pernet_subsys(&nf_tables_net_ops);
nfnetlink_subsys_unregister(&nf_tables_subsys);
diff --git a/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
index 344671961a..ac38477ca6 100644
--- a/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
+++ b/target/linux/generic/backport-4.14/327-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
@@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
-@@ -4917,7 +4914,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4919,7 +4916,7 @@ static int nf_tables_flowtable_parse_hoo
return -EINVAL;
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
diff --git a/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch
index b5c1b19a59..dc62dd37a7 100644
--- a/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch
+++ b/target/linux/generic/backport-4.14/328-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch
@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
-@@ -5341,7 +5341,7 @@ static int nf_tables_getflowtable(struct
+@@ -5343,7 +5343,7 @@ static int nf_tables_getflowtable(struct
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
genmask);
diff --git a/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch
index a9f13c45df..2b7260c53d 100644
--- a/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch
+++ b/target/linux/generic/backport-4.14/331-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch
@@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (ret >= 0) {
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
nft_trans_table_enable(trans) = true;
-@@ -5719,7 +5712,6 @@ static int nf_tables_commit(struct net *
+@@ -5721,7 +5714,6 @@ static int nf_tables_commit(struct net *
if (nft_trans_table_update(trans)) {
if (!nft_trans_table_enable(trans)) {
nf_tables_table_disable(net,
@@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
trans->ctx.table);
trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
}
-@@ -5881,7 +5873,6 @@ static int nf_tables_abort(struct net *n
+@@ -5883,7 +5875,6 @@ static int nf_tables_abort(struct net *n
if (nft_trans_table_update(trans)) {
if (nft_trans_table_enable(trans)) {
nf_tables_table_disable(net,
diff --git a/target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch b/target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch
deleted file mode 100644
index a123d236ab..0000000000
--- a/target/linux/generic/backport-4.14/333-netfilter-nf_tables-fix-chain-filter-in-nf_tables_du.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 19 Dec 2017 12:01:21 +0100
-Subject: [PATCH] netfilter: nf_tables: fix chain filter in
- nf_tables_dump_rules()
-
-ctx->chain may be null now that we have very large object names,
-so we cannot check for ctx->chain[0] here.
-
-Fixes: b7263e071aba7 ("netfilter: nf_tables: Allow table names of up to 255 chars")
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Acked-by: Phil Sutter <phil@nwl.cc>
----
-
---- a/net/netfilter/nf_tables_api.c
-+++ b/net/netfilter/nf_tables_api.c
-@@ -2090,7 +2090,7 @@ static int nf_tables_dump_rules(struct s
- continue;
-
- list_for_each_entry_rcu(chain, &table->chains, list) {
-- if (ctx && ctx->chain[0] &&
-+ if (ctx && ctx->chain &&
- strcmp(ctx->chain, chain->name) != 0)
- continue;
-
diff --git a/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch
index 57e9b53301..59c419e003 100644
--- a/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch
+++ b/target/linux/generic/backport-4.14/334-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch
@@ -15,9 +15,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
-@@ -4614,8 +4614,10 @@ static int nf_tables_dump_obj_done(struc
- {
- struct nft_obj_filter *filter = cb->data;
+@@ -5262,8 +5262,10 @@ static int nf_tables_dump_flowtable_done
+ if (!filter)
+ return 0;
- kfree(filter->table);
- kfree(filter);
diff --git a/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
index b090935cdf..6fedd00eb0 100644
--- a/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
+++ b/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
@@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
-@@ -5328,7 +5314,8 @@ static int nf_tables_getflowtable(struct
+@@ -5330,7 +5316,8 @@ static int nf_tables_getflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
@@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -5371,7 +5358,7 @@ static void nf_tables_flowtable_notify(s
+@@ -5373,7 +5360,7 @@ static void nf_tables_flowtable_notify(s
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
ctx->seq, event, 0,
@@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0) {
kfree_skb(skb);
goto err;
-@@ -5449,17 +5436,14 @@ static int nf_tables_flowtable_event(str
+@@ -5451,17 +5438,14 @@ static int nf_tables_flowtable_event(str
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct nft_flowtable *flowtable;
struct nft_table *table;
@@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
-@@ -6478,6 +6462,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
+@@ -6480,6 +6464,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
static int __net_init nf_tables_init_net(struct net *net)
{
INIT_LIST_HEAD(&net->nft.af_info);
@@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
INIT_LIST_HEAD(&net->nft.commit_list);
net->nft.base_seq = 1;
return 0;
-@@ -6514,10 +6499,10 @@ static void __nft_release_afinfo(struct
+@@ -6516,10 +6501,10 @@ static void __nft_release_afinfo(struct
struct nft_set *set, *ns;
struct nft_ctx ctx = {
.net = net,
diff --git a/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch
index 45dfec1f00..8a2dbd8d5e 100644
--- a/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch
+++ b/target/linux/generic/backport-4.14/336-netfilter-exit_net-cleanup-check-added.patch
@@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
static struct pernet_operations clusterip_net_ops = {
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
-@@ -6468,6 +6468,12 @@ static int __net_init nf_tables_init_net
+@@ -6470,6 +6470,12 @@ static int __net_init nf_tables_init_net
return 0;
}
@@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
int __nft_release_basechain(struct nft_ctx *ctx)
{
struct nft_rule *rule, *nr;
-@@ -6545,6 +6551,7 @@ static void __nft_release_afinfo(struct
+@@ -6547,6 +6553,7 @@ static void __nft_release_afinfo(struct
static struct pernet_operations nf_tables_net_ops = {
.init = nf_tables_init_net,
diff --git a/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch
index 28ce2dcf0b..87f804af01 100644
--- a/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch
+++ b/target/linux/generic/backport-4.14/337-netfilter-nf_tables-get-rid-of-pernet-families.patch
@@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
rcu_read_unlock();
-@@ -6459,21 +6454,6 @@ int nft_data_dump(struct sk_buff *skb, i
+@@ -6461,21 +6456,6 @@ int nft_data_dump(struct sk_buff *skb, i
}
EXPORT_SYMBOL_GPL(nft_data_dump);
@@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
int __nft_release_basechain(struct nft_ctx *ctx)
{
struct nft_rule *rule, *nr;
-@@ -6494,8 +6474,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6496,8 +6476,7 @@ int __nft_release_basechain(struct nft_c
}
EXPORT_SYMBOL_GPL(__nft_release_basechain);
@@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
{
struct nft_flowtable *flowtable, *nf;
struct nft_table *table, *nt;
-@@ -6505,10 +6484,11 @@ static void __nft_release_afinfo(struct
+@@ -6507,10 +6486,11 @@ static void __nft_release_afinfo(struct
struct nft_set *set, *ns;
struct nft_ctx ctx = {
.net = net,
@@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry(chain, &table->chains, list)
nf_tables_unregister_hook(net, table, chain);
list_for_each_entry(flowtable, &table->flowtables, list)
-@@ -6549,6 +6529,21 @@ static void __nft_release_afinfo(struct
+@@ -6551,6 +6531,21 @@ static void __nft_release_afinfo(struct
}
}
diff --git a/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch
index 9e72b7b32d..73cdab0be0 100644
--- a/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch
+++ b/target/linux/generic/backport-4.14/338-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch
@@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
goto done;
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -5279,7 +5119,6 @@ static int nf_tables_getflowtable(struct
+@@ -5281,7 +5121,6 @@ static int nf_tables_getflowtable(struct
u8 genmask = nft_genmask_cur(net);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
@@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
struct sk_buff *skb2;
int err;
-@@ -5305,12 +5144,8 @@ static int nf_tables_getflowtable(struct
+@@ -5307,12 +5146,8 @@ static int nf_tables_getflowtable(struct
if (!nla[NFTA_FLOWTABLE_NAME])
return -EINVAL;
@@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -6474,7 +6309,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6476,7 +6311,7 @@ int __nft_release_basechain(struct nft_c
}
EXPORT_SYMBOL_GPL(__nft_release_basechain);
@@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
{
struct nft_flowtable *flowtable, *nf;
struct nft_table *table, *nt;
-@@ -6487,7 +6322,7 @@ static void __nft_release_afinfo(struct
+@@ -6489,7 +6324,7 @@ static void __nft_release_afinfo(struct
};
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
@@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry(chain, &table->chains, list)
nf_tables_unregister_hook(net, table, chain);
-@@ -6539,7 +6374,7 @@ static int __net_init nf_tables_init_net
+@@ -6541,7 +6376,7 @@ static int __net_init nf_tables_init_net
static void __net_exit nf_tables_exit_net(struct net *net)
{
diff --git a/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch
index 334a81474d..b16eff6789 100644
--- a/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch
+++ b/target/linux/generic/backport-4.14/342-netfilter-nf_tables-fix-flowtable-free.patch
@@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
};
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
-@@ -5201,17 +5201,12 @@ err:
+@@ -5203,17 +5203,12 @@ err:
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
}
diff --git a/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch
index 75cbda6baf..c783884f86 100644
--- a/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch
+++ b/target/linux/generic/backport-4.14/357-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch
@@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
err3:
module_put(type->owner);
err2:
-@@ -5325,10 +5323,8 @@ err:
+@@ -5327,10 +5325,8 @@ err:
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
{