diff options
Diffstat (limited to 'target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch')
-rw-r--r-- | target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch | 43 |
1 files changed, 18 insertions, 25 deletions
diff --git a/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch b/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch index 10da96b7ed..fa32f88e17 100644 --- a/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch +++ b/target/linux/generic/pending-4.19/600-netfilter_conntrack_flush.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c -@@ -17,6 +17,7 @@ +@@ -9,6 +9,7 @@ #include <linux/percpu.h> #include <linux/netdevice.h> #include <linux/security.h> @@ -17,8 +17,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> #include <net/net_namespace.h> #ifdef CONFIG_SYSCTL #include <linux/sysctl.h> -@@ -381,10 +382,66 @@ static int ct_open(struct inode *inode, - sizeof(struct ct_iter_state)); +@@ -433,6 +434,56 @@ static int ct_cpu_seq_show(struct seq_fi + return 0; } +struct kill_request { @@ -44,13 +44,11 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> + nf_inet_addr_cmp(&kr->addr, &t2->dst.u3)); +} + -+static ssize_t ct_file_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *ppos) ++static int ct_file_write(struct file *file, char *buf, size_t count) +{ + struct seq_file *seq = file->private_data; + struct net *net = seq_file_net(seq); + struct kill_request kr = { }; -+ char req[INET6_ADDRSTRLEN] = { }; + + if (count == 0) + return 0; @@ -58,38 +56,33 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> + if (count >= INET6_ADDRSTRLEN) + count = INET6_ADDRSTRLEN - 1; + -+ if (copy_from_user(req, buf, count)) -+ return -EFAULT; -+ -+ if (strnchr(req, count, ':')) { ++ if (strnchr(buf, count, ':')) { + kr.family = AF_INET6; -+ if (!in6_pton(req, count, (void *)&kr.addr, '\n', NULL)) ++ if (!in6_pton(buf, count, (void *)&kr.addr, '\n', NULL)) + return -EINVAL; -+ } else if (strnchr(req, count, '.')) { ++ } else if (strnchr(buf, count, '.')) { + kr.family = AF_INET; -+ if (!in4_pton(req, count, (void *)&kr.addr, '\n', NULL)) ++ if (!in4_pton(buf, count, (void *)&kr.addr, '\n', NULL)) + return -EINVAL; + } + + nf_ct_iterate_cleanup_net(net, kill_matching, &kr, 0, 0); + -+ return count; ++ return 0; +} + - static const struct file_operations ct_file_ops = { - .owner = THIS_MODULE, - .open = ct_open, - .read = seq_read, -+ .write = ct_file_write, - .llseek = seq_lseek, - .release = seq_release_net, - }; -@@ -488,7 +545,7 @@ static int nf_conntrack_standalone_init_ + static const struct seq_operations ct_cpu_seq_ops = { + .start = ct_cpu_seq_start, + .next = ct_cpu_seq_next, +@@ -446,8 +497,9 @@ static int nf_conntrack_standalone_init_ kuid_t root_uid; kgid_t root_gid; -- pde = proc_create("nf_conntrack", 0440, net->proc_net, &ct_file_ops); -+ pde = proc_create("nf_conntrack", 0660, net->proc_net, &ct_file_ops); +- pde = proc_create_net("nf_conntrack", 0440, net->proc_net, &ct_seq_ops, +- sizeof(struct ct_iter_state)); ++ pde = proc_create_net_data_write("nf_conntrack", 0440, net->proc_net, ++ &ct_seq_ops, &ct_file_write, ++ sizeof(struct ct_iter_state), NULL); if (!pde) goto out_nf_conntrack; |