diff options
24 files changed, 163 insertions, 240 deletions
diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 3e31f6ca7c..c6108bead8 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -2,11 +2,11 @@ LINUX_RELEASE?=1 -LINUX_VERSION-4.14 = .67 LINUX_VERSION-4.9 = .125 +LINUX_VERSION-4.14 = .68 -LINUX_KERNEL_HASH-4.14.67 = 3f4b056dc27233a78f7a4a35ed6fdcfd0a9680ec40b611a898bb6c8b905070ba LINUX_KERNEL_HASH-4.9.125 = a764deef61bebfac1d07b2ed6890f93a12a9ab6d3fc3c53e3d850ed4681111cb +LINUX_KERNEL_HASH-4.14.68 = 791dbf1597033bf2b61e83307d78188ffc1ad4bdd1da3234876667edfdd28690 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/brcm47xx/patches-4.14/330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch b/target/linux/brcm47xx/patches-4.14/330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch deleted file mode 100644 index ad306210b9..0000000000 --- a/target/linux/brcm47xx/patches-4.14/330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl> -Date: Fri, 27 Jul 2018 12:39:01 +0200 -Subject: [PATCH] Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe - erratum" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit 2a027b47dba6b77ab8c8e47b589ae9bbc5ac6175. - -Enabling ExternalSync caused a regression for BCM4718A1 (used e.g. in -Netgear E3000 and ASUS RT-N16): it simply hangs during PCIe -initialization. It's likely that BCM4717A1 is also affected. - -I didn't notice that earlier as the only BCM47XX devices with PCIe I -own are: -1) BCM4706 with 2 x 14e4:4331 -2) BCM4706 with 14e4:4360 and 14e4:4331 -it appears that BCM4706 is unaffected. - -While BCM5300X-ES300-RDS.pdf seems to document that erratum and its -workarounds (according to quotes provided by Tokunori) it seems not even -Broadcom follows them. - -According to the provided info Broadcom should define CONF7_ES in their -SDK's mipsinc.h and implement workaround in the si_mips_init(). Checking -both didn't reveal such code. It *could* mean Broadcom also had some -problems with the given workaround. - -Reported-by: Michael Marley <michael@michaelmarley.com> -Cc: Tokunori Ikegami <ikegami@allied-telesis.co.jp> -Cc: Paul Burton <paul.burton@mips.com> -Cc: Hauke Mehrtens <hauke@hauke-m.de> -Cc: Chris Packham <chris.packham@alliedtelesis.co.nz> -Cc: stable@vger.kernel.org -Cc: James Hogan <jhogan@kernel.org> -Signed-off-by: Rafał Miłecki <rafal@milecki.pl> ---- - arch/mips/bcm47xx/setup.c | 6 ------ - arch/mips/include/asm/mipsregs.h | 3 --- - 2 files changed, 9 deletions(-) - ---- a/arch/mips/bcm47xx/setup.c -+++ b/arch/mips/bcm47xx/setup.c -@@ -212,12 +212,6 @@ static int __init bcm47xx_cpu_fixes(void - */ - if (bcm47xx_bus.bcma.bus.chipinfo.id == BCMA_CHIP_ID_BCM4706) - cpu_wait = NULL; -- -- /* -- * BCM47XX Erratum "R10: PCIe Transactions Periodically Fail" -- * Enable ExternalSync for sync instruction to take effect -- */ -- set_c0_config7(MIPS_CONF7_ES); - break; - #endif - } ---- a/arch/mips/include/asm/mipsregs.h -+++ b/arch/mips/include/asm/mipsregs.h -@@ -680,8 +680,6 @@ - #define MIPS_CONF7_WII (_ULCAST_(1) << 31) - - #define MIPS_CONF7_RPS (_ULCAST_(1) << 2) --/* ExternalSync */ --#define MIPS_CONF7_ES (_ULCAST_(1) << 8) - - #define MIPS_CONF7_IAR (_ULCAST_(1) << 10) - #define MIPS_CONF7_AR (_ULCAST_(1) << 16) -@@ -2747,7 +2745,6 @@ __BUILD_SET_C0(status) - __BUILD_SET_C0(cause) - __BUILD_SET_C0(config) - __BUILD_SET_C0(config5) --__BUILD_SET_C0(config7) - __BUILD_SET_C0(intcontrol) - __BUILD_SET_C0(intctl) - __BUILD_SET_C0(srsmap) diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 75e86f1b46..b279e8c30a 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err1: nf_tables_chain_destroy(chain); -@@ -1478,14 +1469,13 @@ static int nf_tables_updchain(struct nft +@@ -1478,13 +1469,12 @@ static int nf_tables_updchain(struct nft const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; struct nft_chain *chain = ctx->chain; @@ -236,7 +236,6 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_base_chain *basechain; struct nft_stats *stats = NULL; struct nft_chain_hook hook; - const struct nlattr *name; struct nf_hook_ops *ops; struct nft_trans *trans; - int err, i; @@ -244,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nla[NFTA_CHAIN_HOOK]) { if (!nft_is_base_chain(chain)) -@@ -1502,14 +1492,12 @@ static int nf_tables_updchain(struct nft +@@ -1501,14 +1491,12 @@ static int nf_tables_updchain(struct nft return -EBUSY; } @@ -265,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5113,10 +5101,9 @@ static int nf_tables_commit(struct net * +@@ -5134,10 +5122,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5253,10 +5240,9 @@ static int nf_tables_abort(struct net *n +@@ -5274,10 +5261,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5359,7 +5345,7 @@ int nft_chain_validate_hooks(const struc +@@ -5380,7 +5366,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5841,8 +5827,7 @@ int __nft_release_basechain(struct nft_c +@@ -5862,8 +5848,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5871,8 +5856,7 @@ static void __nft_release_afinfo(struct +@@ -5892,8 +5877,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 625de6b348..25b7ea224e 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4818,6 +4862,605 @@ static void nf_tables_obj_notify(const s +@@ -4834,6 +4878,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4848,6 +5491,49 @@ nla_put_failure: +@@ -4864,6 +5507,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -5000,6 +5686,21 @@ static const struct nfnl_callback nf_tab +@@ -5016,6 +5702,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5045,6 +5746,9 @@ static void nf_tables_commit_release(str +@@ -5064,6 +5765,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5162,6 +5866,21 @@ static int nf_tables_commit(struct net * +@@ -5183,6 +5887,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5199,6 +5918,9 @@ static void nf_tables_abort_release(stru +@@ -5220,6 +5939,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5290,6 +6012,17 @@ static int nf_tables_abort(struct net *n +@@ -5311,6 +6033,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5840,6 +6573,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5861,6 +6594,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5853,6 +6587,9 @@ static void __nft_release_afinfo(struct +@@ -5874,6 +6608,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5863,6 +6600,11 @@ static void __nft_release_afinfo(struct +@@ -5884,6 +6621,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5906,6 +6648,8 @@ static int __init nf_tables_module_init( +@@ -5927,6 +6669,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5920,6 +6664,7 @@ static void __exit nf_tables_module_exit +@@ -5941,6 +6685,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index 9c98fa73c4..ae30a984d5 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4970,7 +4967,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4986,7 +4983,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index d0863b836b..493ed1d27d 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5394,7 +5394,7 @@ static int nf_tables_getflowtable(struct +@@ -5410,7 +5410,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index aeef003303..ddcdb78a6f 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5772,7 +5765,6 @@ static int nf_tables_commit(struct net * +@@ -5791,7 +5784,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5934,7 +5926,6 @@ static int nf_tables_abort(struct net *n +@@ -5955,7 +5947,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index d7c07244fc..719c2d9940 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5313,8 +5313,10 @@ static int nf_tables_dump_flowtable_done +@@ -5329,8 +5329,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 47ba98c191..0991f05700 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) return err; -@@ -1509,7 +1504,7 @@ static int nf_tables_updchain(struct nft +@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft if (!nft_is_base_chain(chain)) return -EBUSY; @@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> create); if (err < 0) return err; -@@ -1602,7 +1597,8 @@ static int nf_tables_newchain(struct net +@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1642,7 +1638,7 @@ static int nf_tables_newchain(struct net +@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net } } @@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1676,7 +1672,8 @@ static int nf_tables_delchain(struct net +@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1688,7 +1685,7 @@ static int nf_tables_delchain(struct net +@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -1853,7 +1850,7 @@ static int nf_tables_expr_parse(const st +@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st if (err < 0) return err; @@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) return PTR_ERR(type); -@@ -2077,7 +2074,7 @@ static void nf_tables_rule_notify(const +@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const goto err; err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ctx->chain, rule); if (err < 0) { kfree_skb(skb); -@@ -2101,7 +2098,6 @@ static int nf_tables_dump_rules(struct s +@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); const struct nft_rule_dump_ctx *ctx = cb->data; @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2112,39 +2108,37 @@ static int nf_tables_dump_rules(struct s +@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } } -@@ -2222,7 +2216,8 @@ static int nf_tables_getrule(struct net +@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2306,7 +2301,8 @@ static int nf_tables_newrule(struct net +@@ -2322,7 +2317,8 @@ static int nf_tables_newrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2345,7 +2341,7 @@ static int nf_tables_newrule(struct net +@@ -2361,7 +2357,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> n = 0; size = 0; -@@ -2485,7 +2481,8 @@ static int nf_tables_delrule(struct net +@@ -2501,7 +2497,8 @@ static int nf_tables_delrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2496,7 +2493,7 @@ static int nf_tables_delrule(struct net +@@ -2512,7 +2509,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2694,13 +2691,13 @@ static int nft_ctx_init_from_setattr(str +@@ -2710,13 +2707,13 @@ static int nft_ctx_init_from_setattr(str if (afi == NULL) return -EAFNOSUPPORT; @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2828,7 +2825,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2844,7 +2841,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2920,10 +2917,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2936,10 +2933,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2932,51 +2927,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2948,51 +2943,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } cb->args[1] = 1; done: -@@ -3186,11 +3174,12 @@ static int nf_tables_newset(struct net * +@@ -3202,11 +3190,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3459,12 +3448,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3475,12 +3464,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3569,7 +3558,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3585,7 +3574,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3581,21 +3569,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3597,21 +3585,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; } -@@ -3615,7 +3601,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3631,7 +3617,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3717,7 +3703,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3733,7 +3719,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3961,7 +3947,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3977,7 +3963,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4510,7 +4496,8 @@ static int nf_tables_newobj(struct net * +@@ -4526,7 +4512,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4528,7 +4515,7 @@ static int nf_tables_newobj(struct net * +@@ -4544,7 +4531,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4605,7 +4592,6 @@ struct nft_obj_filter { +@@ -4621,7 +4608,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4620,38 +4606,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4636,38 +4622,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -4738,7 +4723,8 @@ static int nf_tables_getobj(struct net * +@@ -4754,7 +4739,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4798,7 +4784,8 @@ static int nf_tables_delobj(struct net * +@@ -4814,7 +4800,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4809,7 +4796,7 @@ static int nf_tables_delobj(struct net * +@@ -4825,7 +4812,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4847,7 +4834,7 @@ static void nf_tables_obj_notify(const s +@@ -4863,7 +4850,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } /* -@@ -5037,7 +5024,7 @@ void nft_flow_table_iterate(struct net * +@@ -5053,7 +5040,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5085,7 +5072,8 @@ static int nf_tables_newflowtable(struct +@@ -5101,7 +5088,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5102,7 +5090,7 @@ static int nf_tables_newflowtable(struct +@@ -5118,7 +5106,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5183,7 +5171,8 @@ static int nf_tables_delflowtable(struct +@@ -5199,7 +5187,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5194,7 +5183,7 @@ static int nf_tables_delflowtable(struct +@@ -5210,7 +5199,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5263,40 +5252,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5279,40 +5268,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5381,7 +5367,8 @@ static int nf_tables_getflowtable(struct +@@ -5397,7 +5383,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5424,7 +5411,7 @@ static void nf_tables_flowtable_notify(s +@@ -5440,7 +5427,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5502,17 +5489,14 @@ static int nf_tables_flowtable_event(str +@@ -5518,17 +5505,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6533,6 +6517,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6554,6 +6538,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6569,10 +6554,10 @@ static void __nft_release_afinfo(struct +@@ -6590,10 +6575,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index 0d973ac028..d71c8e0aba 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6523,6 +6523,12 @@ static int __net_init nf_tables_init_net +@@ -6544,6 +6544,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6600,6 +6606,7 @@ static void __nft_release_afinfo(struct +@@ -6621,6 +6627,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index 0ea11524fc..d1325de2d4 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (afi->family == family) return afi; } -@@ -5019,15 +5017,12 @@ void nft_flow_table_iterate(struct net * +@@ -5035,15 +5033,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6514,21 +6509,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6535,21 +6530,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6549,8 +6529,7 @@ int __nft_release_basechain(struct nft_c +@@ -6570,8 +6550,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6560,10 +6539,11 @@ static void __nft_release_afinfo(struct +@@ -6581,10 +6560,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6604,6 +6584,21 @@ static void __nft_release_afinfo(struct +@@ -6625,6 +6605,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 0752d69395..868f3e68e6 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1581,7 +1489,6 @@ static int nf_tables_newchain(struct net +@@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net const struct nlattr * uninitialized_var(name); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_chain *chain; u8 policy = NF_ACCEPT; -@@ -1591,11 +1498,7 @@ static int nf_tables_newchain(struct net +@@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1636,7 +1539,7 @@ static int nf_tables_newchain(struct net +@@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net } } @@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1657,7 +1560,6 @@ static int nf_tables_delchain(struct net +@@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule; -@@ -1666,11 +1568,7 @@ static int nf_tables_delchain(struct net +@@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net u32 use; int err; @@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1683,7 +1581,7 @@ static int nf_tables_delchain(struct net +@@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -2107,7 +2005,7 @@ static int nf_tables_dump_rules(struct s +@@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) -@@ -2130,7 +2028,7 @@ static int nf_tables_dump_rules(struct s +@@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s cb->nlh->nlmsg_seq, NFT_MSG_NEWRULE, NLM_F_MULTI | NLM_F_APPEND, @@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> table, chain, rule) < 0) goto done; -@@ -2166,7 +2064,6 @@ static int nf_tables_getrule(struct net +@@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2210,11 +2107,7 @@ static int nf_tables_getrule(struct net +@@ -2226,11 +2123,7 @@ static int nf_tables_getrule(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2279,7 +2172,7 @@ static int nf_tables_newrule(struct net +@@ -2295,7 +2188,7 @@ static int nf_tables_newrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule, *old_rule = NULL; -@@ -2295,11 +2188,7 @@ static int nf_tables_newrule(struct net +@@ -2311,11 +2204,7 @@ static int nf_tables_newrule(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2339,7 +2228,7 @@ static int nf_tables_newrule(struct net +@@ -2355,7 +2244,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> n = 0; size = 0; -@@ -2468,18 +2357,13 @@ static int nf_tables_delrule(struct net +@@ -2484,18 +2373,13 @@ static int nf_tables_delrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2491,7 +2375,7 @@ static int nf_tables_delrule(struct net +@@ -2507,7 +2391,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2676,26 +2560,17 @@ static int nft_ctx_init_from_setattr(str +@@ -2692,26 +2576,17 @@ static int nft_ctx_init_from_setattr(str u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2927,7 +2802,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2943,7 +2818,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx->table && ctx->table != table) -@@ -2948,7 +2823,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2964,7 +2839,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3060,8 +2935,8 @@ static int nf_tables_newset(struct net * +@@ -3076,8 +2951,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3168,16 +3043,12 @@ static int nf_tables_newset(struct net * +@@ -3184,16 +3059,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3439,19 +3310,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3455,19 +3326,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3569,7 +3436,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3585,7 +3452,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (table != dump_ctx->ctx.table) -@@ -3599,7 +3466,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3615,7 +3482,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4478,7 +4345,6 @@ static int nf_tables_newobj(struct net * +@@ -4494,7 +4361,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4490,11 +4356,7 @@ static int nf_tables_newobj(struct net * +@@ -4506,11 +4372,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4513,7 +4375,7 @@ static int nf_tables_newobj(struct net * +@@ -4529,7 +4391,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4605,7 +4467,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4621,7 +4483,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4628,7 +4490,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4644,7 +4506,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj, reset) < 0) goto done; -@@ -4686,7 +4548,6 @@ static int nf_tables_getobj(struct net * +@@ -4702,7 +4564,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4717,11 +4578,7 @@ static int nf_tables_getobj(struct net * +@@ -4733,11 +4594,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4768,7 +4625,6 @@ static int nf_tables_delobj(struct net * +@@ -4784,7 +4641,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4778,11 +4634,7 @@ static int nf_tables_delobj(struct net * +@@ -4794,11 +4650,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4794,7 +4646,7 @@ static int nf_tables_delobj(struct net * +@@ -4810,7 +4662,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4979,33 +4831,31 @@ err1: +@@ -4995,33 +4847,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return ERR_PTR(-EAGAIN); } #endif -@@ -5053,7 +4903,6 @@ static int nf_tables_newflowtable(struct +@@ -5069,7 +4919,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5063,12 +4912,8 @@ static int nf_tables_newflowtable(struct +@@ -5079,12 +4928,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5085,7 +4930,7 @@ static int nf_tables_newflowtable(struct +@@ -5101,7 +4946,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5098,7 +4943,7 @@ static int nf_tables_newflowtable(struct +@@ -5114,7 +4959,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5158,16 +5003,11 @@ static int nf_tables_delflowtable(struct +@@ -5174,16 +5019,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5178,7 +5018,7 @@ static int nf_tables_delflowtable(struct +@@ -5194,7 +5034,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5253,7 +5093,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5269,7 +5109,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5272,7 +5112,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5332,7 +5172,6 @@ static int nf_tables_getflowtable(struct +@@ -5348,7 +5188,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5358,12 +5197,8 @@ static int nf_tables_getflowtable(struct +@@ -5374,12 +5213,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6529,7 +6364,7 @@ int __nft_release_basechain(struct nft_c +@@ -6550,7 +6385,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6542,7 +6377,7 @@ static void __nft_release_afinfo(struct +@@ -6563,7 +6398,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6594,7 +6429,7 @@ static int __net_init nf_tables_init_net +@@ -6615,7 +6450,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index d6736d652f..037759bdb7 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4869,13 +4869,13 @@ void nft_flow_table_iterate(struct net * +@@ -4885,13 +4885,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index d0c6e46c9f..232f4b67a0 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5254,17 +5254,12 @@ err: +@@ -5270,17 +5270,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index 89e12a5f47..f4d5237ded 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net +@@ -1581,6 +1623,7 @@ static int nf_tables_delchain(struct net struct nft_rule *rule; int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 use; int err; -@@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net +@@ -1589,7 +1632,12 @@ static int nf_tables_delchain(struct net if (IS_ERR(table)) return PTR_ERR(table); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(chain)) return PTR_ERR(chain); -@@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p +@@ -2563,6 +2611,7 @@ static const struct nla_policy nft_set_p [NFTA_SET_USERDATA] = { .type = NLA_BINARY, .len = NFT_USERDATA_MAXLEN }, [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, @@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo +@@ -2606,6 +2655,22 @@ static struct nft_set *nf_tables_set_loo return ERR_PTR(-ENOENT); } @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2706,6 +2771,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2722,6 +2787,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3114,6 +3182,7 @@ static int nf_tables_newset(struct net * +@@ -3130,6 +3198,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3173,7 +3242,10 @@ static int nf_tables_delset(struct net * +@@ -3189,7 +3258,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4233,6 +4305,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4249,6 +4321,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4240,6 +4327,7 @@ static const struct nla_policy nft_obj_p +@@ -4256,6 +4343,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4387,6 +4475,8 @@ static int nf_tables_newobj(struct net * +@@ -4403,6 +4491,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4433,7 +4523,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4449,7 +4539,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4631,7 +4723,7 @@ static int nf_tables_delobj(struct net * +@@ -4647,7 +4739,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4640,7 +4732,12 @@ static int nf_tables_delobj(struct net * +@@ -4656,7 +4748,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4712,6 +4809,7 @@ static const struct nla_policy nft_flowt +@@ -4728,6 +4825,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4729,6 +4827,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4745,6 +4843,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4937,6 +5049,8 @@ static int nf_tables_newflowtable(struct +@@ -4953,6 +5065,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5011,8 +5125,14 @@ static int nf_tables_delflowtable(struct +@@ -5027,8 +5141,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5045,7 +5165,9 @@ static int nf_tables_fill_flowtable_info +@@ -5061,7 +5181,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 77e4db3ed7..601df0cf95 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5064,40 +5064,38 @@ static int nf_tables_newflowtable(struct +@@ -5080,40 +5080,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5378,10 +5376,8 @@ err: +@@ -5394,10 +5392,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index e38f22635d..f173b1c4f1 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4930,7 +4930,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4946,7 +4946,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 2fcd663307..784368520d 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4974,23 +4974,6 @@ static const struct nf_flowtable_type *n +@@ -4990,23 +4990,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/hack-4.14/207-disable-modorder.patch b/target/linux/generic/hack-4.14/207-disable-modorder.patch index 8e920d1c51..fcc1580def 100644 --- a/target/linux/generic/hack-4.14/207-disable-modorder.patch +++ b/target/linux/generic/hack-4.14/207-disable-modorder.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/Makefile +++ b/Makefile -@@ -1228,7 +1228,6 @@ all: modules +@@ -1232,7 +1232,6 @@ all: modules PHONY += modules modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1257,7 +1256,6 @@ _modinst_: +@@ -1261,7 +1260,6 @@ _modinst_: rm -f $(MODLIB)/build ; \ ln -s $(CURDIR) $(MODLIB)/build ; \ fi diff --git a/target/linux/generic/hack-4.14/220-gc_sections.patch b/target/linux/generic/hack-4.14/220-gc_sections.patch index cdca0bdb5f..79fdb6e801 100644 --- a/target/linux/generic/hack-4.14/220-gc_sections.patch +++ b/target/linux/generic/hack-4.14/220-gc_sections.patch @@ -33,7 +33,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org> # Read KERNELRELEASE from include/config/kernel.release (if it exists) KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) -@@ -782,11 +787,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH +@@ -786,11 +791,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once) endif diff --git a/target/linux/generic/pending-4.14/201-extra_optimization.patch b/target/linux/generic/pending-4.14/201-extra_optimization.patch index b40f01d41f..3c3353c7d1 100644 --- a/target/linux/generic/pending-4.14/201-extra_optimization.patch +++ b/target/linux/generic/pending-4.14/201-extra_optimization.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/Makefile +++ b/Makefile -@@ -646,12 +646,12 @@ KBUILD_CFLAGS += $(call cc-disable-warni +@@ -650,12 +650,12 @@ KBUILD_CFLAGS += $(call cc-disable-warni ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE KBUILD_CFLAGS += $(call cc-option,-Oz,-Os) diff --git a/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch b/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch index bee62b2664..1cfd3d7d7a 100644 --- a/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch +++ b/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch @@ -47,7 +47,7 @@ v2: incorporated changes suggested by Jonas Gorski select OF --- a/arch/mips/Makefile +++ b/arch/mips/Makefile -@@ -319,7 +319,7 @@ OBJCOPYFLAGS += --remove-section=.regin +@@ -315,7 +315,7 @@ OBJCOPYFLAGS += --remove-section=.regin head-y := arch/mips/kernel/head.o libs-y += arch/mips/lib/ diff --git a/target/linux/generic/pending-4.14/308-mips32r2_tune.patch b/target/linux/generic/pending-4.14/308-mips32r2_tune.patch index 7f98616d7a..39167bf4ae 100644 --- a/target/linux/generic/pending-4.14/308-mips32r2_tune.patch +++ b/target/linux/generic/pending-4.14/308-mips32r2_tune.patch @@ -11,12 +11,12 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/arch/mips/Makefile +++ b/arch/mips/Makefile -@@ -162,7 +162,7 @@ cflags-$(CONFIG_CPU_R4X00) += -march=r46 +@@ -161,7 +161,7 @@ cflags-$(CONFIG_CPU_VR41XX) += -march=r4 + cflags-$(CONFIG_CPU_R4X00) += -march=r4600 -Wa,--trap cflags-$(CONFIG_CPU_TX49XX) += -march=r4600 -Wa,--trap - cflags-$(CONFIG_CPU_MIPS32_R1) += $(call cc-option,-march=mips32,-mips32 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ - -Wa,-mips32 -Wa,--trap --cflags-$(CONFIG_CPU_MIPS32_R2) += $(call cc-option,-march=mips32r2,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ -+cflags-$(CONFIG_CPU_MIPS32_R2) += $(call cc-option,-march=mips32r2 -mtune=34kc,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ - -Wa,-mips32r2 -Wa,--trap + cflags-$(CONFIG_CPU_MIPS32_R1) += -march=mips32 -Wa,--trap +-cflags-$(CONFIG_CPU_MIPS32_R2) += -march=mips32r2 -Wa,--trap ++cflags-$(CONFIG_CPU_MIPS32_R2) += -march=mips32r2 -mtune=34kc -Wa,--trap cflags-$(CONFIG_CPU_MIPS32_R6) += -march=mips32r6 -Wa,--trap -modd-spreg - cflags-$(CONFIG_CPU_MIPS64_R1) += $(call cc-option,-march=mips64,-mips64 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ + cflags-$(CONFIG_CPU_MIPS64_R1) += -march=mips64 -Wa,--trap + cflags-$(CONFIG_CPU_MIPS64_R2) += -march=mips64r2 -Wa,--trap diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index bf902875d0..e6d3392838 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4917,6 +4917,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4933,6 +4933,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5047,10 +5055,19 @@ static int nf_tables_newflowtable(struct +@@ -5063,10 +5071,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5148,7 +5165,8 @@ static int nf_tables_fill_flowtable_info +@@ -5164,7 +5181,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), |