diff options
Diffstat (limited to 'target/linux/generic')
17 files changed, 120 insertions, 120 deletions
diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 37c63ec6c6..81f140441f 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } nft_chain_release_hook(&hook); } -@@ -5062,10 +5050,9 @@ static int nf_tables_commit(struct net * +@@ -5069,10 +5057,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5202,10 +5189,9 @@ static int nf_tables_abort(struct net *n +@@ -5209,10 +5196,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; case NFT_MSG_DELCHAIN: -@@ -5306,7 +5292,7 @@ int nft_chain_validate_hooks(const struc +@@ -5313,7 +5299,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; return -EOPNOTSUPP; -@@ -5788,8 +5774,7 @@ int __nft_release_basechain(struct nft_c +@@ -5795,8 +5781,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5818,8 +5803,7 @@ static void __nft_release_afinfo(struct +@@ -5825,8 +5810,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index 2a5025855a..9bdacd914f 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4767,6 +4811,605 @@ static void nf_tables_obj_notify(const s +@@ -4774,6 +4818,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4797,6 +5440,49 @@ nla_put_failure: +@@ -4804,6 +5447,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -4949,6 +5635,21 @@ static const struct nfnl_callback nf_tab +@@ -4956,6 +5642,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -4994,6 +5695,9 @@ static void nf_tables_commit_release(str +@@ -5001,6 +5702,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5111,6 +5815,21 @@ static int nf_tables_commit(struct net * +@@ -5118,6 +5822,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5148,6 +5867,9 @@ static void nf_tables_abort_release(stru +@@ -5155,6 +5874,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } kfree(trans); } -@@ -5237,6 +5959,17 @@ static int nf_tables_abort(struct net *n +@@ -5244,6 +5966,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -5787,6 +6520,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5794,6 +6527,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5800,6 +6534,9 @@ static void __nft_release_afinfo(struct +@@ -5807,6 +6541,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5810,6 +6547,11 @@ static void __nft_release_afinfo(struct +@@ -5817,6 +6554,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_destroy(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5853,6 +6595,8 @@ static int __init nf_tables_module_init( +@@ -5860,6 +6602,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5867,6 +6611,7 @@ static void __exit nf_tables_module_exit +@@ -5874,6 +6618,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index ac38477ca6..d1b12ad0d1 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4919,7 +4916,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4926,7 +4923,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index dc62dd37a7..1cfa0ae1c4 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5343,7 +5343,7 @@ static int nf_tables_getflowtable(struct +@@ -5350,7 +5350,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index 2b7260c53d..b4d0130a78 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5721,7 +5714,6 @@ static int nf_tables_commit(struct net * +@@ -5728,7 +5721,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5883,7 +5875,6 @@ static int nf_tables_abort(struct net *n +@@ -5890,7 +5882,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 59c419e003..14921f92a6 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5262,8 +5262,10 @@ static int nf_tables_dump_flowtable_done +@@ -5269,8 +5269,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 6fedd00eb0..787f62ef8f 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> n = 0; size = 0; -@@ -2441,7 +2437,8 @@ static int nf_tables_delrule(struct net +@@ -2446,7 +2442,8 @@ static int nf_tables_delrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -2452,7 +2449,7 @@ static int nf_tables_delrule(struct net +@@ -2457,7 +2454,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2650,13 +2647,13 @@ static int nft_ctx_init_from_setattr(str +@@ -2655,13 +2652,13 @@ static int nft_ctx_init_from_setattr(str if (afi == NULL) return -EAFNOSUPPORT; @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2783,7 +2780,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2788,7 +2785,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2875,10 +2872,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2880,10 +2877,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2887,51 +2882,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2892,51 +2887,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } cb->args[1] = 1; done: -@@ -3141,11 +3129,12 @@ static int nf_tables_newset(struct net * +@@ -3146,11 +3134,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3410,12 +3399,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3417,12 +3406,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3520,7 +3509,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3527,7 +3516,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3532,21 +3520,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3539,21 +3527,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } break; } -@@ -3566,7 +3552,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3573,7 +3559,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3668,7 +3654,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3675,7 +3661,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3912,7 +3898,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3919,7 +3905,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4459,7 +4445,8 @@ static int nf_tables_newobj(struct net * +@@ -4466,7 +4452,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4477,7 +4464,7 @@ static int nf_tables_newobj(struct net * +@@ -4484,7 +4471,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4554,7 +4541,6 @@ struct nft_obj_filter { +@@ -4561,7 +4548,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4569,38 +4555,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4576,38 +4562,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -4687,7 +4672,8 @@ static int nf_tables_getobj(struct net * +@@ -4694,7 +4679,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4747,7 +4733,8 @@ static int nf_tables_delobj(struct net * +@@ -4754,7 +4740,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -4758,7 +4745,7 @@ static int nf_tables_delobj(struct net * +@@ -4765,7 +4752,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4796,7 +4783,7 @@ static void nf_tables_obj_notify(const s +@@ -4803,7 +4790,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } /* -@@ -4986,7 +4973,7 @@ void nft_flow_table_iterate(struct net * +@@ -4993,7 +4980,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5034,7 +5021,8 @@ static int nf_tables_newflowtable(struct +@@ -5041,7 +5028,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5051,7 +5039,7 @@ static int nf_tables_newflowtable(struct +@@ -5058,7 +5046,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5132,7 +5120,8 @@ static int nf_tables_delflowtable(struct +@@ -5139,7 +5127,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5143,7 +5132,7 @@ static int nf_tables_delflowtable(struct +@@ -5150,7 +5139,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5212,40 +5201,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5219,40 +5208,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } done: -@@ -5330,7 +5316,8 @@ static int nf_tables_getflowtable(struct +@@ -5337,7 +5323,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5373,7 +5360,7 @@ static void nf_tables_flowtable_notify(s +@@ -5380,7 +5367,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (err < 0) { kfree_skb(skb); goto err; -@@ -5451,17 +5438,14 @@ static int nf_tables_flowtable_event(str +@@ -5458,17 +5445,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6480,6 +6464,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6487,6 +6471,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6516,10 +6501,10 @@ static void __nft_release_afinfo(struct +@@ -6523,10 +6508,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index d930751d41..d4b99a5dc1 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6470,6 +6470,12 @@ static int __net_init nf_tables_init_net +@@ -6477,6 +6477,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6547,6 +6553,7 @@ static void __nft_release_afinfo(struct +@@ -6554,6 +6560,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index 87f804af01..1db472dd6a 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (afi->family == family) return afi; } -@@ -4968,15 +4966,12 @@ void nft_flow_table_iterate(struct net * +@@ -4975,15 +4973,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } rcu_read_unlock(); -@@ -6461,21 +6456,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6468,21 +6463,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6496,8 +6476,7 @@ int __nft_release_basechain(struct nft_c +@@ -6503,8 +6483,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6507,10 +6486,11 @@ static void __nft_release_afinfo(struct +@@ -6514,10 +6493,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6551,6 +6531,21 @@ static void __nft_release_afinfo(struct +@@ -6558,6 +6538,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 73cdab0be0..031f67e5b3 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> n = 0; size = 0; -@@ -2424,18 +2313,13 @@ static int nf_tables_delrule(struct net +@@ -2429,18 +2318,13 @@ static int nf_tables_delrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2447,7 +2331,7 @@ static int nf_tables_delrule(struct net +@@ -2452,7 +2336,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2632,26 +2516,17 @@ static int nft_ctx_init_from_setattr(str +@@ -2637,26 +2521,17 @@ static int nft_ctx_init_from_setattr(str u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -2882,7 +2757,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2887,7 +2762,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (ctx->table && ctx->table != table) -@@ -2903,7 +2778,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2908,7 +2783,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3015,8 +2890,8 @@ static int nf_tables_newset(struct net * +@@ -3020,8 +2895,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3123,16 +2998,12 @@ static int nf_tables_newset(struct net * +@@ -3128,16 +3003,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3390,19 +3261,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3397,19 +3268,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } -@@ -3520,7 +3387,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3527,7 +3394,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; if (table != dump_ctx->ctx.table) -@@ -3550,7 +3417,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3557,7 +3424,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4427,7 +4294,6 @@ static int nf_tables_newobj(struct net * +@@ -4434,7 +4301,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4439,11 +4305,7 @@ static int nf_tables_newobj(struct net * +@@ -4446,11 +4312,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4462,7 +4324,7 @@ static int nf_tables_newobj(struct net * +@@ -4469,7 +4331,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4554,7 +4416,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4561,7 +4423,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4577,7 +4439,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4584,7 +4446,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj, reset) < 0) goto done; -@@ -4635,7 +4497,6 @@ static int nf_tables_getobj(struct net * +@@ -4642,7 +4504,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4666,11 +4527,7 @@ static int nf_tables_getobj(struct net * +@@ -4673,11 +4534,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4717,7 +4574,6 @@ static int nf_tables_delobj(struct net * +@@ -4724,7 +4581,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4727,11 +4583,7 @@ static int nf_tables_delobj(struct net * +@@ -4734,11 +4590,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4743,7 +4595,7 @@ static int nf_tables_delobj(struct net * +@@ -4750,7 +4602,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delobj(&ctx, obj); } -@@ -4928,33 +4780,31 @@ err1: +@@ -4935,33 +4787,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return ERR_PTR(-EAGAIN); } #endif -@@ -5002,7 +4852,6 @@ static int nf_tables_newflowtable(struct +@@ -5009,7 +4859,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5012,12 +4861,8 @@ static int nf_tables_newflowtable(struct +@@ -5019,12 +4868,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5034,7 +4879,7 @@ static int nf_tables_newflowtable(struct +@@ -5041,7 +4886,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5047,7 +4892,7 @@ static int nf_tables_newflowtable(struct +@@ -5054,7 +4899,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5107,16 +4952,11 @@ static int nf_tables_delflowtable(struct +@@ -5114,16 +4959,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -5127,7 +4967,7 @@ static int nf_tables_delflowtable(struct +@@ -5134,7 +4974,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return nft_delflowtable(&ctx, flowtable); } -@@ -5202,7 +5042,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5209,7 +5049,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5221,7 +5061,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5228,7 +5068,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5281,7 +5121,6 @@ static int nf_tables_getflowtable(struct +@@ -5288,7 +5128,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5307,12 +5146,8 @@ static int nf_tables_getflowtable(struct +@@ -5314,12 +5153,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -6476,7 +6311,7 @@ int __nft_release_basechain(struct nft_c +@@ -6483,7 +6318,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6489,7 +6324,7 @@ static void __nft_release_afinfo(struct +@@ -6496,7 +6331,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6541,7 +6376,7 @@ static int __net_init nf_tables_init_net +@@ -6548,7 +6383,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index acca41ae3e..3e8dccf0eb 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4818,13 +4818,13 @@ void nft_flow_table_iterate(struct net * +@@ -4825,13 +4825,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index b16eff6789..d0f6b7aa33 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5203,17 +5203,12 @@ err: +@@ -5210,17 +5210,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index 97778a99f1..22720aa727 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(chain)) return PTR_ERR(chain); -@@ -2503,6 +2551,7 @@ static const struct nla_policy nft_set_p +@@ -2508,6 +2556,7 @@ static const struct nla_policy nft_set_p [NFTA_SET_USERDATA] = { .type = NLA_BINARY, .len = NFT_USERDATA_MAXLEN }, [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, @@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2546,6 +2595,22 @@ static struct nft_set *nf_tables_set_loo +@@ -2551,6 +2600,22 @@ static struct nft_set *nf_tables_set_loo return ERR_PTR(-ENOENT); } @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2661,6 +2726,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2666,6 +2731,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3069,6 +3137,7 @@ static int nf_tables_newset(struct net * +@@ -3074,6 +3142,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3126,7 +3195,10 @@ static int nf_tables_delset(struct net * +@@ -3133,7 +3202,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4182,6 +4254,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4189,6 +4261,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4189,6 +4276,7 @@ static const struct nla_policy nft_obj_p +@@ -4196,6 +4283,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4336,6 +4424,8 @@ static int nf_tables_newobj(struct net * +@@ -4343,6 +4431,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4382,7 +4472,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4389,7 +4479,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4580,7 +4672,7 @@ static int nf_tables_delobj(struct net * +@@ -4587,7 +4679,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4589,7 +4681,12 @@ static int nf_tables_delobj(struct net * +@@ -4596,7 +4688,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4661,6 +4758,7 @@ static const struct nla_policy nft_flowt +@@ -4668,6 +4765,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4678,6 +4776,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4685,6 +4783,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4886,6 +4998,8 @@ static int nf_tables_newflowtable(struct +@@ -4893,6 +5005,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -4960,8 +5074,14 @@ static int nf_tables_delflowtable(struct +@@ -4967,8 +5081,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -4994,7 +5114,9 @@ static int nf_tables_fill_flowtable_info +@@ -5001,7 +5121,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index c783884f86..278947644f 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5013,40 +5013,38 @@ static int nf_tables_newflowtable(struct +@@ -5020,40 +5020,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> err3: module_put(type->owner); err2: -@@ -5327,10 +5325,8 @@ err: +@@ -5334,10 +5332,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index d4b746d0e9..fcf206de37 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4879,7 +4879,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4886,7 +4886,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index ad7d81f4f9..3530eb6c24 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name> WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4923,23 +4923,6 @@ static const struct nf_flowtable_type *n +@@ -4930,23 +4930,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 7dc4a010c6..df48db04eb 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4866,6 +4866,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4873,6 +4873,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -536,7 +536,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -4996,10 +5004,19 @@ static int nf_tables_newflowtable(struct +@@ -5003,10 +5011,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -556,7 +556,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5097,7 +5114,8 @@ static int nf_tables_fill_flowtable_info +@@ -5104,7 +5121,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), |