kernel: bump 4.14 to 4.14.72

[oweals/openwrt.git] / target / linux / generic / backport-4.14 / 297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch

From 62a0fe46e2aaba1812d3cbcae014a41539f9eb09 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 9 Dec 2017 15:23:51 +0100
Subject: [PATCH 09/11] netfilter: core: pass hook number, family and device to
 nf_find_hook_list()

Instead of passing struct nf_hook_ops, this is needed by follow up
patches to handle NFPROTO_INET from the core.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/core.c | 36 +++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -262,36 +262,38 @@ out_assign:
        return old;
 }
 
-static struct nf_hook_entries __rcu **nf_hook_entry_head(struct net *net, const struct nf_hook_ops *reg)
+static struct nf_hook_entries __rcu **
+nf_hook_entry_head(struct net *net, int pf, unsigned int hooknum,
+                  struct net_device *dev)
 {
-       switch (reg->pf) {
+       switch (pf) {
        case NFPROTO_NETDEV:
                break;
 #ifdef CONFIG_NETFILTER_FAMILY_ARP
        case NFPROTO_ARP:
-               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= reg->hooknum))
+               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= hooknum))
                        return NULL;
-               return net->nf.hooks_arp + reg->hooknum;
+               return net->nf.hooks_arp + hooknum;
 #endif
 #ifdef CONFIG_NETFILTER_FAMILY_BRIDGE
        case NFPROTO_BRIDGE:
-               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= reg->hooknum))
+               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= hooknum))
                        return NULL;
-               return net->nf.hooks_bridge + reg->hooknum;
+               return net->nf.hooks_bridge + hooknum;
 #endif
        case NFPROTO_IPV4:
-               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum))
+               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= hooknum))
                        return NULL;
-               return net->nf.hooks_ipv4 + reg->hooknum;
+               return net->nf.hooks_ipv4 + hooknum;
        case NFPROTO_IPV6:
-               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum))
+               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= hooknum))
                        return NULL;
-               return net->nf.hooks_ipv6 + reg->hooknum;
+               return net->nf.hooks_ipv6 + hooknum;
 #if IS_ENABLED(CONFIG_DECNET)
        case NFPROTO_DECNET:
-               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum))
+               if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= hooknum))
                        return NULL;
-               return net->nf.hooks_decnet + reg->hooknum;
+               return net->nf.hooks_decnet + hooknum;
 #endif
        default:
                WARN_ON_ONCE(1);
@@ -299,9 +301,9 @@ static struct nf_hook_entries __rcu **nf
        }
 
 #ifdef CONFIG_NETFILTER_INGRESS
-       if (reg->hooknum == NF_NETDEV_INGRESS) {
-               if (reg->dev && dev_net(reg->dev) == net)
-                       return &reg->dev->nf_hooks_ingress;
+       if (hooknum == NF_NETDEV_INGRESS) {
+               if (dev && dev_net(dev) == net)
+                       return &dev->nf_hooks_ingress;
        }
 #endif
        WARN_ON_ONCE(1);
@@ -323,7 +325,7 @@ int nf_register_net_hook(struct net *net
                        return -EINVAL;
        }
 
-       pp = nf_hook_entry_head(net, reg);
+       pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev);
        if (!pp)
                return -EINVAL;
 
@@ -397,7 +399,7 @@ void nf_unregister_net_hook(struct net *
        struct nf_hook_entries __rcu **pp;
        struct nf_hook_entries *p;
 
-       pp = nf_hook_entry_head(net, reg);
+       pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev);
        if (!pp)
                return;