projects
/
oweals
/
openwrt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
kernel: bump 4.14 to 4.14.99
[oweals/openwrt.git]
/
target
/
linux
/
generic
/
backport-4.14
/
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
diff --git
a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
index 787f62ef8f0b2a0d9ca8e1fb360a6c06115b40fc..e08b9b26d5b30214ab12c5dcabe1ebb072a1a47c 100644
(file)
--- a/
target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
+++ b/
target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
@@
-42,7
+42,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
bool report;
};
bool report;
};
-@@ -9
39,6 +939
,7 @@ unsigned int nft_do_chain(struct nft_pkt
+@@ -9
44,6 +944
,7 @@ unsigned int nft_do_chain(struct nft_pkt
* @use: number of chain references to this table
* @flags: table flag (see enum nft_table_flags)
* @genmask: generation mask
* @use: number of chain references to this table
* @flags: table flag (see enum nft_table_flags)
* @genmask: generation mask
@@
-50,7
+50,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* @name: name of the table
*/
struct nft_table {
* @name: name of the table
*/
struct nft_table {
-@@ -95
1,6 +952
,7 @@ struct nft_table {
+@@ -95
6,6 +957
,7 @@ struct nft_table {
u32 use;
u16 flags:14,
genmask:2;
u32 use;
u16 flags:14,
genmask:2;
@@
-58,7
+58,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
char *name;
};
char *name;
};
-@@ -96
0,13 +962
,11 @@ struct nft_table {
+@@ -96
5,13 +967
,11 @@ struct nft_table {
* @list: used internally
* @family: address family
* @owner: module owner
* @list: used internally
* @family: address family
* @owner: module owner
@@
-108,7
+108,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx->table = table;
ctx->chain = chain;
ctx->nla = nla;
ctx->table = table;
ctx->chain = chain;
ctx->nla = nla;
-@@ -
385,30 +384
,31 @@ static int nft_delflowtable(struct nft_c
+@@ -
414,30 +413
,31 @@ static int nft_delflowtable(struct nft_c
* Tables
*/
* Tables
*/
@@
-146,7
+146,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (table != NULL)
return table;
if (table != NULL)
return table;
-@@ -5
07,7 +507
,7 @@ static void nf_tables_table_notify(const
+@@ -5
36,7 +536
,7 @@ static void nf_tables_table_notify(const
goto err;
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
goto err;
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
@@
-155,7
+155,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0) {
kfree_skb(skb);
goto err;
if (err < 0) {
kfree_skb(skb);
goto err;
-@@ -5
24,7 +524
,6 @@ static int nf_tables_dump_tables(struct
+@@ -5
53,7 +553
,6 @@ static int nf_tables_dump_tables(struct
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@
-163,7
+163,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
-@@ -5
33,30 +532
,27 @@ static int nf_tables_dump_tables(struct
+@@ -5
62,30 +561
,27 @@ static int nf_tables_dump_tables(struct
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-211,7
+211,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
done:
rcu_read_unlock();
}
done:
rcu_read_unlock();
-@@ -
588,7 +584
,8 @@ static int nf_tables_gettable(struct net
+@@ -
617,7 +613
,8 @@ static int nf_tables_gettable(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-221,7
+221,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -7
19,7 +716
,7 @@ static int nf_tables_newtable(struct net
+@@ -7
48,7 +745
,7 @@ static int nf_tables_newtable(struct net
return PTR_ERR(afi);
name = nla[NFTA_TABLE_NAME];
return PTR_ERR(afi);
name = nla[NFTA_TABLE_NAME];
@@
-230,7
+230,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table)) {
if (PTR_ERR(table) != -ENOENT)
return PTR_ERR(table);
if (IS_ERR(table)) {
if (PTR_ERR(table) != -ENOENT)
return PTR_ERR(table);
-@@ -7
29,7 +726
,7 @@ static int nf_tables_newtable(struct net
+@@ -7
58,7 +755
,7 @@ static int nf_tables_newtable(struct net
if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
@@
-239,7
+239,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return nf_tables_updtable(&ctx);
}
return nf_tables_updtable(&ctx);
}
-@@ -7
56,14 +753
,15 @@ static int nf_tables_newtable(struct net
+@@ -7
85,14 +782
,15 @@ static int nf_tables_newtable(struct net
INIT_LIST_HEAD(&table->sets);
INIT_LIST_HEAD(&table->objects);
INIT_LIST_HEAD(&table->flowtables);
INIT_LIST_HEAD(&table->sets);
INIT_LIST_HEAD(&table->objects);
INIT_LIST_HEAD(&table->flowtables);
@@
-257,7
+257,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
err4:
kfree(table->name);
return 0;
err4:
kfree(table->name);
-@@ -8
37,30 +835
,28 @@ out:
+@@ -8
66,30 +864
,28 @@ out:
static int nft_flush(struct nft_ctx *ctx, int family)
{
static int nft_flush(struct nft_ctx *ctx, int family)
{
@@
-301,7
+301,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
out:
return err;
}
out:
return err;
-@@ -
878,7 +874
,7 @@ static int nf_tables_deltable(struct net
+@@ -
907,7 +903
,7 @@ static int nf_tables_deltable(struct net
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
@@
-310,7
+310,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
return nft_flush(&ctx, family);
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
return nft_flush(&ctx, family);
-@@ -
886,7 +882
,8 @@ static int nf_tables_deltable(struct net
+@@ -
915,7 +911
,8 @@ static int nf_tables_deltable(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-320,7
+320,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -
894,7 +891
,7 @@ static int nf_tables_deltable(struct net
+@@ -
923,7 +920
,7 @@ static int nf_tables_deltable(struct net
table->use > 0)
return -EBUSY;
table->use > 0)
return -EBUSY;
@@
-329,7
+329,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx.table = table;
return nft_flush_table(&ctx);
ctx.table = table;
return nft_flush_table(&ctx);
-@@ -9
06,7 +903
,7 @@ static void nf_tables_table_destroy(stru
+@@ -9
35,7 +932
,7 @@ static void nf_tables_table_destroy(stru
kfree(ctx->table->name);
kfree(ctx->table);
kfree(ctx->table->name);
kfree(ctx->table);
@@
-338,7
+338,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
int nft_register_chain_type(const struct nf_chain_type *ctype)
}
int nft_register_chain_type(const struct nf_chain_type *ctype)
-@@ -11
07,7 +1104
,7 @@ static void nf_tables_chain_notify(const
+@@ -11
36,7 +1133
,7 @@ static void nf_tables_chain_notify(const
goto err;
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
goto err;
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
@@
-347,7
+347,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx->chain);
if (err < 0) {
kfree_skb(skb);
ctx->chain);
if (err < 0) {
kfree_skb(skb);
-@@ -11
25,7 +1122
,6 @@ static int nf_tables_dump_chains(struct
+@@ -11
54,7 +1151
,6 @@ static int nf_tables_dump_chains(struct
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@
-355,7
+355,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
const struct nft_chain *chain;
unsigned int idx = 0, s_idx = cb->args[0];
const struct nft_table *table;
const struct nft_chain *chain;
unsigned int idx = 0, s_idx = cb->args[0];
-@@ -11
35,31 +1131
,30 @@ static int nf_tables_dump_chains(struct
+@@ -11
64,31 +1160
,30 @@ static int nf_tables_dump_chains(struct
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-407,7
+407,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
}
}
done:
-@@ -1
193,7 +1188
,8 @@ static int nf_tables_getchain(struct net
+@@ -1
222,7 +1217
,8 @@ static int nf_tables_getchain(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-417,7
+417,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -13
01,8 +1297
,8 @@ struct nft_chain_hook {
+@@ -13
32,8 +1328
,8 @@ struct nft_chain_hook {
static int nft_chain_parse_hook(struct net *net,
const struct nlattr * const nla[],
static int nft_chain_parse_hook(struct net *net,
const struct nlattr * const nla[],
@@
-428,7
+428,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
{
struct nlattr *ha[NFTA_HOOK_MAX + 1];
const struct nf_chain_type *type;
{
struct nlattr *ha[NFTA_HOOK_MAX + 1];
const struct nf_chain_type *type;
-@@ -13
21,10 +1317
,10 @@ static int nft_chain_parse_hook(struct n
+@@ -13
52,10 +1348
,10 @@ static int nft_chain_parse_hook(struct n
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
@@
-441,7
+441,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(type))
return PTR_ERR(type);
}
if (IS_ERR(type))
return PTR_ERR(type);
}
-@@ -13
36,7 +1332
,7 @@ static int nft_chain_parse_hook(struct n
+@@ -13
67,7 +1363
,7 @@ static int nft_chain_parse_hook(struct n
hook->type = type;
hook->dev = NULL;
hook->type = type;
hook->dev = NULL;
@@
-450,7
+450,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
char ifname[IFNAMSIZ];
if (!ha[NFTA_HOOK_DEV]) {
char ifname[IFNAMSIZ];
if (!ha[NFTA_HOOK_DEV]) {
-@@ -1
371,7 +1367
,6 @@ static int nf_tables_addchain(struct nft
+@@ -1
402,7 +1398
,6 @@ static int nf_tables_addchain(struct nft
{
const struct nlattr * const *nla = ctx->nla;
struct nft_table *table = ctx->table;
{
const struct nlattr * const *nla = ctx->nla;
struct nft_table *table = ctx->table;
@@
-458,7
+458,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_base_chain *basechain;
struct nft_stats __percpu *stats;
struct net *net = ctx->net;
struct nft_base_chain *basechain;
struct nft_stats __percpu *stats;
struct net *net = ctx->net;
-@@ -1
385,7 +1380
,7 @@ static int nf_tables_addchain(struct nft
+@@ -1
416,7 +1411
,7 @@ static int nf_tables_addchain(struct nft
struct nft_chain_hook hook;
struct nf_hook_ops *ops;
struct nft_chain_hook hook;
struct nf_hook_ops *ops;
@@
-467,7
+467,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0)
return err;
if (err < 0)
return err;
-@@ -1
478,7 +147
3,7 @@ static int nf_tables_updchain(struct nft
+@@ -1
508,7 +150
3,7 @@ static int nf_tables_updchain(struct nft
if (!nft_is_base_chain(chain))
return -EBUSY;
if (!nft_is_base_chain(chain))
return -EBUSY;
@@
-476,7
+476,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
create);
if (err < 0)
return err;
create);
if (err < 0)
return err;
-@@ -1
571,7 +1566
,8 @@ static int nf_tables_newchain(struct net
+@@ -1
618,7 +1613
,8 @@ static int nf_tables_newchain(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-486,7
+486,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -16
11,7 +1607
,7 @@ static int nf_tables_newchain(struct net
+@@ -16
58,7 +1654
,7 @@ static int nf_tables_newchain(struct net
}
}
}
}
@@
-495,7
+495,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (chain != NULL) {
if (nlh->nlmsg_flags & NLM_F_EXCL)
if (chain != NULL) {
if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -16
45,7 +1641
,8 @@ static int nf_tables_delchain(struct net
+@@ -16
92,7 +1688
,8 @@ static int nf_tables_delchain(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-505,7
+505,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -1
657,7 +1654
,7 @@ static int nf_tables_delchain(struct net
+@@ -1
704,7 +1701
,7 @@ static int nf_tables_delchain(struct net
chain->use > 0)
return -EBUSY;
chain->use > 0)
return -EBUSY;
@@
-514,7
+514,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
use = chain->use;
list_for_each_entry(rule, &chain->rules, list) {
use = chain->use;
list_for_each_entry(rule, &chain->rules, list) {
-@@ -18
22,7 +1819
,7 @@ static int nf_tables_expr_parse(const st
+@@ -18
69,7 +1866
,7 @@ static int nf_tables_expr_parse(const st
if (err < 0)
return err;
if (err < 0)
return err;
@@
-523,7
+523,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(type))
return PTR_ERR(type);
if (IS_ERR(type))
return PTR_ERR(type);
-@@ -20
45,7 +2042
,7 @@ static void nf_tables_rule_notify(const
+@@ -20
93,7 +2090
,7 @@ static void nf_tables_rule_notify(const
goto err;
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
goto err;
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
@@
-532,7
+532,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx->chain, rule);
if (err < 0) {
kfree_skb(skb);
ctx->chain, rule);
if (err < 0) {
kfree_skb(skb);
-@@ -2
069,7 +2066
,6 @@ static int nf_tables_dump_rules(struct s
+@@ -2
117,7 +2114
,6 @@ static int nf_tables_dump_rules(struct s
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
const struct nft_rule_dump_ctx *ctx = cb->data;
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
const struct nft_rule_dump_ctx *ctx = cb->data;
@@
-540,7
+540,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
const struct nft_chain *chain;
const struct nft_rule *rule;
const struct nft_table *table;
const struct nft_chain *chain;
const struct nft_rule *rule;
-@@ -2
080,39 +2076
,37 @@ static int nf_tables_dump_rules(struct s
+@@ -2
128,39 +2124
,37 @@ static int nf_tables_dump_rules(struct s
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-605,7
+605,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
}
}
}
}
-@@ -2
190,7 +2184
,8 @@ static int nf_tables_getrule(struct net
+@@ -2
238,7 +2232
,8 @@ static int nf_tables_getrule(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-615,7
+615,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -2
267,7 +2262
,8 @@ static int nf_tables_newrule(struct net
+@@ -2
323,7 +2318
,8 @@ static int nf_tables_newrule(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-625,7
+625,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -23
06,7 +2302
,7 @@ static int nf_tables_newrule(struct net
+@@ -23
62,7 +2358
,7 @@ static int nf_tables_newrule(struct net
return PTR_ERR(old_rule);
}
return PTR_ERR(old_rule);
}
@@
-634,7
+634,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
n = 0;
size = 0;
n = 0;
size = 0;
-@@ -24
46,7 +2442
,8 @@ static int nf_tables_delrule(struct net
+@@ -24
95,7 +2491
,8 @@ static int nf_tables_delrule(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-644,7
+644,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -2
457,7 +2454
,7 @@ static int nf_tables_delrule(struct net
+@@ -2
506,7 +2503
,7 @@ static int nf_tables_delrule(struct net
return PTR_ERR(chain);
}
return PTR_ERR(chain);
}
@@
-653,7
+653,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (chain) {
if (nla[NFTA_RULE_HANDLE]) {
if (chain) {
if (nla[NFTA_RULE_HANDLE]) {
-@@ -2
655,13 +2652
,13 @@ static int nft_ctx_init_from_setattr(str
+@@ -2
704,13 +2701
,13 @@ static int nft_ctx_init_from_setattr(str
if (afi == NULL)
return -EAFNOSUPPORT;
if (afi == NULL)
return -EAFNOSUPPORT;
@@
-670,7
+670,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
}
return 0;
}
-@@ -2
788,7 +278
5,7 @@ static int nf_tables_fill_set(struct sk_
+@@ -2
838,7 +283
5,7 @@ static int nf_tables_fill_set(struct sk_
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
@@
-679,7
+679,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
-@@ -2
880,10 +287
7,8 @@ static int nf_tables_dump_sets(struct sk
+@@ -2
930,10 +292
7,8 @@ static int nf_tables_dump_sets(struct sk
{
const struct nft_set *set;
unsigned int idx, s_idx = cb->args[0];
{
const struct nft_set *set;
unsigned int idx, s_idx = cb->args[0];
@@
-690,7
+690,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_ctx *ctx = cb->data, ctx_set;
if (cb->args[1])
struct nft_ctx *ctx = cb->data, ctx_set;
if (cb->args[1])
-@@ -2
892,51 +288
7,44 @@ static int nf_tables_dump_sets(struct sk
+@@ -2
942,51 +293
7,44 @@ static int nf_tables_dump_sets(struct sk
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-771,7
+771,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
cb->args[1] = 1;
done:
}
cb->args[1] = 1;
done:
-@@ -31
46,11 +313
4,12 @@ static int nf_tables_newset(struct net *
+@@ -31
96,11 +318
4,12 @@ static int nf_tables_newset(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-786,7
+786,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
if (IS_ERR(set)) {
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
if (IS_ERR(set)) {
-@@ -34
17,12 +3406
,12 @@ static int nft_ctx_init_from_elemattr(st
+@@ -34
69,12 +3458
,12 @@ static int nft_ctx_init_from_elemattr(st
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-802,7
+802,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
}
return 0;
}
-@@ -35
27,7 +3516
,6 @@ static int nf_tables_dump_set(struct sk_
+@@ -35
79,7 +3568
,6 @@ static int nf_tables_dump_set(struct sk_
{
struct nft_set_dump_ctx *dump_ctx = cb->data;
struct net *net = sock_net(skb->sk);
{
struct nft_set_dump_ctx *dump_ctx = cb->data;
struct net *net = sock_net(skb->sk);
@@
-810,7
+810,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_table *table;
struct nft_set *set;
struct nft_set_dump_args args;
struct nft_table *table;
struct nft_set *set;
struct nft_set_dump_args args;
-@@ -35
39,21 +3527
,19 @@ static int nf_tables_dump_set(struct sk_
+@@ -35
91,21 +3579
,19 @@ static int nf_tables_dump_set(struct sk_
int event;
rcu_read_lock();
int event;
rcu_read_lock();
@@
-841,7
+841,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
break;
}
}
break;
}
-@@ -3
573,7 +3559
,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3
625,7 +3611
,7 @@ static int nf_tables_dump_set(struct sk_
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
@@
-850,7
+850,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
-@@ -3
675,7 +3661
,7 @@ static int nf_tables_fill_setelem_info(s
+@@ -3
727,7 +3713
,7 @@ static int nf_tables_fill_setelem_info(s
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
@@
-859,7
+859,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
-@@ -39
19,7 +3905
,7 @@ static int nft_add_set_elem(struct nft_c
+@@ -39
71,7 +3957
,7 @@ static int nft_add_set_elem(struct nft_c
list_for_each_entry(binding, &set->bindings, list) {
struct nft_ctx bind_ctx = {
.net = ctx->net,
list_for_each_entry(binding, &set->bindings, list) {
struct nft_ctx bind_ctx = {
.net = ctx->net,
@@
-868,7
+868,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
.table = ctx->table,
.chain = (struct nft_chain *)binding->chain,
};
.table = ctx->table,
.chain = (struct nft_chain *)binding->chain,
};
-@@ -4
466,7 +4452
,8 @@ static int nf_tables_newobj(struct net *
+@@ -4
521,7 +4507
,8 @@ static int nf_tables_newobj(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-878,7
+878,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -4
484,7 +4471
,7 @@ static int nf_tables_newobj(struct net *
+@@ -4
539,7 +4526
,7 @@ static int nf_tables_newobj(struct net *
return 0;
}
return 0;
}
@@
-887,7
+887,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
type = nft_obj_type_get(objtype);
if (IS_ERR(type))
type = nft_obj_type_get(objtype);
if (IS_ERR(type))
-@@ -4
561,7 +4548
,6 @@ struct nft_obj_filter {
+@@ -4
616,7 +4603
,6 @@ struct nft_obj_filter {
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@
-895,7
+895,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct nft_obj_filter *filter = cb->data;
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct nft_obj_filter *filter = cb->data;
-@@ -4
576,38 +4562
,37 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4
631,38 +4617
,37 @@ static int nf_tables_dump_obj(struct sk_
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-914,7
+914,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
- if (idx > s_idx)
- memset(&cb->args[1], 0,
- sizeof(cb->args) - sizeof(cb->args[0]));
- if (idx > s_idx)
- memset(&cb->args[1], 0,
- sizeof(cb->args) - sizeof(cb->args[0]));
-- if (filter && filter->table
[0]
&&
+- if (filter && filter->table &&
- strcmp(filter->table, table->name))
- goto cont;
- if (filter &&
- strcmp(filter->table, table->name))
- goto cont;
- if (filter &&
@@
-929,7
+929,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+ if (idx > s_idx)
+ memset(&cb->args[1], 0,
+ sizeof(cb->args) - sizeof(cb->args[0]));
+ if (idx > s_idx)
+ memset(&cb->args[1], 0,
+ sizeof(cb->args) - sizeof(cb->args[0]));
-+ if (filter && filter->table
[0]
&&
++ if (filter && filter->table &&
+ strcmp(filter->table, table->name))
+ goto cont;
+ if (filter &&
+ strcmp(filter->table, table->name))
+ goto cont;
+ if (filter &&
@@
-960,7
+960,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
}
}
done:
-@@ -4
694,7 +4679
,8 @@ static int nf_tables_getobj(struct net *
+@@ -4
749,7 +4734
,8 @@ static int nf_tables_getobj(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-970,7
+970,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -4
754,7 +4740
,8 @@ static int nf_tables_delobj(struct net *
+@@ -4
809,7 +4795
,8 @@ static int nf_tables_delobj(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-980,7
+980,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -4
765,7 +4752
,7 @@ static int nf_tables_delobj(struct net *
+@@ -4
820,7 +4807
,7 @@ static int nf_tables_delobj(struct net *
if (obj->use > 0)
return -EBUSY;
if (obj->use > 0)
return -EBUSY;
@@
-989,7
+989,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return nft_delobj(&ctx, obj);
}
return nft_delobj(&ctx, obj);
}
-@@ -48
03,7 +4790
,7 @@ static void nf_tables_obj_notify(const s
+@@ -48
58,7 +4845
,7 @@ static void nf_tables_obj_notify(const s
struct nft_object *obj, int event)
{
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
struct nft_object *obj, int event)
{
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
@@
-998,7
+998,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
/*
}
/*
-@@ -
4993,7 +4980
,7 @@ void nft_flow_table_iterate(struct net *
+@@ -
5048,7 +5035
,7 @@ void nft_flow_table_iterate(struct net *
rcu_read_lock();
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
rcu_read_lock();
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
@@
-1007,7
+1007,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
iter(&flowtable->data, data);
}
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
iter(&flowtable->data, data);
}
-@@ -50
41,7 +5028
,8 @@ static int nf_tables_newflowtable(struct
+@@ -50
96,7 +5083
,8 @@ static int nf_tables_newflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-1017,7
+1017,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -5
058,7 +5046
,7 @@ static int nf_tables_newflowtable(struct
+@@ -5
113,7 +5101
,7 @@ static int nf_tables_newflowtable(struct
return 0;
}
return 0;
}
@@
-1026,7
+1026,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
if (!flowtable)
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
if (!flowtable)
-@@ -51
39,7 +5127
,8 @@ static int nf_tables_delflowtable(struct
+@@ -51
94,7 +5182
,8 @@ static int nf_tables_delflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-1036,7
+1036,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -5
150,7 +5139
,7 @@ static int nf_tables_delflowtable(struct
+@@ -5
205,7 +5194
,7 @@ static int nf_tables_delflowtable(struct
if (flowtable->use > 0)
return -EBUSY;
if (flowtable->use > 0)
return -EBUSY;
@@
-1045,7
+1045,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return nft_delflowtable(&ctx, flowtable);
}
return nft_delflowtable(&ctx, flowtable);
}
-@@ -52
19,40 +5208
,37 @@ static int nf_tables_dump_flowtable(stru
+@@ -52
74,40 +5263
,37 @@ static int nf_tables_dump_flowtable(stru
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
@@
-1081,7
+1081,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+ if (idx > s_idx)
+ memset(&cb->args[1], 0,
+ sizeof(cb->args) - sizeof(cb->args[0]));
+ if (idx > s_idx)
+ memset(&cb->args[1], 0,
+ sizeof(cb->args) - sizeof(cb->args[0]));
-+ if (filter && filter->table
[0]
&&
++ if (filter && filter->table &&
+ strcmp(filter->table, table->name))
+ goto cont;
+ strcmp(filter->table, table->name))
+ goto cont;
@@
-1107,7
+1107,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
}
}
done:
-@@ -53
37,7 +5323
,8 @@ static int nf_tables_getflowtable(struct
+@@ -53
92,7 +5378
,8 @@ static int nf_tables_getflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-1117,7
+1117,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -5
380,7 +5367
,7 @@ static void nf_tables_flowtable_notify(s
+@@ -5
435,7 +5422
,7 @@ static void nf_tables_flowtable_notify(s
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
ctx->seq, event, 0,
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
ctx->seq, event, 0,
@@
-1126,7
+1126,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0) {
kfree_skb(skb);
goto err;
if (err < 0) {
kfree_skb(skb);
goto err;
-@@ -5
458,17 +5445
,14 @@ static int nf_tables_flowtable_event(str
+@@ -5
513,17 +5500
,14 @@ static int nf_tables_flowtable_event(str
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct nft_flowtable *flowtable;
struct nft_table *table;
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct nft_flowtable *flowtable;
struct nft_table *table;
@@
-1147,7
+1147,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
}
}
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
-@@ -6
487,6 +6471
,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
+@@ -6
549,6 +6533
,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
static int __net_init nf_tables_init_net(struct net *net)
{
INIT_LIST_HEAD(&net->nft.af_info);
static int __net_init nf_tables_init_net(struct net *net)
{
INIT_LIST_HEAD(&net->nft.af_info);
@@
-1155,7
+1155,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
INIT_LIST_HEAD(&net->nft.commit_list);
net->nft.base_seq = 1;
return 0;
INIT_LIST_HEAD(&net->nft.commit_list);
net->nft.base_seq = 1;
return 0;
-@@ -65
23,10 +6508
,10 @@ static void __nft_release_afinfo(struct
+@@ -65
85,10 +6570
,10 @@ static void __nft_release_afinfo(struct
struct nft_set *set, *ns;
struct nft_ctx ctx = {
.net = net,
struct nft_set *set, *ns;
struct nft_ctx ctx = {
.net = net,
@@
-1210,7
+1210,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
-@@ -1
44,7 +144
,7 @@ nft_target_set_tgchk_param(struct xt_tgc
+@@ -1
61,7 +161
,7 @@ nft_target_set_tgchk_param(struct xt_tgc
{
par->net = ctx->net;
par->table = ctx->table->name;
{
par->net = ctx->net;
par->table = ctx->table->name;
@@
-1219,7
+1219,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
case AF_INET:
entry->e4.ip.proto = proto;
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
case AF_INET:
entry->e4.ip.proto = proto;
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
-@@ -1
75,7 +175
,7 @@ nft_target_set_tgchk_param(struct xt_tgc
+@@ -1
92,7 +192
,7 @@ nft_target_set_tgchk_param(struct xt_tgc
} else {
par->hook_mask = 0;
}
} else {
par->hook_mask = 0;
}
@@
-1228,7
+1228,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
par->nft_compat = true;
}
par->nft_compat = true;
}
-@@ -2
67,7 +267
,7 @@ nft_target_destroy(const struct nft_ctx
+@@ -2
82,7 +282
,7 @@ nft_target_destroy(const struct nft_ctx
par.net = ctx->net;
par.target = target;
par.targinfo = info;
par.net = ctx->net;
par.target = target;
par.targinfo = info;
@@
-1237,7
+1237,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (par.target->destroy != NULL)
par.target->destroy(&par);
if (par.target->destroy != NULL)
par.target->destroy(&par);
-@@ -3
58,7 +358
,7 @@ nft_match_set_mtchk_param(struct xt_mtch
+@@ -3
89,7 +389
,7 @@ nft_match_set_mtchk_param(struct xt_mtch
{
par->net = ctx->net;
par->table = ctx->table->name;
{
par->net = ctx->net;
par->table = ctx->table->name;
@@
-1246,7
+1246,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
case AF_INET:
entry->e4.ip.proto = proto;
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
case AF_INET:
entry->e4.ip.proto = proto;
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
-@@ -
389,7 +389
,7 @@ nft_match_set_mtchk_param(struct xt_mtch
+@@ -
420,7 +420
,7 @@ nft_match_set_mtchk_param(struct xt_mtch
} else {
par->hook_mask = 0;
}
} else {
par->hook_mask = 0;
}
@@
-1255,7
+1255,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
par->nft_compat = true;
}
par->nft_compat = true;
}
-@@ -
446,7 +446,7 @@ nft_match_destroy(const struct nft_ctx *
+@@ -
503,7 +503,7 @@ __nft_match_destroy(const struct nft_ctx
par.net = ctx->net;
par.match = match;
par.matchinfo = info;
par.net = ctx->net;
par.match = match;
par.matchinfo = info;
@@
-1264,7
+1264,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (par.match->destroy != NULL)
par.match->destroy(&par);
if (par.match->destroy != NULL)
par.match->destroy(&par);
-@@ -
648,7 +648
,7 @@ nft_match_select_ops(const struct nft_ct
+@@ -
733,7 +733
,7 @@ nft_match_select_ops(const struct nft_ct
mt_name = nla_data(tb[NFTA_MATCH_NAME]);
rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV]));
mt_name = nla_data(tb[NFTA_MATCH_NAME]);
rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV]));
@@
-1273,15
+1273,15
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/* Re-use the existing match if it's already loaded. */
list_for_each_entry(nft_match, &nft_match_list, head) {
/* Re-use the existing match if it's already loaded. */
list_for_each_entry(nft_match, &nft_match_list, head) {
-@@ -
733,7 +733
,7 @@ nft_target_select_ops(const struct nft_c
+@@ -
824,7 +824
,7 @@ nft_target_select_ops(const struct nft_c
tg_name = nla_data(tb[NFTA_TARGET_NAME]);
rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV]));
- family = ctx->afi->family;
+ family = ctx->family;
tg_name = nla_data(tb[NFTA_TARGET_NAME]);
rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV]));
- family = ctx->afi->family;
+ family = ctx->family;
- /* Re-use the existing target if it's already loaded. */
- list_for_each_entry(nft_target, &nft_target_list, head) {
+ if (strcmp(tg_name, XT_ERROR_TARGET) == 0 ||
+ strcmp(tg_name, XT_STANDARD_TARGET) == 0 ||
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -405,7 +405,7 @@ static int nft_ct_get_init(const struct
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -405,7 +405,7 @@ static int nft_ct_get_init(const struct
@@
-1408,7
+1408,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
-@@ -3
39,7 +339
,7 @@ static int nft_meta_get_validate(const s
+@@ -3
41,7 +341
,7 @@ static int nft_meta_get_validate(const s
if (priv->key != NFT_META_SECPATH)
return 0;
if (priv->key != NFT_META_SECPATH)
return 0;
@@
-1417,7
+1417,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
case NFPROTO_NETDEV:
hooks = 1 << NF_NETDEV_INGRESS;
break;
case NFPROTO_NETDEV:
hooks = 1 << NF_NETDEV_INGRESS;
break;
-@@ -37
0,7 +370
,7 @@ int nft_meta_set_validate(const struct n
+@@ -37
2,7 +372
,7 @@ int nft_meta_set_validate(const struct n
if (priv->key != NFT_META_PKTTYPE)
return 0;
if (priv->key != NFT_META_PKTTYPE)
return 0;