X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=target%2Flinux%2Fgeneric%2Fbackport-4.14%2F335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch;h=e08b9b26d5b30214ab12c5dcabe1ebb072a1a47c;hb=62feabecd8a84cfe0d6a5aa3bad2720dbf328370;hp=6fedd00eb0d58905e999bb7d83ef173eadd112b2;hpb=f9dcdc7fefcab5ec9b15b0f3c87dfebef37ecaa3;p=oweals%2Fopenwrt.git diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 6fedd00eb0..e08b9b26d5 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso bool report; }; -@@ -939,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -944,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) * @genmask: generation mask @@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso * @name: name of the table */ struct nft_table { -@@ -951,6 +952,7 @@ struct nft_table { +@@ -956,6 +957,7 @@ struct nft_table { u32 use; u16 flags:14, genmask:2; @@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso char *name; }; -@@ -960,13 +962,11 @@ struct nft_table { +@@ -965,13 +967,11 @@ struct nft_table { * @list: used internally * @family: address family * @owner: module owner @@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->table = table; ctx->chain = chain; ctx->nla = nla; -@@ -385,30 +384,31 @@ static int nft_delflowtable(struct nft_c +@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c * Tables */ @@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso if (table != NULL) return table; -@@ -507,7 +507,7 @@ static void nf_tables_table_notify(const +@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const goto err; err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -524,7 +524,6 @@ static int nf_tables_dump_tables(struct +@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct net *net = sock_net(skb->sk); -@@ -533,30 +532,27 @@ static int nf_tables_dump_tables(struct +@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso } done: rcu_read_unlock(); -@@ -588,7 +584,8 @@ static int nf_tables_gettable(struct net +@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -719,7 +716,7 @@ static int nf_tables_newtable(struct net +@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net return PTR_ERR(afi); name = nla[NFTA_TABLE_NAME]; @@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -729,7 +726,7 @@ static int nf_tables_newtable(struct net +@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso return nf_tables_updtable(&ctx); } -@@ -756,14 +753,15 @@ static int nf_tables_newtable(struct net +@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); INIT_LIST_HEAD(&table->flowtables); @@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; err4: kfree(table->name); -@@ -837,30 +835,28 @@ out: +@@ -866,30 +864,28 @@ out: static int nft_flush(struct nft_ctx *ctx, int family) { @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso } out: return err; -@@ -878,7 +874,7 @@ static int nf_tables_deltable(struct net +@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); -@@ -886,7 +882,8 @@ static int nf_tables_deltable(struct net +@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -894,7 +891,7 @@ static int nf_tables_deltable(struct net +@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso ctx.table = table; return nft_flush_table(&ctx); -@@ -906,7 +903,7 @@ static void nf_tables_table_destroy(stru +@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1107,7 +1104,7 @@ static void nf_tables_chain_notify(const +@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const goto err; err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->chain); if (err < 0) { kfree_skb(skb); -@@ -1125,7 +1122,6 @@ static int nf_tables_dump_chains(struct +@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1135,31 +1131,30 @@ static int nf_tables_dump_chains(struct +@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -1193,7 +1188,8 @@ static int nf_tables_getchain(struct net +@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1301,8 +1297,8 @@ struct nft_chain_hook { +@@ -1332,8 +1328,8 @@ struct nft_chain_hook { static int nft_chain_parse_hook(struct net *net, const struct nlattr * const nla[], @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nlattr *ha[NFTA_HOOK_MAX + 1]; const struct nf_chain_type *type; -@@ -1321,10 +1317,10 @@ static int nft_chain_parse_hook(struct n +@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); @@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) return PTR_ERR(type); } -@@ -1336,7 +1332,7 @@ static int nft_chain_parse_hook(struct n +@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso char ifname[IFNAMSIZ]; if (!ha[NFTA_HOOK_DEV]) { -@@ -1371,7 +1367,6 @@ static int nf_tables_addchain(struct nft +@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft { const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; @@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_base_chain *basechain; struct nft_stats __percpu *stats; struct net *net = ctx->net; -@@ -1385,7 +1380,7 @@ static int nf_tables_addchain(struct nft +@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) return err; -@@ -1478,7 +1473,7 @@ static int nf_tables_updchain(struct nft +@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft if (!nft_is_base_chain(chain)) return -EBUSY; @@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso create); if (err < 0) return err; -@@ -1571,7 +1566,8 @@ static int nf_tables_newchain(struct net +@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1611,7 +1607,7 @@ static int nf_tables_newchain(struct net +@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net } } @@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1645,7 +1641,8 @@ static int nf_tables_delchain(struct net +@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1657,7 +1654,7 @@ static int nf_tables_delchain(struct net +@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -1822,7 +1819,7 @@ static int nf_tables_expr_parse(const st +@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st if (err < 0) return err; @@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) return PTR_ERR(type); -@@ -2045,7 +2042,7 @@ static void nf_tables_rule_notify(const +@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const goto err; err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->chain, rule); if (err < 0) { kfree_skb(skb); -@@ -2069,7 +2066,6 @@ static int nf_tables_dump_rules(struct s +@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); const struct nft_rule_dump_ctx *ctx = cb->data; @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2080,39 +2076,37 @@ static int nf_tables_dump_rules(struct s +@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso } } } -@@ -2190,7 +2184,8 @@ static int nf_tables_getrule(struct net +@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2267,7 +2262,8 @@ static int nf_tables_newrule(struct net +@@ -2323,7 +2318,8 @@ static int nf_tables_newrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2306,7 +2302,7 @@ static int nf_tables_newrule(struct net +@@ -2362,7 +2358,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso n = 0; size = 0; -@@ -2441,7 +2437,8 @@ static int nf_tables_delrule(struct net +@@ -2495,7 +2491,8 @@ static int nf_tables_delrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2452,7 +2449,7 @@ static int nf_tables_delrule(struct net +@@ -2506,7 +2503,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2650,13 +2647,13 @@ static int nft_ctx_init_from_setattr(str +@@ -2704,13 +2701,13 @@ static int nft_ctx_init_from_setattr(str if (afi == NULL) return -EAFNOSUPPORT; @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -2783,7 +2780,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2838,7 +2835,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2875,10 +2872,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2930,10 +2927,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2887,51 +2882,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2942,51 +2937,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso } cb->args[1] = 1; done: -@@ -3141,11 +3129,12 @@ static int nf_tables_newset(struct net * +@@ -3196,11 +3184,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3410,12 +3399,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3469,12 +3458,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3520,7 +3509,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3579,7 +3568,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3532,21 +3520,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3591,21 +3579,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso } break; } -@@ -3566,7 +3552,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3625,7 +3611,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3668,7 +3654,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3727,7 +3713,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3912,7 +3898,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3971,7 +3957,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4459,7 +4445,8 @@ static int nf_tables_newobj(struct net * +@@ -4521,7 +4507,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4477,7 +4464,7 @@ static int nf_tables_newobj(struct net * +@@ -4539,7 +4526,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4554,7 +4541,6 @@ struct nft_obj_filter { +@@ -4616,7 +4603,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4569,38 +4555,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4631,38 +4617,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -914,7 +914,7 @@ Signed-off-by: Pablo Neira Ayuso - if (idx > s_idx) - memset(&cb->args[1], 0, - sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table[0] && +- if (filter && filter->table && - strcmp(filter->table, table->name)) - goto cont; - if (filter && @@ -929,7 +929,7 @@ Signed-off-by: Pablo Neira Ayuso + if (idx > s_idx) + memset(&cb->args[1], 0, + sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table[0] && ++ if (filter && filter->table && + strcmp(filter->table, table->name)) + goto cont; + if (filter && @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -4687,7 +4672,8 @@ static int nf_tables_getobj(struct net * +@@ -4749,7 +4734,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4747,7 +4733,8 @@ static int nf_tables_delobj(struct net * +@@ -4809,7 +4795,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4758,7 +4745,7 @@ static int nf_tables_delobj(struct net * +@@ -4820,7 +4807,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -4796,7 +4783,7 @@ static void nf_tables_obj_notify(const s +@@ -4858,7 +4845,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso } /* -@@ -4986,7 +4973,7 @@ void nft_flow_table_iterate(struct net * +@@ -5048,7 +5035,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5034,7 +5021,8 @@ static int nf_tables_newflowtable(struct +@@ -5096,7 +5083,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5051,7 +5039,7 @@ static int nf_tables_newflowtable(struct +@@ -5113,7 +5101,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5132,7 +5120,8 @@ static int nf_tables_delflowtable(struct +@@ -5194,7 +5182,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5143,7 +5132,7 @@ static int nf_tables_delflowtable(struct +@@ -5205,7 +5194,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5212,40 +5201,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5274,40 +5263,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso + if (idx > s_idx) + memset(&cb->args[1], 0, + sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table[0] && ++ if (filter && filter->table && + strcmp(filter->table, table->name)) + goto cont; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -5330,7 +5316,8 @@ static int nf_tables_getflowtable(struct +@@ -5392,7 +5378,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5373,7 +5360,7 @@ static void nf_tables_flowtable_notify(s +@@ -5435,7 +5422,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -5451,17 +5438,14 @@ static int nf_tables_flowtable_event(str +@@ -5513,17 +5500,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6480,6 +6464,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6549,6 +6533,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6516,10 +6501,10 @@ static void __nft_release_afinfo(struct +@@ -6585,10 +6570,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -1210,7 +1210,7 @@ Signed-off-by: Pablo Neira Ayuso nfnl_unlock(NFNL_SUBSYS_NFTABLES); --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c -@@ -144,7 +144,7 @@ nft_target_set_tgchk_param(struct xt_tgc +@@ -161,7 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgc { par->net = ctx->net; par->table = ctx->table->name; @@ -1219,7 +1219,7 @@ Signed-off-by: Pablo Neira Ayuso case AF_INET: entry->e4.ip.proto = proto; entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -175,7 +175,7 @@ nft_target_set_tgchk_param(struct xt_tgc +@@ -192,7 +192,7 @@ nft_target_set_tgchk_param(struct xt_tgc } else { par->hook_mask = 0; } @@ -1228,7 +1228,7 @@ Signed-off-by: Pablo Neira Ayuso par->nft_compat = true; } -@@ -267,7 +267,7 @@ nft_target_destroy(const struct nft_ctx +@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx par.net = ctx->net; par.target = target; par.targinfo = info; @@ -1237,7 +1237,7 @@ Signed-off-by: Pablo Neira Ayuso if (par.target->destroy != NULL) par.target->destroy(&par); -@@ -358,7 +358,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch { par->net = ctx->net; par->table = ctx->table->name; @@ -1246,7 +1246,7 @@ Signed-off-by: Pablo Neira Ayuso case AF_INET: entry->e4.ip.proto = proto; entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch } else { par->hook_mask = 0; } @@ -1255,7 +1255,7 @@ Signed-off-by: Pablo Neira Ayuso par->nft_compat = true; } -@@ -446,7 +446,7 @@ nft_match_destroy(const struct nft_ctx * +@@ -503,7 +503,7 @@ __nft_match_destroy(const struct nft_ctx par.net = ctx->net; par.match = match; par.matchinfo = info; @@ -1264,7 +1264,7 @@ Signed-off-by: Pablo Neira Ayuso if (par.match->destroy != NULL) par.match->destroy(&par); -@@ -648,7 +648,7 @@ nft_match_select_ops(const struct nft_ct +@@ -733,7 +733,7 @@ nft_match_select_ops(const struct nft_ct mt_name = nla_data(tb[NFTA_MATCH_NAME]); rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); @@ -1273,15 +1273,15 @@ Signed-off-by: Pablo Neira Ayuso /* Re-use the existing match if it's already loaded. */ list_for_each_entry(nft_match, &nft_match_list, head) { -@@ -733,7 +733,7 @@ nft_target_select_ops(const struct nft_c +@@ -824,7 +824,7 @@ nft_target_select_ops(const struct nft_c tg_name = nla_data(tb[NFTA_TARGET_NAME]); rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); - family = ctx->afi->family; + family = ctx->family; - /* Re-use the existing target if it's already loaded. */ - list_for_each_entry(nft_target, &nft_target_list, head) { + if (strcmp(tg_name, XT_ERROR_TARGET) == 0 || + strcmp(tg_name, XT_STANDARD_TARGET) == 0 || --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -405,7 +405,7 @@ static int nft_ct_get_init(const struct @@ -1408,7 +1408,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c -@@ -339,7 +339,7 @@ static int nft_meta_get_validate(const s +@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s if (priv->key != NFT_META_SECPATH) return 0; @@ -1417,7 +1417,7 @@ Signed-off-by: Pablo Neira Ayuso case NFPROTO_NETDEV: hooks = 1 << NF_NETDEV_INGRESS; break; -@@ -370,7 +370,7 @@ int nft_meta_set_validate(const struct n +@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n if (priv->key != NFT_META_PKTTYPE) return 0;