From a5af9ff42c4c051f9b5d37692965da412bc27869 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Sat, 16 Sep 2023 11:10:05 -0400 Subject: [PATCH] kernel : Bump to 4.14.325 --- include/kernel-version.mk | 4 +- ...S-ath79-select-the-PINCTRL-subsystem.patch | 2 +- .../0028-MIPS-ath79-drop-machfiles.patch | 2 +- .../0032-MIPS-ath79-sanitize-symbols.patch | 2 +- .../910-unaligned_access_hacks.patch | 8 +- ...tcp-allow-drivers-to-tweak-TSQ-logic.patch | 2 +- ...ption-fix-dwm-158-3g-modem-interface.patch | 2 +- ...add-defines-for-arp-decnet-max-hooks.patch | 26 +-- ...nly-allow-one-nat-hook-per-hook-poin.patch | 2 +- ...les-remove-multihook-chains-and-fami.patch | 52 +++--- ...les-remove-hooks-from-family-definit.patch | 12 +- ...v4.16-netfilter-meta-secpath-support.patch | 4 +- ...ack-move-nf_ct_netns_-get-put-to-cor.patch | 6 +- ...bles-add-flow-table-netlink-frontend.patch | 48 +++--- ...etfilter-flow-table-support-for-IPv6.patch | 2 +- ...les-remove-nhooks-field-from-struct-.patch | 8 +- ...les-fix-a-typo-in-nf_tables_getflowt.patch | 2 +- ...les-remove-flag-field-from-struct-nf.patch | 6 +- ...les-no-need-for-struct-nft_af_info-t.patch | 12 +- ...les-remove-struct-nft_af_info-parame.patch | 6 +- ...les-fix-potential-NULL-ptr-deref-in-.patch | 2 +- ...les-add-single-table-list-for-all-fa.patch | 162 +++++++++--------- ...tfilter-exit_net-cleanup-check-added.patch | 4 +- ...nf_tables-get-rid-of-pernet-families.patch | 12 +- ...les-get-rid-of-struct-nft_af_info-ab.patch | 136 +++++++-------- ...ow_offload-wait-for-garbage-collecto.patch | 2 +- ...tfilter-nf_tables-fix-flowtable-free.patch | 2 +- ...les-allocate-handle-and-delete-objec.patch | 76 ++++---- ...ipv6-make-ip6_dst_mtu_forward-inline.patch | 2 +- ...w_table-move-init-code-to-nf_flow_ta.patch | 4 +- ...w_table-fix-priv-pointer-for-netdev-.patch | 2 +- ...w_table-track-flow-tables-in-nf_flow.patch | 4 +- .../generic/hack-4.14/204-module_strip.patch | 12 +- .../hack-4.14/207-disable-modorder.patch | 4 +- .../generic/hack-4.14/220-gc_sections.patch | 6 +- .../generic/hack-4.14/280-rfkill-stubs.patch | 2 +- .../301-mips_image_cmdline_hack.patch | 2 +- .../321-powerpc_crtsavres_prereq.patch | 2 +- .../generic/hack-4.14/721-phy_packets.patch | 10 +- .../generic/hack-4.14/902-debloat_proc.patch | 2 +- ...e_mem_map-with-ARCH_PFN_OFFSET-calcu.patch | 2 +- .../pending-4.14/220-optimize_inlining.patch | 2 +- .../300-mips_expose_boot_raw.patch | 4 +- .../pending-4.14/304-mips_disable_fpu.patch | 2 +- ...ove-no-op-dma_map_ops-where-possible.patch | 12 +- .../pending-4.14/630-packet_socket_type.patch | 18 +- ...w_table-add-hardware-offload-support.patch | 12 +- ...w_table-support-hw-offload-through-v.patch | 6 +- ...T-skip-GRO-for-foreign-MAC-addresses.patch | 12 +- .../pending-4.14/920-mangle_bootargs.patch | 4 +- target/linux/x86/64/config-4.14 | 1 + 51 files changed, 355 insertions(+), 376 deletions(-) diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 28ecf6bd77..d813d785f2 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -6,10 +6,10 @@ ifdef CONFIG_TESTING_KERNEL KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) endif -LINUX_VERSION-4.14 = .314 +LINUX_VERSION-4.14 = .325 LIBRE_REV = 1 -LINUX_KERNEL_HASH-4.14.314 = 325524f4dd3dc7d899bec2330e04f643254a55f7c3d7a8666edf2ad45beff757 +LINUX_KERNEL_HASH-4.14.325 = 5cdc7b87a402f12c3769f056abf2a123259836168b578c84a89fed058fa9a6d0 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/ath79/patches-4.14/0011-MIPS-ath79-select-the-PINCTRL-subsystem.patch b/target/linux/ath79/patches-4.14/0011-MIPS-ath79-select-the-PINCTRL-subsystem.patch index c50a473307..c42b66a929 100644 --- a/target/linux/ath79/patches-4.14/0011-MIPS-ath79-select-the-PINCTRL-subsystem.patch +++ b/target/linux/ath79/patches-4.14/0011-MIPS-ath79-select-the-PINCTRL-subsystem.patch @@ -14,7 +14,7 @@ Signed-off-by: John Crispin --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -192,6 +192,7 @@ config ATH79 +@@ -193,6 +193,7 @@ config ATH79 select CSRC_R4K select DMA_NONCOHERENT select GPIOLIB diff --git a/target/linux/ath79/patches-4.14/0028-MIPS-ath79-drop-machfiles.patch b/target/linux/ath79/patches-4.14/0028-MIPS-ath79-drop-machfiles.patch index bb5acde8bb..f8f119f51a 100644 --- a/target/linux/ath79/patches-4.14/0028-MIPS-ath79-drop-machfiles.patch +++ b/target/linux/ath79/patches-4.14/0028-MIPS-ath79-drop-machfiles.patch @@ -31,7 +31,7 @@ Signed-off-by: John Crispin --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -197,7 +197,6 @@ config ATH79 +@@ -198,7 +198,6 @@ config ATH79 select COMMON_CLK select CLKDEV_LOOKUP select IRQ_MIPS_CPU diff --git a/target/linux/ath79/patches-4.14/0032-MIPS-ath79-sanitize-symbols.patch b/target/linux/ath79/patches-4.14/0032-MIPS-ath79-sanitize-symbols.patch index eaefc0bd21..8bd2bc8463 100644 --- a/target/linux/ath79/patches-4.14/0032-MIPS-ath79-sanitize-symbols.patch +++ b/target/linux/ath79/patches-4.14/0032-MIPS-ath79-sanitize-symbols.patch @@ -15,7 +15,7 @@ Signed-off-by: John Crispin --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -203,6 +203,8 @@ config ATH79 +@@ -204,6 +204,8 @@ config ATH79 select SYS_SUPPORTS_BIG_ENDIAN select SYS_SUPPORTS_MIPS16 select SYS_SUPPORTS_ZBOOT_UART_PROM diff --git a/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch b/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch index 6c19ee20c2..c028f605fa 100644 --- a/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch +++ b/target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch @@ -641,7 +641,7 @@ return false; return true; -@@ -605,13 +609,13 @@ static inline void ipv6_addr_set_v4mappe +@@ -601,13 +605,13 @@ static inline void ipv6_addr_set_v4mappe */ static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen) { @@ -657,7 +657,7 @@ if (xb) return i * 32 + 31 - __fls(ntohl(xb)); } -@@ -780,17 +784,18 @@ static inline int ip6_default_np_autolab +@@ -776,17 +780,18 @@ static inline int ip6_default_np_autolab static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass, __be32 flowlabel) { @@ -737,7 +737,7 @@ EXPORT_SYMBOL(xfrm_parse_spi); --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -3896,14 +3896,16 @@ static bool tcp_parse_aligned_timestamp( +@@ -3902,14 +3902,16 @@ static bool tcp_parse_aligned_timestamp( { const __be32 *ptr = (const __be32 *)(th + 1); @@ -785,7 +785,7 @@ ptr = ip6hoff + sizeof(struct ipv6hdr); --- a/include/net/neighbour.h +++ b/include/net/neighbour.h -@@ -265,8 +265,10 @@ static inline bool neigh_key_eq128(const +@@ -260,8 +260,10 @@ static inline bool neigh_key_eq128(const const u32 *n32 = (const u32 *)n->primary_key; const u32 *p32 = pkey; diff --git a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch index db22eec3fc..838c6ff2c4 100644 --- a/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch +++ b/target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch @@ -55,7 +55,7 @@ Cc: Kir Kolyshkin rwlock_t sk_callback_lock; --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -2788,6 +2788,7 @@ void sock_init_data(struct socket *sock, +@@ -2799,6 +2799,7 @@ void sock_init_data(struct socket *sock, sk->sk_max_pacing_rate = ~0U; sk->sk_pacing_rate = ~0U; diff --git a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch index bfe9fdb572..00aeeb1759 100644 --- a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch +++ b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch @@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c -@@ -2164,7 +2164,8 @@ static const struct usb_device_id option +@@ -2195,7 +2195,8 @@ static const struct usb_device_id option { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, /* D-Link DWM-156 (variant) */ { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) }, { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) }, diff --git a/target/linux/generic/backport-4.14/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch b/target/linux/generic/backport-4.14/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch index f7898d4f30..ad2bb41a87 100644 --- a/target/linux/generic/backport-4.14/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch +++ b/target/linux/generic/backport-4.14/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch @@ -22,9 +22,9 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/linux/netfilter_defs.h +++ b/include/linux/netfilter_defs.h -@@ -7,4 +7,10 @@ - /* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */ - #define NF_MAX_HOOKS 8 +@@ -6,4 +6,10 @@ + + #define NF_MAX_HOOKS NF_INET_NUMHOOKS +/* in/out/forward only */ +#define NF_ARP_NUMHOOKS 3 @@ -45,23 +45,3 @@ Signed-off-by: Pablo Neira Ayuso +#endif #endif /* __LINUX_ARP_NETFILTER_H */ ---- a/include/uapi/linux/netfilter_decnet.h -+++ b/include/uapi/linux/netfilter_decnet.h -@@ -24,6 +24,9 @@ - #define NFC_DN_IF_IN 0x0004 - /* Output device. */ - #define NFC_DN_IF_OUT 0x0008 -+ -+/* kernel define is in netfilter_defs.h */ -+#define NF_DN_NUMHOOKS 7 - #endif /* ! __KERNEL__ */ - - /* DECnet Hooks */ -@@ -41,7 +44,6 @@ - #define NF_DN_HELLO 5 - /* Input Routing Packets */ - #define NF_DN_ROUTE 6 --#define NF_DN_NUMHOOKS 7 - - enum nf_dn_hook_priorities { - NF_DN_PRI_FIRST = INT_MIN, diff --git a/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch b/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch index edc7e583ff..f047011935 100644 --- a/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch +++ b/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch @@ -135,7 +135,7 @@ Signed-off-by: Pablo Neira Ayuso new->hooks[nhooks] = old->hooks[i]; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1447,6 +1447,8 @@ static int nf_tables_addchain(struct nft +@@ -1466,6 +1466,8 @@ static int nf_tables_addchain(struct nft ops->hook = hookfn; if (afi->hook_ops_init) afi->hook_ops_init(ops, i); diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index bd9779fdae..9650b84d19 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -900,8 +900,6 @@ struct nft_stats { +@@ -924,8 +924,6 @@ struct nft_stats { struct u64_stats_sync syncp; }; @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso /** * struct nft_base_chain - nf_tables base chain * -@@ -913,7 +911,7 @@ struct nft_stats { +@@ -937,7 +935,7 @@ struct nft_stats { * @dev_name: device name that this base chain is attached to (if any) */ struct nft_base_chain { @@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nf_chain_type *type; u8 policy; u8 flags; -@@ -974,8 +972,6 @@ enum nft_af_flags { +@@ -1021,8 +1019,6 @@ enum nft_af_flags { * @owner: module owner * @tables: used internally * @flags: family flags @@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso * @hooks: hookfn overrides for packet validation */ struct nft_af_info { -@@ -985,9 +981,6 @@ struct nft_af_info { +@@ -1032,9 +1028,6 @@ struct nft_af_info { struct module *owner; struct list_head tables; u32 flags; @@ -90,8 +90,8 @@ Signed-off-by: Pablo Neira Ayuso [NF_INET_LOCAL_OUT] = nft_ipv6_output, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -140,29 +140,26 @@ static void nft_trans_destroy(struct nft - kfree(trans); +@@ -173,29 +173,26 @@ static void nft_set_trans_unbind(const s + return __nft_set_trans_bind(ctx, set, false); } -static int nf_tables_register_hooks(struct net *net, @@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso } static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) -@@ -640,8 +637,7 @@ static void _nf_tables_table_disable(str +@@ -662,8 +659,7 @@ static void _nf_tables_table_disable(str if (cnt && i++ == cnt) break; @@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -658,8 +654,7 @@ static int nf_tables_table_enable(struct +@@ -680,8 +676,7 @@ static int nf_tables_table_enable(struct if (!nft_is_base_chain(chain)) continue; @@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) goto err; -@@ -1071,7 +1066,7 @@ static int nf_tables_fill_chain_info(str +@@ -1093,7 +1088,7 @@ static int nf_tables_fill_chain_info(str if (nft_is_base_chain(chain)) { const struct nft_base_chain *basechain = nft_base_chain(chain); @@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso struct nlattr *nest; nest = nla_nest_start(skb, NFTA_CHAIN_HOOK); -@@ -1299,8 +1294,8 @@ static void nf_tables_chain_destroy(stru +@@ -1321,8 +1316,8 @@ static void nf_tables_chain_destroy(stru free_percpu(basechain->stats); if (basechain->stats) static_branch_dec(&nft_counters_enabled); @@ -168,15 +168,15 @@ Signed-off-by: Pablo Neira Ayuso kfree(chain->name); kfree(basechain); } else { -@@ -1396,7 +1391,6 @@ static int nf_tables_addchain(struct nft +@@ -1418,7 +1413,6 @@ static int nf_tables_addchain(struct nft struct nft_stats __percpu *stats; struct net *net = ctx->net; struct nft_chain *chain; - unsigned int i; int err; - if (table->use == UINT_MAX) -@@ -1435,21 +1429,18 @@ static int nf_tables_addchain(struct nft + if (nla[NFTA_CHAIN_HOOK]) { +@@ -1454,21 +1448,18 @@ static int nf_tables_addchain(struct nft basechain->type = hook.type; chain = &basechain->chain; @@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso chain->flags |= NFT_BASE_CHAIN; basechain->policy = policy; -@@ -1467,7 +1458,7 @@ static int nf_tables_addchain(struct nft +@@ -1486,7 +1477,7 @@ static int nf_tables_addchain(struct nft goto err1; } @@ -219,16 +219,16 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) goto err1; -@@ -1481,7 +1472,7 @@ static int nf_tables_addchain(struct nft - - return 0; +@@ -1506,7 +1497,7 @@ static int nf_tables_addchain(struct nft err2: + nft_use_dec_restore(&table->use); + err_use: - nf_tables_unregister_hooks(net, table, chain, afi->nops); + nf_tables_unregister_hook(net, table, chain); err1: nf_tables_chain_destroy(chain); -@@ -1494,13 +1485,12 @@ static int nf_tables_updchain(struct nft +@@ -1519,13 +1510,12 @@ static int nf_tables_updchain(struct nft const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; struct nft_chain *chain = ctx->chain; @@ -243,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso if (nla[NFTA_CHAIN_HOOK]) { if (!nft_is_base_chain(chain)) -@@ -1517,14 +1507,12 @@ static int nf_tables_updchain(struct nft +@@ -1542,14 +1532,12 @@ static int nf_tables_updchain(struct nft return -EBUSY; } @@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso } nft_chain_release_hook(&hook); } -@@ -5168,10 +5156,9 @@ static int nf_tables_commit(struct net * +@@ -5309,10 +5297,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -278,9 +278,9 @@ Signed-off-by: Pablo Neira Ayuso break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5308,10 +5295,9 @@ static int nf_tables_abort(struct net *n +@@ -5453,10 +5440,9 @@ static int nf_tables_abort(struct net *n } else { - trans->ctx.table->use--; + nft_use_dec_restore(&trans->ctx.table->use); list_del_rcu(&trans->ctx.chain->list); - nf_tables_unregister_hooks(trans->ctx.net, - trans->ctx.table, @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso } break; case NFT_MSG_DELCHAIN: -@@ -5414,7 +5400,7 @@ int nft_chain_validate_hooks(const struc +@@ -5569,7 +5555,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; return -EOPNOTSUPP; -@@ -5896,8 +5882,7 @@ int __nft_release_basechain(struct nft_c +@@ -6092,8 +6078,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -310,8 +310,8 @@ Signed-off-by: Pablo Neira Ayuso + nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain); list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); - ctx->chain->use--; -@@ -5926,8 +5911,7 @@ static void __nft_release_afinfo(struct + nft_use_dec(&ctx->chain->use); +@@ -6122,8 +6107,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch b/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch index 3331613e4b..2bf3dc821f 100644 --- a/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch +++ b/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch @@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -878,7 +878,7 @@ enum nft_chain_type { +@@ -902,7 +902,7 @@ enum nft_chain_type { * @family: address family * @owner: module owner * @hook_mask: mask of valid hooks @@ -19,7 +19,7 @@ Signed-off-by: Pablo Neira Ayuso */ struct nf_chain_type { const char *name; -@@ -972,7 +972,6 @@ enum nft_af_flags { +@@ -1019,7 +1019,6 @@ enum nft_af_flags { * @owner: module owner * @tables: used internally * @flags: family flags @@ -27,7 +27,7 @@ Signed-off-by: Pablo Neira Ayuso */ struct nft_af_info { struct list_head list; -@@ -981,7 +980,6 @@ struct nft_af_info { +@@ -1028,7 +1027,6 @@ struct nft_af_info { struct module *owner; struct list_head tables; u32 flags; @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso static int __init nf_tables_ipv6_init(void) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1399,7 +1399,6 @@ static int nf_tables_addchain(struct nft +@@ -1418,7 +1418,6 @@ static int nf_tables_addchain(struct nft if (nla[NFTA_CHAIN_HOOK]) { struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso err = nft_chain_parse_hook(net, nla, afi, &hook, create); if (err < 0) -@@ -1425,7 +1424,6 @@ static int nf_tables_addchain(struct nft +@@ -1444,7 +1443,6 @@ static int nf_tables_addchain(struct nft static_branch_inc(&nft_counters_enabled); } @@ -167,7 +167,7 @@ Signed-off-by: Pablo Neira Ayuso basechain->type = hook.type; chain = &basechain->chain; -@@ -1434,10 +1432,8 @@ static int nf_tables_addchain(struct nft +@@ -1453,10 +1451,8 @@ static int nf_tables_addchain(struct nft ops->hooknum = hook.num; ops->priority = hook.priority; ops->priv = chain; diff --git a/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch b/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch index 7aab67fc2c..683e862681 100644 --- a/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch +++ b/target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch @@ -52,7 +52,7 @@ Signed-off-by: Pablo Neira Ayuso default: return -EOPNOTSUPP; } -@@ -320,6 +330,38 @@ int nft_meta_get_init(const struct nft_c +@@ -319,6 +329,38 @@ int nft_meta_get_init(const struct nft_c } EXPORT_SYMBOL_GPL(nft_meta_get_init); @@ -91,7 +91,7 @@ Signed-off-by: Pablo Neira Ayuso int nft_meta_set_validate(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nft_data **data) -@@ -436,6 +478,7 @@ static const struct nft_expr_ops nft_met +@@ -434,6 +476,7 @@ static const struct nft_expr_ops nft_met .eval = nft_meta_get_eval, .init = nft_meta_get_init, .dump = nft_meta_get_dump, diff --git a/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch b/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch index 7f6e90470a..1dc555fbc0 100644 --- a/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch +++ b/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch @@ -113,7 +113,7 @@ Acked-by: Florian Westphal #ifdef CONFIG_NF_CONNTRACK_ZONES static void nft_ct_tmpl_put_pcpu(void) { -@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct +@@ -488,7 +455,7 @@ static int nft_ct_get_init(const struct if (err < 0) return err; @@ -122,7 +122,7 @@ Acked-by: Florian Westphal if (err < 0) return err; -@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct +@@ -581,7 +548,7 @@ static int nft_ct_set_init(const struct if (err < 0) goto err1; @@ -131,7 +131,7 @@ Acked-by: Florian Westphal if (err < 0) goto err1; -@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str +@@ -604,7 +571,7 @@ static void nft_ct_set_destroy(const str struct nft_ct *priv = nft_expr_priv(expr); __nft_ct_set_destroy(ctx, priv); diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index b58c49894e..a2400b1c2c 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso #include #define NFT_JUMP_STACK_SIZE 16 -@@ -941,6 +942,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -988,6 +989,7 @@ static inline void nft_use_inc_restore(u * @chains: chains in the table * @sets: sets in the table * @objects: stateful objects in the table @@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso * @hgenerator: handle generator state * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) -@@ -952,6 +954,7 @@ struct nft_table { +@@ -999,6 +1001,7 @@ struct nft_table { struct list_head chains; struct list_head sets; struct list_head objects; @@ -66,7 +66,7 @@ Signed-off-by: Pablo Neira Ayuso u64 hgenerator; u32 use; u16 flags:14, -@@ -1083,6 +1086,44 @@ int nft_register_obj(struct nft_object_t +@@ -1130,6 +1133,44 @@ int nft_register_obj(struct nft_object_t void nft_unregister_obj(struct nft_object_type *obj_type); /** @@ -111,7 +111,7 @@ Signed-off-by: Pablo Neira Ayuso * struct nft_traceinfo - nft tracing information and state * * @pkt: pktinfo currently processed -@@ -1318,4 +1359,11 @@ struct nft_trans_obj { +@@ -1371,4 +1412,11 @@ struct nft_trans_obj { #define nft_trans_obj(trans) \ (((struct nft_trans_obj *)trans->data)->obj) @@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso /** * nft_register_afinfo - register nf_tables address family info -@@ -390,6 +392,40 @@ static int nft_delobj(struct nft_ctx *ct +@@ -412,6 +414,40 @@ static int nft_delobj(struct nft_ctx *ct return err; } @@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso /* * Tables */ -@@ -773,6 +809,7 @@ static int nf_tables_newtable(struct net +@@ -795,6 +831,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->chains); INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso table->flags = flags; nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -@@ -794,10 +831,11 @@ err1: +@@ -816,10 +853,11 @@ err1: static int nft_flush_table(struct nft_ctx *ctx) { @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &ctx->table->chains, list) { if (!nft_is_active_next(ctx->net, chain)) -@@ -823,6 +861,12 @@ static int nft_flush_table(struct nft_ct +@@ -845,6 +883,12 @@ static int nft_flush_table(struct nft_ct goto out; } @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4868,6 +4912,605 @@ static void nf_tables_obj_notify(const s +@@ -5009,6 +5053,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4898,6 +5541,49 @@ nla_put_failure: +@@ -5039,6 +5682,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -5050,6 +5736,21 @@ static const struct nfnl_callback nf_tab +@@ -5191,6 +5877,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5098,6 +5799,9 @@ static void nf_tables_commit_release(str +@@ -5239,6 +5940,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso } kfree(trans); } -@@ -5217,6 +5921,21 @@ static int nf_tables_commit(struct net * +@@ -5361,6 +6065,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -5254,6 +5973,9 @@ static void nf_tables_abort_release(stru +@@ -5399,6 +6118,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso } kfree(trans); } -@@ -5345,6 +6067,17 @@ static int nf_tables_abort(struct net *n +@@ -5500,6 +6222,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -5895,6 +6628,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -6091,6 +6824,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5908,6 +6642,9 @@ static void __nft_release_afinfo(struct +@@ -6104,6 +6838,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5918,6 +6655,11 @@ static void __nft_release_afinfo(struct +@@ -6114,6 +6851,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1059,17 +1059,17 @@ Signed-off-by: Pablo Neira Ayuso + } list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); - table->use--; -@@ -5961,6 +6703,8 @@ static int __init nf_tables_module_init( + nft_use_dec(&table->use); +@@ -6162,6 +6904,8 @@ static int __init nf_tables_module_init( if (err < 0) - goto err3; + goto err4; + register_netdevice_notifier(&nf_tables_flowtable_notifier); + pr_info("nf_tables: (c) 2007-2009 Patrick McHardy \n"); - return register_pernet_subsys(&nf_tables_net_ops); - err3: -@@ -5975,6 +6719,7 @@ static void __exit nf_tables_module_exit + return err; + err4: +@@ -6178,6 +6922,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/324-v4.16-netfilter-flow-table-support-for-IPv6.patch b/target/linux/generic/backport-4.14/324-v4.16-netfilter-flow-table-support-for-IPv6.patch index 7dc1dd7f46..f9e6c74935 100644 --- a/target/linux/generic/backport-4.14/324-v4.16-netfilter-flow-table-support-for-IPv6.patch +++ b/target/linux/generic/backport-4.14/324-v4.16-netfilter-flow-table-support-for-IPv6.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/ipv6.h +++ b/include/net/ipv6.h -@@ -860,6 +860,8 @@ static inline struct sk_buff *ip6_finish +@@ -856,6 +856,8 @@ static inline struct sk_buff *ip6_finish &inet6_sk(sk)->cork); } diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index 6fb712bd87..6a6797b503 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -971,7 +971,6 @@ enum nft_af_flags { +@@ -1018,7 +1018,6 @@ enum nft_af_flags { * * @list: used internally * @family: address family @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso * @owner: module owner * @tables: used internally * @flags: family flags -@@ -979,7 +978,6 @@ enum nft_af_flags { +@@ -1026,7 +1025,6 @@ enum nft_af_flags { struct nft_af_info { struct list_head list; int family; @@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1375,9 +1375,6 @@ static int nft_chain_parse_hook(struct n +@@ -1397,9 +1397,6 @@ static int nft_chain_parse_hook(struct n return -EINVAL; hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -5020,7 +5017,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -5161,7 +5158,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 242ba59385..e470711329 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5444,7 +5444,7 @@ static int nf_tables_getflowtable(struct +@@ -5585,7 +5585,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch b/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch index 97ac172bf0..b5dbd06e56 100644 --- a/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch +++ b/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch @@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -962,10 +962,6 @@ struct nft_table { +@@ -1009,10 +1009,6 @@ struct nft_table { char *name; }; @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso /** * struct nft_af_info - nf_tables address family info * -@@ -973,14 +969,12 @@ enum nft_af_flags { +@@ -1020,14 +1016,12 @@ enum nft_af_flags { * @family: address family * @owner: module owner * @tables: used internally @@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso int nft_register_afinfo(struct net *, struct nft_af_info *); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1392,7 +1392,7 @@ static int nft_chain_parse_hook(struct n +@@ -1414,7 +1414,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index 410309e64f..930eea1b1b 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -656,10 +656,7 @@ err: +@@ -678,10 +678,7 @@ err: return err; } @@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_chain *chain; u32 i = 0; -@@ -677,9 +674,7 @@ static void _nf_tables_table_disable(str +@@ -699,9 +696,7 @@ static void _nf_tables_table_disable(str } } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_chain *chain; int err, i = 0; -@@ -699,15 +694,13 @@ static int nf_tables_table_enable(struct +@@ -721,15 +716,13 @@ static int nf_tables_table_enable(struct return 0; err: if (i) @@ -53,7 +53,7 @@ Signed-off-by: Pablo Neira Ayuso } static int nf_tables_updtable(struct nft_ctx *ctx) -@@ -736,7 +729,7 @@ static int nf_tables_updtable(struct nft +@@ -758,7 +751,7 @@ static int nf_tables_updtable(struct nft nft_trans_table_enable(trans) = false; } else if (!(flags & NFT_TABLE_F_DORMANT) && ctx->table->flags & NFT_TABLE_F_DORMANT) { @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5825,7 +5818,6 @@ static int nf_tables_commit(struct net * +@@ -5966,7 +5959,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5989,7 +5981,6 @@ static int nf_tables_abort(struct net *n +@@ -6134,7 +6126,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch b/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch index 6dad212a86..870939728c 100644 --- a/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch +++ b/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -468,7 +468,7 @@ static inline u64 nf_tables_alloc_handle +@@ -490,7 +490,7 @@ static inline u64 nf_tables_alloc_handle static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; static const struct nf_chain_type * @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso { int i; -@@ -481,22 +481,20 @@ __nf_tables_chain_type_lookup(int family +@@ -503,22 +503,20 @@ __nf_tables_chain_type_lookup(int family } static const struct nf_chain_type * @@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso if (type != NULL) return ERR_PTR(-EAGAIN); } -@@ -1372,8 +1370,8 @@ static int nft_chain_parse_hook(struct n +@@ -1394,8 +1392,8 @@ static int nft_chain_parse_hook(struct n type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; if (nla[NFTA_CHAIN_TYPE]) { diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 6330072f08..b817348531 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5363,8 +5363,10 @@ static int nf_tables_dump_flowtable_done +@@ -5504,8 +5504,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index 519f5f3b4a..ee2de50ab9 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso bool report; }; -@@ -947,6 +947,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -994,6 +994,7 @@ static inline void nft_use_inc_restore(u * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) * @genmask: generation mask @@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso * @name: name of the table */ struct nft_table { -@@ -959,6 +960,7 @@ struct nft_table { +@@ -1006,6 +1007,7 @@ struct nft_table { u32 use; u16 flags:14, genmask:2; @@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso char *name; }; -@@ -968,13 +970,11 @@ struct nft_table { +@@ -1015,13 +1017,11 @@ struct nft_table { * @list: used internally * @family: address family * @owner: module owner @@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->table = table; ctx->chain = chain; ctx->nla = nla; -@@ -430,30 +429,31 @@ static int nft_delflowtable(struct nft_c +@@ -452,30 +451,31 @@ static int nft_delflowtable(struct nft_c * Tables */ @@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso if (table != NULL) return table; -@@ -552,7 +552,7 @@ static void nf_tables_table_notify(const +@@ -574,7 +574,7 @@ static void nf_tables_table_notify(const goto err; err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -569,7 +569,6 @@ static int nf_tables_dump_tables(struct +@@ -591,7 +591,6 @@ static int nf_tables_dump_tables(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct net *net = sock_net(skb->sk); -@@ -578,30 +577,27 @@ static int nf_tables_dump_tables(struct +@@ -600,30 +599,27 @@ static int nf_tables_dump_tables(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso } done: rcu_read_unlock(); -@@ -633,7 +629,8 @@ static int nf_tables_gettable(struct net +@@ -655,7 +651,8 @@ static int nf_tables_gettable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -764,7 +761,7 @@ static int nf_tables_newtable(struct net +@@ -786,7 +783,7 @@ static int nf_tables_newtable(struct net return PTR_ERR(afi); name = nla[NFTA_TABLE_NAME]; @@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -774,7 +771,7 @@ static int nf_tables_newtable(struct net +@@ -796,7 +793,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso return nf_tables_updtable(&ctx); } -@@ -801,14 +798,15 @@ static int nf_tables_newtable(struct net +@@ -823,14 +820,15 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); INIT_LIST_HEAD(&table->flowtables); @@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; err4: kfree(table->name); -@@ -882,30 +880,28 @@ out: +@@ -904,30 +902,28 @@ out: static int nft_flush(struct nft_ctx *ctx, int family) { @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso } out: return err; -@@ -923,7 +919,7 @@ static int nf_tables_deltable(struct net +@@ -945,7 +941,7 @@ static int nf_tables_deltable(struct net int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); -@@ -931,7 +927,8 @@ static int nf_tables_deltable(struct net +@@ -953,7 +949,8 @@ static int nf_tables_deltable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -939,7 +936,7 @@ static int nf_tables_deltable(struct net +@@ -961,7 +958,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso ctx.table = table; return nft_flush_table(&ctx); -@@ -951,7 +948,7 @@ static void nf_tables_table_destroy(stru +@@ -973,7 +970,7 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1152,7 +1149,7 @@ static void nf_tables_chain_notify(const +@@ -1174,7 +1171,7 @@ static void nf_tables_chain_notify(const goto err; err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->chain); if (err < 0) { kfree_skb(skb); -@@ -1170,7 +1167,6 @@ static int nf_tables_dump_chains(struct +@@ -1192,7 +1189,6 @@ static int nf_tables_dump_chains(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1180,31 +1176,30 @@ static int nf_tables_dump_chains(struct +@@ -1202,31 +1198,30 @@ static int nf_tables_dump_chains(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -1238,7 +1233,8 @@ static int nf_tables_getchain(struct net +@@ -1260,7 +1255,8 @@ static int nf_tables_getchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1348,8 +1344,8 @@ struct nft_chain_hook { +@@ -1370,8 +1366,8 @@ struct nft_chain_hook { static int nft_chain_parse_hook(struct net *net, const struct nlattr * const nla[], @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nlattr *ha[NFTA_HOOK_MAX + 1]; const struct nf_chain_type *type; -@@ -1368,10 +1364,10 @@ static int nft_chain_parse_hook(struct n +@@ -1390,10 +1386,10 @@ static int nft_chain_parse_hook(struct n hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); @@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) return PTR_ERR(type); } -@@ -1383,7 +1379,7 @@ static int nft_chain_parse_hook(struct n +@@ -1405,7 +1401,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso char ifname[IFNAMSIZ]; if (!ha[NFTA_HOOK_DEV]) { -@@ -1418,7 +1414,6 @@ static int nf_tables_addchain(struct nft +@@ -1440,7 +1436,6 @@ static int nf_tables_addchain(struct nft { const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; @@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_base_chain *basechain; struct nft_stats __percpu *stats; struct net *net = ctx->net; -@@ -1432,7 +1427,7 @@ static int nf_tables_addchain(struct nft +@@ -1451,7 +1446,7 @@ static int nf_tables_addchain(struct nft struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) return err; -@@ -1524,7 +1519,7 @@ static int nf_tables_updchain(struct nft +@@ -1549,7 +1544,7 @@ static int nf_tables_updchain(struct nft if (!nft_is_base_chain(chain)) return -EBUSY; @@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso create); if (err < 0) return err; -@@ -1634,7 +1629,8 @@ static int nf_tables_newchain(struct net +@@ -1659,7 +1654,8 @@ static int nf_tables_newchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1674,7 +1670,7 @@ static int nf_tables_newchain(struct net +@@ -1699,7 +1695,7 @@ static int nf_tables_newchain(struct net } } @@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1708,7 +1704,8 @@ static int nf_tables_delchain(struct net +@@ -1733,7 +1729,8 @@ static int nf_tables_delchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1720,7 +1717,7 @@ static int nf_tables_delchain(struct net +@@ -1745,7 +1742,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -1888,7 +1885,7 @@ static int nf_tables_expr_parse(const st +@@ -1910,7 +1907,7 @@ static int nf_tables_expr_parse(const st if (err < 0) return err; @@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) return PTR_ERR(type); -@@ -2120,7 +2117,7 @@ static void nf_tables_rule_notify(const +@@ -2138,7 +2135,7 @@ static void nf_tables_rule_notify(const goto err; err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->chain, rule); if (err < 0) { kfree_skb(skb); -@@ -2144,7 +2141,6 @@ static int nf_tables_dump_rules(struct s +@@ -2162,7 +2159,6 @@ static int nf_tables_dump_rules(struct s { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); const struct nft_rule_dump_ctx *ctx = cb->data; @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2155,39 +2151,37 @@ static int nf_tables_dump_rules(struct s +@@ -2173,39 +2169,37 @@ static int nf_tables_dump_rules(struct s rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso } } } -@@ -2265,7 +2259,8 @@ static int nf_tables_getrule(struct net +@@ -2283,7 +2277,8 @@ static int nf_tables_getrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2350,7 +2345,8 @@ static int nf_tables_newrule(struct net +@@ -2368,7 +2363,8 @@ static int nf_tables_newrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2389,7 +2385,7 @@ static int nf_tables_newrule(struct net +@@ -2404,7 +2400,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso n = 0; size = 0; -@@ -2522,7 +2518,8 @@ static int nf_tables_delrule(struct net +@@ -2547,7 +2543,8 @@ static int nf_tables_delrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2533,7 +2530,7 @@ static int nf_tables_delrule(struct net +@@ -2558,7 +2555,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2731,13 +2728,13 @@ static int nft_ctx_init_from_setattr(str +@@ -2756,13 +2753,13 @@ static int nft_ctx_init_from_setattr(str if (afi == NULL) return -EAFNOSUPPORT; @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -2865,7 +2862,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2892,7 +2889,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2958,10 +2955,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2985,10 +2982,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2970,51 +2965,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2997,51 +2992,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso } cb->args[1] = 1; done: -@@ -3227,11 +3215,12 @@ static int nf_tables_newset(struct net * +@@ -3254,11 +3242,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3500,12 +3489,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3592,12 +3581,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3610,7 +3599,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3702,7 +3691,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3622,21 +3610,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3714,21 +3702,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso } break; } -@@ -3656,7 +3642,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3748,7 +3734,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3758,7 +3744,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3868,7 +3854,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -4008,7 +3994,7 @@ static int nft_add_set_elem(struct nft_c +@@ -4144,7 +4130,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4560,7 +4546,8 @@ static int nf_tables_newobj(struct net * +@@ -4693,7 +4679,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,16 +878,16 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4578,7 +4565,7 @@ static int nf_tables_newobj(struct net * +@@ -4711,7 +4698,7 @@ static int nf_tables_newobj(struct net * return 0; } - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - type = nft_obj_type_get(objtype); - if (IS_ERR(type)) -@@ -4655,7 +4642,6 @@ struct nft_obj_filter { + if (!nft_use_inc(&table->use)) + return -EMFILE; +@@ -4796,7 +4783,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4670,38 +4656,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4811,38 +4797,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -4788,7 +4773,8 @@ static int nf_tables_getobj(struct net * +@@ -4929,7 +4914,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4848,7 +4834,8 @@ static int nf_tables_delobj(struct net * +@@ -4989,7 +4975,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4859,7 +4846,7 @@ static int nf_tables_delobj(struct net * +@@ -5000,7 +4987,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -4897,7 +4884,7 @@ static void nf_tables_obj_notify(const s +@@ -5038,7 +5025,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso } /* -@@ -5087,7 +5074,7 @@ void nft_flow_table_iterate(struct net * +@@ -5228,7 +5215,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5135,7 +5122,8 @@ static int nf_tables_newflowtable(struct +@@ -5276,7 +5263,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5152,7 +5140,7 @@ static int nf_tables_newflowtable(struct +@@ -5293,7 +5281,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5233,7 +5221,8 @@ static int nf_tables_delflowtable(struct +@@ -5374,7 +5362,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5244,7 +5233,7 @@ static int nf_tables_delflowtable(struct +@@ -5385,7 +5374,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5313,40 +5302,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5454,40 +5443,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -5431,7 +5417,8 @@ static int nf_tables_getflowtable(struct +@@ -5572,7 +5558,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5474,7 +5461,7 @@ static void nf_tables_flowtable_notify(s +@@ -5615,7 +5602,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -5552,17 +5539,14 @@ static int nf_tables_flowtable_event(str +@@ -5693,17 +5680,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6588,6 +6572,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6784,6 +6768,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6624,10 +6609,10 @@ static void __nft_release_afinfo(struct +@@ -6820,10 +6805,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -1293,7 +1293,7 @@ Signed-off-by: Pablo Neira Ayuso case NFPROTO_IPV4: len = FIELD_SIZEOF(struct nf_conntrack_tuple, src.u3.ip); -@@ -456,7 +456,7 @@ static int nft_ct_get_init(const struct +@@ -455,7 +455,7 @@ static int nft_ct_get_init(const struct if (err < 0) return err; @@ -1302,7 +1302,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) return err; -@@ -550,7 +550,7 @@ static int nft_ct_set_init(const struct +@@ -548,7 +548,7 @@ static int nft_ct_set_init(const struct if (err < 0) goto err1; @@ -1311,7 +1311,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) goto err1; -@@ -564,7 +564,7 @@ err1: +@@ -562,7 +562,7 @@ err1: static void nft_ct_get_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) { @@ -1320,7 +1320,7 @@ Signed-off-by: Pablo Neira Ayuso } static void nft_ct_set_destroy(const struct nft_ctx *ctx, -@@ -573,7 +573,7 @@ static void nft_ct_set_destroy(const str +@@ -571,7 +571,7 @@ static void nft_ct_set_destroy(const str struct nft_ct *priv = nft_expr_priv(expr); __nft_ct_set_destroy(ctx, priv); @@ -1329,7 +1329,7 @@ Signed-off-by: Pablo Neira Ayuso } static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) -@@ -734,7 +734,7 @@ static int nft_ct_helper_obj_init(const +@@ -732,7 +732,7 @@ static int nft_ct_helper_obj_init(const struct nft_ct_helper_obj *priv = nft_obj_data(obj); struct nf_conntrack_helper *help4, *help6; char name[NF_CT_HELPER_NAME_LEN]; @@ -1338,7 +1338,7 @@ Signed-off-by: Pablo Neira Ayuso if (!tb[NFTA_CT_HELPER_NAME] || !tb[NFTA_CT_HELPER_L4PROTO]) return -EINVAL; -@@ -753,14 +753,14 @@ static int nft_ct_helper_obj_init(const +@@ -751,14 +751,14 @@ static int nft_ct_helper_obj_init(const switch (family) { case NFPROTO_IPV4: @@ -1397,7 +1397,7 @@ Signed-off-by: Pablo Neira Ayuso static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr) --- a/net/netfilter/nft_masq.c +++ b/net/netfilter/nft_masq.c -@@ -73,7 +73,7 @@ int nft_masq_init(const struct nft_ctx * +@@ -69,7 +69,7 @@ int nft_masq_init(const struct nft_ctx * } } @@ -1408,7 +1408,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c -@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s +@@ -340,7 +340,7 @@ static int nft_meta_get_validate(const s if (priv->key != NFT_META_SECPATH) return 0; @@ -1417,7 +1417,7 @@ Signed-off-by: Pablo Neira Ayuso case NFPROTO_NETDEV: hooks = 1 << NF_NETDEV_INGRESS; break; -@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n +@@ -371,7 +371,7 @@ int nft_meta_set_validate(const struct n if (priv->key != NFT_META_PKTTYPE) return 0; @@ -1439,7 +1439,7 @@ Signed-off-by: Pablo Neira Ayuso switch (family) { --- a/net/netfilter/nft_redir.c +++ b/net/netfilter/nft_redir.c -@@ -75,7 +75,7 @@ int nft_redir_init(const struct nft_ctx +@@ -71,7 +71,7 @@ int nft_redir_init(const struct nft_ctx return -EINVAL; } diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index 454229cdfa..2c334f5b8e 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6578,6 +6578,12 @@ static int __net_init nf_tables_init_net +@@ -6774,6 +6774,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6655,6 +6661,7 @@ static void __nft_release_afinfo(struct +@@ -6851,6 +6857,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index d8b210ddf7..ff0523538f 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -977,8 +977,8 @@ struct nft_af_info { +@@ -1024,8 +1024,8 @@ struct nft_af_info { struct module *owner; }; @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso if (afi->family == family) return afi; } -@@ -5069,15 +5067,12 @@ void nft_flow_table_iterate(struct net * +@@ -5210,15 +5208,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso } } rcu_read_unlock(); -@@ -6569,21 +6564,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6765,21 +6760,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6604,8 +6584,7 @@ int __nft_release_basechain(struct nft_c +@@ -6800,8 +6780,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6615,10 +6594,11 @@ static void __nft_release_afinfo(struct +@@ -6811,10 +6790,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6659,6 +6639,21 @@ static void __nft_release_afinfo(struct +@@ -6855,6 +6835,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 621bbbb337..8762c519de 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -958,28 +958,12 @@ struct nft_table { +@@ -1005,28 +1005,12 @@ struct nft_table { struct list_head flowtables; u64 hgenerator; u32 use; @@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso int nft_register_chain_type(const struct nf_chain_type *); void nft_unregister_chain_type(const struct nf_chain_type *); -@@ -1147,9 +1131,6 @@ void nft_trace_notify(struct nft_tracein +@@ -1194,9 +1178,6 @@ void nft_trace_notify(struct nft_tracein #define nft_dereference(p) \ nfnl_dereference(p, NFNL_SUBSYS_NFTABLES) @@ -323,7 +323,7 @@ Signed-off-by: Pablo Neira Ayuso static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -435,7 +370,7 @@ static struct nft_table *nft_table_looku +@@ -457,7 +392,7 @@ static struct nft_table *nft_table_looku list_for_each_entry(table, &net->nft.tables, list) { if (!nla_strcmp(nla, table->name) && @@ -332,7 +332,7 @@ Signed-off-by: Pablo Neira Ayuso nft_active_genmask(table, genmask)) return table; } -@@ -576,7 +511,7 @@ static int nf_tables_dump_tables(struct +@@ -598,7 +533,7 @@ static int nf_tables_dump_tables(struct cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -341,7 +341,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (idx < s_idx) -@@ -590,7 +525,7 @@ static int nf_tables_dump_tables(struct +@@ -612,7 +547,7 @@ static int nf_tables_dump_tables(struct NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, NFT_MSG_NEWTABLE, NLM_F_MULTI, @@ -350,7 +350,7 @@ Signed-off-by: Pablo Neira Ayuso goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -610,7 +545,6 @@ static int nf_tables_gettable(struct net +@@ -632,7 +567,6 @@ static int nf_tables_gettable(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -358,7 +358,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct sk_buff *skb2; int family = nfmsg->nfgen_family; -@@ -623,11 +557,7 @@ static int nf_tables_gettable(struct net +@@ -645,11 +579,7 @@ static int nf_tables_gettable(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -747,19 +677,14 @@ static int nf_tables_newtable(struct net +@@ -769,19 +699,14 @@ static int nf_tables_newtable(struct net const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); const struct nlattr *name; @@ -392,7 +392,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -769,7 +694,7 @@ static int nf_tables_newtable(struct net +@@ -791,7 +716,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -401,7 +401,7 @@ Signed-off-by: Pablo Neira Ayuso return nf_tables_updtable(&ctx); } -@@ -779,40 +704,34 @@ static int nf_tables_newtable(struct net +@@ -801,40 +726,34 @@ static int nf_tables_newtable(struct net return -EINVAL; } @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso return err; } -@@ -883,10 +802,10 @@ static int nft_flush(struct nft_ctx *ctx +@@ -905,10 +824,10 @@ static int nft_flush(struct nft_ctx *ctx int err = 0; list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { @@ -463,7 +463,7 @@ Signed-off-by: Pablo Neira Ayuso if (!nft_is_active_next(ctx->net, table)) continue; -@@ -912,7 +831,6 @@ static int nf_tables_deltable(struct net +@@ -934,7 +853,6 @@ static int nf_tables_deltable(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -471,7 +471,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; int family = nfmsg->nfgen_family; struct nft_ctx ctx; -@@ -921,11 +839,7 @@ static int nf_tables_deltable(struct net +@@ -943,11 +861,7 @@ static int nf_tables_deltable(struct net if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); @@ -484,7 +484,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -934,7 +848,7 @@ static int nf_tables_deltable(struct net +@@ -956,7 +870,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -493,7 +493,7 @@ Signed-off-by: Pablo Neira Ayuso ctx.table = table; return nft_flush_table(&ctx); -@@ -946,7 +860,6 @@ static void nf_tables_table_destroy(stru +@@ -968,7 +882,6 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -501,7 +501,7 @@ Signed-off-by: Pablo Neira Ayuso } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct +@@ -1197,7 +1110,7 @@ static int nf_tables_dump_chains(struct cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -510,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(chain, &table->chains, list) { -@@ -1191,7 +1104,7 @@ static int nf_tables_dump_chains(struct +@@ -1213,7 +1126,7 @@ static int nf_tables_dump_chains(struct cb->nlh->nlmsg_seq, NFT_MSG_NEWCHAIN, NLM_F_MULTI, @@ -519,7 +519,7 @@ Signed-off-by: Pablo Neira Ayuso chain) < 0) goto done; -@@ -1213,7 +1126,6 @@ static int nf_tables_getchain(struct net +@@ -1235,7 +1148,6 @@ static int nf_tables_getchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -527,7 +527,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; struct sk_buff *skb2; -@@ -1227,11 +1139,7 @@ static int nf_tables_getchain(struct net +@@ -1249,11 +1161,7 @@ static int nf_tables_getchain(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1613,7 +1521,6 @@ static int nf_tables_newchain(struct net +@@ -1638,7 +1546,6 @@ static int nf_tables_newchain(struct net const struct nlattr * uninitialized_var(name); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_chain *chain; u8 policy = NF_ACCEPT; -@@ -1623,11 +1530,7 @@ static int nf_tables_newchain(struct net +@@ -1648,11 +1555,7 @@ static int nf_tables_newchain(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1668,7 +1571,7 @@ static int nf_tables_newchain(struct net +@@ -1693,7 +1596,7 @@ static int nf_tables_newchain(struct net } } @@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1689,7 +1592,6 @@ static int nf_tables_delchain(struct net +@@ -1714,7 +1617,6 @@ static int nf_tables_delchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule; -@@ -1698,11 +1600,7 @@ static int nf_tables_delchain(struct net +@@ -1723,11 +1625,7 @@ static int nf_tables_delchain(struct net u32 use; int err; @@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1715,7 +1613,7 @@ static int nf_tables_delchain(struct net +@@ -1740,7 +1638,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -2150,7 +2048,7 @@ static int nf_tables_dump_rules(struct s +@@ -2168,7 +2066,7 @@ static int nf_tables_dump_rules(struct s cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) -@@ -2173,7 +2071,7 @@ static int nf_tables_dump_rules(struct s +@@ -2191,7 +2089,7 @@ static int nf_tables_dump_rules(struct s cb->nlh->nlmsg_seq, NFT_MSG_NEWRULE, NLM_F_MULTI | NLM_F_APPEND, @@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso table, chain, rule) < 0) goto done; -@@ -2209,7 +2107,6 @@ static int nf_tables_getrule(struct net +@@ -2227,7 +2125,6 @@ static int nf_tables_getrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2253,11 +2150,7 @@ static int nf_tables_getrule(struct net +@@ -2271,11 +2168,7 @@ static int nf_tables_getrule(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2323,7 +2216,7 @@ static int nf_tables_newrule(struct net +@@ -2341,7 +2234,7 @@ static int nf_tables_newrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule, *old_rule = NULL; -@@ -2339,11 +2232,7 @@ static int nf_tables_newrule(struct net +@@ -2357,11 +2250,7 @@ static int nf_tables_newrule(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2383,7 +2272,7 @@ static int nf_tables_newrule(struct net +@@ -2398,7 +2287,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso n = 0; size = 0; -@@ -2505,18 +2394,13 @@ static int nf_tables_delrule(struct net +@@ -2530,18 +2419,13 @@ static int nf_tables_delrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2528,7 +2412,7 @@ static int nf_tables_delrule(struct net +@@ -2553,7 +2437,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2713,26 +2597,17 @@ static int nft_ctx_init_from_setattr(str +@@ -2738,26 +2622,17 @@ static int nft_ctx_init_from_setattr(str u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -2965,7 +2840,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2992,7 +2867,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (ctx->table && ctx->table != table) -@@ -2986,7 +2861,7 @@ static int nf_tables_dump_sets(struct sk +@@ -3013,7 +2888,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3098,8 +2973,8 @@ static int nf_tables_newset(struct net * +@@ -3125,8 +3000,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3209,16 +3084,12 @@ static int nf_tables_newset(struct net * +@@ -3236,16 +3111,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3480,19 +3351,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3572,19 +3443,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3610,7 +3477,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3702,7 +3569,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (table != dump_ctx->ctx.table) -@@ -3640,7 +3507,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3732,7 +3599,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4528,7 +4395,6 @@ static int nf_tables_newobj(struct net * +@@ -4661,7 +4528,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4540,11 +4406,7 @@ static int nf_tables_newobj(struct net * +@@ -4673,11 +4539,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,16 +838,16 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4563,7 +4425,7 @@ static int nf_tables_newobj(struct net * +@@ -4696,7 +4558,7 @@ static int nf_tables_newobj(struct net * return 0; } - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); - type = nft_obj_type_get(objtype); - if (IS_ERR(type)) -@@ -4655,7 +4517,7 @@ static int nf_tables_dump_obj(struct sk_ + if (!nft_use_inc(&table->use)) + return -EMFILE; +@@ -4796,7 +4658,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4678,7 +4540,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4819,7 +4681,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso obj, reset) < 0) goto done; -@@ -4736,7 +4598,6 @@ static int nf_tables_getobj(struct net * +@@ -4877,7 +4739,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4767,11 +4628,7 @@ static int nf_tables_getobj(struct net * +@@ -4908,11 +4769,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4818,7 +4675,6 @@ static int nf_tables_delobj(struct net * +@@ -4959,7 +4816,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4828,11 +4684,7 @@ static int nf_tables_delobj(struct net * +@@ -4969,11 +4825,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4844,7 +4696,7 @@ static int nf_tables_delobj(struct net * +@@ -4985,7 +4837,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -5029,33 +4881,31 @@ err1: +@@ -5170,33 +5022,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso return ERR_PTR(-EAGAIN); } #endif -@@ -5103,7 +4953,6 @@ static int nf_tables_newflowtable(struct +@@ -5244,7 +5094,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5113,12 +4962,8 @@ static int nf_tables_newflowtable(struct +@@ -5254,12 +5103,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5135,7 +4980,7 @@ static int nf_tables_newflowtable(struct +@@ -5276,7 +5121,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5148,7 +4993,7 @@ static int nf_tables_newflowtable(struct +@@ -5289,7 +5134,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5208,16 +5053,11 @@ static int nf_tables_delflowtable(struct +@@ -5349,16 +5194,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5228,7 +5068,7 @@ static int nf_tables_delflowtable(struct +@@ -5369,7 +5209,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5303,7 +5143,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5444,7 +5284,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5322,7 +5162,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5463,7 +5303,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5382,7 +5222,6 @@ static int nf_tables_getflowtable(struct +@@ -5523,7 +5363,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5408,12 +5247,8 @@ static int nf_tables_getflowtable(struct +@@ -5549,12 +5388,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -6584,7 +6419,7 @@ int __nft_release_basechain(struct nft_c +@@ -6780,7 +6615,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6597,7 +6432,7 @@ static void __nft_release_afinfo(struct +@@ -6793,7 +6628,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6649,7 +6484,7 @@ static int __net_init nf_tables_init_net +@@ -6845,7 +6680,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 93670616ea..3088e24771 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4919,13 +4919,13 @@ void nft_flow_table_iterate(struct net * +@@ -5060,13 +5060,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index 413328c0b3..e1238dbc65 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5304,17 +5304,12 @@ err: +@@ -5445,17 +5445,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index 500274f5eb..9db5115247 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -12,23 +12,23 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -372,6 +372,7 @@ void nft_unregister_set(struct nft_set_t - * @list: table set list node +@@ -376,6 +376,7 @@ void nft_unregister_set(struct nft_set_t * @bindings: list of set bindings + * @table: table this set belongs to * @name: name of the set + * @handle: unique handle of the set * @ktype: key type (numeric type defined by userspace, not used in the kernel) * @dtype: data type (verdict or numeric type defined by userspace) * @objtype: object type (see NFT_OBJECT_* definitions) -@@ -394,6 +395,7 @@ struct nft_set { - struct list_head list; +@@ -400,6 +401,7 @@ struct nft_set { struct list_head bindings; + struct nft_table *table; char *name; + u64 handle; u32 ktype; u32 dtype; u32 objtype; -@@ -944,6 +946,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -991,6 +993,7 @@ static inline void nft_use_inc_restore(u * @objects: stateful objects in the table * @flowtables: flow tables in the table * @hgenerator: handle generator state @@ -36,7 +36,7 @@ Signed-off-by: Pablo Neira Ayuso * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) * @genmask: generation mask -@@ -957,6 +960,7 @@ struct nft_table { +@@ -1004,6 +1007,7 @@ struct nft_table { struct list_head objects; struct list_head flowtables; u64 hgenerator; @@ -44,7 +44,7 @@ Signed-off-by: Pablo Neira Ayuso u32 use; u16 family:6, flags:8, -@@ -981,9 +985,9 @@ int nft_verdict_dump(struct sk_buff *skb +@@ -1028,14 +1032,15 @@ int nft_verdict_dump(struct sk_buff *skb * @name: name of this stateful object * @genmask: generation mask * @use: number of references to this stateful object @@ -56,15 +56,13 @@ Signed-off-by: Pablo Neira Ayuso */ struct nft_object { struct list_head list; -@@ -991,6 +995,7 @@ struct nft_object { + char *name; struct nft_table *table; - u32 genmask:2, - use:30; + u64 handle; + u32 genmask:2; + u32 use; /* runtime data below here */ - const struct nft_object_ops *ops ____cacheline_aligned; - unsigned char data[] -@@ -1072,6 +1077,7 @@ void nft_unregister_obj(struct nft_objec +@@ -1119,6 +1124,7 @@ void nft_unregister_obj(struct nft_objec * @ops_len: number of hooks in array * @genmask: generation mask * @use: number of references to this flow table @@ -72,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso * @data: rhashtable and garbage collector * @ops: array of hooks */ -@@ -1084,6 +1090,7 @@ struct nft_flowtable { +@@ -1131,6 +1137,7 @@ struct nft_flowtable { int ops_len; u32 genmask:2, use:30; @@ -151,7 +149,7 @@ Signed-off-by: Pablo Neira Ayuso static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -377,6 +378,20 @@ static struct nft_table *nft_table_looku +@@ -399,6 +400,20 @@ static struct nft_table *nft_table_looku return NULL; } @@ -172,7 +170,7 @@ Signed-off-by: Pablo Neira Ayuso static struct nft_table *nf_tables_table_lookup(const struct net *net, const struct nlattr *nla, u8 family, u8 genmask) -@@ -393,6 +408,22 @@ static struct nft_table *nf_tables_table +@@ -415,6 +430,22 @@ static struct nft_table *nf_tables_table return ERR_PTR(-ENOENT); } @@ -195,7 +193,7 @@ Signed-off-by: Pablo Neira Ayuso static inline u64 nf_tables_alloc_handle(struct nft_table *table) { return ++table->hgenerator; -@@ -439,6 +470,7 @@ static const struct nla_policy nft_table +@@ -461,6 +492,7 @@ static const struct nla_policy nft_table [NFTA_TABLE_NAME] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, [NFTA_TABLE_FLAGS] = { .type = NLA_U32 }, @@ -203,7 +201,7 @@ Signed-off-by: Pablo Neira Ayuso }; static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, -@@ -460,7 +492,9 @@ static int nf_tables_fill_table_info(str +@@ -482,7 +514,9 @@ static int nf_tables_fill_table_info(str if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) || nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) || @@ -214,7 +212,7 @@ Signed-off-by: Pablo Neira Ayuso goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -719,6 +753,7 @@ static int nf_tables_newtable(struct net +@@ -741,6 +775,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->flowtables); table->family = family; table->flags = flags; @@ -222,7 +220,7 @@ Signed-off-by: Pablo Neira Ayuso nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); -@@ -836,11 +871,18 @@ static int nf_tables_deltable(struct net +@@ -858,11 +893,18 @@ static int nf_tables_deltable(struct net struct nft_ctx ctx; nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); @@ -244,7 +242,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1597,6 +1639,7 @@ static int nf_tables_delchain(struct net +@@ -1622,6 +1664,7 @@ static int nf_tables_delchain(struct net struct nft_rule *rule; int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -252,7 +250,7 @@ Signed-off-by: Pablo Neira Ayuso u32 use; int err; -@@ -1605,7 +1648,12 @@ static int nf_tables_delchain(struct net +@@ -1630,7 +1673,12 @@ static int nf_tables_delchain(struct net if (IS_ERR(table)) return PTR_ERR(table); @@ -266,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(chain)) return PTR_ERR(chain); -@@ -2584,6 +2632,7 @@ static const struct nla_policy nft_set_p +@@ -2609,6 +2657,7 @@ static const struct nla_policy nft_set_p [NFTA_SET_USERDATA] = { .type = NLA_BINARY, .len = NFT_USERDATA_MAXLEN }, [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, @@ -274,7 +272,7 @@ Signed-off-by: Pablo Neira Ayuso }; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2627,6 +2676,22 @@ static struct nft_set *nf_tables_set_loo +@@ -2652,6 +2701,22 @@ static struct nft_set *nf_tables_set_loo return ERR_PTR(-ENOENT); } @@ -295,9 +293,9 @@ Signed-off-by: Pablo Neira Ayuso +} + static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, + const struct nft_table *table, const struct nlattr *nla, - u8 genmask) -@@ -2743,6 +2808,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2770,6 +2835,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +305,7 @@ Signed-off-by: Pablo Neira Ayuso if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3155,6 +3223,7 @@ static int nf_tables_newset(struct net * +@@ -3188,6 +3256,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +313,7 @@ Signed-off-by: Pablo Neira Ayuso err = ops->init(set, &desc, nla); if (err < 0) -@@ -3214,7 +3283,10 @@ static int nf_tables_delset(struct net * +@@ -3245,7 +3314,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +325,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(set)) return PTR_ERR(set); -@@ -4283,6 +4355,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4416,6 +4488,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4290,6 +4377,7 @@ static const struct nla_policy nft_obj_p +@@ -4423,6 +4510,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4437,6 +4525,8 @@ static int nf_tables_newobj(struct net * +@@ -4575,6 +4663,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4483,7 +4573,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4624,7 +4714,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +375,7 @@ Signed-off-by: Pablo Neira Ayuso goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4681,7 +4773,7 @@ static int nf_tables_delobj(struct net * +@@ -4822,7 +4914,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +384,7 @@ Signed-off-by: Pablo Neira Ayuso return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4690,7 +4782,12 @@ static int nf_tables_delobj(struct net * +@@ -4831,7 +4923,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +398,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4762,6 +4859,7 @@ static const struct nla_policy nft_flowt +@@ -4903,6 +5000,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +406,7 @@ Signed-off-by: Pablo Neira Ayuso }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4779,6 +4877,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4920,6 +5018,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +427,7 @@ Signed-off-by: Pablo Neira Ayuso #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4987,6 +5099,8 @@ static int nf_tables_newflowtable(struct +@@ -5128,6 +5240,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +436,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5061,8 +5175,14 @@ static int nf_tables_delflowtable(struct +@@ -5202,8 +5316,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +453,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5095,7 +5215,9 @@ static int nf_tables_fill_flowtable_info +@@ -5236,7 +5356,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch b/target/linux/generic/backport-4.14/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch index b38ff36414..b2d9038b7a 100644 --- a/target/linux/generic/backport-4.14/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch +++ b/target/linux/generic/backport-4.14/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch @@ -38,7 +38,7 @@ Signed-off-by: Felix Fietkau #endif --- a/include/net/ipv6.h +++ b/include/net/ipv6.h -@@ -860,8 +860,6 @@ static inline struct sk_buff *ip6_finish +@@ -856,8 +856,6 @@ static inline struct sk_buff *ip6_finish &inet6_sk(sk)->cork); } diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 32f2618996..d43646aa61 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5114,40 +5114,38 @@ static int nf_tables_newflowtable(struct +@@ -5255,40 +5255,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau err3: module_put(type->owner); err2: -@@ -5428,10 +5426,8 @@ err: +@@ -5569,10 +5567,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index bb4a35c6be..aff1b8e240 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4980,7 +4980,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -5121,7 +5121,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 2a4427333e..838a882597 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau struct delayed_work gc_work; --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -1099,9 +1099,6 @@ struct nft_flowtable { +@@ -1146,9 +1146,6 @@ struct nft_flowtable { struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, const struct nlattr *nla, u8 genmask); @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5024,23 +5024,6 @@ static const struct nf_flowtable_type *n +@@ -5165,23 +5165,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/hack-4.14/204-module_strip.patch b/target/linux/generic/hack-4.14/204-module_strip.patch index 812b9d7d0e..be4a5ee374 100644 --- a/target/linux/generic/hack-4.14/204-module_strip.patch +++ b/target/linux/generic/hack-4.14/204-module_strip.patch @@ -137,7 +137,7 @@ Signed-off-by: Felix Fietkau --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -1997,7 +1997,9 @@ static void read_symbols(char *modname) +@@ -2015,7 +2015,9 @@ static void read_symbols(char *modname) symname = remove_dot(info.strtab + sym->st_name); handle_modversions(mod, &info, sym, symname); @@ -147,7 +147,7 @@ Signed-off-by: Felix Fietkau } if (!is_vmlinux(modname) || (is_vmlinux(modname) && vmlinux_section_warnings)) -@@ -2158,8 +2160,10 @@ static void add_header(struct buffer *b, +@@ -2176,8 +2178,10 @@ static void add_header(struct buffer *b, buf_printf(b, "#include \n"); buf_printf(b, "#include \n"); buf_printf(b, "\n"); @@ -158,7 +158,7 @@ Signed-off-by: Felix Fietkau buf_printf(b, "\n"); buf_printf(b, "__visible struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); -@@ -2176,8 +2180,10 @@ static void add_header(struct buffer *b, +@@ -2194,8 +2198,10 @@ static void add_header(struct buffer *b, static void add_intree_flag(struct buffer *b, int is_intree) { @@ -169,7 +169,7 @@ Signed-off-by: Felix Fietkau } /* Cannot check for assembler */ -@@ -2190,10 +2196,12 @@ static void add_retpoline(struct buffer +@@ -2208,10 +2214,12 @@ static void add_retpoline(struct buffer static void add_staging_flag(struct buffer *b, const char *name) { @@ -182,7 +182,7 @@ Signed-off-by: Felix Fietkau } /** -@@ -2292,11 +2300,13 @@ static void add_depends(struct buffer *b +@@ -2310,11 +2318,13 @@ static void add_depends(struct buffer *b static void add_srcversion(struct buffer *b, struct module *mod) { @@ -196,7 +196,7 @@ Signed-off-by: Felix Fietkau } static void write_if_changed(struct buffer *b, const char *fname) -@@ -2533,7 +2543,9 @@ int main(int argc, char **argv) +@@ -2551,7 +2561,9 @@ int main(int argc, char **argv) add_staging_flag(&buf, mod->name); err |= add_versions(&buf, mod); add_depends(&buf, mod, modules); diff --git a/target/linux/generic/hack-4.14/207-disable-modorder.patch b/target/linux/generic/hack-4.14/207-disable-modorder.patch index 0ca27b4617..152d885b9c 100644 --- a/target/linux/generic/hack-4.14/207-disable-modorder.patch +++ b/target/linux/generic/hack-4.14/207-disable-modorder.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/Makefile +++ b/Makefile -@@ -1271,7 +1271,6 @@ endif +@@ -1275,7 +1275,6 @@ endif PHONY += modules modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1300,7 +1299,6 @@ _modinst_: +@@ -1304,7 +1303,6 @@ _modinst_: rm -f $(MODLIB)/build ; \ ln -s $(CURDIR) $(MODLIB)/build ; \ fi diff --git a/target/linux/generic/hack-4.14/220-gc_sections.patch b/target/linux/generic/hack-4.14/220-gc_sections.patch index 596a0055f3..0af220d05f 100644 --- a/target/linux/generic/hack-4.14/220-gc_sections.patch +++ b/target/linux/generic/hack-4.14/220-gc_sections.patch @@ -33,7 +33,7 @@ Signed-off-by: Gabor Juhos # Read KERNELRELEASE from include/config/kernel.release (if it exists) KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) -@@ -793,11 +798,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH +@@ -797,11 +802,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once) endif @@ -47,7 +47,7 @@ Signed-off-by: Gabor Juhos CHECKFLAGS += $(NOSTDINC_FLAGS) --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -92,6 +92,7 @@ config ARM +@@ -93,6 +93,7 @@ config ARM select HAVE_UID16 select HAVE_VIRT_CPU_ACCOUNTING_GEN select IRQ_FORCED_THREADING @@ -180,7 +180,7 @@ Signed-off-by: Gabor Juhos .init.data : { --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -40,6 +40,7 @@ config MIPS +@@ -41,6 +41,7 @@ config MIPS select HAVE_CBPF_JIT if (!64BIT && !CPU_MICROMIPS) select HAVE_EBPF_JIT if (64BIT && !CPU_MICROMIPS) select HAVE_CC_STACKPROTECTOR diff --git a/target/linux/generic/hack-4.14/280-rfkill-stubs.patch b/target/linux/generic/hack-4.14/280-rfkill-stubs.patch index 85d01a6d10..2d7527faf4 100644 --- a/target/linux/generic/hack-4.14/280-rfkill-stubs.patch +++ b/target/linux/generic/hack-4.14/280-rfkill-stubs.patch @@ -26,7 +26,7 @@ Signed-off-by: John Crispin * @name: name of the struct -- the string is not copied internally --- a/net/Makefile +++ b/net/Makefile -@@ -53,7 +53,7 @@ obj-$(CONFIG_TIPC) += tipc/ +@@ -52,7 +52,7 @@ obj-$(CONFIG_TIPC) += tipc/ obj-$(CONFIG_NETLABEL) += netlabel/ obj-$(CONFIG_IUCV) += iucv/ obj-$(CONFIG_SMC) += smc/ diff --git a/target/linux/generic/hack-4.14/301-mips_image_cmdline_hack.patch b/target/linux/generic/hack-4.14/301-mips_image_cmdline_hack.patch index 3c22ded884..3d11def20f 100644 --- a/target/linux/generic/hack-4.14/301-mips_image_cmdline_hack.patch +++ b/target/linux/generic/hack-4.14/301-mips_image_cmdline_hack.patch @@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -1163,6 +1163,10 @@ config SYNC_R4K +@@ -1164,6 +1164,10 @@ config SYNC_R4K config MIPS_MACHINE def_bool n diff --git a/target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch b/target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch index 3f81b2e05f..50192f0844 100644 --- a/target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch +++ b/target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch @@ -16,7 +16,7 @@ Signed-off-by: Alexandros C. Couloumbis --- a/arch/powerpc/Makefile +++ b/arch/powerpc/Makefile -@@ -59,19 +59,6 @@ machine-$(CONFIG_PPC64) += 64 +@@ -58,19 +58,6 @@ machine-$(CONFIG_PPC64) += 64 machine-$(CONFIG_CPU_LITTLE_ENDIAN) += le UTS_MACHINE := $(subst $(space),,$(machine-y)) diff --git a/target/linux/generic/hack-4.14/721-phy_packets.patch b/target/linux/generic/hack-4.14/721-phy_packets.patch index 75031fb420..89e99ebc30 100644 --- a/target/linux/generic/hack-4.14/721-phy_packets.patch +++ b/target/linux/generic/hack-4.14/721-phy_packets.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1415,6 +1415,7 @@ enum netdev_priv_flags { +@@ -1418,6 +1418,7 @@ enum netdev_priv_flags { IFF_PHONY_HEADROOM = 1<<26, IFF_MACSEC = 1<<27, IFF_L3MDEV_RX_HANDLER = 1<<28, @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau }; #define IFF_802_1Q_VLAN IFF_802_1Q_VLAN -@@ -1445,6 +1446,7 @@ enum netdev_priv_flags { +@@ -1448,6 +1449,7 @@ enum netdev_priv_flags { #define IFF_RXFH_CONFIGURED IFF_RXFH_CONFIGURED #define IFF_MACSEC IFF_MACSEC #define IFF_L3MDEV_RX_HANDLER IFF_L3MDEV_RX_HANDLER @@ -31,7 +31,7 @@ Signed-off-by: Felix Fietkau /** * struct net_device - The DEVICE structure. -@@ -1731,6 +1733,11 @@ struct net_device { +@@ -1733,6 +1735,11 @@ struct net_device { const struct xfrmdev_ops *xfrmdev_ops; #endif @@ -43,7 +43,7 @@ Signed-off-by: Felix Fietkau const struct header_ops *header_ops; unsigned int flags; -@@ -1805,6 +1812,10 @@ struct net_device { +@@ -1806,6 +1813,10 @@ struct net_device { struct mpls_dev __rcu *mpls_ptr; #endif @@ -101,7 +101,7 @@ Signed-off-by: Felix Fietkau help --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -3002,10 +3002,20 @@ static int xmit_one(struct sk_buff *skb, +@@ -3004,10 +3004,20 @@ static int xmit_one(struct sk_buff *skb, if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) dev_queue_xmit_nit(skb, dev); diff --git a/target/linux/generic/hack-4.14/902-debloat_proc.patch b/target/linux/generic/hack-4.14/902-debloat_proc.patch index a517b6fa6a..47d77728e1 100644 --- a/target/linux/generic/hack-4.14/902-debloat_proc.patch +++ b/target/linux/generic/hack-4.14/902-debloat_proc.patch @@ -327,7 +327,7 @@ Signed-off-by: Felix Fietkau --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -3427,6 +3427,8 @@ static __net_initdata struct pernet_oper +@@ -3438,6 +3438,8 @@ static __net_initdata struct pernet_oper static int __init proto_init(void) { diff --git a/target/linux/generic/pending-4.14/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch b/target/linux/generic/pending-4.14/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch index 2903e39ef0..18a3e510a5 100644 --- a/target/linux/generic/pending-4.14/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch +++ b/target/linux/generic/pending-4.14/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch @@ -71,7 +71,7 @@ Signed-off-by: Tobias Wolf --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -6197,7 +6197,7 @@ static void __ref alloc_node_mem_map(str +@@ -6213,7 +6213,7 @@ static void __ref alloc_node_mem_map(str mem_map = NODE_DATA(0)->node_mem_map; #if defined(CONFIG_HAVE_MEMBLOCK_NODE_MAP) || defined(CONFIG_FLATMEM) if (page_to_pfn(mem_map) != pgdat->node_start_pfn) diff --git a/target/linux/generic/pending-4.14/220-optimize_inlining.patch b/target/linux/generic/pending-4.14/220-optimize_inlining.patch index 76aabf86db..eb29939c40 100644 --- a/target/linux/generic/pending-4.14/220-optimize_inlining.patch +++ b/target/linux/generic/pending-4.14/220-optimize_inlining.patch @@ -141,7 +141,7 @@ help --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -296,9 +296,6 @@ config ZONE_DMA32 +@@ -297,9 +297,6 @@ config ZONE_DMA32 config AUDIT_ARCH def_bool y if X86_64 diff --git a/target/linux/generic/pending-4.14/300-mips_expose_boot_raw.patch b/target/linux/generic/pending-4.14/300-mips_expose_boot_raw.patch index 5caa00ad26..8096e5eb3b 100644 --- a/target/linux/generic/pending-4.14/300-mips_expose_boot_raw.patch +++ b/target/linux/generic/pending-4.14/300-mips_expose_boot_raw.patch @@ -9,7 +9,7 @@ Acked-by: Rob Landley --- --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -1072,9 +1072,6 @@ config FW_ARC +@@ -1073,9 +1073,6 @@ config FW_ARC config ARCH_MAY_HAVE_PC_FDC bool @@ -19,7 +19,7 @@ Acked-by: Rob Landley config CEVT_BCM1480 bool -@@ -2973,6 +2970,18 @@ choice +@@ -2974,6 +2971,18 @@ choice bool "Extend builtin kernel arguments with bootloader arguments" endchoice diff --git a/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch b/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch index 799ce092bd..8e3202ce9d 100644 --- a/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch +++ b/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch @@ -24,7 +24,7 @@ v2: incorporated changes suggested by Jonas Gorski --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -2897,6 +2897,20 @@ config MIPS_O32_FP64_SUPPORT +@@ -2898,6 +2898,20 @@ config MIPS_O32_FP64_SUPPORT If unsure, say N. diff --git a/target/linux/generic/pending-4.14/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch b/target/linux/generic/pending-4.14/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch index 750df4e7e8..66402318b2 100644 --- a/target/linux/generic/pending-4.14/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch +++ b/target/linux/generic/pending-4.14/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch @@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -221,6 +221,7 @@ config BMIPS_GENERIC +@@ -222,6 +222,7 @@ config BMIPS_GENERIC select BRCMSTB_L2_IRQ select IRQ_MIPS_CPU select DMA_NONCOHERENT @@ -22,7 +22,7 @@ Signed-off-by: Felix Fietkau select SYS_SUPPORTS_32BIT_KERNEL select SYS_SUPPORTS_LITTLE_ENDIAN select SYS_SUPPORTS_BIG_ENDIAN -@@ -349,6 +350,7 @@ config MACH_JAZZ +@@ -350,6 +351,7 @@ config MACH_JAZZ select CSRC_R4K select DEFAULT_SGI_PARTITION if CPU_BIG_ENDIAN select GENERIC_ISA_DMA @@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau select HAVE_PCSPKR_PLATFORM select IRQ_MIPS_CPU select I8253 -@@ -1133,6 +1135,9 @@ config DMA_NONCOHERENT +@@ -1134,6 +1136,9 @@ config DMA_NONCOHERENT bool select NEED_DMA_MAP_STATE @@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau config NEED_DMA_MAP_STATE bool -@@ -1658,6 +1663,7 @@ config CPU_R10000 +@@ -1659,6 +1664,7 @@ config CPU_R10000 select CPU_SUPPORTS_64BIT_KERNEL select CPU_SUPPORTS_HIGHMEM select CPU_SUPPORTS_HUGEPAGES @@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau help MIPS Technologies R10000-series processors. -@@ -1906,9 +1912,11 @@ config SYS_HAS_CPU_MIPS32_R3_5 +@@ -1907,9 +1913,11 @@ config SYS_HAS_CPU_MIPS32_R3_5 bool config SYS_HAS_CPU_MIPS32_R5 @@ -60,7 +60,7 @@ Signed-off-by: Felix Fietkau bool config SYS_HAS_CPU_MIPS64_R1 -@@ -1918,6 +1926,7 @@ config SYS_HAS_CPU_MIPS64_R2 +@@ -1919,6 +1927,7 @@ config SYS_HAS_CPU_MIPS64_R2 bool config SYS_HAS_CPU_MIPS64_R6 diff --git a/target/linux/generic/pending-4.14/630-packet_socket_type.patch b/target/linux/generic/pending-4.14/630-packet_socket_type.patch index 1a1ce0074b..b91121ee4e 100644 --- a/target/linux/generic/pending-4.14/630-packet_socket_type.patch +++ b/target/linux/generic/pending-4.14/630-packet_socket_type.patch @@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau #define PACKET_FANOUT_LB 1 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1842,6 +1842,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1846,6 +1846,7 @@ static int packet_rcv_spkt(struct sk_buf { struct sock *sk; struct sockaddr_pkt *spkt; @@ -38,7 +38,7 @@ Signed-off-by: Felix Fietkau /* * When we registered the protocol we saved the socket in the data -@@ -1849,6 +1850,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1853,6 +1854,7 @@ static int packet_rcv_spkt(struct sk_buf */ sk = pt->af_packet_priv; @@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau /* * Yank back the headers [hope the device set this -@@ -1861,7 +1863,7 @@ static int packet_rcv_spkt(struct sk_buf +@@ -1865,7 +1867,7 @@ static int packet_rcv_spkt(struct sk_buf * so that this procedure is noop. */ @@ -55,7 +55,7 @@ Signed-off-by: Felix Fietkau goto out; if (!net_eq(dev_net(dev), sock_net(sk))) -@@ -2088,12 +2090,12 @@ static int packet_rcv(struct sk_buff *sk +@@ -2092,12 +2094,12 @@ static int packet_rcv(struct sk_buff *sk unsigned int snaplen, res; bool is_drop_n_account = false; @@ -71,7 +71,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -2221,12 +2223,12 @@ static int tpacket_rcv(struct sk_buff *s +@@ -2225,12 +2227,12 @@ static int tpacket_rcv(struct sk_buff *s BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32); BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48); @@ -87,7 +87,7 @@ Signed-off-by: Felix Fietkau if (!net_eq(dev_net(dev), sock_net(sk))) goto drop; -@@ -3336,6 +3338,7 @@ static int packet_create(struct net *net +@@ -3342,6 +3344,7 @@ static int packet_create(struct net *net mutex_init(&po->pg_vec_lock); po->rollover = NULL; po->prot_hook.func = packet_rcv; @@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau if (sock->type == SOCK_PACKET) po->prot_hook.func = packet_rcv_spkt; -@@ -3967,6 +3970,16 @@ packet_setsockopt(struct socket *sock, i +@@ -3969,6 +3972,16 @@ packet_setsockopt(struct socket *sock, i po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } @@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau default: return -ENOPROTOOPT; } -@@ -4019,6 +4032,13 @@ static int packet_getsockopt(struct sock +@@ -4021,6 +4034,13 @@ static int packet_getsockopt(struct sock case PACKET_VNET_HDR: val = po->has_vnet_hdr; break; @@ -128,7 +128,7 @@ Signed-off-by: Felix Fietkau break; --- a/net/packet/internal.h +++ b/net/packet/internal.h -@@ -135,6 +135,7 @@ struct packet_sock { +@@ -134,6 +134,7 @@ struct packet_sock { struct net_device __rcu *cached_dev; int (*xmit)(struct sk_buff *skb); struct packet_type prot_hook ____cacheline_aligned_in_smp; diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 344bea62fe..b14928514a 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -829,6 +829,13 @@ struct xfrmdev_ops { +@@ -832,6 +832,13 @@ struct xfrmdev_ops { }; #endif @@ -37,7 +37,7 @@ Signed-off-by: Pablo Neira Ayuso /* * This structure defines the management hooks for network devices. * The following hooks can be defined; unless noted otherwise, they are -@@ -1060,6 +1067,10 @@ struct xfrmdev_ops { +@@ -1063,6 +1070,10 @@ struct xfrmdev_ops { * int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, * u16 flags); * @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso * int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier); * Called to change device carrier. Soft-devices (like dummy, team, etc) * which do not represent real hardware may define this to allow their -@@ -1284,6 +1295,8 @@ struct net_device_ops { +@@ -1287,6 +1298,8 @@ struct net_device_ops { int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, u16 flags); @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4967,6 +4967,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -5108,6 +5108,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5097,10 +5105,19 @@ static int nf_tables_newflowtable(struct +@@ -5238,10 +5246,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5198,7 +5215,8 @@ static int nf_tables_fill_flowtable_info +@@ -5339,7 +5356,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/generic/pending-4.14/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch b/target/linux/generic/pending-4.14/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch index e3cbbea7f3..7d6c94dc4b 100644 --- a/target/linux/generic/pending-4.14/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch +++ b/target/linux/generic/pending-4.14/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -830,6 +830,7 @@ struct xfrmdev_ops { +@@ -833,6 +833,7 @@ struct xfrmdev_ops { #endif struct flow_offload; @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau enum flow_offload_type { FLOW_OFFLOAD_ADD = 0, -@@ -1067,8 +1068,15 @@ enum flow_offload_type { +@@ -1070,8 +1071,15 @@ enum flow_offload_type { * int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, * u16 flags); * @@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau * Adds/deletes flow entry to/from net device flowtable. * * int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier); -@@ -1295,8 +1303,11 @@ struct net_device_ops { +@@ -1298,8 +1306,11 @@ struct net_device_ops { int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh, u16 flags); diff --git a/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch b/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch index 905dcc4f4f..4f64aafe7a 100644 --- a/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch +++ b/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1774,6 +1774,8 @@ struct net_device { +@@ -1776,6 +1776,8 @@ struct net_device { struct netdev_hw_addr_list mc; struct netdev_hw_addr_list dev_addrs; @@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau __u16 tc_index; /* traffic control index */ --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4805,6 +4805,9 @@ static enum gro_result dev_gro_receive(s +@@ -4809,6 +4809,9 @@ static enum gro_result dev_gro_receive(s enum gro_result ret; int grow; @@ -42,7 +42,7 @@ Signed-off-by: Felix Fietkau if (netif_elide_gro(skb->dev)) goto normal; -@@ -6290,6 +6293,48 @@ static void __netdev_adjacent_dev_unlink +@@ -6294,6 +6297,48 @@ static void __netdev_adjacent_dev_unlink &upper_dev->adj_list.lower); } @@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau static int __netdev_upper_dev_link(struct net_device *dev, struct net_device *upper_dev, bool master, void *upper_priv, void *upper_info) -@@ -6328,6 +6373,7 @@ static int __netdev_upper_dev_link(struc +@@ -6332,6 +6377,7 @@ static int __netdev_upper_dev_link(struc if (ret) return ret; @@ -99,7 +99,7 @@ Signed-off-by: Felix Fietkau ret = call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev, &changeupper_info.info); ret = notifier_to_errno(ret); -@@ -6405,6 +6451,7 @@ void netdev_upper_dev_unlink(struct net_ +@@ -6409,6 +6455,7 @@ void netdev_upper_dev_unlink(struct net_ __netdev_adjacent_dev_unlink_neighbour(dev, upper_dev); @@ -107,7 +107,7 @@ Signed-off-by: Felix Fietkau call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev, &changeupper_info.info); } -@@ -6969,6 +7016,7 @@ int dev_set_mac_address(struct net_devic +@@ -6973,6 +7020,7 @@ int dev_set_mac_address(struct net_devic if (err) return err; dev->addr_assign_type = NET_ADDR_SET; diff --git a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch index 42839f5721..1c33800c45 100644 --- a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch +++ b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch @@ -31,7 +31,7 @@ Signed-off-by: Imre Kaloz help --- a/init/main.c +++ b/init/main.c -@@ -358,6 +358,29 @@ static inline void setup_nr_cpu_ids(void +@@ -357,6 +357,29 @@ static inline void setup_nr_cpu_ids(void static inline void smp_prepare_cpus(unsigned int maxcpus) { } #endif @@ -61,7 +61,7 @@ Signed-off-by: Imre Kaloz /* * We need to store the untouched command line for future reference. * We also need to store the touched command line since the parameter -@@ -532,6 +555,7 @@ asmlinkage __visible void __init start_k +@@ -529,6 +552,7 @@ asmlinkage __visible void __init start_k pr_notice("%s", linux_banner); setup_arch(&command_line); mm_init_cpumask(&init_mm); diff --git a/target/linux/x86/64/config-4.14 b/target/linux/x86/64/config-4.14 index d4d464b61b..681413409a 100644 --- a/target/linux/x86/64/config-4.14 +++ b/target/linux/x86/64/config-4.14 @@ -1,4 +1,5 @@ CONFIG_64BIT=y +CONFIG_GDS_FORCE_MITIGATION=n CONFIG_ACPI=y CONFIG_ACPI_AC=y CONFIG_ACPI_BATTERY=y -- 2.25.1