mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-31 00:24:12 +00:00
kernel: bump 4.14 to 4.14.149
Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This commit is contained in:
Koen Vandeputte
parent
9628612abe
commit
31181fa062
@ -3,10 +3,10 @@
|
||||
LINUX_RELEASE?=1
|
||||
|
||||
LINUX_VERSION-4.9 = .196
|
||||
LINUX_VERSION-4.14 = .148
|
||||
LINUX_VERSION-4.14 = .149
|
||||
|
||||
LINUX_KERNEL_HASH-4.9.196 = e0ab12b04a975630ece2142a1ac15cfe45140b8c3359226b035c15ca7c92c6ef
|
||||
LINUX_KERNEL_HASH-4.14.148 = 12d2b74003e13a6c1956064754255249fbe5c7af6cbdfb2ddeba45b5ed7c0fad
|
||||
LINUX_KERNEL_HASH-4.14.149 = e69dabd2368440ce1650cda0cf043e1ba3f3343f940a43b68e761739fcb3f296
|
||||
|
||||
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
|
||||
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
|
||||
|
||||
@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
nft_chain_release_hook(&hook);
|
||||
}
|
||||
@@ -5153,10 +5141,9 @@ static int nf_tables_commit(struct net *
|
||||
@@ -5156,10 +5144,9 @@ static int nf_tables_commit(struct net *
|
||||
case NFT_MSG_DELCHAIN:
|
||||
list_del_rcu(&trans->ctx.chain->list);
|
||||
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
|
||||
@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
break;
|
||||
case NFT_MSG_NEWRULE:
|
||||
nft_clear(trans->ctx.net, nft_trans_rule(trans));
|
||||
@@ -5293,10 +5280,9 @@ static int nf_tables_abort(struct net *n
|
||||
@@ -5296,10 +5283,9 @@ static int nf_tables_abort(struct net *n
|
||||
} else {
|
||||
trans->ctx.table->use--;
|
||||
list_del_rcu(&trans->ctx.chain->list);
|
||||
@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
break;
|
||||
case NFT_MSG_DELCHAIN:
|
||||
@@ -5399,7 +5385,7 @@ int nft_chain_validate_hooks(const struc
|
||||
@@ -5402,7 +5388,7 @@ int nft_chain_validate_hooks(const struc
|
||||
if (nft_is_base_chain(chain)) {
|
||||
basechain = nft_base_chain(chain);
|
||||
|
||||
@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
return 0;
|
||||
|
||||
return -EOPNOTSUPP;
|
||||
@@ -5881,8 +5867,7 @@ int __nft_release_basechain(struct nft_c
|
||||
@@ -5884,8 +5870,7 @@ int __nft_release_basechain(struct nft_c
|
||||
|
||||
BUG_ON(!nft_is_base_chain(ctx->chain));
|
||||
|
||||
@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
|
||||
list_del(&rule->list);
|
||||
ctx->chain->use--;
|
||||
@@ -5911,8 +5896,7 @@ static void __nft_release_afinfo(struct
|
||||
@@ -5914,8 +5899,7 @@ static void __nft_release_afinfo(struct
|
||||
|
||||
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
||||
list_for_each_entry(chain, &table->chains, list)
|
||||
|
||||
@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
|
||||
err = nft_delobj(ctx, obj);
|
||||
if (err < 0)
|
||||
@@ -4853,6 +4897,605 @@ static void nf_tables_obj_notify(const s
|
||||
@@ -4856,6 +4900,605 @@ static void nf_tables_obj_notify(const s
|
||||
ctx->afi->family, ctx->report, GFP_KERNEL);
|
||||
}
|
||||
|
||||
@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
||||
u32 portid, u32 seq)
|
||||
{
|
||||
@@ -4883,6 +5526,49 @@ nla_put_failure:
|
||||
@@ -4886,6 +5529,49 @@ nla_put_failure:
|
||||
return -EMSGSIZE;
|
||||
}
|
||||
|
||||
@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
|
||||
int event)
|
||||
{
|
||||
@@ -5035,6 +5721,21 @@ static const struct nfnl_callback nf_tab
|
||||
@@ -5038,6 +5724,21 @@ static const struct nfnl_callback nf_tab
|
||||
.attr_count = NFTA_OBJ_MAX,
|
||||
.policy = nft_obj_policy,
|
||||
},
|
||||
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
};
|
||||
|
||||
static void nft_chain_commit_update(struct nft_trans *trans)
|
||||
@@ -5083,6 +5784,9 @@ static void nf_tables_commit_release(str
|
||||
@@ -5086,6 +5787,9 @@ static void nf_tables_commit_release(str
|
||||
case NFT_MSG_DELOBJ:
|
||||
nft_obj_destroy(nft_trans_obj(trans));
|
||||
break;
|
||||
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
kfree(trans);
|
||||
}
|
||||
@@ -5202,6 +5906,21 @@ static int nf_tables_commit(struct net *
|
||||
@@ -5205,6 +5909,21 @@ static int nf_tables_commit(struct net *
|
||||
nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
|
||||
NFT_MSG_DELOBJ);
|
||||
break;
|
||||
@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5239,6 +5958,9 @@ static void nf_tables_abort_release(stru
|
||||
@@ -5242,6 +5961,9 @@ static void nf_tables_abort_release(stru
|
||||
case NFT_MSG_NEWOBJ:
|
||||
nft_obj_destroy(nft_trans_obj(trans));
|
||||
break;
|
||||
@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
kfree(trans);
|
||||
}
|
||||
@@ -5330,6 +6052,17 @@ static int nf_tables_abort(struct net *n
|
||||
@@ -5333,6 +6055,17 @@ static int nf_tables_abort(struct net *n
|
||||
nft_clear(trans->ctx.net, nft_trans_obj(trans));
|
||||
nft_trans_destroy(trans);
|
||||
break;
|
||||
@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5880,6 +6613,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
|
||||
@@ -5883,6 +6616,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
|
||||
/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
|
||||
static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
|
||||
{
|
||||
@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
struct nft_table *table, *nt;
|
||||
struct nft_chain *chain, *nc;
|
||||
struct nft_object *obj, *ne;
|
||||
@@ -5893,6 +6627,9 @@ static void __nft_release_afinfo(struct
|
||||
@@ -5896,6 +6630,9 @@ static void __nft_release_afinfo(struct
|
||||
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
||||
list_for_each_entry(chain, &table->chains, list)
|
||||
nf_tables_unregister_hook(net, table, chain);
|
||||
@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
/* No packets are walking on these chains anymore. */
|
||||
ctx.table = table;
|
||||
list_for_each_entry(chain, &table->chains, list) {
|
||||
@@ -5903,6 +6640,11 @@ static void __nft_release_afinfo(struct
|
||||
@@ -5906,6 +6643,11 @@ static void __nft_release_afinfo(struct
|
||||
nf_tables_rule_release(&ctx, rule);
|
||||
}
|
||||
}
|
||||
@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
list_for_each_entry_safe(set, ns, &table->sets, list) {
|
||||
list_del(&set->list);
|
||||
table->use--;
|
||||
@@ -5946,6 +6688,8 @@ static int __init nf_tables_module_init(
|
||||
@@ -5949,6 +6691,8 @@ static int __init nf_tables_module_init(
|
||||
if (err < 0)
|
||||
goto err3;
|
||||
|
||||
@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
|
||||
return register_pernet_subsys(&nf_tables_net_ops);
|
||||
err3:
|
||||
@@ -5960,6 +6704,7 @@ static void __exit nf_tables_module_exit
|
||||
@@ -5963,6 +6707,7 @@ static void __exit nf_tables_module_exit
|
||||
{
|
||||
unregister_pernet_subsys(&nf_tables_net_ops);
|
||||
nfnetlink_subsys_unregister(&nf_tables_subsys);
|
||||
|
||||
@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
||||
|
||||
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
||||
@@ -5005,7 +5002,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||
@@ -5008,7 +5005,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||
return -EINVAL;
|
||||
|
||||
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
|
||||
|
||||
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5429,7 +5429,7 @@ static int nf_tables_getflowtable(struct
|
||||
@@ -5432,7 +5432,7 @@ static int nf_tables_getflowtable(struct
|
||||
|
||||
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
|
||||
genmask);
|
||||
|
||||
@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (ret >= 0) {
|
||||
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
|
||||
nft_trans_table_enable(trans) = true;
|
||||
@@ -5810,7 +5803,6 @@ static int nf_tables_commit(struct net *
|
||||
@@ -5813,7 +5806,6 @@ static int nf_tables_commit(struct net *
|
||||
if (nft_trans_table_update(trans)) {
|
||||
if (!nft_trans_table_enable(trans)) {
|
||||
nf_tables_table_disable(net,
|
||||
@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
trans->ctx.table);
|
||||
trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
|
||||
}
|
||||
@@ -5974,7 +5966,6 @@ static int nf_tables_abort(struct net *n
|
||||
@@ -5977,7 +5969,6 @@ static int nf_tables_abort(struct net *n
|
||||
if (nft_trans_table_update(trans)) {
|
||||
if (nft_trans_table_enable(trans)) {
|
||||
nf_tables_table_disable(net,
|
||||
|
||||
@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5348,8 +5348,10 @@ static int nf_tables_dump_flowtable_done
|
||||
@@ -5351,8 +5351,10 @@ static int nf_tables_dump_flowtable_done
|
||||
if (!filter)
|
||||
return 0;
|
||||
|
||||
|
||||
@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
cb->args[1] = 1;
|
||||
done:
|
||||
@@ -3218,11 +3206,12 @@ static int nf_tables_newset(struct net *
|
||||
@@ -3221,11 +3209,12 @@ static int nf_tables_newset(struct net *
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
||||
if (IS_ERR(set)) {
|
||||
@@ -3491,12 +3480,12 @@ static int nft_ctx_init_from_elemattr(st
|
||||
@@ -3494,12 +3483,12 @@ static int nft_ctx_init_from_elemattr(st
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -3601,7 +3590,6 @@ static int nf_tables_dump_set(struct sk_
|
||||
@@ -3604,7 +3593,6 @@ static int nf_tables_dump_set(struct sk_
|
||||
{
|
||||
struct nft_set_dump_ctx *dump_ctx = cb->data;
|
||||
struct net *net = sock_net(skb->sk);
|
||||
@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
struct nft_table *table;
|
||||
struct nft_set *set;
|
||||
struct nft_set_dump_args args;
|
||||
@@ -3613,21 +3601,19 @@ static int nf_tables_dump_set(struct sk_
|
||||
@@ -3616,21 +3604,19 @@ static int nf_tables_dump_set(struct sk_
|
||||
int event;
|
||||
|
||||
rcu_read_lock();
|
||||
@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
break;
|
||||
}
|
||||
@@ -3647,7 +3633,7 @@ static int nf_tables_dump_set(struct sk_
|
||||
@@ -3650,7 +3636,7 @@ static int nf_tables_dump_set(struct sk_
|
||||
goto nla_put_failure;
|
||||
|
||||
nfmsg = nlmsg_data(nlh);
|
||||
@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
nfmsg->version = NFNETLINK_V0;
|
||||
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
||||
|
||||
@@ -3749,7 +3735,7 @@ static int nf_tables_fill_setelem_info(s
|
||||
@@ -3752,7 +3738,7 @@ static int nf_tables_fill_setelem_info(s
|
||||
goto nla_put_failure;
|
||||
|
||||
nfmsg = nlmsg_data(nlh);
|
||||
@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
nfmsg->version = NFNETLINK_V0;
|
||||
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
||||
|
||||
@@ -3993,7 +3979,7 @@ static int nft_add_set_elem(struct nft_c
|
||||
@@ -3996,7 +3982,7 @@ static int nft_add_set_elem(struct nft_c
|
||||
list_for_each_entry(binding, &set->bindings, list) {
|
||||
struct nft_ctx bind_ctx = {
|
||||
.net = ctx->net,
|
||||
@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
.table = ctx->table,
|
||||
.chain = (struct nft_chain *)binding->chain,
|
||||
};
|
||||
@@ -4545,7 +4531,8 @@ static int nf_tables_newobj(struct net *
|
||||
@@ -4548,7 +4534,8 @@ static int nf_tables_newobj(struct net *
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -4563,7 +4550,7 @@ static int nf_tables_newobj(struct net *
|
||||
@@ -4566,7 +4553,7 @@ static int nf_tables_newobj(struct net *
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
type = nft_obj_type_get(objtype);
|
||||
if (IS_ERR(type))
|
||||
@@ -4640,7 +4627,6 @@ struct nft_obj_filter {
|
||||
@@ -4643,7 +4630,6 @@ struct nft_obj_filter {
|
||||
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
|
||||
{
|
||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||
@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
const struct nft_table *table;
|
||||
unsigned int idx = 0, s_idx = cb->args[0];
|
||||
struct nft_obj_filter *filter = cb->data;
|
||||
@@ -4655,38 +4641,37 @@ static int nf_tables_dump_obj(struct sk_
|
||||
@@ -4658,38 +4644,37 @@ static int nf_tables_dump_obj(struct sk_
|
||||
rcu_read_lock();
|
||||
cb->seq = net->nft.base_seq;
|
||||
|
||||
@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
}
|
||||
done:
|
||||
@@ -4773,7 +4758,8 @@ static int nf_tables_getobj(struct net *
|
||||
@@ -4776,7 +4761,8 @@ static int nf_tables_getobj(struct net *
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -4833,7 +4819,8 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4836,7 +4822,8 @@ static int nf_tables_delobj(struct net *
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -4844,7 +4831,7 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4847,7 +4834,7 @@ static int nf_tables_delobj(struct net *
|
||||
if (obj->use > 0)
|
||||
return -EBUSY;
|
||||
|
||||
@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
return nft_delobj(&ctx, obj);
|
||||
}
|
||||
@@ -4882,7 +4869,7 @@ static void nf_tables_obj_notify(const s
|
||||
@@ -4885,7 +4872,7 @@ static void nf_tables_obj_notify(const s
|
||||
struct nft_object *obj, int event)
|
||||
{
|
||||
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
|
||||
@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -5072,7 +5059,7 @@ void nft_flow_table_iterate(struct net *
|
||||
@@ -5075,7 +5062,7 @@ void nft_flow_table_iterate(struct net *
|
||||
|
||||
rcu_read_lock();
|
||||
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
|
||||
@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||
iter(&flowtable->data, data);
|
||||
}
|
||||
@@ -5120,7 +5107,8 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5123,7 +5110,8 @@ static int nf_tables_newflowtable(struct
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -5137,7 +5125,7 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5140,7 +5128,7 @@ static int nf_tables_newflowtable(struct
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
||||
if (!flowtable)
|
||||
@@ -5218,7 +5206,8 @@ static int nf_tables_delflowtable(struct
|
||||
@@ -5221,7 +5209,8 @@ static int nf_tables_delflowtable(struct
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -5229,7 +5218,7 @@ static int nf_tables_delflowtable(struct
|
||||
@@ -5232,7 +5221,7 @@ static int nf_tables_delflowtable(struct
|
||||
if (flowtable->use > 0)
|
||||
return -EBUSY;
|
||||
|
||||
@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
return nft_delflowtable(&ctx, flowtable);
|
||||
}
|
||||
@@ -5298,40 +5287,37 @@ static int nf_tables_dump_flowtable(stru
|
||||
@@ -5301,40 +5290,37 @@ static int nf_tables_dump_flowtable(stru
|
||||
struct net *net = sock_net(skb->sk);
|
||||
int family = nfmsg->nfgen_family;
|
||||
struct nft_flowtable *flowtable;
|
||||
@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
}
|
||||
done:
|
||||
@@ -5416,7 +5402,8 @@ static int nf_tables_getflowtable(struct
|
||||
@@ -5419,7 +5405,8 @@ static int nf_tables_getflowtable(struct
|
||||
if (IS_ERR(afi))
|
||||
return PTR_ERR(afi);
|
||||
|
||||
@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -5459,7 +5446,7 @@ static void nf_tables_flowtable_notify(s
|
||||
@@ -5462,7 +5449,7 @@ static void nf_tables_flowtable_notify(s
|
||||
|
||||
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
|
||||
ctx->seq, event, 0,
|
||||
@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (err < 0) {
|
||||
kfree_skb(skb);
|
||||
goto err;
|
||||
@@ -5537,17 +5524,14 @@ static int nf_tables_flowtable_event(str
|
||||
@@ -5540,17 +5527,14 @@ static int nf_tables_flowtable_event(str
|
||||
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
||||
struct nft_flowtable *flowtable;
|
||||
struct nft_table *table;
|
||||
@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
}
|
||||
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
||||
@@ -6573,6 +6557,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||
@@ -6576,6 +6560,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||
static int __net_init nf_tables_init_net(struct net *net)
|
||||
{
|
||||
INIT_LIST_HEAD(&net->nft.af_info);
|
||||
@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
INIT_LIST_HEAD(&net->nft.commit_list);
|
||||
net->nft.base_seq = 1;
|
||||
return 0;
|
||||
@@ -6609,10 +6594,10 @@ static void __nft_release_afinfo(struct
|
||||
@@ -6612,10 +6597,10 @@ static void __nft_release_afinfo(struct
|
||||
struct nft_set *set, *ns;
|
||||
struct nft_ctx ctx = {
|
||||
.net = net,
|
||||
|
||||
@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
static struct pernet_operations clusterip_net_ops = {
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -6563,6 +6563,12 @@ static int __net_init nf_tables_init_net
|
||||
@@ -6566,6 +6566,12 @@ static int __net_init nf_tables_init_net
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
int __nft_release_basechain(struct nft_ctx *ctx)
|
||||
{
|
||||
struct nft_rule *rule, *nr;
|
||||
@@ -6640,6 +6646,7 @@ static void __nft_release_afinfo(struct
|
||||
@@ -6643,6 +6649,7 @@ static void __nft_release_afinfo(struct
|
||||
|
||||
static struct pernet_operations nf_tables_net_ops = {
|
||||
.init = nf_tables_init_net,
|
||||
|
||||
@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (afi->family == family)
|
||||
return afi;
|
||||
}
|
||||
@@ -5054,15 +5052,12 @@ void nft_flow_table_iterate(struct net *
|
||||
@@ -5057,15 +5055,12 @@ void nft_flow_table_iterate(struct net *
|
||||
void *data)
|
||||
{
|
||||
struct nft_flowtable *flowtable;
|
||||
@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
}
|
||||
}
|
||||
rcu_read_unlock();
|
||||
@@ -6554,21 +6549,6 @@ int nft_data_dump(struct sk_buff *skb, i
|
||||
@@ -6557,21 +6552,6 @@ int nft_data_dump(struct sk_buff *skb, i
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||
|
||||
@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
int __nft_release_basechain(struct nft_ctx *ctx)
|
||||
{
|
||||
struct nft_rule *rule, *nr;
|
||||
@@ -6589,8 +6569,7 @@ int __nft_release_basechain(struct nft_c
|
||||
@@ -6592,8 +6572,7 @@ int __nft_release_basechain(struct nft_c
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
||||
|
||||
@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
{
|
||||
struct nft_flowtable *flowtable, *nf;
|
||||
struct nft_table *table, *nt;
|
||||
@@ -6600,10 +6579,11 @@ static void __nft_release_afinfo(struct
|
||||
@@ -6603,10 +6582,11 @@ static void __nft_release_afinfo(struct
|
||||
struct nft_set *set, *ns;
|
||||
struct nft_ctx ctx = {
|
||||
.net = net,
|
||||
@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
list_for_each_entry(chain, &table->chains, list)
|
||||
nf_tables_unregister_hook(net, table, chain);
|
||||
list_for_each_entry(flowtable, &table->flowtables, list)
|
||||
@@ -6644,6 +6624,21 @@ static void __nft_release_afinfo(struct
|
||||
@@ -6647,6 +6627,21 @@ static void __nft_release_afinfo(struct
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
struct nft_table *table;
|
||||
struct nft_set *set;
|
||||
struct nft_ctx ctx;
|
||||
@@ -3200,16 +3075,12 @@ static int nf_tables_newset(struct net *
|
||||
@@ -3203,16 +3078,12 @@ static int nf_tables_newset(struct net *
|
||||
|
||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||
|
||||
@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
||||
if (IS_ERR(set)) {
|
||||
@@ -3471,19 +3342,15 @@ static int nft_ctx_init_from_elemattr(st
|
||||
@@ -3474,19 +3345,15 @@ static int nft_ctx_init_from_elemattr(st
|
||||
u8 genmask)
|
||||
{
|
||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||
@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -3601,7 +3468,7 @@ static int nf_tables_dump_set(struct sk_
|
||||
@@ -3604,7 +3471,7 @@ static int nf_tables_dump_set(struct sk_
|
||||
rcu_read_lock();
|
||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
||||
@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
continue;
|
||||
|
||||
if (table != dump_ctx->ctx.table)
|
||||
@@ -3631,7 +3498,7 @@ static int nf_tables_dump_set(struct sk_
|
||||
@@ -3634,7 +3501,7 @@ static int nf_tables_dump_set(struct sk_
|
||||
goto nla_put_failure;
|
||||
|
||||
nfmsg = nlmsg_data(nlh);
|
||||
@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
nfmsg->version = NFNETLINK_V0;
|
||||
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
||||
|
||||
@@ -4513,7 +4380,6 @@ static int nf_tables_newobj(struct net *
|
||||
@@ -4516,7 +4383,6 @@ static int nf_tables_newobj(struct net *
|
||||
const struct nft_object_type *type;
|
||||
u8 genmask = nft_genmask_next(net);
|
||||
int family = nfmsg->nfgen_family;
|
||||
@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
struct nft_table *table;
|
||||
struct nft_object *obj;
|
||||
struct nft_ctx ctx;
|
||||
@@ -4525,11 +4391,7 @@ static int nf_tables_newobj(struct net *
|
||||
@@ -4528,11 +4394,7 @@ static int nf_tables_newobj(struct net *
|
||||
!nla[NFTA_OBJ_DATA])
|
||||
return -EINVAL;
|
||||
|
||||
@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
genmask);
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
@@ -4548,7 +4410,7 @@ static int nf_tables_newobj(struct net *
|
||||
@@ -4551,7 +4413,7 @@ static int nf_tables_newobj(struct net *
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
type = nft_obj_type_get(objtype);
|
||||
if (IS_ERR(type))
|
||||
@@ -4640,7 +4502,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||
@@ -4643,7 +4505,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||
cb->seq = net->nft.base_seq;
|
||||
|
||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||
@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
continue;
|
||||
|
||||
list_for_each_entry_rcu(obj, &table->objects, list) {
|
||||
@@ -4663,7 +4525,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||
@@ -4666,7 +4528,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||
cb->nlh->nlmsg_seq,
|
||||
NFT_MSG_NEWOBJ,
|
||||
NLM_F_MULTI | NLM_F_APPEND,
|
||||
@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
obj, reset) < 0)
|
||||
goto done;
|
||||
|
||||
@@ -4721,7 +4583,6 @@ static int nf_tables_getobj(struct net *
|
||||
@@ -4724,7 +4586,6 @@ static int nf_tables_getobj(struct net *
|
||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||
u8 genmask = nft_genmask_cur(net);
|
||||
int family = nfmsg->nfgen_family;
|
||||
@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
const struct nft_table *table;
|
||||
struct nft_object *obj;
|
||||
struct sk_buff *skb2;
|
||||
@@ -4752,11 +4613,7 @@ static int nf_tables_getobj(struct net *
|
||||
@@ -4755,11 +4616,7 @@ static int nf_tables_getobj(struct net *
|
||||
!nla[NFTA_OBJ_TYPE])
|
||||
return -EINVAL;
|
||||
|
||||
@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
genmask);
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
@@ -4803,7 +4660,6 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4806,7 +4663,6 @@ static int nf_tables_delobj(struct net *
|
||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||
u8 genmask = nft_genmask_next(net);
|
||||
int family = nfmsg->nfgen_family;
|
||||
@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
struct nft_table *table;
|
||||
struct nft_object *obj;
|
||||
struct nft_ctx ctx;
|
||||
@@ -4813,11 +4669,7 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4816,11 +4672,7 @@ static int nf_tables_delobj(struct net *
|
||||
!nla[NFTA_OBJ_NAME])
|
||||
return -EINVAL;
|
||||
|
||||
@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
genmask);
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
@@ -4829,7 +4681,7 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4832,7 +4684,7 @@ static int nf_tables_delobj(struct net *
|
||||
if (obj->use > 0)
|
||||
return -EBUSY;
|
||||
|
||||
@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
return nft_delobj(&ctx, obj);
|
||||
}
|
||||
@@ -5014,33 +4866,31 @@ err1:
|
||||
@@ -5017,33 +4869,31 @@ err1:
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
return ERR_PTR(-EAGAIN);
|
||||
}
|
||||
#endif
|
||||
@@ -5088,7 +4938,6 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5091,7 +4941,6 @@ static int nf_tables_newflowtable(struct
|
||||
u8 genmask = nft_genmask_next(net);
|
||||
int family = nfmsg->nfgen_family;
|
||||
struct nft_flowtable *flowtable;
|
||||
@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
struct nft_table *table;
|
||||
struct nft_ctx ctx;
|
||||
int err, i, k;
|
||||
@@ -5098,12 +4947,8 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5101,12 +4950,8 @@ static int nf_tables_newflowtable(struct
|
||||
!nla[NFTA_FLOWTABLE_HOOK])
|
||||
return -EINVAL;
|
||||
|
||||
@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -5120,7 +4965,7 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5123,7 +4968,7 @@ static int nf_tables_newflowtable(struct
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
||||
if (!flowtable)
|
||||
@@ -5133,7 +4978,7 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5136,7 +4981,7 @@ static int nf_tables_newflowtable(struct
|
||||
goto err1;
|
||||
}
|
||||
|
||||
@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(type)) {
|
||||
err = PTR_ERR(type);
|
||||
goto err2;
|
||||
@@ -5193,16 +5038,11 @@ static int nf_tables_delflowtable(struct
|
||||
@@ -5196,16 +5041,11 @@ static int nf_tables_delflowtable(struct
|
||||
u8 genmask = nft_genmask_next(net);
|
||||
int family = nfmsg->nfgen_family;
|
||||
struct nft_flowtable *flowtable;
|
||||
@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -5213,7 +5053,7 @@ static int nf_tables_delflowtable(struct
|
||||
@@ -5216,7 +5056,7 @@ static int nf_tables_delflowtable(struct
|
||||
if (flowtable->use > 0)
|
||||
return -EBUSY;
|
||||
|
||||
@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
return nft_delflowtable(&ctx, flowtable);
|
||||
}
|
||||
@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru
|
||||
@@ -5291,7 +5131,7 @@ static int nf_tables_dump_flowtable(stru
|
||||
cb->seq = net->nft.base_seq;
|
||||
|
||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||
@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
continue;
|
||||
|
||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||
@@ -5307,7 +5147,7 @@ static int nf_tables_dump_flowtable(stru
|
||||
@@ -5310,7 +5150,7 @@ static int nf_tables_dump_flowtable(stru
|
||||
cb->nlh->nlmsg_seq,
|
||||
NFT_MSG_NEWFLOWTABLE,
|
||||
NLM_F_MULTI | NLM_F_APPEND,
|
||||
@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
goto done;
|
||||
|
||||
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
||||
@@ -5367,7 +5207,6 @@ static int nf_tables_getflowtable(struct
|
||||
@@ -5370,7 +5210,6 @@ static int nf_tables_getflowtable(struct
|
||||
u8 genmask = nft_genmask_cur(net);
|
||||
int family = nfmsg->nfgen_family;
|
||||
struct nft_flowtable *flowtable;
|
||||
@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
const struct nft_table *table;
|
||||
struct sk_buff *skb2;
|
||||
int err;
|
||||
@@ -5393,12 +5232,8 @@ static int nf_tables_getflowtable(struct
|
||||
@@ -5396,12 +5235,8 @@ static int nf_tables_getflowtable(struct
|
||||
if (!nla[NFTA_FLOWTABLE_NAME])
|
||||
return -EINVAL;
|
||||
|
||||
@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@@ -6569,7 +6404,7 @@ int __nft_release_basechain(struct nft_c
|
||||
@@ -6572,7 +6407,7 @@ int __nft_release_basechain(struct nft_c
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
||||
|
||||
@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
{
|
||||
struct nft_flowtable *flowtable, *nf;
|
||||
struct nft_table *table, *nt;
|
||||
@@ -6582,7 +6417,7 @@ static void __nft_release_afinfo(struct
|
||||
@@ -6585,7 +6420,7 @@ static void __nft_release_afinfo(struct
|
||||
};
|
||||
|
||||
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
||||
@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
list_for_each_entry(chain, &table->chains, list)
|
||||
nf_tables_unregister_hook(net, table, chain);
|
||||
@@ -6634,7 +6469,7 @@ static int __net_init nf_tables_init_net
|
||||
@@ -6637,7 +6472,7 @@ static int __net_init nf_tables_init_net
|
||||
|
||||
static void __net_exit nf_tables_exit_net(struct net *net)
|
||||
{
|
||||
|
||||
@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -4904,13 +4904,13 @@ void nft_flow_table_iterate(struct net *
|
||||
@@ -4907,13 +4907,13 @@ void nft_flow_table_iterate(struct net *
|
||||
struct nft_flowtable *flowtable;
|
||||
const struct nft_table *table;
|
||||
|
||||
|
||||
@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
};
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5289,17 +5289,12 @@ err:
|
||||
@@ -5292,17 +5292,12 @@ err:
|
||||
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
|
||||
}
|
||||
|
||||
|
||||
@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (set->flags != 0)
|
||||
if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
|
||||
goto nla_put_failure;
|
||||
@@ -3146,6 +3214,7 @@ static int nf_tables_newset(struct net *
|
||||
@@ -3149,6 +3217,7 @@ static int nf_tables_newset(struct net *
|
||||
set->udata = udata;
|
||||
set->timeout = timeout;
|
||||
set->gc_int = gc_int;
|
||||
@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
err = ops->init(set, &desc, nla);
|
||||
if (err < 0)
|
||||
@@ -3205,7 +3274,10 @@ static int nf_tables_delset(struct net *
|
||||
@@ -3208,7 +3277,10 @@ static int nf_tables_delset(struct net *
|
||||
if (err < 0)
|
||||
return err;
|
||||
|
||||
@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(set))
|
||||
return PTR_ERR(set);
|
||||
|
||||
@@ -4268,6 +4340,21 @@ struct nft_object *nf_tables_obj_lookup(
|
||||
@@ -4271,6 +4343,21 @@ struct nft_object *nf_tables_obj_lookup(
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
|
||||
|
||||
@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
|
||||
[NFTA_OBJ_TABLE] = { .type = NLA_STRING,
|
||||
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
||||
@@ -4275,6 +4362,7 @@ static const struct nla_policy nft_obj_p
|
||||
@@ -4278,6 +4365,7 @@ static const struct nla_policy nft_obj_p
|
||||
.len = NFT_OBJ_MAXNAMELEN - 1 },
|
||||
[NFTA_OBJ_TYPE] = { .type = NLA_U32 },
|
||||
[NFTA_OBJ_DATA] = { .type = NLA_NESTED },
|
||||
@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
};
|
||||
|
||||
static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
|
||||
@@ -4422,6 +4510,8 @@ static int nf_tables_newobj(struct net *
|
||||
@@ -4425,6 +4513,8 @@ static int nf_tables_newobj(struct net *
|
||||
goto err1;
|
||||
}
|
||||
obj->table = table;
|
||||
@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
|
||||
if (!obj->name) {
|
||||
err = -ENOMEM;
|
||||
@@ -4468,7 +4558,9 @@ static int nf_tables_fill_obj_info(struc
|
||||
@@ -4471,7 +4561,9 @@ static int nf_tables_fill_obj_info(struc
|
||||
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
|
||||
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
|
||||
nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
|
||||
@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
goto nla_put_failure;
|
||||
|
||||
nlmsg_end(skb, nlh);
|
||||
@@ -4666,7 +4758,7 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4669,7 +4761,7 @@ static int nf_tables_delobj(struct net *
|
||||
u32 objtype;
|
||||
|
||||
if (!nla[NFTA_OBJ_TYPE] ||
|
||||
@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
return -EINVAL;
|
||||
|
||||
table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
||||
@@ -4675,7 +4767,12 @@ static int nf_tables_delobj(struct net *
|
||||
@@ -4678,7 +4770,12 @@ static int nf_tables_delobj(struct net *
|
||||
return PTR_ERR(table);
|
||||
|
||||
objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
|
||||
@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(obj))
|
||||
return PTR_ERR(obj);
|
||||
if (obj->use > 0)
|
||||
@@ -4747,6 +4844,7 @@ static const struct nla_policy nft_flowt
|
||||
@@ -4750,6 +4847,7 @@ static const struct nla_policy nft_flowt
|
||||
[NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING,
|
||||
.len = NFT_NAME_MAXLEN - 1 },
|
||||
[NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED },
|
||||
@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
};
|
||||
|
||||
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
||||
@@ -4764,6 +4862,20 @@ struct nft_flowtable *nf_tables_flowtabl
|
||||
@@ -4767,6 +4865,20 @@ struct nft_flowtable *nf_tables_flowtabl
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
|
||||
|
||||
@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
#define NFT_FLOWTABLE_DEVICE_MAX 8
|
||||
|
||||
static int nf_tables_parse_devices(const struct nft_ctx *ctx,
|
||||
@@ -4972,6 +5084,8 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -4975,6 +5087,8 @@ static int nf_tables_newflowtable(struct
|
||||
return -ENOMEM;
|
||||
|
||||
flowtable->table = table;
|
||||
@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
|
||||
if (!flowtable->name) {
|
||||
err = -ENOMEM;
|
||||
@@ -5046,8 +5160,14 @@ static int nf_tables_delflowtable(struct
|
||||
@@ -5049,8 +5163,14 @@ static int nf_tables_delflowtable(struct
|
||||
if (IS_ERR(table))
|
||||
return PTR_ERR(table);
|
||||
|
||||
@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
if (IS_ERR(flowtable))
|
||||
return PTR_ERR(flowtable);
|
||||
if (flowtable->use > 0)
|
||||
@@ -5080,7 +5200,9 @@ static int nf_tables_fill_flowtable_info
|
||||
@@ -5083,7 +5203,9 @@ static int nf_tables_fill_flowtable_info
|
||||
|
||||
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
|
||||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
||||
|
||||
@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
.owner = THIS_MODULE,
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5099,40 +5099,38 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5102,40 +5102,38 @@ static int nf_tables_newflowtable(struct
|
||||
}
|
||||
|
||||
flowtable->data.type = type;
|
||||
@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
err3:
|
||||
module_put(type->owner);
|
||||
err2:
|
||||
@@ -5413,10 +5411,8 @@ err:
|
||||
@@ -5416,10 +5414,8 @@ err:
|
||||
|
||||
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
|
||||
{
|
||||
|
||||
@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -4965,7 +4965,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||
@@ -4968,7 +4968,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||
flowtable->ops[i].pf = NFPROTO_NETDEV;
|
||||
flowtable->ops[i].hooknum = hooknum;
|
||||
flowtable->ops[i].priority = priority;
|
||||
|
||||
@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||
WARN_ON(!nf_flow_offload_gc_step(flow_table));
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5009,23 +5009,6 @@ static const struct nf_flowtable_type *n
|
||||
@@ -5012,23 +5012,6 @@ static const struct nf_flowtable_type *n
|
||||
return ERR_PTR(-ENOENT);
|
||||
}
|
||||
|
||||
|
||||
@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
+MODULE_ALIAS("nf-flow-table-hw");
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -4952,6 +4952,14 @@ static int nf_tables_flowtable_parse_hoo
|
||||
@@ -4955,6 +4955,14 @@ static int nf_tables_flowtable_parse_hoo
|
||||
if (err < 0)
|
||||
goto err1;
|
||||
|
||||
@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
|
||||
if (!ops) {
|
||||
err = -ENOMEM;
|
||||
@@ -5082,10 +5090,19 @@ static int nf_tables_newflowtable(struct
|
||||
@@ -5085,10 +5093,19 @@ static int nf_tables_newflowtable(struct
|
||||
}
|
||||
|
||||
flowtable->data.type = type;
|
||||
@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
|
||||
flowtable);
|
||||
if (err < 0)
|
||||
@@ -5183,7 +5200,8 @@ static int nf_tables_fill_flowtable_info
|
||||
@@ -5186,7 +5203,8 @@ static int nf_tables_fill_flowtable_info
|
||||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
||||
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
|
||||
nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user