mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-21 06:33:41 +00:00
kernel: bump 4.14 to 4.14.120
Refreshed all patches. Remove upstreamed: - 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch - 060-fix-oxnas-rps-dt-match.patch Altered patches: - 0067-generic-Mangle-bootloader-s-kernel-arguments.patch - 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch - 996-generic-Mangle-bootloader-s-kernel-arguments.patch Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This commit is contained in:
parent
00324e434e
commit
f442b306f9
@ -7,11 +7,11 @@ ifdef CONFIG_TESTING_KERNEL
|
|||||||
endif
|
endif
|
||||||
|
|
||||||
LINUX_VERSION-4.9 = .177
|
LINUX_VERSION-4.9 = .177
|
||||||
LINUX_VERSION-4.14 = .119
|
LINUX_VERSION-4.14 = .120
|
||||||
LINUX_VERSION-4.19 = .43
|
LINUX_VERSION-4.19 = .43
|
||||||
|
|
||||||
LINUX_KERNEL_HASH-4.9.177 = c73b1e3ebcc35b653f7b673ca151fc67b814bdb27269799fa7cda251827887ee
|
LINUX_KERNEL_HASH-4.9.177 = c73b1e3ebcc35b653f7b673ca151fc67b814bdb27269799fa7cda251827887ee
|
||||||
LINUX_KERNEL_HASH-4.14.119 = 5615b713389d74044eaa57032dab674228116b63ed358086c33bd929d7ad3b7c
|
LINUX_KERNEL_HASH-4.14.120 = ddb8e86cf65e6f53f782bc46f026823b6b3fc472aa1385b601f22dce2dbccb4c
|
||||||
LINUX_KERNEL_HASH-4.19.43 = 111619a1fab2368bf4da05c079e44bf25ee00ee250694c1b8e536f2ed5d2df57
|
LINUX_KERNEL_HASH-4.19.43 = 111619a1fab2368bf4da05c079e44bf25ee00ee250694c1b8e536f2ed5d2df57
|
||||||
|
|
||||||
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
|
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
|
||||||
|
@ -135,7 +135,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
new->hooks[nhooks] = old->hooks[i];
|
new->hooks[nhooks] = old->hooks[i];
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1434,6 +1434,8 @@ static int nf_tables_addchain(struct nft
|
@@ -1446,6 +1446,8 @@ static int nf_tables_addchain(struct nft
|
||||||
ops->hook = hookfn;
|
ops->hook = hookfn;
|
||||||
if (afi->hook_ops_init)
|
if (afi->hook_ops_init)
|
||||||
afi->hook_ops_init(ops, i);
|
afi->hook_ops_init(ops, i);
|
||||||
|
@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
|
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
|
||||||
@@ -627,8 +624,7 @@ static void _nf_tables_table_disable(str
|
@@ -639,8 +636,7 @@ static void _nf_tables_table_disable(str
|
||||||
if (cnt && i++ == cnt)
|
if (cnt && i++ == cnt)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -645,8 +641,7 @@ static int nf_tables_table_enable(struct
|
@@ -657,8 +653,7 @@ static int nf_tables_table_enable(struct
|
||||||
if (!nft_is_base_chain(chain))
|
if (!nft_is_base_chain(chain))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@@ -1058,7 +1053,7 @@ static int nf_tables_fill_chain_info(str
|
@@ -1070,7 +1065,7 @@ static int nf_tables_fill_chain_info(str
|
||||||
|
|
||||||
if (nft_is_base_chain(chain)) {
|
if (nft_is_base_chain(chain)) {
|
||||||
const struct nft_base_chain *basechain = nft_base_chain(chain);
|
const struct nft_base_chain *basechain = nft_base_chain(chain);
|
||||||
@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nlattr *nest;
|
struct nlattr *nest;
|
||||||
|
|
||||||
nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
|
nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
|
||||||
@@ -1286,8 +1281,8 @@ static void nf_tables_chain_destroy(stru
|
@@ -1298,8 +1293,8 @@ static void nf_tables_chain_destroy(stru
|
||||||
free_percpu(basechain->stats);
|
free_percpu(basechain->stats);
|
||||||
if (basechain->stats)
|
if (basechain->stats)
|
||||||
static_branch_dec(&nft_counters_enabled);
|
static_branch_dec(&nft_counters_enabled);
|
||||||
@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
kfree(chain->name);
|
kfree(chain->name);
|
||||||
kfree(basechain);
|
kfree(basechain);
|
||||||
} else {
|
} else {
|
||||||
@@ -1383,7 +1378,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1395,7 +1390,6 @@ static int nf_tables_addchain(struct nft
|
||||||
struct nft_stats __percpu *stats;
|
struct nft_stats __percpu *stats;
|
||||||
struct net *net = ctx->net;
|
struct net *net = ctx->net;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (table->use == UINT_MAX)
|
if (table->use == UINT_MAX)
|
||||||
@@ -1422,21 +1416,18 @@ static int nf_tables_addchain(struct nft
|
@@ -1434,21 +1428,18 @@ static int nf_tables_addchain(struct nft
|
||||||
basechain->type = hook.type;
|
basechain->type = hook.type;
|
||||||
chain = &basechain->chain;
|
chain = &basechain->chain;
|
||||||
|
|
||||||
@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
chain->flags |= NFT_BASE_CHAIN;
|
chain->flags |= NFT_BASE_CHAIN;
|
||||||
basechain->policy = policy;
|
basechain->policy = policy;
|
||||||
@@ -1454,7 +1445,7 @@ static int nf_tables_addchain(struct nft
|
@@ -1466,7 +1457,7 @@ static int nf_tables_addchain(struct nft
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
@@ -1468,7 +1459,7 @@ static int nf_tables_addchain(struct nft
|
@@ -1480,7 +1471,7 @@ static int nf_tables_addchain(struct nft
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
err2:
|
err2:
|
||||||
@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
err1:
|
err1:
|
||||||
nf_tables_chain_destroy(chain);
|
nf_tables_chain_destroy(chain);
|
||||||
|
|
||||||
@@ -1481,13 +1472,12 @@ static int nf_tables_updchain(struct nft
|
@@ -1493,13 +1484,12 @@ static int nf_tables_updchain(struct nft
|
||||||
const struct nlattr * const *nla = ctx->nla;
|
const struct nlattr * const *nla = ctx->nla;
|
||||||
struct nft_table *table = ctx->table;
|
struct nft_table *table = ctx->table;
|
||||||
struct nft_chain *chain = ctx->chain;
|
struct nft_chain *chain = ctx->chain;
|
||||||
@ -243,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (nla[NFTA_CHAIN_HOOK]) {
|
if (nla[NFTA_CHAIN_HOOK]) {
|
||||||
if (!nft_is_base_chain(chain))
|
if (!nft_is_base_chain(chain))
|
||||||
@@ -1504,14 +1494,12 @@ static int nf_tables_updchain(struct nft
|
@@ -1516,14 +1506,12 @@ static int nf_tables_updchain(struct nft
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
nft_chain_release_hook(&hook);
|
nft_chain_release_hook(&hook);
|
||||||
}
|
}
|
||||||
@@ -5134,10 +5122,9 @@ static int nf_tables_commit(struct net *
|
@@ -5153,10 +5141,9 @@ static int nf_tables_commit(struct net *
|
||||||
case NFT_MSG_DELCHAIN:
|
case NFT_MSG_DELCHAIN:
|
||||||
list_del_rcu(&trans->ctx.chain->list);
|
list_del_rcu(&trans->ctx.chain->list);
|
||||||
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
|
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
|
||||||
@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
break;
|
break;
|
||||||
case NFT_MSG_NEWRULE:
|
case NFT_MSG_NEWRULE:
|
||||||
nft_clear(trans->ctx.net, nft_trans_rule(trans));
|
nft_clear(trans->ctx.net, nft_trans_rule(trans));
|
||||||
@@ -5274,10 +5261,9 @@ static int nf_tables_abort(struct net *n
|
@@ -5293,10 +5280,9 @@ static int nf_tables_abort(struct net *n
|
||||||
} else {
|
} else {
|
||||||
trans->ctx.table->use--;
|
trans->ctx.table->use--;
|
||||||
list_del_rcu(&trans->ctx.chain->list);
|
list_del_rcu(&trans->ctx.chain->list);
|
||||||
@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case NFT_MSG_DELCHAIN:
|
case NFT_MSG_DELCHAIN:
|
||||||
@@ -5380,7 +5366,7 @@ int nft_chain_validate_hooks(const struc
|
@@ -5399,7 +5385,7 @@ int nft_chain_validate_hooks(const struc
|
||||||
if (nft_is_base_chain(chain)) {
|
if (nft_is_base_chain(chain)) {
|
||||||
basechain = nft_base_chain(chain);
|
basechain = nft_base_chain(chain);
|
||||||
|
|
||||||
@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
@@ -5862,8 +5848,7 @@ int __nft_release_basechain(struct nft_c
|
@@ -5881,8 +5867,7 @@ int __nft_release_basechain(struct nft_c
|
||||||
|
|
||||||
BUG_ON(!nft_is_base_chain(ctx->chain));
|
BUG_ON(!nft_is_base_chain(ctx->chain));
|
||||||
|
|
||||||
@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
|
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
|
||||||
list_del(&rule->list);
|
list_del(&rule->list);
|
||||||
ctx->chain->use--;
|
ctx->chain->use--;
|
||||||
@@ -5892,8 +5877,7 @@ static void __nft_release_afinfo(struct
|
@@ -5911,8 +5896,7 @@ static void __nft_release_afinfo(struct
|
||||||
|
|
||||||
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
|
@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static int __init nf_tables_ipv6_init(void)
|
static int __init nf_tables_ipv6_init(void)
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1386,7 +1386,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1398,7 +1398,6 @@ static int nf_tables_addchain(struct nft
|
||||||
if (nla[NFTA_CHAIN_HOOK]) {
|
if (nla[NFTA_CHAIN_HOOK]) {
|
||||||
struct nft_chain_hook hook;
|
struct nft_chain_hook hook;
|
||||||
struct nf_hook_ops *ops;
|
struct nf_hook_ops *ops;
|
||||||
@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
err = nft_chain_parse_hook(net, nla, afi, &hook, create);
|
err = nft_chain_parse_hook(net, nla, afi, &hook, create);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -1412,7 +1411,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1424,7 +1423,6 @@ static int nf_tables_addchain(struct nft
|
||||||
static_branch_inc(&nft_counters_enabled);
|
static_branch_inc(&nft_counters_enabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -167,7 +167,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
basechain->type = hook.type;
|
basechain->type = hook.type;
|
||||||
chain = &basechain->chain;
|
chain = &basechain->chain;
|
||||||
|
|
||||||
@@ -1421,10 +1419,8 @@ static int nf_tables_addchain(struct nft
|
@@ -1433,10 +1431,8 @@ static int nf_tables_addchain(struct nft
|
||||||
ops->hooknum = hook.num;
|
ops->hooknum = hook.num;
|
||||||
ops->priority = hook.priority;
|
ops->priority = hook.priority;
|
||||||
ops->priv = chain;
|
ops->priv = chain;
|
||||||
|
@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
--- a/net/netfilter/nf_conntrack_core.c
|
--- a/net/netfilter/nf_conntrack_core.c
|
||||||
+++ b/net/netfilter/nf_conntrack_core.c
|
+++ b/net/netfilter/nf_conntrack_core.c
|
||||||
@@ -925,6 +925,9 @@ static unsigned int early_drop_list(stru
|
@@ -960,6 +960,9 @@ static unsigned int early_drop_list(stru
|
||||||
hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) {
|
hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) {
|
||||||
tmp = nf_ct_tuplehash_to_ctrack(h);
|
tmp = nf_ct_tuplehash_to_ctrack(h);
|
||||||
|
|
||||||
@ -57,7 +57,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (nf_ct_is_expired(tmp)) {
|
if (nf_ct_is_expired(tmp)) {
|
||||||
nf_ct_gc_expired(tmp);
|
nf_ct_gc_expired(tmp);
|
||||||
continue;
|
continue;
|
||||||
@@ -1002,6 +1005,18 @@ static bool gc_worker_can_early_drop(con
|
@@ -1037,6 +1040,18 @@ static bool gc_worker_can_early_drop(con
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -76,7 +76,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static void gc_worker(struct work_struct *work)
|
static void gc_worker(struct work_struct *work)
|
||||||
{
|
{
|
||||||
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
|
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
|
||||||
@@ -1038,6 +1053,11 @@ static void gc_worker(struct work_struct
|
@@ -1073,6 +1088,11 @@ static void gc_worker(struct work_struct
|
||||||
tmp = nf_ct_tuplehash_to_ctrack(h);
|
tmp = nf_ct_tuplehash_to_ctrack(h);
|
||||||
|
|
||||||
scanned++;
|
scanned++;
|
||||||
@ -90,7 +90,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
expired_count++;
|
expired_count++;
|
||||||
--- a/net/netfilter/nf_conntrack_netlink.c
|
--- a/net/netfilter/nf_conntrack_netlink.c
|
||||||
+++ b/net/netfilter/nf_conntrack_netlink.c
|
+++ b/net/netfilter/nf_conntrack_netlink.c
|
||||||
@@ -1120,6 +1120,14 @@ static const struct nla_policy ct_nla_po
|
@@ -1123,6 +1123,14 @@ static const struct nla_policy ct_nla_po
|
||||||
.len = NF_CT_LABELS_MAX_SIZE },
|
.len = NF_CT_LABELS_MAX_SIZE },
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -105,7 +105,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static int ctnetlink_flush_conntrack(struct net *net,
|
static int ctnetlink_flush_conntrack(struct net *net,
|
||||||
const struct nlattr * const cda[],
|
const struct nlattr * const cda[],
|
||||||
u32 portid, int report)
|
u32 portid, int report)
|
||||||
@@ -1132,7 +1140,7 @@ static int ctnetlink_flush_conntrack(str
|
@@ -1135,7 +1143,7 @@ static int ctnetlink_flush_conntrack(str
|
||||||
return PTR_ERR(filter);
|
return PTR_ERR(filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -114,7 +114,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
portid, report);
|
portid, report);
|
||||||
kfree(filter);
|
kfree(filter);
|
||||||
|
|
||||||
@@ -1178,6 +1186,11 @@ static int ctnetlink_del_conntrack(struc
|
@@ -1181,6 +1189,11 @@ static int ctnetlink_del_conntrack(struc
|
||||||
|
|
||||||
ct = nf_ct_tuplehash_to_ctrack(h);
|
ct = nf_ct_tuplehash_to_ctrack(h);
|
||||||
|
|
||||||
@ -124,8 +124,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
if (cda[CTA_ID]) {
|
if (cda[CTA_ID]) {
|
||||||
u_int32_t id = ntohl(nla_get_be32(cda[CTA_ID]));
|
__be32 id = nla_get_be32(cda[CTA_ID]);
|
||||||
if (id != (u32)(unsigned long)ct) {
|
|
||||||
--- a/net/netfilter/nf_conntrack_proto_tcp.c
|
--- a/net/netfilter/nf_conntrack_proto_tcp.c
|
||||||
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
|
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
|
||||||
@@ -305,6 +305,9 @@ static bool tcp_invert_tuple(struct nf_c
|
@@ -305,6 +305,9 @@ static bool tcp_invert_tuple(struct nf_c
|
||||||
|
@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* nft_register_afinfo - register nf_tables address family info
|
* nft_register_afinfo - register nf_tables address family info
|
||||||
@@ -377,6 +379,40 @@ static int nft_delobj(struct nft_ctx *ct
|
@@ -389,6 +391,40 @@ static int nft_delobj(struct nft_ctx *ct
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
/*
|
/*
|
||||||
* Tables
|
* Tables
|
||||||
*/
|
*/
|
||||||
@@ -760,6 +796,7 @@ static int nf_tables_newtable(struct net
|
@@ -772,6 +808,7 @@ static int nf_tables_newtable(struct net
|
||||||
INIT_LIST_HEAD(&table->chains);
|
INIT_LIST_HEAD(&table->chains);
|
||||||
INIT_LIST_HEAD(&table->sets);
|
INIT_LIST_HEAD(&table->sets);
|
||||||
INIT_LIST_HEAD(&table->objects);
|
INIT_LIST_HEAD(&table->objects);
|
||||||
@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
table->flags = flags;
|
table->flags = flags;
|
||||||
|
|
||||||
nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
|
nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
|
||||||
@@ -781,10 +818,11 @@ err1:
|
@@ -793,10 +830,11 @@ err1:
|
||||||
|
|
||||||
static int nft_flush_table(struct nft_ctx *ctx)
|
static int nft_flush_table(struct nft_ctx *ctx)
|
||||||
{
|
{
|
||||||
@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
list_for_each_entry(chain, &ctx->table->chains, list) {
|
list_for_each_entry(chain, &ctx->table->chains, list) {
|
||||||
if (!nft_is_active_next(ctx->net, chain))
|
if (!nft_is_active_next(ctx->net, chain))
|
||||||
@@ -810,6 +848,12 @@ static int nft_flush_table(struct nft_ct
|
@@ -822,6 +860,12 @@ static int nft_flush_table(struct nft_ct
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
|
list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
|
||||||
err = nft_delobj(ctx, obj);
|
err = nft_delobj(ctx, obj);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -4834,6 +4878,605 @@ static void nf_tables_obj_notify(const s
|
@@ -4853,6 +4897,605 @@ static void nf_tables_obj_notify(const s
|
||||||
ctx->afi->family, ctx->report, GFP_KERNEL);
|
ctx->afi->family, ctx->report, GFP_KERNEL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
||||||
u32 portid, u32 seq)
|
u32 portid, u32 seq)
|
||||||
{
|
{
|
||||||
@@ -4864,6 +5507,49 @@ nla_put_failure:
|
@@ -4883,6 +5526,49 @@ nla_put_failure:
|
||||||
return -EMSGSIZE;
|
return -EMSGSIZE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
|
static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
|
||||||
int event)
|
int event)
|
||||||
{
|
{
|
||||||
@@ -5016,6 +5702,21 @@ static const struct nfnl_callback nf_tab
|
@@ -5035,6 +5721,21 @@ static const struct nfnl_callback nf_tab
|
||||||
.attr_count = NFTA_OBJ_MAX,
|
.attr_count = NFTA_OBJ_MAX,
|
||||||
.policy = nft_obj_policy,
|
.policy = nft_obj_policy,
|
||||||
},
|
},
|
||||||
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
|
|
||||||
static void nft_chain_commit_update(struct nft_trans *trans)
|
static void nft_chain_commit_update(struct nft_trans *trans)
|
||||||
@@ -5064,6 +5765,9 @@ static void nf_tables_commit_release(str
|
@@ -5083,6 +5784,9 @@ static void nf_tables_commit_release(str
|
||||||
case NFT_MSG_DELOBJ:
|
case NFT_MSG_DELOBJ:
|
||||||
nft_obj_destroy(nft_trans_obj(trans));
|
nft_obj_destroy(nft_trans_obj(trans));
|
||||||
break;
|
break;
|
||||||
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
kfree(trans);
|
kfree(trans);
|
||||||
}
|
}
|
||||||
@@ -5183,6 +5887,21 @@ static int nf_tables_commit(struct net *
|
@@ -5202,6 +5906,21 @@ static int nf_tables_commit(struct net *
|
||||||
nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
|
nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
|
||||||
NFT_MSG_DELOBJ);
|
NFT_MSG_DELOBJ);
|
||||||
break;
|
break;
|
||||||
@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5220,6 +5939,9 @@ static void nf_tables_abort_release(stru
|
@@ -5239,6 +5958,9 @@ static void nf_tables_abort_release(stru
|
||||||
case NFT_MSG_NEWOBJ:
|
case NFT_MSG_NEWOBJ:
|
||||||
nft_obj_destroy(nft_trans_obj(trans));
|
nft_obj_destroy(nft_trans_obj(trans));
|
||||||
break;
|
break;
|
||||||
@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
kfree(trans);
|
kfree(trans);
|
||||||
}
|
}
|
||||||
@@ -5311,6 +6033,17 @@ static int nf_tables_abort(struct net *n
|
@@ -5330,6 +6052,17 @@ static int nf_tables_abort(struct net *n
|
||||||
nft_clear(trans->ctx.net, nft_trans_obj(trans));
|
nft_clear(trans->ctx.net, nft_trans_obj(trans));
|
||||||
nft_trans_destroy(trans);
|
nft_trans_destroy(trans);
|
||||||
break;
|
break;
|
||||||
@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5861,6 +6594,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
|
@@ -5880,6 +6613,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
|
||||||
/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
|
/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
|
||||||
static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
|
static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
|
||||||
{
|
{
|
||||||
@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table, *nt;
|
struct nft_table *table, *nt;
|
||||||
struct nft_chain *chain, *nc;
|
struct nft_chain *chain, *nc;
|
||||||
struct nft_object *obj, *ne;
|
struct nft_object *obj, *ne;
|
||||||
@@ -5874,6 +6608,9 @@ static void __nft_release_afinfo(struct
|
@@ -5893,6 +6627,9 @@ static void __nft_release_afinfo(struct
|
||||||
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
nf_tables_unregister_hook(net, table, chain);
|
nf_tables_unregister_hook(net, table, chain);
|
||||||
@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
/* No packets are walking on these chains anymore. */
|
/* No packets are walking on these chains anymore. */
|
||||||
ctx.table = table;
|
ctx.table = table;
|
||||||
list_for_each_entry(chain, &table->chains, list) {
|
list_for_each_entry(chain, &table->chains, list) {
|
||||||
@@ -5884,6 +6621,11 @@ static void __nft_release_afinfo(struct
|
@@ -5903,6 +6640,11 @@ static void __nft_release_afinfo(struct
|
||||||
nf_tables_rule_release(&ctx, rule);
|
nf_tables_rule_release(&ctx, rule);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
list_for_each_entry_safe(set, ns, &table->sets, list) {
|
list_for_each_entry_safe(set, ns, &table->sets, list) {
|
||||||
list_del(&set->list);
|
list_del(&set->list);
|
||||||
table->use--;
|
table->use--;
|
||||||
@@ -5927,6 +6669,8 @@ static int __init nf_tables_module_init(
|
@@ -5946,6 +6688,8 @@ static int __init nf_tables_module_init(
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err3;
|
goto err3;
|
||||||
|
|
||||||
@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
|
pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
|
||||||
return register_pernet_subsys(&nf_tables_net_ops);
|
return register_pernet_subsys(&nf_tables_net_ops);
|
||||||
err3:
|
err3:
|
||||||
@@ -5941,6 +6685,7 @@ static void __exit nf_tables_module_exit
|
@@ -5960,6 +6704,7 @@ static void __exit nf_tables_module_exit
|
||||||
{
|
{
|
||||||
unregister_pernet_subsys(&nf_tables_net_ops);
|
unregister_pernet_subsys(&nf_tables_net_ops);
|
||||||
nfnetlink_subsys_unregister(&nf_tables_subsys);
|
nfnetlink_subsys_unregister(&nf_tables_subsys);
|
||||||
|
@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1362,9 +1362,6 @@ static int nft_chain_parse_hook(struct n
|
@@ -1374,9 +1374,6 @@ static int nft_chain_parse_hook(struct n
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
||||||
@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
||||||
|
|
||||||
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
||||||
@@ -4986,7 +4983,7 @@ static int nf_tables_flowtable_parse_hoo
|
@@ -5005,7 +5002,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
|
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
|
||||||
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5410,7 +5410,7 @@ static int nf_tables_getflowtable(struct
|
@@ -5429,7 +5429,7 @@ static int nf_tables_getflowtable(struct
|
||||||
|
|
||||||
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
|
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
|
||||||
genmask);
|
genmask);
|
||||||
|
@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
int nft_register_afinfo(struct net *, struct nft_af_info *);
|
int nft_register_afinfo(struct net *, struct nft_af_info *);
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1379,7 +1379,7 @@ static int nft_chain_parse_hook(struct n
|
@@ -1391,7 +1391,7 @@ static int nft_chain_parse_hook(struct n
|
||||||
hook->type = type;
|
hook->type = type;
|
||||||
|
|
||||||
hook->dev = NULL;
|
hook->dev = NULL;
|
||||||
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -643,10 +643,7 @@ err:
|
@@ -655,10 +655,7 @@ err:
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
{
|
{
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
u32 i = 0;
|
u32 i = 0;
|
||||||
@@ -664,9 +661,7 @@ static void _nf_tables_table_disable(str
|
@@ -676,9 +673,7 @@ static void _nf_tables_table_disable(str
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
{
|
{
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
int err, i = 0;
|
int err, i = 0;
|
||||||
@@ -686,15 +681,13 @@ static int nf_tables_table_enable(struct
|
@@ -698,15 +693,13 @@ static int nf_tables_table_enable(struct
|
||||||
return 0;
|
return 0;
|
||||||
err:
|
err:
|
||||||
if (i)
|
if (i)
|
||||||
@ -53,7 +53,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int nf_tables_updtable(struct nft_ctx *ctx)
|
static int nf_tables_updtable(struct nft_ctx *ctx)
|
||||||
@@ -723,7 +716,7 @@ static int nf_tables_updtable(struct nft
|
@@ -735,7 +728,7 @@ static int nf_tables_updtable(struct nft
|
||||||
nft_trans_table_enable(trans) = false;
|
nft_trans_table_enable(trans) = false;
|
||||||
} else if (!(flags & NFT_TABLE_F_DORMANT) &&
|
} else if (!(flags & NFT_TABLE_F_DORMANT) &&
|
||||||
ctx->table->flags & NFT_TABLE_F_DORMANT) {
|
ctx->table->flags & NFT_TABLE_F_DORMANT) {
|
||||||
@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (ret >= 0) {
|
if (ret >= 0) {
|
||||||
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
|
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
|
||||||
nft_trans_table_enable(trans) = true;
|
nft_trans_table_enable(trans) = true;
|
||||||
@@ -5791,7 +5784,6 @@ static int nf_tables_commit(struct net *
|
@@ -5810,7 +5803,6 @@ static int nf_tables_commit(struct net *
|
||||||
if (nft_trans_table_update(trans)) {
|
if (nft_trans_table_update(trans)) {
|
||||||
if (!nft_trans_table_enable(trans)) {
|
if (!nft_trans_table_enable(trans)) {
|
||||||
nf_tables_table_disable(net,
|
nf_tables_table_disable(net,
|
||||||
@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
trans->ctx.table);
|
trans->ctx.table);
|
||||||
trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
|
trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
|
||||||
}
|
}
|
||||||
@@ -5955,7 +5947,6 @@ static int nf_tables_abort(struct net *n
|
@@ -5974,7 +5966,6 @@ static int nf_tables_abort(struct net *n
|
||||||
if (nft_trans_table_update(trans)) {
|
if (nft_trans_table_update(trans)) {
|
||||||
if (nft_trans_table_enable(trans)) {
|
if (nft_trans_table_enable(trans)) {
|
||||||
nf_tables_table_disable(net,
|
nf_tables_table_disable(net,
|
||||||
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -455,7 +455,7 @@ static inline u64 nf_tables_alloc_handle
|
@@ -467,7 +467,7 @@ static inline u64 nf_tables_alloc_handle
|
||||||
static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
|
static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
|
||||||
|
|
||||||
static const struct nf_chain_type *
|
static const struct nf_chain_type *
|
||||||
@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@@ -468,22 +468,20 @@ __nf_tables_chain_type_lookup(int family
|
@@ -480,22 +480,20 @@ __nf_tables_chain_type_lookup(int family
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct nf_chain_type *
|
static const struct nf_chain_type *
|
||||||
@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (type != NULL)
|
if (type != NULL)
|
||||||
return ERR_PTR(-EAGAIN);
|
return ERR_PTR(-EAGAIN);
|
||||||
}
|
}
|
||||||
@@ -1359,8 +1357,8 @@ static int nft_chain_parse_hook(struct n
|
@@ -1371,8 +1369,8 @@ static int nft_chain_parse_hook(struct n
|
||||||
|
|
||||||
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
||||||
if (nla[NFTA_CHAIN_TYPE]) {
|
if (nla[NFTA_CHAIN_TYPE]) {
|
||||||
|
@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5329,8 +5329,10 @@ static int nf_tables_dump_flowtable_done
|
@@ -5348,8 +5348,10 @@ static int nf_tables_dump_flowtable_done
|
||||||
if (!filter)
|
if (!filter)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
ctx->table = table;
|
ctx->table = table;
|
||||||
ctx->chain = chain;
|
ctx->chain = chain;
|
||||||
ctx->nla = nla;
|
ctx->nla = nla;
|
||||||
@@ -417,30 +416,31 @@ static int nft_delflowtable(struct nft_c
|
@@ -429,30 +428,31 @@ static int nft_delflowtable(struct nft_c
|
||||||
* Tables
|
* Tables
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (table != NULL)
|
if (table != NULL)
|
||||||
return table;
|
return table;
|
||||||
|
|
||||||
@@ -539,7 +539,7 @@ static void nf_tables_table_notify(const
|
@@ -551,7 +551,7 @@ static void nf_tables_table_notify(const
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
|
||||||
@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
goto err;
|
goto err;
|
||||||
@@ -556,7 +556,6 @@ static int nf_tables_dump_tables(struct
|
@@ -568,7 +568,6 @@ static int nf_tables_dump_tables(struct
|
||||||
struct netlink_callback *cb)
|
struct netlink_callback *cb)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
unsigned int idx = 0, s_idx = cb->args[0];
|
unsigned int idx = 0, s_idx = cb->args[0];
|
||||||
struct net *net = sock_net(skb->sk);
|
struct net *net = sock_net(skb->sk);
|
||||||
@@ -565,30 +564,27 @@ static int nf_tables_dump_tables(struct
|
@@ -577,30 +576,27 @@ static int nf_tables_dump_tables(struct
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
@@ -620,7 +616,8 @@ static int nf_tables_gettable(struct net
|
@@ -632,7 +628,8 @@ static int nf_tables_gettable(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -751,7 +748,7 @@ static int nf_tables_newtable(struct net
|
@@ -763,7 +760,7 @@ static int nf_tables_newtable(struct net
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
name = nla[NFTA_TABLE_NAME];
|
name = nla[NFTA_TABLE_NAME];
|
||||||
@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table)) {
|
if (IS_ERR(table)) {
|
||||||
if (PTR_ERR(table) != -ENOENT)
|
if (PTR_ERR(table) != -ENOENT)
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -761,7 +758,7 @@ static int nf_tables_newtable(struct net
|
@@ -773,7 +770,7 @@ static int nf_tables_newtable(struct net
|
||||||
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return nf_tables_updtable(&ctx);
|
return nf_tables_updtable(&ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -788,14 +785,15 @@ static int nf_tables_newtable(struct net
|
@@ -800,14 +797,15 @@ static int nf_tables_newtable(struct net
|
||||||
INIT_LIST_HEAD(&table->sets);
|
INIT_LIST_HEAD(&table->sets);
|
||||||
INIT_LIST_HEAD(&table->objects);
|
INIT_LIST_HEAD(&table->objects);
|
||||||
INIT_LIST_HEAD(&table->flowtables);
|
INIT_LIST_HEAD(&table->flowtables);
|
||||||
@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return 0;
|
return 0;
|
||||||
err4:
|
err4:
|
||||||
kfree(table->name);
|
kfree(table->name);
|
||||||
@@ -869,30 +867,28 @@ out:
|
@@ -881,30 +879,28 @@ out:
|
||||||
|
|
||||||
static int nft_flush(struct nft_ctx *ctx, int family)
|
static int nft_flush(struct nft_ctx *ctx, int family)
|
||||||
{
|
{
|
||||||
@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
return err;
|
return err;
|
||||||
@@ -910,7 +906,7 @@ static int nf_tables_deltable(struct net
|
@@ -922,7 +918,7 @@ static int nf_tables_deltable(struct net
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
|
|
||||||
@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
||||||
return nft_flush(&ctx, family);
|
return nft_flush(&ctx, family);
|
||||||
|
|
||||||
@@ -918,7 +914,8 @@ static int nf_tables_deltable(struct net
|
@@ -930,7 +926,8 @@ static int nf_tables_deltable(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -926,7 +923,7 @@ static int nf_tables_deltable(struct net
|
@@ -938,7 +935,7 @@ static int nf_tables_deltable(struct net
|
||||||
table->use > 0)
|
table->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
ctx.table = table;
|
ctx.table = table;
|
||||||
|
|
||||||
return nft_flush_table(&ctx);
|
return nft_flush_table(&ctx);
|
||||||
@@ -938,7 +935,7 @@ static void nf_tables_table_destroy(stru
|
@@ -950,7 +947,7 @@ static void nf_tables_table_destroy(stru
|
||||||
|
|
||||||
kfree(ctx->table->name);
|
kfree(ctx->table->name);
|
||||||
kfree(ctx->table);
|
kfree(ctx->table);
|
||||||
@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
|
|
||||||
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
||||||
@@ -1139,7 +1136,7 @@ static void nf_tables_chain_notify(const
|
@@ -1151,7 +1148,7 @@ static void nf_tables_chain_notify(const
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
|
||||||
@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
ctx->chain);
|
ctx->chain);
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
@@ -1157,7 +1154,6 @@ static int nf_tables_dump_chains(struct
|
@@ -1169,7 +1166,6 @@ static int nf_tables_dump_chains(struct
|
||||||
struct netlink_callback *cb)
|
struct netlink_callback *cb)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
unsigned int idx = 0, s_idx = cb->args[0];
|
unsigned int idx = 0, s_idx = cb->args[0];
|
||||||
@@ -1167,31 +1163,30 @@ static int nf_tables_dump_chains(struct
|
@@ -1179,31 +1175,30 @@ static int nf_tables_dump_chains(struct
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
@@ -1225,7 +1220,8 @@ static int nf_tables_getchain(struct net
|
@@ -1237,7 +1232,8 @@ static int nf_tables_getchain(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1335,8 +1331,8 @@ struct nft_chain_hook {
|
@@ -1347,8 +1343,8 @@ struct nft_chain_hook {
|
||||||
|
|
||||||
static int nft_chain_parse_hook(struct net *net,
|
static int nft_chain_parse_hook(struct net *net,
|
||||||
const struct nlattr * const nla[],
|
const struct nlattr * const nla[],
|
||||||
@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
{
|
{
|
||||||
struct nlattr *ha[NFTA_HOOK_MAX + 1];
|
struct nlattr *ha[NFTA_HOOK_MAX + 1];
|
||||||
const struct nf_chain_type *type;
|
const struct nf_chain_type *type;
|
||||||
@@ -1355,10 +1351,10 @@ static int nft_chain_parse_hook(struct n
|
@@ -1367,10 +1363,10 @@ static int nft_chain_parse_hook(struct n
|
||||||
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
||||||
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
||||||
|
|
||||||
@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
return PTR_ERR(type);
|
return PTR_ERR(type);
|
||||||
}
|
}
|
||||||
@@ -1370,7 +1366,7 @@ static int nft_chain_parse_hook(struct n
|
@@ -1382,7 +1378,7 @@ static int nft_chain_parse_hook(struct n
|
||||||
hook->type = type;
|
hook->type = type;
|
||||||
|
|
||||||
hook->dev = NULL;
|
hook->dev = NULL;
|
||||||
@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
char ifname[IFNAMSIZ];
|
char ifname[IFNAMSIZ];
|
||||||
|
|
||||||
if (!ha[NFTA_HOOK_DEV]) {
|
if (!ha[NFTA_HOOK_DEV]) {
|
||||||
@@ -1405,7 +1401,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1417,7 +1413,6 @@ static int nf_tables_addchain(struct nft
|
||||||
{
|
{
|
||||||
const struct nlattr * const *nla = ctx->nla;
|
const struct nlattr * const *nla = ctx->nla;
|
||||||
struct nft_table *table = ctx->table;
|
struct nft_table *table = ctx->table;
|
||||||
@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_base_chain *basechain;
|
struct nft_base_chain *basechain;
|
||||||
struct nft_stats __percpu *stats;
|
struct nft_stats __percpu *stats;
|
||||||
struct net *net = ctx->net;
|
struct net *net = ctx->net;
|
||||||
@@ -1419,7 +1414,7 @@ static int nf_tables_addchain(struct nft
|
@@ -1431,7 +1426,7 @@ static int nf_tables_addchain(struct nft
|
||||||
struct nft_chain_hook hook;
|
struct nft_chain_hook hook;
|
||||||
struct nf_hook_ops *ops;
|
struct nf_hook_ops *ops;
|
||||||
|
|
||||||
@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
@@ -1511,7 +1506,7 @@ static int nf_tables_updchain(struct nft
|
@@ -1523,7 +1518,7 @@ static int nf_tables_updchain(struct nft
|
||||||
if (!nft_is_base_chain(chain))
|
if (!nft_is_base_chain(chain))
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
create);
|
create);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
@@ -1621,7 +1616,8 @@ static int nf_tables_newchain(struct net
|
@@ -1633,7 +1628,8 @@ static int nf_tables_newchain(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1661,7 +1657,7 @@ static int nf_tables_newchain(struct net
|
@@ -1673,7 +1669,7 @@ static int nf_tables_newchain(struct net
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (chain != NULL) {
|
if (chain != NULL) {
|
||||||
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
||||||
@@ -1695,7 +1691,8 @@ static int nf_tables_delchain(struct net
|
@@ -1707,7 +1703,8 @@ static int nf_tables_delchain(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1707,7 +1704,7 @@ static int nf_tables_delchain(struct net
|
@@ -1719,7 +1716,7 @@ static int nf_tables_delchain(struct net
|
||||||
chain->use > 0)
|
chain->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
use = chain->use;
|
use = chain->use;
|
||||||
list_for_each_entry(rule, &chain->rules, list) {
|
list_for_each_entry(rule, &chain->rules, list) {
|
||||||
@@ -1872,7 +1869,7 @@ static int nf_tables_expr_parse(const st
|
@@ -1887,7 +1884,7 @@ static int nf_tables_expr_parse(const st
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
return PTR_ERR(type);
|
return PTR_ERR(type);
|
||||||
|
|
||||||
@@ -2096,7 +2093,7 @@ static void nf_tables_rule_notify(const
|
@@ -2115,7 +2112,7 @@ static void nf_tables_rule_notify(const
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
|
||||||
@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
ctx->chain, rule);
|
ctx->chain, rule);
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
@@ -2120,7 +2117,6 @@ static int nf_tables_dump_rules(struct s
|
@@ -2139,7 +2136,6 @@ static int nf_tables_dump_rules(struct s
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
const struct nft_rule_dump_ctx *ctx = cb->data;
|
const struct nft_rule_dump_ctx *ctx = cb->data;
|
||||||
@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
const struct nft_rule *rule;
|
const struct nft_rule *rule;
|
||||||
@@ -2131,39 +2127,37 @@ static int nf_tables_dump_rules(struct s
|
@@ -2150,39 +2146,37 @@ static int nf_tables_dump_rules(struct s
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2241,7 +2235,8 @@ static int nf_tables_getrule(struct net
|
@@ -2260,7 +2254,8 @@ static int nf_tables_getrule(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -2326,7 +2321,8 @@ static int nf_tables_newrule(struct net
|
@@ -2345,7 +2340,8 @@ static int nf_tables_newrule(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -2365,7 +2361,7 @@ static int nf_tables_newrule(struct net
|
@@ -2384,7 +2380,7 @@ static int nf_tables_newrule(struct net
|
||||||
return PTR_ERR(old_rule);
|
return PTR_ERR(old_rule);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
n = 0;
|
n = 0;
|
||||||
size = 0;
|
size = 0;
|
||||||
@@ -2498,7 +2494,8 @@ static int nf_tables_delrule(struct net
|
@@ -2517,7 +2513,8 @@ static int nf_tables_delrule(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -2509,7 +2506,7 @@ static int nf_tables_delrule(struct net
|
@@ -2528,7 +2525,7 @@ static int nf_tables_delrule(struct net
|
||||||
return PTR_ERR(chain);
|
return PTR_ERR(chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (chain) {
|
if (chain) {
|
||||||
if (nla[NFTA_RULE_HANDLE]) {
|
if (nla[NFTA_RULE_HANDLE]) {
|
||||||
@@ -2707,13 +2704,13 @@ static int nft_ctx_init_from_setattr(str
|
@@ -2726,13 +2723,13 @@ static int nft_ctx_init_from_setattr(str
|
||||||
if (afi == NULL)
|
if (afi == NULL)
|
||||||
return -EAFNOSUPPORT;
|
return -EAFNOSUPPORT;
|
||||||
|
|
||||||
@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2841,7 +2838,7 @@ static int nf_tables_fill_set(struct sk_
|
@@ -2860,7 +2857,7 @@ static int nf_tables_fill_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -2933,10 +2930,8 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2952,10 +2949,8 @@ static int nf_tables_dump_sets(struct sk
|
||||||
{
|
{
|
||||||
const struct nft_set *set;
|
const struct nft_set *set;
|
||||||
unsigned int idx, s_idx = cb->args[0];
|
unsigned int idx, s_idx = cb->args[0];
|
||||||
@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_ctx *ctx = cb->data, ctx_set;
|
struct nft_ctx *ctx = cb->data, ctx_set;
|
||||||
|
|
||||||
if (cb->args[1])
|
if (cb->args[1])
|
||||||
@@ -2945,51 +2940,44 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2964,51 +2959,44 @@ static int nf_tables_dump_sets(struct sk
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
cb->args[1] = 1;
|
cb->args[1] = 1;
|
||||||
done:
|
done:
|
||||||
@@ -3199,11 +3187,12 @@ static int nf_tables_newset(struct net *
|
@@ -3218,11 +3206,12 @@ static int nf_tables_newset(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
||||||
if (IS_ERR(set)) {
|
if (IS_ERR(set)) {
|
||||||
@@ -3472,12 +3461,12 @@ static int nft_ctx_init_from_elemattr(st
|
@@ -3491,12 +3480,12 @@ static int nft_ctx_init_from_elemattr(st
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3582,7 +3571,6 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3601,7 +3590,6 @@ static int nf_tables_dump_set(struct sk_
|
||||||
{
|
{
|
||||||
struct nft_set_dump_ctx *dump_ctx = cb->data;
|
struct nft_set_dump_ctx *dump_ctx = cb->data;
|
||||||
struct net *net = sock_net(skb->sk);
|
struct net *net = sock_net(skb->sk);
|
||||||
@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_set *set;
|
struct nft_set *set;
|
||||||
struct nft_set_dump_args args;
|
struct nft_set_dump_args args;
|
||||||
@@ -3594,21 +3582,19 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3613,21 +3601,19 @@ static int nf_tables_dump_set(struct sk_
|
||||||
int event;
|
int event;
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -3628,7 +3614,7 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3647,7 +3633,7 @@ static int nf_tables_dump_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -3730,7 +3716,7 @@ static int nf_tables_fill_setelem_info(s
|
@@ -3749,7 +3735,7 @@ static int nf_tables_fill_setelem_info(s
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -3974,7 +3960,7 @@ static int nft_add_set_elem(struct nft_c
|
@@ -3993,7 +3979,7 @@ static int nft_add_set_elem(struct nft_c
|
||||||
list_for_each_entry(binding, &set->bindings, list) {
|
list_for_each_entry(binding, &set->bindings, list) {
|
||||||
struct nft_ctx bind_ctx = {
|
struct nft_ctx bind_ctx = {
|
||||||
.net = ctx->net,
|
.net = ctx->net,
|
||||||
@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
.table = ctx->table,
|
.table = ctx->table,
|
||||||
.chain = (struct nft_chain *)binding->chain,
|
.chain = (struct nft_chain *)binding->chain,
|
||||||
};
|
};
|
||||||
@@ -4526,7 +4512,8 @@ static int nf_tables_newobj(struct net *
|
@@ -4545,7 +4531,8 @@ static int nf_tables_newobj(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -4544,7 +4531,7 @@ static int nf_tables_newobj(struct net *
|
@@ -4563,7 +4550,7 @@ static int nf_tables_newobj(struct net *
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
type = nft_obj_type_get(objtype);
|
type = nft_obj_type_get(objtype);
|
||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
@@ -4621,7 +4608,6 @@ struct nft_obj_filter {
|
@@ -4640,7 +4627,6 @@ struct nft_obj_filter {
|
||||||
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
|
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
unsigned int idx = 0, s_idx = cb->args[0];
|
unsigned int idx = 0, s_idx = cb->args[0];
|
||||||
struct nft_obj_filter *filter = cb->data;
|
struct nft_obj_filter *filter = cb->data;
|
||||||
@@ -4636,38 +4622,37 @@ static int nf_tables_dump_obj(struct sk_
|
@@ -4655,38 +4641,37 @@ static int nf_tables_dump_obj(struct sk_
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
@@ -4754,7 +4739,8 @@ static int nf_tables_getobj(struct net *
|
@@ -4773,7 +4758,8 @@ static int nf_tables_getobj(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -4814,7 +4800,8 @@ static int nf_tables_delobj(struct net *
|
@@ -4833,7 +4819,8 @@ static int nf_tables_delobj(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -4825,7 +4812,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4844,7 +4831,7 @@ static int nf_tables_delobj(struct net *
|
||||||
if (obj->use > 0)
|
if (obj->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
return nft_delobj(&ctx, obj);
|
return nft_delobj(&ctx, obj);
|
||||||
}
|
}
|
||||||
@@ -4863,7 +4850,7 @@ static void nf_tables_obj_notify(const s
|
@@ -4882,7 +4869,7 @@ static void nf_tables_obj_notify(const s
|
||||||
struct nft_object *obj, int event)
|
struct nft_object *obj, int event)
|
||||||
{
|
{
|
||||||
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
|
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
|
||||||
@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -5053,7 +5040,7 @@ void nft_flow_table_iterate(struct net *
|
@@ -5072,7 +5059,7 @@ void nft_flow_table_iterate(struct net *
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
|
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
|
||||||
@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||||
iter(&flowtable->data, data);
|
iter(&flowtable->data, data);
|
||||||
}
|
}
|
||||||
@@ -5101,7 +5088,8 @@ static int nf_tables_newflowtable(struct
|
@@ -5120,7 +5107,8 @@ static int nf_tables_newflowtable(struct
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5118,7 +5106,7 @@ static int nf_tables_newflowtable(struct
|
@@ -5137,7 +5125,7 @@ static int nf_tables_newflowtable(struct
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
||||||
if (!flowtable)
|
if (!flowtable)
|
||||||
@@ -5199,7 +5187,8 @@ static int nf_tables_delflowtable(struct
|
@@ -5218,7 +5206,8 @@ static int nf_tables_delflowtable(struct
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5210,7 +5199,7 @@ static int nf_tables_delflowtable(struct
|
@@ -5229,7 +5218,7 @@ static int nf_tables_delflowtable(struct
|
||||||
if (flowtable->use > 0)
|
if (flowtable->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
return nft_delflowtable(&ctx, flowtable);
|
return nft_delflowtable(&ctx, flowtable);
|
||||||
}
|
}
|
||||||
@@ -5279,40 +5268,37 @@ static int nf_tables_dump_flowtable(stru
|
@@ -5298,40 +5287,37 @@ static int nf_tables_dump_flowtable(stru
|
||||||
struct net *net = sock_net(skb->sk);
|
struct net *net = sock_net(skb->sk);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
@@ -5397,7 +5383,8 @@ static int nf_tables_getflowtable(struct
|
@@ -5416,7 +5402,8 @@ static int nf_tables_getflowtable(struct
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5440,7 +5427,7 @@ static void nf_tables_flowtable_notify(s
|
@@ -5459,7 +5446,7 @@ static void nf_tables_flowtable_notify(s
|
||||||
|
|
||||||
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
|
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
|
||||||
ctx->seq, event, 0,
|
ctx->seq, event, 0,
|
||||||
@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
goto err;
|
goto err;
|
||||||
@@ -5518,17 +5505,14 @@ static int nf_tables_flowtable_event(str
|
@@ -5537,17 +5524,14 @@ static int nf_tables_flowtable_event(str
|
||||||
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
||||||
@@ -6554,6 +6538,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
|
@@ -6573,6 +6557,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||||
static int __net_init nf_tables_init_net(struct net *net)
|
static int __net_init nf_tables_init_net(struct net *net)
|
||||||
{
|
{
|
||||||
INIT_LIST_HEAD(&net->nft.af_info);
|
INIT_LIST_HEAD(&net->nft.af_info);
|
||||||
@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
INIT_LIST_HEAD(&net->nft.commit_list);
|
INIT_LIST_HEAD(&net->nft.commit_list);
|
||||||
net->nft.base_seq = 1;
|
net->nft.base_seq = 1;
|
||||||
return 0;
|
return 0;
|
||||||
@@ -6590,10 +6575,10 @@ static void __nft_release_afinfo(struct
|
@@ -6609,10 +6594,10 @@ static void __nft_release_afinfo(struct
|
||||||
struct nft_set *set, *ns;
|
struct nft_set *set, *ns;
|
||||||
struct nft_ctx ctx = {
|
struct nft_ctx ctx = {
|
||||||
.net = net,
|
.net = net,
|
||||||
|
@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static struct pernet_operations clusterip_net_ops = {
|
static struct pernet_operations clusterip_net_ops = {
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -6544,6 +6544,12 @@ static int __net_init nf_tables_init_net
|
@@ -6563,6 +6563,12 @@ static int __net_init nf_tables_init_net
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
int __nft_release_basechain(struct nft_ctx *ctx)
|
int __nft_release_basechain(struct nft_ctx *ctx)
|
||||||
{
|
{
|
||||||
struct nft_rule *rule, *nr;
|
struct nft_rule *rule, *nr;
|
||||||
@@ -6621,6 +6627,7 @@ static void __nft_release_afinfo(struct
|
@@ -6640,6 +6646,7 @@ static void __nft_release_afinfo(struct
|
||||||
|
|
||||||
static struct pernet_operations nf_tables_net_ops = {
|
static struct pernet_operations nf_tables_net_ops = {
|
||||||
.init = nf_tables_init_net,
|
.init = nf_tables_init_net,
|
||||||
|
@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (afi->family == family)
|
if (afi->family == family)
|
||||||
return afi;
|
return afi;
|
||||||
}
|
}
|
||||||
@@ -5035,15 +5033,12 @@ void nft_flow_table_iterate(struct net *
|
@@ -5054,15 +5052,12 @@ void nft_flow_table_iterate(struct net *
|
||||||
void *data)
|
void *data)
|
||||||
{
|
{
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
@@ -6535,21 +6530,6 @@ int nft_data_dump(struct sk_buff *skb, i
|
@@ -6554,21 +6549,6 @@ int nft_data_dump(struct sk_buff *skb, i
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nft_data_dump);
|
EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||||
|
|
||||||
@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
int __nft_release_basechain(struct nft_ctx *ctx)
|
int __nft_release_basechain(struct nft_ctx *ctx)
|
||||||
{
|
{
|
||||||
struct nft_rule *rule, *nr;
|
struct nft_rule *rule, *nr;
|
||||||
@@ -6570,8 +6550,7 @@ int __nft_release_basechain(struct nft_c
|
@@ -6589,8 +6569,7 @@ int __nft_release_basechain(struct nft_c
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
||||||
|
|
||||||
@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
{
|
{
|
||||||
struct nft_flowtable *flowtable, *nf;
|
struct nft_flowtable *flowtable, *nf;
|
||||||
struct nft_table *table, *nt;
|
struct nft_table *table, *nt;
|
||||||
@@ -6581,10 +6560,11 @@ static void __nft_release_afinfo(struct
|
@@ -6600,10 +6579,11 @@ static void __nft_release_afinfo(struct
|
||||||
struct nft_set *set, *ns;
|
struct nft_set *set, *ns;
|
||||||
struct nft_ctx ctx = {
|
struct nft_ctx ctx = {
|
||||||
.net = net,
|
.net = net,
|
||||||
@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
nf_tables_unregister_hook(net, table, chain);
|
nf_tables_unregister_hook(net, table, chain);
|
||||||
list_for_each_entry(flowtable, &table->flowtables, list)
|
list_for_each_entry(flowtable, &table->flowtables, list)
|
||||||
@@ -6625,6 +6605,21 @@ static void __nft_release_afinfo(struct
|
@@ -6644,6 +6624,21 @@ static void __nft_release_afinfo(struct
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -323,7 +323,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
static void nft_ctx_init(struct nft_ctx *ctx,
|
static void nft_ctx_init(struct nft_ctx *ctx,
|
||||||
struct net *net,
|
struct net *net,
|
||||||
@@ -422,7 +357,7 @@ static struct nft_table *nft_table_looku
|
@@ -434,7 +369,7 @@ static struct nft_table *nft_table_looku
|
||||||
|
|
||||||
list_for_each_entry(table, &net->nft.tables, list) {
|
list_for_each_entry(table, &net->nft.tables, list) {
|
||||||
if (!nla_strcmp(nla, table->name) &&
|
if (!nla_strcmp(nla, table->name) &&
|
||||||
@ -332,7 +332,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
nft_active_genmask(table, genmask))
|
nft_active_genmask(table, genmask))
|
||||||
return table;
|
return table;
|
||||||
}
|
}
|
||||||
@@ -563,7 +498,7 @@ static int nf_tables_dump_tables(struct
|
@@ -575,7 +510,7 @@ static int nf_tables_dump_tables(struct
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
@ -341,7 +341,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (idx < s_idx)
|
if (idx < s_idx)
|
||||||
@@ -577,7 +512,7 @@ static int nf_tables_dump_tables(struct
|
@@ -589,7 +524,7 @@ static int nf_tables_dump_tables(struct
|
||||||
NETLINK_CB(cb->skb).portid,
|
NETLINK_CB(cb->skb).portid,
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWTABLE, NLM_F_MULTI,
|
NFT_MSG_NEWTABLE, NLM_F_MULTI,
|
||||||
@ -350,7 +350,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
||||||
@@ -597,7 +532,6 @@ static int nf_tables_gettable(struct net
|
@@ -609,7 +544,6 @@ static int nf_tables_gettable(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
@ -358,7 +358,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
@@ -610,11 +544,7 @@ static int nf_tables_gettable(struct net
|
@@ -622,11 +556,7 @@ static int nf_tables_gettable(struct net
|
||||||
return netlink_dump_start(nlsk, skb, nlh, &c);
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -734,19 +664,14 @@ static int nf_tables_newtable(struct net
|
@@ -746,19 +676,14 @@ static int nf_tables_newtable(struct net
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
const struct nlattr *name;
|
const struct nlattr *name;
|
||||||
@ -392,7 +392,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table)) {
|
if (IS_ERR(table)) {
|
||||||
if (PTR_ERR(table) != -ENOENT)
|
if (PTR_ERR(table) != -ENOENT)
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -756,7 +681,7 @@ static int nf_tables_newtable(struct net
|
@@ -768,7 +693,7 @@ static int nf_tables_newtable(struct net
|
||||||
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
@ -401,7 +401,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return nf_tables_updtable(&ctx);
|
return nf_tables_updtable(&ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -766,40 +691,34 @@ static int nf_tables_newtable(struct net
|
@@ -778,40 +703,34 @@ static int nf_tables_newtable(struct net
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -870,10 +789,10 @@ static int nft_flush(struct nft_ctx *ctx
|
@@ -882,10 +801,10 @@ static int nft_flush(struct nft_ctx *ctx
|
||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
|
list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
|
||||||
@ -463,7 +463,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (!nft_is_active_next(ctx->net, table))
|
if (!nft_is_active_next(ctx->net, table))
|
||||||
continue;
|
continue;
|
||||||
@@ -899,7 +818,6 @@ static int nf_tables_deltable(struct net
|
@@ -911,7 +830,6 @@ static int nf_tables_deltable(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
@ -471,7 +471,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -908,11 +826,7 @@ static int nf_tables_deltable(struct net
|
@@ -920,11 +838,7 @@ static int nf_tables_deltable(struct net
|
||||||
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
||||||
return nft_flush(&ctx, family);
|
return nft_flush(&ctx, family);
|
||||||
|
|
||||||
@ -484,7 +484,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -921,7 +835,7 @@ static int nf_tables_deltable(struct net
|
@@ -933,7 +847,7 @@ static int nf_tables_deltable(struct net
|
||||||
table->use > 0)
|
table->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -493,7 +493,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
ctx.table = table;
|
ctx.table = table;
|
||||||
|
|
||||||
return nft_flush_table(&ctx);
|
return nft_flush_table(&ctx);
|
||||||
@@ -933,7 +847,6 @@ static void nf_tables_table_destroy(stru
|
@@ -945,7 +859,6 @@ static void nf_tables_table_destroy(stru
|
||||||
|
|
||||||
kfree(ctx->table->name);
|
kfree(ctx->table->name);
|
||||||
kfree(ctx->table);
|
kfree(ctx->table);
|
||||||
@ -501,7 +501,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
}
|
}
|
||||||
|
|
||||||
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
||||||
@@ -1162,7 +1075,7 @@ static int nf_tables_dump_chains(struct
|
@@ -1174,7 +1087,7 @@ static int nf_tables_dump_chains(struct
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
@ -510,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
list_for_each_entry_rcu(chain, &table->chains, list) {
|
list_for_each_entry_rcu(chain, &table->chains, list) {
|
||||||
@@ -1178,7 +1091,7 @@ static int nf_tables_dump_chains(struct
|
@@ -1190,7 +1103,7 @@ static int nf_tables_dump_chains(struct
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWCHAIN,
|
NFT_MSG_NEWCHAIN,
|
||||||
NLM_F_MULTI,
|
NLM_F_MULTI,
|
||||||
@ -519,7 +519,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
chain) < 0)
|
chain) < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -1200,7 +1113,6 @@ static int nf_tables_getchain(struct net
|
@@ -1212,7 +1125,6 @@ static int nf_tables_getchain(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
@ -527,7 +527,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
@@ -1214,11 +1126,7 @@ static int nf_tables_getchain(struct net
|
@@ -1226,11 +1138,7 @@ static int nf_tables_getchain(struct net
|
||||||
return netlink_dump_start(nlsk, skb, nlh, &c);
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -1600,7 +1508,6 @@ static int nf_tables_newchain(struct net
|
@@ -1612,7 +1520,6 @@ static int nf_tables_newchain(struct net
|
||||||
const struct nlattr * uninitialized_var(name);
|
const struct nlattr * uninitialized_var(name);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
u8 policy = NF_ACCEPT;
|
u8 policy = NF_ACCEPT;
|
||||||
@@ -1610,11 +1517,7 @@ static int nf_tables_newchain(struct net
|
@@ -1622,11 +1529,7 @@ static int nf_tables_newchain(struct net
|
||||||
|
|
||||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||||
|
|
||||||
@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -1655,7 +1558,7 @@ static int nf_tables_newchain(struct net
|
@@ -1667,7 +1570,7 @@ static int nf_tables_newchain(struct net
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (chain != NULL) {
|
if (chain != NULL) {
|
||||||
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
||||||
@@ -1676,7 +1579,6 @@ static int nf_tables_delchain(struct net
|
@@ -1688,7 +1591,6 @@ static int nf_tables_delchain(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
struct nft_rule *rule;
|
struct nft_rule *rule;
|
||||||
@@ -1685,11 +1587,7 @@ static int nf_tables_delchain(struct net
|
@@ -1697,11 +1599,7 @@ static int nf_tables_delchain(struct net
|
||||||
u32 use;
|
u32 use;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -1702,7 +1600,7 @@ static int nf_tables_delchain(struct net
|
@@ -1714,7 +1612,7 @@ static int nf_tables_delchain(struct net
|
||||||
chain->use > 0)
|
chain->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
use = chain->use;
|
use = chain->use;
|
||||||
list_for_each_entry(rule, &chain->rules, list) {
|
list_for_each_entry(rule, &chain->rules, list) {
|
||||||
@@ -2126,7 +2024,7 @@ static int nf_tables_dump_rules(struct s
|
@@ -2145,7 +2043,7 @@ static int nf_tables_dump_rules(struct s
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
|
if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
|
||||||
@@ -2149,7 +2047,7 @@ static int nf_tables_dump_rules(struct s
|
@@ -2168,7 +2066,7 @@ static int nf_tables_dump_rules(struct s
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWRULE,
|
NFT_MSG_NEWRULE,
|
||||||
NLM_F_MULTI | NLM_F_APPEND,
|
NLM_F_MULTI | NLM_F_APPEND,
|
||||||
@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
table, chain, rule) < 0)
|
table, chain, rule) < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -2185,7 +2083,6 @@ static int nf_tables_getrule(struct net
|
@@ -2204,7 +2102,6 @@ static int nf_tables_getrule(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
const struct nft_rule *rule;
|
const struct nft_rule *rule;
|
||||||
@@ -2229,11 +2126,7 @@ static int nf_tables_getrule(struct net
|
@@ -2248,11 +2145,7 @@ static int nf_tables_getrule(struct net
|
||||||
return netlink_dump_start(nlsk, skb, nlh, &c);
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -2299,7 +2192,7 @@ static int nf_tables_newrule(struct net
|
@@ -2318,7 +2211,7 @@ static int nf_tables_newrule(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
struct nft_rule *rule, *old_rule = NULL;
|
struct nft_rule *rule, *old_rule = NULL;
|
||||||
@@ -2315,11 +2208,7 @@ static int nf_tables_newrule(struct net
|
@@ -2334,11 +2227,7 @@ static int nf_tables_newrule(struct net
|
||||||
|
|
||||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||||
|
|
||||||
@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -2359,7 +2248,7 @@ static int nf_tables_newrule(struct net
|
@@ -2378,7 +2267,7 @@ static int nf_tables_newrule(struct net
|
||||||
return PTR_ERR(old_rule);
|
return PTR_ERR(old_rule);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
n = 0;
|
n = 0;
|
||||||
size = 0;
|
size = 0;
|
||||||
@@ -2481,18 +2370,13 @@ static int nf_tables_delrule(struct net
|
@@ -2500,18 +2389,13 @@ static int nf_tables_delrule(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -2504,7 +2388,7 @@ static int nf_tables_delrule(struct net
|
@@ -2523,7 +2407,7 @@ static int nf_tables_delrule(struct net
|
||||||
return PTR_ERR(chain);
|
return PTR_ERR(chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (chain) {
|
if (chain) {
|
||||||
if (nla[NFTA_RULE_HANDLE]) {
|
if (nla[NFTA_RULE_HANDLE]) {
|
||||||
@@ -2689,26 +2573,17 @@ static int nft_ctx_init_from_setattr(str
|
@@ -2708,26 +2592,17 @@ static int nft_ctx_init_from_setattr(str
|
||||||
u8 genmask)
|
u8 genmask)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2940,7 +2815,7 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2959,7 +2834,7 @@ static int nf_tables_dump_sets(struct sk
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
if (ctx->family != NFPROTO_UNSPEC &&
|
if (ctx->family != NFPROTO_UNSPEC &&
|
||||||
@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (ctx->table && ctx->table != table)
|
if (ctx->table && ctx->table != table)
|
||||||
@@ -2961,7 +2836,7 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2980,7 +2855,7 @@ static int nf_tables_dump_sets(struct sk
|
||||||
|
|
||||||
ctx_set = *ctx;
|
ctx_set = *ctx;
|
||||||
ctx_set.table = table;
|
ctx_set.table = table;
|
||||||
@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
if (nf_tables_fill_set(skb, &ctx_set, set,
|
if (nf_tables_fill_set(skb, &ctx_set, set,
|
||||||
NFT_MSG_NEWSET,
|
NFT_MSG_NEWSET,
|
||||||
@@ -3073,8 +2948,8 @@ static int nf_tables_newset(struct net *
|
@@ -3092,8 +2967,8 @@ static int nf_tables_newset(struct net *
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_set *set;
|
struct nft_set *set;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -3181,16 +3056,12 @@ static int nf_tables_newset(struct net *
|
@@ -3200,16 +3075,12 @@ static int nf_tables_newset(struct net *
|
||||||
|
|
||||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||||
|
|
||||||
@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
||||||
if (IS_ERR(set)) {
|
if (IS_ERR(set)) {
|
||||||
@@ -3452,19 +3323,15 @@ static int nft_ctx_init_from_elemattr(st
|
@@ -3471,19 +3342,15 @@ static int nft_ctx_init_from_elemattr(st
|
||||||
u8 genmask)
|
u8 genmask)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3582,7 +3449,7 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3601,7 +3468,7 @@ static int nf_tables_dump_set(struct sk_
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
||||||
@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (table != dump_ctx->ctx.table)
|
if (table != dump_ctx->ctx.table)
|
||||||
@@ -3612,7 +3479,7 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3631,7 +3498,7 @@ static int nf_tables_dump_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -4494,7 +4361,6 @@ static int nf_tables_newobj(struct net *
|
@@ -4513,7 +4380,6 @@ static int nf_tables_newobj(struct net *
|
||||||
const struct nft_object_type *type;
|
const struct nft_object_type *type;
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -4506,11 +4372,7 @@ static int nf_tables_newobj(struct net *
|
@@ -4525,11 +4391,7 @@ static int nf_tables_newobj(struct net *
|
||||||
!nla[NFTA_OBJ_DATA])
|
!nla[NFTA_OBJ_DATA])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -4529,7 +4391,7 @@ static int nf_tables_newobj(struct net *
|
@@ -4548,7 +4410,7 @@ static int nf_tables_newobj(struct net *
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
type = nft_obj_type_get(objtype);
|
type = nft_obj_type_get(objtype);
|
||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
@@ -4621,7 +4483,7 @@ static int nf_tables_dump_obj(struct sk_
|
@@ -4640,7 +4502,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
list_for_each_entry_rcu(obj, &table->objects, list) {
|
list_for_each_entry_rcu(obj, &table->objects, list) {
|
||||||
@@ -4644,7 +4506,7 @@ static int nf_tables_dump_obj(struct sk_
|
@@ -4663,7 +4525,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWOBJ,
|
NFT_MSG_NEWOBJ,
|
||||||
NLM_F_MULTI | NLM_F_APPEND,
|
NLM_F_MULTI | NLM_F_APPEND,
|
||||||
@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
obj, reset) < 0)
|
obj, reset) < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -4702,7 +4564,6 @@ static int nf_tables_getobj(struct net *
|
@@ -4721,7 +4583,6 @@ static int nf_tables_getobj(struct net *
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
@@ -4733,11 +4594,7 @@ static int nf_tables_getobj(struct net *
|
@@ -4752,11 +4613,7 @@ static int nf_tables_getobj(struct net *
|
||||||
!nla[NFTA_OBJ_TYPE])
|
!nla[NFTA_OBJ_TYPE])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -4784,7 +4641,6 @@ static int nf_tables_delobj(struct net *
|
@@ -4803,7 +4660,6 @@ static int nf_tables_delobj(struct net *
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -4794,11 +4650,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4813,11 +4669,7 @@ static int nf_tables_delobj(struct net *
|
||||||
!nla[NFTA_OBJ_NAME])
|
!nla[NFTA_OBJ_NAME])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -4810,7 +4662,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4829,7 +4681,7 @@ static int nf_tables_delobj(struct net *
|
||||||
if (obj->use > 0)
|
if (obj->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
return nft_delobj(&ctx, obj);
|
return nft_delobj(&ctx, obj);
|
||||||
}
|
}
|
||||||
@@ -4995,33 +4847,31 @@ err1:
|
@@ -5014,33 +4866,31 @@ err1:
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return ERR_PTR(-EAGAIN);
|
return ERR_PTR(-EAGAIN);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -5069,7 +4919,6 @@ static int nf_tables_newflowtable(struct
|
@@ -5088,7 +4938,6 @@ static int nf_tables_newflowtable(struct
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
int err, i, k;
|
int err, i, k;
|
||||||
@@ -5079,12 +4928,8 @@ static int nf_tables_newflowtable(struct
|
@@ -5098,12 +4947,8 @@ static int nf_tables_newflowtable(struct
|
||||||
!nla[NFTA_FLOWTABLE_HOOK])
|
!nla[NFTA_FLOWTABLE_HOOK])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5101,7 +4946,7 @@ static int nf_tables_newflowtable(struct
|
@@ -5120,7 +4965,7 @@ static int nf_tables_newflowtable(struct
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
||||||
if (!flowtable)
|
if (!flowtable)
|
||||||
@@ -5114,7 +4959,7 @@ static int nf_tables_newflowtable(struct
|
@@ -5133,7 +4978,7 @@ static int nf_tables_newflowtable(struct
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(type)) {
|
if (IS_ERR(type)) {
|
||||||
err = PTR_ERR(type);
|
err = PTR_ERR(type);
|
||||||
goto err2;
|
goto err2;
|
||||||
@@ -5174,16 +5019,11 @@ static int nf_tables_delflowtable(struct
|
@@ -5193,16 +5038,11 @@ static int nf_tables_delflowtable(struct
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5194,7 +5034,7 @@ static int nf_tables_delflowtable(struct
|
@@ -5213,7 +5053,7 @@ static int nf_tables_delflowtable(struct
|
||||||
if (flowtable->use > 0)
|
if (flowtable->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
return nft_delflowtable(&ctx, flowtable);
|
return nft_delflowtable(&ctx, flowtable);
|
||||||
}
|
}
|
||||||
@@ -5269,7 +5109,7 @@ static int nf_tables_dump_flowtable(stru
|
@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||||
@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru
|
@@ -5307,7 +5147,7 @@ static int nf_tables_dump_flowtable(stru
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWFLOWTABLE,
|
NFT_MSG_NEWFLOWTABLE,
|
||||||
NLM_F_MULTI | NLM_F_APPEND,
|
NLM_F_MULTI | NLM_F_APPEND,
|
||||||
@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
||||||
@@ -5348,7 +5188,6 @@ static int nf_tables_getflowtable(struct
|
@@ -5367,7 +5207,6 @@ static int nf_tables_getflowtable(struct
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int err;
|
int err;
|
||||||
@@ -5374,12 +5213,8 @@ static int nf_tables_getflowtable(struct
|
@@ -5393,12 +5232,8 @@ static int nf_tables_getflowtable(struct
|
||||||
if (!nla[NFTA_FLOWTABLE_NAME])
|
if (!nla[NFTA_FLOWTABLE_NAME])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -6550,7 +6385,7 @@ int __nft_release_basechain(struct nft_c
|
@@ -6569,7 +6404,7 @@ int __nft_release_basechain(struct nft_c
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
||||||
|
|
||||||
@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
{
|
{
|
||||||
struct nft_flowtable *flowtable, *nf;
|
struct nft_flowtable *flowtable, *nf;
|
||||||
struct nft_table *table, *nt;
|
struct nft_table *table, *nt;
|
||||||
@@ -6563,7 +6398,7 @@ static void __nft_release_afinfo(struct
|
@@ -6582,7 +6417,7 @@ static void __nft_release_afinfo(struct
|
||||||
};
|
};
|
||||||
|
|
||||||
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
||||||
@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
nf_tables_unregister_hook(net, table, chain);
|
nf_tables_unregister_hook(net, table, chain);
|
||||||
@@ -6615,7 +6450,7 @@ static int __net_init nf_tables_init_net
|
@@ -6634,7 +6469,7 @@ static int __net_init nf_tables_init_net
|
||||||
|
|
||||||
static void __net_exit nf_tables_exit_net(struct net *net)
|
static void __net_exit nf_tables_exit_net(struct net *net)
|
||||||
{
|
{
|
||||||
|
@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4885,13 +4885,13 @@ void nft_flow_table_iterate(struct net *
|
@@ -4904,13 +4904,13 @@ void nft_flow_table_iterate(struct net *
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
|
|
||||||
|
@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5270,17 +5270,12 @@ err:
|
@@ -5289,17 +5289,12 @@ err:
|
||||||
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
|
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
static void nft_ctx_init(struct nft_ctx *ctx,
|
static void nft_ctx_init(struct nft_ctx *ctx,
|
||||||
struct net *net,
|
struct net *net,
|
||||||
@@ -364,6 +365,20 @@ static struct nft_table *nft_table_looku
|
@@ -376,6 +377,20 @@ static struct nft_table *nft_table_looku
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -172,7 +172,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static struct nft_table *nf_tables_table_lookup(const struct net *net,
|
static struct nft_table *nf_tables_table_lookup(const struct net *net,
|
||||||
const struct nlattr *nla,
|
const struct nlattr *nla,
|
||||||
u8 family, u8 genmask)
|
u8 family, u8 genmask)
|
||||||
@@ -380,6 +395,22 @@ static struct nft_table *nf_tables_table
|
@@ -392,6 +407,22 @@ static struct nft_table *nf_tables_table
|
||||||
return ERR_PTR(-ENOENT);
|
return ERR_PTR(-ENOENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -195,7 +195,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static inline u64 nf_tables_alloc_handle(struct nft_table *table)
|
static inline u64 nf_tables_alloc_handle(struct nft_table *table)
|
||||||
{
|
{
|
||||||
return ++table->hgenerator;
|
return ++table->hgenerator;
|
||||||
@@ -426,6 +457,7 @@ static const struct nla_policy nft_table
|
@@ -438,6 +469,7 @@ static const struct nla_policy nft_table
|
||||||
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
|
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
|
||||||
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
||||||
[NFTA_TABLE_FLAGS] = { .type = NLA_U32 },
|
[NFTA_TABLE_FLAGS] = { .type = NLA_U32 },
|
||||||
@ -203,7 +203,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
|
|
||||||
static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
|
static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
|
||||||
@@ -447,7 +479,9 @@ static int nf_tables_fill_table_info(str
|
@@ -459,7 +491,9 @@ static int nf_tables_fill_table_info(str
|
||||||
|
|
||||||
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
|
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
|
||||||
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
|
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
|
||||||
@ -214,7 +214,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nlmsg_end(skb, nlh);
|
nlmsg_end(skb, nlh);
|
||||||
@@ -706,6 +740,7 @@ static int nf_tables_newtable(struct net
|
@@ -718,6 +752,7 @@ static int nf_tables_newtable(struct net
|
||||||
INIT_LIST_HEAD(&table->flowtables);
|
INIT_LIST_HEAD(&table->flowtables);
|
||||||
table->family = family;
|
table->family = family;
|
||||||
table->flags = flags;
|
table->flags = flags;
|
||||||
@ -222,7 +222,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
||||||
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
|
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
|
||||||
@@ -823,11 +858,18 @@ static int nf_tables_deltable(struct net
|
@@ -835,11 +870,18 @@ static int nf_tables_deltable(struct net
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
|
|
||||||
nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla);
|
nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla);
|
||||||
@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1584,6 +1626,7 @@ static int nf_tables_delchain(struct net
|
@@ -1596,6 +1638,7 @@ static int nf_tables_delchain(struct net
|
||||||
struct nft_rule *rule;
|
struct nft_rule *rule;
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
u32 use;
|
u32 use;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
@@ -1592,7 +1635,12 @@ static int nf_tables_delchain(struct net
|
@@ -1604,7 +1647,12 @@ static int nf_tables_delchain(struct net
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(chain))
|
if (IS_ERR(chain))
|
||||||
return PTR_ERR(chain);
|
return PTR_ERR(chain);
|
||||||
|
|
||||||
@@ -2560,6 +2608,7 @@ static const struct nla_policy nft_set_p
|
@@ -2579,6 +2627,7 @@ static const struct nla_policy nft_set_p
|
||||||
[NFTA_SET_USERDATA] = { .type = NLA_BINARY,
|
[NFTA_SET_USERDATA] = { .type = NLA_BINARY,
|
||||||
.len = NFT_USERDATA_MAXLEN },
|
.len = NFT_USERDATA_MAXLEN },
|
||||||
[NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 },
|
[NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 },
|
||||||
@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
|
|
||||||
static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
|
static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
|
||||||
@@ -2603,6 +2652,22 @@ static struct nft_set *nf_tables_set_loo
|
@@ -2622,6 +2671,22 @@ static struct nft_set *nf_tables_set_loo
|
||||||
return ERR_PTR(-ENOENT);
|
return ERR_PTR(-ENOENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
|
static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
|
||||||
const struct nlattr *nla,
|
const struct nlattr *nla,
|
||||||
u8 genmask)
|
u8 genmask)
|
||||||
@@ -2719,6 +2784,9 @@ static int nf_tables_fill_set(struct sk_
|
@@ -2738,6 +2803,9 @@ static int nf_tables_fill_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
|
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (set->flags != 0)
|
if (set->flags != 0)
|
||||||
if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
|
if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
@@ -3127,6 +3195,7 @@ static int nf_tables_newset(struct net *
|
@@ -3146,6 +3214,7 @@ static int nf_tables_newset(struct net *
|
||||||
set->udata = udata;
|
set->udata = udata;
|
||||||
set->timeout = timeout;
|
set->timeout = timeout;
|
||||||
set->gc_int = gc_int;
|
set->gc_int = gc_int;
|
||||||
@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
|
|
||||||
err = ops->init(set, &desc, nla);
|
err = ops->init(set, &desc, nla);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -3186,7 +3255,10 @@ static int nf_tables_delset(struct net *
|
@@ -3205,7 +3274,10 @@ static int nf_tables_delset(struct net *
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(set))
|
if (IS_ERR(set))
|
||||||
return PTR_ERR(set);
|
return PTR_ERR(set);
|
||||||
|
|
||||||
@@ -4249,6 +4321,21 @@ struct nft_object *nf_tables_obj_lookup(
|
@@ -4268,6 +4340,21 @@ struct nft_object *nf_tables_obj_lookup(
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
|
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
|
||||||
|
|
||||||
@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
|
static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
|
||||||
[NFTA_OBJ_TABLE] = { .type = NLA_STRING,
|
[NFTA_OBJ_TABLE] = { .type = NLA_STRING,
|
||||||
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
||||||
@@ -4256,6 +4343,7 @@ static const struct nla_policy nft_obj_p
|
@@ -4275,6 +4362,7 @@ static const struct nla_policy nft_obj_p
|
||||||
.len = NFT_OBJ_MAXNAMELEN - 1 },
|
.len = NFT_OBJ_MAXNAMELEN - 1 },
|
||||||
[NFTA_OBJ_TYPE] = { .type = NLA_U32 },
|
[NFTA_OBJ_TYPE] = { .type = NLA_U32 },
|
||||||
[NFTA_OBJ_DATA] = { .type = NLA_NESTED },
|
[NFTA_OBJ_DATA] = { .type = NLA_NESTED },
|
||||||
@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
|
|
||||||
static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
|
static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
|
||||||
@@ -4403,6 +4491,8 @@ static int nf_tables_newobj(struct net *
|
@@ -4422,6 +4510,8 @@ static int nf_tables_newobj(struct net *
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
obj->table = table;
|
obj->table = table;
|
||||||
@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
|
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
|
||||||
if (!obj->name) {
|
if (!obj->name) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
@@ -4449,7 +4539,9 @@ static int nf_tables_fill_obj_info(struc
|
@@ -4468,7 +4558,9 @@ static int nf_tables_fill_obj_info(struc
|
||||||
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
|
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
|
||||||
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
|
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
|
||||||
nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
|
nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
|
||||||
@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nlmsg_end(skb, nlh);
|
nlmsg_end(skb, nlh);
|
||||||
@@ -4647,7 +4739,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4666,7 +4758,7 @@ static int nf_tables_delobj(struct net *
|
||||||
u32 objtype;
|
u32 objtype;
|
||||||
|
|
||||||
if (!nla[NFTA_OBJ_TYPE] ||
|
if (!nla[NFTA_OBJ_TYPE] ||
|
||||||
@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
||||||
@@ -4656,7 +4748,12 @@ static int nf_tables_delobj(struct net *
|
@@ -4675,7 +4767,12 @@ static int nf_tables_delobj(struct net *
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
|
objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
|
||||||
@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(obj))
|
if (IS_ERR(obj))
|
||||||
return PTR_ERR(obj);
|
return PTR_ERR(obj);
|
||||||
if (obj->use > 0)
|
if (obj->use > 0)
|
||||||
@@ -4728,6 +4825,7 @@ static const struct nla_policy nft_flowt
|
@@ -4747,6 +4844,7 @@ static const struct nla_policy nft_flowt
|
||||||
[NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING,
|
[NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING,
|
||||||
.len = NFT_NAME_MAXLEN - 1 },
|
.len = NFT_NAME_MAXLEN - 1 },
|
||||||
[NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED },
|
[NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED },
|
||||||
@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
||||||
@@ -4745,6 +4843,20 @@ struct nft_flowtable *nf_tables_flowtabl
|
@@ -4764,6 +4862,20 @@ struct nft_flowtable *nf_tables_flowtabl
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
|
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
|
||||||
|
|
||||||
@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
#define NFT_FLOWTABLE_DEVICE_MAX 8
|
#define NFT_FLOWTABLE_DEVICE_MAX 8
|
||||||
|
|
||||||
static int nf_tables_parse_devices(const struct nft_ctx *ctx,
|
static int nf_tables_parse_devices(const struct nft_ctx *ctx,
|
||||||
@@ -4953,6 +5065,8 @@ static int nf_tables_newflowtable(struct
|
@@ -4972,6 +5084,8 @@ static int nf_tables_newflowtable(struct
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
flowtable->table = table;
|
flowtable->table = table;
|
||||||
@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
|
flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
|
||||||
if (!flowtable->name) {
|
if (!flowtable->name) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
@@ -5027,8 +5141,14 @@ static int nf_tables_delflowtable(struct
|
@@ -5046,8 +5160,14 @@ static int nf_tables_delflowtable(struct
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
if (IS_ERR(flowtable))
|
if (IS_ERR(flowtable))
|
||||||
return PTR_ERR(flowtable);
|
return PTR_ERR(flowtable);
|
||||||
if (flowtable->use > 0)
|
if (flowtable->use > 0)
|
||||||
@@ -5061,7 +5181,9 @@ static int nf_tables_fill_flowtable_info
|
@@ -5080,7 +5200,9 @@ static int nf_tables_fill_flowtable_info
|
||||||
|
|
||||||
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
|
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
|
||||||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
||||||
|
@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
.owner = THIS_MODULE,
|
.owner = THIS_MODULE,
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5080,40 +5080,38 @@ static int nf_tables_newflowtable(struct
|
@@ -5099,40 +5099,38 @@ static int nf_tables_newflowtable(struct
|
||||||
}
|
}
|
||||||
|
|
||||||
flowtable->data.type = type;
|
flowtable->data.type = type;
|
||||||
@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
err3:
|
err3:
|
||||||
module_put(type->owner);
|
module_put(type->owner);
|
||||||
err2:
|
err2:
|
||||||
@@ -5394,10 +5392,8 @@ err:
|
@@ -5413,10 +5411,8 @@ err:
|
||||||
|
|
||||||
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
|
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
|
||||||
{
|
{
|
||||||
|
@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4946,7 +4946,7 @@ static int nf_tables_flowtable_parse_hoo
|
@@ -4965,7 +4965,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||||
flowtable->ops[i].pf = NFPROTO_NETDEV;
|
flowtable->ops[i].pf = NFPROTO_NETDEV;
|
||||||
flowtable->ops[i].hooknum = hooknum;
|
flowtable->ops[i].hooknum = hooknum;
|
||||||
flowtable->ops[i].priority = priority;
|
flowtable->ops[i].priority = priority;
|
||||||
|
@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
WARN_ON(!nf_flow_offload_gc_step(flow_table));
|
WARN_ON(!nf_flow_offload_gc_step(flow_table));
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4990,23 +4990,6 @@ static const struct nf_flowtable_type *n
|
@@ -5009,23 +5009,6 @@ static const struct nf_flowtable_type *n
|
||||||
return ERR_PTR(-ENOENT);
|
return ERR_PTR(-ENOENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
|
|
||||||
--- a/net/netfilter/nf_conntrack_core.c
|
--- a/net/netfilter/nf_conntrack_core.c
|
||||||
+++ b/net/netfilter/nf_conntrack_core.c
|
+++ b/net/netfilter/nf_conntrack_core.c
|
||||||
@@ -1005,18 +1005,6 @@ static bool gc_worker_can_early_drop(con
|
@@ -1040,18 +1040,6 @@ static bool gc_worker_can_early_drop(con
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
static void gc_worker(struct work_struct *work)
|
static void gc_worker(struct work_struct *work)
|
||||||
{
|
{
|
||||||
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
|
unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
|
||||||
@@ -1053,10 +1041,8 @@ static void gc_worker(struct work_struct
|
@@ -1088,10 +1076,8 @@ static void gc_worker(struct work_struct
|
||||||
tmp = nf_ct_tuplehash_to_ctrack(h);
|
tmp = nf_ct_tuplehash_to_ctrack(h);
|
||||||
|
|
||||||
scanned++;
|
scanned++;
|
||||||
|
@ -1,110 +0,0 @@
|
|||||||
From 852a88f35f4b7e5ebb717fed3c3a3330d5ad4336 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
|
|
||||||
Date: Wed, 10 Apr 2019 16:43:27 +0200
|
|
||||||
Subject: [PATCH v2] MIPS: perf: ath79: Fix perfcount IRQ assignment
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Currently it's not possible to use perf on ath79 due to genirq flags
|
|
||||||
mismatch happening on static virtual IRQ 13 which is used for
|
|
||||||
performance counters hardware IRQ 5.
|
|
||||||
|
|
||||||
On TP-Link Archer C7v5:
|
|
||||||
|
|
||||||
CPU0
|
|
||||||
2: 0 MIPS 2 ath9k
|
|
||||||
4: 318 MIPS 4 19000000.eth
|
|
||||||
7: 55034 MIPS 7 timer
|
|
||||||
8: 1236 MISC 3 ttyS0
|
|
||||||
12: 0 INTC 1 ehci_hcd:usb1
|
|
||||||
13: 0 gpio-ath79 2 keys
|
|
||||||
14: 0 gpio-ath79 5 keys
|
|
||||||
15: 31 AR724X PCI 1 ath10k_pci
|
|
||||||
|
|
||||||
$ perf top
|
|
||||||
genirq: Flags mismatch irq 13. 00014c83 (mips_perf_pmu) vs. 00002003 (keys)
|
|
||||||
|
|
||||||
On TP-Link Archer C7v4:
|
|
||||||
|
|
||||||
CPU0
|
|
||||||
4: 0 MIPS 4 19000000.eth
|
|
||||||
5: 7135 MIPS 5 1a000000.eth
|
|
||||||
7: 98379 MIPS 7 timer
|
|
||||||
8: 30 MISC 3 ttyS0
|
|
||||||
12: 90028 INTC 0 ath9k
|
|
||||||
13: 5520 INTC 1 ehci_hcd:usb1
|
|
||||||
14: 4623 INTC 2 ehci_hcd:usb2
|
|
||||||
15: 32844 AR724X PCI 1 ath10k_pci
|
|
||||||
16: 0 gpio-ath79 16 keys
|
|
||||||
23: 0 gpio-ath79 23 keys
|
|
||||||
|
|
||||||
$ perf top
|
|
||||||
genirq: Flags mismatch irq 13. 00014c80 (mips_perf_pmu) vs. 00000080 (ehci_hcd:usb1)
|
|
||||||
|
|
||||||
This problem is happening, because currently statically assigned virtual
|
|
||||||
IRQ 13 for performance counters is not claimed during the initialization
|
|
||||||
of MIPS PMU during the bootup, so the IRQ subsystem doesn't know, that
|
|
||||||
this interrupt isn't available for further use.
|
|
||||||
|
|
||||||
So this patch fixes the issue by simply booking hardware IRQ 5 for MIPS PMU.
|
|
||||||
|
|
||||||
Tested-by: Kevin 'ldir' Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
||||||
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
||||||
---
|
|
||||||
|
|
||||||
Changes since v1:
|
|
||||||
|
|
||||||
I've incorporated two comments which I've received on IRC from blogic and
|
|
||||||
I've also reworded the commit message to match the changes in v2 of this
|
|
||||||
patch.
|
|
||||||
|
|
||||||
* use actual hardware perfcount IRQ 5 instead of the virtual IRQ 13
|
|
||||||
* dropped the CONFIG_PERF_EVENTS ifdef around irq_create_mapping
|
|
||||||
|
|
||||||
arch/mips/ath79/setup.c | 6 ------
|
|
||||||
drivers/irqchip/irq-ath79-misc.c | 11 +++++++++++
|
|
||||||
2 files changed, 11 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
--- a/arch/mips/ath79/setup.c
|
|
||||||
+++ b/arch/mips/ath79/setup.c
|
|
||||||
@@ -183,12 +183,6 @@ const char *get_system_type(void)
|
|
||||||
return ath79_sys_type;
|
|
||||||
}
|
|
||||||
|
|
||||||
-int get_c0_perfcount_int(void)
|
|
||||||
-{
|
|
||||||
- return ATH79_MISC_IRQ(5);
|
|
||||||
-}
|
|
||||||
-EXPORT_SYMBOL_GPL(get_c0_perfcount_int);
|
|
||||||
-
|
|
||||||
unsigned int get_c0_compare_int(void)
|
|
||||||
{
|
|
||||||
return CP0_LEGACY_COMPARE_IRQ;
|
|
||||||
--- a/drivers/irqchip/irq-ath79-misc.c
|
|
||||||
+++ b/drivers/irqchip/irq-ath79-misc.c
|
|
||||||
@@ -22,6 +22,15 @@
|
|
||||||
#define AR71XX_RESET_REG_MISC_INT_ENABLE 4
|
|
||||||
|
|
||||||
#define ATH79_MISC_IRQ_COUNT 32
|
|
||||||
+#define ATH79_MISC_PERF_IRQ 5
|
|
||||||
+
|
|
||||||
+static int ath79_perfcount_irq;
|
|
||||||
+
|
|
||||||
+int get_c0_perfcount_int(void)
|
|
||||||
+{
|
|
||||||
+ return ath79_perfcount_irq;
|
|
||||||
+}
|
|
||||||
+EXPORT_SYMBOL_GPL(get_c0_perfcount_int);
|
|
||||||
|
|
||||||
static void ath79_misc_irq_handler(struct irq_desc *desc)
|
|
||||||
{
|
|
||||||
@@ -113,6 +122,8 @@ static void __init ath79_misc_intc_domai
|
|
||||||
{
|
|
||||||
void __iomem *base = domain->host_data;
|
|
||||||
|
|
||||||
+ ath79_perfcount_irq = irq_create_mapping(domain, ATH79_MISC_PERF_IRQ);
|
|
||||||
+
|
|
||||||
/* Disable and clear all interrupts */
|
|
||||||
__raw_writel(0, base + AR71XX_RESET_REG_MISC_INT_ENABLE);
|
|
||||||
__raw_writel(0, base + AR71XX_RESET_REG_MISC_INT_STATUS);
|
|
@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
+MODULE_ALIAS("nf-flow-table-hw");
|
+MODULE_ALIAS("nf-flow-table-hw");
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4933,6 +4933,14 @@ static int nf_tables_flowtable_parse_hoo
|
@@ -4952,6 +4952,14 @@ static int nf_tables_flowtable_parse_hoo
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
|
ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
|
||||||
if (!ops) {
|
if (!ops) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
@@ -5063,10 +5071,19 @@ static int nf_tables_newflowtable(struct
|
@@ -5082,10 +5090,19 @@ static int nf_tables_newflowtable(struct
|
||||||
}
|
}
|
||||||
|
|
||||||
flowtable->data.type = type;
|
flowtable->data.type = type;
|
||||||
@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|||||||
err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
|
err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
|
||||||
flowtable);
|
flowtable);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -5164,7 +5181,8 @@ static int nf_tables_fill_flowtable_info
|
@@ -5183,7 +5200,8 @@ static int nf_tables_fill_flowtable_info
|
||||||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
||||||
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
|
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
|
||||||
nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),
|
nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),
|
||||||
|
@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
|
|
||||||
#include "vlan.h"
|
#include "vlan.h"
|
||||||
#include "vlanproc.h"
|
#include "vlanproc.h"
|
||||||
@@ -766,6 +770,27 @@ static int vlan_dev_get_iflink(const str
|
@@ -768,6 +772,27 @@ static int vlan_dev_get_iflink(const str
|
||||||
return real_dev->ifindex;
|
return real_dev->ifindex;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
static const struct ethtool_ops vlan_ethtool_ops = {
|
static const struct ethtool_ops vlan_ethtool_ops = {
|
||||||
.get_link_ksettings = vlan_ethtool_get_link_ksettings,
|
.get_link_ksettings = vlan_ethtool_get_link_ksettings,
|
||||||
.get_drvinfo = vlan_ethtool_get_drvinfo,
|
.get_drvinfo = vlan_ethtool_get_drvinfo,
|
||||||
@@ -803,6 +828,9 @@ static const struct net_device_ops vlan_
|
@@ -805,6 +830,9 @@ static const struct net_device_ops vlan_
|
||||||
.ndo_fix_features = vlan_dev_fix_features,
|
.ndo_fix_features = vlan_dev_fix_features,
|
||||||
.ndo_get_lock_subclass = vlan_dev_get_lock_subclass,
|
.ndo_get_lock_subclass = vlan_dev_get_lock_subclass,
|
||||||
.ndo_get_iflink = vlan_dev_get_iflink,
|
.ndo_get_iflink = vlan_dev_get_iflink,
|
||||||
|
@ -42,7 +42,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
if (netif_elide_gro(skb->dev))
|
if (netif_elide_gro(skb->dev))
|
||||||
goto normal;
|
goto normal;
|
||||||
|
|
||||||
@@ -6279,6 +6282,48 @@ static void __netdev_adjacent_dev_unlink
|
@@ -6282,6 +6285,48 @@ static void __netdev_adjacent_dev_unlink
|
||||||
&upper_dev->adj_list.lower);
|
&upper_dev->adj_list.lower);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
static int __netdev_upper_dev_link(struct net_device *dev,
|
static int __netdev_upper_dev_link(struct net_device *dev,
|
||||||
struct net_device *upper_dev, bool master,
|
struct net_device *upper_dev, bool master,
|
||||||
void *upper_priv, void *upper_info)
|
void *upper_priv, void *upper_info)
|
||||||
@@ -6317,6 +6362,7 @@ static int __netdev_upper_dev_link(struc
|
@@ -6320,6 +6365,7 @@ static int __netdev_upper_dev_link(struc
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
ret = call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev,
|
ret = call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev,
|
||||||
&changeupper_info.info);
|
&changeupper_info.info);
|
||||||
ret = notifier_to_errno(ret);
|
ret = notifier_to_errno(ret);
|
||||||
@@ -6394,6 +6440,7 @@ void netdev_upper_dev_unlink(struct net_
|
@@ -6397,6 +6443,7 @@ void netdev_upper_dev_unlink(struct net_
|
||||||
|
|
||||||
__netdev_adjacent_dev_unlink_neighbour(dev, upper_dev);
|
__netdev_adjacent_dev_unlink_neighbour(dev, upper_dev);
|
||||||
|
|
||||||
@ -107,7 +107,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|||||||
call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev,
|
call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev,
|
||||||
&changeupper_info.info);
|
&changeupper_info.info);
|
||||||
}
|
}
|
||||||
@@ -6966,6 +7013,7 @@ int dev_set_mac_address(struct net_devic
|
@@ -6969,6 +7016,7 @@ int dev_set_mac_address(struct net_devic
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
dev->addr_assign_type = NET_ADDR_SET;
|
dev->addr_assign_type = NET_ADDR_SET;
|
||||||
|
@ -184,6 +184,6 @@ Signed-off-by: Adrian Panella <ianchi74@outlook.com>
|
|||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
|
/* parameters may set static keys */
|
||||||
|
jump_label_init();
|
||||||
parse_early_param();
|
parse_early_param();
|
||||||
after_dashes = parse_args("Booting kernel",
|
|
||||||
static_command_line, __start___param,
|
|
||||||
|
@ -95,7 +95,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
case SIOCBONDRELEASE:
|
case SIOCBONDRELEASE:
|
||||||
--- a/drivers/net/bonding/bond_options.c
|
--- a/drivers/net/bonding/bond_options.c
|
||||||
+++ b/drivers/net/bonding/bond_options.c
|
+++ b/drivers/net/bonding/bond_options.c
|
||||||
@@ -1389,7 +1389,7 @@ static int bond_option_slaves_set(struct
|
@@ -1382,7 +1382,7 @@ static int bond_option_slaves_set(struct
|
||||||
switch (command[0]) {
|
switch (command[0]) {
|
||||||
case '+':
|
case '+':
|
||||||
netdev_dbg(bond->dev, "Adding slave %s\n", dev->name);
|
netdev_dbg(bond->dev, "Adding slave %s\n", dev->name);
|
||||||
@ -358,7 +358,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_NET_INGRESS
|
#ifdef CONFIG_NET_INGRESS
|
||||||
@@ -6338,7 +6339,15 @@ static int __netdev_upper_dev_link(struc
|
@@ -6341,7 +6342,15 @@ static int __netdev_upper_dev_link(struc
|
||||||
struct net_device *upper_dev, bool master,
|
struct net_device *upper_dev, bool master,
|
||||||
void *upper_priv, void *upper_info)
|
void *upper_priv, void *upper_info)
|
||||||
{
|
{
|
||||||
@ -375,7 +375,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
ASSERT_RTNL();
|
ASSERT_RTNL();
|
||||||
@@ -6356,12 +6365,7 @@ static int __netdev_upper_dev_link(struc
|
@@ -6359,12 +6368,7 @@ static int __netdev_upper_dev_link(struc
|
||||||
if (master && netdev_master_upper_dev_get(dev))
|
if (master && netdev_master_upper_dev_get(dev))
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
@ -389,7 +389,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
&changeupper_info.info);
|
&changeupper_info.info);
|
||||||
ret = notifier_to_errno(ret);
|
ret = notifier_to_errno(ret);
|
||||||
if (ret)
|
if (ret)
|
||||||
@@ -6373,7 +6377,7 @@ static int __netdev_upper_dev_link(struc
|
@@ -6376,7 +6380,7 @@ static int __netdev_upper_dev_link(struc
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
netdev_update_addr_mask(dev);
|
netdev_update_addr_mask(dev);
|
||||||
@ -398,7 +398,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
&changeupper_info.info);
|
&changeupper_info.info);
|
||||||
ret = notifier_to_errno(ret);
|
ret = notifier_to_errno(ret);
|
||||||
if (ret)
|
if (ret)
|
||||||
@@ -6437,21 +6441,25 @@ EXPORT_SYMBOL(netdev_master_upper_dev_li
|
@@ -6440,21 +6444,25 @@ EXPORT_SYMBOL(netdev_master_upper_dev_li
|
||||||
void netdev_upper_dev_unlink(struct net_device *dev,
|
void netdev_upper_dev_unlink(struct net_device *dev,
|
||||||
struct net_device *upper_dev)
|
struct net_device *upper_dev)
|
||||||
{
|
{
|
||||||
@ -429,7 +429,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
&changeupper_info.info);
|
&changeupper_info.info);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(netdev_upper_dev_unlink);
|
EXPORT_SYMBOL(netdev_upper_dev_unlink);
|
||||||
@@ -6467,11 +6475,13 @@ EXPORT_SYMBOL(netdev_upper_dev_unlink);
|
@@ -6470,11 +6478,13 @@ EXPORT_SYMBOL(netdev_upper_dev_unlink);
|
||||||
void netdev_bonding_info_change(struct net_device *dev,
|
void netdev_bonding_info_change(struct net_device *dev,
|
||||||
struct netdev_bonding_info *bonding_info)
|
struct netdev_bonding_info *bonding_info)
|
||||||
{
|
{
|
||||||
@ -445,7 +445,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
&info.info);
|
&info.info);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(netdev_bonding_info_change);
|
EXPORT_SYMBOL(netdev_bonding_info_change);
|
||||||
@@ -6597,11 +6607,13 @@ EXPORT_SYMBOL(dev_get_nest_level);
|
@@ -6600,11 +6610,13 @@ EXPORT_SYMBOL(dev_get_nest_level);
|
||||||
void netdev_lower_state_changed(struct net_device *lower_dev,
|
void netdev_lower_state_changed(struct net_device *lower_dev,
|
||||||
void *lower_state_info)
|
void *lower_state_info)
|
||||||
{
|
{
|
||||||
@ -461,7 +461,7 @@ Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
&changelowerstate_info.info);
|
&changelowerstate_info.info);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(netdev_lower_state_changed);
|
EXPORT_SYMBOL(netdev_lower_state_changed);
|
||||||
@@ -6892,11 +6904,14 @@ void __dev_notify_flags(struct net_devic
|
@@ -6895,11 +6907,14 @@ void __dev_notify_flags(struct net_devic
|
||||||
|
|
||||||
if (dev->flags & IFF_UP &&
|
if (dev->flags & IFF_UP &&
|
||||||
(changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) {
|
(changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) {
|
||||||
|
@ -127,7 +127,7 @@ Signed-off-by: Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
static bool transparent_hugepage_adjust(kvm_pfn_t *pfnp, phys_addr_t *ipap)
|
static bool transparent_hugepage_adjust(kvm_pfn_t *pfnp, phys_addr_t *ipap)
|
||||||
{
|
{
|
||||||
kvm_pfn_t pfn = *pfnp;
|
kvm_pfn_t pfn = *pfnp;
|
||||||
@@ -1334,6 +1360,18 @@ static int user_mem_abort(struct kvm_vcp
|
@@ -1340,6 +1366,18 @@ static int user_mem_abort(struct kvm_vcp
|
||||||
hugetlb = true;
|
hugetlb = true;
|
||||||
gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;
|
gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;
|
||||||
} else {
|
} else {
|
||||||
@ -146,7 +146,7 @@ Signed-off-by: Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
/*
|
/*
|
||||||
* Pages belonging to memslots that don't have the same
|
* Pages belonging to memslots that don't have the same
|
||||||
* alignment for userspace and IPA cannot be mapped using
|
* alignment for userspace and IPA cannot be mapped using
|
||||||
@@ -1375,6 +1413,11 @@ static int user_mem_abort(struct kvm_vcp
|
@@ -1381,6 +1419,11 @@ static int user_mem_abort(struct kvm_vcp
|
||||||
if (is_error_noslot_pfn(pfn))
|
if (is_error_noslot_pfn(pfn))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
@ -158,7 +158,7 @@ Signed-off-by: Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
if (kvm_is_device_pfn(pfn)) {
|
if (kvm_is_device_pfn(pfn)) {
|
||||||
mem_type = PAGE_S2_DEVICE;
|
mem_type = PAGE_S2_DEVICE;
|
||||||
flags |= KVM_S2PTE_FLAG_IS_IOMAP;
|
flags |= KVM_S2PTE_FLAG_IS_IOMAP;
|
||||||
@@ -1911,6 +1954,9 @@ int kvm_arch_prepare_memory_region(struc
|
@@ -1917,6 +1960,9 @@ int kvm_arch_prepare_memory_region(struc
|
||||||
gpa_t gpa = mem->guest_phys_addr +
|
gpa_t gpa = mem->guest_phys_addr +
|
||||||
(vm_start - mem->userspace_addr);
|
(vm_start - mem->userspace_addr);
|
||||||
phys_addr_t pa;
|
phys_addr_t pa;
|
||||||
@ -168,7 +168,7 @@ Signed-off-by: Signed-off-by: Biwen Li <biwen.li@nxp.com>
|
|||||||
|
|
||||||
pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
|
pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
|
||||||
pa += vm_start - vma->vm_start;
|
pa += vm_start - vma->vm_start;
|
||||||
@@ -1921,9 +1967,13 @@ int kvm_arch_prepare_memory_region(struc
|
@@ -1927,9 +1973,13 @@ int kvm_arch_prepare_memory_region(struc
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -196,6 +196,6 @@ Signed-off-by: Michael Gray <michael.gray@lantisproject.com>
|
|||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
|
/* parameters may set static keys */
|
||||||
|
jump_label_init();
|
||||||
parse_early_param();
|
parse_early_param();
|
||||||
after_dashes = parse_args("Booting kernel",
|
|
||||||
static_command_line, __start___param,
|
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
--- a/drivers/clocksource/timer-oxnas-rps.c
|
|
||||||
+++ b/drivers/clocksource/timer-oxnas-rps.c
|
|
||||||
@@ -296,4 +296,4 @@ err_alloc:
|
|
||||||
TIMER_OF_DECLARE(ox810se_rps,
|
|
||||||
"oxsemi,ox810se-rps-timer", oxnas_rps_timer_init);
|
|
||||||
TIMER_OF_DECLARE(ox820_rps,
|
|
||||||
- "oxsemi,ox820se-rps-timer", oxnas_rps_timer_init);
|
|
||||||
+ "oxsemi,ox820-rps-timer", oxnas_rps_timer_init);
|
|
@ -184,6 +184,6 @@ Signed-off-by: Adrian Panella <ianchi74@outlook.com>
|
|||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
|
/* parameters may set static keys */
|
||||||
|
jump_label_init();
|
||||||
parse_early_param();
|
parse_early_param();
|
||||||
after_dashes = parse_args("Booting kernel",
|
|
||||||
static_command_line, __start___param,
|
|
||||||
|
@ -429,7 +429,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
|
|||||||
if (ret)
|
if (ret)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
@@ -890,6 +979,8 @@ static int sun8i_dwmac_probe(struct plat
|
@@ -892,6 +981,8 @@ static int sun8i_dwmac_probe(struct plat
|
||||||
struct sunxi_priv_data *gmac;
|
struct sunxi_priv_data *gmac;
|
||||||
struct device *dev = &pdev->dev;
|
struct device *dev = &pdev->dev;
|
||||||
int ret;
|
int ret;
|
||||||
@ -438,7 +438,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
|
|||||||
|
|
||||||
ret = stmmac_get_platform_resources(pdev, &stmmac_res);
|
ret = stmmac_get_platform_resources(pdev, &stmmac_res);
|
||||||
if (ret)
|
if (ret)
|
||||||
@@ -933,29 +1024,6 @@ static int sun8i_dwmac_probe(struct plat
|
@@ -935,29 +1026,6 @@ static int sun8i_dwmac_probe(struct plat
|
||||||
}
|
}
|
||||||
|
|
||||||
plat_dat->interface = of_get_phy_mode(dev->of_node);
|
plat_dat->interface = of_get_phy_mode(dev->of_node);
|
||||||
@ -468,7 +468,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
|
|||||||
|
|
||||||
/* platform data specifying hardware features and callbacks.
|
/* platform data specifying hardware features and callbacks.
|
||||||
* hardware features were copied from Allwinner drivers.
|
* hardware features were copied from Allwinner drivers.
|
||||||
@@ -974,9 +1042,34 @@ static int sun8i_dwmac_probe(struct plat
|
@@ -976,9 +1044,34 @@ static int sun8i_dwmac_probe(struct plat
|
||||||
|
|
||||||
ret = stmmac_dvr_probe(&pdev->dev, plat_dat, &stmmac_res);
|
ret = stmmac_dvr_probe(&pdev->dev, plat_dat, &stmmac_res);
|
||||||
if (ret)
|
if (ret)
|
||||||
|
@ -18,7 +18,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
|
|||||||
|
|
||||||
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
|
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
|
||||||
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
|
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c
|
||||||
@@ -1073,6 +1073,14 @@ return ret;
|
@@ -1075,6 +1075,14 @@ return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct of_device_id sun8i_dwmac_match[] = {
|
static const struct of_device_id sun8i_dwmac_match[] = {
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
--- a/arch/x86/kernel/reboot.c
|
--- a/arch/x86/kernel/reboot.c
|
||||||
+++ b/arch/x86/kernel/reboot.c
|
+++ b/arch/x86/kernel/reboot.c
|
||||||
@@ -448,6 +448,16 @@ static const struct dmi_system_id reboot
|
@@ -469,6 +469,16 @@ static const struct dmi_system_id reboot
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user