diff options
Diffstat (limited to 'target/linux/generic/backport-4.14')
15 files changed, 37 insertions, 38 deletions
diff --git a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch b/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch index 35800c4acf..0d8bd4c176 100644 --- a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch +++ b/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -395,63 +395,10 @@ EXPORT_SYMBOL(nf_register_net_hooks); +@@ -396,63 +396,10 @@ EXPORT_SYMBOL(nf_register_net_hooks); void nf_unregister_net_hooks(struct net *net, const struct nf_hook_ops *reg, unsigned int hookcount) { diff --git a/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch b/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch index cbaaaa619a..305a58c120 100644 --- a/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch +++ b/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch @@ -32,7 +32,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net * +@@ -342,7 +342,6 @@ void nf_unregister_net_hook(struct net * { struct nf_hook_entries __rcu **pp; struct nf_hook_entries *p; @@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> pp = nf_hook_entry_head(net, reg); if (!pp) -@@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net * +@@ -365,10 +364,7 @@ void nf_unregister_net_hook(struct net * synchronize_net(); @@ -65,7 +65,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> int __init netfilter_log_init(void); --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_q +@@ -109,18 +109,15 @@ bool nf_queue_entry_get_refs(struct nf_q } EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); @@ -88,7 +88,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c -@@ -942,23 +942,18 @@ static struct notifier_block nfqnl_dev_n +@@ -948,23 +948,18 @@ static struct notifier_block nfqnl_dev_n .notifier_call = nfqnl_rcv_dev_event, }; diff --git a/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch b/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch index 5eca73552b..500b4409af 100644 --- a/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch +++ b/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch @@ -107,7 +107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static unsigned int accept_all(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) -@@ -291,9 +316,8 @@ int nf_register_net_hook(struct net *net +@@ -292,9 +317,8 @@ int nf_register_net_hook(struct net *net #ifdef HAVE_JUMP_LABEL static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); #endif @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return 0; } EXPORT_SYMBOL(nf_register_net_hook); -@@ -361,10 +385,8 @@ void nf_unregister_net_hook(struct net * +@@ -362,10 +386,8 @@ void nf_unregister_net_hook(struct net * if (!p) return; diff --git a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch index 90e3500f0e..eaa4feca2c 100644 --- a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch +++ b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch @@ -129,7 +129,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #ifdef CONFIG_NETFILTER_INGRESS if (reg->hooknum == NF_NETDEV_INGRESS) { -@@ -534,14 +549,21 @@ void (*nf_nat_decode_session_hook)(struc +@@ -535,14 +550,21 @@ void (*nf_nat_decode_session_hook)(struc EXPORT_SYMBOL(nf_nat_decode_session_hook); #endif @@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -206,6 +206,23 @@ repeat: +@@ -223,6 +223,23 @@ repeat: return NF_ACCEPT; } @@ -183,7 +183,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* Caller must hold rcu read-side lock */ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) { -@@ -221,12 +238,12 @@ void nf_reinject(struct nf_queue_entry * +@@ -238,12 +255,12 @@ void nf_reinject(struct nf_queue_entry * net = entry->state.net; pf = entry->state.pf; diff --git a/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch b/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch index d9009b8e1f..2a9a6d94c5 100644 --- a/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch +++ b/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch @@ -64,7 +64,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return net->nf.hooks_decnet + reg->hooknum; default: WARN_ON_ONCE(1); -@@ -549,21 +559,21 @@ void (*nf_nat_decode_session_hook)(struc +@@ -550,21 +560,21 @@ void (*nf_nat_decode_session_hook)(struc EXPORT_SYMBOL(nf_nat_decode_session_hook); #endif diff --git a/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch index 26a93c40ae..0019802f2c 100644 --- a/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch +++ b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch @@ -55,7 +55,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> default: WARN_ON_ONCE(1); return NULL; -@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init +@@ -574,7 +576,9 @@ static int __net_init netfilter_net_init __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); diff --git a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch index 41675c3494..9e55dabdc9 100644 --- a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch +++ b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch @@ -137,7 +137,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> case NFPROTO_IPV4: if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum)) return NULL; -@@ -573,8 +577,12 @@ static int __net_init netfilter_net_init +@@ -574,8 +578,12 @@ static int __net_init netfilter_net_init { __netfilter_net_init(net->nf.hooks_ipv4, ARRAY_SIZE(net->nf.hooks_ipv4)); __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); @@ -152,7 +152,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #endif --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -209,8 +209,10 @@ repeat: +@@ -226,8 +226,10 @@ repeat: static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum) { switch (pf) { diff --git a/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch b/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch index 7d450f95f0..55bc7ec1e8 100644 --- a/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch +++ b/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch @@ -87,7 +87,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!pp) return -EINVAL; -@@ -397,7 +399,7 @@ void nf_unregister_net_hook(struct net * +@@ -398,7 +400,7 @@ void nf_unregister_net_hook(struct net * struct nf_hook_entries __rcu **pp; struct nf_hook_entries *p; diff --git a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch index 8fea44b359..30d5c5843b 100644 --- a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch +++ b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch @@ -13,7 +13,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -356,7 +356,7 @@ int nf_register_net_hook(struct net *net +@@ -357,7 +357,7 @@ int nf_register_net_hook(struct net *net EXPORT_SYMBOL(nf_register_net_hook); /* @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * * @oldp: current address of hook blob * @unreg: hook to unregister -@@ -364,8 +364,8 @@ EXPORT_SYMBOL(nf_register_net_hook); +@@ -365,8 +365,8 @@ EXPORT_SYMBOL(nf_register_net_hook); * This cannot fail, hook unregistration must always succeed. * Therefore replace the to-be-removed hook with a dummy hook. */ @@ -33,7 +33,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nf_hook_ops **orig_ops; bool found = false; -@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net * +@@ -412,7 +412,7 @@ void nf_unregister_net_hook(struct net * return; } diff --git a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch index 4c52635c13..49e856b70e 100644 --- a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch +++ b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch @@ -13,7 +13,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -365,7 +365,7 @@ EXPORT_SYMBOL(nf_register_net_hook); +@@ -366,7 +366,7 @@ EXPORT_SYMBOL(nf_register_net_hook); * Therefore replace the to-be-removed hook with a dummy hook. */ static void nf_remove_net_hook(struct nf_hook_entries *old, @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> { struct nf_hook_ops **orig_ops; bool found = false; -@@ -383,14 +383,14 @@ static void nf_remove_net_hook(struct nf +@@ -384,14 +384,14 @@ static void nf_remove_net_hook(struct nf if (found) { #ifdef CONFIG_NETFILTER_INGRESS @@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> } } -@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net * +@@ -412,7 +412,7 @@ void nf_unregister_net_hook(struct net * return; } diff --git a/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch b/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch index b112855132..722ba9d4aa 100644 --- a/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch +++ b/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch @@ -39,9 +39,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!pp) return -EINVAL; -@@ -343,17 +344,16 @@ int nf_register_net_hook(struct net *net +@@ -344,17 +345,16 @@ int nf_register_net_hook(struct net *net + return PTR_ERR(new_hooks); - hooks_validate(new_hooks); #ifdef CONFIG_NETFILTER_INGRESS - if (reg->pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) + if (pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) @@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* * nf_remove_net_hook - remove a hook from blob -@@ -394,12 +394,13 @@ static void nf_remove_net_hook(struct nf +@@ -395,12 +395,13 @@ static void nf_remove_net_hook(struct nf } } @@ -75,7 +75,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!pp) return; -@@ -411,7 +412,7 @@ void nf_unregister_net_hook(struct net * +@@ -412,7 +413,7 @@ void nf_unregister_net_hook(struct net * return; } @@ -84,7 +84,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> p = __nf_hook_entries_try_shrink(pp); mutex_unlock(&nf_hook_mutex); -@@ -421,8 +422,42 @@ void nf_unregister_net_hook(struct net * +@@ -422,8 +423,42 @@ void nf_unregister_net_hook(struct net * nf_queue_nf_hook_drop(net); nf_hook_entries_free(p); } diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch index 943b3eed30..c699c3aae3 100644 --- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch +++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch @@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #include <linux/netfilter_bridge.h> #include <linux/seq_file.h> #include <linux/rcupdate.h> -@@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n +@@ -121,6 +123,35 @@ void nf_queue_nf_hook_drop(struct net *n } EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); @@ -212,12 +212,11 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, const struct nf_hook_entries *entries, unsigned int index, unsigned int queuenum) -@@ -148,7 +179,16 @@ static int __nf_queue(struct sk_buff *sk - }; +@@ -165,7 +196,15 @@ static int __nf_queue(struct sk_buff *sk + return -ENOTCONN; + } - nf_queue_entry_get_refs(entry); - afinfo->saveroute(skb, entry); -+ + switch (entry->state.pf) { + case AF_INET: + nf_ip_saveroute(skb, entry); diff --git a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch index 810f57ca19..83c90ed893 100644 --- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch +++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch @@ -171,7 +171,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -271,7 +271,6 @@ void nf_reinject(struct nf_queue_entry * +@@ -287,7 +287,6 @@ void nf_reinject(struct nf_queue_entry * const struct nf_hook_entry *hook_entry; const struct nf_hook_entries *hooks; struct sk_buff *skb = entry->skb; @@ -179,7 +179,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> const struct net *net; unsigned int i; int err; -@@ -298,8 +297,7 @@ void nf_reinject(struct nf_queue_entry * +@@ -314,8 +313,7 @@ void nf_reinject(struct nf_queue_entry * verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state); if (verdict == NF_ACCEPT) { diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch index 20820e40ca..9911416c39 100644 --- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch +++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #include <net/protocol.h> #include <net/netfilter/nf_queue.h> #include <net/dst.h> -@@ -145,9 +147,9 @@ static int __nf_queue(struct sk_buff *sk +@@ -158,9 +160,9 @@ static int __nf_queue(struct sk_buff *sk { int status = -ENOENT; struct nf_queue_entry *entry = NULL; @@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* QUEUE == DROP if no one is waiting, to be safe. */ qh = rcu_dereference(net->nf.queue_handler); -@@ -156,11 +158,19 @@ static int __nf_queue(struct sk_buff *sk +@@ -169,11 +171,19 @@ static int __nf_queue(struct sk_buff *sk goto err; } @@ -83,7 +83,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!entry) { status = -ENOMEM; goto err; -@@ -175,7 +185,7 @@ static int __nf_queue(struct sk_buff *sk +@@ -188,7 +198,7 @@ static int __nf_queue(struct sk_buff *sk .skb = skb, .state = *state, .hook_index = index, @@ -91,4 +91,4 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + .size = sizeof(*entry) + route_key_size, }; - nf_queue_entry_get_refs(entry); + if (!nf_queue_entry_get_refs(entry)) { diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index bd26f2d163..698ddbc213 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct pernet_operations nfnl_log_net_ops = { --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c -@@ -1511,10 +1511,15 @@ static int __net_init nfnl_queue_net_ini +@@ -1517,10 +1517,15 @@ static int __net_init nfnl_queue_net_ini static void __net_exit nfnl_queue_net_exit(struct net *net) { |