diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch')
| -rw-r--r-- | target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index 22720aa..a7ce0df 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -12,7 +12,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h -@@ -369,6 +369,7 @@ void nft_unregister_set(struct nft_set_t +@@ -370,6 +370,7 @@ void nft_unregister_set(struct nft_set_t * @list: table set list node * @bindings: list of set bindings * @name: name of the set @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @ktype: key type (numeric type defined by userspace, not used in the kernel) * @dtype: data type (verdict or numeric type defined by userspace) * @objtype: object type (see NFT_OBJECT_* definitions) -@@ -391,6 +392,7 @@ struct nft_set { +@@ -392,6 +393,7 @@ struct nft_set { struct list_head list; struct list_head bindings; char *name; @@ -28,7 +28,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 ktype; u32 dtype; u32 objtype; -@@ -936,6 +938,7 @@ unsigned int nft_do_chain(struct nft_pkt +@@ -941,6 +943,7 @@ unsigned int nft_do_chain(struct nft_pkt * @objects: stateful objects in the table * @flowtables: flow tables in the table * @hgenerator: handle generator state @@ -36,7 +36,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @use: number of chain references to this table * @flags: table flag (see enum nft_table_flags) * @genmask: generation mask -@@ -949,6 +952,7 @@ struct nft_table { +@@ -954,6 +957,7 @@ struct nft_table { struct list_head objects; struct list_head flowtables; u64 hgenerator; @@ -44,7 +44,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 use; u16 family:6, flags:8, -@@ -973,9 +977,9 @@ int nft_verdict_dump(struct sk_buff *skb +@@ -978,9 +982,9 @@ int nft_verdict_dump(struct sk_buff *skb * @name: name of this stateful object * @genmask: generation mask * @use: number of references to this stateful object @@ -56,7 +56,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> */ struct nft_object { struct list_head list; -@@ -983,6 +987,7 @@ struct nft_object { +@@ -988,6 +992,7 @@ struct nft_object { struct nft_table *table; u32 genmask:2, use:30; @@ -64,7 +64,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* runtime data below here */ const struct nft_object_ops *ops ____cacheline_aligned; unsigned char data[] -@@ -1064,6 +1069,7 @@ void nft_unregister_obj(struct nft_objec +@@ -1069,6 +1074,7 @@ void nft_unregister_obj(struct nft_objec * @ops_len: number of hooks in array * @genmask: generation mask * @use: number of references to this flow table @@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> * @data: rhashtable and garbage collector * @ops: array of hooks */ -@@ -1076,6 +1082,7 @@ struct nft_flowtable { +@@ -1081,6 +1087,7 @@ struct nft_flowtable { int ops_len; u32 genmask:2, use:30; @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -332,6 +333,20 @@ static struct nft_table *nft_table_looku +@@ -361,6 +362,20 @@ static struct nft_table *nft_table_looku return NULL; } @@ -172,7 +172,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_table *nf_tables_table_lookup(const struct net *net, const struct nlattr *nla, u8 family, u8 genmask) -@@ -348,6 +363,22 @@ static struct nft_table *nf_tables_table +@@ -377,6 +392,22 @@ static struct nft_table *nf_tables_table return ERR_PTR(-ENOENT); } @@ -195,7 +195,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static inline u64 nf_tables_alloc_handle(struct nft_table *table) { return ++table->hgenerator; -@@ -394,6 +425,7 @@ static const struct nla_policy nft_table +@@ -423,6 +454,7 @@ static const struct nla_policy nft_table [NFTA_TABLE_NAME] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, [NFTA_TABLE_FLAGS] = { .type = NLA_U32 }, @@ -203,7 +203,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, -@@ -415,7 +447,9 @@ static int nf_tables_fill_table_info(str +@@ -444,7 +476,9 @@ static int nf_tables_fill_table_info(str if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) || nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) || @@ -214,7 +214,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -674,6 +708,7 @@ static int nf_tables_newtable(struct net +@@ -703,6 +737,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->flowtables); table->family = family; table->flags = flags; @@ -222,7 +222,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); -@@ -791,11 +826,18 @@ static int nf_tables_deltable(struct net +@@ -820,11 +855,18 @@ static int nf_tables_deltable(struct net struct nft_ctx ctx; nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); @@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(table)) return PTR_ERR(table); -@@ -1534,6 +1576,7 @@ static int nf_tables_delchain(struct net +@@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net struct nft_rule *rule; int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> u32 use; int err; -@@ -1542,7 +1585,12 @@ static int nf_tables_delchain(struct net +@@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net if (IS_ERR(table)) return PTR_ERR(table); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(chain)) return PTR_ERR(chain); -@@ -2508,6 +2556,7 @@ static const struct nla_policy nft_set_p +@@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p [NFTA_SET_USERDATA] = { .type = NLA_BINARY, .len = NFT_USERDATA_MAXLEN }, [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, @@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2551,6 +2600,22 @@ static struct nft_set *nf_tables_set_loo +@@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo return ERR_PTR(-ENOENT); } @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2666,6 +2731,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2705,6 +2770,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3074,6 +3142,7 @@ static int nf_tables_newset(struct net * +@@ -3113,6 +3181,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> err = ops->init(set, &desc, nla); if (err < 0) -@@ -3133,7 +3202,10 @@ static int nf_tables_delset(struct net * +@@ -3172,7 +3241,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(set)) return PTR_ERR(set); -@@ -4189,6 +4261,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4232,6 +4304,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4196,6 +4283,7 @@ static const struct nla_policy nft_obj_p +@@ -4239,6 +4326,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4343,6 +4431,8 @@ static int nf_tables_newobj(struct net * +@@ -4386,6 +4474,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4389,7 +4479,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4432,7 +4522,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4587,7 +4679,7 @@ static int nf_tables_delobj(struct net * +@@ -4630,7 +4722,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4596,7 +4688,12 @@ static int nf_tables_delobj(struct net * +@@ -4639,7 +4731,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4668,6 +4765,7 @@ static const struct nla_policy nft_flowt +@@ -4711,6 +4808,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4685,6 +4783,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4728,6 +4826,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4893,6 +5005,8 @@ static int nf_tables_newflowtable(struct +@@ -4936,6 +5048,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -4967,8 +5081,14 @@ static int nf_tables_delflowtable(struct +@@ -5010,8 +5124,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5001,7 +5121,9 @@ static int nf_tables_fill_flowtable_info +@@ -5044,7 +5164,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || |