projects
/
openwrt
/
openwrt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
kernel: bump 4.14 to 4.14.120
[openwrt/openwrt.git]
/
target
/
linux
/
generic
/
backport-4.14
/
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
diff --git
a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
index 15892e6933be22d22cdbf059311b23f38f76b1e0..e6f2058adae233482f216a9b3061c24b7c6298bd 100644
(file)
--- a/
target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
+++ b/
target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
@@
-108,7
+108,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx->table = table;
ctx->chain = chain;
ctx->nla = nla;
ctx->table = table;
ctx->chain = chain;
ctx->nla = nla;
-@@ -4
17,30 +416
,31 @@ static int nft_delflowtable(struct nft_c
+@@ -4
29,30 +428
,31 @@ static int nft_delflowtable(struct nft_c
* Tables
*/
* Tables
*/
@@
-146,7
+146,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (table != NULL)
return table;
if (table != NULL)
return table;
-@@ -5
39,7 +539
,7 @@ static void nf_tables_table_notify(const
+@@ -5
51,7 +551
,7 @@ static void nf_tables_table_notify(const
goto err;
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
goto err;
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
@@
-155,7
+155,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0) {
kfree_skb(skb);
goto err;
if (err < 0) {
kfree_skb(skb);
goto err;
-@@ -5
56,7 +556
,6 @@ static int nf_tables_dump_tables(struct
+@@ -5
68,7 +568
,6 @@ static int nf_tables_dump_tables(struct
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@
-163,7
+163,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
-@@ -5
65,30 +564
,27 @@ static int nf_tables_dump_tables(struct
+@@ -5
77,30 +576
,27 @@ static int nf_tables_dump_tables(struct
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-211,7
+211,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
done:
rcu_read_unlock();
}
done:
rcu_read_unlock();
-@@ -6
20,7 +616
,8 @@ static int nf_tables_gettable(struct net
+@@ -6
32,7 +628
,8 @@ static int nf_tables_gettable(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-221,7
+221,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -7
51,7 +748
,7 @@ static int nf_tables_newtable(struct net
+@@ -7
63,7 +760
,7 @@ static int nf_tables_newtable(struct net
return PTR_ERR(afi);
name = nla[NFTA_TABLE_NAME];
return PTR_ERR(afi);
name = nla[NFTA_TABLE_NAME];
@@
-230,7
+230,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table)) {
if (PTR_ERR(table) != -ENOENT)
return PTR_ERR(table);
if (IS_ERR(table)) {
if (PTR_ERR(table) != -ENOENT)
return PTR_ERR(table);
-@@ -7
61,7 +758
,7 @@ static int nf_tables_newtable(struct net
+@@ -7
73,7 +770
,7 @@ static int nf_tables_newtable(struct net
if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
@@
-239,7
+239,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return nf_tables_updtable(&ctx);
}
return nf_tables_updtable(&ctx);
}
-@@ -
788,14 +785
,15 @@ static int nf_tables_newtable(struct net
+@@ -
800,14 +797
,15 @@ static int nf_tables_newtable(struct net
INIT_LIST_HEAD(&table->sets);
INIT_LIST_HEAD(&table->objects);
INIT_LIST_HEAD(&table->flowtables);
INIT_LIST_HEAD(&table->sets);
INIT_LIST_HEAD(&table->objects);
INIT_LIST_HEAD(&table->flowtables);
@@
-257,7
+257,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
err4:
kfree(table->name);
return 0;
err4:
kfree(table->name);
-@@ -8
69,30 +867
,28 @@ out:
+@@ -8
81,30 +879
,28 @@ out:
static int nft_flush(struct nft_ctx *ctx, int family)
{
static int nft_flush(struct nft_ctx *ctx, int family)
{
@@
-301,7
+301,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
out:
return err;
}
out:
return err;
-@@ -9
10,7 +906
,7 @@ static int nf_tables_deltable(struct net
+@@ -9
22,7 +918
,7 @@ static int nf_tables_deltable(struct net
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
@@
-310,7
+310,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
return nft_flush(&ctx, family);
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
return nft_flush(&ctx, family);
-@@ -9
18,7 +914
,8 @@ static int nf_tables_deltable(struct net
+@@ -9
30,7 +926
,8 @@ static int nf_tables_deltable(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-320,7
+320,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -9
26,7 +923
,7 @@ static int nf_tables_deltable(struct net
+@@ -9
38,7 +935
,7 @@ static int nf_tables_deltable(struct net
table->use > 0)
return -EBUSY;
table->use > 0)
return -EBUSY;
@@
-329,7
+329,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx.table = table;
return nft_flush_table(&ctx);
ctx.table = table;
return nft_flush_table(&ctx);
-@@ -9
38,7 +935
,7 @@ static void nf_tables_table_destroy(stru
+@@ -9
50,7 +947
,7 @@ static void nf_tables_table_destroy(stru
kfree(ctx->table->name);
kfree(ctx->table);
kfree(ctx->table->name);
kfree(ctx->table);
@@
-338,7
+338,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
int nft_register_chain_type(const struct nf_chain_type *ctype)
}
int nft_register_chain_type(const struct nf_chain_type *ctype)
-@@ -11
39,7 +1136
,7 @@ static void nf_tables_chain_notify(const
+@@ -11
51,7 +1148
,7 @@ static void nf_tables_chain_notify(const
goto err;
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
goto err;
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
@@
-347,7
+347,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx->chain);
if (err < 0) {
kfree_skb(skb);
ctx->chain);
if (err < 0) {
kfree_skb(skb);
-@@ -11
57,7 +1154
,6 @@ static int nf_tables_dump_chains(struct
+@@ -11
69,7 +1166
,6 @@ static int nf_tables_dump_chains(struct
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@
-355,7
+355,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
const struct nft_chain *chain;
unsigned int idx = 0, s_idx = cb->args[0];
const struct nft_table *table;
const struct nft_chain *chain;
unsigned int idx = 0, s_idx = cb->args[0];
-@@ -11
67,31 +1163
,30 @@ static int nf_tables_dump_chains(struct
+@@ -11
79,31 +1175
,30 @@ static int nf_tables_dump_chains(struct
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-407,7
+407,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
}
}
done:
-@@ -12
25,7 +1220
,8 @@ static int nf_tables_getchain(struct net
+@@ -12
37,7 +1232
,8 @@ static int nf_tables_getchain(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-417,7
+417,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -13
35,8 +1331
,8 @@ struct nft_chain_hook {
+@@ -13
47,8 +1343
,8 @@ struct nft_chain_hook {
static int nft_chain_parse_hook(struct net *net,
const struct nlattr * const nla[],
static int nft_chain_parse_hook(struct net *net,
const struct nlattr * const nla[],
@@
-428,7
+428,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
{
struct nlattr *ha[NFTA_HOOK_MAX + 1];
const struct nf_chain_type *type;
{
struct nlattr *ha[NFTA_HOOK_MAX + 1];
const struct nf_chain_type *type;
-@@ -13
55,10 +1351
,10 @@ static int nft_chain_parse_hook(struct n
+@@ -13
67,10 +1363
,10 @@ static int nft_chain_parse_hook(struct n
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
@@
-441,7
+441,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(type))
return PTR_ERR(type);
}
if (IS_ERR(type))
return PTR_ERR(type);
}
-@@ -13
70,7 +1366
,7 @@ static int nft_chain_parse_hook(struct n
+@@ -13
82,7 +1378
,7 @@ static int nft_chain_parse_hook(struct n
hook->type = type;
hook->dev = NULL;
hook->type = type;
hook->dev = NULL;
@@
-450,7
+450,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
char ifname[IFNAMSIZ];
if (!ha[NFTA_HOOK_DEV]) {
char ifname[IFNAMSIZ];
if (!ha[NFTA_HOOK_DEV]) {
-@@ -14
05,7 +1401
,6 @@ static int nf_tables_addchain(struct nft
+@@ -14
17,7 +1413
,6 @@ static int nf_tables_addchain(struct nft
{
const struct nlattr * const *nla = ctx->nla;
struct nft_table *table = ctx->table;
{
const struct nlattr * const *nla = ctx->nla;
struct nft_table *table = ctx->table;
@@
-458,7
+458,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_base_chain *basechain;
struct nft_stats __percpu *stats;
struct net *net = ctx->net;
struct nft_base_chain *basechain;
struct nft_stats __percpu *stats;
struct net *net = ctx->net;
-@@ -14
19,7 +1414
,7 @@ static int nf_tables_addchain(struct nft
+@@ -14
31,7 +1426
,7 @@ static int nf_tables_addchain(struct nft
struct nft_chain_hook hook;
struct nf_hook_ops *ops;
struct nft_chain_hook hook;
struct nf_hook_ops *ops;
@@
-467,7
+467,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0)
return err;
if (err < 0)
return err;
-@@ -15
11,7 +1506
,7 @@ static int nf_tables_updchain(struct nft
+@@ -15
23,7 +1518
,7 @@ static int nf_tables_updchain(struct nft
if (!nft_is_base_chain(chain))
return -EBUSY;
if (!nft_is_base_chain(chain))
return -EBUSY;
@@
-476,7
+476,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
create);
if (err < 0)
return err;
create);
if (err < 0)
return err;
-@@ -16
21,7 +1616
,8 @@ static int nf_tables_newchain(struct net
+@@ -16
33,7 +1628
,8 @@ static int nf_tables_newchain(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-486,7
+486,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -16
61,7 +1657
,7 @@ static int nf_tables_newchain(struct net
+@@ -16
73,7 +1669
,7 @@ static int nf_tables_newchain(struct net
}
}
}
}
@@
-495,7
+495,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (chain != NULL) {
if (nlh->nlmsg_flags & NLM_F_EXCL)
if (chain != NULL) {
if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -1
695,7 +1691
,8 @@ static int nf_tables_delchain(struct net
+@@ -1
707,7 +1703
,8 @@ static int nf_tables_delchain(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-505,7
+505,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -17
07,7 +1704
,7 @@ static int nf_tables_delchain(struct net
+@@ -17
19,7 +1716
,7 @@ static int nf_tables_delchain(struct net
chain->use > 0)
return -EBUSY;
chain->use > 0)
return -EBUSY;
@@
-514,7
+514,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
use = chain->use;
list_for_each_entry(rule, &chain->rules, list) {
use = chain->use;
list_for_each_entry(rule, &chain->rules, list) {
-@@ -18
72,7 +1869
,7 @@ static int nf_tables_expr_parse(const st
+@@ -18
87,7 +1884
,7 @@ static int nf_tables_expr_parse(const st
if (err < 0)
return err;
if (err < 0)
return err;
@@
-523,7
+523,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(type))
return PTR_ERR(type);
if (IS_ERR(type))
return PTR_ERR(type);
-@@ -2
096,7 +2093
,7 @@ static void nf_tables_rule_notify(const
+@@ -2
115,7 +2112
,7 @@ static void nf_tables_rule_notify(const
goto err;
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
goto err;
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
@@
-532,7
+532,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ctx->chain, rule);
if (err < 0) {
kfree_skb(skb);
ctx->chain, rule);
if (err < 0) {
kfree_skb(skb);
-@@ -21
20,7 +2117
,6 @@ static int nf_tables_dump_rules(struct s
+@@ -21
39,7 +2136
,6 @@ static int nf_tables_dump_rules(struct s
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
const struct nft_rule_dump_ctx *ctx = cb->data;
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
const struct nft_rule_dump_ctx *ctx = cb->data;
@@
-540,7
+540,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
const struct nft_chain *chain;
const struct nft_rule *rule;
const struct nft_table *table;
const struct nft_chain *chain;
const struct nft_rule *rule;
-@@ -21
31,39 +2127
,37 @@ static int nf_tables_dump_rules(struct s
+@@ -21
50,39 +2146
,37 @@ static int nf_tables_dump_rules(struct s
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-605,7
+605,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
}
}
}
}
-@@ -22
41,7 +2235
,8 @@ static int nf_tables_getrule(struct net
+@@ -22
60,7 +2254
,8 @@ static int nf_tables_getrule(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-615,7
+615,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -23
26,7 +2321
,8 @@ static int nf_tables_newrule(struct net
+@@ -23
45,7 +2340
,8 @@ static int nf_tables_newrule(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-625,7
+625,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -23
65,7 +2361
,7 @@ static int nf_tables_newrule(struct net
+@@ -23
84,7 +2380
,7 @@ static int nf_tables_newrule(struct net
return PTR_ERR(old_rule);
}
return PTR_ERR(old_rule);
}
@@
-634,7
+634,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
n = 0;
size = 0;
n = 0;
size = 0;
-@@ -2
498,7 +2494
,8 @@ static int nf_tables_delrule(struct net
+@@ -2
517,7 +2513
,8 @@ static int nf_tables_delrule(struct net
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-644,7
+644,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -25
09,7 +2506
,7 @@ static int nf_tables_delrule(struct net
+@@ -25
28,7 +2525
,7 @@ static int nf_tables_delrule(struct net
return PTR_ERR(chain);
}
return PTR_ERR(chain);
}
@@
-653,7
+653,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (chain) {
if (nla[NFTA_RULE_HANDLE]) {
if (chain) {
if (nla[NFTA_RULE_HANDLE]) {
-@@ -27
07,13 +2704
,13 @@ static int nft_ctx_init_from_setattr(str
+@@ -27
26,13 +2723
,13 @@ static int nft_ctx_init_from_setattr(str
if (afi == NULL)
return -EAFNOSUPPORT;
if (afi == NULL)
return -EAFNOSUPPORT;
@@
-670,7
+670,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
}
return 0;
}
-@@ -28
41,7 +2838
,7 @@ static int nf_tables_fill_set(struct sk_
+@@ -28
60,7 +2857
,7 @@ static int nf_tables_fill_set(struct sk_
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
@@
-679,7
+679,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
-@@ -29
33,10 +2930
,8 @@ static int nf_tables_dump_sets(struct sk
+@@ -29
52,10 +2949
,8 @@ static int nf_tables_dump_sets(struct sk
{
const struct nft_set *set;
unsigned int idx, s_idx = cb->args[0];
{
const struct nft_set *set;
unsigned int idx, s_idx = cb->args[0];
@@
-690,7
+690,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_ctx *ctx = cb->data, ctx_set;
if (cb->args[1])
struct nft_ctx *ctx = cb->data, ctx_set;
if (cb->args[1])
-@@ -29
45,51 +2940
,44 @@ static int nf_tables_dump_sets(struct sk
+@@ -29
64,51 +2959
,44 @@ static int nf_tables_dump_sets(struct sk
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-771,7
+771,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
cb->args[1] = 1;
done:
}
cb->args[1] = 1;
done:
-@@ -3
199,11 +3187
,12 @@ static int nf_tables_newset(struct net *
+@@ -3
218,11 +3206
,12 @@ static int nf_tables_newset(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-786,7
+786,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
if (IS_ERR(set)) {
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
if (IS_ERR(set)) {
-@@ -34
72,12 +3461
,12 @@ static int nft_ctx_init_from_elemattr(st
+@@ -34
91,12 +3480
,12 @@ static int nft_ctx_init_from_elemattr(st
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-802,7
+802,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return 0;
}
return 0;
}
-@@ -3
582,7 +3571
,6 @@ static int nf_tables_dump_set(struct sk_
+@@ -3
601,7 +3590
,6 @@ static int nf_tables_dump_set(struct sk_
{
struct nft_set_dump_ctx *dump_ctx = cb->data;
struct net *net = sock_net(skb->sk);
{
struct nft_set_dump_ctx *dump_ctx = cb->data;
struct net *net = sock_net(skb->sk);
@@
-810,7
+810,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
struct nft_table *table;
struct nft_set *set;
struct nft_set_dump_args args;
struct nft_table *table;
struct nft_set *set;
struct nft_set_dump_args args;
-@@ -3
594,21 +3582
,19 @@ static int nf_tables_dump_set(struct sk_
+@@ -3
613,21 +3601
,19 @@ static int nf_tables_dump_set(struct sk_
int event;
rcu_read_lock();
int event;
rcu_read_lock();
@@
-841,7
+841,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
break;
}
}
break;
}
-@@ -36
28,7 +3614
,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -36
47,7 +3633
,7 @@ static int nf_tables_dump_set(struct sk_
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
@@
-850,7
+850,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
-@@ -37
30,7 +3716
,7 @@ static int nf_tables_fill_setelem_info(s
+@@ -37
49,7 +3735
,7 @@ static int nf_tables_fill_setelem_info(s
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
@@
-859,7
+859,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
-@@ -39
74,7 +3960
,7 @@ static int nft_add_set_elem(struct nft_c
+@@ -39
93,7 +3979
,7 @@ static int nft_add_set_elem(struct nft_c
list_for_each_entry(binding, &set->bindings, list) {
struct nft_ctx bind_ctx = {
.net = ctx->net,
list_for_each_entry(binding, &set->bindings, list) {
struct nft_ctx bind_ctx = {
.net = ctx->net,
@@
-868,7
+868,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
.table = ctx->table,
.chain = (struct nft_chain *)binding->chain,
};
.table = ctx->table,
.chain = (struct nft_chain *)binding->chain,
};
-@@ -45
26,7 +4512
,8 @@ static int nf_tables_newobj(struct net *
+@@ -45
45,7 +4531
,8 @@ static int nf_tables_newobj(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-878,7
+878,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -45
44,7 +4531
,7 @@ static int nf_tables_newobj(struct net *
+@@ -45
63,7 +4550
,7 @@ static int nf_tables_newobj(struct net *
return 0;
}
return 0;
}
@@
-887,7
+887,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
type = nft_obj_type_get(objtype);
if (IS_ERR(type))
type = nft_obj_type_get(objtype);
if (IS_ERR(type))
-@@ -46
21,7 +4608
,6 @@ struct nft_obj_filter {
+@@ -46
40,7 +4627
,6 @@ struct nft_obj_filter {
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@
-895,7
+895,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct nft_obj_filter *filter = cb->data;
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct nft_obj_filter *filter = cb->data;
-@@ -46
36,38 +4622
,37 @@ static int nf_tables_dump_obj(struct sk_
+@@ -46
55,38 +4641
,37 @@ static int nf_tables_dump_obj(struct sk_
rcu_read_lock();
cb->seq = net->nft.base_seq;
rcu_read_lock();
cb->seq = net->nft.base_seq;
@@
-960,7
+960,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
}
}
done:
-@@ -47
54,7 +4739
,8 @@ static int nf_tables_getobj(struct net *
+@@ -47
73,7 +4758
,8 @@ static int nf_tables_getobj(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-970,7
+970,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -48
14,7 +4800
,8 @@ static int nf_tables_delobj(struct net *
+@@ -48
33,7 +4819
,8 @@ static int nf_tables_delobj(struct net *
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-980,7
+980,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -48
25,7 +4812
,7 @@ static int nf_tables_delobj(struct net *
+@@ -48
44,7 +4831
,7 @@ static int nf_tables_delobj(struct net *
if (obj->use > 0)
return -EBUSY;
if (obj->use > 0)
return -EBUSY;
@@
-989,7
+989,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return nft_delobj(&ctx, obj);
}
return nft_delobj(&ctx, obj);
}
-@@ -48
63,7 +4850
,7 @@ static void nf_tables_obj_notify(const s
+@@ -48
82,7 +4869
,7 @@ static void nf_tables_obj_notify(const s
struct nft_object *obj, int event)
{
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
struct nft_object *obj, int event)
{
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
@@
-998,7
+998,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
/*
}
/*
-@@ -50
53,7 +5040
,7 @@ void nft_flow_table_iterate(struct net *
+@@ -50
72,7 +5059
,7 @@ void nft_flow_table_iterate(struct net *
rcu_read_lock();
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
rcu_read_lock();
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
@@
-1007,7
+1007,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
iter(&flowtable->data, data);
}
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
iter(&flowtable->data, data);
}
-@@ -51
01,7 +5088
,8 @@ static int nf_tables_newflowtable(struct
+@@ -51
20,7 +5107
,8 @@ static int nf_tables_newflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-1017,7
+1017,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -51
18,7 +5106
,7 @@ static int nf_tables_newflowtable(struct
+@@ -51
37,7 +5125
,7 @@ static int nf_tables_newflowtable(struct
return 0;
}
return 0;
}
@@
-1026,7
+1026,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
if (!flowtable)
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
if (!flowtable)
-@@ -5
199,7 +5187
,8 @@ static int nf_tables_delflowtable(struct
+@@ -5
218,7 +5206
,8 @@ static int nf_tables_delflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-1036,7
+1036,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -52
10,7 +5199
,7 @@ static int nf_tables_delflowtable(struct
+@@ -52
29,7 +5218
,7 @@ static int nf_tables_delflowtable(struct
if (flowtable->use > 0)
return -EBUSY;
if (flowtable->use > 0)
return -EBUSY;
@@
-1045,7
+1045,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
return nft_delflowtable(&ctx, flowtable);
}
return nft_delflowtable(&ctx, flowtable);
}
-@@ -52
79,40 +5268
,37 @@ static int nf_tables_dump_flowtable(stru
+@@ -52
98,40 +5287
,37 @@ static int nf_tables_dump_flowtable(stru
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
@@
-1107,7
+1107,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
done:
}
}
done:
-@@ -5
397,7 +5383
,8 @@ static int nf_tables_getflowtable(struct
+@@ -5
416,7 +5402
,8 @@ static int nf_tables_getflowtable(struct
if (IS_ERR(afi))
return PTR_ERR(afi);
if (IS_ERR(afi))
return PTR_ERR(afi);
@@
-1117,7
+1117,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -54
40,7 +5427
,7 @@ static void nf_tables_flowtable_notify(s
+@@ -54
59,7 +5446
,7 @@ static void nf_tables_flowtable_notify(s
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
ctx->seq, event, 0,
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
ctx->seq, event, 0,
@@
-1126,7
+1126,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (err < 0) {
kfree_skb(skb);
goto err;
if (err < 0) {
kfree_skb(skb);
goto err;
-@@ -55
18,17 +5505
,14 @@ static int nf_tables_flowtable_event(str
+@@ -55
37,17 +5524
,14 @@ static int nf_tables_flowtable_event(str
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct nft_flowtable *flowtable;
struct nft_table *table;
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct nft_flowtable *flowtable;
struct nft_table *table;
@@
-1147,7
+1147,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
}
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
}
}
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
-@@ -65
54,6 +6538
,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
+@@ -65
73,6 +6557
,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
static int __net_init nf_tables_init_net(struct net *net)
{
INIT_LIST_HEAD(&net->nft.af_info);
static int __net_init nf_tables_init_net(struct net *net)
{
INIT_LIST_HEAD(&net->nft.af_info);
@@
-1155,7
+1155,7
@@
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
INIT_LIST_HEAD(&net->nft.commit_list);
net->nft.base_seq = 1;
return 0;
INIT_LIST_HEAD(&net->nft.commit_list);
net->nft.base_seq = 1;
return 0;
-@@ -6
590,10 +6575
,10 @@ static void __nft_release_afinfo(struct
+@@ -6
609,10 +6594
,10 @@ static void __nft_release_afinfo(struct
struct nft_set *set, *ns;
struct nft_ctx ctx = {
.net = net,
struct nft_set *set, *ns;
struct nft_ctx ctx = {
.net = net,