kernel: bump 4.14 to 4.14.154

[openwrt/staging/chunkeey.git] / target / linux / generic / backport-4.14 / 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch

diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
index b279e8c30adf69e1c6832b82517c1757a03f5c8b..ed33b2fc5f8b232ff390dd3694059a44224891c7 100644 (file)
--- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
+++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -897,8 +897,6 @@ struct nft_stats {
+@@ -898,8 +898,6 @@ struct nft_stats {
        struct u64_stats_sync   syncp;
  };
  
@@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  /**
   *    struct nft_base_chain - nf_tables base chain
   *
-@@ -910,7 +908,7 @@ struct nft_stats {
+@@ -911,7 +909,7 @@ struct nft_stats {
   *    @dev_name: device name that this base chain is attached to (if any)
   */
  struct nft_base_chain {
@@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        const struct nf_chain_type      *type;
        u8                              policy;
        u8                              flags;
-@@ -971,8 +969,6 @@ enum nft_af_flags {
+@@ -972,8 +970,6 @@ enum nft_af_flags {
   *    @owner: module owner
   *    @tables: used internally
   *    @flags: family flags
@@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *    @hooks: hookfn overrides for packet validation
   */
  struct nft_af_info {
-@@ -982,9 +978,6 @@ struct nft_af_info {
+@@ -983,9 +979,6 @@ struct nft_af_info {
        struct module                   *owner;
        struct list_head                tables;
        u32                             flags;
@@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
-@@ -624,8 +621,7 @@ static void _nf_tables_table_disable(str
+@@ -639,8 +636,7 @@ static void _nf_tables_table_disable(str
                if (cnt && i++ == cnt)
                        break;
  
@@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        }
  }
  
-@@ -642,8 +638,7 @@ static int nf_tables_table_enable(struct
+@@ -657,8 +653,7 @@ static int nf_tables_table_enable(struct
                if (!nft_is_base_chain(chain))
                        continue;
  
@@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                if (err < 0)
                        goto err;
  
-@@ -1055,7 +1050,7 @@ static int nf_tables_fill_chain_info(str
+@@ -1070,7 +1065,7 @@ static int nf_tables_fill_chain_info(str
  
        if (nft_is_base_chain(chain)) {
                const struct nft_base_chain *basechain = nft_base_chain(chain);
@@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                struct nlattr *nest;
  
                nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
-@@ -1283,8 +1278,8 @@ static void nf_tables_chain_destroy(stru
+@@ -1298,8 +1293,8 @@ static void nf_tables_chain_destroy(stru
                free_percpu(basechain->stats);
                if (basechain->stats)
                        static_branch_dec(&nft_counters_enabled);
@@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                kfree(chain->name);
                kfree(basechain);
        } else {
-@@ -1380,7 +1375,6 @@ static int nf_tables_addchain(struct nft
+@@ -1395,7 +1390,6 @@ static int nf_tables_addchain(struct nft
        struct nft_stats __percpu *stats;
        struct net *net = ctx->net;
        struct nft_chain *chain;
@@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        int err;
  
        if (table->use == UINT_MAX)
-@@ -1419,21 +1413,18 @@ static int nf_tables_addchain(struct nft
+@@ -1434,21 +1428,18 @@ static int nf_tables_addchain(struct nft
                basechain->type = hook.type;
                chain = &basechain->chain;
  
@@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                chain->flags |= NFT_BASE_CHAIN;
                basechain->policy = policy;
-@@ -1451,7 +1442,7 @@ static int nf_tables_addchain(struct nft
+@@ -1466,7 +1457,7 @@ static int nf_tables_addchain(struct nft
                goto err1;
        }
  
@@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        if (err < 0)
                goto err1;
  
-@@ -1465,7 +1456,7 @@ static int nf_tables_addchain(struct nft
+@@ -1480,7 +1471,7 @@ static int nf_tables_addchain(struct nft
  
        return 0;
  err2:
@@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  err1:
        nf_tables_chain_destroy(chain);
  
-@@ -1478,13 +1469,12 @@ static int nf_tables_updchain(struct nft
+@@ -1493,13 +1484,12 @@ static int nf_tables_updchain(struct nft
        const struct nlattr * const *nla = ctx->nla;
        struct nft_table *table = ctx->table;
        struct nft_chain *chain = ctx->chain;
@@ -243,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
        if (nla[NFTA_CHAIN_HOOK]) {
                if (!nft_is_base_chain(chain))
-@@ -1501,14 +1491,12 @@ static int nf_tables_updchain(struct nft
+@@ -1516,14 +1506,12 @@ static int nf_tables_updchain(struct nft
                        return -EBUSY;
                }
  
@@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                }
                nft_chain_release_hook(&hook);
        }
-@@ -5134,10 +5122,9 @@ static int nf_tables_commit(struct net *
+@@ -5156,10 +5144,9 @@ static int nf_tables_commit(struct net *
                case NFT_MSG_DELCHAIN:
                        list_del_rcu(&trans->ctx.chain->list);
                        nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
@@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                        break;
                case NFT_MSG_NEWRULE:
                        nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5274,10 +5261,9 @@ static int nf_tables_abort(struct net *n
+@@ -5296,10 +5283,9 @@ static int nf_tables_abort(struct net *n
                        } else {
                                trans->ctx.table->use--;
                                list_del_rcu(&trans->ctx.chain->list);
@@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                        }
                        break;
                case NFT_MSG_DELCHAIN:
-@@ -5380,7 +5366,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5402,7 +5388,7 @@ int nft_chain_validate_hooks(const struc
        if (nft_is_base_chain(chain)) {
                basechain = nft_base_chain(chain);
  
@@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                        return 0;
  
                return -EOPNOTSUPP;
-@@ -5862,8 +5848,7 @@ int __nft_release_basechain(struct nft_c
+@@ -5884,8 +5870,7 @@ int __nft_release_basechain(struct nft_c
  
        BUG_ON(!nft_is_base_chain(ctx->chain));
  
@@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
                list_del(&rule->list);
                ctx->chain->use--;
-@@ -5892,8 +5877,7 @@ static void __nft_release_afinfo(struct
+@@ -5914,8 +5899,7 @@ static void __nft_release_afinfo(struct
  
        list_for_each_entry_safe(table, nt, &afi->tables, list) {
                list_for_each_entry(chain, &table->chains, list)
@@ -361,7 +361,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                par->hook_mask = 1 << ops->hooknum;
        } else {
-@@ -317,7 +317,7 @@ static int nft_target_validate(const str
+@@ -318,7 +318,7 @@ static int nft_target_validate(const str
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);
@@ -370,7 +370,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                hook_mask = 1 << ops->hooknum;
                if (target->hooks && !(hook_mask & target->hooks))
-@@ -414,7 +414,7 @@ nft_match_set_mtchk_param(struct xt_mtch
+@@ -415,7 +415,7 @@ nft_match_set_mtchk_param(struct xt_mtch
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);
@@ -379,7 +379,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                par->hook_mask = 1 << ops->hooknum;
        } else {
-@@ -564,7 +564,7 @@ static int nft_match_validate(const stru
+@@ -566,7 +566,7 @@ static int nft_match_validate(const stru
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);