kernel: bump 4.14 to 4.14.232

[openwrt/openwrt.git] / target / linux / generic / backport-4.14 / 320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch

diff --git a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch
index 5aae823ed7fe03bb2aadede782f01f4e3df1a4eb..1a4321cb960075ca67240946f631fff2f4410692 100644 (file)
--- a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch
+++ b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch
@@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
-@@ -901,6 +901,9 @@ static unsigned int early_drop_list(stru
+@@ -975,6 +975,9 @@ static unsigned int early_drop_list(stru
        hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) {
                tmp = nf_ct_tuplehash_to_ctrack(h);
  
@@ -57,7 +57,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                if (nf_ct_is_expired(tmp)) {
                        nf_ct_gc_expired(tmp);
                        continue;
-@@ -975,6 +978,18 @@ static bool gc_worker_can_early_drop(con
+@@ -1052,6 +1055,18 @@ static bool gc_worker_can_early_drop(con
        return false;
  }
  
@@ -76,7 +76,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static void gc_worker(struct work_struct *work)
  {
        unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u);
-@@ -1011,6 +1026,11 @@ static void gc_worker(struct work_struct
+@@ -1088,6 +1103,11 @@ static void gc_worker(struct work_struct
                        tmp = nf_ct_tuplehash_to_ctrack(h);
  
                        scanned++;
@@ -90,7 +90,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                                expired_count++;
 --- a/net/netfilter/nf_conntrack_netlink.c
 +++ b/net/netfilter/nf_conntrack_netlink.c
-@@ -1120,6 +1120,14 @@ static const struct nla_policy ct_nla_po
+@@ -1125,6 +1125,14 @@ static const struct nla_policy ct_nla_po
                                    .len = NF_CT_LABELS_MAX_SIZE },
  };
  
@@ -105,7 +105,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int ctnetlink_flush_conntrack(struct net *net,
                                     const struct nlattr * const cda[],
                                     u32 portid, int report)
-@@ -1132,7 +1140,7 @@ static int ctnetlink_flush_conntrack(str
+@@ -1137,7 +1145,7 @@ static int ctnetlink_flush_conntrack(str
                        return PTR_ERR(filter);
        }
  
@@ -114,7 +114,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                                  portid, report);
        kfree(filter);
  
-@@ -1178,6 +1186,11 @@ static int ctnetlink_del_conntrack(struc
+@@ -1183,6 +1191,11 @@ static int ctnetlink_del_conntrack(struc
  
        ct = nf_ct_tuplehash_to_ctrack(h);
  
@@ -124,8 +124,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +      }
 +
        if (cda[CTA_ID]) {
-               u_int32_t id = ntohl(nla_get_be32(cda[CTA_ID]));
-               if (id != (u32)(unsigned long)ct) {
+               __be32 id = nla_get_be32(cda[CTA_ID]);
+ 
 --- a/net/netfilter/nf_conntrack_proto_tcp.c
 +++ b/net/netfilter/nf_conntrack_proto_tcp.c
 @@ -305,6 +305,9 @@ static bool tcp_invert_tuple(struct nf_c
@@ -140,7 +140,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  #endif
 --- a/net/netfilter/nf_conntrack_standalone.c
 +++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -309,10 +309,12 @@ static int ct_seq_show(struct seq_file *
+@@ -310,10 +310,12 @@ static int ct_seq_show(struct seq_file *
        WARN_ON(!l4proto);
  
        ret = -ENOSPC;
@@ -156,7 +156,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
        if (l4proto->print_conntrack)
                l4proto->print_conntrack(s, ct);
-@@ -339,7 +341,9 @@ static int ct_seq_show(struct seq_file *
+@@ -340,7 +342,9 @@ static int ct_seq_show(struct seq_file *
        if (seq_print_acct(s, ct, IP_CT_DIR_REPLY))
                goto release;