kernel: Reorder generic configuration

[openwrt/staging/dedeckeh.git] / target / linux / generic / backport-4.14 / 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch

diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
index 37c63ec6c6a4491a4f1b7b1af16ceadb1a4998c2..bff41db83804f414a70fcd71fbd818a25da8f804 100644 (file)
--- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
+++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -892,8 +892,6 @@ struct nft_stats {
+@@ -897,8 +897,6 @@ struct nft_stats {
        struct u64_stats_sync   syncp;
  };
  
@@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  /**
   *    struct nft_base_chain - nf_tables base chain
   *
-@@ -905,7 +903,7 @@ struct nft_stats {
+@@ -910,7 +908,7 @@ struct nft_stats {
   *    @dev_name: device name that this base chain is attached to (if any)
   */
  struct nft_base_chain {
@@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        const struct nf_chain_type      *type;
        u8                              policy;
        u8                              flags;
-@@ -966,8 +964,6 @@ enum nft_af_flags {
+@@ -971,8 +969,6 @@ enum nft_af_flags {
   *    @owner: module owner
   *    @tables: used internally
   *    @flags: family flags
@@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *    @hooks: hookfn overrides for packet validation
   */
  struct nft_af_info {
-@@ -977,9 +973,6 @@ struct nft_af_info {
+@@ -982,9 +978,6 @@ struct nft_af_info {
        struct module                   *owner;
        struct list_head                tables;
        u32                             flags;
@@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
-@@ -595,8 +592,7 @@ static void _nf_tables_table_disable(str
+@@ -627,8 +624,7 @@ static void _nf_tables_table_disable(str
                if (cnt && i++ == cnt)
                        break;
  
@@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        }
  }
  
-@@ -613,8 +609,7 @@ static int nf_tables_table_enable(struct
+@@ -645,8 +641,7 @@ static int nf_tables_table_enable(struct
                if (!nft_is_base_chain(chain))
                        continue;
  
@@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                if (err < 0)
                        goto err;
  
-@@ -1026,7 +1021,7 @@ static int nf_tables_fill_chain_info(str
+@@ -1058,7 +1053,7 @@ static int nf_tables_fill_chain_info(str
  
        if (nft_is_base_chain(chain)) {
                const struct nft_base_chain *basechain = nft_base_chain(chain);
@@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                struct nlattr *nest;
  
                nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
-@@ -1252,8 +1247,8 @@ static void nf_tables_chain_destroy(stru
+@@ -1286,8 +1281,8 @@ static void nf_tables_chain_destroy(stru
                free_percpu(basechain->stats);
                if (basechain->stats)
                        static_branch_dec(&nft_counters_enabled);
@@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                kfree(chain->name);
                kfree(basechain);
        } else {
-@@ -1349,7 +1344,6 @@ static int nf_tables_addchain(struct nft
+@@ -1383,7 +1378,6 @@ static int nf_tables_addchain(struct nft
        struct nft_stats __percpu *stats;
        struct net *net = ctx->net;
        struct nft_chain *chain;
@@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        int err;
  
        if (table->use == UINT_MAX)
-@@ -1388,21 +1382,18 @@ static int nf_tables_addchain(struct nft
+@@ -1422,21 +1416,18 @@ static int nf_tables_addchain(struct nft
                basechain->type = hook.type;
                chain = &basechain->chain;
  
@@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                chain->flags |= NFT_BASE_CHAIN;
                basechain->policy = policy;
-@@ -1420,7 +1411,7 @@ static int nf_tables_addchain(struct nft
+@@ -1454,7 +1445,7 @@ static int nf_tables_addchain(struct nft
                goto err1;
        }
  
@@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        if (err < 0)
                goto err1;
  
-@@ -1434,7 +1425,7 @@ static int nf_tables_addchain(struct nft
+@@ -1468,7 +1459,7 @@ static int nf_tables_addchain(struct nft
  
        return 0;
  err2:
@@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  err1:
        nf_tables_chain_destroy(chain);
  
-@@ -1447,14 +1438,13 @@ static int nf_tables_updchain(struct nft
+@@ -1481,13 +1472,12 @@ static int nf_tables_updchain(struct nft
        const struct nlattr * const *nla = ctx->nla;
        struct nft_table *table = ctx->table;
        struct nft_chain *chain = ctx->chain;
@@ -236,7 +236,6 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        struct nft_base_chain *basechain;
        struct nft_stats *stats = NULL;
        struct nft_chain_hook hook;
-       const struct nlattr *name;
        struct nf_hook_ops *ops;
        struct nft_trans *trans;
 -      int err, i;
@@ -244,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
        if (nla[NFTA_CHAIN_HOOK]) {
                if (!nft_is_base_chain(chain))
-@@ -1471,14 +1461,12 @@ static int nf_tables_updchain(struct nft
+@@ -1504,14 +1494,12 @@ static int nf_tables_updchain(struct nft
                        return -EBUSY;
                }
  
@@ -265,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                }
                nft_chain_release_hook(&hook);
        }
-@@ -5062,10 +5050,9 @@ static int nf_tables_commit(struct net *
+@@ -5134,10 +5122,9 @@ static int nf_tables_commit(struct net *
                case NFT_MSG_DELCHAIN:
                        list_del_rcu(&trans->ctx.chain->list);
                        nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
@@ -279,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                        break;
                case NFT_MSG_NEWRULE:
                        nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5202,10 +5189,9 @@ static int nf_tables_abort(struct net *n
+@@ -5274,10 +5261,9 @@ static int nf_tables_abort(struct net *n
                        } else {
                                trans->ctx.table->use--;
                                list_del_rcu(&trans->ctx.chain->list);
@@ -293,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                        }
                        break;
                case NFT_MSG_DELCHAIN:
-@@ -5306,7 +5292,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5380,7 +5366,7 @@ int nft_chain_validate_hooks(const struc
        if (nft_is_base_chain(chain)) {
                basechain = nft_base_chain(chain);
  
@@ -302,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                        return 0;
  
                return -EOPNOTSUPP;
-@@ -5788,8 +5774,7 @@ int __nft_release_basechain(struct nft_c
+@@ -5862,8 +5848,7 @@ int __nft_release_basechain(struct nft_c
  
        BUG_ON(!nft_is_base_chain(ctx->chain));
  
@@ -312,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
        list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
                list_del(&rule->list);
                ctx->chain->use--;
-@@ -5818,8 +5803,7 @@ static void __nft_release_afinfo(struct
+@@ -5892,8 +5877,7 @@ static void __nft_release_afinfo(struct
  
        list_for_each_entry_safe(table, nt, &afi->tables, list) {
                list_for_each_entry(chain, &table->chains, list)
@@ -353,7 +352,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
                strncpy(basechain->dev_name, dev->name, IFNAMSIZ);
 --- a/net/netfilter/nft_compat.c
 +++ b/net/netfilter/nft_compat.c
-@@ -169,7 +169,7 @@ nft_target_set_tgchk_param(struct xt_tgc
+@@ -186,7 +186,7 @@ nft_target_set_tgchk_param(struct xt_tgc
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);
@@ -362,7 +361,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                par->hook_mask = 1 << ops->hooknum;
        } else {
-@@ -302,7 +302,7 @@ static int nft_target_validate(const str
+@@ -318,7 +318,7 @@ static int nft_target_validate(const str
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);
@@ -371,7 +370,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                hook_mask = 1 << ops->hooknum;
                if (target->hooks && !(hook_mask & target->hooks))
-@@ -383,7 +383,7 @@ nft_match_set_mtchk_param(struct xt_mtch
+@@ -415,7 +415,7 @@ nft_match_set_mtchk_param(struct xt_mtch
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);
@@ -380,7 +379,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
                par->hook_mask = 1 << ops->hooknum;
        } else {
-@@ -481,7 +481,7 @@ static int nft_match_validate(const stru
+@@ -566,7 +566,7 @@ static int nft_match_validate(const stru
        if (nft_is_base_chain(ctx->chain)) {
                const struct nft_base_chain *basechain =
                                                nft_base_chain(ctx->chain);