- afi = &nft_af_ipv4;
- else
- afi = &nft_af_ipv6;
-+ nft_set_pktinfo(&pkt, skb, state);
-
+-
- ops->pf = afi->family;
- if (afi->hooks[ops->hooknum])
- ops->hook = afi->hooks[ops->hooknum];
++ nft_set_pktinfo(&pkt, skb, state);
++
+ switch (state->pf) {
+ case NFPROTO_IPV4:
+ nft_set_pktinfo_ipv4(&pkt, skb);
- if (family != NFPROTO_UNSPEC && family != afi->family)
+ list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ if (family != NFPROTO_UNSPEC && family != table->afi->family)
++ continue;
++
++ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
continue;
- list_for_each_entry_rcu(table, &afi->tables, list) {
- if (ctx && ctx->table &&
- strcmp(ctx->table, table->name) != 0)
-- continue;
-+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
-+ continue;
++ list_for_each_entry_rcu(chain, &table->chains, list) {
++ if (ctx && ctx->chain &&
++ strcmp(ctx->chain, chain->name) != 0)
+ continue;
- list_for_each_entry_rcu(chain, &table->chains, list) {
- if (ctx && ctx->chain &&
- strcmp(ctx->chain, chain->name) != 0)
- continue;
-+ list_for_each_entry_rcu(chain, &table->chains, list) {
-+ if (ctx && ctx->chain &&
-+ strcmp(ctx->chain, chain->name) != 0)
-+ continue;
-
+-
- list_for_each_entry_rcu(rule, &chain->rules, list) {
- if (!nft_is_active(net, rule))
- goto cont;
- if (cur_family) {
- if (afi->family != cur_family)
+- continue;
+ if (ctx->table && ctx->table != table)
+ continue;
-+
+
+- cur_family = 0;
+- }
+- list_for_each_entry_rcu(table, &afi->tables, list) {
+- if (ctx->table && ctx->table != table)
+ if (cur_table) {
+ if (cur_table != table)
continue;
-- cur_family = 0;
+- if (cur_table) {
+- if (cur_table != table)
+- continue;
+ cur_table = NULL;
- }
-- list_for_each_entry_rcu(table, &afi->tables, list) {
-- if (ctx->table && ctx->table != table)
-- continue;
++ }
+ idx = 0;
+ list_for_each_entry_rcu(set, &table->sets, list) {
+ if (idx < s_idx)
+ if (!nft_is_active(net, set))
+ goto cont;
-- if (cur_table) {
-- if (cur_table != table)
-- continue;
+- cur_table = NULL;
+ ctx_set = *ctx;
+ ctx_set.table = table;
+ ctx_set.family = table->afi->family;
-
-- cur_table = NULL;
++
+ if (nf_tables_fill_set(skb, &ctx_set, set,
+ NFT_MSG_NEWSET,
+ NLM_F_MULTI) < 0) {
depends on NETFILTER_ADVANCED
help
H.323 is a VoIP signalling protocol from ITU-T. As one of the most
-@@ -1012,7 +1011,6 @@ config NETFILTER_XT_TARGET_SECMARK
+@@ -1046,7 +1045,6 @@ config NETFILTER_XT_TARGET_SECMARK
config NETFILTER_XT_TARGET_TCPMSS
tristate '"TCPMSS" target support'
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -1386,6 +1386,7 @@ enum netdev_priv_flags {
+@@ -1399,6 +1399,7 @@ enum netdev_priv_flags {
IFF_RXFH_CONFIGURED = 1<<25,
IFF_PHONY_HEADROOM = 1<<26,
IFF_MACSEC = 1<<27,
};
#define IFF_802_1Q_VLAN IFF_802_1Q_VLAN
-@@ -1415,6 +1416,7 @@ enum netdev_priv_flags {
+@@ -1428,6 +1429,7 @@ enum netdev_priv_flags {
#define IFF_TEAM IFF_TEAM
#define IFF_RXFH_CONFIGURED IFF_RXFH_CONFIGURED
#define IFF_MACSEC IFF_MACSEC
/**
* struct net_device - The DEVICE structure.
-@@ -1701,6 +1703,11 @@ struct net_device {
+@@ -1714,6 +1716,11 @@ struct net_device {
const struct xfrmdev_ops *xfrmdev_ops;
#endif
const struct header_ops *header_ops;
unsigned int flags;
-@@ -1770,6 +1777,10 @@ struct net_device {
+@@ -1783,6 +1790,10 @@ struct net_device {
struct mpls_dev __rcu *mpls_ptr;
#endif
#include <net/net_namespace.h>
#ifdef CONFIG_SYSCTL
#include <linux/sysctl.h>
-@@ -377,10 +378,66 @@ static int ct_open(struct inode *inode,
+@@ -381,10 +382,66 @@ static int ct_open(struct inode *inode,
sizeof(struct ct_iter_state));
}
.llseek = seq_lseek,
.release = seq_release_net,
};
-@@ -484,7 +541,7 @@ static int nf_conntrack_standalone_init_
+@@ -488,7 +545,7 @@ static int nf_conntrack_standalone_init_
kuid_t root_uid;
kgid_t root_gid;
/* "Be conservative in what you do,
be liberal in what you accept from others."
If it's non-zero, we mark only out of window RST segments as INVALID. */
-@@ -505,6 +508,9 @@ static bool tcp_in_window(const struct n
+@@ -508,6 +511,9 @@ static bool tcp_in_window(const struct n
s32 receiver_offset;
bool res, in_recv_win;
/*
* Get the required data from the packet.
*/
-@@ -1486,6 +1492,13 @@ static struct ctl_table tcp_sysctl_table
+@@ -1489,6 +1495,13 @@ static struct ctl_table tcp_sysctl_table
.mode = 0644,
.proc_handler = proc_dointvec,
},
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -1739,6 +1739,8 @@ struct net_device {
+@@ -1752,6 +1752,8 @@ struct net_device {
struct netdev_hw_addr_list mc;
struct netdev_hw_addr_list dev_addrs;
/* 802.11 specific */
struct wireless_dev;
/* 802.15.4 specific */
-@@ -1908,6 +1909,7 @@ struct net_device {
+@@ -1921,6 +1922,7 @@ struct net_device {
struct netprio_map __rcu *priomap;
#endif
struct phy_device *phydev;
projects / openwrt / openwrt.git / commitdiff