diff --git a/target/linux/generic/backport-4.14/302-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch b/target/linux/generic/backport-4.14/302-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch index 8649a4864a..17d8b21a0f 100644 --- a/target/linux/generic/backport-4.14/302-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch +++ b/target/linux/generic/backport-4.14/302-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch @@ -90,11 +90,12 @@ Signed-off-by: Pablo Neira Ayuso - afi = &nft_af_ipv4; - else - afi = &nft_af_ipv6; -+ nft_set_pktinfo(&pkt, skb, state); - +- - ops->pf = afi->family; - if (afi->hooks[ops->hooknum]) - ops->hook = afi->hooks[ops->hooknum]; ++ nft_set_pktinfo(&pkt, skb, state); ++ + switch (state->pf) { + case NFPROTO_IPV4: + nft_set_pktinfo_ipv4(&pkt, skb); diff --git a/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index bae2e2879e..b090935cdf 100644 --- a/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -548,24 +548,24 @@ Signed-off-by: Pablo Neira Ayuso - if (family != NFPROTO_UNSPEC && family != afi->family) + list_for_each_entry_rcu(table, &net->nft.tables, list) { + if (family != NFPROTO_UNSPEC && family != table->afi->family) ++ continue; ++ ++ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) continue; - list_for_each_entry_rcu(table, &afi->tables, list) { - if (ctx && ctx->table && - strcmp(ctx->table, table->name) != 0) -- continue; -+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) -+ continue; ++ list_for_each_entry_rcu(chain, &table->chains, list) { ++ if (ctx && ctx->chain && ++ strcmp(ctx->chain, chain->name) != 0) + continue; - list_for_each_entry_rcu(chain, &table->chains, list) { - if (ctx && ctx->chain && - strcmp(ctx->chain, chain->name) != 0) - continue; -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (ctx && ctx->chain && -+ strcmp(ctx->chain, chain->name) != 0) -+ continue; - +- - list_for_each_entry_rcu(rule, &chain->rules, list) { - if (!nft_is_active(net, rule)) - goto cont; @@ -703,19 +703,23 @@ Signed-off-by: Pablo Neira Ayuso - if (cur_family) { - if (afi->family != cur_family) +- continue; + if (ctx->table && ctx->table != table) + continue; -+ + +- cur_family = 0; +- } +- list_for_each_entry_rcu(table, &afi->tables, list) { +- if (ctx->table && ctx->table != table) + if (cur_table) { + if (cur_table != table) continue; -- cur_family = 0; +- if (cur_table) { +- if (cur_table != table) +- continue; + cur_table = NULL; - } -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx->table && ctx->table != table) -- continue; ++ } + idx = 0; + list_for_each_entry_rcu(set, &table->sets, list) { + if (idx < s_idx) @@ -723,14 +727,11 @@ Signed-off-by: Pablo Neira Ayuso + if (!nft_is_active(net, set)) + goto cont; -- if (cur_table) { -- if (cur_table != table) -- continue; +- cur_table = NULL; + ctx_set = *ctx; + ctx_set.table = table; + ctx_set.family = table->afi->family; - -- cur_table = NULL; ++ + if (nf_tables_fill_set(skb, &ctx_set, set, + NFT_MSG_NEWSET, + NLM_F_MULTI) < 0) { diff --git a/target/linux/generic/hack-4.14/250-netfilter_depends.patch b/target/linux/generic/hack-4.14/250-netfilter_depends.patch index 17068f7dab..264d7661cf 100644 --- a/target/linux/generic/hack-4.14/250-netfilter_depends.patch +++ b/target/linux/generic/hack-4.14/250-netfilter_depends.patch @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau depends on NETFILTER_ADVANCED help H.323 is a VoIP signalling protocol from ITU-T. As one of the most -@@ -1012,7 +1011,6 @@ config NETFILTER_XT_TARGET_SECMARK +@@ -1046,7 +1045,6 @@ config NETFILTER_XT_TARGET_SECMARK config NETFILTER_XT_TARGET_TCPMSS tristate '"TCPMSS" target support' diff --git a/target/linux/generic/hack-4.14/721-phy_packets.patch b/target/linux/generic/hack-4.14/721-phy_packets.patch index 07e6e9da6d..5334b23e81 100644 --- a/target/linux/generic/hack-4.14/721-phy_packets.patch +++ b/target/linux/generic/hack-4.14/721-phy_packets.patch @@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1386,6 +1386,7 @@ enum netdev_priv_flags { +@@ -1399,6 +1399,7 @@ enum netdev_priv_flags { IFF_RXFH_CONFIGURED = 1<<25, IFF_PHONY_HEADROOM = 1<<26, IFF_MACSEC = 1<<27, @@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau }; #define IFF_802_1Q_VLAN IFF_802_1Q_VLAN -@@ -1415,6 +1416,7 @@ enum netdev_priv_flags { +@@ -1428,6 +1429,7 @@ enum netdev_priv_flags { #define IFF_TEAM IFF_TEAM #define IFF_RXFH_CONFIGURED IFF_RXFH_CONFIGURED #define IFF_MACSEC IFF_MACSEC @@ -31,7 +31,7 @@ Signed-off-by: Felix Fietkau /** * struct net_device - The DEVICE structure. -@@ -1701,6 +1703,11 @@ struct net_device { +@@ -1714,6 +1716,11 @@ struct net_device { const struct xfrmdev_ops *xfrmdev_ops; #endif @@ -43,7 +43,7 @@ Signed-off-by: Felix Fietkau const struct header_ops *header_ops; unsigned int flags; -@@ -1770,6 +1777,10 @@ struct net_device { +@@ -1783,6 +1790,10 @@ struct net_device { struct mpls_dev __rcu *mpls_ptr; #endif diff --git a/target/linux/generic/pending-4.14/600-netfilter_conntrack_flush.patch b/target/linux/generic/pending-4.14/600-netfilter_conntrack_flush.patch index f39ed62dc0..10da96b7ed 100644 --- a/target/linux/generic/pending-4.14/600-netfilter_conntrack_flush.patch +++ b/target/linux/generic/pending-4.14/600-netfilter_conntrack_flush.patch @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau #include #ifdef CONFIG_SYSCTL #include -@@ -377,10 +378,66 @@ static int ct_open(struct inode *inode, +@@ -381,10 +382,66 @@ static int ct_open(struct inode *inode, sizeof(struct ct_iter_state)); } @@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau .llseek = seq_lseek, .release = seq_release_net, }; -@@ -484,7 +541,7 @@ static int nf_conntrack_standalone_init_ +@@ -488,7 +545,7 @@ static int nf_conntrack_standalone_init_ kuid_t root_uid; kgid_t root_gid; diff --git a/target/linux/generic/pending-4.14/613-netfilter_optional_tcp_window_check.patch b/target/linux/generic/pending-4.14/613-netfilter_optional_tcp_window_check.patch index 3ded90168f..69c165bb41 100644 --- a/target/linux/generic/pending-4.14/613-netfilter_optional_tcp_window_check.patch +++ b/target/linux/generic/pending-4.14/613-netfilter_optional_tcp_window_check.patch @@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau /* "Be conservative in what you do, be liberal in what you accept from others." If it's non-zero, we mark only out of window RST segments as INVALID. */ -@@ -505,6 +508,9 @@ static bool tcp_in_window(const struct n +@@ -508,6 +511,9 @@ static bool tcp_in_window(const struct n s32 receiver_offset; bool res, in_recv_win; @@ -28,7 +28,7 @@ Signed-off-by: Felix Fietkau /* * Get the required data from the packet. */ -@@ -1486,6 +1492,13 @@ static struct ctl_table tcp_sysctl_table +@@ -1489,6 +1495,13 @@ static struct ctl_table tcp_sysctl_table .mode = 0644, .proc_handler = proc_dointvec, }, diff --git a/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch b/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch index 7c858ca111..5bcf99a648 100644 --- a/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch +++ b/target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1739,6 +1739,8 @@ struct net_device { +@@ -1752,6 +1752,8 @@ struct net_device { struct netdev_hw_addr_list mc; struct netdev_hw_addr_list dev_addrs; diff --git a/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch b/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch index 557f155a45..8dd3560ff6 100644 --- a/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch +++ b/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch @@ -129,7 +129,7 @@ Signed-off-by: Russell King /* 802.11 specific */ struct wireless_dev; /* 802.15.4 specific */ -@@ -1908,6 +1909,7 @@ struct net_device { +@@ -1921,6 +1922,7 @@ struct net_device { struct netprio_map __rcu *priomap; #endif struct phy_device *phydev;