RepoMirrors/openwrt
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2025-02-02 04:42:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

kernel: refresh patches

Browse Source 
Some fuzz was introduced due to the netfilter-offload series

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This commit is contained in:
Koen Vandeputte 2018-02-22 12:21:05 +01:00 committed by Felix Fietkau
parent 14a01311f5
commit aad1f11efe
8 changed files with 34 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
target/linux/generic/backport-4.14/302-netfilter-nf_tables_inet-don-t-use-multihook-infrast.patch
View File

@ -90,11 +90,12 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
- afi = &nft_af_ipv4; - afi = &nft_af_ipv4;
- else - else
- afi = &nft_af_ipv6; - afi = &nft_af_ipv6;
+ nft_set_pktinfo(&pkt, skb, state); -
- ops->pf = afi->family; - ops->pf = afi->family;
- if (afi->hooks[ops->hooknum]) - if (afi->hooks[ops->hooknum])
- ops->hook = afi->hooks[ops->hooknum]; - ops->hook = afi->hooks[ops->hooknum];
+ nft_set_pktinfo(&pkt, skb, state);
+
+ switch (state->pf) { + switch (state->pf) {
+ case NFPROTO_IPV4: + case NFPROTO_IPV4:
+ nft_set_pktinfo_ipv4(&pkt, skb); + nft_set_pktinfo_ipv4(&pkt, skb);

39
target/linux/generic/backport-4.14/335-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
View File

@ -548,24 +548,24 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
- if (family != NFPROTO_UNSPEC && family != afi->family) - if (family != NFPROTO_UNSPEC && family != afi->family)
+ list_for_each_entry_rcu(table, &net->nft.tables, list) { + list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ if (family != NFPROTO_UNSPEC && family != table->afi->family) + if (family != NFPROTO_UNSPEC && family != table->afi->family)
+ continue;
+
+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
continue; continue;
- list_for_each_entry_rcu(table, &afi->tables, list) { - list_for_each_entry_rcu(table, &afi->tables, list) {
- if (ctx && ctx->table && - if (ctx && ctx->table &&
- strcmp(ctx->table, table->name) != 0) - strcmp(ctx->table, table->name) != 0)
- continue; + list_for_each_entry_rcu(chain, &table->chains, list) {
+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) + if (ctx && ctx->chain &&
+ continue; + strcmp(ctx->chain, chain->name) != 0)
continue;
- list_for_each_entry_rcu(chain, &table->chains, list) { - list_for_each_entry_rcu(chain, &table->chains, list) {
- if (ctx && ctx->chain && - if (ctx && ctx->chain &&
- strcmp(ctx->chain, chain->name) != 0) - strcmp(ctx->chain, chain->name) != 0)
- continue; - continue;
+ list_for_each_entry_rcu(chain, &table->chains, list) { -
+ if (ctx && ctx->chain &&
+ strcmp(ctx->chain, chain->name) != 0)
+ continue;
- list_for_each_entry_rcu(rule, &chain->rules, list) { - list_for_each_entry_rcu(rule, &chain->rules, list) {
- if (!nft_is_active(net, rule)) - if (!nft_is_active(net, rule))
- goto cont; - goto cont;
@ -703,19 +703,23 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
- if (cur_family) { - if (cur_family) {
- if (afi->family != cur_family) - if (afi->family != cur_family)
- continue;
+ if (ctx->table && ctx->table != table) + if (ctx->table && ctx->table != table)
+ continue; + continue;
+
- cur_family = 0;
- }
- list_for_each_entry_rcu(table, &afi->tables, list) {
- if (ctx->table && ctx->table != table)
+ if (cur_table) { + if (cur_table) {
+ if (cur_table != table) + if (cur_table != table)
continue; continue;
- cur_family = 0; - if (cur_table) {
- if (cur_table != table)
- continue;
+ cur_table = NULL; + cur_table = NULL;
} + }
- list_for_each_entry_rcu(table, &afi->tables, list) {
- if (ctx->table && ctx->table != table)
- continue;
+ idx = 0; + idx = 0;
+ list_for_each_entry_rcu(set, &table->sets, list) { + list_for_each_entry_rcu(set, &table->sets, list) {
+ if (idx < s_idx) + if (idx < s_idx)
@ -723,14 +727,11 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+ if (!nft_is_active(net, set)) + if (!nft_is_active(net, set))
+ goto cont; + goto cont;
- if (cur_table) { - cur_table = NULL;
- if (cur_table != table)
- continue;
+ ctx_set = *ctx; + ctx_set = *ctx;
+ ctx_set.table = table; + ctx_set.table = table;
+ ctx_set.family = table->afi->family; + ctx_set.family = table->afi->family;
+
- cur_table = NULL;
+ if (nf_tables_fill_set(skb, &ctx_set, set, + if (nf_tables_fill_set(skb, &ctx_set, set,
+ NFT_MSG_NEWSET, + NFT_MSG_NEWSET,
+ NLM_F_MULTI) < 0) { + NLM_F_MULTI) < 0) {

2
target/linux/generic/hack-4.14/250-netfilter_depends.patch
View File

@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
H.323 is a VoIP signalling protocol from ITU-T. As one of the most H.323 is a VoIP signalling protocol from ITU-T. As one of the most
@@ -1012,7 +1011,6 @@ config NETFILTER_XT_TARGET_SECMARK @@ -1046,7 +1045,6 @@ config NETFILTER_XT_TARGET_SECMARK
config NETFILTER_XT_TARGET_TCPMSS config NETFILTER_XT_TARGET_TCPMSS
tristate '"TCPMSS" target support' tristate '"TCPMSS" target support'

8
target/linux/generic/hack-4.14/721-phy_packets.patch
View File

@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/include/linux/netdevice.h --- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h +++ b/include/linux/netdevice.h
@@ -1386,6 +1386,7 @@ enum netdev_priv_flags { @@ -1399,6 +1399,7 @@ enum netdev_priv_flags {
IFF_RXFH_CONFIGURED = 1<<25, IFF_RXFH_CONFIGURED = 1<<25,
IFF_PHONY_HEADROOM = 1<<26, IFF_PHONY_HEADROOM = 1<<26,
IFF_MACSEC = 1<<27, IFF_MACSEC = 1<<27,
@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}; };
#define IFF_802_1Q_VLAN IFF_802_1Q_VLAN #define IFF_802_1Q_VLAN IFF_802_1Q_VLAN
@@ -1415,6 +1416,7 @@ enum netdev_priv_flags { @@ -1428,6 +1429,7 @@ enum netdev_priv_flags {
#define IFF_TEAM IFF_TEAM #define IFF_TEAM IFF_TEAM
#define IFF_RXFH_CONFIGURED IFF_RXFH_CONFIGURED #define IFF_RXFH_CONFIGURED IFF_RXFH_CONFIGURED
#define IFF_MACSEC IFF_MACSEC #define IFF_MACSEC IFF_MACSEC
@ -31,7 +31,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/** /**
* struct net_device - The DEVICE structure. * struct net_device - The DEVICE structure.
@@ -1701,6 +1703,11 @@ struct net_device { @@ -1714,6 +1716,11 @@ struct net_device {
const struct xfrmdev_ops *xfrmdev_ops; const struct xfrmdev_ops *xfrmdev_ops;
#endif #endif
@ -43,7 +43,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
const struct header_ops *header_ops; const struct header_ops *header_ops;
unsigned int flags; unsigned int flags;
@@ -1770,6 +1777,10 @@ struct net_device { @@ -1783,6 +1790,10 @@ struct net_device {
struct mpls_dev __rcu *mpls_ptr; struct mpls_dev __rcu *mpls_ptr;
#endif #endif

4
target/linux/generic/pending-4.14/600-netfilter_conntrack_flush.patch
View File

@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#include <net/net_namespace.h> #include <net/net_namespace.h>
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
#include <linux/sysctl.h> #include <linux/sysctl.h>
@@ -377,10 +378,66 @@ static int ct_open(struct inode *inode, @@ -381,10 +382,66 @@ static int ct_open(struct inode *inode,
sizeof(struct ct_iter_state)); sizeof(struct ct_iter_state));
} }
@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
.llseek = seq_lseek, .llseek = seq_lseek,
.release = seq_release_net, .release = seq_release_net,
}; };
@@ -484,7 +541,7 @@ static int nf_conntrack_standalone_init_ @@ -488,7 +545,7 @@ static int nf_conntrack_standalone_init_
kuid_t root_uid; kuid_t root_uid;
kgid_t root_gid; kgid_t root_gid;

4
target/linux/generic/pending-4.14/613-netfilter_optional_tcp_window_check.patch
View File

@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* "Be conservative in what you do, /* "Be conservative in what you do,
be liberal in what you accept from others." be liberal in what you accept from others."
If it's non-zero, we mark only out of window RST segments as INVALID. */ If it's non-zero, we mark only out of window RST segments as INVALID. */
@@ -505,6 +508,9 @@ static bool tcp_in_window(const struct n @@ -508,6 +511,9 @@ static bool tcp_in_window(const struct n
s32 receiver_offset; s32 receiver_offset;
bool res, in_recv_win; bool res, in_recv_win;
@ -28,7 +28,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* /*
* Get the required data from the packet. * Get the required data from the packet.
*/ */
@@ -1486,6 +1492,13 @@ static struct ctl_table tcp_sysctl_table @@ -1489,6 +1495,13 @@ static struct ctl_table tcp_sysctl_table
.mode = 0644, .mode = 0644,
.proc_handler = proc_dointvec, .proc_handler = proc_dointvec,
}, },

2
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
View File

@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/include/linux/netdevice.h --- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h +++ b/include/linux/netdevice.h
@@ -1739,6 +1739,8 @@ struct net_device { @@ -1752,6 +1752,8 @@ struct net_device {
struct netdev_hw_addr_list mc; struct netdev_hw_addr_list mc;
struct netdev_hw_addr_list dev_addrs; struct netdev_hw_addr_list dev_addrs;

2
target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch
View File

@ -129,7 +129,7 @@ Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
/* 802.11 specific */ /* 802.11 specific */
struct wireless_dev; struct wireless_dev;
/* 802.15.4 specific */ /* 802.15.4 specific */
@@ -1908,6 +1909,7 @@ struct net_device { @@ -1921,6 +1922,7 @@ struct net_device {
struct netprio_map __rcu *priomap; struct netprio_map __rcu *priomap;
#endif #endif
struct phy_device *phydev; struct phy_device *phydev;