diff --git a/feeds.conf.default b/feeds.conf.default index 4235fe135..f979806fb 100644 --- a/feeds.conf.default +++ b/feeds.conf.default @@ -1,7 +1,7 @@ #src-git packages https://git.openwrt.org/feed/packages.git^1b73f267eae2dedc18969b70ed7c5d9b02288bac src-git packages https://github.com/openwrt/packages.git -#src-git luci https://git.openwrt.org/project/luci.git^7d55be315d758b2a40494e732d7bdc300ee15c00 -src-git luci https://github.com/openwrt/luci.git^80cb4fef8c7db0dadc373fef122d7abb092a7191 +src-git luci https://github.com/openwrt/luci.git +#src-git luci https://github.com/openwrt/luci.git^80cb4fef8c7db0dadc373fef122d7abb092a7191 #src-git luci https://github.com/openwrt/luci.git;openwrt-18.06 src-git routing https://git.openwrt.org/feed/routing.git;openwrt-18.06 src-git telephony https://github.com/openwrt/telephony.git;openwrt-18.06 diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index cd5670675..431098fa0 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6477,6 +6477,12 @@ static int __net_init nf_tables_init_net(struct net *net) +@@ -6477,6 +6477,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6554,6 +6560,7 @@ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) +@@ -6554,6 +6560,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, @@ -44,7 +44,7 @@ Signed-off-by: Pablo Neira Ayuso static int __init nf_tables_module_init(void) --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c -@@ -1093,10 +1093,15 @@ static int __net_init nfnl_log_net_init(struct net *net) +@@ -1093,10 +1093,15 @@ static int __net_init nfnl_log_net_init( static void __net_exit nfnl_log_net_exit(struct net *net) { @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso static struct pernet_operations nfnl_log_net_ops = { --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c -@@ -1512,10 +1512,15 @@ static int __net_init nfnl_queue_net_init(struct net *net) +@@ -1512,10 +1512,15 @@ static int __net_init nfnl_queue_net_ini static void __net_exit nfnl_queue_net_exit(struct net *net) { @@ -80,7 +80,7 @@ Signed-off-by: Pablo Neira Ayuso static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list) --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c -@@ -1785,8 +1785,17 @@ static int __net_init xt_net_init(struct net *net) +@@ -1785,8 +1785,17 @@ static int __net_init xt_net_init(struct return 0; } diff --git a/target/linux/generic/backport-4.14/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch b/target/linux/generic/backport-4.14/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch new file mode 100644 index 000000000..e68395c69 --- /dev/null +++ b/target/linux/generic/backport-4.14/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch @@ -0,0 +1,110 @@ +From: Felix Fietkau +Date: Wed, 13 Jun 2018 12:33:39 +0200 +Subject: [PATCH] netfilter: nf_flow_table: fix offloaded connection timeout + corner case + +The full teardown of offloaded flows is deferred to a gc work item, +however processing of packets by netfilter needs to happen immediately +after a teardown is requested, because the conntrack state needs to be +fixed up. + +Since the IPS_OFFLOAD_BIT is still kept until the teardown is complete, +the netfilter conntrack gc can accidentally bump the timeout of a +connection where offload was just stopped, causing a conntrack entry +leak. + +Fix this by moving the conntrack timeout bumping from conntrack core to +the nf_flow_offload and add a check to prevent bogus timeout bumps. + +Signed-off-by: Felix Fietkau +--- + +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -978,18 +978,6 @@ static bool gc_worker_can_early_drop(con + return false; + } + +-#define DAY (86400 * HZ) +- +-/* Set an arbitrary timeout large enough not to ever expire, this save +- * us a check for the IPS_OFFLOAD_BIT from the packet path via +- * nf_ct_is_expired(). +- */ +-static void nf_ct_offload_timeout(struct nf_conn *ct) +-{ +- if (nf_ct_expires(ct) < DAY / 2) +- ct->timeout = nfct_time_stamp + DAY; +-} +- + static void gc_worker(struct work_struct *work) + { + unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); +@@ -1026,10 +1014,8 @@ static void gc_worker(struct work_struct + tmp = nf_ct_tuplehash_to_ctrack(h); + + scanned++; +- if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) { +- nf_ct_offload_timeout(tmp); ++ if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) + continue; +- } + + if (nf_ct_is_expired(tmp)) { + nf_ct_gc_expired(tmp); +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -185,8 +185,27 @@ static const struct rhashtable_params nf + .automatic_shrinking = true, + }; + ++#define DAY (86400 * HZ) ++ ++/* Set an arbitrary timeout large enough not to ever expire, this save ++ * us a check for the IPS_OFFLOAD_BIT from the packet path via ++ * nf_ct_is_expired(). ++ */ ++static void nf_ct_offload_timeout(struct flow_offload *flow) ++{ ++ struct flow_offload_entry *entry; ++ struct nf_conn *ct; ++ ++ entry = container_of(flow, struct flow_offload_entry, flow); ++ ct = entry->ct; ++ ++ if (nf_ct_expires(ct) < DAY / 2) ++ ct->timeout = nfct_time_stamp + DAY; ++} ++ + int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) + { ++ nf_ct_offload_timeout(flow); + flow->timeout = (u32)jiffies; + + rhashtable_insert_fast(&flow_table->rhashtable, +@@ -307,6 +326,8 @@ static int nf_flow_offload_gc_step(struc + rhashtable_walk_start(&hti); + + while ((tuplehash = rhashtable_walk_next(&hti))) { ++ bool teardown; ++ + if (IS_ERR(tuplehash)) { + err = PTR_ERR(tuplehash); + if (err != -EAGAIN) +@@ -319,9 +340,13 @@ static int nf_flow_offload_gc_step(struc + + flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); + +- if (nf_flow_has_expired(flow) || +- (flow->flags & (FLOW_OFFLOAD_DYING | +- FLOW_OFFLOAD_TEARDOWN))) ++ teardown = flow->flags & (FLOW_OFFLOAD_DYING | ++ FLOW_OFFLOAD_TEARDOWN); ++ ++ if (!teardown) ++ nf_ct_offload_timeout(flow); ++ ++ if (nf_flow_has_expired(flow) || teardown) + flow_offload_del(flow_table, flow); + } + out: diff --git a/target/linux/generic/backport-4.14/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch b/target/linux/generic/backport-4.14/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch new file mode 100644 index 000000000..fb14a284a --- /dev/null +++ b/target/linux/generic/backport-4.14/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch @@ -0,0 +1,24 @@ +From: Felix Fietkau +Date: Thu, 14 Jun 2018 11:20:09 +0200 +Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after + timeout + +If a connection simply times out instead of being torn down, it is left +active with a long timeout. Fix this by calling flow_offload_fixup_ct_state +here as well. + +Signed-off-by: Felix Fietkau +--- + +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -233,6 +233,9 @@ static void flow_offload_del(struct nf_f + e = container_of(flow, struct flow_offload_entry, flow); + clear_bit(IPS_OFFLOAD_BIT, &e->ct->status); + ++ if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN)) ++ flow_offload_fixup_ct_state(e->ct); ++ + flow_offload_free(flow); + } + diff --git a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch index 7f78d521f..418ea469e 100644 --- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch +++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o --- /dev/null +++ b/net/netfilter/xt_FLOWOFFLOAD.c -@@ -0,0 +1,365 @@ +@@ -0,0 +1,368 @@ +/* + * Copyright (C) 2018 Felix Fietkau + * @@ -326,6 +326,9 @@ Signed-off-by: Felix Fietkau + if (!this_dst || !other_dst) + return -ENOENT; + ++ if (dst_xfrm(this_dst) || dst_xfrm(other_dst)) ++ return -EINVAL; ++ + route->tuple[dir].dst = this_dst; + route->tuple[dir].ifindex = xt_in(par)->ifindex; + route->tuple[!dir].dst = other_dst; diff --git a/target/linux/generic/hack-4.14/710-phy-add-mdio_register_board_info.patch b/target/linux/generic/hack-4.14/710-phy-add-mdio_register_board_info.patch deleted file mode 100644 index 12537d225..000000000 --- a/target/linux/generic/hack-4.14/710-phy-add-mdio_register_board_info.patch +++ /dev/null @@ -1,80 +0,0 @@ ---- a/drivers/net/phy/mdio-boardinfo.c -+++ b/drivers/net/phy/mdio-boardinfo.c -@@ -15,8 +15,10 @@ - - #include "mdio-boardinfo.h" - --static LIST_HEAD(mdio_board_list); --static DEFINE_MUTEX(mdio_board_lock); -+LIST_HEAD(mdio_board_list); -+EXPORT_SYMBOL_GPL(mdio_board_list); -+DEFINE_MUTEX(mdio_board_lock); -+EXPORT_SYMBOL_GPL(mdio_board_lock); - - /** - * mdiobus_setup_mdiodev_from_board_info - create and setup MDIO devices ---- a/drivers/net/phy/mdio-boardinfo.h -+++ b/drivers/net/phy/mdio-boardinfo.h -@@ -15,6 +15,12 @@ struct mdio_board_entry { - struct mdio_board_info board_info; - }; - -+/* mdio_board_lock protects mdio_board_list -+ * only mdio_bus components are allowed to use these symbols. -+ */ -+extern struct mutex mdio_board_lock; -+extern struct list_head mdio_board_list; -+ - void mdiobus_setup_mdiodev_from_board_info(struct mii_bus *bus, - int (*cb) - (struct mii_bus *bus, ---- a/drivers/net/phy/mdio_bus.c -+++ b/drivers/net/phy/mdio_bus.c -@@ -88,6 +88,8 @@ bool mdiobus_is_registered_device(struct mii_bus *bus, int addr) - } - EXPORT_SYMBOL(mdiobus_is_registered_device); - -+#include "mdio-boardinfo.h" -+ - /** - * mdiobus_alloc_size - allocate a mii_bus structure - * @size: extra amount of memory to allocate for private storage. -@@ -455,6 +457,17 @@ void mdiobus_free(struct mii_bus *bus) - } - EXPORT_SYMBOL(mdiobus_free); - -+static void mdiobus_setup_phydev_from_boardinfo(struct mii_bus *bus, -+ struct phy_device *phydev, -+ struct mdio_board_info *bi) -+{ -+ if (strcmp(bus->id, bi->bus_id) || -+ bi->mdio_addr != phydev->mdio.addr) -+ return; -+ -+ phydev->mdio.dev.platform_data = (void *) bi->platform_data; -+} -+ - /** - * mdiobus_scan - scan a bus for MDIO devices. - * @bus: mii_bus to scan -@@ -470,6 +483,7 @@ EXPORT_SYMBOL(mdiobus_free); - struct phy_device *mdiobus_scan(struct mii_bus *bus, int addr) - { - struct phy_device *phydev; -+ struct mdio_board_entry *be; - int err; - - phydev = get_phy_device(bus, addr, false); -@@ -482,6 +496,12 @@ struct phy_device *mdiobus_scan(struct mii_bus *bus, int addr) - */ - of_mdiobus_link_mdiodev(bus, &phydev->mdio); - -+ mutex_lock(&mdio_board_lock); -+ list_for_each_entry(be, &mdio_board_list, list) -+ mdiobus_setup_phydev_from_boardinfo(bus, phydev, -+ &be->board_info); -+ mutex_unlock(&mdio_board_lock); -+ - err = phy_device_register(phydev); - if (err) { - phy_device_free(phydev); diff --git a/target/linux/generic/hack-4.14/721-phy_packets.patch b/target/linux/generic/hack-4.14/721-phy_packets.patch index 8ce2ea48d..86ff0fe12 100644 --- a/target/linux/generic/hack-4.14/721-phy_packets.patch +++ b/target/linux/generic/hack-4.14/721-phy_packets.patch @@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau */ --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -2492,6 +2492,10 @@ static inline int pskb_trim(struct sk_buff *skb, unsigned int len) +@@ -2491,6 +2491,10 @@ static inline int pskb_trim(struct sk_bu return (len < skb->len) ? __pskb_trim(skb, len) : 0; } @@ -67,7 +67,7 @@ Signed-off-by: Felix Fietkau /** * pskb_trim_unique - remove end from a paged unique (not cloned) buffer * @skb: buffer to alter -@@ -2622,16 +2626,6 @@ static inline struct sk_buff *dev_alloc_skb(unsigned int length) +@@ -2621,16 +2625,6 @@ static inline struct sk_buff *dev_alloc_ } @@ -101,9 +101,9 @@ Signed-off-by: Felix Fietkau help --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -2988,10 +2988,20 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, - dev_queue_xmit_nit(skb, dev); - } +@@ -2982,10 +2982,20 @@ static int xmit_one(struct sk_buff *skb, + if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) + dev_queue_xmit_nit(skb, dev); - len = skb->len; - trace_net_dev_start_xmit(skb, dev); @@ -136,7 +136,7 @@ Signed-off-by: Felix Fietkau #include #include -@@ -499,6 +500,22 @@ struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, unsigned int len, +@@ -499,6 +500,22 @@ skb_fail: } EXPORT_SYMBOL(__napi_alloc_skb); @@ -161,7 +161,7 @@ Signed-off-by: Felix Fietkau { --- a/net/ethernet/eth.c +++ b/net/ethernet/eth.c -@@ -172,6 +172,12 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev) +@@ -172,6 +172,12 @@ __be16 eth_type_trans(struct sk_buff *sk const struct ethhdr *eth; skb->dev = dev; diff --git a/target/linux/generic/hack-4.14/773-bgmac-add-srab-switch.patch b/target/linux/generic/hack-4.14/773-bgmac-add-srab-switch.patch index 16d798db4..33a18a835 100644 --- a/target/linux/generic/hack-4.14/773-bgmac-add-srab-switch.patch +++ b/target/linux/generic/hack-4.14/773-bgmac-add-srab-switch.patch @@ -14,7 +14,7 @@ Signed-off-by: Hauke Mehrtens --- a/drivers/net/ethernet/broadcom/bgmac-bcma.c +++ b/drivers/net/ethernet/broadcom/bgmac-bcma.c -@@ -268,6 +268,7 @@ static int bgmac_probe(struct bcma_device *core) +@@ -268,6 +268,7 @@ static int bgmac_probe(struct bcma_devic bgmac->feature_flags |= BGMAC_FEAT_CLKCTLST; bgmac->feature_flags |= BGMAC_FEAT_NO_RESET; bgmac->feature_flags |= BGMAC_FEAT_FORCE_SPEED_2500; diff --git a/target/linux/generic/hack-4.14/902-debloat_proc.patch b/target/linux/generic/hack-4.14/902-debloat_proc.patch index 16749dcd7..3f47d2235 100644 --- a/target/linux/generic/hack-4.14/902-debloat_proc.patch +++ b/target/linux/generic/hack-4.14/902-debloat_proc.patch @@ -29,7 +29,7 @@ Signed-off-by: Felix Fietkau --- a/fs/locks.c +++ b/fs/locks.c -@@ -2805,6 +2805,8 @@ static const struct file_operations proc_locks_operations = { +@@ -2805,6 +2805,8 @@ static const struct file_operations proc static int __init proc_locks_init(void) { @@ -51,7 +51,7 @@ Signed-off-by: Felix Fietkau + bool "Strip non-essential /proc functionality to reduce code size" --- a/fs/proc/consoles.c +++ b/fs/proc/consoles.c -@@ -106,6 +106,9 @@ static const struct file_operations proc_consoles_operations = { +@@ -106,6 +106,9 @@ static const struct file_operations proc static int __init proc_consoles_init(void) { @@ -63,7 +63,7 @@ Signed-off-by: Felix Fietkau } --- a/fs/proc/proc_tty.c +++ b/fs/proc/proc_tty.c -@@ -145,7 +145,10 @@ static const struct file_operations proc_tty_drivers_operations = { +@@ -145,7 +145,10 @@ static const struct file_operations proc void proc_tty_register_driver(struct tty_driver *driver) { struct proc_dir_entry *ent; @@ -75,7 +75,7 @@ Signed-off-by: Felix Fietkau if (!driver->driver_name || driver->proc_entry || !driver->ops->proc_fops) return; -@@ -162,6 +165,9 @@ void proc_tty_unregister_driver(struct tty_driver *driver) +@@ -162,6 +165,9 @@ void proc_tty_unregister_driver(struct t { struct proc_dir_entry *ent; @@ -85,7 +85,7 @@ Signed-off-by: Felix Fietkau ent = driver->proc_entry; if (!ent) return; -@@ -176,6 +182,9 @@ void proc_tty_unregister_driver(struct tty_driver *driver) +@@ -176,6 +182,9 @@ void proc_tty_unregister_driver(struct t */ void __init proc_tty_init(void) { @@ -166,7 +166,7 @@ Signed-off-by: Felix Fietkau " key shmid perms size cpid lpid nattch uid gid cuid cgid atime dtime ctime rss swap\n", --- a/ipc/util.c +++ b/ipc/util.c -@@ -141,6 +141,9 @@ void __init ipc_init_proc_interface(const char *path, const char *header, +@@ -141,6 +141,9 @@ void __init ipc_init_proc_interface(cons struct proc_dir_entry *pde; struct ipc_proc_iface *iface; @@ -178,7 +178,7 @@ Signed-off-by: Felix Fietkau return; --- a/kernel/exec_domain.c +++ b/kernel/exec_domain.c -@@ -42,6 +42,8 @@ static const struct file_operations execdomains_proc_fops = { +@@ -42,6 +42,8 @@ static const struct file_operations exec static int __init proc_execdomains_init(void) { @@ -189,7 +189,7 @@ Signed-off-by: Felix Fietkau } --- a/kernel/irq/proc.c +++ b/kernel/irq/proc.c -@@ -396,6 +396,9 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc) +@@ -396,6 +396,9 @@ void register_irq_proc(unsigned int irq, void __maybe_unused *irqp = (void *)(unsigned long) irq; char name [MAX_NAMELEN]; @@ -199,7 +199,7 @@ Signed-off-by: Felix Fietkau if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip)) return; -@@ -449,6 +452,9 @@ void unregister_irq_proc(unsigned int irq, struct irq_desc *desc) +@@ -449,6 +452,9 @@ void unregister_irq_proc(unsigned int ir { char name [MAX_NAMELEN]; @@ -221,7 +221,7 @@ Signed-off-by: Felix Fietkau if (!root_irq_dir) --- a/kernel/time/timer_list.c +++ b/kernel/time/timer_list.c -@@ -389,6 +389,8 @@ static int __init init_timer_list_procfs(void) +@@ -389,6 +389,8 @@ static int __init init_timer_list_procfs { struct proc_dir_entry *pe; @@ -232,7 +232,7 @@ Signed-off-by: Felix Fietkau return -ENOMEM; --- a/mm/vmalloc.c +++ b/mm/vmalloc.c -@@ -2769,6 +2769,8 @@ static const struct file_operations proc_vmalloc_operations = { +@@ -2769,6 +2769,8 @@ static const struct file_operations proc static int __init proc_vmalloc_init(void) { @@ -271,7 +271,7 @@ Signed-off-by: Felix Fietkau if (vn->proc_vlan_conf) remove_proc_entry(name_conf, vn->proc_vlan_dir); -@@ -146,6 +149,9 @@ int __net_init vlan_proc_init(struct net *net) +@@ -146,6 +149,9 @@ int __net_init vlan_proc_init(struct net { struct vlan_net *vn = net_generic(net, vlan_net_id); @@ -283,7 +283,7 @@ Signed-off-by: Felix Fietkau goto err; --- a/net/core/net-procfs.c +++ b/net/core/net-procfs.c -@@ -320,10 +320,12 @@ static int __net_init dev_proc_net_init(struct net *net) +@@ -320,10 +320,12 @@ static int __net_init dev_proc_net_init( if (!proc_create("dev", S_IRUGO, net->proc_net, &dev_seq_fops)) goto out; @@ -298,7 +298,7 @@ Signed-off-by: Felix Fietkau goto out_softnet; if (wext_proc_init(net)) -@@ -332,9 +334,11 @@ static int __net_init dev_proc_net_init(struct net *net) +@@ -332,9 +334,11 @@ static int __net_init dev_proc_net_init( out: return rc; out_ptype: @@ -312,7 +312,7 @@ Signed-off-by: Felix Fietkau out_dev: remove_proc_entry("dev", net->proc_net); goto out; -@@ -344,8 +348,10 @@ static void __net_exit dev_proc_net_exit(struct net *net) +@@ -344,8 +348,10 @@ static void __net_exit dev_proc_net_exit { wext_proc_exit(net); @@ -327,7 +327,7 @@ Signed-off-by: Felix Fietkau --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -3378,6 +3378,8 @@ static __net_initdata struct pernet_operations proto_net_ops = { +@@ -3378,6 +3378,8 @@ static __net_initdata struct pernet_oper static int __init proto_init(void) { @@ -338,7 +338,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c -@@ -2731,10 +2731,12 @@ static const struct file_operations fib_route_fops = { +@@ -2731,10 +2731,12 @@ static const struct file_operations fib_ int __net_init fib_proc_init(struct net *net) { @@ -353,7 +353,7 @@ Signed-off-by: Felix Fietkau &fib_triestat_fops)) goto out2; -@@ -2744,17 +2746,21 @@ int __net_init fib_proc_init(struct net *net) +@@ -2744,17 +2746,21 @@ int __net_init fib_proc_init(struct net return 0; out3: @@ -381,7 +381,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c -@@ -557,6 +557,9 @@ static __net_initdata struct pernet_operations ip_proc_ops = { +@@ -557,6 +557,9 @@ static __net_initdata struct pernet_oper int __init ip_misc_proc_init(void) { @@ -393,7 +393,7 @@ Signed-off-by: Felix Fietkau --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -427,6 +427,9 @@ static struct pernet_operations ip_rt_proc_ops __net_initdata = { +@@ -427,6 +427,9 @@ static struct pernet_operations ip_rt_pr static int __init ip_rt_proc_init(void) { diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index df48db04e..73475a543 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -156,7 +156,7 @@ Signed-off-by: Pablo Neira Ayuso obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -199,10 +199,16 @@ int flow_offload_add(struct nf_flowtable +@@ -218,10 +218,16 @@ int flow_offload_add(struct nf_flowtable } EXPORT_SYMBOL_GPL(flow_offload_add); @@ -173,9 +173,9 @@ Signed-off-by: Pablo Neira Ayuso rhashtable_remove_fast(&flow_table->rhashtable, &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node, -@@ -214,6 +220,9 @@ static void flow_offload_del(struct nf_f - e = container_of(flow, struct flow_offload_entry, flow); - clear_bit(IPS_OFFLOAD_BIT, &e->ct->status); +@@ -236,6 +242,9 @@ static void flow_offload_del(struct nf_f + if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN)) + flow_offload_fixup_ct_state(e->ct); + if (nf_flow_in_hw(flow)) + nf_flow_offload_hw_del(net, flow); @@ -183,32 +183,17 @@ Signed-off-by: Pablo Neira Ayuso flow_offload_free(flow); } -@@ -307,6 +316,7 @@ static int nf_flow_offload_gc_step(struc - rhashtable_walk_start(&hti); +@@ -349,6 +358,9 @@ static int nf_flow_offload_gc_step(struc + if (!teardown) + nf_ct_offload_timeout(flow); - while ((tuplehash = rhashtable_walk_next(&hti))) { -+ bool teardown; - if (IS_ERR(tuplehash)) { - err = PTR_ERR(tuplehash); - if (err != -EAGAIN) -@@ -319,9 +329,13 @@ static int nf_flow_offload_gc_step(struc - - flow = container_of(tuplehash, struct flow_offload, tuplehash[0]); - -- if (nf_flow_has_expired(flow) || -- (flow->flags & (FLOW_OFFLOAD_DYING | -- FLOW_OFFLOAD_TEARDOWN))) -+ teardown = flow->flags & (FLOW_OFFLOAD_DYING | -+ FLOW_OFFLOAD_TEARDOWN); -+ + if (nf_flow_in_hw(flow) && !teardown) + continue; + -+ if (nf_flow_has_expired(flow) || teardown) + if (nf_flow_has_expired(flow) || teardown) flow_offload_del(flow_table, flow); } - out: -@@ -456,10 +470,43 @@ int nf_flow_dnat_port(const struct flow_ +@@ -484,10 +496,43 @@ int nf_flow_dnat_port(const struct flow_ } EXPORT_SYMBOL_GPL(nf_flow_dnat_port); @@ -252,7 +237,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_DEFERRABLE_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); err = rhashtable_init(&flowtable->rhashtable, -@@ -497,6 +544,8 @@ static void nf_flow_table_iterate_cleanu +@@ -525,6 +570,8 @@ static void nf_flow_table_iterate_cleanu { nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); flush_delayed_work(&flowtable->gc_work); @@ -261,7 +246,7 @@ Signed-off-by: Pablo Neira Ayuso } void nf_flow_table_cleanup(struct net *net, struct net_device *dev) -@@ -510,6 +559,26 @@ void nf_flow_table_cleanup(struct net *n +@@ -538,6 +585,26 @@ void nf_flow_table_cleanup(struct net *n } EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); @@ -288,7 +273,7 @@ Signed-off-by: Pablo Neira Ayuso void nf_flow_table_free(struct nf_flowtable *flow_table) { mutex_lock(&flowtable_lock); -@@ -519,9 +588,58 @@ void nf_flow_table_free(struct nf_flowta +@@ -547,9 +614,58 @@ void nf_flow_table_free(struct nf_flowta nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); WARN_ON(!nf_flow_offload_gc_step(flow_table)); rhashtable_destroy(&flow_table->rhashtable); diff --git a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch index 8da15bc33..8f0793491 100644 --- a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch +++ b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch @@ -26,9 +26,9 @@ Signed-off-by: Felix Fietkau struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c -@@ -332,7 +332,7 @@ static int nf_flow_offload_gc_step(struc - teardown = flow->flags & (FLOW_OFFLOAD_DYING | - FLOW_OFFLOAD_TEARDOWN); +@@ -358,7 +358,7 @@ static int nf_flow_offload_gc_step(struc + if (!teardown) + nf_ct_offload_timeout(flow); - if (nf_flow_in_hw(flow) && !teardown) + if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown) diff --git a/target/linux/generic/pending-4.14/646-netfilter-nf_flow_table-rework-private-driver-data.patch b/target/linux/generic/pending-4.14/646-netfilter-nf_flow_table-rework-private-driver-data.patch new file mode 100644 index 000000000..f94d7ad30 --- /dev/null +++ b/target/linux/generic/pending-4.14/646-netfilter-nf_flow_table-rework-private-driver-data.patch @@ -0,0 +1,25 @@ +From: Felix Fietkau +Date: Fri, 27 Apr 2018 14:42:14 +0200 +Subject: [PATCH] netfilter: nf_flow_table: rework private driver data + +Move the timeout out of the union, since it can be shared between the +driver and the stack. Add a private pointer that the driver can use to +point to its own data structures + +Signed-off-by: Felix Fietkau +--- + +--- a/include/net/netfilter/nf_flow_table.h ++++ b/include/net/netfilter/nf_flow_table.h +@@ -81,9 +81,10 @@ struct flow_offload_tuple_rhash { + struct flow_offload { + struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; + u32 flags; ++ u32 timeout; + union { + /* Your private driver data here. */ +- u32 timeout; ++ void *priv; + }; + }; + diff --git a/target/linux/generic/pending-4.14/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch b/target/linux/generic/pending-4.14/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch index bf1471f64..09dfd1b90 100644 --- a/target/linux/generic/pending-4.14/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch +++ b/target/linux/generic/pending-4.14/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch @@ -90,7 +90,7 @@ Signed-off-by: Steven Barth return hash_32(hash, IP6_TUNNEL_HASH_SIZE_SHIFT); } -@@ -141,20 +143,29 @@ static struct net_device_stats *ip6_get_stats(struct net_device *dev) +@@ -141,20 +143,29 @@ static struct net_device_stats *ip6_get_ static struct ip6_tnl * ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local) { @@ -125,7 +125,7 @@ Signed-off-by: Steven Barth for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { if (ipv6_addr_equal(local, &t->parms.laddr) && ipv6_addr_any(&t->parms.raddr) && -@@ -162,7 +173,7 @@ ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_ +@@ -162,7 +173,7 @@ ip6_tnl_lookup(struct net *net, const st return t; } @@ -134,7 +134,7 @@ Signed-off-by: Steven Barth for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { if (ipv6_addr_equal(remote, &t->parms.raddr) && ipv6_addr_any(&t->parms.laddr) && -@@ -202,7 +213,7 @@ ip6_tnl_bucket(struct ip6_tnl_net *ip6n, const struct __ip6_tnl_parm *p) +@@ -202,7 +213,7 @@ ip6_tnl_bucket(struct ip6_tnl_net *ip6n, if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { prio = 1; @@ -143,7 +143,7 @@ Signed-off-by: Steven Barth } return &ip6n->tnls[prio][h]; } -@@ -383,6 +394,12 @@ ip6_tnl_dev_uninit(struct net_device *dev) +@@ -383,6 +394,12 @@ ip6_tnl_dev_uninit(struct net_device *de struct net *net = t->net; struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); @@ -264,7 +264,7 @@ Signed-off-by: Steven Barth static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb, const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst, -@@ -831,6 +949,27 @@ static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb, +@@ -831,6 +949,27 @@ static int __ip6_tnl_rcv(struct ip6_tnl skb_reset_network_header(skb); memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); @@ -292,7 +292,7 @@ Signed-off-by: Steven Barth __skb_tunnel_rx(skb, tunnel->dev, tunnel->net); err = dscp_ecn_decapsulate(tunnel, ipv6h, skb); -@@ -962,6 +1101,7 @@ static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit) +@@ -962,6 +1101,7 @@ static void init_tel_txopt(struct ipv6_t opt->ops.opt_nflen = 8; } @@ -300,7 +300,7 @@ Signed-off-by: Steven Barth /** * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own * @t: the outgoing tunnel device -@@ -1303,6 +1443,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) +@@ -1303,6 +1443,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str { struct ip6_tnl *t = netdev_priv(dev); struct ipv6hdr *ipv6h = ipv6_hdr(skb); @@ -308,7 +308,7 @@ Signed-off-by: Steven Barth int encap_limit = -1; __u16 offset; struct flowi6 fl6; -@@ -1365,6 +1506,18 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) +@@ -1365,6 +1506,18 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL); @@ -327,7 +327,7 @@ Signed-off-by: Steven Barth if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) return -1; -@@ -1493,6 +1646,14 @@ ip6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p) +@@ -1493,6 +1646,14 @@ ip6_tnl_change(struct ip6_tnl *t, const t->parms.link = p->link; t->parms.proto = p->proto; t->parms.fwmark = p->fwmark; @@ -342,7 +342,7 @@ Signed-off-by: Steven Barth dst_cache_reset(&t->dst_cache); ip6_tnl_link_config(t); return 0; -@@ -1531,6 +1692,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm *u) +@@ -1531,6 +1692,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ p->flowinfo = u->flowinfo; p->link = u->link; p->proto = u->proto; @@ -350,7 +350,7 @@ Signed-off-by: Steven Barth memcpy(p->name, u->name, sizeof(u->name)); } -@@ -1912,6 +2074,15 @@ static int ip6_tnl_validate(struct nlattr *tb[], struct nlattr *data[], +@@ -1912,6 +2074,15 @@ static int ip6_tnl_validate(struct nlatt return 0; } @@ -366,7 +366,7 @@ Signed-off-by: Steven Barth static void ip6_tnl_netlink_parms(struct nlattr *data[], struct __ip6_tnl_parm *parms) { -@@ -1949,6 +2120,46 @@ static void ip6_tnl_netlink_parms(struct nlattr *data[], +@@ -1949,6 +2120,46 @@ static void ip6_tnl_netlink_parms(struct if (data[IFLA_IPTUN_FWMARK]) parms->fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]); diff --git a/target/linux/generic/pending-4.14/701-phy_extension.patch b/target/linux/generic/pending-4.14/701-phy_extension.patch index f1dfac67e..1b380e24a 100644 --- a/target/linux/generic/pending-4.14/701-phy_extension.patch +++ b/target/linux/generic/pending-4.14/701-phy_extension.patch @@ -9,11 +9,11 @@ Signed-off-by: John Crispin --- a/drivers/net/phy/phy.c +++ b/drivers/net/phy/phy.c -@@ -382,6 +382,74 @@ void phy_ethtool_ksettings_get(struct phy_device *phydev, +@@ -382,6 +382,73 @@ void phy_ethtool_ksettings_get(struct ph } EXPORT_SYMBOL(phy_ethtool_ksettings_get); -+int phy_ethtool_gset(struct phy_device *phydev, struct ethtool_cmd *cmd) ++static int phy_ethtool_gset(struct phy_device *phydev, struct ethtool_cmd *cmd) +{ + cmd->supported = phydev->supported; + @@ -35,7 +35,6 @@ Signed-off-by: John Crispin + + return 0; +} -+EXPORT_SYMBOL(phy_ethtool_gset); + +int phy_ethtool_ioctl(struct phy_device *phydev, void *useraddr) +{ @@ -86,12 +85,7 @@ Signed-off-by: John Crispin * @phydev: the phy_device struct --- a/include/linux/phy.h +++ b/include/linux/phy.h -@@ -901,10 +901,12 @@ void phy_start_machine(struct phy_device *phydev); - void phy_stop_machine(struct phy_device *phydev); - void phy_trigger_machine(struct phy_device *phydev, bool sync); - int phy_ethtool_sset(struct phy_device *phydev, struct ethtool_cmd *cmd); -+int phy_ethtool_gset(struct phy_device *phydev, struct ethtool_cmd *cmd); - void phy_ethtool_ksettings_get(struct phy_device *phydev, +@@ -905,6 +905,7 @@ void phy_ethtool_ksettings_get(struct ph struct ethtool_link_ksettings *cmd); int phy_ethtool_ksettings_set(struct phy_device *phydev, const struct ethtool_link_ksettings *cmd); diff --git a/target/linux/generic/pending-4.14/811-pci_disable_usb_common_quirks.patch b/target/linux/generic/pending-4.14/811-pci_disable_usb_common_quirks.patch index db0bcc856..f40214c29 100644 --- a/target/linux/generic/pending-4.14/811-pci_disable_usb_common_quirks.patch +++ b/target/linux/generic/pending-4.14/811-pci_disable_usb_common_quirks.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau #endif /* __LINUX_USB_PCI_QUIRKS_H */ --- a/include/linux/usb/hcd.h +++ b/include/linux/usb/hcd.h -@@ -465,7 +465,14 @@ extern int usb_hcd_pci_probe(struct pci_dev *dev, +@@ -465,7 +465,14 @@ extern int usb_hcd_pci_probe(struct pci_ extern void usb_hcd_pci_remove(struct pci_dev *dev); extern void usb_hcd_pci_shutdown(struct pci_dev *dev); diff --git a/target/linux/generic/pending-4.14/895-patch-kernel-support-SFE.patch b/target/linux/generic/pending-4.14/895-patch-kernel-support-SFE.patch deleted file mode 100644 index ff1b9209f..000000000 --- a/target/linux/generic/pending-4.14/895-patch-kernel-support-SFE.patch +++ /dev/null @@ -1,393 +0,0 @@ ---- a/include/linux/if_bridge.h -+++ b/include/linux/if_bridge.h -@@ -53,6 +53,7 @@ struct br_ip_list { - #define BR_DEFAULT_AGEING_TIME (300 * HZ) - - extern void brioctl_set(int (*ioctl_hook)(struct net *, unsigned int, void __user *)); -+extern void br_dev_update_stats(struct net_device *dev, struct rtnl_link_stats64 *nlstats); - - typedef int br_should_route_hook_t(struct sk_buff *skb); - extern br_should_route_hook_t __rcu *br_should_route_hook; ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -767,6 +767,7 @@ struct sk_buff { - #endif - __u8 ipvs_property:1; - __u8 inner_protocol_type:1; -+ __u8 fast_forwarded:1; - __u8 remcsum_offload:1; - #ifdef CONFIG_NET_SWITCHDEV - __u8 offload_fwd_mark:1; ---- a/include/net/netfilter/nf_conntrack_ecache.h -+++ b/include/net/netfilter/nf_conntrack_ecache.h -@@ -71,14 +71,8 @@ struct nf_ct_event { - int report; - }; - --struct nf_ct_event_notifier { -- int (*fcn)(unsigned int events, struct nf_ct_event *item); --}; -- --int nf_conntrack_register_notifier(struct net *net, -- struct nf_ct_event_notifier *nb); --void nf_conntrack_unregister_notifier(struct net *net, -- struct nf_ct_event_notifier *nb); -+extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb); -+extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb); - - void nf_ct_deliver_cached_events(struct nf_conn *ct); - int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct, -@@ -87,12 +81,8 @@ int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct, - static inline void - nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) - { -- struct net *net = nf_ct_net(ct); - struct nf_conntrack_ecache *e; - -- if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb)) -- return; -- - e = nf_ct_ecache_find(ct); - if (e == NULL) - return; -@@ -104,22 +94,12 @@ static inline int - nf_conntrack_event_report(enum ip_conntrack_events event, struct nf_conn *ct, - u32 portid, int report) - { -- const struct net *net = nf_ct_net(ct); -- -- if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb)) -- return 0; -- - return nf_conntrack_eventmask_report(1 << event, ct, portid, report); - } - - static inline int - nf_conntrack_event(enum ip_conntrack_events event, struct nf_conn *ct) - { -- const struct net *net = nf_ct_net(ct); -- -- if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb)) -- return 0; -- - return nf_conntrack_eventmask_report(1 << event, ct, 0, 0); - } - ---- a/include/net/netns/conntrack.h -+++ b/include/net/netns/conntrack.h -@@ -114,7 +114,7 @@ struct netns_ct { - - struct ct_pcpu __percpu *pcpu_lists; - struct ip_conntrack_stat __percpu *stat; -- struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; -+ struct atomic_notifier_head nf_conntrack_chain; - struct nf_exp_event_notifier __rcu *nf_expect_event_cb; - struct nf_ip_net nf_ct_proto; - #if defined(CONFIG_NF_CONNTRACK_LABELS) ---- a/net/bridge/br_if.c -+++ b/net/bridge/br_if.c -@@ -654,3 +654,27 @@ void br_port_flags_change(struct net_bridge_port *p, unsigned long mask) - if (mask & BR_AUTO_MASK) - nbp_update_port_count(br); - } -+ -+/* Update bridge statistics for bridge packets processed by offload engines */ -+void br_dev_update_stats(struct net_device *dev, struct rtnl_link_stats64 *nlstats) -+{ -+ struct net_bridge *br; -+ struct pcpu_sw_netstats *stats; -+ -+ /* -+ * Is this a bridge? -+ */ -+ if (!(dev->priv_flags & IFF_EBRIDGE)) -+ return; -+ -+ br = netdev_priv(dev); -+ stats = per_cpu_ptr(br->stats, 0); -+ -+ u64_stats_update_begin(&stats->syncp); -+ stats->rx_packets += nlstats->rx_packets; -+ stats->rx_bytes += nlstats->rx_bytes; -+ stats->tx_packets += nlstats->tx_packets; -+ stats->tx_bytes += nlstats->tx_bytes; -+ u64_stats_update_end(&stats->syncp); -+} -+EXPORT_SYMBOL_GPL(br_dev_update_stats); ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2979,8 +2979,14 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, - unsigned int len; - int rc; - -- if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) -- dev_queue_xmit_nit(skb, dev); -+ /* -+ * If this skb has been fast forwarded then we don't want it to -+ * go to any taps (by definition we're trying to bypass them). -+ */ -+ if (!skb->fast_forwarded) { -+ if (!list_empty(&ptype_all)) -+ dev_queue_xmit_nit(skb, dev); -+ } - - len = skb->len; - trace_net_dev_start_xmit(skb, dev); -@@ -4282,6 +4288,9 @@ void netdev_rx_handler_unregister(struct net_device *dev) - } - EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister); - -+int (*fast_nat_recv)(struct sk_buff *skb) __rcu __read_mostly; -+EXPORT_SYMBOL_GPL(fast_nat_recv); -+ - /* - * Limit the use of PFMEMALLOC reserves to those protocols that implement - * the special handling of PFMEMALLOC skbs. -@@ -4329,6 +4338,7 @@ static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc) - bool deliver_exact = false; - int ret = NET_RX_DROP; - __be16 type; -+ int (*fast_recv)(struct sk_buff *skb); - - net_timestamp_check(!netdev_tstamp_prequeue, skb); - -@@ -4355,6 +4365,12 @@ another_round: - goto out; - } - -+ fast_recv = rcu_dereference(fast_nat_recv); -+ if (fast_recv && fast_recv(skb)) { -+ ret = NET_RX_SUCCESS; -+ goto out; -+ } -+ - if (skb_skip_tc_classify(skb)) - goto skip_classify; - ---- a/net/netfilter/nf_conntrack_core.c -+++ b/net/netfilter/nf_conntrack_core.c -@@ -2187,6 +2187,7 @@ int nf_conntrack_init_net(struct net *net) - ret = nf_conntrack_proto_pernet_init(net); - if (ret < 0) - goto err_proto; -+ ATOMIC_INIT_NOTIFIER_HEAD(&net->ct.nf_conntrack_chain); - return 0; - - err_proto: ---- a/net/netfilter/nf_conntrack_ecache.c -+++ b/net/netfilter/nf_conntrack_ecache.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -120,19 +121,13 @@ static void ecache_work(struct work_struct *work) - int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct, - u32 portid, int report) - { -- int ret = 0; -- struct net *net = nf_ct_net(ct); -- struct nf_ct_event_notifier *notify; - struct nf_conntrack_ecache *e; - -- rcu_read_lock(); -- notify = rcu_dereference(net->ct.nf_conntrack_event_cb); -- if (!notify) -- goto out_unlock; -+ struct net *net = nf_ct_net(ct); - - e = nf_ct_ecache_find(ct); - if (!e) -- goto out_unlock; -+ return 0; - - if (nf_ct_is_confirmed(ct)) { - struct nf_ct_event item = { -@@ -144,32 +139,11 @@ int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct, - unsigned long missed = e->portid ? 0 : e->missed; - - if (!((eventmask | missed) & e->ctmask)) -- goto out_unlock; -- -- ret = notify->fcn(eventmask | missed, &item); -- if (unlikely(ret < 0 || missed)) { -- spin_lock_bh(&ct->lock); -- if (ret < 0) { -- /* This is a destroy event that has been -- * triggered by a process, we store the PORTID -- * to include it in the retransmission. -- */ -- if (eventmask & (1 << IPCT_DESTROY)) { -- if (e->portid == 0 && portid != 0) -- e->portid = portid; -- e->state = NFCT_ECACHE_DESTROY_FAIL; -- } else { -- e->missed |= eventmask; -- } -- } else { -- e->missed &= ~missed; -- } -- spin_unlock_bh(&ct->lock); -- } -+ return 0; -+ atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, eventmask | missed, &item); - } --out_unlock: -- rcu_read_unlock(); -- return ret; -+ -+ return 0; - } - EXPORT_SYMBOL_GPL(nf_conntrack_eventmask_report); - -@@ -177,26 +151,19 @@ EXPORT_SYMBOL_GPL(nf_conntrack_eventmask_report); - * disabled softirqs */ - void nf_ct_deliver_cached_events(struct nf_conn *ct) - { -- struct net *net = nf_ct_net(ct); - unsigned long events, missed; -- struct nf_ct_event_notifier *notify; - struct nf_conntrack_ecache *e; - struct nf_ct_event item; -- int ret; -- -- rcu_read_lock(); -- notify = rcu_dereference(net->ct.nf_conntrack_event_cb); -- if (notify == NULL) -- goto out_unlock; -+ struct net *net = nf_ct_net(ct); - - e = nf_ct_ecache_find(ct); - if (e == NULL) -- goto out_unlock; -+ return; - - events = xchg(&e->cache, 0); - - if (!nf_ct_is_confirmed(ct) || nf_ct_is_dying(ct)) -- goto out_unlock; -+ return; - - /* We make a copy of the missed event cache without taking - * the lock, thus we may send missed events twice. However, -@@ -204,26 +171,22 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct) - missed = e->missed; - - if (!((events | missed) & e->ctmask)) -- goto out_unlock; -+ return; - - item.ct = ct; - item.portid = 0; - item.report = 0; - -- ret = notify->fcn(events | missed, &item); -+ atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, -+ events | missed, -+ &item); - -- if (likely(ret == 0 && !missed)) -- goto out_unlock; -+ if (likely(!missed)) -+ return; - - spin_lock_bh(&ct->lock); -- if (ret < 0) -- e->missed |= events; -- else -- e->missed &= ~missed; -+ e->missed &= ~missed; - spin_unlock_bh(&ct->lock); -- --out_unlock: -- rcu_read_unlock(); - } - EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); - -@@ -257,40 +220,15 @@ void nf_ct_expect_event_report(enum ip_conntrack_expect_events event, - rcu_read_unlock(); - } - --int nf_conntrack_register_notifier(struct net *net, -- struct nf_ct_event_notifier *new) -+int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb) - { -- int ret; -- struct nf_ct_event_notifier *notify; -- -- mutex_lock(&nf_ct_ecache_mutex); -- notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, -- lockdep_is_held(&nf_ct_ecache_mutex)); -- if (notify != NULL) { -- ret = -EBUSY; -- goto out_unlock; -- } -- rcu_assign_pointer(net->ct.nf_conntrack_event_cb, new); -- ret = 0; -- --out_unlock: -- mutex_unlock(&nf_ct_ecache_mutex); -- return ret; -+ return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb); - } - EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); - --void nf_conntrack_unregister_notifier(struct net *net, -- struct nf_ct_event_notifier *new) -+int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb) - { -- struct nf_ct_event_notifier *notify; -- -- mutex_lock(&nf_ct_ecache_mutex); -- notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, -- lockdep_is_held(&nf_ct_ecache_mutex)); -- BUG_ON(notify != new); -- RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL); -- mutex_unlock(&nf_ct_ecache_mutex); -- /* synchronize_rcu() is called from ctnetlink_exit. */ -+ return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb); - } - EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); - ---- a/net/netfilter/nf_conntrack_netlink.c -+++ b/net/netfilter/nf_conntrack_netlink.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - #include - - #include -@@ -618,14 +619,15 @@ static size_t ctnetlink_nlmsg_size(const struct nf_conn *ct) - ; - } - --static int --ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item) -+static int ctnetlink_conntrack_event(struct notifier_block *this, -+ unsigned long events, void *ptr) - { - const struct nf_conntrack_zone *zone; - struct net *net; - struct nlmsghdr *nlh; - struct nfgenmsg *nfmsg; - struct nlattr *nest_parms; -+ struct nf_ct_event *item = ptr; - struct nf_conn *ct = item->ct; - struct sk_buff *skb; - unsigned int type; -@@ -3303,8 +3305,8 @@ static int ctnetlink_stat_exp_cpu(struct net *net, struct sock *ctnl, - } - - #ifdef CONFIG_NF_CONNTRACK_EVENTS --static struct nf_ct_event_notifier ctnl_notifier = { -- .fcn = ctnetlink_conntrack_event, -+static struct notifier_block ctnl_notifier = { -+ .notifier_call = ctnetlink_conntrack_event, - }; - - static struct nf_exp_event_notifier ctnl_notifier_exp = { diff --git a/target/linux/generic/pending-4.14/897-SFE-export-tcp-no-window-check.patch b/target/linux/generic/pending-4.14/897-SFE-export-tcp-no-window-check.patch deleted file mode 100644 index 53cc5e6ad..000000000 --- a/target/linux/generic/pending-4.14/897-SFE-export-tcp-no-window-check.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/net/netfilter/nf_conntrack_proto_tcp.c -+++ b/net/netfilter/nf_conntrack_proto_tcp.c -@@ -35,6 +35,7 @@ - - /* Do not check the TCP window for incoming packets */ - static int nf_ct_tcp_no_window_check __read_mostly = 1; -+EXPORT_SYMBOL_GPL(nf_ct_tcp_no_window_check); - - /* "Be conservative in what you do, - be liberal in what you accept from others."