1 files changed, 0 insertions, 113 deletions

diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
deleted file mode 100644
index 188ee11b84..0000000000
--- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 19 Dec 2017 13:53:45 +0100
-Subject: [PATCH] netfilter: nf_tables: remove nhooks field from struct
- nft_af_info
-
-We already validate the hook through bitmask, so this check is
-superfluous. When removing this, this patch is also fixing a bug in the
-new flowtable codebase, since ctx->afi points to the table family
-instead of the netdev family which is where the flowtable is really
-hooked in.
-
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
-
---- a/include/net/netfilter/nf_tables.h
-+++ b/include/net/netfilter/nf_tables.h
-@@ -969,7 +969,6 @@ enum nft_af_flags {
-  *
-  *	@list: used internally
-  *	@family: address family
-- *	@nhooks: number of hooks in this family
-  *	@owner: module owner
-  *	@tables: used internally
-  *	@flags: family flags
-@@ -977,7 +976,6 @@ enum nft_af_flags {
- struct nft_af_info {
- 	struct list_head		list;
- 	int				family;
--	unsigned int			nhooks;
- 	struct module			*owner;
- 	struct list_head		tables;
- 	u32				flags;
---- a/net/bridge/netfilter/nf_tables_bridge.c
-+++ b/net/bridge/netfilter/nf_tables_bridge.c
-@@ -44,7 +44,6 @@ nft_do_chain_bridge(void *priv,
- 
- static struct nft_af_info nft_af_bridge __read_mostly = {
- 	.family		= NFPROTO_BRIDGE,
--	.nhooks		= NF_BR_NUMHOOKS,
- 	.owner		= THIS_MODULE,
- };
- 
---- a/net/ipv4/netfilter/nf_tables_arp.c
-+++ b/net/ipv4/netfilter/nf_tables_arp.c
-@@ -29,7 +29,6 @@ nft_do_chain_arp(void *priv,
- 
- static struct nft_af_info nft_af_arp __read_mostly = {
- 	.family		= NFPROTO_ARP,
--	.nhooks		= NF_ARP_NUMHOOKS,
- 	.owner		= THIS_MODULE,
- };
- 
---- a/net/ipv4/netfilter/nf_tables_ipv4.c
-+++ b/net/ipv4/netfilter/nf_tables_ipv4.c
-@@ -32,7 +32,6 @@ static unsigned int nft_do_chain_ipv4(vo
- 
- static struct nft_af_info nft_af_ipv4 __read_mostly = {
- 	.family		= NFPROTO_IPV4,
--	.nhooks		= NF_INET_NUMHOOKS,
- 	.owner		= THIS_MODULE,
- };
- 
---- a/net/ipv6/netfilter/nf_tables_ipv6.c
-+++ b/net/ipv6/netfilter/nf_tables_ipv6.c
-@@ -30,7 +30,6 @@ static unsigned int nft_do_chain_ipv6(vo
- 
- static struct nft_af_info nft_af_ipv6 __read_mostly = {
- 	.family		= NFPROTO_IPV6,
--	.nhooks		= NF_INET_NUMHOOKS,
- 	.owner		= THIS_MODULE,
- };
- 
---- a/net/netfilter/nf_tables_api.c
-+++ b/net/netfilter/nf_tables_api.c
-@@ -1374,9 +1374,6 @@ static int nft_chain_parse_hook(struct n
- 		return -EINVAL;
- 
- 	hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
--	if (hook->num >= afi->nhooks)
--		return -EINVAL;
--
- 	hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
- 
- 	type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
-@@ -5014,7 +5011,7 @@ static int nf_tables_flowtable_parse_hoo
- 		return -EINVAL;
- 
- 	hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
--	if (hooknum >= ctx->afi->nhooks)
-+	if (hooknum != NF_NETDEV_INGRESS)
- 		return -EINVAL;
- 
- 	priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY]));
---- a/net/netfilter/nf_tables_inet.c
-+++ b/net/netfilter/nf_tables_inet.c
-@@ -40,7 +40,6 @@ static unsigned int nft_do_chain_inet(vo
- 
- static struct nft_af_info nft_af_inet __read_mostly = {
- 	.family		= NFPROTO_INET,
--	.nhooks		= NF_INET_NUMHOOKS,
- 	.owner		= THIS_MODULE,
- };
- 
---- a/net/netfilter/nf_tables_netdev.c
-+++ b/net/netfilter/nf_tables_netdev.c
-@@ -40,7 +40,6 @@ nft_do_chain_netdev(void *priv, struct s
- 
- static struct nft_af_info nft_af_netdev __read_mostly = {
- 	.family		= NFPROTO_NETDEV,
--	.nhooks		= NF_NETDEV_NUMHOOKS,
- 	.owner		= THIS_MODULE,
- 	.flags		= NFT_AF_NEEDS_DEV,
- };