From 95acc4fe0e31ae91d485635c021d259e06785b5d Mon Sep 17 00:00:00 2001 From: Adrian Schmutzler Date: Fri, 7 Aug 2020 14:29:11 +0200 Subject: kernel: remove support for kernel 4.14 No target uses kernel 4.14 anymore. Signed-off-by: Adrian Schmutzler --- ...on-t-allocate-space-for-arp-bridge-hooks-.patch | 165 --------------------- 1 file changed, 165 deletions(-) delete mode 100644 target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch (limited to 'target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch') diff --git a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch deleted file mode 100644 index 41675c3494..0000000000 --- a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 2a95183a5e0375df756efb2ca37602d71e8455f9 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Thu, 7 Dec 2017 16:28:26 +0100 -Subject: [PATCH 08/11] netfilter: don't allocate space for arp/bridge hooks - unless needed - -no need to define hook points if the family isn't supported. -Because we need these hooks for either nftables, arp/ebtables -or the 'call-iptables' hack we have in the bridge layer add two -new dependencies, NETFILTER_FAMILY_{ARP,BRIDGE}, and have the -users select them. - -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso ---- - include/linux/netfilter.h | 4 ++++ - include/net/netns/netfilter.h | 4 ++++ - net/Kconfig | 1 + - net/bridge/netfilter/Kconfig | 2 ++ - net/ipv4/netfilter/Kconfig | 2 ++ - net/netfilter/Kconfig | 6 ++++++ - net/netfilter/core.c | 8 ++++++++ - net/netfilter/nf_queue.c | 2 ++ - 8 files changed, 29 insertions(+) - ---- a/include/linux/netfilter.h -+++ b/include/linux/netfilter.h -@@ -214,10 +214,14 @@ static inline int nf_hook(u_int8_t pf, u - hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); - break; - case NFPROTO_ARP: -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - hook_head = rcu_dereference(net->nf.hooks_arp[hook]); -+#endif - break; - case NFPROTO_BRIDGE: -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - hook_head = rcu_dereference(net->nf.hooks_bridge[hook]); -+#endif - break; - #if IS_ENABLED(CONFIG_DECNET) - case NFPROTO_DECNET: ---- a/include/net/netns/netfilter.h -+++ b/include/net/netns/netfilter.h -@@ -19,8 +19,12 @@ struct netns_nf { - #endif - struct nf_hook_entries __rcu *hooks_ipv4[NF_INET_NUMHOOKS]; - struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS]; -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS]; -+#endif -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS]; -+#endif - #if IS_ENABLED(CONFIG_DECNET) - struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS]; - #endif ---- a/net/Kconfig -+++ b/net/Kconfig -@@ -182,6 +182,7 @@ config BRIDGE_NETFILTER - depends on BRIDGE - depends on NETFILTER && INET - depends on NETFILTER_ADVANCED -+ select NETFILTER_FAMILY_BRIDGE - default m - ---help--- - Enabling this option will let arptables resp. iptables see bridged ---- a/net/bridge/netfilter/Kconfig -+++ b/net/bridge/netfilter/Kconfig -@@ -4,6 +4,7 @@ - # - menuconfig NF_TABLES_BRIDGE - depends on BRIDGE && NETFILTER && NF_TABLES -+ select NETFILTER_FAMILY_BRIDGE - tristate "Ethernet Bridge nf_tables support" - - if NF_TABLES_BRIDGE -@@ -29,6 +30,7 @@ endif # NF_TABLES_BRIDGE - menuconfig BRIDGE_NF_EBTABLES - tristate "Ethernet Bridge tables (ebtables) support" - depends on BRIDGE && NETFILTER && NETFILTER_XTABLES -+ select NETFILTER_FAMILY_BRIDGE - help - ebtables is a general, extensible frame/packet identification - framework. Say 'Y' or 'M' here if you want to do Ethernet ---- a/net/ipv4/netfilter/Kconfig -+++ b/net/ipv4/netfilter/Kconfig -@@ -72,6 +72,7 @@ endif # NF_TABLES_IPV4 - - config NF_TABLES_ARP - tristate "ARP nf_tables support" -+ select NETFILTER_FAMILY_ARP - help - This option enables the ARP support for nf_tables. - -@@ -392,6 +393,7 @@ endif # IP_NF_IPTABLES - config IP_NF_ARPTABLES - tristate "ARP tables support" - select NETFILTER_XTABLES -+ select NETFILTER_FAMILY_ARP - depends on NETFILTER_ADVANCED - help - arptables is a general, extensible packet identification framework. ---- a/net/netfilter/Kconfig -+++ b/net/netfilter/Kconfig -@@ -12,6 +12,12 @@ config NETFILTER_INGRESS - config NETFILTER_NETLINK - tristate - -+config NETFILTER_FAMILY_BRIDGE -+ bool -+ -+config NETFILTER_FAMILY_ARP -+ bool -+ - config NETFILTER_NETLINK_ACCT - tristate "Netfilter NFACCT over NFNETLINK interface" - depends on NETFILTER_ADVANCED ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -267,14 +267,18 @@ static struct nf_hook_entries __rcu **nf - switch (reg->pf) { - case NFPROTO_NETDEV: - break; -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - case NFPROTO_ARP: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= reg->hooknum)) - return NULL; - return net->nf.hooks_arp + reg->hooknum; -+#endif -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - case NFPROTO_BRIDGE: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= reg->hooknum)) - return NULL; - return net->nf.hooks_bridge + reg->hooknum; -+#endif - case NFPROTO_IPV4: - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum)) - return NULL; -@@ -573,8 +577,12 @@ static int __net_init netfilter_net_init - { - __netfilter_net_init(net->nf.hooks_ipv4, ARRAY_SIZE(net->nf.hooks_ipv4)); - __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); -+#ifdef CONFIG_NETFILTER_FAMILY_ARP - __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); -+#endif -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); -+#endif - #if IS_ENABLED(CONFIG_DECNET) - __netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet)); - #endif ---- a/net/netfilter/nf_queue.c -+++ b/net/netfilter/nf_queue.c -@@ -209,8 +209,10 @@ repeat: - static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum) - { - switch (pf) { -+#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE - case NFPROTO_BRIDGE: - return rcu_dereference(net->nf.hooks_bridge[hooknum]); -+#endif - case NFPROTO_IPV4: - return rcu_dereference(net->nf.hooks_ipv4[hooknum]); - case NFPROTO_IPV6: -- cgit v1.2.3