kernel: bump 4.14 to 4.14.89

Refreshed all patches.

Remove upstreamed patches:
- 096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

include/kernel-version.mk

@@ -4,12 +4,12 @@ LINUX_RELEASE?=1
 
 LINUX_VERSION-3.18 = .130
 LINUX_VERSION-4.9 = .146
-LINUX_VERSION-4.14 = .88
+LINUX_VERSION-4.14 = .89
 LINUX_VERSION-4.19 = .9
 
 LINUX_KERNEL_HASH-3.18.130 = d1bf85ed3fd0067b1134178ed5492ae0053cb3fdd5361986fe0b85234fc82723
 LINUX_KERNEL_HASH-4.9.146 = 58195a8be3085d117c83a2ed1caa3b46ea7c1614c75f951b9f13f7adb03f8e59
-LINUX_KERNEL_HASH-4.14.88 = b0f0b8c76708eab6caf3009702e531d40a243b152922ee1f9a441316f226f52d
+LINUX_KERNEL_HASH-4.14.89 = ce6e16ac44dddd0d6a232bf2ce03e8bf8beca19f9b84503684466d140a1a0b25
 LINUX_KERNEL_HASH-4.19.9 = fc116cc6829c73944215d3b3ac0fc368dde9e8235b456744afffde001269dbf2
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))

target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch

@@ -74,7 +74,7 @@ Cc: Kir Kolyshkin <kir@openvz.org>
  		    sk->sk_gso_max_size - 1 - MAX_TCP_HEADER);
  
  	/* Goal is to send at least one packet per ms,
-@@ -2184,7 +2184,7 @@ static bool tcp_small_queue_check(struct
+@@ -2200,7 +2200,7 @@ static bool tcp_small_queue_check(struct
  {
  	unsigned int limit;
  

target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch

@@ -1,32 +0,0 @@
-From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
-From: Alin Nastac <alin.nastac@gmail.com>
-Date: Wed, 21 Nov 2018 14:00:30 +0100
-Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
-
-When ip6_route_me_harder is invoked, it resets outgoing interface of:
-  - link-local scoped packets sent by neighbor discovery
-  - multicast packets sent by MLD host
-  - multicast packets send by MLD proxy daemon that sets outgoing
-    interface through IPV6_PKTINFO ipi6_ifindex
-
-Link-local and multicast packets must keep their original oif after
-ip6_route_me_harder is called.
-
-Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- net/ipv6/netfilter.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/net/ipv6/netfilter.c
-+++ b/net/ipv6/netfilter.c
-@@ -25,7 +25,8 @@ int ip6_route_me_harder(struct net *net,
- 	unsigned int hh_len;
- 	struct dst_entry *dst;
- 	struct flowi6 fl6 = {
--		.flowi6_oif = sk ? sk->sk_bound_dev_if : 0,
-+		.flowi6_oif = sk && sk->sk_bound_dev_if ? sk->sk_bound_dev_if :
-+			rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
- 		.flowi6_mark = skb->mark,
- 		.flowi6_uid = sock_net_uid(net, sk),
- 		.daddr = iph->daddr,

target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch

@@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  		nft_chain_release_hook(&hook);
  	}
-@@ -5135,10 +5123,9 @@ static int nf_tables_commit(struct net *
+@@ -5129,10 +5117,9 @@ static int nf_tables_commit(struct net *
  		case NFT_MSG_DELCHAIN:
  			list_del_rcu(&trans->ctx.chain->list);
  			nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
@@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			break;
  		case NFT_MSG_NEWRULE:
  			nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5275,10 +5262,9 @@ static int nf_tables_abort(struct net *n
+@@ -5269,10 +5256,9 @@ static int nf_tables_abort(struct net *n
  			} else {
  				trans->ctx.table->use--;
  				list_del_rcu(&trans->ctx.chain->list);
@@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			}
  			break;
  		case NFT_MSG_DELCHAIN:
-@@ -5381,7 +5367,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5375,7 +5361,7 @@ int nft_chain_validate_hooks(const struc
  	if (nft_is_base_chain(chain)) {
  		basechain = nft_base_chain(chain);
  
@@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			return 0;
  
  		return -EOPNOTSUPP;
-@@ -5863,8 +5849,7 @@ int __nft_release_basechain(struct nft_c
+@@ -5857,8 +5843,7 @@ int __nft_release_basechain(struct nft_c
  
  	BUG_ON(!nft_is_base_chain(ctx->chain));
  
@@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
  		list_del(&rule->list);
  		ctx->chain->use--;
-@@ -5893,8 +5878,7 @@ static void __nft_release_afinfo(struct
+@@ -5887,8 +5872,7 @@ static void __nft_release_afinfo(struct
  
  	list_for_each_entry_safe(table, nt, &afi->tables, list) {
  		list_for_each_entry(chain, &table->chains, list)
@@ -379,7 +379,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  		par->hook_mask = 1 << ops->hooknum;
  	} else {
-@@ -564,7 +564,7 @@ static int nft_match_validate(const stru
+@@ -565,7 +565,7 @@ static int nft_match_validate(const stru
  	if (nft_is_base_chain(ctx->chain)) {
  		const struct nft_base_chain *basechain =
  						nft_base_chain(ctx->chain);

target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch

@@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
  		err = nft_delobj(ctx, obj);
  		if (err < 0)
-@@ -4835,6 +4879,605 @@ static void nf_tables_obj_notify(const s
+@@ -4829,6 +4873,605 @@ static void nf_tables_obj_notify(const s
  		       ctx->afi->family, ctx->report, GFP_KERNEL);
  }
  
@@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
  				   u32 portid, u32 seq)
  {
-@@ -4865,6 +5508,49 @@ nla_put_failure:
+@@ -4859,6 +5502,49 @@ nla_put_failure:
  	return -EMSGSIZE;
  }
  
@@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
  				 int event)
  {
-@@ -5017,6 +5703,21 @@ static const struct nfnl_callback nf_tab
+@@ -5011,6 +5697,21 @@ static const struct nfnl_callback nf_tab
  		.attr_count	= NFTA_OBJ_MAX,
  		.policy		= nft_obj_policy,
  	},
@@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static void nft_chain_commit_update(struct nft_trans *trans)
-@@ -5065,6 +5766,9 @@ static void nf_tables_commit_release(str
+@@ -5059,6 +5760,9 @@ static void nf_tables_commit_release(str
  	case NFT_MSG_DELOBJ:
  		nft_obj_destroy(nft_trans_obj(trans));
  		break;
@@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	kfree(trans);
  }
-@@ -5184,6 +5888,21 @@ static int nf_tables_commit(struct net *
+@@ -5178,6 +5882,21 @@ static int nf_tables_commit(struct net *
  			nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
  					     NFT_MSG_DELOBJ);
  			break;
@@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  
-@@ -5221,6 +5940,9 @@ static void nf_tables_abort_release(stru
+@@ -5215,6 +5934,9 @@ static void nf_tables_abort_release(stru
  	case NFT_MSG_NEWOBJ:
  		nft_obj_destroy(nft_trans_obj(trans));
  		break;
@@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	kfree(trans);
  }
-@@ -5312,6 +6034,17 @@ static int nf_tables_abort(struct net *n
+@@ -5306,6 +6028,17 @@ static int nf_tables_abort(struct net *n
  			nft_clear(trans->ctx.net, nft_trans_obj(trans));
  			nft_trans_destroy(trans);
  			break;
@@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  
-@@ -5862,6 +6595,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
+@@ -5856,6 +6589,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
  /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
  static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
  {
@@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table, *nt;
  	struct nft_chain *chain, *nc;
  	struct nft_object *obj, *ne;
-@@ -5875,6 +6609,9 @@ static void __nft_release_afinfo(struct
+@@ -5869,6 +6603,9 @@ static void __nft_release_afinfo(struct
  	list_for_each_entry_safe(table, nt, &afi->tables, list) {
  		list_for_each_entry(chain, &table->chains, list)
  			nf_tables_unregister_hook(net, table, chain);
@@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		/* No packets are walking on these chains anymore. */
  		ctx.table = table;
  		list_for_each_entry(chain, &table->chains, list) {
-@@ -5885,6 +6622,11 @@ static void __nft_release_afinfo(struct
+@@ -5879,6 +6616,11 @@ static void __nft_release_afinfo(struct
  				nf_tables_rule_release(&ctx, rule);
  			}
  		}
@@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		list_for_each_entry_safe(set, ns, &table->sets, list) {
  			list_del(&set->list);
  			table->use--;
-@@ -5928,6 +6670,8 @@ static int __init nf_tables_module_init(
+@@ -5922,6 +6664,8 @@ static int __init nf_tables_module_init(
  	if (err < 0)
  		goto err3;
  
@@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
  	return register_pernet_subsys(&nf_tables_net_ops);
  err3:
-@@ -5942,6 +6686,7 @@ static void __exit nf_tables_module_exit
+@@ -5936,6 +6680,7 @@ static void __exit nf_tables_module_exit
  {
  	unregister_pernet_subsys(&nf_tables_net_ops);
  	nfnetlink_subsys_unregister(&nf_tables_subsys);

target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch

@@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
  
  	type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
-@@ -4987,7 +4984,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4981,7 +4978,7 @@ static int nf_tables_flowtable_parse_hoo
  		return -EINVAL;
  
  	hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));

target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch

@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5411,7 +5411,7 @@ static int nf_tables_getflowtable(struct
+@@ -5405,7 +5405,7 @@ static int nf_tables_getflowtable(struct
  
  	flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
  					       genmask);

target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch

@@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (ret >= 0) {
  			ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
  			nft_trans_table_enable(trans) = true;
-@@ -5792,7 +5785,6 @@ static int nf_tables_commit(struct net *
+@@ -5786,7 +5779,6 @@ static int nf_tables_commit(struct net *
  			if (nft_trans_table_update(trans)) {
  				if (!nft_trans_table_enable(trans)) {
  					nf_tables_table_disable(net,
@@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  								trans->ctx.table);
  					trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
  				}
-@@ -5956,7 +5948,6 @@ static int nf_tables_abort(struct net *n
+@@ -5950,7 +5942,6 @@ static int nf_tables_abort(struct net *n
  			if (nft_trans_table_update(trans)) {
  				if (nft_trans_table_enable(trans)) {
  					nf_tables_table_disable(net,

target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch

@@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5330,8 +5330,10 @@ static int nf_tables_dump_flowtable_done
+@@ -5324,8 +5324,10 @@ static int nf_tables_dump_flowtable_done
  	if (!filter)
  		return 0;
  

target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

@@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -2322,7 +2317,8 @@ static int nf_tables_newrule(struct net
+@@ -2323,7 +2318,8 @@ static int nf_tables_newrule(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -2361,7 +2357,7 @@ static int nf_tables_newrule(struct net
+@@ -2362,7 +2358,7 @@ static int nf_tables_newrule(struct net
  			return PTR_ERR(old_rule);
  	}
  
@@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	n = 0;
  	size = 0;
-@@ -2501,7 +2497,8 @@ static int nf_tables_delrule(struct net
+@@ -2495,7 +2491,8 @@ static int nf_tables_delrule(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -2512,7 +2509,7 @@ static int nf_tables_delrule(struct net
+@@ -2506,7 +2503,7 @@ static int nf_tables_delrule(struct net
  			return PTR_ERR(chain);
  	}
  
@@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (chain) {
  		if (nla[NFTA_RULE_HANDLE]) {
-@@ -2710,13 +2707,13 @@ static int nft_ctx_init_from_setattr(str
+@@ -2704,13 +2701,13 @@ static int nft_ctx_init_from_setattr(str
  		if (afi == NULL)
  			return -EAFNOSUPPORT;
  
@@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -2844,7 +2841,7 @@ static int nf_tables_fill_set(struct sk_
+@@ -2838,7 +2835,7 @@ static int nf_tables_fill_set(struct sk_
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version		= NFNETLINK_V0;
  	nfmsg->res_id		= htons(ctx->net->nft.base_seq & 0xffff);
  
-@@ -2936,10 +2933,8 @@ static int nf_tables_dump_sets(struct sk
+@@ -2930,10 +2927,8 @@ static int nf_tables_dump_sets(struct sk
  {
  	const struct nft_set *set;
  	unsigned int idx, s_idx = cb->args[0];
@@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_ctx *ctx = cb->data, ctx_set;
  
  	if (cb->args[1])
-@@ -2948,51 +2943,44 @@ static int nf_tables_dump_sets(struct sk
+@@ -2942,51 +2937,44 @@ static int nf_tables_dump_sets(struct sk
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	cb->args[1] = 1;
  done:
-@@ -3202,11 +3190,12 @@ static int nf_tables_newset(struct net *
+@@ -3196,11 +3184,12 @@ static int nf_tables_newset(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
  	if (IS_ERR(set)) {
-@@ -3475,12 +3464,12 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3469,12 +3458,12 @@ static int nft_ctx_init_from_elemattr(st
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -3585,7 +3574,6 @@ static int nf_tables_dump_set(struct sk_
+@@ -3579,7 +3568,6 @@ static int nf_tables_dump_set(struct sk_
  {
  	struct nft_set_dump_ctx *dump_ctx = cb->data;
  	struct net *net = sock_net(skb->sk);
@@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_set *set;
  	struct nft_set_dump_args args;
-@@ -3597,21 +3585,19 @@ static int nf_tables_dump_set(struct sk_
+@@ -3591,21 +3579,19 @@ static int nf_tables_dump_set(struct sk_
  	int event;
  
  	rcu_read_lock();
@@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  		break;
  	}
-@@ -3631,7 +3617,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3625,7 +3611,7 @@ static int nf_tables_dump_set(struct sk_
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version      = NFNETLINK_V0;
  	nfmsg->res_id	    = htons(net->nft.base_seq & 0xffff);
  
-@@ -3733,7 +3719,7 @@ static int nf_tables_fill_setelem_info(s
+@@ -3727,7 +3713,7 @@ static int nf_tables_fill_setelem_info(s
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version		= NFNETLINK_V0;
  	nfmsg->res_id		= htons(ctx->net->nft.base_seq & 0xffff);
  
-@@ -3977,7 +3963,7 @@ static int nft_add_set_elem(struct nft_c
+@@ -3971,7 +3957,7 @@ static int nft_add_set_elem(struct nft_c
  		list_for_each_entry(binding, &set->bindings, list) {
  			struct nft_ctx bind_ctx = {
  				.net	= ctx->net,
@@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				.table	= ctx->table,
  				.chain	= (struct nft_chain *)binding->chain,
  			};
-@@ -4527,7 +4513,8 @@ static int nf_tables_newobj(struct net *
+@@ -4521,7 +4507,8 @@ static int nf_tables_newobj(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -4545,7 +4532,7 @@ static int nf_tables_newobj(struct net *
+@@ -4539,7 +4526,7 @@ static int nf_tables_newobj(struct net *
  		return 0;
  	}
  
@@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	type = nft_obj_type_get(objtype);
  	if (IS_ERR(type))
-@@ -4622,7 +4609,6 @@ struct nft_obj_filter {
+@@ -4616,7 +4603,6 @@ struct nft_obj_filter {
  static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	unsigned int idx = 0, s_idx = cb->args[0];
  	struct nft_obj_filter *filter = cb->data;
-@@ -4637,38 +4623,37 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4631,38 +4617,37 @@ static int nf_tables_dump_obj(struct sk_
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  done:
-@@ -4755,7 +4740,8 @@ static int nf_tables_getobj(struct net *
+@@ -4749,7 +4734,8 @@ static int nf_tables_getobj(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -4815,7 +4801,8 @@ static int nf_tables_delobj(struct net *
+@@ -4809,7 +4795,8 @@ static int nf_tables_delobj(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -4826,7 +4813,7 @@ static int nf_tables_delobj(struct net *
+@@ -4820,7 +4807,7 @@ static int nf_tables_delobj(struct net *
  	if (obj->use > 0)
  		return -EBUSY;
  
@@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delobj(&ctx, obj);
  }
-@@ -4864,7 +4851,7 @@ static void nf_tables_obj_notify(const s
+@@ -4858,7 +4845,7 @@ static void nf_tables_obj_notify(const s
  				 struct nft_object *obj, int event)
  {
  	nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
@@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  /*
-@@ -5054,7 +5041,7 @@ void nft_flow_table_iterate(struct net *
+@@ -5048,7 +5035,7 @@ void nft_flow_table_iterate(struct net *
  
  	rcu_read_lock();
  	list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
@@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
  				iter(&flowtable->data, data);
  			}
-@@ -5102,7 +5089,8 @@ static int nf_tables_newflowtable(struct
+@@ -5096,7 +5083,8 @@ static int nf_tables_newflowtable(struct
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5119,7 +5107,7 @@ static int nf_tables_newflowtable(struct
+@@ -5113,7 +5101,7 @@ static int nf_tables_newflowtable(struct
  		return 0;
  	}
  
@@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
  	if (!flowtable)
-@@ -5200,7 +5188,8 @@ static int nf_tables_delflowtable(struct
+@@ -5194,7 +5182,8 @@ static int nf_tables_delflowtable(struct
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5211,7 +5200,7 @@ static int nf_tables_delflowtable(struct
+@@ -5205,7 +5194,7 @@ static int nf_tables_delflowtable(struct
  	if (flowtable->use > 0)
  		return -EBUSY;
  
@@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delflowtable(&ctx, flowtable);
  }
-@@ -5280,40 +5269,37 @@ static int nf_tables_dump_flowtable(stru
+@@ -5274,40 +5263,37 @@ static int nf_tables_dump_flowtable(stru
  	struct net *net = sock_net(skb->sk);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  done:
-@@ -5398,7 +5384,8 @@ static int nf_tables_getflowtable(struct
+@@ -5392,7 +5378,8 @@ static int nf_tables_getflowtable(struct
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5441,7 +5428,7 @@ static void nf_tables_flowtable_notify(s
+@@ -5435,7 +5422,7 @@ static void nf_tables_flowtable_notify(s
  
  	err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
  					    ctx->seq, event, 0,
@@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (err < 0) {
  		kfree_skb(skb);
  		goto err;
-@@ -5519,17 +5506,14 @@ static int nf_tables_flowtable_event(str
+@@ -5513,17 +5500,14 @@ static int nf_tables_flowtable_event(str
  	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
  	struct nft_flowtable *flowtable;
  	struct nft_table *table;
@@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
-@@ -6555,6 +6539,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
+@@ -6549,6 +6533,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
  static int __net_init nf_tables_init_net(struct net *net)
  {
  	INIT_LIST_HEAD(&net->nft.af_info);
@@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	INIT_LIST_HEAD(&net->nft.commit_list);
  	net->nft.base_seq = 1;
  	return 0;
-@@ -6591,10 +6576,10 @@ static void __nft_release_afinfo(struct
+@@ -6585,10 +6570,10 @@ static void __nft_release_afinfo(struct
  	struct nft_set *set, *ns;
  	struct nft_ctx ctx = {
  		.net	= net,
@@ -1255,7 +1255,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	par->nft_compat = true;
  }
  
-@@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx
+@@ -503,7 +503,7 @@ __nft_match_destroy(const struct nft_ctx
  	par.net = ctx->net;
  	par.match = match;
  	par.matchinfo = info;
@@ -1264,7 +1264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (par.match->destroy != NULL)
  		par.match->destroy(&par);
  
-@@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct
+@@ -733,7 +733,7 @@ nft_match_select_ops(const struct nft_ct
  
  	mt_name = nla_data(tb[NFTA_MATCH_NAME]);
  	rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV]));
@@ -1273,7 +1273,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	/* Re-use the existing match if it's already loaded. */
  	list_for_each_entry(nft_match, &nft_match_list, head) {
-@@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c
+@@ -824,7 +824,7 @@ nft_target_select_ops(const struct nft_c
  
  	tg_name = nla_data(tb[NFTA_TARGET_NAME]);
  	rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV]));

target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch

@@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static struct pernet_operations clusterip_net_ops = {
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -6545,6 +6545,12 @@ static int __net_init nf_tables_init_net
+@@ -6539,6 +6539,12 @@ static int __net_init nf_tables_init_net
  	return 0;
  }
  
@@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int __nft_release_basechain(struct nft_ctx *ctx)
  {
  	struct nft_rule *rule, *nr;
-@@ -6622,6 +6628,7 @@ static void __nft_release_afinfo(struct
+@@ -6616,6 +6622,7 @@ static void __nft_release_afinfo(struct
  
  static struct pernet_operations nf_tables_net_ops = {
  	.init	= nf_tables_init_net,

target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch

@@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (afi->family == family)
  			return afi;
  	}
-@@ -5036,15 +5034,12 @@ void nft_flow_table_iterate(struct net *
+@@ -5030,15 +5028,12 @@ void nft_flow_table_iterate(struct net *
  			    void *data)
  {
  	struct nft_flowtable *flowtable;
@@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  	rcu_read_unlock();
-@@ -6536,21 +6531,6 @@ int nft_data_dump(struct sk_buff *skb, i
+@@ -6530,21 +6525,6 @@ int nft_data_dump(struct sk_buff *skb, i
  }
  EXPORT_SYMBOL_GPL(nft_data_dump);
  
@@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int __nft_release_basechain(struct nft_ctx *ctx)
  {
  	struct nft_rule *rule, *nr;
-@@ -6571,8 +6551,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6565,8 +6545,7 @@ int __nft_release_basechain(struct nft_c
  }
  EXPORT_SYMBOL_GPL(__nft_release_basechain);
  
@@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nft_flowtable *flowtable, *nf;
  	struct nft_table *table, *nt;
-@@ -6582,10 +6561,11 @@ static void __nft_release_afinfo(struct
+@@ -6576,10 +6555,11 @@ static void __nft_release_afinfo(struct
  	struct nft_set *set, *ns;
  	struct nft_ctx ctx = {
  		.net	= net,
@@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		list_for_each_entry(chain, &table->chains, list)
  			nf_tables_unregister_hook(net, table, chain);
  		list_for_each_entry(flowtable, &table->flowtables, list)
-@@ -6626,6 +6606,21 @@ static void __nft_release_afinfo(struct
+@@ -6620,6 +6600,21 @@ static void __nft_release_afinfo(struct
  	}
  }
  

target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch

@@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -2295,7 +2188,7 @@ static int nf_tables_newrule(struct net
+@@ -2296,7 +2189,7 @@ static int nf_tables_newrule(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_chain *chain;
  	struct nft_rule *rule, *old_rule = NULL;
-@@ -2311,11 +2204,7 @@ static int nf_tables_newrule(struct net
+@@ -2312,11 +2205,7 @@ static int nf_tables_newrule(struct net
  
  	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
  
@@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -2355,7 +2244,7 @@ static int nf_tables_newrule(struct net
+@@ -2356,7 +2245,7 @@ static int nf_tables_newrule(struct net
  			return PTR_ERR(old_rule);
  	}
  
@@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	n = 0;
  	size = 0;
-@@ -2484,18 +2373,13 @@ static int nf_tables_delrule(struct net
+@@ -2478,18 +2367,13 @@ static int nf_tables_delrule(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -2507,7 +2391,7 @@ static int nf_tables_delrule(struct net
+@@ -2501,7 +2385,7 @@ static int nf_tables_delrule(struct net
  			return PTR_ERR(chain);
  	}
  
@@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (chain) {
  		if (nla[NFTA_RULE_HANDLE]) {
-@@ -2692,26 +2576,17 @@ static int nft_ctx_init_from_setattr(str
+@@ -2686,26 +2570,17 @@ static int nft_ctx_init_from_setattr(str
  				     u8 genmask)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -2943,7 +2818,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2937,7 +2812,7 @@ static int nf_tables_dump_sets(struct sk
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
  		if (ctx->family != NFPROTO_UNSPEC &&
@@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		if (ctx->table && ctx->table != table)
-@@ -2964,7 +2839,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2958,7 +2833,7 @@ static int nf_tables_dump_sets(struct sk
  
  			ctx_set = *ctx;
  			ctx_set.table = table;
@@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  			if (nf_tables_fill_set(skb, &ctx_set, set,
  					       NFT_MSG_NEWSET,
-@@ -3076,8 +2951,8 @@ static int nf_tables_newset(struct net *
+@@ -3070,8 +2945,8 @@ static int nf_tables_newset(struct net *
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_set *set;
  	struct nft_ctx ctx;
-@@ -3184,16 +3059,12 @@ static int nf_tables_newset(struct net *
+@@ -3178,16 +3053,12 @@ static int nf_tables_newset(struct net *
  
  	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
  
@@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
  	if (IS_ERR(set)) {
-@@ -3455,19 +3326,15 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3449,19 +3320,15 @@ static int nft_ctx_init_from_elemattr(st
  				      u8 genmask)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -3585,7 +3452,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3579,7 +3446,7 @@ static int nf_tables_dump_set(struct sk_
  	rcu_read_lock();
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
  		if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
@@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		if (table != dump_ctx->ctx.table)
-@@ -3615,7 +3482,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3609,7 +3476,7 @@ static int nf_tables_dump_set(struct sk_
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version      = NFNETLINK_V0;
  	nfmsg->res_id	    = htons(net->nft.base_seq & 0xffff);
  
-@@ -4495,7 +4362,6 @@ static int nf_tables_newobj(struct net *
+@@ -4489,7 +4356,6 @@ static int nf_tables_newobj(struct net *
  	const struct nft_object_type *type;
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
@@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_object *obj;
  	struct nft_ctx ctx;
-@@ -4507,11 +4373,7 @@ static int nf_tables_newobj(struct net *
+@@ -4501,11 +4367,7 @@ static int nf_tables_newobj(struct net *
  	    !nla[NFTA_OBJ_DATA])
  		return -EINVAL;
  
@@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -4530,7 +4392,7 @@ static int nf_tables_newobj(struct net *
+@@ -4524,7 +4386,7 @@ static int nf_tables_newobj(struct net *
  		return 0;
  	}
  
@@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	type = nft_obj_type_get(objtype);
  	if (IS_ERR(type))
-@@ -4622,7 +4484,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4616,7 +4478,7 @@ static int nf_tables_dump_obj(struct sk_
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		list_for_each_entry_rcu(obj, &table->objects, list) {
-@@ -4645,7 +4507,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4639,7 +4501,7 @@ static int nf_tables_dump_obj(struct sk_
  						    cb->nlh->nlmsg_seq,
  						    NFT_MSG_NEWOBJ,
  						    NLM_F_MULTI | NLM_F_APPEND,
@@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  						    obj, reset) < 0)
  				goto done;
  
-@@ -4703,7 +4565,6 @@ static int nf_tables_getobj(struct net *
+@@ -4697,7 +4559,6 @@ static int nf_tables_getobj(struct net *
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_cur(net);
  	int family = nfmsg->nfgen_family;
@@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	struct nft_object *obj;
  	struct sk_buff *skb2;
-@@ -4734,11 +4595,7 @@ static int nf_tables_getobj(struct net *
+@@ -4728,11 +4589,7 @@ static int nf_tables_getobj(struct net *
  	    !nla[NFTA_OBJ_TYPE])
  		return -EINVAL;
  
@@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -4785,7 +4642,6 @@ static int nf_tables_delobj(struct net *
+@@ -4779,7 +4636,6 @@ static int nf_tables_delobj(struct net *
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
@@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_object *obj;
  	struct nft_ctx ctx;
-@@ -4795,11 +4651,7 @@ static int nf_tables_delobj(struct net *
+@@ -4789,11 +4645,7 @@ static int nf_tables_delobj(struct net *
  	    !nla[NFTA_OBJ_NAME])
  		return -EINVAL;
  
@@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -4811,7 +4663,7 @@ static int nf_tables_delobj(struct net *
+@@ -4805,7 +4657,7 @@ static int nf_tables_delobj(struct net *
  	if (obj->use > 0)
  		return -EBUSY;
  
@@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delobj(&ctx, obj);
  }
-@@ -4996,33 +4848,31 @@ err1:
+@@ -4990,33 +4842,31 @@ err1:
  	return err;
  }
  
@@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			return ERR_PTR(-EAGAIN);
  	}
  #endif
-@@ -5070,7 +4920,6 @@ static int nf_tables_newflowtable(struct
+@@ -5064,7 +4914,6 @@ static int nf_tables_newflowtable(struct
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_ctx ctx;
  	int err, i, k;
-@@ -5080,12 +4929,8 @@ static int nf_tables_newflowtable(struct
+@@ -5074,12 +4923,8 @@ static int nf_tables_newflowtable(struct
  	    !nla[NFTA_FLOWTABLE_HOOK])
  		return -EINVAL;
  
@@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5102,7 +4947,7 @@ static int nf_tables_newflowtable(struct
+@@ -5096,7 +4941,7 @@ static int nf_tables_newflowtable(struct
  		return 0;
  	}
  
@@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
  	if (!flowtable)
-@@ -5115,7 +4960,7 @@ static int nf_tables_newflowtable(struct
+@@ -5109,7 +4954,7 @@ static int nf_tables_newflowtable(struct
  		goto err1;
  	}
  
@@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(type)) {
  		err = PTR_ERR(type);
  		goto err2;
-@@ -5175,16 +5020,11 @@ static int nf_tables_delflowtable(struct
+@@ -5169,16 +5014,11 @@ static int nf_tables_delflowtable(struct
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5195,7 +5035,7 @@ static int nf_tables_delflowtable(struct
+@@ -5189,7 +5029,7 @@ static int nf_tables_delflowtable(struct
  	if (flowtable->use > 0)
  		return -EBUSY;
  
@@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delflowtable(&ctx, flowtable);
  }
-@@ -5270,7 +5110,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5264,7 +5104,7 @@ static int nf_tables_dump_flowtable(stru
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
-@@ -5289,7 +5129,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5283,7 +5123,7 @@ static int nf_tables_dump_flowtable(stru
  							  cb->nlh->nlmsg_seq,
  							  NFT_MSG_NEWFLOWTABLE,
  							  NLM_F_MULTI | NLM_F_APPEND,
@@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				goto done;
  
  			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -5349,7 +5189,6 @@ static int nf_tables_getflowtable(struct
+@@ -5343,7 +5183,6 @@ static int nf_tables_getflowtable(struct
  	u8 genmask = nft_genmask_cur(net);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	struct sk_buff *skb2;
  	int err;
-@@ -5375,12 +5214,8 @@ static int nf_tables_getflowtable(struct
+@@ -5369,12 +5208,8 @@ static int nf_tables_getflowtable(struct
  	if (!nla[NFTA_FLOWTABLE_NAME])
  		return -EINVAL;
  
@@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -6551,7 +6386,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6545,7 +6380,7 @@ int __nft_release_basechain(struct nft_c
  }
  EXPORT_SYMBOL_GPL(__nft_release_basechain);
  
@@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nft_flowtable *flowtable, *nf;
  	struct nft_table *table, *nt;
-@@ -6564,7 +6399,7 @@ static void __nft_release_afinfo(struct
+@@ -6558,7 +6393,7 @@ static void __nft_release_afinfo(struct
  	};
  
  	list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
@@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  		list_for_each_entry(chain, &table->chains, list)
  			nf_tables_unregister_hook(net, table, chain);
-@@ -6616,7 +6451,7 @@ static int __net_init nf_tables_init_net
+@@ -6610,7 +6445,7 @@ static int __net_init nf_tables_init_net
  
  static void __net_exit nf_tables_exit_net(struct net *net)
  {

target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch

@@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4886,13 +4886,13 @@ void nft_flow_table_iterate(struct net *
+@@ -4880,13 +4880,13 @@ void nft_flow_table_iterate(struct net *
  	struct nft_flowtable *flowtable;
  	const struct nft_table *table;
  

target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch

@@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5271,17 +5271,12 @@ err:
+@@ -5265,17 +5265,12 @@ err:
  	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
  }
  

target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch

@@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(chain))
  		return PTR_ERR(chain);
  
-@@ -2563,6 +2611,7 @@ static const struct nla_policy nft_set_p
+@@ -2557,6 +2605,7 @@ static const struct nla_policy nft_set_p
  	[NFTA_SET_USERDATA]		= { .type = NLA_BINARY,
  					    .len  = NFT_USERDATA_MAXLEN },
  	[NFTA_SET_OBJ_TYPE]		= { .type = NLA_U32 },
@@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
-@@ -2606,6 +2655,22 @@ static struct nft_set *nf_tables_set_loo
+@@ -2600,6 +2649,22 @@ static struct nft_set *nf_tables_set_loo
  	return ERR_PTR(-ENOENT);
  }
  
@@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
  						 const struct nlattr *nla,
  						 u8 genmask)
-@@ -2722,6 +2787,9 @@ static int nf_tables_fill_set(struct sk_
+@@ -2716,6 +2781,9 @@ static int nf_tables_fill_set(struct sk_
  		goto nla_put_failure;
  	if (nla_put_string(skb, NFTA_SET_NAME, set->name))
  		goto nla_put_failure;
@@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (set->flags != 0)
  		if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
  			goto nla_put_failure;
-@@ -3130,6 +3198,7 @@ static int nf_tables_newset(struct net *
+@@ -3124,6 +3192,7 @@ static int nf_tables_newset(struct net *
  	set->udata  = udata;
  	set->timeout = timeout;
  	set->gc_int = gc_int;
@@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	err = ops->init(set, &desc, nla);
  	if (err < 0)
-@@ -3189,7 +3258,10 @@ static int nf_tables_delset(struct net *
+@@ -3183,7 +3252,10 @@ static int nf_tables_delset(struct net *
  	if (err < 0)
  		return err;
  
@@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(set))
  		return PTR_ERR(set);
  
-@@ -4250,6 +4322,21 @@ struct nft_object *nf_tables_obj_lookup(
+@@ -4244,6 +4316,21 @@ struct nft_object *nf_tables_obj_lookup(
  }
  EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
  
@@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
  	[NFTA_OBJ_TABLE]	= { .type = NLA_STRING,
  				    .len = NFT_TABLE_MAXNAMELEN - 1 },
-@@ -4257,6 +4344,7 @@ static const struct nla_policy nft_obj_p
+@@ -4251,6 +4338,7 @@ static const struct nla_policy nft_obj_p
  				    .len = NFT_OBJ_MAXNAMELEN - 1 },
  	[NFTA_OBJ_TYPE]		= { .type = NLA_U32 },
  	[NFTA_OBJ_DATA]		= { .type = NLA_NESTED },
@@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
-@@ -4404,6 +4492,8 @@ static int nf_tables_newobj(struct net *
+@@ -4398,6 +4486,8 @@ static int nf_tables_newobj(struct net *
  		goto err1;
  	}
  	obj->table = table;
@@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
  	if (!obj->name) {
  		err = -ENOMEM;
-@@ -4450,7 +4540,9 @@ static int nf_tables_fill_obj_info(struc
+@@ -4444,7 +4534,9 @@ static int nf_tables_fill_obj_info(struc
  	    nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
  	    nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
  	    nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
@@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		goto nla_put_failure;
  
  	nlmsg_end(skb, nlh);
-@@ -4648,7 +4740,7 @@ static int nf_tables_delobj(struct net *
+@@ -4642,7 +4734,7 @@ static int nf_tables_delobj(struct net *
  	u32 objtype;
  
  	if (!nla[NFTA_OBJ_TYPE] ||
@@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		return -EINVAL;
  
  	table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
-@@ -4657,7 +4749,12 @@ static int nf_tables_delobj(struct net *
+@@ -4651,7 +4743,12 @@ static int nf_tables_delobj(struct net *
  		return PTR_ERR(table);
  
  	objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
@@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(obj))
  		return PTR_ERR(obj);
  	if (obj->use > 0)
-@@ -4729,6 +4826,7 @@ static const struct nla_policy nft_flowt
+@@ -4723,6 +4820,7 @@ static const struct nla_policy nft_flowt
  	[NFTA_FLOWTABLE_NAME]		= { .type = NLA_STRING,
  					    .len = NFT_NAME_MAXLEN - 1 },
  	[NFTA_FLOWTABLE_HOOK]		= { .type = NLA_NESTED },
@@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
-@@ -4746,6 +4844,20 @@ struct nft_flowtable *nf_tables_flowtabl
+@@ -4740,6 +4838,20 @@ struct nft_flowtable *nf_tables_flowtabl
  }
  EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
  
@@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  #define NFT_FLOWTABLE_DEVICE_MAX	8
  
  static int nf_tables_parse_devices(const struct nft_ctx *ctx,
-@@ -4954,6 +5066,8 @@ static int nf_tables_newflowtable(struct
+@@ -4948,6 +5060,8 @@ static int nf_tables_newflowtable(struct
  		return -ENOMEM;
  
  	flowtable->table = table;
@@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
  	if (!flowtable->name) {
  		err = -ENOMEM;
-@@ -5028,8 +5142,14 @@ static int nf_tables_delflowtable(struct
+@@ -5022,8 +5136,14 @@ static int nf_tables_delflowtable(struct
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
@@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(flowtable))
                  return PTR_ERR(flowtable);
  	if (flowtable->use > 0)
-@@ -5062,7 +5182,9 @@ static int nf_tables_fill_flowtable_info
+@@ -5056,7 +5176,9 @@ static int nf_tables_fill_flowtable_info
  
  	if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
  	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||

target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch

@@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	.owner		= THIS_MODULE,
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5081,40 +5081,38 @@ static int nf_tables_newflowtable(struct
+@@ -5075,40 +5075,38 @@ static int nf_tables_newflowtable(struct
  	}
  
  	flowtable->data.type = type;
@@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  err3:
  	module_put(type->owner);
  err2:
-@@ -5395,10 +5393,8 @@ err:
+@@ -5389,10 +5387,8 @@ err:
  
  static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
  {

target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch

@@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4947,7 +4947,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4941,7 +4941,7 @@ static int nf_tables_flowtable_parse_hoo
  		flowtable->ops[i].pf		= NFPROTO_NETDEV;
  		flowtable->ops[i].hooknum	= hooknum;
  		flowtable->ops[i].priority	= priority;

target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch

@@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	WARN_ON(!nf_flow_offload_gc_step(flow_table));
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4991,23 +4991,6 @@ static const struct nf_flowtable_type *n
+@@ -4985,23 +4985,6 @@ static const struct nf_flowtable_type *n
  	return ERR_PTR(-ENOENT);
  }
  

target/linux/generic/pending-4.14/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch

@@ -71,7 +71,7 @@ Signed-off-by: Tobias Wolf <dev-NTEO@vplace.de>
 
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
-@@ -6141,7 +6141,7 @@ static void __ref alloc_node_mem_map(str
+@@ -6143,7 +6143,7 @@ static void __ref alloc_node_mem_map(str
  		mem_map = NODE_DATA(0)->node_mem_map;
  #if defined(CONFIG_HAVE_MEMBLOCK_NODE_MAP) || defined(CONFIG_FLATMEM)
  		if (page_to_pfn(mem_map) != pgdat->node_start_pfn)

target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch

@@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +MODULE_ALIAS("nf-flow-table-hw");
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4934,6 +4934,14 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4928,6 +4928,14 @@ static int nf_tables_flowtable_parse_hoo
  	if (err < 0)
  		goto err1;
  
@@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
  	if (!ops) {
  		err = -ENOMEM;
-@@ -5064,10 +5072,19 @@ static int nf_tables_newflowtable(struct
+@@ -5058,10 +5066,19 @@ static int nf_tables_newflowtable(struct
  	}
  
  	flowtable->data.type = type;
@@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
  					     flowtable);
  	if (err < 0)
-@@ -5165,7 +5182,8 @@ static int nf_tables_fill_flowtable_info
+@@ -5159,7 +5176,8 @@ static int nf_tables_fill_flowtable_info
  	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
  	    nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
  	    nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),

target/linux/mediatek/patches-4.14/0052-net-phy-add-FC.patch

@@ -10,7 +10,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/drivers/net/phy/phy_device.c
 +++ b/drivers/net/phy/phy_device.c
-@@ -1943,7 +1943,7 @@ static struct phy_driver genphy_driver =
+@@ -1940,7 +1940,7 @@ static struct phy_driver genphy_driver =
  	.config_init	= genphy_config_init,
  	.features	= PHY_GBIT_FEATURES | SUPPORTED_MII |
  			  SUPPORTED_AUI | SUPPORTED_FIBRE |