drop 4.14.y netfilter patch

diff --git a/queue-4.14/netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch b/queue-4.14/netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch
deleted file mode 100644 (file)
index 7904030..0000000
--- a/queue-4.14/netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From foo@baz Sun May 27 16:52:54 CEST 2018
-From: Florian Westphal <fw@strlen.de>
-Date: Thu, 15 Feb 2018 00:23:05 +0100
-Subject: netfilter: don't set F_IFACE on ipv6 fib lookups
-
-From: Florian Westphal <fw@strlen.de>
-
-[ Upstream commit 47b7e7f82802dced3ac73658bf4b77584a63063f ]
-
-"fib" starts to behave strangely when an ipv6 default route is
-added - the FIB lookup returns a route using 'oif' in this case.
-
-This behaviour was inherited from ip6tables rpfilter so change
-this as well.
-
-Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1221
-Signed-off-by: Florian Westphal <fw@strlen.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/ipv6/netfilter/ip6t_rpfilter.c |    4 ----
- net/ipv6/netfilter/nft_fib_ipv6.c  |   12 ++----------
- 2 files changed, 2 insertions(+), 14 deletions(-)
-
---- a/net/ipv6/netfilter/ip6t_rpfilter.c
-+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
-@@ -48,10 +48,6 @@ static bool rpfilter_lookup_reverse6(str
-       }
- 
-       fl6.flowi6_mark = flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
--      if ((flags & XT_RPFILTER_LOOSE) == 0) {
--              fl6.flowi6_oif = dev->ifindex;
--              lookup_flags |= RT6_LOOKUP_F_IFACE;
--      }
- 
-       rt = (void *) ip6_route_lookup(net, &fl6, lookup_flags);
-       if (rt->dst.error)
---- a/net/ipv6/netfilter/nft_fib_ipv6.c
-+++ b/net/ipv6/netfilter/nft_fib_ipv6.c
-@@ -182,7 +182,6 @@ void nft_fib6_eval(const struct nft_expr
-       }
- 
-       *dest = 0;
-- again:
-       rt = (void *)ip6_route_lookup(nft_net(pkt), &fl6, lookup_flags);
-       if (rt->dst.error)
-               goto put_rt_err;
-@@ -191,15 +190,8 @@ void nft_fib6_eval(const struct nft_expr
-       if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL))
-               goto put_rt_err;
- 
--      if (oif && oif != rt->rt6i_idev->dev) {
--              /* multipath route? Try again with F_IFACE */
--              if ((lookup_flags & RT6_LOOKUP_F_IFACE) == 0) {
--                      lookup_flags |= RT6_LOOKUP_F_IFACE;
--                      fl6.flowi6_oif = oif->ifindex;
--                      ip6_rt_put(rt);
--                      goto again;
--              }
--      }
-+      if (oif && oif != rt->rt6i_idev->dev)
-+              goto put_rt_err;
- 
-       switch (priv->result) {
-       case NFT_FIB_RESULT_OIF:

diff --git a/queue-4.14/series b/queue-4.14/series
index d7fac82f211e262c645f7d9cada54bcd2af004a2..9da462ae3cf7243f9d2932d81a4b401ce34d1987 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -148,7 +148,6 @@ batman-adv-ignore-invalid-batadv_iv_gw-during-netlink-send.patch
 batman-adv-ignore-invalid-batadv_v_gw-during-netlink-send.patch
 batman-adv-fix-netlink-dumping-of-bla-claims.patch
 batman-adv-fix-netlink-dumping-of-bla-backbones.patch
-netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch
 nvme-pci-fix-nvme-queue-cleanup-if-irq-setup-fails.patch
 clocksource-drivers-fsl_ftm_timer-fix-error-return-checking.patch
 libceph-ceph-avoid-memory-leak-when-specifying-same-option-several-times.patch