+++ /dev/null
-From 087501643bc2fb347e799289b538675a1d4ec218 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 6 Aug 2024 12:40:52 +0100
-Subject: netfilter: allow ipv6 fragments to arrive on different devices
-
-From: Tom Hughes <tom@compton.nu>
-
-[ Upstream commit 3cd740b985963f874a1a094f1969e998b9d05554 ]
-
-Commit 264640fc2c5f4 ("ipv6: distinguish frag queues by device
-for multicast and link-local packets") modified the ipv6 fragment
-reassembly logic to distinguish frag queues by device for multicast
-and link-local packets but in fact only the main reassembly code
-limits the use of the device to those address types and the netfilter
-reassembly code uses the device for all packets.
-
-This means that if fragments of a packet arrive on different interfaces
-then netfilter will fail to reassemble them and the fragments will be
-expired without going any further through the filters.
-
-Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units")
-Signed-off-by: Tom Hughes <tom@compton.nu>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/ipv6/netfilter/nf_conntrack_reasm.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
-index a0108415275fe..73c0b92bdf0ac 100644
---- a/net/ipv6/netfilter/nf_conntrack_reasm.c
-+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
-@@ -155,6 +155,10 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user,
- };
- struct inet_frag_queue *q;
-
-+ if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST |
-+ IPV6_ADDR_LINKLOCAL)))
-+ key.iif = 0;
-+
- q = inet_frag_find(nf_frag->fqdir, &key);
- if (!q)
- return NULL;
---
-2.43.0
-
+++ /dev/null
-From 862bc61697b69b021572388af4cb114aba0a4838 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 1 Apr 2021 16:11:07 +0200
-Subject: netfilter: nf_defrag_ipv6: use net_generic infra
-
-From: Florian Westphal <fw@strlen.de>
-
-[ Upstream commit 8b0adbe3e38dbe5aae9edf6f5159ffdca7cfbdf1 ]
-
-This allows followup patch to remove these members from struct net.
-
-Signed-off-by: Florian Westphal <fw@strlen.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Stable-dep-of: 3cd740b98596 ("netfilter: allow ipv6 fragments to arrive on different devices")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- include/net/netfilter/ipv6/nf_defrag_ipv6.h | 6 ++
- net/ipv6/netfilter/nf_conntrack_reasm.c | 68 +++++++++++----------
- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 15 +++--
- 3 files changed, 52 insertions(+), 37 deletions(-)
-
-diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
-index 6d31cd0411434..ece923e2035b5 100644
---- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
-+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
-@@ -13,4 +13,10 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user);
-
- struct inet_frags_ctl;
-
-+struct nft_ct_frag6_pernet {
-+ struct ctl_table_header *nf_frag_frags_hdr;
-+ struct fqdir *fqdir;
-+ unsigned int users;
-+};
-+
- #endif /* _NF_DEFRAG_IPV6_H */
-diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
-index c129ad334eb39..a0108415275fe 100644
---- a/net/ipv6/netfilter/nf_conntrack_reasm.c
-+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
-@@ -15,28 +15,13 @@
- #include <linux/errno.h>
- #include <linux/types.h>
- #include <linux/string.h>
--#include <linux/socket.h>
--#include <linux/sockios.h>
--#include <linux/jiffies.h>
- #include <linux/net.h>
--#include <linux/list.h>
- #include <linux/netdevice.h>
--#include <linux/in6.h>
- #include <linux/ipv6.h>
--#include <linux/icmpv6.h>
--#include <linux/random.h>
- #include <linux/slab.h>
-
--#include <net/sock.h>
--#include <net/snmp.h>
- #include <net/ipv6_frag.h>
-
--#include <net/protocol.h>
--#include <net/transp_v6.h>
--#include <net/rawv6.h>
--#include <net/ndisc.h>
--#include <net/addrconf.h>
--#include <net/inet_ecn.h>
- #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
- #include <linux/sysctl.h>
- #include <linux/netfilter.h>
-@@ -44,11 +29,18 @@
- #include <linux/kernel.h>
- #include <linux/module.h>
- #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
-+#include <net/netns/generic.h>
-
- static const char nf_frags_cache_name[] = "nf-frags";
-
-+unsigned int nf_frag_pernet_id __read_mostly;
- static struct inet_frags nf_frags;
-
-+static struct nft_ct_frag6_pernet *nf_frag_pernet(struct net *net)
-+{
-+ return net_generic(net, nf_frag_pernet_id);
-+}
-+
- #ifdef CONFIG_SYSCTL
-
- static struct ctl_table nf_ct_frag6_sysctl_table[] = {
-@@ -75,6 +67,7 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
-
- static int nf_ct_frag6_sysctl_register(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag;
- struct ctl_table *table;
- struct ctl_table_header *hdr;
-
-@@ -86,18 +79,20 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
- goto err_alloc;
- }
-
-- table[0].data = &net->nf_frag.fqdir->timeout;
-- table[1].data = &net->nf_frag.fqdir->low_thresh;
-- table[1].extra2 = &net->nf_frag.fqdir->high_thresh;
-- table[2].data = &net->nf_frag.fqdir->high_thresh;
-- table[2].extra1 = &net->nf_frag.fqdir->low_thresh;
-- table[2].extra2 = &init_net.nf_frag.fqdir->high_thresh;
-+ nf_frag = nf_frag_pernet(net);
-+
-+ table[0].data = &nf_frag->fqdir->timeout;
-+ table[1].data = &nf_frag->fqdir->low_thresh;
-+ table[1].extra2 = &nf_frag->fqdir->high_thresh;
-+ table[2].data = &nf_frag->fqdir->high_thresh;
-+ table[2].extra1 = &nf_frag->fqdir->low_thresh;
-+ table[2].extra2 = &nf_frag->fqdir->high_thresh;
-
- hdr = register_net_sysctl(net, "net/netfilter", table);
- if (hdr == NULL)
- goto err_reg;
-
-- net->nf_frag_frags_hdr = hdr;
-+ nf_frag->nf_frag_frags_hdr = hdr;
- return 0;
-
- err_reg:
-@@ -109,10 +104,11 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
-
- static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
- struct ctl_table *table;
-
-- table = net->nf_frag_frags_hdr->ctl_table_arg;
-- unregister_net_sysctl_table(net->nf_frag_frags_hdr);
-+ table = nf_frag->nf_frag_frags_hdr->ctl_table_arg;
-+ unregister_net_sysctl_table(nf_frag->nf_frag_frags_hdr);
- if (!net_eq(net, &init_net))
- kfree(table);
- }
-@@ -149,6 +145,7 @@ static void nf_ct_frag6_expire(struct timer_list *t)
- static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user,
- const struct ipv6hdr *hdr, int iif)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
- struct frag_v6_compare_key key = {
- .id = id,
- .saddr = hdr->saddr,
-@@ -158,7 +155,7 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user,
- };
- struct inet_frag_queue *q;
-
-- q = inet_frag_find(net->nf_frag.fqdir, &key);
-+ q = inet_frag_find(nf_frag->fqdir, &key);
- if (!q)
- return NULL;
-
-@@ -495,37 +492,44 @@ EXPORT_SYMBOL_GPL(nf_ct_frag6_gather);
-
- static int nf_ct_net_init(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
- int res;
-
-- res = fqdir_init(&net->nf_frag.fqdir, &nf_frags, net);
-+ res = fqdir_init(&nf_frag->fqdir, &nf_frags, net);
- if (res < 0)
- return res;
-
-- net->nf_frag.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH;
-- net->nf_frag.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH;
-- net->nf_frag.fqdir->timeout = IPV6_FRAG_TIMEOUT;
-+ nf_frag->fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH;
-+ nf_frag->fqdir->low_thresh = IPV6_FRAG_LOW_THRESH;
-+ nf_frag->fqdir->timeout = IPV6_FRAG_TIMEOUT;
-
- res = nf_ct_frag6_sysctl_register(net);
- if (res < 0)
-- fqdir_exit(net->nf_frag.fqdir);
-+ fqdir_exit(nf_frag->fqdir);
- return res;
- }
-
- static void nf_ct_net_pre_exit(struct net *net)
- {
-- fqdir_pre_exit(net->nf_frag.fqdir);
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
-+
-+ fqdir_pre_exit(nf_frag->fqdir);
- }
-
- static void nf_ct_net_exit(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
-+
- nf_ct_frags6_sysctl_unregister(net);
-- fqdir_exit(net->nf_frag.fqdir);
-+ fqdir_exit(nf_frag->fqdir);
- }
-
- static struct pernet_operations nf_ct_net_ops = {
- .init = nf_ct_net_init,
- .pre_exit = nf_ct_net_pre_exit,
- .exit = nf_ct_net_exit,
-+ .id = &nf_frag_pernet_id,
-+ .size = sizeof(struct nft_ct_frag6_pernet),
- };
-
- static const struct rhashtable_params nfct_rhash_params = {
-diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
-index 6646a87fb5dc1..402dc4ca9504f 100644
---- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
-+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
-@@ -25,6 +25,8 @@
- #include <net/netfilter/nf_conntrack_zones.h>
- #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
-
-+extern unsigned int nf_frag_pernet_id;
-+
- static DEFINE_MUTEX(defrag6_mutex);
-
- static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
-@@ -89,10 +91,12 @@ static const struct nf_hook_ops ipv6_defrag_ops[] = {
-
- static void __net_exit defrag6_net_exit(struct net *net)
- {
-- if (net->nf.defrag_ipv6) {
-+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id);
-+
-+ if (nf_frag->users) {
- nf_unregister_net_hooks(net, ipv6_defrag_ops,
- ARRAY_SIZE(ipv6_defrag_ops));
-- net->nf.defrag_ipv6 = false;
-+ nf_frag->users = 0;
- }
- }
-
-@@ -130,21 +134,22 @@ static void __exit nf_defrag_fini(void)
-
- int nf_defrag_ipv6_enable(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id);
- int err = 0;
-
- might_sleep();
-
-- if (net->nf.defrag_ipv6)
-+ if (nf_frag->users)
- return 0;
-
- mutex_lock(&defrag6_mutex);
-- if (net->nf.defrag_ipv6)
-+ if (nf_frag->users)
- goto out_unlock;
-
- err = nf_register_net_hooks(net, ipv6_defrag_ops,
- ARRAY_SIZE(ipv6_defrag_ops));
- if (err == 0)
-- net->nf.defrag_ipv6 = true;
-+ nf_frag->users = 1;
-
- out_unlock:
- mutex_unlock(&defrag6_mutex);
---
-2.43.0
-
net-dsa-vsc73xx-use-read_poll_timeout-instead-delay-.patch
net-dsa-vsc73xx-check-busy-flag-in-mdio-operations.patch
mptcp-correct-mptcp_subflow_attr_ssn_offset-reserved.patch
-netfilter-nf_defrag_ipv6-use-net_generic-infra.patch
-netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch
netfilter-flowtable-initialise-extack-before-use.patch
net-hns3-fix-wrong-use-of-semaphore-up.patch
net-hns3-fix-a-deadlock-problem-when-config-tc-durin.patch
+++ /dev/null
-From 33b64cb513359df11f7e2931f56c55f0efeebf2a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Tue, 6 Aug 2024 12:40:52 +0100
-Subject: netfilter: allow ipv6 fragments to arrive on different devices
-
-From: Tom Hughes <tom@compton.nu>
-
-[ Upstream commit 3cd740b985963f874a1a094f1969e998b9d05554 ]
-
-Commit 264640fc2c5f4 ("ipv6: distinguish frag queues by device
-for multicast and link-local packets") modified the ipv6 fragment
-reassembly logic to distinguish frag queues by device for multicast
-and link-local packets but in fact only the main reassembly code
-limits the use of the device to those address types and the netfilter
-reassembly code uses the device for all packets.
-
-This means that if fragments of a packet arrive on different interfaces
-then netfilter will fail to reassemble them and the fragments will be
-expired without going any further through the filters.
-
-Fixes: 648700f76b03 ("inet: frags: use rhashtables for reassembly units")
-Signed-off-by: Tom Hughes <tom@compton.nu>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- net/ipv6/netfilter/nf_conntrack_reasm.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
-index 24ec295454940..db4592ada9491 100644
---- a/net/ipv6/netfilter/nf_conntrack_reasm.c
-+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
-@@ -155,6 +155,10 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user,
- };
- struct inet_frag_queue *q;
-
-+ if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST |
-+ IPV6_ADDR_LINKLOCAL)))
-+ key.iif = 0;
-+
- q = inet_frag_find(nf_frag->fqdir, &key);
- if (!q)
- return NULL;
---
-2.43.0
-
+++ /dev/null
-From 90a4f908c0a2bcb903bfa33cae72c235c4559c24 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 1 Apr 2021 16:11:07 +0200
-Subject: netfilter: nf_defrag_ipv6: use net_generic infra
-
-From: Florian Westphal <fw@strlen.de>
-
-[ Upstream commit 8b0adbe3e38dbe5aae9edf6f5159ffdca7cfbdf1 ]
-
-This allows followup patch to remove these members from struct net.
-
-Signed-off-by: Florian Westphal <fw@strlen.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Stable-dep-of: 3cd740b98596 ("netfilter: allow ipv6 fragments to arrive on different devices")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- include/net/netfilter/ipv6/nf_defrag_ipv6.h | 6 ++
- net/ipv6/netfilter/nf_conntrack_reasm.c | 68 +++++++++++----------
- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 15 +++--
- 3 files changed, 52 insertions(+), 37 deletions(-)
-
-diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
-index 6d31cd0411434..ece923e2035b5 100644
---- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h
-+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
-@@ -13,4 +13,10 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user);
-
- struct inet_frags_ctl;
-
-+struct nft_ct_frag6_pernet {
-+ struct ctl_table_header *nf_frag_frags_hdr;
-+ struct fqdir *fqdir;
-+ unsigned int users;
-+};
-+
- #endif /* _NF_DEFRAG_IPV6_H */
-diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
-index fed9666a2f7da..24ec295454940 100644
---- a/net/ipv6/netfilter/nf_conntrack_reasm.c
-+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
-@@ -15,28 +15,13 @@
- #include <linux/errno.h>
- #include <linux/types.h>
- #include <linux/string.h>
--#include <linux/socket.h>
--#include <linux/sockios.h>
--#include <linux/jiffies.h>
- #include <linux/net.h>
--#include <linux/list.h>
- #include <linux/netdevice.h>
--#include <linux/in6.h>
- #include <linux/ipv6.h>
--#include <linux/icmpv6.h>
--#include <linux/random.h>
- #include <linux/slab.h>
-
--#include <net/sock.h>
--#include <net/snmp.h>
- #include <net/ipv6_frag.h>
-
--#include <net/protocol.h>
--#include <net/transp_v6.h>
--#include <net/rawv6.h>
--#include <net/ndisc.h>
--#include <net/addrconf.h>
--#include <net/inet_ecn.h>
- #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
- #include <linux/sysctl.h>
- #include <linux/netfilter.h>
-@@ -44,11 +29,18 @@
- #include <linux/kernel.h>
- #include <linux/module.h>
- #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
-+#include <net/netns/generic.h>
-
- static const char nf_frags_cache_name[] = "nf-frags";
-
-+unsigned int nf_frag_pernet_id __read_mostly;
- static struct inet_frags nf_frags;
-
-+static struct nft_ct_frag6_pernet *nf_frag_pernet(struct net *net)
-+{
-+ return net_generic(net, nf_frag_pernet_id);
-+}
-+
- #ifdef CONFIG_SYSCTL
-
- static struct ctl_table nf_ct_frag6_sysctl_table[] = {
-@@ -75,6 +67,7 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
-
- static int nf_ct_frag6_sysctl_register(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag;
- struct ctl_table *table;
- struct ctl_table_header *hdr;
-
-@@ -86,18 +79,20 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
- goto err_alloc;
- }
-
-- table[0].data = &net->nf_frag.fqdir->timeout;
-- table[1].data = &net->nf_frag.fqdir->low_thresh;
-- table[1].extra2 = &net->nf_frag.fqdir->high_thresh;
-- table[2].data = &net->nf_frag.fqdir->high_thresh;
-- table[2].extra1 = &net->nf_frag.fqdir->low_thresh;
-- table[2].extra2 = &init_net.nf_frag.fqdir->high_thresh;
-+ nf_frag = nf_frag_pernet(net);
-+
-+ table[0].data = &nf_frag->fqdir->timeout;
-+ table[1].data = &nf_frag->fqdir->low_thresh;
-+ table[1].extra2 = &nf_frag->fqdir->high_thresh;
-+ table[2].data = &nf_frag->fqdir->high_thresh;
-+ table[2].extra1 = &nf_frag->fqdir->low_thresh;
-+ table[2].extra2 = &nf_frag->fqdir->high_thresh;
-
- hdr = register_net_sysctl(net, "net/netfilter", table);
- if (hdr == NULL)
- goto err_reg;
-
-- net->nf_frag_frags_hdr = hdr;
-+ nf_frag->nf_frag_frags_hdr = hdr;
- return 0;
-
- err_reg:
-@@ -109,10 +104,11 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
-
- static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
- struct ctl_table *table;
-
-- table = net->nf_frag_frags_hdr->ctl_table_arg;
-- unregister_net_sysctl_table(net->nf_frag_frags_hdr);
-+ table = nf_frag->nf_frag_frags_hdr->ctl_table_arg;
-+ unregister_net_sysctl_table(nf_frag->nf_frag_frags_hdr);
- if (!net_eq(net, &init_net))
- kfree(table);
- }
-@@ -149,6 +145,7 @@ static void nf_ct_frag6_expire(struct timer_list *t)
- static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user,
- const struct ipv6hdr *hdr, int iif)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
- struct frag_v6_compare_key key = {
- .id = id,
- .saddr = hdr->saddr,
-@@ -158,7 +155,7 @@ static struct frag_queue *fq_find(struct net *net, __be32 id, u32 user,
- };
- struct inet_frag_queue *q;
-
-- q = inet_frag_find(net->nf_frag.fqdir, &key);
-+ q = inet_frag_find(nf_frag->fqdir, &key);
- if (!q)
- return NULL;
-
-@@ -485,37 +482,44 @@ EXPORT_SYMBOL_GPL(nf_ct_frag6_gather);
-
- static int nf_ct_net_init(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
- int res;
-
-- res = fqdir_init(&net->nf_frag.fqdir, &nf_frags, net);
-+ res = fqdir_init(&nf_frag->fqdir, &nf_frags, net);
- if (res < 0)
- return res;
-
-- net->nf_frag.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH;
-- net->nf_frag.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH;
-- net->nf_frag.fqdir->timeout = IPV6_FRAG_TIMEOUT;
-+ nf_frag->fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH;
-+ nf_frag->fqdir->low_thresh = IPV6_FRAG_LOW_THRESH;
-+ nf_frag->fqdir->timeout = IPV6_FRAG_TIMEOUT;
-
- res = nf_ct_frag6_sysctl_register(net);
- if (res < 0)
-- fqdir_exit(net->nf_frag.fqdir);
-+ fqdir_exit(nf_frag->fqdir);
- return res;
- }
-
- static void nf_ct_net_pre_exit(struct net *net)
- {
-- fqdir_pre_exit(net->nf_frag.fqdir);
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
-+
-+ fqdir_pre_exit(nf_frag->fqdir);
- }
-
- static void nf_ct_net_exit(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = nf_frag_pernet(net);
-+
- nf_ct_frags6_sysctl_unregister(net);
-- fqdir_exit(net->nf_frag.fqdir);
-+ fqdir_exit(nf_frag->fqdir);
- }
-
- static struct pernet_operations nf_ct_net_ops = {
- .init = nf_ct_net_init,
- .pre_exit = nf_ct_net_pre_exit,
- .exit = nf_ct_net_exit,
-+ .id = &nf_frag_pernet_id,
-+ .size = sizeof(struct nft_ct_frag6_pernet),
- };
-
- static const struct rhashtable_params nfct_rhash_params = {
-diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
-index 6646a87fb5dc1..402dc4ca9504f 100644
---- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
-+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
-@@ -25,6 +25,8 @@
- #include <net/netfilter/nf_conntrack_zones.h>
- #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
-
-+extern unsigned int nf_frag_pernet_id;
-+
- static DEFINE_MUTEX(defrag6_mutex);
-
- static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
-@@ -89,10 +91,12 @@ static const struct nf_hook_ops ipv6_defrag_ops[] = {
-
- static void __net_exit defrag6_net_exit(struct net *net)
- {
-- if (net->nf.defrag_ipv6) {
-+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id);
-+
-+ if (nf_frag->users) {
- nf_unregister_net_hooks(net, ipv6_defrag_ops,
- ARRAY_SIZE(ipv6_defrag_ops));
-- net->nf.defrag_ipv6 = false;
-+ nf_frag->users = 0;
- }
- }
-
-@@ -130,21 +134,22 @@ static void __exit nf_defrag_fini(void)
-
- int nf_defrag_ipv6_enable(struct net *net)
- {
-+ struct nft_ct_frag6_pernet *nf_frag = net_generic(net, nf_frag_pernet_id);
- int err = 0;
-
- might_sleep();
-
-- if (net->nf.defrag_ipv6)
-+ if (nf_frag->users)
- return 0;
-
- mutex_lock(&defrag6_mutex);
-- if (net->nf.defrag_ipv6)
-+ if (nf_frag->users)
- goto out_unlock;
-
- err = nf_register_net_hooks(net, ipv6_defrag_ops,
- ARRAY_SIZE(ipv6_defrag_ops));
- if (err == 0)
-- net->nf.defrag_ipv6 = true;
-+ nf_frag->users = 1;
-
- out_unlock:
- mutex_unlock(&defrag6_mutex);
---
-2.43.0
-
net-axienet-autodetect-64-bit-dma-capability.patch
net-axienet-fix-register-defines-comment-description.patch
net-dsa-vsc73xx-pass-value-in-phy_write-operation.patch
-netfilter-nf_defrag_ipv6-use-net_generic-infra.patch
-netfilter-allow-ipv6-fragments-to-arrive-on-differen.patch
net-hns3-fix-a-deadlock-problem-when-config-tc-durin.patch
alsa-hda-realtek-fix-noise-from-speakers-on-lenovo-i.patch
ssb-fix-division-by-zero-issue-in-ssb_calc_clock_rat.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
