--- /dev/null
+From 23b7ca4f745f21c2b9cfcb67fdd33733b3ae7e66 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Fri, 15 Feb 2019 12:50:24 +0100
+Subject: netfilter: nf_tables: fix flush after rule deletion in the same batch
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 23b7ca4f745f21c2b9cfcb67fdd33733b3ae7e66 upstream.
+
+Flush after rule deletion bogusly hits -ENOENT. Skip rules that have
+been already from nft_delrule_by_chain() which is always called from the
+flush path.
+
+Fixes: cf9dc09d0949 ("netfilter: nf_tables: fix missing rules flushing per table")
+Reported-by: Phil Sutter <phil@nwl.cc>
+Acked-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_api.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -263,6 +263,9 @@ static int nft_delrule_by_chain(struct n
+ int err;
+
+ list_for_each_entry(rule, &ctx->chain->rules, list) {
++ if (!nft_is_active_next(ctx->net, rule))
++ continue;
++
+ err = nft_delrule(ctx, rule);
+ if (err < 0)
+ return err;
--- /dev/null
+From 278e2148c07559dd4ad8602f22366d61eb2ee7b7 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Fri, 22 Feb 2019 21:22:32 +0800
+Subject: Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+commit 278e2148c07559dd4ad8602f22366d61eb2ee7b7 upstream.
+
+This reverts commit 5a2de63fd1a5 ("bridge: do not add port to router list
+when receives query with source 0.0.0.0") and commit 0fe5119e267f ("net:
+bridge: remove ipv6 zero address check in mcast queries")
+
+The reason is RFC 4541 is not a standard but suggestive. Currently we
+will elect 0.0.0.0 as Querier if there is no ip address configured on
+bridge. If we do not add the port which recives query with source
+0.0.0.0 to router list, the IGMP reports will not be about to forward
+to Querier, IGMP data will also not be able to forward to dest.
+
+As Nikolay suggested, revert this change first and add a boolopt api
+to disable none-zero election in future if needed.
+
+Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Reported-by: Sebastian Gottschall <s.gottschall@newmedia-net.de>
+Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
+Fixes: 0fe5119e267f ("net: bridge: remove ipv6 zero address check in mcast queries")
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_multicast.c | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1287,14 +1287,7 @@ static void br_multicast_query_received(
+ return;
+
+ br_multicast_update_query_timer(br, query, max_delay);
+-
+- /* Based on RFC4541, section 2.1.1 IGMP Forwarding Rules,
+- * the arrival port for IGMP Queries where the source address
+- * is 0.0.0.0 should not be added to router port list.
+- */
+- if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
+- saddr->proto == htons(ETH_P_IPV6))
+- br_multicast_mark_router(br, port);
++ br_multicast_mark_router(br, port);
+ }
+
+ static int br_ip4_multicast_query(struct net_bridge *br,
projects / thirdparty / kernel / stable-queue.git / commitdiff
