From: Greg Kroah-Hartman Date: Sun, 27 May 2018 15:58:38 +0000 (+0200) Subject: drop 4.14.y netfilter patch X-Git-Tag: v3.18.111~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ff4501162458162ce1e286dd97848da124d3c7d;p=thirdparty%2Fkernel%2Fstable-queue.git drop 4.14.y netfilter patch --- diff --git a/queue-4.14/netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch b/queue-4.14/netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch deleted file mode 100644 index 790403069e3..00000000000 --- a/queue-4.14/netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch +++ /dev/null @@ -1,66 +0,0 @@ -From foo@baz Sun May 27 16:52:54 CEST 2018 -From: Florian Westphal -Date: Thu, 15 Feb 2018 00:23:05 +0100 -Subject: netfilter: don't set F_IFACE on ipv6 fib lookups - -From: Florian Westphal - -[ Upstream commit 47b7e7f82802dced3ac73658bf4b77584a63063f ] - -"fib" starts to behave strangely when an ipv6 default route is -added - the FIB lookup returns a route using 'oif' in this case. - -This behaviour was inherited from ip6tables rpfilter so change -this as well. - -Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1221 -Signed-off-by: Florian Westphal -Signed-off-by: Pablo Neira Ayuso -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - net/ipv6/netfilter/ip6t_rpfilter.c | 4 ---- - net/ipv6/netfilter/nft_fib_ipv6.c | 12 ++---------- - 2 files changed, 2 insertions(+), 14 deletions(-) - ---- a/net/ipv6/netfilter/ip6t_rpfilter.c -+++ b/net/ipv6/netfilter/ip6t_rpfilter.c -@@ -48,10 +48,6 @@ static bool rpfilter_lookup_reverse6(str - } - - fl6.flowi6_mark = flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0; -- if ((flags & XT_RPFILTER_LOOSE) == 0) { -- fl6.flowi6_oif = dev->ifindex; -- lookup_flags |= RT6_LOOKUP_F_IFACE; -- } - - rt = (void *) ip6_route_lookup(net, &fl6, lookup_flags); - if (rt->dst.error) ---- a/net/ipv6/netfilter/nft_fib_ipv6.c -+++ b/net/ipv6/netfilter/nft_fib_ipv6.c -@@ -182,7 +182,6 @@ void nft_fib6_eval(const struct nft_expr - } - - *dest = 0; -- again: - rt = (void *)ip6_route_lookup(nft_net(pkt), &fl6, lookup_flags); - if (rt->dst.error) - goto put_rt_err; -@@ -191,15 +190,8 @@ void nft_fib6_eval(const struct nft_expr - if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL)) - goto put_rt_err; - -- if (oif && oif != rt->rt6i_idev->dev) { -- /* multipath route? Try again with F_IFACE */ -- if ((lookup_flags & RT6_LOOKUP_F_IFACE) == 0) { -- lookup_flags |= RT6_LOOKUP_F_IFACE; -- fl6.flowi6_oif = oif->ifindex; -- ip6_rt_put(rt); -- goto again; -- } -- } -+ if (oif && oif != rt->rt6i_idev->dev) -+ goto put_rt_err; - - switch (priv->result) { - case NFT_FIB_RESULT_OIF: diff --git a/queue-4.14/series b/queue-4.14/series index d7fac82f211..9da462ae3cf 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -148,7 +148,6 @@ batman-adv-ignore-invalid-batadv_iv_gw-during-netlink-send.patch batman-adv-ignore-invalid-batadv_v_gw-during-netlink-send.patch batman-adv-fix-netlink-dumping-of-bla-claims.patch batman-adv-fix-netlink-dumping-of-bla-backbones.patch -netfilter-don-t-set-f_iface-on-ipv6-fib-lookups.patch nvme-pci-fix-nvme-queue-cleanup-if-irq-setup-fails.patch clocksource-drivers-fsl_ftm_timer-fix-error-return-checking.patch libceph-ceph-avoid-memory-leak-when-specifying-same-option-several-times.patch