From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed, 11 Mar 2020 21:59:38 +0000 (+0100)
Subject: kernel: update to 4.14.173
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=70af65df4198c58f99a333748faa39b39ad1c3c4

kernel: update to 4.14.173

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/lfs/linux b/lfs/linux
index 9db2efb359..4d24752e3d 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,8 +24,8 @@
 
 include Config
 
-VER         = 4.14.171
-ARM_PATCHES = 4.14.171-ipfire0
+VER         = 4.14.173
+ARM_PATCHES = 4.14.173-ipfire0
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -34,7 +34,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
 CFLAGS     =
 CXXFLAGS   =
 
-PAK_VER    = 93
+PAK_VER    = 94
 DEPS	   = ""
 
 HEADERS_ARCH  = $(BUILD_PLATFORM)
@@ -82,8 +82,8 @@ objects =$(DL_FILE) \
 $(DL_FILE)					= $(URL_IPFIRE)/$(DL_FILE)
 arm-multi-patches-$(ARM_PATCHES).patch.xz	= $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
 
-$(DL_FILE)_MD5					= b9b2c64eb3ae7fa6023d2b8c981b5ac4
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5	= f1d5d1dcb1d60c6f8476938070a65112
+$(DL_FILE)_MD5					= 450adc5d8dc77bd2d89a4d7098f0abac
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5	= 3072dd813363b20361f80ecc748a1084
 
 install : $(TARGET)
 
@@ -143,9 +143,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Fix uevent PHYSDEVDRIVER
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch
 
-	# Fix for netfilter nf_conntrack: resolve clash for matching conntracks
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
-
 ifeq "$(KCFG)" "-kirkwood"
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.40-kirkwood-dtb.patch
 endif
diff --git a/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch b/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
deleted file mode 100644
index 914cd06754..0000000000
--- a/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-commit ed07d9a021df6da53456663a76999189badc432a
-Author: Martynas Pumputis <martynas@weave.works>
-Date:   Mon Jul 2 16:52:14 2018 +0200
-
-    netfilter: nf_conntrack: resolve clash for matching conntracks
-    
-    This patch enables the clash resolution for NAT (disabled in
-    "590b52e10d41") if clashing conntracks match (i.e. both tuples are equal)
-    and a protocol allows it.
-    
-    The clash might happen for a connections-less protocol (e.g. UDP) when
-    two threads in parallel writes to the same socket and consequent calls
-    to "get_unique_tuple" return the same tuples (incl. reply tuples).
-    
-    In this case it is safe to perform the resolution, as the losing CT
-    describes the same mangling as the winning CT, so no modifications to
-    the packet are needed, and the result of rules traversal for the loser's
-    packet stays valid.
-    
-    Signed-off-by: Martynas Pumputis <martynas@weave.works>
-    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
-diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 5123e91b1982..4ced7c7102b6 100644
---- a/net/netfilter/nf_conntrack_core.c
-+++ b/net/netfilter/nf_conntrack_core.c
-@@ -632,6 +632,18 @@ nf_ct_key_equal(struct nf_conntrack_tuple_hash *h,
- 	       net_eq(net, nf_ct_net(ct));
- }
- 
-+static inline bool
-+nf_ct_match(const struct nf_conn *ct1, const struct nf_conn *ct2)
-+{
-+	return nf_ct_tuple_equal(&ct1->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
-+				 &ct2->tuplehash[IP_CT_DIR_ORIGINAL].tuple) &&
-+	       nf_ct_tuple_equal(&ct1->tuplehash[IP_CT_DIR_REPLY].tuple,
-+				 &ct2->tuplehash[IP_CT_DIR_REPLY].tuple) &&
-+	       nf_ct_zone_equal(ct1, nf_ct_zone(ct2), IP_CT_DIR_ORIGINAL) &&
-+	       nf_ct_zone_equal(ct1, nf_ct_zone(ct2), IP_CT_DIR_REPLY) &&
-+	       net_eq(nf_ct_net(ct1), nf_ct_net(ct2));
-+}
-+
- /* caller must hold rcu readlock and none of the nf_conntrack_locks */
- static void nf_ct_gc_expired(struct nf_conn *ct)
- {
-@@ -825,19 +837,21 @@ static int nf_ct_resolve_clash(struct net *net, struct sk_buff *skb,
- 	/* This is the conntrack entry already in hashes that won race. */
- 	struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h);
- 	const struct nf_conntrack_l4proto *l4proto;
-+	enum ip_conntrack_info oldinfo;
-+	struct nf_conn *loser_ct = nf_ct_get(skb, &oldinfo);
- 
- 	l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
- 	if (l4proto->allow_clash &&
--	    ((ct->status & IPS_NAT_DONE_MASK) == 0) &&
- 	    !nf_ct_is_dying(ct) &&
- 	    atomic_inc_not_zero(&ct->ct_general.use)) {
--		enum ip_conntrack_info oldinfo;
--		struct nf_conn *loser_ct = nf_ct_get(skb, &oldinfo);
--
--		nf_ct_acct_merge(ct, ctinfo, loser_ct);
--		nf_conntrack_put(&loser_ct->ct_general);
--		nf_ct_set(skb, ct, oldinfo);
--		return NF_ACCEPT;
-+		if (((ct->status & IPS_NAT_DONE_MASK) == 0) ||
-+		    nf_ct_match(ct, loser_ct)) {
-+			nf_ct_acct_merge(ct, ctinfo, loser_ct);
-+			nf_conntrack_put(&loser_ct->ct_general);
-+			nf_ct_set(skb, ct, oldinfo);
-+			return NF_ACCEPT;
-+		}
-+		nf_ct_put(ct);
- 	}
- 	NF_CT_STAT_INC(net, drop);
- 	return NF_DROP;