drop broken netfilter patch from 3.18 queue

diff --git a/queue-3.18/netfilter-use-fwmark_reflect-in-nf_send_reset.patch b/queue-3.18/netfilter-use-fwmark_reflect-in-nf_send_reset.patch
deleted file mode 100644 (file)
index 6b5487e..0000000
--- a/queue-3.18/netfilter-use-fwmark_reflect-in-nf_send_reset.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From cc31d43b4154ad5a7d8aa5543255a93b7e89edc2 Mon Sep 17 00:00:00 2001
-From: Pau Espin Pedrol <pau.espin@tessares.net>
-Date: Fri, 6 Jan 2017 20:33:27 +0100
-Subject: netfilter: use fwmark_reflect in nf_send_reset
-
-From: Pau Espin Pedrol <pau.espin@tessares.net>
-
-commit cc31d43b4154ad5a7d8aa5543255a93b7e89edc2 upstream.
-
-Otherwise, RST packets generated by ipt_REJECT always have mark 0 when
-the routing is checked later in the same code path.
-
-Fixes: e110861f8609 ("net: add a sysctl to reflect the fwmark on replies")
-Cc: Lorenzo Colitti <lorenzo@google.com>
-Signed-off-by: Pau Espin Pedrol <pau.espin@tessares.net>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Acked-by: Michal Kubecek <mkubecek@suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-
----
- net/ipv4/netfilter/nf_reject_ipv4.c |    2 ++
- net/ipv6/netfilter/nf_reject_ipv6.c |    3 +++
- 2 files changed, 5 insertions(+)
-
---- a/net/ipv4/netfilter/nf_reject_ipv4.c
-+++ b/net/ipv4/netfilter/nf_reject_ipv4.c
-@@ -122,6 +122,8 @@ void nf_send_reset(struct sk_buff *oldsk
-       /* ip_route_me_harder expects skb->dst to be set */
-       skb_dst_set_noref(nskb, skb_dst(oldskb));
- 
-+      nskb->mark = IP4_REPLY_MARK(net, oldskb->mark);
-+
-       skb_reserve(nskb, LL_MAX_HEADER);
-       niph = nf_reject_iphdr_put(nskb, oldskb, IPPROTO_TCP,
-                                  ip4_dst_hoplimit(skb_dst(nskb)));
---- a/net/ipv6/netfilter/nf_reject_ipv6.c
-+++ b/net/ipv6/netfilter/nf_reject_ipv6.c
-@@ -155,6 +155,7 @@ void nf_send_reset6(struct net *net, str
-       fl6.daddr = oip6h->saddr;
-       fl6.fl6_sport = otcph->dest;
-       fl6.fl6_dport = otcph->source;
-+      fl6.flowi6_mark = IP6_REPLY_MARK(net, oldskb->mark);
-       security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6));
-       dst = ip6_route_output(net, NULL, &fl6);
-       if (dst == NULL || dst->error) {
-@@ -178,6 +179,8 @@ void nf_send_reset6(struct net *net, str
- 
-       skb_dst_set(nskb, dst);
- 
-+      nskb->mark = fl6.flowi6_mark;
-+
-       skb_reserve(nskb, hh_len + dst->header_len);
-       ip6h = nf_reject_ip6hdr_put(nskb, oldskb, IPPROTO_TCP,
-                                   ip6_dst_hoplimit(dst));

diff --git a/queue-3.18/series b/queue-3.18/series
index 73fe74d771db47a681302ee392b94508b34c99eb..607f73f81242f0a6a2af697f48683ee970c8034f 100644 (file)
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -27,6 +27,5 @@ ipc-msg-make-msgrcv-work-with-long_min.patch
 netfilter-nf_ct_expect-remove-the-redundant-slash-when-policy-name-is-empty.patch
 netfilter-restart-search-if-moved-to-other-chain.patch
 netfilter-nf_conntrack_sip-extend-request-line-validation.patch
-netfilter-use-fwmark_reflect-in-nf_send_reset.patch
 netfilter-nfnetlink_cthelper-add-missing-permission-checks.patch
 netfilter-xt_osf-add-missing-permission-checks.patch