kernel : Bump to 4.14.325

include/kernel-version.mk

@@ -6,10 +6,10 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-4.14 = .314
+LINUX_VERSION-4.14 = .325
 LIBRE_REV = 1
 
-LINUX_KERNEL_HASH-4.14.314 = 325524f4dd3dc7d899bec2330e04f643254a55f7c3d7a8666edf2ad45beff757
+LINUX_KERNEL_HASH-4.14.325 = 5cdc7b87a402f12c3769f056abf2a123259836168b578c84a89fed058fa9a6d0
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

target/linux/ath79/patches-4.14/0011-MIPS-ath79-select-the-PINCTRL-subsystem.patch

@@ -14,7 +14,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -192,6 +192,7 @@ config ATH79
+@@ -193,6 +193,7 @@ config ATH79
  	select CSRC_R4K
  	select DMA_NONCOHERENT
  	select GPIOLIB

target/linux/ath79/patches-4.14/0028-MIPS-ath79-drop-machfiles.patch

@@ -31,7 +31,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -197,7 +197,6 @@ config ATH79
+@@ -198,7 +198,6 @@ config ATH79
  	select COMMON_CLK
  	select CLKDEV_LOOKUP
  	select IRQ_MIPS_CPU

target/linux/ath79/patches-4.14/0032-MIPS-ath79-sanitize-symbols.patch

@@ -15,7 +15,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -203,6 +203,8 @@ config ATH79
+@@ -204,6 +204,8 @@ config ATH79
  	select SYS_SUPPORTS_BIG_ENDIAN
  	select SYS_SUPPORTS_MIPS16
  	select SYS_SUPPORTS_ZBOOT_UART_PROM

target/linux/ath79/patches-4.14/910-unaligned_access_hacks.patch

@@ -641,7 +641,7 @@
  		return false;
  
  	return true;
-@@ -605,13 +609,13 @@ static inline void ipv6_addr_set_v4mappe
+@@ -601,13 +605,13 @@ static inline void ipv6_addr_set_v4mappe
   */
  static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen)
  {
@@ -657,7 +657,7 @@
  		if (xb)
  			return i * 32 + 31 - __fls(ntohl(xb));
  	}
-@@ -780,17 +784,18 @@ static inline int ip6_default_np_autolab
+@@ -776,17 +780,18 @@ static inline int ip6_default_np_autolab
  static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
  				__be32 flowlabel)
  {
@@ -737,7 +737,7 @@
  EXPORT_SYMBOL(xfrm_parse_spi);
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -3896,14 +3896,16 @@ static bool tcp_parse_aligned_timestamp(
+@@ -3902,14 +3902,16 @@ static bool tcp_parse_aligned_timestamp(
  {
  	const __be32 *ptr = (const __be32 *)(th + 1);
  
@@ -785,7 +785,7 @@
  	ptr = ip6hoff + sizeof(struct ipv6hdr);
 --- a/include/net/neighbour.h
 +++ b/include/net/neighbour.h
-@@ -265,8 +265,10 @@ static inline bool neigh_key_eq128(const
+@@ -260,8 +260,10 @@ static inline bool neigh_key_eq128(const
  	const u32 *n32 = (const u32 *)n->primary_key;
  	const u32 *p32 = pkey;
  

target/linux/generic/backport-4.14/025-tcp-allow-drivers-to-tweak-TSQ-logic.patch

@@ -55,7 +55,7 @@ Cc: Kir Kolyshkin <kir@openvz.org>
  	rwlock_t		sk_callback_lock;
 --- a/net/core/sock.c
 +++ b/net/core/sock.c
-@@ -2788,6 +2788,7 @@ void sock_init_data(struct socket *sock,
+@@ -2799,6 +2799,7 @@ void sock_init_data(struct socket *sock,
  
  	sk->sk_max_pacing_rate = ~0U;
  	sk->sk_pacing_rate = ~0U;

target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch

@@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold <johan@kernel.org>
 
 --- a/drivers/usb/serial/option.c
 +++ b/drivers/usb/serial/option.c
-@@ -2164,7 +2164,8 @@ static const struct usb_device_id option
+@@ -2195,7 +2195,8 @@ static const struct usb_device_id option
  	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) },			/* D-Link DWM-156 (variant) */
  	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) },
  	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) },

target/linux/generic/backport-4.14/289-v4.16-netfilter-add-defines-for-arp-decnet-max-hooks.patch

@@ -22,9 +22,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/linux/netfilter_defs.h
 +++ b/include/linux/netfilter_defs.h
-@@ -7,4 +7,10 @@
- /* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */
- #define NF_MAX_HOOKS 8
+@@ -6,4 +6,10 @@
+ 
+ #define NF_MAX_HOOKS	NF_INET_NUMHOOKS
  
 +/* in/out/forward only */
 +#define NF_ARP_NUMHOOKS 3
@@ -45,23 +45,3 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +#endif
  
  #endif /* __LINUX_ARP_NETFILTER_H */
---- a/include/uapi/linux/netfilter_decnet.h
-+++ b/include/uapi/linux/netfilter_decnet.h
-@@ -24,6 +24,9 @@
- #define NFC_DN_IF_IN		0x0004
- /* Output device. */
- #define NFC_DN_IF_OUT		0x0008
-+
-+/* kernel define is in netfilter_defs.h */
-+#define NF_DN_NUMHOOKS		7
- #endif /* ! __KERNEL__ */
- 
- /* DECnet Hooks */
-@@ -41,7 +44,6 @@
- #define NF_DN_HELLO		5
- /* Input Routing Packets */
- #define NF_DN_ROUTE		6
--#define NF_DN_NUMHOOKS		7
- 
- enum nf_dn_hook_priorities {
- 	NF_DN_PRI_FIRST = INT_MIN,

target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch

@@ -135,7 +135,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			new->hooks[nhooks] = old->hooks[i];
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -1447,6 +1447,8 @@ static int nf_tables_addchain(struct nft
+@@ -1466,6 +1466,8 @@ static int nf_tables_addchain(struct nft
  				ops->hook = hookfn;
  			if (afi->hook_ops_init)
  				afi->hook_ops_init(ops, i);

target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch

@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -900,8 +900,6 @@ struct nft_stats {
+@@ -924,8 +924,6 @@ struct nft_stats {
  	struct u64_stats_sync	syncp;
  };
  
@@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  /**
   *	struct nft_base_chain - nf_tables base chain
   *
-@@ -913,7 +911,7 @@ struct nft_stats {
+@@ -937,7 +935,7 @@ struct nft_stats {
   *	@dev_name: device name that this base chain is attached to (if any)
   */
  struct nft_base_chain {
@@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nf_chain_type	*type;
  	u8				policy;
  	u8				flags;
-@@ -974,8 +972,6 @@ enum nft_af_flags {
+@@ -1021,8 +1019,6 @@ enum nft_af_flags {
   *	@owner: module owner
   *	@tables: used internally
   *	@flags: family flags
@@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	@hooks: hookfn overrides for packet validation
   */
  struct nft_af_info {
-@@ -985,9 +981,6 @@ struct nft_af_info {
+@@ -1032,9 +1028,6 @@ struct nft_af_info {
  	struct module			*owner;
  	struct list_head		tables;
  	u32				flags;
@@ -90,8 +90,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		[NF_INET_LOCAL_OUT]	= nft_ipv6_output,
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -140,29 +140,26 @@ static void nft_trans_destroy(struct nft
- 	kfree(trans);
+@@ -173,29 +173,26 @@ static void nft_set_trans_unbind(const s
+ 	return __nft_set_trans_bind(ctx, set, false);
  }
  
 -static int nf_tables_register_hooks(struct net *net,
@@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
-@@ -640,8 +637,7 @@ static void _nf_tables_table_disable(str
+@@ -662,8 +659,7 @@ static void _nf_tables_table_disable(str
  		if (cnt && i++ == cnt)
  			break;
  
@@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  }
  
-@@ -658,8 +654,7 @@ static int nf_tables_table_enable(struct
+@@ -680,8 +676,7 @@ static int nf_tables_table_enable(struct
  		if (!nft_is_base_chain(chain))
  			continue;
  
@@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (err < 0)
  			goto err;
  
-@@ -1071,7 +1066,7 @@ static int nf_tables_fill_chain_info(str
+@@ -1093,7 +1088,7 @@ static int nf_tables_fill_chain_info(str
  
  	if (nft_is_base_chain(chain)) {
  		const struct nft_base_chain *basechain = nft_base_chain(chain);
@@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		struct nlattr *nest;
  
  		nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
-@@ -1299,8 +1294,8 @@ static void nf_tables_chain_destroy(stru
+@@ -1321,8 +1316,8 @@ static void nf_tables_chain_destroy(stru
  		free_percpu(basechain->stats);
  		if (basechain->stats)
  			static_branch_dec(&nft_counters_enabled);
@@ -168,15 +168,15 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		kfree(chain->name);
  		kfree(basechain);
  	} else {
-@@ -1396,7 +1391,6 @@ static int nf_tables_addchain(struct nft
+@@ -1418,7 +1413,6 @@ static int nf_tables_addchain(struct nft
  	struct nft_stats __percpu *stats;
  	struct net *net = ctx->net;
  	struct nft_chain *chain;
 -	unsigned int i;
  	int err;
  
- 	if (table->use == UINT_MAX)
-@@ -1435,21 +1429,18 @@ static int nf_tables_addchain(struct nft
+ 	if (nla[NFTA_CHAIN_HOOK]) {
+@@ -1454,21 +1448,18 @@ static int nf_tables_addchain(struct nft
  		basechain->type = hook.type;
  		chain = &basechain->chain;
  
@@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  		chain->flags |= NFT_BASE_CHAIN;
  		basechain->policy = policy;
-@@ -1467,7 +1458,7 @@ static int nf_tables_addchain(struct nft
+@@ -1486,7 +1477,7 @@ static int nf_tables_addchain(struct nft
  		goto err1;
  	}
  
@@ -219,16 +219,16 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (err < 0)
  		goto err1;
  
-@@ -1481,7 +1472,7 @@ static int nf_tables_addchain(struct nft
- 
- 	return 0;
+@@ -1506,7 +1497,7 @@ static int nf_tables_addchain(struct nft
  err2:
+ 	nft_use_dec_restore(&table->use);
+ err_use:
 -	nf_tables_unregister_hooks(net, table, chain, afi->nops);
 +	nf_tables_unregister_hook(net, table, chain);
  err1:
  	nf_tables_chain_destroy(chain);
  
-@@ -1494,13 +1485,12 @@ static int nf_tables_updchain(struct nft
+@@ -1519,13 +1510,12 @@ static int nf_tables_updchain(struct nft
  	const struct nlattr * const *nla = ctx->nla;
  	struct nft_table *table = ctx->table;
  	struct nft_chain *chain = ctx->chain;
@@ -243,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (nla[NFTA_CHAIN_HOOK]) {
  		if (!nft_is_base_chain(chain))
-@@ -1517,14 +1507,12 @@ static int nf_tables_updchain(struct nft
+@@ -1542,14 +1532,12 @@ static int nf_tables_updchain(struct nft
  			return -EBUSY;
  		}
  
@@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  		nft_chain_release_hook(&hook);
  	}
-@@ -5168,10 +5156,9 @@ static int nf_tables_commit(struct net *
+@@ -5309,10 +5297,9 @@ static int nf_tables_commit(struct net *
  		case NFT_MSG_DELCHAIN:
  			list_del_rcu(&trans->ctx.chain->list);
  			nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
@@ -278,9 +278,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			break;
  		case NFT_MSG_NEWRULE:
  			nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5308,10 +5295,9 @@ static int nf_tables_abort(struct net *n
+@@ -5453,10 +5440,9 @@ static int nf_tables_abort(struct net *n
  			} else {
- 				trans->ctx.table->use--;
+ 				nft_use_dec_restore(&trans->ctx.table->use);
  				list_del_rcu(&trans->ctx.chain->list);
 -				nf_tables_unregister_hooks(trans->ctx.net,
 -							   trans->ctx.table,
@@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			}
  			break;
  		case NFT_MSG_DELCHAIN:
-@@ -5414,7 +5400,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5569,7 +5555,7 @@ int nft_chain_validate_hooks(const struc
  	if (nft_is_base_chain(chain)) {
  		basechain = nft_base_chain(chain);
  
@@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			return 0;
  
  		return -EOPNOTSUPP;
-@@ -5896,8 +5882,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6092,8 +6078,7 @@ int __nft_release_basechain(struct nft_c
  
  	BUG_ON(!nft_is_base_chain(ctx->chain));
  
@@ -310,8 +310,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +	nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain);
  	list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
  		list_del(&rule->list);
- 		ctx->chain->use--;
-@@ -5926,8 +5911,7 @@ static void __nft_release_afinfo(struct
+ 		nft_use_dec(&ctx->chain->use);
+@@ -6122,8 +6107,7 @@ static void __nft_release_afinfo(struct
  
  	list_for_each_entry_safe(table, nt, &afi->tables, list) {
  		list_for_each_entry(chain, &table->chains, list)

target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch

@@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -878,7 +878,7 @@ enum nft_chain_type {
+@@ -902,7 +902,7 @@ enum nft_chain_type {
   * 	@family: address family
   * 	@owner: module owner
   * 	@hook_mask: mask of valid hooks
@@ -19,7 +19,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   */
  struct nf_chain_type {
  	const char			*name;
-@@ -972,7 +972,6 @@ enum nft_af_flags {
+@@ -1019,7 +1019,6 @@ enum nft_af_flags {
   *	@owner: module owner
   *	@tables: used internally
   *	@flags: family flags
@@ -27,7 +27,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   */
  struct nft_af_info {
  	struct list_head		list;
-@@ -981,7 +980,6 @@ struct nft_af_info {
+@@ -1028,7 +1027,6 @@ struct nft_af_info {
  	struct module			*owner;
  	struct list_head		tables;
  	u32				flags;
@@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int __init nf_tables_ipv6_init(void)
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -1399,7 +1399,6 @@ static int nf_tables_addchain(struct nft
+@@ -1418,7 +1418,6 @@ static int nf_tables_addchain(struct nft
  	if (nla[NFTA_CHAIN_HOOK]) {
  		struct nft_chain_hook hook;
  		struct nf_hook_ops *ops;
@@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  		err = nft_chain_parse_hook(net, nla, afi, &hook, create);
  		if (err < 0)
-@@ -1425,7 +1424,6 @@ static int nf_tables_addchain(struct nft
+@@ -1444,7 +1443,6 @@ static int nf_tables_addchain(struct nft
  			static_branch_inc(&nft_counters_enabled);
  		}
  
@@ -167,7 +167,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		basechain->type = hook.type;
  		chain = &basechain->chain;
  
-@@ -1434,10 +1432,8 @@ static int nf_tables_addchain(struct nft
+@@ -1453,10 +1451,8 @@ static int nf_tables_addchain(struct nft
  		ops->hooknum	= hook.num;
  		ops->priority	= hook.priority;
  		ops->priv	= chain;

target/linux/generic/backport-4.14/314-v4.16-netfilter-meta-secpath-support.patch

@@ -52,7 +52,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	default:
  		return -EOPNOTSUPP;
  	}
-@@ -320,6 +330,38 @@ int nft_meta_get_init(const struct nft_c
+@@ -319,6 +329,38 @@ int nft_meta_get_init(const struct nft_c
  }
  EXPORT_SYMBOL_GPL(nft_meta_get_init);
  
@@ -91,7 +91,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int nft_meta_set_validate(const struct nft_ctx *ctx,
  			  const struct nft_expr *expr,
  			  const struct nft_data **data)
-@@ -436,6 +478,7 @@ static const struct nft_expr_ops nft_met
+@@ -434,6 +476,7 @@ static const struct nft_expr_ops nft_met
  	.eval		= nft_meta_get_eval,
  	.init		= nft_meta_get_init,
  	.dump		= nft_meta_get_dump,

target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch

@@ -113,7 +113,7 @@ Acked-by: Florian Westphal <fw@strlen.de>
  #ifdef CONFIG_NF_CONNTRACK_ZONES
  static void nft_ct_tmpl_put_pcpu(void)
  {
-@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct
+@@ -488,7 +455,7 @@ static int nft_ct_get_init(const struct
  	if (err < 0)
  		return err;
  
@@ -122,7 +122,7 @@ Acked-by: Florian Westphal <fw@strlen.de>
  	if (err < 0)
  		return err;
  
-@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct
+@@ -581,7 +548,7 @@ static int nft_ct_set_init(const struct
  	if (err < 0)
  		goto err1;
  
@@ -131,7 +131,7 @@ Acked-by: Florian Westphal <fw@strlen.de>
  	if (err < 0)
  		goto err1;
  
-@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str
+@@ -604,7 +571,7 @@ static void nft_ct_set_destroy(const str
  	struct nft_ct *priv = nft_expr_priv(expr);
  
  	__nft_ct_set_destroy(ctx, priv);

target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch

@@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  #include <net/netlink.h>
  
  #define NFT_JUMP_STACK_SIZE	16
-@@ -941,6 +942,7 @@ unsigned int nft_do_chain(struct nft_pkt
+@@ -988,6 +989,7 @@ static inline void nft_use_inc_restore(u
   *	@chains: chains in the table
   *	@sets: sets in the table
   *	@objects: stateful objects in the table
@@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	@hgenerator: handle generator state
   *	@use: number of chain references to this table
   *	@flags: table flag (see enum nft_table_flags)
-@@ -952,6 +954,7 @@ struct nft_table {
+@@ -999,6 +1001,7 @@ struct nft_table {
  	struct list_head		chains;
  	struct list_head		sets;
  	struct list_head		objects;
@@ -66,7 +66,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	u64				hgenerator;
  	u32				use;
  	u16				flags:14,
-@@ -1083,6 +1086,44 @@ int nft_register_obj(struct nft_object_t
+@@ -1130,6 +1133,44 @@ int nft_register_obj(struct nft_object_t
  void nft_unregister_obj(struct nft_object_type *obj_type);
  
  /**
@@ -111,7 +111,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	struct nft_traceinfo - nft tracing information and state
   *
   *	@pkt: pktinfo currently processed
-@@ -1318,4 +1359,11 @@ struct nft_trans_obj {
+@@ -1371,4 +1412,11 @@ struct nft_trans_obj {
  #define nft_trans_obj(trans)	\
  	(((struct nft_trans_obj *)trans->data)->obj)
  
@@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  /**
   *	nft_register_afinfo - register nf_tables address family info
-@@ -390,6 +392,40 @@ static int nft_delobj(struct nft_ctx *ct
+@@ -412,6 +414,40 @@ static int nft_delobj(struct nft_ctx *ct
  	return err;
  }
  
@@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  /*
   * Tables
   */
-@@ -773,6 +809,7 @@ static int nf_tables_newtable(struct net
+@@ -795,6 +831,7 @@ static int nf_tables_newtable(struct net
  	INIT_LIST_HEAD(&table->chains);
  	INIT_LIST_HEAD(&table->sets);
  	INIT_LIST_HEAD(&table->objects);
@@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	table->flags = flags;
  
  	nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
-@@ -794,10 +831,11 @@ err1:
+@@ -816,10 +853,11 @@ err1:
  
  static int nft_flush_table(struct nft_ctx *ctx)
  {
@@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	list_for_each_entry(chain, &ctx->table->chains, list) {
  		if (!nft_is_active_next(ctx->net, chain))
-@@ -823,6 +861,12 @@ static int nft_flush_table(struct nft_ct
+@@ -845,6 +883,12 @@ static int nft_flush_table(struct nft_ct
  			goto out;
  	}
  
@@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
  		err = nft_delobj(ctx, obj);
  		if (err < 0)
-@@ -4868,6 +4912,605 @@ static void nf_tables_obj_notify(const s
+@@ -5009,6 +5053,605 @@ static void nf_tables_obj_notify(const s
  		       ctx->afi->family, ctx->report, GFP_KERNEL);
  }
  
@@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
  				   u32 portid, u32 seq)
  {
-@@ -4898,6 +5541,49 @@ nla_put_failure:
+@@ -5039,6 +5682,49 @@ nla_put_failure:
  	return -EMSGSIZE;
  }
  
@@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
  				 int event)
  {
-@@ -5050,6 +5736,21 @@ static const struct nfnl_callback nf_tab
+@@ -5191,6 +5877,21 @@ static const struct nfnl_callback nf_tab
  		.attr_count	= NFTA_OBJ_MAX,
  		.policy		= nft_obj_policy,
  	},
@@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static void nft_chain_commit_update(struct nft_trans *trans)
-@@ -5098,6 +5799,9 @@ static void nf_tables_commit_release(str
+@@ -5239,6 +5940,9 @@ static void nf_tables_commit_release(str
  	case NFT_MSG_DELOBJ:
  		nft_obj_destroy(nft_trans_obj(trans));
  		break;
@@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	kfree(trans);
  }
-@@ -5217,6 +5921,21 @@ static int nf_tables_commit(struct net *
+@@ -5361,6 +6065,21 @@ static int nf_tables_commit(struct net *
  			nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
  					     NFT_MSG_DELOBJ);
  			break;
@@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  
-@@ -5254,6 +5973,9 @@ static void nf_tables_abort_release(stru
+@@ -5399,6 +6118,9 @@ static void nf_tables_abort_release(stru
  	case NFT_MSG_NEWOBJ:
  		nft_obj_destroy(nft_trans_obj(trans));
  		break;
@@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	kfree(trans);
  }
-@@ -5345,6 +6067,17 @@ static int nf_tables_abort(struct net *n
+@@ -5500,6 +6222,17 @@ static int nf_tables_abort(struct net *n
  			nft_clear(trans->ctx.net, nft_trans_obj(trans));
  			nft_trans_destroy(trans);
  			break;
@@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  
-@@ -5895,6 +6628,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
+@@ -6091,6 +6824,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
  /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
  static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
  {
@@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table, *nt;
  	struct nft_chain *chain, *nc;
  	struct nft_object *obj, *ne;
-@@ -5908,6 +6642,9 @@ static void __nft_release_afinfo(struct
+@@ -6104,6 +6838,9 @@ static void __nft_release_afinfo(struct
  	list_for_each_entry_safe(table, nt, &afi->tables, list) {
  		list_for_each_entry(chain, &table->chains, list)
  			nf_tables_unregister_hook(net, table, chain);
@@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		/* No packets are walking on these chains anymore. */
  		ctx.table = table;
  		list_for_each_entry(chain, &table->chains, list) {
-@@ -5918,6 +6655,11 @@ static void __nft_release_afinfo(struct
+@@ -6114,6 +6851,11 @@ static void __nft_release_afinfo(struct
  				nf_tables_rule_release(&ctx, rule);
  			}
  		}
@@ -1059,17 +1059,17 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +		}
  		list_for_each_entry_safe(set, ns, &table->sets, list) {
  			list_del(&set->list);
- 			table->use--;
-@@ -5961,6 +6703,8 @@ static int __init nf_tables_module_init(
+ 			nft_use_dec(&table->use);
+@@ -6162,6 +6904,8 @@ static int __init nf_tables_module_init(
  	if (err < 0)
- 		goto err3;
+ 		goto err4;
  
 +	register_netdevice_notifier(&nf_tables_flowtable_notifier);
 +
  	pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
- 	return register_pernet_subsys(&nf_tables_net_ops);
- err3:
-@@ -5975,6 +6719,7 @@ static void __exit nf_tables_module_exit
+ 	return err;
+ err4:
+@@ -6178,6 +6922,7 @@ static void __exit nf_tables_module_exit
  {
  	unregister_pernet_subsys(&nf_tables_net_ops);
  	nfnetlink_subsys_unregister(&nf_tables_subsys);

target/linux/generic/backport-4.14/324-v4.16-netfilter-flow-table-support-for-IPv6.patch

@@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/ipv6.h
 +++ b/include/net/ipv6.h
-@@ -860,6 +860,8 @@ static inline struct sk_buff *ip6_finish
+@@ -856,6 +856,8 @@ static inline struct sk_buff *ip6_finish
  			      &inet6_sk(sk)->cork);
  }
  

target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch

@@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -971,7 +971,6 @@ enum nft_af_flags {
+@@ -1018,7 +1018,6 @@ enum nft_af_flags {
   *
   *	@list: used internally
   *	@family: address family
@@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	@owner: module owner
   *	@tables: used internally
   *	@flags: family flags
-@@ -979,7 +978,6 @@ enum nft_af_flags {
+@@ -1026,7 +1025,6 @@ enum nft_af_flags {
  struct nft_af_info {
  	struct list_head		list;
  	int				family;
@@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -1375,9 +1375,6 @@ static int nft_chain_parse_hook(struct n
+@@ -1397,9 +1397,6 @@ static int nft_chain_parse_hook(struct n
  		return -EINVAL;
  
  	hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
@@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
  
  	type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
-@@ -5020,7 +5017,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -5161,7 +5158,7 @@ static int nf_tables_flowtable_parse_hoo
  		return -EINVAL;
  
  	hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));

target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch

@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5444,7 +5444,7 @@ static int nf_tables_getflowtable(struct
+@@ -5585,7 +5585,7 @@ static int nf_tables_getflowtable(struct
  
  	flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
  					       genmask);

target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch

@@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -962,10 +962,6 @@ struct nft_table {
+@@ -1009,10 +1009,6 @@ struct nft_table {
  	char				*name;
  };
  
@@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  /**
   *	struct nft_af_info - nf_tables address family info
   *
-@@ -973,14 +969,12 @@ enum nft_af_flags {
+@@ -1020,14 +1016,12 @@ enum nft_af_flags {
   *	@family: address family
   *	@owner: module owner
   *	@tables: used internally
@@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int nft_register_afinfo(struct net *, struct nft_af_info *);
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -1392,7 +1392,7 @@ static int nft_chain_parse_hook(struct n
+@@ -1414,7 +1414,7 @@ static int nft_chain_parse_hook(struct n
  	hook->type = type;
  
  	hook->dev = NULL;

target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch

@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -656,10 +656,7 @@ err:
+@@ -678,10 +678,7 @@ err:
  	return err;
  }
  
@@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nft_chain *chain;
  	u32 i = 0;
-@@ -677,9 +674,7 @@ static void _nf_tables_table_disable(str
+@@ -699,9 +696,7 @@ static void _nf_tables_table_disable(str
  	}
  }
  
@@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nft_chain *chain;
  	int err, i = 0;
-@@ -699,15 +694,13 @@ static int nf_tables_table_enable(struct
+@@ -721,15 +716,13 @@ static int nf_tables_table_enable(struct
  	return 0;
  err:
  	if (i)
@@ -53,7 +53,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  static int nf_tables_updtable(struct nft_ctx *ctx)
-@@ -736,7 +729,7 @@ static int nf_tables_updtable(struct nft
+@@ -758,7 +751,7 @@ static int nf_tables_updtable(struct nft
  		nft_trans_table_enable(trans) = false;
  	} else if (!(flags & NFT_TABLE_F_DORMANT) &&
  		   ctx->table->flags & NFT_TABLE_F_DORMANT) {
@@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (ret >= 0) {
  			ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
  			nft_trans_table_enable(trans) = true;
-@@ -5825,7 +5818,6 @@ static int nf_tables_commit(struct net *
+@@ -5966,7 +5959,6 @@ static int nf_tables_commit(struct net *
  			if (nft_trans_table_update(trans)) {
  				if (!nft_trans_table_enable(trans)) {
  					nf_tables_table_disable(net,
@@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  								trans->ctx.table);
  					trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
  				}
-@@ -5989,7 +5981,6 @@ static int nf_tables_abort(struct net *n
+@@ -6134,7 +6126,6 @@ static int nf_tables_abort(struct net *n
  			if (nft_trans_table_update(trans)) {
  				if (nft_trans_table_enable(trans)) {
  					nf_tables_table_disable(net,

target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch

@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -468,7 +468,7 @@ static inline u64 nf_tables_alloc_handle
+@@ -490,7 +490,7 @@ static inline u64 nf_tables_alloc_handle
  static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
  
  static const struct nf_chain_type *
@@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	int i;
  
-@@ -481,22 +481,20 @@ __nf_tables_chain_type_lookup(int family
+@@ -503,22 +503,20 @@ __nf_tables_chain_type_lookup(int family
  }
  
  static const struct nf_chain_type *
@@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (type != NULL)
  			return ERR_PTR(-EAGAIN);
  	}
-@@ -1372,8 +1370,8 @@ static int nft_chain_parse_hook(struct n
+@@ -1394,8 +1392,8 @@ static int nft_chain_parse_hook(struct n
  
  	type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
  	if (nla[NFTA_CHAIN_TYPE]) {

target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch

@@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5363,8 +5363,10 @@ static int nf_tables_dump_flowtable_done
+@@ -5504,8 +5504,10 @@ static int nf_tables_dump_flowtable_done
  	if (!filter)
  		return 0;
  

target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

@@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	bool				report;
  };
  
-@@ -947,6 +947,7 @@ unsigned int nft_do_chain(struct nft_pkt
+@@ -994,6 +994,7 @@ static inline void nft_use_inc_restore(u
   *	@use: number of chain references to this table
   *	@flags: table flag (see enum nft_table_flags)
   *	@genmask: generation mask
@@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	@name: name of the table
   */
  struct nft_table {
-@@ -959,6 +960,7 @@ struct nft_table {
+@@ -1006,6 +1007,7 @@ struct nft_table {
  	u32				use;
  	u16				flags:14,
  					genmask:2;
@@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	char				*name;
  };
  
-@@ -968,13 +970,11 @@ struct nft_table {
+@@ -1015,13 +1017,11 @@ struct nft_table {
   *	@list: used internally
   *	@family: address family
   *	@owner: module owner
@@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	ctx->table	= table;
  	ctx->chain	= chain;
  	ctx->nla   	= nla;
-@@ -430,30 +429,31 @@ static int nft_delflowtable(struct nft_c
+@@ -452,30 +451,31 @@ static int nft_delflowtable(struct nft_c
   * Tables
   */
  
@@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (table != NULL)
  		return table;
  
-@@ -552,7 +552,7 @@ static void nf_tables_table_notify(const
+@@ -574,7 +574,7 @@ static void nf_tables_table_notify(const
  		goto err;
  
  	err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
@@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (err < 0) {
  		kfree_skb(skb);
  		goto err;
-@@ -569,7 +569,6 @@ static int nf_tables_dump_tables(struct
+@@ -591,7 +591,6 @@ static int nf_tables_dump_tables(struct
  				 struct netlink_callback *cb)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	unsigned int idx = 0, s_idx = cb->args[0];
  	struct net *net = sock_net(skb->sk);
-@@ -578,30 +577,27 @@ static int nf_tables_dump_tables(struct
+@@ -600,30 +599,27 @@ static int nf_tables_dump_tables(struct
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  done:
  	rcu_read_unlock();
-@@ -633,7 +629,8 @@ static int nf_tables_gettable(struct net
+@@ -655,7 +651,8 @@ static int nf_tables_gettable(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -764,7 +761,7 @@ static int nf_tables_newtable(struct net
+@@ -786,7 +783,7 @@ static int nf_tables_newtable(struct net
  		return PTR_ERR(afi);
  
  	name = nla[NFTA_TABLE_NAME];
@@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table)) {
  		if (PTR_ERR(table) != -ENOENT)
  			return PTR_ERR(table);
-@@ -774,7 +771,7 @@ static int nf_tables_newtable(struct net
+@@ -796,7 +793,7 @@ static int nf_tables_newtable(struct net
  		if (nlh->nlmsg_flags & NLM_F_REPLACE)
  			return -EOPNOTSUPP;
  
@@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		return nf_tables_updtable(&ctx);
  	}
  
-@@ -801,14 +798,15 @@ static int nf_tables_newtable(struct net
+@@ -823,14 +820,15 @@ static int nf_tables_newtable(struct net
  	INIT_LIST_HEAD(&table->sets);
  	INIT_LIST_HEAD(&table->objects);
  	INIT_LIST_HEAD(&table->flowtables);
@@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  err4:
  	kfree(table->name);
-@@ -882,30 +880,28 @@ out:
+@@ -904,30 +902,28 @@ out:
  
  static int nft_flush(struct nft_ctx *ctx, int family)
  {
@@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  out:
  	return err;
-@@ -923,7 +919,7 @@ static int nf_tables_deltable(struct net
+@@ -945,7 +941,7 @@ static int nf_tables_deltable(struct net
  	int family = nfmsg->nfgen_family;
  	struct nft_ctx ctx;
  
@@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
  		return nft_flush(&ctx, family);
  
-@@ -931,7 +927,8 @@ static int nf_tables_deltable(struct net
+@@ -953,7 +949,8 @@ static int nf_tables_deltable(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -939,7 +936,7 @@ static int nf_tables_deltable(struct net
+@@ -961,7 +958,7 @@ static int nf_tables_deltable(struct net
  	    table->use > 0)
  		return -EBUSY;
  
@@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	ctx.table = table;
  
  	return nft_flush_table(&ctx);
-@@ -951,7 +948,7 @@ static void nf_tables_table_destroy(stru
+@@ -973,7 +970,7 @@ static void nf_tables_table_destroy(stru
  
  	kfree(ctx->table->name);
  	kfree(ctx->table);
@@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  int nft_register_chain_type(const struct nf_chain_type *ctype)
-@@ -1152,7 +1149,7 @@ static void nf_tables_chain_notify(const
+@@ -1174,7 +1171,7 @@ static void nf_tables_chain_notify(const
  		goto err;
  
  	err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
@@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  					ctx->chain);
  	if (err < 0) {
  		kfree_skb(skb);
-@@ -1170,7 +1167,6 @@ static int nf_tables_dump_chains(struct
+@@ -1192,7 +1189,6 @@ static int nf_tables_dump_chains(struct
  				 struct netlink_callback *cb)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	const struct nft_chain *chain;
  	unsigned int idx = 0, s_idx = cb->args[0];
-@@ -1180,31 +1176,30 @@ static int nf_tables_dump_chains(struct
+@@ -1202,31 +1198,30 @@ static int nf_tables_dump_chains(struct
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  done:
-@@ -1238,7 +1233,8 @@ static int nf_tables_getchain(struct net
+@@ -1260,7 +1255,8 @@ static int nf_tables_getchain(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -1348,8 +1344,8 @@ struct nft_chain_hook {
+@@ -1370,8 +1366,8 @@ struct nft_chain_hook {
  
  static int nft_chain_parse_hook(struct net *net,
  				const struct nlattr * const nla[],
@@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nlattr *ha[NFTA_HOOK_MAX + 1];
  	const struct nf_chain_type *type;
-@@ -1368,10 +1364,10 @@ static int nft_chain_parse_hook(struct n
+@@ -1390,10 +1386,10 @@ static int nft_chain_parse_hook(struct n
  	hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
  	hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
  
@@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (IS_ERR(type))
  			return PTR_ERR(type);
  	}
-@@ -1383,7 +1379,7 @@ static int nft_chain_parse_hook(struct n
+@@ -1405,7 +1401,7 @@ static int nft_chain_parse_hook(struct n
  	hook->type = type;
  
  	hook->dev = NULL;
@@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		char ifname[IFNAMSIZ];
  
  		if (!ha[NFTA_HOOK_DEV]) {
-@@ -1418,7 +1414,6 @@ static int nf_tables_addchain(struct nft
+@@ -1440,7 +1436,6 @@ static int nf_tables_addchain(struct nft
  {
  	const struct nlattr * const *nla = ctx->nla;
  	struct nft_table *table = ctx->table;
@@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_base_chain *basechain;
  	struct nft_stats __percpu *stats;
  	struct net *net = ctx->net;
-@@ -1432,7 +1427,7 @@ static int nf_tables_addchain(struct nft
+@@ -1451,7 +1446,7 @@ static int nf_tables_addchain(struct nft
  		struct nft_chain_hook hook;
  		struct nf_hook_ops *ops;
  
@@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (err < 0)
  			return err;
  
-@@ -1524,7 +1519,7 @@ static int nf_tables_updchain(struct nft
+@@ -1549,7 +1544,7 @@ static int nf_tables_updchain(struct nft
  		if (!nft_is_base_chain(chain))
  			return -EBUSY;
  
@@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  					   create);
  		if (err < 0)
  			return err;
-@@ -1634,7 +1629,8 @@ static int nf_tables_newchain(struct net
+@@ -1659,7 +1654,8 @@ static int nf_tables_newchain(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -1674,7 +1670,7 @@ static int nf_tables_newchain(struct net
+@@ -1699,7 +1695,7 @@ static int nf_tables_newchain(struct net
  		}
  	}
  
@@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (chain != NULL) {
  		if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -1708,7 +1704,8 @@ static int nf_tables_delchain(struct net
+@@ -1733,7 +1729,8 @@ static int nf_tables_delchain(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -1720,7 +1717,7 @@ static int nf_tables_delchain(struct net
+@@ -1745,7 +1742,7 @@ static int nf_tables_delchain(struct net
  	    chain->use > 0)
  		return -EBUSY;
  
@@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	use = chain->use;
  	list_for_each_entry(rule, &chain->rules, list) {
-@@ -1888,7 +1885,7 @@ static int nf_tables_expr_parse(const st
+@@ -1910,7 +1907,7 @@ static int nf_tables_expr_parse(const st
  	if (err < 0)
  		return err;
  
@@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(type))
  		return PTR_ERR(type);
  
-@@ -2120,7 +2117,7 @@ static void nf_tables_rule_notify(const
+@@ -2138,7 +2135,7 @@ static void nf_tables_rule_notify(const
  		goto err;
  
  	err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
@@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       ctx->chain, rule);
  	if (err < 0) {
  		kfree_skb(skb);
-@@ -2144,7 +2141,6 @@ static int nf_tables_dump_rules(struct s
+@@ -2162,7 +2159,6 @@ static int nf_tables_dump_rules(struct s
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
  	const struct nft_rule_dump_ctx *ctx = cb->data;
@@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	const struct nft_chain *chain;
  	const struct nft_rule *rule;
-@@ -2155,39 +2151,37 @@ static int nf_tables_dump_rules(struct s
+@@ -2173,39 +2169,37 @@ static int nf_tables_dump_rules(struct s
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			}
  		}
  	}
-@@ -2265,7 +2259,8 @@ static int nf_tables_getrule(struct net
+@@ -2283,7 +2277,8 @@ static int nf_tables_getrule(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -2350,7 +2345,8 @@ static int nf_tables_newrule(struct net
+@@ -2368,7 +2363,8 @@ static int nf_tables_newrule(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -2389,7 +2385,7 @@ static int nf_tables_newrule(struct net
+@@ -2404,7 +2400,7 @@ static int nf_tables_newrule(struct net
  			return PTR_ERR(old_rule);
  	}
  
@@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	n = 0;
  	size = 0;
-@@ -2522,7 +2518,8 @@ static int nf_tables_delrule(struct net
+@@ -2547,7 +2543,8 @@ static int nf_tables_delrule(struct net
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -2533,7 +2530,7 @@ static int nf_tables_delrule(struct net
+@@ -2558,7 +2555,7 @@ static int nf_tables_delrule(struct net
  			return PTR_ERR(chain);
  	}
  
@@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (chain) {
  		if (nla[NFTA_RULE_HANDLE]) {
-@@ -2731,13 +2728,13 @@ static int nft_ctx_init_from_setattr(str
+@@ -2756,13 +2753,13 @@ static int nft_ctx_init_from_setattr(str
  		if (afi == NULL)
  			return -EAFNOSUPPORT;
  
@@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -2865,7 +2862,7 @@ static int nf_tables_fill_set(struct sk_
+@@ -2892,7 +2889,7 @@ static int nf_tables_fill_set(struct sk_
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version		= NFNETLINK_V0;
  	nfmsg->res_id		= htons(ctx->net->nft.base_seq & 0xffff);
  
-@@ -2958,10 +2955,8 @@ static int nf_tables_dump_sets(struct sk
+@@ -2985,10 +2982,8 @@ static int nf_tables_dump_sets(struct sk
  {
  	const struct nft_set *set;
  	unsigned int idx, s_idx = cb->args[0];
@@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_ctx *ctx = cb->data, ctx_set;
  
  	if (cb->args[1])
-@@ -2970,51 +2965,44 @@ static int nf_tables_dump_sets(struct sk
+@@ -2997,51 +2992,44 @@ static int nf_tables_dump_sets(struct sk
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	cb->args[1] = 1;
  done:
-@@ -3227,11 +3215,12 @@ static int nf_tables_newset(struct net *
+@@ -3254,11 +3242,12 @@ static int nf_tables_newset(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
  	if (IS_ERR(set)) {
-@@ -3500,12 +3489,12 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3592,12 +3581,12 @@ static int nft_ctx_init_from_elemattr(st
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -3610,7 +3599,6 @@ static int nf_tables_dump_set(struct sk_
+@@ -3702,7 +3691,6 @@ static int nf_tables_dump_set(struct sk_
  {
  	struct nft_set_dump_ctx *dump_ctx = cb->data;
  	struct net *net = sock_net(skb->sk);
@@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_set *set;
  	struct nft_set_dump_args args;
-@@ -3622,21 +3610,19 @@ static int nf_tables_dump_set(struct sk_
+@@ -3714,21 +3702,19 @@ static int nf_tables_dump_set(struct sk_
  	int event;
  
  	rcu_read_lock();
@@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  		break;
  	}
-@@ -3656,7 +3642,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3748,7 +3734,7 @@ static int nf_tables_dump_set(struct sk_
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version      = NFNETLINK_V0;
  	nfmsg->res_id	    = htons(net->nft.base_seq & 0xffff);
  
-@@ -3758,7 +3744,7 @@ static int nf_tables_fill_setelem_info(s
+@@ -3868,7 +3854,7 @@ static int nf_tables_fill_setelem_info(s
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version		= NFNETLINK_V0;
  	nfmsg->res_id		= htons(ctx->net->nft.base_seq & 0xffff);
  
-@@ -4008,7 +3994,7 @@ static int nft_add_set_elem(struct nft_c
+@@ -4144,7 +4130,7 @@ static int nft_add_set_elem(struct nft_c
  		list_for_each_entry(binding, &set->bindings, list) {
  			struct nft_ctx bind_ctx = {
  				.net	= ctx->net,
@@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				.table	= ctx->table,
  				.chain	= (struct nft_chain *)binding->chain,
  			};
-@@ -4560,7 +4546,8 @@ static int nf_tables_newobj(struct net *
+@@ -4693,7 +4679,8 @@ static int nf_tables_newobj(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -878,16 +878,16 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -4578,7 +4565,7 @@ static int nf_tables_newobj(struct net *
+@@ -4711,7 +4698,7 @@ static int nf_tables_newobj(struct net *
  		return 0;
  	}
  
 -	nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
 +	nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
  
- 	type = nft_obj_type_get(objtype);
- 	if (IS_ERR(type))
-@@ -4655,7 +4642,6 @@ struct nft_obj_filter {
+ 	if (!nft_use_inc(&table->use))
+ 		return -EMFILE;
+@@ -4796,7 +4783,6 @@ struct nft_obj_filter {
  static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	unsigned int idx = 0, s_idx = cb->args[0];
  	struct nft_obj_filter *filter = cb->data;
-@@ -4670,38 +4656,37 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4811,38 +4797,37 @@ static int nf_tables_dump_obj(struct sk_
  	rcu_read_lock();
  	cb->seq = net->nft.base_seq;
  
@@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  done:
-@@ -4788,7 +4773,8 @@ static int nf_tables_getobj(struct net *
+@@ -4929,7 +4914,8 @@ static int nf_tables_getobj(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -4848,7 +4834,8 @@ static int nf_tables_delobj(struct net *
+@@ -4989,7 +4975,8 @@ static int nf_tables_delobj(struct net *
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -4859,7 +4846,7 @@ static int nf_tables_delobj(struct net *
+@@ -5000,7 +4987,7 @@ static int nf_tables_delobj(struct net *
  	if (obj->use > 0)
  		return -EBUSY;
  
@@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delobj(&ctx, obj);
  }
-@@ -4897,7 +4884,7 @@ static void nf_tables_obj_notify(const s
+@@ -5038,7 +5025,7 @@ static void nf_tables_obj_notify(const s
  				 struct nft_object *obj, int event)
  {
  	nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
@@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  /*
-@@ -5087,7 +5074,7 @@ void nft_flow_table_iterate(struct net *
+@@ -5228,7 +5215,7 @@ void nft_flow_table_iterate(struct net *
  
  	rcu_read_lock();
  	list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
@@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
  				iter(&flowtable->data, data);
  			}
-@@ -5135,7 +5122,8 @@ static int nf_tables_newflowtable(struct
+@@ -5276,7 +5263,8 @@ static int nf_tables_newflowtable(struct
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5152,7 +5140,7 @@ static int nf_tables_newflowtable(struct
+@@ -5293,7 +5281,7 @@ static int nf_tables_newflowtable(struct
  		return 0;
  	}
  
@@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
  	if (!flowtable)
-@@ -5233,7 +5221,8 @@ static int nf_tables_delflowtable(struct
+@@ -5374,7 +5362,8 @@ static int nf_tables_delflowtable(struct
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5244,7 +5233,7 @@ static int nf_tables_delflowtable(struct
+@@ -5385,7 +5374,7 @@ static int nf_tables_delflowtable(struct
  	if (flowtable->use > 0)
  		return -EBUSY;
  
@@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delflowtable(&ctx, flowtable);
  }
-@@ -5313,40 +5302,37 @@ static int nf_tables_dump_flowtable(stru
+@@ -5454,40 +5443,37 @@ static int nf_tables_dump_flowtable(stru
  	struct net *net = sock_net(skb->sk);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  done:
-@@ -5431,7 +5417,8 @@ static int nf_tables_getflowtable(struct
+@@ -5572,7 +5558,8 @@ static int nf_tables_getflowtable(struct
  	if (IS_ERR(afi))
  		return PTR_ERR(afi);
  
@@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5474,7 +5461,7 @@ static void nf_tables_flowtable_notify(s
+@@ -5615,7 +5602,7 @@ static void nf_tables_flowtable_notify(s
  
  	err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
  					    ctx->seq, event, 0,
@@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (err < 0) {
  		kfree_skb(skb);
  		goto err;
-@@ -5552,17 +5539,14 @@ static int nf_tables_flowtable_event(str
+@@ -5693,17 +5680,14 @@ static int nf_tables_flowtable_event(str
  	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
  	struct nft_flowtable *flowtable;
  	struct nft_table *table;
@@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
-@@ -6588,6 +6572,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
+@@ -6784,6 +6768,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
  static int __net_init nf_tables_init_net(struct net *net)
  {
  	INIT_LIST_HEAD(&net->nft.af_info);
@@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	INIT_LIST_HEAD(&net->nft.commit_list);
  	net->nft.base_seq = 1;
  	return 0;
-@@ -6624,10 +6609,10 @@ static void __nft_release_afinfo(struct
+@@ -6820,10 +6805,10 @@ static void __nft_release_afinfo(struct
  	struct nft_set *set, *ns;
  	struct nft_ctx ctx = {
  		.net	= net,
@@ -1293,7 +1293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		case NFPROTO_IPV4:
  			len = FIELD_SIZEOF(struct nf_conntrack_tuple,
  					   src.u3.ip);
-@@ -456,7 +456,7 @@ static int nft_ct_get_init(const struct
+@@ -455,7 +455,7 @@ static int nft_ct_get_init(const struct
  	if (err < 0)
  		return err;
  
@@ -1302,7 +1302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (err < 0)
  		return err;
  
-@@ -550,7 +550,7 @@ static int nft_ct_set_init(const struct
+@@ -548,7 +548,7 @@ static int nft_ct_set_init(const struct
  	if (err < 0)
  		goto err1;
  
@@ -1311,7 +1311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (err < 0)
  		goto err1;
  
-@@ -564,7 +564,7 @@ err1:
+@@ -562,7 +562,7 @@ err1:
  static void nft_ct_get_destroy(const struct nft_ctx *ctx,
  			       const struct nft_expr *expr)
  {
@@ -1320,7 +1320,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  static void nft_ct_set_destroy(const struct nft_ctx *ctx,
-@@ -573,7 +573,7 @@ static void nft_ct_set_destroy(const str
+@@ -571,7 +571,7 @@ static void nft_ct_set_destroy(const str
  	struct nft_ct *priv = nft_expr_priv(expr);
  
  	__nft_ct_set_destroy(ctx, priv);
@@ -1329,7 +1329,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)
-@@ -734,7 +734,7 @@ static int nft_ct_helper_obj_init(const
+@@ -732,7 +732,7 @@ static int nft_ct_helper_obj_init(const
  	struct nft_ct_helper_obj *priv = nft_obj_data(obj);
  	struct nf_conntrack_helper *help4, *help6;
  	char name[NF_CT_HELPER_NAME_LEN];
@@ -1338,7 +1338,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (!tb[NFTA_CT_HELPER_NAME] || !tb[NFTA_CT_HELPER_L4PROTO])
  		return -EINVAL;
-@@ -753,14 +753,14 @@ static int nft_ct_helper_obj_init(const
+@@ -751,14 +751,14 @@ static int nft_ct_helper_obj_init(const
  
  	switch (family) {
  	case NFPROTO_IPV4:
@@ -1397,7 +1397,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr)
 --- a/net/netfilter/nft_masq.c
 +++ b/net/netfilter/nft_masq.c
-@@ -73,7 +73,7 @@ int nft_masq_init(const struct nft_ctx *
+@@ -69,7 +69,7 @@ int nft_masq_init(const struct nft_ctx *
  		}
  	}
  
@@ -1408,7 +1408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
 --- a/net/netfilter/nft_meta.c
 +++ b/net/netfilter/nft_meta.c
-@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s
+@@ -340,7 +340,7 @@ static int nft_meta_get_validate(const s
  	if (priv->key != NFT_META_SECPATH)
  		return 0;
  
@@ -1417,7 +1417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	case NFPROTO_NETDEV:
  		hooks = 1 << NF_NETDEV_INGRESS;
  		break;
-@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n
+@@ -371,7 +371,7 @@ int nft_meta_set_validate(const struct n
  	if (priv->key != NFT_META_PKTTYPE)
  		return 0;
  
@@ -1439,7 +1439,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	switch (family) {
 --- a/net/netfilter/nft_redir.c
 +++ b/net/netfilter/nft_redir.c
-@@ -75,7 +75,7 @@ int nft_redir_init(const struct nft_ctx
+@@ -71,7 +71,7 @@ int nft_redir_init(const struct nft_ctx
  			return -EINVAL;
  	}
  

target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch

@@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static struct pernet_operations clusterip_net_ops = {
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -6578,6 +6578,12 @@ static int __net_init nf_tables_init_net
+@@ -6774,6 +6774,12 @@ static int __net_init nf_tables_init_net
  	return 0;
  }
  
@@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int __nft_release_basechain(struct nft_ctx *ctx)
  {
  	struct nft_rule *rule, *nr;
-@@ -6655,6 +6661,7 @@ static void __nft_release_afinfo(struct
+@@ -6851,6 +6857,7 @@ static void __nft_release_afinfo(struct
  
  static struct pernet_operations nf_tables_net_ops = {
  	.init	= nf_tables_init_net,

target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch

@@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -977,8 +977,8 @@ struct nft_af_info {
+@@ -1024,8 +1024,8 @@ struct nft_af_info {
  	struct module			*owner;
  };
  
@@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		if (afi->family == family)
  			return afi;
  	}
-@@ -5069,15 +5067,12 @@ void nft_flow_table_iterate(struct net *
+@@ -5210,15 +5208,12 @@ void nft_flow_table_iterate(struct net *
  			    void *data)
  {
  	struct nft_flowtable *flowtable;
@@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		}
  	}
  	rcu_read_unlock();
-@@ -6569,21 +6564,6 @@ int nft_data_dump(struct sk_buff *skb, i
+@@ -6765,21 +6760,6 @@ int nft_data_dump(struct sk_buff *skb, i
  }
  EXPORT_SYMBOL_GPL(nft_data_dump);
  
@@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int __nft_release_basechain(struct nft_ctx *ctx)
  {
  	struct nft_rule *rule, *nr;
-@@ -6604,8 +6584,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6800,8 +6780,7 @@ int __nft_release_basechain(struct nft_c
  }
  EXPORT_SYMBOL_GPL(__nft_release_basechain);
  
@@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nft_flowtable *flowtable, *nf;
  	struct nft_table *table, *nt;
-@@ -6615,10 +6594,11 @@ static void __nft_release_afinfo(struct
+@@ -6811,10 +6790,11 @@ static void __nft_release_afinfo(struct
  	struct nft_set *set, *ns;
  	struct nft_ctx ctx = {
  		.net	= net,
@@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		list_for_each_entry(chain, &table->chains, list)
  			nf_tables_unregister_hook(net, table, chain);
  		list_for_each_entry(flowtable, &table->flowtables, list)
-@@ -6659,6 +6639,21 @@ static void __nft_release_afinfo(struct
+@@ -6855,6 +6835,21 @@ static void __nft_release_afinfo(struct
  	}
  }
  

target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch

@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -958,28 +958,12 @@ struct nft_table {
+@@ -1005,28 +1005,12 @@ struct nft_table {
  	struct list_head		flowtables;
  	u64				hgenerator;
  	u32				use;
@@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  int nft_register_chain_type(const struct nf_chain_type *);
  void nft_unregister_chain_type(const struct nf_chain_type *);
  
-@@ -1147,9 +1131,6 @@ void nft_trace_notify(struct nft_tracein
+@@ -1194,9 +1178,6 @@ void nft_trace_notify(struct nft_tracein
  #define nft_dereference(p)					\
  	nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
  
@@ -323,7 +323,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  static void nft_ctx_init(struct nft_ctx *ctx,
  			 struct net *net,
-@@ -435,7 +370,7 @@ static struct nft_table *nft_table_looku
+@@ -457,7 +392,7 @@ static struct nft_table *nft_table_looku
  
  	list_for_each_entry(table, &net->nft.tables, list) {
  		if (!nla_strcmp(nla, table->name) &&
@@ -332,7 +332,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		    nft_active_genmask(table, genmask))
  			return table;
  	}
-@@ -576,7 +511,7 @@ static int nf_tables_dump_tables(struct
+@@ -598,7 +533,7 @@ static int nf_tables_dump_tables(struct
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -341,7 +341,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		if (idx < s_idx)
-@@ -590,7 +525,7 @@ static int nf_tables_dump_tables(struct
+@@ -612,7 +547,7 @@ static int nf_tables_dump_tables(struct
  					      NETLINK_CB(cb->skb).portid,
  					      cb->nlh->nlmsg_seq,
  					      NFT_MSG_NEWTABLE, NLM_F_MULTI,
@@ -350,7 +350,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			goto done;
  
  		nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -610,7 +545,6 @@ static int nf_tables_gettable(struct net
+@@ -632,7 +567,6 @@ static int nf_tables_gettable(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_cur(net);
@@ -358,7 +358,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	struct sk_buff *skb2;
  	int family = nfmsg->nfgen_family;
-@@ -623,11 +557,7 @@ static int nf_tables_gettable(struct net
+@@ -645,11 +579,7 @@ static int nf_tables_gettable(struct net
  		return netlink_dump_start(nlsk, skb, nlh, &c);
  	}
  
@@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -747,19 +677,14 @@ static int nf_tables_newtable(struct net
+@@ -769,19 +699,14 @@ static int nf_tables_newtable(struct net
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
  	const struct nlattr *name;
@@ -392,7 +392,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table)) {
  		if (PTR_ERR(table) != -ENOENT)
  			return PTR_ERR(table);
-@@ -769,7 +694,7 @@ static int nf_tables_newtable(struct net
+@@ -791,7 +716,7 @@ static int nf_tables_newtable(struct net
  		if (nlh->nlmsg_flags & NLM_F_REPLACE)
  			return -EOPNOTSUPP;
  
@@ -401,7 +401,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		return nf_tables_updtable(&ctx);
  	}
  
-@@ -779,40 +704,34 @@ static int nf_tables_newtable(struct net
+@@ -801,40 +726,34 @@ static int nf_tables_newtable(struct net
  			return -EINVAL;
  	}
  
@@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return err;
  }
  
-@@ -883,10 +802,10 @@ static int nft_flush(struct nft_ctx *ctx
+@@ -905,10 +824,10 @@ static int nft_flush(struct nft_ctx *ctx
  	int err = 0;
  
  	list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
@@ -463,7 +463,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  		if (!nft_is_active_next(ctx->net, table))
  			continue;
-@@ -912,7 +831,6 @@ static int nf_tables_deltable(struct net
+@@ -934,7 +853,6 @@ static int nf_tables_deltable(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -471,7 +471,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	int family = nfmsg->nfgen_family;
  	struct nft_ctx ctx;
-@@ -921,11 +839,7 @@ static int nf_tables_deltable(struct net
+@@ -943,11 +861,7 @@ static int nf_tables_deltable(struct net
  	if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
  		return nft_flush(&ctx, family);
  
@@ -484,7 +484,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -934,7 +848,7 @@ static int nf_tables_deltable(struct net
+@@ -956,7 +870,7 @@ static int nf_tables_deltable(struct net
  	    table->use > 0)
  		return -EBUSY;
  
@@ -493,7 +493,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	ctx.table = table;
  
  	return nft_flush_table(&ctx);
-@@ -946,7 +860,6 @@ static void nf_tables_table_destroy(stru
+@@ -968,7 +882,6 @@ static void nf_tables_table_destroy(stru
  
  	kfree(ctx->table->name);
  	kfree(ctx->table);
@@ -501,7 +501,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  int nft_register_chain_type(const struct nf_chain_type *ctype)
-@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct
+@@ -1197,7 +1110,7 @@ static int nf_tables_dump_chains(struct
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -510,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		list_for_each_entry_rcu(chain, &table->chains, list) {
-@@ -1191,7 +1104,7 @@ static int nf_tables_dump_chains(struct
+@@ -1213,7 +1126,7 @@ static int nf_tables_dump_chains(struct
  						      cb->nlh->nlmsg_seq,
  						      NFT_MSG_NEWCHAIN,
  						      NLM_F_MULTI,
@@ -519,7 +519,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  						      chain) < 0)
  				goto done;
  
-@@ -1213,7 +1126,6 @@ static int nf_tables_getchain(struct net
+@@ -1235,7 +1148,6 @@ static int nf_tables_getchain(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_cur(net);
@@ -527,7 +527,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	const struct nft_chain *chain;
  	struct sk_buff *skb2;
-@@ -1227,11 +1139,7 @@ static int nf_tables_getchain(struct net
+@@ -1249,11 +1161,7 @@ static int nf_tables_getchain(struct net
  		return netlink_dump_start(nlsk, skb, nlh, &c);
  	}
  
@@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -1613,7 +1521,6 @@ static int nf_tables_newchain(struct net
+@@ -1638,7 +1546,6 @@ static int nf_tables_newchain(struct net
  	const struct nlattr * uninitialized_var(name);
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
@@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_chain *chain;
  	u8 policy = NF_ACCEPT;
-@@ -1623,11 +1530,7 @@ static int nf_tables_newchain(struct net
+@@ -1648,11 +1555,7 @@ static int nf_tables_newchain(struct net
  
  	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
  
@@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -1668,7 +1571,7 @@ static int nf_tables_newchain(struct net
+@@ -1693,7 +1596,7 @@ static int nf_tables_newchain(struct net
  		}
  	}
  
@@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (chain != NULL) {
  		if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -1689,7 +1592,6 @@ static int nf_tables_delchain(struct net
+@@ -1714,7 +1617,6 @@ static int nf_tables_delchain(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_chain *chain;
  	struct nft_rule *rule;
-@@ -1698,11 +1600,7 @@ static int nf_tables_delchain(struct net
+@@ -1723,11 +1625,7 @@ static int nf_tables_delchain(struct net
  	u32 use;
  	int err;
  
@@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -1715,7 +1613,7 @@ static int nf_tables_delchain(struct net
+@@ -1740,7 +1638,7 @@ static int nf_tables_delchain(struct net
  	    chain->use > 0)
  		return -EBUSY;
  
@@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	use = chain->use;
  	list_for_each_entry(rule, &chain->rules, list) {
-@@ -2150,7 +2048,7 @@ static int nf_tables_dump_rules(struct s
+@@ -2168,7 +2066,7 @@ static int nf_tables_dump_rules(struct s
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
-@@ -2173,7 +2071,7 @@ static int nf_tables_dump_rules(struct s
+@@ -2191,7 +2089,7 @@ static int nf_tables_dump_rules(struct s
  							      cb->nlh->nlmsg_seq,
  							      NFT_MSG_NEWRULE,
  							      NLM_F_MULTI | NLM_F_APPEND,
@@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  							      table, chain, rule) < 0)
  					goto done;
  
-@@ -2209,7 +2107,6 @@ static int nf_tables_getrule(struct net
+@@ -2227,7 +2125,6 @@ static int nf_tables_getrule(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_cur(net);
@@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	const struct nft_chain *chain;
  	const struct nft_rule *rule;
-@@ -2253,11 +2150,7 @@ static int nf_tables_getrule(struct net
+@@ -2271,11 +2168,7 @@ static int nf_tables_getrule(struct net
  		return netlink_dump_start(nlsk, skb, nlh, &c);
  	}
  
@@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -2323,7 +2216,7 @@ static int nf_tables_newrule(struct net
+@@ -2341,7 +2234,7 @@ static int nf_tables_newrule(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_chain *chain;
  	struct nft_rule *rule, *old_rule = NULL;
-@@ -2339,11 +2232,7 @@ static int nf_tables_newrule(struct net
+@@ -2357,11 +2250,7 @@ static int nf_tables_newrule(struct net
  
  	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
  
@@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -2383,7 +2272,7 @@ static int nf_tables_newrule(struct net
+@@ -2398,7 +2287,7 @@ static int nf_tables_newrule(struct net
  			return PTR_ERR(old_rule);
  	}
  
@@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	n = 0;
  	size = 0;
-@@ -2505,18 +2394,13 @@ static int nf_tables_delrule(struct net
+@@ -2530,18 +2419,13 @@ static int nf_tables_delrule(struct net
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -2528,7 +2412,7 @@ static int nf_tables_delrule(struct net
+@@ -2553,7 +2437,7 @@ static int nf_tables_delrule(struct net
  			return PTR_ERR(chain);
  	}
  
@@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	if (chain) {
  		if (nla[NFTA_RULE_HANDLE]) {
-@@ -2713,26 +2597,17 @@ static int nft_ctx_init_from_setattr(str
+@@ -2738,26 +2622,17 @@ static int nft_ctx_init_from_setattr(str
  				     u8 genmask)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -2965,7 +2840,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2992,7 +2867,7 @@ static int nf_tables_dump_sets(struct sk
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
  		if (ctx->family != NFPROTO_UNSPEC &&
@@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		if (ctx->table && ctx->table != table)
-@@ -2986,7 +2861,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -3013,7 +2888,7 @@ static int nf_tables_dump_sets(struct sk
  
  			ctx_set = *ctx;
  			ctx_set.table = table;
@@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  			if (nf_tables_fill_set(skb, &ctx_set, set,
  					       NFT_MSG_NEWSET,
-@@ -3098,8 +2973,8 @@ static int nf_tables_newset(struct net *
+@@ -3125,8 +3000,8 @@ static int nf_tables_newset(struct net *
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
@@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_set *set;
  	struct nft_ctx ctx;
-@@ -3209,16 +3084,12 @@ static int nf_tables_newset(struct net *
+@@ -3236,16 +3111,12 @@ static int nf_tables_newset(struct net *
  
  	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
  
@@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
  	if (IS_ERR(set)) {
-@@ -3480,19 +3351,15 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3572,19 +3443,15 @@ static int nft_ctx_init_from_elemattr(st
  				      u8 genmask)
  {
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	return 0;
  }
  
-@@ -3610,7 +3477,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3702,7 +3569,7 @@ static int nf_tables_dump_set(struct sk_
  	rcu_read_lock();
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
  		if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
@@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		if (table != dump_ctx->ctx.table)
-@@ -3640,7 +3507,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3732,7 +3599,7 @@ static int nf_tables_dump_set(struct sk_
  		goto nla_put_failure;
  
  	nfmsg = nlmsg_data(nlh);
@@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	nfmsg->version      = NFNETLINK_V0;
  	nfmsg->res_id	    = htons(net->nft.base_seq & 0xffff);
  
-@@ -4528,7 +4395,6 @@ static int nf_tables_newobj(struct net *
+@@ -4661,7 +4528,6 @@ static int nf_tables_newobj(struct net *
  	const struct nft_object_type *type;
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
@@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_object *obj;
  	struct nft_ctx ctx;
-@@ -4540,11 +4406,7 @@ static int nf_tables_newobj(struct net *
+@@ -4673,11 +4539,7 @@ static int nf_tables_newobj(struct net *
  	    !nla[NFTA_OBJ_DATA])
  		return -EINVAL;
  
@@ -838,16 +838,16 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -4563,7 +4425,7 @@ static int nf_tables_newobj(struct net *
+@@ -4696,7 +4558,7 @@ static int nf_tables_newobj(struct net *
  		return 0;
  	}
  
 -	nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
 +	nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
  
- 	type = nft_obj_type_get(objtype);
- 	if (IS_ERR(type))
-@@ -4655,7 +4517,7 @@ static int nf_tables_dump_obj(struct sk_
+ 	if (!nft_use_inc(&table->use))
+ 		return -EMFILE;
+@@ -4796,7 +4658,7 @@ static int nf_tables_dump_obj(struct sk_
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		list_for_each_entry_rcu(obj, &table->objects, list) {
-@@ -4678,7 +4540,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4819,7 +4681,7 @@ static int nf_tables_dump_obj(struct sk_
  						    cb->nlh->nlmsg_seq,
  						    NFT_MSG_NEWOBJ,
  						    NLM_F_MULTI | NLM_F_APPEND,
@@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  						    obj, reset) < 0)
  				goto done;
  
-@@ -4736,7 +4598,6 @@ static int nf_tables_getobj(struct net *
+@@ -4877,7 +4739,6 @@ static int nf_tables_getobj(struct net *
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_cur(net);
  	int family = nfmsg->nfgen_family;
@@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	struct nft_object *obj;
  	struct sk_buff *skb2;
-@@ -4767,11 +4628,7 @@ static int nf_tables_getobj(struct net *
+@@ -4908,11 +4769,7 @@ static int nf_tables_getobj(struct net *
  	    !nla[NFTA_OBJ_TYPE])
  		return -EINVAL;
  
@@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -4818,7 +4675,6 @@ static int nf_tables_delobj(struct net *
+@@ -4959,7 +4816,6 @@ static int nf_tables_delobj(struct net *
  	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
@@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_object *obj;
  	struct nft_ctx ctx;
-@@ -4828,11 +4684,7 @@ static int nf_tables_delobj(struct net *
+@@ -4969,11 +4825,7 @@ static int nf_tables_delobj(struct net *
  	    !nla[NFTA_OBJ_NAME])
  		return -EINVAL;
  
@@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				       genmask);
  	if (IS_ERR(table))
  		return PTR_ERR(table);
-@@ -4844,7 +4696,7 @@ static int nf_tables_delobj(struct net *
+@@ -4985,7 +4837,7 @@ static int nf_tables_delobj(struct net *
  	if (obj->use > 0)
  		return -EBUSY;
  
@@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delobj(&ctx, obj);
  }
-@@ -5029,33 +4881,31 @@ err1:
+@@ -5170,33 +5022,31 @@ err1:
  	return err;
  }
  
@@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			return ERR_PTR(-EAGAIN);
  	}
  #endif
-@@ -5103,7 +4953,6 @@ static int nf_tables_newflowtable(struct
+@@ -5244,7 +5094,6 @@ static int nf_tables_newflowtable(struct
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	struct nft_table *table;
  	struct nft_ctx ctx;
  	int err, i, k;
-@@ -5113,12 +4962,8 @@ static int nf_tables_newflowtable(struct
+@@ -5254,12 +5103,8 @@ static int nf_tables_newflowtable(struct
  	    !nla[NFTA_FLOWTABLE_HOOK])
  		return -EINVAL;
  
@@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5135,7 +4980,7 @@ static int nf_tables_newflowtable(struct
+@@ -5276,7 +5121,7 @@ static int nf_tables_newflowtable(struct
  		return 0;
  	}
  
@@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
  	if (!flowtable)
-@@ -5148,7 +4993,7 @@ static int nf_tables_newflowtable(struct
+@@ -5289,7 +5134,7 @@ static int nf_tables_newflowtable(struct
  		goto err1;
  	}
  
@@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(type)) {
  		err = PTR_ERR(type);
  		goto err2;
-@@ -5208,16 +5053,11 @@ static int nf_tables_delflowtable(struct
+@@ -5349,16 +5194,11 @@ static int nf_tables_delflowtable(struct
  	u8 genmask = nft_genmask_next(net);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -5228,7 +5068,7 @@ static int nf_tables_delflowtable(struct
+@@ -5369,7 +5209,7 @@ static int nf_tables_delflowtable(struct
  	if (flowtable->use > 0)
  		return -EBUSY;
  
@@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	return nft_delflowtable(&ctx, flowtable);
  }
-@@ -5303,7 +5143,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5444,7 +5284,7 @@ static int nf_tables_dump_flowtable(stru
  	cb->seq = net->nft.base_seq;
  
  	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			continue;
  
  		list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
-@@ -5322,7 +5162,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5463,7 +5303,7 @@ static int nf_tables_dump_flowtable(stru
  							  cb->nlh->nlmsg_seq,
  							  NFT_MSG_NEWFLOWTABLE,
  							  NLM_F_MULTI | NLM_F_APPEND,
@@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  				goto done;
  
  			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -5382,7 +5222,6 @@ static int nf_tables_getflowtable(struct
+@@ -5523,7 +5363,6 @@ static int nf_tables_getflowtable(struct
  	u8 genmask = nft_genmask_cur(net);
  	int family = nfmsg->nfgen_family;
  	struct nft_flowtable *flowtable;
@@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	const struct nft_table *table;
  	struct sk_buff *skb2;
  	int err;
-@@ -5408,12 +5247,8 @@ static int nf_tables_getflowtable(struct
+@@ -5549,12 +5388,8 @@ static int nf_tables_getflowtable(struct
  	if (!nla[NFTA_FLOWTABLE_NAME])
  		return -EINVAL;
  
@@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -6584,7 +6419,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6780,7 +6615,7 @@ int __nft_release_basechain(struct nft_c
  }
  EXPORT_SYMBOL_GPL(__nft_release_basechain);
  
@@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  {
  	struct nft_flowtable *flowtable, *nf;
  	struct nft_table *table, *nt;
-@@ -6597,7 +6432,7 @@ static void __nft_release_afinfo(struct
+@@ -6793,7 +6628,7 @@ static void __nft_release_afinfo(struct
  	};
  
  	list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
@@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  		list_for_each_entry(chain, &table->chains, list)
  			nf_tables_unregister_hook(net, table, chain);
-@@ -6649,7 +6484,7 @@ static int __net_init nf_tables_init_net
+@@ -6845,7 +6680,7 @@ static int __net_init nf_tables_init_net
  
  static void __net_exit nf_tables_exit_net(struct net *net)
  {

target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch

@@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4919,13 +4919,13 @@ void nft_flow_table_iterate(struct net *
+@@ -5060,13 +5060,13 @@ void nft_flow_table_iterate(struct net *
  	struct nft_flowtable *flowtable;
  	const struct nft_table *table;
  

target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch

@@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5304,17 +5304,12 @@ err:
+@@ -5445,17 +5445,12 @@ err:
  	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
  }
  

target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch

@@ -12,23 +12,23 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -372,6 +372,7 @@ void nft_unregister_set(struct nft_set_t
-  *	@list: table set list node
+@@ -376,6 +376,7 @@ void nft_unregister_set(struct nft_set_t
   *	@bindings: list of set bindings
+  *	@table: table this set belongs to
   * 	@name: name of the set
 + *	@handle: unique handle of the set
   * 	@ktype: key type (numeric type defined by userspace, not used in the kernel)
   * 	@dtype: data type (verdict or numeric type defined by userspace)
   * 	@objtype: object type (see NFT_OBJECT_* definitions)
-@@ -394,6 +395,7 @@ struct nft_set {
- 	struct list_head		list;
+@@ -400,6 +401,7 @@ struct nft_set {
  	struct list_head		bindings;
+ 	struct nft_table		*table;
  	char				*name;
 +	u64				handle;
  	u32				ktype;
  	u32				dtype;
  	u32				objtype;
-@@ -944,6 +946,7 @@ unsigned int nft_do_chain(struct nft_pkt
+@@ -991,6 +993,7 @@ static inline void nft_use_inc_restore(u
   *	@objects: stateful objects in the table
   *	@flowtables: flow tables in the table
   *	@hgenerator: handle generator state
@@ -36,7 +36,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	@use: number of chain references to this table
   *	@flags: table flag (see enum nft_table_flags)
   *	@genmask: generation mask
-@@ -957,6 +960,7 @@ struct nft_table {
+@@ -1004,6 +1007,7 @@ struct nft_table {
  	struct list_head		objects;
  	struct list_head		flowtables;
  	u64				hgenerator;
@@ -44,7 +44,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	u32				use;
  	u16				family:6,
  					flags:8,
-@@ -981,9 +985,9 @@ int nft_verdict_dump(struct sk_buff *skb
+@@ -1028,14 +1032,15 @@ int nft_verdict_dump(struct sk_buff *skb
   *	@name: name of this stateful object
   *	@genmask: generation mask
   *	@use: number of references to this stateful object
@@ -56,15 +56,13 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   */
  struct nft_object {
  	struct list_head		list;
-@@ -991,6 +995,7 @@ struct nft_object {
+ 	char				*name;
  	struct nft_table		*table;
- 	u32				genmask:2,
- 					use:30;
 +	u64				handle;
+ 	u32				genmask:2;
+ 	u32				use;
  	/* runtime data below here */
- 	const struct nft_object_ops	*ops ____cacheline_aligned;
- 	unsigned char			data[]
-@@ -1072,6 +1077,7 @@ void nft_unregister_obj(struct nft_objec
+@@ -1119,6 +1124,7 @@ void nft_unregister_obj(struct nft_objec
   *	@ops_len: number of hooks in array
   *	@genmask: generation mask
   *	@use: number of references to this flow table
@@ -72,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   *	@data: rhashtable and garbage collector
   * 	@ops: array of hooks
   */
-@@ -1084,6 +1090,7 @@ struct nft_flowtable {
+@@ -1131,6 +1137,7 @@ struct nft_flowtable {
  	int				ops_len;
  	u32				genmask:2,
  					use:30;
@@ -151,7 +149,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  static void nft_ctx_init(struct nft_ctx *ctx,
  			 struct net *net,
-@@ -377,6 +378,20 @@ static struct nft_table *nft_table_looku
+@@ -399,6 +400,20 @@ static struct nft_table *nft_table_looku
  	return NULL;
  }
  
@@ -172,7 +170,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static struct nft_table *nf_tables_table_lookup(const struct net *net,
  						const struct nlattr *nla,
  						u8 family, u8 genmask)
-@@ -393,6 +408,22 @@ static struct nft_table *nf_tables_table
+@@ -415,6 +430,22 @@ static struct nft_table *nf_tables_table
  	return ERR_PTR(-ENOENT);
  }
  
@@ -195,7 +193,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static inline u64 nf_tables_alloc_handle(struct nft_table *table)
  {
  	return ++table->hgenerator;
-@@ -439,6 +470,7 @@ static const struct nla_policy nft_table
+@@ -461,6 +492,7 @@ static const struct nla_policy nft_table
  	[NFTA_TABLE_NAME]	= { .type = NLA_STRING,
  				    .len = NFT_TABLE_MAXNAMELEN - 1 },
  	[NFTA_TABLE_FLAGS]	= { .type = NLA_U32 },
@@ -203,7 +201,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
-@@ -460,7 +492,9 @@ static int nf_tables_fill_table_info(str
+@@ -482,7 +514,9 @@ static int nf_tables_fill_table_info(str
  
  	if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
  	    nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
@@ -214,7 +212,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		goto nla_put_failure;
  
  	nlmsg_end(skb, nlh);
-@@ -719,6 +753,7 @@ static int nf_tables_newtable(struct net
+@@ -741,6 +775,7 @@ static int nf_tables_newtable(struct net
  	INIT_LIST_HEAD(&table->flowtables);
  	table->family = family;
  	table->flags = flags;
@@ -222,7 +220,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
  	err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
-@@ -836,11 +871,18 @@ static int nf_tables_deltable(struct net
+@@ -858,11 +893,18 @@ static int nf_tables_deltable(struct net
  	struct nft_ctx ctx;
  
  	nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla);
@@ -244,7 +242,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
-@@ -1597,6 +1639,7 @@ static int nf_tables_delchain(struct net
+@@ -1622,6 +1664,7 @@ static int nf_tables_delchain(struct net
  	struct nft_rule *rule;
  	int family = nfmsg->nfgen_family;
  	struct nft_ctx ctx;
@@ -252,7 +250,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	u32 use;
  	int err;
  
-@@ -1605,7 +1648,12 @@ static int nf_tables_delchain(struct net
+@@ -1630,7 +1673,12 @@ static int nf_tables_delchain(struct net
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
@@ -266,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(chain))
  		return PTR_ERR(chain);
  
-@@ -2584,6 +2632,7 @@ static const struct nla_policy nft_set_p
+@@ -2609,6 +2657,7 @@ static const struct nla_policy nft_set_p
  	[NFTA_SET_USERDATA]		= { .type = NLA_BINARY,
  					    .len  = NFT_USERDATA_MAXLEN },
  	[NFTA_SET_OBJ_TYPE]		= { .type = NLA_U32 },
@@ -274,7 +272,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
-@@ -2627,6 +2676,22 @@ static struct nft_set *nf_tables_set_loo
+@@ -2652,6 +2701,22 @@ static struct nft_set *nf_tables_set_loo
  	return ERR_PTR(-ENOENT);
  }
  
@@ -295,9 +293,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +}
 +
  static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
+ 						 const struct nft_table *table,
  						 const struct nlattr *nla,
- 						 u8 genmask)
-@@ -2743,6 +2808,9 @@ static int nf_tables_fill_set(struct sk_
+@@ -2770,6 +2835,9 @@ static int nf_tables_fill_set(struct sk_
  		goto nla_put_failure;
  	if (nla_put_string(skb, NFTA_SET_NAME, set->name))
  		goto nla_put_failure;
@@ -307,7 +305,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (set->flags != 0)
  		if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
  			goto nla_put_failure;
-@@ -3155,6 +3223,7 @@ static int nf_tables_newset(struct net *
+@@ -3188,6 +3256,7 @@ static int nf_tables_newset(struct net *
  	set->udata  = udata;
  	set->timeout = timeout;
  	set->gc_int = gc_int;
@@ -315,7 +313,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
  	err = ops->init(set, &desc, nla);
  	if (err < 0)
-@@ -3214,7 +3283,10 @@ static int nf_tables_delset(struct net *
+@@ -3245,7 +3314,10 @@ static int nf_tables_delset(struct net *
  	if (err < 0)
  		return err;
  
@@ -327,7 +325,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(set))
  		return PTR_ERR(set);
  
-@@ -4283,6 +4355,21 @@ struct nft_object *nf_tables_obj_lookup(
+@@ -4416,6 +4488,21 @@ struct nft_object *nf_tables_obj_lookup(
  }
  EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
  
@@ -349,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
  	[NFTA_OBJ_TABLE]	= { .type = NLA_STRING,
  				    .len = NFT_TABLE_MAXNAMELEN - 1 },
-@@ -4290,6 +4377,7 @@ static const struct nla_policy nft_obj_p
+@@ -4423,6 +4510,7 @@ static const struct nla_policy nft_obj_p
  				    .len = NFT_OBJ_MAXNAMELEN - 1 },
  	[NFTA_OBJ_TYPE]		= { .type = NLA_U32 },
  	[NFTA_OBJ_DATA]		= { .type = NLA_NESTED },
@@ -357,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
-@@ -4437,6 +4525,8 @@ static int nf_tables_newobj(struct net *
+@@ -4575,6 +4663,8 @@ static int nf_tables_newobj(struct net *
  		goto err1;
  	}
  	obj->table = table;
@@ -366,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
  	if (!obj->name) {
  		err = -ENOMEM;
-@@ -4483,7 +4573,9 @@ static int nf_tables_fill_obj_info(struc
+@@ -4624,7 +4714,9 @@ static int nf_tables_fill_obj_info(struc
  	    nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
  	    nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
  	    nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
@@ -377,7 +375,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		goto nla_put_failure;
  
  	nlmsg_end(skb, nlh);
-@@ -4681,7 +4773,7 @@ static int nf_tables_delobj(struct net *
+@@ -4822,7 +4914,7 @@ static int nf_tables_delobj(struct net *
  	u32 objtype;
  
  	if (!nla[NFTA_OBJ_TYPE] ||
@@ -386,7 +384,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  		return -EINVAL;
  
  	table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
-@@ -4690,7 +4782,12 @@ static int nf_tables_delobj(struct net *
+@@ -4831,7 +4923,12 @@ static int nf_tables_delobj(struct net *
  		return PTR_ERR(table);
  
  	objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
@@ -400,7 +398,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(obj))
  		return PTR_ERR(obj);
  	if (obj->use > 0)
-@@ -4762,6 +4859,7 @@ static const struct nla_policy nft_flowt
+@@ -4903,6 +5000,7 @@ static const struct nla_policy nft_flowt
  	[NFTA_FLOWTABLE_NAME]		= { .type = NLA_STRING,
  					    .len = NFT_NAME_MAXLEN - 1 },
  	[NFTA_FLOWTABLE_HOOK]		= { .type = NLA_NESTED },
@@ -408,7 +406,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
  
  struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
-@@ -4779,6 +4877,20 @@ struct nft_flowtable *nf_tables_flowtabl
+@@ -4920,6 +5018,20 @@ struct nft_flowtable *nf_tables_flowtabl
  }
  EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
  
@@ -429,7 +427,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  #define NFT_FLOWTABLE_DEVICE_MAX	8
  
  static int nf_tables_parse_devices(const struct nft_ctx *ctx,
-@@ -4987,6 +5099,8 @@ static int nf_tables_newflowtable(struct
+@@ -5128,6 +5240,8 @@ static int nf_tables_newflowtable(struct
  		return -ENOMEM;
  
  	flowtable->table = table;
@@ -438,7 +436,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
  	if (!flowtable->name) {
  		err = -ENOMEM;
-@@ -5061,8 +5175,14 @@ static int nf_tables_delflowtable(struct
+@@ -5202,8 +5316,14 @@ static int nf_tables_delflowtable(struct
  	if (IS_ERR(table))
  		return PTR_ERR(table);
  
@@ -455,7 +453,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	if (IS_ERR(flowtable))
                  return PTR_ERR(flowtable);
  	if (flowtable->use > 0)
-@@ -5095,7 +5215,9 @@ static int nf_tables_fill_flowtable_info
+@@ -5236,7 +5356,9 @@ static int nf_tables_fill_flowtable_info
  
  	if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
  	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||

target/linux/generic/backport-4.14/350-v4.18-ipv6-make-ip6_dst_mtu_forward-inline.patch

@@ -38,7 +38,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #endif
 --- a/include/net/ipv6.h
 +++ b/include/net/ipv6.h
-@@ -860,8 +860,6 @@ static inline struct sk_buff *ip6_finish
+@@ -856,8 +856,6 @@ static inline struct sk_buff *ip6_finish
  			      &inet6_sk(sk)->cork);
  }
  

target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch

@@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	.owner		= THIS_MODULE,
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5114,40 +5114,38 @@ static int nf_tables_newflowtable(struct
+@@ -5255,40 +5255,38 @@ static int nf_tables_newflowtable(struct
  	}
  
  	flowtable->data.type = type;
@@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  err3:
  	module_put(type->owner);
  err2:
-@@ -5428,10 +5426,8 @@ err:
+@@ -5569,10 +5567,8 @@ err:
  
  static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
  {

target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch

@@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4980,7 +4980,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -5121,7 +5121,7 @@ static int nf_tables_flowtable_parse_hoo
  		flowtable->ops[i].pf		= NFPROTO_NETDEV;
  		flowtable->ops[i].hooknum	= hooknum;
  		flowtable->ops[i].priority	= priority;

target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch

@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	struct delayed_work		gc_work;
 --- a/include/net/netfilter/nf_tables.h
 +++ b/include/net/netfilter/nf_tables.h
-@@ -1099,9 +1099,6 @@ struct nft_flowtable {
+@@ -1146,9 +1146,6 @@ struct nft_flowtable {
  struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
  						 const struct nlattr *nla,
  						 u8 genmask);
@@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	WARN_ON(!nf_flow_offload_gc_step(flow_table));
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5024,23 +5024,6 @@ static const struct nf_flowtable_type *n
+@@ -5165,23 +5165,6 @@ static const struct nf_flowtable_type *n
  	return ERR_PTR(-ENOENT);
  }
  

target/linux/generic/hack-4.14/204-module_strip.patch

@@ -137,7 +137,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
 --- a/scripts/mod/modpost.c
 +++ b/scripts/mod/modpost.c
-@@ -1997,7 +1997,9 @@ static void read_symbols(char *modname)
+@@ -2015,7 +2015,9 @@ static void read_symbols(char *modname)
  		symname = remove_dot(info.strtab + sym->st_name);
  
  		handle_modversions(mod, &info, sym, symname);
@@ -147,7 +147,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	}
  	if (!is_vmlinux(modname) ||
  	     (is_vmlinux(modname) && vmlinux_section_warnings))
-@@ -2158,8 +2160,10 @@ static void add_header(struct buffer *b,
+@@ -2176,8 +2178,10 @@ static void add_header(struct buffer *b,
  	buf_printf(b, "#include <linux/vermagic.h>\n");
  	buf_printf(b, "#include <linux/compiler.h>\n");
  	buf_printf(b, "\n");
@@ -158,7 +158,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	buf_printf(b, "\n");
  	buf_printf(b, "__visible struct module __this_module\n");
  	buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n");
-@@ -2176,8 +2180,10 @@ static void add_header(struct buffer *b,
+@@ -2194,8 +2198,10 @@ static void add_header(struct buffer *b,
  
  static void add_intree_flag(struct buffer *b, int is_intree)
  {
@@ -169,7 +169,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  }
  
  /* Cannot check for assembler */
-@@ -2190,10 +2196,12 @@ static void add_retpoline(struct buffer
+@@ -2208,10 +2214,12 @@ static void add_retpoline(struct buffer
  
  static void add_staging_flag(struct buffer *b, const char *name)
  {
@@ -182,7 +182,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  }
  
  /**
-@@ -2292,11 +2300,13 @@ static void add_depends(struct buffer *b
+@@ -2310,11 +2318,13 @@ static void add_depends(struct buffer *b
  
  static void add_srcversion(struct buffer *b, struct module *mod)
  {
@@ -196,7 +196,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  }
  
  static void write_if_changed(struct buffer *b, const char *fname)
-@@ -2533,7 +2543,9 @@ int main(int argc, char **argv)
+@@ -2551,7 +2561,9 @@ int main(int argc, char **argv)
  		add_staging_flag(&buf, mod->name);
  		err |= add_versions(&buf, mod);
  		add_depends(&buf, mod, modules);

target/linux/generic/hack-4.14/207-disable-modorder.patch

@@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/Makefile
 +++ b/Makefile
-@@ -1271,7 +1271,6 @@ endif
+@@ -1275,7 +1275,6 @@ endif
  
  PHONY += modules
  modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
@@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	@$(kecho) '  Building modules, stage 2.';
  	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
  
-@@ -1300,7 +1299,6 @@ _modinst_:
+@@ -1304,7 +1303,6 @@ _modinst_:
  		rm -f $(MODLIB)/build ; \
  		ln -s $(CURDIR) $(MODLIB)/build ; \
  	fi

target/linux/generic/hack-4.14/220-gc_sections.patch

@@ -33,7 +33,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  # Read KERNELRELEASE from include/config/kernel.release (if it exists)
  KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null)
  KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION)
-@@ -793,11 +798,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH
+@@ -797,11 +802,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH
  KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once)
  endif
  
@@ -47,7 +47,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  CHECKFLAGS     += $(NOSTDINC_FLAGS)
 --- a/arch/arm/Kconfig
 +++ b/arch/arm/Kconfig
-@@ -92,6 +92,7 @@ config ARM
+@@ -93,6 +93,7 @@ config ARM
  	select HAVE_UID16
  	select HAVE_VIRT_CPU_ACCOUNTING_GEN
  	select IRQ_FORCED_THREADING
@@ -180,7 +180,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  	.init.data : {
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -40,6 +40,7 @@ config MIPS
+@@ -41,6 +41,7 @@ config MIPS
  	select HAVE_CBPF_JIT if (!64BIT && !CPU_MICROMIPS)
  	select HAVE_EBPF_JIT if (64BIT && !CPU_MICROMIPS)
  	select HAVE_CC_STACKPROTECTOR

target/linux/generic/hack-4.14/280-rfkill-stubs.patch

@@ -26,7 +26,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
   * @name: name of the struct -- the string is not copied internally
 --- a/net/Makefile
 +++ b/net/Makefile
-@@ -53,7 +53,7 @@ obj-$(CONFIG_TIPC)		+= tipc/
+@@ -52,7 +52,7 @@ obj-$(CONFIG_TIPC)		+= tipc/
  obj-$(CONFIG_NETLABEL)		+= netlabel/
  obj-$(CONFIG_IUCV)		+= iucv/
  obj-$(CONFIG_SMC)		+= smc/

target/linux/generic/hack-4.14/301-mips_image_cmdline_hack.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -1163,6 +1163,10 @@ config SYNC_R4K
+@@ -1164,6 +1164,10 @@ config SYNC_R4K
  config MIPS_MACHINE
  	def_bool n
  

target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch

@@ -16,7 +16,7 @@ Signed-off-by: Alexandros C. Couloumbis <alex@ozo.com>
 
 --- a/arch/powerpc/Makefile
 +++ b/arch/powerpc/Makefile
-@@ -59,19 +59,6 @@ machine-$(CONFIG_PPC64) += 64
+@@ -58,19 +58,6 @@ machine-$(CONFIG_PPC64) += 64
  machine-$(CONFIG_CPU_LITTLE_ENDIAN) += le
  UTS_MACHINE := $(subst $(space),,$(machine-y))
  

target/linux/generic/hack-4.14/721-phy_packets.patch

@@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
-@@ -1415,6 +1415,7 @@ enum netdev_priv_flags {
+@@ -1418,6 +1418,7 @@ enum netdev_priv_flags {
  	IFF_PHONY_HEADROOM		= 1<<26,
  	IFF_MACSEC			= 1<<27,
  	IFF_L3MDEV_RX_HANDLER		= 1<<28,
@@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  };
  
  #define IFF_802_1Q_VLAN			IFF_802_1Q_VLAN
-@@ -1445,6 +1446,7 @@ enum netdev_priv_flags {
+@@ -1448,6 +1449,7 @@ enum netdev_priv_flags {
  #define IFF_RXFH_CONFIGURED		IFF_RXFH_CONFIGURED
  #define IFF_MACSEC			IFF_MACSEC
  #define IFF_L3MDEV_RX_HANDLER		IFF_L3MDEV_RX_HANDLER
@@ -31,7 +31,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  /**
   *	struct net_device - The DEVICE structure.
-@@ -1731,6 +1733,11 @@ struct net_device {
+@@ -1733,6 +1735,11 @@ struct net_device {
  	const struct xfrmdev_ops *xfrmdev_ops;
  #endif
  
@@ -43,7 +43,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	const struct header_ops *header_ops;
  
  	unsigned int		flags;
-@@ -1805,6 +1812,10 @@ struct net_device {
+@@ -1806,6 +1813,10 @@ struct net_device {
  	struct mpls_dev __rcu	*mpls_ptr;
  #endif
  
@@ -101,7 +101,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	help
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -3002,10 +3002,20 @@ static int xmit_one(struct sk_buff *skb,
+@@ -3004,10 +3004,20 @@ static int xmit_one(struct sk_buff *skb,
  	if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all))
  		dev_queue_xmit_nit(skb, dev);
  

target/linux/generic/hack-4.14/902-debloat_proc.patch

@@ -327,7 +327,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
 --- a/net/core/sock.c
 +++ b/net/core/sock.c
-@@ -3427,6 +3427,8 @@ static __net_initdata struct pernet_oper
+@@ -3438,6 +3438,8 @@ static __net_initdata struct pernet_oper
  
  static int __init proto_init(void)
  {

target/linux/generic/pending-4.14/120-Fix-alloc_node_mem_map-with-ARCH_PFN_OFFSET-calcu.patch

@@ -71,7 +71,7 @@ Signed-off-by: Tobias Wolf <dev-NTEO@vplace.de>
 
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
-@@ -6197,7 +6197,7 @@ static void __ref alloc_node_mem_map(str
+@@ -6213,7 +6213,7 @@ static void __ref alloc_node_mem_map(str
  		mem_map = NODE_DATA(0)->node_mem_map;
  #if defined(CONFIG_HAVE_MEMBLOCK_NODE_MAP) || defined(CONFIG_FLATMEM)
  		if (page_to_pfn(mem_map) != pgdat->node_start_pfn)

target/linux/generic/pending-4.14/220-optimize_inlining.patch

@@ -141,7 +141,7 @@
  	help
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -296,9 +296,6 @@ config ZONE_DMA32
+@@ -297,9 +297,6 @@ config ZONE_DMA32
  config AUDIT_ARCH
  	def_bool y if X86_64
  

target/linux/generic/pending-4.14/300-mips_expose_boot_raw.patch

@@ -9,7 +9,7 @@ Acked-by: Rob Landley <rob@landley.net>
 ---
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -1072,9 +1072,6 @@ config FW_ARC
+@@ -1073,9 +1073,6 @@ config FW_ARC
  config ARCH_MAY_HAVE_PC_FDC
  	bool
  
@@ -19,7 +19,7 @@ Acked-by: Rob Landley <rob@landley.net>
  config CEVT_BCM1480
  	bool
  
-@@ -2973,6 +2970,18 @@ choice
+@@ -2974,6 +2971,18 @@ choice
  		bool "Extend builtin kernel arguments with bootloader arguments"
  endchoice
  

target/linux/generic/pending-4.14/304-mips_disable_fpu.patch

@@ -24,7 +24,7 @@ v2: incorporated changes suggested by Jonas Gorski
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -2897,6 +2897,20 @@ config MIPS_O32_FP64_SUPPORT
+@@ -2898,6 +2898,20 @@ config MIPS_O32_FP64_SUPPORT
  
  	  If unsure, say N.
  

target/linux/generic/pending-4.14/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch

@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -221,6 +221,7 @@ config BMIPS_GENERIC
+@@ -222,6 +222,7 @@ config BMIPS_GENERIC
  	select BRCMSTB_L2_IRQ
  	select IRQ_MIPS_CPU
  	select DMA_NONCOHERENT
@@ -22,7 +22,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	select SYS_SUPPORTS_32BIT_KERNEL
  	select SYS_SUPPORTS_LITTLE_ENDIAN
  	select SYS_SUPPORTS_BIG_ENDIAN
-@@ -349,6 +350,7 @@ config MACH_JAZZ
+@@ -350,6 +351,7 @@ config MACH_JAZZ
  	select CSRC_R4K
  	select DEFAULT_SGI_PARTITION if CPU_BIG_ENDIAN
  	select GENERIC_ISA_DMA
@@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	select HAVE_PCSPKR_PLATFORM
  	select IRQ_MIPS_CPU
  	select I8253
-@@ -1133,6 +1135,9 @@ config DMA_NONCOHERENT
+@@ -1134,6 +1136,9 @@ config DMA_NONCOHERENT
  	bool
  	select NEED_DMA_MAP_STATE
  
@@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  config NEED_DMA_MAP_STATE
  	bool
  
-@@ -1658,6 +1663,7 @@ config CPU_R10000
+@@ -1659,6 +1664,7 @@ config CPU_R10000
  	select CPU_SUPPORTS_64BIT_KERNEL
  	select CPU_SUPPORTS_HIGHMEM
  	select CPU_SUPPORTS_HUGEPAGES
@@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	help
  	  MIPS Technologies R10000-series processors.
  
-@@ -1906,9 +1912,11 @@ config SYS_HAS_CPU_MIPS32_R3_5
+@@ -1907,9 +1913,11 @@ config SYS_HAS_CPU_MIPS32_R3_5
  	bool
  
  config SYS_HAS_CPU_MIPS32_R5
@@ -60,7 +60,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	bool
  
  config SYS_HAS_CPU_MIPS64_R1
-@@ -1918,6 +1926,7 @@ config SYS_HAS_CPU_MIPS64_R2
+@@ -1919,6 +1927,7 @@ config SYS_HAS_CPU_MIPS64_R2
  	bool
  
  config SYS_HAS_CPU_MIPS64_R6

target/linux/generic/pending-4.14/630-packet_socket_type.patch

@@ -30,7 +30,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #define PACKET_FANOUT_LB		1
 --- a/net/packet/af_packet.c
 +++ b/net/packet/af_packet.c
-@@ -1842,6 +1842,7 @@ static int packet_rcv_spkt(struct sk_buf
+@@ -1846,6 +1846,7 @@ static int packet_rcv_spkt(struct sk_buf
  {
  	struct sock *sk;
  	struct sockaddr_pkt *spkt;
@@ -38,7 +38,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	/*
  	 *	When we registered the protocol we saved the socket in the data
-@@ -1849,6 +1850,7 @@ static int packet_rcv_spkt(struct sk_buf
+@@ -1853,6 +1854,7 @@ static int packet_rcv_spkt(struct sk_buf
  	 */
  
  	sk = pt->af_packet_priv;
@@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	/*
  	 *	Yank back the headers [hope the device set this
-@@ -1861,7 +1863,7 @@ static int packet_rcv_spkt(struct sk_buf
+@@ -1865,7 +1867,7 @@ static int packet_rcv_spkt(struct sk_buf
  	 *	so that this procedure is noop.
  	 */
  
@@ -55,7 +55,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		goto out;
  
  	if (!net_eq(dev_net(dev), sock_net(sk)))
-@@ -2088,12 +2090,12 @@ static int packet_rcv(struct sk_buff *sk
+@@ -2092,12 +2094,12 @@ static int packet_rcv(struct sk_buff *sk
  	unsigned int snaplen, res;
  	bool is_drop_n_account = false;
  
@@ -71,7 +71,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (!net_eq(dev_net(dev), sock_net(sk)))
  		goto drop;
  
-@@ -2221,12 +2223,12 @@ static int tpacket_rcv(struct sk_buff *s
+@@ -2225,12 +2227,12 @@ static int tpacket_rcv(struct sk_buff *s
  	BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32);
  	BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48);
  
@@ -87,7 +87,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (!net_eq(dev_net(dev), sock_net(sk)))
  		goto drop;
  
-@@ -3336,6 +3338,7 @@ static int packet_create(struct net *net
+@@ -3342,6 +3344,7 @@ static int packet_create(struct net *net
  	mutex_init(&po->pg_vec_lock);
  	po->rollover = NULL;
  	po->prot_hook.func = packet_rcv;
@@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (sock->type == SOCK_PACKET)
  		po->prot_hook.func = packet_rcv_spkt;
-@@ -3967,6 +3970,16 @@ packet_setsockopt(struct socket *sock, i
+@@ -3969,6 +3972,16 @@ packet_setsockopt(struct socket *sock, i
  		po->xmit = val ? packet_direct_xmit : dev_queue_xmit;
  		return 0;
  	}
@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	default:
  		return -ENOPROTOOPT;
  	}
-@@ -4019,6 +4032,13 @@ static int packet_getsockopt(struct sock
+@@ -4021,6 +4034,13 @@ static int packet_getsockopt(struct sock
  	case PACKET_VNET_HDR:
  		val = po->has_vnet_hdr;
  		break;
@@ -128,7 +128,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		break;
 --- a/net/packet/internal.h
 +++ b/net/packet/internal.h
-@@ -135,6 +135,7 @@ struct packet_sock {
+@@ -134,6 +134,7 @@ struct packet_sock {
  	struct net_device __rcu	*cached_dev;
  	int			(*xmit)(struct sk_buff *skb);
  	struct packet_type	prot_hook ____cacheline_aligned_in_smp;

target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch

@@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
-@@ -829,6 +829,13 @@ struct xfrmdev_ops {
+@@ -832,6 +832,13 @@ struct xfrmdev_ops {
  };
  #endif
  
@@ -37,7 +37,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  /*
   * This structure defines the management hooks for network devices.
   * The following hooks can be defined; unless noted otherwise, they are
-@@ -1060,6 +1067,10 @@ struct xfrmdev_ops {
+@@ -1063,6 +1070,10 @@ struct xfrmdev_ops {
   * int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh,
   *			     u16 flags);
   *
@@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
   * int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier);
   *	Called to change device carrier. Soft-devices (like dummy, team, etc)
   *	which do not represent real hardware may define this to allow their
-@@ -1284,6 +1295,8 @@ struct net_device_ops {
+@@ -1287,6 +1298,8 @@ struct net_device_ops {
  	int			(*ndo_bridge_dellink)(struct net_device *dev,
  						      struct nlmsghdr *nlh,
  						      u16 flags);
@@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +MODULE_ALIAS("nf-flow-table-hw");
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4967,6 +4967,14 @@ static int nf_tables_flowtable_parse_hoo
+@@ -5108,6 +5108,14 @@ static int nf_tables_flowtable_parse_hoo
  	if (err < 0)
  		goto err1;
  
@@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
  	if (!ops) {
  		err = -ENOMEM;
-@@ -5097,10 +5105,19 @@ static int nf_tables_newflowtable(struct
+@@ -5238,10 +5246,19 @@ static int nf_tables_newflowtable(struct
  	}
  
  	flowtable->data.type = type;
@@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
  					     flowtable);
  	if (err < 0)
-@@ -5198,7 +5215,8 @@ static int nf_tables_fill_flowtable_info
+@@ -5339,7 +5356,8 @@ static int nf_tables_fill_flowtable_info
  	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
  	    nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
  	    nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),

target/linux/generic/pending-4.14/641-netfilter-nf_flow_table-support-hw-offload-through-v.patch

@@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
-@@ -830,6 +830,7 @@ struct xfrmdev_ops {
+@@ -833,6 +833,7 @@ struct xfrmdev_ops {
  #endif
  
  struct flow_offload;
@@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  enum flow_offload_type {
  	FLOW_OFFLOAD_ADD	= 0,
-@@ -1067,8 +1068,15 @@ enum flow_offload_type {
+@@ -1070,8 +1071,15 @@ enum flow_offload_type {
   * int (*ndo_bridge_dellink)(struct net_device *dev, struct nlmsghdr *nlh,
   *			     u16 flags);
   *
@@ -40,7 +40,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
   *	Adds/deletes flow entry to/from net device flowtable.
   *
   * int (*ndo_change_carrier)(struct net_device *dev, bool new_carrier);
-@@ -1295,8 +1303,11 @@ struct net_device_ops {
+@@ -1298,8 +1306,11 @@ struct net_device_ops {
  	int			(*ndo_bridge_dellink)(struct net_device *dev,
  						      struct nlmsghdr *nlh,
  						      u16 flags);

target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

@@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
-@@ -1774,6 +1774,8 @@ struct net_device {
+@@ -1776,6 +1776,8 @@ struct net_device {
  	struct netdev_hw_addr_list	mc;
  	struct netdev_hw_addr_list	dev_addrs;
  
@@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	__u16			tc_index;	/* traffic control index */
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -4805,6 +4805,9 @@ static enum gro_result dev_gro_receive(s
+@@ -4809,6 +4809,9 @@ static enum gro_result dev_gro_receive(s
  	enum gro_result ret;
  	int grow;
  
@@ -42,7 +42,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (netif_elide_gro(skb->dev))
  		goto normal;
  
-@@ -6290,6 +6293,48 @@ static void __netdev_adjacent_dev_unlink
+@@ -6294,6 +6297,48 @@ static void __netdev_adjacent_dev_unlink
  					   &upper_dev->adj_list.lower);
  }
  
@@ -91,7 +91,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  static int __netdev_upper_dev_link(struct net_device *dev,
  				   struct net_device *upper_dev, bool master,
  				   void *upper_priv, void *upper_info)
-@@ -6328,6 +6373,7 @@ static int __netdev_upper_dev_link(struc
+@@ -6332,6 +6377,7 @@ static int __netdev_upper_dev_link(struc
  	if (ret)
  		return ret;
  
@@ -99,7 +99,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	ret = call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev,
  					    &changeupper_info.info);
  	ret = notifier_to_errno(ret);
-@@ -6405,6 +6451,7 @@ void netdev_upper_dev_unlink(struct net_
+@@ -6409,6 +6455,7 @@ void netdev_upper_dev_unlink(struct net_
  
  	__netdev_adjacent_dev_unlink_neighbour(dev, upper_dev);
  
@@ -107,7 +107,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev,
  				      &changeupper_info.info);
  }
-@@ -6969,6 +7016,7 @@ int dev_set_mac_address(struct net_devic
+@@ -6973,6 +7020,7 @@ int dev_set_mac_address(struct net_devic
  	if (err)
  		return err;
  	dev->addr_assign_type = NET_ADDR_SET;

target/linux/generic/pending-4.14/920-mangle_bootargs.patch

@@ -31,7 +31,7 @@ Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
  	help
 --- a/init/main.c
 +++ b/init/main.c
-@@ -358,6 +358,29 @@ static inline void setup_nr_cpu_ids(void
+@@ -357,6 +357,29 @@ static inline void setup_nr_cpu_ids(void
  static inline void smp_prepare_cpus(unsigned int maxcpus) { }
  #endif
  
@@ -61,7 +61,7 @@ Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
  /*
   * We need to store the untouched command line for future reference.
   * We also need to store the touched command line since the parameter
-@@ -532,6 +555,7 @@ asmlinkage __visible void __init start_k
+@@ -529,6 +552,7 @@ asmlinkage __visible void __init start_k
  	pr_notice("%s", linux_banner);
  	setup_arch(&command_line);
  	mm_init_cpumask(&init_mm);

target/linux/x86/64/config-4.14

@@ -1,4 +1,5 @@
 CONFIG_64BIT=y
+CONFIG_GDS_FORCE_MITIGATION=n
 CONFIG_ACPI=y
 CONFIG_ACPI_AC=y
 CONFIG_ACPI_BATTERY=y