kernel: bump 4.14 to 4.14.68

Refreshed all patches. Remove upstream accepted: - 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch Altered: - 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch - 308-mips32r2_tune.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago · 079871983c
parent 752ee31ad2
commit 079871983c
25 changed files with 164 additions and 241 deletions
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@ -2,13 +2,13 @@

 LINUX_RELEASE?=1

-LINUX_VERSION-4.14 = .67
 LINUX_VERSION-3.18 = .121
 LINUX_VERSION-4.9 = .125
+LINUX_VERSION-4.14 = .68

-LINUX_KERNEL_HASH-4.14.67 = 3f4b056dc27233a78f7a4a35ed6fdcfd0a9680ec40b611a898bb6c8b905070ba
 LINUX_KERNEL_HASH-3.18.121 = 7a8a996433e4af1abd2903f91c390295745d90dd178607b3af82f2df5f95c9b0
 LINUX_KERNEL_HASH-4.9.125 = a764deef61bebfac1d07b2ed6890f93a12a9ab6d3fc3c53e3d850ed4681111cb
+LINUX_KERNEL_HASH-4.14.68 = 791dbf1597033bf2b61e83307d78188ffc1ad4bdd1da3234876667edfdd28690

 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
--- a/target/linux/ar71xx/patches-4.14/500-MIPS-fw-myloader.patch
+++ b/target/linux/ar71xx/patches-4.14/500-MIPS-fw-myloader.patch
@ -1,6 +1,6 @@
 --- a/arch/mips/Makefile
 +++ b/arch/mips/Makefile
-@@ -227,6 +227,7 @@ cflags-$(toolchain-virt)		+= -DTOOLCHAIN
+@@ -223,6 +223,7 @@ cflags-$(toolchain-virt)		+= -DTOOLCHAIN
 #
 libs-$(CONFIG_FW_ARC)		+= arch/mips/fw/arc/
 libs-$(CONFIG_FW_CFE)		+= arch/mips/fw/cfe/
--- a/target/linux/brcm47xx/patches-4.14/330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch
+++ b/target/linux/brcm47xx/patches-4.14/330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch
@ -1,76 +0,0 @@
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
-Date: Fri, 27 Jul 2018 12:39:01 +0200
-Subject: [PATCH] Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe
- erratum"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit 2a027b47dba6b77ab8c8e47b589ae9bbc5ac6175.
-
-Enabling ExternalSync caused a regression for BCM4718A1 (used e.g. in
-Netgear E3000 and ASUS RT-N16): it simply hangs during PCIe
-initialization. It's likely that BCM4717A1 is also affected.
-
-I didn't notice that earlier as the only BCM47XX devices with PCIe I
-own are:
-1) BCM4706 with 2 x 14e4:4331
-2) BCM4706 with 14e4:4360 and 14e4:4331
-it appears that BCM4706 is unaffected.
-
-While BCM5300X-ES300-RDS.pdf seems to document that erratum and its
-workarounds (according to quotes provided by Tokunori) it seems not even
-Broadcom follows them.
-
-According to the provided info Broadcom should define CONF7_ES in their
-SDK's mipsinc.h and implement workaround in the si_mips_init(). Checking
-both didn't reveal such code. It *could* mean Broadcom also had some
-problems with the given workaround.
-
-Reported-by: Michael Marley <michael@michaelmarley.com>
-Cc: Tokunori Ikegami <ikegami@allied-telesis.co.jp>
-Cc: Paul Burton <paul.burton@mips.com>
-Cc: Hauke Mehrtens <hauke@hauke-m.de>
-Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
-Cc: stable@vger.kernel.org
-Cc: James Hogan <jhogan@kernel.org>
-Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
- arch/mips/bcm47xx/setup.c        | 6 ------
- arch/mips/include/asm/mipsregs.h | 3 ---
- 2 files changed, 9 deletions(-)
-
--- a/arch/mips/bcm47xx/setup.c
-+++ b/arch/mips/bcm47xx/setup.c
-@@ -212,12 +212,6 @@ static int __init bcm47xx_cpu_fixes(void
- 		 */
- 		if (bcm47xx_bus.bcma.bus.chipinfo.id == BCMA_CHIP_ID_BCM4706)
- 			cpu_wait = NULL;
-
-		/*
-		 * BCM47XX Erratum "R10: PCIe Transactions Periodically Fail"
-		 * Enable ExternalSync for sync instruction to take effect
-		 */
-		set_c0_config7(MIPS_CONF7_ES);
- 		break;
- #endif
- 	}
--- a/arch/mips/include/asm/mipsregs.h
-+++ b/arch/mips/include/asm/mipsregs.h
-@@ -680,8 +680,6 @@
- #define MIPS_CONF7_WII		(_ULCAST_(1) << 31)
- 
- #define MIPS_CONF7_RPS		(_ULCAST_(1) << 2)
-/* ExternalSync */
-#define MIPS_CONF7_ES		(_ULCAST_(1) << 8)
- 
- #define MIPS_CONF7_IAR		(_ULCAST_(1) << 10)
- #define MIPS_CONF7_AR		(_ULCAST_(1) << 16)
-@@ -2747,7 +2745,6 @@ __BUILD_SET_C0(status)
- __BUILD_SET_C0(cause)
- __BUILD_SET_C0(config)
- __BUILD_SET_C0(config5)
-__BUILD_SET_C0(config7)
- __BUILD_SET_C0(intcontrol)
- __BUILD_SET_C0(intctl)
- __BUILD_SET_C0(srsmap)
--- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
+++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 err1:
 	nf_tables_chain_destroy(chain);
 
-@@ -1478,14 +1469,13 @@ static int nf_tables_updchain(struct nft
+@@ -1478,13 +1469,12 @@ static int nf_tables_updchain(struct nft
 	const struct nlattr * const *nla = ctx->nla;
 	struct nft_table *table = ctx->table;
 	struct nft_chain *chain = ctx->chain;
@ -236,7 +236,6 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_base_chain *basechain;
 	struct nft_stats *stats = NULL;
 	struct nft_chain_hook hook;
- 	const struct nlattr *name;
 	struct nf_hook_ops *ops;
 	struct nft_trans *trans;
 -	int err, i;
@ -244,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	if (nla[NFTA_CHAIN_HOOK]) {
 		if (!nft_is_base_chain(chain))
-@@ -1502,14 +1492,12 @@ static int nf_tables_updchain(struct nft
+@@ -1501,14 +1491,12 @@ static int nf_tables_updchain(struct nft
 			return -EBUSY;
 		}
 
@ -265,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 		nft_chain_release_hook(&hook);
 	}
-@@ -5113,10 +5101,9 @@ static int nf_tables_commit(struct net *
+@@ -5134,10 +5122,9 @@ static int nf_tables_commit(struct net *
 		case NFT_MSG_DELCHAIN:
 			list_del_rcu(&trans->ctx.chain->list);
 			nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
@ -279,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			break;
 		case NFT_MSG_NEWRULE:
 			nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5253,10 +5240,9 @@ static int nf_tables_abort(struct net *n
+@@ -5274,10 +5261,9 @@ static int nf_tables_abort(struct net *n
 			} else {
 				trans->ctx.table->use--;
 				list_del_rcu(&trans->ctx.chain->list);
@ -293,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			}
 			break;
 		case NFT_MSG_DELCHAIN:
-@@ -5359,7 +5345,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5380,7 +5366,7 @@ int nft_chain_validate_hooks(const struc
 	if (nft_is_base_chain(chain)) {
 		basechain = nft_base_chain(chain);
 
@ -302,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			return 0;
 
 		return -EOPNOTSUPP;
-@@ -5841,8 +5827,7 @@ int __nft_release_basechain(struct nft_c
+@@ -5862,8 +5848,7 @@ int __nft_release_basechain(struct nft_c
 
 	BUG_ON(!nft_is_base_chain(ctx->chain));
 
@ -312,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
 		list_del(&rule->list);
 		ctx->chain->use--;
-@@ -5871,8 +5856,7 @@ static void __nft_release_afinfo(struct
+@@ -5892,8 +5877,7 @@ static void __nft_release_afinfo(struct
 
 	list_for_each_entry_safe(table, nt, &afi->tables, list) {
 		list_for_each_entry(chain, &table->chains, list)
--- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch
+++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch
@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
 		err = nft_delobj(ctx, obj);
 		if (err < 0)
-@@ -4818,6 +4862,605 @@ static void nf_tables_obj_notify(const s
+@@ -4834,6 +4878,605 @@ static void nf_tables_obj_notify(const s
 		       ctx->afi->family, ctx->report, GFP_KERNEL);
 }
 
@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
 				   u32 portid, u32 seq)
 {
-@@ -4848,6 +5491,49 @@ nla_put_failure:
+@@ -4864,6 +5507,49 @@ nla_put_failure:
 	return -EMSGSIZE;
 }
 
@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
 				 int event)
 {
-@@ -5000,6 +5686,21 @@ static const struct nfnl_callback nf_tab
+@@ -5016,6 +5702,21 @@ static const struct nfnl_callback nf_tab
 		.attr_count	= NFTA_OBJ_MAX,
 		.policy		= nft_obj_policy,
 	},
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 };
 
 static void nft_chain_commit_update(struct nft_trans *trans)
-@@ -5045,6 +5746,9 @@ static void nf_tables_commit_release(str
+@@ -5064,6 +5765,9 @@ static void nf_tables_commit_release(str
 	case NFT_MSG_DELOBJ:
 		nft_obj_destroy(nft_trans_obj(trans));
 		break;
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	}
 	kfree(trans);
 }
-@@ -5162,6 +5866,21 @@ static int nf_tables_commit(struct net *
+@@ -5183,6 +5887,21 @@ static int nf_tables_commit(struct net *
 			nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
 					     NFT_MSG_DELOBJ);
 			break;
@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 	}
 
-@@ -5199,6 +5918,9 @@ static void nf_tables_abort_release(stru
+@@ -5220,6 +5939,9 @@ static void nf_tables_abort_release(stru
 	case NFT_MSG_NEWOBJ:
 		nft_obj_destroy(nft_trans_obj(trans));
 		break;
@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	}
 	kfree(trans);
 }
-@@ -5290,6 +6012,17 @@ static int nf_tables_abort(struct net *n
+@@ -5311,6 +6033,17 @@ static int nf_tables_abort(struct net *n
 			nft_clear(trans->ctx.net, nft_trans_obj(trans));
 			nft_trans_destroy(trans);
 			break;
@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 	}
 
-@@ -5840,6 +6573,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
+@@ -5861,6 +6594,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
 /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
 static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
 {
@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table, *nt;
 	struct nft_chain *chain, *nc;
 	struct nft_object *obj, *ne;
-@@ -5853,6 +6587,9 @@ static void __nft_release_afinfo(struct
+@@ -5874,6 +6608,9 @@ static void __nft_release_afinfo(struct
 	list_for_each_entry_safe(table, nt, &afi->tables, list) {
 		list_for_each_entry(chain, &table->chains, list)
 			nf_tables_unregister_hook(net, table, chain);
@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		/* No packets are walking on these chains anymore. */
 		ctx.table = table;
 		list_for_each_entry(chain, &table->chains, list) {
-@@ -5863,6 +6600,11 @@ static void __nft_release_afinfo(struct
+@@ -5884,6 +6621,11 @@ static void __nft_release_afinfo(struct
 				nf_tables_rule_release(&ctx, rule);
 			}
 		}
@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		list_for_each_entry_safe(set, ns, &table->sets, list) {
 			list_del(&set->list);
 			table->use--;
-@@ -5906,6 +6648,8 @@ static int __init nf_tables_module_init(
+@@ -5927,6 +6669,8 @@ static int __init nf_tables_module_init(
 	if (err < 0)
 		goto err3;
 
@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
 	return register_pernet_subsys(&nf_tables_net_ops);
 err3:
-@@ -5920,6 +6664,7 @@ static void __exit nf_tables_module_exit
+@@ -5941,6 +6685,7 @@ static void __exit nf_tables_module_exit
 {
 	unregister_pernet_subsys(&nf_tables_net_ops);
 	nfnetlink_subsys_unregister(&nf_tables_subsys);
--- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
+++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch
@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
 
 	type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
-@@ -4970,7 +4967,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4986,7 +4983,7 @@ static int nf_tables_flowtable_parse_hoo
 		return -EINVAL;
 
 	hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
--- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch
+++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5394,7 +5394,7 @@ static int nf_tables_getflowtable(struct
+@@ -5410,7 +5410,7 @@ static int nf_tables_getflowtable(struct
 
 	flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
 					       genmask);
--- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch
+++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch
@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		if (ret >= 0) {
 			ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
 			nft_trans_table_enable(trans) = true;
-@@ -5772,7 +5765,6 @@ static int nf_tables_commit(struct net *
+@@ -5791,7 +5784,6 @@ static int nf_tables_commit(struct net *
 			if (nft_trans_table_update(trans)) {
 				if (!nft_trans_table_enable(trans)) {
 					nf_tables_table_disable(net,
@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 								trans->ctx.table);
 					trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
 				}
-@@ -5934,7 +5926,6 @@ static int nf_tables_abort(struct net *n
+@@ -5955,7 +5947,6 @@ static int nf_tables_abort(struct net *n
 			if (nft_trans_table_update(trans)) {
 				if (nft_trans_table_enable(trans)) {
 					nf_tables_table_disable(net,
--- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch
+++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch
@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5313,8 +5313,10 @@ static int nf_tables_dump_flowtable_done
+@@ -5329,8 +5329,10 @@ static int nf_tables_dump_flowtable_done
 	if (!filter)
 		return 0;
 
--- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
+++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		if (err < 0)
 			return err;
 
-@@ -1509,7 +1504,7 @@ static int nf_tables_updchain(struct nft
+@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft
 		if (!nft_is_base_chain(chain))
 			return -EBUSY;
 
@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 					   create);
 		if (err < 0)
 			return err;
-@@ -1602,7 +1597,8 @@ static int nf_tables_newchain(struct net
+@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -1642,7 +1638,7 @@ static int nf_tables_newchain(struct net
+@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net
 		}
 	}
 
@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	if (chain != NULL) {
 		if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -1676,7 +1672,8 @@ static int nf_tables_delchain(struct net
+@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -1688,7 +1685,7 @@ static int nf_tables_delchain(struct net
+@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net
 	    chain->use > 0)
 		return -EBUSY;
 
@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	use = chain->use;
 	list_for_each_entry(rule, &chain->rules, list) {
-@@ -1853,7 +1850,7 @@ static int nf_tables_expr_parse(const st
+@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st
 	if (err < 0)
 		return err;
 
@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(type))
 		return PTR_ERR(type);
 
-@@ -2077,7 +2074,7 @@ static void nf_tables_rule_notify(const
+@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const
 		goto err;
 
 	err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       ctx->chain, rule);
 	if (err < 0) {
 		kfree_skb(skb);
-@@ -2101,7 +2098,6 @@ static int nf_tables_dump_rules(struct s
+@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
 	const struct nft_rule_dump_ctx *ctx = cb->data;
@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	const struct nft_table *table;
 	const struct nft_chain *chain;
 	const struct nft_rule *rule;
-@@ -2112,39 +2108,37 @@ static int nf_tables_dump_rules(struct s
+@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s
 	rcu_read_lock();
 	cb->seq = net->nft.base_seq;
 
@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			}
 		}
 	}
-@@ -2222,7 +2216,8 @@ static int nf_tables_getrule(struct net
+@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -2306,7 +2301,8 @@ static int nf_tables_newrule(struct net
+@@ -2322,7 +2317,8 @@ static int nf_tables_newrule(struct net
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -2345,7 +2341,7 @@ static int nf_tables_newrule(struct net
+@@ -2361,7 +2357,7 @@ static int nf_tables_newrule(struct net
 			return PTR_ERR(old_rule);
 	}
 
@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	n = 0;
 	size = 0;
-@@ -2485,7 +2481,8 @@ static int nf_tables_delrule(struct net
+@@ -2501,7 +2497,8 @@ static int nf_tables_delrule(struct net
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -2496,7 +2493,7 @@ static int nf_tables_delrule(struct net
+@@ -2512,7 +2509,7 @@ static int nf_tables_delrule(struct net
 			return PTR_ERR(chain);
 	}
 
@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	if (chain) {
 		if (nla[NFTA_RULE_HANDLE]) {
-@@ -2694,13 +2691,13 @@ static int nft_ctx_init_from_setattr(str
+@@ -2710,13 +2707,13 @@ static int nft_ctx_init_from_setattr(str
 		if (afi == NULL)
 			return -EAFNOSUPPORT;
 
@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	return 0;
 }
 
-@@ -2828,7 +2825,7 @@ static int nf_tables_fill_set(struct sk_
+@@ -2844,7 +2841,7 @@ static int nf_tables_fill_set(struct sk_
 		goto nla_put_failure;
 
 	nfmsg = nlmsg_data(nlh);
@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	nfmsg->version		= NFNETLINK_V0;
 	nfmsg->res_id		= htons(ctx->net->nft.base_seq & 0xffff);
 
-@@ -2920,10 +2917,8 @@ static int nf_tables_dump_sets(struct sk
+@@ -2936,10 +2933,8 @@ static int nf_tables_dump_sets(struct sk
 {
 	const struct nft_set *set;
 	unsigned int idx, s_idx = cb->args[0];
@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_ctx *ctx = cb->data, ctx_set;
 
 	if (cb->args[1])
-@@ -2932,51 +2927,44 @@ static int nf_tables_dump_sets(struct sk
+@@ -2948,51 +2943,44 @@ static int nf_tables_dump_sets(struct sk
 	rcu_read_lock();
 	cb->seq = net->nft.base_seq;
 
@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	}
 	cb->args[1] = 1;
 done:
-@@ -3186,11 +3174,12 @@ static int nf_tables_newset(struct net *
+@@ -3202,11 +3190,12 @@ static int nf_tables_newset(struct net *
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
 	if (IS_ERR(set)) {
-@@ -3459,12 +3448,12 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3475,12 +3464,12 @@ static int nft_ctx_init_from_elemattr(st
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	return 0;
 }
 
-@@ -3569,7 +3558,6 @@ static int nf_tables_dump_set(struct sk_
+@@ -3585,7 +3574,6 @@ static int nf_tables_dump_set(struct sk_
 {
 	struct nft_set_dump_ctx *dump_ctx = cb->data;
 	struct net *net = sock_net(skb->sk);
@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_set *set;
 	struct nft_set_dump_args args;
-@@ -3581,21 +3569,19 @@ static int nf_tables_dump_set(struct sk_
+@@ -3597,21 +3585,19 @@ static int nf_tables_dump_set(struct sk_
 	int event;
 
 	rcu_read_lock();
@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 		break;
 	}
-@@ -3615,7 +3601,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3631,7 +3617,7 @@ static int nf_tables_dump_set(struct sk_
 		goto nla_put_failure;
 
 	nfmsg = nlmsg_data(nlh);
@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	nfmsg->version      = NFNETLINK_V0;
 	nfmsg->res_id	    = htons(net->nft.base_seq & 0xffff);
 
-@@ -3717,7 +3703,7 @@ static int nf_tables_fill_setelem_info(s
+@@ -3733,7 +3719,7 @@ static int nf_tables_fill_setelem_info(s
 		goto nla_put_failure;
 
 	nfmsg = nlmsg_data(nlh);
@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	nfmsg->version		= NFNETLINK_V0;
 	nfmsg->res_id		= htons(ctx->net->nft.base_seq & 0xffff);
 
-@@ -3961,7 +3947,7 @@ static int nft_add_set_elem(struct nft_c
+@@ -3977,7 +3963,7 @@ static int nft_add_set_elem(struct nft_c
 		list_for_each_entry(binding, &set->bindings, list) {
 			struct nft_ctx bind_ctx = {
 				.net	= ctx->net,
@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				.table	= ctx->table,
 				.chain	= (struct nft_chain *)binding->chain,
 			};
-@@ -4510,7 +4496,8 @@ static int nf_tables_newobj(struct net *
+@@ -4526,7 +4512,8 @@ static int nf_tables_newobj(struct net *
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -4528,7 +4515,7 @@ static int nf_tables_newobj(struct net *
+@@ -4544,7 +4531,7 @@ static int nf_tables_newobj(struct net *
 		return 0;
 	}
 
@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	type = nft_obj_type_get(objtype);
 	if (IS_ERR(type))
-@@ -4605,7 +4592,6 @@ struct nft_obj_filter {
+@@ -4621,7 +4608,6 @@ struct nft_obj_filter {
 static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	const struct nft_table *table;
 	unsigned int idx = 0, s_idx = cb->args[0];
 	struct nft_obj_filter *filter = cb->data;
-@@ -4620,38 +4606,37 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4636,38 +4622,37 @@ static int nf_tables_dump_obj(struct sk_
 	rcu_read_lock();
 	cb->seq = net->nft.base_seq;
 
@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 	}
 done:
-@@ -4738,7 +4723,8 @@ static int nf_tables_getobj(struct net *
+@@ -4754,7 +4739,8 @@ static int nf_tables_getobj(struct net *
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -4798,7 +4784,8 @@ static int nf_tables_delobj(struct net *
+@@ -4814,7 +4800,8 @@ static int nf_tables_delobj(struct net *
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -4809,7 +4796,7 @@ static int nf_tables_delobj(struct net *
+@@ -4825,7 +4812,7 @@ static int nf_tables_delobj(struct net *
 	if (obj->use > 0)
 		return -EBUSY;
 
@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	return nft_delobj(&ctx, obj);
 }
-@@ -4847,7 +4834,7 @@ static void nf_tables_obj_notify(const s
+@@ -4863,7 +4850,7 @@ static void nf_tables_obj_notify(const s
 				 struct nft_object *obj, int event)
 {
 	nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 }
 
 /*
-@@ -5037,7 +5024,7 @@ void nft_flow_table_iterate(struct net *
+@@ -5053,7 +5040,7 @@ void nft_flow_table_iterate(struct net *
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
 				iter(&flowtable->data, data);
 			}
-@@ -5085,7 +5072,8 @@ static int nf_tables_newflowtable(struct
+@@ -5101,7 +5088,8 @@ static int nf_tables_newflowtable(struct
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -5102,7 +5090,7 @@ static int nf_tables_newflowtable(struct
+@@ -5118,7 +5106,7 @@ static int nf_tables_newflowtable(struct
 		return 0;
 	}
 
@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
 	if (!flowtable)
-@@ -5183,7 +5171,8 @@ static int nf_tables_delflowtable(struct
+@@ -5199,7 +5187,8 @@ static int nf_tables_delflowtable(struct
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -5194,7 +5183,7 @@ static int nf_tables_delflowtable(struct
+@@ -5210,7 +5199,7 @@ static int nf_tables_delflowtable(struct
 	if (flowtable->use > 0)
 		return -EBUSY;
 
@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	return nft_delflowtable(&ctx, flowtable);
 }
-@@ -5263,40 +5252,37 @@ static int nf_tables_dump_flowtable(stru
+@@ -5279,40 +5268,37 @@ static int nf_tables_dump_flowtable(stru
 	struct net *net = sock_net(skb->sk);
 	int family = nfmsg->nfgen_family;
 	struct nft_flowtable *flowtable;
@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 	}
 done:
-@@ -5381,7 +5367,8 @@ static int nf_tables_getflowtable(struct
+@@ -5397,7 +5383,8 @@ static int nf_tables_getflowtable(struct
 	if (IS_ERR(afi))
 		return PTR_ERR(afi);
 
@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -5424,7 +5411,7 @@ static void nf_tables_flowtable_notify(s
+@@ -5440,7 +5427,7 @@ static void nf_tables_flowtable_notify(s
 
 	err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
 					    ctx->seq, event, 0,
@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (err < 0) {
 		kfree_skb(skb);
 		goto err;
-@@ -5502,17 +5489,14 @@ static int nf_tables_flowtable_event(str
+@@ -5518,17 +5505,14 @@ static int nf_tables_flowtable_event(str
 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
 	struct nft_flowtable *flowtable;
 	struct nft_table *table;
@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 	}
 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
-@@ -6533,6 +6517,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
+@@ -6554,6 +6538,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
 static int __net_init nf_tables_init_net(struct net *net)
 {
 	INIT_LIST_HEAD(&net->nft.af_info);
@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	INIT_LIST_HEAD(&net->nft.commit_list);
 	net->nft.base_seq = 1;
 	return 0;
-@@ -6569,10 +6554,10 @@ static void __nft_release_afinfo(struct
+@@ -6590,10 +6575,10 @@ static void __nft_release_afinfo(struct
 	struct nft_set *set, *ns;
 	struct nft_ctx ctx = {
 		.net	= net,
--- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch
+++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch
@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static struct pernet_operations clusterip_net_ops = {
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -6523,6 +6523,12 @@ static int __net_init nf_tables_init_net
+@@ -6544,6 +6544,12 @@ static int __net_init nf_tables_init_net
 	return 0;
 }
 
@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 int __nft_release_basechain(struct nft_ctx *ctx)
 {
 	struct nft_rule *rule, *nr;
-@@ -6600,6 +6606,7 @@ static void __nft_release_afinfo(struct
+@@ -6621,6 +6627,7 @@ static void __nft_release_afinfo(struct
 
 static struct pernet_operations nf_tables_net_ops = {
 	.init	= nf_tables_init_net,
--- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch
+++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch
@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		if (afi->family == family)
 			return afi;
 	}
-@@ -5019,15 +5017,12 @@ void nft_flow_table_iterate(struct net *
+@@ -5035,15 +5033,12 @@ void nft_flow_table_iterate(struct net *
 			    void *data)
 {
 	struct nft_flowtable *flowtable;
@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		}
 	}
 	rcu_read_unlock();
-@@ -6514,21 +6509,6 @@ int nft_data_dump(struct sk_buff *skb, i
+@@ -6535,21 +6530,6 @@ int nft_data_dump(struct sk_buff *skb, i
 }
 EXPORT_SYMBOL_GPL(nft_data_dump);
 
@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 int __nft_release_basechain(struct nft_ctx *ctx)
 {
 	struct nft_rule *rule, *nr;
-@@ -6549,8 +6529,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6570,8 +6550,7 @@ int __nft_release_basechain(struct nft_c
 }
 EXPORT_SYMBOL_GPL(__nft_release_basechain);
 
@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 {
 	struct nft_flowtable *flowtable, *nf;
 	struct nft_table *table, *nt;
-@@ -6560,10 +6539,11 @@ static void __nft_release_afinfo(struct
+@@ -6581,10 +6560,11 @@ static void __nft_release_afinfo(struct
 	struct nft_set *set, *ns;
 	struct nft_ctx ctx = {
 		.net	= net,
@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		list_for_each_entry(chain, &table->chains, list)
 			nf_tables_unregister_hook(net, table, chain);
 		list_for_each_entry(flowtable, &table->flowtables, list)
-@@ -6604,6 +6584,21 @@ static void __nft_release_afinfo(struct
+@@ -6625,6 +6605,21 @@ static void __nft_release_afinfo(struct
 	}
 }
 
--- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch
+++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch
@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -1581,7 +1489,6 @@ static int nf_tables_newchain(struct net
+@@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net
 	const struct nlattr * uninitialized_var(name);
 	u8 genmask = nft_genmask_next(net);
 	int family = nfmsg->nfgen_family;
@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_chain *chain;
 	u8 policy = NF_ACCEPT;
-@@ -1591,11 +1498,7 @@ static int nf_tables_newchain(struct net
+@@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net
 
 	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
 
@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -1636,7 +1539,7 @@ static int nf_tables_newchain(struct net
+@@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net
 		}
 	}
 
@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	if (chain != NULL) {
 		if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -1657,7 +1560,6 @@ static int nf_tables_delchain(struct net
+@@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_next(net);
@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_chain *chain;
 	struct nft_rule *rule;
-@@ -1666,11 +1568,7 @@ static int nf_tables_delchain(struct net
+@@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net
 	u32 use;
 	int err;
 
@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -1683,7 +1581,7 @@ static int nf_tables_delchain(struct net
+@@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net
 	    chain->use > 0)
 		return -EBUSY;
 
@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	use = chain->use;
 	list_for_each_entry(rule, &chain->rules, list) {
-@@ -2107,7 +2005,7 @@ static int nf_tables_dump_rules(struct s
+@@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s
 	cb->seq = net->nft.base_seq;
 
 	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			continue;
 
 		if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
-@@ -2130,7 +2028,7 @@ static int nf_tables_dump_rules(struct s
+@@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s
 							      cb->nlh->nlmsg_seq,
 							      NFT_MSG_NEWRULE,
 							      NLM_F_MULTI | NLM_F_APPEND,
@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 							      table, chain, rule) < 0)
 					goto done;
 
-@@ -2166,7 +2064,6 @@ static int nf_tables_getrule(struct net
+@@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_cur(net);
@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	const struct nft_table *table;
 	const struct nft_chain *chain;
 	const struct nft_rule *rule;
-@@ -2210,11 +2107,7 @@ static int nf_tables_getrule(struct net
+@@ -2226,11 +2123,7 @@ static int nf_tables_getrule(struct net
 		return netlink_dump_start(nlsk, skb, nlh, &c);
 	}
 
@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -2279,7 +2172,7 @@ static int nf_tables_newrule(struct net
+@@ -2295,7 +2188,7 @@ static int nf_tables_newrule(struct net
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_next(net);
@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_chain *chain;
 	struct nft_rule *rule, *old_rule = NULL;
-@@ -2295,11 +2188,7 @@ static int nf_tables_newrule(struct net
+@@ -2311,11 +2204,7 @@ static int nf_tables_newrule(struct net
 
 	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
 
@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -2339,7 +2228,7 @@ static int nf_tables_newrule(struct net
+@@ -2355,7 +2244,7 @@ static int nf_tables_newrule(struct net
 			return PTR_ERR(old_rule);
 	}
 
@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	n = 0;
 	size = 0;
-@@ -2468,18 +2357,13 @@ static int nf_tables_delrule(struct net
+@@ -2484,18 +2373,13 @@ static int nf_tables_delrule(struct net
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_next(net);
@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -2491,7 +2375,7 @@ static int nf_tables_delrule(struct net
+@@ -2507,7 +2391,7 @@ static int nf_tables_delrule(struct net
 			return PTR_ERR(chain);
 	}
 
@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	if (chain) {
 		if (nla[NFTA_RULE_HANDLE]) {
-@@ -2676,26 +2560,17 @@ static int nft_ctx_init_from_setattr(str
+@@ -2692,26 +2576,17 @@ static int nft_ctx_init_from_setattr(str
 				     u8 genmask)
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	return 0;
 }
 
-@@ -2927,7 +2802,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2943,7 +2818,7 @@ static int nf_tables_dump_sets(struct sk
 
 	list_for_each_entry_rcu(table, &net->nft.tables, list) {
 		if (ctx->family != NFPROTO_UNSPEC &&
@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			continue;
 
 		if (ctx->table && ctx->table != table)
-@@ -2948,7 +2823,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2964,7 +2839,7 @@ static int nf_tables_dump_sets(struct sk
 
 			ctx_set = *ctx;
 			ctx_set.table = table;
@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 			if (nf_tables_fill_set(skb, &ctx_set, set,
 					       NFT_MSG_NEWSET,
-@@ -3060,8 +2935,8 @@ static int nf_tables_newset(struct net *
+@@ -3076,8 +2951,8 @@ static int nf_tables_newset(struct net *
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_next(net);
@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_set *set;
 	struct nft_ctx ctx;
-@@ -3168,16 +3043,12 @@ static int nf_tables_newset(struct net *
+@@ -3184,16 +3059,12 @@ static int nf_tables_newset(struct net *
 
 	create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
 
@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
 	if (IS_ERR(set)) {
-@@ -3439,19 +3310,15 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3455,19 +3326,15 @@ static int nft_ctx_init_from_elemattr(st
 				      u8 genmask)
 {
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	return 0;
 }
 
-@@ -3569,7 +3436,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3585,7 +3452,7 @@ static int nf_tables_dump_set(struct sk_
 	rcu_read_lock();
 	list_for_each_entry_rcu(table, &net->nft.tables, list) {
 		if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			continue;
 
 		if (table != dump_ctx->ctx.table)
-@@ -3599,7 +3466,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3615,7 +3482,7 @@ static int nf_tables_dump_set(struct sk_
 		goto nla_put_failure;
 
 	nfmsg = nlmsg_data(nlh);
@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	nfmsg->version      = NFNETLINK_V0;
 	nfmsg->res_id	    = htons(net->nft.base_seq & 0xffff);
 
-@@ -4478,7 +4345,6 @@ static int nf_tables_newobj(struct net *
+@@ -4494,7 +4361,6 @@ static int nf_tables_newobj(struct net *
 	const struct nft_object_type *type;
 	u8 genmask = nft_genmask_next(net);
 	int family = nfmsg->nfgen_family;
@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_object *obj;
 	struct nft_ctx ctx;
-@@ -4490,11 +4356,7 @@ static int nf_tables_newobj(struct net *
+@@ -4506,11 +4372,7 @@ static int nf_tables_newobj(struct net *
 	    !nla[NFTA_OBJ_DATA])
 		return -EINVAL;
 
@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -4513,7 +4375,7 @@ static int nf_tables_newobj(struct net *
+@@ -4529,7 +4391,7 @@ static int nf_tables_newobj(struct net *
 		return 0;
 	}
 
@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	type = nft_obj_type_get(objtype);
 	if (IS_ERR(type))
-@@ -4605,7 +4467,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4621,7 +4483,7 @@ static int nf_tables_dump_obj(struct sk_
 	cb->seq = net->nft.base_seq;
 
 	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			continue;
 
 		list_for_each_entry_rcu(obj, &table->objects, list) {
-@@ -4628,7 +4490,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4644,7 +4506,7 @@ static int nf_tables_dump_obj(struct sk_
 						    cb->nlh->nlmsg_seq,
 						    NFT_MSG_NEWOBJ,
 						    NLM_F_MULTI | NLM_F_APPEND,
@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 						    obj, reset) < 0)
 				goto done;
 
-@@ -4686,7 +4548,6 @@ static int nf_tables_getobj(struct net *
+@@ -4702,7 +4564,6 @@ static int nf_tables_getobj(struct net *
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_cur(net);
 	int family = nfmsg->nfgen_family;
@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	const struct nft_table *table;
 	struct nft_object *obj;
 	struct sk_buff *skb2;
-@@ -4717,11 +4578,7 @@ static int nf_tables_getobj(struct net *
+@@ -4733,11 +4594,7 @@ static int nf_tables_getobj(struct net *
 	    !nla[NFTA_OBJ_TYPE])
 		return -EINVAL;
 
@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -4768,7 +4625,6 @@ static int nf_tables_delobj(struct net *
+@@ -4784,7 +4641,6 @@ static int nf_tables_delobj(struct net *
 	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
 	u8 genmask = nft_genmask_next(net);
 	int family = nfmsg->nfgen_family;
@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_object *obj;
 	struct nft_ctx ctx;
-@@ -4778,11 +4634,7 @@ static int nf_tables_delobj(struct net *
+@@ -4794,11 +4650,7 @@ static int nf_tables_delobj(struct net *
 	    !nla[NFTA_OBJ_NAME])
 		return -EINVAL;
 
@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				       genmask);
 	if (IS_ERR(table))
 		return PTR_ERR(table);
-@@ -4794,7 +4646,7 @@ static int nf_tables_delobj(struct net *
+@@ -4810,7 +4662,7 @@ static int nf_tables_delobj(struct net *
 	if (obj->use > 0)
 		return -EBUSY;
 
@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	return nft_delobj(&ctx, obj);
 }
-@@ -4979,33 +4831,31 @@ err1:
+@@ -4995,33 +4847,31 @@ err1:
 	return err;
 }
 
@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			return ERR_PTR(-EAGAIN);
 	}
 #endif
-@@ -5053,7 +4903,6 @@ static int nf_tables_newflowtable(struct
+@@ -5069,7 +4919,6 @@ static int nf_tables_newflowtable(struct
 	u8 genmask = nft_genmask_next(net);
 	int family = nfmsg->nfgen_family;
 	struct nft_flowtable *flowtable;
@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	struct nft_table *table;
 	struct nft_ctx ctx;
 	int err, i, k;
-@@ -5063,12 +4912,8 @@ static int nf_tables_newflowtable(struct
+@@ -5079,12 +4928,8 @@ static int nf_tables_newflowtable(struct
 	    !nla[NFTA_FLOWTABLE_HOOK])
 		return -EINVAL;
 
@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -5085,7 +4930,7 @@ static int nf_tables_newflowtable(struct
+@@ -5101,7 +4946,7 @@ static int nf_tables_newflowtable(struct
 		return 0;
 	}
 
@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
 	if (!flowtable)
-@@ -5098,7 +4943,7 @@ static int nf_tables_newflowtable(struct
+@@ -5114,7 +4959,7 @@ static int nf_tables_newflowtable(struct
 		goto err1;
 	}
 
@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(type)) {
 		err = PTR_ERR(type);
 		goto err2;
-@@ -5158,16 +5003,11 @@ static int nf_tables_delflowtable(struct
+@@ -5174,16 +5019,11 @@ static int nf_tables_delflowtable(struct
 	u8 genmask = nft_genmask_next(net);
 	int family = nfmsg->nfgen_family;
 	struct nft_flowtable *flowtable;
@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -5178,7 +5018,7 @@ static int nf_tables_delflowtable(struct
+@@ -5194,7 +5034,7 @@ static int nf_tables_delflowtable(struct
 	if (flowtable->use > 0)
 		return -EBUSY;
 
@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	return nft_delflowtable(&ctx, flowtable);
 }
-@@ -5253,7 +5093,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5269,7 +5109,7 @@ static int nf_tables_dump_flowtable(stru
 	cb->seq = net->nft.base_seq;
 
 	list_for_each_entry_rcu(table, &net->nft.tables, list) {
@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 			continue;
 
 		list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
-@@ -5272,7 +5112,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru
 							  cb->nlh->nlmsg_seq,
 							  NFT_MSG_NEWFLOWTABLE,
 							  NLM_F_MULTI | NLM_F_APPEND,
@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 				goto done;
 
 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -5332,7 +5172,6 @@ static int nf_tables_getflowtable(struct
+@@ -5348,7 +5188,6 @@ static int nf_tables_getflowtable(struct
 	u8 genmask = nft_genmask_cur(net);
 	int family = nfmsg->nfgen_family;
 	struct nft_flowtable *flowtable;
@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	const struct nft_table *table;
 	struct sk_buff *skb2;
 	int err;
-@@ -5358,12 +5197,8 @@ static int nf_tables_getflowtable(struct
+@@ -5374,12 +5213,8 @@ static int nf_tables_getflowtable(struct
 	if (!nla[NFTA_FLOWTABLE_NAME])
 		return -EINVAL;
 
@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -6529,7 +6364,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6550,7 +6385,7 @@ int __nft_release_basechain(struct nft_c
 }
 EXPORT_SYMBOL_GPL(__nft_release_basechain);
 
@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 {
 	struct nft_flowtable *flowtable, *nf;
 	struct nft_table *table, *nt;
-@@ -6542,7 +6377,7 @@ static void __nft_release_afinfo(struct
+@@ -6563,7 +6398,7 @@ static void __nft_release_afinfo(struct
 	};
 
 	list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 		list_for_each_entry(chain, &table->chains, list)
 			nf_tables_unregister_hook(net, table, chain);
-@@ -6594,7 +6429,7 @@ static int __net_init nf_tables_init_net
+@@ -6615,7 +6450,7 @@ static int __net_init nf_tables_init_net
 
 static void __net_exit nf_tables_exit_net(struct net *net)
 {
--- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch
+++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch
@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4869,13 +4869,13 @@ void nft_flow_table_iterate(struct net *
+@@ -4885,13 +4885,13 @@ void nft_flow_table_iterate(struct net *
 	struct nft_flowtable *flowtable;
 	const struct nft_table *table;
 
--- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch
+++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch
@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 };
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5254,17 +5254,12 @@ err:
+@@ -5270,17 +5270,12 @@ err:
 	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
 }
 
--- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch
+++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch
@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
-@@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net
+@@ -1581,6 +1623,7 @@ static int nf_tables_delchain(struct net
 	struct nft_rule *rule;
 	int family = nfmsg->nfgen_family;
 	struct nft_ctx ctx;
@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	u32 use;
 	int err;
 
-@@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net
+@@ -1589,7 +1632,12 @@ static int nf_tables_delchain(struct net
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(chain))
 		return PTR_ERR(chain);
 
-@@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p
+@@ -2563,6 +2611,7 @@ static const struct nla_policy nft_set_p
 	[NFTA_SET_USERDATA]		= { .type = NLA_BINARY,
 					    .len  = NFT_USERDATA_MAXLEN },
 	[NFTA_SET_OBJ_TYPE]		= { .type = NLA_U32 },
@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 };
 
 static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
-@@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo
+@@ -2606,6 +2655,22 @@ static struct nft_set *nf_tables_set_loo
 	return ERR_PTR(-ENOENT);
 }
 
@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
 						 const struct nlattr *nla,
 						 u8 genmask)
-@@ -2706,6 +2771,9 @@ static int nf_tables_fill_set(struct sk_
+@@ -2722,6 +2787,9 @@ static int nf_tables_fill_set(struct sk_
 		goto nla_put_failure;
 	if (nla_put_string(skb, NFTA_SET_NAME, set->name))
 		goto nla_put_failure;
@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (set->flags != 0)
 		if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
 			goto nla_put_failure;
-@@ -3114,6 +3182,7 @@ static int nf_tables_newset(struct net *
+@@ -3130,6 +3198,7 @@ static int nf_tables_newset(struct net *
 	set->udata  = udata;
 	set->timeout = timeout;
 	set->gc_int = gc_int;
@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 
 	err = ops->init(set, &desc, nla);
 	if (err < 0)
-@@ -3173,7 +3242,10 @@ static int nf_tables_delset(struct net *
+@@ -3189,7 +3258,10 @@ static int nf_tables_delset(struct net *
 	if (err < 0)
 		return err;
 
@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(set))
 		return PTR_ERR(set);
 
-@@ -4233,6 +4305,21 @@ struct nft_object *nf_tables_obj_lookup(
+@@ -4249,6 +4321,21 @@ struct nft_object *nf_tables_obj_lookup(
 }
 EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
 
@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
 	[NFTA_OBJ_TABLE]	= { .type = NLA_STRING,
 				    .len = NFT_TABLE_MAXNAMELEN - 1 },
-@@ -4240,6 +4327,7 @@ static const struct nla_policy nft_obj_p
+@@ -4256,6 +4343,7 @@ static const struct nla_policy nft_obj_p
 				    .len = NFT_OBJ_MAXNAMELEN - 1 },
 	[NFTA_OBJ_TYPE]		= { .type = NLA_U32 },
 	[NFTA_OBJ_DATA]		= { .type = NLA_NESTED },
@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 };
 
 static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
-@@ -4387,6 +4475,8 @@ static int nf_tables_newobj(struct net *
+@@ -4403,6 +4491,8 @@ static int nf_tables_newobj(struct net *
 		goto err1;
 	}
 	obj->table = table;
@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
 	if (!obj->name) {
 		err = -ENOMEM;
-@@ -4433,7 +4523,9 @@ static int nf_tables_fill_obj_info(struc
+@@ -4449,7 +4539,9 @@ static int nf_tables_fill_obj_info(struc
 	    nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
 	    nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
 	    nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		goto nla_put_failure;
 
 	nlmsg_end(skb, nlh);
-@@ -4631,7 +4723,7 @@ static int nf_tables_delobj(struct net *
+@@ -4647,7 +4739,7 @@ static int nf_tables_delobj(struct net *
 	u32 objtype;
 
 	if (!nla[NFTA_OBJ_TYPE] ||
@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		return -EINVAL;
 
 	table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
-@@ -4640,7 +4732,12 @@ static int nf_tables_delobj(struct net *
+@@ -4656,7 +4748,12 @@ static int nf_tables_delobj(struct net *
 		return PTR_ERR(table);
 
 	objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(obj))
 		return PTR_ERR(obj);
 	if (obj->use > 0)
-@@ -4712,6 +4809,7 @@ static const struct nla_policy nft_flowt
+@@ -4728,6 +4825,7 @@ static const struct nla_policy nft_flowt
 	[NFTA_FLOWTABLE_NAME]		= { .type = NLA_STRING,
 					    .len = NFT_NAME_MAXLEN - 1 },
 	[NFTA_FLOWTABLE_HOOK]		= { .type = NLA_NESTED },
@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 };
 
 struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
-@@ -4729,6 +4827,20 @@ struct nft_flowtable *nf_tables_flowtabl
+@@ -4745,6 +4843,20 @@ struct nft_flowtable *nf_tables_flowtabl
 }
 EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
 
@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 #define NFT_FLOWTABLE_DEVICE_MAX	8
 
 static int nf_tables_parse_devices(const struct nft_ctx *ctx,
-@@ -4937,6 +5049,8 @@ static int nf_tables_newflowtable(struct
+@@ -4953,6 +5065,8 @@ static int nf_tables_newflowtable(struct
 		return -ENOMEM;
 
 	flowtable->table = table;
@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
 	if (!flowtable->name) {
 		err = -ENOMEM;
-@@ -5011,8 +5125,14 @@ static int nf_tables_delflowtable(struct
+@@ -5027,8 +5141,14 @@ static int nf_tables_delflowtable(struct
 	if (IS_ERR(table))
 		return PTR_ERR(table);
 
@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (IS_ERR(flowtable))
                 return PTR_ERR(flowtable);
 	if (flowtable->use > 0)
-@@ -5045,7 +5165,9 @@ static int nf_tables_fill_flowtable_info
+@@ -5061,7 +5181,9 @@ static int nf_tables_fill_flowtable_info
 
 	if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
 	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
--- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch
+++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch
@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	.owner		= THIS_MODULE,
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -5064,40 +5064,38 @@ static int nf_tables_newflowtable(struct
+@@ -5080,40 +5080,38 @@ static int nf_tables_newflowtable(struct
 	}
 
 	flowtable->data.type = type;
@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 err3:
 	module_put(type->owner);
 err2:
-@@ -5378,10 +5376,8 @@ err:
+@@ -5394,10 +5392,8 @@ err:
 
 static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
 {
--- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch
+++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch
@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>

 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4930,7 +4930,7 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4946,7 +4946,7 @@ static int nf_tables_flowtable_parse_hoo
 		flowtable->ops[i].pf		= NFPROTO_NETDEV;
 		flowtable->ops[i].hooknum	= hooknum;
 		flowtable->ops[i].priority	= priority;
--- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch
+++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch
@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	WARN_ON(!nf_flow_offload_gc_step(flow_table));
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4974,23 +4974,6 @@ static const struct nf_flowtable_type *n
+@@ -4990,23 +4990,6 @@ static const struct nf_flowtable_type *n
 	return ERR_PTR(-ENOENT);
 }
 
--- a/target/linux/generic/hack-4.14/207-disable-modorder.patch
+++ b/target/linux/generic/hack-4.14/207-disable-modorder.patch
@ -15,7 +15,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>

 --- a/Makefile
 +++ b/Makefile
-@@ -1228,7 +1228,6 @@ all: modules
+@@ -1232,7 +1232,6 @@ all: modules
 
 PHONY += modules
 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
@ -23,7 +23,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	@$(kecho) '  Building modules, stage 2.';
 	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
 
-@@ -1257,7 +1256,6 @@ _modinst_:
+@@ -1261,7 +1260,6 @@ _modinst_:
 		rm -f $(MODLIB)/build ; \
 		ln -s $(CURDIR) $(MODLIB)/build ; \
 	fi
--- a/target/linux/generic/hack-4.14/220-gc_sections.patch
+++ b/target/linux/generic/hack-4.14/220-gc_sections.patch
@ -33,7 +33,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 # Read KERNELRELEASE from include/config/kernel.release (if it exists)
 KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null)
 KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION)
-@@ -782,11 +787,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH
+@@ -786,11 +791,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH
 KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once)
 endif
 
--- a/target/linux/generic/pending-4.14/201-extra_optimization.patch
+++ b/target/linux/generic/pending-4.14/201-extra_optimization.patch
@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>

 --- a/Makefile
 +++ b/Makefile
-@@ -646,12 +646,12 @@ KBUILD_CFLAGS	+= $(call cc-disable-warni
+@@ -650,12 +650,12 @@ KBUILD_CFLAGS	+= $(call cc-disable-warni
 
 ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
 KBUILD_CFLAGS	+= $(call cc-option,-Oz,-Os)
--- a/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch
+++ b/target/linux/generic/pending-4.14/304-mips_disable_fpu.patch
@ -47,7 +47,7 @@ v2: incorporated changes suggested by Jonas Gorski
 	select OF
 --- a/arch/mips/Makefile
 +++ b/arch/mips/Makefile
-@@ -319,7 +319,7 @@ OBJCOPYFLAGS		+= --remove-section=.regin
+@@ -315,7 +315,7 @@ OBJCOPYFLAGS		+= --remove-section=.regin
 head-y := arch/mips/kernel/head.o
 
 libs-y			+= arch/mips/lib/
--- a/target/linux/generic/pending-4.14/308-mips32r2_tune.patch
+++ b/target/linux/generic/pending-4.14/308-mips32r2_tune.patch
@ -11,12 +11,12 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>

 --- a/arch/mips/Makefile
 +++ b/arch/mips/Makefile
-@@ -162,7 +162,7 @@ cflags-$(CONFIG_CPU_R4X00)	+= -march=r46
+@@ -161,7 +161,7 @@ cflags-$(CONFIG_CPU_VR41XX)	+= -march=r4
+ cflags-$(CONFIG_CPU_R4X00)	+= -march=r4600 -Wa,--trap
 cflags-$(CONFIG_CPU_TX49XX)	+= -march=r4600 -Wa,--trap
- cflags-$(CONFIG_CPU_MIPS32_R1)	+= $(call cc-option,-march=mips32,-mips32 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \
- 			-Wa,-mips32 -Wa,--trap
-cflags-$(CONFIG_CPU_MIPS32_R2)	+= $(call cc-option,-march=mips32r2,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \
-+cflags-$(CONFIG_CPU_MIPS32_R2)	+= $(call cc-option,-march=mips32r2 -mtune=34kc,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \
- 			-Wa,-mips32r2 -Wa,--trap
+ cflags-$(CONFIG_CPU_MIPS32_R1)	+= -march=mips32 -Wa,--trap
+-cflags-$(CONFIG_CPU_MIPS32_R2)	+= -march=mips32r2 -Wa,--trap
+cflags-$(CONFIG_CPU_MIPS32_R2)	+= -march=mips32r2 -mtune=34kc -Wa,--trap
 cflags-$(CONFIG_CPU_MIPS32_R6)	+= -march=mips32r6 -Wa,--trap -modd-spreg
- cflags-$(CONFIG_CPU_MIPS64_R1)	+= $(call cc-option,-march=mips64,-mips64 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \
+ cflags-$(CONFIG_CPU_MIPS64_R1)	+= -march=mips64 -Wa,--trap
+ cflags-$(CONFIG_CPU_MIPS64_R2)	+= -march=mips64r2 -Wa,--trap
--- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch
+++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch
@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +MODULE_ALIAS("nf-flow-table-hw");
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
-@@ -4917,6 +4917,14 @@ static int nf_tables_flowtable_parse_hoo
+@@ -4933,6 +4933,14 @@ static int nf_tables_flowtable_parse_hoo
 	if (err < 0)
 		goto err1;
 
@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
 	if (!ops) {
 		err = -ENOMEM;
-@@ -5047,10 +5055,19 @@ static int nf_tables_newflowtable(struct
+@@ -5063,10 +5071,19 @@ static int nf_tables_newflowtable(struct
 	}
 
 	flowtable->data.type = type;
@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
 					     flowtable);
 	if (err < 0)
-@@ -5148,7 +5165,8 @@ static int nf_tables_fill_flowtable_info
+@@ -5164,7 +5181,8 @@ static int nf_tables_fill_flowtable_info
 	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
 	    nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
 	    nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),