release 6.12.4 (preliminary)

debian/patches/patchset-xanmod/net/netfilter/0001-netfilter-Add-netfilter-nf_tables-fullcone-support.patch

@@ -1,4 +1,4 @@
-From f68a84ded01d688aa58a973788f507899fbe191f Mon Sep 17 00:00:00 2001
+From 2099f9c57216c836e445d2f6ba65f04131267f47 Mon Sep 17 00:00:00 2001
 From: Alexandre Frade <kernel@xanmod.org>
 Date: Mon, 27 Feb 2023 01:38:18 +0000
 Subject: [PATCH 1/2] netfilter: Add netfilter nf_tables fullcone support
@@ -1819,7 +1819,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
 +MODULE_DESCRIPTION("Netfilter fullcone expression support library of RFC3489 full cone NAT");
 --- /dev/null
 +++ b/net/netfilter/nft_ext_fullcone.c
-@@ -0,0 +1,466 @@
+@@ -0,0 +1,470 @@
 +// SPDX-License-Identifier: GPL-2.0-only
 +
 +/*
@@ -1947,7 +1947,11 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
 +}
 +#endif
 +
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0)
++static int nft_fullcone_validate(const struct nft_ctx *ctx, const struct nft_expr *expr)
++#else
 +static int nft_fullcone_validate(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nft_data **data)
++#endif
 +{
 +	int err;
 +

debian/patches/patchset-xanmod/net/netfilter/0002-netfilter-add-xt_FLOWOFFLOAD-target.patch

@@ -1,4 +1,4 @@
-From 9a066610b055315bf155a99b2ea0a58245ef11e2 Mon Sep 17 00:00:00 2001
+From 6fbfabdc4e5ef8a186c27e4ed2db28ee1ddf4b4e Mon Sep 17 00:00:00 2001
 From: Felix Fietkau <nbd@nbd.name>
 Date: Tue, 20 Feb 2018 15:56:02 +0100
 Subject: [PATCH 2/2] netfilter: add xt_FLOWOFFLOAD target

debian/patches/patchset-xanmod/net/tcp/cloudflare/0001-tcp-Add-a-sysctl-to-skip-tcp-collapse-processing-whe.patch

@@ -1,4 +1,4 @@
-From 772c6e460211ac740b2550fa75be36b8a49731fe Mon Sep 17 00:00:00 2001
+From 2b4dc54edd1589e720e5b27e4536fd549c31f34e Mon Sep 17 00:00:00 2001
 From: "mfreemon@cloudflare.com" <mfreemon@cloudflare.com>
 Date: Tue, 1 Mar 2022 17:06:02 -0600
 Subject: [PATCH] tcp: Add a sysctl to skip tcp collapse processing when the
@@ -41,7 +41,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
 
 --- a/include/net/netns/ipv4.h
 +++ b/include/net/netns/ipv4.h
-@@ -223,6 +223,7 @@ struct netns_ipv4 {
+@@ -226,6 +226,7 @@ struct netns_ipv4 {
  
  	u8 sysctl_fib_notify_on_flag_change;
  	u8 sysctl_tcp_syn_linear_timeouts;
@@ -83,7 +83,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
  		.maxlen		= sizeof(u8),
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -5645,6 +5645,7 @@ static bool tcp_prune_ofo_queue(struct s
+@@ -5652,6 +5652,7 @@ static bool tcp_prune_ofo_queue(struct s
  static int tcp_prune_queue(struct sock *sk, const struct sk_buff *in_skb)
  {
  	struct tcp_sock *tp = tcp_sk(sk);
@@ -91,7 +91,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
  
  	NET_INC_STATS(sock_net(sk), LINUX_MIB_PRUNECALLED);
  
-@@ -5656,6 +5657,39 @@ static int tcp_prune_queue(struct sock *
+@@ -5663,6 +5664,39 @@ static int tcp_prune_queue(struct sock *
  	if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
  		return 0;
  
@@ -131,7 +131,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
  	tcp_collapse_ofo_queue(sk);
  	if (!skb_queue_empty(&sk->sk_receive_queue))
  		tcp_collapse(sk, &sk->sk_receive_queue, NULL,
-@@ -5674,6 +5708,8 @@ static int tcp_prune_queue(struct sock *
+@@ -5681,6 +5715,8 @@ static int tcp_prune_queue(struct sock *
  	if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf)
  		return 0;
  
@@ -142,7 +142,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
  	 * and hopefully then we'll have sufficient space.
 --- a/net/ipv4/tcp_ipv4.c
 +++ b/net/ipv4/tcp_ipv4.c
-@@ -3508,6 +3508,7 @@ static int __net_init tcp_sk_init(struct
+@@ -3524,6 +3524,7 @@ static int __net_init tcp_sk_init(struct
  
  	net->ipv4.sysctl_tcp_syn_linear_timeouts = 4;
  	net->ipv4.sysctl_tcp_shrink_window = 0;