Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf (8c26544f) · Commits · 戴 / test

include/linux/netfilter_ipv6.h

+0 −18

Original line number	Diff line number	Diff line
		@@ -58,7 +58,6 @@ struct nf_ipv6_ops {
		int (output)(struct net , struct sock , struct sk_buff ));
		int (reroute)(struct sk_buff skb, const struct nf_queue_entry *entry);
		#if IS_MODULE(CONFIG_IPV6)
		int (br_defrag)(struct net net, struct sk_buff *skb, u32 user);
		int (br_fragment)(struct net net, struct sock *sk,
		struct sk_buff *skb,
		struct nf_bridge_frag_data *data,
		@@ -117,23 +116,6 @@ static inline int nf_ip6_route(struct net net, struct dst_entry *dst,

		#include <net/netfilter/ipv6/nf_defrag_ipv6.h>

		static inline int nf_ipv6_br_defrag(struct net net, struct sk_buff skb,
		u32 user)
		{
		#if IS_MODULE(CONFIG_IPV6)
		const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();

		if (!v6_ops)
		return 1;

		return v6_ops->br_defrag(net, skb, user);
		#elif IS_BUILTIN(CONFIG_IPV6)
		return nf_ct_frag6_gather(net, skb, user);
		#else
		return 1;
		#endif
		}

		int br_ip6_fragment(struct net net, struct sock sk, struct sk_buff *skb,
		struct nf_bridge_frag_data *data,
		int (output)(struct net , struct sock *sk,

+4 −0

Original line number	Diff line number	Diff line
		@@ -2238,6 +2238,10 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
		struct ebt_table *t;
		struct net *net = sock_net(sk);

		if ((cmd == EBT_SO_GET_INFO \|\| cmd == EBT_SO_GET_INIT_INFO) &&
		*len != sizeof(struct compat_ebt_replace))
		return -EINVAL;

		if (copy_from_user(&tmp, user, sizeof(tmp)))
		return -EFAULT;

+6 −2

Original line number	Diff line number	Diff line
		@@ -168,6 +168,7 @@ static unsigned int nf_ct_br_defrag4(struct sk_buff *skb,
		static unsigned int nf_ct_br_defrag6(struct sk_buff *skb,
		const struct nf_hook_state *state)
		{
		#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
		u16 zone_id = NF_CT_DEFAULT_ZONE_ID;
		enum ip_conntrack_info ctinfo;
		struct br_input_skb_cb cb;
		@@ -180,7 +181,7 @@ static unsigned int nf_ct_br_defrag6(struct sk_buff *skb,

		br_skb_cb_save(skb, &cb, sizeof(struct inet6_skb_parm));

		err = nf_ipv6_br_defrag(state->net, skb,
		err = nf_ct_frag6_gather(state->net, skb,
		IP_DEFRAG_CONNTRACK_BRIDGE_IN + zone_id);
		/* queued */
		if (err == -EINPROGRESS)
		@@ -188,6 +189,9 @@ static unsigned int nf_ct_br_defrag6(struct sk_buff *skb,

		br_skb_cb_restore(skb, &cb, IP6CB(skb)->frag_max_size);
		return err == 0 ? NF_ACCEPT : NF_DROP;
		#else
		return NF_ACCEPT;
		#endif
		}

		static int nf_ct_br_ip_check(const struct sk_buff *skb)

+0 −3

Original line number	Diff line number	Diff line
		@@ -245,9 +245,6 @@ static const struct nf_ipv6_ops ipv6ops = {
		.route_input = ip6_route_input,
		.fragment = ip6_fragment,
		.reroute = nf_ip6_reroute,
		#if IS_MODULE(CONFIG_IPV6) && IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
		.br_defrag = nf_ct_frag6_gather,
		#endif
		#if IS_MODULE(CONFIG_IPV6)
		.br_fragment = br_ip6_fragment,
		#endif

+4 −2

Original line number	Diff line number	Diff line
		@@ -2018,8 +2018,10 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask,
		if (nla[NFTA_CHAIN_NAME]) {
		chain->name = nla_strdup(nla[NFTA_CHAIN_NAME], GFP_KERNEL);
		} else {
		if (!(flags & NFT_CHAIN_BINDING))
		return -EINVAL;
		if (!(flags & NFT_CHAIN_BINDING)) {
		err = -EINVAL;
		goto err1;
		}

		snprintf(name, sizeof(name), "__chain%llu", ++chain_id);
		chain->name = kstrdup(name, GFP_KERNEL);