Commit a422757e authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains the first batch of Netfilter fixes for
your net tree:

1) Fix splat with IPv6 defragmenting locally generated fragments,
   from Florian Westphal.

2) Fix Incorrect check for missing attribute in nft_osf.

3) Missing INT_MIN & INT_MAX definition for netfilter bridge uapi
   header, from Jiri Slaby.

4) Revert map lookup in nft_numgen, this is already possible with
   the existing infrastructure without this extension.

5) Fix wrong listing of set reference counter, make counter
   synchronous again, from Stefano Brivio.

6) Fix CIDR 0 in hash:net,port,net, from Eric Westbrook.

7) Fix allocation failure with large set, use kvcalloc().
   From Andrey Ryabinin.

8) No need to disable BH when fetch ip set comment, patch from
   Jozsef Kadlecsik.

9) Sanity check for valid sysfs entry in xt_IDLETIMER, from
   Taehee Yoo.

10) Fix suspicious rcu usage via ip_set() macro at netlink dump,
    from Jozsef Kadlecsik.

11) Fix setting default timeout via nfnetlink_cttimeout, this
    comes with preparation patch to add nf_{tcp,udp,...}_pernet()
    helper.

12) Allow ebtables table nat to be of filter type via nft_compat.
    From Florian Westphal.

13) Incorrect calculation of next bucket in early_drop, do no bump
    hash value, update bucket counter instead. From Vasily Khoruzhick.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 71311931 f393808d

include/linux/netfilter/ipset/ip_set.h

+1 −1
Original line number Diff line number Diff line
@@ -314,7 +314,7 @@ enum { 
extern ip_set_id_t ip_set_get_byname(struct net *net,

				     const char *name, struct ip_set **set);

extern void ip_set_put_byindex(struct net *net, ip_set_id_t index);

extern const char *ip_set_name_byindex(struct net *net, ip_set_id_t index);

extern void ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name);

extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index);

extern void ip_set_nfnl_put(struct net *net, ip_set_id_t index);

include/linux/netfilter/ipset/ip_set_comment.h

+2 −2
Original line number Diff line number Diff line
@@ -43,11 +43,11 @@ ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment, 
	rcu_assign_pointer(comment->c, c);

}



/* Used only when dumping a set, protected by rcu_read_lock_bh() */

/* Used only when dumping a set, protected by rcu_read_lock() */

static inline int

ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment)

{

	struct ip_set_comment_rcu *c = rcu_dereference_bh(comment->c);

	struct ip_set_comment_rcu *c = rcu_dereference(comment->c);



	if (!c)

		return 0;

include/net/netfilter/nf_conntrack_l4proto.h

+39 −0
Original line number Diff line number Diff line
@@ -153,4 +153,43 @@ void nf_ct_l4proto_log_invalid(const struct sk_buff *skb, 
			       const char *fmt, ...) { }

#endif /* CONFIG_SYSCTL */



static inline struct nf_generic_net *nf_generic_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.generic;

}



static inline struct nf_tcp_net *nf_tcp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.tcp;

}



static inline struct nf_udp_net *nf_udp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.udp;

}



static inline struct nf_icmp_net *nf_icmp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.icmp;

}



static inline struct nf_icmp_net *nf_icmpv6_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.icmpv6;

}



#ifdef CONFIG_NF_CT_PROTO_DCCP

static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.dccp;

}

#endif



#ifdef CONFIG_NF_CT_PROTO_SCTP

static inline struct nf_sctp_net *nf_sctp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.sctp;

}

#endif



#endif /*_NF_CONNTRACK_PROTOCOL_H*/

include/uapi/linux/netfilter/nf_tables.h

+2 −2
Original line number Diff line number Diff line
@@ -1635,8 +1635,8 @@ enum nft_ng_attributes { 
	NFTA_NG_MODULUS,

	NFTA_NG_TYPE,

	NFTA_NG_OFFSET,

	NFTA_NG_SET_NAME,

	NFTA_NG_SET_ID,

	NFTA_NG_SET_NAME,	/* deprecated */

	NFTA_NG_SET_ID,		/* deprecated */

	__NFTA_NG_MAX

};

#define NFTA_NG_MAX	(__NFTA_NG_MAX - 1)

include/uapi/linux/netfilter_bridge.h

+4 −0
Original line number Diff line number Diff line
@@ -11,6 +11,10 @@ 
#include <linux/if_vlan.h>

#include <linux/if_pppox.h>



#ifndef __KERNEL__

#include <limits.h> /* for INT_MIN, INT_MAX */

#endif



/* Bridge Hooks */

/* After promisc drops, checksum checks. */

#define NF_BR_PRE_ROUTING	0

CRA Git | Maintained and supported by SUSTech CRA and CCSE