Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf (fa9586af) · Commits · 戴 / test

include/uapi/linux/netfilter/xt_connlabel.h

+6 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */

		#ifndef _UAPI_XT_CONNLABEL_H
		#define _UAPI_XT_CONNLABEL_H

		#include <linux/types.h>

		#define XT_CONNLABEL_MAXBIT 127
		@@ -11,3 +15,5 @@ struct xt_connlabel_mtinfo {
		__u16 bit;
		__u16 options;
		};

		#endif /* _UAPI_XT_CONNLABEL_H */

+20 −12

Original line number	Diff line number	Diff line
		@@ -1770,20 +1770,28 @@ static int compat_calc_entry(const struct ebt_entry *e,
		return 0;
		}

		static int ebt_compat_init_offsets(unsigned int number)
		{
		if (number > INT_MAX)
		return -EINVAL;

		/* also count the base chain policies */
		number += NF_BR_NUMHOOKS;

		return xt_compat_init_offsets(NFPROTO_BRIDGE, number);
		}

		static int compat_table_info(const struct ebt_table_info *info,
		struct compat_ebt_replace *newinfo)
		{
		unsigned int size = info->entries_size;
		const void *entries = info->entries;
		int ret;

		newinfo->entries_size = size;
		if (info->nentries) {
		int ret = xt_compat_init_offsets(NFPROTO_BRIDGE,
		info->nentries);
		ret = ebt_compat_init_offsets(info->nentries);
		if (ret)
		return ret;
		}

		return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info,
		entries, newinfo);
		@@ -2234,11 +2242,9 @@ static int compat_do_replace(struct net net, void __user user,

		xt_compat_lock(NFPROTO_BRIDGE);

		if (tmp.nentries) {
		ret = xt_compat_init_offsets(NFPROTO_BRIDGE, tmp.nentries);
		ret = ebt_compat_init_offsets(tmp.nentries);
		if (ret < 0)
		goto out_unlock;
		}

		ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
		if (ret < 0)
		@@ -2261,8 +2267,10 @@ static int compat_do_replace(struct net net, void __user user,
		state.buf_kern_len = size64;

		ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
		if (WARN_ON(ret < 0))
		if (WARN_ON(ret < 0)) {
		vfree(entries_tmp);
		goto out_unlock;
		}

		vfree(entries_tmp);
		tmp.entries_size = size64;

+2 −8

Original line number	Diff line number	Diff line
		@@ -30,13 +30,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
		switch (priv->key) {
		case NFT_META_BRI_IIFNAME:
		br_dev = nft_meta_get_bridge(in);
		if (!br_dev)
		goto err;
		break;
		case NFT_META_BRI_OIFNAME:
		br_dev = nft_meta_get_bridge(out);
		if (!br_dev)
		goto err;
		break;
		case NFT_META_BRI_IIFPVID: {
		u16 p_pvid;
		@@ -61,13 +57,11 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
		return;
		}
		default:
		goto out;
		return nft_meta_get_eval(expr, regs, pkt);
		}

		strncpy((char *)dest, br_dev->name, IFNAMSIZ);
		strncpy((char *)dest, br_dev ? br_dev->name : "", IFNAMSIZ);
		return;
		out:
		return nft_meta_get_eval(expr, regs, pkt);
		err:
		regs->verdict.code = NFT_BREAK;
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -226,7 +226,7 @@ bitmap_ipmac_kadt(struct ip_set set, const struct sk_buff skb,

		e.id = ip_to_id(map, ip);

		if (opt->flags & IPSET_DIM_ONE_SRC)
		if (opt->flags & IPSET_DIM_TWO_SRC)
		ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
		else
		ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);

+1 −1

Original line number	Diff line number	Diff line
		@@ -1161,7 +1161,7 @@ static int ip_set_rename(struct net net, struct sock ctnl,
		return -ENOENT;

		write_lock_bh(&ip_set_ref_lock);
		if (set->ref != 0) {
		if (set->ref != 0 \|\| set->ref_netlink != 0) {
		ret = -IPSET_ERR_REFERENCED;
		goto out;
		}