mirror of https://gitee.com/openkylin/linux.git
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Patches to bump position index from sysctl seq_next, from Vasilin Averin. 2) Release flowtable hook from error path, from Florian Westphal. 3) Patches to add missing netlink attribute validation, from Jakub Kicinski. 4) Missing NFTA_CHAIN_FLAGS in nf_tables_fill_chain_info(). 5) Infinite loop in module autoload if extension is not available, from Florian Westphal. 6) Missing module ownership in inet/nat chain type definition. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
357ddbb9bf
|
@ -411,7 +411,7 @@ static void *ct_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
|||
*pos = cpu + 1;
|
||||
return per_cpu_ptr(net->ct.stat, cpu);
|
||||
}
|
||||
|
||||
(*pos)++;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -267,7 +267,7 @@ static void *synproxy_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
|||
*pos = cpu + 1;
|
||||
return per_cpu_ptr(snet->stats, cpu);
|
||||
}
|
||||
|
||||
(*pos)++;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -1405,6 +1405,11 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
|
|||
lockdep_commit_lock_is_held(net));
|
||||
if (nft_dump_stats(skb, stats))
|
||||
goto nla_put_failure;
|
||||
|
||||
if ((chain->flags & NFT_CHAIN_HW_OFFLOAD) &&
|
||||
nla_put_be32(skb, NFTA_CHAIN_FLAGS,
|
||||
htonl(NFT_CHAIN_HW_OFFLOAD)))
|
||||
goto nla_put_failure;
|
||||
}
|
||||
|
||||
if (nla_put_be32(skb, NFTA_CHAIN_USE, htonl(chain->use)))
|
||||
|
@ -6300,8 +6305,13 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk,
|
|||
goto err4;
|
||||
|
||||
err = nft_register_flowtable_net_hooks(ctx.net, table, flowtable);
|
||||
if (err < 0)
|
||||
if (err < 0) {
|
||||
list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) {
|
||||
list_del_rcu(&hook->list);
|
||||
kfree_rcu(hook, rcu);
|
||||
}
|
||||
goto err4;
|
||||
}
|
||||
|
||||
err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable);
|
||||
if (err < 0)
|
||||
|
@ -7378,14 +7388,9 @@ static void nf_tables_module_autoload(struct net *net)
|
|||
list_splice_init(&net->nft.module_list, &module_list);
|
||||
mutex_unlock(&net->nft.commit_mutex);
|
||||
list_for_each_entry_safe(req, next, &module_list, list) {
|
||||
if (req->done) {
|
||||
list_del(&req->list);
|
||||
kfree(req);
|
||||
} else {
|
||||
request_module("%s", req->module);
|
||||
req->done = true;
|
||||
}
|
||||
}
|
||||
mutex_lock(&net->nft.commit_mutex);
|
||||
list_splice(&module_list, &net->nft.module_list);
|
||||
}
|
||||
|
@ -8167,6 +8172,7 @@ static void __net_exit nf_tables_exit_net(struct net *net)
|
|||
__nft_release_tables(net);
|
||||
mutex_unlock(&net->nft.commit_mutex);
|
||||
WARN_ON_ONCE(!list_empty(&net->nft.tables));
|
||||
WARN_ON_ONCE(!list_empty(&net->nft.module_list));
|
||||
}
|
||||
|
||||
static struct pernet_operations nf_tables_net_ops = {
|
||||
|
|
|
@ -742,6 +742,8 @@ static const struct nla_policy nfnl_cthelper_policy[NFCTH_MAX+1] = {
|
|||
[NFCTH_NAME] = { .type = NLA_NUL_STRING,
|
||||
.len = NF_CT_HELPER_NAME_LEN-1 },
|
||||
[NFCTH_QUEUE_NUM] = { .type = NLA_U32, },
|
||||
[NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, },
|
||||
[NFCTH_STATUS] = { .type = NLA_U32, },
|
||||
};
|
||||
|
||||
static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = {
|
||||
|
|
|
@ -89,6 +89,7 @@ static const struct nft_chain_type nft_chain_nat_inet = {
|
|||
.name = "nat",
|
||||
.type = NFT_CHAIN_T_NAT,
|
||||
.family = NFPROTO_INET,
|
||||
.owner = THIS_MODULE,
|
||||
.hook_mask = (1 << NF_INET_PRE_ROUTING) |
|
||||
(1 << NF_INET_LOCAL_IN) |
|
||||
(1 << NF_INET_LOCAL_OUT) |
|
||||
|
|
|
@ -129,6 +129,7 @@ static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = {
|
|||
[NFTA_PAYLOAD_LEN] = { .type = NLA_U32 },
|
||||
[NFTA_PAYLOAD_CSUM_TYPE] = { .type = NLA_U32 },
|
||||
[NFTA_PAYLOAD_CSUM_OFFSET] = { .type = NLA_U32 },
|
||||
[NFTA_PAYLOAD_CSUM_FLAGS] = { .type = NLA_U32 },
|
||||
};
|
||||
|
||||
static int nft_payload_init(const struct nft_ctx *ctx,
|
||||
|
|
|
@ -339,6 +339,8 @@ static const struct nla_policy nft_tunnel_key_policy[NFTA_TUNNEL_KEY_MAX + 1] =
|
|||
[NFTA_TUNNEL_KEY_FLAGS] = { .type = NLA_U32, },
|
||||
[NFTA_TUNNEL_KEY_TOS] = { .type = NLA_U8, },
|
||||
[NFTA_TUNNEL_KEY_TTL] = { .type = NLA_U8, },
|
||||
[NFTA_TUNNEL_KEY_SPORT] = { .type = NLA_U16, },
|
||||
[NFTA_TUNNEL_KEY_DPORT] = { .type = NLA_U16, },
|
||||
[NFTA_TUNNEL_KEY_OPTS] = { .type = NLA_NESTED, },
|
||||
};
|
||||
|
||||
|
|
|
@ -1551,6 +1551,9 @@ static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
|
|||
uint8_t nfproto = (unsigned long)PDE_DATA(file_inode(seq->file));
|
||||
struct nf_mttg_trav *trav = seq->private;
|
||||
|
||||
if (ppos != NULL)
|
||||
++(*ppos);
|
||||
|
||||
switch (trav->class) {
|
||||
case MTTG_TRAV_INIT:
|
||||
trav->class = MTTG_TRAV_NFP_UNSPEC;
|
||||
|
@ -1576,9 +1579,6 @@ static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
|
|||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (ppos != NULL)
|
||||
++*ppos;
|
||||
return trav;
|
||||
}
|
||||
|
||||
|
|
|
@ -492,12 +492,12 @@ static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
|||
const struct recent_entry *e = v;
|
||||
const struct list_head *head = e->list.next;
|
||||
|
||||
(*pos)++;
|
||||
while (head == &t->iphash[st->bucket]) {
|
||||
if (++st->bucket >= ip_list_hash_size)
|
||||
return NULL;
|
||||
head = t->iphash[st->bucket].next;
|
||||
}
|
||||
(*pos)++;
|
||||
return list_entry(head, struct recent_entry, list);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue