openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of git://1984.lsi.us.es/nf 

Pablo Neira Ayuso says:

====================
The following patchset contains netfilter fixes for 3.8-rc3,
they are:

* fix possible BUG_ON if several netns are in use and the nf_conntrack
  module is removed, initial patch from Gao feng, final patch from myself.

* fix unset return value if conntrack zone are disabled at
  compile-time, reported by Borislav Petkov, fix from myself.

* fix display error message via dmesg for arp_tables, from Jan Engelhardt.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2013-01-14 18:26:41 -05:00
parent 5dbbaf2de8 5b76c4948f
commit 47fb3a26e2
5 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netfilter/nf_conntrack_core.h
View File

@ -31,6 +31,8 @@ extern void nf_conntrack_cleanup(struct net *net);
extern int nf_conntrack_proto_init(struct net *net); extern int nf_conntrack_proto_init(struct net *net);
extern void nf_conntrack_proto_fini(struct net *net); extern void nf_conntrack_proto_fini(struct net *net);
extern void nf_conntrack_cleanup_end(void);
extern bool extern bool
nf_ct_get_tuple(const struct sk_buff *skb, nf_ct_get_tuple(const struct sk_buff *skb,
unsigned int nhoff, unsigned int nhoff,

9
net/netfilter/nf_conntrack_core.c
View File

@ -1376,11 +1376,12 @@ void nf_conntrack_cleanup(struct net *net)
synchronize_net(); synchronize_net();
nf_conntrack_proto_fini(net); nf_conntrack_proto_fini(net);
nf_conntrack_cleanup_net(net); nf_conntrack_cleanup_net(net);
}
if (net_eq(net, &init_net)) { void nf_conntrack_cleanup_end(void)
RCU_INIT_POINTER(nf_ct_destroy, NULL); {
nf_conntrack_cleanup_init_net(); RCU_INIT_POINTER(nf_ct_destroy, NULL);
} nf_conntrack_cleanup_init_net();
} }
void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls) void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)

1
net/netfilter/nf_conntrack_standalone.c
View File

@ -575,6 +575,7 @@ static int __init nf_conntrack_standalone_init(void)
static void __exit nf_conntrack_standalone_fini(void) static void __exit nf_conntrack_standalone_fini(void)
{ {
unregister_pernet_subsys(&nf_conntrack_net_ops); unregister_pernet_subsys(&nf_conntrack_net_ops);
nf_conntrack_cleanup_end();
} }
module_init(nf_conntrack_standalone_init); module_init(nf_conntrack_standalone_init);

28
net/netfilter/x_tables.c
View File

@ -345,19 +345,27 @@ int xt_find_revision(u8 af, const char *name, u8 revision, int target,
} }
EXPORT_SYMBOL_GPL(xt_find_revision); EXPORT_SYMBOL_GPL(xt_find_revision);
static char *textify_hooks(char *buf, size_t size, unsigned int mask) static char *
textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
{ {
static const char *const names[] = { static const char *const inetbr_names[] = {
"PREROUTING", "INPUT", "FORWARD", "PREROUTING", "INPUT", "FORWARD",
"OUTPUT", "POSTROUTING", "BROUTING", "OUTPUT", "POSTROUTING", "BROUTING",
}; };
unsigned int i; static const char *const arp_names[] = {
"INPUT", "FORWARD", "OUTPUT",
};
const char *const *names;
unsigned int i, max;
char *p = buf; char *p = buf;
bool np = false; bool np = false;
int res; int res;
names = (nfproto == NFPROTO_ARP) ? arp_names : inetbr_names;
max = (nfproto == NFPROTO_ARP) ? ARRAY_SIZE(arp_names) :
ARRAY_SIZE(inetbr_names);
*p = '\0'; *p = '\0';
for (i = 0; i < ARRAY_SIZE(names); ++i) { for (i = 0; i < max; ++i) {
if (!(mask & (1 << i))) if (!(mask & (1 << i)))
continue; continue;
res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]); res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]);
@ -402,8 +410,10 @@ int xt_check_match(struct xt_mtchk_param *par,
pr_err("%s_tables: %s match: used from hooks %s, but only " pr_err("%s_tables: %s match: used from hooks %s, but only "
"valid from %s\n", "valid from %s\n",
xt_prefix[par->family], par->match->name, xt_prefix[par->family], par->match->name,
textify_hooks(used, sizeof(used), par->hook_mask), textify_hooks(used, sizeof(used), par->hook_mask,
textify_hooks(allow, sizeof(allow), par->match->hooks)); par->family),
textify_hooks(allow, sizeof(allow), par->match->hooks,
par->family));
return -EINVAL; return -EINVAL;
} }
if (par->match->proto && (par->match->proto != proto || inv_proto)) { if (par->match->proto && (par->match->proto != proto || inv_proto)) {
@ -575,8 +585,10 @@ int xt_check_target(struct xt_tgchk_param *par,
pr_err("%s_tables: %s target: used from hooks %s, but only " pr_err("%s_tables: %s target: used from hooks %s, but only "
"usable from %s\n", "usable from %s\n",
xt_prefix[par->family], par->target->name, xt_prefix[par->family], par->target->name,
textify_hooks(used, sizeof(used), par->hook_mask), textify_hooks(used, sizeof(used), par->hook_mask,
textify_hooks(allow, sizeof(allow), par->target->hooks)); par->family),
textify_hooks(allow, sizeof(allow), par->target->hooks,
par->family));
return -EINVAL; return -EINVAL;
} }
if (par->target->proto && (par->target->proto != proto || inv_proto)) { if (par->target->proto && (par->target->proto != proto || inv_proto)) {

4
net/netfilter/xt_CT.c
View File

@ -109,7 +109,7 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
struct xt_ct_target_info *info = par->targinfo; struct xt_ct_target_info *info = par->targinfo;
struct nf_conntrack_tuple t; struct nf_conntrack_tuple t;
struct nf_conn *ct; struct nf_conn *ct;
int ret; int ret = -EOPNOTSUPP;
if (info->flags & ~XT_CT_NOTRACK) if (info->flags & ~XT_CT_NOTRACK)
return -EINVAL; return -EINVAL;
@ -247,7 +247,7 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
struct xt_ct_target_info_v1 *info = par->targinfo; struct xt_ct_target_info_v1 *info = par->targinfo;
struct nf_conntrack_tuple t; struct nf_conntrack_tuple t;
struct nf_conn *ct; struct nf_conn *ct;
int ret; int ret = -EOPNOTSUPP;
if (info->flags & ~XT_CT_NOTRACK) if (info->flags & ~XT_CT_NOTRACK)
return -EINVAL; return -EINVAL;