aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2016-02-23 00:09:14 -0500
committerDavid S. Miller <davem@davemloft.net>2016-02-23 00:09:14 -0500
commitb633353115e352d3c31c12d4c61978c810f05ea1 (patch)
tree055174a1b31a3e10fd2c505788fe6487b0028d00 /net/netfilter
parentb1d95ae5c5bd3deba84d00c4f83d7d0836b5936f (diff)
parentdea08e604408d0303e2332896c5fdd8c1f7d79a2 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts: drivers/net/phy/bcm7xxx.c drivers/net/phy/marvell.c drivers/net/vxlan.c All three conflicts were cases of simple overlapping changes. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/nf_conntrack_core.c5
-rw-r--r--net/netfilter/nfnetlink.c16
-rw-r--r--net/netfilter/nfnetlink_cttimeout.c2
-rw-r--r--net/netfilter/nft_counter.c4
-rw-r--r--net/netfilter/xt_TEE.c4
6 files changed, 20 insertions, 13 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 8c067e6663a1..95e757c377f9 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -891,7 +891,7 @@ config NETFILTER_XT_TARGET_TEE
891 depends on IPV6 || IPV6=n 891 depends on IPV6 || IPV6=n
892 depends on !NF_CONNTRACK || NF_CONNTRACK 892 depends on !NF_CONNTRACK || NF_CONNTRACK
893 select NF_DUP_IPV4 893 select NF_DUP_IPV4
894 select NF_DUP_IPV6 if IP6_NF_IPTABLES != n 894 select NF_DUP_IPV6 if IPV6
895 ---help--- 895 ---help---
896 This option adds a "TEE" target with which a packet can be cloned and 896 This option adds a "TEE" target with which a packet can be cloned and
897 this clone be rerouted to another nexthop. 897 this clone be rerouted to another nexthop.
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 58882de06bd7..f60b4fdeeb8c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1412,6 +1412,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data),
1412 } 1412 }
1413 spin_unlock(lockp); 1413 spin_unlock(lockp);
1414 local_bh_enable(); 1414 local_bh_enable();
1415 cond_resched();
1415 } 1416 }
1416 1417
1417 for_each_possible_cpu(cpu) { 1418 for_each_possible_cpu(cpu) {
@@ -1424,6 +1425,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data),
1424 set_bit(IPS_DYING_BIT, &ct->status); 1425 set_bit(IPS_DYING_BIT, &ct->status);
1425 } 1426 }
1426 spin_unlock_bh(&pcpu->lock); 1427 spin_unlock_bh(&pcpu->lock);
1428 cond_resched();
1427 } 1429 }
1428 return NULL; 1430 return NULL;
1429found: 1431found:
@@ -1440,6 +1442,8 @@ void nf_ct_iterate_cleanup(struct net *net,
1440 struct nf_conn *ct; 1442 struct nf_conn *ct;
1441 unsigned int bucket = 0; 1443 unsigned int bucket = 0;
1442 1444
1445 might_sleep();
1446
1443 while ((ct = get_next_corpse(net, iter, data, &bucket)) != NULL) { 1447 while ((ct = get_next_corpse(net, iter, data, &bucket)) != NULL) {
1444 /* Time to push up daises... */ 1448 /* Time to push up daises... */
1445 if (del_timer(&ct->timeout)) 1449 if (del_timer(&ct->timeout))
@@ -1448,6 +1452,7 @@ void nf_ct_iterate_cleanup(struct net *net,
1448 /* ... else the timer will get him soon. */ 1452 /* ... else the timer will get him soon. */
1449 1453
1450 nf_ct_put(ct); 1454 nf_ct_put(ct);
1455 cond_resched();
1451 } 1456 }
1452} 1457}
1453EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup); 1458EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup);
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 9a99f686d06f..2278d9ab723b 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -304,14 +304,14 @@ replay:
304#endif 304#endif
305 { 305 {
306 nfnl_unlock(subsys_id); 306 nfnl_unlock(subsys_id);
307 netlink_ack(skb, nlh, -EOPNOTSUPP); 307 netlink_ack(oskb, nlh, -EOPNOTSUPP);
308 return kfree_skb(skb); 308 return kfree_skb(skb);
309 } 309 }
310 } 310 }
311 311
312 if (!ss->commit || !ss->abort) { 312 if (!ss->commit || !ss->abort) {
313 nfnl_unlock(subsys_id); 313 nfnl_unlock(subsys_id);
314 netlink_ack(skb, nlh, -EOPNOTSUPP); 314 netlink_ack(oskb, nlh, -EOPNOTSUPP);
315 return kfree_skb(skb); 315 return kfree_skb(skb);
316 } 316 }
317 317
@@ -321,10 +321,12 @@ replay:
321 nlh = nlmsg_hdr(skb); 321 nlh = nlmsg_hdr(skb);
322 err = 0; 322 err = 0;
323 323
324 if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) || 324 if (nlh->nlmsg_len < NLMSG_HDRLEN ||
325 skb->len < nlh->nlmsg_len) { 325 skb->len < nlh->nlmsg_len ||
326 err = -EINVAL; 326 nlmsg_len(nlh) < sizeof(struct nfgenmsg)) {
327 goto ack; 327 nfnl_err_reset(&err_list);
328 status |= NFNL_BATCH_FAILURE;
329 goto done;
328 } 330 }
329 331
330 /* Only requests are handled by the kernel */ 332 /* Only requests are handled by the kernel */
@@ -399,7 +401,7 @@ ack:
399 * pointing to the batch header. 401 * pointing to the batch header.
400 */ 402 */
401 nfnl_err_reset(&err_list); 403 nfnl_err_reset(&err_list);
402 netlink_ack(skb, nlmsg_hdr(oskb), -ENOMEM); 404 netlink_ack(oskb, nlmsg_hdr(oskb), -ENOMEM);
403 status |= NFNL_BATCH_FAILURE; 405 status |= NFNL_BATCH_FAILURE;
404 goto done; 406 goto done;
405 } 407 }
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index 94837d236ab0..2671b9deb103 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -312,7 +312,7 @@ static void ctnl_untimeout(struct net *net, struct ctnl_timeout *timeout)
312 hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode) 312 hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode)
313 untimeout(h, timeout); 313 untimeout(h, timeout);
314 } 314 }
315 nf_conntrack_lock(&nf_conntrack_locks[i % CONNTRACK_LOCKS]); 315 spin_unlock(&nf_conntrack_locks[i % CONNTRACK_LOCKS]);
316 } 316 }
317 local_bh_enable(); 317 local_bh_enable();
318} 318}
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index c7808fc19719..c9743f78f219 100644
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -100,7 +100,7 @@ static int nft_counter_init(const struct nft_ctx *ctx,
100 100
101 cpu_stats = netdev_alloc_pcpu_stats(struct nft_counter_percpu); 101 cpu_stats = netdev_alloc_pcpu_stats(struct nft_counter_percpu);
102 if (cpu_stats == NULL) 102 if (cpu_stats == NULL)
103 return ENOMEM; 103 return -ENOMEM;
104 104
105 preempt_disable(); 105 preempt_disable();
106 this_cpu = this_cpu_ptr(cpu_stats); 106 this_cpu = this_cpu_ptr(cpu_stats);
@@ -138,7 +138,7 @@ static int nft_counter_clone(struct nft_expr *dst, const struct nft_expr *src)
138 cpu_stats = __netdev_alloc_pcpu_stats(struct nft_counter_percpu, 138 cpu_stats = __netdev_alloc_pcpu_stats(struct nft_counter_percpu,
139 GFP_ATOMIC); 139 GFP_ATOMIC);
140 if (cpu_stats == NULL) 140 if (cpu_stats == NULL)
141 return ENOMEM; 141 return -ENOMEM;
142 142
143 preempt_disable(); 143 preempt_disable();
144 this_cpu = this_cpu_ptr(cpu_stats); 144 this_cpu = this_cpu_ptr(cpu_stats);
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index 3eff7b67cdf2..6e57a3966dc5 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -38,7 +38,7 @@ tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
38 return XT_CONTINUE; 38 return XT_CONTINUE;
39} 39}
40 40
41#if IS_ENABLED(CONFIG_NF_DUP_IPV6) 41#if IS_ENABLED(CONFIG_IPV6)
42static unsigned int 42static unsigned int
43tee_tg6(struct sk_buff *skb, const struct xt_action_param *par) 43tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
44{ 44{
@@ -131,7 +131,7 @@ static struct xt_target tee_tg_reg[] __read_mostly = {
131 .destroy = tee_tg_destroy, 131 .destroy = tee_tg_destroy,
132 .me = THIS_MODULE, 132 .me = THIS_MODULE,
133 }, 133 },
134#if IS_ENABLED(CONFIG_NF_DUP_IPV6) 134#if IS_ENABLED(CONFIG_IPV6)
135 { 135 {
136 .name = "TEE", 136 .name = "TEE",
137 .revision = 1, 137 .revision = 1,
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-31 23:03:24 -0400