diff options
| author | David S. Miller <davem@davemloft.net> | 2016-06-30 05:03:36 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-06-30 05:03:36 -0400 |
| commit | ee58b57100ca953da7320c285315a95db2f7053d (patch) | |
| tree | 77b815a31240adc4d6326346908137fc6c2c3a96 /net/netfilter | |
| parent | 6f30e8b022c8e3a722928ddb1a2ae0be852fcc0e (diff) | |
| parent | e7bdea7750eb2a64aea4a08fa5c0a31719c8155d (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Several cases of overlapping changes, except the packet scheduler
conflicts which deal with the addition of the free list parameter
to qdisc_enqueue().
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 24 | ||||
| -rw-r--r-- | net/netfilter/nf_tables_core.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nft_hash.c | 3 | ||||
| -rw-r--r-- | net/netfilter/nft_rbtree.c | 3 |
5 files changed, 16 insertions, 18 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index db2312eeb2a4..f204274a9b6b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -1544,6 +1544,8 @@ void nf_conntrack_cleanup_end(void) | |||
| 1544 | nf_conntrack_tstamp_fini(); | 1544 | nf_conntrack_tstamp_fini(); |
| 1545 | nf_conntrack_acct_fini(); | 1545 | nf_conntrack_acct_fini(); |
| 1546 | nf_conntrack_expect_fini(); | 1546 | nf_conntrack_expect_fini(); |
| 1547 | |||
| 1548 | kmem_cache_destroy(nf_conntrack_cachep); | ||
| 1547 | } | 1549 | } |
| 1548 | 1550 | ||
| 1549 | /* | 1551 | /* |
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 7b7aa871a174..2c881871db38 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -2946,24 +2946,20 @@ int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set, | |||
| 2946 | * jumps are already validated for that chain. | 2946 | * jumps are already validated for that chain. |
| 2947 | */ | 2947 | */ |
| 2948 | list_for_each_entry(i, &set->bindings, list) { | 2948 | list_for_each_entry(i, &set->bindings, list) { |
| 2949 | if (binding->flags & NFT_SET_MAP && | 2949 | if (i->flags & NFT_SET_MAP && |
| 2950 | i->chain == binding->chain) | 2950 | i->chain == binding->chain) |
| 2951 | goto bind; | 2951 | goto bind; |
| 2952 | } | 2952 | } |
| 2953 | 2953 | ||
| 2954 | iter.genmask = nft_genmask_next(ctx->net); | ||
| 2954 | iter.skip = 0; | 2955 | iter.skip = 0; |
| 2955 | iter.count = 0; | 2956 | iter.count = 0; |
| 2956 | iter.err = 0; | 2957 | iter.err = 0; |
| 2957 | iter.fn = nf_tables_bind_check_setelem; | 2958 | iter.fn = nf_tables_bind_check_setelem; |
| 2958 | 2959 | ||
| 2959 | set->ops->walk(ctx, set, &iter); | 2960 | set->ops->walk(ctx, set, &iter); |
| 2960 | if (iter.err < 0) { | 2961 | if (iter.err < 0) |
| 2961 | /* Destroy anonymous sets if binding fails */ | ||
| 2962 | if (set->flags & NFT_SET_ANONYMOUS) | ||
| 2963 | nf_tables_set_destroy(ctx, set); | ||
| 2964 | |||
| 2965 | return iter.err; | 2962 | return iter.err; |
| 2966 | } | ||
| 2967 | } | 2963 | } |
| 2968 | bind: | 2964 | bind: |
| 2969 | binding->chain = ctx->chain; | 2965 | binding->chain = ctx->chain; |
| @@ -3192,12 +3188,13 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 3192 | if (nest == NULL) | 3188 | if (nest == NULL) |
| 3193 | goto nla_put_failure; | 3189 | goto nla_put_failure; |
| 3194 | 3190 | ||
| 3195 | args.cb = cb; | 3191 | args.cb = cb; |
| 3196 | args.skb = skb; | 3192 | args.skb = skb; |
| 3197 | args.iter.skip = cb->args[0]; | 3193 | args.iter.genmask = nft_genmask_cur(ctx.net); |
| 3198 | args.iter.count = 0; | 3194 | args.iter.skip = cb->args[0]; |
| 3199 | args.iter.err = 0; | 3195 | args.iter.count = 0; |
| 3200 | args.iter.fn = nf_tables_dump_setelem; | 3196 | args.iter.err = 0; |
| 3197 | args.iter.fn = nf_tables_dump_setelem; | ||
| 3201 | set->ops->walk(&ctx, set, &args.iter); | 3198 | set->ops->walk(&ctx, set, &args.iter); |
| 3202 | 3199 | ||
| 3203 | nla_nest_end(skb, nest); | 3200 | nla_nest_end(skb, nest); |
| @@ -4284,6 +4281,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, | |||
| 4284 | binding->chain != chain) | 4281 | binding->chain != chain) |
| 4285 | continue; | 4282 | continue; |
| 4286 | 4283 | ||
| 4284 | iter.genmask = nft_genmask_next(ctx->net); | ||
| 4287 | iter.skip = 0; | 4285 | iter.skip = 0; |
| 4288 | iter.count = 0; | 4286 | iter.count = 0; |
| 4289 | iter.err = 0; | 4287 | iter.err = 0; |
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index e9f8dffcc244..fb8b5892b5ff 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c | |||
| @@ -143,7 +143,7 @@ next_rule: | |||
| 143 | list_for_each_entry_continue_rcu(rule, &chain->rules, list) { | 143 | list_for_each_entry_continue_rcu(rule, &chain->rules, list) { |
| 144 | 144 | ||
| 145 | /* This rule is not active, skip. */ | 145 | /* This rule is not active, skip. */ |
| 146 | if (unlikely(rule->genmask & (1 << gencursor))) | 146 | if (unlikely(rule->genmask & gencursor)) |
| 147 | continue; | 147 | continue; |
| 148 | 148 | ||
| 149 | rulenum++; | 149 | rulenum++; |
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c index 6fa016564f90..f39c53a159eb 100644 --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c | |||
| @@ -189,7 +189,6 @@ static void nft_hash_walk(const struct nft_ctx *ctx, const struct nft_set *set, | |||
| 189 | struct nft_hash_elem *he; | 189 | struct nft_hash_elem *he; |
| 190 | struct rhashtable_iter hti; | 190 | struct rhashtable_iter hti; |
| 191 | struct nft_set_elem elem; | 191 | struct nft_set_elem elem; |
| 192 | u8 genmask = nft_genmask_cur(read_pnet(&set->pnet)); | ||
| 193 | int err; | 192 | int err; |
| 194 | 193 | ||
| 195 | err = rhashtable_walk_init(&priv->ht, &hti, GFP_KERNEL); | 194 | err = rhashtable_walk_init(&priv->ht, &hti, GFP_KERNEL); |
| @@ -218,7 +217,7 @@ static void nft_hash_walk(const struct nft_ctx *ctx, const struct nft_set *set, | |||
| 218 | goto cont; | 217 | goto cont; |
| 219 | if (nft_set_elem_expired(&he->ext)) | 218 | if (nft_set_elem_expired(&he->ext)) |
| 220 | goto cont; | 219 | goto cont; |
| 221 | if (!nft_set_elem_active(&he->ext, genmask)) | 220 | if (!nft_set_elem_active(&he->ext, iter->genmask)) |
| 222 | goto cont; | 221 | goto cont; |
| 223 | 222 | ||
| 224 | elem.priv = he; | 223 | elem.priv = he; |
diff --git a/net/netfilter/nft_rbtree.c b/net/netfilter/nft_rbtree.c index f762094af7c1..7201d57b5a93 100644 --- a/net/netfilter/nft_rbtree.c +++ b/net/netfilter/nft_rbtree.c | |||
| @@ -211,7 +211,6 @@ static void nft_rbtree_walk(const struct nft_ctx *ctx, | |||
| 211 | struct nft_rbtree_elem *rbe; | 211 | struct nft_rbtree_elem *rbe; |
| 212 | struct nft_set_elem elem; | 212 | struct nft_set_elem elem; |
| 213 | struct rb_node *node; | 213 | struct rb_node *node; |
| 214 | u8 genmask = nft_genmask_cur(read_pnet(&set->pnet)); | ||
| 215 | 214 | ||
| 216 | spin_lock_bh(&nft_rbtree_lock); | 215 | spin_lock_bh(&nft_rbtree_lock); |
| 217 | for (node = rb_first(&priv->root); node != NULL; node = rb_next(node)) { | 216 | for (node = rb_first(&priv->root); node != NULL; node = rb_next(node)) { |
| @@ -219,7 +218,7 @@ static void nft_rbtree_walk(const struct nft_ctx *ctx, | |||
| 219 | 218 | ||
| 220 | if (iter->count < iter->skip) | 219 | if (iter->count < iter->skip) |
| 221 | goto cont; | 220 | goto cont; |
| 222 | if (!nft_set_elem_active(&rbe->ext, genmask)) | 221 | if (!nft_set_elem_active(&rbe->ext, iter->genmask)) |
| 223 | goto cont; | 222 | goto cont; |
| 224 | 223 | ||
| 225 | elem.priv = rbe; | 224 | elem.priv = rbe; |