diff options
| -rw-r--r-- | include/linux/netfilter.h | 2 | ||||
| -rw-r--r-- | net/bridge/br_netfilter_hooks.c | 3 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 4 | ||||
| -rw-r--r-- | net/netfilter/nft_osf.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nft_set_rbtree.c | 28 | ||||
| -rw-r--r-- | net/netfilter/xt_socket.c | 4 |
6 files changed, 23 insertions, 20 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 07efffd0c759..bbe99d2b28b4 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
| @@ -215,6 +215,8 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, | |||
| 215 | break; | 215 | break; |
| 216 | case NFPROTO_ARP: | 216 | case NFPROTO_ARP: |
| 217 | #ifdef CONFIG_NETFILTER_FAMILY_ARP | 217 | #ifdef CONFIG_NETFILTER_FAMILY_ARP |
| 218 | if (WARN_ON_ONCE(hook >= ARRAY_SIZE(net->nf.hooks_arp))) | ||
| 219 | break; | ||
| 218 | hook_head = rcu_dereference(net->nf.hooks_arp[hook]); | 220 | hook_head = rcu_dereference(net->nf.hooks_arp[hook]); |
| 219 | #endif | 221 | #endif |
| 220 | break; | 222 | break; |
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 6e0dc6bcd32a..37278dc280eb 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c | |||
| @@ -835,7 +835,8 @@ static unsigned int ip_sabotage_in(void *priv, | |||
| 835 | struct sk_buff *skb, | 835 | struct sk_buff *skb, |
| 836 | const struct nf_hook_state *state) | 836 | const struct nf_hook_state *state) |
| 837 | { | 837 | { |
| 838 | if (skb->nf_bridge && !skb->nf_bridge->in_prerouting) { | 838 | if (skb->nf_bridge && !skb->nf_bridge->in_prerouting && |
| 839 | !netif_is_l3_master(skb->dev)) { | ||
| 839 | state->okfn(state->net, state->sk, skb); | 840 | state->okfn(state->net, state->sk, skb); |
| 840 | return NF_STOLEN; | 841 | return NF_STOLEN; |
| 841 | } | 842 | } |
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index b4bdf9eda7b7..247b89784a6f 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
| @@ -1213,8 +1213,8 @@ static const struct nla_policy tcp_nla_policy[CTA_PROTOINFO_TCP_MAX+1] = { | |||
| 1213 | #define TCP_NLATTR_SIZE ( \ | 1213 | #define TCP_NLATTR_SIZE ( \ |
| 1214 | NLA_ALIGN(NLA_HDRLEN + 1) + \ | 1214 | NLA_ALIGN(NLA_HDRLEN + 1) + \ |
| 1215 | NLA_ALIGN(NLA_HDRLEN + 1) + \ | 1215 | NLA_ALIGN(NLA_HDRLEN + 1) + \ |
| 1216 | NLA_ALIGN(NLA_HDRLEN + sizeof(sizeof(struct nf_ct_tcp_flags))) + \ | 1216 | NLA_ALIGN(NLA_HDRLEN + sizeof(struct nf_ct_tcp_flags)) + \ |
| 1217 | NLA_ALIGN(NLA_HDRLEN + sizeof(sizeof(struct nf_ct_tcp_flags)))) | 1217 | NLA_ALIGN(NLA_HDRLEN + sizeof(struct nf_ct_tcp_flags))) |
| 1218 | 1218 | ||
| 1219 | static int nlattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct) | 1219 | static int nlattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct) |
| 1220 | { | 1220 | { |
diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c index 5af74b37f423..a35fb59ace73 100644 --- a/net/netfilter/nft_osf.c +++ b/net/netfilter/nft_osf.c | |||
| @@ -49,7 +49,7 @@ static int nft_osf_init(const struct nft_ctx *ctx, | |||
| 49 | 49 | ||
| 50 | priv->dreg = nft_parse_register(tb[NFTA_OSF_DREG]); | 50 | priv->dreg = nft_parse_register(tb[NFTA_OSF_DREG]); |
| 51 | err = nft_validate_register_store(ctx, priv->dreg, NULL, | 51 | err = nft_validate_register_store(ctx, priv->dreg, NULL, |
| 52 | NFTA_DATA_VALUE, NFT_OSF_MAXGENRELEN); | 52 | NFT_DATA_VALUE, NFT_OSF_MAXGENRELEN); |
| 53 | if (err < 0) | 53 | if (err < 0) |
| 54 | return err; | 54 | return err; |
| 55 | 55 | ||
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c index 55e2d9215c0d..0e5ec126f6ad 100644 --- a/net/netfilter/nft_set_rbtree.c +++ b/net/netfilter/nft_set_rbtree.c | |||
| @@ -355,12 +355,11 @@ cont: | |||
| 355 | 355 | ||
| 356 | static void nft_rbtree_gc(struct work_struct *work) | 356 | static void nft_rbtree_gc(struct work_struct *work) |
| 357 | { | 357 | { |
| 358 | struct nft_rbtree_elem *rbe, *rbe_end = NULL, *rbe_prev = NULL; | ||
| 358 | struct nft_set_gc_batch *gcb = NULL; | 359 | struct nft_set_gc_batch *gcb = NULL; |
| 359 | struct rb_node *node, *prev = NULL; | ||
| 360 | struct nft_rbtree_elem *rbe; | ||
| 361 | struct nft_rbtree *priv; | 360 | struct nft_rbtree *priv; |
| 361 | struct rb_node *node; | ||
| 362 | struct nft_set *set; | 362 | struct nft_set *set; |
| 363 | int i; | ||
| 364 | 363 | ||
| 365 | priv = container_of(work, struct nft_rbtree, gc_work.work); | 364 | priv = container_of(work, struct nft_rbtree, gc_work.work); |
| 366 | set = nft_set_container_of(priv); | 365 | set = nft_set_container_of(priv); |
| @@ -371,7 +370,7 @@ static void nft_rbtree_gc(struct work_struct *work) | |||
| 371 | rbe = rb_entry(node, struct nft_rbtree_elem, node); | 370 | rbe = rb_entry(node, struct nft_rbtree_elem, node); |
| 372 | 371 | ||
| 373 | if (nft_rbtree_interval_end(rbe)) { | 372 | if (nft_rbtree_interval_end(rbe)) { |
| 374 | prev = node; | 373 | rbe_end = rbe; |
| 375 | continue; | 374 | continue; |
| 376 | } | 375 | } |
| 377 | if (!nft_set_elem_expired(&rbe->ext)) | 376 | if (!nft_set_elem_expired(&rbe->ext)) |
| @@ -379,29 +378,30 @@ static void nft_rbtree_gc(struct work_struct *work) | |||
| 379 | if (nft_set_elem_mark_busy(&rbe->ext)) | 378 | if (nft_set_elem_mark_busy(&rbe->ext)) |
| 380 | continue; | 379 | continue; |
| 381 | 380 | ||
| 381 | if (rbe_prev) { | ||
| 382 | rb_erase(&rbe_prev->node, &priv->root); | ||
| 383 | rbe_prev = NULL; | ||
| 384 | } | ||
| 382 | gcb = nft_set_gc_batch_check(set, gcb, GFP_ATOMIC); | 385 | gcb = nft_set_gc_batch_check(set, gcb, GFP_ATOMIC); |
| 383 | if (!gcb) | 386 | if (!gcb) |
| 384 | break; | 387 | break; |
| 385 | 388 | ||
| 386 | atomic_dec(&set->nelems); | 389 | atomic_dec(&set->nelems); |
| 387 | nft_set_gc_batch_add(gcb, rbe); | 390 | nft_set_gc_batch_add(gcb, rbe); |
| 391 | rbe_prev = rbe; | ||
| 388 | 392 | ||
| 389 | if (prev) { | 393 | if (rbe_end) { |
| 390 | rbe = rb_entry(prev, struct nft_rbtree_elem, node); | ||
| 391 | atomic_dec(&set->nelems); | 394 | atomic_dec(&set->nelems); |
| 392 | nft_set_gc_batch_add(gcb, rbe); | 395 | nft_set_gc_batch_add(gcb, rbe_end); |
| 393 | prev = NULL; | 396 | rb_erase(&rbe_end->node, &priv->root); |
| 397 | rbe_end = NULL; | ||
| 394 | } | 398 | } |
| 395 | node = rb_next(node); | 399 | node = rb_next(node); |
| 396 | if (!node) | 400 | if (!node) |
| 397 | break; | 401 | break; |
| 398 | } | 402 | } |
| 399 | if (gcb) { | 403 | if (rbe_prev) |
| 400 | for (i = 0; i < gcb->head.cnt; i++) { | 404 | rb_erase(&rbe_prev->node, &priv->root); |
| 401 | rbe = gcb->elems[i]; | ||
| 402 | rb_erase(&rbe->node, &priv->root); | ||
| 403 | } | ||
| 404 | } | ||
| 405 | write_seqcount_end(&priv->count); | 405 | write_seqcount_end(&priv->count); |
| 406 | write_unlock_bh(&priv->lock); | 406 | write_unlock_bh(&priv->lock); |
| 407 | 407 | ||
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 0472f3472842..ada144e5645b 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c | |||
| @@ -56,7 +56,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, | |||
| 56 | struct sk_buff *pskb = (struct sk_buff *)skb; | 56 | struct sk_buff *pskb = (struct sk_buff *)skb; |
| 57 | struct sock *sk = skb->sk; | 57 | struct sock *sk = skb->sk; |
| 58 | 58 | ||
| 59 | if (!net_eq(xt_net(par), sock_net(sk))) | 59 | if (sk && !net_eq(xt_net(par), sock_net(sk))) |
| 60 | sk = NULL; | 60 | sk = NULL; |
| 61 | 61 | ||
| 62 | if (!sk) | 62 | if (!sk) |
| @@ -117,7 +117,7 @@ socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par) | |||
| 117 | struct sk_buff *pskb = (struct sk_buff *)skb; | 117 | struct sk_buff *pskb = (struct sk_buff *)skb; |
| 118 | struct sock *sk = skb->sk; | 118 | struct sock *sk = skb->sk; |
| 119 | 119 | ||
| 120 | if (!net_eq(xt_net(par), sock_net(sk))) | 120 | if (sk && !net_eq(xt_net(par), sock_net(sk))) |
| 121 | sk = NULL; | 121 | sk = NULL; |
| 122 | 122 | ||
| 123 | if (!sk) | 123 | if (!sk) |