Merge branch 'master' of git://1984.lsi.us.es/nf

Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter fixes for your net tree, they are: * Don't generate audit log message if audit is not enabled, from Gao Feng. * Fix logging formatting for packets dropped by helpers, by Joe Perches. * Fix a compilation warning in nfnetlink if CONFIG_PROVE_RCU is not set, from Paul Bolle. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-03-07 15:20:02 -0500
committer: David S. Miller <davem@davemloft.net> 2013-03-07 15:20:02 -0500
commit: 43b18db8a27fcd28c2bd290adf031ca04ea573ce (patch)
tree: b9159b5319822a962edb018b651e5be69d72f542 /net
parent: 8b4cd8a0535706ab3f47dd52f5650b11152080b3 (diff)
parent: 9df9e7832391cf699abbf39fc8d95d7e78297462 (diff)
3 files changed, 14 insertions, 7 deletions
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index a9740bd6fe54..94b4b9853f60 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -339,6 +339,13 @@ void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
 {
        const struct nf_conn_help *help;
        const struct nf_conntrack_helper *helper;
+        struct va_format vaf;
+        va_list args;
+        va_start(args, fmt);
+        vaf.fmt = fmt;
+        vaf.va = &args;
        /* Called from the helper function, this call never fails */
        help = nfct_help(ct);
@@ -347,7 +354,9 @@ void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
        helper = rcu_dereference(help->helper);
        nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL,
-                      "nf_ct_%s: dropping packet: %s ", helper->name, fmt);
+                      "nf_ct_%s: dropping packet: %pV ", helper->name, &vaf);
+        va_end(args);
 }
 EXPORT_SYMBOL_GPL(nf_ct_helper_log);
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index d578ec251712..0b1b32cda307 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -62,11 +62,6 @@ void nfnl_unlock(__u8 subsys_id)
 }
 EXPORT_SYMBOL_GPL(nfnl_unlock);
-static struct mutex *nfnl_get_lock(__u8 subsys_id)
-{
-        return &table[subsys_id].mutex;
-}
 int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n)
 {
        nfnl_lock(n->subsys_id);
@@ -199,7 +194,7 @@ replay:
                        rcu_read_unlock();
                        nfnl_lock(subsys_id);
                        if (rcu_dereference_protected(table[subsys_id].subsys,
-                                lockdep_is_held(nfnl_get_lock(subsys_id))) != ss ||
+                                lockdep_is_held(&table[subsys_id].mutex)) != ss ||
                            nfnetlink_find_client(type, ss) != nc)
                                err = -EAGAIN;
                        else if (nc->call)
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index ba92824086f3..3228d7f24eb4 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -124,6 +124,9 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
        const struct xt_audit_info *info = par->targinfo;
        struct audit_buffer *ab;
+        if (audit_enabled == 0)
+                goto errout;
        ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
        if (ab == NULL)
                goto errout;
author	David S. Miller <davem@davemloft.net>	2013-03-07 15:20:02 -0500
committer	David S. Miller <davem@davemloft.net>	2013-03-07 15:20:02 -0500
commit	43b18db8a27fcd28c2bd290adf031ca04ea573ce (patch)
tree	b9159b5319822a962edb018b651e5be69d72f542 /net
parent	8b4cd8a0535706ab3f47dd52f5650b11152080b3 (diff)
parent	9df9e7832391cf699abbf39fc8d95d7e78297462 (diff)