diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-20 12:06:35 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-20 12:06:35 -0400 |
| commit | 5fdf11283e26719543eb5f9b68707e1af77eb875 (patch) | |
| tree | 2d9a3fe6909e013c0bd2f5fc4c5bf5996eff7b19 /net/netfilter | |
| parent | 2be508d847392e431759e370d21cea9412848758 (diff) | |
| parent | fdc9314cbe027281b5440780692105d49b53cf2c (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
netfilter: replace old NF_ARP calls with NFPROTO_ARP
netfilter: fix compilation error with NAT=n
netfilter: xt_recent: use proc_create_data()
netfilter: snmp nat leaks memory in case of failure
netfilter: xt_iprange: fix range inversion match
netfilter: netns: use NFPROTO_NUMPROTO instead of NUMPROTO for tables array
netfilter: ctnetlink: remove obsolete NAT dependency from Kconfig
pkt_sched: sch_generic: Fix oops in sch_teql
dccp: Port redirection support for DCCP
tcp: Fix IPv6 fallout from 'Port redirection support for TCP'
netdev: change name dropping error codes
ipvs: Update CONFIG_IP_VS_IPV6 description and help text
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/Kconfig | 1 | ||||
| -rw-r--r-- | net/netfilter/ipvs/Kconfig | 4 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 2 | ||||
| -rw-r--r-- | net/netfilter/xt_NFQUEUE.c | 2 | ||||
| -rw-r--r-- | net/netfilter/xt_iprange.c | 8 | ||||
| -rw-r--r-- | net/netfilter/xt_recent.c | 10 |
6 files changed, 14 insertions, 13 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 78892cf2b02..25dcef9f219 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -271,7 +271,6 @@ config NF_CONNTRACK_TFTP | |||
| 271 | config NF_CT_NETLINK | 271 | config NF_CT_NETLINK |
| 272 | tristate 'Connection tracking netlink interface' | 272 | tristate 'Connection tracking netlink interface' |
| 273 | select NETFILTER_NETLINK | 273 | select NETFILTER_NETLINK |
| 274 | depends on NF_NAT=n || NF_NAT | ||
| 275 | default m if NETFILTER_ADVANCED=n | 274 | default m if NETFILTER_ADVANCED=n |
| 276 | help | 275 | help |
| 277 | This option enables support for a netlink-based userspace interface | 276 | This option enables support for a netlink-based userspace interface |
diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig index 05048e40326..79a69805221 100644 --- a/net/netfilter/ipvs/Kconfig +++ b/net/netfilter/ipvs/Kconfig | |||
| @@ -25,11 +25,13 @@ menuconfig IP_VS | |||
| 25 | if IP_VS | 25 | if IP_VS |
| 26 | 26 | ||
| 27 | config IP_VS_IPV6 | 27 | config IP_VS_IPV6 |
| 28 | bool "IPv6 support for IPVS (DANGEROUS)" | 28 | bool "IPv6 support for IPVS" |
| 29 | depends on EXPERIMENTAL && (IPV6 = y || IP_VS = IPV6) | 29 | depends on EXPERIMENTAL && (IPV6 = y || IP_VS = IPV6) |
| 30 | ---help--- | 30 | ---help--- |
| 31 | Add IPv6 support to IPVS. This is incomplete and might be dangerous. | 31 | Add IPv6 support to IPVS. This is incomplete and might be dangerous. |
| 32 | 32 | ||
| 33 | See http://www.mindbasket.com/ipvs for more information. | ||
| 34 | |||
| 33 | Say N if unsure. | 35 | Say N if unsure. |
| 34 | 36 | ||
| 35 | config IP_VS_DEBUG | 37 | config IP_VS_DEBUG |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 2e4ad9671e1..a040d46f85d 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -813,6 +813,7 @@ out: | |||
| 813 | return err; | 813 | return err; |
| 814 | } | 814 | } |
| 815 | 815 | ||
| 816 | #ifdef CONFIG_NF_NAT_NEEDED | ||
| 816 | static int | 817 | static int |
| 817 | ctnetlink_parse_nat_setup(struct nf_conn *ct, | 818 | ctnetlink_parse_nat_setup(struct nf_conn *ct, |
| 818 | enum nf_nat_manip_type manip, | 819 | enum nf_nat_manip_type manip, |
| @@ -840,6 +841,7 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct, | |||
| 840 | 841 | ||
| 841 | return parse_nat_setup(ct, manip, attr); | 842 | return parse_nat_setup(ct, manip, attr); |
| 842 | } | 843 | } |
| 844 | #endif | ||
| 843 | 845 | ||
| 844 | static int | 846 | static int |
| 845 | ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) | 847 | ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) |
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index 2cc1fff4930..f9977b3311f 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c | |||
| @@ -48,7 +48,7 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = { | |||
| 48 | }, | 48 | }, |
| 49 | { | 49 | { |
| 50 | .name = "NFQUEUE", | 50 | .name = "NFQUEUE", |
| 51 | .family = NF_ARP, | 51 | .family = NFPROTO_ARP, |
| 52 | .target = nfqueue_tg, | 52 | .target = nfqueue_tg, |
| 53 | .targetsize = sizeof(struct xt_NFQ_info), | 53 | .targetsize = sizeof(struct xt_NFQ_info), |
| 54 | .me = THIS_MODULE, | 54 | .me = THIS_MODULE, |
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c index 6f62c36948d..7ac54eab0b0 100644 --- a/net/netfilter/xt_iprange.c +++ b/net/netfilter/xt_iprange.c | |||
| @@ -61,7 +61,7 @@ iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 61 | if (info->flags & IPRANGE_SRC) { | 61 | if (info->flags & IPRANGE_SRC) { |
| 62 | m = ntohl(iph->saddr) < ntohl(info->src_min.ip); | 62 | m = ntohl(iph->saddr) < ntohl(info->src_min.ip); |
| 63 | m |= ntohl(iph->saddr) > ntohl(info->src_max.ip); | 63 | m |= ntohl(iph->saddr) > ntohl(info->src_max.ip); |
| 64 | m ^= info->flags & IPRANGE_SRC_INV; | 64 | m ^= !!(info->flags & IPRANGE_SRC_INV); |
| 65 | if (m) { | 65 | if (m) { |
| 66 | pr_debug("src IP " NIPQUAD_FMT " NOT in range %s" | 66 | pr_debug("src IP " NIPQUAD_FMT " NOT in range %s" |
| 67 | NIPQUAD_FMT "-" NIPQUAD_FMT "\n", | 67 | NIPQUAD_FMT "-" NIPQUAD_FMT "\n", |
| @@ -75,7 +75,7 @@ iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 75 | if (info->flags & IPRANGE_DST) { | 75 | if (info->flags & IPRANGE_DST) { |
| 76 | m = ntohl(iph->daddr) < ntohl(info->dst_min.ip); | 76 | m = ntohl(iph->daddr) < ntohl(info->dst_min.ip); |
| 77 | m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip); | 77 | m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip); |
| 78 | m ^= info->flags & IPRANGE_DST_INV; | 78 | m ^= !!(info->flags & IPRANGE_DST_INV); |
| 79 | if (m) { | 79 | if (m) { |
| 80 | pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s" | 80 | pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s" |
| 81 | NIPQUAD_FMT "-" NIPQUAD_FMT "\n", | 81 | NIPQUAD_FMT "-" NIPQUAD_FMT "\n", |
| @@ -114,14 +114,14 @@ iprange_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 114 | if (info->flags & IPRANGE_SRC) { | 114 | if (info->flags & IPRANGE_SRC) { |
| 115 | m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; | 115 | m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; |
| 116 | m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; | 116 | m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; |
| 117 | m ^= info->flags & IPRANGE_SRC_INV; | 117 | m ^= !!(info->flags & IPRANGE_SRC_INV); |
| 118 | if (m) | 118 | if (m) |
| 119 | return false; | 119 | return false; |
| 120 | } | 120 | } |
| 121 | if (info->flags & IPRANGE_DST) { | 121 | if (info->flags & IPRANGE_DST) { |
| 122 | m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; | 122 | m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; |
| 123 | m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; | 123 | m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; |
| 124 | m ^= info->flags & IPRANGE_DST_INV; | 124 | m ^= !!(info->flags & IPRANGE_DST_INV); |
| 125 | if (m) | 125 | if (m) |
| 126 | return false; | 126 | return false; |
| 127 | } | 127 | } |
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 4ebd4ca9a99..280c471bcdf 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c | |||
| @@ -318,15 +318,15 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) | |||
| 318 | for (i = 0; i < ip_list_hash_size; i++) | 318 | for (i = 0; i < ip_list_hash_size; i++) |
| 319 | INIT_LIST_HEAD(&t->iphash[i]); | 319 | INIT_LIST_HEAD(&t->iphash[i]); |
| 320 | #ifdef CONFIG_PROC_FS | 320 | #ifdef CONFIG_PROC_FS |
| 321 | t->proc = proc_create(t->name, ip_list_perms, recent_proc_dir, | 321 | t->proc = proc_create_data(t->name, ip_list_perms, recent_proc_dir, |
| 322 | &recent_mt_fops); | 322 | &recent_mt_fops, t); |
| 323 | if (t->proc == NULL) { | 323 | if (t->proc == NULL) { |
| 324 | kfree(t); | 324 | kfree(t); |
| 325 | goto out; | 325 | goto out; |
| 326 | } | 326 | } |
| 327 | #ifdef CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT | 327 | #ifdef CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT |
| 328 | t->proc_old = proc_create(t->name, ip_list_perms, proc_old_dir, | 328 | t->proc_old = proc_create_data(t->name, ip_list_perms, proc_old_dir, |
| 329 | &recent_old_fops); | 329 | &recent_old_fops, t); |
| 330 | if (t->proc_old == NULL) { | 330 | if (t->proc_old == NULL) { |
| 331 | remove_proc_entry(t->name, proc_old_dir); | 331 | remove_proc_entry(t->name, proc_old_dir); |
| 332 | kfree(t); | 332 | kfree(t); |
| @@ -334,11 +334,9 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) | |||
| 334 | } | 334 | } |
| 335 | t->proc_old->uid = ip_list_uid; | 335 | t->proc_old->uid = ip_list_uid; |
| 336 | t->proc_old->gid = ip_list_gid; | 336 | t->proc_old->gid = ip_list_gid; |
| 337 | t->proc_old->data = t; | ||
| 338 | #endif | 337 | #endif |
| 339 | t->proc->uid = ip_list_uid; | 338 | t->proc->uid = ip_list_uid; |
| 340 | t->proc->gid = ip_list_gid; | 339 | t->proc->gid = ip_list_gid; |
| 341 | t->proc->data = t; | ||
| 342 | #endif | 340 | #endif |
| 343 | spin_lock_bh(&recent_lock); | 341 | spin_lock_bh(&recent_lock); |
| 344 | list_add_tail(&t->list, &tables); | 342 | list_add_tail(&t->list, &tables); |