Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch

Conflicts: net/ipv6/exthdrs_core.c Jesse Gross says: ==================== This series of improvements for 3.8/net-next contains four components: * Support for modifying IPv6 headers * Support for matching and setting skb->mark for better integration with things like iptables * Ability to recognize the EtherType for RARP packets * Two small performance enhancements The movement of ipv6_find_hdr() into exthdrs_core.c causes two small merge conflicts. I left it as is but can do the merge if you want. The conflicts are: * ipv6_find_hdr() and ipv6_find_tlv() were both moved to the bottom of exthdrs_core.c. Both should stay. * A new use of ipv6_find_hdr() was added to net/netfilter/ipvs/ip_vs_core.c after this patch. The IPVS user has two instances of the old constant name IP6T_FH_F_FRAG which has been renamed to IP6_FH_F_FRAG. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2012-11-30 12:01:30 -0500
committer: David S. Miller <davem@davemloft.net> 2012-11-30 12:01:30 -0500
commit: e7165030db8e932a9a968f7015cd3b2e984f8e7c (patch)
tree: ab46a0baf25f72b7001bb4673ba47534b81a0d2d /net/netfilter
parent: bb728820fe7c42fdb838ab2745fb5fe6b18b5ffa (diff)
parent: 92eb1d477145b2e7780b5002e856f70b8c3d74da (diff)
2 files changed, 6 insertions, 6 deletions
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index fb45640dc1f..47edf5a40a5 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -942,7 +942,7 @@ static int ip_vs_out_icmp_v6(struct sk_buff *skb, int *related,
        /* Fragment header that is before ICMP header tells us that:
         * it's not an error message since they can't be fragmented.
         */
-        if (ipvsh->flags & IP6T_FH_F_FRAG)
+        if (ipvsh->flags & IP6_FH_F_FRAG)
                return NF_DROP;
        IP_VS_DBG(8, "Outgoing ICMPv6 (%d,%d) %pI6c->%pI6c\n",
@@ -1475,7 +1475,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int *related,
        /* Fragment header that is before ICMP header tells us that:
         * it's not an error message since they can't be fragmented.
         */
-        if (iph->flags & IP6T_FH_F_FRAG)
+        if (iph->flags & IP6_FH_F_FRAG)
                return NF_DROP;
        IP_VS_DBG(8, "Incoming ICMPv6 (%d,%d) %pI6c->%pI6c\n",
diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
index 1686ca1b53a..73b73f687c5 100644
--- a/net/netfilter/xt_HMARK.c
+++ b/net/netfilter/xt_HMARK.c
@@ -167,7 +167,7 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff *skb, struct hmark_tuple *t,
                          const struct xt_hmark_info *info)
 {
        struct ipv6hdr *ip6, _ip6;
-        int flag = IP6T_FH_F_AUTH;
+        int flag = IP6_FH_F_AUTH;
        unsigned int nhoff = 0;
        u16 fragoff = 0;
        int nexthdr;
@@ -177,7 +177,7 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff *skb, struct hmark_tuple *t,
        if (nexthdr < 0)
                return 0;
        /* No need to check for icmp errors on fragments */
-        if ((flag & IP6T_FH_F_FRAG) || (nexthdr != IPPROTO_ICMPV6))
+        if ((flag & IP6_FH_F_FRAG) || (nexthdr != IPPROTO_ICMPV6))
                goto noicmp;
        /* Use inner header in case of ICMP errors */
        if (get_inner6_hdr(skb, &nhoff)) {
@@ -185,7 +185,7 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff *skb, struct hmark_tuple *t,
                if (ip6 == NULL)
                        return -1;
                /* If AH present, use SPI like in ESP. */
-                flag = IP6T_FH_F_AUTH;
+                flag = IP6_FH_F_AUTH;
                nexthdr = ipv6_find_hdr(skb, &nhoff, -1, &fragoff, &flag);
                if (nexthdr < 0)
                        return -1;
@@ -201,7 +201,7 @@ noicmp:
        if (t->proto == IPPROTO_ICMPV6)
                return 0;
-        if (flag & IP6T_FH_F_FRAG)
+        if (flag & IP6_FH_F_FRAG)
                return 0;
        hmark_set_tuple_ports(skb, nhoff, t, info);
author	David S. Miller <davem@davemloft.net>	2012-11-30 12:01:30 -0500
committer	David S. Miller <davem@davemloft.net>	2012-11-30 12:01:30 -0500
commit	e7165030db8e932a9a968f7015cd3b2e984f8e7c (patch)
tree	ab46a0baf25f72b7001bb4673ba47534b81a0d2d /net/netfilter
parent	bb728820fe7c42fdb838ab2745fb5fe6b18b5ffa (diff)
parent	92eb1d477145b2e7780b5002e856f70b8c3d74da (diff)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index fb45640dc1f..47edf5a40a5 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -942,7 +942,7 @@ static int ip_vs_out_icmp_v6(struct sk_buff skb, int related,
942	/* Fragment header that is before ICMP header tells us that:	942	/* Fragment header that is before ICMP header tells us that:
943	* it's not an error message since they can't be fragmented.	943	* it's not an error message since they can't be fragmented.
944	*/	944	*/
945	if (ipvsh->flags & IP6T_FH_F_FRAG)	945	if (ipvsh->flags & IP6_FH_F_FRAG)
946	return NF_DROP;	946	return NF_DROP;
947		947
948	IP_VS_DBG(8, "Outgoing ICMPv6 (%d,%d) %pI6c->%pI6c\n",	948	IP_VS_DBG(8, "Outgoing ICMPv6 (%d,%d) %pI6c->%pI6c\n",
@@ -1475,7 +1475,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff skb, int related,
1475	/* Fragment header that is before ICMP header tells us that:	1475	/* Fragment header that is before ICMP header tells us that:
1476	* it's not an error message since they can't be fragmented.	1476	* it's not an error message since they can't be fragmented.
1477	*/	1477	*/
1478	if (iph->flags & IP6T_FH_F_FRAG)	1478	if (iph->flags & IP6_FH_F_FRAG)
1479	return NF_DROP;	1479	return NF_DROP;
1480		1480
1481	IP_VS_DBG(8, "Incoming ICMPv6 (%d,%d) %pI6c->%pI6c\n",	1481	IP_VS_DBG(8, "Incoming ICMPv6 (%d,%d) %pI6c->%pI6c\n",


diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c index 1686ca1b53a..73b73f687c5 100644 --- a/net/netfilter/xt_HMARK.c +++ b/net/netfilter/xt_HMARK.c
@@ -167,7 +167,7 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff skb, struct hmark_tuple t,
167	const struct xt_hmark_info *info)	167	const struct xt_hmark_info *info)
168	{	168	{
169	struct ipv6hdr *ip6, _ip6;	169	struct ipv6hdr *ip6, _ip6;
170	int flag = IP6T_FH_F_AUTH;	170	int flag = IP6_FH_F_AUTH;
171	unsigned int nhoff = 0;	171	unsigned int nhoff = 0;
172	u16 fragoff = 0;	172	u16 fragoff = 0;
173	int nexthdr;	173	int nexthdr;
@@ -177,7 +177,7 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff skb, struct hmark_tuple t,
177	if (nexthdr < 0)	177	if (nexthdr < 0)
178	return 0;	178	return 0;
179	/* No need to check for icmp errors on fragments */	179	/* No need to check for icmp errors on fragments */
180	if ((flag & IP6T_FH_F_FRAG) \|\| (nexthdr != IPPROTO_ICMPV6))	180	if ((flag & IP6_FH_F_FRAG) \|\| (nexthdr != IPPROTO_ICMPV6))
181	goto noicmp;	181	goto noicmp;
182	/* Use inner header in case of ICMP errors */	182	/* Use inner header in case of ICMP errors */
183	if (get_inner6_hdr(skb, &nhoff)) {	183	if (get_inner6_hdr(skb, &nhoff)) {
@@ -185,7 +185,7 @@ hmark_pkt_set_htuple_ipv6(const struct sk_buff skb, struct hmark_tuple t,
185	if (ip6 == NULL)	185	if (ip6 == NULL)
186	return -1;	186	return -1;
187	/* If AH present, use SPI like in ESP. */	187	/* If AH present, use SPI like in ESP. */
188	flag = IP6T_FH_F_AUTH;	188	flag = IP6_FH_F_AUTH;
189	nexthdr = ipv6_find_hdr(skb, &nhoff, -1, &fragoff, &flag);	189	nexthdr = ipv6_find_hdr(skb, &nhoff, -1, &fragoff, &flag);
190	if (nexthdr < 0)	190	if (nexthdr < 0)
191	return -1;	191	return -1;
@@ -201,7 +201,7 @@ noicmp:
201	if (t->proto == IPPROTO_ICMPV6)	201	if (t->proto == IPPROTO_ICMPV6)
202	return 0;	202	return 0;
203		203
204	if (flag & IP6T_FH_F_FRAG)	204	if (flag & IP6_FH_F_FRAG)
205	return 0;	205	return 0;
206		206
207	hmark_set_tuple_ports(skb, nhoff, t, info);	207	hmark_set_tuple_ports(skb, nhoff, t, info);