diff options
| author | David S. Miller <davem@davemloft.net> | 2013-04-04 17:41:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-04-04 17:41:53 -0400 |
| commit | 4f4ecd5f2a94135a8a556232aa9ddc55944d9c8f (patch) | |
| tree | 99a4808dce728bc3b7bfe6ca6a5eae4bd6eeac99 | |
| parent | 518314ffe4ab5d7ffae0607d0c56ba57e0279732 (diff) | |
| parent | 906b1c394d0906a154fbdc904ca506bceb515756 (diff) | |
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:
====================
The following patchset contains netfilter updates for your net tree,
they are:
* Fix missing the skb->trace reset in nf_reset, noticed by Gao Feng
while using the TRACE target with several net namespaces.
* Fix prefix translation in IPv6 NPT if non-multiple of 32 prefixes
are used, from Matthias Schiffer.
* Fix invalid nfacct objects with empty name, they are now rejected
with -EINVAL, spotted by Michael Zintakis, patch from myself.
* A couple of fixes for wrong return values in the error path of
nfnetlink_queue and nf_conntrack, from Wei Yongjun.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/skbuff.h | 3 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_NPT.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 1 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_acct.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 4 |
5 files changed, 10 insertions, 2 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 441f5bfdab8e..72b396751de7 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
| @@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb) | |||
| 2641 | nf_bridge_put(skb->nf_bridge); | 2641 | nf_bridge_put(skb->nf_bridge); |
| 2642 | skb->nf_bridge = NULL; | 2642 | skb->nf_bridge = NULL; |
| 2643 | #endif | 2643 | #endif |
| 2644 | #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) | ||
| 2645 | skb->nf_trace = 0; | ||
| 2646 | #endif | ||
| 2644 | } | 2647 | } |
| 2645 | 2648 | ||
| 2646 | /* Note: This doesn't put any conntrack and bridge info in dst. */ | 2649 | /* Note: This doesn't put any conntrack and bridge info in dst. */ |
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c index 33608c610276..cb631143721c 100644 --- a/net/ipv6/netfilter/ip6t_NPT.c +++ b/net/ipv6/netfilter/ip6t_NPT.c | |||
| @@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, | |||
| 57 | if (pfx_len - i >= 32) | 57 | if (pfx_len - i >= 32) |
| 58 | mask = 0; | 58 | mask = 0; |
| 59 | else | 59 | else |
| 60 | mask = htonl(~((1 << (pfx_len - i)) - 1)); | 60 | mask = htonl((1 << (i - pfx_len + 32)) - 1); |
| 61 | 61 | ||
| 62 | idx = i / 32; | 62 | idx = i / 32; |
| 63 | addr->s6_addr32[idx] &= mask; | 63 | addr->s6_addr32[idx] &= mask; |
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 6bcce401fd1c..fedee3943661 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
| @@ -568,6 +568,7 @@ static int __init nf_conntrack_standalone_init(void) | |||
| 568 | register_net_sysctl(&init_net, "net", nf_ct_netfilter_table); | 568 | register_net_sysctl(&init_net, "net", nf_ct_netfilter_table); |
| 569 | if (!nf_ct_netfilter_header) { | 569 | if (!nf_ct_netfilter_header) { |
| 570 | pr_err("nf_conntrack: can't register to sysctl.\n"); | 570 | pr_err("nf_conntrack: can't register to sysctl.\n"); |
| 571 | ret = -ENOMEM; | ||
| 571 | goto out_sysctl; | 572 | goto out_sysctl; |
| 572 | } | 573 | } |
| 573 | #endif | 574 | #endif |
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index 589d686f0b4c..dc3fd5d44464 100644 --- a/net/netfilter/nfnetlink_acct.c +++ b/net/netfilter/nfnetlink_acct.c | |||
| @@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb, | |||
| 49 | return -EINVAL; | 49 | return -EINVAL; |
| 50 | 50 | ||
| 51 | acct_name = nla_data(tb[NFACCT_NAME]); | 51 | acct_name = nla_data(tb[NFACCT_NAME]); |
| 52 | if (strlen(acct_name) == 0) | ||
| 53 | return -EINVAL; | ||
| 52 | 54 | ||
| 53 | list_for_each_entry(nfacct, &nfnl_acct_list, head) { | 55 | list_for_each_entry(nfacct, &nfnl_acct_list, head) { |
| 54 | if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) | 56 | if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) |
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index 1cb48540f86a..42680b2baa11 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c | |||
| @@ -1062,8 +1062,10 @@ static int __init nfnetlink_queue_init(void) | |||
| 1062 | 1062 | ||
| 1063 | #ifdef CONFIG_PROC_FS | 1063 | #ifdef CONFIG_PROC_FS |
| 1064 | if (!proc_create("nfnetlink_queue", 0440, | 1064 | if (!proc_create("nfnetlink_queue", 0440, |
| 1065 | proc_net_netfilter, &nfqnl_file_ops)) | 1065 | proc_net_netfilter, &nfqnl_file_ops)) { |
| 1066 | status = -ENOMEM; | ||
| 1066 | goto cleanup_subsys; | 1067 | goto cleanup_subsys; |
| 1068 | } | ||
| 1067 | #endif | 1069 | #endif |
| 1068 | 1070 | ||
| 1069 | register_netdevice_notifier(&nfqnl_dev_notifier); | 1071 | register_netdevice_notifier(&nfqnl_dev_notifier); |