Merge branch 'pablo/nf-2.6-updates' of git://1984.lsi.us.es/net-2.6

author: David S. Miller <davem@davemloft.net> 2011-05-27 13:04:40 -0400
committer: David S. Miller <davem@davemloft.net> 2011-05-27 13:04:40 -0400
commit: 58bf2dbccc5aca12df77e2328f478e239a68bdd5 (patch)
tree: 3eb8009d5029e2b5b07325c9dba1709413677395 /net
parent: 86e4ca66e81bba0f8640f1fa19b8b8f72cbd0561 (diff)
parent: c74c0bfe0b61cf41a897c2444c038e0d3f600556 (diff)
3 files changed, 24 insertions, 11 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 1a92b369c820..2b5ca1a0054d 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1883,14 +1883,13 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
        struct xt_target *wt;
        void *dst = NULL;
        int off, pad = 0;
-        unsigned int size_kern, entry_offset, match_size = mwt->match_size;
+        unsigned int size_kern, match_size = mwt->match_size;
        strlcpy(name, mwt->u.name, sizeof(name));
        if (state->buf_kern_start)
                dst = state->buf_kern_start + state->buf_kern_offset;
-        entry_offset = (unsigned char *) mwt - base;
        switch (compat_mwt) {
        case EBT_COMPAT_MATCH:
                match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
@@ -1933,6 +1932,9 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
                size_kern = wt->targetsize;
                module_put(wt->me);
                break;
+        default:
+                return -EINVAL;
        }
        state->buf_kern_offset += match_size + off;
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 72d1ac611fdc..8041befc6555 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -815,7 +815,7 @@ ip_set_flush(struct sock *ctnl, struct sk_buff *skb,
        ip_set_id_t i;
        if (unlikely(protocol_failed(attr)))
-                return -EPROTO;
+                return -IPSET_ERR_PROTOCOL;
        if (!attr[IPSET_ATTR_SETNAME]) {
                for (i = 0; i < ip_set_max; i++)
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index 6b5dd6ddaae9..af63553fa332 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -411,25 +411,35 @@ static struct ip_vs_app ip_vs_ftp = {
 static int __net_init __ip_vs_ftp_init(struct net *net)
 {
        int i, ret;
-        struct ip_vs_app *app = &ip_vs_ftp;
+        struct ip_vs_app *app;
+        struct netns_ipvs *ipvs = net_ipvs(net);
+        app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
+        if (!app)
+                return -ENOMEM;
+        INIT_LIST_HEAD(&app->a_list);
+        INIT_LIST_HEAD(&app->incs_list);
+        ipvs->ftp_app = app;
        ret = register_ip_vs_app(net, app);
        if (ret)
-                return ret;
+                goto err_exit;
        for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
                if (!ports[i])
                        continue;
                ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);
                if (ret)
-                        break;
+                        goto err_unreg;
                pr_info("%s: loaded support on port[%d] = %d\n",
                        app->name, i, ports[i]);
        }
+        return 0;
-        if (ret)
+err_unreg:
-                unregister_ip_vs_app(net, app);
+        unregister_ip_vs_app(net, app);
+err_exit:
+        kfree(ipvs->ftp_app);
        return ret;
 }
 /*
@@ -437,9 +447,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
 */
 static void __ip_vs_ftp_exit(struct net *net)
 {
-        struct ip_vs_app *app = &ip_vs_ftp;
+        struct netns_ipvs *ipvs = net_ipvs(net);
-        unregister_ip_vs_app(net, app);
+        unregister_ip_vs_app(net, ipvs->ftp_app);
+        kfree(ipvs->ftp_app);
 }
 static struct pernet_operations ip_vs_ftp_ops = {
author	David S. Miller <davem@davemloft.net>	2011-05-27 13:04:40 -0400
committer	David S. Miller <davem@davemloft.net>	2011-05-27 13:04:40 -0400
commit	58bf2dbccc5aca12df77e2328f478e239a68bdd5 (patch)
tree	3eb8009d5029e2b5b07325c9dba1709413677395 /net
parent	86e4ca66e81bba0f8640f1fa19b8b8f72cbd0561 (diff)
parent	c74c0bfe0b61cf41a897c2444c038e0d3f600556 (diff)

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 1a92b369c820..2b5ca1a0054d 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c
@@ -1883,14 +1883,13 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
1883	struct xt_target *wt;	1883	struct xt_target *wt;
1884	void *dst = NULL;	1884	void *dst = NULL;
1885	int off, pad = 0;	1885	int off, pad = 0;
1886	unsigned int size_kern, entry_offset, match_size = mwt->match_size;	1886	unsigned int size_kern, match_size = mwt->match_size;
1887		1887
1888	strlcpy(name, mwt->u.name, sizeof(name));	1888	strlcpy(name, mwt->u.name, sizeof(name));
1889		1889
1890	if (state->buf_kern_start)	1890	if (state->buf_kern_start)
1891	dst = state->buf_kern_start + state->buf_kern_offset;	1891	dst = state->buf_kern_start + state->buf_kern_offset;
1892		1892
1893	entry_offset = (unsigned char *) mwt - base;
1894	switch (compat_mwt) {	1893	switch (compat_mwt) {
1895	case EBT_COMPAT_MATCH:	1894	case EBT_COMPAT_MATCH:
1896	match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,	1895	match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
@@ -1933,6 +1932,9 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
1933	size_kern = wt->targetsize;	1932	size_kern = wt->targetsize;
1934	module_put(wt->me);	1933	module_put(wt->me);
1935	break;	1934	break;
		1935
		1936	default:
		1937	return -EINVAL;
1936	}	1938	}
1937		1939
1938	state->buf_kern_offset += match_size + off;	1940	state->buf_kern_offset += match_size + off;


diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 72d1ac611fdc..8041befc6555 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c
@@ -815,7 +815,7 @@ ip_set_flush(struct sock ctnl, struct sk_buff skb,
815	ip_set_id_t i;	815	ip_set_id_t i;
816		816
817	if (unlikely(protocol_failed(attr)))	817	if (unlikely(protocol_failed(attr)))
818	return -EPROTO;	818	return -IPSET_ERR_PROTOCOL;
819		819
820	if (!attr[IPSET_ATTR_SETNAME]) {	820	if (!attr[IPSET_ATTR_SETNAME]) {
821	for (i = 0; i < ip_set_max; i++)	821	for (i = 0; i < ip_set_max; i++)


diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c index 6b5dd6ddaae9..af63553fa332 100644 --- a/net/netfilter/ipvs/ip_vs_ftp.c +++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -411,25 +411,35 @@ static struct ip_vs_app ip_vs_ftp = {
411	static int __net_init __ip_vs_ftp_init(struct net *net)	411	static int __net_init __ip_vs_ftp_init(struct net *net)
412	{	412	{
413	int i, ret;	413	int i, ret;
414	struct ip_vs_app *app = &ip_vs_ftp;	414	struct ip_vs_app *app;
		415	struct netns_ipvs *ipvs = net_ipvs(net);
		416
		417	app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
		418	if (!app)
		419	return -ENOMEM;
		420	INIT_LIST_HEAD(&app->a_list);
		421	INIT_LIST_HEAD(&app->incs_list);
		422	ipvs->ftp_app = app;
415		423
416	ret = register_ip_vs_app(net, app);	424	ret = register_ip_vs_app(net, app);
417	if (ret)	425	if (ret)
418	return ret;	426	goto err_exit;
419		427
420	for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {	428	for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
421	if (!ports[i])	429	if (!ports[i])
422	continue;	430	continue;
423	ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);	431	ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);
424	if (ret)	432	if (ret)
425	break;	433	goto err_unreg;
426	pr_info("%s: loaded support on port[%d] = %d\n",	434	pr_info("%s: loaded support on port[%d] = %d\n",
427	app->name, i, ports[i]);	435	app->name, i, ports[i]);
428	}	436	}
		437	return 0;
429		438
430	if (ret)	439	err_unreg:
431	unregister_ip_vs_app(net, app);	440	unregister_ip_vs_app(net, app);
432		441	err_exit:
		442	kfree(ipvs->ftp_app);
433	return ret;	443	return ret;
434	}	444	}
435	/*	445	/*
@@ -437,9 +447,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
437	*/	447	*/
438	static void __ip_vs_ftp_exit(struct net *net)	448	static void __ip_vs_ftp_exit(struct net *net)
439	{	449	{
440	struct ip_vs_app *app = &ip_vs_ftp;	450	struct netns_ipvs *ipvs = net_ipvs(net);
441		451
442	unregister_ip_vs_app(net, app);	452	unregister_ip_vs_app(net, ipvs->ftp_app);
		453	kfree(ipvs->ftp_app);
443	}	454	}
444		455
445	static struct pernet_operations ip_vs_ftp_ops = {	456	static struct pernet_operations ip_vs_ftp_ops = {