aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-01-14 18:26:41 -0500
committerDavid S. Miller <davem@davemloft.net>2013-01-14 18:26:41 -0500
commit47fb3a26e2f07a734876915bedc1053021fec860 (patch)
tree8921f299d57a6c875c835d0b9db22fcf50089032 /net
parent5dbbaf2de89613d19a9286d4db0a535ca2735d26 (diff)
parent5b76c4948fe6977bead2359c2054f3e6a2dcf3d0 (diff)
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says: ==================== The following patchset contains netfilter fixes for 3.8-rc3, they are: * fix possible BUG_ON if several netns are in use and the nf_conntrack module is removed, initial patch from Gao feng, final patch from myself. * fix unset return value if conntrack zone are disabled at compile-time, reported by Borislav Petkov, fix from myself. * fix display error message via dmesg for arp_tables, from Jan Engelhardt. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_conntrack_core.c9
-rw-r--r--net/netfilter/nf_conntrack_standalone.c1
-rw-r--r--net/netfilter/x_tables.c28
-rw-r--r--net/netfilter/xt_CT.c4
4 files changed, 28 insertions, 14 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 016d95ead930..e4a0c4fb3a7c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1376,11 +1376,12 @@ void nf_conntrack_cleanup(struct net *net)
1376 synchronize_net(); 1376 synchronize_net();
1377 nf_conntrack_proto_fini(net); 1377 nf_conntrack_proto_fini(net);
1378 nf_conntrack_cleanup_net(net); 1378 nf_conntrack_cleanup_net(net);
1379}
1379 1380
1380 if (net_eq(net, &init_net)) { 1381void nf_conntrack_cleanup_end(void)
1381 RCU_INIT_POINTER(nf_ct_destroy, NULL); 1382{
1382 nf_conntrack_cleanup_init_net(); 1383 RCU_INIT_POINTER(nf_ct_destroy, NULL);
1383 } 1384 nf_conntrack_cleanup_init_net();
1384} 1385}
1385 1386
1386void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls) 1387void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 363285d544a1..e7185c684816 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -575,6 +575,7 @@ static int __init nf_conntrack_standalone_init(void)
575static void __exit nf_conntrack_standalone_fini(void) 575static void __exit nf_conntrack_standalone_fini(void)
576{ 576{
577 unregister_pernet_subsys(&nf_conntrack_net_ops); 577 unregister_pernet_subsys(&nf_conntrack_net_ops);
578 nf_conntrack_cleanup_end();
578} 579}
579 580
580module_init(nf_conntrack_standalone_init); 581module_init(nf_conntrack_standalone_init);
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 8d987c3573fd..7b3a9e5999c0 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -345,19 +345,27 @@ int xt_find_revision(u8 af, const char *name, u8 revision, int target,
345} 345}
346EXPORT_SYMBOL_GPL(xt_find_revision); 346EXPORT_SYMBOL_GPL(xt_find_revision);
347 347
348static char *textify_hooks(char *buf, size_t size, unsigned int mask) 348static char *
349textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
349{ 350{
350 static const char *const names[] = { 351 static const char *const inetbr_names[] = {
351 "PREROUTING", "INPUT", "FORWARD", 352 "PREROUTING", "INPUT", "FORWARD",
352 "OUTPUT", "POSTROUTING", "BROUTING", 353 "OUTPUT", "POSTROUTING", "BROUTING",
353 }; 354 };
354 unsigned int i; 355 static const char *const arp_names[] = {
356 "INPUT", "FORWARD", "OUTPUT",
357 };
358 const char *const *names;
359 unsigned int i, max;
355 char *p = buf; 360 char *p = buf;
356 bool np = false; 361 bool np = false;
357 int res; 362 int res;
358 363
364 names = (nfproto == NFPROTO_ARP) ? arp_names : inetbr_names;
365 max = (nfproto == NFPROTO_ARP) ? ARRAY_SIZE(arp_names) :
366 ARRAY_SIZE(inetbr_names);
359 *p = '\0'; 367 *p = '\0';
360 for (i = 0; i < ARRAY_SIZE(names); ++i) { 368 for (i = 0; i < max; ++i) {
361 if (!(mask & (1 << i))) 369 if (!(mask & (1 << i)))
362 continue; 370 continue;
363 res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]); 371 res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]);
@@ -402,8 +410,10 @@ int xt_check_match(struct xt_mtchk_param *par,
402 pr_err("%s_tables: %s match: used from hooks %s, but only " 410 pr_err("%s_tables: %s match: used from hooks %s, but only "
403 "valid from %s\n", 411 "valid from %s\n",
404 xt_prefix[par->family], par->match->name, 412 xt_prefix[par->family], par->match->name,
405 textify_hooks(used, sizeof(used), par->hook_mask), 413 textify_hooks(used, sizeof(used), par->hook_mask,
406 textify_hooks(allow, sizeof(allow), par->match->hooks)); 414 par->family),
415 textify_hooks(allow, sizeof(allow), par->match->hooks,
416 par->family));
407 return -EINVAL; 417 return -EINVAL;
408 } 418 }
409 if (par->match->proto && (par->match->proto != proto || inv_proto)) { 419 if (par->match->proto && (par->match->proto != proto || inv_proto)) {
@@ -575,8 +585,10 @@ int xt_check_target(struct xt_tgchk_param *par,
575 pr_err("%s_tables: %s target: used from hooks %s, but only " 585 pr_err("%s_tables: %s target: used from hooks %s, but only "
576 "usable from %s\n", 586 "usable from %s\n",
577 xt_prefix[par->family], par->target->name, 587 xt_prefix[par->family], par->target->name,
578 textify_hooks(used, sizeof(used), par->hook_mask), 588 textify_hooks(used, sizeof(used), par->hook_mask,
579 textify_hooks(allow, sizeof(allow), par->target->hooks)); 589 par->family),
590 textify_hooks(allow, sizeof(allow), par->target->hooks,
591 par->family));
580 return -EINVAL; 592 return -EINVAL;
581 } 593 }
582 if (par->target->proto && (par->target->proto != proto || inv_proto)) { 594 if (par->target->proto && (par->target->proto != proto || inv_proto)) {
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 2a0843081840..bde009ed8d3b 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -109,7 +109,7 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
109 struct xt_ct_target_info *info = par->targinfo; 109 struct xt_ct_target_info *info = par->targinfo;
110 struct nf_conntrack_tuple t; 110 struct nf_conntrack_tuple t;
111 struct nf_conn *ct; 111 struct nf_conn *ct;
112 int ret; 112 int ret = -EOPNOTSUPP;
113 113
114 if (info->flags & ~XT_CT_NOTRACK) 114 if (info->flags & ~XT_CT_NOTRACK)
115 return -EINVAL; 115 return -EINVAL;
@@ -247,7 +247,7 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
247 struct xt_ct_target_info_v1 *info = par->targinfo; 247 struct xt_ct_target_info_v1 *info = par->targinfo;
248 struct nf_conntrack_tuple t; 248 struct nf_conntrack_tuple t;
249 struct nf_conn *ct; 249 struct nf_conn *ct;
250 int ret; 250 int ret = -EOPNOTSUPP;
251 251
252 if (info->flags & ~XT_CT_NOTRACK) 252 if (info->flags & ~XT_CT_NOTRACK)
253 return -EINVAL; 253 return -EINVAL;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-24 22:38:16 -0500