aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2014-04-14 19:00:10 -0400
committerDavid S. Miller <davem@davemloft.net>2014-04-14 19:00:10 -0400
commit00cbc3dcd1e2758f65e82c46796e259a0ce22fcc (patch)
treea9542bbeeca6cfc6d5158b0004302f53f1f8c360 /net
parent1e785f48d29a09b6cf96db7b49b6320dada332e1 (diff)
parentb855d416dc17061ebb271ea7ef1201d100531770 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains three Netfilter fixes for your net tree, they are: * Fix missing generation sequence initialization which results in a splat if lockdep is enabled, it was introduced in the recent works to improve nf_conntrack scalability, from Andrey Vagin. * Don't flush the GRE keymap list in nf_conntrack when the pptp helper is disabled otherwise this crashes due to a double release, from Andrey Vagin. * Fix nf_tables cmp fast in big endian, from Patrick McHardy. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_conntrack_core.c1
-rw-r--r--net/netfilter/nf_conntrack_pptp.c20
-rw-r--r--net/netfilter/nf_conntrack_proto_gre.c3
-rw-r--r--net/netfilter/nf_tables_core.c3
-rw-r--r--net/netfilter/nft_cmp.c2
5 files changed, 5 insertions, 24 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 6dba48efe01e..75421f2ba8be 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1795,6 +1795,7 @@ int nf_conntrack_init_net(struct net *net)
1795 int cpu; 1795 int cpu;
1796 1796
1797 atomic_set(&net->ct.count, 0); 1797 atomic_set(&net->ct.count, 0);
1798 seqcount_init(&net->ct.generation);
1798 1799
1799 net->ct.pcpu_lists = alloc_percpu(struct ct_pcpu); 1800 net->ct.pcpu_lists = alloc_percpu(struct ct_pcpu);
1800 if (!net->ct.pcpu_lists) 1801 if (!net->ct.pcpu_lists)
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 7bd03decd36c..825c3e3f8305 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -605,32 +605,14 @@ static struct nf_conntrack_helper pptp __read_mostly = {
605 .expect_policy = &pptp_exp_policy, 605 .expect_policy = &pptp_exp_policy,
606}; 606};
607 607
608static void nf_conntrack_pptp_net_exit(struct net *net)
609{
610 nf_ct_gre_keymap_flush(net);
611}
612
613static struct pernet_operations nf_conntrack_pptp_net_ops = {
614 .exit = nf_conntrack_pptp_net_exit,
615};
616
617static int __init nf_conntrack_pptp_init(void) 608static int __init nf_conntrack_pptp_init(void)
618{ 609{
619 int rv; 610 return nf_conntrack_helper_register(&pptp);
620
621 rv = nf_conntrack_helper_register(&pptp);
622 if (rv < 0)
623 return rv;
624 rv = register_pernet_subsys(&nf_conntrack_pptp_net_ops);
625 if (rv < 0)
626 nf_conntrack_helper_unregister(&pptp);
627 return rv;
628} 611}
629 612
630static void __exit nf_conntrack_pptp_fini(void) 613static void __exit nf_conntrack_pptp_fini(void)
631{ 614{
632 nf_conntrack_helper_unregister(&pptp); 615 nf_conntrack_helper_unregister(&pptp);
633 unregister_pernet_subsys(&nf_conntrack_pptp_net_ops);
634} 616}
635 617
636module_init(nf_conntrack_pptp_init); 618module_init(nf_conntrack_pptp_init);
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index 9d9c0dade602..d5665739e3b1 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -66,7 +66,7 @@ static inline struct netns_proto_gre *gre_pernet(struct net *net)
66 return net_generic(net, proto_gre_net_id); 66 return net_generic(net, proto_gre_net_id);
67} 67}
68 68
69void nf_ct_gre_keymap_flush(struct net *net) 69static void nf_ct_gre_keymap_flush(struct net *net)
70{ 70{
71 struct netns_proto_gre *net_gre = gre_pernet(net); 71 struct netns_proto_gre *net_gre = gre_pernet(net);
72 struct nf_ct_gre_keymap *km, *tmp; 72 struct nf_ct_gre_keymap *km, *tmp;
@@ -78,7 +78,6 @@ void nf_ct_gre_keymap_flush(struct net *net)
78 } 78 }
79 write_unlock_bh(&net_gre->keymap_lock); 79 write_unlock_bh(&net_gre->keymap_lock);
80} 80}
81EXPORT_SYMBOL(nf_ct_gre_keymap_flush);
82 81
83static inline int gre_key_cmpfn(const struct nf_ct_gre_keymap *km, 82static inline int gre_key_cmpfn(const struct nf_ct_gre_keymap *km,
84 const struct nf_conntrack_tuple *t) 83 const struct nf_conntrack_tuple *t)
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 90998a6ff8b9..804105391b9a 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -25,9 +25,8 @@ static void nft_cmp_fast_eval(const struct nft_expr *expr,
25 struct nft_data data[NFT_REG_MAX + 1]) 25 struct nft_data data[NFT_REG_MAX + 1])
26{ 26{
27 const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr); 27 const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr);
28 u32 mask; 28 u32 mask = nft_cmp_fast_mask(priv->len);
29 29
30 mask = ~0U >> (sizeof(priv->data) * BITS_PER_BYTE - priv->len);
31 if ((data[priv->sreg].data[0] & mask) == priv->data) 30 if ((data[priv->sreg].data[0] & mask) == priv->data)
32 return; 31 return;
33 data[NFT_REG_VERDICT].verdict = NFT_BREAK; 32 data[NFT_REG_VERDICT].verdict = NFT_BREAK;
diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c
index 954925db414d..e2b3f51c81f1 100644
--- a/net/netfilter/nft_cmp.c
+++ b/net/netfilter/nft_cmp.c
@@ -128,7 +128,7 @@ static int nft_cmp_fast_init(const struct nft_ctx *ctx,
128 BUG_ON(err < 0); 128 BUG_ON(err < 0);
129 desc.len *= BITS_PER_BYTE; 129 desc.len *= BITS_PER_BYTE;
130 130
131 mask = ~0U >> (sizeof(priv->data) * BITS_PER_BYTE - desc.len); 131 mask = nft_cmp_fast_mask(desc.len);
132 priv->data = data.data[0] & mask; 132 priv->data = data.data[0] & mask;
133 priv->len = desc.len; 133 priv->len = desc.len;
134 return 0; 134 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-27 15:01:07 -0500