diff options
| author | David S. Miller <davem@davemloft.net> | 2013-03-20 10:23:52 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-03-20 10:23:52 -0400 |
| commit | 90b2621fd465949e1714127e829a79160de14b38 (patch) | |
| tree | b190b353423919c84f1bedeeb838c3ae7e448335 /net | |
| parent | 10b38669d64c757cfd927e3820292c580ed70aae (diff) | |
| parent | 3dd6664fac7e6041bfc8756ae9e8c78f59108cd9 (diff) | |
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:
====================
The following patchset contains 7 Netfilter/IPVS fixes for 3.9-rc, they are:
* Restrict IPv6 stateless NPT targets to the mangle table. Many users are
complaining that this target does not work in the nat table, which is the
wrong table for it, from Florian Westphal.
* Fix possible use before initialization in the netns init path of several
conntrack protocol trackers (introduced recently while improving conntrack
netns support), from Gao Feng.
* Fix incorrect initialization of copy_range in nfnetlink_queue, spotted
by Eric Dumazet during the NFWS2013, patch from myself.
* Fix wrong calculation of next SCTP chunk in IPVS, from Julian Anastasov.
* Remove rcu_read_lock section in IPVS while calling ipv4_update_pmtu
not required anymore after change introduced in 3.7, again from Julian.
* Fix SYN looping in IPVS state sync if the backup is used a real server
in DR/TUN modes, this required a new /proc entry to disable the director
function when acting as backup, also from Julian.
* Remove leftover IP_NF_QUEUE Kconfig after ip_queue removal, noted by
Paul Bolle.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 13 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_NPT.c | 2 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_core.c | 14 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 7 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_proto_sctp.c | 16 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_dccp.c | 12 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_gre.c | 12 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 12 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_udplite.c | 12 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 2 |
10 files changed, 51 insertions, 51 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index ce2d43e1f09f..0d755c50994b 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -36,19 +36,6 @@ config NF_CONNTRACK_PROC_COMPAT | |||
| 36 | 36 | ||
| 37 | If unsure, say Y. | 37 | If unsure, say Y. |
| 38 | 38 | ||
| 39 | config IP_NF_QUEUE | ||
| 40 | tristate "IP Userspace queueing via NETLINK (OBSOLETE)" | ||
| 41 | depends on NETFILTER_ADVANCED | ||
| 42 | help | ||
| 43 | Netfilter has the ability to queue packets to user space: the | ||
| 44 | netlink device can be used to access them using this driver. | ||
| 45 | |||
| 46 | This option enables the old IPv4-only "ip_queue" implementation | ||
| 47 | which has been obsoleted by the new "nfnetlink_queue" code (see | ||
| 48 | CONFIG_NETFILTER_NETLINK_QUEUE). | ||
| 49 | |||
| 50 | To compile it as a module, choose M here. If unsure, say N. | ||
| 51 | |||
| 52 | config IP_NF_IPTABLES | 39 | config IP_NF_IPTABLES |
| 53 | tristate "IP tables support (required for filtering/masq/NAT)" | 40 | tristate "IP tables support (required for filtering/masq/NAT)" |
| 54 | default m if NETFILTER_ADVANCED=n | 41 | default m if NETFILTER_ADVANCED=n |
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c index 83acc1405a18..33608c610276 100644 --- a/net/ipv6/netfilter/ip6t_NPT.c +++ b/net/ipv6/netfilter/ip6t_NPT.c | |||
| @@ -114,6 +114,7 @@ ip6t_dnpt_tg(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 114 | static struct xt_target ip6t_npt_target_reg[] __read_mostly = { | 114 | static struct xt_target ip6t_npt_target_reg[] __read_mostly = { |
| 115 | { | 115 | { |
| 116 | .name = "SNPT", | 116 | .name = "SNPT", |
| 117 | .table = "mangle", | ||
| 117 | .target = ip6t_snpt_tg, | 118 | .target = ip6t_snpt_tg, |
| 118 | .targetsize = sizeof(struct ip6t_npt_tginfo), | 119 | .targetsize = sizeof(struct ip6t_npt_tginfo), |
| 119 | .checkentry = ip6t_npt_checkentry, | 120 | .checkentry = ip6t_npt_checkentry, |
| @@ -124,6 +125,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = { | |||
| 124 | }, | 125 | }, |
| 125 | { | 126 | { |
| 126 | .name = "DNPT", | 127 | .name = "DNPT", |
| 128 | .table = "mangle", | ||
| 127 | .target = ip6t_dnpt_tg, | 129 | .target = ip6t_dnpt_tg, |
| 128 | .targetsize = sizeof(struct ip6t_npt_tginfo), | 130 | .targetsize = sizeof(struct ip6t_npt_tginfo), |
| 129 | .checkentry = ip6t_npt_checkentry, | 131 | .checkentry = ip6t_npt_checkentry, |
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index 47edf5a40a59..61f49d241712 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c | |||
| @@ -1394,10 +1394,8 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
| 1394 | skb_reset_network_header(skb); | 1394 | skb_reset_network_header(skb); |
| 1395 | IP_VS_DBG(12, "ICMP for IPIP %pI4->%pI4: mtu=%u\n", | 1395 | IP_VS_DBG(12, "ICMP for IPIP %pI4->%pI4: mtu=%u\n", |
| 1396 | &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr, mtu); | 1396 | &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr, mtu); |
| 1397 | rcu_read_lock(); | ||
| 1398 | ipv4_update_pmtu(skb, dev_net(skb->dev), | 1397 | ipv4_update_pmtu(skb, dev_net(skb->dev), |
| 1399 | mtu, 0, 0, 0, 0); | 1398 | mtu, 0, 0, 0, 0); |
| 1400 | rcu_read_unlock(); | ||
| 1401 | /* Client uses PMTUD? */ | 1399 | /* Client uses PMTUD? */ |
| 1402 | if (!(cih->frag_off & htons(IP_DF))) | 1400 | if (!(cih->frag_off & htons(IP_DF))) |
| 1403 | goto ignore_ipip; | 1401 | goto ignore_ipip; |
| @@ -1577,7 +1575,8 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) | |||
| 1577 | } | 1575 | } |
| 1578 | /* ipvs enabled in this netns ? */ | 1576 | /* ipvs enabled in this netns ? */ |
| 1579 | net = skb_net(skb); | 1577 | net = skb_net(skb); |
| 1580 | if (!net_ipvs(net)->enable) | 1578 | ipvs = net_ipvs(net); |
| 1579 | if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable)) | ||
| 1581 | return NF_ACCEPT; | 1580 | return NF_ACCEPT; |
| 1582 | 1581 | ||
| 1583 | ip_vs_fill_iph_skb(af, skb, &iph); | 1582 | ip_vs_fill_iph_skb(af, skb, &iph); |
| @@ -1654,7 +1653,6 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) | |||
| 1654 | } | 1653 | } |
| 1655 | 1654 | ||
| 1656 | IP_VS_DBG_PKT(11, af, pp, skb, 0, "Incoming packet"); | 1655 | IP_VS_DBG_PKT(11, af, pp, skb, 0, "Incoming packet"); |
| 1657 | ipvs = net_ipvs(net); | ||
| 1658 | /* Check the server status */ | 1656 | /* Check the server status */ |
| 1659 | if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) { | 1657 | if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) { |
| 1660 | /* the destination server is not available */ | 1658 | /* the destination server is not available */ |
| @@ -1815,13 +1813,15 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb, | |||
| 1815 | { | 1813 | { |
| 1816 | int r; | 1814 | int r; |
| 1817 | struct net *net; | 1815 | struct net *net; |
| 1816 | struct netns_ipvs *ipvs; | ||
| 1818 | 1817 | ||
| 1819 | if (ip_hdr(skb)->protocol != IPPROTO_ICMP) | 1818 | if (ip_hdr(skb)->protocol != IPPROTO_ICMP) |
| 1820 | return NF_ACCEPT; | 1819 | return NF_ACCEPT; |
| 1821 | 1820 | ||
| 1822 | /* ipvs enabled in this netns ? */ | 1821 | /* ipvs enabled in this netns ? */ |
| 1823 | net = skb_net(skb); | 1822 | net = skb_net(skb); |
| 1824 | if (!net_ipvs(net)->enable) | 1823 | ipvs = net_ipvs(net); |
| 1824 | if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable)) | ||
| 1825 | return NF_ACCEPT; | 1825 | return NF_ACCEPT; |
| 1826 | 1826 | ||
| 1827 | return ip_vs_in_icmp(skb, &r, hooknum); | 1827 | return ip_vs_in_icmp(skb, &r, hooknum); |
| @@ -1835,6 +1835,7 @@ ip_vs_forward_icmp_v6(unsigned int hooknum, struct sk_buff *skb, | |||
| 1835 | { | 1835 | { |
| 1836 | int r; | 1836 | int r; |
| 1837 | struct net *net; | 1837 | struct net *net; |
| 1838 | struct netns_ipvs *ipvs; | ||
| 1838 | struct ip_vs_iphdr iphdr; | 1839 | struct ip_vs_iphdr iphdr; |
| 1839 | 1840 | ||
| 1840 | ip_vs_fill_iph_skb(AF_INET6, skb, &iphdr); | 1841 | ip_vs_fill_iph_skb(AF_INET6, skb, &iphdr); |
| @@ -1843,7 +1844,8 @@ ip_vs_forward_icmp_v6(unsigned int hooknum, struct sk_buff *skb, | |||
| 1843 | 1844 | ||
| 1844 | /* ipvs enabled in this netns ? */ | 1845 | /* ipvs enabled in this netns ? */ |
| 1845 | net = skb_net(skb); | 1846 | net = skb_net(skb); |
| 1846 | if (!net_ipvs(net)->enable) | 1847 | ipvs = net_ipvs(net); |
| 1848 | if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable)) | ||
| 1847 | return NF_ACCEPT; | 1849 | return NF_ACCEPT; |
| 1848 | 1850 | ||
| 1849 | return ip_vs_in_icmp_v6(skb, &r, hooknum, &iphdr); | 1851 | return ip_vs_in_icmp_v6(skb, &r, hooknum, &iphdr); |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index c68198bf9128..9e2d1cccd1eb 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -1808,6 +1808,12 @@ static struct ctl_table vs_vars[] = { | |||
| 1808 | .mode = 0644, | 1808 | .mode = 0644, |
| 1809 | .proc_handler = proc_dointvec, | 1809 | .proc_handler = proc_dointvec, |
| 1810 | }, | 1810 | }, |
| 1811 | { | ||
| 1812 | .procname = "backup_only", | ||
| 1813 | .maxlen = sizeof(int), | ||
| 1814 | .mode = 0644, | ||
| 1815 | .proc_handler = proc_dointvec, | ||
| 1816 | }, | ||
| 1811 | #ifdef CONFIG_IP_VS_DEBUG | 1817 | #ifdef CONFIG_IP_VS_DEBUG |
| 1812 | { | 1818 | { |
| 1813 | .procname = "debug_level", | 1819 | .procname = "debug_level", |
| @@ -3741,6 +3747,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) | |||
| 3741 | tbl[idx++].data = &ipvs->sysctl_nat_icmp_send; | 3747 | tbl[idx++].data = &ipvs->sysctl_nat_icmp_send; |
| 3742 | ipvs->sysctl_pmtu_disc = 1; | 3748 | ipvs->sysctl_pmtu_disc = 1; |
| 3743 | tbl[idx++].data = &ipvs->sysctl_pmtu_disc; | 3749 | tbl[idx++].data = &ipvs->sysctl_pmtu_disc; |
| 3750 | tbl[idx++].data = &ipvs->sysctl_backup_only; | ||
| 3744 | 3751 | ||
| 3745 | 3752 | ||
| 3746 | ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl); | 3753 | ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl); |
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c index ae8ec6f27688..cd1d7298f7ba 100644 --- a/net/netfilter/ipvs/ip_vs_proto_sctp.c +++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c | |||
| @@ -906,7 +906,7 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp, | |||
| 906 | sctp_chunkhdr_t _sctpch, *sch; | 906 | sctp_chunkhdr_t _sctpch, *sch; |
| 907 | unsigned char chunk_type; | 907 | unsigned char chunk_type; |
| 908 | int event, next_state; | 908 | int event, next_state; |
| 909 | int ihl; | 909 | int ihl, cofs; |
| 910 | 910 | ||
| 911 | #ifdef CONFIG_IP_VS_IPV6 | 911 | #ifdef CONFIG_IP_VS_IPV6 |
| 912 | ihl = cp->af == AF_INET ? ip_hdrlen(skb) : sizeof(struct ipv6hdr); | 912 | ihl = cp->af == AF_INET ? ip_hdrlen(skb) : sizeof(struct ipv6hdr); |
| @@ -914,8 +914,8 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp, | |||
| 914 | ihl = ip_hdrlen(skb); | 914 | ihl = ip_hdrlen(skb); |
| 915 | #endif | 915 | #endif |
| 916 | 916 | ||
| 917 | sch = skb_header_pointer(skb, ihl + sizeof(sctp_sctphdr_t), | 917 | cofs = ihl + sizeof(sctp_sctphdr_t); |
| 918 | sizeof(_sctpch), &_sctpch); | 918 | sch = skb_header_pointer(skb, cofs, sizeof(_sctpch), &_sctpch); |
| 919 | if (sch == NULL) | 919 | if (sch == NULL) |
| 920 | return; | 920 | return; |
| 921 | 921 | ||
| @@ -933,10 +933,12 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp, | |||
| 933 | */ | 933 | */ |
| 934 | if ((sch->type == SCTP_CID_COOKIE_ECHO) || | 934 | if ((sch->type == SCTP_CID_COOKIE_ECHO) || |
| 935 | (sch->type == SCTP_CID_COOKIE_ACK)) { | 935 | (sch->type == SCTP_CID_COOKIE_ACK)) { |
| 936 | sch = skb_header_pointer(skb, (ihl + sizeof(sctp_sctphdr_t) + | 936 | int clen = ntohs(sch->length); |
| 937 | sch->length), sizeof(_sctpch), &_sctpch); | 937 | |
| 938 | if (sch) { | 938 | if (clen >= sizeof(sctp_chunkhdr_t)) { |
| 939 | if (sch->type == SCTP_CID_ABORT) | 939 | sch = skb_header_pointer(skb, cofs + ALIGN(clen, 4), |
| 940 | sizeof(_sctpch), &_sctpch); | ||
| 941 | if (sch && sch->type == SCTP_CID_ABORT) | ||
| 940 | chunk_type = sch->type; | 942 | chunk_type = sch->type; |
| 941 | } | 943 | } |
| 942 | } | 944 | } |
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c index 432f95780003..ba65b2041eb4 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c | |||
| @@ -969,6 +969,10 @@ static int __init nf_conntrack_proto_dccp_init(void) | |||
| 969 | { | 969 | { |
| 970 | int ret; | 970 | int ret; |
| 971 | 971 | ||
| 972 | ret = register_pernet_subsys(&dccp_net_ops); | ||
| 973 | if (ret < 0) | ||
| 974 | goto out_pernet; | ||
| 975 | |||
| 972 | ret = nf_ct_l4proto_register(&dccp_proto4); | 976 | ret = nf_ct_l4proto_register(&dccp_proto4); |
| 973 | if (ret < 0) | 977 | if (ret < 0) |
| 974 | goto out_dccp4; | 978 | goto out_dccp4; |
| @@ -977,16 +981,12 @@ static int __init nf_conntrack_proto_dccp_init(void) | |||
| 977 | if (ret < 0) | 981 | if (ret < 0) |
| 978 | goto out_dccp6; | 982 | goto out_dccp6; |
| 979 | 983 | ||
| 980 | ret = register_pernet_subsys(&dccp_net_ops); | ||
| 981 | if (ret < 0) | ||
| 982 | goto out_pernet; | ||
| 983 | |||
| 984 | return 0; | 984 | return 0; |
| 985 | out_pernet: | ||
| 986 | nf_ct_l4proto_unregister(&dccp_proto6); | ||
| 987 | out_dccp6: | 985 | out_dccp6: |
| 988 | nf_ct_l4proto_unregister(&dccp_proto4); | 986 | nf_ct_l4proto_unregister(&dccp_proto4); |
| 989 | out_dccp4: | 987 | out_dccp4: |
| 988 | unregister_pernet_subsys(&dccp_net_ops); | ||
| 989 | out_pernet: | ||
| 990 | return ret; | 990 | return ret; |
| 991 | } | 991 | } |
| 992 | 992 | ||
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index bd7d01d9c7e7..155ce9f8a0db 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c | |||
| @@ -420,18 +420,18 @@ static int __init nf_ct_proto_gre_init(void) | |||
| 420 | { | 420 | { |
| 421 | int ret; | 421 | int ret; |
| 422 | 422 | ||
| 423 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_gre4); | ||
| 424 | if (ret < 0) | ||
| 425 | goto out_gre4; | ||
| 426 | |||
| 427 | ret = register_pernet_subsys(&proto_gre_net_ops); | 423 | ret = register_pernet_subsys(&proto_gre_net_ops); |
| 428 | if (ret < 0) | 424 | if (ret < 0) |
| 429 | goto out_pernet; | 425 | goto out_pernet; |
| 430 | 426 | ||
| 427 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_gre4); | ||
| 428 | if (ret < 0) | ||
| 429 | goto out_gre4; | ||
| 430 | |||
| 431 | return 0; | 431 | return 0; |
| 432 | out_pernet: | ||
| 433 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_gre4); | ||
| 434 | out_gre4: | 432 | out_gre4: |
| 433 | unregister_pernet_subsys(&proto_gre_net_ops); | ||
| 434 | out_pernet: | ||
| 435 | return ret; | 435 | return ret; |
| 436 | } | 436 | } |
| 437 | 437 | ||
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 480f616d5936..ec83536def9a 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
| @@ -888,6 +888,10 @@ static int __init nf_conntrack_proto_sctp_init(void) | |||
| 888 | { | 888 | { |
| 889 | int ret; | 889 | int ret; |
| 890 | 890 | ||
| 891 | ret = register_pernet_subsys(&sctp_net_ops); | ||
| 892 | if (ret < 0) | ||
| 893 | goto out_pernet; | ||
| 894 | |||
| 891 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_sctp4); | 895 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_sctp4); |
| 892 | if (ret < 0) | 896 | if (ret < 0) |
| 893 | goto out_sctp4; | 897 | goto out_sctp4; |
| @@ -896,16 +900,12 @@ static int __init nf_conntrack_proto_sctp_init(void) | |||
| 896 | if (ret < 0) | 900 | if (ret < 0) |
| 897 | goto out_sctp6; | 901 | goto out_sctp6; |
| 898 | 902 | ||
| 899 | ret = register_pernet_subsys(&sctp_net_ops); | ||
| 900 | if (ret < 0) | ||
| 901 | goto out_pernet; | ||
| 902 | |||
| 903 | return 0; | 903 | return 0; |
| 904 | out_pernet: | ||
| 905 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_sctp6); | ||
| 906 | out_sctp6: | 904 | out_sctp6: |
| 907 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_sctp4); | 905 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_sctp4); |
| 908 | out_sctp4: | 906 | out_sctp4: |
| 907 | unregister_pernet_subsys(&sctp_net_ops); | ||
| 908 | out_pernet: | ||
| 909 | return ret; | 909 | return ret; |
| 910 | } | 910 | } |
| 911 | 911 | ||
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c index 157489581c31..ca969f6273f7 100644 --- a/net/netfilter/nf_conntrack_proto_udplite.c +++ b/net/netfilter/nf_conntrack_proto_udplite.c | |||
| @@ -371,6 +371,10 @@ static int __init nf_conntrack_proto_udplite_init(void) | |||
| 371 | { | 371 | { |
| 372 | int ret; | 372 | int ret; |
| 373 | 373 | ||
| 374 | ret = register_pernet_subsys(&udplite_net_ops); | ||
| 375 | if (ret < 0) | ||
| 376 | goto out_pernet; | ||
| 377 | |||
| 374 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_udplite4); | 378 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_udplite4); |
| 375 | if (ret < 0) | 379 | if (ret < 0) |
| 376 | goto out_udplite4; | 380 | goto out_udplite4; |
| @@ -379,16 +383,12 @@ static int __init nf_conntrack_proto_udplite_init(void) | |||
| 379 | if (ret < 0) | 383 | if (ret < 0) |
| 380 | goto out_udplite6; | 384 | goto out_udplite6; |
| 381 | 385 | ||
| 382 | ret = register_pernet_subsys(&udplite_net_ops); | ||
| 383 | if (ret < 0) | ||
| 384 | goto out_pernet; | ||
| 385 | |||
| 386 | return 0; | 386 | return 0; |
| 387 | out_pernet: | ||
| 388 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udplite6); | ||
| 389 | out_udplite6: | 387 | out_udplite6: |
| 390 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udplite4); | 388 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udplite4); |
| 391 | out_udplite4: | 389 | out_udplite4: |
| 390 | unregister_pernet_subsys(&udplite_net_ops); | ||
| 391 | out_pernet: | ||
| 392 | return ret; | 392 | return ret; |
| 393 | } | 393 | } |
| 394 | 394 | ||
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index 858fd52c1040..1cb48540f86a 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c | |||
| @@ -112,7 +112,7 @@ instance_create(u_int16_t queue_num, int portid) | |||
| 112 | inst->queue_num = queue_num; | 112 | inst->queue_num = queue_num; |
| 113 | inst->peer_portid = portid; | 113 | inst->peer_portid = portid; |
| 114 | inst->queue_maxlen = NFQNL_QMAX_DEFAULT; | 114 | inst->queue_maxlen = NFQNL_QMAX_DEFAULT; |
| 115 | inst->copy_range = 0xfffff; | 115 | inst->copy_range = 0xffff; |
| 116 | inst->copy_mode = NFQNL_COPY_NONE; | 116 | inst->copy_mode = NFQNL_COPY_NONE; |
| 117 | spin_lock_init(&inst->lock); | 117 | spin_lock_init(&inst->lock); |
| 118 | INIT_LIST_HEAD(&inst->queue_list); | 118 | INIT_LIST_HEAD(&inst->queue_list); |