diff options
| -rw-r--r-- | include/net/netfilter/nf_conntrack_ecache.h | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_sip.c | 5 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 4 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 16 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 3 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_log.c | 6 |
6 files changed, 25 insertions, 10 deletions
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h index e1ce1048fe5f..4a045cda9c60 100644 --- a/include/net/netfilter/nf_conntrack_ecache.h +++ b/include/net/netfilter/nf_conntrack_ecache.h | |||
| @@ -18,6 +18,7 @@ struct nf_conntrack_ecache { | |||
| 18 | u16 ctmask; /* bitmask of ct events to be delivered */ | 18 | u16 ctmask; /* bitmask of ct events to be delivered */ |
| 19 | u16 expmask; /* bitmask of expect events to be delivered */ | 19 | u16 expmask; /* bitmask of expect events to be delivered */ |
| 20 | u32 pid; /* netlink pid of destroyer */ | 20 | u32 pid; /* netlink pid of destroyer */ |
| 21 | struct timer_list timeout; | ||
| 21 | }; | 22 | }; |
| 22 | 23 | ||
| 23 | static inline struct nf_conntrack_ecache * | 24 | static inline struct nf_conntrack_ecache * |
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index 4ad9cf173992..9c87cde28ff8 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
| @@ -502,7 +502,10 @@ static unsigned int ip_nat_sdp_media(struct sk_buff *skb, unsigned int dataoff, | |||
| 502 | ret = nf_ct_expect_related(rtcp_exp); | 502 | ret = nf_ct_expect_related(rtcp_exp); |
| 503 | if (ret == 0) | 503 | if (ret == 0) |
| 504 | break; | 504 | break; |
| 505 | else if (ret != -EBUSY) { | 505 | else if (ret == -EBUSY) { |
| 506 | nf_ct_unexpect_related(rtp_exp); | ||
| 507 | continue; | ||
| 508 | } else if (ret < 0) { | ||
| 506 | nf_ct_unexpect_related(rtp_exp); | 509 | nf_ct_unexpect_related(rtp_exp); |
| 507 | port = 0; | 510 | port = 0; |
| 508 | break; | 511 | break; |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 72bf32a84874..f51013c07b9f 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -1171,8 +1171,10 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u, | |||
| 1171 | goto out_err; | 1171 | goto out_err; |
| 1172 | } | 1172 | } |
| 1173 | svc->stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats); | 1173 | svc->stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats); |
| 1174 | if (!svc->stats.cpustats) | 1174 | if (!svc->stats.cpustats) { |
| 1175 | ret = -ENOMEM; | ||
| 1175 | goto out_err; | 1176 | goto out_err; |
| 1177 | } | ||
| 1176 | 1178 | ||
| 1177 | /* I'm the first user of the service */ | 1179 | /* I'm the first user of the service */ |
| 1178 | atomic_set(&svc->usecnt, 0); | 1180 | atomic_set(&svc->usecnt, 0); |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index cf4875565d67..2ceec64b19f9 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -249,12 +249,15 @@ static void death_by_event(unsigned long ul_conntrack) | |||
| 249 | { | 249 | { |
| 250 | struct nf_conn *ct = (void *)ul_conntrack; | 250 | struct nf_conn *ct = (void *)ul_conntrack; |
| 251 | struct net *net = nf_ct_net(ct); | 251 | struct net *net = nf_ct_net(ct); |
| 252 | struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct); | ||
| 253 | |||
| 254 | BUG_ON(ecache == NULL); | ||
| 252 | 255 | ||
| 253 | if (nf_conntrack_event(IPCT_DESTROY, ct) < 0) { | 256 | if (nf_conntrack_event(IPCT_DESTROY, ct) < 0) { |
| 254 | /* bad luck, let's retry again */ | 257 | /* bad luck, let's retry again */ |
| 255 | ct->timeout.expires = jiffies + | 258 | ecache->timeout.expires = jiffies + |
| 256 | (random32() % net->ct.sysctl_events_retry_timeout); | 259 | (random32() % net->ct.sysctl_events_retry_timeout); |
| 257 | add_timer(&ct->timeout); | 260 | add_timer(&ecache->timeout); |
| 258 | return; | 261 | return; |
| 259 | } | 262 | } |
| 260 | /* we've got the event delivered, now it's dying */ | 263 | /* we've got the event delivered, now it's dying */ |
| @@ -268,6 +271,9 @@ static void death_by_event(unsigned long ul_conntrack) | |||
| 268 | void nf_ct_insert_dying_list(struct nf_conn *ct) | 271 | void nf_ct_insert_dying_list(struct nf_conn *ct) |
| 269 | { | 272 | { |
| 270 | struct net *net = nf_ct_net(ct); | 273 | struct net *net = nf_ct_net(ct); |
| 274 | struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct); | ||
| 275 | |||
| 276 | BUG_ON(ecache == NULL); | ||
| 271 | 277 | ||
| 272 | /* add this conntrack to the dying list */ | 278 | /* add this conntrack to the dying list */ |
| 273 | spin_lock_bh(&nf_conntrack_lock); | 279 | spin_lock_bh(&nf_conntrack_lock); |
| @@ -275,10 +281,10 @@ void nf_ct_insert_dying_list(struct nf_conn *ct) | |||
| 275 | &net->ct.dying); | 281 | &net->ct.dying); |
| 276 | spin_unlock_bh(&nf_conntrack_lock); | 282 | spin_unlock_bh(&nf_conntrack_lock); |
| 277 | /* set a new timer to retry event delivery */ | 283 | /* set a new timer to retry event delivery */ |
| 278 | setup_timer(&ct->timeout, death_by_event, (unsigned long)ct); | 284 | setup_timer(&ecache->timeout, death_by_event, (unsigned long)ct); |
| 279 | ct->timeout.expires = jiffies + | 285 | ecache->timeout.expires = jiffies + |
| 280 | (random32() % net->ct.sysctl_events_retry_timeout); | 286 | (random32() % net->ct.sysctl_events_retry_timeout); |
| 281 | add_timer(&ct->timeout); | 287 | add_timer(&ecache->timeout); |
| 282 | } | 288 | } |
| 283 | EXPORT_SYMBOL_GPL(nf_ct_insert_dying_list); | 289 | EXPORT_SYMBOL_GPL(nf_ct_insert_dying_list); |
| 284 | 290 | ||
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index da4fc37a8578..9807f3278fcb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -2790,7 +2790,8 @@ static int __init ctnetlink_init(void) | |||
| 2790 | goto err_unreg_subsys; | 2790 | goto err_unreg_subsys; |
| 2791 | } | 2791 | } |
| 2792 | 2792 | ||
| 2793 | if (register_pernet_subsys(&ctnetlink_net_ops)) { | 2793 | ret = register_pernet_subsys(&ctnetlink_net_ops); |
| 2794 | if (ret < 0) { | ||
| 2794 | pr_err("ctnetlink_init: cannot register pernet operations\n"); | 2795 | pr_err("ctnetlink_init: cannot register pernet operations\n"); |
| 2795 | goto err_unreg_exp_subsys; | 2796 | goto err_unreg_exp_subsys; |
| 2796 | } | 2797 | } |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 169ab59ed9d4..14e2f3903142 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
| @@ -480,7 +480,7 @@ __build_packet_message(struct nfulnl_instance *inst, | |||
| 480 | } | 480 | } |
| 481 | 481 | ||
| 482 | if (indev && skb_mac_header_was_set(skb)) { | 482 | if (indev && skb_mac_header_was_set(skb)) { |
| 483 | if (nla_put_be32(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) || | 483 | if (nla_put_be16(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) || |
| 484 | nla_put_be16(inst->skb, NFULA_HWLEN, | 484 | nla_put_be16(inst->skb, NFULA_HWLEN, |
| 485 | htons(skb->dev->hard_header_len)) || | 485 | htons(skb->dev->hard_header_len)) || |
| 486 | nla_put(inst->skb, NFULA_HWHEADER, skb->dev->hard_header_len, | 486 | nla_put(inst->skb, NFULA_HWHEADER, skb->dev->hard_header_len, |
| @@ -996,8 +996,10 @@ static int __init nfnetlink_log_init(void) | |||
| 996 | 996 | ||
| 997 | #ifdef CONFIG_PROC_FS | 997 | #ifdef CONFIG_PROC_FS |
| 998 | if (!proc_create("nfnetlink_log", 0440, | 998 | if (!proc_create("nfnetlink_log", 0440, |
| 999 | proc_net_netfilter, &nful_file_ops)) | 999 | proc_net_netfilter, &nful_file_ops)) { |
| 1000 | status = -ENOMEM; | ||
| 1000 | goto cleanup_logger; | 1001 | goto cleanup_logger; |
| 1002 | } | ||
| 1001 | #endif | 1003 | #endif |
| 1002 | return status; | 1004 | return status; |
| 1003 | 1005 | ||