4 files changed, 6 insertions, 3 deletions

diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index d654873aa25a..1f7e300094cd 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -59,6 +59,7 @@
 enum nf_ip6_hook_priorities {
         NF_IP6_PRI_FIRST = INT_MIN,
         NF_IP6_PRI_CONNTRACK_DEFRAG = -400,
+        NF_IP6_PRI_RAW = -300,
         NF_IP6_PRI_SELINUX_FIRST = -225,
         NF_IP6_PRI_CONNTRACK = -200,
         NF_IP6_PRI_MANGLE = -150,
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index aef31a29de9e..b9cf7cd61923 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -13,7 +13,7 @@ static const struct xt_table packet_raw = {
         .valid_hooks = RAW_VALID_HOOKS,
         .me = THIS_MODULE,
         .af = NFPROTO_IPV6,
-        .priority = NF_IP6_PRI_FIRST,
+        .priority = NF_IP6_PRI_RAW,
 };
 
 /* The work comes in here from netfilter.c. */
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 9e9c48963942..215a64835de8 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -493,6 +493,7 @@ static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
         case 64 ... 95:
                 i[2] = maskl(i[2], p - 64);
                 i[3] = 0;
+                break;
         case 96 ... 127:
                 i[3] = maskl(i[3], p - 96);
                 break;
@@ -879,7 +880,8 @@ static void dl_seq_stop(struct seq_file *s, void *v)
         struct xt_hashlimit_htable *htable = s->private;
         unsigned int *bucket = (unsigned int *)v;
 
-        kfree(bucket);
+        if (!IS_ERR(bucket))
+                kfree(bucket);
         spin_unlock_bh(&htable->lock);
 }
 
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 7073dbb8100c..971d172afece 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -267,7 +267,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
                 for (i = 0; i < e->nstamps; i++) {
                         if (info->seconds && time_after(time, e->stamps[i]))
                                 continue;
-                        if (info->hit_count && ++hits >= info->hit_count) {
+                        if (!info->hit_count || ++hits >= info->hit_count) {
                                 ret = !ret;
                                 break;
                         }