diff options
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/Kconfig | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 30 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_helper.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 14 | ||||
| -rw-r--r-- | net/netfilter/nf_log.c | 4 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink.c | 2 |
6 files changed, 21 insertions, 33 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index bb279bf59a1b..2329c5f50551 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -374,7 +374,7 @@ config NETFILTER_XT_TARGET_HL | |||
| 374 | 374 | ||
| 375 | config NETFILTER_XT_TARGET_LED | 375 | config NETFILTER_XT_TARGET_LED |
| 376 | tristate '"LED" target support' | 376 | tristate '"LED" target support' |
| 377 | depends on LEDS_CLASS && LED_TRIGGERS | 377 | depends on LEDS_CLASS && LEDS_TRIGGERS |
| 378 | depends on NETFILTER_ADVANCED | 378 | depends on NETFILTER_ADVANCED |
| 379 | help | 379 | help |
| 380 | This option adds a `LED' target, which allows you to blink LEDs in | 380 | This option adds a `LED' target, which allows you to blink LEDs in |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 3940f996a2e4..afde8f991646 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
| @@ -372,7 +372,7 @@ static inline int __nf_ct_expect_check(struct nf_conntrack_expect *expect) | |||
| 372 | struct net *net = nf_ct_exp_net(expect); | 372 | struct net *net = nf_ct_exp_net(expect); |
| 373 | struct hlist_node *n; | 373 | struct hlist_node *n; |
| 374 | unsigned int h; | 374 | unsigned int h; |
| 375 | int ret = 0; | 375 | int ret = 1; |
| 376 | 376 | ||
| 377 | if (!master_help->helper) { | 377 | if (!master_help->helper) { |
| 378 | ret = -ESHUTDOWN; | 378 | ret = -ESHUTDOWN; |
| @@ -412,41 +412,23 @@ out: | |||
| 412 | return ret; | 412 | return ret; |
| 413 | } | 413 | } |
| 414 | 414 | ||
| 415 | int nf_ct_expect_related(struct nf_conntrack_expect *expect) | 415 | int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, |
| 416 | u32 pid, int report) | ||
| 416 | { | 417 | { |
| 417 | int ret; | 418 | int ret; |
| 418 | 419 | ||
| 419 | spin_lock_bh(&nf_conntrack_lock); | 420 | spin_lock_bh(&nf_conntrack_lock); |
| 420 | ret = __nf_ct_expect_check(expect); | 421 | ret = __nf_ct_expect_check(expect); |
| 421 | if (ret < 0) | 422 | if (ret <= 0) |
| 422 | goto out; | 423 | goto out; |
| 423 | 424 | ||
| 425 | ret = 0; | ||
| 424 | nf_ct_expect_insert(expect); | 426 | nf_ct_expect_insert(expect); |
| 425 | atomic_inc(&expect->use); | ||
| 426 | spin_unlock_bh(&nf_conntrack_lock); | ||
| 427 | nf_ct_expect_event(IPEXP_NEW, expect); | ||
| 428 | nf_ct_expect_put(expect); | ||
| 429 | return ret; | ||
| 430 | out: | ||
| 431 | spin_unlock_bh(&nf_conntrack_lock); | 427 | spin_unlock_bh(&nf_conntrack_lock); |
| 428 | nf_ct_expect_event_report(IPEXP_NEW, expect, pid, report); | ||
| 432 | return ret; | 429 | return ret; |
| 433 | } | ||
| 434 | EXPORT_SYMBOL_GPL(nf_ct_expect_related); | ||
| 435 | |||
| 436 | int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, | ||
| 437 | u32 pid, int report) | ||
| 438 | { | ||
| 439 | int ret; | ||
| 440 | |||
| 441 | spin_lock_bh(&nf_conntrack_lock); | ||
| 442 | ret = __nf_ct_expect_check(expect); | ||
| 443 | if (ret < 0) | ||
| 444 | goto out; | ||
| 445 | nf_ct_expect_insert(expect); | ||
| 446 | out: | 430 | out: |
| 447 | spin_unlock_bh(&nf_conntrack_lock); | 431 | spin_unlock_bh(&nf_conntrack_lock); |
| 448 | if (ret == 0) | ||
| 449 | nf_ct_expect_event_report(IPEXP_NEW, expect, pid, report); | ||
| 450 | return ret; | 432 | return ret; |
| 451 | } | 433 | } |
| 452 | EXPORT_SYMBOL_GPL(nf_ct_expect_related_report); | 434 | EXPORT_SYMBOL_GPL(nf_ct_expect_related_report); |
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 30b8e9009f99..0fa5a422959f 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c | |||
| @@ -176,7 +176,7 @@ static void __nf_conntrack_helper_unregister(struct nf_conntrack_helper *me, | |||
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | /* Get rid of expecteds, set helpers to NULL. */ | 178 | /* Get rid of expecteds, set helpers to NULL. */ |
| 179 | hlist_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode) | 179 | hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode) |
| 180 | unhelp(h, me); | 180 | unhelp(h, me); |
| 181 | for (i = 0; i < nf_conntrack_htable_size; i++) { | 181 | for (i = 0; i < nf_conntrack_htable_size; i++) { |
| 182 | hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode) | 182 | hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode) |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index c6439c77953c..f13fc57e1ecb 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -512,7 +512,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, | |||
| 512 | 512 | ||
| 513 | skb = ctnetlink_alloc_skb(tuple(ct, IP_CT_DIR_ORIGINAL), GFP_ATOMIC); | 513 | skb = ctnetlink_alloc_skb(tuple(ct, IP_CT_DIR_ORIGINAL), GFP_ATOMIC); |
| 514 | if (!skb) | 514 | if (!skb) |
| 515 | return NOTIFY_DONE; | 515 | goto errout; |
| 516 | 516 | ||
| 517 | b = skb->tail; | 517 | b = skb->tail; |
| 518 | 518 | ||
| @@ -591,8 +591,9 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, | |||
| 591 | nla_put_failure: | 591 | nla_put_failure: |
| 592 | rcu_read_unlock(); | 592 | rcu_read_unlock(); |
| 593 | nlmsg_failure: | 593 | nlmsg_failure: |
| 594 | nfnetlink_set_err(0, group, -ENOBUFS); | ||
| 595 | kfree_skb(skb); | 594 | kfree_skb(skb); |
| 595 | errout: | ||
| 596 | nfnetlink_set_err(0, group, -ENOBUFS); | ||
| 596 | return NOTIFY_DONE; | 597 | return NOTIFY_DONE; |
| 597 | } | 598 | } |
| 598 | #endif /* CONFIG_NF_CONNTRACK_EVENTS */ | 599 | #endif /* CONFIG_NF_CONNTRACK_EVENTS */ |
| @@ -987,7 +988,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[]) | |||
| 987 | { | 988 | { |
| 988 | struct nf_conntrack_helper *helper; | 989 | struct nf_conntrack_helper *helper; |
| 989 | struct nf_conn_help *help = nfct_help(ct); | 990 | struct nf_conn_help *help = nfct_help(ct); |
| 990 | char *helpname; | 991 | char *helpname = NULL; |
| 991 | int err; | 992 | int err; |
| 992 | 993 | ||
| 993 | /* don't change helper of sibling connections */ | 994 | /* don't change helper of sibling connections */ |
| @@ -1230,7 +1231,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[], | |||
| 1230 | 1231 | ||
| 1231 | rcu_read_lock(); | 1232 | rcu_read_lock(); |
| 1232 | if (cda[CTA_HELP]) { | 1233 | if (cda[CTA_HELP]) { |
| 1233 | char *helpname; | 1234 | char *helpname = NULL; |
| 1234 | 1235 | ||
| 1235 | err = ctnetlink_parse_help(cda[CTA_HELP], &helpname); | 1236 | err = ctnetlink_parse_help(cda[CTA_HELP], &helpname); |
| 1236 | if (err < 0) | 1237 | if (err < 0) |
| @@ -1564,7 +1565,7 @@ static int ctnetlink_expect_event(struct notifier_block *this, | |||
| 1564 | 1565 | ||
| 1565 | skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); | 1566 | skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); |
| 1566 | if (!skb) | 1567 | if (!skb) |
| 1567 | return NOTIFY_DONE; | 1568 | goto errout; |
| 1568 | 1569 | ||
| 1569 | b = skb->tail; | 1570 | b = skb->tail; |
| 1570 | 1571 | ||
| @@ -1589,8 +1590,9 @@ static int ctnetlink_expect_event(struct notifier_block *this, | |||
| 1589 | nla_put_failure: | 1590 | nla_put_failure: |
| 1590 | rcu_read_unlock(); | 1591 | rcu_read_unlock(); |
| 1591 | nlmsg_failure: | 1592 | nlmsg_failure: |
| 1592 | nfnetlink_set_err(0, 0, -ENOBUFS); | ||
| 1593 | kfree_skb(skb); | 1593 | kfree_skb(skb); |
| 1594 | errout: | ||
| 1595 | nfnetlink_set_err(0, 0, -ENOBUFS); | ||
| 1594 | return NOTIFY_DONE; | 1596 | return NOTIFY_DONE; |
| 1595 | } | 1597 | } |
| 1596 | #endif | 1598 | #endif |
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index 8bb998fe098b..beb37311e1a5 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c | |||
| @@ -36,10 +36,14 @@ static struct nf_logger *__find_logger(int pf, const char *str_logger) | |||
| 36 | int nf_log_register(u_int8_t pf, struct nf_logger *logger) | 36 | int nf_log_register(u_int8_t pf, struct nf_logger *logger) |
| 37 | { | 37 | { |
| 38 | const struct nf_logger *llog; | 38 | const struct nf_logger *llog; |
| 39 | int i; | ||
| 39 | 40 | ||
| 40 | if (pf >= ARRAY_SIZE(nf_loggers)) | 41 | if (pf >= ARRAY_SIZE(nf_loggers)) |
| 41 | return -EINVAL; | 42 | return -EINVAL; |
| 42 | 43 | ||
| 44 | for (i = 0; i < ARRAY_SIZE(logger->list); i++) | ||
| 45 | INIT_LIST_HEAD(&logger->list[i]); | ||
| 46 | |||
| 43 | mutex_lock(&nf_log_mutex); | 47 | mutex_lock(&nf_log_mutex); |
| 44 | 48 | ||
| 45 | if (pf == NFPROTO_UNSPEC) { | 49 | if (pf == NFPROTO_UNSPEC) { |
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 2785d66a7e38..b8ab37ad7ed5 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c | |||
| @@ -203,7 +203,7 @@ static int __init nfnetlink_init(void) | |||
| 203 | nfnetlink_rcv, NULL, THIS_MODULE); | 203 | nfnetlink_rcv, NULL, THIS_MODULE); |
| 204 | if (!nfnl) { | 204 | if (!nfnl) { |
| 205 | printk(KERN_ERR "cannot initialize nfnetlink!\n"); | 205 | printk(KERN_ERR "cannot initialize nfnetlink!\n"); |
| 206 | return -1; | 206 | return -ENOMEM; |
| 207 | } | 207 | } |
| 208 | 208 | ||
| 209 | return 0; | 209 | return 0; |