diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 13 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 15 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_l3proto_generic.c | 1 | ||||
| -rw-r--r-- | net/netfilter/x_tables.c | 2 | ||||
| -rw-r--r-- | net/sched/act_ipt.c | 5 |
6 files changed, 11 insertions, 27 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index c60fd5c4ea1e..3d560dec63ab 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -345,7 +345,7 @@ config IP_NF_TARGET_LOG | |||
| 345 | To compile it as a module, choose M here. If unsure, say N. | 345 | To compile it as a module, choose M here. If unsure, say N. |
| 346 | 346 | ||
| 347 | config IP_NF_TARGET_ULOG | 347 | config IP_NF_TARGET_ULOG |
| 348 | tristate "ULOG target support (OBSOLETE)" | 348 | tristate "ULOG target support" |
| 349 | depends on IP_NF_IPTABLES | 349 | depends on IP_NF_IPTABLES |
| 350 | ---help--- | 350 | ---help--- |
| 351 | 351 | ||
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 642b4b11464f..0a673038344f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -288,19 +288,6 @@ ip6t_do_table(struct sk_buff **pskb, | |||
| 288 | table_base = (void *)private->entries[smp_processor_id()]; | 288 | table_base = (void *)private->entries[smp_processor_id()]; |
| 289 | e = get_entry(table_base, private->hook_entry[hook]); | 289 | e = get_entry(table_base, private->hook_entry[hook]); |
| 290 | 290 | ||
| 291 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 292 | /* Check noone else using our table */ | ||
| 293 | if (((struct ip6t_entry *)table_base)->comefrom != 0xdead57ac | ||
| 294 | && ((struct ip6t_entry *)table_base)->comefrom != 0xeeeeeeec) { | ||
| 295 | printk("ASSERT: CPU #%u, %s comefrom(%p) = %X\n", | ||
| 296 | smp_processor_id(), | ||
| 297 | table->name, | ||
| 298 | &((struct ip6t_entry *)table_base)->comefrom, | ||
| 299 | ((struct ip6t_entry *)table_base)->comefrom); | ||
| 300 | } | ||
| 301 | ((struct ip6t_entry *)table_base)->comefrom = 0x57acc001; | ||
| 302 | #endif | ||
| 303 | |||
| 304 | /* For return from builtin chain */ | 291 | /* For return from builtin chain */ |
| 305 | back = get_entry(table_base, private->underflow[hook]); | 292 | back = get_entry(table_base, private->underflow[hook]); |
| 306 | 293 | ||
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index e581190fb6c3..f9b83f91371a 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -178,9 +178,6 @@ static struct { | |||
| 178 | /* allocated slab cache + modules which uses this slab cache */ | 178 | /* allocated slab cache + modules which uses this slab cache */ |
| 179 | int use; | 179 | int use; |
| 180 | 180 | ||
| 181 | /* Initialization */ | ||
| 182 | int (*init_conntrack)(struct nf_conn *, u_int32_t); | ||
| 183 | |||
| 184 | } nf_ct_cache[NF_CT_F_NUM]; | 181 | } nf_ct_cache[NF_CT_F_NUM]; |
| 185 | 182 | ||
| 186 | /* protect members of nf_ct_cache except of "use" */ | 183 | /* protect members of nf_ct_cache except of "use" */ |
| @@ -208,10 +205,8 @@ nf_ct_proto_find_get(u_int16_t l3proto, u_int8_t protocol) | |||
| 208 | 205 | ||
| 209 | preempt_disable(); | 206 | preempt_disable(); |
| 210 | p = __nf_ct_proto_find(l3proto, protocol); | 207 | p = __nf_ct_proto_find(l3proto, protocol); |
| 211 | if (p) { | 208 | if (!try_module_get(p->me)) |
| 212 | if (!try_module_get(p->me)) | 209 | p = &nf_conntrack_generic_protocol; |
| 213 | p = &nf_conntrack_generic_protocol; | ||
| 214 | } | ||
| 215 | preempt_enable(); | 210 | preempt_enable(); |
| 216 | 211 | ||
| 217 | return p; | 212 | return p; |
| @@ -229,10 +224,8 @@ nf_ct_l3proto_find_get(u_int16_t l3proto) | |||
| 229 | 224 | ||
| 230 | preempt_disable(); | 225 | preempt_disable(); |
| 231 | p = __nf_ct_l3proto_find(l3proto); | 226 | p = __nf_ct_l3proto_find(l3proto); |
| 232 | if (p) { | 227 | if (!try_module_get(p->me)) |
| 233 | if (!try_module_get(p->me)) | 228 | p = &nf_conntrack_generic_l3proto; |
| 234 | p = &nf_conntrack_generic_l3proto; | ||
| 235 | } | ||
| 236 | preempt_enable(); | 229 | preempt_enable(); |
| 237 | 230 | ||
| 238 | return p; | 231 | return p; |
diff --git a/net/netfilter/nf_conntrack_l3proto_generic.c b/net/netfilter/nf_conntrack_l3proto_generic.c index 7de4f06c63c5..3fc58e454d4e 100644 --- a/net/netfilter/nf_conntrack_l3proto_generic.c +++ b/net/netfilter/nf_conntrack_l3proto_generic.c | |||
| @@ -94,5 +94,4 @@ struct nf_conntrack_l3proto nf_conntrack_generic_l3proto = { | |||
| 94 | .print_conntrack = generic_print_conntrack, | 94 | .print_conntrack = generic_print_conntrack, |
| 95 | .prepare = generic_prepare, | 95 | .prepare = generic_prepare, |
| 96 | .get_features = generic_get_features, | 96 | .get_features = generic_get_features, |
| 97 | .me = THIS_MODULE, | ||
| 98 | }; | 97 | }; |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 00cf0a4f4d92..17abf60f9570 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -529,6 +529,7 @@ int xt_register_table(struct xt_table *table, | |||
| 529 | 529 | ||
| 530 | /* Simplifies replace_table code. */ | 530 | /* Simplifies replace_table code. */ |
| 531 | table->private = bootstrap; | 531 | table->private = bootstrap; |
| 532 | rwlock_init(&table->lock); | ||
| 532 | if (!xt_replace_table(table, 0, newinfo, &ret)) | 533 | if (!xt_replace_table(table, 0, newinfo, &ret)) |
| 533 | goto unlock; | 534 | goto unlock; |
| 534 | 535 | ||
| @@ -538,7 +539,6 @@ int xt_register_table(struct xt_table *table, | |||
| 538 | /* save number of initial entries */ | 539 | /* save number of initial entries */ |
| 539 | private->initial_entries = private->number; | 540 | private->initial_entries = private->number; |
| 540 | 541 | ||
| 541 | rwlock_init(&table->lock); | ||
| 542 | list_prepend(&xt[table->af].tables, table); | 542 | list_prepend(&xt[table->af].tables, table); |
| 543 | 543 | ||
| 544 | ret = 0; | 544 | ret = 0; |
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c index 6056d20ef429..37640c6fc014 100644 --- a/net/sched/act_ipt.c +++ b/net/sched/act_ipt.c | |||
| @@ -69,6 +69,11 @@ ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook) | |||
| 69 | DPRINTK("ipt_init_target: found %s\n", target->name); | 69 | DPRINTK("ipt_init_target: found %s\n", target->name); |
| 70 | t->u.kernel.target = target; | 70 | t->u.kernel.target = target; |
| 71 | 71 | ||
| 72 | ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t), | ||
| 73 | table, hook, 0, 0); | ||
| 74 | if (ret) | ||
| 75 | return ret; | ||
| 76 | |||
| 72 | if (t->u.kernel.target->checkentry | 77 | if (t->u.kernel.target->checkentry |
| 73 | && !t->u.kernel.target->checkentry(table, NULL, | 78 | && !t->u.kernel.target->checkentry(table, NULL, |
| 74 | t->u.kernel.target, t->data, | 79 | t->u.kernel.target, t->data, |