Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains netfilter fixes for you net tree, they are: 1) Missing ct zone size in the nft_ct initialization path, patch from Florian Westphal. 2) Two patches for netfilter uapi headers, one to remove unnecessary sysctl.h inclusion and another to fix compilation of xt_hashlimit.h in userspace, from Dmitry V. Levin. 3) Patch to fix a sloppy change in nf_ct_expect that incorrectly simplified nf_ct_expect_related_report() in the previous nf-next batch. This also includes another patch for __nf_ct_expect_check() to report success by returning 0 to keep it consistent with other existing functions. From Jarno Rajahalme. 4) The ->walk() iterator of the new bitmap set type goes over the real bitmap size, this results in incorrect dumps when NFTA_SET_USERDATA is used. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
4ca257eed6
@ -3,7 +3,6 @@
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/sysctl.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/in6.h>
|
||||
|
||||
|
@ -2,6 +2,7 @@
|
||||
#define _UAPI_XT_HASHLIMIT_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/limits.h>
|
||||
#include <linux/if.h>
|
||||
|
||||
/* timings are in milliseconds. */
|
||||
|
@ -410,7 +410,7 @@ static inline int __nf_ct_expect_check(struct nf_conntrack_expect *expect)
|
||||
struct net *net = nf_ct_exp_net(expect);
|
||||
struct hlist_node *next;
|
||||
unsigned int h;
|
||||
int ret = 1;
|
||||
int ret = 0;
|
||||
|
||||
if (!master_help) {
|
||||
ret = -ESHUTDOWN;
|
||||
@ -460,14 +460,14 @@ int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
|
||||
|
||||
spin_lock_bh(&nf_conntrack_expect_lock);
|
||||
ret = __nf_ct_expect_check(expect);
|
||||
if (ret <= 0)
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
|
||||
nf_ct_expect_insert(expect);
|
||||
|
||||
spin_unlock_bh(&nf_conntrack_expect_lock);
|
||||
nf_ct_expect_event_report(IPEXP_NEW, expect, portid, report);
|
||||
return ret;
|
||||
return 0;
|
||||
out:
|
||||
spin_unlock_bh(&nf_conntrack_expect_lock);
|
||||
return ret;
|
||||
|
@ -528,6 +528,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
|
||||
if (!nft_ct_tmpl_alloc_pcpu())
|
||||
return -ENOMEM;
|
||||
nft_ct_pcpu_template_refcnt++;
|
||||
len = sizeof(u16);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
|
@ -258,7 +258,7 @@ static int nft_bitmap_init(const struct nft_set *set,
|
||||
{
|
||||
struct nft_bitmap *priv = nft_set_priv(set);
|
||||
|
||||
priv->bitmap_size = nft_bitmap_total_size(set->klen);
|
||||
priv->bitmap_size = nft_bitmap_size(set->klen);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user