Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Remove IP MASQUERADING record in MAINTAINERS file, from Denis Efremov. 2) Counter arguments are swapped in ebtables, from Todd Seidelmann. 3) Missing netlink attribute validation in flow_offload extension. 4) Incorrect alignment in xt_nfacct that breaks 32-bits userspace / 64-bits kernels, from Juliana Rodrigueiro. 5) Missing include guard in nf_conntrack_h323_types.h, from Masahiro Yamada. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>alistair/sunxi64-5.4-dsi
commit
e15dbcdeb9
|
@ -8454,11 +8454,6 @@ S: Maintained
|
||||||
F: fs/io_uring.c
|
F: fs/io_uring.c
|
||||||
F: include/uapi/linux/io_uring.h
|
F: include/uapi/linux/io_uring.h
|
||||||
|
|
||||||
IP MASQUERADING
|
|
||||||
M: Juanjo Ciarlante <jjciarla@raiz.uncu.edu.ar>
|
|
||||||
S: Maintained
|
|
||||||
F: net/ipv4/netfilter/ipt_MASQUERADE.c
|
|
||||||
|
|
||||||
IPMI SUBSYSTEM
|
IPMI SUBSYSTEM
|
||||||
M: Corey Minyard <minyard@acm.org>
|
M: Corey Minyard <minyard@acm.org>
|
||||||
L: openipmi-developer@lists.sourceforge.net (moderated for non-subscribers)
|
L: openipmi-developer@lists.sourceforge.net (moderated for non-subscribers)
|
||||||
|
|
|
@ -4,6 +4,9 @@
|
||||||
* Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
|
* Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#ifndef _NF_CONNTRACK_H323_TYPES_H
|
||||||
|
#define _NF_CONNTRACK_H323_TYPES_H
|
||||||
|
|
||||||
typedef struct TransportAddress_ipAddress { /* SEQUENCE */
|
typedef struct TransportAddress_ipAddress { /* SEQUENCE */
|
||||||
int options; /* No use */
|
int options; /* No use */
|
||||||
unsigned int ip;
|
unsigned int ip;
|
||||||
|
@ -931,3 +934,5 @@ typedef struct RasMessage { /* CHOICE */
|
||||||
InfoRequestResponse infoRequestResponse;
|
InfoRequestResponse infoRequestResponse;
|
||||||
};
|
};
|
||||||
} RasMessage;
|
} RasMessage;
|
||||||
|
|
||||||
|
#endif /* _NF_CONNTRACK_H323_TYPES_H */
|
||||||
|
|
|
@ -11,4 +11,9 @@ struct xt_nfacct_match_info {
|
||||||
struct nf_acct *nfacct;
|
struct nf_acct *nfacct;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct xt_nfacct_match_info_v1 {
|
||||||
|
char name[NFACCT_NAME_MAX];
|
||||||
|
struct nf_acct *nfacct __attribute__((aligned(8)));
|
||||||
|
};
|
||||||
|
|
||||||
#endif /* _XT_NFACCT_MATCH_H */
|
#endif /* _XT_NFACCT_MATCH_H */
|
||||||
|
|
|
@ -221,7 +221,7 @@ unsigned int ebt_do_table(struct sk_buff *skb,
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
ADD_COUNTER(*(counter_base + i), 1, skb->len);
|
ADD_COUNTER(*(counter_base + i), skb->len, 1);
|
||||||
|
|
||||||
/* these should only watch: not modify, nor tell us
|
/* these should only watch: not modify, nor tell us
|
||||||
* what to do with the packet
|
* what to do with the packet
|
||||||
|
@ -959,8 +959,8 @@ static void get_counters(const struct ebt_counter *oldcounters,
|
||||||
continue;
|
continue;
|
||||||
counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
|
counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
|
||||||
for (i = 0; i < nentries; i++)
|
for (i = 0; i < nentries; i++)
|
||||||
ADD_COUNTER(counters[i], counter_base[i].pcnt,
|
ADD_COUNTER(counters[i], counter_base[i].bcnt,
|
||||||
counter_base[i].bcnt);
|
counter_base[i].pcnt);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1280,7 +1280,7 @@ static int do_update_counters(struct net *net, const char *name,
|
||||||
|
|
||||||
/* we add to the counters of the first cpu */
|
/* we add to the counters of the first cpu */
|
||||||
for (i = 0; i < num_counters; i++)
|
for (i = 0; i < num_counters; i++)
|
||||||
ADD_COUNTER(t->private->counters[i], tmp[i].pcnt, tmp[i].bcnt);
|
ADD_COUNTER(t->private->counters[i], tmp[i].bcnt, tmp[i].pcnt);
|
||||||
|
|
||||||
write_unlock_bh(&t->lock);
|
write_unlock_bh(&t->lock);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
|
@ -149,6 +149,11 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx,
|
||||||
return nft_chain_validate_hooks(ctx->chain, hook_mask);
|
return nft_chain_validate_hooks(ctx->chain, hook_mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const struct nla_policy nft_flow_offload_policy[NFTA_FLOW_MAX + 1] = {
|
||||||
|
[NFTA_FLOW_TABLE_NAME] = { .type = NLA_STRING,
|
||||||
|
.len = NFT_NAME_MAXLEN - 1 },
|
||||||
|
};
|
||||||
|
|
||||||
static int nft_flow_offload_init(const struct nft_ctx *ctx,
|
static int nft_flow_offload_init(const struct nft_ctx *ctx,
|
||||||
const struct nft_expr *expr,
|
const struct nft_expr *expr,
|
||||||
const struct nlattr * const tb[])
|
const struct nlattr * const tb[])
|
||||||
|
@ -207,6 +212,7 @@ static const struct nft_expr_ops nft_flow_offload_ops = {
|
||||||
static struct nft_expr_type nft_flow_offload_type __read_mostly = {
|
static struct nft_expr_type nft_flow_offload_type __read_mostly = {
|
||||||
.name = "flow_offload",
|
.name = "flow_offload",
|
||||||
.ops = &nft_flow_offload_ops,
|
.ops = &nft_flow_offload_ops,
|
||||||
|
.policy = nft_flow_offload_policy,
|
||||||
.maxattr = NFTA_FLOW_MAX,
|
.maxattr = NFTA_FLOW_MAX,
|
||||||
.owner = THIS_MODULE,
|
.owner = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
|
@ -54,25 +54,39 @@ nfacct_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
nfnl_acct_put(info->nfacct);
|
nfnl_acct_put(info->nfacct);
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_match nfacct_mt_reg __read_mostly = {
|
static struct xt_match nfacct_mt_reg[] __read_mostly = {
|
||||||
.name = "nfacct",
|
{
|
||||||
.family = NFPROTO_UNSPEC,
|
.name = "nfacct",
|
||||||
.checkentry = nfacct_mt_checkentry,
|
.revision = 0,
|
||||||
.match = nfacct_mt,
|
.family = NFPROTO_UNSPEC,
|
||||||
.destroy = nfacct_mt_destroy,
|
.checkentry = nfacct_mt_checkentry,
|
||||||
.matchsize = sizeof(struct xt_nfacct_match_info),
|
.match = nfacct_mt,
|
||||||
.usersize = offsetof(struct xt_nfacct_match_info, nfacct),
|
.destroy = nfacct_mt_destroy,
|
||||||
.me = THIS_MODULE,
|
.matchsize = sizeof(struct xt_nfacct_match_info),
|
||||||
|
.usersize = offsetof(struct xt_nfacct_match_info, nfacct),
|
||||||
|
.me = THIS_MODULE,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.name = "nfacct",
|
||||||
|
.revision = 1,
|
||||||
|
.family = NFPROTO_UNSPEC,
|
||||||
|
.checkentry = nfacct_mt_checkentry,
|
||||||
|
.match = nfacct_mt,
|
||||||
|
.destroy = nfacct_mt_destroy,
|
||||||
|
.matchsize = sizeof(struct xt_nfacct_match_info_v1),
|
||||||
|
.usersize = offsetof(struct xt_nfacct_match_info_v1, nfacct),
|
||||||
|
.me = THIS_MODULE,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int __init nfacct_mt_init(void)
|
static int __init nfacct_mt_init(void)
|
||||||
{
|
{
|
||||||
return xt_register_match(&nfacct_mt_reg);
|
return xt_register_matches(nfacct_mt_reg, ARRAY_SIZE(nfacct_mt_reg));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void __exit nfacct_mt_exit(void)
|
static void __exit nfacct_mt_exit(void)
|
||||||
{
|
{
|
||||||
xt_unregister_match(&nfacct_mt_reg);
|
xt_unregister_matches(nfacct_mt_reg, ARRAY_SIZE(nfacct_mt_reg));
|
||||||
}
|
}
|
||||||
|
|
||||||
module_init(nfacct_mt_init);
|
module_init(nfacct_mt_init);
|
||||||
|
|
Loading…
Reference in New Issue