Merge tag 'nf-23-11-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

+1

net/bridge/netfilter/ebtable_broute.c

··· 135 135 module_init(ebtable_broute_init); 136 136 module_exit(ebtable_broute_fini); 137 137 MODULE_LICENSE("GPL"); 138 + MODULE_DESCRIPTION("Force packets to be routed instead of bridged");

+1

net/bridge/netfilter/ebtable_filter.c

··· 116 116 module_init(ebtable_filter_init); 117 117 module_exit(ebtable_filter_fini); 118 118 MODULE_LICENSE("GPL"); 119 + MODULE_DESCRIPTION("ebtables legacy filter table");

+1

net/bridge/netfilter/ebtable_nat.c

··· 116 116 module_init(ebtable_nat_init); 117 117 module_exit(ebtable_nat_fini); 118 118 MODULE_LICENSE("GPL"); 119 + MODULE_DESCRIPTION("ebtables legacy stateless nat table");

+1

net/bridge/netfilter/ebtables.c

··· 2595 2595 module_init(ebtables_init); 2596 2596 module_exit(ebtables_fini); 2597 2597 MODULE_LICENSE("GPL"); 2598 + MODULE_DESCRIPTION("ebtables legacy core");

+1

net/bridge/netfilter/nf_conntrack_bridge.c

··· 416 416 417 417 MODULE_ALIAS("nf_conntrack-" __stringify(AF_BRIDGE)); 418 418 MODULE_LICENSE("GPL"); 419 + MODULE_DESCRIPTION("Bridge IPv4 and IPv6 connection tracking");

+1

net/ipv4/netfilter/iptable_nat.c

··· 170 170 module_exit(iptable_nat_exit); 171 171 172 172 MODULE_LICENSE("GPL"); 173 + MODULE_DESCRIPTION("iptables legacy nat table");

+1

net/ipv4/netfilter/iptable_raw.c

··· 108 108 module_init(iptable_raw_init); 109 109 module_exit(iptable_raw_fini); 110 110 MODULE_LICENSE("GPL"); 111 + MODULE_DESCRIPTION("iptables legacy raw table");

+1

net/ipv4/netfilter/nf_defrag_ipv4.c

··· 186 186 module_exit(nf_defrag_fini); 187 187 188 188 MODULE_LICENSE("GPL"); 189 + MODULE_DESCRIPTION("IPv4 defragmentation support");

+1

net/ipv4/netfilter/nf_reject_ipv4.c

··· 336 336 EXPORT_SYMBOL_GPL(nf_send_unreach); 337 337 338 338 MODULE_LICENSE("GPL"); 339 + MODULE_DESCRIPTION("IPv4 packet rejection core");

+1

net/ipv6/netfilter/ip6table_nat.c

··· 170 170 module_exit(ip6table_nat_exit); 171 171 172 172 MODULE_LICENSE("GPL"); 173 + MODULE_DESCRIPTION("Ip6tables legacy nat table");

+1

net/ipv6/netfilter/ip6table_raw.c

··· 106 106 module_init(ip6table_raw_init); 107 107 module_exit(ip6table_raw_fini); 108 108 MODULE_LICENSE("GPL"); 109 + MODULE_DESCRIPTION("Ip6tables legacy raw table");

+1

net/ipv6/netfilter/nf_defrag_ipv6_hooks.c

··· 182 182 module_exit(nf_defrag_fini); 183 183 184 184 MODULE_LICENSE("GPL"); 185 + MODULE_DESCRIPTION("IPv6 defragmentation support");

+1

net/ipv6/netfilter/nf_reject_ipv6.c

··· 413 413 EXPORT_SYMBOL_GPL(nf_send_unreach6); 414 414 415 415 MODULE_LICENSE("GPL"); 416 + MODULE_DESCRIPTION("IPv6 packet rejection core");

+1

net/netfilter/ipvs/ip_vs_core.c

··· 2450 2450 module_init(ip_vs_init); 2451 2451 module_exit(ip_vs_cleanup); 2452 2452 MODULE_LICENSE("GPL"); 2453 + MODULE_DESCRIPTION("IP Virtual Server");

+1

net/netfilter/ipvs/ip_vs_dh.c

··· 270 270 module_init(ip_vs_dh_init); 271 271 module_exit(ip_vs_dh_cleanup); 272 272 MODULE_LICENSE("GPL"); 273 + MODULE_DESCRIPTION("ipvs destination hashing scheduler");

+1

net/netfilter/ipvs/ip_vs_fo.c

··· 72 72 module_init(ip_vs_fo_init); 73 73 module_exit(ip_vs_fo_cleanup); 74 74 MODULE_LICENSE("GPL"); 75 + MODULE_DESCRIPTION("ipvs weighted failover scheduler");

+1

net/netfilter/ipvs/ip_vs_ftp.c

··· 635 635 module_init(ip_vs_ftp_init); 636 636 module_exit(ip_vs_ftp_exit); 637 637 MODULE_LICENSE("GPL"); 638 + MODULE_DESCRIPTION("ipvs ftp helper");

+1

net/netfilter/ipvs/ip_vs_lblc.c

··· 632 632 module_init(ip_vs_lblc_init); 633 633 module_exit(ip_vs_lblc_cleanup); 634 634 MODULE_LICENSE("GPL"); 635 + MODULE_DESCRIPTION("ipvs locality-based least-connection scheduler");

+1

net/netfilter/ipvs/ip_vs_lblcr.c

··· 817 817 module_init(ip_vs_lblcr_init); 818 818 module_exit(ip_vs_lblcr_cleanup); 819 819 MODULE_LICENSE("GPL"); 820 + MODULE_DESCRIPTION("ipvs locality-based least-connection with replication scheduler");

+1

net/netfilter/ipvs/ip_vs_lc.c

··· 86 86 module_init(ip_vs_lc_init); 87 87 module_exit(ip_vs_lc_cleanup); 88 88 MODULE_LICENSE("GPL"); 89 + MODULE_DESCRIPTION("ipvs least connection scheduler");

+1

net/netfilter/ipvs/ip_vs_nq.c

··· 136 136 module_init(ip_vs_nq_init); 137 137 module_exit(ip_vs_nq_cleanup); 138 138 MODULE_LICENSE("GPL"); 139 + MODULE_DESCRIPTION("ipvs never queue scheduler");

+1

net/netfilter/ipvs/ip_vs_ovf.c

··· 79 79 module_init(ip_vs_ovf_init); 80 80 module_exit(ip_vs_ovf_cleanup); 81 81 MODULE_LICENSE("GPL"); 82 + MODULE_DESCRIPTION("ipvs overflow connection scheduler");

+1

net/netfilter/ipvs/ip_vs_pe_sip.c

··· 185 185 module_init(ip_vs_sip_init); 186 186 module_exit(ip_vs_sip_cleanup); 187 187 MODULE_LICENSE("GPL"); 188 + MODULE_DESCRIPTION("ipvs sip helper");

+1

net/netfilter/ipvs/ip_vs_rr.c

··· 122 122 123 123 module_init(ip_vs_rr_init); 124 124 module_exit(ip_vs_rr_cleanup); 125 + MODULE_DESCRIPTION("ipvs round-robin scheduler"); 125 126 MODULE_LICENSE("GPL");

+1

net/netfilter/ipvs/ip_vs_sed.c

··· 137 137 module_init(ip_vs_sed_init); 138 138 module_exit(ip_vs_sed_cleanup); 139 139 MODULE_LICENSE("GPL"); 140 + MODULE_DESCRIPTION("ipvs shortest expected delay scheduler");

+1

net/netfilter/ipvs/ip_vs_sh.c

··· 376 376 module_init(ip_vs_sh_init); 377 377 module_exit(ip_vs_sh_cleanup); 378 378 MODULE_LICENSE("GPL"); 379 + MODULE_DESCRIPTION("ipvs source hashing scheduler");

+1

net/netfilter/ipvs/ip_vs_twos.c

··· 137 137 module_init(ip_vs_twos_init); 138 138 module_exit(ip_vs_twos_cleanup); 139 139 MODULE_LICENSE("GPL"); 140 + MODULE_DESCRIPTION("ipvs power of twos choice scheduler");

+1

net/netfilter/ipvs/ip_vs_wlc.c

··· 109 109 module_init(ip_vs_wlc_init); 110 110 module_exit(ip_vs_wlc_cleanup); 111 111 MODULE_LICENSE("GPL"); 112 + MODULE_DESCRIPTION("ipvs weighted least connection scheduler");

+1

net/netfilter/ipvs/ip_vs_wrr.c

··· 263 263 module_init(ip_vs_wrr_init); 264 264 module_exit(ip_vs_wrr_cleanup); 265 265 MODULE_LICENSE("GPL"); 266 + MODULE_DESCRIPTION("ipvs weighted round-robin scheduler");

+1

net/netfilter/nf_conntrack_broadcast.c

··· 82 82 EXPORT_SYMBOL_GPL(nf_conntrack_broadcast_help); 83 83 84 84 MODULE_LICENSE("GPL"); 85 + MODULE_DESCRIPTION("Broadcast connection tracking helper");

+1

net/netfilter/nf_conntrack_netlink.c

··· 57 57 #include "nf_internals.h" 58 58 59 59 MODULE_LICENSE("GPL"); 60 + MODULE_DESCRIPTION("List and change connection tracking table"); 60 61 61 62 struct ctnetlink_list_dump_ctx { 62 63 struct nf_conn *last;

+1

net/netfilter/nf_conntrack_proto.c

··· 699 699 MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET)); 700 700 MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6)); 701 701 MODULE_LICENSE("GPL"); 702 + MODULE_DESCRIPTION("IPv4 and IPv6 connection tracking");

+1

net/netfilter/nf_nat_core.c

··· 1263 1263 } 1264 1264 1265 1265 MODULE_LICENSE("GPL"); 1266 + MODULE_DESCRIPTION("Network address translation core"); 1266 1267 1267 1268 module_init(nf_nat_init); 1268 1269 module_exit(nf_nat_cleanup);

+26 -1

net/netfilter/nf_nat_redirect.c

··· 80 80 81 81 static const struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT; 82 82 83 + static bool nf_nat_redirect_ipv6_usable(const struct inet6_ifaddr *ifa, unsigned int scope) 84 + { 85 + unsigned int ifa_addr_type = ipv6_addr_type(&ifa->addr); 86 + 87 + if (ifa_addr_type & IPV6_ADDR_MAPPED) 88 + return false; 89 + 90 + if ((ifa->flags & IFA_F_TENTATIVE) && (!(ifa->flags & IFA_F_OPTIMISTIC))) 91 + return false; 92 + 93 + if (scope) { 94 + unsigned int ifa_scope = ifa_addr_type & IPV6_ADDR_SCOPE_MASK; 95 + 96 + if (!(scope & ifa_scope)) 97 + return false; 98 + } 99 + 100 + return true; 101 + } 102 + 83 103 unsigned int 84 104 nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range2 *range, 85 105 unsigned int hooknum) ··· 109 89 if (hooknum == NF_INET_LOCAL_OUT) { 110 90 newdst.in6 = loopback_addr; 111 91 } else { 92 + unsigned int scope = ipv6_addr_scope(&ipv6_hdr(skb)->daddr); 112 93 struct inet6_dev *idev; 113 - struct inet6_ifaddr *ifa; 114 94 bool addr = false; 115 95 116 96 idev = __in6_dev_get(skb->dev); 117 97 if (idev != NULL) { 98 + const struct inet6_ifaddr *ifa; 99 + 118 100 read_lock_bh(&idev->lock); 119 101 list_for_each_entry(ifa, &idev->addr_list, if_list) { 102 + if (!nf_nat_redirect_ipv6_usable(ifa, scope)) 103 + continue; 104 + 120 105 newdst.in6 = ifa->addr; 121 106 addr = true; 122 107 break;

+18 -5

net/netfilter/nf_tables_api.c

··· 6520 6520 return ret; 6521 6521 } 6522 6522 6523 + static void nft_setelem_catchall_destroy(struct nft_set_elem_catchall *catchall) 6524 + { 6525 + list_del_rcu(&catchall->list); 6526 + kfree_rcu(catchall, rcu); 6527 + } 6528 + 6523 6529 static void nft_setelem_catchall_remove(const struct net *net, 6524 6530 const struct nft_set *set, 6525 6531 struct nft_elem_priv *elem_priv) ··· 6534 6528 6535 6529 list_for_each_entry_safe(catchall, next, &set->catchall_list, list) { 6536 6530 if (catchall->elem == elem_priv) { 6537 - list_del_rcu(&catchall->list); 6538 - kfree_rcu(catchall, rcu); 6531 + nft_setelem_catchall_destroy(catchall); 6539 6532 break; 6540 6533 } 6541 6534 } ··· 9683 9678 unsigned int gc_seq, 9684 9679 bool sync) 9685 9680 { 9686 - struct nft_set_elem_catchall *catchall; 9681 + struct nft_set_elem_catchall *catchall, *next; 9687 9682 const struct nft_set *set = gc->set; 9683 + struct nft_elem_priv *elem_priv; 9688 9684 struct nft_set_ext *ext; 9689 9685 9690 - list_for_each_entry_rcu(catchall, &set->catchall_list, list) { 9686 + list_for_each_entry_safe(catchall, next, &set->catchall_list, list) { 9691 9687 ext = nft_set_elem_ext(set, catchall->elem); 9692 9688 9693 9689 if (!nft_set_elem_expired(ext)) ··· 9706 9700 if (!gc) 9707 9701 return NULL; 9708 9702 9709 - nft_trans_gc_elem_add(gc, catchall->elem); 9703 + elem_priv = catchall->elem; 9704 + if (sync) { 9705 + nft_setelem_data_deactivate(gc->net, gc->set, elem_priv); 9706 + nft_setelem_catchall_destroy(catchall); 9707 + } 9708 + 9709 + nft_trans_gc_elem_add(gc, elem_priv); 9710 9710 } 9711 9711 9712 9712 return gc; ··· 11398 11386 11399 11387 MODULE_LICENSE("GPL"); 11400 11388 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 11389 + MODULE_DESCRIPTION("Framework for packet filtering and classification"); 11401 11390 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_NFTABLES);

+1

net/netfilter/nfnetlink_osf.c

··· 447 447 module_exit(nfnl_osf_fini); 448 448 449 449 MODULE_LICENSE("GPL"); 450 + MODULE_DESCRIPTION("Passive OS fingerprint matching"); 450 451 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_OSF);

+1

net/netfilter/nft_chain_nat.c

··· 137 137 module_exit(nft_chain_nat_exit); 138 138 139 139 MODULE_LICENSE("GPL"); 140 + MODULE_DESCRIPTION("nftables network address translation support"); 140 141 #ifdef CONFIG_NF_TABLES_IPV4 141 142 MODULE_ALIAS_NFT_CHAIN(AF_INET, "nat"); 142 143 #endif

+1

net/netfilter/nft_fib.c

··· 204 204 EXPORT_SYMBOL_GPL(nft_fib_reduce); 205 205 206 206 MODULE_LICENSE("GPL"); 207 + MODULE_DESCRIPTION("Query routing table from nftables"); 207 208 MODULE_AUTHOR("Florian Westphal <fw@strlen.de>");

+1

net/netfilter/nft_fwd_netdev.c

··· 270 270 271 271 MODULE_LICENSE("GPL"); 272 272 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); 273 + MODULE_DESCRIPTION("nftables netdev packet forwarding support"); 273 274 MODULE_ALIAS_NFT_AF_EXPR(5, "fwd");

+1 -1

net/netfilter/xt_recent.c

··· 561 561 { 562 562 struct recent_table *t = pde_data(file_inode(file)); 563 563 struct recent_entry *e; 564 - char buf[sizeof("+b335:1d35:1e55:dead:c0de:1715:5afe:c0de")]; 564 + char buf[sizeof("+b335:1d35:1e55:dead:c0de:1715:255.255.255.255")]; 565 565 const char *c = buf; 566 566 union nf_inet_addr addr = {}; 567 567 u_int16_t family;