tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

David S. Miller 8b6f92b1 467388f2

+156 -68
+1 -1
include/linux/netfilter/xt_NFLOG.h
··· 2 2 #define _XT_NFLOG_TARGET 3 3 4 4 #define XT_NFLOG_DEFAULT_GROUP 0x1 5 - #define XT_NFLOG_DEFAULT_THRESHOLD 1 5 + #define XT_NFLOG_DEFAULT_THRESHOLD 0 6 6 7 7 #define XT_NFLOG_MASK 0x0 8 8
+1 -1
include/net/netfilter/nf_conntrack_core.h
··· 59 59 struct nf_conn *ct = (struct nf_conn *)skb->nfct; 60 60 int ret = NF_ACCEPT; 61 61 62 - if (ct) { 62 + if (ct && ct != &nf_conntrack_untracked) { 63 63 if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) 64 64 ret = __nf_conntrack_confirm(skb); 65 65 nf_ct_deliver_cached_events(ct);
+3 -2
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
··· 201 201 202 202 if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING && 203 203 nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) { 204 - nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, 205 - "nf_ct_icmpv6: ICMPv6 checksum failed\n"); 204 + if (LOG_INVALID(net, IPPROTO_ICMPV6)) 205 + nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, 206 + "nf_ct_icmpv6: ICMPv6 checksum failed "); 206 207 return -NF_ACCEPT; 207 208 } 208 209
+145 -60
net/netfilter/x_tables.c
··· 827 827 .release = seq_release_net, 828 828 }; 829 829 830 + /* 831 + * Traverse state for ip{,6}_{tables,matches} for helping crossing 832 + * the multi-AF mutexes. 833 + */ 834 + struct nf_mttg_trav { 835 + struct list_head *head, *curr; 836 + uint8_t class, nfproto; 837 + }; 838 + 839 + enum { 840 + MTTG_TRAV_INIT, 841 + MTTG_TRAV_NFP_UNSPEC, 842 + MTTG_TRAV_NFP_SPEC, 843 + MTTG_TRAV_DONE, 844 + }; 845 + 846 + static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos, 847 + bool is_target) 848 + { 849 + static const uint8_t next_class[] = { 850 + [MTTG_TRAV_NFP_UNSPEC] = MTTG_TRAV_NFP_SPEC, 851 + [MTTG_TRAV_NFP_SPEC] = MTTG_TRAV_DONE, 852 + }; 853 + struct nf_mttg_trav *trav = seq->private; 854 + 855 + switch (trav->class) { 856 + case MTTG_TRAV_INIT: 857 + trav->class = MTTG_TRAV_NFP_UNSPEC; 858 + mutex_lock(&xt[NFPROTO_UNSPEC].mutex); 859 + trav->head = trav->curr = is_target ? 860 + &xt[NFPROTO_UNSPEC].target : &xt[NFPROTO_UNSPEC].match; 861 + break; 862 + case MTTG_TRAV_NFP_UNSPEC: 863 + trav->curr = trav->curr->next; 864 + if (trav->curr != trav->head) 865 + break; 866 + mutex_unlock(&xt[NFPROTO_UNSPEC].mutex); 867 + mutex_lock(&xt[trav->nfproto].mutex); 868 + trav->head = trav->curr = is_target ? 869 + &xt[trav->nfproto].target : &xt[trav->nfproto].match; 870 + trav->class = next_class[trav->class]; 871 + break; 872 + case MTTG_TRAV_NFP_SPEC: 873 + trav->curr = trav->curr->next; 874 + if (trav->curr != trav->head) 875 + break; 876 + /* fallthru, _stop will unlock */ 877 + default: 878 + return NULL; 879 + } 880 + 881 + if (ppos != NULL) 882 + ++*ppos; 883 + return trav; 884 + } 885 + 886 + static void *xt_mttg_seq_start(struct seq_file *seq, loff_t *pos, 887 + bool is_target) 888 + { 889 + struct nf_mttg_trav *trav = seq->private; 890 + unsigned int j; 891 + 892 + trav->class = MTTG_TRAV_INIT; 893 + for (j = 0; j < *pos; ++j) 894 + if (xt_mttg_seq_next(seq, NULL, NULL, is_target) == NULL) 895 + return NULL; 896 + return trav; 897 + } 898 + 899 + static void xt_mttg_seq_stop(struct seq_file *seq, void *v) 900 + { 901 + struct nf_mttg_trav *trav = seq->private; 902 + 903 + switch (trav->class) { 904 + case MTTG_TRAV_NFP_UNSPEC: 905 + mutex_unlock(&xt[NFPROTO_UNSPEC].mutex); 906 + break; 907 + case MTTG_TRAV_NFP_SPEC: 908 + mutex_unlock(&xt[trav->nfproto].mutex); 909 + break; 910 + } 911 + } 912 + 830 913 static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos) 831 914 { 832 - struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 833 - u_int16_t af = (unsigned long)pde->data; 834 - 835 - mutex_lock(&xt[af].mutex); 836 - return seq_list_start(&xt[af].match, *pos); 915 + return xt_mttg_seq_start(seq, pos, false); 837 916 } 838 917 839 - static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *pos) 918 + static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *ppos) 840 919 { 841 - struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 842 - u_int16_t af = (unsigned long)pde->data; 843 - 844 - return seq_list_next(v, &xt[af].match, pos); 845 - } 846 - 847 - static void xt_match_seq_stop(struct seq_file *seq, void *v) 848 - { 849 - struct proc_dir_entry *pde = seq->private; 850 - u_int16_t af = (unsigned long)pde->data; 851 - 852 - mutex_unlock(&xt[af].mutex); 920 + return xt_mttg_seq_next(seq, v, ppos, false); 853 921 } 854 922 855 923 static int xt_match_seq_show(struct seq_file *seq, void *v) 856 924 { 857 - struct xt_match *match = list_entry(v, struct xt_match, list); 925 + const struct nf_mttg_trav *trav = seq->private; 926 + const struct xt_match *match; 858 927 859 - if (strlen(match->name)) 860 - return seq_printf(seq, "%s\n", match->name); 861 - else 862 - return 0; 928 + switch (trav->class) { 929 + case MTTG_TRAV_NFP_UNSPEC: 930 + case MTTG_TRAV_NFP_SPEC: 931 + if (trav->curr == trav->head) 932 + return 0; 933 + match = list_entry(trav->curr, struct xt_match, list); 934 + return (*match->name == '\0') ? 0 : 935 + seq_printf(seq, "%s\n", match->name); 936 + } 937 + return 0; 863 938 } 864 939 865 940 static const struct seq_operations xt_match_seq_ops = { 866 941 .start = xt_match_seq_start, 867 942 .next = xt_match_seq_next, 868 - .stop = xt_match_seq_stop, 943 + .stop = xt_mttg_seq_stop, 869 944 .show = xt_match_seq_show, 870 945 }; 871 946 872 947 static int xt_match_open(struct inode *inode, struct file *file) 873 948 { 949 + struct seq_file *seq; 950 + struct nf_mttg_trav *trav; 874 951 int ret; 875 952 876 - ret = seq_open(file, &xt_match_seq_ops); 877 - if (!ret) { 878 - struct seq_file *seq = file->private_data; 953 + trav = kmalloc(sizeof(*trav), GFP_KERNEL); 954 + if (trav == NULL) 955 + return -ENOMEM; 879 956 880 - seq->private = PDE(inode); 957 + ret = seq_open(file, &xt_match_seq_ops); 958 + if (ret < 0) { 959 + kfree(trav); 960 + return ret; 881 961 } 882 - return ret; 962 + 963 + seq = file->private_data; 964 + seq->private = trav; 965 + trav->nfproto = (unsigned long)PDE(inode)->data; 966 + return 0; 883 967 } 884 968 885 969 static const struct file_operations xt_match_ops = { ··· 971 887 .open = xt_match_open, 972 888 .read = seq_read, 973 889 .llseek = seq_lseek, 974 - .release = seq_release, 890 + .release = seq_release_private, 975 891 }; 976 892 977 893 static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos) 978 894 { 979 - struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 980 - u_int16_t af = (unsigned long)pde->data; 981 - 982 - mutex_lock(&xt[af].mutex); 983 - return seq_list_start(&xt[af].target, *pos); 895 + return xt_mttg_seq_start(seq, pos, true); 984 896 } 985 897 986 - static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *pos) 898 + static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *ppos) 987 899 { 988 - struct proc_dir_entry *pde = (struct proc_dir_entry *)seq->private; 989 - u_int16_t af = (unsigned long)pde->data; 990 - 991 - return seq_list_next(v, &xt[af].target, pos); 992 - } 993 - 994 - static void xt_target_seq_stop(struct seq_file *seq, void *v) 995 - { 996 - struct proc_dir_entry *pde = seq->private; 997 - u_int16_t af = (unsigned long)pde->data; 998 - 999 - mutex_unlock(&xt[af].mutex); 900 + return xt_mttg_seq_next(seq, v, ppos, true); 1000 901 } 1001 902 1002 903 static int xt_target_seq_show(struct seq_file *seq, void *v) 1003 904 { 1004 - struct xt_target *target = list_entry(v, struct xt_target, list); 905 + const struct nf_mttg_trav *trav = seq->private; 906 + const struct xt_target *target; 1005 907 1006 - if (strlen(target->name)) 1007 - return seq_printf(seq, "%s\n", target->name); 1008 - else 1009 - return 0; 908 + switch (trav->class) { 909 + case MTTG_TRAV_NFP_UNSPEC: 910 + case MTTG_TRAV_NFP_SPEC: 911 + if (trav->curr == trav->head) 912 + return 0; 913 + target = list_entry(trav->curr, struct xt_target, list); 914 + return (*target->name == '\0') ? 0 : 915 + seq_printf(seq, "%s\n", target->name); 916 + } 917 + return 0; 1010 918 } 1011 919 1012 920 static const struct seq_operations xt_target_seq_ops = { 1013 921 .start = xt_target_seq_start, 1014 922 .next = xt_target_seq_next, 1015 - .stop = xt_target_seq_stop, 923 + .stop = xt_mttg_seq_stop, 1016 924 .show = xt_target_seq_show, 1017 925 }; 1018 926 1019 927 static int xt_target_open(struct inode *inode, struct file *file) 1020 928 { 929 + struct seq_file *seq; 930 + struct nf_mttg_trav *trav; 1021 931 int ret; 1022 932 1023 - ret = seq_open(file, &xt_target_seq_ops); 1024 - if (!ret) { 1025 - struct seq_file *seq = file->private_data; 933 + trav = kmalloc(sizeof(*trav), GFP_KERNEL); 934 + if (trav == NULL) 935 + return -ENOMEM; 1026 936 1027 - seq->private = PDE(inode); 937 + ret = seq_open(file, &xt_target_seq_ops); 938 + if (ret < 0) { 939 + kfree(trav); 940 + return ret; 1028 941 } 1029 - return ret; 942 + 943 + seq = file->private_data; 944 + seq->private = trav; 945 + trav->nfproto = (unsigned long)PDE(inode)->data; 946 + return 0; 1030 947 } 1031 948 1032 949 static const struct file_operations xt_target_ops = { ··· 1035 950 .open = xt_target_open, 1036 951 .read = seq_read, 1037 952 .llseek = seq_lseek, 1038 - .release = seq_release, 953 + .release = seq_release_private, 1039 954 }; 1040 955 1041 956 #define FORMAT_TABLES "_tables_names"
+1 -1
net/netfilter/xt_recent.c
··· 542 542 struct recent_entry *e; 543 543 char buf[sizeof("+b335:1d35:1e55:dead:c0de:1715:5afe:c0de")]; 544 544 const char *c = buf; 545 - union nf_inet_addr addr; 545 + union nf_inet_addr addr = {}; 546 546 u_int16_t family; 547 547 bool add, succ; 548 548