Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: netfilter: replace old NF_ARP calls with NFPROTO_ARP netfilter: fix compilation error with NAT=n netfilter: xt_recent: use proc_create_data() netfilter: snmp nat leaks memory in case of failure netfilter: xt_iprange: fix range inversion match netfilter: netns: use NFPROTO_NUMPROTO instead of NUMPROTO for tables array netfilter: ctnetlink: remove obsolete NAT dependency from Kconfig pkt_sched: sch_generic: Fix oops in sch_teql dccp: Port redirection support for DCCP tcp: Fix IPv6 fallout from 'Port redirection support for TCP' netdev: change name dropping error codes ipvs: Update CONFIG_IP_VS_IPV6 description and help text
This commit is contained in:
commit
5fdf11283e
17 changed files with 33 additions and 27 deletions
|
@ -2,9 +2,9 @@
|
||||||
#define __NETNS_X_TABLES_H
|
#define __NETNS_X_TABLES_H
|
||||||
|
|
||||||
#include <linux/list.h>
|
#include <linux/list.h>
|
||||||
#include <linux/net.h>
|
#include <linux/netfilter.h>
|
||||||
|
|
||||||
struct netns_xt {
|
struct netns_xt {
|
||||||
struct list_head tables[NPROTO];
|
struct list_head tables[NFPROTO_NUMPROTO];
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -719,7 +719,7 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb,
|
||||||
return NF_ACCEPT;
|
return NF_ACCEPT;
|
||||||
}
|
}
|
||||||
*d = (struct net_device *)in;
|
*d = (struct net_device *)in;
|
||||||
NF_HOOK(NF_ARP, NF_ARP_FORWARD, skb, (struct net_device *)in,
|
NF_HOOK(NFPROTO_ARP, NF_ARP_FORWARD, skb, (struct net_device *)in,
|
||||||
(struct net_device *)out, br_nf_forward_finish);
|
(struct net_device *)out, br_nf_forward_finish);
|
||||||
|
|
||||||
return NF_STOLEN;
|
return NF_STOLEN;
|
||||||
|
|
|
@ -924,10 +924,10 @@ int dev_change_name(struct net_device *dev, const char *newname)
|
||||||
strlcpy(dev->name, newname, IFNAMSIZ);
|
strlcpy(dev->name, newname, IFNAMSIZ);
|
||||||
|
|
||||||
rollback:
|
rollback:
|
||||||
err = device_rename(&dev->dev, dev->name);
|
ret = device_rename(&dev->dev, dev->name);
|
||||||
if (err) {
|
if (ret) {
|
||||||
memcpy(dev->name, oldname, IFNAMSIZ);
|
memcpy(dev->name, oldname, IFNAMSIZ);
|
||||||
return err;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
write_lock_bh(&dev_base_lock);
|
write_lock_bh(&dev_base_lock);
|
||||||
|
|
|
@ -259,7 +259,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req)
|
||||||
fl.fl6_flowlabel = 0;
|
fl.fl6_flowlabel = 0;
|
||||||
fl.oif = ireq6->iif;
|
fl.oif = ireq6->iif;
|
||||||
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
||||||
fl.fl_ip_sport = inet_sk(sk)->sport;
|
fl.fl_ip_sport = inet_rsk(req)->loc_port;
|
||||||
security_req_classify_flow(req, &fl);
|
security_req_classify_flow(req, &fl);
|
||||||
|
|
||||||
opt = np->opt;
|
opt = np->opt;
|
||||||
|
@ -558,7 +558,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
|
||||||
ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
|
ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
|
||||||
fl.oif = sk->sk_bound_dev_if;
|
fl.oif = sk->sk_bound_dev_if;
|
||||||
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
||||||
fl.fl_ip_sport = inet_sk(sk)->sport;
|
fl.fl_ip_sport = inet_rsk(req)->loc_port;
|
||||||
security_sk_classify_flow(sk, &fl);
|
security_sk_classify_flow(sk, &fl);
|
||||||
|
|
||||||
if (ip6_dst_lookup(sk, &dst, &fl))
|
if (ip6_dst_lookup(sk, &dst, &fl))
|
||||||
|
|
|
@ -309,6 +309,7 @@ void dccp_reqsk_init(struct request_sock *req, struct sk_buff *skb)
|
||||||
struct dccp_request_sock *dreq = dccp_rsk(req);
|
struct dccp_request_sock *dreq = dccp_rsk(req);
|
||||||
|
|
||||||
inet_rsk(req)->rmt_port = dccp_hdr(skb)->dccph_sport;
|
inet_rsk(req)->rmt_port = dccp_hdr(skb)->dccph_sport;
|
||||||
|
inet_rsk(req)->loc_port = dccp_hdr(skb)->dccph_dport;
|
||||||
inet_rsk(req)->acked = 0;
|
inet_rsk(req)->acked = 0;
|
||||||
req->rcv_wnd = sysctl_dccp_feat_sequence_window;
|
req->rcv_wnd = sysctl_dccp_feat_sequence_window;
|
||||||
dreq->dreq_timestamp_echo = 0;
|
dreq->dreq_timestamp_echo = 0;
|
||||||
|
|
|
@ -347,7 +347,7 @@ struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst,
|
||||||
/* Build and checksum header */
|
/* Build and checksum header */
|
||||||
dh = dccp_zeroed_hdr(skb, dccp_header_size);
|
dh = dccp_zeroed_hdr(skb, dccp_header_size);
|
||||||
|
|
||||||
dh->dccph_sport = inet_sk(sk)->sport;
|
dh->dccph_sport = inet_rsk(req)->loc_port;
|
||||||
dh->dccph_dport = inet_rsk(req)->rmt_port;
|
dh->dccph_dport = inet_rsk(req)->rmt_port;
|
||||||
dh->dccph_doff = (dccp_header_size +
|
dh->dccph_doff = (dccp_header_size +
|
||||||
DCCP_SKB_CB(skb)->dccpd_opt_len) / 4;
|
DCCP_SKB_CB(skb)->dccpd_opt_len) / 4;
|
||||||
|
|
|
@ -663,7 +663,7 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
|
||||||
void arp_xmit(struct sk_buff *skb)
|
void arp_xmit(struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
/* Send it off, maybe filter it using firewalling first. */
|
/* Send it off, maybe filter it using firewalling first. */
|
||||||
NF_HOOK(NF_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit);
|
NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -928,7 +928,7 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
|
||||||
|
|
||||||
memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
|
memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
|
||||||
|
|
||||||
return NF_HOOK(NF_ARP, NF_ARP_IN, skb, dev, NULL, arp_process);
|
return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process);
|
||||||
|
|
||||||
freeskb:
|
freeskb:
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
|
|
|
@ -742,6 +742,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
|
||||||
*obj = kmalloc(sizeof(struct snmp_object) + len,
|
*obj = kmalloc(sizeof(struct snmp_object) + len,
|
||||||
GFP_ATOMIC);
|
GFP_ATOMIC);
|
||||||
if (*obj == NULL) {
|
if (*obj == NULL) {
|
||||||
|
kfree(p);
|
||||||
kfree(id);
|
kfree(id);
|
||||||
if (net_ratelimit())
|
if (net_ratelimit())
|
||||||
printk("OOM in bsalg (%d)\n", __LINE__);
|
printk("OOM in bsalg (%d)\n", __LINE__);
|
||||||
|
|
|
@ -204,6 +204,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
|
||||||
|
|
||||||
req->mss = mss;
|
req->mss = mss;
|
||||||
ireq->rmt_port = th->source;
|
ireq->rmt_port = th->source;
|
||||||
|
ireq->loc_port = th->dest;
|
||||||
ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
|
ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
|
||||||
ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
|
ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
|
||||||
if (ipv6_opt_accepted(sk, skb) ||
|
if (ipv6_opt_accepted(sk, skb) ||
|
||||||
|
|
|
@ -476,7 +476,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
|
||||||
fl.fl6_flowlabel = 0;
|
fl.fl6_flowlabel = 0;
|
||||||
fl.oif = treq->iif;
|
fl.oif = treq->iif;
|
||||||
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
||||||
fl.fl_ip_sport = inet_sk(sk)->sport;
|
fl.fl_ip_sport = inet_rsk(req)->loc_port;
|
||||||
security_req_classify_flow(req, &fl);
|
security_req_classify_flow(req, &fl);
|
||||||
|
|
||||||
opt = np->opt;
|
opt = np->opt;
|
||||||
|
@ -1309,7 +1309,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
|
||||||
ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
|
ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
|
||||||
fl.oif = sk->sk_bound_dev_if;
|
fl.oif = sk->sk_bound_dev_if;
|
||||||
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
fl.fl_ip_dport = inet_rsk(req)->rmt_port;
|
||||||
fl.fl_ip_sport = inet_sk(sk)->sport;
|
fl.fl_ip_sport = inet_rsk(req)->loc_port;
|
||||||
security_req_classify_flow(req, &fl);
|
security_req_classify_flow(req, &fl);
|
||||||
|
|
||||||
if (ip6_dst_lookup(sk, &dst, &fl))
|
if (ip6_dst_lookup(sk, &dst, &fl))
|
||||||
|
@ -1865,7 +1865,7 @@ static void get_openreq6(struct seq_file *seq,
|
||||||
i,
|
i,
|
||||||
src->s6_addr32[0], src->s6_addr32[1],
|
src->s6_addr32[0], src->s6_addr32[1],
|
||||||
src->s6_addr32[2], src->s6_addr32[3],
|
src->s6_addr32[2], src->s6_addr32[3],
|
||||||
ntohs(inet_sk(sk)->sport),
|
ntohs(inet_rsk(req)->loc_port),
|
||||||
dest->s6_addr32[0], dest->s6_addr32[1],
|
dest->s6_addr32[0], dest->s6_addr32[1],
|
||||||
dest->s6_addr32[2], dest->s6_addr32[3],
|
dest->s6_addr32[2], dest->s6_addr32[3],
|
||||||
ntohs(inet_rsk(req)->rmt_port),
|
ntohs(inet_rsk(req)->rmt_port),
|
||||||
|
|
|
@ -271,7 +271,6 @@ config NF_CONNTRACK_TFTP
|
||||||
config NF_CT_NETLINK
|
config NF_CT_NETLINK
|
||||||
tristate 'Connection tracking netlink interface'
|
tristate 'Connection tracking netlink interface'
|
||||||
select NETFILTER_NETLINK
|
select NETFILTER_NETLINK
|
||||||
depends on NF_NAT=n || NF_NAT
|
|
||||||
default m if NETFILTER_ADVANCED=n
|
default m if NETFILTER_ADVANCED=n
|
||||||
help
|
help
|
||||||
This option enables support for a netlink-based userspace interface
|
This option enables support for a netlink-based userspace interface
|
||||||
|
|
|
@ -25,11 +25,13 @@ menuconfig IP_VS
|
||||||
if IP_VS
|
if IP_VS
|
||||||
|
|
||||||
config IP_VS_IPV6
|
config IP_VS_IPV6
|
||||||
bool "IPv6 support for IPVS (DANGEROUS)"
|
bool "IPv6 support for IPVS"
|
||||||
depends on EXPERIMENTAL && (IPV6 = y || IP_VS = IPV6)
|
depends on EXPERIMENTAL && (IPV6 = y || IP_VS = IPV6)
|
||||||
---help---
|
---help---
|
||||||
Add IPv6 support to IPVS. This is incomplete and might be dangerous.
|
Add IPv6 support to IPVS. This is incomplete and might be dangerous.
|
||||||
|
|
||||||
|
See http://www.mindbasket.com/ipvs for more information.
|
||||||
|
|
||||||
Say N if unsure.
|
Say N if unsure.
|
||||||
|
|
||||||
config IP_VS_DEBUG
|
config IP_VS_DEBUG
|
||||||
|
|
|
@ -813,6 +813,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_NF_NAT_NEEDED
|
||||||
static int
|
static int
|
||||||
ctnetlink_parse_nat_setup(struct nf_conn *ct,
|
ctnetlink_parse_nat_setup(struct nf_conn *ct,
|
||||||
enum nf_nat_manip_type manip,
|
enum nf_nat_manip_type manip,
|
||||||
|
@ -840,6 +841,7 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct,
|
||||||
|
|
||||||
return parse_nat_setup(ct, manip, attr);
|
return parse_nat_setup(ct, manip, attr);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static int
|
static int
|
||||||
ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
|
ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
|
||||||
|
|
|
@ -48,7 +48,7 @@ static struct xt_target nfqueue_tg_reg[] __read_mostly = {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
.name = "NFQUEUE",
|
.name = "NFQUEUE",
|
||||||
.family = NF_ARP,
|
.family = NFPROTO_ARP,
|
||||||
.target = nfqueue_tg,
|
.target = nfqueue_tg,
|
||||||
.targetsize = sizeof(struct xt_NFQ_info),
|
.targetsize = sizeof(struct xt_NFQ_info),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
|
|
@ -61,7 +61,7 @@ iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
if (info->flags & IPRANGE_SRC) {
|
if (info->flags & IPRANGE_SRC) {
|
||||||
m = ntohl(iph->saddr) < ntohl(info->src_min.ip);
|
m = ntohl(iph->saddr) < ntohl(info->src_min.ip);
|
||||||
m |= ntohl(iph->saddr) > ntohl(info->src_max.ip);
|
m |= ntohl(iph->saddr) > ntohl(info->src_max.ip);
|
||||||
m ^= info->flags & IPRANGE_SRC_INV;
|
m ^= !!(info->flags & IPRANGE_SRC_INV);
|
||||||
if (m) {
|
if (m) {
|
||||||
pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"
|
pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"
|
||||||
NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
|
NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
|
||||||
|
@ -75,7 +75,7 @@ iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
if (info->flags & IPRANGE_DST) {
|
if (info->flags & IPRANGE_DST) {
|
||||||
m = ntohl(iph->daddr) < ntohl(info->dst_min.ip);
|
m = ntohl(iph->daddr) < ntohl(info->dst_min.ip);
|
||||||
m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip);
|
m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip);
|
||||||
m ^= info->flags & IPRANGE_DST_INV;
|
m ^= !!(info->flags & IPRANGE_DST_INV);
|
||||||
if (m) {
|
if (m) {
|
||||||
pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"
|
pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"
|
||||||
NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
|
NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
|
||||||
|
@ -114,14 +114,14 @@ iprange_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
if (info->flags & IPRANGE_SRC) {
|
if (info->flags & IPRANGE_SRC) {
|
||||||
m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
|
m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
|
||||||
m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
|
m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
|
||||||
m ^= info->flags & IPRANGE_SRC_INV;
|
m ^= !!(info->flags & IPRANGE_SRC_INV);
|
||||||
if (m)
|
if (m)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (info->flags & IPRANGE_DST) {
|
if (info->flags & IPRANGE_DST) {
|
||||||
m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
|
m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
|
||||||
m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
|
m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
|
||||||
m ^= info->flags & IPRANGE_DST_INV;
|
m ^= !!(info->flags & IPRANGE_DST_INV);
|
||||||
if (m)
|
if (m)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -318,15 +318,15 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
|
||||||
for (i = 0; i < ip_list_hash_size; i++)
|
for (i = 0; i < ip_list_hash_size; i++)
|
||||||
INIT_LIST_HEAD(&t->iphash[i]);
|
INIT_LIST_HEAD(&t->iphash[i]);
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
t->proc = proc_create(t->name, ip_list_perms, recent_proc_dir,
|
t->proc = proc_create_data(t->name, ip_list_perms, recent_proc_dir,
|
||||||
&recent_mt_fops);
|
&recent_mt_fops, t);
|
||||||
if (t->proc == NULL) {
|
if (t->proc == NULL) {
|
||||||
kfree(t);
|
kfree(t);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
#ifdef CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT
|
#ifdef CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT
|
||||||
t->proc_old = proc_create(t->name, ip_list_perms, proc_old_dir,
|
t->proc_old = proc_create_data(t->name, ip_list_perms, proc_old_dir,
|
||||||
&recent_old_fops);
|
&recent_old_fops, t);
|
||||||
if (t->proc_old == NULL) {
|
if (t->proc_old == NULL) {
|
||||||
remove_proc_entry(t->name, proc_old_dir);
|
remove_proc_entry(t->name, proc_old_dir);
|
||||||
kfree(t);
|
kfree(t);
|
||||||
|
@ -334,11 +334,9 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
|
||||||
}
|
}
|
||||||
t->proc_old->uid = ip_list_uid;
|
t->proc_old->uid = ip_list_uid;
|
||||||
t->proc_old->gid = ip_list_gid;
|
t->proc_old->gid = ip_list_gid;
|
||||||
t->proc_old->data = t;
|
|
||||||
#endif
|
#endif
|
||||||
t->proc->uid = ip_list_uid;
|
t->proc->uid = ip_list_uid;
|
||||||
t->proc->gid = ip_list_gid;
|
t->proc->gid = ip_list_gid;
|
||||||
t->proc->data = t;
|
|
||||||
#endif
|
#endif
|
||||||
spin_lock_bh(&recent_lock);
|
spin_lock_bh(&recent_lock);
|
||||||
list_add_tail(&t->list, &tables);
|
list_add_tail(&t->list, &tables);
|
||||||
|
|
|
@ -326,6 +326,7 @@ struct Qdisc_ops noop_qdisc_ops __read_mostly = {
|
||||||
|
|
||||||
static struct netdev_queue noop_netdev_queue = {
|
static struct netdev_queue noop_netdev_queue = {
|
||||||
.qdisc = &noop_qdisc,
|
.qdisc = &noop_qdisc,
|
||||||
|
.qdisc_sleeping = &noop_qdisc,
|
||||||
};
|
};
|
||||||
|
|
||||||
struct Qdisc noop_qdisc = {
|
struct Qdisc noop_qdisc = {
|
||||||
|
@ -352,6 +353,7 @@ static struct Qdisc_ops noqueue_qdisc_ops __read_mostly = {
|
||||||
static struct Qdisc noqueue_qdisc;
|
static struct Qdisc noqueue_qdisc;
|
||||||
static struct netdev_queue noqueue_netdev_queue = {
|
static struct netdev_queue noqueue_netdev_queue = {
|
||||||
.qdisc = &noqueue_qdisc,
|
.qdisc = &noqueue_qdisc,
|
||||||
|
.qdisc_sleeping = &noqueue_qdisc,
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct Qdisc noqueue_qdisc = {
|
static struct Qdisc noqueue_qdisc = {
|
||||||
|
|
Loading…
Reference in a new issue