Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables
Pablo Neira Ayuso says: ==================== This small batch contains several Netfilter fixes for your net-next tree, more specifically: * Fix compilation warning in nft_ct in NF_CONNTRACK_MARK is not set, from Kristian Evensen. * Add dependency to IPV6 for NF_TABLES_INET. This one has been reported by the several robots that are testing .config combinations, from Paul Gortmaker. * Fix default base chain policy setting in nf_tables, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
5ff1dd2416
3 changed files with 4 additions and 2 deletions
|
@ -429,7 +429,7 @@ config NF_TABLES
|
|||
To compile it as a module, choose M here.
|
||||
|
||||
config NF_TABLES_INET
|
||||
depends on NF_TABLES
|
||||
depends on NF_TABLES && IPV6
|
||||
select NF_TABLES_IPV4
|
||||
select NF_TABLES_IPV6
|
||||
tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support"
|
||||
|
|
|
@ -859,7 +859,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
|
|||
nla[NFTA_CHAIN_HOOK] == NULL)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
policy = nla_get_be32(nla[NFTA_CHAIN_POLICY]);
|
||||
policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY]));
|
||||
switch (policy) {
|
||||
case NF_DROP:
|
||||
case NF_ACCEPT:
|
||||
|
|
|
@ -133,7 +133,9 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
|
|||
{
|
||||
const struct nft_ct *priv = nft_expr_priv(expr);
|
||||
struct sk_buff *skb = pkt->skb;
|
||||
#ifdef CONFIG_NF_CONNTRACK_MARK
|
||||
u32 value = data[priv->sreg].data[0];
|
||||
#endif
|
||||
enum ip_conntrack_info ctinfo;
|
||||
struct nf_conn *ct;
|
||||
|
||||
|
|
Loading…
Reference in a new issue