Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 32565644 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains two Netfilter/IPVS fixes for your net
tree, they are:

1) Fix missing alignment in next offset calculation for standard
   targets, introduced in the previous merge window, patch from
   Florian Westphal.

2) Fix to correct the handling of outgoing connections which use the
   SIP-pe such that the binding of a real-server is updated when needed.
   This was an omission from changes introduced by Marco Angaroni in
   the previous merge window too, to allow handling of outgoing
   connections by the SIP-pe. Patch and report came via Simon Horman.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents ce3cf4ec 3ec10d3a

include/net/ip_vs.h

+1 −1
Original line number Diff line number Diff line
@@ -1232,7 +1232,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp); 
const char *ip_vs_state_name(__u16 proto, int state);



void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp);

int ip_vs_check_template(struct ip_vs_conn *ct);

int ip_vs_check_template(struct ip_vs_conn *ct, struct ip_vs_dest *cdest);

void ip_vs_random_dropentry(struct netns_ipvs *ipvs);

int ip_vs_conn_init(void);

void ip_vs_conn_cleanup(void);

net/netfilter/ipvs/ip_vs_conn.c

+3 −2
Original line number Diff line number Diff line
@@ -762,7 +762,7 @@ static int expire_quiescent_template(struct netns_ipvs *ipvs, 
 *	If available, return 1, otherwise invalidate this connection

 *	template and return 0.

 */

int ip_vs_check_template(struct ip_vs_conn *ct)

int ip_vs_check_template(struct ip_vs_conn *ct, struct ip_vs_dest *cdest)

{

	struct ip_vs_dest *dest = ct->dest;

	struct netns_ipvs *ipvs = ct->ipvs;
@@ -772,7 +772,8 @@ int ip_vs_check_template(struct ip_vs_conn *ct) 
	 */

	if ((dest == NULL) ||

	    !(dest->flags & IP_VS_DEST_F_AVAILABLE) ||

	    expire_quiescent_template(ipvs, dest)) {

	    expire_quiescent_template(ipvs, dest) ||

	    (cdest && (dest != cdest))) {

		IP_VS_DBG_BUF(9, "check_template: dest not available for "

			      "protocol %s s:%s:%d v:%s:%d "

			      "-> d:%s:%d\n",

net/netfilter/ipvs/ip_vs_core.c

+3 −2
Original line number Diff line number Diff line
@@ -321,7 +321,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, 


	/* Check if a template already exists */

	ct = ip_vs_ct_in_get(&param);

	if (!ct || !ip_vs_check_template(ct)) {

	if (!ct || !ip_vs_check_template(ct, NULL)) {

		struct ip_vs_scheduler *sched;



		/*
@@ -1154,7 +1154,8 @@ struct ip_vs_conn *ip_vs_new_conn_out(struct ip_vs_service *svc, 
						  vport, &param) < 0)

			return NULL;

		ct = ip_vs_ct_in_get(&param);

		if (!ct) {

		/* check if template exists and points to the same dest */

		if (!ct || !ip_vs_check_template(ct, dest)) {

			ct = ip_vs_conn_new(&param, dest->af, daddr, dport,

					    IP_VS_CONN_F_TEMPLATE, dest, 0);

			if (!ct) {

net/netfilter/x_tables.c

+2 −2
Original line number Diff line number Diff line
@@ -612,7 +612,7 @@ int xt_compat_check_entry_offsets(const void *base, const char *elems, 
		return -EINVAL;



	if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&

	    target_offset + sizeof(struct compat_xt_standard_target) != next_offset)

	    COMPAT_XT_ALIGN(target_offset + sizeof(struct compat_xt_standard_target)) != next_offset)

		return -EINVAL;



	/* compat_xt_entry match has less strict aligment requirements,
@@ -694,7 +694,7 @@ int xt_check_entry_offsets(const void *base, 
		return -EINVAL;



	if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&

	    target_offset + sizeof(struct xt_standard_target) != next_offset)

	    XT_ALIGN(target_offset + sizeof(struct xt_standard_target)) != next_offset)

		return -EINVAL;



	return xt_check_entry_match(elems, base + target_offset,