Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 95a06161 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Pablo Neira Ayuso says:

====================
The following patchset contains a small batch of Netfilter
updates for your net-next tree, they are:

* Three patches that provide more accurate error reporting to
  user-space, instead of -EPERM, in IPv4/IPv6 netfilter re-routing
  code and NAT, from Patrick McHardy.

* Update copyright statements in Netfilter filters of
  Patrick McHardy, from himself.

* Add Kconfig dependency on the raw/mangle tables to the
  rpfilter, from Florian Westphal.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents bb5b052f d37d6968

net/ipv4/netfilter.c

+10 −5
Original line number Diff line number Diff line 
/* IPv4 specific functions of netfilter core */

/*

 * IPv4 specific functions of netfilter core

 *

 * Rusty Russell (C) 2000 -- This code is GPL.

 * Patrick McHardy (C) 2006-2012

 */

#include <linux/kernel.h>

#include <linux/netfilter.h>

#include <linux/netfilter_ipv4.h>
@@ -40,14 +45,14 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) 
	fl4.flowi4_flags = flags;

	rt = ip_route_output_key(net, &fl4);

	if (IS_ERR(rt))

		return -1;

		return PTR_ERR(rt);



	/* Drop old route. */

	skb_dst_drop(skb);

	skb_dst_set(skb, &rt->dst);



	if (skb_dst(skb)->error)

		return -1;

		return skb_dst(skb)->error;



#ifdef CONFIG_XFRM

	if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
@@ -56,7 +61,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) 
		skb_dst_set(skb, NULL);

		dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0);

		if (IS_ERR(dst))

			return -1;

			return PTR_ERR(dst);;

		skb_dst_set(skb, dst);

	}

#endif
@@ -66,7 +71,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) 
	if (skb_headroom(skb) < hh_len &&

	    pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)),

				0, GFP_ATOMIC))

		return -1;

		return -ENOMEM;



	return 0;

}

net/ipv4/netfilter/Kconfig

+1 −1
Original line number Diff line number Diff line
@@ -71,7 +71,7 @@ config IP_NF_MATCH_ECN 


config IP_NF_MATCH_RPFILTER

	tristate '"rpfilter" reverse path filter match support'

	depends on NETFILTER_ADVANCED

	depends on NETFILTER_ADVANCED && (IP_NF_MANGLE || IP_NF_RAW)

	---help---

	  This option allows you to match packets whose replies would

	  go out via the interface the packet came in.

net/ipv4/netfilter/arp_tables.c

+1 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 
 * Some ARP specific bits are:

 *

 * Copyright (C) 2002 David S. Miller (davem@redhat.com)

 * Copyright (C) 2006-2009 Patrick McHardy <kaber@trash.net>

 *

 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

net/ipv4/netfilter/ip_tables.c

+1 −0
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
 *

 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling

 * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>

 * Copyright (C) 2006-2010 Patrick McHardy <kaber@trash.net>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

net/ipv4/netfilter/ipt_ULOG.c

+1 −0
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 
 * (C) 2000-2004 by Harald Welte <laforge@netfilter.org>

 * (C) 1999-2001 Paul `Rusty' Russell

 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>

 * (C) 2005-2007 Patrick McHardy <kaber@trash.net>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as