Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d6da8381 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The follow patchset contains Netfilter fixes for your net tree,
they are:

1) Fix compilation warning in x_tables with clang due to useless
   redundant reassignment, from Colin Ian King.

2) Add bugtrap to net_exit to catch uninitialized lists, patch
   from Vasily Averin.

3) Fix out of bounds memory reads in H323 conntrack helper, this
   comes with an initial patch to remove replace the obscure
   CHECK_BOUND macro as a dependency. From Eric Sesterhenn.

4) Reduce retransmission timeout when window is 0 in TCP conntrack,
   from Florian Westphal.

6) ctnetlink clamp timeout to INT_MAX if timeout is too large,
   otherwise timeout wraps around and it results in killing the
   entry that is being added immediately.

7) Missing CAP_NET_ADMIN checks in cthelper and xt_osf, due to
   no netns support. From Kevin Cernekee.

8) Missing maximum number of instructions checks in xt_bpf, patch
   from Jann Horn.

9) With no CONFIG_PROC_FS ipt_CLUSTERIP compilation breaks,
   patch from Arnd Bergmann.

10) Missing netlink attribute policy in nftables exthdr, from
    Florian Westphal.

11) Enable conntrack with IPv6 MASQUERADE rules, as a357b3f8
    should have done in first place, from Konstantin Khlebnikov.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 2a9ee696 23715275

net/ipv4/netfilter/arp_tables.c

+0 −1
Original line number Diff line number Diff line
@@ -373,7 +373,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo, 
					if (!xt_find_jump_offset(offsets, newpos,

								 newinfo->number))

						return 0;

					e = entry0 + newpos;

				} else {

					/* ... this is a fallthru */

					newpos = pos + e->next_offset;

net/ipv4/netfilter/ip_tables.c

+0 −1
Original line number Diff line number Diff line
@@ -439,7 +439,6 @@ mark_source_chains(const struct xt_table_info *newinfo, 
					if (!xt_find_jump_offset(offsets, newpos,

								 newinfo->number))

						return 0;

					e = entry0 + newpos;

				} else {

					/* ... this is a fallthru */

					newpos = pos + e->next_offset;

net/ipv4/netfilter/ipt_CLUSTERIP.c

+2 −1
Original line number Diff line number Diff line
@@ -813,12 +813,13 @@ static int clusterip_net_init(struct net *net) 


static void clusterip_net_exit(struct net *net)

{

#ifdef CONFIG_PROC_FS

	struct clusterip_net *cn = net_generic(net, clusterip_net_id);

#ifdef CONFIG_PROC_FS

	proc_remove(cn->procdir);

	cn->procdir = NULL;

#endif

	nf_unregister_net_hook(net, &cip_arp_ops);

	WARN_ON_ONCE(!list_empty(&cn->configs));

}



static struct pernet_operations clusterip_net_ops = {

net/ipv6/netfilter/ip6_tables.c

+0 −1
Original line number Diff line number Diff line
@@ -458,7 +458,6 @@ mark_source_chains(const struct xt_table_info *newinfo, 
					if (!xt_find_jump_offset(offsets, newpos,

								 newinfo->number))

						return 0;

					e = entry0 + newpos;

				} else {

					/* ... this is a fallthru */

					newpos = pos + e->next_offset;

net/ipv6/netfilter/ip6t_MASQUERADE.c

+7 −1
Original line number Diff line number Diff line
@@ -33,13 +33,19 @@ static int masquerade_tg6_checkentry(const struct xt_tgchk_param *par) 


	if (range->flags & NF_NAT_RANGE_MAP_IPS)

		return -EINVAL;

	return 0;

	return nf_ct_netns_get(par->net, par->family);

}



static void masquerade_tg6_destroy(const struct xt_tgdtor_param *par)

{

	nf_ct_netns_put(par->net, par->family);

}



static struct xt_target masquerade_tg6_reg __read_mostly = {

	.name		= "MASQUERADE",

	.family		= NFPROTO_IPV6,

	.checkentry	= masquerade_tg6_checkentry,

	.destroy	= masquerade_tg6_destroy,

	.target		= masquerade_tg6,

	.targetsize	= sizeof(struct nf_nat_range),

	.table		= "nat",