Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3009adf5 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

parents 9281b2a2 42c1edd3

include/net/netfilter/nf_conntrack.h

+6 −0
Original line number Diff line number Diff line
@@ -307,6 +307,12 @@ static inline int nf_ct_is_untracked(const struct nf_conn *ct) 
	return test_bit(IPS_UNTRACKED_BIT, &ct->status);

}



/* Packet is received from loopback */

static inline bool nf_is_loopback_packet(const struct sk_buff *skb)

{

	return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK;

}



extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);

extern unsigned int nf_conntrack_htable_size;

extern unsigned int nf_conntrack_max;

net/ipv4/netfilter/ip_queue.c

+2 −1
Original line number Diff line number Diff line
@@ -203,7 +203,8 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp) 
	else

		pmsg->outdev_name[0] = '\0';



	if (entry->indev && entry->skb->dev) {

	if (entry->indev && entry->skb->dev &&

	    entry->skb->mac_header != entry->skb->network_header) {

		pmsg->hw_type = entry->skb->dev->type;

		pmsg->hw_addrlen = dev_parse_header(entry->skb,

						    pmsg->hw_addr);

net/ipv4/netfilter/ip_tables.c

+1 −1
Original line number Diff line number Diff line
@@ -566,7 +566,7 @@ check_entry(const struct ipt_entry *e, const char *name) 
	const struct xt_entry_target *t;



	if (!ip_checkentry(&e->ip)) {

		duprintf("ip check failed %p %s.\n", e, par->match->name);

		duprintf("ip check failed %p %s.\n", e, name);

		return -EINVAL;

	}

net/ipv4/netfilter/ipt_ecn.c

+3 −4
Original line number Diff line number Diff line
@@ -25,7 +25,8 @@ MODULE_LICENSE("GPL"); 
static inline bool match_ip(const struct sk_buff *skb,

			    const struct ipt_ecn_info *einfo)

{

	return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;

	return ((ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect) ^

	       !!(einfo->invert & IPT_ECN_OP_MATCH_IP);

}



static inline bool match_tcp(const struct sk_buff *skb,
@@ -76,8 +77,6 @@ static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par) 
			return false;



	if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {

		if (ip_hdr(skb)->protocol != IPPROTO_TCP)

			return false;

		if (!match_tcp(skb, info, &par->hotdrop))

			return false;

	}
@@ -97,7 +96,7 @@ static int ecn_mt_check(const struct xt_mtchk_param *par) 
		return -EINVAL;



	if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) &&

	    ip->proto != IPPROTO_TCP) {

	    (ip->proto != IPPROTO_TCP || ip->invflags & IPT_INV_PROTO)) {

		pr_info("cannot match TCP bits in rule for non-tcp packets\n");

		return -EINVAL;

	}

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

+3 −1
Original line number Diff line number Diff line
@@ -121,7 +121,9 @@ static unsigned int ipv4_confirm(unsigned int hooknum, 
		return ret;

	}



	if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {

	/* adjust seqs for loopback traffic only in outgoing direction */

	if (test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) &&

	    !nf_is_loopback_packet(skb)) {

		typeof(nf_nat_seq_adjust_hook) seq_adjust;



		seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook);