Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 143554ac authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Conflicts:
	net/netfilter/nf_log.c

The conflict in nf_log.c is that in 'net' we added CONFIG_PROC_FS
protection around foo_proc_entry() calls to fix a build failure,
whereas in Pablo's tree a guard if() test around a call is
remove_proc_entry() was removed.  Trivially resolved.

Pablo Neira Ayuso says:

====================
The following patchset contains the first batch of
Netfilter/IPVS updates for your net-next tree, they are:

* Three patches with improvements and code refactorization
  for nfnetlink_queue, from Florian Westphal.

* FTP helper now parses replies without brackets, as RFC1123
  recommends, from Jeff Mahoney.

* Rise a warning to tell everyone about ULOG deprecation,
  NFLOG has been already in the kernel tree for long time
  and supersedes the old logging over netlink stub, from
  myself.

* Don't panic if we fail to load netfilter core framework,
  just bail out instead, from myself.

* Add cond_resched_rcu, used by IPVS to allow rescheduling
  while walking over big hashtables, from Simon Horman.

* Change type of IPVS sysctl_sync_qlen_max sysctl to avoid
  possible overflow, from Zhang Yanfei.

* Use strlcpy instead of strncpy to skip zeroing of already
  initialized area to write the extension names in ebtables,
  from Chen Gang.

* Use already existing per-cpu notrack object from xt_CT,
  from Eric Dumazet.

* Save explicit socket lookup in xt_socket now that we have
  early demux, also from Eric Dumazet.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 6bc19fb8 7f87712c

include/linux/netfilter.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -35,7 +35,7 @@ static inline void nf_inet_addr_mask(const union nf_inet_addr *a1, 
	result->all[3] = a1->all[3] & mask->all[3];

	result->all[3] = a1->all[3] & mask->all[3];

}

}





extern void netfilter_init(void);

extern int netfilter_init(void);





/* Largest hook number + 1 */

/* Largest hook number + 1 */

#define NF_MAX_HOOKS 8

#define NF_MAX_HOOKS 8

include/linux/sched.h

+9 −0
Original line number Original line Diff line number Diff line
@@ -2444,6 +2444,15 @@ extern int __cond_resched_softirq(void); 
	__cond_resched_softirq();					\

	__cond_resched_softirq();					\

})

})





static inline void cond_resched_rcu(void)

{

#if defined(CONFIG_DEBUG_ATOMIC_SLEEP) || !defined(CONFIG_PREEMPT_RCU)

	rcu_read_unlock();

	cond_resched();

	rcu_read_lock();

#endif

}



/*

/*

 * Does a critical section need to be broken due to another

 * Does a critical section need to be broken due to another

 * task waiting?: (technically does not depend on CONFIG_PREEMPT,

 * task waiting?: (technically does not depend on CONFIG_PREEMPT,

include/net/ip_vs.h

+4 −4
Original line number Original line Diff line number Diff line
@@ -905,7 +905,7 @@ struct ip_vs_app { 
struct ipvs_master_sync_state {

struct ipvs_master_sync_state {

	struct list_head	sync_queue;

	struct list_head	sync_queue;

	struct ip_vs_sync_buff	*sync_buff;

	struct ip_vs_sync_buff	*sync_buff;

	int			sync_queue_len;

	unsigned long		sync_queue_len;

	unsigned int		sync_queue_delay;

	unsigned int		sync_queue_delay;

	struct task_struct	*master_thread;

	struct task_struct	*master_thread;

	struct delayed_work	master_wakeup_work;

	struct delayed_work	master_wakeup_work;
@@ -998,7 +998,7 @@ struct netns_ipvs { 
	int			sysctl_snat_reroute;

	int			sysctl_snat_reroute;

	int			sysctl_sync_ver;

	int			sysctl_sync_ver;

	int			sysctl_sync_ports;

	int			sysctl_sync_ports;

	int			sysctl_sync_qlen_max;

	unsigned long		sysctl_sync_qlen_max;

	int			sysctl_sync_sock_size;

	int			sysctl_sync_sock_size;

	int			sysctl_cache_bypass;

	int			sysctl_cache_bypass;

	int			sysctl_expire_nodest_conn;

	int			sysctl_expire_nodest_conn;
@@ -1085,7 +1085,7 @@ static inline int sysctl_sync_ports(struct netns_ipvs *ipvs) 
	return ACCESS_ONCE(ipvs->sysctl_sync_ports);

	return ACCESS_ONCE(ipvs->sysctl_sync_ports);

}

}





static inline int sysctl_sync_qlen_max(struct netns_ipvs *ipvs)

static inline unsigned long sysctl_sync_qlen_max(struct netns_ipvs *ipvs)

{

{

	return ipvs->sysctl_sync_qlen_max;

	return ipvs->sysctl_sync_qlen_max;

}

}
@@ -1138,7 +1138,7 @@ static inline int sysctl_sync_ports(struct netns_ipvs *ipvs) 
	return 1;

	return 1;

}

}





static inline int sysctl_sync_qlen_max(struct netns_ipvs *ipvs)

static inline unsigned long sysctl_sync_qlen_max(struct netns_ipvs *ipvs)

{

{

	return IPVS_SYNC_QLEN_MAX;

	return IPVS_SYNC_QLEN_MAX;

}

}

include/net/netns/x_tables.h

+6 −0
Original line number Original line Diff line number Diff line
@@ -15,5 +15,11 @@ struct netns_xt { 
	struct ebt_table *frame_filter;

	struct ebt_table *frame_filter;

	struct ebt_table *frame_nat;

	struct ebt_table *frame_nat;

#endif

#endif

#if IS_ENABLED(CONFIG_IP_NF_TARGET_ULOG)

	bool ulog_warn_deprecated;

#endif

#if IS_ENABLED(CONFIG_BRIDGE_EBT_ULOG)

	bool ebt_ulog_warn_deprecated;

#endif

};

};

#endif
 
#endif

net/bridge/netfilter/ebt_ulog.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -271,6 +271,12 @@ static int ebt_ulog_tg_check(const struct xt_tgchk_param *par) 
{

{

	struct ebt_ulog_info *uloginfo = par->targinfo;

	struct ebt_ulog_info *uloginfo = par->targinfo;





	if (!par->net->xt.ebt_ulog_warn_deprecated) {

		pr_info("ebt_ulog is deprecated and it will be removed soon, "

			"use ebt_nflog instead\n");

		par->net->xt.ebt_ulog_warn_deprecated = true;

	}



	if (uloginfo->nlgroup > 31)

	if (uloginfo->nlgroup > 31)

		return -EINVAL;

		return -EINVAL;