Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 (53bd9728) · Commits · e / devices / android_kernel_oneplus_sm8150

include/linux/netfilter/xt_conntrack.h

+13 −0

Original line number	Diff line number	Diff line
		@@ -81,4 +81,17 @@ struct xt_conntrack_mtinfo1 {
		__u8 state_mask, status_mask;
		};

		struct xt_conntrack_mtinfo2 {
		union nf_inet_addr origsrc_addr, origsrc_mask;
		union nf_inet_addr origdst_addr, origdst_mask;
		union nf_inet_addr replsrc_addr, replsrc_mask;
		union nf_inet_addr repldst_addr, repldst_mask;
		__u32 expires_min, expires_max;
		__u16 l4proto;
		__be16 origsrc_port, origdst_port;
		__be16 replsrc_port, repldst_port;
		__u16 match_flags, invert_flags;
		__u16 state_mask, status_mask;
		};

		#endif /_XT_CONNTRACK_H/

include/linux/netfilter/xt_osf.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -20,6 +20,8 @@
		#ifndef _XT_OSF_H
		#define _XT_OSF_H

		#include <linux/types.h>

		#define MAXGENRELEN 32

		#define XT_OSF_GENRE (1<<0)

include/net/netfilter/nf_conntrack.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -258,8 +258,8 @@ static inline bool nf_ct_kill(struct nf_conn *ct)
		/* Update TCP window tracking data when NAT mangles the packet */
		extern void nf_conntrack_tcp_update(const struct sk_buff *skb,
		unsigned int dataoff,
		struct nf_conn *ct,
		int dir);
		struct nf_conn *ct, int dir,
		s16 offset);

		/* Fake conntrack entry for untracked connections */
		extern struct nf_conn nf_conntrack_untracked;

net/ipv4/netfilter/nf_nat_helper.c

+11 −6

Original line number	Diff line number	Diff line
		@@ -191,7 +191,8 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb,
		ct, ctinfo);
		/* Tell TCP window tracking about seq change */
		nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
		ct, CTINFO2DIR(ctinfo));
		ct, CTINFO2DIR(ctinfo),
		(int)rep_len - (int)match_len);

		nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
		}
		@@ -377,6 +378,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
		struct tcphdr *tcph;
		int dir;
		__be32 newseq, newack;
		s16 seqoff, ackoff;
		struct nf_conn_nat *nat = nfct_nat(ct);
		struct nf_nat_seq this_way, other_way;

		@@ -390,15 +392,18 @@ nf_nat_seq_adjust(struct sk_buff *skb,

		tcph = (void *)skb->data + ip_hdrlen(skb);
		if (after(ntohl(tcph->seq), this_way->correction_pos))
		newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
		seqoff = this_way->offset_after;
		else
		newseq = htonl(ntohl(tcph->seq) + this_way->offset_before);
		seqoff = this_way->offset_before;

		if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
		other_way->correction_pos))
		newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after);
		ackoff = other_way->offset_after;
		else
		newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
		ackoff = other_way->offset_before;

		newseq = htonl(ntohl(tcph->seq) + seqoff);
		newack = htonl(ntohl(tcph->ack_seq) - ackoff);

		inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
		inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
		@@ -413,7 +418,7 @@ nf_nat_seq_adjust(struct sk_buff *skb,
		if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
		return 0;

		nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir);
		nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir, seqoff);

		return 1;
		}

net/netfilter/nf_conntrack_expect.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -617,8 +617,10 @@ int nf_conntrack_expect_init(struct net *net)
		void nf_conntrack_expect_fini(struct net *net)
		{
		exp_proc_remove(net);
		if (net_eq(net, &init_net))
		if (net_eq(net, &init_net)) {
		rcu_barrier(); /* Wait for call_rcu() before destroy */
		kmem_cache_destroy(nf_ct_expect_cachep);
		}
		nf_ct_free_hashtable(net->ct.expect_hash, net->ct.expect_vmalloc,
		nf_ct_expect_hsize);
		}