Loading include/net/netfilter/nf_conntrack_ecache.h +0 −3 Original line number Diff line number Diff line Loading @@ -77,9 +77,6 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) if (e == NULL) return; if (!(e->ctmask & (1 << event))) return; set_bit(event, &e->cache); } Loading net/ipv4/netfilter/arpt_mangle.c +3 −3 Original line number Diff line number Diff line Loading @@ -60,12 +60,12 @@ static int checkentry(const struct xt_tgchk_param *par) if (mangle->flags & ~ARPT_MANGLE_MASK || !(mangle->flags & ARPT_MANGLE_MASK)) return false; return -EINVAL; if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && mangle->target != XT_CONTINUE) return false; return true; return -EINVAL; return 0; } static struct xt_target arpt_mangle_reg __read_mostly = { Loading net/netfilter/nf_conntrack_ecache.c +3 −0 Original line number Diff line number Diff line Loading @@ -63,6 +63,9 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct) * this does not harm and it happens very rarely. */ unsigned long missed = e->missed; if (!((events | missed) & e->ctmask)) goto out_unlock; ret = notify->fcn(events | missed, &item); if (unlikely(ret < 0 || missed)) { spin_lock_bh(&ct->lock); Loading net/netfilter/nf_conntrack_netlink.c +1 −0 Original line number Diff line number Diff line Loading @@ -667,6 +667,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, ct) < 0) { nf_conntrack_get(&ct->ct_general); cb->args[1] = (unsigned long)ct; goto out; } Loading net/netfilter/xt_iprange.c +7 −9 Original line number Diff line number Diff line Loading @@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par) } static inline int iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b) iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b) { unsigned int i; int r; for (i = 0; i < 4; ++i) { r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]); if (r != 0) return r; if (a->s6_addr32[i] != b->s6_addr32[i]) return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]); } return 0; Loading @@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par) bool m; if (info->flags & IPRANGE_SRC) { m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; m = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6); m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr); m ^= !!(info->flags & IPRANGE_SRC_INV); if (m) return false; } if (info->flags & IPRANGE_DST) { m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; m = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6); m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr); m ^= !!(info->flags & IPRANGE_DST_INV); if (m) return false; Loading Loading
include/net/netfilter/nf_conntrack_ecache.h +0 −3 Original line number Diff line number Diff line Loading @@ -77,9 +77,6 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) if (e == NULL) return; if (!(e->ctmask & (1 << event))) return; set_bit(event, &e->cache); } Loading
net/ipv4/netfilter/arpt_mangle.c +3 −3 Original line number Diff line number Diff line Loading @@ -60,12 +60,12 @@ static int checkentry(const struct xt_tgchk_param *par) if (mangle->flags & ~ARPT_MANGLE_MASK || !(mangle->flags & ARPT_MANGLE_MASK)) return false; return -EINVAL; if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && mangle->target != XT_CONTINUE) return false; return true; return -EINVAL; return 0; } static struct xt_target arpt_mangle_reg __read_mostly = { Loading
net/netfilter/nf_conntrack_ecache.c +3 −0 Original line number Diff line number Diff line Loading @@ -63,6 +63,9 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct) * this does not harm and it happens very rarely. */ unsigned long missed = e->missed; if (!((events | missed) & e->ctmask)) goto out_unlock; ret = notify->fcn(events | missed, &item); if (unlikely(ret < 0 || missed)) { spin_lock_bh(&ct->lock); Loading
net/netfilter/nf_conntrack_netlink.c +1 −0 Original line number Diff line number Diff line Loading @@ -667,6 +667,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, ct) < 0) { nf_conntrack_get(&ct->ct_general); cb->args[1] = (unsigned long)ct; goto out; } Loading
net/netfilter/xt_iprange.c +7 −9 Original line number Diff line number Diff line Loading @@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par) } static inline int iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b) iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b) { unsigned int i; int r; for (i = 0; i < 4; ++i) { r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]); if (r != 0) return r; if (a->s6_addr32[i] != b->s6_addr32[i]) return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]); } return 0; Loading @@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par) bool m; if (info->flags & IPRANGE_SRC) { m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; m = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6); m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr); m ^= !!(info->flags & IPRANGE_SRC_INV); if (m) return false; } if (info->flags & IPRANGE_DST) { m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; m = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6); m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr); m ^= !!(info->flags & IPRANGE_DST_INV); if (m) return false; Loading
