Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f737be8d authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree,
they are:

1) Fix chain filtering when dumping rules via nf_tables_dump_rules().

2) Fix accidental change in NF_CT_STATE_UNTRACKED_BIT through uapi,
   introduced when removing the untracked conntrack object, from
   Florian Westphal.

3) Fix potential nul-dereference when releasing dump filter in
   nf_tables_dump_obj_done(), patch from Hangbin Liu.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 6926e041 8bea728d

include/uapi/linux/netfilter/nf_conntrack_common.h

+1 −1
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ enum ip_conntrack_info { 


#define NF_CT_STATE_INVALID_BIT			(1 << 0)

#define NF_CT_STATE_BIT(ctinfo)			(1 << ((ctinfo) % IP_CT_IS_REPLY + 1))

#define NF_CT_STATE_UNTRACKED_BIT		(1 << (IP_CT_UNTRACKED + 1))

#define NF_CT_STATE_UNTRACKED_BIT		(1 << 6)



/* Bitset representing status of connection. */

enum ip_conntrack_status {

net/netfilter/nf_tables_api.c

+5 −3
Original line number Diff line number Diff line
@@ -2072,7 +2072,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb, 
				continue;



			list_for_each_entry_rcu(chain, &table->chains, list) {

				if (ctx && ctx->chain[0] &&

				if (ctx && ctx->chain &&

				    strcmp(ctx->chain, chain->name) != 0)

					continue;
@@ -4665,8 +4665,10 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb) 
{

	struct nft_obj_filter *filter = cb->data;



	if (filter) {

		kfree(filter->table);

		kfree(filter);

	}



	return 0;

}