Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5ff1dd24 authored Jan 16, 2014 by David S. Miller

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables



Pablo Neira Ayuso says:

====================
This small batch contains several Netfilter fixes for your net-next
tree, more specifically:

* Fix compilation warning in nft_ct in NF_CONNTRACK_MARK is not set,
  from Kristian Evensen.

* Add dependency to IPV6 for NF_TABLES_INET. This one has been reported
  by the several robots that are testing .config combinations, from Paul
  Gortmaker.

* Fix default base chain policy setting in nf_tables, from myself.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

parents 89740ca7 847c8e29

net/netfilter/Kconfig

+1 −1

Original line number	Diff line number	Diff line
		@@ -429,7 +429,7 @@ config NF_TABLES
		To compile it as a module, choose M here.

		config NF_TABLES_INET
		depends on NF_TABLES
		depends on NF_TABLES && IPV6
		select NF_TABLES_IPV4
		select NF_TABLES_IPV6
		tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support"

net/netfilter/nf_tables_api.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -859,7 +859,7 @@ static int nf_tables_newchain(struct sock nlsk, struct sk_buff skb,
		nla[NFTA_CHAIN_HOOK] == NULL)
		return -EOPNOTSUPP;

		policy = nla_get_be32(nla[NFTA_CHAIN_POLICY]);
		policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY]));
		switch (policy) {
		case NF_DROP:
		case NF_ACCEPT:

net/netfilter/nft_ct.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -133,7 +133,9 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
		{
		const struct nft_ct *priv = nft_expr_priv(expr);
		struct sk_buff *skb = pkt->skb;
		#ifdef CONFIG_NF_CONNTRACK_MARK
		u32 value = data[priv->sreg].data[0];
		#endif
		enum ip_conntrack_info ctinfo;
		struct nf_conn *ct;