Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
This commit is contained in:
David S. Miller
@@ -62,6 +62,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
|
|||||||
if (ct && ct != &nf_conntrack_untracked) {
|
if (ct && ct != &nf_conntrack_untracked) {
|
||||||
if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
|
if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
|
||||||
ret = __nf_conntrack_confirm(skb);
|
ret = __nf_conntrack_confirm(skb);
|
||||||
|
if (likely(ret == NF_ACCEPT))
|
||||||
nf_ct_deliver_cached_events(ct);
|
nf_ct_deliver_cached_events(ct);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
|
|||||||
if (!ipv6_ext_hdr(nexthdr)) {
|
if (!ipv6_ext_hdr(nexthdr)) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (len < (int)sizeof(struct ipv6_opt_hdr)) {
|
|
||||||
pr_debug("too short\n");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (nexthdr == NEXTHDR_NONE) {
|
if (nexthdr == NEXTHDR_NONE) {
|
||||||
pr_debug("next header is none\n");
|
pr_debug("next header is none\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
if (len < (int)sizeof(struct ipv6_opt_hdr)) {
|
||||||
|
pr_debug("too short\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
|
if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
|
||||||
BUG();
|
BUG();
|
||||||
if (nexthdr == NEXTHDR_AUTH)
|
if (nexthdr == NEXTHDR_AUTH)
|
||||||
|
|||||||
@@ -726,7 +726,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
|
|||||||
NF_CT_ASSERT(skb->nfct);
|
NF_CT_ASSERT(skb->nfct);
|
||||||
|
|
||||||
ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
|
ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
|
||||||
if (ret < 0) {
|
if (ret <= 0) {
|
||||||
/* Invalid: inverse of the return code tells
|
/* Invalid: inverse of the return code tells
|
||||||
* the netfilter core what to do */
|
* the netfilter core what to do */
|
||||||
pr_debug("nf_conntrack_in: Can't track with proto module\n");
|
pr_debug("nf_conntrack_in: Can't track with proto module\n");
|
||||||
|
|||||||
@@ -1780,6 +1780,7 @@ ctnetlink_create_expect(struct nlattr *cda[], u_int8_t u3, u32 pid, int report)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exp->class = 0;
|
||||||
exp->expectfn = NULL;
|
exp->expectfn = NULL;
|
||||||
exp->flags = 0;
|
exp->flags = 0;
|
||||||
exp->master = ct;
|
exp->master = ct;
|
||||||
|
|||||||
@@ -859,7 +859,7 @@ static int tcp_packet(struct nf_conn *ct,
|
|||||||
*/
|
*/
|
||||||
if (nf_ct_kill(ct))
|
if (nf_ct_kill(ct))
|
||||||
return -NF_REPEAT;
|
return -NF_REPEAT;
|
||||||
return -NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
/* Fall through */
|
/* Fall through */
|
||||||
case TCP_CONNTRACK_IGNORE:
|
case TCP_CONNTRACK_IGNORE:
|
||||||
@@ -892,7 +892,7 @@ static int tcp_packet(struct nf_conn *ct,
|
|||||||
nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
|
nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
|
||||||
"nf_ct_tcp: killing out of sync session ");
|
"nf_ct_tcp: killing out of sync session ");
|
||||||
nf_ct_kill(ct);
|
nf_ct_kill(ct);
|
||||||
return -NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
ct->proto.tcp.last_index = index;
|
ct->proto.tcp.last_index = index;
|
||||||
ct->proto.tcp.last_dir = dir;
|
ct->proto.tcp.last_dir = dir;
|
||||||
|
|||||||
Reference in New Issue
Block a user