lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

Browse Source
This commit is contained in:
David S. Miller
2010-02-19 12:45:20 -08:00
parent cf261b2392 64507fdbc2
commit 927606a17e
3 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/linux/netfilter.h
View File

@@ -212,8 +212,9 @@ NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb,
struct net_device *in, struct net_device *out, struct net_device *in, struct net_device *out,
int (*okfn)(struct sk_buff *), bool cond) int (*okfn)(struct sk_buff *), bool cond)
{ {
int ret = 1; int ret;
if (cond ||
if (!cond ||
(ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1)) (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1))
ret = okfn(skb); ret = okfn(skb);
return ret; return ret;

22
net/netfilter/nf_conntrack_netlink.c
View File

@@ -1077,9 +1077,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
/* need to zero data of old helper */ /* need to zero data of old helper */
memset(&help->help, 0, sizeof(help->help)); memset(&help->help, 0, sizeof(help->help));
} else { } else {
help = nf_ct_helper_ext_add(ct, GFP_ATOMIC); /* we cannot set a helper for an existing conntrack */
if (help == NULL) return -EOPNOTSUPP;
return -ENOMEM;
} }
rcu_assign_pointer(help->helper, helper); rcu_assign_pointer(help->helper, helper);
@@ -1263,7 +1262,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT])); ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT]));
ct->timeout.expires = jiffies + ct->timeout.expires * HZ; ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED;
rcu_read_lock(); rcu_read_lock();
if (cda[CTA_HELP]) { if (cda[CTA_HELP]) {
@@ -1314,14 +1312,19 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
goto err2; goto err2;
} }
if (cda[CTA_STATUS]) { if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
err = ctnetlink_change_status(ct, cda); err = ctnetlink_change_nat(ct, cda);
if (err < 0) if (err < 0)
goto err2; goto err2;
} }
if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { nf_ct_acct_ext_add(ct, GFP_ATOMIC);
err = ctnetlink_change_nat(ct, cda); nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
/* we must add conntrack extensions before confirmation. */
ct->status |= IPS_CONFIRMED;
if (cda[CTA_STATUS]) {
err = ctnetlink_change_status(ct, cda);
if (err < 0) if (err < 0)
goto err2; goto err2;
} }
@@ -1340,9 +1343,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
goto err2; goto err2;
} }
nf_ct_acct_ext_add(ct, GFP_ATOMIC);
nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
#if defined(CONFIG_NF_CONNTRACK_MARK) #if defined(CONFIG_NF_CONNTRACK_MARK)
if (cda[CTA_MARK]) if (cda[CTA_MARK])
ct->mark = ntohl(nla_get_be32(cda[CTA_MARK])); ct->mark = ntohl(nla_get_be32(cda[CTA_MARK]));

2
net/netfilter/nf_queue.c
View File

@@ -265,7 +265,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
local_bh_disable(); local_bh_disable();
entry->okfn(skb); entry->okfn(skb);
local_bh_enable(); local_bh_enable();
case NF_STOLEN:
break; break;
case NF_QUEUE: case NF_QUEUE:
if (!__nf_queue(skb, elem, entry->pf, entry->hook, if (!__nf_queue(skb, elem, entry->pf, entry->hook,
@@ -273,6 +272,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
verdict >> NF_VERDICT_BITS)) verdict >> NF_VERDICT_BITS))
goto next_hook; goto next_hook;
break; break;
case NF_STOLEN:
default: default:
kfree_skb(skb); kfree_skb(skb);
} }