Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf (55919b32) · Commits · EulixOS / Software / Kernel

include/net/netfilter/nf_conntrack_core.h

+6 −1

Original line number	Diff line number	Diff line
		@@ -58,8 +58,13 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
		int ret = NF_ACCEPT;

		if (ct) {
		if (!nf_ct_is_confirmed(ct))
		if (!nf_ct_is_confirmed(ct)) {
		ret = __nf_conntrack_confirm(skb);

		if (ret == NF_ACCEPT)
		ct = (struct nf_conn *)skb_nfct(skb);
		}

		if (ret == NF_ACCEPT && nf_ct_ecache_exist(ct))
		nf_ct_deliver_cached_events(ct);
		}

+9 −3

Original line number	Diff line number	Diff line
		@@ -5348,9 +5348,11 @@ static int nf_tables_getsetelem(struct sk_buff *skb,

		nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
		err = nft_get_set_elem(&ctx, set, attr);
		if (err < 0)
		if (err < 0) {
		NL_SET_BAD_ATTR(extack, attr);
		break;
		}
		}

		return err;
		}
		@@ -6126,9 +6128,11 @@ static int nf_tables_newsetelem(struct sk_buff *skb,

		nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
		err = nft_add_set_elem(&ctx, set, attr, info->nlh->nlmsg_flags);
		if (err < 0)
		if (err < 0) {
		NL_SET_BAD_ATTR(extack, attr);
		return err;
		}
		}

		if (nft_net->validate_state == NFT_VALIDATE_DO)
		return nft_table_validate(net, table);
		@@ -6397,9 +6401,11 @@ static int nf_tables_delsetelem(struct sk_buff *skb,

		nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
		err = nft_del_setelem(&ctx, set, attr);
		if (err < 0)
		if (err < 0) {
		NL_SET_BAD_ATTR(extack, attr);
		break;
		}
		}
		return err;
		}

+5 −19

Original line number	Diff line number	Diff line
		@@ -45,7 +45,6 @@ MODULE_DESCRIPTION("Netfilter messages via netlink socket");
		static unsigned int nfnetlink_pernet_id __read_mostly;

		struct nfnl_net {
		unsigned int ctnetlink_listeners;
		struct sock *nfnl;
		};

		@@ -673,17 +672,7 @@ static int nfnetlink_bind(struct net *net, int group)

		#ifdef CONFIG_NF_CONNTRACK_EVENTS
		if (type == NFNL_SUBSYS_CTNETLINK) {
		struct nfnl_net *nfnlnet = nfnl_pernet(net);

		nfnl_lock(NFNL_SUBSYS_CTNETLINK);

		if (WARN_ON_ONCE(nfnlnet->ctnetlink_listeners == UINT_MAX)) {
		nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
		return -EOVERFLOW;
		}

		nfnlnet->ctnetlink_listeners++;
		if (nfnlnet->ctnetlink_listeners == 1)
		WRITE_ONCE(net->ct.ctnetlink_has_listener, true);
		nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
		}
		@@ -694,15 +683,12 @@ static int nfnetlink_bind(struct net *net, int group)
		static void nfnetlink_unbind(struct net *net, int group)
		{
		#ifdef CONFIG_NF_CONNTRACK_EVENTS
		int type = nfnl_group2type[group];

		if (type == NFNL_SUBSYS_CTNETLINK) {
		struct nfnl_net *nfnlnet = nfnl_pernet(net);
		if (group <= NFNLGRP_NONE \|\| group > NFNLGRP_MAX)
		return;

		if (nfnl_group2type[group] == NFNL_SUBSYS_CTNETLINK) {
		nfnl_lock(NFNL_SUBSYS_CTNETLINK);
		WARN_ON_ONCE(nfnlnet->ctnetlink_listeners == 0);
		nfnlnet->ctnetlink_listeners--;
		if (nfnlnet->ctnetlink_listeners == 0)
		if (!nfnetlink_has_listeners(net, group))
		WRITE_ONCE(net->ct.ctnetlink_has_listener, false);
		nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
		}

+3 −2

Original line number	Diff line number	Diff line
		@@ -35,12 +35,13 @@ static unsigned int nfct_timeout_id __read_mostly;

		struct ctnl_timeout {
		struct list_head head;
		struct list_head free_head;
		struct rcu_head rcu_head;
		refcount_t refcnt;
		char name[CTNL_TIMEOUT_NAME_MAX];
		struct nf_ct_timeout timeout;

		struct list_head free_head;
		/* must be at the end */
		struct nf_ct_timeout timeout;
		};

		struct nfct_timeout_pernet {