Commit bd1d97d8 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for net-next, mostly
rather small housekeeping patches:

1) Remove unused variable in IPVS, from GuoYong Zheng.

2) Use memset_after in conntrack, from Kees Cook.

3) Remove leftover function in nfnetlink_queue, from Florian Westphal.

4) Remove redundant test on bool in conntrack, from Bernard Zhao.

5) egress support for nft_fwd, from Lukas Wunner.

6) Make pppoe work for br_netfilter, from Florian Westphal.

7) Remove unused variable in conntrack resize routine, from luo penghao.

* git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next:
  netfilter: conntrack: Remove useless assignment statements
  netfilter: bridge: add support for pppoe filtering
  netfilter: nft_fwd_netdev: Support egress hook
  netfilter: ctnetlink: remove useless type conversion to bool
  netfilter: nf_queue: remove leftover synchronize_rcu
  netfilter: conntrack: Use memset_startat() to zero struct nf_conn
  ipvs: remove unused variable for ip_vs_new_dest
====================

Link: https://lore.kernel.org/r/20211215234911.170741-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 3bc14ea0 284ca764

net/bridge/br_netfilter_hooks.c

+3 −4
Original line number Diff line number Diff line
@@ -743,6 +743,9 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff 
	if (nf_bridge->frag_max_size && nf_bridge->frag_max_size < mtu)

		mtu = nf_bridge->frag_max_size;



	nf_bridge_update_protocol(skb);

	nf_bridge_push_encap_header(skb);



	if (skb_is_gso(skb) || skb->len + mtu_reserved <= mtu) {

		nf_bridge_info_free(skb);

		return br_dev_queue_push_xmit(net, sk, skb);
@@ -760,8 +763,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff 


		IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;



		nf_bridge_update_protocol(skb);



		data = this_cpu_ptr(&brnf_frag_data_storage);



		if (skb_vlan_tag_present(skb)) {
@@ -789,8 +790,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff 


		IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;



		nf_bridge_update_protocol(skb);



		data = this_cpu_ptr(&brnf_frag_data_storage);

		data->encap_size = nf_bridge_encap_header_len(skb);

		data->size = ETH_HLEN + data->encap_size;

net/netfilter/ipvs/ip_vs_ctl.c

+2 −5
Original line number Diff line number Diff line
@@ -960,8 +960,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, 
 *	Create a destination for the given service

 */

static int

ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,

	       struct ip_vs_dest **dest_p)

ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)

{

	struct ip_vs_dest *dest;

	unsigned int atype, i;
@@ -1021,8 +1020,6 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest, 
	spin_lock_init(&dest->stats.lock);

	__ip_vs_update_dest(svc, dest, udest, 1);



	*dest_p = dest;



	LeaveFunction(2);

	return 0;
@@ -1096,7 +1093,7 @@ ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest) 
		/*

		 * Allocate and initialize the dest structure

		 */

		ret = ip_vs_new_dest(svc, udest, &dest);

		ret = ip_vs_new_dest(svc, udest);

	}

	LeaveFunction(2);

net/netfilter/nf_conntrack_core.c

+1 −4
Original line number Diff line number Diff line
@@ -1562,9 +1562,7 @@ __nf_conntrack_alloc(struct net *net, 
	ct->status = 0;

	WRITE_ONCE(ct->timeout, 0);

	write_pnet(&ct->ct_net, net);

	memset(&ct->__nfct_init_offset, 0,

	       offsetof(struct nf_conn, proto) -

	       offsetof(struct nf_conn, __nfct_init_offset));

	memset_after(ct, 0, __nfct_init_offset);



	nf_ct_zone_add(ct, zone);
@@ -2590,7 +2588,6 @@ int nf_conntrack_hash_resize(unsigned int hashsize) 
			hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]);

		}

	}

	old_size = nf_conntrack_htable_size;

	old_hash = nf_conntrack_hash;



	nf_conntrack_hash = hash;

net/netfilter/nf_conntrack_netlink.c

+1 −1
Original line number Diff line number Diff line
@@ -1746,7 +1746,7 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying 
			res = ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,

						  cb->nlh->nlmsg_seq,

						  NFNL_MSG_TYPE(cb->nlh->nlmsg_type),

						  ct, dying ? true : false, 0);

						  ct, dying, 0);

			if (res < 0) {

				if (!atomic_inc_not_zero(&ct->ct_general.use))

					continue;

net/netfilter/nfnetlink_queue.c

+0 −6
Original line number Diff line number Diff line
@@ -1527,15 +1527,9 @@ static void __net_exit nfnl_queue_net_exit(struct net *net) 
		WARN_ON_ONCE(!hlist_empty(&q->instance_table[i]));

}



static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list)

{

	synchronize_rcu();

}



static struct pernet_operations nfnl_queue_net_ops = {

	.init		= nfnl_queue_net_init,

	.exit		= nfnl_queue_net_exit,

	.exit_batch	= nfnl_queue_net_exit_batch,

	.id		= &nfnl_queue_net_id,

	.size		= sizeof(struct nfnl_queue_net),

};