Commit ccb39c62 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix NAT IPv6 offload in the flowtable.

2) icmpv6 is printed as unknown in /proc/net/nf_conntrack.

3) Use div64_u64() in nft_limit, from Eric Dumazet.

4) Use pre_exit to unregister ebtables and arptables hooks,
   from Florian Westphal.

5) Fix out-of-bound memset in x_tables compat match/target,
   also from Florian.

6) Clone set elements expression to ensure proper initialization.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents f33b0e19 4d8f9065

include/linux/netfilter_arp/arp_tables.h

+3 −2
Original line number Diff line number Diff line
@@ -52,7 +52,8 @@ extern void *arpt_alloc_initial_table(const struct xt_table *); 
int arpt_register_table(struct net *net, const struct xt_table *table,

			const struct arpt_replace *repl,

			const struct nf_hook_ops *ops, struct xt_table **res);

void arpt_unregister_table(struct net *net, struct xt_table *table,

void arpt_unregister_table(struct net *net, struct xt_table *table);

void arpt_unregister_table_pre_exit(struct net *net, struct xt_table *table,

				    const struct nf_hook_ops *ops);

extern unsigned int arpt_do_table(struct sk_buff *skb,

				  const struct nf_hook_state *state,

include/linux/netfilter_bridge/ebtables.h

+3 −2
Original line number Diff line number Diff line
@@ -110,8 +110,9 @@ extern int ebt_register_table(struct net *net, 
			      const struct ebt_table *table,

			      const struct nf_hook_ops *ops,

			      struct ebt_table **res);

extern void ebt_unregister_table(struct net *net, struct ebt_table *table,

				 const struct nf_hook_ops *);

extern void ebt_unregister_table(struct net *net, struct ebt_table *table);

void ebt_unregister_table_pre_exit(struct net *net, const char *tablename,

				   const struct nf_hook_ops *ops);

extern unsigned int ebt_do_table(struct sk_buff *skb,

				 const struct nf_hook_state *state,

				 struct ebt_table *table);

net/bridge/netfilter/ebtable_broute.c

+7 −1
Original line number Diff line number Diff line
@@ -105,14 +105,20 @@ static int __net_init broute_net_init(struct net *net) 
				  &net->xt.broute_table);

}



static void __net_exit broute_net_pre_exit(struct net *net)

{

	ebt_unregister_table_pre_exit(net, "broute", &ebt_ops_broute);

}



static void __net_exit broute_net_exit(struct net *net)

{

	ebt_unregister_table(net, net->xt.broute_table, &ebt_ops_broute);

	ebt_unregister_table(net, net->xt.broute_table);

}



static struct pernet_operations broute_net_ops = {

	.init = broute_net_init,

	.exit = broute_net_exit,

	.pre_exit = broute_net_pre_exit,

};



static int __init ebtable_broute_init(void)

net/bridge/netfilter/ebtable_filter.c

+7 −1
Original line number Diff line number Diff line
@@ -99,14 +99,20 @@ static int __net_init frame_filter_net_init(struct net *net) 
				  &net->xt.frame_filter);

}



static void __net_exit frame_filter_net_pre_exit(struct net *net)

{

	ebt_unregister_table_pre_exit(net, "filter", ebt_ops_filter);

}



static void __net_exit frame_filter_net_exit(struct net *net)

{

	ebt_unregister_table(net, net->xt.frame_filter, ebt_ops_filter);

	ebt_unregister_table(net, net->xt.frame_filter);

}



static struct pernet_operations frame_filter_net_ops = {

	.init = frame_filter_net_init,

	.exit = frame_filter_net_exit,

	.pre_exit = frame_filter_net_pre_exit,

};



static int __init ebtable_filter_init(void)

net/bridge/netfilter/ebtable_nat.c

+7 −1
Original line number Diff line number Diff line
@@ -99,14 +99,20 @@ static int __net_init frame_nat_net_init(struct net *net) 
				  &net->xt.frame_nat);

}



static void __net_exit frame_nat_net_pre_exit(struct net *net)

{

	ebt_unregister_table_pre_exit(net, "nat", ebt_ops_nat);

}



static void __net_exit frame_nat_net_exit(struct net *net)

{

	ebt_unregister_table(net, net->xt.frame_nat, ebt_ops_nat);

	ebt_unregister_table(net, net->xt.frame_nat);

}



static struct pernet_operations frame_nat_net_ops = {

	.init = frame_nat_net_init,

	.exit = frame_nat_net_exit,

	.pre_exit = frame_nat_net_pre_exit,

};



static int __init ebtable_nat_init(void)