netfilter 00/03: netfilter fixes

All of lore.kernel.org
 help / color / mirror / Atom feed

* netfilter 00/03: netfilter fixes
@ 2009-04-08 16:52 Patrick McHardy
  2009-04-08 16:52 ` netfilter 01/03: ip6tables regression fix Patrick McHardy
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Patrick McHardy @ 2009-04-08 16:52 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

Hi Dave,

the following patches fix three netfilter bugs:

- an incorrect dependency for the new LED target, added by myself to fix
  the compilation problem reported one or two weeks ago

- a fix for the ip6_tables "lock free counters" regression caused by a
  missing return statement

- a fix for a regression in .29, causing conntrack expectation refresh to
  create a new expectation instead of refreshing the existing one.

Please apply or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git

Please note that the git tree will bring in a merge commit of Linus'
tree from 2 days ago.

Thanks!


 include/net/netfilter/nf_conntrack_expect.h |    5 +++-
 net/ipv6/netfilter/ip6_tables.c             |    2 +
 net/netfilter/Kconfig                       |    2 +-
 net/netfilter/nf_conntrack_expect.c         |   30 +++++---------------------
 4 files changed, 13 insertions(+), 26 deletions(-)

Alex Riesen (1):
      netfilter: fix selection of "LED" target in netfilter

Eric Dumazet (1):
      netfilter: ip6tables regression fix

Pablo Neira Ayuso (1):
      netfilter: ctnetlink: fix regression in expectation handling

^ permalink raw reply	[flat|nested] 5+ messages in thread

* netfilter 01/03: ip6tables regression fix
  2009-04-08 16:52 netfilter 00/03: netfilter fixes Patrick McHardy
@ 2009-04-08 16:52 ` Patrick McHardy
  2009-04-08 16:52 ` netfilter 02/03: fix selection of "LED" target in netfilter Patrick McHardy
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2009-04-08 16:52 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

commit 49a88d18a1721ac14dbc67cd390db18ee1f3a42f
Author: Eric Dumazet <dada1@cosmosbay.com>
Date:   Mon Apr 6 17:06:55 2009 +0200

    netfilter: ip6tables regression fix
    
    Commit 7845447 (netfilter: iptables: lock free counters) broke
    ip6_tables by unconditionally returning ENOMEM in alloc_counters(),
    
    Reported-by: Graham Murray <graham@gmurray.org.uk>
    Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index dfed176..800ae85 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1033,6 +1033,8 @@ static struct xt_counters *alloc_counters(struct xt_table *table)
 
 	xt_free_table_info(info);
 
+	return counters;
+
  free_counters:
 	vfree(counters);
  nomem:

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* netfilter 02/03: fix selection of "LED" target in netfilter
  2009-04-08 16:52 netfilter 00/03: netfilter fixes Patrick McHardy
  2009-04-08 16:52 ` netfilter 01/03: ip6tables regression fix Patrick McHardy
@ 2009-04-08 16:52 ` Patrick McHardy
  2009-04-08 16:52 ` netfilter 03/03: ctnetlink: fix regression in expectation handling Patrick McHardy
  2009-04-08 20:43 ` netfilter 00/03: netfilter fixes David Miller
  3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2009-04-08 16:52 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

commit 3ae16f13027c26cb4c227392116c2027524a6444
Author: Alex Riesen <fork0@users.sourceforge.net>
Date:   Mon Apr 6 17:09:43 2009 +0200

    netfilter: fix selection of "LED" target in netfilter
    
    It's plural, not LED_TRIGGERS.
    
    Signed-off-by: Alex Riesen <fork0@users.sourceforge.net>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index bb279bf..2329c5f 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -374,7 +374,7 @@ config NETFILTER_XT_TARGET_HL
 
 config NETFILTER_XT_TARGET_LED
 	tristate '"LED" target support'
-	depends on LEDS_CLASS && LED_TRIGGERS
+	depends on LEDS_CLASS && LEDS_TRIGGERS
 	depends on NETFILTER_ADVANCED
 	help
 	  This option adds a `LED' target, which allows you to blink LEDs in

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* netfilter 03/03: ctnetlink: fix regression in expectation handling
  2009-04-08 16:52 netfilter 00/03: netfilter fixes Patrick McHardy
  2009-04-08 16:52 ` netfilter 01/03: ip6tables regression fix Patrick McHardy
  2009-04-08 16:52 ` netfilter 02/03: fix selection of "LED" target in netfilter Patrick McHardy
@ 2009-04-08 16:52 ` Patrick McHardy
  2009-04-08 20:43 ` netfilter 00/03: netfilter fixes David Miller
  3 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2009-04-08 16:52 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

commit 83731671d9e6878c0a05d309c68fb71c16d3235a
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Mon Apr 6 17:47:20 2009 +0200

    netfilter: ctnetlink: fix regression in expectation handling
    
    This patch fixes a regression (introduced by myself in commit 19abb7b:
    netfilter: ctnetlink: deliver events for conntracks changed from
    userspace) that results in an expectation re-insertion since
    __nf_ct_expect_check() may return 0 for expectation timer refreshing.
    
    This patch also removes a unnecessary refcount bump that
    pretended to avoid a possible race condition with event delivery
    and expectation timers (as said, not needed since we hold a
    reference to the object since until we finish the expectation
    setup). This also merges nf_ct_expect_related_report() and
    nf_ct_expect_related() which look basically the same.
    
    Reported-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index ab17a15..a965280 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -99,9 +99,12 @@ void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
 		       const union nf_inet_addr *,
 		       u_int8_t, const __be16 *, const __be16 *);
 void nf_ct_expect_put(struct nf_conntrack_expect *exp);
-int nf_ct_expect_related(struct nf_conntrack_expect *expect);
 int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, 
 				u32 pid, int report);
+static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect)
+{
+	return nf_ct_expect_related_report(expect, 0, 0);
+}
 
 #endif /*_NF_CONNTRACK_EXPECT_H*/
 
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 3940f99..afde8f9 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -372,7 +372,7 @@ static inline int __nf_ct_expect_check(struct nf_conntrack_expect *expect)
 	struct net *net = nf_ct_exp_net(expect);
 	struct hlist_node *n;
 	unsigned int h;
-	int ret = 0;
+	int ret = 1;
 
 	if (!master_help->helper) {
 		ret = -ESHUTDOWN;
@@ -412,41 +412,23 @@ out:
 	return ret;
 }
 
-int nf_ct_expect_related(struct nf_conntrack_expect *expect)
+int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
+				u32 pid, int report)
 {
 	int ret;
 
 	spin_lock_bh(&nf_conntrack_lock);
 	ret = __nf_ct_expect_check(expect);
-	if (ret < 0)
+	if (ret <= 0)
 		goto out;
 
+	ret = 0;
 	nf_ct_expect_insert(expect);
-	atomic_inc(&expect->use);
-	spin_unlock_bh(&nf_conntrack_lock);
-	nf_ct_expect_event(IPEXP_NEW, expect);
-	nf_ct_expect_put(expect);
-	return ret;
-out:
 	spin_unlock_bh(&nf_conntrack_lock);
+	nf_ct_expect_event_report(IPEXP_NEW, expect, pid, report);
 	return ret;
-}
-EXPORT_SYMBOL_GPL(nf_ct_expect_related);
-
-int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, 
-				u32 pid, int report)
-{
-	int ret;
-
-	spin_lock_bh(&nf_conntrack_lock);
-	ret = __nf_ct_expect_check(expect);
-	if (ret < 0)
-		goto out;
-	nf_ct_expect_insert(expect);
 out:
 	spin_unlock_bh(&nf_conntrack_lock);
-	if (ret == 0)
-		nf_ct_expect_event_report(IPEXP_NEW, expect, pid, report);
 	return ret;
 }
 EXPORT_SYMBOL_GPL(nf_ct_expect_related_report);

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: netfilter 00/03: netfilter fixes
  2009-04-08 16:52 netfilter 00/03: netfilter fixes Patrick McHardy
                   ` (2 preceding siblings ...)
  2009-04-08 16:52 ` netfilter 03/03: ctnetlink: fix regression in expectation handling Patrick McHardy
@ 2009-04-08 20:43 ` David Miller
  3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2009-04-08 20:43 UTC (permalink / raw)
  To: kaber; +Cc: netdev, netfilter-devel

From: Patrick McHardy <kaber@trash.net>
Date: Wed,  8 Apr 2009 18:52:16 +0200 (MEST)

> Please apply or pull from:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git

Pulled, thanks Patrick.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2009-04-08 20:43 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-08 16:52 netfilter 00/03: netfilter fixes Patrick McHardy
2009-04-08 16:52 ` netfilter 01/03: ip6tables regression fix Patrick McHardy
2009-04-08 16:52 ` netfilter 02/03: fix selection of "LED" target in netfilter Patrick McHardy
2009-04-08 16:52 ` netfilter 03/03: ctnetlink: fix regression in expectation handling Patrick McHardy
2009-04-08 20:43 ` netfilter 00/03: netfilter fixes David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.