* [PATCH 0/3] Netfilter/IPVS fixes for net
@ 2014-08-01 16:40 Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 1/3] ipvs: Maintain all DSCP and ECN bits for ipv6 tun forwarding Pablo Neira Ayuso
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2014-08-01 16:40 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
Hi David,
The following patchset contains Netfilter/IPVS fixes for your net tree,
they are:
1) Maintain all DSCP and ECN bits for IPv6 tun forwarding. This
resolves an inconsistency between IPv4 and IPv6 behaviour.
Patch from Alex Gartrell via Simon Horman.
2) Fix unnoticeable blink in xt_LED when the led-always-blink option is
used, from Jiri Prchal.
3) Add missing return in nft_del_setelem(), otherwise this results in a
double call of nft_data_uninit() in the nf_tables code, from Thomas Graf.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 2627b7e15c5064ddd5e578e4efd948d48d531a3f:
ipvs: avoid netns exit crash on ip_vs_conn_drop_conntrack (2014-07-16 09:39:28 +0900)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
for you to fetch changes up to 0dc1362562a2e8b82a6be8d3ae307a234f28f9bc:
netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key (2014-08-01 18:14:49 +0200)
----------------------------------------------------------------
Alex Gartrell (1):
ipvs: Maintain all DSCP and ECN bits for ipv6 tun forwarding
Jiri Prchal (1):
netfilter: xt_LED: fix too short led-always-blink
Thomas Graf (1):
netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key
net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
net/netfilter/nf_tables_api.c | 1 +
net/netfilter/xt_LED.c | 10 +++++++---
3 files changed, 9 insertions(+), 4 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/3] ipvs: Maintain all DSCP and ECN bits for ipv6 tun forwarding
2014-08-01 16:40 [PATCH 0/3] Netfilter/IPVS fixes for net Pablo Neira Ayuso
@ 2014-08-01 16:40 ` Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 2/3] netfilter: xt_LED: fix too short led-always-blink Pablo Neira Ayuso
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2014-08-01 16:40 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Alex Gartrell <agartrell@fb.com>
Previously, only the four high bits of the tclass were maintained in the
ipv6 case. This matches the behavior of ipv4, though whether or not we
should reflect ECN bits may be up for debate.
Signed-off-by: Alex Gartrell <agartrell@fb.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 73ba1cc..6f70bdd 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -967,8 +967,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
iph->nexthdr = IPPROTO_IPV6;
iph->payload_len = old_iph->payload_len;
be16_add_cpu(&iph->payload_len, sizeof(*old_iph));
- iph->priority = old_iph->priority;
memset(&iph->flow_lbl, 0, sizeof(iph->flow_lbl));
+ ipv6_change_dsfield(iph, 0, ipv6_get_dsfield(old_iph));
iph->daddr = cp->daddr.in6;
iph->saddr = saddr;
iph->hop_limit = old_iph->hop_limit;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] netfilter: xt_LED: fix too short led-always-blink
2014-08-01 16:40 [PATCH 0/3] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 1/3] ipvs: Maintain all DSCP and ECN bits for ipv6 tun forwarding Pablo Neira Ayuso
@ 2014-08-01 16:40 ` Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 3/3] netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key Pablo Neira Ayuso
2014-08-02 23:49 ` [PATCH 0/3] Netfilter/IPVS fixes for net David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2014-08-01 16:40 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Jiri Prchal <jiri.prchal@aksignal.cz>
If led-always-blink is set, then between switch led OFF and ON
is almost zero time. So blink is invisible. This use oneshot led trigger
with fixed time 50ms witch is enough to see blink.
Signed-off-by: Jiri Prchal <jiri.prchal@aksignal.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_LED.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/xt_LED.c b/net/netfilter/xt_LED.c
index 993de2b..92c71cd 100644
--- a/net/netfilter/xt_LED.c
+++ b/net/netfilter/xt_LED.c
@@ -50,11 +50,14 @@ struct xt_led_info_internal {
struct timer_list timer;
};
+#define XT_LED_BLINK_DELAY 50 /* ms */
+
static unsigned int
led_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_led_info *ledinfo = par->targinfo;
struct xt_led_info_internal *ledinternal = ledinfo->internal_data;
+ unsigned long led_delay = XT_LED_BLINK_DELAY;
/*
* If "always blink" is enabled, and there's still some time until the
@@ -62,9 +65,10 @@ led_tg(struct sk_buff *skb, const struct xt_action_param *par)
*/
if ((ledinfo->delay > 0) && ledinfo->always_blink &&
timer_pending(&ledinternal->timer))
- led_trigger_event(&ledinternal->netfilter_led_trigger, LED_OFF);
-
- led_trigger_event(&ledinternal->netfilter_led_trigger, LED_FULL);
+ led_trigger_blink_oneshot(&ledinternal->netfilter_led_trigger,
+ &led_delay, &led_delay, 1);
+ else
+ led_trigger_event(&ledinternal->netfilter_led_trigger, LED_FULL);
/* If there's a positive delay, start/update the timer */
if (ledinfo->delay > 0) {
--
1.7.10.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key
2014-08-01 16:40 [PATCH 0/3] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 1/3] ipvs: Maintain all DSCP and ECN bits for ipv6 tun forwarding Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 2/3] netfilter: xt_LED: fix too short led-always-blink Pablo Neira Ayuso
@ 2014-08-01 16:40 ` Pablo Neira Ayuso
2014-08-02 23:49 ` [PATCH 0/3] Netfilter/IPVS fixes for net David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2014-08-01 16:40 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Thomas Graf <tgraf@suug.ch>
nft_del_setelem() currently calls nft_data_uninit() twice on the same
key. Once to release the key which is guaranteed to be NFT_DATA_VALUE
and a second time in the error path to which it falls through.
The second call has been harmless so far though because the type
passed is always NFT_DATA_VALUE which is currently a no-op.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 8746ff9..b35ba83 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3218,6 +3218,7 @@ static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set,
if (set->flags & NFT_SET_MAP)
nft_data_uninit(&elem.data, set->dtype);
+ return 0;
err2:
nft_data_uninit(&elem.key, desc.type);
err1:
--
1.7.10.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 0/3] Netfilter/IPVS fixes for net
2014-08-01 16:40 [PATCH 0/3] Netfilter/IPVS fixes for net Pablo Neira Ayuso
` (2 preceding siblings ...)
2014-08-01 16:40 ` [PATCH 3/3] netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key Pablo Neira Ayuso
@ 2014-08-02 23:49 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2014-08-02 23:49 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, netdev
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 1 Aug 2014 18:40:36 +0200
> The following patchset contains Netfilter/IPVS fixes for your net tree,
> they are:
>
> 1) Maintain all DSCP and ECN bits for IPv6 tun forwarding. This
> resolves an inconsistency between IPv4 and IPv6 behaviour.
> Patch from Alex Gartrell via Simon Horman.
>
> 2) Fix unnoticeable blink in xt_LED when the led-always-blink option is
> used, from Jiri Prchal.
>
> 3) Add missing return in nft_del_setelem(), otherwise this results in a
> double call of nft_data_uninit() in the nf_tables code, from Thomas Graf.
>
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thanks Pablo.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-08-02 23:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-01 16:40 [PATCH 0/3] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 1/3] ipvs: Maintain all DSCP and ECN bits for ipv6 tun forwarding Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 2/3] netfilter: xt_LED: fix too short led-always-blink Pablo Neira Ayuso
2014-08-01 16:40 ` [PATCH 3/3] netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key Pablo Neira Ayuso
2014-08-02 23:49 ` [PATCH 0/3] Netfilter/IPVS fixes for net David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).