Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.7 2012-10-17T08:59:20Z 2012-10-17T08:59:20Z Pablo Neira Ayuso pablo@netfilter.org 2012-10-17T08:59:20Z urn:sha1:0b4f5b1d6385826093dc3cd9035b186f0d77a5dc To obtain new flag FLOWI_FLAG_KNOWN_NH to fix netfilter's xt_TEE target. 2012-10-09T04:04:34Z Arnd Bergmann arnd@arndb.de 2012-10-09T04:04:34Z urn:sha1:b61a602ee6730150f4d0df730d9312ac4d820ceb As reported by a gcc warning, the do_ip_vs_get_ctl does not initalize all the members of the ip_vs_timeout_user structure it returns if at least one of the TCP or UDP protocols is disabled for ipvs. This makes sure that the data is always initialized, before it is returned as a response to IPVS_CMD_GET_CONFIG or printed as a debug message in IPVS_CMD_SET_CONFIG. Without this patch, building ARM ixp4xx_defconfig results in: net/netfilter/ipvs/ip_vs_ctl.c: In function 'ip_vs_genl_set_cmd': net/netfilter/ipvs/ip_vs_ctl.c:2238:47: warning: 't.udp_timeout' may be used uninitialized in this function [-Wuninitialized] net/netfilter/ipvs/ip_vs_ctl.c:3322:28: note: 't.udp_timeout' was declared here net/netfilter/ipvs/ip_vs_ctl.c:2238:47: warning: 't.tcp_fin_timeout' may be used uninitialized in this function [-Wuninitialized] net/netfilter/ipvs/ip_vs_ctl.c:3322:28: note: 't.tcp_fin_timeout' was declared here net/netfilter/ipvs/ip_vs_ctl.c:2238:47: warning: 't.tcp_timeout' may be used uninitialized in this function [-Wuninitialized] net/netfilter/ipvs/ip_vs_ctl.c:3322:28: note: 't.tcp_timeout' was declared here Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> 2012-10-08T21:42:36Z Julian Anastasov ja@ssi.bg 2012-10-08T11:41:20Z urn:sha1:ad4d3ef8b7eb527cca478dc08c02c10936e64115 After the change "Make neigh lookups directly in output packet path" (commit a263b30936) IPVS can not reach the real server for DR mode because we resolve the destination address from IP header, not from route neighbour. Use the new FLOWI_FLAG_KNOWN_NH flag to request output routes with known nexthop, so that it has preference on resolving. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-09-13T18:24:31Z David S. Miller davem@davemloft.net 2012-09-13T18:24:31Z urn:sha1:b0e61d98c672a9216d72d2d7430f6dc60795002e Pablo Neira Ayuso says: ==================== The following patchset contains four Netfilter updates, mostly targeting to fix issues added with IPv6 NAT, and one little IPVS update for net-next: * Remove unneeded conditional free of skb in nfnetlink_queue, from Wei Yongjun. * One semantic path from coccinelle detected the use of list_del + INIT_LIST_HEAD, instead of list_del_init, again from Wei Yongjun. * Fix out-of-bound memory access in the NAT address selection, from Florian Westphal. This was introduced with the IPv6 NAT patches. * Two fixes for crashes that were introduced in the recently merged IPv6 NAT support, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2012-09-10T19:30:41Z Eric W. Biederman ebiederm@xmission.com 2012-09-07T20:12:54Z urn:sha1:15e473046cb6e5d18a4d0057e61d76315230382b It is a frequent mistake to confuse the netlink port identifier with a process identifier. Try to reduce this confusion by renaming fields that hold port identifiers portid instead of pid. I have carefully avoided changing the structures exported to userspace to avoid changing the userspace API. I have successfully built an allyesconfig kernel with this change. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-09-10T07:48:55Z Wei Yongjun yongjun_wei@trendmicro.com.cn 2012-09-05T18:21:53Z urn:sha1:0edd94887d19ad73539477395c17ea0d6898947a Using list_del_init() instead of list_del() + INIT_LIST_HEAD(). spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-09-03T13:34:51Z Pablo Neira Ayuso pablo@netfilter.org 2012-09-03T13:28:30Z urn:sha1:ace1fe1231bdfffd60b5e703aa5b7283fbf98dbd This merges (3f509c6 netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation) to Patrick McHardy's IPv6 NAT changes. 2012-08-31T19:14:18Z David S. Miller davem@davemloft.net 2012-08-31T19:14:10Z urn:sha1:c32f38619af6302da58835fb292b159bdd96d11f Merge the 'net' tree to get the recent set of netfilter bug fixes in order to assist with some merge hassles Pablo is going to have to deal with for upcoming changes. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-08-30T01:27:19Z Julia Lawall Julia.Lawall@lip6.fr 2012-08-29T06:49:11Z urn:sha1:0a54e939d8c2647c711ef2369c3e73c3b7f3028c Initialize return variable before exiting on an error path. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> ( if@p1 (\(ret < 0\|ret != 0\)) { ... return ret; } | ret@p1 = 0 ) ... when != ret = e1 when != &ret *if(...) { ... when != ret = e2 when forall return ret; } // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-08-30T01:00:13Z Patrick McHardy kaber@trash.net 2012-08-26T17:14:04Z urn:sha1:051966c0c644a1c96092d4206e00704ade813c9a For mangling IPv6 packets the protocol header offset needs to be known by the NAT packet mangling functions. Add a so far unused protoff argument and convert the conntrack and NAT helpers to use it in preparation of IPv6 NAT. Signed-off-by: Patrick McHardy <kaber@trash.net>