linux/net/netfilter/nfnetlink_queue.c, branch v4.5

netfilter: nfnetlink_queue: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag

2016-01-08T12:25:06Z

This patch enables to load nf_conntrack_netlink module if NFQA_CFG_F_CONNTRACK config flag is specified. Signed-off-by: Ken-ichirou MATSUZAWA Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: just returns error for unknown command

2016-01-08T12:25:05Z

This patch stops processing options for unknown command. Signed-off-by: Ken-ichirou MATSUZAWA Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: don't handle options after unbind

2016-01-08T12:25:04Z

This patch stops processing after destroying a queue instance. Signed-off-by: Ken-ichirou MATSUZAWA Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: validate dependencies to avoid breaking atomicity

2016-01-08T12:25:03Z

Check that dependencies are fulfilled before updating the queue instance, otherwise we can leave things in intermediate state on errors in nfqnl_recv_config(). Signed-off-by: Ken-ichirou MATSUZAWA Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink: pass down netns pointer to call() and call_rcu()

2015-12-28T17:41:41Z

Adapt callsites to avoid recurrent lookup of the netns pointer. Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: Unregister pernet subsys in case of init failure

2015-12-09T13:46:47Z

Commit 3bfe049807c2403 ("netfilter: nfnetlink_{log,queue}: Register pernet in first place") reorganised the initialisation order of the pernet_subsys to avoid "use-before-initialised" condition. However, in doing so the cleanup logic in nfnetlink_queue got botched in that the pernet_subsys wasn't cleaned in case nfnetlink_subsys_register failed. This patch adds the necessary cleanup routine call. Fixes: 3bfe049807c2403 ("netfilter: nfnetlink_{log,queue}: Register pernet in first place") Signed-off-by: Nikolay Borisov Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: avoid harmless unnitialized variable warnings

2015-11-23T10:22:26Z

Several ARM default configurations give us warnings on recent compilers about potentially uninitialized variables in the nfnetlink code in two functions: net/netfilter/nfnetlink_queue.c: In function 'nfqnl_build_packet_message': net/netfilter/nfnetlink_queue.c:519:19: warning: 'nfnl_ct' may be used uninitialized in this function [-Wmaybe-uninitialized] if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) Moving the rcu_dereference(nfnl_ct_hook) call outside of the conditional code avoids the warning without forcing us to preinitialize the variable. Signed-off-by: Arnd Bergmann Fixes: a4b4766c3ceb ("netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info") Signed-off-by: Pablo Neira Ayuso

netfilter: make nf_queue_entry_get_refs return void

2015-10-16T16:22:23Z

We don't care if module is being unloaded anymore since hook unregister handling will destroy queue entries using that hook. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info

2015-10-05T15:32:11Z

The idea of this series of patch is to attach conntrack information to nflog like nfqueue has already done. nfqueue conntrack info attaching basis is generic, rename those names to generic one, glue. Signed-off-by: Ken-ichirou MATSUZAWA Signed-off-by: Pablo Neira Ayuso

netfilter: nfnetlink_queue: use y2038 safe timestamp

2015-10-05T15:27:25Z

The __build_packet_message function fills a nfulnl_msg_packet_timestamp structure that uses 64-bit seconds and is therefore y2038 safe, but it uses an intermediate 'struct timespec' which is not. This trivially changes the code to use 'struct timespec64' instead, to correct the result on 32-bit architectures. This is a copy and paste of Arnd's original patch for nfnetlink_log. Suggested-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso