leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of git://1984.lsi.us.es/nf

Browse Source 
Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter fixes for your net tree,
they are:

* Don't generate audit log message if audit is not enabled, from Gao Feng.

* Fix logging formatting for packets dropped by helpers, by Joe Perches.

* Fix a compilation warning in nfnetlink if CONFIG_PROVE_RCU is not set,
  from Paul Bolle.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2013-03-07 15:20:02 -05:00
commit 43b18db8a2
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
net/netfilter/nf_conntrack_helper.c
View File

@ -339,6 +339,13 @@ void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
{ {
const struct nf_conn_help *help; const struct nf_conn_help *help;
const struct nf_conntrack_helper *helper; const struct nf_conntrack_helper *helper;
struct va_format vaf;
va_list args;
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
/* Called from the helper function, this call never fails */ /* Called from the helper function, this call never fails */
help = nfct_help(ct); help = nfct_help(ct);
@ -347,7 +354,9 @@ void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
helper = rcu_dereference(help->helper); helper = rcu_dereference(help->helper);
nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL,
"nf_ct_%s: dropping packet: %s ", helper->name, fmt); "nf_ct_%s: dropping packet: %pV ", helper->name, &vaf);
va_end(args);
} }
EXPORT_SYMBOL_GPL(nf_ct_helper_log); EXPORT_SYMBOL_GPL(nf_ct_helper_log);

7
net/netfilter/nfnetlink.c
View File

@ -62,11 +62,6 @@ void nfnl_unlock(__u8 subsys_id)
} }
EXPORT_SYMBOL_GPL(nfnl_unlock); EXPORT_SYMBOL_GPL(nfnl_unlock);
static struct mutex *nfnl_get_lock(__u8 subsys_id)
{
return &table[subsys_id].mutex;
}
int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n) int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n)
{ {
nfnl_lock(n->subsys_id); nfnl_lock(n->subsys_id);
@ -199,7 +194,7 @@ replay:
rcu_read_unlock(); rcu_read_unlock();
nfnl_lock(subsys_id); nfnl_lock(subsys_id);
if (rcu_dereference_protected(table[subsys_id].subsys, if (rcu_dereference_protected(table[subsys_id].subsys,
lockdep_is_held(nfnl_get_lock(subsys_id))) != ss || lockdep_is_held(&table[subsys_id].mutex)) != ss ||
nfnetlink_find_client(type, ss) != nc) nfnetlink_find_client(type, ss) != nc)
err = -EAGAIN; err = -EAGAIN;
else if (nc->call) else if (nc->call)

3
net/netfilter/xt_AUDIT.c
View File

@ -124,6 +124,9 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
const struct xt_audit_info *info = par->targinfo; const struct xt_audit_info *info = par->targinfo;
struct audit_buffer *ab; struct audit_buffer *ab;
if (audit_enabled == 0)
goto errout;
ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT); ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
if (ab == NULL) if (ab == NULL)
goto errout; goto errout;