1. 26 Apr, 2017 5 commits
  2. 19 Apr, 2017 11 commits
  3. 15 Apr, 2017 6 commits
  4. 13 Apr, 2017 3 commits
  5. 08 Apr, 2017 2 commits
  6. 07 Apr, 2017 5 commits
  7. 06 Apr, 2017 8 commits
    • Gao Feng's avatar
      netfilter: ctnetlink: Expectations must have a conntrack helper area · 2c62e0bc
      Gao Feng authored
      The expect check function __nf_ct_expect_check() asks the master_help is
      necessary. So it is unnecessary to go ahead in ctnetlink_alloc_expect
      when there is no help.
      
      Actually the commit bc01befd ("netfilter: ctnetlink: add support for
      user-space expectation helpers") permits ctnetlink create one expect
      even though there is no master help. But the latter commit 3d058d7b
      ("netfilter: rework user-space expectation helper support") disables it
      again.
      Signed-off-by: default avatarGao Feng <fgao@ikuai8.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      2c62e0bc
    • Florian Westphal's avatar
      netfilter: nat: avoid use of nf_conn_nat extension · 6e699867
      Florian Westphal authored
      successful insert into the bysource hash sets IPS_SRC_NAT_DONE status bit
      so we can check that instead of presence of nat extension which requires
      extra deref.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6e699867
    • Gao Feng's avatar
      netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean · cba81cc4
      Gao Feng authored
      nf_nat_mangle_{udp,tcp}_packet() returns int. However, it is used as
      bool type in many spots. Fix this by consistently handle this return
      value as a boolean.
      Signed-off-by: default avatarGao Feng <fgao@ikuai8.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      cba81cc4
    • Gao Feng's avatar
      netfilter: nf_ct_expect: Add nf_ct_remove_expect() · ec0e3f01
      Gao Feng authored
      When remove one expect, it needs three statements. And there are
      multiple duplicated codes in current code. So add one common function
      nf_ct_remove_expect to consolidate this.
      Signed-off-by: default avatarGao Feng <fgao@ikuai8.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      ec0e3f01
    • Gao Feng's avatar
      netfilter: expect: Make sure the max_expected limit is effective · 92f73221
      Gao Feng authored
      Because the type of expecting, the member of nf_conn_help, is u8, it
      would overflow after reach U8_MAX(255). So it doesn't work when we
      configure the max_expected exceeds 255 with expect policy.
      
      Now add the check for max_expected. Return the -EINVAL when it exceeds
      the limit.
      Signed-off-by: default avatarGao Feng <fgao@ikuai8.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      92f73221
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: add nft_is_base_chain() helper · f323d954
      Pablo Neira Ayuso authored
      This new helper function allows us to check if this is a basechain.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      f323d954
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6f14f443
      David S. Miller authored
      Mostly simple cases of overlapping changes (adding code nearby,
      a function whose name changes, for example).
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6f14f443
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · ea6b1720
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Reject invalid updates to netfilter expectation policies, from Pablo
          Neira Ayuso.
      
       2) Fix memory leak in nfnl_cthelper, from Jeffy Chen.
      
       3) Don't do stupid things if we get a neigh_probe() on a neigh entry
          whose ops lack a solicit method. From Eric Dumazet.
      
       4) Don't transmit packets in r8152 driver when the carrier is off, from
          Hayes Wang.
      
       5) Fix ipv6 packet type detection in aquantia driver, from Pavel
          Belous.
      
       6) Don't write uninitialized data into hw registers in bna driver, from
          Arnd Bergmann.
      
       7) Fix locking in ping_unhash(), from Eric Dumazet.
      
       8) Make BPF verifier range checks able to understand certain sequences
          emitted by LLVM, from Alexei Starovoitov.
      
       9) Fix use after free in ipconfig, from Mark Rutland.
      
      10) Fix refcount leak on force commit in openvswitch, from Jarno
          Rajahalme.
      
      11) Fix various overflow checks in AF_PACKET, from Andrey Konovalov.
      
      12) Fix endianness bug in be2net driver, from Suresh Reddy.
      
      13) Don't forget to wake TX queues when processing a timeout, from
          Grygorii Strashko.
      
      14) ARP header on-stack storage is wrong in flow dissector, from Simon
          Horman.
      
      15) Lost retransmit and reordering SNMP stats in TCP can be
          underreported. From Yuchung Cheng.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (82 commits)
        nfp: fix potential use after free on xdp prog
        tcp: fix reordering SNMP under-counting
        tcp: fix lost retransmit SNMP under-counting
        sctp: get sock from transport in sctp_transport_update_pmtu
        net: ethernet: ti: cpsw: fix race condition during open()
        l2tp: fix PPP pseudo-wire auto-loading
        bnx2x: fix spelling mistake in macros HW_INTERRUT_ASSERT_SET_*
        l2tp: take reference on sessions being dumped
        tcp: minimize false-positives on TCP/GRO check
        sctp: check for dst and pathmtu update in sctp_packet_config
        flow dissector: correct size of storage for ARP
        net: ethernet: ti: cpsw: wake tx queues on ndo_tx_timeout
        l2tp: take a reference on sessions used in genetlink handlers
        l2tp: hold session while sending creation notifications
        l2tp: fix duplicate session creation
        l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
        l2tp: fix race in l2tp_recv_common()
        sctp: use right in and out stream cnt
        bpf: add various verifier test cases for self-tests
        bpf, verifier: fix rejection of unaligned access checks for map_value_adj
        ...
      ea6b1720