Commit 0bc0be7f authored by David S. Miller's avatar David S. Miller
parents 34a6ef38 3db7e93d
...@@ -77,9 +77,6 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) ...@@ -77,9 +77,6 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct)
if (e == NULL) if (e == NULL)
return; return;
if (!(e->ctmask & (1 << event)))
return;
set_bit(event, &e->cache); set_bit(event, &e->cache);
} }
......
...@@ -60,12 +60,12 @@ static int checkentry(const struct xt_tgchk_param *par) ...@@ -60,12 +60,12 @@ static int checkentry(const struct xt_tgchk_param *par)
if (mangle->flags & ~ARPT_MANGLE_MASK || if (mangle->flags & ~ARPT_MANGLE_MASK ||
!(mangle->flags & ARPT_MANGLE_MASK)) !(mangle->flags & ARPT_MANGLE_MASK))
return false; return -EINVAL;
if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
mangle->target != XT_CONTINUE) mangle->target != XT_CONTINUE)
return false; return -EINVAL;
return true; return 0;
} }
static struct xt_target arpt_mangle_reg __read_mostly = { static struct xt_target arpt_mangle_reg __read_mostly = {
......
...@@ -63,6 +63,9 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct) ...@@ -63,6 +63,9 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct)
* this does not harm and it happens very rarely. */ * this does not harm and it happens very rarely. */
unsigned long missed = e->missed; unsigned long missed = e->missed;
if (!((events | missed) & e->ctmask))
goto out_unlock;
ret = notify->fcn(events | missed, &item); ret = notify->fcn(events | missed, &item);
if (unlikely(ret < 0 || missed)) { if (unlikely(ret < 0 || missed)) {
spin_lock_bh(&ct->lock); spin_lock_bh(&ct->lock);
......
...@@ -667,6 +667,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -667,6 +667,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
cb->nlh->nlmsg_seq, cb->nlh->nlmsg_seq,
IPCTNL_MSG_CT_NEW, ct) < 0) { IPCTNL_MSG_CT_NEW, ct) < 0) {
nf_conntrack_get(&ct->ct_general);
cb->args[1] = (unsigned long)ct; cb->args[1] = (unsigned long)ct;
goto out; goto out;
} }
......
...@@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par) ...@@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par)
} }
static inline int static inline int
iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b) iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b)
{ {
unsigned int i; unsigned int i;
int r;
for (i = 0; i < 4; ++i) { for (i = 0; i < 4; ++i) {
r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]); if (a->s6_addr32[i] != b->s6_addr32[i])
if (r != 0) return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]);
return r;
} }
return 0; return 0;
...@@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par) ...@@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par)
bool m; bool m;
if (info->flags & IPRANGE_SRC) { if (info->flags & IPRANGE_SRC) {
m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; m = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6);
m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr);
m ^= !!(info->flags & IPRANGE_SRC_INV); m ^= !!(info->flags & IPRANGE_SRC_INV);
if (m) if (m)
return false; return false;
} }
if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST) {
m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; m = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6);
m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr);
m ^= !!(info->flags & IPRANGE_DST_INV); m ^= !!(info->flags & IPRANGE_DST_INV);
if (m) if (m)
return false; return false;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment