Commit 8e813586 authored by David S. Miller's avatar David S. Miller

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains Netfilter/IPVS fixes for net:

1) Fix NAT hook deletion when table is dormant, from Florian Westphal.

2) Fix IPVS sync stalls, from guodeqing.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 32818c07 8210e344
...@@ -1717,6 +1717,8 @@ static int sync_thread_backup(void *data) ...@@ -1717,6 +1717,8 @@ static int sync_thread_backup(void *data)
{ {
struct ip_vs_sync_thread_data *tinfo = data; struct ip_vs_sync_thread_data *tinfo = data;
struct netns_ipvs *ipvs = tinfo->ipvs; struct netns_ipvs *ipvs = tinfo->ipvs;
struct sock *sk = tinfo->sock->sk;
struct udp_sock *up = udp_sk(sk);
int len; int len;
pr_info("sync thread started: state = BACKUP, mcast_ifn = %s, " pr_info("sync thread started: state = BACKUP, mcast_ifn = %s, "
...@@ -1724,12 +1726,14 @@ static int sync_thread_backup(void *data) ...@@ -1724,12 +1726,14 @@ static int sync_thread_backup(void *data)
ipvs->bcfg.mcast_ifn, ipvs->bcfg.syncid, tinfo->id); ipvs->bcfg.mcast_ifn, ipvs->bcfg.syncid, tinfo->id);
while (!kthread_should_stop()) { while (!kthread_should_stop()) {
wait_event_interruptible(*sk_sleep(tinfo->sock->sk), wait_event_interruptible(*sk_sleep(sk),
!skb_queue_empty(&tinfo->sock->sk->sk_receive_queue) !skb_queue_empty_lockless(&sk->sk_receive_queue) ||
|| kthread_should_stop()); !skb_queue_empty_lockless(&up->reader_queue) ||
kthread_should_stop());
/* do we have data now? */ /* do we have data now? */
while (!skb_queue_empty(&(tinfo->sock->sk->sk_receive_queue))) { while (!skb_queue_empty_lockless(&sk->sk_receive_queue) ||
!skb_queue_empty_lockless(&up->reader_queue)) {
len = ip_vs_receive(tinfo->sock, tinfo->buf, len = ip_vs_receive(tinfo->sock, tinfo->buf,
ipvs->bcfg.sync_maxlen); ipvs->bcfg.sync_maxlen);
if (len <= 0) { if (len <= 0) {
......
...@@ -188,24 +188,6 @@ static void nft_netdev_unregister_hooks(struct net *net, ...@@ -188,24 +188,6 @@ static void nft_netdev_unregister_hooks(struct net *net,
nf_unregister_net_hook(net, &hook->ops); nf_unregister_net_hook(net, &hook->ops);
} }
static int nft_register_basechain_hooks(struct net *net, int family,
struct nft_base_chain *basechain)
{
if (family == NFPROTO_NETDEV)
return nft_netdev_register_hooks(net, &basechain->hook_list);
return nf_register_net_hook(net, &basechain->ops);
}
static void nft_unregister_basechain_hooks(struct net *net, int family,
struct nft_base_chain *basechain)
{
if (family == NFPROTO_NETDEV)
nft_netdev_unregister_hooks(net, &basechain->hook_list);
else
nf_unregister_net_hook(net, &basechain->ops);
}
static int nf_tables_register_hook(struct net *net, static int nf_tables_register_hook(struct net *net,
const struct nft_table *table, const struct nft_table *table,
struct nft_chain *chain) struct nft_chain *chain)
...@@ -223,7 +205,10 @@ static int nf_tables_register_hook(struct net *net, ...@@ -223,7 +205,10 @@ static int nf_tables_register_hook(struct net *net,
if (basechain->type->ops_register) if (basechain->type->ops_register)
return basechain->type->ops_register(net, ops); return basechain->type->ops_register(net, ops);
return nft_register_basechain_hooks(net, table->family, basechain); if (table->family == NFPROTO_NETDEV)
return nft_netdev_register_hooks(net, &basechain->hook_list);
return nf_register_net_hook(net, &basechain->ops);
} }
static void nf_tables_unregister_hook(struct net *net, static void nf_tables_unregister_hook(struct net *net,
...@@ -242,7 +227,10 @@ static void nf_tables_unregister_hook(struct net *net, ...@@ -242,7 +227,10 @@ static void nf_tables_unregister_hook(struct net *net,
if (basechain->type->ops_unregister) if (basechain->type->ops_unregister)
return basechain->type->ops_unregister(net, ops); return basechain->type->ops_unregister(net, ops);
nft_unregister_basechain_hooks(net, table->family, basechain); if (table->family == NFPROTO_NETDEV)
nft_netdev_unregister_hooks(net, &basechain->hook_list);
else
nf_unregister_net_hook(net, &basechain->ops);
} }
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
...@@ -832,8 +820,7 @@ static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt) ...@@ -832,8 +820,7 @@ static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt)
if (cnt && i++ == cnt) if (cnt && i++ == cnt)
break; break;
nft_unregister_basechain_hooks(net, table->family, nf_tables_unregister_hook(net, table, chain);
nft_base_chain(chain));
} }
} }
...@@ -848,8 +835,7 @@ static int nf_tables_table_enable(struct net *net, struct nft_table *table) ...@@ -848,8 +835,7 @@ static int nf_tables_table_enable(struct net *net, struct nft_table *table)
if (!nft_is_base_chain(chain)) if (!nft_is_base_chain(chain))
continue; continue;
err = nft_register_basechain_hooks(net, table->family, err = nf_tables_register_hook(net, table, chain);
nft_base_chain(chain));
if (err < 0) if (err < 0)
goto err_register_hooks; goto err_register_hooks;
...@@ -894,11 +880,12 @@ static int nf_tables_updtable(struct nft_ctx *ctx) ...@@ -894,11 +880,12 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
nft_trans_table_enable(trans) = false; nft_trans_table_enable(trans) = false;
} else if (!(flags & NFT_TABLE_F_DORMANT) && } else if (!(flags & NFT_TABLE_F_DORMANT) &&
ctx->table->flags & NFT_TABLE_F_DORMANT) { ctx->table->flags & NFT_TABLE_F_DORMANT) {
ret = nf_tables_table_enable(ctx->net, ctx->table);
if (ret >= 0) {
ctx->table->flags &= ~NFT_TABLE_F_DORMANT; ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
ret = nf_tables_table_enable(ctx->net, ctx->table);
if (ret >= 0)
nft_trans_table_enable(trans) = true; nft_trans_table_enable(trans) = true;
} else
ctx->table->flags |= NFT_TABLE_F_DORMANT;
} }
if (ret < 0) if (ret < 0)
goto err; goto err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment