Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Remove the skb_ext_del from nf_reset, and renames it to a more fitting nf_reset_ct(). Patch from Florian Westphal. 2) Fix deadlock in nft_connlimit between packet path updates and the garbage collector. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -199,7 +199,7 @@ resubmit:
|
||||
kfree_skb(skb);
|
||||
return;
|
||||
}
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
}
|
||||
ret = INDIRECT_CALL_2(ipprot->handler, tcp_v4_rcv, udp_rcv,
|
||||
skb);
|
||||
|
||||
@@ -1794,7 +1794,7 @@ static void ip_encap(struct net *net, struct sk_buff *skb,
|
||||
ip_send_check(iph);
|
||||
|
||||
memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
}
|
||||
|
||||
static inline int ipmr_forward_finish(struct net *net, struct sock *sk,
|
||||
@@ -2140,7 +2140,7 @@ int ip_mr_input(struct sk_buff *skb)
|
||||
|
||||
mroute_sk = rcu_dereference(mrt->mroute_sk);
|
||||
if (mroute_sk) {
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
raw_rcv(mroute_sk, skb);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
|
||||
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
/* Avoid counting cloned packets towards the original connection. */
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
|
||||
#endif
|
||||
/*
|
||||
|
||||
@@ -332,7 +332,7 @@ int raw_rcv(struct sock *sk, struct sk_buff *skb)
|
||||
kfree_skb(skb);
|
||||
return NET_RX_DROP;
|
||||
}
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
|
||||
skb_push(skb, skb->data - skb_network_header(skb));
|
||||
|
||||
|
||||
@@ -1916,7 +1916,7 @@ process:
|
||||
if (tcp_v4_inbound_md5_hash(sk, skb))
|
||||
goto discard_and_relse;
|
||||
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
|
||||
if (tcp_filter(sk, skb))
|
||||
goto discard_and_relse;
|
||||
|
||||
@@ -1969,7 +1969,7 @@ static int udp_queue_rcv_one_skb(struct sock *sk, struct sk_buff *skb)
|
||||
*/
|
||||
if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
|
||||
goto drop;
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
|
||||
if (static_branch_unlikely(&udp_encap_needed_key) && up->encap_type) {
|
||||
int (*encap_rcv)(struct sock *sk, struct sk_buff *skb);
|
||||
@@ -2298,7 +2298,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
|
||||
|
||||
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
|
||||
goto drop;
|
||||
nf_reset(skb);
|
||||
nf_reset_ct(skb);
|
||||
|
||||
/* No socket. Drop packet silently, if checksum is wrong */
|
||||
if (udp_lib_checksum_complete(skb))
|
||||
|
||||
Reference in New Issue
Block a user