From: Aaron Conole <acon...@bytheb.org>
There are no in-tree callers.
Signed-off-by: Aaron Conole <acon...@bytheb.org>
Acked-by: Jozsef Kadlecsik <kad...@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/ipset/ip_set_core.c | 8
From: Arushi Singhal
This comments are obsolete and should go, as there are no set of rules
per CPU anymore.
Signed-off-by: Arushi Singhal
---
net/ipv6/netfilter/ip6_tables.c | 9 -
1 file changed, 9 deletions(-)
diff
oesn't copy those).
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nft_ct.c | 25 -
2 files changed, 26 inserti
From: Florian Westphal <f...@strlen.de>
This function is now obsolete and always returns false.
This change has no effect on generated code.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/ip_vs.h
From: Florian Westphal <f...@strlen.de>
No need to track this for inkernel helpers anymore as
NF_CT_HELPER_BUILD_BUG_ON checks do this now.
All inkernel helpers know what kind of structure they
stored in helper->data.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-
ff-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_nat_core.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 376c1b36f222..fb0e65411785 100644
--- a/net/netfilter/nf_nat_core.c
+
From: Florian Westphal <f...@strlen.de>
get rid of the (now unused) nf_ct_ext_add_length define and also
rename the function to plain nf_ct_ext_add().
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
inc
From: Florian Westphal <f...@strlen.de>
its definition is not needed in nf_conntrack.h.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack.h| 19 ---
inc
From: Florian Westphal <f...@strlen.de>
Only "cache" needs to use ulong (its used with set_bit()), missed can use
u16. Also add build-time assertion to ensure event bits fit.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfil
From: Florian Westphal <f...@strlen.de>
Userspace should not abuse the kernel to store large amounts of data,
reject requests larger than the private area can accommodate.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
macro should be used
somehow is there...
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack_helper.h | 5 -
net/netfilter/nf_conntrack_amanda.c | 2 ++
net/netfilter/nf_conntrack_ft
...@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack_l4proto.h | 3 ++
net/netfilter/nf_conntrack_core.c| 49
net/netfilter/nf_conntrack_proto_dccp.c | 16 +
net/netfilter/nf_co
overflow.
3 years later we've managed to diet extensions a bit and we no longer
need u16. Furthermore we can now add a compile-time assertion for this
problem.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfi
erged into nf-next, the merge resolution took
the first version, dropping the conversion of nfct_nat().
While this doesn't cause a problem at the moment, it will once we stop
adding the nat extension by default.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <p
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/ipvs/ip_vs_core.c | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/
m>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_proto_tcp.c | 7 +++
net/netfilter/nf_synproxy_core.c | 4 ++--
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c
b/net/netfilter/nf_con
From: Florian Westphal <f...@strlen.de>
looks like decnet isn't namespacified in first place, so restrict hook
registration to the initial namespace.
Prepares for eventual removal of legacy nf_register_hook() api.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo
From: Florian Westphal <f...@strlen.de>
Defer registration of the synproxy hooks until the first SYNPROXY rule is
added. Also means we only register hooks in namespaces that need it.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa..
now need to test ct == NULL vs. ctinfo == IP_CT_UNTRACKED,
but all other places can omit the nf_ct_is_untracked() check.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/ip_vs.h
;
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/linux/netfilter_bridge/ebtables.h | 6 ++-
net/bridge/netfilter/ebtable_broute.c | 4 +-
net/bridge/netfilter/ebtable_filter.c | 15 ++--
net/bridge/netfilter/ebtable_nat.c| 15 ++--
net/bridge/ne
ore; only
offsets[]. Existing code makes sure the new (used) extension space gets
zeroed out.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_extend.c | 51 +++--
1 file c
From: Florian Westphal <f...@strlen.de>
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack_extend.h | 4 ++--
net/netfilter/nf_conntrack_acct.c | 2 +-
net/netfilter/nf_
rea.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack_extend.h | 6
net/netfilter/nf_conntrack_extend.c | 49 +++--
net/netfilter/nf_nat_core.c
("netfilter: don't attach a nat extension by default")
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack_extend.h | 7 +--
net/netfilter/nf_conntrack_extend.c | 8 ++---
From: Florian Westphal <f...@strlen.de>
make sure nat extension gets added if the master conntrack is subject to
NAT. This will be required once the nat core stops adding it by default.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa..
From: Florian Westphal <f...@strlen.de>
net/ipv4/netfilter/nf_nat_snmp_basic.c:1158:1: warning: the frame size
of 1160 bytes is larger than 1024 bytes
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
lorian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_nat.h | 2 +-
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 4 +---
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 4 +---
net/netfilter/nf_nat_core.c |
during netns cleanup so no packets should be queued.
For the rare case of base chain being unregistered or module removal
while nfqueue is in use the extra hiccup due to the packet drops isn't
a big deal.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa..
From: Aaron Conole
The sync_refresh_period variable is unsigned, so it can never be < 0.
Signed-off-by: Aaron Conole
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_sync.c | 2 +-
1 file changed, 1 insertion(+), 1
From: Aaron Conole
There are no in-tree callers of this function and it isn't exported.
Signed-off-by: Aaron Conole
Signed-off-by: Simon Horman
---
include/net/ip_vs.h | 2 --
net/netfilter/ipvs/ip_vs_proto.c | 22
nt yet.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 5 +++--
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c | 5 -
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/
ppears to be no need to call synchronize_rcu.
v2: Liping Zhang points out that nf_log_unregister() needs to be called
after pernet unregister, else rmmod would become unsafe.
Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/
ed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/core.c | 46 --
1 file changed, 40 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
ao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/ipv4/netfilter/ipt_SYNPROXY.c | 21 ++---
net/ipv6/netfilter/ip6t_SYNPROXY.c | 20 ++--
2 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/net/ipv4/
From: Gao Feng
There are two nf_conntrack_l4proto_udp4 declarations in the head file
nf_conntrack_ipv4/6.h. Now remove one which is not enbraced by the macro
CONFIG_NF_CT_PROTO_UDPLITE.
Signed-off-by: Gao Feng
---
avoid it.
2. Correct the return value check of notify->fcn.
When send the event successfully, it returns 0, not postive value.
Signed-off-by: Gao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_ecache.c | 4 ++--
1 file
From: Aaron Conole <acon...@bytheb.org>
The protonet pointer will unconditionally be rewritten, so just do the
needed assignment first.
Signed-off-by: Aaron Conole <acon...@bytheb.org>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_proto
Add and use nfnl_msg_type() function to replace opencoded nfnetlink
message type. I suggested this change, Arushi Singhal made an initial
patch to address this but was missing several spots.
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/linux/netfilter/nfnetlink.h
From: Varsha Rao
Replace kzalloc with kcalloc. As kcalloc is preferred for allocating an
array instead of kzalloc. This patch fixes the checkpatch issue.
Signed-off-by: Varsha Rao
---
net/netfilter/ipvs/ip_vs_sync.c | 4 ++--
1 file changed, 2
ed-off-by: Gao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_nat_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index fb0e65411785..5e35643da65
From: simran singhal <singhalsimr...@gmail.com>
For string without format specifiers, use seq_puts(). For
seq_printf("\n"), use seq_putc('\n').
Signed-off-by: simran singhal <singhalsimr...@gmail.com>
Acked-by: Simon Horman <horms+rene...@verge.net.au>
Signed-o
From: simran singhal <singhalsimr...@gmail.com>
This patch replace list_entry with list_prev_entry as it makes the
code more clear to read.
Signed-off-by: simran singhal <singhalsimr...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_tabl
n singhal <singhalsimr...@gmail.com>
Reviewed-by: Stephen Hemminger <step...@networkplumber.org>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/bridge/netfilter/ebtables.c | 2 +-
net/ipv4/netfilter/arp_tables.c | 21 -
net
This new helper function allows us to check if this is a basechain.
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_tables.h | 5 +
net/netfilter/nf_tables_api.c | 30 +++---
net/netfilter/nf_tables_netdev.c | 2 +
From: Florian Westphal
Check for the NAT status bits, they are set once conntrack needs NAT in source
or
reply direction, this is slightly faster than nfct_nat() as that has to check
the
extension area.
Signed-off-by: Florian Westphal
---
From: Arushi Singhal
This patch uses the following coccinelle script to remove
a variable that was simply used to store the return
value of a function call before returning it:
@@
identifier len,f;
@@
-int len;
... when != len
when strict
-len =
+return
L when it exceeds
the limit.
Signed-off-by: Gao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
include/net/netfilter/nf_conntrack_expect.h | 1 +
net/netfilter/nf_conntrack_helper.c | 3 +++
net/netfilter/nf_conntrack_irc.c| 6 +++
On Fri, Apr 28, 2017 at 12:11:57PM +0200, Simon Horman wrote:
> Hi Pablo,
>
> please consider these enhancements to IPVS for v4.12.
> If it is too late for v4.12 then please consider them for v4.13.
>
> * Remove unused function
> * Correct comparison of unsigned value
Pulled, thanks Simon.
On Fri, Apr 28, 2017 at 12:11:53PM +0200, Simon Horman wrote:
> Hi Pablo,
>
> please consider this fix to IPVS for v4.11.
> Or if it is too late for v4.11 please consider it for v4.12.
> I would also like it considered for stable.
>
> * Explicitly forbid ipv6 service/dest creation if ipv6 mod is
On Wed, Apr 19, 2017 at 09:47:33PM +0200, Linus Lüssing wrote:
> When trying to redirect bridged frames to the bridge device itself or
> a bridge port (brouting) via the dnat target then this currently fails:
>
> The ethernet destination of the frame is dnat'ed to the MAC address of
> the bridge
On Mon, Apr 24, 2017 at 08:49:00AM -0400, Jamal Hadi Salim wrote:
> On 17-04-24 05:14 AM, Simon Horman wrote:
> [..]
>
> >Jamal, I am confused about why are you so concerned about the space
> >consumed by this attribute, it's per-message, right? Is it the bigger
> >picture you are worried about -
On Fri, Apr 14, 2017 at 02:06:25AM +0200, Pablo Neira Ayuso wrote:
> On Fri, Apr 14, 2017 at 08:51:19AM +0900, Simon Horman wrote:
> > On Fri, Apr 14, 2017 at 01:01:34AM +0200, Pablo Neira Ayuso wrote:
> > > Hi Simon,
> > >
> > > On Mon, Apr 10, 2017 at
On Fri, Apr 14, 2017 at 04:15:41PM +0200, Jozsef Kadlecsik wrote:
> Hi Pablo,
>
> On Fri, 14 Apr 2017, Pablo Neira Ayuso wrote:
>
> > On Mon, Apr 10, 2017 at 03:52:37PM -0400, Aaron Conole wrote:
> > > There are no in-tree callers.
> >
> > @Jozsef, let me
ds rcu lock, so their caller should hold the rcu lock, not in
these two functions.
Signed-off-by: Gao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_helper.c | 17 -
net/netfilter/nf_conntrack_netlink.c | 10 +
rsal, use hlist_for_each_entry_rcu; for list add/del,
use hlist_add_head_rcu and hlist_del_rcu.
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_expect.c | 4 ++--
net/netfilter/nf_conntrack_netlink.c | 6 +++---
2 files
off-by: Gao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c
b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 52f26
: Eric Dumazet <eduma...@google.com>
Reported-by: Denys Fedoryshchenko <nuclear...@nuclearcat.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/xt_TCPMSS.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/xt_TCPMSS.c b/n
So we must use rcu_read_lock and rcu_dereference to avoid such _bad_
thing happen.
Fixes: f95d7a46bc57 ("netfilter: ctnetlink: Fix regression in CTA_HELP
processing")
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Missing TCP header sanity check in TCPMSS target, from Eric Dumazet.
2) Incorrect event message type for related conntracks created via
ctnetlink, from Liping Zhang.
3) Fix incorrect rcu locking when
ail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nft_hash.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index eb2721af898d..c4dad1254ead 100644
--- a/net/netfilter/nf
d/0x20
nfnetlink_rcv_msg+0x60a/0x6a9 [nfnetlink]
? nfnetlink_rcv_msg+0x1b9/0x6a9 [nfnetlink]
[...]
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 6 ++
1 file changed, 6 inserti
From: Liping Zhang <zlpnob...@gmail.com>
inet6_dev->addr_list is protected by inet6_dev->lock, so only using
rcu_read_lock is not enough, we should acquire read_lock_bh(>lock)
before the inet6_dev->addr_list traversal.
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Si
.2.2.2 sport=10 dport=20
[UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
On Mon, Apr 10, 2017 at 03:50:44PM -0400, Aaron Conole wrote:
> There are no in-tree callers of this function and it isn't exported.
Simon, let me know if you want to take this, or just add your
Signed-off-by.
Thanks!
> Signed-off-by: Aaron Conole
> ---
>
On Fri, Apr 14, 2017 at 08:51:19AM +0900, Simon Horman wrote:
> On Fri, Apr 14, 2017 at 01:01:34AM +0200, Pablo Neira Ayuso wrote:
> > Hi Simon,
> >
> > On Mon, Apr 10, 2017 at 09:58:32AM -0700, Simon Horman wrote:
> > > Hi Pablo,
> > >
> > >
On Mon, Apr 10, 2017 at 03:52:37PM -0400, Aaron Conole wrote:
> There are no in-tree callers.
@Jozsef, let me know if I should just take this to save you a pull
request.
Thanks.
> Signed-off-by: Aaron Conole
> ---
> net/netfilter/ipset/ip_set_core.c | 8
> 1 file
On Wed, Apr 12, 2017 at 04:32:54PM -0400, Aaron Conole wrote:
> The protonet pointer will unconditionally be rewritten, so just do the
> needed assignment first.
Also applied, thanks.
Applied, thanks.
Hi Simon,
On Mon, Apr 10, 2017 at 09:58:32AM -0700, Simon Horman wrote:
> Hi Pablo,
>
> please consider these clean-ups and enhancements to IPVS for v4.12.
>
> * Removal unused variable
> * Use kzalloc where appropriate
> * More efficient detection of presence of NAT extension
>
>
> The
On Tue, Apr 11, 2017 at 08:25:57AM -0600, David Ahern wrote:
> On 4/11/17 1:02 AM, Johannes Berg wrote:
> > On Tue, 2017-04-11 at 08:59 +0200, Pablo Neira Ayuso wrote:
> >> CAP_ACK means: trim off the payload that the netlink error message
> >> is embedding
On Mon, Apr 10, 2017 at 09:35:27AM -0600, David Ahern wrote:
> On 4/10/17 9:30 AM, Johannes Berg wrote:
> > On Mon, 2017-04-10 at 09:26 -0600, David Ahern wrote:
> >> On 4/8/17 2:24 PM, Johannes Berg wrote:
> >>> @@ -2300,14 +2332,35 @@ void netlink_ack(struct sk_buff *in_skb,
> >>> struct
Arushi,
On Sun, Apr 09, 2017 at 06:21:51AM +0800, kbuild test robot wrote:
> Hi Arushi,
>
> [auto build test WARNING on ipvs-next/master]
> [also build test WARNING on v4.11-rc5 next-20170407]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
On Sun, Apr 09, 2017 at 09:12:18AM +0530, Arushi Singhal wrote:
> On Sun, Apr 9, 2017 at 1:44 AM, Pablo Neira Ayuso <pa...@netfilter.org>
> wrote:
>
> > On Sat, Apr 08, 2017 at 08:21:56PM +0200, Jan Engelhardt wrote:
> > > On Saturday 2017-04-08 19:21, Arushi Singh
On Mon, Apr 03, 2017 at 10:55:11AM -0700, Eric Dumazet wrote:
> From: Eric Dumazet
>
> Denys provided an awesome KASAN report pointing to an use
> after free in xt_TCPMSS
>
> I have provided three patches to fix this issue, either in xt_TCPMSS or
> in xt_tcpudp.c. It seems
On Sat, Apr 08, 2017 at 08:21:56PM +0200, Jan Engelhardt wrote:
> On Saturday 2017-04-08 19:21, Arushi Singhal wrote:
>
> >Replace explicit NULL comparison with ! operator to simplify code.
>
> I still wouldn't do this, for the same reason as before. Comparing to
> NULL explicitly more or less
On Sat, Apr 08, 2017 at 09:19:30PM +0530, Arushi Singhal wrote:
> This comments are obsolete and should go, as there are no set of rules per
> CPU anymore.
Applied, thanks.
On Fri, Apr 07, 2017 at 09:29:17PM +0200, Johannes Berg wrote:
> On Fri, 2017-04-07 at 21:21 +0200, Pablo Neira Ayuso wrote:
> > I think the most flexible way is to pass the container error
> > structure to nla_parse() so it sets this for you. This would also
> > save tons of
On Fri, Apr 07, 2017 at 12:20:53PM -0700, David Miller wrote:
[...]
> Let's just discuss the UAPI, since people complain we don't talk
> about that enough :-) For those playing at home it is three new
> attributes returned in a netlink ACK when the application asks
> for the extended response:
>
On Fri, Apr 07, 2017 at 12:22:23PM -0700, David Miller wrote:
> From: Johannes Berg <johan...@sipsolutions.net>
> Date: Fri, 07 Apr 2017 21:09:45 +0200
>
> > On Fri, 2017-04-07 at 21:06 +0200, Pablo Neira Ayuso wrote:
> >> On Fri, Apr 07, 2017 at 08:59:1
On Fri, Apr 07, 2017 at 09:09:45PM +0200, Johannes Berg wrote:
> On Fri, 2017-04-07 at 21:06 +0200, Pablo Neira Ayuso wrote:
> > On Fri, Apr 07, 2017 at 08:59:12PM +0200, Johannes Berg wrote:
> > [...]
> > > Heh. I think I really want to solve - at least partially -
> &
On Fri, Apr 07, 2017 at 08:59:12PM +0200, Johannes Berg wrote:
[...]
> Heh. I think I really want to solve - at least partially - nla_parse()
> to see that it can be done this way. It'd be nice to even transform all
> the callers (I generated half of these patches with spatch anyway) to
> have at
)
We can just send follow up patches to refine, I think it's a good
start, Johannes?
BTW, for this co-authored effort in designing this:
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
Thanks!
On Wed, Mar 29, 2017 at 02:32:43PM +0530, Arushi Singhal wrote:
> Removed parentheses on the right hand side of assignment, as they are
> not required. The following coccinelle script was used to fix this
> issue:
>
> @@
> local idexpression id;
> expression e;
> @@
>
> id =
> -(
> e
> -)
You
On Sun, Apr 02, 2017 at 02:52:12PM +0530, Arushi Singhal wrote:
> Remove & from function pointers to conform to the style found elsewhere
> in the file. Done using the following semantic patch
>
> //
> @r@
> identifier f;
> @@
>
> f(...) { ... }
> @@
> identifier r.f;
> @@
>
> -
> + f
> //
On Wed, Mar 29, 2017 at 02:09:43PM +0530, Arushi Singhal wrote:
> Fix checkpatch warnings:
> WARNING: Block comments use a trailing */ on a separate line
> WARNING: Block comments use * on subsequent lines
>
> Signed-off-by: Arushi Singhal
> ---
>
On Wed, Mar 29, 2017 at 11:15:40AM +0530, simran singhal wrote:
> This patch replace list_entry with list_prev_entry as it makes the
> code more clear to read.
Also applied, thanks.
On Wed, Mar 29, 2017 at 03:25:17AM +0530, simran singhal wrote:
> For string without format specifiers, use seq_puts(). For
> seq_printf("\n"), use seq_putc('\n').
Applied, thanks.
On Wed, Mar 29, 2017 at 12:35:16AM +0530, simran singhal wrote:
> The following Coccinelle script was used to detect this:
> @r@
> expression x;
> void* e;
> type T;
> identifier f;
> @@
> (
> *((T *)e)
> |
> ((T *)x)[...]
> |
> ((T*)x)->f
> |
>
> - (T*)
> e
> )
>
> Unnecessary
On Sat, Apr 01, 2017 at 07:06:33PM +0530, simran singhal wrote:
> The function nf_nat_need_gre() on being called, simply returns
> back. The function doesn't have FIXME code around.
> Hence, nf_nat_need_gre() and its calls have been removed.
>
> Signed-off-by: simran singhal
On Tue, Mar 28, 2017 at 11:54:13PM +0530, Arushi Singhal wrote:
> This patch removes typedefs from struct and renames it from "typedef struct
> bitstr_t" to "struct bitstr" as per kernel coding standards."
>
> Signed-off-by: Arushi Singhal
> ---
>
b, u32 portid, u32
> seq, u32 type,
> struct nlattr *nest_parms;
> unsigned int flags = portid ? NLM_F_MULTI : 0, event;
>
> - event = NFNL_SUBSYS_CTNETLINK << 8 | IPCTNL_MSG_CT_NEW;
I can find many more spots to be replaced via:
git grep NFNL_SUBSYS_ net/netfilter/
Patch
Hi Arushi,
On Tue, Mar 28, 2017 at 04:03:27AM +0530, Arushi Singhal wrote:
> This patch removes multiple assignments to follow the kernel coding
> style as also reported by checkpatch.pl.
> Done using coccinelle.
> @@
> identifier i1,i2;
> constant c;
> @@
> - i1=i2=c;
> + i1=c;
> + i2=i1;
I see
On Sat, Mar 25, 2017 at 05:57:55PM +0530, Arushi Singhal wrote:
> This patch removes typedefs from struct and renames it from "typedef struct
> field_t" to "struct field" as per kernel coding standards."
>
> Signed-off-by: Arushi Singhal
> ---
>
On Tue, Apr 04, 2017 at 01:41:11PM -0400, Simon Horman wrote:
> On Wed, Mar 29, 2017 at 03:45:01PM +0530, Arushi Singhal wrote:
> > Replace explicit NULL comparison with ! operator to simplify code.
> >
> > Signed-off-by: Arushi Singhal
> > ---
> >
On Thu, Mar 30, 2017 at 07:38:08PM +0530, Arushi Singhal wrote:
> On Thu, Mar 30, 2017 at 6:25 PM, Simon Horman wrote:
>
> > On Wed, Mar 29, 2017 at 08:27:52PM +0530, Arushi Singhal wrote:
> > > This patch uses the following coccinelle script to remove
> > > a variable that
he future.
Last, we use kfree_rcu to free nf_ct_ext, so rcu_barrier() is unnecessary
anymore, remove it too.
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Acked-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/ne
ng Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nfnetlink_queue.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 3ee0b8a000a4..9
nic.
Now remove the useless snmp_helper and the unregister call in the
error handler.
Fixes: 93557f53e1fb ("netfilter: nf_conntrack: nf_conntrack snmp helper")
Signed-off-by: Gao Feng <f...@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/i
From: Jeffy Chen <jeffy.c...@rock-chips.com>
We have memory leaks of nf_conntrack_helper & expect_policy.
Signed-off-by: Jeffy Chen <jeffy.c...@rock-chips.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
net/netfilter/nfnetlink_cthelper.c | 12 +
we can walk the dummy list instead of walking the
nf_ct_helper_hash. Also, keep nfnl_cthelper_dump_table unchanged, it
may be invoked without nfnl_lock(NFNL_SUBSYS_CTHELPER) held.
Signed-off-by: Liping Zhang <zlpnob...@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
901 - 1000 of 2305 matches
Mail list logo