diff options
author | David S. Miller <davem@davemloft.net> | 2014-01-16 20:44:54 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-01-16 20:44:54 +0100 |
commit | 5ff1dd24168c6dda68d72897a847c364581744ae (patch) | |
tree | 0bfef71c2b98ad9cd2df6336a7df14eaf6e53b84 | |
parent | neigh: use NEIGH_VAR_INIT in ndo_neigh_setup functions. (diff) | |
parent | netfilter: nft_ct: fix compilation warning if NF_CONNTRACK_MARK is not set (diff) | |
download | linux-5ff1dd24168c6dda68d72897a847c364581744ae.tar.xz linux-5ff1dd24168c6dda68d72897a847c364581744ae.zip |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables
Pablo Neira Ayuso says:
====================
This small batch contains several Netfilter fixes for your net-next
tree, more specifically:
* Fix compilation warning in nft_ct in NF_CONNTRACK_MARK is not set,
from Kristian Evensen.
* Add dependency to IPV6 for NF_TABLES_INET. This one has been reported
by the several robots that are testing .config combinations, from Paul
Gortmaker.
* Fix default base chain policy setting in nf_tables, from myself.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/Kconfig | 2 | ||||
-rw-r--r-- | net/netfilter/nf_tables_api.c | 2 | ||||
-rw-r--r-- | net/netfilter/nft_ct.c | 2 |
3 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index afe50c0f526f..c37467562fd0 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -429,7 +429,7 @@ config NF_TABLES To compile it as a module, choose M here. config NF_TABLES_INET - depends on NF_TABLES + depends on NF_TABLES && IPV6 select NF_TABLES_IPV4 select NF_TABLES_IPV6 tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support" diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 36add31e08e7..117bbaaddde6 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -859,7 +859,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, nla[NFTA_CHAIN_HOOK] == NULL) return -EOPNOTSUPP; - policy = nla_get_be32(nla[NFTA_CHAIN_POLICY]); + policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY])); switch (policy) { case NF_DROP: case NF_ACCEPT: diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index c7c12858e113..917052e20602 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -133,7 +133,9 @@ static void nft_ct_set_eval(const struct nft_expr *expr, { const struct nft_ct *priv = nft_expr_priv(expr); struct sk_buff *skb = pkt->skb; +#ifdef CONFIG_NF_CONNTRACK_MARK u32 value = data[priv->sreg].data[0]; +#endif enum ip_conntrack_info ctinfo; struct nf_conn *ct; |