summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2014-01-16 20:44:54 +0100
committerDavid S. Miller <davem@davemloft.net>2014-01-16 20:44:54 +0100
commit5ff1dd24168c6dda68d72897a847c364581744ae (patch)
tree0bfef71c2b98ad9cd2df6336a7df14eaf6e53b84
parentneigh: use NEIGH_VAR_INIT in ndo_neigh_setup functions. (diff)
parentnetfilter: nft_ct: fix compilation warning if NF_CONNTRACK_MARK is not set (diff)
downloadlinux-5ff1dd24168c6dda68d72897a847c364581744ae.tar.xz
linux-5ff1dd24168c6dda68d72897a847c364581744ae.zip
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables
Pablo Neira Ayuso says: ==================== This small batch contains several Netfilter fixes for your net-next tree, more specifically: * Fix compilation warning in nft_ct in NF_CONNTRACK_MARK is not set, from Kristian Evensen. * Add dependency to IPV6 for NF_TABLES_INET. This one has been reported by the several robots that are testing .config combinations, from Paul Gortmaker. * Fix default base chain policy setting in nf_tables, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/nf_tables_api.c2
-rw-r--r--net/netfilter/nft_ct.c2
3 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index afe50c0f526f..c37467562fd0 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -429,7 +429,7 @@ config NF_TABLES
To compile it as a module, choose M here.
config NF_TABLES_INET
- depends on NF_TABLES
+ depends on NF_TABLES && IPV6
select NF_TABLES_IPV4
select NF_TABLES_IPV6
tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support"
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 36add31e08e7..117bbaaddde6 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -859,7 +859,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
nla[NFTA_CHAIN_HOOK] == NULL)
return -EOPNOTSUPP;
- policy = nla_get_be32(nla[NFTA_CHAIN_POLICY]);
+ policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY]));
switch (policy) {
case NF_DROP:
case NF_ACCEPT:
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index c7c12858e113..917052e20602 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -133,7 +133,9 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
{
const struct nft_ct *priv = nft_expr_priv(expr);
struct sk_buff *skb = pkt->skb;
+#ifdef CONFIG_NF_CONNTRACK_MARK
u32 value = data[priv->sreg].data[0];
+#endif
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;