diff options
author | David S. Miller <davem@davemloft.net> | 2020-01-09 00:22:41 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-01-09 00:22:41 +0100 |
commit | b73a65610b7decff6415d24940722e8aa09195cf (patch) | |
tree | 6a897bdb452eff0a5beafdd61739f80b9f3752d5 /include | |
parent | atm: eni: fix uninitialized variable warning (diff) | |
parent | netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present (diff) | |
download | linux-b73a65610b7decff6415d24940722e8aa09195cf.tar.xz linux-b73a65610b7decff6415d24940722e8aa09195cf.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Missing netns context in arp_tables, from Florian Westphal.
2) Underflow in flowtable reference counter, from wenxu.
3) Fix incorrect ethernet destination address in flowtable offload,
from wenxu.
4) Check for status of neighbour entry, from wenxu.
5) Fix NAT port mangling, from wenxu.
6) Unbind callbacks from destroy path to cleanup hardware properly
on flowtable removal.
7) Fix missing casting statistics timestamp, add nf_flowtable_time_stamp
and use it.
8) NULL pointer exception when timeout argument is null in conntrack
dccp and sctp protocol helpers, from Florian Westphal.
9) Possible nul-dereference in ipset with IPSET_ATTR_LINENO, also from
Florian.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netfilter/nf_flow_table.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index f0897b3c97fb..415b8f49d150 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -106,6 +106,12 @@ struct flow_offload { }; #define NF_FLOW_TIMEOUT (30 * HZ) +#define nf_flowtable_time_stamp (u32)jiffies + +static inline __s32 nf_flow_timeout_delta(unsigned int timeout) +{ + return (__s32)(timeout - nf_flowtable_time_stamp); +} struct nf_flow_route { struct { |