diff options
author | David S. Miller <davem@davemloft.net> | 2010-03-25 19:48:58 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-03-25 19:48:58 +0100 |
commit | 80bb3a00fa314e3c5dbbd23a38bfaf94f2402b99 (patch) | |
tree | ef2e5b4dde5ef7674b5cc713db9dc925d1f98f15 /net | |
parent | af_key: return error if pfkey_xfrm_policy2msg_prep() fails (diff) | |
parent | netfilter: xt_hashlimit: IPV6 bugfix (diff) | |
download | linux-80bb3a00fa314e3c5dbbd23a38bfaf94f2402b99.tar.xz linux-80bb3a00fa314e3c5dbbd23a38bfaf94f2402b99.zip |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_hashlimit.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_recent.c | 2 |
3 files changed, 5 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index aef31a29de9e..b9cf7cd61923 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c @@ -13,7 +13,7 @@ static const struct xt_table packet_raw = { .valid_hooks = RAW_VALID_HOOKS, .me = THIS_MODULE, .af = NFPROTO_IPV6, - .priority = NF_IP6_PRI_FIRST, + .priority = NF_IP6_PRI_RAW, }; /* The work comes in here from netfilter.c. */ diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 9e9c48963942..215a64835de8 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -493,6 +493,7 @@ static void hashlimit_ipv6_mask(__be32 *i, unsigned int p) case 64 ... 95: i[2] = maskl(i[2], p - 64); i[3] = 0; + break; case 96 ... 127: i[3] = maskl(i[3], p - 96); break; @@ -879,7 +880,8 @@ static void dl_seq_stop(struct seq_file *s, void *v) struct xt_hashlimit_htable *htable = s->private; unsigned int *bucket = (unsigned int *)v; - kfree(bucket); + if (!IS_ERR(bucket)) + kfree(bucket); spin_unlock_bh(&htable->lock); } diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 7073dbb8100c..971d172afece 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c @@ -267,7 +267,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par) for (i = 0; i < e->nstamps; i++) { if (info->seconds && time_after(time, e->stamps[i])) continue; - if (info->hit_count && ++hits >= info->hit_count) { + if (!info->hit_count || ++hits >= info->hit_count) { ret = !ret; break; } |