1. 10 Nov, 2015 2 commits
    • Arnd Bergmann's avatar
      netfilter: fix xt_TEE and xt_TPROXY dependencies · 74ec4d55
      Arnd Bergmann authored
      Kconfig is too smart for its own good: a Kconfig line that states
      
      	select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES
      
      means that if IP6_NF_IPTABLES is set to 'm', then NF_DEFRAG_IPV6 will
      also be set to 'm', regardless of the state of the symbol from which
      it is selected. When the xt_TEE driver is built-in and nothing else
      forces NF_DEFRAG_IPV6 to be built-in, this causes a link-time error:
      
      net/built-in.o: In function `tee_tg6':
      net/netfilter/xt_TEE.c:46: undefined reference to `nf_dup_ipv6'
      
      This works around that behavior by changing the dependency to
      'if IP6_NF_IPTABLES != n', which is interpreted as boolean expression
      rather than a tristate and causes the NF_DEFRAG_IPV6 symbol to
      be built-in as well.
      
      The bug only occurs once in thousands of 'randconfig' builds and
      does not really impact real users. From inspecting the other
      surrounding Kconfig symbols, I am guessing that NETFILTER_XT_TARGET_TPROXY
      and NETFILTER_XT_MATCH_SOCKET have the same issue. If not, this
      change should still be harmless.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      74ec4d55
    • Arnd Bergmann's avatar
      netfilter: nfnetlink_log: work around uninitialized variable warning · c872a2d9
      Arnd Bergmann authored
      After a recent (correct) change, gcc started warning about the use
      of the 'flags' variable in nfulnl_recv_config()
      
      net/netfilter/nfnetlink_log.c: In function 'nfulnl_recv_config':
      net/netfilter/nfnetlink_log.c:320:14: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/nfnetlink_log.c:828:6: note: 'flags' was declared here
      
      The warning first shows up in ARM s3c2410_defconfig with gcc-4.3 or
      higher (including 5.2.1, which is the latest version I checked) I
      tried working around it by rearranging the code but had no success
      with that.
      
      As a last resort, this initializes the variable to zero, which shuts
      up the warning, but means that we don't get a warning if the code
      is ever changed in a way that actually causes the variable to be
      used without first being written.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 8cbc8708 ("netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      c872a2d9
  2. 09 Nov, 2015 1 commit
  3. 08 Nov, 2015 1 commit
    • Pablo Neira Ayuso's avatar
      Merge branch 'master' of git://blackhole.kfki.hu/nf · e75cb467
      Pablo Neira Ayuso authored
      Jozsef Kadlecsik says:
      ====================
      Please apply the next bugfixes against the nf tree.
      
      - Fix extensions alignment in ipset: Gerhard Wiesinger reported
        that the missing data aligments lead to crash on non-intel
        architecture. The patch was tested on armv7h by Gerhard Wiesinger
        and on x86_64 and sparc64 by me.
      - An incorrect index at the hash:* types could lead to
        falsely early expired entries and memory leak when the comment
        extension was used too.
      - Release empty hash bucket block when all entries are expired or
        all slots are empty instead of shrinkig the data part to zero.
      ====================
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      e75cb467
  4. 07 Nov, 2015 3 commits
  5. 06 Nov, 2015 2 commits
  6. 05 Nov, 2015 31 commits