projects
/
powerpc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[NETFILTER]: nf_nat: properly use RCU API for nf_nat_protos array
[powerpc.git]
/
net
/
ipv4
/
netfilter
/
nf_nat_rule.c
diff --git
a/net/ipv4/netfilter/nf_nat_rule.c
b/net/ipv4/netfilter/nf_nat_rule.c
index
b868ee0
..
147a437
100644
(file)
--- a/
net/ipv4/netfilter/nf_nat_rule.c
+++ b/
net/ipv4/netfilter/nf_nat_rule.c
@@
-56,8
+56,8
@@
static struct
/* PRE_ROUTING */
{
.entry = {
/* PRE_ROUTING */
{
.entry = {
- .target_offset = sizeof(struct ipt_entry),
- .next_offset = sizeof(struct ipt_standard),
+ .target_offset = sizeof(struct ipt_entry),
+ .next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
},
.target = {
.target = {
@@
-71,8
+71,8
@@
static struct
/* POST_ROUTING */
{
.entry = {
/* POST_ROUTING */
{
.entry = {
- .target_offset = sizeof(struct ipt_entry),
- .next_offset = sizeof(struct ipt_standard),
+ .target_offset = sizeof(struct ipt_entry),
+ .next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
},
.target = {
.target = {
@@
-86,8
+86,8
@@
static struct
/* LOCAL_OUT */
{
.entry = {
/* LOCAL_OUT */
{
.entry = {
- .target_offset = sizeof(struct ipt_entry),
- .next_offset = sizeof(struct ipt_standard),
+ .target_offset = sizeof(struct ipt_entry),
+ .next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
},
.target = {
.target = {
@@
-119,7
+119,7
@@
static struct
}
};
}
};
-static struct
ip
t_table nat_table = {
+static struct
x
t_table nat_table = {
.name = "nat",
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.name = "nat",
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
@@
-145,7
+145,7
@@
static unsigned int ipt_snat_target(struct sk_buff **pskb,
/* Connection must be valid and new. */
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
/* Connection must be valid and new. */
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
- ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+ ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
NF_CT_ASSERT(out);
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
NF_CT_ASSERT(out);
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
@@
-226,6
+226,10
@@
static int ipt_dnat_checkentry(const char *tablename,
printk("DNAT: multiple ranges no longer supported\n");
return 0;
}
printk("DNAT: multiple ranges no longer supported\n");
return 0;
}
+ if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) {
+ printk("DNAT: port randomization not supported\n");
+ return 0;
+ }
return 1;
}
return 1;
}
@@
-252,8
+256,8
@@
alloc_null_binding(struct nf_conn *ct,
unsigned int
alloc_null_binding_confirmed(struct nf_conn *ct,
unsigned int
alloc_null_binding_confirmed(struct nf_conn *ct,
-
struct nf_nat_info *info,
-
unsigned int hooknum)
+ struct nf_nat_info *info,
+ unsigned int hooknum)
{
__be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
{
__be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
@@
-290,7
+294,7
@@
int nf_nat_rule_find(struct sk_buff **pskb,
return ret;
}
return ret;
}
-static struct
ip
t_target ipt_snat_reg = {
+static struct
x
t_target ipt_snat_reg = {
.name = "SNAT",
.target = ipt_snat_target,
.targetsize = sizeof(struct nf_nat_multi_range_compat),
.name = "SNAT",
.target = ipt_snat_target,
.targetsize = sizeof(struct nf_nat_multi_range_compat),