Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git

[powerpc.git] / net / netfilter / nfnetlink.c

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index e089f17..83f4c53 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -128,18 +128,16 @@ void __nfa_fill(struct sk_buff *skb, int attrtype, int attrlen,
        memset(NFA_DATA(nfa) + attrlen, 0, NFA_ALIGN(size) - size);
 }
 
-int nfattr_parse(struct nfattr *tb[], int maxattr, struct nfattr *nfa, int len)
+void nfattr_parse(struct nfattr *tb[], int maxattr, struct nfattr *nfa, int len)
 {
        memset(tb, 0, sizeof(struct nfattr *) * maxattr);
 
        while (NFA_OK(nfa, len)) {
-               unsigned flavor = nfa->nfa_type;
+               unsigned flavor = NFA_TYPE(nfa);
                if (flavor && flavor <= maxattr)
                        tb[flavor-1] = nfa;
                nfa = NFA_NEXT(nfa, len);
        }
-
-       return 0;
 }
 
 /**
@@ -177,7 +175,7 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
                int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
 
                while (NFA_OK(attr, attrlen)) {
-                       unsigned flavor = attr->nfa_type;
+                       unsigned flavor = NFA_TYPE(attr);
                        if (flavor) {
                                if (flavor > attr_count)
                                        return -EINVAL;
@@ -195,7 +193,7 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
 
 int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo)
 {
-       int allocation = in_interrupt() ? GFP_ATOMIC : GFP_KERNEL;
+       gfp_t allocation = in_interrupt() ? GFP_ATOMIC : GFP_KERNEL;
        int err = 0;
 
        NETLINK_CB(skb).dst_group = group;
@@ -242,15 +240,18 @@ static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
        ss = nfnetlink_get_subsys(type);
        if (!ss) {
 #ifdef CONFIG_KMOD
-               /* don't call nfnl_shunlock, since it would reenter
-                * with further packet processing */
-               up(&nfnl_sem);
-               request_module("nfnetlink-subsys-%d", NFNL_SUBSYS_ID(type));
-               nfnl_shlock();
-               ss = nfnetlink_get_subsys(type);
+               if (cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) {
+                       /* don't call nfnl_shunlock, since it would reenter
+                        * with further packet processing */
+                       up(&nfnl_sem);
+                       request_module("nfnetlink-subsys-%d",
+                                       NFNL_SUBSYS_ID(type));
+                       nfnl_shlock();
+                       ss = nfnetlink_get_subsys(type);
+               }
                if (!ss)
 #endif
-               goto err_inval;
+                       goto err_inval;
        }
 
        nc = nfnetlink_find_client(type, ss);
@@ -344,14 +345,14 @@ static void nfnetlink_rcv(struct sock *sk, int len)
        } while(nfnl && nfnl->sk_receive_queue.qlen);
 }
 
-void __exit nfnetlink_exit(void)
+static void __exit nfnetlink_exit(void)
 {
        printk("Removing netfilter NETLINK layer.\n");
        sock_release(nfnl->sk_socket);
        return;
 }
 
-int __init nfnetlink_init(void)
+static int __init nfnetlink_init(void)
 {
        printk("Netfilter messages via NETLINK v%s.\n", nfversion);