提交 5ff1dd24 编写于 作者: D David S. Miller

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables

Pablo Neira Ayuso says:

====================
This small batch contains several Netfilter fixes for your net-next
tree, more specifically:

* Fix compilation warning in nft_ct in NF_CONNTRACK_MARK is not set,
  from Kristian Evensen.

* Add dependency to IPV6 for NF_TABLES_INET. This one has been reported
  by the several robots that are testing .config combinations, from Paul
  Gortmaker.

* Fix default base chain policy setting in nf_tables, from myself.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
...@@ -429,7 +429,7 @@ config NF_TABLES ...@@ -429,7 +429,7 @@ config NF_TABLES
To compile it as a module, choose M here. To compile it as a module, choose M here.
config NF_TABLES_INET config NF_TABLES_INET
depends on NF_TABLES depends on NF_TABLES && IPV6
select NF_TABLES_IPV4 select NF_TABLES_IPV4
select NF_TABLES_IPV6 select NF_TABLES_IPV6
tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support" tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support"
......
...@@ -859,7 +859,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, ...@@ -859,7 +859,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
nla[NFTA_CHAIN_HOOK] == NULL) nla[NFTA_CHAIN_HOOK] == NULL)
return -EOPNOTSUPP; return -EOPNOTSUPP;
policy = nla_get_be32(nla[NFTA_CHAIN_POLICY]); policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY]));
switch (policy) { switch (policy) {
case NF_DROP: case NF_DROP:
case NF_ACCEPT: case NF_ACCEPT:
......
...@@ -133,7 +133,9 @@ static void nft_ct_set_eval(const struct nft_expr *expr, ...@@ -133,7 +133,9 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
{ {
const struct nft_ct *priv = nft_expr_priv(expr); const struct nft_ct *priv = nft_expr_priv(expr);
struct sk_buff *skb = pkt->skb; struct sk_buff *skb = pkt->skb;
#ifdef CONFIG_NF_CONNTRACK_MARK
u32 value = data[priv->sreg].data[0]; u32 value = data[priv->sreg].data[0];
#endif
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
struct nf_conn *ct; struct nf_conn *ct;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册