Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Conflicts:
	net/netfilter/xt_TEE.c

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree,
they are:

1) Fix crash when TEE target is used with no --oif, from Eric Dumazet.

2) Oneliner to fix a crash on the redirect traffic to localhost
   infrastructure when interface has not yet an address, from
   Munehisa Kamata.

3) Oneliner not to request module all the time from nfnetlink due to
   wrong type value, from Florian Westphal.

I'll make sure these patches 1 and 2 hit -stable.
====================

The conflict in net/netfilter/xt_TEE.c was minor, a change
to the 'oif' selection overlapping a function signature
change for the nf_dup_ipv{4,6}() routines.

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netfilter/nf_nat_redirect.c b/net/netfilter/nf_nat_redirect.c
index 97b75f9bfbcd6852bdff9ca2d2e218b3539a0f8b..d43869879fcfcea6ca23e3a579bd21f8aa855b10 100644 (file)
--- a/net/netfilter/nf_nat_redirect.c
+++ b/net/netfilter/nf_nat_redirect.c
@@ -55,7 +55,7 @@ nf_nat_redirect_ipv4(struct sk_buff *skb,
 
                rcu_read_lock();
                indev = __in_dev_get_rcu(skb->dev);
-               if (indev != NULL) {
+               if (indev && indev->ifa_list) {
                        ifa = indev->ifa_list;
                        newdst = ifa->ifa_local;
                }

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index f1d9e887f5b157b58578a5a7244d65be788bb13b..46453ab318db0bf2a4bc957dcad6742ccbcacc92 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -492,7 +492,7 @@ static int nfnetlink_bind(struct net *net, int group)
        type = nfnl_group2type[group];
 
        rcu_read_lock();
-       ss = nfnetlink_get_subsys(type);
+       ss = nfnetlink_get_subsys(type << 8);
        rcu_read_unlock();
        if (!ss)
                request_module("nfnetlink-subsys-%d", type);

diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index 899b06115fc53c87ea34eb1bf975666e1992ca98..3eff7b67cdf2f5277c2004cf48c2f4e37c218068 100644 (file)
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -31,8 +31,9 @@ static unsigned int
 tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_tee_tginfo *info = par->targinfo;
+       int oif = info->priv ? info->priv->oif : 0;
 
-       nf_dup_ipv4(par->net, skb, par->hooknum, &info->gw.in, info->priv->oif);
+       nf_dup_ipv4(par->net, skb, par->hooknum, &info->gw.in, oif);
 
        return XT_CONTINUE;
 }
@@ -42,8 +43,9 @@ static unsigned int
 tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_tee_tginfo *info = par->targinfo;
+       int oif = info->priv ? info->priv->oif : 0;
 
-       nf_dup_ipv6(par->net, skb, par->hooknum, &info->gw.in6, info->priv->oif);
+       nf_dup_ipv6(par->net, skb, par->hooknum, &info->gw.in6, oif);
 
        return XT_CONTINUE;
 }