diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-29 08:29:55 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-29 08:29:55 -0800 |
commit | 219ff3ad611ecfe8a2fd29b8c50a5313c9d15383 (patch) | |
tree | 69a9ad12ed64d0966ec63bb5c4699e3effb5490f /net/netfilter | |
parent | 547598d3a91f11b1f802bf0b122f777c3c22f26d (diff) | |
parent | 2335f8ec27e125208d8d2d3e257a82862c4977d6 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (79 commits)
[X25]: Use proc_create() to setup ->proc_fops first
[WANROUTER]: Use proc_create() to setup ->proc_fops first
[8021Q]: Use proc_create() to setup ->proc_fops first
[IPV4]: Use proc_create() to setup ->proc_fops first
[IPV6]: Use proc_create() to setup ->proc_fops first
[SCTP]: Use proc_create() to setup ->proc_fops first
[PKTGEN]: Use proc_create() to setup ->proc_fops first
[NEIGHBOUR]: Use proc_create() to setup ->proc_fops first
[LLC]: Use proc_create() to setup ->proc_fops first
[IPX]: Use proc_create() to setup ->proc_fops first
[SUNRPC]: Use proc_create() to setup ->proc_fops first
[ATM]: Use proc_create() to setup ->proc_fops first
[SCTP]: Update AUTH structures to match declarations in draft-16.
[SCTP]: Incorrect length was used in SCTP_*_AUTH_CHUNKS socket option
[SCTP]: Clean up naming conventions of sctp protocol/address family registration
[APPLETALK]: Use proc_create() to setup ->proc_fops first
[BNX2X]: add bnx2x to MAINTAINERS
[BNX2X]: update version, remove CVS strings
[BNX2X]: Fix Xmit bugs
[BNX2X]: Prevent PCI queue overflow
...
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 15 | ||||
-rw-r--r-- | net/netfilter/xt_conntrack.c | 4 |
2 files changed, 14 insertions, 5 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 327e847d2702..b77eb56a87e3 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -256,13 +256,19 @@ __nf_conntrack_find(const struct nf_conntrack_tuple *tuple) struct hlist_node *n; unsigned int hash = hash_conntrack(tuple); + /* Disable BHs the entire time since we normally need to disable them + * at least once for the stats anyway. + */ + local_bh_disable(); hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) { if (nf_ct_tuple_equal(tuple, &h->tuple)) { NF_CT_STAT_INC(found); + local_bh_enable(); return h; } NF_CT_STAT_INC(searched); } + local_bh_enable(); return NULL; } @@ -400,17 +406,20 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, struct hlist_node *n; unsigned int hash = hash_conntrack(tuple); - rcu_read_lock(); + /* Disable BHs the entire time since we need to disable them at + * least once for the stats anyway. + */ + rcu_read_lock_bh(); hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) { if (nf_ct_tuplehash_to_ctrack(h) != ignored_conntrack && nf_ct_tuple_equal(tuple, &h->tuple)) { NF_CT_STAT_INC(found); - rcu_read_unlock(); + rcu_read_unlock_bh(); return 1; } NF_CT_STAT_INC(searched); } - rcu_read_unlock(); + rcu_read_unlock_bh(); return 0; } diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 85330856a29c..0c50b2894055 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c @@ -122,7 +122,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr, const union nf_inet_addr *umask, unsigned int l3proto) { if (l3proto == AF_INET) - return (kaddr->ip & umask->ip) == uaddr->ip; + return ((kaddr->ip ^ uaddr->ip) & umask->ip) == 0; else if (l3proto == AF_INET6) return ipv6_masked_addr_cmp(&kaddr->in6, &umask->in6, &uaddr->in6) == 0; @@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in, if (test_bit(IPS_DST_NAT_BIT, &ct->status)) statebit |= XT_CONNTRACK_STATE_DNAT; } - if ((info->state_mask & statebit) ^ + if (!!(info->state_mask & statebit) ^ !(info->invert_flags & XT_CONNTRACK_STATE)) return false; } |