diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2022-12-13 19:32:52 -0800 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-12-13 19:32:53 -0800 |
| commit | 7ae9888d6e1ce4062d27367a28e46a26270a3e52 (patch) | |
| tree | e8ffc57b854565497542ebce8932c815d866465c /net/netfilter | |
| parent | 2d4ee16d969c97996e80e4c9cb6de0acaff22c9f (diff) | |
| parent | f9645abe4255bd79e4c63799634c996dd53db321 (diff) | |
| download | linux-7ae9888d6e1ce4062d27367a28e46a26270a3e52.tar.bz2 | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter/IPVS fixes for net
1) Fix NAT IPv6 flowtable hardware offload, from Qingfang DENG.
2) Add a safety check to IPVS socket option interface report a
warning if unsupported command is seen, this. From Li Qiong.
3) Document SCTP conntrack timeouts, from Sriram Yagnaraman.
* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: conntrack: document sctp timeouts
ipvs: add a 'default' case in do_ip_vs_set_ctl()
netfilter: flowtable: really fix NAT IPv6 offload
====================
Link: https://lore.kernel.org/r/20221213140923.154594-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 5 | ||||
| -rw-r--r-- | net/netfilter/nf_flow_table_offload.c | 6 |
2 files changed, 8 insertions, 3 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index c9f598505642..2a5ed71c82c3 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2841,6 +2841,11 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, sockptr_t ptr, unsigned int len) break; case IP_VS_SO_SET_DELDEST: ret = ip_vs_del_dest(svc, &udest); + break; + default: + WARN_ON_ONCE(1); + ret = -EINVAL; + break; } out_unlock: diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index 0fdcdb2c9ae4..4d9b99abe37d 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -383,12 +383,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, const __be32 *addr, const __be32 *mask) { struct flow_action_entry *entry; - int i, j; + int i; - for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) { + for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i++) { entry = flow_action_entry_next(flow_rule); flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6, - offset + i, &addr[j], mask); + offset + i * sizeof(u32), &addr[i], mask); } } |