linux-hardened/net/netfilter
Linus Torvalds 4ac4d58488 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) The wireless rate info fix from Johannes Berg.

 2) When a RAW socket is in hdrincl mode, we need to make sure that the
    user provided at least a minimally sized ipv4/ipv6 header. Fix from
    Alexander Potapenko.

 3) We must emit IFLA_PHYS_PORT_NAME netlink attributes using
    nla_put_string() so that it is NULL terminated.

 4) Fix a bug in TCP fastopen handling, wherein child sockets
    erroneously inherit the fastopen_req from the parent, and later can
    end up derefencing freed memory or doing a double free. From Eric
    Dumazet.

 5) Don't clear out netdev stats at close time in tg3 driver, from
    YueHaibing.

 6) Fix refcount leak in xt_CT, from Gao Feng.

 7) In nft_set_bitmap() don't leak dummy elements, from Liping Zhang.

 8) Fix deadlock due to taking the expectation lock twice, also from
    Liping Zhang.

 9) Make xt_socket work again with ipv6, from Peter Tirsek.

10) Don't allow IPV6 to be used with IPVS if ipv6.disable=1, from Paolo
    Abeni.

11) Make the BPF loader more flexible wrt. changes to the bpf MAP entry
    layout. From Jesper Dangaard Brouer.

12) Fix ethtool reported device name in aquantia driver, from Pavel
    Belous.

13) Fix build failures due to the compile time size test not working in
    netfilter conntrack. From Geert Uytterhoeven.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (52 commits)
  cfg80211: make RATE_INFO_BW_20 the default
  ipv6: initialize route null entry in addrconf_init()
  qede: Fix possible misconfiguration of advertised autoneg value.
  qed: Fix overriding of supported autoneg value.
  qed*: Fix possible overflow for status block id field.
  rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
  netvsc: make sure napi enabled before vmbus_open
  aquantia: Fix driver name reported by ethtool
  ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
  net/sched: remove redundant null check on head
  tcp: do not inherit fastopen_req from parent
  forcedeth: remove unnecessary carrier status check
  ibmvnic: Move queue restarting in ibmvnic_tx_complete
  ibmvnic: Record SKB RX queue during poll
  ibmvnic: Continue skb processing after skb completion error
  ibmvnic: Check for driver reset first in ibmvnic_xmit
  ibmvnic: Wait for any pending scrqs entries at driver close
  ibmvnic: Clean up tx pools when closing
  ibmvnic: Whitespace correction in release_rx_pools
  ibmvnic: Delete napi's when releasing driver resources
  ...
2017-05-04 12:26:43 -07:00
..
ipset Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
ipvs Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2017-05-03 10:11:26 -04:00
core.c netfilter: nf_queue: only call synchronize_net twice if nf_queue is active 2017-05-01 11:19:12 +02:00
Kconfig netfilter: nft_exthdr: add TCP option matching 2017-02-08 14:17:09 +01:00
Makefile netfilter: nf_tables: add bitmap set type 2017-02-08 14:16:21 +01:00
nf_conntrack_acct.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_amanda.c netfilter: helper: add build-time asserts for helper data size 2017-04-19 17:55:16 +02:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: conntrack: Force inlining of build check to prevent build failure 2017-05-03 09:51:26 -04:00
nf_conntrack_ecache.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_expect.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nf_conntrack_extend.c netfilter: nf_ct_ext: invoke destroy even when ext is not attached 2017-05-01 11:48:49 +02:00
nf_conntrack_ftp.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931 2016-07-11 12:32:45 +02:00
nf_conntrack_h323_main.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2017-05-03 10:11:26 -04:00
nf_conntrack_irc.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c netfilter: helper: add build-time asserts for helper data size 2017-04-19 17:55:16 +02:00
nf_conntrack_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2017-05-03 10:11:26 -04:00
nf_conntrack_pptp.c netfilter: pptp: attach nat extension when needed 2017-04-26 09:30:22 +02:00
nf_conntrack_proto.c netfilter: nf_conntrack: remove double assignment 2017-04-14 01:54:23 +02:00
nf_conntrack_proto_dccp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nf_conntrack_proto_generic.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_gre.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
nf_conntrack_proto_sctp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nf_conntrack_proto_tcp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nf_conntrack_proto_udp.c netfilter: conntrack: no need to pass ctinfo to error handler 2017-02-02 14:31:51 +01:00
nf_conntrack_sane.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_sip.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: Use seq_puts()/seq_putc() where possible 2017-04-07 17:29:21 +02:00
nf_conntrack_tftp.c netfilter: helpers: remove data_len usage for inkernel helpers 2017-04-19 17:55:17 +02:00
nf_conntrack_timeout.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_dup_netdev.c netfilter: add and use nf_fwd_netdev_egress 2016-12-06 21:48:22 +01:00
nf_internals.h netfilter: nf_queue: only call synchronize_net twice if nf_queue is active 2017-05-01 11:19:12 +02:00
nf_log.c netfilter: nf_log: don't call synchronize_rcu in nf_log_unset 2017-05-01 11:19:07 +02:00
nf_log_common.c netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
nf_log_netdev.c netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
nf_nat_amanda.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nf_nat_ftp.c
nf_nat_helper.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_irc.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_proto_common.c
nf_nat_proto_dccp.c netfilter: built-in NAT support for DCCP 2016-12-04 20:45:30 +01:00
nf_nat_proto_sctp.c netfilter: nf_nat_sctp: fix ICMP packet to be dropped accidently 2017-03-08 18:04:06 +01:00
nf_nat_proto_tcp.c
nf_nat_proto_udp.c netfilter: nat: merge udp and udplite helpers 2017-01-03 14:33:25 +01:00
nf_nat_proto_unknown.c
nf_nat_redirect.c netfilter: make it safer during the inet6_dev->addr_list traversal 2017-04-08 23:52:16 +02:00
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: only call synchronize_net twice if nf_queue is active 2017-05-01 11:19:12 +02:00
nf_sockopt.c
nf_synproxy_core.c netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14 2017-04-19 17:55:17 +02:00
nf_tables_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2017-05-03 10:11:26 -04:00
nf_tables_core.c netfilter: nf_tables: simplify the basic expressions' init routine 2016-11-09 23:42:23 +01:00
nf_tables_inet.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nf_tables_netdev.c netfilter: nf_tables: add nft_is_base_chain() helper 2017-04-06 18:32:04 +02:00
nf_tables_trace.c netfilter: Add nfnl_msg_type() helper function 2017-04-07 16:31:36 +02:00
nfnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nfnetlink_acct.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nfnetlink_cthelper.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nfnetlink_cttimeout.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nfnetlink_log.c netfilter: nf_log: don't call synchronize_rcu in nf_log_unset 2017-05-01 11:19:07 +02:00
nfnetlink_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nft_bitwise.c netfilter: nf_tables: simplify the basic expressions' init routine 2016-11-09 23:42:23 +01:00
nft_byteorder.c netfilter: nf_tables: simplify the basic expressions' init routine 2016-11-09 23:42:23 +01:00
nft_cmp.c netfilter: nf_tables: simplify the basic expressions' init routine 2016-11-09 23:42:23 +01:00
nft_compat.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nft_counter.c netfilter: provide nft_ctx in object init function 2017-03-13 13:42:00 +01:00
nft_ct.c netfilter: nft_ct: allow to set ctnetlink event types of a connection 2017-04-19 17:55:16 +02:00
nft_dup_netdev.c netfilter: nf_tables: add packet duplication to the netdev family 2016-01-03 21:04:23 +01:00
nft_dynset.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2017-05-03 10:11:26 -04:00
nft_exthdr.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_fib.c netfilter: nft_fib: Support existence check 2017-03-13 13:45:36 +01:00
nft_fib_inet.c netfilter: nf_tables: use hook state from xt_action_param structure 2016-11-03 11:52:34 +01:00
nft_fwd_netdev.c netfilter: add and use nf_fwd_netdev_egress 2016-12-06 21:48:22 +01:00
nft_hash.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-05-01 10:47:53 -04:00
nft_immediate.c netfilter: nf_tables: simplify the basic expressions' init routine 2016-11-09 23:42:23 +01:00
nft_limit.c netfilter: limit: use per-rule spinlock to improve the scalability 2017-03-13 19:30:31 +01:00
nft_log.c netfilter: nft_log: restrict the log prefix length to 127 2017-01-24 21:46:29 +01:00
nft_lookup.c netfilter: nf_tables: add nft_set_lookup() 2017-03-06 18:23:23 +01:00
nft_masq.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_meta.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_nat.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-03-23 16:41:27 -07:00
nft_numgen.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_objref.c netfilter: nf_tables: add nft_set_lookup() 2017-03-06 18:23:23 +01:00
nft_payload.c netfilter: nft_payload: mangle ckecksum if NFT_PAYLOAD_L4CSUM_PSEUDOHDR is set 2016-12-14 23:39:11 +01:00
nft_queue.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_quota.c netfilter: provide nft_ctx in object init function 2017-03-13 13:42:00 +01:00
nft_range.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
nft_redir.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_reject.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_reject_inet.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_rt.c netfilter: nf_tables: use hook state from xt_action_param structure 2016-11-03 11:52:34 +01:00
nft_set_bitmap.c netfilter: nft_set_bitmap: free dummy elements when destroy the set 2017-04-24 20:05:25 +02:00
nft_set_hash.c netfilter: Remove unnecessary cast on void pointer 2017-04-07 17:29:17 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: use per-set rwlock to improve the scalability 2017-03-13 19:30:43 +01:00
x_tables.c netfilter: x_tables: unlock on error in xt_find_table_lock() 2017-04-28 15:49:48 +02:00
xt_addrtype.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_AUDIT.c audit: normalize NETFILTER_PKT 2017-05-02 10:16:04 -04:00
xt_bpf.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_cgroup.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c netfilter: remove nf_ct_is_untracked 2017-04-15 11:51:33 +02:00
xt_comment.c
xt_connbytes.c netfilter: add and use nf_ct_netns_get/put 2016-12-04 21:16:50 +01:00
xt_connlabel.c netfilter: remove nf_ct_is_untracked 2017-04-15 11:51:33 +02:00
xt_connlimit.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_connmark.c netfilter: remove nf_ct_is_untracked 2017-04-15 11:51:33 +02:00
xt_CONNSECMARK.c netfilter: add and use nf_ct_netns_get/put 2016-12-04 21:16:50 +01:00
xt_conntrack.c netfilter: kill the fake untracked conntrack objects 2017-04-15 11:47:57 +02:00
xt_cpu.c
xt_CT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2017-05-03 10:11:26 -04:00
xt_dccp.c
xt_devgroup.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_dscp.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: Remove unnecessary cast on void pointer 2017-04-07 17:29:17 +02:00
xt_helper.c netfilter: add and use nf_ct_netns_get/put 2016-12-04 21:16:50 +01:00
xt_HL.c
xt_hl.c
xt_HMARK.c netfilter: remove nf_ct_is_untracked 2017-04-15 11:51:33 +02:00
xt_IDLETIMER.c netfilter: IDLETIMER: fix race condition when destroy the target 2016-04-29 14:28:48 +02:00
xt_ipcomp.c netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name 2016-10-17 17:38:19 +02:00
xt_iprange.c
xt_ipvs.c netfilter: remove nf_ct_is_untracked 2017-04-15 11:51:33 +02:00
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c netfilter: limit: use per-rule spinlock to improve the scalability 2017-03-13 19:30:31 +01:00
xt_LOG.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_mac.c
xt_mark.c
xt_multiport.c netfilter: xt_multiport: Fix wrong unmatch result with multiple ports 2016-12-06 21:48:20 +01:00
xt_nat.c netfilter: nat: add dependencies on conntrack module 2016-12-04 21:16:51 +01:00
xt_NETMAP.c netfilter: nat: add dependencies on conntrack module 2016-12-04 21:16:51 +01:00
xt_nfacct.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_NFLOG.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_NFQUEUE.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_osf.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_owner.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
xt_physdev.c netfilter: physdev: add missed blank 2016-08-12 00:42:14 +02:00
xt_pkttype.c netfilter: pkttype: unnecessary to check ipv6 multicast address 2017-01-18 20:32:43 +01:00
xt_policy.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_quota.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_RATEEST.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_rateest.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_realm.c
xt_recent.c netfilter: Use seq_puts()/seq_putc() where possible 2017-04-07 17:29:21 +02:00
xt_REDIRECT.c netfilter: nat: add dependencies on conntrack module 2016-12-04 21:16:51 +01:00
xt_repldata.h
xt_sctp.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
xt_SECMARK.c
xt_set.c netfilter: ipset: Improve skbinfo get/init helpers 2016-11-10 13:28:42 +01:00
xt_socket.c netfilter: xt_socket: Fix broken IPv6 handling 2017-04-24 20:06:29 +02:00
xt_state.c netfilter: kill the fake untracked conntrack objects 2017-04-15 11:47:57 +02:00
xt_statistic.c
xt_string.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_TCPMSS.c netfilter: xt_TCPMSS: add more sanity tests on tcph->doff 2017-04-08 22:24:19 +02:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
xt_TEE.c xtables: extend matches and targets with .usersize 2017-01-09 17:24:55 +01:00
xt_time.c ktime: Get rid of the union 2016-12-25 17:21:22 +01:00
xt_TPROXY.c netfilter: make it safer during the inet6_dev->addr_list traversal 2017-04-08 23:52:16 +02:00
xt_TRACE.c netfilter: xt_TRACE: add explicitly nf_logger_find_get call 2016-06-23 13:26:49 +02:00
xt_u32.c