kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net/netfilter
History
Gao feng fa0f61f05e netfilter: nf_conntrack: fix nf_conntrack_l3proto_register 
Before commit 2c352f444c
(netfilter: nf_conntrack: prepare namespace support for
l4 protocol trackers), we register sysctl before register
protocol tracker. Thus, if sysctl is registration fails,
the protocol tracker will not be registered.

After that commit, if sysctl registration fails, protocol
registration still remains, so we leave things in intermediate
state.

To fix this, this patch registers sysctl before protocols.
And if protocol registration fail, sysctl is unregistered.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-27 18:11:15 +02:00
..
ipset Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
ipvs Merge branch 'master' of git://1984.lsi.us.es/net-next 2012-06-11 12:56:14 -07:00
core.c netfilter: nfnetlink_queue: fix compilation with CONFIG_NF_NAT=m and CONFIG_NF_CT_NETLINK=y 2012-06-22 02:49:52 +02:00
Kconfig netfilter: nfnetlink_queue: fix compilation with NF_CONNTRACK disabled 2012-06-19 04:44:57 +02:00
Makefile netfilter: nfnetlink_queue: fix compilation with NF_CONNTRACK disabled 2012-06-19 04:44:57 +02:00
nf_conntrack_acct.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_amanda.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_broadcast.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_core.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_ecache.c netfilter: nf_ct_ecache: refactor notifier registration 2012-05-08 19:17:23 +02:00
nf_conntrack_expect.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_extend.c netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_h323_asn1.c netfilter: h323: bug in parsing of ASN1 SEQOF field 2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c Merge branch 'master' of git://1984.lsi.us.es/nf-next 2012-06-16 15:23:35 -07:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_ct_helper: disable automatic helper re-assignment of different type 2012-06-19 01:24:52 +02:00
nf_conntrack_irc.c netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 2012-06-16 15:08:39 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c netfilter: ctnetlink: add new messages to obtain statistics 2012-06-27 17:28:03 +02:00
nf_conntrack_pptp.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_proto.c netfilter: nf_conntrack: fix nf_conntrack_l3proto_register 2012-06-27 18:11:15 +02:00
nf_conntrack_proto_dccp.c netfilter: nf_conntrack: add namespace support for cttimeout 2012-06-07 14:58:41 +02:00
nf_conntrack_proto_generic.c netfilter: nf_conntrack: add namespace support for cttimeout 2012-06-07 14:58:41 +02:00
nf_conntrack_proto_gre.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack: add namespace support for cttimeout 2012-06-07 14:58:41 +02:00
nf_conntrack_proto_tcp.c netfilter: nf_ct_tcp, udp: fix compilation with sysctl disabled 2012-06-11 15:22:46 -07:00
nf_conntrack_proto_udp.c netfilter: nf_ct_tcp, udp: fix compilation with sysctl disabled 2012-06-11 15:22:46 -07:00
nf_conntrack_proto_udplite.c netfilter: nf_conntrack: add namespace support for cttimeout 2012-06-07 14:58:41 +02:00
nf_conntrack_sane.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_sip.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_snmp.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_standalone.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_tftp.c netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 2012-06-16 15:08:39 +02:00
nf_conntrack_timeout.c netfilter: nf_ct_ext: add timeout extension 2012-03-07 17:41:25 +01:00
nf_conntrack_timestamp.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_internals.h
nf_log.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_queue.c netfilter: nf_queue: fix queueing of bridged gro skbs 2012-02-09 20:47:53 +01:00
nf_sockopt.c
nf_tproxy_core.c netfilter: tproxy: do not assign timewait sockets to skb->sk 2011-02-17 11:32:38 +01:00
nfnetlink.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
nfnetlink_acct.c nfnetlink_acct: Stop using NLA_PUT*(). 2012-04-01 18:46:29 -04:00
nfnetlink_cthelper.c netfilter: add user-space connection tracking helper infrastructure 2012-06-16 15:40:02 +02:00
nfnetlink_cttimeout.c netfilter: nf_conntrack: add namespace support for cttimeout 2012-06-07 14:58:41 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: Move away from NLMSG_PUT(). 2012-06-26 21:34:03 -07:00
nfnetlink_queue_core.c netfilter: nfnetlink_queue_core: Move away from NLMSG_PUT(). 2012-06-26 21:35:27 -07:00
nfnetlink_queue_ct.c netfilter: nfnetlink_queue: fix sparse warning due to missing include 2012-06-23 02:13:38 +02:00
x_tables.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_addrtype.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_AUDIT.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
xt_connlimit.c netfilter: xt_connlimit: remove revision 0 2012-06-07 14:58:39 +02:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c netfilter: revert a2361c8735 2011-05-10 12:13:36 +02:00
xt_cpu.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_CT.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
xt_dccp.c
xt_devgroup.c netfilter: xtables: add device group match 2011-02-03 00:05:43 +01:00
xt_dscp.c
xt_DSCP.c netfilter: IPv6: fix DSCP mangle code 2011-05-10 10:00:21 +02:00
xt_ecn.c netfilter: xtables: collapse conditions in xt_ecn 2011-12-27 20:45:25 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits 2012-05-17 00:56:31 +02:00
xt_helper.c
xt_hl.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_HL.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_HMARK.c netfilter: xt_HMARK: fix endianness and provide consistent hashing 2012-06-07 14:53:01 +02:00
xt_IDLETIMER.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
xt_iprange.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-04 14:28:58 -08:00
xt_ipvs.c IPVS: netns, use ip_vs_proto_data as param. 2011-01-13 10:30:27 +09:00
xt_LED.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_length.c
xt_limit.c netfilter: limit, hashlimit: avoid duplicated inline 2012-05-09 12:54:06 +02:00
xt_LOG.c netfilter: xt_LOG: use CONFIG_IP6_NF_IPTABLES instead of CONFIG_IPV6 2012-03-22 11:50:56 +01:00
xt_mac.c netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:18 -04:00
xt_mark.c
xt_multiport.c
xt_nfacct.c netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_NFLOG.c
xt_NFQUEUE.c netfilter: NFQUEUE: don't xor src/dst ip address for load distribution 2012-06-07 14:58:42 +02:00
xt_NOTRACK.c
xt_osf.c net,rcu: convert call_rcu(xt_osf_finger_free_rcu) to kfree_rcu() 2011-05-07 22:51:12 -07:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_RATEEST.c net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu() 2011-07-20 14:10:19 -07:00
xt_rateest.c netfilter: xt_rateest: fix xt_rateest_mt_checkentry() 2011-07-29 16:24:46 +02:00
xt_realm.c
xt_recent.c netfilter: xt_recent: add address masking option 2012-06-07 14:58:42 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c netfilter: ipset: fix timeout value overflow bug 2012-05-17 00:56:41 +02:00
xt_socket.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
xt_state.c
xt_statistic.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_string.c
xt_TCPMSS.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_tcpudp.c
xt_TEE.c net: replace percpu_xxx funcs with this_cpu_xxx or __this_cpu_xxx 2012-05-14 14:15:31 -07:00
xt_time.c
xt_TPROXY.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
xt_TRACE.c
xt_u32.c