Merge branch 'master' of git://dev.medozas.de/linux

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index fdd3342c123597a669006ae1f704c2e047e4009e..a0a144a6c6d939f50685350020799e785b21546e 100644 (file)
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -93,8 +93,7 @@ struct _xt_align {
        __u64 u64;
 };
 
-#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1))         \
-                       & ~(__alignof__(struct _xt_align)-1))
+#define XT_ALIGN(s) ALIGN((s), __alignof__(struct _xt_align))
 
 /* Standard return verdict, or do jump. */
 #define XT_STANDARD_TARGET ""
@@ -566,11 +565,7 @@ struct compat_xt_entry_target {
  * current task alignment */
 
 struct compat_xt_counters {
-#if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
-       u_int32_t cnt[4];
-#else
-       u_int64_t cnt[2];
-#endif
+       compat_u64 pcnt, bcnt;                  /* Packet and byte counters */
 };
 
 struct compat_xt_counters_info {
@@ -579,8 +574,14 @@ struct compat_xt_counters_info {
        struct compat_xt_counters counters[0];
 };
 
-#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
-               & ~(__alignof__(struct compat_xt_counters)-1))
+struct _compat_xt_align {
+       __u8 u8;
+       __u16 u16;
+       __u32 u32;
+       compat_u64 u64;
+};
+
+#define COMPAT_XT_ALIGN(s) ALIGN((s), __alignof__(struct _compat_xt_align))
 
 extern void xt_compat_lock(u_int8_t af);
 extern void xt_compat_unlock(u_int8_t af);

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 327c5174440cfec88c2810f3e6a31f70715d000f..5c103b8c7df09c948f82f7f9f57e833ee55f623b 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -708,6 +708,11 @@ ctnetlink_parse_tuple_proto(struct nlattr *attr,
        return ret;
 }
 
+static const struct nla_policy tuple_nla_policy[CTA_TUPLE_MAX+1] = {
+       [CTA_TUPLE_IP]          = { .type = NLA_NESTED },
+       [CTA_TUPLE_PROTO]       = { .type = NLA_NESTED },
+};
+
 static int
 ctnetlink_parse_tuple(const struct nlattr * const cda[],
                      struct nf_conntrack_tuple *tuple,
@@ -718,7 +723,7 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[],
 
        memset(tuple, 0, sizeof(*tuple));
 
-       nla_parse_nested(tb, CTA_TUPLE_MAX, cda[type], NULL);
+       nla_parse_nested(tb, CTA_TUPLE_MAX, cda[type], tuple_nla_policy);
 
        if (!tb[CTA_TUPLE_IP])
                return -EINVAL;
@@ -745,12 +750,16 @@ ctnetlink_parse_tuple(const struct nlattr * const cda[],
        return 0;
 }
 
+static const struct nla_policy help_nla_policy[CTA_HELP_MAX+1] = {
+       [CTA_HELP_NAME]         = { .type = NLA_NUL_STRING },
+};
+
 static inline int
 ctnetlink_parse_help(const struct nlattr *attr, char **helper_name)
 {
        struct nlattr *tb[CTA_HELP_MAX+1];
 
-       nla_parse_nested(tb, CTA_HELP_MAX, attr, NULL);
+       nla_parse_nested(tb, CTA_HELP_MAX, attr, help_nla_policy);
 
        if (!tb[CTA_HELP_NAME])
                return -EINVAL;
@@ -761,11 +770,17 @@ ctnetlink_parse_help(const struct nlattr *attr, char **helper_name)
 }
 
 static const struct nla_policy ct_nla_policy[CTA_MAX+1] = {
+       [CTA_TUPLE_ORIG]        = { .type = NLA_NESTED },
+       [CTA_TUPLE_REPLY]       = { .type = NLA_NESTED },
        [CTA_STATUS]            = { .type = NLA_U32 },
+       [CTA_PROTOINFO]         = { .type = NLA_NESTED },
+       [CTA_HELP]              = { .type = NLA_NESTED },
+       [CTA_NAT_SRC]           = { .type = NLA_NESTED },
        [CTA_TIMEOUT]           = { .type = NLA_U32 },
        [CTA_MARK]              = { .type = NLA_U32 },
-       [CTA_USE]               = { .type = NLA_U32 },
        [CTA_ID]                = { .type = NLA_U32 },
+       [CTA_NAT_DST]           = { .type = NLA_NESTED },
+       [CTA_TUPLE_MASTER]      = { .type = NLA_NESTED },
 };
 
 static int
@@ -1053,6 +1068,12 @@ ctnetlink_change_timeout(struct nf_conn *ct, const struct nlattr * const cda[])
        return 0;
 }
 
+static const struct nla_policy protoinfo_policy[CTA_PROTOINFO_MAX+1] = {
+       [CTA_PROTOINFO_TCP]     = { .type = NLA_NESTED },
+       [CTA_PROTOINFO_DCCP]    = { .type = NLA_NESTED },
+       [CTA_PROTOINFO_SCTP]    = { .type = NLA_NESTED },
+};
+
 static inline int
 ctnetlink_change_protoinfo(struct nf_conn *ct, const struct nlattr * const cda[])
 {
@@ -1061,7 +1082,7 @@ ctnetlink_change_protoinfo(struct nf_conn *ct, const struct nlattr * const cda[]
        struct nf_conntrack_l4proto *l4proto;
        int err = 0;
 
-       nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, NULL);
+       nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, protoinfo_policy);
 
        rcu_read_lock();
        l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
@@ -1073,12 +1094,18 @@ ctnetlink_change_protoinfo(struct nf_conn *ct, const struct nlattr * const cda[]
 }
 
 #ifdef CONFIG_NF_NAT_NEEDED
+static const struct nla_policy nat_seq_policy[CTA_NAT_SEQ_MAX+1] = {
+       [CTA_NAT_SEQ_CORRECTION_POS]    = { .type = NLA_U32 },
+       [CTA_NAT_SEQ_OFFSET_BEFORE]     = { .type = NLA_U32 },
+       [CTA_NAT_SEQ_OFFSET_AFTER]      = { .type = NLA_U32 },
+};
+
 static inline int
 change_nat_seq_adj(struct nf_nat_seq *natseq, const struct nlattr * const attr)
 {
        struct nlattr *cda[CTA_NAT_SEQ_MAX+1];
 
-       nla_parse_nested(cda, CTA_NAT_SEQ_MAX, attr, NULL);
+       nla_parse_nested(cda, CTA_NAT_SEQ_MAX, attr, nat_seq_policy);
 
        if (!cda[CTA_NAT_SEQ_CORRECTION_POS])
                return -EINVAL;
@@ -1648,8 +1675,12 @@ out:
 }
 
 static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
+       [CTA_EXPECT_MASTER]     = { .type = NLA_NESTED },
+       [CTA_EXPECT_TUPLE]      = { .type = NLA_NESTED },
+       [CTA_EXPECT_MASK]       = { .type = NLA_NESTED },
        [CTA_EXPECT_TIMEOUT]    = { .type = NLA_U32 },
        [CTA_EXPECT_ID]         = { .type = NLA_U32 },
+       [CTA_EXPECT_HELP_NAME]  = { .type = NLA_NUL_STRING },
 };
 
 static int

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index dc2e05cb54c088f90c98662b38453825a4b5a6f2..255ab0657ce83ce709db267e0b4c9f28f72a7f45 100644 (file)
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -366,7 +366,7 @@ int xt_check_match(struct xt_mtchk_param *par,
                 * ebt_among is exempt from centralized matchsize checking
                 * because it uses a dynamic-size data set.
                 */
-               pr_err("%s_tables: %s match: invalid size %Zu != %u\n",
+               pr_err("%s_tables: %s match: invalid size %u != %u\n",
                       xt_prefix[par->family], par->match->name,
                       XT_ALIGN(par->match->matchsize), size);
                return -EINVAL;
@@ -516,7 +516,7 @@ int xt_check_target(struct xt_tgchk_param *par,
                    unsigned int size, u_int8_t proto, bool inv_proto)
 {
        if (XT_ALIGN(par->target->targetsize) != size) {
-               pr_err("%s_tables: %s target: invalid size %Zu != %u\n",
+               pr_err("%s_tables: %s target: invalid size %u != %u\n",
                       xt_prefix[par->family], par->target->name,
                       XT_ALIGN(par->target->targetsize), size);
                return -EINVAL;