* Fix netfilter CONFIG_COMPAT support.
svn path=/dists/trunk/linux-2.6/; revision=16211
This commit is contained in:
parent
65540e5880
commit
b6c3696b72
|
@ -33,6 +33,9 @@ linux-2.6 (2.6.35-1~experimental.3) UNRELEASED; urgency=low
|
||||||
* Disable Ralink staging drivers, the in-tree ones reached "works-for-me"
|
* Disable Ralink staging drivers, the in-tree ones reached "works-for-me"
|
||||||
status.
|
status.
|
||||||
|
|
||||||
|
[ Aurelien Jarno ]
|
||||||
|
* Fix netfilter CONFIG_COMPAT support.
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Wed, 18 Aug 2010 02:45:21 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Wed, 18 Aug 2010 02:45:21 +0100
|
||||||
|
|
||||||
linux-2.6 (2.6.35-1~experimental.2) experimental; urgency=low
|
linux-2.6 (2.6.35-1~experimental.2) experimental; urgency=low
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
commit cca77b7c81876d819a5806f408b3c29b5b61a815
|
||||||
|
Author: Florian Westphal <fw@strlen.de>
|
||||||
|
Date: Mon Aug 23 14:41:22 2010 -0700
|
||||||
|
|
||||||
|
netfilter: fix CONFIG_COMPAT support
|
||||||
|
|
||||||
|
commit f3c5c1bfd430858d3a05436f82c51e53104feb6b
|
||||||
|
(netfilter: xtables: make ip_tables reentrant) forgot to
|
||||||
|
also compute the jumpstack size in the compat handlers.
|
||||||
|
|
||||||
|
Result is that "iptables -I INPUT -j userchain" turns into -j DROP.
|
||||||
|
|
||||||
|
Reported by Sebastian Roesner on #netfilter, closes
|
||||||
|
http://bugzilla.netfilter.org/show_bug.cgi?id=669.
|
||||||
|
|
||||||
|
Note: arptables change is compile-tested only.
|
||||||
|
|
||||||
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||||
|
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
|
||||||
|
Tested-by: Mikael Pettersson <mikpe@it.uu.se>
|
||||||
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||||
|
|
||||||
|
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
|
||||||
|
index 51d6c31..e8f4f9a 100644
|
||||||
|
--- a/net/ipv4/netfilter/arp_tables.c
|
||||||
|
+++ b/net/ipv4/netfilter/arp_tables.c
|
||||||
|
@@ -1420,6 +1420,9 @@ static int translate_compat_table(const char *name,
|
||||||
|
if (ret != 0)
|
||||||
|
break;
|
||||||
|
++i;
|
||||||
|
+ if (strcmp(arpt_get_target(iter1)->u.user.name,
|
||||||
|
+ XT_ERROR_TARGET) == 0)
|
||||||
|
+ ++newinfo->stacksize;
|
||||||
|
}
|
||||||
|
if (ret) {
|
||||||
|
/*
|
||||||
|
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
|
||||||
|
index 97b64b2..d163f2e 100644
|
||||||
|
--- a/net/ipv4/netfilter/ip_tables.c
|
||||||
|
+++ b/net/ipv4/netfilter/ip_tables.c
|
||||||
|
@@ -1751,6 +1751,9 @@ translate_compat_table(struct net *net,
|
||||||
|
if (ret != 0)
|
||||||
|
break;
|
||||||
|
++i;
|
||||||
|
+ if (strcmp(ipt_get_target(iter1)->u.user.name,
|
||||||
|
+ XT_ERROR_TARGET) == 0)
|
||||||
|
+ ++newinfo->stacksize;
|
||||||
|
}
|
||||||
|
if (ret) {
|
||||||
|
/*
|
||||||
|
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
|
||||||
|
index 29a7bca..8e754be 100644
|
||||||
|
--- a/net/ipv6/netfilter/ip6_tables.c
|
||||||
|
+++ b/net/ipv6/netfilter/ip6_tables.c
|
||||||
|
@@ -1766,6 +1766,9 @@ translate_compat_table(struct net *net,
|
||||||
|
if (ret != 0)
|
||||||
|
break;
|
||||||
|
++i;
|
||||||
|
+ if (strcmp(ip6t_get_target(iter1)->u.user.name,
|
||||||
|
+ XT_ERROR_TARGET) == 0)
|
||||||
|
+ ++newinfo->stacksize;
|
||||||
|
}
|
||||||
|
if (ret) {
|
||||||
|
/*
|
|
@ -0,0 +1 @@
|
||||||
|
+ bugfix/all/netfilter-fix-CONFIG_COMPAT-support.patch
|
Loading…
Reference in New Issue