diff options
| author | David S. Miller <davem@davemloft.net> | 2014-04-06 11:29:59 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-04-06 11:29:59 -0400 |
| commit | d80e773f16f66a610e04f6875d4da84e74a8fb6c (patch) | |
| tree | 5734eaa39c94ee47fddd8b9077de93c5b0267d0d /net/bridge/netfilter/ebtables.c | |
| parent | 00aefceb2fffcf4ea2fbc97ef5d4f79ef2668ecc (diff) | |
| parent | c58dd2dd443c26d856a168db108a0cd11c285bf3 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
The following patchset contains Netfilter fixes for your net tree, they
are:
* Use 16-bits offset and length fields instead of 8-bits in the conntrack
extension to avoid an overflow when many conntrack extension are used,
from Andrey Vagin.
* Allow to use cgroup match from LOCAL_IN, there is no apparent reason
for not allowing this, from Alexey Perevalov.
* Fix build of the connlimit match after recent changes to let it scale
up that result in a divide by zero compilation error in UP, from
Florian Westphal.
* Move the lock out of the structure connlimit_data to avoid a false
sharing spotted by Eric Dumazet and Jesper D. Brouer, this needed as
part of the recent connlimit scalability improvements, also from
Florian Westphal.
* Add missing module aliases in xt_osf to fix loading of rules using
this match, from Kirill Tkhai.
* Restrict set names in nf_tables to 15 characters instead of silently
trimming them off, from me.
* Fix wrong format in nf_tables request module call for chain types,
spotted by Florian Westphal, patch from me.
* Fix crash in xtables when it fails to copy the counters back to userspace
after having replaced the table already.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/netfilter/ebtables.c')
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 0e474b13463..1059ed3bc25 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1044,10 +1044,9 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl, if (repl->num_counters && copy_to_user(repl->counters, counterstmp, repl->num_counters * sizeof(struct ebt_counter))) { - ret = -EFAULT; + /* Silent error, can't fail, new table is already in place */ + net_warn_ratelimited("ebtables: counters copy to user failed while replacing table\n"); } - else - ret = 0; /* decrease module count and free resources */ EBT_ENTRY_ITERATE(table->entries, table->entries_size, |