Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
David S. Miller [Thu, 25 Mar 2010 18:48:58 +0000 (11:48 -0700)]
include/linux/netfilter_ipv6.h
net/ipv6/netfilter/ip6table_raw.c
net/netfilter/xt_hashlimit.c
net/netfilter/xt_recent.c

index d654873..1f7e300 100644 (file)
@@ -59,6 +59,7 @@
 enum nf_ip6_hook_priorities {
        NF_IP6_PRI_FIRST = INT_MIN,
        NF_IP6_PRI_CONNTRACK_DEFRAG = -400,
+       NF_IP6_PRI_RAW = -300,
        NF_IP6_PRI_SELINUX_FIRST = -225,
        NF_IP6_PRI_CONNTRACK = -200,
        NF_IP6_PRI_MANGLE = -150,
index aef31a2..b9cf7cd 100644 (file)
@@ -13,7 +13,7 @@ static const struct xt_table packet_raw = {
        .valid_hooks = RAW_VALID_HOOKS,
        .me = THIS_MODULE,
        .af = NFPROTO_IPV6,
-       .priority = NF_IP6_PRI_FIRST,
+       .priority = NF_IP6_PRI_RAW,
 };
 
 /* The work comes in here from netfilter.c. */
index 9e9c489..215a648 100644 (file)
@@ -493,6 +493,7 @@ static void hashlimit_ipv6_mask(__be32 *i, unsigned int p)
        case 64 ... 95:
                i[2] = maskl(i[2], p - 64);
                i[3] = 0;
+               break;
        case 96 ... 127:
                i[3] = maskl(i[3], p - 96);
                break;
@@ -879,7 +880,8 @@ static void dl_seq_stop(struct seq_file *s, void *v)
        struct xt_hashlimit_htable *htable = s->private;
        unsigned int *bucket = (unsigned int *)v;
 
-       kfree(bucket);
+       if (!IS_ERR(bucket))
+               kfree(bucket);
        spin_unlock_bh(&htable->lock);
 }
 
index 7073dbb..971d172 100644 (file)
@@ -267,7 +267,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
                for (i = 0; i < e->nstamps; i++) {
                        if (info->seconds && time_after(time, e->stamps[i]))
                                continue;
-                       if (info->hit_count && ++hits >= info->hit_count) {
+                       if (!info->hit_count || ++hits >= info->hit_count) {
                                ret = !ret;
                                break;
                        }