Pablo Neira Ayuso says:
====================
This small batch contains several Netfilter fixes for your net-next
tree, more specifically:
* Fix compilation warning in nft_ct in NF_CONNTRACK_MARK is not set,
from Kristian Evensen.
* Add dependency to IPV6 for NF_TABLES_INET. This one has been reported
by the several robots that are testing .config combinations, from Paul
Gortmaker.
* Fix default base chain policy setting in nf_tables, from myself.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
To compile it as a module, choose M here.
config NF_TABLES_INET
- depends on NF_TABLES
+ depends on NF_TABLES && IPV6
select NF_TABLES_IPV4
select NF_TABLES_IPV6
tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support"
nla[NFTA_CHAIN_HOOK] == NULL)
return -EOPNOTSUPP;
- policy = nla_get_be32(nla[NFTA_CHAIN_POLICY]);
+ policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY]));
switch (policy) {
case NF_DROP:
case NF_ACCEPT:
{
const struct nft_ct *priv = nft_expr_priv(expr);
struct sk_buff *skb = pkt->skb;
+#ifdef CONFIG_NF_CONNTRACK_MARK
u32 value = data[priv->sreg].data[0];
+#endif
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
projects / kernel / kernel-generic.git / commitdiff