From 894e2ac82bd0029adce7ad6c8d25501fdd82c994 Mon Sep 17 00:00:00 2001 From: Michal Kubeček Date: Tue, 12 Feb 2013 23:46:09 +0000 Subject: netfilter: nf_ct_reasm: fix per-netns sysctl initialization Adjusting of data pointers in net/netfilter/nf_conntrack_frag6_* sysctl table for other namespaces points to wrong netns_frags structure and has reversed order of entries. Problem introduced by commit c038a767cd69 in 3.7-rc1 Signed-off-by: Michal Kubecek Signed-off-by: Pablo Neira Ayuso --- net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'net/ipv6') diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 3dacecc9906..0156d07d732 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -97,9 +97,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) if (table == NULL) goto err_alloc; - table[0].data = &net->ipv6.frags.high_thresh; - table[1].data = &net->ipv6.frags.low_thresh; - table[2].data = &net->ipv6.frags.timeout; + table[0].data = &net->nf_frag.frags.timeout; + table[1].data = &net->nf_frag.frags.low_thresh; + table[2].data = &net->nf_frag.frags.high_thresh; } hdr = register_net_sysctl(net, "net/netfilter", table); -- cgit v1.2.3-70-g09d2 From 18cf0d0784b4a634472ed24d0d7ca1c721d93e90 Mon Sep 17 00:00:00 2001 From: Romain KUNTZ Date: Mon, 18 Feb 2013 02:36:24 +0000 Subject: xfrm: release neighbor upon dst destruction Neighbor is cloned in xfrm6_fill_dst but seems to never be released. Neighbor entry should be released when XFRM6 dst entry is destroyed in xfrm6_dst_destroy, otherwise references may be kept forever on the device pointed by the neighbor entry. I may not have understood all the subtleties of XFRM & dst so I would be happy to receive comments on this patch. Signed-off-by: Romain Kuntz Signed-off-by: David S. Miller --- net/ipv6/xfrm6_policy.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net/ipv6') diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index c9844135c9c..8f32718677b 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -236,6 +236,8 @@ static void xfrm6_dst_destroy(struct dst_entry *dst) { struct xfrm_dst *xdst = (struct xfrm_dst *)dst; + if (likely(xdst->u.rt6.n)) + neigh_release(xdst->u.rt6.n); if (likely(xdst->u.rt6.rt6i_idev)) in6_dev_put(xdst->u.rt6.rt6i_idev); dst_destroy_metrics_generic(dst); -- cgit v1.2.3-70-g09d2