diff options
| author |   Jakub Kicinski <kuba@kernel.org> | 2025-08-29 18:57:22 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2025-08-29 18:57:23 -0700 |
| commit | c407beb5b883b8b89c9372e588bad5634a30927a (patch) | |
| tree | c45295665e1ebc8723fe136c1db7575ed9b58e55 | |
| parent | netfilter: nft_flowtable.sh: re-run with random mtu sizes (diff) | |
| parent | netfilter: conntrack: helper: Replace -EEXIST by -EBUSY (diff) | |
| download | wireguard-linux-c407beb5b883b8b89c9372e588bad5634a30927a.tar.xz wireguard-linux-c407beb5b883b8b89c9372e588bad5634a30927a.zip | |
Merge tag 'nf-25-08-27' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Florian Westphal says:
====================
netfilter updates for net
1) Remove bogus WARN_ON in br_netfilter that came in 6.8.
This is now more prominent due to
commit 2d72afb34065 ("netfilter: nf_conntrack: fix crash due to
removal of uninitialised entry"). From Wang Liang.
2) Better error reporting when a helper module clashes with
an existing helper name: -EEXIST makes modprobe believe that
the module is already loaded, so error message is elided.
From Phil Sutter.
* tag 'nf-25-08-27' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm
====================
Link: https://patch.msgid.link/20250827133900.16552-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | net/bridge/br_netfilter_hooks.c | 3 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_helper.c | 4 |
2 files changed, 2 insertions, 5 deletions
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 94cbe967d1c1..083e2fe96441 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -626,9 +626,6 @@ static unsigned int br_nf_local_in(void *priv, break; } - ct = container_of(nfct, struct nf_conn, ct_general); - WARN_ON_ONCE(!nf_ct_is_confirmed(ct)); - return ret; } #endif diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 4ed5878cb25b..ceb48c3ca0a4 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -368,7 +368,7 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me) (cur->tuple.src.l3num == NFPROTO_UNSPEC || cur->tuple.src.l3num == me->tuple.src.l3num) && cur->tuple.dst.protonum == me->tuple.dst.protonum) { - ret = -EEXIST; + ret = -EBUSY; goto out; } } @@ -379,7 +379,7 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me) hlist_for_each_entry(cur, &nf_ct_helper_hash[h], hnode) { if (nf_ct_tuple_src_mask_cmp(&cur->tuple, &me->tuple, &mask)) { - ret = -EEXIST; + ret = -EBUSY; goto out; } } |