Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains two Netfilter fixes for your net tree,
they are:

1) Fix memleak from netns release path of conntrack protocol trackers,
   patch from Liping Zhang.

2) Uninitialized flags field in ebt_log, that results in unpredictable
   logging format in ebtables, also from Liping.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --combined net/netfilter/nf_conntrack_proto_sctp.c
index 31c6c8e,4ed976f..6eef29d
--- 1/net/netfilter/nf_conntrack_proto_sctp.c
--- 2/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@@ -190,7 -190,7 +190,7 @@@ static void sctp_print_conntrack(struc
  }
  
  #define for_each_sctp_chunk(skb, sch, _sch, offset, dataoff, count)   \
 -for ((offset) = (dataoff) + sizeof(sctp_sctphdr_t), (count) = 0;      \
 +for ((offset) = (dataoff) + sizeof(struct sctphdr), (count) = 0;      \
        (offset) < (skb)->len &&                                        \
        ((sch) = skb_header_pointer((skb), (offset), sizeof(_sch), &(_sch)));   \
        (offset) += (ntohs((sch)->length) + 3) & ~3, (count)++)
@@@ -202,7 -202,7 +202,7 @@@ static int do_basic_checks(struct nf_co
                           unsigned long *map)
  {
        u_int32_t offset, count;
 -      sctp_chunkhdr_t _sch, *sch;
 +      struct sctp_chunkhdr _sch, *sch;
        int flag;
  
        flag = 0;
@@@ -395,9 -395,9 +395,9 @@@ static int sctp_packet(struct nf_conn *
                /* If it is an INIT or an INIT ACK note down the vtag */
                if (sch->type == SCTP_CID_INIT ||
                    sch->type == SCTP_CID_INIT_ACK) {
 -                      sctp_inithdr_t _inithdr, *ih;
 +                      struct sctp_inithdr _inithdr, *ih;
  
 -                      ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
 +                      ih = skb_header_pointer(skb, offset + sizeof(_sch),
                                                sizeof(_inithdr), &_inithdr);
                        if (ih == NULL)
                                goto out_unlock;
@@@ -471,20 -471,23 +471,20 @@@ static bool sctp_new(struct nf_conn *ct
  
                /* Copy the vtag into the state info */
                if (sch->type == SCTP_CID_INIT) {
 -                      if (sh->vtag == 0) {
 -                              sctp_inithdr_t _inithdr, *ih;
 +                      struct sctp_inithdr _inithdr, *ih;
 +                      /* Sec 8.5.1 (A) */
 +                      if (sh->vtag)
 +                              return false;
  
 -                              ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
 -                                                      sizeof(_inithdr), &_inithdr);
 -                              if (ih == NULL)
 -                                      return false;
 +                      ih = skb_header_pointer(skb, offset + sizeof(_sch),
 +                                              sizeof(_inithdr), &_inithdr);
 +                      if (!ih)
 +                              return false;
  
 -                              pr_debug("Setting vtag %x for new conn\n",
 -                                       ih->init_tag);
 +                      pr_debug("Setting vtag %x for new conn\n",
 +                               ih->init_tag);
  
 -                              ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
 -                                                              ih->init_tag;
 -                      } else {
 -                              /* Sec 8.5.1 (A) */
 -                              return false;
 -                      }
 +                      ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = ih->init_tag;
                } else if (sch->type == SCTP_CID_HEARTBEAT) {
                        pr_debug("Setting vtag %x for secondary conntrack\n",
                                 sh->vtag);
@@@ -783,6 -786,11 +783,11 @@@ static int sctp_init_net(struct net *ne
        return sctp_kmemdup_sysctl_table(pn, sn);
  }
  
+ static struct nf_proto_net *sctp_get_net_proto(struct net *net)
+ {
+       return &net->ct.nf_ct_proto.sctp.pn;
+ }
+ 
  struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
        .l3proto                = PF_INET,
        .l4proto                = IPPROTO_SCTP,
@@@ -816,6 -824,7 +821,7 @@@
        },
  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
        .init_net               = sctp_init_net,
+       .get_net_proto          = sctp_get_net_proto,
  };
  EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_sctp4);
  
@@@ -852,5 -861,6 +858,6 @@@ struct nf_conntrack_l4proto nf_conntrac
  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
  #endif
        .init_net               = sctp_init_net,
+       .get_net_proto          = sctp_get_net_proto,
  };
  EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_sctp6);