aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2018-09-13 01:22:42 -0400
committerDavid S. Miller <davem@davemloft.net>2018-09-13 01:22:42 -0400
commitaaf9253025e80cf8f62d7b33670e84e838eec5a3 (patch)
treef13b307c8407cc05ff803c4d7f6a0967d85ce3ec /net
parenta20625e49ddefc250c221478fb0dc62ea27722a6 (diff)
parent7428b2e5d0b195f2a5e40f91d2b41a8503fcfe68 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'net')
-rw-r--r--net/core/skbuff.c3
-rw-r--r--net/ipv4/ip_fragment.c1
-rw-r--r--net/ipv4/ip_gre.c5
-rw-r--r--net/ipv4/netfilter/Kconfig8
-rw-r--r--net/ipv4/tcp.c2
-rw-r--r--net/ipv4/tcp_input.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c1
-rw-r--r--net/iucv/af_iucv.c38
-rw-r--r--net/iucv/iucv.c2
-rw-r--r--net/netfilter/Kconfig12
-rw-r--r--net/netfilter/nf_conntrack_proto.c26
-rw-r--r--net/netfilter/nf_conntrack_proto_dccp.c19
-rw-r--r--net/netfilter/nf_conntrack_proto_generic.c8
-rw-r--r--net/netfilter/nf_conntrack_proto_gre.c8
-rw-r--r--net/netfilter/nf_conntrack_proto_icmp.c8
-rw-r--r--net/netfilter/nf_conntrack_proto_icmpv6.c8
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c21
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c19
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c21
-rw-r--r--net/netfilter/nf_tables_api.c1
-rw-r--r--net/netfilter/nfnetlink_cttimeout.c6
-rw-r--r--net/netfilter/nfnetlink_queue.c1
-rw-r--r--net/netfilter/nft_ct.c59
-rw-r--r--net/netfilter/xt_CHECKSUM.c22
-rw-r--r--net/netfilter/xt_cluster.c14
-rw-r--r--net/netfilter/xt_hashlimit.c18
-rw-r--r--net/rds/bind.c5
-rw-r--r--net/sched/act_tunnel_key.c28
-rw-r--r--net/tipc/netlink_compat.c5
-rw-r--r--net/tipc/socket.c18
-rw-r--r--net/tipc/socket.h1
-rw-r--r--net/tls/tls_sw.c6
32 files changed, 262 insertions, 136 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index c996c09d095f..b2c807f67aba 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -939,9 +939,6 @@ struct ubuf_info *sock_zerocopy_alloc(struct sock *sk, size_t size)
939 939
940 WARN_ON_ONCE(!in_task()); 940 WARN_ON_ONCE(!in_task());
941 941
942 if (!sock_flag(sk, SOCK_ZEROCOPY))
943 return NULL;
944
945 skb = sock_omalloc(sk, 0, GFP_KERNEL); 942 skb = sock_omalloc(sk, 0, GFP_KERNEL);
946 if (!skb) 943 if (!skb)
947 return NULL; 944 return NULL;
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index cab3e4a5124b..da930b01a147 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -602,6 +602,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *skb,
602 nextp = &fp->next; 602 nextp = &fp->next;
603 fp->prev = NULL; 603 fp->prev = NULL;
604 memset(&fp->rbnode, 0, sizeof(fp->rbnode)); 604 memset(&fp->rbnode, 0, sizeof(fp->rbnode));
605 fp->sk = NULL;
605 head->data_len += fp->len; 606 head->data_len += fp->len;
606 head->len += fp->len; 607 head->len += fp->len;
607 if (head->ip_summed != fp->ip_summed) 608 if (head->ip_summed != fp->ip_summed)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index ae714aecc31c..8cce0e9ea08c 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -178,6 +178,9 @@ static void ipgre_err(struct sk_buff *skb, u32 info,
178 178
179 if (tpi->proto == htons(ETH_P_TEB)) 179 if (tpi->proto == htons(ETH_P_TEB))
180 itn = net_generic(net, gre_tap_net_id); 180 itn = net_generic(net, gre_tap_net_id);
181 else if (tpi->proto == htons(ETH_P_ERSPAN) ||
182 tpi->proto == htons(ETH_P_ERSPAN2))
183 itn = net_generic(net, erspan_net_id);
181 else 184 else
182 itn = net_generic(net, ipgre_net_id); 185 itn = net_generic(net, ipgre_net_id);
183 186
@@ -328,6 +331,8 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
328 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error); 331 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
329 return PACKET_RCVD; 332 return PACKET_RCVD;
330 } 333 }
334 return PACKET_REJECT;
335
331drop: 336drop:
332 kfree_skb(skb); 337 kfree_skb(skb);
333 return PACKET_RCVD; 338 return PACKET_RCVD;
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index d9504adc47b3..184bf2e0a1ed 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -106,6 +106,10 @@ config NF_NAT_IPV4
106 106
107if NF_NAT_IPV4 107if NF_NAT_IPV4
108 108
109config NF_NAT_MASQUERADE_IPV4
110 bool
111
112if NF_TABLES
109config NFT_CHAIN_NAT_IPV4 113config NFT_CHAIN_NAT_IPV4
110 depends on NF_TABLES_IPV4 114 depends on NF_TABLES_IPV4
111 tristate "IPv4 nf_tables nat chain support" 115 tristate "IPv4 nf_tables nat chain support"
@@ -115,9 +119,6 @@ config NFT_CHAIN_NAT_IPV4
115 packet transformations such as the source, destination address and 119 packet transformations such as the source, destination address and
116 source and destination ports. 120 source and destination ports.
117 121
118config NF_NAT_MASQUERADE_IPV4
119 bool
120
121config NFT_MASQ_IPV4 122config NFT_MASQ_IPV4
122 tristate "IPv4 masquerading support for nf_tables" 123 tristate "IPv4 masquerading support for nf_tables"
123 depends on NF_TABLES_IPV4 124 depends on NF_TABLES_IPV4
@@ -135,6 +136,7 @@ config NFT_REDIR_IPV4
135 help 136 help
136 This is the expression that provides IPv4 redirect support for 137 This is the expression that provides IPv4 redirect support for
137 nf_tables. 138 nf_tables.
139endif # NF_TABLES
138 140
139config NF_NAT_SNMP_BASIC 141config NF_NAT_SNMP_BASIC
140 tristate "Basic SNMP-ALG support" 142 tristate "Basic SNMP-ALG support"
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 8c4235c098fd..67670fac7c8d 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1185,7 +1185,7 @@ int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size)
1185 1185
1186 flags = msg->msg_flags; 1186 flags = msg->msg_flags;
1187 1187
1188 if (flags & MSG_ZEROCOPY && size) { 1188 if (flags & MSG_ZEROCOPY && size && sock_flag(sk, SOCK_ZEROCOPY)) {
1189 if (sk->sk_state != TCP_ESTABLISHED) { 1189 if (sk->sk_state != TCP_ESTABLISHED) {
1190 err = -EINVAL; 1190 err = -EINVAL;
1191 goto out_err; 1191 goto out_err;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 62508a2f9b21..d9034073138c 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6380,8 +6380,8 @@ static bool tcp_syn_flood_action(const struct sock *sk,
6380 if (!queue->synflood_warned && 6380 if (!queue->synflood_warned &&
6381 net->ipv4.sysctl_tcp_syncookies != 2 && 6381 net->ipv4.sysctl_tcp_syncookies != 2 &&
6382 xchg(&queue->synflood_warned, 1) == 0) 6382 xchg(&queue->synflood_warned, 1) == 0)
6383 pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", 6383 net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
6384 proto, ntohs(tcp_hdr(skb)->dest), msg); 6384 proto, ntohs(tcp_hdr(skb)->dest), msg);
6385 6385
6386 return want_cookie; 6386 return want_cookie;
6387} 6387}
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 00e20004d241..b8ac369f98ad 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -445,6 +445,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff *prev, struct net_devic
445 else if (head->ip_summed == CHECKSUM_COMPLETE) 445 else if (head->ip_summed == CHECKSUM_COMPLETE)
446 head->csum = csum_add(head->csum, fp->csum); 446 head->csum = csum_add(head->csum, fp->csum);
447 head->truesize += fp->truesize; 447 head->truesize += fp->truesize;
448 fp->sk = NULL;
448 } 449 }
449 sub_frag_mem_limit(fq->q.net, head->truesize); 450 sub_frag_mem_limit(fq->q.net, head->truesize);
450 451
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index a21d8ed0a325..e2f16a0173a9 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -351,20 +351,28 @@ static int afiucv_hs_send(struct iucv_message *imsg, struct sock *sock,
351 memcpy(&phs_hdr->iucv_hdr, imsg, sizeof(struct iucv_message)); 351 memcpy(&phs_hdr->iucv_hdr, imsg, sizeof(struct iucv_message));
352 352
353 skb->dev = iucv->hs_dev; 353 skb->dev = iucv->hs_dev;
354 if (!skb->dev) 354 if (!skb->dev) {
355 return -ENODEV; 355 err = -ENODEV;
356 if (!(skb->dev->flags & IFF_UP) || !netif_carrier_ok(skb->dev)) 356 goto err_free;
357 return -ENETDOWN; 357 }
358 if (!(skb->dev->flags & IFF_UP) || !netif_carrier_ok(skb->dev)) {
359 err = -ENETDOWN;
360 goto err_free;
361 }
358 if (skb->len > skb->dev->mtu) { 362 if (skb->len > skb->dev->mtu) {
359 if (sock->sk_type == SOCK_SEQPACKET) 363 if (sock->sk_type == SOCK_SEQPACKET) {
360 return -EMSGSIZE; 364 err = -EMSGSIZE;
361 else 365 goto err_free;
362 skb_trim(skb, skb->dev->mtu); 366 }
367 skb_trim(skb, skb->dev->mtu);
363 } 368 }
364 skb->protocol = cpu_to_be16(ETH_P_AF_IUCV); 369 skb->protocol = cpu_to_be16(ETH_P_AF_IUCV);
365 nskb = skb_clone(skb, GFP_ATOMIC); 370 nskb = skb_clone(skb, GFP_ATOMIC);
366 if (!nskb) 371 if (!nskb) {
367 return -ENOMEM; 372 err = -ENOMEM;
373 goto err_free;
374 }
375
368 skb_queue_tail(&iucv->send_skb_q, nskb); 376 skb_queue_tail(&iucv->send_skb_q, nskb);
369 err = dev_queue_xmit(skb); 377 err = dev_queue_xmit(skb);
370 if (net_xmit_eval(err)) { 378 if (net_xmit_eval(err)) {
@@ -375,6 +383,10 @@ static int afiucv_hs_send(struct iucv_message *imsg, struct sock *sock,
375 WARN_ON(atomic_read(&iucv->msg_recv) < 0); 383 WARN_ON(atomic_read(&iucv->msg_recv) < 0);
376 } 384 }
377 return net_xmit_eval(err); 385 return net_xmit_eval(err);
386
387err_free:
388 kfree_skb(skb);
389 return err;
378} 390}
379 391
380static struct sock *__iucv_get_sock_by_name(char *nm) 392static struct sock *__iucv_get_sock_by_name(char *nm)
@@ -1167,7 +1179,7 @@ static int iucv_sock_sendmsg(struct socket *sock, struct msghdr *msg,
1167 err = afiucv_hs_send(&txmsg, sk, skb, 0); 1179 err = afiucv_hs_send(&txmsg, sk, skb, 0);
1168 if (err) { 1180 if (err) {
1169 atomic_dec(&iucv->msg_sent); 1181 atomic_dec(&iucv->msg_sent);
1170 goto fail; 1182 goto out;
1171 } 1183 }
1172 } else { /* Classic VM IUCV transport */ 1184 } else { /* Classic VM IUCV transport */
1173 skb_queue_tail(&iucv->send_skb_q, skb); 1185 skb_queue_tail(&iucv->send_skb_q, skb);
@@ -2155,8 +2167,8 @@ static int afiucv_hs_rcv(struct sk_buff *skb, struct net_device *dev,
2155 struct sock *sk; 2167 struct sock *sk;
2156 struct iucv_sock *iucv; 2168 struct iucv_sock *iucv;
2157 struct af_iucv_trans_hdr *trans_hdr; 2169 struct af_iucv_trans_hdr *trans_hdr;
2170 int err = NET_RX_SUCCESS;
2158 char nullstring[8]; 2171 char nullstring[8];
2159 int err = 0;
2160 2172
2161 if (skb->len < (ETH_HLEN + sizeof(struct af_iucv_trans_hdr))) { 2173 if (skb->len < (ETH_HLEN + sizeof(struct af_iucv_trans_hdr))) {
2162 WARN_ONCE(1, "AF_IUCV too short skb, len=%d, min=%d", 2174 WARN_ONCE(1, "AF_IUCV too short skb, len=%d, min=%d",
@@ -2254,7 +2266,7 @@ static int afiucv_hs_rcv(struct sk_buff *skb, struct net_device *dev,
2254 err = afiucv_hs_callback_rx(sk, skb); 2266 err = afiucv_hs_callback_rx(sk, skb);
2255 break; 2267 break;
2256 default: 2268 default:
2257 ; 2269 kfree_skb(skb);
2258 } 2270 }
2259 2271
2260 return err; 2272 return err;
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index 8f7ef167c45a..eb502c6290c2 100644
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -1874,7 +1874,7 @@ static void iucv_pm_complete(struct device *dev)
1874 * Returns 0 if there are still iucv pathes defined 1874 * Returns 0 if there are still iucv pathes defined
1875 * 1 if there are no iucv pathes defined 1875 * 1 if there are no iucv pathes defined
1876 */ 1876 */
1877int iucv_path_table_empty(void) 1877static int iucv_path_table_empty(void)
1878{ 1878{
1879 int i; 1879 int i;
1880 1880
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 71709c104081..f61c306de1d0 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -771,13 +771,13 @@ config NETFILTER_XT_TARGET_CHECKSUM
771 depends on NETFILTER_ADVANCED 771 depends on NETFILTER_ADVANCED
772 ---help--- 772 ---help---
773 This option adds a `CHECKSUM' target, which can be used in the iptables mangle 773 This option adds a `CHECKSUM' target, which can be used in the iptables mangle
774 table. 774 table to work around buggy DHCP clients in virtualized environments.
775 775
776 You can use this target to compute and fill in the checksum in 776 Some old DHCP clients drop packets because they are not aware
777 a packet that lacks a checksum. This is particularly useful, 777 that the checksum would normally be offloaded to hardware and
778 if you need to work around old applications such as dhcp clients, 778 thus should be considered valid.
779 that do not work well with checksum offloads, but don't want to disable 779 This target can be used to fill in the checksum using iptables
780 checksum offload in your device. 780 when such packets are sent via a virtual network device.
781 781
782 To compile it as a module, choose M here. If unsure, say N. 782 To compile it as a module, choose M here. If unsure, say N.
783 783
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 9f14b0df6960..51c5d7eec0a3 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -776,9 +776,26 @@ static const struct nf_hook_ops ipv6_conntrack_ops[] = {
776}; 776};
777#endif 777#endif
778 778
779static int nf_ct_tcp_fixup(struct nf_conn *ct, void *_nfproto)
780{
781 u8 nfproto = (unsigned long)_nfproto;
782
783 if (nf_ct_l3num(ct) != nfproto)
784 return 0;
785
786 if (nf_ct_protonum(ct) == IPPROTO_TCP &&
787 ct->proto.tcp.state == TCP_CONNTRACK_ESTABLISHED) {
788 ct->proto.tcp.seen[0].td_maxwin = 0;
789 ct->proto.tcp.seen[1].td_maxwin = 0;
790 }
791
792 return 0;
793}
794
779static int nf_ct_netns_do_get(struct net *net, u8 nfproto) 795static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
780{ 796{
781 struct nf_conntrack_net *cnet = net_generic(net, nf_conntrack_net_id); 797 struct nf_conntrack_net *cnet = net_generic(net, nf_conntrack_net_id);
798 bool fixup_needed = false;
782 int err = 0; 799 int err = 0;
783 800
784 mutex_lock(&nf_ct_proto_mutex); 801 mutex_lock(&nf_ct_proto_mutex);
@@ -798,6 +815,8 @@ static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
798 ARRAY_SIZE(ipv4_conntrack_ops)); 815 ARRAY_SIZE(ipv4_conntrack_ops));
799 if (err) 816 if (err)
800 cnet->users4 = 0; 817 cnet->users4 = 0;
818 else
819 fixup_needed = true;
801 break; 820 break;
802#if IS_ENABLED(CONFIG_IPV6) 821#if IS_ENABLED(CONFIG_IPV6)
803 case NFPROTO_IPV6: 822 case NFPROTO_IPV6:
@@ -814,6 +833,8 @@ static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
814 ARRAY_SIZE(ipv6_conntrack_ops)); 833 ARRAY_SIZE(ipv6_conntrack_ops));
815 if (err) 834 if (err)
816 cnet->users6 = 0; 835 cnet->users6 = 0;
836 else
837 fixup_needed = true;
817 break; 838 break;
818#endif 839#endif
819 default: 840 default:
@@ -822,6 +843,11 @@ static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
822 } 843 }
823 out_unlock: 844 out_unlock:
824 mutex_unlock(&nf_ct_proto_mutex); 845 mutex_unlock(&nf_ct_proto_mutex);
846
847 if (fixup_needed)
848 nf_ct_iterate_cleanup_net(net, nf_ct_tcp_fixup,
849 (void *)(unsigned long)nfproto, 0, 0);
850
825 return err; 851 return err;
826} 852}
827 853
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
index 8c58f96b59e7..f3f91ed2c21a 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -675,7 +675,7 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
675} 675}
676#endif 676#endif
677 677
678#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 678#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
679 679
680#include <linux/netfilter/nfnetlink.h> 680#include <linux/netfilter/nfnetlink.h>
681#include <linux/netfilter/nfnetlink_cttimeout.h> 681#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -697,6 +697,8 @@ static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[],
697 timeouts[i] = ntohl(nla_get_be32(tb[i])) * HZ; 697 timeouts[i] = ntohl(nla_get_be32(tb[i])) * HZ;
698 } 698 }
699 } 699 }
700
701 timeouts[CTA_TIMEOUT_DCCP_UNSPEC] = timeouts[CTA_TIMEOUT_DCCP_REQUEST];
700 return 0; 702 return 0;
701} 703}
702 704
@@ -726,7 +728,7 @@ dccp_timeout_nla_policy[CTA_TIMEOUT_DCCP_MAX+1] = {
726 [CTA_TIMEOUT_DCCP_CLOSING] = { .type = NLA_U32 }, 728 [CTA_TIMEOUT_DCCP_CLOSING] = { .type = NLA_U32 },
727 [CTA_TIMEOUT_DCCP_TIMEWAIT] = { .type = NLA_U32 }, 729 [CTA_TIMEOUT_DCCP_TIMEWAIT] = { .type = NLA_U32 },
728}; 730};
729#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 731#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
730 732
731#ifdef CONFIG_SYSCTL 733#ifdef CONFIG_SYSCTL
732/* template, data assigned later */ 734/* template, data assigned later */
@@ -827,6 +829,11 @@ static int dccp_init_net(struct net *net, u_int16_t proto)
827 dn->dccp_timeout[CT_DCCP_CLOSEREQ] = 64 * HZ; 829 dn->dccp_timeout[CT_DCCP_CLOSEREQ] = 64 * HZ;
828 dn->dccp_timeout[CT_DCCP_CLOSING] = 64 * HZ; 830 dn->dccp_timeout[CT_DCCP_CLOSING] = 64 * HZ;
829 dn->dccp_timeout[CT_DCCP_TIMEWAIT] = 2 * DCCP_MSL; 831 dn->dccp_timeout[CT_DCCP_TIMEWAIT] = 2 * DCCP_MSL;
832
833 /* timeouts[0] is unused, make it same as SYN_SENT so
834 * ->timeouts[0] contains 'new' timeout, like udp or icmp.
835 */
836 dn->dccp_timeout[CT_DCCP_NONE] = dn->dccp_timeout[CT_DCCP_REQUEST];
830 } 837 }
831 838
832 return dccp_kmemdup_sysctl_table(net, pn, dn); 839 return dccp_kmemdup_sysctl_table(net, pn, dn);
@@ -856,7 +863,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp4 = {
856 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 863 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
857 .nla_policy = nf_ct_port_nla_policy, 864 .nla_policy = nf_ct_port_nla_policy,
858#endif 865#endif
859#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 866#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
860 .ctnl_timeout = { 867 .ctnl_timeout = {
861 .nlattr_to_obj = dccp_timeout_nlattr_to_obj, 868 .nlattr_to_obj = dccp_timeout_nlattr_to_obj,
862 .obj_to_nlattr = dccp_timeout_obj_to_nlattr, 869 .obj_to_nlattr = dccp_timeout_obj_to_nlattr,
@@ -864,7 +871,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp4 = {
864 .obj_size = sizeof(unsigned int) * CT_DCCP_MAX, 871 .obj_size = sizeof(unsigned int) * CT_DCCP_MAX,
865 .nla_policy = dccp_timeout_nla_policy, 872 .nla_policy = dccp_timeout_nla_policy,
866 }, 873 },
867#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 874#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
868 .init_net = dccp_init_net, 875 .init_net = dccp_init_net,
869 .get_net_proto = dccp_get_net_proto, 876 .get_net_proto = dccp_get_net_proto,
870}; 877};
@@ -889,7 +896,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp6 = {
889 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 896 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
890 .nla_policy = nf_ct_port_nla_policy, 897 .nla_policy = nf_ct_port_nla_policy,
891#endif 898#endif
892#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 899#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
893 .ctnl_timeout = { 900 .ctnl_timeout = {
894 .nlattr_to_obj = dccp_timeout_nlattr_to_obj, 901 .nlattr_to_obj = dccp_timeout_nlattr_to_obj,
895 .obj_to_nlattr = dccp_timeout_obj_to_nlattr, 902 .obj_to_nlattr = dccp_timeout_obj_to_nlattr,
@@ -897,7 +904,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp6 = {
897 .obj_size = sizeof(unsigned int) * CT_DCCP_MAX, 904 .obj_size = sizeof(unsigned int) * CT_DCCP_MAX,
898 .nla_policy = dccp_timeout_nla_policy, 905 .nla_policy = dccp_timeout_nla_policy,
899 }, 906 },
900#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 907#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
901 .init_net = dccp_init_net, 908 .init_net = dccp_init_net,
902 .get_net_proto = dccp_get_net_proto, 909 .get_net_proto = dccp_get_net_proto,
903}; 910};
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index ac4a0b296dcd..1df3244ecd07 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -70,7 +70,7 @@ static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb,
70 return ret; 70 return ret;
71} 71}
72 72
73#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 73#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
74 74
75#include <linux/netfilter/nfnetlink.h> 75#include <linux/netfilter/nfnetlink.h>
76#include <linux/netfilter/nfnetlink_cttimeout.h> 76#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -113,7 +113,7 @@ static const struct nla_policy
113generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = { 113generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
114 [CTA_TIMEOUT_GENERIC_TIMEOUT] = { .type = NLA_U32 }, 114 [CTA_TIMEOUT_GENERIC_TIMEOUT] = { .type = NLA_U32 },
115}; 115};
116#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 116#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
117 117
118#ifdef CONFIG_SYSCTL 118#ifdef CONFIG_SYSCTL
119static struct ctl_table generic_sysctl_table[] = { 119static struct ctl_table generic_sysctl_table[] = {
@@ -164,7 +164,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
164 .pkt_to_tuple = generic_pkt_to_tuple, 164 .pkt_to_tuple = generic_pkt_to_tuple,
165 .packet = generic_packet, 165 .packet = generic_packet,
166 .new = generic_new, 166 .new = generic_new,
167#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 167#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
168 .ctnl_timeout = { 168 .ctnl_timeout = {
169 .nlattr_to_obj = generic_timeout_nlattr_to_obj, 169 .nlattr_to_obj = generic_timeout_nlattr_to_obj,
170 .obj_to_nlattr = generic_timeout_obj_to_nlattr, 170 .obj_to_nlattr = generic_timeout_obj_to_nlattr,
@@ -172,7 +172,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
172 .obj_size = sizeof(unsigned int), 172 .obj_size = sizeof(unsigned int),
173 .nla_policy = generic_timeout_nla_policy, 173 .nla_policy = generic_timeout_nla_policy,
174 }, 174 },
175#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 175#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
176 .init_net = generic_init_net, 176 .init_net = generic_init_net,
177 .get_net_proto = generic_get_net_proto, 177 .get_net_proto = generic_get_net_proto,
178}; 178};
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index d1632252bf5b..650eb4fba2c5 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -285,7 +285,7 @@ static void gre_destroy(struct nf_conn *ct)
285 nf_ct_gre_keymap_destroy(master); 285 nf_ct_gre_keymap_destroy(master);
286} 286}
287 287
288#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 288#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
289 289
290#include <linux/netfilter/nfnetlink.h> 290#include <linux/netfilter/nfnetlink.h>
291#include <linux/netfilter/nfnetlink_cttimeout.h> 291#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -334,7 +334,7 @@ gre_timeout_nla_policy[CTA_TIMEOUT_GRE_MAX+1] = {
334 [CTA_TIMEOUT_GRE_UNREPLIED] = { .type = NLA_U32 }, 334 [CTA_TIMEOUT_GRE_UNREPLIED] = { .type = NLA_U32 },
335 [CTA_TIMEOUT_GRE_REPLIED] = { .type = NLA_U32 }, 335 [CTA_TIMEOUT_GRE_REPLIED] = { .type = NLA_U32 },
336}; 336};
337#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 337#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
338 338
339static int gre_init_net(struct net *net, u_int16_t proto) 339static int gre_init_net(struct net *net, u_int16_t proto)
340{ 340{
@@ -367,7 +367,7 @@ static const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre4 = {
367 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 367 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
368 .nla_policy = nf_ct_port_nla_policy, 368 .nla_policy = nf_ct_port_nla_policy,
369#endif 369#endif
370#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 370#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
371 .ctnl_timeout = { 371 .ctnl_timeout = {
372 .nlattr_to_obj = gre_timeout_nlattr_to_obj, 372 .nlattr_to_obj = gre_timeout_nlattr_to_obj,
373 .obj_to_nlattr = gre_timeout_obj_to_nlattr, 373 .obj_to_nlattr = gre_timeout_obj_to_nlattr,
@@ -375,7 +375,7 @@ static const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre4 = {
375 .obj_size = sizeof(unsigned int) * GRE_CT_MAX, 375 .obj_size = sizeof(unsigned int) * GRE_CT_MAX,
376 .nla_policy = gre_timeout_nla_policy, 376 .nla_policy = gre_timeout_nla_policy,
377 }, 377 },
378#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 378#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
379 .net_id = &proto_gre_net_id, 379 .net_id = &proto_gre_net_id,
380 .init_net = gre_init_net, 380 .init_net = gre_init_net,
381}; 381};
diff --git a/net/netfilter/nf_conntrack_proto_icmp.c b/net/netfilter/nf_conntrack_proto_icmp.c
index 036670b38282..43c7e1a217b9 100644
--- a/net/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/netfilter/nf_conntrack_proto_icmp.c
@@ -273,7 +273,7 @@ static unsigned int icmp_nlattr_tuple_size(void)
273} 273}
274#endif 274#endif
275 275
276#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 276#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
277 277
278#include <linux/netfilter/nfnetlink.h> 278#include <linux/netfilter/nfnetlink.h>
279#include <linux/netfilter/nfnetlink_cttimeout.h> 279#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -313,7 +313,7 @@ static const struct nla_policy
313icmp_timeout_nla_policy[CTA_TIMEOUT_ICMP_MAX+1] = { 313icmp_timeout_nla_policy[CTA_TIMEOUT_ICMP_MAX+1] = {
314 [CTA_TIMEOUT_ICMP_TIMEOUT] = { .type = NLA_U32 }, 314 [CTA_TIMEOUT_ICMP_TIMEOUT] = { .type = NLA_U32 },
315}; 315};
316#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 316#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
317 317
318#ifdef CONFIG_SYSCTL 318#ifdef CONFIG_SYSCTL
319static struct ctl_table icmp_sysctl_table[] = { 319static struct ctl_table icmp_sysctl_table[] = {
@@ -374,7 +374,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
374 .nlattr_to_tuple = icmp_nlattr_to_tuple, 374 .nlattr_to_tuple = icmp_nlattr_to_tuple,
375 .nla_policy = icmp_nla_policy, 375 .nla_policy = icmp_nla_policy,
376#endif 376#endif
377#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 377#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
378 .ctnl_timeout = { 378 .ctnl_timeout = {
379 .nlattr_to_obj = icmp_timeout_nlattr_to_obj, 379 .nlattr_to_obj = icmp_timeout_nlattr_to_obj,
380 .obj_to_nlattr = icmp_timeout_obj_to_nlattr, 380 .obj_to_nlattr = icmp_timeout_obj_to_nlattr,
@@ -382,7 +382,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
382 .obj_size = sizeof(unsigned int), 382 .obj_size = sizeof(unsigned int),
383 .nla_policy = icmp_timeout_nla_policy, 383 .nla_policy = icmp_timeout_nla_policy,
384 }, 384 },
385#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 385#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
386 .init_net = icmp_init_net, 386 .init_net = icmp_init_net,
387 .get_net_proto = icmp_get_net_proto, 387 .get_net_proto = icmp_get_net_proto,
388}; 388};
diff --git a/net/netfilter/nf_conntrack_proto_icmpv6.c b/net/netfilter/nf_conntrack_proto_icmpv6.c
index bed07b998a10..97e40f77d678 100644
--- a/net/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/netfilter/nf_conntrack_proto_icmpv6.c
@@ -274,7 +274,7 @@ static unsigned int icmpv6_nlattr_tuple_size(void)
274} 274}
275#endif 275#endif
276 276
277#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 277#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
278 278
279#include <linux/netfilter/nfnetlink.h> 279#include <linux/netfilter/nfnetlink.h>
280#include <linux/netfilter/nfnetlink_cttimeout.h> 280#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -314,7 +314,7 @@ static const struct nla_policy
314icmpv6_timeout_nla_policy[CTA_TIMEOUT_ICMPV6_MAX+1] = { 314icmpv6_timeout_nla_policy[CTA_TIMEOUT_ICMPV6_MAX+1] = {
315 [CTA_TIMEOUT_ICMPV6_TIMEOUT] = { .type = NLA_U32 }, 315 [CTA_TIMEOUT_ICMPV6_TIMEOUT] = { .type = NLA_U32 },
316}; 316};
317#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 317#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
318 318
319#ifdef CONFIG_SYSCTL 319#ifdef CONFIG_SYSCTL
320static struct ctl_table icmpv6_sysctl_table[] = { 320static struct ctl_table icmpv6_sysctl_table[] = {
@@ -373,7 +373,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
373 .nlattr_to_tuple = icmpv6_nlattr_to_tuple, 373 .nlattr_to_tuple = icmpv6_nlattr_to_tuple,
374 .nla_policy = icmpv6_nla_policy, 374 .nla_policy = icmpv6_nla_policy,
375#endif 375#endif
376#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 376#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
377 .ctnl_timeout = { 377 .ctnl_timeout = {
378 .nlattr_to_obj = icmpv6_timeout_nlattr_to_obj, 378 .nlattr_to_obj = icmpv6_timeout_nlattr_to_obj,
379 .obj_to_nlattr = icmpv6_timeout_obj_to_nlattr, 379 .obj_to_nlattr = icmpv6_timeout_obj_to_nlattr,
@@ -381,7 +381,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
381 .obj_size = sizeof(unsigned int), 381 .obj_size = sizeof(unsigned int),
382 .nla_policy = icmpv6_timeout_nla_policy, 382 .nla_policy = icmpv6_timeout_nla_policy,
383 }, 383 },
384#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 384#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
385 .init_net = icmpv6_init_net, 385 .init_net = icmpv6_init_net,
386 .get_net_proto = icmpv6_get_net_proto, 386 .get_net_proto = icmpv6_get_net_proto,
387}; 387};
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 8d1e085fc14a..e4d738d34cd0 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -591,7 +591,7 @@ static int nlattr_to_sctp(struct nlattr *cda[], struct nf_conn *ct)
591} 591}
592#endif 592#endif
593 593
594#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 594#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
595 595
596#include <linux/netfilter/nfnetlink.h> 596#include <linux/netfilter/nfnetlink.h>
597#include <linux/netfilter/nfnetlink_cttimeout.h> 597#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -613,6 +613,8 @@ static int sctp_timeout_nlattr_to_obj(struct nlattr *tb[],
613 timeouts[i] = ntohl(nla_get_be32(tb[i])) * HZ; 613 timeouts[i] = ntohl(nla_get_be32(tb[i])) * HZ;
614 } 614 }
615 } 615 }
616
617 timeouts[CTA_TIMEOUT_SCTP_UNSPEC] = timeouts[CTA_TIMEOUT_SCTP_CLOSED];
616 return 0; 618 return 0;
617} 619}
618 620
@@ -644,7 +646,7 @@ sctp_timeout_nla_policy[CTA_TIMEOUT_SCTP_MAX+1] = {
644 [CTA_TIMEOUT_SCTP_HEARTBEAT_SENT] = { .type = NLA_U32 }, 646 [CTA_TIMEOUT_SCTP_HEARTBEAT_SENT] = { .type = NLA_U32 },
645 [CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED] = { .type = NLA_U32 }, 647 [CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED] = { .type = NLA_U32 },
646}; 648};
647#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 649#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
648 650
649 651
650#ifdef CONFIG_SYSCTL 652#ifdef CONFIG_SYSCTL
@@ -743,6 +745,11 @@ static int sctp_init_net(struct net *net, u_int16_t proto)
743 745
744 for (i = 0; i < SCTP_CONNTRACK_MAX; i++) 746 for (i = 0; i < SCTP_CONNTRACK_MAX; i++)
745 sn->timeouts[i] = sctp_timeouts[i]; 747 sn->timeouts[i] = sctp_timeouts[i];
748
749 /* timeouts[0] is unused, init it so ->timeouts[0] contains
750 * 'new' timeout, like udp or icmp.
751 */
752 sn->timeouts[0] = sctp_timeouts[SCTP_CONNTRACK_CLOSED];
746 } 753 }
747 754
748 return sctp_kmemdup_sysctl_table(pn, sn); 755 return sctp_kmemdup_sysctl_table(pn, sn);
@@ -773,7 +780,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
773 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 780 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
774 .nla_policy = nf_ct_port_nla_policy, 781 .nla_policy = nf_ct_port_nla_policy,
775#endif 782#endif
776#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 783#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
777 .ctnl_timeout = { 784 .ctnl_timeout = {
778 .nlattr_to_obj = sctp_timeout_nlattr_to_obj, 785 .nlattr_to_obj = sctp_timeout_nlattr_to_obj,
779 .obj_to_nlattr = sctp_timeout_obj_to_nlattr, 786 .obj_to_nlattr = sctp_timeout_obj_to_nlattr,
@@ -781,7 +788,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
781 .obj_size = sizeof(unsigned int) * SCTP_CONNTRACK_MAX, 788 .obj_size = sizeof(unsigned int) * SCTP_CONNTRACK_MAX,
782 .nla_policy = sctp_timeout_nla_policy, 789 .nla_policy = sctp_timeout_nla_policy,
783 }, 790 },
784#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 791#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
785 .init_net = sctp_init_net, 792 .init_net = sctp_init_net,
786 .get_net_proto = sctp_get_net_proto, 793 .get_net_proto = sctp_get_net_proto,
787}; 794};
@@ -806,7 +813,8 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 = {
806 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size, 813 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
807 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 814 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
808 .nla_policy = nf_ct_port_nla_policy, 815 .nla_policy = nf_ct_port_nla_policy,
809#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 816#endif
817#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
810 .ctnl_timeout = { 818 .ctnl_timeout = {
811 .nlattr_to_obj = sctp_timeout_nlattr_to_obj, 819 .nlattr_to_obj = sctp_timeout_nlattr_to_obj,
812 .obj_to_nlattr = sctp_timeout_obj_to_nlattr, 820 .obj_to_nlattr = sctp_timeout_obj_to_nlattr,
@@ -814,8 +822,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 = {
814 .obj_size = sizeof(unsigned int) * SCTP_CONNTRACK_MAX, 822 .obj_size = sizeof(unsigned int) * SCTP_CONNTRACK_MAX,
815 .nla_policy = sctp_timeout_nla_policy, 823 .nla_policy = sctp_timeout_nla_policy,
816 }, 824 },
817#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 825#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
818#endif
819 .init_net = sctp_init_net, 826 .init_net = sctp_init_net,
820 .get_net_proto = sctp_get_net_proto, 827 .get_net_proto = sctp_get_net_proto,
821}; 828};
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index d80d322b9d8b..b4bdf9eda7b7 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -1279,7 +1279,7 @@ static unsigned int tcp_nlattr_tuple_size(void)
1279} 1279}
1280#endif 1280#endif
1281 1281
1282#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 1282#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
1283 1283
1284#include <linux/netfilter/nfnetlink.h> 1284#include <linux/netfilter/nfnetlink.h>
1285#include <linux/netfilter/nfnetlink_cttimeout.h> 1285#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -1301,6 +1301,7 @@ static int tcp_timeout_nlattr_to_obj(struct nlattr *tb[],
1301 timeouts[TCP_CONNTRACK_SYN_SENT] = 1301 timeouts[TCP_CONNTRACK_SYN_SENT] =
1302 ntohl(nla_get_be32(tb[CTA_TIMEOUT_TCP_SYN_SENT]))*HZ; 1302 ntohl(nla_get_be32(tb[CTA_TIMEOUT_TCP_SYN_SENT]))*HZ;
1303 } 1303 }
1304
1304 if (tb[CTA_TIMEOUT_TCP_SYN_RECV]) { 1305 if (tb[CTA_TIMEOUT_TCP_SYN_RECV]) {
1305 timeouts[TCP_CONNTRACK_SYN_RECV] = 1306 timeouts[TCP_CONNTRACK_SYN_RECV] =
1306 ntohl(nla_get_be32(tb[CTA_TIMEOUT_TCP_SYN_RECV]))*HZ; 1307 ntohl(nla_get_be32(tb[CTA_TIMEOUT_TCP_SYN_RECV]))*HZ;
@@ -1341,6 +1342,8 @@ static int tcp_timeout_nlattr_to_obj(struct nlattr *tb[],
1341 timeouts[TCP_CONNTRACK_UNACK] = 1342 timeouts[TCP_CONNTRACK_UNACK] =
1342 ntohl(nla_get_be32(tb[CTA_TIMEOUT_TCP_UNACK]))*HZ; 1343 ntohl(nla_get_be32(tb[CTA_TIMEOUT_TCP_UNACK]))*HZ;
1343 } 1344 }
1345
1346 timeouts[CTA_TIMEOUT_TCP_UNSPEC] = timeouts[CTA_TIMEOUT_TCP_SYN_SENT];
1344 return 0; 1347 return 0;
1345} 1348}
1346 1349
@@ -1391,7 +1394,7 @@ static const struct nla_policy tcp_timeout_nla_policy[CTA_TIMEOUT_TCP_MAX+1] = {
1391 [CTA_TIMEOUT_TCP_RETRANS] = { .type = NLA_U32 }, 1394 [CTA_TIMEOUT_TCP_RETRANS] = { .type = NLA_U32 },
1392 [CTA_TIMEOUT_TCP_UNACK] = { .type = NLA_U32 }, 1395 [CTA_TIMEOUT_TCP_UNACK] = { .type = NLA_U32 },
1393}; 1396};
1394#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 1397#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
1395 1398
1396#ifdef CONFIG_SYSCTL 1399#ifdef CONFIG_SYSCTL
1397static struct ctl_table tcp_sysctl_table[] = { 1400static struct ctl_table tcp_sysctl_table[] = {
@@ -1518,6 +1521,10 @@ static int tcp_init_net(struct net *net, u_int16_t proto)
1518 for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++) 1521 for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++)
1519 tn->timeouts[i] = tcp_timeouts[i]; 1522 tn->timeouts[i] = tcp_timeouts[i];
1520 1523
1524 /* timeouts[0] is unused, make it same as SYN_SENT so
1525 * ->timeouts[0] contains 'new' timeout, like udp or icmp.
1526 */
1527 tn->timeouts[0] = tcp_timeouts[TCP_CONNTRACK_SYN_SENT];
1521 tn->tcp_loose = nf_ct_tcp_loose; 1528 tn->tcp_loose = nf_ct_tcp_loose;
1522 tn->tcp_be_liberal = nf_ct_tcp_be_liberal; 1529 tn->tcp_be_liberal = nf_ct_tcp_be_liberal;
1523 tn->tcp_max_retrans = nf_ct_tcp_max_retrans; 1530 tn->tcp_max_retrans = nf_ct_tcp_max_retrans;
@@ -1551,7 +1558,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
1551 .nlattr_size = TCP_NLATTR_SIZE, 1558 .nlattr_size = TCP_NLATTR_SIZE,
1552 .nla_policy = nf_ct_port_nla_policy, 1559 .nla_policy = nf_ct_port_nla_policy,
1553#endif 1560#endif
1554#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 1561#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
1555 .ctnl_timeout = { 1562 .ctnl_timeout = {
1556 .nlattr_to_obj = tcp_timeout_nlattr_to_obj, 1563 .nlattr_to_obj = tcp_timeout_nlattr_to_obj,
1557 .obj_to_nlattr = tcp_timeout_obj_to_nlattr, 1564 .obj_to_nlattr = tcp_timeout_obj_to_nlattr,
@@ -1560,7 +1567,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
1560 TCP_CONNTRACK_TIMEOUT_MAX, 1567 TCP_CONNTRACK_TIMEOUT_MAX,
1561 .nla_policy = tcp_timeout_nla_policy, 1568 .nla_policy = tcp_timeout_nla_policy,
1562 }, 1569 },
1563#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 1570#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
1564 .init_net = tcp_init_net, 1571 .init_net = tcp_init_net,
1565 .get_net_proto = tcp_get_net_proto, 1572 .get_net_proto = tcp_get_net_proto,
1566}; 1573};
@@ -1586,7 +1593,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 =
1586 .nlattr_tuple_size = tcp_nlattr_tuple_size, 1593 .nlattr_tuple_size = tcp_nlattr_tuple_size,
1587 .nla_policy = nf_ct_port_nla_policy, 1594 .nla_policy = nf_ct_port_nla_policy,
1588#endif 1595#endif
1589#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 1596#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
1590 .ctnl_timeout = { 1597 .ctnl_timeout = {
1591 .nlattr_to_obj = tcp_timeout_nlattr_to_obj, 1598 .nlattr_to_obj = tcp_timeout_nlattr_to_obj,
1592 .obj_to_nlattr = tcp_timeout_obj_to_nlattr, 1599 .obj_to_nlattr = tcp_timeout_obj_to_nlattr,
@@ -1595,7 +1602,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 =
1595 TCP_CONNTRACK_TIMEOUT_MAX, 1602 TCP_CONNTRACK_TIMEOUT_MAX,
1596 .nla_policy = tcp_timeout_nla_policy, 1603 .nla_policy = tcp_timeout_nla_policy,
1597 }, 1604 },
1598#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 1605#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
1599 .init_net = tcp_init_net, 1606 .init_net = tcp_init_net,
1600 .get_net_proto = tcp_get_net_proto, 1607 .get_net_proto = tcp_get_net_proto,
1601}; 1608};
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 7a1b8988a931..3065fb8ef91b 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -171,7 +171,7 @@ static int udp_error(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
171 return NF_ACCEPT; 171 return NF_ACCEPT;
172} 172}
173 173
174#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 174#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
175 175
176#include <linux/netfilter/nfnetlink.h> 176#include <linux/netfilter/nfnetlink.h>
177#include <linux/netfilter/nfnetlink_cttimeout.h> 177#include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -221,7 +221,7 @@ udp_timeout_nla_policy[CTA_TIMEOUT_UDP_MAX+1] = {
221 [CTA_TIMEOUT_UDP_UNREPLIED] = { .type = NLA_U32 }, 221 [CTA_TIMEOUT_UDP_UNREPLIED] = { .type = NLA_U32 },
222 [CTA_TIMEOUT_UDP_REPLIED] = { .type = NLA_U32 }, 222 [CTA_TIMEOUT_UDP_REPLIED] = { .type = NLA_U32 },
223}; 223};
224#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 224#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
225 225
226#ifdef CONFIG_SYSCTL 226#ifdef CONFIG_SYSCTL
227static struct ctl_table udp_sysctl_table[] = { 227static struct ctl_table udp_sysctl_table[] = {
@@ -292,7 +292,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
292 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size, 292 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
293 .nla_policy = nf_ct_port_nla_policy, 293 .nla_policy = nf_ct_port_nla_policy,
294#endif 294#endif
295#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 295#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
296 .ctnl_timeout = { 296 .ctnl_timeout = {
297 .nlattr_to_obj = udp_timeout_nlattr_to_obj, 297 .nlattr_to_obj = udp_timeout_nlattr_to_obj,
298 .obj_to_nlattr = udp_timeout_obj_to_nlattr, 298 .obj_to_nlattr = udp_timeout_obj_to_nlattr,
@@ -300,7 +300,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
300 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX, 300 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
301 .nla_policy = udp_timeout_nla_policy, 301 .nla_policy = udp_timeout_nla_policy,
302 }, 302 },
303#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 303#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
304 .init_net = udp_init_net, 304 .init_net = udp_init_net,
305 .get_net_proto = udp_get_net_proto, 305 .get_net_proto = udp_get_net_proto,
306}; 306};
@@ -321,7 +321,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite4 =
321 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size, 321 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
322 .nla_policy = nf_ct_port_nla_policy, 322 .nla_policy = nf_ct_port_nla_policy,
323#endif 323#endif
324#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 324#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
325 .ctnl_timeout = { 325 .ctnl_timeout = {
326 .nlattr_to_obj = udp_timeout_nlattr_to_obj, 326 .nlattr_to_obj = udp_timeout_nlattr_to_obj,
327 .obj_to_nlattr = udp_timeout_obj_to_nlattr, 327 .obj_to_nlattr = udp_timeout_obj_to_nlattr,
@@ -329,7 +329,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite4 =
329 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX, 329 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
330 .nla_policy = udp_timeout_nla_policy, 330 .nla_policy = udp_timeout_nla_policy,
331 }, 331 },
332#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 332#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
333 .init_net = udp_init_net, 333 .init_net = udp_init_net,
334 .get_net_proto = udp_get_net_proto, 334 .get_net_proto = udp_get_net_proto,
335}; 335};
@@ -350,7 +350,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 =
350 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size, 350 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
351 .nla_policy = nf_ct_port_nla_policy, 351 .nla_policy = nf_ct_port_nla_policy,
352#endif 352#endif
353#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 353#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
354 .ctnl_timeout = { 354 .ctnl_timeout = {
355 .nlattr_to_obj = udp_timeout_nlattr_to_obj, 355 .nlattr_to_obj = udp_timeout_nlattr_to_obj,
356 .obj_to_nlattr = udp_timeout_obj_to_nlattr, 356 .obj_to_nlattr = udp_timeout_obj_to_nlattr,
@@ -358,7 +358,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 =
358 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX, 358 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
359 .nla_policy = udp_timeout_nla_policy, 359 .nla_policy = udp_timeout_nla_policy,
360 }, 360 },
361#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 361#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
362 .init_net = udp_init_net, 362 .init_net = udp_init_net,
363 .get_net_proto = udp_get_net_proto, 363 .get_net_proto = udp_get_net_proto,
364}; 364};
@@ -379,7 +379,7 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite6 =
379 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size, 379 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
380 .nla_policy = nf_ct_port_nla_policy, 380 .nla_policy = nf_ct_port_nla_policy,
381#endif 381#endif
382#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) 382#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
383 .ctnl_timeout = { 383 .ctnl_timeout = {
384 .nlattr_to_obj = udp_timeout_nlattr_to_obj, 384 .nlattr_to_obj = udp_timeout_nlattr_to_obj,
385 .obj_to_nlattr = udp_timeout_obj_to_nlattr, 385 .obj_to_nlattr = udp_timeout_obj_to_nlattr,
@@ -387,10 +387,9 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite6 =
387 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX, 387 .obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
388 .nla_policy = udp_timeout_nla_policy, 388 .nla_policy = udp_timeout_nla_policy,
389 }, 389 },
390#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ 390#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
391 .init_net = udp_init_net, 391 .init_net = udp_init_net,
392 .get_net_proto = udp_get_net_proto, 392 .get_net_proto = udp_get_net_proto,
393}; 393};
394EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udplite6); 394EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udplite6);
395#endif 395#endif
396#include <net/netfilter/nf_conntrack_timeout.h>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 1dca5683f59f..2cfb173cd0b2 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4637,6 +4637,7 @@ static int nft_flush_set(const struct nft_ctx *ctx,
4637 } 4637 }
4638 set->ndeact++; 4638 set->ndeact++;
4639 4639
4640 nft_set_elem_deactivate(ctx->net, set, elem);
4640 nft_trans_elem_set(trans) = set; 4641 nft_trans_elem_set(trans) = set;
4641 nft_trans_elem(trans) = *elem; 4642 nft_trans_elem(trans) = *elem;
4642 list_add_tail(&trans->list, &ctx->net->nft.commit_list); 4643 list_add_tail(&trans->list, &ctx->net->nft.commit_list);
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index d46a236cdf31..a30f8ba4b89a 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -489,8 +489,8 @@ err:
489 return err; 489 return err;
490} 490}
491 491
492static struct ctnl_timeout * 492static struct nf_ct_timeout *ctnl_timeout_find_get(struct net *net,
493ctnl_timeout_find_get(struct net *net, const char *name) 493 const char *name)
494{ 494{
495 struct ctnl_timeout *timeout, *matching = NULL; 495 struct ctnl_timeout *timeout, *matching = NULL;
496 496
@@ -509,7 +509,7 @@ ctnl_timeout_find_get(struct net *net, const char *name)
509 break; 509 break;
510 } 510 }
511err: 511err:
512 return matching; 512 return matching ? &matching->timeout : NULL;
513} 513}
514 514
515static void ctnl_timeout_put(struct nf_ct_timeout *t) 515static void ctnl_timeout_put(struct nf_ct_timeout *t)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 5207eb8a5864..43041f087eb3 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -233,6 +233,7 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
233 int err; 233 int err;
234 234
235 if (verdict == NF_ACCEPT || 235 if (verdict == NF_ACCEPT ||
236 verdict == NF_REPEAT ||
236 verdict == NF_STOP) { 237 verdict == NF_STOP) {
237 rcu_read_lock(); 238 rcu_read_lock();
238 ct_hook = rcu_dereference(nf_ct_hook); 239 ct_hook = rcu_dereference(nf_ct_hook);
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 26a8baebd072..5dd87748afa8 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -799,7 +799,7 @@ err:
799} 799}
800 800
801struct nft_ct_timeout_obj { 801struct nft_ct_timeout_obj {
802 struct nf_conn *tmpl; 802 struct nf_ct_timeout *timeout;
803 u8 l4proto; 803 u8 l4proto;
804}; 804};
805 805
@@ -809,26 +809,42 @@ static void nft_ct_timeout_obj_eval(struct nft_object *obj,
809{ 809{
810 const struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 810 const struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
811 struct nf_conn *ct = (struct nf_conn *)skb_nfct(pkt->skb); 811 struct nf_conn *ct = (struct nf_conn *)skb_nfct(pkt->skb);
812 struct sk_buff *skb = pkt->skb; 812 struct nf_conn_timeout *timeout;
813 const unsigned int *values;
814
815 if (priv->l4proto != pkt->tprot)
816 return;
813 817
814 if (ct || 818 if (!ct || nf_ct_is_template(ct) || nf_ct_is_confirmed(ct))
815 priv->l4proto != pkt->tprot)
816 return; 819 return;
817 820
818 nf_ct_set(skb, priv->tmpl, IP_CT_NEW); 821 timeout = nf_ct_timeout_find(ct);
822 if (!timeout) {
823 timeout = nf_ct_timeout_ext_add(ct, priv->timeout, GFP_ATOMIC);
824 if (!timeout) {
825 regs->verdict.code = NF_DROP;
826 return;
827 }
828 }
829
830 rcu_assign_pointer(timeout->timeout, priv->timeout);
831
832 /* adjust the timeout as per 'new' state. ct is unconfirmed,
833 * so the current timestamp must not be added.
834 */
835 values = nf_ct_timeout_data(timeout);
836 if (values)
837 nf_ct_refresh(ct, pkt->skb, values[0]);
819} 838}
820 839
821static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx, 840static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx,
822 const struct nlattr * const tb[], 841 const struct nlattr * const tb[],
823 struct nft_object *obj) 842 struct nft_object *obj)
824{ 843{
825 const struct nf_conntrack_zone *zone = &nf_ct_zone_dflt;
826 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 844 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
827 const struct nf_conntrack_l4proto *l4proto; 845 const struct nf_conntrack_l4proto *l4proto;
828 struct nf_conn_timeout *timeout_ext;
829 struct nf_ct_timeout *timeout; 846 struct nf_ct_timeout *timeout;
830 int l3num = ctx->family; 847 int l3num = ctx->family;
831 struct nf_conn *tmpl;
832 __u8 l4num; 848 __u8 l4num;
833 int ret; 849 int ret;
834 850
@@ -863,28 +879,14 @@ static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx,
863 879
864 timeout->l3num = l3num; 880 timeout->l3num = l3num;
865 timeout->l4proto = l4proto; 881 timeout->l4proto = l4proto;
866 tmpl = nf_ct_tmpl_alloc(ctx->net, zone, GFP_ATOMIC);
867 if (!tmpl) {
868 ret = -ENOMEM;
869 goto err_free_timeout;
870 }
871
872 timeout_ext = nf_ct_timeout_ext_add(tmpl, timeout, GFP_ATOMIC);
873 if (!timeout_ext) {
874 ret = -ENOMEM;
875 goto err_free_tmpl;
876 }
877 882
878 ret = nf_ct_netns_get(ctx->net, ctx->family); 883 ret = nf_ct_netns_get(ctx->net, ctx->family);
879 if (ret < 0) 884 if (ret < 0)
880 goto err_free_tmpl; 885 goto err_free_timeout;
881
882 priv->tmpl = tmpl;
883 886
887 priv->timeout = timeout;
884 return 0; 888 return 0;
885 889
886err_free_tmpl:
887 nf_ct_tmpl_free(tmpl);
888err_free_timeout: 890err_free_timeout:
889 kfree(timeout); 891 kfree(timeout);
890err_proto_put: 892err_proto_put:
@@ -896,22 +898,19 @@ static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx,
896 struct nft_object *obj) 898 struct nft_object *obj)
897{ 899{
898 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 900 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
899 struct nf_conn_timeout *t = nf_ct_timeout_find(priv->tmpl); 901 struct nf_ct_timeout *timeout = priv->timeout;
900 struct nf_ct_timeout *timeout;
901 902
902 timeout = rcu_dereference_raw(t->timeout);
903 nf_ct_untimeout(ctx->net, timeout); 903 nf_ct_untimeout(ctx->net, timeout);
904 nf_ct_l4proto_put(timeout->l4proto); 904 nf_ct_l4proto_put(timeout->l4proto);
905 nf_ct_netns_put(ctx->net, ctx->family); 905 nf_ct_netns_put(ctx->net, ctx->family);
906 nf_ct_tmpl_free(priv->tmpl); 906 kfree(priv->timeout);
907} 907}
908 908
909static int nft_ct_timeout_obj_dump(struct sk_buff *skb, 909static int nft_ct_timeout_obj_dump(struct sk_buff *skb,
910 struct nft_object *obj, bool reset) 910 struct nft_object *obj, bool reset)
911{ 911{
912 const struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 912 const struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
913 const struct nf_conn_timeout *t = nf_ct_timeout_find(priv->tmpl); 913 const struct nf_ct_timeout *timeout = priv->timeout;
914 const struct nf_ct_timeout *timeout = rcu_dereference_raw(t->timeout);
915 struct nlattr *nest_params; 914 struct nlattr *nest_params;
916 int ret; 915 int ret;
917 916
diff --git a/net/netfilter/xt_CHECKSUM.c b/net/netfilter/xt_CHECKSUM.c
index 9f4151ec3e06..6c7aa6a0a0d2 100644
--- a/net/netfilter/xt_CHECKSUM.c
+++ b/net/netfilter/xt_CHECKSUM.c
@@ -16,6 +16,9 @@
16#include <linux/netfilter/x_tables.h> 16#include <linux/netfilter/x_tables.h>
17#include <linux/netfilter/xt_CHECKSUM.h> 17#include <linux/netfilter/xt_CHECKSUM.h>
18 18
19#include <linux/netfilter_ipv4/ip_tables.h>
20#include <linux/netfilter_ipv6/ip6_tables.h>
21
19MODULE_LICENSE("GPL"); 22MODULE_LICENSE("GPL");
20MODULE_AUTHOR("Michael S. Tsirkin <mst@redhat.com>"); 23MODULE_AUTHOR("Michael S. Tsirkin <mst@redhat.com>");
21MODULE_DESCRIPTION("Xtables: checksum modification"); 24MODULE_DESCRIPTION("Xtables: checksum modification");
@@ -25,7 +28,7 @@ MODULE_ALIAS("ip6t_CHECKSUM");
25static unsigned int 28static unsigned int
26checksum_tg(struct sk_buff *skb, const struct xt_action_param *par) 29checksum_tg(struct sk_buff *skb, const struct xt_action_param *par)
27{ 30{
28 if (skb->ip_summed == CHECKSUM_PARTIAL) 31 if (skb->ip_summed == CHECKSUM_PARTIAL && !skb_is_gso(skb))
29 skb_checksum_help(skb); 32 skb_checksum_help(skb);
30 33
31 return XT_CONTINUE; 34 return XT_CONTINUE;
@@ -34,6 +37,8 @@ checksum_tg(struct sk_buff *skb, const struct xt_action_param *par)
34static int checksum_tg_check(const struct xt_tgchk_param *par) 37static int checksum_tg_check(const struct xt_tgchk_param *par)
35{ 38{
36 const struct xt_CHECKSUM_info *einfo = par->targinfo; 39 const struct xt_CHECKSUM_info *einfo = par->targinfo;
40 const struct ip6t_ip6 *i6 = par->entryinfo;
41 const struct ipt_ip *i4 = par->entryinfo;
37 42
38 if (einfo->operation & ~XT_CHECKSUM_OP_FILL) { 43 if (einfo->operation & ~XT_CHECKSUM_OP_FILL) {
39 pr_info_ratelimited("unsupported CHECKSUM operation %x\n", 44 pr_info_ratelimited("unsupported CHECKSUM operation %x\n",
@@ -43,6 +48,21 @@ static int checksum_tg_check(const struct xt_tgchk_param *par)
43 if (!einfo->operation) 48 if (!einfo->operation)
44 return -EINVAL; 49 return -EINVAL;
45 50
51 switch (par->family) {
52 case NFPROTO_IPV4:
53 if (i4->proto == IPPROTO_UDP &&
54 (i4->invflags & XT_INV_PROTO) == 0)
55 return 0;
56 break;
57 case NFPROTO_IPV6:
58 if ((i6->flags & IP6T_F_PROTO) &&
59 i6->proto == IPPROTO_UDP &&
60 (i6->invflags & XT_INV_PROTO) == 0)
61 return 0;
62 break;
63 }
64
65 pr_warn_once("CHECKSUM should be avoided. If really needed, restrict with \"-p udp\" and only use in OUTPUT\n");
46 return 0; 66 return 0;
47} 67}
48 68
diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c
index dfbdbb2fc0ed..51d0c257e7a5 100644
--- a/net/netfilter/xt_cluster.c
+++ b/net/netfilter/xt_cluster.c
@@ -125,6 +125,7 @@ xt_cluster_mt(const struct sk_buff *skb, struct xt_action_param *par)
125static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par) 125static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
126{ 126{
127 struct xt_cluster_match_info *info = par->matchinfo; 127 struct xt_cluster_match_info *info = par->matchinfo;
128 int ret;
128 129
129 if (info->total_nodes > XT_CLUSTER_NODES_MAX) { 130 if (info->total_nodes > XT_CLUSTER_NODES_MAX) {
130 pr_info_ratelimited("you have exceeded the maximum number of cluster nodes (%u > %u)\n", 131 pr_info_ratelimited("you have exceeded the maximum number of cluster nodes (%u > %u)\n",
@@ -135,7 +136,17 @@ static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
135 pr_info_ratelimited("node mask cannot exceed total number of nodes\n"); 136 pr_info_ratelimited("node mask cannot exceed total number of nodes\n");
136 return -EDOM; 137 return -EDOM;
137 } 138 }
138 return 0; 139
140 ret = nf_ct_netns_get(par->net, par->family);
141 if (ret < 0)
142 pr_info_ratelimited("cannot load conntrack support for proto=%u\n",
143 par->family);
144 return ret;
145}
146
147static void xt_cluster_mt_destroy(const struct xt_mtdtor_param *par)
148{
149 nf_ct_netns_put(par->net, par->family);
139} 150}
140 151
141static struct xt_match xt_cluster_match __read_mostly = { 152static struct xt_match xt_cluster_match __read_mostly = {
@@ -144,6 +155,7 @@ static struct xt_match xt_cluster_match __read_mostly = {
144 .match = xt_cluster_mt, 155 .match = xt_cluster_mt,
145 .checkentry = xt_cluster_mt_checkentry, 156 .checkentry = xt_cluster_mt_checkentry,
146 .matchsize = sizeof(struct xt_cluster_match_info), 157 .matchsize = sizeof(struct xt_cluster_match_info),
158 .destroy = xt_cluster_mt_destroy,
147 .me = THIS_MODULE, 159 .me = THIS_MODULE,
148}; 160};
149 161
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 9b16402f29af..3e7d259e5d8d 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -1057,7 +1057,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
1057static void *dl_seq_start(struct seq_file *s, loff_t *pos) 1057static void *dl_seq_start(struct seq_file *s, loff_t *pos)
1058 __acquires(htable->lock) 1058 __acquires(htable->lock)
1059{ 1059{
1060 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->private)); 1060 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->file));
1061 unsigned int *bucket; 1061 unsigned int *bucket;
1062 1062
1063 spin_lock_bh(&htable->lock); 1063 spin_lock_bh(&htable->lock);
@@ -1074,7 +1074,7 @@ static void *dl_seq_start(struct seq_file *s, loff_t *pos)
1074 1074
1075static void *dl_seq_next(struct seq_file *s, void *v, loff_t *pos) 1075static void *dl_seq_next(struct seq_file *s, void *v, loff_t *pos)
1076{ 1076{
1077 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->private)); 1077 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->file));
1078 unsigned int *bucket = v; 1078 unsigned int *bucket = v;
1079 1079
1080 *pos = ++(*bucket); 1080 *pos = ++(*bucket);
@@ -1088,7 +1088,7 @@ static void *dl_seq_next(struct seq_file *s, void *v, loff_t *pos)
1088static void dl_seq_stop(struct seq_file *s, void *v) 1088static void dl_seq_stop(struct seq_file *s, void *v)
1089 __releases(htable->lock) 1089 __releases(htable->lock)
1090{ 1090{
1091 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->private)); 1091 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->file));
1092 unsigned int *bucket = v; 1092 unsigned int *bucket = v;
1093 1093
1094 if (!IS_ERR(bucket)) 1094 if (!IS_ERR(bucket))
@@ -1130,7 +1130,7 @@ static void dl_seq_print(struct dsthash_ent *ent, u_int8_t family,
1130static int dl_seq_real_show_v2(struct dsthash_ent *ent, u_int8_t family, 1130static int dl_seq_real_show_v2(struct dsthash_ent *ent, u_int8_t family,
1131 struct seq_file *s) 1131 struct seq_file *s)
1132{ 1132{
1133 struct xt_hashlimit_htable *ht = PDE_DATA(file_inode(s->private)); 1133 struct xt_hashlimit_htable *ht = PDE_DATA(file_inode(s->file));
1134 1134
1135 spin_lock(&ent->lock); 1135 spin_lock(&ent->lock);
1136 /* recalculate to show accurate numbers */ 1136 /* recalculate to show accurate numbers */
@@ -1145,7 +1145,7 @@ static int dl_seq_real_show_v2(struct dsthash_ent *ent, u_int8_t family,
1145static int dl_seq_real_show_v1(struct dsthash_ent *ent, u_int8_t family, 1145static int dl_seq_real_show_v1(struct dsthash_ent *ent, u_int8_t family,
1146 struct seq_file *s) 1146 struct seq_file *s)
1147{ 1147{
1148 struct xt_hashlimit_htable *ht = PDE_DATA(file_inode(s->private)); 1148 struct xt_hashlimit_htable *ht = PDE_DATA(file_inode(s->file));
1149 1149
1150 spin_lock(&ent->lock); 1150 spin_lock(&ent->lock);
1151 /* recalculate to show accurate numbers */ 1151 /* recalculate to show accurate numbers */
@@ -1160,7 +1160,7 @@ static int dl_seq_real_show_v1(struct dsthash_ent *ent, u_int8_t family,
1160static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family, 1160static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family,
1161 struct seq_file *s) 1161 struct seq_file *s)
1162{ 1162{
1163 struct xt_hashlimit_htable *ht = PDE_DATA(file_inode(s->private)); 1163 struct xt_hashlimit_htable *ht = PDE_DATA(file_inode(s->file));
1164 1164
1165 spin_lock(&ent->lock); 1165 spin_lock(&ent->lock);
1166 /* recalculate to show accurate numbers */ 1166 /* recalculate to show accurate numbers */
@@ -1174,7 +1174,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family,
1174 1174
1175static int dl_seq_show_v2(struct seq_file *s, void *v) 1175static int dl_seq_show_v2(struct seq_file *s, void *v)
1176{ 1176{
1177 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->private)); 1177 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->file));
1178 unsigned int *bucket = (unsigned int *)v; 1178 unsigned int *bucket = (unsigned int *)v;
1179 struct dsthash_ent *ent; 1179 struct dsthash_ent *ent;
1180 1180
@@ -1188,7 +1188,7 @@ static int dl_seq_show_v2(struct seq_file *s, void *v)
1188 1188
1189static int dl_seq_show_v1(struct seq_file *s, void *v) 1189static int dl_seq_show_v1(struct seq_file *s, void *v)
1190{ 1190{
1191 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->private)); 1191 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->file));
1192 unsigned int *bucket = v; 1192 unsigned int *bucket = v;
1193 struct dsthash_ent *ent; 1193 struct dsthash_ent *ent;
1194 1194
@@ -1202,7 +1202,7 @@ static int dl_seq_show_v1(struct seq_file *s, void *v)
1202 1202
1203static int dl_seq_show(struct seq_file *s, void *v) 1203static int dl_seq_show(struct seq_file *s, void *v)
1204{ 1204{
1205 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->private)); 1205 struct xt_hashlimit_htable *htable = PDE_DATA(file_inode(s->file));
1206 unsigned int *bucket = v; 1206 unsigned int *bucket = v;
1207 struct dsthash_ent *ent; 1207 struct dsthash_ent *ent;
1208 1208
diff --git a/net/rds/bind.c b/net/rds/bind.c
index 3ab55784b637..762d2c6788a3 100644
--- a/net/rds/bind.c
+++ b/net/rds/bind.c
@@ -76,11 +76,13 @@ struct rds_sock *rds_find_bound(const struct in6_addr *addr, __be16 port,
76 struct rds_sock *rs; 76 struct rds_sock *rs;
77 77
78 __rds_create_bind_key(key, addr, port, scope_id); 78 __rds_create_bind_key(key, addr, port, scope_id);
79 rs = rhashtable_lookup_fast(&bind_hash_table, key, ht_parms); 79 rcu_read_lock();
80 rs = rhashtable_lookup(&bind_hash_table, key, ht_parms);
80 if (rs && !sock_flag(rds_rs_to_sk(rs), SOCK_DEAD)) 81 if (rs && !sock_flag(rds_rs_to_sk(rs), SOCK_DEAD))
81 rds_sock_addref(rs); 82 rds_sock_addref(rs);
82 else 83 else
83 rs = NULL; 84 rs = NULL;
85 rcu_read_unlock();
84 86
85 rdsdebug("returning rs %p for %pI6c:%u\n", rs, addr, 87 rdsdebug("returning rs %p for %pI6c:%u\n", rs, addr,
86 ntohs(port)); 88 ntohs(port));
@@ -235,6 +237,7 @@ int rds_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
235 goto out; 237 goto out;
236 } 238 }
237 239
240 sock_set_flag(sk, SOCK_RCU_FREE);
238 ret = rds_add_bound(rs, binding_addr, &port, scope_id); 241 ret = rds_add_bound(rs, binding_addr, &port, scope_id);
239 if (ret) 242 if (ret)
240 goto out; 243 goto out;
diff --git a/net/sched/act_tunnel_key.c b/net/sched/act_tunnel_key.c
index 6d95b6919d9d..4cca8f274662 100644
--- a/net/sched/act_tunnel_key.c
+++ b/net/sched/act_tunnel_key.c
@@ -317,7 +317,7 @@ static int tunnel_key_init(struct net *net, struct nlattr *nla,
317 &metadata->u.tun_info, 317 &metadata->u.tun_info,
318 opts_len, extack); 318 opts_len, extack);
319 if (ret < 0) 319 if (ret < 0)
320 goto err_out; 320 goto release_tun_meta;
321 } 321 }
322 322
323 metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX; 323 metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX;
@@ -333,23 +333,24 @@ static int tunnel_key_init(struct net *net, struct nlattr *nla,
333 &act_tunnel_key_ops, bind, true); 333 &act_tunnel_key_ops, bind, true);
334 if (ret) { 334 if (ret) {
335 NL_SET_ERR_MSG(extack, "Cannot create TC IDR"); 335 NL_SET_ERR_MSG(extack, "Cannot create TC IDR");
336 goto err_out; 336 goto release_tun_meta;
337 } 337 }
338 338
339 ret = ACT_P_CREATED; 339 ret = ACT_P_CREATED;
340 } else if (!ovr) { 340 } else if (!ovr) {
341 tcf_idr_release(*a, bind);
342 NL_SET_ERR_MSG(extack, "TC IDR already exists"); 341 NL_SET_ERR_MSG(extack, "TC IDR already exists");
343 return -EEXIST; 342 ret = -EEXIST;
343 goto release_tun_meta;
344 } 344 }
345 345
346 t = to_tunnel_key(*a); 346 t = to_tunnel_key(*a);
347 347
348 params_new = kzalloc(sizeof(*params_new), GFP_KERNEL); 348 params_new = kzalloc(sizeof(*params_new), GFP_KERNEL);
349 if (unlikely(!params_new)) { 349 if (unlikely(!params_new)) {
350 tcf_idr_release(*a, bind);
351 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters"); 350 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters");
352 return -ENOMEM; 351 ret = -ENOMEM;
352 exists = true;
353 goto release_tun_meta;
353 } 354 }
354 params_new->tcft_action = parm->t_action; 355 params_new->tcft_action = parm->t_action;
355 params_new->tcft_enc_metadata = metadata; 356 params_new->tcft_enc_metadata = metadata;
@@ -367,6 +368,9 @@ static int tunnel_key_init(struct net *net, struct nlattr *nla,
367 368
368 return ret; 369 return ret;
369 370
371release_tun_meta:
372 dst_release(&metadata->dst);
373
370err_out: 374err_out:
371 if (exists) 375 if (exists)
372 tcf_idr_release(*a, bind); 376 tcf_idr_release(*a, bind);
@@ -408,8 +412,10 @@ static int tunnel_key_geneve_opts_dump(struct sk_buff *skb,
408 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE, 412 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE,
409 opt->type) || 413 opt->type) ||
410 nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA, 414 nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA,
411 opt->length * 4, opt + 1)) 415 opt->length * 4, opt + 1)) {
416 nla_nest_cancel(skb, start);
412 return -EMSGSIZE; 417 return -EMSGSIZE;
418 }
413 419
414 len -= sizeof(struct geneve_opt) + opt->length * 4; 420 len -= sizeof(struct geneve_opt) + opt->length * 4;
415 src += sizeof(struct geneve_opt) + opt->length * 4; 421 src += sizeof(struct geneve_opt) + opt->length * 4;
@@ -423,7 +429,7 @@ static int tunnel_key_opts_dump(struct sk_buff *skb,
423 const struct ip_tunnel_info *info) 429 const struct ip_tunnel_info *info)
424{ 430{
425 struct nlattr *start; 431 struct nlattr *start;
426 int err; 432 int err = -EINVAL;
427 433
428 if (!info->options_len) 434 if (!info->options_len)
429 return 0; 435 return 0;
@@ -435,9 +441,11 @@ static int tunnel_key_opts_dump(struct sk_buff *skb,
435 if (info->key.tun_flags & TUNNEL_GENEVE_OPT) { 441 if (info->key.tun_flags & TUNNEL_GENEVE_OPT) {
436 err = tunnel_key_geneve_opts_dump(skb, info); 442 err = tunnel_key_geneve_opts_dump(skb, info);
437 if (err) 443 if (err)
438 return err; 444 goto err_out;
439 } else { 445 } else {
440 return -EINVAL; 446err_out:
447 nla_nest_cancel(skb, start);
448 return err;
441 } 449 }
442 450
443 nla_nest_end(skb, start); 451 nla_nest_end(skb, start);
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index a2f76743c73a..6376467e78f8 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -185,6 +185,10 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
185 return -ENOMEM; 185 return -ENOMEM;
186 186
187 buf->sk = msg->dst_sk; 187 buf->sk = msg->dst_sk;
188 if (__tipc_dump_start(&cb, msg->net)) {
189 kfree_skb(buf);
190 return -ENOMEM;
191 }
188 192
189 do { 193 do {
190 int rem; 194 int rem;
@@ -216,6 +220,7 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
216 err = 0; 220 err = 0;
217 221
218err_out: 222err_out:
223 tipc_dump_done(&cb);
219 kfree_skb(buf); 224 kfree_skb(buf);
220 225
221 if (err == -EMSGSIZE) { 226 if (err == -EMSGSIZE) {
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index ab7a2a7178f7..3f03ddd0e35b 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -576,6 +576,7 @@ static int tipc_release(struct socket *sock)
576 sk_stop_timer(sk, &sk->sk_timer); 576 sk_stop_timer(sk, &sk->sk_timer);
577 tipc_sk_remove(tsk); 577 tipc_sk_remove(tsk);
578 578
579 sock_orphan(sk);
579 /* Reject any messages that accumulated in backlog queue */ 580 /* Reject any messages that accumulated in backlog queue */
580 release_sock(sk); 581 release_sock(sk);
581 tipc_dest_list_purge(&tsk->cong_links); 582 tipc_dest_list_purge(&tsk->cong_links);
@@ -3229,7 +3230,7 @@ int tipc_nl_sk_walk(struct sk_buff *skb, struct netlink_callback *cb,
3229 struct netlink_callback *cb, 3230 struct netlink_callback *cb,
3230 struct tipc_sock *tsk)) 3231 struct tipc_sock *tsk))
3231{ 3232{
3232 struct rhashtable_iter *iter = (void *)cb->args[0]; 3233 struct rhashtable_iter *iter = (void *)cb->args[4];
3233 struct tipc_sock *tsk; 3234 struct tipc_sock *tsk;
3234 int err; 3235 int err;
3235 3236
@@ -3265,8 +3266,14 @@ EXPORT_SYMBOL(tipc_nl_sk_walk);
3265 3266
3266int tipc_dump_start(struct netlink_callback *cb) 3267int tipc_dump_start(struct netlink_callback *cb)
3267{ 3268{
3268 struct rhashtable_iter *iter = (void *)cb->args[0]; 3269 return __tipc_dump_start(cb, sock_net(cb->skb->sk));
3269 struct net *net = sock_net(cb->skb->sk); 3270}
3271EXPORT_SYMBOL(tipc_dump_start);
3272
3273int __tipc_dump_start(struct netlink_callback *cb, struct net *net)
3274{
3275 /* tipc_nl_name_table_dump() uses cb->args[0...3]. */
3276 struct rhashtable_iter *iter = (void *)cb->args[4];
3270 struct tipc_net *tn = tipc_net(net); 3277 struct tipc_net *tn = tipc_net(net);
3271 3278
3272 if (!iter) { 3279 if (!iter) {
@@ -3274,17 +3281,16 @@ int tipc_dump_start(struct netlink_callback *cb)
3274 if (!iter) 3281 if (!iter)
3275 return -ENOMEM; 3282 return -ENOMEM;
3276 3283
3277 cb->args[0] = (long)iter; 3284 cb->args[4] = (long)iter;
3278 } 3285 }
3279 3286
3280 rhashtable_walk_enter(&tn->sk_rht, iter); 3287 rhashtable_walk_enter(&tn->sk_rht, iter);
3281 return 0; 3288 return 0;
3282} 3289}
3283EXPORT_SYMBOL(tipc_dump_start);
3284 3290
3285int tipc_dump_done(struct netlink_callback *cb) 3291int tipc_dump_done(struct netlink_callback *cb)
3286{ 3292{
3287 struct rhashtable_iter *hti = (void *)cb->args[0]; 3293 struct rhashtable_iter *hti = (void *)cb->args[4];
3288 3294
3289 rhashtable_walk_exit(hti); 3295 rhashtable_walk_exit(hti);
3290 kfree(hti); 3296 kfree(hti);
diff --git a/net/tipc/socket.h b/net/tipc/socket.h
index d43032e26532..5e575f205afe 100644
--- a/net/tipc/socket.h
+++ b/net/tipc/socket.h
@@ -69,5 +69,6 @@ int tipc_nl_sk_walk(struct sk_buff *skb, struct netlink_callback *cb,
69 struct netlink_callback *cb, 69 struct netlink_callback *cb,
70 struct tipc_sock *tsk)); 70 struct tipc_sock *tsk));
71int tipc_dump_start(struct netlink_callback *cb); 71int tipc_dump_start(struct netlink_callback *cb);
72int __tipc_dump_start(struct netlink_callback *cb, struct net *net);
72int tipc_dump_done(struct netlink_callback *cb); 73int tipc_dump_done(struct netlink_callback *cb);
73#endif 74#endif
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index adab598bd6db..8aa4c1dafd6a 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -263,6 +263,9 @@ static int alloc_encrypted_sg(struct sock *sk, int len)
263 &ctx->sg_encrypted_num_elem, 263 &ctx->sg_encrypted_num_elem,
264 &ctx->sg_encrypted_size, 0); 264 &ctx->sg_encrypted_size, 0);
265 265
266 if (rc == -ENOSPC)
267 ctx->sg_encrypted_num_elem = ARRAY_SIZE(ctx->sg_encrypted_data);
268
266 return rc; 269 return rc;
267} 270}
268 271
@@ -276,6 +279,9 @@ static int alloc_plaintext_sg(struct sock *sk, int len)
276 &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size, 279 &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
277 tls_ctx->pending_open_record_frags); 280 tls_ctx->pending_open_record_frags);
278 281
282 if (rc == -ENOSPC)
283 ctx->sg_plaintext_num_elem = ARRAY_SIZE(ctx->sg_plaintext_data);
284
279 return rc; 285 return rc;
280} 286}
281 287
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-22 02:15:06 -0400