diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 1 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_acct.c | 7 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_cttimeout.c | 7 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue_core.c | 6 | ||||
| -rw-r--r-- | net/netfilter/xt_TCPMSS.c | 6 |
5 files changed, 20 insertions, 7 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 5b142fb16480..9e6c2a075a4c 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, | |||
| 2542 | struct ip_vs_dest *dest; | 2542 | struct ip_vs_dest *dest; |
| 2543 | struct ip_vs_dest_entry entry; | 2543 | struct ip_vs_dest_entry entry; |
| 2544 | 2544 | ||
| 2545 | memset(&entry, 0, sizeof(entry)); | ||
| 2545 | list_for_each_entry(dest, &svc->destinations, n_list) { | 2546 | list_for_each_entry(dest, &svc->destinations, n_list) { |
| 2546 | if (count >= get->num_dests) | 2547 | if (count >= get->num_dests) |
| 2547 | break; | 2548 | break; |
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index dc3fd5d44464..c7b6d466a662 100644 --- a/net/netfilter/nfnetlink_acct.c +++ b/net/netfilter/nfnetlink_acct.c | |||
| @@ -149,9 +149,12 @@ nfnl_acct_dump(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 149 | 149 | ||
| 150 | rcu_read_lock(); | 150 | rcu_read_lock(); |
| 151 | list_for_each_entry_rcu(cur, &nfnl_acct_list, head) { | 151 | list_for_each_entry_rcu(cur, &nfnl_acct_list, head) { |
| 152 | if (last && cur != last) | 152 | if (last) { |
| 153 | continue; | 153 | if (cur != last) |
| 154 | continue; | ||
| 154 | 155 | ||
| 156 | last = NULL; | ||
| 157 | } | ||
| 155 | if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid, | 158 | if (nfnl_acct_fill_info(skb, NETLINK_CB(cb->skb).portid, |
| 156 | cb->nlh->nlmsg_seq, | 159 | cb->nlh->nlmsg_seq, |
| 157 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), | 160 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), |
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c index 701c88a20fea..65074dfb9383 100644 --- a/net/netfilter/nfnetlink_cttimeout.c +++ b/net/netfilter/nfnetlink_cttimeout.c | |||
| @@ -220,9 +220,12 @@ ctnl_timeout_dump(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 220 | 220 | ||
| 221 | rcu_read_lock(); | 221 | rcu_read_lock(); |
| 222 | list_for_each_entry_rcu(cur, &cttimeout_list, head) { | 222 | list_for_each_entry_rcu(cur, &cttimeout_list, head) { |
| 223 | if (last && cur != last) | 223 | if (last) { |
| 224 | continue; | 224 | if (cur != last) |
| 225 | continue; | ||
| 225 | 226 | ||
| 227 | last = NULL; | ||
| 228 | } | ||
| 226 | if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid, | 229 | if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid, |
| 227 | cb->nlh->nlmsg_seq, | 230 | cb->nlh->nlmsg_seq, |
| 228 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), | 231 | NFNL_MSG_TYPE(cb->nlh->nlmsg_type), |
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index 4e27fa035814..5352b2d2d5bf 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c | |||
| @@ -637,9 +637,6 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) | |||
| 637 | if (queue->copy_mode == NFQNL_COPY_NONE) | 637 | if (queue->copy_mode == NFQNL_COPY_NONE) |
| 638 | return -EINVAL; | 638 | return -EINVAL; |
| 639 | 639 | ||
| 640 | if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(entry->skb)) | ||
| 641 | return __nfqnl_enqueue_packet(net, queue, entry); | ||
| 642 | |||
| 643 | skb = entry->skb; | 640 | skb = entry->skb; |
| 644 | 641 | ||
| 645 | switch (entry->pf) { | 642 | switch (entry->pf) { |
| @@ -651,6 +648,9 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) | |||
| 651 | break; | 648 | break; |
| 652 | } | 649 | } |
| 653 | 650 | ||
| 651 | if ((queue->flags & NFQA_CFG_F_GSO) || !skb_is_gso(skb)) | ||
| 652 | return __nfqnl_enqueue_packet(net, queue, entry); | ||
| 653 | |||
| 654 | nf_bridge_adjust_skb_data(skb); | 654 | nf_bridge_adjust_skb_data(skb); |
| 655 | segs = skb_gso_segment(skb, 0); | 655 | segs = skb_gso_segment(skb, 0); |
| 656 | /* Does not use PTR_ERR to limit the number of error codes that can be | 656 | /* Does not use PTR_ERR to limit the number of error codes that can be |
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index a75240f0d42b..afaebc766933 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
| @@ -125,6 +125,12 @@ tcpmss_mangle_packet(struct sk_buff *skb, | |||
| 125 | 125 | ||
| 126 | skb_put(skb, TCPOLEN_MSS); | 126 | skb_put(skb, TCPOLEN_MSS); |
| 127 | 127 | ||
| 128 | /* RFC 879 states that the default MSS is 536 without specific | ||
| 129 | * knowledge that the destination host is prepared to accept larger. | ||
| 130 | * Since no MSS was provided, we MUST NOT set a value > 536. | ||
| 131 | */ | ||
| 132 | newmss = min(newmss, (u16)536); | ||
| 133 | |||
| 128 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); | 134 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); |
| 129 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); | 135 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); |
| 130 | 136 | ||