aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/iptable_nat.c4
-rw-r--r--net/ipv4/tcp_illinois.c8
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/tcp_metrics.c2
-rw-r--r--net/ipv6/netfilter/ip6table_nat.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c4
-rw-r--r--net/l2tp/l2tp_eth.c1
-rw-r--r--net/mac80211/ibss.c2
-rw-r--r--net/mac80211/rx.c74
-rw-r--r--net/mac80211/util.c42
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c3
-rw-r--r--net/sctp/socket.c2
-rw-r--r--net/wireless/core.c3
-rw-r--r--net/wireless/reg.c5
-rw-r--r--net/wireless/util.c14
15 files changed, 125 insertions, 46 deletions
diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c
index 9e0ffaf1d94..a82047282db 100644
--- a/net/ipv4/netfilter/iptable_nat.c
+++ b/net/ipv4/netfilter/iptable_nat.c
@@ -184,7 +184,8 @@ nf_nat_ipv4_out(unsigned int hooknum,
184 184
185 if ((ct->tuplehash[dir].tuple.src.u3.ip != 185 if ((ct->tuplehash[dir].tuple.src.u3.ip !=
186 ct->tuplehash[!dir].tuple.dst.u3.ip) || 186 ct->tuplehash[!dir].tuple.dst.u3.ip) ||
187 (ct->tuplehash[dir].tuple.src.u.all != 187 (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
188 ct->tuplehash[dir].tuple.src.u.all !=
188 ct->tuplehash[!dir].tuple.dst.u.all)) 189 ct->tuplehash[!dir].tuple.dst.u.all))
189 if (nf_xfrm_me_harder(skb, AF_INET) < 0) 190 if (nf_xfrm_me_harder(skb, AF_INET) < 0)
190 ret = NF_DROP; 191 ret = NF_DROP;
@@ -221,6 +222,7 @@ nf_nat_ipv4_local_fn(unsigned int hooknum,
221 } 222 }
222#ifdef CONFIG_XFRM 223#ifdef CONFIG_XFRM
223 else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && 224 else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
225 ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
224 ct->tuplehash[dir].tuple.dst.u.all != 226 ct->tuplehash[dir].tuple.dst.u.all !=
225 ct->tuplehash[!dir].tuple.src.u.all) 227 ct->tuplehash[!dir].tuple.src.u.all)
226 if (nf_xfrm_me_harder(skb, AF_INET) < 0) 228 if (nf_xfrm_me_harder(skb, AF_INET) < 0)
diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
index 813b43a76fe..834857f3c87 100644
--- a/net/ipv4/tcp_illinois.c
+++ b/net/ipv4/tcp_illinois.c
@@ -313,11 +313,13 @@ static void tcp_illinois_info(struct sock *sk, u32 ext,
313 .tcpv_rttcnt = ca->cnt_rtt, 313 .tcpv_rttcnt = ca->cnt_rtt,
314 .tcpv_minrtt = ca->base_rtt, 314 .tcpv_minrtt = ca->base_rtt,
315 }; 315 };
316 u64 t = ca->sum_rtt;
317 316
318 do_div(t, ca->cnt_rtt); 317 if (info.tcpv_rttcnt > 0) {
319 info.tcpv_rtt = t; 318 u64 t = ca->sum_rtt;
320 319
320 do_div(t, info.tcpv_rttcnt);
321 info.tcpv_rtt = t;
322 }
321 nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info); 323 nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
322 } 324 }
323} 325}
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 1db66398358..2c2b13a999e 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4529,6 +4529,9 @@ int tcp_send_rcvq(struct sock *sk, struct msghdr *msg, size_t size)
4529 struct tcphdr *th; 4529 struct tcphdr *th;
4530 bool fragstolen; 4530 bool fragstolen;
4531 4531
4532 if (size == 0)
4533 return 0;
4534
4532 skb = alloc_skb(size + sizeof(*th), sk->sk_allocation); 4535 skb = alloc_skb(size + sizeof(*th), sk->sk_allocation);
4533 if (!skb) 4536 if (!skb)
4534 goto err; 4537 goto err;
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 4c752a6e0bc..53bc5847bfa 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -864,7 +864,7 @@ static int parse_nl_addr(struct genl_info *info, struct inetpeer_addr *addr,
864 } 864 }
865 a = info->attrs[TCP_METRICS_ATTR_ADDR_IPV6]; 865 a = info->attrs[TCP_METRICS_ATTR_ADDR_IPV6];
866 if (a) { 866 if (a) {
867 if (nla_len(a) != sizeof(sizeof(struct in6_addr))) 867 if (nla_len(a) != sizeof(struct in6_addr))
868 return -EINVAL; 868 return -EINVAL;
869 addr->family = AF_INET6; 869 addr->family = AF_INET6;
870 memcpy(addr->addr.a6, nla_data(a), sizeof(addr->addr.a6)); 870 memcpy(addr->addr.a6, nla_data(a), sizeof(addr->addr.a6));
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c
index e418bd6350a..d57dab17a18 100644
--- a/net/ipv6/netfilter/ip6table_nat.c
+++ b/net/ipv6/netfilter/ip6table_nat.c
@@ -186,7 +186,8 @@ nf_nat_ipv6_out(unsigned int hooknum,
186 186
187 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, 187 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3,
188 &ct->tuplehash[!dir].tuple.dst.u3) || 188 &ct->tuplehash[!dir].tuple.dst.u3) ||
189 (ct->tuplehash[dir].tuple.src.u.all != 189 (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
190 ct->tuplehash[dir].tuple.src.u.all !=
190 ct->tuplehash[!dir].tuple.dst.u.all)) 191 ct->tuplehash[!dir].tuple.dst.u.all))
191 if (nf_xfrm_me_harder(skb, AF_INET6) < 0) 192 if (nf_xfrm_me_harder(skb, AF_INET6) < 0)
192 ret = NF_DROP; 193 ret = NF_DROP;
@@ -222,6 +223,7 @@ nf_nat_ipv6_local_fn(unsigned int hooknum,
222 } 223 }
223#ifdef CONFIG_XFRM 224#ifdef CONFIG_XFRM
224 else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && 225 else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
226 ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
225 ct->tuplehash[dir].tuple.dst.u.all != 227 ct->tuplehash[dir].tuple.dst.u.all !=
226 ct->tuplehash[!dir].tuple.src.u.all) 228 ct->tuplehash[!dir].tuple.src.u.all)
227 if (nf_xfrm_me_harder(skb, AF_INET6)) 229 if (nf_xfrm_me_harder(skb, AF_INET6))
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 18bd9bbbd1c..22c8ea95118 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -85,7 +85,7 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
85 { } 85 { }
86}; 86};
87 87
88static int __net_init nf_ct_frag6_sysctl_register(struct net *net) 88static int nf_ct_frag6_sysctl_register(struct net *net)
89{ 89{
90 struct ctl_table *table; 90 struct ctl_table *table;
91 struct ctl_table_header *hdr; 91 struct ctl_table_header *hdr;
@@ -127,7 +127,7 @@ static void __net_exit nf_ct_frags6_sysctl_unregister(struct net *net)
127} 127}
128 128
129#else 129#else
130static int __net_init nf_ct_frag6_sysctl_register(struct net *net) 130static int nf_ct_frag6_sysctl_register(struct net *net)
131{ 131{
132 return 0; 132 return 0;
133} 133}
diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
index 37b8b8ba31f..76125c57ee6 100644
--- a/net/l2tp/l2tp_eth.c
+++ b/net/l2tp/l2tp_eth.c
@@ -291,6 +291,7 @@ static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 p
291 291
292out_del_dev: 292out_del_dev:
293 free_netdev(dev); 293 free_netdev(dev);
294 spriv->dev = NULL;
294out_del_session: 295out_del_session:
295 l2tp_session_delete(session); 296 l2tp_session_delete(session);
296out: 297out:
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 5f3620f0bc0..bf87c70ac6c 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1108,7 +1108,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1108 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; 1108 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
1109 sdata->u.ibss.ibss_join_req = jiffies; 1109 sdata->u.ibss.ibss_join_req = jiffies;
1110 1110
1111 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); 1111 memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len);
1112 sdata->u.ibss.ssid_len = params->ssid_len; 1112 sdata->u.ibss.ssid_len = params->ssid_len;
1113 1113
1114 mutex_unlock(&sdata->u.ibss.mtx); 1114 mutex_unlock(&sdata->u.ibss.mtx);
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 61c621e9273..00ade7feb2e 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -531,6 +531,11 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
531 531
532 if (ieee80211_is_action(hdr->frame_control)) { 532 if (ieee80211_is_action(hdr->frame_control)) {
533 u8 category; 533 u8 category;
534
535 /* make sure category field is present */
536 if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
537 return RX_DROP_MONITOR;
538
534 mgmt = (struct ieee80211_mgmt *)hdr; 539 mgmt = (struct ieee80211_mgmt *)hdr;
535 category = mgmt->u.action.category; 540 category = mgmt->u.action.category;
536 if (category != WLAN_CATEGORY_MESH_ACTION && 541 if (category != WLAN_CATEGORY_MESH_ACTION &&
@@ -883,14 +888,16 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
883 */ 888 */
884 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION && 889 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
885 ieee80211_is_data_present(hdr->frame_control)) { 890 ieee80211_is_data_present(hdr->frame_control)) {
886 u16 ethertype; 891 unsigned int hdrlen;
887 u8 *payload; 892 __be16 ethertype;
888 893
889 payload = rx->skb->data + 894 hdrlen = ieee80211_hdrlen(hdr->frame_control);
890 ieee80211_hdrlen(hdr->frame_control); 895
891 ethertype = (payload[6] << 8) | payload[7]; 896 if (rx->skb->len < hdrlen + 8)
892 if (cpu_to_be16(ethertype) == 897 return RX_DROP_MONITOR;
893 rx->sdata->control_port_protocol) 898
899 skb_copy_bits(rx->skb, hdrlen + 6, &ethertype, 2);
900 if (ethertype == rx->sdata->control_port_protocol)
894 return RX_CONTINUE; 901 return RX_CONTINUE;
895 } 902 }
896 903
@@ -1462,11 +1469,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1462 1469
1463 hdr = (struct ieee80211_hdr *)rx->skb->data; 1470 hdr = (struct ieee80211_hdr *)rx->skb->data;
1464 fc = hdr->frame_control; 1471 fc = hdr->frame_control;
1472
1473 if (ieee80211_is_ctl(fc))
1474 return RX_CONTINUE;
1475
1465 sc = le16_to_cpu(hdr->seq_ctrl); 1476 sc = le16_to_cpu(hdr->seq_ctrl);
1466 frag = sc & IEEE80211_SCTL_FRAG; 1477 frag = sc & IEEE80211_SCTL_FRAG;
1467 1478
1468 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || 1479 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
1469 (rx->skb)->len < 24 ||
1470 is_multicast_ether_addr(hdr->addr1))) { 1480 is_multicast_ether_addr(hdr->addr1))) {
1471 /* not fragmented */ 1481 /* not fragmented */
1472 goto out; 1482 goto out;
@@ -1889,6 +1899,20 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1889 1899
1890 hdr = (struct ieee80211_hdr *) skb->data; 1900 hdr = (struct ieee80211_hdr *) skb->data;
1891 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1901 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1902
1903 /* make sure fixed part of mesh header is there, also checks skb len */
1904 if (!pskb_may_pull(rx->skb, hdrlen + 6))
1905 return RX_DROP_MONITOR;
1906
1907 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1908
1909 /* make sure full mesh header is there, also checks skb len */
1910 if (!pskb_may_pull(rx->skb,
1911 hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr)))
1912 return RX_DROP_MONITOR;
1913
1914 /* reload pointers */
1915 hdr = (struct ieee80211_hdr *) skb->data;
1892 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); 1916 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1893 1917
1894 /* frame is in RMC, don't forward */ 1918 /* frame is in RMC, don't forward */
@@ -1897,7 +1921,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1897 mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata)) 1921 mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
1898 return RX_DROP_MONITOR; 1922 return RX_DROP_MONITOR;
1899 1923
1900 if (!ieee80211_is_data(hdr->frame_control)) 1924 if (!ieee80211_is_data(hdr->frame_control) ||
1925 !(status->rx_flags & IEEE80211_RX_RA_MATCH))
1901 return RX_CONTINUE; 1926 return RX_CONTINUE;
1902 1927
1903 if (!mesh_hdr->ttl) 1928 if (!mesh_hdr->ttl)
@@ -1911,9 +1936,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1911 if (is_multicast_ether_addr(hdr->addr1)) { 1936 if (is_multicast_ether_addr(hdr->addr1)) {
1912 mpp_addr = hdr->addr3; 1937 mpp_addr = hdr->addr3;
1913 proxied_addr = mesh_hdr->eaddr1; 1938 proxied_addr = mesh_hdr->eaddr1;
1914 } else { 1939 } else if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6) {
1940 /* has_a4 already checked in ieee80211_rx_mesh_check */
1915 mpp_addr = hdr->addr4; 1941 mpp_addr = hdr->addr4;
1916 proxied_addr = mesh_hdr->eaddr2; 1942 proxied_addr = mesh_hdr->eaddr2;
1943 } else {
1944 return RX_DROP_MONITOR;
1917 } 1945 }
1918 1946
1919 rcu_read_lock(); 1947 rcu_read_lock();
@@ -1941,12 +1969,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1941 } 1969 }
1942 skb_set_queue_mapping(skb, q); 1970 skb_set_queue_mapping(skb, q);
1943 1971
1944 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1945 goto out;
1946
1947 if (!--mesh_hdr->ttl) { 1972 if (!--mesh_hdr->ttl) {
1948 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl); 1973 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl);
1949 return RX_DROP_MONITOR; 1974 goto out;
1950 } 1975 }
1951 1976
1952 if (!ifmsh->mshcfg.dot11MeshForwarding) 1977 if (!ifmsh->mshcfg.dot11MeshForwarding)
@@ -2353,6 +2378,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2353 } 2378 }
2354 break; 2379 break;
2355 case WLAN_CATEGORY_SELF_PROTECTED: 2380 case WLAN_CATEGORY_SELF_PROTECTED:
2381 if (len < (IEEE80211_MIN_ACTION_SIZE +
2382 sizeof(mgmt->u.action.u.self_prot.action_code)))
2383 break;
2384
2356 switch (mgmt->u.action.u.self_prot.action_code) { 2385 switch (mgmt->u.action.u.self_prot.action_code) {
2357 case WLAN_SP_MESH_PEERING_OPEN: 2386 case WLAN_SP_MESH_PEERING_OPEN:
2358 case WLAN_SP_MESH_PEERING_CLOSE: 2387 case WLAN_SP_MESH_PEERING_CLOSE:
@@ -2371,6 +2400,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2371 } 2400 }
2372 break; 2401 break;
2373 case WLAN_CATEGORY_MESH_ACTION: 2402 case WLAN_CATEGORY_MESH_ACTION:
2403 if (len < (IEEE80211_MIN_ACTION_SIZE +
2404 sizeof(mgmt->u.action.u.mesh_action.action_code)))
2405 break;
2406
2374 if (!ieee80211_vif_is_mesh(&sdata->vif)) 2407 if (!ieee80211_vif_is_mesh(&sdata->vif))
2375 break; 2408 break;
2376 if (mesh_action_is_path_sel(mgmt) && 2409 if (mesh_action_is_path_sel(mgmt) &&
@@ -2913,10 +2946,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2913 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc)) 2946 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
2914 local->dot11ReceivedFragmentCount++; 2947 local->dot11ReceivedFragmentCount++;
2915 2948
2916 if (ieee80211_is_mgmt(fc)) 2949 if (ieee80211_is_mgmt(fc)) {
2917 err = skb_linearize(skb); 2950 /* drop frame if too short for header */
2918 else 2951 if (skb->len < ieee80211_hdrlen(fc))
2952 err = -ENOBUFS;
2953 else
2954 err = skb_linearize(skb);
2955 } else {
2919 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc)); 2956 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc));
2957 }
2920 2958
2921 if (err) { 2959 if (err) {
2922 dev_kfree_skb(skb); 2960 dev_kfree_skb(skb);
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 94e58687397..239391807ca 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -643,13 +643,41 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
643 break; 643 break;
644 } 644 }
645 645
646 if (id != WLAN_EID_VENDOR_SPECIFIC && 646 switch (id) {
647 id != WLAN_EID_QUIET && 647 case WLAN_EID_SSID:
648 test_bit(id, seen_elems)) { 648 case WLAN_EID_SUPP_RATES:
649 elems->parse_error = true; 649 case WLAN_EID_FH_PARAMS:
650 left -= elen; 650 case WLAN_EID_DS_PARAMS:
651 pos += elen; 651 case WLAN_EID_CF_PARAMS:
652 continue; 652 case WLAN_EID_TIM:
653 case WLAN_EID_IBSS_PARAMS:
654 case WLAN_EID_CHALLENGE:
655 case WLAN_EID_RSN:
656 case WLAN_EID_ERP_INFO:
657 case WLAN_EID_EXT_SUPP_RATES:
658 case WLAN_EID_HT_CAPABILITY:
659 case WLAN_EID_HT_OPERATION:
660 case WLAN_EID_VHT_CAPABILITY:
661 case WLAN_EID_VHT_OPERATION:
662 case WLAN_EID_MESH_ID:
663 case WLAN_EID_MESH_CONFIG:
664 case WLAN_EID_PEER_MGMT:
665 case WLAN_EID_PREQ:
666 case WLAN_EID_PREP:
667 case WLAN_EID_PERR:
668 case WLAN_EID_RANN:
669 case WLAN_EID_CHANNEL_SWITCH:
670 case WLAN_EID_EXT_CHANSWITCH_ANN:
671 case WLAN_EID_COUNTRY:
672 case WLAN_EID_PWR_CONSTRAINT:
673 case WLAN_EID_TIMEOUT_INTERVAL:
674 if (test_bit(id, seen_elems)) {
675 elems->parse_error = true;
676 left -= elen;
677 pos += elen;
678 continue;
679 }
680 break;
653 } 681 }
654 682
655 if (calc_crc && id < 64 && (filter & (1ULL << id))) 683 if (calc_crc && id < 64 && (filter & (1ULL << id)))
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 1b30b0dee70..962795e839a 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -753,7 +753,8 @@ static int callforward_do_filter(const union nf_inet_addr *src,
753 flowi4_to_flowi(&fl1), false)) { 753 flowi4_to_flowi(&fl1), false)) {
754 if (!afinfo->route(&init_net, (struct dst_entry **)&rt2, 754 if (!afinfo->route(&init_net, (struct dst_entry **)&rt2,
755 flowi4_to_flowi(&fl2), false)) { 755 flowi4_to_flowi(&fl2), false)) {
756 if (rt1->rt_gateway == rt2->rt_gateway && 756 if (rt_nexthop(rt1, fl1.daddr) ==
757 rt_nexthop(rt2, fl2.daddr) &&
757 rt1->dst.dev == rt2->dst.dev) 758 rt1->dst.dev == rt2->dst.dev)
758 ret = 1; 759 ret = 1;
759 dst_release(&rt2->dst); 760 dst_release(&rt2->dst);
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 59d16ea927f..a60d1f8b41c 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -974,7 +974,7 @@ SCTP_STATIC int sctp_setsockopt_bindx(struct sock* sk,
974 void *addr_buf; 974 void *addr_buf;
975 struct sctp_af *af; 975 struct sctp_af *af;
976 976
977 SCTP_DEBUG_PRINTK("sctp_setsocktopt_bindx: sk %p addrs %p" 977 SCTP_DEBUG_PRINTK("sctp_setsockopt_bindx: sk %p addrs %p"
978 " addrs_size %d opt %d\n", sk, addrs, addrs_size, op); 978 " addrs_size %d opt %d\n", sk, addrs, addrs_size, op);
979 979
980 if (unlikely(addrs_size <= 0)) 980 if (unlikely(addrs_size <= 0))
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 443d4d7deea..3f725305208 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -526,8 +526,7 @@ int wiphy_register(struct wiphy *wiphy)
526 for (i = 0; i < sband->n_channels; i++) { 526 for (i = 0; i < sband->n_channels; i++) {
527 sband->channels[i].orig_flags = 527 sband->channels[i].orig_flags =
528 sband->channels[i].flags; 528 sband->channels[i].flags;
529 sband->channels[i].orig_mag = 529 sband->channels[i].orig_mag = INT_MAX;
530 sband->channels[i].max_antenna_gain;
531 sband->channels[i].orig_mpwr = 530 sband->channels[i].orig_mpwr =
532 sband->channels[i].max_power; 531 sband->channels[i].max_power;
533 sband->channels[i].band = band; 532 sband->channels[i].band = band;
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 3b8cbbc214d..bcc7d7ee5a5 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -908,7 +908,7 @@ static void handle_channel(struct wiphy *wiphy,
908 map_regdom_flags(reg_rule->flags) | bw_flags; 908 map_regdom_flags(reg_rule->flags) | bw_flags;
909 chan->max_antenna_gain = chan->orig_mag = 909 chan->max_antenna_gain = chan->orig_mag =
910 (int) MBI_TO_DBI(power_rule->max_antenna_gain); 910 (int) MBI_TO_DBI(power_rule->max_antenna_gain);
911 chan->max_power = chan->orig_mpwr = 911 chan->max_reg_power = chan->max_power = chan->orig_mpwr =
912 (int) MBM_TO_DBM(power_rule->max_eirp); 912 (int) MBM_TO_DBM(power_rule->max_eirp);
913 return; 913 return;
914 } 914 }
@@ -1331,7 +1331,8 @@ static void handle_channel_custom(struct wiphy *wiphy,
1331 1331
1332 chan->flags |= map_regdom_flags(reg_rule->flags) | bw_flags; 1332 chan->flags |= map_regdom_flags(reg_rule->flags) | bw_flags;
1333 chan->max_antenna_gain = (int) MBI_TO_DBI(power_rule->max_antenna_gain); 1333 chan->max_antenna_gain = (int) MBI_TO_DBI(power_rule->max_antenna_gain);
1334 chan->max_power = (int) MBM_TO_DBM(power_rule->max_eirp); 1334 chan->max_reg_power = chan->max_power =
1335 (int) MBM_TO_DBM(power_rule->max_eirp);
1335} 1336}
1336 1337
1337static void handle_band_custom(struct wiphy *wiphy, enum ieee80211_band band, 1338static void handle_band_custom(struct wiphy *wiphy, enum ieee80211_band band,
diff --git a/net/wireless/util.c b/net/wireless/util.c
index ef35f4ef2aa..2762e832998 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -309,23 +309,21 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
309} 309}
310EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 310EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
311 311
312static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) 312unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
313{ 313{
314 int ae = meshhdr->flags & MESH_FLAGS_AE; 314 int ae = meshhdr->flags & MESH_FLAGS_AE;
315 /* 7.1.3.5a.2 */ 315 /* 802.11-2012, 8.2.4.7.3 */
316 switch (ae) { 316 switch (ae) {
317 default:
317 case 0: 318 case 0:
318 return 6; 319 return 6;
319 case MESH_FLAGS_AE_A4: 320 case MESH_FLAGS_AE_A4:
320 return 12; 321 return 12;
321 case MESH_FLAGS_AE_A5_A6: 322 case MESH_FLAGS_AE_A5_A6:
322 return 18; 323 return 18;
323 case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6):
324 return 24;
325 default:
326 return 6;
327 } 324 }
328} 325}
326EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen);
329 327
330int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, 328int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
331 enum nl80211_iftype iftype) 329 enum nl80211_iftype iftype)
@@ -373,6 +371,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
373 /* make sure meshdr->flags is on the linear part */ 371 /* make sure meshdr->flags is on the linear part */
374 if (!pskb_may_pull(skb, hdrlen + 1)) 372 if (!pskb_may_pull(skb, hdrlen + 1))
375 return -1; 373 return -1;
374 if (meshdr->flags & MESH_FLAGS_AE_A4)
375 return -1;
376 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { 376 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
377 skb_copy_bits(skb, hdrlen + 377 skb_copy_bits(skb, hdrlen +
378 offsetof(struct ieee80211s_hdr, eaddr1), 378 offsetof(struct ieee80211s_hdr, eaddr1),
@@ -397,6 +397,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
397 /* make sure meshdr->flags is on the linear part */ 397 /* make sure meshdr->flags is on the linear part */
398 if (!pskb_may_pull(skb, hdrlen + 1)) 398 if (!pskb_may_pull(skb, hdrlen + 1))
399 return -1; 399 return -1;
400 if (meshdr->flags & MESH_FLAGS_AE_A5_A6)
401 return -1;
400 if (meshdr->flags & MESH_FLAGS_AE_A4) 402 if (meshdr->flags & MESH_FLAGS_AE_A4)
401 skb_copy_bits(skb, hdrlen + 403 skb_copy_bits(skb, hdrlen +
402 offsetof(struct ieee80211s_hdr, eaddr1), 404 offsetof(struct ieee80211s_hdr, eaddr1),
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-27 21:23:14 -0500