Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

author: Linus Torvalds <torvalds@g5.osdl.org> 2005-12-19 19:43:36 -0500
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-12-19 19:43:36 -0500
commit: ce7fa1b3f9105873f6e26edb7241c848cab70e4d (patch)
tree: ef88e085dbf26fa10970759876df80adb4a1ae46
parent: d898d485e721db45be555c27df5de03281f2fd05 (diff)
parent: 9bffc4ace1ed875667dbe5b29065d96bec558c62 (diff)
12 files changed, 52 insertions, 33 deletions
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index c231e9a08f0b..d50482ba27fe 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -866,6 +866,7 @@ enum rtnetlink_groups {
 #define RTNLGRP_IPV4_MROUTE     RTNLGRP_IPV4_MROUTE
        RTNLGRP_IPV4_ROUTE,
 #define RTNLGRP_IPV4_ROUTE      RTNLGRP_IPV4_ROUTE
+        RTNLGRP_NOP1,
        RTNLGRP_IPV6_IFADDR,
 #define RTNLGRP_IPV6_IFADDR     RTNLGRP_IPV6_IFADDR
        RTNLGRP_IPV6_MROUTE,
@@ -876,8 +877,11 @@ enum rtnetlink_groups {
 #define RTNLGRP_IPV6_IFINFO     RTNLGRP_IPV6_IFINFO
        RTNLGRP_DECnet_IFADDR,
 #define RTNLGRP_DECnet_IFADDR   RTNLGRP_DECnet_IFADDR
+        RTNLGRP_NOP2,
        RTNLGRP_DECnet_ROUTE,
 #define RTNLGRP_DECnet_ROUTE    RTNLGRP_DECnet_ROUTE
+        RTNLGRP_NOP3,
+        RTNLGRP_NOP4,
        RTNLGRP_IPV6_PREFIX,
 #define RTNLGRP_IPV6_PREFIX     RTNLGRP_IPV6_PREFIX
        __RTNLGRP_MAX
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 5beae1ccd574..1cdb87912137 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -890,6 +890,7 @@ struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
 extern void xfrm_policy_flush(void);
 extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
 extern int xfrm_flush_bundles(void);
+extern void xfrm_flush_all_bundles(void);
 extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family);
 extern void xfrm_init_pmtu(struct dst_entry *dst);
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index d8e36b775125..43a0b35dfe6f 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -295,7 +295,7 @@ static int check_hbh_len(struct sk_buff *skb)
        len -= 2;
        while (len > 0) {
-                int optlen = raw[off+1]+2;
+                int optlen = skb->nh.raw[off+1]+2;
                switch (skb->nh.raw[off]) {
                case IPV6_TLV_PAD0:
@@ -308,18 +308,15 @@ static int check_hbh_len(struct sk_buff *skb)
                case IPV6_TLV_JUMBO:
                        if (skb->nh.raw[off+1] != 4 || (off&3) != 2)
                                goto bad;
                        pkt_len = ntohl(*(u32*)(skb->nh.raw+off+2));
+                        if (pkt_len <= IPV6_MAXPLEN ||
+                            skb->nh.ipv6h->payload_len)
+                                goto bad;
                        if (pkt_len > skb->len - sizeof(struct ipv6hdr))
                                goto bad;
-                        if (pkt_len + sizeof(struct ipv6hdr) < skb->len) {
+                        if (pskb_trim_rcsum(skb,
-                                if (__pskb_trim(skb,
+                            pkt_len+sizeof(struct ipv6hdr)))
-                                    pkt_len + sizeof(struct ipv6hdr)))
+                                goto bad;
-                                        goto bad;
-                                if (skb->ip_summed == CHECKSUM_HW)
-                                        skb->ip_summed = CHECKSUM_NONE;
-                        }
                        break;
                default:
                        if (optlen > len)
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 058c48e258fc..d0a447e520a2 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -12,6 +12,7 @@ ip_nat_pptp-objs	:= ip_nat_helper_pptp.o ip_nat_proto_gre.o
 # connection tracking
 obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
+obj-$(CONFIG_IP_NF_NAT) += ip_nat.o
 # conntrack netlink interface
 obj-$(CONFIG_IP_NF_CONNTRACK_NETLINK) += ip_conntrack_netlink.o
@@ -41,7 +42,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
 # the three instances of ip_tables
 obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
 obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
-obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o ip_nat.o
+obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
 obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
 # matches
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index b2b60f3e9cdd..42196ba3b0b9 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -182,6 +182,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl)
                case IPPROTO_UDP:
                case IPPROTO_TCP:
                case IPPROTO_SCTP:
+                case IPPROTO_DCCP:
                        if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
                                u16 *ports = (u16 *)xprth;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 73a23b4130a5..4ea8cf7c0cc4 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1596,9 +1596,17 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
           not good.
         */
        if (valid_lft >= 0x7FFFFFFF/HZ)
-                rt_expires = 0;
+                rt_expires = 0x7FFFFFFF - (0x7FFFFFFF % HZ);
        else
-                rt_expires = jiffies + valid_lft * HZ;
+                rt_expires = valid_lft * HZ;
+        /*
+         * We convert this (in jiffies) to clock_t later.
+         * Avoid arithmetic overflow there as well.
+         * Overflow can happen only if HZ < USER_HZ.
+         */
+        if (HZ < USER_HZ && rt_expires > 0x7FFFFFFF / USER_HZ)
+                rt_expires = 0x7FFFFFFF / USER_HZ;
        if (pinfo->onlink) {
                struct rt6_info *rt;
@@ -1610,12 +1618,12 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
                                        ip6_del_rt(rt, NULL, NULL, NULL);
                                        rt = NULL;
                                } else {
-                                        rt->rt6i_expires = rt_expires;
+                                        rt->rt6i_expires = jiffies + rt_expires;
                                }
                        }
                } else if (valid_lft) {
                        addrconf_prefix_route(&pinfo->prefix, pinfo->prefix_len,
-                                              dev, rt_expires, RTF_ADDRCONF|RTF_EXPIRES|RTF_PREFIX_RT);
+                                              dev, jiffies_to_clock_t(rt_expires), RTF_ADDRCONF|RTF_EXPIRES|RTF_PREFIX_RT);
                }
                if (rt)
                        dst_release(&rt->u.dst);
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 060d61202412..04912f9b35c3 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -211,7 +211,7 @@ config IP6_NF_TARGET_REJECT
 config IP6_NF_TARGET_NFQUEUE
        tristate "NFQUEUE Target Support"
-        depends on IP_NF_IPTABLES
+        depends on IP6_NF_IPTABLES
        help
          This Target replaced the old obsolete QUEUE target.
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index a7a537b50595..7c68bfbee361 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -829,7 +829,7 @@ int ip6_route_add(struct in6_rtmsg *rtmsg, struct nlmsghdr *nlh,
        }
        rt->u.dst.obsolete = -1;
-        rt->rt6i_expires = clock_t_to_jiffies(rtmsg->rtmsg_info);
+        rt->rt6i_expires = jiffies + clock_t_to_jiffies(rtmsg->rtmsg_info);
        if (nlh && (r = NLMSG_DATA(nlh))) {
                rt->rt6i_protocol = r->rtm_protocol;
        } else {
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index cf1d91e74c82..69bd957380e7 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -214,6 +214,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl)
                case IPPROTO_UDP:
                case IPPROTO_TCP:
                case IPPROTO_SCTP:
+                case IPPROTO_DCCP:
                        if (pskb_may_pull(skb, skb->nh.raw + offset + 4 - skb->data)) {
                                u16 *ports = (u16 *)exthdr;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 1f7f244806b7..9df888e932c5 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -156,10 +156,6 @@ static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
                                sizeof(struct sk_buff) +
                                sizeof(struct sctp_chunk);
-        sk->sk_wmem_queued += SCTP_DATA_SNDSIZE(chunk) +
-                                sizeof(struct sk_buff) +
-                                sizeof(struct sctp_chunk);
        atomic_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
 }
@@ -4426,7 +4422,7 @@ cleanup:
 * tcp_poll().  Note that, based on these implementations, we don't
 * lock the socket in this function, even though it seems that,
 * ideally, locking or some other mechanisms can be used to ensure
- * the integrity of the counters (sndbuf and wmem_queued) used
+ * the integrity of the counters (sndbuf and wmem_alloc) used
 * in this place.  We assume that we don't need locks either until proven
 * otherwise.
 *
@@ -4833,10 +4829,6 @@ static void sctp_wfree(struct sk_buff *skb)
                                sizeof(struct sk_buff) +
                                sizeof(struct sctp_chunk);
-        sk->sk_wmem_queued -= SCTP_DATA_SNDSIZE(chunk) +
-                                sizeof(struct sk_buff) +
-                                sizeof(struct sctp_chunk);
        atomic_sub(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
        sock_wfree(skb);
@@ -4920,7 +4912,7 @@ void sctp_write_space(struct sock *sk)
 /* Is there any sndbuf space available on the socket?
 *
- * Note that wmem_queued is the sum of the send buffers on all of the
+ * Note that sk_wmem_alloc is the sum of the send buffers on all of the
 * associations on the same socket.  For a UDP-style socket with
 * multiple associations, it is possible for it to be "unwriteable"
 * prematurely.  I assume that this is acceptable because
@@ -4933,7 +4925,7 @@ static int sctp_writeable(struct sock *sk)
 {
        int amt = 0;
-        amt = sk->sk_sndbuf - sk->sk_wmem_queued;
+        amt = sk->sk_sndbuf - atomic_read(&sk->sk_wmem_alloc);
        if (amt < 0)
                amt = 0;
        return amt;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 0db9e57013fd..54a4be6a7d26 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1014,13 +1014,12 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
 }
 EXPORT_SYMBOL(__xfrm_route_forward);
-/* Optimize later using cookies and generation ids. */
 static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie)
 {
-        if (!stale_bundle(dst))
+        /* If it is marked obsolete, which is how we even get here,
-                return dst;
+         * then we have purged it from the policy bundle list and we
+         * did that for a good reason.
+         */
        return NULL;
 }
@@ -1104,6 +1103,16 @@ int xfrm_flush_bundles(void)
        return 0;
 }
+static int always_true(struct dst_entry *dst)
+{
+        return 1;
+}
+void xfrm_flush_all_bundles(void)
+{
+        xfrm_prune_bundles(always_true);
+}
 void xfrm_init_pmtu(struct dst_entry *dst)
 {
        do {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7cf48aa6c95b..479effc97666 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -431,6 +431,8 @@ void xfrm_state_insert(struct xfrm_state *x)
        spin_lock_bh(&xfrm_state_lock);
        __xfrm_state_insert(x);
        spin_unlock_bh(&xfrm_state_lock);
+        xfrm_flush_all_bundles();
 }
 EXPORT_SYMBOL(xfrm_state_insert);
@@ -478,6 +480,9 @@ out:
        spin_unlock_bh(&xfrm_state_lock);
        xfrm_state_put_afinfo(afinfo);
+        if (!err)
+                xfrm_flush_all_bundles();
        if (x1) {
                xfrm_state_delete(x1);
                xfrm_state_put(x1);
author	Linus Torvalds <torvalds@g5.osdl.org>	2005-12-19 19:43:36 -0500
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-12-19 19:43:36 -0500
commit	ce7fa1b3f9105873f6e26edb7241c848cab70e4d (patch)
tree	ef88e085dbf26fa10970759876df80adb4a1ae46
parent	d898d485e721db45be555c27df5de03281f2fd05 (diff)
parent	9bffc4ace1ed875667dbe5b29065d96bec558c62 (diff)

diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h index c231e9a08f0b..d50482ba27fe 100644 --- a/include/linux/rtnetlink.h +++ b/include/linux/rtnetlink.h
@@ -866,6 +866,7 @@ enum rtnetlink_groups {
866	#define RTNLGRP_IPV4_MROUTE RTNLGRP_IPV4_MROUTE	866	#define RTNLGRP_IPV4_MROUTE RTNLGRP_IPV4_MROUTE
867	RTNLGRP_IPV4_ROUTE,	867	RTNLGRP_IPV4_ROUTE,
868	#define RTNLGRP_IPV4_ROUTE RTNLGRP_IPV4_ROUTE	868	#define RTNLGRP_IPV4_ROUTE RTNLGRP_IPV4_ROUTE
		869	RTNLGRP_NOP1,
869	RTNLGRP_IPV6_IFADDR,	870	RTNLGRP_IPV6_IFADDR,
870	#define RTNLGRP_IPV6_IFADDR RTNLGRP_IPV6_IFADDR	871	#define RTNLGRP_IPV6_IFADDR RTNLGRP_IPV6_IFADDR
871	RTNLGRP_IPV6_MROUTE,	872	RTNLGRP_IPV6_MROUTE,
@@ -876,8 +877,11 @@ enum rtnetlink_groups {
876	#define RTNLGRP_IPV6_IFINFO RTNLGRP_IPV6_IFINFO	877	#define RTNLGRP_IPV6_IFINFO RTNLGRP_IPV6_IFINFO
877	RTNLGRP_DECnet_IFADDR,	878	RTNLGRP_DECnet_IFADDR,
878	#define RTNLGRP_DECnet_IFADDR RTNLGRP_DECnet_IFADDR	879	#define RTNLGRP_DECnet_IFADDR RTNLGRP_DECnet_IFADDR
		880	RTNLGRP_NOP2,
879	RTNLGRP_DECnet_ROUTE,	881	RTNLGRP_DECnet_ROUTE,
880	#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE	882	#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
		883	RTNLGRP_NOP3,
		884	RTNLGRP_NOP4,
881	RTNLGRP_IPV6_PREFIX,	885	RTNLGRP_IPV6_PREFIX,
882	#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX	886	#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
883	__RTNLGRP_MAX	887	__RTNLGRP_MAX


diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 5beae1ccd574..1cdb87912137 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h
@@ -890,6 +890,7 @@ struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
890	extern void xfrm_policy_flush(void);	890	extern void xfrm_policy_flush(void);
891	extern int xfrm_sk_policy_insert(struct sock sk, int dir, struct xfrm_policy pol);	891	extern int xfrm_sk_policy_insert(struct sock sk, int dir, struct xfrm_policy pol);
892	extern int xfrm_flush_bundles(void);	892	extern int xfrm_flush_bundles(void);
		893	extern void xfrm_flush_all_bundles(void);
893	extern int xfrm_bundle_ok(struct xfrm_dst xdst, struct flowi fl, int family);	894	extern int xfrm_bundle_ok(struct xfrm_dst xdst, struct flowi fl, int family);
894	extern void xfrm_init_pmtu(struct dst_entry *dst);	895	extern void xfrm_init_pmtu(struct dst_entry *dst);
895		896


diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index d8e36b775125..43a0b35dfe6f 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c
@@ -295,7 +295,7 @@ static int check_hbh_len(struct sk_buff *skb)
295	len -= 2;	295	len -= 2;
296		296
297	while (len > 0) {	297	while (len > 0) {
298	int optlen = raw[off+1]+2;	298	int optlen = skb->nh.raw[off+1]+2;
299		299
300	switch (skb->nh.raw[off]) {	300	switch (skb->nh.raw[off]) {
301	case IPV6_TLV_PAD0:	301	case IPV6_TLV_PAD0:
@@ -308,18 +308,15 @@ static int check_hbh_len(struct sk_buff *skb)
308	case IPV6_TLV_JUMBO:	308	case IPV6_TLV_JUMBO:
309	if (skb->nh.raw[off+1] != 4 \|\| (off&3) != 2)	309	if (skb->nh.raw[off+1] != 4 \|\| (off&3) != 2)
310	goto bad;	310	goto bad;
311
312	pkt_len = ntohl((u32)(skb->nh.raw+off+2));	311	pkt_len = ntohl((u32)(skb->nh.raw+off+2));
313		312	if (pkt_len <= IPV6_MAXPLEN \|\|
		313	skb->nh.ipv6h->payload_len)
		314	goto bad;
314	if (pkt_len > skb->len - sizeof(struct ipv6hdr))	315	if (pkt_len > skb->len - sizeof(struct ipv6hdr))
315	goto bad;	316	goto bad;
316	if (pkt_len + sizeof(struct ipv6hdr) < skb->len) {	317	if (pskb_trim_rcsum(skb,
317	if (__pskb_trim(skb,	318	pkt_len+sizeof(struct ipv6hdr)))
318	pkt_len + sizeof(struct ipv6hdr)))	319	goto bad;
319	goto bad;
320	if (skb->ip_summed == CHECKSUM_HW)
321	skb->ip_summed = CHECKSUM_NONE;
322	}
323	break;	320	break;
324	default:	321	default:
325	if (optlen > len)	322	if (optlen > len)


diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 058c48e258fc..d0a447e520a2 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile
@@ -12,6 +12,7 @@ ip_nat_pptp-objs := ip_nat_helper_pptp.o ip_nat_proto_gre.o
12		12
13	# connection tracking	13	# connection tracking
14	obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o	14	obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
		15	obj-$(CONFIG_IP_NF_NAT) += ip_nat.o
15		16
16	# conntrack netlink interface	17	# conntrack netlink interface
17	obj-$(CONFIG_IP_NF_CONNTRACK_NETLINK) += ip_conntrack_netlink.o	18	obj-$(CONFIG_IP_NF_CONNTRACK_NETLINK) += ip_conntrack_netlink.o
@@ -41,7 +42,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
41	# the three instances of ip_tables	42	# the three instances of ip_tables
42	obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o	43	obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
43	obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o	44	obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
44	obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o ip_nat.o	45	obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
45	obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o	46	obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
46		47
47	# matches	48	# matches


diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index b2b60f3e9cdd..42196ba3b0b9 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -182,6 +182,7 @@ _decode_session4(struct sk_buff skb, struct flowi fl)
182	case IPPROTO_UDP:	182	case IPPROTO_UDP:
183	case IPPROTO_TCP:	183	case IPPROTO_TCP:
184	case IPPROTO_SCTP:	184	case IPPROTO_SCTP:
		185	case IPPROTO_DCCP:
185	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {	186	if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
186	u16 ports = (u16 )xprth;	187	u16 ports = (u16 )xprth;
187		188


diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 73a23b4130a5..4ea8cf7c0cc4 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c
@@ -1596,9 +1596,17 @@ void addrconf_prefix_rcv(struct net_device dev, u8 opt, int len)
1596	not good.	1596	not good.
1597	*/	1597	*/
1598	if (valid_lft >= 0x7FFFFFFF/HZ)	1598	if (valid_lft >= 0x7FFFFFFF/HZ)
1599	rt_expires = 0;	1599	rt_expires = 0x7FFFFFFF - (0x7FFFFFFF % HZ);
1600	else	1600	else
1601	rt_expires = jiffies + valid_lft * HZ;	1601	rt_expires = valid_lft * HZ;
		1602
		1603	/*
		1604	* We convert this (in jiffies) to clock_t later.
		1605	* Avoid arithmetic overflow there as well.
		1606	* Overflow can happen only if HZ < USER_HZ.
		1607	*/
		1608	if (HZ < USER_HZ && rt_expires > 0x7FFFFFFF / USER_HZ)
		1609	rt_expires = 0x7FFFFFFF / USER_HZ;
1602		1610
1603	if (pinfo->onlink) {	1611	if (pinfo->onlink) {
1604	struct rt6_info *rt;	1612	struct rt6_info *rt;
@@ -1610,12 +1618,12 @@ void addrconf_prefix_rcv(struct net_device dev, u8 opt, int len)
1610	ip6_del_rt(rt, NULL, NULL, NULL);	1618	ip6_del_rt(rt, NULL, NULL, NULL);
1611	rt = NULL;	1619	rt = NULL;
1612	} else {	1620	} else {
1613	rt->rt6i_expires = rt_expires;	1621	rt->rt6i_expires = jiffies + rt_expires;
1614	}	1622	}
1615	}	1623	}
1616	} else if (valid_lft) {	1624	} else if (valid_lft) {
1617	addrconf_prefix_route(&pinfo->prefix, pinfo->prefix_len,	1625	addrconf_prefix_route(&pinfo->prefix, pinfo->prefix_len,
1618	dev, rt_expires, RTF_ADDRCONF\|RTF_EXPIRES\|RTF_PREFIX_RT);	1626	dev, jiffies_to_clock_t(rt_expires), RTF_ADDRCONF\|RTF_EXPIRES\|RTF_PREFIX_RT);
1619	}	1627	}
1620	if (rt)	1628	if (rt)
1621	dst_release(&rt->u.dst);	1629	dst_release(&rt->u.dst);


diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 060d61202412..04912f9b35c3 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig
@@ -211,7 +211,7 @@ config IP6_NF_TARGET_REJECT
211		211
212	config IP6_NF_TARGET_NFQUEUE	212	config IP6_NF_TARGET_NFQUEUE
213	tristate "NFQUEUE Target Support"	213	tristate "NFQUEUE Target Support"
214	depends on IP_NF_IPTABLES	214	depends on IP6_NF_IPTABLES
215	help	215	help
216	This Target replaced the old obsolete QUEUE target.	216	This Target replaced the old obsolete QUEUE target.
217		217


diff --git a/net/ipv6/route.c b/net/ipv6/route.c index a7a537b50595..7c68bfbee361 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c
@@ -829,7 +829,7 @@ int ip6_route_add(struct in6_rtmsg rtmsg, struct nlmsghdr nlh,
829	}	829	}
830		830
831	rt->u.dst.obsolete = -1;	831	rt->u.dst.obsolete = -1;
832	rt->rt6i_expires = clock_t_to_jiffies(rtmsg->rtmsg_info);	832	rt->rt6i_expires = jiffies + clock_t_to_jiffies(rtmsg->rtmsg_info);
833	if (nlh && (r = NLMSG_DATA(nlh))) {	833	if (nlh && (r = NLMSG_DATA(nlh))) {
834	rt->rt6i_protocol = r->rtm_protocol;	834	rt->rt6i_protocol = r->rtm_protocol;
835	} else {	835	} else {


diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index cf1d91e74c82..69bd957380e7 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c
@@ -214,6 +214,7 @@ _decode_session6(struct sk_buff skb, struct flowi fl)
214	case IPPROTO_UDP:	214	case IPPROTO_UDP:
215	case IPPROTO_TCP:	215	case IPPROTO_TCP:
216	case IPPROTO_SCTP:	216	case IPPROTO_SCTP:
		217	case IPPROTO_DCCP:
217	if (pskb_may_pull(skb, skb->nh.raw + offset + 4 - skb->data)) {	218	if (pskb_may_pull(skb, skb->nh.raw + offset + 4 - skb->data)) {
218	u16 ports = (u16 )exthdr;	219	u16 ports = (u16 )exthdr;
219		220


diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 1f7f244806b7..9df888e932c5 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c
@@ -156,10 +156,6 @@ static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
156	sizeof(struct sk_buff) +	156	sizeof(struct sk_buff) +
157	sizeof(struct sctp_chunk);	157	sizeof(struct sctp_chunk);
158		158
159	sk->sk_wmem_queued += SCTP_DATA_SNDSIZE(chunk) +
160	sizeof(struct sk_buff) +
161	sizeof(struct sctp_chunk);
162
163	atomic_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);	159	atomic_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
164	}	160	}
165		161
@@ -4426,7 +4422,7 @@ cleanup:
4426	* tcp_poll(). Note that, based on these implementations, we don't	4422	* tcp_poll(). Note that, based on these implementations, we don't
4427	* lock the socket in this function, even though it seems that,	4423	* lock the socket in this function, even though it seems that,
4428	* ideally, locking or some other mechanisms can be used to ensure	4424	* ideally, locking or some other mechanisms can be used to ensure
4429	* the integrity of the counters (sndbuf and wmem_queued) used	4425	* the integrity of the counters (sndbuf and wmem_alloc) used
4430	* in this place. We assume that we don't need locks either until proven	4426	* in this place. We assume that we don't need locks either until proven
4431	* otherwise.	4427	* otherwise.
4432	*	4428	*
@@ -4833,10 +4829,6 @@ static void sctp_wfree(struct sk_buff *skb)
4833	sizeof(struct sk_buff) +	4829	sizeof(struct sk_buff) +
4834	sizeof(struct sctp_chunk);	4830	sizeof(struct sctp_chunk);
4835		4831
4836	sk->sk_wmem_queued -= SCTP_DATA_SNDSIZE(chunk) +
4837	sizeof(struct sk_buff) +
4838	sizeof(struct sctp_chunk);
4839
4840	atomic_sub(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);	4832	atomic_sub(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
4841		4833
4842	sock_wfree(skb);	4834	sock_wfree(skb);
@@ -4920,7 +4912,7 @@ void sctp_write_space(struct sock *sk)
4920		4912
4921	/* Is there any sndbuf space available on the socket?	4913	/* Is there any sndbuf space available on the socket?
4922	*	4914	*
4923	* Note that wmem_queued is the sum of the send buffers on all of the	4915	* Note that sk_wmem_alloc is the sum of the send buffers on all of the
4924	* associations on the same socket. For a UDP-style socket with	4916	* associations on the same socket. For a UDP-style socket with
4925	* multiple associations, it is possible for it to be "unwriteable"	4917	* multiple associations, it is possible for it to be "unwriteable"
4926	* prematurely. I assume that this is acceptable because	4918	* prematurely. I assume that this is acceptable because
@@ -4933,7 +4925,7 @@ static int sctp_writeable(struct sock *sk)
4933	{	4925	{
4934	int amt = 0;	4926	int amt = 0;
4935		4927
4936	amt = sk->sk_sndbuf - sk->sk_wmem_queued;	4928	amt = sk->sk_sndbuf - atomic_read(&sk->sk_wmem_alloc);
4937	if (amt < 0)	4929	if (amt < 0)
4938	amt = 0;	4930	amt = 0;
4939	return amt;	4931	return amt;


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 0db9e57013fd..54a4be6a7d26 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -1014,13 +1014,12 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
1014	}	1014	}
1015	EXPORT_SYMBOL(__xfrm_route_forward);	1015	EXPORT_SYMBOL(__xfrm_route_forward);
1016		1016
1017	/* Optimize later using cookies and generation ids. */
1018
1019	static struct dst_entry xfrm_dst_check(struct dst_entry dst, u32 cookie)	1017	static struct dst_entry xfrm_dst_check(struct dst_entry dst, u32 cookie)
1020	{	1018	{
1021	if (!stale_bundle(dst))	1019	/* If it is marked obsolete, which is how we even get here,
1022	return dst;	1020	* then we have purged it from the policy bundle list and we
1023		1021	* did that for a good reason.
		1022	*/
1024	return NULL;	1023	return NULL;
1025	}	1024	}
1026		1025
@@ -1104,6 +1103,16 @@ int xfrm_flush_bundles(void)
1104	return 0;	1103	return 0;
1105	}	1104	}
1106		1105
		1106	static int always_true(struct dst_entry *dst)
		1107	{
		1108	return 1;
		1109	}
		1110
		1111	void xfrm_flush_all_bundles(void)
		1112	{
		1113	xfrm_prune_bundles(always_true);
		1114	}
		1115
1107	void xfrm_init_pmtu(struct dst_entry *dst)	1116	void xfrm_init_pmtu(struct dst_entry *dst)
1108	{	1117	{
1109	do {	1118	do {


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 7cf48aa6c95b..479effc97666 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -431,6 +431,8 @@ void xfrm_state_insert(struct xfrm_state *x)
431	spin_lock_bh(&xfrm_state_lock);	431	spin_lock_bh(&xfrm_state_lock);
432	__xfrm_state_insert(x);	432	__xfrm_state_insert(x);
433	spin_unlock_bh(&xfrm_state_lock);	433	spin_unlock_bh(&xfrm_state_lock);
		434
		435	xfrm_flush_all_bundles();
434	}	436	}
435	EXPORT_SYMBOL(xfrm_state_insert);	437	EXPORT_SYMBOL(xfrm_state_insert);
436		438
@@ -478,6 +480,9 @@ out:
478	spin_unlock_bh(&xfrm_state_lock);	480	spin_unlock_bh(&xfrm_state_lock);
479	xfrm_state_put_afinfo(afinfo);	481	xfrm_state_put_afinfo(afinfo);
480		482
		483	if (!err)
		484	xfrm_flush_all_bundles();
		485
481	if (x1) {	486	if (x1) {
482	xfrm_state_delete(x1);	487	xfrm_state_delete(x1);
483	xfrm_state_put(x1);	488	xfrm_state_put(x1);