aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.linux-foundation.org>2007-01-31 19:58:12 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-01-31 19:58:12 -0500
commit190ff5b3a168b666925897558998b5d97fec8731 (patch)
tree9c87169011f48e1ef10a46fcb2050a8795c69161
parent6fd6b17c6d9713f56b5f20903ec3e00fa6cc435e (diff)
parent2e5530236645a042e1481aa19879b819c3e8f5c9 (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NETFILTER]: xt_hashlimit: fix ip6tables dependency [SCTP]: Force update of the rto when processing HB-ACK [IPV6]: fix BUG of ndisc_send_redirect() [IPV6]: Fix up some CONFIG typos [NETFILTER]: SIP conntrack: fix out of bounds memory access [NETFILTER]: SIP conntrack: fix skipping over user info in SIP headers [NETFILTER]: xt_connbytes: fix division by zero [MAINTAINERS]: netfilter@ is subscribers-only
-rw-r--r--MAINTAINERS2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_sip.c10
-rw-r--r--net/ipv6/addrconf.c4
-rw-r--r--net/ipv6/ndisc.c7
-rw-r--r--net/netfilter/Kconfig2
-rw-r--r--net/netfilter/nf_conntrack_sip.c10
-rw-r--r--net/netfilter/xt_connbytes.c29
-rw-r--r--net/sctp/sm_sideeffect.c6
8 files changed, 45 insertions, 25 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 1446cc41c12f..a275f72ed5f7 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2288,7 +2288,7 @@ P: Jozsef Kadlecsik
2288P: Patrick McHardy 2288P: Patrick McHardy
2289M: kaber@trash.net 2289M: kaber@trash.net
2290L: netfilter-devel@lists.netfilter.org 2290L: netfilter-devel@lists.netfilter.org
2291L: netfilter@lists.netfilter.org 2291L: netfilter@lists.netfilter.org (subscribers-only)
2292L: coreteam@netfilter.org 2292L: coreteam@netfilter.org
2293W: http://www.netfilter.org/ 2293W: http://www.netfilter.org/
2294W: http://www.iptables.org/ 2294W: http://www.iptables.org/
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c
index 3a26d63eed88..11c588a10e6b 100644
--- a/net/ipv4/netfilter/ip_conntrack_sip.c
+++ b/net/ipv4/netfilter/ip_conntrack_sip.c
@@ -283,10 +283,16 @@ static int skp_epaddr_len(const char *dptr, const char *limit, int *shift)
283{ 283{
284 int s = *shift; 284 int s = *shift;
285 285
286 for (; dptr <= limit && *dptr != '@'; dptr++) 286 /* Search for @, but stop at the end of the line.
287 * We are inside a sip: URI, so we don't need to worry about
288 * continuation lines. */
289 while (dptr <= limit &&
290 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
287 (*shift)++; 291 (*shift)++;
292 dptr++;
293 }
288 294
289 if (*dptr == '@') { 295 if (dptr <= limit && *dptr == '@') {
290 dptr++; 296 dptr++;
291 (*shift)++; 297 (*shift)++;
292 } else 298 } else
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 2a7e4618f526..e3854696988d 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3393,7 +3393,7 @@ static void inline ipv6_store_devconf(struct ipv6_devconf *cnf,
3393#ifdef CONFIG_IPV6_ROUTER_PREF 3393#ifdef CONFIG_IPV6_ROUTER_PREF
3394 array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref; 3394 array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref;
3395 array[DEVCONF_RTR_PROBE_INTERVAL] = cnf->rtr_probe_interval; 3395 array[DEVCONF_RTR_PROBE_INTERVAL] = cnf->rtr_probe_interval;
3396#ifdef CONFIV_IPV6_ROUTE_INFO 3396#ifdef CONFIG_IPV6_ROUTE_INFO
3397 array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen; 3397 array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen;
3398#endif 3398#endif
3399#endif 3399#endif
@@ -3898,7 +3898,7 @@ static struct addrconf_sysctl_table
3898 .proc_handler = &proc_dointvec_jiffies, 3898 .proc_handler = &proc_dointvec_jiffies,
3899 .strategy = &sysctl_jiffies, 3899 .strategy = &sysctl_jiffies,
3900 }, 3900 },
3901#ifdef CONFIV_IPV6_ROUTE_INFO 3901#ifdef CONFIG_IPV6_ROUTE_INFO
3902 { 3902 {
3903 .ctl_name = NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN, 3903 .ctl_name = NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN,
3904 .procname = "accept_ra_rt_info_max_plen", 3904 .procname = "accept_ra_rt_info_max_plen",
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 6a9f616de37d..39bb658f3c44 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1413,6 +1413,13 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1413 return; 1413 return;
1414 } 1414 }
1415 1415
1416 if (!ipv6_addr_equal(&skb->nh.ipv6h->daddr, target) &&
1417 !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1418 ND_PRINTK2(KERN_WARNING
1419 "ICMPv6 Redirect: target address is not link-local.\n");
1420 return;
1421 }
1422
1416 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr, 1423 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr,
1417 dev->ifindex); 1424 dev->ifindex);
1418 1425
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index cd10e44db015..2a2bcb303bfa 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -628,7 +628,7 @@ config NETFILTER_XT_MATCH_TCPMSS
628 628
629config NETFILTER_XT_MATCH_HASHLIMIT 629config NETFILTER_XT_MATCH_HASHLIMIT
630 tristate '"hashlimit" match support' 630 tristate '"hashlimit" match support'
631 depends on NETFILTER_XTABLES 631 depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
632 help 632 help
633 This option adds a `hashlimit' match. 633 This option adds a `hashlimit' match.
634 634
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index eb2a2411f97b..9dec11534678 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -303,10 +303,16 @@ static int skp_epaddr_len(struct nf_conn *ct, const char *dptr,
303{ 303{
304 int s = *shift; 304 int s = *shift;
305 305
306 for (; dptr <= limit && *dptr != '@'; dptr++) 306 /* Search for @, but stop at the end of the line.
307 * We are inside a sip: URI, so we don't need to worry about
308 * continuation lines. */
309 while (dptr <= limit &&
310 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
307 (*shift)++; 311 (*shift)++;
312 dptr++;
313 }
308 314
309 if (*dptr == '@') { 315 if (dptr <= limit && *dptr == '@') {
310 dptr++; 316 dptr++;
311 (*shift)++; 317 (*shift)++;
312 } else 318 } else
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index d93cb096a675..5e32dfa2668b 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -52,6 +52,8 @@ match(const struct sk_buff *skb,
52{ 52{
53 const struct xt_connbytes_info *sinfo = matchinfo; 53 const struct xt_connbytes_info *sinfo = matchinfo;
54 u_int64_t what = 0; /* initialize to make gcc happy */ 54 u_int64_t what = 0; /* initialize to make gcc happy */
55 u_int64_t bytes = 0;
56 u_int64_t pkts = 0;
55 const struct ip_conntrack_counter *counters; 57 const struct ip_conntrack_counter *counters;
56 58
57 if (!(counters = nf_ct_get_counters(skb))) 59 if (!(counters = nf_ct_get_counters(skb)))
@@ -89,29 +91,22 @@ match(const struct sk_buff *skb,
89 case XT_CONNBYTES_AVGPKT: 91 case XT_CONNBYTES_AVGPKT:
90 switch (sinfo->direction) { 92 switch (sinfo->direction) {
91 case XT_CONNBYTES_DIR_ORIGINAL: 93 case XT_CONNBYTES_DIR_ORIGINAL:
92 what = div64_64(counters[IP_CT_DIR_ORIGINAL].bytes, 94 bytes = counters[IP_CT_DIR_ORIGINAL].bytes;
93 counters[IP_CT_DIR_ORIGINAL].packets); 95 pkts = counters[IP_CT_DIR_ORIGINAL].packets;
94 break; 96 break;
95 case XT_CONNBYTES_DIR_REPLY: 97 case XT_CONNBYTES_DIR_REPLY:
96 what = div64_64(counters[IP_CT_DIR_REPLY].bytes, 98 bytes = counters[IP_CT_DIR_REPLY].bytes;
97 counters[IP_CT_DIR_REPLY].packets); 99 pkts = counters[IP_CT_DIR_REPLY].packets;
98 break; 100 break;
99 case XT_CONNBYTES_DIR_BOTH: 101 case XT_CONNBYTES_DIR_BOTH:
100 { 102 bytes = counters[IP_CT_DIR_ORIGINAL].bytes +
101 u_int64_t bytes; 103 counters[IP_CT_DIR_REPLY].bytes;
102 u_int64_t pkts; 104 pkts = counters[IP_CT_DIR_ORIGINAL].packets +
103 bytes = counters[IP_CT_DIR_ORIGINAL].bytes + 105 counters[IP_CT_DIR_REPLY].packets;
104 counters[IP_CT_DIR_REPLY].bytes;
105 pkts = counters[IP_CT_DIR_ORIGINAL].packets+
106 counters[IP_CT_DIR_REPLY].packets;
107
108 /* FIXME_THEORETICAL: what to do if sum
109 * overflows ? */
110
111 what = div64_64(bytes, pkts);
112 }
113 break; 106 break;
114 } 107 }
108 if (pkts != 0)
109 what = div64_64(bytes, pkts);
115 break; 110 break;
116 } 111 }
117 112
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 8bd30976cdee..6db77d1329f7 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -621,7 +621,13 @@ static void sctp_cmd_transport_on(sctp_cmd_seq_t *cmds,
621 /* The receiver of the HEARTBEAT ACK should also perform an 621 /* The receiver of the HEARTBEAT ACK should also perform an
622 * RTT measurement for that destination transport address 622 * RTT measurement for that destination transport address
623 * using the time value carried in the HEARTBEAT ACK chunk. 623 * using the time value carried in the HEARTBEAT ACK chunk.
624 * If the transport's rto_pending variable has been cleared,
625 * it was most likely due to a retransmit. However, we want
626 * to re-enable it to properly update the rto.
624 */ 627 */
628 if (t->rto_pending == 0)
629 t->rto_pending = 1;
630
625 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data; 631 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
626 sctp_transport_update_rto(t, (jiffies - hbinfo->sent_at)); 632 sctp_transport_update_rto(t, (jiffies - hbinfo->sent_at));
627 633