aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-08-03 01:35:26 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-08-03 01:35:26 -0400
commit46f5960fdbf359f0c75989854bbaebc1de7a1eb4 (patch)
tree132d8d0eba110342bb88fcce2519c441ac771162
parent90eb29efd0ca9301d80d03ea13662d32436f060e (diff)
parent29bbd72d6ee1dbf2d9f00d022f8e999aa528fb3a (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (32 commits) [NET]: Fix more per-cpu typos [SECURITY]: Fix build with CONFIG_SECURITY disabled. [I/OAT]: Remove CPU hotplug lock from net_dma_rebalance [DECNET]: Fix for routing bug [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch [NET]: skb_queue_lock_key() is no longer used. [NET]: Remove lockdep_set_class() call from skb_queue_head_init(). [IPV6]: SNMPv2 "ipv6IfStatsOutFragCreates" counter error [IPV6]: SNMPv2 "ipv6IfStatsInHdrErrors" counter error [NET]: Kill the WARN_ON() calls for checksum fixups. [NETFILTER]: xt_hashlimit/xt_string: missing string validation [NETFILTER]: SIP helper: expect RTP streams in both directions [E1000]: Convert to netdev_alloc_skb [TG3]: Convert to netdev_alloc_skb [NET]: Add netdev_alloc_skb(). [TCP]: Process linger2 timeout consistently. [SECURITY] secmark: nul-terminate secdata [NET] infiniband: Cleanup ib_addr module to use the netevents [NET]: Core net changes to generate netevents [NET]: Network Event Notifier Mechanism. ...
-rw-r--r--drivers/infiniband/core/addr.c30
-rw-r--r--drivers/net/appletalk/Kconfig2
-rw-r--r--drivers/net/e1000/e1000_main.c11
-rw-r--r--drivers/net/tg3.c10
-rw-r--r--include/linux/netfilter_bridge.h1
-rw-r--r--include/linux/security.h40
-rw-r--r--include/linux/skbuff.h33
-rw-r--r--include/net/af_unix.h6
-rw-r--r--include/net/ip6_route.h12
-rw-r--r--include/net/ipv6.h3
-rw-r--r--include/net/netdma.h2
-rw-r--r--include/net/netevent.h33
-rw-r--r--include/net/scm.h29
-rw-r--r--include/net/tcp.h3
-rw-r--r--net/core/Makefile2
-rw-r--r--net/core/dev.c19
-rw-r--r--net/core/neighbour.c14
-rw-r--r--net/core/netevent.c69
-rw-r--r--net/core/skbuff.c45
-rw-r--r--net/dccp/ipv6.c4
-rw-r--r--net/decnet/dn_route.c9
-rw-r--r--net/ipv4/ip_output.c7
-rw-r--r--net/ipv4/ip_sockglue.c9
-rw-r--r--net/ipv4/netfilter/ip_conntrack_sip.c2
-rw-r--r--net/ipv4/netfilter/ipt_hashlimit.c3
-rw-r--r--net/ipv4/route.c8
-rw-r--r--net/ipv4/tcp.c5
-rw-r--r--net/ipv4/tcp_ipv4.c2
-rw-r--r--net/ipv4/tcp_minisocks.c4
-rw-r--r--net/ipv4/tcp_probe.c2
-rw-r--r--net/ipv6/addrconf.c174
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/ip6_output.c129
-rw-r--r--net/ipv6/route.c7
-rw-r--r--net/ipv6/tcp_ipv6.c6
-rw-r--r--net/ipv6/udp.c2
-rw-r--r--net/ipv6/xfrm6_output.c2
-rw-r--r--net/netfilter/xt_SECMARK.c2
-rw-r--r--net/netfilter/xt_string.c5
-rw-r--r--net/unix/af_unix.c17
-rw-r--r--security/dummy.c14
-rw-r--r--security/selinux/hooks.c38
43 files changed, 632 insertions, 187 deletions
diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
index d294bbc42f09..1205e8027829 100644
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -35,6 +35,7 @@
35#include <net/arp.h> 35#include <net/arp.h>
36#include <net/neighbour.h> 36#include <net/neighbour.h>
37#include <net/route.h> 37#include <net/route.h>
38#include <net/netevent.h>
38#include <rdma/ib_addr.h> 39#include <rdma/ib_addr.h>
39 40
40MODULE_AUTHOR("Sean Hefty"); 41MODULE_AUTHOR("Sean Hefty");
@@ -326,25 +327,22 @@ void rdma_addr_cancel(struct rdma_dev_addr *addr)
326} 327}
327EXPORT_SYMBOL(rdma_addr_cancel); 328EXPORT_SYMBOL(rdma_addr_cancel);
328 329
329static int addr_arp_recv(struct sk_buff *skb, struct net_device *dev, 330static int netevent_callback(struct notifier_block *self, unsigned long event,
330 struct packet_type *pkt, struct net_device *orig_dev) 331 void *ctx)
331{ 332{
332 struct arphdr *arp_hdr; 333 if (event == NETEVENT_NEIGH_UPDATE) {
334 struct neighbour *neigh = ctx;
333 335
334 arp_hdr = (struct arphdr *) skb->nh.raw; 336 if (neigh->dev->type == ARPHRD_INFINIBAND &&
335 337 (neigh->nud_state & NUD_VALID)) {
336 if (arp_hdr->ar_op == htons(ARPOP_REQUEST) || 338 set_timeout(jiffies);
337 arp_hdr->ar_op == htons(ARPOP_REPLY)) 339 }
338 set_timeout(jiffies); 340 }
339
340 kfree_skb(skb);
341 return 0; 341 return 0;
342} 342}
343 343
344static struct packet_type addr_arp = { 344static struct notifier_block nb = {
345 .type = __constant_htons(ETH_P_ARP), 345 .notifier_call = netevent_callback
346 .func = addr_arp_recv,
347 .af_packet_priv = (void*) 1,
348}; 346};
349 347
350static int addr_init(void) 348static int addr_init(void)
@@ -353,13 +351,13 @@ static int addr_init(void)
353 if (!addr_wq) 351 if (!addr_wq)
354 return -ENOMEM; 352 return -ENOMEM;
355 353
356 dev_add_pack(&addr_arp); 354 register_netevent_notifier(&nb);
357 return 0; 355 return 0;
358} 356}
359 357
360static void addr_cleanup(void) 358static void addr_cleanup(void)
361{ 359{
362 dev_remove_pack(&addr_arp); 360 unregister_netevent_notifier(&nb);
363 destroy_workqueue(addr_wq); 361 destroy_workqueue(addr_wq);
364} 362}
365 363
diff --git a/drivers/net/appletalk/Kconfig b/drivers/net/appletalk/Kconfig
index b14e89004c3a..0a0e0cd81a23 100644
--- a/drivers/net/appletalk/Kconfig
+++ b/drivers/net/appletalk/Kconfig
@@ -29,7 +29,7 @@ config ATALK
29 even politically correct people are allowed to say Y here. 29 even politically correct people are allowed to say Y here.
30 30
31config DEV_APPLETALK 31config DEV_APPLETALK
32 bool "Appletalk interfaces support" 32 tristate "Appletalk interfaces support"
33 depends on ATALK 33 depends on ATALK
34 help 34 help
35 AppleTalk is the protocol that Apple computers can use to communicate 35 AppleTalk is the protocol that Apple computers can use to communicate
diff --git a/drivers/net/e1000/e1000_main.c b/drivers/net/e1000/e1000_main.c
index da62db897426..627f224d78bc 100644
--- a/drivers/net/e1000/e1000_main.c
+++ b/drivers/net/e1000/e1000_main.c
@@ -3127,7 +3127,7 @@ e1000_change_mtu(struct net_device *netdev, int new_mtu)
3127 break; 3127 break;
3128 } 3128 }
3129 3129
3130 /* NOTE: dev_alloc_skb reserves 16 bytes, and typically NET_IP_ALIGN 3130 /* NOTE: netdev_alloc_skb reserves 16 bytes, and typically NET_IP_ALIGN
3131 * means we reserve 2 more, this pushes us to allocate from the next 3131 * means we reserve 2 more, this pushes us to allocate from the next
3132 * larger slab size 3132 * larger slab size
3133 * i.e. RXBUFFER_2048 --> size-4096 slab */ 3133 * i.e. RXBUFFER_2048 --> size-4096 slab */
@@ -3708,7 +3708,7 @@ e1000_clean_rx_irq(struct e1000_adapter *adapter,
3708#define E1000_CB_LENGTH 256 3708#define E1000_CB_LENGTH 256
3709 if (length < E1000_CB_LENGTH) { 3709 if (length < E1000_CB_LENGTH) {
3710 struct sk_buff *new_skb = 3710 struct sk_buff *new_skb =
3711 dev_alloc_skb(length + NET_IP_ALIGN); 3711 netdev_alloc_skb(netdev, length + NET_IP_ALIGN);
3712 if (new_skb) { 3712 if (new_skb) {
3713 skb_reserve(new_skb, NET_IP_ALIGN); 3713 skb_reserve(new_skb, NET_IP_ALIGN);
3714 new_skb->dev = netdev; 3714 new_skb->dev = netdev;
@@ -3979,7 +3979,7 @@ e1000_alloc_rx_buffers(struct e1000_adapter *adapter,
3979 3979
3980 while (cleaned_count--) { 3980 while (cleaned_count--) {
3981 if (!(skb = buffer_info->skb)) 3981 if (!(skb = buffer_info->skb))
3982 skb = dev_alloc_skb(bufsz); 3982 skb = netdev_alloc_skb(netdev, bufsz);
3983 else { 3983 else {
3984 skb_trim(skb, 0); 3984 skb_trim(skb, 0);
3985 goto map_skb; 3985 goto map_skb;
@@ -3997,7 +3997,7 @@ e1000_alloc_rx_buffers(struct e1000_adapter *adapter,
3997 DPRINTK(RX_ERR, ERR, "skb align check failed: %u bytes " 3997 DPRINTK(RX_ERR, ERR, "skb align check failed: %u bytes "
3998 "at %p\n", bufsz, skb->data); 3998 "at %p\n", bufsz, skb->data);
3999 /* Try again, without freeing the previous */ 3999 /* Try again, without freeing the previous */
4000 skb = dev_alloc_skb(bufsz); 4000 skb = netdev_alloc_skb(netdev, bufsz);
4001 /* Failed allocation, critical failure */ 4001 /* Failed allocation, critical failure */
4002 if (!skb) { 4002 if (!skb) {
4003 dev_kfree_skb(oldskb); 4003 dev_kfree_skb(oldskb);
@@ -4121,7 +4121,8 @@ e1000_alloc_rx_buffers_ps(struct e1000_adapter *adapter,
4121 rx_desc->read.buffer_addr[j+1] = ~0; 4121 rx_desc->read.buffer_addr[j+1] = ~0;
4122 } 4122 }
4123 4123
4124 skb = dev_alloc_skb(adapter->rx_ps_bsize0 + NET_IP_ALIGN); 4124 skb = netdev_alloc_skb(netdev,
4125 adapter->rx_ps_bsize0 + NET_IP_ALIGN);
4125 4126
4126 if (unlikely(!skb)) { 4127 if (unlikely(!skb)) {
4127 adapter->alloc_rx_buff_failed++; 4128 adapter->alloc_rx_buff_failed++;
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c
index 1b8138f641e3..6f97962dd06b 100644
--- a/drivers/net/tg3.c
+++ b/drivers/net/tg3.c
@@ -68,8 +68,8 @@
68 68
69#define DRV_MODULE_NAME "tg3" 69#define DRV_MODULE_NAME "tg3"
70#define PFX DRV_MODULE_NAME ": " 70#define PFX DRV_MODULE_NAME ": "
71#define DRV_MODULE_VERSION "3.63" 71#define DRV_MODULE_VERSION "3.64"
72#define DRV_MODULE_RELDATE "July 25, 2006" 72#define DRV_MODULE_RELDATE "July 31, 2006"
73 73
74#define TG3_DEF_MAC_MODE 0 74#define TG3_DEF_MAC_MODE 0
75#define TG3_DEF_RX_MODE 0 75#define TG3_DEF_RX_MODE 0
@@ -3097,7 +3097,7 @@ static int tg3_alloc_rx_skb(struct tg3 *tp, u32 opaque_key,
3097 * Callers depend upon this behavior and assume that 3097 * Callers depend upon this behavior and assume that
3098 * we leave everything unchanged if we fail. 3098 * we leave everything unchanged if we fail.
3099 */ 3099 */
3100 skb = dev_alloc_skb(skb_size); 3100 skb = netdev_alloc_skb(tp->dev, skb_size);
3101 if (skb == NULL) 3101 if (skb == NULL)
3102 return -ENOMEM; 3102 return -ENOMEM;
3103 3103
@@ -3270,7 +3270,7 @@ static int tg3_rx(struct tg3 *tp, int budget)
3270 tg3_recycle_rx(tp, opaque_key, 3270 tg3_recycle_rx(tp, opaque_key,
3271 desc_idx, *post_ptr); 3271 desc_idx, *post_ptr);
3272 3272
3273 copy_skb = dev_alloc_skb(len + 2); 3273 copy_skb = netdev_alloc_skb(tp->dev, len + 2);
3274 if (copy_skb == NULL) 3274 if (copy_skb == NULL)
3275 goto drop_it_no_recycle; 3275 goto drop_it_no_recycle;
3276 3276
@@ -8618,7 +8618,7 @@ static int tg3_run_loopback(struct tg3 *tp, int loopback_mode)
8618 err = -EIO; 8618 err = -EIO;
8619 8619
8620 tx_len = 1514; 8620 tx_len = 1514;
8621 skb = dev_alloc_skb(tx_len); 8621 skb = netdev_alloc_skb(tp->dev, tx_len);
8622 if (!skb) 8622 if (!skb)
8623 return -ENOMEM; 8623 return -ENOMEM;
8624 8624
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 31f02ba036ce..10c13dc4665b 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -6,7 +6,6 @@
6 6
7#include <linux/netfilter.h> 7#include <linux/netfilter.h>
8#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER) 8#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
9#include <asm/atomic.h>
10#include <linux/if_ether.h> 9#include <linux/if_ether.h>
11#endif 10#endif
12 11
diff --git a/include/linux/security.h b/include/linux/security.h
index f75303831d09..6bc2aad494ff 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1109,6 +1109,16 @@ struct swap_info_struct;
1109 * @name contains the name of the security module being unstacked. 1109 * @name contains the name of the security module being unstacked.
1110 * @ops contains a pointer to the struct security_operations of the module to unstack. 1110 * @ops contains a pointer to the struct security_operations of the module to unstack.
1111 * 1111 *
1112 * @secid_to_secctx:
1113 * Convert secid to security context.
1114 * @secid contains the security ID.
1115 * @secdata contains the pointer that stores the converted security context.
1116 *
1117 * @release_secctx:
1118 * Release the security context.
1119 * @secdata contains the security context.
1120 * @seclen contains the length of the security context.
1121 *
1112 * This is the main security structure. 1122 * This is the main security structure.
1113 */ 1123 */
1114struct security_operations { 1124struct security_operations {
@@ -1289,6 +1299,8 @@ struct security_operations {
1289 1299
1290 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1300 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1291 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1301 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1302 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
1303 void (*release_secctx)(char *secdata, u32 seclen);
1292 1304
1293#ifdef CONFIG_SECURITY_NETWORK 1305#ifdef CONFIG_SECURITY_NETWORK
1294 int (*unix_stream_connect) (struct socket * sock, 1306 int (*unix_stream_connect) (struct socket * sock,
@@ -1317,7 +1329,7 @@ struct security_operations {
1317 int (*socket_shutdown) (struct socket * sock, int how); 1329 int (*socket_shutdown) (struct socket * sock, int how);
1318 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); 1330 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
1319 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); 1331 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1320 int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen); 1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1321 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1322 void (*sk_free_security) (struct sock *sk); 1334 void (*sk_free_security) (struct sock *sk);
1323 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
@@ -2059,6 +2071,16 @@ static inline int security_netlink_recv(struct sk_buff * skb, int cap)
2059 return security_ops->netlink_recv(skb, cap); 2071 return security_ops->netlink_recv(skb, cap);
2060} 2072}
2061 2073
2074static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2075{
2076 return security_ops->secid_to_secctx(secid, secdata, seclen);
2077}
2078
2079static inline void security_release_secctx(char *secdata, u32 seclen)
2080{
2081 return security_ops->release_secctx(secdata, seclen);
2082}
2083
2062/* prototypes */ 2084/* prototypes */
2063extern int security_init (void); 2085extern int security_init (void);
2064extern int register_security (struct security_operations *ops); 2086extern int register_security (struct security_operations *ops);
@@ -2725,6 +2747,14 @@ static inline void securityfs_remove(struct dentry *dentry)
2725{ 2747{
2726} 2748}
2727 2749
2750static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2751{
2752 return -EOPNOTSUPP;
2753}
2754
2755static inline void security_release_secctx(char *secdata, u32 seclen)
2756{
2757}
2728#endif /* CONFIG_SECURITY */ 2758#endif /* CONFIG_SECURITY */
2729 2759
2730#ifdef CONFIG_SECURITY_NETWORK 2760#ifdef CONFIG_SECURITY_NETWORK
@@ -2840,10 +2870,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
2840 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); 2870 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
2841} 2871}
2842 2872
2843static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 2873static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2844 u32 *seclen)
2845{ 2874{
2846 return security_ops->socket_getpeersec_dgram(skb, secdata, seclen); 2875 return security_ops->socket_getpeersec_dgram(sock, skb, secid);
2847} 2876}
2848 2877
2849static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 2878static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
@@ -2968,8 +2997,7 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
2968 return -ENOPROTOOPT; 2997 return -ENOPROTOOPT;
2969} 2998}
2970 2999
2971static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 3000static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2972 u32 *seclen)
2973{ 3001{
2974 return -ENOPROTOOPT; 3002 return -ENOPROTOOPT;
2975} 3003}
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 4307e764ef0a..19c96d498e20 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -604,12 +604,17 @@ static inline __u32 skb_queue_len(const struct sk_buff_head *list_)
604 return list_->qlen; 604 return list_->qlen;
605} 605}
606 606
607extern struct lock_class_key skb_queue_lock_key; 607/*
608 608 * This function creates a split out lock class for each invocation;
609 * this is needed for now since a whole lot of users of the skb-queue
610 * infrastructure in drivers have different locking usage (in hardirq)
611 * than the networking core (in softirq only). In the long run either the
612 * network layer or drivers should need annotation to consolidate the
613 * main types of usage into 3 classes.
614 */
609static inline void skb_queue_head_init(struct sk_buff_head *list) 615static inline void skb_queue_head_init(struct sk_buff_head *list)
610{ 616{
611 spin_lock_init(&list->lock); 617 spin_lock_init(&list->lock);
612 lockdep_set_class(&list->lock, &skb_queue_lock_key);
613 list->prev = list->next = (struct sk_buff *)list; 618 list->prev = list->next = (struct sk_buff *)list;
614 list->qlen = 0; 619 list->qlen = 0;
615} 620}
@@ -1104,6 +1109,28 @@ static inline struct sk_buff *dev_alloc_skb(unsigned int length)
1104 return __dev_alloc_skb(length, GFP_ATOMIC); 1109 return __dev_alloc_skb(length, GFP_ATOMIC);
1105} 1110}
1106 1111
1112extern struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
1113 unsigned int length, gfp_t gfp_mask);
1114
1115/**
1116 * netdev_alloc_skb - allocate an skbuff for rx on a specific device
1117 * @dev: network device to receive on
1118 * @length: length to allocate
1119 *
1120 * Allocate a new &sk_buff and assign it a usage count of one. The
1121 * buffer has unspecified headroom built in. Users should allocate
1122 * the headroom they think they need without accounting for the
1123 * built in space. The built in space is used for optimisations.
1124 *
1125 * %NULL is returned if there is no free memory. Although this function
1126 * allocates memory it can be called from an interrupt.
1127 */
1128static inline struct sk_buff *netdev_alloc_skb(struct net_device *dev,
1129 unsigned int length)
1130{
1131 return __netdev_alloc_skb(dev, length, GFP_ATOMIC);
1132}
1133
1107/** 1134/**
1108 * skb_cow - copy header of skb when it is required 1135 * skb_cow - copy header of skb when it is required
1109 * @skb: buffer to cow 1136 * @skb: buffer to cow
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 2fec827c8801..c0398f5a8cb9 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -54,15 +54,13 @@ struct unix_skb_parms {
54 struct ucred creds; /* Skb credentials */ 54 struct ucred creds; /* Skb credentials */
55 struct scm_fp_list *fp; /* Passed files */ 55 struct scm_fp_list *fp; /* Passed files */
56#ifdef CONFIG_SECURITY_NETWORK 56#ifdef CONFIG_SECURITY_NETWORK
57 char *secdata; /* Security context */ 57 u32 secid; /* Security ID */
58 u32 seclen; /* Security length */
59#endif 58#endif
60}; 59};
61 60
62#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) 61#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb))
63#define UNIXCREDS(skb) (&UNIXCB((skb)).creds) 62#define UNIXCREDS(skb) (&UNIXCB((skb)).creds)
64#define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata) 63#define UNIXSID(skb) (&UNIXCB((skb)).secid)
65#define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen)
66 64
67#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) 65#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock)
68#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) 66#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock)
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index ab29dafb1a6a..96b0e66406ec 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -139,16 +139,22 @@ extern rwlock_t rt6_lock;
139/* 139/*
140 * Store a destination cache entry in a socket 140 * Store a destination cache entry in a socket
141 */ 141 */
142static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst, 142static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
143 struct in6_addr *daddr) 143 struct in6_addr *daddr)
144{ 144{
145 struct ipv6_pinfo *np = inet6_sk(sk); 145 struct ipv6_pinfo *np = inet6_sk(sk);
146 struct rt6_info *rt = (struct rt6_info *) dst; 146 struct rt6_info *rt = (struct rt6_info *) dst;
147 147
148 write_lock(&sk->sk_dst_lock);
149 sk_setup_caps(sk, dst); 148 sk_setup_caps(sk, dst);
150 np->daddr_cache = daddr; 149 np->daddr_cache = daddr;
151 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 150 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
151}
152
153static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
154 struct in6_addr *daddr)
155{
156 write_lock(&sk->sk_dst_lock);
157 __ip6_dst_store(sk, dst, daddr);
152 write_unlock(&sk->sk_dst_lock); 158 write_unlock(&sk->sk_dst_lock);
153} 159}
154 160
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index a8fdf7970b37..ece7e8a84ffd 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -468,6 +468,9 @@ extern void ip6_flush_pending_frames(struct sock *sk);
468extern int ip6_dst_lookup(struct sock *sk, 468extern int ip6_dst_lookup(struct sock *sk,
469 struct dst_entry **dst, 469 struct dst_entry **dst,
470 struct flowi *fl); 470 struct flowi *fl);
471extern int ip6_sk_dst_lookup(struct sock *sk,
472 struct dst_entry **dst,
473 struct flowi *fl);
471 474
472/* 475/*
473 * skb processing functions 476 * skb processing functions
diff --git a/include/net/netdma.h b/include/net/netdma.h
index ceae5ee85c04..7f53cd1d8b1e 100644
--- a/include/net/netdma.h
+++ b/include/net/netdma.h
@@ -29,7 +29,7 @@ static inline struct dma_chan *get_softnet_dma(void)
29{ 29{
30 struct dma_chan *chan; 30 struct dma_chan *chan;
31 rcu_read_lock(); 31 rcu_read_lock();
32 chan = rcu_dereference(__get_cpu_var(softnet_data.net_dma)); 32 chan = rcu_dereference(__get_cpu_var(softnet_data).net_dma);
33 if (chan) 33 if (chan)
34 dma_chan_get(chan); 34 dma_chan_get(chan);
35 rcu_read_unlock(); 35 rcu_read_unlock();
diff --git a/include/net/netevent.h b/include/net/netevent.h
new file mode 100644
index 000000000000..e5d216241423
--- /dev/null
+++ b/include/net/netevent.h
@@ -0,0 +1,33 @@
1#ifndef _NET_EVENT_H
2#define _NET_EVENT_H
3
4/*
5 * Generic netevent notifiers
6 *
7 * Authors:
8 * Tom Tucker <tom@opengridcomputing.com>
9 * Steve Wise <swise@opengridcomputing.com>
10 *
11 * Changes:
12 */
13#ifdef __KERNEL__
14
15#include <net/dst.h>
16
17struct netevent_redirect {
18 struct dst_entry *old;
19 struct dst_entry *new;
20};
21
22enum netevent_notif_type {
23 NETEVENT_NEIGH_UPDATE = 1, /* arg is struct neighbour ptr */
24 NETEVENT_PMTU_UPDATE, /* arg is struct dst_entry ptr */
25 NETEVENT_REDIRECT, /* arg is struct netevent_redirect ptr */
26};
27
28extern int register_netevent_notifier(struct notifier_block *nb);
29extern int unregister_netevent_notifier(struct notifier_block *nb);
30extern int call_netevent_notifiers(unsigned long val, void *v);
31
32#endif
33#endif
diff --git a/include/net/scm.h b/include/net/scm.h
index 02daa097cdcd..5637d5e22d5f 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -3,6 +3,7 @@
3 3
4#include <linux/limits.h> 4#include <linux/limits.h>
5#include <linux/net.h> 5#include <linux/net.h>
6#include <linux/security.h>
6 7
7/* Well, we should have at least one descriptor open 8/* Well, we should have at least one descriptor open
8 * to accept passed FDs 8) 9 * to accept passed FDs 8)
@@ -20,8 +21,7 @@ struct scm_cookie
20 struct ucred creds; /* Skb credentials */ 21 struct ucred creds; /* Skb credentials */
21 struct scm_fp_list *fp; /* Passed files */ 22 struct scm_fp_list *fp; /* Passed files */
22#ifdef CONFIG_SECURITY_NETWORK 23#ifdef CONFIG_SECURITY_NETWORK
23 char *secdata; /* Security context */ 24 u32 secid; /* Passed security ID */
24 u32 seclen; /* Security length */
25#endif 25#endif
26 unsigned long seq; /* Connection seqno */ 26 unsigned long seq; /* Connection seqno */
27}; 27};
@@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
32extern void __scm_destroy(struct scm_cookie *scm); 32extern void __scm_destroy(struct scm_cookie *scm);
33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); 33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
34 34
35#ifdef CONFIG_SECURITY_NETWORK
36static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
37{
38 security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
39}
40#else
41static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
42{ }
43#endif /* CONFIG_SECURITY_NETWORK */
44
35static __inline__ void scm_destroy(struct scm_cookie *scm) 45static __inline__ void scm_destroy(struct scm_cookie *scm)
36{ 46{
37 if (scm && scm->fp) 47 if (scm && scm->fp)
@@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
47 scm->creds.pid = p->tgid; 57 scm->creds.pid = p->tgid;
48 scm->fp = NULL; 58 scm->fp = NULL;
49 scm->seq = 0; 59 scm->seq = 0;
60 unix_get_peersec_dgram(sock, scm);
50 if (msg->msg_controllen <= 0) 61 if (msg->msg_controllen <= 0)
51 return 0; 62 return 0;
52 return __scm_send(sock, msg, scm); 63 return __scm_send(sock, msg, scm);
@@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
55#ifdef CONFIG_SECURITY_NETWORK 66#ifdef CONFIG_SECURITY_NETWORK
56static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 67static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
57{ 68{
58 if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) 69 char *secdata;
59 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); 70 u32 seclen;
71 int err;
72
73 if (test_bit(SOCK_PASSSEC, &sock->flags)) {
74 err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
75
76 if (!err) {
77 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
78 security_release_secctx(secdata, seclen);
79 }
80 }
60} 81}
61#else 82#else
62static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 83static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 0720bddff1e9..7a093d0aa0fe 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -914,6 +914,9 @@ static inline void tcp_set_state(struct sock *sk, int state)
914 914
915static inline void tcp_done(struct sock *sk) 915static inline void tcp_done(struct sock *sk)
916{ 916{
917 if(sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
918 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
919
917 tcp_set_state(sk, TCP_CLOSE); 920 tcp_set_state(sk, TCP_CLOSE);
918 tcp_clear_xmit_timers(sk); 921 tcp_clear_xmit_timers(sk);
919 922
diff --git a/net/core/Makefile b/net/core/Makefile
index e9bd2467d5a9..2645ba428d48 100644
--- a/net/core/Makefile
+++ b/net/core/Makefile
@@ -7,7 +7,7 @@ obj-y := sock.o request_sock.o skbuff.o iovec.o datagram.o stream.o scm.o \
7 7
8obj-$(CONFIG_SYSCTL) += sysctl_net_core.o 8obj-$(CONFIG_SYSCTL) += sysctl_net_core.o
9 9
10obj-y += dev.o ethtool.o dev_mcast.o dst.o \ 10obj-y += dev.o ethtool.o dev_mcast.o dst.o netevent.o \
11 neighbour.o rtnetlink.o utils.o link_watch.o filter.o 11 neighbour.o rtnetlink.o utils.o link_watch.o filter.o
12 12
13obj-$(CONFIG_XFRM) += flow.o 13obj-$(CONFIG_XFRM) += flow.o
diff --git a/net/core/dev.c b/net/core/dev.c
index 4d2b5167d7f5..d95e2626d944 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1166,11 +1166,6 @@ int skb_checksum_help(struct sk_buff *skb, int inward)
1166 goto out_set_summed; 1166 goto out_set_summed;
1167 1167
1168 if (unlikely(skb_shinfo(skb)->gso_size)) { 1168 if (unlikely(skb_shinfo(skb)->gso_size)) {
1169 static int warned;
1170
1171 WARN_ON(!warned);
1172 warned = 1;
1173
1174 /* Let GSO fix up the checksum. */ 1169 /* Let GSO fix up the checksum. */
1175 goto out_set_summed; 1170 goto out_set_summed;
1176 } 1171 }
@@ -1220,11 +1215,6 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features)
1220 __skb_pull(skb, skb->mac_len); 1215 __skb_pull(skb, skb->mac_len);
1221 1216
1222 if (unlikely(skb->ip_summed != CHECKSUM_HW)) { 1217 if (unlikely(skb->ip_summed != CHECKSUM_HW)) {
1223 static int warned;
1224
1225 WARN_ON(!warned);
1226 warned = 1;
1227
1228 if (skb_header_cloned(skb) && 1218 if (skb_header_cloned(skb) &&
1229 (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) 1219 (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
1230 return ERR_PTR(err); 1220 return ERR_PTR(err);
@@ -3429,12 +3419,9 @@ static void net_dma_rebalance(void)
3429 unsigned int cpu, i, n; 3419 unsigned int cpu, i, n;
3430 struct dma_chan *chan; 3420 struct dma_chan *chan;
3431 3421
3432 lock_cpu_hotplug();
3433
3434 if (net_dma_count == 0) { 3422 if (net_dma_count == 0) {
3435 for_each_online_cpu(cpu) 3423 for_each_online_cpu(cpu)
3436 rcu_assign_pointer(per_cpu(softnet_data.net_dma, cpu), NULL); 3424 rcu_assign_pointer(per_cpu(softnet_data, cpu).net_dma, NULL);
3437 unlock_cpu_hotplug();
3438 return; 3425 return;
3439 } 3426 }
3440 3427
@@ -3447,15 +3434,13 @@ static void net_dma_rebalance(void)
3447 + (i < (num_online_cpus() % net_dma_count) ? 1 : 0)); 3434 + (i < (num_online_cpus() % net_dma_count) ? 1 : 0));
3448 3435
3449 while(n) { 3436 while(n) {
3450 per_cpu(softnet_data.net_dma, cpu) = chan; 3437 per_cpu(softnet_data, cpu).net_dma = chan;
3451 cpu = next_cpu(cpu, cpu_online_map); 3438 cpu = next_cpu(cpu, cpu_online_map);
3452 n--; 3439 n--;
3453 } 3440 }
3454 i++; 3441 i++;
3455 } 3442 }
3456 rcu_read_unlock(); 3443 rcu_read_unlock();
3457
3458 unlock_cpu_hotplug();
3459} 3444}
3460 3445
3461/** 3446/**
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 7ad681f5e712..5130d2efdbbe 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -29,6 +29,7 @@
29#include <net/neighbour.h> 29#include <net/neighbour.h>
30#include <net/dst.h> 30#include <net/dst.h>
31#include <net/sock.h> 31#include <net/sock.h>
32#include <net/netevent.h>
32#include <linux/rtnetlink.h> 33#include <linux/rtnetlink.h>
33#include <linux/random.h> 34#include <linux/random.h>
34#include <linux/string.h> 35#include <linux/string.h>
@@ -754,6 +755,7 @@ static void neigh_timer_handler(unsigned long arg)
754 neigh->nud_state = NUD_STALE; 755 neigh->nud_state = NUD_STALE;
755 neigh->updated = jiffies; 756 neigh->updated = jiffies;
756 neigh_suspect(neigh); 757 neigh_suspect(neigh);
758 notify = 1;
757 } 759 }
758 } else if (state & NUD_DELAY) { 760 } else if (state & NUD_DELAY) {
759 if (time_before_eq(now, 761 if (time_before_eq(now,
@@ -762,6 +764,7 @@ static void neigh_timer_handler(unsigned long arg)
762 neigh->nud_state = NUD_REACHABLE; 764 neigh->nud_state = NUD_REACHABLE;
763 neigh->updated = jiffies; 765 neigh->updated = jiffies;
764 neigh_connect(neigh); 766 neigh_connect(neigh);
767 notify = 1;
765 next = neigh->confirmed + neigh->parms->reachable_time; 768 next = neigh->confirmed + neigh->parms->reachable_time;
766 } else { 769 } else {
767 NEIGH_PRINTK2("neigh %p is probed.\n", neigh); 770 NEIGH_PRINTK2("neigh %p is probed.\n", neigh);
@@ -819,6 +822,8 @@ static void neigh_timer_handler(unsigned long arg)
819out: 822out:
820 write_unlock(&neigh->lock); 823 write_unlock(&neigh->lock);
821 } 824 }
825 if (notify)
826 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
822 827
823#ifdef CONFIG_ARPD 828#ifdef CONFIG_ARPD
824 if (notify && neigh->parms->app_probes) 829 if (notify && neigh->parms->app_probes)
@@ -926,9 +931,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
926{ 931{
927 u8 old; 932 u8 old;
928 int err; 933 int err;
929#ifdef CONFIG_ARPD
930 int notify = 0; 934 int notify = 0;
931#endif
932 struct net_device *dev; 935 struct net_device *dev;
933 int update_isrouter = 0; 936 int update_isrouter = 0;
934 937
@@ -948,9 +951,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
948 neigh_suspect(neigh); 951 neigh_suspect(neigh);
949 neigh->nud_state = new; 952 neigh->nud_state = new;
950 err = 0; 953 err = 0;
951#ifdef CONFIG_ARPD
952 notify = old & NUD_VALID; 954 notify = old & NUD_VALID;
953#endif
954 goto out; 955 goto out;
955 } 956 }
956 957
@@ -1022,9 +1023,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1022 if (!(new & NUD_CONNECTED)) 1023 if (!(new & NUD_CONNECTED))
1023 neigh->confirmed = jiffies - 1024 neigh->confirmed = jiffies -
1024 (neigh->parms->base_reachable_time << 1); 1025 (neigh->parms->base_reachable_time << 1);
1025#ifdef CONFIG_ARPD
1026 notify = 1; 1026 notify = 1;
1027#endif
1028 } 1027 }
1029 if (new == old) 1028 if (new == old)
1030 goto out; 1029 goto out;
@@ -1056,6 +1055,9 @@ out:
1056 (neigh->flags & ~NTF_ROUTER); 1055 (neigh->flags & ~NTF_ROUTER);
1057 } 1056 }
1058 write_unlock_bh(&neigh->lock); 1057 write_unlock_bh(&neigh->lock);
1058
1059 if (notify)
1060 call_netevent_notifiers(NETEVENT_NEIGH_UPDATE, neigh);
1059#ifdef CONFIG_ARPD 1061#ifdef CONFIG_ARPD
1060 if (notify && neigh->parms->app_probes) 1062 if (notify && neigh->parms->app_probes)
1061 neigh_app_notify(neigh); 1063 neigh_app_notify(neigh);
diff --git a/net/core/netevent.c b/net/core/netevent.c
new file mode 100644
index 000000000000..35d02c38554e
--- /dev/null
+++ b/net/core/netevent.c
@@ -0,0 +1,69 @@
1/*
2 * Network event notifiers
3 *
4 * Authors:
5 * Tom Tucker <tom@opengridcomputing.com>
6 * Steve Wise <swise@opengridcomputing.com>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 *
13 * Fixes:
14 */
15
16#include <linux/rtnetlink.h>
17#include <linux/notifier.h>
18
19static ATOMIC_NOTIFIER_HEAD(netevent_notif_chain);
20
21/**
22 * register_netevent_notifier - register a netevent notifier block
23 * @nb: notifier
24 *
25 * Register a notifier to be called when a netevent occurs.
26 * The notifier passed is linked into the kernel structures and must
27 * not be reused until it has been unregistered. A negative errno code
28 * is returned on a failure.
29 */
30int register_netevent_notifier(struct notifier_block *nb)
31{
32 int err;
33
34 err = atomic_notifier_chain_register(&netevent_notif_chain, nb);
35 return err;
36}
37
38/**
39 * netevent_unregister_notifier - unregister a netevent notifier block
40 * @nb: notifier
41 *
42 * Unregister a notifier previously registered by
43 * register_neigh_notifier(). The notifier is unlinked into the
44 * kernel structures and may then be reused. A negative errno code
45 * is returned on a failure.
46 */
47
48int unregister_netevent_notifier(struct notifier_block *nb)
49{
50 return atomic_notifier_chain_unregister(&netevent_notif_chain, nb);
51}
52
53/**
54 * call_netevent_notifiers - call all netevent notifier blocks
55 * @val: value passed unmodified to notifier function
56 * @v: pointer passed unmodified to notifier function
57 *
58 * Call all neighbour notifier blocks. Parameters and return value
59 * are as for notifier_call_chain().
60 */
61
62int call_netevent_notifiers(unsigned long val, void *v)
63{
64 return atomic_notifier_call_chain(&netevent_notif_chain, val, v);
65}
66
67EXPORT_SYMBOL_GPL(register_netevent_notifier);
68EXPORT_SYMBOL_GPL(unregister_netevent_notifier);
69EXPORT_SYMBOL_GPL(call_netevent_notifiers);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 476aa3978504..022d8894c11d 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -71,13 +71,6 @@ static kmem_cache_t *skbuff_head_cache __read_mostly;
71static kmem_cache_t *skbuff_fclone_cache __read_mostly; 71static kmem_cache_t *skbuff_fclone_cache __read_mostly;
72 72
73/* 73/*
74 * lockdep: lock class key used by skb_queue_head_init():
75 */
76struct lock_class_key skb_queue_lock_key;
77
78EXPORT_SYMBOL(skb_queue_lock_key);
79
80/*
81 * Keep out-of-line to prevent kernel bloat. 74 * Keep out-of-line to prevent kernel bloat.
82 * __builtin_return_address is not used because it is not always 75 * __builtin_return_address is not used because it is not always
83 * reliable. 76 * reliable.
@@ -256,6 +249,29 @@ nodata:
256 goto out; 249 goto out;
257} 250}
258 251
252/**
253 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
254 * @dev: network device to receive on
255 * @length: length to allocate
256 * @gfp_mask: get_free_pages mask, passed to alloc_skb
257 *
258 * Allocate a new &sk_buff and assign it a usage count of one. The
259 * buffer has unspecified headroom built in. Users should allocate
260 * the headroom they think they need without accounting for the
261 * built in space. The built in space is used for optimisations.
262 *
263 * %NULL is returned if there is no free memory.
264 */
265struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
266 unsigned int length, gfp_t gfp_mask)
267{
268 struct sk_buff *skb;
269
270 skb = alloc_skb(length + NET_SKB_PAD, gfp_mask);
271 if (likely(skb))
272 skb_reserve(skb, NET_SKB_PAD);
273 return skb;
274}
259 275
260static void skb_drop_list(struct sk_buff **listp) 276static void skb_drop_list(struct sk_buff **listp)
261{ 277{
@@ -846,7 +862,11 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len)
846 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))) 862 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))))
847 return err; 863 return err;
848 864
849 for (i = 0; i < nfrags; i++) { 865 i = 0;
866 if (offset >= len)
867 goto drop_pages;
868
869 for (; i < nfrags; i++) {
850 int end = offset + skb_shinfo(skb)->frags[i].size; 870 int end = offset + skb_shinfo(skb)->frags[i].size;
851 871
852 if (end < len) { 872 if (end < len) {
@@ -854,9 +874,9 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len)
854 continue; 874 continue;
855 } 875 }
856 876
857 if (len > offset) 877 skb_shinfo(skb)->frags[i++].size = len - offset;
858 skb_shinfo(skb)->frags[i++].size = len - offset;
859 878
879drop_pages:
860 skb_shinfo(skb)->nr_frags = i; 880 skb_shinfo(skb)->nr_frags = i;
861 881
862 for (; i < nfrags; i++) 882 for (; i < nfrags; i++)
@@ -864,7 +884,7 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len)
864 884
865 if (skb_shinfo(skb)->frag_list) 885 if (skb_shinfo(skb)->frag_list)
866 skb_drop_fraglist(skb); 886 skb_drop_fraglist(skb);
867 break; 887 goto done;
868 } 888 }
869 889
870 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp); 890 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp);
@@ -879,6 +899,7 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len)
879 return -ENOMEM; 899 return -ENOMEM;
880 900
881 nfrag->next = frag->next; 901 nfrag->next = frag->next;
902 kfree_skb(frag);
882 frag = nfrag; 903 frag = nfrag;
883 *fragp = frag; 904 *fragp = frag;
884 } 905 }
@@ -897,6 +918,7 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len)
897 break; 918 break;
898 } 919 }
899 920
921done:
900 if (len > skb_headlen(skb)) { 922 if (len > skb_headlen(skb)) {
901 skb->data_len -= skb->len - len; 923 skb->data_len -= skb->len - len;
902 skb->len = len; 924 skb->len = len;
@@ -2042,6 +2064,7 @@ EXPORT_SYMBOL(__kfree_skb);
2042EXPORT_SYMBOL(kfree_skb); 2064EXPORT_SYMBOL(kfree_skb);
2043EXPORT_SYMBOL(__pskb_pull_tail); 2065EXPORT_SYMBOL(__pskb_pull_tail);
2044EXPORT_SYMBOL(__alloc_skb); 2066EXPORT_SYMBOL(__alloc_skb);
2067EXPORT_SYMBOL(__netdev_alloc_skb);
2045EXPORT_SYMBOL(pskb_copy); 2068EXPORT_SYMBOL(pskb_copy);
2046EXPORT_SYMBOL(pskb_expand_head); 2069EXPORT_SYMBOL(pskb_expand_head);
2047EXPORT_SYMBOL(skb_checksum); 2070EXPORT_SYMBOL(skb_checksum);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 9f3d4d7cd0bf..610c722ac27f 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -230,7 +230,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
230 ipv6_addr_copy(&np->saddr, saddr); 230 ipv6_addr_copy(&np->saddr, saddr);
231 inet->rcv_saddr = LOOPBACK4_IPV6; 231 inet->rcv_saddr = LOOPBACK4_IPV6;
232 232
233 ip6_dst_store(sk, dst, NULL); 233 __ip6_dst_store(sk, dst, NULL);
234 234
235 icsk->icsk_ext_hdr_len = 0; 235 icsk->icsk_ext_hdr_len = 0;
236 if (np->opt != NULL) 236 if (np->opt != NULL)
@@ -863,7 +863,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
863 * comment in that function for the gory details. -acme 863 * comment in that function for the gory details. -acme
864 */ 864 */
865 865
866 ip6_dst_store(newsk, dst, NULL); 866 __ip6_dst_store(newsk, dst, NULL);
867 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | 867 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
868 NETIF_F_TSO); 868 NETIF_F_TSO);
869 newdp6 = (struct dccp6_sock *)newsk; 869 newdp6 = (struct dccp6_sock *)newsk;
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 1355614ec11b..743e9fcf7c5a 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -925,8 +925,13 @@ static int dn_route_output_slow(struct dst_entry **pprt, const struct flowi *old
925 for(dev_out = dev_base; dev_out; dev_out = dev_out->next) { 925 for(dev_out = dev_base; dev_out; dev_out = dev_out->next) {
926 if (!dev_out->dn_ptr) 926 if (!dev_out->dn_ptr)
927 continue; 927 continue;
928 if (dn_dev_islocal(dev_out, oldflp->fld_src)) 928 if (!dn_dev_islocal(dev_out, oldflp->fld_src))
929 break; 929 continue;
930 if ((dev_out->flags & IFF_LOOPBACK) &&
931 oldflp->fld_dst &&
932 !dn_dev_islocal(dev_out, oldflp->fld_dst))
933 continue;
934 break;
930 } 935 }
931 read_unlock(&dev_base_lock); 936 read_unlock(&dev_base_lock);
932 if (dev_out == NULL) 937 if (dev_out == NULL)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 7c9f9a6421b8..9bf307a29783 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -526,6 +526,8 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
526 526
527 err = output(skb); 527 err = output(skb);
528 528
529 if (!err)
530 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
529 if (err || !frag) 531 if (err || !frag)
530 break; 532 break;
531 533
@@ -649,9 +651,6 @@ slow_path:
649 /* 651 /*
650 * Put this fragment into the sending queue. 652 * Put this fragment into the sending queue.
651 */ 653 */
652
653 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
654
655 iph->tot_len = htons(len + hlen); 654 iph->tot_len = htons(len + hlen);
656 655
657 ip_send_check(iph); 656 ip_send_check(iph);
@@ -659,6 +658,8 @@ slow_path:
659 err = output(skb2); 658 err = output(skb2);
660 if (err) 659 if (err)
661 goto fail; 660 goto fail;
661
662 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
662 } 663 }
663 kfree_skb(skb); 664 kfree_skb(skb);
664 IP_INC_STATS(IPSTATS_MIB_FRAGOKS); 665 IP_INC_STATS(IPSTATS_MIB_FRAGOKS);
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 84f43a3c9098..2d05c4133d3e 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -112,14 +112,19 @@ static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) 112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
113{ 113{
114 char *secdata; 114 char *secdata;
115 u32 seclen; 115 u32 seclen, secid;
116 int err; 116 int err;
117 117
118 err = security_socket_getpeersec_dgram(skb, &secdata, &seclen); 118 err = security_socket_getpeersec_dgram(NULL, skb, &secid);
119 if (err)
120 return;
121
122 err = security_secid_to_secctx(secid, &secdata, &seclen);
119 if (err) 123 if (err)
120 return; 124 return;
121 125
122 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); 126 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
127 security_release_secctx(secdata, seclen);
123} 128}
124 129
125 130
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c
index fc87ce0da40d..4f222d6be009 100644
--- a/net/ipv4/netfilter/ip_conntrack_sip.c
+++ b/net/ipv4/netfilter/ip_conntrack_sip.c
@@ -442,7 +442,7 @@ static int __init init(void)
442 sip[i].tuple.src.u.udp.port = htons(ports[i]); 442 sip[i].tuple.src.u.udp.port = htons(ports[i]);
443 sip[i].mask.src.u.udp.port = 0xFFFF; 443 sip[i].mask.src.u.udp.port = 0xFFFF;
444 sip[i].mask.dst.protonum = 0xFF; 444 sip[i].mask.dst.protonum = 0xFF;
445 sip[i].max_expected = 1; 445 sip[i].max_expected = 2;
446 sip[i].timeout = 3 * 60; /* 3 minutes */ 446 sip[i].timeout = 3 * 60; /* 3 minutes */
447 sip[i].me = THIS_MODULE; 447 sip[i].me = THIS_MODULE;
448 sip[i].help = sip_help; 448 sip[i].help = sip_help;
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 92980ab8ce48..6b662449e825 100644
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -508,6 +508,9 @@ hashlimit_checkentry(const char *tablename,
508 if (!r->cfg.expire) 508 if (!r->cfg.expire)
509 return 0; 509 return 0;
510 510
511 if (r->name[sizeof(r->name) - 1] != '\0')
512 return 0;
513
511 /* This is the best we've got: We cannot release and re-grab lock, 514 /* This is the best we've got: We cannot release and re-grab lock,
512 * since checkentry() is called before ip_tables.c grabs ipt_mutex. 515 * since checkentry() is called before ip_tables.c grabs ipt_mutex.
513 * We also cannot grab the hashtable spinlock, since htable_create will 516 * We also cannot grab the hashtable spinlock, since htable_create will
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 2dc6dbb28467..19bd49d69d9f 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -104,6 +104,7 @@
104#include <net/icmp.h> 104#include <net/icmp.h>
105#include <net/xfrm.h> 105#include <net/xfrm.h>
106#include <net/ip_mp_alg.h> 106#include <net/ip_mp_alg.h>
107#include <net/netevent.h>
107#ifdef CONFIG_SYSCTL 108#ifdef CONFIG_SYSCTL
108#include <linux/sysctl.h> 109#include <linux/sysctl.h>
109#endif 110#endif
@@ -1125,6 +1126,7 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw,
1125 struct rtable *rth, **rthp; 1126 struct rtable *rth, **rthp;
1126 u32 skeys[2] = { saddr, 0 }; 1127 u32 skeys[2] = { saddr, 0 };
1127 int ikeys[2] = { dev->ifindex, 0 }; 1128 int ikeys[2] = { dev->ifindex, 0 };
1129 struct netevent_redirect netevent;
1128 1130
1129 if (!in_dev) 1131 if (!in_dev)
1130 return; 1132 return;
@@ -1216,6 +1218,11 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw,
1216 rt_drop(rt); 1218 rt_drop(rt);
1217 goto do_next; 1219 goto do_next;
1218 } 1220 }
1221
1222 netevent.old = &rth->u.dst;
1223 netevent.new = &rt->u.dst;
1224 call_netevent_notifiers(NETEVENT_REDIRECT,
1225 &netevent);
1219 1226
1220 rt_del(hash, rth); 1227 rt_del(hash, rth);
1221 if (!rt_intern_hash(hash, rt, &rt)) 1228 if (!rt_intern_hash(hash, rt, &rt))
@@ -1452,6 +1459,7 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1452 } 1459 }
1453 dst->metrics[RTAX_MTU-1] = mtu; 1460 dst->metrics[RTAX_MTU-1] = mtu;
1454 dst_set_expires(dst, ip_rt_mtu_expires); 1461 dst_set_expires(dst, ip_rt_mtu_expires);
1462 call_netevent_notifiers(NETEVENT_PMTU_UPDATE, dst);
1455 } 1463 }
1456} 1464}
1457 1465
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f6a2d9223d07..934396bb1376 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1132,7 +1132,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1132 tp->ucopy.dma_chan = NULL; 1132 tp->ucopy.dma_chan = NULL;
1133 preempt_disable(); 1133 preempt_disable();
1134 if ((len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) && 1134 if ((len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) &&
1135 !sysctl_tcp_low_latency && __get_cpu_var(softnet_data.net_dma)) { 1135 !sysctl_tcp_low_latency && __get_cpu_var(softnet_data).net_dma) {
1136 preempt_enable_no_resched(); 1136 preempt_enable_no_resched();
1137 tp->ucopy.pinned_list = dma_pin_iovec_pages(msg->msg_iov, len); 1137 tp->ucopy.pinned_list = dma_pin_iovec_pages(msg->msg_iov, len);
1138 } else 1138 } else
@@ -1659,7 +1659,8 @@ adjudge_to_death:
1659 const int tmo = tcp_fin_time(sk); 1659 const int tmo = tcp_fin_time(sk);
1660 1660
1661 if (tmo > TCP_TIMEWAIT_LEN) { 1661 if (tmo > TCP_TIMEWAIT_LEN) {
1662 inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); 1662 inet_csk_reset_keepalive_timer(sk,
1663 tmo - TCP_TIMEWAIT_LEN);
1663 } else { 1664 } else {
1664 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); 1665 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
1665 goto out; 1666 goto out;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index f6f39e814291..4b04c3edd4a9 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -438,7 +438,6 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
438 It can f.e. if SYNs crossed. 438 It can f.e. if SYNs crossed.
439 */ 439 */
440 if (!sock_owned_by_user(sk)) { 440 if (!sock_owned_by_user(sk)) {
441 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
442 sk->sk_err = err; 441 sk->sk_err = err;
443 442
444 sk->sk_error_report(sk); 443 sk->sk_error_report(sk);
@@ -874,7 +873,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
874drop_and_free: 873drop_and_free:
875 reqsk_free(req); 874 reqsk_free(req);
876drop: 875drop:
877 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
878 return 0; 876 return 0;
879} 877}
880 878
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 0ccb7cb22b15..624e2b2c7f53 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -589,8 +589,10 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
589 /* RFC793: "second check the RST bit" and 589 /* RFC793: "second check the RST bit" and
590 * "fourth, check the SYN bit" 590 * "fourth, check the SYN bit"
591 */ 591 */
592 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) 592 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) {
593 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
593 goto embryonic_reset; 594 goto embryonic_reset;
595 }
594 596
595 /* ACK sequence verified above, just make sure ACK is 597 /* ACK sequence verified above, just make sure ACK is
596 * set. If ACK not set, just silently drop the packet. 598 * set. If ACK not set, just silently drop the packet.
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index d7d517a3a238..b3435324b573 100644
--- a/net/ipv4/tcp_probe.c
+++ b/net/ipv4/tcp_probe.c
@@ -114,7 +114,7 @@ static int tcpprobe_open(struct inode * inode, struct file * file)
114static ssize_t tcpprobe_read(struct file *file, char __user *buf, 114static ssize_t tcpprobe_read(struct file *file, char __user *buf,
115 size_t len, loff_t *ppos) 115 size_t len, loff_t *ppos)
116{ 116{
117 int error = 0, cnt; 117 int error = 0, cnt = 0;
118 unsigned char *tbuf; 118 unsigned char *tbuf;
119 119
120 if (!buf || len < 0) 120 if (!buf || len < 0)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 2316a4315a18..8ea1e36bf8eb 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1869,15 +1869,21 @@ err_exit:
1869/* 1869/*
1870 * Manual configuration of address on an interface 1870 * Manual configuration of address on an interface
1871 */ 1871 */
1872static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen) 1872static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen,
1873 __u32 prefered_lft, __u32 valid_lft)
1873{ 1874{
1874 struct inet6_ifaddr *ifp; 1875 struct inet6_ifaddr *ifp;
1875 struct inet6_dev *idev; 1876 struct inet6_dev *idev;
1876 struct net_device *dev; 1877 struct net_device *dev;
1878 __u8 ifa_flags = 0;
1877 int scope; 1879 int scope;
1878 1880
1879 ASSERT_RTNL(); 1881 ASSERT_RTNL();
1880 1882
1883 /* check the lifetime */
1884 if (!valid_lft || prefered_lft > valid_lft)
1885 return -EINVAL;
1886
1881 if ((dev = __dev_get_by_index(ifindex)) == NULL) 1887 if ((dev = __dev_get_by_index(ifindex)) == NULL)
1882 return -ENODEV; 1888 return -ENODEV;
1883 1889
@@ -1889,10 +1895,29 @@ static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen)
1889 1895
1890 scope = ipv6_addr_scope(pfx); 1896 scope = ipv6_addr_scope(pfx);
1891 1897
1892 ifp = ipv6_add_addr(idev, pfx, plen, scope, IFA_F_PERMANENT); 1898 if (valid_lft == INFINITY_LIFE_TIME)
1899 ifa_flags |= IFA_F_PERMANENT;
1900 else if (valid_lft >= 0x7FFFFFFF/HZ)
1901 valid_lft = 0x7FFFFFFF/HZ;
1902
1903 if (prefered_lft == 0)
1904 ifa_flags |= IFA_F_DEPRECATED;
1905 else if ((prefered_lft >= 0x7FFFFFFF/HZ) &&
1906 (prefered_lft != INFINITY_LIFE_TIME))
1907 prefered_lft = 0x7FFFFFFF/HZ;
1908
1909 ifp = ipv6_add_addr(idev, pfx, plen, scope, ifa_flags);
1910
1893 if (!IS_ERR(ifp)) { 1911 if (!IS_ERR(ifp)) {
1912 spin_lock(&ifp->lock);
1913 ifp->valid_lft = valid_lft;
1914 ifp->prefered_lft = prefered_lft;
1915 ifp->tstamp = jiffies;
1916 spin_unlock(&ifp->lock);
1917
1894 addrconf_dad_start(ifp, 0); 1918 addrconf_dad_start(ifp, 0);
1895 in6_ifa_put(ifp); 1919 in6_ifa_put(ifp);
1920 addrconf_verify(0);
1896 return 0; 1921 return 0;
1897 } 1922 }
1898 1923
@@ -1945,7 +1970,8 @@ int addrconf_add_ifaddr(void __user *arg)
1945 return -EFAULT; 1970 return -EFAULT;
1946 1971
1947 rtnl_lock(); 1972 rtnl_lock();
1948 err = inet6_addr_add(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen); 1973 err = inet6_addr_add(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen,
1974 INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1949 rtnl_unlock(); 1975 rtnl_unlock();
1950 return err; 1976 return err;
1951} 1977}
@@ -2771,12 +2797,16 @@ restart:
2771 ifp->idev->nd_parms->retrans_time / HZ; 2797 ifp->idev->nd_parms->retrans_time / HZ;
2772#endif 2798#endif
2773 2799
2774 if (age >= ifp->valid_lft) { 2800 if (ifp->valid_lft != INFINITY_LIFE_TIME &&
2801 age >= ifp->valid_lft) {
2775 spin_unlock(&ifp->lock); 2802 spin_unlock(&ifp->lock);
2776 in6_ifa_hold(ifp); 2803 in6_ifa_hold(ifp);
2777 read_unlock(&addrconf_hash_lock); 2804 read_unlock(&addrconf_hash_lock);
2778 ipv6_del_addr(ifp); 2805 ipv6_del_addr(ifp);
2779 goto restart; 2806 goto restart;
2807 } else if (ifp->prefered_lft == INFINITY_LIFE_TIME) {
2808 spin_unlock(&ifp->lock);
2809 continue;
2780 } else if (age >= ifp->prefered_lft) { 2810 } else if (age >= ifp->prefered_lft) {
2781 /* jiffies - ifp->tsamp > age >= ifp->prefered_lft */ 2811 /* jiffies - ifp->tsamp > age >= ifp->prefered_lft */
2782 int deprecate = 0; 2812 int deprecate = 0;
@@ -2853,7 +2883,8 @@ inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2853 pfx = RTA_DATA(rta[IFA_ADDRESS-1]); 2883 pfx = RTA_DATA(rta[IFA_ADDRESS-1]);
2854 } 2884 }
2855 if (rta[IFA_LOCAL-1]) { 2885 if (rta[IFA_LOCAL-1]) {
2856 if (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx))) 2886 if (RTA_PAYLOAD(rta[IFA_LOCAL-1]) < sizeof(*pfx) ||
2887 (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx))))
2857 return -EINVAL; 2888 return -EINVAL;
2858 pfx = RTA_DATA(rta[IFA_LOCAL-1]); 2889 pfx = RTA_DATA(rta[IFA_LOCAL-1]);
2859 } 2890 }
@@ -2864,11 +2895,61 @@ inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2864} 2895}
2865 2896
2866static int 2897static int
2898inet6_addr_modify(int ifindex, struct in6_addr *pfx,
2899 __u32 prefered_lft, __u32 valid_lft)
2900{
2901 struct inet6_ifaddr *ifp = NULL;
2902 struct net_device *dev;
2903 int ifa_flags = 0;
2904
2905 if ((dev = __dev_get_by_index(ifindex)) == NULL)
2906 return -ENODEV;
2907
2908 if (!(dev->flags&IFF_UP))
2909 return -ENETDOWN;
2910
2911 if (!valid_lft || (prefered_lft > valid_lft))
2912 return -EINVAL;
2913
2914 ifp = ipv6_get_ifaddr(pfx, dev, 1);
2915 if (ifp == NULL)
2916 return -ENOENT;
2917
2918 if (valid_lft == INFINITY_LIFE_TIME)
2919 ifa_flags = IFA_F_PERMANENT;
2920 else if (valid_lft >= 0x7FFFFFFF/HZ)
2921 valid_lft = 0x7FFFFFFF/HZ;
2922
2923 if (prefered_lft == 0)
2924 ifa_flags = IFA_F_DEPRECATED;
2925 else if ((prefered_lft >= 0x7FFFFFFF/HZ) &&
2926 (prefered_lft != INFINITY_LIFE_TIME))
2927 prefered_lft = 0x7FFFFFFF/HZ;
2928
2929 spin_lock_bh(&ifp->lock);
2930 ifp->flags = (ifp->flags & ~(IFA_F_DEPRECATED|IFA_F_PERMANENT)) | ifa_flags;
2931
2932 ifp->tstamp = jiffies;
2933 ifp->valid_lft = valid_lft;
2934 ifp->prefered_lft = prefered_lft;
2935
2936 spin_unlock_bh(&ifp->lock);
2937 if (!(ifp->flags&IFA_F_TENTATIVE))
2938 ipv6_ifa_notify(0, ifp);
2939 in6_ifa_put(ifp);
2940
2941 addrconf_verify(0);
2942
2943 return 0;
2944}
2945
2946static int
2867inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) 2947inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2868{ 2948{
2869 struct rtattr **rta = arg; 2949 struct rtattr **rta = arg;
2870 struct ifaddrmsg *ifm = NLMSG_DATA(nlh); 2950 struct ifaddrmsg *ifm = NLMSG_DATA(nlh);
2871 struct in6_addr *pfx; 2951 struct in6_addr *pfx;
2952 __u32 valid_lft = INFINITY_LIFE_TIME, prefered_lft = INFINITY_LIFE_TIME;
2872 2953
2873 pfx = NULL; 2954 pfx = NULL;
2874 if (rta[IFA_ADDRESS-1]) { 2955 if (rta[IFA_ADDRESS-1]) {
@@ -2877,14 +2958,34 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2877 pfx = RTA_DATA(rta[IFA_ADDRESS-1]); 2958 pfx = RTA_DATA(rta[IFA_ADDRESS-1]);
2878 } 2959 }
2879 if (rta[IFA_LOCAL-1]) { 2960 if (rta[IFA_LOCAL-1]) {
2880 if (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx))) 2961 if (RTA_PAYLOAD(rta[IFA_LOCAL-1]) < sizeof(*pfx) ||
2962 (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx))))
2881 return -EINVAL; 2963 return -EINVAL;
2882 pfx = RTA_DATA(rta[IFA_LOCAL-1]); 2964 pfx = RTA_DATA(rta[IFA_LOCAL-1]);
2883 } 2965 }
2884 if (pfx == NULL) 2966 if (pfx == NULL)
2885 return -EINVAL; 2967 return -EINVAL;
2886 2968
2887 return inet6_addr_add(ifm->ifa_index, pfx, ifm->ifa_prefixlen); 2969 if (rta[IFA_CACHEINFO-1]) {
2970 struct ifa_cacheinfo *ci;
2971 if (RTA_PAYLOAD(rta[IFA_CACHEINFO-1]) < sizeof(*ci))
2972 return -EINVAL;
2973 ci = RTA_DATA(rta[IFA_CACHEINFO-1]);
2974 valid_lft = ci->ifa_valid;
2975 prefered_lft = ci->ifa_prefered;
2976 }
2977
2978 if (nlh->nlmsg_flags & NLM_F_REPLACE) {
2979 int ret;
2980 ret = inet6_addr_modify(ifm->ifa_index, pfx,
2981 prefered_lft, valid_lft);
2982 if (ret == 0 || !(nlh->nlmsg_flags & NLM_F_CREATE))
2983 return ret;
2984 }
2985
2986 return inet6_addr_add(ifm->ifa_index, pfx, ifm->ifa_prefixlen,
2987 prefered_lft, valid_lft);
2988
2888} 2989}
2889 2990
2890/* Maximum length of ifa_cacheinfo attributes */ 2991/* Maximum length of ifa_cacheinfo attributes */
@@ -3121,6 +3222,62 @@ static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
3121 return inet6_dump_addr(skb, cb, type); 3222 return inet6_dump_addr(skb, cb, type);
3122} 3223}
3123 3224
3225static int inet6_rtm_getaddr(struct sk_buff *in_skb,
3226 struct nlmsghdr* nlh, void *arg)
3227{
3228 struct rtattr **rta = arg;
3229 struct ifaddrmsg *ifm = NLMSG_DATA(nlh);
3230 struct in6_addr *addr = NULL;
3231 struct net_device *dev = NULL;
3232 struct inet6_ifaddr *ifa;
3233 struct sk_buff *skb;
3234 int size = NLMSG_SPACE(sizeof(struct ifaddrmsg) + INET6_IFADDR_RTA_SPACE);
3235 int err;
3236
3237 if (rta[IFA_ADDRESS-1]) {
3238 if (RTA_PAYLOAD(rta[IFA_ADDRESS-1]) < sizeof(*addr))
3239 return -EINVAL;
3240 addr = RTA_DATA(rta[IFA_ADDRESS-1]);
3241 }
3242 if (rta[IFA_LOCAL-1]) {
3243 if (RTA_PAYLOAD(rta[IFA_LOCAL-1]) < sizeof(*addr) ||
3244 (addr && memcmp(addr, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*addr))))
3245 return -EINVAL;
3246 addr = RTA_DATA(rta[IFA_LOCAL-1]);
3247 }
3248 if (addr == NULL)
3249 return -EINVAL;
3250
3251 if (ifm->ifa_index)
3252 dev = __dev_get_by_index(ifm->ifa_index);
3253
3254 if ((ifa = ipv6_get_ifaddr(addr, dev, 1)) == NULL)
3255 return -EADDRNOTAVAIL;
3256
3257 if ((skb = alloc_skb(size, GFP_KERNEL)) == NULL) {
3258 err = -ENOBUFS;
3259 goto out;
3260 }
3261
3262 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid;
3263 err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(in_skb).pid,
3264 nlh->nlmsg_seq, RTM_NEWADDR, 0);
3265 if (err < 0) {
3266 err = -EMSGSIZE;
3267 goto out_free;
3268 }
3269
3270 err = netlink_unicast(rtnl, skb, NETLINK_CB(in_skb).pid, MSG_DONTWAIT);
3271 if (err > 0)
3272 err = 0;
3273out:
3274 in6_ifa_put(ifa);
3275 return err;
3276out_free:
3277 kfree_skb(skb);
3278 goto out;
3279}
3280
3124static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa) 3281static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
3125{ 3282{
3126 struct sk_buff *skb; 3283 struct sk_buff *skb;
@@ -3363,7 +3520,8 @@ static struct rtnetlink_link inet6_rtnetlink_table[RTM_NR_MSGTYPES] = {
3363 [RTM_GETLINK - RTM_BASE] = { .dumpit = inet6_dump_ifinfo, }, 3520 [RTM_GETLINK - RTM_BASE] = { .dumpit = inet6_dump_ifinfo, },
3364 [RTM_NEWADDR - RTM_BASE] = { .doit = inet6_rtm_newaddr, }, 3521 [RTM_NEWADDR - RTM_BASE] = { .doit = inet6_rtm_newaddr, },
3365 [RTM_DELADDR - RTM_BASE] = { .doit = inet6_rtm_deladdr, }, 3522 [RTM_DELADDR - RTM_BASE] = { .doit = inet6_rtm_deladdr, },
3366 [RTM_GETADDR - RTM_BASE] = { .dumpit = inet6_dump_ifaddr, }, 3523 [RTM_GETADDR - RTM_BASE] = { .doit = inet6_rtm_getaddr,
3524 .dumpit = inet6_dump_ifaddr, },
3367 [RTM_GETMULTICAST - RTM_BASE] = { .dumpit = inet6_dump_ifmcaddr, }, 3525 [RTM_GETMULTICAST - RTM_BASE] = { .dumpit = inet6_dump_ifmcaddr, },
3368 [RTM_GETANYCAST - RTM_BASE] = { .dumpit = inet6_dump_ifacaddr, }, 3526 [RTM_GETANYCAST - RTM_BASE] = { .dumpit = inet6_dump_ifacaddr, },
3369 [RTM_NEWROUTE - RTM_BASE] = { .doit = inet6_rtm_newroute, }, 3527 [RTM_NEWROUTE - RTM_BASE] = { .doit = inet6_rtm_newroute, },
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 5a0ba58b86cc..ac85e9c532c2 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -658,7 +658,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
658 return err; 658 return err;
659 } 659 }
660 660
661 ip6_dst_store(sk, dst, NULL); 661 __ip6_dst_store(sk, dst, NULL);
662 } 662 }
663 663
664 return 0; 664 return 0;
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 5c950cc79d80..bf491077b822 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -185,7 +185,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok)
185 return err; 185 return err;
186 } 186 }
187 187
188 ip6_dst_store(sk, dst, NULL); 188 __ip6_dst_store(sk, dst, NULL);
189 } 189 }
190 190
191 skb->dst = dst_clone(dst); 191 skb->dst = dst_clone(dst);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 3bc74ce78800..69451af6abe7 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -356,6 +356,7 @@ int ip6_forward(struct sk_buff *skb)
356 skb->dev = dst->dev; 356 skb->dev = dst->dev;
357 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 357 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
358 0, skb->dev); 358 0, skb->dev);
359 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
359 360
360 kfree_skb(skb); 361 kfree_skb(skb);
361 return -ETIMEDOUT; 362 return -ETIMEDOUT;
@@ -595,6 +596,9 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
595 } 596 }
596 597
597 err = output(skb); 598 err = output(skb);
599 if(!err)
600 IP6_INC_STATS(IPSTATS_MIB_FRAGCREATES);
601
598 if (err || !frag) 602 if (err || !frag)
599 break; 603 break;
600 604
@@ -706,12 +710,11 @@ slow_path:
706 /* 710 /*
707 * Put this fragment into the sending queue. 711 * Put this fragment into the sending queue.
708 */ 712 */
709
710 IP6_INC_STATS(IPSTATS_MIB_FRAGCREATES);
711
712 err = output(frag); 713 err = output(frag);
713 if (err) 714 if (err)
714 goto fail; 715 goto fail;
716
717 IP6_INC_STATS(IPSTATS_MIB_FRAGCREATES);
715 } 718 }
716 kfree_skb(skb); 719 kfree_skb(skb);
717 IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 720 IP6_INC_STATS(IPSTATS_MIB_FRAGOKS);
@@ -723,48 +726,51 @@ fail:
723 return err; 726 return err;
724} 727}
725 728
726int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 729static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
730 struct dst_entry *dst,
731 struct flowi *fl)
727{ 732{
728 int err = 0; 733 struct ipv6_pinfo *np = inet6_sk(sk);
734 struct rt6_info *rt = (struct rt6_info *)dst;
729 735
730 *dst = NULL; 736 if (!dst)
731 if (sk) { 737 goto out;
732 struct ipv6_pinfo *np = inet6_sk(sk); 738
733 739 /* Yes, checking route validity in not connected
734 *dst = sk_dst_check(sk, np->dst_cookie); 740 * case is not very simple. Take into account,
735 if (*dst) { 741 * that we do not support routing by source, TOS,
736 struct rt6_info *rt = (struct rt6_info*)*dst; 742 * and MSG_DONTROUTE --ANK (980726)
737 743 *
738 /* Yes, checking route validity in not connected 744 * 1. If route was host route, check that
739 * case is not very simple. Take into account, 745 * cached destination is current.
740 * that we do not support routing by source, TOS, 746 * If it is network route, we still may
741 * and MSG_DONTROUTE --ANK (980726) 747 * check its validity using saved pointer
742 * 748 * to the last used address: daddr_cache.
743 * 1. If route was host route, check that 749 * We do not want to save whole address now,
744 * cached destination is current. 750 * (because main consumer of this service
745 * If it is network route, we still may 751 * is tcp, which has not this problem),
746 * check its validity using saved pointer 752 * so that the last trick works only on connected
747 * to the last used address: daddr_cache. 753 * sockets.
748 * We do not want to save whole address now, 754 * 2. oif also should be the same.
749 * (because main consumer of this service 755 */
750 * is tcp, which has not this problem), 756 if (((rt->rt6i_dst.plen != 128 ||
751 * so that the last trick works only on connected 757 !ipv6_addr_equal(&fl->fl6_dst, &rt->rt6i_dst.addr))
752 * sockets. 758 && (np->daddr_cache == NULL ||
753 * 2. oif also should be the same. 759 !ipv6_addr_equal(&fl->fl6_dst, np->daddr_cache)))
754 */ 760 || (fl->oif && fl->oif != dst->dev->ifindex)) {
755 if (((rt->rt6i_dst.plen != 128 || 761 dst_release(dst);
756 !ipv6_addr_equal(&fl->fl6_dst, 762 dst = NULL;
757 &rt->rt6i_dst.addr))
758 && (np->daddr_cache == NULL ||
759 !ipv6_addr_equal(&fl->fl6_dst,
760 np->daddr_cache)))
761 || (fl->oif && fl->oif != (*dst)->dev->ifindex)) {
762 dst_release(*dst);
763 *dst = NULL;
764 }
765 }
766 } 763 }
767 764
765out:
766 return dst;
767}
768
769static int ip6_dst_lookup_tail(struct sock *sk,
770 struct dst_entry **dst, struct flowi *fl)
771{
772 int err;
773
768 if (*dst == NULL) 774 if (*dst == NULL)
769 *dst = ip6_route_output(sk, fl); 775 *dst = ip6_route_output(sk, fl);
770 776
@@ -773,7 +779,6 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
773 779
774 if (ipv6_addr_any(&fl->fl6_src)) { 780 if (ipv6_addr_any(&fl->fl6_src)) {
775 err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src); 781 err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src);
776
777 if (err) 782 if (err)
778 goto out_err_release; 783 goto out_err_release;
779 } 784 }
@@ -786,8 +791,48 @@ out_err_release:
786 return err; 791 return err;
787} 792}
788 793
794/**
795 * ip6_dst_lookup - perform route lookup on flow
796 * @sk: socket which provides route info
797 * @dst: pointer to dst_entry * for result
798 * @fl: flow to lookup
799 *
800 * This function performs a route lookup on the given flow.
801 *
802 * It returns zero on success, or a standard errno code on error.
803 */
804int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
805{
806 *dst = NULL;
807 return ip6_dst_lookup_tail(sk, dst, fl);
808}
789EXPORT_SYMBOL_GPL(ip6_dst_lookup); 809EXPORT_SYMBOL_GPL(ip6_dst_lookup);
790 810
811/**
812 * ip6_sk_dst_lookup - perform socket cached route lookup on flow
813 * @sk: socket which provides the dst cache and route info
814 * @dst: pointer to dst_entry * for result
815 * @fl: flow to lookup
816 *
817 * This function performs a route lookup on the given flow with the
818 * possibility of using the cached route in the socket if it is valid.
819 * It will take the socket dst lock when operating on the dst cache.
820 * As a result, this function can only be used in process context.
821 *
822 * It returns zero on success, or a standard errno code on error.
823 */
824int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
825{
826 *dst = NULL;
827 if (sk) {
828 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
829 *dst = ip6_sk_dst_check(sk, *dst, fl);
830 }
831
832 return ip6_dst_lookup_tail(sk, dst, fl);
833}
834EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
835
791static inline int ip6_ufo_append_data(struct sock *sk, 836static inline int ip6_ufo_append_data(struct sock *sk,
792 int getfrag(void *from, char *to, int offset, int len, 837 int getfrag(void *from, char *to, int offset, int len,
793 int odd, struct sk_buff *skb), 838 int odd, struct sk_buff *skb),
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 87c39c978cd0..4b163711f3a8 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -53,6 +53,7 @@
53#include <linux/rtnetlink.h> 53#include <linux/rtnetlink.h>
54#include <net/dst.h> 54#include <net/dst.h>
55#include <net/xfrm.h> 55#include <net/xfrm.h>
56#include <net/netevent.h>
56 57
57#include <asm/uaccess.h> 58#include <asm/uaccess.h>
58 59
@@ -742,6 +743,7 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
742 dst->metrics[RTAX_FEATURES-1] |= RTAX_FEATURE_ALLFRAG; 743 dst->metrics[RTAX_FEATURES-1] |= RTAX_FEATURE_ALLFRAG;
743 } 744 }
744 dst->metrics[RTAX_MTU-1] = mtu; 745 dst->metrics[RTAX_MTU-1] = mtu;
746 call_netevent_notifiers(NETEVENT_PMTU_UPDATE, dst);
745 } 747 }
746} 748}
747 749
@@ -1155,6 +1157,7 @@ void rt6_redirect(struct in6_addr *dest, struct in6_addr *saddr,
1155 struct rt6_info *rt, *nrt = NULL; 1157 struct rt6_info *rt, *nrt = NULL;
1156 int strict; 1158 int strict;
1157 struct fib6_node *fn; 1159 struct fib6_node *fn;
1160 struct netevent_redirect netevent;
1158 1161
1159 /* 1162 /*
1160 * Get the "current" route for this destination and 1163 * Get the "current" route for this destination and
@@ -1252,6 +1255,10 @@ restart:
1252 if (ip6_ins_rt(nrt, NULL, NULL, NULL)) 1255 if (ip6_ins_rt(nrt, NULL, NULL, NULL))
1253 goto out; 1256 goto out;
1254 1257
1258 netevent.old = &rt->u.dst;
1259 netevent.new = &nrt->u.dst;
1260 call_netevent_notifiers(NETEVENT_REDIRECT, &netevent);
1261
1255 if (rt->rt6i_flags&RTF_CACHE) { 1262 if (rt->rt6i_flags&RTF_CACHE) {
1256 ip6_del_rt(rt, NULL, NULL, NULL); 1263 ip6_del_rt(rt, NULL, NULL, NULL);
1257 return; 1264 return;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 923989d0520d..b843a650be71 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -270,7 +270,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
270 inet->rcv_saddr = LOOPBACK4_IPV6; 270 inet->rcv_saddr = LOOPBACK4_IPV6;
271 271
272 sk->sk_gso_type = SKB_GSO_TCPV6; 272 sk->sk_gso_type = SKB_GSO_TCPV6;
273 ip6_dst_store(sk, dst, NULL); 273 __ip6_dst_store(sk, dst, NULL);
274 274
275 icsk->icsk_ext_hdr_len = 0; 275 icsk->icsk_ext_hdr_len = 0;
276 if (np->opt) 276 if (np->opt)
@@ -427,7 +427,6 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
427 case TCP_SYN_RECV: /* Cannot happen. 427 case TCP_SYN_RECV: /* Cannot happen.
428 It can, it SYNs are crossed. --ANK */ 428 It can, it SYNs are crossed. --ANK */
429 if (!sock_owned_by_user(sk)) { 429 if (!sock_owned_by_user(sk)) {
430 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
431 sk->sk_err = err; 430 sk->sk_err = err;
432 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 431 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
433 432
@@ -831,7 +830,6 @@ drop:
831 if (req) 830 if (req)
832 reqsk_free(req); 831 reqsk_free(req);
833 832
834 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
835 return 0; /* don't send reset */ 833 return 0; /* don't send reset */
836} 834}
837 835
@@ -947,7 +945,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
947 */ 945 */
948 946
949 sk->sk_gso_type = SKB_GSO_TCPV6; 947 sk->sk_gso_type = SKB_GSO_TCPV6;
950 ip6_dst_store(newsk, dst, NULL); 948 __ip6_dst_store(newsk, dst, NULL);
951 949
952 newtcp6sk = (struct tcp6_sock *)newsk; 950 newtcp6sk = (struct tcp6_sock *)newsk;
953 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 951 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index ccc57f434cd3..3d54f246411e 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -782,7 +782,7 @@ do_udp_sendmsg:
782 connected = 0; 782 connected = 0;
783 } 783 }
784 784
785 err = ip6_dst_lookup(sk, &dst, fl); 785 err = ip6_sk_dst_lookup(sk, &dst, fl);
786 if (err) 786 if (err)
787 goto out; 787 goto out;
788 if (final_p) 788 if (final_p)
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 0eea60ea9ebc..c8c8b44a0f58 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -125,7 +125,7 @@ static int xfrm6_output_finish(struct sk_buff *skb)
125 if (!skb_is_gso(skb)) 125 if (!skb_is_gso(skb))
126 return xfrm6_output_finish2(skb); 126 return xfrm6_output_finish2(skb);
127 127
128 skb->protocol = htons(ETH_P_IP); 128 skb->protocol = htons(ETH_P_IPV6);
129 segs = skb_gso_segment(skb, 0); 129 segs = skb_gso_segment(skb, 0);
130 kfree_skb(skb); 130 kfree_skb(skb);
131 if (unlikely(IS_ERR(segs))) 131 if (unlikely(IS_ERR(segs)))
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index c2ce9c4011cc..de9537ad9a7c 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -57,6 +57,8 @@ static int checkentry_selinux(struct xt_secmark_target_info *info)
57{ 57{
58 int err; 58 int err;
59 struct xt_secmark_target_selinux_info *sel = &info->u.sel; 59 struct xt_secmark_target_selinux_info *sel = &info->u.sel;
60
61 sel->selctx[SECMARK_SELCTX_MAX - 1] = '\0';
60 62
61 err = selinux_string_to_sid(sel->selctx, &sel->selsid); 63 err = selinux_string_to_sid(sel->selctx, &sel->selsid);
62 if (err) { 64 if (err) {
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 0ebb6ac2c8c7..d8e3891b5f8b 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -55,7 +55,10 @@ static int checkentry(const char *tablename,
55 /* Damn, can't handle this case properly with iptables... */ 55 /* Damn, can't handle this case properly with iptables... */
56 if (conf->from_offset > conf->to_offset) 56 if (conf->from_offset > conf->to_offset)
57 return 0; 57 return 0;
58 58 if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
59 return 0;
60 if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
61 return 0;
59 ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen, 62 ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
60 GFP_KERNEL, TS_AUTOLOAD); 63 GFP_KERNEL, TS_AUTOLOAD);
61 if (IS_ERR(ts_conf)) 64 if (IS_ERR(ts_conf))
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 6f2909279268..de6ec519272e 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -128,23 +128,17 @@ static atomic_t unix_nr_socks = ATOMIC_INIT(0);
128#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE) 128#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
129 129
130#ifdef CONFIG_SECURITY_NETWORK 130#ifdef CONFIG_SECURITY_NETWORK
131static void unix_get_peersec_dgram(struct sk_buff *skb) 131static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
132{ 132{
133 int err; 133 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
134
135 err = security_socket_getpeersec_dgram(skb, UNIXSECDATA(skb),
136 UNIXSECLEN(skb));
137 if (err)
138 *(UNIXSECDATA(skb)) = NULL;
139} 134}
140 135
141static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) 136static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142{ 137{
143 scm->secdata = *UNIXSECDATA(skb); 138 scm->secid = *UNIXSID(skb);
144 scm->seclen = *UNIXSECLEN(skb);
145} 139}
146#else 140#else
147static inline void unix_get_peersec_dgram(struct sk_buff *skb) 141static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
148{ } 142{ }
149 143
150static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) 144static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
@@ -1322,8 +1316,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1322 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1316 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1323 if (siocb->scm->fp) 1317 if (siocb->scm->fp)
1324 unix_attach_fds(siocb->scm, skb); 1318 unix_attach_fds(siocb->scm, skb);
1325 1319 unix_get_secdata(siocb->scm, skb);
1326 unix_get_peersec_dgram(skb);
1327 1320
1328 skb->h.raw = skb->data; 1321 skb->h.raw = skb->data;
1329 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); 1322 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
diff --git a/security/dummy.c b/security/dummy.c
index bbbfda70e131..58c6d399c844 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -791,8 +791,7 @@ static int dummy_socket_getpeersec_stream(struct socket *sock, char __user *optv
791 return -ENOPROTOOPT; 791 return -ENOPROTOOPT;
792} 792}
793 793
794static int dummy_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 794static int dummy_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
795 u32 *seclen)
796{ 795{
797 return -ENOPROTOOPT; 796 return -ENOPROTOOPT;
798} 797}
@@ -876,6 +875,15 @@ static int dummy_setprocattr(struct task_struct *p, char *name, void *value, siz
876 return -EINVAL; 875 return -EINVAL;
877} 876}
878 877
878static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
879{
880 return -EOPNOTSUPP;
881}
882
883static void dummy_release_secctx(char *secdata, u32 seclen)
884{
885}
886
879#ifdef CONFIG_KEYS 887#ifdef CONFIG_KEYS
880static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx, 888static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
881 unsigned long flags) 889 unsigned long flags)
@@ -1028,6 +1036,8 @@ void security_fixup_ops (struct security_operations *ops)
1028 set_to_dummy_if_null(ops, d_instantiate); 1036 set_to_dummy_if_null(ops, d_instantiate);
1029 set_to_dummy_if_null(ops, getprocattr); 1037 set_to_dummy_if_null(ops, getprocattr);
1030 set_to_dummy_if_null(ops, setprocattr); 1038 set_to_dummy_if_null(ops, setprocattr);
1039 set_to_dummy_if_null(ops, secid_to_secctx);
1040 set_to_dummy_if_null(ops, release_secctx);
1031#ifdef CONFIG_SECURITY_NETWORK 1041#ifdef CONFIG_SECURITY_NETWORK
1032 set_to_dummy_if_null(ops, unix_stream_connect); 1042 set_to_dummy_if_null(ops, unix_stream_connect);
1033 set_to_dummy_if_null(ops, unix_may_send); 1043 set_to_dummy_if_null(ops, unix_may_send);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a91c961ba38b..5d1b8c733199 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3524,25 +3524,21 @@ out:
3524 return err; 3524 return err;
3525} 3525}
3526 3526
3527static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) 3527static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3528{ 3528{
3529 u32 peer_secid = SECSID_NULL;
3529 int err = 0; 3530 int err = 0;
3530 u32 peer_sid;
3531 3531
3532 if (skb->sk->sk_family == PF_UNIX) 3532 if (sock && (sock->sk->sk_family == PF_UNIX))
3533 selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket), 3533 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
3534 &peer_sid); 3534 else if (skb)
3535 else 3535 peer_secid = selinux_socket_getpeer_dgram(skb);
3536 peer_sid = selinux_socket_getpeer_dgram(skb);
3537
3538 if (peer_sid == SECSID_NULL)
3539 return -EINVAL;
3540 3536
3541 err = security_sid_to_context(peer_sid, secdata, seclen); 3537 if (peer_secid == SECSID_NULL)
3542 if (err) 3538 err = -EINVAL;
3543 return err; 3539 *secid = peer_secid;
3544 3540
3545 return 0; 3541 return err;
3546} 3542}
3547 3543
3548static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) 3544static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
@@ -4407,6 +4403,17 @@ static int selinux_setprocattr(struct task_struct *p,
4407 return size; 4403 return size;
4408} 4404}
4409 4405
4406static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4407{
4408 return security_sid_to_context(secid, secdata, seclen);
4409}
4410
4411static void selinux_release_secctx(char *secdata, u32 seclen)
4412{
4413 if (secdata)
4414 kfree(secdata);
4415}
4416
4410#ifdef CONFIG_KEYS 4417#ifdef CONFIG_KEYS
4411 4418
4412static int selinux_key_alloc(struct key *k, struct task_struct *tsk, 4419static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
@@ -4587,6 +4594,9 @@ static struct security_operations selinux_ops = {
4587 .getprocattr = selinux_getprocattr, 4594 .getprocattr = selinux_getprocattr,
4588 .setprocattr = selinux_setprocattr, 4595 .setprocattr = selinux_setprocattr,
4589 4596
4597 .secid_to_secctx = selinux_secid_to_secctx,
4598 .release_secctx = selinux_release_secctx,
4599
4590 .unix_stream_connect = selinux_socket_unix_stream_connect, 4600 .unix_stream_connect = selinux_socket_unix_stream_connect,
4591 .unix_may_send = selinux_socket_unix_may_send, 4601 .unix_may_send = selinux_socket_unix_may_send,
4592 4602