Merge ../linux-2.6

13 files changed, 52 insertions, 28 deletions

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 105039eb7629..4d1c40972a4b 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -385,7 +385,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
         u32 daddr;
 
         if (ip_options_echo(&icmp_param->replyopts, skb))
-                goto out;
+                return;
 
         if (icmp_xmit_lock())
                 return;
@@ -416,7 +416,6 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
         ip_rt_put(rt);
 out_unlock:
         icmp_xmit_unlock();
-out:;
 }
 
 
@@ -525,7 +524,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info)
                                           iph->tos;
 
         if (ip_options_echo(&icmp_param.replyopts, skb_in))
-                goto ende;
+                goto out_unlock;
 
 
         /*
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index d8ce7133cd8f..0b4e95f93dad 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -970,7 +970,7 @@ int igmp_rcv(struct sk_buff *skb)
         case IGMP_MTRACE_RESP:
                 break;
         default:
-                NETDEBUG(KERN_DEBUG "New IGMP type=%d, why we do not know about it?\n", ih->type);
+                break;
         }
 
 drop:
diff --git a/net/ipv4/multipath_wrandom.c b/net/ipv4/multipath_wrandom.c
index d34a9fa608e0..342d0b9098f5 100644
--- a/net/ipv4/multipath_wrandom.c
+++ b/net/ipv4/multipath_wrandom.c
@@ -228,7 +228,7 @@ static void wrandom_set_nhinfo(__u32 network,
         struct multipath_dest *d, *target_dest = NULL;
 
         /* store the weight information for a certain route */
-        spin_lock(&state[state_idx].lock);
+        spin_lock_bh(&state[state_idx].lock);
 
         /* find state entry for gateway or add one if necessary */
         list_for_each_entry_rcu(r, &state[state_idx].head, list) {
@@ -276,7 +276,7 @@ static void wrandom_set_nhinfo(__u32 network,
          * we are finished
          */
 
-        spin_unlock(&state[state_idx].lock);
+        spin_unlock_bh(&state[state_idx].lock);
 }
 
 static void __multipath_free(struct rcu_head *head)
@@ -302,7 +302,7 @@ static void wrandom_flush(void)
         for (i = 0; i < MULTIPATH_STATE_SIZE; ++i) {
                 struct multipath_route *r;
 
-                spin_lock(&state[i].lock);
+                spin_lock_bh(&state[i].lock);
                 list_for_each_entry_rcu(r, &state[i].head, list) {
                         struct multipath_dest *d;
                         list_for_each_entry_rcu(d, &r->dests, list) {
@@ -315,7 +315,7 @@ static void wrandom_flush(void)
                                  __multipath_free);
                 }
 
-                spin_unlock(&state[i].lock);
+                spin_unlock_bh(&state[i].lock);
         }
 }
 
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index afe3d8f8177d..dd1048be8a01 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -807,6 +807,13 @@ static int do_replace(void __user *user, unsigned int len)
         if (len != sizeof(tmp) + tmp.size)
                 return -ENOPROTOOPT;
 
+        /* overflow check */
+        if (tmp.size >= (INT_MAX - sizeof(struct xt_table_info)) / NR_CPUS -
+                        SMP_CACHE_BYTES)
+                return -ENOMEM;
+        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
+                return -ENOMEM;
+
         newinfo = xt_alloc_table_info(tmp.size);
         if (!newinfo)
                 return -ENOMEM;
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index c9ebbe0d2d9c..e0b5926c76f9 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1216,7 +1216,7 @@ static int ctnetlink_expect_event(struct notifier_block *this,
 
         b = skb->tail;
 
-        type |= NFNL_SUBSYS_CTNETLINK << 8;
+        type |= NFNL_SUBSYS_CTNETLINK_EXP << 8;
         nlh   = NLMSG_PUT(skb, 0, 0, type, sizeof(struct nfgenmsg));
         nfmsg = NLMSG_DATA(nlh);
 
@@ -1567,6 +1567,7 @@ static struct nfnetlink_subsystem ctnl_exp_subsys = {
 };
 
 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK);
+MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP);
 
 static int __init ctnetlink_init(void)
 {
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c
index d3c5a371f993..4ba4463cec28 100644
--- a/net/ipv4/netfilter/ip_conntrack_tftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_tftp.c
@@ -71,6 +71,7 @@ static int tftp_help(struct sk_buff **pskb,
 
                 exp->tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
                 exp->mask.src.ip = 0xffffffff;
+                exp->mask.src.u.udp.port = 0;
                 exp->mask.dst.ip = 0xffffffff;
                 exp->mask.dst.u.udp.port = 0xffff;
                 exp->mask.dst.protonum = 0xff;
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index ad438fb185b8..92c54999a19d 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -209,8 +209,8 @@ ip_nat_in(unsigned int hooknum,
             && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
                 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 
-                if (ct->tuplehash[dir].tuple.src.ip !=
-                    ct->tuplehash[!dir].tuple.dst.ip) {
+                if (ct->tuplehash[dir].tuple.dst.ip !=
+                    ct->tuplehash[!dir].tuple.src.ip) {
                         dst_release((*pskb)->dst);
                         (*pskb)->dst = NULL;
                 }
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 2371b2062c2d..16f47c675fef 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -921,6 +921,13 @@ do_replace(void __user *user, unsigned int len)
         if (len != sizeof(tmp) + tmp.size)
                 return -ENOPROTOOPT;
 
+        /* overflow check */
+        if (tmp.size >= (INT_MAX - sizeof(struct xt_table_info)) / NR_CPUS -
+                        SMP_CACHE_BYTES)
+                return -ENOMEM;
+        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
+                return -ENOMEM;
+
         newinfo = xt_alloc_table_info(tmp.size);
         if (!newinfo)
                 return -ENOMEM;
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 641dbc477650..180a9ea57b69 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -35,6 +35,10 @@
  * each nlgroup you are using, so the total kernel memory usage increases
  * by that factor.
  *
+ * Actually you should use nlbufsiz a bit smaller than PAGE_SIZE, since
+ * nlbufsiz is used with alloc_skb, which adds another
+ * sizeof(struct skb_shared_info).  Use NLMSG_GOODSIZE instead.
+ *
  * flushtimeout:
  *   Specify, after how many hundredths of a second the queue should be
  *   flushed even if it is not full yet.
@@ -76,7 +80,7 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG);
 
 #define PRINTR(format, args...) do { if (net_ratelimit()) printk(format , ## args); } while (0)
 
-static unsigned int nlbufsiz = 4096;
+static unsigned int nlbufsiz = NLMSG_GOODSIZE;
 module_param(nlbufsiz, uint, 0400);
 MODULE_PARM_DESC(nlbufsiz, "netlink buffer size");
 
@@ -143,22 +147,26 @@ static void ulog_timer(unsigned long data)
 static struct sk_buff *ulog_alloc_skb(unsigned int size)
 {
         struct sk_buff *skb;
+        unsigned int n;
 
         /* alloc skb which should be big enough for a whole
          * multipart message. WARNING: has to be <= 131000
          * due to slab allocator restrictions */
 
-        skb = alloc_skb(nlbufsiz, GFP_ATOMIC);
+        n = max(size, nlbufsiz);
+        skb = alloc_skb(n, GFP_ATOMIC);
         if (!skb) {
-                PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n",
-                        nlbufsiz);
+                PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n);
 
-                /* try to allocate only as much as we need for 
-                 * current packet */
+                if (n > size) {
+                        /* try to allocate only as much as we need for 
+                         * current packet */
 
-                skb = alloc_skb(size, GFP_ATOMIC);
-                if (!skb)
-                        PRINTR("ipt_ULOG: can't even allocate %ub\n", size);
+                        skb = alloc_skb(size, GFP_ATOMIC);
+                        if (!skb)
+                                PRINTR("ipt_ULOG: can't even allocate %ub\n",
+                                       size);
+                }
         }
 
         return skb;
diff --git a/net/ipv4/netfilter/ipt_policy.c b/net/ipv4/netfilter/ipt_policy.c
index 18ca8258a1c5..5a7a265280f9 100644
--- a/net/ipv4/netfilter/ipt_policy.c
+++ b/net/ipv4/netfilter/ipt_policy.c
@@ -26,10 +26,13 @@ MODULE_LICENSE("GPL");
 static inline int
 match_xfrm_state(struct xfrm_state *x, const struct ipt_policy_elem *e)
 {
-#define MATCH(x,y)      (!e->match.x || ((e->x == (y)) ^ e->invert.x))
+#define MATCH_ADDR(x,y,z)       (!e->match.x ||                              \
+                                 ((e->x.a4.s_addr == (e->y.a4.s_addr & (z))) \
+                                  ^ e->invert.x))
+#define MATCH(x,y)              (!e->match.x || ((e->x == (y)) ^ e->invert.x))
 
-        return MATCH(saddr, x->props.saddr.a4 & e->smask) &&
-               MATCH(daddr, x->id.daddr.a4 & e->dmask) &&
+        return MATCH_ADDR(saddr, smask, x->props.saddr.a4) &&
+               MATCH_ADDR(daddr, dmask, x->id.daddr.a4) &&
                MATCH(proto, x->id.proto) &&
                MATCH(mode, x->props.mode) &&
                MATCH(spi, x->id.spi) &&
@@ -89,7 +92,7 @@ match_policy_out(const struct sk_buff *skb, const struct ipt_policy_info *info)
                         return 0;
         }
 
-        return strict ? 1 : 0;
+        return strict ? i == info->len : 0;
 }
 
 static int match(const struct sk_buff *skb,
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 39d49dc333a7..1b167c4bb3be 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -49,7 +49,7 @@ static int fold_prot_inuse(struct proto *proto)
         int res = 0;
         int cpu;
 
-        for (cpu = 0; cpu < NR_CPUS; cpu++)
+        for_each_cpu(cpu)
                 res += proto->stats[cpu].inuse;
 
         return res;
diff --git a/net/ipv4/tcp_htcp.c b/net/ipv4/tcp_htcp.c
index 3284cfb993e6..128de4d7c0b7 100644
--- a/net/ipv4/tcp_htcp.c
+++ b/net/ipv4/tcp_htcp.c
@@ -230,7 +230,6 @@ static void htcp_cong_avoid(struct sock *sk, u32 ack, u32 rtt,
                         if (tp->snd_cwnd < tp->snd_cwnd_clamp)
                                 tp->snd_cwnd++;
                         tp->snd_cwnd_cnt = 0;
-                        ca->ccount++;
                 }
         }
 }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6ea353907af5..233bdf259965 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -236,7 +236,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
         if (err)
                 goto failure;
 
-        err = ip_route_newports(&rt, inet->sport, inet->dport, sk);
+        err = ip_route_newports(&rt, IPPROTO_TCP, inet->sport, inet->dport, sk);
         if (err)
                 goto failure;
 
@@ -1845,7 +1845,6 @@ void __init tcp_v4_init(struct net_proto_family *ops)
 }
 
 EXPORT_SYMBOL(ipv4_specific);
-EXPORT_SYMBOL(inet_bind_bucket_create);
 EXPORT_SYMBOL(tcp_hashinfo);
 EXPORT_SYMBOL(tcp_prot);
 EXPORT_SYMBOL(tcp_unhash);