Merge branch 'master' into upstream

author: Jeff Garzik <jeff@garzik.org> 2006-05-20 00:03:38 -0400
committer: Jeff Garzik <jeff@garzik.org> 2006-05-20 00:03:38 -0400
commit: badc48e6605ddeeb2484afae5993c859494decaa (patch)
tree: 7da638f9bb53b1812b71e40ad6deca91d59ad301 /net/ipv4
parent: 753a6c4ff4c371a3e4e3408aaba4d03f3cfde73a (diff)
parent: 2f880b65fdbc2d4915bddc59d75a176329570fdd (diff)
14 files changed, 42 insertions, 28 deletions
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 18d7fad474d7..c9026dbf4c93 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -337,7 +337,7 @@ static inline int ip_rcv_finish(struct sk_buff *skb)
         *      Initialise the virtual path cache for the packet. It describes
         *      how the packet travels inside Linux networking.
         */ 
-        if (likely(skb->dst == NULL)) {
+        if (skb->dst == NULL) {
                int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
                                         skb->dev);
                if (unlikely(err)) {
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 9bebad07bf2e..cbcae6544622 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -209,7 +209,7 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
 void ip_options_fragment(struct sk_buff * skb) 
 {
-        unsigned char * optptr = skb->nh.raw;
+        unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
        struct ip_options * opt = &(IPCB(skb)->opt);
        int  l = opt->optlen;
        int  optlen;
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index c2d92f99a2b8..d0d19192026d 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -948,7 +948,7 @@ static int do_add_counters(void __user *user, unsigned int len)
        write_lock_bh(&t->lock);
        private = t->private;
-        if (private->number != paddc->num_counters) {
+        if (private->number != tmp.num_counters) {
                ret = -EINVAL;
                goto unlock_up_free;
        }
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 2c2fb700d835..518f581d39ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -162,6 +162,8 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
        /* Validate TPKT length */
        tpktlen = tpkt[2] * 256 + tpkt[3];
+        if (tpktlen < 4)
+                goto clear_out;
        if (tpktlen > tcpdatalen) {
                if (tcpdatalen == 4) {  /* Separate TPKT header */
                        /* Netmeeting sends TPKT header and data separately */
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
index 48078002e450..355a53a5b6cd 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
@@ -2,7 +2,7 @@
 * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323
 *                                   conntrack/NAT module.
 *
- * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@hotmail.com>
+ * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
 *
 * This source code is licensed under General Public License version 2.
 *
@@ -703,6 +703,10 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
                type = get_bits(bs, f->sz);
        }
+        /* Write Type */
+        if (base)
+                *(unsigned *) base = type;
        /* Check Range */
        if (type >= f->ub) {    /* Newer version? */
                BYTE_ALIGN(bs);
@@ -712,10 +716,6 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
                return H323_ERROR_NONE;
        }
-        /* Write Type */
-        if (base)
-                *(unsigned *) base = type;
        /* Transfer to son level */
        son = &f->fields[type];
        if (son->attr & STOP) {
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 5259abd0fb42..0416073c5600 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_conntrack *conntrack,
                        flag = 1;
                }
-                /* Cookie Ack/Echo chunks not the first OR 
+                /*
-                   Init / Init Ack / Shutdown compl chunks not the only chunks */
+                 * Cookie Ack/Echo chunks not the first OR
-                if ((sch->type == SCTP_CID_COOKIE_ACK 
+                 * Init / Init Ack / Shutdown compl chunks not the only chunks
+                 * OR zero-length.
+                 */
+                if (((sch->type == SCTP_CID_COOKIE_ACK
                        || sch->type == SCTP_CID_COOKIE_ECHO
                        || flag)
-                     && count !=0 ) {
+                      && count !=0) || !sch->length) {
                        DEBUGP("Basic checks failed\n");
                        return 1;
                }
diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c
index 6c4899d8046a..96ceabaec402 100644
--- a/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ b/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -49,15 +49,15 @@ gre_in_range(const struct ip_conntrack_tuple *tuple,
             const union ip_conntrack_manip_proto *min,
             const union ip_conntrack_manip_proto *max)
 {
-        u_int32_t key;
+        __be16 key;
        if (maniptype == IP_NAT_MANIP_SRC)
                key = tuple->src.u.gre.key;
        else
                key = tuple->dst.u.gre.key;
-        return ntohl(key) >= ntohl(min->gre.key)
+        return ntohs(key) >= ntohs(min->gre.key)
-                && ntohl(key) <= ntohl(max->gre.key);
+                && ntohs(key) <= ntohs(max->gre.key);
 }
 /* generate unique tuple ... */
@@ -81,14 +81,14 @@ gre_unique_tuple(struct ip_conntrack_tuple *tuple,
                min = 1;
                range_size = 0xffff;
        } else {
-                min = ntohl(range->min.gre.key);
+                min = ntohs(range->min.gre.key);
-                range_size = ntohl(range->max.gre.key) - min + 1;
+                range_size = ntohs(range->max.gre.key) - min + 1;
        }
        DEBUGP("min = %u, range_size = %u\n", min, range_size); 
        for (i = 0; i < range_size; i++, key++) {
-                *keyptr = htonl(min + key % range_size);
+                *keyptr = htons(min + key % range_size);
                if (!ip_nat_used_tuple(tuple, conntrack))
                        return 1;
        }
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 8f760b28617e..67e676783da9 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -219,8 +219,10 @@ ip_nat_out(unsigned int hooknum,
           const struct net_device *out,
           int (*okfn)(struct sk_buff *))
 {
+#ifdef CONFIG_XFRM
        struct ip_conntrack *ct;
        enum ip_conntrack_info ctinfo;
+#endif
        unsigned int ret;
        /* root is playing with raw sockets. */
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 6d1c11563943..cee3397ec277 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1441,7 +1441,7 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
        ret = -EFAULT;
        origsize = *size;
        ce = (struct compat_ipt_entry __user *)*dstptr;
-        if (__copy_to_user(ce, e, sizeof(struct ipt_entry)))
+        if (copy_to_user(ce, e, sizeof(struct ipt_entry)))
                goto out;
        *dstptr += sizeof(struct compat_ipt_entry);
@@ -1459,9 +1459,9 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
                goto out;
        ret = -EFAULT;
        next_offset = e->next_offset - (origsize - *size);
-        if (__put_user(target_offset, &ce->target_offset))
+        if (put_user(target_offset, &ce->target_offset))
                goto out;
-        if (__put_user(next_offset, &ce->next_offset))
+        if (put_user(next_offset, &ce->next_offset))
                goto out;
        return 0;
 out:
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 39fd4c2a2386..b98f7b08b084 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -428,7 +428,7 @@ ipt_log_target(struct sk_buff **pskb,
        if (loginfo->logflags & IPT_LOG_NFLOG)
                nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
-                              loginfo->prefix);
+                              "%s", loginfo->prefix);
        else
                ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
                               loginfo->prefix);
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 143843285702..b847ee409efb 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -821,6 +821,7 @@ checkentry(const char *tablename,
        /* Create our proc 'status' entry. */
        curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent);
        if (!curr_table->status_proc) {
+                vfree(hold);
                printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n");
                /* Destroy the created table */
                spin_lock_bh(&recent_lock);
@@ -845,7 +846,6 @@ checkentry(const char *tablename,
                spin_unlock_bh(&recent_lock);
                vfree(curr_table->time_info);
                vfree(curr_table->hash_table);
-                vfree(hold);
                vfree(curr_table->table);
                vfree(curr_table);
                return 0;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 87f68e787d0c..e2b7b8055037 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1468,6 +1468,7 @@ void tcp_close(struct sock *sk, long timeout)
 {
        struct sk_buff *skb;
        int data_was_unread = 0;
+        int state;
        lock_sock(sk);
        sk->sk_shutdown = SHUTDOWN_MASK;
@@ -1544,6 +1545,11 @@ void tcp_close(struct sock *sk, long timeout)
        sk_stream_wait_close(sk, timeout);
 adjudge_to_death:
+        state = sk->sk_state;
+        sock_hold(sk);
+        sock_orphan(sk);
+        atomic_inc(sk->sk_prot->orphan_count);
        /* It is the last release_sock in its life. It will remove backlog. */
        release_sock(sk);
@@ -1555,8 +1561,9 @@ adjudge_to_death:
        bh_lock_sock(sk);
        BUG_TRAP(!sock_owned_by_user(sk));
-        sock_hold(sk);
+        /* Have we already been destroyed by a softirq or backlog? */
-        sock_orphan(sk);
+        if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
+                goto out;
        /*      This is a (useful) BSD violating of the RFC. There is a
         *      problem with TCP as specified in that the other end could
@@ -1584,7 +1591,6 @@ adjudge_to_death:
                        if (tmo > TCP_TIMEWAIT_LEN) {
                                inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk));
                        } else {
-                                atomic_inc(sk->sk_prot->orphan_count);
                                tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
                                goto out;
                        }
@@ -1603,7 +1609,6 @@ adjudge_to_death:
                        NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY);
                }
        }
-        atomic_inc(sk->sk_prot->orphan_count);
        if (sk->sk_state == TCP_CLOSE)
                inet_csk_destroy_sock(sk);
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c
index e0e9d1383c7c..b72fa55dfb84 100644
--- a/net/ipv4/tcp_highspeed.c
+++ b/net/ipv4/tcp_highspeed.c
@@ -137,8 +137,8 @@ static void hstcp_cong_avoid(struct sock *sk, u32 adk, u32 rtt,
                if (tp->snd_cwnd < tp->snd_cwnd_clamp) {
                        tp->snd_cwnd_cnt += ca->ai;
                        if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
-                                tp->snd_cwnd++;
                                tp->snd_cwnd_cnt -= tp->snd_cwnd;
+                                tp->snd_cwnd++;
                        }
                }
        }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 9f0cca4c4fae..4a538bc1683d 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1662,6 +1662,8 @@ static void tcp_update_scoreboard(struct sock *sk, struct tcp_sock *tp)
                        if (!(TCP_SKB_CB(skb)->sacked&TCPCB_TAGBITS)) {
                                TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
                                tp->lost_out += tcp_skb_pcount(skb);
+                                if (IsReno(tp))
+                                        tcp_remove_reno_sacks(sk, tp, tcp_skb_pcount(skb) + 1);
                                /* clear xmit_retrans hint */
                                if (tp->retransmit_skb_hint &&
author	Jeff Garzik <jeff@garzik.org>	2006-05-20 00:03:38 -0400
committer	Jeff Garzik <jeff@garzik.org>	2006-05-20 00:03:38 -0400
commit	badc48e6605ddeeb2484afae5993c859494decaa (patch)
tree	7da638f9bb53b1812b71e40ad6deca91d59ad301 /net/ipv4
parent	753a6c4ff4c371a3e4e3408aaba4d03f3cfde73a (diff)
parent	2f880b65fdbc2d4915bddc59d75a176329570fdd (diff)