Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git

Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2005-12-05 14:15:30 -0500
committer: Steve French <sfrench@us.ibm.com> 2005-12-05 14:15:30 -0500
commit: c89a86bb96307019867d11874ef0b86adaa0598e (patch)
tree: c44c1a825e8a143a4c52bcb8692292aeb77fa64e /net/ipv4
parent: 07475ffba5800c53573180dd521273642adcd0e9 (diff)
parent: e4f5c82a92c2a546a16af1614114eec19120e40a (diff)
5 files changed, 34 insertions, 16 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index eaa150c33b04..d368cf249000 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -228,13 +228,14 @@ static int inet_create(struct socket *sock, int protocol)
        unsigned char answer_flags;
        char answer_no_check;
        int try_loading_module = 0;
-        int err = -ESOCKTNOSUPPORT;
+        int err;
        sock->state = SS_UNCONNECTED;
        /* Look for the requested type/protocol pair. */
        answer = NULL;
 lookup_protocol:
+        err = -ESOCKTNOSUPPORT;
        rcu_read_lock();
        list_for_each_rcu(p, &inetsw[sock->type]) {
                answer = list_entry(p, struct inet_protosw, list);
@@ -252,6 +253,7 @@ lookup_protocol:
                        if (IPPROTO_IP == answer->protocol)
                                break;
                }
+                err = -EPROTONOSUPPORT;
                answer = NULL;
        }
@@ -280,9 +282,6 @@ lookup_protocol:
        err = -EPERM;
        if (answer->capability > 0 && !capable(answer->capability))
                goto out_rcu_unlock;
-        err = -EPROTONOSUPPORT;
-        if (!protocol)
-                goto out_rcu_unlock;
        sock->ops = answer->ops;
        answer_prot = answer->prot;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 882f88f6d13b..19b1b984d687 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -544,12 +544,16 @@ static void nl_fib_input(struct sock *sk, int len)
        struct sk_buff *skb = NULL;
        struct nlmsghdr *nlh = NULL;
        struct fib_result_nl *frn;
-        int err;
        u32 pid;     
        struct fib_table *tb;
        
-        skb = skb_recv_datagram(sk, 0, 0, &err);
+        skb = skb_dequeue(&sk->sk_receive_queue);
        nlh = (struct nlmsghdr *)skb->data;
+        if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len ||
+            nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*frn))) {
+                kfree_skb(skb);
+                return;
+        }
        
        frn = (struct fib_result_nl *) NLMSG_DATA(nlh);
        tb = fib_get_table(frn->tb_id_in);
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index c04607b49212..4a195c724f01 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -897,7 +897,10 @@ int igmp_rcv(struct sk_buff *skb)
                /* Is it our report looped back? */
                if (((struct rtable*)skb->dst)->fl.iif == 0)
                        break;
-                igmp_heard_report(in_dev, ih->group);
+                /* don't rely on MC router hearing unicast reports */
+                if (skb->pkt_type == PACKET_MULTICAST ||
+                    skb->pkt_type == PACKET_BROADCAST)
+                        igmp_heard_report(in_dev, ih->group);
                break;
        case IGMP_PIM:
 #ifdef CONFIG_IP_PIMSM_V1
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 625981676776..aeb7353d4777 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -272,9 +272,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 *      sCL -> sCL
 */
 /*           sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI   */
-/*ack*/    { sIV, sIV, sSR, sES, sCW, sCW, sTW, sTW, sCL, sIV },
+/*ack*/    { sIV, sIG, sSR, sES, sCW, sCW, sTW, sTW, sCL, sIV },
 /*
- *      sSS -> sIV      Might be a half-open connection.
+ *      sSS -> sIG      Might be a half-open connection.
 *      sSR -> sSR      Might answer late resent SYN.
 *      sES -> sES      :-)
 *      sFW -> sCW      Normal close request answered by ACK.
@@ -917,8 +917,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
        switch (new_state) {
        case TCP_CONNTRACK_IGNORE:
-                /* Either SYN in ORIGINAL
+                /* Ignored packets:
-                 * or SYN/ACK in REPLY. */
+                 * 
+                 * a) SYN in ORIGINAL
+                 * b) SYN/ACK in REPLY
+                 * c) ACK in reply direction after initial SYN in original.
+                 */
                if (index == TCP_SYNACK_SET
                    && conntrack->proto.tcp.last_index == TCP_SYN_SET
                    && conntrack->proto.tcp.last_dir != dir
@@ -985,13 +989,20 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                }
        case TCP_CONNTRACK_CLOSE:
                if (index == TCP_RST_SET
-                    && test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
+                    && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
-                    && conntrack->proto.tcp.last_index == TCP_SYN_SET
+                         && conntrack->proto.tcp.last_index == TCP_SYN_SET)
+                        || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
+                            && conntrack->proto.tcp.last_index == TCP_ACK_SET))
                    && ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) {
-                        /* RST sent to invalid SYN we had let trough
+                        /* RST sent to invalid SYN or ACK we had let trough
-                         * SYN was in window then, tear down connection.
+                         * at a) and c) above:
+                         *
+                         * a) SYN was in window then
+                         * c) we hold a half-open connection.
+                         *
+                         * Delete our connection entry.
                         * We skip window checking, because packet might ACK
-                         * segments we ignored in the SYN. */
+                         * segments we ignored. */
                        goto in_window;
                }
                /* Just fall trough */
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 2d44b07688af..261cbb4d4c49 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -532,6 +532,7 @@ match(const struct sk_buff *skb,
                        }
                        if(info->seconds && info->hit_count) {
                                for(pkt_count = 0, hits_found = 0; pkt_count < ip_pkt_list_tot; pkt_count++) {
+                                        if(r_list[location].last_pkts[pkt_count] == 0) break;
                                        if(time_before_eq(now,r_list[location].last_pkts[pkt_count]+info->seconds*HZ)) hits_found++;
                                }
                                if(hits_found >= info->hit_count) ans = !info->invert; else ans = info->invert;
author	Steve French <sfrench@us.ibm.com>	2005-12-05 14:15:30 -0500
committer	Steve French <sfrench@us.ibm.com>	2005-12-05 14:15:30 -0500
commit	c89a86bb96307019867d11874ef0b86adaa0598e (patch)
tree	c44c1a825e8a143a4c52bcb8692292aeb77fa64e /net/ipv4
parent	07475ffba5800c53573180dd521273642adcd0e9 (diff)
parent	e4f5c82a92c2a546a16af1614114eec19120e40a (diff)