aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-04-19 17:55:29 -0400
committerDavid S. Miller <davem@davemloft.net>2013-04-19 17:55:29 -0400
commit95a06161e6b903ad5b96285cb57c8df3b7c8ad34 (patch)
tree38aceebbb625e4b5186d8c8afe85f9c73ccd6478 /net
parentbb5b052f751b309b5181686741c724a66c5cb15a (diff)
parentd37d696804a83479f240b397670a07ccb53a7417 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says: ==================== The following patchset contains a small batch of Netfilter updates for your net-next tree, they are: * Three patches that provide more accurate error reporting to user-space, instead of -EPERM, in IPv4/IPv6 netfilter re-routing code and NAT, from Patrick McHardy. * Update copyright statements in Netfilter filters of Patrick McHardy, from himself. * Add Kconfig dependency on the raw/mangle tables to the rpfilter, from Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter.c15
-rw-r--r--net/ipv4/netfilter/Kconfig2
-rw-r--r--net/ipv4/netfilter/arp_tables.c1
-rw-r--r--net/ipv4/netfilter/ip_tables.c1
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c1
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c9
-rw-r--r--net/ipv4/netfilter/iptable_nat.c23
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c1
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c1
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c1
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c1
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_gre.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c2
-rw-r--r--net/ipv6/netfilter.c12
-rw-r--r--net/ipv6/netfilter/Kconfig2
-rw-r--r--net/ipv6/netfilter/ip6_tables.c1
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c2
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c9
-rw-r--r--net/ipv6/netfilter/ip6table_nat.c23
-rw-r--r--net/netfilter/core.c1
-rw-r--r--net/netfilter/nf_conntrack_amanda.c1
-rw-r--r--net/netfilter/nf_conntrack_core.c1
-rw-r--r--net/netfilter/nf_conntrack_ecache.c8
-rw-r--r--net/netfilter/nf_conntrack_expect.c1
-rw-r--r--net/netfilter/nf_conntrack_ftp.c1
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c1
-rw-r--r--net/netfilter/nf_conntrack_helper.c1
-rw-r--r--net/netfilter/nf_conntrack_irc.c1
-rw-r--r--net/netfilter/nf_conntrack_pptp.c2
-rw-r--r--net/netfilter/nf_conntrack_proto.c1
-rw-r--r--net/netfilter/nf_conntrack_proto_gre.c1
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c3
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c2
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c1
-rw-r--r--net/netfilter/nf_conntrack_standalone.c1
-rw-r--r--net/netfilter/nf_conntrack_tftp.c2
-rw-r--r--net/netfilter/nf_nat_amanda.c1
-rw-r--r--net/netfilter/nf_nat_core.c9
-rw-r--r--net/netfilter/nf_nat_helper.c1
-rw-r--r--net/netfilter/nf_queue.c5
-rw-r--r--net/netfilter/nfnetlink_log.c1
-rw-r--r--net/netfilter/x_tables.c1
-rw-r--r--net/netfilter/xt_TCPMSS.c1
-rw-r--r--net/netfilter/xt_conntrack.c1
-rw-r--r--net/netfilter/xt_hashlimit.c1
-rw-r--r--net/netfilter/xt_limit.c1
47 files changed, 122 insertions, 40 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 4c0cf63dd92e..c3e0adea9c27 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -1,4 +1,9 @@
1/* IPv4 specific functions of netfilter core */ 1/*
2 * IPv4 specific functions of netfilter core
3 *
4 * Rusty Russell (C) 2000 -- This code is GPL.
5 * Patrick McHardy (C) 2006-2012
6 */
2#include <linux/kernel.h> 7#include <linux/kernel.h>
3#include <linux/netfilter.h> 8#include <linux/netfilter.h>
4#include <linux/netfilter_ipv4.h> 9#include <linux/netfilter_ipv4.h>
@@ -40,14 +45,14 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
40 fl4.flowi4_flags = flags; 45 fl4.flowi4_flags = flags;
41 rt = ip_route_output_key(net, &fl4); 46 rt = ip_route_output_key(net, &fl4);
42 if (IS_ERR(rt)) 47 if (IS_ERR(rt))
43 return -1; 48 return PTR_ERR(rt);
44 49
45 /* Drop old route. */ 50 /* Drop old route. */
46 skb_dst_drop(skb); 51 skb_dst_drop(skb);
47 skb_dst_set(skb, &rt->dst); 52 skb_dst_set(skb, &rt->dst);
48 53
49 if (skb_dst(skb)->error) 54 if (skb_dst(skb)->error)
50 return -1; 55 return skb_dst(skb)->error;
51 56
52#ifdef CONFIG_XFRM 57#ifdef CONFIG_XFRM
53 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && 58 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
@@ -56,7 +61,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
56 skb_dst_set(skb, NULL); 61 skb_dst_set(skb, NULL);
57 dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0); 62 dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0);
58 if (IS_ERR(dst)) 63 if (IS_ERR(dst))
59 return -1; 64 return PTR_ERR(dst);;
60 skb_dst_set(skb, dst); 65 skb_dst_set(skb, dst);
61 } 66 }
62#endif 67#endif
@@ -66,7 +71,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
66 if (skb_headroom(skb) < hh_len && 71 if (skb_headroom(skb) < hh_len &&
67 pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), 72 pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)),
68 0, GFP_ATOMIC)) 73 0, GFP_ATOMIC))
69 return -1; 74 return -ENOMEM;
70 75
71 return 0; 76 return 0;
72} 77}
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 0d755c50994b..e7916c193932 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -71,7 +71,7 @@ config IP_NF_MATCH_ECN
71 71
72config IP_NF_MATCH_RPFILTER 72config IP_NF_MATCH_RPFILTER
73 tristate '"rpfilter" reverse path filter match support' 73 tristate '"rpfilter" reverse path filter match support'
74 depends on NETFILTER_ADVANCED 74 depends on NETFILTER_ADVANCED && (IP_NF_MANGLE || IP_NF_RAW)
75 ---help--- 75 ---help---
76 This option allows you to match packets whose replies would 76 This option allows you to match packets whose replies would
77 go out via the interface the packet came in. 77 go out via the interface the packet came in.
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 7dc6a9743592..85a4f21aac1a 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -6,6 +6,7 @@
6 * Some ARP specific bits are: 6 * Some ARP specific bits are:
7 * 7 *
8 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 8 * Copyright (C) 2002 David S. Miller (davem@redhat.com)
9 * Copyright (C) 2006-2009 Patrick McHardy <kaber@trash.net>
9 * 10 *
10 */ 11 */
11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index e391db1f056d..d23118d95ff9 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -3,6 +3,7 @@
3 * 3 *
4 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 4 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
5 * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> 5 * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
6 * Copyright (C) 2006-2010 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 8799c836ccaa..f8a222cb6448 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -4,6 +4,7 @@
4 * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> 4 * (C) 2000-2004 by Harald Welte <laforge@netfilter.org>
5 * (C) 1999-2001 Paul `Rusty' Russell 5 * (C) 1999-2001 Paul `Rusty' Russell
6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 6 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
7 * (C) 2005-2007 Patrick McHardy <kaber@trash.net>
7 * 8 *
8 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as 10 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 85d88f206447..cba5658ec82c 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -44,6 +44,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)
44 u_int8_t tos; 44 u_int8_t tos;
45 __be32 saddr, daddr; 45 __be32 saddr, daddr;
46 u_int32_t mark; 46 u_int32_t mark;
47 int err;
47 48
48 /* root is playing with raw sockets. */ 49 /* root is playing with raw sockets. */
49 if (skb->len < sizeof(struct iphdr) || 50 if (skb->len < sizeof(struct iphdr) ||
@@ -66,9 +67,11 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)
66 if (iph->saddr != saddr || 67 if (iph->saddr != saddr ||
67 iph->daddr != daddr || 68 iph->daddr != daddr ||
68 skb->mark != mark || 69 skb->mark != mark ||
69 iph->tos != tos) 70 iph->tos != tos) {
70 if (ip_route_me_harder(skb, RTN_UNSPEC)) 71 err = ip_route_me_harder(skb, RTN_UNSPEC);
71 ret = NF_DROP; 72 if (err < 0)
73 ret = NF_DROP_ERR(err);
74 }
72 } 75 }
73 76
74 return ret; 77 return ret;
diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c
index eeaff7e4acb5..6383273d54e1 100644
--- a/net/ipv4/netfilter/iptable_nat.c
+++ b/net/ipv4/netfilter/iptable_nat.c
@@ -176,6 +176,7 @@ nf_nat_ipv4_out(unsigned int hooknum,
176#ifdef CONFIG_XFRM 176#ifdef CONFIG_XFRM
177 const struct nf_conn *ct; 177 const struct nf_conn *ct;
178 enum ip_conntrack_info ctinfo; 178 enum ip_conntrack_info ctinfo;
179 int err;
179#endif 180#endif
180 unsigned int ret; 181 unsigned int ret;
181 182
@@ -195,9 +196,11 @@ nf_nat_ipv4_out(unsigned int hooknum,
195 ct->tuplehash[!dir].tuple.dst.u3.ip) || 196 ct->tuplehash[!dir].tuple.dst.u3.ip) ||
196 (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP && 197 (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
197 ct->tuplehash[dir].tuple.src.u.all != 198 ct->tuplehash[dir].tuple.src.u.all !=
198 ct->tuplehash[!dir].tuple.dst.u.all)) 199 ct->tuplehash[!dir].tuple.dst.u.all)) {
199 if (nf_xfrm_me_harder(skb, AF_INET) < 0) 200 err = nf_xfrm_me_harder(skb, AF_INET);
200 ret = NF_DROP; 201 if (err < 0)
202 ret = NF_DROP_ERR(err);
203 }
201 } 204 }
202#endif 205#endif
203 return ret; 206 return ret;
@@ -213,6 +216,7 @@ nf_nat_ipv4_local_fn(unsigned int hooknum,
213 const struct nf_conn *ct; 216 const struct nf_conn *ct;
214 enum ip_conntrack_info ctinfo; 217 enum ip_conntrack_info ctinfo;
215 unsigned int ret; 218 unsigned int ret;
219 int err;
216 220
217 /* root is playing with raw sockets. */ 221 /* root is playing with raw sockets. */
218 if (skb->len < sizeof(struct iphdr) || 222 if (skb->len < sizeof(struct iphdr) ||
@@ -226,16 +230,19 @@ nf_nat_ipv4_local_fn(unsigned int hooknum,
226 230
227 if (ct->tuplehash[dir].tuple.dst.u3.ip != 231 if (ct->tuplehash[dir].tuple.dst.u3.ip !=
228 ct->tuplehash[!dir].tuple.src.u3.ip) { 232 ct->tuplehash[!dir].tuple.src.u3.ip) {
229 if (ip_route_me_harder(skb, RTN_UNSPEC)) 233 err = ip_route_me_harder(skb, RTN_UNSPEC);
230 ret = NF_DROP; 234 if (err < 0)
235 ret = NF_DROP_ERR(err);
231 } 236 }
232#ifdef CONFIG_XFRM 237#ifdef CONFIG_XFRM
233 else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && 238 else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
234 ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP && 239 ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
235 ct->tuplehash[dir].tuple.dst.u.all != 240 ct->tuplehash[dir].tuple.dst.u.all !=
236 ct->tuplehash[!dir].tuple.src.u.all) 241 ct->tuplehash[!dir].tuple.src.u.all) {
237 if (nf_xfrm_me_harder(skb, AF_INET) < 0) 242 err = nf_xfrm_me_harder(skb, AF_INET);
238 ret = NF_DROP; 243 if (err < 0)
244 ret = NF_DROP_ERR(err);
245 }
239#endif 246#endif
240 } 247 }
241 return ret; 248 return ret;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 2820aa18b542..567d84168bd2 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -1,6 +1,7 @@
1 1
2/* (C) 1999-2001 Paul `Rusty' Russell 2/* (C) 1999-2001 Paul `Rusty' Russell
3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
4 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
4 * 5 *
5 * This program is free software; you can redistribute it and/or modify 6 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as 7 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index f2ca12794081..4c48e434bb1f 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -2,6 +2,7 @@
2 * 2 *
3 * (C) 1999-2001 Paul `Rusty' Russell 3 * (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2006-2010 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index c2cd63d2d892..a338dad41b7d 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -1,5 +1,6 @@
1/* (C) 1999-2001 Paul `Rusty' Russell 1/* (C) 1999-2001 Paul `Rusty' Russell
2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
3 * (C) 2006-2010 Patrick McHardy <kaber@trash.net>
3 * 4 *
4 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 9c3db10b22d3..9eea059dd621 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -2,6 +2,7 @@
2 * H.323 extension for NAT alteration. 2 * H.323 extension for NAT alteration.
3 * 3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * This source code is licensed under General Public License version 2. 7 * This source code is licensed under General Public License version 2.
7 * 8 *
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index a06d7d74817d..657d2307f031 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -13,6 +13,8 @@
13 * 13 *
14 * Development of this code funded by Astaro AG (http://www.astaro.com/) 14 * Development of this code funded by Astaro AG (http://www.astaro.com/)
15 * 15 *
16 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
17 *
16 * TODO: - NAT to a unique tuple, not to TCP source port 18 * TODO: - NAT to a unique tuple, not to TCP source port
17 * (needs netfilter tuple reservation) 19 * (needs netfilter tuple reservation)
18 */ 20 */
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c
index ea44f02563b5..690d890111bb 100644
--- a/net/ipv4/netfilter/nf_nat_proto_gre.c
+++ b/net/ipv4/netfilter/nf_nat_proto_gre.c
@@ -21,6 +21,8 @@
21 * 21 *
22 * Development of this code funded by Astaro AG (http://www.astaro.com/) 22 * Development of this code funded by Astaro AG (http://www.astaro.com/)
23 * 23 *
24 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
25 *
24 */ 26 */
25 27
26#include <linux/module.h> 28#include <linux/module.h>
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index bac712293fd6..5f011cc89cd9 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -38,6 +38,8 @@
38 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 38 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
39 * 39 *
40 * Author: James Morris <jmorris@intercode.com.au> 40 * Author: James Morris <jmorris@intercode.com.au>
41 *
42 * Copyright (c) 2006-2010 Patrick McHardy <kaber@trash.net>
41 */ 43 */
42#include <linux/module.h> 44#include <linux/module.h>
43#include <linux/moduleparam.h> 45#include <linux/moduleparam.h>
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 429089cb073d..72836f40b730 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -1,3 +1,9 @@
1/*
2 * IPv6 specific functions of netfilter core
3 *
4 * Rusty Russell (C) 2000 -- This code is GPL.
5 * Patrick McHardy (C) 2006-2012
6 */
1#include <linux/kernel.h> 7#include <linux/kernel.h>
2#include <linux/init.h> 8#include <linux/init.h>
3#include <linux/ipv6.h> 9#include <linux/ipv6.h>
@@ -29,7 +35,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
29 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 35 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
30 LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); 36 LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n");
31 dst_release(dst); 37 dst_release(dst);
32 return -EINVAL; 38 return dst->error;
33 } 39 }
34 40
35 /* Drop old route. */ 41 /* Drop old route. */
@@ -43,7 +49,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
43 skb_dst_set(skb, NULL); 49 skb_dst_set(skb, NULL);
44 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), skb->sk, 0); 50 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), skb->sk, 0);
45 if (IS_ERR(dst)) 51 if (IS_ERR(dst))
46 return -1; 52 return PTR_ERR(dst);
47 skb_dst_set(skb, dst); 53 skb_dst_set(skb, dst);
48 } 54 }
49#endif 55#endif
@@ -53,7 +59,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
53 if (skb_headroom(skb) < hh_len && 59 if (skb_headroom(skb) < hh_len &&
54 pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), 60 pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)),
55 0, GFP_ATOMIC)) 61 0, GFP_ATOMIC))
56 return -1; 62 return -ENOMEM;
57 63
58 return 0; 64 return 0;
59} 65}
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index c72532a60d88..4433ab40e7de 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -105,7 +105,7 @@ config IP6_NF_MATCH_MH
105 105
106config IP6_NF_MATCH_RPFILTER 106config IP6_NF_MATCH_RPFILTER
107 tristate '"rpfilter" reverse path filter match support' 107 tristate '"rpfilter" reverse path filter match support'
108 depends on NETFILTER_ADVANCED 108 depends on NETFILTER_ADVANCED && (IP6_NF_MANGLE || IP6_NF_RAW)
109 ---help--- 109 ---help---
110 This option allows you to match packets whose replies would 110 This option allows you to match packets whose replies would
111 go out via the interface the packet came in. 111 go out via the interface the packet came in.
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 8861b1ef420e..44400c216dc6 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -3,6 +3,7 @@
3 * 3 *
4 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 4 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
5 * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> 5 * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
6 * Copyright (c) 2006-2010 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index ed3b427b2841..70f9abc0efe9 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -7,6 +7,8 @@
7 * Authors: 7 * Authors:
8 * Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 8 * Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
9 * 9 *
10 * Copyright (c) 2005-2007 Patrick McHardy <kaber@trash.net>
11 *
10 * Based on net/ipv4/netfilter/ipt_REJECT.c 12 * Based on net/ipv4/netfilter/ipt_REJECT.c
11 * 13 *
12 * This program is free software; you can redistribute it and/or 14 * This program is free software; you can redistribute it and/or
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 6134a1ebfb1b..e075399d8b72 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -38,7 +38,7 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
38 struct in6_addr saddr, daddr; 38 struct in6_addr saddr, daddr;
39 u_int8_t hop_limit; 39 u_int8_t hop_limit;
40 u_int32_t flowlabel, mark; 40 u_int32_t flowlabel, mark;
41 41 int err;
42#if 0 42#if 0
43 /* root is playing with raw sockets. */ 43 /* root is playing with raw sockets. */
44 if (skb->len < sizeof(struct iphdr) || 44 if (skb->len < sizeof(struct iphdr) ||
@@ -65,8 +65,11 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
65 !ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) || 65 !ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) ||
66 skb->mark != mark || 66 skb->mark != mark ||
67 ipv6_hdr(skb)->hop_limit != hop_limit || 67 ipv6_hdr(skb)->hop_limit != hop_limit ||
68 flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) 68 flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) {
69 return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP; 69 err = ip6_route_me_harder(skb);
70 if (err < 0)
71 ret = NF_DROP_ERR(err);
72 }
70 73
71 return ret; 74 return ret;
72} 75}
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c
index e0e788d25b14..6383f90efda8 100644
--- a/net/ipv6/netfilter/ip6table_nat.c
+++ b/net/ipv6/netfilter/ip6table_nat.c
@@ -179,6 +179,7 @@ nf_nat_ipv6_out(unsigned int hooknum,
179#ifdef CONFIG_XFRM 179#ifdef CONFIG_XFRM
180 const struct nf_conn *ct; 180 const struct nf_conn *ct;
181 enum ip_conntrack_info ctinfo; 181 enum ip_conntrack_info ctinfo;
182 int err;
182#endif 183#endif
183 unsigned int ret; 184 unsigned int ret;
184 185
@@ -197,9 +198,11 @@ nf_nat_ipv6_out(unsigned int hooknum,
197 &ct->tuplehash[!dir].tuple.dst.u3) || 198 &ct->tuplehash[!dir].tuple.dst.u3) ||
198 (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 && 199 (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
199 ct->tuplehash[dir].tuple.src.u.all != 200 ct->tuplehash[dir].tuple.src.u.all !=
200 ct->tuplehash[!dir].tuple.dst.u.all)) 201 ct->tuplehash[!dir].tuple.dst.u.all)) {
201 if (nf_xfrm_me_harder(skb, AF_INET6) < 0) 202 err = nf_xfrm_me_harder(skb, AF_INET6);
202 ret = NF_DROP; 203 if (err < 0)
204 ret = NF_DROP_ERR(err);
205 }
203 } 206 }
204#endif 207#endif
205 return ret; 208 return ret;
@@ -215,6 +218,7 @@ nf_nat_ipv6_local_fn(unsigned int hooknum,
215 const struct nf_conn *ct; 218 const struct nf_conn *ct;
216 enum ip_conntrack_info ctinfo; 219 enum ip_conntrack_info ctinfo;
217 unsigned int ret; 220 unsigned int ret;
221 int err;
218 222
219 /* root is playing with raw sockets. */ 223 /* root is playing with raw sockets. */
220 if (skb->len < sizeof(struct ipv6hdr)) 224 if (skb->len < sizeof(struct ipv6hdr))
@@ -227,16 +231,19 @@ nf_nat_ipv6_local_fn(unsigned int hooknum,
227 231
228 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, 232 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3,
229 &ct->tuplehash[!dir].tuple.src.u3)) { 233 &ct->tuplehash[!dir].tuple.src.u3)) {
230 if (ip6_route_me_harder(skb)) 234 err = ip6_route_me_harder(skb);
231 ret = NF_DROP; 235 if (err < 0)
236 ret = NF_DROP_ERR(err);
232 } 237 }
233#ifdef CONFIG_XFRM 238#ifdef CONFIG_XFRM
234 else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && 239 else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
235 ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 && 240 ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
236 ct->tuplehash[dir].tuple.dst.u.all != 241 ct->tuplehash[dir].tuple.dst.u.all !=
237 ct->tuplehash[!dir].tuple.src.u.all) 242 ct->tuplehash[!dir].tuple.src.u.all) {
238 if (nf_xfrm_me_harder(skb, AF_INET6)) 243 err = nf_xfrm_me_harder(skb, AF_INET6);
239 ret = NF_DROP; 244 if (err < 0)
245 ret = NF_DROP_ERR(err);
246 }
240#endif 247#endif
241 } 248 }
242 return ret; 249 return ret;
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 7d97302f7c07..07c865a31a3d 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -5,6 +5,7 @@
5 * way. 5 * way.
6 * 6 *
7 * Rusty Russell (C)2000 -- This code is GPL. 7 * Rusty Russell (C)2000 -- This code is GPL.
8 * Patrick McHardy (c) 2006-2012
8 */ 9 */
9#include <linux/kernel.h> 10#include <linux/kernel.h>
10#include <linux/netfilter.h> 11#include <linux/netfilter.h>
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index dbdaa1149260..b8b95f4027ca 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -2,6 +2,7 @@
2 * 2 *
3 * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca> 3 * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
4 * based on HW's ip_conntrack_irc.c as well as other modules 4 * based on HW's ip_conntrack_irc.c as well as other modules
5 * (C) 2006 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * This program is free software; you can redistribute it and/or 7 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License 8 * modify it under the terms of the GNU General Public License
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 54ddc2f8e7c9..ebb81d64436c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -5,6 +5,7 @@
5/* (C) 1999-2001 Paul `Rusty' Russell 5/* (C) 1999-2001 Paul `Rusty' Russell
6 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 6 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
7 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 7 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
8 * (C) 2005-2012 Patrick McHardy <kaber@trash.net>
8 * 9 *
9 * This program is free software; you can redistribute it and/or modify 10 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as 11 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index b5d2eb8bf0d5..1df176146567 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -1,8 +1,10 @@
1/* Event cache for netfilter. */ 1/* Event cache for netfilter. */
2 2
3/* (C) 1999-2001 Paul `Rusty' Russell 3/*
4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2005 Harald Welte <laforge@gnumonks.org>
5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 5 * (C) 2005 Patrick McHardy <kaber@trash.net>
6 * (C) 2005-2006 Netfilter Core Team <coreteam@netfilter.org>
7 * (C) 2005 USAGI/WIDE Project <http://www.linux-ipv6.org>
6 * 8 *
7 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 10 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 0adfdcc68bae..c63b618cd619 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -3,6 +3,7 @@
3/* (C) 1999-2001 Paul `Rusty' Russell 3/* (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
6 * (c) 2005-2012 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 62fb8faedb80..6b217074237b 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -3,6 +3,7 @@
3/* (C) 1999-2001 Paul `Rusty' Russell 3/* (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
6 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 7df7b36d2e24..bdebd03bc8cd 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -2,6 +2,7 @@
2 * H.323 connection tracking helper 2 * H.323 connection tracking helper
3 * 3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * This source code is licensed under General Public License version 2. 7 * This source code is licensed under General Public License version 2.
7 * 8 *
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index a0b1c5c23d1c..974a2a4adefa 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -3,6 +3,7 @@
3/* (C) 1999-2001 Paul `Rusty' Russell 3/* (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
6 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 70985c5d0ffa..0fd2976db7ee 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -1,6 +1,7 @@
1/* IRC extension for IP connection tracking, Version 1.21 1/* IRC extension for IP connection tracking, Version 1.21
2 * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> 2 * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
3 * based on RR's ip_conntrack_ftp.c 3 * based on RR's ip_conntrack_ftp.c
4 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
4 * 5 *
5 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License 7 * modify it under the terms of the GNU General Public License
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index e6678d2b624e..7bd03decd36c 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -11,6 +11,8 @@
11 * 11 *
12 * Development of this code funded by Astaro AG (http://www.astaro.com/) 12 * Development of this code funded by Astaro AG (http://www.astaro.com/)
13 * 13 *
14 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
15 *
14 * Limitations: 16 * Limitations:
15 * - We blindly assume that control connections are always 17 * - We blindly assume that control connections are always
16 * established in PNS->PAC direction. This is a violation 18 * established in PNS->PAC direction. This is a violation
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 58ab4050830c..0ab9636ac57e 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -3,6 +3,7 @@
3/* (C) 1999-2001 Paul `Rusty' Russell 3/* (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
6 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index 155ce9f8a0db..9d9c0dade602 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -21,6 +21,7 @@
21 * 21 *
22 * Development of this code funded by Astaro AG (http://www.astaro.com/) 22 * Development of this code funded by Astaro AG (http://www.astaro.com/)
23 * 23 *
24 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
24 */ 25 */
25 26
26#include <linux/module.h> 27#include <linux/module.h>
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index ec83536def9a..1314d33f6bcf 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -1,6 +1,9 @@
1/* 1/*
2 * Connection tracking protocol helper module for SCTP. 2 * Connection tracking protocol helper module for SCTP.
3 * 3 *
4 * Copyright (c) 2004 Kiran Kumar Immidi <immidi_kiran@yahoo.com>
5 * Copyright (c) 2004-2012 Patrick McHardy <kaber@trash.net>
6 *
4 * SCTP is defined in RFC 2960. References to various sections in this code 7 * SCTP is defined in RFC 2960. References to various sections in this code
5 * are to this RFC. 8 * are to this RFC.
6 * 9 *
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index f021a2076c87..4d4d8f1d01fc 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -1,5 +1,7 @@
1/* (C) 1999-2001 Paul `Rusty' Russell 1/* (C) 1999-2001 Paul `Rusty' Russell
2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
3 * (C) 2002-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
4 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
3 * 5 *
4 * This program is free software; you can redistribute it and/or modify 6 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as 7 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index fee43228e115..9d7721cbce4b 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -1,5 +1,6 @@
1/* (C) 1999-2001 Paul `Rusty' Russell 1/* (C) 1999-2001 Paul `Rusty' Russell
2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
3 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
3 * 4 *
4 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index ebb67d33bd63..bd700b4013c1 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -1,5 +1,6 @@
1/* (C) 1999-2001 Paul `Rusty' Russell 1/* (C) 1999-2001 Paul `Rusty' Russell
2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> 2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
3 * (C) 2005-2012 Patrick McHardy <kaber@trash.net>
3 * 4 *
4 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index e9936c830208..e68ab4fbd71f 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -1,5 +1,5 @@
1/* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu> 1/* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu>
2 * 2 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
3 * This program is free software; you can redistribute it and/or modify 3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as 4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation. 5 * published by the Free Software Foundation.
diff --git a/net/netfilter/nf_nat_amanda.c b/net/netfilter/nf_nat_amanda.c
index 3b67c9d11273..eb772380a202 100644
--- a/net/netfilter/nf_nat_amanda.c
+++ b/net/netfilter/nf_nat_amanda.c
@@ -1,6 +1,7 @@
1/* Amanda extension for TCP NAT alteration. 1/* Amanda extension for TCP NAT alteration.
2 * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca> 2 * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
3 * based on a copy of HW's ip_nat_irc.c as well as other modules 3 * based on a copy of HW's ip_nat_irc.c as well as other modules
4 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
4 * 5 *
5 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License 7 * modify it under the terms of the GNU General Public License
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 8d5769c6d16e..346f871cf096 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -87,9 +87,10 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
87 struct flowi fl; 87 struct flowi fl;
88 unsigned int hh_len; 88 unsigned int hh_len;
89 struct dst_entry *dst; 89 struct dst_entry *dst;
90 int err;
90 91
91 if (xfrm_decode_session(skb, &fl, family) < 0) 92 err = xfrm_decode_session(skb, &fl, family);
92 return -1; 93 return err;
93 94
94 dst = skb_dst(skb); 95 dst = skb_dst(skb);
95 if (dst->xfrm) 96 if (dst->xfrm)
@@ -98,7 +99,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
98 99
99 dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0); 100 dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0);
100 if (IS_ERR(dst)) 101 if (IS_ERR(dst))
101 return -1; 102 return PTR_ERR(dst);
102 103
103 skb_dst_drop(skb); 104 skb_dst_drop(skb);
104 skb_dst_set(skb, dst); 105 skb_dst_set(skb, dst);
@@ -107,7 +108,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
107 hh_len = skb_dst(skb)->dev->hard_header_len; 108 hh_len = skb_dst(skb)->dev->hard_header_len;
108 if (skb_headroom(skb) < hh_len && 109 if (skb_headroom(skb) < hh_len &&
109 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) 110 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
110 return -1; 111 return -ENOMEM;
111 return 0; 112 return 0;
112} 113}
113EXPORT_SYMBOL(nf_xfrm_me_harder); 114EXPORT_SYMBOL(nf_xfrm_me_harder);
diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c
index 23c2b38676a6..5fea563afe30 100644
--- a/net/netfilter/nf_nat_helper.c
+++ b/net/netfilter/nf_nat_helper.c
@@ -2,6 +2,7 @@
2 * 2 *
3 * (C) 2000-2002 Harald Welte <laforge@netfilter.org> 3 * (C) 2000-2002 Harald Welte <laforge@netfilter.org>
4 * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org> 4 * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2007-2012 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index d812c1235b30..5ccf01e35390 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -1,3 +1,8 @@
1/*
2 * Rusty Russell (C)2000 -- This code is GPL.
3 * Patrick McHardy (c) 2006-2012
4 */
5
1#include <linux/kernel.h> 6#include <linux/kernel.h>
2#include <linux/slab.h> 7#include <linux/slab.h>
3#include <linux/init.h> 8#include <linux/init.h>
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index d4199eb9b338..faf1e9300d8a 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -3,6 +3,7 @@
3 * nfetlink. 3 * nfetlink.
4 * 4 *
5 * (C) 2005 by Harald Welte <laforge@netfilter.org> 5 * (C) 2005 by Harald Welte <laforge@netfilter.org>
6 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
6 * 7 *
7 * Based on the old ipv4-only ipt_ULOG.c: 8 * Based on the old ipv4-only ipt_ULOG.c:
8 * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> 9 * (C) 2000-2004 by Harald Welte <laforge@netfilter.org>
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 686c7715d777..1a73b18683b6 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -2,6 +2,7 @@
2 * x_tables core - Backend for {ip,ip6,arp}_tables 2 * x_tables core - Backend for {ip,ip6,arp}_tables
3 * 3 *
4 * Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org> 4 * Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org>
5 * Copyright (C) 2006-2012 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * Based on existing ip_tables code which is 7 * Based on existing ip_tables code which is
7 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 8 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 71a266de5fb4..a75240f0d42b 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -2,6 +2,7 @@
2 * This is a module which is used for setting the MSS option in TCP packets. 2 * This is a module which is used for setting the MSS option in TCP packets.
3 * 3 *
4 * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca> 4 * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
5 * Copyright (C) 2007 Patrick McHardy <kaber@trash.net>
5 * 6 *
6 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 61805d7b38aa..188404b9b002 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -3,6 +3,7 @@
3 * information. (Superset of Rusty's minimalistic state match.) 3 * information. (Superset of Rusty's minimalistic state match.)
4 * 4 *
5 * (C) 2001 Marc Boucher (marc@mbsi.ca). 5 * (C) 2001 Marc Boucher (marc@mbsi.ca).
6 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
6 * Copyright © CC Computer Consultants GmbH, 2007 - 2008 7 * Copyright © CC Computer Consultants GmbH, 2007 - 2008
7 * 8 *
8 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index f330e8beaf69..0199e7bb8f81 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -3,6 +3,7 @@
3 * separately for each hashbucket (sourceip/sourceport/dstip/dstport) 3 * separately for each hashbucket (sourceip/sourceport/dstip/dstport)
4 * 4 *
5 * (C) 2003-2004 by Harald Welte <laforge@netfilter.org> 5 * (C) 2003-2004 by Harald Welte <laforge@netfilter.org>
6 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
6 * Copyright © CC Computer Consultants GmbH, 2007 - 2008 7 * Copyright © CC Computer Consultants GmbH, 2007 - 2008
7 * 8 *
8 * Development of this code was funded by Astaro AG, http://www.astaro.com/ 9 * Development of this code was funded by Astaro AG, http://www.astaro.com/
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index a4c1e4528cac..bef850596558 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -1,5 +1,6 @@
1/* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr> 1/* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
2 * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr> 2 * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
3 * (C) 2006-2012 Patrick McHardy <kaber@trash.net>
3 * 4 *
4 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as