diff options
| author | Steve French <sfrench@us.ibm.com> | 2006-03-03 06:27:25 -0500 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2006-03-03 06:27:25 -0500 |
| commit | c6ee60b7c8bbc78e3b1776b2820a7e7f95f8996a (patch) | |
| tree | 99b48ef0f5217fddc0aa897d9e60d95ace7da6ff /net | |
| parent | 13298defe5323c7fdcac268f588d8d1090758fb8 (diff) | |
| parent | c499ec24c31edf270e777a868ffd0daddcfe7ebd (diff) | |
Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/br_netfilter.c | 1 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_log.c | 7 | ||||
| -rw-r--r-- | net/core/request_sock.c | 1 | ||||
| -rw-r--r-- | net/ethernet/eth.c | 12 | ||||
| -rw-r--r-- | net/ieee80211/ieee80211_rx.c | 16 | ||||
| -rw-r--r-- | net/ipv4/esp4.c | 185 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_LOG.c | 7 | ||||
| -rw-r--r-- | net/ipv4/route.c | 2 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_policy.c | 5 | ||||
| -rw-r--r-- | net/ipv6/ip6_output.c | 15 | ||||
| -rw-r--r-- | net/ipv6/ip6_tunnel.c | 1 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_LOG.c | 7 | ||||
| -rw-r--r-- | net/key/af_key.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_queue.c | 42 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 14 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 8 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 2 |
17 files changed, 145 insertions, 182 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 6bb0c7eb1ef0..e060aad8624d 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -90,6 +90,7 @@ static struct rtable __fake_rtable = { | |||
| 90 | .dev = &__fake_net_device, | 90 | .dev = &__fake_net_device, |
| 91 | .path = &__fake_rtable.u.dst, | 91 | .path = &__fake_rtable.u.dst, |
| 92 | .metrics = {[RTAX_MTU - 1] = 1500}, | 92 | .metrics = {[RTAX_MTU - 1] = 1500}, |
| 93 | .flags = DST_NOXFRM, | ||
| 93 | } | 94 | } |
| 94 | }, | 95 | }, |
| 95 | .rt_flags = 0, | 96 | .rt_flags = 0, |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index 0128fbbe2328..288ff1d4ccc4 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
| @@ -166,7 +166,12 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr, | |||
| 166 | li.u.log.level = info->loglevel; | 166 | li.u.log.level = info->loglevel; |
| 167 | li.u.log.logflags = info->bitmask; | 167 | li.u.log.logflags = info->bitmask; |
| 168 | 168 | ||
| 169 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix); | 169 | if (info->bitmask & EBT_LOG_NFLOG) |
| 170 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, | ||
| 171 | info->prefix); | ||
| 172 | else | ||
| 173 | ebt_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, | ||
| 174 | info->prefix); | ||
| 170 | } | 175 | } |
| 171 | 176 | ||
| 172 | static struct ebt_watcher log = | 177 | static struct ebt_watcher log = |
diff --git a/net/core/request_sock.c b/net/core/request_sock.c index b8203de5ff07..98f0fc923f91 100644 --- a/net/core/request_sock.c +++ b/net/core/request_sock.c | |||
| @@ -52,7 +52,6 @@ int reqsk_queue_alloc(struct request_sock_queue *queue, | |||
| 52 | get_random_bytes(&lopt->hash_rnd, sizeof(lopt->hash_rnd)); | 52 | get_random_bytes(&lopt->hash_rnd, sizeof(lopt->hash_rnd)); |
| 53 | rwlock_init(&queue->syn_wait_lock); | 53 | rwlock_init(&queue->syn_wait_lock); |
| 54 | queue->rskq_accept_head = queue->rskq_accept_head = NULL; | 54 | queue->rskq_accept_head = queue->rskq_accept_head = NULL; |
| 55 | queue->rskq_defer_accept = 0; | ||
| 56 | lopt->nr_table_entries = nr_table_entries; | 55 | lopt->nr_table_entries = nr_table_entries; |
| 57 | 56 | ||
| 58 | write_lock_bh(&queue->syn_wait_lock); | 57 | write_lock_bh(&queue->syn_wait_lock); |
diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c index 9890fd97e538..c971f14712ec 100644 --- a/net/ethernet/eth.c +++ b/net/ethernet/eth.c | |||
| @@ -95,6 +95,12 @@ int eth_header(struct sk_buff *skb, struct net_device *dev, unsigned short type, | |||
| 95 | saddr = dev->dev_addr; | 95 | saddr = dev->dev_addr; |
| 96 | memcpy(eth->h_source,saddr,dev->addr_len); | 96 | memcpy(eth->h_source,saddr,dev->addr_len); |
| 97 | 97 | ||
| 98 | if(daddr) | ||
| 99 | { | ||
| 100 | memcpy(eth->h_dest,daddr,dev->addr_len); | ||
| 101 | return ETH_HLEN; | ||
| 102 | } | ||
| 103 | |||
| 98 | /* | 104 | /* |
| 99 | * Anyway, the loopback-device should never use this function... | 105 | * Anyway, the loopback-device should never use this function... |
| 100 | */ | 106 | */ |
| @@ -105,12 +111,6 @@ int eth_header(struct sk_buff *skb, struct net_device *dev, unsigned short type, | |||
| 105 | return ETH_HLEN; | 111 | return ETH_HLEN; |
| 106 | } | 112 | } |
| 107 | 113 | ||
| 108 | if(daddr) | ||
| 109 | { | ||
| 110 | memcpy(eth->h_dest,daddr,dev->addr_len); | ||
| 111 | return ETH_HLEN; | ||
| 112 | } | ||
| 113 | |||
| 114 | return -ETH_HLEN; | 114 | return -ETH_HLEN; |
| 115 | } | 115 | } |
| 116 | 116 | ||
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c index 960aa78cdb97..b410ab8bcf7a 100644 --- a/net/ieee80211/ieee80211_rx.c +++ b/net/ieee80211/ieee80211_rx.c | |||
| @@ -1301,7 +1301,7 @@ static void update_network(struct ieee80211_network *dst, | |||
| 1301 | /* dst->last_associate is not overwritten */ | 1301 | /* dst->last_associate is not overwritten */ |
| 1302 | } | 1302 | } |
| 1303 | 1303 | ||
| 1304 | static inline int is_beacon(int fc) | 1304 | static inline int is_beacon(__le16 fc) |
| 1305 | { | 1305 | { |
| 1306 | return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON); | 1306 | return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON); |
| 1307 | } | 1307 | } |
| @@ -1348,9 +1348,7 @@ static void ieee80211_process_probe_response(struct ieee80211_device | |||
| 1348 | escape_essid(info_element->data, | 1348 | escape_essid(info_element->data, |
| 1349 | info_element->len), | 1349 | info_element->len), |
| 1350 | MAC_ARG(beacon->header.addr3), | 1350 | MAC_ARG(beacon->header.addr3), |
| 1351 | is_beacon(le16_to_cpu | 1351 | is_beacon(beacon->header.frame_ctl) ? |
| 1352 | (beacon->header. | ||
| 1353 | frame_ctl)) ? | ||
| 1354 | "BEACON" : "PROBE RESPONSE"); | 1352 | "BEACON" : "PROBE RESPONSE"); |
| 1355 | return; | 1353 | return; |
| 1356 | } | 1354 | } |
| @@ -1400,9 +1398,7 @@ static void ieee80211_process_probe_response(struct ieee80211_device | |||
| 1400 | escape_essid(network.ssid, | 1398 | escape_essid(network.ssid, |
| 1401 | network.ssid_len), | 1399 | network.ssid_len), |
| 1402 | MAC_ARG(network.bssid), | 1400 | MAC_ARG(network.bssid), |
| 1403 | is_beacon(le16_to_cpu | 1401 | is_beacon(beacon->header.frame_ctl) ? |
| 1404 | (beacon->header. | ||
| 1405 | frame_ctl)) ? | ||
| 1406 | "BEACON" : "PROBE RESPONSE"); | 1402 | "BEACON" : "PROBE RESPONSE"); |
| 1407 | #endif | 1403 | #endif |
| 1408 | memcpy(target, &network, sizeof(*target)); | 1404 | memcpy(target, &network, sizeof(*target)); |
| @@ -1412,16 +1408,14 @@ static void ieee80211_process_probe_response(struct ieee80211_device | |||
| 1412 | escape_essid(target->ssid, | 1408 | escape_essid(target->ssid, |
| 1413 | target->ssid_len), | 1409 | target->ssid_len), |
| 1414 | MAC_ARG(target->bssid), | 1410 | MAC_ARG(target->bssid), |
| 1415 | is_beacon(le16_to_cpu | 1411 | is_beacon(beacon->header.frame_ctl) ? |
| 1416 | (beacon->header. | ||
| 1417 | frame_ctl)) ? | ||
| 1418 | "BEACON" : "PROBE RESPONSE"); | 1412 | "BEACON" : "PROBE RESPONSE"); |
| 1419 | update_network(target, &network); | 1413 | update_network(target, &network); |
| 1420 | } | 1414 | } |
| 1421 | 1415 | ||
| 1422 | spin_unlock_irqrestore(&ieee->lock, flags); | 1416 | spin_unlock_irqrestore(&ieee->lock, flags); |
| 1423 | 1417 | ||
| 1424 | if (is_beacon(le16_to_cpu(beacon->header.frame_ctl))) { | 1418 | if (is_beacon(beacon->header.frame_ctl)) { |
| 1425 | if (ieee->handle_beacon != NULL) | 1419 | if (ieee->handle_beacon != NULL) |
| 1426 | ieee->handle_beacon(dev, beacon, &network); | 1420 | ieee->handle_beacon(dev, beacon, &network); |
| 1427 | } else { | 1421 | } else { |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 73bfcae8af9c..09590f356086 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
| @@ -12,13 +12,6 @@ | |||
| 12 | #include <net/protocol.h> | 12 | #include <net/protocol.h> |
| 13 | #include <net/udp.h> | 13 | #include <net/udp.h> |
| 14 | 14 | ||
| 15 | /* decapsulation data for use when post-processing */ | ||
| 16 | struct esp_decap_data { | ||
| 17 | xfrm_address_t saddr; | ||
| 18 | __u16 sport; | ||
| 19 | __u8 proto; | ||
| 20 | }; | ||
| 21 | |||
| 22 | static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | 15 | static int esp_output(struct xfrm_state *x, struct sk_buff *skb) |
| 23 | { | 16 | { |
| 24 | int err; | 17 | int err; |
| @@ -150,6 +143,10 @@ static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc | |||
| 150 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; | 143 | int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; |
| 151 | int nfrags; | 144 | int nfrags; |
| 152 | int encap_len = 0; | 145 | int encap_len = 0; |
| 146 | u8 nexthdr[2]; | ||
| 147 | struct scatterlist *sg; | ||
| 148 | u8 workbuf[60]; | ||
| 149 | int padlen; | ||
| 153 | 150 | ||
| 154 | if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) | 151 | if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) |
| 155 | goto out; | 152 | goto out; |
| @@ -185,122 +182,82 @@ static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc | |||
| 185 | if (esp->conf.ivlen) | 182 | if (esp->conf.ivlen) |
| 186 | crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); | 183 | crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); |
| 187 | 184 | ||
| 188 | { | 185 | sg = &esp->sgbuf[0]; |
| 189 | u8 nexthdr[2]; | ||
| 190 | struct scatterlist *sg = &esp->sgbuf[0]; | ||
| 191 | u8 workbuf[60]; | ||
| 192 | int padlen; | ||
| 193 | |||
| 194 | if (unlikely(nfrags > ESP_NUM_FAST_SG)) { | ||
| 195 | sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC); | ||
| 196 | if (!sg) | ||
| 197 | goto out; | ||
| 198 | } | ||
| 199 | skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); | ||
| 200 | crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); | ||
| 201 | if (unlikely(sg != &esp->sgbuf[0])) | ||
| 202 | kfree(sg); | ||
| 203 | |||
| 204 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) | ||
| 205 | BUG(); | ||
| 206 | 186 | ||
| 207 | padlen = nexthdr[0]; | 187 | if (unlikely(nfrags > ESP_NUM_FAST_SG)) { |
| 208 | if (padlen+2 >= elen) | 188 | sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC); |
| 189 | if (!sg) | ||
| 209 | goto out; | 190 | goto out; |
| 210 | |||
| 211 | /* ... check padding bits here. Silly. :-) */ | ||
| 212 | |||
| 213 | if (x->encap && decap && decap->decap_type) { | ||
| 214 | struct esp_decap_data *encap_data; | ||
| 215 | struct udphdr *uh = (struct udphdr *) (iph+1); | ||
| 216 | |||
| 217 | encap_data = (struct esp_decap_data *) (decap->decap_data); | ||
| 218 | encap_data->proto = 0; | ||
| 219 | |||
| 220 | switch (decap->decap_type) { | ||
| 221 | case UDP_ENCAP_ESPINUDP: | ||
| 222 | case UDP_ENCAP_ESPINUDP_NON_IKE: | ||
| 223 | encap_data->proto = AF_INET; | ||
| 224 | encap_data->saddr.a4 = iph->saddr; | ||
| 225 | encap_data->sport = uh->source; | ||
| 226 | encap_len = (void*)esph - (void*)uh; | ||
| 227 | break; | ||
| 228 | |||
| 229 | default: | ||
| 230 | goto out; | ||
| 231 | } | ||
| 232 | } | ||
| 233 | |||
| 234 | iph->protocol = nexthdr[1]; | ||
| 235 | pskb_trim(skb, skb->len - alen - padlen - 2); | ||
| 236 | memcpy(workbuf, skb->nh.raw, iph->ihl*4); | ||
| 237 | skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen); | ||
| 238 | skb->nh.raw += encap_len + sizeof(struct ip_esp_hdr) + esp->conf.ivlen; | ||
| 239 | memcpy(skb->nh.raw, workbuf, iph->ihl*4); | ||
| 240 | skb->nh.iph->tot_len = htons(skb->len); | ||
| 241 | } | 191 | } |
| 192 | skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen); | ||
| 193 | crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen); | ||
| 194 | if (unlikely(sg != &esp->sgbuf[0])) | ||
| 195 | kfree(sg); | ||
| 242 | 196 | ||
| 243 | return 0; | 197 | if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) |
| 198 | BUG(); | ||
| 244 | 199 | ||
| 245 | out: | 200 | padlen = nexthdr[0]; |
| 246 | return -EINVAL; | 201 | if (padlen+2 >= elen) |
| 247 | } | 202 | goto out; |
| 248 | 203 | ||
| 249 | static int esp_post_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb) | 204 | /* ... check padding bits here. Silly. :-) */ |
| 250 | { | ||
| 251 | |||
| 252 | if (x->encap) { | ||
| 253 | struct xfrm_encap_tmpl *encap; | ||
| 254 | struct esp_decap_data *decap_data; | ||
| 255 | 205 | ||
| 256 | encap = x->encap; | 206 | if (x->encap) { |
| 257 | decap_data = (struct esp_decap_data *)(decap->decap_data); | 207 | struct xfrm_encap_tmpl *encap = x->encap; |
| 208 | struct udphdr *uh; | ||
| 258 | 209 | ||
| 259 | /* first, make sure that the decap type == the encap type */ | ||
| 260 | if (encap->encap_type != decap->decap_type) | 210 | if (encap->encap_type != decap->decap_type) |
| 261 | return -EINVAL; | 211 | goto out; |
| 262 | 212 | ||
| 263 | switch (encap->encap_type) { | 213 | uh = (struct udphdr *)(iph + 1); |
| 264 | default: | 214 | encap_len = (void*)esph - (void*)uh; |
| 265 | case UDP_ENCAP_ESPINUDP: | 215 | |
| 266 | case UDP_ENCAP_ESPINUDP_NON_IKE: | 216 | /* |
| 267 | /* | 217 | * 1) if the NAT-T peer's IP or port changed then |
| 268 | * 1) if the NAT-T peer's IP or port changed then | 218 | * advertize the change to the keying daemon. |
| 269 | * advertize the change to the keying daemon. | 219 | * This is an inbound SA, so just compare |
| 270 | * This is an inbound SA, so just compare | 220 | * SRC ports. |
| 271 | * SRC ports. | 221 | */ |
| 272 | */ | 222 | if (iph->saddr != x->props.saddr.a4 || |
| 273 | if (decap_data->proto == AF_INET && | 223 | uh->source != encap->encap_sport) { |
| 274 | (decap_data->saddr.a4 != x->props.saddr.a4 || | 224 | xfrm_address_t ipaddr; |
| 275 | decap_data->sport != encap->encap_sport)) { | 225 | |
| 276 | xfrm_address_t ipaddr; | 226 | ipaddr.a4 = iph->saddr; |
| 277 | 227 | km_new_mapping(x, &ipaddr, uh->source); | |
| 278 | ipaddr.a4 = decap_data->saddr.a4; | 228 | |
| 279 | km_new_mapping(x, &ipaddr, decap_data->sport); | 229 | /* XXX: perhaps add an extra |
| 280 | 230 | * policy check here, to see | |
| 281 | /* XXX: perhaps add an extra | 231 | * if we should allow or |
| 282 | * policy check here, to see | 232 | * reject a packet from a |
| 283 | * if we should allow or | 233 | * different source |
| 284 | * reject a packet from a | 234 | * address/port. |
| 285 | * different source | ||
| 286 | * address/port. | ||
| 287 | */ | ||
| 288 | } | ||
| 289 | |||
| 290 | /* | ||
| 291 | * 2) ignore UDP/TCP checksums in case | ||
| 292 | * of NAT-T in Transport Mode, or | ||
| 293 | * perform other post-processing fixes | ||
| 294 | * as per * draft-ietf-ipsec-udp-encaps-06, | ||
| 295 | * section 3.1.2 | ||
| 296 | */ | 235 | */ |
| 297 | if (!x->props.mode) | ||
| 298 | skb->ip_summed = CHECKSUM_UNNECESSARY; | ||
| 299 | |||
| 300 | break; | ||
| 301 | } | 236 | } |
| 237 | |||
| 238 | /* | ||
| 239 | * 2) ignore UDP/TCP checksums in case | ||
| 240 | * of NAT-T in Transport Mode, or | ||
| 241 | * perform other post-processing fixes | ||
| 242 | * as per draft-ietf-ipsec-udp-encaps-06, | ||
| 243 | * section 3.1.2 | ||
| 244 | */ | ||
| 245 | if (!x->props.mode) | ||
| 246 | skb->ip_summed = CHECKSUM_UNNECESSARY; | ||
| 302 | } | 247 | } |
| 248 | |||
| 249 | iph->protocol = nexthdr[1]; | ||
| 250 | pskb_trim(skb, skb->len - alen - padlen - 2); | ||
| 251 | memcpy(workbuf, skb->nh.raw, iph->ihl*4); | ||
| 252 | skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen); | ||
| 253 | skb->nh.raw += encap_len + sizeof(struct ip_esp_hdr) + esp->conf.ivlen; | ||
| 254 | memcpy(skb->nh.raw, workbuf, iph->ihl*4); | ||
| 255 | skb->nh.iph->tot_len = htons(skb->len); | ||
| 256 | |||
| 303 | return 0; | 257 | return 0; |
| 258 | |||
| 259 | out: | ||
| 260 | return -EINVAL; | ||
| 304 | } | 261 | } |
| 305 | 262 | ||
| 306 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) | 263 | static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) |
| @@ -458,7 +415,6 @@ static struct xfrm_type esp_type = | |||
| 458 | .destructor = esp_destroy, | 415 | .destructor = esp_destroy, |
| 459 | .get_max_size = esp4_get_max_size, | 416 | .get_max_size = esp4_get_max_size, |
| 460 | .input = esp_input, | 417 | .input = esp_input, |
| 461 | .post_input = esp_post_input, | ||
| 462 | .output = esp_output | 418 | .output = esp_output |
| 463 | }; | 419 | }; |
| 464 | 420 | ||
| @@ -470,15 +426,6 @@ static struct net_protocol esp4_protocol = { | |||
| 470 | 426 | ||
| 471 | static int __init esp4_init(void) | 427 | static int __init esp4_init(void) |
| 472 | { | 428 | { |
| 473 | struct xfrm_decap_state decap; | ||
| 474 | |||
| 475 | if (sizeof(struct esp_decap_data) > | ||
| 476 | sizeof(decap.decap_data)) { | ||
| 477 | extern void decap_data_too_small(void); | ||
| 478 | |||
| 479 | decap_data_too_small(); | ||
| 480 | } | ||
| 481 | |||
| 482 | if (xfrm_register_type(&esp_type, AF_INET) < 0) { | 429 | if (xfrm_register_type(&esp_type, AF_INET) < 0) { |
| 483 | printk(KERN_INFO "ip esp init: can't add xfrm type\n"); | 430 | printk(KERN_INFO "ip esp init: can't add xfrm type\n"); |
| 484 | return -EAGAIN; | 431 | return -EAGAIN; |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 6606ddb66a29..cc27545ff97f 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
| @@ -425,7 +425,12 @@ ipt_log_target(struct sk_buff **pskb, | |||
| 425 | li.u.log.level = loginfo->level; | 425 | li.u.log.level = loginfo->level; |
| 426 | li.u.log.logflags = loginfo->logflags; | 426 | li.u.log.logflags = loginfo->logflags; |
| 427 | 427 | ||
| 428 | nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, loginfo->prefix); | 428 | if (loginfo->logflags & IPT_LOG_NFLOG) |
| 429 | nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, | ||
| 430 | loginfo->prefix); | ||
| 431 | else | ||
| 432 | ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, | ||
| 433 | loginfo->prefix); | ||
| 429 | 434 | ||
| 430 | return IPT_CONTINUE; | 435 | return IPT_CONTINUE; |
| 431 | } | 436 | } |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index d82c242ea704..fca5fe0cf94a 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -835,7 +835,7 @@ static int rt_garbage_collect(void) | |||
| 835 | int r; | 835 | int r; |
| 836 | 836 | ||
| 837 | rthp = rt_remove_balanced_route( | 837 | rthp = rt_remove_balanced_route( |
| 838 | &rt_hash_table[i].chain, | 838 | &rt_hash_table[k].chain, |
| 839 | rth, | 839 | rth, |
| 840 | &r); | 840 | &r); |
| 841 | goal -= r; | 841 | goal -= r; |
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 45f7ae58f2c0..f285bbf296e2 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
| @@ -35,6 +35,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy) | |||
| 35 | if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/ | 35 | if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/ |
| 36 | xdst->u.rt.fl.fl4_dst == fl->fl4_dst && | 36 | xdst->u.rt.fl.fl4_dst == fl->fl4_dst && |
| 37 | xdst->u.rt.fl.fl4_src == fl->fl4_src && | 37 | xdst->u.rt.fl.fl4_src == fl->fl4_src && |
| 38 | xdst->u.rt.fl.fl4_tos == fl->fl4_tos && | ||
| 38 | xfrm_bundle_ok(xdst, fl, AF_INET)) { | 39 | xfrm_bundle_ok(xdst, fl, AF_INET)) { |
| 39 | dst_clone(dst); | 40 | dst_clone(dst); |
| 40 | break; | 41 | break; |
| @@ -61,7 +62,8 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int | |||
| 61 | .nl_u = { | 62 | .nl_u = { |
| 62 | .ip4_u = { | 63 | .ip4_u = { |
| 63 | .saddr = local, | 64 | .saddr = local, |
| 64 | .daddr = remote | 65 | .daddr = remote, |
| 66 | .tos = fl->fl4_tos | ||
| 65 | } | 67 | } |
| 66 | } | 68 | } |
| 67 | }; | 69 | }; |
| @@ -230,6 +232,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl) | |||
| 230 | fl->proto = iph->protocol; | 232 | fl->proto = iph->protocol; |
| 231 | fl->fl4_dst = iph->daddr; | 233 | fl->fl4_dst = iph->daddr; |
| 232 | fl->fl4_src = iph->saddr; | 234 | fl->fl4_src = iph->saddr; |
| 235 | fl->fl4_tos = iph->tos; | ||
| 233 | } | 236 | } |
| 234 | 237 | ||
| 235 | static inline int xfrm4_garbage_collect(void) | 238 | static inline int xfrm4_garbage_collect(void) |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index efa3e72cfcfa..f999edd846a9 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -494,6 +494,7 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) | |||
| 494 | struct net_device *dev; | 494 | struct net_device *dev; |
| 495 | struct sk_buff *frag; | 495 | struct sk_buff *frag; |
| 496 | struct rt6_info *rt = (struct rt6_info*)skb->dst; | 496 | struct rt6_info *rt = (struct rt6_info*)skb->dst; |
| 497 | struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; | ||
| 497 | struct ipv6hdr *tmp_hdr; | 498 | struct ipv6hdr *tmp_hdr; |
| 498 | struct frag_hdr *fh; | 499 | struct frag_hdr *fh; |
| 499 | unsigned int mtu, hlen, left, len; | 500 | unsigned int mtu, hlen, left, len; |
| @@ -505,7 +506,12 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) | |||
| 505 | hlen = ip6_find_1stfragopt(skb, &prevhdr); | 506 | hlen = ip6_find_1stfragopt(skb, &prevhdr); |
| 506 | nexthdr = *prevhdr; | 507 | nexthdr = *prevhdr; |
| 507 | 508 | ||
| 508 | mtu = dst_mtu(&rt->u.dst) - hlen - sizeof(struct frag_hdr); | 509 | mtu = dst_mtu(&rt->u.dst); |
| 510 | if (np && np->frag_size < mtu) { | ||
| 511 | if (np->frag_size) | ||
| 512 | mtu = np->frag_size; | ||
| 513 | } | ||
| 514 | mtu -= hlen + sizeof(struct frag_hdr); | ||
| 509 | 515 | ||
| 510 | if (skb_shinfo(skb)->frag_list) { | 516 | if (skb_shinfo(skb)->frag_list) { |
| 511 | int first_len = skb_pagelen(skb); | 517 | int first_len = skb_pagelen(skb); |
| @@ -882,7 +888,12 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, | |||
| 882 | inet->cork.fl = *fl; | 888 | inet->cork.fl = *fl; |
| 883 | np->cork.hop_limit = hlimit; | 889 | np->cork.hop_limit = hlimit; |
| 884 | np->cork.tclass = tclass; | 890 | np->cork.tclass = tclass; |
| 885 | inet->cork.fragsize = mtu = dst_mtu(rt->u.dst.path); | 891 | mtu = dst_mtu(rt->u.dst.path); |
| 892 | if (np && np->frag_size < mtu) { | ||
| 893 | if (np->frag_size) | ||
| 894 | mtu = np->frag_size; | ||
| 895 | } | ||
| 896 | inet->cork.fragsize = mtu; | ||
| 886 | if (dst_allfrag(rt->u.dst.path)) | 897 | if (dst_allfrag(rt->u.dst.path)) |
| 887 | inet->cork.flags |= IPCORK_ALLFRAG; | 898 | inet->cork.flags |= IPCORK_ALLFRAG; |
| 888 | inet->cork.length = 0; | 899 | inet->cork.length = 0; |
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index faea8a120ee2..48597538db3f 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c | |||
| @@ -884,6 +884,7 @@ ip6ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p) | |||
| 884 | t->parms.encap_limit = p->encap_limit; | 884 | t->parms.encap_limit = p->encap_limit; |
| 885 | t->parms.flowinfo = p->flowinfo; | 885 | t->parms.flowinfo = p->flowinfo; |
| 886 | t->parms.link = p->link; | 886 | t->parms.link = p->link; |
| 887 | ip6_tnl_dst_reset(t); | ||
| 887 | ip6ip6_tnl_link_config(t); | 888 | ip6ip6_tnl_link_config(t); |
| 888 | return 0; | 889 | return 0; |
| 889 | } | 890 | } |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 77c725832dec..6b930efa9fb9 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
| @@ -436,7 +436,12 @@ ip6t_log_target(struct sk_buff **pskb, | |||
| 436 | li.u.log.level = loginfo->level; | 436 | li.u.log.level = loginfo->level; |
| 437 | li.u.log.logflags = loginfo->logflags; | 437 | li.u.log.logflags = loginfo->logflags; |
| 438 | 438 | ||
| 439 | nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, loginfo->prefix); | 439 | if (loginfo->logflags & IP6T_LOG_NFLOG) |
| 440 | nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, | ||
| 441 | loginfo->prefix); | ||
| 442 | else | ||
| 443 | ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, | ||
| 444 | loginfo->prefix); | ||
| 440 | 445 | ||
| 441 | return IP6T_CONTINUE; | 446 | return IP6T_CONTINUE; |
| 442 | } | 447 | } |
diff --git a/net/key/af_key.c b/net/key/af_key.c index ae86d237a456..b2d4d1dd2116 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -1423,7 +1423,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, | |||
| 1423 | 1423 | ||
| 1424 | if (err < 0) { | 1424 | if (err < 0) { |
| 1425 | x->km.state = XFRM_STATE_DEAD; | 1425 | x->km.state = XFRM_STATE_DEAD; |
| 1426 | xfrm_state_put(x); | 1426 | __xfrm_state_put(x); |
| 1427 | goto out; | 1427 | goto out; |
| 1428 | } | 1428 | } |
| 1429 | 1429 | ||
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index d3a4f30a7f22..d9f0d7ef103b 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
| @@ -6,6 +6,7 @@ | |||
| 6 | #include <linux/skbuff.h> | 6 | #include <linux/skbuff.h> |
| 7 | #include <linux/netfilter.h> | 7 | #include <linux/netfilter.h> |
| 8 | #include <linux/seq_file.h> | 8 | #include <linux/seq_file.h> |
| 9 | #include <linux/rcupdate.h> | ||
| 9 | #include <net/protocol.h> | 10 | #include <net/protocol.h> |
| 10 | 11 | ||
| 11 | #include "nf_internals.h" | 12 | #include "nf_internals.h" |
| @@ -16,7 +17,7 @@ | |||
| 16 | * for queueing and must reinject all packets it receives, no matter what. | 17 | * for queueing and must reinject all packets it receives, no matter what. |
| 17 | */ | 18 | */ |
| 18 | static struct nf_queue_handler *queue_handler[NPROTO]; | 19 | static struct nf_queue_handler *queue_handler[NPROTO]; |
| 19 | static struct nf_queue_rerouter *queue_rerouter; | 20 | static struct nf_queue_rerouter *queue_rerouter[NPROTO]; |
| 20 | 21 | ||
| 21 | static DEFINE_RWLOCK(queue_handler_lock); | 22 | static DEFINE_RWLOCK(queue_handler_lock); |
| 22 | 23 | ||
| @@ -64,7 +65,7 @@ int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer) | |||
| 64 | return -EINVAL; | 65 | return -EINVAL; |
| 65 | 66 | ||
| 66 | write_lock_bh(&queue_handler_lock); | 67 | write_lock_bh(&queue_handler_lock); |
| 67 | memcpy(&queue_rerouter[pf], rer, sizeof(queue_rerouter[pf])); | 68 | rcu_assign_pointer(queue_rerouter[pf], rer); |
| 68 | write_unlock_bh(&queue_handler_lock); | 69 | write_unlock_bh(&queue_handler_lock); |
| 69 | 70 | ||
| 70 | return 0; | 71 | return 0; |
| @@ -77,8 +78,9 @@ int nf_unregister_queue_rerouter(int pf) | |||
| 77 | return -EINVAL; | 78 | return -EINVAL; |
| 78 | 79 | ||
| 79 | write_lock_bh(&queue_handler_lock); | 80 | write_lock_bh(&queue_handler_lock); |
| 80 | memset(&queue_rerouter[pf], 0, sizeof(queue_rerouter[pf])); | 81 | rcu_assign_pointer(queue_rerouter[pf], NULL); |
| 81 | write_unlock_bh(&queue_handler_lock); | 82 | write_unlock_bh(&queue_handler_lock); |
| 83 | synchronize_rcu(); | ||
| 82 | return 0; | 84 | return 0; |
| 83 | } | 85 | } |
| 84 | EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter); | 86 | EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter); |
| @@ -114,16 +116,17 @@ int nf_queue(struct sk_buff **skb, | |||
| 114 | struct net_device *physindev = NULL; | 116 | struct net_device *physindev = NULL; |
| 115 | struct net_device *physoutdev = NULL; | 117 | struct net_device *physoutdev = NULL; |
| 116 | #endif | 118 | #endif |
| 119 | struct nf_queue_rerouter *rerouter; | ||
| 117 | 120 | ||
| 118 | /* QUEUE == DROP if noone is waiting, to be safe. */ | 121 | /* QUEUE == DROP if noone is waiting, to be safe. */ |
| 119 | read_lock(&queue_handler_lock); | 122 | read_lock(&queue_handler_lock); |
| 120 | if (!queue_handler[pf] || !queue_handler[pf]->outfn) { | 123 | if (!queue_handler[pf]) { |
| 121 | read_unlock(&queue_handler_lock); | 124 | read_unlock(&queue_handler_lock); |
| 122 | kfree_skb(*skb); | 125 | kfree_skb(*skb); |
| 123 | return 1; | 126 | return 1; |
| 124 | } | 127 | } |
| 125 | 128 | ||
| 126 | info = kmalloc(sizeof(*info)+queue_rerouter[pf].rer_size, GFP_ATOMIC); | 129 | info = kmalloc(sizeof(*info)+queue_rerouter[pf]->rer_size, GFP_ATOMIC); |
| 127 | if (!info) { | 130 | if (!info) { |
| 128 | if (net_ratelimit()) | 131 | if (net_ratelimit()) |
| 129 | printk(KERN_ERR "OOM queueing packet %p\n", | 132 | printk(KERN_ERR "OOM queueing packet %p\n", |
| @@ -155,15 +158,13 @@ int nf_queue(struct sk_buff **skb, | |||
| 155 | if (physoutdev) dev_hold(physoutdev); | 158 | if (physoutdev) dev_hold(physoutdev); |
| 156 | } | 159 | } |
| 157 | #endif | 160 | #endif |
| 158 | if (queue_rerouter[pf].save) | 161 | rerouter = rcu_dereference(queue_rerouter[pf]); |
| 159 | queue_rerouter[pf].save(*skb, info); | 162 | if (rerouter) |
| 163 | rerouter->save(*skb, info); | ||
| 160 | 164 | ||
| 161 | status = queue_handler[pf]->outfn(*skb, info, queuenum, | 165 | status = queue_handler[pf]->outfn(*skb, info, queuenum, |
| 162 | queue_handler[pf]->data); | 166 | queue_handler[pf]->data); |
| 163 | 167 | ||
| 164 | if (status >= 0 && queue_rerouter[pf].reroute) | ||
| 165 | status = queue_rerouter[pf].reroute(skb, info); | ||
| 166 | |||
| 167 | read_unlock(&queue_handler_lock); | 168 | read_unlock(&queue_handler_lock); |
| 168 | 169 | ||
| 169 | if (status < 0) { | 170 | if (status < 0) { |
| @@ -189,6 +190,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
| 189 | { | 190 | { |
| 190 | struct list_head *elem = &info->elem->list; | 191 | struct list_head *elem = &info->elem->list; |
| 191 | struct list_head *i; | 192 | struct list_head *i; |
| 193 | struct nf_queue_rerouter *rerouter; | ||
| 192 | 194 | ||
| 193 | rcu_read_lock(); | 195 | rcu_read_lock(); |
| 194 | 196 | ||
| @@ -212,7 +214,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
| 212 | break; | 214 | break; |
| 213 | } | 215 | } |
| 214 | 216 | ||
| 215 | if (elem == &nf_hooks[info->pf][info->hook]) { | 217 | if (i == &nf_hooks[info->pf][info->hook]) { |
| 216 | /* The module which sent it to userspace is gone. */ | 218 | /* The module which sent it to userspace is gone. */ |
| 217 | NFDEBUG("%s: module disappeared, dropping packet.\n", | 219 | NFDEBUG("%s: module disappeared, dropping packet.\n", |
| 218 | __FUNCTION__); | 220 | __FUNCTION__); |
| @@ -226,6 +228,12 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
| 226 | } | 228 | } |
| 227 | 229 | ||
| 228 | if (verdict == NF_ACCEPT) { | 230 | if (verdict == NF_ACCEPT) { |
| 231 | rerouter = rcu_dereference(queue_rerouter[info->pf]); | ||
| 232 | if (rerouter && rerouter->reroute(&skb, info) < 0) | ||
| 233 | verdict = NF_DROP; | ||
| 234 | } | ||
| 235 | |||
| 236 | if (verdict == NF_ACCEPT) { | ||
| 229 | next_hook: | 237 | next_hook: |
| 230 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], | 238 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], |
| 231 | &skb, info->hook, | 239 | &skb, info->hook, |
| @@ -322,22 +330,12 @@ int __init netfilter_queue_init(void) | |||
| 322 | { | 330 | { |
| 323 | #ifdef CONFIG_PROC_FS | 331 | #ifdef CONFIG_PROC_FS |
| 324 | struct proc_dir_entry *pde; | 332 | struct proc_dir_entry *pde; |
| 325 | #endif | ||
| 326 | queue_rerouter = kmalloc(NPROTO * sizeof(struct nf_queue_rerouter), | ||
| 327 | GFP_KERNEL); | ||
| 328 | if (!queue_rerouter) | ||
| 329 | return -ENOMEM; | ||
| 330 | 333 | ||
| 331 | #ifdef CONFIG_PROC_FS | ||
| 332 | pde = create_proc_entry("nf_queue", S_IRUGO, proc_net_netfilter); | 334 | pde = create_proc_entry("nf_queue", S_IRUGO, proc_net_netfilter); |
| 333 | if (!pde) { | 335 | if (!pde) |
| 334 | kfree(queue_rerouter); | ||
| 335 | return -1; | 336 | return -1; |
| 336 | } | ||
| 337 | pde->proc_fops = &nfqueue_file_ops; | 337 | pde->proc_fops = &nfqueue_file_ops; |
| 338 | #endif | 338 | #endif |
| 339 | memset(queue_rerouter, 0, NPROTO * sizeof(struct nf_queue_rerouter)); | ||
| 340 | |||
| 341 | return 0; | 339 | return 0; |
| 342 | } | 340 | } |
| 343 | 341 | ||
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 5e6b05ac1260..ae62054a9fc4 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -782,7 +782,7 @@ int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | |||
| 782 | int nx = 0; | 782 | int nx = 0; |
| 783 | int err; | 783 | int err; |
| 784 | u32 genid; | 784 | u32 genid; |
| 785 | u16 family = dst_orig->ops->family; | 785 | u16 family; |
| 786 | u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT); | 786 | u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT); |
| 787 | u32 sk_sid = security_sk_sid(sk, fl, dir); | 787 | u32 sk_sid = security_sk_sid(sk, fl, dir); |
| 788 | restart: | 788 | restart: |
| @@ -796,13 +796,14 @@ restart: | |||
| 796 | if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT]) | 796 | if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT]) |
| 797 | return 0; | 797 | return 0; |
| 798 | 798 | ||
| 799 | policy = flow_cache_lookup(fl, sk_sid, family, dir, | 799 | policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family, |
| 800 | xfrm_policy_lookup); | 800 | dir, xfrm_policy_lookup); |
| 801 | } | 801 | } |
| 802 | 802 | ||
| 803 | if (!policy) | 803 | if (!policy) |
| 804 | return 0; | 804 | return 0; |
| 805 | 805 | ||
| 806 | family = dst_orig->ops->family; | ||
| 806 | policy->curlft.use_time = (unsigned long)xtime.tv_sec; | 807 | policy->curlft.use_time = (unsigned long)xtime.tv_sec; |
| 807 | 808 | ||
| 808 | switch (policy->action) { | 809 | switch (policy->action) { |
| @@ -995,13 +996,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
| 995 | struct sec_decap_state *xvec = &(skb->sp->x[i]); | 996 | struct sec_decap_state *xvec = &(skb->sp->x[i]); |
| 996 | if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family)) | 997 | if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family)) |
| 997 | return 0; | 998 | return 0; |
| 998 | |||
| 999 | /* If there is a post_input processor, try running it */ | ||
| 1000 | if (xvec->xvec->type->post_input && | ||
| 1001 | (xvec->xvec->type->post_input)(xvec->xvec, | ||
| 1002 | &(xvec->decap), | ||
| 1003 | skb) != 0) | ||
| 1004 | return 0; | ||
| 1005 | } | 999 | } |
| 1006 | } | 1000 | } |
| 1007 | 1001 | ||
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index e12d0be5f976..c656cbaf35e8 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -220,14 +220,14 @@ static int __xfrm_state_delete(struct xfrm_state *x) | |||
| 220 | x->km.state = XFRM_STATE_DEAD; | 220 | x->km.state = XFRM_STATE_DEAD; |
| 221 | spin_lock(&xfrm_state_lock); | 221 | spin_lock(&xfrm_state_lock); |
| 222 | list_del(&x->bydst); | 222 | list_del(&x->bydst); |
| 223 | atomic_dec(&x->refcnt); | 223 | __xfrm_state_put(x); |
| 224 | if (x->id.spi) { | 224 | if (x->id.spi) { |
| 225 | list_del(&x->byspi); | 225 | list_del(&x->byspi); |
| 226 | atomic_dec(&x->refcnt); | 226 | __xfrm_state_put(x); |
| 227 | } | 227 | } |
| 228 | spin_unlock(&xfrm_state_lock); | 228 | spin_unlock(&xfrm_state_lock); |
| 229 | if (del_timer(&x->timer)) | 229 | if (del_timer(&x->timer)) |
| 230 | atomic_dec(&x->refcnt); | 230 | __xfrm_state_put(x); |
| 231 | 231 | ||
| 232 | /* The number two in this test is the reference | 232 | /* The number two in this test is the reference |
| 233 | * mentioned in the comment below plus the reference | 233 | * mentioned in the comment below plus the reference |
| @@ -243,7 +243,7 @@ static int __xfrm_state_delete(struct xfrm_state *x) | |||
| 243 | * The xfrm_state_alloc call gives a reference, and that | 243 | * The xfrm_state_alloc call gives a reference, and that |
| 244 | * is what we are dropping here. | 244 | * is what we are dropping here. |
| 245 | */ | 245 | */ |
| 246 | atomic_dec(&x->refcnt); | 246 | __xfrm_state_put(x); |
| 247 | err = 0; | 247 | err = 0; |
| 248 | } | 248 | } |
| 249 | 249 | ||
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ac87a09ba83e..7de17559249a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -345,7 +345,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) | |||
| 345 | 345 | ||
| 346 | if (err < 0) { | 346 | if (err < 0) { |
| 347 | x->km.state = XFRM_STATE_DEAD; | 347 | x->km.state = XFRM_STATE_DEAD; |
| 348 | xfrm_state_put(x); | 348 | __xfrm_state_put(x); |
| 349 | goto out; | 349 | goto out; |
| 350 | } | 350 | } |
| 351 | 351 | ||