aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJames Bottomley <jejb@mulgrave.il.steeleye.com>2006-06-10 14:47:26 -0400
committerJames Bottomley <jejb@mulgrave.il.steeleye.com>2006-06-10 14:47:26 -0400
commitf0cd91a68acdc9b49d7f6738b514a426da627649 (patch)
tree8ad73564015794197583b094217ae0a71e71e753 /net
parent60eef25701d25e99c991dd0f4a9f3832a0c3ad3e (diff)
parent128e6ced247cda88f96fa9f2e4ba8b2c4a681560 (diff)
Merge ../linux-2.6
Diffstat (limited to 'net')
-rw-r--r--net/802/tr.c1
-rw-r--r--net/atm/clip.c462
-rw-r--r--net/ax25/af_ax25.c93
-rw-r--r--net/ax25/ax25_addr.c9
-rw-r--r--net/ax25/ax25_ds_timer.c3
-rw-r--r--net/ax25/ax25_iface.c13
-rw-r--r--net/ax25/ax25_ip.c3
-rw-r--r--net/ax25/ax25_out.c3
-rw-r--r--net/ax25/ax25_route.c2
-rw-r--r--net/ax25/ax25_timer.c3
-rw-r--r--net/ax25/ax25_uid.c4
-rw-r--r--net/ax25/sysctl_net_ax25.c10
-rw-r--r--net/bridge/br.c3
-rw-r--r--net/bridge/br_forward.c8
-rw-r--r--net/bridge/br_if.c28
-rw-r--r--net/bridge/br_input.c1
-rw-r--r--net/bridge/netfilter/ebt_log.c2
-rw-r--r--net/bridge/netfilter/ebtables.c20
-rw-r--r--net/core/dev.c122
-rw-r--r--net/core/filter.c5
-rw-r--r--net/core/link_watch.c10
-rw-r--r--net/core/neighbour.c21
-rw-r--r--net/core/net-sysfs.c49
-rw-r--r--net/core/skbuff.c8
-rw-r--r--net/core/stream.c1
-rw-r--r--net/core/wireless.c8
-rw-r--r--net/dccp/proto.c13
-rw-r--r--net/decnet/dn_neigh.c5
-rw-r--r--net/ethernet/Makefile1
-rw-r--r--net/ethernet/sysctl_net_ether.c14
-rw-r--r--net/ieee80211/softmac/Kconfig1
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_assoc.c42
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_auth.c16
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_event.c40
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_io.c18
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_module.c6
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_scan.c10
-rw-r--r--net/ieee80211/softmac/ieee80211softmac_wx.c37
-rw-r--r--net/ipv4/af_inet.c2
-rw-r--r--net/ipv4/arp.c4
-rw-r--r--net/ipv4/devinet.c1
-rw-r--r--net/ipv4/fib_frontend.c1
-rw-r--r--net/ipv4/inet_hashtables.c4
-rw-r--r--net/ipv4/ip_input.c2
-rw-r--r--net/ipv4/ip_options.c2
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/ipcomp.c9
-rw-r--r--net/ipv4/netfilter/Kconfig6
-rw-r--r--net/ipv4/netfilter/arp_tables.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c1
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c46
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_pptp.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c11
-rw-r--r--net/ipv4/netfilter/ip_nat_proto_gre.c12
-rw-r--r--net/ipv4/netfilter/ip_nat_snmp_basic.c16
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c2
-rw-r--r--net/ipv4/netfilter/ip_tables.c39
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c2
-rw-r--r--net/ipv4/netfilter/ipt_recent.c2
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c1
-rw-r--r--net/ipv4/route.c5
-rw-r--r--net/ipv4/tcp.c13
-rw-r--r--net/ipv4/tcp_highspeed.c5
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/tcp_ipv4.c1
-rw-r--r--net/ipv4/tcp_output.c25
-rw-r--r--net/ipv4/xfrm4_output.c2
-rw-r--r--net/ipv4/xfrm4_policy.c2
-rw-r--r--net/ipv6/exthdrs.c16
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/ip6_input.c3
-rw-r--r--net/ipv6/ipcomp6.c2
-rw-r--r--net/ipv6/netfilter/ip6_tables.c15
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c2
-rw-r--r--net/ipv6/netfilter/ip6t_eui64.c2
-rw-r--r--net/ipv6/route.c21
-rw-r--r--net/ipv6/xfrm6_policy.c8
-rw-r--r--net/ipx/af_ipx.c4
-rw-r--r--net/ipx/ipx_route.c2
-rw-r--r--net/irda/iriap.c3
-rw-r--r--net/irda/irias_object.c3
-rw-r--r--net/irda/irlap.c3
-rw-r--r--net/llc/llc_input.c3
-rw-r--r--net/netfilter/nf_conntrack_core.c15
-rw-r--r--net/netfilter/nf_conntrack_l3proto_generic.c1
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c11
-rw-r--r--net/netfilter/nfnetlink_log.c4
-rw-r--r--net/netfilter/x_tables.c6
-rw-r--r--net/netlink/af_netlink.c3
-rw-r--r--net/netrom/af_netrom.c18
-rw-r--r--net/netrom/nr_dev.c1
-rw-r--r--net/rose/af_rose.c13
-rw-r--r--net/rose/rose_dev.c1
-rw-r--r--net/rose/rose_link.c6
-rw-r--r--net/rose/rose_route.c7
-rw-r--r--net/sched/act_ipt.c5
-rw-r--r--net/sched/sch_generic.c6
-rw-r--r--net/sched/sch_hfsc.c6
-rw-r--r--net/sched/sch_netem.c2
-rw-r--r--net/sctp/input.c144
-rw-r--r--net/sctp/inqueue.c1
-rw-r--r--net/sctp/sm_sideeffect.c16
-rw-r--r--net/sctp/sm_statefuns.c140
-rw-r--r--net/sctp/sm_statetable.c10
-rw-r--r--net/sctp/socket.c29
-rw-r--r--net/sctp/ulpqueue.c27
-rw-r--r--net/socket.c3
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c1
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_crypto.c11
-rw-r--r--net/sunrpc/cache.c1
-rw-r--r--net/sunrpc/stats.c3
-rw-r--r--net/sysctl_net.c8
-rw-r--r--net/tipc/name_distr.c3
-rw-r--r--net/x25/x25_timer.c4
-rw-r--r--net/xfrm/xfrm_input.c2
-rw-r--r--net/xfrm/xfrm_policy.c16
-rw-r--r--net/xfrm/xfrm_state.c33
118 files changed, 1100 insertions, 870 deletions
diff --git a/net/802/tr.c b/net/802/tr.c
index afd8385c0c9c..e9dc803f2fe0 100644
--- a/net/802/tr.c
+++ b/net/802/tr.c
@@ -643,6 +643,5 @@ static int __init rif_init(void)
643 643
644module_init(rif_init); 644module_init(rif_init);
645 645
646EXPORT_SYMBOL(tr_source_route);
647EXPORT_SYMBOL(tr_type_trans); 646EXPORT_SYMBOL(tr_type_trans);
648EXPORT_SYMBOL(alloc_trdev); 647EXPORT_SYMBOL(alloc_trdev);
diff --git a/net/atm/clip.c b/net/atm/clip.c
index 3ab4e7947bab..72d852982664 100644
--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -2,7 +2,6 @@
2 2
3/* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */ 3/* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */
4 4
5
6#include <linux/config.h> 5#include <linux/config.h>
7#include <linux/string.h> 6#include <linux/string.h>
8#include <linux/errno.h> 7#include <linux/errno.h>
@@ -54,24 +53,24 @@ static struct net_device *clip_devs;
54static struct atm_vcc *atmarpd; 53static struct atm_vcc *atmarpd;
55static struct neigh_table clip_tbl; 54static struct neigh_table clip_tbl;
56static struct timer_list idle_timer; 55static struct timer_list idle_timer;
57static int start_timer = 1;
58
59 56
60static int to_atmarpd(enum atmarp_ctrl_type type,int itf,unsigned long ip) 57static int to_atmarpd(enum atmarp_ctrl_type type, int itf, unsigned long ip)
61{ 58{
62 struct sock *sk; 59 struct sock *sk;
63 struct atmarp_ctrl *ctrl; 60 struct atmarp_ctrl *ctrl;
64 struct sk_buff *skb; 61 struct sk_buff *skb;
65 62
66 DPRINTK("to_atmarpd(%d)\n",type); 63 DPRINTK("to_atmarpd(%d)\n", type);
67 if (!atmarpd) return -EUNATCH; 64 if (!atmarpd)
65 return -EUNATCH;
68 skb = alloc_skb(sizeof(struct atmarp_ctrl),GFP_ATOMIC); 66 skb = alloc_skb(sizeof(struct atmarp_ctrl),GFP_ATOMIC);
69 if (!skb) return -ENOMEM; 67 if (!skb)
68 return -ENOMEM;
70 ctrl = (struct atmarp_ctrl *) skb_put(skb,sizeof(struct atmarp_ctrl)); 69 ctrl = (struct atmarp_ctrl *) skb_put(skb,sizeof(struct atmarp_ctrl));
71 ctrl->type = type; 70 ctrl->type = type;
72 ctrl->itf_num = itf; 71 ctrl->itf_num = itf;
73 ctrl->ip = ip; 72 ctrl->ip = ip;
74 atm_force_charge(atmarpd,skb->truesize); 73 atm_force_charge(atmarpd, skb->truesize);
75 74
76 sk = sk_atm(atmarpd); 75 sk = sk_atm(atmarpd);
77 skb_queue_tail(&sk->sk_receive_queue, skb); 76 skb_queue_tail(&sk->sk_receive_queue, skb);
@@ -79,26 +78,24 @@ static int to_atmarpd(enum atmarp_ctrl_type type,int itf,unsigned long ip)
79 return 0; 78 return 0;
80} 79}
81 80
82 81static void link_vcc(struct clip_vcc *clip_vcc, struct atmarp_entry *entry)
83static void link_vcc(struct clip_vcc *clip_vcc,struct atmarp_entry *entry)
84{ 82{
85 DPRINTK("link_vcc %p to entry %p (neigh %p)\n",clip_vcc,entry, 83 DPRINTK("link_vcc %p to entry %p (neigh %p)\n", clip_vcc, entry,
86 entry->neigh); 84 entry->neigh);
87 clip_vcc->entry = entry; 85 clip_vcc->entry = entry;
88 clip_vcc->xoff = 0; /* @@@ may overrun buffer by one packet */ 86 clip_vcc->xoff = 0; /* @@@ may overrun buffer by one packet */
89 clip_vcc->next = entry->vccs; 87 clip_vcc->next = entry->vccs;
90 entry->vccs = clip_vcc; 88 entry->vccs = clip_vcc;
91 entry->neigh->used = jiffies; 89 entry->neigh->used = jiffies;
92} 90}
93 91
94
95static void unlink_clip_vcc(struct clip_vcc *clip_vcc) 92static void unlink_clip_vcc(struct clip_vcc *clip_vcc)
96{ 93{
97 struct atmarp_entry *entry = clip_vcc->entry; 94 struct atmarp_entry *entry = clip_vcc->entry;
98 struct clip_vcc **walk; 95 struct clip_vcc **walk;
99 96
100 if (!entry) { 97 if (!entry) {
101 printk(KERN_CRIT "!clip_vcc->entry (clip_vcc %p)\n",clip_vcc); 98 printk(KERN_CRIT "!clip_vcc->entry (clip_vcc %p)\n", clip_vcc);
102 return; 99 return;
103 } 100 }
104 spin_lock_bh(&entry->neigh->dev->xmit_lock); /* block clip_start_xmit() */ 101 spin_lock_bh(&entry->neigh->dev->xmit_lock); /* block clip_start_xmit() */
@@ -107,24 +104,24 @@ static void unlink_clip_vcc(struct clip_vcc *clip_vcc)
107 if (*walk == clip_vcc) { 104 if (*walk == clip_vcc) {
108 int error; 105 int error;
109 106
110 *walk = clip_vcc->next; /* atomic */ 107 *walk = clip_vcc->next; /* atomic */
111 clip_vcc->entry = NULL; 108 clip_vcc->entry = NULL;
112 if (clip_vcc->xoff) 109 if (clip_vcc->xoff)
113 netif_wake_queue(entry->neigh->dev); 110 netif_wake_queue(entry->neigh->dev);
114 if (entry->vccs) 111 if (entry->vccs)
115 goto out; 112 goto out;
116 entry->expires = jiffies-1; 113 entry->expires = jiffies - 1;
117 /* force resolution or expiration */ 114 /* force resolution or expiration */
118 error = neigh_update(entry->neigh, NULL, NUD_NONE, 115 error = neigh_update(entry->neigh, NULL, NUD_NONE,
119 NEIGH_UPDATE_F_ADMIN); 116 NEIGH_UPDATE_F_ADMIN);
120 if (error) 117 if (error)
121 printk(KERN_CRIT "unlink_clip_vcc: " 118 printk(KERN_CRIT "unlink_clip_vcc: "
122 "neigh_update failed with %d\n",error); 119 "neigh_update failed with %d\n", error);
123 goto out; 120 goto out;
124 } 121 }
125 printk(KERN_CRIT "ATMARP: unlink_clip_vcc failed (entry %p, vcc " 122 printk(KERN_CRIT "ATMARP: unlink_clip_vcc failed (entry %p, vcc "
126 "0x%p)\n",entry,clip_vcc); 123 "0x%p)\n", entry, clip_vcc);
127out: 124 out:
128 spin_unlock_bh(&entry->neigh->dev->xmit_lock); 125 spin_unlock_bh(&entry->neigh->dev->xmit_lock);
129} 126}
130 127
@@ -153,13 +150,13 @@ static int neigh_check_cb(struct neighbour *n)
153 DPRINTK("destruction postponed with ref %d\n", 150 DPRINTK("destruction postponed with ref %d\n",
154 atomic_read(&n->refcnt)); 151 atomic_read(&n->refcnt));
155 152
156 while ((skb = skb_dequeue(&n->arp_queue)) != NULL) 153 while ((skb = skb_dequeue(&n->arp_queue)) != NULL)
157 dev_kfree_skb(skb); 154 dev_kfree_skb(skb);
158 155
159 return 0; 156 return 0;
160 } 157 }
161 158
162 DPRINTK("expired neigh %p\n",n); 159 DPRINTK("expired neigh %p\n", n);
163 return 1; 160 return 1;
164} 161}
165 162
@@ -167,7 +164,7 @@ static void idle_timer_check(unsigned long dummy)
167{ 164{
168 write_lock(&clip_tbl.lock); 165 write_lock(&clip_tbl.lock);
169 __neigh_for_each_release(&clip_tbl, neigh_check_cb); 166 __neigh_for_each_release(&clip_tbl, neigh_check_cb);
170 mod_timer(&idle_timer, jiffies+CLIP_CHECK_INTERVAL*HZ); 167 mod_timer(&idle_timer, jiffies + CLIP_CHECK_INTERVAL * HZ);
171 write_unlock(&clip_tbl.lock); 168 write_unlock(&clip_tbl.lock);
172} 169}
173 170
@@ -177,13 +174,13 @@ static int clip_arp_rcv(struct sk_buff *skb)
177 174
178 DPRINTK("clip_arp_rcv\n"); 175 DPRINTK("clip_arp_rcv\n");
179 vcc = ATM_SKB(skb)->vcc; 176 vcc = ATM_SKB(skb)->vcc;
180 if (!vcc || !atm_charge(vcc,skb->truesize)) { 177 if (!vcc || !atm_charge(vcc, skb->truesize)) {
181 dev_kfree_skb_any(skb); 178 dev_kfree_skb_any(skb);
182 return 0; 179 return 0;
183 } 180 }
184 DPRINTK("pushing to %p\n",vcc); 181 DPRINTK("pushing to %p\n", vcc);
185 DPRINTK("using %p\n",CLIP_VCC(vcc)->old_push); 182 DPRINTK("using %p\n", CLIP_VCC(vcc)->old_push);
186 CLIP_VCC(vcc)->old_push(vcc,skb); 183 CLIP_VCC(vcc)->old_push(vcc, skb);
187 return 0; 184 return 0;
188} 185}
189 186
@@ -193,34 +190,38 @@ static const unsigned char llc_oui[] = {
193 0x03, /* Ctrl: Unnumbered Information Command PDU */ 190 0x03, /* Ctrl: Unnumbered Information Command PDU */
194 0x00, /* OUI: EtherType */ 191 0x00, /* OUI: EtherType */
195 0x00, 192 0x00,
196 0x00 }; 193 0x00
194};
197 195
198static void clip_push(struct atm_vcc *vcc,struct sk_buff *skb) 196static void clip_push(struct atm_vcc *vcc, struct sk_buff *skb)
199{ 197{
200 struct clip_vcc *clip_vcc = CLIP_VCC(vcc); 198 struct clip_vcc *clip_vcc = CLIP_VCC(vcc);
201 199
202 DPRINTK("clip push\n"); 200 DPRINTK("clip push\n");
203 if (!skb) { 201 if (!skb) {
204 DPRINTK("removing VCC %p\n",clip_vcc); 202 DPRINTK("removing VCC %p\n", clip_vcc);
205 if (clip_vcc->entry) unlink_clip_vcc(clip_vcc); 203 if (clip_vcc->entry)
206 clip_vcc->old_push(vcc,NULL); /* pass on the bad news */ 204 unlink_clip_vcc(clip_vcc);
205 clip_vcc->old_push(vcc, NULL); /* pass on the bad news */
207 kfree(clip_vcc); 206 kfree(clip_vcc);
208 return; 207 return;
209 } 208 }
210 atm_return(vcc,skb->truesize); 209 atm_return(vcc, skb->truesize);
211 skb->dev = clip_vcc->entry ? clip_vcc->entry->neigh->dev : clip_devs; 210 skb->dev = clip_vcc->entry ? clip_vcc->entry->neigh->dev : clip_devs;
212 /* clip_vcc->entry == NULL if we don't have an IP address yet */ 211 /* clip_vcc->entry == NULL if we don't have an IP address yet */
213 if (!skb->dev) { 212 if (!skb->dev) {
214 dev_kfree_skb_any(skb); 213 dev_kfree_skb_any(skb);
215 return; 214 return;
216 } 215 }
217 ATM_SKB(skb)->vcc = vcc; 216 ATM_SKB(skb)->vcc = vcc;
218 skb->mac.raw = skb->data; 217 skb->mac.raw = skb->data;
219 if (!clip_vcc->encap || skb->len < RFC1483LLC_LEN || memcmp(skb->data, 218 if (!clip_vcc->encap
220 llc_oui,sizeof(llc_oui))) skb->protocol = htons(ETH_P_IP); 219 || skb->len < RFC1483LLC_LEN
220 || memcmp(skb->data, llc_oui, sizeof (llc_oui)))
221 skb->protocol = htons(ETH_P_IP);
221 else { 222 else {
222 skb->protocol = ((u16 *) skb->data)[3]; 223 skb->protocol = ((u16 *) skb->data)[3];
223 skb_pull(skb,RFC1483LLC_LEN); 224 skb_pull(skb, RFC1483LLC_LEN);
224 if (skb->protocol == htons(ETH_P_ARP)) { 225 if (skb->protocol == htons(ETH_P_ARP)) {
225 PRIV(skb->dev)->stats.rx_packets++; 226 PRIV(skb->dev)->stats.rx_packets++;
226 PRIV(skb->dev)->stats.rx_bytes += skb->len; 227 PRIV(skb->dev)->stats.rx_bytes += skb->len;
@@ -235,58 +236,54 @@ static void clip_push(struct atm_vcc *vcc,struct sk_buff *skb)
235 netif_rx(skb); 236 netif_rx(skb);
236} 237}
237 238
238
239/* 239/*
240 * Note: these spinlocks _must_not_ block on non-SMP. The only goal is that 240 * Note: these spinlocks _must_not_ block on non-SMP. The only goal is that
241 * clip_pop is atomic with respect to the critical section in clip_start_xmit. 241 * clip_pop is atomic with respect to the critical section in clip_start_xmit.
242 */ 242 */
243 243
244 244static void clip_pop(struct atm_vcc *vcc, struct sk_buff *skb)
245static void clip_pop(struct atm_vcc *vcc,struct sk_buff *skb)
246{ 245{
247 struct clip_vcc *clip_vcc = CLIP_VCC(vcc); 246 struct clip_vcc *clip_vcc = CLIP_VCC(vcc);
248 struct net_device *dev = skb->dev; 247 struct net_device *dev = skb->dev;
249 int old; 248 int old;
250 unsigned long flags; 249 unsigned long flags;
251 250
252 DPRINTK("clip_pop(vcc %p)\n",vcc); 251 DPRINTK("clip_pop(vcc %p)\n", vcc);
253 clip_vcc->old_pop(vcc,skb); 252 clip_vcc->old_pop(vcc, skb);
254 /* skb->dev == NULL in outbound ARP packets */ 253 /* skb->dev == NULL in outbound ARP packets */
255 if (!dev) return; 254 if (!dev)
256 spin_lock_irqsave(&PRIV(dev)->xoff_lock,flags); 255 return;
257 if (atm_may_send(vcc,0)) { 256 spin_lock_irqsave(&PRIV(dev)->xoff_lock, flags);
258 old = xchg(&clip_vcc->xoff,0); 257 if (atm_may_send(vcc, 0)) {
259 if (old) netif_wake_queue(dev); 258 old = xchg(&clip_vcc->xoff, 0);
259 if (old)
260 netif_wake_queue(dev);
260 } 261 }
261 spin_unlock_irqrestore(&PRIV(dev)->xoff_lock,flags); 262 spin_unlock_irqrestore(&PRIV(dev)->xoff_lock, flags);
262} 263}
263 264
264
265static void clip_neigh_destroy(struct neighbour *neigh) 265static void clip_neigh_destroy(struct neighbour *neigh)
266{ 266{
267 DPRINTK("clip_neigh_destroy (neigh %p)\n",neigh); 267 DPRINTK("clip_neigh_destroy (neigh %p)\n", neigh);
268 if (NEIGH2ENTRY(neigh)->vccs) 268 if (NEIGH2ENTRY(neigh)->vccs)
269 printk(KERN_CRIT "clip_neigh_destroy: vccs != NULL !!!\n"); 269 printk(KERN_CRIT "clip_neigh_destroy: vccs != NULL !!!\n");
270 NEIGH2ENTRY(neigh)->vccs = (void *) 0xdeadbeef; 270 NEIGH2ENTRY(neigh)->vccs = (void *) 0xdeadbeef;
271} 271}
272 272
273 273static void clip_neigh_solicit(struct neighbour *neigh, struct sk_buff *skb)
274static void clip_neigh_solicit(struct neighbour *neigh,struct sk_buff *skb)
275{ 274{
276 DPRINTK("clip_neigh_solicit (neigh %p, skb %p)\n",neigh,skb); 275 DPRINTK("clip_neigh_solicit (neigh %p, skb %p)\n", neigh, skb);
277 to_atmarpd(act_need,PRIV(neigh->dev)->number,NEIGH2ENTRY(neigh)->ip); 276 to_atmarpd(act_need, PRIV(neigh->dev)->number, NEIGH2ENTRY(neigh)->ip);
278} 277}
279 278
280 279static void clip_neigh_error(struct neighbour *neigh, struct sk_buff *skb)
281static void clip_neigh_error(struct neighbour *neigh,struct sk_buff *skb)
282{ 280{
283#ifndef CONFIG_ATM_CLIP_NO_ICMP 281#ifndef CONFIG_ATM_CLIP_NO_ICMP
284 icmp_send(skb,ICMP_DEST_UNREACH,ICMP_HOST_UNREACH,0); 282 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0);
285#endif 283#endif
286 kfree_skb(skb); 284 kfree_skb(skb);
287} 285}
288 286
289
290static struct neigh_ops clip_neigh_ops = { 287static struct neigh_ops clip_neigh_ops = {
291 .family = AF_INET, 288 .family = AF_INET,
292 .solicit = clip_neigh_solicit, 289 .solicit = clip_neigh_solicit,
@@ -297,7 +294,6 @@ static struct neigh_ops clip_neigh_ops = {
297 .queue_xmit = dev_queue_xmit, 294 .queue_xmit = dev_queue_xmit,
298}; 295};
299 296
300
301static int clip_constructor(struct neighbour *neigh) 297static int clip_constructor(struct neighbour *neigh)
302{ 298{
303 struct atmarp_entry *entry = NEIGH2ENTRY(neigh); 299 struct atmarp_entry *entry = NEIGH2ENTRY(neigh);
@@ -305,9 +301,10 @@ static int clip_constructor(struct neighbour *neigh)
305 struct in_device *in_dev; 301 struct in_device *in_dev;
306 struct neigh_parms *parms; 302 struct neigh_parms *parms;
307 303
308 DPRINTK("clip_constructor (neigh %p, entry %p)\n",neigh,entry); 304 DPRINTK("clip_constructor (neigh %p, entry %p)\n", neigh, entry);
309 neigh->type = inet_addr_type(entry->ip); 305 neigh->type = inet_addr_type(entry->ip);
310 if (neigh->type != RTN_UNICAST) return -EINVAL; 306 if (neigh->type != RTN_UNICAST)
307 return -EINVAL;
311 308
312 rcu_read_lock(); 309 rcu_read_lock();
313 in_dev = __in_dev_get_rcu(dev); 310 in_dev = __in_dev_get_rcu(dev);
@@ -326,13 +323,13 @@ static int clip_constructor(struct neighbour *neigh)
326 neigh->ops->connected_output : neigh->ops->output; 323 neigh->ops->connected_output : neigh->ops->output;
327 entry->neigh = neigh; 324 entry->neigh = neigh;
328 entry->vccs = NULL; 325 entry->vccs = NULL;
329 entry->expires = jiffies-1; 326 entry->expires = jiffies - 1;
330 return 0; 327 return 0;
331} 328}
332 329
333static u32 clip_hash(const void *pkey, const struct net_device *dev) 330static u32 clip_hash(const void *pkey, const struct net_device *dev)
334{ 331{
335 return jhash_2words(*(u32 *)pkey, dev->ifindex, clip_tbl.hash_rnd); 332 return jhash_2words(*(u32 *) pkey, dev->ifindex, clip_tbl.hash_rnd);
336} 333}
337 334
338static struct neigh_table clip_tbl = { 335static struct neigh_table clip_tbl = {
@@ -366,7 +363,6 @@ static struct neigh_table clip_tbl = {
366 .gc_thresh3 = 1024, 363 .gc_thresh3 = 1024,
367}; 364};
368 365
369
370/* @@@ copy bh locking from arp.c -- need to bh-enable atm code before */ 366/* @@@ copy bh locking from arp.c -- need to bh-enable atm code before */
371 367
372/* 368/*
@@ -376,15 +372,13 @@ static struct neigh_table clip_tbl = {
376 * clip_setentry. 372 * clip_setentry.
377 */ 373 */
378 374
379 375static int clip_encap(struct atm_vcc *vcc, int mode)
380static int clip_encap(struct atm_vcc *vcc,int mode)
381{ 376{
382 CLIP_VCC(vcc)->encap = mode; 377 CLIP_VCC(vcc)->encap = mode;
383 return 0; 378 return 0;
384} 379}
385 380
386 381static int clip_start_xmit(struct sk_buff *skb, struct net_device *dev)
387static int clip_start_xmit(struct sk_buff *skb,struct net_device *dev)
388{ 382{
389 struct clip_priv *clip_priv = PRIV(dev); 383 struct clip_priv *clip_priv = PRIV(dev);
390 struct atmarp_entry *entry; 384 struct atmarp_entry *entry;
@@ -392,7 +386,7 @@ static int clip_start_xmit(struct sk_buff *skb,struct net_device *dev)
392 int old; 386 int old;
393 unsigned long flags; 387 unsigned long flags;
394 388
395 DPRINTK("clip_start_xmit (skb %p)\n",skb); 389 DPRINTK("clip_start_xmit (skb %p)\n", skb);
396 if (!skb->dst) { 390 if (!skb->dst) {
397 printk(KERN_ERR "clip_start_xmit: skb->dst == NULL\n"); 391 printk(KERN_ERR "clip_start_xmit: skb->dst == NULL\n");
398 dev_kfree_skb(skb); 392 dev_kfree_skb(skb);
@@ -401,9 +395,9 @@ static int clip_start_xmit(struct sk_buff *skb,struct net_device *dev)
401 } 395 }
402 if (!skb->dst->neighbour) { 396 if (!skb->dst->neighbour) {
403#if 0 397#if 0
404 skb->dst->neighbour = clip_find_neighbour(skb->dst,1); 398 skb->dst->neighbour = clip_find_neighbour(skb->dst, 1);
405 if (!skb->dst->neighbour) { 399 if (!skb->dst->neighbour) {
406 dev_kfree_skb(skb); /* lost that one */ 400 dev_kfree_skb(skb); /* lost that one */
407 clip_priv->stats.tx_dropped++; 401 clip_priv->stats.tx_dropped++;
408 return 0; 402 return 0;
409 } 403 }
@@ -417,73 +411,73 @@ static int clip_start_xmit(struct sk_buff *skb,struct net_device *dev)
417 if (!entry->vccs) { 411 if (!entry->vccs) {
418 if (time_after(jiffies, entry->expires)) { 412 if (time_after(jiffies, entry->expires)) {
419 /* should be resolved */ 413 /* should be resolved */
420 entry->expires = jiffies+ATMARP_RETRY_DELAY*HZ; 414 entry->expires = jiffies + ATMARP_RETRY_DELAY * HZ;
421 to_atmarpd(act_need,PRIV(dev)->number,entry->ip); 415 to_atmarpd(act_need, PRIV(dev)->number, entry->ip);
422 } 416 }
423 if (entry->neigh->arp_queue.qlen < ATMARP_MAX_UNRES_PACKETS) 417 if (entry->neigh->arp_queue.qlen < ATMARP_MAX_UNRES_PACKETS)
424 skb_queue_tail(&entry->neigh->arp_queue,skb); 418 skb_queue_tail(&entry->neigh->arp_queue, skb);
425 else { 419 else {
426 dev_kfree_skb(skb); 420 dev_kfree_skb(skb);
427 clip_priv->stats.tx_dropped++; 421 clip_priv->stats.tx_dropped++;
428 } 422 }
429 return 0; 423 return 0;
430 } 424 }
431 DPRINTK("neigh %p, vccs %p\n",entry,entry->vccs); 425 DPRINTK("neigh %p, vccs %p\n", entry, entry->vccs);
432 ATM_SKB(skb)->vcc = vcc = entry->vccs->vcc; 426 ATM_SKB(skb)->vcc = vcc = entry->vccs->vcc;
433 DPRINTK("using neighbour %p, vcc %p\n",skb->dst->neighbour,vcc); 427 DPRINTK("using neighbour %p, vcc %p\n", skb->dst->neighbour, vcc);
434 if (entry->vccs->encap) { 428 if (entry->vccs->encap) {
435 void *here; 429 void *here;
436 430
437 here = skb_push(skb,RFC1483LLC_LEN); 431 here = skb_push(skb, RFC1483LLC_LEN);
438 memcpy(here,llc_oui,sizeof(llc_oui)); 432 memcpy(here, llc_oui, sizeof(llc_oui));
439 ((u16 *) here)[3] = skb->protocol; 433 ((u16 *) here)[3] = skb->protocol;
440 } 434 }
441 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); 435 atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
442 ATM_SKB(skb)->atm_options = vcc->atm_options; 436 ATM_SKB(skb)->atm_options = vcc->atm_options;
443 entry->vccs->last_use = jiffies; 437 entry->vccs->last_use = jiffies;
444 DPRINTK("atm_skb(%p)->vcc(%p)->dev(%p)\n",skb,vcc,vcc->dev); 438 DPRINTK("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, vcc, vcc->dev);
445 old = xchg(&entry->vccs->xoff,1); /* assume XOFF ... */ 439 old = xchg(&entry->vccs->xoff, 1); /* assume XOFF ... */
446 if (old) { 440 if (old) {
447 printk(KERN_WARNING "clip_start_xmit: XOFF->XOFF transition\n"); 441 printk(KERN_WARNING "clip_start_xmit: XOFF->XOFF transition\n");
448 return 0; 442 return 0;
449 } 443 }
450 clip_priv->stats.tx_packets++; 444 clip_priv->stats.tx_packets++;
451 clip_priv->stats.tx_bytes += skb->len; 445 clip_priv->stats.tx_bytes += skb->len;
452 (void) vcc->send(vcc,skb); 446 vcc->send(vcc, skb);
453 if (atm_may_send(vcc,0)) { 447 if (atm_may_send(vcc, 0)) {
454 entry->vccs->xoff = 0; 448 entry->vccs->xoff = 0;
455 return 0; 449 return 0;
456 } 450 }
457 spin_lock_irqsave(&clip_priv->xoff_lock,flags); 451 spin_lock_irqsave(&clip_priv->xoff_lock, flags);
458 netif_stop_queue(dev); /* XOFF -> throttle immediately */ 452 netif_stop_queue(dev); /* XOFF -> throttle immediately */
459 barrier(); 453 barrier();
460 if (!entry->vccs->xoff) 454 if (!entry->vccs->xoff)
461 netif_start_queue(dev); 455 netif_start_queue(dev);
462 /* Oh, we just raced with clip_pop. netif_start_queue should be 456 /* Oh, we just raced with clip_pop. netif_start_queue should be
463 good enough, because nothing should really be asleep because 457 good enough, because nothing should really be asleep because
464 of the brief netif_stop_queue. If this isn't true or if it 458 of the brief netif_stop_queue. If this isn't true or if it
465 changes, use netif_wake_queue instead. */ 459 changes, use netif_wake_queue instead. */
466 spin_unlock_irqrestore(&clip_priv->xoff_lock,flags); 460 spin_unlock_irqrestore(&clip_priv->xoff_lock, flags);
467 return 0; 461 return 0;
468} 462}
469 463
470
471static struct net_device_stats *clip_get_stats(struct net_device *dev) 464static struct net_device_stats *clip_get_stats(struct net_device *dev)
472{ 465{
473 return &PRIV(dev)->stats; 466 return &PRIV(dev)->stats;
474} 467}
475 468
476 469static int clip_mkip(struct atm_vcc *vcc, int timeout)
477static int clip_mkip(struct atm_vcc *vcc,int timeout)
478{ 470{
479 struct clip_vcc *clip_vcc; 471 struct clip_vcc *clip_vcc;
480 struct sk_buff_head copy; 472 struct sk_buff_head copy;
481 struct sk_buff *skb; 473 struct sk_buff *skb;
482 474
483 if (!vcc->push) return -EBADFD; 475 if (!vcc->push)
484 clip_vcc = kmalloc(sizeof(struct clip_vcc),GFP_KERNEL); 476 return -EBADFD;
485 if (!clip_vcc) return -ENOMEM; 477 clip_vcc = kmalloc(sizeof(struct clip_vcc), GFP_KERNEL);
486 DPRINTK("mkip clip_vcc %p vcc %p\n",clip_vcc,vcc); 478 if (!clip_vcc)
479 return -ENOMEM;
480 DPRINTK("mkip clip_vcc %p vcc %p\n", clip_vcc, vcc);
487 clip_vcc->vcc = vcc; 481 clip_vcc->vcc = vcc;
488 vcc->user_back = clip_vcc; 482 vcc->user_back = clip_vcc;
489 set_bit(ATM_VF_IS_CLIP, &vcc->flags); 483 set_bit(ATM_VF_IS_CLIP, &vcc->flags);
@@ -491,7 +485,7 @@ static int clip_mkip(struct atm_vcc *vcc,int timeout)
491 clip_vcc->xoff = 0; 485 clip_vcc->xoff = 0;
492 clip_vcc->encap = 1; 486 clip_vcc->encap = 1;
493 clip_vcc->last_use = jiffies; 487 clip_vcc->last_use = jiffies;
494 clip_vcc->idle_timeout = timeout*HZ; 488 clip_vcc->idle_timeout = timeout * HZ;
495 clip_vcc->old_push = vcc->push; 489 clip_vcc->old_push = vcc->push;
496 clip_vcc->old_pop = vcc->pop; 490 clip_vcc->old_pop = vcc->pop;
497 vcc->push = clip_push; 491 vcc->push = clip_push;
@@ -501,27 +495,25 @@ static int clip_mkip(struct atm_vcc *vcc,int timeout)
501 /* re-process everything received between connection setup and MKIP */ 495 /* re-process everything received between connection setup and MKIP */
502 while ((skb = skb_dequeue(&copy)) != NULL) 496 while ((skb = skb_dequeue(&copy)) != NULL)
503 if (!clip_devs) { 497 if (!clip_devs) {
504 atm_return(vcc,skb->truesize); 498 atm_return(vcc, skb->truesize);
505 kfree_skb(skb); 499 kfree_skb(skb);
506 } 500 } else {
507 else {
508 unsigned int len = skb->len; 501 unsigned int len = skb->len;
509 502
510 clip_push(vcc,skb); 503 clip_push(vcc, skb);
511 PRIV(skb->dev)->stats.rx_packets--; 504 PRIV(skb->dev)->stats.rx_packets--;
512 PRIV(skb->dev)->stats.rx_bytes -= len; 505 PRIV(skb->dev)->stats.rx_bytes -= len;
513 } 506 }
514 return 0; 507 return 0;
515} 508}
516 509
517 510static int clip_setentry(struct atm_vcc *vcc, u32 ip)
518static int clip_setentry(struct atm_vcc *vcc,u32 ip)
519{ 511{
520 struct neighbour *neigh; 512 struct neighbour *neigh;
521 struct atmarp_entry *entry; 513 struct atmarp_entry *entry;
522 int error; 514 int error;
523 struct clip_vcc *clip_vcc; 515 struct clip_vcc *clip_vcc;
524 struct flowi fl = { .nl_u = { .ip4_u = { .daddr = ip, .tos = 1 } } }; 516 struct flowi fl = { .nl_u = { .ip4_u = { .daddr = ip, .tos = 1}} };
525 struct rtable *rt; 517 struct rtable *rt;
526 518
527 if (vcc->push != clip_push) { 519 if (vcc->push != clip_push) {
@@ -538,28 +530,29 @@ static int clip_setentry(struct atm_vcc *vcc,u32 ip)
538 unlink_clip_vcc(clip_vcc); 530 unlink_clip_vcc(clip_vcc);
539 return 0; 531 return 0;
540 } 532 }
541 error = ip_route_output_key(&rt,&fl); 533 error = ip_route_output_key(&rt, &fl);
542 if (error) return error; 534 if (error)
543 neigh = __neigh_lookup(&clip_tbl,&ip,rt->u.dst.dev,1); 535 return error;
536 neigh = __neigh_lookup(&clip_tbl, &ip, rt->u.dst.dev, 1);
544 ip_rt_put(rt); 537 ip_rt_put(rt);
545 if (!neigh) 538 if (!neigh)
546 return -ENOMEM; 539 return -ENOMEM;
547 entry = NEIGH2ENTRY(neigh); 540 entry = NEIGH2ENTRY(neigh);
548 if (entry != clip_vcc->entry) { 541 if (entry != clip_vcc->entry) {
549 if (!clip_vcc->entry) DPRINTK("setentry: add\n"); 542 if (!clip_vcc->entry)
543 DPRINTK("setentry: add\n");
550 else { 544 else {
551 DPRINTK("setentry: update\n"); 545 DPRINTK("setentry: update\n");
552 unlink_clip_vcc(clip_vcc); 546 unlink_clip_vcc(clip_vcc);
553 } 547 }
554 link_vcc(clip_vcc,entry); 548 link_vcc(clip_vcc, entry);
555 } 549 }
556 error = neigh_update(neigh, llc_oui, NUD_PERMANENT, 550 error = neigh_update(neigh, llc_oui, NUD_PERMANENT,
557 NEIGH_UPDATE_F_OVERRIDE|NEIGH_UPDATE_F_ADMIN); 551 NEIGH_UPDATE_F_OVERRIDE | NEIGH_UPDATE_F_ADMIN);
558 neigh_release(neigh); 552 neigh_release(neigh);
559 return error; 553 return error;
560} 554}
561 555
562
563static void clip_setup(struct net_device *dev) 556static void clip_setup(struct net_device *dev)
564{ 557{
565 dev->hard_start_xmit = clip_start_xmit; 558 dev->hard_start_xmit = clip_start_xmit;
@@ -568,15 +561,14 @@ static void clip_setup(struct net_device *dev)
568 dev->type = ARPHRD_ATM; 561 dev->type = ARPHRD_ATM;
569 dev->hard_header_len = RFC1483LLC_LEN; 562 dev->hard_header_len = RFC1483LLC_LEN;
570 dev->mtu = RFC1626_MTU; 563 dev->mtu = RFC1626_MTU;
571 dev->tx_queue_len = 100; /* "normal" queue (packets) */ 564 dev->tx_queue_len = 100; /* "normal" queue (packets) */
572 /* When using a "real" qdisc, the qdisc determines the queue */ 565 /* When using a "real" qdisc, the qdisc determines the queue */
573 /* length. tx_queue_len is only used for the default case, */ 566 /* length. tx_queue_len is only used for the default case, */
574 /* without any more elaborate queuing. 100 is a reasonable */ 567 /* without any more elaborate queuing. 100 is a reasonable */
575 /* compromise between decent burst-tolerance and protection */ 568 /* compromise between decent burst-tolerance and protection */
576 /* against memory hogs. */ 569 /* against memory hogs. */
577} 570}
578 571
579
580static int clip_create(int number) 572static int clip_create(int number)
581{ 573{
582 struct net_device *dev; 574 struct net_device *dev;
@@ -585,19 +577,19 @@ static int clip_create(int number)
585 577
586 if (number != -1) { 578 if (number != -1) {
587 for (dev = clip_devs; dev; dev = PRIV(dev)->next) 579 for (dev = clip_devs; dev; dev = PRIV(dev)->next)
588 if (PRIV(dev)->number == number) return -EEXIST; 580 if (PRIV(dev)->number == number)
589 } 581 return -EEXIST;
590 else { 582 } else {
591 number = 0; 583 number = 0;
592 for (dev = clip_devs; dev; dev = PRIV(dev)->next) 584 for (dev = clip_devs; dev; dev = PRIV(dev)->next)
593 if (PRIV(dev)->number >= number) 585 if (PRIV(dev)->number >= number)
594 number = PRIV(dev)->number+1; 586 number = PRIV(dev)->number + 1;
595 } 587 }
596 dev = alloc_netdev(sizeof(struct clip_priv), "", clip_setup); 588 dev = alloc_netdev(sizeof(struct clip_priv), "", clip_setup);
597 if (!dev) 589 if (!dev)
598 return -ENOMEM; 590 return -ENOMEM;
599 clip_priv = PRIV(dev); 591 clip_priv = PRIV(dev);
600 sprintf(dev->name,"atm%d",number); 592 sprintf(dev->name, "atm%d", number);
601 spin_lock_init(&clip_priv->xoff_lock); 593 spin_lock_init(&clip_priv->xoff_lock);
602 clip_priv->number = number; 594 clip_priv->number = number;
603 error = register_netdev(dev); 595 error = register_netdev(dev);
@@ -607,53 +599,48 @@ static int clip_create(int number)
607 } 599 }
608 clip_priv->next = clip_devs; 600 clip_priv->next = clip_devs;
609 clip_devs = dev; 601 clip_devs = dev;
610 DPRINTK("registered (net:%s)\n",dev->name); 602 DPRINTK("registered (net:%s)\n", dev->name);
611 return number; 603 return number;
612} 604}
613 605
614 606static int clip_device_event(struct notifier_block *this, unsigned long event,
615static int clip_device_event(struct notifier_block *this,unsigned long event, 607 void *arg)
616 void *dev)
617{ 608{
609 struct net_device *dev = arg;
610
611 if (event == NETDEV_UNREGISTER) {
612 neigh_ifdown(&clip_tbl, dev);
613 return NOTIFY_DONE;
614 }
615
618 /* ignore non-CLIP devices */ 616 /* ignore non-CLIP devices */
619 if (((struct net_device *) dev)->type != ARPHRD_ATM || 617 if (dev->type != ARPHRD_ATM || dev->hard_start_xmit != clip_start_xmit)
620 ((struct net_device *) dev)->hard_start_xmit != clip_start_xmit)
621 return NOTIFY_DONE; 618 return NOTIFY_DONE;
619
622 switch (event) { 620 switch (event) {
623 case NETDEV_UP: 621 case NETDEV_UP:
624 DPRINTK("clip_device_event NETDEV_UP\n"); 622 DPRINTK("clip_device_event NETDEV_UP\n");
625 (void) to_atmarpd(act_up,PRIV(dev)->number,0); 623 to_atmarpd(act_up, PRIV(dev)->number, 0);
626 break; 624 break;
627 case NETDEV_GOING_DOWN: 625 case NETDEV_GOING_DOWN:
628 DPRINTK("clip_device_event NETDEV_DOWN\n"); 626 DPRINTK("clip_device_event NETDEV_DOWN\n");
629 (void) to_atmarpd(act_down,PRIV(dev)->number,0); 627 to_atmarpd(act_down, PRIV(dev)->number, 0);
630 break; 628 break;
631 case NETDEV_CHANGE: 629 case NETDEV_CHANGE:
632 case NETDEV_CHANGEMTU: 630 case NETDEV_CHANGEMTU:
633 DPRINTK("clip_device_event NETDEV_CHANGE*\n"); 631 DPRINTK("clip_device_event NETDEV_CHANGE*\n");
634 (void) to_atmarpd(act_change,PRIV(dev)->number,0); 632 to_atmarpd(act_change, PRIV(dev)->number, 0);
635 break; 633 break;
636 case NETDEV_REBOOT:
637 case NETDEV_REGISTER:
638 case NETDEV_DOWN:
639 DPRINTK("clip_device_event %ld\n",event);
640 /* ignore */
641 break;
642 default:
643 printk(KERN_WARNING "clip_device_event: unknown event "
644 "%ld\n",event);
645 break;
646 } 634 }
647 return NOTIFY_DONE; 635 return NOTIFY_DONE;
648} 636}
649 637
650 638static int clip_inet_event(struct notifier_block *this, unsigned long event,
651static int clip_inet_event(struct notifier_block *this,unsigned long event, 639 void *ifa)
652 void *ifa)
653{ 640{
654 struct in_device *in_dev; 641 struct in_device *in_dev;
655 642
656 in_dev = ((struct in_ifaddr *) ifa)->ifa_dev; 643 in_dev = ((struct in_ifaddr *)ifa)->ifa_dev;
657 if (!in_dev || !in_dev->dev) { 644 if (!in_dev || !in_dev->dev) {
658 printk(KERN_WARNING "clip_inet_event: no device\n"); 645 printk(KERN_WARNING "clip_inet_event: no device\n");
659 return NOTIFY_DONE; 646 return NOTIFY_DONE;
@@ -662,23 +649,20 @@ static int clip_inet_event(struct notifier_block *this,unsigned long event,
662 * Transitions are of the down-change-up type, so it's sufficient to 649 * Transitions are of the down-change-up type, so it's sufficient to
663 * handle the change on up. 650 * handle the change on up.
664 */ 651 */
665 if (event != NETDEV_UP) return NOTIFY_DONE; 652 if (event != NETDEV_UP)
666 return clip_device_event(this,NETDEV_CHANGE,in_dev->dev); 653 return NOTIFY_DONE;
654 return clip_device_event(this, NETDEV_CHANGE, in_dev->dev);
667} 655}
668 656
669 657
670static struct notifier_block clip_dev_notifier = { 658static struct notifier_block clip_dev_notifier = {
671 clip_device_event, 659 .notifier_call = clip_device_event,
672 NULL,
673 0
674}; 660};
675 661
676 662
677 663
678static struct notifier_block clip_inet_notifier = { 664static struct notifier_block clip_inet_notifier = {
679 clip_inet_event, 665 .notifier_call = clip_inet_event,
680 NULL,
681 0
682}; 666};
683 667
684 668
@@ -686,14 +670,12 @@ static struct notifier_block clip_inet_notifier = {
686static void atmarpd_close(struct atm_vcc *vcc) 670static void atmarpd_close(struct atm_vcc *vcc)
687{ 671{
688 DPRINTK("atmarpd_close\n"); 672 DPRINTK("atmarpd_close\n");
689 atmarpd = NULL; /* assumed to be atomic */ 673
690 barrier(); 674 rtnl_lock();
691 unregister_inetaddr_notifier(&clip_inet_notifier); 675 atmarpd = NULL;
692 unregister_netdevice_notifier(&clip_dev_notifier);
693 if (skb_peek(&sk_atm(vcc)->sk_receive_queue))
694 printk(KERN_ERR "atmarpd_close: closing with requests "
695 "pending\n");
696 skb_queue_purge(&sk_atm(vcc)->sk_receive_queue); 676 skb_queue_purge(&sk_atm(vcc)->sk_receive_queue);
677 rtnl_unlock();
678
697 DPRINTK("(done)\n"); 679 DPRINTK("(done)\n");
698 module_put(THIS_MODULE); 680 module_put(THIS_MODULE);
699} 681}
@@ -714,14 +696,14 @@ static struct atm_dev atmarpd_dev = {
714 696
715static int atm_init_atmarp(struct atm_vcc *vcc) 697static int atm_init_atmarp(struct atm_vcc *vcc)
716{ 698{
717 if (atmarpd) return -EADDRINUSE; 699 rtnl_lock();
718 if (start_timer) { 700 if (atmarpd) {
719 start_timer = 0; 701 rtnl_unlock();
720 init_timer(&idle_timer); 702 return -EADDRINUSE;
721 idle_timer.expires = jiffies+CLIP_CHECK_INTERVAL*HZ;
722 idle_timer.function = idle_timer_check;
723 add_timer(&idle_timer);
724 } 703 }
704
705 mod_timer(&idle_timer, jiffies+CLIP_CHECK_INTERVAL*HZ);
706
725 atmarpd = vcc; 707 atmarpd = vcc;
726 set_bit(ATM_VF_META,&vcc->flags); 708 set_bit(ATM_VF_META,&vcc->flags);
727 set_bit(ATM_VF_READY,&vcc->flags); 709 set_bit(ATM_VF_READY,&vcc->flags);
@@ -731,10 +713,7 @@ static int atm_init_atmarp(struct atm_vcc *vcc)
731 vcc->push = NULL; 713 vcc->push = NULL;
732 vcc->pop = NULL; /* crash */ 714 vcc->pop = NULL; /* crash */
733 vcc->push_oam = NULL; /* crash */ 715 vcc->push_oam = NULL; /* crash */
734 if (register_netdevice_notifier(&clip_dev_notifier)) 716 rtnl_unlock();
735 printk(KERN_ERR "register_netdevice_notifier failed\n");
736 if (register_inetaddr_notifier(&clip_inet_notifier))
737 printk(KERN_ERR "register_inetaddr_notifier failed\n");
738 return 0; 717 return 0;
739} 718}
740 719
@@ -744,53 +723,53 @@ static int clip_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
744 int err = 0; 723 int err = 0;
745 724
746 switch (cmd) { 725 switch (cmd) {
747 case SIOCMKCLIP: 726 case SIOCMKCLIP:
748 case ATMARPD_CTRL: 727 case ATMARPD_CTRL:
749 case ATMARP_MKIP: 728 case ATMARP_MKIP:
750 case ATMARP_SETENTRY: 729 case ATMARP_SETENTRY:
751 case ATMARP_ENCAP: 730 case ATMARP_ENCAP:
752 if (!capable(CAP_NET_ADMIN)) 731 if (!capable(CAP_NET_ADMIN))
753 return -EPERM; 732 return -EPERM;
754 break; 733 break;
755 default: 734 default:
756 return -ENOIOCTLCMD; 735 return -ENOIOCTLCMD;
757 } 736 }
758 737
759 switch (cmd) { 738 switch (cmd) {
760 case SIOCMKCLIP: 739 case SIOCMKCLIP:
761 err = clip_create(arg); 740 err = clip_create(arg);
762 break; 741 break;
763 case ATMARPD_CTRL: 742 case ATMARPD_CTRL:
764 err = atm_init_atmarp(vcc); 743 err = atm_init_atmarp(vcc);
765 if (!err) { 744 if (!err) {
766 sock->state = SS_CONNECTED; 745 sock->state = SS_CONNECTED;
767 __module_get(THIS_MODULE); 746 __module_get(THIS_MODULE);
768 } 747 }
769 break; 748 break;
770 case ATMARP_MKIP: 749 case ATMARP_MKIP:
771 err = clip_mkip(vcc ,arg); 750 err = clip_mkip(vcc, arg);
772 break; 751 break;
773 case ATMARP_SETENTRY: 752 case ATMARP_SETENTRY:
774 err = clip_setentry(vcc, arg); 753 err = clip_setentry(vcc, arg);
775 break; 754 break;
776 case ATMARP_ENCAP: 755 case ATMARP_ENCAP:
777 err = clip_encap(vcc, arg); 756 err = clip_encap(vcc, arg);
778 break; 757 break;
779 } 758 }
780 return err; 759 return err;
781} 760}
782 761
783static struct atm_ioctl clip_ioctl_ops = { 762static struct atm_ioctl clip_ioctl_ops = {
784 .owner = THIS_MODULE, 763 .owner = THIS_MODULE,
785 .ioctl = clip_ioctl, 764 .ioctl = clip_ioctl,
786}; 765};
787 766
788#ifdef CONFIG_PROC_FS 767#ifdef CONFIG_PROC_FS
789 768
790static void svc_addr(struct seq_file *seq, struct sockaddr_atmsvc *addr) 769static void svc_addr(struct seq_file *seq, struct sockaddr_atmsvc *addr)
791{ 770{
792 static int code[] = { 1,2,10,6,1,0 }; 771 static int code[] = { 1, 2, 10, 6, 1, 0 };
793 static int e164[] = { 1,8,4,6,1,0 }; 772 static int e164[] = { 1, 8, 4, 6, 1, 0 };
794 773
795 if (*addr->sas_addr.pub) { 774 if (*addr->sas_addr.pub) {
796 seq_printf(seq, "%s", addr->sas_addr.pub); 775 seq_printf(seq, "%s", addr->sas_addr.pub);
@@ -809,7 +788,7 @@ static void svc_addr(struct seq_file *seq, struct sockaddr_atmsvc *addr)
809 for (i = 0; fields[i]; i++) { 788 for (i = 0; fields[i]; i++) {
810 for (j = fields[i]; j; j--) 789 for (j = fields[i]; j; j--)
811 seq_printf(seq, "%02X", *prv++); 790 seq_printf(seq, "%02X", *prv++);
812 if (fields[i+1]) 791 if (fields[i + 1])
813 seq_putc(seq, '.'); 792 seq_putc(seq, '.');
814 } 793 }
815 } 794 }
@@ -828,8 +807,7 @@ static void atmarp_info(struct seq_file *seq, struct net_device *dev,
828 svc = ((clip_vcc == SEQ_NO_VCC_TOKEN) || 807 svc = ((clip_vcc == SEQ_NO_VCC_TOKEN) ||
829 (sk_atm(clip_vcc->vcc)->sk_family == AF_ATMSVC)); 808 (sk_atm(clip_vcc->vcc)->sk_family == AF_ATMSVC));
830 809
831 llc = ((clip_vcc == SEQ_NO_VCC_TOKEN) || 810 llc = ((clip_vcc == SEQ_NO_VCC_TOKEN) || clip_vcc->encap);
832 clip_vcc->encap);
833 811
834 if (clip_vcc == SEQ_NO_VCC_TOKEN) 812 if (clip_vcc == SEQ_NO_VCC_TOKEN)
835 exp = entry->neigh->used; 813 exp = entry->neigh->used;
@@ -839,10 +817,7 @@ static void atmarp_info(struct seq_file *seq, struct net_device *dev,
839 exp = (jiffies - exp) / HZ; 817 exp = (jiffies - exp) / HZ;
840 818
841 seq_printf(seq, "%-6s%-4s%-4s%5ld ", 819 seq_printf(seq, "%-6s%-4s%-4s%5ld ",
842 dev->name, 820 dev->name, svc ? "SVC" : "PVC", llc ? "LLC" : "NULL", exp);
843 svc ? "SVC" : "PVC",
844 llc ? "LLC" : "NULL",
845 exp);
846 821
847 off = scnprintf(buf, sizeof(buf) - 1, "%d.%d.%d.%d", 822 off = scnprintf(buf, sizeof(buf) - 1, "%d.%d.%d.%d",
848 NIPQUAD(entry->ip)); 823 NIPQUAD(entry->ip));
@@ -860,8 +835,7 @@ static void atmarp_info(struct seq_file *seq, struct net_device *dev,
860 } else if (!svc) { 835 } else if (!svc) {
861 seq_printf(seq, "%d.%d.%d\n", 836 seq_printf(seq, "%d.%d.%d\n",
862 clip_vcc->vcc->dev->number, 837 clip_vcc->vcc->dev->number,
863 clip_vcc->vcc->vpi, 838 clip_vcc->vcc->vpi, clip_vcc->vcc->vci);
864 clip_vcc->vcc->vci);
865 } else { 839 } else {
866 svc_addr(seq, &clip_vcc->vcc->remote); 840 svc_addr(seq, &clip_vcc->vcc->remote);
867 seq_putc(seq, '\n'); 841 seq_putc(seq, '\n');
@@ -894,7 +868,7 @@ static struct clip_vcc *clip_seq_next_vcc(struct atmarp_entry *e,
894} 868}
895 869
896static void *clip_seq_vcc_walk(struct clip_seq_state *state, 870static void *clip_seq_vcc_walk(struct clip_seq_state *state,
897 struct atmarp_entry *e, loff_t *pos) 871 struct atmarp_entry *e, loff_t * pos)
898{ 872{
899 struct clip_vcc *vcc = state->vcc; 873 struct clip_vcc *vcc = state->vcc;
900 874
@@ -911,24 +885,24 @@ static void *clip_seq_vcc_walk(struct clip_seq_state *state,
911 885
912 return vcc; 886 return vcc;
913} 887}
914 888
915static void *clip_seq_sub_iter(struct neigh_seq_state *_state, 889static void *clip_seq_sub_iter(struct neigh_seq_state *_state,
916 struct neighbour *n, loff_t *pos) 890 struct neighbour *n, loff_t * pos)
917{ 891{
918 struct clip_seq_state *state = (struct clip_seq_state *) _state; 892 struct clip_seq_state *state = (struct clip_seq_state *)_state;
919 893
920 return clip_seq_vcc_walk(state, NEIGH2ENTRY(n), pos); 894 return clip_seq_vcc_walk(state, NEIGH2ENTRY(n), pos);
921} 895}
922 896
923static void *clip_seq_start(struct seq_file *seq, loff_t *pos) 897static void *clip_seq_start(struct seq_file *seq, loff_t * pos)
924{ 898{
925 return neigh_seq_start(seq, pos, &clip_tbl, NEIGH_SEQ_NEIGH_ONLY); 899 return neigh_seq_start(seq, pos, &clip_tbl, NEIGH_SEQ_NEIGH_ONLY);
926} 900}
927 901
928static int clip_seq_show(struct seq_file *seq, void *v) 902static int clip_seq_show(struct seq_file *seq, void *v)
929{ 903{
930 static char atm_arp_banner[] = 904 static char atm_arp_banner[] =
931 "IPitf TypeEncp Idle IP address ATM address\n"; 905 "IPitf TypeEncp Idle IP address ATM address\n";
932 906
933 if (v == SEQ_START_TOKEN) { 907 if (v == SEQ_START_TOKEN) {
934 seq_puts(seq, atm_arp_banner); 908 seq_puts(seq, atm_arp_banner);
@@ -939,7 +913,7 @@ static int clip_seq_show(struct seq_file *seq, void *v)
939 913
940 atmarp_info(seq, n->dev, NEIGH2ENTRY(n), vcc); 914 atmarp_info(seq, n->dev, NEIGH2ENTRY(n), vcc);
941 } 915 }
942 return 0; 916 return 0;
943} 917}
944 918
945static struct seq_operations arp_seq_ops = { 919static struct seq_operations arp_seq_ops = {
@@ -988,20 +962,19 @@ static struct file_operations arp_seq_fops = {
988 962
989static int __init atm_clip_init(void) 963static int __init atm_clip_init(void)
990{ 964{
991 neigh_table_init(&clip_tbl); 965 struct proc_dir_entry *p;
966 neigh_table_init_no_netlink(&clip_tbl);
992 967
993 clip_tbl_hook = &clip_tbl; 968 clip_tbl_hook = &clip_tbl;
994 register_atm_ioctl(&clip_ioctl_ops); 969 register_atm_ioctl(&clip_ioctl_ops);
970 register_netdevice_notifier(&clip_dev_notifier);
971 register_inetaddr_notifier(&clip_inet_notifier);
995 972
996#ifdef CONFIG_PROC_FS 973 setup_timer(&idle_timer, idle_timer_check, 0);
997{
998 struct proc_dir_entry *p;
999 974
1000 p = create_proc_entry("arp", S_IRUGO, atm_proc_root); 975 p = create_proc_entry("arp", S_IRUGO, atm_proc_root);
1001 if (p) 976 if (p)
1002 p->proc_fops = &arp_seq_fops; 977 p->proc_fops = &arp_seq_fops;
1003}
1004#endif
1005 978
1006 return 0; 979 return 0;
1007} 980}
@@ -1012,13 +985,15 @@ static void __exit atm_clip_exit(void)
1012 985
1013 remove_proc_entry("arp", atm_proc_root); 986 remove_proc_entry("arp", atm_proc_root);
1014 987
988 unregister_inetaddr_notifier(&clip_inet_notifier);
989 unregister_netdevice_notifier(&clip_dev_notifier);
990
1015 deregister_atm_ioctl(&clip_ioctl_ops); 991 deregister_atm_ioctl(&clip_ioctl_ops);
1016 992
1017 /* First, stop the idle timer, so it stops banging 993 /* First, stop the idle timer, so it stops banging
1018 * on the table. 994 * on the table.
1019 */ 995 */
1020 if (start_timer == 0) 996 del_timer_sync(&idle_timer);
1021 del_timer(&idle_timer);
1022 997
1023 /* Next, purge the table, so that the device 998 /* Next, purge the table, so that the device
1024 * unregister loop below does not hang due to 999 * unregister loop below does not hang due to
@@ -1042,5 +1017,6 @@ static void __exit atm_clip_exit(void)
1042 1017
1043module_init(atm_clip_init); 1018module_init(atm_clip_init);
1044module_exit(atm_clip_exit); 1019module_exit(atm_clip_exit);
1045 1020MODULE_AUTHOR("Werner Almesberger");
1021MODULE_DESCRIPTION("Classical/IP over ATM interface");
1046MODULE_LICENSE("GPL"); 1022MODULE_LICENSE("GPL");
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index dbf9b47681f7..a2e0dd047e9f 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -228,6 +228,8 @@ ax25_cb *ax25_find_cb(ax25_address *src_addr, ax25_address *dest_addr,
228 return NULL; 228 return NULL;
229} 229}
230 230
231EXPORT_SYMBOL(ax25_find_cb);
232
231void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto) 233void ax25_send_to_raw(ax25_address *addr, struct sk_buff *skb, int proto)
232{ 234{
233 ax25_cb *s; 235 ax25_cb *s;
@@ -424,6 +426,26 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg)
424 return 0; 426 return 0;
425} 427}
426 428
429static void ax25_fillin_cb_from_dev(ax25_cb *ax25, ax25_dev *ax25_dev)
430{
431 ax25->rtt = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]) / 2;
432 ax25->t1 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T1]);
433 ax25->t2 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T2]);
434 ax25->t3 = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_T3]);
435 ax25->n2 = ax25_dev->values[AX25_VALUES_N2];
436 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN];
437 ax25->idle = msecs_to_jiffies(ax25_dev->values[AX25_VALUES_IDLE]);
438 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF];
439
440 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) {
441 ax25->modulus = AX25_EMODULUS;
442 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW];
443 } else {
444 ax25->modulus = AX25_MODULUS;
445 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW];
446 }
447}
448
427/* 449/*
428 * Fill in a created AX.25 created control block with the default 450 * Fill in a created AX.25 created control block with the default
429 * values for a particular device. 451 * values for a particular device.
@@ -433,39 +455,28 @@ void ax25_fillin_cb(ax25_cb *ax25, ax25_dev *ax25_dev)
433 ax25->ax25_dev = ax25_dev; 455 ax25->ax25_dev = ax25_dev;
434 456
435 if (ax25->ax25_dev != NULL) { 457 if (ax25->ax25_dev != NULL) {
436 ax25->rtt = ax25_dev->values[AX25_VALUES_T1] / 2; 458 ax25_fillin_cb_from_dev(ax25, ax25_dev);
437 ax25->t1 = ax25_dev->values[AX25_VALUES_T1]; 459 return;
438 ax25->t2 = ax25_dev->values[AX25_VALUES_T2]; 460 }
439 ax25->t3 = ax25_dev->values[AX25_VALUES_T3]; 461
440 ax25->n2 = ax25_dev->values[AX25_VALUES_N2]; 462 /*
441 ax25->paclen = ax25_dev->values[AX25_VALUES_PACLEN]; 463 * No device, use kernel / AX.25 spec default values
442 ax25->idle = ax25_dev->values[AX25_VALUES_IDLE]; 464 */
443 ax25->backoff = ax25_dev->values[AX25_VALUES_BACKOFF]; 465 ax25->rtt = msecs_to_jiffies(AX25_DEF_T1) / 2;
444 466 ax25->t1 = msecs_to_jiffies(AX25_DEF_T1);
445 if (ax25_dev->values[AX25_VALUES_AXDEFMODE]) { 467 ax25->t2 = msecs_to_jiffies(AX25_DEF_T2);
446 ax25->modulus = AX25_EMODULUS; 468 ax25->t3 = msecs_to_jiffies(AX25_DEF_T3);
447 ax25->window = ax25_dev->values[AX25_VALUES_EWINDOW]; 469 ax25->n2 = AX25_DEF_N2;
448 } else { 470 ax25->paclen = AX25_DEF_PACLEN;
449 ax25->modulus = AX25_MODULUS; 471 ax25->idle = msecs_to_jiffies(AX25_DEF_IDLE);
450 ax25->window = ax25_dev->values[AX25_VALUES_WINDOW]; 472 ax25->backoff = AX25_DEF_BACKOFF;
451 } 473
474 if (AX25_DEF_AXDEFMODE) {
475 ax25->modulus = AX25_EMODULUS;
476 ax25->window = AX25_DEF_EWINDOW;
452 } else { 477 } else {
453 ax25->rtt = AX25_DEF_T1 / 2; 478 ax25->modulus = AX25_MODULUS;
454 ax25->t1 = AX25_DEF_T1; 479 ax25->window = AX25_DEF_WINDOW;
455 ax25->t2 = AX25_DEF_T2;
456 ax25->t3 = AX25_DEF_T3;
457 ax25->n2 = AX25_DEF_N2;
458 ax25->paclen = AX25_DEF_PACLEN;
459 ax25->idle = AX25_DEF_IDLE;
460 ax25->backoff = AX25_DEF_BACKOFF;
461
462 if (AX25_DEF_AXDEFMODE) {
463 ax25->modulus = AX25_EMODULUS;
464 ax25->window = AX25_DEF_EWINDOW;
465 } else {
466 ax25->modulus = AX25_MODULUS;
467 ax25->window = AX25_DEF_WINDOW;
468 }
469 } 480 }
470} 481}
471 482
@@ -1979,24 +1990,6 @@ static struct notifier_block ax25_dev_notifier = {
1979 .notifier_call =ax25_device_event, 1990 .notifier_call =ax25_device_event,
1980}; 1991};
1981 1992
1982EXPORT_SYMBOL(ax25_hard_header);
1983EXPORT_SYMBOL(ax25_rebuild_header);
1984EXPORT_SYMBOL(ax25_findbyuid);
1985EXPORT_SYMBOL(ax25_find_cb);
1986EXPORT_SYMBOL(ax25_linkfail_register);
1987EXPORT_SYMBOL(ax25_linkfail_release);
1988EXPORT_SYMBOL(ax25_listen_register);
1989EXPORT_SYMBOL(ax25_listen_release);
1990EXPORT_SYMBOL(ax25_protocol_register);
1991EXPORT_SYMBOL(ax25_protocol_release);
1992EXPORT_SYMBOL(ax25_send_frame);
1993EXPORT_SYMBOL(ax25_uid_policy);
1994EXPORT_SYMBOL(ax25cmp);
1995EXPORT_SYMBOL(ax2asc);
1996EXPORT_SYMBOL(asc2ax);
1997EXPORT_SYMBOL(null_ax25_address);
1998EXPORT_SYMBOL(ax25_display_timer);
1999
2000static int __init ax25_init(void) 1993static int __init ax25_init(void)
2001{ 1994{
2002 int rc = proto_register(&ax25_proto, 0); 1995 int rc = proto_register(&ax25_proto, 0);
diff --git a/net/ax25/ax25_addr.c b/net/ax25/ax25_addr.c
index 0164a155b8c4..5f0896ad0042 100644
--- a/net/ax25/ax25_addr.c
+++ b/net/ax25/ax25_addr.c
@@ -11,6 +11,7 @@
11#include <linux/socket.h> 11#include <linux/socket.h>
12#include <linux/in.h> 12#include <linux/in.h>
13#include <linux/kernel.h> 13#include <linux/kernel.h>
14#include <linux/module.h>
14#include <linux/sched.h> 15#include <linux/sched.h>
15#include <linux/timer.h> 16#include <linux/timer.h>
16#include <linux/string.h> 17#include <linux/string.h>
@@ -33,6 +34,8 @@
33 */ 34 */
34ax25_address null_ax25_address = {{0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x00}}; 35ax25_address null_ax25_address = {{0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x00}};
35 36
37EXPORT_SYMBOL(null_ax25_address);
38
36/* 39/*
37 * ax25 -> ascii conversion 40 * ax25 -> ascii conversion
38 */ 41 */
@@ -64,6 +67,8 @@ char *ax2asc(char *buf, ax25_address *a)
64 67
65} 68}
66 69
70EXPORT_SYMBOL(ax2asc);
71
67/* 72/*
68 * ascii -> ax25 conversion 73 * ascii -> ax25 conversion
69 */ 74 */
@@ -97,6 +102,8 @@ void asc2ax(ax25_address *addr, char *callsign)
97 addr->ax25_call[6] &= 0x1E; 102 addr->ax25_call[6] &= 0x1E;
98} 103}
99 104
105EXPORT_SYMBOL(asc2ax);
106
100/* 107/*
101 * Compare two ax.25 addresses 108 * Compare two ax.25 addresses
102 */ 109 */
@@ -116,6 +123,8 @@ int ax25cmp(ax25_address *a, ax25_address *b)
116 return 2; /* Partial match */ 123 return 2; /* Partial match */
117} 124}
118 125
126EXPORT_SYMBOL(ax25cmp);
127
119/* 128/*
120 * Compare two AX.25 digipeater paths. 129 * Compare two AX.25 digipeater paths.
121 */ 130 */
diff --git a/net/ax25/ax25_ds_timer.c b/net/ax25/ax25_ds_timer.c
index 061083efc1dc..5961459935eb 100644
--- a/net/ax25/ax25_ds_timer.c
+++ b/net/ax25/ax25_ds_timer.c
@@ -61,7 +61,8 @@ void ax25_ds_set_timer(ax25_dev *ax25_dev)
61 return; 61 return;
62 62
63 del_timer(&ax25_dev->dama.slave_timer); 63 del_timer(&ax25_dev->dama.slave_timer);
64 ax25_dev->dama.slave_timeout = ax25_dev->values[AX25_VALUES_DS_TIMEOUT] / 10; 64 ax25_dev->dama.slave_timeout =
65 msecs_to_jiffies(ax25_dev->values[AX25_VALUES_DS_TIMEOUT]) / 10;
65 ax25_ds_add_timer(ax25_dev); 66 ax25_ds_add_timer(ax25_dev);
66} 67}
67 68
diff --git a/net/ax25/ax25_iface.c b/net/ax25/ax25_iface.c
index d68aff100729..3bb152710b77 100644
--- a/net/ax25/ax25_iface.c
+++ b/net/ax25/ax25_iface.c
@@ -12,6 +12,7 @@
12#include <linux/socket.h> 12#include <linux/socket.h>
13#include <linux/in.h> 13#include <linux/in.h>
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/module.h>
15#include <linux/sched.h> 16#include <linux/sched.h>
16#include <linux/spinlock.h> 17#include <linux/spinlock.h>
17#include <linux/timer.h> 18#include <linux/timer.h>
@@ -74,6 +75,8 @@ int ax25_protocol_register(unsigned int pid,
74 return 1; 75 return 1;
75} 76}
76 77
78EXPORT_SYMBOL(ax25_protocol_register);
79
77void ax25_protocol_release(unsigned int pid) 80void ax25_protocol_release(unsigned int pid)
78{ 81{
79 struct protocol_struct *s, *protocol; 82 struct protocol_struct *s, *protocol;
@@ -106,6 +109,8 @@ void ax25_protocol_release(unsigned int pid)
106 write_unlock(&protocol_list_lock); 109 write_unlock(&protocol_list_lock);
107} 110}
108 111
112EXPORT_SYMBOL(ax25_protocol_release);
113
109int ax25_linkfail_register(void (*func)(ax25_cb *, int)) 114int ax25_linkfail_register(void (*func)(ax25_cb *, int))
110{ 115{
111 struct linkfail_struct *linkfail; 116 struct linkfail_struct *linkfail;
@@ -123,6 +128,8 @@ int ax25_linkfail_register(void (*func)(ax25_cb *, int))
123 return 1; 128 return 1;
124} 129}
125 130
131EXPORT_SYMBOL(ax25_linkfail_register);
132
126void ax25_linkfail_release(void (*func)(ax25_cb *, int)) 133void ax25_linkfail_release(void (*func)(ax25_cb *, int))
127{ 134{
128 struct linkfail_struct *s, *linkfail; 135 struct linkfail_struct *s, *linkfail;
@@ -155,6 +162,8 @@ void ax25_linkfail_release(void (*func)(ax25_cb *, int))
155 spin_unlock_bh(&linkfail_lock); 162 spin_unlock_bh(&linkfail_lock);
156} 163}
157 164
165EXPORT_SYMBOL(ax25_linkfail_release);
166
158int ax25_listen_register(ax25_address *callsign, struct net_device *dev) 167int ax25_listen_register(ax25_address *callsign, struct net_device *dev)
159{ 168{
160 struct listen_struct *listen; 169 struct listen_struct *listen;
@@ -176,6 +185,8 @@ int ax25_listen_register(ax25_address *callsign, struct net_device *dev)
176 return 1; 185 return 1;
177} 186}
178 187
188EXPORT_SYMBOL(ax25_listen_register);
189
179void ax25_listen_release(ax25_address *callsign, struct net_device *dev) 190void ax25_listen_release(ax25_address *callsign, struct net_device *dev)
180{ 191{
181 struct listen_struct *s, *listen; 192 struct listen_struct *s, *listen;
@@ -208,6 +219,8 @@ void ax25_listen_release(ax25_address *callsign, struct net_device *dev)
208 spin_unlock_bh(&listen_lock); 219 spin_unlock_bh(&listen_lock);
209} 220}
210 221
222EXPORT_SYMBOL(ax25_listen_release);
223
211int (*ax25_protocol_function(unsigned int pid))(struct sk_buff *, ax25_cb *) 224int (*ax25_protocol_function(unsigned int pid))(struct sk_buff *, ax25_cb *)
212{ 225{
213 int (*res)(struct sk_buff *, ax25_cb *) = NULL; 226 int (*res)(struct sk_buff *, ax25_cb *) = NULL;
diff --git a/net/ax25/ax25_ip.c b/net/ax25/ax25_ip.c
index d643dac3eccc..a0b534f80f17 100644
--- a/net/ax25/ax25_ip.c
+++ b/net/ax25/ax25_ip.c
@@ -12,6 +12,7 @@
12#include <linux/socket.h> 12#include <linux/socket.h>
13#include <linux/in.h> 13#include <linux/in.h>
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/module.h>
15#include <linux/sched.h> 16#include <linux/sched.h>
16#include <linux/timer.h> 17#include <linux/timer.h>
17#include <linux/string.h> 18#include <linux/string.h>
@@ -221,3 +222,5 @@ int ax25_rebuild_header(struct sk_buff *skb)
221 222
222#endif 223#endif
223 224
225EXPORT_SYMBOL(ax25_hard_header);
226EXPORT_SYMBOL(ax25_rebuild_header);
diff --git a/net/ax25/ax25_out.c b/net/ax25/ax25_out.c
index 5fc048dcd39a..5d99852b239c 100644
--- a/net/ax25/ax25_out.c
+++ b/net/ax25/ax25_out.c
@@ -14,6 +14,7 @@
14#include <linux/socket.h> 14#include <linux/socket.h>
15#include <linux/in.h> 15#include <linux/in.h>
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/module.h>
17#include <linux/sched.h> 18#include <linux/sched.h>
18#include <linux/timer.h> 19#include <linux/timer.h>
19#include <linux/string.h> 20#include <linux/string.h>
@@ -104,6 +105,8 @@ ax25_cb *ax25_send_frame(struct sk_buff *skb, int paclen, ax25_address *src, ax2
104 return ax25; /* We had to create it */ 105 return ax25; /* We had to create it */
105} 106}
106 107
108EXPORT_SYMBOL(ax25_send_frame);
109
107/* 110/*
108 * All outgoing AX.25 I frames pass via this routine. Therefore this is 111 * All outgoing AX.25 I frames pass via this routine. Therefore this is
109 * where the fragmentation of frames takes place. If fragment is set to 112 * where the fragmentation of frames takes place. If fragment is set to
diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c
index f04f8630fd28..5ac98250797b 100644
--- a/net/ax25/ax25_route.c
+++ b/net/ax25/ax25_route.c
@@ -360,7 +360,7 @@ struct file_operations ax25_route_fops = {
360/* 360/*
361 * Find AX.25 route 361 * Find AX.25 route
362 * 362 *
363 * Only routes with a refernce rout of zero can be destroyed. 363 * Only routes with a reference count of zero can be destroyed.
364 */ 364 */
365static ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev) 365static ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev)
366{ 366{
diff --git a/net/ax25/ax25_timer.c b/net/ax25/ax25_timer.c
index 7a6b50a14554..ec254057f212 100644
--- a/net/ax25/ax25_timer.c
+++ b/net/ax25/ax25_timer.c
@@ -18,6 +18,7 @@
18#include <linux/socket.h> 18#include <linux/socket.h>
19#include <linux/in.h> 19#include <linux/in.h>
20#include <linux/kernel.h> 20#include <linux/kernel.h>
21#include <linux/module.h>
21#include <linux/jiffies.h> 22#include <linux/jiffies.h>
22#include <linux/timer.h> 23#include <linux/timer.h>
23#include <linux/string.h> 24#include <linux/string.h>
@@ -137,6 +138,8 @@ unsigned long ax25_display_timer(struct timer_list *timer)
137 return timer->expires - jiffies; 138 return timer->expires - jiffies;
138} 139}
139 140
141EXPORT_SYMBOL(ax25_display_timer);
142
140static void ax25_heartbeat_expiry(unsigned long param) 143static void ax25_heartbeat_expiry(unsigned long param)
141{ 144{
142 int proto = AX25_PROTO_STD_SIMPLEX; 145 int proto = AX25_PROTO_STD_SIMPLEX;
diff --git a/net/ax25/ax25_uid.c b/net/ax25/ax25_uid.c
index b8b5854bce9a..5e9a81e8b214 100644
--- a/net/ax25/ax25_uid.c
+++ b/net/ax25/ax25_uid.c
@@ -49,6 +49,8 @@ static DEFINE_RWLOCK(ax25_uid_lock);
49 49
50int ax25_uid_policy = 0; 50int ax25_uid_policy = 0;
51 51
52EXPORT_SYMBOL(ax25_uid_policy);
53
52ax25_uid_assoc *ax25_findbyuid(uid_t uid) 54ax25_uid_assoc *ax25_findbyuid(uid_t uid)
53{ 55{
54 ax25_uid_assoc *ax25_uid, *res = NULL; 56 ax25_uid_assoc *ax25_uid, *res = NULL;
@@ -67,6 +69,8 @@ ax25_uid_assoc *ax25_findbyuid(uid_t uid)
67 return res; 69 return res;
68} 70}
69 71
72EXPORT_SYMBOL(ax25_findbyuid);
73
70int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax) 74int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax)
71{ 75{
72 ax25_uid_assoc *ax25_uid; 76 ax25_uid_assoc *ax25_uid;
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index 894a22558d9d..bdb64c36df12 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -18,14 +18,14 @@ static int min_backoff[1], max_backoff[] = {2};
18static int min_conmode[1], max_conmode[] = {2}; 18static int min_conmode[1], max_conmode[] = {2};
19static int min_window[] = {1}, max_window[] = {7}; 19static int min_window[] = {1}, max_window[] = {7};
20static int min_ewindow[] = {1}, max_ewindow[] = {63}; 20static int min_ewindow[] = {1}, max_ewindow[] = {63};
21static int min_t1[] = {1}, max_t1[] = {30 * HZ}; 21static int min_t1[] = {1}, max_t1[] = {30000};
22static int min_t2[] = {1}, max_t2[] = {20 * HZ}; 22static int min_t2[] = {1}, max_t2[] = {20000};
23static int min_t3[1], max_t3[] = {3600 * HZ}; 23static int min_t3[1], max_t3[] = {3600000};
24static int min_idle[1], max_idle[] = {65535 * HZ}; 24static int min_idle[1], max_idle[] = {65535000};
25static int min_n2[] = {1}, max_n2[] = {31}; 25static int min_n2[] = {1}, max_n2[] = {31};
26static int min_paclen[] = {1}, max_paclen[] = {512}; 26static int min_paclen[] = {1}, max_paclen[] = {512};
27static int min_proto[1], max_proto[] = { AX25_PROTO_MAX }; 27static int min_proto[1], max_proto[] = { AX25_PROTO_MAX };
28static int min_ds_timeout[1], max_ds_timeout[] = {65535 * HZ}; 28static int min_ds_timeout[1], max_ds_timeout[] = {65535000};
29 29
30static struct ctl_table_header *ax25_table_header; 30static struct ctl_table_header *ax25_table_header;
31 31
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 22d806cf40ca..12da21afb9ca 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -55,7 +55,7 @@ static int __init br_init(void)
55 55
56static void __exit br_deinit(void) 56static void __exit br_deinit(void)
57{ 57{
58 llc_sap_close(br_stp_sap); 58 rcu_assign_pointer(br_stp_sap->rcv_func, NULL);
59 59
60#ifdef CONFIG_BRIDGE_NETFILTER 60#ifdef CONFIG_BRIDGE_NETFILTER
61 br_netfilter_fini(); 61 br_netfilter_fini();
@@ -67,6 +67,7 @@ static void __exit br_deinit(void)
67 67
68 synchronize_net(); 68 synchronize_net();
69 69
70 llc_sap_put(br_stp_sap);
70 br_fdb_get_hook = NULL; 71 br_fdb_get_hook = NULL;
71 br_fdb_put_hook = NULL; 72 br_fdb_put_hook = NULL;
72 73
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 2d24fb400e0c..56f3aa47e758 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -16,6 +16,7 @@
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/netdevice.h> 17#include <linux/netdevice.h>
18#include <linux/skbuff.h> 18#include <linux/skbuff.h>
19#include <linux/if_vlan.h>
19#include <linux/netfilter_bridge.h> 20#include <linux/netfilter_bridge.h>
20#include "br_private.h" 21#include "br_private.h"
21 22
@@ -29,10 +30,15 @@ static inline int should_deliver(const struct net_bridge_port *p,
29 return 1; 30 return 1;
30} 31}
31 32
33static inline unsigned packet_length(const struct sk_buff *skb)
34{
35 return skb->len - (skb->protocol == htons(ETH_P_8021Q) ? VLAN_HLEN : 0);
36}
37
32int br_dev_queue_push_xmit(struct sk_buff *skb) 38int br_dev_queue_push_xmit(struct sk_buff *skb)
33{ 39{
34 /* drop mtu oversized packets except tso */ 40 /* drop mtu oversized packets except tso */
35 if (skb->len > skb->dev->mtu && !skb_shinfo(skb)->tso_size) 41 if (packet_length(skb) > skb->dev->mtu && !skb_shinfo(skb)->tso_size)
36 kfree_skb(skb); 42 kfree_skb(skb);
37 else { 43 else {
38#ifdef CONFIG_BRIDGE_NETFILTER 44#ifdef CONFIG_BRIDGE_NETFILTER
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 59eef42d4a42..f5d47bf4f967 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -300,34 +300,22 @@ int br_add_bridge(const char *name)
300 rtnl_lock(); 300 rtnl_lock();
301 if (strchr(dev->name, '%')) { 301 if (strchr(dev->name, '%')) {
302 ret = dev_alloc_name(dev, dev->name); 302 ret = dev_alloc_name(dev, dev->name);
303 if (ret < 0) 303 if (ret < 0) {
304 goto err1; 304 free_netdev(dev);
305 goto out;
306 }
305 } 307 }
306 308
307 ret = register_netdevice(dev); 309 ret = register_netdevice(dev);
308 if (ret) 310 if (ret)
309 goto err2; 311 goto out;
310
311 /* network device kobject is not setup until
312 * after rtnl_unlock does it's hotplug magic.
313 * so hold reference to avoid race.
314 */
315 dev_hold(dev);
316 rtnl_unlock();
317 312
318 ret = br_sysfs_addbr(dev); 313 ret = br_sysfs_addbr(dev);
319 dev_put(dev); 314 if (ret)
320 315 unregister_netdevice(dev);
321 if (ret)
322 unregister_netdev(dev);
323 out: 316 out:
324 return ret;
325
326 err2:
327 free_netdev(dev);
328 err1:
329 rtnl_unlock(); 317 rtnl_unlock();
330 goto out; 318 return ret;
331} 319}
332 320
333int br_del_bridge(const char *name) 321int br_del_bridge(const char *name)
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index b0b7f55c1edd..bfa4d8c333f7 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -66,6 +66,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
66 } 66 }
67 67
68 if (is_multicast_ether_addr(dest)) { 68 if (is_multicast_ether_addr(dest)) {
69 br->statistics.multicast++;
69 br_flood_forward(br, skb, !passedup); 70 br_flood_forward(br, skb, !passedup);
70 if (!passedup) 71 if (!passedup)
71 br_pass_frame_up(br, skb); 72 br_pass_frame_up(br, skb);
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index d159c92cca84..466ed3440b74 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -168,7 +168,7 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
168 168
169 if (info->bitmask & EBT_LOG_NFLOG) 169 if (info->bitmask & EBT_LOG_NFLOG)
170 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, 170 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li,
171 info->prefix); 171 "%s", info->prefix);
172 else 172 else
173 ebt_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, 173 ebt_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li,
174 info->prefix); 174 info->prefix);
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 84b9af76f0a2..3a13ed643459 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -831,7 +831,7 @@ static int translate_table(struct ebt_replace *repl,
831 return -ENOMEM; 831 return -ENOMEM;
832 for_each_possible_cpu(i) { 832 for_each_possible_cpu(i) {
833 newinfo->chainstack[i] = 833 newinfo->chainstack[i] =
834 vmalloc(udc_cnt * sizeof(struct ebt_chainstack)); 834 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
835 if (!newinfo->chainstack[i]) { 835 if (!newinfo->chainstack[i]) {
836 while (i) 836 while (i)
837 vfree(newinfo->chainstack[--i]); 837 vfree(newinfo->chainstack[--i]);
@@ -841,8 +841,7 @@ static int translate_table(struct ebt_replace *repl,
841 } 841 }
842 } 842 }
843 843
844 cl_s = (struct ebt_cl_stack *) 844 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
845 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
846 if (!cl_s) 845 if (!cl_s)
847 return -ENOMEM; 846 return -ENOMEM;
848 i = 0; /* the i'th udc */ 847 i = 0; /* the i'th udc */
@@ -944,8 +943,7 @@ static int do_replace(void __user *user, unsigned int len)
944 943
945 countersize = COUNTER_OFFSET(tmp.nentries) * 944 countersize = COUNTER_OFFSET(tmp.nentries) *
946 (highest_possible_processor_id()+1); 945 (highest_possible_processor_id()+1);
947 newinfo = (struct ebt_table_info *) 946 newinfo = vmalloc(sizeof(*newinfo) + countersize);
948 vmalloc(sizeof(struct ebt_table_info) + countersize);
949 if (!newinfo) 947 if (!newinfo)
950 return -ENOMEM; 948 return -ENOMEM;
951 949
@@ -967,8 +965,7 @@ static int do_replace(void __user *user, unsigned int len)
967 /* the user wants counters back 965 /* the user wants counters back
968 the check on the size is done later, when we have the lock */ 966 the check on the size is done later, when we have the lock */
969 if (tmp.num_counters) { 967 if (tmp.num_counters) {
970 counterstmp = (struct ebt_counter *) 968 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
971 vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
972 if (!counterstmp) { 969 if (!counterstmp) {
973 ret = -ENOMEM; 970 ret = -ENOMEM;
974 goto free_entries; 971 goto free_entries;
@@ -1148,8 +1145,7 @@ int ebt_register_table(struct ebt_table *table)
1148 1145
1149 countersize = COUNTER_OFFSET(table->table->nentries) * 1146 countersize = COUNTER_OFFSET(table->table->nentries) *
1150 (highest_possible_processor_id()+1); 1147 (highest_possible_processor_id()+1);
1151 newinfo = (struct ebt_table_info *) 1148 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1152 vmalloc(sizeof(struct ebt_table_info) + countersize);
1153 ret = -ENOMEM; 1149 ret = -ENOMEM;
1154 if (!newinfo) 1150 if (!newinfo)
1155 return -ENOMEM; 1151 return -ENOMEM;
@@ -1247,8 +1243,7 @@ static int update_counters(void __user *user, unsigned int len)
1247 if (hlp.num_counters == 0) 1243 if (hlp.num_counters == 0)
1248 return -EINVAL; 1244 return -EINVAL;
1249 1245
1250 if ( !(tmp = (struct ebt_counter *) 1246 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1251 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1252 MEMPRINT("Update_counters && nomemory\n"); 1247 MEMPRINT("Update_counters && nomemory\n");
1253 return -ENOMEM; 1248 return -ENOMEM;
1254 } 1249 }
@@ -1377,8 +1372,7 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1377 BUGPRINT("Num_counters wrong\n"); 1372 BUGPRINT("Num_counters wrong\n");
1378 return -EINVAL; 1373 return -EINVAL;
1379 } 1374 }
1380 counterstmp = (struct ebt_counter *) 1375 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1381 vmalloc(nentries * sizeof(struct ebt_counter));
1382 if (!counterstmp) { 1376 if (!counterstmp) {
1383 MEMPRINT("Couldn't copy counters, out of memory\n"); 1377 MEMPRINT("Couldn't copy counters, out of memory\n");
1384 return -ENOMEM; 1378 return -ENOMEM;
diff --git a/net/core/dev.c b/net/core/dev.c
index 83231a27ae02..4fba549caf29 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -127,7 +127,7 @@
127 * sure which should go first, but I bet it won't make much 127 * sure which should go first, but I bet it won't make much
128 * difference if we are running VLANs. The good news is that 128 * difference if we are running VLANs. The good news is that
129 * this protocol won't be in the list unless compiled in, so 129 * this protocol won't be in the list unless compiled in, so
130 * the average user (w/out VLANs) will not be adversly affected. 130 * the average user (w/out VLANs) will not be adversely affected.
131 * --BLG 131 * --BLG
132 * 132 *
133 * 0800 IP 133 * 0800 IP
@@ -149,7 +149,7 @@ static struct list_head ptype_base[16]; /* 16 way hashed list */
149static struct list_head ptype_all; /* Taps */ 149static struct list_head ptype_all; /* Taps */
150 150
151/* 151/*
152 * The @dev_base list is protected by @dev_base_lock and the rtln 152 * The @dev_base list is protected by @dev_base_lock and the rtnl
153 * semaphore. 153 * semaphore.
154 * 154 *
155 * Pure readers hold dev_base_lock for reading. 155 * Pure readers hold dev_base_lock for reading.
@@ -193,7 +193,7 @@ static inline struct hlist_head *dev_index_hash(int ifindex)
193 * Our notifier list 193 * Our notifier list
194 */ 194 */
195 195
196static BLOCKING_NOTIFIER_HEAD(netdev_chain); 196static RAW_NOTIFIER_HEAD(netdev_chain);
197 197
198/* 198/*
199 * Device drivers call our routines to queue packets here. We empty the 199 * Device drivers call our routines to queue packets here. We empty the
@@ -641,10 +641,12 @@ int dev_valid_name(const char *name)
641 * @name: name format string 641 * @name: name format string
642 * 642 *
643 * Passed a format string - eg "lt%d" it will try and find a suitable 643 * Passed a format string - eg "lt%d" it will try and find a suitable
644 * id. Not efficient for many devices, not called a lot. The caller 644 * id. It scans list of devices to build up a free map, then chooses
645 * must hold the dev_base or rtnl lock while allocating the name and 645 * the first empty slot. The caller must hold the dev_base or rtnl lock
646 * adding the device in order to avoid duplicates. Returns the number 646 * while allocating the name and adding the device in order to avoid
647 * of the unit assigned or a negative errno code. 647 * duplicates.
648 * Limited to bits_per_byte * page size devices (ie 32K on most platforms).
649 * Returns the number of the unit assigned or a negative errno code.
648 */ 650 */
649 651
650int dev_alloc_name(struct net_device *dev, const char *name) 652int dev_alloc_name(struct net_device *dev, const char *name)
@@ -736,7 +738,7 @@ int dev_change_name(struct net_device *dev, char *newname)
736 if (!err) { 738 if (!err) {
737 hlist_del(&dev->name_hlist); 739 hlist_del(&dev->name_hlist);
738 hlist_add_head(&dev->name_hlist, dev_name_hash(dev->name)); 740 hlist_add_head(&dev->name_hlist, dev_name_hash(dev->name));
739 blocking_notifier_call_chain(&netdev_chain, 741 raw_notifier_call_chain(&netdev_chain,
740 NETDEV_CHANGENAME, dev); 742 NETDEV_CHANGENAME, dev);
741 } 743 }
742 744
@@ -744,14 +746,14 @@ int dev_change_name(struct net_device *dev, char *newname)
744} 746}
745 747
746/** 748/**
747 * netdev_features_change - device changes fatures 749 * netdev_features_change - device changes features
748 * @dev: device to cause notification 750 * @dev: device to cause notification
749 * 751 *
750 * Called to indicate a device has changed features. 752 * Called to indicate a device has changed features.
751 */ 753 */
752void netdev_features_change(struct net_device *dev) 754void netdev_features_change(struct net_device *dev)
753{ 755{
754 blocking_notifier_call_chain(&netdev_chain, NETDEV_FEAT_CHANGE, dev); 756 raw_notifier_call_chain(&netdev_chain, NETDEV_FEAT_CHANGE, dev);
755} 757}
756EXPORT_SYMBOL(netdev_features_change); 758EXPORT_SYMBOL(netdev_features_change);
757 759
@@ -766,7 +768,7 @@ EXPORT_SYMBOL(netdev_features_change);
766void netdev_state_change(struct net_device *dev) 768void netdev_state_change(struct net_device *dev)
767{ 769{
768 if (dev->flags & IFF_UP) { 770 if (dev->flags & IFF_UP) {
769 blocking_notifier_call_chain(&netdev_chain, 771 raw_notifier_call_chain(&netdev_chain,
770 NETDEV_CHANGE, dev); 772 NETDEV_CHANGE, dev);
771 rtmsg_ifinfo(RTM_NEWLINK, dev, 0); 773 rtmsg_ifinfo(RTM_NEWLINK, dev, 0);
772 } 774 }
@@ -864,7 +866,7 @@ int dev_open(struct net_device *dev)
864 /* 866 /*
865 * ... and announce new interface. 867 * ... and announce new interface.
866 */ 868 */
867 blocking_notifier_call_chain(&netdev_chain, NETDEV_UP, dev); 869 raw_notifier_call_chain(&netdev_chain, NETDEV_UP, dev);
868 } 870 }
869 return ret; 871 return ret;
870} 872}
@@ -887,7 +889,7 @@ int dev_close(struct net_device *dev)
887 * Tell people we are going down, so that they can 889 * Tell people we are going down, so that they can
888 * prepare to death, when device is still operating. 890 * prepare to death, when device is still operating.
889 */ 891 */
890 blocking_notifier_call_chain(&netdev_chain, NETDEV_GOING_DOWN, dev); 892 raw_notifier_call_chain(&netdev_chain, NETDEV_GOING_DOWN, dev);
891 893
892 dev_deactivate(dev); 894 dev_deactivate(dev);
893 895
@@ -924,7 +926,7 @@ int dev_close(struct net_device *dev)
924 /* 926 /*
925 * Tell people we are down 927 * Tell people we are down
926 */ 928 */
927 blocking_notifier_call_chain(&netdev_chain, NETDEV_DOWN, dev); 929 raw_notifier_call_chain(&netdev_chain, NETDEV_DOWN, dev);
928 930
929 return 0; 931 return 0;
930} 932}
@@ -955,7 +957,7 @@ int register_netdevice_notifier(struct notifier_block *nb)
955 int err; 957 int err;
956 958
957 rtnl_lock(); 959 rtnl_lock();
958 err = blocking_notifier_chain_register(&netdev_chain, nb); 960 err = raw_notifier_chain_register(&netdev_chain, nb);
959 if (!err) { 961 if (!err) {
960 for (dev = dev_base; dev; dev = dev->next) { 962 for (dev = dev_base; dev; dev = dev->next) {
961 nb->notifier_call(nb, NETDEV_REGISTER, dev); 963 nb->notifier_call(nb, NETDEV_REGISTER, dev);
@@ -983,7 +985,7 @@ int unregister_netdevice_notifier(struct notifier_block *nb)
983 int err; 985 int err;
984 986
985 rtnl_lock(); 987 rtnl_lock();
986 err = blocking_notifier_chain_unregister(&netdev_chain, nb); 988 err = raw_notifier_chain_unregister(&netdev_chain, nb);
987 rtnl_unlock(); 989 rtnl_unlock();
988 return err; 990 return err;
989} 991}
@@ -994,12 +996,12 @@ int unregister_netdevice_notifier(struct notifier_block *nb)
994 * @v: pointer passed unmodified to notifier function 996 * @v: pointer passed unmodified to notifier function
995 * 997 *
996 * Call all network notifier blocks. Parameters and return value 998 * Call all network notifier blocks. Parameters and return value
997 * are as for blocking_notifier_call_chain(). 999 * are as for raw_notifier_call_chain().
998 */ 1000 */
999 1001
1000int call_netdevice_notifiers(unsigned long val, void *v) 1002int call_netdevice_notifiers(unsigned long val, void *v)
1001{ 1003{
1002 return blocking_notifier_call_chain(&netdev_chain, val, v); 1004 return raw_notifier_call_chain(&netdev_chain, val, v);
1003} 1005}
1004 1006
1005/* When > 0 there are consumers of rx skb time stamps */ 1007/* When > 0 there are consumers of rx skb time stamps */
@@ -2196,7 +2198,7 @@ int netdev_set_master(struct net_device *slave, struct net_device *master)
2196 * @dev: device 2198 * @dev: device
2197 * @inc: modifier 2199 * @inc: modifier
2198 * 2200 *
2199 * Add or remove promsicuity from a device. While the count in the device 2201 * Add or remove promiscuity from a device. While the count in the device
2200 * remains above zero the interface remains promiscuous. Once it hits zero 2202 * remains above zero the interface remains promiscuous. Once it hits zero
2201 * the device reverts back to normal filtering operation. A negative inc 2203 * the device reverts back to normal filtering operation. A negative inc
2202 * value is used to drop promiscuity on the device. 2204 * value is used to drop promiscuity on the device.
@@ -2308,7 +2310,7 @@ int dev_change_flags(struct net_device *dev, unsigned flags)
2308 if (dev->flags & IFF_UP && 2310 if (dev->flags & IFF_UP &&
2309 ((old_flags ^ dev->flags) &~ (IFF_UP | IFF_PROMISC | IFF_ALLMULTI | 2311 ((old_flags ^ dev->flags) &~ (IFF_UP | IFF_PROMISC | IFF_ALLMULTI |
2310 IFF_VOLATILE))) 2312 IFF_VOLATILE)))
2311 blocking_notifier_call_chain(&netdev_chain, 2313 raw_notifier_call_chain(&netdev_chain,
2312 NETDEV_CHANGE, dev); 2314 NETDEV_CHANGE, dev);
2313 2315
2314 if ((flags ^ dev->gflags) & IFF_PROMISC) { 2316 if ((flags ^ dev->gflags) & IFF_PROMISC) {
@@ -2353,7 +2355,7 @@ int dev_set_mtu(struct net_device *dev, int new_mtu)
2353 else 2355 else
2354 dev->mtu = new_mtu; 2356 dev->mtu = new_mtu;
2355 if (!err && dev->flags & IFF_UP) 2357 if (!err && dev->flags & IFF_UP)
2356 blocking_notifier_call_chain(&netdev_chain, 2358 raw_notifier_call_chain(&netdev_chain,
2357 NETDEV_CHANGEMTU, dev); 2359 NETDEV_CHANGEMTU, dev);
2358 return err; 2360 return err;
2359} 2361}
@@ -2370,7 +2372,7 @@ int dev_set_mac_address(struct net_device *dev, struct sockaddr *sa)
2370 return -ENODEV; 2372 return -ENODEV;
2371 err = dev->set_mac_address(dev, sa); 2373 err = dev->set_mac_address(dev, sa);
2372 if (!err) 2374 if (!err)
2373 blocking_notifier_call_chain(&netdev_chain, 2375 raw_notifier_call_chain(&netdev_chain,
2374 NETDEV_CHANGEADDR, dev); 2376 NETDEV_CHANGEADDR, dev);
2375 return err; 2377 return err;
2376} 2378}
@@ -2427,7 +2429,7 @@ static int dev_ifsioc(struct ifreq *ifr, unsigned int cmd)
2427 return -EINVAL; 2429 return -EINVAL;
2428 memcpy(dev->broadcast, ifr->ifr_hwaddr.sa_data, 2430 memcpy(dev->broadcast, ifr->ifr_hwaddr.sa_data,
2429 min(sizeof ifr->ifr_hwaddr.sa_data, (size_t) dev->addr_len)); 2431 min(sizeof ifr->ifr_hwaddr.sa_data, (size_t) dev->addr_len));
2430 blocking_notifier_call_chain(&netdev_chain, 2432 raw_notifier_call_chain(&netdev_chain,
2431 NETDEV_CHANGEADDR, dev); 2433 NETDEV_CHANGEADDR, dev);
2432 return 0; 2434 return 0;
2433 2435
@@ -2698,7 +2700,8 @@ int dev_ioctl(unsigned int cmd, void __user *arg)
2698 /* If command is `set a parameter', or 2700 /* If command is `set a parameter', or
2699 * `get the encoding parameters', check if 2701 * `get the encoding parameters', check if
2700 * the user has the right to do it */ 2702 * the user has the right to do it */
2701 if (IW_IS_SET(cmd) || cmd == SIOCGIWENCODE) { 2703 if (IW_IS_SET(cmd) || cmd == SIOCGIWENCODE
2704 || cmd == SIOCGIWENCODEEXT) {
2702 if (!capable(CAP_NET_ADMIN)) 2705 if (!capable(CAP_NET_ADMIN))
2703 return -EPERM; 2706 return -EPERM;
2704 } 2707 }
@@ -2776,6 +2779,8 @@ int register_netdevice(struct net_device *dev)
2776 BUG_ON(dev_boot_phase); 2779 BUG_ON(dev_boot_phase);
2777 ASSERT_RTNL(); 2780 ASSERT_RTNL();
2778 2781
2782 might_sleep();
2783
2779 /* When net_device's are persistent, this will be fatal. */ 2784 /* When net_device's are persistent, this will be fatal. */
2780 BUG_ON(dev->reg_state != NETREG_UNINITIALIZED); 2785 BUG_ON(dev->reg_state != NETREG_UNINITIALIZED);
2781 2786
@@ -2862,6 +2867,11 @@ int register_netdevice(struct net_device *dev)
2862 if (!dev->rebuild_header) 2867 if (!dev->rebuild_header)
2863 dev->rebuild_header = default_rebuild_header; 2868 dev->rebuild_header = default_rebuild_header;
2864 2869
2870 ret = netdev_register_sysfs(dev);
2871 if (ret)
2872 goto out_err;
2873 dev->reg_state = NETREG_REGISTERED;
2874
2865 /* 2875 /*
2866 * Default initial state at registry is that the 2876 * Default initial state at registry is that the
2867 * device is present. 2877 * device is present.
@@ -2877,14 +2887,11 @@ int register_netdevice(struct net_device *dev)
2877 hlist_add_head(&dev->name_hlist, head); 2887 hlist_add_head(&dev->name_hlist, head);
2878 hlist_add_head(&dev->index_hlist, dev_index_hash(dev->ifindex)); 2888 hlist_add_head(&dev->index_hlist, dev_index_hash(dev->ifindex));
2879 dev_hold(dev); 2889 dev_hold(dev);
2880 dev->reg_state = NETREG_REGISTERING;
2881 write_unlock_bh(&dev_base_lock); 2890 write_unlock_bh(&dev_base_lock);
2882 2891
2883 /* Notify protocols, that a new device appeared. */ 2892 /* Notify protocols, that a new device appeared. */
2884 blocking_notifier_call_chain(&netdev_chain, NETDEV_REGISTER, dev); 2893 raw_notifier_call_chain(&netdev_chain, NETDEV_REGISTER, dev);
2885 2894
2886 /* Finish registration after unlock */
2887 net_set_todo(dev);
2888 ret = 0; 2895 ret = 0;
2889 2896
2890out: 2897out:
@@ -2960,7 +2967,7 @@ static void netdev_wait_allrefs(struct net_device *dev)
2960 rtnl_lock(); 2967 rtnl_lock();
2961 2968
2962 /* Rebroadcast unregister notification */ 2969 /* Rebroadcast unregister notification */
2963 blocking_notifier_call_chain(&netdev_chain, 2970 raw_notifier_call_chain(&netdev_chain,
2964 NETDEV_UNREGISTER, dev); 2971 NETDEV_UNREGISTER, dev);
2965 2972
2966 if (test_bit(__LINK_STATE_LINKWATCH_PENDING, 2973 if (test_bit(__LINK_STATE_LINKWATCH_PENDING,
@@ -3007,7 +3014,7 @@ static void netdev_wait_allrefs(struct net_device *dev)
3007 * 3014 *
3008 * We are invoked by rtnl_unlock() after it drops the semaphore. 3015 * We are invoked by rtnl_unlock() after it drops the semaphore.
3009 * This allows us to deal with problems: 3016 * This allows us to deal with problems:
3010 * 1) We can create/delete sysfs objects which invoke hotplug 3017 * 1) We can delete sysfs objects which invoke hotplug
3011 * without deadlocking with linkwatch via keventd. 3018 * without deadlocking with linkwatch via keventd.
3012 * 2) Since we run with the RTNL semaphore not held, we can sleep 3019 * 2) Since we run with the RTNL semaphore not held, we can sleep
3013 * safely in order to wait for the netdev refcnt to drop to zero. 3020 * safely in order to wait for the netdev refcnt to drop to zero.
@@ -3016,8 +3023,6 @@ static DEFINE_MUTEX(net_todo_run_mutex);
3016void netdev_run_todo(void) 3023void netdev_run_todo(void)
3017{ 3024{
3018 struct list_head list = LIST_HEAD_INIT(list); 3025 struct list_head list = LIST_HEAD_INIT(list);
3019 int err;
3020
3021 3026
3022 /* Need to guard against multiple cpu's getting out of order. */ 3027 /* Need to guard against multiple cpu's getting out of order. */
3023 mutex_lock(&net_todo_run_mutex); 3028 mutex_lock(&net_todo_run_mutex);
@@ -3040,40 +3045,29 @@ void netdev_run_todo(void)
3040 = list_entry(list.next, struct net_device, todo_list); 3045 = list_entry(list.next, struct net_device, todo_list);
3041 list_del(&dev->todo_list); 3046 list_del(&dev->todo_list);
3042 3047
3043 switch(dev->reg_state) { 3048 if (unlikely(dev->reg_state != NETREG_UNREGISTERING)) {
3044 case NETREG_REGISTERING: 3049 printk(KERN_ERR "network todo '%s' but state %d\n",
3045 dev->reg_state = NETREG_REGISTERED; 3050 dev->name, dev->reg_state);
3046 err = netdev_register_sysfs(dev); 3051 dump_stack();
3047 if (err) 3052 continue;
3048 printk(KERN_ERR "%s: failed sysfs registration (%d)\n", 3053 }
3049 dev->name, err);
3050 break;
3051
3052 case NETREG_UNREGISTERING:
3053 netdev_unregister_sysfs(dev);
3054 dev->reg_state = NETREG_UNREGISTERED;
3055
3056 netdev_wait_allrefs(dev);
3057 3054
3058 /* paranoia */ 3055 netdev_unregister_sysfs(dev);
3059 BUG_ON(atomic_read(&dev->refcnt)); 3056 dev->reg_state = NETREG_UNREGISTERED;
3060 BUG_TRAP(!dev->ip_ptr);
3061 BUG_TRAP(!dev->ip6_ptr);
3062 BUG_TRAP(!dev->dn_ptr);
3063 3057
3058 netdev_wait_allrefs(dev);
3064 3059
3065 /* It must be the very last action, 3060 /* paranoia */
3066 * after this 'dev' may point to freed up memory. 3061 BUG_ON(atomic_read(&dev->refcnt));
3067 */ 3062 BUG_TRAP(!dev->ip_ptr);
3068 if (dev->destructor) 3063 BUG_TRAP(!dev->ip6_ptr);
3069 dev->destructor(dev); 3064 BUG_TRAP(!dev->dn_ptr);
3070 break;
3071 3065
3072 default: 3066 /* It must be the very last action,
3073 printk(KERN_ERR "network todo '%s' but state %d\n", 3067 * after this 'dev' may point to freed up memory.
3074 dev->name, dev->reg_state); 3068 */
3075 break; 3069 if (dev->destructor)
3076 } 3070 dev->destructor(dev);
3077 } 3071 }
3078 3072
3079out: 3073out:
@@ -3130,7 +3124,7 @@ EXPORT_SYMBOL(alloc_netdev);
3130void free_netdev(struct net_device *dev) 3124void free_netdev(struct net_device *dev)
3131{ 3125{
3132#ifdef CONFIG_SYSFS 3126#ifdef CONFIG_SYSFS
3133 /* Compatiablity with error handling in drivers */ 3127 /* Compatibility with error handling in drivers */
3134 if (dev->reg_state == NETREG_UNINITIALIZED) { 3128 if (dev->reg_state == NETREG_UNINITIALIZED) {
3135 kfree((char *)dev - dev->padded); 3129 kfree((char *)dev - dev->padded);
3136 return; 3130 return;
@@ -3215,7 +3209,7 @@ int unregister_netdevice(struct net_device *dev)
3215 /* Notify protocols, that we are about to destroy 3209 /* Notify protocols, that we are about to destroy
3216 this device. They should clean all the things. 3210 this device. They should clean all the things.
3217 */ 3211 */
3218 blocking_notifier_call_chain(&netdev_chain, NETDEV_UNREGISTER, dev); 3212 raw_notifier_call_chain(&netdev_chain, NETDEV_UNREGISTER, dev);
3219 3213
3220 /* 3214 /*
3221 * Flush the multicast chain 3215 * Flush the multicast chain
diff --git a/net/core/filter.c b/net/core/filter.c
index 93fbd01d2259..5b4486a60cf6 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -34,6 +34,7 @@
34#include <linux/timer.h> 34#include <linux/timer.h>
35#include <asm/system.h> 35#include <asm/system.h>
36#include <asm/uaccess.h> 36#include <asm/uaccess.h>
37#include <asm/unaligned.h>
37#include <linux/filter.h> 38#include <linux/filter.h>
38 39
39/* No hurry in this branch */ 40/* No hurry in this branch */
@@ -177,7 +178,7 @@ unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int
177load_w: 178load_w:
178 ptr = load_pointer(skb, k, 4, &tmp); 179 ptr = load_pointer(skb, k, 4, &tmp);
179 if (ptr != NULL) { 180 if (ptr != NULL) {
180 A = ntohl(*(u32 *)ptr); 181 A = ntohl(get_unaligned((u32 *)ptr));
181 continue; 182 continue;
182 } 183 }
183 break; 184 break;
@@ -186,7 +187,7 @@ load_w:
186load_h: 187load_h:
187 ptr = load_pointer(skb, k, 2, &tmp); 188 ptr = load_pointer(skb, k, 2, &tmp);
188 if (ptr != NULL) { 189 if (ptr != NULL) {
189 A = ntohs(*(u16 *)ptr); 190 A = ntohs(get_unaligned((u16 *)ptr));
190 continue; 191 continue;
191 } 192 }
192 break; 193 break;
diff --git a/net/core/link_watch.c b/net/core/link_watch.c
index 341de44c7ed1..646937cc2d84 100644
--- a/net/core/link_watch.c
+++ b/net/core/link_watch.c
@@ -170,13 +170,13 @@ void linkwatch_fire_event(struct net_device *dev)
170 spin_unlock_irqrestore(&lweventlist_lock, flags); 170 spin_unlock_irqrestore(&lweventlist_lock, flags);
171 171
172 if (!test_and_set_bit(LW_RUNNING, &linkwatch_flags)) { 172 if (!test_and_set_bit(LW_RUNNING, &linkwatch_flags)) {
173 unsigned long thisevent = jiffies; 173 unsigned long delay = linkwatch_nextevent - jiffies;
174 174
175 if (thisevent >= linkwatch_nextevent) { 175 /* If we wrap around we'll delay it by at most HZ. */
176 if (!delay || delay > HZ)
176 schedule_work(&linkwatch_work); 177 schedule_work(&linkwatch_work);
177 } else { 178 else
178 schedule_delayed_work(&linkwatch_work, linkwatch_nextevent - thisevent); 179 schedule_delayed_work(&linkwatch_work, delay);
179 }
180 } 180 }
181 } 181 }
182} 182}
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 4cf878efdb49..50a8c73caf97 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1326,8 +1326,7 @@ void neigh_parms_destroy(struct neigh_parms *parms)
1326 kfree(parms); 1326 kfree(parms);
1327} 1327}
1328 1328
1329 1329void neigh_table_init_no_netlink(struct neigh_table *tbl)
1330void neigh_table_init(struct neigh_table *tbl)
1331{ 1330{
1332 unsigned long now = jiffies; 1331 unsigned long now = jiffies;
1333 unsigned long phsize; 1332 unsigned long phsize;
@@ -1383,10 +1382,27 @@ void neigh_table_init(struct neigh_table *tbl)
1383 1382
1384 tbl->last_flush = now; 1383 tbl->last_flush = now;
1385 tbl->last_rand = now + tbl->parms.reachable_time * 20; 1384 tbl->last_rand = now + tbl->parms.reachable_time * 20;
1385}
1386
1387void neigh_table_init(struct neigh_table *tbl)
1388{
1389 struct neigh_table *tmp;
1390
1391 neigh_table_init_no_netlink(tbl);
1386 write_lock(&neigh_tbl_lock); 1392 write_lock(&neigh_tbl_lock);
1393 for (tmp = neigh_tables; tmp; tmp = tmp->next) {
1394 if (tmp->family == tbl->family)
1395 break;
1396 }
1387 tbl->next = neigh_tables; 1397 tbl->next = neigh_tables;
1388 neigh_tables = tbl; 1398 neigh_tables = tbl;
1389 write_unlock(&neigh_tbl_lock); 1399 write_unlock(&neigh_tbl_lock);
1400
1401 if (unlikely(tmp)) {
1402 printk(KERN_ERR "NEIGH: Registering multiple tables for "
1403 "family %d\n", tbl->family);
1404 dump_stack();
1405 }
1390} 1406}
1391 1407
1392int neigh_table_clear(struct neigh_table *tbl) 1408int neigh_table_clear(struct neigh_table *tbl)
@@ -2657,6 +2673,7 @@ EXPORT_SYMBOL(neigh_rand_reach_time);
2657EXPORT_SYMBOL(neigh_resolve_output); 2673EXPORT_SYMBOL(neigh_resolve_output);
2658EXPORT_SYMBOL(neigh_table_clear); 2674EXPORT_SYMBOL(neigh_table_clear);
2659EXPORT_SYMBOL(neigh_table_init); 2675EXPORT_SYMBOL(neigh_table_init);
2676EXPORT_SYMBOL(neigh_table_init_no_netlink);
2660EXPORT_SYMBOL(neigh_update); 2677EXPORT_SYMBOL(neigh_update);
2661EXPORT_SYMBOL(neigh_update_hhs); 2678EXPORT_SYMBOL(neigh_update_hhs);
2662EXPORT_SYMBOL(pneigh_enqueue); 2679EXPORT_SYMBOL(pneigh_enqueue);
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index c12990c9c603..47a6fceb6771 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -29,7 +29,7 @@ static const char fmt_ulong[] = "%lu\n";
29 29
30static inline int dev_isalive(const struct net_device *dev) 30static inline int dev_isalive(const struct net_device *dev)
31{ 31{
32 return dev->reg_state == NETREG_REGISTERED; 32 return dev->reg_state <= NETREG_REGISTERED;
33} 33}
34 34
35/* use same locking rules as GIF* ioctl's */ 35/* use same locking rules as GIF* ioctl's */
@@ -445,58 +445,33 @@ static struct class net_class = {
445 445
446void netdev_unregister_sysfs(struct net_device * net) 446void netdev_unregister_sysfs(struct net_device * net)
447{ 447{
448 struct class_device * class_dev = &(net->class_dev); 448 class_device_del(&(net->class_dev));
449
450 if (net->get_stats)
451 sysfs_remove_group(&class_dev->kobj, &netstat_group);
452
453#ifdef WIRELESS_EXT
454 if (net->get_wireless_stats || (net->wireless_handlers &&
455 net->wireless_handlers->get_wireless_stats))
456 sysfs_remove_group(&class_dev->kobj, &wireless_group);
457#endif
458 class_device_del(class_dev);
459
460} 449}
461 450
462/* Create sysfs entries for network device. */ 451/* Create sysfs entries for network device. */
463int netdev_register_sysfs(struct net_device *net) 452int netdev_register_sysfs(struct net_device *net)
464{ 453{
465 struct class_device *class_dev = &(net->class_dev); 454 struct class_device *class_dev = &(net->class_dev);
466 int ret; 455 struct attribute_group **groups = net->sysfs_groups;
467 456
457 class_device_initialize(class_dev);
468 class_dev->class = &net_class; 458 class_dev->class = &net_class;
469 class_dev->class_data = net; 459 class_dev->class_data = net;
460 class_dev->groups = groups;
470 461
462 BUILD_BUG_ON(BUS_ID_SIZE < IFNAMSIZ);
471 strlcpy(class_dev->class_id, net->name, BUS_ID_SIZE); 463 strlcpy(class_dev->class_id, net->name, BUS_ID_SIZE);
472 if ((ret = class_device_register(class_dev)))
473 goto out;
474 464
475 if (net->get_stats && 465 if (net->get_stats)
476 (ret = sysfs_create_group(&class_dev->kobj, &netstat_group))) 466 *groups++ = &netstat_group;
477 goto out_unreg;
478 467
479#ifdef WIRELESS_EXT 468#ifdef WIRELESS_EXT
480 if (net->get_wireless_stats || (net->wireless_handlers && 469 if (net->get_wireless_stats
481 net->wireless_handlers->get_wireless_stats)) { 470 || (net->wireless_handlers && net->wireless_handlers->get_wireless_stats))
482 ret = sysfs_create_group(&class_dev->kobj, &wireless_group); 471 *groups++ = &wireless_group;
483 if (ret)
484 goto out_cleanup;
485 }
486 return 0;
487out_cleanup:
488 if (net->get_stats)
489 sysfs_remove_group(&class_dev->kobj, &netstat_group);
490#else
491 return 0;
492#endif 472#endif
493 473
494out_unreg: 474 return class_device_add(class_dev);
495 printk(KERN_WARNING "%s: sysfs attribute registration failed %d\n",
496 net->name, ret);
497 class_device_unregister(class_dev);
498out:
499 return ret;
500} 475}
501 476
502int netdev_sysfs_init(void) 477int netdev_sysfs_init(void)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 09464fa8d72f..fb3770f9c094 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -112,6 +112,14 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
112 BUG(); 112 BUG();
113} 113}
114 114
115void skb_truesize_bug(struct sk_buff *skb)
116{
117 printk(KERN_ERR "SKB BUG: Invalid truesize (%u) "
118 "len=%u, sizeof(sk_buff)=%Zd\n",
119 skb->truesize, skb->len, sizeof(struct sk_buff));
120}
121EXPORT_SYMBOL(skb_truesize_bug);
122
115/* Allocate a new skbuff. We do this ourselves so we can fill in a few 123/* Allocate a new skbuff. We do this ourselves so we can fill in a few
116 * 'private' fields and also do memory statistics to find all the 124 * 'private' fields and also do memory statistics to find all the
117 * [BEEP] leaks. 125 * [BEEP] leaks.
diff --git a/net/core/stream.c b/net/core/stream.c
index 35e25259fd95..e9489696f694 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb)
176{ 176{
177 struct sock *sk = skb->sk; 177 struct sock *sk = skb->sk;
178 178
179 skb_truesize_check(skb);
179 atomic_sub(skb->truesize, &sk->sk_rmem_alloc); 180 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
180 sk->sk_forward_alloc += skb->truesize; 181 sk->sk_forward_alloc += skb->truesize;
181} 182}
diff --git a/net/core/wireless.c b/net/core/wireless.c
index 81d6995fcfdb..d2bc72d318f7 100644
--- a/net/core/wireless.c
+++ b/net/core/wireless.c
@@ -1726,6 +1726,14 @@ int wireless_rtnetlink_get(struct net_device * dev,
1726 if(!IW_IS_GET(request->cmd)) 1726 if(!IW_IS_GET(request->cmd))
1727 return -EOPNOTSUPP; 1727 return -EOPNOTSUPP;
1728 1728
1729 /* If command is `get the encoding parameters', check if
1730 * the user has the right to do it */
1731 if (request->cmd == SIOCGIWENCODE ||
1732 request->cmd == SIOCGIWENCODEEXT) {
1733 if (!capable(CAP_NET_ADMIN))
1734 return -EPERM;
1735 }
1736
1729 /* Special cases */ 1737 /* Special cases */
1730 if(request->cmd == SIOCGIWSTATS) 1738 if(request->cmd == SIOCGIWSTATS)
1731 /* Get Wireless Stats */ 1739 /* Get Wireless Stats */
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 1ff7328b0e17..2e0ee8355c41 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -848,6 +848,7 @@ static int dccp_close_state(struct sock *sk)
848void dccp_close(struct sock *sk, long timeout) 848void dccp_close(struct sock *sk, long timeout)
849{ 849{
850 struct sk_buff *skb; 850 struct sk_buff *skb;
851 int state;
851 852
852 lock_sock(sk); 853 lock_sock(sk);
853 854
@@ -882,6 +883,11 @@ void dccp_close(struct sock *sk, long timeout)
882 sk_stream_wait_close(sk, timeout); 883 sk_stream_wait_close(sk, timeout);
883 884
884adjudge_to_death: 885adjudge_to_death:
886 state = sk->sk_state;
887 sock_hold(sk);
888 sock_orphan(sk);
889 atomic_inc(sk->sk_prot->orphan_count);
890
885 /* 891 /*
886 * It is the last release_sock in its life. It will remove backlog. 892 * It is the last release_sock in its life. It will remove backlog.
887 */ 893 */
@@ -894,8 +900,9 @@ adjudge_to_death:
894 bh_lock_sock(sk); 900 bh_lock_sock(sk);
895 BUG_TRAP(!sock_owned_by_user(sk)); 901 BUG_TRAP(!sock_owned_by_user(sk));
896 902
897 sock_hold(sk); 903 /* Have we already been destroyed by a softirq or backlog? */
898 sock_orphan(sk); 904 if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED)
905 goto out;
899 906
900 /* 907 /*
901 * The last release_sock may have processed the CLOSE or RESET 908 * The last release_sock may have processed the CLOSE or RESET
@@ -915,12 +922,12 @@ adjudge_to_death:
915#endif 922#endif
916 } 923 }
917 924
918 atomic_inc(sk->sk_prot->orphan_count);
919 if (sk->sk_state == DCCP_CLOSED) 925 if (sk->sk_state == DCCP_CLOSED)
920 inet_csk_destroy_sock(sk); 926 inet_csk_destroy_sock(sk);
921 927
922 /* Otherwise, socket is reprieved until protocol close. */ 928 /* Otherwise, socket is reprieved until protocol close. */
923 929
930out:
924 bh_unlock_sock(sk); 931 bh_unlock_sock(sk);
925 local_bh_enable(); 932 local_bh_enable();
926 sock_put(sk); 933 sock_put(sk);
diff --git a/net/decnet/dn_neigh.c b/net/decnet/dn_neigh.c
index 7c8692c26bfe..66e230c3b328 100644
--- a/net/decnet/dn_neigh.c
+++ b/net/decnet/dn_neigh.c
@@ -493,7 +493,6 @@ struct elist_cb_state {
493static void neigh_elist_cb(struct neighbour *neigh, void *_info) 493static void neigh_elist_cb(struct neighbour *neigh, void *_info)
494{ 494{
495 struct elist_cb_state *s = _info; 495 struct elist_cb_state *s = _info;
496 struct dn_dev *dn_db;
497 struct dn_neigh *dn; 496 struct dn_neigh *dn;
498 497
499 if (neigh->dev != s->dev) 498 if (neigh->dev != s->dev)
@@ -503,10 +502,6 @@ static void neigh_elist_cb(struct neighbour *neigh, void *_info)
503 if (!(dn->flags & (DN_NDFLAG_R1|DN_NDFLAG_R2))) 502 if (!(dn->flags & (DN_NDFLAG_R1|DN_NDFLAG_R2)))
504 return; 503 return;
505 504
506 dn_db = (struct dn_dev *) s->dev->dn_ptr;
507 if (dn_db->parms.forwarding == 1 && (dn->flags & DN_NDFLAG_R2))
508 return;
509
510 if (s->t == s->n) 505 if (s->t == s->n)
511 s->rs = dn_find_slot(s->ptr, s->n, dn->priority); 506 s->rs = dn_find_slot(s->ptr, s->n, dn->priority);
512 else 507 else
diff --git a/net/ethernet/Makefile b/net/ethernet/Makefile
index 69b74a9a0fc3..7cef1d8ace27 100644
--- a/net/ethernet/Makefile
+++ b/net/ethernet/Makefile
@@ -3,6 +3,5 @@
3# 3#
4 4
5obj-y += eth.o 5obj-y += eth.o
6obj-$(CONFIG_SYSCTL) += sysctl_net_ether.o
7obj-$(subst m,y,$(CONFIG_IPX)) += pe2.o 6obj-$(subst m,y,$(CONFIG_IPX)) += pe2.o
8obj-$(subst m,y,$(CONFIG_ATALK)) += pe2.o 7obj-$(subst m,y,$(CONFIG_ATALK)) += pe2.o
diff --git a/net/ethernet/sysctl_net_ether.c b/net/ethernet/sysctl_net_ether.c
deleted file mode 100644
index 66b39fc342d2..000000000000
--- a/net/ethernet/sysctl_net_ether.c
+++ /dev/null
@@ -1,14 +0,0 @@
1/* -*- linux-c -*-
2 * sysctl_net_ether.c: sysctl interface to net Ethernet subsystem.
3 *
4 * Begun April 1, 1996, Mike Shaver.
5 * Added /proc/sys/net/ether directory entry (empty =) ). [MS]
6 */
7
8#include <linux/mm.h>
9#include <linux/sysctl.h>
10#include <linux/if_ether.h>
11
12ctl_table ether_table[] = {
13 {0}
14};
diff --git a/net/ieee80211/softmac/Kconfig b/net/ieee80211/softmac/Kconfig
index 6cd9f3427be6..f2a27cc6ecb1 100644
--- a/net/ieee80211/softmac/Kconfig
+++ b/net/ieee80211/softmac/Kconfig
@@ -1,6 +1,7 @@
1config IEEE80211_SOFTMAC 1config IEEE80211_SOFTMAC
2 tristate "Software MAC add-on to the IEEE 802.11 networking stack" 2 tristate "Software MAC add-on to the IEEE 802.11 networking stack"
3 depends on IEEE80211 && EXPERIMENTAL 3 depends on IEEE80211 && EXPERIMENTAL
4 select WIRELESS_EXT
4 ---help--- 5 ---help---
5 This option enables the hardware independent software MAC addon 6 This option enables the hardware independent software MAC addon
6 for the IEEE 802.11 networking stack. 7 for the IEEE 802.11 networking stack.
diff --git a/net/ieee80211/softmac/ieee80211softmac_assoc.c b/net/ieee80211/softmac/ieee80211softmac_assoc.c
index be61de78dfa4..57ea9f6f465c 100644
--- a/net/ieee80211/softmac/ieee80211softmac_assoc.c
+++ b/net/ieee80211/softmac/ieee80211softmac_assoc.c
@@ -51,11 +51,12 @@ ieee80211softmac_assoc(struct ieee80211softmac_device *mac, struct ieee80211soft
51 spin_lock_irqsave(&mac->lock, flags); 51 spin_lock_irqsave(&mac->lock, flags);
52 mac->associnfo.associating = 1; 52 mac->associnfo.associating = 1;
53 mac->associated = 0; /* just to make sure */ 53 mac->associated = 0; /* just to make sure */
54 spin_unlock_irqrestore(&mac->lock, flags);
55 54
56 /* Set a timer for timeout */ 55 /* Set a timer for timeout */
57 /* FIXME: make timeout configurable */ 56 /* FIXME: make timeout configurable */
58 schedule_delayed_work(&mac->associnfo.timeout, 5 * HZ); 57 if (likely(mac->running))
58 schedule_delayed_work(&mac->associnfo.timeout, 5 * HZ);
59 spin_unlock_irqrestore(&mac->lock, flags);
59} 60}
60 61
61void 62void
@@ -101,6 +102,7 @@ ieee80211softmac_disassoc(struct ieee80211softmac_device *mac, u16 reason)
101 /* Do NOT clear bssvalid as that will break ieee80211softmac_assoc_work! */ 102 /* Do NOT clear bssvalid as that will break ieee80211softmac_assoc_work! */
102 mac->associated = 0; 103 mac->associated = 0;
103 mac->associnfo.associating = 0; 104 mac->associnfo.associating = 0;
105 ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL);
104 spin_unlock_irqrestore(&mac->lock, flags); 106 spin_unlock_irqrestore(&mac->lock, flags);
105} 107}
106 108
@@ -143,6 +145,12 @@ network_matches_request(struct ieee80211softmac_device *mac, struct ieee80211_ne
143 if (!we_support_all_basic_rates(mac, net->rates_ex, net->rates_ex_len)) 145 if (!we_support_all_basic_rates(mac, net->rates_ex, net->rates_ex_len))
144 return 0; 146 return 0;
145 147
148 /* assume that users know what they're doing ...
149 * (note we don't let them select a net we're incompatible with) */
150 if (mac->associnfo.bssfixed) {
151 return !memcmp(mac->associnfo.bssid, net->bssid, ETH_ALEN);
152 }
153
146 /* if 'ANY' network requested, take any that doesn't have privacy enabled */ 154 /* if 'ANY' network requested, take any that doesn't have privacy enabled */
147 if (mac->associnfo.req_essid.len == 0 155 if (mac->associnfo.req_essid.len == 0
148 && !(net->capability & WLAN_CAPABILITY_PRIVACY)) 156 && !(net->capability & WLAN_CAPABILITY_PRIVACY))
@@ -175,7 +183,7 @@ ieee80211softmac_assoc_work(void *d)
175 ieee80211softmac_disassoc(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT); 183 ieee80211softmac_disassoc(mac, WLAN_REASON_DISASSOC_STA_HAS_LEFT);
176 184
177 /* try to find the requested network in our list, if we found one already */ 185 /* try to find the requested network in our list, if we found one already */
178 if (mac->associnfo.bssvalid) 186 if (mac->associnfo.bssvalid || mac->associnfo.bssfixed)
179 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid); 187 found = ieee80211softmac_get_network_by_bssid(mac, mac->associnfo.bssid);
180 188
181 /* Search the ieee80211 networks for this network if we didn't find it by bssid, 189 /* Search the ieee80211 networks for this network if we didn't find it by bssid,
@@ -240,19 +248,25 @@ ieee80211softmac_assoc_work(void *d)
240 if (ieee80211softmac_start_scan(mac)) 248 if (ieee80211softmac_start_scan(mac))
241 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n"); 249 dprintk(KERN_INFO PFX "Associate: failed to initiate scan. Is device up?\n");
242 return; 250 return;
243 } 251 } else {
244 else {
245 spin_lock_irqsave(&mac->lock, flags); 252 spin_lock_irqsave(&mac->lock, flags);
246 mac->associnfo.associating = 0; 253 mac->associnfo.associating = 0;
247 mac->associated = 0; 254 mac->associated = 0;
248 spin_unlock_irqrestore(&mac->lock, flags); 255 spin_unlock_irqrestore(&mac->lock, flags);
249 256
250 dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n"); 257 dprintk(KERN_INFO PFX "Unable to find matching network after scan!\n");
258 /* reset the retry counter for the next user request since we
259 * break out and don't reschedule ourselves after this point. */
260 mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
251 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL); 261 ieee80211softmac_call_events(mac, IEEE80211SOFTMAC_EVENT_ASSOCIATE_NET_NOT_FOUND, NULL);
252 return; 262 return;
253 } 263 }
254 } 264 }
255 265
266 /* reset the retry counter for the next user request since we
267 * now found a net and will try to associate to it, but not
268 * schedule this function again. */
269 mac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
256 mac->associnfo.bssvalid = 1; 270 mac->associnfo.bssvalid = 1;
257 memcpy(mac->associnfo.bssid, found->bssid, ETH_ALEN); 271 memcpy(mac->associnfo.bssid, found->bssid, ETH_ALEN);
258 /* copy the ESSID for displaying it */ 272 /* copy the ESSID for displaying it */
@@ -306,6 +320,9 @@ ieee80211softmac_handle_assoc_response(struct net_device * dev,
306 u16 status = le16_to_cpup(&resp->status); 320 u16 status = le16_to_cpup(&resp->status);
307 struct ieee80211softmac_network *network = NULL; 321 struct ieee80211softmac_network *network = NULL;
308 unsigned long flags; 322 unsigned long flags;
323
324 if (unlikely(!mac->running))
325 return -ENODEV;
309 326
310 spin_lock_irqsave(&mac->lock, flags); 327 spin_lock_irqsave(&mac->lock, flags);
311 328
@@ -364,15 +381,22 @@ ieee80211softmac_handle_disassoc(struct net_device * dev,
364{ 381{
365 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 382 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
366 unsigned long flags; 383 unsigned long flags;
384
385 if (unlikely(!mac->running))
386 return -ENODEV;
387
367 if (memcmp(disassoc->header.addr2, mac->associnfo.bssid, ETH_ALEN)) 388 if (memcmp(disassoc->header.addr2, mac->associnfo.bssid, ETH_ALEN))
368 return 0; 389 return 0;
390
369 if (memcmp(disassoc->header.addr1, mac->dev->dev_addr, ETH_ALEN)) 391 if (memcmp(disassoc->header.addr1, mac->dev->dev_addr, ETH_ALEN))
370 return 0; 392 return 0;
393
371 dprintk(KERN_INFO PFX "got disassoc frame\n"); 394 dprintk(KERN_INFO PFX "got disassoc frame\n");
372 netif_carrier_off(dev); 395 netif_carrier_off(dev);
373 spin_lock_irqsave(&mac->lock, flags); 396 spin_lock_irqsave(&mac->lock, flags);
374 mac->associnfo.bssvalid = 0; 397 mac->associnfo.bssvalid = 0;
375 mac->associated = 0; 398 mac->associated = 0;
399 ieee80211softmac_call_events_locked(mac, IEEE80211SOFTMAC_EVENT_DISASSOCIATED, NULL);
376 schedule_work(&mac->associnfo.work); 400 schedule_work(&mac->associnfo.work);
377 spin_unlock_irqrestore(&mac->lock, flags); 401 spin_unlock_irqrestore(&mac->lock, flags);
378 402
@@ -386,11 +410,15 @@ ieee80211softmac_handle_reassoc_req(struct net_device * dev,
386 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 410 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
387 struct ieee80211softmac_network *network; 411 struct ieee80211softmac_network *network;
388 412
413 if (unlikely(!mac->running))
414 return -ENODEV;
415
389 network = ieee80211softmac_get_network_by_bssid(mac, resp->header.addr3); 416 network = ieee80211softmac_get_network_by_bssid(mac, resp->header.addr3);
390 if (!network) { 417 if (!network) {
391 dprintkl(KERN_INFO PFX "reassoc request from unknown network\n"); 418 dprintkl(KERN_INFO PFX "reassoc request from unknown network\n");
392 return 0; 419 return 0;
393 } 420 }
394 ieee80211softmac_assoc(mac, network); 421 schedule_work(&mac->associnfo.work);
422
395 return 0; 423 return 0;
396} 424}
diff --git a/net/ieee80211/softmac/ieee80211softmac_auth.c b/net/ieee80211/softmac/ieee80211softmac_auth.c
index 9a0eac6c61eb..06e332624665 100644
--- a/net/ieee80211/softmac/ieee80211softmac_auth.c
+++ b/net/ieee80211/softmac/ieee80211softmac_auth.c
@@ -86,6 +86,11 @@ ieee80211softmac_auth_queue(void *data)
86 86
87 /* Lock and set flags */ 87 /* Lock and set flags */
88 spin_lock_irqsave(&mac->lock, flags); 88 spin_lock_irqsave(&mac->lock, flags);
89 if (unlikely(!mac->running)) {
90 /* Prevent reschedule on workqueue flush */
91 spin_unlock_irqrestore(&mac->lock, flags);
92 return;
93 }
89 net->authenticated = 0; 94 net->authenticated = 0;
90 net->authenticating = 1; 95 net->authenticating = 1;
91 /* add a timeout call so we eventually give up waiting for an auth reply */ 96 /* add a timeout call so we eventually give up waiting for an auth reply */
@@ -124,6 +129,9 @@ ieee80211softmac_auth_resp(struct net_device *dev, struct ieee80211_auth *auth)
124 unsigned long flags; 129 unsigned long flags;
125 u8 * data; 130 u8 * data;
126 131
132 if (unlikely(!mac->running))
133 return -ENODEV;
134
127 /* Find correct auth queue item */ 135 /* Find correct auth queue item */
128 spin_lock_irqsave(&mac->lock, flags); 136 spin_lock_irqsave(&mac->lock, flags);
129 list_for_each(list_ptr, &mac->auth_queue) { 137 list_for_each(list_ptr, &mac->auth_queue) {
@@ -298,8 +306,6 @@ ieee80211softmac_deauth_from_net(struct ieee80211softmac_device *mac,
298 306
299 /* can't transmit data right now... */ 307 /* can't transmit data right now... */
300 netif_carrier_off(mac->dev); 308 netif_carrier_off(mac->dev);
301 /* let's try to re-associate */
302 schedule_work(&mac->associnfo.work);
303 spin_unlock_irqrestore(&mac->lock, flags); 309 spin_unlock_irqrestore(&mac->lock, flags);
304} 310}
305 311
@@ -338,6 +344,9 @@ ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *de
338 struct ieee80211softmac_network *net = NULL; 344 struct ieee80211softmac_network *net = NULL;
339 struct ieee80211softmac_device *mac = ieee80211_priv(dev); 345 struct ieee80211softmac_device *mac = ieee80211_priv(dev);
340 346
347 if (unlikely(!mac->running))
348 return -ENODEV;
349
341 if (!deauth) { 350 if (!deauth) {
342 dprintk("deauth without deauth packet. eek!\n"); 351 dprintk("deauth without deauth packet. eek!\n");
343 return 0; 352 return 0;
@@ -360,5 +369,8 @@ ieee80211softmac_deauth_resp(struct net_device *dev, struct ieee80211_deauth *de
360 } 369 }
361 370
362 ieee80211softmac_deauth_from_net(mac, net); 371 ieee80211softmac_deauth_from_net(mac, net);
372
373 /* let's try to re-associate */
374 schedule_work(&mac->associnfo.work);
363 return 0; 375 return 0;
364} 376}
diff --git a/net/ieee80211/softmac/ieee80211softmac_event.c b/net/ieee80211/softmac/ieee80211softmac_event.c
index 0a52bbda1e4c..8cc8f3f0f8e7 100644
--- a/net/ieee80211/softmac/ieee80211softmac_event.c
+++ b/net/ieee80211/softmac/ieee80211softmac_event.c
@@ -67,6 +67,7 @@ static char *event_descriptions[IEEE80211SOFTMAC_EVENT_LAST+1] = {
67 "authenticating failed", 67 "authenticating failed",
68 "authenticating timed out", 68 "authenticating timed out",
69 "associating failed because no suitable network was found", 69 "associating failed because no suitable network was found",
70 "disassociated",
70}; 71};
71 72
72 73
@@ -128,13 +129,42 @@ void
128ieee80211softmac_call_events_locked(struct ieee80211softmac_device *mac, int event, void *event_ctx) 129ieee80211softmac_call_events_locked(struct ieee80211softmac_device *mac, int event, void *event_ctx)
129{ 130{
130 struct ieee80211softmac_event *eventptr, *tmp; 131 struct ieee80211softmac_event *eventptr, *tmp;
131 union iwreq_data wrqu; 132 struct ieee80211softmac_network *network;
132 char *msg;
133 133
134 if (event >= 0) { 134 if (event >= 0) {
135 msg = event_descriptions[event]; 135 union iwreq_data wrqu;
136 wrqu.data.length = strlen(msg); 136 int we_event;
137 wireless_send_event(mac->dev, IWEVCUSTOM, &wrqu, msg); 137 char *msg = NULL;
138
139 switch(event) {
140 case IEEE80211SOFTMAC_EVENT_ASSOCIATED:
141 network = (struct ieee80211softmac_network *)event_ctx;
142 wrqu.data.length = 0;
143 wrqu.data.flags = 0;
144 memcpy(wrqu.ap_addr.sa_data, &network->bssid[0], ETH_ALEN);
145 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
146 we_event = SIOCGIWAP;
147 break;
148 case IEEE80211SOFTMAC_EVENT_DISASSOCIATED:
149 wrqu.data.length = 0;
150 wrqu.data.flags = 0;
151 memset(&wrqu, '\0', sizeof (union iwreq_data));
152 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
153 we_event = SIOCGIWAP;
154 break;
155 case IEEE80211SOFTMAC_EVENT_SCAN_FINISHED:
156 wrqu.data.length = 0;
157 wrqu.data.flags = 0;
158 memset(&wrqu, '\0', sizeof (union iwreq_data));
159 we_event = SIOCGIWSCAN;
160 break;
161 default:
162 msg = event_descriptions[event];
163 wrqu.data.length = strlen(msg);
164 we_event = IWEVCUSTOM;
165 break;
166 }
167 wireless_send_event(mac->dev, we_event, &wrqu, msg);
138 } 168 }
139 169
140 if (!list_empty(&mac->events)) 170 if (!list_empty(&mac->events))
diff --git a/net/ieee80211/softmac/ieee80211softmac_io.c b/net/ieee80211/softmac/ieee80211softmac_io.c
index febc51dbb412..cc6cd56c85b1 100644
--- a/net/ieee80211/softmac/ieee80211softmac_io.c
+++ b/net/ieee80211/softmac/ieee80211softmac_io.c
@@ -180,9 +180,21 @@ ieee80211softmac_assoc_req(struct ieee80211_assoc_request **pkt,
180 ieee80211softmac_hdr_3addr(mac, &((*pkt)->header), IEEE80211_STYPE_ASSOC_REQ, net->bssid, net->bssid); 180 ieee80211softmac_hdr_3addr(mac, &((*pkt)->header), IEEE80211_STYPE_ASSOC_REQ, net->bssid, net->bssid);
181 181
182 /* Fill in capability Info */ 182 /* Fill in capability Info */
183 (*pkt)->capability = (mac->ieee->iw_mode == IW_MODE_MASTER) || (mac->ieee->iw_mode == IW_MODE_INFRA) ? 183 switch (mac->ieee->iw_mode) {
184 cpu_to_le16(WLAN_CAPABILITY_ESS) : 184 case IW_MODE_INFRA:
185 cpu_to_le16(WLAN_CAPABILITY_IBSS); 185 (*pkt)->capability = cpu_to_le16(WLAN_CAPABILITY_ESS);
186 break;
187 case IW_MODE_ADHOC:
188 (*pkt)->capability = cpu_to_le16(WLAN_CAPABILITY_IBSS);
189 break;
190 case IW_MODE_AUTO:
191 (*pkt)->capability = net->capabilities & (WLAN_CAPABILITY_ESS|WLAN_CAPABILITY_IBSS);
192 break;
193 default:
194 /* bleh. we don't ever go to these modes */
195 printk(KERN_ERR PFX "invalid iw_mode!\n");
196 break;
197 }
186 /* Need to add this 198 /* Need to add this
187 (*pkt)->capability |= mac->ieee->short_slot ? 199 (*pkt)->capability |= mac->ieee->short_slot ?
188 cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME) : 0; 200 cpu_to_le16(WLAN_CAPABILITY_SHORT_SLOT_TIME) : 0;
diff --git a/net/ieee80211/softmac/ieee80211softmac_module.c b/net/ieee80211/softmac/ieee80211softmac_module.c
index 60f06a31f0d1..6252be2c0db9 100644
--- a/net/ieee80211/softmac/ieee80211softmac_module.c
+++ b/net/ieee80211/softmac/ieee80211softmac_module.c
@@ -45,6 +45,8 @@ struct net_device *alloc_ieee80211softmac(int sizeof_priv)
45 softmac->ieee->handle_disassoc = ieee80211softmac_handle_disassoc; 45 softmac->ieee->handle_disassoc = ieee80211softmac_handle_disassoc;
46 softmac->scaninfo = NULL; 46 softmac->scaninfo = NULL;
47 47
48 softmac->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
49
48 /* TODO: initialise all the other callbacks in the ieee struct 50 /* TODO: initialise all the other callbacks in the ieee struct
49 * (once they're written) 51 * (once they're written)
50 */ 52 */
@@ -87,6 +89,8 @@ ieee80211softmac_clear_pending_work(struct ieee80211softmac_device *sm)
87 ieee80211softmac_wait_for_scan(sm); 89 ieee80211softmac_wait_for_scan(sm);
88 90
89 spin_lock_irqsave(&sm->lock, flags); 91 spin_lock_irqsave(&sm->lock, flags);
92 sm->running = 0;
93
90 /* Free all pending assoc work items */ 94 /* Free all pending assoc work items */
91 cancel_delayed_work(&sm->associnfo.work); 95 cancel_delayed_work(&sm->associnfo.work);
92 96
@@ -202,6 +206,8 @@ void ieee80211softmac_start(struct net_device *dev)
202 assert(0); 206 assert(0);
203 if (mac->txrates_change) 207 if (mac->txrates_change)
204 mac->txrates_change(dev, change, &oldrates); 208 mac->txrates_change(dev, change, &oldrates);
209
210 mac->running = 1;
205} 211}
206EXPORT_SYMBOL_GPL(ieee80211softmac_start); 212EXPORT_SYMBOL_GPL(ieee80211softmac_start);
207 213
diff --git a/net/ieee80211/softmac/ieee80211softmac_scan.c b/net/ieee80211/softmac/ieee80211softmac_scan.c
index bb9ab8b45d09..d31cf77498c4 100644
--- a/net/ieee80211/softmac/ieee80211softmac_scan.c
+++ b/net/ieee80211/softmac/ieee80211softmac_scan.c
@@ -47,6 +47,7 @@ ieee80211softmac_start_scan(struct ieee80211softmac_device *sm)
47 sm->scanning = 1; 47 sm->scanning = 1;
48 spin_unlock_irqrestore(&sm->lock, flags); 48 spin_unlock_irqrestore(&sm->lock, flags);
49 49
50 netif_tx_disable(sm->ieee->dev);
50 ret = sm->start_scan(sm->dev); 51 ret = sm->start_scan(sm->dev);
51 if (ret) { 52 if (ret) {
52 spin_lock_irqsave(&sm->lock, flags); 53 spin_lock_irqsave(&sm->lock, flags);
@@ -114,7 +115,15 @@ void ieee80211softmac_scan(void *d)
114 // TODO: is this if correct, or should we do this only if scanning from assoc request? 115 // TODO: is this if correct, or should we do this only if scanning from assoc request?
115 if (sm->associnfo.req_essid.len) 116 if (sm->associnfo.req_essid.len)
116 ieee80211softmac_send_mgt_frame(sm, &sm->associnfo.req_essid, IEEE80211_STYPE_PROBE_REQ, 0); 117 ieee80211softmac_send_mgt_frame(sm, &sm->associnfo.req_essid, IEEE80211_STYPE_PROBE_REQ, 0);
118
119 spin_lock_irqsave(&sm->lock, flags);
120 if (unlikely(!sm->running)) {
121 /* Prevent reschedule on workqueue flush */
122 spin_unlock_irqrestore(&sm->lock, flags);
123 break;
124 }
117 schedule_delayed_work(&si->softmac_scan, IEEE80211SOFTMAC_PROBE_DELAY); 125 schedule_delayed_work(&si->softmac_scan, IEEE80211SOFTMAC_PROBE_DELAY);
126 spin_unlock_irqrestore(&sm->lock, flags);
118 return; 127 return;
119 } else { 128 } else {
120 dprintk(PFX "Not probing Channel %d (not allowed here)\n", si->channels[current_channel_idx].channel); 129 dprintk(PFX "Not probing Channel %d (not allowed here)\n", si->channels[current_channel_idx].channel);
@@ -239,6 +248,7 @@ void ieee80211softmac_scan_finished(struct ieee80211softmac_device *sm)
239 if (net) 248 if (net)
240 sm->set_channel(sm->dev, net->channel); 249 sm->set_channel(sm->dev, net->channel);
241 } 250 }
251 netif_wake_queue(sm->ieee->dev);
242 ieee80211softmac_call_events(sm, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, NULL); 252 ieee80211softmac_call_events(sm, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, NULL);
243} 253}
244EXPORT_SYMBOL_GPL(ieee80211softmac_scan_finished); 254EXPORT_SYMBOL_GPL(ieee80211softmac_scan_finished);
diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
index b559aa9b5507..27edb2b5581a 100644
--- a/net/ieee80211/softmac/ieee80211softmac_wx.c
+++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
@@ -27,7 +27,8 @@
27#include "ieee80211softmac_priv.h" 27#include "ieee80211softmac_priv.h"
28 28
29#include <net/iw_handler.h> 29#include <net/iw_handler.h>
30 30/* for is_broadcast_ether_addr and is_zero_ether_addr */
31#include <linux/etherdevice.h>
31 32
32int 33int
33ieee80211softmac_wx_trigger_scan(struct net_device *net_dev, 34ieee80211softmac_wx_trigger_scan(struct net_device *net_dev,
@@ -41,13 +42,23 @@ ieee80211softmac_wx_trigger_scan(struct net_device *net_dev,
41EXPORT_SYMBOL_GPL(ieee80211softmac_wx_trigger_scan); 42EXPORT_SYMBOL_GPL(ieee80211softmac_wx_trigger_scan);
42 43
43 44
45/* if we're still scanning, return -EAGAIN so that userspace tools
46 * can get the complete scan results, otherwise return 0. */
44int 47int
45ieee80211softmac_wx_get_scan_results(struct net_device *net_dev, 48ieee80211softmac_wx_get_scan_results(struct net_device *net_dev,
46 struct iw_request_info *info, 49 struct iw_request_info *info,
47 union iwreq_data *data, 50 union iwreq_data *data,
48 char *extra) 51 char *extra)
49{ 52{
53 unsigned long flags;
50 struct ieee80211softmac_device *sm = ieee80211_priv(net_dev); 54 struct ieee80211softmac_device *sm = ieee80211_priv(net_dev);
55
56 spin_lock_irqsave(&sm->lock, flags);
57 if (sm->scanning) {
58 spin_unlock_irqrestore(&sm->lock, flags);
59 return -EAGAIN;
60 }
61 spin_unlock_irqrestore(&sm->lock, flags);
51 return ieee80211_wx_get_scan(sm->ieee, info, data, extra); 62 return ieee80211_wx_get_scan(sm->ieee, info, data, extra);
52} 63}
53EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_scan_results); 64EXPORT_SYMBOL_GPL(ieee80211softmac_wx_get_scan_results);
@@ -73,7 +84,6 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev,
73 sm->associnfo.static_essid = 1; 84 sm->associnfo.static_essid = 1;
74 } 85 }
75 } 86 }
76 sm->associnfo.scan_retry = IEEE80211SOFTMAC_ASSOC_SCAN_RETRY_LIMIT;
77 87
78 /* set our requested ESSID length. 88 /* set our requested ESSID length.
79 * If applicable, we have already copied the data in */ 89 * If applicable, we have already copied the data in */
@@ -300,8 +310,6 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
300 char *extra) 310 char *extra)
301{ 311{
302 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev); 312 struct ieee80211softmac_device *mac = ieee80211_priv(net_dev);
303 static const unsigned char any[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
304 static const unsigned char off[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
305 unsigned long flags; 313 unsigned long flags;
306 314
307 /* sanity check */ 315 /* sanity check */
@@ -310,10 +318,17 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
310 } 318 }
311 319
312 spin_lock_irqsave(&mac->lock, flags); 320 spin_lock_irqsave(&mac->lock, flags);
313 if (!memcmp(any, data->ap_addr.sa_data, ETH_ALEN) || 321 if (is_broadcast_ether_addr(data->ap_addr.sa_data)) {
314 !memcmp(off, data->ap_addr.sa_data, ETH_ALEN)) { 322 /* the bssid we have is not to be fixed any longer,
315 schedule_work(&mac->associnfo.work); 323 * and we should reassociate to the best AP. */
316 goto out; 324 mac->associnfo.bssfixed = 0;
325 /* force reassociation */
326 mac->associnfo.bssvalid = 0;
327 if (mac->associated)
328 schedule_work(&mac->associnfo.work);
329 } else if (is_zero_ether_addr(data->ap_addr.sa_data)) {
330 /* the bssid we have is no longer fixed */
331 mac->associnfo.bssfixed = 0;
317 } else { 332 } else {
318 if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) { 333 if (!memcmp(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN)) {
319 if (mac->associnfo.associating || mac->associated) { 334 if (mac->associnfo.associating || mac->associated) {
@@ -323,12 +338,14 @@ ieee80211softmac_wx_set_wap(struct net_device *net_dev,
323 } else { 338 } else {
324 /* copy new value in data->ap_addr.sa_data to bssid */ 339 /* copy new value in data->ap_addr.sa_data to bssid */
325 memcpy(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN); 340 memcpy(mac->associnfo.bssid, data->ap_addr.sa_data, ETH_ALEN);
326 } 341 }
342 /* tell the other code that this bssid should be used no matter what */
343 mac->associnfo.bssfixed = 1;
327 /* queue associate if new bssid or (old one again and not associated) */ 344 /* queue associate if new bssid or (old one again and not associated) */
328 schedule_work(&mac->associnfo.work); 345 schedule_work(&mac->associnfo.work);
329 } 346 }
330 347
331out: 348 out:
332 spin_unlock_irqrestore(&mac->lock, flags); 349 spin_unlock_irqrestore(&mac->lock, flags);
333 return 0; 350 return 0;
334} 351}
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index dc206f1f914f..0a277453526b 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1257,7 +1257,7 @@ out_unregister_udp_proto:
1257 goto out; 1257 goto out;
1258} 1258}
1259 1259
1260module_init(inet_init); 1260fs_initcall(inet_init);
1261 1261
1262/* ------------------------------------------------------------------------ */ 1262/* ------------------------------------------------------------------------ */
1263 1263
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 041dadde31af..4749d504c629 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -928,7 +928,8 @@ static void parp_redo(struct sk_buff *skb)
928 * Receive an arp request from the device layer. 928 * Receive an arp request from the device layer.
929 */ 929 */
930 930
931int arp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) 931static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
932 struct packet_type *pt, struct net_device *orig_dev)
932{ 933{
933 struct arphdr *arp; 934 struct arphdr *arp;
934 935
@@ -1417,7 +1418,6 @@ static int __init arp_proc_init(void)
1417 1418
1418EXPORT_SYMBOL(arp_broken_ops); 1419EXPORT_SYMBOL(arp_broken_ops);
1419EXPORT_SYMBOL(arp_find); 1420EXPORT_SYMBOL(arp_find);
1420EXPORT_SYMBOL(arp_rcv);
1421EXPORT_SYMBOL(arp_create); 1421EXPORT_SYMBOL(arp_create);
1422EXPORT_SYMBOL(arp_xmit); 1422EXPORT_SYMBOL(arp_xmit);
1423EXPORT_SYMBOL(arp_send); 1423EXPORT_SYMBOL(arp_send);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 81c2f7885292..54419b27686f 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1556,7 +1556,6 @@ void __init devinet_init(void)
1556#endif 1556#endif
1557} 1557}
1558 1558
1559EXPORT_SYMBOL(devinet_ioctl);
1560EXPORT_SYMBOL(in_dev_finish_destroy); 1559EXPORT_SYMBOL(in_dev_finish_destroy);
1561EXPORT_SYMBOL(inet_select_addr); 1560EXPORT_SYMBOL(inet_select_addr);
1562EXPORT_SYMBOL(inetdev_by_index); 1561EXPORT_SYMBOL(inetdev_by_index);
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 4e3d3811dea2..cdde96390960 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -666,4 +666,3 @@ void __init ip_fib_init(void)
666} 666}
667 667
668EXPORT_SYMBOL(inet_addr_type); 668EXPORT_SYMBOL(inet_addr_type);
669EXPORT_SYMBOL(ip_rt_ioctl);
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index ef7366fc132f..ee9b5515b9ae 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -43,8 +43,6 @@ struct inet_bind_bucket *inet_bind_bucket_create(kmem_cache_t *cachep,
43 return tb; 43 return tb;
44} 44}
45 45
46EXPORT_SYMBOL(inet_bind_bucket_create);
47
48/* 46/*
49 * Caller must hold hashbucket lock for this tb with local BH disabled 47 * Caller must hold hashbucket lock for this tb with local BH disabled
50 */ 48 */
@@ -64,8 +62,6 @@ void inet_bind_hash(struct sock *sk, struct inet_bind_bucket *tb,
64 inet_csk(sk)->icsk_bind_hash = tb; 62 inet_csk(sk)->icsk_bind_hash = tb;
65} 63}
66 64
67EXPORT_SYMBOL(inet_bind_hash);
68
69/* 65/*
70 * Get rid of any references to a local port held by the given sock. 66 * Get rid of any references to a local port held by the given sock.
71 */ 67 */
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 18d7fad474d7..c9026dbf4c93 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -337,7 +337,7 @@ static inline int ip_rcv_finish(struct sk_buff *skb)
337 * Initialise the virtual path cache for the packet. It describes 337 * Initialise the virtual path cache for the packet. It describes
338 * how the packet travels inside Linux networking. 338 * how the packet travels inside Linux networking.
339 */ 339 */
340 if (likely(skb->dst == NULL)) { 340 if (skb->dst == NULL) {
341 int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, 341 int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
342 skb->dev); 342 skb->dev);
343 if (unlikely(err)) { 343 if (unlikely(err)) {
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 9bebad07bf2e..cbcae6544622 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -209,7 +209,7 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
209 209
210void ip_options_fragment(struct sk_buff * skb) 210void ip_options_fragment(struct sk_buff * skb)
211{ 211{
212 unsigned char * optptr = skb->nh.raw; 212 unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
213 struct ip_options * opt = &(IPCB(skb)->opt); 213 struct ip_options * opt = &(IPCB(skb)->opt);
214 int l = opt->optlen; 214 int l = opt->optlen;
215 int optlen; 215 int optlen;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 8dcba3887f04..cff9c3a72daf 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -904,7 +904,7 @@ alloc_new_skb:
904 * because we have no idea what fragment will be 904 * because we have no idea what fragment will be
905 * the last. 905 * the last.
906 */ 906 */
907 if (datalen == length) 907 if (datalen == length + fraggap)
908 alloclen += rt->u.dst.trailer_len; 908 alloclen += rt->u.dst.trailer_len;
909 909
910 if (transhdrlen) { 910 if (transhdrlen) {
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 04a429465665..95278b22b669 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -210,7 +210,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
210 skb->h.icmph->code != ICMP_FRAG_NEEDED) 210 skb->h.icmph->code != ICMP_FRAG_NEEDED)
211 return; 211 return;
212 212
213 spi = ntohl(ntohs(ipch->cpi)); 213 spi = htonl(ntohs(ipch->cpi));
214 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, 214 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr,
215 spi, IPPROTO_COMP, AF_INET); 215 spi, IPPROTO_COMP, AF_INET);
216 if (!x) 216 if (!x)
@@ -290,11 +290,8 @@ static void ipcomp_free_scratches(void)
290 if (!scratches) 290 if (!scratches)
291 return; 291 return;
292 292
293 for_each_possible_cpu(i) { 293 for_each_possible_cpu(i)
294 void *scratch = *per_cpu_ptr(scratches, i); 294 vfree(*per_cpu_ptr(scratches, i));
295 if (scratch)
296 vfree(scratch);
297 }
298 295
299 free_percpu(scratches); 296 free_percpu(scratches);
300} 297}
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index c60fd5c4ea1e..d4072533da21 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -170,8 +170,8 @@ config IP_NF_PPTP
170 Documentation/modules.txt. If unsure, say `N'. 170 Documentation/modules.txt. If unsure, say `N'.
171 171
172config IP_NF_H323 172config IP_NF_H323
173 tristate 'H.323 protocol support' 173 tristate 'H.323 protocol support (EXPERIMENTAL)'
174 depends on IP_NF_CONNTRACK 174 depends on IP_NF_CONNTRACK && EXPERIMENTAL
175 help 175 help
176 H.323 is a VoIP signalling protocol from ITU-T. As one of the most 176 H.323 is a VoIP signalling protocol from ITU-T. As one of the most
177 important VoIP protocols, it is widely used by voice hardware and 177 important VoIP protocols, it is widely used by voice hardware and
@@ -345,7 +345,7 @@ config IP_NF_TARGET_LOG
345 To compile it as a module, choose M here. If unsure, say N. 345 To compile it as a module, choose M here. If unsure, say N.
346 346
347config IP_NF_TARGET_ULOG 347config IP_NF_TARGET_ULOG
348 tristate "ULOG target support (OBSOLETE)" 348 tristate "ULOG target support"
349 depends on IP_NF_IPTABLES 349 depends on IP_NF_IPTABLES
350 ---help--- 350 ---help---
351 351
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index c2d92f99a2b8..d0d19192026d 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -948,7 +948,7 @@ static int do_add_counters(void __user *user, unsigned int len)
948 948
949 write_lock_bh(&t->lock); 949 write_lock_bh(&t->lock);
950 private = t->private; 950 private = t->private;
951 if (private->number != paddc->num_counters) { 951 if (private->number != tmp.num_counters) {
952 ret = -EINVAL; 952 ret = -EINVAL;
953 goto unlock_up_free; 953 goto unlock_up_free;
954 } 954 }
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 979a2eac6f00..a297da7bbef5 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1318,6 +1318,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
1318 .tuple.dst.u.tcp.port; 1318 .tuple.dst.u.tcp.port;
1319 sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL] 1319 sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
1320 .tuple.dst.ip; 1320 .tuple.dst.ip;
1321 memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
1321 1322
1322 DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", 1323 DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
1323 NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); 1324 NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 2c2fb700d835..518f581d39ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -162,6 +162,8 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
162 162
163 /* Validate TPKT length */ 163 /* Validate TPKT length */
164 tpktlen = tpkt[2] * 256 + tpkt[3]; 164 tpktlen = tpkt[2] * 256 + tpkt[3];
165 if (tpktlen < 4)
166 goto clear_out;
165 if (tpktlen > tcpdatalen) { 167 if (tpktlen > tcpdatalen) {
166 if (tcpdatalen == 4) { /* Separate TPKT header */ 168 if (tcpdatalen == 4) { /* Separate TPKT header */
167 /* Netmeeting sends TPKT header and data separately */ 169 /* Netmeeting sends TPKT header and data separately */
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
index 48078002e450..26dfecadb335 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
@@ -2,7 +2,7 @@
2 * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323 2 * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323
3 * conntrack/NAT module. 3 * conntrack/NAT module.
4 * 4 *
5 * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@hotmail.com> 5 * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
6 * 6 *
7 * This source code is licensed under General Public License version 2. 7 * This source code is licensed under General Public License version 2.
8 * 8 *
@@ -528,14 +528,15 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level)
528 528
529 /* Decode */ 529 /* Decode */
530 if ((err = (Decoders[son->type]) (bs, son, base, 530 if ((err = (Decoders[son->type]) (bs, son, base,
531 level + 1)) > 531 level + 1)) <
532 H323_ERROR_STOP) 532 H323_ERROR_NONE)
533 return err; 533 return err;
534 534
535 bs->cur = beg + len; 535 bs->cur = beg + len;
536 bs->bit = 0; 536 bs->bit = 0;
537 } else if ((err = (Decoders[son->type]) (bs, son, base, 537 } else if ((err = (Decoders[son->type]) (bs, son, base,
538 level + 1))) 538 level + 1)) <
539 H323_ERROR_NONE)
539 return err; 540 return err;
540 } 541 }
541 542
@@ -554,7 +555,7 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level)
554 555
555 /* Decode the extension components */ 556 /* Decode the extension components */
556 for (opt = 0; opt < bmp2_len; opt++, i++, son++) { 557 for (opt = 0; opt < bmp2_len; opt++, i++, son++) {
557 if (son->attr & STOP) { 558 if (i < f->ub && son->attr & STOP) {
558 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ", 559 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
559 son->name); 560 son->name);
560 return H323_ERROR_STOP; 561 return H323_ERROR_STOP;
@@ -584,8 +585,8 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level)
584 beg = bs->cur; 585 beg = bs->cur;
585 586
586 if ((err = (Decoders[son->type]) (bs, son, base, 587 if ((err = (Decoders[son->type]) (bs, son, base,
587 level + 1)) > 588 level + 1)) <
588 H323_ERROR_STOP) 589 H323_ERROR_NONE)
589 return err; 590 return err;
590 591
591 bs->cur = beg + len; 592 bs->cur = beg + len;
@@ -660,18 +661,20 @@ int decode_seqof(bitstr_t * bs, field_t * f, char *base, int level)
660 i < 661 i <
661 effective_count ? 662 effective_count ?
662 base : NULL, 663 base : NULL,
663 level + 1)) > 664 level + 1)) <
664 H323_ERROR_STOP) 665 H323_ERROR_NONE)
665 return err; 666 return err;
666 667
667 bs->cur = beg + len; 668 bs->cur = beg + len;
668 bs->bit = 0; 669 bs->bit = 0;
669 } else 670 } else
670 if ((err = (Decoders[son->type]) (bs, son, 671 if ((err = (Decoders[son->type]) (bs, son,
671 i < effective_count ? 672 i <
672 base : NULL, 673 effective_count ?
673 level + 1))) 674 base : NULL,
674 return err; 675 level + 1)) <
676 H323_ERROR_NONE)
677 return err;
675 678
676 if (base) 679 if (base)
677 base += son->offset; 680 base += son->offset;
@@ -703,6 +706,10 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
703 type = get_bits(bs, f->sz); 706 type = get_bits(bs, f->sz);
704 } 707 }
705 708
709 /* Write Type */
710 if (base)
711 *(unsigned *) base = type;
712
706 /* Check Range */ 713 /* Check Range */
707 if (type >= f->ub) { /* Newer version? */ 714 if (type >= f->ub) { /* Newer version? */
708 BYTE_ALIGN(bs); 715 BYTE_ALIGN(bs);
@@ -712,10 +719,6 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
712 return H323_ERROR_NONE; 719 return H323_ERROR_NONE;
713 } 720 }
714 721
715 /* Write Type */
716 if (base)
717 *(unsigned *) base = type;
718
719 /* Transfer to son level */ 722 /* Transfer to son level */
720 son = &f->fields[type]; 723 son = &f->fields[type];
721 if (son->attr & STOP) { 724 if (son->attr & STOP) {
@@ -735,13 +738,14 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level)
735 } 738 }
736 beg = bs->cur; 739 beg = bs->cur;
737 740
738 if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) > 741 if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) <
739 H323_ERROR_STOP) 742 H323_ERROR_NONE)
740 return err; 743 return err;
741 744
742 bs->cur = beg + len; 745 bs->cur = beg + len;
743 bs->bit = 0; 746 bs->bit = 0;
744 } else if ((err = (Decoders[son->type]) (bs, son, base, level + 1))) 747 } else if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) <
748 H323_ERROR_NONE)
745 return err; 749 return err;
746 750
747 return H323_ERROR_NONE; 751 return H323_ERROR_NONE;
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 7d3ba4302e9e..8ccfe17bb253 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -469,8 +469,8 @@ pptp_inbound_pkt(struct sk_buff **pskb,
469 DEBUGP("%s but no session\n", pptp_msg_name[msg]); 469 DEBUGP("%s but no session\n", pptp_msg_name[msg]);
470 break; 470 break;
471 } 471 }
472 if (info->sstate != PPTP_CALL_IN_REP 472 if (info->cstate != PPTP_CALL_IN_REP
473 && info->sstate != PPTP_CALL_IN_CONF) { 473 && info->cstate != PPTP_CALL_IN_CONF) {
474 DEBUGP("%s but never sent IN_CALL_REPLY\n", 474 DEBUGP("%s but never sent IN_CALL_REPLY\n",
475 pptp_msg_name[msg]); 475 pptp_msg_name[msg]);
476 break; 476 break;
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 5259abd0fb42..0416073c5600 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_conntrack *conntrack,
235 flag = 1; 235 flag = 1;
236 } 236 }
237 237
238 /* Cookie Ack/Echo chunks not the first OR 238 /*
239 Init / Init Ack / Shutdown compl chunks not the only chunks */ 239 * Cookie Ack/Echo chunks not the first OR
240 if ((sch->type == SCTP_CID_COOKIE_ACK 240 * Init / Init Ack / Shutdown compl chunks not the only chunks
241 * OR zero-length.
242 */
243 if (((sch->type == SCTP_CID_COOKIE_ACK
241 || sch->type == SCTP_CID_COOKIE_ECHO 244 || sch->type == SCTP_CID_COOKIE_ECHO
242 || flag) 245 || flag)
243 && count !=0 ) { 246 && count !=0) || !sch->length) {
244 DEBUGP("Basic checks failed\n"); 247 DEBUGP("Basic checks failed\n");
245 return 1; 248 return 1;
246 } 249 }
diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c
index 6c4899d8046a..96ceabaec402 100644
--- a/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ b/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -49,15 +49,15 @@ gre_in_range(const struct ip_conntrack_tuple *tuple,
49 const union ip_conntrack_manip_proto *min, 49 const union ip_conntrack_manip_proto *min,
50 const union ip_conntrack_manip_proto *max) 50 const union ip_conntrack_manip_proto *max)
51{ 51{
52 u_int32_t key; 52 __be16 key;
53 53
54 if (maniptype == IP_NAT_MANIP_SRC) 54 if (maniptype == IP_NAT_MANIP_SRC)
55 key = tuple->src.u.gre.key; 55 key = tuple->src.u.gre.key;
56 else 56 else
57 key = tuple->dst.u.gre.key; 57 key = tuple->dst.u.gre.key;
58 58
59 return ntohl(key) >= ntohl(min->gre.key) 59 return ntohs(key) >= ntohs(min->gre.key)
60 && ntohl(key) <= ntohl(max->gre.key); 60 && ntohs(key) <= ntohs(max->gre.key);
61} 61}
62 62
63/* generate unique tuple ... */ 63/* generate unique tuple ... */
@@ -81,14 +81,14 @@ gre_unique_tuple(struct ip_conntrack_tuple *tuple,
81 min = 1; 81 min = 1;
82 range_size = 0xffff; 82 range_size = 0xffff;
83 } else { 83 } else {
84 min = ntohl(range->min.gre.key); 84 min = ntohs(range->min.gre.key);
85 range_size = ntohl(range->max.gre.key) - min + 1; 85 range_size = ntohs(range->max.gre.key) - min + 1;
86 } 86 }
87 87
88 DEBUGP("min = %u, range_size = %u\n", min, range_size); 88 DEBUGP("min = %u, range_size = %u\n", min, range_size);
89 89
90 for (i = 0; i < range_size; i++, key++) { 90 for (i = 0; i < range_size; i++, key++) {
91 *keyptr = htonl(min + key % range_size); 91 *keyptr = htons(min + key % range_size);
92 if (!ip_nat_used_tuple(tuple, conntrack)) 92 if (!ip_nat_used_tuple(tuple, conntrack))
93 return 1; 93 return 1;
94 } 94 }
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
index c62253845538..c33244263b90 100644
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -768,6 +768,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
768 len *= sizeof(unsigned long); 768 len *= sizeof(unsigned long);
769 *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); 769 *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC);
770 if (*obj == NULL) { 770 if (*obj == NULL) {
771 kfree(lp);
771 kfree(id); 772 kfree(id);
772 if (net_ratelimit()) 773 if (net_ratelimit())
773 printk("OOM in bsalg (%d)\n", __LINE__); 774 printk("OOM in bsalg (%d)\n", __LINE__);
@@ -1003,12 +1004,12 @@ static unsigned char snmp_trap_decode(struct asn1_ctx *ctx,
1003 1004
1004 return 1; 1005 return 1;
1005 1006
1007err_addr_free:
1008 kfree((unsigned long *)trap->ip_address);
1009
1006err_id_free: 1010err_id_free:
1007 kfree(trap->id); 1011 kfree(trap->id);
1008 1012
1009err_addr_free:
1010 kfree((unsigned long *)trap->ip_address);
1011
1012 return 0; 1013 return 0;
1013} 1014}
1014 1015
@@ -1126,11 +1127,10 @@ static int snmp_parse_mangle(unsigned char *msg,
1126 struct snmp_v1_trap trap; 1127 struct snmp_v1_trap trap;
1127 unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check); 1128 unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check);
1128 1129
1129 /* Discard trap allocations regardless */ 1130 if (ret) {
1130 kfree(trap.id); 1131 kfree(trap.id);
1131 kfree((unsigned long *)trap.ip_address); 1132 kfree((unsigned long *)trap.ip_address);
1132 1133 } else
1133 if (!ret)
1134 return ret; 1134 return ret;
1135 1135
1136 } else { 1136 } else {
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 8f760b28617e..67e676783da9 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -219,8 +219,10 @@ ip_nat_out(unsigned int hooknum,
219 const struct net_device *out, 219 const struct net_device *out,
220 int (*okfn)(struct sk_buff *)) 220 int (*okfn)(struct sk_buff *))
221{ 221{
222#ifdef CONFIG_XFRM
222 struct ip_conntrack *ct; 223 struct ip_conntrack *ct;
223 enum ip_conntrack_info ctinfo; 224 enum ip_conntrack_info ctinfo;
225#endif
224 unsigned int ret; 226 unsigned int ret;
225 227
226 /* root is playing with raw sockets. */ 228 /* root is playing with raw sockets. */
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d25ac8ba6eba..cee3397ec277 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -956,15 +956,16 @@ struct compat_ipt_standard_target
956 compat_int_t verdict; 956 compat_int_t verdict;
957}; 957};
958 958
959#define IPT_ST_OFFSET (sizeof(struct ipt_standard_target) - \
960 sizeof(struct compat_ipt_standard_target))
961
962struct compat_ipt_standard 959struct compat_ipt_standard
963{ 960{
964 struct compat_ipt_entry entry; 961 struct compat_ipt_entry entry;
965 struct compat_ipt_standard_target target; 962 struct compat_ipt_standard_target target;
966}; 963};
967 964
965#define IPT_ST_LEN XT_ALIGN(sizeof(struct ipt_standard_target))
966#define IPT_ST_COMPAT_LEN COMPAT_XT_ALIGN(sizeof(struct compat_ipt_standard_target))
967#define IPT_ST_OFFSET (IPT_ST_LEN - IPT_ST_COMPAT_LEN)
968
968static int compat_ipt_standard_fn(void *target, 969static int compat_ipt_standard_fn(void *target,
969 void **dstptr, int *size, int convert) 970 void **dstptr, int *size, int convert)
970{ 971{
@@ -975,35 +976,29 @@ static int compat_ipt_standard_fn(void *target,
975 ret = 0; 976 ret = 0;
976 switch (convert) { 977 switch (convert) {
977 case COMPAT_TO_USER: 978 case COMPAT_TO_USER:
978 pst = (struct ipt_standard_target *)target; 979 pst = target;
979 memcpy(&compat_st.target, &pst->target, 980 memcpy(&compat_st.target, &pst->target,
980 sizeof(struct ipt_entry_target)); 981 sizeof(compat_st.target));
981 compat_st.verdict = pst->verdict; 982 compat_st.verdict = pst->verdict;
982 if (compat_st.verdict > 0) 983 if (compat_st.verdict > 0)
983 compat_st.verdict -= 984 compat_st.verdict -=
984 compat_calc_jump(compat_st.verdict); 985 compat_calc_jump(compat_st.verdict);
985 compat_st.target.u.user.target_size = 986 compat_st.target.u.user.target_size = IPT_ST_COMPAT_LEN;
986 sizeof(struct compat_ipt_standard_target); 987 if (copy_to_user(*dstptr, &compat_st, IPT_ST_COMPAT_LEN))
987 if (__copy_to_user(*dstptr, &compat_st,
988 sizeof(struct compat_ipt_standard_target)))
989 ret = -EFAULT; 988 ret = -EFAULT;
990 *size -= IPT_ST_OFFSET; 989 *size -= IPT_ST_OFFSET;
991 *dstptr += sizeof(struct compat_ipt_standard_target); 990 *dstptr += IPT_ST_COMPAT_LEN;
992 break; 991 break;
993 case COMPAT_FROM_USER: 992 case COMPAT_FROM_USER:
994 pcompat_st = 993 pcompat_st = target;
995 (struct compat_ipt_standard_target *)target; 994 memcpy(&st.target, &pcompat_st->target, IPT_ST_COMPAT_LEN);
996 memcpy(&st.target, &pcompat_st->target,
997 sizeof(struct ipt_entry_target));
998 st.verdict = pcompat_st->verdict; 995 st.verdict = pcompat_st->verdict;
999 if (st.verdict > 0) 996 if (st.verdict > 0)
1000 st.verdict += compat_calc_jump(st.verdict); 997 st.verdict += compat_calc_jump(st.verdict);
1001 st.target.u.user.target_size = 998 st.target.u.user.target_size = IPT_ST_LEN;
1002 sizeof(struct ipt_standard_target); 999 memcpy(*dstptr, &st, IPT_ST_LEN);
1003 memcpy(*dstptr, &st,
1004 sizeof(struct ipt_standard_target));
1005 *size += IPT_ST_OFFSET; 1000 *size += IPT_ST_OFFSET;
1006 *dstptr += sizeof(struct ipt_standard_target); 1001 *dstptr += IPT_ST_LEN;
1007 break; 1002 break;
1008 case COMPAT_CALC_SIZE: 1003 case COMPAT_CALC_SIZE:
1009 *size += IPT_ST_OFFSET; 1004 *size += IPT_ST_OFFSET;
@@ -1446,7 +1441,7 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
1446 ret = -EFAULT; 1441 ret = -EFAULT;
1447 origsize = *size; 1442 origsize = *size;
1448 ce = (struct compat_ipt_entry __user *)*dstptr; 1443 ce = (struct compat_ipt_entry __user *)*dstptr;
1449 if (__copy_to_user(ce, e, sizeof(struct ipt_entry))) 1444 if (copy_to_user(ce, e, sizeof(struct ipt_entry)))
1450 goto out; 1445 goto out;
1451 1446
1452 *dstptr += sizeof(struct compat_ipt_entry); 1447 *dstptr += sizeof(struct compat_ipt_entry);
@@ -1464,9 +1459,9 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
1464 goto out; 1459 goto out;
1465 ret = -EFAULT; 1460 ret = -EFAULT;
1466 next_offset = e->next_offset - (origsize - *size); 1461 next_offset = e->next_offset - (origsize - *size);
1467 if (__put_user(target_offset, &ce->target_offset)) 1462 if (put_user(target_offset, &ce->target_offset))
1468 goto out; 1463 goto out;
1469 if (__put_user(next_offset, &ce->next_offset)) 1464 if (put_user(next_offset, &ce->next_offset))
1470 goto out; 1465 goto out;
1471 return 0; 1466 return 0;
1472out: 1467out:
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 39fd4c2a2386..b98f7b08b084 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -428,7 +428,7 @@ ipt_log_target(struct sk_buff **pskb,
428 428
429 if (loginfo->logflags & IPT_LOG_NFLOG) 429 if (loginfo->logflags & IPT_LOG_NFLOG)
430 nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, 430 nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
431 loginfo->prefix); 431 "%s", loginfo->prefix);
432 else 432 else
433 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, 433 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
434 loginfo->prefix); 434 loginfo->prefix);
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 143843285702..b847ee409efb 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -821,6 +821,7 @@ checkentry(const char *tablename,
821 /* Create our proc 'status' entry. */ 821 /* Create our proc 'status' entry. */
822 curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent); 822 curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent);
823 if (!curr_table->status_proc) { 823 if (!curr_table->status_proc) {
824 vfree(hold);
824 printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n"); 825 printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n");
825 /* Destroy the created table */ 826 /* Destroy the created table */
826 spin_lock_bh(&recent_lock); 827 spin_lock_bh(&recent_lock);
@@ -845,7 +846,6 @@ checkentry(const char *tablename,
845 spin_unlock_bh(&recent_lock); 846 spin_unlock_bh(&recent_lock);
846 vfree(curr_table->time_info); 847 vfree(curr_table->time_info);
847 vfree(curr_table->hash_table); 848 vfree(curr_table->hash_table);
848 vfree(hold);
849 vfree(curr_table->table); 849 vfree(curr_table->table);
850 vfree(curr_table); 850 vfree(curr_table);
851 return 0; 851 return 0;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 5bc9f64d7b5b..77d974443c7b 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -348,6 +348,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
348 .tuple.dst.u.tcp.port; 348 .tuple.dst.u.tcp.port;
349 sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL] 349 sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
350 .tuple.dst.u3.ip; 350 .tuple.dst.u3.ip;
351 memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
351 352
352 DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", 353 DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
353 NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); 354 NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index ff434821909f..cc9423de7311 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2741,7 +2741,10 @@ int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
2741 /* Reserve room for dummy headers, this skb can pass 2741 /* Reserve room for dummy headers, this skb can pass
2742 through good chunk of routing engine. 2742 through good chunk of routing engine.
2743 */ 2743 */
2744 skb->mac.raw = skb->data; 2744 skb->mac.raw = skb->nh.raw = skb->data;
2745
2746 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2747 skb->nh.iph->protocol = IPPROTO_ICMP;
2745 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr)); 2748 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2746 2749
2747 if (rta[RTA_SRC - 1]) 2750 if (rta[RTA_SRC - 1])
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 87f68e787d0c..e2b7b8055037 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1468,6 +1468,7 @@ void tcp_close(struct sock *sk, long timeout)
1468{ 1468{
1469 struct sk_buff *skb; 1469 struct sk_buff *skb;
1470 int data_was_unread = 0; 1470 int data_was_unread = 0;
1471 int state;
1471 1472
1472 lock_sock(sk); 1473 lock_sock(sk);
1473 sk->sk_shutdown = SHUTDOWN_MASK; 1474 sk->sk_shutdown = SHUTDOWN_MASK;
@@ -1544,6 +1545,11 @@ void tcp_close(struct sock *sk, long timeout)
1544 sk_stream_wait_close(sk, timeout); 1545 sk_stream_wait_close(sk, timeout);
1545 1546
1546adjudge_to_death: 1547adjudge_to_death:
1548 state = sk->sk_state;
1549 sock_hold(sk);
1550 sock_orphan(sk);
1551 atomic_inc(sk->sk_prot->orphan_count);
1552
1547 /* It is the last release_sock in its life. It will remove backlog. */ 1553 /* It is the last release_sock in its life. It will remove backlog. */
1548 release_sock(sk); 1554 release_sock(sk);
1549 1555
@@ -1555,8 +1561,9 @@ adjudge_to_death:
1555 bh_lock_sock(sk); 1561 bh_lock_sock(sk);
1556 BUG_TRAP(!sock_owned_by_user(sk)); 1562 BUG_TRAP(!sock_owned_by_user(sk));
1557 1563
1558 sock_hold(sk); 1564 /* Have we already been destroyed by a softirq or backlog? */
1559 sock_orphan(sk); 1565 if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
1566 goto out;
1560 1567
1561 /* This is a (useful) BSD violating of the RFC. There is a 1568 /* This is a (useful) BSD violating of the RFC. There is a
1562 * problem with TCP as specified in that the other end could 1569 * problem with TCP as specified in that the other end could
@@ -1584,7 +1591,6 @@ adjudge_to_death:
1584 if (tmo > TCP_TIMEWAIT_LEN) { 1591 if (tmo > TCP_TIMEWAIT_LEN) {
1585 inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); 1592 inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk));
1586 } else { 1593 } else {
1587 atomic_inc(sk->sk_prot->orphan_count);
1588 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); 1594 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
1589 goto out; 1595 goto out;
1590 } 1596 }
@@ -1603,7 +1609,6 @@ adjudge_to_death:
1603 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY); 1609 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY);
1604 } 1610 }
1605 } 1611 }
1606 atomic_inc(sk->sk_prot->orphan_count);
1607 1612
1608 if (sk->sk_state == TCP_CLOSE) 1613 if (sk->sk_state == TCP_CLOSE)
1609 inet_csk_destroy_sock(sk); 1614 inet_csk_destroy_sock(sk);
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c
index e0e9d1383c7c..ba7c63ca5bb1 100644
--- a/net/ipv4/tcp_highspeed.c
+++ b/net/ipv4/tcp_highspeed.c
@@ -135,10 +135,11 @@ static void hstcp_cong_avoid(struct sock *sk, u32 adk, u32 rtt,
135 135
136 /* Do additive increase */ 136 /* Do additive increase */
137 if (tp->snd_cwnd < tp->snd_cwnd_clamp) { 137 if (tp->snd_cwnd < tp->snd_cwnd_clamp) {
138 tp->snd_cwnd_cnt += ca->ai; 138 /* cwnd = cwnd + a(w) / cwnd */
139 tp->snd_cwnd_cnt += ca->ai + 1;
139 if (tp->snd_cwnd_cnt >= tp->snd_cwnd) { 140 if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
140 tp->snd_cwnd++;
141 tp->snd_cwnd_cnt -= tp->snd_cwnd; 141 tp->snd_cwnd_cnt -= tp->snd_cwnd;
142 tp->snd_cwnd++;
142 } 143 }
143 } 144 }
144 } 145 }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 195d83584558..4a538bc1683d 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1662,6 +1662,8 @@ static void tcp_update_scoreboard(struct sock *sk, struct tcp_sock *tp)
1662 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_TAGBITS)) { 1662 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_TAGBITS)) {
1663 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 1663 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
1664 tp->lost_out += tcp_skb_pcount(skb); 1664 tp->lost_out += tcp_skb_pcount(skb);
1665 if (IsReno(tp))
1666 tcp_remove_reno_sacks(sk, tp, tcp_skb_pcount(skb) + 1);
1665 1667
1666 /* clear xmit_retrans hint */ 1668 /* clear xmit_retrans hint */
1667 if (tp->retransmit_skb_hint && 1669 if (tp->retransmit_skb_hint &&
@@ -4559,7 +4561,6 @@ discard:
4559 4561
4560EXPORT_SYMBOL(sysctl_tcp_ecn); 4562EXPORT_SYMBOL(sysctl_tcp_ecn);
4561EXPORT_SYMBOL(sysctl_tcp_reordering); 4563EXPORT_SYMBOL(sysctl_tcp_reordering);
4562EXPORT_SYMBOL(sysctl_tcp_abc);
4563EXPORT_SYMBOL(tcp_parse_options); 4564EXPORT_SYMBOL(tcp_parse_options);
4564EXPORT_SYMBOL(tcp_rcv_established); 4565EXPORT_SYMBOL(tcp_rcv_established);
4565EXPORT_SYMBOL(tcp_rcv_state_process); 4566EXPORT_SYMBOL(tcp_rcv_state_process);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 9e85c0416109..672950e54c49 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1859,5 +1859,4 @@ EXPORT_SYMBOL(tcp_proc_unregister);
1859#endif 1859#endif
1860EXPORT_SYMBOL(sysctl_local_port_range); 1860EXPORT_SYMBOL(sysctl_local_port_range);
1861EXPORT_SYMBOL(sysctl_tcp_low_latency); 1861EXPORT_SYMBOL(sysctl_tcp_low_latency);
1862EXPORT_SYMBOL(sysctl_tcp_tw_reuse);
1863 1862
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 9d79546d384e..f33c9dddaa12 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -59,9 +59,6 @@ int sysctl_tcp_tso_win_divisor = 3;
59int sysctl_tcp_mtu_probing = 0; 59int sysctl_tcp_mtu_probing = 0;
60int sysctl_tcp_base_mss = 512; 60int sysctl_tcp_base_mss = 512;
61 61
62EXPORT_SYMBOL(sysctl_tcp_mtu_probing);
63EXPORT_SYMBOL(sysctl_tcp_base_mss);
64
65static void update_send_head(struct sock *sk, struct tcp_sock *tp, 62static void update_send_head(struct sock *sk, struct tcp_sock *tp,
66 struct sk_buff *skb) 63 struct sk_buff *skb)
67{ 64{
@@ -468,7 +465,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
468 TCP_INC_STATS(TCP_MIB_OUTSEGS); 465 TCP_INC_STATS(TCP_MIB_OUTSEGS);
469 466
470 err = icsk->icsk_af_ops->queue_xmit(skb, 0); 467 err = icsk->icsk_af_ops->queue_xmit(skb, 0);
471 if (unlikely(err <= 0)) 468 if (likely(err <= 0))
472 return err; 469 return err;
473 470
474 tcp_enter_cwr(sk); 471 tcp_enter_cwr(sk);
@@ -536,6 +533,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
536 struct tcp_sock *tp = tcp_sk(sk); 533 struct tcp_sock *tp = tcp_sk(sk);
537 struct sk_buff *buff; 534 struct sk_buff *buff;
538 int nsize, old_factor; 535 int nsize, old_factor;
536 int nlen;
539 u16 flags; 537 u16 flags;
540 538
541 BUG_ON(len > skb->len); 539 BUG_ON(len > skb->len);
@@ -554,7 +552,11 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
554 buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC); 552 buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC);
555 if (buff == NULL) 553 if (buff == NULL)
556 return -ENOMEM; /* We'll just try again later. */ 554 return -ENOMEM; /* We'll just try again later. */
555
557 sk_charge_skb(sk, buff); 556 sk_charge_skb(sk, buff);
557 nlen = skb->len - len - nsize;
558 buff->truesize += nlen;
559 skb->truesize -= nlen;
558 560
559 /* Correct the sequence numbers. */ 561 /* Correct the sequence numbers. */
560 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 562 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
@@ -640,7 +642,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
640 * eventually). The difference is that pulled data not copied, but 642 * eventually). The difference is that pulled data not copied, but
641 * immediately discarded. 643 * immediately discarded.
642 */ 644 */
643static unsigned char *__pskb_trim_head(struct sk_buff *skb, int len) 645static void __pskb_trim_head(struct sk_buff *skb, int len)
644{ 646{
645 int i, k, eat; 647 int i, k, eat;
646 648
@@ -665,7 +667,6 @@ static unsigned char *__pskb_trim_head(struct sk_buff *skb, int len)
665 skb->tail = skb->data; 667 skb->tail = skb->data;
666 skb->data_len -= len; 668 skb->data_len -= len;
667 skb->len = skb->data_len; 669 skb->len = skb->data_len;
668 return skb->tail;
669} 670}
670 671
671int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len) 672int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
@@ -674,12 +675,11 @@ int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
674 pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) 675 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
675 return -ENOMEM; 676 return -ENOMEM;
676 677
677 if (len <= skb_headlen(skb)) { 678 /* If len == headlen, we avoid __skb_pull to preserve alignment. */
679 if (unlikely(len < skb_headlen(skb)))
678 __skb_pull(skb, len); 680 __skb_pull(skb, len);
679 } else { 681 else
680 if (__pskb_trim_head(skb, len-skb_headlen(skb)) == NULL) 682 __pskb_trim_head(skb, len - skb_headlen(skb));
681 return -ENOMEM;
682 }
683 683
684 TCP_SKB_CB(skb)->seq += len; 684 TCP_SKB_CB(skb)->seq += len;
685 skb->ip_summed = CHECKSUM_HW; 685 skb->ip_summed = CHECKSUM_HW;
@@ -1040,7 +1040,8 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
1040 if (unlikely(buff == NULL)) 1040 if (unlikely(buff == NULL))
1041 return -ENOMEM; 1041 return -ENOMEM;
1042 1042
1043 buff->truesize = nlen; 1043 sk_charge_skb(sk, buff);
1044 buff->truesize += nlen;
1044 skb->truesize -= nlen; 1045 skb->truesize -= nlen;
1045 1046
1046 /* Correct the sequence numbers. */ 1047 /* Correct the sequence numbers. */
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 32ad229b4fed..4ef8efaf6a67 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -62,7 +62,7 @@ static void xfrm4_encap(struct sk_buff *skb)
62 top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? 62 top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
63 0 : (iph->frag_off & htons(IP_DF)); 63 0 : (iph->frag_off & htons(IP_DF));
64 if (!top_iph->frag_off) 64 if (!top_iph->frag_off)
65 __ip_select_ident(top_iph, dst, 0); 65 __ip_select_ident(top_iph, dst->child, 0);
66 66
67 top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); 67 top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
68 68
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index f285bbf296e2..8604c747bca5 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -221,7 +221,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl)
221 if (pskb_may_pull(skb, xprth + 4 - skb->data)) { 221 if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
222 u16 *ipcomp_hdr = (u16 *)xprth; 222 u16 *ipcomp_hdr = (u16 *)xprth;
223 223
224 fl->fl_ipsec_spi = ntohl(ntohs(ipcomp_hdr[1])); 224 fl->fl_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));
225 } 225 }
226 break; 226 break;
227 default: 227 default:
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 2a1e7e45b890..a18d4256372c 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -485,15 +485,27 @@ static struct tlvtype_proc tlvprochopopt_lst[] = {
485 { -1, } 485 { -1, }
486}; 486};
487 487
488int ipv6_parse_hopopts(struct sk_buff *skb, int nhoff) 488int ipv6_parse_hopopts(struct sk_buff *skb)
489{ 489{
490 struct inet6_skb_parm *opt = IP6CB(skb); 490 struct inet6_skb_parm *opt = IP6CB(skb);
491 491
492 /*
493 * skb->nh.raw is equal to skb->data, and
494 * skb->h.raw - skb->nh.raw is always equal to
495 * sizeof(struct ipv6hdr) by definition of
496 * hop-by-hop options.
497 */
498 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
499 !pskb_may_pull(skb, sizeof(struct ipv6hdr) + ((skb->h.raw[1] + 1) << 3))) {
500 kfree_skb(skb);
501 return -1;
502 }
503
492 opt->hop = sizeof(struct ipv6hdr); 504 opt->hop = sizeof(struct ipv6hdr);
493 if (ip6_parse_tlv(tlvprochopopt_lst, skb)) { 505 if (ip6_parse_tlv(tlvprochopopt_lst, skb)) {
494 skb->h.raw += (skb->h.raw[1]+1)<<3; 506 skb->h.raw += (skb->h.raw[1]+1)<<3;
495 opt->nhoff = sizeof(struct ipv6hdr); 507 opt->nhoff = sizeof(struct ipv6hdr);
496 return sizeof(struct ipv6hdr); 508 return 1;
497 } 509 }
498 return -1; 510 return -1;
499} 511}
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index f8f3a37a1494..eb2865d5ae28 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -173,6 +173,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok)
173 173
174 if (err) { 174 if (err) {
175 sk->sk_err_soft = -err; 175 sk->sk_err_soft = -err;
176 kfree_skb(skb);
176 return err; 177 return err;
177 } 178 }
178 179
@@ -181,6 +182,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok)
181 182
182 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 183 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
183 sk->sk_route_caps = 0; 184 sk->sk_route_caps = 0;
185 kfree_skb(skb);
184 return err; 186 return err;
185 } 187 }
186 188
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 29f73592e68e..aceee252503d 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -114,11 +114,10 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
114 } 114 }
115 115
116 if (hdr->nexthdr == NEXTHDR_HOP) { 116 if (hdr->nexthdr == NEXTHDR_HOP) {
117 if (ipv6_parse_hopopts(skb, IP6CB(skb)->nhoff) < 0) { 117 if (ipv6_parse_hopopts(skb) < 0) {
118 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); 118 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
119 return 0; 119 return 0;
120 } 120 }
121 hdr = skb->nh.ipv6h;
122 } 121 }
123 122
124 return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish); 123 return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish);
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index 05eb67def39f..48636436028a 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -208,7 +208,7 @@ static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
208 if (type != ICMPV6_DEST_UNREACH && type != ICMPV6_PKT_TOOBIG) 208 if (type != ICMPV6_DEST_UNREACH && type != ICMPV6_PKT_TOOBIG)
209 return; 209 return;
210 210
211 spi = ntohl(ntohs(ipcomph->cpi)); 211 spi = htonl(ntohs(ipcomph->cpi));
212 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6); 212 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6);
213 if (!x) 213 if (!x)
214 return; 214 return;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 642b4b11464f..2e72f89a7019 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -288,19 +288,6 @@ ip6t_do_table(struct sk_buff **pskb,
288 table_base = (void *)private->entries[smp_processor_id()]; 288 table_base = (void *)private->entries[smp_processor_id()];
289 e = get_entry(table_base, private->hook_entry[hook]); 289 e = get_entry(table_base, private->hook_entry[hook]);
290 290
291#ifdef CONFIG_NETFILTER_DEBUG
292 /* Check noone else using our table */
293 if (((struct ip6t_entry *)table_base)->comefrom != 0xdead57ac
294 && ((struct ip6t_entry *)table_base)->comefrom != 0xeeeeeeec) {
295 printk("ASSERT: CPU #%u, %s comefrom(%p) = %X\n",
296 smp_processor_id(),
297 table->name,
298 &((struct ip6t_entry *)table_base)->comefrom,
299 ((struct ip6t_entry *)table_base)->comefrom);
300 }
301 ((struct ip6t_entry *)table_base)->comefrom = 0x57acc001;
302#endif
303
304 /* For return from builtin chain */ 291 /* For return from builtin chain */
305 back = get_entry(table_base, private->underflow[hook]); 292 back = get_entry(table_base, private->underflow[hook]);
306 293
@@ -1116,7 +1103,7 @@ do_add_counters(void __user *user, unsigned int len)
1116 1103
1117 write_lock_bh(&t->lock); 1104 write_lock_bh(&t->lock);
1118 private = t->private; 1105 private = t->private;
1119 if (private->number != paddc->num_counters) { 1106 if (private->number != tmp.num_counters) {
1120 ret = -EINVAL; 1107 ret = -EINVAL;
1121 goto unlock_up_free; 1108 goto unlock_up_free;
1122 } 1109 }
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index a96c0de14b00..73c6300109d6 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -439,7 +439,7 @@ ip6t_log_target(struct sk_buff **pskb,
439 439
440 if (loginfo->logflags & IP6T_LOG_NFLOG) 440 if (loginfo->logflags & IP6T_LOG_NFLOG)
441 nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, 441 nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
442 loginfo->prefix); 442 "%s", loginfo->prefix);
443 else 443 else
444 ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, 444 ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
445 loginfo->prefix); 445 loginfo->prefix);
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index 94dbdb8b458d..4f6b84c8f4ab 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -40,7 +40,7 @@ match(const struct sk_buff *skb,
40 40
41 memset(eui64, 0, sizeof(eui64)); 41 memset(eui64, 0, sizeof(eui64));
42 42
43 if (eth_hdr(skb)->h_proto == ntohs(ETH_P_IPV6)) { 43 if (eth_hdr(skb)->h_proto == htons(ETH_P_IPV6)) {
44 if (skb->nh.ipv6h->version == 0x6) { 44 if (skb->nh.ipv6h->version == 0x6) {
45 memcpy(eui64, eth_hdr(skb)->h_source, 3); 45 memcpy(eui64, eth_hdr(skb)->h_source, 3);
46 memcpy(eui64 + 5, eth_hdr(skb)->h_source + 3, 3); 46 memcpy(eui64 + 5, eth_hdr(skb)->h_source + 3, 3);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 79078747a646..8a777932786d 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -280,10 +280,13 @@ static int inline rt6_check_neigh(struct rt6_info *rt)
280{ 280{
281 struct neighbour *neigh = rt->rt6i_nexthop; 281 struct neighbour *neigh = rt->rt6i_nexthop;
282 int m = 0; 282 int m = 0;
283 if (neigh) { 283 if (rt->rt6i_flags & RTF_NONEXTHOP ||
284 !(rt->rt6i_flags & RTF_GATEWAY))
285 m = 1;
286 else if (neigh) {
284 read_lock_bh(&neigh->lock); 287 read_lock_bh(&neigh->lock);
285 if (neigh->nud_state & NUD_VALID) 288 if (neigh->nud_state & NUD_VALID)
286 m = 1; 289 m = 2;
287 read_unlock_bh(&neigh->lock); 290 read_unlock_bh(&neigh->lock);
288 } 291 }
289 return m; 292 return m;
@@ -292,15 +295,18 @@ static int inline rt6_check_neigh(struct rt6_info *rt)
292static int rt6_score_route(struct rt6_info *rt, int oif, 295static int rt6_score_route(struct rt6_info *rt, int oif,
293 int strict) 296 int strict)
294{ 297{
295 int m = rt6_check_dev(rt, oif); 298 int m, n;
299
300 m = rt6_check_dev(rt, oif);
296 if (!m && (strict & RT6_SELECT_F_IFACE)) 301 if (!m && (strict & RT6_SELECT_F_IFACE))
297 return -1; 302 return -1;
298#ifdef CONFIG_IPV6_ROUTER_PREF 303#ifdef CONFIG_IPV6_ROUTER_PREF
299 m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2; 304 m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
300#endif 305#endif
301 if (rt6_check_neigh(rt)) 306 n = rt6_check_neigh(rt);
307 if (n > 1)
302 m |= 16; 308 m |= 16;
303 else if (strict & RT6_SELECT_F_REACHABLE) 309 else if (!n && strict & RT6_SELECT_F_REACHABLE)
304 return -1; 310 return -1;
305 return m; 311 return m;
306} 312}
@@ -317,7 +323,7 @@ static struct rt6_info *rt6_select(struct rt6_info **head, int oif,
317 __FUNCTION__, head, head ? *head : NULL, oif); 323 __FUNCTION__, head, head ? *head : NULL, oif);
318 324
319 for (rt = rt0, metric = rt0->rt6i_metric; 325 for (rt = rt0, metric = rt0->rt6i_metric;
320 rt && rt->rt6i_metric == metric; 326 rt && rt->rt6i_metric == metric && (!last || rt != rt0);
321 rt = rt->u.next) { 327 rt = rt->u.next) {
322 int m; 328 int m;
323 329
@@ -343,9 +349,12 @@ static struct rt6_info *rt6_select(struct rt6_info **head, int oif,
343 (strict & RT6_SELECT_F_REACHABLE) && 349 (strict & RT6_SELECT_F_REACHABLE) &&
344 last && last != rt0) { 350 last && last != rt0) {
345 /* no entries matched; do round-robin */ 351 /* no entries matched; do round-robin */
352 static spinlock_t lock = SPIN_LOCK_UNLOCKED;
353 spin_lock(&lock);
346 *head = rt0->u.next; 354 *head = rt0->u.next;
347 rt0->u.next = last->u.next; 355 rt0->u.next = last->u.next;
348 last->u.next = rt0; 356 last->u.next = rt0;
357 spin_unlock(&lock);
349 } 358 }
350 359
351 RT6_TRACE("%s() => %p, score=%d\n", 360 RT6_TRACE("%s() => %p, score=%d\n",
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 91cce8b2d7a5..88c840f1beb6 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -191,16 +191,18 @@ error:
191static inline void 191static inline void
192_decode_session6(struct sk_buff *skb, struct flowi *fl) 192_decode_session6(struct sk_buff *skb, struct flowi *fl)
193{ 193{
194 u16 offset = sizeof(struct ipv6hdr); 194 u16 offset = skb->h.raw - skb->nh.raw;
195 struct ipv6hdr *hdr = skb->nh.ipv6h; 195 struct ipv6hdr *hdr = skb->nh.ipv6h;
196 struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset); 196 struct ipv6_opt_hdr *exthdr;
197 u8 nexthdr = skb->nh.ipv6h->nexthdr; 197 u8 nexthdr = skb->nh.raw[IP6CB(skb)->nhoff];
198 198
199 memset(fl, 0, sizeof(struct flowi)); 199 memset(fl, 0, sizeof(struct flowi));
200 ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr); 200 ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr);
201 ipv6_addr_copy(&fl->fl6_src, &hdr->saddr); 201 ipv6_addr_copy(&fl->fl6_src, &hdr->saddr);
202 202
203 while (pskb_may_pull(skb, skb->nh.raw + offset + 1 - skb->data)) { 203 while (pskb_may_pull(skb, skb->nh.raw + offset + 1 - skb->data)) {
204 exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
205
204 switch (nexthdr) { 206 switch (nexthdr) {
205 case NEXTHDR_ROUTING: 207 case NEXTHDR_ROUTING:
206 case NEXTHDR_HOP: 208 case NEXTHDR_HOP:
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 2dbf134d5266..811d998725bc 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -944,9 +944,9 @@ out:
944 return rc; 944 return rc;
945} 945}
946 946
947static int ipx_map_frame_type(unsigned char type) 947static __be16 ipx_map_frame_type(unsigned char type)
948{ 948{
949 int rc = 0; 949 __be16 rc = 0;
950 950
951 switch (type) { 951 switch (type) {
952 case IPX_FRAME_ETHERII: rc = htons(ETH_P_IPX); break; 952 case IPX_FRAME_ETHERII: rc = htons(ETH_P_IPX); break;
diff --git a/net/ipx/ipx_route.c b/net/ipx/ipx_route.c
index 67774448efd9..a394c6fe19a2 100644
--- a/net/ipx/ipx_route.c
+++ b/net/ipx/ipx_route.c
@@ -119,7 +119,7 @@ out:
119 return rc; 119 return rc;
120} 120}
121 121
122static int ipxrtr_delete(long net) 122static int ipxrtr_delete(__u32 net)
123{ 123{
124 struct ipx_route *r, *tmp; 124 struct ipx_route *r, *tmp;
125 int rc; 125 int rc;
diff --git a/net/irda/iriap.c b/net/irda/iriap.c
index 254f90746900..2d2e2b1919f4 100644
--- a/net/irda/iriap.c
+++ b/net/irda/iriap.c
@@ -544,7 +544,8 @@ static void iriap_getvaluebyclass_response(struct iriap_cb *self,
544{ 544{
545 struct sk_buff *tx_skb; 545 struct sk_buff *tx_skb;
546 int n; 546 int n;
547 __u32 tmp_be32, tmp_be16; 547 __u32 tmp_be32;
548 __be16 tmp_be16;
548 __u8 *fp; 549 __u8 *fp;
549 550
550 IRDA_DEBUG(4, "%s()\n", __FUNCTION__); 551 IRDA_DEBUG(4, "%s()\n", __FUNCTION__);
diff --git a/net/irda/irias_object.c b/net/irda/irias_object.c
index c6d169fbdceb..82e665c79991 100644
--- a/net/irda/irias_object.c
+++ b/net/irda/irias_object.c
@@ -257,7 +257,6 @@ struct ias_attrib *irias_find_attrib(struct ias_object *obj, char *name)
257 /* Unsafe (locking), attrib might change */ 257 /* Unsafe (locking), attrib might change */
258 return attrib; 258 return attrib;
259} 259}
260EXPORT_SYMBOL(irias_find_attrib);
261 260
262/* 261/*
263 * Function irias_add_attribute (obj, attrib) 262 * Function irias_add_attribute (obj, attrib)
@@ -484,7 +483,6 @@ struct ias_value *irias_new_string_value(char *string)
484 483
485 return value; 484 return value;
486} 485}
487EXPORT_SYMBOL(irias_new_string_value);
488 486
489/* 487/*
490 * Function irias_new_octseq_value (octets, len) 488 * Function irias_new_octseq_value (octets, len)
@@ -519,7 +517,6 @@ struct ias_value *irias_new_octseq_value(__u8 *octseq , int len)
519 memcpy(value->t.oct_seq, octseq , len); 517 memcpy(value->t.oct_seq, octseq , len);
520 return value; 518 return value;
521} 519}
522EXPORT_SYMBOL(irias_new_octseq_value);
523 520
524struct ias_value *irias_new_missing_value(void) 521struct ias_value *irias_new_missing_value(void)
525{ 522{
diff --git a/net/irda/irlap.c b/net/irda/irlap.c
index 7029618f5719..a16528657b4c 100644
--- a/net/irda/irlap.c
+++ b/net/irda/irlap.c
@@ -884,7 +884,8 @@ static void irlap_change_speed(struct irlap_cb *self, __u32 speed, int now)
884 if (now) { 884 if (now) {
885 /* Send down empty frame to trigger speed change */ 885 /* Send down empty frame to trigger speed change */
886 skb = dev_alloc_skb(0); 886 skb = dev_alloc_skb(0);
887 irlap_queue_xmit(self, skb); 887 if (skb)
888 irlap_queue_xmit(self, skb);
888 } 889 }
889} 890}
890 891
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 8f3addf0724c..d62e0f9b9da3 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -118,7 +118,8 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
118 u16 pdulen = eth_hdr(skb)->h_proto, 118 u16 pdulen = eth_hdr(skb)->h_proto,
119 data_size = ntohs(pdulen) - llc_len; 119 data_size = ntohs(pdulen) - llc_len;
120 120
121 skb_trim(skb, data_size); 121 if (unlikely(pskb_trim_rcsum(skb, data_size)))
122 return 0;
122 } 123 }
123 return 1; 124 return 1;
124} 125}
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index e581190fb6c3..f9b83f91371a 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -178,9 +178,6 @@ static struct {
178 /* allocated slab cache + modules which uses this slab cache */ 178 /* allocated slab cache + modules which uses this slab cache */
179 int use; 179 int use;
180 180
181 /* Initialization */
182 int (*init_conntrack)(struct nf_conn *, u_int32_t);
183
184} nf_ct_cache[NF_CT_F_NUM]; 181} nf_ct_cache[NF_CT_F_NUM];
185 182
186/* protect members of nf_ct_cache except of "use" */ 183/* protect members of nf_ct_cache except of "use" */
@@ -208,10 +205,8 @@ nf_ct_proto_find_get(u_int16_t l3proto, u_int8_t protocol)
208 205
209 preempt_disable(); 206 preempt_disable();
210 p = __nf_ct_proto_find(l3proto, protocol); 207 p = __nf_ct_proto_find(l3proto, protocol);
211 if (p) { 208 if (!try_module_get(p->me))
212 if (!try_module_get(p->me)) 209 p = &nf_conntrack_generic_protocol;
213 p = &nf_conntrack_generic_protocol;
214 }
215 preempt_enable(); 210 preempt_enable();
216 211
217 return p; 212 return p;
@@ -229,10 +224,8 @@ nf_ct_l3proto_find_get(u_int16_t l3proto)
229 224
230 preempt_disable(); 225 preempt_disable();
231 p = __nf_ct_l3proto_find(l3proto); 226 p = __nf_ct_l3proto_find(l3proto);
232 if (p) { 227 if (!try_module_get(p->me))
233 if (!try_module_get(p->me)) 228 p = &nf_conntrack_generic_l3proto;
234 p = &nf_conntrack_generic_l3proto;
235 }
236 preempt_enable(); 229 preempt_enable();
237 230
238 return p; 231 return p;
diff --git a/net/netfilter/nf_conntrack_l3proto_generic.c b/net/netfilter/nf_conntrack_l3proto_generic.c
index 7de4f06c63c5..3fc58e454d4e 100644
--- a/net/netfilter/nf_conntrack_l3proto_generic.c
+++ b/net/netfilter/nf_conntrack_l3proto_generic.c
@@ -94,5 +94,4 @@ struct nf_conntrack_l3proto nf_conntrack_generic_l3proto = {
94 .print_conntrack = generic_print_conntrack, 94 .print_conntrack = generic_print_conntrack,
95 .prepare = generic_prepare, 95 .prepare = generic_prepare,
96 .get_features = generic_get_features, 96 .get_features = generic_get_features,
97 .me = THIS_MODULE,
98}; 97};
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 9cccc325b687..0c6da496cfa9 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -240,12 +240,15 @@ static int do_basic_checks(struct nf_conn *conntrack,
240 flag = 1; 240 flag = 1;
241 } 241 }
242 242
243 /* Cookie Ack/Echo chunks not the first OR 243 /*
244 Init / Init Ack / Shutdown compl chunks not the only chunks */ 244 * Cookie Ack/Echo chunks not the first OR
245 if ((sch->type == SCTP_CID_COOKIE_ACK 245 * Init / Init Ack / Shutdown compl chunks not the only chunks
246 * OR zero-length.
247 */
248 if (((sch->type == SCTP_CID_COOKIE_ACK
246 || sch->type == SCTP_CID_COOKIE_ECHO 249 || sch->type == SCTP_CID_COOKIE_ECHO
247 || flag) 250 || flag)
248 && count !=0 ) { 251 && count !=0) || !sch->length) {
249 DEBUGP("Basic checks failed\n"); 252 DEBUGP("Basic checks failed\n");
250 return 1; 253 return 1;
251 } 254 }
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index c60273cad778..61cdda4e5d3b 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -321,7 +321,7 @@ static int
321nfulnl_set_flags(struct nfulnl_instance *inst, u_int16_t flags) 321nfulnl_set_flags(struct nfulnl_instance *inst, u_int16_t flags)
322{ 322{
323 spin_lock_bh(&inst->lock); 323 spin_lock_bh(&inst->lock);
324 inst->flags = ntohs(flags); 324 inst->flags = flags;
325 spin_unlock_bh(&inst->lock); 325 spin_unlock_bh(&inst->lock);
326 326
327 return 0; 327 return 0;
@@ -902,7 +902,7 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
902 if (nfula[NFULA_CFG_FLAGS-1]) { 902 if (nfula[NFULA_CFG_FLAGS-1]) {
903 u_int16_t flags = 903 u_int16_t flags =
904 *(u_int16_t *)NFA_DATA(nfula[NFULA_CFG_FLAGS-1]); 904 *(u_int16_t *)NFA_DATA(nfula[NFULA_CFG_FLAGS-1]);
905 nfulnl_set_flags(inst, ntohl(flags)); 905 nfulnl_set_flags(inst, ntohs(flags));
906 } 906 }
907 907
908out_put: 908out_put:
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 00cf0a4f4d92..99293c63ff73 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -289,7 +289,7 @@ int xt_compat_match(void *match, void **dstptr, int *size, int convert)
289 case COMPAT_TO_USER: 289 case COMPAT_TO_USER:
290 pm = (struct xt_entry_match *)match; 290 pm = (struct xt_entry_match *)match;
291 msize = pm->u.user.match_size; 291 msize = pm->u.user.match_size;
292 if (__copy_to_user(*dstptr, pm, msize)) { 292 if (copy_to_user(*dstptr, pm, msize)) {
293 ret = -EFAULT; 293 ret = -EFAULT;
294 break; 294 break;
295 } 295 }
@@ -366,7 +366,7 @@ int xt_compat_target(void *target, void **dstptr, int *size, int convert)
366 case COMPAT_TO_USER: 366 case COMPAT_TO_USER:
367 pt = (struct xt_entry_target *)target; 367 pt = (struct xt_entry_target *)target;
368 tsize = pt->u.user.target_size; 368 tsize = pt->u.user.target_size;
369 if (__copy_to_user(*dstptr, pt, tsize)) { 369 if (copy_to_user(*dstptr, pt, tsize)) {
370 ret = -EFAULT; 370 ret = -EFAULT;
371 break; 371 break;
372 } 372 }
@@ -529,6 +529,7 @@ int xt_register_table(struct xt_table *table,
529 529
530 /* Simplifies replace_table code. */ 530 /* Simplifies replace_table code. */
531 table->private = bootstrap; 531 table->private = bootstrap;
532 rwlock_init(&table->lock);
532 if (!xt_replace_table(table, 0, newinfo, &ret)) 533 if (!xt_replace_table(table, 0, newinfo, &ret))
533 goto unlock; 534 goto unlock;
534 535
@@ -538,7 +539,6 @@ int xt_register_table(struct xt_table *table,
538 /* save number of initial entries */ 539 /* save number of initial entries */
539 private->initial_entries = private->number; 540 private->initial_entries = private->number;
540 541
541 rwlock_init(&table->lock);
542 list_prepend(&xt[table->af].tables, table); 542 list_prepend(&xt[table->af].tables, table);
543 543
544 ret = 0; 544 ret = 0;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2a233ffcf618..3862e73d14d7 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -56,12 +56,12 @@
56#include <linux/mm.h> 56#include <linux/mm.h>
57#include <linux/types.h> 57#include <linux/types.h>
58#include <linux/audit.h> 58#include <linux/audit.h>
59#include <linux/selinux.h>
59 60
60#include <net/sock.h> 61#include <net/sock.h>
61#include <net/scm.h> 62#include <net/scm.h>
62#include <net/netlink.h> 63#include <net/netlink.h>
63 64
64#define Nprintk(a...)
65#define NLGRPSZ(x) (ALIGN(x, sizeof(unsigned long) * 8) / 8) 65#define NLGRPSZ(x) (ALIGN(x, sizeof(unsigned long) * 8) / 8)
66 66
67struct netlink_sock { 67struct netlink_sock {
@@ -1157,6 +1157,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1157 NETLINK_CB(skb).dst_pid = dst_pid; 1157 NETLINK_CB(skb).dst_pid = dst_pid;
1158 NETLINK_CB(skb).dst_group = dst_group; 1158 NETLINK_CB(skb).dst_group = dst_group;
1159 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); 1159 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
1160 selinux_get_task_sid(current, &(NETLINK_CB(skb).sid));
1160 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1161 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1161 1162
1162 /* What can I do? Netlink is asynchronous, so that 1163 /* What can I do? Netlink is asynchronous, so that
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index d44981f5a619..3669cb953e6e 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -425,11 +425,16 @@ static int nr_create(struct socket *sock, int protocol)
425 425
426 nr_init_timers(sk); 426 nr_init_timers(sk);
427 427
428 nr->t1 = sysctl_netrom_transport_timeout; 428 nr->t1 =
429 nr->t2 = sysctl_netrom_transport_acknowledge_delay; 429 msecs_to_jiffies(sysctl_netrom_transport_timeout);
430 nr->n2 = sysctl_netrom_transport_maximum_tries; 430 nr->t2 =
431 nr->t4 = sysctl_netrom_transport_busy_delay; 431 msecs_to_jiffies(sysctl_netrom_transport_acknowledge_delay);
432 nr->idle = sysctl_netrom_transport_no_activity_timeout; 432 nr->n2 =
433 msecs_to_jiffies(sysctl_netrom_transport_maximum_tries);
434 nr->t4 =
435 msecs_to_jiffies(sysctl_netrom_transport_busy_delay);
436 nr->idle =
437 msecs_to_jiffies(sysctl_netrom_transport_no_activity_timeout);
433 nr->window = sysctl_netrom_transport_requested_window_size; 438 nr->window = sysctl_netrom_transport_requested_window_size;
434 439
435 nr->bpqext = 1; 440 nr->bpqext = 1;
@@ -1365,8 +1370,6 @@ static struct notifier_block nr_dev_notifier = {
1365 1370
1366static struct net_device **dev_nr; 1371static struct net_device **dev_nr;
1367 1372
1368static char banner[] __initdata = KERN_INFO "G4KLX NET/ROM for Linux. Version 0.7 for AX25.037 Linux 2.4\n";
1369
1370static int __init nr_proto_init(void) 1373static int __init nr_proto_init(void)
1371{ 1374{
1372 int i; 1375 int i;
@@ -1414,7 +1417,6 @@ static int __init nr_proto_init(void)
1414 } 1417 }
1415 1418
1416 register_netdevice_notifier(&nr_dev_notifier); 1419 register_netdevice_notifier(&nr_dev_notifier);
1417 printk(banner);
1418 1420
1419 ax25_protocol_register(AX25_P_NETROM, nr_route_frame); 1421 ax25_protocol_register(AX25_P_NETROM, nr_route_frame);
1420 ax25_linkfail_register(nr_link_failed); 1422 ax25_linkfail_register(nr_link_failed);
diff --git a/net/netrom/nr_dev.c b/net/netrom/nr_dev.c
index 509afddae569..621e5586ab03 100644
--- a/net/netrom/nr_dev.c
+++ b/net/netrom/nr_dev.c
@@ -185,7 +185,6 @@ static struct net_device_stats *nr_get_stats(struct net_device *dev)
185 185
186void nr_setup(struct net_device *dev) 186void nr_setup(struct net_device *dev)
187{ 187{
188 SET_MODULE_OWNER(dev);
189 dev->mtu = NR_MAX_PACKET_SIZE; 188 dev->mtu = NR_MAX_PACKET_SIZE;
190 dev->hard_start_xmit = nr_xmit; 189 dev->hard_start_xmit = nr_xmit;
191 dev->open = nr_open; 190 dev->open = nr_open;
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index ea65396d1619..55564efccf11 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -518,11 +518,11 @@ static int rose_create(struct socket *sock, int protocol)
518 init_timer(&rose->timer); 518 init_timer(&rose->timer);
519 init_timer(&rose->idletimer); 519 init_timer(&rose->idletimer);
520 520
521 rose->t1 = sysctl_rose_call_request_timeout; 521 rose->t1 = msecs_to_jiffies(sysctl_rose_call_request_timeout);
522 rose->t2 = sysctl_rose_reset_request_timeout; 522 rose->t2 = msecs_to_jiffies(sysctl_rose_reset_request_timeout);
523 rose->t3 = sysctl_rose_clear_request_timeout; 523 rose->t3 = msecs_to_jiffies(sysctl_rose_clear_request_timeout);
524 rose->hb = sysctl_rose_ack_hold_back_timeout; 524 rose->hb = msecs_to_jiffies(sysctl_rose_ack_hold_back_timeout);
525 rose->idle = sysctl_rose_no_activity_timeout; 525 rose->idle = msecs_to_jiffies(sysctl_rose_no_activity_timeout);
526 526
527 rose->state = ROSE_STATE_0; 527 rose->state = ROSE_STATE_0;
528 528
@@ -1469,8 +1469,6 @@ static struct notifier_block rose_dev_notifier = {
1469 1469
1470static struct net_device **dev_rose; 1470static struct net_device **dev_rose;
1471 1471
1472static const char banner[] = KERN_INFO "F6FBB/G4KLX ROSE for Linux. Version 0.62 for AX25.037 Linux 2.4\n";
1473
1474static int __init rose_proto_init(void) 1472static int __init rose_proto_init(void)
1475{ 1473{
1476 int i; 1474 int i;
@@ -1519,7 +1517,6 @@ static int __init rose_proto_init(void)
1519 1517
1520 sock_register(&rose_family_ops); 1518 sock_register(&rose_family_ops);
1521 register_netdevice_notifier(&rose_dev_notifier); 1519 register_netdevice_notifier(&rose_dev_notifier);
1522 printk(banner);
1523 1520
1524 ax25_protocol_register(AX25_P_ROSE, rose_route_frame); 1521 ax25_protocol_register(AX25_P_ROSE, rose_route_frame);
1525 ax25_linkfail_register(rose_link_failed); 1522 ax25_linkfail_register(rose_link_failed);
diff --git a/net/rose/rose_dev.c b/net/rose/rose_dev.c
index d297af737d10..2a1bf8e119e5 100644
--- a/net/rose/rose_dev.c
+++ b/net/rose/rose_dev.c
@@ -135,7 +135,6 @@ static struct net_device_stats *rose_get_stats(struct net_device *dev)
135 135
136void rose_setup(struct net_device *dev) 136void rose_setup(struct net_device *dev)
137{ 137{
138 SET_MODULE_OWNER(dev);
139 dev->mtu = ROSE_MAX_PACKET_SIZE - 2; 138 dev->mtu = ROSE_MAX_PACKET_SIZE - 2;
140 dev->hard_start_xmit = rose_xmit; 139 dev->hard_start_xmit = rose_xmit;
141 dev->open = rose_open; 140 dev->open = rose_open;
diff --git a/net/rose/rose_link.c b/net/rose/rose_link.c
index 09e9e9d04d92..bd86a63960ce 100644
--- a/net/rose/rose_link.c
+++ b/net/rose/rose_link.c
@@ -40,7 +40,8 @@ void rose_start_ftimer(struct rose_neigh *neigh)
40 40
41 neigh->ftimer.data = (unsigned long)neigh; 41 neigh->ftimer.data = (unsigned long)neigh;
42 neigh->ftimer.function = &rose_ftimer_expiry; 42 neigh->ftimer.function = &rose_ftimer_expiry;
43 neigh->ftimer.expires = jiffies + sysctl_rose_link_fail_timeout; 43 neigh->ftimer.expires =
44 jiffies + msecs_to_jiffies(sysctl_rose_link_fail_timeout);
44 45
45 add_timer(&neigh->ftimer); 46 add_timer(&neigh->ftimer);
46} 47}
@@ -51,7 +52,8 @@ static void rose_start_t0timer(struct rose_neigh *neigh)
51 52
52 neigh->t0timer.data = (unsigned long)neigh; 53 neigh->t0timer.data = (unsigned long)neigh;
53 neigh->t0timer.function = &rose_t0timer_expiry; 54 neigh->t0timer.function = &rose_t0timer_expiry;
54 neigh->t0timer.expires = jiffies + sysctl_rose_restart_request_timeout; 55 neigh->t0timer.expires =
56 jiffies + msecs_to_jiffies(sysctl_rose_restart_request_timeout);
55 57
56 add_timer(&neigh->t0timer); 58 add_timer(&neigh->t0timer);
57} 59}
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 8631b65a7312..a22542fa1bc8 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -48,8 +48,6 @@ static DEFINE_SPINLOCK(rose_route_list_lock);
48 48
49struct rose_neigh *rose_loopback_neigh; 49struct rose_neigh *rose_loopback_neigh;
50 50
51static void rose_remove_neigh(struct rose_neigh *);
52
53/* 51/*
54 * Add a new route to a node, and in the process add the node and the 52 * Add a new route to a node, and in the process add the node and the
55 * neighbour if it is new. 53 * neighbour if it is new.
@@ -235,11 +233,8 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
235 233
236 skb_queue_purge(&rose_neigh->queue); 234 skb_queue_purge(&rose_neigh->queue);
237 235
238 spin_lock_bh(&rose_neigh_list_lock);
239
240 if ((s = rose_neigh_list) == rose_neigh) { 236 if ((s = rose_neigh_list) == rose_neigh) {
241 rose_neigh_list = rose_neigh->next; 237 rose_neigh_list = rose_neigh->next;
242 spin_unlock_bh(&rose_neigh_list_lock);
243 kfree(rose_neigh->digipeat); 238 kfree(rose_neigh->digipeat);
244 kfree(rose_neigh); 239 kfree(rose_neigh);
245 return; 240 return;
@@ -248,7 +243,6 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
248 while (s != NULL && s->next != NULL) { 243 while (s != NULL && s->next != NULL) {
249 if (s->next == rose_neigh) { 244 if (s->next == rose_neigh) {
250 s->next = rose_neigh->next; 245 s->next = rose_neigh->next;
251 spin_unlock_bh(&rose_neigh_list_lock);
252 kfree(rose_neigh->digipeat); 246 kfree(rose_neigh->digipeat);
253 kfree(rose_neigh); 247 kfree(rose_neigh);
254 return; 248 return;
@@ -256,7 +250,6 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh)
256 250
257 s = s->next; 251 s = s->next;
258 } 252 }
259 spin_unlock_bh(&rose_neigh_list_lock);
260} 253}
261 254
262/* 255/*
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 6056d20ef429..37640c6fc014 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -69,6 +69,11 @@ ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook)
69 DPRINTK("ipt_init_target: found %s\n", target->name); 69 DPRINTK("ipt_init_target: found %s\n", target->name);
70 t->u.kernel.target = target; 70 t->u.kernel.target = target;
71 71
72 ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
73 table, hook, 0, 0);
74 if (ret)
75 return ret;
76
72 if (t->u.kernel.target->checkentry 77 if (t->u.kernel.target->checkentry
73 && !t->u.kernel.target->checkentry(table, NULL, 78 && !t->u.kernel.target->checkentry(table, NULL,
74 t->u.kernel.target, t->data, 79 t->u.kernel.target, t->data,
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 31eb83717c26..138ea92ed268 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -193,8 +193,10 @@ static void dev_watchdog(unsigned long arg)
193 netif_running(dev) && 193 netif_running(dev) &&
194 netif_carrier_ok(dev)) { 194 netif_carrier_ok(dev)) {
195 if (netif_queue_stopped(dev) && 195 if (netif_queue_stopped(dev) &&
196 (jiffies - dev->trans_start) > dev->watchdog_timeo) { 196 time_after(jiffies, dev->trans_start + dev->watchdog_timeo)) {
197 printk(KERN_INFO "NETDEV WATCHDOG: %s: transmit timed out\n", dev->name); 197
198 printk(KERN_INFO "NETDEV WATCHDOG: %s: transmit timed out\n",
199 dev->name);
198 dev->tx_timeout(dev); 200 dev->tx_timeout(dev);
199 } 201 }
200 if (!mod_timer(&dev->watchdog_timer, jiffies + dev->watchdog_timeo)) 202 if (!mod_timer(&dev->watchdog_timer, jiffies + dev->watchdog_timeo))
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index 91132f6871d7..f1c7bd29f2cd 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -974,10 +974,10 @@ hfsc_adjust_levels(struct hfsc_class *cl)
974 do { 974 do {
975 level = 0; 975 level = 0;
976 list_for_each_entry(p, &cl->children, siblings) { 976 list_for_each_entry(p, &cl->children, siblings) {
977 if (p->level > level) 977 if (p->level >= level)
978 level = p->level; 978 level = p->level + 1;
979 } 979 }
980 cl->level = level + 1; 980 cl->level = level;
981 } while ((cl = cl->cl_parent) != NULL); 981 } while ((cl = cl->cl_parent) != NULL);
982} 982}
983 983
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index 7228d30512c7..5a4a4d0ae502 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -167,7 +167,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
167 if (count == 0) { 167 if (count == 0) {
168 sch->qstats.drops++; 168 sch->qstats.drops++;
169 kfree_skb(skb); 169 kfree_skb(skb);
170 return NET_XMIT_DROP; 170 return NET_XMIT_BYPASS;
171 } 171 }
172 172
173 /* 173 /*
diff --git a/net/sctp/input.c b/net/sctp/input.c
index d117ebc75cf8..1662f9cc869e 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -73,6 +73,8 @@ static struct sctp_association *__sctp_lookup_association(
73 const union sctp_addr *peer, 73 const union sctp_addr *peer,
74 struct sctp_transport **pt); 74 struct sctp_transport **pt);
75 75
76static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb);
77
76 78
77/* Calculate the SCTP checksum of an SCTP packet. */ 79/* Calculate the SCTP checksum of an SCTP packet. */
78static inline int sctp_rcv_checksum(struct sk_buff *skb) 80static inline int sctp_rcv_checksum(struct sk_buff *skb)
@@ -186,7 +188,6 @@ int sctp_rcv(struct sk_buff *skb)
186 */ 188 */
187 if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) 189 if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb)))
188 { 190 {
189 sock_put(sk);
190 if (asoc) { 191 if (asoc) {
191 sctp_association_put(asoc); 192 sctp_association_put(asoc);
192 asoc = NULL; 193 asoc = NULL;
@@ -197,7 +198,6 @@ int sctp_rcv(struct sk_buff *skb)
197 sk = sctp_get_ctl_sock(); 198 sk = sctp_get_ctl_sock();
198 ep = sctp_sk(sk)->ep; 199 ep = sctp_sk(sk)->ep;
199 sctp_endpoint_hold(ep); 200 sctp_endpoint_hold(ep);
200 sock_hold(sk);
201 rcvr = &ep->base; 201 rcvr = &ep->base;
202 } 202 }
203 203
@@ -253,25 +253,18 @@ int sctp_rcv(struct sk_buff *skb)
253 */ 253 */
254 sctp_bh_lock_sock(sk); 254 sctp_bh_lock_sock(sk);
255 255
256 /* It is possible that the association could have moved to a different
257 * socket if it is peeled off. If so, update the sk.
258 */
259 if (sk != rcvr->sk) {
260 sctp_bh_lock_sock(rcvr->sk);
261 sctp_bh_unlock_sock(sk);
262 sk = rcvr->sk;
263 }
264
265 if (sock_owned_by_user(sk)) 256 if (sock_owned_by_user(sk))
266 sk_add_backlog(sk, skb); 257 sctp_add_backlog(sk, skb);
267 else 258 else
268 sctp_backlog_rcv(sk, skb); 259 sctp_inq_push(&chunk->rcvr->inqueue, chunk);
269 260
270 /* Release the sock and the sock ref we took in the lookup calls.
271 * The asoc/ep ref will be released in sctp_backlog_rcv.
272 */
273 sctp_bh_unlock_sock(sk); 261 sctp_bh_unlock_sock(sk);
274 sock_put(sk); 262
263 /* Release the asoc/ep ref we took in the lookup calls. */
264 if (asoc)
265 sctp_association_put(asoc);
266 else
267 sctp_endpoint_put(ep);
275 268
276 return 0; 269 return 0;
277 270
@@ -280,8 +273,7 @@ discard_it:
280 return 0; 273 return 0;
281 274
282discard_release: 275discard_release:
283 /* Release any structures we may be holding. */ 276 /* Release the asoc/ep ref we took in the lookup calls. */
284 sock_put(sk);
285 if (asoc) 277 if (asoc)
286 sctp_association_put(asoc); 278 sctp_association_put(asoc);
287 else 279 else
@@ -290,56 +282,87 @@ discard_release:
290 goto discard_it; 282 goto discard_it;
291} 283}
292 284
293/* Handle second half of inbound skb processing. If the sock was busy, 285/* Process the backlog queue of the socket. Every skb on
294 * we may have need to delay processing until later when the sock is 286 * the backlog holds a ref on an association or endpoint.
295 * released (on the backlog). If not busy, we call this routine 287 * We hold this ref throughout the state machine to make
296 * directly from the bottom half. 288 * sure that the structure we need is still around.
297 */ 289 */
298int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb) 290int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
299{ 291{
300 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; 292 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk;
301 struct sctp_inq *inqueue = NULL; 293 struct sctp_inq *inqueue = &chunk->rcvr->inqueue;
302 struct sctp_ep_common *rcvr = NULL; 294 struct sctp_ep_common *rcvr = NULL;
295 int backloged = 0;
303 296
304 rcvr = chunk->rcvr; 297 rcvr = chunk->rcvr;
305 298
306 BUG_TRAP(rcvr->sk == sk); 299 /* If the rcvr is dead then the association or endpoint
307 300 * has been deleted and we can safely drop the chunk
308 if (rcvr->dead) { 301 * and refs that we are holding.
309 sctp_chunk_free(chunk); 302 */
310 } else { 303 if (rcvr->dead) {
311 inqueue = &chunk->rcvr->inqueue; 304 sctp_chunk_free(chunk);
312 sctp_inq_push(inqueue, chunk); 305 goto done;
313 } 306 }
314 307
315 /* Release the asoc/ep ref we took in the lookup calls in sctp_rcv. */ 308 if (unlikely(rcvr->sk != sk)) {
316 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) 309 /* In this case, the association moved from one socket to
317 sctp_association_put(sctp_assoc(rcvr)); 310 * another. We are currently sitting on the backlog of the
318 else 311 * old socket, so we need to move.
319 sctp_endpoint_put(sctp_ep(rcvr)); 312 * However, since we are here in the process context we
320 313 * need to take make sure that the user doesn't own
314 * the new socket when we process the packet.
315 * If the new socket is user-owned, queue the chunk to the
316 * backlog of the new socket without dropping any refs.
317 * Otherwise, we can safely push the chunk on the inqueue.
318 */
319
320 sk = rcvr->sk;
321 sctp_bh_lock_sock(sk);
322
323 if (sock_owned_by_user(sk)) {
324 sk_add_backlog(sk, skb);
325 backloged = 1;
326 } else
327 sctp_inq_push(inqueue, chunk);
328
329 sctp_bh_unlock_sock(sk);
330
331 /* If the chunk was backloged again, don't drop refs */
332 if (backloged)
333 return 0;
334 } else {
335 sctp_inq_push(inqueue, chunk);
336 }
337
338done:
339 /* Release the refs we took in sctp_add_backlog */
340 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
341 sctp_association_put(sctp_assoc(rcvr));
342 else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
343 sctp_endpoint_put(sctp_ep(rcvr));
344 else
345 BUG();
346
321 return 0; 347 return 0;
322} 348}
323 349
324void sctp_backlog_migrate(struct sctp_association *assoc, 350static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb)
325 struct sock *oldsk, struct sock *newsk)
326{ 351{
327 struct sk_buff *skb; 352 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk;
328 struct sctp_chunk *chunk; 353 struct sctp_ep_common *rcvr = chunk->rcvr;
329 354
330 skb = oldsk->sk_backlog.head; 355 /* Hold the assoc/ep while hanging on the backlog queue.
331 oldsk->sk_backlog.head = oldsk->sk_backlog.tail = NULL; 356 * This way, we know structures we need will not disappear from us
332 while (skb != NULL) { 357 */
333 struct sk_buff *next = skb->next; 358 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
334 359 sctp_association_hold(sctp_assoc(rcvr));
335 chunk = SCTP_INPUT_CB(skb)->chunk; 360 else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
336 skb->next = NULL; 361 sctp_endpoint_hold(sctp_ep(rcvr));
337 if (&assoc->base == chunk->rcvr) 362 else
338 sk_add_backlog(newsk, skb); 363 BUG();
339 else 364
340 sk_add_backlog(oldsk, skb); 365 sk_add_backlog(sk, skb);
341 skb = next;
342 }
343} 366}
344 367
345/* Handle icmp frag needed error. */ 368/* Handle icmp frag needed error. */
@@ -412,7 +435,7 @@ struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
412 union sctp_addr daddr; 435 union sctp_addr daddr;
413 struct sctp_af *af; 436 struct sctp_af *af;
414 struct sock *sk = NULL; 437 struct sock *sk = NULL;
415 struct sctp_association *asoc = NULL; 438 struct sctp_association *asoc;
416 struct sctp_transport *transport = NULL; 439 struct sctp_transport *transport = NULL;
417 440
418 *app = NULL; *tpp = NULL; 441 *app = NULL; *tpp = NULL;
@@ -453,7 +476,6 @@ struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
453 return sk; 476 return sk;
454 477
455out: 478out:
456 sock_put(sk);
457 if (asoc) 479 if (asoc)
458 sctp_association_put(asoc); 480 sctp_association_put(asoc);
459 return NULL; 481 return NULL;
@@ -463,7 +485,6 @@ out:
463void sctp_err_finish(struct sock *sk, struct sctp_association *asoc) 485void sctp_err_finish(struct sock *sk, struct sctp_association *asoc)
464{ 486{
465 sctp_bh_unlock_sock(sk); 487 sctp_bh_unlock_sock(sk);
466 sock_put(sk);
467 if (asoc) 488 if (asoc)
468 sctp_association_put(asoc); 489 sctp_association_put(asoc);
469} 490}
@@ -490,7 +511,7 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info)
490 int type = skb->h.icmph->type; 511 int type = skb->h.icmph->type;
491 int code = skb->h.icmph->code; 512 int code = skb->h.icmph->code;
492 struct sock *sk; 513 struct sock *sk;
493 struct sctp_association *asoc; 514 struct sctp_association *asoc = NULL;
494 struct sctp_transport *transport; 515 struct sctp_transport *transport;
495 struct inet_sock *inet; 516 struct inet_sock *inet;
496 char *saveip, *savesctp; 517 char *saveip, *savesctp;
@@ -716,7 +737,6 @@ static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *l
716 737
717hit: 738hit:
718 sctp_endpoint_hold(ep); 739 sctp_endpoint_hold(ep);
719 sock_hold(epb->sk);
720 read_unlock(&head->lock); 740 read_unlock(&head->lock);
721 return ep; 741 return ep;
722} 742}
@@ -818,7 +838,6 @@ static struct sctp_association *__sctp_lookup_association(
818hit: 838hit:
819 *pt = transport; 839 *pt = transport;
820 sctp_association_hold(asoc); 840 sctp_association_hold(asoc);
821 sock_hold(epb->sk);
822 read_unlock(&head->lock); 841 read_unlock(&head->lock);
823 return asoc; 842 return asoc;
824} 843}
@@ -846,7 +865,6 @@ int sctp_has_association(const union sctp_addr *laddr,
846 struct sctp_transport *transport; 865 struct sctp_transport *transport;
847 866
848 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { 867 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) {
849 sock_put(asoc->base.sk);
850 sctp_association_put(asoc); 868 sctp_association_put(asoc);
851 return 1; 869 return 1;
852 } 870 }
diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c
index 297b8951463e..cf0c767d43ae 100644
--- a/net/sctp/inqueue.c
+++ b/net/sctp/inqueue.c
@@ -149,6 +149,7 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
149 /* This is the first chunk in the packet. */ 149 /* This is the first chunk in the packet. */
150 chunk->singleton = 1; 150 chunk->singleton = 1;
151 ch = (sctp_chunkhdr_t *) chunk->skb->data; 151 ch = (sctp_chunkhdr_t *) chunk->skb->data;
152 chunk->data_accepted = 0;
152 } 153 }
153 154
154 chunk->chunk_hdr = ch; 155 chunk->chunk_hdr = ch;
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 8d1dc24bab4c..c5beb2ad7ef7 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -498,10 +498,6 @@ static void sctp_cmd_assoc_failed(sctp_cmd_seq_t *commands,
498 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, 498 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
499 SCTP_STATE(SCTP_STATE_CLOSED)); 499 SCTP_STATE(SCTP_STATE_CLOSED));
500 500
501 /* Set sk_err to ECONNRESET on a 1-1 style socket. */
502 if (!sctp_style(asoc->base.sk, UDP))
503 asoc->base.sk->sk_err = ECONNRESET;
504
505 /* SEND_FAILED sent later when cleaning up the association. */ 501 /* SEND_FAILED sent later when cleaning up the association. */
506 asoc->outqueue.error = error; 502 asoc->outqueue.error = error;
507 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); 503 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
@@ -838,6 +834,15 @@ static void sctp_cmd_del_non_primary(struct sctp_association *asoc)
838 return; 834 return;
839} 835}
840 836
837/* Helper function to set sk_err on a 1-1 style socket. */
838static void sctp_cmd_set_sk_err(struct sctp_association *asoc, int error)
839{
840 struct sock *sk = asoc->base.sk;
841
842 if (!sctp_style(sk, UDP))
843 sk->sk_err = error;
844}
845
841/* These three macros allow us to pull the debugging code out of the 846/* These three macros allow us to pull the debugging code out of the
842 * main flow of sctp_do_sm() to keep attention focused on the real 847 * main flow of sctp_do_sm() to keep attention focused on the real
843 * functionality there. 848 * functionality there.
@@ -1458,6 +1463,9 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1458 local_cork = 0; 1463 local_cork = 0;
1459 asoc->peer.retran_path = t; 1464 asoc->peer.retran_path = t;
1460 break; 1465 break;
1466 case SCTP_CMD_SET_SK_ERR:
1467 sctp_cmd_set_sk_err(asoc, cmd->obj.error);
1468 break;
1461 default: 1469 default:
1462 printk(KERN_WARNING "Impossible command: %u, %p\n", 1470 printk(KERN_WARNING "Impossible command: %u, %p\n",
1463 cmd->verb, cmd->obj.ptr); 1471 cmd->verb, cmd->obj.ptr);
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 2b9a832b29a7..8bc279219a72 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -93,7 +93,7 @@ static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
93static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk); 93static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk);
94 94
95static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands, 95static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
96 __u16 error, 96 __u16 error, int sk_err,
97 const struct sctp_association *asoc, 97 const struct sctp_association *asoc,
98 struct sctp_transport *transport); 98 struct sctp_transport *transport);
99 99
@@ -448,7 +448,7 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
448 __u32 init_tag; 448 __u32 init_tag;
449 struct sctp_chunk *err_chunk; 449 struct sctp_chunk *err_chunk;
450 struct sctp_packet *packet; 450 struct sctp_packet *packet;
451 sctp_disposition_t ret; 451 __u16 error;
452 452
453 if (!sctp_vtag_verify(chunk, asoc)) 453 if (!sctp_vtag_verify(chunk, asoc))
454 return sctp_sf_pdiscard(ep, asoc, type, arg, commands); 454 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -480,11 +480,9 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
480 goto nomem; 480 goto nomem;
481 481
482 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); 482 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
483 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, 483 return sctp_stop_t1_and_abort(commands, SCTP_ERROR_INV_PARAM,
484 SCTP_STATE(SCTP_STATE_CLOSED)); 484 ECONNREFUSED, asoc,
485 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 485 chunk->transport);
486 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
487 return SCTP_DISPOSITION_DELETE_TCB;
488 } 486 }
489 487
490 /* Verify the INIT chunk before processing it. */ 488 /* Verify the INIT chunk before processing it. */
@@ -511,27 +509,16 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
511 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, 509 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
512 SCTP_PACKET(packet)); 510 SCTP_PACKET(packet));
513 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); 511 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
514 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, 512 error = SCTP_ERROR_INV_PARAM;
515 SCTP_STATE(SCTP_STATE_CLOSED));
516 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
517 SCTP_NULL());
518 return SCTP_DISPOSITION_CONSUME;
519 } else { 513 } else {
520 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, 514 error = SCTP_ERROR_NO_RESOURCE;
521 SCTP_STATE(SCTP_STATE_CLOSED));
522 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
523 SCTP_NULL());
524 return SCTP_DISPOSITION_NOMEM;
525 } 515 }
526 } else { 516 } else {
527 ret = sctp_sf_tabort_8_4_8(ep, asoc, type, arg, 517 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
528 commands); 518 error = SCTP_ERROR_INV_PARAM;
529 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
530 SCTP_STATE(SCTP_STATE_CLOSED));
531 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
532 SCTP_NULL());
533 return ret;
534 } 519 }
520 return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED,
521 asoc, chunk->transport);
535 } 522 }
536 523
537 /* Tag the variable length parameters. Note that we never 524 /* Tag the variable length parameters. Note that we never
@@ -636,8 +623,9 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
636 */ 623 */
637 chunk->subh.cookie_hdr = 624 chunk->subh.cookie_hdr =
638 (struct sctp_signed_cookie *)chunk->skb->data; 625 (struct sctp_signed_cookie *)chunk->skb->data;
639 skb_pull(chunk->skb, 626 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
640 ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t)); 627 sizeof(sctp_chunkhdr_t)))
628 goto nomem;
641 629
642 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint 630 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint
643 * "Z" will reply with a COOKIE ACK chunk after building a TCB 631 * "Z" will reply with a COOKIE ACK chunk after building a TCB
@@ -885,6 +873,8 @@ sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
885 struct sctp_transport *transport = (struct sctp_transport *) arg; 873 struct sctp_transport *transport = (struct sctp_transport *) arg;
886 874
887 if (asoc->overall_error_count >= asoc->max_retrans) { 875 if (asoc->overall_error_count >= asoc->max_retrans) {
876 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
877 SCTP_ERROR(ETIMEDOUT));
888 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */ 878 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
889 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 879 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
890 SCTP_U32(SCTP_ERROR_NO_ERROR)); 880 SCTP_U32(SCTP_ERROR_NO_ERROR));
@@ -965,7 +955,8 @@ sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep,
965 */ 955 */
966 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data; 956 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data;
967 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 957 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
968 skb_pull(chunk->skb, paylen); 958 if (!pskb_pull(chunk->skb, paylen))
959 goto nomem;
969 960
970 reply = sctp_make_heartbeat_ack(asoc, chunk, 961 reply = sctp_make_heartbeat_ack(asoc, chunk,
971 chunk->subh.hb_hdr, paylen); 962 chunk->subh.hb_hdr, paylen);
@@ -1028,6 +1019,12 @@ sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
1028 commands); 1019 commands);
1029 1020
1030 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data; 1021 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
1022 /* Make sure that the length of the parameter is what we expect */
1023 if (ntohs(hbinfo->param_hdr.length) !=
1024 sizeof(sctp_sender_hb_info_t)) {
1025 return SCTP_DISPOSITION_DISCARD;
1026 }
1027
1031 from_addr = hbinfo->daddr; 1028 from_addr = hbinfo->daddr;
1032 link = sctp_assoc_lookup_paddr(asoc, &from_addr); 1029 link = sctp_assoc_lookup_paddr(asoc, &from_addr);
1033 1030
@@ -1860,8 +1857,9 @@ sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
1860 * are in good shape. 1857 * are in good shape.
1861 */ 1858 */
1862 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data; 1859 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data;
1863 skb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - 1860 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
1864 sizeof(sctp_chunkhdr_t)); 1861 sizeof(sctp_chunkhdr_t)))
1862 goto nomem;
1865 1863
1866 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie 1864 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie
1867 * of a duplicate COOKIE ECHO match the Verification Tags of the 1865 * of a duplicate COOKIE ECHO match the Verification Tags of the
@@ -2123,6 +2121,8 @@ static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
2123 int attempts = asoc->init_err_counter + 1; 2121 int attempts = asoc->init_err_counter + 1;
2124 2122
2125 if (attempts > asoc->max_init_attempts) { 2123 if (attempts > asoc->max_init_attempts) {
2124 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
2125 SCTP_ERROR(ETIMEDOUT));
2126 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 2126 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2127 SCTP_U32(SCTP_ERROR_STALE_COOKIE)); 2127 SCTP_U32(SCTP_ERROR_STALE_COOKIE));
2128 return SCTP_DISPOSITION_DELETE_TCB; 2128 return SCTP_DISPOSITION_DELETE_TCB;
@@ -2259,6 +2259,7 @@ sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
2259 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) 2259 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2260 error = ((sctp_errhdr_t *)chunk->skb->data)->cause; 2260 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2261 2261
2262 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET));
2262 /* ASSOC_FAILED will DELETE_TCB. */ 2263 /* ASSOC_FAILED will DELETE_TCB. */
2263 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_U32(error)); 2264 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_U32(error));
2264 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 2265 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
@@ -2303,7 +2304,8 @@ sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
2303 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) 2304 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2304 error = ((sctp_errhdr_t *)chunk->skb->data)->cause; 2305 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2305 2306
2306 return sctp_stop_t1_and_abort(commands, error, asoc, chunk->transport); 2307 return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED, asoc,
2308 chunk->transport);
2307} 2309}
2308 2310
2309/* 2311/*
@@ -2315,7 +2317,8 @@ sctp_disposition_t sctp_sf_cookie_wait_icmp_abort(const struct sctp_endpoint *ep
2315 void *arg, 2317 void *arg,
2316 sctp_cmd_seq_t *commands) 2318 sctp_cmd_seq_t *commands)
2317{ 2319{
2318 return sctp_stop_t1_and_abort(commands, SCTP_ERROR_NO_ERROR, asoc, 2320 return sctp_stop_t1_and_abort(commands, SCTP_ERROR_NO_ERROR,
2321 ENOPROTOOPT, asoc,
2319 (struct sctp_transport *)arg); 2322 (struct sctp_transport *)arg);
2320} 2323}
2321 2324
@@ -2340,7 +2343,7 @@ sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep,
2340 * This is common code called by several sctp_sf_*_abort() functions above. 2343 * This is common code called by several sctp_sf_*_abort() functions above.
2341 */ 2344 */
2342static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands, 2345static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
2343 __u16 error, 2346 __u16 error, int sk_err,
2344 const struct sctp_association *asoc, 2347 const struct sctp_association *asoc,
2345 struct sctp_transport *transport) 2348 struct sctp_transport *transport)
2346{ 2349{
@@ -2350,6 +2353,7 @@ static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
2350 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 2353 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2351 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, 2354 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2352 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); 2355 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2356 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(sk_err));
2353 /* CMD_INIT_FAILED will DELETE_TCB. */ 2357 /* CMD_INIT_FAILED will DELETE_TCB. */
2354 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 2358 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2355 SCTP_U32(error)); 2359 SCTP_U32(error));
@@ -3333,6 +3337,8 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
3333 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, 3337 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3334 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); 3338 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3335 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL()); 3339 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3340 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3341 SCTP_ERROR(ECONNABORTED));
3336 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 3342 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3337 SCTP_U32(SCTP_ERROR_ASCONF_ACK)); 3343 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
3338 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 3344 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
@@ -3359,6 +3365,8 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
3359 * processing the rest of the chunks in the packet. 3365 * processing the rest of the chunks in the packet.
3360 */ 3366 */
3361 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL()); 3367 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3368 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3369 SCTP_ERROR(ECONNABORTED));
3362 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 3370 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3363 SCTP_U32(SCTP_ERROR_ASCONF_ACK)); 3371 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
3364 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 3372 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
@@ -3711,9 +3719,13 @@ static sctp_disposition_t sctp_sf_violation_chunklen(
3711 if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) { 3719 if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) {
3712 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, 3720 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3713 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); 3721 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3722 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3723 SCTP_ERROR(ECONNREFUSED));
3714 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 3724 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
3715 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION)); 3725 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
3716 } else { 3726 } else {
3727 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3728 SCTP_ERROR(ECONNABORTED));
3717 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 3729 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3718 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION)); 3730 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
3719 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); 3731 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
@@ -4031,6 +4043,8 @@ sctp_disposition_t sctp_sf_do_9_1_prm_abort(
4031 * TCB. This is a departure from our typical NOMEM handling. 4043 * TCB. This is a departure from our typical NOMEM handling.
4032 */ 4044 */
4033 4045
4046 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4047 SCTP_ERROR(ECONNABORTED));
4034 /* Delete the established association. */ 4048 /* Delete the established association. */
4035 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 4049 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4036 SCTP_U32(SCTP_ERROR_USER_ABORT)); 4050 SCTP_U32(SCTP_ERROR_USER_ABORT));
@@ -4172,6 +4186,8 @@ sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
4172 * TCB. This is a departure from our typical NOMEM handling. 4186 * TCB. This is a departure from our typical NOMEM handling.
4173 */ 4187 */
4174 4188
4189 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4190 SCTP_ERROR(ECONNREFUSED));
4175 /* Delete the established association. */ 4191 /* Delete the established association. */
4176 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 4192 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4177 SCTP_U32(SCTP_ERROR_USER_ABORT)); 4193 SCTP_U32(SCTP_ERROR_USER_ABORT));
@@ -4540,6 +4556,8 @@ sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep,
4540 struct sctp_transport *transport = arg; 4556 struct sctp_transport *transport = arg;
4541 4557
4542 if (asoc->overall_error_count >= asoc->max_retrans) { 4558 if (asoc->overall_error_count >= asoc->max_retrans) {
4559 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4560 SCTP_ERROR(ETIMEDOUT));
4543 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */ 4561 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4544 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 4562 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4545 SCTP_U32(SCTP_ERROR_NO_ERROR)); 4563 SCTP_U32(SCTP_ERROR_NO_ERROR));
@@ -4659,6 +4677,8 @@ sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep,
4659 SCTP_DEBUG_PRINTK("Giving up on INIT, attempts: %d" 4677 SCTP_DEBUG_PRINTK("Giving up on INIT, attempts: %d"
4660 " max_init_attempts: %d\n", 4678 " max_init_attempts: %d\n",
4661 attempts, asoc->max_init_attempts); 4679 attempts, asoc->max_init_attempts);
4680 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4681 SCTP_ERROR(ETIMEDOUT));
4662 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 4682 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4663 SCTP_U32(SCTP_ERROR_NO_ERROR)); 4683 SCTP_U32(SCTP_ERROR_NO_ERROR));
4664 return SCTP_DISPOSITION_DELETE_TCB; 4684 return SCTP_DISPOSITION_DELETE_TCB;
@@ -4708,6 +4728,8 @@ sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep
4708 4728
4709 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); 4729 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4710 } else { 4730 } else {
4731 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4732 SCTP_ERROR(ETIMEDOUT));
4711 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, 4733 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4712 SCTP_U32(SCTP_ERROR_NO_ERROR)); 4734 SCTP_U32(SCTP_ERROR_NO_ERROR));
4713 return SCTP_DISPOSITION_DELETE_TCB; 4735 return SCTP_DISPOSITION_DELETE_TCB;
@@ -4739,6 +4761,8 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
4739 4761
4740 SCTP_DEBUG_PRINTK("Timer T2 expired.\n"); 4762 SCTP_DEBUG_PRINTK("Timer T2 expired.\n");
4741 if (asoc->overall_error_count >= asoc->max_retrans) { 4763 if (asoc->overall_error_count >= asoc->max_retrans) {
4764 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4765 SCTP_ERROR(ETIMEDOUT));
4742 /* Note: CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */ 4766 /* Note: CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4743 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 4767 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4744 SCTP_U32(SCTP_ERROR_NO_ERROR)); 4768 SCTP_U32(SCTP_ERROR_NO_ERROR));
@@ -4814,6 +4838,8 @@ sctp_disposition_t sctp_sf_t4_timer_expire(
4814 if (asoc->overall_error_count >= asoc->max_retrans) { 4838 if (asoc->overall_error_count >= asoc->max_retrans) {
4815 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, 4839 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4816 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); 4840 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4841 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4842 SCTP_ERROR(ETIMEDOUT));
4817 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 4843 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4818 SCTP_U32(SCTP_ERROR_NO_ERROR)); 4844 SCTP_U32(SCTP_ERROR_NO_ERROR));
4819 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 4845 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
@@ -4867,6 +4893,8 @@ sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
4867 goto nomem; 4893 goto nomem;
4868 4894
4869 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); 4895 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4896 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4897 SCTP_ERROR(ETIMEDOUT));
4870 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 4898 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4871 SCTP_U32(SCTP_ERROR_NO_ERROR)); 4899 SCTP_U32(SCTP_ERROR_NO_ERROR));
4872 4900
@@ -5151,7 +5179,9 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5151 int tmp; 5179 int tmp;
5152 __u32 tsn; 5180 __u32 tsn;
5153 int account_value; 5181 int account_value;
5182 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
5154 struct sock *sk = asoc->base.sk; 5183 struct sock *sk = asoc->base.sk;
5184 int rcvbuf_over = 0;
5155 5185
5156 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data; 5186 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data;
5157 skb_pull(chunk->skb, sizeof(sctp_datahdr_t)); 5187 skb_pull(chunk->skb, sizeof(sctp_datahdr_t));
@@ -5162,10 +5192,16 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5162 /* ASSERT: Now skb->data is really the user data. */ 5192 /* ASSERT: Now skb->data is really the user data. */
5163 5193
5164 /* 5194 /*
5165 * if we are established, and we have used up our receive 5195 * If we are established, and we have used up our receive buffer
5166 * buffer memory, drop the frame 5196 * memory, think about droping the frame.
5167 */ 5197 * Note that we have an opportunity to improve performance here.
5168 if (asoc->state == SCTP_STATE_ESTABLISHED) { 5198 * If we accept one chunk from an skbuff, we have to keep all the
5199 * memory of that skbuff around until the chunk is read into user
5200 * space. Therefore, once we accept 1 chunk we may as well accept all
5201 * remaining chunks in the skbuff. The data_accepted flag helps us do
5202 * that.
5203 */
5204 if ((asoc->state == SCTP_STATE_ESTABLISHED) && (!chunk->data_accepted)) {
5169 /* 5205 /*
5170 * If the receive buffer policy is 1, then each 5206 * If the receive buffer policy is 1, then each
5171 * association can allocate up to sk_rcvbuf bytes 5207 * association can allocate up to sk_rcvbuf bytes
@@ -5176,9 +5212,25 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5176 account_value = atomic_read(&asoc->rmem_alloc); 5212 account_value = atomic_read(&asoc->rmem_alloc);
5177 else 5213 else
5178 account_value = atomic_read(&sk->sk_rmem_alloc); 5214 account_value = atomic_read(&sk->sk_rmem_alloc);
5179 5215 if (account_value > sk->sk_rcvbuf) {
5180 if (account_value > sk->sk_rcvbuf) 5216 /*
5181 return SCTP_IERROR_IGNORE_TSN; 5217 * We need to make forward progress, even when we are
5218 * under memory pressure, so we always allow the
5219 * next tsn after the ctsn ack point to be accepted.
5220 * This lets us avoid deadlocks in which we have to
5221 * drop frames that would otherwise let us drain the
5222 * receive queue.
5223 */
5224 if ((sctp_tsnmap_get_ctsn(map) + 1) != tsn)
5225 return SCTP_IERROR_IGNORE_TSN;
5226
5227 /*
5228 * We're going to accept the frame but we should renege
5229 * to make space for it. This will send us down that
5230 * path later in this function.
5231 */
5232 rcvbuf_over = 1;
5233 }
5182 } 5234 }
5183 5235
5184 /* Process ECN based congestion. 5236 /* Process ECN based congestion.
@@ -5226,6 +5278,7 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5226 datalen -= sizeof(sctp_data_chunk_t); 5278 datalen -= sizeof(sctp_data_chunk_t);
5227 5279
5228 deliver = SCTP_CMD_CHUNK_ULP; 5280 deliver = SCTP_CMD_CHUNK_ULP;
5281 chunk->data_accepted = 1;
5229 5282
5230 /* Think about partial delivery. */ 5283 /* Think about partial delivery. */
5231 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) { 5284 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
@@ -5242,7 +5295,8 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5242 * large spill over. 5295 * large spill over.
5243 */ 5296 */
5244 if (!asoc->rwnd || asoc->rwnd_over || 5297 if (!asoc->rwnd || asoc->rwnd_over ||
5245 (datalen > asoc->rwnd + asoc->frag_point)) { 5298 (datalen > asoc->rwnd + asoc->frag_point) ||
5299 rcvbuf_over) {
5246 5300
5247 /* If this is the next TSN, consider reneging to make 5301 /* If this is the next TSN, consider reneging to make
5248 * room. Note: Playing nice with a confused sender. A 5302 * room. Note: Playing nice with a confused sender. A
@@ -5250,8 +5304,8 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5250 * space and in the future we may want to detect and 5304 * space and in the future we may want to detect and
5251 * do more drastic reneging. 5305 * do more drastic reneging.
5252 */ 5306 */
5253 if (sctp_tsnmap_has_gap(&asoc->peer.tsn_map) && 5307 if (sctp_tsnmap_has_gap(map) &&
5254 (sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + 1) == tsn) { 5308 (sctp_tsnmap_get_ctsn(map) + 1) == tsn) {
5255 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn); 5309 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn);
5256 deliver = SCTP_CMD_RENEGE; 5310 deliver = SCTP_CMD_RENEGE;
5257 } else { 5311 } else {
@@ -5280,6 +5334,8 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5280 * processing the rest of the chunks in the packet. 5334 * processing the rest of the chunks in the packet.
5281 */ 5335 */
5282 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL()); 5336 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
5337 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
5338 SCTP_ERROR(ECONNABORTED));
5283 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, 5339 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
5284 SCTP_U32(SCTP_ERROR_NO_DATA)); 5340 SCTP_U32(SCTP_ERROR_NO_DATA));
5285 SCTP_INC_STATS(SCTP_MIB_ABORTEDS); 5341 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
diff --git a/net/sctp/sm_statetable.c b/net/sctp/sm_statetable.c
index 75ef10408764..8bcca5676151 100644
--- a/net/sctp/sm_statetable.c
+++ b/net/sctp/sm_statetable.c
@@ -366,9 +366,9 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
366 /* SCTP_STATE_EMPTY */ \ 366 /* SCTP_STATE_EMPTY */ \
367 {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \ 367 {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \
368 /* SCTP_STATE_CLOSED */ \ 368 /* SCTP_STATE_CLOSED */ \
369 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 369 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
370 /* SCTP_STATE_COOKIE_WAIT */ \ 370 /* SCTP_STATE_COOKIE_WAIT */ \
371 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 371 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
372 /* SCTP_STATE_COOKIE_ECHOED */ \ 372 /* SCTP_STATE_COOKIE_ECHOED */ \
373 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \ 373 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
374 /* SCTP_STATE_ESTABLISHED */ \ 374 /* SCTP_STATE_ESTABLISHED */ \
@@ -380,7 +380,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
380 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \ 380 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \
381 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \ 381 {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
382 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \ 382 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
383 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 383 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
384} /* TYPE_SCTP_ECN_ECNE */ 384} /* TYPE_SCTP_ECN_ECNE */
385 385
386#define TYPE_SCTP_ECN_CWR { \ 386#define TYPE_SCTP_ECN_CWR { \
@@ -401,7 +401,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
401 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \ 401 /* SCTP_STATE_SHUTDOWN_RECEIVED */ \
402 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ 402 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
403 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \ 403 /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
404 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 404 {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
405} /* TYPE_SCTP_ECN_CWR */ 405} /* TYPE_SCTP_ECN_CWR */
406 406
407#define TYPE_SCTP_SHUTDOWN_COMPLETE { \ 407#define TYPE_SCTP_SHUTDOWN_COMPLETE { \
@@ -647,7 +647,7 @@ chunk_event_table_unknown[SCTP_STATE_NUM_STATES] = {
647 /* SCTP_STATE_EMPTY */ \ 647 /* SCTP_STATE_EMPTY */ \
648 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 648 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
649 /* SCTP_STATE_CLOSED */ \ 649 /* SCTP_STATE_CLOSED */ \
650 {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ 650 {.fn = sctp_sf_error_closed, .name = "sctp_sf_error_closed"}, \
651 /* SCTP_STATE_COOKIE_WAIT */ \ 651 /* SCTP_STATE_COOKIE_WAIT */ \
652 {.fn = sctp_sf_do_prm_requestheartbeat, \ 652 {.fn = sctp_sf_do_prm_requestheartbeat, \
653 .name = "sctp_sf_do_prm_requestheartbeat"}, \ 653 .name = "sctp_sf_do_prm_requestheartbeat"}, \
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index b6e4b89539b3..174d4d35e951 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1057,6 +1057,7 @@ static int __sctp_connect(struct sock* sk,
1057 inet_sk(sk)->dport = htons(asoc->peer.port); 1057 inet_sk(sk)->dport = htons(asoc->peer.port);
1058 af = sctp_get_af_specific(to.sa.sa_family); 1058 af = sctp_get_af_specific(to.sa.sa_family);
1059 af->to_sk_daddr(&to, sk); 1059 af->to_sk_daddr(&to, sk);
1060 sk->sk_err = 0;
1060 1061
1061 timeo = sock_sndtimeo(sk, sk->sk_socket->file->f_flags & O_NONBLOCK); 1062 timeo = sock_sndtimeo(sk, sk->sk_socket->file->f_flags & O_NONBLOCK);
1062 err = sctp_wait_for_connect(asoc, &timeo); 1063 err = sctp_wait_for_connect(asoc, &timeo);
@@ -1228,7 +1229,7 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
1228 1229
1229 ep = sctp_sk(sk)->ep; 1230 ep = sctp_sk(sk)->ep;
1230 1231
1231 /* Walk all associations on a socket, not on an endpoint. */ 1232 /* Walk all associations on an endpoint. */
1232 list_for_each_safe(pos, temp, &ep->asocs) { 1233 list_for_each_safe(pos, temp, &ep->asocs) {
1233 asoc = list_entry(pos, struct sctp_association, asocs); 1234 asoc = list_entry(pos, struct sctp_association, asocs);
1234 1235
@@ -1241,13 +1242,13 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
1241 if (sctp_state(asoc, CLOSED)) { 1242 if (sctp_state(asoc, CLOSED)) {
1242 sctp_unhash_established(asoc); 1243 sctp_unhash_established(asoc);
1243 sctp_association_free(asoc); 1244 sctp_association_free(asoc);
1245 continue;
1246 }
1247 }
1244 1248
1245 } else if (sock_flag(sk, SOCK_LINGER) && 1249 if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)
1246 !sk->sk_lingertime) 1250 sctp_primitive_ABORT(asoc, NULL);
1247 sctp_primitive_ABORT(asoc, NULL); 1251 else
1248 else
1249 sctp_primitive_SHUTDOWN(asoc, NULL);
1250 } else
1251 sctp_primitive_SHUTDOWN(asoc, NULL); 1252 sctp_primitive_SHUTDOWN(asoc, NULL);
1252 } 1253 }
1253 1254
@@ -5317,6 +5318,7 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
5317 */ 5318 */
5318 sctp_release_sock(sk); 5319 sctp_release_sock(sk);
5319 current_timeo = schedule_timeout(current_timeo); 5320 current_timeo = schedule_timeout(current_timeo);
5321 BUG_ON(sk != asoc->base.sk);
5320 sctp_lock_sock(sk); 5322 sctp_lock_sock(sk);
5321 5323
5322 *timeo_p = current_timeo; 5324 *timeo_p = current_timeo;
@@ -5604,12 +5606,14 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5604 */ 5606 */
5605 newsp->type = type; 5607 newsp->type = type;
5606 5608
5607 spin_lock_bh(&oldsk->sk_lock.slock); 5609 /* Mark the new socket "in-use" by the user so that any packets
5608 /* Migrate the backlog from oldsk to newsk. */ 5610 * that may arrive on the association after we've moved it are
5609 sctp_backlog_migrate(assoc, oldsk, newsk); 5611 * queued to the backlog. This prevents a potential race between
5610 /* Migrate the association to the new socket. */ 5612 * backlog processing on the old socket and new-packet processing
5613 * on the new socket.
5614 */
5615 sctp_lock_sock(newsk);
5611 sctp_assoc_migrate(assoc, newsk); 5616 sctp_assoc_migrate(assoc, newsk);
5612 spin_unlock_bh(&oldsk->sk_lock.slock);
5613 5617
5614 /* If the association on the newsk is already closed before accept() 5618 /* If the association on the newsk is already closed before accept()
5615 * is called, set RCV_SHUTDOWN flag. 5619 * is called, set RCV_SHUTDOWN flag.
@@ -5618,6 +5622,7 @@ static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
5618 newsk->sk_shutdown |= RCV_SHUTDOWN; 5622 newsk->sk_shutdown |= RCV_SHUTDOWN;
5619 5623
5620 newsk->sk_state = SCTP_SS_ESTABLISHED; 5624 newsk->sk_state = SCTP_SS_ESTABLISHED;
5625 sctp_release_sock(newsk);
5621} 5626}
5622 5627
5623/* This proto struct describes the ULP interface for SCTP. */ 5628/* This proto struct describes the ULP interface for SCTP. */
diff --git a/net/sctp/ulpqueue.c b/net/sctp/ulpqueue.c
index 2080b2d28c98..575e556aeb3e 100644
--- a/net/sctp/ulpqueue.c
+++ b/net/sctp/ulpqueue.c
@@ -279,6 +279,7 @@ static inline void sctp_ulpq_store_reasm(struct sctp_ulpq *ulpq,
279static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *queue, struct sk_buff *f_frag, struct sk_buff *l_frag) 279static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *queue, struct sk_buff *f_frag, struct sk_buff *l_frag)
280{ 280{
281 struct sk_buff *pos; 281 struct sk_buff *pos;
282 struct sk_buff *new = NULL;
282 struct sctp_ulpevent *event; 283 struct sctp_ulpevent *event;
283 struct sk_buff *pnext, *last; 284 struct sk_buff *pnext, *last;
284 struct sk_buff *list = skb_shinfo(f_frag)->frag_list; 285 struct sk_buff *list = skb_shinfo(f_frag)->frag_list;
@@ -297,11 +298,33 @@ static struct sctp_ulpevent *sctp_make_reassembled_event(struct sk_buff_head *qu
297 */ 298 */
298 if (last) 299 if (last)
299 last->next = pos; 300 last->next = pos;
300 else 301 else {
301 skb_shinfo(f_frag)->frag_list = pos; 302 if (skb_cloned(f_frag)) {
303 /* This is a cloned skb, we can't just modify
304 * the frag_list. We need a new skb to do that.
305 * Instead of calling skb_unshare(), we'll do it
306 * ourselves since we need to delay the free.
307 */
308 new = skb_copy(f_frag, GFP_ATOMIC);
309 if (!new)
310 return NULL; /* try again later */
311
312 new->sk = f_frag->sk;
313
314 skb_shinfo(new)->frag_list = pos;
315 } else
316 skb_shinfo(f_frag)->frag_list = pos;
317 }
302 318
303 /* Remove the first fragment from the reassembly queue. */ 319 /* Remove the first fragment from the reassembly queue. */
304 __skb_unlink(f_frag, queue); 320 __skb_unlink(f_frag, queue);
321
322 /* if we did unshare, then free the old skb and re-assign */
323 if (new) {
324 kfree_skb(f_frag);
325 f_frag = new;
326 }
327
305 while (pos) { 328 while (pos) {
306 329
307 pnext = pos->next; 330 pnext = pos->next;
diff --git a/net/socket.c b/net/socket.c
index 23898f45f713..02948b622bd2 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -267,6 +267,8 @@ int move_addr_to_user(void *kaddr, int klen, void __user *uaddr, int __user *ule
267 return -EINVAL; 267 return -EINVAL;
268 if(len) 268 if(len)
269 { 269 {
270 if (audit_sockaddr(klen, kaddr))
271 return -ENOMEM;
270 if(copy_to_user(uaddr,kaddr,len)) 272 if(copy_to_user(uaddr,kaddr,len))
271 return -EFAULT; 273 return -EFAULT;
272 } 274 }
@@ -490,6 +492,7 @@ static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
490 struct file *file; 492 struct file *file;
491 struct socket *sock; 493 struct socket *sock;
492 494
495 *err = -EBADF;
493 file = fget_light(fd, fput_needed); 496 file = fget_light(fd, fput_needed);
494 if (file) { 497 if (file) {
495 sock = sock_from_file(file, err); 498 sock = sock_from_file(file, err);
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 900ef31f5a0e..519ebc17c028 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -794,7 +794,6 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
794 794
795out_err: 795out_err:
796 dprintk("RPC: gss_create_cred failed with error %d\n", err); 796 dprintk("RPC: gss_create_cred failed with error %d\n", err);
797 if (cred) gss_destroy_cred(&cred->gc_base);
798 return ERR_PTR(err); 797 return ERR_PTR(err);
799} 798}
800 799
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 97c981fa6b8e..76b969e6904f 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -212,7 +212,6 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
212 char *cksumname; 212 char *cksumname;
213 struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */ 213 struct crypto_tfm *tfm = NULL; /* XXX add to ctx? */
214 struct scatterlist sg[1]; 214 struct scatterlist sg[1];
215 u32 code = GSS_S_FAILURE;
216 215
217 switch (cksumtype) { 216 switch (cksumtype) {
218 case CKSUMTYPE_RSA_MD5: 217 case CKSUMTYPE_RSA_MD5:
@@ -221,13 +220,11 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
221 default: 220 default:
222 dprintk("RPC: krb5_make_checksum:" 221 dprintk("RPC: krb5_make_checksum:"
223 " unsupported checksum %d", cksumtype); 222 " unsupported checksum %d", cksumtype);
224 goto out; 223 return GSS_S_FAILURE;
225 } 224 }
226 if (!(tfm = crypto_alloc_tfm(cksumname, CRYPTO_TFM_REQ_MAY_SLEEP))) 225 if (!(tfm = crypto_alloc_tfm(cksumname, CRYPTO_TFM_REQ_MAY_SLEEP)))
227 goto out; 226 return GSS_S_FAILURE;
228 cksum->len = crypto_tfm_alg_digestsize(tfm); 227 cksum->len = crypto_tfm_alg_digestsize(tfm);
229 if ((cksum->data = kmalloc(cksum->len, GFP_KERNEL)) == NULL)
230 goto out;
231 228
232 crypto_digest_init(tfm); 229 crypto_digest_init(tfm);
233 sg_set_buf(sg, header, hdrlen); 230 sg_set_buf(sg, header, hdrlen);
@@ -235,10 +232,8 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
235 process_xdr_buf(body, body_offset, body->len - body_offset, 232 process_xdr_buf(body, body_offset, body->len - body_offset,
236 checksummer, tfm); 233 checksummer, tfm);
237 crypto_digest_final(tfm, cksum->data); 234 crypto_digest_final(tfm, cksum->data);
238 code = 0;
239out:
240 crypto_free_tfm(tfm); 235 crypto_free_tfm(tfm);
241 return code; 236 return 0;
242} 237}
243 238
244EXPORT_SYMBOL(make_checksum); 239EXPORT_SYMBOL(make_checksum);
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 3ac4193a78ed..7026b0866b7b 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -159,6 +159,7 @@ struct cache_head *sunrpc_cache_update(struct cache_detail *detail,
159 detail->update(tmp, new); 159 detail->update(tmp, new);
160 tmp->next = *head; 160 tmp->next = *head;
161 *head = tmp; 161 *head = tmp;
162 detail->entries++;
162 cache_get(tmp); 163 cache_get(tmp);
163 is_new = cache_fresh_locked(tmp, new->expiry_time); 164 is_new = cache_fresh_locked(tmp, new->expiry_time);
164 cache_fresh_locked(old, 0); 165 cache_fresh_locked(old, 0);
diff --git a/net/sunrpc/stats.c b/net/sunrpc/stats.c
index dea529666d69..15c2db26767b 100644
--- a/net/sunrpc/stats.c
+++ b/net/sunrpc/stats.c
@@ -176,7 +176,8 @@ void rpc_count_iostats(struct rpc_task *task)
176 op_metrics->om_execute += execute; 176 op_metrics->om_execute += execute;
177} 177}
178 178
179void _print_name(struct seq_file *seq, unsigned int op, struct rpc_procinfo *procs) 179static void _print_name(struct seq_file *seq, unsigned int op,
180 struct rpc_procinfo *procs)
180{ 181{
181 if (procs[op].p_name) 182 if (procs[op].p_name)
182 seq_printf(seq, "\t%12s: ", procs[op].p_name); 183 seq_printf(seq, "\t%12s: ", procs[op].p_name);
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index 55538f6b60ff..58a1b6b42ddd 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -37,14 +37,6 @@ struct ctl_table net_table[] = {
37 .mode = 0555, 37 .mode = 0555,
38 .child = core_table, 38 .child = core_table,
39 }, 39 },
40#ifdef CONFIG_NET
41 {
42 .ctl_name = NET_ETHER,
43 .procname = "ethernet",
44 .mode = 0555,
45 .child = ether_table,
46 },
47#endif
48#ifdef CONFIG_INET 40#ifdef CONFIG_INET
49 { 41 {
50 .ctl_name = NET_IPV4, 42 .ctl_name = NET_IPV4,
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index 953307a9df1d..a3bbc891f959 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -229,8 +229,7 @@ static void node_is_down(struct publication *publ)
229 publ->node, publ->ref, publ->key); 229 publ->node, publ->ref, publ->key);
230 assert(p == publ); 230 assert(p == publ);
231 write_unlock_bh(&tipc_nametbl_lock); 231 write_unlock_bh(&tipc_nametbl_lock);
232 if (publ) 232 kfree(publ);
233 kfree(publ);
234} 233}
235 234
236/** 235/**
diff --git a/net/x25/x25_timer.c b/net/x25/x25_timer.c
index 0a92e1da3922..71ff3088f6fe 100644
--- a/net/x25/x25_timer.c
+++ b/net/x25/x25_timer.c
@@ -114,8 +114,9 @@ static void x25_heartbeat_expiry(unsigned long param)
114 if (sock_flag(sk, SOCK_DESTROY) || 114 if (sock_flag(sk, SOCK_DESTROY) ||
115 (sk->sk_state == TCP_LISTEN && 115 (sk->sk_state == TCP_LISTEN &&
116 sock_flag(sk, SOCK_DEAD))) { 116 sock_flag(sk, SOCK_DEAD))) {
117 bh_unlock_sock(sk);
117 x25_destroy_socket(sk); 118 x25_destroy_socket(sk);
118 goto unlock; 119 return;
119 } 120 }
120 break; 121 break;
121 122
@@ -128,7 +129,6 @@ static void x25_heartbeat_expiry(unsigned long param)
128 } 129 }
129restart_heartbeat: 130restart_heartbeat:
130 x25_start_heartbeat(sk); 131 x25_start_heartbeat(sk);
131unlock:
132 bh_unlock_sock(sk); 132 bh_unlock_sock(sk);
133} 133}
134 134
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b54971059f16..891a6090cc09 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -62,7 +62,7 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq)
62 case IPPROTO_COMP: 62 case IPPROTO_COMP:
63 if (!pskb_may_pull(skb, sizeof(struct ip_comp_hdr))) 63 if (!pskb_may_pull(skb, sizeof(struct ip_comp_hdr)))
64 return -EINVAL; 64 return -EINVAL;
65 *spi = ntohl(ntohs(*(u16*)(skb->h.raw + 2))); 65 *spi = htonl(ntohs(*(u16*)(skb->h.raw + 2)));
66 *seq = 0; 66 *seq = 0;
67 return 0; 67 return 0;
68 default: 68 default:
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index c3725fe2a8fb..b469c8b54613 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -57,12 +57,12 @@ int xfrm_register_type(struct xfrm_type *type, unsigned short family)
57 return -EAFNOSUPPORT; 57 return -EAFNOSUPPORT;
58 typemap = afinfo->type_map; 58 typemap = afinfo->type_map;
59 59
60 write_lock(&typemap->lock); 60 write_lock_bh(&typemap->lock);
61 if (likely(typemap->map[type->proto] == NULL)) 61 if (likely(typemap->map[type->proto] == NULL))
62 typemap->map[type->proto] = type; 62 typemap->map[type->proto] = type;
63 else 63 else
64 err = -EEXIST; 64 err = -EEXIST;
65 write_unlock(&typemap->lock); 65 write_unlock_bh(&typemap->lock);
66 xfrm_policy_put_afinfo(afinfo); 66 xfrm_policy_put_afinfo(afinfo);
67 return err; 67 return err;
68} 68}
@@ -78,12 +78,12 @@ int xfrm_unregister_type(struct xfrm_type *type, unsigned short family)
78 return -EAFNOSUPPORT; 78 return -EAFNOSUPPORT;
79 typemap = afinfo->type_map; 79 typemap = afinfo->type_map;
80 80
81 write_lock(&typemap->lock); 81 write_lock_bh(&typemap->lock);
82 if (unlikely(typemap->map[type->proto] != type)) 82 if (unlikely(typemap->map[type->proto] != type))
83 err = -ENOENT; 83 err = -ENOENT;
84 else 84 else
85 typemap->map[type->proto] = NULL; 85 typemap->map[type->proto] = NULL;
86 write_unlock(&typemap->lock); 86 write_unlock_bh(&typemap->lock);
87 xfrm_policy_put_afinfo(afinfo); 87 xfrm_policy_put_afinfo(afinfo);
88 return err; 88 return err;
89} 89}
@@ -1251,7 +1251,7 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
1251 return -EINVAL; 1251 return -EINVAL;
1252 if (unlikely(afinfo->family >= NPROTO)) 1252 if (unlikely(afinfo->family >= NPROTO))
1253 return -EAFNOSUPPORT; 1253 return -EAFNOSUPPORT;
1254 write_lock(&xfrm_policy_afinfo_lock); 1254 write_lock_bh(&xfrm_policy_afinfo_lock);
1255 if (unlikely(xfrm_policy_afinfo[afinfo->family] != NULL)) 1255 if (unlikely(xfrm_policy_afinfo[afinfo->family] != NULL))
1256 err = -ENOBUFS; 1256 err = -ENOBUFS;
1257 else { 1257 else {
@@ -1268,7 +1268,7 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
1268 afinfo->garbage_collect = __xfrm_garbage_collect; 1268 afinfo->garbage_collect = __xfrm_garbage_collect;
1269 xfrm_policy_afinfo[afinfo->family] = afinfo; 1269 xfrm_policy_afinfo[afinfo->family] = afinfo;
1270 } 1270 }
1271 write_unlock(&xfrm_policy_afinfo_lock); 1271 write_unlock_bh(&xfrm_policy_afinfo_lock);
1272 return err; 1272 return err;
1273} 1273}
1274EXPORT_SYMBOL(xfrm_policy_register_afinfo); 1274EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -1280,7 +1280,7 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
1280 return -EINVAL; 1280 return -EINVAL;
1281 if (unlikely(afinfo->family >= NPROTO)) 1281 if (unlikely(afinfo->family >= NPROTO))
1282 return -EAFNOSUPPORT; 1282 return -EAFNOSUPPORT;
1283 write_lock(&xfrm_policy_afinfo_lock); 1283 write_lock_bh(&xfrm_policy_afinfo_lock);
1284 if (likely(xfrm_policy_afinfo[afinfo->family] != NULL)) { 1284 if (likely(xfrm_policy_afinfo[afinfo->family] != NULL)) {
1285 if (unlikely(xfrm_policy_afinfo[afinfo->family] != afinfo)) 1285 if (unlikely(xfrm_policy_afinfo[afinfo->family] != afinfo))
1286 err = -EINVAL; 1286 err = -EINVAL;
@@ -1294,7 +1294,7 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
1294 afinfo->garbage_collect = NULL; 1294 afinfo->garbage_collect = NULL;
1295 } 1295 }
1296 } 1296 }
1297 write_unlock(&xfrm_policy_afinfo_lock); 1297 write_unlock_bh(&xfrm_policy_afinfo_lock);
1298 return err; 1298 return err;
1299} 1299}
1300EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); 1300EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a8e14dc1b04e..93a2f36ad3db 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -805,16 +805,22 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
805 case XFRM_REPLAY_UPDATE: 805 case XFRM_REPLAY_UPDATE:
806 if (x->replay_maxdiff && 806 if (x->replay_maxdiff &&
807 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) && 807 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
808 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) 808 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
809 return; 809 if (x->xflags & XFRM_TIME_DEFER)
810 event = XFRM_REPLAY_TIMEOUT;
811 else
812 return;
813 }
810 814
811 break; 815 break;
812 816
813 case XFRM_REPLAY_TIMEOUT: 817 case XFRM_REPLAY_TIMEOUT:
814 if ((x->replay.seq == x->preplay.seq) && 818 if ((x->replay.seq == x->preplay.seq) &&
815 (x->replay.bitmap == x->preplay.bitmap) && 819 (x->replay.bitmap == x->preplay.bitmap) &&
816 (x->replay.oseq == x->preplay.oseq)) 820 (x->replay.oseq == x->preplay.oseq)) {
821 x->xflags |= XFRM_TIME_DEFER;
817 return; 822 return;
823 }
818 824
819 break; 825 break;
820 } 826 }
@@ -825,8 +831,10 @@ void xfrm_replay_notify(struct xfrm_state *x, int event)
825 km_state_notify(x, &c); 831 km_state_notify(x, &c);
826 832
827 if (x->replay_maxage && 833 if (x->replay_maxage &&
828 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) 834 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
829 xfrm_state_hold(x); 835 xfrm_state_hold(x);
836 x->xflags &= ~XFRM_TIME_DEFER;
837 }
830} 838}
831EXPORT_SYMBOL(xfrm_replay_notify); 839EXPORT_SYMBOL(xfrm_replay_notify);
832 840
@@ -836,10 +844,15 @@ static void xfrm_replay_timer_handler(unsigned long data)
836 844
837 spin_lock(&x->lock); 845 spin_lock(&x->lock);
838 846
839 if (xfrm_aevent_is_on() && x->km.state == XFRM_STATE_VALID) 847 if (x->km.state == XFRM_STATE_VALID) {
840 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT); 848 if (xfrm_aevent_is_on())
849 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
850 else
851 x->xflags |= XFRM_TIME_DEFER;
852 }
841 853
842 spin_unlock(&x->lock); 854 spin_unlock(&x->lock);
855 xfrm_state_put(x);
843} 856}
844 857
845int xfrm_replay_check(struct xfrm_state *x, u32 seq) 858int xfrm_replay_check(struct xfrm_state *x, u32 seq)
@@ -1048,7 +1061,7 @@ int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1048 return -EINVAL; 1061 return -EINVAL;
1049 if (unlikely(afinfo->family >= NPROTO)) 1062 if (unlikely(afinfo->family >= NPROTO))
1050 return -EAFNOSUPPORT; 1063 return -EAFNOSUPPORT;
1051 write_lock(&xfrm_state_afinfo_lock); 1064 write_lock_bh(&xfrm_state_afinfo_lock);
1052 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 1065 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1053 err = -ENOBUFS; 1066 err = -ENOBUFS;
1054 else { 1067 else {
@@ -1056,7 +1069,7 @@ int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1056 afinfo->state_byspi = xfrm_state_byspi; 1069 afinfo->state_byspi = xfrm_state_byspi;
1057 xfrm_state_afinfo[afinfo->family] = afinfo; 1070 xfrm_state_afinfo[afinfo->family] = afinfo;
1058 } 1071 }
1059 write_unlock(&xfrm_state_afinfo_lock); 1072 write_unlock_bh(&xfrm_state_afinfo_lock);
1060 return err; 1073 return err;
1061} 1074}
1062EXPORT_SYMBOL(xfrm_state_register_afinfo); 1075EXPORT_SYMBOL(xfrm_state_register_afinfo);
@@ -1068,7 +1081,7 @@ int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1068 return -EINVAL; 1081 return -EINVAL;
1069 if (unlikely(afinfo->family >= NPROTO)) 1082 if (unlikely(afinfo->family >= NPROTO))
1070 return -EAFNOSUPPORT; 1083 return -EAFNOSUPPORT;
1071 write_lock(&xfrm_state_afinfo_lock); 1084 write_lock_bh(&xfrm_state_afinfo_lock);
1072 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 1085 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1073 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 1086 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1074 err = -EINVAL; 1087 err = -EINVAL;
@@ -1078,7 +1091,7 @@ int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1078 afinfo->state_bydst = NULL; 1091 afinfo->state_bydst = NULL;
1079 } 1092 }
1080 } 1093 }
1081 write_unlock(&xfrm_state_afinfo_lock); 1094 write_unlock_bh(&xfrm_state_afinfo_lock);
1082 return err; 1095 return err;
1083} 1096}
1084EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 1097EXPORT_SYMBOL(xfrm_state_unregister_afinfo);