aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.linux-foundation.org>2008-02-08 12:27:06 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-02-08 12:27:06 -0500
commit3668805a544a6229d6135a4427b8dfe7c343b61f (patch)
treee486ae277d972a7072d98c80ffc8a285951dac08 /net
parent7b791d445500c5674b1ef00fefc0e343ed2f85b7 (diff)
parentdd5a1843d566911dbb077c4022c4936697495af6 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits) [IPSEC] flow: reorder "struct flow_cache_entry" and remove SLAB_HWCACHE_ALIGN [DECNET] ROUTE: remove unecessary alignment [IPSEC]: Add support for aes-ctr. [ISDN]: fix section mismatch warning in enpci_card_msg [TIPC]: declare proto_ops structures as 'const'. [TIPC]: Kill unused static inline (x5) [TC]: oops in em_meta [IPV6] Minor cleanup: remove unused definitions in net/ip6_fib.h [IPV6] Minor clenup: remove two unused definitions in net/ip6_route.h [AF_IUCV]: defensive programming of iucv_callback_txdone [AF_IUCV]: broken send_skb_q results in endless loop [IUCV]: wrong irq-disabling locking at module load time [CAN]: Minor clean-ups [CAN]: Move proto_{,un}register() out of spin-locked region [CAN]: Clean up module auto loading [IPSEC] flow: Remove an unnecessary ____cacheline_aligned [IPV4]: route: fix crash ip_route_input [NETFILTER]: xt_iprange: add missing #include [NETFILTER]: xt_iprange: fix typo in address family [NETFILTER]: nf_conntrack: fix ct_extend ->move operation ...
Diffstat (limited to 'net')
-rw-r--r--net/can/af_can.c45
-rw-r--r--net/can/raw.c24
-rw-r--r--net/core/flow.c6
-rw-r--r--net/decnet/dn_route.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c6
-rw-r--r--net/ipv4/route.c2
-rw-r--r--net/iucv/af_iucv.c27
-rw-r--r--net/iucv/iucv.c4
-rw-r--r--net/netfilter/nf_conntrack_extend.c3
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c32
-rw-r--r--net/netfilter/xt_iprange.c3
-rw-r--r--net/sched/em_meta.c10
-rw-r--r--net/tipc/addr.h5
-rw-r--r--net/tipc/bcast.h13
-rw-r--r--net/tipc/msg.h5
-rw-r--r--net/tipc/socket.c14
-rw-r--r--net/xfrm/xfrm_algo.c17
17 files changed, 119 insertions, 99 deletions
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 5158e886630f..36b9f22ed83a 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -118,7 +118,6 @@ static int can_create(struct net *net, struct socket *sock, int protocol)
118{ 118{
119 struct sock *sk; 119 struct sock *sk;
120 struct can_proto *cp; 120 struct can_proto *cp;
121 char module_name[sizeof("can-proto-000")];
122 int err = 0; 121 int err = 0;
123 122
124 sock->state = SS_UNCONNECTED; 123 sock->state = SS_UNCONNECTED;
@@ -129,26 +128,21 @@ static int can_create(struct net *net, struct socket *sock, int protocol)
129 if (net != &init_net) 128 if (net != &init_net)
130 return -EAFNOSUPPORT; 129 return -EAFNOSUPPORT;
131 130
131#ifdef CONFIG_KMOD
132 /* try to load protocol module, when CONFIG_KMOD is defined */ 132 /* try to load protocol module, when CONFIG_KMOD is defined */
133 if (!proto_tab[protocol]) { 133 if (!proto_tab[protocol]) {
134 sprintf(module_name, "can-proto-%d", protocol); 134 err = request_module("can-proto-%d", protocol);
135 err = request_module(module_name);
136 135
137 /* 136 /*
138 * In case of error we only print a message but don't 137 * In case of error we only print a message but don't
139 * return the error code immediately. Below we will 138 * return the error code immediately. Below we will
140 * return -EPROTONOSUPPORT 139 * return -EPROTONOSUPPORT
141 */ 140 */
142 if (err == -ENOSYS) { 141 if (err && printk_ratelimit())
143 if (printk_ratelimit()) 142 printk(KERN_ERR "can: request_module "
144 printk(KERN_INFO "can: request_module(%s)" 143 "(can-proto-%d) failed.\n", protocol);
145 " not implemented.\n", module_name);
146 } else if (err) {
147 if (printk_ratelimit())
148 printk(KERN_ERR "can: request_module(%s)"
149 " failed.\n", module_name);
150 }
151 } 144 }
145#endif
152 146
153 spin_lock(&proto_tab_lock); 147 spin_lock(&proto_tab_lock);
154 cp = proto_tab[protocol]; 148 cp = proto_tab[protocol];
@@ -662,26 +656,26 @@ int can_proto_register(struct can_proto *cp)
662 return -EINVAL; 656 return -EINVAL;
663 } 657 }
664 658
659 err = proto_register(cp->prot, 0);
660 if (err < 0)
661 return err;
662
665 spin_lock(&proto_tab_lock); 663 spin_lock(&proto_tab_lock);
666 if (proto_tab[proto]) { 664 if (proto_tab[proto]) {
667 printk(KERN_ERR "can: protocol %d already registered\n", 665 printk(KERN_ERR "can: protocol %d already registered\n",
668 proto); 666 proto);
669 err = -EBUSY; 667 err = -EBUSY;
670 goto errout; 668 } else {
669 proto_tab[proto] = cp;
670
671 /* use generic ioctl function if not defined by module */
672 if (!cp->ops->ioctl)
673 cp->ops->ioctl = can_ioctl;
671 } 674 }
675 spin_unlock(&proto_tab_lock);
672 676
673 err = proto_register(cp->prot, 0);
674 if (err < 0) 677 if (err < 0)
675 goto errout; 678 proto_unregister(cp->prot);
676
677 proto_tab[proto] = cp;
678
679 /* use generic ioctl function if the module doesn't bring its own */
680 if (!cp->ops->ioctl)
681 cp->ops->ioctl = can_ioctl;
682
683 errout:
684 spin_unlock(&proto_tab_lock);
685 679
686 return err; 680 return err;
687} 681}
@@ -700,9 +694,10 @@ void can_proto_unregister(struct can_proto *cp)
700 printk(KERN_ERR "BUG: can: protocol %d is not registered\n", 694 printk(KERN_ERR "BUG: can: protocol %d is not registered\n",
701 proto); 695 proto);
702 } 696 }
703 proto_unregister(cp->prot);
704 proto_tab[proto] = NULL; 697 proto_tab[proto] = NULL;
705 spin_unlock(&proto_tab_lock); 698 spin_unlock(&proto_tab_lock);
699
700 proto_unregister(cp->prot);
706} 701}
707EXPORT_SYMBOL(can_proto_unregister); 702EXPORT_SYMBOL(can_proto_unregister);
708 703
diff --git a/net/can/raw.c b/net/can/raw.c
index aeefd1419d00..94cd7f27c444 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -98,7 +98,6 @@ static void raw_rcv(struct sk_buff *skb, void *data)
98 struct sock *sk = (struct sock *)data; 98 struct sock *sk = (struct sock *)data;
99 struct raw_sock *ro = raw_sk(sk); 99 struct raw_sock *ro = raw_sk(sk);
100 struct sockaddr_can *addr; 100 struct sockaddr_can *addr;
101 int error;
102 101
103 if (!ro->recv_own_msgs) { 102 if (!ro->recv_own_msgs) {
104 /* check the received tx sock reference */ 103 /* check the received tx sock reference */
@@ -121,14 +120,12 @@ static void raw_rcv(struct sk_buff *skb, void *data)
121 addr->can_family = AF_CAN; 120 addr->can_family = AF_CAN;
122 addr->can_ifindex = skb->dev->ifindex; 121 addr->can_ifindex = skb->dev->ifindex;
123 122
124 error = sock_queue_rcv_skb(sk, skb); 123 if (sock_queue_rcv_skb(sk, skb) < 0)
125 if (error < 0)
126 kfree_skb(skb); 124 kfree_skb(skb);
127} 125}
128 126
129static int raw_enable_filters(struct net_device *dev, struct sock *sk, 127static int raw_enable_filters(struct net_device *dev, struct sock *sk,
130 struct can_filter *filter, 128 struct can_filter *filter, int count)
131 int count)
132{ 129{
133 int err = 0; 130 int err = 0;
134 int i; 131 int i;
@@ -163,8 +160,7 @@ static int raw_enable_errfilter(struct net_device *dev, struct sock *sk,
163} 160}
164 161
165static void raw_disable_filters(struct net_device *dev, struct sock *sk, 162static void raw_disable_filters(struct net_device *dev, struct sock *sk,
166 struct can_filter *filter, 163 struct can_filter *filter, int count)
167 int count)
168{ 164{
169 int i; 165 int i;
170 166
@@ -353,7 +349,6 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len)
353 /* filters set by default/setsockopt */ 349 /* filters set by default/setsockopt */
354 err = raw_enable_allfilters(dev, sk); 350 err = raw_enable_allfilters(dev, sk);
355 dev_put(dev); 351 dev_put(dev);
356
357 } else { 352 } else {
358 ifindex = 0; 353 ifindex = 0;
359 354
@@ -466,7 +461,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
466 if (err) { 461 if (err) {
467 if (count > 1) 462 if (count > 1)
468 kfree(filter); 463 kfree(filter);
469
470 goto out_fil; 464 goto out_fil;
471 } 465 }
472 466
@@ -673,25 +667,25 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
673{ 667{
674 struct sock *sk = sock->sk; 668 struct sock *sk = sock->sk;
675 struct sk_buff *skb; 669 struct sk_buff *skb;
676 int error = 0; 670 int err = 0;
677 int noblock; 671 int noblock;
678 672
679 noblock = flags & MSG_DONTWAIT; 673 noblock = flags & MSG_DONTWAIT;
680 flags &= ~MSG_DONTWAIT; 674 flags &= ~MSG_DONTWAIT;
681 675
682 skb = skb_recv_datagram(sk, flags, noblock, &error); 676 skb = skb_recv_datagram(sk, flags, noblock, &err);
683 if (!skb) 677 if (!skb)
684 return error; 678 return err;
685 679
686 if (size < skb->len) 680 if (size < skb->len)
687 msg->msg_flags |= MSG_TRUNC; 681 msg->msg_flags |= MSG_TRUNC;
688 else 682 else
689 size = skb->len; 683 size = skb->len;
690 684
691 error = memcpy_toiovec(msg->msg_iov, skb->data, size); 685 err = memcpy_toiovec(msg->msg_iov, skb->data, size);
692 if (error < 0) { 686 if (err < 0) {
693 skb_free_datagram(sk, skb); 687 skb_free_datagram(sk, skb);
694 return error; 688 return err;
695 } 689 }
696 690
697 sock_recv_timestamp(msg, sk, skb); 691 sock_recv_timestamp(msg, sk, skb);
diff --git a/net/core/flow.c b/net/core/flow.c
index 46b38e06e0d7..a77531c139b7 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -30,8 +30,8 @@ struct flow_cache_entry {
30 struct flow_cache_entry *next; 30 struct flow_cache_entry *next;
31 u16 family; 31 u16 family;
32 u8 dir; 32 u8 dir;
33 struct flowi key;
34 u32 genid; 33 u32 genid;
34 struct flowi key;
35 void *object; 35 void *object;
36 atomic_t *object_ref; 36 atomic_t *object_ref;
37}; 37};
@@ -52,7 +52,7 @@ struct flow_percpu_info {
52 int hash_rnd_recalc; 52 int hash_rnd_recalc;
53 u32 hash_rnd; 53 u32 hash_rnd;
54 int count; 54 int count;
55} ____cacheline_aligned; 55};
56static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 }; 56static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
57 57
58#define flow_hash_rnd_recalc(cpu) \ 58#define flow_hash_rnd_recalc(cpu) \
@@ -346,7 +346,7 @@ static int __init flow_cache_init(void)
346 346
347 flow_cachep = kmem_cache_create("flow_cache", 347 flow_cachep = kmem_cache_create("flow_cache",
348 sizeof(struct flow_cache_entry), 348 sizeof(struct flow_cache_entry),
349 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, 349 0, SLAB_PANIC,
350 NULL); 350 NULL);
351 flow_hash_shift = 10; 351 flow_hash_shift = 10;
352 flow_lwm = 2 * flow_hash_size; 352 flow_lwm = 2 * flow_hash_size;
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 31be29b8b5a3..9dc0abb50eaf 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -94,7 +94,7 @@ struct dn_rt_hash_bucket
94{ 94{
95 struct dn_route *chain; 95 struct dn_route *chain;
96 spinlock_t lock; 96 spinlock_t lock;
97} __attribute__((__aligned__(8))); 97};
98 98
99extern struct neigh_table dn_neigh_table; 99extern struct neigh_table dn_neigh_table;
100 100
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index dd07362d2b8f..0d5fa3a54d04 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -600,10 +600,10 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
600 spin_unlock_bh(&nf_nat_lock); 600 spin_unlock_bh(&nf_nat_lock);
601} 601}
602 602
603static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) 603static void nf_nat_move_storage(void *new, void *old)
604{ 604{
605 struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); 605 struct nf_conn_nat *new_nat = new;
606 struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old; 606 struct nf_conn_nat *old_nat = old;
607 struct nf_conn *ct = old_nat->ct; 607 struct nf_conn *ct = old_nat->ct;
608 608
609 if (!ct || !(ct->status & IPS_NAT_DONE_MASK)) 609 if (!ct || !(ct->status & IPS_NAT_DONE_MASK))
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 8842ecb9be48..525787b52b72 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2041,7 +2041,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2041 int iif = dev->ifindex; 2041 int iif = dev->ifindex;
2042 struct net *net; 2042 struct net *net;
2043 2043
2044 net = skb->dev->nd_net; 2044 net = dev->nd_net;
2045 tos &= IPTOS_RT_MASK; 2045 tos &= IPTOS_RT_MASK;
2046 hash = rt_hash(daddr, saddr, iif); 2046 hash = rt_hash(daddr, saddr, iif);
2047 2047
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 2255e3c082ed..fee22caf1bad 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -482,6 +482,10 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
482 /* Create path. */ 482 /* Create path. */
483 iucv->path = iucv_path_alloc(IUCV_QUEUELEN_DEFAULT, 483 iucv->path = iucv_path_alloc(IUCV_QUEUELEN_DEFAULT,
484 IPRMDATA, GFP_KERNEL); 484 IPRMDATA, GFP_KERNEL);
485 if (!iucv->path) {
486 err = -ENOMEM;
487 goto done;
488 }
485 err = iucv_path_connect(iucv->path, &af_iucv_handler, 489 err = iucv_path_connect(iucv->path, &af_iucv_handler,
486 sa->siucv_user_id, NULL, user_data, sk); 490 sa->siucv_user_id, NULL, user_data, sk);
487 if (err) { 491 if (err) {
@@ -1094,6 +1098,8 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
1094 1098
1095save_message: 1099save_message:
1096 save_msg = kzalloc(sizeof(struct sock_msg_q), GFP_ATOMIC | GFP_DMA); 1100 save_msg = kzalloc(sizeof(struct sock_msg_q), GFP_ATOMIC | GFP_DMA);
1101 if (!save_msg)
1102 return;
1097 save_msg->path = path; 1103 save_msg->path = path;
1098 save_msg->msg = *msg; 1104 save_msg->msg = *msg;
1099 1105
@@ -1106,24 +1112,31 @@ static void iucv_callback_txdone(struct iucv_path *path,
1106 struct iucv_message *msg) 1112 struct iucv_message *msg)
1107{ 1113{
1108 struct sock *sk = path->private; 1114 struct sock *sk = path->private;
1109 struct sk_buff *this; 1115 struct sk_buff *this = NULL;
1110 struct sk_buff_head *list = &iucv_sk(sk)->send_skb_q; 1116 struct sk_buff_head *list = &iucv_sk(sk)->send_skb_q;
1111 struct sk_buff *list_skb = list->next; 1117 struct sk_buff *list_skb = list->next;
1112 unsigned long flags; 1118 unsigned long flags;
1113 1119
1114 if (list_skb) { 1120 if (!skb_queue_empty(list)) {
1115 spin_lock_irqsave(&list->lock, flags); 1121 spin_lock_irqsave(&list->lock, flags);
1116 1122
1117 do { 1123 while (list_skb != (struct sk_buff *)list) {
1118 this = list_skb; 1124 if (!memcmp(&msg->tag, list_skb->cb, 4)) {
1125 this = list_skb;
1126 break;
1127 }
1119 list_skb = list_skb->next; 1128 list_skb = list_skb->next;
1120 } while (memcmp(&msg->tag, this->cb, 4) && list_skb); 1129 }
1130 if (this)
1131 __skb_unlink(this, list);
1121 1132
1122 spin_unlock_irqrestore(&list->lock, flags); 1133 spin_unlock_irqrestore(&list->lock, flags);
1123 1134
1124 skb_unlink(this, &iucv_sk(sk)->send_skb_q); 1135 if (this)
1125 kfree_skb(this); 1136 kfree_skb(this);
1126 } 1137 }
1138 if (!this)
1139 printk(KERN_ERR "AF_IUCV msg tag %u not found\n", msg->tag);
1127 1140
1128 if (sk->sk_state == IUCV_CLOSING) { 1141 if (sk->sk_state == IUCV_CLOSING) {
1129 if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) { 1142 if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) {
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index f13fe8821cbd..2753b0c448f3 100644
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -693,9 +693,9 @@ int iucv_register(struct iucv_handler *handler, int smp)
693 iucv_setmask_up(); 693 iucv_setmask_up();
694 INIT_LIST_HEAD(&handler->paths); 694 INIT_LIST_HEAD(&handler->paths);
695 695
696 spin_lock_irq(&iucv_table_lock); 696 spin_lock_bh(&iucv_table_lock);
697 list_add_tail(&handler->list, &iucv_handler_list); 697 list_add_tail(&handler->list, &iucv_handler_list);
698 spin_unlock_irq(&iucv_table_lock); 698 spin_unlock_bh(&iucv_table_lock);
699 rc = 0; 699 rc = 0;
700out_mutex: 700out_mutex:
701 mutex_unlock(&iucv_register_mutex); 701 mutex_unlock(&iucv_register_mutex);
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index cf6ba6659a80..8b9be1e978cd 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -109,7 +109,8 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
109 rcu_read_lock(); 109 rcu_read_lock();
110 t = rcu_dereference(nf_ct_ext_types[i]); 110 t = rcu_dereference(nf_ct_ext_types[i]);
111 if (t && t->move) 111 if (t && t->move)
112 t->move(ct, ct->ext + ct->ext->offset[i]); 112 t->move((void *)new + new->offset[i],
113 (void *)ct->ext + ct->ext->offset[i]);
113 rcu_read_unlock(); 114 rcu_read_unlock();
114 } 115 }
115 kfree(ct->ext); 116 kfree(ct->ext);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 3e0cccae5636..202d7fa09483 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -125,7 +125,7 @@ enum tcp_bit_set {
125 * CLOSE_WAIT: ACK seen (after FIN) 125 * CLOSE_WAIT: ACK seen (after FIN)
126 * LAST_ACK: FIN seen (after FIN) 126 * LAST_ACK: FIN seen (after FIN)
127 * TIME_WAIT: last ACK seen 127 * TIME_WAIT: last ACK seen
128 * CLOSE: closed connection 128 * CLOSE: closed connection (RST)
129 * 129 *
130 * LISTEN state is not used. 130 * LISTEN state is not used.
131 * 131 *
@@ -824,7 +824,21 @@ static int tcp_packet(struct nf_conn *ct,
824 case TCP_CONNTRACK_SYN_SENT: 824 case TCP_CONNTRACK_SYN_SENT:
825 if (old_state < TCP_CONNTRACK_TIME_WAIT) 825 if (old_state < TCP_CONNTRACK_TIME_WAIT)
826 break; 826 break;
827 if ((ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_CLOSE_INIT) 827 /* RFC 1122: "When a connection is closed actively,
828 * it MUST linger in TIME-WAIT state for a time 2xMSL
829 * (Maximum Segment Lifetime). However, it MAY accept
830 * a new SYN from the remote TCP to reopen the connection
831 * directly from TIME-WAIT state, if..."
832 * We ignore the conditions because we are in the
833 * TIME-WAIT state anyway.
834 *
835 * Handle aborted connections: we and the server
836 * think there is an existing connection but the client
837 * aborts it and starts a new one.
838 */
839 if (((ct->proto.tcp.seen[dir].flags
840 | ct->proto.tcp.seen[!dir].flags)
841 & IP_CT_TCP_FLAG_CLOSE_INIT)
828 || (ct->proto.tcp.last_dir == dir 842 || (ct->proto.tcp.last_dir == dir
829 && ct->proto.tcp.last_index == TCP_RST_SET)) { 843 && ct->proto.tcp.last_index == TCP_RST_SET)) {
830 /* Attempt to reopen a closed/aborted connection. 844 /* Attempt to reopen a closed/aborted connection.
@@ -838,15 +852,22 @@ static int tcp_packet(struct nf_conn *ct,
838 case TCP_CONNTRACK_IGNORE: 852 case TCP_CONNTRACK_IGNORE:
839 /* Ignored packets: 853 /* Ignored packets:
840 * 854 *
855 * Our connection entry may be out of sync, so ignore
856 * packets which may signal the real connection between
857 * the client and the server.
858 *
841 * a) SYN in ORIGINAL 859 * a) SYN in ORIGINAL
842 * b) SYN/ACK in REPLY 860 * b) SYN/ACK in REPLY
843 * c) ACK in reply direction after initial SYN in original. 861 * c) ACK in reply direction after initial SYN in original.
862 *
863 * If the ignored packet is invalid, the receiver will send
864 * a RST we'll catch below.
844 */ 865 */
845 if (index == TCP_SYNACK_SET 866 if (index == TCP_SYNACK_SET
846 && ct->proto.tcp.last_index == TCP_SYN_SET 867 && ct->proto.tcp.last_index == TCP_SYN_SET
847 && ct->proto.tcp.last_dir != dir 868 && ct->proto.tcp.last_dir != dir
848 && ntohl(th->ack_seq) == ct->proto.tcp.last_end) { 869 && ntohl(th->ack_seq) == ct->proto.tcp.last_end) {
849 /* This SYN/ACK acknowledges a SYN that we earlier 870 /* b) This SYN/ACK acknowledges a SYN that we earlier
850 * ignored as invalid. This means that the client and 871 * ignored as invalid. This means that the client and
851 * the server are both in sync, while the firewall is 872 * the server are both in sync, while the firewall is
852 * not. We kill this session and block the SYN/ACK so 873 * not. We kill this session and block the SYN/ACK so
@@ -870,7 +891,7 @@ static int tcp_packet(struct nf_conn *ct,
870 write_unlock_bh(&tcp_lock); 891 write_unlock_bh(&tcp_lock);
871 if (LOG_INVALID(IPPROTO_TCP)) 892 if (LOG_INVALID(IPPROTO_TCP))
872 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 893 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
873 "nf_ct_tcp: invalid packed ignored "); 894 "nf_ct_tcp: invalid packet ignored ");
874 return NF_ACCEPT; 895 return NF_ACCEPT;
875 case TCP_CONNTRACK_MAX: 896 case TCP_CONNTRACK_MAX:
876 /* Invalid packet */ 897 /* Invalid packet */
@@ -924,8 +945,7 @@ static int tcp_packet(struct nf_conn *ct,
924 945
925 ct->proto.tcp.state = new_state; 946 ct->proto.tcp.state = new_state;
926 if (old_state != new_state 947 if (old_state != new_state
927 && (new_state == TCP_CONNTRACK_FIN_WAIT 948 && new_state == TCP_CONNTRACK_CLOSE)
928 || new_state == TCP_CONNTRACK_CLOSE))
929 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; 949 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
930 timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans 950 timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans
931 && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans 951 && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
index 01035fc0e140..4f984dc60319 100644
--- a/net/netfilter/xt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -13,6 +13,7 @@
13#include <linux/ip.h> 13#include <linux/ip.h>
14#include <linux/ipv6.h> 14#include <linux/ipv6.h>
15#include <linux/netfilter/x_tables.h> 15#include <linux/netfilter/x_tables.h>
16#include <linux/netfilter/xt_iprange.h>
16#include <linux/netfilter_ipv4/ipt_iprange.h> 17#include <linux/netfilter_ipv4/ipt_iprange.h>
17 18
18static bool 19static bool
@@ -148,7 +149,7 @@ static struct xt_match iprange_mt_reg[] __read_mostly = {
148 { 149 {
149 .name = "iprange", 150 .name = "iprange",
150 .revision = 1, 151 .revision = 1,
151 .family = AF_INET6, 152 .family = AF_INET,
152 .match = iprange_mt4, 153 .match = iprange_mt4,
153 .matchsize = sizeof(struct xt_iprange_mtinfo), 154 .matchsize = sizeof(struct xt_iprange_mtinfo),
154 .me = THIS_MODULE, 155 .me = THIS_MODULE,
diff --git a/net/sched/em_meta.c b/net/sched/em_meta.c
index 2a7e648fbcf4..d417ec8e3ca3 100644
--- a/net/sched/em_meta.c
+++ b/net/sched/em_meta.c
@@ -735,11 +735,13 @@ static int em_meta_match(struct sk_buff *skb, struct tcf_ematch *m,
735 735
736static inline void meta_delete(struct meta_match *meta) 736static inline void meta_delete(struct meta_match *meta)
737{ 737{
738 struct meta_type_ops *ops = meta_type_ops(&meta->lvalue); 738 if (meta) {
739 struct meta_type_ops *ops = meta_type_ops(&meta->lvalue);
739 740
740 if (ops && ops->destroy) { 741 if (ops && ops->destroy) {
741 ops->destroy(&meta->lvalue); 742 ops->destroy(&meta->lvalue);
742 ops->destroy(&meta->rvalue); 743 ops->destroy(&meta->rvalue);
744 }
743 } 745 }
744 746
745 kfree(meta); 747 kfree(meta);
diff --git a/net/tipc/addr.h b/net/tipc/addr.h
index e4bd5335e48d..3ba67e6ce03e 100644
--- a/net/tipc/addr.h
+++ b/net/tipc/addr.h
@@ -57,11 +57,6 @@ static inline int in_own_cluster(u32 addr)
57 return !((addr ^ tipc_own_addr) >> 12); 57 return !((addr ^ tipc_own_addr) >> 12);
58} 58}
59 59
60static inline int in_own_zone(u32 addr)
61{
62 return !((addr ^ tipc_own_addr) >> 24);
63}
64
65static inline int is_slave(u32 addr) 60static inline int is_slave(u32 addr)
66{ 61{
67 return addr & 0x800; 62 return addr & 0x800;
diff --git a/net/tipc/bcast.h b/net/tipc/bcast.h
index f910ed29d055..a2416fa6b906 100644
--- a/net/tipc/bcast.h
+++ b/net/tipc/bcast.h
@@ -74,19 +74,6 @@ extern char tipc_bclink_name[];
74 74
75 75
76/** 76/**
77 * nmap_get - determine if node exists in a node map
78 */
79
80static inline int tipc_nmap_get(struct node_map *nm_ptr, u32 node)
81{
82 int n = tipc_node(node);
83 int w = n / WSIZE;
84 int b = n % WSIZE;
85
86 return nm_ptr->map[w] & (1 << b);
87}
88
89/**
90 * nmap_add - add a node to a node map 77 * nmap_add - add a node to a node map
91 */ 78 */
92 79
diff --git a/net/tipc/msg.h b/net/tipc/msg.h
index ce2659836374..e9ef6df26562 100644
--- a/net/tipc/msg.h
+++ b/net/tipc/msg.h
@@ -663,11 +663,6 @@ static inline void msg_set_remote_node(struct tipc_msg *m, u32 a)
663 msg_set_word(m, msg_hdr_sz(m)/4, a); 663 msg_set_word(m, msg_hdr_sz(m)/4, a);
664} 664}
665 665
666static inline int msg_dataoctet(struct tipc_msg *m, u32 pos)
667{
668 return(msg_data(m)[pos + 4] != 0);
669}
670
671static inline void msg_set_dataoctet(struct tipc_msg *m, u32 pos) 666static inline void msg_set_dataoctet(struct tipc_msg *m, u32 pos)
672{ 667{
673 msg_data(m)[pos + 4] = 1; 668 msg_data(m)[pos + 4] = 1;
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 24ddfd2ca38b..22909036b9bc 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -71,9 +71,9 @@ struct tipc_sock {
71static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf); 71static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf);
72static void wakeupdispatch(struct tipc_port *tport); 72static void wakeupdispatch(struct tipc_port *tport);
73 73
74static struct proto_ops packet_ops; 74static const struct proto_ops packet_ops;
75static struct proto_ops stream_ops; 75static const struct proto_ops stream_ops;
76static struct proto_ops msg_ops; 76static const struct proto_ops msg_ops;
77 77
78static struct proto tipc_proto; 78static struct proto tipc_proto;
79 79
@@ -1615,7 +1615,7 @@ static int getsockopt(struct socket *sock,
1615 * Protocol switches for the various types of TIPC sockets 1615 * Protocol switches for the various types of TIPC sockets
1616 */ 1616 */
1617 1617
1618static struct proto_ops msg_ops = { 1618static const struct proto_ops msg_ops = {
1619 .owner = THIS_MODULE, 1619 .owner = THIS_MODULE,
1620 .family = AF_TIPC, 1620 .family = AF_TIPC,
1621 .release = release, 1621 .release = release,
@@ -1636,7 +1636,7 @@ static struct proto_ops msg_ops = {
1636 .sendpage = sock_no_sendpage 1636 .sendpage = sock_no_sendpage
1637}; 1637};
1638 1638
1639static struct proto_ops packet_ops = { 1639static const struct proto_ops packet_ops = {
1640 .owner = THIS_MODULE, 1640 .owner = THIS_MODULE,
1641 .family = AF_TIPC, 1641 .family = AF_TIPC,
1642 .release = release, 1642 .release = release,
@@ -1657,7 +1657,7 @@ static struct proto_ops packet_ops = {
1657 .sendpage = sock_no_sendpage 1657 .sendpage = sock_no_sendpage
1658}; 1658};
1659 1659
1660static struct proto_ops stream_ops = { 1660static const struct proto_ops stream_ops = {
1661 .owner = THIS_MODULE, 1661 .owner = THIS_MODULE,
1662 .family = AF_TIPC, 1662 .family = AF_TIPC,
1663 .release = release, 1663 .release = release,
@@ -1678,7 +1678,7 @@ static struct proto_ops stream_ops = {
1678 .sendpage = sock_no_sendpage 1678 .sendpage = sock_no_sendpage
1679}; 1679};
1680 1680
1681static struct net_proto_family tipc_family_ops = { 1681static const struct net_proto_family tipc_family_ops = {
1682 .owner = THIS_MODULE, 1682 .owner = THIS_MODULE,
1683 .family = AF_TIPC, 1683 .family = AF_TIPC,
1684 .create = tipc_create 1684 .create = tipc_create
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 6cc15250de69..8aa6440d689f 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -399,6 +399,23 @@ static struct xfrm_algo_desc ealg_list[] = {
399 .sadb_alg_maxbits = 256 399 .sadb_alg_maxbits = 256
400 } 400 }
401}, 401},
402{
403 .name = "rfc3686(ctr(aes))",
404
405 .uinfo = {
406 .encr = {
407 .blockbits = 128,
408 .defkeybits = 160, /* 128-bit key + 32-bit nonce */
409 }
410 },
411
412 .desc = {
413 .sadb_alg_id = SADB_X_EALG_AESCTR,
414 .sadb_alg_ivlen = 8,
415 .sadb_alg_minbits = 128,
416 .sadb_alg_maxbits = 256
417 }
418},
402}; 419};
403 420
404static struct xfrm_algo_desc calg_list[] = { 421static struct xfrm_algo_desc calg_list[] = {