Merge branch 'from-linus'

author: John W. Linville <linville@tuxdriver.com> 2006-02-27 20:12:23 -0500
committer: John W. Linville <linville@tuxdriver.com> 2006-02-27 20:12:23 -0500
commit: 9f5a405b6843933c1cae5826046a5dd6357f142a (patch)
tree: bcdbb0175d37b780551b71c40abcde964a8905eb /net
parent: b7cffb028abbffff3ba0b87268ecb775ed354049 (diff)
parent: 051d3cbd96909b2fe6b5038e7bbe77f41356db05 (diff)
13 files changed, 54 insertions, 49 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 6bb0c7eb1ef0..e060aad8624d 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -90,6 +90,7 @@ static struct rtable __fake_rtable = {
                        .dev                    = &__fake_net_device,
                        .path                   = &__fake_rtable.u.dst,
                        .metrics                = {[RTAX_MTU - 1] = 1500},
+                        .flags                  = DST_NOXFRM,
                }
        },
        .rt_flags       = 0,
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 6766f118f070..2144952d1c6c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -411,6 +411,9 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
        C(pkt_type);
        C(ip_summed);
        C(priority);
+#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
+        C(ipvs_property);
+#endif
        C(protocol);
        n->destructor = NULL;
 #ifdef CONFIG_NETFILTER
@@ -422,13 +425,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
        C(nfct_reasm);
        nf_conntrack_get_reasm(skb->nfct_reasm);
 #endif
-#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
-        C(ipvs_property);
-#endif
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-        C(nfct_reasm);
-        nf_conntrack_get_reasm(skb->nfct_reasm);
-#endif
 #ifdef CONFIG_BRIDGE_NETFILTER
        C(nf_bridge);
        nf_bridge_get(skb->nf_bridge);
diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c
index 9890fd97e538..c971f14712ec 100644
--- a/net/ethernet/eth.c
+++ b/net/ethernet/eth.c
@@ -95,6 +95,12 @@ int eth_header(struct sk_buff *skb, struct net_device *dev, unsigned short type,
                saddr = dev->dev_addr;
        memcpy(eth->h_source,saddr,dev->addr_len);
+        if(daddr)
+        {
+                memcpy(eth->h_dest,daddr,dev->addr_len);
+                return ETH_HLEN;
+        }
+        
        /*
         *      Anyway, the loopback-device should never use this function... 
         */
@@ -105,12 +111,6 @@ int eth_header(struct sk_buff *skb, struct net_device *dev, unsigned short type,
                return ETH_HLEN;
        }
        
-        if(daddr)
-        {
-                memcpy(eth->h_dest,daddr,dev->addr_len);
-                return ETH_HLEN;
-        }
-        
        return -ETH_HLEN;
 }
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index c1a61462507f..1741d555ad0d 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -434,6 +434,7 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
        } *inside;
        struct ip_conntrack_tuple inner, target;
        int hdrlen = (*pskb)->nh.iph->ihl * 4;
+        unsigned long statusbit;
        if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
                return 0;
@@ -495,17 +496,16 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
        /* Change outer to look the reply to an incoming packet
         * (proto 0 means don't invert per-proto part). */
+        if (manip == IP_NAT_MANIP_SRC)
+                statusbit = IPS_SRC_NAT;
+        else
+                statusbit = IPS_DST_NAT;
-        /* Obviously, we need to NAT destination IP, but source IP
+        /* Invert if this is reply dir. */
-           should be NAT'ed only if it is from a NAT'd host.
+        if (dir == IP_CT_DIR_REPLY)
+                statusbit ^= IPS_NAT_MASK;
-           Explanation: some people use NAT for anonymizing.  Also,
+        if (ct->status & statusbit) {
-           CERT recommends dropping all packets from private IP
-           addresses (although ICMP errors from internal links with
-           such addresses are not too uncommon, as Alan Cox points
-           out) */
-        if (manip != IP_NAT_MANIP_SRC
-            || ((*pskb)->nh.iph->saddr == ct->tuplehash[dir].tuple.src.ip)) {
                invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
                if (!manip_pkt(0, pskb, 0, &target, manip))
                        return 0;
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 7c3f7d380240..ab1f88fa21ec 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -200,20 +200,14 @@ ip_nat_in(unsigned int hooknum,
          const struct net_device *out,
          int (*okfn)(struct sk_buff *))
 {
-        struct ip_conntrack *ct;
-        enum ip_conntrack_info ctinfo;
        unsigned int ret;
+        u_int32_t daddr = (*pskb)->nh.iph->daddr;
        ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
        if (ret != NF_DROP && ret != NF_STOLEN
-            && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
+            && daddr != (*pskb)->nh.iph->daddr) {
-                enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
+                dst_release((*pskb)->dst);
+                (*pskb)->dst = NULL;
-                if (ct->tuplehash[dir].tuple.dst.ip !=
-                    ct->tuplehash[!dir].tuple.src.ip) {
-                        dst_release((*pskb)->dst);
-                        (*pskb)->dst = NULL;
-                }
        }
        return ret;
 }
@@ -276,7 +270,7 @@ ip_nat_local_fn(unsigned int hooknum,
                    ct->tuplehash[!dir].tuple.src.ip
 #ifdef CONFIG_XFRM
                    || ct->tuplehash[dir].tuple.dst.u.all !=
-                       ct->tuplehash[dir].tuple.src.u.all
+                       ct->tuplehash[!dir].tuple.src.u.all
 #endif
                    )
                        return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index d82c242ea704..fca5fe0cf94a 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -835,7 +835,7 @@ static int rt_garbage_collect(void)
                                        int r;
                                        rthp = rt_remove_balanced_route(
-                                                &rt_hash_table[i].chain,
+                                                &rt_hash_table[k].chain,
                                                rth,
                                                &r);
                                        goal -= r;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 45f7ae58f2c0..f285bbf296e2 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -35,6 +35,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
                if (xdst->u.rt.fl.oif == fl->oif &&     /*XXX*/
                    xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
                    xdst->u.rt.fl.fl4_src == fl->fl4_src &&
+                    xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
                    xfrm_bundle_ok(xdst, fl, AF_INET)) {
                        dst_clone(dst);
                        break;
@@ -61,7 +62,8 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
                .nl_u = {
                        .ip4_u = {
                                .saddr = local,
-                                .daddr = remote
+                                .daddr = remote,
+                                .tos = fl->fl4_tos
                        }
                }
        };
@@ -230,6 +232,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl)
        fl->proto = iph->protocol;
        fl->fl4_dst = iph->daddr;
        fl->fl4_src = iph->saddr;
+        fl->fl4_tos = iph->tos;
 }
 static inline int xfrm4_garbage_collect(void)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index efa3e72cfcfa..f999edd846a9 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -494,6 +494,7 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
        struct net_device *dev;
        struct sk_buff *frag;
        struct rt6_info *rt = (struct rt6_info*)skb->dst;
+        struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
        struct ipv6hdr *tmp_hdr;
        struct frag_hdr *fh;
        unsigned int mtu, hlen, left, len;
@@ -505,7 +506,12 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
        hlen = ip6_find_1stfragopt(skb, &prevhdr);
        nexthdr = *prevhdr;
-        mtu = dst_mtu(&rt->u.dst) - hlen - sizeof(struct frag_hdr);
+        mtu = dst_mtu(&rt->u.dst);
+        if (np && np->frag_size < mtu) {
+                if (np->frag_size)
+                        mtu = np->frag_size;
+        }
+        mtu -= hlen + sizeof(struct frag_hdr);
        if (skb_shinfo(skb)->frag_list) {
                int first_len = skb_pagelen(skb);
@@ -882,7 +888,12 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
                inet->cork.fl = *fl;
                np->cork.hop_limit = hlimit;
                np->cork.tclass = tclass;
-                inet->cork.fragsize = mtu = dst_mtu(rt->u.dst.path);
+                mtu = dst_mtu(rt->u.dst.path);
+                if (np && np->frag_size < mtu) {
+                        if (np->frag_size)
+                                mtu = np->frag_size;
+                }
+                inet->cork.fragsize = mtu;
                if (dst_allfrag(rt->u.dst.path))
                        inet->cork.flags |= IPCORK_ALLFRAG;
                inet->cork.length = 0;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 92ead3cf956b..48597538db3f 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -458,7 +458,7 @@ ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
                        mtu = IPV6_MIN_MTU;
                t->dev->mtu = mtu;
-                if ((len = sizeof (*ipv6h) + ipv6h->payload_len) > mtu) {
+                if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) {
                        rel_type = ICMPV6_PKT_TOOBIG;
                        rel_code = 0;
                        rel_info = mtu;
@@ -884,6 +884,7 @@ ip6ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p)
        t->parms.encap_limit = p->encap_limit;
        t->parms.flowinfo = p->flowinfo;
        t->parms.link = p->link;
+        ip6_tnl_dst_reset(t);
        ip6ip6_tnl_link_config(t);
        return 0;
 }
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ae86d237a456..b2d4d1dd2116 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1423,7 +1423,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
        if (err < 0) {
                x->km.state = XFRM_STATE_DEAD;
-                xfrm_state_put(x);
+                __xfrm_state_put(x);
                goto out;
        }
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 98ec53bd3ac7..8206025d8e46 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -782,7 +782,7 @@ int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
        int nx = 0;
        int err;
        u32 genid;
-        u16 family = dst_orig->ops->family;
+        u16 family;
        u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
        u32 sk_sid = security_sk_sid(sk, fl, dir);
 restart:
@@ -796,13 +796,14 @@ restart:
                if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
                        return 0;
-                policy = flow_cache_lookup(fl, sk_sid, family, dir,
+                policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family,
-                                           xfrm_policy_lookup);
+                                           dir, xfrm_policy_lookup);
        }
        if (!policy)
                return 0;
+        family = dst_orig->ops->family;
        policy->curlft.use_time = (unsigned long)xtime.tv_sec;
        switch (policy->action) {
@@ -885,8 +886,6 @@ restart:
                         * We can't enlist stable bundles either.
                         */
                        write_unlock_bh(&policy->lock);
-                        xfrm_pol_put(policy);
                        if (dst)
                                dst_free(dst);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index e12d0be5f976..c656cbaf35e8 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -220,14 +220,14 @@ static int __xfrm_state_delete(struct xfrm_state *x)
                x->km.state = XFRM_STATE_DEAD;
                spin_lock(&xfrm_state_lock);
                list_del(&x->bydst);
-                atomic_dec(&x->refcnt);
+                __xfrm_state_put(x);
                if (x->id.spi) {
                        list_del(&x->byspi);
-                        atomic_dec(&x->refcnt);
+                        __xfrm_state_put(x);
                }
                spin_unlock(&xfrm_state_lock);
                if (del_timer(&x->timer))
-                        atomic_dec(&x->refcnt);
+                        __xfrm_state_put(x);
                /* The number two in this test is the reference
                 * mentioned in the comment below plus the reference
@@ -243,7 +243,7 @@ static int __xfrm_state_delete(struct xfrm_state *x)
                 * The xfrm_state_alloc call gives a reference, and that
                 * is what we are dropping here.
                 */
-                atomic_dec(&x->refcnt);
+                __xfrm_state_put(x);
                err = 0;
        }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index ac87a09ba83e..7de17559249a 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -345,7 +345,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
        if (err < 0) {
                x->km.state = XFRM_STATE_DEAD;
-                xfrm_state_put(x);
+                __xfrm_state_put(x);
                goto out;
        }
author	John W. Linville <linville@tuxdriver.com>	2006-02-27 20:12:23 -0500
committer	John W. Linville <linville@tuxdriver.com>	2006-02-27 20:12:23 -0500
commit	9f5a405b6843933c1cae5826046a5dd6357f142a (patch)
tree	bcdbb0175d37b780551b71c40abcde964a8905eb /net
parent	b7cffb028abbffff3ba0b87268ecb775ed354049 (diff)
parent	051d3cbd96909b2fe6b5038e7bbe77f41356db05 (diff)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 6bb0c7eb1ef0..e060aad8624d 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c
@@ -90,6 +90,7 @@ static struct rtable __fake_rtable = {
90	.dev = &__fake_net_device,	90	.dev = &__fake_net_device,
91	.path = &__fake_rtable.u.dst,	91	.path = &__fake_rtable.u.dst,
92	.metrics = {[RTAX_MTU - 1] = 1500},	92	.metrics = {[RTAX_MTU - 1] = 1500},
		93	.flags = DST_NOXFRM,
93	}	94	}
94	},	95	},
95	.rt_flags = 0,	96	.rt_flags = 0,


diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 6766f118f070..2144952d1c6c 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c
@@ -411,6 +411,9 @@ struct sk_buff skb_clone(struct sk_buff skb, gfp_t gfp_mask)
411	C(pkt_type);	411	C(pkt_type);
412	C(ip_summed);	412	C(ip_summed);
413	C(priority);	413	C(priority);
		414	#if defined(CONFIG_IP_VS) \|\| defined(CONFIG_IP_VS_MODULE)
		415	C(ipvs_property);
		416	#endif
414	C(protocol);	417	C(protocol);
415	n->destructor = NULL;	418	n->destructor = NULL;
416	#ifdef CONFIG_NETFILTER	419	#ifdef CONFIG_NETFILTER
@@ -422,13 +425,6 @@ struct sk_buff skb_clone(struct sk_buff skb, gfp_t gfp_mask)
422	C(nfct_reasm);	425	C(nfct_reasm);
423	nf_conntrack_get_reasm(skb->nfct_reasm);	426	nf_conntrack_get_reasm(skb->nfct_reasm);
424	#endif	427	#endif
425	#if defined(CONFIG_IP_VS) \|\| defined(CONFIG_IP_VS_MODULE)
426	C(ipvs_property);
427	#endif
428	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
429	C(nfct_reasm);
430	nf_conntrack_get_reasm(skb->nfct_reasm);
431	#endif
432	#ifdef CONFIG_BRIDGE_NETFILTER	428	#ifdef CONFIG_BRIDGE_NETFILTER
433	C(nf_bridge);	429	C(nf_bridge);
434	nf_bridge_get(skb->nf_bridge);	430	nf_bridge_get(skb->nf_bridge);


diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c index 9890fd97e538..c971f14712ec 100644 --- a/net/ethernet/eth.c +++ b/net/ethernet/eth.c
@@ -95,6 +95,12 @@ int eth_header(struct sk_buff skb, struct net_device dev, unsigned short type,
95	saddr = dev->dev_addr;	95	saddr = dev->dev_addr;
96	memcpy(eth->h_source,saddr,dev->addr_len);	96	memcpy(eth->h_source,saddr,dev->addr_len);
97		97
		98	if(daddr)
		99	{
		100	memcpy(eth->h_dest,daddr,dev->addr_len);
		101	return ETH_HLEN;
		102	}
		103
98	/*	104	/*
99	* Anyway, the loopback-device should never use this function...	105	* Anyway, the loopback-device should never use this function...
100	*/	106	*/
@@ -105,12 +111,6 @@ int eth_header(struct sk_buff skb, struct net_device dev, unsigned short type,
105	return ETH_HLEN;	111	return ETH_HLEN;
106	}	112	}
107		113
108	if(daddr)
109	{
110	memcpy(eth->h_dest,daddr,dev->addr_len);
111	return ETH_HLEN;
112	}
113
114	return -ETH_HLEN;	114	return -ETH_HLEN;
115	}	115	}
116		116


diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index c1a61462507f..1741d555ad0d 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -434,6 +434,7 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
434	} *inside;	434	} *inside;
435	struct ip_conntrack_tuple inner, target;	435	struct ip_conntrack_tuple inner, target;
436	int hdrlen = (pskb)->nh.iph->ihl 4;	436	int hdrlen = (pskb)->nh.iph->ihl 4;
		437	unsigned long statusbit;
437		438
438	if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))	439	if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
439	return 0;	440	return 0;
@@ -495,17 +496,16 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
495		496
496	/* Change outer to look the reply to an incoming packet	497	/* Change outer to look the reply to an incoming packet
497	* (proto 0 means don't invert per-proto part). */	498	* (proto 0 means don't invert per-proto part). */
		499	if (manip == IP_NAT_MANIP_SRC)
		500	statusbit = IPS_SRC_NAT;
		501	else
		502	statusbit = IPS_DST_NAT;
498		503
499	/* Obviously, we need to NAT destination IP, but source IP	504	/* Invert if this is reply dir. */
500	should be NAT'ed only if it is from a NAT'd host.	505	if (dir == IP_CT_DIR_REPLY)
		506	statusbit ^= IPS_NAT_MASK;
501		507
502	Explanation: some people use NAT for anonymizing. Also,	508	if (ct->status & statusbit) {
503	CERT recommends dropping all packets from private IP
504	addresses (although ICMP errors from internal links with
505	such addresses are not too uncommon, as Alan Cox points
506	out) */
507	if (manip != IP_NAT_MANIP_SRC
508	\|\| ((*pskb)->nh.iph->saddr == ct->tuplehash[dir].tuple.src.ip)) {
509	invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);	509	invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
510	if (!manip_pkt(0, pskb, 0, &target, manip))	510	if (!manip_pkt(0, pskb, 0, &target, manip))
511	return 0;	511	return 0;


diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 7c3f7d380240..ab1f88fa21ec 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -200,20 +200,14 @@ ip_nat_in(unsigned int hooknum,
200	const struct net_device *out,	200	const struct net_device *out,
201	int (okfn)(struct sk_buff ))	201	int (okfn)(struct sk_buff ))
202	{	202	{
203	struct ip_conntrack *ct;
204	enum ip_conntrack_info ctinfo;
205	unsigned int ret;	203	unsigned int ret;
		204	u_int32_t daddr = (*pskb)->nh.iph->daddr;
206		205
207	ret = ip_nat_fn(hooknum, pskb, in, out, okfn);	206	ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
208	if (ret != NF_DROP && ret != NF_STOLEN	207	if (ret != NF_DROP && ret != NF_STOLEN
209	&& (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {	208	&& daddr != (*pskb)->nh.iph->daddr) {
210	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);	209	dst_release((*pskb)->dst);
211		210	(*pskb)->dst = NULL;
212	if (ct->tuplehash[dir].tuple.dst.ip !=
213	ct->tuplehash[!dir].tuple.src.ip) {
214	dst_release((*pskb)->dst);
215	(*pskb)->dst = NULL;
216	}
217	}	211	}
218	return ret;	212	return ret;
219	}	213	}
@@ -276,7 +270,7 @@ ip_nat_local_fn(unsigned int hooknum,
276	ct->tuplehash[!dir].tuple.src.ip	270	ct->tuplehash[!dir].tuple.src.ip
277	#ifdef CONFIG_XFRM	271	#ifdef CONFIG_XFRM
278	\|\| ct->tuplehash[dir].tuple.dst.u.all !=	272	\|\| ct->tuplehash[dir].tuple.dst.u.all !=
279	ct->tuplehash[dir].tuple.src.u.all	273	ct->tuplehash[!dir].tuple.src.u.all
280	#endif	274	#endif
281	)	275	)
282	return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;	276	return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;


diff --git a/net/ipv4/route.c b/net/ipv4/route.c index d82c242ea704..fca5fe0cf94a 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c
@@ -835,7 +835,7 @@ static int rt_garbage_collect(void)
835	int r;	835	int r;
836		836
837	rthp = rt_remove_balanced_route(	837	rthp = rt_remove_balanced_route(
838	&rt_hash_table[i].chain,	838	&rt_hash_table[k].chain,
839	rth,	839	rth,
840	&r);	840	&r);
841	goal -= r;	841	goal -= r;


diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 45f7ae58f2c0..f285bbf296e2 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -35,6 +35,7 @@ __xfrm4_find_bundle(struct flowi fl, struct xfrm_policy policy)
35	if (xdst->u.rt.fl.oif == fl->oif && /XXX/	35	if (xdst->u.rt.fl.oif == fl->oif && /XXX/
36	xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&	36	xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
37	xdst->u.rt.fl.fl4_src == fl->fl4_src &&	37	xdst->u.rt.fl.fl4_src == fl->fl4_src &&
		38	xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
38	xfrm_bundle_ok(xdst, fl, AF_INET)) {	39	xfrm_bundle_ok(xdst, fl, AF_INET)) {
39	dst_clone(dst);	40	dst_clone(dst);
40	break;	41	break;
@@ -61,7 +62,8 @@ __xfrm4_bundle_create(struct xfrm_policy policy, struct xfrm_state *xfrm, int
61	.nl_u = {	62	.nl_u = {
62	.ip4_u = {	63	.ip4_u = {
63	.saddr = local,	64	.saddr = local,
64	.daddr = remote	65	.daddr = remote,
		66	.tos = fl->fl4_tos
65	}	67	}
66	}	68	}
67	};	69	};
@@ -230,6 +232,7 @@ _decode_session4(struct sk_buff skb, struct flowi fl)
230	fl->proto = iph->protocol;	232	fl->proto = iph->protocol;
231	fl->fl4_dst = iph->daddr;	233	fl->fl4_dst = iph->daddr;
232	fl->fl4_src = iph->saddr;	234	fl->fl4_src = iph->saddr;
		235	fl->fl4_tos = iph->tos;
233	}	236	}
234		237
235	static inline int xfrm4_garbage_collect(void)	238	static inline int xfrm4_garbage_collect(void)


diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index efa3e72cfcfa..f999edd846a9 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c
@@ -494,6 +494,7 @@ static int ip6_fragment(struct sk_buff skb, int (output)(struct sk_buff *))
494	struct net_device *dev;	494	struct net_device *dev;
495	struct sk_buff *frag;	495	struct sk_buff *frag;
496	struct rt6_info rt = (struct rt6_info)skb->dst;	496	struct rt6_info rt = (struct rt6_info)skb->dst;
		497	struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
497	struct ipv6hdr *tmp_hdr;	498	struct ipv6hdr *tmp_hdr;
498	struct frag_hdr *fh;	499	struct frag_hdr *fh;
499	unsigned int mtu, hlen, left, len;	500	unsigned int mtu, hlen, left, len;
@@ -505,7 +506,12 @@ static int ip6_fragment(struct sk_buff skb, int (output)(struct sk_buff *))
505	hlen = ip6_find_1stfragopt(skb, &prevhdr);	506	hlen = ip6_find_1stfragopt(skb, &prevhdr);
506	nexthdr = *prevhdr;	507	nexthdr = *prevhdr;
507		508
508	mtu = dst_mtu(&rt->u.dst) - hlen - sizeof(struct frag_hdr);	509	mtu = dst_mtu(&rt->u.dst);
		510	if (np && np->frag_size < mtu) {
		511	if (np->frag_size)
		512	mtu = np->frag_size;
		513	}
		514	mtu -= hlen + sizeof(struct frag_hdr);
509		515
510	if (skb_shinfo(skb)->frag_list) {	516	if (skb_shinfo(skb)->frag_list) {
511	int first_len = skb_pagelen(skb);	517	int first_len = skb_pagelen(skb);
@@ -882,7 +888,12 @@ int ip6_append_data(struct sock sk, int getfrag(void from, char *to,
882	inet->cork.fl = *fl;	888	inet->cork.fl = *fl;
883	np->cork.hop_limit = hlimit;	889	np->cork.hop_limit = hlimit;
884	np->cork.tclass = tclass;	890	np->cork.tclass = tclass;
885	inet->cork.fragsize = mtu = dst_mtu(rt->u.dst.path);	891	mtu = dst_mtu(rt->u.dst.path);
		892	if (np && np->frag_size < mtu) {
		893	if (np->frag_size)
		894	mtu = np->frag_size;
		895	}
		896	inet->cork.fragsize = mtu;
886	if (dst_allfrag(rt->u.dst.path))	897	if (dst_allfrag(rt->u.dst.path))
887	inet->cork.flags \|= IPCORK_ALLFRAG;	898	inet->cork.flags \|= IPCORK_ALLFRAG;
888	inet->cork.length = 0;	899	inet->cork.length = 0;


diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 92ead3cf956b..48597538db3f 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c
@@ -458,7 +458,7 @@ ip6ip6_err(struct sk_buff skb, struct inet6_skb_parm opt,
458	mtu = IPV6_MIN_MTU;	458	mtu = IPV6_MIN_MTU;
459	t->dev->mtu = mtu;	459	t->dev->mtu = mtu;
460		460
461	if ((len = sizeof (*ipv6h) + ipv6h->payload_len) > mtu) {	461	if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) {
462	rel_type = ICMPV6_PKT_TOOBIG;	462	rel_type = ICMPV6_PKT_TOOBIG;
463	rel_code = 0;	463	rel_code = 0;
464	rel_info = mtu;	464	rel_info = mtu;
@@ -884,6 +884,7 @@ ip6ip6_tnl_change(struct ip6_tnl t, struct ip6_tnl_parm p)
884	t->parms.encap_limit = p->encap_limit;	884	t->parms.encap_limit = p->encap_limit;
885	t->parms.flowinfo = p->flowinfo;	885	t->parms.flowinfo = p->flowinfo;
886	t->parms.link = p->link;	886	t->parms.link = p->link;
		887	ip6_tnl_dst_reset(t);
887	ip6ip6_tnl_link_config(t);	888	ip6ip6_tnl_link_config(t);
888	return 0;	889	return 0;
889	}	890	}


diff --git a/net/key/af_key.c b/net/key/af_key.c index ae86d237a456..b2d4d1dd2116 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -1423,7 +1423,7 @@ static int pfkey_add(struct sock sk, struct sk_buff skb, struct sadb_msg *hdr,
1423		1423
1424	if (err < 0) {	1424	if (err < 0) {
1425	x->km.state = XFRM_STATE_DEAD;	1425	x->km.state = XFRM_STATE_DEAD;
1426	xfrm_state_put(x);	1426	__xfrm_state_put(x);
1427	goto out;	1427	goto out;
1428	}	1428	}
1429		1429


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 98ec53bd3ac7..8206025d8e46 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -782,7 +782,7 @@ int xfrm_lookup(struct dst_entry *dst_p, struct flowi fl,
782	int nx = 0;	782	int nx = 0;
783	int err;	783	int err;
784	u32 genid;	784	u32 genid;
785	u16 family = dst_orig->ops->family;	785	u16 family;
786	u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);	786	u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
787	u32 sk_sid = security_sk_sid(sk, fl, dir);	787	u32 sk_sid = security_sk_sid(sk, fl, dir);
788	restart:	788	restart:
@@ -796,13 +796,14 @@ restart:
796	if ((dst_orig->flags & DST_NOXFRM) \|\| !xfrm_policy_list[XFRM_POLICY_OUT])	796	if ((dst_orig->flags & DST_NOXFRM) \|\| !xfrm_policy_list[XFRM_POLICY_OUT])
797	return 0;	797	return 0;
798		798
799	policy = flow_cache_lookup(fl, sk_sid, family, dir,	799	policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family,
800	xfrm_policy_lookup);	800	dir, xfrm_policy_lookup);
801	}	801	}
802		802
803	if (!policy)	803	if (!policy)
804	return 0;	804	return 0;
805		805
		806	family = dst_orig->ops->family;
806	policy->curlft.use_time = (unsigned long)xtime.tv_sec;	807	policy->curlft.use_time = (unsigned long)xtime.tv_sec;
807		808
808	switch (policy->action) {	809	switch (policy->action) {
@@ -885,8 +886,6 @@ restart:
885	* We can't enlist stable bundles either.	886	* We can't enlist stable bundles either.
886	*/	887	*/
887	write_unlock_bh(&policy->lock);	888	write_unlock_bh(&policy->lock);
888
889	xfrm_pol_put(policy);
890	if (dst)	889	if (dst)
891	dst_free(dst);	890	dst_free(dst);
892		891


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index e12d0be5f976..c656cbaf35e8 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -220,14 +220,14 @@ static int __xfrm_state_delete(struct xfrm_state *x)
220	x->km.state = XFRM_STATE_DEAD;	220	x->km.state = XFRM_STATE_DEAD;
221	spin_lock(&xfrm_state_lock);	221	spin_lock(&xfrm_state_lock);
222	list_del(&x->bydst);	222	list_del(&x->bydst);
223	atomic_dec(&x->refcnt);	223	__xfrm_state_put(x);
224	if (x->id.spi) {	224	if (x->id.spi) {
225	list_del(&x->byspi);	225	list_del(&x->byspi);
226	atomic_dec(&x->refcnt);	226	__xfrm_state_put(x);
227	}	227	}
228	spin_unlock(&xfrm_state_lock);	228	spin_unlock(&xfrm_state_lock);
229	if (del_timer(&x->timer))	229	if (del_timer(&x->timer))
230	atomic_dec(&x->refcnt);	230	__xfrm_state_put(x);
231		231
232	/* The number two in this test is the reference	232	/* The number two in this test is the reference
233	* mentioned in the comment below plus the reference	233	* mentioned in the comment below plus the reference
@@ -243,7 +243,7 @@ static int __xfrm_state_delete(struct xfrm_state *x)
243	* The xfrm_state_alloc call gives a reference, and that	243	* The xfrm_state_alloc call gives a reference, and that
244	* is what we are dropping here.	244	* is what we are dropping here.
245	*/	245	*/
246	atomic_dec(&x->refcnt);	246	__xfrm_state_put(x);
247	err = 0;	247	err = 0;
248	}	248	}
249		249


diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ac87a09ba83e..7de17559249a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c
@@ -345,7 +345,7 @@ static int xfrm_add_sa(struct sk_buff skb, struct nlmsghdr nlh, void **xfrma)
345		345
346	if (err < 0) {	346	if (err < 0) {
347	x->km.state = XFRM_STATE_DEAD;	347	x->km.state = XFRM_STATE_DEAD;
348	xfrm_state_put(x);	348	__xfrm_state_put(x);
349	goto out;	349	goto out;
350	}	350	}
351		351