diff options
-rw-r--r-- | Documentation/feature-removal-schedule.txt | 16 | ||||
-rw-r--r-- | drivers/net/tg3.c | 116 | ||||
-rw-r--r-- | include/linux/netfilter_bridge.h | 2 | ||||
-rw-r--r-- | net/bridge/br_netfilter.c | 5 | ||||
-rw-r--r-- | net/ipv4/ip_input.c | 2 | ||||
-rw-r--r-- | net/ipv4/ipmr.c | 19 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_helper_h323.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_snmp_basic.c | 4 | ||||
-rw-r--r-- | net/ipv4/raw.c | 1 | ||||
-rw-r--r-- | net/ipv6/ip6_input.c | 2 | ||||
-rw-r--r-- | net/ipv6/raw.c | 1 | ||||
-rw-r--r-- | net/netfilter/Kconfig | 4 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 4 | ||||
-rw-r--r-- | net/netfilter/nf_queue.c | 9 | ||||
-rw-r--r-- | net/netfilter/xt_physdev.c | 15 | ||||
-rw-r--r-- | net/netfilter/xt_pkttype.c | 12 |
17 files changed, 167 insertions, 51 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt index 9d3a0775a11d..87851efb0228 100644 --- a/Documentation/feature-removal-schedule.txt +++ b/Documentation/feature-removal-schedule.txt | |||
@@ -258,3 +258,19 @@ Why: These drivers never compiled since they were added to the kernel | |||
258 | Who: Jean Delvare <khali@linux-fr.org> | 258 | Who: Jean Delvare <khali@linux-fr.org> |
259 | 259 | ||
260 | --------------------------- | 260 | --------------------------- |
261 | |||
262 | What: Bridge netfilter deferred IPv4/IPv6 output hook calling | ||
263 | When: January 2007 | ||
264 | Why: The deferred output hooks are a layering violation causing unusual | ||
265 | and broken behaviour on bridge devices. Examples of things they | ||
266 | break include QoS classifation using the MARK or CLASSIFY targets, | ||
267 | the IPsec policy match and connection tracking with VLANs on a | ||
268 | bridge. Their only use is to enable bridge output port filtering | ||
269 | within iptables with the physdev match, which can also be done by | ||
270 | combining iptables and ebtables using netfilter marks. Until it | ||
271 | will get removed the hook deferral is disabled by default and is | ||
272 | only enabled when needed. | ||
273 | |||
274 | Who: Patrick McHardy <kaber@trash.net> | ||
275 | |||
276 | --------------------------- | ||
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c index ce6f3be86da0..1b8138f641e3 100644 --- a/drivers/net/tg3.c +++ b/drivers/net/tg3.c | |||
@@ -68,8 +68,8 @@ | |||
68 | 68 | ||
69 | #define DRV_MODULE_NAME "tg3" | 69 | #define DRV_MODULE_NAME "tg3" |
70 | #define PFX DRV_MODULE_NAME ": " | 70 | #define PFX DRV_MODULE_NAME ": " |
71 | #define DRV_MODULE_VERSION "3.62" | 71 | #define DRV_MODULE_VERSION "3.63" |
72 | #define DRV_MODULE_RELDATE "June 30, 2006" | 72 | #define DRV_MODULE_RELDATE "July 25, 2006" |
73 | 73 | ||
74 | #define TG3_DEF_MAC_MODE 0 | 74 | #define TG3_DEF_MAC_MODE 0 |
75 | #define TG3_DEF_RX_MODE 0 | 75 | #define TG3_DEF_RX_MODE 0 |
@@ -3590,6 +3590,28 @@ static irqreturn_t tg3_test_isr(int irq, void *dev_id, | |||
3590 | static int tg3_init_hw(struct tg3 *, int); | 3590 | static int tg3_init_hw(struct tg3 *, int); |
3591 | static int tg3_halt(struct tg3 *, int, int); | 3591 | static int tg3_halt(struct tg3 *, int, int); |
3592 | 3592 | ||
3593 | /* Restart hardware after configuration changes, self-test, etc. | ||
3594 | * Invoked with tp->lock held. | ||
3595 | */ | ||
3596 | static int tg3_restart_hw(struct tg3 *tp, int reset_phy) | ||
3597 | { | ||
3598 | int err; | ||
3599 | |||
3600 | err = tg3_init_hw(tp, reset_phy); | ||
3601 | if (err) { | ||
3602 | printk(KERN_ERR PFX "%s: Failed to re-initialize device, " | ||
3603 | "aborting.\n", tp->dev->name); | ||
3604 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); | ||
3605 | tg3_full_unlock(tp); | ||
3606 | del_timer_sync(&tp->timer); | ||
3607 | tp->irq_sync = 0; | ||
3608 | netif_poll_enable(tp->dev); | ||
3609 | dev_close(tp->dev); | ||
3610 | tg3_full_lock(tp, 0); | ||
3611 | } | ||
3612 | return err; | ||
3613 | } | ||
3614 | |||
3593 | #ifdef CONFIG_NET_POLL_CONTROLLER | 3615 | #ifdef CONFIG_NET_POLL_CONTROLLER |
3594 | static void tg3_poll_controller(struct net_device *dev) | 3616 | static void tg3_poll_controller(struct net_device *dev) |
3595 | { | 3617 | { |
@@ -3630,13 +3652,15 @@ static void tg3_reset_task(void *_data) | |||
3630 | } | 3652 | } |
3631 | 3653 | ||
3632 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 0); | 3654 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 0); |
3633 | tg3_init_hw(tp, 1); | 3655 | if (tg3_init_hw(tp, 1)) |
3656 | goto out; | ||
3634 | 3657 | ||
3635 | tg3_netif_start(tp); | 3658 | tg3_netif_start(tp); |
3636 | 3659 | ||
3637 | if (restart_timer) | 3660 | if (restart_timer) |
3638 | mod_timer(&tp->timer, jiffies + 1); | 3661 | mod_timer(&tp->timer, jiffies + 1); |
3639 | 3662 | ||
3663 | out: | ||
3640 | tp->tg3_flags &= ~TG3_FLAG_IN_RESET_TASK; | 3664 | tp->tg3_flags &= ~TG3_FLAG_IN_RESET_TASK; |
3641 | 3665 | ||
3642 | tg3_full_unlock(tp); | 3666 | tg3_full_unlock(tp); |
@@ -4124,6 +4148,7 @@ static inline void tg3_set_mtu(struct net_device *dev, struct tg3 *tp, | |||
4124 | static int tg3_change_mtu(struct net_device *dev, int new_mtu) | 4148 | static int tg3_change_mtu(struct net_device *dev, int new_mtu) |
4125 | { | 4149 | { |
4126 | struct tg3 *tp = netdev_priv(dev); | 4150 | struct tg3 *tp = netdev_priv(dev); |
4151 | int err; | ||
4127 | 4152 | ||
4128 | if (new_mtu < TG3_MIN_MTU || new_mtu > TG3_MAX_MTU(tp)) | 4153 | if (new_mtu < TG3_MIN_MTU || new_mtu > TG3_MAX_MTU(tp)) |
4129 | return -EINVAL; | 4154 | return -EINVAL; |
@@ -4144,13 +4169,14 @@ static int tg3_change_mtu(struct net_device *dev, int new_mtu) | |||
4144 | 4169 | ||
4145 | tg3_set_mtu(dev, tp, new_mtu); | 4170 | tg3_set_mtu(dev, tp, new_mtu); |
4146 | 4171 | ||
4147 | tg3_init_hw(tp, 0); | 4172 | err = tg3_restart_hw(tp, 0); |
4148 | 4173 | ||
4149 | tg3_netif_start(tp); | 4174 | if (!err) |
4175 | tg3_netif_start(tp); | ||
4150 | 4176 | ||
4151 | tg3_full_unlock(tp); | 4177 | tg3_full_unlock(tp); |
4152 | 4178 | ||
4153 | return 0; | 4179 | return err; |
4154 | } | 4180 | } |
4155 | 4181 | ||
4156 | /* Free up pending packets in all rx/tx rings. | 4182 | /* Free up pending packets in all rx/tx rings. |
@@ -4232,7 +4258,7 @@ static void tg3_free_rings(struct tg3 *tp) | |||
4232 | * end up in the driver. tp->{tx,}lock are held and thus | 4258 | * end up in the driver. tp->{tx,}lock are held and thus |
4233 | * we may not sleep. | 4259 | * we may not sleep. |
4234 | */ | 4260 | */ |
4235 | static void tg3_init_rings(struct tg3 *tp) | 4261 | static int tg3_init_rings(struct tg3 *tp) |
4236 | { | 4262 | { |
4237 | u32 i; | 4263 | u32 i; |
4238 | 4264 | ||
@@ -4281,18 +4307,38 @@ static void tg3_init_rings(struct tg3 *tp) | |||
4281 | 4307 | ||
4282 | /* Now allocate fresh SKBs for each rx ring. */ | 4308 | /* Now allocate fresh SKBs for each rx ring. */ |
4283 | for (i = 0; i < tp->rx_pending; i++) { | 4309 | for (i = 0; i < tp->rx_pending; i++) { |
4284 | if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_STD, | 4310 | if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_STD, -1, i) < 0) { |
4285 | -1, i) < 0) | 4311 | printk(KERN_WARNING PFX |
4312 | "%s: Using a smaller RX standard ring, " | ||
4313 | "only %d out of %d buffers were allocated " | ||
4314 | "successfully.\n", | ||
4315 | tp->dev->name, i, tp->rx_pending); | ||
4316 | if (i == 0) | ||
4317 | return -ENOMEM; | ||
4318 | tp->rx_pending = i; | ||
4286 | break; | 4319 | break; |
4320 | } | ||
4287 | } | 4321 | } |
4288 | 4322 | ||
4289 | if (tp->tg3_flags & TG3_FLAG_JUMBO_RING_ENABLE) { | 4323 | if (tp->tg3_flags & TG3_FLAG_JUMBO_RING_ENABLE) { |
4290 | for (i = 0; i < tp->rx_jumbo_pending; i++) { | 4324 | for (i = 0; i < tp->rx_jumbo_pending; i++) { |
4291 | if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_JUMBO, | 4325 | if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_JUMBO, |
4292 | -1, i) < 0) | 4326 | -1, i) < 0) { |
4327 | printk(KERN_WARNING PFX | ||
4328 | "%s: Using a smaller RX jumbo ring, " | ||
4329 | "only %d out of %d buffers were " | ||
4330 | "allocated successfully.\n", | ||
4331 | tp->dev->name, i, tp->rx_jumbo_pending); | ||
4332 | if (i == 0) { | ||
4333 | tg3_free_rings(tp); | ||
4334 | return -ENOMEM; | ||
4335 | } | ||
4336 | tp->rx_jumbo_pending = i; | ||
4293 | break; | 4337 | break; |
4338 | } | ||
4294 | } | 4339 | } |
4295 | } | 4340 | } |
4341 | return 0; | ||
4296 | } | 4342 | } |
4297 | 4343 | ||
4298 | /* | 4344 | /* |
@@ -5815,6 +5861,7 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p) | |||
5815 | { | 5861 | { |
5816 | struct tg3 *tp = netdev_priv(dev); | 5862 | struct tg3 *tp = netdev_priv(dev); |
5817 | struct sockaddr *addr = p; | 5863 | struct sockaddr *addr = p; |
5864 | int err = 0; | ||
5818 | 5865 | ||
5819 | if (!is_valid_ether_addr(addr->sa_data)) | 5866 | if (!is_valid_ether_addr(addr->sa_data)) |
5820 | return -EINVAL; | 5867 | return -EINVAL; |
@@ -5832,9 +5879,9 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p) | |||
5832 | tg3_full_lock(tp, 1); | 5879 | tg3_full_lock(tp, 1); |
5833 | 5880 | ||
5834 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); | 5881 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); |
5835 | tg3_init_hw(tp, 0); | 5882 | err = tg3_restart_hw(tp, 0); |
5836 | 5883 | if (!err) | |
5837 | tg3_netif_start(tp); | 5884 | tg3_netif_start(tp); |
5838 | tg3_full_unlock(tp); | 5885 | tg3_full_unlock(tp); |
5839 | } else { | 5886 | } else { |
5840 | spin_lock_bh(&tp->lock); | 5887 | spin_lock_bh(&tp->lock); |
@@ -5842,7 +5889,7 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p) | |||
5842 | spin_unlock_bh(&tp->lock); | 5889 | spin_unlock_bh(&tp->lock); |
5843 | } | 5890 | } |
5844 | 5891 | ||
5845 | return 0; | 5892 | return err; |
5846 | } | 5893 | } |
5847 | 5894 | ||
5848 | /* tp->lock is held. */ | 5895 | /* tp->lock is held. */ |
@@ -5942,7 +5989,9 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy) | |||
5942 | * can only do this after the hardware has been | 5989 | * can only do this after the hardware has been |
5943 | * successfully reset. | 5990 | * successfully reset. |
5944 | */ | 5991 | */ |
5945 | tg3_init_rings(tp); | 5992 | err = tg3_init_rings(tp); |
5993 | if (err) | ||
5994 | return err; | ||
5946 | 5995 | ||
5947 | /* This value is determined during the probe time DMA | 5996 | /* This value is determined during the probe time DMA |
5948 | * engine test, tg3_test_dma. | 5997 | * engine test, tg3_test_dma. |
@@ -7956,7 +8005,7 @@ static void tg3_get_ringparam(struct net_device *dev, struct ethtool_ringparam * | |||
7956 | static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *ering) | 8005 | static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *ering) |
7957 | { | 8006 | { |
7958 | struct tg3 *tp = netdev_priv(dev); | 8007 | struct tg3 *tp = netdev_priv(dev); |
7959 | int irq_sync = 0; | 8008 | int irq_sync = 0, err = 0; |
7960 | 8009 | ||
7961 | if ((ering->rx_pending > TG3_RX_RING_SIZE - 1) || | 8010 | if ((ering->rx_pending > TG3_RX_RING_SIZE - 1) || |
7962 | (ering->rx_jumbo_pending > TG3_RX_JUMBO_RING_SIZE - 1) || | 8011 | (ering->rx_jumbo_pending > TG3_RX_JUMBO_RING_SIZE - 1) || |
@@ -7980,13 +8029,14 @@ static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *e | |||
7980 | 8029 | ||
7981 | if (netif_running(dev)) { | 8030 | if (netif_running(dev)) { |
7982 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); | 8031 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); |
7983 | tg3_init_hw(tp, 1); | 8032 | err = tg3_restart_hw(tp, 1); |
7984 | tg3_netif_start(tp); | 8033 | if (!err) |
8034 | tg3_netif_start(tp); | ||
7985 | } | 8035 | } |
7986 | 8036 | ||
7987 | tg3_full_unlock(tp); | 8037 | tg3_full_unlock(tp); |
7988 | 8038 | ||
7989 | return 0; | 8039 | return err; |
7990 | } | 8040 | } |
7991 | 8041 | ||
7992 | static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause) | 8042 | static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause) |
@@ -8001,7 +8051,7 @@ static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam | |||
8001 | static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause) | 8051 | static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause) |
8002 | { | 8052 | { |
8003 | struct tg3 *tp = netdev_priv(dev); | 8053 | struct tg3 *tp = netdev_priv(dev); |
8004 | int irq_sync = 0; | 8054 | int irq_sync = 0, err = 0; |
8005 | 8055 | ||
8006 | if (netif_running(dev)) { | 8056 | if (netif_running(dev)) { |
8007 | tg3_netif_stop(tp); | 8057 | tg3_netif_stop(tp); |
@@ -8025,13 +8075,14 @@ static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam | |||
8025 | 8075 | ||
8026 | if (netif_running(dev)) { | 8076 | if (netif_running(dev)) { |
8027 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); | 8077 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); |
8028 | tg3_init_hw(tp, 1); | 8078 | err = tg3_restart_hw(tp, 1); |
8029 | tg3_netif_start(tp); | 8079 | if (!err) |
8080 | tg3_netif_start(tp); | ||
8030 | } | 8081 | } |
8031 | 8082 | ||
8032 | tg3_full_unlock(tp); | 8083 | tg3_full_unlock(tp); |
8033 | 8084 | ||
8034 | return 0; | 8085 | return err; |
8035 | } | 8086 | } |
8036 | 8087 | ||
8037 | static u32 tg3_get_rx_csum(struct net_device *dev) | 8088 | static u32 tg3_get_rx_csum(struct net_device *dev) |
@@ -8666,7 +8717,9 @@ static int tg3_test_loopback(struct tg3 *tp) | |||
8666 | if (!netif_running(tp->dev)) | 8717 | if (!netif_running(tp->dev)) |
8667 | return TG3_LOOPBACK_FAILED; | 8718 | return TG3_LOOPBACK_FAILED; |
8668 | 8719 | ||
8669 | tg3_reset_hw(tp, 1); | 8720 | err = tg3_reset_hw(tp, 1); |
8721 | if (err) | ||
8722 | return TG3_LOOPBACK_FAILED; | ||
8670 | 8723 | ||
8671 | if (tg3_run_loopback(tp, TG3_MAC_LOOPBACK)) | 8724 | if (tg3_run_loopback(tp, TG3_MAC_LOOPBACK)) |
8672 | err |= TG3_MAC_LOOPBACK_FAILED; | 8725 | err |= TG3_MAC_LOOPBACK_FAILED; |
@@ -8740,8 +8793,8 @@ static void tg3_self_test(struct net_device *dev, struct ethtool_test *etest, | |||
8740 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); | 8793 | tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); |
8741 | if (netif_running(dev)) { | 8794 | if (netif_running(dev)) { |
8742 | tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; | 8795 | tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; |
8743 | tg3_init_hw(tp, 1); | 8796 | if (!tg3_restart_hw(tp, 1)) |
8744 | tg3_netif_start(tp); | 8797 | tg3_netif_start(tp); |
8745 | } | 8798 | } |
8746 | 8799 | ||
8747 | tg3_full_unlock(tp); | 8800 | tg3_full_unlock(tp); |
@@ -11699,7 +11752,8 @@ static int tg3_suspend(struct pci_dev *pdev, pm_message_t state) | |||
11699 | tg3_full_lock(tp, 0); | 11752 | tg3_full_lock(tp, 0); |
11700 | 11753 | ||
11701 | tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; | 11754 | tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; |
11702 | tg3_init_hw(tp, 1); | 11755 | if (tg3_restart_hw(tp, 1)) |
11756 | goto out; | ||
11703 | 11757 | ||
11704 | tp->timer.expires = jiffies + tp->timer_offset; | 11758 | tp->timer.expires = jiffies + tp->timer_offset; |
11705 | add_timer(&tp->timer); | 11759 | add_timer(&tp->timer); |
@@ -11707,6 +11761,7 @@ static int tg3_suspend(struct pci_dev *pdev, pm_message_t state) | |||
11707 | netif_device_attach(dev); | 11761 | netif_device_attach(dev); |
11708 | tg3_netif_start(tp); | 11762 | tg3_netif_start(tp); |
11709 | 11763 | ||
11764 | out: | ||
11710 | tg3_full_unlock(tp); | 11765 | tg3_full_unlock(tp); |
11711 | } | 11766 | } |
11712 | 11767 | ||
@@ -11733,16 +11788,19 @@ static int tg3_resume(struct pci_dev *pdev) | |||
11733 | tg3_full_lock(tp, 0); | 11788 | tg3_full_lock(tp, 0); |
11734 | 11789 | ||
11735 | tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; | 11790 | tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; |
11736 | tg3_init_hw(tp, 1); | 11791 | err = tg3_restart_hw(tp, 1); |
11792 | if (err) | ||
11793 | goto out; | ||
11737 | 11794 | ||
11738 | tp->timer.expires = jiffies + tp->timer_offset; | 11795 | tp->timer.expires = jiffies + tp->timer_offset; |
11739 | add_timer(&tp->timer); | 11796 | add_timer(&tp->timer); |
11740 | 11797 | ||
11741 | tg3_netif_start(tp); | 11798 | tg3_netif_start(tp); |
11742 | 11799 | ||
11800 | out: | ||
11743 | tg3_full_unlock(tp); | 11801 | tg3_full_unlock(tp); |
11744 | 11802 | ||
11745 | return 0; | 11803 | return err; |
11746 | } | 11804 | } |
11747 | 11805 | ||
11748 | static struct pci_driver tg3_driver = { | 11806 | static struct pci_driver tg3_driver = { |
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index 87764022cc67..31f02ba036ce 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h | |||
@@ -79,6 +79,8 @@ struct bridge_skb_cb { | |||
79 | __u32 ipv4; | 79 | __u32 ipv4; |
80 | } daddr; | 80 | } daddr; |
81 | }; | 81 | }; |
82 | |||
83 | extern int brnf_deferred_hooks; | ||
82 | #endif /* CONFIG_BRIDGE_NETFILTER */ | 84 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
83 | 85 | ||
84 | #endif /* __KERNEL__ */ | 86 | #endif /* __KERNEL__ */ |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index cbc8a389a0a8..05b3de888243 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -61,6 +61,9 @@ static int brnf_filter_vlan_tagged = 1; | |||
61 | #define brnf_filter_vlan_tagged 1 | 61 | #define brnf_filter_vlan_tagged 1 |
62 | #endif | 62 | #endif |
63 | 63 | ||
64 | int brnf_deferred_hooks; | ||
65 | EXPORT_SYMBOL_GPL(brnf_deferred_hooks); | ||
66 | |||
64 | static __be16 inline vlan_proto(const struct sk_buff *skb) | 67 | static __be16 inline vlan_proto(const struct sk_buff *skb) |
65 | { | 68 | { |
66 | return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; | 69 | return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; |
@@ -890,6 +893,8 @@ static unsigned int ip_sabotage_out(unsigned int hook, struct sk_buff **pskb, | |||
890 | return NF_ACCEPT; | 893 | return NF_ACCEPT; |
891 | else if (ip->version == 6 && !brnf_call_ip6tables) | 894 | else if (ip->version == 6 && !brnf_call_ip6tables) |
892 | return NF_ACCEPT; | 895 | return NF_ACCEPT; |
896 | else if (!brnf_deferred_hooks) | ||
897 | return NF_ACCEPT; | ||
893 | #endif | 898 | #endif |
894 | if (hook == NF_IP_POST_ROUTING) | 899 | if (hook == NF_IP_POST_ROUTING) |
895 | return NF_ACCEPT; | 900 | return NF_ACCEPT; |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 184c78ca79e6..212734ca238f 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -429,7 +429,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, | |||
429 | } | 429 | } |
430 | 430 | ||
431 | /* Remove any debris in the socket control block */ | 431 | /* Remove any debris in the socket control block */ |
432 | memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); | 432 | memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); |
433 | 433 | ||
434 | return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, | 434 | return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, |
435 | ip_rcv_finish); | 435 | ip_rcv_finish); |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index 9ccacf57f08b..85893eef6b16 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c | |||
@@ -1578,6 +1578,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait) | |||
1578 | cache = ipmr_cache_find(rt->rt_src, rt->rt_dst); | 1578 | cache = ipmr_cache_find(rt->rt_src, rt->rt_dst); |
1579 | 1579 | ||
1580 | if (cache==NULL) { | 1580 | if (cache==NULL) { |
1581 | struct sk_buff *skb2; | ||
1581 | struct net_device *dev; | 1582 | struct net_device *dev; |
1582 | int vif; | 1583 | int vif; |
1583 | 1584 | ||
@@ -1591,12 +1592,18 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait) | |||
1591 | read_unlock(&mrt_lock); | 1592 | read_unlock(&mrt_lock); |
1592 | return -ENODEV; | 1593 | return -ENODEV; |
1593 | } | 1594 | } |
1594 | skb->nh.raw = skb_push(skb, sizeof(struct iphdr)); | 1595 | skb2 = skb_clone(skb, GFP_ATOMIC); |
1595 | skb->nh.iph->ihl = sizeof(struct iphdr)>>2; | 1596 | if (!skb2) { |
1596 | skb->nh.iph->saddr = rt->rt_src; | 1597 | read_unlock(&mrt_lock); |
1597 | skb->nh.iph->daddr = rt->rt_dst; | 1598 | return -ENOMEM; |
1598 | skb->nh.iph->version = 0; | 1599 | } |
1599 | err = ipmr_cache_unresolved(vif, skb); | 1600 | |
1601 | skb2->nh.raw = skb_push(skb2, sizeof(struct iphdr)); | ||
1602 | skb2->nh.iph->ihl = sizeof(struct iphdr)>>2; | ||
1603 | skb2->nh.iph->saddr = rt->rt_src; | ||
1604 | skb2->nh.iph->daddr = rt->rt_dst; | ||
1605 | skb2->nh.iph->version = 0; | ||
1606 | err = ipmr_cache_unresolved(vif, skb2); | ||
1600 | read_unlock(&mrt_lock); | 1607 | read_unlock(&mrt_lock); |
1601 | return err; | 1608 | return err; |
1602 | } | 1609 | } |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c index af35235672d5..9a39e2969712 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c | |||
@@ -1200,7 +1200,7 @@ static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct, | |||
1200 | tuple.dst.protonum = IPPROTO_TCP; | 1200 | tuple.dst.protonum = IPPROTO_TCP; |
1201 | 1201 | ||
1202 | exp = __ip_conntrack_expect_find(&tuple); | 1202 | exp = __ip_conntrack_expect_find(&tuple); |
1203 | if (exp->master == ct) | 1203 | if (exp && exp->master == ct) |
1204 | return exp; | 1204 | return exp; |
1205 | return NULL; | 1205 | return NULL; |
1206 | } | 1206 | } |
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 7bd3c22003a2..7a9fa04a467a 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
@@ -534,6 +534,8 @@ static struct nf_hook_ops ip_conntrack_ops[] = { | |||
534 | 534 | ||
535 | /* Sysctl support */ | 535 | /* Sysctl support */ |
536 | 536 | ||
537 | int ip_conntrack_checksum = 1; | ||
538 | |||
537 | #ifdef CONFIG_SYSCTL | 539 | #ifdef CONFIG_SYSCTL |
538 | 540 | ||
539 | /* From ip_conntrack_core.c */ | 541 | /* From ip_conntrack_core.c */ |
@@ -568,8 +570,6 @@ extern unsigned int ip_ct_generic_timeout; | |||
568 | static int log_invalid_proto_min = 0; | 570 | static int log_invalid_proto_min = 0; |
569 | static int log_invalid_proto_max = 255; | 571 | static int log_invalid_proto_max = 255; |
570 | 572 | ||
571 | int ip_conntrack_checksum = 1; | ||
572 | |||
573 | static struct ctl_table_header *ip_ct_sysctl_header; | 573 | static struct ctl_table_header *ip_ct_sysctl_header; |
574 | 574 | ||
575 | static ctl_table ip_ct_sysctl_table[] = { | 575 | static ctl_table ip_ct_sysctl_table[] = { |
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c index 0b1b416759cc..18b7fbdccb61 100644 --- a/net/ipv4/netfilter/ip_nat_snmp_basic.c +++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c | |||
@@ -1255,9 +1255,9 @@ static int help(struct sk_buff **pskb, | |||
1255 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); | 1255 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); |
1256 | 1256 | ||
1257 | /* SNMP replies and originating SNMP traps get mangled */ | 1257 | /* SNMP replies and originating SNMP traps get mangled */ |
1258 | if (udph->source == ntohs(SNMP_PORT) && dir != IP_CT_DIR_REPLY) | 1258 | if (udph->source == htons(SNMP_PORT) && dir != IP_CT_DIR_REPLY) |
1259 | return NF_ACCEPT; | 1259 | return NF_ACCEPT; |
1260 | if (udph->dest == ntohs(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL) | 1260 | if (udph->dest == htons(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL) |
1261 | return NF_ACCEPT; | 1261 | return NF_ACCEPT; |
1262 | 1262 | ||
1263 | /* No NAT? */ | 1263 | /* No NAT? */ |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index bd221ec3f81e..62b2762a2420 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
@@ -609,6 +609,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, | |||
609 | if (sin) { | 609 | if (sin) { |
610 | sin->sin_family = AF_INET; | 610 | sin->sin_family = AF_INET; |
611 | sin->sin_addr.s_addr = skb->nh.iph->saddr; | 611 | sin->sin_addr.s_addr = skb->nh.iph->saddr; |
612 | sin->sin_port = 0; | ||
612 | memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); | 613 | memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); |
613 | } | 614 | } |
614 | if (inet->cmsg_flags) | 615 | if (inet->cmsg_flags) |
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index df8f051c0fce..25c2a9e03895 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c | |||
@@ -71,6 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt | |||
71 | goto out; | 71 | goto out; |
72 | } | 72 | } |
73 | 73 | ||
74 | memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm)); | ||
75 | |||
74 | /* | 76 | /* |
75 | * Store incoming device index. When the packet will | 77 | * Store incoming device index. When the packet will |
76 | * be queued, we cannot refer to skb->dev anymore. | 78 | * be queued, we cannot refer to skb->dev anymore. |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index fa1ce0ae123e..d57e61ce4a7d 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c | |||
@@ -411,6 +411,7 @@ static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk, | |||
411 | /* Copy the address. */ | 411 | /* Copy the address. */ |
412 | if (sin6) { | 412 | if (sin6) { |
413 | sin6->sin6_family = AF_INET6; | 413 | sin6->sin6_family = AF_INET6; |
414 | sin6->sin6_port = 0; | ||
414 | ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr); | 415 | ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr); |
415 | sin6->sin6_flowinfo = 0; | 416 | sin6->sin6_flowinfo = 0; |
416 | sin6->sin6_scope_id = 0; | 417 | sin6->sin6_scope_id = 0; |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 42a178aa30f9..a9894ddfd72a 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
@@ -386,8 +386,8 @@ config NETFILTER_XT_MATCH_REALM | |||
386 | <file:Documentation/modules.txt>. If unsure, say `N'. | 386 | <file:Documentation/modules.txt>. If unsure, say `N'. |
387 | 387 | ||
388 | config NETFILTER_XT_MATCH_SCTP | 388 | config NETFILTER_XT_MATCH_SCTP |
389 | tristate '"sctp" protocol match support' | 389 | tristate '"sctp" protocol match support (EXPERIMENTAL)' |
390 | depends on NETFILTER_XTABLES | 390 | depends on NETFILTER_XTABLES && EXPERIMENTAL |
391 | help | 391 | help |
392 | With this option enabled, you will be able to use the | 392 | With this option enabled, you will be able to use the |
393 | `sctp' match in order to match on SCTP source/destination ports | 393 | `sctp' match in order to match on SCTP source/destination ports |
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 5fcab2ef231f..4ef836699962 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
@@ -428,6 +428,8 @@ static struct file_operations ct_cpu_seq_fops = { | |||
428 | 428 | ||
429 | /* Sysctl support */ | 429 | /* Sysctl support */ |
430 | 430 | ||
431 | int nf_conntrack_checksum = 1; | ||
432 | |||
431 | #ifdef CONFIG_SYSCTL | 433 | #ifdef CONFIG_SYSCTL |
432 | 434 | ||
433 | /* From nf_conntrack_core.c */ | 435 | /* From nf_conntrack_core.c */ |
@@ -459,8 +461,6 @@ extern unsigned int nf_ct_generic_timeout; | |||
459 | static int log_invalid_proto_min = 0; | 461 | static int log_invalid_proto_min = 0; |
460 | static int log_invalid_proto_max = 255; | 462 | static int log_invalid_proto_max = 255; |
461 | 463 | ||
462 | int nf_conntrack_checksum = 1; | ||
463 | |||
464 | static struct ctl_table_header *nf_ct_sysctl_header; | 464 | static struct ctl_table_header *nf_ct_sysctl_header; |
465 | 465 | ||
466 | static ctl_table nf_ct_sysctl_table[] = { | 466 | static ctl_table nf_ct_sysctl_table[] = { |
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index bb6fcee452ca..662a869593bf 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
219 | 219 | ||
220 | switch (verdict & NF_VERDICT_MASK) { | 220 | switch (verdict & NF_VERDICT_MASK) { |
221 | case NF_ACCEPT: | 221 | case NF_ACCEPT: |
222 | case NF_STOP: | ||
222 | info->okfn(skb); | 223 | info->okfn(skb); |
224 | case NF_STOLEN: | ||
223 | break; | 225 | break; |
224 | |||
225 | case NF_QUEUE: | 226 | case NF_QUEUE: |
226 | if (!nf_queue(&skb, elem, info->pf, info->hook, | 227 | if (!nf_queue(&skb, elem, info->pf, info->hook, |
227 | info->indev, info->outdev, info->okfn, | 228 | info->indev, info->outdev, info->okfn, |
228 | verdict >> NF_VERDICT_BITS)) | 229 | verdict >> NF_VERDICT_BITS)) |
229 | goto next_hook; | 230 | goto next_hook; |
230 | break; | 231 | break; |
232 | default: | ||
233 | kfree_skb(skb); | ||
231 | } | 234 | } |
232 | rcu_read_unlock(); | 235 | rcu_read_unlock(); |
233 | |||
234 | if (verdict == NF_DROP) | ||
235 | kfree_skb(skb); | ||
236 | |||
237 | kfree(info); | 236 | kfree(info); |
238 | return; | 237 | return; |
239 | } | 238 | } |
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index 5fe4c9df17f5..a9f4f6f3c628 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c | |||
@@ -113,6 +113,21 @@ checkentry(const char *tablename, | |||
113 | if (!(info->bitmask & XT_PHYSDEV_OP_MASK) || | 113 | if (!(info->bitmask & XT_PHYSDEV_OP_MASK) || |
114 | info->bitmask & ~XT_PHYSDEV_OP_MASK) | 114 | info->bitmask & ~XT_PHYSDEV_OP_MASK) |
115 | return 0; | 115 | return 0; |
116 | if (brnf_deferred_hooks == 0 && | ||
117 | info->bitmask & XT_PHYSDEV_OP_OUT && | ||
118 | (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) || | ||
119 | info->invert & XT_PHYSDEV_OP_BRIDGED) && | ||
120 | hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) | | ||
121 | (1 << NF_IP_POST_ROUTING))) { | ||
122 | printk(KERN_WARNING "physdev match: using --physdev-out in the " | ||
123 | "OUTPUT, FORWARD and POSTROUTING chains for non-bridged " | ||
124 | "traffic is deprecated and breaks other things, it will " | ||
125 | "be removed in January 2007. See Documentation/" | ||
126 | "feature-removal-schedule.txt for details. This doesn't " | ||
127 | "affect you in case you're using it for purely bridged " | ||
128 | "traffic.\n"); | ||
129 | brnf_deferred_hooks = 1; | ||
130 | } | ||
116 | return 1; | 131 | return 1; |
117 | } | 132 | } |
118 | 133 | ||
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 3ac703b5cb8f..d2f5320a80bf 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
@@ -9,6 +9,8 @@ | |||
9 | #include <linux/skbuff.h> | 9 | #include <linux/skbuff.h> |
10 | #include <linux/if_ether.h> | 10 | #include <linux/if_ether.h> |
11 | #include <linux/if_packet.h> | 11 | #include <linux/if_packet.h> |
12 | #include <linux/in.h> | ||
13 | #include <linux/ip.h> | ||
12 | 14 | ||
13 | #include <linux/netfilter/xt_pkttype.h> | 15 | #include <linux/netfilter/xt_pkttype.h> |
14 | #include <linux/netfilter/x_tables.h> | 16 | #include <linux/netfilter/x_tables.h> |
@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb, | |||
28 | unsigned int protoff, | 30 | unsigned int protoff, |
29 | int *hotdrop) | 31 | int *hotdrop) |
30 | { | 32 | { |
33 | u_int8_t type; | ||
31 | const struct xt_pkttype_info *info = matchinfo; | 34 | const struct xt_pkttype_info *info = matchinfo; |
32 | 35 | ||
33 | return (skb->pkt_type == info->pkttype) ^ info->invert; | 36 | if (skb->pkt_type == PACKET_LOOPBACK) |
37 | type = (MULTICAST(skb->nh.iph->daddr) | ||
38 | ? PACKET_MULTICAST | ||
39 | : PACKET_BROADCAST); | ||
40 | else | ||
41 | type = skb->pkt_type; | ||
42 | |||
43 | return (type == info->pkttype) ^ info->invert; | ||
34 | } | 44 | } |
35 | 45 | ||
36 | static struct xt_match pkttype_match = { | 46 | static struct xt_match pkttype_match = { |