diff options
| -rw-r--r-- | drivers/net/tg3.c | 25 | ||||
| -rw-r--r-- | include/linux/in6.h | 12 | ||||
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 16 | ||||
| -rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 25 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 27 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 27 | ||||
| -rw-r--r-- | include/linux/pci_regs.h | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_queue.c | 7 | ||||
| -rw-r--r-- | net/ipv4/tcp.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_queue.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_log.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue.c | 7 |
13 files changed, 92 insertions, 73 deletions
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c index 06e4f77b0988..1dbdd6bb587b 100644 --- a/drivers/net/tg3.c +++ b/drivers/net/tg3.c | |||
| @@ -68,8 +68,8 @@ | |||
| 68 | 68 | ||
| 69 | #define DRV_MODULE_NAME "tg3" | 69 | #define DRV_MODULE_NAME "tg3" |
| 70 | #define PFX DRV_MODULE_NAME ": " | 70 | #define PFX DRV_MODULE_NAME ": " |
| 71 | #define DRV_MODULE_VERSION "3.68" | 71 | #define DRV_MODULE_VERSION "3.69" |
| 72 | #define DRV_MODULE_RELDATE "November 02, 2006" | 72 | #define DRV_MODULE_RELDATE "November 15, 2006" |
| 73 | 73 | ||
| 74 | #define TG3_DEF_MAC_MODE 0 | 74 | #define TG3_DEF_MAC_MODE 0 |
| 75 | #define TG3_DEF_RX_MODE 0 | 75 | #define TG3_DEF_RX_MODE 0 |
| @@ -4728,10 +4728,11 @@ static int tg3_poll_fw(struct tg3 *tp) | |||
| 4728 | u32 val; | 4728 | u32 val; |
| 4729 | 4729 | ||
| 4730 | if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) { | 4730 | if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) { |
| 4731 | for (i = 0; i < 400; i++) { | 4731 | /* Wait up to 20ms for init done. */ |
| 4732 | for (i = 0; i < 200; i++) { | ||
| 4732 | if (tr32(VCPU_STATUS) & VCPU_STATUS_INIT_DONE) | 4733 | if (tr32(VCPU_STATUS) & VCPU_STATUS_INIT_DONE) |
| 4733 | return 0; | 4734 | return 0; |
| 4734 | udelay(10); | 4735 | udelay(100); |
| 4735 | } | 4736 | } |
| 4736 | return -ENODEV; | 4737 | return -ENODEV; |
| 4737 | } | 4738 | } |
| @@ -10365,7 +10366,7 @@ static int __devinit tg3_get_invariants(struct tg3 *tp) | |||
| 10365 | u32 pci_state_reg, grc_misc_cfg; | 10366 | u32 pci_state_reg, grc_misc_cfg; |
| 10366 | u32 val; | 10367 | u32 val; |
| 10367 | u16 pci_cmd; | 10368 | u16 pci_cmd; |
| 10368 | int err; | 10369 | int err, pcie_cap; |
| 10369 | 10370 | ||
| 10370 | /* Force memory write invalidate off. If we leave it on, | 10371 | /* Force memory write invalidate off. If we leave it on, |
| 10371 | * then on 5700_BX chips we have to enable a workaround. | 10372 | * then on 5700_BX chips we have to enable a workaround. |
| @@ -10540,8 +10541,19 @@ static int __devinit tg3_get_invariants(struct tg3 *tp) | |||
| 10540 | GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906) | 10541 | GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906) |
| 10541 | tp->tg3_flags2 |= TG3_FLG2_JUMBO_CAPABLE; | 10542 | tp->tg3_flags2 |= TG3_FLG2_JUMBO_CAPABLE; |
| 10542 | 10543 | ||
| 10543 | if (pci_find_capability(tp->pdev, PCI_CAP_ID_EXP) != 0) | 10544 | pcie_cap = pci_find_capability(tp->pdev, PCI_CAP_ID_EXP); |
| 10545 | if (pcie_cap != 0) { | ||
| 10544 | tp->tg3_flags2 |= TG3_FLG2_PCI_EXPRESS; | 10546 | tp->tg3_flags2 |= TG3_FLG2_PCI_EXPRESS; |
| 10547 | if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906) { | ||
| 10548 | u16 lnkctl; | ||
| 10549 | |||
| 10550 | pci_read_config_word(tp->pdev, | ||
| 10551 | pcie_cap + PCI_EXP_LNKCTL, | ||
| 10552 | &lnkctl); | ||
| 10553 | if (lnkctl & PCI_EXP_LNKCTL_CLKREQ_EN) | ||
| 10554 | tp->tg3_flags2 &= ~TG3_FLG2_HW_TSO_2; | ||
| 10555 | } | ||
| 10556 | } | ||
| 10545 | 10557 | ||
| 10546 | /* If we have an AMD 762 or VIA K8T800 chipset, write | 10558 | /* If we have an AMD 762 or VIA K8T800 chipset, write |
| 10547 | * reordering to the mailbox registers done by the host | 10559 | * reordering to the mailbox registers done by the host |
| @@ -11808,6 +11820,7 @@ static int __devinit tg3_init_one(struct pci_dev *pdev, | |||
| 11808 | else if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5700 || | 11820 | else if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5700 || |
| 11809 | GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5701 || | 11821 | GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5701 || |
| 11810 | tp->pci_chip_rev_id == CHIPREV_ID_5705_A0 || | 11822 | tp->pci_chip_rev_id == CHIPREV_ID_5705_A0 || |
| 11823 | GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5906 || | ||
| 11811 | (tp->tg3_flags & TG3_FLAG_ENABLE_ASF) != 0) { | 11824 | (tp->tg3_flags & TG3_FLAG_ENABLE_ASF) != 0) { |
| 11812 | tp->tg3_flags2 &= ~TG3_FLG2_TSO_CAPABLE; | 11825 | tp->tg3_flags2 &= ~TG3_FLG2_TSO_CAPABLE; |
| 11813 | } else { | 11826 | } else { |
diff --git a/include/linux/in6.h b/include/linux/in6.h index 9be6a4756f0b..f28621f638e0 100644 --- a/include/linux/in6.h +++ b/include/linux/in6.h | |||
| @@ -225,7 +225,7 @@ struct in6_flowlabel_req | |||
| 225 | #endif | 225 | #endif |
| 226 | 226 | ||
| 227 | /* | 227 | /* |
| 228 | * Netfilter | 228 | * Netfilter (1) |
| 229 | * | 229 | * |
| 230 | * Following socket options are used in ip6_tables; | 230 | * Following socket options are used in ip6_tables; |
| 231 | * see include/linux/netfilter_ipv6/ip6_tables.h. | 231 | * see include/linux/netfilter_ipv6/ip6_tables.h. |
| @@ -240,4 +240,14 @@ struct in6_flowlabel_req | |||
| 240 | #define IPV6_RECVTCLASS 66 | 240 | #define IPV6_RECVTCLASS 66 |
| 241 | #define IPV6_TCLASS 67 | 241 | #define IPV6_TCLASS 67 |
| 242 | 242 | ||
| 243 | /* | ||
| 244 | * Netfilter (2) | ||
| 245 | * | ||
| 246 | * Following socket options are used in ip6_tables; | ||
| 247 | * see include/linux/netfilter_ipv6/ip6_tables.h. | ||
| 248 | * | ||
| 249 | * IP6T_SO_GET_REVISION_MATCH 68 | ||
| 250 | * IP6T_SO_GET_REVISION_TARGET 69 | ||
| 251 | */ | ||
| 252 | |||
| 243 | #endif | 253 | #endif |
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 04319a76103a..022edfa97ed9 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -96,22 +96,6 @@ struct _xt_align | |||
| 96 | /* Error verdict. */ | 96 | /* Error verdict. */ |
| 97 | #define XT_ERROR_TARGET "ERROR" | 97 | #define XT_ERROR_TARGET "ERROR" |
| 98 | 98 | ||
| 99 | /* | ||
| 100 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | ||
| 101 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | ||
| 102 | * socket for this. Instead we check rights in the calls. */ | ||
| 103 | #define XT_BASE_CTL 64 /* base for firewall socket options */ | ||
| 104 | |||
| 105 | #define XT_SO_SET_REPLACE (XT_BASE_CTL) | ||
| 106 | #define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1) | ||
| 107 | #define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS | ||
| 108 | |||
| 109 | #define XT_SO_GET_INFO (XT_BASE_CTL) | ||
| 110 | #define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1) | ||
| 111 | #define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2) | ||
| 112 | #define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3) | ||
| 113 | #define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | ||
| 114 | |||
| 115 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) | 99 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) |
| 116 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) | 100 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) |
| 117 | 101 | ||
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 44e39b61d9e7..0be235418a2f 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
| @@ -112,19 +112,20 @@ struct arpt_entry | |||
| 112 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 112 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 113 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | 113 | * Unlike BSD Linux inherits IP options so you don't have to use a raw |
| 114 | * socket for this. Instead we check rights in the calls. | 114 | * socket for this. Instead we check rights in the calls. |
| 115 | * | ||
| 116 | * ATTENTION: check linux/in.h before adding new number here. | ||
| 115 | */ | 117 | */ |
| 116 | #define ARPT_CTL_OFFSET 32 | 118 | #define ARPT_BASE_CTL 96 |
| 117 | #define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET) | 119 | |
| 118 | 120 | #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) | |
| 119 | #define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET) | 121 | #define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) |
| 120 | #define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET) | 122 | #define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS |
| 121 | #define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET) | 123 | |
| 122 | 124 | #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) | |
| 123 | #define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET) | 125 | #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) |
| 124 | #define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET) | 126 | /* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */ |
| 125 | /* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */ | 127 | #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) |
| 126 | #define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) | 128 | #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) |
| 127 | #define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) | ||
| 128 | 129 | ||
| 129 | /* CONTINUE verdict for targets */ | 130 | /* CONTINUE verdict for targets */ |
| 130 | #define ARPT_CONTINUE XT_CONTINUE | 131 | #define ARPT_CONTINUE XT_CONTINUE |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index a536bbdef145..4f06dad0bde9 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -101,18 +101,21 @@ struct ipt_entry | |||
| 101 | /* | 101 | /* |
| 102 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 102 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 103 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | 103 | * Unlike BSD Linux inherits IP options so you don't have to use a raw |
| 104 | * socket for this. Instead we check rights in the calls. */ | 104 | * socket for this. Instead we check rights in the calls. |
| 105 | #define IPT_BASE_CTL XT_BASE_CTL | 105 | * |
| 106 | 106 | * ATTENTION: check linux/in.h before adding new number here. | |
| 107 | #define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE | 107 | */ |
| 108 | #define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS | 108 | #define IPT_BASE_CTL 64 |
| 109 | #define IPT_SO_SET_MAX XT_SO_SET_MAX | 109 | |
| 110 | 110 | #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) | |
| 111 | #define IPT_SO_GET_INFO XT_SO_GET_INFO | 111 | #define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) |
| 112 | #define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES | 112 | #define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS |
| 113 | #define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH | 113 | |
| 114 | #define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET | 114 | #define IPT_SO_GET_INFO (IPT_BASE_CTL) |
| 115 | #define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | 115 | #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) |
| 116 | #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) | ||
| 117 | #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) | ||
| 118 | #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET | ||
| 116 | 119 | ||
| 117 | #define IPT_CONTINUE XT_CONTINUE | 120 | #define IPT_CONTINUE XT_CONTINUE |
| 118 | #define IPT_RETURN XT_RETURN | 121 | #define IPT_RETURN XT_RETURN |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index d7a8e9c0dad0..4aed340401db 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -107,18 +107,21 @@ struct ip6t_entry | |||
| 107 | /* | 107 | /* |
| 108 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 108 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 109 | * Unlike BSD Linux inherits IP options so you don't have to use | 109 | * Unlike BSD Linux inherits IP options so you don't have to use |
| 110 | * a raw socket for this. Instead we check rights in the calls. */ | 110 | * a raw socket for this. Instead we check rights in the calls. |
| 111 | #define IP6T_BASE_CTL XT_BASE_CTL | 111 | * |
| 112 | 112 | * ATTENTION: check linux/in6.h before adding new number here. | |
| 113 | #define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE | 113 | */ |
| 114 | #define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS | 114 | #define IP6T_BASE_CTL 64 |
| 115 | #define IP6T_SO_SET_MAX XT_SO_SET_MAX | 115 | |
| 116 | 116 | #define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) | |
| 117 | #define IP6T_SO_GET_INFO XT_SO_GET_INFO | 117 | #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) |
| 118 | #define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES | 118 | #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS |
| 119 | #define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH | 119 | |
| 120 | #define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET | 120 | #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) |
| 121 | #define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET | 121 | #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) |
| 122 | #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) | ||
| 123 | #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) | ||
| 124 | #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET | ||
| 122 | 125 | ||
| 123 | /* CONTINUE verdict for targets */ | 126 | /* CONTINUE verdict for targets */ |
| 124 | #define IP6T_CONTINUE XT_CONTINUE | 127 | #define IP6T_CONTINUE XT_CONTINUE |
diff --git a/include/linux/pci_regs.h b/include/linux/pci_regs.h index c312a12ad2d6..c321316f1bc7 100644 --- a/include/linux/pci_regs.h +++ b/include/linux/pci_regs.h | |||
| @@ -371,6 +371,7 @@ | |||
| 371 | #define PCI_EXP_DEVSTA_TRPND 0x20 /* Transactions Pending */ | 371 | #define PCI_EXP_DEVSTA_TRPND 0x20 /* Transactions Pending */ |
| 372 | #define PCI_EXP_LNKCAP 12 /* Link Capabilities */ | 372 | #define PCI_EXP_LNKCAP 12 /* Link Capabilities */ |
| 373 | #define PCI_EXP_LNKCTL 16 /* Link Control */ | 373 | #define PCI_EXP_LNKCTL 16 /* Link Control */ |
| 374 | #define PCI_EXP_LNKCTL_CLKREQ_EN 0x100 /* Enable clkreq */ | ||
| 374 | #define PCI_EXP_LNKSTA 18 /* Link Status */ | 375 | #define PCI_EXP_LNKSTA 18 /* Link Status */ |
| 375 | #define PCI_EXP_SLTCAP 20 /* Slot Capabilities */ | 376 | #define PCI_EXP_SLTCAP 20 /* Slot Capabilities */ |
| 376 | #define PCI_EXP_SLTCTL 24 /* Slot Control */ | 377 | #define PCI_EXP_SLTCTL 24 /* Slot Control */ |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index 7edad790478a..97556cc2e4e0 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
| @@ -351,9 +351,10 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
| 351 | if (v->data_len < sizeof(*user_iph)) | 351 | if (v->data_len < sizeof(*user_iph)) |
| 352 | return 0; | 352 | return 0; |
| 353 | diff = v->data_len - e->skb->len; | 353 | diff = v->data_len - e->skb->len; |
| 354 | if (diff < 0) | 354 | if (diff < 0) { |
| 355 | skb_trim(e->skb, v->data_len); | 355 | if (pskb_trim(e->skb, v->data_len)) |
| 356 | else if (diff > 0) { | 356 | return -ENOMEM; |
| 357 | } else if (diff > 0) { | ||
| 357 | if (v->data_len > 0xFFFF) | 358 | if (v->data_len > 0xFFFF) |
| 358 | return -EINVAL; | 359 | return -EINVAL; |
| 359 | if (diff > skb_tailroom(e->skb)) { | 360 | if (diff > skb_tailroom(e->skb)) { |
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 4322318ab332..c05e8edaf544 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
| @@ -2316,9 +2316,10 @@ void __init tcp_init(void) | |||
| 2316 | sysctl_max_syn_backlog = 128; | 2316 | sysctl_max_syn_backlog = 128; |
| 2317 | } | 2317 | } |
| 2318 | 2318 | ||
| 2319 | sysctl_tcp_mem[0] = 768 << order; | 2319 | /* Allow no more than 3/4 kernel memory (usually less) allocated to TCP */ |
| 2320 | sysctl_tcp_mem[1] = 1024 << order; | 2320 | sysctl_tcp_mem[0] = (1536 / sizeof (struct inet_bind_hashbucket)) << order; |
| 2321 | sysctl_tcp_mem[2] = 1536 << order; | 2321 | sysctl_tcp_mem[1] = sysctl_tcp_mem[0] * 4 / 3; |
| 2322 | sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2; | ||
| 2322 | 2323 | ||
| 2323 | limit = ((unsigned long)sysctl_tcp_mem[1]) << (PAGE_SHIFT - 7); | 2324 | limit = ((unsigned long)sysctl_tcp_mem[1]) << (PAGE_SHIFT - 7); |
| 2324 | max_share = min(4UL*1024*1024, limit); | 2325 | max_share = min(4UL*1024*1024, limit); |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 9510c24ca8d2..9fec832ee08b 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
| @@ -349,9 +349,10 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
| 349 | if (v->data_len < sizeof(*user_iph)) | 349 | if (v->data_len < sizeof(*user_iph)) |
| 350 | return 0; | 350 | return 0; |
| 351 | diff = v->data_len - e->skb->len; | 351 | diff = v->data_len - e->skb->len; |
| 352 | if (diff < 0) | 352 | if (diff < 0) { |
| 353 | skb_trim(e->skb, v->data_len); | 353 | if (pskb_trim(e->skb, v->data_len)) |
| 354 | else if (diff > 0) { | 354 | return -ENOMEM; |
| 355 | } else if (diff > 0) { | ||
| 355 | if (v->data_len > 0xFFFF) | 356 | if (v->data_len > 0xFFFF) |
| 356 | return -EINVAL; | 357 | return -EINVAL; |
| 357 | if (diff > skb_tailroom(e->skb)) { | 358 | if (diff > skb_tailroom(e->skb)) { |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 167c2ea88f6b..204e02162d49 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -1494,7 +1494,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, | |||
| 1494 | if (_frag_off) { | 1494 | if (_frag_off) { |
| 1495 | if (target < 0 && | 1495 | if (target < 0 && |
| 1496 | ((!ipv6_ext_hdr(hp->nexthdr)) || | 1496 | ((!ipv6_ext_hdr(hp->nexthdr)) || |
| 1497 | nexthdr == NEXTHDR_NONE)) { | 1497 | hp->nexthdr == NEXTHDR_NONE)) { |
| 1498 | if (fragoff) | 1498 | if (fragoff) |
| 1499 | *fragoff = _frag_off; | 1499 | *fragoff = _frag_off; |
| 1500 | return hp->nexthdr; | 1500 | return hp->nexthdr; |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index b2bf8f2e01da..1e5207b80fe5 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
| @@ -544,7 +544,7 @@ __build_packet_message(struct nfulnl_instance *inst, | |||
| 544 | } | 544 | } |
| 545 | /* global sequence number */ | 545 | /* global sequence number */ |
| 546 | if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) { | 546 | if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) { |
| 547 | tmp_uint = atomic_inc_return(&global_seq); | 547 | tmp_uint = htonl(atomic_inc_return(&global_seq)); |
| 548 | NFA_PUT(inst->skb, NFULA_SEQ_GLOBAL, sizeof(tmp_uint), &tmp_uint); | 548 | NFA_PUT(inst->skb, NFULA_SEQ_GLOBAL, sizeof(tmp_uint), &tmp_uint); |
| 549 | } | 549 | } |
| 550 | 550 | ||
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 6e4ada3c1844..e815a9aa6e95 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
| @@ -622,9 +622,10 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) | |||
| 622 | int diff; | 622 | int diff; |
| 623 | 623 | ||
| 624 | diff = data_len - e->skb->len; | 624 | diff = data_len - e->skb->len; |
| 625 | if (diff < 0) | 625 | if (diff < 0) { |
| 626 | skb_trim(e->skb, data_len); | 626 | if (pskb_trim(e->skb, data_len)) |
| 627 | else if (diff > 0) { | 627 | return -ENOMEM; |
| 628 | } else if (diff > 0) { | ||
| 628 | if (data_len > 0xFFFF) | 629 | if (data_len > 0xFFFF) |
| 629 | return -EINVAL; | 630 | return -EINVAL; |
| 630 | if (diff > skb_tailroom(e->skb)) { | 631 | if (diff > skb_tailroom(e->skb)) { |