diff options
-rw-r--r-- | include/net/ip_vs.h | 8 | ||||
-rw-r--r-- | include/uapi/linux/ip_vs.h | 4 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_conn.c | 14 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_core.c | 7 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 55 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_lblc.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_lblcr.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_pe_sip.c | 3 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_proto_sctp.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_sync.c | 21 | ||||
-rw-r--r-- | net/netfilter/nf_nat_core.c | 1 |
11 files changed, 64 insertions, 55 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index f9f5b057b480..4c062ccff9aa 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
@@ -678,7 +678,7 @@ struct ip_vs_service_user_kern { | |||
678 | u16 af; | 678 | u16 af; |
679 | u16 protocol; | 679 | u16 protocol; |
680 | union nf_inet_addr addr; /* virtual ip address */ | 680 | union nf_inet_addr addr; /* virtual ip address */ |
681 | u16 port; | 681 | __be16 port; |
682 | u32 fwmark; /* firwall mark of service */ | 682 | u32 fwmark; /* firwall mark of service */ |
683 | 683 | ||
684 | /* virtual service options */ | 684 | /* virtual service options */ |
@@ -686,14 +686,14 @@ struct ip_vs_service_user_kern { | |||
686 | char *pe_name; | 686 | char *pe_name; |
687 | unsigned int flags; /* virtual service flags */ | 687 | unsigned int flags; /* virtual service flags */ |
688 | unsigned int timeout; /* persistent timeout in sec */ | 688 | unsigned int timeout; /* persistent timeout in sec */ |
689 | u32 netmask; /* persistent netmask */ | 689 | __be32 netmask; /* persistent netmask or plen */ |
690 | }; | 690 | }; |
691 | 691 | ||
692 | 692 | ||
693 | struct ip_vs_dest_user_kern { | 693 | struct ip_vs_dest_user_kern { |
694 | /* destination server address */ | 694 | /* destination server address */ |
695 | union nf_inet_addr addr; | 695 | union nf_inet_addr addr; |
696 | u16 port; | 696 | __be16 port; |
697 | 697 | ||
698 | /* real server options */ | 698 | /* real server options */ |
699 | unsigned int conn_flags; /* connection flags */ | 699 | unsigned int conn_flags; /* connection flags */ |
@@ -721,7 +721,7 @@ struct ip_vs_service { | |||
721 | __u32 fwmark; /* firewall mark of the service */ | 721 | __u32 fwmark; /* firewall mark of the service */ |
722 | unsigned int flags; /* service status flags */ | 722 | unsigned int flags; /* service status flags */ |
723 | unsigned int timeout; /* persistent timeout in ticks */ | 723 | unsigned int timeout; /* persistent timeout in ticks */ |
724 | __be32 netmask; /* grouping granularity */ | 724 | __be32 netmask; /* grouping granularity, mask/plen */ |
725 | struct net *net; | 725 | struct net *net; |
726 | 726 | ||
727 | struct list_head destinations; /* real server d-linked list */ | 727 | struct list_head destinations; /* real server d-linked list */ |
diff --git a/include/uapi/linux/ip_vs.h b/include/uapi/linux/ip_vs.h index 8a2d438dc499..a24537725e80 100644 --- a/include/uapi/linux/ip_vs.h +++ b/include/uapi/linux/ip_vs.h | |||
@@ -280,8 +280,8 @@ struct ip_vs_daemon_user { | |||
280 | #define IPVS_GENL_VERSION 0x1 | 280 | #define IPVS_GENL_VERSION 0x1 |
281 | 281 | ||
282 | struct ip_vs_flags { | 282 | struct ip_vs_flags { |
283 | __be32 flags; | 283 | __u32 flags; |
284 | __be32 mask; | 284 | __u32 mask; |
285 | }; | 285 | }; |
286 | 286 | ||
287 | /* Generic Netlink command attributes */ | 287 | /* Generic Netlink command attributes */ |
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index de6475894a39..a083bda322b6 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c | |||
@@ -966,7 +966,6 @@ static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos) | |||
966 | struct ip_vs_iter_state *iter = seq->private; | 966 | struct ip_vs_iter_state *iter = seq->private; |
967 | 967 | ||
968 | for (idx = 0; idx < ip_vs_conn_tab_size; idx++) { | 968 | for (idx = 0; idx < ip_vs_conn_tab_size; idx++) { |
969 | rcu_read_lock(); | ||
970 | hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[idx], c_list) { | 969 | hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[idx], c_list) { |
971 | /* __ip_vs_conn_get() is not needed by | 970 | /* __ip_vs_conn_get() is not needed by |
972 | * ip_vs_conn_seq_show and ip_vs_conn_sync_seq_show | 971 | * ip_vs_conn_seq_show and ip_vs_conn_sync_seq_show |
@@ -977,16 +976,19 @@ static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos) | |||
977 | } | 976 | } |
978 | } | 977 | } |
979 | rcu_read_unlock(); | 978 | rcu_read_unlock(); |
979 | rcu_read_lock(); | ||
980 | } | 980 | } |
981 | 981 | ||
982 | return NULL; | 982 | return NULL; |
983 | } | 983 | } |
984 | 984 | ||
985 | static void *ip_vs_conn_seq_start(struct seq_file *seq, loff_t *pos) | 985 | static void *ip_vs_conn_seq_start(struct seq_file *seq, loff_t *pos) |
986 | __acquires(RCU) | ||
986 | { | 987 | { |
987 | struct ip_vs_iter_state *iter = seq->private; | 988 | struct ip_vs_iter_state *iter = seq->private; |
988 | 989 | ||
989 | iter->l = NULL; | 990 | iter->l = NULL; |
991 | rcu_read_lock(); | ||
990 | return *pos ? ip_vs_conn_array(seq, *pos - 1) :SEQ_START_TOKEN; | 992 | return *pos ? ip_vs_conn_array(seq, *pos - 1) :SEQ_START_TOKEN; |
991 | } | 993 | } |
992 | 994 | ||
@@ -1006,28 +1008,24 @@ static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos) | |||
1006 | e = rcu_dereference(hlist_next_rcu(&cp->c_list)); | 1008 | e = rcu_dereference(hlist_next_rcu(&cp->c_list)); |
1007 | if (e) | 1009 | if (e) |
1008 | return hlist_entry(e, struct ip_vs_conn, c_list); | 1010 | return hlist_entry(e, struct ip_vs_conn, c_list); |
1009 | rcu_read_unlock(); | ||
1010 | 1011 | ||
1011 | idx = l - ip_vs_conn_tab; | 1012 | idx = l - ip_vs_conn_tab; |
1012 | while (++idx < ip_vs_conn_tab_size) { | 1013 | while (++idx < ip_vs_conn_tab_size) { |
1013 | rcu_read_lock(); | ||
1014 | hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[idx], c_list) { | 1014 | hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[idx], c_list) { |
1015 | iter->l = &ip_vs_conn_tab[idx]; | 1015 | iter->l = &ip_vs_conn_tab[idx]; |
1016 | return cp; | 1016 | return cp; |
1017 | } | 1017 | } |
1018 | rcu_read_unlock(); | 1018 | rcu_read_unlock(); |
1019 | rcu_read_lock(); | ||
1019 | } | 1020 | } |
1020 | iter->l = NULL; | 1021 | iter->l = NULL; |
1021 | return NULL; | 1022 | return NULL; |
1022 | } | 1023 | } |
1023 | 1024 | ||
1024 | static void ip_vs_conn_seq_stop(struct seq_file *seq, void *v) | 1025 | static void ip_vs_conn_seq_stop(struct seq_file *seq, void *v) |
1026 | __releases(RCU) | ||
1025 | { | 1027 | { |
1026 | struct ip_vs_iter_state *iter = seq->private; | 1028 | rcu_read_unlock(); |
1027 | struct hlist_head *l = iter->l; | ||
1028 | |||
1029 | if (l) | ||
1030 | rcu_read_unlock(); | ||
1031 | } | 1029 | } |
1032 | 1030 | ||
1033 | static int ip_vs_conn_seq_show(struct seq_file *seq, void *v) | 1031 | static int ip_vs_conn_seq_show(struct seq_file *seq, void *v) |
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index f26fe3353a30..085b5880ab0d 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c | |||
@@ -235,7 +235,8 @@ ip_vs_sched_persist(struct ip_vs_service *svc, | |||
235 | /* Mask saddr with the netmask to adjust template granularity */ | 235 | /* Mask saddr with the netmask to adjust template granularity */ |
236 | #ifdef CONFIG_IP_VS_IPV6 | 236 | #ifdef CONFIG_IP_VS_IPV6 |
237 | if (svc->af == AF_INET6) | 237 | if (svc->af == AF_INET6) |
238 | ipv6_addr_prefix(&snet.in6, &iph->saddr.in6, svc->netmask); | 238 | ipv6_addr_prefix(&snet.in6, &iph->saddr.in6, |
239 | (__force __u32) svc->netmask); | ||
239 | else | 240 | else |
240 | #endif | 241 | #endif |
241 | snet.ip = iph->saddr.ip & svc->netmask; | 242 | snet.ip = iph->saddr.ip & svc->netmask; |
@@ -583,9 +584,9 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, | |||
583 | #ifdef CONFIG_IP_VS_IPV6 | 584 | #ifdef CONFIG_IP_VS_IPV6 |
584 | if (svc->af == AF_INET6) { | 585 | if (svc->af == AF_INET6) { |
585 | if (!skb->dev) { | 586 | if (!skb->dev) { |
586 | struct net *net = dev_net(skb_dst(skb)->dev); | 587 | struct net *net_ = dev_net(skb_dst(skb)->dev); |
587 | 588 | ||
588 | skb->dev = net->loopback_dev; | 589 | skb->dev = net_->loopback_dev; |
589 | } | 590 | } |
590 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); | 591 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); |
591 | } else | 592 | } else |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 9e4074c26dc2..5b142fb16480 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
@@ -1164,9 +1164,13 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u, | |||
1164 | } | 1164 | } |
1165 | 1165 | ||
1166 | #ifdef CONFIG_IP_VS_IPV6 | 1166 | #ifdef CONFIG_IP_VS_IPV6 |
1167 | if (u->af == AF_INET6 && (u->netmask < 1 || u->netmask > 128)) { | 1167 | if (u->af == AF_INET6) { |
1168 | ret = -EINVAL; | 1168 | __u32 plen = (__force __u32) u->netmask; |
1169 | goto out_err; | 1169 | |
1170 | if (plen < 1 || plen > 128) { | ||
1171 | ret = -EINVAL; | ||
1172 | goto out_err; | ||
1173 | } | ||
1170 | } | 1174 | } |
1171 | #endif | 1175 | #endif |
1172 | 1176 | ||
@@ -1277,9 +1281,13 @@ ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u) | |||
1277 | } | 1281 | } |
1278 | 1282 | ||
1279 | #ifdef CONFIG_IP_VS_IPV6 | 1283 | #ifdef CONFIG_IP_VS_IPV6 |
1280 | if (u->af == AF_INET6 && (u->netmask < 1 || u->netmask > 128)) { | 1284 | if (u->af == AF_INET6) { |
1281 | ret = -EINVAL; | 1285 | __u32 plen = (__force __u32) u->netmask; |
1282 | goto out; | 1286 | |
1287 | if (plen < 1 || plen > 128) { | ||
1288 | ret = -EINVAL; | ||
1289 | goto out; | ||
1290 | } | ||
1283 | } | 1291 | } |
1284 | #endif | 1292 | #endif |
1285 | 1293 | ||
@@ -1460,8 +1468,11 @@ void ip_vs_service_net_cleanup(struct net *net) | |||
1460 | static inline void | 1468 | static inline void |
1461 | ip_vs_forget_dev(struct ip_vs_dest *dest, struct net_device *dev) | 1469 | ip_vs_forget_dev(struct ip_vs_dest *dest, struct net_device *dev) |
1462 | { | 1470 | { |
1471 | struct ip_vs_dest_dst *dest_dst; | ||
1472 | |||
1463 | spin_lock_bh(&dest->dst_lock); | 1473 | spin_lock_bh(&dest->dst_lock); |
1464 | if (dest->dest_dst && dest->dest_dst->dst_cache->dev == dev) { | 1474 | dest_dst = rcu_dereference_protected(dest->dest_dst, 1); |
1475 | if (dest_dst && dest_dst->dst_cache->dev == dev) { | ||
1465 | IP_VS_DBG_BUF(3, "Reset dev:%s dest %s:%u ,dest->refcnt=%d\n", | 1476 | IP_VS_DBG_BUF(3, "Reset dev:%s dest %s:%u ,dest->refcnt=%d\n", |
1466 | dev->name, | 1477 | dev->name, |
1467 | IP_VS_DBG_ADDR(dest->af, &dest->addr), | 1478 | IP_VS_DBG_ADDR(dest->af, &dest->addr), |
@@ -1934,8 +1945,8 @@ static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos) | |||
1934 | } | 1945 | } |
1935 | 1946 | ||
1936 | static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos) | 1947 | static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos) |
1948 | __acquires(RCU) | ||
1937 | { | 1949 | { |
1938 | |||
1939 | rcu_read_lock(); | 1950 | rcu_read_lock(); |
1940 | return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN; | 1951 | return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN; |
1941 | } | 1952 | } |
@@ -1990,6 +2001,7 @@ static void *ip_vs_info_seq_next(struct seq_file *seq, void *v, loff_t *pos) | |||
1990 | } | 2001 | } |
1991 | 2002 | ||
1992 | static void ip_vs_info_seq_stop(struct seq_file *seq, void *v) | 2003 | static void ip_vs_info_seq_stop(struct seq_file *seq, void *v) |
2004 | __releases(RCU) | ||
1993 | { | 2005 | { |
1994 | rcu_read_unlock(); | 2006 | rcu_read_unlock(); |
1995 | } | 2007 | } |
@@ -2134,7 +2146,7 @@ static int ip_vs_stats_percpu_show(struct seq_file *seq, void *v) | |||
2134 | { | 2146 | { |
2135 | struct net *net = seq_file_single_net(seq); | 2147 | struct net *net = seq_file_single_net(seq); |
2136 | struct ip_vs_stats *tot_stats = &net_ipvs(net)->tot_stats; | 2148 | struct ip_vs_stats *tot_stats = &net_ipvs(net)->tot_stats; |
2137 | struct ip_vs_cpu_stats *cpustats = tot_stats->cpustats; | 2149 | struct ip_vs_cpu_stats __percpu *cpustats = tot_stats->cpustats; |
2138 | struct ip_vs_stats_user rates; | 2150 | struct ip_vs_stats_user rates; |
2139 | int i; | 2151 | int i; |
2140 | 2152 | ||
@@ -2871,6 +2883,7 @@ static int ip_vs_genl_fill_service(struct sk_buff *skb, | |||
2871 | struct ip_vs_service *svc) | 2883 | struct ip_vs_service *svc) |
2872 | { | 2884 | { |
2873 | struct ip_vs_scheduler *sched; | 2885 | struct ip_vs_scheduler *sched; |
2886 | struct ip_vs_pe *pe; | ||
2874 | struct nlattr *nl_service; | 2887 | struct nlattr *nl_service; |
2875 | struct ip_vs_flags flags = { .flags = svc->flags, | 2888 | struct ip_vs_flags flags = { .flags = svc->flags, |
2876 | .mask = ~0 }; | 2889 | .mask = ~0 }; |
@@ -2887,17 +2900,17 @@ static int ip_vs_genl_fill_service(struct sk_buff *skb, | |||
2887 | } else { | 2900 | } else { |
2888 | if (nla_put_u16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol) || | 2901 | if (nla_put_u16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol) || |
2889 | nla_put(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr) || | 2902 | nla_put(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr) || |
2890 | nla_put_u16(skb, IPVS_SVC_ATTR_PORT, svc->port)) | 2903 | nla_put_be16(skb, IPVS_SVC_ATTR_PORT, svc->port)) |
2891 | goto nla_put_failure; | 2904 | goto nla_put_failure; |
2892 | } | 2905 | } |
2893 | 2906 | ||
2894 | sched = rcu_dereference_protected(svc->scheduler, 1); | 2907 | sched = rcu_dereference_protected(svc->scheduler, 1); |
2908 | pe = rcu_dereference_protected(svc->pe, 1); | ||
2895 | if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched->name) || | 2909 | if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched->name) || |
2896 | (svc->pe && | 2910 | (pe && nla_put_string(skb, IPVS_SVC_ATTR_PE_NAME, pe->name)) || |
2897 | nla_put_string(skb, IPVS_SVC_ATTR_PE_NAME, svc->pe->name)) || | ||
2898 | nla_put(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags) || | 2911 | nla_put(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags) || |
2899 | nla_put_u32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ) || | 2912 | nla_put_u32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ) || |
2900 | nla_put_u32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask)) | 2913 | nla_put_be32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask)) |
2901 | goto nla_put_failure; | 2914 | goto nla_put_failure; |
2902 | if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &svc->stats)) | 2915 | if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &svc->stats)) |
2903 | goto nla_put_failure; | 2916 | goto nla_put_failure; |
@@ -3010,7 +3023,7 @@ static int ip_vs_genl_parse_service(struct net *net, | |||
3010 | } else { | 3023 | } else { |
3011 | usvc->protocol = nla_get_u16(nla_protocol); | 3024 | usvc->protocol = nla_get_u16(nla_protocol); |
3012 | nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr)); | 3025 | nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr)); |
3013 | usvc->port = nla_get_u16(nla_port); | 3026 | usvc->port = nla_get_be16(nla_port); |
3014 | usvc->fwmark = 0; | 3027 | usvc->fwmark = 0; |
3015 | } | 3028 | } |
3016 | 3029 | ||
@@ -3050,7 +3063,7 @@ static int ip_vs_genl_parse_service(struct net *net, | |||
3050 | usvc->sched_name = nla_data(nla_sched); | 3063 | usvc->sched_name = nla_data(nla_sched); |
3051 | usvc->pe_name = nla_pe ? nla_data(nla_pe) : NULL; | 3064 | usvc->pe_name = nla_pe ? nla_data(nla_pe) : NULL; |
3052 | usvc->timeout = nla_get_u32(nla_timeout); | 3065 | usvc->timeout = nla_get_u32(nla_timeout); |
3053 | usvc->netmask = nla_get_u32(nla_netmask); | 3066 | usvc->netmask = nla_get_be32(nla_netmask); |
3054 | } | 3067 | } |
3055 | 3068 | ||
3056 | return 0; | 3069 | return 0; |
@@ -3076,7 +3089,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) | |||
3076 | return -EMSGSIZE; | 3089 | return -EMSGSIZE; |
3077 | 3090 | ||
3078 | if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || | 3091 | if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || |
3079 | nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) || | 3092 | nla_put_be16(skb, IPVS_DEST_ATTR_PORT, dest->port) || |
3080 | nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, | 3093 | nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, |
3081 | (atomic_read(&dest->conn_flags) & | 3094 | (atomic_read(&dest->conn_flags) & |
3082 | IP_VS_CONN_F_FWD_MASK)) || | 3095 | IP_VS_CONN_F_FWD_MASK)) || |
@@ -3185,7 +3198,7 @@ static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest, | |||
3185 | memset(udest, 0, sizeof(*udest)); | 3198 | memset(udest, 0, sizeof(*udest)); |
3186 | 3199 | ||
3187 | nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr)); | 3200 | nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr)); |
3188 | udest->port = nla_get_u16(nla_port); | 3201 | udest->port = nla_get_be16(nla_port); |
3189 | 3202 | ||
3190 | /* If a full entry was requested, check for the additional fields */ | 3203 | /* If a full entry was requested, check for the additional fields */ |
3191 | if (full_entry) { | 3204 | if (full_entry) { |
@@ -3210,8 +3223,8 @@ static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest, | |||
3210 | return 0; | 3223 | return 0; |
3211 | } | 3224 | } |
3212 | 3225 | ||
3213 | static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __be32 state, | 3226 | static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __u32 state, |
3214 | const char *mcast_ifn, __be32 syncid) | 3227 | const char *mcast_ifn, __u32 syncid) |
3215 | { | 3228 | { |
3216 | struct nlattr *nl_daemon; | 3229 | struct nlattr *nl_daemon; |
3217 | 3230 | ||
@@ -3232,8 +3245,8 @@ nla_put_failure: | |||
3232 | return -EMSGSIZE; | 3245 | return -EMSGSIZE; |
3233 | } | 3246 | } |
3234 | 3247 | ||
3235 | static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __be32 state, | 3248 | static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __u32 state, |
3236 | const char *mcast_ifn, __be32 syncid, | 3249 | const char *mcast_ifn, __u32 syncid, |
3237 | struct netlink_callback *cb) | 3250 | struct netlink_callback *cb) |
3238 | { | 3251 | { |
3239 | void *hdr; | 3252 | void *hdr; |
diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c index b2cc2528a4df..5ea26bd87743 100644 --- a/net/netfilter/ipvs/ip_vs_lblc.c +++ b/net/netfilter/ipvs/ip_vs_lblc.c | |||
@@ -104,7 +104,7 @@ struct ip_vs_lblc_entry { | |||
104 | */ | 104 | */ |
105 | struct ip_vs_lblc_table { | 105 | struct ip_vs_lblc_table { |
106 | struct rcu_head rcu_head; | 106 | struct rcu_head rcu_head; |
107 | struct hlist_head __rcu bucket[IP_VS_LBLC_TAB_SIZE]; /* hash bucket */ | 107 | struct hlist_head bucket[IP_VS_LBLC_TAB_SIZE]; /* hash bucket */ |
108 | struct timer_list periodic_timer; /* collect stale entries */ | 108 | struct timer_list periodic_timer; /* collect stale entries */ |
109 | atomic_t entries; /* number of entries */ | 109 | atomic_t entries; /* number of entries */ |
110 | int max_size; /* maximum size of entries */ | 110 | int max_size; /* maximum size of entries */ |
diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c index feb9656eac58..50123c2ab484 100644 --- a/net/netfilter/ipvs/ip_vs_lblcr.c +++ b/net/netfilter/ipvs/ip_vs_lblcr.c | |||
@@ -284,7 +284,7 @@ struct ip_vs_lblcr_entry { | |||
284 | */ | 284 | */ |
285 | struct ip_vs_lblcr_table { | 285 | struct ip_vs_lblcr_table { |
286 | struct rcu_head rcu_head; | 286 | struct rcu_head rcu_head; |
287 | struct hlist_head __rcu bucket[IP_VS_LBLCR_TAB_SIZE]; /* hash bucket */ | 287 | struct hlist_head bucket[IP_VS_LBLCR_TAB_SIZE]; /* hash bucket */ |
288 | atomic_t entries; /* number of entries */ | 288 | atomic_t entries; /* number of entries */ |
289 | int max_size; /* maximum size of entries */ | 289 | int max_size; /* maximum size of entries */ |
290 | struct timer_list periodic_timer; /* collect stale entries */ | 290 | struct timer_list periodic_timer; /* collect stale entries */ |
diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c index 00cc0241ed87..9a8f4213e8a6 100644 --- a/net/netfilter/ipvs/ip_vs_pe_sip.c +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c | |||
@@ -13,7 +13,8 @@ static const char *ip_vs_dbg_callid(char *buf, size_t buf_len, | |||
13 | const char *callid, size_t callid_len, | 13 | const char *callid, size_t callid_len, |
14 | int *idx) | 14 | int *idx) |
15 | { | 15 | { |
16 | size_t len = min(min(callid_len, (size_t)64), buf_len - *idx - 1); | 16 | size_t max_len = 64; |
17 | size_t len = min3(max_len, callid_len, buf_len - *idx - 1); | ||
17 | memcpy(buf + *idx, callid, len); | 18 | memcpy(buf + *idx, callid, len); |
18 | buf[*idx+len] = '\0'; | 19 | buf[*idx+len] = '\0'; |
19 | *idx += len + 1; | 20 | *idx += len + 1; |
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c index 6e14a7b5602f..86464881cd20 100644 --- a/net/netfilter/ipvs/ip_vs_proto_sctp.c +++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c | |||
@@ -208,7 +208,7 @@ enum ipvs_sctp_event_t { | |||
208 | IP_VS_SCTP_EVE_LAST | 208 | IP_VS_SCTP_EVE_LAST |
209 | }; | 209 | }; |
210 | 210 | ||
211 | static enum ipvs_sctp_event_t sctp_events[255] = { | 211 | static enum ipvs_sctp_event_t sctp_events[256] = { |
212 | IP_VS_SCTP_EVE_DATA_CLI, | 212 | IP_VS_SCTP_EVE_DATA_CLI, |
213 | IP_VS_SCTP_EVE_INIT_CLI, | 213 | IP_VS_SCTP_EVE_INIT_CLI, |
214 | IP_VS_SCTP_EVE_INIT_ACK_CLI, | 214 | IP_VS_SCTP_EVE_INIT_ACK_CLI, |
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index 8e57077e5540..f6046d9af8d3 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c | |||
@@ -246,7 +246,7 @@ struct ip_vs_sync_thread_data { | |||
246 | struct ip_vs_sync_mesg_v0 { | 246 | struct ip_vs_sync_mesg_v0 { |
247 | __u8 nr_conns; | 247 | __u8 nr_conns; |
248 | __u8 syncid; | 248 | __u8 syncid; |
249 | __u16 size; | 249 | __be16 size; |
250 | 250 | ||
251 | /* ip_vs_sync_conn entries start here */ | 251 | /* ip_vs_sync_conn entries start here */ |
252 | }; | 252 | }; |
@@ -255,7 +255,7 @@ struct ip_vs_sync_mesg_v0 { | |||
255 | struct ip_vs_sync_mesg { | 255 | struct ip_vs_sync_mesg { |
256 | __u8 reserved; /* must be zero */ | 256 | __u8 reserved; /* must be zero */ |
257 | __u8 syncid; | 257 | __u8 syncid; |
258 | __u16 size; | 258 | __be16 size; |
259 | __u8 nr_conns; | 259 | __u8 nr_conns; |
260 | __s8 version; /* SYNC_PROTO_VER */ | 260 | __s8 version; /* SYNC_PROTO_VER */ |
261 | __u16 spare; | 261 | __u16 spare; |
@@ -335,7 +335,7 @@ ip_vs_sync_buff_create(struct netns_ipvs *ipvs) | |||
335 | sb->mesg->reserved = 0; /* old nr_conns i.e. must be zero now */ | 335 | sb->mesg->reserved = 0; /* old nr_conns i.e. must be zero now */ |
336 | sb->mesg->version = SYNC_PROTO_VER; | 336 | sb->mesg->version = SYNC_PROTO_VER; |
337 | sb->mesg->syncid = ipvs->master_syncid; | 337 | sb->mesg->syncid = ipvs->master_syncid; |
338 | sb->mesg->size = sizeof(struct ip_vs_sync_mesg); | 338 | sb->mesg->size = htons(sizeof(struct ip_vs_sync_mesg)); |
339 | sb->mesg->nr_conns = 0; | 339 | sb->mesg->nr_conns = 0; |
340 | sb->mesg->spare = 0; | 340 | sb->mesg->spare = 0; |
341 | sb->head = (unsigned char *)sb->mesg + sizeof(struct ip_vs_sync_mesg); | 341 | sb->head = (unsigned char *)sb->mesg + sizeof(struct ip_vs_sync_mesg); |
@@ -418,7 +418,7 @@ ip_vs_sync_buff_create_v0(struct netns_ipvs *ipvs) | |||
418 | mesg = (struct ip_vs_sync_mesg_v0 *)sb->mesg; | 418 | mesg = (struct ip_vs_sync_mesg_v0 *)sb->mesg; |
419 | mesg->nr_conns = 0; | 419 | mesg->nr_conns = 0; |
420 | mesg->syncid = ipvs->master_syncid; | 420 | mesg->syncid = ipvs->master_syncid; |
421 | mesg->size = sizeof(struct ip_vs_sync_mesg_v0); | 421 | mesg->size = htons(sizeof(struct ip_vs_sync_mesg_v0)); |
422 | sb->head = (unsigned char *)mesg + sizeof(struct ip_vs_sync_mesg_v0); | 422 | sb->head = (unsigned char *)mesg + sizeof(struct ip_vs_sync_mesg_v0); |
423 | sb->end = (unsigned char *)mesg + ipvs->send_mesg_maxlen; | 423 | sb->end = (unsigned char *)mesg + ipvs->send_mesg_maxlen; |
424 | sb->firstuse = jiffies; | 424 | sb->firstuse = jiffies; |
@@ -582,7 +582,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, | |||
582 | } | 582 | } |
583 | 583 | ||
584 | m->nr_conns++; | 584 | m->nr_conns++; |
585 | m->size += len; | 585 | m->size = htons(ntohs(m->size) + len); |
586 | buff->head += len; | 586 | buff->head += len; |
587 | 587 | ||
588 | /* check if there is a space for next one */ | 588 | /* check if there is a space for next one */ |
@@ -693,7 +693,7 @@ sloop: | |||
693 | 693 | ||
694 | p = buff->head; | 694 | p = buff->head; |
695 | buff->head += pad + len; | 695 | buff->head += pad + len; |
696 | m->size += pad + len; | 696 | m->size = htons(ntohs(m->size) + pad + len); |
697 | /* Add ev. padding from prev. sync_conn */ | 697 | /* Add ev. padding from prev. sync_conn */ |
698 | while (pad--) | 698 | while (pad--) |
699 | *(p++) = 0; | 699 | *(p++) = 0; |
@@ -1175,10 +1175,8 @@ static void ip_vs_process_message(struct net *net, __u8 *buffer, | |||
1175 | IP_VS_DBG(2, "BACKUP, message header too short\n"); | 1175 | IP_VS_DBG(2, "BACKUP, message header too short\n"); |
1176 | return; | 1176 | return; |
1177 | } | 1177 | } |
1178 | /* Convert size back to host byte order */ | ||
1179 | m2->size = ntohs(m2->size); | ||
1180 | 1178 | ||
1181 | if (buflen != m2->size) { | 1179 | if (buflen != ntohs(m2->size)) { |
1182 | IP_VS_DBG(2, "BACKUP, bogus message size\n"); | 1180 | IP_VS_DBG(2, "BACKUP, bogus message size\n"); |
1183 | return; | 1181 | return; |
1184 | } | 1182 | } |
@@ -1544,10 +1542,7 @@ ip_vs_send_sync_msg(struct socket *sock, struct ip_vs_sync_mesg *msg) | |||
1544 | int msize; | 1542 | int msize; |
1545 | int ret; | 1543 | int ret; |
1546 | 1544 | ||
1547 | msize = msg->size; | 1545 | msize = ntohs(msg->size); |
1548 | |||
1549 | /* Put size in network byte order */ | ||
1550 | msg->size = htons(msg->size); | ||
1551 | 1546 | ||
1552 | ret = ip_vs_send_async(sock, (char *)msg, msize); | 1547 | ret = ip_vs_send_async(sock, (char *)msg, msize); |
1553 | if (ret >= 0 || ret == -EAGAIN) | 1548 | if (ret >= 0 || ret == -EAGAIN) |
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 2e469ca2ca55..038eee5c8f85 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c | |||
@@ -90,6 +90,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family) | |||
90 | int err; | 90 | int err; |
91 | 91 | ||
92 | err = xfrm_decode_session(skb, &fl, family); | 92 | err = xfrm_decode_session(skb, &fl, family); |
93 | if (err < 0) | ||
93 | return err; | 94 | return err; |
94 | 95 | ||
95 | dst = skb_dst(skb); | 96 | dst = skb_dst(skb); |