10 files changed, 59 insertions, 11 deletions

diff --git a/Documentation/Changes b/Documentation/Changes
index 6d0f1efc5bf6..f08b313cd235 100644
--- a/Documentation/Changes
+++ b/Documentation/Changes
@@ -49,6 +49,8 @@ o  oprofile               0.9                     # oprofiled --version
 o  udev                   081                     # udevinfo -V
 o  grub                   0.93                    # grub --version
 o  mcelog                 0.6
+o  iptables               1.4.1                   # iptables -V
+
 
 Kernel compilation
 ==================
diff --git a/include/net/ip.h b/include/net/ip.h
index e6b9d12d5f62..85108cfbb1ae 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -337,6 +337,7 @@ enum ip_defrag_users {
         IP_DEFRAG_CALL_RA_CHAIN,
         IP_DEFRAG_CONNTRACK_IN,
         IP_DEFRAG_CONNTRACK_OUT,
+        IP_DEFRAG_CONNTRACK_BRIDGE_IN,
         IP_DEFRAG_VS_IN,
         IP_DEFRAG_VS_OUT,
         IP_DEFRAG_VS_FWD
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 92db8617d188..ccab5946c830 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -350,8 +350,16 @@ static inline int ipv6_prefix_equal(const struct in6_addr *a1,
 
 struct inet_frag_queue;
 
+enum ip6_defrag_users {
+        IP6_DEFRAG_LOCAL_DELIVER,
+        IP6_DEFRAG_CONNTRACK_IN,
+        IP6_DEFRAG_CONNTRACK_OUT,
+        IP6_DEFRAG_CONNTRACK_BRIDGE_IN,
+};
+
 struct ip6_create_arg {
         __be32 id;
+        u32 user;
         struct in6_addr *src;
         struct in6_addr *dst;
 };
diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
index abc55ad75c2b..1ee717eb5b09 100644
--- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
@@ -9,7 +9,7 @@ extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6;
 
 extern int nf_ct_frag6_init(void);
 extern void nf_ct_frag6_cleanup(void);
-extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb);
+extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user);
 extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
                                struct net_device *in,
                                struct net_device *out,
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index fa2d6b6fc3e5..331ead3ebd1b 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -14,6 +14,7 @@
 #include <net/route.h>
 #include <net/ip.h>
 
+#include <linux/netfilter_bridge.h>
 #include <linux/netfilter_ipv4.h>
 #include <net/netfilter/ipv4/nf_defrag_ipv4.h>
 
@@ -34,6 +35,20 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
         return err;
 }
 
+static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
+                                              struct sk_buff *skb)
+{
+#ifdef CONFIG_BRIDGE_NETFILTER
+        if (skb->nf_bridge &&
+            skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
+                return IP_DEFRAG_CONNTRACK_BRIDGE_IN;
+#endif
+        if (hooknum == NF_INET_PRE_ROUTING)
+                return IP_DEFRAG_CONNTRACK_IN;
+        else
+                return IP_DEFRAG_CONNTRACK_OUT;
+}
+
 static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
                                           struct sk_buff *skb,
                                           const struct net_device *in,
@@ -50,10 +65,8 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
 #endif
         /* Gather fragments. */
         if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
-                if (nf_ct_ipv4_gather_frags(skb,
-                                            hooknum == NF_INET_PRE_ROUTING ?
-                                            IP_DEFRAG_CONNTRACK_IN :
-                                            IP_DEFRAG_CONNTRACK_OUT))
+                enum ip_defrag_users user = nf_ct_defrag_user(hooknum, skb);
+                if (nf_ct_ipv4_gather_frags(skb, user))
                         return NF_STOLEN;
         }
         return NF_ACCEPT;
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 5f2ec208a8c3..0956ebabbff2 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -20,6 +20,7 @@
 #include <net/ipv6.h>
 #include <net/inet_frag.h>
 
+#include <linux/netfilter_bridge.h>
 #include <linux/netfilter_ipv6.h>
 #include <net/netfilter/nf_conntrack.h>
 #include <net/netfilter/nf_conntrack_helper.h>
@@ -187,6 +188,21 @@ out:
         return nf_conntrack_confirm(skb);
 }
 
+static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
+                                                struct sk_buff *skb)
+{
+#ifdef CONFIG_BRIDGE_NETFILTER
+        if (skb->nf_bridge &&
+            skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
+                return IP6_DEFRAG_CONNTRACK_BRIDGE_IN;
+#endif
+        if (hooknum == NF_INET_PRE_ROUTING)
+                return IP6_DEFRAG_CONNTRACK_IN;
+        else
+                return IP6_DEFRAG_CONNTRACK_OUT;
+
+}
+
 static unsigned int ipv6_defrag(unsigned int hooknum,
                                 struct sk_buff *skb,
                                 const struct net_device *in,
@@ -199,8 +215,7 @@ static unsigned int ipv6_defrag(unsigned int hooknum,
         if (skb->nfct)
                 return NF_ACCEPT;
 
-        reasm = nf_ct_frag6_gather(skb);
-
+        reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(hooknum, skb));
         /* queued */
         if (reasm == NULL)
                 return NF_STOLEN;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index e0b9424fa1b2..312c20adc83f 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -168,13 +168,14 @@ out:
 /* Creation primitives. */
 
 static __inline__ struct nf_ct_frag6_queue *
-fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst)
+fq_find(__be32 id, u32 user, struct in6_addr *src, struct in6_addr *dst)
 {
         struct inet_frag_queue *q;
         struct ip6_create_arg arg;
         unsigned int hash;
 
         arg.id = id;
+        arg.user = user;
         arg.src = src;
         arg.dst = dst;
 
@@ -559,7 +560,7 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
         return 0;
 }
 
-struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
+struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user)
 {
         struct sk_buff *clone;
         struct net_device *dev = skb->dev;
@@ -605,7 +606,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
         if (atomic_read(&nf_init_frags.mem) > nf_init_frags.high_thresh)
                 nf_ct_frag6_evictor();
 
-        fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr);
+        fq = fq_find(fhdr->identification, user, &hdr->saddr, &hdr->daddr);
         if (fq == NULL) {
                 pr_debug("Can't find and can't create new queue\n");
                 goto ret_orig;
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 4d98549a6868..3b3a95607125 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -72,6 +72,7 @@ struct frag_queue
         struct inet_frag_queue  q;
 
         __be32                  id;             /* fragment id          */
+        u32                     user;
         struct in6_addr         saddr;
         struct in6_addr         daddr;
 
@@ -141,7 +142,7 @@ int ip6_frag_match(struct inet_frag_queue *q, void *a)
         struct ip6_create_arg *arg = a;
 
         fq = container_of(q, struct frag_queue, q);
-        return (fq->id == arg->id &&
+        return (fq->id == arg->id && fq->user == arg->user &&
                         ipv6_addr_equal(&fq->saddr, arg->src) &&
                         ipv6_addr_equal(&fq->daddr, arg->dst));
 }
@@ -163,6 +164,7 @@ void ip6_frag_init(struct inet_frag_queue *q, void *a)
         struct ip6_create_arg *arg = a;
 
         fq->id = arg->id;
+        fq->user = arg->user;
         ipv6_addr_copy(&fq->saddr, arg->src);
         ipv6_addr_copy(&fq->daddr, arg->dst);
 }
@@ -243,6 +245,7 @@ fq_find(struct net *net, __be32 id, struct in6_addr *src, struct in6_addr *dst,
         unsigned int hash;
 
         arg.id = id;
+        arg.user = IP6_DEFRAG_LOCAL_DELIVER;
         arg.src = src;
         arg.dst = dst;
 
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index b95699f00545..847ffca40184 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1366,6 +1366,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
                == sysctl_ip_vs_sync_threshold[0])) ||
              ((cp->protocol == IPPROTO_TCP) && (cp->old_state != cp->state) &&
               ((cp->state == IP_VS_TCP_S_FIN_WAIT) ||
+               (cp->state == IP_VS_TCP_S_CLOSE) ||
                (cp->state == IP_VS_TCP_S_CLOSE_WAIT) ||
                (cp->state == IP_VS_TCP_S_TIME_WAIT)))))
                 ip_vs_sync_conn(cp);
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index e55a6861d26f..6bde12da2fe0 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2714,6 +2714,8 @@ static int ip_vs_genl_parse_service(struct ip_vs_service_user_kern *usvc,
         if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
                 return -EINVAL;
 
+        memset(usvc, 0, sizeof(*usvc));
+
         usvc->af = nla_get_u16(nla_af);
 #ifdef CONFIG_IP_VS_IPV6
         if (usvc->af != AF_INET && usvc->af != AF_INET6)
@@ -2901,6 +2903,8 @@ static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest,
         if (!(nla_addr && nla_port))
                 return -EINVAL;
 
+        memset(udest, 0, sizeof(*udest));
+
         nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr));
         udest->port = nla_get_u16(nla_port);