diff options
Diffstat (limited to 'net/ipv4')
31 files changed, 119 insertions, 110 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index dc206f1f914f..0a277453526b 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c | |||
| @@ -1257,7 +1257,7 @@ out_unregister_udp_proto: | |||
| 1257 | goto out; | 1257 | goto out; |
| 1258 | } | 1258 | } |
| 1259 | 1259 | ||
| 1260 | module_init(inet_init); | 1260 | fs_initcall(inet_init); |
| 1261 | 1261 | ||
| 1262 | /* ------------------------------------------------------------------------ */ | 1262 | /* ------------------------------------------------------------------------ */ |
| 1263 | 1263 | ||
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index 041dadde31af..4749d504c629 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c | |||
| @@ -928,7 +928,8 @@ static void parp_redo(struct sk_buff *skb) | |||
| 928 | * Receive an arp request from the device layer. | 928 | * Receive an arp request from the device layer. |
| 929 | */ | 929 | */ |
| 930 | 930 | ||
| 931 | int arp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) | 931 | static int arp_rcv(struct sk_buff *skb, struct net_device *dev, |
| 932 | struct packet_type *pt, struct net_device *orig_dev) | ||
| 932 | { | 933 | { |
| 933 | struct arphdr *arp; | 934 | struct arphdr *arp; |
| 934 | 935 | ||
| @@ -1417,7 +1418,6 @@ static int __init arp_proc_init(void) | |||
| 1417 | 1418 | ||
| 1418 | EXPORT_SYMBOL(arp_broken_ops); | 1419 | EXPORT_SYMBOL(arp_broken_ops); |
| 1419 | EXPORT_SYMBOL(arp_find); | 1420 | EXPORT_SYMBOL(arp_find); |
| 1420 | EXPORT_SYMBOL(arp_rcv); | ||
| 1421 | EXPORT_SYMBOL(arp_create); | 1421 | EXPORT_SYMBOL(arp_create); |
| 1422 | EXPORT_SYMBOL(arp_xmit); | 1422 | EXPORT_SYMBOL(arp_xmit); |
| 1423 | EXPORT_SYMBOL(arp_send); | 1423 | EXPORT_SYMBOL(arp_send); |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 81c2f7885292..54419b27686f 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c | |||
| @@ -1556,7 +1556,6 @@ void __init devinet_init(void) | |||
| 1556 | #endif | 1556 | #endif |
| 1557 | } | 1557 | } |
| 1558 | 1558 | ||
| 1559 | EXPORT_SYMBOL(devinet_ioctl); | ||
| 1560 | EXPORT_SYMBOL(in_dev_finish_destroy); | 1559 | EXPORT_SYMBOL(in_dev_finish_destroy); |
| 1561 | EXPORT_SYMBOL(inet_select_addr); | 1560 | EXPORT_SYMBOL(inet_select_addr); |
| 1562 | EXPORT_SYMBOL(inetdev_by_index); | 1561 | EXPORT_SYMBOL(inetdev_by_index); |
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 4e3d3811dea2..cdde96390960 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c | |||
| @@ -666,4 +666,3 @@ void __init ip_fib_init(void) | |||
| 666 | } | 666 | } |
| 667 | 667 | ||
| 668 | EXPORT_SYMBOL(inet_addr_type); | 668 | EXPORT_SYMBOL(inet_addr_type); |
| 669 | EXPORT_SYMBOL(ip_rt_ioctl); | ||
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index ef7366fc132f..ee9b5515b9ae 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c | |||
| @@ -43,8 +43,6 @@ struct inet_bind_bucket *inet_bind_bucket_create(kmem_cache_t *cachep, | |||
| 43 | return tb; | 43 | return tb; |
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | EXPORT_SYMBOL(inet_bind_bucket_create); | ||
| 47 | |||
| 48 | /* | 46 | /* |
| 49 | * Caller must hold hashbucket lock for this tb with local BH disabled | 47 | * Caller must hold hashbucket lock for this tb with local BH disabled |
| 50 | */ | 48 | */ |
| @@ -64,8 +62,6 @@ void inet_bind_hash(struct sock *sk, struct inet_bind_bucket *tb, | |||
| 64 | inet_csk(sk)->icsk_bind_hash = tb; | 62 | inet_csk(sk)->icsk_bind_hash = tb; |
| 65 | } | 63 | } |
| 66 | 64 | ||
| 67 | EXPORT_SYMBOL(inet_bind_hash); | ||
| 68 | |||
| 69 | /* | 65 | /* |
| 70 | * Get rid of any references to a local port held by the given sock. | 66 | * Get rid of any references to a local port held by the given sock. |
| 71 | */ | 67 | */ |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 18d7fad474d7..c9026dbf4c93 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
| @@ -337,7 +337,7 @@ static inline int ip_rcv_finish(struct sk_buff *skb) | |||
| 337 | * Initialise the virtual path cache for the packet. It describes | 337 | * Initialise the virtual path cache for the packet. It describes |
| 338 | * how the packet travels inside Linux networking. | 338 | * how the packet travels inside Linux networking. |
| 339 | */ | 339 | */ |
| 340 | if (likely(skb->dst == NULL)) { | 340 | if (skb->dst == NULL) { |
| 341 | int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, | 341 | int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, |
| 342 | skb->dev); | 342 | skb->dev); |
| 343 | if (unlikely(err)) { | 343 | if (unlikely(err)) { |
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 9bebad07bf2e..cbcae6544622 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c | |||
| @@ -209,7 +209,7 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) | |||
| 209 | 209 | ||
| 210 | void ip_options_fragment(struct sk_buff * skb) | 210 | void ip_options_fragment(struct sk_buff * skb) |
| 211 | { | 211 | { |
| 212 | unsigned char * optptr = skb->nh.raw; | 212 | unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr); |
| 213 | struct ip_options * opt = &(IPCB(skb)->opt); | 213 | struct ip_options * opt = &(IPCB(skb)->opt); |
| 214 | int l = opt->optlen; | 214 | int l = opt->optlen; |
| 215 | int optlen; | 215 | int optlen; |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 8dcba3887f04..cff9c3a72daf 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
| @@ -904,7 +904,7 @@ alloc_new_skb: | |||
| 904 | * because we have no idea what fragment will be | 904 | * because we have no idea what fragment will be |
| 905 | * the last. | 905 | * the last. |
| 906 | */ | 906 | */ |
| 907 | if (datalen == length) | 907 | if (datalen == length + fraggap) |
| 908 | alloclen += rt->u.dst.trailer_len; | 908 | alloclen += rt->u.dst.trailer_len; |
| 909 | 909 | ||
| 910 | if (transhdrlen) { | 910 | if (transhdrlen) { |
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 04a429465665..95278b22b669 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c | |||
| @@ -210,7 +210,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) | |||
| 210 | skb->h.icmph->code != ICMP_FRAG_NEEDED) | 210 | skb->h.icmph->code != ICMP_FRAG_NEEDED) |
| 211 | return; | 211 | return; |
| 212 | 212 | ||
| 213 | spi = ntohl(ntohs(ipch->cpi)); | 213 | spi = htonl(ntohs(ipch->cpi)); |
| 214 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, | 214 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, |
| 215 | spi, IPPROTO_COMP, AF_INET); | 215 | spi, IPPROTO_COMP, AF_INET); |
| 216 | if (!x) | 216 | if (!x) |
| @@ -290,11 +290,8 @@ static void ipcomp_free_scratches(void) | |||
| 290 | if (!scratches) | 290 | if (!scratches) |
| 291 | return; | 291 | return; |
| 292 | 292 | ||
| 293 | for_each_possible_cpu(i) { | 293 | for_each_possible_cpu(i) |
| 294 | void *scratch = *per_cpu_ptr(scratches, i); | 294 | vfree(*per_cpu_ptr(scratches, i)); |
| 295 | if (scratch) | ||
| 296 | vfree(scratch); | ||
| 297 | } | ||
| 298 | 295 | ||
| 299 | free_percpu(scratches); | 296 | free_percpu(scratches); |
| 300 | } | 297 | } |
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index c60fd5c4ea1e..d4072533da21 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -170,8 +170,8 @@ config IP_NF_PPTP | |||
| 170 | Documentation/modules.txt. If unsure, say `N'. | 170 | Documentation/modules.txt. If unsure, say `N'. |
| 171 | 171 | ||
| 172 | config IP_NF_H323 | 172 | config IP_NF_H323 |
| 173 | tristate 'H.323 protocol support' | 173 | tristate 'H.323 protocol support (EXPERIMENTAL)' |
| 174 | depends on IP_NF_CONNTRACK | 174 | depends on IP_NF_CONNTRACK && EXPERIMENTAL |
| 175 | help | 175 | help |
| 176 | H.323 is a VoIP signalling protocol from ITU-T. As one of the most | 176 | H.323 is a VoIP signalling protocol from ITU-T. As one of the most |
| 177 | important VoIP protocols, it is widely used by voice hardware and | 177 | important VoIP protocols, it is widely used by voice hardware and |
| @@ -345,7 +345,7 @@ config IP_NF_TARGET_LOG | |||
| 345 | To compile it as a module, choose M here. If unsure, say N. | 345 | To compile it as a module, choose M here. If unsure, say N. |
| 346 | 346 | ||
| 347 | config IP_NF_TARGET_ULOG | 347 | config IP_NF_TARGET_ULOG |
| 348 | tristate "ULOG target support (OBSOLETE)" | 348 | tristate "ULOG target support" |
| 349 | depends on IP_NF_IPTABLES | 349 | depends on IP_NF_IPTABLES |
| 350 | ---help--- | 350 | ---help--- |
| 351 | 351 | ||
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index c2d92f99a2b8..d0d19192026d 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -948,7 +948,7 @@ static int do_add_counters(void __user *user, unsigned int len) | |||
| 948 | 948 | ||
| 949 | write_lock_bh(&t->lock); | 949 | write_lock_bh(&t->lock); |
| 950 | private = t->private; | 950 | private = t->private; |
| 951 | if (private->number != paddc->num_counters) { | 951 | if (private->number != tmp.num_counters) { |
| 952 | ret = -EINVAL; | 952 | ret = -EINVAL; |
| 953 | goto unlock_up_free; | 953 | goto unlock_up_free; |
| 954 | } | 954 | } |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 979a2eac6f00..a297da7bbef5 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
| @@ -1318,6 +1318,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) | |||
| 1318 | .tuple.dst.u.tcp.port; | 1318 | .tuple.dst.u.tcp.port; |
| 1319 | sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL] | 1319 | sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL] |
| 1320 | .tuple.dst.ip; | 1320 | .tuple.dst.ip; |
| 1321 | memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); | ||
| 1321 | 1322 | ||
| 1322 | DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", | 1323 | DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", |
| 1323 | NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); | 1324 | NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c index 2c2fb700d835..518f581d39ec 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c | |||
| @@ -162,6 +162,8 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct, | |||
| 162 | 162 | ||
| 163 | /* Validate TPKT length */ | 163 | /* Validate TPKT length */ |
| 164 | tpktlen = tpkt[2] * 256 + tpkt[3]; | 164 | tpktlen = tpkt[2] * 256 + tpkt[3]; |
| 165 | if (tpktlen < 4) | ||
| 166 | goto clear_out; | ||
| 165 | if (tpktlen > tcpdatalen) { | 167 | if (tpktlen > tcpdatalen) { |
| 166 | if (tcpdatalen == 4) { /* Separate TPKT header */ | 168 | if (tcpdatalen == 4) { /* Separate TPKT header */ |
| 167 | /* Netmeeting sends TPKT header and data separately */ | 169 | /* Netmeeting sends TPKT header and data separately */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c index 48078002e450..26dfecadb335 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323 | 2 | * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323 |
| 3 | * conntrack/NAT module. | 3 | * conntrack/NAT module. |
| 4 | * | 4 | * |
| 5 | * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@hotmail.com> | 5 | * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net> |
| 6 | * | 6 | * |
| 7 | * This source code is licensed under General Public License version 2. | 7 | * This source code is licensed under General Public License version 2. |
| 8 | * | 8 | * |
| @@ -528,14 +528,15 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 528 | 528 | ||
| 529 | /* Decode */ | 529 | /* Decode */ |
| 530 | if ((err = (Decoders[son->type]) (bs, son, base, | 530 | if ((err = (Decoders[son->type]) (bs, son, base, |
| 531 | level + 1)) > | 531 | level + 1)) < |
| 532 | H323_ERROR_STOP) | 532 | H323_ERROR_NONE) |
| 533 | return err; | 533 | return err; |
| 534 | 534 | ||
| 535 | bs->cur = beg + len; | 535 | bs->cur = beg + len; |
| 536 | bs->bit = 0; | 536 | bs->bit = 0; |
| 537 | } else if ((err = (Decoders[son->type]) (bs, son, base, | 537 | } else if ((err = (Decoders[son->type]) (bs, son, base, |
| 538 | level + 1))) | 538 | level + 1)) < |
| 539 | H323_ERROR_NONE) | ||
| 539 | return err; | 540 | return err; |
| 540 | } | 541 | } |
| 541 | 542 | ||
| @@ -554,7 +555,7 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 554 | 555 | ||
| 555 | /* Decode the extension components */ | 556 | /* Decode the extension components */ |
| 556 | for (opt = 0; opt < bmp2_len; opt++, i++, son++) { | 557 | for (opt = 0; opt < bmp2_len; opt++, i++, son++) { |
| 557 | if (son->attr & STOP) { | 558 | if (i < f->ub && son->attr & STOP) { |
| 558 | PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ", | 559 | PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ", |
| 559 | son->name); | 560 | son->name); |
| 560 | return H323_ERROR_STOP; | 561 | return H323_ERROR_STOP; |
| @@ -584,8 +585,8 @@ int decode_seq(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 584 | beg = bs->cur; | 585 | beg = bs->cur; |
| 585 | 586 | ||
| 586 | if ((err = (Decoders[son->type]) (bs, son, base, | 587 | if ((err = (Decoders[son->type]) (bs, son, base, |
| 587 | level + 1)) > | 588 | level + 1)) < |
| 588 | H323_ERROR_STOP) | 589 | H323_ERROR_NONE) |
| 589 | return err; | 590 | return err; |
| 590 | 591 | ||
| 591 | bs->cur = beg + len; | 592 | bs->cur = beg + len; |
| @@ -660,18 +661,20 @@ int decode_seqof(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 660 | i < | 661 | i < |
| 661 | effective_count ? | 662 | effective_count ? |
| 662 | base : NULL, | 663 | base : NULL, |
| 663 | level + 1)) > | 664 | level + 1)) < |
| 664 | H323_ERROR_STOP) | 665 | H323_ERROR_NONE) |
| 665 | return err; | 666 | return err; |
| 666 | 667 | ||
| 667 | bs->cur = beg + len; | 668 | bs->cur = beg + len; |
| 668 | bs->bit = 0; | 669 | bs->bit = 0; |
| 669 | } else | 670 | } else |
| 670 | if ((err = (Decoders[son->type]) (bs, son, | 671 | if ((err = (Decoders[son->type]) (bs, son, |
| 671 | i < effective_count ? | 672 | i < |
| 672 | base : NULL, | 673 | effective_count ? |
| 673 | level + 1))) | 674 | base : NULL, |
| 674 | return err; | 675 | level + 1)) < |
| 676 | H323_ERROR_NONE) | ||
| 677 | return err; | ||
| 675 | 678 | ||
| 676 | if (base) | 679 | if (base) |
| 677 | base += son->offset; | 680 | base += son->offset; |
| @@ -703,6 +706,10 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 703 | type = get_bits(bs, f->sz); | 706 | type = get_bits(bs, f->sz); |
| 704 | } | 707 | } |
| 705 | 708 | ||
| 709 | /* Write Type */ | ||
| 710 | if (base) | ||
| 711 | *(unsigned *) base = type; | ||
| 712 | |||
| 706 | /* Check Range */ | 713 | /* Check Range */ |
| 707 | if (type >= f->ub) { /* Newer version? */ | 714 | if (type >= f->ub) { /* Newer version? */ |
| 708 | BYTE_ALIGN(bs); | 715 | BYTE_ALIGN(bs); |
| @@ -712,10 +719,6 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 712 | return H323_ERROR_NONE; | 719 | return H323_ERROR_NONE; |
| 713 | } | 720 | } |
| 714 | 721 | ||
| 715 | /* Write Type */ | ||
| 716 | if (base) | ||
| 717 | *(unsigned *) base = type; | ||
| 718 | |||
| 719 | /* Transfer to son level */ | 722 | /* Transfer to son level */ |
| 720 | son = &f->fields[type]; | 723 | son = &f->fields[type]; |
| 721 | if (son->attr & STOP) { | 724 | if (son->attr & STOP) { |
| @@ -735,13 +738,14 @@ int decode_choice(bitstr_t * bs, field_t * f, char *base, int level) | |||
| 735 | } | 738 | } |
| 736 | beg = bs->cur; | 739 | beg = bs->cur; |
| 737 | 740 | ||
| 738 | if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) > | 741 | if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) < |
| 739 | H323_ERROR_STOP) | 742 | H323_ERROR_NONE) |
| 740 | return err; | 743 | return err; |
| 741 | 744 | ||
| 742 | bs->cur = beg + len; | 745 | bs->cur = beg + len; |
| 743 | bs->bit = 0; | 746 | bs->bit = 0; |
| 744 | } else if ((err = (Decoders[son->type]) (bs, son, base, level + 1))) | 747 | } else if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) < |
| 748 | H323_ERROR_NONE) | ||
| 745 | return err; | 749 | return err; |
| 746 | 750 | ||
| 747 | return H323_ERROR_NONE; | 751 | return H323_ERROR_NONE; |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c index 7d3ba4302e9e..8ccfe17bb253 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c | |||
| @@ -469,8 +469,8 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
| 469 | DEBUGP("%s but no session\n", pptp_msg_name[msg]); | 469 | DEBUGP("%s but no session\n", pptp_msg_name[msg]); |
| 470 | break; | 470 | break; |
| 471 | } | 471 | } |
| 472 | if (info->sstate != PPTP_CALL_IN_REP | 472 | if (info->cstate != PPTP_CALL_IN_REP |
| 473 | && info->sstate != PPTP_CALL_IN_CONF) { | 473 | && info->cstate != PPTP_CALL_IN_CONF) { |
| 474 | DEBUGP("%s but never sent IN_CALL_REPLY\n", | 474 | DEBUGP("%s but never sent IN_CALL_REPLY\n", |
| 475 | pptp_msg_name[msg]); | 475 | pptp_msg_name[msg]); |
| 476 | break; | 476 | break; |
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c index 5259abd0fb42..0416073c5600 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c | |||
| @@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_conntrack *conntrack, | |||
| 235 | flag = 1; | 235 | flag = 1; |
| 236 | } | 236 | } |
| 237 | 237 | ||
| 238 | /* Cookie Ack/Echo chunks not the first OR | 238 | /* |
| 239 | Init / Init Ack / Shutdown compl chunks not the only chunks */ | 239 | * Cookie Ack/Echo chunks not the first OR |
| 240 | if ((sch->type == SCTP_CID_COOKIE_ACK | 240 | * Init / Init Ack / Shutdown compl chunks not the only chunks |
| 241 | * OR zero-length. | ||
| 242 | */ | ||
| 243 | if (((sch->type == SCTP_CID_COOKIE_ACK | ||
| 241 | || sch->type == SCTP_CID_COOKIE_ECHO | 244 | || sch->type == SCTP_CID_COOKIE_ECHO |
| 242 | || flag) | 245 | || flag) |
| 243 | && count !=0 ) { | 246 | && count !=0) || !sch->length) { |
| 244 | DEBUGP("Basic checks failed\n"); | 247 | DEBUGP("Basic checks failed\n"); |
| 245 | return 1; | 248 | return 1; |
| 246 | } | 249 | } |
diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c index 6c4899d8046a..96ceabaec402 100644 --- a/net/ipv4/netfilter/ip_nat_proto_gre.c +++ b/net/ipv4/netfilter/ip_nat_proto_gre.c | |||
| @@ -49,15 +49,15 @@ gre_in_range(const struct ip_conntrack_tuple *tuple, | |||
| 49 | const union ip_conntrack_manip_proto *min, | 49 | const union ip_conntrack_manip_proto *min, |
| 50 | const union ip_conntrack_manip_proto *max) | 50 | const union ip_conntrack_manip_proto *max) |
| 51 | { | 51 | { |
| 52 | u_int32_t key; | 52 | __be16 key; |
| 53 | 53 | ||
| 54 | if (maniptype == IP_NAT_MANIP_SRC) | 54 | if (maniptype == IP_NAT_MANIP_SRC) |
| 55 | key = tuple->src.u.gre.key; | 55 | key = tuple->src.u.gre.key; |
| 56 | else | 56 | else |
| 57 | key = tuple->dst.u.gre.key; | 57 | key = tuple->dst.u.gre.key; |
| 58 | 58 | ||
| 59 | return ntohl(key) >= ntohl(min->gre.key) | 59 | return ntohs(key) >= ntohs(min->gre.key) |
| 60 | && ntohl(key) <= ntohl(max->gre.key); | 60 | && ntohs(key) <= ntohs(max->gre.key); |
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | /* generate unique tuple ... */ | 63 | /* generate unique tuple ... */ |
| @@ -81,14 +81,14 @@ gre_unique_tuple(struct ip_conntrack_tuple *tuple, | |||
| 81 | min = 1; | 81 | min = 1; |
| 82 | range_size = 0xffff; | 82 | range_size = 0xffff; |
| 83 | } else { | 83 | } else { |
| 84 | min = ntohl(range->min.gre.key); | 84 | min = ntohs(range->min.gre.key); |
| 85 | range_size = ntohl(range->max.gre.key) - min + 1; | 85 | range_size = ntohs(range->max.gre.key) - min + 1; |
| 86 | } | 86 | } |
| 87 | 87 | ||
| 88 | DEBUGP("min = %u, range_size = %u\n", min, range_size); | 88 | DEBUGP("min = %u, range_size = %u\n", min, range_size); |
| 89 | 89 | ||
| 90 | for (i = 0; i < range_size; i++, key++) { | 90 | for (i = 0; i < range_size; i++, key++) { |
| 91 | *keyptr = htonl(min + key % range_size); | 91 | *keyptr = htons(min + key % range_size); |
| 92 | if (!ip_nat_used_tuple(tuple, conntrack)) | 92 | if (!ip_nat_used_tuple(tuple, conntrack)) |
| 93 | return 1; | 93 | return 1; |
| 94 | } | 94 | } |
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c index c62253845538..c33244263b90 100644 --- a/net/ipv4/netfilter/ip_nat_snmp_basic.c +++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c | |||
| @@ -768,6 +768,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
| 768 | len *= sizeof(unsigned long); | 768 | len *= sizeof(unsigned long); |
| 769 | *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); | 769 | *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); |
| 770 | if (*obj == NULL) { | 770 | if (*obj == NULL) { |
| 771 | kfree(lp); | ||
| 771 | kfree(id); | 772 | kfree(id); |
| 772 | if (net_ratelimit()) | 773 | if (net_ratelimit()) |
| 773 | printk("OOM in bsalg (%d)\n", __LINE__); | 774 | printk("OOM in bsalg (%d)\n", __LINE__); |
| @@ -1003,12 +1004,12 @@ static unsigned char snmp_trap_decode(struct asn1_ctx *ctx, | |||
| 1003 | 1004 | ||
| 1004 | return 1; | 1005 | return 1; |
| 1005 | 1006 | ||
| 1007 | err_addr_free: | ||
| 1008 | kfree((unsigned long *)trap->ip_address); | ||
| 1009 | |||
| 1006 | err_id_free: | 1010 | err_id_free: |
| 1007 | kfree(trap->id); | 1011 | kfree(trap->id); |
| 1008 | 1012 | ||
| 1009 | err_addr_free: | ||
| 1010 | kfree((unsigned long *)trap->ip_address); | ||
| 1011 | |||
| 1012 | return 0; | 1013 | return 0; |
| 1013 | } | 1014 | } |
| 1014 | 1015 | ||
| @@ -1126,11 +1127,10 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
| 1126 | struct snmp_v1_trap trap; | 1127 | struct snmp_v1_trap trap; |
| 1127 | unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check); | 1128 | unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check); |
| 1128 | 1129 | ||
| 1129 | /* Discard trap allocations regardless */ | 1130 | if (ret) { |
| 1130 | kfree(trap.id); | 1131 | kfree(trap.id); |
| 1131 | kfree((unsigned long *)trap.ip_address); | 1132 | kfree((unsigned long *)trap.ip_address); |
| 1132 | 1133 | } else | |
| 1133 | if (!ret) | ||
| 1134 | return ret; | 1134 | return ret; |
| 1135 | 1135 | ||
| 1136 | } else { | 1136 | } else { |
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 8f760b28617e..67e676783da9 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
| @@ -219,8 +219,10 @@ ip_nat_out(unsigned int hooknum, | |||
| 219 | const struct net_device *out, | 219 | const struct net_device *out, |
| 220 | int (*okfn)(struct sk_buff *)) | 220 | int (*okfn)(struct sk_buff *)) |
| 221 | { | 221 | { |
| 222 | #ifdef CONFIG_XFRM | ||
| 222 | struct ip_conntrack *ct; | 223 | struct ip_conntrack *ct; |
| 223 | enum ip_conntrack_info ctinfo; | 224 | enum ip_conntrack_info ctinfo; |
| 225 | #endif | ||
| 224 | unsigned int ret; | 226 | unsigned int ret; |
| 225 | 227 | ||
| 226 | /* root is playing with raw sockets. */ | 228 | /* root is playing with raw sockets. */ |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index d25ac8ba6eba..cee3397ec277 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -956,15 +956,16 @@ struct compat_ipt_standard_target | |||
| 956 | compat_int_t verdict; | 956 | compat_int_t verdict; |
| 957 | }; | 957 | }; |
| 958 | 958 | ||
| 959 | #define IPT_ST_OFFSET (sizeof(struct ipt_standard_target) - \ | ||
| 960 | sizeof(struct compat_ipt_standard_target)) | ||
| 961 | |||
| 962 | struct compat_ipt_standard | 959 | struct compat_ipt_standard |
| 963 | { | 960 | { |
| 964 | struct compat_ipt_entry entry; | 961 | struct compat_ipt_entry entry; |
| 965 | struct compat_ipt_standard_target target; | 962 | struct compat_ipt_standard_target target; |
| 966 | }; | 963 | }; |
| 967 | 964 | ||
| 965 | #define IPT_ST_LEN XT_ALIGN(sizeof(struct ipt_standard_target)) | ||
| 966 | #define IPT_ST_COMPAT_LEN COMPAT_XT_ALIGN(sizeof(struct compat_ipt_standard_target)) | ||
| 967 | #define IPT_ST_OFFSET (IPT_ST_LEN - IPT_ST_COMPAT_LEN) | ||
| 968 | |||
| 968 | static int compat_ipt_standard_fn(void *target, | 969 | static int compat_ipt_standard_fn(void *target, |
| 969 | void **dstptr, int *size, int convert) | 970 | void **dstptr, int *size, int convert) |
| 970 | { | 971 | { |
| @@ -975,35 +976,29 @@ static int compat_ipt_standard_fn(void *target, | |||
| 975 | ret = 0; | 976 | ret = 0; |
| 976 | switch (convert) { | 977 | switch (convert) { |
| 977 | case COMPAT_TO_USER: | 978 | case COMPAT_TO_USER: |
| 978 | pst = (struct ipt_standard_target *)target; | 979 | pst = target; |
| 979 | memcpy(&compat_st.target, &pst->target, | 980 | memcpy(&compat_st.target, &pst->target, |
| 980 | sizeof(struct ipt_entry_target)); | 981 | sizeof(compat_st.target)); |
| 981 | compat_st.verdict = pst->verdict; | 982 | compat_st.verdict = pst->verdict; |
| 982 | if (compat_st.verdict > 0) | 983 | if (compat_st.verdict > 0) |
| 983 | compat_st.verdict -= | 984 | compat_st.verdict -= |
| 984 | compat_calc_jump(compat_st.verdict); | 985 | compat_calc_jump(compat_st.verdict); |
| 985 | compat_st.target.u.user.target_size = | 986 | compat_st.target.u.user.target_size = IPT_ST_COMPAT_LEN; |
| 986 | sizeof(struct compat_ipt_standard_target); | 987 | if (copy_to_user(*dstptr, &compat_st, IPT_ST_COMPAT_LEN)) |
| 987 | if (__copy_to_user(*dstptr, &compat_st, | ||
| 988 | sizeof(struct compat_ipt_standard_target))) | ||
| 989 | ret = -EFAULT; | 988 | ret = -EFAULT; |
| 990 | *size -= IPT_ST_OFFSET; | 989 | *size -= IPT_ST_OFFSET; |
| 991 | *dstptr += sizeof(struct compat_ipt_standard_target); | 990 | *dstptr += IPT_ST_COMPAT_LEN; |
| 992 | break; | 991 | break; |
| 993 | case COMPAT_FROM_USER: | 992 | case COMPAT_FROM_USER: |
| 994 | pcompat_st = | 993 | pcompat_st = target; |
| 995 | (struct compat_ipt_standard_target *)target; | 994 | memcpy(&st.target, &pcompat_st->target, IPT_ST_COMPAT_LEN); |
| 996 | memcpy(&st.target, &pcompat_st->target, | ||
| 997 | sizeof(struct ipt_entry_target)); | ||
| 998 | st.verdict = pcompat_st->verdict; | 995 | st.verdict = pcompat_st->verdict; |
| 999 | if (st.verdict > 0) | 996 | if (st.verdict > 0) |
| 1000 | st.verdict += compat_calc_jump(st.verdict); | 997 | st.verdict += compat_calc_jump(st.verdict); |
| 1001 | st.target.u.user.target_size = | 998 | st.target.u.user.target_size = IPT_ST_LEN; |
| 1002 | sizeof(struct ipt_standard_target); | 999 | memcpy(*dstptr, &st, IPT_ST_LEN); |
| 1003 | memcpy(*dstptr, &st, | ||
| 1004 | sizeof(struct ipt_standard_target)); | ||
| 1005 | *size += IPT_ST_OFFSET; | 1000 | *size += IPT_ST_OFFSET; |
| 1006 | *dstptr += sizeof(struct ipt_standard_target); | 1001 | *dstptr += IPT_ST_LEN; |
| 1007 | break; | 1002 | break; |
| 1008 | case COMPAT_CALC_SIZE: | 1003 | case COMPAT_CALC_SIZE: |
| 1009 | *size += IPT_ST_OFFSET; | 1004 | *size += IPT_ST_OFFSET; |
| @@ -1446,7 +1441,7 @@ static int compat_copy_entry_to_user(struct ipt_entry *e, | |||
| 1446 | ret = -EFAULT; | 1441 | ret = -EFAULT; |
| 1447 | origsize = *size; | 1442 | origsize = *size; |
| 1448 | ce = (struct compat_ipt_entry __user *)*dstptr; | 1443 | ce = (struct compat_ipt_entry __user *)*dstptr; |
| 1449 | if (__copy_to_user(ce, e, sizeof(struct ipt_entry))) | 1444 | if (copy_to_user(ce, e, sizeof(struct ipt_entry))) |
| 1450 | goto out; | 1445 | goto out; |
| 1451 | 1446 | ||
| 1452 | *dstptr += sizeof(struct compat_ipt_entry); | 1447 | *dstptr += sizeof(struct compat_ipt_entry); |
| @@ -1464,9 +1459,9 @@ static int compat_copy_entry_to_user(struct ipt_entry *e, | |||
| 1464 | goto out; | 1459 | goto out; |
| 1465 | ret = -EFAULT; | 1460 | ret = -EFAULT; |
| 1466 | next_offset = e->next_offset - (origsize - *size); | 1461 | next_offset = e->next_offset - (origsize - *size); |
| 1467 | if (__put_user(target_offset, &ce->target_offset)) | 1462 | if (put_user(target_offset, &ce->target_offset)) |
| 1468 | goto out; | 1463 | goto out; |
| 1469 | if (__put_user(next_offset, &ce->next_offset)) | 1464 | if (put_user(next_offset, &ce->next_offset)) |
| 1470 | goto out; | 1465 | goto out; |
| 1471 | return 0; | 1466 | return 0; |
| 1472 | out: | 1467 | out: |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 39fd4c2a2386..b98f7b08b084 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
| @@ -428,7 +428,7 @@ ipt_log_target(struct sk_buff **pskb, | |||
| 428 | 428 | ||
| 429 | if (loginfo->logflags & IPT_LOG_NFLOG) | 429 | if (loginfo->logflags & IPT_LOG_NFLOG) |
| 430 | nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, | 430 | nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, |
| 431 | loginfo->prefix); | 431 | "%s", loginfo->prefix); |
| 432 | else | 432 | else |
| 433 | ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, | 433 | ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, |
| 434 | loginfo->prefix); | 434 | loginfo->prefix); |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 143843285702..b847ee409efb 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
| @@ -821,6 +821,7 @@ checkentry(const char *tablename, | |||
| 821 | /* Create our proc 'status' entry. */ | 821 | /* Create our proc 'status' entry. */ |
| 822 | curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent); | 822 | curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent); |
| 823 | if (!curr_table->status_proc) { | 823 | if (!curr_table->status_proc) { |
| 824 | vfree(hold); | ||
| 824 | printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n"); | 825 | printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n"); |
| 825 | /* Destroy the created table */ | 826 | /* Destroy the created table */ |
| 826 | spin_lock_bh(&recent_lock); | 827 | spin_lock_bh(&recent_lock); |
| @@ -845,7 +846,6 @@ checkentry(const char *tablename, | |||
| 845 | spin_unlock_bh(&recent_lock); | 846 | spin_unlock_bh(&recent_lock); |
| 846 | vfree(curr_table->time_info); | 847 | vfree(curr_table->time_info); |
| 847 | vfree(curr_table->hash_table); | 848 | vfree(curr_table->hash_table); |
| 848 | vfree(hold); | ||
| 849 | vfree(curr_table->table); | 849 | vfree(curr_table->table); |
| 850 | vfree(curr_table); | 850 | vfree(curr_table); |
| 851 | return 0; | 851 | return 0; |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 5bc9f64d7b5b..77d974443c7b 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -348,6 +348,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) | |||
| 348 | .tuple.dst.u.tcp.port; | 348 | .tuple.dst.u.tcp.port; |
| 349 | sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL] | 349 | sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL] |
| 350 | .tuple.dst.u3.ip; | 350 | .tuple.dst.u3.ip; |
| 351 | memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); | ||
| 351 | 352 | ||
| 352 | DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", | 353 | DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", |
| 353 | NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); | 354 | NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ff434821909f..cc9423de7311 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -2741,7 +2741,10 @@ int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) | |||
| 2741 | /* Reserve room for dummy headers, this skb can pass | 2741 | /* Reserve room for dummy headers, this skb can pass |
| 2742 | through good chunk of routing engine. | 2742 | through good chunk of routing engine. |
| 2743 | */ | 2743 | */ |
| 2744 | skb->mac.raw = skb->data; | 2744 | skb->mac.raw = skb->nh.raw = skb->data; |
| 2745 | |||
| 2746 | /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */ | ||
| 2747 | skb->nh.iph->protocol = IPPROTO_ICMP; | ||
| 2745 | skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr)); | 2748 | skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr)); |
| 2746 | 2749 | ||
| 2747 | if (rta[RTA_SRC - 1]) | 2750 | if (rta[RTA_SRC - 1]) |
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 87f68e787d0c..e2b7b8055037 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
| @@ -1468,6 +1468,7 @@ void tcp_close(struct sock *sk, long timeout) | |||
| 1468 | { | 1468 | { |
| 1469 | struct sk_buff *skb; | 1469 | struct sk_buff *skb; |
| 1470 | int data_was_unread = 0; | 1470 | int data_was_unread = 0; |
| 1471 | int state; | ||
| 1471 | 1472 | ||
| 1472 | lock_sock(sk); | 1473 | lock_sock(sk); |
| 1473 | sk->sk_shutdown = SHUTDOWN_MASK; | 1474 | sk->sk_shutdown = SHUTDOWN_MASK; |
| @@ -1544,6 +1545,11 @@ void tcp_close(struct sock *sk, long timeout) | |||
| 1544 | sk_stream_wait_close(sk, timeout); | 1545 | sk_stream_wait_close(sk, timeout); |
| 1545 | 1546 | ||
| 1546 | adjudge_to_death: | 1547 | adjudge_to_death: |
| 1548 | state = sk->sk_state; | ||
| 1549 | sock_hold(sk); | ||
| 1550 | sock_orphan(sk); | ||
| 1551 | atomic_inc(sk->sk_prot->orphan_count); | ||
| 1552 | |||
| 1547 | /* It is the last release_sock in its life. It will remove backlog. */ | 1553 | /* It is the last release_sock in its life. It will remove backlog. */ |
| 1548 | release_sock(sk); | 1554 | release_sock(sk); |
| 1549 | 1555 | ||
| @@ -1555,8 +1561,9 @@ adjudge_to_death: | |||
| 1555 | bh_lock_sock(sk); | 1561 | bh_lock_sock(sk); |
| 1556 | BUG_TRAP(!sock_owned_by_user(sk)); | 1562 | BUG_TRAP(!sock_owned_by_user(sk)); |
| 1557 | 1563 | ||
| 1558 | sock_hold(sk); | 1564 | /* Have we already been destroyed by a softirq or backlog? */ |
| 1559 | sock_orphan(sk); | 1565 | if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE) |
| 1566 | goto out; | ||
| 1560 | 1567 | ||
| 1561 | /* This is a (useful) BSD violating of the RFC. There is a | 1568 | /* This is a (useful) BSD violating of the RFC. There is a |
| 1562 | * problem with TCP as specified in that the other end could | 1569 | * problem with TCP as specified in that the other end could |
| @@ -1584,7 +1591,6 @@ adjudge_to_death: | |||
| 1584 | if (tmo > TCP_TIMEWAIT_LEN) { | 1591 | if (tmo > TCP_TIMEWAIT_LEN) { |
| 1585 | inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); | 1592 | inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); |
| 1586 | } else { | 1593 | } else { |
| 1587 | atomic_inc(sk->sk_prot->orphan_count); | ||
| 1588 | tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); | 1594 | tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); |
| 1589 | goto out; | 1595 | goto out; |
| 1590 | } | 1596 | } |
| @@ -1603,7 +1609,6 @@ adjudge_to_death: | |||
| 1603 | NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY); | 1609 | NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY); |
| 1604 | } | 1610 | } |
| 1605 | } | 1611 | } |
| 1606 | atomic_inc(sk->sk_prot->orphan_count); | ||
| 1607 | 1612 | ||
| 1608 | if (sk->sk_state == TCP_CLOSE) | 1613 | if (sk->sk_state == TCP_CLOSE) |
| 1609 | inet_csk_destroy_sock(sk); | 1614 | inet_csk_destroy_sock(sk); |
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c index e0e9d1383c7c..ba7c63ca5bb1 100644 --- a/net/ipv4/tcp_highspeed.c +++ b/net/ipv4/tcp_highspeed.c | |||
| @@ -135,10 +135,11 @@ static void hstcp_cong_avoid(struct sock *sk, u32 adk, u32 rtt, | |||
| 135 | 135 | ||
| 136 | /* Do additive increase */ | 136 | /* Do additive increase */ |
| 137 | if (tp->snd_cwnd < tp->snd_cwnd_clamp) { | 137 | if (tp->snd_cwnd < tp->snd_cwnd_clamp) { |
| 138 | tp->snd_cwnd_cnt += ca->ai; | 138 | /* cwnd = cwnd + a(w) / cwnd */ |
| 139 | tp->snd_cwnd_cnt += ca->ai + 1; | ||
| 139 | if (tp->snd_cwnd_cnt >= tp->snd_cwnd) { | 140 | if (tp->snd_cwnd_cnt >= tp->snd_cwnd) { |
| 140 | tp->snd_cwnd++; | ||
| 141 | tp->snd_cwnd_cnt -= tp->snd_cwnd; | 141 | tp->snd_cwnd_cnt -= tp->snd_cwnd; |
| 142 | tp->snd_cwnd++; | ||
| 142 | } | 143 | } |
| 143 | } | 144 | } |
| 144 | } | 145 | } |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 195d83584558..4a538bc1683d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -1662,6 +1662,8 @@ static void tcp_update_scoreboard(struct sock *sk, struct tcp_sock *tp) | |||
| 1662 | if (!(TCP_SKB_CB(skb)->sacked&TCPCB_TAGBITS)) { | 1662 | if (!(TCP_SKB_CB(skb)->sacked&TCPCB_TAGBITS)) { |
| 1663 | TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; | 1663 | TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; |
| 1664 | tp->lost_out += tcp_skb_pcount(skb); | 1664 | tp->lost_out += tcp_skb_pcount(skb); |
| 1665 | if (IsReno(tp)) | ||
| 1666 | tcp_remove_reno_sacks(sk, tp, tcp_skb_pcount(skb) + 1); | ||
| 1665 | 1667 | ||
| 1666 | /* clear xmit_retrans hint */ | 1668 | /* clear xmit_retrans hint */ |
| 1667 | if (tp->retransmit_skb_hint && | 1669 | if (tp->retransmit_skb_hint && |
| @@ -4559,7 +4561,6 @@ discard: | |||
| 4559 | 4561 | ||
| 4560 | EXPORT_SYMBOL(sysctl_tcp_ecn); | 4562 | EXPORT_SYMBOL(sysctl_tcp_ecn); |
| 4561 | EXPORT_SYMBOL(sysctl_tcp_reordering); | 4563 | EXPORT_SYMBOL(sysctl_tcp_reordering); |
| 4562 | EXPORT_SYMBOL(sysctl_tcp_abc); | ||
| 4563 | EXPORT_SYMBOL(tcp_parse_options); | 4564 | EXPORT_SYMBOL(tcp_parse_options); |
| 4564 | EXPORT_SYMBOL(tcp_rcv_established); | 4565 | EXPORT_SYMBOL(tcp_rcv_established); |
| 4565 | EXPORT_SYMBOL(tcp_rcv_state_process); | 4566 | EXPORT_SYMBOL(tcp_rcv_state_process); |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 9e85c0416109..672950e54c49 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1859,5 +1859,4 @@ EXPORT_SYMBOL(tcp_proc_unregister); | |||
| 1859 | #endif | 1859 | #endif |
| 1860 | EXPORT_SYMBOL(sysctl_local_port_range); | 1860 | EXPORT_SYMBOL(sysctl_local_port_range); |
| 1861 | EXPORT_SYMBOL(sysctl_tcp_low_latency); | 1861 | EXPORT_SYMBOL(sysctl_tcp_low_latency); |
| 1862 | EXPORT_SYMBOL(sysctl_tcp_tw_reuse); | ||
| 1863 | 1862 | ||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 9d79546d384e..f33c9dddaa12 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -59,9 +59,6 @@ int sysctl_tcp_tso_win_divisor = 3; | |||
| 59 | int sysctl_tcp_mtu_probing = 0; | 59 | int sysctl_tcp_mtu_probing = 0; |
| 60 | int sysctl_tcp_base_mss = 512; | 60 | int sysctl_tcp_base_mss = 512; |
| 61 | 61 | ||
| 62 | EXPORT_SYMBOL(sysctl_tcp_mtu_probing); | ||
| 63 | EXPORT_SYMBOL(sysctl_tcp_base_mss); | ||
| 64 | |||
| 65 | static void update_send_head(struct sock *sk, struct tcp_sock *tp, | 62 | static void update_send_head(struct sock *sk, struct tcp_sock *tp, |
| 66 | struct sk_buff *skb) | 63 | struct sk_buff *skb) |
| 67 | { | 64 | { |
| @@ -468,7 +465,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, | |||
| 468 | TCP_INC_STATS(TCP_MIB_OUTSEGS); | 465 | TCP_INC_STATS(TCP_MIB_OUTSEGS); |
| 469 | 466 | ||
| 470 | err = icsk->icsk_af_ops->queue_xmit(skb, 0); | 467 | err = icsk->icsk_af_ops->queue_xmit(skb, 0); |
| 471 | if (unlikely(err <= 0)) | 468 | if (likely(err <= 0)) |
| 472 | return err; | 469 | return err; |
| 473 | 470 | ||
| 474 | tcp_enter_cwr(sk); | 471 | tcp_enter_cwr(sk); |
| @@ -536,6 +533,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss | |||
| 536 | struct tcp_sock *tp = tcp_sk(sk); | 533 | struct tcp_sock *tp = tcp_sk(sk); |
| 537 | struct sk_buff *buff; | 534 | struct sk_buff *buff; |
| 538 | int nsize, old_factor; | 535 | int nsize, old_factor; |
| 536 | int nlen; | ||
| 539 | u16 flags; | 537 | u16 flags; |
| 540 | 538 | ||
| 541 | BUG_ON(len > skb->len); | 539 | BUG_ON(len > skb->len); |
| @@ -554,7 +552,11 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss | |||
| 554 | buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC); | 552 | buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC); |
| 555 | if (buff == NULL) | 553 | if (buff == NULL) |
| 556 | return -ENOMEM; /* We'll just try again later. */ | 554 | return -ENOMEM; /* We'll just try again later. */ |
| 555 | |||
| 557 | sk_charge_skb(sk, buff); | 556 | sk_charge_skb(sk, buff); |
| 557 | nlen = skb->len - len - nsize; | ||
| 558 | buff->truesize += nlen; | ||
| 559 | skb->truesize -= nlen; | ||
| 558 | 560 | ||
| 559 | /* Correct the sequence numbers. */ | 561 | /* Correct the sequence numbers. */ |
| 560 | TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; | 562 | TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; |
| @@ -640,7 +642,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss | |||
| 640 | * eventually). The difference is that pulled data not copied, but | 642 | * eventually). The difference is that pulled data not copied, but |
| 641 | * immediately discarded. | 643 | * immediately discarded. |
| 642 | */ | 644 | */ |
| 643 | static unsigned char *__pskb_trim_head(struct sk_buff *skb, int len) | 645 | static void __pskb_trim_head(struct sk_buff *skb, int len) |
| 644 | { | 646 | { |
| 645 | int i, k, eat; | 647 | int i, k, eat; |
| 646 | 648 | ||
| @@ -665,7 +667,6 @@ static unsigned char *__pskb_trim_head(struct sk_buff *skb, int len) | |||
| 665 | skb->tail = skb->data; | 667 | skb->tail = skb->data; |
| 666 | skb->data_len -= len; | 668 | skb->data_len -= len; |
| 667 | skb->len = skb->data_len; | 669 | skb->len = skb->data_len; |
| 668 | return skb->tail; | ||
| 669 | } | 670 | } |
| 670 | 671 | ||
| 671 | int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len) | 672 | int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len) |
| @@ -674,12 +675,11 @@ int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len) | |||
| 674 | pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) | 675 | pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) |
| 675 | return -ENOMEM; | 676 | return -ENOMEM; |
| 676 | 677 | ||
| 677 | if (len <= skb_headlen(skb)) { | 678 | /* If len == headlen, we avoid __skb_pull to preserve alignment. */ |
| 679 | if (unlikely(len < skb_headlen(skb))) | ||
| 678 | __skb_pull(skb, len); | 680 | __skb_pull(skb, len); |
| 679 | } else { | 681 | else |
| 680 | if (__pskb_trim_head(skb, len-skb_headlen(skb)) == NULL) | 682 | __pskb_trim_head(skb, len - skb_headlen(skb)); |
| 681 | return -ENOMEM; | ||
| 682 | } | ||
| 683 | 683 | ||
| 684 | TCP_SKB_CB(skb)->seq += len; | 684 | TCP_SKB_CB(skb)->seq += len; |
| 685 | skb->ip_summed = CHECKSUM_HW; | 685 | skb->ip_summed = CHECKSUM_HW; |
| @@ -1040,7 +1040,8 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len, | |||
| 1040 | if (unlikely(buff == NULL)) | 1040 | if (unlikely(buff == NULL)) |
| 1041 | return -ENOMEM; | 1041 | return -ENOMEM; |
| 1042 | 1042 | ||
| 1043 | buff->truesize = nlen; | 1043 | sk_charge_skb(sk, buff); |
| 1044 | buff->truesize += nlen; | ||
| 1044 | skb->truesize -= nlen; | 1045 | skb->truesize -= nlen; |
| 1045 | 1046 | ||
| 1046 | /* Correct the sequence numbers. */ | 1047 | /* Correct the sequence numbers. */ |
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 32ad229b4fed..4ef8efaf6a67 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
| @@ -62,7 +62,7 @@ static void xfrm4_encap(struct sk_buff *skb) | |||
| 62 | top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? | 62 | top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? |
| 63 | 0 : (iph->frag_off & htons(IP_DF)); | 63 | 0 : (iph->frag_off & htons(IP_DF)); |
| 64 | if (!top_iph->frag_off) | 64 | if (!top_iph->frag_off) |
| 65 | __ip_select_ident(top_iph, dst, 0); | 65 | __ip_select_ident(top_iph, dst->child, 0); |
| 66 | 66 | ||
| 67 | top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); | 67 | top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); |
| 68 | 68 | ||
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index f285bbf296e2..8604c747bca5 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
| @@ -221,7 +221,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl) | |||
| 221 | if (pskb_may_pull(skb, xprth + 4 - skb->data)) { | 221 | if (pskb_may_pull(skb, xprth + 4 - skb->data)) { |
| 222 | u16 *ipcomp_hdr = (u16 *)xprth; | 222 | u16 *ipcomp_hdr = (u16 *)xprth; |
| 223 | 223 | ||
| 224 | fl->fl_ipsec_spi = ntohl(ntohs(ipcomp_hdr[1])); | 224 | fl->fl_ipsec_spi = htonl(ntohs(ipcomp_hdr[1])); |
| 225 | } | 225 | } |
| 226 | break; | 226 | break; |
| 227 | default: | 227 | default: |