diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/ip_output.c | 7 | ||||
| -rw-r--r-- | net/ipv4/ip_sockglue.c | 9 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_sip.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_hashlimit.c | 3 | ||||
| -rw-r--r-- | net/ipv4/route.c | 8 | ||||
| -rw-r--r-- | net/ipv4/tcp.c | 5 | ||||
| -rw-r--r-- | net/ipv4/tcp_input.c | 3 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 2 | ||||
| -rw-r--r-- | net/ipv4/tcp_minisocks.c | 4 | ||||
| -rw-r--r-- | net/ipv4/tcp_probe.c | 2 |
10 files changed, 32 insertions, 13 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 7c9f9a6421b8..9bf307a29783 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
| @@ -526,6 +526,8 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) | |||
| 526 | 526 | ||
| 527 | err = output(skb); | 527 | err = output(skb); |
| 528 | 528 | ||
| 529 | if (!err) | ||
| 530 | IP_INC_STATS(IPSTATS_MIB_FRAGCREATES); | ||
| 529 | if (err || !frag) | 531 | if (err || !frag) |
| 530 | break; | 532 | break; |
| 531 | 533 | ||
| @@ -649,9 +651,6 @@ slow_path: | |||
| 649 | /* | 651 | /* |
| 650 | * Put this fragment into the sending queue. | 652 | * Put this fragment into the sending queue. |
| 651 | */ | 653 | */ |
| 652 | |||
| 653 | IP_INC_STATS(IPSTATS_MIB_FRAGCREATES); | ||
| 654 | |||
| 655 | iph->tot_len = htons(len + hlen); | 654 | iph->tot_len = htons(len + hlen); |
| 656 | 655 | ||
| 657 | ip_send_check(iph); | 656 | ip_send_check(iph); |
| @@ -659,6 +658,8 @@ slow_path: | |||
| 659 | err = output(skb2); | 658 | err = output(skb2); |
| 660 | if (err) | 659 | if (err) |
| 661 | goto fail; | 660 | goto fail; |
| 661 | |||
| 662 | IP_INC_STATS(IPSTATS_MIB_FRAGCREATES); | ||
| 662 | } | 663 | } |
| 663 | kfree_skb(skb); | 664 | kfree_skb(skb); |
| 664 | IP_INC_STATS(IPSTATS_MIB_FRAGOKS); | 665 | IP_INC_STATS(IPSTATS_MIB_FRAGOKS); |
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 84f43a3c9098..2d05c4133d3e 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c | |||
| @@ -112,14 +112,19 @@ static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb) | |||
| 112 | static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) | 112 | static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) |
| 113 | { | 113 | { |
| 114 | char *secdata; | 114 | char *secdata; |
| 115 | u32 seclen; | 115 | u32 seclen, secid; |
| 116 | int err; | 116 | int err; |
| 117 | 117 | ||
| 118 | err = security_socket_getpeersec_dgram(skb, &secdata, &seclen); | 118 | err = security_socket_getpeersec_dgram(NULL, skb, &secid); |
| 119 | if (err) | ||
| 120 | return; | ||
| 121 | |||
| 122 | err = security_secid_to_secctx(secid, &secdata, &seclen); | ||
| 119 | if (err) | 123 | if (err) |
| 120 | return; | 124 | return; |
| 121 | 125 | ||
| 122 | put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); | 126 | put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); |
| 127 | security_release_secctx(secdata, seclen); | ||
| 123 | } | 128 | } |
| 124 | 129 | ||
| 125 | 130 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c index fc87ce0da40d..4f222d6be009 100644 --- a/net/ipv4/netfilter/ip_conntrack_sip.c +++ b/net/ipv4/netfilter/ip_conntrack_sip.c | |||
| @@ -442,7 +442,7 @@ static int __init init(void) | |||
| 442 | sip[i].tuple.src.u.udp.port = htons(ports[i]); | 442 | sip[i].tuple.src.u.udp.port = htons(ports[i]); |
| 443 | sip[i].mask.src.u.udp.port = 0xFFFF; | 443 | sip[i].mask.src.u.udp.port = 0xFFFF; |
| 444 | sip[i].mask.dst.protonum = 0xFF; | 444 | sip[i].mask.dst.protonum = 0xFF; |
| 445 | sip[i].max_expected = 1; | 445 | sip[i].max_expected = 2; |
| 446 | sip[i].timeout = 3 * 60; /* 3 minutes */ | 446 | sip[i].timeout = 3 * 60; /* 3 minutes */ |
| 447 | sip[i].me = THIS_MODULE; | 447 | sip[i].me = THIS_MODULE; |
| 448 | sip[i].help = sip_help; | 448 | sip[i].help = sip_help; |
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c index 92980ab8ce48..6b662449e825 100644 --- a/net/ipv4/netfilter/ipt_hashlimit.c +++ b/net/ipv4/netfilter/ipt_hashlimit.c | |||
| @@ -508,6 +508,9 @@ hashlimit_checkentry(const char *tablename, | |||
| 508 | if (!r->cfg.expire) | 508 | if (!r->cfg.expire) |
| 509 | return 0; | 509 | return 0; |
| 510 | 510 | ||
| 511 | if (r->name[sizeof(r->name) - 1] != '\0') | ||
| 512 | return 0; | ||
| 513 | |||
| 511 | /* This is the best we've got: We cannot release and re-grab lock, | 514 | /* This is the best we've got: We cannot release and re-grab lock, |
| 512 | * since checkentry() is called before ip_tables.c grabs ipt_mutex. | 515 | * since checkentry() is called before ip_tables.c grabs ipt_mutex. |
| 513 | * We also cannot grab the hashtable spinlock, since htable_create will | 516 | * We also cannot grab the hashtable spinlock, since htable_create will |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 2dc6dbb28467..19bd49d69d9f 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -104,6 +104,7 @@ | |||
| 104 | #include <net/icmp.h> | 104 | #include <net/icmp.h> |
| 105 | #include <net/xfrm.h> | 105 | #include <net/xfrm.h> |
| 106 | #include <net/ip_mp_alg.h> | 106 | #include <net/ip_mp_alg.h> |
| 107 | #include <net/netevent.h> | ||
| 107 | #ifdef CONFIG_SYSCTL | 108 | #ifdef CONFIG_SYSCTL |
| 108 | #include <linux/sysctl.h> | 109 | #include <linux/sysctl.h> |
| 109 | #endif | 110 | #endif |
| @@ -1125,6 +1126,7 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw, | |||
| 1125 | struct rtable *rth, **rthp; | 1126 | struct rtable *rth, **rthp; |
| 1126 | u32 skeys[2] = { saddr, 0 }; | 1127 | u32 skeys[2] = { saddr, 0 }; |
| 1127 | int ikeys[2] = { dev->ifindex, 0 }; | 1128 | int ikeys[2] = { dev->ifindex, 0 }; |
| 1129 | struct netevent_redirect netevent; | ||
| 1128 | 1130 | ||
| 1129 | if (!in_dev) | 1131 | if (!in_dev) |
| 1130 | return; | 1132 | return; |
| @@ -1216,6 +1218,11 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw, | |||
| 1216 | rt_drop(rt); | 1218 | rt_drop(rt); |
| 1217 | goto do_next; | 1219 | goto do_next; |
| 1218 | } | 1220 | } |
| 1221 | |||
| 1222 | netevent.old = &rth->u.dst; | ||
| 1223 | netevent.new = &rt->u.dst; | ||
| 1224 | call_netevent_notifiers(NETEVENT_REDIRECT, | ||
| 1225 | &netevent); | ||
| 1219 | 1226 | ||
| 1220 | rt_del(hash, rth); | 1227 | rt_del(hash, rth); |
| 1221 | if (!rt_intern_hash(hash, rt, &rt)) | 1228 | if (!rt_intern_hash(hash, rt, &rt)) |
| @@ -1452,6 +1459,7 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu) | |||
| 1452 | } | 1459 | } |
| 1453 | dst->metrics[RTAX_MTU-1] = mtu; | 1460 | dst->metrics[RTAX_MTU-1] = mtu; |
| 1454 | dst_set_expires(dst, ip_rt_mtu_expires); | 1461 | dst_set_expires(dst, ip_rt_mtu_expires); |
| 1462 | call_netevent_notifiers(NETEVENT_PMTU_UPDATE, dst); | ||
| 1455 | } | 1463 | } |
| 1456 | } | 1464 | } |
| 1457 | 1465 | ||
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index f6a2d9223d07..934396bb1376 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
| @@ -1132,7 +1132,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, | |||
| 1132 | tp->ucopy.dma_chan = NULL; | 1132 | tp->ucopy.dma_chan = NULL; |
| 1133 | preempt_disable(); | 1133 | preempt_disable(); |
| 1134 | if ((len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) && | 1134 | if ((len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) && |
| 1135 | !sysctl_tcp_low_latency && __get_cpu_var(softnet_data.net_dma)) { | 1135 | !sysctl_tcp_low_latency && __get_cpu_var(softnet_data).net_dma) { |
| 1136 | preempt_enable_no_resched(); | 1136 | preempt_enable_no_resched(); |
| 1137 | tp->ucopy.pinned_list = dma_pin_iovec_pages(msg->msg_iov, len); | 1137 | tp->ucopy.pinned_list = dma_pin_iovec_pages(msg->msg_iov, len); |
| 1138 | } else | 1138 | } else |
| @@ -1659,7 +1659,8 @@ adjudge_to_death: | |||
| 1659 | const int tmo = tcp_fin_time(sk); | 1659 | const int tmo = tcp_fin_time(sk); |
| 1660 | 1660 | ||
| 1661 | if (tmo > TCP_TIMEWAIT_LEN) { | 1661 | if (tmo > TCP_TIMEWAIT_LEN) { |
| 1662 | inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); | 1662 | inet_csk_reset_keepalive_timer(sk, |
| 1663 | tmo - TCP_TIMEWAIT_LEN); | ||
| 1663 | } else { | 1664 | } else { |
| 1664 | tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); | 1665 | tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); |
| 1665 | goto out; | 1666 | goto out; |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 738dad9f7d49..104af5d5bcbc 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -3541,7 +3541,8 @@ void tcp_cwnd_application_limited(struct sock *sk) | |||
| 3541 | if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open && | 3541 | if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open && |
| 3542 | sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { | 3542 | sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { |
| 3543 | /* Limited by application or receiver window. */ | 3543 | /* Limited by application or receiver window. */ |
| 3544 | u32 win_used = max(tp->snd_cwnd_used, 2U); | 3544 | u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk)); |
| 3545 | u32 win_used = max(tp->snd_cwnd_used, init_win); | ||
| 3545 | if (win_used < tp->snd_cwnd) { | 3546 | if (win_used < tp->snd_cwnd) { |
| 3546 | tp->snd_ssthresh = tcp_current_ssthresh(sk); | 3547 | tp->snd_ssthresh = tcp_current_ssthresh(sk); |
| 3547 | tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1; | 3548 | tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1; |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index f6f39e814291..4b04c3edd4a9 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -438,7 +438,6 @@ void tcp_v4_err(struct sk_buff *skb, u32 info) | |||
| 438 | It can f.e. if SYNs crossed. | 438 | It can f.e. if SYNs crossed. |
| 439 | */ | 439 | */ |
| 440 | if (!sock_owned_by_user(sk)) { | 440 | if (!sock_owned_by_user(sk)) { |
| 441 | TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS); | ||
| 442 | sk->sk_err = err; | 441 | sk->sk_err = err; |
| 443 | 442 | ||
| 444 | sk->sk_error_report(sk); | 443 | sk->sk_error_report(sk); |
| @@ -874,7 +873,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 874 | drop_and_free: | 873 | drop_and_free: |
| 875 | reqsk_free(req); | 874 | reqsk_free(req); |
| 876 | drop: | 875 | drop: |
| 877 | TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS); | ||
| 878 | return 0; | 876 | return 0; |
| 879 | } | 877 | } |
| 880 | 878 | ||
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 0ccb7cb22b15..624e2b2c7f53 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c | |||
| @@ -589,8 +589,10 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb, | |||
| 589 | /* RFC793: "second check the RST bit" and | 589 | /* RFC793: "second check the RST bit" and |
| 590 | * "fourth, check the SYN bit" | 590 | * "fourth, check the SYN bit" |
| 591 | */ | 591 | */ |
| 592 | if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) | 592 | if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) { |
| 593 | TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS); | ||
| 593 | goto embryonic_reset; | 594 | goto embryonic_reset; |
| 595 | } | ||
| 594 | 596 | ||
| 595 | /* ACK sequence verified above, just make sure ACK is | 597 | /* ACK sequence verified above, just make sure ACK is |
| 596 | * set. If ACK not set, just silently drop the packet. | 598 | * set. If ACK not set, just silently drop the packet. |
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index d7d517a3a238..b3435324b573 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c | |||
| @@ -114,7 +114,7 @@ static int tcpprobe_open(struct inode * inode, struct file * file) | |||
| 114 | static ssize_t tcpprobe_read(struct file *file, char __user *buf, | 114 | static ssize_t tcpprobe_read(struct file *file, char __user *buf, |
| 115 | size_t len, loff_t *ppos) | 115 | size_t len, loff_t *ppos) |
| 116 | { | 116 | { |
| 117 | int error = 0, cnt; | 117 | int error = 0, cnt = 0; |
| 118 | unsigned char *tbuf; | 118 | unsigned char *tbuf; |
| 119 | 119 | ||
| 120 | if (!buf || len < 0) | 120 | if (!buf || len < 0) |