aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/fib_semantics.c12
-rw-r--r--net/ipv4/igmp.c38
-rw-r--r--net/ipv4/ip_output.c11
-rw-r--r--net/ipv4/ip_sockglue.c9
-rw-r--r--net/ipv4/netfilter/arp_tables.c30
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c17
-rw-r--r--net/ipv4/netfilter/ip_conntrack_sip.c2
-rw-r--r--net/ipv4/netfilter/ip_tables.c36
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c5
-rw-r--r--net/ipv4/netfilter/ipt_hashlimit.c14
-rw-r--r--net/ipv4/route.c10
-rw-r--r--net/ipv4/tcp.c5
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/tcp_ipv4.c2
-rw-r--r--net/ipv4/tcp_minisocks.c4
-rw-r--r--net/ipv4/tcp_output.c13
-rw-r--r--net/ipv4/tcp_probe.c5
17 files changed, 140 insertions, 76 deletions
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 9be53a8e72c3..51738000f3dc 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -159,7 +159,7 @@ void free_fib_info(struct fib_info *fi)
159 159
160void fib_release_info(struct fib_info *fi) 160void fib_release_info(struct fib_info *fi)
161{ 161{
162 write_lock(&fib_info_lock); 162 write_lock_bh(&fib_info_lock);
163 if (fi && --fi->fib_treeref == 0) { 163 if (fi && --fi->fib_treeref == 0) {
164 hlist_del(&fi->fib_hash); 164 hlist_del(&fi->fib_hash);
165 if (fi->fib_prefsrc) 165 if (fi->fib_prefsrc)
@@ -172,7 +172,7 @@ void fib_release_info(struct fib_info *fi)
172 fi->fib_dead = 1; 172 fi->fib_dead = 1;
173 fib_info_put(fi); 173 fib_info_put(fi);
174 } 174 }
175 write_unlock(&fib_info_lock); 175 write_unlock_bh(&fib_info_lock);
176} 176}
177 177
178static __inline__ int nh_comp(const struct fib_info *fi, const struct fib_info *ofi) 178static __inline__ int nh_comp(const struct fib_info *fi, const struct fib_info *ofi)
@@ -598,7 +598,7 @@ static void fib_hash_move(struct hlist_head *new_info_hash,
598 unsigned int old_size = fib_hash_size; 598 unsigned int old_size = fib_hash_size;
599 unsigned int i, bytes; 599 unsigned int i, bytes;
600 600
601 write_lock(&fib_info_lock); 601 write_lock_bh(&fib_info_lock);
602 old_info_hash = fib_info_hash; 602 old_info_hash = fib_info_hash;
603 old_laddrhash = fib_info_laddrhash; 603 old_laddrhash = fib_info_laddrhash;
604 fib_hash_size = new_size; 604 fib_hash_size = new_size;
@@ -639,7 +639,7 @@ static void fib_hash_move(struct hlist_head *new_info_hash,
639 } 639 }
640 fib_info_laddrhash = new_laddrhash; 640 fib_info_laddrhash = new_laddrhash;
641 641
642 write_unlock(&fib_info_lock); 642 write_unlock_bh(&fib_info_lock);
643 643
644 bytes = old_size * sizeof(struct hlist_head *); 644 bytes = old_size * sizeof(struct hlist_head *);
645 fib_hash_free(old_info_hash, bytes); 645 fib_hash_free(old_info_hash, bytes);
@@ -820,7 +820,7 @@ link_it:
820 820
821 fi->fib_treeref++; 821 fi->fib_treeref++;
822 atomic_inc(&fi->fib_clntref); 822 atomic_inc(&fi->fib_clntref);
823 write_lock(&fib_info_lock); 823 write_lock_bh(&fib_info_lock);
824 hlist_add_head(&fi->fib_hash, 824 hlist_add_head(&fi->fib_hash,
825 &fib_info_hash[fib_info_hashfn(fi)]); 825 &fib_info_hash[fib_info_hashfn(fi)]);
826 if (fi->fib_prefsrc) { 826 if (fi->fib_prefsrc) {
@@ -839,7 +839,7 @@ link_it:
839 head = &fib_info_devhash[hash]; 839 head = &fib_info_devhash[hash];
840 hlist_add_head(&nh->nh_hash, head); 840 hlist_add_head(&nh->nh_hash, head);
841 } endfor_nexthops(fi) 841 } endfor_nexthops(fi)
842 write_unlock(&fib_info_lock); 842 write_unlock_bh(&fib_info_lock);
843 return fi; 843 return fi;
844 844
845err_inval: 845err_inval:
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 9f4b752f5a33..8e8117c19e4d 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -1793,29 +1793,35 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
1793 struct in_device *in_dev; 1793 struct in_device *in_dev;
1794 u32 group = imr->imr_multiaddr.s_addr; 1794 u32 group = imr->imr_multiaddr.s_addr;
1795 u32 ifindex; 1795 u32 ifindex;
1796 int ret = -EADDRNOTAVAIL;
1796 1797
1797 rtnl_lock(); 1798 rtnl_lock();
1798 in_dev = ip_mc_find_dev(imr); 1799 in_dev = ip_mc_find_dev(imr);
1799 if (!in_dev) {
1800 rtnl_unlock();
1801 return -ENODEV;
1802 }
1803 ifindex = imr->imr_ifindex; 1800 ifindex = imr->imr_ifindex;
1804 for (imlp = &inet->mc_list; (iml = *imlp) != NULL; imlp = &iml->next) { 1801 for (imlp = &inet->mc_list; (iml = *imlp) != NULL; imlp = &iml->next) {
1805 if (iml->multi.imr_multiaddr.s_addr == group && 1802 if (iml->multi.imr_multiaddr.s_addr != group)
1806 iml->multi.imr_ifindex == ifindex) { 1803 continue;
1807 (void) ip_mc_leave_src(sk, iml, in_dev); 1804 if (ifindex) {
1805 if (iml->multi.imr_ifindex != ifindex)
1806 continue;
1807 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr !=
1808 iml->multi.imr_address.s_addr)
1809 continue;
1810
1811 (void) ip_mc_leave_src(sk, iml, in_dev);
1808 1812
1809 *imlp = iml->next; 1813 *imlp = iml->next;
1810 1814
1815 if (in_dev)
1811 ip_mc_dec_group(in_dev, group); 1816 ip_mc_dec_group(in_dev, group);
1812 rtnl_unlock(); 1817 rtnl_unlock();
1813 sock_kfree_s(sk, iml, sizeof(*iml)); 1818 sock_kfree_s(sk, iml, sizeof(*iml));
1814 return 0; 1819 return 0;
1815 }
1816 } 1820 }
1821 if (!in_dev)
1822 ret = -ENODEV;
1817 rtnl_unlock(); 1823 rtnl_unlock();
1818 return -EADDRNOTAVAIL; 1824 return ret;
1819} 1825}
1820 1826
1821int ip_mc_source(int add, int omode, struct sock *sk, struct 1827int ip_mc_source(int add, int omode, struct sock *sk, struct
@@ -2199,13 +2205,13 @@ void ip_mc_drop_socket(struct sock *sk)
2199 struct in_device *in_dev; 2205 struct in_device *in_dev;
2200 inet->mc_list = iml->next; 2206 inet->mc_list = iml->next;
2201 2207
2202 if ((in_dev = inetdev_by_index(iml->multi.imr_ifindex)) != NULL) { 2208 in_dev = inetdev_by_index(iml->multi.imr_ifindex);
2203 (void) ip_mc_leave_src(sk, iml, in_dev); 2209 (void) ip_mc_leave_src(sk, iml, in_dev);
2210 if (in_dev != NULL) {
2204 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2211 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
2205 in_dev_put(in_dev); 2212 in_dev_put(in_dev);
2206 } 2213 }
2207 sock_kfree_s(sk, iml, sizeof(*iml)); 2214 sock_kfree_s(sk, iml, sizeof(*iml));
2208
2209 } 2215 }
2210 rtnl_unlock(); 2216 rtnl_unlock();
2211} 2217}
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 7c9f9a6421b8..4c20f5546893 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -526,6 +526,8 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
526 526
527 err = output(skb); 527 err = output(skb);
528 528
529 if (!err)
530 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
529 if (err || !frag) 531 if (err || !frag)
530 break; 532 break;
531 533
@@ -649,9 +651,6 @@ slow_path:
649 /* 651 /*
650 * Put this fragment into the sending queue. 652 * Put this fragment into the sending queue.
651 */ 653 */
652
653 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
654
655 iph->tot_len = htons(len + hlen); 654 iph->tot_len = htons(len + hlen);
656 655
657 ip_send_check(iph); 656 ip_send_check(iph);
@@ -659,6 +658,8 @@ slow_path:
659 err = output(skb2); 658 err = output(skb2);
660 if (err) 659 if (err)
661 goto fail; 660 goto fail;
661
662 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES);
662 } 663 }
663 kfree_skb(skb); 664 kfree_skb(skb);
664 IP_INC_STATS(IPSTATS_MIB_FRAGOKS); 665 IP_INC_STATS(IPSTATS_MIB_FRAGOKS);
@@ -946,7 +947,7 @@ alloc_new_skb:
946 skb_prev->csum = csum_sub(skb_prev->csum, 947 skb_prev->csum = csum_sub(skb_prev->csum,
947 skb->csum); 948 skb->csum);
948 data += fraggap; 949 data += fraggap;
949 skb_trim(skb_prev, maxfraglen); 950 pskb_trim_unique(skb_prev, maxfraglen);
950 } 951 }
951 952
952 copy = datalen - transhdrlen - fraggap; 953 copy = datalen - transhdrlen - fraggap;
@@ -1141,7 +1142,7 @@ ssize_t ip_append_page(struct sock *sk, struct page *page,
1141 data, fraggap, 0); 1142 data, fraggap, 0);
1142 skb_prev->csum = csum_sub(skb_prev->csum, 1143 skb_prev->csum = csum_sub(skb_prev->csum,
1143 skb->csum); 1144 skb->csum);
1144 skb_trim(skb_prev, maxfraglen); 1145 pskb_trim_unique(skb_prev, maxfraglen);
1145 } 1146 }
1146 1147
1147 /* 1148 /*
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 84f43a3c9098..2d05c4133d3e 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -112,14 +112,19 @@ static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) 112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
113{ 113{
114 char *secdata; 114 char *secdata;
115 u32 seclen; 115 u32 seclen, secid;
116 int err; 116 int err;
117 117
118 err = security_socket_getpeersec_dgram(skb, &secdata, &seclen); 118 err = security_socket_getpeersec_dgram(NULL, skb, &secid);
119 if (err)
120 return;
121
122 err = security_secid_to_secctx(secid, &secdata, &seclen);
119 if (err) 123 if (err)
120 return; 124 return;
121 125
122 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); 126 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
127 security_release_secctx(secdata, seclen);
123} 128}
124 129
125 130
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 80c73ca90116..8d1d7a6e72a5 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -236,7 +236,7 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
236 struct arpt_entry *e, *back; 236 struct arpt_entry *e, *back;
237 const char *indev, *outdev; 237 const char *indev, *outdev;
238 void *table_base; 238 void *table_base;
239 struct xt_table_info *private = table->private; 239 struct xt_table_info *private;
240 240
241 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 241 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
242 if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + 242 if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) +
@@ -248,6 +248,7 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
248 outdev = out ? out->name : nulldevname; 248 outdev = out ? out->name : nulldevname;
249 249
250 read_lock_bh(&table->lock); 250 read_lock_bh(&table->lock);
251 private = table->private;
251 table_base = (void *)private->entries[smp_processor_id()]; 252 table_base = (void *)private->entries[smp_processor_id()];
252 e = get_entry(table_base, private->hook_entry[hook]); 253 e = get_entry(table_base, private->hook_entry[hook]);
253 back = get_entry(table_base, private->underflow[hook]); 254 back = get_entry(table_base, private->underflow[hook]);
@@ -1170,21 +1171,34 @@ static int __init arp_tables_init(void)
1170{ 1171{
1171 int ret; 1172 int ret;
1172 1173
1173 xt_proto_init(NF_ARP); 1174 ret = xt_proto_init(NF_ARP);
1175 if (ret < 0)
1176 goto err1;
1174 1177
1175 /* Noone else will be downing sem now, so we won't sleep */ 1178 /* Noone else will be downing sem now, so we won't sleep */
1176 xt_register_target(&arpt_standard_target); 1179 ret = xt_register_target(&arpt_standard_target);
1177 xt_register_target(&arpt_error_target); 1180 if (ret < 0)
1181 goto err2;
1182 ret = xt_register_target(&arpt_error_target);
1183 if (ret < 0)
1184 goto err3;
1178 1185
1179 /* Register setsockopt */ 1186 /* Register setsockopt */
1180 ret = nf_register_sockopt(&arpt_sockopts); 1187 ret = nf_register_sockopt(&arpt_sockopts);
1181 if (ret < 0) { 1188 if (ret < 0)
1182 duprintf("Unable to register sockopts.\n"); 1189 goto err4;
1183 return ret;
1184 }
1185 1190
1186 printk("arp_tables: (C) 2002 David S. Miller\n"); 1191 printk("arp_tables: (C) 2002 David S. Miller\n");
1187 return 0; 1192 return 0;
1193
1194err4:
1195 xt_unregister_target(&arpt_error_target);
1196err3:
1197 xt_unregister_target(&arpt_standard_target);
1198err2:
1199 xt_proto_fini(NF_ARP);
1200err1:
1201 return ret;
1188} 1202}
1189 1203
1190static void __exit arp_tables_fini(void) 1204static void __exit arp_tables_fini(void)
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 33891bb1fde4..0d4cc92391fa 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -415,21 +415,18 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
415 cb->args[0], *id); 415 cb->args[0], *id);
416 416
417 read_lock_bh(&ip_conntrack_lock); 417 read_lock_bh(&ip_conntrack_lock);
418 last = (struct ip_conntrack *)cb->args[1];
418 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) { 419 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) {
419restart: 420restart:
420 last = (struct ip_conntrack *)cb->args[1];
421 list_for_each_prev(i, &ip_conntrack_hash[cb->args[0]]) { 421 list_for_each_prev(i, &ip_conntrack_hash[cb->args[0]]) {
422 h = (struct ip_conntrack_tuple_hash *) i; 422 h = (struct ip_conntrack_tuple_hash *) i;
423 if (DIRECTION(h) != IP_CT_DIR_ORIGINAL) 423 if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
424 continue; 424 continue;
425 ct = tuplehash_to_ctrack(h); 425 ct = tuplehash_to_ctrack(h);
426 if (last != NULL) { 426 if (cb->args[1]) {
427 if (ct == last) { 427 if (ct != last)
428 ip_conntrack_put(last);
429 cb->args[1] = 0;
430 last = NULL;
431 } else
432 continue; 428 continue;
429 cb->args[1] = 0;
433 } 430 }
434 if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, 431 if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
435 cb->nlh->nlmsg_seq, 432 cb->nlh->nlmsg_seq,
@@ -440,17 +437,17 @@ restart:
440 goto out; 437 goto out;
441 } 438 }
442 } 439 }
443 if (last != NULL) { 440 if (cb->args[1]) {
444 ip_conntrack_put(last);
445 cb->args[1] = 0; 441 cb->args[1] = 0;
446 goto restart; 442 goto restart;
447 } 443 }
448 } 444 }
449out: 445out:
450 read_unlock_bh(&ip_conntrack_lock); 446 read_unlock_bh(&ip_conntrack_lock);
447 if (last)
448 ip_conntrack_put(last);
451 449
452 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id); 450 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
453
454 return skb->len; 451 return skb->len;
455} 452}
456 453
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c
index fc87ce0da40d..4f222d6be009 100644
--- a/net/ipv4/netfilter/ip_conntrack_sip.c
+++ b/net/ipv4/netfilter/ip_conntrack_sip.c
@@ -442,7 +442,7 @@ static int __init init(void)
442 sip[i].tuple.src.u.udp.port = htons(ports[i]); 442 sip[i].tuple.src.u.udp.port = htons(ports[i]);
443 sip[i].mask.src.u.udp.port = 0xFFFF; 443 sip[i].mask.src.u.udp.port = 0xFFFF;
444 sip[i].mask.dst.protonum = 0xFF; 444 sip[i].mask.dst.protonum = 0xFF;
445 sip[i].max_expected = 1; 445 sip[i].max_expected = 2;
446 sip[i].timeout = 3 * 60; /* 3 minutes */ 446 sip[i].timeout = 3 * 60; /* 3 minutes */
447 sip[i].me = THIS_MODULE; 447 sip[i].me = THIS_MODULE;
448 sip[i].help = sip_help; 448 sip[i].help = sip_help;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index fc5bdd5eb7d3..048514f15f2f 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -230,7 +230,7 @@ ipt_do_table(struct sk_buff **pskb,
230 const char *indev, *outdev; 230 const char *indev, *outdev;
231 void *table_base; 231 void *table_base;
232 struct ipt_entry *e, *back; 232 struct ipt_entry *e, *back;
233 struct xt_table_info *private = table->private; 233 struct xt_table_info *private;
234 234
235 /* Initialization */ 235 /* Initialization */
236 ip = (*pskb)->nh.iph; 236 ip = (*pskb)->nh.iph;
@@ -247,6 +247,7 @@ ipt_do_table(struct sk_buff **pskb,
247 247
248 read_lock_bh(&table->lock); 248 read_lock_bh(&table->lock);
249 IP_NF_ASSERT(table->valid_hooks & (1 << hook)); 249 IP_NF_ASSERT(table->valid_hooks & (1 << hook));
250 private = table->private;
250 table_base = (void *)private->entries[smp_processor_id()]; 251 table_base = (void *)private->entries[smp_processor_id()];
251 e = get_entry(table_base, private->hook_entry[hook]); 252 e = get_entry(table_base, private->hook_entry[hook]);
252 253
@@ -2239,22 +2240,39 @@ static int __init ip_tables_init(void)
2239{ 2240{
2240 int ret; 2241 int ret;
2241 2242
2242 xt_proto_init(AF_INET); 2243 ret = xt_proto_init(AF_INET);
2244 if (ret < 0)
2245 goto err1;
2243 2246
2244 /* Noone else will be downing sem now, so we won't sleep */ 2247 /* Noone else will be downing sem now, so we won't sleep */
2245 xt_register_target(&ipt_standard_target); 2248 ret = xt_register_target(&ipt_standard_target);
2246 xt_register_target(&ipt_error_target); 2249 if (ret < 0)
2247 xt_register_match(&icmp_matchstruct); 2250 goto err2;
2251 ret = xt_register_target(&ipt_error_target);
2252 if (ret < 0)
2253 goto err3;
2254 ret = xt_register_match(&icmp_matchstruct);
2255 if (ret < 0)
2256 goto err4;
2248 2257
2249 /* Register setsockopt */ 2258 /* Register setsockopt */
2250 ret = nf_register_sockopt(&ipt_sockopts); 2259 ret = nf_register_sockopt(&ipt_sockopts);
2251 if (ret < 0) { 2260 if (ret < 0)
2252 duprintf("Unable to register sockopts.\n"); 2261 goto err5;
2253 return ret;
2254 }
2255 2262
2256 printk("ip_tables: (C) 2000-2006 Netfilter Core Team\n"); 2263 printk("ip_tables: (C) 2000-2006 Netfilter Core Team\n");
2257 return 0; 2264 return 0;
2265
2266err5:
2267 xt_unregister_match(&icmp_matchstruct);
2268err4:
2269 xt_unregister_target(&ipt_error_target);
2270err3:
2271 xt_unregister_target(&ipt_standard_target);
2272err2:
2273 xt_proto_fini(AF_INET);
2274err1:
2275 return ret;
2258} 2276}
2259 2277
2260static void __exit ip_tables_fini(void) 2278static void __exit ip_tables_fini(void)
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index d7dd7fe7051c..d46fd677fa11 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -115,6 +115,11 @@ static void ulog_send(unsigned int nlgroupnum)
115 del_timer(&ub->timer); 115 del_timer(&ub->timer);
116 } 116 }
117 117
118 if (!ub->skb) {
119 DEBUGP("ipt_ULOG: ulog_send: nothing to send\n");
120 return;
121 }
122
118 /* last nlmsg needs NLMSG_DONE */ 123 /* last nlmsg needs NLMSG_DONE */
119 if (ub->qlen > 1) 124 if (ub->qlen > 1)
120 ub->lastnlh->nlmsg_type = NLMSG_DONE; 125 ub->lastnlh->nlmsg_type = NLMSG_DONE;
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 92980ab8ce48..3bd2368e1fc9 100644
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -454,15 +454,12 @@ hashlimit_match(const struct sk_buff *skb,
454 dh->rateinfo.credit_cap = user2credits(hinfo->cfg.avg * 454 dh->rateinfo.credit_cap = user2credits(hinfo->cfg.avg *
455 hinfo->cfg.burst); 455 hinfo->cfg.burst);
456 dh->rateinfo.cost = user2credits(hinfo->cfg.avg); 456 dh->rateinfo.cost = user2credits(hinfo->cfg.avg);
457 457 } else {
458 spin_unlock_bh(&hinfo->lock); 458 /* update expiration timeout */
459 return 1; 459 dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire);
460 rateinfo_recalc(dh, now);
460 } 461 }
461 462
462 /* update expiration timeout */
463 dh->expires = now + msecs_to_jiffies(hinfo->cfg.expire);
464
465 rateinfo_recalc(dh, now);
466 if (dh->rateinfo.credit >= dh->rateinfo.cost) { 463 if (dh->rateinfo.credit >= dh->rateinfo.cost) {
467 /* We're underlimit. */ 464 /* We're underlimit. */
468 dh->rateinfo.credit -= dh->rateinfo.cost; 465 dh->rateinfo.credit -= dh->rateinfo.cost;
@@ -508,6 +505,9 @@ hashlimit_checkentry(const char *tablename,
508 if (!r->cfg.expire) 505 if (!r->cfg.expire)
509 return 0; 506 return 0;
510 507
508 if (r->name[sizeof(r->name) - 1] != '\0')
509 return 0;
510
511 /* This is the best we've got: We cannot release and re-grab lock, 511 /* This is the best we've got: We cannot release and re-grab lock,
512 * since checkentry() is called before ip_tables.c grabs ipt_mutex. 512 * since checkentry() is called before ip_tables.c grabs ipt_mutex.
513 * We also cannot grab the hashtable spinlock, since htable_create will 513 * We also cannot grab the hashtable spinlock, since htable_create will
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 2dc6dbb28467..b873cbcdd0b8 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -104,6 +104,7 @@
104#include <net/icmp.h> 104#include <net/icmp.h>
105#include <net/xfrm.h> 105#include <net/xfrm.h>
106#include <net/ip_mp_alg.h> 106#include <net/ip_mp_alg.h>
107#include <net/netevent.h>
107#ifdef CONFIG_SYSCTL 108#ifdef CONFIG_SYSCTL
108#include <linux/sysctl.h> 109#include <linux/sysctl.h>
109#endif 110#endif
@@ -1125,6 +1126,7 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw,
1125 struct rtable *rth, **rthp; 1126 struct rtable *rth, **rthp;
1126 u32 skeys[2] = { saddr, 0 }; 1127 u32 skeys[2] = { saddr, 0 };
1127 int ikeys[2] = { dev->ifindex, 0 }; 1128 int ikeys[2] = { dev->ifindex, 0 };
1129 struct netevent_redirect netevent;
1128 1130
1129 if (!in_dev) 1131 if (!in_dev)
1130 return; 1132 return;
@@ -1216,6 +1218,11 @@ void ip_rt_redirect(u32 old_gw, u32 daddr, u32 new_gw,
1216 rt_drop(rt); 1218 rt_drop(rt);
1217 goto do_next; 1219 goto do_next;
1218 } 1220 }
1221
1222 netevent.old = &rth->u.dst;
1223 netevent.new = &rt->u.dst;
1224 call_netevent_notifiers(NETEVENT_REDIRECT,
1225 &netevent);
1219 1226
1220 rt_del(hash, rth); 1227 rt_del(hash, rth);
1221 if (!rt_intern_hash(hash, rt, &rt)) 1228 if (!rt_intern_hash(hash, rt, &rt))
@@ -1452,6 +1459,7 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1452 } 1459 }
1453 dst->metrics[RTAX_MTU-1] = mtu; 1460 dst->metrics[RTAX_MTU-1] = mtu;
1454 dst_set_expires(dst, ip_rt_mtu_expires); 1461 dst_set_expires(dst, ip_rt_mtu_expires);
1462 call_netevent_notifiers(NETEVENT_PMTU_UPDATE, dst);
1455 } 1463 }
1456} 1464}
1457 1465
@@ -3149,7 +3157,7 @@ int __init ip_rt_init(void)
3149 rhash_entries, 3157 rhash_entries,
3150 (num_physpages >= 128 * 1024) ? 3158 (num_physpages >= 128 * 1024) ?
3151 15 : 17, 3159 15 : 17,
3152 HASH_HIGHMEM, 3160 0,
3153 &rt_hash_log, 3161 &rt_hash_log,
3154 &rt_hash_mask, 3162 &rt_hash_mask,
3155 0); 3163 0);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f6a2d9223d07..934396bb1376 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1132,7 +1132,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1132 tp->ucopy.dma_chan = NULL; 1132 tp->ucopy.dma_chan = NULL;
1133 preempt_disable(); 1133 preempt_disable();
1134 if ((len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) && 1134 if ((len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) &&
1135 !sysctl_tcp_low_latency && __get_cpu_var(softnet_data.net_dma)) { 1135 !sysctl_tcp_low_latency && __get_cpu_var(softnet_data).net_dma) {
1136 preempt_enable_no_resched(); 1136 preempt_enable_no_resched();
1137 tp->ucopy.pinned_list = dma_pin_iovec_pages(msg->msg_iov, len); 1137 tp->ucopy.pinned_list = dma_pin_iovec_pages(msg->msg_iov, len);
1138 } else 1138 } else
@@ -1659,7 +1659,8 @@ adjudge_to_death:
1659 const int tmo = tcp_fin_time(sk); 1659 const int tmo = tcp_fin_time(sk);
1660 1660
1661 if (tmo > TCP_TIMEWAIT_LEN) { 1661 if (tmo > TCP_TIMEWAIT_LEN) {
1662 inet_csk_reset_keepalive_timer(sk, tcp_fin_time(sk)); 1662 inet_csk_reset_keepalive_timer(sk,
1663 tmo - TCP_TIMEWAIT_LEN);
1663 } else { 1664 } else {
1664 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); 1665 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
1665 goto out; 1666 goto out;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 738dad9f7d49..104af5d5bcbc 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3541,7 +3541,8 @@ void tcp_cwnd_application_limited(struct sock *sk)
3541 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open && 3541 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open &&
3542 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 3542 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
3543 /* Limited by application or receiver window. */ 3543 /* Limited by application or receiver window. */
3544 u32 win_used = max(tp->snd_cwnd_used, 2U); 3544 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk));
3545 u32 win_used = max(tp->snd_cwnd_used, init_win);
3545 if (win_used < tp->snd_cwnd) { 3546 if (win_used < tp->snd_cwnd) {
3546 tp->snd_ssthresh = tcp_current_ssthresh(sk); 3547 tp->snd_ssthresh = tcp_current_ssthresh(sk);
3547 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1; 3548 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index f6f39e814291..4b04c3edd4a9 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -438,7 +438,6 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
438 It can f.e. if SYNs crossed. 438 It can f.e. if SYNs crossed.
439 */ 439 */
440 if (!sock_owned_by_user(sk)) { 440 if (!sock_owned_by_user(sk)) {
441 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
442 sk->sk_err = err; 441 sk->sk_err = err;
443 442
444 sk->sk_error_report(sk); 443 sk->sk_error_report(sk);
@@ -874,7 +873,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
874drop_and_free: 873drop_and_free:
875 reqsk_free(req); 874 reqsk_free(req);
876drop: 875drop:
877 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
878 return 0; 876 return 0;
879} 877}
880 878
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 0ccb7cb22b15..624e2b2c7f53 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -589,8 +589,10 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
589 /* RFC793: "second check the RST bit" and 589 /* RFC793: "second check the RST bit" and
590 * "fourth, check the SYN bit" 590 * "fourth, check the SYN bit"
591 */ 591 */
592 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) 592 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) {
593 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
593 goto embryonic_reset; 594 goto embryonic_reset;
595 }
594 596
595 /* ACK sequence verified above, just make sure ACK is 597 /* ACK sequence verified above, just make sure ACK is
596 * set. If ACK not set, just silently drop the packet. 598 * set. If ACK not set, just silently drop the packet.
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 5c08ea20a18d..b4f3ffe1b3b4 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -201,6 +201,7 @@ void tcp_select_initial_window(int __space, __u32 mss,
201 * See RFC1323 for an explanation of the limit to 14 201 * See RFC1323 for an explanation of the limit to 14
202 */ 202 */
203 space = max_t(u32, sysctl_tcp_rmem[2], sysctl_rmem_max); 203 space = max_t(u32, sysctl_tcp_rmem[2], sysctl_rmem_max);
204 space = min_t(u32, space, *window_clamp);
204 while (space > 65535 && (*rcv_wscale) < 14) { 205 while (space > 65535 && (*rcv_wscale) < 14) {
205 space >>= 1; 206 space >>= 1;
206 (*rcv_wscale)++; 207 (*rcv_wscale)++;
@@ -466,7 +467,8 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
466 if (skb->len != tcp_header_size) 467 if (skb->len != tcp_header_size)
467 tcp_event_data_sent(tp, skb, sk); 468 tcp_event_data_sent(tp, skb, sk);
468 469
469 TCP_INC_STATS(TCP_MIB_OUTSEGS); 470 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
471 TCP_INC_STATS(TCP_MIB_OUTSEGS);
470 472
471 err = icsk->icsk_af_ops->queue_xmit(skb, 0); 473 err = icsk->icsk_af_ops->queue_xmit(skb, 0);
472 if (likely(err <= 0)) 474 if (likely(err <= 0))
@@ -2157,10 +2159,9 @@ int tcp_connect(struct sock *sk)
2157 skb_shinfo(buff)->gso_size = 0; 2159 skb_shinfo(buff)->gso_size = 0;
2158 skb_shinfo(buff)->gso_type = 0; 2160 skb_shinfo(buff)->gso_type = 0;
2159 buff->csum = 0; 2161 buff->csum = 0;
2162 tp->snd_nxt = tp->write_seq;
2160 TCP_SKB_CB(buff)->seq = tp->write_seq++; 2163 TCP_SKB_CB(buff)->seq = tp->write_seq++;
2161 TCP_SKB_CB(buff)->end_seq = tp->write_seq; 2164 TCP_SKB_CB(buff)->end_seq = tp->write_seq;
2162 tp->snd_nxt = tp->write_seq;
2163 tp->pushed_seq = tp->write_seq;
2164 2165
2165 /* Send it off. */ 2166 /* Send it off. */
2166 TCP_SKB_CB(buff)->when = tcp_time_stamp; 2167 TCP_SKB_CB(buff)->when = tcp_time_stamp;
@@ -2170,6 +2171,12 @@ int tcp_connect(struct sock *sk)
2170 sk_charge_skb(sk, buff); 2171 sk_charge_skb(sk, buff);
2171 tp->packets_out += tcp_skb_pcount(buff); 2172 tp->packets_out += tcp_skb_pcount(buff);
2172 tcp_transmit_skb(sk, buff, 1, GFP_KERNEL); 2173 tcp_transmit_skb(sk, buff, 1, GFP_KERNEL);
2174
2175 /* We change tp->snd_nxt after the tcp_transmit_skb() call
2176 * in order to make this packet get counted in tcpOutSegs.
2177 */
2178 tp->snd_nxt = tp->write_seq;
2179 tp->pushed_seq = tp->write_seq;
2173 TCP_INC_STATS(TCP_MIB_ACTIVEOPENS); 2180 TCP_INC_STATS(TCP_MIB_ACTIVEOPENS);
2174 2181
2175 /* Timer for repeating the SYN until an answer. */ 2182 /* Timer for repeating the SYN until an answer. */
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index d7d517a3a238..dab37d2f65fc 100644
--- a/net/ipv4/tcp_probe.c
+++ b/net/ipv4/tcp_probe.c
@@ -114,7 +114,7 @@ static int tcpprobe_open(struct inode * inode, struct file * file)
114static ssize_t tcpprobe_read(struct file *file, char __user *buf, 114static ssize_t tcpprobe_read(struct file *file, char __user *buf,
115 size_t len, loff_t *ppos) 115 size_t len, loff_t *ppos)
116{ 116{
117 int error = 0, cnt; 117 int error = 0, cnt = 0;
118 unsigned char *tbuf; 118 unsigned char *tbuf;
119 119
120 if (!buf || len < 0) 120 if (!buf || len < 0)
@@ -130,11 +130,12 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf,
130 error = wait_event_interruptible(tcpw.wait, 130 error = wait_event_interruptible(tcpw.wait,
131 __kfifo_len(tcpw.fifo) != 0); 131 __kfifo_len(tcpw.fifo) != 0);
132 if (error) 132 if (error)
133 return error; 133 goto out_free;
134 134
135 cnt = kfifo_get(tcpw.fifo, tbuf, len); 135 cnt = kfifo_get(tcpw.fifo, tbuf, len);
136 error = copy_to_user(buf, tbuf, cnt); 136 error = copy_to_user(buf, tbuf, cnt);
137 137
138out_free:
138 vfree(tbuf); 139 vfree(tbuf);
139 140
140 return error ? error : cnt; 141 return error ? error : cnt;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-24 10:55:31 -0500