diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/fib_lookup.h | 5 | ||||
| -rw-r--r-- | net/ipv4/inet_diag.c | 27 | ||||
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 40 |
5 files changed, 39 insertions, 35 deletions
diff --git a/net/ipv4/fib_lookup.h b/net/ipv4/fib_lookup.h index a29edf2219c8..c079cc0ec651 100644 --- a/net/ipv4/fib_lookup.h +++ b/net/ipv4/fib_lookup.h | |||
| @@ -47,11 +47,8 @@ extern int fib_detect_death(struct fib_info *fi, int order, | |||
| 47 | static inline void fib_result_assign(struct fib_result *res, | 47 | static inline void fib_result_assign(struct fib_result *res, |
| 48 | struct fib_info *fi) | 48 | struct fib_info *fi) |
| 49 | { | 49 | { |
| 50 | if (res->fi != NULL) | 50 | /* we used to play games with refcounts, but we now use RCU */ |
| 51 | fib_info_put(res->fi); | ||
| 52 | res->fi = fi; | 51 | res->fi = fi; |
| 53 | if (fi != NULL) | ||
| 54 | atomic_inc(&fi->fib_clntref); | ||
| 55 | } | 52 | } |
| 56 | 53 | ||
| 57 | #endif /* _FIB_LOOKUP_H */ | 54 | #endif /* _FIB_LOOKUP_H */ |
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index ba8042665849..2ada17129fce 100644 --- a/net/ipv4/inet_diag.c +++ b/net/ipv4/inet_diag.c | |||
| @@ -490,9 +490,11 @@ static int inet_csk_diag_dump(struct sock *sk, | |||
| 490 | { | 490 | { |
| 491 | struct inet_diag_req *r = NLMSG_DATA(cb->nlh); | 491 | struct inet_diag_req *r = NLMSG_DATA(cb->nlh); |
| 492 | 492 | ||
| 493 | if (cb->nlh->nlmsg_len > 4 + NLMSG_SPACE(sizeof(*r))) { | 493 | if (nlmsg_attrlen(cb->nlh, sizeof(*r))) { |
| 494 | struct inet_diag_entry entry; | 494 | struct inet_diag_entry entry; |
| 495 | struct rtattr *bc = (struct rtattr *)(r + 1); | 495 | const struct nlattr *bc = nlmsg_find_attr(cb->nlh, |
| 496 | sizeof(*r), | ||
| 497 | INET_DIAG_REQ_BYTECODE); | ||
| 496 | struct inet_sock *inet = inet_sk(sk); | 498 | struct inet_sock *inet = inet_sk(sk); |
| 497 | 499 | ||
| 498 | entry.family = sk->sk_family; | 500 | entry.family = sk->sk_family; |
| @@ -512,7 +514,7 @@ static int inet_csk_diag_dump(struct sock *sk, | |||
| 512 | entry.dport = ntohs(inet->inet_dport); | 514 | entry.dport = ntohs(inet->inet_dport); |
| 513 | entry.userlocks = sk->sk_userlocks; | 515 | entry.userlocks = sk->sk_userlocks; |
| 514 | 516 | ||
| 515 | if (!inet_diag_bc_run(RTA_DATA(bc), RTA_PAYLOAD(bc), &entry)) | 517 | if (!inet_diag_bc_run(nla_data(bc), nla_len(bc), &entry)) |
| 516 | return 0; | 518 | return 0; |
| 517 | } | 519 | } |
| 518 | 520 | ||
| @@ -527,9 +529,11 @@ static int inet_twsk_diag_dump(struct inet_timewait_sock *tw, | |||
| 527 | { | 529 | { |
| 528 | struct inet_diag_req *r = NLMSG_DATA(cb->nlh); | 530 | struct inet_diag_req *r = NLMSG_DATA(cb->nlh); |
| 529 | 531 | ||
| 530 | if (cb->nlh->nlmsg_len > 4 + NLMSG_SPACE(sizeof(*r))) { | 532 | if (nlmsg_attrlen(cb->nlh, sizeof(*r))) { |
| 531 | struct inet_diag_entry entry; | 533 | struct inet_diag_entry entry; |
| 532 | struct rtattr *bc = (struct rtattr *)(r + 1); | 534 | const struct nlattr *bc = nlmsg_find_attr(cb->nlh, |
| 535 | sizeof(*r), | ||
| 536 | INET_DIAG_REQ_BYTECODE); | ||
| 533 | 537 | ||
| 534 | entry.family = tw->tw_family; | 538 | entry.family = tw->tw_family; |
| 535 | #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) | 539 | #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) |
| @@ -548,7 +552,7 @@ static int inet_twsk_diag_dump(struct inet_timewait_sock *tw, | |||
| 548 | entry.dport = ntohs(tw->tw_dport); | 552 | entry.dport = ntohs(tw->tw_dport); |
| 549 | entry.userlocks = 0; | 553 | entry.userlocks = 0; |
| 550 | 554 | ||
| 551 | if (!inet_diag_bc_run(RTA_DATA(bc), RTA_PAYLOAD(bc), &entry)) | 555 | if (!inet_diag_bc_run(nla_data(bc), nla_len(bc), &entry)) |
| 552 | return 0; | 556 | return 0; |
| 553 | } | 557 | } |
| 554 | 558 | ||
| @@ -618,7 +622,7 @@ static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk, | |||
| 618 | struct inet_diag_req *r = NLMSG_DATA(cb->nlh); | 622 | struct inet_diag_req *r = NLMSG_DATA(cb->nlh); |
| 619 | struct inet_connection_sock *icsk = inet_csk(sk); | 623 | struct inet_connection_sock *icsk = inet_csk(sk); |
| 620 | struct listen_sock *lopt; | 624 | struct listen_sock *lopt; |
| 621 | struct rtattr *bc = NULL; | 625 | const struct nlattr *bc = NULL; |
| 622 | struct inet_sock *inet = inet_sk(sk); | 626 | struct inet_sock *inet = inet_sk(sk); |
| 623 | int j, s_j; | 627 | int j, s_j; |
| 624 | int reqnum, s_reqnum; | 628 | int reqnum, s_reqnum; |
| @@ -638,8 +642,9 @@ static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk, | |||
| 638 | if (!lopt || !lopt->qlen) | 642 | if (!lopt || !lopt->qlen) |
| 639 | goto out; | 643 | goto out; |
| 640 | 644 | ||
| 641 | if (cb->nlh->nlmsg_len > 4 + NLMSG_SPACE(sizeof(*r))) { | 645 | if (nlmsg_attrlen(cb->nlh, sizeof(*r))) { |
| 642 | bc = (struct rtattr *)(r + 1); | 646 | bc = nlmsg_find_attr(cb->nlh, sizeof(*r), |
| 647 | INET_DIAG_REQ_BYTECODE); | ||
| 643 | entry.sport = inet->inet_num; | 648 | entry.sport = inet->inet_num; |
| 644 | entry.userlocks = sk->sk_userlocks; | 649 | entry.userlocks = sk->sk_userlocks; |
| 645 | } | 650 | } |
| @@ -672,8 +677,8 @@ static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk, | |||
| 672 | &ireq->rmt_addr; | 677 | &ireq->rmt_addr; |
| 673 | entry.dport = ntohs(ireq->rmt_port); | 678 | entry.dport = ntohs(ireq->rmt_port); |
| 674 | 679 | ||
| 675 | if (!inet_diag_bc_run(RTA_DATA(bc), | 680 | if (!inet_diag_bc_run(nla_data(bc), |
| 676 | RTA_PAYLOAD(bc), &entry)) | 681 | nla_len(bc), &entry)) |
| 677 | continue; | 682 | continue; |
| 678 | } | 683 | } |
| 679 | 684 | ||
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 3cad2591ace0..3fac340a28d5 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -927,6 +927,7 @@ static int get_info(struct net *net, void __user *user, | |||
| 927 | private = &tmp; | 927 | private = &tmp; |
| 928 | } | 928 | } |
| 929 | #endif | 929 | #endif |
| 930 | memset(&info, 0, sizeof(info)); | ||
| 930 | info.valid_hooks = t->valid_hooks; | 931 | info.valid_hooks = t->valid_hooks; |
| 931 | memcpy(info.hook_entry, private->hook_entry, | 932 | memcpy(info.hook_entry, private->hook_entry, |
| 932 | sizeof(info.hook_entry)); | 933 | sizeof(info.hook_entry)); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index d31b007a6d80..a846d633b3b6 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1124,6 +1124,7 @@ static int get_info(struct net *net, void __user *user, | |||
| 1124 | private = &tmp; | 1124 | private = &tmp; |
| 1125 | } | 1125 | } |
| 1126 | #endif | 1126 | #endif |
| 1127 | memset(&info, 0, sizeof(info)); | ||
| 1127 | info.valid_hooks = t->valid_hooks; | 1128 | info.valid_hooks = t->valid_hooks; |
| 1128 | memcpy(info.hook_entry, private->hook_entry, | 1129 | memcpy(info.hook_entry, private->hook_entry, |
| 1129 | sizeof(info.hook_entry)); | 1130 | sizeof(info.hook_entry)); |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 295c97431e43..c04787ce1a71 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
| @@ -47,26 +47,6 @@ __nf_nat_proto_find(u_int8_t protonum) | |||
| 47 | return rcu_dereference(nf_nat_protos[protonum]); | 47 | return rcu_dereference(nf_nat_protos[protonum]); |
| 48 | } | 48 | } |
| 49 | 49 | ||
| 50 | static const struct nf_nat_protocol * | ||
| 51 | nf_nat_proto_find_get(u_int8_t protonum) | ||
| 52 | { | ||
| 53 | const struct nf_nat_protocol *p; | ||
| 54 | |||
| 55 | rcu_read_lock(); | ||
| 56 | p = __nf_nat_proto_find(protonum); | ||
| 57 | if (!try_module_get(p->me)) | ||
| 58 | p = &nf_nat_unknown_protocol; | ||
| 59 | rcu_read_unlock(); | ||
| 60 | |||
| 61 | return p; | ||
| 62 | } | ||
| 63 | |||
| 64 | static void | ||
| 65 | nf_nat_proto_put(const struct nf_nat_protocol *p) | ||
| 66 | { | ||
| 67 | module_put(p->me); | ||
| 68 | } | ||
| 69 | |||
| 70 | /* We keep an extra hash for each conntrack, for fast searching. */ | 50 | /* We keep an extra hash for each conntrack, for fast searching. */ |
| 71 | static inline unsigned int | 51 | static inline unsigned int |
| 72 | hash_by_src(const struct net *net, u16 zone, | 52 | hash_by_src(const struct net *net, u16 zone, |
| @@ -588,6 +568,26 @@ static struct nf_ct_ext_type nat_extend __read_mostly = { | |||
| 588 | #include <linux/netfilter/nfnetlink.h> | 568 | #include <linux/netfilter/nfnetlink.h> |
| 589 | #include <linux/netfilter/nfnetlink_conntrack.h> | 569 | #include <linux/netfilter/nfnetlink_conntrack.h> |
| 590 | 570 | ||
| 571 | static const struct nf_nat_protocol * | ||
| 572 | nf_nat_proto_find_get(u_int8_t protonum) | ||
| 573 | { | ||
| 574 | const struct nf_nat_protocol *p; | ||
| 575 | |||
| 576 | rcu_read_lock(); | ||
| 577 | p = __nf_nat_proto_find(protonum); | ||
| 578 | if (!try_module_get(p->me)) | ||
| 579 | p = &nf_nat_unknown_protocol; | ||
| 580 | rcu_read_unlock(); | ||
| 581 | |||
| 582 | return p; | ||
| 583 | } | ||
| 584 | |||
| 585 | static void | ||
| 586 | nf_nat_proto_put(const struct nf_nat_protocol *p) | ||
| 587 | { | ||
| 588 | module_put(p->me); | ||
| 589 | } | ||
| 590 | |||
| 591 | static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { | 591 | static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { |
| 592 | [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, | 592 | [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, |
| 593 | [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, | 593 | [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, |