diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/cipso_ipv4.c | 9 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 12 | ||||
| -rw-r--r-- | net/ipv4/udp.c | 13 |
3 files changed, 20 insertions, 14 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 6bb2635b5ded..7bc992976d29 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c | |||
| @@ -3,11 +3,16 @@ | |||
| 3 | * | 3 | * |
| 4 | * This is an implementation of the CIPSO 2.2 protocol as specified in | 4 | * This is an implementation of the CIPSO 2.2 protocol as specified in |
| 5 | * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in | 5 | * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in |
| 6 | * FIPS-188, copies of both documents can be found in the Documentation | 6 | * FIPS-188. While CIPSO never became a full IETF RFC standard many vendors |
| 7 | * directory. While CIPSO never became a full IETF RFC standard many vendors | ||
| 8 | * have chosen to adopt the protocol and over the years it has become a | 7 | * have chosen to adopt the protocol and over the years it has become a |
| 9 | * de-facto standard for labeled networking. | 8 | * de-facto standard for labeled networking. |
| 10 | * | 9 | * |
| 10 | * The CIPSO draft specification can be found in the kernel's Documentation | ||
| 11 | * directory as well as the following URL: | ||
| 12 | * http://netlabel.sourceforge.net/files/draft-ietf-cipso-ipsecurity-01.txt | ||
| 13 | * The FIPS-188 specification can be found at the following URL: | ||
| 14 | * http://www.itl.nist.gov/fipspubs/fip188.htm | ||
| 15 | * | ||
| 11 | * Author: Paul Moore <paul.moore@hp.com> | 16 | * Author: Paul Moore <paul.moore@hp.com> |
| 12 | * | 17 | * |
| 13 | */ | 18 | */ |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 557fe16cbfb0..dda42f0bd7a3 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -663,14 +663,10 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, | |||
| 663 | th->urg_ptr = 0; | 663 | th->urg_ptr = 0; |
| 664 | 664 | ||
| 665 | /* The urg_mode check is necessary during a below snd_una win probe */ | 665 | /* The urg_mode check is necessary during a below snd_una win probe */ |
| 666 | if (unlikely(tcp_urg_mode(tp))) { | 666 | if (unlikely(tcp_urg_mode(tp) && |
| 667 | if (between(tp->snd_up, tcb->seq + 1, tcb->seq + 0xFFFF)) { | 667 | between(tp->snd_up, tcb->seq + 1, tcb->seq + 0xFFFF))) { |
| 668 | th->urg_ptr = htons(tp->snd_up - tcb->seq); | 668 | th->urg_ptr = htons(tp->snd_up - tcb->seq); |
| 669 | th->urg = 1; | 669 | th->urg = 1; |
| 670 | } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) { | ||
| 671 | th->urg_ptr = 0xFFFF; | ||
| 672 | th->urg = 1; | ||
| 673 | } | ||
| 674 | } | 670 | } |
| 675 | 671 | ||
| 676 | tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location); | 672 | tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location); |
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index b7faffe5c029..c47c989cb1fb 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c | |||
| @@ -1015,9 +1015,11 @@ static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 1015 | 1015 | ||
| 1016 | if ((rc = sock_queue_rcv_skb(sk, skb)) < 0) { | 1016 | if ((rc = sock_queue_rcv_skb(sk, skb)) < 0) { |
| 1017 | /* Note that an ENOMEM error is charged twice */ | 1017 | /* Note that an ENOMEM error is charged twice */ |
| 1018 | if (rc == -ENOMEM) | 1018 | if (rc == -ENOMEM) { |
| 1019 | UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, | 1019 | UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, |
| 1020 | is_udplite); | 1020 | is_udplite); |
| 1021 | atomic_inc(&sk->sk_drops); | ||
| 1022 | } | ||
| 1021 | goto drop; | 1023 | goto drop; |
| 1022 | } | 1024 | } |
| 1023 | 1025 | ||
| @@ -1229,11 +1231,10 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, | |||
| 1229 | int proto) | 1231 | int proto) |
| 1230 | { | 1232 | { |
| 1231 | struct sock *sk; | 1233 | struct sock *sk; |
| 1232 | struct udphdr *uh = udp_hdr(skb); | 1234 | struct udphdr *uh; |
| 1233 | unsigned short ulen; | 1235 | unsigned short ulen; |
| 1234 | struct rtable *rt = (struct rtable*)skb->dst; | 1236 | struct rtable *rt = (struct rtable*)skb->dst; |
| 1235 | __be32 saddr = ip_hdr(skb)->saddr; | 1237 | __be32 saddr, daddr; |
| 1236 | __be32 daddr = ip_hdr(skb)->daddr; | ||
| 1237 | struct net *net = dev_net(skb->dev); | 1238 | struct net *net = dev_net(skb->dev); |
| 1238 | 1239 | ||
| 1239 | /* | 1240 | /* |
| @@ -1242,6 +1243,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, | |||
| 1242 | if (!pskb_may_pull(skb, sizeof(struct udphdr))) | 1243 | if (!pskb_may_pull(skb, sizeof(struct udphdr))) |
| 1243 | goto drop; /* No space for header. */ | 1244 | goto drop; /* No space for header. */ |
| 1244 | 1245 | ||
| 1246 | uh = udp_hdr(skb); | ||
| 1245 | ulen = ntohs(uh->len); | 1247 | ulen = ntohs(uh->len); |
| 1246 | if (ulen > skb->len) | 1248 | if (ulen > skb->len) |
| 1247 | goto short_packet; | 1249 | goto short_packet; |
| @@ -1256,6 +1258,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, | |||
| 1256 | if (udp4_csum_init(skb, uh, proto)) | 1258 | if (udp4_csum_init(skb, uh, proto)) |
| 1257 | goto csum_error; | 1259 | goto csum_error; |
| 1258 | 1260 | ||
| 1261 | saddr = ip_hdr(skb)->saddr; | ||
| 1262 | daddr = ip_hdr(skb)->daddr; | ||
| 1263 | |||
| 1259 | if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) | 1264 | if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) |
| 1260 | return __udp4_lib_mcast_deliver(net, skb, uh, | 1265 | return __udp4_lib_mcast_deliver(net, skb, uh, |
| 1261 | saddr, daddr, udptable); | 1266 | saddr, daddr, udptable); |