aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/cipso_ipv4.c22
-rw-r--r--net/ipv4/fib_frontend.c5
-rw-r--r--net/ipv4/inetpeer.c29
-rw-r--r--net/ipv4/netfilter/arp_tables.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c72
-rw-r--r--net/ipv4/netfilter/ip_tables.c3
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c6
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c6
-rw-r--r--net/ipv4/tcp_ipv4.c2
-rw-r--r--net/ipv4/tcp_output.c20
10 files changed, 66 insertions, 101 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index bde8ccaa1531..e2077a3aa8c0 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -773,13 +773,15 @@ static int cipso_v4_map_cat_rbm_valid(const struct cipso_v4_doi *doi_def,
773{ 773{
774 int cat = -1; 774 int cat = -1;
775 u32 bitmap_len_bits = bitmap_len * 8; 775 u32 bitmap_len_bits = bitmap_len * 8;
776 u32 cipso_cat_size = doi_def->map.std->cat.cipso_size; 776 u32 cipso_cat_size;
777 u32 *cipso_array = doi_def->map.std->cat.cipso; 777 u32 *cipso_array;
778 778
779 switch (doi_def->type) { 779 switch (doi_def->type) {
780 case CIPSO_V4_MAP_PASS: 780 case CIPSO_V4_MAP_PASS:
781 return 0; 781 return 0;
782 case CIPSO_V4_MAP_STD: 782 case CIPSO_V4_MAP_STD:
783 cipso_cat_size = doi_def->map.std->cat.cipso_size;
784 cipso_array = doi_def->map.std->cat.cipso;
783 for (;;) { 785 for (;;) {
784 cat = cipso_v4_bitmap_walk(bitmap, 786 cat = cipso_v4_bitmap_walk(bitmap,
785 bitmap_len_bits, 787 bitmap_len_bits,
@@ -825,19 +827,21 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def,
825 u32 net_spot_max = 0; 827 u32 net_spot_max = 0;
826 u32 host_clen_bits = host_cat_len * 8; 828 u32 host_clen_bits = host_cat_len * 8;
827 u32 net_clen_bits = net_cat_len * 8; 829 u32 net_clen_bits = net_cat_len * 8;
828 u32 host_cat_size = doi_def->map.std->cat.local_size; 830 u32 host_cat_size;
829 u32 *host_cat_array = doi_def->map.std->cat.local; 831 u32 *host_cat_array;
830 832
831 switch (doi_def->type) { 833 switch (doi_def->type) {
832 case CIPSO_V4_MAP_PASS: 834 case CIPSO_V4_MAP_PASS:
833 net_spot_max = host_cat_len - 1; 835 net_spot_max = host_cat_len;
834 while (net_spot_max > 0 && host_cat[net_spot_max] == 0) 836 while (net_spot_max > 0 && host_cat[net_spot_max - 1] == 0)
835 net_spot_max--; 837 net_spot_max--;
836 if (net_spot_max > net_cat_len) 838 if (net_spot_max > net_cat_len)
837 return -EINVAL; 839 return -EINVAL;
838 memcpy(net_cat, host_cat, net_spot_max); 840 memcpy(net_cat, host_cat, net_spot_max);
839 return net_spot_max; 841 return net_spot_max;
840 case CIPSO_V4_MAP_STD: 842 case CIPSO_V4_MAP_STD:
843 host_cat_size = doi_def->map.std->cat.local_size;
844 host_cat_array = doi_def->map.std->cat.local;
841 for (;;) { 845 for (;;) {
842 host_spot = cipso_v4_bitmap_walk(host_cat, 846 host_spot = cipso_v4_bitmap_walk(host_cat,
843 host_clen_bits, 847 host_clen_bits,
@@ -893,8 +897,8 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
893 int net_spot = -1; 897 int net_spot = -1;
894 u32 net_clen_bits = net_cat_len * 8; 898 u32 net_clen_bits = net_cat_len * 8;
895 u32 host_clen_bits = host_cat_len * 8; 899 u32 host_clen_bits = host_cat_len * 8;
896 u32 net_cat_size = doi_def->map.std->cat.cipso_size; 900 u32 net_cat_size;
897 u32 *net_cat_array = doi_def->map.std->cat.cipso; 901 u32 *net_cat_array;
898 902
899 switch (doi_def->type) { 903 switch (doi_def->type) {
900 case CIPSO_V4_MAP_PASS: 904 case CIPSO_V4_MAP_PASS:
@@ -903,6 +907,8 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
903 memcpy(host_cat, net_cat, net_cat_len); 907 memcpy(host_cat, net_cat, net_cat_len);
904 return net_cat_len; 908 return net_cat_len;
905 case CIPSO_V4_MAP_STD: 909 case CIPSO_V4_MAP_STD:
910 net_cat_size = doi_def->map.std->cat.cipso_size;
911 net_cat_array = doi_def->map.std->cat.cipso;
906 for (;;) { 912 for (;;) {
907 net_spot = cipso_v4_bitmap_walk(net_cat, 913 net_spot = cipso_v4_bitmap_walk(net_cat,
908 net_clen_bits, 914 net_clen_bits,
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 9c399a70dd5d..af0190d8b6c0 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -482,9 +482,7 @@ static int rtm_to_fib_config(struct sk_buff *skb, struct nlmsghdr *nlh,
482 memset(cfg, 0, sizeof(*cfg)); 482 memset(cfg, 0, sizeof(*cfg));
483 483
484 rtm = nlmsg_data(nlh); 484 rtm = nlmsg_data(nlh);
485 cfg->fc_family = rtm->rtm_family;
486 cfg->fc_dst_len = rtm->rtm_dst_len; 485 cfg->fc_dst_len = rtm->rtm_dst_len;
487 cfg->fc_src_len = rtm->rtm_src_len;
488 cfg->fc_tos = rtm->rtm_tos; 486 cfg->fc_tos = rtm->rtm_tos;
489 cfg->fc_table = rtm->rtm_table; 487 cfg->fc_table = rtm->rtm_table;
490 cfg->fc_protocol = rtm->rtm_protocol; 488 cfg->fc_protocol = rtm->rtm_protocol;
@@ -501,9 +499,6 @@ static int rtm_to_fib_config(struct sk_buff *skb, struct nlmsghdr *nlh,
501 case RTA_DST: 499 case RTA_DST:
502 cfg->fc_dst = nla_get_be32(attr); 500 cfg->fc_dst = nla_get_be32(attr);
503 break; 501 break;
504 case RTA_SRC:
505 cfg->fc_src = nla_get_be32(attr);
506 break;
507 case RTA_OIF: 502 case RTA_OIF:
508 cfg->fc_oif = nla_get_u32(attr); 503 cfg->fc_oif = nla_get_u32(attr);
509 break; 504 break;
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index 2b1a54b59c48..f072f3875af8 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -94,10 +94,8 @@ int inet_peer_minttl = 120 * HZ; /* TTL under high load: 120 sec */
94int inet_peer_maxttl = 10 * 60 * HZ; /* usual time to live: 10 min */ 94int inet_peer_maxttl = 10 * 60 * HZ; /* usual time to live: 10 min */
95 95
96static struct inet_peer *inet_peer_unused_head; 96static struct inet_peer *inet_peer_unused_head;
97/* Exported for inet_putpeer inline function. */ 97static struct inet_peer **inet_peer_unused_tailp = &inet_peer_unused_head;
98struct inet_peer **inet_peer_unused_tailp = &inet_peer_unused_head; 98static DEFINE_SPINLOCK(inet_peer_unused_lock);
99DEFINE_SPINLOCK(inet_peer_unused_lock);
100#define PEER_MAX_CLEANUP_WORK 30
101 99
102static void peer_check_expire(unsigned long dummy); 100static void peer_check_expire(unsigned long dummy);
103static DEFINE_TIMER(peer_periodic_timer, peer_check_expire, 0, 0); 101static DEFINE_TIMER(peer_periodic_timer, peer_check_expire, 0, 0);
@@ -340,7 +338,8 @@ static int cleanup_once(unsigned long ttl)
340 spin_lock_bh(&inet_peer_unused_lock); 338 spin_lock_bh(&inet_peer_unused_lock);
341 p = inet_peer_unused_head; 339 p = inet_peer_unused_head;
342 if (p != NULL) { 340 if (p != NULL) {
343 if (time_after(p->dtime + ttl, jiffies)) { 341 __u32 delta = (__u32)jiffies - p->dtime;
342 if (delta < ttl) {
344 /* Do not prune fresh entries. */ 343 /* Do not prune fresh entries. */
345 spin_unlock_bh(&inet_peer_unused_lock); 344 spin_unlock_bh(&inet_peer_unused_lock);
346 return -1; 345 return -1;
@@ -432,7 +431,7 @@ out_free:
432/* Called with local BH disabled. */ 431/* Called with local BH disabled. */
433static void peer_check_expire(unsigned long dummy) 432static void peer_check_expire(unsigned long dummy)
434{ 433{
435 int i; 434 unsigned long now = jiffies;
436 int ttl; 435 int ttl;
437 436
438 if (peer_total >= inet_peer_threshold) 437 if (peer_total >= inet_peer_threshold)
@@ -441,7 +440,10 @@ static void peer_check_expire(unsigned long dummy)
441 ttl = inet_peer_maxttl 440 ttl = inet_peer_maxttl
442 - (inet_peer_maxttl - inet_peer_minttl) / HZ * 441 - (inet_peer_maxttl - inet_peer_minttl) / HZ *
443 peer_total / inet_peer_threshold * HZ; 442 peer_total / inet_peer_threshold * HZ;
444 for (i = 0; i < PEER_MAX_CLEANUP_WORK && !cleanup_once(ttl); i++); 443 while (!cleanup_once(ttl)) {
444 if (jiffies != now)
445 break;
446 }
445 447
446 /* Trigger the timer after inet_peer_gc_mintime .. inet_peer_gc_maxtime 448 /* Trigger the timer after inet_peer_gc_mintime .. inet_peer_gc_maxtime
447 * interval depending on the total number of entries (more entries, 449 * interval depending on the total number of entries (more entries,
@@ -455,3 +457,16 @@ static void peer_check_expire(unsigned long dummy)
455 peer_total / inet_peer_threshold * HZ; 457 peer_total / inet_peer_threshold * HZ;
456 add_timer(&peer_periodic_timer); 458 add_timer(&peer_periodic_timer);
457} 459}
460
461void inet_putpeer(struct inet_peer *p)
462{
463 spin_lock_bh(&inet_peer_unused_lock);
464 if (atomic_dec_and_test(&p->refcnt)) {
465 p->unused_prevp = inet_peer_unused_tailp;
466 p->unused_next = NULL;
467 *inet_peer_unused_tailp = p;
468 inet_peer_unused_tailp = &p->unused_next;
469 p->dtime = (__u32)jiffies;
470 }
471 spin_unlock_bh(&inet_peer_unused_lock);
472}
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 17e1a687ab45..0849f1cced13 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1196,6 +1196,8 @@ err1:
1196static void __exit arp_tables_fini(void) 1196static void __exit arp_tables_fini(void)
1197{ 1197{
1198 nf_unregister_sockopt(&arpt_sockopts); 1198 nf_unregister_sockopt(&arpt_sockopts);
1199 xt_unregister_target(&arpt_error_target);
1200 xt_unregister_target(&arpt_standard_target);
1199 xt_proto_fini(NF_ARP); 1201 xt_proto_fini(NF_ARP);
1200} 1202}
1201 1203
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 53b6dffea6c2..262d0d44ec1b 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -44,13 +44,6 @@ MODULE_LICENSE("GPL");
44 44
45static char __initdata version[] = "0.90"; 45static char __initdata version[] = "0.90";
46 46
47#if 0
48#define DEBUGP printk
49#else
50#define DEBUGP(format, args...)
51#endif
52
53
54static inline int 47static inline int
55ctnetlink_dump_tuples_proto(struct sk_buff *skb, 48ctnetlink_dump_tuples_proto(struct sk_buff *skb,
56 const struct ip_conntrack_tuple *tuple, 49 const struct ip_conntrack_tuple *tuple,
@@ -398,7 +391,6 @@ nfattr_failure:
398 391
399static int ctnetlink_done(struct netlink_callback *cb) 392static int ctnetlink_done(struct netlink_callback *cb)
400{ 393{
401 DEBUGP("entered %s\n", __FUNCTION__);
402 if (cb->args[1]) 394 if (cb->args[1])
403 ip_conntrack_put((struct ip_conntrack *)cb->args[1]); 395 ip_conntrack_put((struct ip_conntrack *)cb->args[1]);
404 return 0; 396 return 0;
@@ -411,9 +403,6 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
411 struct ip_conntrack_tuple_hash *h; 403 struct ip_conntrack_tuple_hash *h;
412 struct list_head *i; 404 struct list_head *i;
413 405
414 DEBUGP("entered %s, last bucket=%lu id=%u\n", __FUNCTION__,
415 cb->args[0], *id);
416
417 read_lock_bh(&ip_conntrack_lock); 406 read_lock_bh(&ip_conntrack_lock);
418 last = (struct ip_conntrack *)cb->args[1]; 407 last = (struct ip_conntrack *)cb->args[1];
419 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) { 408 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) {
@@ -452,7 +441,6 @@ out:
452 if (last) 441 if (last)
453 ip_conntrack_put(last); 442 ip_conntrack_put(last);
454 443
455 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
456 return skb->len; 444 return skb->len;
457} 445}
458 446
@@ -466,8 +454,6 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct ip_conntrack_tuple *tuple)
466{ 454{
467 struct nfattr *tb[CTA_IP_MAX]; 455 struct nfattr *tb[CTA_IP_MAX];
468 456
469 DEBUGP("entered %s\n", __FUNCTION__);
470
471 nfattr_parse_nested(tb, CTA_IP_MAX, attr); 457 nfattr_parse_nested(tb, CTA_IP_MAX, attr);
472 458
473 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) 459 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
@@ -481,8 +467,6 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct ip_conntrack_tuple *tuple)
481 return -EINVAL; 467 return -EINVAL;
482 tuple->dst.ip = *(__be32 *)NFA_DATA(tb[CTA_IP_V4_DST-1]); 468 tuple->dst.ip = *(__be32 *)NFA_DATA(tb[CTA_IP_V4_DST-1]);
483 469
484 DEBUGP("leaving\n");
485
486 return 0; 470 return 0;
487} 471}
488 472
@@ -503,8 +487,6 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
503 struct ip_conntrack_protocol *proto; 487 struct ip_conntrack_protocol *proto;
504 int ret = 0; 488 int ret = 0;
505 489
506 DEBUGP("entered %s\n", __FUNCTION__);
507
508 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr); 490 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr);
509 491
510 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 492 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
@@ -531,8 +513,6 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct ip_conntrack_tuple *tuple,
531 struct nfattr *tb[CTA_TUPLE_MAX]; 513 struct nfattr *tb[CTA_TUPLE_MAX];
532 int err; 514 int err;
533 515
534 DEBUGP("entered %s\n", __FUNCTION__);
535
536 memset(tuple, 0, sizeof(*tuple)); 516 memset(tuple, 0, sizeof(*tuple));
537 517
538 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]); 518 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]);
@@ -557,10 +537,6 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct ip_conntrack_tuple *tuple,
557 else 537 else
558 tuple->dst.dir = IP_CT_DIR_ORIGINAL; 538 tuple->dst.dir = IP_CT_DIR_ORIGINAL;
559 539
560 DUMP_TUPLE(tuple);
561
562 DEBUGP("leaving\n");
563
564 return 0; 540 return 0;
565} 541}
566 542
@@ -577,8 +553,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
577 struct nfattr *tb[CTA_PROTONAT_MAX]; 553 struct nfattr *tb[CTA_PROTONAT_MAX];
578 struct ip_nat_protocol *npt; 554 struct ip_nat_protocol *npt;
579 555
580 DEBUGP("entered %s\n", __FUNCTION__);
581
582 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr); 556 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr);
583 557
584 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat)) 558 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat))
@@ -597,7 +571,6 @@ static int ctnetlink_parse_nat_proto(struct nfattr *attr,
597 571
598 ip_nat_proto_put(npt); 572 ip_nat_proto_put(npt);
599 573
600 DEBUGP("leaving\n");
601 return 0; 574 return 0;
602} 575}
603 576
@@ -613,8 +586,6 @@ ctnetlink_parse_nat(struct nfattr *nat,
613 struct nfattr *tb[CTA_NAT_MAX]; 586 struct nfattr *tb[CTA_NAT_MAX];
614 int err; 587 int err;
615 588
616 DEBUGP("entered %s\n", __FUNCTION__);
617
618 memset(range, 0, sizeof(*range)); 589 memset(range, 0, sizeof(*range));
619 590
620 nfattr_parse_nested(tb, CTA_NAT_MAX, nat); 591 nfattr_parse_nested(tb, CTA_NAT_MAX, nat);
@@ -640,7 +611,6 @@ ctnetlink_parse_nat(struct nfattr *nat,
640 if (err < 0) 611 if (err < 0)
641 return err; 612 return err;
642 613
643 DEBUGP("leaving\n");
644 return 0; 614 return 0;
645} 615}
646#endif 616#endif
@@ -650,8 +620,6 @@ ctnetlink_parse_help(struct nfattr *attr, char **helper_name)
650{ 620{
651 struct nfattr *tb[CTA_HELP_MAX]; 621 struct nfattr *tb[CTA_HELP_MAX];
652 622
653 DEBUGP("entered %s\n", __FUNCTION__);
654
655 nfattr_parse_nested(tb, CTA_HELP_MAX, attr); 623 nfattr_parse_nested(tb, CTA_HELP_MAX, attr);
656 624
657 if (!tb[CTA_HELP_NAME-1]) 625 if (!tb[CTA_HELP_NAME-1])
@@ -679,8 +647,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
679 struct ip_conntrack *ct; 647 struct ip_conntrack *ct;
680 int err = 0; 648 int err = 0;
681 649
682 DEBUGP("entered %s\n", __FUNCTION__);
683
684 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 650 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
685 return -EINVAL; 651 return -EINVAL;
686 652
@@ -698,10 +664,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
698 return err; 664 return err;
699 665
700 h = ip_conntrack_find_get(&tuple, NULL); 666 h = ip_conntrack_find_get(&tuple, NULL);
701 if (!h) { 667 if (!h)
702 DEBUGP("tuple not found in conntrack hash\n");
703 return -ENOENT; 668 return -ENOENT;
704 }
705 669
706 ct = tuplehash_to_ctrack(h); 670 ct = tuplehash_to_ctrack(h);
707 671
@@ -716,7 +680,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
716 ct->timeout.function((unsigned long)ct); 680 ct->timeout.function((unsigned long)ct);
717 681
718 ip_conntrack_put(ct); 682 ip_conntrack_put(ct);
719 DEBUGP("leaving\n");
720 683
721 return 0; 684 return 0;
722} 685}
@@ -731,8 +694,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
731 struct sk_buff *skb2 = NULL; 694 struct sk_buff *skb2 = NULL;
732 int err = 0; 695 int err = 0;
733 696
734 DEBUGP("entered %s\n", __FUNCTION__);
735
736 if (nlh->nlmsg_flags & NLM_F_DUMP) { 697 if (nlh->nlmsg_flags & NLM_F_DUMP) {
737 struct nfgenmsg *msg = NLMSG_DATA(nlh); 698 struct nfgenmsg *msg = NLMSG_DATA(nlh);
738 u32 rlen; 699 u32 rlen;
@@ -770,11 +731,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
770 return err; 731 return err;
771 732
772 h = ip_conntrack_find_get(&tuple, NULL); 733 h = ip_conntrack_find_get(&tuple, NULL);
773 if (!h) { 734 if (!h)
774 DEBUGP("tuple not found in conntrack hash");
775 return -ENOENT; 735 return -ENOENT;
776 } 736
777 DEBUGP("tuple found\n");
778 ct = tuplehash_to_ctrack(h); 737 ct = tuplehash_to_ctrack(h);
779 738
780 err = -ENOMEM; 739 err = -ENOMEM;
@@ -795,7 +754,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
795 if (err < 0) 754 if (err < 0)
796 goto out; 755 goto out;
797 756
798 DEBUGP("leaving\n");
799 return 0; 757 return 0;
800 758
801free: 759free:
@@ -866,8 +824,6 @@ ctnetlink_change_helper(struct ip_conntrack *ct, struct nfattr *cda[])
866 char *helpname; 824 char *helpname;
867 int err; 825 int err;
868 826
869 DEBUGP("entered %s\n", __FUNCTION__);
870
871 /* don't change helper of sibling connections */ 827 /* don't change helper of sibling connections */
872 if (ct->master) 828 if (ct->master)
873 return -EINVAL; 829 return -EINVAL;
@@ -938,8 +894,6 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
938{ 894{
939 int err; 895 int err;
940 896
941 DEBUGP("entered %s\n", __FUNCTION__);
942
943 if (cda[CTA_HELP-1]) { 897 if (cda[CTA_HELP-1]) {
944 err = ctnetlink_change_helper(ct, cda); 898 err = ctnetlink_change_helper(ct, cda);
945 if (err < 0) 899 if (err < 0)
@@ -969,7 +923,6 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
969 ct->mark = ntohl(*(__be32 *)NFA_DATA(cda[CTA_MARK-1])); 923 ct->mark = ntohl(*(__be32 *)NFA_DATA(cda[CTA_MARK-1]));
970#endif 924#endif
971 925
972 DEBUGP("all done\n");
973 return 0; 926 return 0;
974} 927}
975 928
@@ -981,8 +934,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
981 struct ip_conntrack *ct; 934 struct ip_conntrack *ct;
982 int err = -EINVAL; 935 int err = -EINVAL;
983 936
984 DEBUGP("entered %s\n", __FUNCTION__);
985
986 ct = ip_conntrack_alloc(otuple, rtuple); 937 ct = ip_conntrack_alloc(otuple, rtuple);
987 if (ct == NULL || IS_ERR(ct)) 938 if (ct == NULL || IS_ERR(ct))
988 return -ENOMEM; 939 return -ENOMEM;
@@ -1017,7 +968,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
1017 if (ct->helper) 968 if (ct->helper)
1018 ip_conntrack_helper_put(ct->helper); 969 ip_conntrack_helper_put(ct->helper);
1019 970
1020 DEBUGP("conntrack with id %u inserted\n", ct->id);
1021 return 0; 971 return 0;
1022 972
1023err: 973err:
@@ -1033,8 +983,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1033 struct ip_conntrack_tuple_hash *h = NULL; 983 struct ip_conntrack_tuple_hash *h = NULL;
1034 int err = 0; 984 int err = 0;
1035 985
1036 DEBUGP("entered %s\n", __FUNCTION__);
1037
1038 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 986 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
1039 return -EINVAL; 987 return -EINVAL;
1040 988
@@ -1058,7 +1006,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1058 1006
1059 if (h == NULL) { 1007 if (h == NULL) {
1060 write_unlock_bh(&ip_conntrack_lock); 1008 write_unlock_bh(&ip_conntrack_lock);
1061 DEBUGP("no such conntrack, create new\n");
1062 err = -ENOENT; 1009 err = -ENOENT;
1063 if (nlh->nlmsg_flags & NLM_F_CREATE) 1010 if (nlh->nlmsg_flags & NLM_F_CREATE)
1064 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple); 1011 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
@@ -1074,7 +1021,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1074 1021
1075 /* We manipulate the conntrack inside the global conntrack table lock, 1022 /* We manipulate the conntrack inside the global conntrack table lock,
1076 * so there's no need to increase the refcount */ 1023 * so there's no need to increase the refcount */
1077 DEBUGP("conntrack found\n");
1078 err = -EEXIST; 1024 err = -EEXIST;
1079 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) 1025 if (!(nlh->nlmsg_flags & NLM_F_EXCL))
1080 err = ctnetlink_change_conntrack(tuplehash_to_ctrack(h), cda); 1026 err = ctnetlink_change_conntrack(tuplehash_to_ctrack(h), cda);
@@ -1249,8 +1195,6 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1249 struct list_head *i; 1195 struct list_head *i;
1250 u_int32_t *id = (u_int32_t *) &cb->args[0]; 1196 u_int32_t *id = (u_int32_t *) &cb->args[0];
1251 1197
1252 DEBUGP("entered %s, last id=%llu\n", __FUNCTION__, *id);
1253
1254 read_lock_bh(&ip_conntrack_lock); 1198 read_lock_bh(&ip_conntrack_lock);
1255 list_for_each_prev(i, &ip_conntrack_expect_list) { 1199 list_for_each_prev(i, &ip_conntrack_expect_list) {
1256 exp = (struct ip_conntrack_expect *) i; 1200 exp = (struct ip_conntrack_expect *) i;
@@ -1266,8 +1210,6 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1266out: 1210out:
1267 read_unlock_bh(&ip_conntrack_lock); 1211 read_unlock_bh(&ip_conntrack_lock);
1268 1212
1269 DEBUGP("leaving, last id=%llu\n", *id);
1270
1271 return skb->len; 1213 return skb->len;
1272} 1214}
1273 1215
@@ -1285,8 +1227,6 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1285 struct sk_buff *skb2; 1227 struct sk_buff *skb2;
1286 int err = 0; 1228 int err = 0;
1287 1229
1288 DEBUGP("entered %s\n", __FUNCTION__);
1289
1290 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1230 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1291 return -EINVAL; 1231 return -EINVAL;
1292 1232
@@ -1437,8 +1377,6 @@ ctnetlink_create_expect(struct nfattr *cda[])
1437 struct ip_conntrack *ct; 1377 struct ip_conntrack *ct;
1438 int err = 0; 1378 int err = 0;
1439 1379
1440 DEBUGP("entered %s\n", __FUNCTION__);
1441
1442 /* caller guarantees that those three CTA_EXPECT_* exist */ 1380 /* caller guarantees that those three CTA_EXPECT_* exist */
1443 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE); 1381 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE);
1444 if (err < 0) 1382 if (err < 0)
@@ -1490,8 +1428,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1490 struct ip_conntrack_expect *exp; 1428 struct ip_conntrack_expect *exp;
1491 int err = 0; 1429 int err = 0;
1492 1430
1493 DEBUGP("entered %s\n", __FUNCTION__);
1494
1495 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1431 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1496 return -EINVAL; 1432 return -EINVAL;
1497 1433
@@ -1520,8 +1456,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1520 err = ctnetlink_change_expect(exp, cda); 1456 err = ctnetlink_change_expect(exp, cda);
1521 write_unlock_bh(&ip_conntrack_lock); 1457 write_unlock_bh(&ip_conntrack_lock);
1522 1458
1523 DEBUGP("leaving\n");
1524
1525 return err; 1459 return err;
1526} 1460}
1527 1461
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 78a44b01c035..4b90927619b8 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1932,6 +1932,9 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1932{ 1932{
1933 int ret; 1933 int ret;
1934 1934
1935 if (!capable(CAP_NET_ADMIN))
1936 return -EPERM;
1937
1935 switch (cmd) { 1938 switch (cmd) {
1936 case IPT_SO_GET_INFO: 1939 case IPT_SO_GET_INFO:
1937 ret = get_info(user, len, 1); 1940 ret = get_info(user, len, 1);
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 12a818a2462f..1aa4517fbcdb 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -28,7 +28,7 @@ static inline int
28set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 28set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
29{ 29{
30 struct iphdr *iph = (*pskb)->nh.iph; 30 struct iphdr *iph = (*pskb)->nh.iph;
31 __be16 oldtos; 31 u_int16_t oldtos;
32 32
33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
34 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 34 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
@@ -37,8 +37,8 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
37 oldtos = iph->tos; 37 oldtos = iph->tos;
38 iph->tos &= ~IPT_ECN_IP_MASK; 38 iph->tos &= ~IPT_ECN_IP_MASK;
39 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); 39 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
40 iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos, 40 iph->check = nf_csum_update(htons(oldtos) ^ htons(0xFFFF),
41 iph->check); 41 htons(iph->tos), iph->check);
42 } 42 }
43 return 1; 43 return 1;
44} 44}
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 6b8b14ccc3d3..83b80b3a5d2f 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -30,7 +30,7 @@ target(struct sk_buff **pskb,
30{ 30{
31 const struct ipt_tos_target_info *tosinfo = targinfo; 31 const struct ipt_tos_target_info *tosinfo = targinfo;
32 struct iphdr *iph = (*pskb)->nh.iph; 32 struct iphdr *iph = (*pskb)->nh.iph;
33 __be16 oldtos; 33 u_int16_t oldtos;
34 34
35 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 35 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
36 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
@@ -38,8 +38,8 @@ target(struct sk_buff **pskb,
38 iph = (*pskb)->nh.iph; 38 iph = (*pskb)->nh.iph;
39 oldtos = iph->tos; 39 oldtos = iph->tos;
40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41 iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos, 41 iph->check = nf_csum_update(htons(oldtos) ^ htons(0xFFFF),
42 iph->check); 42 htons(iph->tos), iph->check);
43 } 43 }
44 return IPT_CONTINUE; 44 return IPT_CONTINUE;
45} 45}
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6bbd98575172..22ef8bd26620 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -373,7 +373,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
373 seq = ntohl(th->seq); 373 seq = ntohl(th->seq);
374 if (sk->sk_state != TCP_LISTEN && 374 if (sk->sk_state != TCP_LISTEN &&
375 !between(seq, tp->snd_una, tp->snd_nxt)) { 375 !between(seq, tp->snd_una, tp->snd_nxt)) {
376 NET_INC_STATS(LINUX_MIB_OUTOFWINDOWICMPS); 376 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
377 goto out; 377 goto out;
378 } 378 }
379 379
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index f22536e32cb1..ca406157724c 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1096,10 +1096,14 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1096 u32 send_win, cong_win, limit, in_flight; 1096 u32 send_win, cong_win, limit, in_flight;
1097 1097
1098 if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN) 1098 if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN)
1099 return 0; 1099 goto send_now;
1100 1100
1101 if (icsk->icsk_ca_state != TCP_CA_Open) 1101 if (icsk->icsk_ca_state != TCP_CA_Open)
1102 return 0; 1102 goto send_now;
1103
1104 /* Defer for less than two clock ticks. */
1105 if (!tp->tso_deferred && ((jiffies<<1)>>1) - (tp->tso_deferred>>1) > 1)
1106 goto send_now;
1103 1107
1104 in_flight = tcp_packets_in_flight(tp); 1108 in_flight = tcp_packets_in_flight(tp);
1105 1109
@@ -1115,7 +1119,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1115 1119
1116 /* If a full-sized TSO skb can be sent, do it. */ 1120 /* If a full-sized TSO skb can be sent, do it. */
1117 if (limit >= 65536) 1121 if (limit >= 65536)
1118 return 0; 1122 goto send_now;
1119 1123
1120 if (sysctl_tcp_tso_win_divisor) { 1124 if (sysctl_tcp_tso_win_divisor) {
1121 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache); 1125 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
@@ -1125,7 +1129,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1125 */ 1129 */
1126 chunk /= sysctl_tcp_tso_win_divisor; 1130 chunk /= sysctl_tcp_tso_win_divisor;
1127 if (limit >= chunk) 1131 if (limit >= chunk)
1128 return 0; 1132 goto send_now;
1129 } else { 1133 } else {
1130 /* Different approach, try not to defer past a single 1134 /* Different approach, try not to defer past a single
1131 * ACK. Receiver should ACK every other full sized 1135 * ACK. Receiver should ACK every other full sized
@@ -1133,11 +1137,17 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1133 * then send now. 1137 * then send now.
1134 */ 1138 */
1135 if (limit > tcp_max_burst(tp) * tp->mss_cache) 1139 if (limit > tcp_max_burst(tp) * tp->mss_cache)
1136 return 0; 1140 goto send_now;
1137 } 1141 }
1138 1142
1139 /* Ok, it looks like it is advisable to defer. */ 1143 /* Ok, it looks like it is advisable to defer. */
1144 tp->tso_deferred = 1 | (jiffies<<1);
1145
1140 return 1; 1146 return 1;
1147
1148send_now:
1149 tp->tso_deferred = 0;
1150 return 0;
1141} 1151}
1142 1152
1143/* Create a new MTU probe if we are ready. 1153/* Create a new MTU probe if we are ready.
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-21 11:36:10 -0500