aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/addrconf.c2
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/exthdrs_core.c11
-rw-r--r--net/ipv6/icmp.c4
-rw-r--r--net/ipv6/netfilter/ip6_queue.c20
-rw-r--r--net/ipv6/raw.c7
-rw-r--r--net/ipv6/route.c2
-rw-r--r--net/ipv6/tcp_ipv6.c7
-rw-r--r--net/ipv6/xfrm6_policy.c43
9 files changed, 70 insertions, 28 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 7196ac2f2d16..7744a2592693 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3076,7 +3076,7 @@ static void inet6_prefix_notify(int event, struct inet6_dev *idev,
3076 netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_PREFIX, GFP_ATOMIC); 3076 netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_PREFIX, GFP_ATOMIC);
3077} 3077}
3078 3078
3079static struct rtnetlink_link inet6_rtnetlink_table[RTM_MAX - RTM_BASE + 1] = { 3079static struct rtnetlink_link inet6_rtnetlink_table[RTM_NR_MSGTYPES] = {
3080 [RTM_GETLINK - RTM_BASE] = { .dumpit = inet6_dump_ifinfo, }, 3080 [RTM_GETLINK - RTM_BASE] = { .dumpit = inet6_dump_ifinfo, },
3081 [RTM_NEWADDR - RTM_BASE] = { .doit = inet6_rtm_newaddr, }, 3081 [RTM_NEWADDR - RTM_BASE] = { .doit = inet6_rtm_newaddr, },
3082 [RTM_DELADDR - RTM_BASE] = { .doit = inet6_rtm_deladdr, }, 3082 [RTM_DELADDR - RTM_BASE] = { .doit = inet6_rtm_deladdr, },
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 768b11703daf..2b193e3df49a 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -28,7 +28,6 @@
28#include <linux/socket.h> 28#include <linux/socket.h>
29#include <linux/in.h> 29#include <linux/in.h>
30#include <linux/kernel.h> 30#include <linux/kernel.h>
31#include <linux/major.h>
32#include <linux/sched.h> 31#include <linux/sched.h>
33#include <linux/timer.h> 32#include <linux/timer.h>
34#include <linux/string.h> 33#include <linux/string.h>
@@ -88,6 +87,7 @@ int sysctl_ipv6_bindv6only;
88 87
89#ifdef INET_REFCNT_DEBUG 88#ifdef INET_REFCNT_DEBUG
90atomic_t inet6_sock_nr; 89atomic_t inet6_sock_nr;
90EXPORT_SYMBOL(inet6_sock_nr);
91#endif 91#endif
92 92
93/* The inetsw table contains everything that inet_create needs to 93/* The inetsw table contains everything that inet_create needs to
diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c
index 6dda815c013f..315bc1fbec3f 100644
--- a/net/ipv6/exthdrs_core.c
+++ b/net/ipv6/exthdrs_core.c
@@ -41,8 +41,8 @@ int ipv6_ext_hdr(u8 nexthdr)
41 * when Linux implements ESP (and maybe AUTH) headers. 41 * when Linux implements ESP (and maybe AUTH) headers.
42 * --AK 42 * --AK
43 * 43 *
44 * This function parses (probably truncated) exthdr set "hdr" 44 * This function parses (probably truncated) exthdr set "hdr".
45 * of length "len". "nexthdrp" initially points to some place, 45 * "nexthdrp" initially points to some place,
46 * where type of the first header can be found. 46 * where type of the first header can be found.
47 * 47 *
48 * It skips all well-known exthdrs, and returns pointer to the start 48 * It skips all well-known exthdrs, and returns pointer to the start
@@ -63,7 +63,7 @@ int ipv6_ext_hdr(u8 nexthdr)
63 * --ANK (980726) 63 * --ANK (980726)
64 */ 64 */
65 65
66int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp, int len) 66int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp)
67{ 67{
68 u8 nexthdr = *nexthdrp; 68 u8 nexthdr = *nexthdrp;
69 69
@@ -71,13 +71,11 @@ int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp, int len
71 struct ipv6_opt_hdr _hdr, *hp; 71 struct ipv6_opt_hdr _hdr, *hp;
72 int hdrlen; 72 int hdrlen;
73 73
74 if (len < (int)sizeof(struct ipv6_opt_hdr))
75 return -1;
76 if (nexthdr == NEXTHDR_NONE) 74 if (nexthdr == NEXTHDR_NONE)
77 return -1; 75 return -1;
78 hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr); 76 hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
79 if (hp == NULL) 77 if (hp == NULL)
80 BUG(); 78 return -1;
81 if (nexthdr == NEXTHDR_FRAGMENT) { 79 if (nexthdr == NEXTHDR_FRAGMENT) {
82 unsigned short _frag_off, *fp; 80 unsigned short _frag_off, *fp;
83 fp = skb_header_pointer(skb, 81 fp = skb_header_pointer(skb,
@@ -97,7 +95,6 @@ int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp, int len
97 hdrlen = ipv6_optlen(hp); 95 hdrlen = ipv6_optlen(hp);
98 96
99 nexthdr = hp->nexthdr; 97 nexthdr = hp->nexthdr;
100 len -= hdrlen;
101 start += hdrlen; 98 start += hdrlen;
102 } 99 }
103 100
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 87b9082ceab2..8e0f569b883e 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -135,7 +135,7 @@ static int is_ineligible(struct sk_buff *skb)
135 if (len < 0) 135 if (len < 0)
136 return 1; 136 return 1;
137 137
138 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, len); 138 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr);
139 if (ptr < 0) 139 if (ptr < 0)
140 return 0; 140 return 0;
141 if (nexthdr == IPPROTO_ICMPV6) { 141 if (nexthdr == IPPROTO_ICMPV6) {
@@ -514,7 +514,7 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, u32 info)
514 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 514 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
515 if (ipv6_ext_hdr(nexthdr)) { 515 if (ipv6_ext_hdr(nexthdr)) {
516 /* now skip over extension headers */ 516 /* now skip over extension headers */
517 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, skb->len - sizeof(struct ipv6hdr)); 517 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
518 if (inner_offset<0) 518 if (inner_offset<0)
519 return; 519 return;
520 } else { 520 } else {
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index c54830b89593..750943e2d34e 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -549,20 +549,18 @@ ipq_rcv_skb(struct sk_buff *skb)
549static void 549static void
550ipq_rcv_sk(struct sock *sk, int len) 550ipq_rcv_sk(struct sock *sk, int len)
551{ 551{
552 do { 552 struct sk_buff *skb;
553 struct sk_buff *skb; 553 unsigned int qlen;
554 554
555 if (down_trylock(&ipqnl_sem)) 555 down(&ipqnl_sem);
556 return;
557 556
558 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { 557 for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) {
559 ipq_rcv_skb(skb); 558 skb = skb_dequeue(&sk->sk_receive_queue);
560 kfree_skb(skb); 559 ipq_rcv_skb(skb);
561 } 560 kfree_skb(skb);
561 }
562 562
563 up(&ipqnl_sem); 563 up(&ipqnl_sem);
564
565 } while (ipqnl && ipqnl->sk_receive_queue.qlen);
566} 564}
567 565
568static int 566static int
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 1352c1d9bf4d..617645bc5ed6 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -455,11 +455,11 @@ csum_copy_err:
455static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl, 455static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
456 struct raw6_sock *rp) 456 struct raw6_sock *rp)
457{ 457{
458 struct inet_sock *inet = inet_sk(sk);
459 struct sk_buff *skb; 458 struct sk_buff *skb;
460 int err = 0; 459 int err = 0;
461 int offset; 460 int offset;
462 int len; 461 int len;
462 int total_len;
463 u32 tmp_csum; 463 u32 tmp_csum;
464 u16 csum; 464 u16 csum;
465 465
@@ -470,7 +470,8 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
470 goto out; 470 goto out;
471 471
472 offset = rp->offset; 472 offset = rp->offset;
473 if (offset >= inet->cork.length - 1) { 473 total_len = inet_sk(sk)->cork.length - (skb->nh.raw - skb->data);
474 if (offset >= total_len - 1) {
474 err = -EINVAL; 475 err = -EINVAL;
475 ip6_flush_pending_frames(sk); 476 ip6_flush_pending_frames(sk);
476 goto out; 477 goto out;
@@ -514,7 +515,7 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
514 515
515 tmp_csum = csum_ipv6_magic(&fl->fl6_src, 516 tmp_csum = csum_ipv6_magic(&fl->fl6_src,
516 &fl->fl6_dst, 517 &fl->fl6_dst,
517 inet->cork.length, fl->proto, tmp_csum); 518 total_len, fl->proto, tmp_csum);
518 519
519 if (tmp_csum == 0) 520 if (tmp_csum == 0)
520 tmp_csum = -1; 521 tmp_csum = -1;
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 183802902c02..3bf8a0254f81 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2005,7 +2005,7 @@ ctl_table ipv6_route_table[] = {
2005 .procname = "flush", 2005 .procname = "flush",
2006 .data = &flush_delay, 2006 .data = &flush_delay,
2007 .maxlen = sizeof(int), 2007 .maxlen = sizeof(int),
2008 .mode = 0644, 2008 .mode = 0200,
2009 .proc_handler = &ipv6_sysctl_rtcache_flush 2009 .proc_handler = &ipv6_sysctl_rtcache_flush
2010 }, 2010 },
2011 { 2011 {
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 4760c85e19db..0f69e800a0ad 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -139,9 +139,12 @@ static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
139 int rover; 139 int rover;
140 140
141 spin_lock(&tcp_portalloc_lock); 141 spin_lock(&tcp_portalloc_lock);
142 rover = tcp_port_rover; 142 if (tcp_port_rover < low)
143 rover = low;
144 else
145 rover = tcp_port_rover;
143 do { rover++; 146 do { rover++;
144 if ((rover < low) || (rover > high)) 147 if (rover > high)
145 rover = low; 148 rover = low;
146 head = &tcp_bhash[tcp_bhashfn(rover)]; 149 head = &tcp_bhash[tcp_bhashfn(rover)];
147 spin_lock(&head->lock); 150 spin_lock(&head->lock);
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 8a4f37de4d2d..4429b1a1fe5f 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -11,7 +11,11 @@
11 * 11 *
12 */ 12 */
13 13
14#include <asm/bug.h>
15#include <linux/compiler.h>
14#include <linux/config.h> 16#include <linux/config.h>
17#include <linux/netdevice.h>
18#include <net/addrconf.h>
15#include <net/xfrm.h> 19#include <net/xfrm.h>
16#include <net/ip.h> 20#include <net/ip.h>
17#include <net/ipv6.h> 21#include <net/ipv6.h>
@@ -166,6 +170,8 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
166 memcpy(&x->u.rt6.rt6i_gateway, &rt0->rt6i_gateway, sizeof(x->u.rt6.rt6i_gateway)); 170 memcpy(&x->u.rt6.rt6i_gateway, &rt0->rt6i_gateway, sizeof(x->u.rt6.rt6i_gateway));
167 x->u.rt6.rt6i_dst = rt0->rt6i_dst; 171 x->u.rt6.rt6i_dst = rt0->rt6i_dst;
168 x->u.rt6.rt6i_src = rt0->rt6i_src; 172 x->u.rt6.rt6i_src = rt0->rt6i_src;
173 x->u.rt6.rt6i_idev = rt0->rt6i_idev;
174 in6_dev_hold(rt0->rt6i_idev);
169 header_len -= x->u.dst.xfrm->props.header_len; 175 header_len -= x->u.dst.xfrm->props.header_len;
170 trailer_len -= x->u.dst.xfrm->props.trailer_len; 176 trailer_len -= x->u.dst.xfrm->props.trailer_len;
171 } 177 }
@@ -251,11 +257,48 @@ static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu)
251 path->ops->update_pmtu(path, mtu); 257 path->ops->update_pmtu(path, mtu);
252} 258}
253 259
260static void xfrm6_dst_destroy(struct dst_entry *dst)
261{
262 struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
263
264 if (likely(xdst->u.rt6.rt6i_idev))
265 in6_dev_put(xdst->u.rt6.rt6i_idev);
266 xfrm_dst_destroy(xdst);
267}
268
269static void xfrm6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
270 int unregister)
271{
272 struct xfrm_dst *xdst;
273
274 if (!unregister)
275 return;
276
277 xdst = (struct xfrm_dst *)dst;
278 if (xdst->u.rt6.rt6i_idev->dev == dev) {
279 struct inet6_dev *loopback_idev = in6_dev_get(&loopback_dev);
280 BUG_ON(!loopback_idev);
281
282 do {
283 in6_dev_put(xdst->u.rt6.rt6i_idev);
284 xdst->u.rt6.rt6i_idev = loopback_idev;
285 in6_dev_hold(loopback_idev);
286 xdst = (struct xfrm_dst *)xdst->u.dst.child;
287 } while (xdst->u.dst.xfrm);
288
289 __in6_dev_put(loopback_idev);
290 }
291
292 xfrm_dst_ifdown(dst, dev);
293}
294
254static struct dst_ops xfrm6_dst_ops = { 295static struct dst_ops xfrm6_dst_ops = {
255 .family = AF_INET6, 296 .family = AF_INET6,
256 .protocol = __constant_htons(ETH_P_IPV6), 297 .protocol = __constant_htons(ETH_P_IPV6),
257 .gc = xfrm6_garbage_collect, 298 .gc = xfrm6_garbage_collect,
258 .update_pmtu = xfrm6_update_pmtu, 299 .update_pmtu = xfrm6_update_pmtu,
300 .destroy = xfrm6_dst_destroy,
301 .ifdown = xfrm6_dst_ifdown,
259 .gc_thresh = 1024, 302 .gc_thresh = 1024,
260 .entry_size = sizeof(struct xfrm_dst), 303 .entry_size = sizeof(struct xfrm_dst),
261}; 304};
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-18 22:40:01 -0500