10 files changed, 131 insertions, 74 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f9afb452249c..1220e2c7831e 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -493,15 +493,17 @@ static void addrconf_forward_change(struct net *net, __s32 newf)
        read_unlock(&dev_base_lock);
 }
-static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
+static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
 {
        struct net *net;
        net = (struct net *)table->extra2;
        if (p == &net->ipv6.devconf_dflt->forwarding)
-                return;
+                return 0;
+        if (!rtnl_trylock())
+                return -ERESTARTSYS;
-        rtnl_lock();
        if (p == &net->ipv6.devconf_all->forwarding) {
                __s32 newf = net->ipv6.devconf_all->forwarding;
                net->ipv6.devconf_dflt->forwarding = newf;
@@ -512,6 +514,7 @@ static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
        if (*p)
                rt6_purge_dflt_routers(net);
+        return 1;
 }
 #endif
@@ -2608,9 +2611,6 @@ static int addrconf_ifdown(struct net_device *dev, int how)
        ASSERT_RTNL();
-        if ((dev->flags & IFF_LOOPBACK) && how == 1)
-                how = 0;
        rt6_ifdown(net, dev);
        neigh_ifdown(&nd_tbl, dev);
@@ -3983,7 +3983,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, struct file * filp,
        ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
        if (write)
-                addrconf_fixup_forwarding(ctl, valp, val);
+                ret = addrconf_fixup_forwarding(ctl, valp, val);
        return ret;
 }
@@ -4019,8 +4019,7 @@ static int addrconf_sysctl_forward_strategy(ctl_table *table,
        }
        *valp = new;
-        addrconf_fixup_forwarding(table, valp, val);
+        return addrconf_fixup_forwarding(table, valp, val);
-        return 1;
 }
 static struct addrconf_sysctl_table
@@ -4446,25 +4445,6 @@ int unregister_inet6addr_notifier(struct notifier_block *nb)
 EXPORT_SYMBOL(unregister_inet6addr_notifier);
-static void addrconf_net_exit(struct net *net)
-{
-        struct net_device *dev;
-        rtnl_lock();
-        /* clean dev list */
-        for_each_netdev(net, dev) {
-                if (__in6_dev_get(dev) == NULL)
-                        continue;
-                addrconf_ifdown(dev, 1);
-        }
-        addrconf_ifdown(net->loopback_dev, 2);
-        rtnl_unlock();
-}
-static struct pernet_operations addrconf_net_ops = {
-        .exit = addrconf_net_exit,
-};
 /*
 *      Init / cleanup code
 */
@@ -4506,10 +4486,6 @@ int __init addrconf_init(void)
        if (err)
                goto errlo;
-        err = register_pernet_device(&addrconf_net_ops);
-        if (err)
-                return err;
        register_netdevice_notifier(&ipv6_dev_notf);
        addrconf_verify(0);
@@ -4539,15 +4515,22 @@ errlo:
 void addrconf_cleanup(void)
 {
        struct inet6_ifaddr *ifa;
+        struct net_device *dev;
        int i;
        unregister_netdevice_notifier(&ipv6_dev_notf);
-        unregister_pernet_device(&addrconf_net_ops);
        unregister_pernet_subsys(&addrconf_ops);
        rtnl_lock();
+        /* clean dev list */
+        for_each_netdev(&init_net, dev) {
+                if (__in6_dev_get(dev) == NULL)
+                        continue;
+                addrconf_ifdown(dev, 1);
+        }
+        addrconf_ifdown(init_net.loopback_dev, 2);
        /*
         *      Check hash table.
         */
@@ -4568,6 +4551,4 @@ void addrconf_cleanup(void)
        del_timer(&addr_chk_timer);
        rtnl_unlock();
-        unregister_pernet_subsys(&addrconf_net_ops);
 }
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index c802bc1658a8..9c8309ed35cf 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -72,6 +72,10 @@ MODULE_LICENSE("GPL");
 static struct list_head inetsw6[SOCK_MAX];
 static DEFINE_SPINLOCK(inetsw6_lock);
+static int disable_ipv6 = 0;
+module_param_named(disable, disable_ipv6, int, 0);
+MODULE_PARM_DESC(disable, "Disable IPv6 such that it is non-functional");
 static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
 {
        const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);
@@ -991,10 +995,21 @@ static int __init inet6_init(void)
 {
        struct sk_buff *dummy_skb;
        struct list_head *r;
-        int err;
+        int err = 0;
        BUILD_BUG_ON(sizeof(struct inet6_skb_parm) > sizeof(dummy_skb->cb));
+        /* Register the socket-side information for inet6_create.  */
+        for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r)
+                INIT_LIST_HEAD(r);
+        if (disable_ipv6) {
+                printk(KERN_INFO
+                       "IPv6: Loaded, but administratively disabled, "
+                       "reboot required to enable\n");
+                goto out;
+        }
        err = proto_register(&tcpv6_prot, 1);
        if (err)
                goto out;
@@ -1012,10 +1027,6 @@ static int __init inet6_init(void)
                goto out_unregister_udplite_proto;
-        /* Register the socket-side information for inet6_create.  */
-        for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r)
-                INIT_LIST_HEAD(r);
        /* We MUST register RAW sockets before we create the ICMP6,
         * IGMP6, or NDISC control sockets.
         */
@@ -1181,6 +1192,9 @@ module_init(inet6_init);
 static void __exit inet6_exit(void)
 {
+        if (disable_ipv6)
+                return;
        /* First of all disallow new sockets creation. */
        sock_unregister(PF_INET6);
        /* Disallow any further netlink messages */
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index 8fe267feb81e..1bcc3431859e 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -258,11 +258,11 @@ unique:
        if (twp != NULL) {
                *twp = tw;
-                NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);
+                NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
        } else if (tw != NULL) {
                /* Silly. Should hash-dance instead... */
                inet_twsk_deschedule(tw, death_row);
-                NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);
+                NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
                inet_twsk_put(tw);
        }
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index c62dd247774f..7712578bdc66 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -323,17 +323,21 @@ static struct ip6_flowlabel *
 fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
          int optlen, int *err_p)
 {
-        struct ip6_flowlabel *fl;
+        struct ip6_flowlabel *fl = NULL;
        int olen;
        int addr_type;
        int err;
+        olen = optlen - CMSG_ALIGN(sizeof(*freq));
+        err = -EINVAL;
+        if (olen > 64 * 1024)
+                goto done;
        err = -ENOMEM;
        fl = kzalloc(sizeof(*fl), GFP_KERNEL);
        if (fl == NULL)
                goto done;
-        olen = optlen - CMSG_ALIGN(sizeof(*freq));
        if (olen > 0) {
                struct msghdr msg;
                struct flowi flowi;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 4b15938bef4d..9fb49c3b518a 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1105,6 +1105,18 @@ static inline int ip6_ufo_append_data(struct sock *sk,
        return err;
 }
+static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
+                                               gfp_t gfp)
+{
+        return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
+}
+static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
+                                                gfp_t gfp)
+{
+        return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
+}
 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
        int offset, int len, int odd, struct sk_buff *skb),
        void *from, int length, int transhdrlen,
@@ -1130,17 +1142,37 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
                 * setup for corking
                 */
                if (opt) {
-                        if (np->cork.opt == NULL) {
+                        if (WARN_ON(np->cork.opt))
-                                np->cork.opt = kmalloc(opt->tot_len,
-                                                       sk->sk_allocation);
-                                if (unlikely(np->cork.opt == NULL))
-                                        return -ENOBUFS;
-                        } else if (np->cork.opt->tot_len < opt->tot_len) {
-                                printk(KERN_DEBUG "ip6_append_data: invalid option length\n");
                                return -EINVAL;
-                        }
-                        memcpy(np->cork.opt, opt, opt->tot_len);
+                        np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
-                        inet->cork.flags |= IPCORK_OPT;
+                        if (unlikely(np->cork.opt == NULL))
+                                return -ENOBUFS;
+                        np->cork.opt->tot_len = opt->tot_len;
+                        np->cork.opt->opt_flen = opt->opt_flen;
+                        np->cork.opt->opt_nflen = opt->opt_nflen;
+                        np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
+                                                            sk->sk_allocation);
+                        if (opt->dst0opt && !np->cork.opt->dst0opt)
+                                return -ENOBUFS;
+                        np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
+                                                            sk->sk_allocation);
+                        if (opt->dst1opt && !np->cork.opt->dst1opt)
+                                return -ENOBUFS;
+                        np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
+                                                           sk->sk_allocation);
+                        if (opt->hopopt && !np->cork.opt->hopopt)
+                                return -ENOBUFS;
+                        np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
+                                                            sk->sk_allocation);
+                        if (opt->srcrt && !np->cork.opt->srcrt)
+                                return -ENOBUFS;
                        /* need source address above miyazawa*/
                }
                dst_hold(&rt->u.dst);
@@ -1167,8 +1199,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
        } else {
                rt = (struct rt6_info *)inet->cork.dst;
                fl = &inet->cork.fl;
-                if (inet->cork.flags & IPCORK_OPT)
+                opt = np->cork.opt;
-                        opt = np->cork.opt;
                transhdrlen = 0;
                exthdrlen = 0;
                mtu = inet->cork.fragsize;
@@ -1407,9 +1438,15 @@ error:
 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
 {
-        inet->cork.flags &= ~IPCORK_OPT;
+        if (np->cork.opt) {
-        kfree(np->cork.opt);
+                kfree(np->cork.opt->dst0opt);
-        np->cork.opt = NULL;
+                kfree(np->cork.opt->dst1opt);
+                kfree(np->cork.opt->hopopt);
+                kfree(np->cork.opt->srcrt);
+                kfree(np->cork.opt);
+                np->cork.opt = NULL;
+        }
        if (inet->cork.dst) {
                dst_release(inet->cork.dst);
                inet->cork.dst = NULL;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 58e2b0d93758..d994c55a5b16 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -249,8 +249,8 @@ static struct ip6_tnl *ip6_tnl_create(struct net *net, struct ip6_tnl_parm *p)
        }
        t = netdev_priv(dev);
-        ip6_tnl_dev_init(dev);
        t->parms = *p;
+        ip6_tnl_dev_init(dev);
        if ((err = register_netdevice(dev)) < 0)
                goto failed_free;
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index c455cf4ee756..72dbb6d1a6b3 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -49,8 +49,19 @@ static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
 static const u_int8_t invmap[] = {
        [ICMPV6_ECHO_REQUEST - 128]     = ICMPV6_ECHO_REPLY + 1,
        [ICMPV6_ECHO_REPLY - 128]       = ICMPV6_ECHO_REQUEST + 1,
-        [ICMPV6_NI_QUERY - 128]         = ICMPV6_NI_QUERY + 1,
+        [ICMPV6_NI_QUERY - 128]         = ICMPV6_NI_REPLY + 1,
-        [ICMPV6_NI_REPLY - 128]         = ICMPV6_NI_REPLY +1
+        [ICMPV6_NI_REPLY - 128]         = ICMPV6_NI_QUERY +1
+};
+static const u_int8_t noct_valid_new[] = {
+        [ICMPV6_MGM_QUERY - 130] = 1,
+        [ICMPV6_MGM_REPORT -130] = 1,
+        [ICMPV6_MGM_REDUCTION - 130] = 1,
+        [NDISC_ROUTER_SOLICITATION - 130] = 1,
+        [NDISC_ROUTER_ADVERTISEMENT - 130] = 1,
+        [NDISC_NEIGHBOUR_SOLICITATION - 130] = 1,
+        [NDISC_NEIGHBOUR_ADVERTISEMENT - 130] = 1,
+        [ICMPV6_MLD2_REPORT - 130] = 1
 };
 static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
@@ -178,6 +189,7 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
 {
        const struct icmp6hdr *icmp6h;
        struct icmp6hdr _ih;
+        int type;
        icmp6h = skb_header_pointer(skb, dataoff, sizeof(_ih), &_ih);
        if (icmp6h == NULL) {
@@ -189,11 +201,21 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
        if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) {
-                nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
+                if (LOG_INVALID(net, IPPROTO_ICMPV6))
-                              "nf_ct_icmpv6: ICMPv6 checksum failed\n");
+                        nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
+                                      "nf_ct_icmpv6: ICMPv6 checksum failed ");
                return -NF_ACCEPT;
        }
+        type = icmp6h->icmp6_type - 130;
+        if (type >= 0 && type < sizeof(noct_valid_new) &&
+            noct_valid_new[type]) {
+                skb->nfct = &nf_conntrack_untracked.ct_general;
+                skb->nfctinfo = IP_CT_NEW;
+                nf_conntrack_get(skb->nfct);
+                return NF_ACCEPT;
+        }
        /* is not error message ? */
        if (icmp6h->icmp6_type >= 128)
                return NF_ACCEPT;
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index ed4d79a9e4a6..058a5e4a60c3 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
                if (!ipv6_ext_hdr(nexthdr)) {
                        return -1;
                }
-                if (len < (int)sizeof(struct ipv6_opt_hdr)) {
-                        pr_debug("too short\n");
-                        return -1;
-                }
                if (nexthdr == NEXTHDR_NONE) {
                        pr_debug("next header is none\n");
                        return -1;
                }
+                if (len < (int)sizeof(struct ipv6_opt_hdr)) {
+                        pr_debug("too short\n");
+                        return -1;
+                }
                if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
                        BUG();
                if (nexthdr == NEXTHDR_AUTH)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 3c575118fca5..e9ac7a12f595 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -452,6 +452,7 @@ err:
 static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
                          struct net_device *dev)
 {
+        struct net *net = container_of(fq->q.net, struct net, ipv6.frags);
        struct sk_buff *fp, *head = fq->q.fragments;
        int    payload_len;
        unsigned int nhoff;
@@ -551,8 +552,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
                                          head->csum);
        rcu_read_lock();
-        IP6_INC_STATS_BH(dev_net(dev),
+        IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
-                         __in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
        rcu_read_unlock();
        fq->q.fragments = NULL;
        return 1;
@@ -566,8 +566,7 @@ out_oom:
                printk(KERN_DEBUG "ip6_frag_reasm: no memory for reassembly\n");
 out_fail:
        rcu_read_lock();
-        IP6_INC_STATS_BH(dev_net(dev),
+        IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
-                         __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
        rcu_read_unlock();
        return -1;
 }
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index d3467e563f02..5cee2bcbcece 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -188,9 +188,9 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct net *net,
        }
        nt = netdev_priv(dev);
-        ipip6_tunnel_init(dev);
        nt->parms = *parms;
+        ipip6_tunnel_init(dev);
        if (parms->i_flags & SIT_ISATAP)
                dev->priv_flags |= IFF_ISATAP;

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index f9afb452249c..1220e2c7831e 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c
@@ -493,15 +493,17 @@ static void addrconf_forward_change(struct net *net, __s32 newf)
493	read_unlock(&dev_base_lock);	493	read_unlock(&dev_base_lock);
494	}	494	}
495		495
496	static void addrconf_fixup_forwarding(struct ctl_table table, int p, int old)	496	static int addrconf_fixup_forwarding(struct ctl_table table, int p, int old)
497	{	497	{
498	struct net *net;	498	struct net *net;
499		499
500	net = (struct net *)table->extra2;	500	net = (struct net *)table->extra2;
501	if (p == &net->ipv6.devconf_dflt->forwarding)	501	if (p == &net->ipv6.devconf_dflt->forwarding)
502	return;	502	return 0;
		503
		504	if (!rtnl_trylock())
		505	return -ERESTARTSYS;
503		506
504	rtnl_lock();
505	if (p == &net->ipv6.devconf_all->forwarding) {	507	if (p == &net->ipv6.devconf_all->forwarding) {
506	__s32 newf = net->ipv6.devconf_all->forwarding;	508	__s32 newf = net->ipv6.devconf_all->forwarding;
507	net->ipv6.devconf_dflt->forwarding = newf;	509	net->ipv6.devconf_dflt->forwarding = newf;
@@ -512,6 +514,7 @@ static void addrconf_fixup_forwarding(struct ctl_table table, int p, int old)
512		514
513	if (*p)	515	if (*p)
514	rt6_purge_dflt_routers(net);	516	rt6_purge_dflt_routers(net);
		517	return 1;
515	}	518	}
516	#endif	519	#endif
517		520
@@ -2608,9 +2611,6 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2608		2611
2609	ASSERT_RTNL();	2612	ASSERT_RTNL();
2610		2613
2611	if ((dev->flags & IFF_LOOPBACK) && how == 1)
2612	how = 0;
2613
2614	rt6_ifdown(net, dev);	2614	rt6_ifdown(net, dev);
2615	neigh_ifdown(&nd_tbl, dev);	2615	neigh_ifdown(&nd_tbl, dev);
2616		2616
@@ -3983,7 +3983,7 @@ int addrconf_sysctl_forward(ctl_table ctl, int write, struct file filp,
3983	ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);	3983	ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
3984		3984
3985	if (write)	3985	if (write)
3986	addrconf_fixup_forwarding(ctl, valp, val);	3986	ret = addrconf_fixup_forwarding(ctl, valp, val);
3987	return ret;	3987	return ret;
3988	}	3988	}
3989		3989
@@ -4019,8 +4019,7 @@ static int addrconf_sysctl_forward_strategy(ctl_table *table,
4019	}	4019	}
4020		4020
4021	*valp = new;	4021	*valp = new;
4022	addrconf_fixup_forwarding(table, valp, val);	4022	return addrconf_fixup_forwarding(table, valp, val);
4023	return 1;
4024	}	4023	}
4025		4024
4026	static struct addrconf_sysctl_table	4025	static struct addrconf_sysctl_table
@@ -4446,25 +4445,6 @@ int unregister_inet6addr_notifier(struct notifier_block *nb)
4446		4445
4447	EXPORT_SYMBOL(unregister_inet6addr_notifier);	4446	EXPORT_SYMBOL(unregister_inet6addr_notifier);
4448		4447
4449	static void addrconf_net_exit(struct net *net)
4450	{
4451	struct net_device *dev;
4452
4453	rtnl_lock();
4454	/* clean dev list */
4455	for_each_netdev(net, dev) {
4456	if (__in6_dev_get(dev) == NULL)
4457	continue;
4458	addrconf_ifdown(dev, 1);
4459	}
4460	addrconf_ifdown(net->loopback_dev, 2);
4461	rtnl_unlock();
4462	}
4463
4464	static struct pernet_operations addrconf_net_ops = {
4465	.exit = addrconf_net_exit,
4466	};
4467
4468	/*	4448	/*
4469	* Init / cleanup code	4449	* Init / cleanup code
4470	*/	4450	*/
@@ -4506,10 +4486,6 @@ int __init addrconf_init(void)
4506	if (err)	4486	if (err)
4507	goto errlo;	4487	goto errlo;
4508		4488
4509	err = register_pernet_device(&addrconf_net_ops);
4510	if (err)
4511	return err;
4512
4513	register_netdevice_notifier(&ipv6_dev_notf);	4489	register_netdevice_notifier(&ipv6_dev_notf);
4514		4490
4515	addrconf_verify(0);	4491	addrconf_verify(0);
@@ -4539,15 +4515,22 @@ errlo:
4539	void addrconf_cleanup(void)	4515	void addrconf_cleanup(void)
4540	{	4516	{
4541	struct inet6_ifaddr *ifa;	4517	struct inet6_ifaddr *ifa;
		4518	struct net_device *dev;
4542	int i;	4519	int i;
4543		4520
4544	unregister_netdevice_notifier(&ipv6_dev_notf);	4521	unregister_netdevice_notifier(&ipv6_dev_notf);
4545	unregister_pernet_device(&addrconf_net_ops);
4546
4547	unregister_pernet_subsys(&addrconf_ops);	4522	unregister_pernet_subsys(&addrconf_ops);
4548		4523
4549	rtnl_lock();	4524	rtnl_lock();
4550		4525
		4526	/* clean dev list */
		4527	for_each_netdev(&init_net, dev) {
		4528	if (__in6_dev_get(dev) == NULL)
		4529	continue;
		4530	addrconf_ifdown(dev, 1);
		4531	}
		4532	addrconf_ifdown(init_net.loopback_dev, 2);
		4533
4551	/*	4534	/*
4552	* Check hash table.	4535	* Check hash table.
4553	*/	4536	*/
@@ -4568,6 +4551,4 @@ void addrconf_cleanup(void)
4568		4551
4569	del_timer(&addr_chk_timer);	4552	del_timer(&addr_chk_timer);
4570	rtnl_unlock();	4553	rtnl_unlock();
4571
4572	unregister_pernet_subsys(&addrconf_net_ops);
4573	}	4554	}


diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index c802bc1658a8..9c8309ed35cf 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c
@@ -72,6 +72,10 @@ MODULE_LICENSE("GPL");
72	static struct list_head inetsw6[SOCK_MAX];	72	static struct list_head inetsw6[SOCK_MAX];
73	static DEFINE_SPINLOCK(inetsw6_lock);	73	static DEFINE_SPINLOCK(inetsw6_lock);
74		74
		75	static int disable_ipv6 = 0;
		76	module_param_named(disable, disable_ipv6, int, 0);
		77	MODULE_PARM_DESC(disable, "Disable IPv6 such that it is non-functional");
		78
75	static __inline__ struct ipv6_pinfo inet6_sk_generic(struct sock sk)	79	static __inline__ struct ipv6_pinfo inet6_sk_generic(struct sock sk)
76	{	80	{
77	const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);	81	const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);
@@ -991,10 +995,21 @@ static int __init inet6_init(void)
991	{	995	{
992	struct sk_buff *dummy_skb;	996	struct sk_buff *dummy_skb;
993	struct list_head *r;	997	struct list_head *r;
994	int err;	998	int err = 0;
995		999
996	BUILD_BUG_ON(sizeof(struct inet6_skb_parm) > sizeof(dummy_skb->cb));	1000	BUILD_BUG_ON(sizeof(struct inet6_skb_parm) > sizeof(dummy_skb->cb));
997		1001
		1002	/* Register the socket-side information for inet6_create. */
		1003	for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r)
		1004	INIT_LIST_HEAD(r);
		1005
		1006	if (disable_ipv6) {
		1007	printk(KERN_INFO
		1008	"IPv6: Loaded, but administratively disabled, "
		1009	"reboot required to enable\n");
		1010	goto out;
		1011	}
		1012
998	err = proto_register(&tcpv6_prot, 1);	1013	err = proto_register(&tcpv6_prot, 1);
999	if (err)	1014	if (err)
1000	goto out;	1015	goto out;
@@ -1012,10 +1027,6 @@ static int __init inet6_init(void)
1012	goto out_unregister_udplite_proto;	1027	goto out_unregister_udplite_proto;
1013		1028
1014		1029
1015	/* Register the socket-side information for inet6_create. */
1016	for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r)
1017	INIT_LIST_HEAD(r);
1018
1019	/* We MUST register RAW sockets before we create the ICMP6,	1030	/* We MUST register RAW sockets before we create the ICMP6,
1020	* IGMP6, or NDISC control sockets.	1031	* IGMP6, or NDISC control sockets.
1021	*/	1032	*/
@@ -1181,6 +1192,9 @@ module_init(inet6_init);
1181		1192
1182	static void __exit inet6_exit(void)	1193	static void __exit inet6_exit(void)
1183	{	1194	{
		1195	if (disable_ipv6)
		1196	return;
		1197
1184	/* First of all disallow new sockets creation. */	1198	/* First of all disallow new sockets creation. */
1185	sock_unregister(PF_INET6);	1199	sock_unregister(PF_INET6);
1186	/* Disallow any further netlink messages */	1200	/* Disallow any further netlink messages */


diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c index 8fe267feb81e..1bcc3431859e 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c
@@ -258,11 +258,11 @@ unique:
258		258
259	if (twp != NULL) {	259	if (twp != NULL) {
260	*twp = tw;	260	*twp = tw;
261	NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);	261	NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
262	} else if (tw != NULL) {	262	} else if (tw != NULL) {
263	/* Silly. Should hash-dance instead... */	263	/* Silly. Should hash-dance instead... */
264	inet_twsk_deschedule(tw, death_row);	264	inet_twsk_deschedule(tw, death_row);
265	NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);	265	NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
266		266
267	inet_twsk_put(tw);	267	inet_twsk_put(tw);
268	}	268	}


diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index c62dd247774f..7712578bdc66 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c
@@ -323,17 +323,21 @@ static struct ip6_flowlabel *
323	fl_create(struct net net, struct in6_flowlabel_req freq, char __user *optval,	323	fl_create(struct net net, struct in6_flowlabel_req freq, char __user *optval,
324	int optlen, int *err_p)	324	int optlen, int *err_p)
325	{	325	{
326	struct ip6_flowlabel *fl;	326	struct ip6_flowlabel *fl = NULL;
327	int olen;	327	int olen;
328	int addr_type;	328	int addr_type;
329	int err;	329	int err;
330		330
		331	olen = optlen - CMSG_ALIGN(sizeof(*freq));
		332	err = -EINVAL;
		333	if (olen > 64 * 1024)
		334	goto done;
		335
331	err = -ENOMEM;	336	err = -ENOMEM;
332	fl = kzalloc(sizeof(*fl), GFP_KERNEL);	337	fl = kzalloc(sizeof(*fl), GFP_KERNEL);
333	if (fl == NULL)	338	if (fl == NULL)
334	goto done;	339	goto done;
335		340
336	olen = optlen - CMSG_ALIGN(sizeof(*freq));
337	if (olen > 0) {	341	if (olen > 0) {
338	struct msghdr msg;	342	struct msghdr msg;
339	struct flowi flowi;	343	struct flowi flowi;


diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4b15938bef4d..9fb49c3b518a 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c
@@ -1105,6 +1105,18 @@ static inline int ip6_ufo_append_data(struct sock *sk,
1105	return err;	1105	return err;
1106	}	1106	}
1107		1107
		1108	static inline struct ipv6_opt_hdr ip6_opt_dup(struct ipv6_opt_hdr src,
		1109	gfp_t gfp)
		1110	{
		1111	return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
		1112	}
		1113
		1114	static inline struct ipv6_rt_hdr ip6_rthdr_dup(struct ipv6_rt_hdr src,
		1115	gfp_t gfp)
		1116	{
		1117	return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
		1118	}
		1119
1108	int ip6_append_data(struct sock sk, int getfrag(void from, char *to,	1120	int ip6_append_data(struct sock sk, int getfrag(void from, char *to,
1109	int offset, int len, int odd, struct sk_buff *skb),	1121	int offset, int len, int odd, struct sk_buff *skb),
1110	void *from, int length, int transhdrlen,	1122	void *from, int length, int transhdrlen,
@@ -1130,17 +1142,37 @@ int ip6_append_data(struct sock sk, int getfrag(void from, char *to,
1130	* setup for corking	1142	* setup for corking
1131	*/	1143	*/
1132	if (opt) {	1144	if (opt) {
1133	if (np->cork.opt == NULL) {	1145	if (WARN_ON(np->cork.opt))
1134	np->cork.opt = kmalloc(opt->tot_len,
1135	sk->sk_allocation);
1136	if (unlikely(np->cork.opt == NULL))
1137	return -ENOBUFS;
1138	} else if (np->cork.opt->tot_len < opt->tot_len) {
1139	printk(KERN_DEBUG "ip6_append_data: invalid option length\n");
1140	return -EINVAL;	1146	return -EINVAL;
1141	}	1147
1142	memcpy(np->cork.opt, opt, opt->tot_len);	1148	np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1143	inet->cork.flags \|= IPCORK_OPT;	1149	if (unlikely(np->cork.opt == NULL))
		1150	return -ENOBUFS;
		1151
		1152	np->cork.opt->tot_len = opt->tot_len;
		1153	np->cork.opt->opt_flen = opt->opt_flen;
		1154	np->cork.opt->opt_nflen = opt->opt_nflen;
		1155
		1156	np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
		1157	sk->sk_allocation);
		1158	if (opt->dst0opt && !np->cork.opt->dst0opt)
		1159	return -ENOBUFS;
		1160
		1161	np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
		1162	sk->sk_allocation);
		1163	if (opt->dst1opt && !np->cork.opt->dst1opt)
		1164	return -ENOBUFS;
		1165
		1166	np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
		1167	sk->sk_allocation);
		1168	if (opt->hopopt && !np->cork.opt->hopopt)
		1169	return -ENOBUFS;
		1170
		1171	np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
		1172	sk->sk_allocation);
		1173	if (opt->srcrt && !np->cork.opt->srcrt)
		1174	return -ENOBUFS;
		1175
1144	/* need source address above miyazawa*/	1176	/* need source address above miyazawa*/
1145	}	1177	}
1146	dst_hold(&rt->u.dst);	1178	dst_hold(&rt->u.dst);
@@ -1167,8 +1199,7 @@ int ip6_append_data(struct sock sk, int getfrag(void from, char *to,
1167	} else {	1199	} else {
1168	rt = (struct rt6_info *)inet->cork.dst;	1200	rt = (struct rt6_info *)inet->cork.dst;
1169	fl = &inet->cork.fl;	1201	fl = &inet->cork.fl;
1170	if (inet->cork.flags & IPCORK_OPT)	1202	opt = np->cork.opt;
1171	opt = np->cork.opt;
1172	transhdrlen = 0;	1203	transhdrlen = 0;
1173	exthdrlen = 0;	1204	exthdrlen = 0;
1174	mtu = inet->cork.fragsize;	1205	mtu = inet->cork.fragsize;
@@ -1407,9 +1438,15 @@ error:
1407		1438
1408	static void ip6_cork_release(struct inet_sock inet, struct ipv6_pinfo np)	1439	static void ip6_cork_release(struct inet_sock inet, struct ipv6_pinfo np)
1409	{	1440	{
1410	inet->cork.flags &= ~IPCORK_OPT;	1441	if (np->cork.opt) {
1411	kfree(np->cork.opt);	1442	kfree(np->cork.opt->dst0opt);
1412	np->cork.opt = NULL;	1443	kfree(np->cork.opt->dst1opt);
		1444	kfree(np->cork.opt->hopopt);
		1445	kfree(np->cork.opt->srcrt);
		1446	kfree(np->cork.opt);
		1447	np->cork.opt = NULL;
		1448	}
		1449
1413	if (inet->cork.dst) {	1450	if (inet->cork.dst) {
1414	dst_release(inet->cork.dst);	1451	dst_release(inet->cork.dst);
1415	inet->cork.dst = NULL;	1452	inet->cork.dst = NULL;


diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 58e2b0d93758..d994c55a5b16 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c
@@ -249,8 +249,8 @@ static struct ip6_tnl ip6_tnl_create(struct net net, struct ip6_tnl_parm *p)
249	}	249	}
250		250
251	t = netdev_priv(dev);	251	t = netdev_priv(dev);
252	ip6_tnl_dev_init(dev);
253	t->parms = *p;	252	t->parms = *p;
		253	ip6_tnl_dev_init(dev);
254		254
255	if ((err = register_netdevice(dev)) < 0)	255	if ((err = register_netdevice(dev)) < 0)
256	goto failed_free;	256	goto failed_free;


diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index c455cf4ee756..72dbb6d1a6b3 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -49,8 +49,19 @@ static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
49	static const u_int8_t invmap[] = {	49	static const u_int8_t invmap[] = {
50	[ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,	50	[ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
51	[ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,	51	[ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
52	[ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,	52	[ICMPV6_NI_QUERY - 128] = ICMPV6_NI_REPLY + 1,
53	[ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY +1	53	[ICMPV6_NI_REPLY - 128] = ICMPV6_NI_QUERY +1
		54	};
		55
		56	static const u_int8_t noct_valid_new[] = {
		57	[ICMPV6_MGM_QUERY - 130] = 1,
		58	[ICMPV6_MGM_REPORT -130] = 1,
		59	[ICMPV6_MGM_REDUCTION - 130] = 1,
		60	[NDISC_ROUTER_SOLICITATION - 130] = 1,
		61	[NDISC_ROUTER_ADVERTISEMENT - 130] = 1,
		62	[NDISC_NEIGHBOUR_SOLICITATION - 130] = 1,
		63	[NDISC_NEIGHBOUR_ADVERTISEMENT - 130] = 1,
		64	[ICMPV6_MLD2_REPORT - 130] = 1
54	};	65	};
55		66
56	static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,	67	static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
@@ -178,6 +189,7 @@ icmpv6_error(struct net net, struct sk_buff skb, unsigned int dataoff,
178	{	189	{
179	const struct icmp6hdr *icmp6h;	190	const struct icmp6hdr *icmp6h;
180	struct icmp6hdr _ih;	191	struct icmp6hdr _ih;
		192	int type;
181		193
182	icmp6h = skb_header_pointer(skb, dataoff, sizeof(_ih), &_ih);	194	icmp6h = skb_header_pointer(skb, dataoff, sizeof(_ih), &_ih);
183	if (icmp6h == NULL) {	195	if (icmp6h == NULL) {
@@ -189,11 +201,21 @@ icmpv6_error(struct net net, struct sk_buff skb, unsigned int dataoff,
189		201
190	if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&	202	if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&
191	nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) {	203	nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) {
192	nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,	204	if (LOG_INVALID(net, IPPROTO_ICMPV6))
193	"nf_ct_icmpv6: ICMPv6 checksum failed\n");	205	nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
		206	"nf_ct_icmpv6: ICMPv6 checksum failed ");
194	return -NF_ACCEPT;	207	return -NF_ACCEPT;
195	}	208	}
196		209
		210	type = icmp6h->icmp6_type - 130;
		211	if (type >= 0 && type < sizeof(noct_valid_new) &&
		212	noct_valid_new[type]) {
		213	skb->nfct = &nf_conntrack_untracked.ct_general;
		214	skb->nfctinfo = IP_CT_NEW;
		215	nf_conntrack_get(skb->nfct);
		216	return NF_ACCEPT;
		217	}
		218
197	/* is not error message ? */	219	/* is not error message ? */
198	if (icmp6h->icmp6_type >= 128)	220	if (icmp6h->icmp6_type >= 128)
199	return NF_ACCEPT;	221	return NF_ACCEPT;


diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index ed4d79a9e4a6..058a5e4a60c3 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff skb, u8 prevhdrp, int prevhoff, int fhoff)
528	if (!ipv6_ext_hdr(nexthdr)) {	528	if (!ipv6_ext_hdr(nexthdr)) {
529	return -1;	529	return -1;
530	}	530	}
531	if (len < (int)sizeof(struct ipv6_opt_hdr)) {
532	pr_debug("too short\n");
533	return -1;
534	}
535	if (nexthdr == NEXTHDR_NONE) {	531	if (nexthdr == NEXTHDR_NONE) {
536	pr_debug("next header is none\n");	532	pr_debug("next header is none\n");
537	return -1;	533	return -1;
538	}	534	}
		535	if (len < (int)sizeof(struct ipv6_opt_hdr)) {
		536	pr_debug("too short\n");
		537	return -1;
		538	}
539	if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))	539	if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
540	BUG();	540	BUG();
541	if (nexthdr == NEXTHDR_AUTH)	541	if (nexthdr == NEXTHDR_AUTH)


diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 3c575118fca5..e9ac7a12f595 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c
@@ -452,6 +452,7 @@ err:
452	static int ip6_frag_reasm(struct frag_queue fq, struct sk_buff prev,	452	static int ip6_frag_reasm(struct frag_queue fq, struct sk_buff prev,
453	struct net_device *dev)	453	struct net_device *dev)
454	{	454	{
		455	struct net *net = container_of(fq->q.net, struct net, ipv6.frags);
455	struct sk_buff fp, head = fq->q.fragments;	456	struct sk_buff fp, head = fq->q.fragments;
456	int payload_len;	457	int payload_len;
457	unsigned int nhoff;	458	unsigned int nhoff;
@@ -551,8 +552,7 @@ static int ip6_frag_reasm(struct frag_queue fq, struct sk_buff prev,
551	head->csum);	552	head->csum);
552		553
553	rcu_read_lock();	554	rcu_read_lock();
554	IP6_INC_STATS_BH(dev_net(dev),	555	IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
555	__in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
556	rcu_read_unlock();	556	rcu_read_unlock();
557	fq->q.fragments = NULL;	557	fq->q.fragments = NULL;
558	return 1;	558	return 1;
@@ -566,8 +566,7 @@ out_oom:
566	printk(KERN_DEBUG "ip6_frag_reasm: no memory for reassembly\n");	566	printk(KERN_DEBUG "ip6_frag_reasm: no memory for reassembly\n");
567	out_fail:	567	out_fail:
568	rcu_read_lock();	568	rcu_read_lock();
569	IP6_INC_STATS_BH(dev_net(dev),	569	IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
570	__in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
571	rcu_read_unlock();	570	rcu_read_unlock();
572	return -1;	571	return -1;
573	}	572	}


diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index d3467e563f02..5cee2bcbcece 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c
@@ -188,9 +188,9 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct net *net,
188	}	188	}
189		189
190	nt = netdev_priv(dev);	190	nt = netdev_priv(dev);
191	ipip6_tunnel_init(dev);
192		191
193	nt->parms = *parms;	192	nt->parms = *parms;
		193	ipip6_tunnel_init(dev);
194		194
195	if (parms->i_flags & SIT_ISATAP)	195	if (parms->i_flags & SIT_ISATAP)
196	dev->priv_flags \|= IFF_ISATAP;	196	dev->priv_flags \|= IFF_ISATAP;