aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/cmtp/capi.c39
-rw-r--r--net/bluetooth/hci_sysfs.c7
-rw-r--r--net/bluetooth/rfcomm/sock.c9
-rw-r--r--net/bluetooth/rfcomm/tty.c22
-rw-r--r--net/bridge/netfilter/ebtables.c3
-rw-r--r--net/core/pktgen.c156
-rw-r--r--net/ipv4/af_inet.c2
-rw-r--r--net/ipv4/devinet.c5
-rw-r--r--net/ipv4/netfilter.c7
-rw-r--r--net/ipv4/netfilter/Kconfig4
-rw-r--r--net/ipv4/netfilter/ip_tables.c10
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c5
-rw-r--r--net/ipv4/tcp_ipv4.c2
-rw-r--r--net/ipv6/addrconf.c4
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/netfilter/Kconfig25
-rw-r--r--net/netfilter/nf_conntrack_netbios_ns.c1
-rw-r--r--net/netfilter/xt_hashlimit.c2
-rw-r--r--net/netlabel/netlabel_cipso_v4.c6
-rw-r--r--net/netlink/af_netlink.c3
-rw-r--r--net/x25/af_x25.c2
-rw-r--r--net/x25/x25_facilities.c12
-rw-r--r--net/xfrm/xfrm_user.c73
23 files changed, 200 insertions, 201 deletions
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c
index be04e9fb11f6..ab166b48ce8d 100644
--- a/net/bluetooth/cmtp/capi.c
+++ b/net/bluetooth/cmtp/capi.c
@@ -196,6 +196,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
196 196
197 switch (CAPIMSG_SUBCOMMAND(skb->data)) { 197 switch (CAPIMSG_SUBCOMMAND(skb->data)) {
198 case CAPI_CONF: 198 case CAPI_CONF:
199 if (skb->len < CAPI_MSG_BASELEN + 10)
200 break;
201
199 func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5); 202 func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
200 info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8); 203 info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);
201 204
@@ -226,6 +229,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
226 break; 229 break;
227 230
228 case CAPI_FUNCTION_GET_PROFILE: 231 case CAPI_FUNCTION_GET_PROFILE:
232 if (skb->len < CAPI_MSG_BASELEN + 11 + sizeof(capi_profile))
233 break;
234
229 controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11); 235 controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
230 msgnum = CAPIMSG_MSGID(skb->data); 236 msgnum = CAPIMSG_MSGID(skb->data);
231 237
@@ -246,17 +252,26 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
246 break; 252 break;
247 253
248 case CAPI_FUNCTION_GET_MANUFACTURER: 254 case CAPI_FUNCTION_GET_MANUFACTURER:
255 if (skb->len < CAPI_MSG_BASELEN + 15)
256 break;
257
249 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10); 258 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);
250 259
251 if (!info && ctrl) { 260 if (!info && ctrl) {
261 int len = min_t(uint, CAPI_MANUFACTURER_LEN,
262 skb->data[CAPI_MSG_BASELEN + 14]);
263
264 memset(ctrl->manu, 0, CAPI_MANUFACTURER_LEN);
252 strncpy(ctrl->manu, 265 strncpy(ctrl->manu,
253 skb->data + CAPI_MSG_BASELEN + 15, 266 skb->data + CAPI_MSG_BASELEN + 15, len);
254 skb->data[CAPI_MSG_BASELEN + 14]);
255 } 267 }
256 268
257 break; 269 break;
258 270
259 case CAPI_FUNCTION_GET_VERSION: 271 case CAPI_FUNCTION_GET_VERSION:
272 if (skb->len < CAPI_MSG_BASELEN + 32)
273 break;
274
260 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); 275 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
261 276
262 if (!info && ctrl) { 277 if (!info && ctrl) {
@@ -269,13 +284,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
269 break; 284 break;
270 285
271 case CAPI_FUNCTION_GET_SERIAL_NUMBER: 286 case CAPI_FUNCTION_GET_SERIAL_NUMBER:
287 if (skb->len < CAPI_MSG_BASELEN + 17)
288 break;
289
272 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); 290 controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
273 291
274 if (!info && ctrl) { 292 if (!info && ctrl) {
293 int len = min_t(uint, CAPI_SERIAL_LEN,
294 skb->data[CAPI_MSG_BASELEN + 16]);
295
275 memset(ctrl->serial, 0, CAPI_SERIAL_LEN); 296 memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
276 strncpy(ctrl->serial, 297 strncpy(ctrl->serial,
277 skb->data + CAPI_MSG_BASELEN + 17, 298 skb->data + CAPI_MSG_BASELEN + 17, len);
278 skb->data[CAPI_MSG_BASELEN + 16]);
279 } 299 }
280 300
281 break; 301 break;
@@ -284,14 +304,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
284 break; 304 break;
285 305
286 case CAPI_IND: 306 case CAPI_IND:
307 if (skb->len < CAPI_MSG_BASELEN + 6)
308 break;
309
287 func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3); 310 func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);
288 311
289 if (func == CAPI_FUNCTION_LOOPBACK) { 312 if (func == CAPI_FUNCTION_LOOPBACK) {
313 int len = min_t(uint, skb->len - CAPI_MSG_BASELEN - 6,
314 skb->data[CAPI_MSG_BASELEN + 5]);
290 appl = CAPIMSG_APPID(skb->data); 315 appl = CAPIMSG_APPID(skb->data);
291 msgnum = CAPIMSG_MSGID(skb->data); 316 msgnum = CAPIMSG_MSGID(skb->data);
292 cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func, 317 cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
293 skb->data + CAPI_MSG_BASELEN + 6, 318 skb->data + CAPI_MSG_BASELEN + 6, len);
294 skb->data[CAPI_MSG_BASELEN + 5]);
295 } 319 }
296 320
297 break; 321 break;
@@ -309,6 +333,9 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb)
309 333
310 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 334 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
311 335
336 if (skb->len < CAPI_MSG_BASELEN)
337 return;
338
312 if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) { 339 if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
313 cmtp_recv_interopmsg(session, skb); 340 cmtp_recv_interopmsg(session, skb);
314 return; 341 return;
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index d4c935692ccf..801d687ea4ef 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -242,7 +242,7 @@ static void add_conn(struct work_struct *work)
242 struct hci_conn *conn = container_of(work, struct hci_conn, work); 242 struct hci_conn *conn = container_of(work, struct hci_conn, work);
243 int i; 243 int i;
244 244
245 if (device_register(&conn->dev) < 0) { 245 if (device_add(&conn->dev) < 0) {
246 BT_ERR("Failed to register connection device"); 246 BT_ERR("Failed to register connection device");
247 return; 247 return;
248 } 248 }
@@ -272,6 +272,8 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
272 272
273 dev_set_drvdata(&conn->dev, conn); 273 dev_set_drvdata(&conn->dev, conn);
274 274
275 device_initialize(&conn->dev);
276
275 INIT_WORK(&conn->work, add_conn); 277 INIT_WORK(&conn->work, add_conn);
276 278
277 schedule_work(&conn->work); 279 schedule_work(&conn->work);
@@ -287,6 +289,9 @@ void hci_conn_del_sysfs(struct hci_conn *conn)
287{ 289{
288 BT_DBG("conn %p", conn); 290 BT_DBG("conn %p", conn);
289 291
292 if (!device_is_registered(&conn->dev))
293 return;
294
290 INIT_WORK(&conn->work, del_conn); 295 INIT_WORK(&conn->work, del_conn);
291 296
292 schedule_work(&conn->work); 297 schedule_work(&conn->work);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 544d65b7baa7..cb7e855f0828 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -557,7 +557,6 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
557 struct sock *sk = sock->sk; 557 struct sock *sk = sock->sk;
558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 558 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559 struct sk_buff *skb; 559 struct sk_buff *skb;
560 int err;
561 int sent = 0; 560 int sent = 0;
562 561
563 if (msg->msg_flags & MSG_OOB) 562 if (msg->msg_flags & MSG_OOB)
@@ -572,6 +571,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
572 571
573 while (len) { 572 while (len) {
574 size_t size = min_t(size_t, len, d->mtu); 573 size_t size = min_t(size_t, len, d->mtu);
574 int err;
575 575
576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, 576 skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
577 msg->msg_flags & MSG_DONTWAIT, &err); 577 msg->msg_flags & MSG_DONTWAIT, &err);
@@ -582,13 +582,16 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
582 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); 582 err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
583 if (err) { 583 if (err) {
584 kfree_skb(skb); 584 kfree_skb(skb);
585 sent = err; 585 if (sent == 0)
586 sent = err;
586 break; 587 break;
587 } 588 }
588 589
589 err = rfcomm_dlc_send(d, skb); 590 err = rfcomm_dlc_send(d, skb);
590 if (err < 0) { 591 if (err < 0) {
591 kfree_skb(skb); 592 kfree_skb(skb);
593 if (sent == 0)
594 sent = err;
592 break; 595 break;
593 } 596 }
594 597
@@ -598,7 +601,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
598 601
599 release_sock(sk); 602 release_sock(sk);
600 603
601 return sent ? sent : err; 604 return sent;
602} 605}
603 606
604static long rfcomm_sock_data_wait(struct sock *sk, long timeo) 607static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index e0e0d09023b2..eb2b52484c70 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -697,9 +697,13 @@ static int rfcomm_tty_write_room(struct tty_struct *tty)
697 697
698 BT_DBG("tty %p", tty); 698 BT_DBG("tty %p", tty);
699 699
700 if (!dev || !dev->dlc)
701 return 0;
702
700 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); 703 room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
701 if (room < 0) 704 if (room < 0)
702 room = 0; 705 room = 0;
706
703 return room; 707 return room;
704} 708}
705 709
@@ -915,12 +919,14 @@ static void rfcomm_tty_unthrottle(struct tty_struct *tty)
915static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) 919static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
916{ 920{
917 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 921 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
918 struct rfcomm_dlc *dlc = dev->dlc;
919 922
920 BT_DBG("tty %p dev %p", tty, dev); 923 BT_DBG("tty %p dev %p", tty, dev);
921 924
922 if (!skb_queue_empty(&dlc->tx_queue)) 925 if (!dev || !dev->dlc)
923 return dlc->mtu; 926 return 0;
927
928 if (!skb_queue_empty(&dev->dlc->tx_queue))
929 return dev->dlc->mtu;
924 930
925 return 0; 931 return 0;
926} 932}
@@ -928,11 +934,12 @@ static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
928static void rfcomm_tty_flush_buffer(struct tty_struct *tty) 934static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
929{ 935{
930 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 936 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
931 if (!dev)
932 return;
933 937
934 BT_DBG("tty %p dev %p", tty, dev); 938 BT_DBG("tty %p dev %p", tty, dev);
935 939
940 if (!dev || !dev->dlc)
941 return;
942
936 skb_queue_purge(&dev->dlc->tx_queue); 943 skb_queue_purge(&dev->dlc->tx_queue);
937 944
938 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 945 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
@@ -952,11 +959,12 @@ static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
952static void rfcomm_tty_hangup(struct tty_struct *tty) 959static void rfcomm_tty_hangup(struct tty_struct *tty)
953{ 960{
954 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 961 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
955 if (!dev)
956 return;
957 962
958 BT_DBG("tty %p dev %p", tty, dev); 963 BT_DBG("tty %p dev %p", tty, dev);
959 964
965 if (!dev)
966 return;
967
960 rfcomm_tty_flush_buffer(tty); 968 rfcomm_tty_flush_buffer(tty);
961 969
962 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) 970 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index bee558a41800..6c84ccb8c9d7 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -610,7 +610,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
610 struct ebt_entry_target *t; 610 struct ebt_entry_target *t;
611 struct ebt_target *target; 611 struct ebt_target *target;
612 unsigned int i, j, hook = 0, hookmask = 0; 612 unsigned int i, j, hook = 0, hookmask = 0;
613 size_t gap = e->next_offset - e->target_offset; 613 size_t gap;
614 int ret; 614 int ret;
615 615
616 /* don't mess with the struct ebt_entries */ 616 /* don't mess with the struct ebt_entries */
@@ -660,6 +660,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
660 if (ret != 0) 660 if (ret != 0)
661 goto cleanup_watchers; 661 goto cleanup_watchers;
662 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 662 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
663 gap = e->next_offset - e->target_offset;
663 target = find_target_lock(t->u.name, &ret, &ebt_mutex); 664 target = find_target_lock(t->u.name, &ret, &ebt_mutex);
664 if (!target) 665 if (!target)
665 goto cleanup_watchers; 666 goto cleanup_watchers;
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 1897a3a385d8..04d4b93c68eb 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -148,6 +148,7 @@
148#include <linux/seq_file.h> 148#include <linux/seq_file.h>
149#include <linux/wait.h> 149#include <linux/wait.h>
150#include <linux/etherdevice.h> 150#include <linux/etherdevice.h>
151#include <linux/kthread.h>
151#include <net/checksum.h> 152#include <net/checksum.h>
152#include <net/ipv6.h> 153#include <net/ipv6.h>
153#include <net/addrconf.h> 154#include <net/addrconf.h>
@@ -360,8 +361,7 @@ struct pktgen_thread {
360 spinlock_t if_lock; 361 spinlock_t if_lock;
361 struct list_head if_list; /* All device here */ 362 struct list_head if_list; /* All device here */
362 struct list_head th_list; 363 struct list_head th_list;
363 int removed; 364 struct task_struct *tsk;
364 char name[32];
365 char result[512]; 365 char result[512];
366 u32 max_before_softirq; /* We'll call do_softirq to prevent starvation. */ 366 u32 max_before_softirq; /* We'll call do_softirq to prevent starvation. */
367 367
@@ -1689,7 +1689,7 @@ static int pktgen_thread_show(struct seq_file *seq, void *v)
1689 BUG_ON(!t); 1689 BUG_ON(!t);
1690 1690
1691 seq_printf(seq, "Name: %s max_before_softirq: %d\n", 1691 seq_printf(seq, "Name: %s max_before_softirq: %d\n",
1692 t->name, t->max_before_softirq); 1692 t->tsk->comm, t->max_before_softirq);
1693 1693
1694 seq_printf(seq, "Running: "); 1694 seq_printf(seq, "Running: ");
1695 1695
@@ -3112,7 +3112,7 @@ static void pktgen_rem_thread(struct pktgen_thread *t)
3112{ 3112{
3113 /* Remove from the thread list */ 3113 /* Remove from the thread list */
3114 3114
3115 remove_proc_entry(t->name, pg_proc_dir); 3115 remove_proc_entry(t->tsk->comm, pg_proc_dir);
3116 3116
3117 mutex_lock(&pktgen_thread_lock); 3117 mutex_lock(&pktgen_thread_lock);
3118 3118
@@ -3260,58 +3260,40 @@ out:;
3260 * Main loop of the thread goes here 3260 * Main loop of the thread goes here
3261 */ 3261 */
3262 3262
3263static void pktgen_thread_worker(struct pktgen_thread *t) 3263static int pktgen_thread_worker(void *arg)
3264{ 3264{
3265 DEFINE_WAIT(wait); 3265 DEFINE_WAIT(wait);
3266 struct pktgen_thread *t = arg;
3266 struct pktgen_dev *pkt_dev = NULL; 3267 struct pktgen_dev *pkt_dev = NULL;
3267 int cpu = t->cpu; 3268 int cpu = t->cpu;
3268 sigset_t tmpsig;
3269 u32 max_before_softirq; 3269 u32 max_before_softirq;
3270 u32 tx_since_softirq = 0; 3270 u32 tx_since_softirq = 0;
3271 3271
3272 daemonize("pktgen/%d", cpu); 3272 BUG_ON(smp_processor_id() != cpu);
3273
3274 /* Block all signals except SIGKILL, SIGSTOP and SIGTERM */
3275
3276 spin_lock_irq(&current->sighand->siglock);
3277 tmpsig = current->blocked;
3278 siginitsetinv(&current->blocked,
3279 sigmask(SIGKILL) | sigmask(SIGSTOP) | sigmask(SIGTERM));
3280
3281 recalc_sigpending();
3282 spin_unlock_irq(&current->sighand->siglock);
3283
3284 /* Migrate to the right CPU */
3285 set_cpus_allowed(current, cpumask_of_cpu(cpu));
3286 if (smp_processor_id() != cpu)
3287 BUG();
3288 3273
3289 init_waitqueue_head(&t->queue); 3274 init_waitqueue_head(&t->queue);
3290 3275
3291 t->control &= ~(T_TERMINATE);
3292 t->control &= ~(T_RUN);
3293 t->control &= ~(T_STOP);
3294 t->control &= ~(T_REMDEVALL);
3295 t->control &= ~(T_REMDEV);
3296
3297 t->pid = current->pid; 3276 t->pid = current->pid;
3298 3277
3299 PG_DEBUG(printk("pktgen: starting pktgen/%d: pid=%d\n", cpu, current->pid)); 3278 PG_DEBUG(printk("pktgen: starting pktgen/%d: pid=%d\n", cpu, current->pid));
3300 3279
3301 max_before_softirq = t->max_before_softirq; 3280 max_before_softirq = t->max_before_softirq;
3302 3281
3303 __set_current_state(TASK_INTERRUPTIBLE); 3282 set_current_state(TASK_INTERRUPTIBLE);
3304 mb();
3305 3283
3306 while (1) { 3284 while (!kthread_should_stop()) {
3307 3285 pkt_dev = next_to_run(t);
3308 __set_current_state(TASK_RUNNING);
3309 3286
3310 /* 3287 if (!pkt_dev &&
3311 * Get next dev to xmit -- if any. 3288 (t->control & (T_STOP | T_RUN | T_REMDEVALL | T_REMDEV))
3312 */ 3289 == 0) {
3290 prepare_to_wait(&(t->queue), &wait,
3291 TASK_INTERRUPTIBLE);
3292 schedule_timeout(HZ / 10);
3293 finish_wait(&(t->queue), &wait);
3294 }
3313 3295
3314 pkt_dev = next_to_run(t); 3296 __set_current_state(TASK_RUNNING);
3315 3297
3316 if (pkt_dev) { 3298 if (pkt_dev) {
3317 3299
@@ -3329,21 +3311,8 @@ static void pktgen_thread_worker(struct pktgen_thread *t)
3329 do_softirq(); 3311 do_softirq();
3330 tx_since_softirq = 0; 3312 tx_since_softirq = 0;
3331 } 3313 }
3332 } else {
3333 prepare_to_wait(&(t->queue), &wait, TASK_INTERRUPTIBLE);
3334 schedule_timeout(HZ / 10);
3335 finish_wait(&(t->queue), &wait);
3336 } 3314 }
3337 3315
3338 /*
3339 * Back from sleep, either due to the timeout or signal.
3340 * We check if we have any "posted" work for us.
3341 */
3342
3343 if (t->control & T_TERMINATE || signal_pending(current))
3344 /* we received a request to terminate ourself */
3345 break;
3346
3347 if (t->control & T_STOP) { 3316 if (t->control & T_STOP) {
3348 pktgen_stop(t); 3317 pktgen_stop(t);
3349 t->control &= ~(T_STOP); 3318 t->control &= ~(T_STOP);
@@ -3364,20 +3333,19 @@ static void pktgen_thread_worker(struct pktgen_thread *t)
3364 t->control &= ~(T_REMDEV); 3333 t->control &= ~(T_REMDEV);
3365 } 3334 }
3366 3335
3367 if (need_resched()) 3336 set_current_state(TASK_INTERRUPTIBLE);
3368 schedule();
3369 } 3337 }
3370 3338
3371 PG_DEBUG(printk("pktgen: %s stopping all device\n", t->name)); 3339 PG_DEBUG(printk("pktgen: %s stopping all device\n", t->tsk->comm));
3372 pktgen_stop(t); 3340 pktgen_stop(t);
3373 3341
3374 PG_DEBUG(printk("pktgen: %s removing all device\n", t->name)); 3342 PG_DEBUG(printk("pktgen: %s removing all device\n", t->tsk->comm));
3375 pktgen_rem_all_ifs(t); 3343 pktgen_rem_all_ifs(t);
3376 3344
3377 PG_DEBUG(printk("pktgen: %s removing thread.\n", t->name)); 3345 PG_DEBUG(printk("pktgen: %s removing thread.\n", t->tsk->comm));
3378 pktgen_rem_thread(t); 3346 pktgen_rem_thread(t);
3379 3347
3380 t->removed = 1; 3348 return 0;
3381} 3349}
3382 3350
3383static struct pktgen_dev *pktgen_find_dev(struct pktgen_thread *t, 3351static struct pktgen_dev *pktgen_find_dev(struct pktgen_thread *t,
@@ -3495,37 +3463,11 @@ static int pktgen_add_device(struct pktgen_thread *t, const char *ifname)
3495 return add_dev_to_thread(t, pkt_dev); 3463 return add_dev_to_thread(t, pkt_dev);
3496} 3464}
3497 3465
3498static struct pktgen_thread *__init pktgen_find_thread(const char *name) 3466static int __init pktgen_create_thread(int cpu)
3499{ 3467{
3500 struct pktgen_thread *t; 3468 struct pktgen_thread *t;
3501
3502 mutex_lock(&pktgen_thread_lock);
3503
3504 list_for_each_entry(t, &pktgen_threads, th_list)
3505 if (strcmp(t->name, name) == 0) {
3506 mutex_unlock(&pktgen_thread_lock);
3507 return t;
3508 }
3509
3510 mutex_unlock(&pktgen_thread_lock);
3511 return NULL;
3512}
3513
3514static int __init pktgen_create_thread(const char *name, int cpu)
3515{
3516 int err;
3517 struct pktgen_thread *t = NULL;
3518 struct proc_dir_entry *pe; 3469 struct proc_dir_entry *pe;
3519 3470 struct task_struct *p;
3520 if (strlen(name) > 31) {
3521 printk("pktgen: ERROR: Thread name cannot be more than 31 characters.\n");
3522 return -EINVAL;
3523 }
3524
3525 if (pktgen_find_thread(name)) {
3526 printk("pktgen: ERROR: thread: %s already exists\n", name);
3527 return -EINVAL;
3528 }
3529 3471
3530 t = kzalloc(sizeof(struct pktgen_thread), GFP_KERNEL); 3472 t = kzalloc(sizeof(struct pktgen_thread), GFP_KERNEL);
3531 if (!t) { 3473 if (!t) {
@@ -3533,14 +3475,29 @@ static int __init pktgen_create_thread(const char *name, int cpu)
3533 return -ENOMEM; 3475 return -ENOMEM;
3534 } 3476 }
3535 3477
3536 strcpy(t->name, name);
3537 spin_lock_init(&t->if_lock); 3478 spin_lock_init(&t->if_lock);
3538 t->cpu = cpu; 3479 t->cpu = cpu;
3539 3480
3540 pe = create_proc_entry(t->name, 0600, pg_proc_dir); 3481 INIT_LIST_HEAD(&t->if_list);
3482
3483 list_add_tail(&t->th_list, &pktgen_threads);
3484
3485 p = kthread_create(pktgen_thread_worker, t, "kpktgend_%d", cpu);
3486 if (IS_ERR(p)) {
3487 printk("pktgen: kernel_thread() failed for cpu %d\n", t->cpu);
3488 list_del(&t->th_list);
3489 kfree(t);
3490 return PTR_ERR(p);
3491 }
3492 kthread_bind(p, cpu);
3493 t->tsk = p;
3494
3495 pe = create_proc_entry(t->tsk->comm, 0600, pg_proc_dir);
3541 if (!pe) { 3496 if (!pe) {
3542 printk("pktgen: cannot create %s/%s procfs entry.\n", 3497 printk("pktgen: cannot create %s/%s procfs entry.\n",
3543 PG_PROC_DIR, t->name); 3498 PG_PROC_DIR, t->tsk->comm);
3499 kthread_stop(p);
3500 list_del(&t->th_list);
3544 kfree(t); 3501 kfree(t);
3545 return -EINVAL; 3502 return -EINVAL;
3546 } 3503 }
@@ -3548,21 +3505,7 @@ static int __init pktgen_create_thread(const char *name, int cpu)
3548 pe->proc_fops = &pktgen_thread_fops; 3505 pe->proc_fops = &pktgen_thread_fops;
3549 pe->data = t; 3506 pe->data = t;
3550 3507
3551 INIT_LIST_HEAD(&t->if_list); 3508 wake_up_process(p);
3552
3553 list_add_tail(&t->th_list, &pktgen_threads);
3554
3555 t->removed = 0;
3556
3557 err = kernel_thread((void *)pktgen_thread_worker, (void *)t,
3558 CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
3559 if (err < 0) {
3560 printk("pktgen: kernel_thread() failed for cpu %d\n", t->cpu);
3561 remove_proc_entry(t->name, pg_proc_dir);
3562 list_del(&t->th_list);
3563 kfree(t);
3564 return err;
3565 }
3566 3509
3567 return 0; 3510 return 0;
3568} 3511}
@@ -3643,10 +3586,8 @@ static int __init pg_init(void)
3643 3586
3644 for_each_online_cpu(cpu) { 3587 for_each_online_cpu(cpu) {
3645 int err; 3588 int err;
3646 char buf[30];
3647 3589
3648 sprintf(buf, "kpktgend_%i", cpu); 3590 err = pktgen_create_thread(cpu);
3649 err = pktgen_create_thread(buf, cpu);
3650 if (err) 3591 if (err)
3651 printk("pktgen: WARNING: Cannot create thread for cpu %d (%d)\n", 3592 printk("pktgen: WARNING: Cannot create thread for cpu %d (%d)\n",
3652 cpu, err); 3593 cpu, err);
@@ -3674,9 +3615,8 @@ static void __exit pg_cleanup(void)
3674 3615
3675 list_for_each_safe(q, n, &pktgen_threads) { 3616 list_for_each_safe(q, n, &pktgen_threads) {
3676 t = list_entry(q, struct pktgen_thread, th_list); 3617 t = list_entry(q, struct pktgen_thread, th_list);
3677 t->control |= (T_TERMINATE); 3618 kthread_stop(t->tsk);
3678 3619 kfree(t);
3679 wait_event_interruptible_timeout(queue, (t->removed == 1), HZ);
3680 } 3620 }
3681 3621
3682 /* Un-register us from receiving netdevice events */ 3622 /* Un-register us from receiving netdevice events */
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 1144900d37f6..d60fd7321e63 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -305,7 +305,7 @@ lookup_protocol:
305 sk->sk_reuse = 1; 305 sk->sk_reuse = 1;
306 306
307 inet = inet_sk(sk); 307 inet = inet_sk(sk);
308 inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; 308 inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK;
309 309
310 if (SOCK_RAW == sock->type) { 310 if (SOCK_RAW == sock->type) {
311 inet->num = protocol; 311 inet->num = protocol;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 84bed40273ad..25c8a42965df 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -165,9 +165,8 @@ struct in_device *inetdev_init(struct net_device *dev)
165 NET_IPV4_NEIGH, "ipv4", NULL, NULL); 165 NET_IPV4_NEIGH, "ipv4", NULL, NULL);
166#endif 166#endif
167 167
168 /* Account for reference dev->ip_ptr */ 168 /* Account for reference dev->ip_ptr (below) */
169 in_dev_hold(in_dev); 169 in_dev_hold(in_dev);
170 rcu_assign_pointer(dev->ip_ptr, in_dev);
171 170
172#ifdef CONFIG_SYSCTL 171#ifdef CONFIG_SYSCTL
173 devinet_sysctl_register(in_dev, &in_dev->cnf); 172 devinet_sysctl_register(in_dev, &in_dev->cnf);
@@ -176,6 +175,8 @@ struct in_device *inetdev_init(struct net_device *dev)
176 if (dev->flags & IFF_UP) 175 if (dev->flags & IFF_UP)
177 ip_mc_up(in_dev); 176 ip_mc_up(in_dev);
178out: 177out:
178 /* we can receive as soon as ip_ptr is set -- do this last */
179 rcu_assign_pointer(dev->ip_ptr, in_dev);
179 return in_dev; 180 return in_dev;
180out_kfree: 181out_kfree:
181 kfree(in_dev); 182 kfree(in_dev);
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index a68966059b50..c47ce7076bd5 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -15,16 +15,19 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
15 struct flowi fl = {}; 15 struct flowi fl = {};
16 struct dst_entry *odst; 16 struct dst_entry *odst;
17 unsigned int hh_len; 17 unsigned int hh_len;
18 unsigned int type;
18 19
20 type = inet_addr_type(iph->saddr);
19 if (addr_type == RTN_UNSPEC) 21 if (addr_type == RTN_UNSPEC)
20 addr_type = inet_addr_type(iph->saddr); 22 addr_type = type;
21 23
22 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause 24 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
23 * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook. 25 * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
24 */ 26 */
25 if (addr_type == RTN_LOCAL) { 27 if (addr_type == RTN_LOCAL) {
26 fl.nl_u.ip4_u.daddr = iph->daddr; 28 fl.nl_u.ip4_u.daddr = iph->daddr;
27 fl.nl_u.ip4_u.saddr = iph->saddr; 29 if (type == RTN_LOCAL)
30 fl.nl_u.ip4_u.saddr = iph->saddr;
28 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); 31 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
29 fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; 32 fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0;
30 fl.mark = (*pskb)->mark; 33 fl.mark = (*pskb)->mark;
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index f6026d4ac428..47bd3ad18b71 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -6,8 +6,8 @@ menu "IP: Netfilter Configuration"
6 depends on INET && NETFILTER 6 depends on INET && NETFILTER
7 7
8config NF_CONNTRACK_IPV4 8config NF_CONNTRACK_IPV4
9 tristate "IPv4 connection tracking support (required for NAT) (EXPERIMENTAL)" 9 tristate "IPv4 connection tracking support (required for NAT)"
10 depends on EXPERIMENTAL && NF_CONNTRACK 10 depends on NF_CONNTRACK
11 ---help--- 11 ---help---
12 Connection tracking keeps a record of what packets have passed 12 Connection tracking keeps a record of what packets have passed
13 through your machine, in order to figure out how they are related 13 through your machine, in order to figure out how they are related
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 09696f16aa95..fc1f153c86ba 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -919,13 +919,13 @@ copy_entries_to_user(unsigned int total_size,
919#ifdef CONFIG_COMPAT 919#ifdef CONFIG_COMPAT
920struct compat_delta { 920struct compat_delta {
921 struct compat_delta *next; 921 struct compat_delta *next;
922 u_int16_t offset; 922 unsigned int offset;
923 short delta; 923 short delta;
924}; 924};
925 925
926static struct compat_delta *compat_offsets = NULL; 926static struct compat_delta *compat_offsets = NULL;
927 927
928static int compat_add_offset(u_int16_t offset, short delta) 928static int compat_add_offset(unsigned int offset, short delta)
929{ 929{
930 struct compat_delta *tmp; 930 struct compat_delta *tmp;
931 931
@@ -957,7 +957,7 @@ static void compat_flush_offsets(void)
957 } 957 }
958} 958}
959 959
960static short compat_calc_jump(u_int16_t offset) 960static short compat_calc_jump(unsigned int offset)
961{ 961{
962 struct compat_delta *tmp; 962 struct compat_delta *tmp;
963 short delta; 963 short delta;
@@ -997,7 +997,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info,
997 void *base, struct xt_table_info *newinfo) 997 void *base, struct xt_table_info *newinfo)
998{ 998{
999 struct ipt_entry_target *t; 999 struct ipt_entry_target *t;
1000 u_int16_t entry_offset; 1000 unsigned int entry_offset;
1001 int off, i, ret; 1001 int off, i, ret;
1002 1002
1003 off = 0; 1003 off = 0;
@@ -1467,7 +1467,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e,
1467{ 1467{
1468 struct ipt_entry_target *t; 1468 struct ipt_entry_target *t;
1469 struct ipt_target *target; 1469 struct ipt_target *target;
1470 u_int16_t entry_offset; 1470 unsigned int entry_offset;
1471 int ret, off, h, j; 1471 int ret, off, h, j;
1472 1472
1473 duprintf("check_compat_entry_size_and_hooks %p\n", e); 1473 duprintf("check_compat_entry_size_and_hooks %p\n", e);
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 28b9233956b5..d669685afd04 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -127,10 +127,13 @@ masquerade_target(struct sk_buff **pskb,
127static inline int 127static inline int
128device_cmp(struct ip_conntrack *i, void *ifindex) 128device_cmp(struct ip_conntrack *i, void *ifindex)
129{ 129{
130 int ret;
130#ifdef CONFIG_NF_NAT_NEEDED 131#ifdef CONFIG_NF_NAT_NEEDED
131 struct nf_conn_nat *nat = nfct_nat(i); 132 struct nf_conn_nat *nat = nfct_nat(i);
133
134 if (!nat)
135 return 0;
132#endif 136#endif
133 int ret;
134 137
135 read_lock_bh(&masq_lock); 138 read_lock_bh(&masq_lock);
136#ifdef CONFIG_NF_NAT_NEEDED 139#ifdef CONFIG_NF_NAT_NEEDED
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index bf7a22412bcb..12de90a5047c 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -648,7 +648,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
648 TCPOLEN_TIMESTAMP); 648 TCPOLEN_TIMESTAMP);
649 rep.opt[1] = htonl(tcp_time_stamp); 649 rep.opt[1] = htonl(tcp_time_stamp);
650 rep.opt[2] = htonl(ts); 650 rep.opt[2] = htonl(ts);
651 arg.iov[0].iov_len = TCPOLEN_TSTAMP_ALIGNED; 651 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
652 } 652 }
653 653
654 /* Swap the send and the receive. */ 654 /* Swap the send and the receive. */
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 9b0a90643151..171e5b55d7d6 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -413,8 +413,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
413 if (netif_carrier_ok(dev)) 413 if (netif_carrier_ok(dev))
414 ndev->if_flags |= IF_READY; 414 ndev->if_flags |= IF_READY;
415 415
416 /* protected by rtnl_lock */
417 rcu_assign_pointer(dev->ip6_ptr, ndev);
418 416
419 ipv6_mc_init_dev(ndev); 417 ipv6_mc_init_dev(ndev);
420 ndev->tstamp = jiffies; 418 ndev->tstamp = jiffies;
@@ -425,6 +423,8 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
425 NULL); 423 NULL);
426 addrconf_sysctl_register(ndev, &ndev->cnf); 424 addrconf_sysctl_register(ndev, &ndev->cnf);
427#endif 425#endif
426 /* protected by rtnl_lock */
427 rcu_assign_pointer(dev->ip6_ptr, ndev);
428 return ndev; 428 return ndev;
429} 429}
430 430
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index e5cd83b2205d..832a5e6e2d7e 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -171,7 +171,7 @@ lookup_protocol:
171 sk->sk_reuse = 1; 171 sk->sk_reuse = 1;
172 172
173 inet = inet_sk(sk); 173 inet = inet_sk(sk);
174 inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; 174 inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK;
175 175
176 if (SOCK_RAW == sock->type) { 176 if (SOCK_RAW == sock->type) {
177 inet->num = protocol; 177 inet->num = protocol;
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 1b853c34d301..cd10e44db015 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -44,8 +44,7 @@ choice
44 depends on NF_CONNTRACK_ENABLED 44 depends on NF_CONNTRACK_ENABLED
45 45
46config NF_CONNTRACK_SUPPORT 46config NF_CONNTRACK_SUPPORT
47 bool "Layer 3 Independent Connection tracking (EXPERIMENTAL)" 47 bool "Layer 3 Independent Connection tracking"
48 depends on EXPERIMENTAL
49 help 48 help
50 Layer 3 independent connection tracking is experimental scheme 49 Layer 3 independent connection tracking is experimental scheme
51 which generalize ip_conntrack to support other layer 3 protocols. 50 which generalize ip_conntrack to support other layer 3 protocols.
@@ -122,7 +121,7 @@ config NF_CONNTRACK_EVENTS
122 121
123config NF_CT_PROTO_GRE 122config NF_CT_PROTO_GRE
124 tristate 123 tristate
125 depends on EXPERIMENTAL && NF_CONNTRACK 124 depends on NF_CONNTRACK
126 125
127config NF_CT_PROTO_SCTP 126config NF_CT_PROTO_SCTP
128 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' 127 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
@@ -136,8 +135,8 @@ config NF_CT_PROTO_SCTP
136 Documentation/modules.txt. If unsure, say `N'. 135 Documentation/modules.txt. If unsure, say `N'.
137 136
138config NF_CONNTRACK_AMANDA 137config NF_CONNTRACK_AMANDA
139 tristate "Amanda backup protocol support (EXPERIMENTAL)" 138 tristate "Amanda backup protocol support"
140 depends on EXPERIMENTAL && NF_CONNTRACK 139 depends on NF_CONNTRACK
141 select TEXTSEARCH 140 select TEXTSEARCH
142 select TEXTSEARCH_KMP 141 select TEXTSEARCH_KMP
143 help 142 help
@@ -151,8 +150,8 @@ config NF_CONNTRACK_AMANDA
151 To compile it as a module, choose M here. If unsure, say N. 150 To compile it as a module, choose M here. If unsure, say N.
152 151
153config NF_CONNTRACK_FTP 152config NF_CONNTRACK_FTP
154 tristate "FTP protocol support (EXPERIMENTAL)" 153 tristate "FTP protocol support"
155 depends on EXPERIMENTAL && NF_CONNTRACK 154 depends on NF_CONNTRACK
156 help 155 help
157 Tracking FTP connections is problematic: special helpers are 156 Tracking FTP connections is problematic: special helpers are
158 required for tracking them, and doing masquerading and other forms 157 required for tracking them, and doing masquerading and other forms
@@ -184,8 +183,8 @@ config NF_CONNTRACK_H323
184 To compile it as a module, choose M here. If unsure, say N. 183 To compile it as a module, choose M here. If unsure, say N.
185 184
186config NF_CONNTRACK_IRC 185config NF_CONNTRACK_IRC
187 tristate "IRC protocol support (EXPERIMENTAL)" 186 tristate "IRC protocol support"
188 depends on EXPERIMENTAL && NF_CONNTRACK 187 depends on NF_CONNTRACK
189 help 188 help
190 There is a commonly-used extension to IRC called 189 There is a commonly-used extension to IRC called
191 Direct Client-to-Client Protocol (DCC). This enables users to send 190 Direct Client-to-Client Protocol (DCC). This enables users to send
@@ -218,8 +217,8 @@ config NF_CONNTRACK_NETBIOS_NS
218 To compile it as a module, choose M here. If unsure, say N. 217 To compile it as a module, choose M here. If unsure, say N.
219 218
220config NF_CONNTRACK_PPTP 219config NF_CONNTRACK_PPTP
221 tristate "PPtP protocol support (EXPERIMENTAL)" 220 tristate "PPtP protocol support"
222 depends on EXPERIMENTAL && NF_CONNTRACK 221 depends on NF_CONNTRACK
223 select NF_CT_PROTO_GRE 222 select NF_CT_PROTO_GRE
224 help 223 help
225 This module adds support for PPTP (Point to Point Tunnelling 224 This module adds support for PPTP (Point to Point Tunnelling
@@ -249,8 +248,8 @@ config NF_CONNTRACK_SIP
249 To compile it as a module, choose M here. If unsure, say N. 248 To compile it as a module, choose M here. If unsure, say N.
250 249
251config NF_CONNTRACK_TFTP 250config NF_CONNTRACK_TFTP
252 tristate "TFTP protocol support (EXPERIMENTAL)" 251 tristate "TFTP protocol support"
253 depends on EXPERIMENTAL && NF_CONNTRACK 252 depends on NF_CONNTRACK
254 help 253 help
255 TFTP connection tracking helper, this is required depending 254 TFTP connection tracking helper, this is required depending
256 on how restrictive your ruleset is. 255 on how restrictive your ruleset is.
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c
index a5b234e444dc..2a48efdf0d67 100644
--- a/net/netfilter/nf_conntrack_netbios_ns.c
+++ b/net/netfilter/nf_conntrack_netbios_ns.c
@@ -89,6 +89,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
89 89
90 exp->expectfn = NULL; 90 exp->expectfn = NULL;
91 exp->flags = NF_CT_EXPECT_PERMANENT; 91 exp->flags = NF_CT_EXPECT_PERMANENT;
92 exp->helper = NULL;
92 93
93 nf_conntrack_expect_related(exp); 94 nf_conntrack_expect_related(exp);
94 nf_conntrack_expect_put(exp); 95 nf_conntrack_expect_put(exp);
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index a5a6e192ac2d..f28bf69d3d42 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -745,7 +745,7 @@ static int __init xt_hashlimit_init(void)
745 } 745 }
746 hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", proc_net); 746 hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", proc_net);
747 if (!hashlimit_procdir6) { 747 if (!hashlimit_procdir6) {
748 printk(KERN_ERR "xt_hashlimit: tnable to create proc dir " 748 printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
749 "entry\n"); 749 "entry\n");
750 goto err4; 750 goto err4;
751 } 751 }
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index 4afc75f9e377..73e0ff469bff 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -130,12 +130,12 @@ static int netlbl_cipsov4_add_common(struct genl_info *info,
130 130
131 nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem) 131 nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
132 if (nla->nla_type == NLBL_CIPSOV4_A_TAG) { 132 if (nla->nla_type == NLBL_CIPSOV4_A_TAG) {
133 if (iter > CIPSO_V4_TAG_MAXCNT) 133 if (iter >= CIPSO_V4_TAG_MAXCNT)
134 return -EINVAL; 134 return -EINVAL;
135 doi_def->tags[iter++] = nla_get_u8(nla); 135 doi_def->tags[iter++] = nla_get_u8(nla);
136 } 136 }
137 if (iter < CIPSO_V4_TAG_MAXCNT) 137 while (iter < CIPSO_V4_TAG_MAXCNT)
138 doi_def->tags[iter] = CIPSO_V4_TAG_INVALID; 138 doi_def->tags[iter++] = CIPSO_V4_TAG_INVALID;
139 139
140 return 0; 140 return 0;
141} 141}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 276131fe56dd..383dd4e82ee1 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -472,8 +472,7 @@ static int netlink_release(struct socket *sock)
472 NETLINK_URELEASE, &n); 472 NETLINK_URELEASE, &n);
473 } 473 }
474 474
475 if (nlk->module) 475 module_put(nlk->module);
476 module_put(nlk->module);
477 476
478 netlink_table_grab(); 477 netlink_table_grab();
479 if (nlk->flags & NETLINK_KERNEL_SOCKET) { 478 if (nlk->flags & NETLINK_KERNEL_SOCKET) {
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 52a2726d327f..b5c80b189902 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -484,8 +484,6 @@ out:
484 return sk; 484 return sk;
485} 485}
486 486
487void x25_init_timers(struct sock *sk);
488
489static int x25_create(struct socket *sock, int protocol) 487static int x25_create(struct socket *sock, int protocol)
490{ 488{
491 struct sock *sk; 489 struct sock *sk;
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c
index 9f42b9c9de37..27f5cc7966f6 100644
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -254,7 +254,7 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
254 * They want reverse charging, we won't accept it. 254 * They want reverse charging, we won't accept it.
255 */ 255 */
256 if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) { 256 if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
257 SOCK_DEBUG(sk, "X.25: rejecting reverse charging request"); 257 SOCK_DEBUG(sk, "X.25: rejecting reverse charging request\n");
258 return -1; 258 return -1;
259 } 259 }
260 260
@@ -262,29 +262,29 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
262 262
263 if (theirs.throughput) { 263 if (theirs.throughput) {
264 if (theirs.throughput < ours->throughput) { 264 if (theirs.throughput < ours->throughput) {
265 SOCK_DEBUG(sk, "X.25: throughput negotiated down"); 265 SOCK_DEBUG(sk, "X.25: throughput negotiated down\n");
266 new->throughput = theirs.throughput; 266 new->throughput = theirs.throughput;
267 } 267 }
268 } 268 }
269 269
270 if (theirs.pacsize_in && theirs.pacsize_out) { 270 if (theirs.pacsize_in && theirs.pacsize_out) {
271 if (theirs.pacsize_in < ours->pacsize_in) { 271 if (theirs.pacsize_in < ours->pacsize_in) {
272 SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down"); 272 SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down\n");
273 new->pacsize_in = theirs.pacsize_in; 273 new->pacsize_in = theirs.pacsize_in;
274 } 274 }
275 if (theirs.pacsize_out < ours->pacsize_out) { 275 if (theirs.pacsize_out < ours->pacsize_out) {
276 SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down"); 276 SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down\n");
277 new->pacsize_out = theirs.pacsize_out; 277 new->pacsize_out = theirs.pacsize_out;
278 } 278 }
279 } 279 }
280 280
281 if (theirs.winsize_in && theirs.winsize_out) { 281 if (theirs.winsize_in && theirs.winsize_out) {
282 if (theirs.winsize_in < ours->winsize_in) { 282 if (theirs.winsize_in < ours->winsize_in) {
283 SOCK_DEBUG(sk, "X.25: window size inwards negotiated down"); 283 SOCK_DEBUG(sk, "X.25: window size inwards negotiated down\n");
284 new->winsize_in = theirs.winsize_in; 284 new->winsize_in = theirs.winsize_in;
285 } 285 }
286 if (theirs.winsize_out < ours->winsize_out) { 286 if (theirs.winsize_out < ours->winsize_out) {
287 SOCK_DEBUG(sk, "X.25: window size outwards negotiated down"); 287 SOCK_DEBUG(sk, "X.25: window size outwards negotiated down\n");
288 new->winsize_out = theirs.winsize_out; 288 new->winsize_out = theirs.winsize_out;
289 } 289 }
290 } 290 }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index e5372b11fc8f..82f36d396fca 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -434,18 +434,19 @@ error_no_put:
434 return NULL; 434 return NULL;
435} 435}
436 436
437static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 437static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
438 struct rtattr **xfrma)
438{ 439{
439 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 440 struct xfrm_usersa_info *p = NLMSG_DATA(nlh);
440 struct xfrm_state *x; 441 struct xfrm_state *x;
441 int err; 442 int err;
442 struct km_event c; 443 struct km_event c;
443 444
444 err = verify_newsa_info(p, (struct rtattr **)xfrma); 445 err = verify_newsa_info(p, xfrma);
445 if (err) 446 if (err)
446 return err; 447 return err;
447 448
448 x = xfrm_state_construct(p, (struct rtattr **)xfrma, &err); 449 x = xfrm_state_construct(p, xfrma, &err);
449 if (!x) 450 if (!x)
450 return err; 451 return err;
451 452
@@ -507,14 +508,15 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p,
507 return x; 508 return x;
508} 509}
509 510
510static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 511static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
512 struct rtattr **xfrma)
511{ 513{
512 struct xfrm_state *x; 514 struct xfrm_state *x;
513 int err = -ESRCH; 515 int err = -ESRCH;
514 struct km_event c; 516 struct km_event c;
515 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 517 struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
516 518
517 x = xfrm_user_state_lookup(p, (struct rtattr **)xfrma, &err); 519 x = xfrm_user_state_lookup(p, xfrma, &err);
518 if (x == NULL) 520 if (x == NULL)
519 return err; 521 return err;
520 522
@@ -672,14 +674,15 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
672 return skb; 674 return skb;
673} 675}
674 676
675static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 677static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
678 struct rtattr **xfrma)
676{ 679{
677 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 680 struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
678 struct xfrm_state *x; 681 struct xfrm_state *x;
679 struct sk_buff *resp_skb; 682 struct sk_buff *resp_skb;
680 int err = -ESRCH; 683 int err = -ESRCH;
681 684
682 x = xfrm_user_state_lookup(p, (struct rtattr **)xfrma, &err); 685 x = xfrm_user_state_lookup(p, xfrma, &err);
683 if (x == NULL) 686 if (x == NULL)
684 goto out_noput; 687 goto out_noput;
685 688
@@ -718,7 +721,8 @@ static int verify_userspi_info(struct xfrm_userspi_info *p)
718 return 0; 721 return 0;
719} 722}
720 723
721static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 724static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
725 struct rtattr **xfrma)
722{ 726{
723 struct xfrm_state *x; 727 struct xfrm_state *x;
724 struct xfrm_userspi_info *p; 728 struct xfrm_userspi_info *p;
@@ -1013,7 +1017,8 @@ static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p,
1013 return NULL; 1017 return NULL;
1014} 1018}
1015 1019
1016static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1020static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1021 struct rtattr **xfrma)
1017{ 1022{
1018 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 1023 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh);
1019 struct xfrm_policy *xp; 1024 struct xfrm_policy *xp;
@@ -1024,11 +1029,11 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
1024 err = verify_newpolicy_info(p); 1029 err = verify_newpolicy_info(p);
1025 if (err) 1030 if (err)
1026 return err; 1031 return err;
1027 err = verify_sec_ctx_len((struct rtattr **)xfrma); 1032 err = verify_sec_ctx_len(xfrma);
1028 if (err) 1033 if (err)
1029 return err; 1034 return err;
1030 1035
1031 xp = xfrm_policy_construct(p, (struct rtattr **)xfrma, &err); 1036 xp = xfrm_policy_construct(p, xfrma, &err);
1032 if (!xp) 1037 if (!xp)
1033 return err; 1038 return err;
1034 1039
@@ -1227,7 +1232,8 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1227 return skb; 1232 return skb;
1228} 1233}
1229 1234
1230static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1235static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1236 struct rtattr **xfrma)
1231{ 1237{
1232 struct xfrm_policy *xp; 1238 struct xfrm_policy *xp;
1233 struct xfrm_userpolicy_id *p; 1239 struct xfrm_userpolicy_id *p;
@@ -1239,7 +1245,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
1239 p = NLMSG_DATA(nlh); 1245 p = NLMSG_DATA(nlh);
1240 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1246 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY;
1241 1247
1242 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1248 err = copy_from_user_policy_type(&type, xfrma);
1243 if (err) 1249 if (err)
1244 return err; 1250 return err;
1245 1251
@@ -1250,11 +1256,10 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
1250 if (p->index) 1256 if (p->index)
1251 xp = xfrm_policy_byid(type, p->dir, p->index, delete); 1257 xp = xfrm_policy_byid(type, p->dir, p->index, delete);
1252 else { 1258 else {
1253 struct rtattr **rtattrs = (struct rtattr **)xfrma; 1259 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
1254 struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
1255 struct xfrm_policy tmp; 1260 struct xfrm_policy tmp;
1256 1261
1257 err = verify_sec_ctx_len(rtattrs); 1262 err = verify_sec_ctx_len(xfrma);
1258 if (err) 1263 if (err)
1259 return err; 1264 return err;
1260 1265
@@ -1302,7 +1307,8 @@ out:
1302 return err; 1307 return err;
1303} 1308}
1304 1309
1305static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1310static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1311 struct rtattr **xfrma)
1306{ 1312{
1307 struct km_event c; 1313 struct km_event c;
1308 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 1314 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh);
@@ -1367,7 +1373,8 @@ nlmsg_failure:
1367 return -1; 1373 return -1;
1368} 1374}
1369 1375
1370static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1376static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1377 struct rtattr **xfrma)
1371{ 1378{
1372 struct xfrm_state *x; 1379 struct xfrm_state *x;
1373 struct sk_buff *r_skb; 1380 struct sk_buff *r_skb;
@@ -1415,7 +1422,8 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
1415 return err; 1422 return err;
1416} 1423}
1417 1424
1418static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1425static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1426 struct rtattr **xfrma)
1419{ 1427{
1420 struct xfrm_state *x; 1428 struct xfrm_state *x;
1421 struct km_event c; 1429 struct km_event c;
@@ -1439,7 +1447,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
1439 goto out; 1447 goto out;
1440 1448
1441 spin_lock_bh(&x->lock); 1449 spin_lock_bh(&x->lock);
1442 err = xfrm_update_ae_params(x,(struct rtattr **)xfrma); 1450 err = xfrm_update_ae_params(x, xfrma);
1443 spin_unlock_bh(&x->lock); 1451 spin_unlock_bh(&x->lock);
1444 if (err < 0) 1452 if (err < 0)
1445 goto out; 1453 goto out;
@@ -1455,14 +1463,15 @@ out:
1455 return err; 1463 return err;
1456} 1464}
1457 1465
1458static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1466static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1467 struct rtattr **xfrma)
1459{ 1468{
1460 struct km_event c; 1469 struct km_event c;
1461 u8 type = XFRM_POLICY_TYPE_MAIN; 1470 u8 type = XFRM_POLICY_TYPE_MAIN;
1462 int err; 1471 int err;
1463 struct xfrm_audit audit_info; 1472 struct xfrm_audit audit_info;
1464 1473
1465 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1474 err = copy_from_user_policy_type(&type, xfrma);
1466 if (err) 1475 if (err)
1467 return err; 1476 return err;
1468 1477
@@ -1477,7 +1486,8 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
1477 return 0; 1486 return 0;
1478} 1487}
1479 1488
1480static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1489static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1490 struct rtattr **xfrma)
1481{ 1491{
1482 struct xfrm_policy *xp; 1492 struct xfrm_policy *xp;
1483 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); 1493 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
@@ -1485,18 +1495,17 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void *
1485 u8 type = XFRM_POLICY_TYPE_MAIN; 1495 u8 type = XFRM_POLICY_TYPE_MAIN;
1486 int err = -ENOENT; 1496 int err = -ENOENT;
1487 1497
1488 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1498 err = copy_from_user_policy_type(&type, xfrma);
1489 if (err) 1499 if (err)
1490 return err; 1500 return err;
1491 1501
1492 if (p->index) 1502 if (p->index)
1493 xp = xfrm_policy_byid(type, p->dir, p->index, 0); 1503 xp = xfrm_policy_byid(type, p->dir, p->index, 0);
1494 else { 1504 else {
1495 struct rtattr **rtattrs = (struct rtattr **)xfrma; 1505 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
1496 struct rtattr *rt = rtattrs[XFRMA_SEC_CTX-1];
1497 struct xfrm_policy tmp; 1506 struct xfrm_policy tmp;
1498 1507
1499 err = verify_sec_ctx_len(rtattrs); 1508 err = verify_sec_ctx_len(xfrma);
1500 if (err) 1509 if (err)
1501 return err; 1510 return err;
1502 1511
@@ -1537,7 +1546,8 @@ out:
1537 return err; 1546 return err;
1538} 1547}
1539 1548
1540static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1549static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1550 struct rtattr **xfrma)
1541{ 1551{
1542 struct xfrm_state *x; 1552 struct xfrm_state *x;
1543 int err; 1553 int err;
@@ -1568,7 +1578,8 @@ out:
1568 return err; 1578 return err;
1569} 1579}
1570 1580
1571static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1581static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
1582 struct rtattr **xfrma)
1572{ 1583{
1573 struct xfrm_policy *xp; 1584 struct xfrm_policy *xp;
1574 struct xfrm_user_tmpl *ut; 1585 struct xfrm_user_tmpl *ut;
@@ -1647,7 +1658,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
1647#undef XMSGSIZE 1658#undef XMSGSIZE
1648 1659
1649static struct xfrm_link { 1660static struct xfrm_link {
1650 int (*doit)(struct sk_buff *, struct nlmsghdr *, void **); 1661 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct rtattr **);
1651 int (*dump)(struct sk_buff *, struct netlink_callback *); 1662 int (*dump)(struct sk_buff *, struct netlink_callback *);
1652} xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1663} xfrm_dispatch[XFRM_NR_MSGTYPES] = {
1653 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1664 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
@@ -1735,7 +1746,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *err
1735 1746
1736 if (link->doit == NULL) 1747 if (link->doit == NULL)
1737 goto err_einval; 1748 goto err_einval;
1738 *errp = link->doit(skb, nlh, (void **) &xfrma); 1749 *errp = link->doit(skb, nlh, xfrma);
1739 1750
1740 return *errp; 1751 return *errp;
1741 1752
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-02 09:21:20 -0400