aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/atm/signaling.c10
-rw-r--r--net/bridge/br_if.c33
-rw-r--r--net/bridge/br_netfilter.c1
-rw-r--r--net/bridge/br_stp_if.c6
-rw-r--r--net/bridge/netfilter/Makefile2
-rw-r--r--net/bridge/netfilter/ebt_log.c7
-rw-r--r--net/core/request_sock.c1
-rw-r--r--net/core/skbuff.c10
-rw-r--r--net/dccp/ccids/ccid3.c10
-rw-r--r--net/ethernet/eth.c12
-rw-r--r--net/ieee80211/ieee80211_rx.c16
-rw-r--r--net/ipv4/esp4.c185
-rw-r--r--net/ipv4/ip_gre.c3
-rw-r--r--net/ipv4/ip_output.c23
-rw-r--r--net/ipv4/ipip.c3
-rw-r--r--net/ipv4/netfilter.c41
-rw-r--r--net/ipv4/netfilter/arp_tables.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c18
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c22
-rw-r--r--net/ipv4/netfilter/ip_queue.c2
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c7
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c5
-rw-r--r--net/ipv4/route.c2
-rw-r--r--net/ipv4/tcp_highspeed.c2
-rw-r--r--net/ipv4/tcp_output.c4
-rw-r--r--net/ipv4/xfrm4_output.c13
-rw-r--r--net/ipv4/xfrm4_policy.c5
-rw-r--r--net/ipv6/addrconf.c2
-rw-r--r--net/ipv6/ah6.c2
-rw-r--r--net/ipv6/icmp.c6
-rw-r--r--net/ipv6/inet6_hashtables.c6
-rw-r--r--net/ipv6/ip6_output.c22
-rw-r--r--net/ipv6/ip6_tunnel.c3
-rw-r--r--net/ipv6/netfilter/ip6_queue.c2
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c7
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c2
-rw-r--r--net/key/af_key.c2
-rw-r--r--net/netfilter/Kconfig6
-rw-r--r--net/netfilter/nf_conntrack_core.c5
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c4
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c4
-rw-r--r--net/netfilter/nf_queue.c42
-rw-r--r--net/netfilter/nfnetlink_queue.c6
-rw-r--r--net/netlink/af_netlink.c5
-rw-r--r--net/sched/act_api.c2
-rw-r--r--net/unix/af_unix.c2
-rw-r--r--net/xfrm/xfrm_policy.c16
-rw-r--r--net/xfrm/xfrm_state.c8
-rw-r--r--net/xfrm/xfrm_user.c2
49 files changed, 316 insertions, 285 deletions
diff --git a/net/atm/signaling.c b/net/atm/signaling.c
index 93ad59a28ef5..31d98b57e1de 100644
--- a/net/atm/signaling.c
+++ b/net/atm/signaling.c
@@ -39,25 +39,19 @@ static DECLARE_WAIT_QUEUE_HEAD(sigd_sleep);
39static void sigd_put_skb(struct sk_buff *skb) 39static void sigd_put_skb(struct sk_buff *skb)
40{ 40{
41#ifdef WAIT_FOR_DEMON 41#ifdef WAIT_FOR_DEMON
42 static unsigned long silence;
43 DECLARE_WAITQUEUE(wait,current); 42 DECLARE_WAITQUEUE(wait,current);
44 43
45 add_wait_queue(&sigd_sleep,&wait); 44 add_wait_queue(&sigd_sleep,&wait);
46 while (!sigd) { 45 while (!sigd) {
47 set_current_state(TASK_UNINTERRUPTIBLE); 46 set_current_state(TASK_UNINTERRUPTIBLE);
48 if (time_after(jiffies, silence) || silence == 0) { 47 DPRINTK("atmsvc: waiting for signaling demon...\n");
49 printk(KERN_INFO "atmsvc: waiting for signaling demon "
50 "...\n");
51 silence = (jiffies+30*HZ)|1;
52 }
53 schedule(); 48 schedule();
54 } 49 }
55 current->state = TASK_RUNNING; 50 current->state = TASK_RUNNING;
56 remove_wait_queue(&sigd_sleep,&wait); 51 remove_wait_queue(&sigd_sleep,&wait);
57#else 52#else
58 if (!sigd) { 53 if (!sigd) {
59 if (net_ratelimit()) 54 DPRINTK("atmsvc: no signaling demon\n");
60 printk(KERN_WARNING "atmsvc: no signaling demon\n");
61 kfree_skb(skb); 55 kfree_skb(skb);
62 return; 56 return;
63 } 57 }
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 7fa3a5a9971f..f36b35edd60c 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -81,26 +81,27 @@ static void port_carrier_check(void *arg)
81{ 81{
82 struct net_device *dev = arg; 82 struct net_device *dev = arg;
83 struct net_bridge_port *p; 83 struct net_bridge_port *p;
84 struct net_bridge *br;
84 85
85 rtnl_lock(); 86 rtnl_lock();
86 p = dev->br_port; 87 p = dev->br_port;
87 if (!p) 88 if (!p)
88 goto done; 89 goto done;
89 90 br = p->br;
90 if (netif_carrier_ok(p->dev)) { 91
91 u32 cost = port_cost(p->dev); 92 if (netif_carrier_ok(dev))
92 93 p->path_cost = port_cost(dev);
93 spin_lock_bh(&p->br->lock); 94
94 if (p->state == BR_STATE_DISABLED) { 95 if (br->dev->flags & IFF_UP) {
95 p->path_cost = cost; 96 spin_lock_bh(&br->lock);
96 br_stp_enable_port(p); 97 if (netif_carrier_ok(dev)) {
98 if (p->state == BR_STATE_DISABLED)
99 br_stp_enable_port(p);
100 } else {
101 if (p->state != BR_STATE_DISABLED)
102 br_stp_disable_port(p);
97 } 103 }
98 spin_unlock_bh(&p->br->lock); 104 spin_unlock_bh(&br->lock);
99 } else {
100 spin_lock_bh(&p->br->lock);
101 if (p->state != BR_STATE_DISABLED)
102 br_stp_disable_port(p);
103 spin_unlock_bh(&p->br->lock);
104 } 105 }
105done: 106done:
106 rtnl_unlock(); 107 rtnl_unlock();
@@ -168,6 +169,7 @@ static void del_nbp(struct net_bridge_port *p)
168 169
169 rcu_assign_pointer(dev->br_port, NULL); 170 rcu_assign_pointer(dev->br_port, NULL);
170 171
172 kobject_uevent(&p->kobj, KOBJ_REMOVE);
171 kobject_del(&p->kobj); 173 kobject_del(&p->kobj);
172 174
173 call_rcu(&p->rcu, destroy_nbp_rcu); 175 call_rcu(&p->rcu, destroy_nbp_rcu);
@@ -276,8 +278,9 @@ static struct net_bridge_port *new_nbp(struct net_bridge *br,
276 br_init_port(p); 278 br_init_port(p);
277 p->state = BR_STATE_DISABLED; 279 p->state = BR_STATE_DISABLED;
278 INIT_WORK(&p->carrier_check, port_carrier_check, dev); 280 INIT_WORK(&p->carrier_check, port_carrier_check, dev);
279 kobject_init(&p->kobj); 281 br_stp_port_timer_init(p);
280 282
283 kobject_init(&p->kobj);
281 kobject_set_name(&p->kobj, SYSFS_BRIDGE_PORT_ATTR); 284 kobject_set_name(&p->kobj, SYSFS_BRIDGE_PORT_ATTR);
282 p->kobj.ktype = &brport_ktype; 285 p->kobj.ktype = &brport_ktype;
283 p->kobj.parent = &(dev->class_dev.kobj); 286 p->kobj.parent = &(dev->class_dev.kobj);
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 6bb0c7eb1ef0..e060aad8624d 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -90,6 +90,7 @@ static struct rtable __fake_rtable = {
90 .dev = &__fake_net_device, 90 .dev = &__fake_net_device,
91 .path = &__fake_rtable.u.dst, 91 .path = &__fake_rtable.u.dst,
92 .metrics = {[RTAX_MTU - 1] = 1500}, 92 .metrics = {[RTAX_MTU - 1] = 1500},
93 .flags = DST_NOXFRM,
93 } 94 }
94 }, 95 },
95 .rt_flags = 0, 96 .rt_flags = 0,
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index cc047f7fb6ef..23dea1422c9a 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -39,8 +39,6 @@ void br_init_port(struct net_bridge_port *p)
39 p->state = BR_STATE_BLOCKING; 39 p->state = BR_STATE_BLOCKING;
40 p->topology_change_ack = 0; 40 p->topology_change_ack = 0;
41 p->config_pending = 0; 41 p->config_pending = 0;
42
43 br_stp_port_timer_init(p);
44} 42}
45 43
46/* called under bridge lock */ 44/* called under bridge lock */
@@ -67,7 +65,7 @@ void br_stp_disable_bridge(struct net_bridge *br)
67{ 65{
68 struct net_bridge_port *p; 66 struct net_bridge_port *p;
69 67
70 spin_lock(&br->lock); 68 spin_lock_bh(&br->lock);
71 list_for_each_entry(p, &br->port_list, list) { 69 list_for_each_entry(p, &br->port_list, list) {
72 if (p->state != BR_STATE_DISABLED) 70 if (p->state != BR_STATE_DISABLED)
73 br_stp_disable_port(p); 71 br_stp_disable_port(p);
@@ -76,7 +74,7 @@ void br_stp_disable_bridge(struct net_bridge *br)
76 74
77 br->topology_change = 0; 75 br->topology_change = 0;
78 br->topology_change_detected = 0; 76 br->topology_change_detected = 0;
79 spin_unlock(&br->lock); 77 spin_unlock_bh(&br->lock);
80 78
81 del_timer_sync(&br->hello_timer); 79 del_timer_sync(&br->hello_timer);
82 del_timer_sync(&br->topology_change_timer); 80 del_timer_sync(&br->topology_change_timer);
diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile
index 8bf6d9f6e9d3..905087e0d485 100644
--- a/net/bridge/netfilter/Makefile
+++ b/net/bridge/netfilter/Makefile
@@ -29,4 +29,4 @@ obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o
29 29
30# watchers 30# watchers
31obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o 31obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o
32obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_ulog.o 32obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 0128fbbe2328..288ff1d4ccc4 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -166,7 +166,12 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
166 li.u.log.level = info->loglevel; 166 li.u.log.level = info->loglevel;
167 li.u.log.logflags = info->bitmask; 167 li.u.log.logflags = info->bitmask;
168 168
169 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix); 169 if (info->bitmask & EBT_LOG_NFLOG)
170 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li,
171 info->prefix);
172 else
173 ebt_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li,
174 info->prefix);
170} 175}
171 176
172static struct ebt_watcher log = 177static struct ebt_watcher log =
diff --git a/net/core/request_sock.c b/net/core/request_sock.c
index b8203de5ff07..98f0fc923f91 100644
--- a/net/core/request_sock.c
+++ b/net/core/request_sock.c
@@ -52,7 +52,6 @@ int reqsk_queue_alloc(struct request_sock_queue *queue,
52 get_random_bytes(&lopt->hash_rnd, sizeof(lopt->hash_rnd)); 52 get_random_bytes(&lopt->hash_rnd, sizeof(lopt->hash_rnd));
53 rwlock_init(&queue->syn_wait_lock); 53 rwlock_init(&queue->syn_wait_lock);
54 queue->rskq_accept_head = queue->rskq_accept_head = NULL; 54 queue->rskq_accept_head = queue->rskq_accept_head = NULL;
55 queue->rskq_defer_accept = 0;
56 lopt->nr_table_entries = nr_table_entries; 55 lopt->nr_table_entries = nr_table_entries;
57 56
58 write_lock_bh(&queue->syn_wait_lock); 57 write_lock_bh(&queue->syn_wait_lock);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 6766f118f070..2144952d1c6c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -411,6 +411,9 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
411 C(pkt_type); 411 C(pkt_type);
412 C(ip_summed); 412 C(ip_summed);
413 C(priority); 413 C(priority);
414#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
415 C(ipvs_property);
416#endif
414 C(protocol); 417 C(protocol);
415 n->destructor = NULL; 418 n->destructor = NULL;
416#ifdef CONFIG_NETFILTER 419#ifdef CONFIG_NETFILTER
@@ -422,13 +425,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
422 C(nfct_reasm); 425 C(nfct_reasm);
423 nf_conntrack_get_reasm(skb->nfct_reasm); 426 nf_conntrack_get_reasm(skb->nfct_reasm);
424#endif 427#endif
425#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
426 C(ipvs_property);
427#endif
428#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
429 C(nfct_reasm);
430 nf_conntrack_get_reasm(skb->nfct_reasm);
431#endif
432#ifdef CONFIG_BRIDGE_NETFILTER 428#ifdef CONFIG_BRIDGE_NETFILTER
433 C(nf_bridge); 429 C(nf_bridge);
434 nf_bridge_get(skb->nf_bridge); 430 nf_bridge_get(skb->nf_bridge);
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
index aa68e0ab274d..35d1d347541c 100644
--- a/net/dccp/ccids/ccid3.c
+++ b/net/dccp/ccids/ccid3.c
@@ -2,7 +2,7 @@
2 * net/dccp/ccids/ccid3.c 2 * net/dccp/ccids/ccid3.c
3 * 3 *
4 * Copyright (c) 2005 The University of Waikato, Hamilton, New Zealand. 4 * Copyright (c) 2005 The University of Waikato, Hamilton, New Zealand.
5 * Copyright (c) 2005 Ian McDonald <iam4@cs.waikato.ac.nz> 5 * Copyright (c) 2005-6 Ian McDonald <imcdnzl@gmail.com>
6 * 6 *
7 * An implementation of the DCCP protocol 7 * An implementation of the DCCP protocol
8 * 8 *
@@ -1033,9 +1033,13 @@ static void ccid3_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb)
1033 p_prev = hcrx->ccid3hcrx_p; 1033 p_prev = hcrx->ccid3hcrx_p;
1034 1034
1035 /* Calculate loss event rate */ 1035 /* Calculate loss event rate */
1036 if (!list_empty(&hcrx->ccid3hcrx_li_hist)) 1036 if (!list_empty(&hcrx->ccid3hcrx_li_hist)) {
1037 u32 i_mean = dccp_li_hist_calc_i_mean(&hcrx->ccid3hcrx_li_hist);
1038
1037 /* Scaling up by 1000000 as fixed decimal */ 1039 /* Scaling up by 1000000 as fixed decimal */
1038 hcrx->ccid3hcrx_p = 1000000 / dccp_li_hist_calc_i_mean(&hcrx->ccid3hcrx_li_hist); 1040 if (i_mean != 0)
1041 hcrx->ccid3hcrx_p = 1000000 / i_mean;
1042 }
1039 1043
1040 if (hcrx->ccid3hcrx_p > p_prev) { 1044 if (hcrx->ccid3hcrx_p > p_prev) {
1041 ccid3_hc_rx_send_feedback(sk); 1045 ccid3_hc_rx_send_feedback(sk);
diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c
index 9890fd97e538..c971f14712ec 100644
--- a/net/ethernet/eth.c
+++ b/net/ethernet/eth.c
@@ -95,6 +95,12 @@ int eth_header(struct sk_buff *skb, struct net_device *dev, unsigned short type,
95 saddr = dev->dev_addr; 95 saddr = dev->dev_addr;
96 memcpy(eth->h_source,saddr,dev->addr_len); 96 memcpy(eth->h_source,saddr,dev->addr_len);
97 97
98 if(daddr)
99 {
100 memcpy(eth->h_dest,daddr,dev->addr_len);
101 return ETH_HLEN;
102 }
103
98 /* 104 /*
99 * Anyway, the loopback-device should never use this function... 105 * Anyway, the loopback-device should never use this function...
100 */ 106 */
@@ -105,12 +111,6 @@ int eth_header(struct sk_buff *skb, struct net_device *dev, unsigned short type,
105 return ETH_HLEN; 111 return ETH_HLEN;
106 } 112 }
107 113
108 if(daddr)
109 {
110 memcpy(eth->h_dest,daddr,dev->addr_len);
111 return ETH_HLEN;
112 }
113
114 return -ETH_HLEN; 114 return -ETH_HLEN;
115} 115}
116 116
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 960aa78cdb97..b410ab8bcf7a 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -1301,7 +1301,7 @@ static void update_network(struct ieee80211_network *dst,
1301 /* dst->last_associate is not overwritten */ 1301 /* dst->last_associate is not overwritten */
1302} 1302}
1303 1303
1304static inline int is_beacon(int fc) 1304static inline int is_beacon(__le16 fc)
1305{ 1305{
1306 return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON); 1306 return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON);
1307} 1307}
@@ -1348,9 +1348,7 @@ static void ieee80211_process_probe_response(struct ieee80211_device
1348 escape_essid(info_element->data, 1348 escape_essid(info_element->data,
1349 info_element->len), 1349 info_element->len),
1350 MAC_ARG(beacon->header.addr3), 1350 MAC_ARG(beacon->header.addr3),
1351 is_beacon(le16_to_cpu 1351 is_beacon(beacon->header.frame_ctl) ?
1352 (beacon->header.
1353 frame_ctl)) ?
1354 "BEACON" : "PROBE RESPONSE"); 1352 "BEACON" : "PROBE RESPONSE");
1355 return; 1353 return;
1356 } 1354 }
@@ -1400,9 +1398,7 @@ static void ieee80211_process_probe_response(struct ieee80211_device
1400 escape_essid(network.ssid, 1398 escape_essid(network.ssid,
1401 network.ssid_len), 1399 network.ssid_len),
1402 MAC_ARG(network.bssid), 1400 MAC_ARG(network.bssid),
1403 is_beacon(le16_to_cpu 1401 is_beacon(beacon->header.frame_ctl) ?
1404 (beacon->header.
1405 frame_ctl)) ?
1406 "BEACON" : "PROBE RESPONSE"); 1402 "BEACON" : "PROBE RESPONSE");
1407#endif 1403#endif
1408 memcpy(target, &network, sizeof(*target)); 1404 memcpy(target, &network, sizeof(*target));
@@ -1412,16 +1408,14 @@ static void ieee80211_process_probe_response(struct ieee80211_device
1412 escape_essid(target->ssid, 1408 escape_essid(target->ssid,
1413 target->ssid_len), 1409 target->ssid_len),
1414 MAC_ARG(target->bssid), 1410 MAC_ARG(target->bssid),
1415 is_beacon(le16_to_cpu 1411 is_beacon(beacon->header.frame_ctl) ?
1416 (beacon->header.
1417 frame_ctl)) ?
1418 "BEACON" : "PROBE RESPONSE"); 1412 "BEACON" : "PROBE RESPONSE");
1419 update_network(target, &network); 1413 update_network(target, &network);
1420 } 1414 }
1421 1415
1422 spin_unlock_irqrestore(&ieee->lock, flags); 1416 spin_unlock_irqrestore(&ieee->lock, flags);
1423 1417
1424 if (is_beacon(le16_to_cpu(beacon->header.frame_ctl))) { 1418 if (is_beacon(beacon->header.frame_ctl)) {
1425 if (ieee->handle_beacon != NULL) 1419 if (ieee->handle_beacon != NULL)
1426 ieee->handle_beacon(dev, beacon, &network); 1420 ieee->handle_beacon(dev, beacon, &network);
1427 } else { 1421 } else {
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 73bfcae8af9c..09590f356086 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -12,13 +12,6 @@
12#include <net/protocol.h> 12#include <net/protocol.h>
13#include <net/udp.h> 13#include <net/udp.h>
14 14
15/* decapsulation data for use when post-processing */
16struct esp_decap_data {
17 xfrm_address_t saddr;
18 __u16 sport;
19 __u8 proto;
20};
21
22static int esp_output(struct xfrm_state *x, struct sk_buff *skb) 15static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
23{ 16{
24 int err; 17 int err;
@@ -150,6 +143,10 @@ static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc
150 int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen; 143 int elen = skb->len - sizeof(struct ip_esp_hdr) - esp->conf.ivlen - alen;
151 int nfrags; 144 int nfrags;
152 int encap_len = 0; 145 int encap_len = 0;
146 u8 nexthdr[2];
147 struct scatterlist *sg;
148 u8 workbuf[60];
149 int padlen;
153 150
154 if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr))) 151 if (!pskb_may_pull(skb, sizeof(struct ip_esp_hdr)))
155 goto out; 152 goto out;
@@ -185,122 +182,82 @@ static int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc
185 if (esp->conf.ivlen) 182 if (esp->conf.ivlen)
186 crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm)); 183 crypto_cipher_set_iv(esp->conf.tfm, esph->enc_data, crypto_tfm_alg_ivsize(esp->conf.tfm));
187 184
188 { 185 sg = &esp->sgbuf[0];
189 u8 nexthdr[2];
190 struct scatterlist *sg = &esp->sgbuf[0];
191 u8 workbuf[60];
192 int padlen;
193
194 if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
195 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
196 if (!sg)
197 goto out;
198 }
199 skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen);
200 crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
201 if (unlikely(sg != &esp->sgbuf[0]))
202 kfree(sg);
203
204 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
205 BUG();
206 186
207 padlen = nexthdr[0]; 187 if (unlikely(nfrags > ESP_NUM_FAST_SG)) {
208 if (padlen+2 >= elen) 188 sg = kmalloc(sizeof(struct scatterlist)*nfrags, GFP_ATOMIC);
189 if (!sg)
209 goto out; 190 goto out;
210
211 /* ... check padding bits here. Silly. :-) */
212
213 if (x->encap && decap && decap->decap_type) {
214 struct esp_decap_data *encap_data;
215 struct udphdr *uh = (struct udphdr *) (iph+1);
216
217 encap_data = (struct esp_decap_data *) (decap->decap_data);
218 encap_data->proto = 0;
219
220 switch (decap->decap_type) {
221 case UDP_ENCAP_ESPINUDP:
222 case UDP_ENCAP_ESPINUDP_NON_IKE:
223 encap_data->proto = AF_INET;
224 encap_data->saddr.a4 = iph->saddr;
225 encap_data->sport = uh->source;
226 encap_len = (void*)esph - (void*)uh;
227 break;
228
229 default:
230 goto out;
231 }
232 }
233
234 iph->protocol = nexthdr[1];
235 pskb_trim(skb, skb->len - alen - padlen - 2);
236 memcpy(workbuf, skb->nh.raw, iph->ihl*4);
237 skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen);
238 skb->nh.raw += encap_len + sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
239 memcpy(skb->nh.raw, workbuf, iph->ihl*4);
240 skb->nh.iph->tot_len = htons(skb->len);
241 } 191 }
192 skb_to_sgvec(skb, sg, sizeof(struct ip_esp_hdr) + esp->conf.ivlen, elen);
193 crypto_cipher_decrypt(esp->conf.tfm, sg, sg, elen);
194 if (unlikely(sg != &esp->sgbuf[0]))
195 kfree(sg);
242 196
243 return 0; 197 if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2))
198 BUG();
244 199
245out: 200 padlen = nexthdr[0];
246 return -EINVAL; 201 if (padlen+2 >= elen)
247} 202 goto out;
248 203
249static int esp_post_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb) 204 /* ... check padding bits here. Silly. :-) */
250{
251
252 if (x->encap) {
253 struct xfrm_encap_tmpl *encap;
254 struct esp_decap_data *decap_data;
255 205
256 encap = x->encap; 206 if (x->encap) {
257 decap_data = (struct esp_decap_data *)(decap->decap_data); 207 struct xfrm_encap_tmpl *encap = x->encap;
208 struct udphdr *uh;
258 209
259 /* first, make sure that the decap type == the encap type */
260 if (encap->encap_type != decap->decap_type) 210 if (encap->encap_type != decap->decap_type)
261 return -EINVAL; 211 goto out;
262 212
263 switch (encap->encap_type) { 213 uh = (struct udphdr *)(iph + 1);
264 default: 214 encap_len = (void*)esph - (void*)uh;
265 case UDP_ENCAP_ESPINUDP: 215
266 case UDP_ENCAP_ESPINUDP_NON_IKE: 216 /*
267 /* 217 * 1) if the NAT-T peer's IP or port changed then
268 * 1) if the NAT-T peer's IP or port changed then 218 * advertize the change to the keying daemon.
269 * advertize the change to the keying daemon. 219 * This is an inbound SA, so just compare
270 * This is an inbound SA, so just compare 220 * SRC ports.
271 * SRC ports. 221 */
272 */ 222 if (iph->saddr != x->props.saddr.a4 ||
273 if (decap_data->proto == AF_INET && 223 uh->source != encap->encap_sport) {
274 (decap_data->saddr.a4 != x->props.saddr.a4 || 224 xfrm_address_t ipaddr;
275 decap_data->sport != encap->encap_sport)) { 225
276 xfrm_address_t ipaddr; 226 ipaddr.a4 = iph->saddr;
277 227 km_new_mapping(x, &ipaddr, uh->source);
278 ipaddr.a4 = decap_data->saddr.a4; 228
279 km_new_mapping(x, &ipaddr, decap_data->sport); 229 /* XXX: perhaps add an extra
280 230 * policy check here, to see
281 /* XXX: perhaps add an extra 231 * if we should allow or
282 * policy check here, to see 232 * reject a packet from a
283 * if we should allow or 233 * different source
284 * reject a packet from a 234 * address/port.
285 * different source
286 * address/port.
287 */
288 }
289
290 /*
291 * 2) ignore UDP/TCP checksums in case
292 * of NAT-T in Transport Mode, or
293 * perform other post-processing fixes
294 * as per * draft-ietf-ipsec-udp-encaps-06,
295 * section 3.1.2
296 */ 235 */
297 if (!x->props.mode)
298 skb->ip_summed = CHECKSUM_UNNECESSARY;
299
300 break;
301 } 236 }
237
238 /*
239 * 2) ignore UDP/TCP checksums in case
240 * of NAT-T in Transport Mode, or
241 * perform other post-processing fixes
242 * as per draft-ietf-ipsec-udp-encaps-06,
243 * section 3.1.2
244 */
245 if (!x->props.mode)
246 skb->ip_summed = CHECKSUM_UNNECESSARY;
302 } 247 }
248
249 iph->protocol = nexthdr[1];
250 pskb_trim(skb, skb->len - alen - padlen - 2);
251 memcpy(workbuf, skb->nh.raw, iph->ihl*4);
252 skb->h.raw = skb_pull(skb, sizeof(struct ip_esp_hdr) + esp->conf.ivlen);
253 skb->nh.raw += encap_len + sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
254 memcpy(skb->nh.raw, workbuf, iph->ihl*4);
255 skb->nh.iph->tot_len = htons(skb->len);
256
303 return 0; 257 return 0;
258
259out:
260 return -EINVAL;
304} 261}
305 262
306static u32 esp4_get_max_size(struct xfrm_state *x, int mtu) 263static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
@@ -458,7 +415,6 @@ static struct xfrm_type esp_type =
458 .destructor = esp_destroy, 415 .destructor = esp_destroy,
459 .get_max_size = esp4_get_max_size, 416 .get_max_size = esp4_get_max_size,
460 .input = esp_input, 417 .input = esp_input,
461 .post_input = esp_post_input,
462 .output = esp_output 418 .output = esp_output
463}; 419};
464 420
@@ -470,15 +426,6 @@ static struct net_protocol esp4_protocol = {
470 426
471static int __init esp4_init(void) 427static int __init esp4_init(void)
472{ 428{
473 struct xfrm_decap_state decap;
474
475 if (sizeof(struct esp_decap_data) >
476 sizeof(decap.decap_data)) {
477 extern void decap_data_too_small(void);
478
479 decap_data_too_small();
480 }
481
482 if (xfrm_register_type(&esp_type, AF_INET) < 0) { 429 if (xfrm_register_type(&esp_type, AF_INET) < 0) {
483 printk(KERN_INFO "ip esp init: can't add xfrm type\n"); 430 printk(KERN_INFO "ip esp init: can't add xfrm type\n");
484 return -EAGAIN; 431 return -EAGAIN;
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index abe23923e4e7..9981dcd68f11 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -830,7 +830,8 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
830 skb->h.raw = skb->nh.raw; 830 skb->h.raw = skb->nh.raw;
831 skb->nh.raw = skb_push(skb, gre_hlen); 831 skb->nh.raw = skb_push(skb, gre_hlen);
832 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 832 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
833 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE|IPSKB_XFRM_TRANSFORMED); 833 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
834 IPSKB_REROUTED);
834 dst_release(skb->dst); 835 dst_release(skb->dst);
835 skb->dst = &rt->u.dst; 836 skb->dst = &rt->u.dst;
836 837
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 3324fbfe528a..8ee4d016740d 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -207,8 +207,10 @@ static inline int ip_finish_output(struct sk_buff *skb)
207{ 207{
208#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) 208#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
209 /* Policy lookup after SNAT yielded a new policy */ 209 /* Policy lookup after SNAT yielded a new policy */
210 if (skb->dst->xfrm != NULL) 210 if (skb->dst->xfrm != NULL) {
211 return xfrm4_output_finish(skb); 211 IPCB(skb)->flags |= IPSKB_REROUTED;
212 return dst_output(skb);
213 }
212#endif 214#endif
213 if (skb->len > dst_mtu(skb->dst) && 215 if (skb->len > dst_mtu(skb->dst) &&
214 !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size)) 216 !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size))
@@ -271,8 +273,9 @@ int ip_mc_output(struct sk_buff *skb)
271 newskb->dev, ip_dev_loopback_xmit); 273 newskb->dev, ip_dev_loopback_xmit);
272 } 274 }
273 275
274 return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev, 276 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev,
275 ip_finish_output); 277 ip_finish_output,
278 !(IPCB(skb)->flags & IPSKB_REROUTED));
276} 279}
277 280
278int ip_output(struct sk_buff *skb) 281int ip_output(struct sk_buff *skb)
@@ -284,8 +287,9 @@ int ip_output(struct sk_buff *skb)
284 skb->dev = dev; 287 skb->dev = dev;
285 skb->protocol = htons(ETH_P_IP); 288 skb->protocol = htons(ETH_P_IP);
286 289
287 return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, 290 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
288 ip_finish_output); 291 ip_finish_output,
292 !(IPCB(skb)->flags & IPSKB_REROUTED));
289} 293}
290 294
291int ip_queue_xmit(struct sk_buff *skb, int ipfragok) 295int ip_queue_xmit(struct sk_buff *skb, int ipfragok)
@@ -843,10 +847,11 @@ int ip_append_data(struct sock *sk,
843 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 847 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
844 (rt->u.dst.dev->features & NETIF_F_UFO)) { 848 (rt->u.dst.dev->features & NETIF_F_UFO)) {
845 849
846 if(ip_ufo_append_data(sk, getfrag, from, length, hh_len, 850 err = ip_ufo_append_data(sk, getfrag, from, length, hh_len,
847 fragheaderlen, transhdrlen, mtu, flags)) 851 fragheaderlen, transhdrlen, mtu,
852 flags);
853 if (err)
848 goto error; 854 goto error;
849
850 return 0; 855 return 0;
851 } 856 }
852 857
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index e5cbe72c6b80..03d13742a4b8 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -622,7 +622,8 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
622 skb->h.raw = skb->nh.raw; 622 skb->h.raw = skb->nh.raw;
623 skb->nh.raw = skb_push(skb, sizeof(struct iphdr)); 623 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
624 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 624 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
625 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE|IPSKB_XFRM_TRANSFORMED); 625 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
626 IPSKB_REROUTED);
626 dst_release(skb->dst); 627 dst_release(skb->dst);
627 skb->dst = &rt->u.dst; 628 skb->dst = &rt->u.dst;
628 629
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 52a3d7c57907..ed42cdc57cd9 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -78,6 +78,47 @@ int ip_route_me_harder(struct sk_buff **pskb)
78} 78}
79EXPORT_SYMBOL(ip_route_me_harder); 79EXPORT_SYMBOL(ip_route_me_harder);
80 80
81#ifdef CONFIG_XFRM
82int ip_xfrm_me_harder(struct sk_buff **pskb)
83{
84 struct flowi fl;
85 unsigned int hh_len;
86 struct dst_entry *dst;
87
88 if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)
89 return 0;
90 if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0)
91 return -1;
92
93 dst = (*pskb)->dst;
94 if (dst->xfrm)
95 dst = ((struct xfrm_dst *)dst)->route;
96 dst_hold(dst);
97
98 if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0)
99 return -1;
100
101 dst_release((*pskb)->dst);
102 (*pskb)->dst = dst;
103
104 /* Change in oif may mean change in hh_len. */
105 hh_len = (*pskb)->dst->dev->hard_header_len;
106 if (skb_headroom(*pskb) < hh_len) {
107 struct sk_buff *nskb;
108
109 nskb = skb_realloc_headroom(*pskb, hh_len);
110 if (!nskb)
111 return -1;
112 if ((*pskb)->sk)
113 skb_set_owner_w(nskb, (*pskb)->sk);
114 kfree_skb(*pskb);
115 *pskb = nskb;
116 }
117 return 0;
118}
119EXPORT_SYMBOL(ip_xfrm_me_harder);
120#endif
121
81void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *); 122void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
82EXPORT_SYMBOL(ip_nat_decode_session); 123EXPORT_SYMBOL(ip_nat_decode_session);
83 124
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index dd1048be8a01..7d7ab94a7a2e 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -771,7 +771,7 @@ static int get_entries(const struct arpt_get_entries *entries,
771 struct arpt_table *t; 771 struct arpt_table *t;
772 772
773 t = xt_find_table_lock(NF_ARP, entries->name); 773 t = xt_find_table_lock(NF_ARP, entries->name);
774 if (t || !IS_ERR(t)) { 774 if (t && !IS_ERR(t)) {
775 struct xt_table_info *private = t->private; 775 struct xt_table_info *private = t->private;
776 duprintf("t->private->number = %u\n", 776 duprintf("t->private->number = %u\n",
777 private->number); 777 private->number);
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index c1a61462507f..1741d555ad0d 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -434,6 +434,7 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
434 } *inside; 434 } *inside;
435 struct ip_conntrack_tuple inner, target; 435 struct ip_conntrack_tuple inner, target;
436 int hdrlen = (*pskb)->nh.iph->ihl * 4; 436 int hdrlen = (*pskb)->nh.iph->ihl * 4;
437 unsigned long statusbit;
437 438
438 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) 439 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
439 return 0; 440 return 0;
@@ -495,17 +496,16 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
495 496
496 /* Change outer to look the reply to an incoming packet 497 /* Change outer to look the reply to an incoming packet
497 * (proto 0 means don't invert per-proto part). */ 498 * (proto 0 means don't invert per-proto part). */
499 if (manip == IP_NAT_MANIP_SRC)
500 statusbit = IPS_SRC_NAT;
501 else
502 statusbit = IPS_DST_NAT;
498 503
499 /* Obviously, we need to NAT destination IP, but source IP 504 /* Invert if this is reply dir. */
500 should be NAT'ed only if it is from a NAT'd host. 505 if (dir == IP_CT_DIR_REPLY)
506 statusbit ^= IPS_NAT_MASK;
501 507
502 Explanation: some people use NAT for anonymizing. Also, 508 if (ct->status & statusbit) {
503 CERT recommends dropping all packets from private IP
504 addresses (although ICMP errors from internal links with
505 such addresses are not too uncommon, as Alan Cox points
506 out) */
507 if (manip != IP_NAT_MANIP_SRC
508 || ((*pskb)->nh.iph->saddr == ct->tuplehash[dir].tuple.src.ip)) {
509 invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 509 invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
510 if (!manip_pkt(0, pskb, 0, &target, manip)) 510 if (!manip_pkt(0, pskb, 0, &target, manip))
511 return 0; 511 return 0;
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 92c54999a19d..ab1f88fa21ec 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -200,20 +200,14 @@ ip_nat_in(unsigned int hooknum,
200 const struct net_device *out, 200 const struct net_device *out,
201 int (*okfn)(struct sk_buff *)) 201 int (*okfn)(struct sk_buff *))
202{ 202{
203 struct ip_conntrack *ct;
204 enum ip_conntrack_info ctinfo;
205 unsigned int ret; 203 unsigned int ret;
204 u_int32_t daddr = (*pskb)->nh.iph->daddr;
206 205
207 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 206 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
208 if (ret != NF_DROP && ret != NF_STOLEN 207 if (ret != NF_DROP && ret != NF_STOLEN
209 && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) { 208 && daddr != (*pskb)->nh.iph->daddr) {
210 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 209 dst_release((*pskb)->dst);
211 210 (*pskb)->dst = NULL;
212 if (ct->tuplehash[dir].tuple.dst.ip !=
213 ct->tuplehash[!dir].tuple.src.ip) {
214 dst_release((*pskb)->dst);
215 (*pskb)->dst = NULL;
216 }
217 } 211 }
218 return ret; 212 return ret;
219} 213}
@@ -235,19 +229,19 @@ ip_nat_out(unsigned int hooknum,
235 return NF_ACCEPT; 229 return NF_ACCEPT;
236 230
237 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 231 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
232#ifdef CONFIG_XFRM
238 if (ret != NF_DROP && ret != NF_STOLEN 233 if (ret != NF_DROP && ret != NF_STOLEN
239 && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) { 234 && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
240 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 235 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
241 236
242 if (ct->tuplehash[dir].tuple.src.ip != 237 if (ct->tuplehash[dir].tuple.src.ip !=
243 ct->tuplehash[!dir].tuple.dst.ip 238 ct->tuplehash[!dir].tuple.dst.ip
244#ifdef CONFIG_XFRM
245 || ct->tuplehash[dir].tuple.src.u.all != 239 || ct->tuplehash[dir].tuple.src.u.all !=
246 ct->tuplehash[!dir].tuple.dst.u.all 240 ct->tuplehash[!dir].tuple.dst.u.all
247#endif
248 ) 241 )
249 return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; 242 return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP;
250 } 243 }
244#endif
251 return ret; 245 return ret;
252} 246}
253 247
@@ -276,7 +270,7 @@ ip_nat_local_fn(unsigned int hooknum,
276 ct->tuplehash[!dir].tuple.src.ip 270 ct->tuplehash[!dir].tuple.src.ip
277#ifdef CONFIG_XFRM 271#ifdef CONFIG_XFRM
278 || ct->tuplehash[dir].tuple.dst.u.all != 272 || ct->tuplehash[dir].tuple.dst.u.all !=
279 ct->tuplehash[dir].tuple.src.u.all 273 ct->tuplehash[!dir].tuple.src.u.all
280#endif 274#endif
281 ) 275 )
282 return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; 276 return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 36339eb39e17..08f80e2ea2aa 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -524,7 +524,7 @@ ipq_rcv_skb(struct sk_buff *skb)
524 write_unlock_bh(&queue_lock); 524 write_unlock_bh(&queue_lock);
525 525
526 status = ipq_receive_peer(NLMSG_DATA(nlh), type, 526 status = ipq_receive_peer(NLMSG_DATA(nlh), type,
527 skblen - NLMSG_LENGTH(0)); 527 nlmsglen - NLMSG_LENGTH(0));
528 if (status < 0) 528 if (status < 0)
529 RCV_SKB_FAIL(status); 529 RCV_SKB_FAIL(status);
530 530
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 6606ddb66a29..cc27545ff97f 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -425,7 +425,12 @@ ipt_log_target(struct sk_buff **pskb,
425 li.u.log.level = loginfo->level; 425 li.u.log.level = loginfo->level;
426 li.u.log.logflags = loginfo->logflags; 426 li.u.log.logflags = loginfo->logflags;
427 427
428 nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li, loginfo->prefix); 428 if (loginfo->logflags & IPT_LOG_NFLOG)
429 nf_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
430 loginfo->prefix);
431 else
432 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
433 loginfo->prefix);
429 434
430 return IPT_CONTINUE; 435 return IPT_CONTINUE;
431} 436}
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 167619f638c6..6c8624a54933 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -529,15 +529,10 @@ static int init_or_cleanup(int init)
529 goto cleanup_localinops; 529 goto cleanup_localinops;
530 } 530 }
531#endif 531#endif
532
533 /* For use by REJECT target */
534 ip_ct_attach = __nf_conntrack_attach;
535
536 return ret; 532 return ret;
537 533
538 cleanup: 534 cleanup:
539 synchronize_net(); 535 synchronize_net();
540 ip_ct_attach = NULL;
541#ifdef CONFIG_SYSCTL 536#ifdef CONFIG_SYSCTL
542 unregister_sysctl_table(nf_ct_ipv4_sysctl_header); 537 unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
543 cleanup_localinops: 538 cleanup_localinops:
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index d82c242ea704..fca5fe0cf94a 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -835,7 +835,7 @@ static int rt_garbage_collect(void)
835 int r; 835 int r;
836 836
837 rthp = rt_remove_balanced_route( 837 rthp = rt_remove_balanced_route(
838 &rt_hash_table[i].chain, 838 &rt_hash_table[k].chain,
839 rth, 839 rth,
840 &r); 840 &r);
841 goal -= r; 841 goal -= r;
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c
index 63cf7e540847..e0e9d1383c7c 100644
--- a/net/ipv4/tcp_highspeed.c
+++ b/net/ipv4/tcp_highspeed.c
@@ -125,7 +125,7 @@ static void hstcp_cong_avoid(struct sock *sk, u32 adk, u32 rtt,
125 /* Update AIMD parameters */ 125 /* Update AIMD parameters */
126 if (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd) { 126 if (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd) {
127 while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd && 127 while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd &&
128 ca->ai < HSTCP_AIMD_MAX) 128 ca->ai < HSTCP_AIMD_MAX - 1)
129 ca->ai++; 129 ca->ai++;
130 } else if (tp->snd_cwnd < hstcp_aimd_vals[ca->ai].cwnd) { 130 } else if (tp->snd_cwnd < hstcp_aimd_vals[ca->ai].cwnd) {
131 while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd && 131 while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd &&
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index a7623ead39a8..9f498a6c8895 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1036,6 +1036,10 @@ static int tcp_tso_should_defer(struct sock *sk, struct tcp_sock *tp, struct sk_
1036 1036
1037 limit = min(send_win, cong_win); 1037 limit = min(send_win, cong_win);
1038 1038
1039 /* If a full-sized TSO skb can be sent, do it. */
1040 if (limit >= 65536)
1041 return 0;
1042
1039 if (sysctl_tcp_tso_win_divisor) { 1043 if (sysctl_tcp_tso_win_divisor) {
1040 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache); 1044 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
1041 1045
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index d4df0ddd424b..32ad229b4fed 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -152,10 +152,16 @@ error_nolock:
152 goto out_exit; 152 goto out_exit;
153} 153}
154 154
155int xfrm4_output_finish(struct sk_buff *skb) 155static int xfrm4_output_finish(struct sk_buff *skb)
156{ 156{
157 int err; 157 int err;
158 158
159#ifdef CONFIG_NETFILTER
160 if (!skb->dst->xfrm) {
161 IPCB(skb)->flags |= IPSKB_REROUTED;
162 return dst_output(skb);
163 }
164#endif
159 while (likely((err = xfrm4_output_one(skb)) == 0)) { 165 while (likely((err = xfrm4_output_one(skb)) == 0)) {
160 nf_reset(skb); 166 nf_reset(skb);
161 167
@@ -178,6 +184,7 @@ int xfrm4_output_finish(struct sk_buff *skb)
178 184
179int xfrm4_output(struct sk_buff *skb) 185int xfrm4_output(struct sk_buff *skb)
180{ 186{
181 return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev, 187 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev,
182 xfrm4_output_finish); 188 xfrm4_output_finish,
189 !(IPCB(skb)->flags & IPSKB_REROUTED));
183} 190}
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 45f7ae58f2c0..f285bbf296e2 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -35,6 +35,7 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
35 if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/ 35 if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/
36 xdst->u.rt.fl.fl4_dst == fl->fl4_dst && 36 xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
37 xdst->u.rt.fl.fl4_src == fl->fl4_src && 37 xdst->u.rt.fl.fl4_src == fl->fl4_src &&
38 xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
38 xfrm_bundle_ok(xdst, fl, AF_INET)) { 39 xfrm_bundle_ok(xdst, fl, AF_INET)) {
39 dst_clone(dst); 40 dst_clone(dst);
40 break; 41 break;
@@ -61,7 +62,8 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
61 .nl_u = { 62 .nl_u = {
62 .ip4_u = { 63 .ip4_u = {
63 .saddr = local, 64 .saddr = local,
64 .daddr = remote 65 .daddr = remote,
66 .tos = fl->fl4_tos
65 } 67 }
66 } 68 }
67 }; 69 };
@@ -230,6 +232,7 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl)
230 fl->proto = iph->protocol; 232 fl->proto = iph->protocol;
231 fl->fl4_dst = iph->daddr; 233 fl->fl4_dst = iph->daddr;
232 fl->fl4_src = iph->saddr; 234 fl->fl4_src = iph->saddr;
235 fl->fl4_tos = iph->tos;
233} 236}
234 237
235static inline int xfrm4_garbage_collect(void) 238static inline int xfrm4_garbage_collect(void)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index b7d8822c1be4..19727d941962 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -822,7 +822,7 @@ struct ipv6_saddr_score {
822 int addr_type; 822 int addr_type;
823 unsigned int attrs; 823 unsigned int attrs;
824 int matchlen; 824 int matchlen;
825 unsigned int scope; 825 int scope;
826 unsigned int rule; 826 unsigned int rule;
827}; 827};
828 828
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index c7932cb420a5..84963749ab77 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -279,7 +279,7 @@ static int ah6_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struc
279 goto out; 279 goto out;
280 memcpy(tmp_hdr, skb->nh.raw, hdr_len); 280 memcpy(tmp_hdr, skb->nh.raw, hdr_len);
281 if (ipv6_clear_mutable_options(skb->nh.ipv6h, hdr_len)) 281 if (ipv6_clear_mutable_options(skb->nh.ipv6h, hdr_len))
282 goto out; 282 goto free_out;
283 skb->nh.ipv6h->priority = 0; 283 skb->nh.ipv6h->priority = 0;
284 skb->nh.ipv6h->flow_lbl[0] = 0; 284 skb->nh.ipv6h->flow_lbl[0] = 0;
285 skb->nh.ipv6h->flow_lbl[1] = 0; 285 skb->nh.ipv6h->flow_lbl[1] = 0;
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index fcf883183cef..21eb725e885f 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -42,6 +42,7 @@
42#include <linux/net.h> 42#include <linux/net.h>
43#include <linux/skbuff.h> 43#include <linux/skbuff.h>
44#include <linux/init.h> 44#include <linux/init.h>
45#include <linux/netfilter.h>
45 46
46#ifdef CONFIG_SYSCTL 47#ifdef CONFIG_SYSCTL
47#include <linux/sysctl.h> 48#include <linux/sysctl.h>
@@ -255,6 +256,7 @@ out:
255struct icmpv6_msg { 256struct icmpv6_msg {
256 struct sk_buff *skb; 257 struct sk_buff *skb;
257 int offset; 258 int offset;
259 uint8_t type;
258}; 260};
259 261
260static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 262static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
@@ -266,6 +268,8 @@ static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, st
266 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 268 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
267 to, len, csum); 269 to, len, csum);
268 skb->csum = csum_block_add(skb->csum, csum, odd); 270 skb->csum = csum_block_add(skb->csum, csum, odd);
271 if (!(msg->type & ICMPV6_INFOMSG_MASK))
272 nf_ct_attach(skb, org_skb);
269 return 0; 273 return 0;
270} 274}
271 275
@@ -403,6 +407,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
403 407
404 msg.skb = skb; 408 msg.skb = skb;
405 msg.offset = skb->nh.raw - skb->data; 409 msg.offset = skb->nh.raw - skb->data;
410 msg.type = type;
406 411
407 len = skb->len - msg.offset; 412 len = skb->len - msg.offset;
408 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 413 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
@@ -500,6 +505,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
500 505
501 msg.skb = skb; 506 msg.skb = skb;
502 msg.offset = 0; 507 msg.offset = 0;
508 msg.type = ICMPV6_ECHO_REPLY;
503 509
504 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 510 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
505 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl, 511 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl,
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index 4154f3a8b6cf..bb8ffb8a14c5 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -87,7 +87,7 @@ static int __inet6_check_established(struct inet_timewait_death_row *death_row,
87 struct inet_timewait_sock **twp) 87 struct inet_timewait_sock **twp)
88{ 88{
89 struct inet_hashinfo *hinfo = death_row->hashinfo; 89 struct inet_hashinfo *hinfo = death_row->hashinfo;
90 const struct inet_sock *inet = inet_sk(sk); 90 struct inet_sock *inet = inet_sk(sk);
91 const struct ipv6_pinfo *np = inet6_sk(sk); 91 const struct ipv6_pinfo *np = inet6_sk(sk);
92 const struct in6_addr *daddr = &np->rcv_saddr; 92 const struct in6_addr *daddr = &np->rcv_saddr;
93 const struct in6_addr *saddr = &np->daddr; 93 const struct in6_addr *saddr = &np->daddr;
@@ -129,6 +129,10 @@ static int __inet6_check_established(struct inet_timewait_death_row *death_row,
129 } 129 }
130 130
131unique: 131unique:
132 /* Must record num and sport now. Otherwise we will see
133 * in hash table socket with a funny identity. */
134 inet->num = lport;
135 inet->sport = htons(lport);
132 BUG_TRAP(sk_unhashed(sk)); 136 BUG_TRAP(sk_unhashed(sk));
133 __sk_add_node(sk, &head->chain); 137 __sk_add_node(sk, &head->chain);
134 sk->sk_hash = hash; 138 sk->sk_hash = hash;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index efa3e72cfcfa..5bf70b1442ea 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -494,6 +494,7 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
494 struct net_device *dev; 494 struct net_device *dev;
495 struct sk_buff *frag; 495 struct sk_buff *frag;
496 struct rt6_info *rt = (struct rt6_info*)skb->dst; 496 struct rt6_info *rt = (struct rt6_info*)skb->dst;
497 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
497 struct ipv6hdr *tmp_hdr; 498 struct ipv6hdr *tmp_hdr;
498 struct frag_hdr *fh; 499 struct frag_hdr *fh;
499 unsigned int mtu, hlen, left, len; 500 unsigned int mtu, hlen, left, len;
@@ -505,7 +506,12 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
505 hlen = ip6_find_1stfragopt(skb, &prevhdr); 506 hlen = ip6_find_1stfragopt(skb, &prevhdr);
506 nexthdr = *prevhdr; 507 nexthdr = *prevhdr;
507 508
508 mtu = dst_mtu(&rt->u.dst) - hlen - sizeof(struct frag_hdr); 509 mtu = dst_mtu(&rt->u.dst);
510 if (np && np->frag_size < mtu) {
511 if (np->frag_size)
512 mtu = np->frag_size;
513 }
514 mtu -= hlen + sizeof(struct frag_hdr);
509 515
510 if (skb_shinfo(skb)->frag_list) { 516 if (skb_shinfo(skb)->frag_list) {
511 int first_len = skb_pagelen(skb); 517 int first_len = skb_pagelen(skb);
@@ -882,7 +888,12 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
882 inet->cork.fl = *fl; 888 inet->cork.fl = *fl;
883 np->cork.hop_limit = hlimit; 889 np->cork.hop_limit = hlimit;
884 np->cork.tclass = tclass; 890 np->cork.tclass = tclass;
885 inet->cork.fragsize = mtu = dst_mtu(rt->u.dst.path); 891 mtu = dst_mtu(rt->u.dst.path);
892 if (np && np->frag_size < mtu) {
893 if (np->frag_size)
894 mtu = np->frag_size;
895 }
896 inet->cork.fragsize = mtu;
886 if (dst_allfrag(rt->u.dst.path)) 897 if (dst_allfrag(rt->u.dst.path))
887 inet->cork.flags |= IPCORK_ALLFRAG; 898 inet->cork.flags |= IPCORK_ALLFRAG;
888 inet->cork.length = 0; 899 inet->cork.length = 0;
@@ -933,10 +944,11 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
933 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 944 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
934 (rt->u.dst.dev->features & NETIF_F_UFO)) { 945 (rt->u.dst.dev->features & NETIF_F_UFO)) {
935 946
936 if(ip6_ufo_append_data(sk, getfrag, from, length, hh_len, 947 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len,
937 fragheaderlen, transhdrlen, mtu, flags)) 948 fragheaderlen, transhdrlen, mtu,
949 flags);
950 if (err)
938 goto error; 951 goto error;
939
940 return 0; 952 return 0;
941 } 953 }
942 954
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 92ead3cf956b..48597538db3f 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -458,7 +458,7 @@ ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
458 mtu = IPV6_MIN_MTU; 458 mtu = IPV6_MIN_MTU;
459 t->dev->mtu = mtu; 459 t->dev->mtu = mtu;
460 460
461 if ((len = sizeof (*ipv6h) + ipv6h->payload_len) > mtu) { 461 if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) {
462 rel_type = ICMPV6_PKT_TOOBIG; 462 rel_type = ICMPV6_PKT_TOOBIG;
463 rel_code = 0; 463 rel_code = 0;
464 rel_info = mtu; 464 rel_info = mtu;
@@ -884,6 +884,7 @@ ip6ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p)
884 t->parms.encap_limit = p->encap_limit; 884 t->parms.encap_limit = p->encap_limit;
885 t->parms.flowinfo = p->flowinfo; 885 t->parms.flowinfo = p->flowinfo;
886 t->parms.link = p->link; 886 t->parms.link = p->link;
887 ip6_tnl_dst_reset(t);
887 ip6ip6_tnl_link_config(t); 888 ip6ip6_tnl_link_config(t);
888 return 0; 889 return 0;
889} 890}
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 5027bbe6415e..af0635084df8 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -522,7 +522,7 @@ ipq_rcv_skb(struct sk_buff *skb)
522 write_unlock_bh(&queue_lock); 522 write_unlock_bh(&queue_lock);
523 523
524 status = ipq_receive_peer(NLMSG_DATA(nlh), type, 524 status = ipq_receive_peer(NLMSG_DATA(nlh), type,
525 skblen - NLMSG_LENGTH(0)); 525 nlmsglen - NLMSG_LENGTH(0));
526 if (status < 0) 526 if (status < 0)
527 RCV_SKB_FAIL(status); 527 RCV_SKB_FAIL(status);
528 528
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 77c725832dec..6b930efa9fb9 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -436,7 +436,12 @@ ip6t_log_target(struct sk_buff **pskb,
436 li.u.log.level = loginfo->level; 436 li.u.log.level = loginfo->level;
437 li.u.log.logflags = loginfo->logflags; 437 li.u.log.logflags = loginfo->logflags;
438 438
439 nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, loginfo->prefix); 439 if (loginfo->logflags & IP6T_LOG_NFLOG)
440 nf_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
441 loginfo->prefix);
442 else
443 ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
444 loginfo->prefix);
440 445
441 return IP6T_CONTINUE; 446 return IP6T_CONTINUE;
442} 447}
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index c745717b4ce2..0e6d1d4bbd5c 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb)
160 csum_partial((char *)tcph, 160 csum_partial((char *)tcph,
161 sizeof(struct tcphdr), 0)); 161 sizeof(struct tcphdr), 0));
162 162
163 nf_ct_attach(nskb, oldskb);
164
163 NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev, 165 NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
164 dst_output); 166 dst_output);
165} 167}
diff --git a/net/key/af_key.c b/net/key/af_key.c
index ae86d237a456..b2d4d1dd2116 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1423,7 +1423,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1423 1423
1424 if (err < 0) { 1424 if (err < 0) {
1425 x->km.state = XFRM_STATE_DEAD; 1425 x->km.state = XFRM_STATE_DEAD;
1426 xfrm_state_put(x); 1426 __xfrm_state_put(x);
1427 goto out; 1427 goto out;
1428 } 1428 }
1429 1429
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 0e550127fa7e..a8e5544da93e 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -126,7 +126,7 @@ config NETFILTER_XT_TARGET_CONNMARK
126 tristate '"CONNMARK" target support' 126 tristate '"CONNMARK" target support'
127 depends on NETFILTER_XTABLES 127 depends on NETFILTER_XTABLES
128 depends on IP_NF_MANGLE || IP6_NF_MANGLE 128 depends on IP_NF_MANGLE || IP6_NF_MANGLE
129 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) 129 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK)
130 help 130 help
131 This option adds a `CONNMARK' target, which allows one to manipulate 131 This option adds a `CONNMARK' target, which allows one to manipulate
132 the connection mark value. Similar to the MARK target, but 132 the connection mark value. Similar to the MARK target, but
@@ -187,7 +187,7 @@ config NETFILTER_XT_MATCH_COMMENT
187config NETFILTER_XT_MATCH_CONNBYTES 187config NETFILTER_XT_MATCH_CONNBYTES
188 tristate '"connbytes" per-connection counter match support' 188 tristate '"connbytes" per-connection counter match support'
189 depends on NETFILTER_XTABLES 189 depends on NETFILTER_XTABLES
190 depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || NF_CT_ACCT 190 depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK)
191 help 191 help
192 This option adds a `connbytes' match, which allows you to match the 192 This option adds a `connbytes' match, which allows you to match the
193 number of bytes and/or packets for each direction within a connection. 193 number of bytes and/or packets for each direction within a connection.
@@ -198,7 +198,7 @@ config NETFILTER_XT_MATCH_CONNBYTES
198config NETFILTER_XT_MATCH_CONNMARK 198config NETFILTER_XT_MATCH_CONNMARK
199 tristate '"connmark" connection mark match support' 199 tristate '"connmark" connection mark match support'
200 depends on NETFILTER_XTABLES 200 depends on NETFILTER_XTABLES
201 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || NF_CONNTRACK_MARK 201 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK)
202 help 202 help
203 This option adds a `connmark' match, which allows you to match the 203 This option adds a `connmark' match, which allows you to match the
204 connection mark value previously set for the session by `CONNMARK'. 204 connection mark value previously set for the session by `CONNMARK'.
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0ce337a1d974..d622ddf08bb0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1556,6 +1556,8 @@ void nf_conntrack_cleanup(void)
1556{ 1556{
1557 int i; 1557 int i;
1558 1558
1559 ip_ct_attach = NULL;
1560
1559 /* This makes sure all current packets have passed through 1561 /* This makes sure all current packets have passed through
1560 netfilter framework. Roll on, two-stage module 1562 netfilter framework. Roll on, two-stage module
1561 delete... */ 1563 delete... */
@@ -1715,6 +1717,9 @@ int __init nf_conntrack_init(void)
1715 nf_ct_l3protos[i] = &nf_conntrack_generic_l3proto; 1717 nf_ct_l3protos[i] = &nf_conntrack_generic_l3proto;
1716 write_unlock_bh(&nf_conntrack_lock); 1718 write_unlock_bh(&nf_conntrack_lock);
1717 1719
1720 /* For use by REJECT target */
1721 ip_ct_attach = __nf_conntrack_attach;
1722
1718 /* Set up fake conntrack: 1723 /* Set up fake conntrack:
1719 - to never be deleted, not in any hashes */ 1724 - to never be deleted, not in any hashes */
1720 atomic_set(&nf_conntrack_untracked.ct_general.use, 1); 1725 atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index df99138c3b3b..6492ed66fb3c 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -864,7 +864,9 @@ static int csum6(const struct sk_buff *skb, unsigned int dataoff)
864{ 864{
865 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr, 865 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
866 skb->len - dataoff, IPPROTO_TCP, 866 skb->len - dataoff, IPPROTO_TCP,
867 skb->ip_summed == CHECKSUM_HW ? skb->csum 867 skb->ip_summed == CHECKSUM_HW
868 ? csum_sub(skb->csum,
869 skb_checksum(skb, 0, dataoff, 0))
868 : skb_checksum(skb, dataoff, skb->len - dataoff, 870 : skb_checksum(skb, dataoff, skb->len - dataoff,
869 0)); 871 0));
870} 872}
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 4264dd079a16..831d206344e0 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -161,7 +161,9 @@ static int csum6(const struct sk_buff *skb, unsigned int dataoff)
161{ 161{
162 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr, 162 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
163 skb->len - dataoff, IPPROTO_UDP, 163 skb->len - dataoff, IPPROTO_UDP,
164 skb->ip_summed == CHECKSUM_HW ? skb->csum 164 skb->ip_summed == CHECKSUM_HW
165 ? csum_sub(skb->csum,
166 skb_checksum(skb, 0, dataoff, 0))
165 : skb_checksum(skb, dataoff, skb->len - dataoff, 167 : skb_checksum(skb, dataoff, skb->len - dataoff,
166 0)); 168 0));
167} 169}
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index d3a4f30a7f22..d9f0d7ef103b 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -6,6 +6,7 @@
6#include <linux/skbuff.h> 6#include <linux/skbuff.h>
7#include <linux/netfilter.h> 7#include <linux/netfilter.h>
8#include <linux/seq_file.h> 8#include <linux/seq_file.h>
9#include <linux/rcupdate.h>
9#include <net/protocol.h> 10#include <net/protocol.h>
10 11
11#include "nf_internals.h" 12#include "nf_internals.h"
@@ -16,7 +17,7 @@
16 * for queueing and must reinject all packets it receives, no matter what. 17 * for queueing and must reinject all packets it receives, no matter what.
17 */ 18 */
18static struct nf_queue_handler *queue_handler[NPROTO]; 19static struct nf_queue_handler *queue_handler[NPROTO];
19static struct nf_queue_rerouter *queue_rerouter; 20static struct nf_queue_rerouter *queue_rerouter[NPROTO];
20 21
21static DEFINE_RWLOCK(queue_handler_lock); 22static DEFINE_RWLOCK(queue_handler_lock);
22 23
@@ -64,7 +65,7 @@ int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer)
64 return -EINVAL; 65 return -EINVAL;
65 66
66 write_lock_bh(&queue_handler_lock); 67 write_lock_bh(&queue_handler_lock);
67 memcpy(&queue_rerouter[pf], rer, sizeof(queue_rerouter[pf])); 68 rcu_assign_pointer(queue_rerouter[pf], rer);
68 write_unlock_bh(&queue_handler_lock); 69 write_unlock_bh(&queue_handler_lock);
69 70
70 return 0; 71 return 0;
@@ -77,8 +78,9 @@ int nf_unregister_queue_rerouter(int pf)
77 return -EINVAL; 78 return -EINVAL;
78 79
79 write_lock_bh(&queue_handler_lock); 80 write_lock_bh(&queue_handler_lock);
80 memset(&queue_rerouter[pf], 0, sizeof(queue_rerouter[pf])); 81 rcu_assign_pointer(queue_rerouter[pf], NULL);
81 write_unlock_bh(&queue_handler_lock); 82 write_unlock_bh(&queue_handler_lock);
83 synchronize_rcu();
82 return 0; 84 return 0;
83} 85}
84EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter); 86EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter);
@@ -114,16 +116,17 @@ int nf_queue(struct sk_buff **skb,
114 struct net_device *physindev = NULL; 116 struct net_device *physindev = NULL;
115 struct net_device *physoutdev = NULL; 117 struct net_device *physoutdev = NULL;
116#endif 118#endif
119 struct nf_queue_rerouter *rerouter;
117 120
118 /* QUEUE == DROP if noone is waiting, to be safe. */ 121 /* QUEUE == DROP if noone is waiting, to be safe. */
119 read_lock(&queue_handler_lock); 122 read_lock(&queue_handler_lock);
120 if (!queue_handler[pf] || !queue_handler[pf]->outfn) { 123 if (!queue_handler[pf]) {
121 read_unlock(&queue_handler_lock); 124 read_unlock(&queue_handler_lock);
122 kfree_skb(*skb); 125 kfree_skb(*skb);
123 return 1; 126 return 1;
124 } 127 }
125 128
126 info = kmalloc(sizeof(*info)+queue_rerouter[pf].rer_size, GFP_ATOMIC); 129 info = kmalloc(sizeof(*info)+queue_rerouter[pf]->rer_size, GFP_ATOMIC);
127 if (!info) { 130 if (!info) {
128 if (net_ratelimit()) 131 if (net_ratelimit())
129 printk(KERN_ERR "OOM queueing packet %p\n", 132 printk(KERN_ERR "OOM queueing packet %p\n",
@@ -155,15 +158,13 @@ int nf_queue(struct sk_buff **skb,
155 if (physoutdev) dev_hold(physoutdev); 158 if (physoutdev) dev_hold(physoutdev);
156 } 159 }
157#endif 160#endif
158 if (queue_rerouter[pf].save) 161 rerouter = rcu_dereference(queue_rerouter[pf]);
159 queue_rerouter[pf].save(*skb, info); 162 if (rerouter)
163 rerouter->save(*skb, info);
160 164
161 status = queue_handler[pf]->outfn(*skb, info, queuenum, 165 status = queue_handler[pf]->outfn(*skb, info, queuenum,
162 queue_handler[pf]->data); 166 queue_handler[pf]->data);
163 167
164 if (status >= 0 && queue_rerouter[pf].reroute)
165 status = queue_rerouter[pf].reroute(skb, info);
166
167 read_unlock(&queue_handler_lock); 168 read_unlock(&queue_handler_lock);
168 169
169 if (status < 0) { 170 if (status < 0) {
@@ -189,6 +190,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
189{ 190{
190 struct list_head *elem = &info->elem->list; 191 struct list_head *elem = &info->elem->list;
191 struct list_head *i; 192 struct list_head *i;
193 struct nf_queue_rerouter *rerouter;
192 194
193 rcu_read_lock(); 195 rcu_read_lock();
194 196
@@ -212,7 +214,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
212 break; 214 break;
213 } 215 }
214 216
215 if (elem == &nf_hooks[info->pf][info->hook]) { 217 if (i == &nf_hooks[info->pf][info->hook]) {
216 /* The module which sent it to userspace is gone. */ 218 /* The module which sent it to userspace is gone. */
217 NFDEBUG("%s: module disappeared, dropping packet.\n", 219 NFDEBUG("%s: module disappeared, dropping packet.\n",
218 __FUNCTION__); 220 __FUNCTION__);
@@ -226,6 +228,12 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
226 } 228 }
227 229
228 if (verdict == NF_ACCEPT) { 230 if (verdict == NF_ACCEPT) {
231 rerouter = rcu_dereference(queue_rerouter[info->pf]);
232 if (rerouter && rerouter->reroute(&skb, info) < 0)
233 verdict = NF_DROP;
234 }
235
236 if (verdict == NF_ACCEPT) {
229 next_hook: 237 next_hook:
230 verdict = nf_iterate(&nf_hooks[info->pf][info->hook], 238 verdict = nf_iterate(&nf_hooks[info->pf][info->hook],
231 &skb, info->hook, 239 &skb, info->hook,
@@ -322,22 +330,12 @@ int __init netfilter_queue_init(void)
322{ 330{
323#ifdef CONFIG_PROC_FS 331#ifdef CONFIG_PROC_FS
324 struct proc_dir_entry *pde; 332 struct proc_dir_entry *pde;
325#endif
326 queue_rerouter = kmalloc(NPROTO * sizeof(struct nf_queue_rerouter),
327 GFP_KERNEL);
328 if (!queue_rerouter)
329 return -ENOMEM;
330 333
331#ifdef CONFIG_PROC_FS
332 pde = create_proc_entry("nf_queue", S_IRUGO, proc_net_netfilter); 334 pde = create_proc_entry("nf_queue", S_IRUGO, proc_net_netfilter);
333 if (!pde) { 335 if (!pde)
334 kfree(queue_rerouter);
335 return -1; 336 return -1;
336 }
337 pde->proc_fops = &nfqueue_file_ops; 337 pde->proc_fops = &nfqueue_file_ops;
338#endif 338#endif
339 memset(queue_rerouter, 0, NPROTO * sizeof(struct nf_queue_rerouter));
340
341 return 0; 339 return 0;
342} 340}
343 341
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index cac38b2e147a..2cf5fb8322c4 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -928,8 +928,12 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
928 928
929 if (nfqa[NFQA_CFG_PARAMS-1]) { 929 if (nfqa[NFQA_CFG_PARAMS-1]) {
930 struct nfqnl_msg_config_params *params; 930 struct nfqnl_msg_config_params *params;
931 params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]);
932 931
932 if (!queue) {
933 ret = -ENOENT;
934 goto out_put;
935 }
936 params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]);
933 nfqnl_set_mode(queue, params->copy_mode, 937 nfqnl_set_mode(queue, params->copy_mode,
934 ntohl(params->copy_range)); 938 ntohl(params->copy_range));
935 } 939 }
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 6b9772d95872..59dc7d140600 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1194,6 +1194,9 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
1194 msg->msg_namelen = sizeof(*addr); 1194 msg->msg_namelen = sizeof(*addr);
1195 } 1195 }
1196 1196
1197 if (nlk->flags & NETLINK_RECV_PKTINFO)
1198 netlink_cmsg_recv_pktinfo(msg, skb);
1199
1197 if (NULL == siocb->scm) { 1200 if (NULL == siocb->scm) {
1198 memset(&scm, 0, sizeof(scm)); 1201 memset(&scm, 0, sizeof(scm));
1199 siocb->scm = &scm; 1202 siocb->scm = &scm;
@@ -1205,8 +1208,6 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
1205 netlink_dump(sk); 1208 netlink_dump(sk);
1206 1209
1207 scm_recv(sock, msg, siocb->scm, flags); 1210 scm_recv(sock, msg, siocb->scm, flags);
1208 if (nlk->flags & NETLINK_RECV_PKTINFO)
1209 netlink_cmsg_recv_pktinfo(msg, skb);
1210 1211
1211out: 1212out:
1212 netlink_rcv_wake(sk); 1213 netlink_rcv_wake(sk);
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 792ce59940ec..2ffa11c6e8de 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -707,7 +707,7 @@ static int tcf_add_notify(struct tc_action *a, u32 pid, u32 seq, int event,
707 707
708rtattr_failure: 708rtattr_failure:
709nlmsg_failure: 709nlmsg_failure:
710 skb_trim(skb, b - skb->data); 710 kfree_skb(skb);
711 return -1; 711 return -1;
712} 712}
713 713
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 1b5989b1b670..c323cc6a28b0 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -547,7 +547,7 @@ static struct sock * unix_create1(struct socket *sock)
547 struct sock *sk = NULL; 547 struct sock *sk = NULL;
548 struct unix_sock *u; 548 struct unix_sock *u;
549 549
550 if (atomic_read(&unix_nr_socks) >= 2*files_stat.max_files) 550 if (atomic_read(&unix_nr_socks) >= 2*get_max_files())
551 goto out; 551 goto out;
552 552
553 sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1); 553 sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 98ec53bd3ac7..ae62054a9fc4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -782,7 +782,7 @@ int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
782 int nx = 0; 782 int nx = 0;
783 int err; 783 int err;
784 u32 genid; 784 u32 genid;
785 u16 family = dst_orig->ops->family; 785 u16 family;
786 u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT); 786 u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
787 u32 sk_sid = security_sk_sid(sk, fl, dir); 787 u32 sk_sid = security_sk_sid(sk, fl, dir);
788restart: 788restart:
@@ -796,13 +796,14 @@ restart:
796 if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT]) 796 if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
797 return 0; 797 return 0;
798 798
799 policy = flow_cache_lookup(fl, sk_sid, family, dir, 799 policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family,
800 xfrm_policy_lookup); 800 dir, xfrm_policy_lookup);
801 } 801 }
802 802
803 if (!policy) 803 if (!policy)
804 return 0; 804 return 0;
805 805
806 family = dst_orig->ops->family;
806 policy->curlft.use_time = (unsigned long)xtime.tv_sec; 807 policy->curlft.use_time = (unsigned long)xtime.tv_sec;
807 808
808 switch (policy->action) { 809 switch (policy->action) {
@@ -885,8 +886,6 @@ restart:
885 * We can't enlist stable bundles either. 886 * We can't enlist stable bundles either.
886 */ 887 */
887 write_unlock_bh(&policy->lock); 888 write_unlock_bh(&policy->lock);
888
889 xfrm_pol_put(policy);
890 if (dst) 889 if (dst)
891 dst_free(dst); 890 dst_free(dst);
892 891
@@ -997,13 +996,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
997 struct sec_decap_state *xvec = &(skb->sp->x[i]); 996 struct sec_decap_state *xvec = &(skb->sp->x[i]);
998 if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family)) 997 if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family))
999 return 0; 998 return 0;
1000
1001 /* If there is a post_input processor, try running it */
1002 if (xvec->xvec->type->post_input &&
1003 (xvec->xvec->type->post_input)(xvec->xvec,
1004 &(xvec->decap),
1005 skb) != 0)
1006 return 0;
1007 } 999 }
1008 } 1000 }
1009 1001
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index e12d0be5f976..c656cbaf35e8 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -220,14 +220,14 @@ static int __xfrm_state_delete(struct xfrm_state *x)
220 x->km.state = XFRM_STATE_DEAD; 220 x->km.state = XFRM_STATE_DEAD;
221 spin_lock(&xfrm_state_lock); 221 spin_lock(&xfrm_state_lock);
222 list_del(&x->bydst); 222 list_del(&x->bydst);
223 atomic_dec(&x->refcnt); 223 __xfrm_state_put(x);
224 if (x->id.spi) { 224 if (x->id.spi) {
225 list_del(&x->byspi); 225 list_del(&x->byspi);
226 atomic_dec(&x->refcnt); 226 __xfrm_state_put(x);
227 } 227 }
228 spin_unlock(&xfrm_state_lock); 228 spin_unlock(&xfrm_state_lock);
229 if (del_timer(&x->timer)) 229 if (del_timer(&x->timer))
230 atomic_dec(&x->refcnt); 230 __xfrm_state_put(x);
231 231
232 /* The number two in this test is the reference 232 /* The number two in this test is the reference
233 * mentioned in the comment below plus the reference 233 * mentioned in the comment below plus the reference
@@ -243,7 +243,7 @@ static int __xfrm_state_delete(struct xfrm_state *x)
243 * The xfrm_state_alloc call gives a reference, and that 243 * The xfrm_state_alloc call gives a reference, and that
244 * is what we are dropping here. 244 * is what we are dropping here.
245 */ 245 */
246 atomic_dec(&x->refcnt); 246 __xfrm_state_put(x);
247 err = 0; 247 err = 0;
248 } 248 }
249 249
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index ac87a09ba83e..7de17559249a 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -345,7 +345,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
345 345
346 if (err < 0) { 346 if (err < 0) {
347 x->km.state = XFRM_STATE_DEAD; 347 x->km.state = XFRM_STATE_DEAD;
348 xfrm_state_put(x); 348 __xfrm_state_put(x);
349 goto out; 349 goto out;
350 } 350 }
351 351
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-11 10:59:14 -0500