aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/802/p8022.c2
-rw-r--r--net/802/psnap.c2
-rw-r--r--net/802/tr.c2
-rw-r--r--net/8021q/vlan_dev.c2
-rw-r--r--net/Kconfig3
-rw-r--r--net/appletalk/ddp.c31
-rw-r--r--net/atm/addr.c6
-rw-r--r--net/atm/clip.c2
-rw-r--r--net/atm/common.c6
-rw-r--r--net/atm/ioctl.c34
-rw-r--r--net/atm/lec.c43
-rw-r--r--net/atm/signaling.c8
-rw-r--r--net/atm/svc.c1
-rw-r--r--net/bluetooth/hci_event.c33
-rw-r--r--net/bluetooth/rfcomm/sock.c30
-rw-r--r--net/bridge/br_forward.c3
-rw-r--r--net/bridge/br_netfilter.c8
-rw-r--r--net/core/datagram.c81
-rw-r--r--net/core/dev.c4
-rw-r--r--net/core/neighbour.c25
-rw-r--r--net/core/netpoll.c2
-rw-r--r--net/core/pktgen.c26
-rw-r--r--net/core/skbuff.c5
-rw-r--r--net/core/sock.c20
-rw-r--r--net/dccp/Makefile2
-rw-r--r--net/dccp/ackvec.c419
-rw-r--r--net/dccp/ackvec.h133
-rw-r--r--net/dccp/ccid.h31
-rw-r--r--net/dccp/ccids/ccid3.c56
-rw-r--r--net/dccp/ccids/ccid3.h23
-rw-r--r--net/dccp/dccp.h91
-rw-r--r--net/dccp/input.c94
-rw-r--r--net/dccp/ipv4.c113
-rw-r--r--net/dccp/minisocks.c19
-rw-r--r--net/dccp/options.c443
-rw-r--r--net/dccp/output.c26
-rw-r--r--net/dccp/proto.c94
-rw-r--r--net/econet/af_econet.c2
-rw-r--r--net/ethernet/eth.c31
-rw-r--r--net/ieee80211/ieee80211_module.c2
-rw-r--r--net/ipv4/arp.c21
-rw-r--r--net/ipv4/devinet.c22
-rw-r--r--net/ipv4/fib_frontend.c4
-rw-r--r--net/ipv4/fib_semantics.c4
-rw-r--r--net/ipv4/fib_trie.c49
-rw-r--r--net/ipv4/icmp.c2
-rw-r--r--net/ipv4/igmp.c4
-rw-r--r--net/ipv4/inet_timewait_sock.c6
-rw-r--r--net/ipv4/ip_gre.c4
-rw-r--r--net/ipv4/ipmr.c6
-rw-r--r--net/ipv4/ipvs/ip_vs_conn.c43
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c16
-rw-r--r--net/ipv4/ipvs/ip_vs_sync.c20
-rw-r--r--net/ipv4/netfilter/Kconfig47
-rw-r--r--net/ipv4/netfilter/Makefile12
-rw-r--r--net/ipv4/netfilter/ip_conntrack_amanda.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c48
-rw-r--r--net/ipv4/netfilter/ip_conntrack_ftp.c6
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_pptp.c806
-rw-r--r--net/ipv4/netfilter/ip_conntrack_irc.c6
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netbios_ns.c23
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_gre.c328
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c1
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_tcp.c3
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c6
-rw-r--r--net/ipv4/netfilter/ip_conntrack_tftp.c6
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c37
-rw-r--r--net/ipv4/netfilter/ip_nat_helper.c4
-rw-r--r--net/ipv4/netfilter/ip_nat_helper_pptp.c401
-rw-r--r--net/ipv4/netfilter/ip_nat_proto_gre.c214
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c25
-rw-r--r--net/ipv4/netfilter/ip_queue.c4
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c223
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c6
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c16
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c4
-rw-r--r--net/ipv4/raw.c2
-rw-r--r--net/ipv4/route.c6
-rw-r--r--net/ipv4/tcp_input.c18
-rw-r--r--net/ipv4/tcp_ipv4.c11
-rw-r--r--net/ipv4/tcp_minisocks.c2
-rw-r--r--net/ipv4/tcp_output.c23
-rw-r--r--net/ipv6/addrconf.c4
-rw-r--r--net/ipv6/ip6_output.c2
-rw-r--r--net/ipv6/mcast.c2
-rw-r--r--net/ipv6/netfilter/Kconfig11
-rw-r--r--net/ipv6/netfilter/Makefile2
-rw-r--r--net/ipv6/netfilter/ip6_queue.c4
-rw-r--r--net/ipv6/netfilter/ip6_tables.c52
-rw-r--r--net/ipv6/netfilter/ip6t_ah.c81
-rw-r--r--net/ipv6/netfilter/ip6t_dst.c88
-rw-r--r--net/ipv6/netfilter/ip6t_esp.c73
-rw-r--r--net/ipv6/netfilter/ip6t_frag.c90
-rw-r--r--net/ipv6/netfilter/ip6t_hbh.c88
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c83
-rw-r--r--net/ipv6/raw.c2
-rw-r--r--net/ipv6/tcp_ipv6.c18
-rw-r--r--net/ipv6/udp.c27
-rw-r--r--net/irda/irlan/irlan_eth.c2
-rw-r--r--net/irda/irttp.c16
-rw-r--r--net/llc/Makefile1
-rw-r--r--net/llc/af_llc.c501
-rw-r--r--net/llc/llc_c_ac.c271
-rw-r--r--net/llc/llc_c_ev.c157
-rw-r--r--net/llc/llc_conn.c212
-rw-r--r--net/llc/llc_core.c34
-rw-r--r--net/llc/llc_if.c11
-rw-r--r--net/llc/llc_input.c19
-rw-r--r--net/llc/llc_output.c2
-rw-r--r--net/llc/llc_proc.c2
-rw-r--r--net/llc/llc_s_ac.c16
-rw-r--r--net/llc/llc_sap.c20
-rw-r--r--net/llc/llc_station.c25
-rw-r--r--net/llc/sysctl_net_llc.c131
-rw-r--r--net/netfilter/nfnetlink_log.c4
-rw-r--r--net/netfilter/nfnetlink_queue.c4
-rw-r--r--net/packet/af_packet.c63
-rw-r--r--net/rose/af_rose.c26
-rw-r--r--net/sched/em_meta.c6
-rw-r--r--net/sctp/protocol.c2
-rw-r--r--net/sctp/sm_statefuns.c22
-rw-r--r--net/socket.c20
-rw-r--r--net/sunrpc/svcsock.c83
-rw-r--r--net/sysctl_net.c2
125 files changed, 4397 insertions, 2335 deletions
diff --git a/net/802/p8022.c b/net/802/p8022.c
index b24817c63ca8..2530f35241cd 100644
--- a/net/802/p8022.c
+++ b/net/802/p8022.c
@@ -56,7 +56,7 @@ struct datalink_proto *register_8022_client(unsigned char type,
56 56
57void unregister_8022_client(struct datalink_proto *proto) 57void unregister_8022_client(struct datalink_proto *proto)
58{ 58{
59 llc_sap_close(proto->sap); 59 llc_sap_put(proto->sap);
60 kfree(proto); 60 kfree(proto);
61} 61}
62 62
diff --git a/net/802/psnap.c b/net/802/psnap.c
index ab80b1fab53c..4d638944d933 100644
--- a/net/802/psnap.c
+++ b/net/802/psnap.c
@@ -106,7 +106,7 @@ module_init(snap_init);
106 106
107static void __exit snap_exit(void) 107static void __exit snap_exit(void)
108{ 108{
109 llc_sap_close(snap_sap); 109 llc_sap_put(snap_sap);
110} 110}
111 111
112module_exit(snap_exit); 112module_exit(snap_exit);
diff --git a/net/802/tr.c b/net/802/tr.c
index 1bb7dc1b85cd..1eaa3d19d8bf 100644
--- a/net/802/tr.c
+++ b/net/802/tr.c
@@ -238,7 +238,7 @@ unsigned short tr_type_trans(struct sk_buff *skb, struct net_device *dev)
238 return trllc->ethertype; 238 return trllc->ethertype;
239 } 239 }
240 240
241 return ntohs(ETH_P_802_2); 241 return ntohs(ETH_P_TR_802_2);
242} 242}
243 243
244/* 244/*
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 145f5cde96cf..b74864889670 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -120,7 +120,7 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
120 unsigned short vid; 120 unsigned short vid;
121 struct net_device_stats *stats; 121 struct net_device_stats *stats;
122 unsigned short vlan_TCI; 122 unsigned short vlan_TCI;
123 unsigned short proto; 123 __be16 proto;
124 124
125 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */ 125 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */
126 vlan_TCI = ntohs(vhdr->h_vlan_TCI); 126 vlan_TCI = ntohs(vhdr->h_vlan_TCI);
diff --git a/net/Kconfig b/net/Kconfig
index 2bdd5623fdd5..60f6f321bd76 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -140,6 +140,7 @@ config BRIDGE_NETFILTER
140 140
141 If unsure, say N. 141 If unsure, say N.
142 142
143source "net/netfilter/Kconfig"
143source "net/ipv4/netfilter/Kconfig" 144source "net/ipv4/netfilter/Kconfig"
144source "net/ipv6/netfilter/Kconfig" 145source "net/ipv6/netfilter/Kconfig"
145source "net/decnet/netfilter/Kconfig" 146source "net/decnet/netfilter/Kconfig"
@@ -206,8 +207,6 @@ config NET_PKTGEN
206 To compile this code as a module, choose M here: the 207 To compile this code as a module, choose M here: the
207 module will be called pktgen. 208 module will be called pktgen.
208 209
209source "net/netfilter/Kconfig"
210
211endmenu 210endmenu
212 211
213endmenu 212endmenu
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 1d31b3a3f1e5..7982656b9c83 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -100,8 +100,7 @@ static struct sock *atalk_search_socket(struct sockaddr_at *to,
100 continue; 100 continue;
101 101
102 if (to->sat_addr.s_net == ATADDR_ANYNET && 102 if (to->sat_addr.s_net == ATADDR_ANYNET &&
103 to->sat_addr.s_node == ATADDR_BCAST && 103 to->sat_addr.s_node == ATADDR_BCAST)
104 at->src_net == atif->address.s_net)
105 goto found; 104 goto found;
106 105
107 if (to->sat_addr.s_net == at->src_net && 106 if (to->sat_addr.s_net == at->src_net &&
@@ -1443,8 +1442,10 @@ static int atalk_rcv(struct sk_buff *skb, struct net_device *dev,
1443 else 1442 else
1444 atif = atalk_find_interface(ddp->deh_dnet, ddp->deh_dnode); 1443 atif = atalk_find_interface(ddp->deh_dnet, ddp->deh_dnode);
1445 1444
1446 /* Not ours, so we route the packet via the correct AppleTalk iface */
1447 if (!atif) { 1445 if (!atif) {
1446 /* Not ours, so we route the packet via the correct
1447 * AppleTalk iface
1448 */
1448 atalk_route_packet(skb, dev, ddp, &ddphv, origlen); 1449 atalk_route_packet(skb, dev, ddp, &ddphv, origlen);
1449 goto out; 1450 goto out;
1450 } 1451 }
@@ -1592,9 +1593,6 @@ static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1592 1593
1593 if (usat->sat_addr.s_net || usat->sat_addr.s_node == ATADDR_ANYNODE) { 1594 if (usat->sat_addr.s_net || usat->sat_addr.s_node == ATADDR_ANYNODE) {
1594 rt = atrtr_find(&usat->sat_addr); 1595 rt = atrtr_find(&usat->sat_addr);
1595 if (!rt)
1596 return -ENETUNREACH;
1597
1598 dev = rt->dev; 1596 dev = rt->dev;
1599 } else { 1597 } else {
1600 struct atalk_addr at_hint; 1598 struct atalk_addr at_hint;
@@ -1603,11 +1601,12 @@ static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1603 at_hint.s_net = at->src_net; 1601 at_hint.s_net = at->src_net;
1604 1602
1605 rt = atrtr_find(&at_hint); 1603 rt = atrtr_find(&at_hint);
1606 if (!rt)
1607 return -ENETUNREACH;
1608
1609 dev = rt->dev; 1604 dev = rt->dev;
1610 } 1605 }
1606 if (!rt)
1607 return -ENETUNREACH;
1608
1609 dev = rt->dev;
1611 1610
1612 SOCK_DEBUG(sk, "SK %p: Size needed %d, device %s\n", 1611 SOCK_DEBUG(sk, "SK %p: Size needed %d, device %s\n",
1613 sk, size, dev->name); 1612 sk, size, dev->name);
@@ -1677,6 +1676,20 @@ static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1677 SOCK_DEBUG(sk, "SK %p: Loop back.\n", sk); 1676 SOCK_DEBUG(sk, "SK %p: Loop back.\n", sk);
1678 /* loop back */ 1677 /* loop back */
1679 skb_orphan(skb); 1678 skb_orphan(skb);
1679 if (ddp->deh_dnode == ATADDR_BCAST) {
1680 struct atalk_addr at_lo;
1681
1682 at_lo.s_node = 0;
1683 at_lo.s_net = 0;
1684
1685 rt = atrtr_find(&at_lo);
1686 if (!rt) {
1687 kfree_skb(skb);
1688 return -ENETUNREACH;
1689 }
1690 dev = rt->dev;
1691 skb->dev = dev;
1692 }
1680 ddp_dl->request(ddp_dl, skb, dev->dev_addr); 1693 ddp_dl->request(ddp_dl, skb, dev->dev_addr);
1681 } else { 1694 } else {
1682 SOCK_DEBUG(sk, "SK %p: send out.\n", sk); 1695 SOCK_DEBUG(sk, "SK %p: send out.\n", sk);
diff --git a/net/atm/addr.c b/net/atm/addr.c
index 1c8867f7f54a..a30d0bf48063 100644
--- a/net/atm/addr.c
+++ b/net/atm/addr.c
@@ -50,8 +50,10 @@ void atm_reset_addr(struct atm_dev *dev)
50 struct atm_dev_addr *this, *p; 50 struct atm_dev_addr *this, *p;
51 51
52 spin_lock_irqsave(&dev->lock, flags); 52 spin_lock_irqsave(&dev->lock, flags);
53 list_for_each_entry_safe(this, p, &dev->local, entry) 53 list_for_each_entry_safe(this, p, &dev->local, entry) {
54 kfree(this); 54 list_del(&this->entry);
55 kfree(this);
56 }
55 spin_unlock_irqrestore(&dev->lock, flags); 57 spin_unlock_irqrestore(&dev->lock, flags);
56 notify_sigd(dev); 58 notify_sigd(dev);
57} 59}
diff --git a/net/atm/clip.c b/net/atm/clip.c
index 28dab55a4387..4f54c9a5e84a 100644
--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -310,7 +310,7 @@ static int clip_constructor(struct neighbour *neigh)
310 if (neigh->type != RTN_UNICAST) return -EINVAL; 310 if (neigh->type != RTN_UNICAST) return -EINVAL;
311 311
312 rcu_read_lock(); 312 rcu_read_lock();
313 in_dev = rcu_dereference(__in_dev_get(dev)); 313 in_dev = __in_dev_get_rcu(dev);
314 if (!in_dev) { 314 if (!in_dev) {
315 rcu_read_unlock(); 315 rcu_read_unlock();
316 return -EINVAL; 316 return -EINVAL;
diff --git a/net/atm/common.c b/net/atm/common.c
index e93e838069e8..63feea49fb13 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -46,7 +46,7 @@ static void __vcc_insert_socket(struct sock *sk)
46 struct atm_vcc *vcc = atm_sk(sk); 46 struct atm_vcc *vcc = atm_sk(sk);
47 struct hlist_head *head = &vcc_hash[vcc->vci & 47 struct hlist_head *head = &vcc_hash[vcc->vci &
48 (VCC_HTABLE_SIZE - 1)]; 48 (VCC_HTABLE_SIZE - 1)];
49 sk->sk_hashent = vcc->vci & (VCC_HTABLE_SIZE - 1); 49 sk->sk_hash = vcc->vci & (VCC_HTABLE_SIZE - 1);
50 sk_add_node(sk, head); 50 sk_add_node(sk, head);
51} 51}
52 52
@@ -178,8 +178,6 @@ static void vcc_destroy_socket(struct sock *sk)
178 if (vcc->push) 178 if (vcc->push)
179 vcc->push(vcc, NULL); /* atmarpd has no push */ 179 vcc->push(vcc, NULL); /* atmarpd has no push */
180 180
181 vcc_remove_socket(sk); /* no more receive */
182
183 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { 181 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
184 atm_return(vcc,skb->truesize); 182 atm_return(vcc,skb->truesize);
185 kfree_skb(skb); 183 kfree_skb(skb);
@@ -188,6 +186,8 @@ static void vcc_destroy_socket(struct sock *sk)
188 module_put(vcc->dev->ops->owner); 186 module_put(vcc->dev->ops->owner);
189 atm_dev_put(vcc->dev); 187 atm_dev_put(vcc->dev);
190 } 188 }
189
190 vcc_remove_socket(sk);
191} 191}
192 192
193 193
diff --git a/net/atm/ioctl.c b/net/atm/ioctl.c
index d89056ec44d4..a150198b05a3 100644
--- a/net/atm/ioctl.c
+++ b/net/atm/ioctl.c
@@ -105,17 +105,35 @@ int vcc_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
105 if (!error) 105 if (!error)
106 sock->state = SS_CONNECTED; 106 sock->state = SS_CONNECTED;
107 goto done; 107 goto done;
108 default: 108 case ATM_SETBACKEND:
109 case ATM_NEWBACKENDIF:
110 {
111 atm_backend_t backend;
112 error = get_user(backend, (atm_backend_t __user *) argp);
113 if (error)
114 goto done;
115 switch (backend) {
116 case ATM_BACKEND_PPP:
117 request_module("pppoatm");
118 break;
119 case ATM_BACKEND_BR2684:
120 request_module("br2684");
121 break;
122 }
123 }
124 break;
125 case ATMMPC_CTRL:
126 case ATMMPC_DATA:
127 request_module("mpoa");
128 break;
129 case ATMARPD_CTRL:
130 request_module("clip");
131 break;
132 case ATMLEC_CTRL:
133 request_module("lec");
109 break; 134 break;
110 } 135 }
111 136
112 if (cmd == ATMMPC_CTRL || cmd == ATMMPC_DATA)
113 request_module("mpoa");
114 if (cmd == ATMARPD_CTRL)
115 request_module("clip");
116 if (cmd == ATMLEC_CTRL)
117 request_module("lec");
118
119 error = -ENOIOCTLCMD; 137 error = -ENOIOCTLCMD;
120 138
121 down(&ioctl_mutex); 139 down(&ioctl_mutex);
diff --git a/net/atm/lec.c b/net/atm/lec.c
index a0752487026d..ad840b9afba8 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -686,9 +686,19 @@ static unsigned char lec_ctrl_magic[] = {
686 0x01, 686 0x01,
687 0x01 }; 687 0x01 };
688 688
689#define LEC_DATA_DIRECT_8023 2
690#define LEC_DATA_DIRECT_8025 3
691
692static int lec_is_data_direct(struct atm_vcc *vcc)
693{
694 return ((vcc->sap.blli[0].l3.tr9577.snap[4] == LEC_DATA_DIRECT_8023) ||
695 (vcc->sap.blli[0].l3.tr9577.snap[4] == LEC_DATA_DIRECT_8025));
696}
697
689static void 698static void
690lec_push(struct atm_vcc *vcc, struct sk_buff *skb) 699lec_push(struct atm_vcc *vcc, struct sk_buff *skb)
691{ 700{
701 unsigned long flags;
692 struct net_device *dev = (struct net_device *)vcc->proto_data; 702 struct net_device *dev = (struct net_device *)vcc->proto_data;
693 struct lec_priv *priv = (struct lec_priv *)dev->priv; 703 struct lec_priv *priv = (struct lec_priv *)dev->priv;
694 704
@@ -728,7 +738,8 @@ lec_push(struct atm_vcc *vcc, struct sk_buff *skb)
728 skb_queue_tail(&sk->sk_receive_queue, skb); 738 skb_queue_tail(&sk->sk_receive_queue, skb);
729 sk->sk_data_ready(sk, skb->len); 739 sk->sk_data_ready(sk, skb->len);
730 } else { /* Data frame, queue to protocol handlers */ 740 } else { /* Data frame, queue to protocol handlers */
731 unsigned char *dst; 741 struct lec_arp_table *entry;
742 unsigned char *src, *dst;
732 743
733 atm_return(vcc,skb->truesize); 744 atm_return(vcc,skb->truesize);
734 if (*(uint16_t *)skb->data == htons(priv->lecid) || 745 if (*(uint16_t *)skb->data == htons(priv->lecid) ||
@@ -741,10 +752,30 @@ lec_push(struct atm_vcc *vcc, struct sk_buff *skb)
741 return; 752 return;
742 } 753 }
743#ifdef CONFIG_TR 754#ifdef CONFIG_TR
744 if (priv->is_trdev) dst = ((struct lecdatahdr_8025 *)skb->data)->h_dest; 755 if (priv->is_trdev)
756 dst = ((struct lecdatahdr_8025 *) skb->data)->h_dest;
745 else 757 else
746#endif 758#endif
747 dst = ((struct lecdatahdr_8023 *)skb->data)->h_dest; 759 dst = ((struct lecdatahdr_8023 *) skb->data)->h_dest;
760
761 /* If this is a Data Direct VCC, and the VCC does not match
762 * the LE_ARP cache entry, delete the LE_ARP cache entry.
763 */
764 spin_lock_irqsave(&priv->lec_arp_lock, flags);
765 if (lec_is_data_direct(vcc)) {
766#ifdef CONFIG_TR
767 if (priv->is_trdev)
768 src = ((struct lecdatahdr_8025 *) skb->data)->h_source;
769 else
770#endif
771 src = ((struct lecdatahdr_8023 *) skb->data)->h_source;
772 entry = lec_arp_find(priv, src);
773 if (entry && entry->vcc != vcc) {
774 lec_arp_remove(priv, entry);
775 kfree(entry);
776 }
777 }
778 spin_unlock_irqrestore(&priv->lec_arp_lock, flags);
748 779
749 if (!(dst[0]&0x01) && /* Never filter Multi/Broadcast */ 780 if (!(dst[0]&0x01) && /* Never filter Multi/Broadcast */
750 !priv->is_proxy && /* Proxy wants all the packets */ 781 !priv->is_proxy && /* Proxy wants all the packets */
@@ -1990,6 +2021,12 @@ lec_arp_resolve(struct lec_priv *priv, unsigned char *mac_to_find,
1990 found = entry->vcc; 2021 found = entry->vcc;
1991 goto out; 2022 goto out;
1992 } 2023 }
2024 /* If the LE_ARP cache entry is still pending, reset count to 0
2025 * so another LE_ARP request can be made for this frame.
2026 */
2027 if (entry->status == ESI_ARP_PENDING) {
2028 entry->no_tries = 0;
2029 }
1993 /* Data direct VC not yet set up, check to see if the unknown 2030 /* Data direct VC not yet set up, check to see if the unknown
1994 frame count is greater than the limit. If the limit has 2031 frame count is greater than the limit. If the limit has
1995 not been reached, allow the caller to send packet to 2032 not been reached, allow the caller to send packet to
diff --git a/net/atm/signaling.c b/net/atm/signaling.c
index f7c449ac1800..e7211a7f382c 100644
--- a/net/atm/signaling.c
+++ b/net/atm/signaling.c
@@ -217,8 +217,9 @@ void sigd_enq(struct atm_vcc *vcc,enum atmsvc_msg_type type,
217static void purge_vcc(struct atm_vcc *vcc) 217static void purge_vcc(struct atm_vcc *vcc)
218{ 218{
219 if (sk_atm(vcc)->sk_family == PF_ATMSVC && 219 if (sk_atm(vcc)->sk_family == PF_ATMSVC &&
220 !test_bit(ATM_VF_META,&vcc->flags)) { 220 !test_bit(ATM_VF_META, &vcc->flags)) {
221 set_bit(ATM_VF_RELEASED,&vcc->flags); 221 set_bit(ATM_VF_RELEASED, &vcc->flags);
222 clear_bit(ATM_VF_REGIS, &vcc->flags);
222 vcc_release_async(vcc, -EUNATCH); 223 vcc_release_async(vcc, -EUNATCH);
223 } 224 }
224} 225}
@@ -243,8 +244,7 @@ static void sigd_close(struct atm_vcc *vcc)
243 sk_for_each(s, node, head) { 244 sk_for_each(s, node, head) {
244 struct atm_vcc *vcc = atm_sk(s); 245 struct atm_vcc *vcc = atm_sk(s);
245 246
246 if (vcc->dev) 247 purge_vcc(vcc);
247 purge_vcc(vcc);
248 } 248 }
249 } 249 }
250 read_unlock(&vcc_sklist_lock); 250 read_unlock(&vcc_sklist_lock);
diff --git a/net/atm/svc.c b/net/atm/svc.c
index 08e46052a3e4..d7b266136bf6 100644
--- a/net/atm/svc.c
+++ b/net/atm/svc.c
@@ -302,6 +302,7 @@ static int svc_listen(struct socket *sock,int backlog)
302 error = -EINVAL; 302 error = -EINVAL;
303 goto out; 303 goto out;
304 } 304 }
305 vcc_insert_socket(sk);
305 set_bit(ATM_VF_WAITING, &vcc->flags); 306 set_bit(ATM_VF_WAITING, &vcc->flags);
306 prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); 307 prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE);
307 sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local); 308 sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d6da0939216d..b61b4e8e36fd 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -558,6 +558,35 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
558 hci_dev_unlock(hdev); 558 hci_dev_unlock(hdev);
559} 559}
560 560
561/* Extended Inquiry Result */
562static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
563{
564 struct inquiry_data data;
565 struct extended_inquiry_info *info = (struct extended_inquiry_info *) (skb->data + 1);
566 int num_rsp = *((__u8 *) skb->data);
567
568 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
569
570 if (!num_rsp)
571 return;
572
573 hci_dev_lock(hdev);
574
575 for (; num_rsp; num_rsp--) {
576 bacpy(&data.bdaddr, &info->bdaddr);
577 data.pscan_rep_mode = info->pscan_rep_mode;
578 data.pscan_period_mode = info->pscan_period_mode;
579 data.pscan_mode = 0x00;
580 memcpy(data.dev_class, info->dev_class, 3);
581 data.clock_offset = info->clock_offset;
582 data.rssi = info->rssi;
583 info++;
584 hci_inquiry_cache_update(hdev, &data);
585 }
586
587 hci_dev_unlock(hdev);
588}
589
561/* Connect Request */ 590/* Connect Request */
562static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 591static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
563{ 592{
@@ -940,6 +969,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
940 hci_inquiry_result_with_rssi_evt(hdev, skb); 969 hci_inquiry_result_with_rssi_evt(hdev, skb);
941 break; 970 break;
942 971
972 case HCI_EV_EXTENDED_INQUIRY_RESULT:
973 hci_extended_inquiry_result_evt(hdev, skb);
974 break;
975
943 case HCI_EV_CONN_REQUEST: 976 case HCI_EV_CONN_REQUEST:
944 hci_conn_request_evt(hdev, skb); 977 hci_conn_request_evt(hdev, skb);
945 break; 978 break;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 90e19eb6d3cc..f49e7e938bfb 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -363,6 +363,11 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
363 goto done; 363 goto done;
364 } 364 }
365 365
366 if (sk->sk_type != SOCK_STREAM) {
367 err = -EINVAL;
368 goto done;
369 }
370
366 write_lock_bh(&rfcomm_sk_list.lock); 371 write_lock_bh(&rfcomm_sk_list.lock);
367 372
368 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { 373 if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
@@ -393,13 +398,17 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
393 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 398 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))
394 return -EINVAL; 399 return -EINVAL;
395 400
396 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 401 lock_sock(sk);
397 return -EBADFD;
398 402
399 if (sk->sk_type != SOCK_STREAM) 403 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
400 return -EINVAL; 404 err = -EBADFD;
405 goto done;
406 }
401 407
402 lock_sock(sk); 408 if (sk->sk_type != SOCK_STREAM) {
409 err = -EINVAL;
410 goto done;
411 }
403 412
404 sk->sk_state = BT_CONNECT; 413 sk->sk_state = BT_CONNECT;
405 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 414 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
@@ -410,6 +419,7 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
410 err = bt_sock_wait_state(sk, BT_CONNECTED, 419 err = bt_sock_wait_state(sk, BT_CONNECTED,
411 sock_sndtimeo(sk, flags & O_NONBLOCK)); 420 sock_sndtimeo(sk, flags & O_NONBLOCK));
412 421
422done:
413 release_sock(sk); 423 release_sock(sk);
414 return err; 424 return err;
415} 425}
@@ -428,6 +438,11 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog)
428 goto done; 438 goto done;
429 } 439 }
430 440
441 if (sk->sk_type != SOCK_STREAM) {
442 err = -EINVAL;
443 goto done;
444 }
445
431 if (!rfcomm_pi(sk)->channel) { 446 if (!rfcomm_pi(sk)->channel) {
432 bdaddr_t *src = &bt_sk(sk)->src; 447 bdaddr_t *src = &bt_sk(sk)->src;
433 u8 channel; 448 u8 channel;
@@ -472,6 +487,11 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f
472 goto done; 487 goto done;
473 } 488 }
474 489
490 if (sk->sk_type != SOCK_STREAM) {
491 err = -EINVAL;
492 goto done;
493 }
494
475 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); 495 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
476 496
477 BT_DBG("sk %p timeo %ld", sk, timeo); 497 BT_DBG("sk %p timeo %ld", sk, timeo);
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 069253f830c1..2d24fb400e0c 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -31,7 +31,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
31 31
32int br_dev_queue_push_xmit(struct sk_buff *skb) 32int br_dev_queue_push_xmit(struct sk_buff *skb)
33{ 33{
34 if (skb->len > skb->dev->mtu) 34 /* drop mtu oversized packets except tso */
35 if (skb->len > skb->dev->mtu && !skb_shinfo(skb)->tso_size)
35 kfree_skb(skb); 36 kfree_skb(skb);
36 else { 37 else {
37#ifdef CONFIG_BRIDGE_NETFILTER 38#ifdef CONFIG_BRIDGE_NETFILTER
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 2d52fee63a8c..d8e36b775125 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -214,9 +214,11 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
214 .tos = RT_TOS(iph->tos)} }, .proto = 0}; 214 .tos = RT_TOS(iph->tos)} }, .proto = 0};
215 215
216 if (!ip_route_output_key(&rt, &fl)) { 216 if (!ip_route_output_key(&rt, &fl)) {
217 /* Bridged-and-DNAT'ed traffic doesn't 217 /* - Bridged-and-DNAT'ed traffic doesn't
218 * require ip_forwarding. */ 218 * require ip_forwarding.
219 if (((struct dst_entry *)rt)->dev == dev) { 219 * - Deal with redirected traffic. */
220 if (((struct dst_entry *)rt)->dev == dev ||
221 rt->rt_type == RTN_LOCAL) {
220 skb->dst = (struct dst_entry *)rt; 222 skb->dst = (struct dst_entry *)rt;
221 goto bridged_dnat; 223 goto bridged_dnat;
222 } 224 }
diff --git a/net/core/datagram.c b/net/core/datagram.c
index da9bf71421a7..81987df536eb 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -211,74 +211,45 @@ void skb_free_datagram(struct sock *sk, struct sk_buff *skb)
211int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset, 211int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
212 struct iovec *to, int len) 212 struct iovec *to, int len)
213{ 213{
214 int start = skb_headlen(skb); 214 int i, err, fraglen, end = 0;
215 int i, copy = start - offset; 215 struct sk_buff *next = skb_shinfo(skb)->frag_list;
216 216next_skb:
217 /* Copy header. */ 217 fraglen = skb_headlen(skb);
218 if (copy > 0) { 218 i = -1;
219 if (copy > len)
220 copy = len;
221 if (memcpy_toiovec(to, skb->data + offset, copy))
222 goto fault;
223 if ((len -= copy) == 0)
224 return 0;
225 offset += copy;
226 }
227 219
228 /* Copy paged appendix. Hmm... why does this look so complicated? */ 220 while (1) {
229 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 221 int start = end;
230 int end;
231
232 BUG_TRAP(start <= offset + len);
233 222
234 end = start + skb_shinfo(skb)->frags[i].size; 223 if ((end += fraglen) > offset) {
235 if ((copy = end - offset) > 0) { 224 int copy = end - offset, o = offset - start;
236 int err;
237 u8 *vaddr;
238 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
239 struct page *page = frag->page;
240 225
241 if (copy > len) 226 if (copy > len)
242 copy = len; 227 copy = len;
243 vaddr = kmap(page); 228 if (i == -1)
244 err = memcpy_toiovec(to, vaddr + frag->page_offset + 229 err = memcpy_toiovec(to, skb->data + o, copy);
245 offset - start, copy); 230 else {
246 kunmap(page); 231 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
232 struct page *page = frag->page;
233 void *p = kmap(page) + frag->page_offset + o;
234 err = memcpy_toiovec(to, p, copy);
235 kunmap(page);
236 }
247 if (err) 237 if (err)
248 goto fault; 238 goto fault;
249 if (!(len -= copy)) 239 if (!(len -= copy))
250 return 0; 240 return 0;
251 offset += copy; 241 offset += copy;
252 } 242 }
253 start = end; 243 if (++i >= skb_shinfo(skb)->nr_frags)
244 break;
245 fraglen = skb_shinfo(skb)->frags[i].size;
254 } 246 }
255 247 if (next) {
256 if (skb_shinfo(skb)->frag_list) { 248 skb = next;
257 struct sk_buff *list = skb_shinfo(skb)->frag_list; 249 BUG_ON(skb_shinfo(skb)->frag_list);
258 250 next = skb->next;
259 for (; list; list = list->next) { 251 goto next_skb;
260 int end;
261
262 BUG_TRAP(start <= offset + len);
263
264 end = start + list->len;
265 if ((copy = end - offset) > 0) {
266 if (copy > len)
267 copy = len;
268 if (skb_copy_datagram_iovec(list,
269 offset - start,
270 to, copy))
271 goto fault;
272 if ((len -= copy) == 0)
273 return 0;
274 offset += copy;
275 }
276 start = end;
277 }
278 } 252 }
279 if (!len)
280 return 0;
281
282fault: 253fault:
283 return -EFAULT; 254 return -EFAULT;
284} 255}
diff --git a/net/core/dev.c b/net/core/dev.c
index c01511e3d0c1..9066c874e273 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -574,6 +574,8 @@ struct net_device *dev_getbyhwaddr(unsigned short type, char *ha)
574 return dev; 574 return dev;
575} 575}
576 576
577EXPORT_SYMBOL(dev_getbyhwaddr);
578
577struct net_device *dev_getfirstbyhwtype(unsigned short type) 579struct net_device *dev_getfirstbyhwtype(unsigned short type)
578{ 580{
579 struct net_device *dev; 581 struct net_device *dev;
@@ -1257,6 +1259,8 @@ int dev_queue_xmit(struct sk_buff *skb)
1257 if (skb_checksum_help(skb, 0)) 1259 if (skb_checksum_help(skb, 0))
1258 goto out_kfree_skb; 1260 goto out_kfree_skb;
1259 1261
1262 spin_lock_prefetch(&dev->queue_lock);
1263
1260 /* Disable soft irqs for various locks below. Also 1264 /* Disable soft irqs for various locks below. Also
1261 * stops preemption for RCU. 1265 * stops preemption for RCU.
1262 */ 1266 */
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 39fc55edf691..4128fc76ac3a 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -61,7 +61,9 @@ static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev);
61void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev); 61void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev);
62 62
63static struct neigh_table *neigh_tables; 63static struct neigh_table *neigh_tables;
64#ifdef CONFIG_PROC_FS
64static struct file_operations neigh_stat_seq_fops; 65static struct file_operations neigh_stat_seq_fops;
66#endif
65 67
66/* 68/*
67 Neighbour hash table buckets are protected with rwlock tbl->lock. 69 Neighbour hash table buckets are protected with rwlock tbl->lock.
@@ -725,6 +727,13 @@ static __inline__ int neigh_max_probes(struct neighbour *n)
725 p->ucast_probes + p->app_probes + p->mcast_probes); 727 p->ucast_probes + p->app_probes + p->mcast_probes);
726} 728}
727 729
730static inline void neigh_add_timer(struct neighbour *n, unsigned long when)
731{
732 if (unlikely(mod_timer(&n->timer, when))) {
733 printk("NEIGH: BUG, double timer add, state is %x\n",
734 n->nud_state);
735 }
736}
728 737
729/* Called when a timer expires for a neighbour entry. */ 738/* Called when a timer expires for a neighbour entry. */
730 739
@@ -809,8 +818,7 @@ static void neigh_timer_handler(unsigned long arg)
809 neigh_hold(neigh); 818 neigh_hold(neigh);
810 if (time_before(next, jiffies + HZ/2)) 819 if (time_before(next, jiffies + HZ/2))
811 next = jiffies + HZ/2; 820 next = jiffies + HZ/2;
812 neigh->timer.expires = next; 821 neigh_add_timer(neigh, next);
813 add_timer(&neigh->timer);
814 } 822 }
815 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { 823 if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) {
816 struct sk_buff *skb = skb_peek(&neigh->arp_queue); 824 struct sk_buff *skb = skb_peek(&neigh->arp_queue);
@@ -852,8 +860,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
852 atomic_set(&neigh->probes, neigh->parms->ucast_probes); 860 atomic_set(&neigh->probes, neigh->parms->ucast_probes);
853 neigh->nud_state = NUD_INCOMPLETE; 861 neigh->nud_state = NUD_INCOMPLETE;
854 neigh_hold(neigh); 862 neigh_hold(neigh);
855 neigh->timer.expires = now + 1; 863 neigh_add_timer(neigh, now + 1);
856 add_timer(&neigh->timer);
857 } else { 864 } else {
858 neigh->nud_state = NUD_FAILED; 865 neigh->nud_state = NUD_FAILED;
859 write_unlock_bh(&neigh->lock); 866 write_unlock_bh(&neigh->lock);
@@ -866,8 +873,8 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
866 NEIGH_PRINTK2("neigh %p is delayed.\n", neigh); 873 NEIGH_PRINTK2("neigh %p is delayed.\n", neigh);
867 neigh_hold(neigh); 874 neigh_hold(neigh);
868 neigh->nud_state = NUD_DELAY; 875 neigh->nud_state = NUD_DELAY;
869 neigh->timer.expires = jiffies + neigh->parms->delay_probe_time; 876 neigh_add_timer(neigh,
870 add_timer(&neigh->timer); 877 jiffies + neigh->parms->delay_probe_time);
871 } 878 }
872 879
873 if (neigh->nud_state == NUD_INCOMPLETE) { 880 if (neigh->nud_state == NUD_INCOMPLETE) {
@@ -1013,10 +1020,10 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
1013 neigh_del_timer(neigh); 1020 neigh_del_timer(neigh);
1014 if (new & NUD_IN_TIMER) { 1021 if (new & NUD_IN_TIMER) {
1015 neigh_hold(neigh); 1022 neigh_hold(neigh);
1016 neigh->timer.expires = jiffies + 1023 neigh_add_timer(neigh, (jiffies +
1017 ((new & NUD_REACHABLE) ? 1024 ((new & NUD_REACHABLE) ?
1018 neigh->parms->reachable_time : 0); 1025 neigh->parms->reachable_time :
1019 add_timer(&neigh->timer); 1026 0)));
1020 } 1027 }
1021 neigh->nud_state = new; 1028 neigh->nud_state = new;
1022 } 1029 }
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 5265dfd69928..802fe11efad0 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -703,7 +703,7 @@ int netpoll_setup(struct netpoll *np)
703 703
704 if (!np->local_ip) { 704 if (!np->local_ip) {
705 rcu_read_lock(); 705 rcu_read_lock();
706 in_dev = __in_dev_get(ndev); 706 in_dev = __in_dev_get_rcu(ndev);
707 707
708 if (!in_dev || !in_dev->ifa_list) { 708 if (!in_dev || !in_dev->ifa_list) {
709 rcu_read_unlock(); 709 rcu_read_unlock();
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index ef430b1e8e42..5f043d346694 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -186,7 +186,7 @@
186 186
187/* Used to help with determining the pkts on receive */ 187/* Used to help with determining the pkts on receive */
188#define PKTGEN_MAGIC 0xbe9be955 188#define PKTGEN_MAGIC 0xbe9be955
189#define PG_PROC_DIR "pktgen" 189#define PG_PROC_DIR "net/pktgen"
190 190
191#define MAX_CFLOWS 65536 191#define MAX_CFLOWS 65536
192 192
@@ -1476,18 +1476,7 @@ static int proc_thread_write(struct file *file, const char __user *user_buffer,
1476 1476
1477static int create_proc_dir(void) 1477static int create_proc_dir(void)
1478{ 1478{
1479 int len; 1479 pg_proc_dir = proc_mkdir(PG_PROC_DIR, NULL);
1480 /* does proc_dir already exists */
1481 len = strlen(PG_PROC_DIR);
1482
1483 for (pg_proc_dir = proc_net->subdir; pg_proc_dir; pg_proc_dir=pg_proc_dir->next) {
1484 if ((pg_proc_dir->namelen == len) &&
1485 (! memcmp(pg_proc_dir->name, PG_PROC_DIR, len)))
1486 break;
1487 }
1488
1489 if (!pg_proc_dir)
1490 pg_proc_dir = create_proc_entry(PG_PROC_DIR, S_IFDIR, proc_net);
1491 1480
1492 if (!pg_proc_dir) 1481 if (!pg_proc_dir)
1493 return -ENODEV; 1482 return -ENODEV;
@@ -1497,7 +1486,7 @@ static int create_proc_dir(void)
1497 1486
1498static int remove_proc_dir(void) 1487static int remove_proc_dir(void)
1499{ 1488{
1500 remove_proc_entry(PG_PROC_DIR, proc_net); 1489 remove_proc_entry(PG_PROC_DIR, NULL);
1501 return 0; 1490 return 0;
1502} 1491}
1503 1492
@@ -1678,13 +1667,12 @@ static void pktgen_setup_inject(struct pktgen_dev *pkt_dev)
1678 struct in_device *in_dev; 1667 struct in_device *in_dev;
1679 1668
1680 rcu_read_lock(); 1669 rcu_read_lock();
1681 in_dev = __in_dev_get(pkt_dev->odev); 1670 in_dev = __in_dev_get_rcu(pkt_dev->odev);
1682 if (in_dev) { 1671 if (in_dev) {
1683 if (in_dev->ifa_list) { 1672 if (in_dev->ifa_list) {
1684 pkt_dev->saddr_min = in_dev->ifa_list->ifa_address; 1673 pkt_dev->saddr_min = in_dev->ifa_list->ifa_address;
1685 pkt_dev->saddr_max = pkt_dev->saddr_min; 1674 pkt_dev->saddr_max = pkt_dev->saddr_min;
1686 } 1675 }
1687 __in_dev_put(in_dev);
1688 } 1676 }
1689 rcu_read_unlock(); 1677 rcu_read_unlock();
1690 } 1678 }
@@ -2908,7 +2896,7 @@ static int pktgen_add_device(struct pktgen_thread *t, const char* ifname)
2908 pkt_dev->udp_dst_max = 9; 2896 pkt_dev->udp_dst_max = 9;
2909 2897
2910 strncpy(pkt_dev->ifname, ifname, 31); 2898 strncpy(pkt_dev->ifname, ifname, 31);
2911 sprintf(pkt_dev->fname, "net/%s/%s", PG_PROC_DIR, ifname); 2899 sprintf(pkt_dev->fname, "%s/%s", PG_PROC_DIR, ifname);
2912 2900
2913 if (! pktgen_setup_dev(pkt_dev)) { 2901 if (! pktgen_setup_dev(pkt_dev)) {
2914 printk("pktgen: ERROR: pktgen_setup_dev failed.\n"); 2902 printk("pktgen: ERROR: pktgen_setup_dev failed.\n");
@@ -2981,7 +2969,7 @@ static int pktgen_create_thread(const char* name, int cpu)
2981 spin_lock_init(&t->if_lock); 2969 spin_lock_init(&t->if_lock);
2982 t->cpu = cpu; 2970 t->cpu = cpu;
2983 2971
2984 sprintf(t->fname, "net/%s/%s", PG_PROC_DIR, t->name); 2972 sprintf(t->fname, "%s/%s", PG_PROC_DIR, t->name);
2985 t->proc_ent = create_proc_entry(t->fname, 0600, NULL); 2973 t->proc_ent = create_proc_entry(t->fname, 0600, NULL);
2986 if (!t->proc_ent) { 2974 if (!t->proc_ent) {
2987 printk("pktgen: cannot create %s procfs entry.\n", t->fname); 2975 printk("pktgen: cannot create %s procfs entry.\n", t->fname);
@@ -3064,7 +3052,7 @@ static int __init pg_init(void)
3064 3052
3065 create_proc_dir(); 3053 create_proc_dir();
3066 3054
3067 sprintf(module_fname, "net/%s/pgctrl", PG_PROC_DIR); 3055 sprintf(module_fname, "%s/pgctrl", PG_PROC_DIR);
3068 module_proc_ent = create_proc_entry(module_fname, 0600, NULL); 3056 module_proc_ent = create_proc_entry(module_fname, 0600, NULL);
3069 if (!module_proc_ent) { 3057 if (!module_proc_ent) {
3070 printk("pktgen: ERROR: cannot create %s procfs entry.\n", module_fname); 3058 printk("pktgen: ERROR: cannot create %s procfs entry.\n", module_fname);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index f80a28785610..0e9431b59fb2 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -71,8 +71,6 @@
71static kmem_cache_t *skbuff_head_cache __read_mostly; 71static kmem_cache_t *skbuff_head_cache __read_mostly;
72static kmem_cache_t *skbuff_fclone_cache __read_mostly; 72static kmem_cache_t *skbuff_fclone_cache __read_mostly;
73 73
74struct timeval __read_mostly skb_tv_base;
75
76/* 74/*
77 * Keep out-of-line to prevent kernel bloat. 75 * Keep out-of-line to prevent kernel bloat.
78 * __builtin_return_address is not used because it is not always 76 * __builtin_return_address is not used because it is not always
@@ -1708,8 +1706,6 @@ void __init skb_init(void)
1708 NULL, NULL); 1706 NULL, NULL);
1709 if (!skbuff_fclone_cache) 1707 if (!skbuff_fclone_cache)
1710 panic("cannot create skbuff cache"); 1708 panic("cannot create skbuff cache");
1711
1712 do_gettimeofday(&skb_tv_base);
1713} 1709}
1714 1710
1715EXPORT_SYMBOL(___pskb_trim); 1711EXPORT_SYMBOL(___pskb_trim);
@@ -1743,4 +1739,3 @@ EXPORT_SYMBOL(skb_prepare_seq_read);
1743EXPORT_SYMBOL(skb_seq_read); 1739EXPORT_SYMBOL(skb_seq_read);
1744EXPORT_SYMBOL(skb_abort_seq_read); 1740EXPORT_SYMBOL(skb_abort_seq_read);
1745EXPORT_SYMBOL(skb_find_text); 1741EXPORT_SYMBOL(skb_find_text);
1746EXPORT_SYMBOL(skb_tv_base);
diff --git a/net/core/sock.c b/net/core/sock.c
index ac63b56e23b2..928d2a1d6d8e 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -660,16 +660,20 @@ struct sock *sk_alloc(int family, unsigned int __nocast priority,
660 sock_lock_init(sk); 660 sock_lock_init(sk);
661 } 661 }
662 662
663 if (security_sk_alloc(sk, family, priority)) { 663 if (security_sk_alloc(sk, family, priority))
664 if (slab != NULL) 664 goto out_free;
665 kmem_cache_free(slab, sk); 665
666 else 666 if (!try_module_get(prot->owner))
667 kfree(sk); 667 goto out_free;
668 sk = NULL;
669 } else
670 __module_get(prot->owner);
671 } 668 }
672 return sk; 669 return sk;
670
671out_free:
672 if (slab != NULL)
673 kmem_cache_free(slab, sk);
674 else
675 kfree(sk);
676 return NULL;
673} 677}
674 678
675void sk_free(struct sock *sk) 679void sk_free(struct sock *sk)
diff --git a/net/dccp/Makefile b/net/dccp/Makefile
index fb97bb042455..344a8da153fc 100644
--- a/net/dccp/Makefile
+++ b/net/dccp/Makefile
@@ -3,6 +3,8 @@ obj-$(CONFIG_IP_DCCP) += dccp.o
3dccp-y := ccid.o input.o ipv4.o minisocks.o options.o output.o proto.o \ 3dccp-y := ccid.o input.o ipv4.o minisocks.o options.o output.o proto.o \
4 timer.o 4 timer.o
5 5
6dccp-$(CONFIG_IP_DCCP_ACKVEC) += ackvec.o
7
6obj-$(CONFIG_INET_DCCP_DIAG) += dccp_diag.o 8obj-$(CONFIG_INET_DCCP_DIAG) += dccp_diag.o
7 9
8dccp_diag-y := diag.o 10dccp_diag-y := diag.o
diff --git a/net/dccp/ackvec.c b/net/dccp/ackvec.c
new file mode 100644
index 000000000000..6530283eafca
--- /dev/null
+++ b/net/dccp/ackvec.c
@@ -0,0 +1,419 @@
1/*
2 * net/dccp/ackvec.c
3 *
4 * An implementation of the DCCP protocol
5 * Copyright (c) 2005 Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; version 2 of the License;
10 */
11
12#include "ackvec.h"
13#include "dccp.h"
14
15#include <linux/dccp.h>
16#include <linux/skbuff.h>
17
18#include <net/sock.h>
19
20int dccp_insert_option_ackvec(struct sock *sk, struct sk_buff *skb)
21{
22 struct dccp_sock *dp = dccp_sk(sk);
23 struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec;
24 int len = av->dccpav_vec_len + 2;
25 struct timeval now;
26 u32 elapsed_time;
27 unsigned char *to, *from;
28
29 dccp_timestamp(sk, &now);
30 elapsed_time = timeval_delta(&now, &av->dccpav_time) / 10;
31
32 if (elapsed_time != 0)
33 dccp_insert_option_elapsed_time(sk, skb, elapsed_time);
34
35 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN)
36 return -1;
37
38 /*
39 * XXX: now we have just one ack vector sent record, so
40 * we have to wait for it to be cleared.
41 *
42 * Of course this is not acceptable, but this is just for
43 * basic testing now.
44 */
45 if (av->dccpav_ack_seqno != DCCP_MAX_SEQNO + 1)
46 return -1;
47
48 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
49
50 to = skb_push(skb, len);
51 *to++ = DCCPO_ACK_VECTOR_0;
52 *to++ = len;
53
54 len = av->dccpav_vec_len;
55 from = av->dccpav_buf + av->dccpav_buf_head;
56
57 /* Check if buf_head wraps */
58 if (av->dccpav_buf_head + len > av->dccpav_vec_len) {
59 const u32 tailsize = (av->dccpav_vec_len - av->dccpav_buf_head);
60
61 memcpy(to, from, tailsize);
62 to += tailsize;
63 len -= tailsize;
64 from = av->dccpav_buf;
65 }
66
67 memcpy(to, from, len);
68 /*
69 * From draft-ietf-dccp-spec-11.txt:
70 *
71 * For each acknowledgement it sends, the HC-Receiver will add an
72 * acknowledgement record. ack_seqno will equal the HC-Receiver
73 * sequence number it used for the ack packet; ack_ptr will equal
74 * buf_head; ack_ackno will equal buf_ackno; and ack_nonce will
75 * equal buf_nonce.
76 *
77 * This implemention uses just one ack record for now.
78 */
79 av->dccpav_ack_seqno = DCCP_SKB_CB(skb)->dccpd_seq;
80 av->dccpav_ack_ptr = av->dccpav_buf_head;
81 av->dccpav_ack_ackno = av->dccpav_buf_ackno;
82 av->dccpav_ack_nonce = av->dccpav_buf_nonce;
83 av->dccpav_sent_len = av->dccpav_vec_len;
84
85 dccp_pr_debug("%sACK Vector 0, len=%d, ack_seqno=%llu, "
86 "ack_ackno=%llu\n",
87 debug_prefix, av->dccpav_sent_len,
88 (unsigned long long)av->dccpav_ack_seqno,
89 (unsigned long long)av->dccpav_ack_ackno);
90 return -1;
91}
92
93struct dccp_ackvec *dccp_ackvec_alloc(const unsigned int len,
94 const unsigned int __nocast priority)
95{
96 struct dccp_ackvec *av = kmalloc(sizeof(*av) + len, priority);
97
98 if (av != NULL) {
99 av->dccpav_buf_len = len;
100 av->dccpav_buf_head =
101 av->dccpav_buf_tail = av->dccpav_buf_len - 1;
102 av->dccpav_buf_ackno =
103 av->dccpav_ack_ackno = av->dccpav_ack_seqno = ~0LLU;
104 av->dccpav_buf_nonce = av->dccpav_buf_nonce = 0;
105 av->dccpav_ack_ptr = 0;
106 av->dccpav_time.tv_sec = 0;
107 av->dccpav_time.tv_usec = 0;
108 av->dccpav_sent_len = av->dccpav_vec_len = 0;
109 }
110
111 return av;
112}
113
114void dccp_ackvec_free(struct dccp_ackvec *av)
115{
116 kfree(av);
117}
118
119static inline u8 dccp_ackvec_state(const struct dccp_ackvec *av,
120 const unsigned int index)
121{
122 return av->dccpav_buf[index] & DCCP_ACKVEC_STATE_MASK;
123}
124
125static inline u8 dccp_ackvec_len(const struct dccp_ackvec *av,
126 const unsigned int index)
127{
128 return av->dccpav_buf[index] & DCCP_ACKVEC_LEN_MASK;
129}
130
131/*
132 * If several packets are missing, the HC-Receiver may prefer to enter multiple
133 * bytes with run length 0, rather than a single byte with a larger run length;
134 * this simplifies table updates if one of the missing packets arrives.
135 */
136static inline int dccp_ackvec_set_buf_head_state(struct dccp_ackvec *av,
137 const unsigned int packets,
138 const unsigned char state)
139{
140 unsigned int gap;
141 signed long new_head;
142
143 if (av->dccpav_vec_len + packets > av->dccpav_buf_len)
144 return -ENOBUFS;
145
146 gap = packets - 1;
147 new_head = av->dccpav_buf_head - packets;
148
149 if (new_head < 0) {
150 if (gap > 0) {
151 memset(av->dccpav_buf, DCCP_ACKVEC_STATE_NOT_RECEIVED,
152 gap + new_head + 1);
153 gap = -new_head;
154 }
155 new_head += av->dccpav_buf_len;
156 }
157
158 av->dccpav_buf_head = new_head;
159
160 if (gap > 0)
161 memset(av->dccpav_buf + av->dccpav_buf_head + 1,
162 DCCP_ACKVEC_STATE_NOT_RECEIVED, gap);
163
164 av->dccpav_buf[av->dccpav_buf_head] = state;
165 av->dccpav_vec_len += packets;
166 return 0;
167}
168
169/*
170 * Implements the draft-ietf-dccp-spec-11.txt Appendix A
171 */
172int dccp_ackvec_add(struct dccp_ackvec *av, const struct sock *sk,
173 const u64 ackno, const u8 state)
174{
175 /*
176 * Check at the right places if the buffer is full, if it is, tell the
177 * caller to start dropping packets till the HC-Sender acks our ACK
178 * vectors, when we will free up space in dccpav_buf.
179 *
180 * We may well decide to do buffer compression, etc, but for now lets
181 * just drop.
182 *
183 * From Appendix A:
184 *
185 * Of course, the circular buffer may overflow, either when the
186 * HC-Sender is sending data at a very high rate, when the
187 * HC-Receiver's acknowledgements are not reaching the HC-Sender,
188 * or when the HC-Sender is forgetting to acknowledge those acks
189 * (so the HC-Receiver is unable to clean up old state). In this
190 * case, the HC-Receiver should either compress the buffer (by
191 * increasing run lengths when possible), transfer its state to
192 * a larger buffer, or, as a last resort, drop all received
193 * packets, without processing them whatsoever, until its buffer
194 * shrinks again.
195 */
196
197 /* See if this is the first ackno being inserted */
198 if (av->dccpav_vec_len == 0) {
199 av->dccpav_buf[av->dccpav_buf_head] = state;
200 av->dccpav_vec_len = 1;
201 } else if (after48(ackno, av->dccpav_buf_ackno)) {
202 const u64 delta = dccp_delta_seqno(av->dccpav_buf_ackno,
203 ackno);
204
205 /*
206 * Look if the state of this packet is the same as the
207 * previous ackno and if so if we can bump the head len.
208 */
209 if (delta == 1 &&
210 dccp_ackvec_state(av, av->dccpav_buf_head) == state &&
211 (dccp_ackvec_len(av, av->dccpav_buf_head) <
212 DCCP_ACKVEC_LEN_MASK))
213 av->dccpav_buf[av->dccpav_buf_head]++;
214 else if (dccp_ackvec_set_buf_head_state(av, delta, state))
215 return -ENOBUFS;
216 } else {
217 /*
218 * A.1.2. Old Packets
219 *
220 * When a packet with Sequence Number S arrives, and
221 * S <= buf_ackno, the HC-Receiver will scan the table
222 * for the byte corresponding to S. (Indexing structures
223 * could reduce the complexity of this scan.)
224 */
225 u64 delta = dccp_delta_seqno(ackno, av->dccpav_buf_ackno);
226 unsigned int index = av->dccpav_buf_head;
227
228 while (1) {
229 const u8 len = dccp_ackvec_len(av, index);
230 const u8 state = dccp_ackvec_state(av, index);
231 /*
232 * valid packets not yet in dccpav_buf have a reserved
233 * entry, with a len equal to 0.
234 */
235 if (state == DCCP_ACKVEC_STATE_NOT_RECEIVED &&
236 len == 0 && delta == 0) { /* Found our
237 reserved seat! */
238 dccp_pr_debug("Found %llu reserved seat!\n",
239 (unsigned long long)ackno);
240 av->dccpav_buf[index] = state;
241 goto out;
242 }
243 /* len == 0 means one packet */
244 if (delta < len + 1)
245 goto out_duplicate;
246
247 delta -= len + 1;
248 if (++index == av->dccpav_buf_len)
249 index = 0;
250 }
251 }
252
253 av->dccpav_buf_ackno = ackno;
254 dccp_timestamp(sk, &av->dccpav_time);
255out:
256 dccp_pr_debug("");
257 return 0;
258
259out_duplicate:
260 /* Duplicate packet */
261 dccp_pr_debug("Received a dup or already considered lost "
262 "packet: %llu\n", (unsigned long long)ackno);
263 return -EILSEQ;
264}
265
266#ifdef CONFIG_IP_DCCP_DEBUG
267void dccp_ackvector_print(const u64 ackno, const unsigned char *vector, int len)
268{
269 if (!dccp_debug)
270 return;
271
272 printk("ACK vector len=%d, ackno=%llu |", len,
273 (unsigned long long)ackno);
274
275 while (len--) {
276 const u8 state = (*vector & DCCP_ACKVEC_STATE_MASK) >> 6;
277 const u8 rl = *vector & DCCP_ACKVEC_LEN_MASK;
278
279 printk("%d,%d|", state, rl);
280 ++vector;
281 }
282
283 printk("\n");
284}
285
286void dccp_ackvec_print(const struct dccp_ackvec *av)
287{
288 dccp_ackvector_print(av->dccpav_buf_ackno,
289 av->dccpav_buf + av->dccpav_buf_head,
290 av->dccpav_vec_len);
291}
292#endif
293
294static void dccp_ackvec_trow_away_ack_record(struct dccp_ackvec *av)
295{
296 /*
297 * As we're keeping track of the ack vector size (dccpav_vec_len) and
298 * the sent ack vector size (dccpav_sent_len) we don't need
299 * dccpav_buf_tail at all, but keep this code here as in the future
300 * we'll implement a vector of ack records, as suggested in
301 * draft-ietf-dccp-spec-11.txt Appendix A. -acme
302 */
303#if 0
304 av->dccpav_buf_tail = av->dccpav_ack_ptr + 1;
305 if (av->dccpav_buf_tail >= av->dccpav_vec_len)
306 av->dccpav_buf_tail -= av->dccpav_vec_len;
307#endif
308 av->dccpav_vec_len -= av->dccpav_sent_len;
309}
310
311void dccp_ackvec_check_rcv_ackno(struct dccp_ackvec *av, struct sock *sk,
312 const u64 ackno)
313{
314 /* Check if we actually sent an ACK vector */
315 if (av->dccpav_ack_seqno == DCCP_MAX_SEQNO + 1)
316 return;
317
318 if (ackno == av->dccpav_ack_seqno) {
319#ifdef CONFIG_IP_DCCP_DEBUG
320 struct dccp_sock *dp = dccp_sk(sk);
321 const char *debug_prefix = dp->dccps_role == DCCP_ROLE_CLIENT ?
322 "CLIENT rx ack: " : "server rx ack: ";
323#endif
324 dccp_pr_debug("%sACK packet 0, len=%d, ack_seqno=%llu, "
325 "ack_ackno=%llu, ACKED!\n",
326 debug_prefix, 1,
327 (unsigned long long)av->dccpav_ack_seqno,
328 (unsigned long long)av->dccpav_ack_ackno);
329 dccp_ackvec_trow_away_ack_record(av);
330 av->dccpav_ack_seqno = DCCP_MAX_SEQNO + 1;
331 }
332}
333
334static void dccp_ackvec_check_rcv_ackvector(struct dccp_ackvec *av,
335 struct sock *sk, u64 ackno,
336 const unsigned char len,
337 const unsigned char *vector)
338{
339 unsigned char i;
340
341 /* Check if we actually sent an ACK vector */
342 if (av->dccpav_ack_seqno == DCCP_MAX_SEQNO + 1)
343 return;
344 /*
345 * We're in the receiver half connection, so if the received an ACK
346 * vector ackno (e.g. 50) before dccpav_ack_seqno (e.g. 52), we're
347 * not interested.
348 *
349 * Extra explanation with example:
350 *
351 * if we received an ACK vector with ackno 50, it can only be acking
352 * 50, 49, 48, etc, not 52 (the seqno for the ACK vector we sent).
353 */
354 /* dccp_pr_debug("is %llu < %llu? ", ackno, av->dccpav_ack_seqno); */
355 if (before48(ackno, av->dccpav_ack_seqno)) {
356 /* dccp_pr_debug_cat("yes\n"); */
357 return;
358 }
359 /* dccp_pr_debug_cat("no\n"); */
360
361 i = len;
362 while (i--) {
363 const u8 rl = *vector & DCCP_ACKVEC_LEN_MASK;
364 u64 ackno_end_rl;
365
366 dccp_set_seqno(&ackno_end_rl, ackno - rl);
367
368 /*
369 * dccp_pr_debug("is %llu <= %llu <= %llu? ", ackno_end_rl,
370 * av->dccpav_ack_seqno, ackno);
371 */
372 if (between48(av->dccpav_ack_seqno, ackno_end_rl, ackno)) {
373 const u8 state = (*vector &
374 DCCP_ACKVEC_STATE_MASK) >> 6;
375 /* dccp_pr_debug_cat("yes\n"); */
376
377 if (state != DCCP_ACKVEC_STATE_NOT_RECEIVED) {
378#ifdef CONFIG_IP_DCCP_DEBUG
379 struct dccp_sock *dp = dccp_sk(sk);
380 const char *debug_prefix =
381 dp->dccps_role == DCCP_ROLE_CLIENT ?
382 "CLIENT rx ack: " : "server rx ack: ";
383#endif
384 dccp_pr_debug("%sACK vector 0, len=%d, "
385 "ack_seqno=%llu, ack_ackno=%llu, "
386 "ACKED!\n",
387 debug_prefix, len,
388 (unsigned long long)
389 av->dccpav_ack_seqno,
390 (unsigned long long)
391 av->dccpav_ack_ackno);
392 dccp_ackvec_trow_away_ack_record(av);
393 }
394 /*
395 * If dccpav_ack_seqno was not received, no problem
396 * we'll send another ACK vector.
397 */
398 av->dccpav_ack_seqno = DCCP_MAX_SEQNO + 1;
399 break;
400 }
401 /* dccp_pr_debug_cat("no\n"); */
402
403 dccp_set_seqno(&ackno, ackno_end_rl - 1);
404 ++vector;
405 }
406}
407
408int dccp_ackvec_parse(struct sock *sk, const struct sk_buff *skb,
409 const u8 opt, const u8 *value, const u8 len)
410{
411 if (len > DCCP_MAX_ACKVEC_LEN)
412 return -1;
413
414 /* dccp_ackvector_print(DCCP_SKB_CB(skb)->dccpd_ack_seq, value, len); */
415 dccp_ackvec_check_rcv_ackvector(dccp_sk(sk)->dccps_hc_rx_ackvec, sk,
416 DCCP_SKB_CB(skb)->dccpd_ack_seq,
417 len, value);
418 return 0;
419}
diff --git a/net/dccp/ackvec.h b/net/dccp/ackvec.h
new file mode 100644
index 000000000000..8ca51c9191f7
--- /dev/null
+++ b/net/dccp/ackvec.h
@@ -0,0 +1,133 @@
1#ifndef _ACKVEC_H
2#define _ACKVEC_H
3/*
4 * net/dccp/ackvec.h
5 *
6 * An implementation of the DCCP protocol
7 * Copyright (c) 2005 Arnaldo Carvalho de Melo <acme@mandriva.com>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14#include <linux/config.h>
15#include <linux/compiler.h>
16#include <linux/time.h>
17#include <linux/types.h>
18
19/* Read about the ECN nonce to see why it is 253 */
20#define DCCP_MAX_ACKVEC_LEN 253
21
22#define DCCP_ACKVEC_STATE_RECEIVED 0
23#define DCCP_ACKVEC_STATE_ECN_MARKED (1 << 6)
24#define DCCP_ACKVEC_STATE_NOT_RECEIVED (3 << 6)
25
26#define DCCP_ACKVEC_STATE_MASK 0xC0 /* 11000000 */
27#define DCCP_ACKVEC_LEN_MASK 0x3F /* 00111111 */
28
29/** struct dccp_ackvec - ack vector
30 *
31 * This data structure is the one defined in the DCCP draft
32 * Appendix A.
33 *
34 * @dccpav_buf_head - circular buffer head
35 * @dccpav_buf_tail - circular buffer tail
36 * @dccpav_buf_ackno - ack # of the most recent packet acknowledgeable in the
37 * buffer (i.e. %dccpav_buf_head)
38 * @dccpav_buf_nonce - the one-bit sum of the ECN Nonces on all packets acked
39 * by the buffer with State 0
40 *
41 * Additionally, the HC-Receiver must keep some information about the
42 * Ack Vectors it has recently sent. For each packet sent carrying an
43 * Ack Vector, it remembers four variables:
44 *
45 * @dccpav_ack_seqno - the Sequence Number used for the packet
46 * (HC-Receiver seqno)
47 * @dccpav_ack_ptr - the value of buf_head at the time of acknowledgement.
48 * @dccpav_ack_ackno - the Acknowledgement Number used for the packet
49 * (HC-Sender seqno)
50 * @dccpav_ack_nonce - the one-bit sum of the ECN Nonces for all State 0.
51 *
52 * @dccpav_buf_len - circular buffer length
53 * @dccpav_time - the time in usecs
54 * @dccpav_buf - circular buffer of acknowledgeable packets
55 */
56struct dccp_ackvec {
57 unsigned int dccpav_buf_head;
58 unsigned int dccpav_buf_tail;
59 u64 dccpav_buf_ackno;
60 u64 dccpav_ack_seqno;
61 u64 dccpav_ack_ackno;
62 unsigned int dccpav_ack_ptr;
63 unsigned int dccpav_sent_len;
64 unsigned int dccpav_vec_len;
65 unsigned int dccpav_buf_len;
66 struct timeval dccpav_time;
67 u8 dccpav_buf_nonce;
68 u8 dccpav_ack_nonce;
69 u8 dccpav_buf[0];
70};
71
72struct sock;
73struct sk_buff;
74
75#ifdef CONFIG_IP_DCCP_ACKVEC
76extern struct dccp_ackvec *dccp_ackvec_alloc(unsigned int len,
77 const unsigned int __nocast priority);
78extern void dccp_ackvec_free(struct dccp_ackvec *av);
79
80extern int dccp_ackvec_add(struct dccp_ackvec *av, const struct sock *sk,
81 const u64 ackno, const u8 state);
82
83extern void dccp_ackvec_check_rcv_ackno(struct dccp_ackvec *av,
84 struct sock *sk, const u64 ackno);
85extern int dccp_ackvec_parse(struct sock *sk, const struct sk_buff *skb,
86 const u8 opt, const u8 *value, const u8 len);
87
88extern int dccp_insert_option_ackvec(struct sock *sk, struct sk_buff *skb);
89
90static inline int dccp_ackvec_pending(const struct dccp_ackvec *av)
91{
92 return av->dccpav_sent_len != av->dccpav_vec_len;
93}
94#else /* CONFIG_IP_DCCP_ACKVEC */
95static inline struct dccp_ackvec *dccp_ackvec_alloc(unsigned int len,
96 const unsigned int __nocast priority)
97{
98 return NULL;
99}
100
101static inline void dccp_ackvec_free(struct dccp_ackvec *av)
102{
103}
104
105static inline int dccp_ackvec_add(struct dccp_ackvec *av, const struct sock *sk,
106 const u64 ackno, const u8 state)
107{
108 return -1;
109}
110
111static inline void dccp_ackvec_check_rcv_ackno(struct dccp_ackvec *av,
112 struct sock *sk, const u64 ackno)
113{
114}
115
116static inline int dccp_ackvec_parse(struct sock *sk, const struct sk_buff *skb,
117 const u8 opt, const u8 *value, const u8 len)
118{
119 return -1;
120}
121
122static inline int dccp_insert_option_ackvec(const struct sock *sk,
123 const struct sk_buff *skb)
124{
125 return -1;
126}
127
128static inline int dccp_ackvec_pending(const struct dccp_ackvec *av)
129{
130 return 0;
131}
132#endif /* CONFIG_IP_DCCP_ACKVEC */
133#endif /* _ACKVEC_H */
diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h
index 962f1e9e2f7e..21e55142dcd3 100644
--- a/net/dccp/ccid.h
+++ b/net/dccp/ccid.h
@@ -14,6 +14,7 @@
14 */ 14 */
15 15
16#include <net/sock.h> 16#include <net/sock.h>
17#include <linux/compiler.h>
17#include <linux/dccp.h> 18#include <linux/dccp.h>
18#include <linux/list.h> 19#include <linux/list.h>
19#include <linux/module.h> 20#include <linux/module.h>
@@ -54,6 +55,14 @@ struct ccid {
54 struct tcp_info *info); 55 struct tcp_info *info);
55 void (*ccid_hc_tx_get_info)(struct sock *sk, 56 void (*ccid_hc_tx_get_info)(struct sock *sk,
56 struct tcp_info *info); 57 struct tcp_info *info);
58 int (*ccid_hc_rx_getsockopt)(struct sock *sk,
59 const int optname, int len,
60 u32 __user *optval,
61 int __user *optlen);
62 int (*ccid_hc_tx_getsockopt)(struct sock *sk,
63 const int optname, int len,
64 u32 __user *optval,
65 int __user *optlen);
57}; 66};
58 67
59extern int ccid_register(struct ccid *ccid); 68extern int ccid_register(struct ccid *ccid);
@@ -177,4 +186,26 @@ static inline void ccid_hc_tx_get_info(struct ccid *ccid, struct sock *sk,
177 if (ccid->ccid_hc_tx_get_info != NULL) 186 if (ccid->ccid_hc_tx_get_info != NULL)
178 ccid->ccid_hc_tx_get_info(sk, info); 187 ccid->ccid_hc_tx_get_info(sk, info);
179} 188}
189
190static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk,
191 const int optname, int len,
192 u32 __user *optval, int __user *optlen)
193{
194 int rc = -ENOPROTOOPT;
195 if (ccid->ccid_hc_rx_getsockopt != NULL)
196 rc = ccid->ccid_hc_rx_getsockopt(sk, optname, len,
197 optval, optlen);
198 return rc;
199}
200
201static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk,
202 const int optname, int len,
203 u32 __user *optval, int __user *optlen)
204{
205 int rc = -ENOPROTOOPT;
206 if (ccid->ccid_hc_tx_getsockopt != NULL)
207 rc = ccid->ccid_hc_tx_getsockopt(sk, optname, len,
208 optval, optlen);
209 return rc;
210}
180#endif /* _CCID_H */ 211#endif /* _CCID_H */
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
index 38aa84986118..aa68e0ab274d 100644
--- a/net/dccp/ccids/ccid3.c
+++ b/net/dccp/ccids/ccid3.c
@@ -1120,6 +1120,60 @@ static void ccid3_hc_tx_get_info(struct sock *sk, struct tcp_info *info)
1120 info->tcpi_rtt = hctx->ccid3hctx_rtt; 1120 info->tcpi_rtt = hctx->ccid3hctx_rtt;
1121} 1121}
1122 1122
1123static int ccid3_hc_rx_getsockopt(struct sock *sk, const int optname, int len,
1124 u32 __user *optval, int __user *optlen)
1125{
1126 const struct ccid3_hc_rx_sock *hcrx = ccid3_hc_rx_sk(sk);
1127 const void *val;
1128
1129 /* Listen socks doesn't have a private CCID block */
1130 if (sk->sk_state == DCCP_LISTEN)
1131 return -EINVAL;
1132
1133 switch (optname) {
1134 case DCCP_SOCKOPT_CCID_RX_INFO:
1135 if (len < sizeof(hcrx->ccid3hcrx_tfrc))
1136 return -EINVAL;
1137 len = sizeof(hcrx->ccid3hcrx_tfrc);
1138 val = &hcrx->ccid3hcrx_tfrc;
1139 break;
1140 default:
1141 return -ENOPROTOOPT;
1142 }
1143
1144 if (put_user(len, optlen) || copy_to_user(optval, val, len))
1145 return -EFAULT;
1146
1147 return 0;
1148}
1149
1150static int ccid3_hc_tx_getsockopt(struct sock *sk, const int optname, int len,
1151 u32 __user *optval, int __user *optlen)
1152{
1153 const struct ccid3_hc_tx_sock *hctx = ccid3_hc_tx_sk(sk);
1154 const void *val;
1155
1156 /* Listen socks doesn't have a private CCID block */
1157 if (sk->sk_state == DCCP_LISTEN)
1158 return -EINVAL;
1159
1160 switch (optname) {
1161 case DCCP_SOCKOPT_CCID_TX_INFO:
1162 if (len < sizeof(hctx->ccid3hctx_tfrc))
1163 return -EINVAL;
1164 len = sizeof(hctx->ccid3hctx_tfrc);
1165 val = &hctx->ccid3hctx_tfrc;
1166 break;
1167 default:
1168 return -ENOPROTOOPT;
1169 }
1170
1171 if (put_user(len, optlen) || copy_to_user(optval, val, len))
1172 return -EFAULT;
1173
1174 return 0;
1175}
1176
1123static struct ccid ccid3 = { 1177static struct ccid ccid3 = {
1124 .ccid_id = 3, 1178 .ccid_id = 3,
1125 .ccid_name = "ccid3", 1179 .ccid_name = "ccid3",
@@ -1139,6 +1193,8 @@ static struct ccid ccid3 = {
1139 .ccid_hc_rx_packet_recv = ccid3_hc_rx_packet_recv, 1193 .ccid_hc_rx_packet_recv = ccid3_hc_rx_packet_recv,
1140 .ccid_hc_rx_get_info = ccid3_hc_rx_get_info, 1194 .ccid_hc_rx_get_info = ccid3_hc_rx_get_info,
1141 .ccid_hc_tx_get_info = ccid3_hc_tx_get_info, 1195 .ccid_hc_tx_get_info = ccid3_hc_tx_get_info,
1196 .ccid_hc_rx_getsockopt = ccid3_hc_rx_getsockopt,
1197 .ccid_hc_tx_getsockopt = ccid3_hc_tx_getsockopt,
1142}; 1198};
1143 1199
1144module_param(ccid3_debug, int, 0444); 1200module_param(ccid3_debug, int, 0444);
diff --git a/net/dccp/ccids/ccid3.h b/net/dccp/ccids/ccid3.h
index eb248778eea3..0bde4583d091 100644
--- a/net/dccp/ccids/ccid3.h
+++ b/net/dccp/ccids/ccid3.h
@@ -40,6 +40,7 @@
40#include <linux/list.h> 40#include <linux/list.h>
41#include <linux/time.h> 41#include <linux/time.h>
42#include <linux/types.h> 42#include <linux/types.h>
43#include <linux/tfrc.h>
43 44
44#define TFRC_MIN_PACKET_SIZE 16 45#define TFRC_MIN_PACKET_SIZE 16
45#define TFRC_STD_PACKET_SIZE 256 46#define TFRC_STD_PACKET_SIZE 256
@@ -93,12 +94,15 @@ struct ccid3_options_received {
93 * @ccid3hctx_hist - Packet history 94 * @ccid3hctx_hist - Packet history
94 */ 95 */
95struct ccid3_hc_tx_sock { 96struct ccid3_hc_tx_sock {
96 u32 ccid3hctx_x; 97 struct tfrc_tx_info ccid3hctx_tfrc;
97 u32 ccid3hctx_x_recv; 98#define ccid3hctx_x ccid3hctx_tfrc.tfrctx_x
98 u32 ccid3hctx_x_calc; 99#define ccid3hctx_x_recv ccid3hctx_tfrc.tfrctx_x_recv
100#define ccid3hctx_x_calc ccid3hctx_tfrc.tfrctx_x_calc
101#define ccid3hctx_rtt ccid3hctx_tfrc.tfrctx_rtt
102#define ccid3hctx_p ccid3hctx_tfrc.tfrctx_p
103#define ccid3hctx_t_rto ccid3hctx_tfrc.tfrctx_rto
104#define ccid3hctx_t_ipi ccid3hctx_tfrc.tfrctx_ipi
99 u16 ccid3hctx_s; 105 u16 ccid3hctx_s;
100 u32 ccid3hctx_rtt;
101 u32 ccid3hctx_p;
102 u8 ccid3hctx_state; 106 u8 ccid3hctx_state;
103 u8 ccid3hctx_last_win_count; 107 u8 ccid3hctx_last_win_count;
104 u8 ccid3hctx_idle; 108 u8 ccid3hctx_idle;
@@ -106,19 +110,19 @@ struct ccid3_hc_tx_sock {
106 struct timer_list ccid3hctx_no_feedback_timer; 110 struct timer_list ccid3hctx_no_feedback_timer;
107 struct timeval ccid3hctx_t_ld; 111 struct timeval ccid3hctx_t_ld;
108 struct timeval ccid3hctx_t_nom; 112 struct timeval ccid3hctx_t_nom;
109 u32 ccid3hctx_t_rto;
110 u32 ccid3hctx_t_ipi;
111 u32 ccid3hctx_delta; 113 u32 ccid3hctx_delta;
112 struct list_head ccid3hctx_hist; 114 struct list_head ccid3hctx_hist;
113 struct ccid3_options_received ccid3hctx_options_received; 115 struct ccid3_options_received ccid3hctx_options_received;
114}; 116};
115 117
116struct ccid3_hc_rx_sock { 118struct ccid3_hc_rx_sock {
119 struct tfrc_rx_info ccid3hcrx_tfrc;
120#define ccid3hcrx_x_recv ccid3hcrx_tfrc.tfrcrx_x_recv
121#define ccid3hcrx_rtt ccid3hcrx_tfrc.tfrcrx_rtt
122#define ccid3hcrx_p ccid3hcrx_tfrc.tfrcrx_p
117 u64 ccid3hcrx_seqno_last_counter:48, 123 u64 ccid3hcrx_seqno_last_counter:48,
118 ccid3hcrx_state:8, 124 ccid3hcrx_state:8,
119 ccid3hcrx_last_counter:4; 125 ccid3hcrx_last_counter:4;
120 u32 ccid3hcrx_rtt;
121 u32 ccid3hcrx_p;
122 u32 ccid3hcrx_bytes_recv; 126 u32 ccid3hcrx_bytes_recv;
123 struct timeval ccid3hcrx_tstamp_last_feedback; 127 struct timeval ccid3hcrx_tstamp_last_feedback;
124 struct timeval ccid3hcrx_tstamp_last_ack; 128 struct timeval ccid3hcrx_tstamp_last_ack;
@@ -127,7 +131,6 @@ struct ccid3_hc_rx_sock {
127 u16 ccid3hcrx_s; 131 u16 ccid3hcrx_s;
128 u32 ccid3hcrx_pinv; 132 u32 ccid3hcrx_pinv;
129 u32 ccid3hcrx_elapsed_time; 133 u32 ccid3hcrx_elapsed_time;
130 u32 ccid3hcrx_x_recv;
131}; 134};
132 135
133static inline struct ccid3_hc_tx_sock *ccid3_hc_tx_sk(const struct sock *sk) 136static inline struct ccid3_hc_tx_sock *ccid3_hc_tx_sk(const struct sock *sk)
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index 95c4630b3b18..5871c027f9dc 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -17,6 +17,7 @@
17#include <net/snmp.h> 17#include <net/snmp.h>
18#include <net/sock.h> 18#include <net/sock.h>
19#include <net/tcp.h> 19#include <net/tcp.h>
20#include "ackvec.h"
20 21
21#ifdef CONFIG_IP_DCCP_DEBUG 22#ifdef CONFIG_IP_DCCP_DEBUG
22extern int dccp_debug; 23extern int dccp_debug;
@@ -258,13 +259,12 @@ extern int dccp_v4_send_reset(struct sock *sk,
258extern void dccp_send_close(struct sock *sk, const int active); 259extern void dccp_send_close(struct sock *sk, const int active);
259 260
260struct dccp_skb_cb { 261struct dccp_skb_cb {
261 __u8 dccpd_type; 262 __u8 dccpd_type:4;
262 __u8 dccpd_reset_code; 263 __u8 dccpd_ccval:4;
263 __u8 dccpd_service; 264 __u8 dccpd_reset_code;
264 __u8 dccpd_ccval; 265 __u16 dccpd_opt_len;
265 __u64 dccpd_seq; 266 __u64 dccpd_seq;
266 __u64 dccpd_ack_seq; 267 __u64 dccpd_ack_seq;
267 int dccpd_opt_len;
268}; 268};
269 269
270#define DCCP_SKB_CB(__skb) ((struct dccp_skb_cb *)&((__skb)->cb[0])) 270#define DCCP_SKB_CB(__skb) ((struct dccp_skb_cb *)&((__skb)->cb[0]))
@@ -359,6 +359,17 @@ static inline void dccp_update_gss(struct sock *sk, u64 seq)
359 (dp->dccps_gss - 359 (dp->dccps_gss -
360 dp->dccps_options.dccpo_sequence_window + 1)); 360 dp->dccps_options.dccpo_sequence_window + 1));
361} 361}
362
363static inline int dccp_ack_pending(const struct sock *sk)
364{
365 const struct dccp_sock *dp = dccp_sk(sk);
366 return dp->dccps_timestamp_echo != 0 ||
367#ifdef CONFIG_IP_DCCP_ACKVEC
368 (dp->dccps_options.dccpo_send_ack_vector &&
369 dccp_ackvec_pending(dp->dccps_hc_rx_ackvec)) ||
370#endif
371 inet_csk_ack_scheduled(sk);
372}
362 373
363extern void dccp_insert_options(struct sock *sk, struct sk_buff *skb); 374extern void dccp_insert_options(struct sock *sk, struct sk_buff *skb);
364extern void dccp_insert_option_elapsed_time(struct sock *sk, 375extern void dccp_insert_option_elapsed_time(struct sock *sk,
@@ -372,65 +383,6 @@ extern void dccp_insert_option(struct sock *sk, struct sk_buff *skb,
372 383
373extern struct socket *dccp_ctl_socket; 384extern struct socket *dccp_ctl_socket;
374 385
375#define DCCP_ACKPKTS_STATE_RECEIVED 0
376#define DCCP_ACKPKTS_STATE_ECN_MARKED (1 << 6)
377#define DCCP_ACKPKTS_STATE_NOT_RECEIVED (3 << 6)
378
379#define DCCP_ACKPKTS_STATE_MASK 0xC0 /* 11000000 */
380#define DCCP_ACKPKTS_LEN_MASK 0x3F /* 00111111 */
381
382/** struct dccp_ackpkts - acknowledgeable packets
383 *
384 * This data structure is the one defined in the DCCP draft
385 * Appendix A.
386 *
387 * @dccpap_buf_head - circular buffer head
388 * @dccpap_buf_tail - circular buffer tail
389 * @dccpap_buf_ackno - ack # of the most recent packet acknowledgeable in the
390 * buffer (i.e. %dccpap_buf_head)
391 * @dccpap_buf_nonce - the one-bit sum of the ECN Nonces on all packets acked
392 * by the buffer with State 0
393 *
394 * Additionally, the HC-Receiver must keep some information about the
395 * Ack Vectors it has recently sent. For each packet sent carrying an
396 * Ack Vector, it remembers four variables:
397 *
398 * @dccpap_ack_seqno - the Sequence Number used for the packet
399 * (HC-Receiver seqno)
400 * @dccpap_ack_ptr - the value of buf_head at the time of acknowledgement.
401 * @dccpap_ack_ackno - the Acknowledgement Number used for the packet
402 * (HC-Sender seqno)
403 * @dccpap_ack_nonce - the one-bit sum of the ECN Nonces for all State 0.
404 *
405 * @dccpap_buf_len - circular buffer length
406 * @dccpap_time - the time in usecs
407 * @dccpap_buf - circular buffer of acknowledgeable packets
408 */
409struct dccp_ackpkts {
410 unsigned int dccpap_buf_head;
411 unsigned int dccpap_buf_tail;
412 u64 dccpap_buf_ackno;
413 u64 dccpap_ack_seqno;
414 u64 dccpap_ack_ackno;
415 unsigned int dccpap_ack_ptr;
416 unsigned int dccpap_buf_vector_len;
417 unsigned int dccpap_ack_vector_len;
418 unsigned int dccpap_buf_len;
419 struct timeval dccpap_time;
420 u8 dccpap_buf_nonce;
421 u8 dccpap_ack_nonce;
422 u8 dccpap_buf[0];
423};
424
425extern struct dccp_ackpkts *
426 dccp_ackpkts_alloc(unsigned int len,
427 const unsigned int __nocast priority);
428extern void dccp_ackpkts_free(struct dccp_ackpkts *ap);
429extern int dccp_ackpkts_add(struct dccp_ackpkts *ap, const struct sock *sk,
430 u64 ackno, u8 state);
431extern void dccp_ackpkts_check_rcv_ackno(struct dccp_ackpkts *ap,
432 struct sock *sk, u64 ackno);
433
434extern void dccp_timestamp(const struct sock *sk, struct timeval *tv); 386extern void dccp_timestamp(const struct sock *sk, struct timeval *tv);
435 387
436static inline suseconds_t timeval_usecs(const struct timeval *tv) 388static inline suseconds_t timeval_usecs(const struct timeval *tv)
@@ -471,15 +423,4 @@ static inline void timeval_sub_usecs(struct timeval *tv,
471 } 423 }
472} 424}
473 425
474#ifdef CONFIG_IP_DCCP_DEBUG
475extern void dccp_ackvector_print(const u64 ackno,
476 const unsigned char *vector, int len);
477extern void dccp_ackpkts_print(const struct dccp_ackpkts *ap);
478#else
479static inline void dccp_ackvector_print(const u64 ackno,
480 const unsigned char *vector,
481 int len) { }
482static inline void dccp_ackpkts_print(const struct dccp_ackpkts *ap) { }
483#endif
484
485#endif /* _DCCP_H */ 426#endif /* _DCCP_H */
diff --git a/net/dccp/input.c b/net/dccp/input.c
index c60bc3433f5e..1b6b2cb12376 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -16,6 +16,7 @@
16 16
17#include <net/sock.h> 17#include <net/sock.h>
18 18
19#include "ackvec.h"
19#include "ccid.h" 20#include "ccid.h"
20#include "dccp.h" 21#include "dccp.h"
21 22
@@ -50,7 +51,8 @@ static void dccp_rcv_closereq(struct sock *sk, struct sk_buff *skb)
50 return; 51 return;
51 } 52 }
52 53
53 dccp_set_state(sk, DCCP_CLOSING); 54 if (sk->sk_state != DCCP_CLOSING)
55 dccp_set_state(sk, DCCP_CLOSING);
54 dccp_send_close(sk, 0); 56 dccp_send_close(sk, 0);
55} 57}
56 58
@@ -59,8 +61,8 @@ static inline void dccp_event_ack_recv(struct sock *sk, struct sk_buff *skb)
59 struct dccp_sock *dp = dccp_sk(sk); 61 struct dccp_sock *dp = dccp_sk(sk);
60 62
61 if (dp->dccps_options.dccpo_send_ack_vector) 63 if (dp->dccps_options.dccpo_send_ack_vector)
62 dccp_ackpkts_check_rcv_ackno(dp->dccps_hc_rx_ackpkts, sk, 64 dccp_ackvec_check_rcv_ackno(dp->dccps_hc_rx_ackvec, sk,
63 DCCP_SKB_CB(skb)->dccpd_ack_seq); 65 DCCP_SKB_CB(skb)->dccpd_ack_seq);
64} 66}
65 67
66static int dccp_check_seqno(struct sock *sk, struct sk_buff *skb) 68static int dccp_check_seqno(struct sock *sk, struct sk_buff *skb)
@@ -163,37 +165,11 @@ int dccp_rcv_established(struct sock *sk, struct sk_buff *skb,
163 if (DCCP_SKB_CB(skb)->dccpd_ack_seq != DCCP_PKT_WITHOUT_ACK_SEQ) 165 if (DCCP_SKB_CB(skb)->dccpd_ack_seq != DCCP_PKT_WITHOUT_ACK_SEQ)
164 dccp_event_ack_recv(sk, skb); 166 dccp_event_ack_recv(sk, skb);
165 167
166 /* 168 if (dp->dccps_options.dccpo_send_ack_vector &&
167 * FIXME: check ECN to see if we should use 169 dccp_ackvec_add(dp->dccps_hc_rx_ackvec, sk,
168 * DCCP_ACKPKTS_STATE_ECN_MARKED 170 DCCP_SKB_CB(skb)->dccpd_seq,
169 */ 171 DCCP_ACKVEC_STATE_RECEIVED))
170 if (dp->dccps_options.dccpo_send_ack_vector) { 172 goto discard;
171 struct dccp_ackpkts *ap = dp->dccps_hc_rx_ackpkts;
172
173 if (dccp_ackpkts_add(dp->dccps_hc_rx_ackpkts, sk,
174 DCCP_SKB_CB(skb)->dccpd_seq,
175 DCCP_ACKPKTS_STATE_RECEIVED)) {
176 LIMIT_NETDEBUG(KERN_WARNING "DCCP: acknowledgeable "
177 "packets buffer full!\n");
178 ap->dccpap_ack_seqno = DCCP_MAX_SEQNO + 1;
179 inet_csk_schedule_ack(sk);
180 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
181 TCP_DELACK_MIN,
182 DCCP_RTO_MAX);
183 goto discard;
184 }
185
186 /*
187 * FIXME: this activation is probably wrong, have to study more
188 * TCP delack machinery and how it fits into DCCP draft, but
189 * for now it kinda "works" 8)
190 */
191 if (!inet_csk_ack_scheduled(sk)) {
192 inet_csk_schedule_ack(sk);
193 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, 5 * HZ,
194 DCCP_RTO_MAX);
195 }
196 }
197 173
198 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 174 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
199 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 175 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
@@ -383,9 +359,9 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
383 } 359 }
384 360
385out_invalid_packet: 361out_invalid_packet:
386 return 1; /* dccp_v4_do_rcv will send a reset, but... 362 /* dccp_v4_do_rcv will send a reset */
387 FIXME: the reset code should be 363 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_PACKET_ERROR;
388 DCCP_RESET_CODE_PACKET_ERROR */ 364 return 1;
389} 365}
390 366
391static int dccp_rcv_respond_partopen_state_process(struct sock *sk, 367static int dccp_rcv_respond_partopen_state_process(struct sock *sk,
@@ -432,6 +408,7 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
432 struct dccp_hdr *dh, unsigned len) 408 struct dccp_hdr *dh, unsigned len)
433{ 409{
434 struct dccp_sock *dp = dccp_sk(sk); 410 struct dccp_sock *dp = dccp_sk(sk);
411 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
435 const int old_state = sk->sk_state; 412 const int old_state = sk->sk_state;
436 int queued = 0; 413 int queued = 0;
437 414
@@ -472,7 +449,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
472 if (dh->dccph_type == DCCP_PKT_RESET) 449 if (dh->dccph_type == DCCP_PKT_RESET)
473 goto discard; 450 goto discard;
474 451
475 /* Caller (dccp_v4_do_rcv) will send Reset(No Connection)*/ 452 /* Caller (dccp_v4_do_rcv) will send Reset */
453 dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION;
476 return 1; 454 return 1;
477 } 455 }
478 456
@@ -486,36 +464,17 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
486 if (dccp_parse_options(sk, skb)) 464 if (dccp_parse_options(sk, skb))
487 goto discard; 465 goto discard;
488 466
489 if (DCCP_SKB_CB(skb)->dccpd_ack_seq != 467 if (dcb->dccpd_ack_seq != DCCP_PKT_WITHOUT_ACK_SEQ)
490 DCCP_PKT_WITHOUT_ACK_SEQ)
491 dccp_event_ack_recv(sk, skb); 468 dccp_event_ack_recv(sk, skb);
492 469
493 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 470 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
494 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 471 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
495 472
496 /* 473 if (dp->dccps_options.dccpo_send_ack_vector &&
497 * FIXME: check ECN to see if we should use 474 dccp_ackvec_add(dp->dccps_hc_rx_ackvec, sk,
498 * DCCP_ACKPKTS_STATE_ECN_MARKED 475 DCCP_SKB_CB(skb)->dccpd_seq,
499 */ 476 DCCP_ACKVEC_STATE_RECEIVED))
500 if (dp->dccps_options.dccpo_send_ack_vector) { 477 goto discard;
501 if (dccp_ackpkts_add(dp->dccps_hc_rx_ackpkts, sk,
502 DCCP_SKB_CB(skb)->dccpd_seq,
503 DCCP_ACKPKTS_STATE_RECEIVED))
504 goto discard;
505 /*
506 * FIXME: this activation is probably wrong, have to
507 * study more TCP delack machinery and how it fits into
508 * DCCP draft, but for now it kinda "works" 8)
509 */
510 if ((dp->dccps_hc_rx_ackpkts->dccpap_ack_seqno ==
511 DCCP_MAX_SEQNO + 1) &&
512 !inet_csk_ack_scheduled(sk)) {
513 inet_csk_schedule_ack(sk);
514 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
515 TCP_DELACK_MIN,
516 DCCP_RTO_MAX);
517 }
518 }
519 } 478 }
520 479
521 /* 480 /*
@@ -550,8 +509,7 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
550 dh->dccph_type == DCCP_PKT_REQUEST) || 509 dh->dccph_type == DCCP_PKT_REQUEST) ||
551 (sk->sk_state == DCCP_RESPOND && 510 (sk->sk_state == DCCP_RESPOND &&
552 dh->dccph_type == DCCP_PKT_DATA)) { 511 dh->dccph_type == DCCP_PKT_DATA)) {
553 dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq, 512 dccp_send_sync(sk, dcb->dccpd_seq, DCCP_PKT_SYNC);
554 DCCP_PKT_SYNC);
555 goto discard; 513 goto discard;
556 } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { 514 } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) {
557 dccp_rcv_closereq(sk, skb); 515 dccp_rcv_closereq(sk, skb);
@@ -561,8 +519,14 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
561 return 0; 519 return 0;
562 } 520 }
563 521
522 if (unlikely(dh->dccph_type == DCCP_PKT_SYNC)) {
523 dccp_send_sync(sk, dcb->dccpd_seq, DCCP_PKT_SYNCACK);
524 goto discard;
525 }
526
564 switch (sk->sk_state) { 527 switch (sk->sk_state) {
565 case DCCP_CLOSED: 528 case DCCP_CLOSED:
529 dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION;
566 return 1; 530 return 1;
567 531
568 case DCCP_REQUESTING: 532 case DCCP_REQUESTING:
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 2afaa464e7f0..ae088d1347af 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -23,6 +23,7 @@
23#include <net/tcp_states.h> 23#include <net/tcp_states.h>
24#include <net/xfrm.h> 24#include <net/xfrm.h>
25 25
26#include "ackvec.h"
26#include "ccid.h" 27#include "ccid.h"
27#include "dccp.h" 28#include "dccp.h"
28 29
@@ -61,27 +62,27 @@ static int __dccp_v4_check_established(struct sock *sk, const __u16 lport,
61 const int dif = sk->sk_bound_dev_if; 62 const int dif = sk->sk_bound_dev_if;
62 INET_ADDR_COOKIE(acookie, saddr, daddr) 63 INET_ADDR_COOKIE(acookie, saddr, daddr)
63 const __u32 ports = INET_COMBINED_PORTS(inet->dport, lport); 64 const __u32 ports = INET_COMBINED_PORTS(inet->dport, lport);
64 const int hash = inet_ehashfn(daddr, lport, saddr, inet->dport, 65 unsigned int hash = inet_ehashfn(daddr, lport, saddr, inet->dport);
65 dccp_hashinfo.ehash_size); 66 struct inet_ehash_bucket *head = inet_ehash_bucket(&dccp_hashinfo, hash);
66 struct inet_ehash_bucket *head = &dccp_hashinfo.ehash[hash];
67 const struct sock *sk2; 67 const struct sock *sk2;
68 const struct hlist_node *node; 68 const struct hlist_node *node;
69 struct inet_timewait_sock *tw; 69 struct inet_timewait_sock *tw;
70 70
71 prefetch(head->chain.first);
71 write_lock(&head->lock); 72 write_lock(&head->lock);
72 73
73 /* Check TIME-WAIT sockets first. */ 74 /* Check TIME-WAIT sockets first. */
74 sk_for_each(sk2, node, &(head + dccp_hashinfo.ehash_size)->chain) { 75 sk_for_each(sk2, node, &(head + dccp_hashinfo.ehash_size)->chain) {
75 tw = inet_twsk(sk2); 76 tw = inet_twsk(sk2);
76 77
77 if (INET_TW_MATCH(sk2, acookie, saddr, daddr, ports, dif)) 78 if (INET_TW_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif))
78 goto not_unique; 79 goto not_unique;
79 } 80 }
80 tw = NULL; 81 tw = NULL;
81 82
82 /* And established part... */ 83 /* And established part... */
83 sk_for_each(sk2, node, &head->chain) { 84 sk_for_each(sk2, node, &head->chain) {
84 if (INET_MATCH(sk2, acookie, saddr, daddr, ports, dif)) 85 if (INET_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif))
85 goto not_unique; 86 goto not_unique;
86 } 87 }
87 88
@@ -89,7 +90,7 @@ static int __dccp_v4_check_established(struct sock *sk, const __u16 lport,
89 * in hash table socket with a funny identity. */ 90 * in hash table socket with a funny identity. */
90 inet->num = lport; 91 inet->num = lport;
91 inet->sport = htons(lport); 92 inet->sport = htons(lport);
92 sk->sk_hashent = hash; 93 sk->sk_hash = hash;
93 BUG_TRAP(sk_unhashed(sk)); 94 BUG_TRAP(sk_unhashed(sk));
94 __sk_add_node(sk, &head->chain); 95 __sk_add_node(sk, &head->chain);
95 sock_prot_inc_use(sk->sk_prot); 96 sock_prot_inc_use(sk->sk_prot);
@@ -246,6 +247,9 @@ static int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr,
246 247
247 dp->dccps_role = DCCP_ROLE_CLIENT; 248 dp->dccps_role = DCCP_ROLE_CLIENT;
248 249
250 if (dccp_service_not_initialized(sk))
251 return -EPROTO;
252
249 if (addr_len < sizeof(struct sockaddr_in)) 253 if (addr_len < sizeof(struct sockaddr_in))
250 return -EINVAL; 254 return -EINVAL;
251 255
@@ -661,6 +665,16 @@ static inline u64 dccp_v4_init_sequence(const struct sock *sk,
661 dccp_hdr(skb)->dccph_sport); 665 dccp_hdr(skb)->dccph_sport);
662} 666}
663 667
668static inline int dccp_bad_service_code(const struct sock *sk,
669 const __u32 service)
670{
671 const struct dccp_sock *dp = dccp_sk(sk);
672
673 if (dp->dccps_service == service)
674 return 0;
675 return !dccp_list_has_service(dp->dccps_service_list, service);
676}
677
664int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 678int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
665{ 679{
666 struct inet_request_sock *ireq; 680 struct inet_request_sock *ireq;
@@ -669,13 +683,22 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
669 struct dccp_request_sock *dreq; 683 struct dccp_request_sock *dreq;
670 const __u32 saddr = skb->nh.iph->saddr; 684 const __u32 saddr = skb->nh.iph->saddr;
671 const __u32 daddr = skb->nh.iph->daddr; 685 const __u32 daddr = skb->nh.iph->daddr;
686 const __u32 service = dccp_hdr_request(skb)->dccph_req_service;
687 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
688 __u8 reset_code = DCCP_RESET_CODE_TOO_BUSY;
672 struct dst_entry *dst = NULL; 689 struct dst_entry *dst = NULL;
673 690
674 /* Never answer to DCCP_PKT_REQUESTs send to broadcast or multicast */ 691 /* Never answer to DCCP_PKT_REQUESTs send to broadcast or multicast */
675 if (((struct rtable *)skb->dst)->rt_flags & 692 if (((struct rtable *)skb->dst)->rt_flags &
676 (RTCF_BROADCAST | RTCF_MULTICAST)) 693 (RTCF_BROADCAST | RTCF_MULTICAST)) {
694 reset_code = DCCP_RESET_CODE_NO_CONNECTION;
677 goto drop; 695 goto drop;
696 }
678 697
698 if (dccp_bad_service_code(sk, service)) {
699 reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
700 goto drop;
701 }
679 /* 702 /*
680 * TW buckets are converted to open requests without 703 * TW buckets are converted to open requests without
681 * limitations, they conserve resources and peer is 704 * limitations, they conserve resources and peer is
@@ -718,9 +741,9 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
718 * dccp_create_openreq_child. 741 * dccp_create_openreq_child.
719 */ 742 */
720 dreq = dccp_rsk(req); 743 dreq = dccp_rsk(req);
721 dreq->dreq_isr = DCCP_SKB_CB(skb)->dccpd_seq; 744 dreq->dreq_isr = dcb->dccpd_seq;
722 dreq->dreq_iss = dccp_v4_init_sequence(sk, skb); 745 dreq->dreq_iss = dccp_v4_init_sequence(sk, skb);
723 dreq->dreq_service = dccp_hdr_request(skb)->dccph_req_service; 746 dreq->dreq_service = service;
724 747
725 if (dccp_v4_send_response(sk, req, dst)) 748 if (dccp_v4_send_response(sk, req, dst))
726 goto drop_and_free; 749 goto drop_and_free;
@@ -735,6 +758,7 @@ drop_and_free:
735 __reqsk_free(req); 758 __reqsk_free(req);
736drop: 759drop:
737 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS); 760 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
761 dcb->dccpd_reset_code = reset_code;
738 return -1; 762 return -1;
739} 763}
740 764
@@ -1005,7 +1029,6 @@ int dccp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1005 return 0; 1029 return 0;
1006 1030
1007reset: 1031reset:
1008 DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION;
1009 dccp_v4_ctl_send_reset(skb); 1032 dccp_v4_ctl_send_reset(skb);
1010discard: 1033discard:
1011 kfree_skb(skb); 1034 kfree_skb(skb);
@@ -1090,45 +1113,7 @@ int dccp_v4_rcv(struct sk_buff *skb)
1090 goto discard_it; 1113 goto discard_it;
1091 1114
1092 dh = dccp_hdr(skb); 1115 dh = dccp_hdr(skb);
1093#if 0
1094 /*
1095 * Use something like this to simulate some DATA/DATAACK loss to test
1096 * dccp_ackpkts_add, you'll get something like this on a session that
1097 * sends 10 DATA/DATAACK packets:
1098 *
1099 * ackpkts_print: 281473596467422 |0,0|3,0|0,0|3,0|0,0|3,0|0,0|3,0|0,1|
1100 *
1101 * 0, 0 means: DCCP_ACKPKTS_STATE_RECEIVED, RLE == just this packet
1102 * 0, 1 means: DCCP_ACKPKTS_STATE_RECEIVED, RLE == two adjacent packets
1103 * with the same state
1104 * 3, 0 means: DCCP_ACKPKTS_STATE_NOT_RECEIVED, RLE == just this packet
1105 *
1106 * So...
1107 *
1108 * 281473596467422 was received
1109 * 281473596467421 was not received
1110 * 281473596467420 was received
1111 * 281473596467419 was not received
1112 * 281473596467418 was received
1113 * 281473596467417 was not received
1114 * 281473596467416 was received
1115 * 281473596467415 was not received
1116 * 281473596467414 was received
1117 * 281473596467413 was received (this one was the 3way handshake
1118 * RESPONSE)
1119 *
1120 */
1121 if (dh->dccph_type == DCCP_PKT_DATA ||
1122 dh->dccph_type == DCCP_PKT_DATAACK) {
1123 static int discard = 0;
1124 1116
1125 if (discard) {
1126 discard = 0;
1127 goto discard_it;
1128 }
1129 discard = 1;
1130 }
1131#endif
1132 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(skb); 1117 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(skb);
1133 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type; 1118 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
1134 1119
@@ -1242,11 +1227,9 @@ static int dccp_v4_init_sock(struct sock *sk)
1242 do_gettimeofday(&dp->dccps_epoch); 1227 do_gettimeofday(&dp->dccps_epoch);
1243 1228
1244 if (dp->dccps_options.dccpo_send_ack_vector) { 1229 if (dp->dccps_options.dccpo_send_ack_vector) {
1245 dp->dccps_hc_rx_ackpkts = 1230 dp->dccps_hc_rx_ackvec = dccp_ackvec_alloc(DCCP_MAX_ACKVEC_LEN,
1246 dccp_ackpkts_alloc(DCCP_MAX_ACK_VECTOR_LEN, 1231 GFP_KERNEL);
1247 GFP_KERNEL); 1232 if (dp->dccps_hc_rx_ackvec == NULL)
1248
1249 if (dp->dccps_hc_rx_ackpkts == NULL)
1250 return -ENOMEM; 1233 return -ENOMEM;
1251 } 1234 }
1252 1235
@@ -1258,16 +1241,18 @@ static int dccp_v4_init_sock(struct sock *sk)
1258 * setsockopt(CCIDs-I-want/accept). -acme 1241 * setsockopt(CCIDs-I-want/accept). -acme
1259 */ 1242 */
1260 if (likely(!dccp_ctl_socket_init)) { 1243 if (likely(!dccp_ctl_socket_init)) {
1261 dp->dccps_hc_rx_ccid = ccid_init(dp->dccps_options.dccpo_ccid, 1244 dp->dccps_hc_rx_ccid = ccid_init(dp->dccps_options.dccpo_rx_ccid,
1262 sk); 1245 sk);
1263 dp->dccps_hc_tx_ccid = ccid_init(dp->dccps_options.dccpo_ccid, 1246 dp->dccps_hc_tx_ccid = ccid_init(dp->dccps_options.dccpo_tx_ccid,
1264 sk); 1247 sk);
1265 if (dp->dccps_hc_rx_ccid == NULL || 1248 if (dp->dccps_hc_rx_ccid == NULL ||
1266 dp->dccps_hc_tx_ccid == NULL) { 1249 dp->dccps_hc_tx_ccid == NULL) {
1267 ccid_exit(dp->dccps_hc_rx_ccid, sk); 1250 ccid_exit(dp->dccps_hc_rx_ccid, sk);
1268 ccid_exit(dp->dccps_hc_tx_ccid, sk); 1251 ccid_exit(dp->dccps_hc_tx_ccid, sk);
1269 dccp_ackpkts_free(dp->dccps_hc_rx_ackpkts); 1252 if (dp->dccps_options.dccpo_send_ack_vector) {
1270 dp->dccps_hc_rx_ackpkts = NULL; 1253 dccp_ackvec_free(dp->dccps_hc_rx_ackvec);
1254 dp->dccps_hc_rx_ackvec = NULL;
1255 }
1271 dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL; 1256 dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL;
1272 return -ENOMEM; 1257 return -ENOMEM;
1273 } 1258 }
@@ -1280,6 +1265,7 @@ static int dccp_v4_init_sock(struct sock *sk)
1280 sk->sk_write_space = dccp_write_space; 1265 sk->sk_write_space = dccp_write_space;
1281 dp->dccps_mss_cache = 536; 1266 dp->dccps_mss_cache = 536;
1282 dp->dccps_role = DCCP_ROLE_UNDEFINED; 1267 dp->dccps_role = DCCP_ROLE_UNDEFINED;
1268 dp->dccps_service = DCCP_SERVICE_INVALID_VALUE;
1283 1269
1284 return 0; 1270 return 0;
1285} 1271}
@@ -1301,10 +1287,17 @@ static int dccp_v4_destroy_sock(struct sock *sk)
1301 if (inet_csk(sk)->icsk_bind_hash != NULL) 1287 if (inet_csk(sk)->icsk_bind_hash != NULL)
1302 inet_put_port(&dccp_hashinfo, sk); 1288 inet_put_port(&dccp_hashinfo, sk);
1303 1289
1290 if (dp->dccps_service_list != NULL) {
1291 kfree(dp->dccps_service_list);
1292 dp->dccps_service_list = NULL;
1293 }
1294
1304 ccid_hc_rx_exit(dp->dccps_hc_rx_ccid, sk); 1295 ccid_hc_rx_exit(dp->dccps_hc_rx_ccid, sk);
1305 ccid_hc_tx_exit(dp->dccps_hc_tx_ccid, sk); 1296 ccid_hc_tx_exit(dp->dccps_hc_tx_ccid, sk);
1306 dccp_ackpkts_free(dp->dccps_hc_rx_ackpkts); 1297 if (dp->dccps_options.dccpo_send_ack_vector) {
1307 dp->dccps_hc_rx_ackpkts = NULL; 1298 dccp_ackvec_free(dp->dccps_hc_rx_ackvec);
1299 dp->dccps_hc_rx_ackvec = NULL;
1300 }
1308 ccid_exit(dp->dccps_hc_rx_ccid, sk); 1301 ccid_exit(dp->dccps_hc_rx_ccid, sk);
1309 ccid_exit(dp->dccps_hc_tx_ccid, sk); 1302 ccid_exit(dp->dccps_hc_tx_ccid, sk);
1310 dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL; 1303 dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL;
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c
index 18461bc04cbe..1393461898bb 100644
--- a/net/dccp/minisocks.c
+++ b/net/dccp/minisocks.c
@@ -19,6 +19,7 @@
19#include <net/xfrm.h> 19#include <net/xfrm.h>
20#include <net/inet_timewait_sock.h> 20#include <net/inet_timewait_sock.h>
21 21
22#include "ackvec.h"
22#include "ccid.h" 23#include "ccid.h"
23#include "dccp.h" 24#include "dccp.h"
24 25
@@ -93,22 +94,24 @@ struct sock *dccp_create_openreq_child(struct sock *sk,
93 struct inet_connection_sock *newicsk = inet_csk(sk); 94 struct inet_connection_sock *newicsk = inet_csk(sk);
94 struct dccp_sock *newdp = dccp_sk(newsk); 95 struct dccp_sock *newdp = dccp_sk(newsk);
95 96
96 newdp->dccps_hc_rx_ackpkts = NULL; 97 newdp->dccps_role = DCCP_ROLE_SERVER;
97 newdp->dccps_role = DCCP_ROLE_SERVER; 98 newdp->dccps_hc_rx_ackvec = NULL;
98 newicsk->icsk_rto = DCCP_TIMEOUT_INIT; 99 newdp->dccps_service_list = NULL;
100 newdp->dccps_service = dreq->dreq_service;
101 newicsk->icsk_rto = DCCP_TIMEOUT_INIT;
99 do_gettimeofday(&newdp->dccps_epoch); 102 do_gettimeofday(&newdp->dccps_epoch);
100 103
101 if (newdp->dccps_options.dccpo_send_ack_vector) { 104 if (newdp->dccps_options.dccpo_send_ack_vector) {
102 newdp->dccps_hc_rx_ackpkts = 105 newdp->dccps_hc_rx_ackvec =
103 dccp_ackpkts_alloc(DCCP_MAX_ACK_VECTOR_LEN, 106 dccp_ackvec_alloc(DCCP_MAX_ACKVEC_LEN,
104 GFP_ATOMIC); 107 GFP_ATOMIC);
105 /* 108 /*
106 * XXX: We're using the same CCIDs set on the parent, 109 * XXX: We're using the same CCIDs set on the parent,
107 * i.e. sk_clone copied the master sock and left the 110 * i.e. sk_clone copied the master sock and left the
108 * CCID pointers for this child, that is why we do the 111 * CCID pointers for this child, that is why we do the
109 * __ccid_get calls. 112 * __ccid_get calls.
110 */ 113 */
111 if (unlikely(newdp->dccps_hc_rx_ackpkts == NULL)) 114 if (unlikely(newdp->dccps_hc_rx_ackvec == NULL))
112 goto out_free; 115 goto out_free;
113 } 116 }
114 117
@@ -116,7 +119,7 @@ struct sock *dccp_create_openreq_child(struct sock *sk,
116 newsk) != 0 || 119 newsk) != 0 ||
117 ccid_hc_tx_init(newdp->dccps_hc_tx_ccid, 120 ccid_hc_tx_init(newdp->dccps_hc_tx_ccid,
118 newsk) != 0)) { 121 newsk) != 0)) {
119 dccp_ackpkts_free(newdp->dccps_hc_rx_ackpkts); 122 dccp_ackvec_free(newdp->dccps_hc_rx_ackvec);
120 ccid_hc_rx_exit(newdp->dccps_hc_rx_ccid, newsk); 123 ccid_hc_rx_exit(newdp->dccps_hc_rx_ccid, newsk);
121 ccid_hc_tx_exit(newdp->dccps_hc_tx_ccid, newsk); 124 ccid_hc_tx_exit(newdp->dccps_hc_tx_ccid, newsk);
122out_free: 125out_free:
diff --git a/net/dccp/options.c b/net/dccp/options.c
index d4c4242d8dd7..0a76426c9aea 100644
--- a/net/dccp/options.c
+++ b/net/dccp/options.c
@@ -18,19 +18,15 @@
18#include <linux/kernel.h> 18#include <linux/kernel.h>
19#include <linux/skbuff.h> 19#include <linux/skbuff.h>
20 20
21#include "ackvec.h"
21#include "ccid.h" 22#include "ccid.h"
22#include "dccp.h" 23#include "dccp.h"
23 24
24static void dccp_ackpkts_check_rcv_ackvector(struct dccp_ackpkts *ap,
25 struct sock *sk,
26 const u64 ackno,
27 const unsigned char len,
28 const unsigned char *vector);
29
30/* stores the default values for new connection. may be changed with sysctl */ 25/* stores the default values for new connection. may be changed with sysctl */
31static const struct dccp_options dccpo_default_values = { 26static const struct dccp_options dccpo_default_values = {
32 .dccpo_sequence_window = DCCPF_INITIAL_SEQUENCE_WINDOW, 27 .dccpo_sequence_window = DCCPF_INITIAL_SEQUENCE_WINDOW,
33 .dccpo_ccid = DCCPF_INITIAL_CCID, 28 .dccpo_rx_ccid = DCCPF_INITIAL_CCID,
29 .dccpo_tx_ccid = DCCPF_INITIAL_CCID,
34 .dccpo_send_ack_vector = DCCPF_INITIAL_SEND_ACK_VECTOR, 30 .dccpo_send_ack_vector = DCCPF_INITIAL_SEND_ACK_VECTOR,
35 .dccpo_send_ndp_count = DCCPF_INITIAL_SEND_NDP_COUNT, 31 .dccpo_send_ndp_count = DCCPF_INITIAL_SEND_NDP_COUNT,
36}; 32};
@@ -113,25 +109,13 @@ int dccp_parse_options(struct sock *sk, struct sk_buff *skb)
113 opt_recv->dccpor_ndp); 109 opt_recv->dccpor_ndp);
114 break; 110 break;
115 case DCCPO_ACK_VECTOR_0: 111 case DCCPO_ACK_VECTOR_0:
116 if (len > DCCP_MAX_ACK_VECTOR_LEN) 112 case DCCPO_ACK_VECTOR_1:
117 goto out_invalid_option;
118
119 if (pkt_type == DCCP_PKT_DATA) 113 if (pkt_type == DCCP_PKT_DATA)
120 continue; 114 continue;
121 115
122 opt_recv->dccpor_ack_vector_len = len; 116 if (dp->dccps_options.dccpo_send_ack_vector &&
123 opt_recv->dccpor_ack_vector_idx = value - options; 117 dccp_ackvec_parse(sk, skb, opt, value, len))
124 118 goto out_invalid_option;
125 dccp_pr_debug("%sACK vector 0, len=%d, ack_ackno=%llu\n",
126 debug_prefix, len,
127 (unsigned long long)
128 DCCP_SKB_CB(skb)->dccpd_ack_seq);
129 dccp_ackvector_print(DCCP_SKB_CB(skb)->dccpd_ack_seq,
130 value, len);
131 dccp_ackpkts_check_rcv_ackvector(dp->dccps_hc_rx_ackpkts,
132 sk,
133 DCCP_SKB_CB(skb)->dccpd_ack_seq,
134 len, value);
135 break; 119 break;
136 case DCCPO_TIMESTAMP: 120 case DCCPO_TIMESTAMP:
137 if (len != 4) 121 if (len != 4)
@@ -352,86 +336,6 @@ void dccp_insert_option_elapsed_time(struct sock *sk,
352 336
353EXPORT_SYMBOL_GPL(dccp_insert_option_elapsed_time); 337EXPORT_SYMBOL_GPL(dccp_insert_option_elapsed_time);
354 338
355static void dccp_insert_option_ack_vector(struct sock *sk, struct sk_buff *skb)
356{
357 struct dccp_sock *dp = dccp_sk(sk);
358#ifdef CONFIG_IP_DCCP_DEBUG
359 const char *debug_prefix = dp->dccps_role == DCCP_ROLE_CLIENT ?
360 "CLIENT TX opt: " : "server TX opt: ";
361#endif
362 struct dccp_ackpkts *ap = dp->dccps_hc_rx_ackpkts;
363 int len = ap->dccpap_buf_vector_len + 2;
364 struct timeval now;
365 u32 elapsed_time;
366 unsigned char *to, *from;
367
368 dccp_timestamp(sk, &now);
369 elapsed_time = timeval_delta(&now, &ap->dccpap_time) / 10;
370
371 if (elapsed_time != 0)
372 dccp_insert_option_elapsed_time(sk, skb, elapsed_time);
373
374 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN) {
375 LIMIT_NETDEBUG(KERN_INFO "DCCP: packet too small to "
376 "insert ACK Vector!\n");
377 return;
378 }
379
380 /*
381 * XXX: now we have just one ack vector sent record, so
382 * we have to wait for it to be cleared.
383 *
384 * Of course this is not acceptable, but this is just for
385 * basic testing now.
386 */
387 if (ap->dccpap_ack_seqno != DCCP_MAX_SEQNO + 1)
388 return;
389
390 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
391
392 to = skb_push(skb, len);
393 *to++ = DCCPO_ACK_VECTOR_0;
394 *to++ = len;
395
396 len = ap->dccpap_buf_vector_len;
397 from = ap->dccpap_buf + ap->dccpap_buf_head;
398
399 /* Check if buf_head wraps */
400 if (ap->dccpap_buf_head + len > ap->dccpap_buf_len) {
401 const unsigned int tailsize = (ap->dccpap_buf_len -
402 ap->dccpap_buf_head);
403
404 memcpy(to, from, tailsize);
405 to += tailsize;
406 len -= tailsize;
407 from = ap->dccpap_buf;
408 }
409
410 memcpy(to, from, len);
411 /*
412 * From draft-ietf-dccp-spec-11.txt:
413 *
414 * For each acknowledgement it sends, the HC-Receiver will add an
415 * acknowledgement record. ack_seqno will equal the HC-Receiver
416 * sequence number it used for the ack packet; ack_ptr will equal
417 * buf_head; ack_ackno will equal buf_ackno; and ack_nonce will
418 * equal buf_nonce.
419 *
420 * This implemention uses just one ack record for now.
421 */
422 ap->dccpap_ack_seqno = DCCP_SKB_CB(skb)->dccpd_seq;
423 ap->dccpap_ack_ptr = ap->dccpap_buf_head;
424 ap->dccpap_ack_ackno = ap->dccpap_buf_ackno;
425 ap->dccpap_ack_nonce = ap->dccpap_buf_nonce;
426 ap->dccpap_ack_vector_len = ap->dccpap_buf_vector_len;
427
428 dccp_pr_debug("%sACK Vector 0, len=%d, ack_seqno=%llu, "
429 "ack_ackno=%llu\n",
430 debug_prefix, ap->dccpap_ack_vector_len,
431 (unsigned long long) ap->dccpap_ack_seqno,
432 (unsigned long long) ap->dccpap_ack_ackno);
433}
434
435void dccp_timestamp(const struct sock *sk, struct timeval *tv) 339void dccp_timestamp(const struct sock *sk, struct timeval *tv)
436{ 340{
437 const struct dccp_sock *dp = dccp_sk(sk); 341 const struct dccp_sock *dp = dccp_sk(sk);
@@ -528,9 +432,8 @@ void dccp_insert_options(struct sock *sk, struct sk_buff *skb)
528 432
529 if (!dccp_packet_without_ack(skb)) { 433 if (!dccp_packet_without_ack(skb)) {
530 if (dp->dccps_options.dccpo_send_ack_vector && 434 if (dp->dccps_options.dccpo_send_ack_vector &&
531 (dp->dccps_hc_rx_ackpkts->dccpap_buf_ackno != 435 dccp_ackvec_pending(dp->dccps_hc_rx_ackvec))
532 DCCP_MAX_SEQNO + 1)) 436 dccp_insert_option_ackvec(sk, skb);
533 dccp_insert_option_ack_vector(sk, skb);
534 if (dp->dccps_timestamp_echo != 0) 437 if (dp->dccps_timestamp_echo != 0)
535 dccp_insert_option_timestamp_echo(sk, skb); 438 dccp_insert_option_timestamp_echo(sk, skb);
536 } 439 }
@@ -557,331 +460,3 @@ void dccp_insert_options(struct sock *sk, struct sk_buff *skb)
557 } 460 }
558 } 461 }
559} 462}
560
561struct dccp_ackpkts *dccp_ackpkts_alloc(const unsigned int len,
562 const unsigned int __nocast priority)
563{
564 struct dccp_ackpkts *ap = kmalloc(sizeof(*ap) + len, priority);
565
566 if (ap != NULL) {
567#ifdef CONFIG_IP_DCCP_DEBUG
568 memset(ap->dccpap_buf, 0xFF, len);
569#endif
570 ap->dccpap_buf_len = len;
571 ap->dccpap_buf_head =
572 ap->dccpap_buf_tail =
573 ap->dccpap_buf_len - 1;
574 ap->dccpap_buf_ackno =
575 ap->dccpap_ack_ackno =
576 ap->dccpap_ack_seqno = DCCP_MAX_SEQNO + 1;
577 ap->dccpap_buf_nonce = ap->dccpap_buf_nonce = 0;
578 ap->dccpap_ack_ptr = 0;
579 ap->dccpap_time.tv_sec = 0;
580 ap->dccpap_time.tv_usec = 0;
581 ap->dccpap_buf_vector_len = ap->dccpap_ack_vector_len = 0;
582 }
583
584 return ap;
585}
586
587void dccp_ackpkts_free(struct dccp_ackpkts *ap)
588{
589 if (ap != NULL) {
590#ifdef CONFIG_IP_DCCP_DEBUG
591 memset(ap, 0xFF, sizeof(*ap) + ap->dccpap_buf_len);
592#endif
593 kfree(ap);
594 }
595}
596
597static inline u8 dccp_ackpkts_state(const struct dccp_ackpkts *ap,
598 const unsigned int index)
599{
600 return ap->dccpap_buf[index] & DCCP_ACKPKTS_STATE_MASK;
601}
602
603static inline u8 dccp_ackpkts_len(const struct dccp_ackpkts *ap,
604 const unsigned int index)
605{
606 return ap->dccpap_buf[index] & DCCP_ACKPKTS_LEN_MASK;
607}
608
609/*
610 * If several packets are missing, the HC-Receiver may prefer to enter multiple
611 * bytes with run length 0, rather than a single byte with a larger run length;
612 * this simplifies table updates if one of the missing packets arrives.
613 */
614static inline int dccp_ackpkts_set_buf_head_state(struct dccp_ackpkts *ap,
615 const unsigned int packets,
616 const unsigned char state)
617{
618 unsigned int gap;
619 signed long new_head;
620
621 if (ap->dccpap_buf_vector_len + packets > ap->dccpap_buf_len)
622 return -ENOBUFS;
623
624 gap = packets - 1;
625 new_head = ap->dccpap_buf_head - packets;
626
627 if (new_head < 0) {
628 if (gap > 0) {
629 memset(ap->dccpap_buf, DCCP_ACKPKTS_STATE_NOT_RECEIVED,
630 gap + new_head + 1);
631 gap = -new_head;
632 }
633 new_head += ap->dccpap_buf_len;
634 }
635
636 ap->dccpap_buf_head = new_head;
637
638 if (gap > 0)
639 memset(ap->dccpap_buf + ap->dccpap_buf_head + 1,
640 DCCP_ACKPKTS_STATE_NOT_RECEIVED, gap);
641
642 ap->dccpap_buf[ap->dccpap_buf_head] = state;
643 ap->dccpap_buf_vector_len += packets;
644 return 0;
645}
646
647/*
648 * Implements the draft-ietf-dccp-spec-11.txt Appendix A
649 */
650int dccp_ackpkts_add(struct dccp_ackpkts *ap, const struct sock *sk,
651 u64 ackno, u8 state)
652{
653 /*
654 * Check at the right places if the buffer is full, if it is, tell the
655 * caller to start dropping packets till the HC-Sender acks our ACK
656 * vectors, when we will free up space in dccpap_buf.
657 *
658 * We may well decide to do buffer compression, etc, but for now lets
659 * just drop.
660 *
661 * From Appendix A:
662 *
663 * Of course, the circular buffer may overflow, either when the
664 * HC-Sender is sending data at a very high rate, when the
665 * HC-Receiver's acknowledgements are not reaching the HC-Sender,
666 * or when the HC-Sender is forgetting to acknowledge those acks
667 * (so the HC-Receiver is unable to clean up old state). In this
668 * case, the HC-Receiver should either compress the buffer (by
669 * increasing run lengths when possible), transfer its state to
670 * a larger buffer, or, as a last resort, drop all received
671 * packets, without processing them whatsoever, until its buffer
672 * shrinks again.
673 */
674
675 /* See if this is the first ackno being inserted */
676 if (ap->dccpap_buf_vector_len == 0) {
677 ap->dccpap_buf[ap->dccpap_buf_head] = state;
678 ap->dccpap_buf_vector_len = 1;
679 } else if (after48(ackno, ap->dccpap_buf_ackno)) {
680 const u64 delta = dccp_delta_seqno(ap->dccpap_buf_ackno,
681 ackno);
682
683 /*
684 * Look if the state of this packet is the same as the
685 * previous ackno and if so if we can bump the head len.
686 */
687 if (delta == 1 &&
688 dccp_ackpkts_state(ap, ap->dccpap_buf_head) == state &&
689 (dccp_ackpkts_len(ap, ap->dccpap_buf_head) <
690 DCCP_ACKPKTS_LEN_MASK))
691 ap->dccpap_buf[ap->dccpap_buf_head]++;
692 else if (dccp_ackpkts_set_buf_head_state(ap, delta, state))
693 return -ENOBUFS;
694 } else {
695 /*
696 * A.1.2. Old Packets
697 *
698 * When a packet with Sequence Number S arrives, and
699 * S <= buf_ackno, the HC-Receiver will scan the table
700 * for the byte corresponding to S. (Indexing structures
701 * could reduce the complexity of this scan.)
702 */
703 u64 delta = dccp_delta_seqno(ackno, ap->dccpap_buf_ackno);
704 unsigned int index = ap->dccpap_buf_head;
705
706 while (1) {
707 const u8 len = dccp_ackpkts_len(ap, index);
708 const u8 state = dccp_ackpkts_state(ap, index);
709 /*
710 * valid packets not yet in dccpap_buf have a reserved
711 * entry, with a len equal to 0.
712 */
713 if (state == DCCP_ACKPKTS_STATE_NOT_RECEIVED &&
714 len == 0 && delta == 0) { /* Found our
715 reserved seat! */
716 dccp_pr_debug("Found %llu reserved seat!\n",
717 (unsigned long long) ackno);
718 ap->dccpap_buf[index] = state;
719 goto out;
720 }
721 /* len == 0 means one packet */
722 if (delta < len + 1)
723 goto out_duplicate;
724
725 delta -= len + 1;
726 if (++index == ap->dccpap_buf_len)
727 index = 0;
728 }
729 }
730
731 ap->dccpap_buf_ackno = ackno;
732 dccp_timestamp(sk, &ap->dccpap_time);
733out:
734 dccp_pr_debug("");
735 dccp_ackpkts_print(ap);
736 return 0;
737
738out_duplicate:
739 /* Duplicate packet */
740 dccp_pr_debug("Received a dup or already considered lost "
741 "packet: %llu\n", (unsigned long long) ackno);
742 return -EILSEQ;
743}
744
745#ifdef CONFIG_IP_DCCP_DEBUG
746void dccp_ackvector_print(const u64 ackno, const unsigned char *vector,
747 int len)
748{
749 if (!dccp_debug)
750 return;
751
752 printk("ACK vector len=%d, ackno=%llu |", len,
753 (unsigned long long) ackno);
754
755 while (len--) {
756 const u8 state = (*vector & DCCP_ACKPKTS_STATE_MASK) >> 6;
757 const u8 rl = (*vector & DCCP_ACKPKTS_LEN_MASK);
758
759 printk("%d,%d|", state, rl);
760 ++vector;
761 }
762
763 printk("\n");
764}
765
766void dccp_ackpkts_print(const struct dccp_ackpkts *ap)
767{
768 dccp_ackvector_print(ap->dccpap_buf_ackno,
769 ap->dccpap_buf + ap->dccpap_buf_head,
770 ap->dccpap_buf_vector_len);
771}
772#endif
773
774static void dccp_ackpkts_trow_away_ack_record(struct dccp_ackpkts *ap)
775{
776 /*
777 * As we're keeping track of the ack vector size
778 * (dccpap_buf_vector_len) and the sent ack vector size
779 * (dccpap_ack_vector_len) we don't need dccpap_buf_tail at all, but
780 * keep this code here as in the future we'll implement a vector of
781 * ack records, as suggested in draft-ietf-dccp-spec-11.txt
782 * Appendix A. -acme
783 */
784#if 0
785 ap->dccpap_buf_tail = ap->dccpap_ack_ptr + 1;
786 if (ap->dccpap_buf_tail >= ap->dccpap_buf_len)
787 ap->dccpap_buf_tail -= ap->dccpap_buf_len;
788#endif
789 ap->dccpap_buf_vector_len -= ap->dccpap_ack_vector_len;
790}
791
792void dccp_ackpkts_check_rcv_ackno(struct dccp_ackpkts *ap, struct sock *sk,
793 u64 ackno)
794{
795 /* Check if we actually sent an ACK vector */
796 if (ap->dccpap_ack_seqno == DCCP_MAX_SEQNO + 1)
797 return;
798
799 if (ackno == ap->dccpap_ack_seqno) {
800#ifdef CONFIG_IP_DCCP_DEBUG
801 struct dccp_sock *dp = dccp_sk(sk);
802 const char *debug_prefix = dp->dccps_role == DCCP_ROLE_CLIENT ?
803 "CLIENT rx ack: " : "server rx ack: ";
804#endif
805 dccp_pr_debug("%sACK packet 0, len=%d, ack_seqno=%llu, "
806 "ack_ackno=%llu, ACKED!\n",
807 debug_prefix, 1,
808 (unsigned long long) ap->dccpap_ack_seqno,
809 (unsigned long long) ap->dccpap_ack_ackno);
810 dccp_ackpkts_trow_away_ack_record(ap);
811 ap->dccpap_ack_seqno = DCCP_MAX_SEQNO + 1;
812 }
813}
814
815static void dccp_ackpkts_check_rcv_ackvector(struct dccp_ackpkts *ap,
816 struct sock *sk, u64 ackno,
817 const unsigned char len,
818 const unsigned char *vector)
819{
820 unsigned char i;
821
822 /* Check if we actually sent an ACK vector */
823 if (ap->dccpap_ack_seqno == DCCP_MAX_SEQNO + 1)
824 return;
825 /*
826 * We're in the receiver half connection, so if the received an ACK
827 * vector ackno (e.g. 50) before dccpap_ack_seqno (e.g. 52), we're
828 * not interested.
829 *
830 * Extra explanation with example:
831 *
832 * if we received an ACK vector with ackno 50, it can only be acking
833 * 50, 49, 48, etc, not 52 (the seqno for the ACK vector we sent).
834 */
835 /* dccp_pr_debug("is %llu < %llu? ", ackno, ap->dccpap_ack_seqno); */
836 if (before48(ackno, ap->dccpap_ack_seqno)) {
837 /* dccp_pr_debug_cat("yes\n"); */
838 return;
839 }
840 /* dccp_pr_debug_cat("no\n"); */
841
842 i = len;
843 while (i--) {
844 const u8 rl = (*vector & DCCP_ACKPKTS_LEN_MASK);
845 u64 ackno_end_rl;
846
847 dccp_set_seqno(&ackno_end_rl, ackno - rl);
848
849 /*
850 * dccp_pr_debug("is %llu <= %llu <= %llu? ", ackno_end_rl,
851 * ap->dccpap_ack_seqno, ackno);
852 */
853 if (between48(ap->dccpap_ack_seqno, ackno_end_rl, ackno)) {
854 const u8 state = (*vector &
855 DCCP_ACKPKTS_STATE_MASK) >> 6;
856 /* dccp_pr_debug_cat("yes\n"); */
857
858 if (state != DCCP_ACKPKTS_STATE_NOT_RECEIVED) {
859#ifdef CONFIG_IP_DCCP_DEBUG
860 struct dccp_sock *dp = dccp_sk(sk);
861 const char *debug_prefix =
862 dp->dccps_role == DCCP_ROLE_CLIENT ?
863 "CLIENT rx ack: " : "server rx ack: ";
864#endif
865 dccp_pr_debug("%sACK vector 0, len=%d, "
866 "ack_seqno=%llu, ack_ackno=%llu, "
867 "ACKED!\n",
868 debug_prefix, len,
869 (unsigned long long)
870 ap->dccpap_ack_seqno,
871 (unsigned long long)
872 ap->dccpap_ack_ackno);
873 dccp_ackpkts_trow_away_ack_record(ap);
874 }
875 /*
876 * If dccpap_ack_seqno was not received, no problem
877 * we'll send another ACK vector.
878 */
879 ap->dccpap_ack_seqno = DCCP_MAX_SEQNO + 1;
880 break;
881 }
882 /* dccp_pr_debug_cat("no\n"); */
883
884 dccp_set_seqno(&ackno, ackno_end_rl - 1);
885 ++vector;
886 }
887}
diff --git a/net/dccp/output.c b/net/dccp/output.c
index ea6d0e91e511..4786bdcddcc9 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -16,6 +16,7 @@
16 16
17#include <net/sock.h> 17#include <net/sock.h>
18 18
19#include "ackvec.h"
19#include "ccid.h" 20#include "ccid.h"
20#include "dccp.h" 21#include "dccp.h"
21 22
@@ -85,7 +86,7 @@ int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
85 switch (dcb->dccpd_type) { 86 switch (dcb->dccpd_type) {
86 case DCCP_PKT_REQUEST: 87 case DCCP_PKT_REQUEST:
87 dccp_hdr_request(skb)->dccph_req_service = 88 dccp_hdr_request(skb)->dccph_req_service =
88 dcb->dccpd_service; 89 dp->dccps_service;
89 break; 90 break;
90 case DCCP_PKT_RESET: 91 case DCCP_PKT_RESET:
91 dccp_hdr_reset(skb)->dccph_reset_code = 92 dccp_hdr_reset(skb)->dccph_reset_code =
@@ -225,7 +226,6 @@ int dccp_write_xmit(struct sock *sk, struct sk_buff *skb, long *timeo)
225 err = dccp_wait_for_ccid(sk, skb, timeo); 226 err = dccp_wait_for_ccid(sk, skb, timeo);
226 227
227 if (err == 0) { 228 if (err == 0) {
228 const struct dccp_ackpkts *ap = dp->dccps_hc_rx_ackpkts;
229 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); 229 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
230 const int len = skb->len; 230 const int len = skb->len;
231 231
@@ -236,15 +236,7 @@ int dccp_write_xmit(struct sock *sk, struct sk_buff *skb, long *timeo)
236 inet_csk(sk)->icsk_rto, 236 inet_csk(sk)->icsk_rto,
237 DCCP_RTO_MAX); 237 DCCP_RTO_MAX);
238 dcb->dccpd_type = DCCP_PKT_DATAACK; 238 dcb->dccpd_type = DCCP_PKT_DATAACK;
239 /* 239 } else if (dccp_ack_pending(sk))
240 * FIXME: we really should have a
241 * dccps_ack_pending or use icsk.
242 */
243 } else if (inet_csk_ack_scheduled(sk) ||
244 dp->dccps_timestamp_echo != 0 ||
245 (dp->dccps_options.dccpo_send_ack_vector &&
246 ap->dccpap_buf_ackno != DCCP_MAX_SEQNO + 1 &&
247 ap->dccpap_ack_seqno == DCCP_MAX_SEQNO + 1))
248 dcb->dccpd_type = DCCP_PKT_DATAACK; 240 dcb->dccpd_type = DCCP_PKT_DATAACK;
249 else 241 else
250 dcb->dccpd_type = DCCP_PKT_DATA; 242 dcb->dccpd_type = DCCP_PKT_DATA;
@@ -270,6 +262,7 @@ struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst,
270 struct request_sock *req) 262 struct request_sock *req)
271{ 263{
272 struct dccp_hdr *dh; 264 struct dccp_hdr *dh;
265 struct dccp_request_sock *dreq;
273 const int dccp_header_size = sizeof(struct dccp_hdr) + 266 const int dccp_header_size = sizeof(struct dccp_hdr) +
274 sizeof(struct dccp_hdr_ext) + 267 sizeof(struct dccp_hdr_ext) +
275 sizeof(struct dccp_hdr_response); 268 sizeof(struct dccp_hdr_response);
@@ -285,8 +278,9 @@ struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst,
285 skb->dst = dst_clone(dst); 278 skb->dst = dst_clone(dst);
286 skb->csum = 0; 279 skb->csum = 0;
287 280
281 dreq = dccp_rsk(req);
288 DCCP_SKB_CB(skb)->dccpd_type = DCCP_PKT_RESPONSE; 282 DCCP_SKB_CB(skb)->dccpd_type = DCCP_PKT_RESPONSE;
289 DCCP_SKB_CB(skb)->dccpd_seq = dccp_rsk(req)->dreq_iss; 283 DCCP_SKB_CB(skb)->dccpd_seq = dreq->dreq_iss;
290 dccp_insert_options(sk, skb); 284 dccp_insert_options(sk, skb);
291 285
292 skb->h.raw = skb_push(skb, dccp_header_size); 286 skb->h.raw = skb_push(skb, dccp_header_size);
@@ -300,8 +294,9 @@ struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst,
300 DCCP_SKB_CB(skb)->dccpd_opt_len) / 4; 294 DCCP_SKB_CB(skb)->dccpd_opt_len) / 4;
301 dh->dccph_type = DCCP_PKT_RESPONSE; 295 dh->dccph_type = DCCP_PKT_RESPONSE;
302 dh->dccph_x = 1; 296 dh->dccph_x = 1;
303 dccp_hdr_set_seq(dh, dccp_rsk(req)->dreq_iss); 297 dccp_hdr_set_seq(dh, dreq->dreq_iss);
304 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), dccp_rsk(req)->dreq_isr); 298 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), dreq->dreq_isr);
299 dccp_hdr_response(skb)->dccph_resp_service = dreq->dreq_service;
305 300
306 dh->dccph_checksum = dccp_v4_checksum(skb, inet_rsk(req)->loc_addr, 301 dh->dccph_checksum = dccp_v4_checksum(skb, inet_rsk(req)->loc_addr,
307 inet_rsk(req)->rmt_addr); 302 inet_rsk(req)->rmt_addr);
@@ -397,9 +392,6 @@ int dccp_connect(struct sock *sk)
397 skb_reserve(skb, MAX_DCCP_HEADER); 392 skb_reserve(skb, MAX_DCCP_HEADER);
398 393
399 DCCP_SKB_CB(skb)->dccpd_type = DCCP_PKT_REQUEST; 394 DCCP_SKB_CB(skb)->dccpd_type = DCCP_PKT_REQUEST;
400 /* FIXME: set service to something meaningful, coming
401 * from userspace*/
402 DCCP_SKB_CB(skb)->dccpd_service = 0;
403 skb->csum = 0; 395 skb->csum = 0;
404 skb_set_owner_w(skb, sk); 396 skb_set_owner_w(skb, sk);
405 397
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 18a0e69c9dc7..a1cfd0e9e3bc 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -94,7 +94,15 @@ EXPORT_SYMBOL_GPL(dccp_state_name);
94 94
95static inline int dccp_listen_start(struct sock *sk) 95static inline int dccp_listen_start(struct sock *sk)
96{ 96{
97 dccp_sk(sk)->dccps_role = DCCP_ROLE_LISTEN; 97 struct dccp_sock *dp = dccp_sk(sk);
98
99 dp->dccps_role = DCCP_ROLE_LISTEN;
100 /*
101 * Apps need to use setsockopt(DCCP_SOCKOPT_SERVICE)
102 * before calling listen()
103 */
104 if (dccp_service_not_initialized(sk))
105 return -EPROTO;
98 return inet_csk_listen_start(sk, TCP_SYNQ_HSIZE); 106 return inet_csk_listen_start(sk, TCP_SYNQ_HSIZE);
99} 107}
100 108
@@ -202,6 +210,42 @@ int dccp_ioctl(struct sock *sk, int cmd, unsigned long arg)
202 return -ENOIOCTLCMD; 210 return -ENOIOCTLCMD;
203} 211}
204 212
213static int dccp_setsockopt_service(struct sock *sk, const u32 service,
214 char __user *optval, int optlen)
215{
216 struct dccp_sock *dp = dccp_sk(sk);
217 struct dccp_service_list *sl = NULL;
218
219 if (service == DCCP_SERVICE_INVALID_VALUE ||
220 optlen > DCCP_SERVICE_LIST_MAX_LEN * sizeof(u32))
221 return -EINVAL;
222
223 if (optlen > sizeof(service)) {
224 sl = kmalloc(optlen, GFP_KERNEL);
225 if (sl == NULL)
226 return -ENOMEM;
227
228 sl->dccpsl_nr = optlen / sizeof(u32) - 1;
229 if (copy_from_user(sl->dccpsl_list,
230 optval + sizeof(service),
231 optlen - sizeof(service)) ||
232 dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
233 kfree(sl);
234 return -EFAULT;
235 }
236 }
237
238 lock_sock(sk);
239 dp->dccps_service = service;
240
241 if (dp->dccps_service_list != NULL)
242 kfree(dp->dccps_service_list);
243
244 dp->dccps_service_list = sl;
245 release_sock(sk);
246 return 0;
247}
248
205int dccp_setsockopt(struct sock *sk, int level, int optname, 249int dccp_setsockopt(struct sock *sk, int level, int optname,
206 char __user *optval, int optlen) 250 char __user *optval, int optlen)
207{ 251{
@@ -218,8 +262,10 @@ int dccp_setsockopt(struct sock *sk, int level, int optname,
218 if (get_user(val, (int __user *)optval)) 262 if (get_user(val, (int __user *)optval))
219 return -EFAULT; 263 return -EFAULT;
220 264
221 lock_sock(sk); 265 if (optname == DCCP_SOCKOPT_SERVICE)
266 return dccp_setsockopt_service(sk, val, optval, optlen);
222 267
268 lock_sock(sk);
223 dp = dccp_sk(sk); 269 dp = dccp_sk(sk);
224 err = 0; 270 err = 0;
225 271
@@ -236,6 +282,37 @@ int dccp_setsockopt(struct sock *sk, int level, int optname,
236 return err; 282 return err;
237} 283}
238 284
285static int dccp_getsockopt_service(struct sock *sk, int len,
286 u32 __user *optval,
287 int __user *optlen)
288{
289 const struct dccp_sock *dp = dccp_sk(sk);
290 const struct dccp_service_list *sl;
291 int err = -ENOENT, slen = 0, total_len = sizeof(u32);
292
293 lock_sock(sk);
294 if (dccp_service_not_initialized(sk))
295 goto out;
296
297 if ((sl = dp->dccps_service_list) != NULL) {
298 slen = sl->dccpsl_nr * sizeof(u32);
299 total_len += slen;
300 }
301
302 err = -EINVAL;
303 if (total_len > len)
304 goto out;
305
306 err = 0;
307 if (put_user(total_len, optlen) ||
308 put_user(dp->dccps_service, optval) ||
309 (sl != NULL && copy_to_user(optval + 1, sl->dccpsl_list, slen)))
310 err = -EFAULT;
311out:
312 release_sock(sk);
313 return err;
314}
315
239int dccp_getsockopt(struct sock *sk, int level, int optname, 316int dccp_getsockopt(struct sock *sk, int level, int optname,
240 char __user *optval, int __user *optlen) 317 char __user *optval, int __user *optlen)
241{ 318{
@@ -248,8 +325,7 @@ int dccp_getsockopt(struct sock *sk, int level, int optname,
248 if (get_user(len, optlen)) 325 if (get_user(len, optlen))
249 return -EFAULT; 326 return -EFAULT;
250 327
251 len = min_t(unsigned int, len, sizeof(int)); 328 if (len < sizeof(int))
252 if (len < 0)
253 return -EINVAL; 329 return -EINVAL;
254 330
255 dp = dccp_sk(sk); 331 dp = dccp_sk(sk);
@@ -257,7 +333,17 @@ int dccp_getsockopt(struct sock *sk, int level, int optname,
257 switch (optname) { 333 switch (optname) {
258 case DCCP_SOCKOPT_PACKET_SIZE: 334 case DCCP_SOCKOPT_PACKET_SIZE:
259 val = dp->dccps_packet_size; 335 val = dp->dccps_packet_size;
336 len = sizeof(dp->dccps_packet_size);
260 break; 337 break;
338 case DCCP_SOCKOPT_SERVICE:
339 return dccp_getsockopt_service(sk, len,
340 (u32 __user *)optval, optlen);
341 case 128 ... 191:
342 return ccid_hc_rx_getsockopt(dp->dccps_hc_rx_ccid, sk, optname,
343 len, (u32 __user *)optval, optlen);
344 case 192 ... 255:
345 return ccid_hc_tx_getsockopt(dp->dccps_hc_tx_ccid, sk, optname,
346 len, (u32 __user *)optval, optlen);
261 default: 347 default:
262 return -ENOPROTOOPT; 348 return -ENOPROTOOPT;
263 } 349 }
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 4a62093eb343..34fdac51df96 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -406,7 +406,7 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
406 unsigned long network = 0; 406 unsigned long network = 0;
407 407
408 rcu_read_lock(); 408 rcu_read_lock();
409 idev = __in_dev_get(dev); 409 idev = __in_dev_get_rcu(dev);
410 if (idev) { 410 if (idev) {
411 if (idev->ifa_list) 411 if (idev->ifa_list)
412 network = ntohl(idev->ifa_list->ifa_address) & 412 network = ntohl(idev->ifa_list->ifa_address) &
diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c
index 87a052a9a84f..68a5ca866442 100644
--- a/net/ethernet/eth.c
+++ b/net/ethernet/eth.c
@@ -146,6 +146,19 @@ int eth_rebuild_header(struct sk_buff *skb)
146 return 0; 146 return 0;
147} 147}
148 148
149static inline unsigned int compare_eth_addr(const unsigned char *__a, const unsigned char *__b)
150{
151 const unsigned short *dest = (unsigned short *) __a;
152 const unsigned short *devaddr = (unsigned short *) __b;
153 unsigned int res;
154
155 BUILD_BUG_ON(ETH_ALEN != 6);
156 res = ((dest[0] ^ devaddr[0]) |
157 (dest[1] ^ devaddr[1]) |
158 (dest[2] ^ devaddr[2])) != 0;
159
160 return res;
161}
149 162
150/* 163/*
151 * Determine the packet's protocol ID. The rule here is that we 164 * Determine the packet's protocol ID. The rule here is that we
@@ -158,16 +171,15 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev)
158 struct ethhdr *eth; 171 struct ethhdr *eth;
159 unsigned char *rawp; 172 unsigned char *rawp;
160 173
161 skb->mac.raw=skb->data; 174 skb->mac.raw = skb->data;
162 skb_pull(skb,ETH_HLEN); 175 skb_pull(skb,ETH_HLEN);
163 eth = eth_hdr(skb); 176 eth = eth_hdr(skb);
164 177
165 if(*eth->h_dest&1) 178 if (*eth->h_dest&1) {
166 { 179 if (!compare_eth_addr(eth->h_dest, dev->broadcast))
167 if(memcmp(eth->h_dest,dev->broadcast, ETH_ALEN)==0) 180 skb->pkt_type = PACKET_BROADCAST;
168 skb->pkt_type=PACKET_BROADCAST;
169 else 181 else
170 skb->pkt_type=PACKET_MULTICAST; 182 skb->pkt_type = PACKET_MULTICAST;
171 } 183 }
172 184
173 /* 185 /*
@@ -178,10 +190,9 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev)
178 * seems to set IFF_PROMISC. 190 * seems to set IFF_PROMISC.
179 */ 191 */
180 192
181 else if(1 /*dev->flags&IFF_PROMISC*/) 193 else if(1 /*dev->flags&IFF_PROMISC*/) {
182 { 194 if (unlikely(compare_eth_addr(eth->h_dest, dev->dev_addr)))
183 if(memcmp(eth->h_dest,dev->dev_addr, ETH_ALEN)) 195 skb->pkt_type = PACKET_OTHERHOST;
184 skb->pkt_type=PACKET_OTHERHOST;
185 } 196 }
186 197
187 if (ntohs(eth->h_proto) >= 1536) 198 if (ntohs(eth->h_proto) >= 1536)
diff --git a/net/ieee80211/ieee80211_module.c b/net/ieee80211/ieee80211_module.c
index 03a47343ddc7..6059e9e37123 100644
--- a/net/ieee80211/ieee80211_module.c
+++ b/net/ieee80211/ieee80211_module.c
@@ -230,7 +230,7 @@ static int __init ieee80211_init(void)
230 struct proc_dir_entry *e; 230 struct proc_dir_entry *e;
231 231
232 ieee80211_debug_level = debug; 232 ieee80211_debug_level = debug;
233 ieee80211_proc = create_proc_entry(DRV_NAME, S_IFDIR, proc_net); 233 ieee80211_proc = proc_mkdir(DRV_NAME, proc_net);
234 if (ieee80211_proc == NULL) { 234 if (ieee80211_proc == NULL) {
235 IEEE80211_ERROR("Unable to create " DRV_NAME 235 IEEE80211_ERROR("Unable to create " DRV_NAME
236 " proc directory\n"); 236 " proc directory\n");
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 8bf312bdea13..b425748f02d7 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -241,7 +241,7 @@ static int arp_constructor(struct neighbour *neigh)
241 neigh->type = inet_addr_type(addr); 241 neigh->type = inet_addr_type(addr);
242 242
243 rcu_read_lock(); 243 rcu_read_lock();
244 in_dev = rcu_dereference(__in_dev_get(dev)); 244 in_dev = __in_dev_get_rcu(dev);
245 if (in_dev == NULL) { 245 if (in_dev == NULL) {
246 rcu_read_unlock(); 246 rcu_read_unlock();
247 return -EINVAL; 247 return -EINVAL;
@@ -697,12 +697,6 @@ void arp_send(int type, int ptype, u32 dest_ip,
697 arp_xmit(skb); 697 arp_xmit(skb);
698} 698}
699 699
700static void parp_redo(struct sk_buff *skb)
701{
702 nf_reset(skb);
703 arp_rcv(skb, skb->dev, NULL, skb->dev);
704}
705
706/* 700/*
707 * Process an arp request. 701 * Process an arp request.
708 */ 702 */
@@ -922,6 +916,11 @@ out:
922 return 0; 916 return 0;
923} 917}
924 918
919static void parp_redo(struct sk_buff *skb)
920{
921 arp_process(skb);
922}
923
925 924
926/* 925/*
927 * Receive an arp request from the device layer. 926 * Receive an arp request from the device layer.
@@ -990,8 +989,8 @@ static int arp_req_set(struct arpreq *r, struct net_device * dev)
990 ipv4_devconf.proxy_arp = 1; 989 ipv4_devconf.proxy_arp = 1;
991 return 0; 990 return 0;
992 } 991 }
993 if (__in_dev_get(dev)) { 992 if (__in_dev_get_rtnl(dev)) {
994 __in_dev_get(dev)->cnf.proxy_arp = 1; 993 __in_dev_get_rtnl(dev)->cnf.proxy_arp = 1;
995 return 0; 994 return 0;
996 } 995 }
997 return -ENXIO; 996 return -ENXIO;
@@ -1096,8 +1095,8 @@ static int arp_req_delete(struct arpreq *r, struct net_device * dev)
1096 ipv4_devconf.proxy_arp = 0; 1095 ipv4_devconf.proxy_arp = 0;
1097 return 0; 1096 return 0;
1098 } 1097 }
1099 if (__in_dev_get(dev)) { 1098 if (__in_dev_get_rtnl(dev)) {
1100 __in_dev_get(dev)->cnf.proxy_arp = 0; 1099 __in_dev_get_rtnl(dev)->cnf.proxy_arp = 0;
1101 return 0; 1100 return 0;
1102 } 1101 }
1103 return -ENXIO; 1102 return -ENXIO;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index ba2895ae8151..74f2207e131a 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -351,7 +351,7 @@ static int inet_insert_ifa(struct in_ifaddr *ifa)
351 351
352static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 352static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
353{ 353{
354 struct in_device *in_dev = __in_dev_get(dev); 354 struct in_device *in_dev = __in_dev_get_rtnl(dev);
355 355
356 ASSERT_RTNL(); 356 ASSERT_RTNL();
357 357
@@ -449,7 +449,7 @@ static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg
449 goto out; 449 goto out;
450 450
451 rc = -ENOBUFS; 451 rc = -ENOBUFS;
452 if ((in_dev = __in_dev_get(dev)) == NULL) { 452 if ((in_dev = __in_dev_get_rtnl(dev)) == NULL) {
453 in_dev = inetdev_init(dev); 453 in_dev = inetdev_init(dev);
454 if (!in_dev) 454 if (!in_dev)
455 goto out; 455 goto out;
@@ -584,7 +584,7 @@ int devinet_ioctl(unsigned int cmd, void __user *arg)
584 if (colon) 584 if (colon)
585 *colon = ':'; 585 *colon = ':';
586 586
587 if ((in_dev = __in_dev_get(dev)) != NULL) { 587 if ((in_dev = __in_dev_get_rtnl(dev)) != NULL) {
588 if (tryaddrmatch) { 588 if (tryaddrmatch) {
589 /* Matthias Andree */ 589 /* Matthias Andree */
590 /* compare label and address (4.4BSD style) */ 590 /* compare label and address (4.4BSD style) */
@@ -748,7 +748,7 @@ rarok:
748 748
749static int inet_gifconf(struct net_device *dev, char __user *buf, int len) 749static int inet_gifconf(struct net_device *dev, char __user *buf, int len)
750{ 750{
751 struct in_device *in_dev = __in_dev_get(dev); 751 struct in_device *in_dev = __in_dev_get_rtnl(dev);
752 struct in_ifaddr *ifa; 752 struct in_ifaddr *ifa;
753 struct ifreq ifr; 753 struct ifreq ifr;
754 int done = 0; 754 int done = 0;
@@ -791,7 +791,7 @@ u32 inet_select_addr(const struct net_device *dev, u32 dst, int scope)
791 struct in_device *in_dev; 791 struct in_device *in_dev;
792 792
793 rcu_read_lock(); 793 rcu_read_lock();
794 in_dev = __in_dev_get(dev); 794 in_dev = __in_dev_get_rcu(dev);
795 if (!in_dev) 795 if (!in_dev)
796 goto no_in_dev; 796 goto no_in_dev;
797 797
@@ -818,7 +818,7 @@ no_in_dev:
818 read_lock(&dev_base_lock); 818 read_lock(&dev_base_lock);
819 rcu_read_lock(); 819 rcu_read_lock();
820 for (dev = dev_base; dev; dev = dev->next) { 820 for (dev = dev_base; dev; dev = dev->next) {
821 if ((in_dev = __in_dev_get(dev)) == NULL) 821 if ((in_dev = __in_dev_get_rcu(dev)) == NULL)
822 continue; 822 continue;
823 823
824 for_primary_ifa(in_dev) { 824 for_primary_ifa(in_dev) {
@@ -887,7 +887,7 @@ u32 inet_confirm_addr(const struct net_device *dev, u32 dst, u32 local, int scop
887 887
888 if (dev) { 888 if (dev) {
889 rcu_read_lock(); 889 rcu_read_lock();
890 if ((in_dev = __in_dev_get(dev))) 890 if ((in_dev = __in_dev_get_rcu(dev)))
891 addr = confirm_addr_indev(in_dev, dst, local, scope); 891 addr = confirm_addr_indev(in_dev, dst, local, scope);
892 rcu_read_unlock(); 892 rcu_read_unlock();
893 893
@@ -897,7 +897,7 @@ u32 inet_confirm_addr(const struct net_device *dev, u32 dst, u32 local, int scop
897 read_lock(&dev_base_lock); 897 read_lock(&dev_base_lock);
898 rcu_read_lock(); 898 rcu_read_lock();
899 for (dev = dev_base; dev; dev = dev->next) { 899 for (dev = dev_base; dev; dev = dev->next) {
900 if ((in_dev = __in_dev_get(dev))) { 900 if ((in_dev = __in_dev_get_rcu(dev))) {
901 addr = confirm_addr_indev(in_dev, dst, local, scope); 901 addr = confirm_addr_indev(in_dev, dst, local, scope);
902 if (addr) 902 if (addr)
903 break; 903 break;
@@ -957,7 +957,7 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
957 void *ptr) 957 void *ptr)
958{ 958{
959 struct net_device *dev = ptr; 959 struct net_device *dev = ptr;
960 struct in_device *in_dev = __in_dev_get(dev); 960 struct in_device *in_dev = __in_dev_get_rtnl(dev);
961 961
962 ASSERT_RTNL(); 962 ASSERT_RTNL();
963 963
@@ -1078,7 +1078,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1078 if (idx > s_idx) 1078 if (idx > s_idx)
1079 s_ip_idx = 0; 1079 s_ip_idx = 0;
1080 rcu_read_lock(); 1080 rcu_read_lock();
1081 if ((in_dev = __in_dev_get(dev)) == NULL) { 1081 if ((in_dev = __in_dev_get_rcu(dev)) == NULL) {
1082 rcu_read_unlock(); 1082 rcu_read_unlock();
1083 continue; 1083 continue;
1084 } 1084 }
@@ -1149,7 +1149,7 @@ void inet_forward_change(void)
1149 for (dev = dev_base; dev; dev = dev->next) { 1149 for (dev = dev_base; dev; dev = dev->next) {
1150 struct in_device *in_dev; 1150 struct in_device *in_dev;
1151 rcu_read_lock(); 1151 rcu_read_lock();
1152 in_dev = __in_dev_get(dev); 1152 in_dev = __in_dev_get_rcu(dev);
1153 if (in_dev) 1153 if (in_dev)
1154 in_dev->cnf.forwarding = on; 1154 in_dev->cnf.forwarding = on;
1155 rcu_read_unlock(); 1155 rcu_read_unlock();
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 4e1379f71269..e61bc7177eb1 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -173,7 +173,7 @@ int fib_validate_source(u32 src, u32 dst, u8 tos, int oif,
173 173
174 no_addr = rpf = 0; 174 no_addr = rpf = 0;
175 rcu_read_lock(); 175 rcu_read_lock();
176 in_dev = __in_dev_get(dev); 176 in_dev = __in_dev_get_rcu(dev);
177 if (in_dev) { 177 if (in_dev) {
178 no_addr = in_dev->ifa_list == NULL; 178 no_addr = in_dev->ifa_list == NULL;
179 rpf = IN_DEV_RPFILTER(in_dev); 179 rpf = IN_DEV_RPFILTER(in_dev);
@@ -607,7 +607,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
607static int fib_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 607static int fib_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
608{ 608{
609 struct net_device *dev = ptr; 609 struct net_device *dev = ptr;
610 struct in_device *in_dev = __in_dev_get(dev); 610 struct in_device *in_dev = __in_dev_get_rtnl(dev);
611 611
612 if (event == NETDEV_UNREGISTER) { 612 if (event == NETDEV_UNREGISTER) {
613 fib_disable_ip(dev, 2); 613 fib_disable_ip(dev, 2);
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index d41219e8037c..186f20c4a45e 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -1087,7 +1087,7 @@ fib_convert_rtentry(int cmd, struct nlmsghdr *nl, struct rtmsg *rtm,
1087 rta->rta_oif = &dev->ifindex; 1087 rta->rta_oif = &dev->ifindex;
1088 if (colon) { 1088 if (colon) {
1089 struct in_ifaddr *ifa; 1089 struct in_ifaddr *ifa;
1090 struct in_device *in_dev = __in_dev_get(dev); 1090 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1091 if (!in_dev) 1091 if (!in_dev)
1092 return -ENODEV; 1092 return -ENODEV;
1093 *colon = ':'; 1093 *colon = ':';
@@ -1268,7 +1268,7 @@ int fib_sync_up(struct net_device *dev)
1268 } 1268 }
1269 if (nh->nh_dev == NULL || !(nh->nh_dev->flags&IFF_UP)) 1269 if (nh->nh_dev == NULL || !(nh->nh_dev->flags&IFF_UP))
1270 continue; 1270 continue;
1271 if (nh->nh_dev != dev || __in_dev_get(dev) == NULL) 1271 if (nh->nh_dev != dev || !__in_dev_get_rtnl(dev))
1272 continue; 1272 continue;
1273 alive++; 1273 alive++;
1274 spin_lock_bh(&fib_multipath_lock); 1274 spin_lock_bh(&fib_multipath_lock);
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 1b63b4824164..50c0519cd70d 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -43,7 +43,7 @@
43 * 2 of the License, or (at your option) any later version. 43 * 2 of the License, or (at your option) any later version.
44 */ 44 */
45 45
46#define VERSION "0.403" 46#define VERSION "0.404"
47 47
48#include <linux/config.h> 48#include <linux/config.h>
49#include <asm/uaccess.h> 49#include <asm/uaccess.h>
@@ -224,7 +224,7 @@ static inline int tkey_mismatch(t_key a, int offset, t_key b)
224 Consider a node 'n' and its parent 'tp'. 224 Consider a node 'n' and its parent 'tp'.
225 225
226 If n is a leaf, every bit in its key is significant. Its presence is 226 If n is a leaf, every bit in its key is significant. Its presence is
227 necessitaded by path compression, since during a tree traversal (when 227 necessitated by path compression, since during a tree traversal (when
228 searching for a leaf - unless we are doing an insertion) we will completely 228 searching for a leaf - unless we are doing an insertion) we will completely
229 ignore all skipped bits we encounter. Thus we need to verify, at the end of 229 ignore all skipped bits we encounter. Thus we need to verify, at the end of
230 a potentially successful search, that we have indeed been walking the 230 a potentially successful search, that we have indeed been walking the
@@ -836,11 +836,12 @@ static void trie_init(struct trie *t)
836#endif 836#endif
837} 837}
838 838
839/* readside most use rcu_read_lock currently dump routines 839/* readside must use rcu_read_lock currently dump routines
840 via get_fa_head and dump */ 840 via get_fa_head and dump */
841 841
842static struct leaf_info *find_leaf_info(struct hlist_head *head, int plen) 842static struct leaf_info *find_leaf_info(struct leaf *l, int plen)
843{ 843{
844 struct hlist_head *head = &l->list;
844 struct hlist_node *node; 845 struct hlist_node *node;
845 struct leaf_info *li; 846 struct leaf_info *li;
846 847
@@ -853,7 +854,7 @@ static struct leaf_info *find_leaf_info(struct hlist_head *head, int plen)
853 854
854static inline struct list_head * get_fa_head(struct leaf *l, int plen) 855static inline struct list_head * get_fa_head(struct leaf *l, int plen)
855{ 856{
856 struct leaf_info *li = find_leaf_info(&l->list, plen); 857 struct leaf_info *li = find_leaf_info(l, plen);
857 858
858 if (!li) 859 if (!li)
859 return NULL; 860 return NULL;
@@ -1085,7 +1086,7 @@ fib_insert_node(struct trie *t, int *err, u32 key, int plen)
1085 } 1086 }
1086 1087
1087 if (tp && tp->pos + tp->bits > 32) 1088 if (tp && tp->pos + tp->bits > 32)
1088 printk("ERROR tp=%p pos=%d, bits=%d, key=%0x plen=%d\n", 1089 printk(KERN_WARNING "fib_trie tp=%p pos=%d, bits=%d, key=%0x plen=%d\n",
1089 tp, tp->pos, tp->bits, key, plen); 1090 tp, tp->pos, tp->bits, key, plen);
1090 1091
1091 /* Rebalance the trie */ 1092 /* Rebalance the trie */
@@ -1248,7 +1249,7 @@ err:
1248} 1249}
1249 1250
1250 1251
1251/* should be clalled with rcu_read_lock */ 1252/* should be called with rcu_read_lock */
1252static inline int check_leaf(struct trie *t, struct leaf *l, 1253static inline int check_leaf(struct trie *t, struct leaf *l,
1253 t_key key, int *plen, const struct flowi *flp, 1254 t_key key, int *plen, const struct flowi *flp,
1254 struct fib_result *res) 1255 struct fib_result *res)
@@ -1590,7 +1591,7 @@ fn_trie_delete(struct fib_table *tb, struct rtmsg *r, struct kern_rta *rta,
1590 rtmsg_fib(RTM_DELROUTE, htonl(key), fa, plen, tb->tb_id, nlhdr, req); 1591 rtmsg_fib(RTM_DELROUTE, htonl(key), fa, plen, tb->tb_id, nlhdr, req);
1591 1592
1592 l = fib_find_node(t, key); 1593 l = fib_find_node(t, key);
1593 li = find_leaf_info(&l->list, plen); 1594 li = find_leaf_info(l, plen);
1594 1595
1595 list_del_rcu(&fa->fa_list); 1596 list_del_rcu(&fa->fa_list);
1596 1597
@@ -1714,7 +1715,6 @@ static int fn_trie_flush(struct fib_table *tb)
1714 1715
1715 t->revision++; 1716 t->revision++;
1716 1717
1717 rcu_read_lock();
1718 for (h = 0; (l = nextleaf(t, l)) != NULL; h++) { 1718 for (h = 0; (l = nextleaf(t, l)) != NULL; h++) {
1719 found += trie_flush_leaf(t, l); 1719 found += trie_flush_leaf(t, l);
1720 1720
@@ -1722,7 +1722,6 @@ static int fn_trie_flush(struct fib_table *tb)
1722 trie_leaf_remove(t, ll->key); 1722 trie_leaf_remove(t, ll->key);
1723 ll = l; 1723 ll = l;
1724 } 1724 }
1725 rcu_read_unlock();
1726 1725
1727 if (ll && hlist_empty(&ll->list)) 1726 if (ll && hlist_empty(&ll->list))
1728 trie_leaf_remove(t, ll->key); 1727 trie_leaf_remove(t, ll->key);
@@ -1833,16 +1832,7 @@ static int fn_trie_dump_fa(t_key key, int plen, struct list_head *fah, struct fi
1833 i++; 1832 i++;
1834 continue; 1833 continue;
1835 } 1834 }
1836 if (fa->fa_info->fib_nh == NULL) { 1835 BUG_ON(!fa->fa_info);
1837 printk("Trie error _fib_nh=NULL in fa[%d] k=%08x plen=%d\n", i, key, plen);
1838 i++;
1839 continue;
1840 }
1841 if (fa->fa_info == NULL) {
1842 printk("Trie error fa_info=NULL in fa[%d] k=%08x plen=%d\n", i, key, plen);
1843 i++;
1844 continue;
1845 }
1846 1836
1847 if (fib_dump_info(skb, NETLINK_CB(cb->skb).pid, 1837 if (fib_dump_info(skb, NETLINK_CB(cb->skb).pid,
1848 cb->nlh->nlmsg_seq, 1838 cb->nlh->nlmsg_seq,
@@ -1965,7 +1955,7 @@ struct fib_table * __init fib_hash_init(int id)
1965 trie_main = t; 1955 trie_main = t;
1966 1956
1967 if (id == RT_TABLE_LOCAL) 1957 if (id == RT_TABLE_LOCAL)
1968 printk("IPv4 FIB: Using LC-trie version %s\n", VERSION); 1958 printk(KERN_INFO "IPv4 FIB: Using LC-trie version %s\n", VERSION);
1969 1959
1970 return tb; 1960 return tb;
1971} 1961}
@@ -2029,7 +2019,7 @@ static struct node *fib_trie_get_first(struct fib_trie_iter *iter,
2029 iter->tnode = (struct tnode *) n; 2019 iter->tnode = (struct tnode *) n;
2030 iter->trie = t; 2020 iter->trie = t;
2031 iter->index = 0; 2021 iter->index = 0;
2032 iter->depth = 0; 2022 iter->depth = 1;
2033 return n; 2023 return n;
2034 } 2024 }
2035 return NULL; 2025 return NULL;
@@ -2274,11 +2264,12 @@ static int fib_trie_seq_show(struct seq_file *seq, void *v)
2274 seq_puts(seq, "<local>:\n"); 2264 seq_puts(seq, "<local>:\n");
2275 else 2265 else
2276 seq_puts(seq, "<main>:\n"); 2266 seq_puts(seq, "<main>:\n");
2277 } else { 2267 }
2278 seq_indent(seq, iter->depth-1); 2268 seq_indent(seq, iter->depth-1);
2279 seq_printf(seq, " +-- %d.%d.%d.%d/%d\n", 2269 seq_printf(seq, " +-- %d.%d.%d.%d/%d %d %d %d\n",
2280 NIPQUAD(prf), tn->pos); 2270 NIPQUAD(prf), tn->pos, tn->bits, tn->full_children,
2281 } 2271 tn->empty_children);
2272
2282 } else { 2273 } else {
2283 struct leaf *l = (struct leaf *) n; 2274 struct leaf *l = (struct leaf *) n;
2284 int i; 2275 int i;
@@ -2287,7 +2278,7 @@ static int fib_trie_seq_show(struct seq_file *seq, void *v)
2287 seq_indent(seq, iter->depth); 2278 seq_indent(seq, iter->depth);
2288 seq_printf(seq, " |-- %d.%d.%d.%d\n", NIPQUAD(val)); 2279 seq_printf(seq, " |-- %d.%d.%d.%d\n", NIPQUAD(val));
2289 for (i = 32; i >= 0; i--) { 2280 for (i = 32; i >= 0; i--) {
2290 struct leaf_info *li = find_leaf_info(&l->list, i); 2281 struct leaf_info *li = find_leaf_info(l, i);
2291 if (li) { 2282 if (li) {
2292 struct fib_alias *fa; 2283 struct fib_alias *fa;
2293 list_for_each_entry_rcu(fa, &li->falh, fa_list) { 2284 list_for_each_entry_rcu(fa, &li->falh, fa_list) {
@@ -2383,7 +2374,7 @@ static int fib_route_seq_show(struct seq_file *seq, void *v)
2383 return 0; 2374 return 0;
2384 2375
2385 for (i=32; i>=0; i--) { 2376 for (i=32; i>=0; i--) {
2386 struct leaf_info *li = find_leaf_info(&l->list, i); 2377 struct leaf_info *li = find_leaf_info(l, i);
2387 struct fib_alias *fa; 2378 struct fib_alias *fa;
2388 u32 mask, prefix; 2379 u32 mask, prefix;
2389 2380
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 24eb56ae1b5a..90dca711ac9f 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -188,7 +188,7 @@ struct icmp_err icmp_err_convert[] = {
188 188
189/* Control parameters for ECHO replies. */ 189/* Control parameters for ECHO replies. */
190int sysctl_icmp_echo_ignore_all; 190int sysctl_icmp_echo_ignore_all;
191int sysctl_icmp_echo_ignore_broadcasts; 191int sysctl_icmp_echo_ignore_broadcasts = 1;
192 192
193/* Control parameter - ignore bogus broadcast responses? */ 193/* Control parameter - ignore bogus broadcast responses? */
194int sysctl_icmp_ignore_bogus_error_responses; 194int sysctl_icmp_ignore_bogus_error_responses;
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 44607f4767b8..8b6d3939e1e6 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -1323,7 +1323,7 @@ static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr)
1323 } 1323 }
1324 if (dev) { 1324 if (dev) {
1325 imr->imr_ifindex = dev->ifindex; 1325 imr->imr_ifindex = dev->ifindex;
1326 idev = __in_dev_get(dev); 1326 idev = __in_dev_get_rtnl(dev);
1327 } 1327 }
1328 return idev; 1328 return idev;
1329} 1329}
@@ -1603,7 +1603,7 @@ static void ip_mc_clear_src(struct ip_mc_list *pmc)
1603 } 1603 }
1604 pmc->sources = NULL; 1604 pmc->sources = NULL;
1605 pmc->sfmode = MCAST_EXCLUDE; 1605 pmc->sfmode = MCAST_EXCLUDE;
1606 pmc->sfcount[MCAST_EXCLUDE] = 0; 1606 pmc->sfcount[MCAST_INCLUDE] = 0;
1607 pmc->sfcount[MCAST_EXCLUDE] = 1; 1607 pmc->sfcount[MCAST_EXCLUDE] = 1;
1608} 1608}
1609 1609
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index 4d1502a49852..f9076ef3a1a8 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -20,7 +20,7 @@ void __inet_twsk_kill(struct inet_timewait_sock *tw, struct inet_hashinfo *hashi
20 struct inet_bind_hashbucket *bhead; 20 struct inet_bind_hashbucket *bhead;
21 struct inet_bind_bucket *tb; 21 struct inet_bind_bucket *tb;
22 /* Unlink from established hashes. */ 22 /* Unlink from established hashes. */
23 struct inet_ehash_bucket *ehead = &hashinfo->ehash[tw->tw_hashent]; 23 struct inet_ehash_bucket *ehead = inet_ehash_bucket(hashinfo, tw->tw_hash);
24 24
25 write_lock(&ehead->lock); 25 write_lock(&ehead->lock);
26 if (hlist_unhashed(&tw->tw_node)) { 26 if (hlist_unhashed(&tw->tw_node)) {
@@ -60,7 +60,7 @@ void __inet_twsk_hashdance(struct inet_timewait_sock *tw, struct sock *sk,
60{ 60{
61 const struct inet_sock *inet = inet_sk(sk); 61 const struct inet_sock *inet = inet_sk(sk);
62 const struct inet_connection_sock *icsk = inet_csk(sk); 62 const struct inet_connection_sock *icsk = inet_csk(sk);
63 struct inet_ehash_bucket *ehead = &hashinfo->ehash[sk->sk_hashent]; 63 struct inet_ehash_bucket *ehead = inet_ehash_bucket(hashinfo, sk->sk_hash);
64 struct inet_bind_hashbucket *bhead; 64 struct inet_bind_hashbucket *bhead;
65 /* Step 1: Put TW into bind hash. Original socket stays there too. 65 /* Step 1: Put TW into bind hash. Original socket stays there too.
66 Note, that any socket with inet->num != 0 MUST be bound in 66 Note, that any socket with inet->num != 0 MUST be bound in
@@ -106,7 +106,7 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk, const int stat
106 tw->tw_dport = inet->dport; 106 tw->tw_dport = inet->dport;
107 tw->tw_family = sk->sk_family; 107 tw->tw_family = sk->sk_family;
108 tw->tw_reuse = sk->sk_reuse; 108 tw->tw_reuse = sk->sk_reuse;
109 tw->tw_hashent = sk->sk_hashent; 109 tw->tw_hash = sk->sk_hash;
110 tw->tw_ipv6only = 0; 110 tw->tw_ipv6only = 0;
111 tw->tw_prot = sk->sk_prot_creator; 111 tw->tw_prot = sk->sk_prot_creator;
112 atomic_set(&tw->tw_refcnt, 1); 112 atomic_set(&tw->tw_refcnt, 1);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index f0d5740d7e22..896ce3f8f53a 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1104,10 +1104,10 @@ static int ipgre_open(struct net_device *dev)
1104 return -EADDRNOTAVAIL; 1104 return -EADDRNOTAVAIL;
1105 dev = rt->u.dst.dev; 1105 dev = rt->u.dst.dev;
1106 ip_rt_put(rt); 1106 ip_rt_put(rt);
1107 if (__in_dev_get(dev) == NULL) 1107 if (__in_dev_get_rtnl(dev) == NULL)
1108 return -EADDRNOTAVAIL; 1108 return -EADDRNOTAVAIL;
1109 t->mlink = dev->ifindex; 1109 t->mlink = dev->ifindex;
1110 ip_mc_inc_group(__in_dev_get(dev), t->parms.iph.daddr); 1110 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
1111 } 1111 }
1112 return 0; 1112 return 0;
1113} 1113}
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 9dbf5909f3a6..302b7eb507c9 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -149,7 +149,7 @@ struct net_device *ipmr_new_tunnel(struct vifctl *v)
149 if (err == 0 && (dev = __dev_get_by_name(p.name)) != NULL) { 149 if (err == 0 && (dev = __dev_get_by_name(p.name)) != NULL) {
150 dev->flags |= IFF_MULTICAST; 150 dev->flags |= IFF_MULTICAST;
151 151
152 in_dev = __in_dev_get(dev); 152 in_dev = __in_dev_get_rtnl(dev);
153 if (in_dev == NULL && (in_dev = inetdev_init(dev)) == NULL) 153 if (in_dev == NULL && (in_dev = inetdev_init(dev)) == NULL)
154 goto failure; 154 goto failure;
155 in_dev->cnf.rp_filter = 0; 155 in_dev->cnf.rp_filter = 0;
@@ -278,7 +278,7 @@ static int vif_delete(int vifi)
278 278
279 dev_set_allmulti(dev, -1); 279 dev_set_allmulti(dev, -1);
280 280
281 if ((in_dev = __in_dev_get(dev)) != NULL) { 281 if ((in_dev = __in_dev_get_rtnl(dev)) != NULL) {
282 in_dev->cnf.mc_forwarding--; 282 in_dev->cnf.mc_forwarding--;
283 ip_rt_multicast_event(in_dev); 283 ip_rt_multicast_event(in_dev);
284 } 284 }
@@ -421,7 +421,7 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
421 return -EINVAL; 421 return -EINVAL;
422 } 422 }
423 423
424 if ((in_dev = __in_dev_get(dev)) == NULL) 424 if ((in_dev = __in_dev_get_rtnl(dev)) == NULL)
425 return -EADDRNOTAVAIL; 425 return -EADDRNOTAVAIL;
426 in_dev->cnf.mc_forwarding++; 426 in_dev->cnf.mc_forwarding++;
427 dev_set_allmulti(dev, +1); 427 dev_set_allmulti(dev, +1);
diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index e11952ea17af..f828fa2eb7de 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -196,6 +196,7 @@ static inline struct ip_vs_conn *__ip_vs_conn_in_get
196 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { 196 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
197 if (s_addr==cp->caddr && s_port==cp->cport && 197 if (s_addr==cp->caddr && s_port==cp->cport &&
198 d_port==cp->vport && d_addr==cp->vaddr && 198 d_port==cp->vport && d_addr==cp->vaddr &&
199 ((!s_port) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) &&
199 protocol==cp->protocol) { 200 protocol==cp->protocol) {
200 /* HIT */ 201 /* HIT */
201 atomic_inc(&cp->refcnt); 202 atomic_inc(&cp->refcnt);
@@ -227,6 +228,40 @@ struct ip_vs_conn *ip_vs_conn_in_get
227 return cp; 228 return cp;
228} 229}
229 230
231/* Get reference to connection template */
232struct ip_vs_conn *ip_vs_ct_in_get
233(int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port)
234{
235 unsigned hash;
236 struct ip_vs_conn *cp;
237
238 hash = ip_vs_conn_hashkey(protocol, s_addr, s_port);
239
240 ct_read_lock(hash);
241
242 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
243 if (s_addr==cp->caddr && s_port==cp->cport &&
244 d_port==cp->vport && d_addr==cp->vaddr &&
245 cp->flags & IP_VS_CONN_F_TEMPLATE &&
246 protocol==cp->protocol) {
247 /* HIT */
248 atomic_inc(&cp->refcnt);
249 goto out;
250 }
251 }
252 cp = NULL;
253
254 out:
255 ct_read_unlock(hash);
256
257 IP_VS_DBG(7, "template lookup/in %s %u.%u.%u.%u:%d->%u.%u.%u.%u:%d %s\n",
258 ip_vs_proto_name(protocol),
259 NIPQUAD(s_addr), ntohs(s_port),
260 NIPQUAD(d_addr), ntohs(d_port),
261 cp?"hit":"not hit");
262
263 return cp;
264}
230 265
231/* 266/*
232 * Gets ip_vs_conn associated with supplied parameters in the ip_vs_conn_tab. 267 * Gets ip_vs_conn associated with supplied parameters in the ip_vs_conn_tab.
@@ -367,7 +402,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
367 atomic_read(&dest->refcnt)); 402 atomic_read(&dest->refcnt));
368 403
369 /* Update the connection counters */ 404 /* Update the connection counters */
370 if (cp->cport || (cp->flags & IP_VS_CONN_F_NO_CPORT)) { 405 if (!(cp->flags & IP_VS_CONN_F_TEMPLATE)) {
371 /* It is a normal connection, so increase the inactive 406 /* It is a normal connection, so increase the inactive
372 connection counter because it is in TCP SYNRECV 407 connection counter because it is in TCP SYNRECV
373 state (inactive) or other protocol inacive state */ 408 state (inactive) or other protocol inacive state */
@@ -406,7 +441,7 @@ static inline void ip_vs_unbind_dest(struct ip_vs_conn *cp)
406 atomic_read(&dest->refcnt)); 441 atomic_read(&dest->refcnt));
407 442
408 /* Update the connection counters */ 443 /* Update the connection counters */
409 if (cp->cport || (cp->flags & IP_VS_CONN_F_NO_CPORT)) { 444 if (!(cp->flags & IP_VS_CONN_F_TEMPLATE)) {
410 /* It is a normal connection, so decrease the inactconns 445 /* It is a normal connection, so decrease the inactconns
411 or activeconns counter */ 446 or activeconns counter */
412 if (cp->flags & IP_VS_CONN_F_INACTIVE) { 447 if (cp->flags & IP_VS_CONN_F_INACTIVE) {
@@ -467,7 +502,7 @@ int ip_vs_check_template(struct ip_vs_conn *ct)
467 /* 502 /*
468 * Invalidate the connection template 503 * Invalidate the connection template
469 */ 504 */
470 if (ct->cport) { 505 if (ct->vport != 65535) {
471 if (ip_vs_conn_unhash(ct)) { 506 if (ip_vs_conn_unhash(ct)) {
472 ct->dport = 65535; 507 ct->dport = 65535;
473 ct->vport = 65535; 508 ct->vport = 65535;
@@ -776,7 +811,7 @@ void ip_vs_random_dropentry(void)
776 ct_write_lock_bh(hash); 811 ct_write_lock_bh(hash);
777 812
778 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { 813 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
779 if (!cp->cport && !(cp->flags & IP_VS_CONN_F_NO_CPORT)) 814 if (cp->flags & IP_VS_CONN_F_TEMPLATE)
780 /* connection template */ 815 /* connection template */
781 continue; 816 continue;
782 817
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 3ac7eeca04ac..981cc3244ef2 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -243,10 +243,10 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
243 if (ports[1] == svc->port) { 243 if (ports[1] == svc->port) {
244 /* Check if a template already exists */ 244 /* Check if a template already exists */
245 if (svc->port != FTPPORT) 245 if (svc->port != FTPPORT)
246 ct = ip_vs_conn_in_get(iph->protocol, snet, 0, 246 ct = ip_vs_ct_in_get(iph->protocol, snet, 0,
247 iph->daddr, ports[1]); 247 iph->daddr, ports[1]);
248 else 248 else
249 ct = ip_vs_conn_in_get(iph->protocol, snet, 0, 249 ct = ip_vs_ct_in_get(iph->protocol, snet, 0,
250 iph->daddr, 0); 250 iph->daddr, 0);
251 251
252 if (!ct || !ip_vs_check_template(ct)) { 252 if (!ct || !ip_vs_check_template(ct)) {
@@ -272,14 +272,14 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
272 iph->daddr, 272 iph->daddr,
273 ports[1], 273 ports[1],
274 dest->addr, dest->port, 274 dest->addr, dest->port,
275 0, 275 IP_VS_CONN_F_TEMPLATE,
276 dest); 276 dest);
277 else 277 else
278 ct = ip_vs_conn_new(iph->protocol, 278 ct = ip_vs_conn_new(iph->protocol,
279 snet, 0, 279 snet, 0,
280 iph->daddr, 0, 280 iph->daddr, 0,
281 dest->addr, 0, 281 dest->addr, 0,
282 0, 282 IP_VS_CONN_F_TEMPLATE,
283 dest); 283 dest);
284 if (ct == NULL) 284 if (ct == NULL)
285 return NULL; 285 return NULL;
@@ -298,10 +298,10 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
298 * port zero template: <protocol,caddr,0,vaddr,0,daddr,0> 298 * port zero template: <protocol,caddr,0,vaddr,0,daddr,0>
299 */ 299 */
300 if (svc->fwmark) 300 if (svc->fwmark)
301 ct = ip_vs_conn_in_get(IPPROTO_IP, snet, 0, 301 ct = ip_vs_ct_in_get(IPPROTO_IP, snet, 0,
302 htonl(svc->fwmark), 0); 302 htonl(svc->fwmark), 0);
303 else 303 else
304 ct = ip_vs_conn_in_get(iph->protocol, snet, 0, 304 ct = ip_vs_ct_in_get(iph->protocol, snet, 0,
305 iph->daddr, 0); 305 iph->daddr, 0);
306 306
307 if (!ct || !ip_vs_check_template(ct)) { 307 if (!ct || !ip_vs_check_template(ct)) {
@@ -326,14 +326,14 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
326 snet, 0, 326 snet, 0,
327 htonl(svc->fwmark), 0, 327 htonl(svc->fwmark), 0,
328 dest->addr, 0, 328 dest->addr, 0,
329 0, 329 IP_VS_CONN_F_TEMPLATE,
330 dest); 330 dest);
331 else 331 else
332 ct = ip_vs_conn_new(iph->protocol, 332 ct = ip_vs_conn_new(iph->protocol,
333 snet, 0, 333 snet, 0,
334 iph->daddr, 0, 334 iph->daddr, 0,
335 dest->addr, 0, 335 dest->addr, 0,
336 0, 336 IP_VS_CONN_F_TEMPLATE,
337 dest); 337 dest);
338 if (ct == NULL) 338 if (ct == NULL)
339 return NULL; 339 return NULL;
diff --git a/net/ipv4/ipvs/ip_vs_sync.c b/net/ipv4/ipvs/ip_vs_sync.c
index 574d1f509b46..2e5ced3d8062 100644
--- a/net/ipv4/ipvs/ip_vs_sync.c
+++ b/net/ipv4/ipvs/ip_vs_sync.c
@@ -297,16 +297,24 @@ static void ip_vs_process_message(const char *buffer, const size_t buflen)
297 297
298 p = (char *)buffer + sizeof(struct ip_vs_sync_mesg); 298 p = (char *)buffer + sizeof(struct ip_vs_sync_mesg);
299 for (i=0; i<m->nr_conns; i++) { 299 for (i=0; i<m->nr_conns; i++) {
300 unsigned flags;
301
300 s = (struct ip_vs_sync_conn *)p; 302 s = (struct ip_vs_sync_conn *)p;
301 cp = ip_vs_conn_in_get(s->protocol, 303 flags = ntohs(s->flags);
302 s->caddr, s->cport, 304 if (!(flags & IP_VS_CONN_F_TEMPLATE))
303 s->vaddr, s->vport); 305 cp = ip_vs_conn_in_get(s->protocol,
306 s->caddr, s->cport,
307 s->vaddr, s->vport);
308 else
309 cp = ip_vs_ct_in_get(s->protocol,
310 s->caddr, s->cport,
311 s->vaddr, s->vport);
304 if (!cp) { 312 if (!cp) {
305 cp = ip_vs_conn_new(s->protocol, 313 cp = ip_vs_conn_new(s->protocol,
306 s->caddr, s->cport, 314 s->caddr, s->cport,
307 s->vaddr, s->vport, 315 s->vaddr, s->vport,
308 s->daddr, s->dport, 316 s->daddr, s->dport,
309 ntohs(s->flags), NULL); 317 flags, NULL);
310 if (!cp) { 318 if (!cp) {
311 IP_VS_ERR("ip_vs_conn_new failed\n"); 319 IP_VS_ERR("ip_vs_conn_new failed\n");
312 return; 320 return;
@@ -315,11 +323,11 @@ static void ip_vs_process_message(const char *buffer, const size_t buflen)
315 } else if (!cp->dest) { 323 } else if (!cp->dest) {
316 /* it is an entry created by the synchronization */ 324 /* it is an entry created by the synchronization */
317 cp->state = ntohs(s->state); 325 cp->state = ntohs(s->state);
318 cp->flags = ntohs(s->flags) | IP_VS_CONN_F_HASHED; 326 cp->flags = flags | IP_VS_CONN_F_HASHED;
319 } /* Note that we don't touch its state and flags 327 } /* Note that we don't touch its state and flags
320 if it is a normal entry. */ 328 if it is a normal entry. */
321 329
322 if (ntohs(s->flags) & IP_VS_CONN_F_SEQ_MASK) { 330 if (flags & IP_VS_CONN_F_SEQ_MASK) {
323 opt = (struct ip_vs_sync_conn_options *)&s[1]; 331 opt = (struct ip_vs_sync_conn_options *)&s[1];
324 memcpy(&cp->in_seq, opt, sizeof(*opt)); 332 memcpy(&cp->in_seq, opt, sizeof(*opt));
325 p += FULL_CONN_SIZE; 333 p += FULL_CONN_SIZE;
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 30aa8e2ee214..2cd7e7d1ac90 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -51,6 +51,14 @@ config IP_NF_CONNTRACK_EVENTS
51 51
52 IF unsure, say `N'. 52 IF unsure, say `N'.
53 53
54config IP_NF_CONNTRACK_NETLINK
55 tristate 'Connection tracking netlink interface'
56 depends on IP_NF_CONNTRACK && NETFILTER_NETLINK
57 depends on IP_NF_CONNTRACK!=y || NETFILTER_NETLINK!=m
58 help
59 This option enables support for a netlink-based userspace interface
60
61
54config IP_NF_CT_PROTO_SCTP 62config IP_NF_CT_PROTO_SCTP
55 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' 63 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
56 depends on IP_NF_CONNTRACK && EXPERIMENTAL 64 depends on IP_NF_CONNTRACK && EXPERIMENTAL
@@ -129,6 +137,22 @@ config IP_NF_AMANDA
129 137
130 To compile it as a module, choose M here. If unsure, say Y. 138 To compile it as a module, choose M here. If unsure, say Y.
131 139
140config IP_NF_PPTP
141 tristate 'PPTP protocol support'
142 help
143 This module adds support for PPTP (Point to Point Tunnelling
144 Protocol, RFC2637) conncection tracking and NAT.
145
146 If you are running PPTP sessions over a stateful firewall or NAT
147 box, you may want to enable this feature.
148
149 Please note that not all PPTP modes of operation are supported yet.
150 For more info, read top of the file
151 net/ipv4/netfilter/ip_conntrack_pptp.c
152
153 If you want to compile it as a module, say M here and read
154 Documentation/modules.txt. If unsure, say `N'.
155
132config IP_NF_QUEUE 156config IP_NF_QUEUE
133 tristate "IP Userspace queueing via NETLINK (OBSOLETE)" 157 tristate "IP Userspace queueing via NETLINK (OBSOLETE)"
134 help 158 help
@@ -513,6 +537,17 @@ config IP_NF_TARGET_TCPMSS
513 537
514 To compile it as a module, choose M here. If unsure, say N. 538 To compile it as a module, choose M here. If unsure, say N.
515 539
540config IP_NF_TARGET_NFQUEUE
541 tristate "NFQUEUE Target Support"
542 depends on IP_NF_IPTABLES
543 help
544 This Target replaced the old obsolete QUEUE target.
545
546 As opposed to QUEUE, it supports 65535 different queues,
547 not just one.
548
549 To compile it as a module, choose M here. If unsure, say N.
550
516# NAT + specific targets 551# NAT + specific targets
517config IP_NF_NAT 552config IP_NF_NAT
518 tristate "Full NAT" 553 tristate "Full NAT"
@@ -613,6 +648,12 @@ config IP_NF_NAT_AMANDA
613 default IP_NF_NAT if IP_NF_AMANDA=y 648 default IP_NF_NAT if IP_NF_AMANDA=y
614 default m if IP_NF_AMANDA=m 649 default m if IP_NF_AMANDA=m
615 650
651config IP_NF_NAT_PPTP
652 tristate
653 depends on IP_NF_NAT!=n && IP_NF_PPTP!=n
654 default IP_NF_NAT if IP_NF_PPTP=y
655 default m if IP_NF_PPTP=m
656
616# mangle + specific targets 657# mangle + specific targets
617config IP_NF_MANGLE 658config IP_NF_MANGLE
618 tristate "Packet mangling" 659 tristate "Packet mangling"
@@ -774,11 +815,5 @@ config IP_NF_ARP_MANGLE
774 Allows altering the ARP packet payload: source and destination 815 Allows altering the ARP packet payload: source and destination
775 hardware and network addresses. 816 hardware and network addresses.
776 817
777config IP_NF_CONNTRACK_NETLINK
778 tristate 'Connection tracking netlink interface'
779 depends on IP_NF_CONNTRACK && NETFILTER_NETLINK
780 help
781 This option enables support for a netlink-based userspace interface
782
783endmenu 818endmenu
784 819
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 1ba0db746817..dab4b58dd31e 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -4,7 +4,11 @@
4 4
5# objects for the standalone - connection tracking / NAT 5# objects for the standalone - connection tracking / NAT
6ip_conntrack-objs := ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o 6ip_conntrack-objs := ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o
7iptable_nat-objs := ip_nat_standalone.o ip_nat_rule.o ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o 7ip_nat-objs := ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o
8iptable_nat-objs := ip_nat_rule.o ip_nat_standalone.o
9
10ip_conntrack_pptp-objs := ip_conntrack_helper_pptp.o ip_conntrack_proto_gre.o
11ip_nat_pptp-objs := ip_nat_helper_pptp.o ip_nat_proto_gre.o
8 12
9# connection tracking 13# connection tracking
10obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o 14obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
@@ -17,6 +21,7 @@ obj-$(CONFIG_IP_NF_CONNTRACK_NETLINK) += ip_conntrack_netlink.o
17obj-$(CONFIG_IP_NF_CT_PROTO_SCTP) += ip_conntrack_proto_sctp.o 21obj-$(CONFIG_IP_NF_CT_PROTO_SCTP) += ip_conntrack_proto_sctp.o
18 22
19# connection tracking helpers 23# connection tracking helpers
24obj-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp.o
20obj-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda.o 25obj-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda.o
21obj-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp.o 26obj-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp.o
22obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o 27obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o
@@ -24,6 +29,7 @@ obj-$(CONFIG_IP_NF_IRC) += ip_conntrack_irc.o
24obj-$(CONFIG_IP_NF_NETBIOS_NS) += ip_conntrack_netbios_ns.o 29obj-$(CONFIG_IP_NF_NETBIOS_NS) += ip_conntrack_netbios_ns.o
25 30
26# NAT helpers 31# NAT helpers
32obj-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp.o
27obj-$(CONFIG_IP_NF_NAT_AMANDA) += ip_nat_amanda.o 33obj-$(CONFIG_IP_NF_NAT_AMANDA) += ip_nat_amanda.o
28obj-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp.o 34obj-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp.o
29obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o 35obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o
@@ -35,7 +41,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
35# the three instances of ip_tables 41# the three instances of ip_tables
36obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o 42obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
37obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o 43obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
38obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o 44obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o ip_nat.o
39obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o 45obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
40 46
41# matches 47# matches
@@ -87,6 +93,7 @@ obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
87obj-$(CONFIG_IP_NF_TARGET_NOTRACK) += ipt_NOTRACK.o 93obj-$(CONFIG_IP_NF_TARGET_NOTRACK) += ipt_NOTRACK.o
88obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o 94obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
89obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o 95obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
96obj-$(CONFIG_IP_NF_TARGET_NFQUEUE) += ipt_NFQUEUE.o
90 97
91# generic ARP tables 98# generic ARP tables
92obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o 99obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o
@@ -96,4 +103,3 @@ obj-$(CONFIG_IP_NF_ARP_MANGLE) += arpt_mangle.o
96obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o 103obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o
97 104
98obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o 105obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o
99obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ipt_NFQUEUE.o
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
index dc20881004bc..fa3f914117ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -65,7 +65,7 @@ static int help(struct sk_buff **pskb,
65 65
66 /* increase the UDP timeout of the master connection as replies from 66 /* increase the UDP timeout of the master connection as replies from
67 * Amanda clients to the server can be quite delayed */ 67 * Amanda clients to the server can be quite delayed */
68 ip_ct_refresh_acct(ct, ctinfo, NULL, master_timeout * HZ); 68 ip_ct_refresh(ct, *pskb, master_timeout * HZ);
69 69
70 /* No data? */ 70 /* No data? */
71 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 71 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 19cba16e6e1e..ea65dd3e517a 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -233,7 +233,7 @@ __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
233 233
234/* Just find a expectation corresponding to a tuple. */ 234/* Just find a expectation corresponding to a tuple. */
235struct ip_conntrack_expect * 235struct ip_conntrack_expect *
236ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple) 236ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
237{ 237{
238 struct ip_conntrack_expect *i; 238 struct ip_conntrack_expect *i;
239 239
@@ -1112,42 +1112,46 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me)
1112 synchronize_net(); 1112 synchronize_net();
1113} 1113}
1114 1114
1115static inline void ct_add_counters(struct ip_conntrack *ct, 1115/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
1116 enum ip_conntrack_info ctinfo, 1116void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1117 const struct sk_buff *skb)
1118{
1119#ifdef CONFIG_IP_NF_CT_ACCT
1120 if (skb) {
1121 ct->counters[CTINFO2DIR(ctinfo)].packets++;
1122 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
1123 ntohs(skb->nh.iph->tot_len);
1124 }
1125#endif
1126}
1127
1128/* Refresh conntrack for this many jiffies and do accounting (if skb != NULL) */
1129void ip_ct_refresh_acct(struct ip_conntrack *ct,
1130 enum ip_conntrack_info ctinfo, 1117 enum ip_conntrack_info ctinfo,
1131 const struct sk_buff *skb, 1118 const struct sk_buff *skb,
1132 unsigned long extra_jiffies) 1119 unsigned long extra_jiffies,
1120 int do_acct)
1133{ 1121{
1122 int do_event = 0;
1123
1134 IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); 1124 IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct);
1125 IP_NF_ASSERT(skb);
1126
1127 write_lock_bh(&ip_conntrack_lock);
1135 1128
1136 /* If not in hash table, timer will not be active yet */ 1129 /* If not in hash table, timer will not be active yet */
1137 if (!is_confirmed(ct)) { 1130 if (!is_confirmed(ct)) {
1138 ct->timeout.expires = extra_jiffies; 1131 ct->timeout.expires = extra_jiffies;
1139 ct_add_counters(ct, ctinfo, skb); 1132 do_event = 1;
1140 } else { 1133 } else {
1141 write_lock_bh(&ip_conntrack_lock);
1142 /* Need del_timer for race avoidance (may already be dying). */ 1134 /* Need del_timer for race avoidance (may already be dying). */
1143 if (del_timer(&ct->timeout)) { 1135 if (del_timer(&ct->timeout)) {
1144 ct->timeout.expires = jiffies + extra_jiffies; 1136 ct->timeout.expires = jiffies + extra_jiffies;
1145 add_timer(&ct->timeout); 1137 add_timer(&ct->timeout);
1146 ip_conntrack_event_cache(IPCT_REFRESH, skb); 1138 do_event = 1;
1147 } 1139 }
1148 ct_add_counters(ct, ctinfo, skb);
1149 write_unlock_bh(&ip_conntrack_lock);
1150 } 1140 }
1141
1142#ifdef CONFIG_IP_NF_CT_ACCT
1143 if (do_acct) {
1144 ct->counters[CTINFO2DIR(ctinfo)].packets++;
1145 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
1146 ntohs(skb->nh.iph->tot_len);
1147 }
1148#endif
1149
1150 write_unlock_bh(&ip_conntrack_lock);
1151
1152 /* must be unlocked when calling event cache */
1153 if (do_event)
1154 ip_conntrack_event_cache(IPCT_REFRESH, skb);
1151} 1155}
1152 1156
1153#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ 1157#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
index 1b79ec36085f..d77d6b3f5f80 100644
--- a/net/ipv4/netfilter/ip_conntrack_ftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_ftp.c
@@ -29,9 +29,9 @@ static char *ftp_buffer;
29static DEFINE_SPINLOCK(ip_ftp_lock); 29static DEFINE_SPINLOCK(ip_ftp_lock);
30 30
31#define MAX_PORTS 8 31#define MAX_PORTS 8
32static int ports[MAX_PORTS]; 32static short ports[MAX_PORTS];
33static int ports_c; 33static int ports_c;
34module_param_array(ports, int, &ports_c, 0400); 34module_param_array(ports, short, &ports_c, 0400);
35 35
36static int loose; 36static int loose;
37module_param(loose, int, 0600); 37module_param(loose, int, 0600);
@@ -450,7 +450,7 @@ out_update_nl:
450} 450}
451 451
452static struct ip_conntrack_helper ftp[MAX_PORTS]; 452static struct ip_conntrack_helper ftp[MAX_PORTS];
453static char ftp_names[MAX_PORTS][10]; 453static char ftp_names[MAX_PORTS][sizeof("ftp-65535")];
454 454
455/* Not __exit: called from init() */ 455/* Not __exit: called from init() */
456static void fini(void) 456static void fini(void)
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
new file mode 100644
index 000000000000..926a6684643d
--- /dev/null
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -0,0 +1,806 @@
1/*
2 * ip_conntrack_pptp.c - Version 3.0
3 *
4 * Connection tracking support for PPTP (Point to Point Tunneling Protocol).
5 * PPTP is a a protocol for creating virtual private networks.
6 * It is a specification defined by Microsoft and some vendors
7 * working with Microsoft. PPTP is built on top of a modified
8 * version of the Internet Generic Routing Encapsulation Protocol.
9 * GRE is defined in RFC 1701 and RFC 1702. Documentation of
10 * PPTP can be found in RFC 2637
11 *
12 * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
13 *
14 * Development of this code funded by Astaro AG (http://www.astaro.com/)
15 *
16 * Limitations:
17 * - We blindly assume that control connections are always
18 * established in PNS->PAC direction. This is a violation
19 * of RFFC2673
20 * - We can only support one single call within each session
21 *
22 * TODO:
23 * - testing of incoming PPTP calls
24 *
25 * Changes:
26 * 2002-02-05 - Version 1.3
27 * - Call ip_conntrack_unexpect_related() from
28 * pptp_destroy_siblings() to destroy expectations in case
29 * CALL_DISCONNECT_NOTIFY or tcp fin packet was seen
30 * (Philip Craig <philipc@snapgear.com>)
31 * - Add Version information at module loadtime
32 * 2002-02-10 - Version 1.6
33 * - move to C99 style initializers
34 * - remove second expectation if first arrives
35 * 2004-10-22 - Version 2.0
36 * - merge Mandrake's 2.6.x port with recent 2.6.x API changes
37 * - fix lots of linear skb assumptions from Mandrake's port
38 * 2005-06-10 - Version 2.1
39 * - use ip_conntrack_expect_free() instead of kfree() on the
40 * expect's (which are from the slab for quite some time)
41 * 2005-06-10 - Version 3.0
42 * - port helper to post-2.6.11 API changes,
43 * funded by Oxcoda NetBox Blue (http://www.netboxblue.com/)
44 * 2005-07-30 - Version 3.1
45 * - port helper to 2.6.13 API changes
46 *
47 */
48
49#include <linux/config.h>
50#include <linux/module.h>
51#include <linux/netfilter.h>
52#include <linux/ip.h>
53#include <net/checksum.h>
54#include <net/tcp.h>
55
56#include <linux/netfilter_ipv4/ip_conntrack.h>
57#include <linux/netfilter_ipv4/ip_conntrack_core.h>
58#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
59#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
60#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
61
62#define IP_CT_PPTP_VERSION "3.1"
63
64MODULE_LICENSE("GPL");
65MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
66MODULE_DESCRIPTION("Netfilter connection tracking helper module for PPTP");
67
68static DEFINE_SPINLOCK(ip_pptp_lock);
69
70int
71(*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,
72 struct ip_conntrack *ct,
73 enum ip_conntrack_info ctinfo,
74 struct PptpControlHeader *ctlh,
75 union pptp_ctrl_union *pptpReq);
76
77int
78(*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,
79 struct ip_conntrack *ct,
80 enum ip_conntrack_info ctinfo,
81 struct PptpControlHeader *ctlh,
82 union pptp_ctrl_union *pptpReq);
83
84int
85(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *expect_orig,
86 struct ip_conntrack_expect *expect_reply);
87
88void
89(*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,
90 struct ip_conntrack_expect *exp);
91
92#if 0
93/* PptpControlMessageType names */
94const char *pptp_msg_name[] = {
95 "UNKNOWN_MESSAGE",
96 "START_SESSION_REQUEST",
97 "START_SESSION_REPLY",
98 "STOP_SESSION_REQUEST",
99 "STOP_SESSION_REPLY",
100 "ECHO_REQUEST",
101 "ECHO_REPLY",
102 "OUT_CALL_REQUEST",
103 "OUT_CALL_REPLY",
104 "IN_CALL_REQUEST",
105 "IN_CALL_REPLY",
106 "IN_CALL_CONNECT",
107 "CALL_CLEAR_REQUEST",
108 "CALL_DISCONNECT_NOTIFY",
109 "WAN_ERROR_NOTIFY",
110 "SET_LINK_INFO"
111};
112EXPORT_SYMBOL(pptp_msg_name);
113#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args)
114#else
115#define DEBUGP(format, args...)
116#endif
117
118#define SECS *HZ
119#define MINS * 60 SECS
120#define HOURS * 60 MINS
121
122#define PPTP_GRE_TIMEOUT (10 MINS)
123#define PPTP_GRE_STREAM_TIMEOUT (5 HOURS)
124
125static void pptp_expectfn(struct ip_conntrack *ct,
126 struct ip_conntrack_expect *exp)
127{
128 DEBUGP("increasing timeouts\n");
129
130 /* increase timeout of GRE data channel conntrack entry */
131 ct->proto.gre.timeout = PPTP_GRE_TIMEOUT;
132 ct->proto.gre.stream_timeout = PPTP_GRE_STREAM_TIMEOUT;
133
134 /* Can you see how rusty this code is, compared with the pre-2.6.11
135 * one? That's what happened to my shiny newnat of 2002 ;( -HW */
136
137 if (!ip_nat_pptp_hook_expectfn) {
138 struct ip_conntrack_tuple inv_t;
139 struct ip_conntrack_expect *exp_other;
140
141 /* obviously this tuple inversion only works until you do NAT */
142 invert_tuplepr(&inv_t, &exp->tuple);
143 DEBUGP("trying to unexpect other dir: ");
144 DUMP_TUPLE(&inv_t);
145
146 exp_other = ip_conntrack_expect_find(&inv_t);
147 if (exp_other) {
148 /* delete other expectation. */
149 DEBUGP("found\n");
150 ip_conntrack_unexpect_related(exp_other);
151 ip_conntrack_expect_put(exp_other);
152 } else {
153 DEBUGP("not found\n");
154 }
155 } else {
156 /* we need more than simple inversion */
157 ip_nat_pptp_hook_expectfn(ct, exp);
158 }
159}
160
161static int destroy_sibling_or_exp(const struct ip_conntrack_tuple *t)
162{
163 struct ip_conntrack_tuple_hash *h;
164 struct ip_conntrack_expect *exp;
165
166 DEBUGP("trying to timeout ct or exp for tuple ");
167 DUMP_TUPLE(t);
168
169 h = ip_conntrack_find_get(t, NULL);
170 if (h) {
171 struct ip_conntrack *sibling = tuplehash_to_ctrack(h);
172 DEBUGP("setting timeout of conntrack %p to 0\n", sibling);
173 sibling->proto.gre.timeout = 0;
174 sibling->proto.gre.stream_timeout = 0;
175 if (del_timer(&sibling->timeout))
176 sibling->timeout.function((unsigned long)sibling);
177 ip_conntrack_put(sibling);
178 return 1;
179 } else {
180 exp = ip_conntrack_expect_find(t);
181 if (exp) {
182 DEBUGP("unexpect_related of expect %p\n", exp);
183 ip_conntrack_unexpect_related(exp);
184 ip_conntrack_expect_put(exp);
185 return 1;
186 }
187 }
188
189 return 0;
190}
191
192
193/* timeout GRE data connections */
194static void pptp_destroy_siblings(struct ip_conntrack *ct)
195{
196 struct ip_conntrack_tuple t;
197
198 /* Since ct->sibling_list has literally rusted away in 2.6.11,
199 * we now need another way to find out about our sibling
200 * contrack and expects... -HW */
201
202 /* try original (pns->pac) tuple */
203 memcpy(&t, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, sizeof(t));
204 t.dst.protonum = IPPROTO_GRE;
205 t.src.u.gre.key = htons(ct->help.ct_pptp_info.pns_call_id);
206 t.dst.u.gre.key = htons(ct->help.ct_pptp_info.pac_call_id);
207
208 if (!destroy_sibling_or_exp(&t))
209 DEBUGP("failed to timeout original pns->pac ct/exp\n");
210
211 /* try reply (pac->pns) tuple */
212 memcpy(&t, &ct->tuplehash[IP_CT_DIR_REPLY].tuple, sizeof(t));
213 t.dst.protonum = IPPROTO_GRE;
214 t.src.u.gre.key = htons(ct->help.ct_pptp_info.pac_call_id);
215 t.dst.u.gre.key = htons(ct->help.ct_pptp_info.pns_call_id);
216
217 if (!destroy_sibling_or_exp(&t))
218 DEBUGP("failed to timeout reply pac->pns ct/exp\n");
219}
220
221/* expect GRE connections (PNS->PAC and PAC->PNS direction) */
222static inline int
223exp_gre(struct ip_conntrack *master,
224 u_int32_t seq,
225 __be16 callid,
226 __be16 peer_callid)
227{
228 struct ip_conntrack_tuple inv_tuple;
229 struct ip_conntrack_tuple exp_tuples[] = {
230 /* tuple in original direction, PNS->PAC */
231 { .src = { .ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip,
232 .u = { .gre = { .key = peer_callid } }
233 },
234 .dst = { .ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip,
235 .u = { .gre = { .key = callid } },
236 .protonum = IPPROTO_GRE
237 },
238 },
239 /* tuple in reply direction, PAC->PNS */
240 { .src = { .ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip,
241 .u = { .gre = { .key = callid } }
242 },
243 .dst = { .ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip,
244 .u = { .gre = { .key = peer_callid } },
245 .protonum = IPPROTO_GRE
246 },
247 }
248 };
249 struct ip_conntrack_expect *exp_orig, *exp_reply;
250 int ret = 1;
251
252 exp_orig = ip_conntrack_expect_alloc(master);
253 if (exp_orig == NULL)
254 goto out;
255
256 exp_reply = ip_conntrack_expect_alloc(master);
257 if (exp_reply == NULL)
258 goto out_put_orig;
259
260 memcpy(&exp_orig->tuple, &exp_tuples[0], sizeof(exp_orig->tuple));
261
262 exp_orig->mask.src.ip = 0xffffffff;
263 exp_orig->mask.src.u.all = 0;
264 exp_orig->mask.dst.u.all = 0;
265 exp_orig->mask.dst.u.gre.key = htons(0xffff);
266 exp_orig->mask.dst.ip = 0xffffffff;
267 exp_orig->mask.dst.protonum = 0xff;
268
269 exp_orig->master = master;
270 exp_orig->expectfn = pptp_expectfn;
271 exp_orig->flags = 0;
272
273 exp_orig->dir = IP_CT_DIR_ORIGINAL;
274
275 /* both expectations are identical apart from tuple */
276 memcpy(exp_reply, exp_orig, sizeof(*exp_reply));
277 memcpy(&exp_reply->tuple, &exp_tuples[1], sizeof(exp_reply->tuple));
278
279 exp_reply->dir = !exp_orig->dir;
280
281 if (ip_nat_pptp_hook_exp_gre)
282 ret = ip_nat_pptp_hook_exp_gre(exp_orig, exp_reply);
283 else {
284
285 DEBUGP("calling expect_related PNS->PAC");
286 DUMP_TUPLE(&exp_orig->tuple);
287
288 if (ip_conntrack_expect_related(exp_orig) != 0) {
289 DEBUGP("cannot expect_related()\n");
290 goto out_put_both;
291 }
292
293 DEBUGP("calling expect_related PAC->PNS");
294 DUMP_TUPLE(&exp_reply->tuple);
295
296 if (ip_conntrack_expect_related(exp_reply) != 0) {
297 DEBUGP("cannot expect_related()\n");
298 goto out_unexpect_orig;
299 }
300
301 /* Add GRE keymap entries */
302 if (ip_ct_gre_keymap_add(master, &exp_reply->tuple, 0) != 0) {
303 DEBUGP("cannot keymap_add() exp\n");
304 goto out_unexpect_both;
305 }
306
307 invert_tuplepr(&inv_tuple, &exp_reply->tuple);
308 if (ip_ct_gre_keymap_add(master, &inv_tuple, 1) != 0) {
309 ip_ct_gre_keymap_destroy(master);
310 DEBUGP("cannot keymap_add() exp_inv\n");
311 goto out_unexpect_both;
312 }
313 ret = 0;
314 }
315
316out_put_both:
317 ip_conntrack_expect_put(exp_reply);
318out_put_orig:
319 ip_conntrack_expect_put(exp_orig);
320out:
321 return ret;
322
323out_unexpect_both:
324 ip_conntrack_unexpect_related(exp_reply);
325out_unexpect_orig:
326 ip_conntrack_unexpect_related(exp_orig);
327 goto out_put_both;
328}
329
330static inline int
331pptp_inbound_pkt(struct sk_buff **pskb,
332 struct tcphdr *tcph,
333 unsigned int nexthdr_off,
334 unsigned int datalen,
335 struct ip_conntrack *ct,
336 enum ip_conntrack_info ctinfo)
337{
338 struct PptpControlHeader _ctlh, *ctlh;
339 unsigned int reqlen;
340 union pptp_ctrl_union _pptpReq, *pptpReq;
341 struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
342 u_int16_t msg;
343 __be16 *cid, *pcid;
344 u_int32_t seq;
345
346 ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh);
347 if (!ctlh) {
348 DEBUGP("error during skb_header_pointer\n");
349 return NF_ACCEPT;
350 }
351 nexthdr_off += sizeof(_ctlh);
352 datalen -= sizeof(_ctlh);
353
354 reqlen = datalen;
355 if (reqlen > sizeof(*pptpReq))
356 reqlen = sizeof(*pptpReq);
357 pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq);
358 if (!pptpReq) {
359 DEBUGP("error during skb_header_pointer\n");
360 return NF_ACCEPT;
361 }
362
363 msg = ntohs(ctlh->messageType);
364 DEBUGP("inbound control message %s\n", pptp_msg_name[msg]);
365
366 switch (msg) {
367 case PPTP_START_SESSION_REPLY:
368 if (reqlen < sizeof(_pptpReq.srep)) {
369 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
370 break;
371 }
372
373 /* server confirms new control session */
374 if (info->sstate < PPTP_SESSION_REQUESTED) {
375 DEBUGP("%s without START_SESS_REQUEST\n",
376 pptp_msg_name[msg]);
377 break;
378 }
379 if (pptpReq->srep.resultCode == PPTP_START_OK)
380 info->sstate = PPTP_SESSION_CONFIRMED;
381 else
382 info->sstate = PPTP_SESSION_ERROR;
383 break;
384
385 case PPTP_STOP_SESSION_REPLY:
386 if (reqlen < sizeof(_pptpReq.strep)) {
387 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
388 break;
389 }
390
391 /* server confirms end of control session */
392 if (info->sstate > PPTP_SESSION_STOPREQ) {
393 DEBUGP("%s without STOP_SESS_REQUEST\n",
394 pptp_msg_name[msg]);
395 break;
396 }
397 if (pptpReq->strep.resultCode == PPTP_STOP_OK)
398 info->sstate = PPTP_SESSION_NONE;
399 else
400 info->sstate = PPTP_SESSION_ERROR;
401 break;
402
403 case PPTP_OUT_CALL_REPLY:
404 if (reqlen < sizeof(_pptpReq.ocack)) {
405 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
406 break;
407 }
408
409 /* server accepted call, we now expect GRE frames */
410 if (info->sstate != PPTP_SESSION_CONFIRMED) {
411 DEBUGP("%s but no session\n", pptp_msg_name[msg]);
412 break;
413 }
414 if (info->cstate != PPTP_CALL_OUT_REQ &&
415 info->cstate != PPTP_CALL_OUT_CONF) {
416 DEBUGP("%s without OUTCALL_REQ\n", pptp_msg_name[msg]);
417 break;
418 }
419 if (pptpReq->ocack.resultCode != PPTP_OUTCALL_CONNECT) {
420 info->cstate = PPTP_CALL_NONE;
421 break;
422 }
423
424 cid = &pptpReq->ocack.callID;
425 pcid = &pptpReq->ocack.peersCallID;
426
427 info->pac_call_id = ntohs(*cid);
428
429 if (htons(info->pns_call_id) != *pcid) {
430 DEBUGP("%s for unknown callid %u\n",
431 pptp_msg_name[msg], ntohs(*pcid));
432 break;
433 }
434
435 DEBUGP("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg],
436 ntohs(*cid), ntohs(*pcid));
437
438 info->cstate = PPTP_CALL_OUT_CONF;
439
440 seq = ntohl(tcph->seq) + sizeof(struct pptp_pkt_hdr)
441 + sizeof(struct PptpControlHeader)
442 + ((void *)pcid - (void *)pptpReq);
443
444 if (exp_gre(ct, seq, *cid, *pcid) != 0)
445 printk("ip_conntrack_pptp: error during exp_gre\n");
446 break;
447
448 case PPTP_IN_CALL_REQUEST:
449 if (reqlen < sizeof(_pptpReq.icack)) {
450 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
451 break;
452 }
453
454 /* server tells us about incoming call request */
455 if (info->sstate != PPTP_SESSION_CONFIRMED) {
456 DEBUGP("%s but no session\n", pptp_msg_name[msg]);
457 break;
458 }
459 pcid = &pptpReq->icack.peersCallID;
460 DEBUGP("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(*pcid));
461 info->cstate = PPTP_CALL_IN_REQ;
462 info->pac_call_id = ntohs(*pcid);
463 break;
464
465 case PPTP_IN_CALL_CONNECT:
466 if (reqlen < sizeof(_pptpReq.iccon)) {
467 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
468 break;
469 }
470
471 /* server tells us about incoming call established */
472 if (info->sstate != PPTP_SESSION_CONFIRMED) {
473 DEBUGP("%s but no session\n", pptp_msg_name[msg]);
474 break;
475 }
476 if (info->sstate != PPTP_CALL_IN_REP
477 && info->sstate != PPTP_CALL_IN_CONF) {
478 DEBUGP("%s but never sent IN_CALL_REPLY\n",
479 pptp_msg_name[msg]);
480 break;
481 }
482
483 pcid = &pptpReq->iccon.peersCallID;
484 cid = &info->pac_call_id;
485
486 if (info->pns_call_id != ntohs(*pcid)) {
487 DEBUGP("%s for unknown CallID %u\n",
488 pptp_msg_name[msg], ntohs(*pcid));
489 break;
490 }
491
492 DEBUGP("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(*pcid));
493 info->cstate = PPTP_CALL_IN_CONF;
494
495 /* we expect a GRE connection from PAC to PNS */
496 seq = ntohl(tcph->seq) + sizeof(struct pptp_pkt_hdr)
497 + sizeof(struct PptpControlHeader)
498 + ((void *)pcid - (void *)pptpReq);
499
500 if (exp_gre(ct, seq, *cid, *pcid) != 0)
501 printk("ip_conntrack_pptp: error during exp_gre\n");
502
503 break;
504
505 case PPTP_CALL_DISCONNECT_NOTIFY:
506 if (reqlen < sizeof(_pptpReq.disc)) {
507 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
508 break;
509 }
510
511 /* server confirms disconnect */
512 cid = &pptpReq->disc.callID;
513 DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(*cid));
514 info->cstate = PPTP_CALL_NONE;
515
516 /* untrack this call id, unexpect GRE packets */
517 pptp_destroy_siblings(ct);
518 break;
519
520 case PPTP_WAN_ERROR_NOTIFY:
521 break;
522
523 case PPTP_ECHO_REQUEST:
524 case PPTP_ECHO_REPLY:
525 /* I don't have to explain these ;) */
526 break;
527 default:
528 DEBUGP("invalid %s (TY=%d)\n", (msg <= PPTP_MSG_MAX)
529 ? pptp_msg_name[msg]:pptp_msg_name[0], msg);
530 break;
531 }
532
533
534 if (ip_nat_pptp_hook_inbound)
535 return ip_nat_pptp_hook_inbound(pskb, ct, ctinfo, ctlh,
536 pptpReq);
537
538 return NF_ACCEPT;
539
540}
541
542static inline int
543pptp_outbound_pkt(struct sk_buff **pskb,
544 struct tcphdr *tcph,
545 unsigned int nexthdr_off,
546 unsigned int datalen,
547 struct ip_conntrack *ct,
548 enum ip_conntrack_info ctinfo)
549{
550 struct PptpControlHeader _ctlh, *ctlh;
551 unsigned int reqlen;
552 union pptp_ctrl_union _pptpReq, *pptpReq;
553 struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
554 u_int16_t msg;
555 __be16 *cid, *pcid;
556
557 ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh);
558 if (!ctlh)
559 return NF_ACCEPT;
560 nexthdr_off += sizeof(_ctlh);
561 datalen -= sizeof(_ctlh);
562
563 reqlen = datalen;
564 if (reqlen > sizeof(*pptpReq))
565 reqlen = sizeof(*pptpReq);
566 pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq);
567 if (!pptpReq)
568 return NF_ACCEPT;
569
570 msg = ntohs(ctlh->messageType);
571 DEBUGP("outbound control message %s\n", pptp_msg_name[msg]);
572
573 switch (msg) {
574 case PPTP_START_SESSION_REQUEST:
575 /* client requests for new control session */
576 if (info->sstate != PPTP_SESSION_NONE) {
577 DEBUGP("%s but we already have one",
578 pptp_msg_name[msg]);
579 }
580 info->sstate = PPTP_SESSION_REQUESTED;
581 break;
582 case PPTP_STOP_SESSION_REQUEST:
583 /* client requests end of control session */
584 info->sstate = PPTP_SESSION_STOPREQ;
585 break;
586
587 case PPTP_OUT_CALL_REQUEST:
588 if (reqlen < sizeof(_pptpReq.ocreq)) {
589 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
590 /* FIXME: break; */
591 }
592
593 /* client initiating connection to server */
594 if (info->sstate != PPTP_SESSION_CONFIRMED) {
595 DEBUGP("%s but no session\n",
596 pptp_msg_name[msg]);
597 break;
598 }
599 info->cstate = PPTP_CALL_OUT_REQ;
600 /* track PNS call id */
601 cid = &pptpReq->ocreq.callID;
602 DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(*cid));
603 info->pns_call_id = ntohs(*cid);
604 break;
605 case PPTP_IN_CALL_REPLY:
606 if (reqlen < sizeof(_pptpReq.icack)) {
607 DEBUGP("%s: short packet\n", pptp_msg_name[msg]);
608 break;
609 }
610
611 /* client answers incoming call */
612 if (info->cstate != PPTP_CALL_IN_REQ
613 && info->cstate != PPTP_CALL_IN_REP) {
614 DEBUGP("%s without incall_req\n",
615 pptp_msg_name[msg]);
616 break;
617 }
618 if (pptpReq->icack.resultCode != PPTP_INCALL_ACCEPT) {
619 info->cstate = PPTP_CALL_NONE;
620 break;
621 }
622 pcid = &pptpReq->icack.peersCallID;
623 if (info->pac_call_id != ntohs(*pcid)) {
624 DEBUGP("%s for unknown call %u\n",
625 pptp_msg_name[msg], ntohs(*pcid));
626 break;
627 }
628 DEBUGP("%s, CID=%X\n", pptp_msg_name[msg], ntohs(*pcid));
629 /* part two of the three-way handshake */
630 info->cstate = PPTP_CALL_IN_REP;
631 info->pns_call_id = ntohs(pptpReq->icack.callID);
632 break;
633
634 case PPTP_CALL_CLEAR_REQUEST:
635 /* client requests hangup of call */
636 if (info->sstate != PPTP_SESSION_CONFIRMED) {
637 DEBUGP("CLEAR_CALL but no session\n");
638 break;
639 }
640 /* FUTURE: iterate over all calls and check if
641 * call ID is valid. We don't do this without newnat,
642 * because we only know about last call */
643 info->cstate = PPTP_CALL_CLEAR_REQ;
644 break;
645 case PPTP_SET_LINK_INFO:
646 break;
647 case PPTP_ECHO_REQUEST:
648 case PPTP_ECHO_REPLY:
649 /* I don't have to explain these ;) */
650 break;
651 default:
652 DEBUGP("invalid %s (TY=%d)\n", (msg <= PPTP_MSG_MAX)?
653 pptp_msg_name[msg]:pptp_msg_name[0], msg);
654 /* unknown: no need to create GRE masq table entry */
655 break;
656 }
657
658 if (ip_nat_pptp_hook_outbound)
659 return ip_nat_pptp_hook_outbound(pskb, ct, ctinfo, ctlh,
660 pptpReq);
661
662 return NF_ACCEPT;
663}
664
665
666/* track caller id inside control connection, call expect_related */
667static int
668conntrack_pptp_help(struct sk_buff **pskb,
669 struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
670
671{
672 struct pptp_pkt_hdr _pptph, *pptph;
673 struct tcphdr _tcph, *tcph;
674 u_int32_t tcplen = (*pskb)->len - (*pskb)->nh.iph->ihl * 4;
675 u_int32_t datalen;
676 int dir = CTINFO2DIR(ctinfo);
677 struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
678 unsigned int nexthdr_off;
679
680 int oldsstate, oldcstate;
681 int ret;
682
683 /* don't do any tracking before tcp handshake complete */
684 if (ctinfo != IP_CT_ESTABLISHED
685 && ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) {
686 DEBUGP("ctinfo = %u, skipping\n", ctinfo);
687 return NF_ACCEPT;
688 }
689
690 nexthdr_off = (*pskb)->nh.iph->ihl*4;
691 tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
692 BUG_ON(!tcph);
693 nexthdr_off += tcph->doff * 4;
694 datalen = tcplen - tcph->doff * 4;
695
696 if (tcph->fin || tcph->rst) {
697 DEBUGP("RST/FIN received, timeouting GRE\n");
698 /* can't do this after real newnat */
699 info->cstate = PPTP_CALL_NONE;
700
701 /* untrack this call id, unexpect GRE packets */
702 pptp_destroy_siblings(ct);
703 }
704
705 pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph);
706 if (!pptph) {
707 DEBUGP("no full PPTP header, can't track\n");
708 return NF_ACCEPT;
709 }
710 nexthdr_off += sizeof(_pptph);
711 datalen -= sizeof(_pptph);
712
713 /* if it's not a control message we can't do anything with it */
714 if (ntohs(pptph->packetType) != PPTP_PACKET_CONTROL ||
715 ntohl(pptph->magicCookie) != PPTP_MAGIC_COOKIE) {
716 DEBUGP("not a control packet\n");
717 return NF_ACCEPT;
718 }
719
720 oldsstate = info->sstate;
721 oldcstate = info->cstate;
722
723 spin_lock_bh(&ip_pptp_lock);
724
725 /* FIXME: We just blindly assume that the control connection is always
726 * established from PNS->PAC. However, RFC makes no guarantee */
727 if (dir == IP_CT_DIR_ORIGINAL)
728 /* client -> server (PNS -> PAC) */
729 ret = pptp_outbound_pkt(pskb, tcph, nexthdr_off, datalen, ct,
730 ctinfo);
731 else
732 /* server -> client (PAC -> PNS) */
733 ret = pptp_inbound_pkt(pskb, tcph, nexthdr_off, datalen, ct,
734 ctinfo);
735 DEBUGP("sstate: %d->%d, cstate: %d->%d\n",
736 oldsstate, info->sstate, oldcstate, info->cstate);
737 spin_unlock_bh(&ip_pptp_lock);
738
739 return ret;
740}
741
742/* control protocol helper */
743static struct ip_conntrack_helper pptp = {
744 .list = { NULL, NULL },
745 .name = "pptp",
746 .me = THIS_MODULE,
747 .max_expected = 2,
748 .timeout = 5 * 60,
749 .tuple = { .src = { .ip = 0,
750 .u = { .tcp = { .port =
751 __constant_htons(PPTP_CONTROL_PORT) } }
752 },
753 .dst = { .ip = 0,
754 .u = { .all = 0 },
755 .protonum = IPPROTO_TCP
756 }
757 },
758 .mask = { .src = { .ip = 0,
759 .u = { .tcp = { .port = __constant_htons(0xffff) } }
760 },
761 .dst = { .ip = 0,
762 .u = { .all = 0 },
763 .protonum = 0xff
764 }
765 },
766 .help = conntrack_pptp_help
767};
768
769extern void __exit ip_ct_proto_gre_fini(void);
770extern int __init ip_ct_proto_gre_init(void);
771
772/* ip_conntrack_pptp initialization */
773static int __init init(void)
774{
775 int retcode;
776
777 retcode = ip_ct_proto_gre_init();
778 if (retcode < 0)
779 return retcode;
780
781 DEBUGP(" registering helper\n");
782 if ((retcode = ip_conntrack_helper_register(&pptp))) {
783 printk(KERN_ERR "Unable to register conntrack application "
784 "helper for pptp: %d\n", retcode);
785 ip_ct_proto_gre_fini();
786 return retcode;
787 }
788
789 printk("ip_conntrack_pptp version %s loaded\n", IP_CT_PPTP_VERSION);
790 return 0;
791}
792
793static void __exit fini(void)
794{
795 ip_conntrack_helper_unregister(&pptp);
796 ip_ct_proto_gre_fini();
797 printk("ip_conntrack_pptp version %s unloaded\n", IP_CT_PPTP_VERSION);
798}
799
800module_init(init);
801module_exit(fini);
802
803EXPORT_SYMBOL(ip_nat_pptp_hook_outbound);
804EXPORT_SYMBOL(ip_nat_pptp_hook_inbound);
805EXPORT_SYMBOL(ip_nat_pptp_hook_exp_gre);
806EXPORT_SYMBOL(ip_nat_pptp_hook_expectfn);
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c
index d7a8a98c05e1..15457415a4f3 100644
--- a/net/ipv4/netfilter/ip_conntrack_irc.c
+++ b/net/ipv4/netfilter/ip_conntrack_irc.c
@@ -34,7 +34,7 @@
34#include <linux/moduleparam.h> 34#include <linux/moduleparam.h>
35 35
36#define MAX_PORTS 8 36#define MAX_PORTS 8
37static int ports[MAX_PORTS]; 37static short ports[MAX_PORTS];
38static int ports_c; 38static int ports_c;
39static int max_dcc_channels = 8; 39static int max_dcc_channels = 8;
40static unsigned int dcc_timeout = 300; 40static unsigned int dcc_timeout = 300;
@@ -52,7 +52,7 @@ EXPORT_SYMBOL_GPL(ip_nat_irc_hook);
52MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 52MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
53MODULE_DESCRIPTION("IRC (DCC) connection tracking helper"); 53MODULE_DESCRIPTION("IRC (DCC) connection tracking helper");
54MODULE_LICENSE("GPL"); 54MODULE_LICENSE("GPL");
55module_param_array(ports, int, &ports_c, 0400); 55module_param_array(ports, short, &ports_c, 0400);
56MODULE_PARM_DESC(ports, "port numbers of IRC servers"); 56MODULE_PARM_DESC(ports, "port numbers of IRC servers");
57module_param(max_dcc_channels, int, 0400); 57module_param(max_dcc_channels, int, 0400);
58MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session"); 58MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session");
@@ -240,7 +240,7 @@ static int help(struct sk_buff **pskb,
240} 240}
241 241
242static struct ip_conntrack_helper irc_helpers[MAX_PORTS]; 242static struct ip_conntrack_helper irc_helpers[MAX_PORTS];
243static char irc_names[MAX_PORTS][10]; 243static char irc_names[MAX_PORTS][sizeof("irc-65535")];
244 244
245static void fini(void); 245static void fini(void);
246 246
diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
index bb7246683b74..186646eb249f 100644
--- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
+++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
@@ -23,7 +23,6 @@
23#include <linux/inetdevice.h> 23#include <linux/inetdevice.h>
24#include <linux/in.h> 24#include <linux/in.h>
25#include <linux/ip.h> 25#include <linux/ip.h>
26#include <linux/udp.h>
27#include <net/route.h> 26#include <net/route.h>
28 27
29#include <linux/netfilter.h> 28#include <linux/netfilter.h>
@@ -31,6 +30,8 @@
31#include <linux/netfilter_ipv4/ip_conntrack.h> 30#include <linux/netfilter_ipv4/ip_conntrack.h>
32#include <linux/netfilter_ipv4/ip_conntrack_helper.h> 31#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
33 32
33#define NMBD_PORT 137
34
34MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 35MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
35MODULE_DESCRIPTION("NetBIOS name service broadcast connection tracking helper"); 36MODULE_DESCRIPTION("NetBIOS name service broadcast connection tracking helper");
36MODULE_LICENSE("GPL"); 37MODULE_LICENSE("GPL");
@@ -44,7 +45,6 @@ static int help(struct sk_buff **pskb,
44{ 45{
45 struct ip_conntrack_expect *exp; 46 struct ip_conntrack_expect *exp;
46 struct iphdr *iph = (*pskb)->nh.iph; 47 struct iphdr *iph = (*pskb)->nh.iph;
47 struct udphdr _uh, *uh;
48 struct rtable *rt = (struct rtable *)(*pskb)->dst; 48 struct rtable *rt = (struct rtable *)(*pskb)->dst;
49 struct in_device *in_dev; 49 struct in_device *in_dev;
50 u_int32_t mask = 0; 50 u_int32_t mask = 0;
@@ -58,7 +58,7 @@ static int help(struct sk_buff **pskb,
58 goto out; 58 goto out;
59 59
60 rcu_read_lock(); 60 rcu_read_lock();
61 in_dev = __in_dev_get(rt->u.dst.dev); 61 in_dev = __in_dev_get_rcu(rt->u.dst.dev);
62 if (in_dev != NULL) { 62 if (in_dev != NULL) {
63 for_primary_ifa(in_dev) { 63 for_primary_ifa(in_dev) {
64 if (ifa->ifa_broadcast == iph->daddr) { 64 if (ifa->ifa_broadcast == iph->daddr) {
@@ -72,20 +72,15 @@ static int help(struct sk_buff **pskb,
72 if (mask == 0) 72 if (mask == 0)
73 goto out; 73 goto out;
74 74
75 uh = skb_header_pointer(*pskb, iph->ihl * 4, sizeof(_uh), &_uh);
76 BUG_ON(uh == NULL);
77
78 exp = ip_conntrack_expect_alloc(ct); 75 exp = ip_conntrack_expect_alloc(ct);
79 if (exp == NULL) 76 if (exp == NULL)
80 goto out; 77 goto out;
81 memset(&exp->tuple, 0, sizeof(exp->tuple));
82 exp->tuple.src.ip = iph->daddr & mask;
83 exp->tuple.dst.ip = iph->saddr;
84 exp->tuple.dst.u.udp.port = uh->source;
85 exp->tuple.dst.protonum = IPPROTO_UDP;
86 78
87 memset(&exp->mask, 0, sizeof(exp->mask)); 79 exp->tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
80 exp->tuple.src.u.udp.port = ntohs(NMBD_PORT);
81
88 exp->mask.src.ip = mask; 82 exp->mask.src.ip = mask;
83 exp->mask.src.u.udp.port = 0xFFFF;
89 exp->mask.dst.ip = 0xFFFFFFFF; 84 exp->mask.dst.ip = 0xFFFFFFFF;
90 exp->mask.dst.u.udp.port = 0xFFFF; 85 exp->mask.dst.u.udp.port = 0xFFFF;
91 exp->mask.dst.protonum = 0xFF; 86 exp->mask.dst.protonum = 0xFF;
@@ -96,7 +91,7 @@ static int help(struct sk_buff **pskb,
96 ip_conntrack_expect_related(exp); 91 ip_conntrack_expect_related(exp);
97 ip_conntrack_expect_put(exp); 92 ip_conntrack_expect_put(exp);
98 93
99 ip_ct_refresh_acct(ct, ctinfo, NULL, timeout * HZ); 94 ip_ct_refresh(ct, *pskb, timeout * HZ);
100out: 95out:
101 return NF_ACCEPT; 96 return NF_ACCEPT;
102} 97}
@@ -107,7 +102,7 @@ static struct ip_conntrack_helper helper = {
107 .src = { 102 .src = {
108 .u = { 103 .u = {
109 .udp = { 104 .udp = {
110 .port = __constant_htons(137), 105 .port = __constant_htons(NMBD_PORT),
111 } 106 }
112 } 107 }
113 }, 108 },
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 15aef3564742..b08a432efcf8 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1270,7 +1270,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1270 if (err < 0) 1270 if (err < 0)
1271 return err; 1271 return err;
1272 1272
1273 exp = ip_conntrack_expect_find_get(&tuple); 1273 exp = ip_conntrack_expect_find(&tuple);
1274 if (!exp) 1274 if (!exp)
1275 return -ENOENT; 1275 return -ENOENT;
1276 1276
@@ -1318,7 +1318,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1318 return err; 1318 return err;
1319 1319
1320 /* bump usage count to 2 */ 1320 /* bump usage count to 2 */
1321 exp = ip_conntrack_expect_find_get(&tuple); 1321 exp = ip_conntrack_expect_find(&tuple);
1322 if (!exp) 1322 if (!exp)
1323 return -ENOENT; 1323 return -ENOENT;
1324 1324
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_gre.c b/net/ipv4/netfilter/ip_conntrack_proto_gre.c
new file mode 100644
index 000000000000..744abb9d377a
--- /dev/null
+++ b/net/ipv4/netfilter/ip_conntrack_proto_gre.c
@@ -0,0 +1,328 @@
1/*
2 * ip_conntrack_proto_gre.c - Version 3.0
3 *
4 * Connection tracking protocol helper module for GRE.
5 *
6 * GRE is a generic encapsulation protocol, which is generally not very
7 * suited for NAT, as it has no protocol-specific part as port numbers.
8 *
9 * It has an optional key field, which may help us distinguishing two
10 * connections between the same two hosts.
11 *
12 * GRE is defined in RFC 1701 and RFC 1702, as well as RFC 2784
13 *
14 * PPTP is built on top of a modified version of GRE, and has a mandatory
15 * field called "CallID", which serves us for the same purpose as the key
16 * field in plain GRE.
17 *
18 * Documentation about PPTP can be found in RFC 2637
19 *
20 * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
21 *
22 * Development of this code funded by Astaro AG (http://www.astaro.com/)
23 *
24 */
25
26#include <linux/config.h>
27#include <linux/module.h>
28#include <linux/types.h>
29#include <linux/timer.h>
30#include <linux/netfilter.h>
31#include <linux/ip.h>
32#include <linux/in.h>
33#include <linux/list.h>
34
35static DEFINE_RWLOCK(ip_ct_gre_lock);
36#define ASSERT_READ_LOCK(x)
37#define ASSERT_WRITE_LOCK(x)
38
39#include <linux/netfilter_ipv4/listhelp.h>
40#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
41#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
42#include <linux/netfilter_ipv4/ip_conntrack_core.h>
43
44#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
45#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
46
47MODULE_LICENSE("GPL");
48MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
49MODULE_DESCRIPTION("netfilter connection tracking protocol helper for GRE");
50
51/* shamelessly stolen from ip_conntrack_proto_udp.c */
52#define GRE_TIMEOUT (30*HZ)
53#define GRE_STREAM_TIMEOUT (180*HZ)
54
55#if 0
56#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args)
57#define DUMP_TUPLE_GRE(x) printk("%u.%u.%u.%u:0x%x -> %u.%u.%u.%u:0x%x\n", \
58 NIPQUAD((x)->src.ip), ntohs((x)->src.u.gre.key), \
59 NIPQUAD((x)->dst.ip), ntohs((x)->dst.u.gre.key))
60#else
61#define DEBUGP(x, args...)
62#define DUMP_TUPLE_GRE(x)
63#endif
64
65/* GRE KEYMAP HANDLING FUNCTIONS */
66static LIST_HEAD(gre_keymap_list);
67
68static inline int gre_key_cmpfn(const struct ip_ct_gre_keymap *km,
69 const struct ip_conntrack_tuple *t)
70{
71 return ((km->tuple.src.ip == t->src.ip) &&
72 (km->tuple.dst.ip == t->dst.ip) &&
73 (km->tuple.dst.protonum == t->dst.protonum) &&
74 (km->tuple.dst.u.all == t->dst.u.all));
75}
76
77/* look up the source key for a given tuple */
78static u_int32_t gre_keymap_lookup(struct ip_conntrack_tuple *t)
79{
80 struct ip_ct_gre_keymap *km;
81 u_int32_t key = 0;
82
83 read_lock_bh(&ip_ct_gre_lock);
84 km = LIST_FIND(&gre_keymap_list, gre_key_cmpfn,
85 struct ip_ct_gre_keymap *, t);
86 if (km)
87 key = km->tuple.src.u.gre.key;
88 read_unlock_bh(&ip_ct_gre_lock);
89
90 DEBUGP("lookup src key 0x%x up key for ", key);
91 DUMP_TUPLE_GRE(t);
92
93 return key;
94}
95
96/* add a single keymap entry, associate with specified master ct */
97int
98ip_ct_gre_keymap_add(struct ip_conntrack *ct,
99 struct ip_conntrack_tuple *t, int reply)
100{
101 struct ip_ct_gre_keymap **exist_km, *km, *old;
102
103 if (!ct->helper || strcmp(ct->helper->name, "pptp")) {
104 DEBUGP("refusing to add GRE keymap to non-pptp session\n");
105 return -1;
106 }
107
108 if (!reply)
109 exist_km = &ct->help.ct_pptp_info.keymap_orig;
110 else
111 exist_km = &ct->help.ct_pptp_info.keymap_reply;
112
113 if (*exist_km) {
114 /* check whether it's a retransmission */
115 old = LIST_FIND(&gre_keymap_list, gre_key_cmpfn,
116 struct ip_ct_gre_keymap *, t);
117 if (old == *exist_km) {
118 DEBUGP("retransmission\n");
119 return 0;
120 }
121
122 DEBUGP("trying to override keymap_%s for ct %p\n",
123 reply? "reply":"orig", ct);
124 return -EEXIST;
125 }
126
127 km = kmalloc(sizeof(*km), GFP_ATOMIC);
128 if (!km)
129 return -ENOMEM;
130
131 memcpy(&km->tuple, t, sizeof(*t));
132 *exist_km = km;
133
134 DEBUGP("adding new entry %p: ", km);
135 DUMP_TUPLE_GRE(&km->tuple);
136
137 write_lock_bh(&ip_ct_gre_lock);
138 list_append(&gre_keymap_list, km);
139 write_unlock_bh(&ip_ct_gre_lock);
140
141 return 0;
142}
143
144/* destroy the keymap entries associated with specified master ct */
145void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct)
146{
147 DEBUGP("entering for ct %p\n", ct);
148
149 if (!ct->helper || strcmp(ct->helper->name, "pptp")) {
150 DEBUGP("refusing to destroy GRE keymap to non-pptp session\n");
151 return;
152 }
153
154 write_lock_bh(&ip_ct_gre_lock);
155 if (ct->help.ct_pptp_info.keymap_orig) {
156 DEBUGP("removing %p from list\n",
157 ct->help.ct_pptp_info.keymap_orig);
158 list_del(&ct->help.ct_pptp_info.keymap_orig->list);
159 kfree(ct->help.ct_pptp_info.keymap_orig);
160 ct->help.ct_pptp_info.keymap_orig = NULL;
161 }
162 if (ct->help.ct_pptp_info.keymap_reply) {
163 DEBUGP("removing %p from list\n",
164 ct->help.ct_pptp_info.keymap_reply);
165 list_del(&ct->help.ct_pptp_info.keymap_reply->list);
166 kfree(ct->help.ct_pptp_info.keymap_reply);
167 ct->help.ct_pptp_info.keymap_reply = NULL;
168 }
169 write_unlock_bh(&ip_ct_gre_lock);
170}
171
172
173/* PUBLIC CONNTRACK PROTO HELPER FUNCTIONS */
174
175/* invert gre part of tuple */
176static int gre_invert_tuple(struct ip_conntrack_tuple *tuple,
177 const struct ip_conntrack_tuple *orig)
178{
179 tuple->dst.u.gre.key = orig->src.u.gre.key;
180 tuple->src.u.gre.key = orig->dst.u.gre.key;
181
182 return 1;
183}
184
185/* gre hdr info to tuple */
186static int gre_pkt_to_tuple(const struct sk_buff *skb,
187 unsigned int dataoff,
188 struct ip_conntrack_tuple *tuple)
189{
190 struct gre_hdr_pptp _pgrehdr, *pgrehdr;
191 u_int32_t srckey;
192 struct gre_hdr _grehdr, *grehdr;
193
194 /* first only delinearize old RFC1701 GRE header */
195 grehdr = skb_header_pointer(skb, dataoff, sizeof(_grehdr), &_grehdr);
196 if (!grehdr || grehdr->version != GRE_VERSION_PPTP) {
197 /* try to behave like "ip_conntrack_proto_generic" */
198 tuple->src.u.all = 0;
199 tuple->dst.u.all = 0;
200 return 1;
201 }
202
203 /* PPTP header is variable length, only need up to the call_id field */
204 pgrehdr = skb_header_pointer(skb, dataoff, 8, &_pgrehdr);
205 if (!pgrehdr)
206 return 1;
207
208 if (ntohs(grehdr->protocol) != GRE_PROTOCOL_PPTP) {
209 DEBUGP("GRE_VERSION_PPTP but unknown proto\n");
210 return 0;
211 }
212
213 tuple->dst.u.gre.key = pgrehdr->call_id;
214 srckey = gre_keymap_lookup(tuple);
215 tuple->src.u.gre.key = srckey;
216
217 return 1;
218}
219
220/* print gre part of tuple */
221static int gre_print_tuple(struct seq_file *s,
222 const struct ip_conntrack_tuple *tuple)
223{
224 return seq_printf(s, "srckey=0x%x dstkey=0x%x ",
225 ntohs(tuple->src.u.gre.key),
226 ntohs(tuple->dst.u.gre.key));
227}
228
229/* print private data for conntrack */
230static int gre_print_conntrack(struct seq_file *s,
231 const struct ip_conntrack *ct)
232{
233 return seq_printf(s, "timeout=%u, stream_timeout=%u ",
234 (ct->proto.gre.timeout / HZ),
235 (ct->proto.gre.stream_timeout / HZ));
236}
237
238/* Returns verdict for packet, and may modify conntrack */
239static int gre_packet(struct ip_conntrack *ct,
240 const struct sk_buff *skb,
241 enum ip_conntrack_info conntrackinfo)
242{
243 /* If we've seen traffic both ways, this is a GRE connection.
244 * Extend timeout. */
245 if (ct->status & IPS_SEEN_REPLY) {
246 ip_ct_refresh_acct(ct, conntrackinfo, skb,
247 ct->proto.gre.stream_timeout);
248 /* Also, more likely to be important, and not a probe. */
249 set_bit(IPS_ASSURED_BIT, &ct->status);
250 ip_conntrack_event_cache(IPCT_STATUS, skb);
251 } else
252 ip_ct_refresh_acct(ct, conntrackinfo, skb,
253 ct->proto.gre.timeout);
254
255 return NF_ACCEPT;
256}
257
258/* Called when a new connection for this protocol found. */
259static int gre_new(struct ip_conntrack *ct,
260 const struct sk_buff *skb)
261{
262 DEBUGP(": ");
263 DUMP_TUPLE_GRE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
264
265 /* initialize to sane value. Ideally a conntrack helper
266 * (e.g. in case of pptp) is increasing them */
267 ct->proto.gre.stream_timeout = GRE_STREAM_TIMEOUT;
268 ct->proto.gre.timeout = GRE_TIMEOUT;
269
270 return 1;
271}
272
273/* Called when a conntrack entry has already been removed from the hashes
274 * and is about to be deleted from memory */
275static void gre_destroy(struct ip_conntrack *ct)
276{
277 struct ip_conntrack *master = ct->master;
278 DEBUGP(" entering\n");
279
280 if (!master)
281 DEBUGP("no master !?!\n");
282 else
283 ip_ct_gre_keymap_destroy(master);
284}
285
286/* protocol helper struct */
287static struct ip_conntrack_protocol gre = {
288 .proto = IPPROTO_GRE,
289 .name = "gre",
290 .pkt_to_tuple = gre_pkt_to_tuple,
291 .invert_tuple = gre_invert_tuple,
292 .print_tuple = gre_print_tuple,
293 .print_conntrack = gre_print_conntrack,
294 .packet = gre_packet,
295 .new = gre_new,
296 .destroy = gre_destroy,
297 .me = THIS_MODULE,
298#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
299 defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
300 .tuple_to_nfattr = ip_ct_port_tuple_to_nfattr,
301 .nfattr_to_tuple = ip_ct_port_nfattr_to_tuple,
302#endif
303};
304
305/* ip_conntrack_proto_gre initialization */
306int __init ip_ct_proto_gre_init(void)
307{
308 return ip_conntrack_protocol_register(&gre);
309}
310
311void __exit ip_ct_proto_gre_fini(void)
312{
313 struct list_head *pos, *n;
314
315 /* delete all keymap entries */
316 write_lock_bh(&ip_ct_gre_lock);
317 list_for_each_safe(pos, n, &gre_keymap_list) {
318 DEBUGP("deleting keymap %p at module unload time\n", pos);
319 list_del(pos);
320 kfree(pos);
321 }
322 write_unlock_bh(&ip_ct_gre_lock);
323
324 ip_conntrack_protocol_unregister(&gre);
325}
326
327EXPORT_SYMBOL(ip_ct_gre_keymap_add);
328EXPORT_SYMBOL(ip_ct_gre_keymap_destroy);
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index a875f35e576d..59a4a0111dd3 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -416,6 +416,7 @@ static int sctp_packet(struct ip_conntrack *conntrack,
416 && newconntrack == SCTP_CONNTRACK_ESTABLISHED) { 416 && newconntrack == SCTP_CONNTRACK_ESTABLISHED) {
417 DEBUGP("Setting assured bit\n"); 417 DEBUGP("Setting assured bit\n");
418 set_bit(IPS_ASSURED_BIT, &conntrack->status); 418 set_bit(IPS_ASSURED_BIT, &conntrack->status);
419 ip_conntrack_event_cache(IPCT_STATUS, skb);
419 } 420 }
420 421
421 return NF_ACCEPT; 422 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 1985abc59d24..121760d6cc50 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -1014,7 +1014,8 @@ static int tcp_packet(struct ip_conntrack *conntrack,
1014 /* Set ASSURED if we see see valid ack in ESTABLISHED 1014 /* Set ASSURED if we see see valid ack in ESTABLISHED
1015 after SYN_RECV or a valid answer for a picked up 1015 after SYN_RECV or a valid answer for a picked up
1016 connection. */ 1016 connection. */
1017 set_bit(IPS_ASSURED_BIT, &conntrack->status); 1017 set_bit(IPS_ASSURED_BIT, &conntrack->status);
1018 ip_conntrack_event_cache(IPCT_STATUS, skb);
1018 } 1019 }
1019 ip_ct_refresh_acct(conntrack, ctinfo, skb, timeout); 1020 ip_ct_refresh_acct(conntrack, ctinfo, skb, timeout);
1020 1021
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index ae3e3e655db5..dd476b191f4b 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -989,15 +989,15 @@ EXPORT_SYMBOL(need_ip_conntrack);
989EXPORT_SYMBOL(ip_conntrack_helper_register); 989EXPORT_SYMBOL(ip_conntrack_helper_register);
990EXPORT_SYMBOL(ip_conntrack_helper_unregister); 990EXPORT_SYMBOL(ip_conntrack_helper_unregister);
991EXPORT_SYMBOL(ip_ct_iterate_cleanup); 991EXPORT_SYMBOL(ip_ct_iterate_cleanup);
992EXPORT_SYMBOL(ip_ct_refresh_acct); 992EXPORT_SYMBOL(__ip_ct_refresh_acct);
993 993
994EXPORT_SYMBOL(ip_conntrack_expect_alloc); 994EXPORT_SYMBOL(ip_conntrack_expect_alloc);
995EXPORT_SYMBOL(ip_conntrack_expect_put); 995EXPORT_SYMBOL(ip_conntrack_expect_put);
996EXPORT_SYMBOL_GPL(ip_conntrack_expect_find_get); 996EXPORT_SYMBOL_GPL(__ip_conntrack_expect_find);
997EXPORT_SYMBOL_GPL(ip_conntrack_expect_find);
997EXPORT_SYMBOL(ip_conntrack_expect_related); 998EXPORT_SYMBOL(ip_conntrack_expect_related);
998EXPORT_SYMBOL(ip_conntrack_unexpect_related); 999EXPORT_SYMBOL(ip_conntrack_unexpect_related);
999EXPORT_SYMBOL_GPL(ip_conntrack_expect_list); 1000EXPORT_SYMBOL_GPL(ip_conntrack_expect_list);
1000EXPORT_SYMBOL_GPL(__ip_conntrack_expect_find);
1001EXPORT_SYMBOL_GPL(ip_ct_unlink_expect); 1001EXPORT_SYMBOL_GPL(ip_ct_unlink_expect);
1002 1002
1003EXPORT_SYMBOL(ip_conntrack_tuple_taken); 1003EXPORT_SYMBOL(ip_conntrack_tuple_taken);
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c
index d2b590533452..a78736b8525d 100644
--- a/net/ipv4/netfilter/ip_conntrack_tftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_tftp.c
@@ -26,9 +26,9 @@ MODULE_DESCRIPTION("tftp connection tracking helper");
26MODULE_LICENSE("GPL"); 26MODULE_LICENSE("GPL");
27 27
28#define MAX_PORTS 8 28#define MAX_PORTS 8
29static int ports[MAX_PORTS]; 29static short ports[MAX_PORTS];
30static int ports_c; 30static int ports_c;
31module_param_array(ports, int, &ports_c, 0400); 31module_param_array(ports, short, &ports_c, 0400);
32MODULE_PARM_DESC(ports, "port numbers of tftp servers"); 32MODULE_PARM_DESC(ports, "port numbers of tftp servers");
33 33
34#if 0 34#if 0
@@ -100,7 +100,7 @@ static int tftp_help(struct sk_buff **pskb,
100} 100}
101 101
102static struct ip_conntrack_helper tftp[MAX_PORTS]; 102static struct ip_conntrack_helper tftp[MAX_PORTS];
103static char tftp_names[MAX_PORTS][10]; 103static char tftp_names[MAX_PORTS][sizeof("tftp-65535")];
104 104
105static void fini(void) 105static void fini(void)
106{ 106{
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index 1adedb743f60..c5e3abd24672 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -74,12 +74,14 @@ ip_nat_proto_find_get(u_int8_t protonum)
74 74
75 return p; 75 return p;
76} 76}
77EXPORT_SYMBOL_GPL(ip_nat_proto_find_get);
77 78
78void 79void
79ip_nat_proto_put(struct ip_nat_protocol *p) 80ip_nat_proto_put(struct ip_nat_protocol *p)
80{ 81{
81 module_put(p->me); 82 module_put(p->me);
82} 83}
84EXPORT_SYMBOL_GPL(ip_nat_proto_put);
83 85
84/* We keep an extra hash for each conntrack, for fast searching. */ 86/* We keep an extra hash for each conntrack, for fast searching. */
85static inline unsigned int 87static inline unsigned int
@@ -111,6 +113,7 @@ ip_nat_cheat_check(u_int32_t oldvalinv, u_int32_t newval, u_int16_t oldcheck)
111 return csum_fold(csum_partial((char *)diffs, sizeof(diffs), 113 return csum_fold(csum_partial((char *)diffs, sizeof(diffs),
112 oldcheck^0xFFFF)); 114 oldcheck^0xFFFF));
113} 115}
116EXPORT_SYMBOL(ip_nat_cheat_check);
114 117
115/* Is this tuple already taken? (not by us) */ 118/* Is this tuple already taken? (not by us) */
116int 119int
@@ -127,6 +130,7 @@ ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
127 invert_tuplepr(&reply, tuple); 130 invert_tuplepr(&reply, tuple);
128 return ip_conntrack_tuple_taken(&reply, ignored_conntrack); 131 return ip_conntrack_tuple_taken(&reply, ignored_conntrack);
129} 132}
133EXPORT_SYMBOL(ip_nat_used_tuple);
130 134
131/* If we source map this tuple so reply looks like reply_tuple, will 135/* If we source map this tuple so reply looks like reply_tuple, will
132 * that meet the constraints of range. */ 136 * that meet the constraints of range. */
@@ -347,6 +351,7 @@ ip_nat_setup_info(struct ip_conntrack *conntrack,
347 351
348 return NF_ACCEPT; 352 return NF_ACCEPT;
349} 353}
354EXPORT_SYMBOL(ip_nat_setup_info);
350 355
351/* Returns true if succeeded. */ 356/* Returns true if succeeded. */
352static int 357static int
@@ -387,10 +392,10 @@ manip_pkt(u_int16_t proto,
387} 392}
388 393
389/* Do packet manipulations according to ip_nat_setup_info. */ 394/* Do packet manipulations according to ip_nat_setup_info. */
390unsigned int nat_packet(struct ip_conntrack *ct, 395unsigned int ip_nat_packet(struct ip_conntrack *ct,
391 enum ip_conntrack_info ctinfo, 396 enum ip_conntrack_info ctinfo,
392 unsigned int hooknum, 397 unsigned int hooknum,
393 struct sk_buff **pskb) 398 struct sk_buff **pskb)
394{ 399{
395 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 400 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
396 unsigned long statusbit; 401 unsigned long statusbit;
@@ -417,12 +422,13 @@ unsigned int nat_packet(struct ip_conntrack *ct,
417 } 422 }
418 return NF_ACCEPT; 423 return NF_ACCEPT;
419} 424}
425EXPORT_SYMBOL_GPL(ip_nat_packet);
420 426
421/* Dir is direction ICMP is coming from (opposite to packet it contains) */ 427/* Dir is direction ICMP is coming from (opposite to packet it contains) */
422int icmp_reply_translation(struct sk_buff **pskb, 428int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
423 struct ip_conntrack *ct, 429 struct ip_conntrack *ct,
424 enum ip_nat_manip_type manip, 430 enum ip_nat_manip_type manip,
425 enum ip_conntrack_dir dir) 431 enum ip_conntrack_dir dir)
426{ 432{
427 struct { 433 struct {
428 struct icmphdr icmp; 434 struct icmphdr icmp;
@@ -509,6 +515,7 @@ int icmp_reply_translation(struct sk_buff **pskb,
509 515
510 return 1; 516 return 1;
511} 517}
518EXPORT_SYMBOL_GPL(ip_nat_icmp_reply_translation);
512 519
513/* Protocol registration. */ 520/* Protocol registration. */
514int ip_nat_protocol_register(struct ip_nat_protocol *proto) 521int ip_nat_protocol_register(struct ip_nat_protocol *proto)
@@ -525,6 +532,7 @@ int ip_nat_protocol_register(struct ip_nat_protocol *proto)
525 write_unlock_bh(&ip_nat_lock); 532 write_unlock_bh(&ip_nat_lock);
526 return ret; 533 return ret;
527} 534}
535EXPORT_SYMBOL(ip_nat_protocol_register);
528 536
529/* Noone stores the protocol anywhere; simply delete it. */ 537/* Noone stores the protocol anywhere; simply delete it. */
530void ip_nat_protocol_unregister(struct ip_nat_protocol *proto) 538void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
@@ -536,6 +544,7 @@ void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
536 /* Someone could be still looking at the proto in a bh. */ 544 /* Someone could be still looking at the proto in a bh. */
537 synchronize_net(); 545 synchronize_net();
538} 546}
547EXPORT_SYMBOL(ip_nat_protocol_unregister);
539 548
540#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ 549#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
541 defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) 550 defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
@@ -578,9 +587,11 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range)
578 587
579 return ret; 588 return ret;
580} 589}
590EXPORT_SYMBOL_GPL(ip_nat_port_nfattr_to_range);
591EXPORT_SYMBOL_GPL(ip_nat_port_range_to_nfattr);
581#endif 592#endif
582 593
583int __init ip_nat_init(void) 594static int __init ip_nat_init(void)
584{ 595{
585 size_t i; 596 size_t i;
586 597
@@ -622,10 +633,14 @@ static int clean_nat(struct ip_conntrack *i, void *data)
622 return 0; 633 return 0;
623} 634}
624 635
625/* Not __exit: called from ip_nat_standalone.c:init_or_cleanup() --RR */ 636static void __exit ip_nat_cleanup(void)
626void ip_nat_cleanup(void)
627{ 637{
628 ip_ct_iterate_cleanup(&clean_nat, NULL); 638 ip_ct_iterate_cleanup(&clean_nat, NULL);
629 ip_conntrack_destroyed = NULL; 639 ip_conntrack_destroyed = NULL;
630 vfree(bysource); 640 vfree(bysource);
631} 641}
642
643MODULE_LICENSE("GPL");
644
645module_init(ip_nat_init);
646module_exit(ip_nat_cleanup);
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
index d2dd5d313556..5d506e0564d5 100644
--- a/net/ipv4/netfilter/ip_nat_helper.c
+++ b/net/ipv4/netfilter/ip_nat_helper.c
@@ -199,6 +199,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
199 } 199 }
200 return 1; 200 return 1;
201} 201}
202EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
202 203
203/* Generic function for mangling variable-length address changes inside 204/* Generic function for mangling variable-length address changes inside
204 * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX 205 * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX
@@ -256,6 +257,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
256 257
257 return 1; 258 return 1;
258} 259}
260EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
259 261
260/* Adjust one found SACK option including checksum correction */ 262/* Adjust one found SACK option including checksum correction */
261static void 263static void
@@ -399,6 +401,7 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
399 401
400 return 1; 402 return 1;
401} 403}
404EXPORT_SYMBOL(ip_nat_seq_adjust);
402 405
403/* Setup NAT on this expected conntrack so it follows master. */ 406/* Setup NAT on this expected conntrack so it follows master. */
404/* If we fail to get a free NAT slot, we'll get dropped on confirm */ 407/* If we fail to get a free NAT slot, we'll get dropped on confirm */
@@ -425,3 +428,4 @@ void ip_nat_follow_master(struct ip_conntrack *ct,
425 /* hook doesn't matter, but it has to do destination manip */ 428 /* hook doesn't matter, but it has to do destination manip */
426 ip_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 429 ip_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
427} 430}
431EXPORT_SYMBOL(ip_nat_follow_master);
diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c
new file mode 100644
index 000000000000..3cdd0684d30d
--- /dev/null
+++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c
@@ -0,0 +1,401 @@
1/*
2 * ip_nat_pptp.c - Version 3.0
3 *
4 * NAT support for PPTP (Point to Point Tunneling Protocol).
5 * PPTP is a a protocol for creating virtual private networks.
6 * It is a specification defined by Microsoft and some vendors
7 * working with Microsoft. PPTP is built on top of a modified
8 * version of the Internet Generic Routing Encapsulation Protocol.
9 * GRE is defined in RFC 1701 and RFC 1702. Documentation of
10 * PPTP can be found in RFC 2637
11 *
12 * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
13 *
14 * Development of this code funded by Astaro AG (http://www.astaro.com/)
15 *
16 * TODO: - NAT to a unique tuple, not to TCP source port
17 * (needs netfilter tuple reservation)
18 *
19 * Changes:
20 * 2002-02-10 - Version 1.3
21 * - Use ip_nat_mangle_tcp_packet() because of cloned skb's
22 * in local connections (Philip Craig <philipc@snapgear.com>)
23 * - add checks for magicCookie and pptp version
24 * - make argument list of pptp_{out,in}bound_packet() shorter
25 * - move to C99 style initializers
26 * - print version number at module loadtime
27 * 2003-09-22 - Version 1.5
28 * - use SNATed tcp sourceport as callid, since we get called before
29 * TCP header is mangled (Philip Craig <philipc@snapgear.com>)
30 * 2004-10-22 - Version 2.0
31 * - kernel 2.6.x version
32 * 2005-06-10 - Version 3.0
33 * - kernel >= 2.6.11 version,
34 * funded by Oxcoda NetBox Blue (http://www.netboxblue.com/)
35 *
36 */
37
38#include <linux/config.h>
39#include <linux/module.h>
40#include <linux/ip.h>
41#include <linux/tcp.h>
42#include <net/tcp.h>
43
44#include <linux/netfilter_ipv4/ip_nat.h>
45#include <linux/netfilter_ipv4/ip_nat_rule.h>
46#include <linux/netfilter_ipv4/ip_nat_helper.h>
47#include <linux/netfilter_ipv4/ip_nat_pptp.h>
48#include <linux/netfilter_ipv4/ip_conntrack_core.h>
49#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
50#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
51#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
52
53#define IP_NAT_PPTP_VERSION "3.0"
54
55MODULE_LICENSE("GPL");
56MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
57MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP");
58
59
60#if 0
61extern const char *pptp_msg_name[];
62#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, \
63 __FUNCTION__, ## args)
64#else
65#define DEBUGP(format, args...)
66#endif
67
68static void pptp_nat_expected(struct ip_conntrack *ct,
69 struct ip_conntrack_expect *exp)
70{
71 struct ip_conntrack *master = ct->master;
72 struct ip_conntrack_expect *other_exp;
73 struct ip_conntrack_tuple t;
74 struct ip_ct_pptp_master *ct_pptp_info;
75 struct ip_nat_pptp *nat_pptp_info;
76
77 ct_pptp_info = &master->help.ct_pptp_info;
78 nat_pptp_info = &master->nat.help.nat_pptp_info;
79
80 /* And here goes the grand finale of corrosion... */
81
82 if (exp->dir == IP_CT_DIR_ORIGINAL) {
83 DEBUGP("we are PNS->PAC\n");
84 /* therefore, build tuple for PAC->PNS */
85 t.src.ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
86 t.src.u.gre.key = htons(master->help.ct_pptp_info.pac_call_id);
87 t.dst.ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
88 t.dst.u.gre.key = htons(master->help.ct_pptp_info.pns_call_id);
89 t.dst.protonum = IPPROTO_GRE;
90 } else {
91 DEBUGP("we are PAC->PNS\n");
92 /* build tuple for PNS->PAC */
93 t.src.ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
94 t.src.u.gre.key =
95 htons(master->nat.help.nat_pptp_info.pns_call_id);
96 t.dst.ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
97 t.dst.u.gre.key =
98 htons(master->nat.help.nat_pptp_info.pac_call_id);
99 t.dst.protonum = IPPROTO_GRE;
100 }
101
102 DEBUGP("trying to unexpect other dir: ");
103 DUMP_TUPLE(&t);
104 other_exp = ip_conntrack_expect_find(&t);
105 if (other_exp) {
106 ip_conntrack_unexpect_related(other_exp);
107 ip_conntrack_expect_put(other_exp);
108 DEBUGP("success\n");
109 } else {
110 DEBUGP("not found!\n");
111 }
112
113 ip_nat_follow_master(ct, exp);
114}
115
116/* outbound packets == from PNS to PAC */
117static int
118pptp_outbound_pkt(struct sk_buff **pskb,
119 struct ip_conntrack *ct,
120 enum ip_conntrack_info ctinfo,
121 struct PptpControlHeader *ctlh,
122 union pptp_ctrl_union *pptpReq)
123
124{
125 struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info;
126 struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
127
128 u_int16_t msg, *cid = NULL, new_callid;
129
130 new_callid = htons(ct_pptp_info->pns_call_id);
131
132 switch (msg = ntohs(ctlh->messageType)) {
133 case PPTP_OUT_CALL_REQUEST:
134 cid = &pptpReq->ocreq.callID;
135 /* FIXME: ideally we would want to reserve a call ID
136 * here. current netfilter NAT core is not able to do
137 * this :( For now we use TCP source port. This breaks
138 * multiple calls within one control session */
139
140 /* save original call ID in nat_info */
141 nat_pptp_info->pns_call_id = ct_pptp_info->pns_call_id;
142
143 /* don't use tcph->source since we are at a DSTmanip
144 * hook (e.g. PREROUTING) and pkt is not mangled yet */
145 new_callid = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.tcp.port;
146
147 /* save new call ID in ct info */
148 ct_pptp_info->pns_call_id = ntohs(new_callid);
149 break;
150 case PPTP_IN_CALL_REPLY:
151 cid = &pptpReq->icreq.callID;
152 break;
153 case PPTP_CALL_CLEAR_REQUEST:
154 cid = &pptpReq->clrreq.callID;
155 break;
156 default:
157 DEBUGP("unknown outbound packet 0x%04x:%s\n", msg,
158 (msg <= PPTP_MSG_MAX)?
159 pptp_msg_name[msg]:pptp_msg_name[0]);
160 /* fall through */
161
162 case PPTP_SET_LINK_INFO:
163 /* only need to NAT in case PAC is behind NAT box */
164 case PPTP_START_SESSION_REQUEST:
165 case PPTP_START_SESSION_REPLY:
166 case PPTP_STOP_SESSION_REQUEST:
167 case PPTP_STOP_SESSION_REPLY:
168 case PPTP_ECHO_REQUEST:
169 case PPTP_ECHO_REPLY:
170 /* no need to alter packet */
171 return NF_ACCEPT;
172 }
173
174 /* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass
175 * down to here */
176
177 IP_NF_ASSERT(cid);
178
179 DEBUGP("altering call id from 0x%04x to 0x%04x\n",
180 ntohs(*cid), ntohs(new_callid));
181
182 /* mangle packet */
183 if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
184 (void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)),
185 sizeof(new_callid),
186 (char *)&new_callid,
187 sizeof(new_callid)) == 0)
188 return NF_DROP;
189
190 return NF_ACCEPT;
191}
192
193static int
194pptp_exp_gre(struct ip_conntrack_expect *expect_orig,
195 struct ip_conntrack_expect *expect_reply)
196{
197 struct ip_ct_pptp_master *ct_pptp_info =
198 &expect_orig->master->help.ct_pptp_info;
199 struct ip_nat_pptp *nat_pptp_info =
200 &expect_orig->master->nat.help.nat_pptp_info;
201
202 struct ip_conntrack *ct = expect_orig->master;
203
204 struct ip_conntrack_tuple inv_t;
205 struct ip_conntrack_tuple *orig_t, *reply_t;
206
207 /* save original PAC call ID in nat_info */
208 nat_pptp_info->pac_call_id = ct_pptp_info->pac_call_id;
209
210 /* alter expectation */
211 orig_t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
212 reply_t = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
213
214 /* alter expectation for PNS->PAC direction */
215 invert_tuplepr(&inv_t, &expect_orig->tuple);
216 expect_orig->saved_proto.gre.key = htons(nat_pptp_info->pac_call_id);
217 expect_orig->tuple.src.u.gre.key = htons(nat_pptp_info->pns_call_id);
218 expect_orig->tuple.dst.u.gre.key = htons(ct_pptp_info->pac_call_id);
219 inv_t.src.ip = reply_t->src.ip;
220 inv_t.dst.ip = reply_t->dst.ip;
221 inv_t.src.u.gre.key = htons(nat_pptp_info->pac_call_id);
222 inv_t.dst.u.gre.key = htons(ct_pptp_info->pns_call_id);
223
224 if (!ip_conntrack_expect_related(expect_orig)) {
225 DEBUGP("successfully registered expect\n");
226 } else {
227 DEBUGP("can't expect_related(expect_orig)\n");
228 return 1;
229 }
230
231 /* alter expectation for PAC->PNS direction */
232 invert_tuplepr(&inv_t, &expect_reply->tuple);
233 expect_reply->saved_proto.gre.key = htons(nat_pptp_info->pns_call_id);
234 expect_reply->tuple.src.u.gre.key = htons(nat_pptp_info->pac_call_id);
235 expect_reply->tuple.dst.u.gre.key = htons(ct_pptp_info->pns_call_id);
236 inv_t.src.ip = orig_t->src.ip;
237 inv_t.dst.ip = orig_t->dst.ip;
238 inv_t.src.u.gre.key = htons(nat_pptp_info->pns_call_id);
239 inv_t.dst.u.gre.key = htons(ct_pptp_info->pac_call_id);
240
241 if (!ip_conntrack_expect_related(expect_reply)) {
242 DEBUGP("successfully registered expect\n");
243 } else {
244 DEBUGP("can't expect_related(expect_reply)\n");
245 ip_conntrack_unexpect_related(expect_orig);
246 return 1;
247 }
248
249 if (ip_ct_gre_keymap_add(ct, &expect_reply->tuple, 0) < 0) {
250 DEBUGP("can't register original keymap\n");
251 ip_conntrack_unexpect_related(expect_orig);
252 ip_conntrack_unexpect_related(expect_reply);
253 return 1;
254 }
255
256 if (ip_ct_gre_keymap_add(ct, &inv_t, 1) < 0) {
257 DEBUGP("can't register reply keymap\n");
258 ip_conntrack_unexpect_related(expect_orig);
259 ip_conntrack_unexpect_related(expect_reply);
260 ip_ct_gre_keymap_destroy(ct);
261 return 1;
262 }
263
264 return 0;
265}
266
267/* inbound packets == from PAC to PNS */
268static int
269pptp_inbound_pkt(struct sk_buff **pskb,
270 struct ip_conntrack *ct,
271 enum ip_conntrack_info ctinfo,
272 struct PptpControlHeader *ctlh,
273 union pptp_ctrl_union *pptpReq)
274{
275 struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
276 u_int16_t msg, new_cid = 0, new_pcid, *pcid = NULL, *cid = NULL;
277
278 int ret = NF_ACCEPT, rv;
279
280 new_pcid = htons(nat_pptp_info->pns_call_id);
281
282 switch (msg = ntohs(ctlh->messageType)) {
283 case PPTP_OUT_CALL_REPLY:
284 pcid = &pptpReq->ocack.peersCallID;
285 cid = &pptpReq->ocack.callID;
286 break;
287 case PPTP_IN_CALL_CONNECT:
288 pcid = &pptpReq->iccon.peersCallID;
289 break;
290 case PPTP_IN_CALL_REQUEST:
291 /* only need to nat in case PAC is behind NAT box */
292 break;
293 case PPTP_WAN_ERROR_NOTIFY:
294 pcid = &pptpReq->wanerr.peersCallID;
295 break;
296 case PPTP_CALL_DISCONNECT_NOTIFY:
297 pcid = &pptpReq->disc.callID;
298 break;
299 case PPTP_SET_LINK_INFO:
300 pcid = &pptpReq->setlink.peersCallID;
301 break;
302
303 default:
304 DEBUGP("unknown inbound packet %s\n", (msg <= PPTP_MSG_MAX)?
305 pptp_msg_name[msg]:pptp_msg_name[0]);
306 /* fall through */
307
308 case PPTP_START_SESSION_REQUEST:
309 case PPTP_START_SESSION_REPLY:
310 case PPTP_STOP_SESSION_REQUEST:
311 case PPTP_STOP_SESSION_REPLY:
312 case PPTP_ECHO_REQUEST:
313 case PPTP_ECHO_REPLY:
314 /* no need to alter packet */
315 return NF_ACCEPT;
316 }
317
318 /* only OUT_CALL_REPLY, IN_CALL_CONNECT, IN_CALL_REQUEST,
319 * WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */
320
321 /* mangle packet */
322 IP_NF_ASSERT(pcid);
323 DEBUGP("altering peer call id from 0x%04x to 0x%04x\n",
324 ntohs(*pcid), ntohs(new_pcid));
325
326 rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
327 (void *)pcid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)),
328 sizeof(new_pcid), (char *)&new_pcid,
329 sizeof(new_pcid));
330 if (rv != NF_ACCEPT)
331 return rv;
332
333 if (new_cid) {
334 IP_NF_ASSERT(cid);
335 DEBUGP("altering call id from 0x%04x to 0x%04x\n",
336 ntohs(*cid), ntohs(new_cid));
337 rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
338 (void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)),
339 sizeof(new_cid),
340 (char *)&new_cid,
341 sizeof(new_cid));
342 if (rv != NF_ACCEPT)
343 return rv;
344 }
345
346 /* check for earlier return value of 'switch' above */
347 if (ret != NF_ACCEPT)
348 return ret;
349
350 /* great, at least we don't need to resize packets */
351 return NF_ACCEPT;
352}
353
354
355extern int __init ip_nat_proto_gre_init(void);
356extern void __exit ip_nat_proto_gre_fini(void);
357
358static int __init init(void)
359{
360 int ret;
361
362 DEBUGP("%s: registering NAT helper\n", __FILE__);
363
364 ret = ip_nat_proto_gre_init();
365 if (ret < 0)
366 return ret;
367
368 BUG_ON(ip_nat_pptp_hook_outbound);
369 ip_nat_pptp_hook_outbound = &pptp_outbound_pkt;
370
371 BUG_ON(ip_nat_pptp_hook_inbound);
372 ip_nat_pptp_hook_inbound = &pptp_inbound_pkt;
373
374 BUG_ON(ip_nat_pptp_hook_exp_gre);
375 ip_nat_pptp_hook_exp_gre = &pptp_exp_gre;
376
377 BUG_ON(ip_nat_pptp_hook_expectfn);
378 ip_nat_pptp_hook_expectfn = &pptp_nat_expected;
379
380 printk("ip_nat_pptp version %s loaded\n", IP_NAT_PPTP_VERSION);
381 return 0;
382}
383
384static void __exit fini(void)
385{
386 DEBUGP("cleanup_module\n" );
387
388 ip_nat_pptp_hook_expectfn = NULL;
389 ip_nat_pptp_hook_exp_gre = NULL;
390 ip_nat_pptp_hook_inbound = NULL;
391 ip_nat_pptp_hook_outbound = NULL;
392
393 ip_nat_proto_gre_fini();
394 /* Make sure noone calls it, meanwhile */
395 synchronize_net();
396
397 printk("ip_nat_pptp version %s unloaded\n", IP_NAT_PPTP_VERSION);
398}
399
400module_init(init);
401module_exit(fini);
diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c
new file mode 100644
index 000000000000..7c1285401672
--- /dev/null
+++ b/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -0,0 +1,214 @@
1/*
2 * ip_nat_proto_gre.c - Version 2.0
3 *
4 * NAT protocol helper module for GRE.
5 *
6 * GRE is a generic encapsulation protocol, which is generally not very
7 * suited for NAT, as it has no protocol-specific part as port numbers.
8 *
9 * It has an optional key field, which may help us distinguishing two
10 * connections between the same two hosts.
11 *
12 * GRE is defined in RFC 1701 and RFC 1702, as well as RFC 2784
13 *
14 * PPTP is built on top of a modified version of GRE, and has a mandatory
15 * field called "CallID", which serves us for the same purpose as the key
16 * field in plain GRE.
17 *
18 * Documentation about PPTP can be found in RFC 2637
19 *
20 * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
21 *
22 * Development of this code funded by Astaro AG (http://www.astaro.com/)
23 *
24 */
25
26#include <linux/config.h>
27#include <linux/module.h>
28#include <linux/ip.h>
29#include <linux/netfilter_ipv4/ip_nat.h>
30#include <linux/netfilter_ipv4/ip_nat_rule.h>
31#include <linux/netfilter_ipv4/ip_nat_protocol.h>
32#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
33
34MODULE_LICENSE("GPL");
35MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
36MODULE_DESCRIPTION("Netfilter NAT protocol helper module for GRE");
37
38#if 0
39#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, \
40 __FUNCTION__, ## args)
41#else
42#define DEBUGP(x, args...)
43#endif
44
45/* is key in given range between min and max */
46static int
47gre_in_range(const struct ip_conntrack_tuple *tuple,
48 enum ip_nat_manip_type maniptype,
49 const union ip_conntrack_manip_proto *min,
50 const union ip_conntrack_manip_proto *max)
51{
52 u_int32_t key;
53
54 if (maniptype == IP_NAT_MANIP_SRC)
55 key = tuple->src.u.gre.key;
56 else
57 key = tuple->dst.u.gre.key;
58
59 return ntohl(key) >= ntohl(min->gre.key)
60 && ntohl(key) <= ntohl(max->gre.key);
61}
62
63/* generate unique tuple ... */
64static int
65gre_unique_tuple(struct ip_conntrack_tuple *tuple,
66 const struct ip_nat_range *range,
67 enum ip_nat_manip_type maniptype,
68 const struct ip_conntrack *conntrack)
69{
70 static u_int16_t key;
71 u_int16_t *keyptr;
72 unsigned int min, i, range_size;
73
74 if (maniptype == IP_NAT_MANIP_SRC)
75 keyptr = &tuple->src.u.gre.key;
76 else
77 keyptr = &tuple->dst.u.gre.key;
78
79 if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) {
80 DEBUGP("%p: NATing GRE PPTP\n", conntrack);
81 min = 1;
82 range_size = 0xffff;
83 } else {
84 min = ntohl(range->min.gre.key);
85 range_size = ntohl(range->max.gre.key) - min + 1;
86 }
87
88 DEBUGP("min = %u, range_size = %u\n", min, range_size);
89
90 for (i = 0; i < range_size; i++, key++) {
91 *keyptr = htonl(min + key % range_size);
92 if (!ip_nat_used_tuple(tuple, conntrack))
93 return 1;
94 }
95
96 DEBUGP("%p: no NAT mapping\n", conntrack);
97
98 return 0;
99}
100
101/* manipulate a GRE packet according to maniptype */
102static int
103gre_manip_pkt(struct sk_buff **pskb,
104 unsigned int iphdroff,
105 const struct ip_conntrack_tuple *tuple,
106 enum ip_nat_manip_type maniptype)
107{
108 struct gre_hdr *greh;
109 struct gre_hdr_pptp *pgreh;
110 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
111 unsigned int hdroff = iphdroff + iph->ihl*4;
112
113 /* pgreh includes two optional 32bit fields which are not required
114 * to be there. That's where the magic '8' comes from */
115 if (!skb_make_writable(pskb, hdroff + sizeof(*pgreh)-8))
116 return 0;
117
118 greh = (void *)(*pskb)->data + hdroff;
119 pgreh = (struct gre_hdr_pptp *) greh;
120
121 /* we only have destination manip of a packet, since 'source key'
122 * is not present in the packet itself */
123 if (maniptype == IP_NAT_MANIP_DST) {
124 /* key manipulation is always dest */
125 switch (greh->version) {
126 case 0:
127 if (!greh->key) {
128 DEBUGP("can't nat GRE w/o key\n");
129 break;
130 }
131 if (greh->csum) {
132 /* FIXME: Never tested this code... */
133 *(gre_csum(greh)) =
134 ip_nat_cheat_check(~*(gre_key(greh)),
135 tuple->dst.u.gre.key,
136 *(gre_csum(greh)));
137 }
138 *(gre_key(greh)) = tuple->dst.u.gre.key;
139 break;
140 case GRE_VERSION_PPTP:
141 DEBUGP("call_id -> 0x%04x\n",
142 ntohl(tuple->dst.u.gre.key));
143 pgreh->call_id = htons(ntohl(tuple->dst.u.gre.key));
144 break;
145 default:
146 DEBUGP("can't nat unknown GRE version\n");
147 return 0;
148 break;
149 }
150 }
151 return 1;
152}
153
154/* print out a nat tuple */
155static unsigned int
156gre_print(char *buffer,
157 const struct ip_conntrack_tuple *match,
158 const struct ip_conntrack_tuple *mask)
159{
160 unsigned int len = 0;
161
162 if (mask->src.u.gre.key)
163 len += sprintf(buffer + len, "srckey=0x%x ",
164 ntohl(match->src.u.gre.key));
165
166 if (mask->dst.u.gre.key)
167 len += sprintf(buffer + len, "dstkey=0x%x ",
168 ntohl(match->src.u.gre.key));
169
170 return len;
171}
172
173/* print a range of keys */
174static unsigned int
175gre_print_range(char *buffer, const struct ip_nat_range *range)
176{
177 if (range->min.gre.key != 0
178 || range->max.gre.key != 0xFFFF) {
179 if (range->min.gre.key == range->max.gre.key)
180 return sprintf(buffer, "key 0x%x ",
181 ntohl(range->min.gre.key));
182 else
183 return sprintf(buffer, "keys 0x%u-0x%u ",
184 ntohl(range->min.gre.key),
185 ntohl(range->max.gre.key));
186 } else
187 return 0;
188}
189
190/* nat helper struct */
191static struct ip_nat_protocol gre = {
192 .name = "GRE",
193 .protonum = IPPROTO_GRE,
194 .manip_pkt = gre_manip_pkt,
195 .in_range = gre_in_range,
196 .unique_tuple = gre_unique_tuple,
197 .print = gre_print,
198 .print_range = gre_print_range,
199#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
200 defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
201 .range_to_nfattr = ip_nat_port_range_to_nfattr,
202 .nfattr_to_range = ip_nat_port_nfattr_to_range,
203#endif
204};
205
206int __init ip_nat_proto_gre_init(void)
207{
208 return ip_nat_protocol_register(&gre);
209}
210
211void __exit ip_nat_proto_gre_fini(void)
212{
213 ip_nat_protocol_unregister(&gre);
214}
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 0ff368b131f6..30cd4e18c129 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -108,8 +108,8 @@ ip_nat_fn(unsigned int hooknum,
108 case IP_CT_RELATED: 108 case IP_CT_RELATED:
109 case IP_CT_RELATED+IP_CT_IS_REPLY: 109 case IP_CT_RELATED+IP_CT_IS_REPLY:
110 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 110 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
111 if (!icmp_reply_translation(pskb, ct, maniptype, 111 if (!ip_nat_icmp_reply_translation(pskb, ct, maniptype,
112 CTINFO2DIR(ctinfo))) 112 CTINFO2DIR(ctinfo)))
113 return NF_DROP; 113 return NF_DROP;
114 else 114 else
115 return NF_ACCEPT; 115 return NF_ACCEPT;
@@ -152,7 +152,7 @@ ip_nat_fn(unsigned int hooknum,
152 } 152 }
153 153
154 IP_NF_ASSERT(info); 154 IP_NF_ASSERT(info);
155 return nat_packet(ct, ctinfo, hooknum, pskb); 155 return ip_nat_packet(ct, ctinfo, hooknum, pskb);
156} 156}
157 157
158static unsigned int 158static unsigned int
@@ -325,15 +325,10 @@ static int init_or_cleanup(int init)
325 printk("ip_nat_init: can't setup rules.\n"); 325 printk("ip_nat_init: can't setup rules.\n");
326 goto cleanup_nothing; 326 goto cleanup_nothing;
327 } 327 }
328 ret = ip_nat_init();
329 if (ret < 0) {
330 printk("ip_nat_init: can't setup rules.\n");
331 goto cleanup_rule_init;
332 }
333 ret = nf_register_hook(&ip_nat_in_ops); 328 ret = nf_register_hook(&ip_nat_in_ops);
334 if (ret < 0) { 329 if (ret < 0) {
335 printk("ip_nat_init: can't register in hook.\n"); 330 printk("ip_nat_init: can't register in hook.\n");
336 goto cleanup_nat; 331 goto cleanup_rule_init;
337 } 332 }
338 ret = nf_register_hook(&ip_nat_out_ops); 333 ret = nf_register_hook(&ip_nat_out_ops);
339 if (ret < 0) { 334 if (ret < 0) {
@@ -374,8 +369,6 @@ static int init_or_cleanup(int init)
374 nf_unregister_hook(&ip_nat_out_ops); 369 nf_unregister_hook(&ip_nat_out_ops);
375 cleanup_inops: 370 cleanup_inops:
376 nf_unregister_hook(&ip_nat_in_ops); 371 nf_unregister_hook(&ip_nat_in_ops);
377 cleanup_nat:
378 ip_nat_cleanup();
379 cleanup_rule_init: 372 cleanup_rule_init:
380 ip_nat_rule_cleanup(); 373 ip_nat_rule_cleanup();
381 cleanup_nothing: 374 cleanup_nothing:
@@ -395,14 +388,4 @@ static void __exit fini(void)
395module_init(init); 388module_init(init);
396module_exit(fini); 389module_exit(fini);
397 390
398EXPORT_SYMBOL(ip_nat_setup_info);
399EXPORT_SYMBOL(ip_nat_protocol_register);
400EXPORT_SYMBOL(ip_nat_protocol_unregister);
401EXPORT_SYMBOL_GPL(ip_nat_proto_find_get);
402EXPORT_SYMBOL_GPL(ip_nat_proto_put);
403EXPORT_SYMBOL(ip_nat_cheat_check);
404EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
405EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
406EXPORT_SYMBOL(ip_nat_used_tuple);
407EXPORT_SYMBOL(ip_nat_follow_master);
408MODULE_LICENSE("GPL"); 391MODULE_LICENSE("GPL");
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index d54f14d926f6..36339eb39e17 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -240,8 +240,8 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
240 240
241 pmsg->packet_id = (unsigned long )entry; 241 pmsg->packet_id = (unsigned long )entry;
242 pmsg->data_len = data_len; 242 pmsg->data_len = data_len;
243 pmsg->timestamp_sec = skb_tv_base.tv_sec + entry->skb->tstamp.off_sec; 243 pmsg->timestamp_sec = entry->skb->tstamp.off_sec;
244 pmsg->timestamp_usec = skb_tv_base.tv_usec + entry->skb->tstamp.off_usec; 244 pmsg->timestamp_usec = entry->skb->tstamp.off_usec;
245 pmsg->mark = entry->skb->nfmark; 245 pmsg->mark = entry->skb->nfmark;
246 pmsg->hook = entry->info->hook; 246 pmsg->hook = entry->info->hook;
247 pmsg->hw_protocol = entry->skb->protocol; 247 pmsg->hw_protocol = entry->skb->protocol;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 7d38913754b1..9bcb398fbc1f 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -13,6 +13,7 @@
13#include <linux/config.h> 13#include <linux/config.h>
14#include <linux/proc_fs.h> 14#include <linux/proc_fs.h>
15#include <linux/jhash.h> 15#include <linux/jhash.h>
16#include <linux/bitops.h>
16#include <linux/skbuff.h> 17#include <linux/skbuff.h>
17#include <linux/ip.h> 18#include <linux/ip.h>
18#include <linux/tcp.h> 19#include <linux/tcp.h>
@@ -30,7 +31,7 @@
30#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> 31#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
31#include <linux/netfilter_ipv4/ip_conntrack.h> 32#include <linux/netfilter_ipv4/ip_conntrack.h>
32 33
33#define CLUSTERIP_VERSION "0.7" 34#define CLUSTERIP_VERSION "0.8"
34 35
35#define DEBUG_CLUSTERIP 36#define DEBUG_CLUSTERIP
36 37
@@ -49,13 +50,14 @@ MODULE_DESCRIPTION("iptables target for CLUSTERIP");
49struct clusterip_config { 50struct clusterip_config {
50 struct list_head list; /* list of all configs */ 51 struct list_head list; /* list of all configs */
51 atomic_t refcount; /* reference count */ 52 atomic_t refcount; /* reference count */
53 atomic_t entries; /* number of entries/rules
54 * referencing us */
52 55
53 u_int32_t clusterip; /* the IP address */ 56 u_int32_t clusterip; /* the IP address */
54 u_int8_t clustermac[ETH_ALEN]; /* the MAC address */ 57 u_int8_t clustermac[ETH_ALEN]; /* the MAC address */
55 struct net_device *dev; /* device */ 58 struct net_device *dev; /* device */
56 u_int16_t num_total_nodes; /* total number of nodes */ 59 u_int16_t num_total_nodes; /* total number of nodes */
57 u_int16_t num_local_nodes; /* number of local nodes */ 60 unsigned long local_nodes; /* node number array */
58 u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; /* node number array */
59 61
60#ifdef CONFIG_PROC_FS 62#ifdef CONFIG_PROC_FS
61 struct proc_dir_entry *pde; /* proc dir entry */ 63 struct proc_dir_entry *pde; /* proc dir entry */
@@ -66,8 +68,7 @@ struct clusterip_config {
66 68
67static LIST_HEAD(clusterip_configs); 69static LIST_HEAD(clusterip_configs);
68 70
69/* clusterip_lock protects the clusterip_configs list _AND_ the configurable 71/* clusterip_lock protects the clusterip_configs list */
70 * data within all structurses (num_local_nodes, local_nodes[]) */
71static DEFINE_RWLOCK(clusterip_lock); 72static DEFINE_RWLOCK(clusterip_lock);
72 73
73#ifdef CONFIG_PROC_FS 74#ifdef CONFIG_PROC_FS
@@ -76,23 +77,48 @@ static struct proc_dir_entry *clusterip_procdir;
76#endif 77#endif
77 78
78static inline void 79static inline void
79clusterip_config_get(struct clusterip_config *c) { 80clusterip_config_get(struct clusterip_config *c)
81{
80 atomic_inc(&c->refcount); 82 atomic_inc(&c->refcount);
81} 83}
82 84
83static inline void 85static inline void
84clusterip_config_put(struct clusterip_config *c) { 86clusterip_config_put(struct clusterip_config *c)
85 if (atomic_dec_and_test(&c->refcount)) { 87{
88 if (atomic_dec_and_test(&c->refcount))
89 kfree(c);
90}
91
92/* increase the count of entries(rules) using/referencing this config */
93static inline void
94clusterip_config_entry_get(struct clusterip_config *c)
95{
96 atomic_inc(&c->entries);
97}
98
99/* decrease the count of entries using/referencing this config. If last
100 * entry(rule) is removed, remove the config from lists, but don't free it
101 * yet, since proc-files could still be holding references */
102static inline void
103clusterip_config_entry_put(struct clusterip_config *c)
104{
105 if (atomic_dec_and_test(&c->entries)) {
86 write_lock_bh(&clusterip_lock); 106 write_lock_bh(&clusterip_lock);
87 list_del(&c->list); 107 list_del(&c->list);
88 write_unlock_bh(&clusterip_lock); 108 write_unlock_bh(&clusterip_lock);
109
89 dev_mc_delete(c->dev, c->clustermac, ETH_ALEN, 0); 110 dev_mc_delete(c->dev, c->clustermac, ETH_ALEN, 0);
90 dev_put(c->dev); 111 dev_put(c->dev);
91 kfree(c); 112
113 /* In case anyone still accesses the file, the open/close
114 * functions are also incrementing the refcount on their own,
115 * so it's safe to remove the entry even if it's in use. */
116#ifdef CONFIG_PROC_FS
117 remove_proc_entry(c->pde->name, c->pde->parent);
118#endif
92 } 119 }
93} 120}
94 121
95
96static struct clusterip_config * 122static struct clusterip_config *
97__clusterip_config_find(u_int32_t clusterip) 123__clusterip_config_find(u_int32_t clusterip)
98{ 124{
@@ -111,7 +137,7 @@ __clusterip_config_find(u_int32_t clusterip)
111} 137}
112 138
113static inline struct clusterip_config * 139static inline struct clusterip_config *
114clusterip_config_find_get(u_int32_t clusterip) 140clusterip_config_find_get(u_int32_t clusterip, int entry)
115{ 141{
116 struct clusterip_config *c; 142 struct clusterip_config *c;
117 143
@@ -122,11 +148,24 @@ clusterip_config_find_get(u_int32_t clusterip)
122 return NULL; 148 return NULL;
123 } 149 }
124 atomic_inc(&c->refcount); 150 atomic_inc(&c->refcount);
151 if (entry)
152 atomic_inc(&c->entries);
125 read_unlock_bh(&clusterip_lock); 153 read_unlock_bh(&clusterip_lock);
126 154
127 return c; 155 return c;
128} 156}
129 157
158static void
159clusterip_config_init_nodelist(struct clusterip_config *c,
160 const struct ipt_clusterip_tgt_info *i)
161{
162 int n;
163
164 for (n = 0; n < i->num_local_nodes; n++) {
165 set_bit(i->local_nodes[n] - 1, &c->local_nodes);
166 }
167}
168
130static struct clusterip_config * 169static struct clusterip_config *
131clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip, 170clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip,
132 struct net_device *dev) 171 struct net_device *dev)
@@ -143,11 +182,11 @@ clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip,
143 c->clusterip = ip; 182 c->clusterip = ip;
144 memcpy(&c->clustermac, &i->clustermac, ETH_ALEN); 183 memcpy(&c->clustermac, &i->clustermac, ETH_ALEN);
145 c->num_total_nodes = i->num_total_nodes; 184 c->num_total_nodes = i->num_total_nodes;
146 c->num_local_nodes = i->num_local_nodes; 185 clusterip_config_init_nodelist(c, i);
147 memcpy(&c->local_nodes, &i->local_nodes, sizeof(c->local_nodes));
148 c->hash_mode = i->hash_mode; 186 c->hash_mode = i->hash_mode;
149 c->hash_initval = i->hash_initval; 187 c->hash_initval = i->hash_initval;
150 atomic_set(&c->refcount, 1); 188 atomic_set(&c->refcount, 1);
189 atomic_set(&c->entries, 1);
151 190
152#ifdef CONFIG_PROC_FS 191#ifdef CONFIG_PROC_FS
153 /* create proc dir entry */ 192 /* create proc dir entry */
@@ -171,53 +210,28 @@ clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip,
171static int 210static int
172clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum) 211clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum)
173{ 212{
174 int i;
175
176 write_lock_bh(&clusterip_lock);
177 213
178 if (c->num_local_nodes >= CLUSTERIP_MAX_NODES 214 if (nodenum == 0 ||
179 || nodenum > CLUSTERIP_MAX_NODES) { 215 nodenum > c->num_total_nodes)
180 write_unlock_bh(&clusterip_lock);
181 return 1; 216 return 1;
182 }
183
184 /* check if we alrady have this number in our array */
185 for (i = 0; i < c->num_local_nodes; i++) {
186 if (c->local_nodes[i] == nodenum) {
187 write_unlock_bh(&clusterip_lock);
188 return 1;
189 }
190 }
191 217
192 c->local_nodes[c->num_local_nodes++] = nodenum; 218 /* check if we already have this number in our bitfield */
219 if (test_and_set_bit(nodenum - 1, &c->local_nodes))
220 return 1;
193 221
194 write_unlock_bh(&clusterip_lock);
195 return 0; 222 return 0;
196} 223}
197 224
198static int 225static int
199clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) 226clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
200{ 227{
201 int i; 228 if (nodenum == 0 ||
202 229 nodenum > c->num_total_nodes)
203 write_lock_bh(&clusterip_lock);
204
205 if (c->num_local_nodes <= 1 || nodenum > CLUSTERIP_MAX_NODES) {
206 write_unlock_bh(&clusterip_lock);
207 return 1; 230 return 1;
208 }
209 231
210 for (i = 0; i < c->num_local_nodes; i++) { 232 if (test_and_clear_bit(nodenum - 1, &c->local_nodes))
211 if (c->local_nodes[i] == nodenum) { 233 return 0;
212 int size = sizeof(u_int16_t)*(c->num_local_nodes-(i+1));
213 memmove(&c->local_nodes[i], &c->local_nodes[i+1], size);
214 c->num_local_nodes--;
215 write_unlock_bh(&clusterip_lock);
216 return 0;
217 }
218 }
219 234
220 write_unlock_bh(&clusterip_lock);
221 return 1; 235 return 1;
222} 236}
223 237
@@ -285,25 +299,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
285static inline int 299static inline int
286clusterip_responsible(struct clusterip_config *config, u_int32_t hash) 300clusterip_responsible(struct clusterip_config *config, u_int32_t hash)
287{ 301{
288 int i; 302 return test_bit(hash - 1, &config->local_nodes);
289
290 read_lock_bh(&clusterip_lock);
291
292 if (config->num_local_nodes == 0) {
293 read_unlock_bh(&clusterip_lock);
294 return 0;
295 }
296
297 for (i = 0; i < config->num_local_nodes; i++) {
298 if (config->local_nodes[i] == hash) {
299 read_unlock_bh(&clusterip_lock);
300 return 1;
301 }
302 }
303
304 read_unlock_bh(&clusterip_lock);
305
306 return 0;
307} 303}
308 304
309/*********************************************************************** 305/***********************************************************************
@@ -415,8 +411,26 @@ checkentry(const char *tablename,
415 411
416 /* FIXME: further sanity checks */ 412 /* FIXME: further sanity checks */
417 413
418 config = clusterip_config_find_get(e->ip.dst.s_addr); 414 config = clusterip_config_find_get(e->ip.dst.s_addr, 1);
419 if (!config) { 415 if (config) {
416 if (cipinfo->config != NULL) {
417 /* Case A: This is an entry that gets reloaded, since
418 * it still has a cipinfo->config pointer. Simply
419 * increase the entry refcount and return */
420 if (cipinfo->config != config) {
421 printk(KERN_ERR "CLUSTERIP: Reloaded entry "
422 "has invalid config pointer!\n");
423 return 0;
424 }
425 clusterip_config_entry_get(cipinfo->config);
426 } else {
427 /* Case B: This is a new rule referring to an existing
428 * clusterip config. */
429 cipinfo->config = config;
430 clusterip_config_entry_get(cipinfo->config);
431 }
432 } else {
433 /* Case C: This is a completely new clusterip config */
420 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { 434 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
421 printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr)); 435 printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
422 return 0; 436 return 0;
@@ -443,10 +457,9 @@ checkentry(const char *tablename,
443 } 457 }
444 dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); 458 dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
445 } 459 }
460 cipinfo->config = config;
446 } 461 }
447 462
448 cipinfo->config = config;
449
450 return 1; 463 return 1;
451} 464}
452 465
@@ -455,13 +468,10 @@ static void destroy(void *matchinfo, unsigned int matchinfosize)
455{ 468{
456 struct ipt_clusterip_tgt_info *cipinfo = matchinfo; 469 struct ipt_clusterip_tgt_info *cipinfo = matchinfo;
457 470
458 /* we first remove the proc entry and then drop the reference 471 /* if no more entries are referencing the config, remove it
459 * count. In case anyone still accesses the file, the open/close 472 * from the list and destroy the proc entry */
460 * functions are also incrementing the refcount on their own */ 473 clusterip_config_entry_put(cipinfo->config);
461#ifdef CONFIG_PROC_FS 474
462 remove_proc_entry(cipinfo->config->pde->name,
463 cipinfo->config->pde->parent);
464#endif
465 clusterip_config_put(cipinfo->config); 475 clusterip_config_put(cipinfo->config);
466} 476}
467 477
@@ -533,7 +543,7 @@ arp_mangle(unsigned int hook,
533 543
534 /* if there is no clusterip configuration for the arp reply's 544 /* if there is no clusterip configuration for the arp reply's
535 * source ip, we don't want to mangle it */ 545 * source ip, we don't want to mangle it */
536 c = clusterip_config_find_get(payload->src_ip); 546 c = clusterip_config_find_get(payload->src_ip, 0);
537 if (!c) 547 if (!c)
538 return NF_ACCEPT; 548 return NF_ACCEPT;
539 549
@@ -574,56 +584,69 @@ static struct nf_hook_ops cip_arp_ops = {
574 584
575#ifdef CONFIG_PROC_FS 585#ifdef CONFIG_PROC_FS
576 586
587struct clusterip_seq_position {
588 unsigned int pos; /* position */
589 unsigned int weight; /* number of bits set == size */
590 unsigned int bit; /* current bit */
591 unsigned long val; /* current value */
592};
593
577static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) 594static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
578{ 595{
579 struct proc_dir_entry *pde = s->private; 596 struct proc_dir_entry *pde = s->private;
580 struct clusterip_config *c = pde->data; 597 struct clusterip_config *c = pde->data;
581 unsigned int *nodeidx; 598 unsigned int weight;
582 599 u_int32_t local_nodes;
583 read_lock_bh(&clusterip_lock); 600 struct clusterip_seq_position *idx;
584 if (*pos >= c->num_local_nodes) 601
602 /* FIXME: possible race */
603 local_nodes = c->local_nodes;
604 weight = hweight32(local_nodes);
605 if (*pos >= weight)
585 return NULL; 606 return NULL;
586 607
587 nodeidx = kmalloc(sizeof(unsigned int), GFP_KERNEL); 608 idx = kmalloc(sizeof(struct clusterip_seq_position), GFP_KERNEL);
588 if (!nodeidx) 609 if (!idx)
589 return ERR_PTR(-ENOMEM); 610 return ERR_PTR(-ENOMEM);
590 611
591 *nodeidx = *pos; 612 idx->pos = *pos;
592 return nodeidx; 613 idx->weight = weight;
614 idx->bit = ffs(local_nodes);
615 idx->val = local_nodes;
616 clear_bit(idx->bit - 1, &idx->val);
617
618 return idx;
593} 619}
594 620
595static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) 621static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos)
596{ 622{
597 struct proc_dir_entry *pde = s->private; 623 struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
598 struct clusterip_config *c = pde->data;
599 unsigned int *nodeidx = (unsigned int *)v;
600 624
601 *pos = ++(*nodeidx); 625 *pos = ++idx->pos;
602 if (*pos >= c->num_local_nodes) { 626 if (*pos >= idx->weight) {
603 kfree(v); 627 kfree(v);
604 return NULL; 628 return NULL;
605 } 629 }
606 return nodeidx; 630 idx->bit = ffs(idx->val);
631 clear_bit(idx->bit - 1, &idx->val);
632 return idx;
607} 633}
608 634
609static void clusterip_seq_stop(struct seq_file *s, void *v) 635static void clusterip_seq_stop(struct seq_file *s, void *v)
610{ 636{
611 kfree(v); 637 kfree(v);
612
613 read_unlock_bh(&clusterip_lock);
614} 638}
615 639
616static int clusterip_seq_show(struct seq_file *s, void *v) 640static int clusterip_seq_show(struct seq_file *s, void *v)
617{ 641{
618 struct proc_dir_entry *pde = s->private; 642 struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
619 struct clusterip_config *c = pde->data;
620 unsigned int *nodeidx = (unsigned int *)v;
621 643
622 if (*nodeidx != 0) 644 if (idx->pos != 0)
623 seq_putc(s, ','); 645 seq_putc(s, ',');
624 seq_printf(s, "%u", c->local_nodes[*nodeidx]);
625 646
626 if (*nodeidx == c->num_local_nodes-1) 647 seq_printf(s, "%u", idx->bit);
648
649 if (idx->pos == idx->weight - 1)
627 seq_putc(s, '\n'); 650 seq_putc(s, '\n');
628 651
629 return 0; 652 return 0;
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 2f3e181c8e97..275a174c6fe6 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -90,6 +90,12 @@ masquerade_target(struct sk_buff **pskb,
90 IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED 90 IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
91 || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); 91 || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
92 92
93 /* Source address is 0.0.0.0 - locally generated packet that is
94 * probably not supposed to be masqueraded.
95 */
96 if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0)
97 return NF_ACCEPT;
98
93 mr = targinfo; 99 mr = targinfo;
94 rt = (struct rtable *)(*pskb)->dst; 100 rt = (struct rtable *)(*pskb)->dst;
95 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 101 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index d2e13447678e..5245bfd33d52 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -88,14 +88,18 @@ redirect_target(struct sk_buff **pskb,
88 newdst = htonl(0x7F000001); 88 newdst = htonl(0x7F000001);
89 else { 89 else {
90 struct in_device *indev; 90 struct in_device *indev;
91 struct in_ifaddr *ifa;
91 92
92 /* Device might not have an associated in_device. */ 93 newdst = 0;
93 indev = (struct in_device *)(*pskb)->dev->ip_ptr; 94
94 if (indev == NULL || indev->ifa_list == NULL) 95 rcu_read_lock();
95 return NF_DROP; 96 indev = __in_dev_get_rcu((*pskb)->dev);
97 if (indev && (ifa = indev->ifa_list))
98 newdst = ifa->ifa_local;
99 rcu_read_unlock();
96 100
97 /* Grab first address on interface. */ 101 if (!newdst)
98 newdst = indev->ifa_list->ifa_local; 102 return NF_DROP;
99 } 103 }
100 104
101 /* Transfer from original range. */ 105 /* Transfer from original range. */
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index e2c14f3cb2fc..2883ccd8a91d 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -225,8 +225,8 @@ static void ipt_ulog_packet(unsigned int hooknum,
225 225
226 /* copy hook, prefix, timestamp, payload, etc. */ 226 /* copy hook, prefix, timestamp, payload, etc. */
227 pm->data_len = copy_len; 227 pm->data_len = copy_len;
228 pm->timestamp_sec = skb_tv_base.tv_sec + skb->tstamp.off_sec; 228 pm->timestamp_sec = skb->tstamp.off_sec;
229 pm->timestamp_usec = skb_tv_base.tv_usec + skb->tstamp.off_usec; 229 pm->timestamp_usec = skb->tstamp.off_usec;
230 pm->mark = skb->nfmark; 230 pm->mark = skb->nfmark;
231 pm->hook = hooknum; 231 pm->hook = hooknum;
232 if (prefix != NULL) 232 if (prefix != NULL)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 304bb0a1d4f0..4b0d7e4d6269 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -361,7 +361,7 @@ static void raw_probe_proto_opt(struct flowi *fl, struct msghdr *msg)
361 361
362 if (type && code) { 362 if (type && code) {
363 get_user(fl->fl_icmp_type, type); 363 get_user(fl->fl_icmp_type, type);
364 __get_user(fl->fl_icmp_code, code); 364 get_user(fl->fl_icmp_code, code);
365 probed = 1; 365 probed = 1;
366 } 366 }
367 break; 367 break;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 8549f26e2495..381dd6a6aebb 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2128,7 +2128,7 @@ int ip_route_input(struct sk_buff *skb, u32 daddr, u32 saddr,
2128 struct in_device *in_dev; 2128 struct in_device *in_dev;
2129 2129
2130 rcu_read_lock(); 2130 rcu_read_lock();
2131 if ((in_dev = __in_dev_get(dev)) != NULL) { 2131 if ((in_dev = __in_dev_get_rcu(dev)) != NULL) {
2132 int our = ip_check_mc(in_dev, daddr, saddr, 2132 int our = ip_check_mc(in_dev, daddr, saddr,
2133 skb->nh.iph->protocol); 2133 skb->nh.iph->protocol);
2134 if (our 2134 if (our
@@ -2443,7 +2443,9 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp)
2443 err = -ENODEV; 2443 err = -ENODEV;
2444 if (dev_out == NULL) 2444 if (dev_out == NULL)
2445 goto out; 2445 goto out;
2446 if (__in_dev_get(dev_out) == NULL) { 2446
2447 /* RACE: Check return value of inet_select_addr instead. */
2448 if (__in_dev_get_rtnl(dev_out) == NULL) {
2447 dev_put(dev_out); 2449 dev_put(dev_out);
2448 goto out; /* Wrong error code */ 2450 goto out; /* Wrong error code */
2449 } 2451 }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 29222b964951..677419d0c9ad 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -355,8 +355,6 @@ static void tcp_clamp_window(struct sock *sk, struct tcp_sock *tp)
355 app_win -= icsk->icsk_ack.rcv_mss; 355 app_win -= icsk->icsk_ack.rcv_mss;
356 app_win = max(app_win, 2U*tp->advmss); 356 app_win = max(app_win, 2U*tp->advmss);
357 357
358 if (!ofo_win)
359 tp->window_clamp = min(tp->window_clamp, app_win);
360 tp->rcv_ssthresh = min(tp->window_clamp, 2U*tp->advmss); 358 tp->rcv_ssthresh = min(tp->window_clamp, 2U*tp->advmss);
361 } 359 }
362} 360}
@@ -979,14 +977,19 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
979 if (!before(TCP_SKB_CB(skb)->seq, end_seq)) 977 if (!before(TCP_SKB_CB(skb)->seq, end_seq))
980 break; 978 break;
981 979
980 in_sack = !after(start_seq, TCP_SKB_CB(skb)->seq) &&
981 !before(end_seq, TCP_SKB_CB(skb)->end_seq);
982
982 pcount = tcp_skb_pcount(skb); 983 pcount = tcp_skb_pcount(skb);
983 984
984 if (pcount > 1 && 985 if (pcount > 1 && !in_sack &&
985 (after(start_seq, TCP_SKB_CB(skb)->seq) || 986 after(TCP_SKB_CB(skb)->end_seq, start_seq)) {
986 before(end_seq, TCP_SKB_CB(skb)->end_seq))) {
987 unsigned int pkt_len; 987 unsigned int pkt_len;
988 988
989 if (after(start_seq, TCP_SKB_CB(skb)->seq)) 989 in_sack = !after(start_seq,
990 TCP_SKB_CB(skb)->seq);
991
992 if (!in_sack)
990 pkt_len = (start_seq - 993 pkt_len = (start_seq -
991 TCP_SKB_CB(skb)->seq); 994 TCP_SKB_CB(skb)->seq);
992 else 995 else
@@ -999,9 +1002,6 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
999 1002
1000 fack_count += pcount; 1003 fack_count += pcount;
1001 1004
1002 in_sack = !after(start_seq, TCP_SKB_CB(skb)->seq) &&
1003 !before(end_seq, TCP_SKB_CB(skb)->end_seq);
1004
1005 sacked = TCP_SKB_CB(skb)->sacked; 1005 sacked = TCP_SKB_CB(skb)->sacked;
1006 1006
1007 /* Account D-SACK for retransmitted packet. */ 1007 /* Account D-SACK for retransmitted packet. */
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 13dfb391cdf1..c85819d8474b 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -130,19 +130,20 @@ static int __tcp_v4_check_established(struct sock *sk, __u16 lport,
130 int dif = sk->sk_bound_dev_if; 130 int dif = sk->sk_bound_dev_if;
131 INET_ADDR_COOKIE(acookie, saddr, daddr) 131 INET_ADDR_COOKIE(acookie, saddr, daddr)
132 const __u32 ports = INET_COMBINED_PORTS(inet->dport, lport); 132 const __u32 ports = INET_COMBINED_PORTS(inet->dport, lport);
133 const int hash = inet_ehashfn(daddr, lport, saddr, inet->dport, tcp_hashinfo.ehash_size); 133 unsigned int hash = inet_ehashfn(daddr, lport, saddr, inet->dport);
134 struct inet_ehash_bucket *head = &tcp_hashinfo.ehash[hash]; 134 struct inet_ehash_bucket *head = inet_ehash_bucket(&tcp_hashinfo, hash);
135 struct sock *sk2; 135 struct sock *sk2;
136 const struct hlist_node *node; 136 const struct hlist_node *node;
137 struct inet_timewait_sock *tw; 137 struct inet_timewait_sock *tw;
138 138
139 prefetch(head->chain.first);
139 write_lock(&head->lock); 140 write_lock(&head->lock);
140 141
141 /* Check TIME-WAIT sockets first. */ 142 /* Check TIME-WAIT sockets first. */
142 sk_for_each(sk2, node, &(head + tcp_hashinfo.ehash_size)->chain) { 143 sk_for_each(sk2, node, &(head + tcp_hashinfo.ehash_size)->chain) {
143 tw = inet_twsk(sk2); 144 tw = inet_twsk(sk2);
144 145
145 if (INET_TW_MATCH(sk2, acookie, saddr, daddr, ports, dif)) { 146 if (INET_TW_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif)) {
146 const struct tcp_timewait_sock *tcptw = tcp_twsk(sk2); 147 const struct tcp_timewait_sock *tcptw = tcp_twsk(sk2);
147 struct tcp_sock *tp = tcp_sk(sk); 148 struct tcp_sock *tp = tcp_sk(sk);
148 149
@@ -179,7 +180,7 @@ static int __tcp_v4_check_established(struct sock *sk, __u16 lport,
179 180
180 /* And established part... */ 181 /* And established part... */
181 sk_for_each(sk2, node, &head->chain) { 182 sk_for_each(sk2, node, &head->chain) {
182 if (INET_MATCH(sk2, acookie, saddr, daddr, ports, dif)) 183 if (INET_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif))
183 goto not_unique; 184 goto not_unique;
184 } 185 }
185 186
@@ -188,7 +189,7 @@ unique:
188 * in hash table socket with a funny identity. */ 189 * in hash table socket with a funny identity. */
189 inet->num = lport; 190 inet->num = lport;
190 inet->sport = htons(lport); 191 inet->sport = htons(lport);
191 sk->sk_hashent = hash; 192 sk->sk_hash = hash;
192 BUG_TRAP(sk_unhashed(sk)); 193 BUG_TRAP(sk_unhashed(sk));
193 __sk_add_node(sk, &head->chain); 194 __sk_add_node(sk, &head->chain);
194 sock_prot_inc_use(sk->sk_prot); 195 sock_prot_inc_use(sk->sk_prot);
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index a88db28b0af7..b1a63b2c6b4a 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -384,7 +384,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
384 newtp->frto_counter = 0; 384 newtp->frto_counter = 0;
385 newtp->frto_highmark = 0; 385 newtp->frto_highmark = 0;
386 386
387 newicsk->icsk_ca_ops = &tcp_reno; 387 newicsk->icsk_ca_ops = &tcp_init_congestion_ops;
388 388
389 tcp_set_ca_state(newsk, TCP_CA_Open); 389 tcp_set_ca_state(newsk, TCP_CA_Open);
390 tcp_init_xmit_timers(newsk); 390 tcp_init_xmit_timers(newsk);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index c10e4435e3b1..c5b911f9b662 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -190,7 +190,7 @@ void tcp_select_initial_window(int __space, __u32 mss,
190 } 190 }
191 191
192 /* Set initial window to value enough for senders, 192 /* Set initial window to value enough for senders,
193 * following RFC1414. Senders, not following this RFC, 193 * following RFC2414. Senders, not following this RFC,
194 * will be satisfied with 2. 194 * will be satisfied with 2.
195 */ 195 */
196 if (mss > (1<<*rcv_wscale)) { 196 if (mss > (1<<*rcv_wscale)) {
@@ -435,6 +435,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
435 int nsize, old_factor; 435 int nsize, old_factor;
436 u16 flags; 436 u16 flags;
437 437
438 BUG_ON(len >= skb->len);
439
438 nsize = skb_headlen(skb) - len; 440 nsize = skb_headlen(skb) - len;
439 if (nsize < 0) 441 if (nsize < 0)
440 nsize = 0; 442 nsize = 0;
@@ -459,9 +461,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
459 flags = TCP_SKB_CB(skb)->flags; 461 flags = TCP_SKB_CB(skb)->flags;
460 TCP_SKB_CB(skb)->flags = flags & ~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH); 462 TCP_SKB_CB(skb)->flags = flags & ~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH);
461 TCP_SKB_CB(buff)->flags = flags; 463 TCP_SKB_CB(buff)->flags = flags;
462 TCP_SKB_CB(buff)->sacked = 464 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
463 (TCP_SKB_CB(skb)->sacked &
464 (TCPCB_LOST | TCPCB_EVER_RETRANS | TCPCB_AT_TAIL));
465 TCP_SKB_CB(skb)->sacked &= ~TCPCB_AT_TAIL; 465 TCP_SKB_CB(skb)->sacked &= ~TCPCB_AT_TAIL;
466 466
467 if (!skb_shinfo(skb)->nr_frags && skb->ip_summed != CHECKSUM_HW) { 467 if (!skb_shinfo(skb)->nr_frags && skb->ip_summed != CHECKSUM_HW) {
@@ -499,11 +499,26 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
499 tcp_skb_pcount(buff); 499 tcp_skb_pcount(buff);
500 500
501 tp->packets_out -= diff; 501 tp->packets_out -= diff;
502
503 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
504 tp->sacked_out -= diff;
505 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
506 tp->retrans_out -= diff;
507
502 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST) { 508 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST) {
503 tp->lost_out -= diff; 509 tp->lost_out -= diff;
504 tp->left_out -= diff; 510 tp->left_out -= diff;
505 } 511 }
512
506 if (diff > 0) { 513 if (diff > 0) {
514 /* Adjust Reno SACK estimate. */
515 if (!tp->rx_opt.sack_ok) {
516 tp->sacked_out -= diff;
517 if ((int)tp->sacked_out < 0)
518 tp->sacked_out = 0;
519 tcp_sync_left_out(tp);
520 }
521
507 tp->fackets_out -= diff; 522 tp->fackets_out -= diff;
508 if ((int)tp->fackets_out < 0) 523 if ((int)tp->fackets_out < 0)
509 tp->fackets_out = 0; 524 tp->fackets_out = 0;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 2fea3f4402a0..a970b4727ce8 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1806,7 +1806,7 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
1806 } 1806 }
1807 1807
1808 for (dev = dev_base; dev != NULL; dev = dev->next) { 1808 for (dev = dev_base; dev != NULL; dev = dev->next) {
1809 struct in_device * in_dev = __in_dev_get(dev); 1809 struct in_device * in_dev = __in_dev_get_rtnl(dev);
1810 if (in_dev && (dev->flags & IFF_UP)) { 1810 if (in_dev && (dev->flags & IFF_UP)) {
1811 struct in_ifaddr * ifa; 1811 struct in_ifaddr * ifa;
1812 1812
@@ -3520,6 +3520,8 @@ int __init addrconf_init(void)
3520 if (err) 3520 if (err)
3521 return err; 3521 return err;
3522 3522
3523 ip6_null_entry.rt6i_idev = in6_dev_get(&loopback_dev);
3524
3523 register_netdevice_notifier(&ipv6_dev_notf); 3525 register_netdevice_notifier(&ipv6_dev_notf);
3524 3526
3525#ifdef CONFIG_IPV6_PRIVACY 3527#ifdef CONFIG_IPV6_PRIVACY
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 2f589f24c093..563b442ffab8 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -666,7 +666,7 @@ slow_path:
666 */ 666 */
667 fh->nexthdr = nexthdr; 667 fh->nexthdr = nexthdr;
668 fh->reserved = 0; 668 fh->reserved = 0;
669 if (frag_id) { 669 if (!frag_id) {
670 ipv6_select_ident(skb, fh); 670 ipv6_select_ident(skb, fh);
671 frag_id = fh->identification; 671 frag_id = fh->identification;
672 } else 672 } else
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 29fed6e58d0a..519899fb11d5 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1968,7 +1968,7 @@ static void ip6_mc_clear_src(struct ifmcaddr6 *pmc)
1968 } 1968 }
1969 pmc->mca_sources = NULL; 1969 pmc->mca_sources = NULL;
1970 pmc->mca_sfmode = MCAST_EXCLUDE; 1970 pmc->mca_sfmode = MCAST_EXCLUDE;
1971 pmc->mca_sfcount[MCAST_EXCLUDE] = 0; 1971 pmc->mca_sfcount[MCAST_INCLUDE] = 0;
1972 pmc->mca_sfcount[MCAST_EXCLUDE] = 1; 1972 pmc->mca_sfcount[MCAST_EXCLUDE] = 1;
1973} 1973}
1974 1974
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 216fbe1ac65c..bb7ccfe33f23 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -209,6 +209,17 @@ config IP6_NF_TARGET_REJECT
209 209
210 To compile it as a module, choose M here. If unsure, say N. 210 To compile it as a module, choose M here. If unsure, say N.
211 211
212config IP6_NF_TARGET_NFQUEUE
213 tristate "NFQUEUE Target Support"
214 depends on IP_NF_IPTABLES
215 help
216 This Target replaced the old obsolete QUEUE target.
217
218 As opposed to QUEUE, it supports 65535 different queues,
219 not just one.
220
221 To compile it as a module, choose M here. If unsure, say N.
222
212# if [ "$CONFIG_IP6_NF_FILTER" != "n" ]; then 223# if [ "$CONFIG_IP6_NF_FILTER" != "n" ]; then
213# dep_tristate ' REJECT target support' CONFIG_IP6_NF_TARGET_REJECT $CONFIG_IP6_NF_FILTER 224# dep_tristate ' REJECT target support' CONFIG_IP6_NF_TARGET_REJECT $CONFIG_IP6_NF_FILTER
214# if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then 225# if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index bd9a16a5cbba..2b2c370e8b1c 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -21,9 +21,9 @@ obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
21obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o 21obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
22obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o 22obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o
23obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o 23obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
24obj-$(CONFIG_IP6_NF_TARGET_NFQUEUE) += ip6t_NFQUEUE.o
24obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o 25obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
25obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o 26obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
26obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o 27obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
27obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o 28obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
28obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o 29obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o
29obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ip6t_NFQUEUE.o
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index aa11cf366efa..5027bbe6415e 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -238,8 +238,8 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
238 238
239 pmsg->packet_id = (unsigned long )entry; 239 pmsg->packet_id = (unsigned long )entry;
240 pmsg->data_len = data_len; 240 pmsg->data_len = data_len;
241 pmsg->timestamp_sec = skb_tv_base.tv_sec + entry->skb->tstamp.off_sec; 241 pmsg->timestamp_sec = entry->skb->tstamp.off_sec;
242 pmsg->timestamp_usec = skb_tv_base.tv_usec + entry->skb->tstamp.off_usec; 242 pmsg->timestamp_usec = entry->skb->tstamp.off_usec;
243 pmsg->mark = entry->skb->nfmark; 243 pmsg->mark = entry->skb->nfmark;
244 pmsg->hook = entry->info->hook; 244 pmsg->hook = entry->info->hook;
245 pmsg->hw_protocol = entry->skb->protocol; 245 pmsg->hw_protocol = entry->skb->protocol;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 1cb8adb2787f..2da514b16d95 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1955,6 +1955,57 @@ static void __exit fini(void)
1955#endif 1955#endif
1956} 1956}
1957 1957
1958/*
1959 * find specified header up to transport protocol header.
1960 * If found target header, the offset to the header is set to *offset
1961 * and return 0. otherwise, return -1.
1962 *
1963 * Notes: - non-1st Fragment Header isn't skipped.
1964 * - ESP header isn't skipped.
1965 * - The target header may be trancated.
1966 */
1967int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, u8 target)
1968{
1969 unsigned int start = (u8*)(skb->nh.ipv6h + 1) - skb->data;
1970 u8 nexthdr = skb->nh.ipv6h->nexthdr;
1971 unsigned int len = skb->len - start;
1972
1973 while (nexthdr != target) {
1974 struct ipv6_opt_hdr _hdr, *hp;
1975 unsigned int hdrlen;
1976
1977 if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE)
1978 return -1;
1979 hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
1980 if (hp == NULL)
1981 return -1;
1982 if (nexthdr == NEXTHDR_FRAGMENT) {
1983 unsigned short _frag_off, *fp;
1984 fp = skb_header_pointer(skb,
1985 start+offsetof(struct frag_hdr,
1986 frag_off),
1987 sizeof(_frag_off),
1988 &_frag_off);
1989 if (fp == NULL)
1990 return -1;
1991
1992 if (ntohs(*fp) & ~0x7)
1993 return -1;
1994 hdrlen = 8;
1995 } else if (nexthdr == NEXTHDR_AUTH)
1996 hdrlen = (hp->hdrlen + 2) << 2;
1997 else
1998 hdrlen = ipv6_optlen(hp);
1999
2000 nexthdr = hp->nexthdr;
2001 len -= hdrlen;
2002 start += hdrlen;
2003 }
2004
2005 *offset = start;
2006 return 0;
2007}
2008
1958EXPORT_SYMBOL(ip6t_register_table); 2009EXPORT_SYMBOL(ip6t_register_table);
1959EXPORT_SYMBOL(ip6t_unregister_table); 2010EXPORT_SYMBOL(ip6t_unregister_table);
1960EXPORT_SYMBOL(ip6t_do_table); 2011EXPORT_SYMBOL(ip6t_do_table);
@@ -1963,6 +2014,7 @@ EXPORT_SYMBOL(ip6t_unregister_match);
1963EXPORT_SYMBOL(ip6t_register_target); 2014EXPORT_SYMBOL(ip6t_register_target);
1964EXPORT_SYMBOL(ip6t_unregister_target); 2015EXPORT_SYMBOL(ip6t_unregister_target);
1965EXPORT_SYMBOL(ip6t_ext_hdr); 2016EXPORT_SYMBOL(ip6t_ext_hdr);
2017EXPORT_SYMBOL(ipv6_find_hdr);
1966 2018
1967module_init(init); 2019module_init(init);
1968module_exit(fini); 2020module_exit(fini);
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index d5b94f142bba..dde37793d20b 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -48,92 +48,21 @@ match(const struct sk_buff *skb,
48 unsigned int protoff, 48 unsigned int protoff,
49 int *hotdrop) 49 int *hotdrop)
50{ 50{
51 struct ip_auth_hdr *ah = NULL, _ah; 51 struct ip_auth_hdr *ah, _ah;
52 const struct ip6t_ah *ahinfo = matchinfo; 52 const struct ip6t_ah *ahinfo = matchinfo;
53 unsigned int temp;
54 int len;
55 u8 nexthdr;
56 unsigned int ptr; 53 unsigned int ptr;
57 unsigned int hdrlen = 0; 54 unsigned int hdrlen = 0;
58 55
59 /*DEBUGP("IPv6 AH entered\n");*/ 56 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH) < 0)
60 /* if (opt->auth == 0) return 0;
61 * It does not filled on output */
62
63 /* type of the 1st exthdr */
64 nexthdr = skb->nh.ipv6h->nexthdr;
65 /* pointer to the 1st exthdr */
66 ptr = sizeof(struct ipv6hdr);
67 /* available length */
68 len = skb->len - ptr;
69 temp = 0;
70
71 while (ip6t_ext_hdr(nexthdr)) {
72 struct ipv6_opt_hdr _hdr, *hp;
73
74 DEBUGP("ipv6_ah header iteration \n");
75
76 /* Is there enough space for the next ext header? */
77 if (len < sizeof(struct ipv6_opt_hdr))
78 return 0;
79 /* No more exthdr -> evaluate */
80 if (nexthdr == NEXTHDR_NONE)
81 break;
82 /* ESP -> evaluate */
83 if (nexthdr == NEXTHDR_ESP)
84 break;
85
86 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
87 BUG_ON(hp == NULL);
88
89 /* Calculate the header length */
90 if (nexthdr == NEXTHDR_FRAGMENT)
91 hdrlen = 8;
92 else if (nexthdr == NEXTHDR_AUTH)
93 hdrlen = (hp->hdrlen+2)<<2;
94 else
95 hdrlen = ipv6_optlen(hp);
96
97 /* AH -> evaluate */
98 if (nexthdr == NEXTHDR_AUTH) {
99 temp |= MASK_AH;
100 break;
101 }
102
103
104 /* set the flag */
105 switch (nexthdr) {
106 case NEXTHDR_HOP:
107 case NEXTHDR_ROUTING:
108 case NEXTHDR_FRAGMENT:
109 case NEXTHDR_AUTH:
110 case NEXTHDR_DEST:
111 break;
112 default:
113 DEBUGP("ipv6_ah match: unknown nextheader %u\n",nexthdr);
114 return 0;
115 }
116
117 nexthdr = hp->nexthdr;
118 len -= hdrlen;
119 ptr += hdrlen;
120 if (ptr > skb->len) {
121 DEBUGP("ipv6_ah: new pointer too large! \n");
122 break;
123 }
124 }
125
126 /* AH header not found */
127 if (temp != MASK_AH)
128 return 0; 57 return 0;
129 58
130 if (len < sizeof(struct ip_auth_hdr)){ 59 ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
60 if (ah == NULL) {
131 *hotdrop = 1; 61 *hotdrop = 1;
132 return 0; 62 return 0;
133 } 63 }
134 64
135 ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); 65 hdrlen = (ah->hdrlen + 2) << 2;
136 BUG_ON(ah == NULL);
137 66
138 DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen); 67 DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen);
139 DEBUGP("RES %04X ", ah->reserved); 68 DEBUGP("RES %04X ", ah->reserved);
diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
index 540925e4a7a8..c450a635e54b 100644
--- a/net/ipv6/netfilter/ip6t_dst.c
+++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -63,8 +63,6 @@ match(const struct sk_buff *skb,
63 struct ipv6_opt_hdr _optsh, *oh; 63 struct ipv6_opt_hdr _optsh, *oh;
64 const struct ip6t_opts *optinfo = matchinfo; 64 const struct ip6t_opts *optinfo = matchinfo;
65 unsigned int temp; 65 unsigned int temp;
66 unsigned int len;
67 u8 nexthdr;
68 unsigned int ptr; 66 unsigned int ptr;
69 unsigned int hdrlen = 0; 67 unsigned int hdrlen = 0;
70 unsigned int ret = 0; 68 unsigned int ret = 0;
@@ -72,97 +70,25 @@ match(const struct sk_buff *skb,
72 u8 _optlen, *lp = NULL; 70 u8 _optlen, *lp = NULL;
73 unsigned int optlen; 71 unsigned int optlen;
74 72
75 /* type of the 1st exthdr */
76 nexthdr = skb->nh.ipv6h->nexthdr;
77 /* pointer to the 1st exthdr */
78 ptr = sizeof(struct ipv6hdr);
79 /* available length */
80 len = skb->len - ptr;
81 temp = 0;
82
83 while (ip6t_ext_hdr(nexthdr)) {
84 struct ipv6_opt_hdr _hdr, *hp;
85
86 DEBUGP("ipv6_opts header iteration \n");
87
88 /* Is there enough space for the next ext header? */
89 if (len < (int)sizeof(struct ipv6_opt_hdr))
90 return 0;
91 /* No more exthdr -> evaluate */
92 if (nexthdr == NEXTHDR_NONE) {
93 break;
94 }
95 /* ESP -> evaluate */
96 if (nexthdr == NEXTHDR_ESP) {
97 break;
98 }
99
100 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
101 BUG_ON(hp == NULL);
102
103 /* Calculate the header length */
104 if (nexthdr == NEXTHDR_FRAGMENT) {
105 hdrlen = 8;
106 } else if (nexthdr == NEXTHDR_AUTH)
107 hdrlen = (hp->hdrlen+2)<<2;
108 else
109 hdrlen = ipv6_optlen(hp);
110
111 /* OPTS -> evaluate */
112#if HOPBYHOP 73#if HOPBYHOP
113 if (nexthdr == NEXTHDR_HOP) { 74 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP) < 0)
114 temp |= MASK_HOPOPTS;
115#else 75#else
116 if (nexthdr == NEXTHDR_DEST) { 76 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST) < 0)
117 temp |= MASK_DSTOPTS;
118#endif 77#endif
119 break; 78 return 0;
120 }
121
122 79
123 /* set the flag */ 80 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
124 switch (nexthdr){ 81 if (oh == NULL){
125 case NEXTHDR_HOP:
126 case NEXTHDR_ROUTING:
127 case NEXTHDR_FRAGMENT:
128 case NEXTHDR_AUTH:
129 case NEXTHDR_DEST:
130 break;
131 default:
132 DEBUGP("ipv6_opts match: unknown nextheader %u\n",nexthdr);
133 return 0;
134 break;
135 }
136
137 nexthdr = hp->nexthdr;
138 len -= hdrlen;
139 ptr += hdrlen;
140 if ( ptr > skb->len ) {
141 DEBUGP("ipv6_opts: new pointer is too large! \n");
142 break;
143 }
144 }
145
146 /* OPTIONS header not found */
147#if HOPBYHOP
148 if ( temp != MASK_HOPOPTS ) return 0;
149#else
150 if ( temp != MASK_DSTOPTS ) return 0;
151#endif
152
153 if (len < (int)sizeof(struct ipv6_opt_hdr)){
154 *hotdrop = 1; 82 *hotdrop = 1;
155 return 0; 83 return 0;
156 } 84 }
157 85
158 if (len < hdrlen){ 86 hdrlen = ipv6_optlen(oh);
87 if (skb->len - ptr < hdrlen){
159 /* Packet smaller than it's length field */ 88 /* Packet smaller than it's length field */
160 return 0; 89 return 0;
161 } 90 }
162 91
163 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
164 BUG_ON(oh == NULL);
165
166 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); 92 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
167 93
168 DEBUGP("len %02X %04X %02X ", 94 DEBUGP("len %02X %04X %02X ",
diff --git a/net/ipv6/netfilter/ip6t_esp.c b/net/ipv6/netfilter/ip6t_esp.c
index e39dd236fd8e..24bc0cde43a1 100644
--- a/net/ipv6/netfilter/ip6t_esp.c
+++ b/net/ipv6/netfilter/ip6t_esp.c
@@ -48,87 +48,22 @@ match(const struct sk_buff *skb,
48 unsigned int protoff, 48 unsigned int protoff,
49 int *hotdrop) 49 int *hotdrop)
50{ 50{
51 struct ip_esp_hdr _esp, *eh = NULL; 51 struct ip_esp_hdr _esp, *eh;
52 const struct ip6t_esp *espinfo = matchinfo; 52 const struct ip6t_esp *espinfo = matchinfo;
53 unsigned int temp;
54 int len;
55 u8 nexthdr;
56 unsigned int ptr; 53 unsigned int ptr;
57 54
58 /* Make sure this isn't an evil packet */ 55 /* Make sure this isn't an evil packet */
59 /*DEBUGP("ipv6_esp entered \n");*/ 56 /*DEBUGP("ipv6_esp entered \n");*/
60 57
61 /* type of the 1st exthdr */ 58 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ESP) < 0)
62 nexthdr = skb->nh.ipv6h->nexthdr;
63 /* pointer to the 1st exthdr */
64 ptr = sizeof(struct ipv6hdr);
65 /* available length */
66 len = skb->len - ptr;
67 temp = 0;
68
69 while (ip6t_ext_hdr(nexthdr)) {
70 struct ipv6_opt_hdr _hdr, *hp;
71 int hdrlen;
72
73 DEBUGP("ipv6_esp header iteration \n");
74
75 /* Is there enough space for the next ext header? */
76 if (len < sizeof(struct ipv6_opt_hdr))
77 return 0;
78 /* No more exthdr -> evaluate */
79 if (nexthdr == NEXTHDR_NONE)
80 break;
81 /* ESP -> evaluate */
82 if (nexthdr == NEXTHDR_ESP) {
83 temp |= MASK_ESP;
84 break;
85 }
86
87 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
88 BUG_ON(hp == NULL);
89
90 /* Calculate the header length */
91 if (nexthdr == NEXTHDR_FRAGMENT)
92 hdrlen = 8;
93 else if (nexthdr == NEXTHDR_AUTH)
94 hdrlen = (hp->hdrlen+2)<<2;
95 else
96 hdrlen = ipv6_optlen(hp);
97
98 /* set the flag */
99 switch (nexthdr) {
100 case NEXTHDR_HOP:
101 case NEXTHDR_ROUTING:
102 case NEXTHDR_FRAGMENT:
103 case NEXTHDR_AUTH:
104 case NEXTHDR_DEST:
105 break;
106 default:
107 DEBUGP("ipv6_esp match: unknown nextheader %u\n",nexthdr);
108 return 0;
109 }
110
111 nexthdr = hp->nexthdr;
112 len -= hdrlen;
113 ptr += hdrlen;
114 if (ptr > skb->len) {
115 DEBUGP("ipv6_esp: new pointer too large! \n");
116 break;
117 }
118 }
119
120 /* ESP header not found */
121 if (temp != MASK_ESP)
122 return 0; 59 return 0;
123 60
124 if (len < sizeof(struct ip_esp_hdr)) { 61 eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
62 if (eh == NULL) {
125 *hotdrop = 1; 63 *hotdrop = 1;
126 return 0; 64 return 0;
127 } 65 }
128 66
129 eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
130 BUG_ON(eh == NULL);
131
132 DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(eh->spi), ntohl(eh->spi)); 67 DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(eh->spi), ntohl(eh->spi));
133 68
134 return (eh != NULL) 69 return (eh != NULL)
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 4bfa30a9bc80..085d5f8eea29 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -48,90 +48,18 @@ match(const struct sk_buff *skb,
48 unsigned int protoff, 48 unsigned int protoff,
49 int *hotdrop) 49 int *hotdrop)
50{ 50{
51 struct frag_hdr _frag, *fh = NULL; 51 struct frag_hdr _frag, *fh;
52 const struct ip6t_frag *fraginfo = matchinfo; 52 const struct ip6t_frag *fraginfo = matchinfo;
53 unsigned int temp;
54 int len;
55 u8 nexthdr;
56 unsigned int ptr; 53 unsigned int ptr;
57 unsigned int hdrlen = 0;
58
59 /* type of the 1st exthdr */
60 nexthdr = skb->nh.ipv6h->nexthdr;
61 /* pointer to the 1st exthdr */
62 ptr = sizeof(struct ipv6hdr);
63 /* available length */
64 len = skb->len - ptr;
65 temp = 0;
66
67 while (ip6t_ext_hdr(nexthdr)) {
68 struct ipv6_opt_hdr _hdr, *hp;
69
70 DEBUGP("ipv6_frag header iteration \n");
71
72 /* Is there enough space for the next ext header? */
73 if (len < (int)sizeof(struct ipv6_opt_hdr))
74 return 0;
75 /* No more exthdr -> evaluate */
76 if (nexthdr == NEXTHDR_NONE) {
77 break;
78 }
79 /* ESP -> evaluate */
80 if (nexthdr == NEXTHDR_ESP) {
81 break;
82 }
83
84 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
85 BUG_ON(hp == NULL);
86
87 /* Calculate the header length */
88 if (nexthdr == NEXTHDR_FRAGMENT) {
89 hdrlen = 8;
90 } else if (nexthdr == NEXTHDR_AUTH)
91 hdrlen = (hp->hdrlen+2)<<2;
92 else
93 hdrlen = ipv6_optlen(hp);
94
95 /* FRAG -> evaluate */
96 if (nexthdr == NEXTHDR_FRAGMENT) {
97 temp |= MASK_FRAGMENT;
98 break;
99 }
100
101
102 /* set the flag */
103 switch (nexthdr){
104 case NEXTHDR_HOP:
105 case NEXTHDR_ROUTING:
106 case NEXTHDR_FRAGMENT:
107 case NEXTHDR_AUTH:
108 case NEXTHDR_DEST:
109 break;
110 default:
111 DEBUGP("ipv6_frag match: unknown nextheader %u\n",nexthdr);
112 return 0;
113 break;
114 }
115
116 nexthdr = hp->nexthdr;
117 len -= hdrlen;
118 ptr += hdrlen;
119 if ( ptr > skb->len ) {
120 DEBUGP("ipv6_frag: new pointer too large! \n");
121 break;
122 }
123 }
124
125 /* FRAG header not found */
126 if ( temp != MASK_FRAGMENT ) return 0;
127
128 if (len < sizeof(struct frag_hdr)){
129 *hotdrop = 1;
130 return 0;
131 }
132 54
133 fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); 55 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT) < 0)
134 BUG_ON(fh == NULL); 56 return 0;
57
58 fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
59 if (fh == NULL){
60 *hotdrop = 1;
61 return 0;
62 }
135 63
136 DEBUGP("INFO %04X ", fh->frag_off); 64 DEBUGP("INFO %04X ", fh->frag_off);
137 DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7); 65 DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7);
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 27f3650d127e..1d09485111d0 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -63,8 +63,6 @@ match(const struct sk_buff *skb,
63 struct ipv6_opt_hdr _optsh, *oh; 63 struct ipv6_opt_hdr _optsh, *oh;
64 const struct ip6t_opts *optinfo = matchinfo; 64 const struct ip6t_opts *optinfo = matchinfo;
65 unsigned int temp; 65 unsigned int temp;
66 unsigned int len;
67 u8 nexthdr;
68 unsigned int ptr; 66 unsigned int ptr;
69 unsigned int hdrlen = 0; 67 unsigned int hdrlen = 0;
70 unsigned int ret = 0; 68 unsigned int ret = 0;
@@ -72,97 +70,25 @@ match(const struct sk_buff *skb,
72 u8 _optlen, *lp = NULL; 70 u8 _optlen, *lp = NULL;
73 unsigned int optlen; 71 unsigned int optlen;
74 72
75 /* type of the 1st exthdr */
76 nexthdr = skb->nh.ipv6h->nexthdr;
77 /* pointer to the 1st exthdr */
78 ptr = sizeof(struct ipv6hdr);
79 /* available length */
80 len = skb->len - ptr;
81 temp = 0;
82
83 while (ip6t_ext_hdr(nexthdr)) {
84 struct ipv6_opt_hdr _hdr, *hp;
85
86 DEBUGP("ipv6_opts header iteration \n");
87
88 /* Is there enough space for the next ext header? */
89 if (len < (int)sizeof(struct ipv6_opt_hdr))
90 return 0;
91 /* No more exthdr -> evaluate */
92 if (nexthdr == NEXTHDR_NONE) {
93 break;
94 }
95 /* ESP -> evaluate */
96 if (nexthdr == NEXTHDR_ESP) {
97 break;
98 }
99
100 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
101 BUG_ON(hp == NULL);
102
103 /* Calculate the header length */
104 if (nexthdr == NEXTHDR_FRAGMENT) {
105 hdrlen = 8;
106 } else if (nexthdr == NEXTHDR_AUTH)
107 hdrlen = (hp->hdrlen+2)<<2;
108 else
109 hdrlen = ipv6_optlen(hp);
110
111 /* OPTS -> evaluate */
112#if HOPBYHOP 73#if HOPBYHOP
113 if (nexthdr == NEXTHDR_HOP) { 74 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP) < 0)
114 temp |= MASK_HOPOPTS;
115#else 75#else
116 if (nexthdr == NEXTHDR_DEST) { 76 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST) < 0)
117 temp |= MASK_DSTOPTS;
118#endif 77#endif
119 break; 78 return 0;
120 }
121
122 79
123 /* set the flag */ 80 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
124 switch (nexthdr){ 81 if (oh == NULL){
125 case NEXTHDR_HOP:
126 case NEXTHDR_ROUTING:
127 case NEXTHDR_FRAGMENT:
128 case NEXTHDR_AUTH:
129 case NEXTHDR_DEST:
130 break;
131 default:
132 DEBUGP("ipv6_opts match: unknown nextheader %u\n",nexthdr);
133 return 0;
134 break;
135 }
136
137 nexthdr = hp->nexthdr;
138 len -= hdrlen;
139 ptr += hdrlen;
140 if ( ptr > skb->len ) {
141 DEBUGP("ipv6_opts: new pointer is too large! \n");
142 break;
143 }
144 }
145
146 /* OPTIONS header not found */
147#if HOPBYHOP
148 if ( temp != MASK_HOPOPTS ) return 0;
149#else
150 if ( temp != MASK_DSTOPTS ) return 0;
151#endif
152
153 if (len < (int)sizeof(struct ipv6_opt_hdr)){
154 *hotdrop = 1; 82 *hotdrop = 1;
155 return 0; 83 return 0;
156 } 84 }
157 85
158 if (len < hdrlen){ 86 hdrlen = ipv6_optlen(oh);
87 if (skb->len - ptr < hdrlen){
159 /* Packet smaller than it's length field */ 88 /* Packet smaller than it's length field */
160 return 0; 89 return 0;
161 } 90 }
162 91
163 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
164 BUG_ON(oh == NULL);
165
166 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); 92 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
167 93
168 DEBUGP("len %02X %04X %02X ", 94 DEBUGP("len %02X %04X %02X ",
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 2bb670037df3..beb2fd5cebbb 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -50,98 +50,29 @@ match(const struct sk_buff *skb,
50 unsigned int protoff, 50 unsigned int protoff,
51 int *hotdrop) 51 int *hotdrop)
52{ 52{
53 struct ipv6_rt_hdr _route, *rh = NULL; 53 struct ipv6_rt_hdr _route, *rh;
54 const struct ip6t_rt *rtinfo = matchinfo; 54 const struct ip6t_rt *rtinfo = matchinfo;
55 unsigned int temp; 55 unsigned int temp;
56 unsigned int len;
57 u8 nexthdr;
58 unsigned int ptr; 56 unsigned int ptr;
59 unsigned int hdrlen = 0; 57 unsigned int hdrlen = 0;
60 unsigned int ret = 0; 58 unsigned int ret = 0;
61 struct in6_addr *ap, _addr; 59 struct in6_addr *ap, _addr;
62 60
63 /* type of the 1st exthdr */ 61 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING) < 0)
64 nexthdr = skb->nh.ipv6h->nexthdr; 62 return 0;
65 /* pointer to the 1st exthdr */
66 ptr = sizeof(struct ipv6hdr);
67 /* available length */
68 len = skb->len - ptr;
69 temp = 0;
70 63
71 while (ip6t_ext_hdr(nexthdr)) { 64 rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
72 struct ipv6_opt_hdr _hdr, *hp; 65 if (rh == NULL){
73
74 DEBUGP("ipv6_rt header iteration \n");
75
76 /* Is there enough space for the next ext header? */
77 if (len < (int)sizeof(struct ipv6_opt_hdr))
78 return 0;
79 /* No more exthdr -> evaluate */
80 if (nexthdr == NEXTHDR_NONE) {
81 break;
82 }
83 /* ESP -> evaluate */
84 if (nexthdr == NEXTHDR_ESP) {
85 break;
86 }
87
88 hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
89 BUG_ON(hp == NULL);
90
91 /* Calculate the header length */
92 if (nexthdr == NEXTHDR_FRAGMENT) {
93 hdrlen = 8;
94 } else if (nexthdr == NEXTHDR_AUTH)
95 hdrlen = (hp->hdrlen+2)<<2;
96 else
97 hdrlen = ipv6_optlen(hp);
98
99 /* ROUTING -> evaluate */
100 if (nexthdr == NEXTHDR_ROUTING) {
101 temp |= MASK_ROUTING;
102 break;
103 }
104
105
106 /* set the flag */
107 switch (nexthdr){
108 case NEXTHDR_HOP:
109 case NEXTHDR_ROUTING:
110 case NEXTHDR_FRAGMENT:
111 case NEXTHDR_AUTH:
112 case NEXTHDR_DEST:
113 break;
114 default:
115 DEBUGP("ipv6_rt match: unknown nextheader %u\n",nexthdr);
116 return 0;
117 break;
118 }
119
120 nexthdr = hp->nexthdr;
121 len -= hdrlen;
122 ptr += hdrlen;
123 if ( ptr > skb->len ) {
124 DEBUGP("ipv6_rt: new pointer is too large! \n");
125 break;
126 }
127 }
128
129 /* ROUTING header not found */
130 if ( temp != MASK_ROUTING ) return 0;
131
132 if (len < (int)sizeof(struct ipv6_rt_hdr)){
133 *hotdrop = 1; 66 *hotdrop = 1;
134 return 0; 67 return 0;
135 } 68 }
136 69
137 if (len < hdrlen){ 70 hdrlen = ipv6_optlen(rh);
71 if (skb->len - ptr < hdrlen){
138 /* Pcket smaller than its length field */ 72 /* Pcket smaller than its length field */
139 return 0; 73 return 0;
140 } 74 }
141 75
142 rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
143 BUG_ON(rh == NULL);
144
145 DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); 76 DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
146 DEBUGP("TYPE %04X ", rh->type); 77 DEBUGP("TYPE %04X ", rh->type);
147 DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); 78 DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 5aa3691c578d..a1265a320b11 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -627,7 +627,7 @@ static void rawv6_probe_proto_opt(struct flowi *fl, struct msghdr *msg)
627 627
628 if (type && code) { 628 if (type && code) {
629 get_user(fl->fl_icmp_type, type); 629 get_user(fl->fl_icmp_type, type);
630 __get_user(fl->fl_icmp_code, code); 630 get_user(fl->fl_icmp_code, code);
631 probed = 1; 631 probed = 1;
632 } 632 }
633 break; 633 break;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 80643e6b346b..d693cb988b78 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -209,9 +209,11 @@ static __inline__ void __tcp_v6_hash(struct sock *sk)
209 lock = &tcp_hashinfo.lhash_lock; 209 lock = &tcp_hashinfo.lhash_lock;
210 inet_listen_wlock(&tcp_hashinfo); 210 inet_listen_wlock(&tcp_hashinfo);
211 } else { 211 } else {
212 sk->sk_hashent = inet6_sk_ehashfn(sk, tcp_hashinfo.ehash_size); 212 unsigned int hash;
213 list = &tcp_hashinfo.ehash[sk->sk_hashent].chain; 213 sk->sk_hash = hash = inet6_sk_ehashfn(sk);
214 lock = &tcp_hashinfo.ehash[sk->sk_hashent].lock; 214 hash &= (tcp_hashinfo.ehash_size - 1);
215 list = &tcp_hashinfo.ehash[hash].chain;
216 lock = &tcp_hashinfo.ehash[hash].lock;
215 write_lock(lock); 217 write_lock(lock);
216 } 218 }
217 219
@@ -322,13 +324,13 @@ static int __tcp_v6_check_established(struct sock *sk, const __u16 lport,
322 const struct in6_addr *saddr = &np->daddr; 324 const struct in6_addr *saddr = &np->daddr;
323 const int dif = sk->sk_bound_dev_if; 325 const int dif = sk->sk_bound_dev_if;
324 const u32 ports = INET_COMBINED_PORTS(inet->dport, lport); 326 const u32 ports = INET_COMBINED_PORTS(inet->dport, lport);
325 const int hash = inet6_ehashfn(daddr, inet->num, saddr, inet->dport, 327 unsigned int hash = inet6_ehashfn(daddr, inet->num, saddr, inet->dport);
326 tcp_hashinfo.ehash_size); 328 struct inet_ehash_bucket *head = inet_ehash_bucket(&tcp_hashinfo, hash);
327 struct inet_ehash_bucket *head = &tcp_hashinfo.ehash[hash];
328 struct sock *sk2; 329 struct sock *sk2;
329 const struct hlist_node *node; 330 const struct hlist_node *node;
330 struct inet_timewait_sock *tw; 331 struct inet_timewait_sock *tw;
331 332
333 prefetch(head->chain.first);
332 write_lock(&head->lock); 334 write_lock(&head->lock);
333 335
334 /* Check TIME-WAIT sockets first. */ 336 /* Check TIME-WAIT sockets first. */
@@ -365,14 +367,14 @@ static int __tcp_v6_check_established(struct sock *sk, const __u16 lport,
365 367
366 /* And established part... */ 368 /* And established part... */
367 sk_for_each(sk2, node, &head->chain) { 369 sk_for_each(sk2, node, &head->chain) {
368 if (INET6_MATCH(sk2, saddr, daddr, ports, dif)) 370 if (INET6_MATCH(sk2, hash, saddr, daddr, ports, dif))
369 goto not_unique; 371 goto not_unique;
370 } 372 }
371 373
372unique: 374unique:
373 BUG_TRAP(sk_unhashed(sk)); 375 BUG_TRAP(sk_unhashed(sk));
374 __sk_add_node(sk, &head->chain); 376 __sk_add_node(sk, &head->chain);
375 sk->sk_hashent = hash; 377 sk->sk_hash = hash;
376 sock_prot_inc_use(sk->sk_prot); 378 sock_prot_inc_use(sk->sk_prot);
377 write_unlock(&head->lock); 379 write_unlock(&head->lock);
378 380
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 69b146843a20..e4cad11f284a 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -405,9 +405,8 @@ static struct sock *udp_v6_mcast_next(struct sock *sk,
405 continue; 405 continue;
406 406
407 if (!ipv6_addr_any(&np->rcv_saddr)) { 407 if (!ipv6_addr_any(&np->rcv_saddr)) {
408 if (ipv6_addr_equal(&np->rcv_saddr, loc_addr)) 408 if (!ipv6_addr_equal(&np->rcv_saddr, loc_addr))
409 return s; 409 continue;
410 continue;
411 } 410 }
412 if(!inet6_mc_check(s, loc_addr, rmt_addr)) 411 if(!inet6_mc_check(s, loc_addr, rmt_addr))
413 continue; 412 continue;
@@ -640,6 +639,7 @@ static int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk,
640 int tclass = -1; 639 int tclass = -1;
641 int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; 640 int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
642 int err; 641 int err;
642 int connected = 0;
643 643
644 /* destination address check */ 644 /* destination address check */
645 if (sin6) { 645 if (sin6) {
@@ -749,6 +749,7 @@ do_udp_sendmsg:
749 fl->fl_ip_dport = inet->dport; 749 fl->fl_ip_dport = inet->dport;
750 daddr = &np->daddr; 750 daddr = &np->daddr;
751 fl->fl6_flowlabel = np->flow_label; 751 fl->fl6_flowlabel = np->flow_label;
752 connected = 1;
752 } 753 }
753 754
754 if (!fl->oif) 755 if (!fl->oif)
@@ -771,6 +772,7 @@ do_udp_sendmsg:
771 } 772 }
772 if (!(opt->opt_nflen|opt->opt_flen)) 773 if (!(opt->opt_nflen|opt->opt_flen))
773 opt = NULL; 774 opt = NULL;
775 connected = 0;
774 } 776 }
775 if (opt == NULL) 777 if (opt == NULL)
776 opt = np->opt; 778 opt = np->opt;
@@ -788,10 +790,13 @@ do_udp_sendmsg:
788 ipv6_addr_copy(&final, &fl->fl6_dst); 790 ipv6_addr_copy(&final, &fl->fl6_dst);
789 ipv6_addr_copy(&fl->fl6_dst, rt0->addr); 791 ipv6_addr_copy(&fl->fl6_dst, rt0->addr);
790 final_p = &final; 792 final_p = &final;
793 connected = 0;
791 } 794 }
792 795
793 if (!fl->oif && ipv6_addr_is_multicast(&fl->fl6_dst)) 796 if (!fl->oif && ipv6_addr_is_multicast(&fl->fl6_dst)) {
794 fl->oif = np->mcast_oif; 797 fl->oif = np->mcast_oif;
798 connected = 0;
799 }
795 800
796 err = ip6_dst_lookup(sk, &dst, fl); 801 err = ip6_dst_lookup(sk, &dst, fl);
797 if (err) 802 if (err)
@@ -847,10 +852,16 @@ do_append_data:
847 else if (!corkreq) 852 else if (!corkreq)
848 err = udp_v6_push_pending_frames(sk, up); 853 err = udp_v6_push_pending_frames(sk, up);
849 854
850 if (dst) 855 if (dst) {
851 ip6_dst_store(sk, dst, 856 if (connected) {
852 ipv6_addr_equal(&fl->fl6_dst, &np->daddr) ? 857 ip6_dst_store(sk, dst,
853 &np->daddr : NULL); 858 ipv6_addr_equal(&fl->fl6_dst, &np->daddr) ?
859 &np->daddr : NULL);
860 } else {
861 dst_release(dst);
862 }
863 }
864
854 if (err > 0) 865 if (err > 0)
855 err = np->recverr ? net_xmit_errno(err) : 0; 866 err = np->recverr ? net_xmit_errno(err) : 0;
856 release_sock(sk); 867 release_sock(sk);
diff --git a/net/irda/irlan/irlan_eth.c b/net/irda/irlan/irlan_eth.c
index 071cd2cefd8a..953e255d2bc8 100644
--- a/net/irda/irlan/irlan_eth.c
+++ b/net/irda/irlan/irlan_eth.c
@@ -310,7 +310,7 @@ void irlan_eth_send_gratuitous_arp(struct net_device *dev)
310#ifdef CONFIG_INET 310#ifdef CONFIG_INET
311 IRDA_DEBUG(4, "IrLAN: Sending gratuitous ARP\n"); 311 IRDA_DEBUG(4, "IrLAN: Sending gratuitous ARP\n");
312 rcu_read_lock(); 312 rcu_read_lock();
313 in_dev = __in_dev_get(dev); 313 in_dev = __in_dev_get_rcu(dev);
314 if (in_dev == NULL) 314 if (in_dev == NULL)
315 goto out; 315 goto out;
316 if (in_dev->ifa_list) 316 if (in_dev->ifa_list)
diff --git a/net/irda/irttp.c b/net/irda/irttp.c
index 6602d901f8b1..8aff254cb418 100644
--- a/net/irda/irttp.c
+++ b/net/irda/irttp.c
@@ -38,7 +38,7 @@
38#include <net/irda/parameters.h> 38#include <net/irda/parameters.h>
39#include <net/irda/irttp.h> 39#include <net/irda/irttp.h>
40 40
41static struct irttp_cb *irttp = NULL; 41static struct irttp_cb *irttp;
42 42
43static void __irttp_close_tsap(struct tsap_cb *self); 43static void __irttp_close_tsap(struct tsap_cb *self);
44 44
@@ -86,12 +86,9 @@ static pi_param_info_t param_info = { pi_major_call_table, 1, 0x0f, 4 };
86 */ 86 */
87int __init irttp_init(void) 87int __init irttp_init(void)
88{ 88{
89 /* Initialize the irttp structure. */ 89 irttp = kmalloc(sizeof(struct irttp_cb), GFP_KERNEL);
90 if (irttp == NULL) { 90 if (irttp == NULL)
91 irttp = kmalloc(sizeof(struct irttp_cb), GFP_KERNEL); 91 return -ENOMEM;
92 if (irttp == NULL)
93 return -ENOMEM;
94 }
95 memset(irttp, 0, sizeof(struct irttp_cb)); 92 memset(irttp, 0, sizeof(struct irttp_cb));
96 93
97 irttp->magic = TTP_MAGIC; 94 irttp->magic = TTP_MAGIC;
@@ -100,6 +97,7 @@ int __init irttp_init(void)
100 if (!irttp->tsaps) { 97 if (!irttp->tsaps) {
101 IRDA_ERROR("%s: can't allocate IrTTP hashbin!\n", 98 IRDA_ERROR("%s: can't allocate IrTTP hashbin!\n",
102 __FUNCTION__); 99 __FUNCTION__);
100 kfree(irttp);
103 return -ENOMEM; 101 return -ENOMEM;
104 } 102 }
105 103
@@ -115,7 +113,6 @@ int __init irttp_init(void)
115void __exit irttp_cleanup(void) 113void __exit irttp_cleanup(void)
116{ 114{
117 /* Check for main structure */ 115 /* Check for main structure */
118 IRDA_ASSERT(irttp != NULL, return;);
119 IRDA_ASSERT(irttp->magic == TTP_MAGIC, return;); 116 IRDA_ASSERT(irttp->magic == TTP_MAGIC, return;);
120 117
121 /* 118 /*
@@ -382,7 +379,6 @@ struct tsap_cb *irttp_open_tsap(__u8 stsap_sel, int credit, notify_t *notify)
382 struct lsap_cb *lsap; 379 struct lsap_cb *lsap;
383 notify_t ttp_notify; 380 notify_t ttp_notify;
384 381
385 IRDA_ASSERT(irttp != NULL, return NULL;);
386 IRDA_ASSERT(irttp->magic == TTP_MAGIC, return NULL;); 382 IRDA_ASSERT(irttp->magic == TTP_MAGIC, return NULL;);
387 383
388 /* The IrLMP spec (IrLMP 1.1 p10) says that we have the right to 384 /* The IrLMP spec (IrLMP 1.1 p10) says that we have the right to
@@ -1880,8 +1876,6 @@ static int irttp_seq_open(struct inode *inode, struct file *file)
1880 struct seq_file *seq; 1876 struct seq_file *seq;
1881 int rc = -ENOMEM; 1877 int rc = -ENOMEM;
1882 struct irttp_iter_state *s; 1878 struct irttp_iter_state *s;
1883
1884 IRDA_ASSERT(irttp != NULL, return -EINVAL;);
1885 1879
1886 s = kmalloc(sizeof(*s), GFP_KERNEL); 1880 s = kmalloc(sizeof(*s), GFP_KERNEL);
1887 if (!s) 1881 if (!s)
diff --git a/net/llc/Makefile b/net/llc/Makefile
index 5ebd4ed2bd42..4e260cff3c5d 100644
--- a/net/llc/Makefile
+++ b/net/llc/Makefile
@@ -22,3 +22,4 @@ llc2-y := llc_if.o llc_c_ev.o llc_c_ac.o llc_conn.o llc_c_st.o llc_pdu.o \
22 llc_sap.o llc_s_ac.o llc_s_ev.o llc_s_st.o af_llc.o llc_station.o 22 llc_sap.o llc_s_ac.o llc_s_ev.o llc_s_st.o af_llc.o llc_station.o
23 23
24llc2-$(CONFIG_PROC_FS) += llc_proc.o 24llc2-$(CONFIG_PROC_FS) += llc_proc.o
25llc2-$(CONFIG_SYSCTL) += sysctl_net_llc.o
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 66f55e514b56..59d02cbbeb9e 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -21,6 +21,7 @@
21 * See the GNU General Public License for more details. 21 * See the GNU General Public License for more details.
22 */ 22 */
23#include <linux/config.h> 23#include <linux/config.h>
24#include <linux/compiler.h>
24#include <linux/kernel.h> 25#include <linux/kernel.h>
25#include <linux/module.h> 26#include <linux/module.h>
26#include <linux/rtnetlink.h> 27#include <linux/rtnetlink.h>
@@ -37,10 +38,9 @@ static u16 llc_ui_sap_link_no_max[256];
37static struct sockaddr_llc llc_ui_addrnull; 38static struct sockaddr_llc llc_ui_addrnull;
38static struct proto_ops llc_ui_ops; 39static struct proto_ops llc_ui_ops;
39 40
40static int llc_ui_wait_for_conn(struct sock *sk, int timeout); 41static int llc_ui_wait_for_conn(struct sock *sk, long timeout);
41static int llc_ui_wait_for_disc(struct sock *sk, int timeout); 42static int llc_ui_wait_for_disc(struct sock *sk, long timeout);
42static int llc_ui_wait_for_data(struct sock *sk, int timeout); 43static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout);
43static int llc_ui_wait_for_busy_core(struct sock *sk, int timeout);
44 44
45#if 0 45#if 0
46#define dprintk(args...) printk(KERN_DEBUG args) 46#define dprintk(args...) printk(KERN_DEBUG args)
@@ -116,12 +116,12 @@ static int llc_ui_send_data(struct sock* sk, struct sk_buff *skb, int noblock)
116 struct llc_sock* llc = llc_sk(sk); 116 struct llc_sock* llc = llc_sk(sk);
117 int rc = 0; 117 int rc = 0;
118 118
119 if (llc_data_accept_state(llc->state) || llc->p_flag) { 119 if (unlikely(llc_data_accept_state(llc->state) || llc->p_flag)) {
120 int timeout = sock_sndtimeo(sk, noblock); 120 long timeout = sock_sndtimeo(sk, noblock);
121 121
122 rc = llc_ui_wait_for_busy_core(sk, timeout); 122 rc = llc_ui_wait_for_busy_core(sk, timeout);
123 } 123 }
124 if (!rc) 124 if (unlikely(!rc))
125 rc = llc_build_and_send_pkt(sk, skb); 125 rc = llc_build_and_send_pkt(sk, skb);
126 return rc; 126 return rc;
127} 127}
@@ -155,7 +155,7 @@ static int llc_ui_create(struct socket *sock, int protocol)
155 struct sock *sk; 155 struct sock *sk;
156 int rc = -ESOCKTNOSUPPORT; 156 int rc = -ESOCKTNOSUPPORT;
157 157
158 if (sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM) { 158 if (likely(sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM)) {
159 rc = -ENOMEM; 159 rc = -ENOMEM;
160 sk = llc_sk_alloc(PF_LLC, GFP_KERNEL, &llc_proto); 160 sk = llc_sk_alloc(PF_LLC, GFP_KERNEL, &llc_proto);
161 if (sk) { 161 if (sk) {
@@ -177,7 +177,7 @@ static int llc_ui_release(struct socket *sock)
177 struct sock *sk = sock->sk; 177 struct sock *sk = sock->sk;
178 struct llc_sock *llc; 178 struct llc_sock *llc;
179 179
180 if (!sk) 180 if (unlikely(sk == NULL))
181 goto out; 181 goto out;
182 sock_hold(sk); 182 sock_hold(sk);
183 lock_sock(sk); 183 lock_sock(sk);
@@ -189,10 +189,6 @@ static int llc_ui_release(struct socket *sock)
189 if (!sock_flag(sk, SOCK_ZAPPED)) 189 if (!sock_flag(sk, SOCK_ZAPPED))
190 llc_sap_remove_socket(llc->sap, sk); 190 llc_sap_remove_socket(llc->sap, sk);
191 release_sock(sk); 191 release_sock(sk);
192 if (llc->sap && hlist_empty(&llc->sap->sk_list.list)) {
193 llc_release_sockets(llc->sap);
194 llc_sap_close(llc->sap);
195 }
196 if (llc->dev) 192 if (llc->dev)
197 dev_put(llc->dev); 193 dev_put(llc->dev);
198 sock_put(sk); 194 sock_put(sk);
@@ -221,6 +217,7 @@ static int llc_ui_autoport(void)
221 llc_ui_sap_last_autoport = i + 2; 217 llc_ui_sap_last_autoport = i + 2;
222 goto out; 218 goto out;
223 } 219 }
220 llc_sap_put(sap);
224 } 221 }
225 llc_ui_sap_last_autoport = LLC_SAP_DYN_START; 222 llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
226 tries++; 223 tries++;
@@ -231,20 +228,13 @@ out:
231} 228}
232 229
233/** 230/**
234 * llc_ui_autobind - Bind a socket to a specific address. 231 * llc_ui_autobind - automatically bind a socket to a sap
235 * @sk: Socket to bind an address to. 232 * @sock: socket to bind
236 * @addr: Address the user wants the socket bound to. 233 * @addr: address to connect to
234 *
235 * Used by llc_ui_connect and llc_ui_sendmsg when the user hasn't
236 * specifically used llc_ui_bind to bind to an specific address/sap
237 * 237 *
238 * Bind a socket to a specific address. For llc a user is able to bind to
239 * a specific sap only or mac + sap. If the user only specifies a sap and
240 * a null dmac (all zeros) the user is attempting to bind to an entire
241 * sap. This will stop anyone else on the local system from using that
242 * sap. If someone else has a mac + sap open the bind to null + sap will
243 * fail.
244 * If the user desires to bind to a specific mac + sap, it is possible to
245 * have multiple sap connections via multiple macs.
246 * Bind and autobind for that matter must enforce the correct sap usage
247 * otherwise all hell will break loose.
248 * Returns: 0 upon success, negative otherwise. 238 * Returns: 0 upon success, negative otherwise.
249 */ 239 */
250static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) 240static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
@@ -285,11 +275,7 @@ out:
285 * @addrlen: Length of the uaddr structure. 275 * @addrlen: Length of the uaddr structure.
286 * 276 *
287 * Bind a socket to a specific address. For llc a user is able to bind to 277 * Bind a socket to a specific address. For llc a user is able to bind to
288 * a specific sap only or mac + sap. If the user only specifies a sap and 278 * a specific sap only or mac + sap.
289 * a null dmac (all zeros) the user is attempting to bind to an entire
290 * sap. This will stop anyone else on the local system from using that
291 * sap. If someone else has a mac + sap open the bind to null + sap will
292 * fail.
293 * If the user desires to bind to a specific mac + sap, it is possible to 279 * If the user desires to bind to a specific mac + sap, it is possible to
294 * have multiple sap connections via multiple macs. 280 * have multiple sap connections via multiple macs.
295 * Bind and autobind for that matter must enforce the correct sap usage 281 * Bind and autobind for that matter must enforce the correct sap usage
@@ -305,10 +291,16 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
305 int rc = -EINVAL; 291 int rc = -EINVAL;
306 292
307 dprintk("%s: binding %02X\n", __FUNCTION__, addr->sllc_sap); 293 dprintk("%s: binding %02X\n", __FUNCTION__, addr->sllc_sap);
308 if (!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr)) 294 if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr)))
309 goto out; 295 goto out;
310 rc = -EAFNOSUPPORT; 296 rc = -EAFNOSUPPORT;
311 if (addr->sllc_family != AF_LLC) 297 if (unlikely(addr->sllc_family != AF_LLC))
298 goto out;
299 rc = -ENODEV;
300 rtnl_lock();
301 llc->dev = dev_getbyhwaddr(addr->sllc_arphrd, addr->sllc_mac);
302 rtnl_unlock();
303 if (!llc->dev)
312 goto out; 304 goto out;
313 if (!addr->sllc_sap) { 305 if (!addr->sllc_sap) {
314 rc = -EUSERS; 306 rc = -EUSERS;
@@ -322,6 +314,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
322 rc = -EBUSY; /* some other network layer is using the sap */ 314 rc = -EBUSY; /* some other network layer is using the sap */
323 if (!sap) 315 if (!sap)
324 goto out; 316 goto out;
317 llc_sap_hold(sap);
325 } else { 318 } else {
326 struct llc_addr laddr, daddr; 319 struct llc_addr laddr, daddr;
327 struct sock *ask; 320 struct sock *ask;
@@ -338,7 +331,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
338 ask = llc_lookup_established(sap, &daddr, &laddr); 331 ask = llc_lookup_established(sap, &daddr, &laddr);
339 if (ask) { 332 if (ask) {
340 sock_put(ask); 333 sock_put(ask);
341 goto out; 334 goto out_put;
342 } 335 }
343 } 336 }
344 llc->laddr.lsap = addr->sllc_sap; 337 llc->laddr.lsap = addr->sllc_sap;
@@ -348,6 +341,8 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
348 llc_sap_add_socket(sap, sk); 341 llc_sap_add_socket(sap, sk);
349 sock_reset_flag(sk, SOCK_ZAPPED); 342 sock_reset_flag(sk, SOCK_ZAPPED);
350 rc = 0; 343 rc = 0;
344out_put:
345 llc_sap_put(sap);
351out: 346out:
352 return rc; 347 return rc;
353} 348}
@@ -369,7 +364,7 @@ static int llc_ui_shutdown(struct socket *sock, int how)
369 int rc = -ENOTCONN; 364 int rc = -ENOTCONN;
370 365
371 lock_sock(sk); 366 lock_sock(sk);
372 if (sk->sk_state != TCP_ESTABLISHED) 367 if (unlikely(sk->sk_state != TCP_ESTABLISHED))
373 goto out; 368 goto out;
374 rc = -EINVAL; 369 rc = -EINVAL;
375 if (how != 2) 370 if (how != 2)
@@ -404,14 +399,18 @@ static int llc_ui_connect(struct socket *sock, struct sockaddr *uaddr,
404 struct sock *sk = sock->sk; 399 struct sock *sk = sock->sk;
405 struct llc_sock *llc = llc_sk(sk); 400 struct llc_sock *llc = llc_sk(sk);
406 struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr; 401 struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr;
407 struct net_device *dev;
408 int rc = -EINVAL; 402 int rc = -EINVAL;
409 403
410 lock_sock(sk); 404 lock_sock(sk);
411 if (addrlen != sizeof(*addr)) 405 if (unlikely(addrlen != sizeof(*addr)))
412 goto out; 406 goto out;
413 rc = -EAFNOSUPPORT; 407 rc = -EAFNOSUPPORT;
414 if (addr->sllc_family != AF_LLC) 408 if (unlikely(addr->sllc_family != AF_LLC))
409 goto out;
410 if (unlikely(sk->sk_type != SOCK_STREAM))
411 goto out;
412 rc = -EALREADY;
413 if (unlikely(sock->state == SS_CONNECTING))
415 goto out; 414 goto out;
416 /* bind connection to sap if user hasn't done it. */ 415 /* bind connection to sap if user hasn't done it. */
417 if (sock_flag(sk, SOCK_ZAPPED)) { 416 if (sock_flag(sk, SOCK_ZAPPED)) {
@@ -419,19 +418,13 @@ static int llc_ui_connect(struct socket *sock, struct sockaddr *uaddr,
419 rc = llc_ui_autobind(sock, addr); 418 rc = llc_ui_autobind(sock, addr);
420 if (rc) 419 if (rc)
421 goto out; 420 goto out;
422 llc->daddr.lsap = addr->sllc_sap;
423 memcpy(llc->daddr.mac, addr->sllc_mac, IFHWADDRLEN);
424 } 421 }
425 dev = llc->dev; 422 llc->daddr.lsap = addr->sllc_sap;
426 if (sk->sk_type != SOCK_STREAM) 423 memcpy(llc->daddr.mac, addr->sllc_mac, IFHWADDRLEN);
427 goto out;
428 rc = -EALREADY;
429 if (sock->state == SS_CONNECTING)
430 goto out;
431 sock->state = SS_CONNECTING; 424 sock->state = SS_CONNECTING;
432 sk->sk_state = TCP_SYN_SENT; 425 sk->sk_state = TCP_SYN_SENT;
433 llc->link = llc_ui_next_link_no(llc->sap->laddr.lsap); 426 llc->link = llc_ui_next_link_no(llc->sap->laddr.lsap);
434 rc = llc_establish_connection(sk, dev->dev_addr, 427 rc = llc_establish_connection(sk, llc->dev->dev_addr,
435 addr->sllc_mac, addr->sllc_sap); 428 addr->sllc_mac, addr->sllc_sap);
436 if (rc) { 429 if (rc) {
437 dprintk("%s: llc_ui_send_conn failed :-(\n", __FUNCTION__); 430 dprintk("%s: llc_ui_send_conn failed :-(\n", __FUNCTION__);
@@ -439,12 +432,30 @@ static int llc_ui_connect(struct socket *sock, struct sockaddr *uaddr,
439 sk->sk_state = TCP_CLOSE; 432 sk->sk_state = TCP_CLOSE;
440 goto out; 433 goto out;
441 } 434 }
442 rc = llc_ui_wait_for_conn(sk, sk->sk_rcvtimeo); 435
443 if (rc) 436 if (sk->sk_state == TCP_SYN_SENT) {
444 dprintk("%s: llc_ui_wait_for_conn failed=%d\n", __FUNCTION__, rc); 437 const long timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
438
439 if (!timeo || !llc_ui_wait_for_conn(sk, timeo))
440 goto out;
441
442 rc = sock_intr_errno(timeo);
443 if (signal_pending(current))
444 goto out;
445 }
446
447 if (sk->sk_state == TCP_CLOSE)
448 goto sock_error;
449
450 sock->state = SS_CONNECTED;
451 rc = 0;
445out: 452out:
446 release_sock(sk); 453 release_sock(sk);
447 return rc; 454 return rc;
455sock_error:
456 rc = sock_error(sk) ? : -ECONNABORTED;
457 sock->state = SS_UNCONNECTED;
458 goto out;
448} 459}
449 460
450/** 461/**
@@ -461,10 +472,10 @@ static int llc_ui_listen(struct socket *sock, int backlog)
461 int rc = -EINVAL; 472 int rc = -EINVAL;
462 473
463 lock_sock(sk); 474 lock_sock(sk);
464 if (sock->state != SS_UNCONNECTED) 475 if (unlikely(sock->state != SS_UNCONNECTED))
465 goto out; 476 goto out;
466 rc = -EOPNOTSUPP; 477 rc = -EOPNOTSUPP;
467 if (sk->sk_type != SOCK_STREAM) 478 if (unlikely(sk->sk_type != SOCK_STREAM))
468 goto out; 479 goto out;
469 rc = -EAGAIN; 480 rc = -EAGAIN;
470 if (sock_flag(sk, SOCK_ZAPPED)) 481 if (sock_flag(sk, SOCK_ZAPPED))
@@ -483,20 +494,14 @@ out:
483 return rc; 494 return rc;
484} 495}
485 496
486static int llc_ui_wait_for_disc(struct sock *sk, int timeout) 497static int llc_ui_wait_for_disc(struct sock *sk, long timeout)
487{ 498{
488 DECLARE_WAITQUEUE(wait, current); 499 DEFINE_WAIT(wait);
489 int rc; 500 int rc = 0;
490 501
491 add_wait_queue_exclusive(sk->sk_sleep, &wait); 502 while (1) {
492 for (;;) { 503 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
493 __set_current_state(TASK_INTERRUPTIBLE); 504 if (sk_wait_event(sk, &timeout, sk->sk_state == TCP_CLOSE))
494 rc = 0;
495 if (sk->sk_state != TCP_CLOSE) {
496 release_sock(sk);
497 timeout = schedule_timeout(timeout);
498 lock_sock(sk);
499 } else
500 break; 505 break;
501 rc = -ERESTARTSYS; 506 rc = -ERESTARTSYS;
502 if (signal_pending(current)) 507 if (signal_pending(current))
@@ -504,65 +509,40 @@ static int llc_ui_wait_for_disc(struct sock *sk, int timeout)
504 rc = -EAGAIN; 509 rc = -EAGAIN;
505 if (!timeout) 510 if (!timeout)
506 break; 511 break;
512 rc = 0;
507 } 513 }
508 __set_current_state(TASK_RUNNING); 514 finish_wait(sk->sk_sleep, &wait);
509 remove_wait_queue(sk->sk_sleep, &wait);
510 return rc; 515 return rc;
511} 516}
512 517
513static int llc_ui_wait_for_conn(struct sock *sk, int timeout) 518static int llc_ui_wait_for_conn(struct sock *sk, long timeout)
514{ 519{
515 DECLARE_WAITQUEUE(wait, current); 520 DEFINE_WAIT(wait);
516 int rc;
517 521
518 add_wait_queue_exclusive(sk->sk_sleep, &wait); 522 while (1) {
519 for (;;) { 523 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
520 __set_current_state(TASK_INTERRUPTIBLE); 524 if (sk_wait_event(sk, &timeout, sk->sk_state != TCP_SYN_SENT))
521 rc = -EAGAIN;
522 if (sk->sk_state == TCP_CLOSE)
523 break;
524 rc = 0;
525 if (sk->sk_state != TCP_ESTABLISHED) {
526 release_sock(sk);
527 timeout = schedule_timeout(timeout);
528 lock_sock(sk);
529 } else
530 break; 525 break;
531 rc = -ERESTARTSYS; 526 if (signal_pending(current) || !timeout)
532 if (signal_pending(current))
533 break;
534 rc = -EAGAIN;
535 if (!timeout)
536 break; 527 break;
537 } 528 }
538 __set_current_state(TASK_RUNNING); 529 finish_wait(sk->sk_sleep, &wait);
539 remove_wait_queue(sk->sk_sleep, &wait); 530 return timeout;
540 return rc;
541} 531}
542 532
543static int llc_ui_wait_for_data(struct sock *sk, int timeout) 533static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout)
544{ 534{
545 DECLARE_WAITQUEUE(wait, current); 535 DEFINE_WAIT(wait);
546 int rc = 0; 536 struct llc_sock *llc = llc_sk(sk);
537 int rc;
547 538
548 add_wait_queue_exclusive(sk->sk_sleep, &wait); 539 while (1) {
549 for (;;) { 540 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
550 __set_current_state(TASK_INTERRUPTIBLE);
551 if (sk->sk_shutdown & RCV_SHUTDOWN)
552 break;
553 /*
554 * Well, if we have backlog, try to process it now.
555 */
556 if (sk->sk_backlog.tail) {
557 release_sock(sk);
558 lock_sock(sk);
559 }
560 rc = 0; 541 rc = 0;
561 if (skb_queue_empty(&sk->sk_receive_queue)) { 542 if (sk_wait_event(sk, &timeout,
562 release_sock(sk); 543 (sk->sk_shutdown & RCV_SHUTDOWN) ||
563 timeout = schedule_timeout(timeout); 544 (!llc_data_accept_state(llc->state) &&
564 lock_sock(sk); 545 !llc->p_flag)))
565 } else
566 break; 546 break;
567 rc = -ERESTARTSYS; 547 rc = -ERESTARTSYS;
568 if (signal_pending(current)) 548 if (signal_pending(current))
@@ -571,40 +551,35 @@ static int llc_ui_wait_for_data(struct sock *sk, int timeout)
571 if (!timeout) 551 if (!timeout)
572 break; 552 break;
573 } 553 }
574 __set_current_state(TASK_RUNNING); 554 finish_wait(sk->sk_sleep, &wait);
575 remove_wait_queue(sk->sk_sleep, &wait);
576 return rc; 555 return rc;
577} 556}
578 557
579static int llc_ui_wait_for_busy_core(struct sock *sk, int timeout) 558static int llc_wait_data(struct sock *sk, long timeo)
580{ 559{
581 DECLARE_WAITQUEUE(wait, current);
582 struct llc_sock *llc = llc_sk(sk);
583 int rc; 560 int rc;
584 561
585 add_wait_queue_exclusive(sk->sk_sleep, &wait); 562 while (1) {
586 for (;;) { 563 /*
587 dprintk("%s: looping...\n", __FUNCTION__); 564 * POSIX 1003.1g mandates this order.
588 __set_current_state(TASK_INTERRUPTIBLE); 565 */
589 rc = -ENOTCONN; 566 if (sk->sk_err) {
590 if (sk->sk_shutdown & RCV_SHUTDOWN) 567 rc = sock_error(sk);
591 break; 568 break;
569 }
592 rc = 0; 570 rc = 0;
593 if (llc_data_accept_state(llc->state) || llc->p_flag) { 571 if (sk->sk_shutdown & RCV_SHUTDOWN)
594 release_sock(sk);
595 timeout = schedule_timeout(timeout);
596 lock_sock(sk);
597 } else
598 break; 572 break;
599 rc = -ERESTARTSYS; 573 rc = -EAGAIN;
574 if (!timeo)
575 break;
576 rc = sock_intr_errno(timeo);
600 if (signal_pending(current)) 577 if (signal_pending(current))
601 break; 578 break;
602 rc = -EAGAIN; 579 rc = 0;
603 if (!timeout) 580 if (sk_wait_data(sk, &timeo))
604 break; 581 break;
605 } 582 }
606 __set_current_state(TASK_RUNNING);
607 remove_wait_queue(sk->sk_sleep, &wait);
608 return rc; 583 return rc;
609} 584}
610 585
@@ -627,15 +602,18 @@ static int llc_ui_accept(struct socket *sock, struct socket *newsock, int flags)
627 dprintk("%s: accepting on %02X\n", __FUNCTION__, 602 dprintk("%s: accepting on %02X\n", __FUNCTION__,
628 llc_sk(sk)->laddr.lsap); 603 llc_sk(sk)->laddr.lsap);
629 lock_sock(sk); 604 lock_sock(sk);
630 if (sk->sk_type != SOCK_STREAM) 605 if (unlikely(sk->sk_type != SOCK_STREAM))
631 goto out; 606 goto out;
632 rc = -EINVAL; 607 rc = -EINVAL;
633 if (sock->state != SS_UNCONNECTED || sk->sk_state != TCP_LISTEN) 608 if (unlikely(sock->state != SS_UNCONNECTED ||
609 sk->sk_state != TCP_LISTEN))
634 goto out; 610 goto out;
635 /* wait for a connection to arrive. */ 611 /* wait for a connection to arrive. */
636 rc = llc_ui_wait_for_data(sk, sk->sk_rcvtimeo); 612 if (skb_queue_empty(&sk->sk_receive_queue)) {
637 if (rc) 613 rc = llc_wait_data(sk, sk->sk_rcvtimeo);
638 goto out; 614 if (rc)
615 goto out;
616 }
639 dprintk("%s: got a new connection on %02X\n", __FUNCTION__, 617 dprintk("%s: got a new connection on %02X\n", __FUNCTION__,
640 llc_sk(sk)->laddr.lsap); 618 llc_sk(sk)->laddr.lsap);
641 skb = skb_dequeue(&sk->sk_receive_queue); 619 skb = skb_dequeue(&sk->sk_receive_queue);
@@ -657,7 +635,6 @@ static int llc_ui_accept(struct socket *sock, struct socket *newsock, int flags)
657 /* put original socket back into a clean listen state. */ 635 /* put original socket back into a clean listen state. */
658 sk->sk_state = TCP_LISTEN; 636 sk->sk_state = TCP_LISTEN;
659 sk->sk_ack_backlog--; 637 sk->sk_ack_backlog--;
660 skb->sk = NULL;
661 dprintk("%s: ok success on %02X, client on %02X\n", __FUNCTION__, 638 dprintk("%s: ok success on %02X, client on %02X\n", __FUNCTION__,
662 llc_sk(sk)->addr.sllc_sap, newllc->daddr.lsap); 639 llc_sk(sk)->addr.sllc_sap, newllc->daddr.lsap);
663frees: 640frees:
@@ -671,56 +648,167 @@ out:
671 * llc_ui_recvmsg - copy received data to the socket user. 648 * llc_ui_recvmsg - copy received data to the socket user.
672 * @sock: Socket to copy data from. 649 * @sock: Socket to copy data from.
673 * @msg: Various user space related information. 650 * @msg: Various user space related information.
674 * @size: Size of user buffer. 651 * @len: Size of user buffer.
675 * @flags: User specified flags. 652 * @flags: User specified flags.
676 * 653 *
677 * Copy received data to the socket user. 654 * Copy received data to the socket user.
678 * Returns non-negative upon success, negative otherwise. 655 * Returns non-negative upon success, negative otherwise.
679 */ 656 */
680static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, 657static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
681 struct msghdr *msg, size_t size, int flags) 658 struct msghdr *msg, size_t len, int flags)
682{ 659{
683 struct sock *sk = sock->sk;
684 struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name; 660 struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name;
685 struct sk_buff *skb; 661 const int nonblock = flags & MSG_DONTWAIT;
662 struct sk_buff *skb = NULL;
663 struct sock *sk = sock->sk;
664 struct llc_sock *llc = llc_sk(sk);
686 size_t copied = 0; 665 size_t copied = 0;
687 int rc = -ENOMEM, timeout; 666 u32 peek_seq = 0;
688 int noblock = flags & MSG_DONTWAIT; 667 u32 *seq;
668 unsigned long used;
669 int target; /* Read at least this many bytes */
670 long timeo;
689 671
690 dprintk("%s: receiving in %02X from %02X\n", __FUNCTION__,
691 llc_sk(sk)->laddr.lsap, llc_sk(sk)->daddr.lsap);
692 lock_sock(sk); 672 lock_sock(sk);
693 timeout = sock_rcvtimeo(sk, noblock); 673 copied = -ENOTCONN;
694 rc = llc_ui_wait_for_data(sk, timeout); 674 if (sk->sk_state == TCP_LISTEN)
695 if (rc) {
696 dprintk("%s: llc_ui_wait_for_data failed recv "
697 "in %02X from %02X\n", __FUNCTION__,
698 llc_sk(sk)->laddr.lsap, llc_sk(sk)->daddr.lsap);
699 goto out; 675 goto out;
700 } 676
701 skb = skb_dequeue(&sk->sk_receive_queue); 677 timeo = sock_rcvtimeo(sk, nonblock);
702 if (!skb) /* shutdown */ 678
703 goto out; 679 seq = &llc->copied_seq;
704 copied = skb->len; 680 if (flags & MSG_PEEK) {
705 if (copied > size) 681 peek_seq = llc->copied_seq;
706 copied = size; 682 seq = &peek_seq;
707 rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 683 }
708 if (rc) 684
709 goto dgram_free; 685 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
710 if (skb->len > copied) { 686 copied = 0;
711 skb_pull(skb, copied); 687
712 skb_queue_head(&sk->sk_receive_queue, skb); 688 do {
713 } 689 u32 offset;
714 if (uaddr) 690
715 memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr)); 691 /*
716 msg->msg_namelen = sizeof(*uaddr); 692 * We need to check signals first, to get correct SIGURG
717 if (!skb->next) { 693 * handling. FIXME: Need to check this doesn't impact 1003.1g
718dgram_free: 694 * and move it down to the bottom of the loop
719 kfree_skb(skb); 695 */
720 } 696 if (signal_pending(current)) {
697 if (copied)
698 break;
699 copied = timeo ? sock_intr_errno(timeo) : -EAGAIN;
700 break;
701 }
702
703 /* Next get a buffer. */
704
705 skb = skb_peek(&sk->sk_receive_queue);
706 if (skb) {
707 offset = *seq;
708 goto found_ok_skb;
709 }
710 /* Well, if we have backlog, try to process it now yet. */
711
712 if (copied >= target && !sk->sk_backlog.tail)
713 break;
714
715 if (copied) {
716 if (sk->sk_err ||
717 sk->sk_state == TCP_CLOSE ||
718 (sk->sk_shutdown & RCV_SHUTDOWN) ||
719 !timeo ||
720 (flags & MSG_PEEK))
721 break;
722 } else {
723 if (sock_flag(sk, SOCK_DONE))
724 break;
725
726 if (sk->sk_err) {
727 copied = sock_error(sk);
728 break;
729 }
730 if (sk->sk_shutdown & RCV_SHUTDOWN)
731 break;
732
733 if (sk->sk_state == TCP_CLOSE) {
734 if (!sock_flag(sk, SOCK_DONE)) {
735 /*
736 * This occurs when user tries to read
737 * from never connected socket.
738 */
739 copied = -ENOTCONN;
740 break;
741 }
742 break;
743 }
744 if (!timeo) {
745 copied = -EAGAIN;
746 break;
747 }
748 }
749
750 if (copied >= target) { /* Do not sleep, just process backlog. */
751 release_sock(sk);
752 lock_sock(sk);
753 } else
754 sk_wait_data(sk, &timeo);
755
756 if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) {
757 if (net_ratelimit())
758 printk(KERN_DEBUG "LLC(%s:%d): Application "
759 "bug, race in MSG_PEEK.\n",
760 current->comm, current->pid);
761 peek_seq = llc->copied_seq;
762 }
763 continue;
764 found_ok_skb:
765 /* Ok so how much can we use? */
766 used = skb->len - offset;
767 if (len < used)
768 used = len;
769
770 if (!(flags & MSG_TRUNC)) {
771 int rc = skb_copy_datagram_iovec(skb, offset,
772 msg->msg_iov, used);
773 if (rc) {
774 /* Exception. Bailout! */
775 if (!copied)
776 copied = -EFAULT;
777 break;
778 }
779 }
780
781 *seq += used;
782 copied += used;
783 len -= used;
784
785 if (used + offset < skb->len)
786 continue;
787
788 if (!(flags & MSG_PEEK)) {
789 sk_eat_skb(sk, skb);
790 *seq = 0;
791 }
792 } while (len > 0);
793
794 /*
795 * According to UNIX98, msg_name/msg_namelen are ignored
796 * on connected socket. -ANK
797 * But... af_llc still doesn't have separate sets of methods for
798 * SOCK_DGRAM and SOCK_STREAM :-( So we have to do this test, will
799 * eventually fix this tho :-) -acme
800 */
801 if (sk->sk_type == SOCK_DGRAM)
802 goto copy_uaddr;
721out: 803out:
722 release_sock(sk); 804 release_sock(sk);
723 return rc ? : copied; 805 return copied;
806copy_uaddr:
807 if (uaddr != NULL && skb != NULL) {
808 memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr));
809 msg->msg_namelen = sizeof(*uaddr);
810 }
811 goto out;
724} 812}
725 813
726/** 814/**
@@ -740,7 +828,6 @@ static int llc_ui_sendmsg(struct kiocb *iocb, struct socket *sock,
740 struct sockaddr_llc *addr = (struct sockaddr_llc *)msg->msg_name; 828 struct sockaddr_llc *addr = (struct sockaddr_llc *)msg->msg_name;
741 int flags = msg->msg_flags; 829 int flags = msg->msg_flags;
742 int noblock = flags & MSG_DONTWAIT; 830 int noblock = flags & MSG_DONTWAIT;
743 struct net_device *dev;
744 struct sk_buff *skb; 831 struct sk_buff *skb;
745 size_t size = 0; 832 size_t size = 0;
746 int rc = -EINVAL, copied = 0, hdrlen; 833 int rc = -EINVAL, copied = 0, hdrlen;
@@ -763,19 +850,17 @@ static int llc_ui_sendmsg(struct kiocb *iocb, struct socket *sock,
763 if (rc) 850 if (rc)
764 goto release; 851 goto release;
765 } 852 }
766 dev = llc->dev; 853 hdrlen = llc->dev->hard_header_len + llc_ui_header_len(sk, addr);
767 hdrlen = dev->hard_header_len + llc_ui_header_len(sk, addr);
768 size = hdrlen + len; 854 size = hdrlen + len;
769 if (size > dev->mtu) 855 if (size > llc->dev->mtu)
770 size = dev->mtu; 856 size = llc->dev->mtu;
771 copied = size - hdrlen; 857 copied = size - hdrlen;
772 release_sock(sk); 858 release_sock(sk);
773 skb = sock_alloc_send_skb(sk, size, noblock, &rc); 859 skb = sock_alloc_send_skb(sk, size, noblock, &rc);
774 lock_sock(sk); 860 lock_sock(sk);
775 if (!skb) 861 if (!skb)
776 goto release; 862 goto release;
777 skb->sk = sk; 863 skb->dev = llc->dev;
778 skb->dev = dev;
779 skb->protocol = llc_proto_type(addr->sllc_arphrd); 864 skb->protocol = llc_proto_type(addr->sllc_arphrd);
780 skb_reserve(skb, hdrlen); 865 skb_reserve(skb, hdrlen);
781 rc = memcpy_fromiovec(skb_put(skb, copied), msg->msg_iov, copied); 866 rc = memcpy_fromiovec(skb_put(skb, copied), msg->msg_iov, copied);
@@ -800,15 +885,13 @@ static int llc_ui_sendmsg(struct kiocb *iocb, struct socket *sock,
800 if (!(sk->sk_type == SOCK_STREAM && !addr->sllc_ua)) 885 if (!(sk->sk_type == SOCK_STREAM && !addr->sllc_ua))
801 goto out; 886 goto out;
802 rc = llc_ui_send_data(sk, skb, noblock); 887 rc = llc_ui_send_data(sk, skb, noblock);
803 if (rc)
804 dprintk("%s: llc_ui_send_data failed: %d\n", __FUNCTION__, rc);
805out: 888out:
806 if (rc) 889 if (rc) {
807 kfree_skb(skb); 890 kfree_skb(skb);
808release: 891release:
809 if (rc)
810 dprintk("%s: failed sending from %02X to %02X: %d\n", 892 dprintk("%s: failed sending from %02X to %02X: %d\n",
811 __FUNCTION__, llc->laddr.lsap, llc->daddr.lsap, rc); 893 __FUNCTION__, llc->laddr.lsap, llc->daddr.lsap, rc);
894 }
812 release_sock(sk); 895 release_sock(sk);
813 return rc ? : copied; 896 return rc ? : copied;
814} 897}
@@ -895,7 +978,7 @@ static int llc_ui_setsockopt(struct socket *sock, int level, int optname,
895 int rc = -EINVAL, opt; 978 int rc = -EINVAL, opt;
896 979
897 lock_sock(sk); 980 lock_sock(sk);
898 if (level != SOL_LLC || optlen != sizeof(int)) 981 if (unlikely(level != SOL_LLC || optlen != sizeof(int)))
899 goto out; 982 goto out;
900 rc = get_user(opt, (int __user *)optval); 983 rc = get_user(opt, (int __user *)optval);
901 if (rc) 984 if (rc)
@@ -915,22 +998,22 @@ static int llc_ui_setsockopt(struct socket *sock, int level, int optname,
915 case LLC_OPT_ACK_TMR_EXP: 998 case LLC_OPT_ACK_TMR_EXP:
916 if (opt > LLC_OPT_MAX_ACK_TMR_EXP) 999 if (opt > LLC_OPT_MAX_ACK_TMR_EXP)
917 goto out; 1000 goto out;
918 llc->ack_timer.expire = opt; 1001 llc->ack_timer.expire = opt * HZ;
919 break; 1002 break;
920 case LLC_OPT_P_TMR_EXP: 1003 case LLC_OPT_P_TMR_EXP:
921 if (opt > LLC_OPT_MAX_P_TMR_EXP) 1004 if (opt > LLC_OPT_MAX_P_TMR_EXP)
922 goto out; 1005 goto out;
923 llc->pf_cycle_timer.expire = opt; 1006 llc->pf_cycle_timer.expire = opt * HZ;
924 break; 1007 break;
925 case LLC_OPT_REJ_TMR_EXP: 1008 case LLC_OPT_REJ_TMR_EXP:
926 if (opt > LLC_OPT_MAX_REJ_TMR_EXP) 1009 if (opt > LLC_OPT_MAX_REJ_TMR_EXP)
927 goto out; 1010 goto out;
928 llc->rej_sent_timer.expire = opt; 1011 llc->rej_sent_timer.expire = opt * HZ;
929 break; 1012 break;
930 case LLC_OPT_BUSY_TMR_EXP: 1013 case LLC_OPT_BUSY_TMR_EXP:
931 if (opt > LLC_OPT_MAX_BUSY_TMR_EXP) 1014 if (opt > LLC_OPT_MAX_BUSY_TMR_EXP)
932 goto out; 1015 goto out;
933 llc->busy_state_timer.expire = opt; 1016 llc->busy_state_timer.expire = opt * HZ;
934 break; 1017 break;
935 case LLC_OPT_TX_WIN: 1018 case LLC_OPT_TX_WIN:
936 if (opt > LLC_OPT_MAX_WIN) 1019 if (opt > LLC_OPT_MAX_WIN)
@@ -970,7 +1053,7 @@ static int llc_ui_getsockopt(struct socket *sock, int level, int optname,
970 int val = 0, len = 0, rc = -EINVAL; 1053 int val = 0, len = 0, rc = -EINVAL;
971 1054
972 lock_sock(sk); 1055 lock_sock(sk);
973 if (level != SOL_LLC) 1056 if (unlikely(level != SOL_LLC))
974 goto out; 1057 goto out;
975 rc = get_user(len, optlen); 1058 rc = get_user(len, optlen);
976 if (rc) 1059 if (rc)
@@ -980,17 +1063,17 @@ static int llc_ui_getsockopt(struct socket *sock, int level, int optname,
980 goto out; 1063 goto out;
981 switch (optname) { 1064 switch (optname) {
982 case LLC_OPT_RETRY: 1065 case LLC_OPT_RETRY:
983 val = llc->n2; break; 1066 val = llc->n2; break;
984 case LLC_OPT_SIZE: 1067 case LLC_OPT_SIZE:
985 val = llc->n1; break; 1068 val = llc->n1; break;
986 case LLC_OPT_ACK_TMR_EXP: 1069 case LLC_OPT_ACK_TMR_EXP:
987 val = llc->ack_timer.expire; break; 1070 val = llc->ack_timer.expire / HZ; break;
988 case LLC_OPT_P_TMR_EXP: 1071 case LLC_OPT_P_TMR_EXP:
989 val = llc->pf_cycle_timer.expire; break; 1072 val = llc->pf_cycle_timer.expire / HZ; break;
990 case LLC_OPT_REJ_TMR_EXP: 1073 case LLC_OPT_REJ_TMR_EXP:
991 val = llc->rej_sent_timer.expire; break; 1074 val = llc->rej_sent_timer.expire / HZ; break;
992 case LLC_OPT_BUSY_TMR_EXP: 1075 case LLC_OPT_BUSY_TMR_EXP:
993 val = llc->busy_state_timer.expire; break; 1076 val = llc->busy_state_timer.expire / HZ; break;
994 case LLC_OPT_TX_WIN: 1077 case LLC_OPT_TX_WIN:
995 val = llc->k; break; 1078 val = llc->k; break;
996 case LLC_OPT_RX_WIN: 1079 case LLC_OPT_RX_WIN:
@@ -1034,8 +1117,12 @@ static struct proto_ops llc_ui_ops = {
1034 .sendpage = sock_no_sendpage, 1117 .sendpage = sock_no_sendpage,
1035}; 1118};
1036 1119
1037extern void llc_sap_handler(struct llc_sap *sap, struct sk_buff *skb); 1120static char llc_proc_err_msg[] __initdata =
1038extern void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb); 1121 KERN_CRIT "LLC: Unable to register the proc_fs entries\n";
1122static char llc_sysctl_err_msg[] __initdata =
1123 KERN_CRIT "LLC: Unable to register the sysctl entries\n";
1124static char llc_sock_err_msg[] __initdata =
1125 KERN_CRIT "LLC: Unable to register the network family\n";
1039 1126
1040static int __init llc2_init(void) 1127static int __init llc2_init(void)
1041{ 1128{
@@ -1048,13 +1135,28 @@ static int __init llc2_init(void)
1048 llc_station_init(); 1135 llc_station_init();
1049 llc_ui_sap_last_autoport = LLC_SAP_DYN_START; 1136 llc_ui_sap_last_autoport = LLC_SAP_DYN_START;
1050 rc = llc_proc_init(); 1137 rc = llc_proc_init();
1051 if (rc != 0) 1138 if (rc != 0) {
1139 printk(llc_proc_err_msg);
1052 goto out_unregister_llc_proto; 1140 goto out_unregister_llc_proto;
1053 sock_register(&llc_ui_family_ops); 1141 }
1142 rc = llc_sysctl_init();
1143 if (rc) {
1144 printk(llc_sysctl_err_msg);
1145 goto out_proc;
1146 }
1147 rc = sock_register(&llc_ui_family_ops);
1148 if (rc) {
1149 printk(llc_sock_err_msg);
1150 goto out_sysctl;
1151 }
1054 llc_add_pack(LLC_DEST_SAP, llc_sap_handler); 1152 llc_add_pack(LLC_DEST_SAP, llc_sap_handler);
1055 llc_add_pack(LLC_DEST_CONN, llc_conn_handler); 1153 llc_add_pack(LLC_DEST_CONN, llc_conn_handler);
1056out: 1154out:
1057 return rc; 1155 return rc;
1156out_sysctl:
1157 llc_sysctl_exit();
1158out_proc:
1159 llc_proc_exit();
1058out_unregister_llc_proto: 1160out_unregister_llc_proto:
1059 proto_unregister(&llc_proto); 1161 proto_unregister(&llc_proto);
1060 goto out; 1162 goto out;
@@ -1067,6 +1169,7 @@ static void __exit llc2_exit(void)
1067 llc_remove_pack(LLC_DEST_CONN); 1169 llc_remove_pack(LLC_DEST_CONN);
1068 sock_unregister(PF_LLC); 1170 sock_unregister(PF_LLC);
1069 llc_proc_exit(); 1171 llc_proc_exit();
1172 llc_sysctl_exit();
1070 proto_unregister(&llc_proto); 1173 proto_unregister(&llc_proto);
1071} 1174}
1072 1175
diff --git a/net/llc/llc_c_ac.c b/net/llc/llc_c_ac.c
index b218be4c10ec..b0bcfb1f12dd 100644
--- a/net/llc/llc_c_ac.c
+++ b/net/llc/llc_c_ac.c
@@ -60,23 +60,10 @@ int llc_conn_ac_clear_remote_busy(struct sock *sk, struct sk_buff *skb)
60 60
61int llc_conn_ac_conn_ind(struct sock *sk, struct sk_buff *skb) 61int llc_conn_ac_conn_ind(struct sock *sk, struct sk_buff *skb)
62{ 62{
63 int rc = -ENOTCONN; 63 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
64 u8 dsap;
65 struct llc_sap *sap;
66
67 llc_pdu_decode_dsap(skb, &dsap);
68 sap = llc_sap_find(dsap);
69 if (sap) {
70 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
71 struct llc_sock *llc = llc_sk(sk);
72 64
73 llc_pdu_decode_sa(skb, llc->daddr.mac); 65 ev->ind_prim = LLC_CONN_PRIM;
74 llc_pdu_decode_da(skb, llc->laddr.mac); 66 return 0;
75 llc->dev = skb->dev;
76 ev->ind_prim = LLC_CONN_PRIM;
77 rc = 0;
78 }
79 return rc;
80} 67}
81 68
82int llc_conn_ac_conn_confirm(struct sock *sk, struct sk_buff *skb) 69int llc_conn_ac_conn_confirm(struct sock *sk, struct sk_buff *skb)
@@ -120,10 +107,8 @@ int llc_conn_ac_disc_ind(struct sock *sk, struct sk_buff *skb)
120 reason = LLC_DISC_REASON_RX_DISC_CMD_PDU; 107 reason = LLC_DISC_REASON_RX_DISC_CMD_PDU;
121 } else if (ev->type == LLC_CONN_EV_TYPE_ACK_TMR) 108 } else if (ev->type == LLC_CONN_EV_TYPE_ACK_TMR)
122 reason = LLC_DISC_REASON_ACK_TMR_EXP; 109 reason = LLC_DISC_REASON_ACK_TMR_EXP;
123 else { 110 else
124 reason = 0;
125 rc = -EINVAL; 111 rc = -EINVAL;
126 }
127 if (!rc) { 112 if (!rc) {
128 ev->reason = reason; 113 ev->reason = reason;
129 ev->ind_prim = LLC_DISC_PRIM; 114 ev->ind_prim = LLC_DISC_PRIM;
@@ -160,9 +145,6 @@ int llc_conn_ac_rst_ind(struct sock *sk, struct sk_buff *skb)
160 LLC_U_PDU_CMD(pdu) == LLC_2_PDU_CMD_SABME) { 145 LLC_U_PDU_CMD(pdu) == LLC_2_PDU_CMD_SABME) {
161 reason = LLC_RESET_REASON_REMOTE; 146 reason = LLC_RESET_REASON_REMOTE;
162 rc = 0; 147 rc = 0;
163 } else {
164 reason = 0;
165 rc = 1;
166 } 148 }
167 break; 149 break;
168 case LLC_CONN_EV_TYPE_ACK_TMR: 150 case LLC_CONN_EV_TYPE_ACK_TMR:
@@ -172,8 +154,7 @@ int llc_conn_ac_rst_ind(struct sock *sk, struct sk_buff *skb)
172 if (llc->retry_count > llc->n2) { 154 if (llc->retry_count > llc->n2) {
173 reason = LLC_RESET_REASON_LOCAL; 155 reason = LLC_RESET_REASON_LOCAL;
174 rc = 0; 156 rc = 0;
175 } else 157 }
176 rc = 1;
177 break; 158 break;
178 } 159 }
179 if (!rc) { 160 if (!rc) {
@@ -217,18 +198,17 @@ int llc_conn_ac_stop_rej_tmr_if_data_flag_eq_2(struct sock *sk,
217int llc_conn_ac_send_disc_cmd_p_set_x(struct sock *sk, struct sk_buff *skb) 198int llc_conn_ac_send_disc_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
218{ 199{
219 int rc = -ENOBUFS; 200 int rc = -ENOBUFS;
220 struct sk_buff *nskb = llc_alloc_frame(); 201 struct llc_sock *llc = llc_sk(sk);
202 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
221 203
222 if (nskb) { 204 if (nskb) {
223 struct llc_sock *llc = llc_sk(sk);
224 struct llc_sap *sap = llc->sap; 205 struct llc_sap *sap = llc->sap;
225 206
226 nskb->dev = llc->dev;
227 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 207 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
228 llc->daddr.lsap, LLC_PDU_CMD); 208 llc->daddr.lsap, LLC_PDU_CMD);
229 llc_pdu_init_as_disc_cmd(nskb, 1); 209 llc_pdu_init_as_disc_cmd(nskb, 1);
230 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 210 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
231 if (rc) 211 if (unlikely(rc))
232 goto free; 212 goto free;
233 llc_conn_send_pdu(sk, nskb); 213 llc_conn_send_pdu(sk, nskb);
234 llc_conn_ac_set_p_flag_1(sk, skb); 214 llc_conn_ac_set_p_flag_1(sk, skb);
@@ -243,20 +223,19 @@ free:
243int llc_conn_ac_send_dm_rsp_f_set_p(struct sock *sk, struct sk_buff *skb) 223int llc_conn_ac_send_dm_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
244{ 224{
245 int rc = -ENOBUFS; 225 int rc = -ENOBUFS;
246 struct sk_buff *nskb = llc_alloc_frame(); 226 struct llc_sock *llc = llc_sk(sk);
227 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
247 228
248 if (nskb) { 229 if (nskb) {
249 struct llc_sock *llc = llc_sk(sk);
250 struct llc_sap *sap = llc->sap; 230 struct llc_sap *sap = llc->sap;
251 u8 f_bit; 231 u8 f_bit;
252 232
253 nskb->dev = llc->dev;
254 llc_pdu_decode_pf_bit(skb, &f_bit); 233 llc_pdu_decode_pf_bit(skb, &f_bit);
255 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 234 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
256 llc->daddr.lsap, LLC_PDU_RSP); 235 llc->daddr.lsap, LLC_PDU_RSP);
257 llc_pdu_init_as_dm_rsp(nskb, f_bit); 236 llc_pdu_init_as_dm_rsp(nskb, f_bit);
258 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 237 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
259 if (rc) 238 if (unlikely(rc))
260 goto free; 239 goto free;
261 llc_conn_send_pdu(sk, nskb); 240 llc_conn_send_pdu(sk, nskb);
262 } 241 }
@@ -270,19 +249,17 @@ free:
270int llc_conn_ac_send_dm_rsp_f_set_1(struct sock *sk, struct sk_buff *skb) 249int llc_conn_ac_send_dm_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
271{ 250{
272 int rc = -ENOBUFS; 251 int rc = -ENOBUFS;
273 struct sk_buff *nskb = llc_alloc_frame(); 252 struct llc_sock *llc = llc_sk(sk);
253 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
274 254
275 if (nskb) { 255 if (nskb) {
276 struct llc_sock *llc = llc_sk(sk);
277 struct llc_sap *sap = llc->sap; 256 struct llc_sap *sap = llc->sap;
278 u8 f_bit = 1;
279 257
280 nskb->dev = llc->dev;
281 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 258 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
282 llc->daddr.lsap, LLC_PDU_RSP); 259 llc->daddr.lsap, LLC_PDU_RSP);
283 llc_pdu_init_as_dm_rsp(nskb, f_bit); 260 llc_pdu_init_as_dm_rsp(nskb, 1);
284 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 261 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
285 if (rc) 262 if (unlikely(rc))
286 goto free; 263 goto free;
287 llc_conn_send_pdu(sk, nskb); 264 llc_conn_send_pdu(sk, nskb);
288 } 265 }
@@ -306,17 +283,16 @@ int llc_conn_ac_send_frmr_rsp_f_set_x(struct sock *sk, struct sk_buff *skb)
306 llc_pdu_decode_pf_bit(skb, &f_bit); 283 llc_pdu_decode_pf_bit(skb, &f_bit);
307 else 284 else
308 f_bit = 0; 285 f_bit = 0;
309 nskb = llc_alloc_frame(); 286 nskb = llc_alloc_frame(sk, llc->dev);
310 if (nskb) { 287 if (nskb) {
311 struct llc_sap *sap = llc->sap; 288 struct llc_sap *sap = llc->sap;
312 289
313 nskb->dev = llc->dev;
314 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 290 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
315 llc->daddr.lsap, LLC_PDU_RSP); 291 llc->daddr.lsap, LLC_PDU_RSP);
316 llc_pdu_init_as_frmr_rsp(nskb, pdu, f_bit, llc->vS, 292 llc_pdu_init_as_frmr_rsp(nskb, pdu, f_bit, llc->vS,
317 llc->vR, INCORRECT); 293 llc->vR, INCORRECT);
318 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 294 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
319 if (rc) 295 if (unlikely(rc))
320 goto free; 296 goto free;
321 llc_conn_send_pdu(sk, nskb); 297 llc_conn_send_pdu(sk, nskb);
322 } 298 }
@@ -330,21 +306,19 @@ free:
330int llc_conn_ac_resend_frmr_rsp_f_set_0(struct sock *sk, struct sk_buff *skb) 306int llc_conn_ac_resend_frmr_rsp_f_set_0(struct sock *sk, struct sk_buff *skb)
331{ 307{
332 int rc = -ENOBUFS; 308 int rc = -ENOBUFS;
333 struct sk_buff *nskb = llc_alloc_frame(); 309 struct llc_sock *llc = llc_sk(sk);
310 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
334 311
335 if (nskb) { 312 if (nskb) {
336 u8 f_bit = 0;
337 struct llc_sock *llc = llc_sk(sk);
338 struct llc_sap *sap = llc->sap; 313 struct llc_sap *sap = llc->sap;
339 struct llc_pdu_sn *pdu = (struct llc_pdu_sn *)&llc->rx_pdu_hdr; 314 struct llc_pdu_sn *pdu = (struct llc_pdu_sn *)&llc->rx_pdu_hdr;
340 315
341 nskb->dev = llc->dev;
342 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 316 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
343 llc->daddr.lsap, LLC_PDU_RSP); 317 llc->daddr.lsap, LLC_PDU_RSP);
344 llc_pdu_init_as_frmr_rsp(nskb, pdu, f_bit, llc->vS, 318 llc_pdu_init_as_frmr_rsp(nskb, pdu, 0, llc->vS,
345 llc->vR, INCORRECT); 319 llc->vR, INCORRECT);
346 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 320 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
347 if (rc) 321 if (unlikely(rc))
348 goto free; 322 goto free;
349 llc_conn_send_pdu(sk, nskb); 323 llc_conn_send_pdu(sk, nskb);
350 } 324 }
@@ -360,21 +334,20 @@ int llc_conn_ac_resend_frmr_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
360 u8 f_bit; 334 u8 f_bit;
361 int rc = -ENOBUFS; 335 int rc = -ENOBUFS;
362 struct sk_buff *nskb; 336 struct sk_buff *nskb;
337 struct llc_sock *llc = llc_sk(sk);
363 338
364 llc_pdu_decode_pf_bit(skb, &f_bit); 339 llc_pdu_decode_pf_bit(skb, &f_bit);
365 nskb = llc_alloc_frame(); 340 nskb = llc_alloc_frame(sk, llc->dev);
366 if (nskb) { 341 if (nskb) {
367 struct llc_sock *llc = llc_sk(sk);
368 struct llc_sap *sap = llc->sap; 342 struct llc_sap *sap = llc->sap;
369 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 343 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
370 344
371 nskb->dev = llc->dev;
372 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 345 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
373 llc->daddr.lsap, LLC_PDU_RSP); 346 llc->daddr.lsap, LLC_PDU_RSP);
374 llc_pdu_init_as_frmr_rsp(nskb, pdu, f_bit, llc->vS, 347 llc_pdu_init_as_frmr_rsp(nskb, pdu, f_bit, llc->vS,
375 llc->vR, INCORRECT); 348 llc->vR, INCORRECT);
376 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 349 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
377 if (rc) 350 if (unlikely(rc))
378 goto free; 351 goto free;
379 llc_conn_send_pdu(sk, nskb); 352 llc_conn_send_pdu(sk, nskb);
380 } 353 }
@@ -395,7 +368,7 @@ int llc_conn_ac_send_i_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
395 llc->daddr.lsap, LLC_PDU_CMD); 368 llc->daddr.lsap, LLC_PDU_CMD);
396 llc_pdu_init_as_i_cmd(skb, 1, llc->vS, llc->vR); 369 llc_pdu_init_as_i_cmd(skb, 1, llc->vS, llc->vR);
397 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac); 370 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
398 if (!rc) { 371 if (likely(!rc)) {
399 llc_conn_send_pdu(sk, skb); 372 llc_conn_send_pdu(sk, skb);
400 llc_conn_ac_inc_vs_by_1(sk, skb); 373 llc_conn_ac_inc_vs_by_1(sk, skb);
401 } 374 }
@@ -412,7 +385,7 @@ static int llc_conn_ac_send_i_cmd_p_set_0(struct sock *sk, struct sk_buff *skb)
412 llc->daddr.lsap, LLC_PDU_CMD); 385 llc->daddr.lsap, LLC_PDU_CMD);
413 llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR); 386 llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);
414 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac); 387 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
415 if (!rc) { 388 if (likely(!rc)) {
416 llc_conn_send_pdu(sk, skb); 389 llc_conn_send_pdu(sk, skb);
417 llc_conn_ac_inc_vs_by_1(sk, skb); 390 llc_conn_ac_inc_vs_by_1(sk, skb);
418 } 391 }
@@ -429,7 +402,7 @@ int llc_conn_ac_send_i_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
429 llc->daddr.lsap, LLC_PDU_CMD); 402 llc->daddr.lsap, LLC_PDU_CMD);
430 llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR); 403 llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);
431 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac); 404 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
432 if (!rc) { 405 if (likely(!rc)) {
433 llc_conn_send_pdu(sk, skb); 406 llc_conn_send_pdu(sk, skb);
434 llc_conn_ac_inc_vs_by_1(sk, skb); 407 llc_conn_ac_inc_vs_by_1(sk, skb);
435 } 408 }
@@ -451,18 +424,17 @@ int llc_conn_ac_resend_i_xxx_x_set_0_or_send_rr(struct sock *sk,
451 u8 nr; 424 u8 nr;
452 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 425 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
453 int rc = -ENOBUFS; 426 int rc = -ENOBUFS;
454 struct sk_buff *nskb = llc_alloc_frame(); 427 struct llc_sock *llc = llc_sk(sk);
428 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
455 429
456 if (nskb) { 430 if (nskb) {
457 struct llc_sock *llc = llc_sk(sk);
458 struct llc_sap *sap = llc->sap; 431 struct llc_sap *sap = llc->sap;
459 432
460 nskb->dev = llc->dev;
461 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 433 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
462 llc->daddr.lsap, LLC_PDU_RSP); 434 llc->daddr.lsap, LLC_PDU_RSP);
463 llc_pdu_init_as_rr_rsp(nskb, 0, llc->vR); 435 llc_pdu_init_as_rr_rsp(nskb, 0, llc->vR);
464 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 436 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
465 if (!rc) 437 if (likely(!rc))
466 llc_conn_send_pdu(sk, nskb); 438 llc_conn_send_pdu(sk, nskb);
467 else 439 else
468 kfree_skb(skb); 440 kfree_skb(skb);
@@ -487,18 +459,17 @@ int llc_conn_ac_resend_i_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
487int llc_conn_ac_send_rej_cmd_p_set_1(struct sock *sk, struct sk_buff *skb) 459int llc_conn_ac_send_rej_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
488{ 460{
489 int rc = -ENOBUFS; 461 int rc = -ENOBUFS;
490 struct sk_buff *nskb = llc_alloc_frame(); 462 struct llc_sock *llc = llc_sk(sk);
463 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
491 464
492 if (nskb) { 465 if (nskb) {
493 struct llc_sock *llc = llc_sk(sk);
494 struct llc_sap *sap = llc->sap; 466 struct llc_sap *sap = llc->sap;
495 467
496 nskb->dev = llc->dev;
497 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 468 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
498 llc->daddr.lsap, LLC_PDU_CMD); 469 llc->daddr.lsap, LLC_PDU_CMD);
499 llc_pdu_init_as_rej_cmd(nskb, 1, llc->vR); 470 llc_pdu_init_as_rej_cmd(nskb, 1, llc->vR);
500 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 471 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
501 if (rc) 472 if (unlikely(rc))
502 goto free; 473 goto free;
503 llc_conn_send_pdu(sk, nskb); 474 llc_conn_send_pdu(sk, nskb);
504 } 475 }
@@ -512,19 +483,17 @@ free:
512int llc_conn_ac_send_rej_rsp_f_set_1(struct sock *sk, struct sk_buff *skb) 483int llc_conn_ac_send_rej_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
513{ 484{
514 int rc = -ENOBUFS; 485 int rc = -ENOBUFS;
515 struct sk_buff *nskb = llc_alloc_frame(); 486 struct llc_sock *llc = llc_sk(sk);
487 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
516 488
517 if (nskb) { 489 if (nskb) {
518 u8 f_bit = 1;
519 struct llc_sock *llc = llc_sk(sk);
520 struct llc_sap *sap = llc->sap; 490 struct llc_sap *sap = llc->sap;
521 491
522 nskb->dev = llc->dev;
523 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 492 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
524 llc->daddr.lsap, LLC_PDU_RSP); 493 llc->daddr.lsap, LLC_PDU_RSP);
525 llc_pdu_init_as_rej_rsp(nskb, f_bit, llc->vR); 494 llc_pdu_init_as_rej_rsp(nskb, 1, llc->vR);
526 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 495 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
527 if (rc) 496 if (unlikely(rc))
528 goto free; 497 goto free;
529 llc_conn_send_pdu(sk, nskb); 498 llc_conn_send_pdu(sk, nskb);
530 } 499 }
@@ -538,19 +507,17 @@ free:
538int llc_conn_ac_send_rej_xxx_x_set_0(struct sock *sk, struct sk_buff *skb) 507int llc_conn_ac_send_rej_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
539{ 508{
540 int rc = -ENOBUFS; 509 int rc = -ENOBUFS;
541 struct sk_buff *nskb = llc_alloc_frame(); 510 struct llc_sock *llc = llc_sk(sk);
511 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
542 512
543 if (nskb) { 513 if (nskb) {
544 struct llc_sock *llc = llc_sk(sk);
545 struct llc_sap *sap = llc->sap; 514 struct llc_sap *sap = llc->sap;
546 u8 f_bit = 0;
547 515
548 nskb->dev = llc->dev;
549 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 516 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
550 llc->daddr.lsap, LLC_PDU_RSP); 517 llc->daddr.lsap, LLC_PDU_RSP);
551 llc_pdu_init_as_rej_rsp(nskb, f_bit, llc->vR); 518 llc_pdu_init_as_rej_rsp(nskb, 0, llc->vR);
552 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 519 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
553 if (rc) 520 if (unlikely(rc))
554 goto free; 521 goto free;
555 llc_conn_send_pdu(sk, nskb); 522 llc_conn_send_pdu(sk, nskb);
556 } 523 }
@@ -564,18 +531,17 @@ free:
564int llc_conn_ac_send_rnr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb) 531int llc_conn_ac_send_rnr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
565{ 532{
566 int rc = -ENOBUFS; 533 int rc = -ENOBUFS;
567 struct sk_buff *nskb = llc_alloc_frame(); 534 struct llc_sock *llc = llc_sk(sk);
535 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
568 536
569 if (nskb) { 537 if (nskb) {
570 struct llc_sock *llc = llc_sk(sk);
571 struct llc_sap *sap = llc->sap; 538 struct llc_sap *sap = llc->sap;
572 539
573 nskb->dev = llc->dev;
574 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 540 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
575 llc->daddr.lsap, LLC_PDU_CMD); 541 llc->daddr.lsap, LLC_PDU_CMD);
576 llc_pdu_init_as_rnr_cmd(nskb, 1, llc->vR); 542 llc_pdu_init_as_rnr_cmd(nskb, 1, llc->vR);
577 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 543 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
578 if (rc) 544 if (unlikely(rc))
579 goto free; 545 goto free;
580 llc_conn_send_pdu(sk, nskb); 546 llc_conn_send_pdu(sk, nskb);
581 } 547 }
@@ -589,19 +555,17 @@ free:
589int llc_conn_ac_send_rnr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb) 555int llc_conn_ac_send_rnr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
590{ 556{
591 int rc = -ENOBUFS; 557 int rc = -ENOBUFS;
592 struct sk_buff *nskb = llc_alloc_frame(); 558 struct llc_sock *llc = llc_sk(sk);
559 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
593 560
594 if (nskb) { 561 if (nskb) {
595 struct llc_sock *llc = llc_sk(sk);
596 struct llc_sap *sap = llc->sap; 562 struct llc_sap *sap = llc->sap;
597 u8 f_bit = 1;
598 563
599 nskb->dev = llc->dev;
600 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 564 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
601 llc->daddr.lsap, LLC_PDU_RSP); 565 llc->daddr.lsap, LLC_PDU_RSP);
602 llc_pdu_init_as_rnr_rsp(nskb, f_bit, llc->vR); 566 llc_pdu_init_as_rnr_rsp(nskb, 1, llc->vR);
603 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 567 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
604 if (rc) 568 if (unlikely(rc))
605 goto free; 569 goto free;
606 llc_conn_send_pdu(sk, nskb); 570 llc_conn_send_pdu(sk, nskb);
607 } 571 }
@@ -615,19 +579,17 @@ free:
615int llc_conn_ac_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb) 579int llc_conn_ac_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
616{ 580{
617 int rc = -ENOBUFS; 581 int rc = -ENOBUFS;
618 struct sk_buff *nskb = llc_alloc_frame(); 582 struct llc_sock *llc = llc_sk(sk);
583 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
619 584
620 if (nskb) { 585 if (nskb) {
621 u8 f_bit = 0;
622 struct llc_sock *llc = llc_sk(sk);
623 struct llc_sap *sap = llc->sap; 586 struct llc_sap *sap = llc->sap;
624 587
625 nskb->dev = llc->dev;
626 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 588 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
627 llc->daddr.lsap, LLC_PDU_RSP); 589 llc->daddr.lsap, LLC_PDU_RSP);
628 llc_pdu_init_as_rnr_rsp(nskb, f_bit, llc->vR); 590 llc_pdu_init_as_rnr_rsp(nskb, 0, llc->vR);
629 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 591 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
630 if (rc) 592 if (unlikely(rc))
631 goto free; 593 goto free;
632 llc_conn_send_pdu(sk, nskb); 594 llc_conn_send_pdu(sk, nskb);
633 } 595 }
@@ -645,7 +607,7 @@ int llc_conn_ac_set_remote_busy(struct sock *sk, struct sk_buff *skb)
645 if (!llc->remote_busy_flag) { 607 if (!llc->remote_busy_flag) {
646 llc->remote_busy_flag = 1; 608 llc->remote_busy_flag = 1;
647 mod_timer(&llc->busy_state_timer.timer, 609 mod_timer(&llc->busy_state_timer.timer,
648 jiffies + llc->busy_state_timer.expire * HZ); 610 jiffies + llc->busy_state_timer.expire);
649 } 611 }
650 return 0; 612 return 0;
651} 613}
@@ -653,18 +615,17 @@ int llc_conn_ac_set_remote_busy(struct sock *sk, struct sk_buff *skb)
653int llc_conn_ac_opt_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb) 615int llc_conn_ac_opt_send_rnr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
654{ 616{
655 int rc = -ENOBUFS; 617 int rc = -ENOBUFS;
656 struct sk_buff *nskb = llc_alloc_frame(); 618 struct llc_sock *llc = llc_sk(sk);
619 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
657 620
658 if (nskb) { 621 if (nskb) {
659 struct llc_sock *llc = llc_sk(sk);
660 struct llc_sap *sap = llc->sap; 622 struct llc_sap *sap = llc->sap;
661 623
662 nskb->dev = llc->dev;
663 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 624 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
664 llc->daddr.lsap, LLC_PDU_RSP); 625 llc->daddr.lsap, LLC_PDU_RSP);
665 llc_pdu_init_as_rnr_rsp(nskb, 0, llc->vR); 626 llc_pdu_init_as_rnr_rsp(nskb, 0, llc->vR);
666 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 627 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
667 if (rc) 628 if (unlikely(rc))
668 goto free; 629 goto free;
669 llc_conn_send_pdu(sk, nskb); 630 llc_conn_send_pdu(sk, nskb);
670 } 631 }
@@ -678,18 +639,17 @@ free:
678int llc_conn_ac_send_rr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb) 639int llc_conn_ac_send_rr_cmd_p_set_1(struct sock *sk, struct sk_buff *skb)
679{ 640{
680 int rc = -ENOBUFS; 641 int rc = -ENOBUFS;
681 struct sk_buff *nskb = llc_alloc_frame(); 642 struct llc_sock *llc = llc_sk(sk);
643 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
682 644
683 if (nskb) { 645 if (nskb) {
684 struct llc_sock *llc = llc_sk(sk);
685 struct llc_sap *sap = llc->sap; 646 struct llc_sap *sap = llc->sap;
686 647
687 nskb->dev = llc->dev;
688 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 648 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
689 llc->daddr.lsap, LLC_PDU_CMD); 649 llc->daddr.lsap, LLC_PDU_CMD);
690 llc_pdu_init_as_rr_cmd(nskb, 1, llc->vR); 650 llc_pdu_init_as_rr_cmd(nskb, 1, llc->vR);
691 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 651 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
692 if (rc) 652 if (unlikely(rc))
693 goto free; 653 goto free;
694 llc_conn_send_pdu(sk, nskb); 654 llc_conn_send_pdu(sk, nskb);
695 } 655 }
@@ -703,19 +663,18 @@ free:
703int llc_conn_ac_send_rr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb) 663int llc_conn_ac_send_rr_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
704{ 664{
705 int rc = -ENOBUFS; 665 int rc = -ENOBUFS;
706 struct sk_buff *nskb = llc_alloc_frame(); 666 struct llc_sock *llc = llc_sk(sk);
667 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
707 668
708 if (nskb) { 669 if (nskb) {
709 struct llc_sock *llc = llc_sk(sk);
710 struct llc_sap *sap = llc->sap; 670 struct llc_sap *sap = llc->sap;
711 u8 f_bit = 1; 671 u8 f_bit = 1;
712 672
713 nskb->dev = llc->dev;
714 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 673 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
715 llc->daddr.lsap, LLC_PDU_RSP); 674 llc->daddr.lsap, LLC_PDU_RSP);
716 llc_pdu_init_as_rr_rsp(nskb, f_bit, llc->vR); 675 llc_pdu_init_as_rr_rsp(nskb, f_bit, llc->vR);
717 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 676 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
718 if (rc) 677 if (unlikely(rc))
719 goto free; 678 goto free;
720 llc_conn_send_pdu(sk, nskb); 679 llc_conn_send_pdu(sk, nskb);
721 } 680 }
@@ -729,19 +688,17 @@ free:
729int llc_conn_ac_send_ack_rsp_f_set_1(struct sock *sk, struct sk_buff *skb) 688int llc_conn_ac_send_ack_rsp_f_set_1(struct sock *sk, struct sk_buff *skb)
730{ 689{
731 int rc = -ENOBUFS; 690 int rc = -ENOBUFS;
732 struct sk_buff *nskb = llc_alloc_frame(); 691 struct llc_sock *llc = llc_sk(sk);
692 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
733 693
734 if (nskb) { 694 if (nskb) {
735 struct llc_sock *llc = llc_sk(sk);
736 struct llc_sap *sap = llc->sap; 695 struct llc_sap *sap = llc->sap;
737 u8 f_bit = 1;
738 696
739 nskb->dev = llc->dev;
740 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 697 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
741 llc->daddr.lsap, LLC_PDU_RSP); 698 llc->daddr.lsap, LLC_PDU_RSP);
742 llc_pdu_init_as_rr_rsp(nskb, f_bit, llc->vR); 699 llc_pdu_init_as_rr_rsp(nskb, 1, llc->vR);
743 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 700 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
744 if (rc) 701 if (unlikely(rc))
745 goto free; 702 goto free;
746 llc_conn_send_pdu(sk, nskb); 703 llc_conn_send_pdu(sk, nskb);
747 } 704 }
@@ -755,18 +712,17 @@ free:
755int llc_conn_ac_send_rr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb) 712int llc_conn_ac_send_rr_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
756{ 713{
757 int rc = -ENOBUFS; 714 int rc = -ENOBUFS;
758 struct sk_buff *nskb = llc_alloc_frame(); 715 struct llc_sock *llc = llc_sk(sk);
716 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
759 717
760 if (nskb) { 718 if (nskb) {
761 struct llc_sock *llc = llc_sk(sk);
762 struct llc_sap *sap = llc->sap; 719 struct llc_sap *sap = llc->sap;
763 720
764 nskb->dev = llc->dev;
765 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 721 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
766 llc->daddr.lsap, LLC_PDU_RSP); 722 llc->daddr.lsap, LLC_PDU_RSP);
767 llc_pdu_init_as_rr_rsp(nskb, 0, llc->vR); 723 llc_pdu_init_as_rr_rsp(nskb, 0, llc->vR);
768 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 724 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
769 if (rc) 725 if (unlikely(rc))
770 goto free; 726 goto free;
771 llc_conn_send_pdu(sk, nskb); 727 llc_conn_send_pdu(sk, nskb);
772 } 728 }
@@ -780,18 +736,17 @@ free:
780int llc_conn_ac_send_ack_xxx_x_set_0(struct sock *sk, struct sk_buff *skb) 736int llc_conn_ac_send_ack_xxx_x_set_0(struct sock *sk, struct sk_buff *skb)
781{ 737{
782 int rc = -ENOBUFS; 738 int rc = -ENOBUFS;
783 struct sk_buff *nskb = llc_alloc_frame(); 739 struct llc_sock *llc = llc_sk(sk);
740 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
784 741
785 if (nskb) { 742 if (nskb) {
786 struct llc_sock *llc = llc_sk(sk);
787 struct llc_sap *sap = llc->sap; 743 struct llc_sap *sap = llc->sap;
788 744
789 nskb->dev = llc->dev;
790 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 745 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
791 llc->daddr.lsap, LLC_PDU_RSP); 746 llc->daddr.lsap, LLC_PDU_RSP);
792 llc_pdu_init_as_rr_rsp(nskb, 0, llc->vR); 747 llc_pdu_init_as_rr_rsp(nskb, 0, llc->vR);
793 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 748 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
794 if (rc) 749 if (unlikely(rc))
795 goto free; 750 goto free;
796 llc_conn_send_pdu(sk, nskb); 751 llc_conn_send_pdu(sk, nskb);
797 } 752 }
@@ -815,8 +770,8 @@ void llc_conn_set_p_flag(struct sock *sk, u8 value)
815int llc_conn_ac_send_sabme_cmd_p_set_x(struct sock *sk, struct sk_buff *skb) 770int llc_conn_ac_send_sabme_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
816{ 771{
817 int rc = -ENOBUFS; 772 int rc = -ENOBUFS;
818 struct sk_buff *nskb = llc_alloc_frame();
819 struct llc_sock *llc = llc_sk(sk); 773 struct llc_sock *llc = llc_sk(sk);
774 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
820 775
821 if (nskb) { 776 if (nskb) {
822 struct llc_sap *sap = llc->sap; 777 struct llc_sap *sap = llc->sap;
@@ -824,12 +779,11 @@ int llc_conn_ac_send_sabme_cmd_p_set_x(struct sock *sk, struct sk_buff *skb)
824 779
825 if (llc->dev->flags & IFF_LOOPBACK) 780 if (llc->dev->flags & IFF_LOOPBACK)
826 dmac = llc->dev->dev_addr; 781 dmac = llc->dev->dev_addr;
827 nskb->dev = llc->dev;
828 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, 782 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap,
829 llc->daddr.lsap, LLC_PDU_CMD); 783 llc->daddr.lsap, LLC_PDU_CMD);
830 llc_pdu_init_as_sabme_cmd(nskb, 1); 784 llc_pdu_init_as_sabme_cmd(nskb, 1);
831 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, dmac); 785 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, dmac);
832 if (rc) 786 if (unlikely(rc))
833 goto free; 787 goto free;
834 llc_conn_send_pdu(sk, nskb); 788 llc_conn_send_pdu(sk, nskb);
835 llc_conn_set_p_flag(sk, 1); 789 llc_conn_set_p_flag(sk, 1);
@@ -845,11 +799,11 @@ int llc_conn_ac_send_ua_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
845{ 799{
846 u8 f_bit; 800 u8 f_bit;
847 int rc = -ENOBUFS; 801 int rc = -ENOBUFS;
848 struct sk_buff *nskb = llc_alloc_frame(); 802 struct llc_sock *llc = llc_sk(sk);
803 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
849 804
850 llc_pdu_decode_pf_bit(skb, &f_bit); 805 llc_pdu_decode_pf_bit(skb, &f_bit);
851 if (nskb) { 806 if (nskb) {
852 struct llc_sock *llc = llc_sk(sk);
853 struct llc_sap *sap = llc->sap; 807 struct llc_sap *sap = llc->sap;
854 808
855 nskb->dev = llc->dev; 809 nskb->dev = llc->dev;
@@ -857,7 +811,7 @@ int llc_conn_ac_send_ua_rsp_f_set_p(struct sock *sk, struct sk_buff *skb)
857 llc->daddr.lsap, LLC_PDU_RSP); 811 llc->daddr.lsap, LLC_PDU_RSP);
858 llc_pdu_init_as_ua_rsp(nskb, f_bit); 812 llc_pdu_init_as_ua_rsp(nskb, f_bit);
859 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 813 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
860 if (rc) 814 if (unlikely(rc))
861 goto free; 815 goto free;
862 llc_conn_send_pdu(sk, nskb); 816 llc_conn_send_pdu(sk, nskb);
863 } 817 }
@@ -886,7 +840,7 @@ int llc_conn_ac_start_p_timer(struct sock *sk, struct sk_buff *skb)
886 840
887 llc_conn_set_p_flag(sk, 1); 841 llc_conn_set_p_flag(sk, 1);
888 mod_timer(&llc->pf_cycle_timer.timer, 842 mod_timer(&llc->pf_cycle_timer.timer,
889 jiffies + llc->pf_cycle_timer.expire * HZ); 843 jiffies + llc->pf_cycle_timer.expire);
890 return 0; 844 return 0;
891} 845}
892 846
@@ -957,7 +911,7 @@ static int llc_conn_ac_send_i_rsp_f_set_ackpf(struct sock *sk,
957 llc->daddr.lsap, LLC_PDU_RSP); 911 llc->daddr.lsap, LLC_PDU_RSP);
958 llc_pdu_init_as_i_cmd(skb, llc->ack_pf, llc->vS, llc->vR); 912 llc_pdu_init_as_i_cmd(skb, llc->ack_pf, llc->vS, llc->vR);
959 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac); 913 rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);
960 if (!rc) { 914 if (likely(!rc)) {
961 llc_conn_send_pdu(sk, skb); 915 llc_conn_send_pdu(sk, skb);
962 llc_conn_ac_inc_vs_by_1(sk, skb); 916 llc_conn_ac_inc_vs_by_1(sk, skb);
963 } 917 }
@@ -1001,18 +955,17 @@ static int llc_conn_ac_send_rr_rsp_f_set_ackpf(struct sock *sk,
1001 struct sk_buff *skb) 955 struct sk_buff *skb)
1002{ 956{
1003 int rc = -ENOBUFS; 957 int rc = -ENOBUFS;
1004 struct sk_buff *nskb = llc_alloc_frame(); 958 struct llc_sock *llc = llc_sk(sk);
959 struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
1005 960
1006 if (nskb) { 961 if (nskb) {
1007 struct llc_sock *llc = llc_sk(sk);
1008 struct llc_sap *sap = llc->sap; 962 struct llc_sap *sap = llc->sap;
1009 963
1010 nskb->dev = llc->dev;
1011 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap, 964 llc_pdu_header_init(nskb, LLC_PDU_TYPE_S, sap->laddr.lsap,
1012 llc->daddr.lsap, LLC_PDU_RSP); 965 llc->daddr.lsap, LLC_PDU_RSP);
1013 llc_pdu_init_as_rr_rsp(nskb, llc->ack_pf, llc->vR); 966 llc_pdu_init_as_rr_rsp(nskb, llc->ack_pf, llc->vR);
1014 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac); 967 rc = llc_mac_hdr_init(nskb, llc->dev->dev_addr, llc->daddr.mac);
1015 if (rc) 968 if (unlikely(rc))
1016 goto free; 969 goto free;
1017 llc_conn_send_pdu(sk, nskb); 970 llc_conn_send_pdu(sk, nskb);
1018 } 971 }
@@ -1165,7 +1118,7 @@ int llc_conn_ac_start_ack_timer(struct sock *sk, struct sk_buff *skb)
1165{ 1118{
1166 struct llc_sock *llc = llc_sk(sk); 1119 struct llc_sock *llc = llc_sk(sk);
1167 1120
1168 mod_timer(&llc->ack_timer.timer, jiffies + llc->ack_timer.expire * HZ); 1121 mod_timer(&llc->ack_timer.timer, jiffies + llc->ack_timer.expire);
1169 return 0; 1122 return 0;
1170} 1123}
1171 1124
@@ -1174,7 +1127,7 @@ int llc_conn_ac_start_rej_timer(struct sock *sk, struct sk_buff *skb)
1174 struct llc_sock *llc = llc_sk(sk); 1127 struct llc_sock *llc = llc_sk(sk);
1175 1128
1176 mod_timer(&llc->rej_sent_timer.timer, 1129 mod_timer(&llc->rej_sent_timer.timer,
1177 jiffies + llc->rej_sent_timer.expire * HZ); 1130 jiffies + llc->rej_sent_timer.expire);
1178 return 0; 1131 return 0;
1179} 1132}
1180 1133
@@ -1185,7 +1138,7 @@ int llc_conn_ac_start_ack_tmr_if_not_running(struct sock *sk,
1185 1138
1186 if (!timer_pending(&llc->ack_timer.timer)) 1139 if (!timer_pending(&llc->ack_timer.timer))
1187 mod_timer(&llc->ack_timer.timer, 1140 mod_timer(&llc->ack_timer.timer,
1188 jiffies + llc->ack_timer.expire * HZ); 1141 jiffies + llc->ack_timer.expire);
1189 return 0; 1142 return 0;
1190} 1143}
1191 1144
@@ -1233,7 +1186,7 @@ int llc_conn_ac_upd_nr_received(struct sock *sk, struct sk_buff *skb)
1233 } 1186 }
1234 if (unacked) 1187 if (unacked)
1235 mod_timer(&llc->ack_timer.timer, 1188 mod_timer(&llc->ack_timer.timer,
1236 jiffies + llc->ack_timer.expire * HZ); 1189 jiffies + llc->ack_timer.expire);
1237 } else if (llc->failed_data_req) { 1190 } else if (llc->failed_data_req) {
1238 u8 f_bit; 1191 u8 f_bit;
1239 1192
@@ -1354,13 +1307,13 @@ int llc_conn_ac_set_vs_nr(struct sock *sk, struct sk_buff *skb)
1354 return 0; 1307 return 0;
1355} 1308}
1356 1309
1357int llc_conn_ac_inc_vs_by_1(struct sock *sk, struct sk_buff *skb) 1310static int llc_conn_ac_inc_vs_by_1(struct sock *sk, struct sk_buff *skb)
1358{ 1311{
1359 llc_sk(sk)->vS = (llc_sk(sk)->vS + 1) % 128; 1312 llc_sk(sk)->vS = (llc_sk(sk)->vS + 1) % 128;
1360 return 0; 1313 return 0;
1361} 1314}
1362 1315
1363void llc_conn_pf_cycle_tmr_cb(unsigned long timeout_data) 1316static void llc_conn_tmr_common_cb(unsigned long timeout_data, u8 type)
1364{ 1317{
1365 struct sock *sk = (struct sock *)timeout_data; 1318 struct sock *sk = (struct sock *)timeout_data;
1366 struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC); 1319 struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC);
@@ -1369,59 +1322,31 @@ void llc_conn_pf_cycle_tmr_cb(unsigned long timeout_data)
1369 if (skb) { 1322 if (skb) {
1370 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 1323 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
1371 1324
1372 skb->sk = sk; 1325 skb_set_owner_r(skb, sk);
1373 ev->type = LLC_CONN_EV_TYPE_P_TMR; 1326 ev->type = type;
1374 llc_process_tmr_ev(sk, skb); 1327 llc_process_tmr_ev(sk, skb);
1375 } 1328 }
1376 bh_unlock_sock(sk); 1329 bh_unlock_sock(sk);
1377} 1330}
1378 1331
1379void llc_conn_busy_tmr_cb(unsigned long timeout_data) 1332void llc_conn_pf_cycle_tmr_cb(unsigned long timeout_data)
1380{ 1333{
1381 struct sock *sk = (struct sock *)timeout_data; 1334 llc_conn_tmr_common_cb(timeout_data, LLC_CONN_EV_TYPE_P_TMR);
1382 struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC); 1335}
1383
1384 bh_lock_sock(sk);
1385 if (skb) {
1386 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
1387 1336
1388 skb->sk = sk; 1337void llc_conn_busy_tmr_cb(unsigned long timeout_data)
1389 ev->type = LLC_CONN_EV_TYPE_BUSY_TMR; 1338{
1390 llc_process_tmr_ev(sk, skb); 1339 llc_conn_tmr_common_cb(timeout_data, LLC_CONN_EV_TYPE_BUSY_TMR);
1391 }
1392 bh_unlock_sock(sk);
1393} 1340}
1394 1341
1395void llc_conn_ack_tmr_cb(unsigned long timeout_data) 1342void llc_conn_ack_tmr_cb(unsigned long timeout_data)
1396{ 1343{
1397 struct sock* sk = (struct sock *)timeout_data; 1344 llc_conn_tmr_common_cb(timeout_data, LLC_CONN_EV_TYPE_ACK_TMR);
1398 struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC);
1399
1400 bh_lock_sock(sk);
1401 if (skb) {
1402 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
1403
1404 skb->sk = sk;
1405 ev->type = LLC_CONN_EV_TYPE_ACK_TMR;
1406 llc_process_tmr_ev(sk, skb);
1407 }
1408 bh_unlock_sock(sk);
1409} 1345}
1410 1346
1411void llc_conn_rej_tmr_cb(unsigned long timeout_data) 1347void llc_conn_rej_tmr_cb(unsigned long timeout_data)
1412{ 1348{
1413 struct sock *sk = (struct sock *)timeout_data; 1349 llc_conn_tmr_common_cb(timeout_data, LLC_CONN_EV_TYPE_REJ_TMR);
1414 struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC);
1415
1416 bh_lock_sock(sk);
1417 if (skb) {
1418 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
1419
1420 skb->sk = sk;
1421 ev->type = LLC_CONN_EV_TYPE_REJ_TMR;
1422 llc_process_tmr_ev(sk, skb);
1423 }
1424 bh_unlock_sock(sk);
1425} 1350}
1426 1351
1427int llc_conn_ac_rst_vs(struct sock *sk, struct sk_buff *skb) 1352int llc_conn_ac_rst_vs(struct sock *sk, struct sk_buff *skb)
diff --git a/net/llc/llc_c_ev.c b/net/llc/llc_c_ev.c
index d5bdb53a348f..c5deda246614 100644
--- a/net/llc/llc_c_ev.c
+++ b/net/llc/llc_c_ev.c
@@ -37,6 +37,7 @@
37#include <net/llc_conn.h> 37#include <net/llc_conn.h>
38#include <net/llc_sap.h> 38#include <net/llc_sap.h>
39#include <net/sock.h> 39#include <net/sock.h>
40#include <net/llc_c_ac.h>
40#include <net/llc_c_ev.h> 41#include <net/llc_c_ev.h>
41#include <net/llc_pdu.h> 42#include <net/llc_pdu.h>
42 43
@@ -46,8 +47,6 @@
46#define dprintk(args...) 47#define dprintk(args...)
47#endif 48#endif
48 49
49extern u16 llc_circular_between(u8 a, u8 b, u8 c);
50
51/** 50/**
52 * llc_util_ns_inside_rx_window - check if sequence number is in rx window 51 * llc_util_ns_inside_rx_window - check if sequence number is in rx window
53 * @ns: sequence number of received pdu. 52 * @ns: sequence number of received pdu.
@@ -99,7 +98,7 @@ out:
99 98
100int llc_conn_ev_conn_req(struct sock *sk, struct sk_buff *skb) 99int llc_conn_ev_conn_req(struct sock *sk, struct sk_buff *skb)
101{ 100{
102 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 101 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
103 102
104 return ev->prim == LLC_CONN_PRIM && 103 return ev->prim == LLC_CONN_PRIM &&
105 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1; 104 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1;
@@ -107,7 +106,7 @@ int llc_conn_ev_conn_req(struct sock *sk, struct sk_buff *skb)
107 106
108int llc_conn_ev_data_req(struct sock *sk, struct sk_buff *skb) 107int llc_conn_ev_data_req(struct sock *sk, struct sk_buff *skb)
109{ 108{
110 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 109 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
111 110
112 return ev->prim == LLC_DATA_PRIM && 111 return ev->prim == LLC_DATA_PRIM &&
113 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1; 112 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1;
@@ -115,7 +114,7 @@ int llc_conn_ev_data_req(struct sock *sk, struct sk_buff *skb)
115 114
116int llc_conn_ev_disc_req(struct sock *sk, struct sk_buff *skb) 115int llc_conn_ev_disc_req(struct sock *sk, struct sk_buff *skb)
117{ 116{
118 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 117 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
119 118
120 return ev->prim == LLC_DISC_PRIM && 119 return ev->prim == LLC_DISC_PRIM &&
121 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1; 120 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1;
@@ -123,7 +122,7 @@ int llc_conn_ev_disc_req(struct sock *sk, struct sk_buff *skb)
123 122
124int llc_conn_ev_rst_req(struct sock *sk, struct sk_buff *skb) 123int llc_conn_ev_rst_req(struct sock *sk, struct sk_buff *skb)
125{ 124{
126 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 125 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
127 126
128 return ev->prim == LLC_RESET_PRIM && 127 return ev->prim == LLC_RESET_PRIM &&
129 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1; 128 ev->prim_type == LLC_PRIM_TYPE_REQ ? 0 : 1;
@@ -131,7 +130,7 @@ int llc_conn_ev_rst_req(struct sock *sk, struct sk_buff *skb)
131 130
132int llc_conn_ev_local_busy_detected(struct sock *sk, struct sk_buff *skb) 131int llc_conn_ev_local_busy_detected(struct sock *sk, struct sk_buff *skb)
133{ 132{
134 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 133 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
135 134
136 return ev->type == LLC_CONN_EV_TYPE_SIMPLE && 135 return ev->type == LLC_CONN_EV_TYPE_SIMPLE &&
137 ev->prim_type == LLC_CONN_EV_LOCAL_BUSY_DETECTED ? 0 : 1; 136 ev->prim_type == LLC_CONN_EV_LOCAL_BUSY_DETECTED ? 0 : 1;
@@ -139,7 +138,7 @@ int llc_conn_ev_local_busy_detected(struct sock *sk, struct sk_buff *skb)
139 138
140int llc_conn_ev_local_busy_cleared(struct sock *sk, struct sk_buff *skb) 139int llc_conn_ev_local_busy_cleared(struct sock *sk, struct sk_buff *skb)
141{ 140{
142 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 141 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
143 142
144 return ev->type == LLC_CONN_EV_TYPE_SIMPLE && 143 return ev->type == LLC_CONN_EV_TYPE_SIMPLE &&
145 ev->prim_type == LLC_CONN_EV_LOCAL_BUSY_CLEARED ? 0 : 1; 144 ev->prim_type == LLC_CONN_EV_LOCAL_BUSY_CLEARED ? 0 : 1;
@@ -152,7 +151,7 @@ int llc_conn_ev_rx_bad_pdu(struct sock *sk, struct sk_buff *skb)
152 151
153int llc_conn_ev_rx_disc_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb) 152int llc_conn_ev_rx_disc_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb)
154{ 153{
155 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 154 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
156 155
157 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_U(pdu) && 156 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_U(pdu) &&
158 LLC_U_PDU_CMD(pdu) == LLC_2_PDU_CMD_DISC ? 0 : 1; 157 LLC_U_PDU_CMD(pdu) == LLC_2_PDU_CMD_DISC ? 0 : 1;
@@ -160,7 +159,7 @@ int llc_conn_ev_rx_disc_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb)
160 159
161int llc_conn_ev_rx_dm_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb) 160int llc_conn_ev_rx_dm_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
162{ 161{
163 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 162 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
164 163
165 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_U(pdu) && 164 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_U(pdu) &&
166 LLC_U_PDU_RSP(pdu) == LLC_2_PDU_RSP_DM ? 0 : 1; 165 LLC_U_PDU_RSP(pdu) == LLC_2_PDU_RSP_DM ? 0 : 1;
@@ -168,7 +167,7 @@ int llc_conn_ev_rx_dm_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
168 167
169int llc_conn_ev_rx_frmr_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb) 168int llc_conn_ev_rx_frmr_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
170{ 169{
171 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 170 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
172 171
173 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_U(pdu) && 172 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_U(pdu) &&
174 LLC_U_PDU_RSP(pdu) == LLC_2_PDU_RSP_FRMR ? 0 : 1; 173 LLC_U_PDU_RSP(pdu) == LLC_2_PDU_RSP_FRMR ? 0 : 1;
@@ -176,7 +175,7 @@ int llc_conn_ev_rx_frmr_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
176 175
177int llc_conn_ev_rx_i_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb) 176int llc_conn_ev_rx_i_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
178{ 177{
179 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 178 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
180 179
181 return llc_conn_space(sk, skb) && 180 return llc_conn_space(sk, skb) &&
182 LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 181 LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
@@ -186,7 +185,7 @@ int llc_conn_ev_rx_i_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
186 185
187int llc_conn_ev_rx_i_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb) 186int llc_conn_ev_rx_i_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
188{ 187{
189 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 188 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
190 189
191 return llc_conn_space(sk, skb) && 190 return llc_conn_space(sk, skb) &&
192 LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 191 LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
@@ -197,9 +196,9 @@ int llc_conn_ev_rx_i_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
197int llc_conn_ev_rx_i_cmd_pbit_set_0_unexpd_ns(struct sock *sk, 196int llc_conn_ev_rx_i_cmd_pbit_set_0_unexpd_ns(struct sock *sk,
198 struct sk_buff *skb) 197 struct sk_buff *skb)
199{ 198{
200 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 199 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
201 u8 vr = llc_sk(sk)->vR; 200 const u8 vr = llc_sk(sk)->vR;
202 u8 ns = LLC_I_GET_NS(pdu); 201 const u8 ns = LLC_I_GET_NS(pdu);
203 202
204 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 203 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
205 LLC_I_PF_IS_0(pdu) && ns != vr && 204 LLC_I_PF_IS_0(pdu) && ns != vr &&
@@ -209,9 +208,9 @@ int llc_conn_ev_rx_i_cmd_pbit_set_0_unexpd_ns(struct sock *sk,
209int llc_conn_ev_rx_i_cmd_pbit_set_1_unexpd_ns(struct sock *sk, 208int llc_conn_ev_rx_i_cmd_pbit_set_1_unexpd_ns(struct sock *sk,
210 struct sk_buff *skb) 209 struct sk_buff *skb)
211{ 210{
212 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 211 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
213 u8 vr = llc_sk(sk)->vR; 212 const u8 vr = llc_sk(sk)->vR;
214 u8 ns = LLC_I_GET_NS(pdu); 213 const u8 ns = LLC_I_GET_NS(pdu);
215 214
216 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 215 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
217 LLC_I_PF_IS_1(pdu) && ns != vr && 216 LLC_I_PF_IS_1(pdu) && ns != vr &&
@@ -221,10 +220,11 @@ int llc_conn_ev_rx_i_cmd_pbit_set_1_unexpd_ns(struct sock *sk,
221int llc_conn_ev_rx_i_cmd_pbit_set_x_inval_ns(struct sock *sk, 220int llc_conn_ev_rx_i_cmd_pbit_set_x_inval_ns(struct sock *sk,
222 struct sk_buff *skb) 221 struct sk_buff *skb)
223{ 222{
224 struct llc_pdu_sn * pdu = llc_pdu_sn_hdr(skb); 223 const struct llc_pdu_sn * pdu = llc_pdu_sn_hdr(skb);
225 u8 vr = llc_sk(sk)->vR; 224 const u8 vr = llc_sk(sk)->vR;
226 u8 ns = LLC_I_GET_NS(pdu); 225 const u8 ns = LLC_I_GET_NS(pdu);
227 u16 rc = LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) && ns != vr && 226 const u16 rc = LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
227 ns != vr &&
228 llc_util_ns_inside_rx_window(ns, vr, llc_sk(sk)->rw) ? 0 : 1; 228 llc_util_ns_inside_rx_window(ns, vr, llc_sk(sk)->rw) ? 0 : 1;
229 if (!rc) 229 if (!rc)
230 dprintk("%s: matched, state=%d, ns=%d, vr=%d\n", 230 dprintk("%s: matched, state=%d, ns=%d, vr=%d\n",
@@ -234,7 +234,7 @@ int llc_conn_ev_rx_i_cmd_pbit_set_x_inval_ns(struct sock *sk,
234 234
235int llc_conn_ev_rx_i_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb) 235int llc_conn_ev_rx_i_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
236{ 236{
237 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 237 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
238 238
239 return llc_conn_space(sk, skb) && 239 return llc_conn_space(sk, skb) &&
240 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 240 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
@@ -244,7 +244,7 @@ int llc_conn_ev_rx_i_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
244 244
245int llc_conn_ev_rx_i_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb) 245int llc_conn_ev_rx_i_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
246{ 246{
247 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 247 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
248 248
249 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 249 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
250 LLC_I_PF_IS_1(pdu) && 250 LLC_I_PF_IS_1(pdu) &&
@@ -253,7 +253,7 @@ int llc_conn_ev_rx_i_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
253 253
254int llc_conn_ev_rx_i_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb) 254int llc_conn_ev_rx_i_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
255{ 255{
256 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 256 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
257 257
258 return llc_conn_space(sk, skb) && 258 return llc_conn_space(sk, skb) &&
259 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 259 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
@@ -263,9 +263,9 @@ int llc_conn_ev_rx_i_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
263int llc_conn_ev_rx_i_rsp_fbit_set_0_unexpd_ns(struct sock *sk, 263int llc_conn_ev_rx_i_rsp_fbit_set_0_unexpd_ns(struct sock *sk,
264 struct sk_buff *skb) 264 struct sk_buff *skb)
265{ 265{
266 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 266 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
267 u8 vr = llc_sk(sk)->vR; 267 const u8 vr = llc_sk(sk)->vR;
268 u8 ns = LLC_I_GET_NS(pdu); 268 const u8 ns = LLC_I_GET_NS(pdu);
269 269
270 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 270 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
271 LLC_I_PF_IS_0(pdu) && ns != vr && 271 LLC_I_PF_IS_0(pdu) && ns != vr &&
@@ -275,9 +275,9 @@ int llc_conn_ev_rx_i_rsp_fbit_set_0_unexpd_ns(struct sock *sk,
275int llc_conn_ev_rx_i_rsp_fbit_set_1_unexpd_ns(struct sock *sk, 275int llc_conn_ev_rx_i_rsp_fbit_set_1_unexpd_ns(struct sock *sk,
276 struct sk_buff *skb) 276 struct sk_buff *skb)
277{ 277{
278 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 278 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
279 u8 vr = llc_sk(sk)->vR; 279 const u8 vr = llc_sk(sk)->vR;
280 u8 ns = LLC_I_GET_NS(pdu); 280 const u8 ns = LLC_I_GET_NS(pdu);
281 281
282 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && 282 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
283 LLC_I_PF_IS_1(pdu) && ns != vr && 283 LLC_I_PF_IS_1(pdu) && ns != vr &&
@@ -287,9 +287,9 @@ int llc_conn_ev_rx_i_rsp_fbit_set_1_unexpd_ns(struct sock *sk,
287int llc_conn_ev_rx_i_rsp_fbit_set_x_unexpd_ns(struct sock *sk, 287int llc_conn_ev_rx_i_rsp_fbit_set_x_unexpd_ns(struct sock *sk,
288 struct sk_buff *skb) 288 struct sk_buff *skb)
289{ 289{
290 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 290 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
291 u8 vr = llc_sk(sk)->vR; 291 const u8 vr = llc_sk(sk)->vR;
292 u8 ns = LLC_I_GET_NS(pdu); 292 const u8 ns = LLC_I_GET_NS(pdu);
293 293
294 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && ns != vr && 294 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && ns != vr &&
295 !llc_util_ns_inside_rx_window(ns, vr, llc_sk(sk)->rw) ? 0 : 1; 295 !llc_util_ns_inside_rx_window(ns, vr, llc_sk(sk)->rw) ? 0 : 1;
@@ -298,10 +298,11 @@ int llc_conn_ev_rx_i_rsp_fbit_set_x_unexpd_ns(struct sock *sk,
298int llc_conn_ev_rx_i_rsp_fbit_set_x_inval_ns(struct sock *sk, 298int llc_conn_ev_rx_i_rsp_fbit_set_x_inval_ns(struct sock *sk,
299 struct sk_buff *skb) 299 struct sk_buff *skb)
300{ 300{
301 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 301 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
302 u8 vr = llc_sk(sk)->vR; 302 const u8 vr = llc_sk(sk)->vR;
303 u8 ns = LLC_I_GET_NS(pdu); 303 const u8 ns = LLC_I_GET_NS(pdu);
304 u16 rc = LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) && ns != vr && 304 const u16 rc = LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_I(pdu) &&
305 ns != vr &&
305 llc_util_ns_inside_rx_window(ns, vr, llc_sk(sk)->rw) ? 0 : 1; 306 llc_util_ns_inside_rx_window(ns, vr, llc_sk(sk)->rw) ? 0 : 1;
306 if (!rc) 307 if (!rc)
307 dprintk("%s: matched, state=%d, ns=%d, vr=%d\n", 308 dprintk("%s: matched, state=%d, ns=%d, vr=%d\n",
@@ -311,7 +312,7 @@ int llc_conn_ev_rx_i_rsp_fbit_set_x_inval_ns(struct sock *sk,
311 312
312int llc_conn_ev_rx_rej_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb) 313int llc_conn_ev_rx_rej_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
313{ 314{
314 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 315 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
315 316
316 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 317 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
317 LLC_S_PF_IS_0(pdu) && 318 LLC_S_PF_IS_0(pdu) &&
@@ -320,7 +321,7 @@ int llc_conn_ev_rx_rej_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
320 321
321int llc_conn_ev_rx_rej_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb) 322int llc_conn_ev_rx_rej_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
322{ 323{
323 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 324 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
324 325
325 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 326 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
326 LLC_S_PF_IS_1(pdu) && 327 LLC_S_PF_IS_1(pdu) &&
@@ -329,7 +330,7 @@ int llc_conn_ev_rx_rej_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
329 330
330int llc_conn_ev_rx_rej_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb) 331int llc_conn_ev_rx_rej_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
331{ 332{
332 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 333 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
333 334
334 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 335 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
335 LLC_S_PF_IS_0(pdu) && 336 LLC_S_PF_IS_0(pdu) &&
@@ -338,7 +339,7 @@ int llc_conn_ev_rx_rej_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
338 339
339int llc_conn_ev_rx_rej_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb) 340int llc_conn_ev_rx_rej_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
340{ 341{
341 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 342 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
342 343
343 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 344 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
344 LLC_S_PF_IS_1(pdu) && 345 LLC_S_PF_IS_1(pdu) &&
@@ -347,7 +348,7 @@ int llc_conn_ev_rx_rej_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
347 348
348int llc_conn_ev_rx_rej_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb) 349int llc_conn_ev_rx_rej_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
349{ 350{
350 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 351 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
351 352
352 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 353 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
353 LLC_S_PDU_RSP(pdu) == LLC_2_PDU_RSP_REJ ? 0 : 1; 354 LLC_S_PDU_RSP(pdu) == LLC_2_PDU_RSP_REJ ? 0 : 1;
@@ -355,7 +356,7 @@ int llc_conn_ev_rx_rej_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
355 356
356int llc_conn_ev_rx_rnr_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb) 357int llc_conn_ev_rx_rnr_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
357{ 358{
358 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 359 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
359 360
360 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 361 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
361 LLC_S_PF_IS_0(pdu) && 362 LLC_S_PF_IS_0(pdu) &&
@@ -364,7 +365,7 @@ int llc_conn_ev_rx_rnr_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
364 365
365int llc_conn_ev_rx_rnr_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb) 366int llc_conn_ev_rx_rnr_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
366{ 367{
367 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 368 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
368 369
369 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 370 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
370 LLC_S_PF_IS_1(pdu) && 371 LLC_S_PF_IS_1(pdu) &&
@@ -373,7 +374,7 @@ int llc_conn_ev_rx_rnr_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
373 374
374int llc_conn_ev_rx_rnr_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb) 375int llc_conn_ev_rx_rnr_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
375{ 376{
376 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 377 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
377 378
378 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 379 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
379 LLC_S_PF_IS_0(pdu) && 380 LLC_S_PF_IS_0(pdu) &&
@@ -382,7 +383,7 @@ int llc_conn_ev_rx_rnr_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
382 383
383int llc_conn_ev_rx_rnr_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb) 384int llc_conn_ev_rx_rnr_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
384{ 385{
385 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 386 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
386 387
387 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 388 return LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
388 LLC_S_PF_IS_1(pdu) && 389 LLC_S_PF_IS_1(pdu) &&
@@ -391,7 +392,7 @@ int llc_conn_ev_rx_rnr_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
391 392
392int llc_conn_ev_rx_rr_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb) 393int llc_conn_ev_rx_rr_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
393{ 394{
394 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 395 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
395 396
396 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 397 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
397 LLC_S_PF_IS_0(pdu) && 398 LLC_S_PF_IS_0(pdu) &&
@@ -400,7 +401,7 @@ int llc_conn_ev_rx_rr_cmd_pbit_set_0(struct sock *sk, struct sk_buff *skb)
400 401
401int llc_conn_ev_rx_rr_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb) 402int llc_conn_ev_rx_rr_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
402{ 403{
403 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 404 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
404 405
405 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 406 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
406 LLC_S_PF_IS_1(pdu) && 407 LLC_S_PF_IS_1(pdu) &&
@@ -409,7 +410,7 @@ int llc_conn_ev_rx_rr_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
409 410
410int llc_conn_ev_rx_rr_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb) 411int llc_conn_ev_rx_rr_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
411{ 412{
412 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 413 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
413 414
414 return llc_conn_space(sk, skb) && 415 return llc_conn_space(sk, skb) &&
415 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 416 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
@@ -419,7 +420,7 @@ int llc_conn_ev_rx_rr_rsp_fbit_set_0(struct sock *sk, struct sk_buff *skb)
419 420
420int llc_conn_ev_rx_rr_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb) 421int llc_conn_ev_rx_rr_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
421{ 422{
422 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 423 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
423 424
424 return llc_conn_space(sk, skb) && 425 return llc_conn_space(sk, skb) &&
425 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) && 426 LLC_PDU_IS_RSP(pdu) && LLC_PDU_TYPE_IS_S(pdu) &&
@@ -429,7 +430,7 @@ int llc_conn_ev_rx_rr_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
429 430
430int llc_conn_ev_rx_sabme_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb) 431int llc_conn_ev_rx_sabme_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb)
431{ 432{
432 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 433 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
433 434
434 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_U(pdu) && 435 return LLC_PDU_IS_CMD(pdu) && LLC_PDU_TYPE_IS_U(pdu) &&
435 LLC_U_PDU_CMD(pdu) == LLC_2_PDU_CMD_SABME ? 0 : 1; 436 LLC_U_PDU_CMD(pdu) == LLC_2_PDU_CMD_SABME ? 0 : 1;
@@ -446,7 +447,7 @@ int llc_conn_ev_rx_ua_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
446int llc_conn_ev_rx_xxx_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb) 447int llc_conn_ev_rx_xxx_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
447{ 448{
448 u16 rc = 1; 449 u16 rc = 1;
449 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 450 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
450 451
451 if (LLC_PDU_IS_CMD(pdu)) { 452 if (LLC_PDU_IS_CMD(pdu)) {
452 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) { 453 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) {
@@ -461,7 +462,7 @@ int llc_conn_ev_rx_xxx_cmd_pbit_set_1(struct sock *sk, struct sk_buff *skb)
461int llc_conn_ev_rx_xxx_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb) 462int llc_conn_ev_rx_xxx_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb)
462{ 463{
463 u16 rc = 1; 464 u16 rc = 1;
464 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 465 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
465 466
466 if (LLC_PDU_IS_CMD(pdu)) { 467 if (LLC_PDU_IS_CMD(pdu)) {
467 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) 468 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu))
@@ -477,32 +478,10 @@ int llc_conn_ev_rx_xxx_cmd_pbit_set_x(struct sock *sk, struct sk_buff *skb)
477 return rc; 478 return rc;
478} 479}
479 480
480int llc_conn_ev_rx_xxx_rsp_fbit_set_1(struct sock *sk, struct sk_buff *skb)
481{
482 u16 rc = 1;
483 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
484
485 if (LLC_PDU_IS_RSP(pdu)) {
486 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) {
487 if (LLC_I_PF_IS_1(pdu))
488 rc = 0;
489 } else if (LLC_PDU_TYPE_IS_U(pdu))
490 switch (LLC_U_PDU_RSP(pdu)) {
491 case LLC_2_PDU_RSP_UA:
492 case LLC_2_PDU_RSP_DM:
493 case LLC_2_PDU_RSP_FRMR:
494 if (LLC_U_PF_IS_1(pdu))
495 rc = 0;
496 break;
497 }
498 }
499 return rc;
500}
501
502int llc_conn_ev_rx_xxx_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb) 481int llc_conn_ev_rx_xxx_rsp_fbit_set_x(struct sock *sk, struct sk_buff *skb)
503{ 482{
504 u16 rc = 1; 483 u16 rc = 1;
505 struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb); 484 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
506 485
507 if (LLC_PDU_IS_RSP(pdu)) { 486 if (LLC_PDU_IS_RSP(pdu)) {
508 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) 487 if (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu))
@@ -524,9 +503,9 @@ int llc_conn_ev_rx_zzz_cmd_pbit_set_x_inval_nr(struct sock *sk,
524 struct sk_buff *skb) 503 struct sk_buff *skb)
525{ 504{
526 u16 rc = 1; 505 u16 rc = 1;
527 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 506 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
528 u8 vs = llc_sk(sk)->vS; 507 const u8 vs = llc_sk(sk)->vS;
529 u8 nr = LLC_I_GET_NR(pdu); 508 const u8 nr = LLC_I_GET_NR(pdu);
530 509
531 if (LLC_PDU_IS_CMD(pdu) && 510 if (LLC_PDU_IS_CMD(pdu) &&
532 (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) && 511 (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) &&
@@ -542,9 +521,9 @@ int llc_conn_ev_rx_zzz_rsp_fbit_set_x_inval_nr(struct sock *sk,
542 struct sk_buff *skb) 521 struct sk_buff *skb)
543{ 522{
544 u16 rc = 1; 523 u16 rc = 1;
545 struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb); 524 const struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
546 u8 vs = llc_sk(sk)->vS; 525 const u8 vs = llc_sk(sk)->vS;
547 u8 nr = LLC_I_GET_NR(pdu); 526 const u8 nr = LLC_I_GET_NR(pdu);
548 527
549 if (LLC_PDU_IS_RSP(pdu) && 528 if (LLC_PDU_IS_RSP(pdu) &&
550 (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) && 529 (LLC_PDU_TYPE_IS_I(pdu) || LLC_PDU_TYPE_IS_S(pdu)) &&
@@ -563,28 +542,28 @@ int llc_conn_ev_rx_any_frame(struct sock *sk, struct sk_buff *skb)
563 542
564int llc_conn_ev_p_tmr_exp(struct sock *sk, struct sk_buff *skb) 543int llc_conn_ev_p_tmr_exp(struct sock *sk, struct sk_buff *skb)
565{ 544{
566 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 545 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
567 546
568 return ev->type != LLC_CONN_EV_TYPE_P_TMR; 547 return ev->type != LLC_CONN_EV_TYPE_P_TMR;
569} 548}
570 549
571int llc_conn_ev_ack_tmr_exp(struct sock *sk, struct sk_buff *skb) 550int llc_conn_ev_ack_tmr_exp(struct sock *sk, struct sk_buff *skb)
572{ 551{
573 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 552 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
574 553
575 return ev->type != LLC_CONN_EV_TYPE_ACK_TMR; 554 return ev->type != LLC_CONN_EV_TYPE_ACK_TMR;
576} 555}
577 556
578int llc_conn_ev_rej_tmr_exp(struct sock *sk, struct sk_buff *skb) 557int llc_conn_ev_rej_tmr_exp(struct sock *sk, struct sk_buff *skb)
579{ 558{
580 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 559 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
581 560
582 return ev->type != LLC_CONN_EV_TYPE_REJ_TMR; 561 return ev->type != LLC_CONN_EV_TYPE_REJ_TMR;
583} 562}
584 563
585int llc_conn_ev_busy_tmr_exp(struct sock *sk, struct sk_buff *skb) 564int llc_conn_ev_busy_tmr_exp(struct sock *sk, struct sk_buff *skb)
586{ 565{
587 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 566 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
588 567
589 return ev->type != LLC_CONN_EV_TYPE_BUSY_TMR; 568 return ev->type != LLC_CONN_EV_TYPE_BUSY_TMR;
590} 569}
@@ -596,7 +575,7 @@ int llc_conn_ev_init_p_f_cycle(struct sock *sk, struct sk_buff *skb)
596 575
597int llc_conn_ev_tx_buffer_full(struct sock *sk, struct sk_buff *skb) 576int llc_conn_ev_tx_buffer_full(struct sock *sk, struct sk_buff *skb)
598{ 577{
599 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 578 const struct llc_conn_state_ev *ev = llc_conn_ev(skb);
600 579
601 return ev->type == LLC_CONN_EV_TYPE_SIMPLE && 580 return ev->type == LLC_CONN_EV_TYPE_SIMPLE &&
602 ev->prim_type == LLC_CONN_EV_TX_BUFF_FULL ? 0 : 1; 581 ev->prim_type == LLC_CONN_EV_TX_BUFF_FULL ? 0 : 1;
diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c
index 4c644bc70eae..042b24a8ca4c 100644
--- a/net/llc/llc_conn.c
+++ b/net/llc/llc_conn.c
@@ -40,6 +40,11 @@ static struct llc_conn_state_trans *llc_qualify_conn_ev(struct sock *sk,
40/* Offset table on connection states transition diagram */ 40/* Offset table on connection states transition diagram */
41static int llc_offset_table[NBR_CONN_STATES][NBR_CONN_EV]; 41static int llc_offset_table[NBR_CONN_STATES][NBR_CONN_EV];
42 42
43int sysctl_llc2_ack_timeout = LLC2_ACK_TIME * HZ;
44int sysctl_llc2_p_timeout = LLC2_P_TIME * HZ;
45int sysctl_llc2_rej_timeout = LLC2_REJ_TIME * HZ;
46int sysctl_llc2_busy_timeout = LLC2_BUSY_TIME * HZ;
47
43/** 48/**
44 * llc_conn_state_process - sends event to connection state machine 49 * llc_conn_state_process - sends event to connection state machine
45 * @sk: connection 50 * @sk: connection
@@ -53,7 +58,7 @@ static int llc_offset_table[NBR_CONN_STATES][NBR_CONN_EV];
53int llc_conn_state_process(struct sock *sk, struct sk_buff *skb) 58int llc_conn_state_process(struct sock *sk, struct sk_buff *skb)
54{ 59{
55 int rc; 60 int rc;
56 struct llc_sock *llc = llc_sk(sk); 61 struct llc_sock *llc = llc_sk(skb->sk);
57 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 62 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
58 63
59 /* 64 /*
@@ -63,13 +68,16 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb)
63 */ 68 */
64 skb_get(skb); 69 skb_get(skb);
65 ev->ind_prim = ev->cfm_prim = 0; 70 ev->ind_prim = ev->cfm_prim = 0;
66 rc = llc_conn_service(sk, skb); /* sending event to state machine */ 71 /*
67 if (rc) { 72 * Send event to state machine
73 */
74 rc = llc_conn_service(skb->sk, skb);
75 if (unlikely(rc != 0)) {
68 printk(KERN_ERR "%s: llc_conn_service failed\n", __FUNCTION__); 76 printk(KERN_ERR "%s: llc_conn_service failed\n", __FUNCTION__);
69 goto out_kfree_skb; 77 goto out_kfree_skb;
70 } 78 }
71 79
72 if (!ev->ind_prim && !ev->cfm_prim) { 80 if (unlikely(!ev->ind_prim && !ev->cfm_prim)) {
73 /* indicate or confirm not required */ 81 /* indicate or confirm not required */
74 /* XXX this is not very pretty, perhaps we should store 82 /* XXX this is not very pretty, perhaps we should store
75 * XXX indicate/confirm-needed state in the llc_conn_state_ev 83 * XXX indicate/confirm-needed state in the llc_conn_state_ev
@@ -80,13 +88,13 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb)
80 goto out_skb_put; 88 goto out_skb_put;
81 } 89 }
82 90
83 if (ev->ind_prim && ev->cfm_prim) /* Paranoia */ 91 if (unlikely(ev->ind_prim && ev->cfm_prim)) /* Paranoia */
84 skb_get(skb); 92 skb_get(skb);
85 93
86 switch (ev->ind_prim) { 94 switch (ev->ind_prim) {
87 case LLC_DATA_PRIM: 95 case LLC_DATA_PRIM:
88 llc_save_primitive(skb, LLC_DATA_PRIM); 96 llc_save_primitive(sk, skb, LLC_DATA_PRIM);
89 if (sock_queue_rcv_skb(sk, skb)) { 97 if (unlikely(sock_queue_rcv_skb(sk, skb))) {
90 /* 98 /*
91 * shouldn't happen 99 * shouldn't happen
92 */ 100 */
@@ -95,13 +103,14 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb)
95 kfree_skb(skb); 103 kfree_skb(skb);
96 } 104 }
97 break; 105 break;
98 case LLC_CONN_PRIM: { 106 case LLC_CONN_PRIM:
99 struct sock *parent = skb->sk; 107 /*
100 108 * Can't be sock_queue_rcv_skb, because we have to leave the
101 skb->sk = sk; 109 * skb->sk pointing to the newly created struct sock in
102 skb_queue_tail(&parent->sk_receive_queue, skb); 110 * llc_conn_handler. -acme
103 sk->sk_state_change(parent); 111 */
104 } 112 skb_queue_tail(&sk->sk_receive_queue, skb);
113 sk->sk_state_change(sk);
105 break; 114 break;
106 case LLC_DISC_PRIM: 115 case LLC_DISC_PRIM:
107 sock_hold(sk); 116 sock_hold(sk);
@@ -111,8 +120,8 @@ int llc_conn_state_process(struct sock *sk, struct sk_buff *skb)
111 sk->sk_socket->state = SS_UNCONNECTED; 120 sk->sk_socket->state = SS_UNCONNECTED;
112 sk->sk_state = TCP_CLOSE; 121 sk->sk_state = TCP_CLOSE;
113 if (!sock_flag(sk, SOCK_DEAD)) { 122 if (!sock_flag(sk, SOCK_DEAD)) {
114 sk->sk_state_change(sk);
115 sock_set_flag(sk, SOCK_DEAD); 123 sock_set_flag(sk, SOCK_DEAD);
124 sk->sk_state_change(sk);
116 } 125 }
117 } 126 }
118 kfree_skb(skb); 127 kfree_skb(skb);
@@ -465,7 +474,7 @@ static int llc_exec_conn_trans_actions(struct sock *sk,
465} 474}
466 475
467/** 476/**
468 * llc_lookup_established - Finds connection for the remote/local sap/mac 477 * __llc_lookup_established - Finds connection for the remote/local sap/mac
469 * @sap: SAP 478 * @sap: SAP
470 * @daddr: address of remote LLC (MAC + SAP) 479 * @daddr: address of remote LLC (MAC + SAP)
471 * @laddr: address of local LLC (MAC + SAP) 480 * @laddr: address of local LLC (MAC + SAP)
@@ -473,14 +482,16 @@ static int llc_exec_conn_trans_actions(struct sock *sk,
473 * Search connection list of the SAP and finds connection using the remote 482 * Search connection list of the SAP and finds connection using the remote
474 * mac, remote sap, local mac, and local sap. Returns pointer for 483 * mac, remote sap, local mac, and local sap. Returns pointer for
475 * connection found, %NULL otherwise. 484 * connection found, %NULL otherwise.
485 * Caller has to make sure local_bh is disabled.
476 */ 486 */
477struct sock *llc_lookup_established(struct llc_sap *sap, struct llc_addr *daddr, 487static struct sock *__llc_lookup_established(struct llc_sap *sap,
478 struct llc_addr *laddr) 488 struct llc_addr *daddr,
489 struct llc_addr *laddr)
479{ 490{
480 struct sock *rc; 491 struct sock *rc;
481 struct hlist_node *node; 492 struct hlist_node *node;
482 493
483 read_lock_bh(&sap->sk_list.lock); 494 read_lock(&sap->sk_list.lock);
484 sk_for_each(rc, node, &sap->sk_list.list) { 495 sk_for_each(rc, node, &sap->sk_list.list) {
485 struct llc_sock *llc = llc_sk(rc); 496 struct llc_sock *llc = llc_sk(rc);
486 497
@@ -494,10 +505,22 @@ struct sock *llc_lookup_established(struct llc_sap *sap, struct llc_addr *daddr,
494 } 505 }
495 rc = NULL; 506 rc = NULL;
496found: 507found:
497 read_unlock_bh(&sap->sk_list.lock); 508 read_unlock(&sap->sk_list.lock);
498 return rc; 509 return rc;
499} 510}
500 511
512struct sock *llc_lookup_established(struct llc_sap *sap,
513 struct llc_addr *daddr,
514 struct llc_addr *laddr)
515{
516 struct sock *sk;
517
518 local_bh_disable();
519 sk = __llc_lookup_established(sap, daddr, laddr);
520 local_bh_enable();
521 return sk;
522}
523
501/** 524/**
502 * llc_lookup_listener - Finds listener for local MAC + SAP 525 * llc_lookup_listener - Finds listener for local MAC + SAP
503 * @sap: SAP 526 * @sap: SAP
@@ -506,6 +529,7 @@ found:
506 * Search connection list of the SAP and finds connection listening on 529 * Search connection list of the SAP and finds connection listening on
507 * local mac, and local sap. Returns pointer for parent socket found, 530 * local mac, and local sap. Returns pointer for parent socket found,
508 * %NULL otherwise. 531 * %NULL otherwise.
532 * Caller has to make sure local_bh is disabled.
509 */ 533 */
510static struct sock *llc_lookup_listener(struct llc_sap *sap, 534static struct sock *llc_lookup_listener(struct llc_sap *sap,
511 struct llc_addr *laddr) 535 struct llc_addr *laddr)
@@ -513,7 +537,7 @@ static struct sock *llc_lookup_listener(struct llc_sap *sap,
513 struct sock *rc; 537 struct sock *rc;
514 struct hlist_node *node; 538 struct hlist_node *node;
515 539
516 read_lock_bh(&sap->sk_list.lock); 540 read_lock(&sap->sk_list.lock);
517 sk_for_each(rc, node, &sap->sk_list.list) { 541 sk_for_each(rc, node, &sap->sk_list.list) {
518 struct llc_sock *llc = llc_sk(rc); 542 struct llc_sock *llc = llc_sk(rc);
519 543
@@ -527,10 +551,19 @@ static struct sock *llc_lookup_listener(struct llc_sap *sap,
527 } 551 }
528 rc = NULL; 552 rc = NULL;
529found: 553found:
530 read_unlock_bh(&sap->sk_list.lock); 554 read_unlock(&sap->sk_list.lock);
531 return rc; 555 return rc;
532} 556}
533 557
558static struct sock *__llc_lookup(struct llc_sap *sap,
559 struct llc_addr *daddr,
560 struct llc_addr *laddr)
561{
562 struct sock *sk = __llc_lookup_established(sap, daddr, laddr);
563
564 return sk ? : llc_lookup_listener(sap, laddr);
565}
566
534/** 567/**
535 * llc_data_accept_state - designates if in this state data can be sent. 568 * llc_data_accept_state - designates if in this state data can be sent.
536 * @state: state of connection. 569 * @state: state of connection.
@@ -544,14 +577,14 @@ u8 llc_data_accept_state(u8 state)
544} 577}
545 578
546/** 579/**
547 * find_next_offset - finds offset for next category of transitions 580 * llc_find_next_offset - finds offset for next category of transitions
548 * @state: state table. 581 * @state: state table.
549 * @offset: start offset. 582 * @offset: start offset.
550 * 583 *
551 * Finds offset of next category of transitions in transition table. 584 * Finds offset of next category of transitions in transition table.
552 * Returns the start index of next category. 585 * Returns the start index of next category.
553 */ 586 */
554static u16 find_next_offset(struct llc_conn_state *state, u16 offset) 587static u16 __init llc_find_next_offset(struct llc_conn_state *state, u16 offset)
555{ 588{
556 u16 cnt = 0; 589 u16 cnt = 0;
557 struct llc_conn_state_trans **next_trans; 590 struct llc_conn_state_trans **next_trans;
@@ -578,8 +611,8 @@ void __init llc_build_offset_table(void)
578 next_offset = 0; 611 next_offset = 0;
579 for (ev_type = 0; ev_type < NBR_CONN_EV; ev_type++) { 612 for (ev_type = 0; ev_type < NBR_CONN_EV; ev_type++) {
580 llc_offset_table[state][ev_type] = next_offset; 613 llc_offset_table[state][ev_type] = next_offset;
581 next_offset += find_next_offset(curr_state, 614 next_offset += llc_find_next_offset(curr_state,
582 next_offset) + 1; 615 next_offset) + 1;
583 } 616 }
584 } 617 }
585} 618}
@@ -623,6 +656,7 @@ static int llc_find_offset(int state, int ev_type)
623 */ 656 */
624void llc_sap_add_socket(struct llc_sap *sap, struct sock *sk) 657void llc_sap_add_socket(struct llc_sap *sap, struct sock *sk)
625{ 658{
659 llc_sap_hold(sap);
626 write_lock_bh(&sap->sk_list.lock); 660 write_lock_bh(&sap->sk_list.lock);
627 llc_sk(sk)->sap = sap; 661 llc_sk(sk)->sap = sap;
628 sk_add_node(sk, &sap->sk_list.list); 662 sk_add_node(sk, &sap->sk_list.list);
@@ -642,6 +676,7 @@ void llc_sap_remove_socket(struct llc_sap *sap, struct sock *sk)
642 write_lock_bh(&sap->sk_list.lock); 676 write_lock_bh(&sap->sk_list.lock);
643 sk_del_node_init(sk); 677 sk_del_node_init(sk);
644 write_unlock_bh(&sap->sk_list.lock); 678 write_unlock_bh(&sap->sk_list.lock);
679 llc_sap_put(sap);
645} 680}
646 681
647/** 682/**
@@ -654,15 +689,34 @@ void llc_sap_remove_socket(struct llc_sap *sap, struct sock *sk)
654static int llc_conn_rcv(struct sock* sk, struct sk_buff *skb) 689static int llc_conn_rcv(struct sock* sk, struct sk_buff *skb)
655{ 690{
656 struct llc_conn_state_ev *ev = llc_conn_ev(skb); 691 struct llc_conn_state_ev *ev = llc_conn_ev(skb);
657 struct llc_sock *llc = llc_sk(sk);
658 692
659 if (!llc->dev)
660 llc->dev = skb->dev;
661 ev->type = LLC_CONN_EV_TYPE_PDU; 693 ev->type = LLC_CONN_EV_TYPE_PDU;
662 ev->reason = 0; 694 ev->reason = 0;
663 return llc_conn_state_process(sk, skb); 695 return llc_conn_state_process(sk, skb);
664} 696}
665 697
698static struct sock *llc_create_incoming_sock(struct sock *sk,
699 struct net_device *dev,
700 struct llc_addr *saddr,
701 struct llc_addr *daddr)
702{
703 struct sock *newsk = llc_sk_alloc(sk->sk_family, GFP_ATOMIC,
704 sk->sk_prot);
705 struct llc_sock *newllc, *llc = llc_sk(sk);
706
707 if (!newsk)
708 goto out;
709 newllc = llc_sk(newsk);
710 memcpy(&newllc->laddr, daddr, sizeof(newllc->laddr));
711 memcpy(&newllc->daddr, saddr, sizeof(newllc->daddr));
712 newllc->dev = dev;
713 dev_hold(dev);
714 llc_sap_add_socket(llc->sap, newsk);
715 llc_sap_hold(llc->sap);
716out:
717 return newsk;
718}
719
666void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb) 720void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb)
667{ 721{
668 struct llc_addr saddr, daddr; 722 struct llc_addr saddr, daddr;
@@ -673,35 +727,35 @@ void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb)
673 llc_pdu_decode_da(skb, daddr.mac); 727 llc_pdu_decode_da(skb, daddr.mac);
674 llc_pdu_decode_dsap(skb, &daddr.lsap); 728 llc_pdu_decode_dsap(skb, &daddr.lsap);
675 729
676 sk = llc_lookup_established(sap, &saddr, &daddr); 730 sk = __llc_lookup(sap, &saddr, &daddr);
677 if (!sk) { 731 if (!sk)
732 goto drop;
733
734 bh_lock_sock(sk);
735 /*
736 * This has to be done here and not at the upper layer ->accept
737 * method because of the way the PROCOM state machine works:
738 * it needs to set several state variables (see, for instance,
739 * llc_adm_actions_2 in net/llc/llc_c_st.c) and send a packet to
740 * the originator of the new connection, and this state has to be
741 * in the newly created struct sock private area. -acme
742 */
743 if (unlikely(sk->sk_state == TCP_LISTEN)) {
744 struct sock *newsk = llc_create_incoming_sock(sk, skb->dev,
745 &saddr, &daddr);
746 if (!newsk)
747 goto drop_unlock;
748 skb_set_owner_r(skb, newsk);
749 } else {
678 /* 750 /*
679 * Didn't find an active connection; verify if there 751 * Can't be skb_set_owner_r, this will be done at the
680 * is a listening socket for this llc addr 752 * llc_conn_state_process function, later on, when we will use
753 * skb_queue_rcv_skb to send it to upper layers, this is
754 * another trick required to cope with how the PROCOM state
755 * machine works. -acme
681 */ 756 */
682 struct llc_sock *llc;
683 struct sock *parent = llc_lookup_listener(sap, &daddr);
684
685 if (!parent) {
686 dprintk("llc_lookup_listener failed!\n");
687 goto drop;
688 }
689
690 sk = llc_sk_alloc(parent->sk_family, GFP_ATOMIC, parent->sk_prot);
691 if (!sk) {
692 sock_put(parent);
693 goto drop;
694 }
695 llc = llc_sk(sk);
696 memcpy(&llc->laddr, &daddr, sizeof(llc->laddr));
697 memcpy(&llc->daddr, &saddr, sizeof(llc->daddr));
698 llc_sap_add_socket(sap, sk);
699 sock_hold(sk);
700 sock_put(parent);
701 skb->sk = parent;
702 } else
703 skb->sk = sk; 757 skb->sk = sk;
704 bh_lock_sock(sk); 758 }
705 if (!sock_owned_by_user(sk)) 759 if (!sock_owned_by_user(sk))
706 llc_conn_rcv(sk, skb); 760 llc_conn_rcv(sk, skb);
707 else { 761 else {
@@ -709,11 +763,16 @@ void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb)
709 llc_set_backlog_type(skb, LLC_PACKET); 763 llc_set_backlog_type(skb, LLC_PACKET);
710 sk_add_backlog(sk, skb); 764 sk_add_backlog(sk, skb);
711 } 765 }
766out:
712 bh_unlock_sock(sk); 767 bh_unlock_sock(sk);
713 sock_put(sk); 768 sock_put(sk);
714 return; 769 return;
715drop: 770drop:
716 kfree_skb(skb); 771 kfree_skb(skb);
772 return;
773drop_unlock:
774 kfree_skb(skb);
775 goto out;
717} 776}
718 777
719#undef LLC_REFCNT_DEBUG 778#undef LLC_REFCNT_DEBUG
@@ -722,32 +781,6 @@ static atomic_t llc_sock_nr;
722#endif 781#endif
723 782
724/** 783/**
725 * llc_release_sockets - releases all sockets in a sap
726 * @sap: sap to release its sockets
727 *
728 * Releases all connections of a sap. Returns 0 if all actions complete
729 * successfully, nonzero otherwise
730 */
731int llc_release_sockets(struct llc_sap *sap)
732{
733 int rc = 0;
734 struct sock *sk;
735 struct hlist_node *node;
736
737 write_lock_bh(&sap->sk_list.lock);
738
739 sk_for_each(sk, node, &sap->sk_list.list) {
740 llc_sk(sk)->state = LLC_CONN_STATE_TEMP;
741
742 if (llc_send_disc(sk))
743 rc = 1;
744 }
745
746 write_unlock_bh(&sap->sk_list.lock);
747 return rc;
748}
749
750/**
751 * llc_backlog_rcv - Processes rx frames and expired timers. 784 * llc_backlog_rcv - Processes rx frames and expired timers.
752 * @sk: LLC sock (p8022 connection) 785 * @sk: LLC sock (p8022 connection)
753 * @skb: queued rx frame or event 786 * @skb: queued rx frame or event
@@ -762,14 +795,14 @@ static int llc_backlog_rcv(struct sock *sk, struct sk_buff *skb)
762 int rc = 0; 795 int rc = 0;
763 struct llc_sock *llc = llc_sk(sk); 796 struct llc_sock *llc = llc_sk(sk);
764 797
765 if (llc_backlog_type(skb) == LLC_PACKET) { 798 if (likely(llc_backlog_type(skb) == LLC_PACKET)) {
766 if (llc->state > 1) /* not closed */ 799 if (likely(llc->state > 1)) /* not closed */
767 rc = llc_conn_rcv(sk, skb); 800 rc = llc_conn_rcv(sk, skb);
768 else 801 else
769 goto out_kfree_skb; 802 goto out_kfree_skb;
770 } else if (llc_backlog_type(skb) == LLC_EVENT) { 803 } else if (llc_backlog_type(skb) == LLC_EVENT) {
771 /* timer expiration event */ 804 /* timer expiration event */
772 if (llc->state > 1) /* not closed */ 805 if (likely(llc->state > 1)) /* not closed */
773 rc = llc_conn_state_process(sk, skb); 806 rc = llc_conn_state_process(sk, skb);
774 else 807 else
775 goto out_kfree_skb; 808 goto out_kfree_skb;
@@ -799,22 +832,22 @@ static void llc_sk_init(struct sock* sk)
799 llc->dec_step = llc->connect_step = 1; 832 llc->dec_step = llc->connect_step = 1;
800 833
801 init_timer(&llc->ack_timer.timer); 834 init_timer(&llc->ack_timer.timer);
802 llc->ack_timer.expire = LLC_ACK_TIME; 835 llc->ack_timer.expire = sysctl_llc2_ack_timeout;
803 llc->ack_timer.timer.data = (unsigned long)sk; 836 llc->ack_timer.timer.data = (unsigned long)sk;
804 llc->ack_timer.timer.function = llc_conn_ack_tmr_cb; 837 llc->ack_timer.timer.function = llc_conn_ack_tmr_cb;
805 838
806 init_timer(&llc->pf_cycle_timer.timer); 839 init_timer(&llc->pf_cycle_timer.timer);
807 llc->pf_cycle_timer.expire = LLC_P_TIME; 840 llc->pf_cycle_timer.expire = sysctl_llc2_p_timeout;
808 llc->pf_cycle_timer.timer.data = (unsigned long)sk; 841 llc->pf_cycle_timer.timer.data = (unsigned long)sk;
809 llc->pf_cycle_timer.timer.function = llc_conn_pf_cycle_tmr_cb; 842 llc->pf_cycle_timer.timer.function = llc_conn_pf_cycle_tmr_cb;
810 843
811 init_timer(&llc->rej_sent_timer.timer); 844 init_timer(&llc->rej_sent_timer.timer);
812 llc->rej_sent_timer.expire = LLC_REJ_TIME; 845 llc->rej_sent_timer.expire = sysctl_llc2_rej_timeout;
813 llc->rej_sent_timer.timer.data = (unsigned long)sk; 846 llc->rej_sent_timer.timer.data = (unsigned long)sk;
814 llc->rej_sent_timer.timer.function = llc_conn_rej_tmr_cb; 847 llc->rej_sent_timer.timer.function = llc_conn_rej_tmr_cb;
815 848
816 init_timer(&llc->busy_state_timer.timer); 849 init_timer(&llc->busy_state_timer.timer);
817 llc->busy_state_timer.expire = LLC_BUSY_TIME; 850 llc->busy_state_timer.expire = sysctl_llc2_busy_timeout;
818 llc->busy_state_timer.timer.data = (unsigned long)sk; 851 llc->busy_state_timer.timer.data = (unsigned long)sk;
819 llc->busy_state_timer.timer.function = llc_conn_busy_tmr_cb; 852 llc->busy_state_timer.timer.function = llc_conn_busy_tmr_cb;
820 853
@@ -834,7 +867,8 @@ static void llc_sk_init(struct sock* sk)
834 * Allocates a LLC sock and initializes it. Returns the new LLC sock 867 * Allocates a LLC sock and initializes it. Returns the new LLC sock
835 * or %NULL if there's no memory available for one 868 * or %NULL if there's no memory available for one
836 */ 869 */
837struct sock *llc_sk_alloc(int family, int priority, struct proto *prot) 870struct sock *llc_sk_alloc(int family, unsigned int __nocast priority,
871 struct proto *prot)
838{ 872{
839 struct sock *sk = sk_alloc(family, priority, prot, 1); 873 struct sock *sk = sk_alloc(family, priority, prot, 1);
840 874
diff --git a/net/llc/llc_core.c b/net/llc/llc_core.c
index 9727455bf0e7..ab0fcd32fd84 100644
--- a/net/llc/llc_core.c
+++ b/net/llc/llc_core.c
@@ -40,6 +40,7 @@ static struct llc_sap *llc_sap_alloc(void)
40 sap->state = LLC_SAP_STATE_ACTIVE; 40 sap->state = LLC_SAP_STATE_ACTIVE;
41 memcpy(sap->laddr.mac, llc_station_mac_sa, ETH_ALEN); 41 memcpy(sap->laddr.mac, llc_station_mac_sa, ETH_ALEN);
42 rwlock_init(&sap->sk_list.lock); 42 rwlock_init(&sap->sk_list.lock);
43 atomic_set(&sap->refcnt, 1);
43 } 44 }
44 return sap; 45 return sap;
45} 46}
@@ -52,9 +53,7 @@ static struct llc_sap *llc_sap_alloc(void)
52 */ 53 */
53static void llc_add_sap(struct llc_sap *sap) 54static void llc_add_sap(struct llc_sap *sap)
54{ 55{
55 write_lock_bh(&llc_sap_list_lock);
56 list_add_tail(&sap->node, &llc_sap_list); 56 list_add_tail(&sap->node, &llc_sap_list);
57 write_unlock_bh(&llc_sap_list_lock);
58} 57}
59 58
60/** 59/**
@@ -70,11 +69,25 @@ static void llc_del_sap(struct llc_sap *sap)
70 write_unlock_bh(&llc_sap_list_lock); 69 write_unlock_bh(&llc_sap_list_lock);
71} 70}
72 71
72static struct llc_sap *__llc_sap_find(unsigned char sap_value)
73{
74 struct llc_sap* sap;
75
76 list_for_each_entry(sap, &llc_sap_list, node)
77 if (sap->laddr.lsap == sap_value)
78 goto out;
79 sap = NULL;
80out:
81 return sap;
82}
83
73/** 84/**
74 * llc_sap_find - searchs a SAP in station 85 * llc_sap_find - searchs a SAP in station
75 * @sap_value: sap to be found 86 * @sap_value: sap to be found
76 * 87 *
77 * Searchs for a sap in the sap list of the LLC's station upon the sap ID. 88 * Searchs for a sap in the sap list of the LLC's station upon the sap ID.
89 * If the sap is found it will be refcounted and the user will have to do
90 * a llc_sap_put after use.
78 * Returns the sap or %NULL if not found. 91 * Returns the sap or %NULL if not found.
79 */ 92 */
80struct llc_sap *llc_sap_find(unsigned char sap_value) 93struct llc_sap *llc_sap_find(unsigned char sap_value)
@@ -82,11 +95,9 @@ struct llc_sap *llc_sap_find(unsigned char sap_value)
82 struct llc_sap* sap; 95 struct llc_sap* sap;
83 96
84 read_lock_bh(&llc_sap_list_lock); 97 read_lock_bh(&llc_sap_list_lock);
85 list_for_each_entry(sap, &llc_sap_list, node) 98 sap = __llc_sap_find(sap_value);
86 if (sap->laddr.lsap == sap_value) 99 if (sap)
87 goto out; 100 llc_sap_hold(sap);
88 sap = NULL;
89out:
90 read_unlock_bh(&llc_sap_list_lock); 101 read_unlock_bh(&llc_sap_list_lock);
91 return sap; 102 return sap;
92} 103}
@@ -106,19 +117,20 @@ struct llc_sap *llc_sap_open(unsigned char lsap,
106 struct packet_type *pt, 117 struct packet_type *pt,
107 struct net_device *orig_dev)) 118 struct net_device *orig_dev))
108{ 119{
109 struct llc_sap *sap = llc_sap_find(lsap); 120 struct llc_sap *sap = NULL;
110 121
111 if (sap) { /* SAP already exists */ 122 write_lock_bh(&llc_sap_list_lock);
112 sap = NULL; 123 if (__llc_sap_find(lsap)) /* SAP already exists */
113 goto out; 124 goto out;
114 }
115 sap = llc_sap_alloc(); 125 sap = llc_sap_alloc();
116 if (!sap) 126 if (!sap)
117 goto out; 127 goto out;
118 sap->laddr.lsap = lsap; 128 sap->laddr.lsap = lsap;
119 sap->rcv_func = func; 129 sap->rcv_func = func;
130 llc_sap_hold(sap);
120 llc_add_sap(sap); 131 llc_add_sap(sap);
121out: 132out:
133 write_unlock_bh(&llc_sap_list_lock);
122 return sap; 134 return sap;
123} 135}
124 136
diff --git a/net/llc/llc_if.c b/net/llc/llc_if.c
index 0f84f66018e4..ba90f7f0801a 100644
--- a/net/llc/llc_if.c
+++ b/net/llc/llc_if.c
@@ -47,14 +47,11 @@ int llc_build_and_send_pkt(struct sock *sk, struct sk_buff *skb)
47 int rc = -ECONNABORTED; 47 int rc = -ECONNABORTED;
48 struct llc_sock *llc = llc_sk(sk); 48 struct llc_sock *llc = llc_sk(sk);
49 49
50 if (llc->state == LLC_CONN_STATE_ADM) 50 if (unlikely(llc->state == LLC_CONN_STATE_ADM))
51 goto out; 51 goto out;
52 rc = -EBUSY; 52 rc = -EBUSY;
53 if (llc_data_accept_state(llc->state)) { /* data_conn_refuse */ 53 if (unlikely(llc_data_accept_state(llc->state) || /* data_conn_refuse */
54 llc->failed_data_req = 1; 54 llc->p_flag)) {
55 goto out;
56 }
57 if (llc->p_flag) {
58 llc->failed_data_req = 1; 55 llc->failed_data_req = 1;
59 goto out; 56 goto out;
60 } 57 }
@@ -110,6 +107,7 @@ int llc_establish_connection(struct sock *sk, u8 *lmac, u8 *dmac, u8 dsap)
110 ev->type = LLC_CONN_EV_TYPE_PRIM; 107 ev->type = LLC_CONN_EV_TYPE_PRIM;
111 ev->prim = LLC_CONN_PRIM; 108 ev->prim = LLC_CONN_PRIM;
112 ev->prim_type = LLC_PRIM_TYPE_REQ; 109 ev->prim_type = LLC_PRIM_TYPE_REQ;
110 skb_set_owner_w(skb, sk);
113 rc = llc_conn_state_process(sk, skb); 111 rc = llc_conn_state_process(sk, skb);
114 } 112 }
115out_put: 113out_put:
@@ -144,6 +142,7 @@ int llc_send_disc(struct sock *sk)
144 skb = alloc_skb(0, GFP_ATOMIC); 142 skb = alloc_skb(0, GFP_ATOMIC);
145 if (!skb) 143 if (!skb)
146 goto out; 144 goto out;
145 skb_set_owner_w(skb, sk);
147 sk->sk_state = TCP_CLOSING; 146 sk->sk_state = TCP_CLOSING;
148 ev = llc_conn_ev(skb); 147 ev = llc_conn_ev(skb);
149 ev->type = LLC_CONN_EV_TYPE_PRIM; 148 ev->type = LLC_CONN_EV_TYPE_PRIM;
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 13b46240b7a1..8f3addf0724c 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -99,15 +99,19 @@ out:
99static inline int llc_fixup_skb(struct sk_buff *skb) 99static inline int llc_fixup_skb(struct sk_buff *skb)
100{ 100{
101 u8 llc_len = 2; 101 u8 llc_len = 2;
102 struct llc_pdu_sn *pdu; 102 struct llc_pdu_un *pdu;
103 103
104 if (!pskb_may_pull(skb, sizeof(*pdu))) 104 if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
105 return 0; 105 return 0;
106 106
107 pdu = (struct llc_pdu_sn *)skb->data; 107 pdu = (struct llc_pdu_un *)skb->data;
108 if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U) 108 if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
109 llc_len = 1; 109 llc_len = 1;
110 llc_len += 2; 110 llc_len += 2;
111
112 if (unlikely(!pskb_may_pull(skb, llc_len)))
113 return 0;
114
111 skb->h.raw += llc_len; 115 skb->h.raw += llc_len;
112 skb_pull(skb, llc_len); 116 skb_pull(skb, llc_len);
113 if (skb->protocol == htons(ETH_P_802_2)) { 117 if (skb->protocol == htons(ETH_P_802_2)) {
@@ -166,17 +170,22 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
166 */ 170 */
167 if (sap->rcv_func) { 171 if (sap->rcv_func) {
168 sap->rcv_func(skb, dev, pt, orig_dev); 172 sap->rcv_func(skb, dev, pt, orig_dev);
169 goto out; 173 goto out_put;
170 } 174 }
171 dest = llc_pdu_type(skb); 175 dest = llc_pdu_type(skb);
172 if (unlikely(!dest || !llc_type_handlers[dest - 1])) 176 if (unlikely(!dest || !llc_type_handlers[dest - 1]))
173 goto drop; 177 goto drop_put;
174 llc_type_handlers[dest - 1](sap, skb); 178 llc_type_handlers[dest - 1](sap, skb);
179out_put:
180 llc_sap_put(sap);
175out: 181out:
176 return 0; 182 return 0;
177drop: 183drop:
178 kfree_skb(skb); 184 kfree_skb(skb);
179 goto out; 185 goto out;
186drop_put:
187 kfree_skb(skb);
188 goto out_put;
180handle_station: 189handle_station:
181 if (!llc_station_handler) 190 if (!llc_station_handler)
182 goto drop; 191 goto drop;
diff --git a/net/llc/llc_output.c b/net/llc/llc_output.c
index ab5784cf163e..b4d55b6abb67 100644
--- a/net/llc/llc_output.c
+++ b/net/llc/llc_output.c
@@ -98,7 +98,7 @@ int llc_build_and_send_ui_pkt(struct llc_sap *sap, struct sk_buff *skb,
98 dsap, LLC_PDU_CMD); 98 dsap, LLC_PDU_CMD);
99 llc_pdu_init_as_ui_cmd(skb); 99 llc_pdu_init_as_ui_cmd(skb);
100 rc = llc_mac_hdr_init(skb, skb->dev->dev_addr, dmac); 100 rc = llc_mac_hdr_init(skb, skb->dev->dev_addr, dmac);
101 if (!rc) 101 if (likely(!rc))
102 rc = dev_queue_xmit(skb); 102 rc = dev_queue_xmit(skb);
103 return rc; 103 return rc;
104} 104}
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 36e8db3fa1a2..bd531cb235a7 100644
--- a/net/llc/llc_proc.c
+++ b/net/llc/llc_proc.c
@@ -134,7 +134,7 @@ static int llc_seq_socket_show(struct seq_file *seq, void *v)
134 llc_ui_format_mac(seq, llc->daddr.mac); 134 llc_ui_format_mac(seq, llc->daddr.mac);
135 seq_printf(seq, "@%02X %8d %8d %2d %3d %4d\n", llc->daddr.lsap, 135 seq_printf(seq, "@%02X %8d %8d %2d %3d %4d\n", llc->daddr.lsap,
136 atomic_read(&sk->sk_wmem_alloc), 136 atomic_read(&sk->sk_wmem_alloc),
137 atomic_read(&sk->sk_rmem_alloc), 137 atomic_read(&sk->sk_rmem_alloc) - llc->copied_seq,
138 sk->sk_state, 138 sk->sk_state,
139 sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : -1, 139 sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : -1,
140 llc->link); 140 llc->link);
diff --git a/net/llc/llc_s_ac.c b/net/llc/llc_s_ac.c
index ed8ba7de6122..bb3580fb8cfe 100644
--- a/net/llc/llc_s_ac.c
+++ b/net/llc/llc_s_ac.c
@@ -58,7 +58,7 @@ int llc_sap_action_send_ui(struct llc_sap *sap, struct sk_buff *skb)
58 ev->daddr.lsap, LLC_PDU_CMD); 58 ev->daddr.lsap, LLC_PDU_CMD);
59 llc_pdu_init_as_ui_cmd(skb); 59 llc_pdu_init_as_ui_cmd(skb);
60 rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac); 60 rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac);
61 if (!rc) 61 if (likely(!rc))
62 rc = dev_queue_xmit(skb); 62 rc = dev_queue_xmit(skb);
63 return rc; 63 return rc;
64} 64}
@@ -81,7 +81,7 @@ int llc_sap_action_send_xid_c(struct llc_sap *sap, struct sk_buff *skb)
81 ev->daddr.lsap, LLC_PDU_CMD); 81 ev->daddr.lsap, LLC_PDU_CMD);
82 llc_pdu_init_as_xid_cmd(skb, LLC_XID_NULL_CLASS_2, 0); 82 llc_pdu_init_as_xid_cmd(skb, LLC_XID_NULL_CLASS_2, 0);
83 rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac); 83 rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac);
84 if (!rc) 84 if (likely(!rc))
85 rc = dev_queue_xmit(skb); 85 rc = dev_queue_xmit(skb);
86 return rc; 86 return rc;
87} 87}
@@ -103,15 +103,14 @@ int llc_sap_action_send_xid_r(struct llc_sap *sap, struct sk_buff *skb)
103 llc_pdu_decode_sa(skb, mac_da); 103 llc_pdu_decode_sa(skb, mac_da);
104 llc_pdu_decode_da(skb, mac_sa); 104 llc_pdu_decode_da(skb, mac_sa);
105 llc_pdu_decode_ssap(skb, &dsap); 105 llc_pdu_decode_ssap(skb, &dsap);
106 nskb = llc_alloc_frame(); 106 nskb = llc_alloc_frame(NULL, skb->dev);
107 if (!nskb) 107 if (!nskb)
108 goto out; 108 goto out;
109 nskb->dev = skb->dev;
110 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap, 109 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
111 LLC_PDU_RSP); 110 LLC_PDU_RSP);
112 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 0); 111 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 0);
113 rc = llc_mac_hdr_init(nskb, mac_sa, mac_da); 112 rc = llc_mac_hdr_init(nskb, mac_sa, mac_da);
114 if (!rc) 113 if (likely(!rc))
115 rc = dev_queue_xmit(nskb); 114 rc = dev_queue_xmit(nskb);
116out: 115out:
117 return rc; 116 return rc;
@@ -135,7 +134,7 @@ int llc_sap_action_send_test_c(struct llc_sap *sap, struct sk_buff *skb)
135 ev->daddr.lsap, LLC_PDU_CMD); 134 ev->daddr.lsap, LLC_PDU_CMD);
136 llc_pdu_init_as_test_cmd(skb); 135 llc_pdu_init_as_test_cmd(skb);
137 rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac); 136 rc = llc_mac_hdr_init(skb, ev->saddr.mac, ev->daddr.mac);
138 if (!rc) 137 if (likely(!rc))
139 rc = dev_queue_xmit(skb); 138 rc = dev_queue_xmit(skb);
140 return rc; 139 return rc;
141} 140}
@@ -149,15 +148,14 @@ int llc_sap_action_send_test_r(struct llc_sap *sap, struct sk_buff *skb)
149 llc_pdu_decode_sa(skb, mac_da); 148 llc_pdu_decode_sa(skb, mac_da);
150 llc_pdu_decode_da(skb, mac_sa); 149 llc_pdu_decode_da(skb, mac_sa);
151 llc_pdu_decode_ssap(skb, &dsap); 150 llc_pdu_decode_ssap(skb, &dsap);
152 nskb = llc_alloc_frame(); 151 nskb = llc_alloc_frame(NULL, skb->dev);
153 if (!nskb) 152 if (!nskb)
154 goto out; 153 goto out;
155 nskb->dev = skb->dev;
156 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap, 154 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
157 LLC_PDU_RSP); 155 LLC_PDU_RSP);
158 llc_pdu_init_as_test_rsp(nskb, skb); 156 llc_pdu_init_as_test_rsp(nskb, skb);
159 rc = llc_mac_hdr_init(nskb, mac_sa, mac_da); 157 rc = llc_mac_hdr_init(nskb, mac_sa, mac_da);
160 if (!rc) 158 if (likely(!rc))
161 rc = dev_queue_xmit(nskb); 159 rc = dev_queue_xmit(nskb);
162out: 160out:
163 return rc; 161 return rc;
diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
index 34228ef14985..4029ceee9b91 100644
--- a/net/llc/llc_sap.c
+++ b/net/llc/llc_sap.c
@@ -26,11 +26,12 @@
26 26
27/** 27/**
28 * llc_alloc_frame - allocates sk_buff for frame 28 * llc_alloc_frame - allocates sk_buff for frame
29 * @dev: network device this skb will be sent over
29 * 30 *
30 * Allocates an sk_buff for frame and initializes sk_buff fields. 31 * Allocates an sk_buff for frame and initializes sk_buff fields.
31 * Returns allocated skb or %NULL when out of memory. 32 * Returns allocated skb or %NULL when out of memory.
32 */ 33 */
33struct sk_buff *llc_alloc_frame(void) 34struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev)
34{ 35{
35 struct sk_buff *skb = alloc_skb(128, GFP_ATOMIC); 36 struct sk_buff *skb = alloc_skb(128, GFP_ATOMIC);
36 37
@@ -38,18 +39,23 @@ struct sk_buff *llc_alloc_frame(void)
38 skb_reserve(skb, 50); 39 skb_reserve(skb, 50);
39 skb->nh.raw = skb->h.raw = skb->data; 40 skb->nh.raw = skb->h.raw = skb->data;
40 skb->protocol = htons(ETH_P_802_2); 41 skb->protocol = htons(ETH_P_802_2);
41 skb->dev = dev_base->next; 42 skb->dev = dev;
42 skb->mac.raw = skb->head; 43 skb->mac.raw = skb->head;
44 if (sk != NULL)
45 skb_set_owner_w(skb, sk);
43 } 46 }
44 return skb; 47 return skb;
45} 48}
46 49
47void llc_save_primitive(struct sk_buff* skb, u8 prim) 50void llc_save_primitive(struct sock *sk, struct sk_buff* skb, u8 prim)
48{ 51{
49 struct sockaddr_llc *addr = llc_ui_skb_cb(skb); 52 struct sockaddr_llc *addr;
50 53
54 if (skb->sk->sk_type == SOCK_STREAM) /* See UNIX98 */
55 return;
51 /* save primitive for use by the user. */ 56 /* save primitive for use by the user. */
52 addr->sllc_family = skb->sk->sk_family; 57 addr = llc_ui_skb_cb(skb);
58 addr->sllc_family = sk->sk_family;
53 addr->sllc_arphrd = skb->dev->type; 59 addr->sllc_arphrd = skb->dev->type;
54 addr->sllc_test = prim == LLC_TEST_PRIM; 60 addr->sllc_test = prim == LLC_TEST_PRIM;
55 addr->sllc_xid = prim == LLC_XID_PRIM; 61 addr->sllc_xid = prim == LLC_XID_PRIM;
@@ -189,7 +195,7 @@ static void llc_sap_state_process(struct llc_sap *sap, struct sk_buff *skb)
189 if (skb->sk->sk_state == TCP_LISTEN) 195 if (skb->sk->sk_state == TCP_LISTEN)
190 kfree_skb(skb); 196 kfree_skb(skb);
191 else { 197 else {
192 llc_save_primitive(skb, ev->prim); 198 llc_save_primitive(skb->sk, skb, ev->prim);
193 199
194 /* queue skb to the user. */ 200 /* queue skb to the user. */
195 if (sock_queue_rcv_skb(skb->sk, skb)) 201 if (sock_queue_rcv_skb(skb->sk, skb))
@@ -308,7 +314,7 @@ void llc_sap_handler(struct llc_sap *sap, struct sk_buff *skb)
308 314
309 sk = llc_lookup_dgram(sap, &laddr); 315 sk = llc_lookup_dgram(sap, &laddr);
310 if (sk) { 316 if (sk) {
311 skb->sk = sk; 317 skb_set_owner_r(skb, sk);
312 llc_sap_rcv(sap, skb); 318 llc_sap_rcv(sap, skb);
313 sock_put(sk); 319 sock_put(sk);
314 } else 320 } else
diff --git a/net/llc/llc_station.c b/net/llc/llc_station.c
index 8fe48a24bad5..f37dbf8ef126 100644
--- a/net/llc/llc_station.c
+++ b/net/llc/llc_station.c
@@ -50,6 +50,10 @@ struct llc_station {
50 struct sk_buff_head mac_pdu_q; 50 struct sk_buff_head mac_pdu_q;
51}; 51};
52 52
53#define LLC_STATION_ACK_TIME (3 * HZ)
54
55int sysctl_llc_station_ack_timeout = LLC_STATION_ACK_TIME;
56
53/* Types of events (possible values in 'ev->type') */ 57/* Types of events (possible values in 'ev->type') */
54#define LLC_STATION_EV_TYPE_SIMPLE 1 58#define LLC_STATION_EV_TYPE_SIMPLE 1
55#define LLC_STATION_EV_TYPE_CONDITION 2 59#define LLC_STATION_EV_TYPE_CONDITION 2
@@ -218,7 +222,8 @@ static void llc_station_send_pdu(struct sk_buff *skb)
218 222
219static int llc_station_ac_start_ack_timer(struct sk_buff *skb) 223static int llc_station_ac_start_ack_timer(struct sk_buff *skb)
220{ 224{
221 mod_timer(&llc_main_station.ack_timer, jiffies + LLC_ACK_TIME * HZ); 225 mod_timer(&llc_main_station.ack_timer,
226 jiffies + sysctl_llc_station_ack_timeout);
222 return 0; 227 return 0;
223} 228}
224 229
@@ -249,14 +254,14 @@ static int llc_station_ac_inc_xid_r_cnt_by_1(struct sk_buff *skb)
249static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb) 254static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb)
250{ 255{
251 int rc = 1; 256 int rc = 1;
252 struct sk_buff *nskb = llc_alloc_frame(); 257 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev);
253 258
254 if (!nskb) 259 if (!nskb)
255 goto out; 260 goto out;
256 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, 0, LLC_PDU_CMD); 261 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, 0, LLC_PDU_CMD);
257 llc_pdu_init_as_xid_cmd(nskb, LLC_XID_NULL_CLASS_2, 127); 262 llc_pdu_init_as_xid_cmd(nskb, LLC_XID_NULL_CLASS_2, 127);
258 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, llc_station_mac_sa); 263 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, llc_station_mac_sa);
259 if (rc) 264 if (unlikely(rc))
260 goto free; 265 goto free;
261 llc_station_send_pdu(nskb); 266 llc_station_send_pdu(nskb);
262out: 267out:
@@ -270,18 +275,17 @@ static int llc_station_ac_send_xid_r(struct sk_buff *skb)
270{ 275{
271 u8 mac_da[ETH_ALEN], dsap; 276 u8 mac_da[ETH_ALEN], dsap;
272 int rc = 1; 277 int rc = 1;
273 struct sk_buff* nskb = llc_alloc_frame(); 278 struct sk_buff* nskb = llc_alloc_frame(NULL, skb->dev);
274 279
275 if (!nskb) 280 if (!nskb)
276 goto out; 281 goto out;
277 rc = 0; 282 rc = 0;
278 nskb->dev = skb->dev;
279 llc_pdu_decode_sa(skb, mac_da); 283 llc_pdu_decode_sa(skb, mac_da);
280 llc_pdu_decode_ssap(skb, &dsap); 284 llc_pdu_decode_ssap(skb, &dsap);
281 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP); 285 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP);
282 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 127); 286 llc_pdu_init_as_xid_rsp(nskb, LLC_XID_NULL_CLASS_2, 127);
283 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da); 287 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da);
284 if (rc) 288 if (unlikely(rc))
285 goto free; 289 goto free;
286 llc_station_send_pdu(nskb); 290 llc_station_send_pdu(nskb);
287out: 291out:
@@ -295,18 +299,17 @@ static int llc_station_ac_send_test_r(struct sk_buff *skb)
295{ 299{
296 u8 mac_da[ETH_ALEN], dsap; 300 u8 mac_da[ETH_ALEN], dsap;
297 int rc = 1; 301 int rc = 1;
298 struct sk_buff *nskb = llc_alloc_frame(); 302 struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev);
299 303
300 if (!nskb) 304 if (!nskb)
301 goto out; 305 goto out;
302 rc = 0; 306 rc = 0;
303 nskb->dev = skb->dev;
304 llc_pdu_decode_sa(skb, mac_da); 307 llc_pdu_decode_sa(skb, mac_da);
305 llc_pdu_decode_ssap(skb, &dsap); 308 llc_pdu_decode_ssap(skb, &dsap);
306 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP); 309 llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, 0, dsap, LLC_PDU_RSP);
307 llc_pdu_init_as_test_rsp(nskb, skb); 310 llc_pdu_init_as_test_rsp(nskb, skb);
308 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da); 311 rc = llc_mac_hdr_init(nskb, llc_station_mac_sa, mac_da);
309 if (rc) 312 if (unlikely(rc))
310 goto free; 313 goto free;
311 llc_station_send_pdu(nskb); 314 llc_station_send_pdu(nskb);
312out: 315out:
@@ -689,7 +692,8 @@ int __init llc_station_init(void)
689 init_timer(&llc_main_station.ack_timer); 692 init_timer(&llc_main_station.ack_timer);
690 llc_main_station.ack_timer.data = (unsigned long)&llc_main_station; 693 llc_main_station.ack_timer.data = (unsigned long)&llc_main_station;
691 llc_main_station.ack_timer.function = llc_station_ack_tmr_cb; 694 llc_main_station.ack_timer.function = llc_station_ack_tmr_cb;
692 695 llc_main_station.ack_timer.expires = jiffies +
696 sysctl_llc_station_ack_timeout;
693 skb = alloc_skb(0, GFP_ATOMIC); 697 skb = alloc_skb(0, GFP_ATOMIC);
694 if (!skb) 698 if (!skb)
695 goto out; 699 goto out;
@@ -697,7 +701,6 @@ int __init llc_station_init(void)
697 llc_set_station_handler(llc_station_rcv); 701 llc_set_station_handler(llc_station_rcv);
698 ev = llc_station_ev(skb); 702 ev = llc_station_ev(skb);
699 memset(ev, 0, sizeof(*ev)); 703 memset(ev, 0, sizeof(*ev));
700 llc_main_station.ack_timer.expires = jiffies + 3 * HZ;
701 llc_main_station.maximum_retry = 1; 704 llc_main_station.maximum_retry = 1;
702 llc_main_station.state = LLC_STATION_STATE_DOWN; 705 llc_main_station.state = LLC_STATION_STATE_DOWN;
703 ev->type = LLC_STATION_EV_TYPE_SIMPLE; 706 ev->type = LLC_STATION_EV_TYPE_SIMPLE;
diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c
new file mode 100644
index 000000000000..d1eaddb13633
--- /dev/null
+++ b/net/llc/sysctl_net_llc.c
@@ -0,0 +1,131 @@
1/*
2 * sysctl_net_llc.c: sysctl interface to LLC net subsystem.
3 *
4 * Arnaldo Carvalho de Melo <acme@conectiva.com.br>
5 */
6
7#include <linux/config.h>
8#include <linux/mm.h>
9#include <linux/init.h>
10#include <linux/sysctl.h>
11#include <net/llc.h>
12
13#ifndef CONFIG_SYSCTL
14#error This file should not be compiled without CONFIG_SYSCTL defined
15#endif
16
17static struct ctl_table llc2_timeout_table[] = {
18 {
19 .ctl_name = NET_LLC2_ACK_TIMEOUT,
20 .procname = "ack",
21 .data = &sysctl_llc2_ack_timeout,
22 .maxlen = sizeof(long),
23 .mode = 0644,
24 .proc_handler = &proc_dointvec_jiffies,
25 .strategy = &sysctl_jiffies,
26 },
27 {
28 .ctl_name = NET_LLC2_BUSY_TIMEOUT,
29 .procname = "busy",
30 .data = &sysctl_llc2_busy_timeout,
31 .maxlen = sizeof(long),
32 .mode = 0644,
33 .proc_handler = &proc_dointvec_jiffies,
34 .strategy = &sysctl_jiffies,
35 },
36 {
37 .ctl_name = NET_LLC2_P_TIMEOUT,
38 .procname = "p",
39 .data = &sysctl_llc2_p_timeout,
40 .maxlen = sizeof(long),
41 .mode = 0644,
42 .proc_handler = &proc_dointvec_jiffies,
43 .strategy = &sysctl_jiffies,
44 },
45 {
46 .ctl_name = NET_LLC2_REJ_TIMEOUT,
47 .procname = "rej",
48 .data = &sysctl_llc2_rej_timeout,
49 .maxlen = sizeof(long),
50 .mode = 0644,
51 .proc_handler = &proc_dointvec_jiffies,
52 .strategy = &sysctl_jiffies,
53 },
54 { 0 },
55};
56
57static struct ctl_table llc_station_table[] = {
58 {
59 .ctl_name = NET_LLC_STATION_ACK_TIMEOUT,
60 .procname = "ack_timeout",
61 .data = &sysctl_llc_station_ack_timeout,
62 .maxlen = sizeof(long),
63 .mode = 0644,
64 .proc_handler = &proc_dointvec_jiffies,
65 .strategy = &sysctl_jiffies,
66 },
67 { 0 },
68};
69
70static struct ctl_table llc2_dir_timeout_table[] = {
71 {
72 .ctl_name = NET_LLC2,
73 .procname = "timeout",
74 .mode = 0555,
75 .child = llc2_timeout_table,
76 },
77 { 0 },
78};
79
80static struct ctl_table llc_table[] = {
81 {
82 .ctl_name = NET_LLC2,
83 .procname = "llc2",
84 .mode = 0555,
85 .child = llc2_dir_timeout_table,
86 },
87 {
88 .ctl_name = NET_LLC_STATION,
89 .procname = "station",
90 .mode = 0555,
91 .child = llc_station_table,
92 },
93 { 0 },
94};
95
96static struct ctl_table llc_dir_table[] = {
97 {
98 .ctl_name = NET_LLC,
99 .procname = "llc",
100 .mode = 0555,
101 .child = llc_table,
102 },
103 { 0 },
104};
105
106static struct ctl_table llc_root_table[] = {
107 {
108 .ctl_name = CTL_NET,
109 .procname = "net",
110 .mode = 0555,
111 .child = llc_dir_table,
112 },
113 { 0 },
114};
115
116static struct ctl_table_header *llc_table_header;
117
118int __init llc_sysctl_init(void)
119{
120 llc_table_header = register_sysctl_table(llc_root_table, 1);
121
122 return llc_table_header ? 0 : -ENOMEM;
123}
124
125void llc_sysctl_exit(void)
126{
127 if (llc_table_header) {
128 unregister_sysctl_table(llc_table_header);
129 llc_table_header = NULL;
130 }
131}
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index ff5601ceedcb..efcd10f996ba 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -494,8 +494,8 @@ __build_packet_message(struct nfulnl_instance *inst,
494 if (skb->tstamp.off_sec) { 494 if (skb->tstamp.off_sec) {
495 struct nfulnl_msg_packet_timestamp ts; 495 struct nfulnl_msg_packet_timestamp ts;
496 496
497 ts.sec = cpu_to_be64(skb_tv_base.tv_sec + skb->tstamp.off_sec); 497 ts.sec = cpu_to_be64(skb->tstamp.off_sec);
498 ts.usec = cpu_to_be64(skb_tv_base.tv_usec + skb->tstamp.off_usec); 498 ts.usec = cpu_to_be64(skb->tstamp.off_usec);
499 499
500 NFA_PUT(inst->skb, NFULA_TIMESTAMP, sizeof(ts), &ts); 500 NFA_PUT(inst->skb, NFULA_TIMESTAMP, sizeof(ts), &ts);
501 } 501 }
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index f81fe8c52e99..eaa44c49567b 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -492,8 +492,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
492 if (entry->skb->tstamp.off_sec) { 492 if (entry->skb->tstamp.off_sec) {
493 struct nfqnl_msg_packet_timestamp ts; 493 struct nfqnl_msg_packet_timestamp ts;
494 494
495 ts.sec = cpu_to_be64(skb_tv_base.tv_sec + entry->skb->tstamp.off_sec); 495 ts.sec = cpu_to_be64(entry->skb->tstamp.off_sec);
496 ts.usec = cpu_to_be64(skb_tv_base.tv_usec + entry->skb->tstamp.off_usec); 496 ts.usec = cpu_to_be64(entry->skb->tstamp.off_usec);
497 497
498 NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); 498 NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts);
499 } 499 }
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 8690f171c1ef..499ae3df4a44 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -36,6 +36,11 @@
36 * Michal Ostrowski : Module initialization cleanup. 36 * Michal Ostrowski : Module initialization cleanup.
37 * Ulises Alonso : Frame number limit removal and 37 * Ulises Alonso : Frame number limit removal and
38 * packet_set_ring memory leak. 38 * packet_set_ring memory leak.
39 * Eric Biederman : Allow for > 8 byte hardware addresses.
40 * The convention is that longer addresses
41 * will simply extend the hardware address
42 * byte arrays at the end of sockaddr_ll
43 * and packet_mreq.
39 * 44 *
40 * This program is free software; you can redistribute it and/or 45 * This program is free software; you can redistribute it and/or
41 * modify it under the terms of the GNU General Public License 46 * modify it under the terms of the GNU General Public License
@@ -161,7 +166,17 @@ struct packet_mclist
161 int count; 166 int count;
162 unsigned short type; 167 unsigned short type;
163 unsigned short alen; 168 unsigned short alen;
164 unsigned char addr[8]; 169 unsigned char addr[MAX_ADDR_LEN];
170};
171/* identical to struct packet_mreq except it has
172 * a longer address field.
173 */
174struct packet_mreq_max
175{
176 int mr_ifindex;
177 unsigned short mr_type;
178 unsigned short mr_alen;
179 unsigned char mr_address[MAX_ADDR_LEN];
165}; 180};
166#endif 181#endif
167#ifdef CONFIG_PACKET_MMAP 182#ifdef CONFIG_PACKET_MMAP
@@ -639,8 +654,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
639 __net_timestamp(skb); 654 __net_timestamp(skb);
640 sock_enable_timestamp(sk); 655 sock_enable_timestamp(sk);
641 } 656 }
642 h->tp_sec = skb_tv_base.tv_sec + skb->tstamp.off_sec; 657 h->tp_sec = skb->tstamp.off_sec;
643 h->tp_usec = skb_tv_base.tv_usec + skb->tstamp.off_usec; 658 h->tp_usec = skb->tstamp.off_usec;
644 659
645 sll = (struct sockaddr_ll*)((u8*)h + TPACKET_ALIGN(sizeof(*h))); 660 sll = (struct sockaddr_ll*)((u8*)h + TPACKET_ALIGN(sizeof(*h)));
646 sll->sll_halen = 0; 661 sll->sll_halen = 0;
@@ -716,6 +731,8 @@ static int packet_sendmsg(struct kiocb *iocb, struct socket *sock,
716 err = -EINVAL; 731 err = -EINVAL;
717 if (msg->msg_namelen < sizeof(struct sockaddr_ll)) 732 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
718 goto out; 733 goto out;
734 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr)))
735 goto out;
719 ifindex = saddr->sll_ifindex; 736 ifindex = saddr->sll_ifindex;
720 proto = saddr->sll_protocol; 737 proto = saddr->sll_protocol;
721 addr = saddr->sll_addr; 738 addr = saddr->sll_addr;
@@ -1045,6 +1062,7 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1045 struct sock *sk = sock->sk; 1062 struct sock *sk = sock->sk;
1046 struct sk_buff *skb; 1063 struct sk_buff *skb;
1047 int copied, err; 1064 int copied, err;
1065 struct sockaddr_ll *sll;
1048 1066
1049 err = -EINVAL; 1067 err = -EINVAL;
1050 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 1068 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
@@ -1057,16 +1075,6 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1057#endif 1075#endif
1058 1076
1059 /* 1077 /*
1060 * If the address length field is there to be filled in, we fill
1061 * it in now.
1062 */
1063
1064 if (sock->type == SOCK_PACKET)
1065 msg->msg_namelen = sizeof(struct sockaddr_pkt);
1066 else
1067 msg->msg_namelen = sizeof(struct sockaddr_ll);
1068
1069 /*
1070 * Call the generic datagram receiver. This handles all sorts 1078 * Call the generic datagram receiver. This handles all sorts
1071 * of horrible races and re-entrancy so we can forget about it 1079 * of horrible races and re-entrancy so we can forget about it
1072 * in the protocol layers. 1080 * in the protocol layers.
@@ -1087,6 +1095,17 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1087 goto out; 1095 goto out;
1088 1096
1089 /* 1097 /*
1098 * If the address length field is there to be filled in, we fill
1099 * it in now.
1100 */
1101
1102 sll = (struct sockaddr_ll*)skb->cb;
1103 if (sock->type == SOCK_PACKET)
1104 msg->msg_namelen = sizeof(struct sockaddr_pkt);
1105 else
1106 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
1107
1108 /*
1090 * You lose any data beyond the buffer you gave. If it worries a 1109 * You lose any data beyond the buffer you gave. If it worries a
1091 * user program they can ask the device for its MTU anyway. 1110 * user program they can ask the device for its MTU anyway.
1092 */ 1111 */
@@ -1166,7 +1185,7 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
1166 sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */ 1185 sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */
1167 sll->sll_halen = 0; 1186 sll->sll_halen = 0;
1168 } 1187 }
1169 *uaddr_len = sizeof(*sll); 1188 *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen;
1170 1189
1171 return 0; 1190 return 0;
1172} 1191}
@@ -1199,7 +1218,7 @@ static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, i
1199 } 1218 }
1200} 1219}
1201 1220
1202static int packet_mc_add(struct sock *sk, struct packet_mreq *mreq) 1221static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq)
1203{ 1222{
1204 struct packet_sock *po = pkt_sk(sk); 1223 struct packet_sock *po = pkt_sk(sk);
1205 struct packet_mclist *ml, *i; 1224 struct packet_mclist *ml, *i;
@@ -1249,7 +1268,7 @@ done:
1249 return err; 1268 return err;
1250} 1269}
1251 1270
1252static int packet_mc_drop(struct sock *sk, struct packet_mreq *mreq) 1271static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq)
1253{ 1272{
1254 struct packet_mclist *ml, **mlp; 1273 struct packet_mclist *ml, **mlp;
1255 1274
@@ -1315,11 +1334,17 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
1315 case PACKET_ADD_MEMBERSHIP: 1334 case PACKET_ADD_MEMBERSHIP:
1316 case PACKET_DROP_MEMBERSHIP: 1335 case PACKET_DROP_MEMBERSHIP:
1317 { 1336 {
1318 struct packet_mreq mreq; 1337 struct packet_mreq_max mreq;
1319 if (optlen<sizeof(mreq)) 1338 int len = optlen;
1339 memset(&mreq, 0, sizeof(mreq));
1340 if (len < sizeof(struct packet_mreq))
1320 return -EINVAL; 1341 return -EINVAL;
1321 if (copy_from_user(&mreq,optval,sizeof(mreq))) 1342 if (len > sizeof(mreq))
1343 len = sizeof(mreq);
1344 if (copy_from_user(&mreq,optval,len))
1322 return -EFAULT; 1345 return -EFAULT;
1346 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address)))
1347 return -EINVAL;
1323 if (optname == PACKET_ADD_MEMBERSHIP) 1348 if (optname == PACKET_ADD_MEMBERSHIP)
1324 ret = packet_mc_add(sk, &mreq); 1349 ret = packet_mc_add(sk, &mreq);
1325 else 1350 else
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 5acb1680524a..829fdbc4400b 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1472,22 +1472,25 @@ static const char banner[] = KERN_INFO "F6FBB/G4KLX ROSE for Linux. Version 0.62
1472static int __init rose_proto_init(void) 1472static int __init rose_proto_init(void)
1473{ 1473{
1474 int i; 1474 int i;
1475 int rc = proto_register(&rose_proto, 0); 1475 int rc;
1476 1476
1477 if (rose_ndevs > 0x7FFFFFFF/sizeof(struct net_device *)) {
1478 printk(KERN_ERR "ROSE: rose_proto_init - rose_ndevs parameter to large\n");
1479 rc = -EINVAL;
1480 goto out;
1481 }
1482
1483 rc = proto_register(&rose_proto, 0);
1477 if (rc != 0) 1484 if (rc != 0)
1478 goto out; 1485 goto out;
1479 1486
1480 rose_callsign = null_ax25_address; 1487 rose_callsign = null_ax25_address;
1481 1488
1482 if (rose_ndevs > 0x7FFFFFFF/sizeof(struct net_device *)) {
1483 printk(KERN_ERR "ROSE: rose_proto_init - rose_ndevs parameter to large\n");
1484 return -1;
1485 }
1486
1487 dev_rose = kmalloc(rose_ndevs * sizeof(struct net_device *), GFP_KERNEL); 1489 dev_rose = kmalloc(rose_ndevs * sizeof(struct net_device *), GFP_KERNEL);
1488 if (dev_rose == NULL) { 1490 if (dev_rose == NULL) {
1489 printk(KERN_ERR "ROSE: rose_proto_init - unable to allocate device structure\n"); 1491 printk(KERN_ERR "ROSE: rose_proto_init - unable to allocate device structure\n");
1490 return -1; 1492 rc = -ENOMEM;
1493 goto out_proto_unregister;
1491 } 1494 }
1492 1495
1493 memset(dev_rose, 0x00, rose_ndevs * sizeof(struct net_device*)); 1496 memset(dev_rose, 0x00, rose_ndevs * sizeof(struct net_device*));
@@ -1500,10 +1503,12 @@ static int __init rose_proto_init(void)
1500 name, rose_setup); 1503 name, rose_setup);
1501 if (!dev) { 1504 if (!dev) {
1502 printk(KERN_ERR "ROSE: rose_proto_init - unable to allocate memory\n"); 1505 printk(KERN_ERR "ROSE: rose_proto_init - unable to allocate memory\n");
1506 rc = -ENOMEM;
1503 goto fail; 1507 goto fail;
1504 } 1508 }
1505 if (register_netdev(dev)) { 1509 rc = register_netdev(dev);
1506 printk(KERN_ERR "ROSE: netdevice regeistration failed\n"); 1510 if (rc) {
1511 printk(KERN_ERR "ROSE: netdevice registration failed\n");
1507 free_netdev(dev); 1512 free_netdev(dev);
1508 goto fail; 1513 goto fail;
1509 } 1514 }
@@ -1536,8 +1541,9 @@ fail:
1536 free_netdev(dev_rose[i]); 1541 free_netdev(dev_rose[i]);
1537 } 1542 }
1538 kfree(dev_rose); 1543 kfree(dev_rose);
1544out_proto_unregister:
1539 proto_unregister(&rose_proto); 1545 proto_unregister(&rose_proto);
1540 return -ENOMEM; 1546 goto out;
1541} 1547}
1542module_init(rose_proto_init); 1548module_init(rose_proto_init);
1543 1549
diff --git a/net/sched/em_meta.c b/net/sched/em_meta.c
index 00eae5f9a01a..cf68a59fdc5a 100644
--- a/net/sched/em_meta.c
+++ b/net/sched/em_meta.c
@@ -393,10 +393,10 @@ META_COLLECTOR(int_sk_route_caps)
393 dst->value = skb->sk->sk_route_caps; 393 dst->value = skb->sk->sk_route_caps;
394} 394}
395 395
396META_COLLECTOR(int_sk_hashent) 396META_COLLECTOR(int_sk_hash)
397{ 397{
398 SKIP_NONLOCAL(skb); 398 SKIP_NONLOCAL(skb);
399 dst->value = skb->sk->sk_hashent; 399 dst->value = skb->sk->sk_hash;
400} 400}
401 401
402META_COLLECTOR(int_sk_lingertime) 402META_COLLECTOR(int_sk_lingertime)
@@ -515,7 +515,7 @@ static struct meta_ops __meta_ops[TCF_META_TYPE_MAX+1][TCF_META_ID_MAX+1] = {
515 [META_ID(SK_FORWARD_ALLOCS)] = META_FUNC(int_sk_fwd_alloc), 515 [META_ID(SK_FORWARD_ALLOCS)] = META_FUNC(int_sk_fwd_alloc),
516 [META_ID(SK_ALLOCS)] = META_FUNC(int_sk_alloc), 516 [META_ID(SK_ALLOCS)] = META_FUNC(int_sk_alloc),
517 [META_ID(SK_ROUTE_CAPS)] = META_FUNC(int_sk_route_caps), 517 [META_ID(SK_ROUTE_CAPS)] = META_FUNC(int_sk_route_caps),
518 [META_ID(SK_HASHENT)] = META_FUNC(int_sk_hashent), 518 [META_ID(SK_HASH)] = META_FUNC(int_sk_hash),
519 [META_ID(SK_LINGERTIME)] = META_FUNC(int_sk_lingertime), 519 [META_ID(SK_LINGERTIME)] = META_FUNC(int_sk_lingertime),
520 [META_ID(SK_ACK_BACKLOG)] = META_FUNC(int_sk_ack_bl), 520 [META_ID(SK_ACK_BACKLOG)] = META_FUNC(int_sk_ack_bl),
521 [META_ID(SK_MAX_ACK_BACKLOG)] = META_FUNC(int_sk_max_ack_bl), 521 [META_ID(SK_MAX_ACK_BACKLOG)] = META_FUNC(int_sk_max_ack_bl),
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index e7025be77691..f01d1c9002a1 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -147,7 +147,7 @@ static void sctp_v4_copy_addrlist(struct list_head *addrlist,
147 struct sctp_sockaddr_entry *addr; 147 struct sctp_sockaddr_entry *addr;
148 148
149 rcu_read_lock(); 149 rcu_read_lock();
150 if ((in_dev = __in_dev_get(dev)) == NULL) { 150 if ((in_dev = __in_dev_get_rcu(dev)) == NULL) {
151 rcu_read_unlock(); 151 rcu_read_unlock();
152 return; 152 return;
153 } 153 }
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 86073df418f5..505c7de10c50 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2414,6 +2414,17 @@ sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
2414 skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t)); 2414 skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
2415 chunk->subh.shutdown_hdr = sdh; 2415 chunk->subh.shutdown_hdr = sdh;
2416 2416
2417 /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
2418 * When a peer sends a SHUTDOWN, SCTP delivers this notification to
2419 * inform the application that it should cease sending data.
2420 */
2421 ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
2422 if (!ev) {
2423 disposition = SCTP_DISPOSITION_NOMEM;
2424 goto out;
2425 }
2426 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2427
2417 /* Upon the reception of the SHUTDOWN, the peer endpoint shall 2428 /* Upon the reception of the SHUTDOWN, the peer endpoint shall
2418 * - enter the SHUTDOWN-RECEIVED state, 2429 * - enter the SHUTDOWN-RECEIVED state,
2419 * - stop accepting new data from its SCTP user 2430 * - stop accepting new data from its SCTP user
@@ -2439,17 +2450,6 @@ sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
2439 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN, 2450 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN,
2440 SCTP_U32(chunk->subh.shutdown_hdr->cum_tsn_ack)); 2451 SCTP_U32(chunk->subh.shutdown_hdr->cum_tsn_ack));
2441 2452
2442 /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
2443 * When a peer sends a SHUTDOWN, SCTP delivers this notification to
2444 * inform the application that it should cease sending data.
2445 */
2446 ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
2447 if (!ev) {
2448 disposition = SCTP_DISPOSITION_NOMEM;
2449 goto out;
2450 }
2451 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2452
2453out: 2453out:
2454 return disposition; 2454 return disposition;
2455} 2455}
diff --git a/net/socket.c b/net/socket.c
index c699e93c33d7..3145103cdf54 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1145,8 +1145,11 @@ static int __sock_create(int family, int type, int protocol, struct socket **res
1145 if (!try_module_get(net_families[family]->owner)) 1145 if (!try_module_get(net_families[family]->owner))
1146 goto out_release; 1146 goto out_release;
1147 1147
1148 if ((err = net_families[family]->create(sock, protocol)) < 0) 1148 if ((err = net_families[family]->create(sock, protocol)) < 0) {
1149 sock->ops = NULL;
1149 goto out_module_put; 1150 goto out_module_put;
1151 }
1152
1150 /* 1153 /*
1151 * Now to bump the refcnt of the [loadable] module that owns this 1154 * Now to bump the refcnt of the [loadable] module that owns this
1152 * socket at sock_release time we decrement its refcnt. 1155 * socket at sock_release time we decrement its refcnt.
@@ -1360,16 +1363,16 @@ asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, int _
1360 newsock->type = sock->type; 1363 newsock->type = sock->type;
1361 newsock->ops = sock->ops; 1364 newsock->ops = sock->ops;
1362 1365
1363 err = security_socket_accept(sock, newsock);
1364 if (err)
1365 goto out_release;
1366
1367 /* 1366 /*
1368 * We don't need try_module_get here, as the listening socket (sock) 1367 * We don't need try_module_get here, as the listening socket (sock)
1369 * has the protocol module (sock->ops->owner) held. 1368 * has the protocol module (sock->ops->owner) held.
1370 */ 1369 */
1371 __module_get(newsock->ops->owner); 1370 __module_get(newsock->ops->owner);
1372 1371
1372 err = security_socket_accept(sock, newsock);
1373 if (err)
1374 goto out_release;
1375
1373 err = sock->ops->accept(sock, newsock, sock->file->f_flags); 1376 err = sock->ops->accept(sock, newsock, sock->file->f_flags);
1374 if (err < 0) 1377 if (err < 0)
1375 goto out_release; 1378 goto out_release;
@@ -1700,7 +1703,9 @@ asmlinkage long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
1700 struct socket *sock; 1703 struct socket *sock;
1701 char address[MAX_SOCK_ADDR]; 1704 char address[MAX_SOCK_ADDR];
1702 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1705 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1703 unsigned char ctl[sizeof(struct cmsghdr) + 20]; /* 20 is size of ipv6_pktinfo */ 1706 unsigned char ctl[sizeof(struct cmsghdr) + 20]
1707 __attribute__ ((aligned (sizeof(__kernel_size_t))));
1708 /* 20 is size of ipv6_pktinfo */
1704 unsigned char *ctl_buf = ctl; 1709 unsigned char *ctl_buf = ctl;
1705 struct msghdr msg_sys; 1710 struct msghdr msg_sys;
1706 int err, ctl_len, iov_size, total_len; 1711 int err, ctl_len, iov_size, total_len;
@@ -1862,7 +1867,8 @@ asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned int flag
1862 if (err < 0) 1867 if (err < 0)
1863 goto out_freeiov; 1868 goto out_freeiov;
1864 } 1869 }
1865 err = __put_user(msg_sys.msg_flags, COMPAT_FLAGS(msg)); 1870 err = __put_user((msg_sys.msg_flags & ~MSG_CMSG_COMPAT),
1871 COMPAT_FLAGS(msg));
1866 if (err) 1872 if (err)
1867 goto out_freeiov; 1873 goto out_freeiov;
1868 if (MSG_CMSG_COMPAT & flags) 1874 if (MSG_CMSG_COMPAT & flags)
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 51885b5f744e..30ec3efc48a6 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -512,15 +512,14 @@ svc_sock_setbufsize(struct socket *sock, unsigned int snd, unsigned int rcv)
512static void 512static void
513svc_udp_data_ready(struct sock *sk, int count) 513svc_udp_data_ready(struct sock *sk, int count)
514{ 514{
515 struct svc_sock *svsk = (struct svc_sock *)(sk->sk_user_data); 515 struct svc_sock *svsk = (struct svc_sock *)sk->sk_user_data;
516 516
517 if (!svsk) 517 if (svsk) {
518 goto out; 518 dprintk("svc: socket %p(inet %p), count=%d, busy=%d\n",
519 dprintk("svc: socket %p(inet %p), count=%d, busy=%d\n", 519 svsk, sk, count, test_bit(SK_BUSY, &svsk->sk_flags));
520 svsk, sk, count, test_bit(SK_BUSY, &svsk->sk_flags)); 520 set_bit(SK_DATA, &svsk->sk_flags);
521 set_bit(SK_DATA, &svsk->sk_flags); 521 svc_sock_enqueue(svsk);
522 svc_sock_enqueue(svsk); 522 }
523 out:
524 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 523 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
525 wake_up_interruptible(sk->sk_sleep); 524 wake_up_interruptible(sk->sk_sleep);
526} 525}
@@ -540,7 +539,7 @@ svc_write_space(struct sock *sk)
540 } 539 }
541 540
542 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) { 541 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) {
543 printk(KERN_WARNING "RPC svc_write_space: some sleeping on %p\n", 542 dprintk("RPC svc_write_space: someone sleeping on %p\n",
544 svsk); 543 svsk);
545 wake_up_interruptible(sk->sk_sleep); 544 wake_up_interruptible(sk->sk_sleep);
546 } 545 }
@@ -692,31 +691,29 @@ svc_udp_init(struct svc_sock *svsk)
692static void 691static void
693svc_tcp_listen_data_ready(struct sock *sk, int count_unused) 692svc_tcp_listen_data_ready(struct sock *sk, int count_unused)
694{ 693{
695 struct svc_sock *svsk; 694 struct svc_sock *svsk = (struct svc_sock *)sk->sk_user_data;
696 695
697 dprintk("svc: socket %p TCP (listen) state change %d\n", 696 dprintk("svc: socket %p TCP (listen) state change %d\n",
698 sk, sk->sk_state); 697 sk, sk->sk_state);
699 698
700 if (sk->sk_state != TCP_LISTEN) { 699 /*
701 /* 700 * This callback may called twice when a new connection
702 * This callback may called twice when a new connection 701 * is established as a child socket inherits everything
703 * is established as a child socket inherits everything 702 * from a parent LISTEN socket.
704 * from a parent LISTEN socket. 703 * 1) data_ready method of the parent socket will be called
705 * 1) data_ready method of the parent socket will be called 704 * when one of child sockets become ESTABLISHED.
706 * when one of child sockets become ESTABLISHED. 705 * 2) data_ready method of the child socket may be called
707 * 2) data_ready method of the child socket may be called 706 * when it receives data before the socket is accepted.
708 * when it receives data before the socket is accepted. 707 * In case of 2, we should ignore it silently.
709 * In case of 2, we should ignore it silently. 708 */
710 */ 709 if (sk->sk_state == TCP_LISTEN) {
711 goto out; 710 if (svsk) {
712 } 711 set_bit(SK_CONN, &svsk->sk_flags);
713 if (!(svsk = (struct svc_sock *) sk->sk_user_data)) { 712 svc_sock_enqueue(svsk);
714 printk("svc: socket %p: no user data\n", sk); 713 } else
715 goto out; 714 printk("svc: socket %p: no user data\n", sk);
716 } 715 }
717 set_bit(SK_CONN, &svsk->sk_flags); 716
718 svc_sock_enqueue(svsk);
719 out:
720 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 717 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
721 wake_up_interruptible_all(sk->sk_sleep); 718 wake_up_interruptible_all(sk->sk_sleep);
722} 719}
@@ -727,18 +724,17 @@ svc_tcp_listen_data_ready(struct sock *sk, int count_unused)
727static void 724static void
728svc_tcp_state_change(struct sock *sk) 725svc_tcp_state_change(struct sock *sk)
729{ 726{
730 struct svc_sock *svsk; 727 struct svc_sock *svsk = (struct svc_sock *)sk->sk_user_data;
731 728
732 dprintk("svc: socket %p TCP (connected) state change %d (svsk %p)\n", 729 dprintk("svc: socket %p TCP (connected) state change %d (svsk %p)\n",
733 sk, sk->sk_state, sk->sk_user_data); 730 sk, sk->sk_state, sk->sk_user_data);
734 731
735 if (!(svsk = (struct svc_sock *) sk->sk_user_data)) { 732 if (!svsk)
736 printk("svc: socket %p: no user data\n", sk); 733 printk("svc: socket %p: no user data\n", sk);
737 goto out; 734 else {
735 set_bit(SK_CLOSE, &svsk->sk_flags);
736 svc_sock_enqueue(svsk);
738 } 737 }
739 set_bit(SK_CLOSE, &svsk->sk_flags);
740 svc_sock_enqueue(svsk);
741 out:
742 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 738 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
743 wake_up_interruptible_all(sk->sk_sleep); 739 wake_up_interruptible_all(sk->sk_sleep);
744} 740}
@@ -746,15 +742,14 @@ svc_tcp_state_change(struct sock *sk)
746static void 742static void
747svc_tcp_data_ready(struct sock *sk, int count) 743svc_tcp_data_ready(struct sock *sk, int count)
748{ 744{
749 struct svc_sock * svsk; 745 struct svc_sock *svsk = (struct svc_sock *)sk->sk_user_data;
750 746
751 dprintk("svc: socket %p TCP data ready (svsk %p)\n", 747 dprintk("svc: socket %p TCP data ready (svsk %p)\n",
752 sk, sk->sk_user_data); 748 sk, sk->sk_user_data);
753 if (!(svsk = (struct svc_sock *)(sk->sk_user_data))) 749 if (svsk) {
754 goto out; 750 set_bit(SK_DATA, &svsk->sk_flags);
755 set_bit(SK_DATA, &svsk->sk_flags); 751 svc_sock_enqueue(svsk);
756 svc_sock_enqueue(svsk); 752 }
757 out:
758 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) 753 if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
759 wake_up_interruptible(sk->sk_sleep); 754 wake_up_interruptible(sk->sk_sleep);
760} 755}
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index c5241fcbb966..55538f6b60ff 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -16,6 +16,8 @@
16#include <linux/mm.h> 16#include <linux/mm.h>
17#include <linux/sysctl.h> 17#include <linux/sysctl.h>
18 18
19#include <net/sock.h>
20
19#ifdef CONFIG_INET 21#ifdef CONFIG_INET
20#include <net/ip.h> 22#include <net/ip.h>
21#endif 23#endif
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-03 03:53:55 -0500