diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 6 | ||||
-rw-r--r-- | net/core/sock.c | 4 | ||||
-rw-r--r-- | net/ipv4/ip_output.c | 2 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 3 | ||||
-rw-r--r-- | net/netfilter/ipvs/Kconfig | 3 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 14 | ||||
-rw-r--r-- | net/netfilter/ipvs/ip_vs_wrr.c | 15 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_ftp.c | 18 | ||||
-rw-r--r-- | net/packet/af_packet.c | 19 | ||||
-rw-r--r-- | net/rose/rose_loopback.c | 2 | ||||
-rw-r--r-- | net/sctp/socket.c | 3 |
11 files changed, 53 insertions, 36 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index bd1c65425d4f..0b7f262cd148 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk, | |||
1406 | { | 1406 | { |
1407 | int ret; | 1407 | int ret; |
1408 | 1408 | ||
1409 | if (!capable(CAP_NET_ADMIN)) | ||
1410 | return -EPERM; | ||
1411 | |||
1409 | switch(cmd) { | 1412 | switch(cmd) { |
1410 | case EBT_SO_SET_ENTRIES: | 1413 | case EBT_SO_SET_ENTRIES: |
1411 | ret = do_replace(sock_net(sk), user, len); | 1414 | ret = do_replace(sock_net(sk), user, len); |
@@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
1425 | struct ebt_replace tmp; | 1428 | struct ebt_replace tmp; |
1426 | struct ebt_table *t; | 1429 | struct ebt_table *t; |
1427 | 1430 | ||
1431 | if (!capable(CAP_NET_ADMIN)) | ||
1432 | return -EPERM; | ||
1433 | |||
1428 | if (copy_from_user(&tmp, user, sizeof(tmp))) | 1434 | if (copy_from_user(&tmp, user, sizeof(tmp))) |
1429 | return -EFAULT; | 1435 | return -EFAULT; |
1430 | 1436 | ||
diff --git a/net/core/sock.c b/net/core/sock.c index 76ff58d43e26..e1f6f225f012 100644 --- a/net/core/sock.c +++ b/net/core/sock.c | |||
@@ -1205,6 +1205,10 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority) | |||
1205 | 1205 | ||
1206 | if (newsk->sk_prot->sockets_allocated) | 1206 | if (newsk->sk_prot->sockets_allocated) |
1207 | percpu_counter_inc(newsk->sk_prot->sockets_allocated); | 1207 | percpu_counter_inc(newsk->sk_prot->sockets_allocated); |
1208 | |||
1209 | if (sock_flag(newsk, SOCK_TIMESTAMP) || | ||
1210 | sock_flag(newsk, SOCK_TIMESTAMPING_RX_SOFTWARE)) | ||
1211 | net_enable_timestamp(); | ||
1208 | } | 1212 | } |
1209 | out: | 1213 | out: |
1210 | return newsk; | 1214 | return newsk; |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index e34013a78ef4..3451799e3dbf 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -254,7 +254,7 @@ int ip_mc_output(struct sk_buff *skb) | |||
254 | */ | 254 | */ |
255 | 255 | ||
256 | if (rt->rt_flags&RTCF_MULTICAST) { | 256 | if (rt->rt_flags&RTCF_MULTICAST) { |
257 | if ((!sk || inet_sk(sk)->mc_loop) | 257 | if (sk_mc_loop(sk) |
258 | #ifdef CONFIG_IP_MROUTE | 258 | #ifdef CONFIG_IP_MROUTE |
259 | /* Small optimization: do not loopback not local frames, | 259 | /* Small optimization: do not loopback not local frames, |
260 | which returned after forwarding; they will be dropped | 260 | which returned after forwarding; they will be dropped |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index cd48801a8d6f..eb6d09728633 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -121,10 +121,9 @@ static int ip6_output2(struct sk_buff *skb) | |||
121 | skb->dev = dev; | 121 | skb->dev = dev; |
122 | 122 | ||
123 | if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { | 123 | if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { |
124 | struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL; | ||
125 | struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); | 124 | struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); |
126 | 125 | ||
127 | if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && | 126 | if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) && |
128 | ((mroute6_socket(dev_net(dev)) && | 127 | ((mroute6_socket(dev_net(dev)) && |
129 | !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || | 128 | !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || |
130 | ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, | 129 | ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, |
diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig index 79a698052218..f2d76238b9b5 100644 --- a/net/netfilter/ipvs/Kconfig +++ b/net/netfilter/ipvs/Kconfig | |||
@@ -112,7 +112,8 @@ config IP_VS_RR | |||
112 | module, choose M here. If unsure, say N. | 112 | module, choose M here. If unsure, say N. |
113 | 113 | ||
114 | config IP_VS_WRR | 114 | config IP_VS_WRR |
115 | tristate "weighted round-robin scheduling" | 115 | tristate "weighted round-robin scheduling" |
116 | select GCD | ||
116 | ---help--- | 117 | ---help--- |
117 | The weighted robin-robin scheduling algorithm directs network | 118 | The weighted robin-robin scheduling algorithm directs network |
118 | connections to different real servers based on server weights | 119 | connections to different real servers based on server weights |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 6bde12da2fe0..c37ac2d7bec4 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
@@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) | |||
2077 | if (!capable(CAP_NET_ADMIN)) | 2077 | if (!capable(CAP_NET_ADMIN)) |
2078 | return -EPERM; | 2078 | return -EPERM; |
2079 | 2079 | ||
2080 | if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) | ||
2081 | return -EINVAL; | ||
2082 | if (len < 0 || len > MAX_ARG_LEN) | ||
2083 | return -EINVAL; | ||
2080 | if (len != set_arglen[SET_CMDID(cmd)]) { | 2084 | if (len != set_arglen[SET_CMDID(cmd)]) { |
2081 | pr_err("set_ctl: len %u != %u\n", | 2085 | pr_err("set_ctl: len %u != %u\n", |
2082 | len, set_arglen[SET_CMDID(cmd)]); | 2086 | len, set_arglen[SET_CMDID(cmd)]); |
@@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
2352 | { | 2356 | { |
2353 | unsigned char arg[128]; | 2357 | unsigned char arg[128]; |
2354 | int ret = 0; | 2358 | int ret = 0; |
2359 | unsigned int copylen; | ||
2355 | 2360 | ||
2356 | if (!capable(CAP_NET_ADMIN)) | 2361 | if (!capable(CAP_NET_ADMIN)) |
2357 | return -EPERM; | 2362 | return -EPERM; |
2358 | 2363 | ||
2364 | if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX) | ||
2365 | return -EINVAL; | ||
2366 | |||
2359 | if (*len < get_arglen[GET_CMDID(cmd)]) { | 2367 | if (*len < get_arglen[GET_CMDID(cmd)]) { |
2360 | pr_err("get_ctl: len %u < %u\n", | 2368 | pr_err("get_ctl: len %u < %u\n", |
2361 | *len, get_arglen[GET_CMDID(cmd)]); | 2369 | *len, get_arglen[GET_CMDID(cmd)]); |
2362 | return -EINVAL; | 2370 | return -EINVAL; |
2363 | } | 2371 | } |
2364 | 2372 | ||
2365 | if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) | 2373 | copylen = get_arglen[GET_CMDID(cmd)]; |
2374 | if (copylen > 128) | ||
2375 | return -EINVAL; | ||
2376 | |||
2377 | if (copy_from_user(arg, user, copylen) != 0) | ||
2366 | return -EFAULT; | 2378 | return -EFAULT; |
2367 | 2379 | ||
2368 | if (mutex_lock_interruptible(&__ip_vs_mutex)) | 2380 | if (mutex_lock_interruptible(&__ip_vs_mutex)) |
diff --git a/net/netfilter/ipvs/ip_vs_wrr.c b/net/netfilter/ipvs/ip_vs_wrr.c index 6182e8ea0be7..3c115fc19784 100644 --- a/net/netfilter/ipvs/ip_vs_wrr.c +++ b/net/netfilter/ipvs/ip_vs_wrr.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <linux/module.h> | 24 | #include <linux/module.h> |
25 | #include <linux/kernel.h> | 25 | #include <linux/kernel.h> |
26 | #include <linux/net.h> | 26 | #include <linux/net.h> |
27 | #include <linux/gcd.h> | ||
27 | 28 | ||
28 | #include <net/ip_vs.h> | 29 | #include <net/ip_vs.h> |
29 | 30 | ||
@@ -38,20 +39,6 @@ struct ip_vs_wrr_mark { | |||
38 | }; | 39 | }; |
39 | 40 | ||
40 | 41 | ||
41 | /* | ||
42 | * Get the gcd of server weights | ||
43 | */ | ||
44 | static int gcd(int a, int b) | ||
45 | { | ||
46 | int c; | ||
47 | |||
48 | while ((c = a % b)) { | ||
49 | a = b; | ||
50 | b = c; | ||
51 | } | ||
52 | return b; | ||
53 | } | ||
54 | |||
55 | static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) | 42 | static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) |
56 | { | 43 | { |
57 | struct ip_vs_dest *dest; | 44 | struct ip_vs_dest *dest; |
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 38ea7ef3ccd2..f0732aa18e4f 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c | |||
@@ -323,24 +323,24 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq, | |||
323 | struct nf_ct_ftp_master *info, int dir, | 323 | struct nf_ct_ftp_master *info, int dir, |
324 | struct sk_buff *skb) | 324 | struct sk_buff *skb) |
325 | { | 325 | { |
326 | unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; | 326 | unsigned int i, oldest; |
327 | 327 | ||
328 | /* Look for oldest: if we find exact match, we're done. */ | 328 | /* Look for oldest: if we find exact match, we're done. */ |
329 | for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { | 329 | for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { |
330 | if (info->seq_aft_nl[dir][i] == nl_seq) | 330 | if (info->seq_aft_nl[dir][i] == nl_seq) |
331 | return; | 331 | return; |
332 | |||
333 | if (oldest == info->seq_aft_nl_num[dir] || | ||
334 | before(info->seq_aft_nl[dir][i], | ||
335 | info->seq_aft_nl[dir][oldest])) | ||
336 | oldest = i; | ||
337 | } | 332 | } |
338 | 333 | ||
339 | if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { | 334 | if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { |
340 | info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; | 335 | info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; |
341 | } else if (oldest != NUM_SEQ_TO_REMEMBER && | 336 | } else { |
342 | after(nl_seq, info->seq_aft_nl[dir][oldest])) { | 337 | if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1])) |
343 | info->seq_aft_nl[dir][oldest] = nl_seq; | 338 | oldest = 0; |
339 | else | ||
340 | oldest = 1; | ||
341 | |||
342 | if (after(nl_seq, info->seq_aft_nl[dir][oldest])) | ||
343 | info->seq_aft_nl[dir][oldest] = nl_seq; | ||
344 | } | 344 | } |
345 | } | 345 | } |
346 | 346 | ||
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index e0516a22be2e..f126d18dbdc4 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c | |||
@@ -1021,8 +1021,20 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) | |||
1021 | 1021 | ||
1022 | status = TP_STATUS_SEND_REQUEST; | 1022 | status = TP_STATUS_SEND_REQUEST; |
1023 | err = dev_queue_xmit(skb); | 1023 | err = dev_queue_xmit(skb); |
1024 | if (unlikely(err > 0 && (err = net_xmit_errno(err)) != 0)) | 1024 | if (unlikely(err > 0)) { |
1025 | goto out_xmit; | 1025 | err = net_xmit_errno(err); |
1026 | if (err && __packet_get_status(po, ph) == | ||
1027 | TP_STATUS_AVAILABLE) { | ||
1028 | /* skb was destructed already */ | ||
1029 | skb = NULL; | ||
1030 | goto out_status; | ||
1031 | } | ||
1032 | /* | ||
1033 | * skb was dropped but not destructed yet; | ||
1034 | * let's treat it like congestion or err < 0 | ||
1035 | */ | ||
1036 | err = 0; | ||
1037 | } | ||
1026 | packet_increment_head(&po->tx_ring); | 1038 | packet_increment_head(&po->tx_ring); |
1027 | len_sum += tp_len; | 1039 | len_sum += tp_len; |
1028 | } while (likely((ph != NULL) || | 1040 | } while (likely((ph != NULL) || |
@@ -1033,9 +1045,6 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) | |||
1033 | err = len_sum; | 1045 | err = len_sum; |
1034 | goto out_put; | 1046 | goto out_put; |
1035 | 1047 | ||
1036 | out_xmit: | ||
1037 | skb->destructor = sock_wfree; | ||
1038 | atomic_dec(&po->tx_ring.pending); | ||
1039 | out_status: | 1048 | out_status: |
1040 | __packet_set_status(po, ph, status); | 1049 | __packet_set_status(po, ph, status); |
1041 | kfree_skb(skb); | 1050 | kfree_skb(skb); |
diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c index 114df6eec8c3..968e8bac1b5d 100644 --- a/net/rose/rose_loopback.c +++ b/net/rose/rose_loopback.c | |||
@@ -75,7 +75,7 @@ static void rose_loopback_timer(unsigned long param) | |||
75 | lci_i = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF); | 75 | lci_i = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF); |
76 | frametype = skb->data[2]; | 76 | frametype = skb->data[2]; |
77 | dest = (rose_address *)(skb->data + 4); | 77 | dest = (rose_address *)(skb->data + 4); |
78 | lci_o = 0xFFF - lci_i; | 78 | lci_o = ROSE_DEFAULT_MAXVC + 1 - lci_i; |
79 | 79 | ||
80 | skb_reset_transport_header(skb); | 80 | skb_reset_transport_header(skb); |
81 | 81 | ||
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 89ab66e54740..67fdac9d2d33 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c | |||
@@ -2087,8 +2087,7 @@ static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval, | |||
2087 | if (copy_from_user(&sp->autoclose, optval, optlen)) | 2087 | if (copy_from_user(&sp->autoclose, optval, optlen)) |
2088 | return -EFAULT; | 2088 | return -EFAULT; |
2089 | /* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */ | 2089 | /* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */ |
2090 | if (sp->autoclose > (MAX_SCHEDULE_TIMEOUT / HZ) ) | 2090 | sp->autoclose = min_t(long, sp->autoclose, MAX_SCHEDULE_TIMEOUT / HZ); |
2091 | sp->autoclose = (__u32)(MAX_SCHEDULE_TIMEOUT / HZ) ; | ||
2092 | 2091 | ||
2093 | return 0; | 2092 | return 0; |
2094 | } | 2093 | } |