aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/8021q/vlan.c8
-rw-r--r--net/bluetooth/rfcomm/core.c19
-rw-r--r--net/bridge/br_netfilter.c5
-rw-r--r--net/dccp/feat.h2
-rw-r--r--net/dccp/ipv4.c3
-rw-r--r--net/dccp/ipv6.c4
-rw-r--r--net/dccp/options.c2
-rw-r--r--net/ipv4/ip_input.c2
-rw-r--r--net/ipv4/ipmr.c19
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c4
-rw-r--r--net/ipv4/netfilter/ip_nat_snmp_basic.c4
-rw-r--r--net/ipv4/raw.c1
-rw-r--r--net/ipv6/ip6_input.c2
-rw-r--r--net/ipv6/raw.c1
-rw-r--r--net/ipv6/xfrm6_tunnel.c140
-rw-r--r--net/netfilter/Kconfig4
-rw-r--r--net/netfilter/nf_conntrack_standalone.c4
-rw-r--r--net/netfilter/nf_queue.c9
-rw-r--r--net/netfilter/xt_physdev.c15
-rw-r--r--net/netfilter/xt_pkttype.c12
21 files changed, 99 insertions, 163 deletions
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 0ade0c63fdf6..18fcb9fa518d 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -67,10 +67,6 @@ static struct packet_type vlan_packet_type = {
67 .func = vlan_skb_recv, /* VLAN receive method */ 67 .func = vlan_skb_recv, /* VLAN receive method */
68}; 68};
69 69
70/* Bits of netdev state that are propagated from real device to virtual */
71#define VLAN_LINK_STATE_MASK \
72 ((1<<__LINK_STATE_PRESENT)|(1<<__LINK_STATE_NOCARRIER)|(1<<__LINK_STATE_DORMANT))
73
74/* End of global variables definitions. */ 70/* End of global variables definitions. */
75 71
76/* 72/*
@@ -479,7 +475,9 @@ static struct net_device *register_vlan_device(const char *eth_IF_name,
479 new_dev->flags = real_dev->flags; 475 new_dev->flags = real_dev->flags;
480 new_dev->flags &= ~IFF_UP; 476 new_dev->flags &= ~IFF_UP;
481 477
482 new_dev->state = real_dev->state & ~(1<<__LINK_STATE_START); 478 new_dev->state = (real_dev->state & ((1<<__LINK_STATE_NOCARRIER) |
479 (1<<__LINK_STATE_DORMANT))) |
480 (1<<__LINK_STATE_PRESENT);
483 481
484 /* need 4 bytes for extra VLAN header info, 482 /* need 4 bytes for extra VLAN header info,
485 * hope the underlying device can handle it. 483 * hope the underlying device can handle it.
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 77eab8f4c7fd..332dd8f436ea 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -55,6 +55,7 @@
55#define VERSION "1.8" 55#define VERSION "1.8"
56 56
57static int disable_cfc = 0; 57static int disable_cfc = 0;
58static int channel_mtu = -1;
58static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 59static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59 60
60static struct task_struct *rfcomm_thread; 61static struct task_struct *rfcomm_thread;
@@ -812,7 +813,10 @@ static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d
812 pn->credits = 0; 813 pn->credits = 0;
813 } 814 }
814 815
815 pn->mtu = htobs(d->mtu); 816 if (cr && channel_mtu >= 0)
817 pn->mtu = htobs(channel_mtu);
818 else
819 pn->mtu = htobs(d->mtu);
816 820
817 *ptr = __fcs(buf); ptr++; 821 *ptr = __fcs(buf); ptr++;
818 822
@@ -1243,7 +1247,10 @@ static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1243 1247
1244 d->priority = pn->priority; 1248 d->priority = pn->priority;
1245 1249
1246 d->mtu = s->mtu = btohs(pn->mtu); 1250 d->mtu = btohs(pn->mtu);
1251
1252 if (cr && d->mtu > s->mtu)
1253 d->mtu = s->mtu;
1247 1254
1248 return 0; 1255 return 0;
1249} 1256}
@@ -1770,6 +1777,11 @@ static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1770 s = rfcomm_session_add(nsock, BT_OPEN); 1777 s = rfcomm_session_add(nsock, BT_OPEN);
1771 if (s) { 1778 if (s) {
1772 rfcomm_session_hold(s); 1779 rfcomm_session_hold(s);
1780
1781 /* We should adjust MTU on incoming sessions.
1782 * L2CAP MTU minus UIH header and FCS. */
1783 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1784
1773 rfcomm_schedule(RFCOMM_SCHED_RX); 1785 rfcomm_schedule(RFCOMM_SCHED_RX);
1774 } else 1786 } else
1775 sock_release(nsock); 1787 sock_release(nsock);
@@ -2087,6 +2099,9 @@ module_exit(rfcomm_exit);
2087module_param(disable_cfc, bool, 0644); 2099module_param(disable_cfc, bool, 0644);
2088MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2100MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2089 2101
2102module_param(channel_mtu, int, 0644);
2103MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2104
2090module_param(l2cap_mtu, uint, 0644); 2105module_param(l2cap_mtu, uint, 0644);
2091MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2106MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2092 2107
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index cbc8a389a0a8..05b3de888243 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -61,6 +61,9 @@ static int brnf_filter_vlan_tagged = 1;
61#define brnf_filter_vlan_tagged 1 61#define brnf_filter_vlan_tagged 1
62#endif 62#endif
63 63
64int brnf_deferred_hooks;
65EXPORT_SYMBOL_GPL(brnf_deferred_hooks);
66
64static __be16 inline vlan_proto(const struct sk_buff *skb) 67static __be16 inline vlan_proto(const struct sk_buff *skb)
65{ 68{
66 return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; 69 return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
@@ -890,6 +893,8 @@ static unsigned int ip_sabotage_out(unsigned int hook, struct sk_buff **pskb,
890 return NF_ACCEPT; 893 return NF_ACCEPT;
891 else if (ip->version == 6 && !brnf_call_ip6tables) 894 else if (ip->version == 6 && !brnf_call_ip6tables)
892 return NF_ACCEPT; 895 return NF_ACCEPT;
896 else if (!brnf_deferred_hooks)
897 return NF_ACCEPT;
893#endif 898#endif
894 if (hook == NF_IP_POST_ROUTING) 899 if (hook == NF_IP_POST_ROUTING)
895 return NF_ACCEPT; 900 return NF_ACCEPT;
diff --git a/net/dccp/feat.h b/net/dccp/feat.h
index 6048373c7186..b44c45504fb6 100644
--- a/net/dccp/feat.h
+++ b/net/dccp/feat.h
@@ -26,4 +26,6 @@ extern void dccp_feat_clean(struct dccp_minisock *dmsk);
26extern int dccp_feat_clone(struct sock *oldsk, struct sock *newsk); 26extern int dccp_feat_clone(struct sock *oldsk, struct sock *newsk);
27extern int dccp_feat_init(struct dccp_minisock *dmsk); 27extern int dccp_feat_init(struct dccp_minisock *dmsk);
28 28
29extern int dccp_feat_default_sequence_window;
30
29#endif /* _DCCP_FEAT_H */ 31#endif /* _DCCP_FEAT_H */
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index c3073e7e81d3..7f56f7e8f571 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -504,8 +504,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
504 ireq = inet_rsk(req); 504 ireq = inet_rsk(req);
505 ireq->loc_addr = daddr; 505 ireq->loc_addr = daddr;
506 ireq->rmt_addr = saddr; 506 ireq->rmt_addr = saddr;
507 req->rcv_wnd = 100; /* Fake, option parsing will get the 507 req->rcv_wnd = dccp_feat_default_sequence_window;
508 right value */
509 ireq->opt = NULL; 508 ireq->opt = NULL;
510 509
511 /* 510 /*
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index ff42bc43263d..9f3d4d7cd0bf 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -31,6 +31,7 @@
31 31
32#include "dccp.h" 32#include "dccp.h"
33#include "ipv6.h" 33#include "ipv6.h"
34#include "feat.h"
34 35
35/* Socket used for sending RSTs and ACKs */ 36/* Socket used for sending RSTs and ACKs */
36static struct socket *dccp_v6_ctl_socket; 37static struct socket *dccp_v6_ctl_socket;
@@ -707,8 +708,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
707 ireq = inet_rsk(req); 708 ireq = inet_rsk(req);
708 ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr); 709 ipv6_addr_copy(&ireq6->rmt_addr, &skb->nh.ipv6h->saddr);
709 ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr); 710 ipv6_addr_copy(&ireq6->loc_addr, &skb->nh.ipv6h->daddr);
710 req->rcv_wnd = 100; /* Fake, option parsing will get the 711 req->rcv_wnd = dccp_feat_default_sequence_window;
711 right value */
712 ireq6->pktopts = NULL; 712 ireq6->pktopts = NULL;
713 713
714 if (ipv6_opt_accepted(sk, skb) || 714 if (ipv6_opt_accepted(sk, skb) ||
diff --git a/net/dccp/options.c b/net/dccp/options.c
index c3cda1e39aa8..daf72bb671f0 100644
--- a/net/dccp/options.c
+++ b/net/dccp/options.c
@@ -29,6 +29,8 @@ int dccp_feat_default_ack_ratio = DCCPF_INITIAL_ACK_RATIO;
29int dccp_feat_default_send_ack_vector = DCCPF_INITIAL_SEND_ACK_VECTOR; 29int dccp_feat_default_send_ack_vector = DCCPF_INITIAL_SEND_ACK_VECTOR;
30int dccp_feat_default_send_ndp_count = DCCPF_INITIAL_SEND_NDP_COUNT; 30int dccp_feat_default_send_ndp_count = DCCPF_INITIAL_SEND_NDP_COUNT;
31 31
32EXPORT_SYMBOL_GPL(dccp_feat_default_sequence_window);
33
32void dccp_minisock_init(struct dccp_minisock *dmsk) 34void dccp_minisock_init(struct dccp_minisock *dmsk)
33{ 35{
34 dmsk->dccpms_sequence_window = dccp_feat_default_sequence_window; 36 dmsk->dccpms_sequence_window = dccp_feat_default_sequence_window;
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 184c78ca79e6..212734ca238f 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -429,7 +429,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
429 } 429 }
430 430
431 /* Remove any debris in the socket control block */ 431 /* Remove any debris in the socket control block */
432 memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); 432 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
433 433
434 return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, 434 return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
435 ip_rcv_finish); 435 ip_rcv_finish);
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 9ccacf57f08b..85893eef6b16 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1578,6 +1578,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
1578 cache = ipmr_cache_find(rt->rt_src, rt->rt_dst); 1578 cache = ipmr_cache_find(rt->rt_src, rt->rt_dst);
1579 1579
1580 if (cache==NULL) { 1580 if (cache==NULL) {
1581 struct sk_buff *skb2;
1581 struct net_device *dev; 1582 struct net_device *dev;
1582 int vif; 1583 int vif;
1583 1584
@@ -1591,12 +1592,18 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
1591 read_unlock(&mrt_lock); 1592 read_unlock(&mrt_lock);
1592 return -ENODEV; 1593 return -ENODEV;
1593 } 1594 }
1594 skb->nh.raw = skb_push(skb, sizeof(struct iphdr)); 1595 skb2 = skb_clone(skb, GFP_ATOMIC);
1595 skb->nh.iph->ihl = sizeof(struct iphdr)>>2; 1596 if (!skb2) {
1596 skb->nh.iph->saddr = rt->rt_src; 1597 read_unlock(&mrt_lock);
1597 skb->nh.iph->daddr = rt->rt_dst; 1598 return -ENOMEM;
1598 skb->nh.iph->version = 0; 1599 }
1599 err = ipmr_cache_unresolved(vif, skb); 1600
1601 skb2->nh.raw = skb_push(skb2, sizeof(struct iphdr));
1602 skb2->nh.iph->ihl = sizeof(struct iphdr)>>2;
1603 skb2->nh.iph->saddr = rt->rt_src;
1604 skb2->nh.iph->daddr = rt->rt_dst;
1605 skb2->nh.iph->version = 0;
1606 err = ipmr_cache_unresolved(vif, skb2);
1600 read_unlock(&mrt_lock); 1607 read_unlock(&mrt_lock);
1601 return err; 1608 return err;
1602 } 1609 }
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index af35235672d5..9a39e2969712 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -1200,7 +1200,7 @@ static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
1200 tuple.dst.protonum = IPPROTO_TCP; 1200 tuple.dst.protonum = IPPROTO_TCP;
1201 1201
1202 exp = __ip_conntrack_expect_find(&tuple); 1202 exp = __ip_conntrack_expect_find(&tuple);
1203 if (exp->master == ct) 1203 if (exp && exp->master == ct)
1204 return exp; 1204 return exp;
1205 return NULL; 1205 return NULL;
1206} 1206}
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 7bd3c22003a2..7a9fa04a467a 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -534,6 +534,8 @@ static struct nf_hook_ops ip_conntrack_ops[] = {
534 534
535/* Sysctl support */ 535/* Sysctl support */
536 536
537int ip_conntrack_checksum = 1;
538
537#ifdef CONFIG_SYSCTL 539#ifdef CONFIG_SYSCTL
538 540
539/* From ip_conntrack_core.c */ 541/* From ip_conntrack_core.c */
@@ -568,8 +570,6 @@ extern unsigned int ip_ct_generic_timeout;
568static int log_invalid_proto_min = 0; 570static int log_invalid_proto_min = 0;
569static int log_invalid_proto_max = 255; 571static int log_invalid_proto_max = 255;
570 572
571int ip_conntrack_checksum = 1;
572
573static struct ctl_table_header *ip_ct_sysctl_header; 573static struct ctl_table_header *ip_ct_sysctl_header;
574 574
575static ctl_table ip_ct_sysctl_table[] = { 575static ctl_table ip_ct_sysctl_table[] = {
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
index 0b1b416759cc..18b7fbdccb61 100644
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -1255,9 +1255,9 @@ static int help(struct sk_buff **pskb,
1255 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1255 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1256 1256
1257 /* SNMP replies and originating SNMP traps get mangled */ 1257 /* SNMP replies and originating SNMP traps get mangled */
1258 if (udph->source == ntohs(SNMP_PORT) && dir != IP_CT_DIR_REPLY) 1258 if (udph->source == htons(SNMP_PORT) && dir != IP_CT_DIR_REPLY)
1259 return NF_ACCEPT; 1259 return NF_ACCEPT;
1260 if (udph->dest == ntohs(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL) 1260 if (udph->dest == htons(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL)
1261 return NF_ACCEPT; 1261 return NF_ACCEPT;
1262 1262
1263 /* No NAT? */ 1263 /* No NAT? */
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index bd221ec3f81e..62b2762a2420 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -609,6 +609,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
609 if (sin) { 609 if (sin) {
610 sin->sin_family = AF_INET; 610 sin->sin_family = AF_INET;
611 sin->sin_addr.s_addr = skb->nh.iph->saddr; 611 sin->sin_addr.s_addr = skb->nh.iph->saddr;
612 sin->sin_port = 0;
612 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 613 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
613 } 614 }
614 if (inet->cmsg_flags) 615 if (inet->cmsg_flags)
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index df8f051c0fce..25c2a9e03895 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -71,6 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
71 goto out; 71 goto out;
72 } 72 }
73 73
74 memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
75
74 /* 76 /*
75 * Store incoming device index. When the packet will 77 * Store incoming device index. When the packet will
76 * be queued, we cannot refer to skb->dev anymore. 78 * be queued, we cannot refer to skb->dev anymore.
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index fa1ce0ae123e..d57e61ce4a7d 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -411,6 +411,7 @@ static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk,
411 /* Copy the address. */ 411 /* Copy the address. */
412 if (sin6) { 412 if (sin6) {
413 sin6->sin6_family = AF_INET6; 413 sin6->sin6_family = AF_INET6;
414 sin6->sin6_port = 0;
414 ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr); 415 ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr);
415 sin6->sin6_flowinfo = 0; 416 sin6->sin6_flowinfo = 0;
416 sin6->sin6_scope_id = 0; 417 sin6->sin6_scope_id = 0;
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 6b44fe8516c3..c8f9369c2a87 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -31,27 +31,6 @@
31#include <linux/icmpv6.h> 31#include <linux/icmpv6.h>
32#include <linux/mutex.h> 32#include <linux/mutex.h>
33 33
34#ifdef CONFIG_IPV6_XFRM6_TUNNEL_DEBUG
35# define X6TDEBUG 3
36#else
37# define X6TDEBUG 1
38#endif
39
40#define X6TPRINTK(fmt, args...) printk(fmt, ## args)
41#define X6TNOPRINTK(fmt, args...) do { ; } while(0)
42
43#if X6TDEBUG >= 1
44# define X6TPRINTK1 X6TPRINTK
45#else
46# define X6TPRINTK1 X6TNOPRINTK
47#endif
48
49#if X6TDEBUG >= 3
50# define X6TPRINTK3 X6TPRINTK
51#else
52# define X6TPRINTK3 X6TNOPRINTK
53#endif
54
55/* 34/*
56 * xfrm_tunnel_spi things are for allocating unique id ("spi") 35 * xfrm_tunnel_spi things are for allocating unique id ("spi")
57 * per xfrm_address_t. 36 * per xfrm_address_t.
@@ -62,15 +41,8 @@ struct xfrm6_tunnel_spi {
62 xfrm_address_t addr; 41 xfrm_address_t addr;
63 u32 spi; 42 u32 spi;
64 atomic_t refcnt; 43 atomic_t refcnt;
65#ifdef XFRM6_TUNNEL_SPI_MAGIC
66 u32 magic;
67#endif
68}; 44};
69 45
70#ifdef CONFIG_IPV6_XFRM6_TUNNEL_DEBUG
71# define XFRM6_TUNNEL_SPI_MAGIC 0xdeadbeef
72#endif
73
74static DEFINE_RWLOCK(xfrm6_tunnel_spi_lock); 46static DEFINE_RWLOCK(xfrm6_tunnel_spi_lock);
75 47
76static u32 xfrm6_tunnel_spi; 48static u32 xfrm6_tunnel_spi;
@@ -86,43 +58,15 @@ static kmem_cache_t *xfrm6_tunnel_spi_kmem __read_mostly;
86static struct hlist_head xfrm6_tunnel_spi_byaddr[XFRM6_TUNNEL_SPI_BYADDR_HSIZE]; 58static struct hlist_head xfrm6_tunnel_spi_byaddr[XFRM6_TUNNEL_SPI_BYADDR_HSIZE];
87static struct hlist_head xfrm6_tunnel_spi_byspi[XFRM6_TUNNEL_SPI_BYSPI_HSIZE]; 59static struct hlist_head xfrm6_tunnel_spi_byspi[XFRM6_TUNNEL_SPI_BYSPI_HSIZE];
88 60
89#ifdef XFRM6_TUNNEL_SPI_MAGIC
90static int x6spi_check_magic(const struct xfrm6_tunnel_spi *x6spi,
91 const char *name)
92{
93 if (unlikely(x6spi->magic != XFRM6_TUNNEL_SPI_MAGIC)) {
94 X6TPRINTK3(KERN_DEBUG "%s(): x6spi object "
95 "at %p has corrupted magic %08x "
96 "(should be %08x)\n",
97 name, x6spi, x6spi->magic, XFRM6_TUNNEL_SPI_MAGIC);
98 return -1;
99 }
100 return 0;
101}
102#else
103static int inline x6spi_check_magic(const struct xfrm6_tunnel_spi *x6spi,
104 const char *name)
105{
106 return 0;
107}
108#endif
109
110#define X6SPI_CHECK_MAGIC(x6spi) x6spi_check_magic((x6spi), __FUNCTION__)
111
112
113static unsigned inline xfrm6_tunnel_spi_hash_byaddr(xfrm_address_t *addr) 61static unsigned inline xfrm6_tunnel_spi_hash_byaddr(xfrm_address_t *addr)
114{ 62{
115 unsigned h; 63 unsigned h;
116 64
117 X6TPRINTK3(KERN_DEBUG "%s(addr=%p)\n", __FUNCTION__, addr);
118
119 h = addr->a6[0] ^ addr->a6[1] ^ addr->a6[2] ^ addr->a6[3]; 65 h = addr->a6[0] ^ addr->a6[1] ^ addr->a6[2] ^ addr->a6[3];
120 h ^= h >> 16; 66 h ^= h >> 16;
121 h ^= h >> 8; 67 h ^= h >> 8;
122 h &= XFRM6_TUNNEL_SPI_BYADDR_HSIZE - 1; 68 h &= XFRM6_TUNNEL_SPI_BYADDR_HSIZE - 1;
123 69
124 X6TPRINTK3(KERN_DEBUG "%s() = %u\n", __FUNCTION__, h);
125
126 return h; 70 return h;
127} 71}
128 72
@@ -136,19 +80,13 @@ static int xfrm6_tunnel_spi_init(void)
136{ 80{
137 int i; 81 int i;
138 82
139 X6TPRINTK3(KERN_DEBUG "%s()\n", __FUNCTION__);
140
141 xfrm6_tunnel_spi = 0; 83 xfrm6_tunnel_spi = 0;
142 xfrm6_tunnel_spi_kmem = kmem_cache_create("xfrm6_tunnel_spi", 84 xfrm6_tunnel_spi_kmem = kmem_cache_create("xfrm6_tunnel_spi",
143 sizeof(struct xfrm6_tunnel_spi), 85 sizeof(struct xfrm6_tunnel_spi),
144 0, SLAB_HWCACHE_ALIGN, 86 0, SLAB_HWCACHE_ALIGN,
145 NULL, NULL); 87 NULL, NULL);
146 if (!xfrm6_tunnel_spi_kmem) { 88 if (!xfrm6_tunnel_spi_kmem)
147 X6TPRINTK1(KERN_ERR
148 "%s(): failed to allocate xfrm6_tunnel_spi_kmem\n",
149 __FUNCTION__);
150 return -ENOMEM; 89 return -ENOMEM;
151 }
152 90
153 for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++) 91 for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++)
154 INIT_HLIST_HEAD(&xfrm6_tunnel_spi_byaddr[i]); 92 INIT_HLIST_HEAD(&xfrm6_tunnel_spi_byaddr[i]);
@@ -161,22 +99,16 @@ static void xfrm6_tunnel_spi_fini(void)
161{ 99{
162 int i; 100 int i;
163 101
164 X6TPRINTK3(KERN_DEBUG "%s()\n", __FUNCTION__);
165
166 for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++) { 102 for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++) {
167 if (!hlist_empty(&xfrm6_tunnel_spi_byaddr[i])) 103 if (!hlist_empty(&xfrm6_tunnel_spi_byaddr[i]))
168 goto err; 104 return;
169 } 105 }
170 for (i = 0; i < XFRM6_TUNNEL_SPI_BYSPI_HSIZE; i++) { 106 for (i = 0; i < XFRM6_TUNNEL_SPI_BYSPI_HSIZE; i++) {
171 if (!hlist_empty(&xfrm6_tunnel_spi_byspi[i])) 107 if (!hlist_empty(&xfrm6_tunnel_spi_byspi[i]))
172 goto err; 108 return;
173 } 109 }
174 kmem_cache_destroy(xfrm6_tunnel_spi_kmem); 110 kmem_cache_destroy(xfrm6_tunnel_spi_kmem);
175 xfrm6_tunnel_spi_kmem = NULL; 111 xfrm6_tunnel_spi_kmem = NULL;
176 return;
177err:
178 X6TPRINTK1(KERN_ERR "%s(): table is not empty\n", __FUNCTION__);
179 return;
180} 112}
181 113
182static struct xfrm6_tunnel_spi *__xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr) 114static struct xfrm6_tunnel_spi *__xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr)
@@ -184,19 +116,13 @@ static struct xfrm6_tunnel_spi *__xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr)
184 struct xfrm6_tunnel_spi *x6spi; 116 struct xfrm6_tunnel_spi *x6spi;
185 struct hlist_node *pos; 117 struct hlist_node *pos;
186 118
187 X6TPRINTK3(KERN_DEBUG "%s(saddr=%p)\n", __FUNCTION__, saddr);
188
189 hlist_for_each_entry(x6spi, pos, 119 hlist_for_each_entry(x6spi, pos,
190 &xfrm6_tunnel_spi_byaddr[xfrm6_tunnel_spi_hash_byaddr(saddr)], 120 &xfrm6_tunnel_spi_byaddr[xfrm6_tunnel_spi_hash_byaddr(saddr)],
191 list_byaddr) { 121 list_byaddr) {
192 if (memcmp(&x6spi->addr, saddr, sizeof(x6spi->addr)) == 0) { 122 if (memcmp(&x6spi->addr, saddr, sizeof(x6spi->addr)) == 0)
193 X6SPI_CHECK_MAGIC(x6spi);
194 X6TPRINTK3(KERN_DEBUG "%s() = %p(%u)\n", __FUNCTION__, x6spi, x6spi->spi);
195 return x6spi; 123 return x6spi;
196 }
197 } 124 }
198 125
199 X6TPRINTK3(KERN_DEBUG "%s() = NULL(0)\n", __FUNCTION__);
200 return NULL; 126 return NULL;
201} 127}
202 128
@@ -205,8 +131,6 @@ u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr)
205 struct xfrm6_tunnel_spi *x6spi; 131 struct xfrm6_tunnel_spi *x6spi;
206 u32 spi; 132 u32 spi;
207 133
208 X6TPRINTK3(KERN_DEBUG "%s(saddr=%p)\n", __FUNCTION__, saddr);
209
210 read_lock_bh(&xfrm6_tunnel_spi_lock); 134 read_lock_bh(&xfrm6_tunnel_spi_lock);
211 x6spi = __xfrm6_tunnel_spi_lookup(saddr); 135 x6spi = __xfrm6_tunnel_spi_lookup(saddr);
212 spi = x6spi ? x6spi->spi : 0; 136 spi = x6spi ? x6spi->spi : 0;
@@ -223,8 +147,6 @@ static u32 __xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr)
223 struct hlist_node *pos; 147 struct hlist_node *pos;
224 unsigned index; 148 unsigned index;
225 149
226 X6TPRINTK3(KERN_DEBUG "%s(saddr=%p)\n", __FUNCTION__, saddr);
227
228 if (xfrm6_tunnel_spi < XFRM6_TUNNEL_SPI_MIN || 150 if (xfrm6_tunnel_spi < XFRM6_TUNNEL_SPI_MIN ||
229 xfrm6_tunnel_spi >= XFRM6_TUNNEL_SPI_MAX) 151 xfrm6_tunnel_spi >= XFRM6_TUNNEL_SPI_MAX)
230 xfrm6_tunnel_spi = XFRM6_TUNNEL_SPI_MIN; 152 xfrm6_tunnel_spi = XFRM6_TUNNEL_SPI_MIN;
@@ -258,18 +180,10 @@ try_next_2:;
258 spi = 0; 180 spi = 0;
259 goto out; 181 goto out;
260alloc_spi: 182alloc_spi:
261 X6TPRINTK3(KERN_DEBUG "%s(): allocate new spi for " NIP6_FMT "\n",
262 __FUNCTION__,
263 NIP6(*(struct in6_addr *)saddr));
264 x6spi = kmem_cache_alloc(xfrm6_tunnel_spi_kmem, SLAB_ATOMIC); 183 x6spi = kmem_cache_alloc(xfrm6_tunnel_spi_kmem, SLAB_ATOMIC);
265 if (!x6spi) { 184 if (!x6spi)
266 X6TPRINTK1(KERN_ERR "%s(): kmem_cache_alloc() failed\n",
267 __FUNCTION__);
268 goto out; 185 goto out;
269 } 186
270#ifdef XFRM6_TUNNEL_SPI_MAGIC
271 x6spi->magic = XFRM6_TUNNEL_SPI_MAGIC;
272#endif
273 memcpy(&x6spi->addr, saddr, sizeof(x6spi->addr)); 187 memcpy(&x6spi->addr, saddr, sizeof(x6spi->addr));
274 x6spi->spi = spi; 188 x6spi->spi = spi;
275 atomic_set(&x6spi->refcnt, 1); 189 atomic_set(&x6spi->refcnt, 1);
@@ -278,9 +192,7 @@ alloc_spi:
278 192
279 index = xfrm6_tunnel_spi_hash_byaddr(saddr); 193 index = xfrm6_tunnel_spi_hash_byaddr(saddr);
280 hlist_add_head(&x6spi->list_byaddr, &xfrm6_tunnel_spi_byaddr[index]); 194 hlist_add_head(&x6spi->list_byaddr, &xfrm6_tunnel_spi_byaddr[index]);
281 X6SPI_CHECK_MAGIC(x6spi);
282out: 195out:
283 X6TPRINTK3(KERN_DEBUG "%s() = %u\n", __FUNCTION__, spi);
284 return spi; 196 return spi;
285} 197}
286 198
@@ -289,8 +201,6 @@ u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr)
289 struct xfrm6_tunnel_spi *x6spi; 201 struct xfrm6_tunnel_spi *x6spi;
290 u32 spi; 202 u32 spi;
291 203
292 X6TPRINTK3(KERN_DEBUG "%s(saddr=%p)\n", __FUNCTION__, saddr);
293
294 write_lock_bh(&xfrm6_tunnel_spi_lock); 204 write_lock_bh(&xfrm6_tunnel_spi_lock);
295 x6spi = __xfrm6_tunnel_spi_lookup(saddr); 205 x6spi = __xfrm6_tunnel_spi_lookup(saddr);
296 if (x6spi) { 206 if (x6spi) {
@@ -300,8 +210,6 @@ u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr)
300 spi = __xfrm6_tunnel_alloc_spi(saddr); 210 spi = __xfrm6_tunnel_alloc_spi(saddr);
301 write_unlock_bh(&xfrm6_tunnel_spi_lock); 211 write_unlock_bh(&xfrm6_tunnel_spi_lock);
302 212
303 X6TPRINTK3(KERN_DEBUG "%s() = %u\n", __FUNCTION__, spi);
304
305 return spi; 213 return spi;
306} 214}
307 215
@@ -312,8 +220,6 @@ void xfrm6_tunnel_free_spi(xfrm_address_t *saddr)
312 struct xfrm6_tunnel_spi *x6spi; 220 struct xfrm6_tunnel_spi *x6spi;
313 struct hlist_node *pos, *n; 221 struct hlist_node *pos, *n;
314 222
315 X6TPRINTK3(KERN_DEBUG "%s(saddr=%p)\n", __FUNCTION__, saddr);
316
317 write_lock_bh(&xfrm6_tunnel_spi_lock); 223 write_lock_bh(&xfrm6_tunnel_spi_lock);
318 224
319 hlist_for_each_entry_safe(x6spi, pos, n, 225 hlist_for_each_entry_safe(x6spi, pos, n,
@@ -321,12 +227,6 @@ void xfrm6_tunnel_free_spi(xfrm_address_t *saddr)
321 list_byaddr) 227 list_byaddr)
322 { 228 {
323 if (memcmp(&x6spi->addr, saddr, sizeof(x6spi->addr)) == 0) { 229 if (memcmp(&x6spi->addr, saddr, sizeof(x6spi->addr)) == 0) {
324 X6TPRINTK3(KERN_DEBUG "%s(): x6spi object for " NIP6_FMT
325 " found at %p\n",
326 __FUNCTION__,
327 NIP6(*(struct in6_addr *)saddr),
328 x6spi);
329 X6SPI_CHECK_MAGIC(x6spi);
330 if (atomic_dec_and_test(&x6spi->refcnt)) { 230 if (atomic_dec_and_test(&x6spi->refcnt)) {
331 hlist_del(&x6spi->list_byaddr); 231 hlist_del(&x6spi->list_byaddr);
332 hlist_del(&x6spi->list_byspi); 232 hlist_del(&x6spi->list_byspi);
@@ -377,20 +277,14 @@ static int xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
377 case ICMPV6_ADDR_UNREACH: 277 case ICMPV6_ADDR_UNREACH:
378 case ICMPV6_PORT_UNREACH: 278 case ICMPV6_PORT_UNREACH:
379 default: 279 default:
380 X6TPRINTK3(KERN_DEBUG
381 "xfrm6_tunnel: Destination Unreach.\n");
382 break; 280 break;
383 } 281 }
384 break; 282 break;
385 case ICMPV6_PKT_TOOBIG: 283 case ICMPV6_PKT_TOOBIG:
386 X6TPRINTK3(KERN_DEBUG
387 "xfrm6_tunnel: Packet Too Big.\n");
388 break; 284 break;
389 case ICMPV6_TIME_EXCEED: 285 case ICMPV6_TIME_EXCEED:
390 switch (code) { 286 switch (code) {
391 case ICMPV6_EXC_HOPLIMIT: 287 case ICMPV6_EXC_HOPLIMIT:
392 X6TPRINTK3(KERN_DEBUG
393 "xfrm6_tunnel: Too small Hoplimit.\n");
394 break; 288 break;
395 case ICMPV6_EXC_FRAGTIME: 289 case ICMPV6_EXC_FRAGTIME:
396 default: 290 default:
@@ -447,22 +341,14 @@ static struct xfrm6_tunnel xfrm6_tunnel_handler = {
447 341
448static int __init xfrm6_tunnel_init(void) 342static int __init xfrm6_tunnel_init(void)
449{ 343{
450 X6TPRINTK3(KERN_DEBUG "%s()\n", __FUNCTION__); 344 if (xfrm_register_type(&xfrm6_tunnel_type, AF_INET6) < 0)
451
452 if (xfrm_register_type(&xfrm6_tunnel_type, AF_INET6) < 0) {
453 X6TPRINTK1(KERN_ERR
454 "xfrm6_tunnel init: can't add xfrm type\n");
455 return -EAGAIN; 345 return -EAGAIN;
456 } 346
457 if (xfrm6_tunnel_register(&xfrm6_tunnel_handler)) { 347 if (xfrm6_tunnel_register(&xfrm6_tunnel_handler)) {
458 X6TPRINTK1(KERN_ERR
459 "xfrm6_tunnel init(): can't add handler\n");
460 xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6); 348 xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
461 return -EAGAIN; 349 return -EAGAIN;
462 } 350 }
463 if (xfrm6_tunnel_spi_init() < 0) { 351 if (xfrm6_tunnel_spi_init() < 0) {
464 X6TPRINTK1(KERN_ERR
465 "xfrm6_tunnel init: failed to initialize spi\n");
466 xfrm6_tunnel_deregister(&xfrm6_tunnel_handler); 352 xfrm6_tunnel_deregister(&xfrm6_tunnel_handler);
467 xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6); 353 xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
468 return -EAGAIN; 354 return -EAGAIN;
@@ -472,15 +358,9 @@ static int __init xfrm6_tunnel_init(void)
472 358
473static void __exit xfrm6_tunnel_fini(void) 359static void __exit xfrm6_tunnel_fini(void)
474{ 360{
475 X6TPRINTK3(KERN_DEBUG "%s()\n", __FUNCTION__);
476
477 xfrm6_tunnel_spi_fini(); 361 xfrm6_tunnel_spi_fini();
478 if (xfrm6_tunnel_deregister(&xfrm6_tunnel_handler)) 362 xfrm6_tunnel_deregister(&xfrm6_tunnel_handler);
479 X6TPRINTK1(KERN_ERR 363 xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
480 "xfrm6_tunnel close: can't remove handler\n");
481 if (xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6) < 0)
482 X6TPRINTK1(KERN_ERR
483 "xfrm6_tunnel close: can't remove xfrm type\n");
484} 364}
485 365
486module_init(xfrm6_tunnel_init); 366module_init(xfrm6_tunnel_init);
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 42a178aa30f9..a9894ddfd72a 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -386,8 +386,8 @@ config NETFILTER_XT_MATCH_REALM
386 <file:Documentation/modules.txt>. If unsure, say `N'. 386 <file:Documentation/modules.txt>. If unsure, say `N'.
387 387
388config NETFILTER_XT_MATCH_SCTP 388config NETFILTER_XT_MATCH_SCTP
389 tristate '"sctp" protocol match support' 389 tristate '"sctp" protocol match support (EXPERIMENTAL)'
390 depends on NETFILTER_XTABLES 390 depends on NETFILTER_XTABLES && EXPERIMENTAL
391 help 391 help
392 With this option enabled, you will be able to use the 392 With this option enabled, you will be able to use the
393 `sctp' match in order to match on SCTP source/destination ports 393 `sctp' match in order to match on SCTP source/destination ports
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 5fcab2ef231f..4ef836699962 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -428,6 +428,8 @@ static struct file_operations ct_cpu_seq_fops = {
428 428
429/* Sysctl support */ 429/* Sysctl support */
430 430
431int nf_conntrack_checksum = 1;
432
431#ifdef CONFIG_SYSCTL 433#ifdef CONFIG_SYSCTL
432 434
433/* From nf_conntrack_core.c */ 435/* From nf_conntrack_core.c */
@@ -459,8 +461,6 @@ extern unsigned int nf_ct_generic_timeout;
459static int log_invalid_proto_min = 0; 461static int log_invalid_proto_min = 0;
460static int log_invalid_proto_max = 255; 462static int log_invalid_proto_max = 255;
461 463
462int nf_conntrack_checksum = 1;
463
464static struct ctl_table_header *nf_ct_sysctl_header; 464static struct ctl_table_header *nf_ct_sysctl_header;
465 465
466static ctl_table nf_ct_sysctl_table[] = { 466static ctl_table nf_ct_sysctl_table[] = {
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index bb6fcee452ca..662a869593bf 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
219 219
220 switch (verdict & NF_VERDICT_MASK) { 220 switch (verdict & NF_VERDICT_MASK) {
221 case NF_ACCEPT: 221 case NF_ACCEPT:
222 case NF_STOP:
222 info->okfn(skb); 223 info->okfn(skb);
224 case NF_STOLEN:
223 break; 225 break;
224
225 case NF_QUEUE: 226 case NF_QUEUE:
226 if (!nf_queue(&skb, elem, info->pf, info->hook, 227 if (!nf_queue(&skb, elem, info->pf, info->hook,
227 info->indev, info->outdev, info->okfn, 228 info->indev, info->outdev, info->okfn,
228 verdict >> NF_VERDICT_BITS)) 229 verdict >> NF_VERDICT_BITS))
229 goto next_hook; 230 goto next_hook;
230 break; 231 break;
232 default:
233 kfree_skb(skb);
231 } 234 }
232 rcu_read_unlock(); 235 rcu_read_unlock();
233
234 if (verdict == NF_DROP)
235 kfree_skb(skb);
236
237 kfree(info); 236 kfree(info);
238 return; 237 return;
239} 238}
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index 5fe4c9df17f5..a9f4f6f3c628 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -113,6 +113,21 @@ checkentry(const char *tablename,
113 if (!(info->bitmask & XT_PHYSDEV_OP_MASK) || 113 if (!(info->bitmask & XT_PHYSDEV_OP_MASK) ||
114 info->bitmask & ~XT_PHYSDEV_OP_MASK) 114 info->bitmask & ~XT_PHYSDEV_OP_MASK)
115 return 0; 115 return 0;
116 if (brnf_deferred_hooks == 0 &&
117 info->bitmask & XT_PHYSDEV_OP_OUT &&
118 (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
119 info->invert & XT_PHYSDEV_OP_BRIDGED) &&
120 hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
121 (1 << NF_IP_POST_ROUTING))) {
122 printk(KERN_WARNING "physdev match: using --physdev-out in the "
123 "OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
124 "traffic is deprecated and breaks other things, it will "
125 "be removed in January 2007. See Documentation/"
126 "feature-removal-schedule.txt for details. This doesn't "
127 "affect you in case you're using it for purely bridged "
128 "traffic.\n");
129 brnf_deferred_hooks = 1;
130 }
116 return 1; 131 return 1;
117} 132}
118 133
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c
index 3ac703b5cb8f..d2f5320a80bf 100644
--- a/net/netfilter/xt_pkttype.c
+++ b/net/netfilter/xt_pkttype.c
@@ -9,6 +9,8 @@
9#include <linux/skbuff.h> 9#include <linux/skbuff.h>
10#include <linux/if_ether.h> 10#include <linux/if_ether.h>
11#include <linux/if_packet.h> 11#include <linux/if_packet.h>
12#include <linux/in.h>
13#include <linux/ip.h>
12 14
13#include <linux/netfilter/xt_pkttype.h> 15#include <linux/netfilter/xt_pkttype.h>
14#include <linux/netfilter/x_tables.h> 16#include <linux/netfilter/x_tables.h>
@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb,
28 unsigned int protoff, 30 unsigned int protoff,
29 int *hotdrop) 31 int *hotdrop)
30{ 32{
33 u_int8_t type;
31 const struct xt_pkttype_info *info = matchinfo; 34 const struct xt_pkttype_info *info = matchinfo;
32 35
33 return (skb->pkt_type == info->pkttype) ^ info->invert; 36 if (skb->pkt_type == PACKET_LOOPBACK)
37 type = (MULTICAST(skb->nh.iph->daddr)
38 ? PACKET_MULTICAST
39 : PACKET_BROADCAST);
40 else
41 type = skb->pkt_type;
42
43 return (type == info->pkttype) ^ info->invert;
34} 44}
35 45
36static struct xt_match pkttype_match = { 46static struct xt_match pkttype_match = {
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-19 12:28:53 -0400