7 files changed, 52 insertions, 26 deletions
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 906cb1ada4c3..e7821ba7a9a0 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -266,20 +266,24 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int
        if (!dev)
          return NULL;
+        if (strchr(name, '%')) {
+                if (dev_alloc_name(dev, name) < 0)
+                        goto failed_free;
+        }
        dev->init = ipgre_tunnel_init;
        nt = netdev_priv(dev);
        nt->parms = *parms;
-        if (register_netdevice(dev) < 0) {
+        if (register_netdevice(dev) < 0)
-                free_netdev(dev);
+                goto failed_free;
-                goto failed;
-        }
        dev_hold(dev);
        ipgre_tunnel_link(nt);
        return nt;
-failed:
+failed_free:
+        free_netdev(dev);
        return NULL;
 }
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index e77e3b855834..dbaed69de06a 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -228,20 +228,24 @@ static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int c
        if (dev == NULL)
                return NULL;
+        if (strchr(name, '%')) {
+                if (dev_alloc_name(dev, name) < 0)
+                        goto failed_free;
+        }
        nt = netdev_priv(dev);
        dev->init = ipip_tunnel_init;
        nt->parms = *parms;
-        if (register_netdevice(dev) < 0) {
+        if (register_netdevice(dev) < 0)
-                free_netdev(dev);
+                goto failed_free;
-                goto failed;
-        }
        dev_hold(dev);
        ipip_tunnel_link(nt);
        return nt;
-failed:
+failed_free:
+        free_netdev(dev);
        return NULL;
 }
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 2a124e9a1b2d..78f438880923 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -238,17 +238,24 @@ static struct ip6_tnl *ip6_tnl_create(struct ip6_tnl_parm *p)
        if (dev == NULL)
                goto failed;
+        if (strchr(name, '%')) {
+                if (dev_alloc_name(dev, name) < 0)
+                        goto failed_free;
+        }
        t = netdev_priv(dev);
        dev->init = ip6_tnl_dev_init;
        t->parms = *p;
-        if ((err = register_netdevice(dev)) < 0) {
+        if ((err = register_netdevice(dev)) < 0)
-                free_netdev(dev);
+                goto failed_free;
-                goto failed;
-        }
        dev_hold(dev);
        ip6_tnl_link(t);
        return t;
+failed_free:
+        free_netdev(dev);
 failed:
        return NULL;
 }
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index dde7801abeff..1656c003b989 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -171,6 +171,11 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
        if (dev == NULL)
                return NULL;
+        if (strchr(name, '%')) {
+                if (dev_alloc_name(dev, name) < 0)
+                        goto failed_free;
+        }
        nt = netdev_priv(dev);
        dev->init = ipip6_tunnel_init;
        nt->parms = *parms;
@@ -178,16 +183,16 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
        if (parms->i_flags & SIT_ISATAP)
                dev->priv_flags |= IFF_ISATAP;
-        if (register_netdevice(dev) < 0) {
+        if (register_netdevice(dev) < 0)
-                free_netdev(dev);
+                goto failed_free;
-                goto failed;
-        }
        dev_hold(dev);
        ipip6_tunnel_link(nt);
        return nt;
+failed_free:
+        free_netdev(dev);
 failed:
        return NULL;
 }
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 408691b777c2..d6d3e68086f8 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -102,9 +102,6 @@ static int ipv6_sysctl_net_init(struct net *net)
        net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
                                                           ipv6_table);
        if (!net->ipv6.sysctl.table)
-                return -ENOMEM;
-        if (!net->ipv6.sysctl.table)
                goto out_ipv6_icmp_table;
        err = 0;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 327e847d2702..b77eb56a87e3 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -256,13 +256,19 @@ __nf_conntrack_find(const struct nf_conntrack_tuple *tuple)
        struct hlist_node *n;
        unsigned int hash = hash_conntrack(tuple);
+        /* Disable BHs the entire time since we normally need to disable them
+         * at least once for the stats anyway.
+         */
+        local_bh_disable();
        hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {
                if (nf_ct_tuple_equal(tuple, &h->tuple)) {
                        NF_CT_STAT_INC(found);
+                        local_bh_enable();
                        return h;
                }
                NF_CT_STAT_INC(searched);
        }
+        local_bh_enable();
        return NULL;
 }
@@ -400,17 +406,20 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
        struct hlist_node *n;
        unsigned int hash = hash_conntrack(tuple);
-        rcu_read_lock();
+        /* Disable BHs the entire time since we need to disable them at
+         * least once for the stats anyway.
+         */
+        rcu_read_lock_bh();
        hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {
                if (nf_ct_tuplehash_to_ctrack(h) != ignored_conntrack &&
                    nf_ct_tuple_equal(tuple, &h->tuple)) {
                        NF_CT_STAT_INC(found);
-                        rcu_read_unlock();
+                        rcu_read_unlock_bh();
                        return 1;
                }
                NF_CT_STAT_INC(searched);
        }
-        rcu_read_unlock();
+        rcu_read_unlock_bh();
        return 0;
 }
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 85330856a29c..0c50b2894055 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -122,7 +122,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr,
                  const union nf_inet_addr *umask, unsigned int l3proto)
 {
        if (l3proto == AF_INET)
-                return (kaddr->ip & umask->ip) == uaddr->ip;
+                return ((kaddr->ip ^ uaddr->ip) & umask->ip) == 0;
        else if (l3proto == AF_INET6)
                return ipv6_masked_addr_cmp(&kaddr->in6, &umask->in6,
                       &uaddr->in6) == 0;
@@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in,
                        if (test_bit(IPS_DST_NAT_BIT, &ct->status))
                                statebit |= XT_CONNTRACK_STATE_DNAT;
                }
-                if ((info->state_mask & statebit) ^
+                if (!!(info->state_mask & statebit) ^
                    !(info->invert_flags & XT_CONNTRACK_STATE))
                        return false;
        }

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 906cb1ada4c3..e7821ba7a9a0 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c
@@ -266,20 +266,24 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int
266	if (!dev)	266	if (!dev)
267	return NULL;	267	return NULL;
268		268
		269	if (strchr(name, '%')) {
		270	if (dev_alloc_name(dev, name) < 0)
		271	goto failed_free;
		272	}
		273
269	dev->init = ipgre_tunnel_init;	274	dev->init = ipgre_tunnel_init;
270	nt = netdev_priv(dev);	275	nt = netdev_priv(dev);
271	nt->parms = *parms;	276	nt->parms = *parms;
272		277
273	if (register_netdevice(dev) < 0) {	278	if (register_netdevice(dev) < 0)
274	free_netdev(dev);	279	goto failed_free;
275	goto failed;
276	}
277		280
278	dev_hold(dev);	281	dev_hold(dev);
279	ipgre_tunnel_link(nt);	282	ipgre_tunnel_link(nt);
280	return nt;	283	return nt;
281		284
282	failed:	285	failed_free:
		286	free_netdev(dev);
283	return NULL;	287	return NULL;
284	}	288	}
285		289


diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c index e77e3b855834..dbaed69de06a 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c
@@ -228,20 +228,24 @@ static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int c
228	if (dev == NULL)	228	if (dev == NULL)
229	return NULL;	229	return NULL;
230		230
		231	if (strchr(name, '%')) {
		232	if (dev_alloc_name(dev, name) < 0)
		233	goto failed_free;
		234	}
		235
231	nt = netdev_priv(dev);	236	nt = netdev_priv(dev);
232	dev->init = ipip_tunnel_init;	237	dev->init = ipip_tunnel_init;
233	nt->parms = *parms;	238	nt->parms = *parms;
234		239
235	if (register_netdevice(dev) < 0) {	240	if (register_netdevice(dev) < 0)
236	free_netdev(dev);	241	goto failed_free;
237	goto failed;
238	}
239		242
240	dev_hold(dev);	243	dev_hold(dev);
241	ipip_tunnel_link(nt);	244	ipip_tunnel_link(nt);
242	return nt;	245	return nt;
243		246
244	failed:	247	failed_free:
		248	free_netdev(dev);
245	return NULL;	249	return NULL;
246	}	250	}
247		251


diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 2a124e9a1b2d..78f438880923 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c
@@ -238,17 +238,24 @@ static struct ip6_tnl ip6_tnl_create(struct ip6_tnl_parm p)
238	if (dev == NULL)	238	if (dev == NULL)
239	goto failed;	239	goto failed;
240		240
		241	if (strchr(name, '%')) {
		242	if (dev_alloc_name(dev, name) < 0)
		243	goto failed_free;
		244	}
		245
241	t = netdev_priv(dev);	246	t = netdev_priv(dev);
242	dev->init = ip6_tnl_dev_init;	247	dev->init = ip6_tnl_dev_init;
243	t->parms = *p;	248	t->parms = *p;
244		249
245	if ((err = register_netdevice(dev)) < 0) {	250	if ((err = register_netdevice(dev)) < 0)
246	free_netdev(dev);	251	goto failed_free;
247	goto failed;	252
248	}
249	dev_hold(dev);	253	dev_hold(dev);
250	ip6_tnl_link(t);	254	ip6_tnl_link(t);
251	return t;	255	return t;
		256
		257	failed_free:
		258	free_netdev(dev);
252	failed:	259	failed:
253	return NULL;	260	return NULL;
254	}	261	}


diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index dde7801abeff..1656c003b989 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c
@@ -171,6 +171,11 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
171	if (dev == NULL)	171	if (dev == NULL)
172	return NULL;	172	return NULL;
173		173
		174	if (strchr(name, '%')) {
		175	if (dev_alloc_name(dev, name) < 0)
		176	goto failed_free;
		177	}
		178
174	nt = netdev_priv(dev);	179	nt = netdev_priv(dev);
175	dev->init = ipip6_tunnel_init;	180	dev->init = ipip6_tunnel_init;
176	nt->parms = *parms;	181	nt->parms = *parms;
@@ -178,16 +183,16 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
178	if (parms->i_flags & SIT_ISATAP)	183	if (parms->i_flags & SIT_ISATAP)
179	dev->priv_flags \|= IFF_ISATAP;	184	dev->priv_flags \|= IFF_ISATAP;
180		185
181	if (register_netdevice(dev) < 0) {	186	if (register_netdevice(dev) < 0)
182	free_netdev(dev);	187	goto failed_free;
183	goto failed;
184	}
185		188
186	dev_hold(dev);	189	dev_hold(dev);
187		190
188	ipip6_tunnel_link(nt);	191	ipip6_tunnel_link(nt);
189	return nt;	192	return nt;
190		193
		194	failed_free:
		195	free_netdev(dev);
191	failed:	196	failed:
192	return NULL;	197	return NULL;
193	}	198	}


diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 408691b777c2..d6d3e68086f8 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c
@@ -102,9 +102,6 @@ static int ipv6_sysctl_net_init(struct net *net)
102	net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,	102	net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
103	ipv6_table);	103	ipv6_table);
104	if (!net->ipv6.sysctl.table)	104	if (!net->ipv6.sysctl.table)
105	return -ENOMEM;
106
107	if (!net->ipv6.sysctl.table)
108	goto out_ipv6_icmp_table;	105	goto out_ipv6_icmp_table;
109		106
110	err = 0;	107	err = 0;


diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 327e847d2702..b77eb56a87e3 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c
@@ -256,13 +256,19 @@ __nf_conntrack_find(const struct nf_conntrack_tuple *tuple)
256	struct hlist_node *n;	256	struct hlist_node *n;
257	unsigned int hash = hash_conntrack(tuple);	257	unsigned int hash = hash_conntrack(tuple);
258		258
		259	/* Disable BHs the entire time since we normally need to disable them
		260	* at least once for the stats anyway.
		261	*/
		262	local_bh_disable();
259	hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {	263	hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {
260	if (nf_ct_tuple_equal(tuple, &h->tuple)) {	264	if (nf_ct_tuple_equal(tuple, &h->tuple)) {
261	NF_CT_STAT_INC(found);	265	NF_CT_STAT_INC(found);
		266	local_bh_enable();
262	return h;	267	return h;
263	}	268	}
264	NF_CT_STAT_INC(searched);	269	NF_CT_STAT_INC(searched);
265	}	270	}
		271	local_bh_enable();
266		272
267	return NULL;	273	return NULL;
268	}	274	}
@@ -400,17 +406,20 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
400	struct hlist_node *n;	406	struct hlist_node *n;
401	unsigned int hash = hash_conntrack(tuple);	407	unsigned int hash = hash_conntrack(tuple);
402		408
403	rcu_read_lock();	409	/* Disable BHs the entire time since we need to disable them at
		410	* least once for the stats anyway.
		411	*/
		412	rcu_read_lock_bh();
404	hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {	413	hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {
405	if (nf_ct_tuplehash_to_ctrack(h) != ignored_conntrack &&	414	if (nf_ct_tuplehash_to_ctrack(h) != ignored_conntrack &&
406	nf_ct_tuple_equal(tuple, &h->tuple)) {	415	nf_ct_tuple_equal(tuple, &h->tuple)) {
407	NF_CT_STAT_INC(found);	416	NF_CT_STAT_INC(found);
408	rcu_read_unlock();	417	rcu_read_unlock_bh();
409	return 1;	418	return 1;
410	}	419	}
411	NF_CT_STAT_INC(searched);	420	NF_CT_STAT_INC(searched);
412	}	421	}
413	rcu_read_unlock();	422	rcu_read_unlock_bh();
414		423
415	return 0;	424	return 0;
416	}	425	}


diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 85330856a29c..0c50b2894055 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c
@@ -122,7 +122,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr,
122	const union nf_inet_addr *umask, unsigned int l3proto)	122	const union nf_inet_addr *umask, unsigned int l3proto)
123	{	123	{
124	if (l3proto == AF_INET)	124	if (l3proto == AF_INET)
125	return (kaddr->ip & umask->ip) == uaddr->ip;	125	return ((kaddr->ip ^ uaddr->ip) & umask->ip) == 0;
126	else if (l3proto == AF_INET6)	126	else if (l3proto == AF_INET6)
127	return ipv6_masked_addr_cmp(&kaddr->in6, &umask->in6,	127	return ipv6_masked_addr_cmp(&kaddr->in6, &umask->in6,
128	&uaddr->in6) == 0;	128	&uaddr->in6) == 0;
@@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff skb, const struct net_device in,
231	if (test_bit(IPS_DST_NAT_BIT, &ct->status))	231	if (test_bit(IPS_DST_NAT_BIT, &ct->status))
232	statebit \|= XT_CONNTRACK_STATE_DNAT;	232	statebit \|= XT_CONNTRACK_STATE_DNAT;
233	}	233	}
234	if ((info->state_mask & statebit) ^	234	if (!!(info->state_mask & statebit) ^
235	!(info->invert_flags & XT_CONNTRACK_STATE))	235	!(info->invert_flags & XT_CONNTRACK_STATE))
236	return false;	236	return false;
237	}	237	}