aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/802/p8023.c2
-rw-r--r--net/atm/signaling.c3
-rw-r--r--net/bluetooth/hci_sock.c10
-rw-r--r--net/bluetooth/rfcomm/core.c13
-rw-r--r--net/bridge/br_if.c94
-rw-r--r--net/bridge/br_input.c19
-rw-r--r--net/bridge/br_netfilter.c57
-rw-r--r--net/bridge/br_private.h6
-rw-r--r--net/bridge/br_stp_bpdu.c30
-rw-r--r--net/bridge/br_stp_if.c4
-rw-r--r--net/bridge/br_sysfs_if.c50
-rw-r--r--net/core/datagram.c81
-rw-r--r--net/core/rtnetlink.c2
-rw-r--r--net/core/skbuff.c10
-rw-r--r--net/ipv4/devinet.c2
-rw-r--r--net/ipv4/fib_semantics.c2
-rw-r--r--net/ipv4/icmp.c2
-rw-r--r--net/ipv4/ip_gre.c3
-rw-r--r--net/ipv4/ip_output.c16
-rw-r--r--net/ipv4/ipip.c3
-rw-r--r--net/ipv4/netfilter.c41
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c18
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c22
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c5
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv4/xfrm4_output.c13
-rw-r--r--net/ipv6/icmp.c6
-rw-r--r--net/ipv6/ip6_tunnel.c2
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c2
-rw-r--r--net/ipv6/raw.c5
-rw-r--r--net/irda/irda_device.c4
-rw-r--r--net/irda/irnet/irnet_irda.c2
-rw-r--r--net/netfilter/Kconfig10
-rw-r--r--net/netfilter/nf_conntrack_core.c5
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c4
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c4
-rw-r--r--net/netlink/af_netlink.c7
-rw-r--r--net/netlink/genetlink.c11
-rw-r--r--net/xfrm/xfrm_policy.c6
39 files changed, 345 insertions, 234 deletions
diff --git a/net/802/p8023.c b/net/802/p8023.c
index d23e906456eb..53cf05709283 100644
--- a/net/802/p8023.c
+++ b/net/802/p8023.c
@@ -59,3 +59,5 @@ void destroy_8023_client(struct datalink_proto *dl)
59 59
60EXPORT_SYMBOL(destroy_8023_client); 60EXPORT_SYMBOL(destroy_8023_client);
61EXPORT_SYMBOL(make_8023_client); 61EXPORT_SYMBOL(make_8023_client);
62
63MODULE_LICENSE("GPL");
diff --git a/net/atm/signaling.c b/net/atm/signaling.c
index e7211a7f382c..93ad59a28ef5 100644
--- a/net/atm/signaling.c
+++ b/net/atm/signaling.c
@@ -56,7 +56,8 @@ static void sigd_put_skb(struct sk_buff *skb)
56 remove_wait_queue(&sigd_sleep,&wait); 56 remove_wait_queue(&sigd_sleep,&wait);
57#else 57#else
58 if (!sigd) { 58 if (!sigd) {
59 printk(KERN_WARNING "atmsvc: no signaling demon\n"); 59 if (net_ratelimit())
60 printk(KERN_WARNING "atmsvc: no signaling demon\n");
60 kfree_skb(skb); 61 kfree_skb(skb);
61 return; 62 return;
62 } 63 }
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index bdb6458c6bd5..97bdec73d17e 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -143,13 +143,15 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
143static int hci_sock_release(struct socket *sock) 143static int hci_sock_release(struct socket *sock)
144{ 144{
145 struct sock *sk = sock->sk; 145 struct sock *sk = sock->sk;
146 struct hci_dev *hdev = hci_pi(sk)->hdev; 146 struct hci_dev *hdev;
147 147
148 BT_DBG("sock %p sk %p", sock, sk); 148 BT_DBG("sock %p sk %p", sock, sk);
149 149
150 if (!sk) 150 if (!sk)
151 return 0; 151 return 0;
152 152
153 hdev = hci_pi(sk)->hdev;
154
153 bt_sock_unlink(&hci_sk_list, sk); 155 bt_sock_unlink(&hci_sk_list, sk);
154 156
155 if (hdev) { 157 if (hdev) {
@@ -311,14 +313,18 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add
311{ 313{
312 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr; 314 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
313 struct sock *sk = sock->sk; 315 struct sock *sk = sock->sk;
316 struct hci_dev *hdev = hci_pi(sk)->hdev;
314 317
315 BT_DBG("sock %p sk %p", sock, sk); 318 BT_DBG("sock %p sk %p", sock, sk);
316 319
320 if (!hdev)
321 return -EBADFD;
322
317 lock_sock(sk); 323 lock_sock(sk);
318 324
319 *addr_len = sizeof(*haddr); 325 *addr_len = sizeof(*haddr);
320 haddr->hci_family = AF_BLUETOOTH; 326 haddr->hci_family = AF_BLUETOOTH;
321 haddr->hci_dev = hci_pi(sk)->hdev->id; 327 haddr->hci_dev = hdev->id;
322 328
323 release_sock(sk); 329 release_sock(sk);
324 return 0; 330 return 0;
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 0d89d6434136..5b4253c61f62 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -46,13 +46,15 @@
46#include <net/bluetooth/l2cap.h> 46#include <net/bluetooth/l2cap.h>
47#include <net/bluetooth/rfcomm.h> 47#include <net/bluetooth/rfcomm.h>
48 48
49#define VERSION "1.6"
50
51#ifndef CONFIG_BT_RFCOMM_DEBUG 49#ifndef CONFIG_BT_RFCOMM_DEBUG
52#undef BT_DBG 50#undef BT_DBG
53#define BT_DBG(D...) 51#define BT_DBG(D...)
54#endif 52#endif
55 53
54#define VERSION "1.7"
55
56static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57
56static struct task_struct *rfcomm_thread; 58static struct task_struct *rfcomm_thread;
57 59
58static DECLARE_MUTEX(rfcomm_sem); 60static DECLARE_MUTEX(rfcomm_sem);
@@ -623,7 +625,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst
623 /* Set L2CAP options */ 625 /* Set L2CAP options */
624 sk = sock->sk; 626 sk = sock->sk;
625 lock_sock(sk); 627 lock_sock(sk);
626 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU; 628 l2cap_pi(sk)->imtu = l2cap_mtu;
627 release_sock(sk); 629 release_sock(sk);
628 630
629 s = rfcomm_session_add(sock, BT_BOUND); 631 s = rfcomm_session_add(sock, BT_BOUND);
@@ -1868,7 +1870,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1868 /* Set L2CAP options */ 1870 /* Set L2CAP options */
1869 sk = sock->sk; 1871 sk = sock->sk;
1870 lock_sock(sk); 1872 lock_sock(sk);
1871 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU; 1873 l2cap_pi(sk)->imtu = l2cap_mtu;
1872 release_sock(sk); 1874 release_sock(sk);
1873 1875
1874 /* Start listening on the socket */ 1876 /* Start listening on the socket */
@@ -2070,6 +2072,9 @@ static void __exit rfcomm_exit(void)
2070module_init(rfcomm_init); 2072module_init(rfcomm_init);
2071module_exit(rfcomm_exit); 2073module_exit(rfcomm_exit);
2072 2074
2075module_param(l2cap_mtu, uint, 0644);
2076MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2077
2073MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2078MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2074MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2079MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2075MODULE_VERSION(VERSION); 2080MODULE_VERSION(VERSION);
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index da687c8dc6ff..7fa3a5a9971f 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -79,9 +79,14 @@ static int port_cost(struct net_device *dev)
79 */ 79 */
80static void port_carrier_check(void *arg) 80static void port_carrier_check(void *arg)
81{ 81{
82 struct net_bridge_port *p = arg; 82 struct net_device *dev = arg;
83 struct net_bridge_port *p;
83 84
84 rtnl_lock(); 85 rtnl_lock();
86 p = dev->br_port;
87 if (!p)
88 goto done;
89
85 if (netif_carrier_ok(p->dev)) { 90 if (netif_carrier_ok(p->dev)) {
86 u32 cost = port_cost(p->dev); 91 u32 cost = port_cost(p->dev);
87 92
@@ -97,19 +102,33 @@ static void port_carrier_check(void *arg)
97 br_stp_disable_port(p); 102 br_stp_disable_port(p);
98 spin_unlock_bh(&p->br->lock); 103 spin_unlock_bh(&p->br->lock);
99 } 104 }
105done:
100 rtnl_unlock(); 106 rtnl_unlock();
101} 107}
102 108
109static void release_nbp(struct kobject *kobj)
110{
111 struct net_bridge_port *p
112 = container_of(kobj, struct net_bridge_port, kobj);
113 kfree(p);
114}
115
116static struct kobj_type brport_ktype = {
117#ifdef CONFIG_SYSFS
118 .sysfs_ops = &brport_sysfs_ops,
119#endif
120 .release = release_nbp,
121};
122
103static void destroy_nbp(struct net_bridge_port *p) 123static void destroy_nbp(struct net_bridge_port *p)
104{ 124{
105 struct net_device *dev = p->dev; 125 struct net_device *dev = p->dev;
106 126
107 dev->br_port = NULL;
108 p->br = NULL; 127 p->br = NULL;
109 p->dev = NULL; 128 p->dev = NULL;
110 dev_put(dev); 129 dev_put(dev);
111 130
112 br_sysfs_freeif(p); 131 kobject_put(&p->kobj);
113} 132}
114 133
115static void destroy_nbp_rcu(struct rcu_head *head) 134static void destroy_nbp_rcu(struct rcu_head *head)
@@ -133,24 +152,24 @@ static void del_nbp(struct net_bridge_port *p)
133 struct net_bridge *br = p->br; 152 struct net_bridge *br = p->br;
134 struct net_device *dev = p->dev; 153 struct net_device *dev = p->dev;
135 154
136 /* Race between RTNL notify and RCU callback */ 155 sysfs_remove_link(&br->ifobj, dev->name);
137 if (p->deleted)
138 return;
139 156
140 dev_set_promiscuity(dev, -1); 157 dev_set_promiscuity(dev, -1);
141 158
142 cancel_delayed_work(&p->carrier_check); 159 cancel_delayed_work(&p->carrier_check);
143 flush_scheduled_work();
144 160
145 spin_lock_bh(&br->lock); 161 spin_lock_bh(&br->lock);
146 br_stp_disable_port(p); 162 br_stp_disable_port(p);
147 p->deleted = 1;
148 spin_unlock_bh(&br->lock); 163 spin_unlock_bh(&br->lock);
149 164
150 br_fdb_delete_by_port(br, p); 165 br_fdb_delete_by_port(br, p);
151 166
152 list_del_rcu(&p->list); 167 list_del_rcu(&p->list);
153 168
169 rcu_assign_pointer(dev->br_port, NULL);
170
171 kobject_del(&p->kobj);
172
154 call_rcu(&p->rcu, destroy_nbp_rcu); 173 call_rcu(&p->rcu, destroy_nbp_rcu);
155} 174}
156 175
@@ -160,7 +179,6 @@ static void del_br(struct net_bridge *br)
160 struct net_bridge_port *p, *n; 179 struct net_bridge_port *p, *n;
161 180
162 list_for_each_entry_safe(p, n, &br->port_list, list) { 181 list_for_each_entry_safe(p, n, &br->port_list, list) {
163 br_sysfs_removeif(p);
164 del_nbp(p); 182 del_nbp(p);
165 } 183 }
166 184
@@ -254,13 +272,17 @@ static struct net_bridge_port *new_nbp(struct net_bridge *br,
254 p->dev = dev; 272 p->dev = dev;
255 p->path_cost = port_cost(dev); 273 p->path_cost = port_cost(dev);
256 p->priority = 0x8000 >> BR_PORT_BITS; 274 p->priority = 0x8000 >> BR_PORT_BITS;
257 dev->br_port = p;
258 p->port_no = index; 275 p->port_no = index;
259 br_init_port(p); 276 br_init_port(p);
260 p->state = BR_STATE_DISABLED; 277 p->state = BR_STATE_DISABLED;
261 INIT_WORK(&p->carrier_check, port_carrier_check, p); 278 INIT_WORK(&p->carrier_check, port_carrier_check, dev);
262 kobject_init(&p->kobj); 279 kobject_init(&p->kobj);
263 280
281 kobject_set_name(&p->kobj, SYSFS_BRIDGE_PORT_ATTR);
282 p->kobj.ktype = &brport_ktype;
283 p->kobj.parent = &(dev->class_dev.kobj);
284 p->kobj.kset = NULL;
285
264 return p; 286 return p;
265} 287}
266 288
@@ -388,30 +410,43 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
388 if (dev->br_port != NULL) 410 if (dev->br_port != NULL)
389 return -EBUSY; 411 return -EBUSY;
390 412
391 if (IS_ERR(p = new_nbp(br, dev))) 413 p = new_nbp(br, dev);
414 if (IS_ERR(p))
392 return PTR_ERR(p); 415 return PTR_ERR(p);
393 416
394 if ((err = br_fdb_insert(br, p, dev->dev_addr))) 417 err = kobject_add(&p->kobj);
395 destroy_nbp(p); 418 if (err)
396 419 goto err0;
397 else if ((err = br_sysfs_addif(p)))
398 del_nbp(p);
399 else {
400 dev_set_promiscuity(dev, 1);
401 420
402 list_add_rcu(&p->list, &br->port_list); 421 err = br_fdb_insert(br, p, dev->dev_addr);
422 if (err)
423 goto err1;
403 424
404 spin_lock_bh(&br->lock); 425 err = br_sysfs_addif(p);
405 br_stp_recalculate_bridge_id(br); 426 if (err)
406 br_features_recompute(br); 427 goto err2;
407 if ((br->dev->flags & IFF_UP)
408 && (dev->flags & IFF_UP) && netif_carrier_ok(dev))
409 br_stp_enable_port(p);
410 spin_unlock_bh(&br->lock);
411 428
412 dev_set_mtu(br->dev, br_min_mtu(br)); 429 rcu_assign_pointer(dev->br_port, p);
413 } 430 dev_set_promiscuity(dev, 1);
431
432 list_add_rcu(&p->list, &br->port_list);
414 433
434 spin_lock_bh(&br->lock);
435 br_stp_recalculate_bridge_id(br);
436 br_features_recompute(br);
437 schedule_delayed_work(&p->carrier_check, BR_PORT_DEBOUNCE);
438 spin_unlock_bh(&br->lock);
439
440 dev_set_mtu(br->dev, br_min_mtu(br));
441 kobject_uevent(&p->kobj, KOBJ_ADD);
442
443 return 0;
444err2:
445 br_fdb_delete_by_port(br, p);
446err1:
447 kobject_del(&p->kobj);
448err0:
449 kobject_put(&p->kobj);
415 return err; 450 return err;
416} 451}
417 452
@@ -423,7 +458,6 @@ int br_del_if(struct net_bridge *br, struct net_device *dev)
423 if (!p || p->br != br) 458 if (!p || p->br != br)
424 return -EINVAL; 459 return -EINVAL;
425 460
426 br_sysfs_removeif(p);
427 del_nbp(p); 461 del_nbp(p);
428 462
429 spin_lock_bh(&br->lock); 463 spin_lock_bh(&br->lock);
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index e3a73cead6b6..4eef83755315 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -45,18 +45,20 @@ static void br_pass_frame_up(struct net_bridge *br, struct sk_buff *skb)
45int br_handle_frame_finish(struct sk_buff *skb) 45int br_handle_frame_finish(struct sk_buff *skb)
46{ 46{
47 const unsigned char *dest = eth_hdr(skb)->h_dest; 47 const unsigned char *dest = eth_hdr(skb)->h_dest;
48 struct net_bridge_port *p = skb->dev->br_port; 48 struct net_bridge_port *p = rcu_dereference(skb->dev->br_port);
49 struct net_bridge *br = p->br; 49 struct net_bridge *br;
50 struct net_bridge_fdb_entry *dst; 50 struct net_bridge_fdb_entry *dst;
51 int passedup = 0; 51 int passedup = 0;
52 52
53 if (!p || p->state == BR_STATE_DISABLED)
54 goto drop;
55
53 /* insert into forwarding database after filtering to avoid spoofing */ 56 /* insert into forwarding database after filtering to avoid spoofing */
54 br_fdb_update(p->br, p, eth_hdr(skb)->h_source); 57 br = p->br;
58 br_fdb_update(br, p, eth_hdr(skb)->h_source);
55 59
56 if (p->state == BR_STATE_LEARNING) { 60 if (p->state == BR_STATE_LEARNING)
57 kfree_skb(skb); 61 goto drop;
58 goto out;
59 }
60 62
61 if (br->dev->flags & IFF_PROMISC) { 63 if (br->dev->flags & IFF_PROMISC) {
62 struct sk_buff *skb2; 64 struct sk_buff *skb2;
@@ -93,6 +95,9 @@ int br_handle_frame_finish(struct sk_buff *skb)
93 95
94out: 96out:
95 return 0; 97 return 0;
98drop:
99 kfree_skb(skb);
100 goto out;
96} 101}
97 102
98/* 103/*
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 7cac3fb9f809..6bb0c7eb1ef0 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -51,9 +51,6 @@
51#define store_orig_dstaddr(skb) (skb_origaddr(skb) = (skb)->nh.iph->daddr) 51#define store_orig_dstaddr(skb) (skb_origaddr(skb) = (skb)->nh.iph->daddr)
52#define dnat_took_place(skb) (skb_origaddr(skb) != (skb)->nh.iph->daddr) 52#define dnat_took_place(skb) (skb_origaddr(skb) != (skb)->nh.iph->daddr)
53 53
54#define has_bridge_parent(device) ((device)->br_port != NULL)
55#define bridge_parent(device) ((device)->br_port->br->dev)
56
57#ifdef CONFIG_SYSCTL 54#ifdef CONFIG_SYSCTL
58static struct ctl_table_header *brnf_sysctl_header; 55static struct ctl_table_header *brnf_sysctl_header;
59static int brnf_call_iptables = 1; 56static int brnf_call_iptables = 1;
@@ -98,6 +95,12 @@ static struct rtable __fake_rtable = {
98 .rt_flags = 0, 95 .rt_flags = 0,
99}; 96};
100 97
98static inline struct net_device *bridge_parent(const struct net_device *dev)
99{
100 struct net_bridge_port *port = rcu_dereference(dev->br_port);
101
102 return port ? port->br->dev : NULL;
103}
101 104
102/* PF_BRIDGE/PRE_ROUTING *********************************************/ 105/* PF_BRIDGE/PRE_ROUTING *********************************************/
103/* Undo the changes made for ip6tables PREROUTING and continue the 106/* Undo the changes made for ip6tables PREROUTING and continue the
@@ -189,11 +192,15 @@ static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
189 skb->nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; 192 skb->nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
190 193
191 skb->dev = bridge_parent(skb->dev); 194 skb->dev = bridge_parent(skb->dev);
192 if (skb->protocol == __constant_htons(ETH_P_8021Q)) { 195 if (!skb->dev)
193 skb_pull(skb, VLAN_HLEN); 196 kfree_skb(skb);
194 skb->nh.raw += VLAN_HLEN; 197 else {
198 if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
199 skb_pull(skb, VLAN_HLEN);
200 skb->nh.raw += VLAN_HLEN;
201 }
202 skb->dst->output(skb);
195 } 203 }
196 skb->dst->output(skb);
197 return 0; 204 return 0;
198} 205}
199 206
@@ -270,7 +277,7 @@ bridged_dnat:
270} 277}
271 278
272/* Some common code for IPv4/IPv6 */ 279/* Some common code for IPv4/IPv6 */
273static void setup_pre_routing(struct sk_buff *skb) 280static struct net_device *setup_pre_routing(struct sk_buff *skb)
274{ 281{
275 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 282 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
276 283
@@ -282,6 +289,8 @@ static void setup_pre_routing(struct sk_buff *skb)
282 nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING; 289 nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING;
283 nf_bridge->physindev = skb->dev; 290 nf_bridge->physindev = skb->dev;
284 skb->dev = bridge_parent(skb->dev); 291 skb->dev = bridge_parent(skb->dev);
292
293 return skb->dev;
285} 294}
286 295
287/* We only check the length. A bridge shouldn't do any hop-by-hop stuff anyway */ 296/* We only check the length. A bridge shouldn't do any hop-by-hop stuff anyway */
@@ -376,7 +385,8 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
376 nf_bridge_put(skb->nf_bridge); 385 nf_bridge_put(skb->nf_bridge);
377 if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) 386 if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
378 return NF_DROP; 387 return NF_DROP;
379 setup_pre_routing(skb); 388 if (!setup_pre_routing(skb))
389 return NF_DROP;
380 390
381 NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL, 391 NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL,
382 br_nf_pre_routing_finish_ipv6); 392 br_nf_pre_routing_finish_ipv6);
@@ -465,7 +475,8 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
465 nf_bridge_put(skb->nf_bridge); 475 nf_bridge_put(skb->nf_bridge);
466 if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) 476 if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
467 return NF_DROP; 477 return NF_DROP;
468 setup_pre_routing(skb); 478 if (!setup_pre_routing(skb))
479 return NF_DROP;
469 store_orig_dstaddr(skb); 480 store_orig_dstaddr(skb);
470 481
471 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, 482 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
@@ -539,11 +550,16 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
539 struct sk_buff *skb = *pskb; 550 struct sk_buff *skb = *pskb;
540 struct nf_bridge_info *nf_bridge; 551 struct nf_bridge_info *nf_bridge;
541 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb); 552 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
553 struct net_device *parent;
542 int pf; 554 int pf;
543 555
544 if (!skb->nf_bridge) 556 if (!skb->nf_bridge)
545 return NF_ACCEPT; 557 return NF_ACCEPT;
546 558
559 parent = bridge_parent(out);
560 if (!parent)
561 return NF_DROP;
562
547 if (skb->protocol == __constant_htons(ETH_P_IP) || IS_VLAN_IP) 563 if (skb->protocol == __constant_htons(ETH_P_IP) || IS_VLAN_IP)
548 pf = PF_INET; 564 pf = PF_INET;
549 else 565 else
@@ -564,8 +580,8 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
564 nf_bridge->mask |= BRNF_BRIDGED; 580 nf_bridge->mask |= BRNF_BRIDGED;
565 nf_bridge->physoutdev = skb->dev; 581 nf_bridge->physoutdev = skb->dev;
566 582
567 NF_HOOK(pf, NF_IP_FORWARD, skb, bridge_parent(in), 583 NF_HOOK(pf, NF_IP_FORWARD, skb, bridge_parent(in), parent,
568 bridge_parent(out), br_nf_forward_finish); 584 br_nf_forward_finish);
569 585
570 return NF_STOLEN; 586 return NF_STOLEN;
571} 587}
@@ -688,6 +704,8 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
688 goto out; 704 goto out;
689 } 705 }
690 realoutdev = bridge_parent(skb->dev); 706 realoutdev = bridge_parent(skb->dev);
707 if (!realoutdev)
708 return NF_DROP;
691 709
692#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE) 710#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
693 /* iptables should match -o br0.x */ 711 /* iptables should match -o br0.x */
@@ -701,9 +719,11 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
701 /* IP forwarded traffic has a physindev, locally 719 /* IP forwarded traffic has a physindev, locally
702 * generated traffic hasn't. */ 720 * generated traffic hasn't. */
703 if (realindev != NULL) { 721 if (realindev != NULL) {
704 if (!(nf_bridge->mask & BRNF_DONT_TAKE_PARENT) && 722 if (!(nf_bridge->mask & BRNF_DONT_TAKE_PARENT) ) {
705 has_bridge_parent(realindev)) 723 struct net_device *parent = bridge_parent(realindev);
706 realindev = bridge_parent(realindev); 724 if (parent)
725 realindev = parent;
726 }
707 727
708 NF_HOOK_THRESH(pf, NF_IP_FORWARD, skb, realindev, 728 NF_HOOK_THRESH(pf, NF_IP_FORWARD, skb, realindev,
709 realoutdev, br_nf_local_out_finish, 729 realoutdev, br_nf_local_out_finish,
@@ -743,6 +763,9 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
743 if (!nf_bridge) 763 if (!nf_bridge)
744 return NF_ACCEPT; 764 return NF_ACCEPT;
745 765
766 if (!realoutdev)
767 return NF_DROP;
768
746 if (skb->protocol == __constant_htons(ETH_P_IP) || IS_VLAN_IP) 769 if (skb->protocol == __constant_htons(ETH_P_IP) || IS_VLAN_IP)
747 pf = PF_INET; 770 pf = PF_INET;
748 else 771 else
@@ -782,8 +805,8 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
782print_error: 805print_error:
783 if (skb->dev != NULL) { 806 if (skb->dev != NULL) {
784 printk("[%s]", skb->dev->name); 807 printk("[%s]", skb->dev->name);
785 if (has_bridge_parent(skb->dev)) 808 if (realoutdev)
786 printk("[%s]", bridge_parent(skb->dev)->name); 809 printk("[%s]", realoutdev->name);
787 } 810 }
788 printk(" head:%p, raw:%p, data:%p\n", skb->head, skb->mac.raw, 811 printk(" head:%p, raw:%p, data:%p\n", skb->head, skb->mac.raw,
789 skb->data); 812 skb->data);
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index e330b17b6d81..8f10e09f251b 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -68,7 +68,6 @@ struct net_bridge_port
68 /* STP */ 68 /* STP */
69 u8 priority; 69 u8 priority;
70 u8 state; 70 u8 state;
71 u8 deleted;
72 u16 port_no; 71 u16 port_no;
73 unsigned char topology_change_ack; 72 unsigned char topology_change_ack;
74 unsigned char config_pending; 73 unsigned char config_pending;
@@ -233,9 +232,8 @@ extern void (*br_fdb_put_hook)(struct net_bridge_fdb_entry *ent);
233 232
234#ifdef CONFIG_SYSFS 233#ifdef CONFIG_SYSFS
235/* br_sysfs_if.c */ 234/* br_sysfs_if.c */
235extern struct sysfs_ops brport_sysfs_ops;
236extern int br_sysfs_addif(struct net_bridge_port *p); 236extern int br_sysfs_addif(struct net_bridge_port *p);
237extern void br_sysfs_removeif(struct net_bridge_port *p);
238extern void br_sysfs_freeif(struct net_bridge_port *p);
239 237
240/* br_sysfs_br.c */ 238/* br_sysfs_br.c */
241extern int br_sysfs_addbr(struct net_device *dev); 239extern int br_sysfs_addbr(struct net_device *dev);
@@ -244,8 +242,6 @@ extern void br_sysfs_delbr(struct net_device *dev);
244#else 242#else
245 243
246#define br_sysfs_addif(p) (0) 244#define br_sysfs_addif(p) (0)
247#define br_sysfs_removeif(p) do { } while(0)
248#define br_sysfs_freeif(p) kfree(p)
249#define br_sysfs_addbr(dev) (0) 245#define br_sysfs_addbr(dev) (0)
250#define br_sysfs_delbr(dev) do { } while(0) 246#define br_sysfs_delbr(dev) do { } while(0)
251#endif /* CONFIG_SYSFS */ 247#endif /* CONFIG_SYSFS */
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index d071f1c9ad0b..296f6a487c52 100644
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -133,29 +133,35 @@ void br_send_tcn_bpdu(struct net_bridge_port *p)
133 133
134static const unsigned char header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; 134static const unsigned char header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00};
135 135
136/* NO locks */ 136/* NO locks, but rcu_read_lock (preempt_disabled) */
137int br_stp_handle_bpdu(struct sk_buff *skb) 137int br_stp_handle_bpdu(struct sk_buff *skb)
138{ 138{
139 struct net_bridge_port *p = skb->dev->br_port; 139 struct net_bridge_port *p = rcu_dereference(skb->dev->br_port);
140 struct net_bridge *br = p->br; 140 struct net_bridge *br;
141 unsigned char *buf; 141 unsigned char *buf;
142 142
143 if (!p)
144 goto err;
145
146 br = p->br;
147 spin_lock(&br->lock);
148
149 if (p->state == BR_STATE_DISABLED || !(br->dev->flags & IFF_UP))
150 goto out;
151
143 /* insert into forwarding database after filtering to avoid spoofing */ 152 /* insert into forwarding database after filtering to avoid spoofing */
144 br_fdb_update(p->br, p, eth_hdr(skb)->h_source); 153 br_fdb_update(br, p, eth_hdr(skb)->h_source);
154
155 if (!br->stp_enabled)
156 goto out;
145 157
146 /* need at least the 802 and STP headers */ 158 /* need at least the 802 and STP headers */
147 if (!pskb_may_pull(skb, sizeof(header)+1) || 159 if (!pskb_may_pull(skb, sizeof(header)+1) ||
148 memcmp(skb->data, header, sizeof(header))) 160 memcmp(skb->data, header, sizeof(header)))
149 goto err; 161 goto out;
150 162
151 buf = skb_pull(skb, sizeof(header)); 163 buf = skb_pull(skb, sizeof(header));
152 164
153 spin_lock_bh(&br->lock);
154 if (p->state == BR_STATE_DISABLED
155 || !(br->dev->flags & IFF_UP)
156 || !br->stp_enabled)
157 goto out;
158
159 if (buf[0] == BPDU_TYPE_CONFIG) { 165 if (buf[0] == BPDU_TYPE_CONFIG) {
160 struct br_config_bpdu bpdu; 166 struct br_config_bpdu bpdu;
161 167
@@ -201,7 +207,7 @@ int br_stp_handle_bpdu(struct sk_buff *skb)
201 br_received_tcn_bpdu(p); 207 br_received_tcn_bpdu(p);
202 } 208 }
203 out: 209 out:
204 spin_unlock_bh(&br->lock); 210 spin_unlock(&br->lock);
205 err: 211 err:
206 kfree_skb(skb); 212 kfree_skb(skb);
207 return 0; 213 return 0;
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index cc047f7fb6ef..35cf3a074087 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -67,7 +67,7 @@ void br_stp_disable_bridge(struct net_bridge *br)
67{ 67{
68 struct net_bridge_port *p; 68 struct net_bridge_port *p;
69 69
70 spin_lock(&br->lock); 70 spin_lock_bh(&br->lock);
71 list_for_each_entry(p, &br->port_list, list) { 71 list_for_each_entry(p, &br->port_list, list) {
72 if (p->state != BR_STATE_DISABLED) 72 if (p->state != BR_STATE_DISABLED)
73 br_stp_disable_port(p); 73 br_stp_disable_port(p);
@@ -76,7 +76,7 @@ void br_stp_disable_bridge(struct net_bridge *br)
76 76
77 br->topology_change = 0; 77 br->topology_change = 0;
78 br->topology_change_detected = 0; 78 br->topology_change_detected = 0;
79 spin_unlock(&br->lock); 79 spin_unlock_bh(&br->lock);
80 80
81 del_timer_sync(&br->hello_timer); 81 del_timer_sync(&br->hello_timer);
82 del_timer_sync(&br->topology_change_timer); 82 del_timer_sync(&br->topology_change_timer);
diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c
index 0ac0355d16dd..c51c9e42aeb3 100644
--- a/net/bridge/br_sysfs_if.c
+++ b/net/bridge/br_sysfs_if.c
@@ -195,23 +195,11 @@ static ssize_t brport_store(struct kobject * kobj,
195 return ret; 195 return ret;
196} 196}
197 197
198/* called from kobject_put when port ref count goes to zero. */ 198struct sysfs_ops brport_sysfs_ops = {
199static void brport_release(struct kobject *kobj)
200{
201 kfree(container_of(kobj, struct net_bridge_port, kobj));
202}
203
204static struct sysfs_ops brport_sysfs_ops = {
205 .show = brport_show, 199 .show = brport_show,
206 .store = brport_store, 200 .store = brport_store,
207}; 201};
208 202
209static struct kobj_type brport_ktype = {
210 .sysfs_ops = &brport_sysfs_ops,
211 .release = brport_release,
212};
213
214
215/* 203/*
216 * Add sysfs entries to ethernet device added to a bridge. 204 * Add sysfs entries to ethernet device added to a bridge.
217 * Creates a brport subdirectory with bridge attributes. 205 * Creates a brport subdirectory with bridge attributes.
@@ -223,17 +211,6 @@ int br_sysfs_addif(struct net_bridge_port *p)
223 struct brport_attribute **a; 211 struct brport_attribute **a;
224 int err; 212 int err;
225 213
226 ASSERT_RTNL();
227
228 kobject_set_name(&p->kobj, SYSFS_BRIDGE_PORT_ATTR);
229 p->kobj.ktype = &brport_ktype;
230 p->kobj.parent = &(p->dev->class_dev.kobj);
231 p->kobj.kset = NULL;
232
233 err = kobject_add(&p->kobj);
234 if(err)
235 goto out1;
236
237 err = sysfs_create_link(&p->kobj, &br->dev->class_dev.kobj, 214 err = sysfs_create_link(&p->kobj, &br->dev->class_dev.kobj,
238 SYSFS_BRIDGE_PORT_LINK); 215 SYSFS_BRIDGE_PORT_LINK);
239 if (err) 216 if (err)
@@ -245,28 +222,7 @@ int br_sysfs_addif(struct net_bridge_port *p)
245 goto out2; 222 goto out2;
246 } 223 }
247 224
248 err = sysfs_create_link(&br->ifobj, &p->kobj, p->dev->name); 225 err= sysfs_create_link(&br->ifobj, &p->kobj, p->dev->name);
249 if (err) 226out2:
250 goto out2;
251
252 kobject_uevent(&p->kobj, KOBJ_ADD);
253 return 0;
254 out2:
255 kobject_del(&p->kobj);
256 out1:
257 return err; 227 return err;
258} 228}
259
260void br_sysfs_removeif(struct net_bridge_port *p)
261{
262 pr_debug("br_sysfs_removeif\n");
263 sysfs_remove_link(&p->br->ifobj, p->dev->name);
264 kobject_uevent(&p->kobj, KOBJ_REMOVE);
265 kobject_del(&p->kobj);
266}
267
268void br_sysfs_freeif(struct net_bridge_port *p)
269{
270 pr_debug("br_sysfs_freeif\n");
271 kobject_put(&p->kobj);
272}
diff --git a/net/core/datagram.c b/net/core/datagram.c
index f8d322e1ea92..b8ce6bf81188 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -247,49 +247,74 @@ EXPORT_SYMBOL(skb_kill_datagram);
247int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset, 247int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
248 struct iovec *to, int len) 248 struct iovec *to, int len)
249{ 249{
250 int i, err, fraglen, end = 0; 250 int start = skb_headlen(skb);
251 struct sk_buff *next = skb_shinfo(skb)->frag_list; 251 int i, copy = start - offset;
252 252
253 if (!len) 253 /* Copy header. */
254 return 0; 254 if (copy > 0) {
255 if (copy > len)
256 copy = len;
257 if (memcpy_toiovec(to, skb->data + offset, copy))
258 goto fault;
259 if ((len -= copy) == 0)
260 return 0;
261 offset += copy;
262 }
255 263
256next_skb: 264 /* Copy paged appendix. Hmm... why does this look so complicated? */
257 fraglen = skb_headlen(skb); 265 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
258 i = -1; 266 int end;
259 267
260 while (1) { 268 BUG_TRAP(start <= offset + len);
261 int start = end;
262 269
263 if ((end += fraglen) > offset) { 270 end = start + skb_shinfo(skb)->frags[i].size;
264 int copy = end - offset, o = offset - start; 271 if ((copy = end - offset) > 0) {
272 int err;
273 u8 *vaddr;
274 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
275 struct page *page = frag->page;
265 276
266 if (copy > len) 277 if (copy > len)
267 copy = len; 278 copy = len;
268 if (i == -1) 279 vaddr = kmap(page);
269 err = memcpy_toiovec(to, skb->data + o, copy); 280 err = memcpy_toiovec(to, vaddr + frag->page_offset +
270 else { 281 offset - start, copy);
271 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 282 kunmap(page);
272 struct page *page = frag->page;
273 void *p = kmap(page) + frag->page_offset + o;
274 err = memcpy_toiovec(to, p, copy);
275 kunmap(page);
276 }
277 if (err) 283 if (err)
278 goto fault; 284 goto fault;
279 if (!(len -= copy)) 285 if (!(len -= copy))
280 return 0; 286 return 0;
281 offset += copy; 287 offset += copy;
282 } 288 }
283 if (++i >= skb_shinfo(skb)->nr_frags) 289 start = end;
284 break;
285 fraglen = skb_shinfo(skb)->frags[i].size;
286 } 290 }
287 if (next) { 291
288 skb = next; 292 if (skb_shinfo(skb)->frag_list) {
289 BUG_ON(skb_shinfo(skb)->frag_list); 293 struct sk_buff *list = skb_shinfo(skb)->frag_list;
290 next = skb->next; 294
291 goto next_skb; 295 for (; list; list = list->next) {
296 int end;
297
298 BUG_TRAP(start <= offset + len);
299
300 end = start + list->len;
301 if ((copy = end - offset) > 0) {
302 if (copy > len)
303 copy = len;
304 if (skb_copy_datagram_iovec(list,
305 offset - start,
306 to, copy))
307 goto fault;
308 if ((len -= copy) == 0)
309 return 0;
310 offset += copy;
311 }
312 start = end;
313 }
292 } 314 }
315 if (!len)
316 return 0;
317
293fault: 318fault:
294 return -EFAULT; 319 return -EFAULT;
295} 320}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 8700379685e0..eca2976abb25 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -455,7 +455,7 @@ void rtmsg_ifinfo(int type, struct net_device *dev, unsigned change)
455 if (!skb) 455 if (!skb)
456 return; 456 return;
457 457
458 if (rtnetlink_fill_ifinfo(skb, dev, type, current->pid, 0, change, 0) < 0) { 458 if (rtnetlink_fill_ifinfo(skb, dev, type, 0, 0, change, 0) < 0) {
459 kfree_skb(skb); 459 kfree_skb(skb);
460 return; 460 return;
461 } 461 }
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 6766f118f070..2144952d1c6c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -411,6 +411,9 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
411 C(pkt_type); 411 C(pkt_type);
412 C(ip_summed); 412 C(ip_summed);
413 C(priority); 413 C(priority);
414#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
415 C(ipvs_property);
416#endif
414 C(protocol); 417 C(protocol);
415 n->destructor = NULL; 418 n->destructor = NULL;
416#ifdef CONFIG_NETFILTER 419#ifdef CONFIG_NETFILTER
@@ -422,13 +425,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
422 C(nfct_reasm); 425 C(nfct_reasm);
423 nf_conntrack_get_reasm(skb->nfct_reasm); 426 nf_conntrack_get_reasm(skb->nfct_reasm);
424#endif 427#endif
425#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
426 C(ipvs_property);
427#endif
428#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
429 C(nfct_reasm);
430 nf_conntrack_get_reasm(skb->nfct_reasm);
431#endif
432#ifdef CONFIG_BRIDGE_NETFILTER 428#ifdef CONFIG_BRIDGE_NETFILTER
433 C(nf_bridge); 429 C(nf_bridge);
434 nf_bridge_get(skb->nf_bridge); 430 nf_bridge_get(skb->nf_bridge);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 95b9d81ac488..3ffa60dadc0c 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1135,7 +1135,7 @@ static void rtmsg_ifa(int event, struct in_ifaddr* ifa)
1135 1135
1136 if (!skb) 1136 if (!skb)
1137 netlink_set_err(rtnl, 0, RTNLGRP_IPV4_IFADDR, ENOBUFS); 1137 netlink_set_err(rtnl, 0, RTNLGRP_IPV4_IFADDR, ENOBUFS);
1138 else if (inet_fill_ifaddr(skb, ifa, current->pid, 0, event, 0) < 0) { 1138 else if (inet_fill_ifaddr(skb, ifa, 0, 0, event, 0) < 0) {
1139 kfree_skb(skb); 1139 kfree_skb(skb);
1140 netlink_set_err(rtnl, 0, RTNLGRP_IPV4_IFADDR, EINVAL); 1140 netlink_set_err(rtnl, 0, RTNLGRP_IPV4_IFADDR, EINVAL);
1141 } else { 1141 } else {
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index ef4724de7350..0f4145babb14 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -1045,7 +1045,7 @@ fib_convert_rtentry(int cmd, struct nlmsghdr *nl, struct rtmsg *rtm,
1045 } 1045 }
1046 1046
1047 nl->nlmsg_flags = NLM_F_REQUEST; 1047 nl->nlmsg_flags = NLM_F_REQUEST;
1048 nl->nlmsg_pid = current->pid; 1048 nl->nlmsg_pid = 0;
1049 nl->nlmsg_seq = 0; 1049 nl->nlmsg_seq = 0;
1050 nl->nlmsg_len = NLMSG_LENGTH(sizeof(*rtm)); 1050 nl->nlmsg_len = NLMSG_LENGTH(sizeof(*rtm));
1051 if (cmd == SIOCDELRT) { 1051 if (cmd == SIOCDELRT) {
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 4d1c40972a4b..e7bbff4340bb 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -192,7 +192,7 @@ int sysctl_icmp_echo_ignore_all;
192int sysctl_icmp_echo_ignore_broadcasts = 1; 192int sysctl_icmp_echo_ignore_broadcasts = 1;
193 193
194/* Control parameter - ignore bogus broadcast responses? */ 194/* Control parameter - ignore bogus broadcast responses? */
195int sysctl_icmp_ignore_bogus_error_responses; 195int sysctl_icmp_ignore_bogus_error_responses = 1;
196 196
197/* 197/*
198 * Configurable global rate limit. 198 * Configurable global rate limit.
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index abe23923e4e7..9981dcd68f11 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -830,7 +830,8 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
830 skb->h.raw = skb->nh.raw; 830 skb->h.raw = skb->nh.raw;
831 skb->nh.raw = skb_push(skb, gre_hlen); 831 skb->nh.raw = skb_push(skb, gre_hlen);
832 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 832 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
833 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE|IPSKB_XFRM_TRANSFORMED); 833 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
834 IPSKB_REROUTED);
834 dst_release(skb->dst); 835 dst_release(skb->dst);
835 skb->dst = &rt->u.dst; 836 skb->dst = &rt->u.dst;
836 837
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 3324fbfe528a..57d290d89ec2 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -207,8 +207,10 @@ static inline int ip_finish_output(struct sk_buff *skb)
207{ 207{
208#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) 208#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
209 /* Policy lookup after SNAT yielded a new policy */ 209 /* Policy lookup after SNAT yielded a new policy */
210 if (skb->dst->xfrm != NULL) 210 if (skb->dst->xfrm != NULL) {
211 return xfrm4_output_finish(skb); 211 IPCB(skb)->flags |= IPSKB_REROUTED;
212 return dst_output(skb);
213 }
212#endif 214#endif
213 if (skb->len > dst_mtu(skb->dst) && 215 if (skb->len > dst_mtu(skb->dst) &&
214 !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size)) 216 !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size))
@@ -271,8 +273,9 @@ int ip_mc_output(struct sk_buff *skb)
271 newskb->dev, ip_dev_loopback_xmit); 273 newskb->dev, ip_dev_loopback_xmit);
272 } 274 }
273 275
274 return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev, 276 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev,
275 ip_finish_output); 277 ip_finish_output,
278 !(IPCB(skb)->flags & IPSKB_REROUTED));
276} 279}
277 280
278int ip_output(struct sk_buff *skb) 281int ip_output(struct sk_buff *skb)
@@ -284,8 +287,9 @@ int ip_output(struct sk_buff *skb)
284 skb->dev = dev; 287 skb->dev = dev;
285 skb->protocol = htons(ETH_P_IP); 288 skb->protocol = htons(ETH_P_IP);
286 289
287 return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, 290 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
288 ip_finish_output); 291 ip_finish_output,
292 !(IPCB(skb)->flags & IPSKB_REROUTED));
289} 293}
290 294
291int ip_queue_xmit(struct sk_buff *skb, int ipfragok) 295int ip_queue_xmit(struct sk_buff *skb, int ipfragok)
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index e5cbe72c6b80..03d13742a4b8 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -622,7 +622,8 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
622 skb->h.raw = skb->nh.raw; 622 skb->h.raw = skb->nh.raw;
623 skb->nh.raw = skb_push(skb, sizeof(struct iphdr)); 623 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
624 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 624 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
625 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE|IPSKB_XFRM_TRANSFORMED); 625 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
626 IPSKB_REROUTED);
626 dst_release(skb->dst); 627 dst_release(skb->dst);
627 skb->dst = &rt->u.dst; 628 skb->dst = &rt->u.dst;
628 629
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 52a3d7c57907..ed42cdc57cd9 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -78,6 +78,47 @@ int ip_route_me_harder(struct sk_buff **pskb)
78} 78}
79EXPORT_SYMBOL(ip_route_me_harder); 79EXPORT_SYMBOL(ip_route_me_harder);
80 80
81#ifdef CONFIG_XFRM
82int ip_xfrm_me_harder(struct sk_buff **pskb)
83{
84 struct flowi fl;
85 unsigned int hh_len;
86 struct dst_entry *dst;
87
88 if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)
89 return 0;
90 if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0)
91 return -1;
92
93 dst = (*pskb)->dst;
94 if (dst->xfrm)
95 dst = ((struct xfrm_dst *)dst)->route;
96 dst_hold(dst);
97
98 if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0)
99 return -1;
100
101 dst_release((*pskb)->dst);
102 (*pskb)->dst = dst;
103
104 /* Change in oif may mean change in hh_len. */
105 hh_len = (*pskb)->dst->dev->hard_header_len;
106 if (skb_headroom(*pskb) < hh_len) {
107 struct sk_buff *nskb;
108
109 nskb = skb_realloc_headroom(*pskb, hh_len);
110 if (!nskb)
111 return -1;
112 if ((*pskb)->sk)
113 skb_set_owner_w(nskb, (*pskb)->sk);
114 kfree_skb(*pskb);
115 *pskb = nskb;
116 }
117 return 0;
118}
119EXPORT_SYMBOL(ip_xfrm_me_harder);
120#endif
121
81void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *); 122void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
82EXPORT_SYMBOL(ip_nat_decode_session); 123EXPORT_SYMBOL(ip_nat_decode_session);
83 124
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index c1a61462507f..1741d555ad0d 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -434,6 +434,7 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
434 } *inside; 434 } *inside;
435 struct ip_conntrack_tuple inner, target; 435 struct ip_conntrack_tuple inner, target;
436 int hdrlen = (*pskb)->nh.iph->ihl * 4; 436 int hdrlen = (*pskb)->nh.iph->ihl * 4;
437 unsigned long statusbit;
437 438
438 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) 439 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
439 return 0; 440 return 0;
@@ -495,17 +496,16 @@ int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
495 496
496 /* Change outer to look the reply to an incoming packet 497 /* Change outer to look the reply to an incoming packet
497 * (proto 0 means don't invert per-proto part). */ 498 * (proto 0 means don't invert per-proto part). */
499 if (manip == IP_NAT_MANIP_SRC)
500 statusbit = IPS_SRC_NAT;
501 else
502 statusbit = IPS_DST_NAT;
498 503
499 /* Obviously, we need to NAT destination IP, but source IP 504 /* Invert if this is reply dir. */
500 should be NAT'ed only if it is from a NAT'd host. 505 if (dir == IP_CT_DIR_REPLY)
506 statusbit ^= IPS_NAT_MASK;
501 507
502 Explanation: some people use NAT for anonymizing. Also, 508 if (ct->status & statusbit) {
503 CERT recommends dropping all packets from private IP
504 addresses (although ICMP errors from internal links with
505 such addresses are not too uncommon, as Alan Cox points
506 out) */
507 if (manip != IP_NAT_MANIP_SRC
508 || ((*pskb)->nh.iph->saddr == ct->tuplehash[dir].tuple.src.ip)) {
509 invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 509 invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
510 if (!manip_pkt(0, pskb, 0, &target, manip)) 510 if (!manip_pkt(0, pskb, 0, &target, manip))
511 return 0; 511 return 0;
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 92c54999a19d..ab1f88fa21ec 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -200,20 +200,14 @@ ip_nat_in(unsigned int hooknum,
200 const struct net_device *out, 200 const struct net_device *out,
201 int (*okfn)(struct sk_buff *)) 201 int (*okfn)(struct sk_buff *))
202{ 202{
203 struct ip_conntrack *ct;
204 enum ip_conntrack_info ctinfo;
205 unsigned int ret; 203 unsigned int ret;
204 u_int32_t daddr = (*pskb)->nh.iph->daddr;
206 205
207 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 206 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
208 if (ret != NF_DROP && ret != NF_STOLEN 207 if (ret != NF_DROP && ret != NF_STOLEN
209 && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) { 208 && daddr != (*pskb)->nh.iph->daddr) {
210 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 209 dst_release((*pskb)->dst);
211 210 (*pskb)->dst = NULL;
212 if (ct->tuplehash[dir].tuple.dst.ip !=
213 ct->tuplehash[!dir].tuple.src.ip) {
214 dst_release((*pskb)->dst);
215 (*pskb)->dst = NULL;
216 }
217 } 211 }
218 return ret; 212 return ret;
219} 213}
@@ -235,19 +229,19 @@ ip_nat_out(unsigned int hooknum,
235 return NF_ACCEPT; 229 return NF_ACCEPT;
236 230
237 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 231 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
232#ifdef CONFIG_XFRM
238 if (ret != NF_DROP && ret != NF_STOLEN 233 if (ret != NF_DROP && ret != NF_STOLEN
239 && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) { 234 && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
240 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 235 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
241 236
242 if (ct->tuplehash[dir].tuple.src.ip != 237 if (ct->tuplehash[dir].tuple.src.ip !=
243 ct->tuplehash[!dir].tuple.dst.ip 238 ct->tuplehash[!dir].tuple.dst.ip
244#ifdef CONFIG_XFRM
245 || ct->tuplehash[dir].tuple.src.u.all != 239 || ct->tuplehash[dir].tuple.src.u.all !=
246 ct->tuplehash[!dir].tuple.dst.u.all 240 ct->tuplehash[!dir].tuple.dst.u.all
247#endif
248 ) 241 )
249 return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; 242 return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP;
250 } 243 }
244#endif
251 return ret; 245 return ret;
252} 246}
253 247
@@ -276,7 +270,7 @@ ip_nat_local_fn(unsigned int hooknum,
276 ct->tuplehash[!dir].tuple.src.ip 270 ct->tuplehash[!dir].tuple.src.ip
277#ifdef CONFIG_XFRM 271#ifdef CONFIG_XFRM
278 || ct->tuplehash[dir].tuple.dst.u.all != 272 || ct->tuplehash[dir].tuple.dst.u.all !=
279 ct->tuplehash[dir].tuple.src.u.all 273 ct->tuplehash[!dir].tuple.src.u.all
280#endif 274#endif
281 ) 275 )
282 return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; 276 return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 167619f638c6..6c8624a54933 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -529,15 +529,10 @@ static int init_or_cleanup(int init)
529 goto cleanup_localinops; 529 goto cleanup_localinops;
530 } 530 }
531#endif 531#endif
532
533 /* For use by REJECT target */
534 ip_ct_attach = __nf_conntrack_attach;
535
536 return ret; 532 return ret;
537 533
538 cleanup: 534 cleanup:
539 synchronize_net(); 535 synchronize_net();
540 ip_ct_attach = NULL;
541#ifdef CONFIG_SYSCTL 536#ifdef CONFIG_SYSCTL
542 unregister_sysctl_table(nf_ct_ipv4_sysctl_header); 537 unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
543 cleanup_localinops: 538 cleanup_localinops:
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index a97ed5416c28..e9a54ae7d690 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -456,7 +456,8 @@ void tcp_rcv_space_adjust(struct sock *sk)
456 456
457 tp->rcvq_space.space = space; 457 tp->rcvq_space.space = space;
458 458
459 if (sysctl_tcp_moderate_rcvbuf) { 459 if (sysctl_tcp_moderate_rcvbuf &&
460 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
460 int new_clamp = space; 461 int new_clamp = space;
461 462
462 /* Receive space grows, normalize in order to 463 /* Receive space grows, normalize in order to
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index d4df0ddd424b..32ad229b4fed 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -152,10 +152,16 @@ error_nolock:
152 goto out_exit; 152 goto out_exit;
153} 153}
154 154
155int xfrm4_output_finish(struct sk_buff *skb) 155static int xfrm4_output_finish(struct sk_buff *skb)
156{ 156{
157 int err; 157 int err;
158 158
159#ifdef CONFIG_NETFILTER
160 if (!skb->dst->xfrm) {
161 IPCB(skb)->flags |= IPSKB_REROUTED;
162 return dst_output(skb);
163 }
164#endif
159 while (likely((err = xfrm4_output_one(skb)) == 0)) { 165 while (likely((err = xfrm4_output_one(skb)) == 0)) {
160 nf_reset(skb); 166 nf_reset(skb);
161 167
@@ -178,6 +184,7 @@ int xfrm4_output_finish(struct sk_buff *skb)
178 184
179int xfrm4_output(struct sk_buff *skb) 185int xfrm4_output(struct sk_buff *skb)
180{ 186{
181 return NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev, 187 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev,
182 xfrm4_output_finish); 188 xfrm4_output_finish,
189 !(IPCB(skb)->flags & IPSKB_REROUTED));
183} 190}
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index fcf883183cef..21eb725e885f 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -42,6 +42,7 @@
42#include <linux/net.h> 42#include <linux/net.h>
43#include <linux/skbuff.h> 43#include <linux/skbuff.h>
44#include <linux/init.h> 44#include <linux/init.h>
45#include <linux/netfilter.h>
45 46
46#ifdef CONFIG_SYSCTL 47#ifdef CONFIG_SYSCTL
47#include <linux/sysctl.h> 48#include <linux/sysctl.h>
@@ -255,6 +256,7 @@ out:
255struct icmpv6_msg { 256struct icmpv6_msg {
256 struct sk_buff *skb; 257 struct sk_buff *skb;
257 int offset; 258 int offset;
259 uint8_t type;
258}; 260};
259 261
260static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 262static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
@@ -266,6 +268,8 @@ static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, st
266 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 268 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
267 to, len, csum); 269 to, len, csum);
268 skb->csum = csum_block_add(skb->csum, csum, odd); 270 skb->csum = csum_block_add(skb->csum, csum, odd);
271 if (!(msg->type & ICMPV6_INFOMSG_MASK))
272 nf_ct_attach(skb, org_skb);
269 return 0; 273 return 0;
270} 274}
271 275
@@ -403,6 +407,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
403 407
404 msg.skb = skb; 408 msg.skb = skb;
405 msg.offset = skb->nh.raw - skb->data; 409 msg.offset = skb->nh.raw - skb->data;
410 msg.type = type;
406 411
407 len = skb->len - msg.offset; 412 len = skb->len - msg.offset;
408 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 413 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
@@ -500,6 +505,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
500 505
501 msg.skb = skb; 506 msg.skb = skb;
502 msg.offset = 0; 507 msg.offset = 0;
508 msg.type = ICMPV6_ECHO_REPLY;
503 509
504 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 510 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
505 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl, 511 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl,
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 92ead3cf956b..faea8a120ee2 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -458,7 +458,7 @@ ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
458 mtu = IPV6_MIN_MTU; 458 mtu = IPV6_MIN_MTU;
459 t->dev->mtu = mtu; 459 t->dev->mtu = mtu;
460 460
461 if ((len = sizeof (*ipv6h) + ipv6h->payload_len) > mtu) { 461 if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) {
462 rel_type = ICMPV6_PKT_TOOBIG; 462 rel_type = ICMPV6_PKT_TOOBIG;
463 rel_code = 0; 463 rel_code = 0;
464 rel_info = mtu; 464 rel_info = mtu;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index c745717b4ce2..0e6d1d4bbd5c 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb)
160 csum_partial((char *)tcph, 160 csum_partial((char *)tcph,
161 sizeof(struct tcphdr), 0)); 161 sizeof(struct tcphdr), 0));
162 162
163 nf_ct_attach(nskb, oldskb);
164
163 NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev, 165 NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
164 dst_output); 166 dst_output);
165} 167}
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 738376cf0c51..ae20a0ec9bd8 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -803,10 +803,7 @@ back_from_confirm:
803 err = rawv6_push_pending_frames(sk, &fl, rp); 803 err = rawv6_push_pending_frames(sk, &fl, rp);
804 } 804 }
805done: 805done:
806 ip6_dst_store(sk, dst, 806 dst_release(dst);
807 ipv6_addr_equal(&fl.fl6_dst, &np->daddr) ?
808 &np->daddr : NULL);
809
810 release_sock(sk); 807 release_sock(sk);
811out: 808out:
812 fl6_sock_release(flowlabel); 809 fl6_sock_release(flowlabel);
diff --git a/net/irda/irda_device.c b/net/irda/irda_device.c
index 890bac0d4a56..e3debbdb67f5 100644
--- a/net/irda/irda_device.c
+++ b/net/irda/irda_device.c
@@ -343,12 +343,12 @@ static void irda_task_timer_expired(void *data)
343static void irda_device_setup(struct net_device *dev) 343static void irda_device_setup(struct net_device *dev)
344{ 344{
345 dev->hard_header_len = 0; 345 dev->hard_header_len = 0;
346 dev->addr_len = 0; 346 dev->addr_len = LAP_ALEN;
347 347
348 dev->type = ARPHRD_IRDA; 348 dev->type = ARPHRD_IRDA;
349 dev->tx_queue_len = 8; /* Window size + 1 s-frame */ 349 dev->tx_queue_len = 8; /* Window size + 1 s-frame */
350 350
351 memset(dev->broadcast, 0xff, 4); 351 memset(dev->broadcast, 0xff, LAP_ALEN);
352 352
353 dev->mtu = 2048; 353 dev->mtu = 2048;
354 dev->flags = IFF_NOARP; 354 dev->flags = IFF_NOARP;
diff --git a/net/irda/irnet/irnet_irda.c b/net/irda/irnet/irnet_irda.c
index 07ec326c71f5..f65c7a83bc5c 100644
--- a/net/irda/irnet/irnet_irda.c
+++ b/net/irda/irnet/irnet_irda.c
@@ -696,7 +696,7 @@ irnet_daddr_to_dname(irnet_socket * self)
696 { 696 {
697 /* Yes !!! Get it.. */ 697 /* Yes !!! Get it.. */
698 strlcpy(self->rname, discoveries[i].info, sizeof(self->rname)); 698 strlcpy(self->rname, discoveries[i].info, sizeof(self->rname));
699 self->rname[NICKNAME_MAX_LEN + 1] = '\0'; 699 self->rname[sizeof(self->rname) - 1] = '\0';
700 DEBUG(IRDA_SERV_INFO, "Device 0x%08x is in fact ``%s''.\n", 700 DEBUG(IRDA_SERV_INFO, "Device 0x%08x is in fact ``%s''.\n",
701 self->daddr, self->rname); 701 self->daddr, self->rname);
702 kfree(discoveries); 702 kfree(discoveries);
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 99c0a0fa4a97..a8e5544da93e 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -102,8 +102,6 @@ config NF_CT_NETLINK
102 help 102 help
103 This option enables support for a netlink-based userspace interface 103 This option enables support for a netlink-based userspace interface
104 104
105endmenu
106
107config NETFILTER_XTABLES 105config NETFILTER_XTABLES
108 tristate "Netfilter Xtables support (required for ip_tables)" 106 tristate "Netfilter Xtables support (required for ip_tables)"
109 help 107 help
@@ -128,7 +126,7 @@ config NETFILTER_XT_TARGET_CONNMARK
128 tristate '"CONNMARK" target support' 126 tristate '"CONNMARK" target support'
129 depends on NETFILTER_XTABLES 127 depends on NETFILTER_XTABLES
130 depends on IP_NF_MANGLE || IP6_NF_MANGLE 128 depends on IP_NF_MANGLE || IP6_NF_MANGLE
131 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) 129 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK)
132 help 130 help
133 This option adds a `CONNMARK' target, which allows one to manipulate 131 This option adds a `CONNMARK' target, which allows one to manipulate
134 the connection mark value. Similar to the MARK target, but 132 the connection mark value. Similar to the MARK target, but
@@ -189,7 +187,7 @@ config NETFILTER_XT_MATCH_COMMENT
189config NETFILTER_XT_MATCH_CONNBYTES 187config NETFILTER_XT_MATCH_CONNBYTES
190 tristate '"connbytes" per-connection counter match support' 188 tristate '"connbytes" per-connection counter match support'
191 depends on NETFILTER_XTABLES 189 depends on NETFILTER_XTABLES
192 depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || NF_CT_ACCT 190 depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK)
193 help 191 help
194 This option adds a `connbytes' match, which allows you to match the 192 This option adds a `connbytes' match, which allows you to match the
195 number of bytes and/or packets for each direction within a connection. 193 number of bytes and/or packets for each direction within a connection.
@@ -200,7 +198,7 @@ config NETFILTER_XT_MATCH_CONNBYTES
200config NETFILTER_XT_MATCH_CONNMARK 198config NETFILTER_XT_MATCH_CONNMARK
201 tristate '"connmark" connection mark match support' 199 tristate '"connmark" connection mark match support'
202 depends on NETFILTER_XTABLES 200 depends on NETFILTER_XTABLES
203 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || NF_CONNTRACK_MARK 201 depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK)
204 help 202 help
205 This option adds a `connmark' match, which allows you to match the 203 This option adds a `connmark' match, which allows you to match the
206 connection mark value previously set for the session by `CONNMARK'. 204 connection mark value previously set for the session by `CONNMARK'.
@@ -361,3 +359,5 @@ config NETFILTER_XT_MATCH_TCPMSS
361 359
362 To compile it as a module, choose M here. If unsure, say N. 360 To compile it as a module, choose M here. If unsure, say N.
363 361
362endmenu
363
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0ce337a1d974..d622ddf08bb0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1556,6 +1556,8 @@ void nf_conntrack_cleanup(void)
1556{ 1556{
1557 int i; 1557 int i;
1558 1558
1559 ip_ct_attach = NULL;
1560
1559 /* This makes sure all current packets have passed through 1561 /* This makes sure all current packets have passed through
1560 netfilter framework. Roll on, two-stage module 1562 netfilter framework. Roll on, two-stage module
1561 delete... */ 1563 delete... */
@@ -1715,6 +1717,9 @@ int __init nf_conntrack_init(void)
1715 nf_ct_l3protos[i] = &nf_conntrack_generic_l3proto; 1717 nf_ct_l3protos[i] = &nf_conntrack_generic_l3proto;
1716 write_unlock_bh(&nf_conntrack_lock); 1718 write_unlock_bh(&nf_conntrack_lock);
1717 1719
1720 /* For use by REJECT target */
1721 ip_ct_attach = __nf_conntrack_attach;
1722
1718 /* Set up fake conntrack: 1723 /* Set up fake conntrack:
1719 - to never be deleted, not in any hashes */ 1724 - to never be deleted, not in any hashes */
1720 atomic_set(&nf_conntrack_untracked.ct_general.use, 1); 1725 atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index df99138c3b3b..6492ed66fb3c 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -864,7 +864,9 @@ static int csum6(const struct sk_buff *skb, unsigned int dataoff)
864{ 864{
865 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr, 865 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
866 skb->len - dataoff, IPPROTO_TCP, 866 skb->len - dataoff, IPPROTO_TCP,
867 skb->ip_summed == CHECKSUM_HW ? skb->csum 867 skb->ip_summed == CHECKSUM_HW
868 ? csum_sub(skb->csum,
869 skb_checksum(skb, 0, dataoff, 0))
868 : skb_checksum(skb, dataoff, skb->len - dataoff, 870 : skb_checksum(skb, dataoff, skb->len - dataoff,
869 0)); 871 0));
870} 872}
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 4264dd079a16..831d206344e0 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -161,7 +161,9 @@ static int csum6(const struct sk_buff *skb, unsigned int dataoff)
161{ 161{
162 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr, 162 return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
163 skb->len - dataoff, IPPROTO_UDP, 163 skb->len - dataoff, IPPROTO_UDP,
164 skb->ip_summed == CHECKSUM_HW ? skb->csum 164 skb->ip_summed == CHECKSUM_HW
165 ? csum_sub(skb->csum,
166 skb_checksum(skb, 0, dataoff, 0))
165 : skb_checksum(skb, dataoff, skb->len - dataoff, 167 : skb_checksum(skb, dataoff, skb->len - dataoff,
166 0)); 168 0));
167} 169}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2101b45d2ec6..6b9772d95872 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -702,7 +702,8 @@ struct sock *netlink_getsockbyfilp(struct file *filp)
702 * 0: continue 702 * 0: continue
703 * 1: repeat lookup - reference dropped while waiting for socket memory. 703 * 1: repeat lookup - reference dropped while waiting for socket memory.
704 */ 704 */
705int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock, long timeo) 705int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock,
706 long timeo, struct sock *ssk)
706{ 707{
707 struct netlink_sock *nlk; 708 struct netlink_sock *nlk;
708 709
@@ -712,7 +713,7 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock, long t
712 test_bit(0, &nlk->state)) { 713 test_bit(0, &nlk->state)) {
713 DECLARE_WAITQUEUE(wait, current); 714 DECLARE_WAITQUEUE(wait, current);
714 if (!timeo) { 715 if (!timeo) {
715 if (!nlk->pid) 716 if (!ssk || nlk_sk(ssk)->pid == 0)
716 netlink_overrun(sk); 717 netlink_overrun(sk);
717 sock_put(sk); 718 sock_put(sk);
718 kfree_skb(skb); 719 kfree_skb(skb);
@@ -797,7 +798,7 @@ retry:
797 kfree_skb(skb); 798 kfree_skb(skb);
798 return PTR_ERR(sk); 799 return PTR_ERR(sk);
799 } 800 }
800 err = netlink_attachskb(sk, skb, nonblock, timeo); 801 err = netlink_attachskb(sk, skb, nonblock, timeo, ssk);
801 if (err == 1) 802 if (err == 1)
802 goto retry; 803 goto retry;
803 if (err) 804 if (err)
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 4ae1538c54a9..43e72419c868 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -238,7 +238,7 @@ int genl_register_family(struct genl_family *family)
238 sizeof(struct nlattr *), GFP_KERNEL); 238 sizeof(struct nlattr *), GFP_KERNEL);
239 if (family->attrbuf == NULL) { 239 if (family->attrbuf == NULL) {
240 err = -ENOMEM; 240 err = -ENOMEM;
241 goto errout; 241 goto errout_locked;
242 } 242 }
243 } else 243 } else
244 family->attrbuf = NULL; 244 family->attrbuf = NULL;
@@ -288,7 +288,7 @@ int genl_unregister_family(struct genl_family *family)
288 return -ENOENT; 288 return -ENOENT;
289} 289}
290 290
291static inline int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 291static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
292 int *errp) 292 int *errp)
293{ 293{
294 struct genl_ops *ops; 294 struct genl_ops *ops;
@@ -375,7 +375,7 @@ static void genl_rcv(struct sock *sk, int len)
375 do { 375 do {
376 if (genl_trylock()) 376 if (genl_trylock())
377 return; 377 return;
378 netlink_run_queue(sk, &qlen, &genl_rcv_msg); 378 netlink_run_queue(sk, &qlen, genl_rcv_msg);
379 genl_unlock(); 379 genl_unlock();
380 } while (qlen && genl_sock && genl_sock->sk_receive_queue.qlen); 380 } while (qlen && genl_sock && genl_sock->sk_receive_queue.qlen);
381} 381}
@@ -549,10 +549,8 @@ static int __init genl_init(void)
549 netlink_set_nonroot(NETLINK_GENERIC, NL_NONROOT_RECV); 549 netlink_set_nonroot(NETLINK_GENERIC, NL_NONROOT_RECV);
550 genl_sock = netlink_kernel_create(NETLINK_GENERIC, GENL_MAX_ID, 550 genl_sock = netlink_kernel_create(NETLINK_GENERIC, GENL_MAX_ID,
551 genl_rcv, THIS_MODULE); 551 genl_rcv, THIS_MODULE);
552 if (genl_sock == NULL) { 552 if (genl_sock == NULL)
553 panic("GENL: Cannot initialize generic netlink\n"); 553 panic("GENL: Cannot initialize generic netlink\n");
554 return -ENOMEM;
555 }
556 554
557 return 0; 555 return 0;
558 556
@@ -560,7 +558,6 @@ errout_register:
560 genl_unregister_family(&genl_ctrl); 558 genl_unregister_family(&genl_ctrl);
561errout: 559errout:
562 panic("GENL: Cannot register controller: %d\n", err); 560 panic("GENL: Cannot register controller: %d\n", err);
563 return err;
564} 561}
565 562
566subsys_initcall(genl_init); 563subsys_initcall(genl_init);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index dbf4620768d6..5e6b05ac1260 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -885,11 +885,11 @@ restart:
885 * We can't enlist stable bundles either. 885 * We can't enlist stable bundles either.
886 */ 886 */
887 write_unlock_bh(&policy->lock); 887 write_unlock_bh(&policy->lock);
888
889 xfrm_pol_put(policy);
890 if (dst) 888 if (dst)
891 dst_free(dst); 889 dst_free(dst);
892 goto restart; 890
891 err = -EHOSTUNREACH;
892 goto error;
893 } 893 }
894 dst->next = policy->bundles; 894 dst->next = policy->bundles;
895 policy->bundles = dst; 895 policy->bundles = dst;