diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/can/af_can.c | 16 | ||||
-rw-r--r-- | net/core/dev.c | 12 | ||||
-rw-r--r-- | net/ipv4/ip_input.c | 2 | ||||
-rw-r--r-- | net/ipv4/tcp_input.c | 13 | ||||
-rw-r--r-- | net/netfilter/Kconfig | 4 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 22 |
6 files changed, 47 insertions, 22 deletions
diff --git a/net/can/af_can.c b/net/can/af_can.c index 2759b76f731c..7e8ca2836452 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c | |||
@@ -208,6 +208,7 @@ static int can_create(struct net *net, struct socket *sock, int protocol) | |||
208 | */ | 208 | */ |
209 | int can_send(struct sk_buff *skb, int loop) | 209 | int can_send(struct sk_buff *skb, int loop) |
210 | { | 210 | { |
211 | struct sk_buff *newskb = NULL; | ||
211 | int err; | 212 | int err; |
212 | 213 | ||
213 | if (skb->dev->type != ARPHRD_CAN) { | 214 | if (skb->dev->type != ARPHRD_CAN) { |
@@ -244,8 +245,7 @@ int can_send(struct sk_buff *skb, int loop) | |||
244 | * If the interface is not capable to do loopback | 245 | * If the interface is not capable to do loopback |
245 | * itself, we do it here. | 246 | * itself, we do it here. |
246 | */ | 247 | */ |
247 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); | 248 | newskb = skb_clone(skb, GFP_ATOMIC); |
248 | |||
249 | if (!newskb) { | 249 | if (!newskb) { |
250 | kfree_skb(skb); | 250 | kfree_skb(skb); |
251 | return -ENOMEM; | 251 | return -ENOMEM; |
@@ -254,7 +254,6 @@ int can_send(struct sk_buff *skb, int loop) | |||
254 | newskb->sk = skb->sk; | 254 | newskb->sk = skb->sk; |
255 | newskb->ip_summed = CHECKSUM_UNNECESSARY; | 255 | newskb->ip_summed = CHECKSUM_UNNECESSARY; |
256 | newskb->pkt_type = PACKET_BROADCAST; | 256 | newskb->pkt_type = PACKET_BROADCAST; |
257 | netif_rx(newskb); | ||
258 | } | 257 | } |
259 | } else { | 258 | } else { |
260 | /* indication for the CAN driver: no loopback required */ | 259 | /* indication for the CAN driver: no loopback required */ |
@@ -266,11 +265,20 @@ int can_send(struct sk_buff *skb, int loop) | |||
266 | if (err > 0) | 265 | if (err > 0) |
267 | err = net_xmit_errno(err); | 266 | err = net_xmit_errno(err); |
268 | 267 | ||
268 | if (err) { | ||
269 | if (newskb) | ||
270 | kfree_skb(newskb); | ||
271 | return err; | ||
272 | } | ||
273 | |||
274 | if (newskb) | ||
275 | netif_rx(newskb); | ||
276 | |||
269 | /* update statistics */ | 277 | /* update statistics */ |
270 | can_stats.tx_frames++; | 278 | can_stats.tx_frames++; |
271 | can_stats.tx_frames_delta++; | 279 | can_stats.tx_frames_delta++; |
272 | 280 | ||
273 | return err; | 281 | return 0; |
274 | } | 282 | } |
275 | EXPORT_SYMBOL(can_send); | 283 | EXPORT_SYMBOL(can_send); |
276 | 284 | ||
diff --git a/net/core/dev.c b/net/core/dev.c index d334446a8eaf..a1607bc0cd4c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -994,6 +994,8 @@ int dev_open(struct net_device *dev) | |||
994 | { | 994 | { |
995 | int ret = 0; | 995 | int ret = 0; |
996 | 996 | ||
997 | ASSERT_RTNL(); | ||
998 | |||
997 | /* | 999 | /* |
998 | * Is it already up? | 1000 | * Is it already up? |
999 | */ | 1001 | */ |
@@ -1060,6 +1062,8 @@ int dev_open(struct net_device *dev) | |||
1060 | */ | 1062 | */ |
1061 | int dev_close(struct net_device *dev) | 1063 | int dev_close(struct net_device *dev) |
1062 | { | 1064 | { |
1065 | ASSERT_RTNL(); | ||
1066 | |||
1063 | might_sleep(); | 1067 | might_sleep(); |
1064 | 1068 | ||
1065 | if (!(dev->flags & IFF_UP)) | 1069 | if (!(dev->flags & IFF_UP)) |
@@ -4480,17 +4484,19 @@ static void __net_exit default_device_exit(struct net *net) | |||
4480 | rtnl_lock(); | 4484 | rtnl_lock(); |
4481 | for_each_netdev_safe(net, dev, next) { | 4485 | for_each_netdev_safe(net, dev, next) { |
4482 | int err; | 4486 | int err; |
4487 | char fb_name[IFNAMSIZ]; | ||
4483 | 4488 | ||
4484 | /* Ignore unmoveable devices (i.e. loopback) */ | 4489 | /* Ignore unmoveable devices (i.e. loopback) */ |
4485 | if (dev->features & NETIF_F_NETNS_LOCAL) | 4490 | if (dev->features & NETIF_F_NETNS_LOCAL) |
4486 | continue; | 4491 | continue; |
4487 | 4492 | ||
4488 | /* Push remaing network devices to init_net */ | 4493 | /* Push remaing network devices to init_net */ |
4489 | err = dev_change_net_namespace(dev, &init_net, "dev%d"); | 4494 | snprintf(fb_name, IFNAMSIZ, "dev%d", dev->ifindex); |
4495 | err = dev_change_net_namespace(dev, &init_net, fb_name); | ||
4490 | if (err) { | 4496 | if (err) { |
4491 | printk(KERN_WARNING "%s: failed to move %s to init_net: %d\n", | 4497 | printk(KERN_EMERG "%s: failed to move %s to init_net: %d\n", |
4492 | __func__, dev->name, err); | 4498 | __func__, dev->name, err); |
4493 | unregister_netdevice(dev); | 4499 | BUG(); |
4494 | } | 4500 | } |
4495 | } | 4501 | } |
4496 | rtnl_unlock(); | 4502 | rtnl_unlock(); |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 7b4bad6d572f..ff77a4a7f9ec 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -397,7 +397,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, | |||
397 | iph = ip_hdr(skb); | 397 | iph = ip_hdr(skb); |
398 | 398 | ||
399 | /* | 399 | /* |
400 | * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum. | 400 | * RFC1122: 3.2.1.2 MUST silently discard any IP frame that fails the checksum. |
401 | * | 401 | * |
402 | * Is the datagram acceptable? | 402 | * Is the datagram acceptable? |
403 | * | 403 | * |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 8ac15a604e08..26c936930e92 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
@@ -114,8 +114,6 @@ int sysctl_tcp_abc __read_mostly; | |||
114 | #define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED) | 114 | #define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED) |
115 | #define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED) | 115 | #define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED) |
116 | 116 | ||
117 | #define IsSackFrto() (sysctl_tcp_frto == 0x2) | ||
118 | |||
119 | #define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH) | 117 | #define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH) |
120 | #define TCP_HP_BITS (~(TCP_RESERVED_BITS|TCP_FLAG_PSH)) | 118 | #define TCP_HP_BITS (~(TCP_RESERVED_BITS|TCP_FLAG_PSH)) |
121 | 119 | ||
@@ -1686,6 +1684,11 @@ static inline void tcp_reset_reno_sack(struct tcp_sock *tp) | |||
1686 | tp->sacked_out = 0; | 1684 | tp->sacked_out = 0; |
1687 | } | 1685 | } |
1688 | 1686 | ||
1687 | static int tcp_is_sackfrto(const struct tcp_sock *tp) | ||
1688 | { | ||
1689 | return (sysctl_tcp_frto == 0x2) && !tcp_is_reno(tp); | ||
1690 | } | ||
1691 | |||
1689 | /* F-RTO can only be used if TCP has never retransmitted anything other than | 1692 | /* F-RTO can only be used if TCP has never retransmitted anything other than |
1690 | * head (SACK enhanced variant from Appendix B of RFC4138 is more robust here) | 1693 | * head (SACK enhanced variant from Appendix B of RFC4138 is more robust here) |
1691 | */ | 1694 | */ |
@@ -1702,7 +1705,7 @@ int tcp_use_frto(struct sock *sk) | |||
1702 | if (icsk->icsk_mtup.probe_size) | 1705 | if (icsk->icsk_mtup.probe_size) |
1703 | return 0; | 1706 | return 0; |
1704 | 1707 | ||
1705 | if (IsSackFrto()) | 1708 | if (tcp_is_sackfrto(tp)) |
1706 | return 1; | 1709 | return 1; |
1707 | 1710 | ||
1708 | /* Avoid expensive walking of rexmit queue if possible */ | 1711 | /* Avoid expensive walking of rexmit queue if possible */ |
@@ -1792,7 +1795,7 @@ void tcp_enter_frto(struct sock *sk) | |||
1792 | /* Earlier loss recovery underway (see RFC4138; Appendix B). | 1795 | /* Earlier loss recovery underway (see RFC4138; Appendix B). |
1793 | * The last condition is necessary at least in tp->frto_counter case. | 1796 | * The last condition is necessary at least in tp->frto_counter case. |
1794 | */ | 1797 | */ |
1795 | if (IsSackFrto() && (tp->frto_counter || | 1798 | if (tcp_is_sackfrto(tp) && (tp->frto_counter || |
1796 | ((1 << icsk->icsk_ca_state) & (TCPF_CA_Recovery|TCPF_CA_Loss))) && | 1799 | ((1 << icsk->icsk_ca_state) & (TCPF_CA_Recovery|TCPF_CA_Loss))) && |
1797 | after(tp->high_seq, tp->snd_una)) { | 1800 | after(tp->high_seq, tp->snd_una)) { |
1798 | tp->frto_highmark = tp->high_seq; | 1801 | tp->frto_highmark = tp->high_seq; |
@@ -3124,7 +3127,7 @@ static int tcp_process_frto(struct sock *sk, int flag) | |||
3124 | return 1; | 3127 | return 1; |
3125 | } | 3128 | } |
3126 | 3129 | ||
3127 | if (!IsSackFrto() || tcp_is_reno(tp)) { | 3130 | if (!tcp_is_sackfrto(tp)) { |
3128 | /* RFC4138 shortcoming in step 2; should also have case c): | 3131 | /* RFC4138 shortcoming in step 2; should also have case c): |
3129 | * ACK isn't duplicate nor advances window, e.g., opposite dir | 3132 | * ACK isn't duplicate nor advances window, e.g., opposite dir |
3130 | * data, winupdate | 3133 | * data, winupdate |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index c1fc0f1a641c..aa8d80c35e28 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
@@ -90,6 +90,7 @@ config NF_CT_PROTO_DCCP | |||
90 | tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' | 90 | tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' |
91 | depends on EXPERIMENTAL && NF_CONNTRACK | 91 | depends on EXPERIMENTAL && NF_CONNTRACK |
92 | depends on NETFILTER_ADVANCED | 92 | depends on NETFILTER_ADVANCED |
93 | default IP_DCCP | ||
93 | help | 94 | help |
94 | With this option enabled, the layer 3 independent connection | 95 | With this option enabled, the layer 3 independent connection |
95 | tracking code will be able to do state tracking on DCCP connections. | 96 | tracking code will be able to do state tracking on DCCP connections. |
@@ -104,6 +105,7 @@ config NF_CT_PROTO_SCTP | |||
104 | tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' | 105 | tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' |
105 | depends on EXPERIMENTAL && NF_CONNTRACK | 106 | depends on EXPERIMENTAL && NF_CONNTRACK |
106 | depends on NETFILTER_ADVANCED | 107 | depends on NETFILTER_ADVANCED |
108 | default IP_SCTP | ||
107 | help | 109 | help |
108 | With this option enabled, the layer 3 independent connection | 110 | With this option enabled, the layer 3 independent connection |
109 | tracking code will be able to do state tracking on SCTP connections. | 111 | tracking code will be able to do state tracking on SCTP connections. |
@@ -532,6 +534,7 @@ config NETFILTER_XT_MATCH_DCCP | |||
532 | tristate '"dccp" protocol match support' | 534 | tristate '"dccp" protocol match support' |
533 | depends on NETFILTER_XTABLES | 535 | depends on NETFILTER_XTABLES |
534 | depends on NETFILTER_ADVANCED | 536 | depends on NETFILTER_ADVANCED |
537 | default IP_DCCP | ||
535 | help | 538 | help |
536 | With this option enabled, you will be able to use the iptables | 539 | With this option enabled, you will be able to use the iptables |
537 | `dccp' match in order to match on DCCP source/destination ports | 540 | `dccp' match in order to match on DCCP source/destination ports |
@@ -725,6 +728,7 @@ config NETFILTER_XT_MATCH_SCTP | |||
725 | tristate '"sctp" protocol match support (EXPERIMENTAL)' | 728 | tristate '"sctp" protocol match support (EXPERIMENTAL)' |
726 | depends on NETFILTER_XTABLES && EXPERIMENTAL | 729 | depends on NETFILTER_XTABLES && EXPERIMENTAL |
727 | depends on NETFILTER_ADVANCED | 730 | depends on NETFILTER_ADVANCED |
731 | default IP_SCTP | ||
728 | help | 732 | help |
729 | With this option enabled, you will be able to use the | 733 | With this option enabled, you will be able to use the |
730 | `sctp' match in order to match on SCTP source/destination ports | 734 | `sctp' match in order to match on SCTP source/destination ports |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 9f4900069561..2f9bbc058b48 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -870,6 +870,7 @@ static int process_sdp(struct sk_buff *skb, | |||
870 | { | 870 | { |
871 | enum ip_conntrack_info ctinfo; | 871 | enum ip_conntrack_info ctinfo; |
872 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 872 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
873 | struct nf_conn_help *help = nfct_help(ct); | ||
873 | unsigned int matchoff, matchlen; | 874 | unsigned int matchoff, matchlen; |
874 | unsigned int mediaoff, medialen; | 875 | unsigned int mediaoff, medialen; |
875 | unsigned int sdpoff; | 876 | unsigned int sdpoff; |
@@ -959,6 +960,9 @@ static int process_sdp(struct sk_buff *skb, | |||
959 | if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK) | 960 | if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK) |
960 | ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr); | 961 | ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr); |
961 | 962 | ||
963 | if (ret == NF_ACCEPT && i > 0) | ||
964 | help->help.ct_sip_info.invite_cseq = cseq; | ||
965 | |||
962 | return ret; | 966 | return ret; |
963 | } | 967 | } |
964 | static int process_invite_response(struct sk_buff *skb, | 968 | static int process_invite_response(struct sk_buff *skb, |
@@ -967,14 +971,14 @@ static int process_invite_response(struct sk_buff *skb, | |||
967 | { | 971 | { |
968 | enum ip_conntrack_info ctinfo; | 972 | enum ip_conntrack_info ctinfo; |
969 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 973 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
974 | struct nf_conn_help *help = nfct_help(ct); | ||
970 | 975 | ||
971 | if ((code >= 100 && code <= 199) || | 976 | if ((code >= 100 && code <= 199) || |
972 | (code >= 200 && code <= 299)) | 977 | (code >= 200 && code <= 299)) |
973 | return process_sdp(skb, dptr, datalen, cseq); | 978 | return process_sdp(skb, dptr, datalen, cseq); |
974 | else { | 979 | else if (help->help.ct_sip_info.invite_cseq == cseq) |
975 | flush_expectations(ct, true); | 980 | flush_expectations(ct, true); |
976 | return NF_ACCEPT; | 981 | return NF_ACCEPT; |
977 | } | ||
978 | } | 982 | } |
979 | 983 | ||
980 | static int process_update_response(struct sk_buff *skb, | 984 | static int process_update_response(struct sk_buff *skb, |
@@ -983,14 +987,14 @@ static int process_update_response(struct sk_buff *skb, | |||
983 | { | 987 | { |
984 | enum ip_conntrack_info ctinfo; | 988 | enum ip_conntrack_info ctinfo; |
985 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 989 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
990 | struct nf_conn_help *help = nfct_help(ct); | ||
986 | 991 | ||
987 | if ((code >= 100 && code <= 199) || | 992 | if ((code >= 100 && code <= 199) || |
988 | (code >= 200 && code <= 299)) | 993 | (code >= 200 && code <= 299)) |
989 | return process_sdp(skb, dptr, datalen, cseq); | 994 | return process_sdp(skb, dptr, datalen, cseq); |
990 | else { | 995 | else if (help->help.ct_sip_info.invite_cseq == cseq) |
991 | flush_expectations(ct, true); | 996 | flush_expectations(ct, true); |
992 | return NF_ACCEPT; | 997 | return NF_ACCEPT; |
993 | } | ||
994 | } | 998 | } |
995 | 999 | ||
996 | static int process_prack_response(struct sk_buff *skb, | 1000 | static int process_prack_response(struct sk_buff *skb, |
@@ -999,14 +1003,14 @@ static int process_prack_response(struct sk_buff *skb, | |||
999 | { | 1003 | { |
1000 | enum ip_conntrack_info ctinfo; | 1004 | enum ip_conntrack_info ctinfo; |
1001 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 1005 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
1006 | struct nf_conn_help *help = nfct_help(ct); | ||
1002 | 1007 | ||
1003 | if ((code >= 100 && code <= 199) || | 1008 | if ((code >= 100 && code <= 199) || |
1004 | (code >= 200 && code <= 299)) | 1009 | (code >= 200 && code <= 299)) |
1005 | return process_sdp(skb, dptr, datalen, cseq); | 1010 | return process_sdp(skb, dptr, datalen, cseq); |
1006 | else { | 1011 | else if (help->help.ct_sip_info.invite_cseq == cseq) |
1007 | flush_expectations(ct, true); | 1012 | flush_expectations(ct, true); |
1008 | return NF_ACCEPT; | 1013 | return NF_ACCEPT; |
1009 | } | ||
1010 | } | 1014 | } |
1011 | 1015 | ||
1012 | static int process_bye_request(struct sk_buff *skb, | 1016 | static int process_bye_request(struct sk_buff *skb, |