aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/can/af_can.c16
-rw-r--r--net/core/dev.c12
-rw-r--r--net/ipv4/ip_input.c2
-rw-r--r--net/ipv4/tcp_input.c13
-rw-r--r--net/netfilter/Kconfig4
-rw-r--r--net/netfilter/nf_conntrack_sip.c22
6 files changed, 47 insertions, 22 deletions
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 2759b76f731c..7e8ca2836452 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -208,6 +208,7 @@ static int can_create(struct net *net, struct socket *sock, int protocol)
208 */ 208 */
209int can_send(struct sk_buff *skb, int loop) 209int can_send(struct sk_buff *skb, int loop)
210{ 210{
211 struct sk_buff *newskb = NULL;
211 int err; 212 int err;
212 213
213 if (skb->dev->type != ARPHRD_CAN) { 214 if (skb->dev->type != ARPHRD_CAN) {
@@ -244,8 +245,7 @@ int can_send(struct sk_buff *skb, int loop)
244 * If the interface is not capable to do loopback 245 * If the interface is not capable to do loopback
245 * itself, we do it here. 246 * itself, we do it here.
246 */ 247 */
247 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 248 newskb = skb_clone(skb, GFP_ATOMIC);
248
249 if (!newskb) { 249 if (!newskb) {
250 kfree_skb(skb); 250 kfree_skb(skb);
251 return -ENOMEM; 251 return -ENOMEM;
@@ -254,7 +254,6 @@ int can_send(struct sk_buff *skb, int loop)
254 newskb->sk = skb->sk; 254 newskb->sk = skb->sk;
255 newskb->ip_summed = CHECKSUM_UNNECESSARY; 255 newskb->ip_summed = CHECKSUM_UNNECESSARY;
256 newskb->pkt_type = PACKET_BROADCAST; 256 newskb->pkt_type = PACKET_BROADCAST;
257 netif_rx(newskb);
258 } 257 }
259 } else { 258 } else {
260 /* indication for the CAN driver: no loopback required */ 259 /* indication for the CAN driver: no loopback required */
@@ -266,11 +265,20 @@ int can_send(struct sk_buff *skb, int loop)
266 if (err > 0) 265 if (err > 0)
267 err = net_xmit_errno(err); 266 err = net_xmit_errno(err);
268 267
268 if (err) {
269 if (newskb)
270 kfree_skb(newskb);
271 return err;
272 }
273
274 if (newskb)
275 netif_rx(newskb);
276
269 /* update statistics */ 277 /* update statistics */
270 can_stats.tx_frames++; 278 can_stats.tx_frames++;
271 can_stats.tx_frames_delta++; 279 can_stats.tx_frames_delta++;
272 280
273 return err; 281 return 0;
274} 282}
275EXPORT_SYMBOL(can_send); 283EXPORT_SYMBOL(can_send);
276 284
diff --git a/net/core/dev.c b/net/core/dev.c
index d334446a8eaf..a1607bc0cd4c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -994,6 +994,8 @@ int dev_open(struct net_device *dev)
994{ 994{
995 int ret = 0; 995 int ret = 0;
996 996
997 ASSERT_RTNL();
998
997 /* 999 /*
998 * Is it already up? 1000 * Is it already up?
999 */ 1001 */
@@ -1060,6 +1062,8 @@ int dev_open(struct net_device *dev)
1060 */ 1062 */
1061int dev_close(struct net_device *dev) 1063int dev_close(struct net_device *dev)
1062{ 1064{
1065 ASSERT_RTNL();
1066
1063 might_sleep(); 1067 might_sleep();
1064 1068
1065 if (!(dev->flags & IFF_UP)) 1069 if (!(dev->flags & IFF_UP))
@@ -4480,17 +4484,19 @@ static void __net_exit default_device_exit(struct net *net)
4480 rtnl_lock(); 4484 rtnl_lock();
4481 for_each_netdev_safe(net, dev, next) { 4485 for_each_netdev_safe(net, dev, next) {
4482 int err; 4486 int err;
4487 char fb_name[IFNAMSIZ];
4483 4488
4484 /* Ignore unmoveable devices (i.e. loopback) */ 4489 /* Ignore unmoveable devices (i.e. loopback) */
4485 if (dev->features & NETIF_F_NETNS_LOCAL) 4490 if (dev->features & NETIF_F_NETNS_LOCAL)
4486 continue; 4491 continue;
4487 4492
4488 /* Push remaing network devices to init_net */ 4493 /* Push remaing network devices to init_net */
4489 err = dev_change_net_namespace(dev, &init_net, "dev%d"); 4494 snprintf(fb_name, IFNAMSIZ, "dev%d", dev->ifindex);
4495 err = dev_change_net_namespace(dev, &init_net, fb_name);
4490 if (err) { 4496 if (err) {
4491 printk(KERN_WARNING "%s: failed to move %s to init_net: %d\n", 4497 printk(KERN_EMERG "%s: failed to move %s to init_net: %d\n",
4492 __func__, dev->name, err); 4498 __func__, dev->name, err);
4493 unregister_netdevice(dev); 4499 BUG();
4494 } 4500 }
4495 } 4501 }
4496 rtnl_unlock(); 4502 rtnl_unlock();
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 7b4bad6d572f..ff77a4a7f9ec 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -397,7 +397,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
397 iph = ip_hdr(skb); 397 iph = ip_hdr(skb);
398 398
399 /* 399 /*
400 * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum. 400 * RFC1122: 3.2.1.2 MUST silently discard any IP frame that fails the checksum.
401 * 401 *
402 * Is the datagram acceptable? 402 * Is the datagram acceptable?
403 * 403 *
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 8ac15a604e08..26c936930e92 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -114,8 +114,6 @@ int sysctl_tcp_abc __read_mostly;
114#define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED) 114#define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED)
115#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED) 115#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED)
116 116
117#define IsSackFrto() (sysctl_tcp_frto == 0x2)
118
119#define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH) 117#define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH)
120#define TCP_HP_BITS (~(TCP_RESERVED_BITS|TCP_FLAG_PSH)) 118#define TCP_HP_BITS (~(TCP_RESERVED_BITS|TCP_FLAG_PSH))
121 119
@@ -1686,6 +1684,11 @@ static inline void tcp_reset_reno_sack(struct tcp_sock *tp)
1686 tp->sacked_out = 0; 1684 tp->sacked_out = 0;
1687} 1685}
1688 1686
1687static int tcp_is_sackfrto(const struct tcp_sock *tp)
1688{
1689 return (sysctl_tcp_frto == 0x2) && !tcp_is_reno(tp);
1690}
1691
1689/* F-RTO can only be used if TCP has never retransmitted anything other than 1692/* F-RTO can only be used if TCP has never retransmitted anything other than
1690 * head (SACK enhanced variant from Appendix B of RFC4138 is more robust here) 1693 * head (SACK enhanced variant from Appendix B of RFC4138 is more robust here)
1691 */ 1694 */
@@ -1702,7 +1705,7 @@ int tcp_use_frto(struct sock *sk)
1702 if (icsk->icsk_mtup.probe_size) 1705 if (icsk->icsk_mtup.probe_size)
1703 return 0; 1706 return 0;
1704 1707
1705 if (IsSackFrto()) 1708 if (tcp_is_sackfrto(tp))
1706 return 1; 1709 return 1;
1707 1710
1708 /* Avoid expensive walking of rexmit queue if possible */ 1711 /* Avoid expensive walking of rexmit queue if possible */
@@ -1792,7 +1795,7 @@ void tcp_enter_frto(struct sock *sk)
1792 /* Earlier loss recovery underway (see RFC4138; Appendix B). 1795 /* Earlier loss recovery underway (see RFC4138; Appendix B).
1793 * The last condition is necessary at least in tp->frto_counter case. 1796 * The last condition is necessary at least in tp->frto_counter case.
1794 */ 1797 */
1795 if (IsSackFrto() && (tp->frto_counter || 1798 if (tcp_is_sackfrto(tp) && (tp->frto_counter ||
1796 ((1 << icsk->icsk_ca_state) & (TCPF_CA_Recovery|TCPF_CA_Loss))) && 1799 ((1 << icsk->icsk_ca_state) & (TCPF_CA_Recovery|TCPF_CA_Loss))) &&
1797 after(tp->high_seq, tp->snd_una)) { 1800 after(tp->high_seq, tp->snd_una)) {
1798 tp->frto_highmark = tp->high_seq; 1801 tp->frto_highmark = tp->high_seq;
@@ -3124,7 +3127,7 @@ static int tcp_process_frto(struct sock *sk, int flag)
3124 return 1; 3127 return 1;
3125 } 3128 }
3126 3129
3127 if (!IsSackFrto() || tcp_is_reno(tp)) { 3130 if (!tcp_is_sackfrto(tp)) {
3128 /* RFC4138 shortcoming in step 2; should also have case c): 3131 /* RFC4138 shortcoming in step 2; should also have case c):
3129 * ACK isn't duplicate nor advances window, e.g., opposite dir 3132 * ACK isn't duplicate nor advances window, e.g., opposite dir
3130 * data, winupdate 3133 * data, winupdate
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index c1fc0f1a641c..aa8d80c35e28 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -90,6 +90,7 @@ config NF_CT_PROTO_DCCP
90 tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' 90 tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'
91 depends on EXPERIMENTAL && NF_CONNTRACK 91 depends on EXPERIMENTAL && NF_CONNTRACK
92 depends on NETFILTER_ADVANCED 92 depends on NETFILTER_ADVANCED
93 default IP_DCCP
93 help 94 help
94 With this option enabled, the layer 3 independent connection 95 With this option enabled, the layer 3 independent connection
95 tracking code will be able to do state tracking on DCCP connections. 96 tracking code will be able to do state tracking on DCCP connections.
@@ -104,6 +105,7 @@ config NF_CT_PROTO_SCTP
104 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' 105 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
105 depends on EXPERIMENTAL && NF_CONNTRACK 106 depends on EXPERIMENTAL && NF_CONNTRACK
106 depends on NETFILTER_ADVANCED 107 depends on NETFILTER_ADVANCED
108 default IP_SCTP
107 help 109 help
108 With this option enabled, the layer 3 independent connection 110 With this option enabled, the layer 3 independent connection
109 tracking code will be able to do state tracking on SCTP connections. 111 tracking code will be able to do state tracking on SCTP connections.
@@ -532,6 +534,7 @@ config NETFILTER_XT_MATCH_DCCP
532 tristate '"dccp" protocol match support' 534 tristate '"dccp" protocol match support'
533 depends on NETFILTER_XTABLES 535 depends on NETFILTER_XTABLES
534 depends on NETFILTER_ADVANCED 536 depends on NETFILTER_ADVANCED
537 default IP_DCCP
535 help 538 help
536 With this option enabled, you will be able to use the iptables 539 With this option enabled, you will be able to use the iptables
537 `dccp' match in order to match on DCCP source/destination ports 540 `dccp' match in order to match on DCCP source/destination ports
@@ -725,6 +728,7 @@ config NETFILTER_XT_MATCH_SCTP
725 tristate '"sctp" protocol match support (EXPERIMENTAL)' 728 tristate '"sctp" protocol match support (EXPERIMENTAL)'
726 depends on NETFILTER_XTABLES && EXPERIMENTAL 729 depends on NETFILTER_XTABLES && EXPERIMENTAL
727 depends on NETFILTER_ADVANCED 730 depends on NETFILTER_ADVANCED
731 default IP_SCTP
728 help 732 help
729 With this option enabled, you will be able to use the 733 With this option enabled, you will be able to use the
730 `sctp' match in order to match on SCTP source/destination ports 734 `sctp' match in order to match on SCTP source/destination ports
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 9f4900069561..2f9bbc058b48 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -870,6 +870,7 @@ static int process_sdp(struct sk_buff *skb,
870{ 870{
871 enum ip_conntrack_info ctinfo; 871 enum ip_conntrack_info ctinfo;
872 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 872 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
873 struct nf_conn_help *help = nfct_help(ct);
873 unsigned int matchoff, matchlen; 874 unsigned int matchoff, matchlen;
874 unsigned int mediaoff, medialen; 875 unsigned int mediaoff, medialen;
875 unsigned int sdpoff; 876 unsigned int sdpoff;
@@ -959,6 +960,9 @@ static int process_sdp(struct sk_buff *skb,
959 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK) 960 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
960 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr); 961 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr);
961 962
963 if (ret == NF_ACCEPT && i > 0)
964 help->help.ct_sip_info.invite_cseq = cseq;
965
962 return ret; 966 return ret;
963} 967}
964static int process_invite_response(struct sk_buff *skb, 968static int process_invite_response(struct sk_buff *skb,
@@ -967,14 +971,14 @@ static int process_invite_response(struct sk_buff *skb,
967{ 971{
968 enum ip_conntrack_info ctinfo; 972 enum ip_conntrack_info ctinfo;
969 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 973 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
974 struct nf_conn_help *help = nfct_help(ct);
970 975
971 if ((code >= 100 && code <= 199) || 976 if ((code >= 100 && code <= 199) ||
972 (code >= 200 && code <= 299)) 977 (code >= 200 && code <= 299))
973 return process_sdp(skb, dptr, datalen, cseq); 978 return process_sdp(skb, dptr, datalen, cseq);
974 else { 979 else if (help->help.ct_sip_info.invite_cseq == cseq)
975 flush_expectations(ct, true); 980 flush_expectations(ct, true);
976 return NF_ACCEPT; 981 return NF_ACCEPT;
977 }
978} 982}
979 983
980static int process_update_response(struct sk_buff *skb, 984static int process_update_response(struct sk_buff *skb,
@@ -983,14 +987,14 @@ static int process_update_response(struct sk_buff *skb,
983{ 987{
984 enum ip_conntrack_info ctinfo; 988 enum ip_conntrack_info ctinfo;
985 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 989 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
990 struct nf_conn_help *help = nfct_help(ct);
986 991
987 if ((code >= 100 && code <= 199) || 992 if ((code >= 100 && code <= 199) ||
988 (code >= 200 && code <= 299)) 993 (code >= 200 && code <= 299))
989 return process_sdp(skb, dptr, datalen, cseq); 994 return process_sdp(skb, dptr, datalen, cseq);
990 else { 995 else if (help->help.ct_sip_info.invite_cseq == cseq)
991 flush_expectations(ct, true); 996 flush_expectations(ct, true);
992 return NF_ACCEPT; 997 return NF_ACCEPT;
993 }
994} 998}
995 999
996static int process_prack_response(struct sk_buff *skb, 1000static int process_prack_response(struct sk_buff *skb,
@@ -999,14 +1003,14 @@ static int process_prack_response(struct sk_buff *skb,
999{ 1003{
1000 enum ip_conntrack_info ctinfo; 1004 enum ip_conntrack_info ctinfo;
1001 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1005 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1006 struct nf_conn_help *help = nfct_help(ct);
1002 1007
1003 if ((code >= 100 && code <= 199) || 1008 if ((code >= 100 && code <= 199) ||
1004 (code >= 200 && code <= 299)) 1009 (code >= 200 && code <= 299))
1005 return process_sdp(skb, dptr, datalen, cseq); 1010 return process_sdp(skb, dptr, datalen, cseq);
1006 else { 1011 else if (help->help.ct_sip_info.invite_cseq == cseq)
1007 flush_expectations(ct, true); 1012 flush_expectations(ct, true);
1008 return NF_ACCEPT; 1013 return NF_ACCEPT;
1009 }
1010} 1014}
1011 1015
1012static int process_bye_request(struct sk_buff *skb, 1016static int process_bye_request(struct sk_buff *skb,