diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/af_bluetooth.c | 2 | ||||
-rw-r--r-- | net/bluetooth/hci_conn.c | 21 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 11 | ||||
-rw-r--r-- | net/bluetooth/l2cap.c | 34 | ||||
-rw-r--r-- | net/bluetooth/sco.c | 2 | ||||
-rw-r--r-- | net/bridge/br_ioctl.c | 8 | ||||
-rw-r--r-- | net/bridge/br_sysfs_br.c | 26 | ||||
-rw-r--r-- | net/core/dev.c | 7 | ||||
-rw-r--r-- | net/ipv4/inet_timewait_sock.c | 35 | ||||
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 1 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 64 | ||||
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 1 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_irc.c | 10 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_gre.c | 14 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 6 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 1 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 2 |
17 files changed, 178 insertions, 67 deletions
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 1edfdf4c095b..f6348e078aa4 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c | |||
@@ -49,7 +49,7 @@ | |||
49 | #define BT_DBG(D...) | 49 | #define BT_DBG(D...) |
50 | #endif | 50 | #endif |
51 | 51 | ||
52 | #define VERSION "2.12" | 52 | #define VERSION "2.13" |
53 | 53 | ||
54 | /* Bluetooth sockets */ | 54 | /* Bluetooth sockets */ |
55 | #define BT_MAX_PROTO 8 | 55 | #define BT_MAX_PROTO 8 |
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index ca8d05245ca0..b7002429f152 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -330,7 +330,7 @@ EXPORT_SYMBOL(hci_get_route); | |||
330 | 330 | ||
331 | /* Create SCO or ACL connection. | 331 | /* Create SCO or ACL connection. |
332 | * Device _must_ be locked */ | 332 | * Device _must_ be locked */ |
333 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) | 333 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type) |
334 | { | 334 | { |
335 | struct hci_conn *acl; | 335 | struct hci_conn *acl; |
336 | struct hci_conn *sco; | 336 | struct hci_conn *sco; |
@@ -344,8 +344,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) | |||
344 | 344 | ||
345 | hci_conn_hold(acl); | 345 | hci_conn_hold(acl); |
346 | 346 | ||
347 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) | 347 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
348 | acl->auth_type = auth_type; | ||
348 | hci_acl_connect(acl); | 349 | hci_acl_connect(acl); |
350 | } | ||
349 | 351 | ||
350 | if (type == ACL_LINK) | 352 | if (type == ACL_LINK) |
351 | return acl; | 353 | return acl; |
@@ -374,6 +376,19 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) | |||
374 | } | 376 | } |
375 | EXPORT_SYMBOL(hci_connect); | 377 | EXPORT_SYMBOL(hci_connect); |
376 | 378 | ||
379 | /* Check link security requirement */ | ||
380 | int hci_conn_check_link_mode(struct hci_conn *conn) | ||
381 | { | ||
382 | BT_DBG("conn %p", conn); | ||
383 | |||
384 | if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && | ||
385 | !(conn->link_mode & HCI_LM_ENCRYPT)) | ||
386 | return 0; | ||
387 | |||
388 | return 1; | ||
389 | } | ||
390 | EXPORT_SYMBOL(hci_conn_check_link_mode); | ||
391 | |||
377 | /* Authenticate remote device */ | 392 | /* Authenticate remote device */ |
378 | int hci_conn_auth(struct hci_conn *conn) | 393 | int hci_conn_auth(struct hci_conn *conn) |
379 | { | 394 | { |
@@ -381,7 +396,7 @@ int hci_conn_auth(struct hci_conn *conn) | |||
381 | 396 | ||
382 | if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) { | 397 | if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) { |
383 | if (!(conn->auth_type & 0x01)) { | 398 | if (!(conn->auth_type & 0x01)) { |
384 | conn->auth_type = HCI_AT_GENERAL_BONDING_MITM; | 399 | conn->auth_type |= 0x01; |
385 | conn->link_mode &= ~HCI_LM_AUTH; | 400 | conn->link_mode &= ~HCI_LM_AUTH; |
386 | } | 401 | } |
387 | } | 402 | } |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 0e3db289f4be..ad7a553d7713 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -1605,14 +1605,11 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b | |||
1605 | 1605 | ||
1606 | if (conn->state == BT_CONFIG) { | 1606 | if (conn->state == BT_CONFIG) { |
1607 | if (!ev->status && hdev->ssp_mode > 0 && | 1607 | if (!ev->status && hdev->ssp_mode > 0 && |
1608 | conn->ssp_mode > 0) { | 1608 | conn->ssp_mode > 0 && conn->out) { |
1609 | if (conn->out) { | 1609 | struct hci_cp_auth_requested cp; |
1610 | struct hci_cp_auth_requested cp; | 1610 | cp.handle = ev->handle; |
1611 | cp.handle = ev->handle; | 1611 | hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, |
1612 | hci_send_cmd(hdev, | ||
1613 | HCI_OP_AUTH_REQUESTED, | ||
1614 | sizeof(cp), &cp); | 1612 | sizeof(cp), &cp); |
1615 | } | ||
1616 | } else { | 1613 | } else { |
1617 | conn->state = BT_CONNECTED; | 1614 | conn->state = BT_CONNECTED; |
1618 | hci_proto_connect_cfm(conn, ev->status); | 1615 | hci_proto_connect_cfm(conn, ev->status); |
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 3396d5bdef1c..9610a9c85b98 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
@@ -55,7 +55,7 @@ | |||
55 | #define BT_DBG(D...) | 55 | #define BT_DBG(D...) |
56 | #endif | 56 | #endif |
57 | 57 | ||
58 | #define VERSION "2.10" | 58 | #define VERSION "2.11" |
59 | 59 | ||
60 | static u32 l2cap_feat_mask = 0x0000; | 60 | static u32 l2cap_feat_mask = 0x0000; |
61 | 61 | ||
@@ -778,6 +778,7 @@ static int l2cap_do_connect(struct sock *sk) | |||
778 | struct l2cap_conn *conn; | 778 | struct l2cap_conn *conn; |
779 | struct hci_conn *hcon; | 779 | struct hci_conn *hcon; |
780 | struct hci_dev *hdev; | 780 | struct hci_dev *hdev; |
781 | __u8 auth_type; | ||
781 | int err = 0; | 782 | int err = 0; |
782 | 783 | ||
783 | BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm); | 784 | BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm); |
@@ -789,7 +790,21 @@ static int l2cap_do_connect(struct sock *sk) | |||
789 | 790 | ||
790 | err = -ENOMEM; | 791 | err = -ENOMEM; |
791 | 792 | ||
792 | hcon = hci_connect(hdev, ACL_LINK, dst); | 793 | if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH || |
794 | l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT || | ||
795 | l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) { | ||
796 | if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) | ||
797 | auth_type = HCI_AT_NO_BONDING_MITM; | ||
798 | else | ||
799 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | ||
800 | } else { | ||
801 | if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) | ||
802 | auth_type = HCI_AT_NO_BONDING; | ||
803 | else | ||
804 | auth_type = HCI_AT_GENERAL_BONDING; | ||
805 | } | ||
806 | |||
807 | hcon = hci_connect(hdev, ACL_LINK, dst, auth_type); | ||
793 | if (!hcon) | 808 | if (!hcon) |
794 | goto done; | 809 | goto done; |
795 | 810 | ||
@@ -1553,10 +1568,10 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1553 | struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; | 1568 | struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; |
1554 | struct l2cap_conn_rsp rsp; | 1569 | struct l2cap_conn_rsp rsp; |
1555 | struct sock *sk, *parent; | 1570 | struct sock *sk, *parent; |
1556 | int result, status = 0; | 1571 | int result, status = L2CAP_CS_NO_INFO; |
1557 | 1572 | ||
1558 | u16 dcid = 0, scid = __le16_to_cpu(req->scid); | 1573 | u16 dcid = 0, scid = __le16_to_cpu(req->scid); |
1559 | __le16 psm = req->psm; | 1574 | __le16 psm = req->psm; |
1560 | 1575 | ||
1561 | BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid); | 1576 | BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid); |
1562 | 1577 | ||
@@ -1567,6 +1582,13 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1567 | goto sendresp; | 1582 | goto sendresp; |
1568 | } | 1583 | } |
1569 | 1584 | ||
1585 | /* Check if the ACL is secure enough (if not SDP) */ | ||
1586 | if (psm != cpu_to_le16(0x0001) && | ||
1587 | !hci_conn_check_link_mode(conn->hcon)) { | ||
1588 | result = L2CAP_CR_SEC_BLOCK; | ||
1589 | goto response; | ||
1590 | } | ||
1591 | |||
1570 | result = L2CAP_CR_NO_MEM; | 1592 | result = L2CAP_CR_NO_MEM; |
1571 | 1593 | ||
1572 | /* Check for backlog size */ | 1594 | /* Check for backlog size */ |
@@ -2224,7 +2246,7 @@ static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status) | |||
2224 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); | 2246 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); |
2225 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); | 2247 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); |
2226 | rsp.result = cpu_to_le16(result); | 2248 | rsp.result = cpu_to_le16(result); |
2227 | rsp.status = cpu_to_le16(0); | 2249 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); |
2228 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, | 2250 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, |
2229 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); | 2251 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); |
2230 | } | 2252 | } |
@@ -2296,7 +2318,7 @@ static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
2296 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); | 2318 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); |
2297 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); | 2319 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); |
2298 | rsp.result = cpu_to_le16(result); | 2320 | rsp.result = cpu_to_le16(result); |
2299 | rsp.status = cpu_to_le16(0); | 2321 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); |
2300 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, | 2322 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, |
2301 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); | 2323 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); |
2302 | } | 2324 | } |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index a16011fedc1d..0cc91e6da76d 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -200,7 +200,7 @@ static int sco_connect(struct sock *sk) | |||
200 | else | 200 | else |
201 | type = SCO_LINK; | 201 | type = SCO_LINK; |
202 | 202 | ||
203 | hcon = hci_connect(hdev, type, dst); | 203 | hcon = hci_connect(hdev, type, dst, HCI_AT_NO_BONDING); |
204 | if (!hcon) | 204 | if (!hcon) |
205 | goto done; | 205 | goto done; |
206 | 206 | ||
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c index eeee218eed80..5bbf07362172 100644 --- a/net/bridge/br_ioctl.c +++ b/net/bridge/br_ioctl.c | |||
@@ -188,15 +188,21 @@ static int old_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) | |||
188 | return 0; | 188 | return 0; |
189 | 189 | ||
190 | case BRCTL_SET_BRIDGE_HELLO_TIME: | 190 | case BRCTL_SET_BRIDGE_HELLO_TIME: |
191 | { | ||
192 | unsigned long t = clock_t_to_jiffies(args[1]); | ||
191 | if (!capable(CAP_NET_ADMIN)) | 193 | if (!capable(CAP_NET_ADMIN)) |
192 | return -EPERM; | 194 | return -EPERM; |
193 | 195 | ||
196 | if (t < HZ) | ||
197 | return -EINVAL; | ||
198 | |||
194 | spin_lock_bh(&br->lock); | 199 | spin_lock_bh(&br->lock); |
195 | br->bridge_hello_time = clock_t_to_jiffies(args[1]); | 200 | br->bridge_hello_time = t; |
196 | if (br_is_root_bridge(br)) | 201 | if (br_is_root_bridge(br)) |
197 | br->hello_time = br->bridge_hello_time; | 202 | br->hello_time = br->bridge_hello_time; |
198 | spin_unlock_bh(&br->lock); | 203 | spin_unlock_bh(&br->lock); |
199 | return 0; | 204 | return 0; |
205 | } | ||
200 | 206 | ||
201 | case BRCTL_SET_BRIDGE_MAX_AGE: | 207 | case BRCTL_SET_BRIDGE_MAX_AGE: |
202 | if (!capable(CAP_NET_ADMIN)) | 208 | if (!capable(CAP_NET_ADMIN)) |
diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c index 27d6a511c8c1..158dee8b4965 100644 --- a/net/bridge/br_sysfs_br.c +++ b/net/bridge/br_sysfs_br.c | |||
@@ -29,11 +29,12 @@ | |||
29 | */ | 29 | */ |
30 | static ssize_t store_bridge_parm(struct device *d, | 30 | static ssize_t store_bridge_parm(struct device *d, |
31 | const char *buf, size_t len, | 31 | const char *buf, size_t len, |
32 | void (*set)(struct net_bridge *, unsigned long)) | 32 | int (*set)(struct net_bridge *, unsigned long)) |
33 | { | 33 | { |
34 | struct net_bridge *br = to_bridge(d); | 34 | struct net_bridge *br = to_bridge(d); |
35 | char *endp; | 35 | char *endp; |
36 | unsigned long val; | 36 | unsigned long val; |
37 | int err; | ||
37 | 38 | ||
38 | if (!capable(CAP_NET_ADMIN)) | 39 | if (!capable(CAP_NET_ADMIN)) |
39 | return -EPERM; | 40 | return -EPERM; |
@@ -43,9 +44,9 @@ static ssize_t store_bridge_parm(struct device *d, | |||
43 | return -EINVAL; | 44 | return -EINVAL; |
44 | 45 | ||
45 | spin_lock_bh(&br->lock); | 46 | spin_lock_bh(&br->lock); |
46 | (*set)(br, val); | 47 | err = (*set)(br, val); |
47 | spin_unlock_bh(&br->lock); | 48 | spin_unlock_bh(&br->lock); |
48 | return len; | 49 | return err ? err : len; |
49 | } | 50 | } |
50 | 51 | ||
51 | 52 | ||
@@ -56,12 +57,13 @@ static ssize_t show_forward_delay(struct device *d, | |||
56 | return sprintf(buf, "%lu\n", jiffies_to_clock_t(br->forward_delay)); | 57 | return sprintf(buf, "%lu\n", jiffies_to_clock_t(br->forward_delay)); |
57 | } | 58 | } |
58 | 59 | ||
59 | static void set_forward_delay(struct net_bridge *br, unsigned long val) | 60 | static int set_forward_delay(struct net_bridge *br, unsigned long val) |
60 | { | 61 | { |
61 | unsigned long delay = clock_t_to_jiffies(val); | 62 | unsigned long delay = clock_t_to_jiffies(val); |
62 | br->forward_delay = delay; | 63 | br->forward_delay = delay; |
63 | if (br_is_root_bridge(br)) | 64 | if (br_is_root_bridge(br)) |
64 | br->bridge_forward_delay = delay; | 65 | br->bridge_forward_delay = delay; |
66 | return 0; | ||
65 | } | 67 | } |
66 | 68 | ||
67 | static ssize_t store_forward_delay(struct device *d, | 69 | static ssize_t store_forward_delay(struct device *d, |
@@ -80,12 +82,17 @@ static ssize_t show_hello_time(struct device *d, struct device_attribute *attr, | |||
80 | jiffies_to_clock_t(to_bridge(d)->hello_time)); | 82 | jiffies_to_clock_t(to_bridge(d)->hello_time)); |
81 | } | 83 | } |
82 | 84 | ||
83 | static void set_hello_time(struct net_bridge *br, unsigned long val) | 85 | static int set_hello_time(struct net_bridge *br, unsigned long val) |
84 | { | 86 | { |
85 | unsigned long t = clock_t_to_jiffies(val); | 87 | unsigned long t = clock_t_to_jiffies(val); |
88 | |||
89 | if (t < HZ) | ||
90 | return -EINVAL; | ||
91 | |||
86 | br->hello_time = t; | 92 | br->hello_time = t; |
87 | if (br_is_root_bridge(br)) | 93 | if (br_is_root_bridge(br)) |
88 | br->bridge_hello_time = t; | 94 | br->bridge_hello_time = t; |
95 | return 0; | ||
89 | } | 96 | } |
90 | 97 | ||
91 | static ssize_t store_hello_time(struct device *d, | 98 | static ssize_t store_hello_time(struct device *d, |
@@ -104,12 +111,13 @@ static ssize_t show_max_age(struct device *d, struct device_attribute *attr, | |||
104 | jiffies_to_clock_t(to_bridge(d)->max_age)); | 111 | jiffies_to_clock_t(to_bridge(d)->max_age)); |
105 | } | 112 | } |
106 | 113 | ||
107 | static void set_max_age(struct net_bridge *br, unsigned long val) | 114 | static int set_max_age(struct net_bridge *br, unsigned long val) |
108 | { | 115 | { |
109 | unsigned long t = clock_t_to_jiffies(val); | 116 | unsigned long t = clock_t_to_jiffies(val); |
110 | br->max_age = t; | 117 | br->max_age = t; |
111 | if (br_is_root_bridge(br)) | 118 | if (br_is_root_bridge(br)) |
112 | br->bridge_max_age = t; | 119 | br->bridge_max_age = t; |
120 | return 0; | ||
113 | } | 121 | } |
114 | 122 | ||
115 | static ssize_t store_max_age(struct device *d, struct device_attribute *attr, | 123 | static ssize_t store_max_age(struct device *d, struct device_attribute *attr, |
@@ -126,9 +134,10 @@ static ssize_t show_ageing_time(struct device *d, | |||
126 | return sprintf(buf, "%lu\n", jiffies_to_clock_t(br->ageing_time)); | 134 | return sprintf(buf, "%lu\n", jiffies_to_clock_t(br->ageing_time)); |
127 | } | 135 | } |
128 | 136 | ||
129 | static void set_ageing_time(struct net_bridge *br, unsigned long val) | 137 | static int set_ageing_time(struct net_bridge *br, unsigned long val) |
130 | { | 138 | { |
131 | br->ageing_time = clock_t_to_jiffies(val); | 139 | br->ageing_time = clock_t_to_jiffies(val); |
140 | return 0; | ||
132 | } | 141 | } |
133 | 142 | ||
134 | static ssize_t store_ageing_time(struct device *d, | 143 | static ssize_t store_ageing_time(struct device *d, |
@@ -180,9 +189,10 @@ static ssize_t show_priority(struct device *d, struct device_attribute *attr, | |||
180 | (br->bridge_id.prio[0] << 8) | br->bridge_id.prio[1]); | 189 | (br->bridge_id.prio[0] << 8) | br->bridge_id.prio[1]); |
181 | } | 190 | } |
182 | 191 | ||
183 | static void set_priority(struct net_bridge *br, unsigned long val) | 192 | static int set_priority(struct net_bridge *br, unsigned long val) |
184 | { | 193 | { |
185 | br_stp_set_bridge_priority(br, (u16) val); | 194 | br_stp_set_bridge_priority(br, (u16) val); |
195 | return 0; | ||
186 | } | 196 | } |
187 | 197 | ||
188 | static ssize_t store_priority(struct device *d, struct device_attribute *attr, | 198 | static ssize_t store_priority(struct device *d, struct device_attribute *attr, |
diff --git a/net/core/dev.c b/net/core/dev.c index 60c51f765887..e719ed29310f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -1991,8 +1991,13 @@ static void net_tx_action(struct softirq_action *h) | |||
1991 | spin_unlock(root_lock); | 1991 | spin_unlock(root_lock); |
1992 | } else { | 1992 | } else { |
1993 | if (!test_bit(__QDISC_STATE_DEACTIVATED, | 1993 | if (!test_bit(__QDISC_STATE_DEACTIVATED, |
1994 | &q->state)) | 1994 | &q->state)) { |
1995 | __netif_reschedule(q); | 1995 | __netif_reschedule(q); |
1996 | } else { | ||
1997 | smp_mb__before_clear_bit(); | ||
1998 | clear_bit(__QDISC_STATE_SCHED, | ||
1999 | &q->state); | ||
2000 | } | ||
1996 | } | 2001 | } |
1997 | } | 2002 | } |
1998 | } | 2003 | } |
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c index d985bd613d25..743f011b9a84 100644 --- a/net/ipv4/inet_timewait_sock.c +++ b/net/ipv4/inet_timewait_sock.c | |||
@@ -409,3 +409,38 @@ out: | |||
409 | } | 409 | } |
410 | 410 | ||
411 | EXPORT_SYMBOL_GPL(inet_twdr_twcal_tick); | 411 | EXPORT_SYMBOL_GPL(inet_twdr_twcal_tick); |
412 | |||
413 | void inet_twsk_purge(struct net *net, struct inet_hashinfo *hashinfo, | ||
414 | struct inet_timewait_death_row *twdr, int family) | ||
415 | { | ||
416 | struct inet_timewait_sock *tw; | ||
417 | struct sock *sk; | ||
418 | struct hlist_node *node; | ||
419 | int h; | ||
420 | |||
421 | local_bh_disable(); | ||
422 | for (h = 0; h < (hashinfo->ehash_size); h++) { | ||
423 | struct inet_ehash_bucket *head = | ||
424 | inet_ehash_bucket(hashinfo, h); | ||
425 | rwlock_t *lock = inet_ehash_lockp(hashinfo, h); | ||
426 | restart: | ||
427 | write_lock(lock); | ||
428 | sk_for_each(sk, node, &head->twchain) { | ||
429 | |||
430 | tw = inet_twsk(sk); | ||
431 | if (!net_eq(twsk_net(tw), net) || | ||
432 | tw->tw_family != family) | ||
433 | continue; | ||
434 | |||
435 | atomic_inc(&tw->tw_refcnt); | ||
436 | write_unlock(lock); | ||
437 | inet_twsk_deschedule(tw, twdr); | ||
438 | inet_twsk_put(tw); | ||
439 | |||
440 | goto restart; | ||
441 | } | ||
442 | write_unlock(lock); | ||
443 | } | ||
444 | local_bh_enable(); | ||
445 | } | ||
446 | EXPORT_SYMBOL_GPL(inet_twsk_purge); | ||
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 44c1e934824b..1b4fee20fc93 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -2376,6 +2376,7 @@ static int __net_init tcp_sk_init(struct net *net) | |||
2376 | static void __net_exit tcp_sk_exit(struct net *net) | 2376 | static void __net_exit tcp_sk_exit(struct net *net) |
2377 | { | 2377 | { |
2378 | inet_ctl_sock_destroy(net->ipv4.tcp_sock); | 2378 | inet_ctl_sock_destroy(net->ipv4.tcp_sock); |
2379 | inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET); | ||
2379 | } | 2380 | } |
2380 | 2381 | ||
2381 | static struct pernet_operations __net_initdata tcp_sk_ops = { | 2382 | static struct pernet_operations __net_initdata tcp_sk_ops = { |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 0e844c2736a7..3df2c442d90b 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -943,39 +943,39 @@ static int ip6_dst_lookup_tail(struct sock *sk, | |||
943 | } | 943 | } |
944 | 944 | ||
945 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD | 945 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
946 | /* | 946 | /* |
947 | * Here if the dst entry we've looked up | 947 | * Here if the dst entry we've looked up |
948 | * has a neighbour entry that is in the INCOMPLETE | 948 | * has a neighbour entry that is in the INCOMPLETE |
949 | * state and the src address from the flow is | 949 | * state and the src address from the flow is |
950 | * marked as OPTIMISTIC, we release the found | 950 | * marked as OPTIMISTIC, we release the found |
951 | * dst entry and replace it instead with the | 951 | * dst entry and replace it instead with the |
952 | * dst entry of the nexthop router | 952 | * dst entry of the nexthop router |
953 | */ | 953 | */ |
954 | if (!((*dst)->neighbour->nud_state & NUD_VALID)) { | 954 | if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) { |
955 | struct inet6_ifaddr *ifp; | 955 | struct inet6_ifaddr *ifp; |
956 | struct flowi fl_gw; | 956 | struct flowi fl_gw; |
957 | int redirect; | 957 | int redirect; |
958 | 958 | ||
959 | ifp = ipv6_get_ifaddr(net, &fl->fl6_src, | 959 | ifp = ipv6_get_ifaddr(net, &fl->fl6_src, |
960 | (*dst)->dev, 1); | 960 | (*dst)->dev, 1); |
961 | 961 | ||
962 | redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); | 962 | redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); |
963 | if (ifp) | 963 | if (ifp) |
964 | in6_ifa_put(ifp); | 964 | in6_ifa_put(ifp); |
965 | 965 | ||
966 | if (redirect) { | 966 | if (redirect) { |
967 | /* | 967 | /* |
968 | * We need to get the dst entry for the | 968 | * We need to get the dst entry for the |
969 | * default router instead | 969 | * default router instead |
970 | */ | 970 | */ |
971 | dst_release(*dst); | 971 | dst_release(*dst); |
972 | memcpy(&fl_gw, fl, sizeof(struct flowi)); | 972 | memcpy(&fl_gw, fl, sizeof(struct flowi)); |
973 | memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); | 973 | memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); |
974 | *dst = ip6_route_output(net, sk, &fl_gw); | 974 | *dst = ip6_route_output(net, sk, &fl_gw); |
975 | if ((err = (*dst)->error)) | 975 | if ((err = (*dst)->error)) |
976 | goto out_err_release; | 976 | goto out_err_release; |
977 | } | ||
978 | } | 977 | } |
978 | } | ||
979 | #endif | 979 | #endif |
980 | 980 | ||
981 | return 0; | 981 | return 0; |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 5b90b369ccb2..b585c850a89a 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -2148,6 +2148,7 @@ static int tcpv6_net_init(struct net *net) | |||
2148 | static void tcpv6_net_exit(struct net *net) | 2148 | static void tcpv6_net_exit(struct net *net) |
2149 | { | 2149 | { |
2150 | inet_ctl_sock_destroy(net->ipv6.tcp_sk); | 2150 | inet_ctl_sock_destroy(net->ipv6.tcp_sk); |
2151 | inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET6); | ||
2151 | } | 2152 | } |
2152 | 2153 | ||
2153 | static struct pernet_operations tcpv6_net_ops = { | 2154 | static struct pernet_operations tcpv6_net_ops = { |
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 1b1226d6653f..20633fdf7e6b 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c | |||
@@ -68,11 +68,21 @@ static const char *const dccprotos[] = { | |||
68 | static int parse_dcc(char *data, const char *data_end, u_int32_t *ip, | 68 | static int parse_dcc(char *data, const char *data_end, u_int32_t *ip, |
69 | u_int16_t *port, char **ad_beg_p, char **ad_end_p) | 69 | u_int16_t *port, char **ad_beg_p, char **ad_end_p) |
70 | { | 70 | { |
71 | char *tmp; | ||
72 | |||
71 | /* at least 12: "AAAAAAAA P\1\n" */ | 73 | /* at least 12: "AAAAAAAA P\1\n" */ |
72 | while (*data++ != ' ') | 74 | while (*data++ != ' ') |
73 | if (data > data_end - 12) | 75 | if (data > data_end - 12) |
74 | return -1; | 76 | return -1; |
75 | 77 | ||
78 | /* Make sure we have a newline character within the packet boundaries | ||
79 | * because simple_strtoul parses until the first invalid character. */ | ||
80 | for (tmp = data; tmp <= data_end; tmp++) | ||
81 | if (*tmp == '\n') | ||
82 | break; | ||
83 | if (tmp > data_end || *tmp != '\n') | ||
84 | return -1; | ||
85 | |||
76 | *ad_beg_p = data; | 86 | *ad_beg_p = data; |
77 | *ip = simple_strtoul(data, &data, 10); | 87 | *ip = simple_strtoul(data, &data, 10); |
78 | 88 | ||
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index 654a4f7f12c6..9bd03967fea4 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c | |||
@@ -45,12 +45,12 @@ static LIST_HEAD(gre_keymap_list); | |||
45 | 45 | ||
46 | void nf_ct_gre_keymap_flush(void) | 46 | void nf_ct_gre_keymap_flush(void) |
47 | { | 47 | { |
48 | struct list_head *pos, *n; | 48 | struct nf_ct_gre_keymap *km, *tmp; |
49 | 49 | ||
50 | write_lock_bh(&nf_ct_gre_lock); | 50 | write_lock_bh(&nf_ct_gre_lock); |
51 | list_for_each_safe(pos, n, &gre_keymap_list) { | 51 | list_for_each_entry_safe(km, tmp, &gre_keymap_list, list) { |
52 | list_del(pos); | 52 | list_del(&km->list); |
53 | kfree(pos); | 53 | kfree(km); |
54 | } | 54 | } |
55 | write_unlock_bh(&nf_ct_gre_lock); | 55 | write_unlock_bh(&nf_ct_gre_lock); |
56 | } | 56 | } |
@@ -97,10 +97,14 @@ int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir, | |||
97 | kmp = &help->help.ct_pptp_info.keymap[dir]; | 97 | kmp = &help->help.ct_pptp_info.keymap[dir]; |
98 | if (*kmp) { | 98 | if (*kmp) { |
99 | /* check whether it's a retransmission */ | 99 | /* check whether it's a retransmission */ |
100 | read_lock_bh(&nf_ct_gre_lock); | ||
100 | list_for_each_entry(km, &gre_keymap_list, list) { | 101 | list_for_each_entry(km, &gre_keymap_list, list) { |
101 | if (gre_key_cmpfn(km, t) && km == *kmp) | 102 | if (gre_key_cmpfn(km, t) && km == *kmp) { |
103 | read_unlock_bh(&nf_ct_gre_lock); | ||
102 | return 0; | 104 | return 0; |
105 | } | ||
103 | } | 106 | } |
107 | read_unlock_bh(&nf_ct_gre_lock); | ||
104 | pr_debug("trying to override keymap_%s for ct %p\n", | 108 | pr_debug("trying to override keymap_%s for ct %p\n", |
105 | dir == IP_CT_DIR_REPLY ? "reply" : "orig", ct); | 109 | dir == IP_CT_DIR_REPLY ? "reply" : "orig", ct); |
106 | return -EEXIST; | 110 | return -EEXIST; |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 2f9bbc058b48..1fa306be60fb 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -1193,7 +1193,6 @@ static const struct sip_handler sip_handlers[] = { | |||
1193 | static int process_sip_response(struct sk_buff *skb, | 1193 | static int process_sip_response(struct sk_buff *skb, |
1194 | const char **dptr, unsigned int *datalen) | 1194 | const char **dptr, unsigned int *datalen) |
1195 | { | 1195 | { |
1196 | static const struct sip_handler *handler; | ||
1197 | enum ip_conntrack_info ctinfo; | 1196 | enum ip_conntrack_info ctinfo; |
1198 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 1197 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
1199 | unsigned int matchoff, matchlen; | 1198 | unsigned int matchoff, matchlen; |
@@ -1214,6 +1213,8 @@ static int process_sip_response(struct sk_buff *skb, | |||
1214 | dataoff = matchoff + matchlen + 1; | 1213 | dataoff = matchoff + matchlen + 1; |
1215 | 1214 | ||
1216 | for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { | 1215 | for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { |
1216 | const struct sip_handler *handler; | ||
1217 | |||
1217 | handler = &sip_handlers[i]; | 1218 | handler = &sip_handlers[i]; |
1218 | if (handler->response == NULL) | 1219 | if (handler->response == NULL) |
1219 | continue; | 1220 | continue; |
@@ -1228,13 +1229,14 @@ static int process_sip_response(struct sk_buff *skb, | |||
1228 | static int process_sip_request(struct sk_buff *skb, | 1229 | static int process_sip_request(struct sk_buff *skb, |
1229 | const char **dptr, unsigned int *datalen) | 1230 | const char **dptr, unsigned int *datalen) |
1230 | { | 1231 | { |
1231 | static const struct sip_handler *handler; | ||
1232 | enum ip_conntrack_info ctinfo; | 1232 | enum ip_conntrack_info ctinfo; |
1233 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 1233 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
1234 | unsigned int matchoff, matchlen; | 1234 | unsigned int matchoff, matchlen; |
1235 | unsigned int cseq, i; | 1235 | unsigned int cseq, i; |
1236 | 1236 | ||
1237 | for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { | 1237 | for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { |
1238 | const struct sip_handler *handler; | ||
1239 | |||
1238 | handler = &sip_handlers[i]; | 1240 | handler = &sip_handlers[i]; |
1239 | if (handler->request == NULL) | 1241 | if (handler->request == NULL) |
1240 | continue; | 1242 | continue; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 46914b79d850..b7754b1b73a4 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -1077,6 +1077,7 @@ static void __xfrm_policy_link(struct xfrm_policy *pol, int dir) | |||
1077 | struct hlist_head *chain = policy_hash_bysel(&pol->selector, | 1077 | struct hlist_head *chain = policy_hash_bysel(&pol->selector, |
1078 | pol->family, dir); | 1078 | pol->family, dir); |
1079 | 1079 | ||
1080 | list_add_tail(&pol->bytype, &xfrm_policy_bytype[pol->type]); | ||
1080 | hlist_add_head(&pol->bydst, chain); | 1081 | hlist_add_head(&pol->bydst, chain); |
1081 | hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index)); | 1082 | hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index)); |
1082 | xfrm_policy_count[dir]++; | 1083 | xfrm_policy_count[dir]++; |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 7bd62f61593f..0a8f09c3144c 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -858,6 +858,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
858 | 858 | ||
859 | if (km_query(x, tmpl, pol) == 0) { | 859 | if (km_query(x, tmpl, pol) == 0) { |
860 | x->km.state = XFRM_STATE_ACQ; | 860 | x->km.state = XFRM_STATE_ACQ; |
861 | list_add_tail(&x->all, &xfrm_state_all); | ||
861 | hlist_add_head(&x->bydst, xfrm_state_bydst+h); | 862 | hlist_add_head(&x->bydst, xfrm_state_bydst+h); |
862 | h = xfrm_src_hash(daddr, saddr, family); | 863 | h = xfrm_src_hash(daddr, saddr, family); |
863 | hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); | 864 | hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); |
@@ -1055,6 +1056,7 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re | |||
1055 | xfrm_state_hold(x); | 1056 | xfrm_state_hold(x); |
1056 | x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; | 1057 | x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; |
1057 | add_timer(&x->timer); | 1058 | add_timer(&x->timer); |
1059 | list_add_tail(&x->all, &xfrm_state_all); | ||
1058 | hlist_add_head(&x->bydst, xfrm_state_bydst+h); | 1060 | hlist_add_head(&x->bydst, xfrm_state_bydst+h); |
1059 | h = xfrm_src_hash(daddr, saddr, family); | 1061 | h = xfrm_src_hash(daddr, saddr, family); |
1060 | hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); | 1062 | hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); |