aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/atm/lec.c2
-rw-r--r--net/batman-adv/fragmentation.c2
-rw-r--r--net/bluetooth/hci_conn.c8
-rw-r--r--net/bluetooth/hci_core.c14
-rw-r--r--net/bluetooth/hci_event.c17
-rw-r--r--net/ceph/auth_x.c256
-rw-r--r--net/ceph/mon_client.c8
-rw-r--r--net/core/datagram.c2
-rw-r--r--net/core/dev.c77
-rw-r--r--net/core/gen_estimator.c2
-rw-r--r--net/core/gen_stats.c2
-rw-r--r--net/core/skbuff.c4
-rw-r--r--net/core/sock.c34
-rw-r--r--net/ieee802154/6lowpan_rtnl.c4
-rw-r--r--net/ieee802154/reassembly.c15
-rw-r--r--net/ipv4/netfilter/Kconfig102
-rw-r--r--net/ipv4/netfilter/Makefile2
-rw-r--r--net/ipv6/addrconf.c29
-rw-r--r--net/ipv6/anycast.c10
-rw-r--r--net/ipv6/ip6_fib.c2
-rw-r--r--net/ipv6/mcast.c14
-rw-r--r--net/ipv6/netfilter/Kconfig28
-rw-r--r--net/ipv6/netfilter/Makefile2
-rw-r--r--net/l2tp/l2tp_ppp.c3
-rw-r--r--net/mac80211/chan.c4
-rw-r--r--net/mac80211/debugfs_sta.c2
-rw-r--r--net/mac80211/iface.c4
-rw-r--r--net/mac80211/mesh_plink.c7
-rw-r--r--net/mac80211/mlme.c3
-rw-r--r--net/mac80211/sta_info.c7
-rw-r--r--net/mac802154/wpan.c6
-rw-r--r--net/netfilter/Kconfig14
-rw-r--r--net/netfilter/Makefile2
-rw-r--r--net/netfilter/core.c6
-rw-r--r--net/netfilter/ipvs/ip_vs_core.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_xmit.c20
-rw-r--r--net/netfilter/xt_cgroup.c2
-rw-r--r--net/openvswitch/actions.c5
-rw-r--r--net/openvswitch/datapath.c11
-rw-r--r--net/packet/af_packet.c17
-rw-r--r--net/packet/internal.h1
-rw-r--r--net/rfkill/rfkill-gpio.c1
-rw-r--r--net/sched/sch_cbq.c48
-rw-r--r--net/sctp/associola.c12
-rw-r--r--net/sctp/socket.c2
-rw-r--r--net/socket.c5
-rw-r--r--net/tipc/port.h5
-rw-r--r--net/tipc/socket.c2
48 files changed, 510 insertions, 317 deletions
diff --git a/net/atm/lec.c b/net/atm/lec.c
index e4853b50cf40..4b98f897044a 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -410,9 +410,11 @@ static int lec_atm_send(struct atm_vcc *vcc, struct sk_buff *skb)
410 priv->lane2_ops = NULL; 410 priv->lane2_ops = NULL;
411 if (priv->lane_version > 1) 411 if (priv->lane_version > 1)
412 priv->lane2_ops = &lane2_ops; 412 priv->lane2_ops = &lane2_ops;
413 rtnl_lock();
413 if (dev_set_mtu(dev, mesg->content.config.mtu)) 414 if (dev_set_mtu(dev, mesg->content.config.mtu))
414 pr_info("%s: change_mtu to %d failed\n", 415 pr_info("%s: change_mtu to %d failed\n",
415 dev->name, mesg->content.config.mtu); 416 dev->name, mesg->content.config.mtu);
417 rtnl_unlock();
416 priv->is_proxy = mesg->content.config.is_proxy; 418 priv->is_proxy = mesg->content.config.is_proxy;
417 break; 419 break;
418 case l_flush_tran_id: 420 case l_flush_tran_id:
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
index 52c43f904220..fc1835c6bb40 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -188,7 +188,7 @@ static bool batadv_frag_insert_packet(struct batadv_orig_node *orig_node,
188 188
189 /* Reached the end of the list, so insert after 'frag_entry_last'. */ 189 /* Reached the end of the list, so insert after 'frag_entry_last'. */
190 if (likely(frag_entry_last)) { 190 if (likely(frag_entry_last)) {
191 hlist_add_behind(&frag_entry_last->list, &frag_entry_new->list); 191 hlist_add_behind(&frag_entry_new->list, &frag_entry_last->list);
192 chain->size += skb->len - hdr_size; 192 chain->size += skb->len - hdr_size;
193 chain->timestamp = jiffies; 193 chain->timestamp = jiffies;
194 ret = true; 194 ret = true;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b50dabb3f86a..faff6247ac8f 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -589,6 +589,14 @@ EXPORT_SYMBOL(hci_get_route);
589void hci_le_conn_failed(struct hci_conn *conn, u8 status) 589void hci_le_conn_failed(struct hci_conn *conn, u8 status)
590{ 590{
591 struct hci_dev *hdev = conn->hdev; 591 struct hci_dev *hdev = conn->hdev;
592 struct hci_conn_params *params;
593
594 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
595 conn->dst_type);
596 if (params && params->conn) {
597 hci_conn_drop(params->conn);
598 params->conn = NULL;
599 }
592 600
593 conn->state = BT_CLOSED; 601 conn->state = BT_CLOSED;
594 602
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c32d361c0cf7..1d9c29a00568 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2536,8 +2536,13 @@ static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2536{ 2536{
2537 struct hci_conn_params *p; 2537 struct hci_conn_params *p;
2538 2538
2539 list_for_each_entry(p, &hdev->le_conn_params, list) 2539 list_for_each_entry(p, &hdev->le_conn_params, list) {
2540 if (p->conn) {
2541 hci_conn_drop(p->conn);
2542 p->conn = NULL;
2543 }
2540 list_del_init(&p->action); 2544 list_del_init(&p->action);
2545 }
2541 2546
2542 BT_DBG("All LE pending actions cleared"); 2547 BT_DBG("All LE pending actions cleared");
2543} 2548}
@@ -2578,8 +2583,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
2578 2583
2579 hci_dev_lock(hdev); 2584 hci_dev_lock(hdev);
2580 hci_inquiry_cache_flush(hdev); 2585 hci_inquiry_cache_flush(hdev);
2581 hci_conn_hash_flush(hdev);
2582 hci_pend_le_actions_clear(hdev); 2586 hci_pend_le_actions_clear(hdev);
2587 hci_conn_hash_flush(hdev);
2583 hci_dev_unlock(hdev); 2588 hci_dev_unlock(hdev);
2584 2589
2585 hci_notify(hdev, HCI_DEV_DOWN); 2590 hci_notify(hdev, HCI_DEV_DOWN);
@@ -3727,6 +3732,9 @@ void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3727 if (!params) 3732 if (!params)
3728 return; 3733 return;
3729 3734
3735 if (params->conn)
3736 hci_conn_drop(params->conn);
3737
3730 list_del(&params->action); 3738 list_del(&params->action);
3731 list_del(&params->list); 3739 list_del(&params->list);
3732 kfree(params); 3740 kfree(params);
@@ -3757,6 +3765,8 @@ void hci_conn_params_clear_all(struct hci_dev *hdev)
3757 struct hci_conn_params *params, *tmp; 3765 struct hci_conn_params *params, *tmp;
3758 3766
3759 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) { 3767 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3768 if (params->conn)
3769 hci_conn_drop(params->conn);
3760 list_del(&params->action); 3770 list_del(&params->action);
3761 list_del(&params->list); 3771 list_del(&params->list);
3762 kfree(params); 3772 kfree(params);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index be35598984d9..a6000823f0ff 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -4221,8 +4221,13 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4221 hci_proto_connect_cfm(conn, ev->status); 4221 hci_proto_connect_cfm(conn, ev->status);
4222 4222
4223 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); 4223 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
4224 if (params) 4224 if (params) {
4225 list_del_init(&params->action); 4225 list_del_init(&params->action);
4226 if (params->conn) {
4227 hci_conn_drop(params->conn);
4228 params->conn = NULL;
4229 }
4230 }
4226 4231
4227unlock: 4232unlock:
4228 hci_update_background_scan(hdev); 4233 hci_update_background_scan(hdev);
@@ -4304,8 +4309,16 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4304 4309
4305 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, 4310 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4306 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); 4311 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4307 if (!IS_ERR(conn)) 4312 if (!IS_ERR(conn)) {
4313 /* Store the pointer since we don't really have any
4314 * other owner of the object besides the params that
4315 * triggered it. This way we can abort the connection if
4316 * the parameters get removed and keep the reference
4317 * count consistent once the connection is established.
4318 */
4319 params->conn = conn;
4308 return; 4320 return;
4321 }
4309 4322
4310 switch (PTR_ERR(conn)) { 4323 switch (PTR_ERR(conn)) {
4311 case -EBUSY: 4324 case -EBUSY:
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 96238ba95f2b..de6662b14e1f 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -13,8 +13,6 @@
13#include "auth_x.h" 13#include "auth_x.h"
14#include "auth_x_protocol.h" 14#include "auth_x_protocol.h"
15 15
16#define TEMP_TICKET_BUF_LEN 256
17
18static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed); 16static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed);
19 17
20static int ceph_x_is_authenticated(struct ceph_auth_client *ac) 18static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
@@ -64,7 +62,7 @@ static int ceph_x_encrypt(struct ceph_crypto_key *secret,
64} 62}
65 63
66static int ceph_x_decrypt(struct ceph_crypto_key *secret, 64static int ceph_x_decrypt(struct ceph_crypto_key *secret,
67 void **p, void *end, void *obuf, size_t olen) 65 void **p, void *end, void **obuf, size_t olen)
68{ 66{
69 struct ceph_x_encrypt_header head; 67 struct ceph_x_encrypt_header head;
70 size_t head_len = sizeof(head); 68 size_t head_len = sizeof(head);
@@ -75,8 +73,14 @@ static int ceph_x_decrypt(struct ceph_crypto_key *secret,
75 return -EINVAL; 73 return -EINVAL;
76 74
77 dout("ceph_x_decrypt len %d\n", len); 75 dout("ceph_x_decrypt len %d\n", len);
78 ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, 76 if (*obuf == NULL) {
79 *p, len); 77 *obuf = kmalloc(len, GFP_NOFS);
78 if (!*obuf)
79 return -ENOMEM;
80 olen = len;
81 }
82
83 ret = ceph_decrypt2(secret, &head, &head_len, *obuf, &olen, *p, len);
80 if (ret) 84 if (ret)
81 return ret; 85 return ret;
82 if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) 86 if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC)
@@ -129,139 +133,120 @@ static void remove_ticket_handler(struct ceph_auth_client *ac,
129 kfree(th); 133 kfree(th);
130} 134}
131 135
132static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, 136static int process_one_ticket(struct ceph_auth_client *ac,
133 struct ceph_crypto_key *secret, 137 struct ceph_crypto_key *secret,
134 void *buf, void *end) 138 void **p, void *end)
135{ 139{
136 struct ceph_x_info *xi = ac->private; 140 struct ceph_x_info *xi = ac->private;
137 int num; 141 int type;
138 void *p = buf; 142 u8 tkt_struct_v, blob_struct_v;
143 struct ceph_x_ticket_handler *th;
144 void *dbuf = NULL;
145 void *dp, *dend;
146 int dlen;
147 char is_enc;
148 struct timespec validity;
149 struct ceph_crypto_key old_key;
150 void *ticket_buf = NULL;
151 void *tp, *tpend;
152 struct ceph_timespec new_validity;
153 struct ceph_crypto_key new_session_key;
154 struct ceph_buffer *new_ticket_blob;
155 unsigned long new_expires, new_renew_after;
156 u64 new_secret_id;
139 int ret; 157 int ret;
140 char *dbuf;
141 char *ticket_buf;
142 u8 reply_struct_v;
143 158
144 dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); 159 ceph_decode_need(p, end, sizeof(u32) + 1, bad);
145 if (!dbuf)
146 return -ENOMEM;
147 160
148 ret = -ENOMEM; 161 type = ceph_decode_32(p);
149 ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); 162 dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
150 if (!ticket_buf)
151 goto out_dbuf;
152 163
153 ceph_decode_need(&p, end, 1 + sizeof(u32), bad); 164 tkt_struct_v = ceph_decode_8(p);
154 reply_struct_v = ceph_decode_8(&p); 165 if (tkt_struct_v != 1)
155 if (reply_struct_v != 1)
156 goto bad; 166 goto bad;
157 num = ceph_decode_32(&p);
158 dout("%d tickets\n", num);
159 while (num--) {
160 int type;
161 u8 tkt_struct_v, blob_struct_v;
162 struct ceph_x_ticket_handler *th;
163 void *dp, *dend;
164 int dlen;
165 char is_enc;
166 struct timespec validity;
167 struct ceph_crypto_key old_key;
168 void *tp, *tpend;
169 struct ceph_timespec new_validity;
170 struct ceph_crypto_key new_session_key;
171 struct ceph_buffer *new_ticket_blob;
172 unsigned long new_expires, new_renew_after;
173 u64 new_secret_id;
174
175 ceph_decode_need(&p, end, sizeof(u32) + 1, bad);
176
177 type = ceph_decode_32(&p);
178 dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
179
180 tkt_struct_v = ceph_decode_8(&p);
181 if (tkt_struct_v != 1)
182 goto bad;
183
184 th = get_ticket_handler(ac, type);
185 if (IS_ERR(th)) {
186 ret = PTR_ERR(th);
187 goto out;
188 }
189 167
190 /* blob for me */ 168 th = get_ticket_handler(ac, type);
191 dlen = ceph_x_decrypt(secret, &p, end, dbuf, 169 if (IS_ERR(th)) {
192 TEMP_TICKET_BUF_LEN); 170 ret = PTR_ERR(th);
193 if (dlen <= 0) { 171 goto out;
194 ret = dlen; 172 }
195 goto out;
196 }
197 dout(" decrypted %d bytes\n", dlen);
198 dend = dbuf + dlen;
199 dp = dbuf;
200 173
201 tkt_struct_v = ceph_decode_8(&dp); 174 /* blob for me */
202 if (tkt_struct_v != 1) 175 dlen = ceph_x_decrypt(secret, p, end, &dbuf, 0);
203 goto bad; 176 if (dlen <= 0) {
177 ret = dlen;
178 goto out;
179 }
180 dout(" decrypted %d bytes\n", dlen);
181 dp = dbuf;
182 dend = dp + dlen;
204 183
205 memcpy(&old_key, &th->session_key, sizeof(old_key)); 184 tkt_struct_v = ceph_decode_8(&dp);
206 ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); 185 if (tkt_struct_v != 1)
207 if (ret) 186 goto bad;
208 goto out;
209 187
210 ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); 188 memcpy(&old_key, &th->session_key, sizeof(old_key));
211 ceph_decode_timespec(&validity, &new_validity); 189 ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
212 new_expires = get_seconds() + validity.tv_sec; 190 if (ret)
213 new_renew_after = new_expires - (validity.tv_sec / 4); 191 goto out;
214 dout(" expires=%lu renew_after=%lu\n", new_expires,
215 new_renew_after);
216 192
217 /* ticket blob for service */ 193 ceph_decode_copy(&dp, &new_validity, sizeof(new_validity));
218 ceph_decode_8_safe(&p, end, is_enc, bad); 194 ceph_decode_timespec(&validity, &new_validity);
219 tp = ticket_buf; 195 new_expires = get_seconds() + validity.tv_sec;
220 if (is_enc) { 196 new_renew_after = new_expires - (validity.tv_sec / 4);
221 /* encrypted */ 197 dout(" expires=%lu renew_after=%lu\n", new_expires,
222 dout(" encrypted ticket\n"); 198 new_renew_after);
223 dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf, 199
224 TEMP_TICKET_BUF_LEN); 200 /* ticket blob for service */
225 if (dlen < 0) { 201 ceph_decode_8_safe(p, end, is_enc, bad);
226 ret = dlen; 202 if (is_enc) {
227 goto out; 203 /* encrypted */
228 } 204 dout(" encrypted ticket\n");
229 dlen = ceph_decode_32(&tp); 205 dlen = ceph_x_decrypt(&old_key, p, end, &ticket_buf, 0);
230 } else { 206 if (dlen < 0) {
231 /* unencrypted */ 207 ret = dlen;
232 ceph_decode_32_safe(&p, end, dlen, bad); 208 goto out;
233 ceph_decode_need(&p, end, dlen, bad);
234 ceph_decode_copy(&p, ticket_buf, dlen);
235 } 209 }
236 tpend = tp + dlen; 210 tp = ticket_buf;
237 dout(" ticket blob is %d bytes\n", dlen); 211 dlen = ceph_decode_32(&tp);
238 ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); 212 } else {
239 blob_struct_v = ceph_decode_8(&tp); 213 /* unencrypted */
240 new_secret_id = ceph_decode_64(&tp); 214 ceph_decode_32_safe(p, end, dlen, bad);
241 ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); 215 ticket_buf = kmalloc(dlen, GFP_NOFS);
242 if (ret) 216 if (!ticket_buf) {
217 ret = -ENOMEM;
243 goto out; 218 goto out;
244 219 }
245 /* all is well, update our ticket */ 220 tp = ticket_buf;
246 ceph_crypto_key_destroy(&th->session_key); 221 ceph_decode_need(p, end, dlen, bad);
247 if (th->ticket_blob) 222 ceph_decode_copy(p, ticket_buf, dlen);
248 ceph_buffer_put(th->ticket_blob);
249 th->session_key = new_session_key;
250 th->ticket_blob = new_ticket_blob;
251 th->validity = new_validity;
252 th->secret_id = new_secret_id;
253 th->expires = new_expires;
254 th->renew_after = new_renew_after;
255 dout(" got ticket service %d (%s) secret_id %lld len %d\n",
256 type, ceph_entity_type_name(type), th->secret_id,
257 (int)th->ticket_blob->vec.iov_len);
258 xi->have_keys |= th->service;
259 } 223 }
224 tpend = tp + dlen;
225 dout(" ticket blob is %d bytes\n", dlen);
226 ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
227 blob_struct_v = ceph_decode_8(&tp);
228 new_secret_id = ceph_decode_64(&tp);
229 ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
230 if (ret)
231 goto out;
232
233 /* all is well, update our ticket */
234 ceph_crypto_key_destroy(&th->session_key);
235 if (th->ticket_blob)
236 ceph_buffer_put(th->ticket_blob);
237 th->session_key = new_session_key;
238 th->ticket_blob = new_ticket_blob;
239 th->validity = new_validity;
240 th->secret_id = new_secret_id;
241 th->expires = new_expires;
242 th->renew_after = new_renew_after;
243 dout(" got ticket service %d (%s) secret_id %lld len %d\n",
244 type, ceph_entity_type_name(type), th->secret_id,
245 (int)th->ticket_blob->vec.iov_len);
246 xi->have_keys |= th->service;
260 247
261 ret = 0;
262out: 248out:
263 kfree(ticket_buf); 249 kfree(ticket_buf);
264out_dbuf:
265 kfree(dbuf); 250 kfree(dbuf);
266 return ret; 251 return ret;
267 252
@@ -270,6 +255,34 @@ bad:
270 goto out; 255 goto out;
271} 256}
272 257
258static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
259 struct ceph_crypto_key *secret,
260 void *buf, void *end)
261{
262 void *p = buf;
263 u8 reply_struct_v;
264 u32 num;
265 int ret;
266
267 ceph_decode_8_safe(&p, end, reply_struct_v, bad);
268 if (reply_struct_v != 1)
269 return -EINVAL;
270
271 ceph_decode_32_safe(&p, end, num, bad);
272 dout("%d tickets\n", num);
273
274 while (num--) {
275 ret = process_one_ticket(ac, secret, &p, end);
276 if (ret)
277 return ret;
278 }
279
280 return 0;
281
282bad:
283 return -EINVAL;
284}
285
273static int ceph_x_build_authorizer(struct ceph_auth_client *ac, 286static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
274 struct ceph_x_ticket_handler *th, 287 struct ceph_x_ticket_handler *th,
275 struct ceph_x_authorizer *au) 288 struct ceph_x_authorizer *au)
@@ -583,13 +596,14 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
583 struct ceph_x_ticket_handler *th; 596 struct ceph_x_ticket_handler *th;
584 int ret = 0; 597 int ret = 0;
585 struct ceph_x_authorize_reply reply; 598 struct ceph_x_authorize_reply reply;
599 void *preply = &reply;
586 void *p = au->reply_buf; 600 void *p = au->reply_buf;
587 void *end = p + sizeof(au->reply_buf); 601 void *end = p + sizeof(au->reply_buf);
588 602
589 th = get_ticket_handler(ac, au->service); 603 th = get_ticket_handler(ac, au->service);
590 if (IS_ERR(th)) 604 if (IS_ERR(th))
591 return PTR_ERR(th); 605 return PTR_ERR(th);
592 ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply)); 606 ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply));
593 if (ret < 0) 607 if (ret < 0)
594 return ret; 608 return ret;
595 if (ret != sizeof(reply)) 609 if (ret != sizeof(reply))
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
index 067d3af2eaf6..61fcfc304f68 100644
--- a/net/ceph/mon_client.c
+++ b/net/ceph/mon_client.c
@@ -1181,7 +1181,15 @@ static struct ceph_msg *mon_alloc_msg(struct ceph_connection *con,
1181 if (!m) { 1181 if (!m) {
1182 pr_info("alloc_msg unknown type %d\n", type); 1182 pr_info("alloc_msg unknown type %d\n", type);
1183 *skip = 1; 1183 *skip = 1;
1184 } else if (front_len > m->front_alloc_len) {
1185 pr_warning("mon_alloc_msg front %d > prealloc %d (%u#%llu)\n",
1186 front_len, m->front_alloc_len,
1187 (unsigned int)con->peer_name.type,
1188 le64_to_cpu(con->peer_name.num));
1189 ceph_msg_put(m);
1190 m = ceph_msg_new(type, front_len, GFP_NOFS, false);
1184 } 1191 }
1192
1185 return m; 1193 return m;
1186} 1194}
1187 1195
diff --git a/net/core/datagram.c b/net/core/datagram.c
index 488dd1a825c0..fdbc9a81d4c2 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -775,7 +775,7 @@ __sum16 __skb_checksum_complete(struct sk_buff *skb)
775EXPORT_SYMBOL(__skb_checksum_complete); 775EXPORT_SYMBOL(__skb_checksum_complete);
776 776
777/** 777/**
778 * skb_copy_and_csum_datagram_iovec - Copy and checkum skb to user iovec. 778 * skb_copy_and_csum_datagram_iovec - Copy and checksum skb to user iovec.
779 * @skb: skbuff 779 * @skb: skbuff
780 * @hlen: hardware length 780 * @hlen: hardware length
781 * @iov: io vector 781 * @iov: io vector
diff --git a/net/core/dev.c b/net/core/dev.c
index b65a5051361f..ab9a16530c36 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2587,13 +2587,19 @@ netdev_features_t netif_skb_features(struct sk_buff *skb)
2587 return harmonize_features(skb, features); 2587 return harmonize_features(skb, features);
2588 } 2588 }
2589 2589
2590 features &= (skb->dev->vlan_features | NETIF_F_HW_VLAN_CTAG_TX | 2590 features = netdev_intersect_features(features,
2591 NETIF_F_HW_VLAN_STAG_TX); 2591 skb->dev->vlan_features |
2592 NETIF_F_HW_VLAN_CTAG_TX |
2593 NETIF_F_HW_VLAN_STAG_TX);
2592 2594
2593 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD)) 2595 if (protocol == htons(ETH_P_8021Q) || protocol == htons(ETH_P_8021AD))
2594 features &= NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST | 2596 features = netdev_intersect_features(features,
2595 NETIF_F_GEN_CSUM | NETIF_F_HW_VLAN_CTAG_TX | 2597 NETIF_F_SG |
2596 NETIF_F_HW_VLAN_STAG_TX; 2598 NETIF_F_HIGHDMA |
2599 NETIF_F_FRAGLIST |
2600 NETIF_F_GEN_CSUM |
2601 NETIF_F_HW_VLAN_CTAG_TX |
2602 NETIF_F_HW_VLAN_STAG_TX);
2597 2603
2598 return harmonize_features(skb, features); 2604 return harmonize_features(skb, features);
2599} 2605}
@@ -4889,7 +4895,8 @@ static void __netdev_adjacent_dev_remove(struct net_device *dev,
4889 if (adj->master) 4895 if (adj->master)
4890 sysfs_remove_link(&(dev->dev.kobj), "master"); 4896 sysfs_remove_link(&(dev->dev.kobj), "master");
4891 4897
4892 if (netdev_adjacent_is_neigh_list(dev, dev_list)) 4898 if (netdev_adjacent_is_neigh_list(dev, dev_list) &&
4899 net_eq(dev_net(dev),dev_net(adj_dev)))
4893 netdev_adjacent_sysfs_del(dev, adj_dev->name, dev_list); 4900 netdev_adjacent_sysfs_del(dev, adj_dev->name, dev_list);
4894 4901
4895 list_del_rcu(&adj->list); 4902 list_del_rcu(&adj->list);
@@ -5159,11 +5166,65 @@ void netdev_upper_dev_unlink(struct net_device *dev,
5159} 5166}
5160EXPORT_SYMBOL(netdev_upper_dev_unlink); 5167EXPORT_SYMBOL(netdev_upper_dev_unlink);
5161 5168
5169void netdev_adjacent_add_links(struct net_device *dev)
5170{
5171 struct netdev_adjacent *iter;
5172
5173 struct net *net = dev_net(dev);
5174
5175 list_for_each_entry(iter, &dev->adj_list.upper, list) {
5176 if (!net_eq(net,dev_net(iter->dev)))
5177 continue;
5178 netdev_adjacent_sysfs_add(iter->dev, dev,
5179 &iter->dev->adj_list.lower);
5180 netdev_adjacent_sysfs_add(dev, iter->dev,
5181 &dev->adj_list.upper);
5182 }
5183
5184 list_for_each_entry(iter, &dev->adj_list.lower, list) {
5185 if (!net_eq(net,dev_net(iter->dev)))
5186 continue;
5187 netdev_adjacent_sysfs_add(iter->dev, dev,
5188 &iter->dev->adj_list.upper);
5189 netdev_adjacent_sysfs_add(dev, iter->dev,
5190 &dev->adj_list.lower);
5191 }
5192}
5193
5194void netdev_adjacent_del_links(struct net_device *dev)
5195{
5196 struct netdev_adjacent *iter;
5197
5198 struct net *net = dev_net(dev);
5199
5200 list_for_each_entry(iter, &dev->adj_list.upper, list) {
5201 if (!net_eq(net,dev_net(iter->dev)))
5202 continue;
5203 netdev_adjacent_sysfs_del(iter->dev, dev->name,
5204 &iter->dev->adj_list.lower);
5205 netdev_adjacent_sysfs_del(dev, iter->dev->name,
5206 &dev->adj_list.upper);
5207 }
5208
5209 list_for_each_entry(iter, &dev->adj_list.lower, list) {
5210 if (!net_eq(net,dev_net(iter->dev)))
5211 continue;
5212 netdev_adjacent_sysfs_del(iter->dev, dev->name,
5213 &iter->dev->adj_list.upper);
5214 netdev_adjacent_sysfs_del(dev, iter->dev->name,
5215 &dev->adj_list.lower);
5216 }
5217}
5218
5162void netdev_adjacent_rename_links(struct net_device *dev, char *oldname) 5219void netdev_adjacent_rename_links(struct net_device *dev, char *oldname)
5163{ 5220{
5164 struct netdev_adjacent *iter; 5221 struct netdev_adjacent *iter;
5165 5222
5223 struct net *net = dev_net(dev);
5224
5166 list_for_each_entry(iter, &dev->adj_list.upper, list) { 5225 list_for_each_entry(iter, &dev->adj_list.upper, list) {
5226 if (!net_eq(net,dev_net(iter->dev)))
5227 continue;
5167 netdev_adjacent_sysfs_del(iter->dev, oldname, 5228 netdev_adjacent_sysfs_del(iter->dev, oldname,
5168 &iter->dev->adj_list.lower); 5229 &iter->dev->adj_list.lower);
5169 netdev_adjacent_sysfs_add(iter->dev, dev, 5230 netdev_adjacent_sysfs_add(iter->dev, dev,
@@ -5171,6 +5232,8 @@ void netdev_adjacent_rename_links(struct net_device *dev, char *oldname)
5171 } 5232 }
5172 5233
5173 list_for_each_entry(iter, &dev->adj_list.lower, list) { 5234 list_for_each_entry(iter, &dev->adj_list.lower, list) {
5235 if (!net_eq(net,dev_net(iter->dev)))
5236 continue;
5174 netdev_adjacent_sysfs_del(iter->dev, oldname, 5237 netdev_adjacent_sysfs_del(iter->dev, oldname,
5175 &iter->dev->adj_list.upper); 5238 &iter->dev->adj_list.upper);
5176 netdev_adjacent_sysfs_add(iter->dev, dev, 5239 netdev_adjacent_sysfs_add(iter->dev, dev,
@@ -6773,6 +6836,7 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
6773 6836
6774 /* Send a netdev-removed uevent to the old namespace */ 6837 /* Send a netdev-removed uevent to the old namespace */
6775 kobject_uevent(&dev->dev.kobj, KOBJ_REMOVE); 6838 kobject_uevent(&dev->dev.kobj, KOBJ_REMOVE);
6839 netdev_adjacent_del_links(dev);
6776 6840
6777 /* Actually switch the network namespace */ 6841 /* Actually switch the network namespace */
6778 dev_net_set(dev, net); 6842 dev_net_set(dev, net);
@@ -6787,6 +6851,7 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char
6787 6851
6788 /* Send a netdev-add uevent to the new namespace */ 6852 /* Send a netdev-add uevent to the new namespace */
6789 kobject_uevent(&dev->dev.kobj, KOBJ_ADD); 6853 kobject_uevent(&dev->dev.kobj, KOBJ_ADD);
6854 netdev_adjacent_add_links(dev);
6790 6855
6791 /* Fixup kobjects */ 6856 /* Fixup kobjects */
6792 err = device_rename(&dev->dev, dev->name); 6857 err = device_rename(&dev->dev, dev->name);
diff --git a/net/core/gen_estimator.c b/net/core/gen_estimator.c
index 6b5b6e7013ca..9d33dfffca19 100644
--- a/net/core/gen_estimator.c
+++ b/net/core/gen_estimator.c
@@ -197,7 +197,7 @@ struct gen_estimator *gen_find_node(const struct gnet_stats_basic_packed *bstats
197 * as destination. A new timer with the interval specified in the 197 * as destination. A new timer with the interval specified in the
198 * configuration TLV is created. Upon each interval, the latest statistics 198 * configuration TLV is created. Upon each interval, the latest statistics
199 * will be read from &bstats and the estimated rate will be stored in 199 * will be read from &bstats and the estimated rate will be stored in
200 * &rate_est with the statistics lock grabed during this period. 200 * &rate_est with the statistics lock grabbed during this period.
201 * 201 *
202 * Returns 0 on success or a negative error code. 202 * Returns 0 on success or a negative error code.
203 * 203 *
diff --git a/net/core/gen_stats.c b/net/core/gen_stats.c
index 9d3d9e78397b..2ddbce4cce14 100644
--- a/net/core/gen_stats.c
+++ b/net/core/gen_stats.c
@@ -206,7 +206,7 @@ EXPORT_SYMBOL(gnet_stats_copy_queue);
206 * @st: application specific statistics data 206 * @st: application specific statistics data
207 * @len: length of data 207 * @len: length of data
208 * 208 *
209 * Appends the application sepecific statistics to the top level TLV created by 209 * Appends the application specific statistics to the top level TLV created by
210 * gnet_stats_start_copy() and remembers the data for XSTATS if the dumping 210 * gnet_stats_start_copy() and remembers the data for XSTATS if the dumping
211 * handle is in backward compatibility mode. 211 * handle is in backward compatibility mode.
212 * 212 *
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 163b673f9e62..da1378a3e2c7 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2647,7 +2647,7 @@ EXPORT_SYMBOL(skb_prepare_seq_read);
2647 * skb_seq_read() will return the remaining part of the block. 2647 * skb_seq_read() will return the remaining part of the block.
2648 * 2648 *
2649 * Note 1: The size of each block of data returned can be arbitrary, 2649 * Note 1: The size of each block of data returned can be arbitrary,
2650 * this limitation is the cost for zerocopy seqeuental 2650 * this limitation is the cost for zerocopy sequential
2651 * reads of potentially non linear data. 2651 * reads of potentially non linear data.
2652 * 2652 *
2653 * Note 2: Fragment lists within fragments are not implemented 2653 * Note 2: Fragment lists within fragments are not implemented
@@ -2781,7 +2781,7 @@ EXPORT_SYMBOL(skb_find_text);
2781/** 2781/**
2782 * skb_append_datato_frags - append the user data to a skb 2782 * skb_append_datato_frags - append the user data to a skb
2783 * @sk: sock structure 2783 * @sk: sock structure
2784 * @skb: skb structure to be appened with user data. 2784 * @skb: skb structure to be appended with user data.
2785 * @getfrag: call back function to be used for getting the user data 2785 * @getfrag: call back function to be used for getting the user data
2786 * @from: pointer to user message iov 2786 * @from: pointer to user message iov
2787 * @length: length of the iov message 2787 * @length: length of the iov message
diff --git a/net/core/sock.c b/net/core/sock.c
index 2714811afbd8..d372b4bd3f99 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -166,7 +166,7 @@ EXPORT_SYMBOL(sk_ns_capable);
166/** 166/**
167 * sk_capable - Socket global capability test 167 * sk_capable - Socket global capability test
168 * @sk: Socket to use a capability on or through 168 * @sk: Socket to use a capability on or through
169 * @cap: The global capbility to use 169 * @cap: The global capability to use
170 * 170 *
171 * Test to see if the opener of the socket had when the socket was 171 * Test to see if the opener of the socket had when the socket was
172 * created and the current process has the capability @cap in all user 172 * created and the current process has the capability @cap in all user
@@ -183,7 +183,7 @@ EXPORT_SYMBOL(sk_capable);
183 * @sk: Socket to use a capability on or through 183 * @sk: Socket to use a capability on or through
184 * @cap: The capability to use 184 * @cap: The capability to use
185 * 185 *
186 * Test to see if the opener of the socket had when the socke was created 186 * Test to see if the opener of the socket had when the socket was created
187 * and the current process has the capability @cap over the network namespace 187 * and the current process has the capability @cap over the network namespace
188 * the socket is a member of. 188 * the socket is a member of.
189 */ 189 */
@@ -1822,6 +1822,9 @@ struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
1822 order); 1822 order);
1823 if (page) 1823 if (page)
1824 goto fill_page; 1824 goto fill_page;
1825 /* Do not retry other high order allocations */
1826 order = 1;
1827 max_page_order = 0;
1825 } 1828 }
1826 order--; 1829 order--;
1827 } 1830 }
@@ -1869,10 +1872,8 @@ EXPORT_SYMBOL(sock_alloc_send_skb);
1869 * no guarantee that allocations succeed. Therefore, @sz MUST be 1872 * no guarantee that allocations succeed. Therefore, @sz MUST be
1870 * less or equal than PAGE_SIZE. 1873 * less or equal than PAGE_SIZE.
1871 */ 1874 */
1872bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t prio) 1875bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t gfp)
1873{ 1876{
1874 int order;
1875
1876 if (pfrag->page) { 1877 if (pfrag->page) {
1877 if (atomic_read(&pfrag->page->_count) == 1) { 1878 if (atomic_read(&pfrag->page->_count) == 1) {
1878 pfrag->offset = 0; 1879 pfrag->offset = 0;
@@ -1883,20 +1884,21 @@ bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t prio)
1883 put_page(pfrag->page); 1884 put_page(pfrag->page);
1884 } 1885 }
1885 1886
1886 order = SKB_FRAG_PAGE_ORDER; 1887 pfrag->offset = 0;
1887 do { 1888 if (SKB_FRAG_PAGE_ORDER) {
1888 gfp_t gfp = prio; 1889 pfrag->page = alloc_pages(gfp | __GFP_COMP |
1889 1890 __GFP_NOWARN | __GFP_NORETRY,
1890 if (order) 1891 SKB_FRAG_PAGE_ORDER);
1891 gfp |= __GFP_COMP | __GFP_NOWARN | __GFP_NORETRY;
1892 pfrag->page = alloc_pages(gfp, order);
1893 if (likely(pfrag->page)) { 1892 if (likely(pfrag->page)) {
1894 pfrag->offset = 0; 1893 pfrag->size = PAGE_SIZE << SKB_FRAG_PAGE_ORDER;
1895 pfrag->size = PAGE_SIZE << order;
1896 return true; 1894 return true;
1897 } 1895 }
1898 } while (--order >= 0); 1896 }
1899 1897 pfrag->page = alloc_page(gfp);
1898 if (likely(pfrag->page)) {
1899 pfrag->size = PAGE_SIZE;
1900 return true;
1901 }
1900 return false; 1902 return false;
1901} 1903}
1902EXPORT_SYMBOL(skb_page_frag_refill); 1904EXPORT_SYMBOL(skb_page_frag_refill);
diff --git a/net/ieee802154/6lowpan_rtnl.c b/net/ieee802154/6lowpan_rtnl.c
index 016b77ee88f0..6591d27e53a4 100644
--- a/net/ieee802154/6lowpan_rtnl.c
+++ b/net/ieee802154/6lowpan_rtnl.c
@@ -246,7 +246,7 @@ lowpan_alloc_frag(struct sk_buff *skb, int size,
246 return ERR_PTR(-rc); 246 return ERR_PTR(-rc);
247 } 247 }
248 } else { 248 } else {
249 frag = ERR_PTR(ENOMEM); 249 frag = ERR_PTR(-ENOMEM);
250 } 250 }
251 251
252 return frag; 252 return frag;
@@ -437,7 +437,7 @@ static void lowpan_setup(struct net_device *dev)
437 /* Frame Control + Sequence Number + Address fields + Security Header */ 437 /* Frame Control + Sequence Number + Address fields + Security Header */
438 dev->hard_header_len = 2 + 1 + 20 + 14; 438 dev->hard_header_len = 2 + 1 + 20 + 14;
439 dev->needed_tailroom = 2; /* FCS */ 439 dev->needed_tailroom = 2; /* FCS */
440 dev->mtu = 1281; 440 dev->mtu = IPV6_MIN_MTU;
441 dev->tx_queue_len = 0; 441 dev->tx_queue_len = 0;
442 dev->flags = IFF_BROADCAST | IFF_MULTICAST; 442 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
443 dev->watchdog_timeo = 0; 443 dev->watchdog_timeo = 0;
diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c
index ffec6ce51005..32755cb7e64e 100644
--- a/net/ieee802154/reassembly.c
+++ b/net/ieee802154/reassembly.c
@@ -355,8 +355,6 @@ int lowpan_frag_rcv(struct sk_buff *skb, const u8 frag_type)
355 struct net *net = dev_net(skb->dev); 355 struct net *net = dev_net(skb->dev);
356 struct lowpan_frag_info *frag_info = lowpan_cb(skb); 356 struct lowpan_frag_info *frag_info = lowpan_cb(skb);
357 struct ieee802154_addr source, dest; 357 struct ieee802154_addr source, dest;
358 struct netns_ieee802154_lowpan *ieee802154_lowpan =
359 net_ieee802154_lowpan(net);
360 int err; 358 int err;
361 359
362 source = mac_cb(skb)->source; 360 source = mac_cb(skb)->source;
@@ -366,8 +364,10 @@ int lowpan_frag_rcv(struct sk_buff *skb, const u8 frag_type)
366 if (err < 0) 364 if (err < 0)
367 goto err; 365 goto err;
368 366
369 if (frag_info->d_size > ieee802154_lowpan->max_dsize) 367 if (frag_info->d_size > IPV6_MIN_MTU) {
368 net_warn_ratelimited("lowpan_frag_rcv: datagram size exceeds MTU\n");
370 goto err; 369 goto err;
370 }
371 371
372 fq = fq_find(net, frag_info, &source, &dest); 372 fq = fq_find(net, frag_info, &source, &dest);
373 if (fq != NULL) { 373 if (fq != NULL) {
@@ -415,13 +415,6 @@ static struct ctl_table lowpan_frags_ns_ctl_table[] = {
415 .mode = 0644, 415 .mode = 0644,
416 .proc_handler = proc_dointvec_jiffies, 416 .proc_handler = proc_dointvec_jiffies,
417 }, 417 },
418 {
419 .procname = "6lowpanfrag_max_datagram_size",
420 .data = &init_net.ieee802154_lowpan.max_dsize,
421 .maxlen = sizeof(int),
422 .mode = 0644,
423 .proc_handler = proc_dointvec
424 },
425 { } 418 { }
426}; 419};
427 420
@@ -458,7 +451,6 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
458 table[1].data = &ieee802154_lowpan->frags.low_thresh; 451 table[1].data = &ieee802154_lowpan->frags.low_thresh;
459 table[1].extra2 = &ieee802154_lowpan->frags.high_thresh; 452 table[1].extra2 = &ieee802154_lowpan->frags.high_thresh;
460 table[2].data = &ieee802154_lowpan->frags.timeout; 453 table[2].data = &ieee802154_lowpan->frags.timeout;
461 table[3].data = &ieee802154_lowpan->max_dsize;
462 454
463 /* Don't export sysctls to unprivileged users */ 455 /* Don't export sysctls to unprivileged users */
464 if (net->user_ns != &init_user_ns) 456 if (net->user_ns != &init_user_ns)
@@ -533,7 +525,6 @@ static int __net_init lowpan_frags_init_net(struct net *net)
533 ieee802154_lowpan->frags.high_thresh = IPV6_FRAG_HIGH_THRESH; 525 ieee802154_lowpan->frags.high_thresh = IPV6_FRAG_HIGH_THRESH;
534 ieee802154_lowpan->frags.low_thresh = IPV6_FRAG_LOW_THRESH; 526 ieee802154_lowpan->frags.low_thresh = IPV6_FRAG_LOW_THRESH;
535 ieee802154_lowpan->frags.timeout = IPV6_FRAG_TIMEOUT; 527 ieee802154_lowpan->frags.timeout = IPV6_FRAG_TIMEOUT;
536 ieee802154_lowpan->max_dsize = 0xFFFF;
537 528
538 inet_frags_init_net(&ieee802154_lowpan->frags); 529 inet_frags_init_net(&ieee802154_lowpan->frags);
539 530
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index fb173126f03d..7cbcaf4f0194 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -82,6 +82,52 @@ config NF_TABLES_ARP
82 help 82 help
83 This option enables the ARP support for nf_tables. 83 This option enables the ARP support for nf_tables.
84 84
85config NF_NAT_IPV4
86 tristate "IPv4 NAT"
87 depends on NF_CONNTRACK_IPV4
88 default m if NETFILTER_ADVANCED=n
89 select NF_NAT
90 help
91 The IPv4 NAT option allows masquerading, port forwarding and other
92 forms of full Network Address Port Translation. This can be
93 controlled by iptables or nft.
94
95if NF_NAT_IPV4
96
97config NF_NAT_SNMP_BASIC
98 tristate "Basic SNMP-ALG support"
99 depends on NF_CONNTRACK_SNMP
100 depends on NETFILTER_ADVANCED
101 default NF_NAT && NF_CONNTRACK_SNMP
102 ---help---
103
104 This module implements an Application Layer Gateway (ALG) for
105 SNMP payloads. In conjunction with NAT, it allows a network
106 management system to access multiple private networks with
107 conflicting addresses. It works by modifying IP addresses
108 inside SNMP payloads to match IP-layer NAT mapping.
109
110 This is the "basic" form of SNMP-ALG, as described in RFC 2962
111
112 To compile it as a module, choose M here. If unsure, say N.
113
114config NF_NAT_PROTO_GRE
115 tristate
116 depends on NF_CT_PROTO_GRE
117
118config NF_NAT_PPTP
119 tristate
120 depends on NF_CONNTRACK
121 default NF_CONNTRACK_PPTP
122 select NF_NAT_PROTO_GRE
123
124config NF_NAT_H323
125 tristate
126 depends on NF_CONNTRACK
127 default NF_CONNTRACK_H323
128
129endif # NF_NAT_IPV4
130
85config IP_NF_IPTABLES 131config IP_NF_IPTABLES
86 tristate "IP tables support (required for filtering/masq/NAT)" 132 tristate "IP tables support (required for filtering/masq/NAT)"
87 default m if NETFILTER_ADVANCED=n 133 default m if NETFILTER_ADVANCED=n
@@ -170,19 +216,21 @@ config IP_NF_TARGET_SYNPROXY
170 To compile it as a module, choose M here. If unsure, say N. 216 To compile it as a module, choose M here. If unsure, say N.
171 217
172# NAT + specific targets: nf_conntrack 218# NAT + specific targets: nf_conntrack
173config NF_NAT_IPV4 219config IP_NF_NAT
174 tristate "IPv4 NAT" 220 tristate "iptables NAT support"
175 depends on NF_CONNTRACK_IPV4 221 depends on NF_CONNTRACK_IPV4
176 default m if NETFILTER_ADVANCED=n 222 default m if NETFILTER_ADVANCED=n
177 select NF_NAT 223 select NF_NAT
224 select NF_NAT_IPV4
225 select NETFILTER_XT_NAT
178 help 226 help
179 The IPv4 NAT option allows masquerading, port forwarding and other 227 This enables the `nat' table in iptables. This allows masquerading,
180 forms of full Network Address Port Translation. It is controlled by 228 port forwarding and other forms of full Network Address Port
181 the `nat' table in iptables: see the man page for iptables(8). 229 Translation.
182 230
183 To compile it as a module, choose M here. If unsure, say N. 231 To compile it as a module, choose M here. If unsure, say N.
184 232
185if NF_NAT_IPV4 233if IP_NF_NAT
186 234
187config IP_NF_TARGET_MASQUERADE 235config IP_NF_TARGET_MASQUERADE
188 tristate "MASQUERADE target support" 236 tristate "MASQUERADE target support"
@@ -214,47 +262,7 @@ config IP_NF_TARGET_REDIRECT
214 (e.g. when running oldconfig). It selects 262 (e.g. when running oldconfig). It selects
215 CONFIG_NETFILTER_XT_TARGET_REDIRECT. 263 CONFIG_NETFILTER_XT_TARGET_REDIRECT.
216 264
217endif 265endif # IP_NF_NAT
218
219config NF_NAT_SNMP_BASIC
220 tristate "Basic SNMP-ALG support"
221 depends on NF_CONNTRACK_SNMP && NF_NAT_IPV4
222 depends on NETFILTER_ADVANCED
223 default NF_NAT && NF_CONNTRACK_SNMP
224 ---help---
225
226 This module implements an Application Layer Gateway (ALG) for
227 SNMP payloads. In conjunction with NAT, it allows a network
228 management system to access multiple private networks with
229 conflicting addresses. It works by modifying IP addresses
230 inside SNMP payloads to match IP-layer NAT mapping.
231
232 This is the "basic" form of SNMP-ALG, as described in RFC 2962
233
234 To compile it as a module, choose M here. If unsure, say N.
235
236# If they want FTP, set to $CONFIG_IP_NF_NAT (m or y),
237# or $CONFIG_IP_NF_FTP (m or y), whichever is weaker.
238# From kconfig-language.txt:
239#
240# <expr> '&&' <expr> (6)
241#
242# (6) Returns the result of min(/expr/, /expr/).
243
244config NF_NAT_PROTO_GRE
245 tristate
246 depends on NF_NAT_IPV4 && NF_CT_PROTO_GRE
247
248config NF_NAT_PPTP
249 tristate
250 depends on NF_CONNTRACK && NF_NAT_IPV4
251 default NF_NAT_IPV4 && NF_CONNTRACK_PPTP
252 select NF_NAT_PROTO_GRE
253
254config NF_NAT_H323
255 tristate
256 depends on NF_CONNTRACK && NF_NAT_IPV4
257 default NF_NAT_IPV4 && NF_CONNTRACK_H323
258 266
259# mangle + specific targets 267# mangle + specific targets
260config IP_NF_MANGLE 268config IP_NF_MANGLE
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 33001621465b..edf4af32e9f2 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -43,7 +43,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
43# the three instances of ip_tables 43# the three instances of ip_tables
44obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o 44obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
45obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o 45obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
46obj-$(CONFIG_NF_NAT_IPV4) += iptable_nat.o 46obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
47obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o 47obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
48obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o 48obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
49 49
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 0b239fc1816e..fc1fac2a0528 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1690,14 +1690,12 @@ void addrconf_dad_failure(struct inet6_ifaddr *ifp)
1690 addrconf_mod_dad_work(ifp, 0); 1690 addrconf_mod_dad_work(ifp, 0);
1691} 1691}
1692 1692
1693/* Join to solicited addr multicast group. */ 1693/* Join to solicited addr multicast group.
1694 1694 * caller must hold RTNL */
1695void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr) 1695void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr)
1696{ 1696{
1697 struct in6_addr maddr; 1697 struct in6_addr maddr;
1698 1698
1699 ASSERT_RTNL();
1700
1701 if (dev->flags&(IFF_LOOPBACK|IFF_NOARP)) 1699 if (dev->flags&(IFF_LOOPBACK|IFF_NOARP))
1702 return; 1700 return;
1703 1701
@@ -1705,12 +1703,11 @@ void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr)
1705 ipv6_dev_mc_inc(dev, &maddr); 1703 ipv6_dev_mc_inc(dev, &maddr);
1706} 1704}
1707 1705
1706/* caller must hold RTNL */
1708void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr) 1707void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr)
1709{ 1708{
1710 struct in6_addr maddr; 1709 struct in6_addr maddr;
1711 1710
1712 ASSERT_RTNL();
1713
1714 if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP)) 1711 if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP))
1715 return; 1712 return;
1716 1713
@@ -1718,12 +1715,11 @@ void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr)
1718 __ipv6_dev_mc_dec(idev, &maddr); 1715 __ipv6_dev_mc_dec(idev, &maddr);
1719} 1716}
1720 1717
1718/* caller must hold RTNL */
1721static void addrconf_join_anycast(struct inet6_ifaddr *ifp) 1719static void addrconf_join_anycast(struct inet6_ifaddr *ifp)
1722{ 1720{
1723 struct in6_addr addr; 1721 struct in6_addr addr;
1724 1722
1725 ASSERT_RTNL();
1726
1727 if (ifp->prefix_len >= 127) /* RFC 6164 */ 1723 if (ifp->prefix_len >= 127) /* RFC 6164 */
1728 return; 1724 return;
1729 ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len); 1725 ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len);
@@ -1732,12 +1728,11 @@ static void addrconf_join_anycast(struct inet6_ifaddr *ifp)
1732 ipv6_dev_ac_inc(ifp->idev->dev, &addr); 1728 ipv6_dev_ac_inc(ifp->idev->dev, &addr);
1733} 1729}
1734 1730
1731/* caller must hold RTNL */
1735static void addrconf_leave_anycast(struct inet6_ifaddr *ifp) 1732static void addrconf_leave_anycast(struct inet6_ifaddr *ifp)
1736{ 1733{
1737 struct in6_addr addr; 1734 struct in6_addr addr;
1738 1735
1739 ASSERT_RTNL();
1740
1741 if (ifp->prefix_len >= 127) /* RFC 6164 */ 1736 if (ifp->prefix_len >= 127) /* RFC 6164 */
1742 return; 1737 return;
1743 ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len); 1738 ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len);
@@ -4773,15 +4768,11 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
4773 addrconf_leave_solict(ifp->idev, &ifp->addr); 4768 addrconf_leave_solict(ifp->idev, &ifp->addr);
4774 if (!ipv6_addr_any(&ifp->peer_addr)) { 4769 if (!ipv6_addr_any(&ifp->peer_addr)) {
4775 struct rt6_info *rt; 4770 struct rt6_info *rt;
4776 struct net_device *dev = ifp->idev->dev; 4771
4777 4772 rt = addrconf_get_prefix_route(&ifp->peer_addr, 128,
4778 rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, 4773 ifp->idev->dev, 0, 0);
4779 dev->ifindex, 1); 4774 if (rt && ip6_del_rt(rt))
4780 if (rt) { 4775 dst_free(&rt->dst);
4781 dst_hold(&rt->dst);
4782 if (ip6_del_rt(rt))
4783 dst_free(&rt->dst);
4784 }
4785 } 4776 }
4786 dst_hold(&ifp->rt->dst); 4777 dst_hold(&ifp->rt->dst);
4787 4778
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index 210183244689..ff2de7d9d8e6 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -77,6 +77,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
77 pac->acl_next = NULL; 77 pac->acl_next = NULL;
78 pac->acl_addr = *addr; 78 pac->acl_addr = *addr;
79 79
80 rtnl_lock();
80 rcu_read_lock(); 81 rcu_read_lock();
81 if (ifindex == 0) { 82 if (ifindex == 0) {
82 struct rt6_info *rt; 83 struct rt6_info *rt;
@@ -137,6 +138,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
137 138
138error: 139error:
139 rcu_read_unlock(); 140 rcu_read_unlock();
141 rtnl_unlock();
140 if (pac) 142 if (pac)
141 sock_kfree_s(sk, pac, sizeof(*pac)); 143 sock_kfree_s(sk, pac, sizeof(*pac));
142 return err; 144 return err;
@@ -171,11 +173,13 @@ int ipv6_sock_ac_drop(struct sock *sk, int ifindex, const struct in6_addr *addr)
171 173
172 spin_unlock_bh(&ipv6_sk_ac_lock); 174 spin_unlock_bh(&ipv6_sk_ac_lock);
173 175
176 rtnl_lock();
174 rcu_read_lock(); 177 rcu_read_lock();
175 dev = dev_get_by_index_rcu(net, pac->acl_ifindex); 178 dev = dev_get_by_index_rcu(net, pac->acl_ifindex);
176 if (dev) 179 if (dev)
177 ipv6_dev_ac_dec(dev, &pac->acl_addr); 180 ipv6_dev_ac_dec(dev, &pac->acl_addr);
178 rcu_read_unlock(); 181 rcu_read_unlock();
182 rtnl_unlock();
179 183
180 sock_kfree_s(sk, pac, sizeof(*pac)); 184 sock_kfree_s(sk, pac, sizeof(*pac));
181 return 0; 185 return 0;
@@ -198,6 +202,7 @@ void ipv6_sock_ac_close(struct sock *sk)
198 spin_unlock_bh(&ipv6_sk_ac_lock); 202 spin_unlock_bh(&ipv6_sk_ac_lock);
199 203
200 prev_index = 0; 204 prev_index = 0;
205 rtnl_lock();
201 rcu_read_lock(); 206 rcu_read_lock();
202 while (pac) { 207 while (pac) {
203 struct ipv6_ac_socklist *next = pac->acl_next; 208 struct ipv6_ac_socklist *next = pac->acl_next;
@@ -212,6 +217,7 @@ void ipv6_sock_ac_close(struct sock *sk)
212 pac = next; 217 pac = next;
213 } 218 }
214 rcu_read_unlock(); 219 rcu_read_unlock();
220 rtnl_unlock();
215} 221}
216 222
217static void aca_put(struct ifacaddr6 *ac) 223static void aca_put(struct ifacaddr6 *ac)
@@ -233,6 +239,8 @@ int ipv6_dev_ac_inc(struct net_device *dev, const struct in6_addr *addr)
233 struct rt6_info *rt; 239 struct rt6_info *rt;
234 int err; 240 int err;
235 241
242 ASSERT_RTNL();
243
236 idev = in6_dev_get(dev); 244 idev = in6_dev_get(dev);
237 245
238 if (idev == NULL) 246 if (idev == NULL)
@@ -302,6 +310,8 @@ int __ipv6_dev_ac_dec(struct inet6_dev *idev, const struct in6_addr *addr)
302{ 310{
303 struct ifacaddr6 *aca, *prev_aca; 311 struct ifacaddr6 *aca, *prev_aca;
304 312
313 ASSERT_RTNL();
314
305 write_lock_bh(&idev->lock); 315 write_lock_bh(&idev->lock);
306 prev_aca = NULL; 316 prev_aca = NULL;
307 for (aca = idev->ac_list; aca; aca = aca->aca_next) { 317 for (aca = idev->ac_list; aca; aca = aca->aca_next) {
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index cb4459bd1d29..76b7f5ee8f4c 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -643,7 +643,7 @@ static int fib6_commit_metrics(struct dst_entry *dst,
643 if (dst->flags & DST_HOST) { 643 if (dst->flags & DST_HOST) {
644 mp = dst_metrics_write_ptr(dst); 644 mp = dst_metrics_write_ptr(dst);
645 } else { 645 } else {
646 mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL); 646 mp = kzalloc(sizeof(u32) * RTAX_MAX, GFP_ATOMIC);
647 if (!mp) 647 if (!mp)
648 return -ENOMEM; 648 return -ENOMEM;
649 dst_init_metrics(dst, mp, 0); 649 dst_init_metrics(dst, mp, 0);
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 617f0958e164..a23b655a7627 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -172,6 +172,7 @@ int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
172 mc_lst->next = NULL; 172 mc_lst->next = NULL;
173 mc_lst->addr = *addr; 173 mc_lst->addr = *addr;
174 174
175 rtnl_lock();
175 rcu_read_lock(); 176 rcu_read_lock();
176 if (ifindex == 0) { 177 if (ifindex == 0) {
177 struct rt6_info *rt; 178 struct rt6_info *rt;
@@ -185,6 +186,7 @@ int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
185 186
186 if (dev == NULL) { 187 if (dev == NULL) {
187 rcu_read_unlock(); 188 rcu_read_unlock();
189 rtnl_unlock();
188 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 190 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst));
189 return -ENODEV; 191 return -ENODEV;
190 } 192 }
@@ -202,6 +204,7 @@ int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
202 204
203 if (err) { 205 if (err) {
204 rcu_read_unlock(); 206 rcu_read_unlock();
207 rtnl_unlock();
205 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 208 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst));
206 return err; 209 return err;
207 } 210 }
@@ -212,6 +215,7 @@ int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
212 spin_unlock(&ipv6_sk_mc_lock); 215 spin_unlock(&ipv6_sk_mc_lock);
213 216
214 rcu_read_unlock(); 217 rcu_read_unlock();
218 rtnl_unlock();
215 219
216 return 0; 220 return 0;
217} 221}
@@ -229,6 +233,7 @@ int ipv6_sock_mc_drop(struct sock *sk, int ifindex, const struct in6_addr *addr)
229 if (!ipv6_addr_is_multicast(addr)) 233 if (!ipv6_addr_is_multicast(addr))
230 return -EINVAL; 234 return -EINVAL;
231 235
236 rtnl_lock();
232 spin_lock(&ipv6_sk_mc_lock); 237 spin_lock(&ipv6_sk_mc_lock);
233 for (lnk = &np->ipv6_mc_list; 238 for (lnk = &np->ipv6_mc_list;
234 (mc_lst = rcu_dereference_protected(*lnk, 239 (mc_lst = rcu_dereference_protected(*lnk,
@@ -252,12 +257,15 @@ int ipv6_sock_mc_drop(struct sock *sk, int ifindex, const struct in6_addr *addr)
252 } else 257 } else
253 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 258 (void) ip6_mc_leave_src(sk, mc_lst, NULL);
254 rcu_read_unlock(); 259 rcu_read_unlock();
260 rtnl_unlock();
261
255 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 262 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc);
256 kfree_rcu(mc_lst, rcu); 263 kfree_rcu(mc_lst, rcu);
257 return 0; 264 return 0;
258 } 265 }
259 } 266 }
260 spin_unlock(&ipv6_sk_mc_lock); 267 spin_unlock(&ipv6_sk_mc_lock);
268 rtnl_unlock();
261 269
262 return -EADDRNOTAVAIL; 270 return -EADDRNOTAVAIL;
263} 271}
@@ -302,6 +310,7 @@ void ipv6_sock_mc_close(struct sock *sk)
302 if (!rcu_access_pointer(np->ipv6_mc_list)) 310 if (!rcu_access_pointer(np->ipv6_mc_list))
303 return; 311 return;
304 312
313 rtnl_lock();
305 spin_lock(&ipv6_sk_mc_lock); 314 spin_lock(&ipv6_sk_mc_lock);
306 while ((mc_lst = rcu_dereference_protected(np->ipv6_mc_list, 315 while ((mc_lst = rcu_dereference_protected(np->ipv6_mc_list,
307 lockdep_is_held(&ipv6_sk_mc_lock))) != NULL) { 316 lockdep_is_held(&ipv6_sk_mc_lock))) != NULL) {
@@ -328,6 +337,7 @@ void ipv6_sock_mc_close(struct sock *sk)
328 spin_lock(&ipv6_sk_mc_lock); 337 spin_lock(&ipv6_sk_mc_lock);
329 } 338 }
330 spin_unlock(&ipv6_sk_mc_lock); 339 spin_unlock(&ipv6_sk_mc_lock);
340 rtnl_unlock();
331} 341}
332 342
333int ip6_mc_source(int add, int omode, struct sock *sk, 343int ip6_mc_source(int add, int omode, struct sock *sk,
@@ -845,6 +855,8 @@ int ipv6_dev_mc_inc(struct net_device *dev, const struct in6_addr *addr)
845 struct ifmcaddr6 *mc; 855 struct ifmcaddr6 *mc;
846 struct inet6_dev *idev; 856 struct inet6_dev *idev;
847 857
858 ASSERT_RTNL();
859
848 /* we need to take a reference on idev */ 860 /* we need to take a reference on idev */
849 idev = in6_dev_get(dev); 861 idev = in6_dev_get(dev);
850 862
@@ -916,6 +928,8 @@ int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr)
916{ 928{
917 struct ifmcaddr6 *ma, **map; 929 struct ifmcaddr6 *ma, **map;
918 930
931 ASSERT_RTNL();
932
919 write_lock_bh(&idev->lock); 933 write_lock_bh(&idev->lock);
920 for (map = &idev->mc_list; (ma=*map) != NULL; map = &ma->next) { 934 for (map = &idev->mc_list; (ma=*map) != NULL; map = &ma->next) {
921 if (ipv6_addr_equal(&ma->mca_addr, addr)) { 935 if (ipv6_addr_equal(&ma->mca_addr, addr)) {
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index ac93df16f5af..2812816aabdc 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -57,9 +57,19 @@ config NFT_REJECT_IPV6
57 57
58config NF_LOG_IPV6 58config NF_LOG_IPV6
59 tristate "IPv6 packet logging" 59 tristate "IPv6 packet logging"
60 depends on NETFILTER_ADVANCED 60 default m if NETFILTER_ADVANCED=n
61 select NF_LOG_COMMON 61 select NF_LOG_COMMON
62 62
63config NF_NAT_IPV6
64 tristate "IPv6 NAT"
65 depends on NF_CONNTRACK_IPV6
66 depends on NETFILTER_ADVANCED
67 select NF_NAT
68 help
69 The IPv6 NAT option allows masquerading, port forwarding and other
70 forms of full Network Address Port Translation. This can be
71 controlled by iptables or nft.
72
63config IP6_NF_IPTABLES 73config IP6_NF_IPTABLES
64 tristate "IP6 tables support (required for filtering)" 74 tristate "IP6 tables support (required for filtering)"
65 depends on INET && IPV6 75 depends on INET && IPV6
@@ -232,19 +242,21 @@ config IP6_NF_SECURITY
232 242
233 If unsure, say N. 243 If unsure, say N.
234 244
235config NF_NAT_IPV6 245config IP6_NF_NAT
236 tristate "IPv6 NAT" 246 tristate "ip6tables NAT support"
237 depends on NF_CONNTRACK_IPV6 247 depends on NF_CONNTRACK_IPV6
238 depends on NETFILTER_ADVANCED 248 depends on NETFILTER_ADVANCED
239 select NF_NAT 249 select NF_NAT
250 select NF_NAT_IPV6
251 select NETFILTER_XT_NAT
240 help 252 help
241 The IPv6 NAT option allows masquerading, port forwarding and other 253 This enables the `nat' table in ip6tables. This allows masquerading,
242 forms of full Network Address Port Translation. It is controlled by 254 port forwarding and other forms of full Network Address Port
243 the `nat' table in ip6tables, see the man page for ip6tables(8). 255 Translation.
244 256
245 To compile it as a module, choose M here. If unsure, say N. 257 To compile it as a module, choose M here. If unsure, say N.
246 258
247if NF_NAT_IPV6 259if IP6_NF_NAT
248 260
249config IP6_NF_TARGET_MASQUERADE 261config IP6_NF_TARGET_MASQUERADE
250 tristate "MASQUERADE target support" 262 tristate "MASQUERADE target support"
@@ -265,7 +277,7 @@ config IP6_NF_TARGET_NPT
265 277
266 To compile it as a module, choose M here. If unsure, say N. 278 To compile it as a module, choose M here. If unsure, say N.
267 279
268endif # NF_NAT_IPV6 280endif # IP6_NF_NAT
269 281
270endif # IP6_NF_IPTABLES 282endif # IP6_NF_IPTABLES
271 283
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index c0b263104ed2..c3d3286db4bb 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -8,7 +8,7 @@ obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
8obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o 8obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
9obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o 9obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
10obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o 10obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o
11obj-$(CONFIG_NF_NAT_IPV6) += ip6table_nat.o 11obj-$(CONFIG_IP6_NF_NAT) += ip6table_nat.o
12 12
13# objects for l3 independent conntrack 13# objects for l3 independent conntrack
14nf_conntrack_ipv6-y := nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o 14nf_conntrack_ipv6-y := nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 13752d96275e..b704a9356208 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -755,7 +755,8 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
755 /* If PMTU discovery was enabled, use the MTU that was discovered */ 755 /* If PMTU discovery was enabled, use the MTU that was discovered */
756 dst = sk_dst_get(tunnel->sock); 756 dst = sk_dst_get(tunnel->sock);
757 if (dst != NULL) { 757 if (dst != NULL) {
758 u32 pmtu = dst_mtu(__sk_dst_get(tunnel->sock)); 758 u32 pmtu = dst_mtu(dst);
759
759 if (pmtu != 0) 760 if (pmtu != 0)
760 session->mtu = session->mru = pmtu - 761 session->mtu = session->mru = pmtu -
761 PPPOL2TP_HEADER_OVERHEAD; 762 PPPOL2TP_HEADER_OVERHEAD;
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 6d537f03c0ba..399ad82c997f 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -541,6 +541,8 @@ static void ieee80211_recalc_chanctx_chantype(struct ieee80211_local *local,
541 continue; 541 continue;
542 if (rcu_access_pointer(sdata->vif.chanctx_conf) != conf) 542 if (rcu_access_pointer(sdata->vif.chanctx_conf) != conf)
543 continue; 543 continue;
544 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
545 continue;
544 546
545 if (!compat) 547 if (!compat)
546 compat = &sdata->vif.bss_conf.chandef; 548 compat = &sdata->vif.bss_conf.chandef;
@@ -1444,7 +1446,7 @@ ieee80211_vif_use_reserved_switch(struct ieee80211_local *local)
1444 1446
1445 list_del(&sdata->reserved_chanctx_list); 1447 list_del(&sdata->reserved_chanctx_list);
1446 list_move(&sdata->assigned_chanctx_list, 1448 list_move(&sdata->assigned_chanctx_list,
1447 &new_ctx->assigned_vifs); 1449 &ctx->assigned_vifs);
1448 sdata->reserved_chanctx = NULL; 1450 sdata->reserved_chanctx = NULL;
1449 1451
1450 ieee80211_vif_chanctx_reservation_complete(sdata); 1452 ieee80211_vif_chanctx_reservation_complete(sdata);
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 3db96648b45a..86173c0de40e 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -167,7 +167,7 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
167 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", 167 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n",
168 sta->ampdu_mlme.dialog_token_allocator + 1); 168 sta->ampdu_mlme.dialog_token_allocator + 1);
169 p += scnprintf(p, sizeof(buf) + buf - p, 169 p += scnprintf(p, sizeof(buf) + buf - p,
170 "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tpending\n"); 170 "TID\t\tRX\tDTKN\tSSN\t\tTX\tDTKN\tpending\n");
171 171
172 for (i = 0; i < IEEE80211_NUM_TIDS; i++) { 172 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
173 tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[i]); 173 tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[i]);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 01eede7406a5..f75e5f132c5a 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1175,8 +1175,8 @@ static void ieee80211_iface_work(struct work_struct *work)
1175 if (sta) { 1175 if (sta) {
1176 u16 last_seq; 1176 u16 last_seq;
1177 1177
1178 last_seq = le16_to_cpu( 1178 last_seq = IEEE80211_SEQ_TO_SN(le16_to_cpu(
1179 sta->last_seq_ctrl[rx_agg->tid]); 1179 sta->last_seq_ctrl[rx_agg->tid]));
1180 1180
1181 __ieee80211_start_rx_ba_session(sta, 1181 __ieee80211_start_rx_ba_session(sta,
1182 0, 0, 1182 0, 0,
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 63b874101b27..c47194d27149 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -959,7 +959,8 @@ mesh_plink_get_event(struct ieee80211_sub_if_data *sdata,
959 if (!matches_local) 959 if (!matches_local)
960 event = CNF_RJCT; 960 event = CNF_RJCT;
961 if (!mesh_plink_free_count(sdata) || 961 if (!mesh_plink_free_count(sdata) ||
962 (sta->llid != llid || sta->plid != plid)) 962 sta->llid != llid ||
963 (sta->plid && sta->plid != plid))
963 event = CNF_IGNR; 964 event = CNF_IGNR;
964 else 965 else
965 event = CNF_ACPT; 966 event = CNF_ACPT;
@@ -1080,6 +1081,10 @@ mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata,
1080 goto unlock_rcu; 1081 goto unlock_rcu;
1081 } 1082 }
1082 1083
1084 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */
1085 if (!sta->plid && event == CNF_ACPT)
1086 sta->plid = plid;
1087
1083 changed |= mesh_plink_fsm(sdata, sta, event); 1088 changed |= mesh_plink_fsm(sdata, sta, event);
1084 1089
1085unlock_rcu: 1090unlock_rcu:
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 31a8afaf7332..b82a12a9f0f1 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -4376,8 +4376,7 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4376 rcu_read_unlock(); 4376 rcu_read_unlock();
4377 4377
4378 if (bss->wmm_used && bss->uapsd_supported && 4378 if (bss->wmm_used && bss->uapsd_supported &&
4379 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && 4379 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) {
4380 sdata->wmm_acm != 0xff) {
4381 assoc_data->uapsd = true; 4380 assoc_data->uapsd = true;
4382 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4381 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4383 } else { 4382 } else {
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index c6ee2139fbc5..441875f03750 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1094,8 +1094,11 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1094 unsigned long flags; 1094 unsigned long flags;
1095 struct ps_data *ps; 1095 struct ps_data *ps;
1096 1096
1097 if (sdata->vif.type == NL80211_IFTYPE_AP || 1097 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1098 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 1098 sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
1099 u.ap);
1100
1101 if (sdata->vif.type == NL80211_IFTYPE_AP)
1099 ps = &sdata->bss->ps; 1102 ps = &sdata->bss->ps;
1100 else if (ieee80211_vif_is_mesh(&sdata->vif)) 1103 else if (ieee80211_vif_is_mesh(&sdata->vif))
1101 ps = &sdata->u.mesh.ps; 1104 ps = &sdata->u.mesh.ps;
diff --git a/net/mac802154/wpan.c b/net/mac802154/wpan.c
index 3c3069fd6971..547838822d5e 100644
--- a/net/mac802154/wpan.c
+++ b/net/mac802154/wpan.c
@@ -462,7 +462,10 @@ mac802154_subif_frame(struct mac802154_sub_if_data *sdata, struct sk_buff *skb,
462 skb->pkt_type = PACKET_OTHERHOST; 462 skb->pkt_type = PACKET_OTHERHOST;
463 break; 463 break;
464 default: 464 default:
465 break; 465 spin_unlock_bh(&sdata->mib_lock);
466 pr_debug("invalid dest mode\n");
467 kfree_skb(skb);
468 return NET_RX_DROP;
466 } 469 }
467 470
468 spin_unlock_bh(&sdata->mib_lock); 471 spin_unlock_bh(&sdata->mib_lock);
@@ -573,6 +576,7 @@ void mac802154_wpans_rx(struct mac802154_priv *priv, struct sk_buff *skb)
573 ret = mac802154_parse_frame_start(skb, &hdr); 576 ret = mac802154_parse_frame_start(skb, &hdr);
574 if (ret) { 577 if (ret) {
575 pr_debug("got invalid frame\n"); 578 pr_debug("got invalid frame\n");
579 kfree_skb(skb);
576 return; 580 return;
577 } 581 }
578 582
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index ad751fe2e82b..b5c1d3aadb41 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -499,7 +499,7 @@ config NFT_LIMIT
499config NFT_NAT 499config NFT_NAT
500 depends on NF_TABLES 500 depends on NF_TABLES
501 depends on NF_CONNTRACK 501 depends on NF_CONNTRACK
502 depends on NF_NAT 502 select NF_NAT
503 tristate "Netfilter nf_tables nat module" 503 tristate "Netfilter nf_tables nat module"
504 help 504 help
505 This option adds the "nat" expression that you can use to perform 505 This option adds the "nat" expression that you can use to perform
@@ -747,7 +747,9 @@ config NETFILTER_XT_TARGET_LED
747 747
748config NETFILTER_XT_TARGET_LOG 748config NETFILTER_XT_TARGET_LOG
749 tristate "LOG target support" 749 tristate "LOG target support"
750 depends on NF_LOG_IPV4 && NF_LOG_IPV6 750 select NF_LOG_COMMON
751 select NF_LOG_IPV4
752 select NF_LOG_IPV6 if IPV6
751 default m if NETFILTER_ADVANCED=n 753 default m if NETFILTER_ADVANCED=n
752 help 754 help
753 This option adds a `LOG' target, which allows you to create rules in 755 This option adds a `LOG' target, which allows you to create rules in
@@ -764,6 +766,14 @@ config NETFILTER_XT_TARGET_MARK
764 (e.g. when running oldconfig). It selects 766 (e.g. when running oldconfig). It selects
765 CONFIG_NETFILTER_XT_MARK (combined mark/MARK module). 767 CONFIG_NETFILTER_XT_MARK (combined mark/MARK module).
766 768
769config NETFILTER_XT_NAT
770 tristate '"SNAT and DNAT" targets support'
771 depends on NF_NAT
772 ---help---
773 This option enables the SNAT and DNAT targets.
774
775 To compile it as a module, choose M here. If unsure, say N.
776
767config NETFILTER_XT_TARGET_NETMAP 777config NETFILTER_XT_TARGET_NETMAP
768 tristate '"NETMAP" target support' 778 tristate '"NETMAP" target support'
769 depends on NF_NAT 779 depends on NF_NAT
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 8308624a406a..fad5fdba34e5 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -95,7 +95,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
95obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o 95obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o
96obj-$(CONFIG_NETFILTER_XT_CONNMARK) += xt_connmark.o 96obj-$(CONFIG_NETFILTER_XT_CONNMARK) += xt_connmark.o
97obj-$(CONFIG_NETFILTER_XT_SET) += xt_set.o 97obj-$(CONFIG_NETFILTER_XT_SET) += xt_set.o
98obj-$(CONFIG_NF_NAT) += xt_nat.o 98obj-$(CONFIG_NETFILTER_XT_NAT) += xt_nat.o
99 99
100# targets 100# targets
101obj-$(CONFIG_NETFILTER_XT_TARGET_AUDIT) += xt_AUDIT.o 101obj-$(CONFIG_NETFILTER_XT_TARGET_AUDIT) += xt_AUDIT.o
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index a93c97f106d4..024a2e25c8a4 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -54,7 +54,7 @@ EXPORT_SYMBOL_GPL(nf_unregister_afinfo);
54struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS] __read_mostly; 54struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS] __read_mostly;
55EXPORT_SYMBOL(nf_hooks); 55EXPORT_SYMBOL(nf_hooks);
56 56
57#if defined(CONFIG_JUMP_LABEL) 57#ifdef HAVE_JUMP_LABEL
58struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; 58struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS];
59EXPORT_SYMBOL(nf_hooks_needed); 59EXPORT_SYMBOL(nf_hooks_needed);
60#endif 60#endif
@@ -72,7 +72,7 @@ int nf_register_hook(struct nf_hook_ops *reg)
72 } 72 }
73 list_add_rcu(&reg->list, elem->list.prev); 73 list_add_rcu(&reg->list, elem->list.prev);
74 mutex_unlock(&nf_hook_mutex); 74 mutex_unlock(&nf_hook_mutex);
75#if defined(CONFIG_JUMP_LABEL) 75#ifdef HAVE_JUMP_LABEL
76 static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); 76 static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]);
77#endif 77#endif
78 return 0; 78 return 0;
@@ -84,7 +84,7 @@ void nf_unregister_hook(struct nf_hook_ops *reg)
84 mutex_lock(&nf_hook_mutex); 84 mutex_lock(&nf_hook_mutex);
85 list_del_rcu(&reg->list); 85 list_del_rcu(&reg->list);
86 mutex_unlock(&nf_hook_mutex); 86 mutex_unlock(&nf_hook_mutex);
87#if defined(CONFIG_JUMP_LABEL) 87#ifdef HAVE_JUMP_LABEL
88 static_key_slow_dec(&nf_hooks_needed[reg->pf][reg->hooknum]); 88 static_key_slow_dec(&nf_hooks_needed[reg->pf][reg->hooknum]);
89#endif 89#endif
90 synchronize_net(); 90 synchronize_net();
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index e6836755c45d..5c34e8d42e01 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1906,7 +1906,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1906 { 1906 {
1907 .hook = ip_vs_local_reply6, 1907 .hook = ip_vs_local_reply6,
1908 .owner = THIS_MODULE, 1908 .owner = THIS_MODULE,
1909 .pf = NFPROTO_IPV4, 1909 .pf = NFPROTO_IPV6,
1910 .hooknum = NF_INET_LOCAL_OUT, 1910 .hooknum = NF_INET_LOCAL_OUT,
1911 .priority = NF_IP6_PRI_NAT_DST + 1, 1911 .priority = NF_IP6_PRI_NAT_DST + 1,
1912 }, 1912 },
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 6f70bdd3a90a..56896a412bce 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -38,6 +38,7 @@
38#include <net/route.h> /* for ip_route_output */ 38#include <net/route.h> /* for ip_route_output */
39#include <net/ipv6.h> 39#include <net/ipv6.h>
40#include <net/ip6_route.h> 40#include <net/ip6_route.h>
41#include <net/ip_tunnels.h>
41#include <net/addrconf.h> 42#include <net/addrconf.h>
42#include <linux/icmpv6.h> 43#include <linux/icmpv6.h>
43#include <linux/netfilter.h> 44#include <linux/netfilter.h>
@@ -862,11 +863,15 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
862 old_iph = ip_hdr(skb); 863 old_iph = ip_hdr(skb);
863 } 864 }
864 865
865 skb->transport_header = skb->network_header;
866
867 /* fix old IP header checksum */ 866 /* fix old IP header checksum */
868 ip_send_check(old_iph); 867 ip_send_check(old_iph);
869 868
869 skb = iptunnel_handle_offloads(skb, false, SKB_GSO_IPIP);
870 if (IS_ERR(skb))
871 goto tx_error;
872
873 skb->transport_header = skb->network_header;
874
870 skb_push(skb, sizeof(struct iphdr)); 875 skb_push(skb, sizeof(struct iphdr));
871 skb_reset_network_header(skb); 876 skb_reset_network_header(skb);
872 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 877 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
@@ -900,7 +905,8 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
900 return NF_STOLEN; 905 return NF_STOLEN;
901 906
902 tx_error: 907 tx_error:
903 kfree_skb(skb); 908 if (!IS_ERR(skb))
909 kfree_skb(skb);
904 rcu_read_unlock(); 910 rcu_read_unlock();
905 LeaveFunction(10); 911 LeaveFunction(10);
906 return NF_STOLEN; 912 return NF_STOLEN;
@@ -953,6 +959,11 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
953 old_iph = ipv6_hdr(skb); 959 old_iph = ipv6_hdr(skb);
954 } 960 }
955 961
962 /* GSO: we need to provide proper SKB_GSO_ value for IPv6 */
963 skb = iptunnel_handle_offloads(skb, false, 0); /* SKB_GSO_SIT/IPV6 */
964 if (IS_ERR(skb))
965 goto tx_error;
966
956 skb->transport_header = skb->network_header; 967 skb->transport_header = skb->network_header;
957 968
958 skb_push(skb, sizeof(struct ipv6hdr)); 969 skb_push(skb, sizeof(struct ipv6hdr));
@@ -988,7 +999,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
988 return NF_STOLEN; 999 return NF_STOLEN;
989 1000
990tx_error: 1001tx_error:
991 kfree_skb(skb); 1002 if (!IS_ERR(skb))
1003 kfree_skb(skb);
992 rcu_read_unlock(); 1004 rcu_read_unlock();
993 LeaveFunction(10); 1005 LeaveFunction(10);
994 return NF_STOLEN; 1006 return NF_STOLEN;
diff --git a/net/netfilter/xt_cgroup.c b/net/netfilter/xt_cgroup.c
index f4e833005320..7198d660b4de 100644
--- a/net/netfilter/xt_cgroup.c
+++ b/net/netfilter/xt_cgroup.c
@@ -31,7 +31,7 @@ static int cgroup_mt_check(const struct xt_mtchk_param *par)
31 if (info->invert & ~1) 31 if (info->invert & ~1)
32 return -EINVAL; 32 return -EINVAL;
33 33
34 return info->id ? 0 : -EINVAL; 34 return 0;
35} 35}
36 36
37static bool 37static bool
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index fe5cda0deb39..5231652a95d9 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -42,6 +42,9 @@ static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
42 42
43static int make_writable(struct sk_buff *skb, int write_len) 43static int make_writable(struct sk_buff *skb, int write_len)
44{ 44{
45 if (!pskb_may_pull(skb, write_len))
46 return -ENOMEM;
47
45 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len)) 48 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
46 return 0; 49 return 0;
47 50
@@ -70,6 +73,8 @@ static int __pop_vlan_tci(struct sk_buff *skb, __be16 *current_tci)
70 73
71 vlan_set_encap_proto(skb, vhdr); 74 vlan_set_encap_proto(skb, vhdr);
72 skb->mac_header += VLAN_HLEN; 75 skb->mac_header += VLAN_HLEN;
76 if (skb_network_offset(skb) < ETH_HLEN)
77 skb_set_network_header(skb, ETH_HLEN);
73 skb_reset_mac_len(skb); 78 skb_reset_mac_len(skb);
74 79
75 return 0; 80 return 0;
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 7228ec3faf19..91d66b7e64ac 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -265,8 +265,11 @@ void ovs_dp_process_received_packet(struct vport *p, struct sk_buff *skb)
265 upcall.key = &key; 265 upcall.key = &key;
266 upcall.userdata = NULL; 266 upcall.userdata = NULL;
267 upcall.portid = ovs_vport_find_upcall_portid(p, skb); 267 upcall.portid = ovs_vport_find_upcall_portid(p, skb);
268 ovs_dp_upcall(dp, skb, &upcall); 268 error = ovs_dp_upcall(dp, skb, &upcall);
269 consume_skb(skb); 269 if (unlikely(error))
270 kfree_skb(skb);
271 else
272 consume_skb(skb);
270 stats_counter = &stats->n_missed; 273 stats_counter = &stats->n_missed;
271 goto out; 274 goto out;
272 } 275 }
@@ -404,7 +407,7 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
404{ 407{
405 struct ovs_header *upcall; 408 struct ovs_header *upcall;
406 struct sk_buff *nskb = NULL; 409 struct sk_buff *nskb = NULL;
407 struct sk_buff *user_skb; /* to be queued to userspace */ 410 struct sk_buff *user_skb = NULL; /* to be queued to userspace */
408 struct nlattr *nla; 411 struct nlattr *nla;
409 struct genl_info info = { 412 struct genl_info info = {
410 .dst_sk = ovs_dp_get_net(dp)->genl_sock, 413 .dst_sk = ovs_dp_get_net(dp)->genl_sock,
@@ -494,9 +497,11 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
494 ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len; 497 ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len;
495 498
496 err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid); 499 err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid);
500 user_skb = NULL;
497out: 501out:
498 if (err) 502 if (err)
499 skb_tx_error(skb); 503 skb_tx_error(skb);
504 kfree_skb(user_skb);
500 kfree_skb(nskb); 505 kfree_skb(nskb);
501 return err; 506 return err;
502} 507}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 8d9f8042705a..93896d2092f6 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -632,6 +632,7 @@ static void init_prb_bdqc(struct packet_sock *po,
632 p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); 632 p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
633 p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; 633 p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
634 634
635 p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
635 prb_init_ft_ops(p1, req_u); 636 prb_init_ft_ops(p1, req_u);
636 prb_setup_retire_blk_timer(po, tx_ring); 637 prb_setup_retire_blk_timer(po, tx_ring);
637 prb_open_block(p1, pbd); 638 prb_open_block(p1, pbd);
@@ -1942,6 +1943,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
1942 if ((int)snaplen < 0) 1943 if ((int)snaplen < 0)
1943 snaplen = 0; 1944 snaplen = 0;
1944 } 1945 }
1946 } else if (unlikely(macoff + snaplen >
1947 GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
1948 u32 nval;
1949
1950 nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
1951 pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
1952 snaplen, nval, macoff);
1953 snaplen = nval;
1954 if (unlikely((int)snaplen < 0)) {
1955 snaplen = 0;
1956 macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
1957 }
1945 } 1958 }
1946 spin_lock(&sk->sk_receive_queue.lock); 1959 spin_lock(&sk->sk_receive_queue.lock);
1947 h.raw = packet_current_rx_frame(po, skb, 1960 h.raw = packet_current_rx_frame(po, skb,
@@ -3783,6 +3796,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
3783 goto out; 3796 goto out;
3784 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) 3797 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
3785 goto out; 3798 goto out;
3799 if (po->tp_version >= TPACKET_V3 &&
3800 (int)(req->tp_block_size -
3801 BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
3802 goto out;
3786 if (unlikely(req->tp_frame_size < po->tp_hdrlen + 3803 if (unlikely(req->tp_frame_size < po->tp_hdrlen +
3787 po->tp_reserve)) 3804 po->tp_reserve))
3788 goto out; 3805 goto out;
diff --git a/net/packet/internal.h b/net/packet/internal.h
index eb9580a6b25f..cdddf6a30399 100644
--- a/net/packet/internal.h
+++ b/net/packet/internal.h
@@ -29,6 +29,7 @@ struct tpacket_kbdq_core {
29 char *pkblk_start; 29 char *pkblk_start;
30 char *pkblk_end; 30 char *pkblk_end;
31 int kblk_size; 31 int kblk_size;
32 unsigned int max_frame_len;
32 unsigned int knum_blocks; 33 unsigned int knum_blocks;
33 uint64_t knxt_seq_num; 34 uint64_t knxt_seq_num;
34 char *prev; 35 char *prev;
diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
index 14c98e48f261..02a86a27fd84 100644
--- a/net/rfkill/rfkill-gpio.c
+++ b/net/rfkill/rfkill-gpio.c
@@ -158,6 +158,7 @@ static const struct acpi_device_id rfkill_acpi_match[] = {
158 { "BCM2E1A", RFKILL_TYPE_BLUETOOTH }, 158 { "BCM2E1A", RFKILL_TYPE_BLUETOOTH },
159 { "BCM2E39", RFKILL_TYPE_BLUETOOTH }, 159 { "BCM2E39", RFKILL_TYPE_BLUETOOTH },
160 { "BCM2E3D", RFKILL_TYPE_BLUETOOTH }, 160 { "BCM2E3D", RFKILL_TYPE_BLUETOOTH },
161 { "BCM2E64", RFKILL_TYPE_BLUETOOTH },
161 { "BCM4752", RFKILL_TYPE_GPS }, 162 { "BCM4752", RFKILL_TYPE_GPS },
162 { "LNV4752", RFKILL_TYPE_GPS }, 163 { "LNV4752", RFKILL_TYPE_GPS },
163 { }, 164 { },
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index ead526467cca..762a04bb8f6d 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -159,7 +159,6 @@ struct cbq_sched_data {
159 struct cbq_class *tx_borrowed; 159 struct cbq_class *tx_borrowed;
160 int tx_len; 160 int tx_len;
161 psched_time_t now; /* Cached timestamp */ 161 psched_time_t now; /* Cached timestamp */
162 psched_time_t now_rt; /* Cached real time */
163 unsigned int pmask; 162 unsigned int pmask;
164 163
165 struct hrtimer delay_timer; 164 struct hrtimer delay_timer;
@@ -353,12 +352,7 @@ cbq_mark_toplevel(struct cbq_sched_data *q, struct cbq_class *cl)
353 int toplevel = q->toplevel; 352 int toplevel = q->toplevel;
354 353
355 if (toplevel > cl->level && !(qdisc_is_throttled(cl->q))) { 354 if (toplevel > cl->level && !(qdisc_is_throttled(cl->q))) {
356 psched_time_t now; 355 psched_time_t now = psched_get_time();
357 psched_tdiff_t incr;
358
359 now = psched_get_time();
360 incr = now - q->now_rt;
361 now = q->now + incr;
362 356
363 do { 357 do {
364 if (cl->undertime < now) { 358 if (cl->undertime < now) {
@@ -700,8 +694,13 @@ cbq_update(struct cbq_sched_data *q)
700 struct cbq_class *this = q->tx_class; 694 struct cbq_class *this = q->tx_class;
701 struct cbq_class *cl = this; 695 struct cbq_class *cl = this;
702 int len = q->tx_len; 696 int len = q->tx_len;
697 psched_time_t now;
703 698
704 q->tx_class = NULL; 699 q->tx_class = NULL;
700 /* Time integrator. We calculate EOS time
701 * by adding expected packet transmission time.
702 */
703 now = q->now + L2T(&q->link, len);
705 704
706 for ( ; cl; cl = cl->share) { 705 for ( ; cl; cl = cl->share) {
707 long avgidle = cl->avgidle; 706 long avgidle = cl->avgidle;
@@ -717,7 +716,7 @@ cbq_update(struct cbq_sched_data *q)
717 * idle = (now - last) - last_pktlen/rate 716 * idle = (now - last) - last_pktlen/rate
718 */ 717 */
719 718
720 idle = q->now - cl->last; 719 idle = now - cl->last;
721 if ((unsigned long)idle > 128*1024*1024) { 720 if ((unsigned long)idle > 128*1024*1024) {
722 avgidle = cl->maxidle; 721 avgidle = cl->maxidle;
723 } else { 722 } else {
@@ -761,7 +760,7 @@ cbq_update(struct cbq_sched_data *q)
761 idle -= L2T(&q->link, len); 760 idle -= L2T(&q->link, len);
762 idle += L2T(cl, len); 761 idle += L2T(cl, len);
763 762
764 cl->undertime = q->now + idle; 763 cl->undertime = now + idle;
765 } else { 764 } else {
766 /* Underlimit */ 765 /* Underlimit */
767 766
@@ -771,7 +770,8 @@ cbq_update(struct cbq_sched_data *q)
771 else 770 else
772 cl->avgidle = avgidle; 771 cl->avgidle = avgidle;
773 } 772 }
774 cl->last = q->now; 773 if ((s64)(now - cl->last) > 0)
774 cl->last = now;
775 } 775 }
776 776
777 cbq_update_toplevel(q, this, q->tx_borrowed); 777 cbq_update_toplevel(q, this, q->tx_borrowed);
@@ -943,31 +943,13 @@ cbq_dequeue(struct Qdisc *sch)
943 struct sk_buff *skb; 943 struct sk_buff *skb;
944 struct cbq_sched_data *q = qdisc_priv(sch); 944 struct cbq_sched_data *q = qdisc_priv(sch);
945 psched_time_t now; 945 psched_time_t now;
946 psched_tdiff_t incr;
947 946
948 now = psched_get_time(); 947 now = psched_get_time();
949 incr = now - q->now_rt; 948
950 949 if (q->tx_class)
951 if (q->tx_class) {
952 psched_tdiff_t incr2;
953 /* Time integrator. We calculate EOS time
954 * by adding expected packet transmission time.
955 * If real time is greater, we warp artificial clock,
956 * so that:
957 *
958 * cbq_time = max(real_time, work);
959 */
960 incr2 = L2T(&q->link, q->tx_len);
961 q->now += incr2;
962 cbq_update(q); 950 cbq_update(q);
963 if ((incr -= incr2) < 0) 951
964 incr = 0; 952 q->now = now;
965 q->now += incr;
966 } else {
967 if (now > q->now)
968 q->now = now;
969 }
970 q->now_rt = now;
971 953
972 for (;;) { 954 for (;;) {
973 q->wd_expires = 0; 955 q->wd_expires = 0;
@@ -1223,7 +1205,6 @@ cbq_reset(struct Qdisc *sch)
1223 hrtimer_cancel(&q->delay_timer); 1205 hrtimer_cancel(&q->delay_timer);
1224 q->toplevel = TC_CBQ_MAXLEVEL; 1206 q->toplevel = TC_CBQ_MAXLEVEL;
1225 q->now = psched_get_time(); 1207 q->now = psched_get_time();
1226 q->now_rt = q->now;
1227 1208
1228 for (prio = 0; prio <= TC_CBQ_MAXPRIO; prio++) 1209 for (prio = 0; prio <= TC_CBQ_MAXPRIO; prio++)
1229 q->active[prio] = NULL; 1210 q->active[prio] = NULL;
@@ -1407,7 +1388,6 @@ static int cbq_init(struct Qdisc *sch, struct nlattr *opt)
1407 q->delay_timer.function = cbq_undelay; 1388 q->delay_timer.function = cbq_undelay;
1408 q->toplevel = TC_CBQ_MAXLEVEL; 1389 q->toplevel = TC_CBQ_MAXLEVEL;
1409 q->now = psched_get_time(); 1390 q->now = psched_get_time();
1410 q->now_rt = q->now;
1411 1391
1412 cbq_link_class(&q->link); 1392 cbq_link_class(&q->link);
1413 1393
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 06a9ee6b2d3a..a88b8524846e 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -813,6 +813,7 @@ void sctp_assoc_control_transport(struct sctp_association *asoc,
813 else { 813 else {
814 dst_release(transport->dst); 814 dst_release(transport->dst);
815 transport->dst = NULL; 815 transport->dst = NULL;
816 ulp_notify = false;
816 } 817 }
817 818
818 spc_state = SCTP_ADDR_UNREACHABLE; 819 spc_state = SCTP_ADDR_UNREACHABLE;
@@ -1244,7 +1245,7 @@ static struct sctp_transport *sctp_trans_elect_best(struct sctp_transport *curr,
1244{ 1245{
1245 u8 score_curr, score_best; 1246 u8 score_curr, score_best;
1246 1247
1247 if (best == NULL) 1248 if (best == NULL || curr == best)
1248 return curr; 1249 return curr;
1249 1250
1250 score_curr = sctp_trans_score(curr); 1251 score_curr = sctp_trans_score(curr);
@@ -1355,14 +1356,11 @@ static void sctp_select_active_and_retran_path(struct sctp_association *asoc)
1355 trans_sec = trans_pri; 1356 trans_sec = trans_pri;
1356 1357
1357 /* If we failed to find a usable transport, just camp on the 1358 /* If we failed to find a usable transport, just camp on the
1358 * primary or retran, even if they are inactive, if possible 1359 * active or pick a PF iff it's the better choice.
1359 * pick a PF iff it's the better choice.
1360 */ 1360 */
1361 if (trans_pri == NULL) { 1361 if (trans_pri == NULL) {
1362 trans_pri = sctp_trans_elect_best(asoc->peer.primary_path, 1362 trans_pri = sctp_trans_elect_best(asoc->peer.active_path, trans_pf);
1363 asoc->peer.retran_path); 1363 trans_sec = trans_pri;
1364 trans_pri = sctp_trans_elect_best(trans_pri, trans_pf);
1365 trans_sec = asoc->peer.primary_path;
1366 } 1364 }
1367 1365
1368 /* Set the active and retran transports. */ 1366 /* Set the active and retran transports. */
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index eb71d49e7653..634a2abb5f3a 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4243,7 +4243,7 @@ static int sctp_getsockopt_sctp_status(struct sock *sk, int len,
4243 transport = asoc->peer.primary_path; 4243 transport = asoc->peer.primary_path;
4244 4244
4245 status.sstat_assoc_id = sctp_assoc2id(asoc); 4245 status.sstat_assoc_id = sctp_assoc2id(asoc);
4246 status.sstat_state = asoc->state; 4246 status.sstat_state = sctp_assoc_to_state(asoc);
4247 status.sstat_rwnd = asoc->peer.rwnd; 4247 status.sstat_rwnd = asoc->peer.rwnd;
4248 status.sstat_unackdata = asoc->unack_data; 4248 status.sstat_unackdata = asoc->unack_data;
4249 4249
diff --git a/net/socket.c b/net/socket.c
index 95ee7d8682e7..2e2586e2dee1 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -734,8 +734,7 @@ void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
734 } 734 }
735 735
736 memset(&tss, 0, sizeof(tss)); 736 memset(&tss, 0, sizeof(tss));
737 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE || 737 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
738 skb_shinfo(skb)->tx_flags & SKBTX_ANY_SW_TSTAMP) &&
739 ktime_to_timespec_cond(skb->tstamp, tss.ts + 0)) 738 ktime_to_timespec_cond(skb->tstamp, tss.ts + 0))
740 empty = 0; 739 empty = 0;
741 if (shhwtstamps && 740 if (shhwtstamps &&
@@ -2602,7 +2601,7 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2602 * 2601 *
2603 * This function is called by a protocol handler that wants to 2602 * This function is called by a protocol handler that wants to
2604 * advertise its address family, and have it linked into the 2603 * advertise its address family, and have it linked into the
2605 * socket interface. The value ops->family coresponds to the 2604 * socket interface. The value ops->family corresponds to the
2606 * socket system call protocol family. 2605 * socket system call protocol family.
2607 */ 2606 */
2608int sock_register(const struct net_proto_family *ops) 2607int sock_register(const struct net_proto_family *ops)
diff --git a/net/tipc/port.h b/net/tipc/port.h
index 3f93454592b6..3087da39ee47 100644
--- a/net/tipc/port.h
+++ b/net/tipc/port.h
@@ -179,9 +179,12 @@ static inline int tipc_port_importance(struct tipc_port *port)
179 return msg_importance(&port->phdr); 179 return msg_importance(&port->phdr);
180} 180}
181 181
182static inline void tipc_port_set_importance(struct tipc_port *port, int imp) 182static inline int tipc_port_set_importance(struct tipc_port *port, int imp)
183{ 183{
184 if (imp > TIPC_CRITICAL_IMPORTANCE)
185 return -EINVAL;
184 msg_set_importance(&port->phdr, (u32)imp); 186 msg_set_importance(&port->phdr, (u32)imp);
187 return 0;
185} 188}
186 189
187#endif 190#endif
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 7d423ee10897..ff8c8118d56e 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1973,7 +1973,7 @@ static int tipc_setsockopt(struct socket *sock, int lvl, int opt,
1973 1973
1974 switch (opt) { 1974 switch (opt) {
1975 case TIPC_IMPORTANCE: 1975 case TIPC_IMPORTANCE:
1976 tipc_port_set_importance(port, value); 1976 res = tipc_port_set_importance(port, value);
1977 break; 1977 break;
1978 case TIPC_SRC_DROPPABLE: 1978 case TIPC_SRC_DROPPABLE:
1979 if (sock->type != SOCK_STREAM) 1979 if (sock->type != SOCK_STREAM)
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-24 17:37:20 -0400