9 files changed, 67 insertions, 13 deletions
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 95d7f32643ae..72720c710351 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -75,6 +75,7 @@ static __initdata const char banner[] = KERN_INFO
 MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");
 MODULE_LICENSE("Dual BSD/GPL");
 MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
+MODULE_ALIAS("can-proto-2");
 /* easy access to can_frame payload */
 static inline u64 GET_U64(const struct can_frame *cp)
@@ -1469,6 +1470,9 @@ static int bcm_release(struct socket *sock)
                bo->ifindex = 0;
        }
+        sock_orphan(sk);
+        sock->sk = NULL;
        release_sock(sk);
        sock_put(sk);
diff --git a/net/can/raw.c b/net/can/raw.c
index 6aa154e806ae..f4cc44548bda 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -62,6 +62,7 @@ static __initdata const char banner[] =
 MODULE_DESCRIPTION("PF_CAN raw protocol");
 MODULE_LICENSE("Dual BSD/GPL");
 MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
+MODULE_ALIAS("can-proto-1");
 #define MASK_ALL 0
@@ -306,6 +307,9 @@ static int raw_release(struct socket *sock)
        ro->bound   = 0;
        ro->count   = 0;
+        sock_orphan(sk);
+        sock->sk = NULL;
        release_sock(sk);
        sock_put(sk);
diff --git a/net/core/sock.c b/net/core/sock.c
index 6354863b1c68..d9eec153d531 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -919,13 +919,19 @@ static inline void sock_lock_init(struct sock *sk)
                        af_family_keys + sk->sk_family);
 }
+/*
+ * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
+ * even temporarly, because of RCU lookups. sk_node should also be left as is.
+ */
 static void sock_copy(struct sock *nsk, const struct sock *osk)
 {
 #ifdef CONFIG_SECURITY_NETWORK
        void *sptr = nsk->sk_security;
 #endif
+        BUILD_BUG_ON(offsetof(struct sock, sk_copy_start) !=
-        memcpy(nsk, osk, osk->sk_prot->obj_size);
+                     sizeof(osk->sk_node) + sizeof(osk->sk_refcnt));
+        memcpy(&nsk->sk_copy_start, &osk->sk_copy_start,
+               osk->sk_prot->obj_size - offsetof(struct sock, sk_copy_start));
 #ifdef CONFIG_SECURITY_NETWORK
        nsk->sk_security = sptr;
        security_sk_clone(osk, nsk);
@@ -939,8 +945,23 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
        struct kmem_cache *slab;
        slab = prot->slab;
-        if (slab != NULL)
+        if (slab != NULL) {
-                sk = kmem_cache_alloc(slab, priority);
+                sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
+                if (!sk)
+                        return sk;
+                if (priority & __GFP_ZERO) {
+                        /*
+                         * caches using SLAB_DESTROY_BY_RCU should let
+                         * sk_node.next un-modified. Special care is taken
+                         * when initializing object to zero.
+                         */
+                        if (offsetof(struct sock, sk_node.next) != 0)
+                                memset(sk, 0, offsetof(struct sock, sk_node.next));
+                        memset(&sk->sk_node.pprev, 0,
+                               prot->obj_size - offsetof(struct sock,
+                                                         sk_node.pprev));
+                }
+        }
        else
                sk = kmalloc(prot->obj_size, priority);
@@ -1125,6 +1146,11 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
                newsk->sk_err      = 0;
                newsk->sk_priority = 0;
+                /*
+                 * Before updating sk_refcnt, we must commit prior changes to memory
+                 * (Documentation/RCU/rculist_nulls.txt for details)
+                 */
+                smp_wmb();
                atomic_set(&newsk->sk_refcnt, 2);
                /*
@@ -1840,6 +1866,11 @@ void sock_init_data(struct socket *sock, struct sock *sk)
        sk->sk_stamp = ktime_set(-1L, 0);
+        /*
+         * Before updating sk_refcnt, we must commit prior changes to memory
+         * (Documentation/RCU/rculist_nulls.txt for details)
+         */
+        smp_wmb();
        atomic_set(&sk->sk_refcnt, 1);
        atomic_set(&sk->sk_wmem_alloc, 1);
        atomic_set(&sk->sk_drops, 0);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index cd85ebc119a5..b902ef55be7f 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -735,10 +735,10 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
        }
        tos = tiph->tos;
-        if (tos&1) {
+        if (tos == 1) {
+                tos = 0;
                if (skb->protocol == htons(ETH_P_IP))
                        tos = old_iph->tos;
-                tos &= ~1;
        }
        {
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 247026282669..7d0821054729 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1243,7 +1243,6 @@ int ip_push_pending_frames(struct sock *sk)
                skb->len += tmp_skb->len;
                skb->data_len += tmp_skb->len;
                skb->truesize += tmp_skb->truesize;
-                __sock_put(tmp_skb->sk);
                tmp_skb->destructor = NULL;
                tmp_skb->sk = NULL;
        }
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index dd1a980b8ac9..93beee944657 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1474,7 +1474,6 @@ int ip6_push_pending_frames(struct sock *sk)
                skb->len += tmp_skb->len;
                skb->data_len += tmp_skb->len;
                skb->truesize += tmp_skb->truesize;
-                __sock_put(tmp_skb->sk);
                tmp_skb->destructor = NULL;
                tmp_skb->sk = NULL;
        }
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index d0b850590faf..d335a306a4db 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1018,6 +1018,7 @@ static void ipip6_tunnel_setup(struct net_device *dev)
        dev->hard_header_len    = LL_MAX_HEADER + sizeof(struct iphdr);
        dev->mtu                = ETH_DATA_LEN - sizeof(struct iphdr);
        dev->flags              = IFF_NOARP;
+        dev->priv_flags        &= ~IFF_XMIT_DST_RELEASE;
        dev->iflink             = 0;
        dev->addr_len           = 4;
        dev->features           |= NETIF_F_NETNS_LOCAL;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 7508f11c5b39..b5869b9574b0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -561,23 +561,38 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
                }
        }
-        ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp);
+        /*
+         * Do not use kmem_cache_zalloc(), as this cache uses
+         * SLAB_DESTROY_BY_RCU.
+         */
+        ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
        if (ct == NULL) {
                pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
                atomic_dec(&net->ct.count);
                return ERR_PTR(-ENOMEM);
        }
+        /*
+         * Let ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.next
+         * and ct->tuplehash[IP_CT_DIR_REPLY].hnnode.next unchanged.
+         */
+        memset(&ct->tuplehash[IP_CT_DIR_MAX], 0,
+               sizeof(*ct) - offsetof(struct nf_conn, tuplehash[IP_CT_DIR_MAX]));
        spin_lock_init(&ct->lock);
-        atomic_set(&ct->ct_general.use, 1);
        ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
+        ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.pprev = NULL;
        ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;
+        ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev = NULL;
        /* Don't set timer yet: wait for confirmation */
        setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);
 #ifdef CONFIG_NET_NS
        ct->ct_net = net;
 #endif
+        /*
+         * changes to lookup keys must be done before setting refcnt to 1
+         */
+        smp_wmb();
+        atomic_set(&ct->ct_general.use, 1);
        return ct;
 }
 EXPORT_SYMBOL_GPL(nf_conntrack_alloc);
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 863e40977a4d..0f482e2440b4 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -330,7 +330,8 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
                        fcount++;
                        if (info->flags & XT_OSF_LOG)
-                                nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL,
+                                nf_log_packet(p->family, p->hooknum, skb,
+                                        p->in, p->out, NULL,
                                        "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n",
                                        f->genre, f->version, f->subtype,
                                        &ip->saddr, ntohs(tcp->source),
@@ -345,7 +346,7 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
        rcu_read_unlock();
        if (!fcount && (info->flags & XT_OSF_LOG))
-                nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL,
+                nf_log_packet(p->family, p->hooknum, skb, p->in, p->out, NULL,
                        "Remote OS is not known: %pi4:%u -> %pi4:%u\n",
                                &ip->saddr, ntohs(tcp->source),
                                &ip->daddr, ntohs(tcp->dest));

diff --git a/net/can/bcm.c b/net/can/bcm.c index 95d7f32643ae..72720c710351 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c
@@ -75,6 +75,7 @@ static __initdata const char banner[] = KERN_INFO
75	MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");	75	MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");
76	MODULE_LICENSE("Dual BSD/GPL");	76	MODULE_LICENSE("Dual BSD/GPL");
77	MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");	77	MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
		78	MODULE_ALIAS("can-proto-2");
78		79
79	/* easy access to can_frame payload */	80	/* easy access to can_frame payload */
80	static inline u64 GET_U64(const struct can_frame *cp)	81	static inline u64 GET_U64(const struct can_frame *cp)
@@ -1469,6 +1470,9 @@ static int bcm_release(struct socket *sock)
1469	bo->ifindex = 0;	1470	bo->ifindex = 0;
1470	}	1471	}
1471		1472
		1473	sock_orphan(sk);
		1474	sock->sk = NULL;
		1475
1472	release_sock(sk);	1476	release_sock(sk);
1473	sock_put(sk);	1477	sock_put(sk);
1474		1478


diff --git a/net/can/raw.c b/net/can/raw.c index 6aa154e806ae..f4cc44548bda 100644 --- a/net/can/raw.c +++ b/net/can/raw.c
@@ -62,6 +62,7 @@ static __initdata const char banner[] =
62	MODULE_DESCRIPTION("PF_CAN raw protocol");	62	MODULE_DESCRIPTION("PF_CAN raw protocol");
63	MODULE_LICENSE("Dual BSD/GPL");	63	MODULE_LICENSE("Dual BSD/GPL");
64	MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");	64	MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
		65	MODULE_ALIAS("can-proto-1");
65		66
66	#define MASK_ALL 0	67	#define MASK_ALL 0
67		68
@@ -306,6 +307,9 @@ static int raw_release(struct socket *sock)
306	ro->bound = 0;	307	ro->bound = 0;
307	ro->count = 0;	308	ro->count = 0;
308		309
		310	sock_orphan(sk);
		311	sock->sk = NULL;
		312
309	release_sock(sk);	313	release_sock(sk);
310	sock_put(sk);	314	sock_put(sk);
311		315


diff --git a/net/core/sock.c b/net/core/sock.c index 6354863b1c68..d9eec153d531 100644 --- a/net/core/sock.c +++ b/net/core/sock.c
@@ -919,13 +919,19 @@ static inline void sock_lock_init(struct sock *sk)
919	af_family_keys + sk->sk_family);	919	af_family_keys + sk->sk_family);
920	}	920	}
921		921
		922	/*
		923	* Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
		924	* even temporarly, because of RCU lookups. sk_node should also be left as is.
		925	*/
922	static void sock_copy(struct sock nsk, const struct sock osk)	926	static void sock_copy(struct sock nsk, const struct sock osk)
923	{	927	{
924	#ifdef CONFIG_SECURITY_NETWORK	928	#ifdef CONFIG_SECURITY_NETWORK
925	void *sptr = nsk->sk_security;	929	void *sptr = nsk->sk_security;
926	#endif	930	#endif
927		931	BUILD_BUG_ON(offsetof(struct sock, sk_copy_start) !=
928	memcpy(nsk, osk, osk->sk_prot->obj_size);	932	sizeof(osk->sk_node) + sizeof(osk->sk_refcnt));
		933	memcpy(&nsk->sk_copy_start, &osk->sk_copy_start,
		934	osk->sk_prot->obj_size - offsetof(struct sock, sk_copy_start));
929	#ifdef CONFIG_SECURITY_NETWORK	935	#ifdef CONFIG_SECURITY_NETWORK
930	nsk->sk_security = sptr;	936	nsk->sk_security = sptr;
931	security_sk_clone(osk, nsk);	937	security_sk_clone(osk, nsk);
@@ -939,8 +945,23 @@ static struct sock sk_prot_alloc(struct proto prot, gfp_t priority,
939	struct kmem_cache *slab;	945	struct kmem_cache *slab;
940		946
941	slab = prot->slab;	947	slab = prot->slab;
942	if (slab != NULL)	948	if (slab != NULL) {
943	sk = kmem_cache_alloc(slab, priority);	949	sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
		950	if (!sk)
		951	return sk;
		952	if (priority & __GFP_ZERO) {
		953	/*
		954	* caches using SLAB_DESTROY_BY_RCU should let
		955	* sk_node.next un-modified. Special care is taken
		956	* when initializing object to zero.
		957	*/
		958	if (offsetof(struct sock, sk_node.next) != 0)
		959	memset(sk, 0, offsetof(struct sock, sk_node.next));
		960	memset(&sk->sk_node.pprev, 0,
		961	prot->obj_size - offsetof(struct sock,
		962	sk_node.pprev));
		963	}
		964	}
944	else	965	else
945	sk = kmalloc(prot->obj_size, priority);	966	sk = kmalloc(prot->obj_size, priority);
946		967
@@ -1125,6 +1146,11 @@ struct sock sk_clone(const struct sock sk, const gfp_t priority)
1125		1146
1126	newsk->sk_err = 0;	1147	newsk->sk_err = 0;
1127	newsk->sk_priority = 0;	1148	newsk->sk_priority = 0;
		1149	/*
		1150	* Before updating sk_refcnt, we must commit prior changes to memory
		1151	* (Documentation/RCU/rculist_nulls.txt for details)
		1152	*/
		1153	smp_wmb();
1128	atomic_set(&newsk->sk_refcnt, 2);	1154	atomic_set(&newsk->sk_refcnt, 2);
1129		1155
1130	/*	1156	/*
@@ -1840,6 +1866,11 @@ void sock_init_data(struct socket sock, struct sock sk)
1840		1866
1841	sk->sk_stamp = ktime_set(-1L, 0);	1867	sk->sk_stamp = ktime_set(-1L, 0);
1842		1868
		1869	/*
		1870	* Before updating sk_refcnt, we must commit prior changes to memory
		1871	* (Documentation/RCU/rculist_nulls.txt for details)
		1872	*/
		1873	smp_wmb();
1843	atomic_set(&sk->sk_refcnt, 1);	1874	atomic_set(&sk->sk_refcnt, 1);
1844	atomic_set(&sk->sk_wmem_alloc, 1);	1875	atomic_set(&sk->sk_wmem_alloc, 1);
1845	atomic_set(&sk->sk_drops, 0);	1876	atomic_set(&sk->sk_drops, 0);


diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index cd85ebc119a5..b902ef55be7f 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c
@@ -735,10 +735,10 @@ static int ipgre_tunnel_xmit(struct sk_buff skb, struct net_device dev)
735	}	735	}
736		736
737	tos = tiph->tos;	737	tos = tiph->tos;
738	if (tos&1) {	738	if (tos == 1) {
		739	tos = 0;
739	if (skb->protocol == htons(ETH_P_IP))	740	if (skb->protocol == htons(ETH_P_IP))
740	tos = old_iph->tos;	741	tos = old_iph->tos;
741	tos &= ~1;
742	}	742	}
743		743
744	{	744	{


diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 247026282669..7d0821054729 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c
@@ -1243,7 +1243,6 @@ int ip_push_pending_frames(struct sock *sk)
1243	skb->len += tmp_skb->len;	1243	skb->len += tmp_skb->len;
1244	skb->data_len += tmp_skb->len;	1244	skb->data_len += tmp_skb->len;
1245	skb->truesize += tmp_skb->truesize;	1245	skb->truesize += tmp_skb->truesize;
1246	__sock_put(tmp_skb->sk);
1247	tmp_skb->destructor = NULL;	1246	tmp_skb->destructor = NULL;
1248	tmp_skb->sk = NULL;	1247	tmp_skb->sk = NULL;
1249	}	1248	}


diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index dd1a980b8ac9..93beee944657 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c
@@ -1474,7 +1474,6 @@ int ip6_push_pending_frames(struct sock *sk)
1474	skb->len += tmp_skb->len;	1474	skb->len += tmp_skb->len;
1475	skb->data_len += tmp_skb->len;	1475	skb->data_len += tmp_skb->len;
1476	skb->truesize += tmp_skb->truesize;	1476	skb->truesize += tmp_skb->truesize;
1477	__sock_put(tmp_skb->sk);
1478	tmp_skb->destructor = NULL;	1477	tmp_skb->destructor = NULL;
1479	tmp_skb->sk = NULL;	1478	tmp_skb->sk = NULL;
1480	}	1479	}


diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index d0b850590faf..d335a306a4db 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c
@@ -1018,6 +1018,7 @@ static void ipip6_tunnel_setup(struct net_device *dev)
1018	dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);	1018	dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
1019	dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);	1019	dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
1020	dev->flags = IFF_NOARP;	1020	dev->flags = IFF_NOARP;
		1021	dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
1021	dev->iflink = 0;	1022	dev->iflink = 0;
1022	dev->addr_len = 4;	1023	dev->addr_len = 4;
1023	dev->features \|= NETIF_F_NETNS_LOCAL;	1024	dev->features \|= NETIF_F_NETNS_LOCAL;


diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 7508f11c5b39..b5869b9574b0 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c
@@ -561,23 +561,38 @@ struct nf_conn nf_conntrack_alloc(struct net net,
561	}	561	}
562	}	562	}
563		563
564	ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp);	564	/*
		565	* Do not use kmem_cache_zalloc(), as this cache uses
		566	* SLAB_DESTROY_BY_RCU.
		567	*/
		568	ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
565	if (ct == NULL) {	569	if (ct == NULL) {
566	pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");	570	pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
567	atomic_dec(&net->ct.count);	571	atomic_dec(&net->ct.count);
568	return ERR_PTR(-ENOMEM);	572	return ERR_PTR(-ENOMEM);
569	}	573	}
570		574	/*
		575	* Let ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.next
		576	* and ct->tuplehash[IP_CT_DIR_REPLY].hnnode.next unchanged.
		577	*/
		578	memset(&ct->tuplehash[IP_CT_DIR_MAX], 0,
		579	sizeof(*ct) - offsetof(struct nf_conn, tuplehash[IP_CT_DIR_MAX]));
571	spin_lock_init(&ct->lock);	580	spin_lock_init(&ct->lock);
572	atomic_set(&ct->ct_general.use, 1);
573	ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;	581	ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
		582	ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.pprev = NULL;
574	ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;	583	ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;
		584	ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev = NULL;
575	/* Don't set timer yet: wait for confirmation */	585	/* Don't set timer yet: wait for confirmation */
576	setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);	586	setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);
577	#ifdef CONFIG_NET_NS	587	#ifdef CONFIG_NET_NS
578	ct->ct_net = net;	588	ct->ct_net = net;
579	#endif	589	#endif
580		590
		591	/*
		592	* changes to lookup keys must be done before setting refcnt to 1
		593	*/
		594	smp_wmb();
		595	atomic_set(&ct->ct_general.use, 1);
581	return ct;	596	return ct;
582	}	597	}
583	EXPORT_SYMBOL_GPL(nf_conntrack_alloc);	598	EXPORT_SYMBOL_GPL(nf_conntrack_alloc);


diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c index 863e40977a4d..0f482e2440b4 100644 --- a/net/netfilter/xt_osf.c +++ b/net/netfilter/xt_osf.c
@@ -330,7 +330,8 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
330	fcount++;	330	fcount++;
331		331
332	if (info->flags & XT_OSF_LOG)	332	if (info->flags & XT_OSF_LOG)
333	nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL,	333	nf_log_packet(p->family, p->hooknum, skb,
		334	p->in, p->out, NULL,
334	"%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n",	335	"%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n",
335	f->genre, f->version, f->subtype,	336	f->genre, f->version, f->subtype,
336	&ip->saddr, ntohs(tcp->source),	337	&ip->saddr, ntohs(tcp->source),
@@ -345,7 +346,7 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
345	rcu_read_unlock();	346	rcu_read_unlock();
346		347
347	if (!fcount && (info->flags & XT_OSF_LOG))	348	if (!fcount && (info->flags & XT_OSF_LOG))
348	nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL,	349	nf_log_packet(p->family, p->hooknum, skb, p->in, p->out, NULL,
349	"Remote OS is not known: %pi4:%u -> %pi4:%u\n",	350	"Remote OS is not known: %pi4:%u -> %pi4:%u\n",
350	&ip->saddr, ntohs(tcp->source),	351	&ip->saddr, ntohs(tcp->source),
351	&ip->daddr, ntohs(tcp->dest));	352	&ip->daddr, ntohs(tcp->dest));