summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Documentation/DocBook/kernel-api.tmpl6
-rw-r--r--fs/compat_ioctl.c8
-rw-r--r--include/linux/netfilter_ipv4/ipt_sctp.h12
-rw-r--r--include/linux/skbuff.h7
-rw-r--r--include/net/ipv6.h2
-rw-r--r--net/core/filter.c6
-rw-r--r--net/dccp/proto.c1
-rw-r--r--net/ipv4/fib_trie.c3
-rw-r--r--net/ipv4/netfilter/Kconfig10
-rw-r--r--net/ipv6/addrconf.c10
-rw-r--r--net/ipv6/datagram.c2
-rw-r--r--net/ipv6/exthdrs.c22
-rw-r--r--net/ipv6/ip6_flowlabel.c16
-rw-r--r--net/ipv6/raw.c4
-rw-r--r--net/ipv6/udp.c4
-rw-r--r--net/sched/sch_netem.c2
16 files changed, 70 insertions, 45 deletions
diff --git a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl
index 096aed62c326..767433bdbc40 100644
--- a/Documentation/DocBook/kernel-api.tmpl
+++ b/Documentation/DocBook/kernel-api.tmpl
@@ -237,8 +237,10 @@ X!Ilib/string.c
<sect1><title>Driver Support</title>
!Enet/core/dev.c
!Enet/ethernet/eth.c
-!Einclude/linux/etherdevice.h
-!Enet/core/wireless.c
+!Iinclude/linux/etherdevice.h
+<!-- FIXME: Removed for now since no structured comments in source
+X!Enet/core/wireless.c
+-->
</sect1>
<sect1><title>Synchronous PPP</title>
!Edrivers/net/wan/syncppp.c
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index 31b7efd94d66..43a2508ac696 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -686,7 +686,8 @@ static int dev_ifconf(unsigned int fd, unsigned int cmd, unsigned long arg)
ifr = ifc.ifc_req;
ifr32 = compat_ptr(ifc32.ifcbuf);
- for (i = 0, j = 0; i < ifc32.ifc_len && j < ifc.ifc_len;
+ for (i = 0, j = 0;
+ i + sizeof (struct ifreq32) < ifc32.ifc_len && j < ifc.ifc_len;
i += sizeof (struct ifreq32), j += sizeof (struct ifreq)) {
if (copy_in_user(ifr32, ifr, sizeof (struct ifreq32)))
return -EFAULT;
@@ -702,10 +703,7 @@ static int dev_ifconf(unsigned int fd, unsigned int cmd, unsigned long arg)
i = ((i / sizeof(struct ifreq)) * sizeof(struct ifreq32));
ifc32.ifc_len = i;
} else {
- if (i <= ifc32.ifc_len)
- ifc32.ifc_len = i;
- else
- ifc32.ifc_len = i - sizeof (struct ifreq32);
+ ifc32.ifc_len = i;
}
if (copy_to_user(compat_ptr(arg), &ifc32, sizeof(struct ifconf32)))
return -EFAULT;
diff --git a/include/linux/netfilter_ipv4/ipt_sctp.h b/include/linux/netfilter_ipv4/ipt_sctp.h
index e93a9ec99fc2..80b3dbacd193 100644
--- a/include/linux/netfilter_ipv4/ipt_sctp.h
+++ b/include/linux/netfilter_ipv4/ipt_sctp.h
@@ -7,8 +7,6 @@
#define IPT_SCTP_VALID_FLAGS 0x07
-#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
-
struct ipt_sctp_flag_info {
u_int8_t chunktype;
@@ -59,21 +57,21 @@ struct ipt_sctp_info {
#define SCTP_CHUNKMAP_RESET(chunkmap) \
do { \
int i; \
- for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
+ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \
chunkmap[i] = 0; \
} while (0)
#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
do { \
int i; \
- for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
+ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \
chunkmap[i] = ~0; \
} while (0)
#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
do { \
int i; \
- for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
+ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \
destmap[i] = srcmap[i]; \
} while (0)
@@ -81,7 +79,7 @@ struct ipt_sctp_info {
({ \
int i; \
int flag = 1; \
- for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
+ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \
if (chunkmap[i]) { \
flag = 0; \
break; \
@@ -94,7 +92,7 @@ struct ipt_sctp_info {
({ \
int i; \
int flag = 1; \
- for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
+ for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \
if (chunkmap[i] != ~0) { \
flag = 0; \
break; \
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 0a8ea8b35816..8c5d6001a923 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -206,6 +206,7 @@ enum {
* @nfct: Associated connection, if any
* @ipvs_property: skbuff is owned by ipvs
* @nfctinfo: Relationship of this skb to the connection
+ * @nfct_reasm: netfilter conntrack re-assembly pointer
* @nf_bridge: Saved data about a bridged frame - see br_netfilter.c
* @tc_index: Traffic control index
* @tc_verd: traffic control verdict
@@ -264,16 +265,14 @@ struct sk_buff {
nohdr:1,
nfctinfo:3;
__u8 pkt_type:3,
- fclone:2;
+ fclone:2,
+ ipvs_property:1;
__be16 protocol;
void (*destructor)(struct sk_buff *skb);
#ifdef CONFIG_NETFILTER
__u32 nfmark;
struct nf_conntrack *nfct;
-#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
- __u8 ipvs_property:1;
-#endif
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
struct sk_buff *nfct_reasm;
#endif
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 6addb4d464d6..0a2ad51cff82 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -237,6 +237,8 @@ extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_t
int newtype,
struct ipv6_opt_hdr __user *newopt,
int newoptlen);
+struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
+ struct ipv6_txoptions *opt);
extern int ip6_frag_nqueues;
extern atomic_t ip6_frag_mem;
diff --git a/net/core/filter.c b/net/core/filter.c
index 079c2edff789..2841bfce29d6 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -116,8 +116,6 @@ int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen)
A /= X;
continue;
case BPF_ALU|BPF_DIV|BPF_K:
- if (fentry->k == 0)
- return 0;
A /= fentry->k;
continue;
case BPF_ALU|BPF_AND|BPF_X:
@@ -320,6 +318,10 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
}
}
+ /* check for division by zero -Kris Katterjohn 2005-10-30 */
+ if (ftest->code == (BPF_ALU|BPF_DIV|BPF_K) && ftest->k == 0)
+ return -EINVAL;
+
/* check that memory operations use valid addresses. */
if (ftest->k >= BPF_MEMWORDS) {
/* but it might not be a memory operation... */
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index e0ace7cbb996..8a6b2a9e4581 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -46,6 +46,7 @@ atomic_t dccp_orphan_count = ATOMIC_INIT(0);
static struct net_protocol dccp_protocol = {
.handler = dccp_v4_rcv,
.err_handler = dccp_v4_err,
+ .no_policy = 1,
};
const char *dccp_packet_name(const int type)
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 66247f38b371..705e3ce86df9 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -2378,6 +2378,7 @@ static unsigned fib_flag_trans(int type, u32 mask, const struct fib_info *fi)
*/
static int fib_route_seq_show(struct seq_file *seq, void *v)
{
+ const struct fib_trie_iter *iter = seq->private;
struct leaf *l = v;
int i;
char bf[128];
@@ -2389,6 +2390,8 @@ static int fib_route_seq_show(struct seq_file *seq, void *v)
return 0;
}
+ if (iter->trie == trie_local)
+ return 0;
if (IS_TNODE(l))
return 0;
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 9d3c8b5f327e..0bc00528d888 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -440,7 +440,7 @@ config IP_NF_MATCH_COMMENT
config IP_NF_MATCH_CONNMARK
tristate 'Connection mark match support'
depends on IP_NF_IPTABLES
- depends on IP_NF_CONNTRACK_MARK || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
+ depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
help
This option adds a `connmark' match, which allows you to match the
connection mark value previously set for the session by `CONNMARK'.
@@ -452,7 +452,7 @@ config IP_NF_MATCH_CONNMARK
config IP_NF_MATCH_CONNBYTES
tristate 'Connection byte/packet counter match support'
depends on IP_NF_IPTABLES
- depends on IP_NF_CT_ACCT || (NF_CT_ACCT && NF_CONNTRACK_IPV4)
+ depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK_IPV4)
help
This option adds a `connbytes' match, which allows you to match the
number of bytes and/or packets for each direction within a connection.
@@ -767,7 +767,7 @@ config IP_NF_TARGET_TTL
config IP_NF_TARGET_CONNMARK
tristate 'CONNMARK target support'
depends on IP_NF_MANGLE
- depends on IP_NF_CONNTRACK_MARK || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
+ depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
help
This option adds a `CONNMARK' target, which allows one to manipulate
the connection mark value. Similar to the MARK target, but
@@ -779,8 +779,8 @@ config IP_NF_TARGET_CONNMARK
config IP_NF_TARGET_CLUSTERIP
tristate "CLUSTERIP target support (EXPERIMENTAL)"
- depends on IP_NF_IPTABLES && EXPERIMENTAL
- depends on IP_NF_CONNTRACK_MARK || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
+ depends on IP_NF_MANGLE && EXPERIMENTAL
+ depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
help
The CLUSTERIP target allows you to build load-balancing clusters of
network servers without having a dedicated load-balancing
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 56a09a4ac410..a16064ba0caf 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2627,7 +2627,7 @@ static void addrconf_verify(unsigned long foo)
for (i=0; i < IN6_ADDR_HSIZE; i++) {
restart:
- write_lock(&addrconf_hash_lock);
+ read_lock(&addrconf_hash_lock);
for (ifp=inet6_addr_lst[i]; ifp; ifp=ifp->lst_next) {
unsigned long age;
#ifdef CONFIG_IPV6_PRIVACY
@@ -2649,7 +2649,7 @@ restart:
if (age >= ifp->valid_lft) {
spin_unlock(&ifp->lock);
in6_ifa_hold(ifp);
- write_unlock(&addrconf_hash_lock);
+ read_unlock(&addrconf_hash_lock);
ipv6_del_addr(ifp);
goto restart;
} else if (age >= ifp->prefered_lft) {
@@ -2668,7 +2668,7 @@ restart:
if (deprecate) {
in6_ifa_hold(ifp);
- write_unlock(&addrconf_hash_lock);
+ read_unlock(&addrconf_hash_lock);
ipv6_ifa_notify(0, ifp);
in6_ifa_put(ifp);
@@ -2686,7 +2686,7 @@ restart:
in6_ifa_hold(ifp);
in6_ifa_hold(ifpub);
spin_unlock(&ifp->lock);
- write_unlock(&addrconf_hash_lock);
+ read_unlock(&addrconf_hash_lock);
ipv6_create_tempaddr(ifpub, ifp);
in6_ifa_put(ifpub);
in6_ifa_put(ifp);
@@ -2703,7 +2703,7 @@ restart:
spin_unlock(&ifp->lock);
}
}
- write_unlock(&addrconf_hash_lock);
+ read_unlock(&addrconf_hash_lock);
}
addr_chk_timer.expires = time_before(next, jiffies + HZ) ? jiffies + HZ : next;
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index cc518405b3e1..c4a3a993acb7 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -437,7 +437,7 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
break;
case IPPROTO_AH:
nexthdr = ptr[0];
- len = (ptr[1] + 1) << 2;
+ len = (ptr[1] + 2) << 2;
break;
default:
nexthdr = ptr[0];
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 922549581abc..be6faf311387 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -628,6 +628,7 @@ ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
if (!tot_len)
return NULL;
+ tot_len += sizeof(*opt2);
opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
if (!opt2)
return ERR_PTR(-ENOBUFS);
@@ -668,7 +669,26 @@ ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
return opt2;
out:
- sock_kfree_s(sk, p, tot_len);
+ sock_kfree_s(sk, opt2, opt2->tot_len);
return ERR_PTR(err);
}
+struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
+ struct ipv6_txoptions *opt)
+{
+ /*
+ * ignore the dest before srcrt unless srcrt is being included.
+ * --yoshfuji
+ */
+ if (opt && opt->dst0opt && !opt->srcrt) {
+ if (opt_space != opt) {
+ memcpy(opt_space, opt, sizeof(*opt_space));
+ opt = opt_space;
+ }
+ opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
+ opt->dst0opt = NULL;
+ }
+
+ return opt;
+}
+
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index bbbe80cdaf72..1cf02765fb5c 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -225,20 +225,16 @@ struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions * opt_space,
struct ip6_flowlabel * fl,
struct ipv6_txoptions * fopt)
{
- struct ipv6_txoptions * fl_opt = fl ? fl->opt : NULL;
-
- if (fopt == NULL || fopt->opt_flen == 0) {
- if (!fl_opt || !fl_opt->dst0opt || fl_opt->srcrt)
- return fl_opt;
- }
-
+ struct ipv6_txoptions * fl_opt = fl->opt;
+
+ if (fopt == NULL || fopt->opt_flen == 0)
+ return fl_opt;
+
if (fl_opt != NULL) {
opt_space->hopopt = fl_opt->hopopt;
- opt_space->dst0opt = fl_opt->srcrt ? fl_opt->dst0opt : NULL;
+ opt_space->dst0opt = fl_opt->dst0opt;
opt_space->srcrt = fl_opt->srcrt;
opt_space->opt_nflen = fl_opt->opt_nflen;
- if (fl_opt->dst0opt && !fl_opt->srcrt)
- opt_space->opt_nflen -= ipv6_optlen(fl_opt->dst0opt);
} else {
if (fopt->opt_nflen == 0)
return fopt;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 8e9628f1c4c5..a66900cda2af 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -748,7 +748,9 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
}
if (opt == NULL)
opt = np->opt;
- opt = fl6_merge_options(&opt_space, flowlabel, opt);
+ if (flowlabel)
+ opt = fl6_merge_options(&opt_space, flowlabel, opt);
+ opt = ipv6_fixup_options(&opt_space, opt);
fl.proto = proto;
rawv6_probe_proto_opt(&fl, msg);
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index e671153b47b2..5cc8731eb55b 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -771,7 +771,9 @@ do_udp_sendmsg:
}
if (opt == NULL)
opt = np->opt;
- opt = fl6_merge_options(&opt_space, flowlabel, opt);
+ if (flowlabel)
+ opt = fl6_merge_options(&opt_space, flowlabel, opt);
+ opt = ipv6_fixup_options(&opt_space, opt);
fl->proto = IPPROTO_UDP;
ipv6_addr_copy(&fl->fl6_dst, daddr);
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index cdc8d283791c..82fb07aa06a5 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -464,7 +464,7 @@ static int tfifo_enqueue(struct sk_buff *nskb, struct Qdisc *sch)
const struct netem_skb_cb *cb
= (const struct netem_skb_cb *)skb->cb;
- if (PSCHED_TLESS(cb->time_to_send, ncb->time_to_send))
+ if (!PSCHED_TLESS(ncb->time_to_send, cb->time_to_send))
break;
}