diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/af_inet.c | 2 | ||||
| -rw-r--r-- | net/ipv4/devinet.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_MASQUERADE.c | 5 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_standalone.c | 2 | ||||
| -rw-r--r-- | net/ipv4/tcp_input.c | 6 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 2 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 3 | ||||
| -rw-r--r-- | net/ipv4/tcp_probe.c | 2 |
12 files changed, 31 insertions, 20 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 1144900d37f6..864009643675 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -305,7 +305,7 @@ lookup_protocol: sk->sk_reuse = 1; inet = inet_sk(sk); - inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; + inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0; if (SOCK_RAW == sock->type) { inet->num = protocol; diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 84bed40273ad..480ace9819f6 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -165,9 +165,8 @@ struct in_device *inetdev_init(struct net_device *dev) NET_IPV4_NEIGH, "ipv4", NULL, NULL); #endif - /* Account for reference dev->ip_ptr */ + /* Account for reference dev->ip_ptr (below) */ in_dev_hold(in_dev); - rcu_assign_pointer(dev->ip_ptr, in_dev); #ifdef CONFIG_SYSCTL devinet_sysctl_register(in_dev, &in_dev->cnf); @@ -175,6 +174,9 @@ struct in_device *inetdev_init(struct net_device *dev) ip_mc_init_dev(in_dev); if (dev->flags & IFF_UP) ip_mc_up(in_dev); + + /* we can receive as soon as ip_ptr is set -- do this last */ + rcu_assign_pointer(dev->ip_ptr, in_dev); out: return in_dev; out_kfree: diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index a68966059b50..c47ce7076bd5 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c @@ -15,16 +15,19 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) struct flowi fl = {}; struct dst_entry *odst; unsigned int hh_len; + unsigned int type; + type = inet_addr_type(iph->saddr); if (addr_type == RTN_UNSPEC) - addr_type = inet_addr_type(iph->saddr); + addr_type = type; /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook. */ if (addr_type == RTN_LOCAL) { fl.nl_u.ip4_u.daddr = iph->daddr; - fl.nl_u.ip4_u.saddr = iph->saddr; + if (type == RTN_LOCAL) + fl.nl_u.ip4_u.saddr = iph->saddr; fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; fl.mark = (*pskb)->mark; diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index f6026d4ac428..47bd3ad18b71 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig @@ -6,8 +6,8 @@ menu "IP: Netfilter Configuration" depends on INET && NETFILTER config NF_CONNTRACK_IPV4 - tristate "IPv4 connection tracking support (required for NAT) (EXPERIMENTAL)" - depends on EXPERIMENTAL && NF_CONNTRACK + tristate "IPv4 connection tracking support (required for NAT)" + depends on NF_CONNTRACK ---help--- Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 5fcf91d617cd..6f31fad9be13 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -959,7 +959,7 @@ ctnetlink_create_conntrack(struct nfattr *cda[], if (cda[CTA_PROTOINFO-1]) { err = ctnetlink_change_protoinfo(ct, cda); if (err < 0) - return err; + goto err; } #if defined(CONFIG_IP_NF_CONNTRACK_MARK) diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 09696f16aa95..fc1f153c86ba 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -919,13 +919,13 @@ copy_entries_to_user(unsigned int total_size, #ifdef CONFIG_COMPAT struct compat_delta { struct compat_delta *next; - u_int16_t offset; + unsigned int offset; short delta; }; static struct compat_delta *compat_offsets = NULL; -static int compat_add_offset(u_int16_t offset, short delta) +static int compat_add_offset(unsigned int offset, short delta) { struct compat_delta *tmp; @@ -957,7 +957,7 @@ static void compat_flush_offsets(void) } } -static short compat_calc_jump(u_int16_t offset) +static short compat_calc_jump(unsigned int offset) { struct compat_delta *tmp; short delta; @@ -997,7 +997,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info, void *base, struct xt_table_info *newinfo) { struct ipt_entry_target *t; - u_int16_t entry_offset; + unsigned int entry_offset; int off, i, ret; off = 0; @@ -1467,7 +1467,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, { struct ipt_entry_target *t; struct ipt_target *target; - u_int16_t entry_offset; + unsigned int entry_offset; int ret, off, h, j; duprintf("check_compat_entry_size_and_hooks %p\n", e); diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 28b9233956b5..d669685afd04 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c @@ -127,10 +127,13 @@ masquerade_target(struct sk_buff **pskb, static inline int device_cmp(struct ip_conntrack *i, void *ifindex) { + int ret; #ifdef CONFIG_NF_NAT_NEEDED struct nf_conn_nat *nat = nfct_nat(i); + + if (!nat) + return 0; #endif - int ret; read_lock_bh(&masq_lock); #ifdef CONFIG_NF_NAT_NEEDED diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 730a7a44c883..00d6dea9f7f3 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c @@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum, nat = nfct_nat(ct); if (!nat) - return NF_DROP; + return NF_ACCEPT; switch (ctinfo) { case IP_CT_RELATED: diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index c701f6abbfc1..5c16e24a6061 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4420,9 +4420,11 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, * But, this leaves one open to an easy denial of * service attack, and SYN cookies can't defend * against this problem. So, we drop the data - * in the interest of security over speed. + * in the interest of security over speed unless + * it's still in use. */ - goto discard; + kfree_skb(skb); + return 0; } goto discard; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index bf7a22412bcb..12de90a5047c 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -648,7 +648,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk, TCPOLEN_TIMESTAMP); rep.opt[1] = htonl(tcp_time_stamp); rep.opt[2] = htonl(ts); - arg.iov[0].iov_len = TCPOLEN_TSTAMP_ALIGNED; + arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED; } /* Swap the send and the receive. */ diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 32c1a972fa31..23e32c806916 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -1650,7 +1650,8 @@ static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *skb, int m memcpy(skb_put(skb, next_skb_size), next_skb->data, next_skb_size); - skb->ip_summed = next_skb->ip_summed; + if (next_skb->ip_summed == CHECKSUM_PARTIAL) + skb->ip_summed = CHECKSUM_PARTIAL; if (skb->ip_summed != CHECKSUM_PARTIAL) skb->csum = csum_block_add(skb->csum, next_skb->csum, skb_size); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index f230eeecf092..41c157848181 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c @@ -30,7 +30,7 @@ #include <net/tcp.h> -MODULE_AUTHOR("Stephen Hemminger <shemminger@osdl.org>"); +MODULE_AUTHOR("Stephen Hemminger <shemminger@linux-foundation.org>"); MODULE_DESCRIPTION("TCP cwnd snooper"); MODULE_LICENSE("GPL"); |
