aboutsummaryrefslogtreecommitdiff
path: root/net/ipv4
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/af_inet.c2
-rw-r--r--net/ipv4/ipcomp.c7
-rw-r--r--net/ipv4/netfilter/Kconfig2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c11
-rw-r--r--net/ipv4/netfilter/ip_tables.c33
-rw-r--r--net/ipv4/route.c5
-rw-r--r--net/ipv4/tcp_output.c10
-rw-r--r--net/ipv4/xfrm4_output.c2
8 files changed, 38 insertions, 34 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index dc206f1f914..0a277453526 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1257,7 +1257,7 @@ out_unregister_udp_proto:
goto out;
}
-module_init(inet_init);
+fs_initcall(inet_init);
/* ------------------------------------------------------------------------ */
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 04a42946566..cd810f41af1 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -290,11 +290,8 @@ static void ipcomp_free_scratches(void)
if (!scratches)
return;
- for_each_possible_cpu(i) {
- void *scratch = *per_cpu_ptr(scratches, i);
- if (scratch)
- vfree(scratch);
- }
+ for_each_possible_cpu(i)
+ vfree(*per_cpu_ptr(scratches, i));
free_percpu(scratches);
}
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index c60fd5c4ea1..3d560dec63a 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -345,7 +345,7 @@ config IP_NF_TARGET_LOG
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_ULOG
- tristate "ULOG target support (OBSOLETE)"
+ tristate "ULOG target support"
depends on IP_NF_IPTABLES
---help---
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 5259abd0fb4..0416073c560 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_conntrack *conntrack,
flag = 1;
}
- /* Cookie Ack/Echo chunks not the first OR
- Init / Init Ack / Shutdown compl chunks not the only chunks */
- if ((sch->type == SCTP_CID_COOKIE_ACK
+ /*
+ * Cookie Ack/Echo chunks not the first OR
+ * Init / Init Ack / Shutdown compl chunks not the only chunks
+ * OR zero-length.
+ */
+ if (((sch->type == SCTP_CID_COOKIE_ACK
|| sch->type == SCTP_CID_COOKIE_ECHO
|| flag)
- && count !=0 ) {
+ && count !=0) || !sch->length) {
DEBUGP("Basic checks failed\n");
return 1;
}
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d25ac8ba6eb..6d1c1156394 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -956,15 +956,16 @@ struct compat_ipt_standard_target
compat_int_t verdict;
};
-#define IPT_ST_OFFSET (sizeof(struct ipt_standard_target) - \
- sizeof(struct compat_ipt_standard_target))
-
struct compat_ipt_standard
{
struct compat_ipt_entry entry;
struct compat_ipt_standard_target target;
};
+#define IPT_ST_LEN XT_ALIGN(sizeof(struct ipt_standard_target))
+#define IPT_ST_COMPAT_LEN COMPAT_XT_ALIGN(sizeof(struct compat_ipt_standard_target))
+#define IPT_ST_OFFSET (IPT_ST_LEN - IPT_ST_COMPAT_LEN)
+
static int compat_ipt_standard_fn(void *target,
void **dstptr, int *size, int convert)
{
@@ -975,35 +976,29 @@ static int compat_ipt_standard_fn(void *target,
ret = 0;
switch (convert) {
case COMPAT_TO_USER:
- pst = (struct ipt_standard_target *)target;
+ pst = target;
memcpy(&compat_st.target, &pst->target,
- sizeof(struct ipt_entry_target));
+ sizeof(compat_st.target));
compat_st.verdict = pst->verdict;
if (compat_st.verdict > 0)
compat_st.verdict -=
compat_calc_jump(compat_st.verdict);
- compat_st.target.u.user.target_size =
- sizeof(struct compat_ipt_standard_target);
- if (__copy_to_user(*dstptr, &compat_st,
- sizeof(struct compat_ipt_standard_target)))
+ compat_st.target.u.user.target_size = IPT_ST_COMPAT_LEN;
+ if (copy_to_user(*dstptr, &compat_st, IPT_ST_COMPAT_LEN))
ret = -EFAULT;
*size -= IPT_ST_OFFSET;
- *dstptr += sizeof(struct compat_ipt_standard_target);
+ *dstptr += IPT_ST_COMPAT_LEN;
break;
case COMPAT_FROM_USER:
- pcompat_st =
- (struct compat_ipt_standard_target *)target;
- memcpy(&st.target, &pcompat_st->target,
- sizeof(struct ipt_entry_target));
+ pcompat_st = target;
+ memcpy(&st.target, &pcompat_st->target, IPT_ST_COMPAT_LEN);
st.verdict = pcompat_st->verdict;
if (st.verdict > 0)
st.verdict += compat_calc_jump(st.verdict);
- st.target.u.user.target_size =
- sizeof(struct ipt_standard_target);
- memcpy(*dstptr, &st,
- sizeof(struct ipt_standard_target));
+ st.target.u.user.target_size = IPT_ST_LEN;
+ memcpy(*dstptr, &st, IPT_ST_LEN);
*size += IPT_ST_OFFSET;
- *dstptr += sizeof(struct ipt_standard_target);
+ *dstptr += IPT_ST_LEN;
break;
case COMPAT_CALC_SIZE:
*size += IPT_ST_OFFSET;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index ff434821909..cc9423de731 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2741,7 +2741,10 @@ int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
/* Reserve room for dummy headers, this skb can pass
through good chunk of routing engine.
*/
- skb->mac.raw = skb->data;
+ skb->mac.raw = skb->nh.raw = skb->data;
+
+ /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
+ skb->nh.iph->protocol = IPPROTO_ICMP;
skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
if (rta[RTA_SRC - 1])
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index b871db6adc5..743016baa04 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -465,7 +465,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
TCP_INC_STATS(TCP_MIB_OUTSEGS);
err = icsk->icsk_af_ops->queue_xmit(skb, 0);
- if (unlikely(err <= 0))
+ if (likely(err <= 0))
return err;
tcp_enter_cwr(sk);
@@ -533,6 +533,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
struct tcp_sock *tp = tcp_sk(sk);
struct sk_buff *buff;
int nsize, old_factor;
+ int nlen;
u16 flags;
BUG_ON(len > skb->len);
@@ -551,7 +552,11 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC);
if (buff == NULL)
return -ENOMEM; /* We'll just try again later. */
+
sk_charge_skb(sk, buff);
+ nlen = skb->len - len - nsize;
+ buff->truesize += nlen;
+ skb->truesize -= nlen;
/* Correct the sequence numbers. */
TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
@@ -1037,7 +1042,8 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
if (unlikely(buff == NULL))
return -ENOMEM;
- buff->truesize = nlen;
+ sk_charge_skb(sk, buff);
+ buff->truesize += nlen;
skb->truesize -= nlen;
/* Correct the sequence numbers. */
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 32ad229b4fe..4ef8efaf6a6 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -62,7 +62,7 @@ static void xfrm4_encap(struct sk_buff *skb)
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
0 : (iph->frag_off & htons(IP_DF));
if (!top_iph->frag_off)
- __ip_select_ident(top_iph, dst, 0);
+ __ip_select_ident(top_iph, dst->child, 0);
top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 17:53:20 +0000