Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
6e27cd69
Commit
6e27cd69
authored
Jan 09, 2003
by
Linus Torvalds
Committed by
Linus Torvalds
Jan 09, 2003
Browse files
Options
Browse Files
Download
Plain Diff
Merge
bk://kernel.bkbits.net/davem/net-2.5
into home.transmeta.com:/home/torvalds/v2.5/linux
parents
03a85f8e
c74f2a09
Changes
16
Show whitespace changes
Inline
Side-by-side
Showing
16 changed files
with
226 additions
and
55 deletions
+226
-55
Documentation/crypto/api-intro.txt
Documentation/crypto/api-intro.txt
+2
-0
Documentation/networking/NAPI_HOWTO.txt
Documentation/networking/NAPI_HOWTO.txt
+17
-0
crypto/Kconfig
crypto/Kconfig
+5
-0
crypto/aes.c
crypto/aes.c
+2
-0
include/linux/netfilter_ipv4/ip_nat_helper.h
include/linux/netfilter_ipv4/ip_nat_helper.h
+7
-0
net/ipv4/netfilter/ip_conntrack_core.c
net/ipv4/netfilter/ip_conntrack_core.c
+17
-12
net/ipv4/netfilter/ip_conntrack_ftp.c
net/ipv4/netfilter/ip_conntrack_ftp.c
+3
-3
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+2
-1
net/ipv4/netfilter/ip_nat_helper.c
net/ipv4/netfilter/ip_nat_helper.c
+144
-33
net/ipv4/netfilter/ip_nat_standalone.c
net/ipv4/netfilter/ip_nat_standalone.c
+1
-0
net/ipv4/netfilter/ipt_ECN.c
net/ipv4/netfilter/ipt_ECN.c
+2
-2
net/ipv4/netfilter/ipt_REJECT.c
net/ipv4/netfilter/ipt_REJECT.c
+16
-0
net/ipv4/netfilter/ipt_ULOG.c
net/ipv4/netfilter/ipt_ULOG.c
+4
-2
net/ipv4/netfilter/ipt_multiport.c
net/ipv4/netfilter/ipt_multiport.c
+1
-1
net/ipv4/xfrm_algo.c
net/ipv4/xfrm_algo.c
+2
-0
net/ipv6/af_inet6.c
net/ipv6/af_inet6.c
+1
-1
No files found.
Documentation/crypto/api-intro.txt
View file @
6e27cd69
...
@@ -206,6 +206,8 @@ SHA256 algorithm contributors:
...
@@ -206,6 +206,8 @@ SHA256 algorithm contributors:
AES algorithm contributors:
AES algorithm contributors:
Alexander Kjeldaas
Alexander Kjeldaas
Herbert Valerio Riedel
Kyle McMartin
Adam J. Richter
Adam J. Richter
Please send any credits updates or corrections to:
Please send any credits updates or corrections to:
...
...
Documentation/networking/NAPI_HOWTO.txt
View file @
6e27cd69
...
@@ -721,6 +721,23 @@ might come in, we attempt to re-add ourselves to the poll list.
...
@@ -721,6 +721,23 @@ might come in, we attempt to re-add ourselves to the poll list.
APPENDIX 3: Scheduling issues.
==============================
As seen NAPI moves processing to softirq level. Linux uses the ksoftirqd as the
general solution to schedule softirq's to run before next interrupt and by putting
them under scheduler control. Also this prevents consecutive softirq's from
monopolize the CPU. This also have the effect that the priority of ksoftirq needs
to be considered when running very CPU-intensive applications and networking to
get the proper balance of softirq/user balance. Increasing ksoftirq priority to 0
(eventually more) is reported cure problems with low network performance at high
CPU load.
Most used processes in a GIGE router:
USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
root 3 0.2 0.0 0 0 ? RWN Aug 15 602:00 (ksoftirqd_CPU0)
root 232 0.0 7.9 41400 40884 ? S Aug 15 74:12 gated
--------------------------------------------------------------------
--------------------------------------------------------------------
relevant sites:
relevant sites:
...
...
crypto/Kconfig
View file @
6e27cd69
...
@@ -6,12 +6,14 @@ menu "Cryptographic options"
...
@@ -6,12 +6,14 @@ menu "Cryptographic options"
config CRYPTO
config CRYPTO
bool "Cryptographic API"
bool "Cryptographic API"
default y if INET_AH=y || INET_AH=m || INET_ESP=y || INET_ESP=m
help
help
This option provides the core Cryptographic API.
This option provides the core Cryptographic API.
config CRYPTO_HMAC
config CRYPTO_HMAC
bool "HMAC support"
bool "HMAC support"
depends on CRYPTO
depends on CRYPTO
default y if INET_AH=y || INET_AH=m || INET_ESP=y || INET_ESP=m
help
help
HMAC: Keyed-Hashing for Message Authentication (RFC2104).
HMAC: Keyed-Hashing for Message Authentication (RFC2104).
This is required for IPSec.
This is required for IPSec.
...
@@ -31,12 +33,14 @@ config CRYPTO_MD4
...
@@ -31,12 +33,14 @@ config CRYPTO_MD4
config CRYPTO_MD5
config CRYPTO_MD5
tristate "MD5 digest algorithm"
tristate "MD5 digest algorithm"
depends on CRYPTO
depends on CRYPTO
default y if INET_AH=y || INET_AH=m || INET_ESP=y || INET_ESP=m
help
help
MD5 message digest algorithm (RFC1321).
MD5 message digest algorithm (RFC1321).
config CRYPTO_SHA1
config CRYPTO_SHA1
tristate "SHA1 digest algorithm"
tristate "SHA1 digest algorithm"
depends on CRYPTO
depends on CRYPTO
default y if INET_AH=y || INET_AH=m || INET_ESP=y || INET_ESP=m
help
help
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
...
@@ -52,6 +56,7 @@ config CRYPTO_SHA256
...
@@ -52,6 +56,7 @@ config CRYPTO_SHA256
config CRYPTO_DES
config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms"
tristate "DES and Triple DES EDE cipher algorithms"
depends on CRYPTO
depends on CRYPTO
default y if INET_AH=y || INET_AH=m || INET_ESP=y || INET_ESP=m
help
help
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
...
...
crypto/aes.c
View file @
6e27cd69
...
@@ -7,6 +7,8 @@
...
@@ -7,6 +7,8 @@
*
*
* Linux developers:
* Linux developers:
* Alexander Kjeldaas <astor@fast.no>
* Alexander Kjeldaas <astor@fast.no>
* Herbert Valerio Riedel <hvr@hvrlab.org>
* Kyle McMartin <kyle@debian.org>
* Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).
* Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).
*
*
* This program is free software; you can redistribute it and/or modify
* This program is free software; you can redistribute it and/or modify
...
...
include/linux/netfilter_ipv4/ip_nat_helper.h
View file @
6e27cd69
...
@@ -50,6 +50,13 @@ extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb,
...
@@ -50,6 +50,13 @@ extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb,
unsigned
int
match_len
,
unsigned
int
match_len
,
char
*
rep_buffer
,
char
*
rep_buffer
,
unsigned
int
rep_len
);
unsigned
int
rep_len
);
extern
int
ip_nat_mangle_udp_packet
(
struct
sk_buff
**
skb
,
struct
ip_conntrack
*
ct
,
enum
ip_conntrack_info
ctinfo
,
unsigned
int
match_offset
,
unsigned
int
match_len
,
char
*
rep_buffer
,
unsigned
int
rep_len
);
extern
int
ip_nat_seq_adjust
(
struct
sk_buff
*
skb
,
extern
int
ip_nat_seq_adjust
(
struct
sk_buff
*
skb
,
struct
ip_conntrack
*
ct
,
struct
ip_conntrack
*
ct
,
enum
ip_conntrack_info
ctinfo
);
enum
ip_conntrack_info
ctinfo
);
...
...
net/ipv4/netfilter/ip_conntrack_core.c
View file @
6e27cd69
...
@@ -967,22 +967,27 @@ int ip_conntrack_expect_related(struct ip_conntrack *related_to,
...
@@ -967,22 +967,27 @@ int ip_conntrack_expect_related(struct ip_conntrack *related_to,
related_to
->
expecting
>=
related_to
->
helper
->
max_expected
)
{
related_to
->
expecting
>=
related_to
->
helper
->
max_expected
)
{
struct
list_head
*
cur_item
;
struct
list_head
*
cur_item
;
/* old == NULL */
/* old == NULL */
if
(
!
(
related_to
->
helper
->
flags
&
IP_CT_HELPER_F_REUSE_EXPECT
))
{
WRITE_UNLOCK
(
&
ip_conntrack_lock
);
if
(
net_ratelimit
())
if
(
net_ratelimit
())
printk
(
KERN_WARNING
printk
(
KERN_WARNING
"ip_conntrack: max number of expected "
"ip_conntrack: max number of expected "
"connections %i of %s reached for "
"connections %i of %s reached for "
"%u.%u.%u.%u->%u.%u.%u.%u%s
\n
"
,
"%u.%u.%u.%u->%u.%u.%u.%u
\n
"
,
related_to
->
helper
->
max_expected
,
related_to
->
helper
->
max_expected
,
related_to
->
helper
->
name
,
related_to
->
helper
->
name
,
NIPQUAD
(
related_to
->
tuplehash
[
IP_CT_DIR_ORIGINAL
].
tuple
.
src
.
ip
),
NIPQUAD
(
related_to
->
tuplehash
[
IP_CT_DIR_ORIGINAL
].
tuple
.
src
.
ip
),
NIPQUAD
(
related_to
->
tuplehash
[
IP_CT_DIR_ORIGINAL
].
tuple
.
dst
.
ip
),
NIPQUAD
(
related_to
->
tuplehash
[
IP_CT_DIR_ORIGINAL
].
tuple
.
dst
.
ip
));
related_to
->
helper
->
flags
&
IP_CT_HELPER_F_REUSE_EXPECT
?
", reusing"
:
""
);
if
(
!
(
related_to
->
helper
->
flags
&
IP_CT_HELPER_F_REUSE_EXPECT
))
{
WRITE_UNLOCK
(
&
ip_conntrack_lock
);
return
-
EPERM
;
return
-
EPERM
;
}
}
DEBUGP
(
"ip_conntrack: max number of expected "
"connections %i of %s reached for "
"%u.%u.%u.%u->%u.%u.%u.%u, reusing
\n
"
,
related_to
->
helper
->
max_expected
,
related_to
->
helper
->
name
,
NIPQUAD
(
related_to
->
tuplehash
[
IP_CT_DIR_ORIGINAL
].
tuple
.
src
.
ip
),
NIPQUAD
(
related_to
->
tuplehash
[
IP_CT_DIR_ORIGINAL
].
tuple
.
dst
.
ip
));
/* choose the the oldest expectation to evict */
/* choose the the oldest expectation to evict */
list_for_each
(
cur_item
,
&
related_to
->
sibling_list
)
{
list_for_each
(
cur_item
,
&
related_to
->
sibling_list
)
{
...
...
net/ipv4/netfilter/ip_conntrack_ftp.c
View file @
6e27cd69
...
@@ -200,7 +200,7 @@ static int find_pattern(const char *data, size_t dlen,
...
@@ -200,7 +200,7 @@ static int find_pattern(const char *data, size_t dlen,
DEBUGP("ftp: string mismatch\n");
DEBUGP("ftp: string mismatch\n");
for (i = 0; i < plen; i++) {
for (i = 0; i < plen; i++) {
DEBUG
FT
P("ftp:char %u `%c'(%u) vs `%c'(%u)\n",
DEBUGP("ftp:char %u `%c'(%u) vs `%c'(%u)\n",
i, data[i], data[i],
i, data[i], data[i],
pattern[i], pattern[i]);
pattern[i], pattern[i]);
}
}
...
...
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
View file @
6e27cd69
...
@@ -186,13 +186,13 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -186,13 +186,13 @@ static int tcp_packet(struct ip_conntrack *conntrack,
&&
tcph
->
syn
&&
tcph
->
ack
)
&&
tcph
->
syn
&&
tcph
->
ack
)
conntrack
->
proto
.
tcp
.
handshake_ack
conntrack
->
proto
.
tcp
.
handshake_ack
=
htonl
(
ntohl
(
tcph
->
seq
)
+
1
);
=
htonl
(
ntohl
(
tcph
->
seq
)
+
1
);
WRITE_UNLOCK
(
&
tcp_lock
);
/* If only reply is a RST, we can consider ourselves not to
/* If only reply is a RST, we can consider ourselves not to
have an established connection: this is a fairly common
have an established connection: this is a fairly common
problem case, so we can delete the conntrack
problem case, so we can delete the conntrack
immediately. --RR */
immediately. --RR */
if
(
!
(
conntrack
->
status
&
IPS_SEEN_REPLY
)
&&
tcph
->
rst
)
{
if
(
!
(
conntrack
->
status
&
IPS_SEEN_REPLY
)
&&
tcph
->
rst
)
{
WRITE_UNLOCK
(
&
tcp_lock
);
if
(
del_timer
(
&
conntrack
->
timeout
))
if
(
del_timer
(
&
conntrack
->
timeout
))
conntrack
->
timeout
.
function
((
unsigned
long
)
conntrack
);
conntrack
->
timeout
.
function
((
unsigned
long
)
conntrack
);
}
else
{
}
else
{
...
@@ -203,6 +203,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -203,6 +203,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
&&
tcph
->
ack_seq
==
conntrack
->
proto
.
tcp
.
handshake_ack
)
&&
tcph
->
ack_seq
==
conntrack
->
proto
.
tcp
.
handshake_ack
)
set_bit
(
IPS_ASSURED_BIT
,
&
conntrack
->
status
);
set_bit
(
IPS_ASSURED_BIT
,
&
conntrack
->
status
);
WRITE_UNLOCK
(
&
tcp_lock
);
ip_ct_refresh
(
conntrack
,
tcp_timeouts
[
newconntrack
]);
ip_ct_refresh
(
conntrack
,
tcp_timeouts
[
newconntrack
]);
}
}
...
...
net/ipv4/netfilter/ip_nat_helper.c
View file @
6e27cd69
...
@@ -8,6 +8,9 @@
...
@@ -8,6 +8,9 @@
* - add support for SACK adjustment
* - add support for SACK adjustment
* 14 Mar 2002 Harald Welte <laforge@gnumonks.org>:
* 14 Mar 2002 Harald Welte <laforge@gnumonks.org>:
* - merge SACK support into newnat API
* - merge SACK support into newnat API
* 16 Aug 2002 Brian J. Murrell <netfilter@interlinx.bc.ca>:
* - make ip_nat_resize_packet more generic (TCP and UDP)
* - add ip_nat_mangle_udp_packet
*/
*/
#include <linux/version.h>
#include <linux/version.h>
#include <linux/config.h>
#include <linux/config.h>
...
@@ -22,6 +25,7 @@
...
@@ -22,6 +25,7 @@
#include <net/icmp.h>
#include <net/icmp.h>
#include <net/ip.h>
#include <net/ip.h>
#include <net/tcp.h>
#include <net/tcp.h>
#include <net/udp.h>
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock)
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock)
...
@@ -51,18 +55,12 @@ ip_nat_resize_packet(struct sk_buff **skb,
...
@@ -51,18 +55,12 @@ ip_nat_resize_packet(struct sk_buff **skb,
int
new_size
)
int
new_size
)
{
{
struct
iphdr
*
iph
;
struct
iphdr
*
iph
;
struct
tcphdr
*
tcph
;
void
*
data
;
int
dir
;
int
dir
;
struct
ip_nat_seq
*
this_way
,
*
other_way
;
struct
ip_nat_seq
*
this_way
,
*
other_way
;
DEBUGP
(
"ip_nat_resize_packet: old_size = %u, new_size = %u
\n
"
,
DEBUGP
(
"ip_nat_resize_packet: old_size = %u, new_size = %u
\n
"
,
(
*
skb
)
->
len
,
new_size
);
(
*
skb
)
->
len
,
new_size
);
iph
=
(
*
skb
)
->
nh
.
iph
;
tcph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
data
=
(
void
*
)
tcph
+
tcph
->
doff
*
4
;
dir
=
CTINFO2DIR
(
ctinfo
);
dir
=
CTINFO2DIR
(
ctinfo
);
this_way
=
&
ct
->
nat
.
info
.
seq
[
dir
];
this_way
=
&
ct
->
nat
.
info
.
seq
[
dir
];
...
@@ -84,8 +82,9 @@ ip_nat_resize_packet(struct sk_buff **skb,
...
@@ -84,8 +82,9 @@ ip_nat_resize_packet(struct sk_buff **skb,
}
}
iph
=
(
*
skb
)
->
nh
.
iph
;
iph
=
(
*
skb
)
->
nh
.
iph
;
tcph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
if
(
iph
->
protocol
==
IPPROTO_TCP
)
{
data
=
(
void
*
)
tcph
+
tcph
->
doff
*
4
;
struct
tcphdr
*
tcph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
void
*
data
=
(
void
*
)
tcph
+
tcph
->
doff
*
4
;
DEBUGP
(
"ip_nat_resize_packet: Seq_offset before: "
);
DEBUGP
(
"ip_nat_resize_packet: Seq_offset before: "
);
DUMP_OFFSET
(
this_way
);
DUMP_OFFSET
(
this_way
);
...
@@ -101,20 +100,23 @@ ip_nat_resize_packet(struct sk_buff **skb,
...
@@ -101,20 +100,23 @@ ip_nat_resize_packet(struct sk_buff **skb,
this_way
->
correction_pos
=
ntohl
(
tcph
->
seq
);
this_way
->
correction_pos
=
ntohl
(
tcph
->
seq
);
this_way
->
offset_before
=
this_way
->
offset_after
;
this_way
->
offset_before
=
this_way
->
offset_after
;
this_way
->
offset_after
=
(
int32_t
)
this_way
->
offset_after
=
(
int32_t
)
this_way
->
offset_before
+
new_size
-
(
*
skb
)
->
len
;
this_way
->
offset_before
+
new_size
-
(
*
skb
)
->
len
;
}
}
UNLOCK_BH
(
&
ip_nat_seqofs_lock
);
UNLOCK_BH
(
&
ip_nat_seqofs_lock
);
DEBUGP
(
"ip_nat_resize_packet: Seq_offset after: "
);
DEBUGP
(
"ip_nat_resize_packet: Seq_offset after: "
);
DUMP_OFFSET
(
this_way
);
DUMP_OFFSET
(
this_way
);
}
return
1
;
return
1
;
}
}
/* Generic function for mangling variable-length address changes inside
/* Generic function for mangling variable-length address changes inside
* NATed connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX command in FTP).
* NATed TCP connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX
* command in FTP).
*
*
* Takes care about all the nasty sequence number changes, checksumming,
* Takes care about all the nasty sequence number changes, checksumming,
* skb enlargement, ...
* skb enlargement, ...
...
@@ -174,6 +176,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **skb,
...
@@ -174,6 +176,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **skb,
tcph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
tcph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
data
=
(
void
*
)
tcph
+
tcph
->
doff
*
4
;
data
=
(
void
*
)
tcph
+
tcph
->
doff
*
4
;
if
(
rep_len
!=
match_len
)
/* move post-replacement */
/* move post-replacement */
memmove
(
data
+
match_offset
+
rep_len
,
memmove
(
data
+
match_offset
+
rep_len
,
data
+
match_offset
+
match_len
,
data
+
match_offset
+
match_len
,
...
@@ -208,6 +211,114 @@ ip_nat_mangle_tcp_packet(struct sk_buff **skb,
...
@@ -208,6 +211,114 @@ ip_nat_mangle_tcp_packet(struct sk_buff **skb,
return
1
;
return
1
;
}
}
/* Generic function for mangling variable-length address changes inside
* NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX
* command in the Amanda protocol)
*
* Takes care about all the nasty sequence number changes, checksumming,
* skb enlargement, ...
*
* XXX - This function could be merged with ip_nat_mangle_tcp_packet which
* should be fairly easy to do.
*/
int
ip_nat_mangle_udp_packet
(
struct
sk_buff
**
skb
,
struct
ip_conntrack
*
ct
,
enum
ip_conntrack_info
ctinfo
,
unsigned
int
match_offset
,
unsigned
int
match_len
,
char
*
rep_buffer
,
unsigned
int
rep_len
)
{
struct
iphdr
*
iph
=
(
*
skb
)
->
nh
.
iph
;
struct
udphdr
*
udph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
unsigned
char
*
data
;
u_int32_t
udplen
,
newlen
,
newudplen
;
udplen
=
(
*
skb
)
->
len
-
iph
->
ihl
*
4
;
newudplen
=
udplen
-
match_len
+
rep_len
;
newlen
=
iph
->
ihl
*
4
+
newudplen
;
if
(
newlen
>
65535
)
{
if
(
net_ratelimit
())
printk
(
"ip_nat_mangle_udp_packet: nat'ed packet "
"exceeds maximum packet size
\n
"
);
return
0
;
}
if
((
*
skb
)
->
len
!=
newlen
)
{
if
(
!
ip_nat_resize_packet
(
skb
,
ct
,
ctinfo
,
newlen
))
{
printk
(
"resize_packet failed!!
\n
"
);
return
0
;
}
}
/* Alexey says: if a hook changes _data_ ... it can break
original packet sitting in tcp queue and this is fatal */
if
(
skb_cloned
(
*
skb
))
{
struct
sk_buff
*
nskb
=
skb_copy
(
*
skb
,
GFP_ATOMIC
);
if
(
!
nskb
)
{
if
(
net_ratelimit
())
printk
(
"Out of memory cloning TCP packet
\n
"
);
return
0
;
}
/* Rest of kernel will get very unhappy if we pass it
a suddenly-orphaned skbuff */
if
((
*
skb
)
->
sk
)
skb_set_owner_w
(
nskb
,
(
*
skb
)
->
sk
);
kfree_skb
(
*
skb
);
*
skb
=
nskb
;
}
/* skb may be copied !! */
iph
=
(
*
skb
)
->
nh
.
iph
;
udph
=
(
void
*
)
iph
+
iph
->
ihl
*
4
;
data
=
(
void
*
)
udph
+
sizeof
(
struct
udphdr
);
if
(
rep_len
!=
match_len
)
/* move post-replacement */
memmove
(
data
+
match_offset
+
rep_len
,
data
+
match_offset
+
match_len
,
(
*
skb
)
->
tail
-
(
data
+
match_offset
+
match_len
));
/* insert data from buffer */
memcpy
(
data
+
match_offset
,
rep_buffer
,
rep_len
);
/* update skb info */
if
(
newlen
>
(
*
skb
)
->
len
)
{
DEBUGP
(
"ip_nat_mangle_udp_packet: Extending packet by "
"%u to %u bytes
\n
"
,
newlen
-
(
*
skb
)
->
len
,
newlen
);
skb_put
(
*
skb
,
newlen
-
(
*
skb
)
->
len
);
}
else
{
DEBUGP
(
"ip_nat_mangle_udp_packet: Shrinking packet from "
"%u to %u bytes
\n
"
,
(
*
skb
)
->
len
,
newlen
);
skb_trim
(
*
skb
,
newlen
);
}
/* update the length of the UDP and IP packets to the new values*/
udph
->
len
=
htons
((
*
skb
)
->
len
-
iph
->
ihl
*
4
);
iph
->
tot_len
=
htons
(
newlen
);
/* fix udp checksum if udp checksum was previously calculated */
if
((
*
skb
)
->
csum
!=
0
)
{
(
*
skb
)
->
csum
=
csum_partial
((
char
*
)
udph
+
sizeof
(
struct
udphdr
),
newudplen
-
sizeof
(
struct
udphdr
),
0
);
udph
->
check
=
0
;
udph
->
check
=
csum_tcpudp_magic
(
iph
->
saddr
,
iph
->
daddr
,
newudplen
,
IPPROTO_UDP
,
csum_partial
((
char
*
)
udph
,
sizeof
(
struct
udphdr
),
(
*
skb
)
->
csum
));
}
ip_send_check
(
iph
);
return
1
;
}
/* Adjust one found SACK option including checksum correction */
/* Adjust one found SACK option including checksum correction */
static
void
static
void
sack_adjust
(
struct
tcphdr
*
tcph
,
sack_adjust
(
struct
tcphdr
*
tcph
,
...
...
net/ipv4/netfilter/ip_nat_standalone.c
View file @
6e27cd69
...
@@ -359,5 +359,6 @@ EXPORT_SYMBOL(ip_nat_helper_register);
...
@@ -359,5 +359,6 @@ EXPORT_SYMBOL(ip_nat_helper_register);
EXPORT_SYMBOL
(
ip_nat_helper_unregister
);
EXPORT_SYMBOL
(
ip_nat_helper_unregister
);
EXPORT_SYMBOL
(
ip_nat_cheat_check
);
EXPORT_SYMBOL
(
ip_nat_cheat_check
);
EXPORT_SYMBOL
(
ip_nat_mangle_tcp_packet
);
EXPORT_SYMBOL
(
ip_nat_mangle_tcp_packet
);
EXPORT_SYMBOL
(
ip_nat_mangle_udp_packet
);
EXPORT_SYMBOL
(
ip_nat_used_tuple
);
EXPORT_SYMBOL
(
ip_nat_used_tuple
);
MODULE_LICENSE
(
"GPL"
);
MODULE_LICENSE
(
"GPL"
);
net/ipv4/netfilter/ipt_ECN.c
View file @
6e27cd69
...
@@ -88,8 +88,8 @@ set_ect_tcp(struct sk_buff **pskb, struct iphdr *iph,
...
@@ -88,8 +88,8 @@ set_ect_tcp(struct sk_buff **pskb, struct iphdr *iph,
}
}
if
(
diffs
[
0
]
!=
*
tcpflags
)
{
if
(
diffs
[
0
]
!=
*
tcpflags
)
{
diffs
[
0
]
=
htons
(
diffs
[
0
])
^
0xFFFF
;
diffs
[
0
]
=
diffs
[
0
]
^
0xFFFF
;
diffs
[
1
]
=
htons
(
*
tcpflags
)
;
diffs
[
1
]
=
*
tcpflags
;
tcph
->
check
=
csum_fold
(
csum_partial
((
char
*
)
diffs
,
tcph
->
check
=
csum_fold
(
csum_partial
((
char
*
)
diffs
,
sizeof
(
diffs
),
sizeof
(
diffs
),
tcph
->
check
^
0xFFFF
));
tcph
->
check
^
0xFFFF
));
...
...
net/ipv4/netfilter/ipt_REJECT.c
View file @
6e27cd69
...
@@ -6,6 +6,8 @@
...
@@ -6,6 +6,8 @@
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/ip.h>
#include <linux/udp.h>
#include <linux/icmp.h>
#include <net/icmp.h>
#include <net/icmp.h>
#include <net/ip.h>
#include <net/ip.h>
#include <net/tcp.h>
#include <net/tcp.h>
...
@@ -164,6 +166,7 @@ static void send_reset(struct sk_buff *oldskb, int local)
...
@@ -164,6 +166,7 @@ static void send_reset(struct sk_buff *oldskb, int local)
static
void
send_unreach
(
struct
sk_buff
*
skb_in
,
int
code
)
static
void
send_unreach
(
struct
sk_buff
*
skb_in
,
int
code
)
{
{
struct
iphdr
*
iph
;
struct
iphdr
*
iph
;
struct
udphdr
*
udph
;
struct
icmphdr
*
icmph
;
struct
icmphdr
*
icmph
;
struct
sk_buff
*
nskb
;
struct
sk_buff
*
nskb
;
u32
saddr
;
u32
saddr
;
...
@@ -193,6 +196,19 @@ static void send_unreach(struct sk_buff *skb_in, int code)
...
@@ -193,6 +196,19 @@ static void send_unreach(struct sk_buff *skb_in, int code)
if
(
iph
->
frag_off
&
htons
(
IP_OFFSET
))
if
(
iph
->
frag_off
&
htons
(
IP_OFFSET
))
return
;
return
;
/* if UDP checksum is set, verify it's correct */
if
(
iph
->
protocol
==
IPPROTO_UDP
&&
skb_in
->
tail
-
(
u8
*
)
iph
>=
sizeof
(
struct
udphdr
))
{
int
datalen
=
skb_in
->
len
-
(
iph
->
ihl
<<
2
);
udph
=
(
struct
udphdr
*
)((
char
*
)
iph
+
(
iph
->
ihl
<<
2
));
if
(
udph
->
check
&&
csum_tcpudp_magic
(
iph
->
saddr
,
iph
->
daddr
,
datalen
,
IPPROTO_UDP
,
csum_partial
((
char
*
)
udph
,
datalen
,
0
))
!=
0
)
return
;
}
/* If we send an ICMP error to an ICMP error a mess would result.. */
/* If we send an ICMP error to an ICMP error a mess would result.. */
if
(
iph
->
protocol
==
IPPROTO_ICMP
if
(
iph
->
protocol
==
IPPROTO_ICMP
&&
skb_in
->
tail
-
(
u8
*
)
iph
>=
sizeof
(
struct
icmphdr
))
{
&&
skb_in
->
tail
-
(
u8
*
)
iph
>=
sizeof
(
struct
icmphdr
))
{
...
...
net/ipv4/netfilter/ipt_ULOG.c
View file @
6e27cd69
...
@@ -12,6 +12,7 @@
...
@@ -12,6 +12,7 @@
* module loadtime -HW
* module loadtime -HW
* 2002/07/07 remove broken nflog_rcv() function -HW
* 2002/07/07 remove broken nflog_rcv() function -HW
* 2002/08/29 fix shifted/unshifted nlgroup bug -HW
* 2002/08/29 fix shifted/unshifted nlgroup bug -HW
* 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen>
*
*
* Released under the terms of the GPL
* Released under the terms of the GPL
*
*
...
@@ -31,7 +32,7 @@
...
@@ -31,7 +32,7 @@
* Specify, after how many clock ticks (intel: 100 per second) the queue
* Specify, after how many clock ticks (intel: 100 per second) the queue
* should be flushed even if it is not full yet.
* should be flushed even if it is not full yet.
*
*
* ipt_ULOG.c,v 1.2
1 2002/08/29 10:54:34
laforge Exp
* ipt_ULOG.c,v 1.2
2 2002/10/30 09:07:31
laforge Exp
*/
*/
#include <linux/module.h>
#include <linux/module.h>
...
@@ -224,7 +225,8 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb,
...
@@ -224,7 +225,8 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb,
&&
in
->
hard_header_len
<=
ULOG_MAC_LEN
)
{
&&
in
->
hard_header_len
<=
ULOG_MAC_LEN
)
{
memcpy
(
pm
->
mac
,
(
*
pskb
)
->
mac
.
raw
,
in
->
hard_header_len
);
memcpy
(
pm
->
mac
,
(
*
pskb
)
->
mac
.
raw
,
in
->
hard_header_len
);
pm
->
mac_len
=
in
->
hard_header_len
;
pm
->
mac_len
=
in
->
hard_header_len
;
}
}
else
pm
->
mac_len
=
0
;
if
(
in
)
if
(
in
)
strncpy
(
pm
->
indev_name
,
in
->
name
,
sizeof
(
pm
->
indev_name
));
strncpy
(
pm
->
indev_name
,
in
->
name
,
sizeof
(
pm
->
indev_name
));
...
...
net/ipv4/netfilter/ipt_multiport.c
View file @
6e27cd69
...
@@ -78,7 +78,7 @@ checkentry(const char *tablename,
...
@@ -78,7 +78,7 @@ checkentry(const char *tablename,
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
return
(
ip
->
proto
==
IPPROTO_TCP
||
ip
->
proto
==
IPPROTO_UDP
)
return
(
ip
->
proto
==
IPPROTO_TCP
||
ip
->
proto
==
IPPROTO_UDP
)
&&
!
(
ip
->
flags
&
IPT_INV_PROTO
)
&&
!
(
ip
->
inv
flags
&
IPT_INV_PROTO
)
&&
matchsize
==
IPT_ALIGN
(
sizeof
(
struct
ipt_multiport
))
&&
matchsize
==
IPT_ALIGN
(
sizeof
(
struct
ipt_multiport
))
&&
(
multiinfo
->
flags
==
IPT_MULTIPORT_SOURCE
&&
(
multiinfo
->
flags
==
IPT_MULTIPORT_SOURCE
||
multiinfo
->
flags
==
IPT_MULTIPORT_DESTINATION
||
multiinfo
->
flags
==
IPT_MULTIPORT_DESTINATION
...
...
net/ipv4/xfrm_algo.c
View file @
6e27cd69
...
@@ -310,6 +310,7 @@ struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
...
@@ -310,6 +310,7 @@ struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx)
*/
*/
void
xfrm_probe_algs
(
void
)
void
xfrm_probe_algs
(
void
)
{
{
#ifdef CONFIG_CRYPTO
int
i
,
status
;
int
i
,
status
;
BUG_ON
(
in_softirq
());
BUG_ON
(
in_softirq
());
...
@@ -325,6 +326,7 @@ void xfrm_probe_algs(void)
...
@@ -325,6 +326,7 @@ void xfrm_probe_algs(void)
if
(
ealg_list
[
i
].
available
!=
status
)
if
(
ealg_list
[
i
].
available
!=
status
)
ealg_list
[
i
].
available
=
status
;
ealg_list
[
i
].
available
=
status
;
}
}
#endif
}
}
int
xfrm_count_auth_supported
(
void
)
int
xfrm_count_auth_supported
(
void
)
...
...
net/ipv6/af_inet6.c
View file @
6e27cd69
...
@@ -684,7 +684,7 @@ static int __init init_ipv6_mibs(void)
...
@@ -684,7 +684,7 @@ static int __init init_ipv6_mibs(void)
}
}
static
void
__exit
cleanup_ipv6_mibs
(
void
)
static
void
cleanup_ipv6_mibs
(
void
)
{
{
kfree_percpu
(
ipv6_statistics
[
0
]);
kfree_percpu
(
ipv6_statistics
[
0
]);
kfree_percpu
(
ipv6_statistics
[
1
]);
kfree_percpu
(
ipv6_statistics
[
1
]);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment