Commit 3668805a authored by Linus Torvalds's avatar Linus Torvalds

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits)
  [IPSEC] flow: reorder "struct flow_cache_entry" and remove SLAB_HWCACHE_ALIGN
  [DECNET] ROUTE: remove unecessary alignment
  [IPSEC]: Add support for aes-ctr.
  [ISDN]: fix section mismatch warning in enpci_card_msg
  [TIPC]: declare proto_ops structures as 'const'.
  [TIPC]: Kill unused static inline (x5)
  [TC]: oops in em_meta
  [IPV6] Minor cleanup: remove unused definitions in net/ip6_fib.h
  [IPV6] Minor clenup: remove two unused definitions in net/ip6_route.h
  [AF_IUCV]: defensive programming of iucv_callback_txdone
  [AF_IUCV]: broken send_skb_q results in endless loop
  [IUCV]: wrong irq-disabling locking at module load time
  [CAN]: Minor clean-ups
  [CAN]: Move proto_{,un}register() out of spin-locked region
  [CAN]: Clean up module auto loading
  [IPSEC] flow: Remove an unnecessary ____cacheline_aligned
  [IPV4]: route: fix crash ip_route_input
  [NETFILTER]: xt_iprange: add missing #include
  [NETFILTER]: xt_iprange: fix typo in address family
  [NETFILTER]: nf_conntrack: fix ct_extend ->move operation
  ...
parents 7b791d44 dd5a1843
...@@ -744,8 +744,7 @@ dbusy_timer_handler(struct IsdnCardState *cs) ...@@ -744,8 +744,7 @@ dbusy_timer_handler(struct IsdnCardState *cs)
void __devinit void Amd7930_init(struct IsdnCardState *cs)
Amd7930_init(struct IsdnCardState *cs)
{ {
WORD *ptr; WORD *ptr;
BYTE cmd, cnt; BYTE cmd, cnt;
......
...@@ -298,6 +298,7 @@ struct sadb_x_sec_ctx { ...@@ -298,6 +298,7 @@ struct sadb_x_sec_ctx {
#define SADB_X_EALG_BLOWFISHCBC 7 #define SADB_X_EALG_BLOWFISHCBC 7
#define SADB_EALG_NULL 11 #define SADB_EALG_NULL 11
#define SADB_X_EALG_AESCBC 12 #define SADB_X_EALG_AESCBC 12
#define SADB_X_EALG_AESCTR 13
#define SADB_X_EALG_AES_CCM_ICV8 14 #define SADB_X_EALG_AES_CCM_ICV8 14
#define SADB_X_EALG_AES_CCM_ICV12 15 #define SADB_X_EALG_AES_CCM_ICV12 15
#define SADB_X_EALG_AES_CCM_ICV16 16 #define SADB_X_EALG_AES_CCM_ICV16 16
......
...@@ -150,19 +150,6 @@ struct rt6_statistics { ...@@ -150,19 +150,6 @@ struct rt6_statistics {
* *
*/ */
#define RTPRI_FIREWALL 8 /* Firewall control information */
#define RTPRI_FLOW 16 /* Flow based forwarding rules */
#define RTPRI_KERN_CTL 32 /* Kernel control routes */
#define RTPRI_USER_MIN 256 /* Mimimum user priority */
#define RTPRI_USER_MAX 1024 /* Maximum user priority */
#define RTPRI_KERN_DFLT 4096 /* Kernel default routes */
#define MAX_FLOW_BACKTRACE 32
typedef void (*f_pnode)(struct fib6_node *fn, void *);
struct fib6_table { struct fib6_table {
struct hlist_node tb6_hlist; struct hlist_node tb6_hlist;
......
#ifndef _NET_IP6_ROUTE_H #ifndef _NET_IP6_ROUTE_H
#define _NET_IP6_ROUTE_H #define _NET_IP6_ROUTE_H
#define IP6_RT_PRIO_FW 16
#define IP6_RT_PRIO_USER 1024 #define IP6_RT_PRIO_USER 1024
#define IP6_RT_PRIO_ADDRCONF 256 #define IP6_RT_PRIO_ADDRCONF 256
#define IP6_RT_PRIO_KERN 512 #define IP6_RT_PRIO_KERN 512
#define IP6_RT_FLOW_MASK 0x00ff
struct route_info { struct route_info {
__u8 type; __u8 type;
......
...@@ -67,7 +67,7 @@ struct nf_ct_ext_type ...@@ -67,7 +67,7 @@ struct nf_ct_ext_type
void (*destroy)(struct nf_conn *ct); void (*destroy)(struct nf_conn *ct);
/* Called when realloacted (can be NULL). /* Called when realloacted (can be NULL).
Contents has already been moved. */ Contents has already been moved. */
void (*move)(struct nf_conn *ct, void *old); void (*move)(void *new, void *old);
enum nf_ct_ext_id id; enum nf_ct_ext_id id;
......
...@@ -130,11 +130,6 @@ static inline u32 msg_type(struct tipc_msg *m) ...@@ -130,11 +130,6 @@ static inline u32 msg_type(struct tipc_msg *m)
return msg_bits(m, 1, 29, 0x7); return msg_bits(m, 1, 29, 0x7);
} }
static inline u32 msg_direct(struct tipc_msg *m)
{
return (msg_type(m) == TIPC_DIRECT_MSG);
}
static inline u32 msg_named(struct tipc_msg *m) static inline u32 msg_named(struct tipc_msg *m)
{ {
return (msg_type(m) == TIPC_NAMED_MSG); return (msg_type(m) == TIPC_NAMED_MSG);
...@@ -207,17 +202,6 @@ static inline u32 msg_nameupper(struct tipc_msg *m) ...@@ -207,17 +202,6 @@ static inline u32 msg_nameupper(struct tipc_msg *m)
return msg_word(m, 10); return msg_word(m, 10);
} }
static inline char *msg_options(struct tipc_msg *m, u32 *len)
{
u32 pos = msg_bits(m, 1, 16, 0x7);
if (!pos)
return 0;
pos = (pos * 4) + 28;
*len = msg_hdr_sz(m) - pos;
return (char *)&m->hdr[pos/4];
}
#endif #endif
#endif #endif
...@@ -118,7 +118,6 @@ static int can_create(struct net *net, struct socket *sock, int protocol) ...@@ -118,7 +118,6 @@ static int can_create(struct net *net, struct socket *sock, int protocol)
{ {
struct sock *sk; struct sock *sk;
struct can_proto *cp; struct can_proto *cp;
char module_name[sizeof("can-proto-000")];
int err = 0; int err = 0;
sock->state = SS_UNCONNECTED; sock->state = SS_UNCONNECTED;
...@@ -129,26 +128,21 @@ static int can_create(struct net *net, struct socket *sock, int protocol) ...@@ -129,26 +128,21 @@ static int can_create(struct net *net, struct socket *sock, int protocol)
if (net != &init_net) if (net != &init_net)
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
#ifdef CONFIG_KMOD
/* try to load protocol module, when CONFIG_KMOD is defined */ /* try to load protocol module, when CONFIG_KMOD is defined */
if (!proto_tab[protocol]) { if (!proto_tab[protocol]) {
sprintf(module_name, "can-proto-%d", protocol); err = request_module("can-proto-%d", protocol);
err = request_module(module_name);
/* /*
* In case of error we only print a message but don't * In case of error we only print a message but don't
* return the error code immediately. Below we will * return the error code immediately. Below we will
* return -EPROTONOSUPPORT * return -EPROTONOSUPPORT
*/ */
if (err == -ENOSYS) { if (err && printk_ratelimit())
if (printk_ratelimit()) printk(KERN_ERR "can: request_module "
printk(KERN_INFO "can: request_module(%s)" "(can-proto-%d) failed.\n", protocol);
" not implemented.\n", module_name);
} else if (err) {
if (printk_ratelimit())
printk(KERN_ERR "can: request_module(%s)"
" failed.\n", module_name);
}
} }
#endif
spin_lock(&proto_tab_lock); spin_lock(&proto_tab_lock);
cp = proto_tab[protocol]; cp = proto_tab[protocol];
...@@ -662,27 +656,27 @@ int can_proto_register(struct can_proto *cp) ...@@ -662,27 +656,27 @@ int can_proto_register(struct can_proto *cp)
return -EINVAL; return -EINVAL;
} }
err = proto_register(cp->prot, 0);
if (err < 0)
return err;
spin_lock(&proto_tab_lock); spin_lock(&proto_tab_lock);
if (proto_tab[proto]) { if (proto_tab[proto]) {
printk(KERN_ERR "can: protocol %d already registered\n", printk(KERN_ERR "can: protocol %d already registered\n",
proto); proto);
err = -EBUSY; err = -EBUSY;
goto errout; } else {
}
err = proto_register(cp->prot, 0);
if (err < 0)
goto errout;
proto_tab[proto] = cp; proto_tab[proto] = cp;
/* use generic ioctl function if the module doesn't bring its own */ /* use generic ioctl function if not defined by module */
if (!cp->ops->ioctl) if (!cp->ops->ioctl)
cp->ops->ioctl = can_ioctl; cp->ops->ioctl = can_ioctl;
}
errout:
spin_unlock(&proto_tab_lock); spin_unlock(&proto_tab_lock);
if (err < 0)
proto_unregister(cp->prot);
return err; return err;
} }
EXPORT_SYMBOL(can_proto_register); EXPORT_SYMBOL(can_proto_register);
...@@ -700,9 +694,10 @@ void can_proto_unregister(struct can_proto *cp) ...@@ -700,9 +694,10 @@ void can_proto_unregister(struct can_proto *cp)
printk(KERN_ERR "BUG: can: protocol %d is not registered\n", printk(KERN_ERR "BUG: can: protocol %d is not registered\n",
proto); proto);
} }
proto_unregister(cp->prot);
proto_tab[proto] = NULL; proto_tab[proto] = NULL;
spin_unlock(&proto_tab_lock); spin_unlock(&proto_tab_lock);
proto_unregister(cp->prot);
} }
EXPORT_SYMBOL(can_proto_unregister); EXPORT_SYMBOL(can_proto_unregister);
......
...@@ -98,7 +98,6 @@ static void raw_rcv(struct sk_buff *skb, void *data) ...@@ -98,7 +98,6 @@ static void raw_rcv(struct sk_buff *skb, void *data)
struct sock *sk = (struct sock *)data; struct sock *sk = (struct sock *)data;
struct raw_sock *ro = raw_sk(sk); struct raw_sock *ro = raw_sk(sk);
struct sockaddr_can *addr; struct sockaddr_can *addr;
int error;
if (!ro->recv_own_msgs) { if (!ro->recv_own_msgs) {
/* check the received tx sock reference */ /* check the received tx sock reference */
...@@ -121,14 +120,12 @@ static void raw_rcv(struct sk_buff *skb, void *data) ...@@ -121,14 +120,12 @@ static void raw_rcv(struct sk_buff *skb, void *data)
addr->can_family = AF_CAN; addr->can_family = AF_CAN;
addr->can_ifindex = skb->dev->ifindex; addr->can_ifindex = skb->dev->ifindex;
error = sock_queue_rcv_skb(sk, skb); if (sock_queue_rcv_skb(sk, skb) < 0)
if (error < 0)
kfree_skb(skb); kfree_skb(skb);
} }
static int raw_enable_filters(struct net_device *dev, struct sock *sk, static int raw_enable_filters(struct net_device *dev, struct sock *sk,
struct can_filter *filter, struct can_filter *filter, int count)
int count)
{ {
int err = 0; int err = 0;
int i; int i;
...@@ -163,8 +160,7 @@ static int raw_enable_errfilter(struct net_device *dev, struct sock *sk, ...@@ -163,8 +160,7 @@ static int raw_enable_errfilter(struct net_device *dev, struct sock *sk,
} }
static void raw_disable_filters(struct net_device *dev, struct sock *sk, static void raw_disable_filters(struct net_device *dev, struct sock *sk,
struct can_filter *filter, struct can_filter *filter, int count)
int count)
{ {
int i; int i;
...@@ -353,7 +349,6 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) ...@@ -353,7 +349,6 @@ static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len)
/* filters set by default/setsockopt */ /* filters set by default/setsockopt */
err = raw_enable_allfilters(dev, sk); err = raw_enable_allfilters(dev, sk);
dev_put(dev); dev_put(dev);
} else { } else {
ifindex = 0; ifindex = 0;
...@@ -466,7 +461,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, ...@@ -466,7 +461,6 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
if (err) { if (err) {
if (count > 1) if (count > 1)
kfree(filter); kfree(filter);
goto out_fil; goto out_fil;
} }
...@@ -673,25 +667,25 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock, ...@@ -673,25 +667,25 @@ static int raw_recvmsg(struct kiocb *iocb, struct socket *sock,
{ {
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
struct sk_buff *skb; struct sk_buff *skb;
int error = 0; int err = 0;
int noblock; int noblock;
noblock = flags & MSG_DONTWAIT; noblock = flags & MSG_DONTWAIT;
flags &= ~MSG_DONTWAIT; flags &= ~MSG_DONTWAIT;
skb = skb_recv_datagram(sk, flags, noblock, &error); skb = skb_recv_datagram(sk, flags, noblock, &err);
if (!skb) if (!skb)
return error; return err;
if (size < skb->len) if (size < skb->len)
msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_TRUNC;
else else
size = skb->len; size = skb->len;
error = memcpy_toiovec(msg->msg_iov, skb->data, size); err = memcpy_toiovec(msg->msg_iov, skb->data, size);
if (error < 0) { if (err < 0) {
skb_free_datagram(sk, skb); skb_free_datagram(sk, skb);
return error; return err;
} }
sock_recv_timestamp(msg, sk, skb); sock_recv_timestamp(msg, sk, skb);
......
...@@ -30,8 +30,8 @@ struct flow_cache_entry { ...@@ -30,8 +30,8 @@ struct flow_cache_entry {
struct flow_cache_entry *next; struct flow_cache_entry *next;
u16 family; u16 family;
u8 dir; u8 dir;
struct flowi key;
u32 genid; u32 genid;
struct flowi key;
void *object; void *object;
atomic_t *object_ref; atomic_t *object_ref;
}; };
...@@ -52,7 +52,7 @@ struct flow_percpu_info { ...@@ -52,7 +52,7 @@ struct flow_percpu_info {
int hash_rnd_recalc; int hash_rnd_recalc;
u32 hash_rnd; u32 hash_rnd;
int count; int count;
} ____cacheline_aligned; };
static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 }; static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
#define flow_hash_rnd_recalc(cpu) \ #define flow_hash_rnd_recalc(cpu) \
...@@ -346,7 +346,7 @@ static int __init flow_cache_init(void) ...@@ -346,7 +346,7 @@ static int __init flow_cache_init(void)
flow_cachep = kmem_cache_create("flow_cache", flow_cachep = kmem_cache_create("flow_cache",
sizeof(struct flow_cache_entry), sizeof(struct flow_cache_entry),
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, SLAB_PANIC,
NULL); NULL);
flow_hash_shift = 10; flow_hash_shift = 10;
flow_lwm = 2 * flow_hash_size; flow_lwm = 2 * flow_hash_size;
......
...@@ -94,7 +94,7 @@ struct dn_rt_hash_bucket ...@@ -94,7 +94,7 @@ struct dn_rt_hash_bucket
{ {
struct dn_route *chain; struct dn_route *chain;
spinlock_t lock; spinlock_t lock;
} __attribute__((__aligned__(8))); };
extern struct neigh_table dn_neigh_table; extern struct neigh_table dn_neigh_table;
......
...@@ -600,10 +600,10 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct) ...@@ -600,10 +600,10 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
spin_unlock_bh(&nf_nat_lock); spin_unlock_bh(&nf_nat_lock);
} }
static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) static void nf_nat_move_storage(void *new, void *old)
{ {
struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); struct nf_conn_nat *new_nat = new;
struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old; struct nf_conn_nat *old_nat = old;
struct nf_conn *ct = old_nat->ct; struct nf_conn *ct = old_nat->ct;
if (!ct || !(ct->status & IPS_NAT_DONE_MASK)) if (!ct || !(ct->status & IPS_NAT_DONE_MASK))
......
...@@ -2041,7 +2041,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr, ...@@ -2041,7 +2041,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
int iif = dev->ifindex; int iif = dev->ifindex;
struct net *net; struct net *net;
net = skb->dev->nd_net; net = dev->nd_net;
tos &= IPTOS_RT_MASK; tos &= IPTOS_RT_MASK;
hash = rt_hash(daddr, saddr, iif); hash = rt_hash(daddr, saddr, iif);
......
...@@ -482,6 +482,10 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr, ...@@ -482,6 +482,10 @@ static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,
/* Create path. */ /* Create path. */
iucv->path = iucv_path_alloc(IUCV_QUEUELEN_DEFAULT, iucv->path = iucv_path_alloc(IUCV_QUEUELEN_DEFAULT,
IPRMDATA, GFP_KERNEL); IPRMDATA, GFP_KERNEL);
if (!iucv->path) {
err = -ENOMEM;
goto done;
}
err = iucv_path_connect(iucv->path, &af_iucv_handler, err = iucv_path_connect(iucv->path, &af_iucv_handler,
sa->siucv_user_id, NULL, user_data, sk); sa->siucv_user_id, NULL, user_data, sk);
if (err) { if (err) {
...@@ -1094,6 +1098,8 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg) ...@@ -1094,6 +1098,8 @@ static void iucv_callback_rx(struct iucv_path *path, struct iucv_message *msg)
save_message: save_message:
save_msg = kzalloc(sizeof(struct sock_msg_q), GFP_ATOMIC | GFP_DMA); save_msg = kzalloc(sizeof(struct sock_msg_q), GFP_ATOMIC | GFP_DMA);
if (!save_msg)
return;
save_msg->path = path; save_msg->path = path;
save_msg->msg = *msg; save_msg->msg = *msg;
...@@ -1106,24 +1112,31 @@ static void iucv_callback_txdone(struct iucv_path *path, ...@@ -1106,24 +1112,31 @@ static void iucv_callback_txdone(struct iucv_path *path,
struct iucv_message *msg) struct iucv_message *msg)
{ {
struct sock *sk = path->private; struct sock *sk = path->private;
struct sk_buff *this; struct sk_buff *this = NULL;
struct sk_buff_head *list = &iucv_sk(sk)->send_skb_q; struct sk_buff_head *list = &iucv_sk(sk)->send_skb_q;
struct sk_buff *list_skb = list->next; struct sk_buff *list_skb = list->next;
unsigned long flags; unsigned long flags;
if (list_skb) { if (!skb_queue_empty(list)) {
spin_lock_irqsave(&list->lock, flags); spin_lock_irqsave(&list->lock, flags);
do { while (list_skb != (struct sk_buff *)list) {
if (!memcmp(&msg->tag, list_skb->cb, 4)) {
this = list_skb; this = list_skb;
break;
}
list_skb = list_skb->next; list_skb = list_skb->next;
} while (memcmp(&msg->tag, this->cb, 4) && list_skb); }
if (this)
__skb_unlink(this, list);
spin_unlock_irqrestore(&list->lock, flags); spin_unlock_irqrestore(&list->lock, flags);
skb_unlink(this, &iucv_sk(sk)->send_skb_q); if (this)
kfree_skb(this); kfree_skb(this);
} }
if (!this)
printk(KERN_ERR "AF_IUCV msg tag %u not found\n", msg->tag);
if (sk->sk_state == IUCV_CLOSING) { if (sk->sk_state == IUCV_CLOSING) {
if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) { if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) {
......
...@@ -693,9 +693,9 @@ int iucv_register(struct iucv_handler *handler, int smp) ...@@ -693,9 +693,9 @@ int iucv_register(struct iucv_handler *handler, int smp)
iucv_setmask_up(); iucv_setmask_up();
INIT_LIST_HEAD(&handler->paths); INIT_LIST_HEAD(&handler->paths);
spin_lock_irq(&iucv_table_lock); spin_lock_bh(&iucv_table_lock);
list_add_tail(&handler->list, &iucv_handler_list); list_add_tail(&handler->list, &iucv_handler_list);
spin_unlock_irq(&iucv_table_lock); spin_unlock_bh(&iucv_table_lock);
rc = 0; rc = 0;
out_mutex: out_mutex:
mutex_unlock(&iucv_register_mutex); mutex_unlock(&iucv_register_mutex);
......
...@@ -109,7 +109,8 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) ...@@ -109,7 +109,8 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
rcu_read_lock(); rcu_read_lock();
t = rcu_dereference(nf_ct_ext_types[i]); t = rcu_dereference(nf_ct_ext_types[i]);
if (t && t->move) if (t && t->move)
t->move(ct, ct->ext + ct->ext->offset[i]); t->move((void *)new + new->offset[i],
(void *)ct->ext + ct->ext->offset[i]);
rcu_read_unlock(); rcu_read_unlock();
} }
kfree(ct->ext); kfree(ct->ext);
......
...@@ -125,7 +125,7 @@ enum tcp_bit_set { ...@@ -125,7 +125,7 @@ enum tcp_bit_set {
* CLOSE_WAIT: ACK seen (after FIN) * CLOSE_WAIT: ACK seen (after FIN)
* LAST_ACK: FIN seen (after FIN) * LAST_ACK: FIN seen (after FIN)
* TIME_WAIT: last ACK seen * TIME_WAIT: last ACK seen
* CLOSE: closed connection * CLOSE: closed connection (RST)
* *
* LISTEN state is not used. * LISTEN state is not used.
* *
...@@ -824,7 +824,21 @@ static int tcp_packet(struct nf_conn *ct, ...@@ -824,7 +824,21 @@ static int tcp_packet(struct nf_conn *ct,
case TCP_CONNTRACK_SYN_SENT: case TCP_CONNTRACK_SYN_SENT:
if (old_state < TCP_CONNTRACK_TIME_WAIT) if (old_state < TCP_CONNTRACK_TIME_WAIT)
break; break;
if ((ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_CLOSE_INIT) /* RFC 1122: "When a connection is closed actively,
* it MUST linger in TIME-WAIT state for a time 2xMSL
* (Maximum Segment Lifetime). However, it MAY accept
* a new SYN from the remote TCP to reopen the connection
* directly from TIME-WAIT state, if..."
* We ignore the conditions because we are in the
* TIME-WAIT state anyway.
*
* Handle aborted connections: we and the server
* think there is an existing connection but the client
* aborts it and starts a new one.
*/
if (((ct->proto.tcp.seen[dir].flags
| ct->proto.tcp.seen[!dir].flags)
& IP_CT_TCP_FLAG_CLOSE_INIT)
|| (ct->proto.tcp.last_dir == dir || (ct->proto.tcp.last_dir == dir
&& ct->proto.tcp.last_index == TCP_RST_SET)) { && ct->proto.tcp.last_index == TCP_RST_SET)) {
/* Attempt to reopen a closed/aborted connection. /* Attempt to reopen a closed/aborted connection.
...@@ -837,16 +851,23 @@ static int tcp_packet(struct nf_conn *ct, ...@@ -837,16 +851,23 @@ static int tcp_packet(struct nf_conn *ct,
/* Fall through */ /* Fall through */
case TCP_CONNTRACK_IGNORE: case TCP_CONNTRACK_IGNORE:
/* Ignored packets: /* Ignored packets:
*
* Our connection entry may be out of sync, so ignore
* packets which may signal the real connection between
* the client and the server.
* *
* a) SYN in ORIGINAL * a) SYN in ORIGINAL
* b) SYN/ACK in REPLY * b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original. * c) ACK in reply direction after initial SYN in original.
*
* If the ignored packet is invalid, the receiver will send
* a RST we'll catch below.
*/ */
if (index == TCP_SYNACK_SET if (index == TCP_SYNACK_SET
&& ct->proto.tcp.last_index == TCP_SYN_SET && ct->proto.tcp.last_index == TCP_SYN_SET
&& ct->proto.tcp.last_dir != dir && ct->proto.tcp.last_dir != dir
&& ntohl(th->ack_seq) == ct->proto.tcp.last_end) { && ntohl(th->ack_seq) == ct->proto.tcp.last_end) {
/* This SYN/ACK acknowledges a SYN that we earlier /* b) This SYN/ACK acknowledges a SYN that we earlier
* ignored as invalid. This means that the client and * ignored as invalid. This means that the client and
* the server are both in sync, while the firewall is * the server are both in sync, while the firewall is
* not. We kill this session and block the SYN/ACK so * not. We kill this session and block the SYN/ACK so
...@@ -870,7 +891,7 @@ static int tcp_packet(struct nf_conn *ct, ...@@ -870,7 +891,7 @@ static int tcp_packet(struct nf_conn *ct,
write_unlock_bh(&tcp_lock); write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP)) if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(pf, 0, skb, NULL, NULL, NULL, nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
"nf_ct_tcp: invalid packed ignored "); "nf_ct_tcp: invalid packet ignored ");
return NF_ACCEPT; return NF_ACCEPT;
case TCP_CONNTRACK_MAX: case TCP_CONNTRACK_MAX:
/* Invalid packet */ /* Invalid packet */
...@@ -924,8 +945,7 @@ static int tcp_packet(struct nf_conn *ct, ...@@ -924,8 +945,7 @@ static int tcp_packet(struct nf_conn *ct,
ct->proto.tcp.state = new_state; ct->proto.tcp.state = new_state;
if (old_state != new_state if (old_state != new_state
&& (new_state == TCP_CONNTRACK_FIN_WAIT && new_state == TCP_CONNTRACK_CLOSE)
|| new_state == TCP_CONNTRACK_CLOSE))
ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans
&& tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
......
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/ipv6.h> #include <linux/ipv6.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_iprange.h>
#include <linux/netfilter_ipv4/ipt_iprange.h> #include <linux/netfilter_ipv4/ipt_iprange.h>
static bool static bool
...@@ -148,7 +149,7 @@ static struct xt_match iprange_mt_reg[] __read_mostly = { ...@@ -148,7 +149,7 @@ static struct xt_match iprange_mt_reg[] __read_mostly = {
{ {
.name = "iprange", .name = "iprange",
.revision = 1, .revision = 1,
.family = AF_INET6, .family = AF_INET,
.match = iprange_mt4, .match = iprange_mt4,
.matchsize = sizeof(struct xt_iprange_mtinfo), .matchsize = sizeof(struct xt_iprange_mtinfo),
.me = THIS_MODULE, .me = THIS_MODULE,
......
...@@ -735,12 +735,14 @@ static int em_meta_match(struct sk_buff *skb, struct tcf_ematch *m, ...@@ -735,12 +735,14 @@ static int em_meta_match(struct sk_buff *skb, struct tcf_ematch *m,
static inline void meta_delete(struct meta_match *meta) static inline void meta_delete(struct meta_match *meta)
{ {
if (meta) {
struct meta_type_ops *ops = meta_type_ops(&meta->lvalue); struct meta_type_ops *ops = meta_type_ops(&meta->lvalue);
if (ops && ops->destroy) { if (ops && ops->destroy) {
ops->destroy(&meta->lvalue); ops->destroy(&meta->lvalue);
ops->destroy(&meta->rvalue); ops->destroy(&meta->rvalue);
} }
}
kfree(meta); kfree(meta);
} }
......
...@@ -57,11 +57,6 @@ static inline int in_own_cluster(u32 addr) ...@@ -57,11 +57,6 @@ static inline int in_own_cluster(u32 addr)
return !((addr ^ tipc_own_addr) >> 12); return !((addr ^ tipc_own_addr) >> 12);
} }
static inline int in_own_zone(u32 addr)
{
return !((addr ^ tipc_own_addr) >> 24);
}
static inline int is_slave(u32 addr) static inline int is_slave(u32 addr)
{ {
return addr & 0x800; return addr & 0x800;
......
...@@ -73,19 +73,6 @@ struct node; ...@@ -73,19 +73,6 @@ struct node;
extern char tipc_bclink_name[]; extern char tipc_bclink_name[];
/**
* nmap_get - determine if node exists in a node map
*/
static inline int tipc_nmap_get(struct node_map *nm_ptr, u32 node)
{
int n = tipc_node(node);
int w = n / WSIZE;
int b = n % WSIZE;
return nm_ptr->map[w] & (1 << b);
}
/** /**
* nmap_add - add a node to a node map * nmap_add - add a node to a node map
*/ */
......
...@@ -663,11 +663,6 @@ static inline void msg_set_remote_node(struct tipc_msg *m, u32 a) ...@@ -663,11 +663,6 @@ static inline void msg_set_remote_node(struct tipc_msg *m, u32 a)
msg_set_word(m, msg_hdr_sz(m)/4, a); msg_set_word(m, msg_hdr_sz(m)/4, a);
} }
static inline int msg_dataoctet(struct tipc_msg *m, u32 pos)
{
return(msg_data(m)[pos + 4] != 0);
}
static inline void msg_set_dataoctet(struct tipc_msg *m, u32 pos) static inline void msg_set_dataoctet(struct tipc_msg *m, u32 pos)
{ {
msg_data(m)[pos + 4] = 1; msg_data(m)[pos + 4] = 1;
......
...@@ -71,9 +71,9 @@ struct tipc_sock { ...@@ -71,9 +71,9 @@ struct tipc_sock {
static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf); static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf);
static void wakeupdispatch(struct tipc_port *tport); static void wakeupdispatch(struct tipc_port *tport);
static struct proto_ops packet_ops; static const struct proto_ops packet_ops;
static struct proto_ops stream_ops; static const struct proto_ops stream_ops;
static struct proto_ops msg_ops; static const struct proto_ops msg_ops;
static struct proto tipc_proto; static struct proto tipc_proto;
...@@ -1615,7 +1615,7 @@ static int getsockopt(struct socket *sock, ...@@ -1615,7 +1615,7 @@ static int getsockopt(struct socket *sock,
* Protocol switches for the various types of TIPC sockets * Protocol switches for the various types of TIPC sockets
*/ */
static struct proto_ops msg_ops = { static const struct proto_ops msg_ops = {
.owner = THIS_MODULE, .owner = THIS_MODULE,
.family = AF_TIPC, .family = AF_TIPC,
.release = release, .release = release,
...@@ -1636,7 +1636,7 @@ static struct proto_ops msg_ops = { ...@@ -1636,7 +1636,7 @@ static struct proto_ops msg_ops = {
.sendpage = sock_no_sendpage .sendpage = sock_no_sendpage
}; };
static struct proto_ops packet_ops = { static const struct proto_ops packet_ops = {
.owner = THIS_MODULE, .owner = THIS_MODULE,
.family = AF_TIPC, .family = AF_TIPC,
.release = release, .release = release,
...@@ -1657,7 +1657,7 @@ static struct proto_ops packet_ops = { ...@@ -1657,7 +1657,7 @@ static struct proto_ops packet_ops = {
.sendpage = sock_no_sendpage .sendpage = sock_no_sendpage
}; };
static struct proto_ops stream_ops = { static const struct proto_ops stream_ops = {
.owner = THIS_MODULE, .owner = THIS_MODULE,
.family = AF_TIPC, .family = AF_TIPC,
.release = release, .release = release,
...@@ -1678,7 +1678,7 @@ static struct proto_ops stream_ops = { ...@@ -1678,7 +1678,7 @@ static struct proto_ops stream_ops = {
.sendpage = sock_no_sendpage .sendpage = sock_no_sendpage
}; };
static struct net_proto_family tipc_family_ops = { static const struct net_proto_family tipc_family_ops = {
.owner = THIS_MODULE, .owner = THIS_MODULE,
.family = AF_TIPC, .family = AF_TIPC,
.create = tipc_create .create = tipc_create
......
...@@ -399,6 +399,23 @@ static struct xfrm_algo_desc ealg_list[] = { ...@@ -399,6 +399,23 @@ static struct xfrm_algo_desc ealg_list[] = {
.sadb_alg_maxbits = 256 .sadb_alg_maxbits = 256
} }
}, },
{
.name = "rfc3686(ctr(aes))",
.uinfo = {
.encr = {
.blockbits = 128,
.defkeybits = 160, /* 128-bit key + 32-bit nonce */
}
},
.desc = {
.sadb_alg_id = SADB_X_EALG_AESCTR,
.sadb_alg_ivlen = 8,
.sadb_alg_minbits = 128,
.sadb_alg_maxbits = 256
}
},
}; };
static struct xfrm_algo_desc calg_list[] = { static struct xfrm_algo_desc calg_list[] = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment