GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-05 22:12:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[NET] IPV4: Fix whitespace errors.

Browse source 
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
YOSHIFUJI Hideaki 2007-02-09 23:24:47 +09:00 committed by David S. Miller
parent 642656518b
commit e905a9edab
120 changed files with 1775 additions and 1775 deletions
Download patch file Download diff file Expand all files Collapse all files

58
net/ipv4/af_inet.c
View file

@ -550,7 +550,7 @@ int inet_stream_connect(struct socket *sock, struct sockaddr *uaddr,
if (err < 0) if (err < 0)
goto out; goto out;
sock->state = SS_CONNECTING; sock->state = SS_CONNECTING;
/* Just entered SS_CONNECTING state; the only /* Just entered SS_CONNECTING state; the only
* difference is that return value in non-blocking * difference is that return value in non-blocking
@ -878,36 +878,36 @@ static struct net_proto_family inet_family_ops = {
*/ */
static struct inet_protosw inetsw_array[] = static struct inet_protosw inetsw_array[] =
{ {
{ {
.type = SOCK_STREAM, .type = SOCK_STREAM,
.protocol = IPPROTO_TCP, .protocol = IPPROTO_TCP,
.prot = &tcp_prot, .prot = &tcp_prot,
.ops = &inet_stream_ops, .ops = &inet_stream_ops,
.capability = -1, .capability = -1,
.no_check = 0, .no_check = 0,
.flags = INET_PROTOSW_PERMANENT | .flags = INET_PROTOSW_PERMANENT |
INET_PROTOSW_ICSK, INET_PROTOSW_ICSK,
}, },
{ {
.type = SOCK_DGRAM, .type = SOCK_DGRAM,
.protocol = IPPROTO_UDP, .protocol = IPPROTO_UDP,
.prot = &udp_prot, .prot = &udp_prot,
.ops = &inet_dgram_ops, .ops = &inet_dgram_ops,
.capability = -1, .capability = -1,
.no_check = UDP_CSUM_DEFAULT, .no_check = UDP_CSUM_DEFAULT,
.flags = INET_PROTOSW_PERMANENT, .flags = INET_PROTOSW_PERMANENT,
}, },
{ {
.type = SOCK_RAW, .type = SOCK_RAW,
.protocol = IPPROTO_IP, /* wild card */ .protocol = IPPROTO_IP, /* wild card */
.prot = &raw_prot, .prot = &raw_prot,
.ops = &inet_sockraw_ops, .ops = &inet_sockraw_ops,
.capability = CAP_NET_RAW, .capability = CAP_NET_RAW,
.no_check = UDP_CSUM_DEFAULT, .no_check = UDP_CSUM_DEFAULT,
.flags = INET_PROTOSW_REUSE, .flags = INET_PROTOSW_REUSE,
} }
}; };
@ -1276,7 +1276,7 @@ static int __init inet_init(void)
* Tell SOCKET that we are alive... * Tell SOCKET that we are alive...
*/ */
(void)sock_register(&inet_family_ops); (void)sock_register(&inet_family_ops);
/* /*
* Add all the base protocols. * Add all the base protocols.
@ -1306,9 +1306,9 @@ static int __init inet_init(void)
arp_init(); arp_init();
/* /*
* Set the IP module up * Set the IP module up
*/ */
ip_init(); ip_init();

2
net/ipv4/ah4.c
View file

@ -166,7 +166,7 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
if (ip_clear_mutable_options(iph, &dummy)) if (ip_clear_mutable_options(iph, &dummy))
goto out; goto out;
} }
{ {
u8 auth_data[MAX_AH_AUTH_LEN]; u8 auth_data[MAX_AH_AUTH_LEN];
memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len); memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);

4
net/ipv4/arp.c
View file

@ -490,7 +490,7 @@ int arp_find(unsigned char *haddr, struct sk_buff *skb)
n->used = jiffies; n->used = jiffies;
if (n->nud_state&NUD_VALID || neigh_event_send(n, skb) == 0) { if (n->nud_state&NUD_VALID || neigh_event_send(n, skb) == 0) {
read_lock_bh(&n->lock); read_lock_bh(&n->lock);
memcpy(haddr, n->ha, dev->addr_len); memcpy(haddr, n->ha, dev->addr_len);
read_unlock_bh(&n->lock); read_unlock_bh(&n->lock);
neigh_release(n); neigh_release(n);
return 0; return 0;
@ -1181,7 +1181,7 @@ int arp_ioctl(unsigned int cmd, void __user *arg)
switch(cmd) { switch(cmd) {
case SIOCDARP: case SIOCDARP:
err = arp_req_delete(&r, dev); err = arp_req_delete(&r, dev);
break; break;
case SIOCSARP: case SIOCSARP:
err = arp_req_set(&r, dev); err = arp_req_set(&r, dev);

8
net/ipv4/datagram.c
View file

@ -31,10 +31,10 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
if (addr_len < sizeof(*usin)) if (addr_len < sizeof(*usin))
return -EINVAL; return -EINVAL;
if (usin->sin_family != AF_INET) if (usin->sin_family != AF_INET)
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
sk_dst_reset(sk); sk_dst_reset(sk);
@ -56,8 +56,8 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
ip_rt_put(rt); ip_rt_put(rt);
return -EACCES; return -EACCES;
} }
if (!inet->saddr) if (!inet->saddr)
inet->saddr = rt->rt_src; /* Update source address */ inet->saddr = rt->rt_src; /* Update source address */
if (!inet->rcv_saddr) if (!inet->rcv_saddr)
inet->rcv_saddr = rt->rt_src; inet->rcv_saddr = rt->rt_src;
inet->daddr = rt->rt_dst; inet->daddr = rt->rt_dst;

8
net/ipv4/devinet.c
View file

@ -583,8 +583,8 @@ static __inline__ int inet_abc_len(__be32 addr)
{ {
int rc = -1; /* Something else, probably a multicast. */ int rc = -1; /* Something else, probably a multicast. */
if (ZERONET(addr)) if (ZERONET(addr))
rc = 0; rc = 0;
else { else {
__u32 haddr = ntohl(addr); __u32 haddr = ntohl(addr);
@ -596,7 +596,7 @@ static __inline__ int inet_abc_len(__be32 addr)
rc = 24; rc = 24;
} }
return rc; return rc;
} }
@ -1539,7 +1539,7 @@ static struct devinet_sysctl_table {
}, },
}, },
.devinet_conf_dir = { .devinet_conf_dir = {
{ {
.ctl_name = NET_IPV4_CONF, .ctl_name = NET_IPV4_CONF,
.procname = "conf", .procname = "conf",
.mode = 0555, .mode = 0555,

2
net/ipv4/esp4.c
View file

@ -284,7 +284,7 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
mtu = ALIGN(mtu + 2, 4) + blksize - 4; mtu = ALIGN(mtu + 2, 4) + blksize - 4;
break; break;
case XFRM_MODE_BEET: case XFRM_MODE_BEET:
/* The worst case. */ /* The worst case. */
enclen = IPV4_BEET_PHMAXLEN; enclen = IPV4_BEET_PHMAXLEN;
mtu = ALIGN(mtu + enclen + 2, blksize); mtu = ALIGN(mtu + enclen + 2, blksize);
break; break;

6
net/ipv4/fib_frontend.c
View file

@ -378,7 +378,7 @@ static int rtentry_to_fib_config(int cmd, struct rtentry *rt,
int len = 0; int len = 0;
mx = kzalloc(3 * nla_total_size(4), GFP_KERNEL); mx = kzalloc(3 * nla_total_size(4), GFP_KERNEL);
if (mx == NULL) if (mx == NULL)
return -ENOMEM; return -ENOMEM;
if (rt->rt_flags & RTF_MTU) if (rt->rt_flags & RTF_MTU)
@ -600,7 +600,7 @@ int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
goto next; goto next;
if (dumped) if (dumped)
memset(&cb->args[2], 0, sizeof(cb->args) - memset(&cb->args[2], 0, sizeof(cb->args) -
2 * sizeof(cb->args[0])); 2 * sizeof(cb->args[0]));
if (tb->tb_dump(tb, skb, cb) < 0) if (tb->tb_dump(tb, skb, cb) < 0)
goto out; goto out;
dumped = 1; dumped = 1;
@ -791,7 +791,7 @@ static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
static void nl_fib_input(struct sock *sk, int len) static void nl_fib_input(struct sock *sk, int len)
{ {
struct sk_buff *skb = NULL; struct sk_buff *skb = NULL;
struct nlmsghdr *nlh = NULL; struct nlmsghdr *nlh = NULL;
struct fib_result_nl *frn; struct fib_result_nl *frn;
u32 pid; u32 pid;
struct fib_table *tb; struct fib_table *tb;

8
net/ipv4/fib_semantics.c
View file

@ -90,7 +90,7 @@ static const struct
int error; int error;
u8 scope; u8 scope;
} fib_props[RTA_MAX + 1] = { } fib_props[RTA_MAX + 1] = {
{ {
.error = 0, .error = 0,
.scope = RT_SCOPE_NOWHERE, .scope = RT_SCOPE_NOWHERE,
}, /* RTN_UNSPEC */ }, /* RTN_UNSPEC */
@ -508,9 +508,9 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi)
Normally it looks as following. Normally it looks as following.
{universe prefix} -> (gw, oif) [scope link] {universe prefix} -> (gw, oif) [scope link]
| |
|-> {link prefix} -> (gw, oif) [scope local] |-> {link prefix} -> (gw, oif) [scope local]
| |
|-> {local prefix} (terminal node) |-> {local prefix} (terminal node)
*/ */
@ -864,7 +864,7 @@ err_inval:
err = -EINVAL; err = -EINVAL;
failure: failure:
if (fi) { if (fi) {
fi->fib_dead = 1; fi->fib_dead = 1;
free_fib_info(fi); free_fib_info(fi);
} }

40
net/ipv4/fib_trie.c
View file

@ -355,7 +355,7 @@ static inline void tnode_free(struct tnode *tn)
struct leaf *l = (struct leaf *) tn; struct leaf *l = (struct leaf *) tn;
call_rcu_bh(&l->rcu, __leaf_free_rcu); call_rcu_bh(&l->rcu, __leaf_free_rcu);
} }
else else
call_rcu(&tn->rcu, __tnode_free_rcu); call_rcu(&tn->rcu, __tnode_free_rcu);
} }
@ -461,7 +461,7 @@ static struct node *resize(struct trie *t, struct tnode *tn)
int inflate_threshold_use; int inflate_threshold_use;
int halve_threshold_use; int halve_threshold_use;
if (!tn) if (!tn)
return NULL; return NULL;
pr_debug("In tnode_resize %p inflate_threshold=%d threshold=%d\n", pr_debug("In tnode_resize %p inflate_threshold=%d threshold=%d\n",
@ -665,10 +665,10 @@ static struct tnode *inflate(struct trie *t, struct tnode *tn)
right = tnode_new(inode->key|m, inode->pos + 1, right = tnode_new(inode->key|m, inode->pos + 1,
inode->bits - 1); inode->bits - 1);
if (!right) { if (!right) {
tnode_free(left); tnode_free(left);
goto nomem; goto nomem;
} }
put_child(t, tn, 2*i, (struct node *) left); put_child(t, tn, 2*i, (struct node *) left);
put_child(t, tn, 2*i+1, (struct node *) right); put_child(t, tn, 2*i+1, (struct node *) right);
@ -890,23 +890,23 @@ static inline struct list_head * get_fa_head(struct leaf *l, int plen)
static void insert_leaf_info(struct hlist_head *head, struct leaf_info *new) static void insert_leaf_info(struct hlist_head *head, struct leaf_info *new)
{ {
struct leaf_info *li = NULL, *last = NULL; struct leaf_info *li = NULL, *last = NULL;
struct hlist_node *node; struct hlist_node *node;
if (hlist_empty(head)) { if (hlist_empty(head)) {
hlist_add_head_rcu(&new->hlist, head); hlist_add_head_rcu(&new->hlist, head);
} else { } else {
hlist_for_each_entry(li, node, head, hlist) { hlist_for_each_entry(li, node, head, hlist) {
if (new->plen > li->plen) if (new->plen > li->plen)
break; break;
last = li; last = li;
} }
if (last) if (last)
hlist_add_after_rcu(&last->hlist, &new->hlist); hlist_add_after_rcu(&last->hlist, &new->hlist);
else else
hlist_add_before_rcu(&new->hlist, &li->hlist); hlist_add_before_rcu(&new->hlist, &li->hlist);
} }
} }
/* rcu_read_lock needs to be hold by caller from readside */ /* rcu_read_lock needs to be hold by caller from readside */
@ -1700,7 +1700,7 @@ static struct leaf *nextleaf(struct trie *t, struct leaf *thisleaf)
/* Decend if tnode */ /* Decend if tnode */
while (IS_TNODE(c)) { while (IS_TNODE(c)) {
p = (struct tnode *) c; p = (struct tnode *) c;
idx = 0; idx = 0;
/* Rightmost non-NULL branch */ /* Rightmost non-NULL branch */
if (p && IS_TNODE(p)) if (p && IS_TNODE(p))

16
net/ipv4/icmp.c
View file

@ -304,7 +304,7 @@ static inline int icmpv4_xrlim_allow(struct rtable *rt, int type, int code)
/* No rate limit on loopback */ /* No rate limit on loopback */
if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
goto out; goto out;
/* Limit if icmp type is enabled in ratemask. */ /* Limit if icmp type is enabled in ratemask. */
if ((1 << type) & sysctl_icmp_ratemask) if ((1 << type) & sysctl_icmp_ratemask)
@ -350,9 +350,9 @@ static void icmp_push_reply(struct icmp_bxm *icmp_param,
struct sk_buff *skb; struct sk_buff *skb;
if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param, if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
icmp_param->data_len+icmp_param->head_len, icmp_param->data_len+icmp_param->head_len,
icmp_param->head_len, icmp_param->head_len,
ipc, rt, MSG_DONTWAIT) < 0) ipc, rt, MSG_DONTWAIT) < 0)
ip_flush_pending_frames(icmp_socket->sk); ip_flush_pending_frames(icmp_socket->sk);
else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) { else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
struct icmphdr *icmph = skb->h.icmph; struct icmphdr *icmph = skb->h.icmph;
@ -755,7 +755,7 @@ static void icmp_redirect(struct sk_buff *skb)
skb->h.icmph->un.gateway, skb->h.icmph->un.gateway,
iph->saddr, skb->dev); iph->saddr, skb->dev);
break; break;
} }
out: out:
return; return;
out_err: out_err:
@ -959,7 +959,7 @@ int icmp_rcv(struct sk_buff *skb)
* Parse the ICMP message * Parse the ICMP message
*/ */
if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
/* /*
* RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be * RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be
* silently ignored (we let user decide with a sysctl). * silently ignored (we let user decide with a sysctl).
@ -976,7 +976,7 @@ int icmp_rcv(struct sk_buff *skb)
icmph->type != ICMP_ADDRESS && icmph->type != ICMP_ADDRESS &&
icmph->type != ICMP_ADDRESSREPLY) { icmph->type != ICMP_ADDRESSREPLY) {
goto error; goto error;
} }
} }
ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry); ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry);
@ -1085,7 +1085,7 @@ static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = {
.input_entry = ICMP_MIB_DUMMY, .input_entry = ICMP_MIB_DUMMY,
.handler = icmp_discard, .handler = icmp_discard,
}, },
[ICMP_INFO_REPLY] = { [ICMP_INFO_REPLY] = {
.output_entry = ICMP_MIB_DUMMY, .output_entry = ICMP_MIB_DUMMY,
.input_entry = ICMP_MIB_DUMMY, .input_entry = ICMP_MIB_DUMMY,
.handler = icmp_discard, .handler = icmp_discard,

2
net/ipv4/igmp.c
View file

@ -909,7 +909,7 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
else else
im->gsquery = mark; im->gsquery = mark;
changed = !im->gsquery || changed = !im->gsquery ||
igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
spin_unlock_bh(&im->lock); spin_unlock_bh(&im->lock);
if (changed) if (changed)
igmp_mod_timer(im, max_delay); igmp_mod_timer(im, max_delay);

2
net/ipv4/inet_connection_sock.c
View file

@ -149,7 +149,7 @@ success:
if (!inet_csk(sk)->icsk_bind_hash) if (!inet_csk(sk)->icsk_bind_hash)
inet_bind_hash(sk, tb, snum); inet_bind_hash(sk, tb, snum);
BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb); BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb);
ret = 0; ret = 0;
fail_unlock: fail_unlock:
spin_unlock(&head->lock); spin_unlock(&head->lock);

2
net/ipv4/inet_diag.c
View file

@ -381,7 +381,7 @@ static int inet_diag_bc_run(const void *bc, int len,
if (addr[0] == 0 && addr[1] == 0 && if (addr[0] == 0 && addr[1] == 0 &&
addr[2] == htonl(0xffff) && addr[2] == htonl(0xffff) &&
bitstring_match(addr + 3, cond->addr, bitstring_match(addr + 3, cond->addr,
cond->prefix_len)) cond->prefix_len))
break; break;
} }
yes = 0; yes = 0;

96
net/ipv4/inet_hashtables.c
View file

@ -274,81 +274,81 @@ int inet_hash_connect(struct inet_timewait_death_row *death_row,
{ {
struct inet_hashinfo *hinfo = death_row->hashinfo; struct inet_hashinfo *hinfo = death_row->hashinfo;
const unsigned short snum = inet_sk(sk)->num; const unsigned short snum = inet_sk(sk)->num;
struct inet_bind_hashbucket *head; struct inet_bind_hashbucket *head;
struct inet_bind_bucket *tb; struct inet_bind_bucket *tb;
int ret; int ret;
if (!snum) { if (!snum) {
int low = sysctl_local_port_range[0]; int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1]; int high = sysctl_local_port_range[1];
int range = high - low; int range = high - low;
int i; int i;
int port; int port;
static u32 hint; static u32 hint;
u32 offset = hint + inet_sk_port_offset(sk); u32 offset = hint + inet_sk_port_offset(sk);
struct hlist_node *node; struct hlist_node *node;
struct inet_timewait_sock *tw = NULL; struct inet_timewait_sock *tw = NULL;
local_bh_disable(); local_bh_disable();
for (i = 1; i <= range; i++) { for (i = 1; i <= range; i++) {
port = low + (i + offset) % range; port = low + (i + offset) % range;
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
spin_lock(&head->lock); spin_lock(&head->lock);
/* Does not bother with rcv_saddr checks, /* Does not bother with rcv_saddr checks,
* because the established check is already * because the established check is already
* unique enough. * unique enough.
*/ */
inet_bind_bucket_for_each(tb, node, &head->chain) { inet_bind_bucket_for_each(tb, node, &head->chain) {
if (tb->port == port) { if (tb->port == port) {
BUG_TRAP(!hlist_empty(&tb->owners)); BUG_TRAP(!hlist_empty(&tb->owners));
if (tb->fastreuse >= 0) if (tb->fastreuse >= 0)
goto next_port; goto next_port;
if (!__inet_check_established(death_row, if (!__inet_check_established(death_row,
sk, port, sk, port,
&tw)) &tw))
goto ok; goto ok;
goto next_port; goto next_port;
} }
} }
tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, head, port); tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, head, port);
if (!tb) { if (!tb) {
spin_unlock(&head->lock); spin_unlock(&head->lock);
break; break;
} }
tb->fastreuse = -1; tb->fastreuse = -1;
goto ok; goto ok;
next_port: next_port:
spin_unlock(&head->lock); spin_unlock(&head->lock);
} }
local_bh_enable(); local_bh_enable();
return -EADDRNOTAVAIL; return -EADDRNOTAVAIL;
ok: ok:
hint += i; hint += i;
/* Head lock still held and bh's disabled */ /* Head lock still held and bh's disabled */
inet_bind_hash(sk, tb, port); inet_bind_hash(sk, tb, port);
if (sk_unhashed(sk)) { if (sk_unhashed(sk)) {
inet_sk(sk)->sport = htons(port); inet_sk(sk)->sport = htons(port);
__inet_hash(hinfo, sk, 0); __inet_hash(hinfo, sk, 0);
} }
spin_unlock(&head->lock); spin_unlock(&head->lock);
if (tw) { if (tw) {
inet_twsk_deschedule(tw, death_row); inet_twsk_deschedule(tw, death_row);
inet_twsk_put(tw); inet_twsk_put(tw);
} }
ret = 0; ret = 0;
goto out; goto out;
} }
head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)]; head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)];
tb = inet_csk(sk)->icsk_bind_hash; tb = inet_csk(sk)->icsk_bind_hash;
spin_lock_bh(&head->lock); spin_lock_bh(&head->lock);
if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) { if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
__inet_hash(hinfo, sk, 0); __inet_hash(hinfo, sk, 0);

14
net/ipv4/ip_forward.c
View file

@ -76,7 +76,7 @@ int ip_forward(struct sk_buff *skb)
* that the packet's lifetime expired. * that the packet's lifetime expired.
*/ */
if (skb->nh.iph->ttl <= 1) if (skb->nh.iph->ttl <= 1)
goto too_many_hops; goto too_many_hops;
if (!xfrm4_route_forward(skb)) if (!xfrm4_route_forward(skb))
goto drop; goto drop;
@ -107,16 +107,16 @@ int ip_forward(struct sk_buff *skb)
ip_forward_finish); ip_forward_finish);
sr_failed: sr_failed:
/* /*
* Strict routing permits no gatewaying * Strict routing permits no gatewaying
*/ */
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0); icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0);
goto drop; goto drop;
too_many_hops: too_many_hops:
/* Tell the sender its packet died... */ /* Tell the sender its packet died... */
IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0); icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
drop: drop:
kfree_skb(skb); kfree_skb(skb);
return NET_RX_DROP; return NET_RX_DROP;

12
net/ipv4/ip_fragment.c
View file

@ -479,14 +479,14 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
goto err; goto err;
} }
offset = ntohs(skb->nh.iph->frag_off); offset = ntohs(skb->nh.iph->frag_off);
flags = offset & ~IP_OFFSET; flags = offset & ~IP_OFFSET;
offset &= IP_OFFSET; offset &= IP_OFFSET;
offset <<= 3; /* offset is in 8-byte chunks */ offset <<= 3; /* offset is in 8-byte chunks */
ihl = skb->nh.iph->ihl * 4; ihl = skb->nh.iph->ihl * 4;
/* Determine the position of this fragment. */ /* Determine the position of this fragment. */
end = offset + skb->len - ihl; end = offset + skb->len - ihl;
/* Is this the final fragment? */ /* Is this the final fragment? */
if ((flags & IP_MF) == 0) { if ((flags & IP_MF) == 0) {
@ -589,8 +589,8 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
else else
qp->fragments = skb; qp->fragments = skb;
if (skb->dev) if (skb->dev)
qp->iif = skb->dev->ifindex; qp->iif = skb->dev->ifindex;
skb->dev = NULL; skb->dev = NULL;
skb_get_timestamp(skb, &qp->stamp); skb_get_timestamp(skb, &qp->stamp);
qp->meat += skb->len; qp->meat += skb->len;
@ -684,7 +684,7 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
return head; return head;
out_nomem: out_nomem:
LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
"queue %p\n", qp); "queue %p\n", qp);
goto out_fail; goto out_fail;
out_oversize: out_oversize:

2
net/ipv4/ip_gre.c
View file

@ -816,7 +816,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
if (!new_skb) { if (!new_skb) {
ip_rt_put(rt); ip_rt_put(rt);
stats->tx_dropped++; stats->tx_dropped++;
dev_kfree_skb(skb); dev_kfree_skb(skb);
tunnel->recursion--; tunnel->recursion--;
return 0; return 0;

12
net/ipv4/ip_input.c
View file

@ -202,8 +202,8 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb)
__skb_pull(skb, ihl); __skb_pull(skb, ihl);
/* Point into the IP datagram, just past the header. */ /* Point into the IP datagram, just past the header. */
skb->h.raw = skb->data; skb->h.raw = skb->data;
rcu_read_lock(); rcu_read_lock();
{ {
@ -363,8 +363,8 @@ static inline int ip_rcv_finish(struct sk_buff *skb)
return dst_input(skb); return dst_input(skb);
drop: drop:
kfree_skb(skb); kfree_skb(skb);
return NET_RX_DROP; return NET_RX_DROP;
} }
/* /*
@ -437,9 +437,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
inhdr_error: inhdr_error:
IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
drop: drop:
kfree_skb(skb); kfree_skb(skb);
out: out:
return NET_RX_DROP; return NET_RX_DROP;
} }
EXPORT_SYMBOL(ip_statistics); EXPORT_SYMBOL(ip_statistics);

2
net/ipv4/ip_options.c
View file

@ -448,7 +448,7 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
goto error; goto error;
} }
opt->cipso = optptr - iph; opt->cipso = optptr - iph;
if (cipso_v4_validate(&optptr)) { if (cipso_v4_validate(&optptr)) {
pp_ptr = optptr; pp_ptr = optptr;
goto error; goto error;
} }

6
net/ipv4/ip_output.c
View file

@ -277,7 +277,7 @@ int ip_output(struct sk_buff *skb)
skb->protocol = htons(ETH_P_IP); skb->protocol = htons(ETH_P_IP);
return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
ip_finish_output, ip_finish_output,
!(IPCB(skb)->flags & IPSKB_REROUTED)); !(IPCB(skb)->flags & IPSKB_REROUTED));
} }
@ -993,7 +993,7 @@ alloc_new_skb:
goto error; goto error;
} }
get_page(page); get_page(page);
skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
frag = &skb_shinfo(skb)->frags[i]; frag = &skb_shinfo(skb)->frags[i];
} }
} else if (i < MAX_SKB_FRAGS) { } else if (i < MAX_SKB_FRAGS) {
@ -1357,7 +1357,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
/* Not quite clean, but right. */ /* Not quite clean, but right. */
.uli_u = { .ports = .uli_u = { .ports =
{ .sport = skb->h.th->dest, { .sport = skb->h.th->dest,
.dport = skb->h.th->source } }, .dport = skb->h.th->source } },
.proto = sk->sk_protocol }; .proto = sk->sk_protocol };
security_skb_classify_flow(skb, &fl); security_skb_classify_flow(skb, &fl);
if (ip_route_output_key(&rt, &fl)) if (ip_route_output_key(&rt, &fl))

14
net/ipv4/ip_sockglue.c
View file

@ -556,12 +556,12 @@ static int do_ip_setsockopt(struct sock *sk, int level,
if (val < 0 || val > 255) if (val < 0 || val > 255)
goto e_inval; goto e_inval;
inet->mc_ttl = val; inet->mc_ttl = val;
break; break;
case IP_MULTICAST_LOOP: case IP_MULTICAST_LOOP:
if (optlen<1) if (optlen<1)
goto e_inval; goto e_inval;
inet->mc_loop = !!val; inet->mc_loop = !!val;
break; break;
case IP_MULTICAST_IF: case IP_MULTICAST_IF:
{ {
struct ip_mreqn mreq; struct ip_mreqn mreq;
@ -866,7 +866,7 @@ mc_msf_out:
if (optlen<1) if (optlen<1)
goto e_inval; goto e_inval;
inet->freebind = !!val; inet->freebind = !!val;
break; break;
case IP_IPSEC_POLICY: case IP_IPSEC_POLICY:
case IP_XFRM_POLICY: case IP_XFRM_POLICY:
@ -1059,8 +1059,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
addr.s_addr = inet->mc_addr; addr.s_addr = inet->mc_addr;
release_sock(sk); release_sock(sk);
if(put_user(len, optlen)) if(put_user(len, optlen))
return -EFAULT; return -EFAULT;
if(copy_to_user(optval, &addr, len)) if(copy_to_user(optval, &addr, len))
return -EFAULT; return -EFAULT;
return 0; return 0;
@ -1168,7 +1168,7 @@ int ip_getsockopt(struct sock *sk, int level,
&& (optname < MRT_BASE || optname > MRT_BASE+10) && (optname < MRT_BASE || optname > MRT_BASE+10)
#endif #endif
) { ) {
int len; int len;
if(get_user(len,optlen)) if(get_user(len,optlen))
return -EFAULT; return -EFAULT;
@ -1197,7 +1197,7 @@ int compat_ip_getsockopt(struct sock *sk, int level, int optname,
&& (optname < MRT_BASE || optname > MRT_BASE+10) && (optname < MRT_BASE || optname > MRT_BASE+10)
#endif #endif
) { ) {
int len; int len;
if (get_user(len, optlen)) if (get_user(len, optlen))
return -EFAULT; return -EFAULT;

6
net/ipv4/ipcomp.c
View file

@ -85,7 +85,7 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
struct ip_comp_hdr *ipch; struct ip_comp_hdr *ipch;
if (skb_linearize_cow(skb)) if (skb_linearize_cow(skb))
goto out; goto out;
skb->ip_summed = CHECKSUM_NONE; skb->ip_summed = CHECKSUM_NONE;
@ -194,7 +194,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
spi = htonl(ntohs(ipch->cpi)); spi = htonl(ntohs(ipch->cpi));
x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr,
spi, IPPROTO_COMP, AF_INET); spi, IPPROTO_COMP, AF_INET);
if (!x) if (!x)
return; return;
NETDEBUG(KERN_DEBUG "pmtu discovery on SA IPCOMP/%08x/%u.%u.%u.%u\n", NETDEBUG(KERN_DEBUG "pmtu discovery on SA IPCOMP/%08x/%u.%u.%u.%u\n",
@ -247,7 +247,7 @@ static int ipcomp_tunnel_attach(struct xfrm_state *x)
struct xfrm_state *t; struct xfrm_state *t;
t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr.a4, t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr.a4,
x->props.saddr.a4, IPPROTO_IPIP, AF_INET); x->props.saddr.a4, IPPROTO_IPIP, AF_INET);
if (!t) { if (!t) {
t = ipcomp_tunnel_create(x); t = ipcomp_tunnel_create(x);
if (!t) { if (!t) {

4
net/ipv4/ipconfig.c
View file

@ -99,7 +99,7 @@
#define CONF_TIMEOUT_MULT *7/4 /* Rate of timeout growth */ #define CONF_TIMEOUT_MULT *7/4 /* Rate of timeout growth */
#define CONF_TIMEOUT_MAX (HZ*30) /* Maximum allowed timeout */ #define CONF_TIMEOUT_MAX (HZ*30) /* Maximum allowed timeout */
#define CONF_NAMESERVERS_MAX 3 /* Maximum number of nameservers #define CONF_NAMESERVERS_MAX 3 /* Maximum number of nameservers
- '3' from resolv.h */ - '3' from resolv.h */
#define NONE __constant_htonl(INADDR_NONE) #define NONE __constant_htonl(INADDR_NONE)
@ -913,7 +913,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
/* Parse extensions */ /* Parse extensions */
if (ext_len >= 4 && if (ext_len >= 4 &&
!memcmp(b->exten, ic_bootp_cookie, 4)) { /* Check magic cookie */ !memcmp(b->exten, ic_bootp_cookie, 4)) { /* Check magic cookie */
u8 *end = (u8 *) b + ntohs(b->iph.tot_len); u8 *end = (u8 *) b + ntohs(b->iph.tot_len);
u8 *ext; u8 *ext;
#ifdef IPCONFIG_DHCP #ifdef IPCONFIG_DHCP

2
net/ipv4/ipip.c
View file

@ -607,7 +607,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
if (!new_skb) { if (!new_skb) {
ip_rt_put(rt); ip_rt_put(rt);
stats->tx_dropped++; stats->tx_dropped++;
dev_kfree_skb(skb); dev_kfree_skb(skb);
tunnel->recursion--; tunnel->recursion--;
return 0; return 0;

10
net/ipv4/ipmr.c
View file

@ -569,7 +569,7 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
memcpy(msg, pkt->nh.raw, sizeof(struct iphdr)); memcpy(msg, pkt->nh.raw, sizeof(struct iphdr));
msg->im_msgtype = IGMPMSG_WHOLEPKT; msg->im_msgtype = IGMPMSG_WHOLEPKT;
msg->im_mbz = 0; msg->im_mbz = 0;
msg->im_vif = reg_vif_num; msg->im_vif = reg_vif_num;
skb->nh.iph->ihl = sizeof(struct iphdr) >> 2; skb->nh.iph->ihl = sizeof(struct iphdr) >> 2;
skb->nh.iph->tot_len = htons(ntohs(pkt->nh.iph->tot_len) + sizeof(struct iphdr)); skb->nh.iph->tot_len = htons(ntohs(pkt->nh.iph->tot_len) + sizeof(struct iphdr));
} else } else
@ -597,7 +597,7 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
igmp->code = 0; igmp->code = 0;
skb->nh.iph->tot_len=htons(skb->len); /* Fix the length */ skb->nh.iph->tot_len=htons(skb->len); /* Fix the length */
skb->h.raw = skb->nh.raw; skb->h.raw = skb->nh.raw;
} }
if (mroute_socket == NULL) { if (mroute_socket == NULL) {
kfree_skb(skb); kfree_skb(skb);
@ -1194,7 +1194,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
encap += LL_RESERVED_SPACE(dev) + rt->u.dst.header_len; encap += LL_RESERVED_SPACE(dev) + rt->u.dst.header_len;
if (skb_cow(skb, encap)) { if (skb_cow(skb, encap)) {
ip_rt_put(rt); ip_rt_put(rt);
goto out_free; goto out_free;
} }
@ -1431,7 +1431,7 @@ int pim_rcv_v1(struct sk_buff * skb)
pim = (struct igmphdr*)skb->h.raw; pim = (struct igmphdr*)skb->h.raw;
if (!mroute_do_pim || if (!mroute_do_pim ||
skb->len < sizeof(*pim) + sizeof(*encap) || skb->len < sizeof(*pim) + sizeof(*encap) ||
pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER) pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER)
goto drop; goto drop;
@ -1490,7 +1490,7 @@ static int pim_rcv(struct sk_buff * skb)
goto drop; goto drop;
pim = (struct pimreghdr*)skb->h.raw; pim = (struct pimreghdr*)skb->h.raw;
if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) || if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) ||
(pim->flags&PIM_NULL_REGISTER) || (pim->flags&PIM_NULL_REGISTER) ||
(ip_compute_csum((void *)pim, sizeof(*pim)) != 0 && (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
csum_fold(skb_checksum(skb, 0, skb->len, 0)))) csum_fold(skb_checksum(skb, 0, skb->len, 0))))

18
net/ipv4/ipvs/ip_vs_core.c
View file

@ -813,14 +813,14 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
skb->nh.iph->saddr = cp->vaddr; skb->nh.iph->saddr = cp->vaddr;
ip_send_check(skb->nh.iph); ip_send_check(skb->nh.iph);
/* For policy routing, packets originating from this /* For policy routing, packets originating from this
* machine itself may be routed differently to packets * machine itself may be routed differently to packets
* passing through. We want this packet to be routed as * passing through. We want this packet to be routed as
* if it came from this machine itself. So re-compute * if it came from this machine itself. So re-compute
* the routing information. * the routing information.
*/ */
if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
goto drop; goto drop;
skb = *pskb; skb = *pskb;
IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
@ -863,7 +863,7 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
/* reassemble IP fragments */ /* reassemble IP fragments */
if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) {
skb = ip_vs_gather_frags(skb, skb = ip_vs_gather_frags(skb,
hooknum == NF_IP_LOCAL_IN ? hooknum == NF_IP_LOCAL_IN ?
IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD); IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
if (!skb) if (!skb)
return NF_STOLEN; return NF_STOLEN;

2
net/ipv4/ipvs/ip_vs_ftp.c
View file

@ -370,7 +370,7 @@ static int __init ip_vs_ftp_init(void)
if (ret) if (ret)
break; break;
IP_VS_INFO("%s: loaded support on port[%d] = %d\n", IP_VS_INFO("%s: loaded support on port[%d] = %d\n",
app->name, i, ports[i]); app->name, i, ports[i]);
} }
if (ret) if (ret)

2
net/ipv4/multipath_rr.c
View file

@ -58,7 +58,7 @@ static void rr_select_route(const struct flowi *flp,
*/ */
result = NULL; result = NULL;
for (nh = rcu_dereference(first); nh; for (nh = rcu_dereference(first); nh;
nh = rcu_dereference(nh->u.rt_next)) { nh = rcu_dereference(nh->u.rt_next)) {
if ((nh->u.dst.flags & DST_BALANCED) != 0 && if ((nh->u.dst.flags & DST_BALANCED) != 0 &&
multipath_comparekeys(&nh->fl, flp)) { multipath_comparekeys(&nh->fl, flp)) {
nh->u.dst.lastuse = jiffies; nh->u.dst.lastuse = jiffies;

2
net/ipv4/multipath_wrandom.c
View file

@ -287,7 +287,7 @@ static void __multipath_free(struct rcu_head *head)
static void __multipath_free_dst(struct rcu_head *head) static void __multipath_free_dst(struct rcu_head *head)
{ {
struct multipath_dest *dst = container_of(head, struct multipath_dest *dst = container_of(head,
struct multipath_dest, struct multipath_dest,
rcu); rcu);
kfree(dst); kfree(dst);

2
net/ipv4/netfilter.c
View file

@ -177,7 +177,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
break; break;
if ((protocol == 0 && !csum_fold(skb->csum)) || if ((protocol == 0 && !csum_fold(skb->csum)) ||
!csum_tcpudp_magic(iph->saddr, iph->daddr, !csum_tcpudp_magic(iph->saddr, iph->daddr,
skb->len - dataoff, protocol, skb->len - dataoff, protocol,
skb->csum)) { skb->csum)) {
skb->ip_summed = CHECKSUM_UNNECESSARY; skb->ip_summed = CHECKSUM_UNNECESSARY;
break; break;

2
net/ipv4/netfilter/arp_tables.c
View file

@ -544,7 +544,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
} }
/* FIXME: underflows must be unconditional, standard verdicts /* FIXME: underflows must be unconditional, standard verdicts
< 0 (not ARPT_RETURN). --RR */ < 0 (not ARPT_RETURN). --RR */
/* Clear counters and comefrom */ /* Clear counters and comefrom */
e->counters = ((struct xt_counters) { 0, 0 }); e->counters = ((struct xt_counters) { 0, 0 });

2
net/ipv4/netfilter/arpt_mangle.c
View file

@ -67,7 +67,7 @@ target(struct sk_buff **pskb,
static int static int
checkentry(const char *tablename, const void *e, const struct xt_target *target, checkentry(const char *tablename, const void *e, const struct xt_target *target,
void *targinfo, unsigned int hook_mask) void *targinfo, unsigned int hook_mask)
{ {
const struct arpt_mangle *mangle = targinfo; const struct arpt_mangle *mangle = targinfo;

2
net/ipv4/netfilter/ip_conntrack_amanda.c
View file

@ -84,7 +84,7 @@ static struct {
}; };
static int help(struct sk_buff **pskb, static int help(struct sk_buff **pskb,
struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{ {
struct ts_state ts; struct ts_state ts;
struct ip_conntrack_expect *exp; struct ip_conntrack_expect *exp;

32
net/ipv4/netfilter/ip_conntrack_core.c
View file

@ -147,9 +147,9 @@ static u_int32_t __hash_conntrack(const struct ip_conntrack_tuple *tuple,
unsigned int size, unsigned int rnd) unsigned int size, unsigned int rnd)
{ {
return (jhash_3words((__force u32)tuple->src.ip, return (jhash_3words((__force u32)tuple->src.ip,
((__force u32)tuple->dst.ip ^ tuple->dst.protonum), ((__force u32)tuple->dst.ip ^ tuple->dst.protonum),
(tuple->src.u.all | (tuple->dst.u.all << 16)), (tuple->src.u.all | (tuple->dst.u.all << 16)),
rnd) % size); rnd) % size);
} }
static u_int32_t static u_int32_t
@ -446,15 +446,15 @@ __ip_conntrack_confirm(struct sk_buff **pskb)
/* IP_NF_ASSERT(atomic_read(&ct->ct_general.use) == 1); */ /* IP_NF_ASSERT(atomic_read(&ct->ct_general.use) == 1); */
/* No external references means noone else could have /* No external references means noone else could have
confirmed us. */ confirmed us. */
IP_NF_ASSERT(!is_confirmed(ct)); IP_NF_ASSERT(!is_confirmed(ct));
DEBUGP("Confirming conntrack %p\n", ct); DEBUGP("Confirming conntrack %p\n", ct);
write_lock_bh(&ip_conntrack_lock); write_lock_bh(&ip_conntrack_lock);
/* See if there's one in the list already, including reverse: /* See if there's one in the list already, including reverse:
NAT could have grabbed it without realizing, since we're NAT could have grabbed it without realizing, since we're
not in the hash. If there is, we lost race. */ not in the hash. If there is, we lost race. */
list_for_each_entry(h, &ip_conntrack_hash[hash], list) list_for_each_entry(h, &ip_conntrack_hash[hash], list)
if (ip_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, if (ip_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
&h->tuple)) &h->tuple))
@ -771,7 +771,7 @@ resolve_normal_ct(struct sk_buff *skb,
if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
DEBUGP("ip_conntrack_in: normal packet for %p\n", DEBUGP("ip_conntrack_in: normal packet for %p\n",
ct); ct);
*ctinfo = IP_CT_ESTABLISHED; *ctinfo = IP_CT_ESTABLISHED;
} else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) { } else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) {
DEBUGP("ip_conntrack_in: related packet for %p\n", DEBUGP("ip_conntrack_in: related packet for %p\n",
ct); ct);
@ -885,7 +885,7 @@ static inline int expect_clash(const struct ip_conntrack_expect *a,
const struct ip_conntrack_expect *b) const struct ip_conntrack_expect *b)
{ {
/* Part covered by intersection of masks must be unequal, /* Part covered by intersection of masks must be unequal,
otherwise they clash */ otherwise they clash */
struct ip_conntrack_tuple intersect_mask struct ip_conntrack_tuple intersect_mask
= { { a->mask.src.ip & b->mask.src.ip, = { { a->mask.src.ip & b->mask.src.ip,
{ a->mask.src.u.all & b->mask.src.u.all } }, { a->mask.src.u.all & b->mask.src.u.all } },
@ -1021,7 +1021,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect)
ret = 0; ret = 0;
out: out:
write_unlock_bh(&ip_conntrack_lock); write_unlock_bh(&ip_conntrack_lock);
return ret; return ret;
} }
/* Alter reply tuple (maybe alter helper). This is for NAT, and is /* Alter reply tuple (maybe alter helper). This is for NAT, and is
@ -1069,7 +1069,7 @@ static inline void unhelp(struct ip_conntrack_tuple_hash *i,
const struct ip_conntrack_helper *me) const struct ip_conntrack_helper *me)
{ {
if (tuplehash_to_ctrack(i)->helper == me) { if (tuplehash_to_ctrack(i)->helper == me) {
ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i)); ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i));
tuplehash_to_ctrack(i)->helper = NULL; tuplehash_to_ctrack(i)->helper = NULL;
} }
} }
@ -1106,7 +1106,7 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me)
/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
void __ip_ct_refresh_acct(struct ip_conntrack *ct, void __ip_ct_refresh_acct(struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
const struct sk_buff *skb, const struct sk_buff *skb,
unsigned long extra_jiffies, unsigned long extra_jiffies,
int do_acct) int do_acct)
@ -1358,8 +1358,8 @@ void ip_conntrack_cleanup(void)
ip_ct_attach = NULL; ip_ct_attach = NULL;
/* This makes sure all current packets have passed through /* This makes sure all current packets have passed through
netfilter framework. Roll on, two-stage module netfilter framework. Roll on, two-stage module
delete... */ delete... */
synchronize_net(); synchronize_net();
ip_ct_event_cache_flush(); ip_ct_event_cache_flush();
@ -1460,7 +1460,7 @@ int __init ip_conntrack_init(void)
/* Idea from tcp.c: use 1/16384 of memory. On i386: 32MB /* Idea from tcp.c: use 1/16384 of memory. On i386: 32MB
* machine has 256 buckets. >= 1GB machines have 8192 buckets. */ * machine has 256 buckets. >= 1GB machines have 8192 buckets. */
if (!ip_conntrack_htable_size) { if (!ip_conntrack_htable_size) {
ip_conntrack_htable_size ip_conntrack_htable_size
= (((num_physpages << PAGE_SHIFT) / 16384) = (((num_physpages << PAGE_SHIFT) / 16384)
/ sizeof(struct list_head)); / sizeof(struct list_head));
@ -1490,8 +1490,8 @@ int __init ip_conntrack_init(void)
} }
ip_conntrack_cachep = kmem_cache_create("ip_conntrack", ip_conntrack_cachep = kmem_cache_create("ip_conntrack",
sizeof(struct ip_conntrack), 0, sizeof(struct ip_conntrack), 0,
0, NULL, NULL); 0, NULL, NULL);
if (!ip_conntrack_cachep) { if (!ip_conntrack_cachep) {
printk(KERN_ERR "Unable to create ip_conntrack slab cache\n"); printk(KERN_ERR "Unable to create ip_conntrack slab cache\n");
goto err_free_hash; goto err_free_hash;

4
net/ipv4/netfilter/ip_conntrack_ftp.c
View file

@ -169,7 +169,7 @@ static int try_eprt(const char *data, size_t dlen, u_int32_t array[6],
int length; int length;
/* First character is delimiter, then "1" for IPv4, then /* First character is delimiter, then "1" for IPv4, then
delimiter again. */ delimiter again. */
if (dlen <= 3) return 0; if (dlen <= 3) return 0;
delim = data[0]; delim = data[0];
if (isdigit(delim) || delim < 33 || delim > 126 if (isdigit(delim) || delim < 33 || delim > 126
@ -351,7 +351,7 @@ static int help(struct sk_buff **pskb,
} }
/* Initialize IP array to expected address (it's not mentioned /* Initialize IP array to expected address (it's not mentioned
in EPSV responses) */ in EPSV responses) */
array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 24) & 0xFF; array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 24) & 0xFF;
array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 16) & 0xFF; array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 16) & 0xFF;
array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 8) & 0xFF; array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 8) & 0xFF;

2
net/ipv4/netfilter/ip_conntrack_helper_h323.c
View file

@ -42,7 +42,7 @@ MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
static int callforward_filter = 1; static int callforward_filter = 1;
module_param(callforward_filter, bool, 0600); module_param(callforward_filter, bool, 0600);
MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
"if both endpoints are on different sides " "if both endpoints are on different sides "
"(determined by routing information)"); "(determined by routing information)");
/* Hooks for NAT */ /* Hooks for NAT */

6
net/ipv4/netfilter/ip_conntrack_helper_pptp.c
View file

@ -560,7 +560,7 @@ conntrack_pptp_help(struct sk_buff **pskb,
tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
BUG_ON(!tcph); BUG_ON(!tcph);
nexthdr_off += tcph->doff * 4; nexthdr_off += tcph->doff * 4;
datalen = tcplen - tcph->doff * 4; datalen = tcplen - tcph->doff * 4;
pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph);
if (!pptph) { if (!pptph) {
@ -624,7 +624,7 @@ static struct ip_conntrack_helper pptp = {
.max_expected = 2, .max_expected = 2,
.timeout = 5 * 60, .timeout = 5 * 60,
.tuple = { .src = { .ip = 0, .tuple = { .src = { .ip = 0,
.u = { .tcp = { .port = .u = { .tcp = { .port =
__constant_htons(PPTP_CONTROL_PORT) } } __constant_htons(PPTP_CONTROL_PORT) } }
}, },
.dst = { .ip = 0, .dst = { .ip = 0,
@ -638,7 +638,7 @@ static struct ip_conntrack_helper pptp = {
.dst = { .ip = 0, .dst = { .ip = 0,
.u = { .all = 0 }, .u = { .all = 0 },
.protonum = 0xff .protonum = 0xff
} }
}, },
.help = conntrack_pptp_help, .help = conntrack_pptp_help,
.destroy = pptp_destroy_siblings, .destroy = pptp_destroy_siblings,

2
net/ipv4/netfilter/ip_conntrack_irc.c
View file

@ -63,7 +63,7 @@ static const char *dccprotos[] = { "SEND ", "CHAT ", "MOVE ", "TSEND ", "SCHAT "
#if 0 #if 0
#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s:" format, \ #define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s:" format, \
__FILE__, __FUNCTION__ , ## args) __FILE__, __FUNCTION__ , ## args)
#else #else
#define DEBUGP(format, args...) #define DEBUGP(format, args...)
#endif #endif

2
net/ipv4/netfilter/ip_conntrack_netbios_ns.c
View file

@ -42,7 +42,7 @@ module_param(timeout, uint, 0400);
MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
static int help(struct sk_buff **pskb, static int help(struct sk_buff **pskb,
struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{ {
struct ip_conntrack_expect *exp; struct ip_conntrack_expect *exp;
struct iphdr *iph = (*pskb)->nh.iph; struct iphdr *iph = (*pskb)->nh.iph;

18
net/ipv4/netfilter/ip_conntrack_netlink.c
View file

@ -299,7 +299,7 @@ nfattr_failure:
#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
static int ctnetlink_conntrack_event(struct notifier_block *this, static int ctnetlink_conntrack_event(struct notifier_block *this,
unsigned long events, void *ptr) unsigned long events, void *ptr)
{ {
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
struct nfgenmsg *nfmsg; struct nfgenmsg *nfmsg;
@ -368,16 +368,16 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
if (events & IPCT_PROTOINFO if (events & IPCT_PROTOINFO
&& ctnetlink_dump_protoinfo(skb, ct) < 0) && ctnetlink_dump_protoinfo(skb, ct) < 0)
goto nfattr_failure; goto nfattr_failure;
if ((events & IPCT_HELPER || ct->helper) if ((events & IPCT_HELPER || ct->helper)
&& ctnetlink_dump_helpinfo(skb, ct) < 0) && ctnetlink_dump_helpinfo(skb, ct) < 0)
goto nfattr_failure; goto nfattr_failure;
#ifdef CONFIG_IP_NF_CONNTRACK_MARK #ifdef CONFIG_IP_NF_CONNTRACK_MARK
if ((events & IPCT_MARK || ct->mark) if ((events & IPCT_MARK || ct->mark)
&& ctnetlink_dump_mark(skb, ct) < 0) && ctnetlink_dump_mark(skb, ct) < 0)
goto nfattr_failure; goto nfattr_failure;
#endif #endif
if (events & IPCT_COUNTER_FILLING && if (events & IPCT_COUNTER_FILLING &&
@ -426,7 +426,7 @@ restart:
cb->args[1] = 0; cb->args[1] = 0;
} }
if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
cb->nlh->nlmsg_seq, cb->nlh->nlmsg_seq,
IPCTNL_MSG_CT_NEW, IPCTNL_MSG_CT_NEW,
1, ct) < 0) { 1, ct) < 0) {
nf_conntrack_get(&ct->ct_general); nf_conntrack_get(&ct->ct_general);
@ -714,8 +714,8 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
return -ENOTSUPP; return -ENOTSUPP;
#endif #endif
if ((*errp = netlink_dump_start(ctnl, skb, nlh, if ((*errp = netlink_dump_start(ctnl, skb, nlh,
ctnetlink_dump_table, ctnetlink_dump_table,
ctnetlink_done)) != 0) ctnetlink_done)) != 0)
return -EINVAL; return -EINVAL;
rlen = NLMSG_ALIGN(nlh->nlmsg_len); rlen = NLMSG_ALIGN(nlh->nlmsg_len);
@ -1090,7 +1090,7 @@ nfattr_failure:
static inline int static inline int
ctnetlink_exp_dump_expect(struct sk_buff *skb, ctnetlink_exp_dump_expect(struct sk_buff *skb,
const struct ip_conntrack_expect *exp) const struct ip_conntrack_expect *exp)
{ {
struct ip_conntrack *master = exp->master; struct ip_conntrack *master = exp->master;
__be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ); __be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ);
@ -1247,7 +1247,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
if ((*errp = netlink_dump_start(ctnl, skb, nlh, if ((*errp = netlink_dump_start(ctnl, skb, nlh,
ctnetlink_exp_dump_table, ctnetlink_exp_dump_table,
ctnetlink_done)) != 0) ctnetlink_done)) != 0)
return -EINVAL; return -EINVAL;
rlen = NLMSG_ALIGN(nlh->nlmsg_len); rlen = NLMSG_ALIGN(nlh->nlmsg_len);

6
net/ipv4/netfilter/ip_conntrack_proto_icmp.c
View file

@ -94,9 +94,9 @@ static int icmp_packet(struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo) enum ip_conntrack_info ctinfo)
{ {
/* Try to delete connection immediately after all replies: /* Try to delete connection immediately after all replies:
won't actually vanish as we still have skb, and del_timer won't actually vanish as we still have skb, and del_timer
means this will only run once even if count hits zero twice means this will only run once even if count hits zero twice
(theoretically possible with SMP) */ (theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count) if (atomic_dec_and_test(&ct->proto.icmp.count)
&& del_timer(&ct->timeout)) && del_timer(&ct->timeout))

12
net/ipv4/netfilter/ip_conntrack_proto_sctp.c
View file

@ -97,15 +97,15 @@ point. Please note the subtleties. -Kiran
NONE - Nothing so far. NONE - Nothing so far.
COOKIE WAIT - We have seen an INIT chunk in the original direction, or also COOKIE WAIT - We have seen an INIT chunk in the original direction, or also
an INIT_ACK chunk in the reply direction. an INIT_ACK chunk in the reply direction.
COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction. COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction.
ESTABLISHED - We have seen a COOKIE_ACK in the reply direction. ESTABLISHED - We have seen a COOKIE_ACK in the reply direction.
SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction. SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction.
SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin. SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin.
SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite
to that of the SHUTDOWN chunk. to that of the SHUTDOWN chunk.
CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
the SHUTDOWN chunk. Connection is closed. the SHUTDOWN chunk. Connection is closed.
*/ */
/* TODO /* TODO
@ -397,7 +397,7 @@ static int sctp_packet(struct ip_conntrack *conntrack,
sctp_inithdr_t _inithdr, *ih; sctp_inithdr_t _inithdr, *ih;
ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
sizeof(_inithdr), &_inithdr); sizeof(_inithdr), &_inithdr);
if (ih == NULL) { if (ih == NULL) {
write_unlock_bh(&sctp_lock); write_unlock_bh(&sctp_lock);
return -1; return -1;
@ -472,7 +472,7 @@ static int sctp_new(struct ip_conntrack *conntrack,
sctp_inithdr_t _inithdr, *ih; sctp_inithdr_t _inithdr, *ih;
ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
sizeof(_inithdr), &_inithdr); sizeof(_inithdr), &_inithdr);
if (ih == NULL) if (ih == NULL)
return 0; return 0;
@ -647,7 +647,7 @@ static void __exit ip_conntrack_proto_sctp_fini(void)
{ {
ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp); ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
unregister_sysctl_table(ip_ct_sysctl_header); unregister_sysctl_table(ip_ct_sysctl_header);
#endif #endif
DEBUGP("SCTP conntrack module unloaded\n"); DEBUGP("SCTP conntrack module unloaded\n");
} }

90
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
View file

@ -281,7 +281,7 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */ /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*rst*/ { sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV }, /*rst*/ { sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV },
/*none*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV } /*none*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV }
} }
}; };
static int tcp_pkt_to_tuple(const struct sk_buff *skb, static int tcp_pkt_to_tuple(const struct sk_buff *skb,
@ -367,7 +367,7 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
if (!attr) if (!attr)
return 0; return 0;
nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr); nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp)) if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp))
return -EINVAL; return -EINVAL;
@ -404,7 +404,7 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph)
after the right or before the left edge) and thus receivers may ACK after the right or before the left edge) and thus receivers may ACK
segments after the right edge of the window. segments after the right edge of the window.
td_maxend = max(sack + max(win,1)) seen in reply packets td_maxend = max(sack + max(win,1)) seen in reply packets
td_maxwin = max(max(win, 1)) + (sack - ack) seen in sent packets td_maxwin = max(max(win, 1)) + (sack - ack) seen in sent packets
td_maxwin += seq + len - sender.td_maxend td_maxwin += seq + len - sender.td_maxend
if seq + len > sender.td_maxend if seq + len > sender.td_maxend
@ -517,10 +517,10 @@ static void tcp_sack(const struct sk_buff *skb,
/* Fast path for timestamp-only option */ /* Fast path for timestamp-only option */
if (length == TCPOLEN_TSTAMP_ALIGNED*4 if (length == TCPOLEN_TSTAMP_ALIGNED*4
&& *(__be32 *)ptr == && *(__be32 *)ptr ==
__constant_htonl((TCPOPT_NOP << 24) __constant_htonl((TCPOPT_NOP << 24)
| (TCPOPT_NOP << 16) | (TCPOPT_NOP << 16)
| (TCPOPT_TIMESTAMP << 8) | (TCPOPT_TIMESTAMP << 8)
| TCPOLEN_TIMESTAMP)) | TCPOLEN_TIMESTAMP))
return; return;
while (length > 0) { while (length > 0) {
@ -542,12 +542,12 @@ static void tcp_sack(const struct sk_buff *skb,
if (opcode == TCPOPT_SACK if (opcode == TCPOPT_SACK
&& opsize >= (TCPOLEN_SACK_BASE && opsize >= (TCPOLEN_SACK_BASE
+ TCPOLEN_SACK_PERBLOCK) + TCPOLEN_SACK_PERBLOCK)
&& !((opsize - TCPOLEN_SACK_BASE) && !((opsize - TCPOLEN_SACK_BASE)
% TCPOLEN_SACK_PERBLOCK)) { % TCPOLEN_SACK_PERBLOCK)) {
for (i = 0; for (i = 0;
i < (opsize - TCPOLEN_SACK_BASE); i < (opsize - TCPOLEN_SACK_BASE);
i += TCPOLEN_SACK_PERBLOCK) { i += TCPOLEN_SACK_PERBLOCK) {
tmp = ntohl(*((__be32 *)(ptr+i)+1)); tmp = ntohl(*((__be32 *)(ptr+i)+1));
if (after(tmp, *sack)) if (after(tmp, *sack))
@ -562,11 +562,11 @@ static void tcp_sack(const struct sk_buff *skb,
} }
static int tcp_in_window(struct ip_ct_tcp *state, static int tcp_in_window(struct ip_ct_tcp *state,
enum ip_conntrack_dir dir, enum ip_conntrack_dir dir,
unsigned int index, unsigned int index,
const struct sk_buff *skb, const struct sk_buff *skb,
struct iphdr *iph, struct iphdr *iph,
struct tcphdr *tcph) struct tcphdr *tcph)
{ {
struct ip_ct_tcp_state *sender = &state->seen[dir]; struct ip_ct_tcp_state *sender = &state->seen[dir];
struct ip_ct_tcp_state *receiver = &state->seen[!dir]; struct ip_ct_tcp_state *receiver = &state->seen[!dir];
@ -624,7 +624,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
* We are in the middle of a connection, * We are in the middle of a connection,
* its history is lost for us. * its history is lost for us.
* Let's try to use the data from the packet. * Let's try to use the data from the packet.
*/ */
sender->td_end = end; sender->td_end = end;
sender->td_maxwin = (win == 0 ? 1 : win); sender->td_maxwin = (win == 0 ? 1 : win);
sender->td_maxend = end + sender->td_maxwin; sender->td_maxend = end + sender->td_maxwin;
@ -632,7 +632,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
} else if (((state->state == TCP_CONNTRACK_SYN_SENT } else if (((state->state == TCP_CONNTRACK_SYN_SENT
&& dir == IP_CT_DIR_ORIGINAL) && dir == IP_CT_DIR_ORIGINAL)
|| (state->state == TCP_CONNTRACK_SYN_RECV || (state->state == TCP_CONNTRACK_SYN_RECV
&& dir == IP_CT_DIR_REPLY)) && dir == IP_CT_DIR_REPLY))
&& after(end, sender->td_end)) { && after(end, sender->td_end)) {
/* /*
* RFC 793: "if a TCP is reinitialized ... then it need * RFC 793: "if a TCP is reinitialized ... then it need
@ -663,7 +663,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
if (seq == end if (seq == end
&& (!tcph->rst && (!tcph->rst
|| (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT))) || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)))
/* /*
* Packets contains no data: we assume it is valid * Packets contains no data: we assume it is valid
* and check the ack value only. * and check the ack value only.
@ -687,15 +687,15 @@ static int tcp_in_window(struct ip_ct_tcp *state,
DEBUGP("tcp_in_window: I=%i II=%i III=%i IV=%i\n", DEBUGP("tcp_in_window: I=%i II=%i III=%i IV=%i\n",
before(seq, sender->td_maxend + 1), before(seq, sender->td_maxend + 1),
after(end, sender->td_end - receiver->td_maxwin - 1), after(end, sender->td_end - receiver->td_maxwin - 1),
before(sack, receiver->td_end + 1), before(sack, receiver->td_end + 1),
after(ack, receiver->td_end - MAXACKWINDOW(sender))); after(ack, receiver->td_end - MAXACKWINDOW(sender)));
if (before(seq, sender->td_maxend + 1) && if (before(seq, sender->td_maxend + 1) &&
after(end, sender->td_end - receiver->td_maxwin - 1) && after(end, sender->td_end - receiver->td_maxwin - 1) &&
before(sack, receiver->td_end + 1) && before(sack, receiver->td_end + 1) &&
after(ack, receiver->td_end - MAXACKWINDOW(sender))) { after(ack, receiver->td_end - MAXACKWINDOW(sender))) {
/* /*
* Take into account window scaling (RFC 1323). * Take into account window scaling (RFC 1323).
*/ */
if (!tcph->syn) if (!tcph->syn)
@ -756,7 +756,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
: "ACK is over the upper bound (ACKed data not seen yet)" : "ACK is over the upper bound (ACKed data not seen yet)"
: "SEQ is under the lower bound (already ACKed data retransmitted)" : "SEQ is under the lower bound (already ACKed data retransmitted)"
: "SEQ is over the upper bound (over the window of the receiver)"); : "SEQ is over the upper bound (over the window of the receiver)");
} }
DEBUGP("tcp_in_window: res=%i sender end=%u maxend=%u maxwin=%u " DEBUGP("tcp_in_window: res=%i sender end=%u maxend=%u maxwin=%u "
"receiver end=%u maxend=%u maxwin=%u\n", "receiver end=%u maxend=%u maxwin=%u\n",
@ -847,7 +847,7 @@ static int tcp_error(struct sk_buff *skb,
nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
"ip_ct_tcp: short packet "); "ip_ct_tcp: short packet ");
return -NF_ACCEPT; return -NF_ACCEPT;
} }
/* Not whole TCP header or malformed packet */ /* Not whole TCP header or malformed packet */
if (th->doff*4 < sizeof(struct tcphdr) || tcplen < th->doff*4) { if (th->doff*4 < sizeof(struct tcphdr) || tcplen < th->doff*4) {
@ -916,7 +916,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
&& conntrack->proto.tcp.last_index == TCP_SYN_SET && conntrack->proto.tcp.last_index == TCP_SYN_SET
&& conntrack->proto.tcp.last_dir != dir && conntrack->proto.tcp.last_dir != dir
&& ntohl(th->ack_seq) == && ntohl(th->ack_seq) ==
conntrack->proto.tcp.last_end) { conntrack->proto.tcp.last_end) {
/* This SYN/ACK acknowledges a SYN that we earlier /* This SYN/ACK acknowledges a SYN that we earlier
* ignored as invalid. This means that the client and * ignored as invalid. This means that the client and
* the server are both in sync, while the firewall is * the server are both in sync, while the firewall is
@ -924,15 +924,15 @@ static int tcp_packet(struct ip_conntrack *conntrack,
* that the client cannot but retransmit its SYN and * that the client cannot but retransmit its SYN and
* thus initiate a clean new session. * thus initiate a clean new session.
*/ */
write_unlock_bh(&tcp_lock); write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP)) if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(PF_INET, 0, skb, NULL, NULL, nf_log_packet(PF_INET, 0, skb, NULL, NULL,
NULL, "ip_ct_tcp: " NULL, "ip_ct_tcp: "
"killing out of sync session "); "killing out of sync session ");
if (del_timer(&conntrack->timeout)) if (del_timer(&conntrack->timeout))
conntrack->timeout.function((unsigned long) conntrack->timeout.function((unsigned long)
conntrack); conntrack);
return -NF_DROP; return -NF_DROP;
} }
conntrack->proto.tcp.last_index = index; conntrack->proto.tcp.last_index = index;
conntrack->proto.tcp.last_dir = dir; conntrack->proto.tcp.last_dir = dir;
@ -959,16 +959,16 @@ static int tcp_packet(struct ip_conntrack *conntrack,
if (old_state < TCP_CONNTRACK_TIME_WAIT) if (old_state < TCP_CONNTRACK_TIME_WAIT)
break; break;
if ((conntrack->proto.tcp.seen[dir].flags & if ((conntrack->proto.tcp.seen[dir].flags &
IP_CT_TCP_FLAG_CLOSE_INIT) IP_CT_TCP_FLAG_CLOSE_INIT)
|| after(ntohl(th->seq), || after(ntohl(th->seq),
conntrack->proto.tcp.seen[dir].td_end)) { conntrack->proto.tcp.seen[dir].td_end)) {
/* Attempt to reopen a closed connection. /* Attempt to reopen a closed connection.
* Delete this connection and look up again. */ * Delete this connection and look up again. */
write_unlock_bh(&tcp_lock); write_unlock_bh(&tcp_lock);
if (del_timer(&conntrack->timeout)) if (del_timer(&conntrack->timeout))
conntrack->timeout.function((unsigned long) conntrack->timeout.function((unsigned long)
conntrack); conntrack);
return -NF_REPEAT; return -NF_REPEAT;
} else { } else {
write_unlock_bh(&tcp_lock); write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP)) if (LOG_INVALID(IPPROTO_TCP))
@ -979,9 +979,9 @@ static int tcp_packet(struct ip_conntrack *conntrack,
case TCP_CONNTRACK_CLOSE: case TCP_CONNTRACK_CLOSE:
if (index == TCP_RST_SET if (index == TCP_RST_SET
&& ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
&& conntrack->proto.tcp.last_index == TCP_SYN_SET) && conntrack->proto.tcp.last_index == TCP_SYN_SET)
|| (!test_bit(IPS_ASSURED_BIT, &conntrack->status) || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
&& conntrack->proto.tcp.last_index == TCP_ACK_SET)) && conntrack->proto.tcp.last_index == TCP_ACK_SET))
&& ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) { && ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) {
/* RST sent to invalid SYN or ACK we had let through /* RST sent to invalid SYN or ACK we had let through
* at a) and c) above: * at a) and c) above:
@ -1020,7 +1020,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
conntrack->proto.tcp.state = new_state; conntrack->proto.tcp.state = new_state;
if (old_state != new_state if (old_state != new_state
&& (new_state == TCP_CONNTRACK_FIN_WAIT && (new_state == TCP_CONNTRACK_FIN_WAIT
|| new_state == TCP_CONNTRACK_CLOSE)) || new_state == TCP_CONNTRACK_CLOSE))
conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans
&& *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans && *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans

10
net/ipv4/netfilter/ip_conntrack_sip.c
View file

@ -321,7 +321,7 @@ int ct_sip_get_info(const char *dptr, size_t dlen,
continue; continue;
} }
aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen, aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
ct_sip_lnlen(dptr, limit), ct_sip_lnlen(dptr, limit),
hnfo->case_sensitive); hnfo->case_sensitive);
if (!aux) { if (!aux) {
DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str, DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str,
@ -406,7 +406,7 @@ static int sip_help(struct sk_buff **pskb,
if (dataoff >= (*pskb)->len) { if (dataoff >= (*pskb)->len) {
DEBUGP("skb->len = %u\n", (*pskb)->len); DEBUGP("skb->len = %u\n", (*pskb)->len);
return NF_ACCEPT; return NF_ACCEPT;
} }
ip_ct_refresh(ct, *pskb, sip_timeout * HZ); ip_ct_refresh(ct, *pskb, sip_timeout * HZ);
@ -439,16 +439,16 @@ static int sip_help(struct sk_buff **pskb,
} }
/* Get ip and port address from SDP packet. */ /* Get ip and port address from SDP packet. */
if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen, if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
POS_CONNECTION) > 0) { POS_CONNECTION) > 0) {
/* We'll drop only if there are parse problems. */ /* We'll drop only if there are parse problems. */
if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr, if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr,
dptr + datalen) < 0) { dptr + datalen) < 0) {
ret = NF_DROP; ret = NF_DROP;
goto out; goto out;
} }
if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen, if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
POS_MEDIA) > 0) { POS_MEDIA) > 0) {
port = simple_strtoul(dptr + matchoff, NULL, 10); port = simple_strtoul(dptr + matchoff, NULL, 10);
if (port < 1024) { if (port < 1024) {

18
net/ipv4/netfilter/ip_conntrack_standalone.c
View file

@ -160,7 +160,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
proto)) proto))
return -ENOSPC; return -ENOSPC;
if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL])) if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL]))
return -ENOSPC; return -ENOSPC;
if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status))) if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)))
@ -171,7 +171,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
proto)) proto))
return -ENOSPC; return -ENOSPC;
if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY])) if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY]))
return -ENOSPC; return -ENOSPC;
if (test_bit(IPS_ASSURED_BIT, &conntrack->status)) if (test_bit(IPS_ASSURED_BIT, &conntrack->status))
@ -253,7 +253,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos)
static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos) static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos)
{ {
struct list_head *e = v; struct list_head *e = v;
++*pos; ++*pos;
e = e->next; e = e->next;
@ -426,14 +426,14 @@ static unsigned int ip_conntrack_help(unsigned int hooknum,
} }
static unsigned int ip_conntrack_defrag(unsigned int hooknum, static unsigned int ip_conntrack_defrag(unsigned int hooknum,
struct sk_buff **pskb, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE) #if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)
/* Previously seen (loopback)? Ignore. Do this before /* Previously seen (loopback)? Ignore. Do this before
fragment check. */ fragment check. */
if ((*pskb)->nfct) if ((*pskb)->nfct)
return NF_ACCEPT; return NF_ACCEPT;
#endif #endif
@ -441,7 +441,7 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum,
/* Gather fragments. */ /* Gather fragments. */
if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
*pskb = ip_ct_gather_frags(*pskb, *pskb = ip_ct_gather_frags(*pskb,
hooknum == NF_IP_PRE_ROUTING ? hooknum == NF_IP_PRE_ROUTING ?
IP_DEFRAG_CONNTRACK_IN : IP_DEFRAG_CONNTRACK_IN :
IP_DEFRAG_CONNTRACK_OUT); IP_DEFRAG_CONNTRACK_OUT);
if (!*pskb) if (!*pskb)

2
net/ipv4/netfilter/ip_conntrack_tftp.c
View file

@ -33,7 +33,7 @@ MODULE_PARM_DESC(ports, "port numbers of tftp servers");
#if 0 #if 0
#define DEBUGP(format, args...) printk("%s:%s:" format, \ #define DEBUGP(format, args...) printk("%s:%s:" format, \
__FILE__, __FUNCTION__ , ## args) __FILE__, __FUNCTION__ , ## args)
#else #else
#define DEBUGP(format, args...) #define DEBUGP(format, args...)
#endif #endif

8
net/ipv4/netfilter/ip_nat_core.c
View file

@ -443,8 +443,8 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
(*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
/* Redirects on non-null nats must be dropped, else they'll /* Redirects on non-null nats must be dropped, else they'll
start talking to each other without our translation, and be start talking to each other without our translation, and be
confused... --RR */ confused... --RR */
if (inside->icmp.type == ICMP_REDIRECT) { if (inside->icmp.type == ICMP_REDIRECT) {
/* If NAT isn't finished, assume it and drop. */ /* If NAT isn't finished, assume it and drop. */
if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK) if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK)
@ -458,8 +458,8 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
*pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 + if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 +
sizeof(struct icmphdr) + inside->ip.ihl*4, sizeof(struct icmphdr) + inside->ip.ihl*4,
&inner, &inner,
__ip_conntrack_proto_find(inside->ip.protocol))) __ip_conntrack_proto_find(inside->ip.protocol)))
return 0; return 0;

10
net/ipv4/netfilter/ip_nat_helper.c
View file

@ -186,7 +186,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
tcph->check = tcp_v4_check(datalen, tcph->check = tcp_v4_check(datalen,
iph->saddr, iph->daddr, iph->saddr, iph->daddr,
csum_partial((char *)tcph, csum_partial((char *)tcph,
datalen, 0)); datalen, 0));
} else } else
nf_proto_csum_replace2(&tcph->check, *pskb, nf_proto_csum_replace2(&tcph->check, *pskb,
htons(oldlen), htons(datalen), 1); htons(oldlen), htons(datalen), 1);
@ -229,7 +229,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
/* UDP helpers might accidentally mangle the wrong packet */ /* UDP helpers might accidentally mangle the wrong packet */
iph = (*pskb)->nh.iph; iph = (*pskb)->nh.iph;
if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
match_offset + match_len) match_offset + match_len)
return 0; return 0;
if (!skb_make_writable(pskb, (*pskb)->len)) if (!skb_make_writable(pskb, (*pskb)->len))
@ -258,9 +258,9 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
udph->check = 0; udph->check = 0;
udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
datalen, IPPROTO_UDP, datalen, IPPROTO_UDP,
csum_partial((char *)udph, csum_partial((char *)udph,
datalen, 0)); datalen, 0));
if (!udph->check) if (!udph->check)
udph->check = CSUM_MANGLED_0; udph->check = CSUM_MANGLED_0;
} else } else

10
net/ipv4/netfilter/ip_nat_helper_pptp.c
View file

@ -202,10 +202,10 @@ pptp_outbound_pkt(struct sk_buff **pskb,
/* mangle packet */ /* mangle packet */
if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
cid_off + sizeof(struct pptp_pkt_hdr) + cid_off + sizeof(struct pptp_pkt_hdr) +
sizeof(struct PptpControlHeader), sizeof(struct PptpControlHeader),
sizeof(new_callid), (char *)&new_callid, sizeof(new_callid), (char *)&new_callid,
sizeof(new_callid)) == 0) sizeof(new_callid)) == 0)
return NF_DROP; return NF_DROP;
return NF_ACCEPT; return NF_ACCEPT;
@ -293,7 +293,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
pcid_off + sizeof(struct pptp_pkt_hdr) + pcid_off + sizeof(struct pptp_pkt_hdr) +
sizeof(struct PptpControlHeader), sizeof(struct PptpControlHeader),
sizeof(new_pcid), (char *)&new_pcid, sizeof(new_pcid), (char *)&new_pcid,
sizeof(new_pcid)) == 0) sizeof(new_pcid)) == 0)

2
net/ipv4/netfilter/ip_nat_proto_icmp.c
View file

@ -45,7 +45,7 @@ icmp_unique_tuple(struct ip_conntrack_tuple *tuple,
for (i = 0; i < range_size; i++, id++) { for (i = 0; i < range_size; i++, id++) {
tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) + tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) +
(id % range_size)); (id % range_size));
if (!ip_nat_used_tuple(tuple, conntrack)) if (!ip_nat_used_tuple(tuple, conntrack))
return 1; return 1;
} }

6
net/ipv4/netfilter/ip_nat_rule.c
View file

@ -112,7 +112,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
/* Connection must be valid and new. */ /* Connection must be valid and new. */
IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
|| ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
IP_NF_ASSERT(out); IP_NF_ASSERT(out);
return ip_nat_setup_info(ct, &mr->range[0], hooknum); return ip_nat_setup_info(ct, &mr->range[0], hooknum);
@ -223,8 +223,8 @@ alloc_null_binding(struct ip_conntrack *conntrack,
unsigned int unsigned int
alloc_null_binding_confirmed(struct ip_conntrack *conntrack, alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
struct ip_nat_info *info, struct ip_nat_info *info,
unsigned int hooknum) unsigned int hooknum)
{ {
__be32 ip __be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC

14
net/ipv4/netfilter/ip_nat_sip.c
View file

@ -88,7 +88,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
return 1; return 1;
if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
matchoff, matchlen, addr, addrlen)) matchoff, matchlen, addr, addrlen))
return 0; return 0;
*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
return 1; return 1;
@ -149,7 +149,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
return 0; return 0;
if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
matchoff, matchlen, buffer, bufflen)) matchoff, matchlen, buffer, bufflen))
return 0; return 0;
/* We need to reload this. Thanks Patrick. */ /* We need to reload this. Thanks Patrick. */
@ -170,7 +170,7 @@ static int mangle_content_len(struct sk_buff **pskb,
/* Get actual SDP lenght */ /* Get actual SDP lenght */
if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
&matchlen, POS_SDP_HEADER) > 0) { &matchlen, POS_SDP_HEADER) > 0) {
/* since ct_sip_get_info() give us a pointer passing 'v=' /* since ct_sip_get_info() give us a pointer passing 'v='
we need to add 2 bytes in this count. */ we need to add 2 bytes in this count. */
@ -178,7 +178,7 @@ static int mangle_content_len(struct sk_buff **pskb,
/* Now, update SDP lenght */ /* Now, update SDP lenght */
if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
&matchlen, POS_CONTENT) > 0) { &matchlen, POS_CONTENT) > 0) {
bufflen = sprintf(buffer, "%u", c_len); bufflen = sprintf(buffer, "%u", c_len);
@ -204,17 +204,17 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
/* Mangle owner and contact info. */ /* Mangle owner and contact info. */
bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
buffer, bufflen, POS_OWNER)) buffer, bufflen, POS_OWNER))
return 0; return 0;
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
buffer, bufflen, POS_CONNECTION)) buffer, bufflen, POS_CONNECTION))
return 0; return 0;
/* Mangle media port. */ /* Mangle media port. */
bufflen = sprintf(buffer, "%u", port); bufflen = sprintf(buffer, "%u", port);
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
buffer, bufflen, POS_MEDIA)) buffer, bufflen, POS_MEDIA))
return 0; return 0;
return mangle_content_len(pskb, ctinfo, ct, dptr); return mangle_content_len(pskb, ctinfo, ct, dptr);

98
net/ipv4/netfilter/ip_nat_snmp_basic.c
View file

@ -150,8 +150,8 @@ struct asn1_octstr
}; };
static void asn1_open(struct asn1_ctx *ctx, static void asn1_open(struct asn1_ctx *ctx,
unsigned char *buf, unsigned char *buf,
unsigned int len) unsigned int len)
{ {
ctx->begin = buf; ctx->begin = buf;
ctx->end = buf + len; ctx->end = buf + len;
@ -186,9 +186,9 @@ static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
} }
static unsigned char asn1_id_decode(struct asn1_ctx *ctx, static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
unsigned int *cls, unsigned int *cls,
unsigned int *con, unsigned int *con,
unsigned int *tag) unsigned int *tag)
{ {
unsigned char ch; unsigned char ch;
@ -207,8 +207,8 @@ static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_length_decode(struct asn1_ctx *ctx, static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
unsigned int *def, unsigned int *def,
unsigned int *len) unsigned int *len)
{ {
unsigned char ch, cnt; unsigned char ch, cnt;
@ -239,10 +239,10 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_header_decode(struct asn1_ctx *ctx, static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
unsigned char **eoc, unsigned char **eoc,
unsigned int *cls, unsigned int *cls,
unsigned int *con, unsigned int *con,
unsigned int *tag) unsigned int *tag)
{ {
unsigned int def, len; unsigned int def, len;
@ -297,8 +297,8 @@ static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc)
} }
static unsigned char asn1_long_decode(struct asn1_ctx *ctx, static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
long *integer) long *integer)
{ {
unsigned char ch; unsigned char ch;
unsigned int len; unsigned int len;
@ -325,8 +325,8 @@ static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned int *integer) unsigned int *integer)
{ {
unsigned char ch; unsigned char ch;
unsigned int len; unsigned int len;
@ -354,8 +354,8 @@ static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned long *integer) unsigned long *integer)
{ {
unsigned char ch; unsigned char ch;
unsigned int len; unsigned int len;
@ -383,9 +383,9 @@ static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned char **octets, unsigned char **octets,
unsigned int *len) unsigned int *len)
{ {
unsigned char *ptr; unsigned char *ptr;
@ -411,7 +411,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
unsigned long *subid) unsigned long *subid)
{ {
unsigned char ch; unsigned char ch;
@ -428,9 +428,9 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned long **oid, unsigned long **oid,
unsigned int *len) unsigned int *len)
{ {
unsigned long subid; unsigned long subid;
unsigned int size; unsigned int size;
@ -611,9 +611,9 @@ struct snmp_v1_trap
#define SERR_EOM 2 #define SERR_EOM 2
static inline void mangle_address(unsigned char *begin, static inline void mangle_address(unsigned char *begin,
unsigned char *addr, unsigned char *addr,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check); __sum16 *check);
struct snmp_cnv struct snmp_cnv
{ {
unsigned int class; unsigned int class;
@ -644,8 +644,8 @@ static struct snmp_cnv snmp_conv [] =
}; };
static unsigned char snmp_tag_cls2syntax(unsigned int tag, static unsigned char snmp_tag_cls2syntax(unsigned int tag,
unsigned int cls, unsigned int cls,
unsigned short *syntax) unsigned short *syntax)
{ {
struct snmp_cnv *cnv; struct snmp_cnv *cnv;
@ -662,7 +662,7 @@ static unsigned char snmp_tag_cls2syntax(unsigned int tag,
} }
static unsigned char snmp_object_decode(struct asn1_ctx *ctx, static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
struct snmp_object **obj) struct snmp_object **obj)
{ {
unsigned int cls, con, tag, len, idlen; unsigned int cls, con, tag, len, idlen;
unsigned short type; unsigned short type;
@ -714,7 +714,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
return 0; return 0;
} }
*obj = kmalloc(sizeof(struct snmp_object) + len, *obj = kmalloc(sizeof(struct snmp_object) + len,
GFP_ATOMIC); GFP_ATOMIC);
if (*obj == NULL) { if (*obj == NULL) {
kfree(id); kfree(id);
if (net_ratelimit()) if (net_ratelimit())
@ -730,7 +730,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
return 0; return 0;
} }
*obj = kmalloc(sizeof(struct snmp_object) + len, *obj = kmalloc(sizeof(struct snmp_object) + len,
GFP_ATOMIC); GFP_ATOMIC);
if (*obj == NULL) { if (*obj == NULL) {
kfree(id); kfree(id);
if (net_ratelimit()) if (net_ratelimit())
@ -834,7 +834,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
} }
static unsigned char snmp_request_decode(struct asn1_ctx *ctx, static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
struct snmp_request *request) struct snmp_request *request)
{ {
unsigned int cls, con, tag; unsigned int cls, con, tag;
unsigned char *end; unsigned char *end;
@ -874,9 +874,9 @@ static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
* code example in the draft. * code example in the draft.
*/ */
static void fast_csum(__sum16 *csum, static void fast_csum(__sum16 *csum,
const unsigned char *optr, const unsigned char *optr,
const unsigned char *nptr, const unsigned char *nptr,
int offset) int offset)
{ {
unsigned char s[4]; unsigned char s[4];
@ -899,9 +899,9 @@ static void fast_csum(__sum16 *csum,
* - addr points to the start of the address * - addr points to the start of the address
*/ */
static inline void mangle_address(unsigned char *begin, static inline void mangle_address(unsigned char *begin,
unsigned char *addr, unsigned char *addr,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check) __sum16 *check)
{ {
if (map->from == NOCT1(addr)) { if (map->from == NOCT1(addr)) {
u_int32_t old; u_int32_t old;
@ -914,7 +914,7 @@ static inline void mangle_address(unsigned char *begin,
/* Update UDP checksum if being used */ /* Update UDP checksum if being used */
if (*check) { if (*check) {
fast_csum(check, fast_csum(check,
&map->from, &map->to, addr - begin); &map->from, &map->to, addr - begin);
} }
if (debug) if (debug)
@ -924,9 +924,9 @@ static inline void mangle_address(unsigned char *begin,
} }
static unsigned char snmp_trap_decode(struct asn1_ctx *ctx, static unsigned char snmp_trap_decode(struct asn1_ctx *ctx,
struct snmp_v1_trap *trap, struct snmp_v1_trap *trap,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check) __sum16 *check)
{ {
unsigned int cls, con, tag, len; unsigned int cls, con, tag, len;
unsigned char *end; unsigned char *end;
@ -1018,9 +1018,9 @@ static void hex_dump(unsigned char *buf, size_t len)
* (And this is the fucking 'basic' method). * (And this is the fucking 'basic' method).
*/ */
static int snmp_parse_mangle(unsigned char *msg, static int snmp_parse_mangle(unsigned char *msg,
u_int16_t len, u_int16_t len,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check) __sum16 *check)
{ {
unsigned char *eoc, *end; unsigned char *eoc, *end;
unsigned int cls, con, tag, vers, pdutype; unsigned int cls, con, tag, vers, pdutype;
@ -1190,8 +1190,8 @@ static int snmp_parse_mangle(unsigned char *msg,
* SNMP translation routine. * SNMP translation routine.
*/ */
static int snmp_translate(struct ip_conntrack *ct, static int snmp_translate(struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
struct sk_buff **pskb) struct sk_buff **pskb)
{ {
struct iphdr *iph = (*pskb)->nh.iph; struct iphdr *iph = (*pskb)->nh.iph;
struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
@ -1218,7 +1218,7 @@ static int snmp_translate(struct ip_conntrack *ct,
return NF_ACCEPT; return NF_ACCEPT;
if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr), if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr),
paylen, &map, &udph->check)) { paylen, &map, &udph->check)) {
if (net_ratelimit()) if (net_ratelimit())
printk(KERN_WARNING "bsalg: parser failed\n"); printk(KERN_WARNING "bsalg: parser failed\n");
return NF_DROP; return NF_DROP;

20
net/ipv4/netfilter/ip_nat_standalone.c
View file

@ -107,8 +107,8 @@ ip_nat_fn(unsigned int hooknum,
protocol. 8) --RR */ protocol. 8) --RR */
if (!ct) { if (!ct) {
/* Exception: ICMP redirect to new connection (not in /* Exception: ICMP redirect to new connection (not in
hash table yet). We must not let this through, in hash table yet). We must not let this through, in
case we're doing NAT to the same network. */ case we're doing NAT to the same network. */
if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
struct icmphdr _hdr, *hp; struct icmphdr _hdr, *hp;
@ -148,7 +148,7 @@ ip_nat_fn(unsigned int hooknum,
if (unlikely(is_confirmed(ct))) if (unlikely(is_confirmed(ct)))
/* NAT module was loaded late */ /* NAT module was loaded late */
ret = alloc_null_binding_confirmed(ct, info, ret = alloc_null_binding_confirmed(ct, info,
hooknum); hooknum);
else if (hooknum == NF_IP_LOCAL_IN) else if (hooknum == NF_IP_LOCAL_IN)
/* LOCAL_IN hook doesn't have a chain! */ /* LOCAL_IN hook doesn't have a chain! */
ret = alloc_null_binding(ct, info, hooknum); ret = alloc_null_binding(ct, info, hooknum);
@ -179,10 +179,10 @@ ip_nat_fn(unsigned int hooknum,
static unsigned int static unsigned int
ip_nat_in(unsigned int hooknum, ip_nat_in(unsigned int hooknum,
struct sk_buff **pskb, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
unsigned int ret; unsigned int ret;
__be32 daddr = (*pskb)->nh.iph->daddr; __be32 daddr = (*pskb)->nh.iph->daddr;
@ -277,9 +277,9 @@ ip_nat_adjust(unsigned int hooknum,
ct = ip_conntrack_get(*pskb, &ctinfo); ct = ip_conntrack_get(*pskb, &ctinfo);
if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
DEBUGP("ip_nat_standalone: adjusting sequence number\n"); DEBUGP("ip_nat_standalone: adjusting sequence number\n");
if (!ip_nat_seq_adjust(pskb, ct, ctinfo)) if (!ip_nat_seq_adjust(pskb, ct, ctinfo))
return NF_DROP; return NF_DROP;
} }
return NF_ACCEPT; return NF_ACCEPT;
} }

54
net/ipv4/netfilter/ip_queue.c
View file

@ -262,7 +262,7 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
if (entry->skb->dev->hard_header_parse) if (entry->skb->dev->hard_header_parse)
pmsg->hw_addrlen = pmsg->hw_addrlen =
entry->skb->dev->hard_header_parse(entry->skb, entry->skb->dev->hard_header_parse(entry->skb,
pmsg->hw_addr); pmsg->hw_addr);
} }
if (data_len) if (data_len)
@ -310,19 +310,19 @@ ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info,
goto err_out_free_nskb; goto err_out_free_nskb;
if (queue_total >= queue_maxlen) { if (queue_total >= queue_maxlen) {
queue_dropped++; queue_dropped++;
status = -ENOSPC; status = -ENOSPC;
if (net_ratelimit()) if (net_ratelimit())
printk (KERN_WARNING "ip_queue: full at %d entries, " printk (KERN_WARNING "ip_queue: full at %d entries, "
"dropping packets(s). Dropped: %d\n", queue_total, "dropping packets(s). Dropped: %d\n", queue_total,
queue_dropped); queue_dropped);
goto err_out_free_nskb; goto err_out_free_nskb;
} }
/* netlink_unicast will either free the nskb or attach it to a socket */ /* netlink_unicast will either free the nskb or attach it to a socket */
status = netlink_unicast(ipqnl, nskb, peer_pid, MSG_DONTWAIT); status = netlink_unicast(ipqnl, nskb, peer_pid, MSG_DONTWAIT);
if (status < 0) { if (status < 0) {
queue_user_dropped++; queue_user_dropped++;
goto err_out_unlock; goto err_out_unlock;
} }
@ -361,9 +361,9 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
struct sk_buff *newskb; struct sk_buff *newskb;
newskb = skb_copy_expand(e->skb, newskb = skb_copy_expand(e->skb,
skb_headroom(e->skb), skb_headroom(e->skb),
diff, diff,
GFP_ATOMIC); GFP_ATOMIC);
if (newskb == NULL) { if (newskb == NULL) {
printk(KERN_WARNING "ip_queue: OOM " printk(KERN_WARNING "ip_queue: OOM "
"in mangle, dropping packet\n"); "in mangle, dropping packet\n");
@ -426,7 +426,7 @@ ipq_set_mode(unsigned char mode, unsigned int range)
static int static int
ipq_receive_peer(struct ipq_peer_msg *pmsg, ipq_receive_peer(struct ipq_peer_msg *pmsg,
unsigned char type, unsigned int len) unsigned char type, unsigned int len)
{ {
int status = 0; int status = 0;
@ -436,7 +436,7 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg,
switch (type) { switch (type) {
case IPQM_MODE: case IPQM_MODE:
status = ipq_set_mode(pmsg->msg.mode.value, status = ipq_set_mode(pmsg->msg.mode.value,
pmsg->msg.mode.range); pmsg->msg.mode.range);
break; break;
case IPQM_VERDICT: case IPQM_VERDICT:
@ -444,7 +444,7 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg,
status = -EINVAL; status = -EINVAL;
else else
status = ipq_set_verdict(&pmsg->msg.verdict, status = ipq_set_verdict(&pmsg->msg.verdict,
len - sizeof(*pmsg)); len - sizeof(*pmsg));
break; break;
default: default:
status = -EINVAL; status = -EINVAL;
@ -468,7 +468,7 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex)
return 1; return 1;
if (entry->skb->nf_bridge->physoutdev && if (entry->skb->nf_bridge->physoutdev &&
entry->skb->nf_bridge->physoutdev->ifindex == ifindex) entry->skb->nf_bridge->physoutdev->ifindex == ifindex)
return 1; return 1;
} }
#endif #endif
return 0; return 0;
@ -534,13 +534,13 @@ ipq_rcv_skb(struct sk_buff *skb)
write_unlock_bh(&queue_lock); write_unlock_bh(&queue_lock);
status = ipq_receive_peer(NLMSG_DATA(nlh), type, status = ipq_receive_peer(NLMSG_DATA(nlh), type,
nlmsglen - NLMSG_LENGTH(0)); nlmsglen - NLMSG_LENGTH(0));
if (status < 0) if (status < 0)
RCV_SKB_FAIL(status); RCV_SKB_FAIL(status);
if (flags & NLM_F_ACK) if (flags & NLM_F_ACK)
netlink_ack(skb, nlh, 0); netlink_ack(skb, nlh, 0);
return; return;
} }
static void static void
@ -562,7 +562,7 @@ ipq_rcv_sk(struct sock *sk, int len)
static int static int
ipq_rcv_dev_event(struct notifier_block *this, ipq_rcv_dev_event(struct notifier_block *this,
unsigned long event, void *ptr) unsigned long event, void *ptr)
{ {
struct net_device *dev = ptr; struct net_device *dev = ptr;
@ -578,7 +578,7 @@ static struct notifier_block ipq_dev_notifier = {
static int static int
ipq_rcv_nl_event(struct notifier_block *this, ipq_rcv_nl_event(struct notifier_block *this,
unsigned long event, void *ptr) unsigned long event, void *ptr)
{ {
struct netlink_notify *n = ptr; struct netlink_notify *n = ptr;
@ -607,7 +607,7 @@ static ctl_table ipq_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = proc_dointvec .proc_handler = proc_dointvec
}, },
{ .ctl_name = 0 } { .ctl_name = 0 }
}; };
static ctl_table ipq_dir_table[] = { static ctl_table ipq_dir_table[] = {
@ -639,18 +639,18 @@ ipq_get_info(char *buffer, char **start, off_t offset, int length)
read_lock_bh(&queue_lock); read_lock_bh(&queue_lock);
len = sprintf(buffer, len = sprintf(buffer,
"Peer PID : %d\n" "Peer PID : %d\n"
"Copy mode : %hu\n" "Copy mode : %hu\n"
"Copy range : %u\n" "Copy range : %u\n"
"Queue length : %u\n" "Queue length : %u\n"
"Queue max. length : %u\n" "Queue max. length : %u\n"
"Queue dropped : %u\n" "Queue dropped : %u\n"
"Netlink dropped : %u\n", "Netlink dropped : %u\n",
peer_pid, peer_pid,
copy_mode, copy_mode,
copy_range, copy_range,
queue_total, queue_total,
queue_maxlen, queue_maxlen,
queue_dropped, queue_dropped,
queue_user_dropped); queue_user_dropped);

10
net/ipv4/netfilter/ip_tables.c
View file

@ -297,7 +297,7 @@ ipt_do_table(struct sk_buff **pskb,
e = get_entry(table_base, v); e = get_entry(table_base, v);
} else { } else {
/* Targets which reenter must return /* Targets which reenter must return
abs. verdicts */ abs. verdicts */
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
((struct ipt_entry *)table_base)->comefrom ((struct ipt_entry *)table_base)->comefrom
= 0xeeeeeeec; = 0xeeeeeeec;
@ -556,9 +556,9 @@ err:
static inline int check_target(struct ipt_entry *e, const char *name) static inline int check_target(struct ipt_entry *e, const char *name)
{ {
struct ipt_entry_target *t; struct ipt_entry_target *t;
struct xt_target *target; struct xt_target *target;
int ret; int ret;
t = ipt_get_target(e); t = ipt_get_target(e);
target = t->u.kernel.target; target = t->u.kernel.target;
@ -652,7 +652,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
} }
/* FIXME: underflows must be unconditional, standard verdicts /* FIXME: underflows must be unconditional, standard verdicts
< 0 (not IPT_RETURN). --RR */ < 0 (not IPT_RETURN). --RR */
/* Clear counters and comefrom */ /* Clear counters and comefrom */
e->counters = ((struct xt_counters) { 0, 0 }); e->counters = ((struct xt_counters) { 0, 0 });
@ -2057,7 +2057,7 @@ void ipt_unregister_table(struct xt_table *table)
struct xt_table_info *private; struct xt_table_info *private;
void *loc_cpu_entry; void *loc_cpu_entry;
private = xt_unregister_table(table); private = xt_unregister_table(table);
/* Decrease module usage counts and free resources */ /* Decrease module usage counts and free resources */
loc_cpu_entry = private->entries[raw_smp_processor_id()]; loc_cpu_entry = private->entries[raw_smp_processor_id()];

4
net/ipv4/netfilter/ipt_CLUSTERIP.c
View file

@ -376,8 +376,8 @@ static int
checkentry(const char *tablename, checkentry(const char *tablename,
const void *e_void, const void *e_void,
const struct xt_target *target, const struct xt_target *target,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct ipt_clusterip_tgt_info *cipinfo = targinfo; struct ipt_clusterip_tgt_info *cipinfo = targinfo;
const struct ipt_entry *e = e_void; const struct ipt_entry *e = e_void;

4
net/ipv4/netfilter/ipt_ECN.c
View file

@ -104,8 +104,8 @@ static int
checkentry(const char *tablename, checkentry(const char *tablename,
const void *e_void, const void *e_void,
const struct xt_target *target, const struct xt_target *target,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
const struct ipt_entry *e = e_void; const struct ipt_entry *e = e_void;

6
net/ipv4/netfilter/ipt_LOG.c
View file

@ -334,10 +334,10 @@ static void dump_packet(const struct nf_loginfo *info,
} }
/* Max length: 15 "UID=4294967295 " */ /* Max length: 15 "UID=4294967295 " */
if ((logflags & IPT_LOG_UID) && !iphoff && skb->sk) { if ((logflags & IPT_LOG_UID) && !iphoff && skb->sk) {
read_lock_bh(&skb->sk->sk_callback_lock); read_lock_bh(&skb->sk->sk_callback_lock);
if (skb->sk->sk_socket && skb->sk->sk_socket->file) if (skb->sk->sk_socket && skb->sk->sk_socket->file)
printk("UID=%u ", skb->sk->sk_socket->file->f_uid); printk("UID=%u ", skb->sk->sk_socket->file->f_uid);
read_unlock_bh(&skb->sk->sk_callback_lock); read_unlock_bh(&skb->sk->sk_callback_lock);
} }
@ -431,7 +431,7 @@ ipt_log_target(struct sk_buff **pskb,
li.u.log.logflags = loginfo->logflags; li.u.log.logflags = loginfo->logflags;
ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
loginfo->prefix); loginfo->prefix);
return XT_CONTINUE; return XT_CONTINUE;
} }

2
net/ipv4/netfilter/ipt_MASQUERADE.c
View file

@ -86,7 +86,7 @@ masquerade_target(struct sk_buff **pskb,
nat = nfct_nat(ct); nat = nfct_nat(ct);
#endif #endif
IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
|| ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
/* Source address is 0.0.0.0 - locally generated packet that is /* Source address is 0.0.0.0 - locally generated packet that is
* probably not supposed to be masqueraded. * probably not supposed to be masqueraded.

2
net/ipv4/netfilter/ipt_NETMAP.c
View file

@ -98,7 +98,7 @@ static struct xt_target target_module = {
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
(1 << NF_IP_LOCAL_OUT), (1 << NF_IP_LOCAL_OUT),
.checkentry = check, .checkentry = check,
.me = THIS_MODULE .me = THIS_MODULE
}; };
static int __init ipt_netmap_init(void) static int __init ipt_netmap_init(void)

44
net/ipv4/netfilter/ipt_REJECT.c
View file

@ -57,7 +57,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4, oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4,
sizeof(_otcph), &_otcph); sizeof(_otcph), &_otcph);
if (oth == NULL) if (oth == NULL)
return; return;
/* No RST for RST. */ /* No RST for RST. */
if (oth->rst) if (oth->rst)
@ -177,33 +177,33 @@ static unsigned int reject(struct sk_buff **pskb,
const struct ipt_reject_info *reject = targinfo; const struct ipt_reject_info *reject = targinfo;
/* Our naive response construction doesn't deal with IP /* Our naive response construction doesn't deal with IP
options, and probably shouldn't try. */ options, and probably shouldn't try. */
if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr)) if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr))
return NF_DROP; return NF_DROP;
/* WARNING: This code causes reentry within iptables. /* WARNING: This code causes reentry within iptables.
This means that the iptables jump stack is now crap. We This means that the iptables jump stack is now crap. We
must return an absolute verdict. --RR */ must return an absolute verdict. --RR */
switch (reject->with) { switch (reject->with) {
case IPT_ICMP_NET_UNREACHABLE: case IPT_ICMP_NET_UNREACHABLE:
send_unreach(*pskb, ICMP_NET_UNREACH); send_unreach(*pskb, ICMP_NET_UNREACH);
break; break;
case IPT_ICMP_HOST_UNREACHABLE: case IPT_ICMP_HOST_UNREACHABLE:
send_unreach(*pskb, ICMP_HOST_UNREACH); send_unreach(*pskb, ICMP_HOST_UNREACH);
break; break;
case IPT_ICMP_PROT_UNREACHABLE: case IPT_ICMP_PROT_UNREACHABLE:
send_unreach(*pskb, ICMP_PROT_UNREACH); send_unreach(*pskb, ICMP_PROT_UNREACH);
break; break;
case IPT_ICMP_PORT_UNREACHABLE: case IPT_ICMP_PORT_UNREACHABLE:
send_unreach(*pskb, ICMP_PORT_UNREACH); send_unreach(*pskb, ICMP_PORT_UNREACH);
break; break;
case IPT_ICMP_NET_PROHIBITED: case IPT_ICMP_NET_PROHIBITED:
send_unreach(*pskb, ICMP_NET_ANO); send_unreach(*pskb, ICMP_NET_ANO);
break; break;
case IPT_ICMP_HOST_PROHIBITED: case IPT_ICMP_HOST_PROHIBITED:
send_unreach(*pskb, ICMP_HOST_ANO); send_unreach(*pskb, ICMP_HOST_ANO);
break; break;
case IPT_ICMP_ADMIN_PROHIBITED: case IPT_ICMP_ADMIN_PROHIBITED:
send_unreach(*pskb, ICMP_PKT_FILTERED); send_unreach(*pskb, ICMP_PKT_FILTERED);
break; break;
case IPT_TCP_RESET: case IPT_TCP_RESET:
@ -222,7 +222,7 @@ static int check(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const struct ipt_reject_info *rejinfo = targinfo; const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void; const struct ipt_entry *e = e_void;
if (rejinfo->with == IPT_ICMP_ECHOREPLY) { if (rejinfo->with == IPT_ICMP_ECHOREPLY) {

4
net/ipv4/netfilter/ipt_TOS.c
View file

@ -47,8 +47,8 @@ static int
checkentry(const char *tablename, checkentry(const char *tablename,
const void *e_void, const void *e_void,
const struct xt_target *target, const struct xt_target *target,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos; const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;

4
net/ipv4/netfilter/ipt_ULOG.c
View file

@ -72,7 +72,7 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG);
#if 0 #if 0
#define DEBUGP(format, args...) printk("%s:%s:" format, \ #define DEBUGP(format, args...) printk("%s:%s:" format, \
__FILE__, __FUNCTION__ , ## args) __FILE__, __FUNCTION__ , ## args)
#else #else
#define DEBUGP(format, args...) #define DEBUGP(format, args...)
#endif #endif
@ -396,7 +396,7 @@ static int __init ipt_ulog_init(void)
} }
nflognl = netlink_kernel_create(NETLINK_NFLOG, ULOG_MAXNLGROUPS, NULL, nflognl = netlink_kernel_create(NETLINK_NFLOG, ULOG_MAXNLGROUPS, NULL,
THIS_MODULE); THIS_MODULE);
if (!nflognl) if (!nflognl)
return -ENOMEM; return -ENOMEM;

4
net/ipv4/netfilter/ipt_ah.c
View file

@ -29,8 +29,8 @@ static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
{ {
int r=0; int r=0;
duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max); min,spi,max);
r=(spi >= min && spi <= max) ^ invert; r=(spi >= min && spi <= max) ^ invert;
duprintf(" result %s\n",r? "PASS" : "FAILED"); duprintf(" result %s\n",r? "PASS" : "FAILED");
return r; return r;

4
net/ipv4/netfilter/ipt_iprange.c
View file

@ -41,7 +41,7 @@ match(const struct sk_buff *skb,
DEBUGP("src IP %u.%u.%u.%u NOT in range %s" DEBUGP("src IP %u.%u.%u.%u NOT in range %s"
"%u.%u.%u.%u-%u.%u.%u.%u\n", "%u.%u.%u.%u-%u.%u.%u.%u\n",
NIPQUAD(iph->saddr), NIPQUAD(iph->saddr),
info->flags & IPRANGE_SRC_INV ? "(INV) " : "", info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
NIPQUAD(info->src.min_ip), NIPQUAD(info->src.min_ip),
NIPQUAD(info->src.max_ip)); NIPQUAD(info->src.max_ip));
return 0; return 0;
@ -54,7 +54,7 @@ match(const struct sk_buff *skb,
DEBUGP("dst IP %u.%u.%u.%u NOT in range %s" DEBUGP("dst IP %u.%u.%u.%u NOT in range %s"
"%u.%u.%u.%u-%u.%u.%u.%u\n", "%u.%u.%u.%u-%u.%u.%u.%u\n",
NIPQUAD(iph->daddr), NIPQUAD(iph->daddr),
info->flags & IPRANGE_DST_INV ? "(INV) " : "", info->flags & IPRANGE_DST_INV ? "(INV) " : "",
NIPQUAD(info->dst.min_ip), NIPQUAD(info->dst.min_ip),
NIPQUAD(info->dst.max_ip)); NIPQUAD(info->dst.max_ip));
return 0; return 0;

6
net/ipv4/netfilter/ipt_owner.c
View file

@ -53,10 +53,10 @@ match(const struct sk_buff *skb,
static int static int
checkentry(const char *tablename, checkentry(const char *tablename,
const void *ip, const void *ip,
const struct xt_match *match, const struct xt_match *match,
void *matchinfo, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const struct ipt_owner_info *info = matchinfo; const struct ipt_owner_info *info = matchinfo;

4
net/ipv4/netfilter/iptable_mangle.c
View file

@ -58,7 +58,7 @@ static struct
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }, -NF_ACCEPT - 1 } },
/* LOCAL_IN */ /* LOCAL_IN */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0, 0,
sizeof(struct ipt_entry), sizeof(struct ipt_entry),
sizeof(struct ipt_standard), sizeof(struct ipt_standard),
@ -66,7 +66,7 @@ static struct
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }, -NF_ACCEPT - 1 } },
/* FORWARD */ /* FORWARD */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0, 0,
sizeof(struct ipt_entry), sizeof(struct ipt_entry),
sizeof(struct ipt_standard), sizeof(struct ipt_standard),

22
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
View file

@ -66,7 +66,7 @@ static int ipv4_print_tuple(struct seq_file *s,
const struct nf_conntrack_tuple *tuple) const struct nf_conntrack_tuple *tuple)
{ {
return seq_printf(s, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ", return seq_printf(s, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ",
NIPQUAD(tuple->src.u3.ip), NIPQUAD(tuple->src.u3.ip),
NIPQUAD(tuple->dst.u3.ip)); NIPQUAD(tuple->dst.u3.ip));
} }
@ -82,14 +82,14 @@ nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
{ {
skb_orphan(skb); skb_orphan(skb);
local_bh_disable(); local_bh_disable();
skb = ip_defrag(skb, user); skb = ip_defrag(skb, user);
local_bh_enable(); local_bh_enable();
if (skb) if (skb)
ip_send_check(skb->nh.iph); ip_send_check(skb->nh.iph);
return skb; return skb;
} }
static int static int
@ -192,10 +192,10 @@ static unsigned int ipv4_conntrack_in(unsigned int hooknum,
} }
static unsigned int ipv4_conntrack_local(unsigned int hooknum, static unsigned int ipv4_conntrack_local(unsigned int hooknum,
struct sk_buff **pskb, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if ((*pskb)->len < sizeof(struct iphdr) if ((*pskb)->len < sizeof(struct iphdr)
@ -501,7 +501,7 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
return ret; return ret;
#if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) #if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
cleanup_hooks: cleanup_hooks:
nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
#endif #endif
cleanup_ipv4: cleanup_ipv4:
nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);

8
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
View file

@ -135,7 +135,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
l3proto, l4proto)) l3proto, l4proto))
return -ENOSPC; return -ENOSPC;
if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL])) if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL]))
return -ENOSPC; return -ENOSPC;
if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status))) if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status)))
@ -146,7 +146,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
l3proto, l4proto)) l3proto, l4proto))
return -ENOSPC; return -ENOSPC;
if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY])) if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY]))
return -ENOSPC; return -ENOSPC;
if (test_bit(IPS_ASSURED_BIT, &ct->status)) if (test_bit(IPS_ASSURED_BIT, &ct->status))
@ -228,7 +228,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos)
static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos) static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos)
{ {
struct list_head *e = v; struct list_head *e = v;
++*pos; ++*pos;
e = e->next; e = e->next;
@ -262,7 +262,7 @@ static int exp_seq_show(struct seq_file *s, void *v)
print_tuple(s, &exp->tuple, print_tuple(s, &exp->tuple,
__nf_ct_l3proto_find(exp->tuple.src.l3num), __nf_ct_l3proto_find(exp->tuple.src.l3num),
__nf_ct_l4proto_find(exp->tuple.src.l3num, __nf_ct_l4proto_find(exp->tuple.src.l3num,
exp->tuple.dst.protonum)); exp->tuple.dst.protonum));
return seq_putc(s, '\n'); return seq_putc(s, '\n');
} }

28
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
View file

@ -101,9 +101,9 @@ static int icmp_packet(struct nf_conn *ct,
unsigned int hooknum) unsigned int hooknum)
{ {
/* Try to delete connection immediately after all replies: /* Try to delete connection immediately after all replies:
won't actually vanish as we still have skb, and del_timer won't actually vanish as we still have skb, and del_timer
means this will only run once even if count hits zero twice means this will only run once even if count hits zero twice
(theoretically possible with SMP) */ (theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count) if (atomic_dec_and_test(&ct->proto.icmp.count)
&& del_timer(&ct->timeout)) && del_timer(&ct->timeout))
@ -144,8 +144,8 @@ extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4;
/* Returns conntrack if it dealt with ICMP, and filled in skb fields */ /* Returns conntrack if it dealt with ICMP, and filled in skb fields */
static int static int
icmp_error_message(struct sk_buff *skb, icmp_error_message(struct sk_buff *skb,
enum ip_conntrack_info *ctinfo, enum ip_conntrack_info *ctinfo,
unsigned int hooknum) unsigned int hooknum)
{ {
struct nf_conntrack_tuple innertuple, origtuple; struct nf_conntrack_tuple innertuple, origtuple;
struct { struct {
@ -181,9 +181,9 @@ icmp_error_message(struct sk_buff *skb,
return -NF_ACCEPT; return -NF_ACCEPT;
} }
/* Ordinarily, we'd expect the inverted tupleproto, but it's /* Ordinarily, we'd expect the inverted tupleproto, but it's
been preserved inside the ICMP. */ been preserved inside the ICMP. */
if (!nf_ct_invert_tuple(&innertuple, &origtuple, if (!nf_ct_invert_tuple(&innertuple, &origtuple,
&nf_conntrack_l3proto_ipv4, innerproto)) { &nf_conntrack_l3proto_ipv4, innerproto)) {
DEBUGP("icmp_error_message: no match\n"); DEBUGP("icmp_error_message: no match\n");
return -NF_ACCEPT; return -NF_ACCEPT;
@ -212,10 +212,10 @@ icmp_error_message(struct sk_buff *skb,
*ctinfo += IP_CT_IS_REPLY; *ctinfo += IP_CT_IS_REPLY;
} }
/* Update skb to refer to this connection */ /* Update skb to refer to this connection */
skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general; skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
skb->nfctinfo = *ctinfo; skb->nfctinfo = *ctinfo;
return -NF_ACCEPT; return -NF_ACCEPT;
} }
/* Small and modified version of icmp_rcv */ /* Small and modified version of icmp_rcv */
@ -332,7 +332,7 @@ static struct ctl_table icmp_sysctl_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec_jiffies, .proc_handler = &proc_dointvec_jiffies,
}, },
{ {
.ctl_name = 0 .ctl_name = 0
} }
}; };
@ -346,7 +346,7 @@ static struct ctl_table icmp_compat_sysctl_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec_jiffies, .proc_handler = &proc_dointvec_jiffies,
}, },
{ {
.ctl_name = 0 .ctl_name = 0
} }
}; };

16
net/ipv4/netfilter/nf_nat_core.c
View file

@ -452,8 +452,8 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
(*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
/* Redirects on non-null nats must be dropped, else they'll /* Redirects on non-null nats must be dropped, else they'll
start talking to each other without our translation, and be start talking to each other without our translation, and be
confused... --RR */ confused... --RR */
if (inside->icmp.type == ICMP_REDIRECT) { if (inside->icmp.type == ICMP_REDIRECT) {
/* If NAT isn't finished, assume it and drop. */ /* If NAT isn't finished, assume it and drop. */
if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK) if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK)
@ -469,13 +469,13 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
if (!nf_ct_get_tuple(*pskb, if (!nf_ct_get_tuple(*pskb,
(*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr), (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr),
(*pskb)->nh.iph->ihl*4 + (*pskb)->nh.iph->ihl*4 +
sizeof(struct icmphdr) + inside->ip.ihl*4, sizeof(struct icmphdr) + inside->ip.ihl*4,
(u_int16_t)AF_INET, (u_int16_t)AF_INET,
inside->ip.protocol, inside->ip.protocol,
&inner, &inner,
l3proto, l3proto,
__nf_ct_l4proto_find((u_int16_t)PF_INET, __nf_ct_l4proto_find((u_int16_t)PF_INET,
inside->ip.protocol))) inside->ip.protocol)))
return 0; return 0;
/* Change inner back to look like incoming packet. We do the /* Change inner back to look like incoming packet. We do the

2
net/ipv4/netfilter/nf_nat_h323.c
View file

@ -256,7 +256,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
if (set_h245_addr(pskb, data, dataoff, taddr, if (set_h245_addr(pskb, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
htons((port & htons(1)) ? nated_port + 1 : htons((port & htons(1)) ? nated_port + 1 :
nated_port)) == 0) { nated_port)) == 0) {
/* Save ports */ /* Save ports */
info->rtp_port[i][dir] = rtp_port; info->rtp_port[i][dir] = rtp_port;
info->rtp_port[i][!dir] = htons(nated_port); info->rtp_port[i][!dir] = htons(nated_port);

10
net/ipv4/netfilter/nf_nat_helper.c
View file

@ -179,7 +179,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
tcph->check = tcp_v4_check(datalen, tcph->check = tcp_v4_check(datalen,
iph->saddr, iph->daddr, iph->saddr, iph->daddr,
csum_partial((char *)tcph, csum_partial((char *)tcph,
datalen, 0)); datalen, 0));
} else } else
nf_proto_csum_replace2(&tcph->check, *pskb, nf_proto_csum_replace2(&tcph->check, *pskb,
htons(oldlen), htons(datalen), 1); htons(oldlen), htons(datalen), 1);
@ -223,7 +223,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
/* UDP helpers might accidentally mangle the wrong packet */ /* UDP helpers might accidentally mangle the wrong packet */
iph = (*pskb)->nh.iph; iph = (*pskb)->nh.iph;
if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
match_offset + match_len) match_offset + match_len)
return 0; return 0;
if (!skb_make_writable(pskb, (*pskb)->len)) if (!skb_make_writable(pskb, (*pskb)->len))
@ -252,9 +252,9 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
udph->check = 0; udph->check = 0;
udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
datalen, IPPROTO_UDP, datalen, IPPROTO_UDP,
csum_partial((char *)udph, csum_partial((char *)udph,
datalen, 0)); datalen, 0));
if (!udph->check) if (!udph->check)
udph->check = CSUM_MANGLED_0; udph->check = CSUM_MANGLED_0;
} else } else

10
net/ipv4/netfilter/nf_nat_pptp.c
View file

@ -184,10 +184,10 @@ pptp_outbound_pkt(struct sk_buff **pskb,
/* mangle packet */ /* mangle packet */
if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
cid_off + sizeof(struct pptp_pkt_hdr) + cid_off + sizeof(struct pptp_pkt_hdr) +
sizeof(struct PptpControlHeader), sizeof(struct PptpControlHeader),
sizeof(new_callid), (char *)&new_callid, sizeof(new_callid), (char *)&new_callid,
sizeof(new_callid)) == 0) sizeof(new_callid)) == 0)
return NF_DROP; return NF_DROP;
return NF_ACCEPT; return NF_ACCEPT;
} }
@ -276,7 +276,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
pcid_off + sizeof(struct pptp_pkt_hdr) + pcid_off + sizeof(struct pptp_pkt_hdr) +
sizeof(struct PptpControlHeader), sizeof(struct PptpControlHeader),
sizeof(new_pcid), (char *)&new_pcid, sizeof(new_pcid), (char *)&new_pcid,
sizeof(new_pcid)) == 0) sizeof(new_pcid)) == 0)

2
net/ipv4/netfilter/nf_nat_proto_icmp.c
View file

@ -44,7 +44,7 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
for (i = 0; i < range_size; i++, id++) { for (i = 0; i < range_size; i++, id++) {
tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) + tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) +
(id % range_size)); (id % range_size));
if (!nf_nat_used_tuple(tuple, ct)) if (!nf_nat_used_tuple(tuple, ct))
return 1; return 1;
} }

18
net/ipv4/netfilter/nf_nat_rule.c
View file

@ -56,8 +56,8 @@ static struct
/* PRE_ROUTING */ /* PRE_ROUTING */
{ {
.entry = { .entry = {
.target_offset = sizeof(struct ipt_entry), .target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard), .next_offset = sizeof(struct ipt_standard),
}, },
.target = { .target = {
.target = { .target = {
@ -71,8 +71,8 @@ static struct
/* POST_ROUTING */ /* POST_ROUTING */
{ {
.entry = { .entry = {
.target_offset = sizeof(struct ipt_entry), .target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard), .next_offset = sizeof(struct ipt_standard),
}, },
.target = { .target = {
.target = { .target = {
@ -86,8 +86,8 @@ static struct
/* LOCAL_OUT */ /* LOCAL_OUT */
{ {
.entry = { .entry = {
.target_offset = sizeof(struct ipt_entry), .target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard), .next_offset = sizeof(struct ipt_standard),
}, },
.target = { .target = {
.target = { .target = {
@ -145,7 +145,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
/* Connection must be valid and new. */ /* Connection must be valid and new. */
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
NF_CT_ASSERT(out); NF_CT_ASSERT(out);
return nf_nat_setup_info(ct, &mr->range[0], hooknum); return nf_nat_setup_info(ct, &mr->range[0], hooknum);
@ -256,8 +256,8 @@ alloc_null_binding(struct nf_conn *ct,
unsigned int unsigned int
alloc_null_binding_confirmed(struct nf_conn *ct, alloc_null_binding_confirmed(struct nf_conn *ct,
struct nf_nat_info *info, struct nf_nat_info *info,
unsigned int hooknum) unsigned int hooknum)
{ {
__be32 ip __be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC

14
net/ipv4/netfilter/nf_nat_sip.c
View file

@ -90,7 +90,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
return 1; return 1;
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
matchoff, matchlen, addr, addrlen)) matchoff, matchlen, addr, addrlen))
return 0; return 0;
*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
return 1; return 1;
@ -151,7 +151,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
return 0; return 0;
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
matchoff, matchlen, buffer, bufflen)) matchoff, matchlen, buffer, bufflen))
return 0; return 0;
/* We need to reload this. Thanks Patrick. */ /* We need to reload this. Thanks Patrick. */
@ -172,7 +172,7 @@ static int mangle_content_len(struct sk_buff **pskb,
/* Get actual SDP lenght */ /* Get actual SDP lenght */
if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
&matchlen, POS_SDP_HEADER) > 0) { &matchlen, POS_SDP_HEADER) > 0) {
/* since ct_sip_get_info() give us a pointer passing 'v=' /* since ct_sip_get_info() give us a pointer passing 'v='
we need to add 2 bytes in this count. */ we need to add 2 bytes in this count. */
@ -180,7 +180,7 @@ static int mangle_content_len(struct sk_buff **pskb,
/* Now, update SDP length */ /* Now, update SDP length */
if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
&matchlen, POS_CONTENT) > 0) { &matchlen, POS_CONTENT) > 0) {
bufflen = sprintf(buffer, "%u", c_len); bufflen = sprintf(buffer, "%u", c_len);
return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, return nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
@ -205,17 +205,17 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
/* Mangle owner and contact info. */ /* Mangle owner and contact info. */
bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
buffer, bufflen, POS_OWNER_IP4)) buffer, bufflen, POS_OWNER_IP4))
return 0; return 0;
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
buffer, bufflen, POS_CONNECTION_IP4)) buffer, bufflen, POS_CONNECTION_IP4))
return 0; return 0;
/* Mangle media port. */ /* Mangle media port. */
bufflen = sprintf(buffer, "%u", port); bufflen = sprintf(buffer, "%u", port);
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
buffer, bufflen, POS_MEDIA)) buffer, bufflen, POS_MEDIA))
return 0; return 0;
return mangle_content_len(pskb, ctinfo, ct, dptr); return mangle_content_len(pskb, ctinfo, ct, dptr);

98
net/ipv4/netfilter/nf_nat_snmp_basic.c
View file

@ -150,8 +150,8 @@ struct asn1_octstr
}; };
static void asn1_open(struct asn1_ctx *ctx, static void asn1_open(struct asn1_ctx *ctx,
unsigned char *buf, unsigned char *buf,
unsigned int len) unsigned int len)
{ {
ctx->begin = buf; ctx->begin = buf;
ctx->end = buf + len; ctx->end = buf + len;
@ -186,9 +186,9 @@ static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
} }
static unsigned char asn1_id_decode(struct asn1_ctx *ctx, static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
unsigned int *cls, unsigned int *cls,
unsigned int *con, unsigned int *con,
unsigned int *tag) unsigned int *tag)
{ {
unsigned char ch; unsigned char ch;
@ -207,8 +207,8 @@ static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_length_decode(struct asn1_ctx *ctx, static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
unsigned int *def, unsigned int *def,
unsigned int *len) unsigned int *len)
{ {
unsigned char ch, cnt; unsigned char ch, cnt;
@ -239,10 +239,10 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_header_decode(struct asn1_ctx *ctx, static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
unsigned char **eoc, unsigned char **eoc,
unsigned int *cls, unsigned int *cls,
unsigned int *con, unsigned int *con,
unsigned int *tag) unsigned int *tag)
{ {
unsigned int def, len; unsigned int def, len;
@ -297,8 +297,8 @@ static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc)
} }
static unsigned char asn1_long_decode(struct asn1_ctx *ctx, static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
long *integer) long *integer)
{ {
unsigned char ch; unsigned char ch;
unsigned int len; unsigned int len;
@ -325,8 +325,8 @@ static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned int *integer) unsigned int *integer)
{ {
unsigned char ch; unsigned char ch;
unsigned int len; unsigned int len;
@ -354,8 +354,8 @@ static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned long *integer) unsigned long *integer)
{ {
unsigned char ch; unsigned char ch;
unsigned int len; unsigned int len;
@ -383,9 +383,9 @@ static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned char **octets, unsigned char **octets,
unsigned int *len) unsigned int *len)
{ {
unsigned char *ptr; unsigned char *ptr;
@ -411,7 +411,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
unsigned long *subid) unsigned long *subid)
{ {
unsigned char ch; unsigned char ch;
@ -428,9 +428,9 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
} }
static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
unsigned char *eoc, unsigned char *eoc,
unsigned long **oid, unsigned long **oid,
unsigned int *len) unsigned int *len)
{ {
unsigned long subid; unsigned long subid;
unsigned int size; unsigned int size;
@ -611,9 +611,9 @@ struct snmp_v1_trap
#define SERR_EOM 2 #define SERR_EOM 2
static inline void mangle_address(unsigned char *begin, static inline void mangle_address(unsigned char *begin,
unsigned char *addr, unsigned char *addr,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check); __sum16 *check);
struct snmp_cnv struct snmp_cnv
{ {
unsigned int class; unsigned int class;
@ -644,8 +644,8 @@ static struct snmp_cnv snmp_conv [] =
}; };
static unsigned char snmp_tag_cls2syntax(unsigned int tag, static unsigned char snmp_tag_cls2syntax(unsigned int tag,
unsigned int cls, unsigned int cls,
unsigned short *syntax) unsigned short *syntax)
{ {
struct snmp_cnv *cnv; struct snmp_cnv *cnv;
@ -662,7 +662,7 @@ static unsigned char snmp_tag_cls2syntax(unsigned int tag,
} }
static unsigned char snmp_object_decode(struct asn1_ctx *ctx, static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
struct snmp_object **obj) struct snmp_object **obj)
{ {
unsigned int cls, con, tag, len, idlen; unsigned int cls, con, tag, len, idlen;
unsigned short type; unsigned short type;
@ -714,7 +714,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
return 0; return 0;
} }
*obj = kmalloc(sizeof(struct snmp_object) + len, *obj = kmalloc(sizeof(struct snmp_object) + len,
GFP_ATOMIC); GFP_ATOMIC);
if (*obj == NULL) { if (*obj == NULL) {
kfree(id); kfree(id);
if (net_ratelimit()) if (net_ratelimit())
@ -730,7 +730,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
return 0; return 0;
} }
*obj = kmalloc(sizeof(struct snmp_object) + len, *obj = kmalloc(sizeof(struct snmp_object) + len,
GFP_ATOMIC); GFP_ATOMIC);
if (*obj == NULL) { if (*obj == NULL) {
kfree(id); kfree(id);
if (net_ratelimit()) if (net_ratelimit())
@ -834,7 +834,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
} }
static unsigned char snmp_request_decode(struct asn1_ctx *ctx, static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
struct snmp_request *request) struct snmp_request *request)
{ {
unsigned int cls, con, tag; unsigned int cls, con, tag;
unsigned char *end; unsigned char *end;
@ -874,9 +874,9 @@ static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
* code example in the draft. * code example in the draft.
*/ */
static void fast_csum(__sum16 *csum, static void fast_csum(__sum16 *csum,
const unsigned char *optr, const unsigned char *optr,
const unsigned char *nptr, const unsigned char *nptr,
int offset) int offset)
{ {
unsigned char s[4]; unsigned char s[4];
@ -899,9 +899,9 @@ static void fast_csum(__sum16 *csum,
* - addr points to the start of the address * - addr points to the start of the address
*/ */
static inline void mangle_address(unsigned char *begin, static inline void mangle_address(unsigned char *begin,
unsigned char *addr, unsigned char *addr,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check) __sum16 *check)
{ {
if (map->from == NOCT1(addr)) { if (map->from == NOCT1(addr)) {
u_int32_t old; u_int32_t old;
@ -914,7 +914,7 @@ static inline void mangle_address(unsigned char *begin,
/* Update UDP checksum if being used */ /* Update UDP checksum if being used */
if (*check) { if (*check) {
fast_csum(check, fast_csum(check,
&map->from, &map->to, addr - begin); &map->from, &map->to, addr - begin);
} }
@ -925,9 +925,9 @@ static inline void mangle_address(unsigned char *begin,
} }
static unsigned char snmp_trap_decode(struct asn1_ctx *ctx, static unsigned char snmp_trap_decode(struct asn1_ctx *ctx,
struct snmp_v1_trap *trap, struct snmp_v1_trap *trap,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check) __sum16 *check)
{ {
unsigned int cls, con, tag, len; unsigned int cls, con, tag, len;
unsigned char *end; unsigned char *end;
@ -1019,9 +1019,9 @@ static void hex_dump(unsigned char *buf, size_t len)
* (And this is the fucking 'basic' method). * (And this is the fucking 'basic' method).
*/ */
static int snmp_parse_mangle(unsigned char *msg, static int snmp_parse_mangle(unsigned char *msg,
u_int16_t len, u_int16_t len,
const struct oct1_map *map, const struct oct1_map *map,
__sum16 *check) __sum16 *check)
{ {
unsigned char *eoc, *end; unsigned char *eoc, *end;
unsigned int cls, con, tag, vers, pdutype; unsigned int cls, con, tag, vers, pdutype;
@ -1191,8 +1191,8 @@ static int snmp_parse_mangle(unsigned char *msg,
* SNMP translation routine. * SNMP translation routine.
*/ */
static int snmp_translate(struct nf_conn *ct, static int snmp_translate(struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
struct sk_buff **pskb) struct sk_buff **pskb)
{ {
struct iphdr *iph = (*pskb)->nh.iph; struct iphdr *iph = (*pskb)->nh.iph;
struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
@ -1219,7 +1219,7 @@ static int snmp_translate(struct nf_conn *ct,
return NF_ACCEPT; return NF_ACCEPT;
if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr), if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr),
paylen, &map, &udph->check)) { paylen, &map, &udph->check)) {
if (net_ratelimit()) if (net_ratelimit())
printk(KERN_WARNING "bsalg: parser failed\n"); printk(KERN_WARNING "bsalg: parser failed\n");
return NF_DROP; return NF_DROP;

20
net/ipv4/netfilter/nf_nat_standalone.c
View file

@ -96,8 +96,8 @@ nf_nat_fn(unsigned int hooknum,
protocol. 8) --RR */ protocol. 8) --RR */
if (!ct) { if (!ct) {
/* Exception: ICMP redirect to new connection (not in /* Exception: ICMP redirect to new connection (not in
hash table yet). We must not let this through, in hash table yet). We must not let this through, in
case we're doing NAT to the same network. */ case we're doing NAT to the same network. */
if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
struct icmphdr _hdr, *hp; struct icmphdr _hdr, *hp;
@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum,
if (unlikely(nf_ct_is_confirmed(ct))) if (unlikely(nf_ct_is_confirmed(ct)))
/* NAT module was loaded late */ /* NAT module was loaded late */
ret = alloc_null_binding_confirmed(ct, info, ret = alloc_null_binding_confirmed(ct, info,
hooknum); hooknum);
else if (hooknum == NF_IP_LOCAL_IN) else if (hooknum == NF_IP_LOCAL_IN)
/* LOCAL_IN hook doesn't have a chain! */ /* LOCAL_IN hook doesn't have a chain! */
ret = alloc_null_binding(ct, info, hooknum); ret = alloc_null_binding(ct, info, hooknum);
@ -171,10 +171,10 @@ nf_nat_fn(unsigned int hooknum,
static unsigned int static unsigned int
nf_nat_in(unsigned int hooknum, nf_nat_in(unsigned int hooknum,
struct sk_buff **pskb, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
unsigned int ret; unsigned int ret;
__be32 daddr = (*pskb)->nh.iph->daddr; __be32 daddr = (*pskb)->nh.iph->daddr;
@ -269,9 +269,9 @@ nf_nat_adjust(unsigned int hooknum,
ct = nf_ct_get(*pskb, &ctinfo); ct = nf_ct_get(*pskb, &ctinfo);
if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
DEBUGP("nf_nat_standalone: adjusting sequence number\n"); DEBUGP("nf_nat_standalone: adjusting sequence number\n");
if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) if (!nf_nat_seq_adjust(pskb, ct, ctinfo))
return NF_DROP; return NF_DROP;
} }
return NF_ACCEPT; return NF_ACCEPT;
} }

6
net/ipv4/raw.c
View file

@ -95,7 +95,7 @@ static void raw_v4_hash(struct sock *sk)
static void raw_v4_unhash(struct sock *sk) static void raw_v4_unhash(struct sock *sk)
{ {
write_lock_bh(&raw_v4_lock); write_lock_bh(&raw_v4_lock);
if (sk_del_node_init(sk)) if (sk_del_node_init(sk))
sock_prot_dec_use(sk->sk_prot); sock_prot_dec_use(sk->sk_prot);
write_unlock_bh(&raw_v4_lock); write_unlock_bh(&raw_v4_lock);
@ -480,7 +480,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
.saddr = saddr, .saddr = saddr,
.tos = tos } }, .tos = tos } },
.proto = inet->hdrincl ? IPPROTO_RAW : .proto = inet->hdrincl ? IPPROTO_RAW :
sk->sk_protocol, sk->sk_protocol,
}; };
if (!inet->hdrincl) { if (!inet->hdrincl) {
err = raw_probe_proto_opt(&fl, msg); err = raw_probe_proto_opt(&fl, msg);
@ -538,7 +538,7 @@ do_confirm:
static void raw_close(struct sock *sk, long timeout) static void raw_close(struct sock *sk, long timeout)
{ {
/* /*
* Raw sockets may have direct kernel refereneces. Kill them. * Raw sockets may have direct kernel refereneces. Kill them.
*/ */
ip_ra_control(sk, 0, NULL); ip_ra_control(sk, 0, NULL);

24
net/ipv4/route.c
View file

@ -361,8 +361,8 @@ static int rt_cache_seq_show(struct seq_file *seq, void *v)
dev_queue_xmit) : 0, dev_queue_xmit) : 0,
r->rt_spec_dst); r->rt_spec_dst);
seq_printf(seq, "%-127s\n", temp); seq_printf(seq, "%-127s\n", temp);
} }
return 0; return 0;
} }
static struct seq_operations rt_cache_seq_ops = { static struct seq_operations rt_cache_seq_ops = {
@ -672,8 +672,8 @@ static void rt_check_expire(unsigned long dummy)
rt_free(rth); rt_free(rth);
} }
#else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */ #else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
*rthp = rth->u.rt_next; *rthp = rth->u.rt_next;
rt_free(rth); rt_free(rth);
#endif /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */ #endif /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
} }
spin_unlock(rt_hash_lock_addr(i)); spin_unlock(rt_hash_lock_addr(i));
@ -1190,7 +1190,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
/* Copy all the information. */ /* Copy all the information. */
*rt = *rth; *rt = *rth;
INIT_RCU_HEAD(&rt->u.dst.rcu_head); INIT_RCU_HEAD(&rt->u.dst.rcu_head);
rt->u.dst.__use = 1; rt->u.dst.__use = 1;
atomic_set(&rt->u.dst.__refcnt, 1); atomic_set(&rt->u.dst.__refcnt, 1);
rt->u.dst.child = NULL; rt->u.dst.child = NULL;
@ -1229,7 +1229,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
netevent.old = &rth->u.dst; netevent.old = &rth->u.dst;
netevent.new = &rt->u.dst; netevent.new = &rt->u.dst;
call_netevent_notifiers(NETEVENT_REDIRECT, call_netevent_notifiers(NETEVENT_REDIRECT,
&netevent); &netevent);
rt_del(hash, rth); rt_del(hash, rth);
if (!rt_intern_hash(hash, rt, &rt)) if (!rt_intern_hash(hash, rt, &rt))
@ -1343,7 +1343,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
#endif #endif
} }
out: out:
in_dev_put(in_dev); in_dev_put(in_dev);
} }
static int ip_error(struct sk_buff *skb) static int ip_error(struct sk_buff *skb)
@ -1600,7 +1600,7 @@ static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
#endif #endif
set_class_tag(rt, itag); set_class_tag(rt, itag);
#endif #endif
rt->rt_type = res->type; rt->rt_type = res->type;
} }
static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
@ -2071,8 +2071,8 @@ martian_destination:
#endif #endif
e_hostunreach: e_hostunreach:
err = -EHOSTUNREACH; err = -EHOSTUNREACH;
goto done; goto done;
e_inval: e_inval:
err = -EINVAL; err = -EINVAL;
@ -2886,7 +2886,7 @@ static int ipv4_sysctl_rtcache_flush_strategy(ctl_table *table,
} }
ctl_table ipv4_route_table[] = { ctl_table ipv4_route_table[] = {
{ {
.ctl_name = NET_IPV4_ROUTE_FLUSH, .ctl_name = NET_IPV4_ROUTE_FLUSH,
.procname = "flush", .procname = "flush",
.data = &flush_delay, .data = &flush_delay,
@ -3181,7 +3181,7 @@ int __init ip_rt_init(void)
struct proc_dir_entry *rtstat_pde = NULL; /* keep gcc happy */ struct proc_dir_entry *rtstat_pde = NULL; /* keep gcc happy */
if (!proc_net_fops_create("rt_cache", S_IRUGO, &rt_cache_seq_fops) || if (!proc_net_fops_create("rt_cache", S_IRUGO, &rt_cache_seq_fops) ||
!(rtstat_pde = create_proc_entry("rt_cache", S_IRUGO, !(rtstat_pde = create_proc_entry("rt_cache", S_IRUGO,
proc_net_stat))) { proc_net_stat))) {
return -ENOMEM; return -ENOMEM;
} }
rtstat_pde->proc_fops = &rt_cpu_seq_fops; rtstat_pde->proc_fops = &rt_cpu_seq_fops;

8
net/ipv4/syncookies.c
View file

@ -57,7 +57,7 @@ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport,
/* /*
* Compute the secure sequence number. * Compute the secure sequence number.
* The output should be: * The output should be:
* HASH(sec1,saddr,sport,daddr,dport,sec1) + sseq + (count * 2^24) * HASH(sec1,saddr,sport,daddr,dport,sec1) + sseq + (count * 2^24)
* + (HASH(sec2,saddr,sport,daddr,dport,count,sec2) % 2^24). * + (HASH(sec2,saddr,sport,daddr,dport,count,sec2) % 2^24).
* Where sseq is their sequence number and count increases every * Where sseq is their sequence number and count increases every
* minute by 1. * minute by 1.
@ -201,9 +201,9 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
if (!sysctl_tcp_syncookies || !skb->h.th->ack) if (!sysctl_tcp_syncookies || !skb->h.th->ack)
goto out; goto out;
if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) ||
(mss = cookie_check(skb, cookie)) == 0) { (mss = cookie_check(skb, cookie)) == 0) {
NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED); NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED);
goto out; goto out;
} }
@ -223,7 +223,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
treq->rcv_isn = ntohl(skb->h.th->seq) - 1; treq->rcv_isn = ntohl(skb->h.th->seq) - 1;
treq->snt_isn = cookie; treq->snt_isn = cookie;
req->mss = mss; req->mss = mss;
ireq->rmt_port = skb->h.th->source; ireq->rmt_port = skb->h.th->source;
ireq->loc_addr = skb->nh.iph->daddr; ireq->loc_addr = skb->nh.iph->daddr;
ireq->rmt_addr = skb->nh.iph->saddr; ireq->rmt_addr = skb->nh.iph->saddr;
ireq->opt = NULL; ireq->opt = NULL;

18
net/ipv4/sysctl_net_ipv4.c
View file

@ -187,7 +187,7 @@ static int strategy_allowed_congestion_control(ctl_table *table, int __user *nam
} }
ctl_table ipv4_table[] = { ctl_table ipv4_table[] = {
{ {
.ctl_name = NET_IPV4_TCP_TIMESTAMPS, .ctl_name = NET_IPV4_TCP_TIMESTAMPS,
.procname = "tcp_timestamps", .procname = "tcp_timestamps",
.data = &sysctl_tcp_timestamps, .data = &sysctl_tcp_timestamps,
@ -195,7 +195,7 @@ ctl_table ipv4_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
}, },
{ {
.ctl_name = NET_IPV4_TCP_WINDOW_SCALING, .ctl_name = NET_IPV4_TCP_WINDOW_SCALING,
.procname = "tcp_window_scaling", .procname = "tcp_window_scaling",
.data = &sysctl_tcp_window_scaling, .data = &sysctl_tcp_window_scaling,
@ -203,7 +203,7 @@ ctl_table ipv4_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
}, },
{ {
.ctl_name = NET_IPV4_TCP_SACK, .ctl_name = NET_IPV4_TCP_SACK,
.procname = "tcp_sack", .procname = "tcp_sack",
.data = &sysctl_tcp_sack, .data = &sysctl_tcp_sack,
@ -211,7 +211,7 @@ ctl_table ipv4_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
}, },
{ {
.ctl_name = NET_IPV4_TCP_RETRANS_COLLAPSE, .ctl_name = NET_IPV4_TCP_RETRANS_COLLAPSE,
.procname = "tcp_retrans_collapse", .procname = "tcp_retrans_collapse",
.data = &sysctl_tcp_retrans_collapse, .data = &sysctl_tcp_retrans_collapse,
@ -219,7 +219,7 @@ ctl_table ipv4_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
}, },
{ {
.ctl_name = NET_IPV4_FORWARD, .ctl_name = NET_IPV4_FORWARD,
.procname = "ip_forward", .procname = "ip_forward",
.data = &ipv4_devconf.forwarding, .data = &ipv4_devconf.forwarding,
@ -228,16 +228,16 @@ ctl_table ipv4_table[] = {
.proc_handler = &ipv4_sysctl_forward, .proc_handler = &ipv4_sysctl_forward,
.strategy = &ipv4_sysctl_forward_strategy .strategy = &ipv4_sysctl_forward_strategy
}, },
{ {
.ctl_name = NET_IPV4_DEFAULT_TTL, .ctl_name = NET_IPV4_DEFAULT_TTL,
.procname = "ip_default_ttl", .procname = "ip_default_ttl",
.data = &sysctl_ip_default_ttl, .data = &sysctl_ip_default_ttl,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &ipv4_doint_and_flush, .proc_handler = &ipv4_doint_and_flush,
.strategy = &ipv4_doint_and_flush_strategy, .strategy = &ipv4_doint_and_flush_strategy,
}, },
{ {
.ctl_name = NET_IPV4_NO_PMTU_DISC, .ctl_name = NET_IPV4_NO_PMTU_DISC,
.procname = "ip_no_pmtu_disc", .procname = "ip_no_pmtu_disc",
.data = &ipv4_config.no_pmtu_disc, .data = &ipv4_config.no_pmtu_disc,
@ -728,7 +728,7 @@ ctl_table ipv4_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec, .proc_handler = &proc_dointvec,
}, },
{ {
.ctl_name = NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS, .ctl_name = NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS,
.procname = "tcp_workaround_signed_windows", .procname = "tcp_workaround_signed_windows",
.data = &sysctl_tcp_workaround_signed_windows, .data = &sysctl_tcp_workaround_signed_windows,

6
net/ipv4/tcp.c
View file

@ -1439,12 +1439,12 @@ skip_copy:
dma_async_memcpy_issue_pending(tp->ucopy.dma_chan); dma_async_memcpy_issue_pending(tp->ucopy.dma_chan);
while (dma_async_memcpy_complete(tp->ucopy.dma_chan, while (dma_async_memcpy_complete(tp->ucopy.dma_chan,
tp->ucopy.dma_cookie, &done, tp->ucopy.dma_cookie, &done,
&used) == DMA_IN_PROGRESS) { &used) == DMA_IN_PROGRESS) {
/* do partial cleanup of sk_async_wait_queue */ /* do partial cleanup of sk_async_wait_queue */
while ((skb = skb_peek(&sk->sk_async_wait_queue)) && while ((skb = skb_peek(&sk->sk_async_wait_queue)) &&
(dma_async_is_complete(skb->dma_cookie, done, (dma_async_is_complete(skb->dma_cookie, done,
used) == DMA_SUCCESS)) { used) == DMA_SUCCESS)) {
__skb_dequeue(&sk->sk_async_wait_queue); __skb_dequeue(&sk->sk_async_wait_queue);
kfree_skb(skb); kfree_skb(skb);
} }

38
net/ipv4/tcp_cong.c
View file

@ -313,28 +313,28 @@ void tcp_reno_cong_avoid(struct sock *sk, u32 ack, u32 rtt, u32 in_flight,
return; return;
/* In "safe" area, increase. */ /* In "safe" area, increase. */
if (tp->snd_cwnd <= tp->snd_ssthresh) if (tp->snd_cwnd <= tp->snd_ssthresh)
tcp_slow_start(tp); tcp_slow_start(tp);
/* In dangerous area, increase slowly. */ /* In dangerous area, increase slowly. */
else if (sysctl_tcp_abc) { else if (sysctl_tcp_abc) {
/* RFC3465: Appropriate Byte Count /* RFC3465: Appropriate Byte Count
* increase once for each full cwnd acked * increase once for each full cwnd acked
*/ */
if (tp->bytes_acked >= tp->snd_cwnd*tp->mss_cache) { if (tp->bytes_acked >= tp->snd_cwnd*tp->mss_cache) {
tp->bytes_acked -= tp->snd_cwnd*tp->mss_cache; tp->bytes_acked -= tp->snd_cwnd*tp->mss_cache;
if (tp->snd_cwnd < tp->snd_cwnd_clamp) if (tp->snd_cwnd < tp->snd_cwnd_clamp)
tp->snd_cwnd++; tp->snd_cwnd++;
} }
} else { } else {
/* In theory this is tp->snd_cwnd += 1 / tp->snd_cwnd */ /* In theory this is tp->snd_cwnd += 1 / tp->snd_cwnd */
if (tp->snd_cwnd_cnt >= tp->snd_cwnd) { if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
if (tp->snd_cwnd < tp->snd_cwnd_clamp) if (tp->snd_cwnd < tp->snd_cwnd_clamp)
tp->snd_cwnd++; tp->snd_cwnd++;
tp->snd_cwnd_cnt = 0; tp->snd_cwnd_cnt = 0;
} else } else
tp->snd_cwnd_cnt++; tp->snd_cwnd_cnt++;
} }
} }
EXPORT_SYMBOL_GPL(tcp_reno_cong_avoid); EXPORT_SYMBOL_GPL(tcp_reno_cong_avoid);

50
net/ipv4/tcp_cubic.c
View file

@ -175,42 +175,42 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
} }
} }
/* cubic function - calc*/ /* cubic function - calc*/
/* calculate c * time^3 / rtt, /* calculate c * time^3 / rtt,
* while considering overflow in calculation of time^3 * while considering overflow in calculation of time^3
* (so time^3 is done by using 64 bit) * (so time^3 is done by using 64 bit)
* and without the support of division of 64bit numbers * and without the support of division of 64bit numbers
* (so all divisions are done by using 32 bit) * (so all divisions are done by using 32 bit)
* also NOTE the unit of those veriables * also NOTE the unit of those veriables
* time = (t - K) / 2^bictcp_HZ * time = (t - K) / 2^bictcp_HZ
* c = bic_scale >> 10 * c = bic_scale >> 10
* rtt = (srtt >> 3) / HZ * rtt = (srtt >> 3) / HZ
* !!! The following code does not have overflow problems, * !!! The following code does not have overflow problems,
* if the cwnd < 1 million packets !!! * if the cwnd < 1 million packets !!!
*/ */
/* change the unit from HZ to bictcp_HZ */ /* change the unit from HZ to bictcp_HZ */
t = ((tcp_time_stamp + (ca->delay_min>>3) - ca->epoch_start) t = ((tcp_time_stamp + (ca->delay_min>>3) - ca->epoch_start)
<< BICTCP_HZ) / HZ; << BICTCP_HZ) / HZ;
if (t < ca->bic_K) /* t - K */ if (t < ca->bic_K) /* t - K */
offs = ca->bic_K - t; offs = ca->bic_K - t;
else else
offs = t - ca->bic_K; offs = t - ca->bic_K;
/* c/rtt * (t-K)^3 */ /* c/rtt * (t-K)^3 */
delta = (cube_rtt_scale * offs * offs * offs) >> (10+3*BICTCP_HZ); delta = (cube_rtt_scale * offs * offs * offs) >> (10+3*BICTCP_HZ);
if (t < ca->bic_K) /* below origin*/ if (t < ca->bic_K) /* below origin*/
bic_target = ca->bic_origin_point - delta; bic_target = ca->bic_origin_point - delta;
else /* above origin*/ else /* above origin*/
bic_target = ca->bic_origin_point + delta; bic_target = ca->bic_origin_point + delta;
/* cubic function - calc bictcp_cnt*/ /* cubic function - calc bictcp_cnt*/
if (bic_target > cwnd) { if (bic_target > cwnd) {
ca->cnt = cwnd / (bic_target - cwnd); ca->cnt = cwnd / (bic_target - cwnd);
} else { } else {
ca->cnt = 100 * cwnd; /* very small increment*/ ca->cnt = 100 * cwnd; /* very small increment*/
} }
if (ca->delay_min > 0) { if (ca->delay_min > 0) {
/* max increment = Smax * rtt / 0.1 */ /* max increment = Smax * rtt / 0.1 */
@ -219,7 +219,7 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
ca->cnt = min_cnt; ca->cnt = min_cnt;
} }
/* slow start and low utilization */ /* slow start and low utilization */
if (ca->loss_cwnd == 0) /* could be aggressive in slow start */ if (ca->loss_cwnd == 0) /* could be aggressive in slow start */
ca->cnt = 50; ca->cnt = 50;
@ -227,9 +227,9 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
if (tcp_friendliness) { if (tcp_friendliness) {
u32 scale = beta_scale; u32 scale = beta_scale;
delta = (cwnd * scale) >> 3; delta = (cwnd * scale) >> 3;
while (ca->ack_cnt > delta) { /* update tcp cwnd */ while (ca->ack_cnt > delta) { /* update tcp cwnd */
ca->ack_cnt -= delta; ca->ack_cnt -= delta;
ca->tcp_cwnd++; ca->tcp_cwnd++;
} }
if (ca->tcp_cwnd > cwnd){ /* if bic is slower than tcp */ if (ca->tcp_cwnd > cwnd){ /* if bic is slower than tcp */
@ -238,7 +238,7 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
if (ca->cnt > max_cnt) if (ca->cnt > max_cnt)
ca->cnt = max_cnt; ca->cnt = max_cnt;
} }
} }
ca->cnt = (ca->cnt << ACK_RATIO_SHIFT) / ca->delayed_ack; ca->cnt = (ca->cnt << ACK_RATIO_SHIFT) / ca->delayed_ack;
if (ca->cnt == 0) /* cannot be zero */ if (ca->cnt == 0) /* cannot be zero */

4
net/ipv4/tcp_highspeed.c
View file

@ -14,8 +14,8 @@
* with fixed-point MD scaled <<8. * with fixed-point MD scaled <<8.
*/ */
static const struct hstcp_aimd_val { static const struct hstcp_aimd_val {
unsigned int cwnd; unsigned int cwnd;
unsigned int md; unsigned int md;
} hstcp_aimd_vals[] = { } hstcp_aimd_vals[] = {
{ 38, 128, /* 0.50 */ }, { 38, 128, /* 0.50 */ },
{ 118, 112, /* 0.44 */ }, { 118, 112, /* 0.44 */ },

2
net/ipv4/tcp_htcp.c
View file

@ -224,7 +224,7 @@ static void htcp_cong_avoid(struct sock *sk, u32 ack, u32 rtt,
if (!tcp_is_cwnd_limited(sk, in_flight)) if (!tcp_is_cwnd_limited(sk, in_flight))
return; return;
if (tp->snd_cwnd <= tp->snd_ssthresh) if (tp->snd_cwnd <= tp->snd_ssthresh)
tcp_slow_start(tp); tcp_slow_start(tp);
else { else {

26
net/ipv4/tcp_input.c
View file

@ -1249,8 +1249,8 @@ void tcp_enter_frto(struct sock *sk)
tp->frto_counter = 1; tp->frto_counter = 1;
if (icsk->icsk_ca_state <= TCP_CA_Disorder || if (icsk->icsk_ca_state <= TCP_CA_Disorder ||
tp->snd_una == tp->high_seq || tp->snd_una == tp->high_seq ||
(icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) { (icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) {
tp->prior_ssthresh = tcp_current_ssthresh(sk); tp->prior_ssthresh = tcp_current_ssthresh(sk);
tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk); tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk);
tcp_ca_event(sk, CA_EVENT_FRTO); tcp_ca_event(sk, CA_EVENT_FRTO);
@ -1969,11 +1969,11 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
* 1. Reno does not count dupacks (sacked_out) automatically. */ * 1. Reno does not count dupacks (sacked_out) automatically. */
if (!tp->packets_out) if (!tp->packets_out)
tp->sacked_out = 0; tp->sacked_out = 0;
/* 2. SACK counts snd_fack in packets inaccurately. */ /* 2. SACK counts snd_fack in packets inaccurately. */
if (tp->sacked_out == 0) if (tp->sacked_out == 0)
tp->fackets_out = 0; tp->fackets_out = 0;
/* Now state machine starts. /* Now state machine starts.
* A. ECE, hence prohibit cwnd undoing, the reduction is required. */ * A. ECE, hence prohibit cwnd undoing, the reduction is required. */
if (flag&FLAG_ECE) if (flag&FLAG_ECE)
tp->prior_ssthresh = 0; tp->prior_ssthresh = 0;
@ -2627,7 +2627,7 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
opt_rx->saw_tstamp = 0; opt_rx->saw_tstamp = 0;
while(length>0) { while(length>0) {
int opcode=*ptr++; int opcode=*ptr++;
int opsize; int opsize;
switch (opcode) { switch (opcode) {
@ -2642,7 +2642,7 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
return; return;
if (opsize > length) if (opsize > length)
return; /* don't parse partial options */ return; /* don't parse partial options */
switch(opcode) { switch(opcode) {
case TCPOPT_MSS: case TCPOPT_MSS:
if(opsize==TCPOLEN_MSS && th->syn && !estab) { if(opsize==TCPOLEN_MSS && th->syn && !estab) {
u16 in_mss = ntohs(get_unaligned((__be16 *)ptr)); u16 in_mss = ntohs(get_unaligned((__be16 *)ptr));
@ -2701,10 +2701,10 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
*/ */
break; break;
#endif #endif
}; };
ptr+=opsize-2; ptr+=opsize-2;
length-=opsize; length-=opsize;
}; };
} }
} }
@ -3617,7 +3617,7 @@ static void tcp_new_space(struct sock *sk)
struct tcp_sock *tp = tcp_sk(sk); struct tcp_sock *tp = tcp_sk(sk);
if (tcp_should_expand_sndbuf(sk, tp)) { if (tcp_should_expand_sndbuf(sk, tp)) {
int sndmem = max_t(u32, tp->rx_opt.mss_clamp, tp->mss_cache) + int sndmem = max_t(u32, tp->rx_opt.mss_clamp, tp->mss_cache) +
MAX_TCP_HEADER + 16 + sizeof(struct sk_buff), MAX_TCP_HEADER + 16 + sizeof(struct sk_buff),
demanded = max_t(unsigned int, tp->snd_cwnd, demanded = max_t(unsigned int, tp->snd_cwnd,
tp->reordering + 1); tp->reordering + 1);
@ -3835,7 +3835,7 @@ static int tcp_dma_try_early_copy(struct sock *sk, struct sk_buff *skb, int hlen
int copied_early = 0; int copied_early = 0;
if (tp->ucopy.wakeup) if (tp->ucopy.wakeup)
return 0; return 0;
if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
tp->ucopy.dma_chan = get_softnet_dma(); tp->ucopy.dma_chan = get_softnet_dma();
@ -4434,7 +4434,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
* Now that TTCP is starting to be used we ought to * Now that TTCP is starting to be used we ought to
* queue this data. * queue this data.
* But, this leaves one open to an easy denial of * But, this leaves one open to an easy denial of
* service attack, and SYN cookies can't defend * service attack, and SYN cookies can't defend
* against this problem. So, we drop the data * against this problem. So, we drop the data
* in the interest of security over speed unless * in the interest of security over speed unless
* it's still in use. * it's still in use.

20
net/ipv4/tcp_ipv4.c
View file

@ -303,7 +303,7 @@ static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
/* We don't check in the destentry if pmtu discovery is forbidden /* We don't check in the destentry if pmtu discovery is forbidden
* on this route. We just assume that no packet_to_big packets * on this route. We just assume that no packet_to_big packets
* are send back when pmtu discovery is not active. * are send back when pmtu discovery is not active.
* There is a small race when the user changes this flag in the * There is a small race when the user changes this flag in the
* route, but I think that's acceptable. * route, but I think that's acceptable.
*/ */
if ((dst = __sk_dst_check(sk, 0)) == NULL) if ((dst = __sk_dst_check(sk, 0)) == NULL)
@ -880,7 +880,7 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
if (md5sig->alloced4 == md5sig->entries4) { if (md5sig->alloced4 == md5sig->entries4) {
keys = kmalloc((sizeof(*keys) * keys = kmalloc((sizeof(*keys) *
(md5sig->entries4 + 1)), GFP_ATOMIC); (md5sig->entries4 + 1)), GFP_ATOMIC);
if (!keys) { if (!keys) {
kfree(newkey); kfree(newkey);
tcp_free_md5sig_pool(); tcp_free_md5sig_pool();
@ -934,7 +934,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
memcpy(&tp->md5sig_info->keys4[i], memcpy(&tp->md5sig_info->keys4[i],
&tp->md5sig_info->keys4[i+1], &tp->md5sig_info->keys4[i+1],
(tp->md5sig_info->entries4 - i) * (tp->md5sig_info->entries4 - i) *
sizeof(struct tcp4_md5sig_key)); sizeof(struct tcp4_md5sig_key));
} }
tcp_free_md5sig_pool(); tcp_free_md5sig_pool();
return 0; return 0;
@ -1388,7 +1388,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
goto drop_and_free; goto drop_and_free;
if (want_cookie) { if (want_cookie) {
reqsk_free(req); reqsk_free(req);
} else { } else {
inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
} }
@ -1704,7 +1704,7 @@ bad_packet:
discard_it: discard_it:
/* Discard frame. */ /* Discard frame. */
kfree_skb(skb); kfree_skb(skb);
return 0; return 0;
discard_and_relse: discard_and_relse:
sock_put(sk); sock_put(sk);
@ -1890,10 +1890,10 @@ int tcp_v4_destroy_sock(struct sock *sk)
tcp_cleanup_congestion_control(sk); tcp_cleanup_congestion_control(sk);
/* Cleanup up the write buffer. */ /* Cleanup up the write buffer. */
sk_stream_writequeue_purge(sk); sk_stream_writequeue_purge(sk);
/* Cleans up our, hopefully empty, out_of_order_queue. */ /* Cleans up our, hopefully empty, out_of_order_queue. */
__skb_queue_purge(&tp->out_of_order_queue); __skb_queue_purge(&tp->out_of_order_queue);
#ifdef CONFIG_TCP_MD5SIG #ifdef CONFIG_TCP_MD5SIG
/* Clean up the MD5 key list, if any */ /* Clean up the MD5 key list, if any */
@ -1906,7 +1906,7 @@ int tcp_v4_destroy_sock(struct sock *sk)
#ifdef CONFIG_NET_DMA #ifdef CONFIG_NET_DMA
/* Cleans up our sk_async_wait_queue */ /* Cleans up our sk_async_wait_queue */
__skb_queue_purge(&sk->sk_async_wait_queue); __skb_queue_purge(&sk->sk_async_wait_queue);
#endif #endif
/* Clean prequeue, it must be empty really */ /* Clean prequeue, it must be empty really */
@ -1983,7 +1983,7 @@ get_req:
st->state = TCP_SEQ_STATE_LISTENING; st->state = TCP_SEQ_STATE_LISTENING;
read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock); read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
} else { } else {
icsk = inet_csk(sk); icsk = inet_csk(sk);
read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock); read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
if (reqsk_queue_len(&icsk->icsk_accept_queue)) if (reqsk_queue_len(&icsk->icsk_accept_queue))
goto start_req; goto start_req;
@ -1996,7 +1996,7 @@ get_sk:
cur = sk; cur = sk;
goto out; goto out;
} }
icsk = inet_csk(sk); icsk = inet_csk(sk);
read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock); read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
if (reqsk_queue_len(&icsk->icsk_accept_queue)) { if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
start_req: start_req:

12
net/ipv4/tcp_output.c
View file

@ -610,7 +610,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
BUG_ON(len > skb->len); BUG_ON(len > skb->len);
clear_all_retrans_hints(tp); clear_all_retrans_hints(tp);
nsize = skb_headlen(skb) - len; nsize = skb_headlen(skb) - len;
if (nsize < 0) if (nsize < 0)
nsize = 0; nsize = 0;
@ -821,7 +821,7 @@ void tcp_mtup_init(struct sock *sk)
icsk->icsk_mtup.enabled = sysctl_tcp_mtu_probing > 1; icsk->icsk_mtup.enabled = sysctl_tcp_mtu_probing > 1;
icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) + icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) +
icsk->icsk_af_ops->net_header_len; icsk->icsk_af_ops->net_header_len;
icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, sysctl_tcp_base_mss); icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, sysctl_tcp_base_mss);
icsk->icsk_mtup.probe_size = 0; icsk->icsk_mtup.probe_size = 0;
} }
@ -1298,7 +1298,7 @@ static int tcp_mtu_probe(struct sock *sk)
skb_copy_bits(skb, 0, skb_put(nskb, copy), copy); skb_copy_bits(skb, 0, skb_put(nskb, copy), copy);
else else
nskb->csum = skb_copy_and_csum_bits(skb, 0, nskb->csum = skb_copy_and_csum_bits(skb, 0,
skb_put(nskb, copy), copy, nskb->csum); skb_put(nskb, copy), copy, nskb->csum);
if (skb->len <= copy) { if (skb->len <= copy) {
/* We've eaten all the data from this skb. /* We've eaten all the data from this skb.
@ -1308,7 +1308,7 @@ static int tcp_mtu_probe(struct sock *sk)
sk_stream_free_skb(sk, skb); sk_stream_free_skb(sk, skb);
} else { } else {
TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags & TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags &
~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH); ~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH);
if (!skb_shinfo(skb)->nr_frags) { if (!skb_shinfo(skb)->nr_frags) {
skb_pull(skb, copy); skb_pull(skb, copy);
if (skb->ip_summed != CHECKSUM_PARTIAL) if (skb->ip_summed != CHECKSUM_PARTIAL)
@ -1724,7 +1724,7 @@ void tcp_simple_retransmit(struct sock *sk)
tcp_sync_left_out(tp); tcp_sync_left_out(tp);
/* Don't muck with the congestion window here. /* Don't muck with the congestion window here.
* Reason is that we do not increase amount of _data_ * Reason is that we do not increase amount of _data_
* in network, but units changed and effective * in network, but units changed and effective
* cwnd/ssthresh really reduced now. * cwnd/ssthresh really reduced now.
@ -1747,7 +1747,7 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
{ {
struct tcp_sock *tp = tcp_sk(sk); struct tcp_sock *tp = tcp_sk(sk);
struct inet_connection_sock *icsk = inet_csk(sk); struct inet_connection_sock *icsk = inet_csk(sk);
unsigned int cur_mss = tcp_current_mss(sk, 0); unsigned int cur_mss = tcp_current_mss(sk, 0);
int err; int err;
/* Inconslusive MTU probe */ /* Inconslusive MTU probe */

2
net/ipv4/tcp_timer.c
View file

@ -137,7 +137,7 @@ static int tcp_write_timeout(struct sock *sk)
tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
} else { } else {
mss = min(sysctl_tcp_base_mss, mss = min(sysctl_tcp_base_mss,
tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)/2); tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)/2);
mss = max(mss, 68 - tp->tcp_header_len); mss = max(mss, 68 - tp->tcp_header_len);
icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss); icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);

22
net/ipv4/tcp_westwood.c
View file

@ -63,10 +63,10 @@ static void tcp_westwood_init(struct sock *sk)
struct westwood *w = inet_csk_ca(sk); struct westwood *w = inet_csk_ca(sk);
w->bk = 0; w->bk = 0;
w->bw_ns_est = 0; w->bw_ns_est = 0;
w->bw_est = 0; w->bw_est = 0;
w->accounted = 0; w->accounted = 0;
w->cumul_ack = 0; w->cumul_ack = 0;
w->reset_rtt_min = 1; w->reset_rtt_min = 1;
w->rtt_min = w->rtt = TCP_WESTWOOD_INIT_RTT; w->rtt_min = w->rtt = TCP_WESTWOOD_INIT_RTT;
w->rtt_win_sx = tcp_time_stamp; w->rtt_win_sx = tcp_time_stamp;
@ -121,7 +121,7 @@ static void westwood_update_window(struct sock *sk)
* to fix mismatch between tp->snd_una and w->snd_una for the first * to fix mismatch between tp->snd_una and w->snd_una for the first
* bandwidth sample * bandwidth sample
*/ */
if (w->first_ack) { if (w->first_ack) {
w->snd_una = tcp_sk(sk)->snd_una; w->snd_una = tcp_sk(sk)->snd_una;
w->first_ack = 0; w->first_ack = 0;
} }
@ -183,15 +183,15 @@ static inline u32 westwood_acked_count(struct sock *sk)
w->cumul_ack = tp->snd_una - w->snd_una; w->cumul_ack = tp->snd_una - w->snd_una;
/* If cumul_ack is 0 this is a dupack since it's not moving /* If cumul_ack is 0 this is a dupack since it's not moving
* tp->snd_una. * tp->snd_una.
*/ */
if (!w->cumul_ack) { if (!w->cumul_ack) {
w->accounted += tp->mss_cache; w->accounted += tp->mss_cache;
w->cumul_ack = tp->mss_cache; w->cumul_ack = tp->mss_cache;
} }
if (w->cumul_ack > tp->mss_cache) { if (w->cumul_ack > tp->mss_cache) {
/* Partial or delayed ack */ /* Partial or delayed ack */
if (w->accounted >= w->cumul_ack) { if (w->accounted >= w->cumul_ack) {
w->accounted -= w->cumul_ack; w->accounted -= w->cumul_ack;
@ -237,7 +237,7 @@ static void tcp_westwood_event(struct sock *sk, enum tcp_ca_event event)
case CA_EVENT_FRTO: case CA_EVENT_FRTO:
tp->snd_ssthresh = tcp_westwood_bw_rttmin(sk); tp->snd_ssthresh = tcp_westwood_bw_rttmin(sk);
/* Update RTT_min when next ack arrives */ /* Update RTT_min when next ack arrives */
w->reset_rtt_min = 1; w->reset_rtt_min = 1;
break; break;

44
net/ipv4/udp.c
View file

@ -306,10 +306,10 @@ static inline struct sock *udp_v4_mcast_next(struct sock *sk,
if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif)) if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif))
continue; continue;
goto found; goto found;
} }
s = NULL; s = NULL;
found: found:
return s; return s;
} }
/* /*
@ -338,7 +338,7 @@ void __udp4_lib_err(struct sk_buff *skb, u32 info, struct hlist_head udptable[])
skb->dev->ifindex, udptable ); skb->dev->ifindex, udptable );
if (sk == NULL) { if (sk == NULL) {
ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
return; /* No socket for error */ return; /* No socket for error */
} }
err = 0; err = 0;
@ -536,7 +536,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
if (up->pending) { if (up->pending) {
/* /*
* There are pending frames. * There are pending frames.
* The socket lock must be held while it's corked. * The socket lock must be held while it's corked.
*/ */
lock_sock(sk); lock_sock(sk);
if (likely(up->pending)) { if (likely(up->pending)) {
@ -544,7 +544,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
release_sock(sk); release_sock(sk);
return -EINVAL; return -EINVAL;
} }
goto do_append_data; goto do_append_data;
} }
release_sock(sk); release_sock(sk);
} }
@ -575,7 +575,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
Route will not be used, if at least one option is set. Route will not be used, if at least one option is set.
*/ */
connected = 1; connected = 1;
} }
ipc.addr = inet->saddr; ipc.addr = inet->saddr;
ipc.oif = sk->sk_bound_dev_if; ipc.oif = sk->sk_bound_dev_if;
@ -804,11 +804,11 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
*/ */
int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
size_t len, int noblock, int flags, int *addr_len) size_t len, int noblock, int flags, int *addr_len)
{ {
struct inet_sock *inet = inet_sk(sk); struct inet_sock *inet = inet_sk(sk);
struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
struct sk_buff *skb; struct sk_buff *skb;
int copied, err, copy_only, is_udplite = IS_UDPLITE(sk); int copied, err, copy_only, is_udplite = IS_UDPLITE(sk);
/* /*
@ -825,7 +825,7 @@ try_again:
if (!skb) if (!skb)
goto out; goto out;
copied = skb->len - sizeof(struct udphdr); copied = skb->len - sizeof(struct udphdr);
if (copied > len) { if (copied > len) {
copied = len; copied = len;
msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_TRUNC;
@ -868,7 +868,7 @@ try_again:
sin->sin_port = skb->h.uh->source; sin->sin_port = skb->h.uh->source;
sin->sin_addr.s_addr = skb->nh.iph->saddr; sin->sin_addr.s_addr = skb->nh.iph->saddr;
memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
} }
if (inet->cmsg_flags) if (inet->cmsg_flags)
ip_cmsg_recv(msg, skb); ip_cmsg_recv(msg, skb);
@ -877,9 +877,9 @@ try_again:
err = skb->len - sizeof(struct udphdr); err = skb->len - sizeof(struct udphdr);
out_free: out_free:
skb_free_datagram(sk, skb); skb_free_datagram(sk, skb);
out: out:
return err; return err;
csum_copy_err: csum_copy_err:
UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite); UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
@ -925,7 +925,7 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
return 1; return 1;
#else #else
struct udp_sock *up = udp_sk(sk); struct udp_sock *up = udp_sk(sk);
struct udphdr *uh; struct udphdr *uh;
struct iphdr *iph; struct iphdr *iph;
int iphlen, len; int iphlen, len;
@ -1193,8 +1193,8 @@ static inline void udp4_csum_init(struct sk_buff *skb, struct udphdr *uh)
int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[], int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
int is_udplite) int is_udplite)
{ {
struct sock *sk; struct sock *sk;
struct udphdr *uh = skb->h.uh; struct udphdr *uh = skb->h.uh;
unsigned short ulen; unsigned short ulen;
struct rtable *rt = (struct rtable*)skb->dst; struct rtable *rt = (struct rtable*)skb->dst;
__be32 saddr = skb->nh.iph->saddr; __be32 saddr = skb->nh.iph->saddr;
@ -1356,8 +1356,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
up->pcflag |= UDPLITE_SEND_CC; up->pcflag |= UDPLITE_SEND_CC;
break; break;
/* The receiver specifies a minimum checksum coverage value. To make /* The receiver specifies a minimum checksum coverage value. To make
* sense, this should be set to at least 8 (as done below). If zero is * sense, this should be set to at least 8 (as done below). If zero is
* used, this again means full checksum coverage. */ * used, this again means full checksum coverage. */
case UDPLITE_RECV_CSCOV: case UDPLITE_RECV_CSCOV:
if (!up->pcflag) /* Disable the option on UDP sockets */ if (!up->pcflag) /* Disable the option on UDP sockets */
@ -1433,11 +1433,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
return -ENOPROTOOPT; return -ENOPROTOOPT;
}; };
if(put_user(len, optlen)) if(put_user(len, optlen))
return -EFAULT; return -EFAULT;
if(copy_to_user(optval, &val,len)) if(copy_to_user(optval, &val,len))
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
int udp_getsockopt(struct sock *sk, int level, int optname, int udp_getsockopt(struct sock *sk, int level, int optname,
@ -1506,7 +1506,7 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
} }
struct proto udp_prot = { struct proto udp_prot = {
.name = "UDP", .name = "UDP",
.owner = THIS_MODULE, .owner = THIS_MODULE,
.close = udp_lib_close, .close = udp_lib_close,
.connect = ip4_datagram_connect, .connect = ip4_datagram_connect,

2
net/ipv4/udp_impl.h
View file

@ -10,7 +10,7 @@ extern void __udp4_lib_err(struct sk_buff *, u32, struct hlist_head []);
extern int __udp_lib_get_port(struct sock *sk, unsigned short snum, extern int __udp_lib_get_port(struct sock *sk, unsigned short snum,
struct hlist_head udptable[], int *port_rover, struct hlist_head udptable[], int *port_rover,
int (*)(const struct sock*,const struct sock*)); int (*)(const struct sock*,const struct sock*));
extern int ipv4_rcv_saddr_equal(const struct sock *, const struct sock *); extern int ipv4_rcv_saddr_equal(const struct sock *, const struct sock *);

4
net/ipv4/xfrm4_input.c
View file

@ -42,7 +42,7 @@ static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb)
if (skb->dst == NULL) { if (skb->dst == NULL) {
if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
skb->dev)) skb->dev))
goto drop; goto drop;
} }
return dst_input(skb); return dst_input(skb);
@ -149,7 +149,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
ip_send_check(skb->nh.iph); ip_send_check(skb->nh.iph);
NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
xfrm4_rcv_encap_finish); xfrm4_rcv_encap_finish);
return 0; return 0;
#else #else
return -skb->nh.iph->protocol; return -skb->nh.iph->protocol;

4
net/ipv4/xfrm4_policy.c
View file

@ -50,8 +50,8 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
struct xfrm_dst *xdst = (struct xfrm_dst*)dst; struct xfrm_dst *xdst = (struct xfrm_dst*)dst;
if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/ if (xdst->u.rt.fl.oif == fl->oif && /*XXX*/
xdst->u.rt.fl.fl4_dst == fl->fl4_dst && xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
xdst->u.rt.fl.fl4_src == fl->fl4_src && xdst->u.rt.fl.fl4_src == fl->fl4_src &&
xdst->u.rt.fl.fl4_tos == fl->fl4_tos && xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) { xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) {
dst_clone(dst); dst_clone(dst);
break; break;