Commit 761a1260 authored by Linus Torvalds's avatar Linus Torvalds

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [IPV4/IPV6]: Setting 0 for unused port field in RAW IP recvmsg().
  [IPV4] ipmr: ip multicast route bug fix.
  [TG3]: Update version and reldate
  [TG3]: Handle tg3_init_rings() failures
  [TG3]: Add tg3_restart_hw()
  [IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags.
  [IPV6]: Clean skb cb on IPv6 input.
  [NETFILTER]: Demote xt_sctp to EXPERIMENTAL
  [NETFILTER]: bridge netfilter: add deferred output hooks to feature-removal-schedule
  [NETFILTER]: xt_pkttype: fix mismatches on locally generated packets
  [NETFILTER]: SNMP NAT: fix byteorder confusion
  [NETFILTER]: conntrack: fix SYSCTL=n compile
  [NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject
  [NETFILTER]: H.323 helper: fix possible NULL-ptr dereference
parents 153d7f3f f59fc7f3
...@@ -258,3 +258,19 @@ Why: These drivers never compiled since they were added to the kernel ...@@ -258,3 +258,19 @@ Why: These drivers never compiled since they were added to the kernel
Who: Jean Delvare <khali@linux-fr.org> Who: Jean Delvare <khali@linux-fr.org>
--------------------------- ---------------------------
What: Bridge netfilter deferred IPv4/IPv6 output hook calling
When: January 2007
Why: The deferred output hooks are a layering violation causing unusual
and broken behaviour on bridge devices. Examples of things they
break include QoS classifation using the MARK or CLASSIFY targets,
the IPsec policy match and connection tracking with VLANs on a
bridge. Their only use is to enable bridge output port filtering
within iptables with the physdev match, which can also be done by
combining iptables and ebtables using netfilter marks. Until it
will get removed the hook deferral is disabled by default and is
only enabled when needed.
Who: Patrick McHardy <kaber@trash.net>
---------------------------
...@@ -68,8 +68,8 @@ ...@@ -68,8 +68,8 @@
#define DRV_MODULE_NAME "tg3" #define DRV_MODULE_NAME "tg3"
#define PFX DRV_MODULE_NAME ": " #define PFX DRV_MODULE_NAME ": "
#define DRV_MODULE_VERSION "3.62" #define DRV_MODULE_VERSION "3.63"
#define DRV_MODULE_RELDATE "June 30, 2006" #define DRV_MODULE_RELDATE "July 25, 2006"
#define TG3_DEF_MAC_MODE 0 #define TG3_DEF_MAC_MODE 0
#define TG3_DEF_RX_MODE 0 #define TG3_DEF_RX_MODE 0
...@@ -3590,6 +3590,28 @@ static irqreturn_t tg3_test_isr(int irq, void *dev_id, ...@@ -3590,6 +3590,28 @@ static irqreturn_t tg3_test_isr(int irq, void *dev_id,
static int tg3_init_hw(struct tg3 *, int); static int tg3_init_hw(struct tg3 *, int);
static int tg3_halt(struct tg3 *, int, int); static int tg3_halt(struct tg3 *, int, int);
/* Restart hardware after configuration changes, self-test, etc.
* Invoked with tp->lock held.
*/
static int tg3_restart_hw(struct tg3 *tp, int reset_phy)
{
int err;
err = tg3_init_hw(tp, reset_phy);
if (err) {
printk(KERN_ERR PFX "%s: Failed to re-initialize device, "
"aborting.\n", tp->dev->name);
tg3_halt(tp, RESET_KIND_SHUTDOWN, 1);
tg3_full_unlock(tp);
del_timer_sync(&tp->timer);
tp->irq_sync = 0;
netif_poll_enable(tp->dev);
dev_close(tp->dev);
tg3_full_lock(tp, 0);
}
return err;
}
#ifdef CONFIG_NET_POLL_CONTROLLER #ifdef CONFIG_NET_POLL_CONTROLLER
static void tg3_poll_controller(struct net_device *dev) static void tg3_poll_controller(struct net_device *dev)
{ {
...@@ -3630,13 +3652,15 @@ static void tg3_reset_task(void *_data) ...@@ -3630,13 +3652,15 @@ static void tg3_reset_task(void *_data)
} }
tg3_halt(tp, RESET_KIND_SHUTDOWN, 0); tg3_halt(tp, RESET_KIND_SHUTDOWN, 0);
tg3_init_hw(tp, 1); if (tg3_init_hw(tp, 1))
goto out;
tg3_netif_start(tp); tg3_netif_start(tp);
if (restart_timer) if (restart_timer)
mod_timer(&tp->timer, jiffies + 1); mod_timer(&tp->timer, jiffies + 1);
out:
tp->tg3_flags &= ~TG3_FLAG_IN_RESET_TASK; tp->tg3_flags &= ~TG3_FLAG_IN_RESET_TASK;
tg3_full_unlock(tp); tg3_full_unlock(tp);
...@@ -4124,6 +4148,7 @@ static inline void tg3_set_mtu(struct net_device *dev, struct tg3 *tp, ...@@ -4124,6 +4148,7 @@ static inline void tg3_set_mtu(struct net_device *dev, struct tg3 *tp,
static int tg3_change_mtu(struct net_device *dev, int new_mtu) static int tg3_change_mtu(struct net_device *dev, int new_mtu)
{ {
struct tg3 *tp = netdev_priv(dev); struct tg3 *tp = netdev_priv(dev);
int err;
if (new_mtu < TG3_MIN_MTU || new_mtu > TG3_MAX_MTU(tp)) if (new_mtu < TG3_MIN_MTU || new_mtu > TG3_MAX_MTU(tp))
return -EINVAL; return -EINVAL;
...@@ -4144,13 +4169,14 @@ static int tg3_change_mtu(struct net_device *dev, int new_mtu) ...@@ -4144,13 +4169,14 @@ static int tg3_change_mtu(struct net_device *dev, int new_mtu)
tg3_set_mtu(dev, tp, new_mtu); tg3_set_mtu(dev, tp, new_mtu);
tg3_init_hw(tp, 0); err = tg3_restart_hw(tp, 0);
if (!err)
tg3_netif_start(tp); tg3_netif_start(tp);
tg3_full_unlock(tp); tg3_full_unlock(tp);
return 0; return err;
} }
/* Free up pending packets in all rx/tx rings. /* Free up pending packets in all rx/tx rings.
...@@ -4232,7 +4258,7 @@ static void tg3_free_rings(struct tg3 *tp) ...@@ -4232,7 +4258,7 @@ static void tg3_free_rings(struct tg3 *tp)
* end up in the driver. tp->{tx,}lock are held and thus * end up in the driver. tp->{tx,}lock are held and thus
* we may not sleep. * we may not sleep.
*/ */
static void tg3_init_rings(struct tg3 *tp) static int tg3_init_rings(struct tg3 *tp)
{ {
u32 i; u32 i;
...@@ -4281,18 +4307,38 @@ static void tg3_init_rings(struct tg3 *tp) ...@@ -4281,18 +4307,38 @@ static void tg3_init_rings(struct tg3 *tp)
/* Now allocate fresh SKBs for each rx ring. */ /* Now allocate fresh SKBs for each rx ring. */
for (i = 0; i < tp->rx_pending; i++) { for (i = 0; i < tp->rx_pending; i++) {
if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_STD, if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_STD, -1, i) < 0) {
-1, i) < 0) printk(KERN_WARNING PFX
"%s: Using a smaller RX standard ring, "
"only %d out of %d buffers were allocated "
"successfully.\n",
tp->dev->name, i, tp->rx_pending);
if (i == 0)
return -ENOMEM;
tp->rx_pending = i;
break; break;
} }
}
if (tp->tg3_flags & TG3_FLAG_JUMBO_RING_ENABLE) { if (tp->tg3_flags & TG3_FLAG_JUMBO_RING_ENABLE) {
for (i = 0; i < tp->rx_jumbo_pending; i++) { for (i = 0; i < tp->rx_jumbo_pending; i++) {
if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_JUMBO, if (tg3_alloc_rx_skb(tp, RXD_OPAQUE_RING_JUMBO,
-1, i) < 0) -1, i) < 0) {
printk(KERN_WARNING PFX
"%s: Using a smaller RX jumbo ring, "
"only %d out of %d buffers were "
"allocated successfully.\n",
tp->dev->name, i, tp->rx_jumbo_pending);
if (i == 0) {
tg3_free_rings(tp);
return -ENOMEM;
}
tp->rx_jumbo_pending = i;
break; break;
} }
} }
}
return 0;
} }
/* /*
...@@ -5815,6 +5861,7 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p) ...@@ -5815,6 +5861,7 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p)
{ {
struct tg3 *tp = netdev_priv(dev); struct tg3 *tp = netdev_priv(dev);
struct sockaddr *addr = p; struct sockaddr *addr = p;
int err = 0;
if (!is_valid_ether_addr(addr->sa_data)) if (!is_valid_ether_addr(addr->sa_data))
return -EINVAL; return -EINVAL;
...@@ -5832,8 +5879,8 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p) ...@@ -5832,8 +5879,8 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p)
tg3_full_lock(tp, 1); tg3_full_lock(tp, 1);
tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); tg3_halt(tp, RESET_KIND_SHUTDOWN, 1);
tg3_init_hw(tp, 0); err = tg3_restart_hw(tp, 0);
if (!err)
tg3_netif_start(tp); tg3_netif_start(tp);
tg3_full_unlock(tp); tg3_full_unlock(tp);
} else { } else {
...@@ -5842,7 +5889,7 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p) ...@@ -5842,7 +5889,7 @@ static int tg3_set_mac_addr(struct net_device *dev, void *p)
spin_unlock_bh(&tp->lock); spin_unlock_bh(&tp->lock);
} }
return 0; return err;
} }
/* tp->lock is held. */ /* tp->lock is held. */
...@@ -5942,7 +5989,9 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy) ...@@ -5942,7 +5989,9 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy)
* can only do this after the hardware has been * can only do this after the hardware has been
* successfully reset. * successfully reset.
*/ */
tg3_init_rings(tp); err = tg3_init_rings(tp);
if (err)
return err;
/* This value is determined during the probe time DMA /* This value is determined during the probe time DMA
* engine test, tg3_test_dma. * engine test, tg3_test_dma.
...@@ -7956,7 +8005,7 @@ static void tg3_get_ringparam(struct net_device *dev, struct ethtool_ringparam * ...@@ -7956,7 +8005,7 @@ static void tg3_get_ringparam(struct net_device *dev, struct ethtool_ringparam *
static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *ering) static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *ering)
{ {
struct tg3 *tp = netdev_priv(dev); struct tg3 *tp = netdev_priv(dev);
int irq_sync = 0; int irq_sync = 0, err = 0;
if ((ering->rx_pending > TG3_RX_RING_SIZE - 1) || if ((ering->rx_pending > TG3_RX_RING_SIZE - 1) ||
(ering->rx_jumbo_pending > TG3_RX_JUMBO_RING_SIZE - 1) || (ering->rx_jumbo_pending > TG3_RX_JUMBO_RING_SIZE - 1) ||
...@@ -7980,13 +8029,14 @@ static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *e ...@@ -7980,13 +8029,14 @@ static int tg3_set_ringparam(struct net_device *dev, struct ethtool_ringparam *e
if (netif_running(dev)) { if (netif_running(dev)) {
tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); tg3_halt(tp, RESET_KIND_SHUTDOWN, 1);
tg3_init_hw(tp, 1); err = tg3_restart_hw(tp, 1);
if (!err)
tg3_netif_start(tp); tg3_netif_start(tp);
} }
tg3_full_unlock(tp); tg3_full_unlock(tp);
return 0; return err;
} }
static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause) static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause)
...@@ -8001,7 +8051,7 @@ static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam ...@@ -8001,7 +8051,7 @@ static void tg3_get_pauseparam(struct net_device *dev, struct ethtool_pauseparam
static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause) static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam *epause)
{ {
struct tg3 *tp = netdev_priv(dev); struct tg3 *tp = netdev_priv(dev);
int irq_sync = 0; int irq_sync = 0, err = 0;
if (netif_running(dev)) { if (netif_running(dev)) {
tg3_netif_stop(tp); tg3_netif_stop(tp);
...@@ -8025,13 +8075,14 @@ static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam ...@@ -8025,13 +8075,14 @@ static int tg3_set_pauseparam(struct net_device *dev, struct ethtool_pauseparam
if (netif_running(dev)) { if (netif_running(dev)) {
tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); tg3_halt(tp, RESET_KIND_SHUTDOWN, 1);
tg3_init_hw(tp, 1); err = tg3_restart_hw(tp, 1);
if (!err)
tg3_netif_start(tp); tg3_netif_start(tp);
} }
tg3_full_unlock(tp); tg3_full_unlock(tp);
return 0; return err;
} }
static u32 tg3_get_rx_csum(struct net_device *dev) static u32 tg3_get_rx_csum(struct net_device *dev)
...@@ -8666,7 +8717,9 @@ static int tg3_test_loopback(struct tg3 *tp) ...@@ -8666,7 +8717,9 @@ static int tg3_test_loopback(struct tg3 *tp)
if (!netif_running(tp->dev)) if (!netif_running(tp->dev))
return TG3_LOOPBACK_FAILED; return TG3_LOOPBACK_FAILED;
tg3_reset_hw(tp, 1); err = tg3_reset_hw(tp, 1);
if (err)
return TG3_LOOPBACK_FAILED;
if (tg3_run_loopback(tp, TG3_MAC_LOOPBACK)) if (tg3_run_loopback(tp, TG3_MAC_LOOPBACK))
err |= TG3_MAC_LOOPBACK_FAILED; err |= TG3_MAC_LOOPBACK_FAILED;
...@@ -8740,7 +8793,7 @@ static void tg3_self_test(struct net_device *dev, struct ethtool_test *etest, ...@@ -8740,7 +8793,7 @@ static void tg3_self_test(struct net_device *dev, struct ethtool_test *etest,
tg3_halt(tp, RESET_KIND_SHUTDOWN, 1); tg3_halt(tp, RESET_KIND_SHUTDOWN, 1);
if (netif_running(dev)) { if (netif_running(dev)) {
tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE;
tg3_init_hw(tp, 1); if (!tg3_restart_hw(tp, 1))
tg3_netif_start(tp); tg3_netif_start(tp);
} }
...@@ -11699,7 +11752,8 @@ static int tg3_suspend(struct pci_dev *pdev, pm_message_t state) ...@@ -11699,7 +11752,8 @@ static int tg3_suspend(struct pci_dev *pdev, pm_message_t state)
tg3_full_lock(tp, 0); tg3_full_lock(tp, 0);
tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE;
tg3_init_hw(tp, 1); if (tg3_restart_hw(tp, 1))
goto out;
tp->timer.expires = jiffies + tp->timer_offset; tp->timer.expires = jiffies + tp->timer_offset;
add_timer(&tp->timer); add_timer(&tp->timer);
...@@ -11707,6 +11761,7 @@ static int tg3_suspend(struct pci_dev *pdev, pm_message_t state) ...@@ -11707,6 +11761,7 @@ static int tg3_suspend(struct pci_dev *pdev, pm_message_t state)
netif_device_attach(dev); netif_device_attach(dev);
tg3_netif_start(tp); tg3_netif_start(tp);
out:
tg3_full_unlock(tp); tg3_full_unlock(tp);
} }
...@@ -11733,16 +11788,19 @@ static int tg3_resume(struct pci_dev *pdev) ...@@ -11733,16 +11788,19 @@ static int tg3_resume(struct pci_dev *pdev)
tg3_full_lock(tp, 0); tg3_full_lock(tp, 0);
tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE; tp->tg3_flags |= TG3_FLAG_INIT_COMPLETE;
tg3_init_hw(tp, 1); err = tg3_restart_hw(tp, 1);
if (err)
goto out;
tp->timer.expires = jiffies + tp->timer_offset; tp->timer.expires = jiffies + tp->timer_offset;
add_timer(&tp->timer); add_timer(&tp->timer);
tg3_netif_start(tp); tg3_netif_start(tp);
out:
tg3_full_unlock(tp); tg3_full_unlock(tp);
return 0; return err;
} }
static struct pci_driver tg3_driver = { static struct pci_driver tg3_driver = {
......
...@@ -79,6 +79,8 @@ struct bridge_skb_cb { ...@@ -79,6 +79,8 @@ struct bridge_skb_cb {
__u32 ipv4; __u32 ipv4;
} daddr; } daddr;
}; };
extern int brnf_deferred_hooks;
#endif /* CONFIG_BRIDGE_NETFILTER */ #endif /* CONFIG_BRIDGE_NETFILTER */
#endif /* __KERNEL__ */ #endif /* __KERNEL__ */
......
...@@ -61,6 +61,9 @@ static int brnf_filter_vlan_tagged = 1; ...@@ -61,6 +61,9 @@ static int brnf_filter_vlan_tagged = 1;
#define brnf_filter_vlan_tagged 1 #define brnf_filter_vlan_tagged 1
#endif #endif
int brnf_deferred_hooks;
EXPORT_SYMBOL_GPL(brnf_deferred_hooks);
static __be16 inline vlan_proto(const struct sk_buff *skb) static __be16 inline vlan_proto(const struct sk_buff *skb)
{ {
return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto; return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
...@@ -890,6 +893,8 @@ static unsigned int ip_sabotage_out(unsigned int hook, struct sk_buff **pskb, ...@@ -890,6 +893,8 @@ static unsigned int ip_sabotage_out(unsigned int hook, struct sk_buff **pskb,
return NF_ACCEPT; return NF_ACCEPT;
else if (ip->version == 6 && !brnf_call_ip6tables) else if (ip->version == 6 && !brnf_call_ip6tables)
return NF_ACCEPT; return NF_ACCEPT;
else if (!brnf_deferred_hooks)
return NF_ACCEPT;
#endif #endif
if (hook == NF_IP_POST_ROUTING) if (hook == NF_IP_POST_ROUTING)
return NF_ACCEPT; return NF_ACCEPT;
......
...@@ -429,7 +429,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, ...@@ -429,7 +429,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
} }
/* Remove any debris in the socket control block */ /* Remove any debris in the socket control block */
memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
ip_rcv_finish); ip_rcv_finish);
......
...@@ -1578,6 +1578,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait) ...@@ -1578,6 +1578,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
cache = ipmr_cache_find(rt->rt_src, rt->rt_dst); cache = ipmr_cache_find(rt->rt_src, rt->rt_dst);
if (cache==NULL) { if (cache==NULL) {
struct sk_buff *skb2;
struct net_device *dev; struct net_device *dev;
int vif; int vif;
...@@ -1591,12 +1592,18 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait) ...@@ -1591,12 +1592,18 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
read_unlock(&mrt_lock); read_unlock(&mrt_lock);
return -ENODEV; return -ENODEV;
} }
skb->nh.raw = skb_push(skb, sizeof(struct iphdr)); skb2 = skb_clone(skb, GFP_ATOMIC);
skb->nh.iph->ihl = sizeof(struct iphdr)>>2; if (!skb2) {
skb->nh.iph->saddr = rt->rt_src; read_unlock(&mrt_lock);
skb->nh.iph->daddr = rt->rt_dst; return -ENOMEM;
skb->nh.iph->version = 0; }
err = ipmr_cache_unresolved(vif, skb);
skb2->nh.raw = skb_push(skb2, sizeof(struct iphdr));
skb2->nh.iph->ihl = sizeof(struct iphdr)>>2;
skb2->nh.iph->saddr = rt->rt_src;
skb2->nh.iph->daddr = rt->rt_dst;
skb2->nh.iph->version = 0;
err = ipmr_cache_unresolved(vif, skb2);
read_unlock(&mrt_lock); read_unlock(&mrt_lock);
return err; return err;
} }
......
...@@ -1200,7 +1200,7 @@ static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct, ...@@ -1200,7 +1200,7 @@ static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
tuple.dst.protonum = IPPROTO_TCP; tuple.dst.protonum = IPPROTO_TCP;
exp = __ip_conntrack_expect_find(&tuple); exp = __ip_conntrack_expect_find(&tuple);
if (exp->master == ct) if (exp && exp->master == ct)
return exp; return exp;
return NULL; return NULL;
} }
......
...@@ -534,6 +534,8 @@ static struct nf_hook_ops ip_conntrack_ops[] = { ...@@ -534,6 +534,8 @@ static struct nf_hook_ops ip_conntrack_ops[] = {
/* Sysctl support */ /* Sysctl support */
int ip_conntrack_checksum = 1;
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
/* From ip_conntrack_core.c */ /* From ip_conntrack_core.c */
...@@ -568,8 +570,6 @@ extern unsigned int ip_ct_generic_timeout; ...@@ -568,8 +570,6 @@ extern unsigned int ip_ct_generic_timeout;
static int log_invalid_proto_min = 0; static int log_invalid_proto_min = 0;
static int log_invalid_proto_max = 255; static int log_invalid_proto_max = 255;
int ip_conntrack_checksum = 1;
static struct ctl_table_header *ip_ct_sysctl_header; static struct ctl_table_header *ip_ct_sysctl_header;
static ctl_table ip_ct_sysctl_table[] = { static ctl_table ip_ct_sysctl_table[] = {
......
...@@ -1255,9 +1255,9 @@ static int help(struct sk_buff **pskb, ...@@ -1255,9 +1255,9 @@ static int help(struct sk_buff **pskb,
struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
/* SNMP replies and originating SNMP traps get mangled */ /* SNMP replies and originating SNMP traps get mangled */
if (udph->source == ntohs(SNMP_PORT) && dir != IP_CT_DIR_REPLY) if (udph->source == htons(SNMP_PORT) && dir != IP_CT_DIR_REPLY)
return NF_ACCEPT; return NF_ACCEPT;
if (udph->dest == ntohs(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL) if (udph->dest == htons(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL)
return NF_ACCEPT; return NF_ACCEPT;
/* No NAT? */ /* No NAT? */
......
...@@ -609,6 +609,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, ...@@ -609,6 +609,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
if (sin) { if (sin) {
sin->sin_family = AF_INET; sin->sin_family = AF_INET;
sin->sin_addr.s_addr = skb->nh.iph->saddr; sin->sin_addr.s_addr = skb->nh.iph->saddr;
sin->sin_port = 0;
memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
} }
if (inet->cmsg_flags) if (inet->cmsg_flags)
......
...@@ -71,6 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt ...@@ -71,6 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
goto out; goto out;
} }
memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
/* /*
* Store incoming device index. When the packet will * Store incoming device index. When the packet will
* be queued, we cannot refer to skb->dev anymore. * be queued, we cannot refer to skb->dev anymore.
......
...@@ -411,6 +411,7 @@ static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk, ...@@ -411,6 +411,7 @@ static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk,
/* Copy the address. */ /* Copy the address. */
if (sin6) { if (sin6) {
sin6->sin6_family = AF_INET6; sin6->sin6_family = AF_INET6;
sin6->sin6_port = 0;
ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr); ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr);
sin6->sin6_flowinfo = 0; sin6->sin6_flowinfo = 0;
sin6->sin6_scope_id = 0; sin6->sin6_scope_id = 0;
......
...@@ -386,8 +386,8 @@ config NETFILTER_XT_MATCH_REALM ...@@ -386,8 +386,8 @@ config NETFILTER_XT_MATCH_REALM
<file:Documentation/modules.txt>. If unsure, say `N'. <file:Documentation/modules.txt>. If unsure, say `N'.
config NETFILTER_XT_MATCH_SCTP config NETFILTER_XT_MATCH_SCTP
tristate '"sctp" protocol match support' tristate '"sctp" protocol match support (EXPERIMENTAL)'
depends on NETFILTER_XTABLES depends on NETFILTER_XTABLES && EXPERIMENTAL
help help
With this option enabled, you will be able to use the With this option enabled, you will be able to use the
`sctp' match in order to match on SCTP source/destination ports `sctp' match in order to match on SCTP source/destination ports
......
...@@ -428,6 +428,8 @@ static struct file_operations ct_cpu_seq_fops = { ...@@ -428,6 +428,8 @@ static struct file_operations ct_cpu_seq_fops = {
/* Sysctl support */ /* Sysctl support */
int nf_conntrack_checksum = 1;
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
/* From nf_conntrack_core.c */ /* From nf_conntrack_core.c */
...@@ -459,8 +461,6 @@ extern unsigned int nf_ct_generic_timeout; ...@@ -459,8 +461,6 @@ extern unsigned int nf_ct_generic_timeout;
static int log_invalid_proto_min = 0; static int log_invalid_proto_min = 0;
static int log_invalid_proto_max = 255; static int log_invalid_proto_max = 255;
int nf_conntrack_checksum = 1;
static struct ctl_table_header *nf_ct_sysctl_header; static struct ctl_table_header *nf_ct_sysctl_header;
static ctl_table nf_ct_sysctl_table[] = { static ctl_table nf_ct_sysctl_table[] = {
......
...@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, ...@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
switch (verdict & NF_VERDICT_MASK) { switch (verdict & NF_VERDICT_MASK) {
case NF_ACCEPT: case NF_ACCEPT:
case NF_STOP:
info->okfn(skb); info->okfn(skb);
case NF_STOLEN:
break; break;
case NF_QUEUE: case NF_QUEUE:
if (!nf_queue(&skb, elem, info->pf, info->hook, if (!nf_queue(&skb, elem, info->pf, info->hook,
info->indev, info->outdev, info->okfn, info->indev, info->outdev, info->okfn,
verdict >> NF_VERDICT_BITS)) verdict >> NF_VERDICT_BITS))
goto next_hook; goto next_hook;
break; break;
default:
kfree_skb(skb);
} }
rcu_read_unlock(); rcu_read_unlock();
if (verdict == NF_DROP)
kfree_skb(skb);
kfree(info); kfree(info);
return; return;
} }
......
...@@ -113,6 +113,21 @@ checkentry(const char *tablename, ...@@ -113,6 +113,21 @@ checkentry(const char *tablename,
if (!(info->bitmask & XT_PHYSDEV_OP_MASK) || if (!(info->bitmask & XT_PHYSDEV_OP_MASK) ||
info->bitmask & ~XT_PHYSDEV_OP_MASK) info->bitmask & ~XT_PHYSDEV_OP_MASK)
return 0; return 0;
if (brnf_deferred_hooks == 0 &&
info->bitmask & XT_PHYSDEV_OP_OUT &&
(!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
info->invert & XT_PHYSDEV_OP_BRIDGED) &&
hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
(1 << NF_IP_POST_ROUTING))) {
printk(KERN_WARNING "physdev match: using --physdev-out in the "
"OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
"traffic is deprecated and breaks other things, it will "
"be removed in January 2007. See Documentation/"
"feature-removal-schedule.txt for details. This doesn't "
"affect you in case you're using it for purely bridged "
"traffic.\n");
brnf_deferred_hooks = 1;
}
return 1; return 1;
} }
......
...@@ -9,6 +9,8 @@ ...@@ -9,6 +9,8 @@
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/if_ether.h> #include <linux/if_ether.h>
#include <linux/if_packet.h> #include <linux/if_packet.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/netfilter/xt_pkttype.h> #include <linux/netfilter/xt_pkttype.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
...@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb, ...@@ -28,9 +30,17 @@ static int match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
int *hotdrop) int *hotdrop)
{ {
u_int8_t type;
const struct xt_pkttype_info *info = matchinfo; const struct xt_pkttype_info *info = matchinfo;
return (skb->pkt_type == info->pkttype) ^ info->invert; if (skb->pkt_type == PACKET_LOOPBACK)
type = (MULTICAST(skb->nh.iph->daddr)
? PACKET_MULTICAST
: PACKET_BROADCAST);
else
type = skb->pkt_type;
return (type == info->pkttype) ^ info->invert;
} }
static struct xt_match pkttype_match = { static struct xt_match pkttype_match = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment