diff options
50 files changed, 190 insertions, 425 deletions
diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c index 55959e4..f484747 100644 --- a/drivers/atm/zatm.c +++ b/drivers/atm/zatm.c @@ -669,11 +669,13 @@ printk("NONONONOO!!!!\n"); u32 *put; int i; - dsc = (u32 *) kmalloc(uPD98401_TXPD_SIZE*2+ - uPD98401_TXBD_SIZE*ATM_SKB(skb)->iovcnt,GFP_ATOMIC); + dsc = kmalloc(uPD98401_TXPD_SIZE * 2 + + uPD98401_TXBD_SIZE * ATM_SKB(skb)->iovcnt, GFP_ATOMIC); if (!dsc) { - if (vcc->pop) vcc->pop(vcc,skb); - else dev_kfree_skb_irq(skb); + if (vcc->pop) + vcc->pop(vcc, skb); + else + dev_kfree_skb_irq(skb); return -EAGAIN; } /* @@@ should check alignment */ @@ -683,7 +685,7 @@ printk("NONONONOO!!!!\n"); (ATM_SKB(skb)->atm_options & ATM_ATMOPT_CLP ? uPD98401_CLPM_1 : uPD98401_CLPM_0)); dsc[1] = 0; - dsc[2] = ATM_SKB(skb)->iovcnt*uPD98401_TXBD_SIZE; + dsc[2] = ATM_SKB(skb)->iovcnt * uPD98401_TXBD_SIZE; dsc[3] = virt_to_bus(put); for (i = 0; i < ATM_SKB(skb)->iovcnt; i++) { *put++ = ((struct iovec *) skb->data)[i].iov_len; diff --git a/drivers/net/irda/Kconfig b/drivers/net/irda/Kconfig index d54156f..7a08134 100644 --- a/drivers/net/irda/Kconfig +++ b/drivers/net/irda/Kconfig @@ -1,4 +1,3 @@ - menu "Infrared-port device drivers" depends on IRDA!=n @@ -156,7 +155,7 @@ comment "Old Serial dongle support" config DONGLE_OLD bool "Old Serial dongle support" - depends on (IRTTY_OLD || IRPORT_SIR) && BROKEN_ON_SMP + depends on IRPORT_SIR && BROKEN_ON_SMP help Say Y here if you have an infrared device that connects to your computer's serial port. These devices are called dongles. Then say Y diff --git a/drivers/net/irda/Makefile b/drivers/net/irda/Makefile index e7a8b7f..72cbfdc 100644 --- a/drivers/net/irda/Makefile +++ b/drivers/net/irda/Makefile @@ -45,4 +45,4 @@ obj-$(CONFIG_ACT200L_DONGLE) += act200l-sir.o obj-$(CONFIG_MA600_DONGLE) += ma600-sir.o # The SIR helper module -sir-dev-objs := sir_core.o sir_dev.o sir_dongle.o sir_kthread.o +sir-dev-objs := sir_dev.o sir_dongle.o sir_kthread.o diff --git a/drivers/net/irda/sir-dev.h b/drivers/net/irda/sir-dev.h index f0b8bc3..f69fb4c 100644 --- a/drivers/net/irda/sir-dev.h +++ b/drivers/net/irda/sir-dev.h @@ -133,8 +133,6 @@ extern int sirdev_put_dongle(struct sir_dev *self); extern void sirdev_enable_rx(struct sir_dev *dev); extern int sirdev_schedule_request(struct sir_dev *dev, int state, unsigned param); -extern int __init irda_thread_create(void); -extern void __exit irda_thread_join(void); /* inline helpers */ diff --git a/drivers/net/irda/sir_core.c b/drivers/net/irda/sir_core.c deleted file mode 100644 index a49f910..0000000 --- a/drivers/net/irda/sir_core.c +++ /dev/null @@ -1,56 +0,0 @@ -/********************************************************************* - * - * sir_core.c: module core for irda-sir abstraction layer - * - * Copyright (c) 2002 Martin Diehl - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of - * the License, or (at your option) any later version. - * - ********************************************************************/ - -#include <linux/module.h> -#include <linux/kernel.h> -#include <linux/init.h> - -#include <net/irda/irda.h> - -#include "sir-dev.h" - -/***************************************************************************/ - -MODULE_AUTHOR("Martin Diehl <info@mdiehl.de>"); -MODULE_DESCRIPTION("IrDA SIR core"); -MODULE_LICENSE("GPL"); - -/***************************************************************************/ - -EXPORT_SYMBOL(irda_register_dongle); -EXPORT_SYMBOL(irda_unregister_dongle); - -EXPORT_SYMBOL(sirdev_get_instance); -EXPORT_SYMBOL(sirdev_put_instance); - -EXPORT_SYMBOL(sirdev_set_dongle); -EXPORT_SYMBOL(sirdev_write_complete); -EXPORT_SYMBOL(sirdev_receive); - -EXPORT_SYMBOL(sirdev_raw_write); -EXPORT_SYMBOL(sirdev_raw_read); -EXPORT_SYMBOL(sirdev_set_dtr_rts); - -static int __init sir_core_init(void) -{ - return irda_thread_create(); -} - -static void __exit sir_core_exit(void) -{ - irda_thread_join(); -} - -module_init(sir_core_init); -module_exit(sir_core_exit); - diff --git a/drivers/net/irda/sir_dev.c b/drivers/net/irda/sir_dev.c index df22b8b..ea7c946 100644 --- a/drivers/net/irda/sir_dev.c +++ b/drivers/net/irda/sir_dev.c @@ -60,6 +60,7 @@ int sirdev_set_dongle(struct sir_dev *dev, IRDA_DONGLE type) up(&dev->fsm.sem); return err; } +EXPORT_SYMBOL(sirdev_set_dongle); /* used by dongle drivers for dongle programming */ @@ -94,6 +95,7 @@ int sirdev_raw_write(struct sir_dev *dev, const char *buf, int len) spin_unlock_irqrestore(&dev->tx_lock, flags); return ret; } +EXPORT_SYMBOL(sirdev_raw_write); /* seems some dongle drivers may need this */ @@ -116,6 +118,7 @@ int sirdev_raw_read(struct sir_dev *dev, char *buf, int len) return count; } +EXPORT_SYMBOL(sirdev_raw_read); int sirdev_set_dtr_rts(struct sir_dev *dev, int dtr, int rts) { @@ -124,7 +127,8 @@ int sirdev_set_dtr_rts(struct sir_dev *dev, int dtr, int rts) ret = dev->drv->set_dtr_rts(dev, dtr, rts); return ret; } - +EXPORT_SYMBOL(sirdev_set_dtr_rts); + /**********************************************************************/ /* called from client driver - likely with bh-context - to indicate @@ -227,6 +231,7 @@ void sirdev_write_complete(struct sir_dev *dev) done: spin_unlock_irqrestore(&dev->tx_lock, flags); } +EXPORT_SYMBOL(sirdev_write_complete); /* called from client driver - likely with bh-context - to give us * some more received bytes. We put them into the rx-buffer, @@ -279,6 +284,7 @@ int sirdev_receive(struct sir_dev *dev, const unsigned char *cp, size_t count) return 0; } +EXPORT_SYMBOL(sirdev_receive); /**********************************************************************/ @@ -641,6 +647,7 @@ out_freenetdev: out: return NULL; } +EXPORT_SYMBOL(sirdev_get_instance); int sirdev_put_instance(struct sir_dev *dev) { @@ -673,4 +680,5 @@ int sirdev_put_instance(struct sir_dev *dev) return 0; } +EXPORT_SYMBOL(sirdev_put_instance); diff --git a/drivers/net/irda/sir_dongle.c b/drivers/net/irda/sir_dongle.c index c5b7674..8d22592 100644 --- a/drivers/net/irda/sir_dongle.c +++ b/drivers/net/irda/sir_dongle.c @@ -50,6 +50,7 @@ int irda_register_dongle(struct dongle_driver *new) up(&dongle_list_lock); return 0; } +EXPORT_SYMBOL(irda_register_dongle); int irda_unregister_dongle(struct dongle_driver *drv) { @@ -58,6 +59,7 @@ int irda_unregister_dongle(struct dongle_driver *drv) up(&dongle_list_lock); return 0; } +EXPORT_SYMBOL(irda_unregister_dongle); int sirdev_get_dongle(struct sir_dev *dev, IRDA_DONGLE type) { diff --git a/drivers/net/irda/sir_kthread.c b/drivers/net/irda/sir_kthread.c index c650543..e3904d6 100644 --- a/drivers/net/irda/sir_kthread.c +++ b/drivers/net/irda/sir_kthread.c @@ -466,7 +466,7 @@ int sirdev_schedule_request(struct sir_dev *dev, int initial_state, unsigned par return 0; } -int __init irda_thread_create(void) +static int __init irda_thread_create(void) { struct completion startup; int pid; @@ -488,7 +488,7 @@ int __init irda_thread_create(void) return 0; } -void __exit irda_thread_join(void) +static void __exit irda_thread_join(void) { if (irda_rq_queue.thread) { flush_irda_queue(); @@ -499,3 +499,10 @@ void __exit irda_thread_join(void) } } +module_init(irda_thread_create); +module_exit(irda_thread_join); + +MODULE_AUTHOR("Martin Diehl <info@mdiehl.de>"); +MODULE_DESCRIPTION("IrDA SIR core"); +MODULE_LICENSE("GPL"); + diff --git a/include/linux/netfilter_ipv4/ip_nat_protocol.h b/include/linux/netfilter_ipv4/ip_nat_protocol.h index ef63aa9..612a436 100644 --- a/include/linux/netfilter_ipv4/ip_nat_protocol.h +++ b/include/linux/netfilter_ipv4/ip_nat_protocol.h @@ -42,13 +42,6 @@ struct ip_nat_protocol enum ip_nat_manip_type maniptype, const struct ip_conntrack *conntrack); - unsigned int (*print)(char *buffer, - const struct ip_conntrack_tuple *match, - const struct ip_conntrack_tuple *mask); - - unsigned int (*print_range)(char *buffer, - const struct ip_nat_range *range); - int (*range_to_nfattr)(struct sk_buff *skb, const struct ip_nat_range *range); diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index 53b2983..14f2bd0 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h @@ -72,7 +72,12 @@ enum nf_ip6_hook_priorities { NF_IP6_PRI_LAST = INT_MAX, }; +#ifdef CONFIG_NETFILTER extern int ipv6_netfilter_init(void); extern void ipv6_netfilter_fini(void); +#else /* CONFIG_NETFILTER */ +static inline int ipv6_netfilter_init(void) { return 0; } +static inline void ipv6_netfilter_fini(void) { return; } +#endif /* CONFIG_NETFILTER */ #endif /*__LINUX_IP6_NETFILTER_H*/ diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h index 50234fa..fa587c9 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h @@ -83,8 +83,8 @@ struct inet_connection_sock { struct timer_list icsk_delack_timer; __u32 icsk_rto; __u32 icsk_pmtu_cookie; - struct tcp_congestion_ops *icsk_ca_ops; - struct inet_connection_sock_af_ops *icsk_af_ops; + const struct tcp_congestion_ops *icsk_ca_ops; + const struct inet_connection_sock_af_ops *icsk_af_ops; unsigned int (*icsk_sync_mss)(struct sock *sk, u32 pmtu); __u8 icsk_ca_state; __u8 icsk_retransmits; diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c index f2a8750..0f604d2 100644 --- a/net/8021q/vlan_dev.c +++ b/net/8021q/vlan_dev.c @@ -214,7 +214,7 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev, * This allows the VLAN to have a different MAC than the underlying * device, and still route correctly. */ - if (memcmp(eth_hdr(skb)->h_dest, skb->dev->dev_addr, ETH_ALEN) == 0) { + if (!compare_ether_addr(eth_hdr(skb)->h_dest, skb->dev->dev_addr)) { /* It is for our (changed) MAC-address! */ skb->pkt_type = PACKET_HOST; } diff --git a/net/atm/br2684.c b/net/atm/br2684.c index bdb4d89..1dafa9c 100644 --- a/net/atm/br2684.c +++ b/net/atm/br2684.c @@ -296,13 +296,13 @@ static inline __be16 br_type_trans(struct sk_buff *skb, struct net_device *dev) eth = eth_hdr(skb); if (is_multicast_ether_addr(eth->h_dest)) { - if (memcmp(eth->h_dest, dev->broadcast, ETH_ALEN) == 0) + if (!compare_ether_addr(eth->h_dest, dev->broadcast)) skb->pkt_type = PACKET_BROADCAST; else skb->pkt_type = PACKET_MULTICAST; } - else if (memcmp(eth->h_dest, dev->dev_addr, ETH_ALEN)) + else if (compare_ether_addr(eth->h_dest, dev->dev_addr)) skb->pkt_type = PACKET_OTHERHOST; if (ntohs(eth->h_proto) >= 1536) diff --git a/net/atm/lec.c b/net/atm/lec.c index ad840b9..eea0513 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -1321,7 +1321,7 @@ static int lane2_associate_req (struct net_device *dev, u8 *lan_dst, struct sk_buff *skb; struct lec_priv *priv = (struct lec_priv*)dev->priv; - if ( memcmp(lan_dst, dev->dev_addr, ETH_ALEN) != 0 ) + if (compare_ether_addr(lan_dst, dev->dev_addr)) return (0); /* not our mac address */ kfree(priv->tlvs); /* NULL if there was no previous association */ @@ -1798,7 +1798,7 @@ lec_arp_find(struct lec_priv *priv, to_return = priv->lec_arp_tables[place]; while(to_return) { - if (memcmp(mac_addr, to_return->mac_addr, ETH_ALEN) == 0) { + if (!compare_ether_addr(mac_addr, to_return->mac_addr)) { return to_return; } to_return = to_return->next; @@ -2002,7 +2002,7 @@ lec_arp_resolve(struct lec_priv *priv, unsigned char *mac_to_find, return priv->mcast_vcc; break; case 2: /* LANE2 wants arp for multicast addresses */ - if ( memcmp(mac_to_find, bus_mac, ETH_ALEN) == 0) + if (!compare_ether_addr(mac_to_find, bus_mac)) return priv->mcast_vcc; break; default: diff --git a/net/atm/mpc.c b/net/atm/mpc.c index 526d953..36b7ae3 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -552,7 +552,7 @@ static int mpc_send_packet(struct sk_buff *skb, struct net_device *dev) goto non_ip; /* Multi-Protocol Over ATM :-) */ while (i < mpc->number_of_mps_macs) { - if (memcmp(eth->h_dest, (mpc->mps_macs + i*ETH_ALEN), ETH_ALEN) == 0) + if (!compare_ether_addr(eth->h_dest, (mpc->mps_macs + i*ETH_ALEN))) if ( send_via_shortcut(skb, mpc) == 0 ) /* try shortcut */ return 0; /* success! */ i++; diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c index 682bf20..cbb20c3 100644 --- a/net/bluetooth/bnep/core.c +++ b/net/bluetooth/bnep/core.c @@ -75,7 +75,7 @@ static struct bnep_session *__bnep_get_session(u8 *dst) list_for_each(p, &bnep_session_list) { s = list_entry(p, struct bnep_session, list); - if (!memcmp(dst, s->eh.h_source, ETH_ALEN)) + if (!compare_ether_addr(dst, s->eh.h_source)) return s; } return NULL; @@ -420,10 +420,10 @@ static inline int bnep_tx_frame(struct bnep_session *s, struct sk_buff *skb) iv[il++] = (struct kvec) { &type, 1 }; len++; - if (!memcmp(eh->h_dest, s->eh.h_source, ETH_ALEN)) + if (!compare_ether_addr(eh->h_dest, s->eh.h_source)) type |= 0x01; - if (!memcmp(eh->h_source, s->eh.h_dest, ETH_ALEN)) + if (!compare_ether_addr(eh->h_source, s->eh.h_dest)) type |= 0x02; if (type) diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a31244e..f812ed1 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -403,7 +403,7 @@ int hci_get_conn_list(void __user *arg) size = sizeof(req) + req.conn_num * sizeof(*ci); - if (!(cl = (void *) kmalloc(size, GFP_KERNEL))) + if (!(cl = kmalloc(size, GFP_KERNEL))) return -ENOMEM; if (!(hdev = hci_dev_get(req.dev_id))) { diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index 7323805..f158fe6 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c @@ -15,6 +15,7 @@ #include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter_bridge/ebt_ip.h> #include <linux/ip.h> +#include <net/ip.h> #include <linux/in.h> #include <linux/module.h> @@ -51,6 +52,8 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, if (!(info->bitmask & EBT_IP_DPORT) && !(info->bitmask & EBT_IP_SPORT)) return EBT_MATCH; + if (ntohs(ih->frag_off) & IP_OFFSET) + return EBT_NOMATCH; pptr = skb_header_pointer(skb, ih->ihl*4, sizeof(_ports), &_ports); if (pptr == NULL) diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index f8a8cde..9d2ef4f 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c @@ -164,8 +164,8 @@ static int ebt_stp_check(const char *tablename, unsigned int hookmask, if (datalen != len) return -EINVAL; /* Make sure the match only receives stp frames */ - if (memcmp(e->destmac, bridge_ula, ETH_ALEN) || - memcmp(e->destmsk, msk, ETH_ALEN) || !(e->bitmask & EBT_DESTMAC)) + if (compare_ether_addr(e->destmac, bridge_ula) || + compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) return -EINVAL; return 0; diff --git a/net/core/dv.c b/net/core/dv.c index 3f25f4a..c5deb36 100644 --- a/net/core/dv.c +++ b/net/core/dv.c @@ -457,7 +457,7 @@ void divert_frame(struct sk_buff *skb) unsigned char *skb_data_end = skb->data + skb->len; /* Packet is already aimed at us, return */ - if (!memcmp(eth, skb->dev->dev_addr, ETH_ALEN)) + if (!compare_ether_addr(eth, skb->dev->dev_addr)) return; /* proto is not IP, do nothing */ diff --git a/net/core/wireless.c b/net/core/wireless.c index 271ddb3..f88b0af 100644 --- a/net/core/wireless.c +++ b/net/core/wireless.c @@ -1506,7 +1506,7 @@ void wireless_spy_update(struct net_device * dev, /* Update all records that match */ for(i = 0; i < spydata->spy_number; i++) - if(!memcmp(address, spydata->spy_address[i], ETH_ALEN)) { + if(!compare_ether_addr(address, spydata->spy_address[i])) { memcpy(&(spydata->spy_stat[i]), wstats, sizeof(struct iw_quality)); match = i; diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c index 4cc6f41..5e33803 100644 --- a/net/ieee80211/ieee80211_rx.c +++ b/net/ieee80211/ieee80211_rx.c @@ -76,8 +76,8 @@ static struct ieee80211_frag_entry *ieee80211_frag_cache_find(struct if (entry->skb != NULL && entry->seq == seq && (entry->last_frag + 1 == frag || frag == -1) && - memcmp(entry->src_addr, src, ETH_ALEN) == 0 && - memcmp(entry->dst_addr, dst, ETH_ALEN) == 0) + !compare_ether_addr(entry->src_addr, src) && + !compare_ether_addr(entry->dst_addr, dst)) return entry; } @@ -243,12 +243,12 @@ static int ieee80211_is_eapol_frame(struct ieee80211_device *ieee, /* check that the frame is unicast frame to us */ if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_TODS && - memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 && - memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) { + !compare_ether_addr(hdr->addr1, dev->dev_addr) && + !compare_ether_addr(hdr->addr3, dev->dev_addr)) { /* ToDS frame with own addr BSSID and DA */ } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS && - memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) { + !compare_ether_addr(hdr->addr1, dev->dev_addr)) { /* FromDS frame with own addr as DA */ } else return 0; @@ -505,7 +505,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, if (ieee->iw_mode == IW_MODE_MASTER && !wds && (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS && ieee->stadev - && memcmp(hdr->addr2, ieee->assoc_ap_addr, ETH_ALEN) == 0) { + && !compare_ether_addr(hdr->addr2, ieee->assoc_ap_addr)) { /* Frame from BSSID of the AP for which we are a client */ skb->dev = dev = ieee->stadev; stats = hostap_get_stats(dev); @@ -1231,7 +1231,7 @@ static inline int is_same_network(struct ieee80211_network *src, * as one network */ return ((src->ssid_len == dst->ssid_len) && (src->channel == dst->channel) && - !memcmp(src->bssid, dst->bssid, ETH_ALEN) && + !compare_ether_addr(src->bssid, dst->bssid) && !memcmp(src->ssid, dst->ssid, src->ssid_len)); } diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index c54edd7..35e5f59 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile @@ -9,7 +9,7 @@ obj-y := route.o inetpeer.o protocol.o \ tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \ tcp_minisocks.o tcp_cong.o \ datagram.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \ - sysctl_net_ipv4.o fib_frontend.o fib_semantics.o netfilter.o + sysctl_net_ipv4.o fib_frontend.o fib_semantics.o obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o @@ -28,7 +28,7 @@ obj-$(CONFIG_IP_ROUTE_MULTIPATH_RR) += multipath_rr.o obj-$(CONFIG_IP_ROUTE_MULTIPATH_RANDOM) += multipath_random.o obj-$(CONFIG_IP_ROUTE_MULTIPATH_WRANDOM) += multipath_wrandom.o obj-$(CONFIG_IP_ROUTE_MULTIPATH_DRR) += multipath_drr.o -obj-$(CONFIG_NETFILTER) += netfilter/ +obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/ obj-$(CONFIG_IP_VS) += ipvs/ obj-$(CONFIG_INET_DIAG) += inet_diag.o obj-$(CONFIG_IP_ROUTE_MULTIPATH_CACHED) += multipath.o diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 3321092..52a3d7c 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c @@ -1,16 +1,8 @@ /* IPv4 specific functions of netfilter core */ - -#include <linux/config.h> -#ifdef CONFIG_NETFILTER - #include <linux/kernel.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> - #include <linux/ip.h> -#include <linux/tcp.h> -#include <linux/udp.h> -#include <linux/icmp.h> #include <net/route.h> #include <net/xfrm.h> #include <net/ip.h> @@ -146,5 +138,3 @@ static void fini(void) module_init(init); module_exit(fini); - -#endif /* CONFIG_NETFILTER */ diff --git a/net/ipv4/netfilter/ip_conntrack_proto_generic.c b/net/ipv4/netfilter/ip_conntrack_proto_generic.c index 88c3712..f891308 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_generic.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_generic.c @@ -12,7 +12,7 @@ #include <linux/netfilter.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> -unsigned long ip_ct_generic_timeout = 600*HZ; +unsigned int ip_ct_generic_timeout = 600*HZ; static int generic_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c index 30fc21d..f2a90e2 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c @@ -22,7 +22,7 @@ #include <linux/netfilter_ipv4/ip_conntrack_core.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> -unsigned long ip_ct_icmp_timeout = 30*HZ; +unsigned int ip_ct_icmp_timeout = 30*HZ; #if 0 #define DEBUGP printk diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c index 0b25050..be602e8 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c @@ -58,15 +58,15 @@ static const char *sctp_conntrack_names[] = { #define HOURS * 60 MINS #define DAYS * 24 HOURS -static unsigned long ip_ct_sctp_timeout_closed = 10 SECS; -static unsigned long ip_ct_sctp_timeout_cookie_wait = 3 SECS; -static unsigned long ip_ct_sctp_timeout_cookie_echoed = 3 SECS; -static unsigned long ip_ct_sctp_timeout_established = 5 DAYS; -static unsigned long ip_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; -static unsigned long ip_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; -static unsigned long ip_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; - -static const unsigned long * sctp_timeouts[] +static unsigned int ip_ct_sctp_timeout_closed = 10 SECS; +static unsigned int ip_ct_sctp_timeout_cookie_wait = 3 SECS; +static unsigned int ip_ct_sctp_timeout_cookie_echoed = 3 SECS; +static unsigned int ip_ct_sctp_timeout_established = 5 DAYS; +static unsigned int ip_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; +static unsigned int ip_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; +static unsigned int ip_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; + +static const unsigned int * sctp_timeouts[] = { NULL, /* SCTP_CONNTRACK_NONE */ &ip_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */ &ip_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */ diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index 77f3046..ea2b39c 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c @@ -85,21 +85,21 @@ static const char *tcp_conntrack_names[] = { #define HOURS * 60 MINS #define DAYS * 24 HOURS -unsigned long ip_ct_tcp_timeout_syn_sent = 2 MINS; -unsigned long ip_ct_tcp_timeout_syn_recv = 60 SECS; -unsigned long ip_ct_tcp_timeout_established = 5 DAYS; -unsigned long ip_ct_tcp_timeout_fin_wait = 2 MINS; -unsigned long ip_ct_tcp_timeout_close_wait = 60 SECS; -unsigned long ip_ct_tcp_timeout_last_ack = 30 SECS; -unsigned long ip_ct_tcp_timeout_time_wait = 2 MINS; -unsigned long ip_ct_tcp_timeout_close = 10 SECS; +unsigned int ip_ct_tcp_timeout_syn_sent = 2 MINS; +unsigned int ip_ct_tcp_timeout_syn_recv = 60 SECS; +unsigned int ip_ct_tcp_timeout_established = 5 DAYS; +unsigned int ip_ct_tcp_timeout_fin_wait = 2 MINS; +unsigned int ip_ct_tcp_timeout_close_wait = 60 SECS; +unsigned int ip_ct_tcp_timeout_last_ack = 30 SECS; +unsigned int ip_ct_tcp_timeout_time_wait = 2 MINS; +unsigned int ip_ct_tcp_timeout_close = 10 SECS; /* RFC1122 says the R2 limit should be at least 100 seconds. Linux uses 15 packets as limit, which corresponds to ~13-30min depending on RTO. */ -unsigned long ip_ct_tcp_timeout_max_retrans = 5 MINS; +unsigned int ip_ct_tcp_timeout_max_retrans = 5 MINS; -static const unsigned long * tcp_timeouts[] +static const unsigned int * tcp_timeouts[] = { NULL, /* TCP_CONNTRACK_NONE */ &ip_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */ &ip_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */ diff --git a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c index 46becbe..004003f 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c @@ -19,8 +19,8 @@ #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> -unsigned long ip_ct_udp_timeout = 30*HZ; -unsigned long ip_ct_udp_timeout_stream = 180*HZ; +unsigned int ip_ct_udp_timeout = 30*HZ; +unsigned int ip_ct_udp_timeout_stream = 180*HZ; static int udp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 7ba9778..9dec129 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -544,28 +544,28 @@ extern int ip_conntrack_max; extern unsigned int ip_conntrack_htable_size; /* From ip_conntrack_proto_tcp.c */ -extern unsigned long ip_ct_tcp_timeout_syn_sent; -extern unsigned long ip_ct_tcp_timeout_syn_recv; -extern unsigned long ip_ct_tcp_timeout_established; -extern unsigned long ip_ct_tcp_timeout_fin_wait; -extern unsigned long ip_ct_tcp_timeout_close_wait; -extern unsigned long ip_ct_tcp_timeout_last_ack; -extern unsigned long ip_ct_tcp_timeout_time_wait; -extern unsigned long ip_ct_tcp_timeout_close; -extern unsigned long ip_ct_tcp_timeout_max_retrans; +extern unsigned int ip_ct_tcp_timeout_syn_sent; +extern unsigned int ip_ct_tcp_timeout_syn_recv; +extern unsigned int ip_ct_tcp_timeout_established; +extern unsigned int ip_ct_tcp_timeout_fin_wait; +extern unsigned int ip_ct_tcp_timeout_close_wait; +extern unsigned int ip_ct_tcp_timeout_last_ack; +extern unsigned int ip_ct_tcp_timeout_time_wait; +extern unsigned int ip_ct_tcp_timeout_close; +extern unsigned int ip_ct_tcp_timeout_max_retrans; extern int ip_ct_tcp_loose; extern int ip_ct_tcp_be_liberal; extern int ip_ct_tcp_max_retrans; /* From ip_conntrack_proto_udp.c */ -extern unsigned long ip_ct_udp_timeout; -extern unsigned long ip_ct_udp_timeout_stream; +extern unsigned int ip_ct_udp_timeout; +extern unsigned int ip_ct_udp_timeout_stream; /* From ip_conntrack_proto_icmp.c */ -extern unsigned long ip_ct_icmp_timeout; +extern unsigned int ip_ct_icmp_timeout; /* From ip_conntrack_proto_icmp.c */ -extern unsigned long ip_ct_generic_timeout; +extern unsigned int ip_ct_generic_timeout; /* Log invalid packets of a given protocol */ static int log_invalid_proto_min = 0; diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index e546203..ac004895 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c @@ -148,14 +148,14 @@ pptp_outbound_pkt(struct sk_buff **pskb, { struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info; struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; - - u_int16_t msg, *cid = NULL, new_callid; + u_int16_t msg, new_callid; + unsigned int cid_off; new_callid = htons(ct_pptp_info->pns_call_id); switch (msg = ntohs(ctlh->messageType)) { case PPTP_OUT_CALL_REQUEST: - cid = &pptpReq->ocreq.callID; + cid_off = offsetof(union pptp_ctrl_union, ocreq.callID); /* FIXME: ideally we would want to reserve a call ID * here. current netfilter NAT core is not able to do * this :( For now we use TCP source port. This breaks @@ -172,10 +172,10 @@ pptp_outbound_pkt(struct sk_buff **pskb, ct_pptp_info->pns_call_id = ntohs(new_callid); break; case PPTP_IN_CALL_REPLY: - cid = &pptpReq->icreq.callID; + cid_off = offsetof(union pptp_ctrl_union, icreq.callID); break; case PPTP_CALL_CLEAR_REQUEST: - cid = &pptpReq->clrreq.callID; + cid_off = offsetof(union pptp_ctrl_union, clrreq.callID); break; default: DEBUGP("unknown outbound packet 0x%04x:%s\n", msg, @@ -197,18 +197,15 @@ pptp_outbound_pkt(struct sk_buff **pskb, /* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass * down to here */ - - IP_NF_ASSERT(cid); - DEBUGP("altering call id from 0x%04x to 0x%04x\n", - ntohs(*cid), ntohs(new_callid)); + ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_callid)); /* mangle packet */ if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, - (void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)), - sizeof(new_callid), - (char *)&new_callid, - sizeof(new_callid)) == 0) + cid_off + sizeof(struct pptp_pkt_hdr) + + sizeof(struct PptpControlHeader), + sizeof(new_callid), (char *)&new_callid, + sizeof(new_callid)) == 0) return NF_DROP; return NF_ACCEPT; @@ -299,31 +296,30 @@ pptp_inbound_pkt(struct sk_buff **pskb, union pptp_ctrl_union *pptpReq) { struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; - u_int16_t msg, new_cid = 0, new_pcid, *pcid = NULL, *cid = NULL; - - int ret = NF_ACCEPT, rv; + u_int16_t msg, new_cid = 0, new_pcid; + unsigned int pcid_off, cid_off = 0; new_pcid = htons(nat_pptp_info->pns_call_id); switch (msg = ntohs(ctlh->messageType)) { case PPTP_OUT_CALL_REPLY: - pcid = &pptpReq->ocack.peersCallID; - cid = &pptpReq->ocack.callID; + pcid_off = offsetof(union pptp_ctrl_union, ocack.peersCallID); + cid_off = offsetof(union pptp_ctrl_union, ocack.callID); break; case PPTP_IN_CALL_CONNECT: - pcid = &pptpReq->iccon.peersCallID; + pcid_off = offsetof(union pptp_ctrl_union, iccon.peersCallID); break; case PPTP_IN_CALL_REQUEST: /* only need to nat in case PAC is behind NAT box */ - break; + return NF_ACCEPT; case PPTP_WAN_ERROR_NOTIFY: - pcid = &pptpReq->wanerr.peersCallID; + pcid_off = offsetof(union pptp_ctrl_union, wanerr.peersCallID); break; case PPTP_CALL_DISCONNECT_NOTIFY: - pcid = &pptpReq->disc.callID; + pcid_off = offsetof(union pptp_ctrl_union, disc.callID); break; case PPTP_SET_LINK_INFO: - pcid = &pptpReq->setlink.peersCallID; + pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID); break; default: @@ -345,35 +341,26 @@ pptp_inbound_pkt(struct sk_buff **pskb, * WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */ /* mangle packet */ - IP_NF_ASSERT(pcid); DEBUGP("altering peer call id from 0x%04x to 0x%04x\n", - ntohs(*pcid), ntohs(new_pcid)); - - rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, - (void *)pcid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)), - sizeof(new_pcid), (char *)&new_pcid, - sizeof(new_pcid)); - if (rv != NF_ACCEPT) - return rv; + ntohs(*(u_int16_t *)pptpReq + pcid_off), ntohs(new_pcid)); + + if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, + pcid_off + sizeof(struct pptp_pkt_hdr) + + sizeof(struct PptpControlHeader), + sizeof(new_pcid), (char *)&new_pcid, + sizeof(new_pcid)) == 0) + return NF_DROP; if (new_cid) { - IP_NF_ASSERT(cid); DEBUGP("altering call id from 0x%04x to 0x%04x\n", - ntohs(*cid), ntohs(new_cid)); - rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, - (void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)), - sizeof(new_cid), - (char *)&new_cid, - sizeof(new_cid)); - if (rv != NF_ACCEPT) - return rv; + ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_cid)); + if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, + cid_off + sizeof(struct pptp_pkt_hdr) + + sizeof(struct PptpControlHeader), + sizeof(new_cid), (char *)&new_cid, + sizeof(new_cid)) == 0) + return NF_DROP; } - - /* check for earlier return value of 'switch' above */ - if (ret != NF_ACCEPT) - return ret; - - /* great, at least we don't need to resize packets */ return NF_ACCEPT; } diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c index f7cad7c..6c4899d 100644 --- a/net/ipv4/netfilter/ip_nat_proto_gre.c +++ b/net/ipv4/netfilter/ip_nat_proto_gre.c @@ -151,42 +151,6 @@ gre_manip_pkt(struct sk_buff **pskb, return 1; } -/* print out a nat tuple */ -static unsigned int -gre_print(char *buffer, - const struct ip_conntrack_tuple *match, - const struct ip_conntrack_tuple *mask) -{ - unsigned int len = 0; - - if (mask->src.u.gre.key) - len += sprintf(buffer + len, "srckey=0x%x ", - ntohl(match->src.u.gre.key)); - - if (mask->dst.u.gre.key) - len += sprintf(buffer + len, "dstkey=0x%x ", - ntohl(match->src.u.gre.key)); - - return len; -} - -/* print a range of keys */ -static unsigned int -gre_print_range(char *buffer, const struct ip_nat_range *range) -{ - if (range->min.gre.key != 0 - || range->max.gre.key != 0xFFFF) { - if (range->min.gre.key == range->max.gre.key) - return sprintf(buffer, "key 0x%x ", - ntohl(range->min.gre.key)); - else - return sprintf(buffer, "keys 0x%u-0x%u ", - ntohl(range->min.gre.key), - ntohl(range->max.gre.key)); - } else - return 0; -} - /* nat helper struct */ static struct ip_nat_protocol gre = { .name = "GRE", @@ -194,8 +158,6 @@ static struct ip_nat_protocol gre = { .manip_pkt = gre_manip_pkt, .in_range = gre_in_range, .unique_tuple = gre_unique_tuple, - .print = gre_print, - .print_range = gre_print_range, #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) .range_to_nfattr = ip_nat_port_range_to_nfattr, diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c index 9387190..31a3f4c 100644 --- a/net/ipv4/netfilter/ip_nat_proto_icmp.c +++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c @@ -74,38 +74,6 @@ icmp_manip_pkt(struct sk_buff **pskb, return 1; } -static unsigned int -icmp_print(char *buffer, - const struct ip_conntrack_tuple *match, - const struct ip_conntrack_tuple *mask) -{ - unsigned int len = 0; - - if (mask->src.u.icmp.id) - len += sprintf(buffer + len, "id=%u ", - ntohs(match->src.u.icmp.id)); - - if (mask->dst.u.icmp.type) - len += sprintf(buffer + len, "type=%u ", - ntohs(match->dst.u.icmp.type)); - - if (mask->dst.u.icmp.code) - len += sprintf(buffer + len, "code=%u ", - ntohs(match->dst.u.icmp.code)); - - return len; -} - -static unsigned int -icmp_print_range(char *buffer, const struct ip_nat_range *range) -{ - if (range->min.icmp.id != 0 || range->max.icmp.id != 0xFFFF) - return sprintf(buffer, "id %u-%u ", - ntohs(range->min.icmp.id), - ntohs(range->max.icmp.id)); - else return 0; -} - struct ip_nat_protocol ip_nat_protocol_icmp = { .name = "ICMP", .protonum = IPPROTO_ICMP, @@ -113,8 +81,6 @@ struct ip_nat_protocol ip_nat_protocol_icmp = { .manip_pkt = icmp_manip_pkt, .in_range = icmp_in_range, .unique_tuple = icmp_unique_tuple, - .print = icmp_print, - .print_range = icmp_print_range, #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) .range_to_nfattr = ip_nat_port_range_to_nfattr, diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c index 1d381bf..a3d1407 100644 --- a/net/ipv4/netfilter/ip_nat_proto_tcp.c +++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c @@ -136,40 +136,6 @@ tcp_manip_pkt(struct sk_buff **pskb, return 1; } -static unsigned int -tcp_print(char *buffer, - const struct ip_conntrack_tuple *match, - const struct ip_conntrack_tuple *mask) -{ - unsigned int len = 0; - - if (mask->src.u.tcp.port) - len += sprintf(buffer + len, "srcpt=%u ", - ntohs(match->src.u.tcp.port)); - - - if (mask->dst.u.tcp.port) - len += sprintf(buffer + len, "dstpt=%u ", - ntohs(match->dst.u.tcp.port)); - - return len; -} - -static unsigned int -tcp_print_range(char *buffer, const struct ip_nat_range *range) -{ - if (range->min.tcp.port != 0 || range->max.tcp.port != 0xFFFF) { - if (range->min.tcp.port == range->max.tcp.port) - return sprintf(buffer, "port %u ", - ntohs(range->min.tcp.port)); - else - return sprintf(buffer, "ports %u-%u ", - ntohs(range->min.tcp.port), - ntohs(range->max.tcp.port)); - } - else return 0; -} - struct ip_nat_protocol ip_nat_protocol_tcp = { .name = "TCP", .protonum = IPPROTO_TCP, @@ -177,8 +143,6 @@ struct ip_nat_protocol ip_nat_protocol_tcp = { .manip_pkt = tcp_manip_pkt, .in_range = tcp_in_range, .unique_tuple = tcp_unique_tuple, - .print = tcp_print, - .print_range = tcp_print_range, #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) .range_to_nfattr = ip_nat_port_range_to_nfattr, diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c index c4906e1..ec6053f 100644 --- a/net/ipv4/netfilter/ip_nat_proto_udp.c +++ b/net/ipv4/netfilter/ip_nat_proto_udp.c @@ -122,40 +122,6 @@ udp_manip_pkt(struct sk_buff **pskb, return 1; } -static unsigned int -udp_print(char *buffer, - const struct ip_conntrack_tuple *match, - const struct ip_conntrack_tuple *mask) -{ - unsigned int len = 0; - - if (mask->src.u.udp.port) - len += sprintf(buffer + len, "srcpt=%u ", - ntohs(match->src.u.udp.port)); - - - if (mask->dst.u.udp.port) - len += sprintf(buffer + len, "dstpt=%u ", - ntohs(match->dst.u.udp.port)); - - return len; -} - -static unsigned int -udp_print_range(char *buffer, const struct ip_nat_range *range) -{ - if (range->min.udp.port != 0 || range->max.udp.port != 0xFFFF) { - if (range->min.udp.port == range->max.udp.port) - return sprintf(buffer, "port %u ", - ntohs(range->min.udp.port)); - else - return sprintf(buffer, "ports %u-%u ", - ntohs(range->min.udp.port), - ntohs(range->max.udp.port)); - } - else return 0; -} - struct ip_nat_protocol ip_nat_protocol_udp = { .name = "UDP", .protonum = IPPROTO_UDP, @@ -163,8 +129,6 @@ struct ip_nat_protocol ip_nat_protocol_udp = { .manip_pkt = udp_manip_pkt, .in_range = udp_in_range, .unique_tuple = udp_unique_tuple, - .print = udp_print, - .print_range = udp_print_range, #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) .range_to_nfattr = ip_nat_port_range_to_nfattr, diff --git a/net/ipv4/netfilter/ip_nat_proto_unknown.c b/net/ipv4/netfilter/ip_nat_proto_unknown.c index f0099a6..3bf0495 100644 --- a/net/ipv4/netfilter/ip_nat_proto_unknown.c +++ b/net/ipv4/netfilter/ip_nat_proto_unknown.c @@ -46,26 +46,10 @@ unknown_manip_pkt(struct sk_buff **pskb, return 1; } -static unsigned int -unknown_print(char *buffer, - const struct ip_conntrack_tuple *match, - const struct ip_conntrack_tuple *mask) -{ - return 0; -} - -static unsigned int -unknown_print_range(char *buffer, const struct ip_nat_range *range) -{ - return 0; -} - struct ip_nat_protocol ip_nat_unknown_protocol = { .name = "unknown", /* .me isn't set: getting a ref to this cannot fail. */ .manip_pkt = unknown_manip_pkt, .in_range = unknown_in_range, .unique_tuple = unknown_unique_tuple, - .print = unknown_print, - .print_range = unknown_print_range }; diff --git a/net/ipv4/netfilter/ipt_mac.c b/net/ipv4/netfilter/ipt_mac.c index 11a459e..1b9bb45 100644 --- a/net/ipv4/netfilter/ipt_mac.c +++ b/net/ipv4/netfilter/ipt_mac.c @@ -11,6 +11,7 @@ #include <linux/module.h> #include <linux/skbuff.h> #include <linux/if_ether.h> +#include <linux/etherdevice.h> #include <linux/netfilter_ipv4/ipt_mac.h> #include <linux/netfilter_ipv4/ip_tables.h> @@ -33,8 +34,8 @@ match(const struct sk_buff *skb, return (skb->mac.raw >= skb->head && (skb->mac.raw + ETH_HLEN) <= skb->data /* If so, compare... */ - && ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN) - == 0) ^ info->invert)); + && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) + ^ info->invert)); } static int diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 9bdbb77..0c56c52 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c @@ -277,7 +277,7 @@ static struct nf_hook_ops ipv4_conntrack_local_in_ops = { #ifdef CONFIG_SYSCTL /* From nf_conntrack_proto_icmp.c */ -extern unsigned long nf_ct_icmp_timeout; +extern unsigned int nf_ct_icmp_timeout; static struct ctl_table_header *nf_ct_ipv4_sysctl_header; static ctl_table nf_ct_sysctl_table[] = { diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile index 9601fd7..bf18cff 100644 --- a/net/ipv6/Makefile +++ b/net/ipv6/Makefile @@ -8,8 +8,7 @@ ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o sit.o \ route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \ protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \ exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \ - ip6_flowlabel.o ipv6_syms.o netfilter.o \ - inet6_connection_sock.o + ip6_flowlabel.o ipv6_syms.o inet6_connection_sock.o ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \ xfrm6_output.o @@ -19,7 +18,7 @@ obj-$(CONFIG_INET6_AH) += ah6.o obj-$(CONFIG_INET6_ESP) += esp6.o obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o obj-$(CONFIG_INET6_TUNNEL) += xfrm6_tunnel.o -obj-$(CONFIG_NETFILTER) += netfilter/ +obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/ obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index b636783..1ab62f0 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c @@ -1,9 +1,5 @@ -#include <linux/config.h> -#include <linux/init.h> - -#ifdef CONFIG_NETFILTER - #include <linux/kernel.h> +#include <linux/init.h> #include <linux/ipv6.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv6.h> @@ -94,18 +90,7 @@ int __init ipv6_netfilter_init(void) return nf_register_queue_rerouter(PF_INET6, &ip6_reroute); } -void ipv6_netfilter_fini(void) +void __exit ipv6_netfilter_fini(void) { nf_unregister_queue_rerouter(PF_INET6); } - -#else /* CONFIG_NETFILTER */ -int __init ipv6_netfilter_init(void) -{ - return 0; -} - -void ipv6_netfilter_fini(void) -{ -} -#endif /* CONFIG_NETFILTER */ diff --git a/net/ipv6/netfilter/ip6t_mac.c b/net/ipv6/netfilter/ip6t_mac.c index 526d43e..ae0b092 100644 --- a/net/ipv6/netfilter/ip6t_mac.c +++ b/net/ipv6/netfilter/ip6t_mac.c @@ -34,8 +34,8 @@ match(const struct sk_buff *skb, return (skb->mac.raw >= skb->head && (skb->mac.raw + ETH_HLEN) <= skb->data /* If so, compare... */ - && ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN) - == 0) ^ info->invert)); + && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) + ^ info->invert)); } static int diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 704fbbe..e57d6fc 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c @@ -335,10 +335,10 @@ static struct nf_hook_ops ipv6_conntrack_local_in_ops = { #ifdef CONFIG_SYSCTL /* From nf_conntrack_proto_icmpv6.c */ -extern unsigned long nf_ct_icmpv6_timeout; +extern unsigned int nf_ct_icmpv6_timeout; /* From nf_conntrack_frag6.c */ -extern unsigned long nf_ct_frag6_timeout; +extern unsigned int nf_ct_frag6_timeout; extern unsigned int nf_ct_frag6_low_thresh; extern unsigned int nf_ct_frag6_high_thresh; diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c index 36425f6..46bc27e 100644 --- a/net/netfilter/nf_conntrack_proto_generic.c +++ b/net/netfilter/nf_conntrack_proto_generic.c @@ -17,7 +17,7 @@ #include <linux/netfilter.h> #include <net/netfilter/nf_conntrack_protocol.h> -unsigned long nf_ct_generic_timeout = 600*HZ; +unsigned int nf_ct_generic_timeout = 600*HZ; static int generic_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 3a600f7..cf798e6 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -62,15 +62,15 @@ static const char *sctp_conntrack_names[] = { #define HOURS * 60 MINS #define DAYS * 24 HOURS -static unsigned long nf_ct_sctp_timeout_closed = 10 SECS; -static unsigned long nf_ct_sctp_timeout_cookie_wait = 3 SECS; -static unsigned long nf_ct_sctp_timeout_cookie_echoed = 3 SECS; -static unsigned long nf_ct_sctp_timeout_established = 5 DAYS; -static unsigned long nf_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; -static unsigned long nf_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; -static unsigned long nf_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; - -static unsigned long * sctp_timeouts[] +static unsigned int nf_ct_sctp_timeout_closed = 10 SECS; +static unsigned int nf_ct_sctp_timeout_cookie_wait = 3 SECS; +static unsigned int nf_ct_sctp_timeout_cookie_echoed = 3 SECS; +static unsigned int nf_ct_sctp_timeout_established = 5 DAYS; +static unsigned int nf_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; +static unsigned int nf_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; +static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; + +static unsigned int * sctp_timeouts[] = { NULL, /* SCTP_CONNTRACK_NONE */ &nf_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */ &nf_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */ diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 9a1348a..df99138 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -93,21 +93,21 @@ static const char *tcp_conntrack_names[] = { #define HOURS * 60 MINS #define DAYS * 24 HOURS -unsigned long nf_ct_tcp_timeout_syn_sent = 2 MINS; -unsigned long nf_ct_tcp_timeout_syn_recv = 60 SECS; -unsigned long nf_ct_tcp_timeout_established = 5 DAYS; -unsigned long nf_ct_tcp_timeout_fin_wait = 2 MINS; -unsigned long nf_ct_tcp_timeout_close_wait = 60 SECS; -unsigned long nf_ct_tcp_timeout_last_ack = 30 SECS; -unsigned long nf_ct_tcp_timeout_time_wait = 2 MINS; -unsigned long nf_ct_tcp_timeout_close = 10 SECS; +unsigned int nf_ct_tcp_timeout_syn_sent = 2 MINS; +unsigned int nf_ct_tcp_timeout_syn_recv = 60 SECS; +unsigned int nf_ct_tcp_timeout_established = 5 DAYS; +unsigned int nf_ct_tcp_timeout_fin_wait = 2 MINS; +unsigned int nf_ct_tcp_timeout_close_wait = 60 SECS; +unsigned int nf_ct_tcp_timeout_last_ack = 30 SECS; +unsigned int nf_ct_tcp_timeout_time_wait = 2 MINS; +unsigned int nf_ct_tcp_timeout_close = 10 SECS; /* RFC1122 says the R2 limit should be at least 100 seconds. Linux uses 15 packets as limit, which corresponds to ~13-30min depending on RTO. */ -unsigned long nf_ct_tcp_timeout_max_retrans = 5 MINS; +unsigned int nf_ct_tcp_timeout_max_retrans = 5 MINS; -static unsigned long * tcp_timeouts[] +static unsigned int * tcp_timeouts[] = { NULL, /* TCP_CONNTRACK_NONE */ &nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */ &nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */ diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 1a592a5..4264dd0 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c @@ -27,8 +27,8 @@ #include <linux/netfilter_ipv6.h> #include <net/netfilter/nf_conntrack_protocol.h> -unsigned long nf_ct_udp_timeout = 30*HZ; -unsigned long nf_ct_udp_timeout_stream = 180*HZ; +unsigned int nf_ct_udp_timeout = 30*HZ; +unsigned int nf_ct_udp_timeout_stream = 180*HZ; static int udp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index d17e42b..3531d14 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -431,25 +431,25 @@ extern int nf_conntrack_max; extern unsigned int nf_conntrack_htable_size; /* From nf_conntrack_proto_tcp.c */ -extern unsigned long nf_ct_tcp_timeout_syn_sent; -extern unsigned long nf_ct_tcp_timeout_syn_recv; -extern unsigned long nf_ct_tcp_timeout_established; -extern unsigned long nf_ct_tcp_timeout_fin_wait; -extern unsigned long nf_ct_tcp_timeout_close_wait; -extern unsigned long nf_ct_tcp_timeout_last_ack; -extern unsigned long nf_ct_tcp_timeout_time_wait; -extern unsigned long nf_ct_tcp_timeout_close; -extern unsigned long nf_ct_tcp_timeout_max_retrans; +extern unsigned int nf_ct_tcp_timeout_syn_sent; +extern unsigned int nf_ct_tcp_timeout_syn_recv; +extern unsigned int nf_ct_tcp_timeout_established; +extern unsigned int nf_ct_tcp_timeout_fin_wait; +extern unsigned int nf_ct_tcp_timeout_close_wait; +extern unsigned int nf_ct_tcp_timeout_last_ack; +extern unsigned int nf_ct_tcp_timeout_time_wait; +extern unsigned int nf_ct_tcp_timeout_close; +extern unsigned int nf_ct_tcp_timeout_max_retrans; extern int nf_ct_tcp_loose; extern int nf_ct_tcp_be_liberal; extern int nf_ct_tcp_max_retrans; /* From nf_conntrack_proto_udp.c */ -extern unsigned long nf_ct_udp_timeout; -extern unsigned long nf_ct_udp_timeout_stream; +extern unsigned int nf_ct_udp_timeout; +extern unsigned int nf_ct_udp_timeout_stream; /* From nf_conntrack_proto_generic.c */ -extern unsigned long nf_ct_generic_timeout; +extern unsigned int nf_ct_generic_timeout; /* Log invalid packets of a given protocol */ static int log_invalid_proto_min = 0; diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index a67f1b4..bb50c8a 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1422,7 +1422,7 @@ static int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *, while (skb->len >= nlmsg_total_size(0)) { nlh = (struct nlmsghdr *) skb->data; - if (skb->len < nlh->nlmsg_len) + if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len) return 0; total_len = min(NLMSG_ALIGN(nlh->nlmsg_len), skb->len); diff --git a/net/rxrpc/connection.c b/net/rxrpc/connection.c index 2ba14a7..0e0a455 100644 --- a/net/rxrpc/connection.c +++ b/net/rxrpc/connection.c @@ -220,6 +220,7 @@ int rxrpc_connection_lookup(struct rxrpc_peer *peer, { struct rxrpc_connection *conn, *candidate = NULL; struct list_head *_p; + struct sk_buff *pkt = msg->pkt; int ret, fresh = 0; __be32 x_epoch, x_connid; __be16 x_port, x_servid; @@ -229,10 +230,10 @@ int rxrpc_connection_lookup(struct rxrpc_peer *peer, _enter("%p{{%hu}},%u,%hu", peer, peer->trans->port, - ntohs(msg->pkt->h.uh->source), + ntohs(pkt->h.uh->source), ntohs(msg->hdr.serviceId)); - x_port = msg->pkt->h.uh->source; + x_port = pkt->h.uh->source; x_epoch = msg->hdr.epoch; x_clflag = msg->hdr.flags & RXRPC_CLIENT_INITIATED; x_connid = htonl(ntohl(msg->hdr.cid) & RXRPC_CIDMASK); @@ -267,7 +268,7 @@ int rxrpc_connection_lookup(struct rxrpc_peer *peer, /* fill in the specifics */ candidate->addr.sin_family = AF_INET; candidate->addr.sin_port = x_port; - candidate->addr.sin_addr.s_addr = msg->pkt->nh.iph->saddr; + candidate->addr.sin_addr.s_addr = pkt->nh.iph->saddr; candidate->in_epoch = x_epoch; candidate->out_epoch = x_epoch; candidate->in_clientflag = RXRPC_CLIENT_INITIATED; @@ -675,6 +676,7 @@ int rxrpc_conn_receive_call_packet(struct rxrpc_connection *conn, struct rxrpc_message *msg) { struct rxrpc_message *pmsg; + struct dst_entry *dst; struct list_head *_p; unsigned cix, seq; int ret = 0; @@ -710,10 +712,10 @@ int rxrpc_conn_receive_call_packet(struct rxrpc_connection *conn, call->pkt_rcv_count++; - if (msg->pkt->dst && msg->pkt->dst->dev) + dst = msg->pkt->dst; + if (dst && dst->dev) conn->peer->if_mtu = - msg->pkt->dst->dev->mtu - - msg->pkt->dst->dev->hard_header_len; + dst->dev->mtu - dst->dev->hard_header_len; /* queue on the call in seq order */ rxrpc_get_message(msg); diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index b19cc26..a8bd34d 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -166,8 +166,8 @@ svc_create_thread(svc_thread_fn func, struct svc_serv *serv) memset(rqstp, 0, sizeof(*rqstp)); init_waitqueue_head(&rqstp->rq_wait); - if (!(rqstp->rq_argp = (u32 *) kmalloc(serv->sv_xdrsize, GFP_KERNEL)) - || !(rqstp->rq_resp = (u32 *) kmalloc(serv->sv_xdrsize, GFP_KERNEL)) + if (!(rqstp->rq_argp = kmalloc(serv->sv_xdrsize, GFP_KERNEL)) + || !(rqstp->rq_resp = kmalloc(serv->sv_xdrsize, GFP_KERNEL)) || !svc_init_buffer(rqstp, serv->sv_bufsz)) goto out_thread; |