Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NET]: Fix MAX_HEADER setting. [NETFILTER]: ipt_REJECT: fix memory corruption [NETFILTER]: conntrack: fix refcount leak when finding expectation [NETFILTER]: ctnetlink: fix reference count leak [NETFILTER]: nf_conntrack: fix the race on assign helper to new conntrack [NETFILTER]: nfctnetlink: assign helper to newly created conntrack
This commit is contained in:
Linus Torvalds
commit
1275361c40
@ -93,8 +93,10 @@ struct netpoll_info;
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(CONFIG_NET_IPIP) && \
|
#if !defined(CONFIG_NET_IPIP) && !defined(CONFIG_NET_IPIP_MODULE) && \
|
||||||
!defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
|
!defined(CONFIG_NET_IPGRE) && !defined(CONFIG_NET_IPGRE_MODULE) && \
|
||||||
|
!defined(CONFIG_IPV6_SIT) && !defined(CONFIG_IPV6_SIT_MODULE) && \
|
||||||
|
!defined(CONFIG_IPV6_TUNNEL) && !defined(CONFIG_IPV6_TUNNEL_MODULE)
|
||||||
#define MAX_HEADER LL_MAX_HEADER
|
#define MAX_HEADER LL_MAX_HEADER
|
||||||
#else
|
#else
|
||||||
#define MAX_HEADER (LL_MAX_HEADER + 48)
|
#define MAX_HEADER (LL_MAX_HEADER + 48)
|
||||||
|
|||||||
@ -225,10 +225,8 @@ __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
|
|||||||
struct ip_conntrack_expect *i;
|
struct ip_conntrack_expect *i;
|
||||||
|
|
||||||
list_for_each_entry(i, &ip_conntrack_expect_list, list) {
|
list_for_each_entry(i, &ip_conntrack_expect_list, list) {
|
||||||
if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) {
|
if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
|
||||||
atomic_inc(&i->use);
|
|
||||||
return i;
|
return i;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -241,6 +239,8 @@ ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
|
|||||||
|
|
||||||
read_lock_bh(&ip_conntrack_lock);
|
read_lock_bh(&ip_conntrack_lock);
|
||||||
i = __ip_conntrack_expect_find(tuple);
|
i = __ip_conntrack_expect_find(tuple);
|
||||||
|
if (i)
|
||||||
|
atomic_inc(&i->use);
|
||||||
read_unlock_bh(&ip_conntrack_lock);
|
read_unlock_bh(&ip_conntrack_lock);
|
||||||
|
|
||||||
return i;
|
return i;
|
||||||
|
|||||||
@ -153,6 +153,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
nfattr_failure:
|
nfattr_failure:
|
||||||
|
ip_conntrack_proto_put(proto);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -114,6 +114,14 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
|||||||
tcph->window = 0;
|
tcph->window = 0;
|
||||||
tcph->urg_ptr = 0;
|
tcph->urg_ptr = 0;
|
||||||
|
|
||||||
|
/* Adjust TCP checksum */
|
||||||
|
tcph->check = 0;
|
||||||
|
tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr),
|
||||||
|
nskb->nh.iph->saddr,
|
||||||
|
nskb->nh.iph->daddr,
|
||||||
|
csum_partial((char *)tcph,
|
||||||
|
sizeof(struct tcphdr), 0));
|
||||||
|
|
||||||
/* Set DF, id = 0 */
|
/* Set DF, id = 0 */
|
||||||
nskb->nh.iph->frag_off = htons(IP_DF);
|
nskb->nh.iph->frag_off = htons(IP_DF);
|
||||||
nskb->nh.iph->id = 0;
|
nskb->nh.iph->id = 0;
|
||||||
@ -129,14 +137,8 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
|||||||
if (ip_route_me_harder(&nskb, addr_type))
|
if (ip_route_me_harder(&nskb, addr_type))
|
||||||
goto free_nskb;
|
goto free_nskb;
|
||||||
|
|
||||||
/* Adjust TCP checksum */
|
|
||||||
nskb->ip_summed = CHECKSUM_NONE;
|
nskb->ip_summed = CHECKSUM_NONE;
|
||||||
tcph->check = 0;
|
|
||||||
tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr),
|
|
||||||
nskb->nh.iph->saddr,
|
|
||||||
nskb->nh.iph->daddr,
|
|
||||||
csum_partial((char *)tcph,
|
|
||||||
sizeof(struct tcphdr), 0));
|
|
||||||
/* Adjust IP TTL */
|
/* Adjust IP TTL */
|
||||||
nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
|
nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
|
||||||
|
|
||||||
|
|||||||
@ -469,10 +469,8 @@ __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple)
|
|||||||
struct nf_conntrack_expect *i;
|
struct nf_conntrack_expect *i;
|
||||||
|
|
||||||
list_for_each_entry(i, &nf_conntrack_expect_list, list) {
|
list_for_each_entry(i, &nf_conntrack_expect_list, list) {
|
||||||
if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) {
|
if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
|
||||||
atomic_inc(&i->use);
|
|
||||||
return i;
|
return i;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -485,6 +483,8 @@ nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple)
|
|||||||
|
|
||||||
read_lock_bh(&nf_conntrack_lock);
|
read_lock_bh(&nf_conntrack_lock);
|
||||||
i = __nf_conntrack_expect_find(tuple);
|
i = __nf_conntrack_expect_find(tuple);
|
||||||
|
if (i)
|
||||||
|
atomic_inc(&i->use);
|
||||||
read_unlock_bh(&nf_conntrack_lock);
|
read_unlock_bh(&nf_conntrack_lock);
|
||||||
|
|
||||||
return i;
|
return i;
|
||||||
@ -893,12 +893,6 @@ __nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
|
|||||||
|
|
||||||
memset(conntrack, 0, nf_ct_cache[features].size);
|
memset(conntrack, 0, nf_ct_cache[features].size);
|
||||||
conntrack->features = features;
|
conntrack->features = features;
|
||||||
if (helper) {
|
|
||||||
struct nf_conn_help *help = nfct_help(conntrack);
|
|
||||||
NF_CT_ASSERT(help);
|
|
||||||
help->helper = helper;
|
|
||||||
}
|
|
||||||
|
|
||||||
atomic_set(&conntrack->ct_general.use, 1);
|
atomic_set(&conntrack->ct_general.use, 1);
|
||||||
conntrack->ct_general.destroy = destroy_conntrack;
|
conntrack->ct_general.destroy = destroy_conntrack;
|
||||||
conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
|
conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
|
||||||
@ -982,8 +976,13 @@ init_conntrack(const struct nf_conntrack_tuple *tuple,
|
|||||||
#endif
|
#endif
|
||||||
nf_conntrack_get(&conntrack->master->ct_general);
|
nf_conntrack_get(&conntrack->master->ct_general);
|
||||||
NF_CT_STAT_INC(expect_new);
|
NF_CT_STAT_INC(expect_new);
|
||||||
} else
|
} else {
|
||||||
|
struct nf_conn_help *help = nfct_help(conntrack);
|
||||||
|
|
||||||
|
if (help)
|
||||||
|
help->helper = __nf_ct_helper_find(&repl_tuple);
|
||||||
NF_CT_STAT_INC(new);
|
NF_CT_STAT_INC(new);
|
||||||
|
}
|
||||||
|
|
||||||
/* Overload tuple linked list to put us in unconfirmed list. */
|
/* Overload tuple linked list to put us in unconfirmed list. */
|
||||||
list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed);
|
list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed);
|
||||||
|
|||||||
@ -161,6 +161,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct)
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
nfattr_failure:
|
nfattr_failure:
|
||||||
|
nf_ct_proto_put(proto);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -949,6 +950,7 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
|||||||
{
|
{
|
||||||
struct nf_conn *ct;
|
struct nf_conn *ct;
|
||||||
int err = -EINVAL;
|
int err = -EINVAL;
|
||||||
|
struct nf_conn_help *help;
|
||||||
|
|
||||||
ct = nf_conntrack_alloc(otuple, rtuple);
|
ct = nf_conntrack_alloc(otuple, rtuple);
|
||||||
if (ct == NULL || IS_ERR(ct))
|
if (ct == NULL || IS_ERR(ct))
|
||||||
@ -976,9 +978,16 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
|||||||
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
|
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
help = nfct_help(ct);
|
||||||
|
if (help)
|
||||||
|
help->helper = nf_ct_helper_find_get(rtuple);
|
||||||
|
|
||||||
add_timer(&ct->timeout);
|
add_timer(&ct->timeout);
|
||||||
nf_conntrack_hash_insert(ct);
|
nf_conntrack_hash_insert(ct);
|
||||||
|
|
||||||
|
if (help && help->helper)
|
||||||
|
nf_ct_helper_put(help->helper);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user