Updated from Linux LTS 3.10.22 to 3.10.23
This commit is contained in:
Nathan
@@ -453,8 +453,10 @@ static int mem_check(struct sock *sk)
|
||||
if (room > FL_MAX_SIZE - FL_MAX_PER_SOCK)
|
||||
return 0;
|
||||
|
||||
rcu_read_lock_bh();
|
||||
for_each_sk_fl_rcu(np, sfl)
|
||||
count++;
|
||||
rcu_read_unlock_bh();
|
||||
|
||||
if (room <= 0 ||
|
||||
((count >= FL_MAX_PER_SOCK ||
|
||||
|
||||
@@ -141,8 +141,8 @@ static int ip6_finish_output2(struct sk_buff *skb)
|
||||
}
|
||||
rcu_read_unlock_bh();
|
||||
|
||||
IP6_INC_STATS_BH(dev_net(dst->dev),
|
||||
ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
|
||||
IP6_INC_STATS(dev_net(dst->dev),
|
||||
ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
|
||||
kfree_skb(skb);
|
||||
return -EINVAL;
|
||||
}
|
||||
@@ -150,7 +150,8 @@ static int ip6_finish_output2(struct sk_buff *skb)
|
||||
static int ip6_finish_output(struct sk_buff *skb)
|
||||
{
|
||||
if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
|
||||
dst_allfrag(skb_dst(skb)))
|
||||
dst_allfrag(skb_dst(skb)) ||
|
||||
(IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
|
||||
return ip6_fragment(skb, ip6_finish_output2);
|
||||
else
|
||||
return ip6_finish_output2(skb);
|
||||
|
||||
@@ -172,63 +172,13 @@ out:
|
||||
return nf_conntrack_confirm(skb);
|
||||
}
|
||||
|
||||
static unsigned int __ipv6_conntrack_in(struct net *net,
|
||||
unsigned int hooknum,
|
||||
struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
int (*okfn)(struct sk_buff *))
|
||||
{
|
||||
struct sk_buff *reasm = skb->nfct_reasm;
|
||||
const struct nf_conn_help *help;
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
|
||||
/* This packet is fragmented and has reassembled packet. */
|
||||
if (reasm) {
|
||||
/* Reassembled packet isn't parsed yet ? */
|
||||
if (!reasm->nfct) {
|
||||
unsigned int ret;
|
||||
|
||||
ret = nf_conntrack_in(net, PF_INET6, hooknum, reasm);
|
||||
if (ret != NF_ACCEPT)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Conntrack helpers need the entire reassembled packet in the
|
||||
* POST_ROUTING hook. In case of unconfirmed connections NAT
|
||||
* might reassign a helper, so the entire packet is also
|
||||
* required.
|
||||
*/
|
||||
ct = nf_ct_get(reasm, &ctinfo);
|
||||
if (ct != NULL && !nf_ct_is_untracked(ct)) {
|
||||
help = nfct_help(ct);
|
||||
if ((help && help->helper) || !nf_ct_is_confirmed(ct)) {
|
||||
nf_conntrack_get_reasm(reasm);
|
||||
NF_HOOK_THRESH(NFPROTO_IPV6, hooknum, reasm,
|
||||
(struct net_device *)in,
|
||||
(struct net_device *)out,
|
||||
okfn, NF_IP6_PRI_CONNTRACK + 1);
|
||||
return NF_DROP_ERR(-ECANCELED);
|
||||
}
|
||||
}
|
||||
|
||||
nf_conntrack_get(reasm->nfct);
|
||||
skb->nfct = reasm->nfct;
|
||||
skb->nfctinfo = reasm->nfctinfo;
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
return nf_conntrack_in(net, PF_INET6, hooknum, skb);
|
||||
}
|
||||
|
||||
static unsigned int ipv6_conntrack_in(unsigned int hooknum,
|
||||
struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
int (*okfn)(struct sk_buff *))
|
||||
{
|
||||
return __ipv6_conntrack_in(dev_net(in), hooknum, skb, in, out, okfn);
|
||||
return nf_conntrack_in(dev_net(in), PF_INET6, hooknum, skb);
|
||||
}
|
||||
|
||||
static unsigned int ipv6_conntrack_local(unsigned int hooknum,
|
||||
@@ -242,7 +192,7 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
|
||||
net_notice_ratelimited("ipv6_conntrack_local: packet too short\n");
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
return __ipv6_conntrack_in(dev_net(out), hooknum, skb, in, out, okfn);
|
||||
return nf_conntrack_in(dev_net(out), PF_INET6, hooknum, skb);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
|
||||
|
||||
@@ -621,31 +621,16 @@ ret_orig:
|
||||
return skb;
|
||||
}
|
||||
|
||||
void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
|
||||
struct net_device *in, struct net_device *out,
|
||||
int (*okfn)(struct sk_buff *))
|
||||
void nf_ct_frag6_consume_orig(struct sk_buff *skb)
|
||||
{
|
||||
struct sk_buff *s, *s2;
|
||||
unsigned int ret = 0;
|
||||
|
||||
for (s = NFCT_FRAG6_CB(skb)->orig; s;) {
|
||||
nf_conntrack_put_reasm(s->nfct_reasm);
|
||||
nf_conntrack_get_reasm(skb);
|
||||
s->nfct_reasm = skb;
|
||||
|
||||
s2 = s->next;
|
||||
s->next = NULL;
|
||||
|
||||
if (ret != -ECANCELED)
|
||||
ret = NF_HOOK_THRESH(NFPROTO_IPV6, hooknum, s,
|
||||
in, out, okfn,
|
||||
NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
|
||||
else
|
||||
kfree_skb(s);
|
||||
|
||||
consume_skb(s);
|
||||
s = s2;
|
||||
}
|
||||
nf_conntrack_put_reasm(skb);
|
||||
}
|
||||
|
||||
static int nf_ct_net_init(struct net *net)
|
||||
|
||||
@@ -75,8 +75,11 @@ static unsigned int ipv6_defrag(unsigned int hooknum,
|
||||
if (reasm == skb)
|
||||
return NF_ACCEPT;
|
||||
|
||||
nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
|
||||
(struct net_device *)out, okfn);
|
||||
nf_ct_frag6_consume_orig(reasm);
|
||||
|
||||
NF_HOOK_THRESH(NFPROTO_IPV6, hooknum, reasm,
|
||||
(struct net_device *) in, (struct net_device *) out,
|
||||
okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
|
||||
|
||||
return NF_STOLEN;
|
||||
}
|
||||
|
||||
@@ -728,8 +728,11 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
|
||||
prefix = &prefix_buf;
|
||||
}
|
||||
|
||||
rt = rt6_get_route_info(net, prefix, rinfo->prefix_len, gwaddr,
|
||||
dev->ifindex);
|
||||
if (rinfo->prefix_len == 0)
|
||||
rt = rt6_get_dflt_router(gwaddr, dev);
|
||||
else
|
||||
rt = rt6_get_route_info(net, prefix, rinfo->prefix_len,
|
||||
gwaddr, dev->ifindex);
|
||||
|
||||
if (rt && !lifetime) {
|
||||
ip6_del_rt(rt);
|
||||
|
||||
Reference in New Issue
Block a user