static inline int llc_fixup_skb(struct sk_buff *skb)
{
u8 llc_len = 2;
- struct llc_pdu_sn *pdu;
+ struct llc_pdu_un *pdu;
- if (!pskb_may_pull(skb, sizeof(*pdu)))
+ if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
return 0;
- pdu = (struct llc_pdu_sn *)skb->data;
+ pdu = (struct llc_pdu_un *)skb->data;
if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
llc_len = 1;
llc_len += 2;
+
+ if (unlikely(!pskb_may_pull(skb, llc_len)))
+ return 0;
+
skb->h.raw += llc_len;
skb_pull(skb, llc_len);
if (skb->protocol == htons(ETH_P_802_2)) {
u16 pdulen = eth_hdr(skb)->h_proto,
data_size = ntohs(pdulen) - llc_len;
- skb_trim(skb, data_size);
+ if (unlikely(pskb_trim_rcsum(skb, data_size)))
+ return 0;
}
return 1;
}
struct llc_sap *sap;
struct llc_pdu_sn *pdu;
int dest;
+ int (*rcv)(struct sk_buff *, struct net_device *,
+ struct packet_type *, struct net_device *);
/*
* When the interface is in promisc. mode, drop all the crap that it
* First the upper layer protocols that don't need the full
* LLC functionality
*/
- if (sap->rcv_func) {
- sap->rcv_func(skb, dev, pt, orig_dev);
- goto out;
+ rcv = rcu_dereference(sap->rcv_func);
+ if (rcv) {
+ struct sk_buff *cskb = skb_clone(skb, GFP_ATOMIC);
+ if (cskb)
+ rcv(cskb, dev, pt, orig_dev);
}
dest = llc_pdu_type(skb);
if (unlikely(!dest || !llc_type_handlers[dest - 1]))
- goto drop;
+ goto drop_put;
llc_type_handlers[dest - 1](sap, skb);
+out_put:
+ llc_sap_put(sap);
out:
return 0;
drop:
kfree_skb(skb);
goto out;
+drop_put:
+ kfree_skb(skb);
+ goto out_put;
handle_station:
if (!llc_station_handler)
goto drop;