Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [NET]: Fix MAX_HEADER setting.
  [NETFILTER]: ipt_REJECT: fix memory corruption
  [NETFILTER]: conntrack: fix refcount leak when finding expectation
  [NETFILTER]: ctnetlink: fix reference count leak
  [NETFILTER]: nf_conntrack: fix the race on assign helper to new conntrack
  [NETFILTER]: nfctnetlink: assign helper to newly created conntrack

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 9264139bd8df0ee171c2d52531fa626720c42a1f..83b8c4f1d69d98649b10f1967a8e5522fea592bc 100644 (file)
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -93,8 +93,10 @@ struct netpoll_info;
 #endif
 #endif
 
-#if !defined(CONFIG_NET_IPIP) && \
-    !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
+#if !defined(CONFIG_NET_IPIP) && !defined(CONFIG_NET_IPIP_MODULE) && \
+    !defined(CONFIG_NET_IPGRE) &&  !defined(CONFIG_NET_IPGRE_MODULE) && \
+    !defined(CONFIG_IPV6_SIT) && !defined(CONFIG_IPV6_SIT_MODULE) && \
+    !defined(CONFIG_IPV6_TUNNEL) && !defined(CONFIG_IPV6_TUNNEL_MODULE)
 #define MAX_HEADER LL_MAX_HEADER
 #else
 #define MAX_HEADER (LL_MAX_HEADER + 48)

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 143c4668538b40203063e2c6c741b395a0bf3fef..8b848aa77bfc39000ae75f9bb5969bd111280553 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -225,10 +225,8 @@ __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
        struct ip_conntrack_expect *i;
        
        list_for_each_entry(i, &ip_conntrack_expect_list, list) {
-               if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) {
-                       atomic_inc(&i->use);
+               if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
                        return i;
-               }
        }
        return NULL;
 }
@@ -241,6 +239,8 @@ ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
        
        read_lock_bh(&ip_conntrack_lock);
        i = __ip_conntrack_expect_find(tuple);
+       if (i)
+               atomic_inc(&i->use);
        read_unlock_bh(&ip_conntrack_lock);
 
        return i;

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 262d0d44ec1b5924aff8a3d7efe4ec6a1fbb2733..55f0ae64108157d6a9a8380d0cf46d6f08bd43c1 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -153,6 +153,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
        return ret;
 
 nfattr_failure:
+       ip_conntrack_proto_put(proto);
        return -1;
 }
 

diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index ad0312d0e4fd6a214c4ab1dc232268e9c2b52949..264763adc39bf43d6c8176455c3867687744f0f6 100644 (file)
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -114,6 +114,14 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        tcph->window = 0;
        tcph->urg_ptr = 0;
 
+       /* Adjust TCP checksum */
+       tcph->check = 0;
+       tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr),
+                                  nskb->nh.iph->saddr,
+                                  nskb->nh.iph->daddr,
+                                  csum_partial((char *)tcph,
+                                               sizeof(struct tcphdr), 0));
+
        /* Set DF, id = 0 */
        nskb->nh.iph->frag_off = htons(IP_DF);
        nskb->nh.iph->id = 0;
@@ -129,14 +137,8 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        if (ip_route_me_harder(&nskb, addr_type))
                goto free_nskb;
 
-       /* Adjust TCP checksum */
        nskb->ip_summed = CHECKSUM_NONE;
-       tcph->check = 0;
-       tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr),
-                                  nskb->nh.iph->saddr,
-                                  nskb->nh.iph->daddr,
-                                  csum_partial((char *)tcph,
-                                               sizeof(struct tcphdr), 0));
+
        /* Adjust IP TTL */
        nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
 

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 836541e509fe14e67e04c10012b94ae594c0446b..de0567b1f4223a898f9004a2c436c9cf7110ac9d 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -469,10 +469,8 @@ __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple)
        struct nf_conntrack_expect *i;
        
        list_for_each_entry(i, &nf_conntrack_expect_list, list) {
-               if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) {
-                       atomic_inc(&i->use);
+               if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
                        return i;
-               }
        }
        return NULL;
 }
@@ -485,6 +483,8 @@ nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple)
        
        read_lock_bh(&nf_conntrack_lock);
        i = __nf_conntrack_expect_find(tuple);
+       if (i)
+               atomic_inc(&i->use);
        read_unlock_bh(&nf_conntrack_lock);
 
        return i;
@@ -893,12 +893,6 @@ __nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
 
        memset(conntrack, 0, nf_ct_cache[features].size);
        conntrack->features = features;
-       if (helper) {
-               struct nf_conn_help *help = nfct_help(conntrack);
-               NF_CT_ASSERT(help);
-               help->helper = helper;
-       }
-
        atomic_set(&conntrack->ct_general.use, 1);
        conntrack->ct_general.destroy = destroy_conntrack;
        conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
@@ -982,8 +976,13 @@ init_conntrack(const struct nf_conntrack_tuple *tuple,
 #endif
                nf_conntrack_get(&conntrack->master->ct_general);
                NF_CT_STAT_INC(expect_new);
-       } else
+       } else {
+               struct nf_conn_help *help = nfct_help(conntrack);
+
+               if (help)
+                       help->helper = __nf_ct_helper_find(&repl_tuple);
                NF_CT_STAT_INC(new);
+       }
 
        /* Overload tuple linked list to put us in unconfirmed list. */
        list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed);

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bd0156a28ecdbb1c90b1f927d0d5520e4a8984c5..ab67c2be2b5dee92d2f8a4719c648110d173eb35 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -161,6 +161,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct)
        return ret;
 
 nfattr_failure:
+       nf_ct_proto_put(proto);
        return -1;
 }
 
@@ -949,6 +950,7 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
 {
        struct nf_conn *ct;
        int err = -EINVAL;
+       struct nf_conn_help *help;
 
        ct = nf_conntrack_alloc(otuple, rtuple);
        if (ct == NULL || IS_ERR(ct))
@@ -976,9 +978,16 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
                ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
 #endif
 
+       help = nfct_help(ct);
+       if (help)
+               help->helper = nf_ct_helper_find_get(rtuple);
+
        add_timer(&ct->timeout);
        nf_conntrack_hash_insert(ct);
 
+       if (help && help->helper)
+               nf_ct_helper_put(help->helper);
+
        return 0;
 
 err: