Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index fdc4a95273439edd826eb928e0207420db4ea373..43c09d790b838151aba69d891638801a57e1e9d0 100644 (file)
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -79,7 +79,7 @@ enum nf_ip_hook_priorities {
 
 #ifdef __KERNEL__
 extern int ip_route_me_harder(struct sk_buff **pskb);
-
+extern int ip_xfrm_me_harder(struct sk_buff **pskb);
 #endif /*__KERNEL__*/
 
 #endif /*__LINUX_IP_NETFILTER_H*/

diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index cc047f7fb6efc9c4deb42d6aab17f48a778d0474..35cf3a07408725608f368ccfe97e338b3ab9e678 100644 (file)
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -67,7 +67,7 @@ void br_stp_disable_bridge(struct net_bridge *br)
 {
        struct net_bridge_port *p;
 
-       spin_lock(&br->lock);
+       spin_lock_bh(&br->lock);
        list_for_each_entry(p, &br->port_list, list) {
                if (p->state != BR_STATE_DISABLED)
                        br_stp_disable_port(p);
@@ -76,7 +76,7 @@ void br_stp_disable_bridge(struct net_bridge *br)
 
        br->topology_change = 0;
        br->topology_change_detected = 0;
-       spin_unlock(&br->lock);
+       spin_unlock_bh(&br->lock);
 
        del_timer_sync(&br->hello_timer);
        del_timer_sync(&br->topology_change_timer);

diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 52a3d7c579076e8bc7e260534ab4876032cf04af..ed42cdc57cd95c42614d1dc70d60a2b820dc1ed9 100644 (file)
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -78,6 +78,47 @@ int ip_route_me_harder(struct sk_buff **pskb)
 }
 EXPORT_SYMBOL(ip_route_me_harder);
 
+#ifdef CONFIG_XFRM
+int ip_xfrm_me_harder(struct sk_buff **pskb)
+{
+       struct flowi fl;
+       unsigned int hh_len;
+       struct dst_entry *dst;
+
+       if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)
+               return 0;
+       if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0)
+               return -1;
+
+       dst = (*pskb)->dst;
+       if (dst->xfrm)
+               dst = ((struct xfrm_dst *)dst)->route;
+       dst_hold(dst);
+
+       if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0)
+               return -1;
+
+       dst_release((*pskb)->dst);
+       (*pskb)->dst = dst;
+
+       /* Change in oif may mean change in hh_len. */
+       hh_len = (*pskb)->dst->dev->hard_header_len;
+       if (skb_headroom(*pskb) < hh_len) {
+               struct sk_buff *nskb;
+
+               nskb = skb_realloc_headroom(*pskb, hh_len);
+               if (!nskb)
+                       return -1;
+               if ((*pskb)->sk)
+                       skb_set_owner_w(nskb, (*pskb)->sk);
+               kfree_skb(*pskb);
+               *pskb = nskb;
+       }
+       return 0;
+}
+EXPORT_SYMBOL(ip_xfrm_me_harder);
+#endif
+
 void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
 EXPORT_SYMBOL(ip_nat_decode_session);
 

diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 92c54999a19d023d049af354123b096839757aad..7c3f7d380240b6fd1b00f90f9dfd87cea0b7b9b3 100644 (file)
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -235,19 +235,19 @@ ip_nat_out(unsigned int hooknum,
                return NF_ACCEPT;
 
        ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
+#ifdef CONFIG_XFRM
        if (ret != NF_DROP && ret != NF_STOLEN
            && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
                enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 
                if (ct->tuplehash[dir].tuple.src.ip !=
                    ct->tuplehash[!dir].tuple.dst.ip
-#ifdef CONFIG_XFRM
                    || ct->tuplehash[dir].tuple.src.u.all !=
                       ct->tuplehash[!dir].tuple.dst.u.all
-#endif
                    )
-                       return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
+                       return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP;
        }
+#endif
        return ret;
 }