Commit ecd159fc authored by David S. Miller's avatar David S. Miller

Merge branch 'master' of git://1984.lsi.us.es/net

parents f68e556e 6ba90067
...@@ -287,7 +287,17 @@ extern unsigned int ip6t_do_table(struct sk_buff *skb, ...@@ -287,7 +287,17 @@ extern unsigned int ip6t_do_table(struct sk_buff *skb,
struct xt_table *table); struct xt_table *table);
/* Check for an extension */ /* Check for an extension */
extern int ip6t_ext_hdr(u8 nexthdr); static inline int
ip6t_ext_hdr(u8 nexthdr)
{ return (nexthdr == IPPROTO_HOPOPTS) ||
(nexthdr == IPPROTO_ROUTING) ||
(nexthdr == IPPROTO_FRAGMENT) ||
(nexthdr == IPPROTO_ESP) ||
(nexthdr == IPPROTO_AH) ||
(nexthdr == IPPROTO_NONE) ||
(nexthdr == IPPROTO_DSTOPTS);
}
/* find specified header and get offset to it */ /* find specified header and get offset to it */
extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
int target, unsigned short *fragoff); int target, unsigned short *fragoff);
......
...@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, ...@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
if (iph == NULL) if (iph == NULL)
return -NF_DROP; return -NF_ACCEPT;
/* Conntrack defragments packets, we might still see fragments /* Conntrack defragments packets, we might still see fragments
* inside ICMP packets though. */ * inside ICMP packets though. */
if (iph->frag_off & htons(IP_OFFSET)) if (iph->frag_off & htons(IP_OFFSET))
return -NF_DROP; return -NF_ACCEPT;
*dataoff = nhoff + (iph->ihl << 2); *dataoff = nhoff + (iph->ihl << 2);
*protonum = iph->protocol; *protonum = iph->protocol;
/* Check bogus IP headers */
if (*dataoff > skb->len) {
pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: "
"nhoff %u, ihl %u, skblen %u\n",
nhoff, iph->ihl << 2, skb->len);
return -NF_ACCEPT;
}
return NF_ACCEPT; return NF_ACCEPT;
} }
......
...@@ -78,19 +78,6 @@ EXPORT_SYMBOL_GPL(ip6t_alloc_initial_table); ...@@ -78,19 +78,6 @@ EXPORT_SYMBOL_GPL(ip6t_alloc_initial_table);
Hence the start of any table is given by get_table() below. */ Hence the start of any table is given by get_table() below. */
/* Check for an extension */
int
ip6t_ext_hdr(u8 nexthdr)
{
return (nexthdr == IPPROTO_HOPOPTS) ||
(nexthdr == IPPROTO_ROUTING) ||
(nexthdr == IPPROTO_FRAGMENT) ||
(nexthdr == IPPROTO_ESP) ||
(nexthdr == IPPROTO_AH) ||
(nexthdr == IPPROTO_NONE) ||
(nexthdr == IPPROTO_DSTOPTS);
}
/* Returns whether matches rule or not. */ /* Returns whether matches rule or not. */
/* Performance critical - called for every packet */ /* Performance critical - called for every packet */
static inline bool static inline bool
...@@ -2366,7 +2353,6 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, ...@@ -2366,7 +2353,6 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
EXPORT_SYMBOL(ip6t_register_table); EXPORT_SYMBOL(ip6t_register_table);
EXPORT_SYMBOL(ip6t_unregister_table); EXPORT_SYMBOL(ip6t_unregister_table);
EXPORT_SYMBOL(ip6t_do_table); EXPORT_SYMBOL(ip6t_do_table);
EXPORT_SYMBOL(ip6t_ext_hdr);
EXPORT_SYMBOL(ipv6_find_hdr); EXPORT_SYMBOL(ipv6_find_hdr);
module_init(ip6_tables_init); module_init(ip6_tables_init);
......
...@@ -1592,7 +1592,7 @@ static int nf_conntrack_init_net(struct net *net) ...@@ -1592,7 +1592,7 @@ static int nf_conntrack_init_net(struct net *net)
return 0; return 0;
err_timeout: err_timeout:
nf_conntrack_timeout_fini(net); nf_conntrack_ecache_fini(net);
err_ecache: err_ecache:
nf_conntrack_tstamp_fini(net); nf_conntrack_tstamp_fini(net);
err_tstamp: err_tstamp:
......
...@@ -584,8 +584,8 @@ static bool tcp_in_window(const struct nf_conn *ct, ...@@ -584,8 +584,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
* Let's try to use the data from the packet. * Let's try to use the data from the packet.
*/ */
sender->td_end = end; sender->td_end = end;
win <<= sender->td_scale; swin = win << sender->td_scale;
sender->td_maxwin = (win == 0 ? 1 : win); sender->td_maxwin = (swin == 0 ? 1 : swin);
sender->td_maxend = end + sender->td_maxwin; sender->td_maxend = end + sender->td_maxwin;
/* /*
* We haven't seen traffic in the other direction yet * We haven't seen traffic in the other direction yet
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment