leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

Browse Source
This commit is contained in:
Linus Torvalds 2005-12-01 15:54:00 -08:00
commit deda498710
4 changed files with 47 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/ipv4/fib_frontend.c
View File

@ -544,12 +544,16 @@ static void nl_fib_input(struct sock *sk, int len)
struct sk_buff *skb = NULL; struct sk_buff *skb = NULL;
struct nlmsghdr *nlh = NULL; struct nlmsghdr *nlh = NULL;
struct fib_result_nl *frn; struct fib_result_nl *frn;
int err;
u32 pid; u32 pid;
struct fib_table *tb; struct fib_table *tb;
skb = skb_recv_datagram(sk, 0, 0, &err); skb = skb_dequeue(&sk->sk_receive_queue);
nlh = (struct nlmsghdr *)skb->data; nlh = (struct nlmsghdr *)skb->data;
if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len ||
nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*frn))) {
kfree_skb(skb);
return;
}
frn = (struct fib_result_nl *) NLMSG_DATA(nlh); frn = (struct fib_result_nl *) NLMSG_DATA(nlh);
tb = fib_get_table(frn->tb_id_in); tb = fib_get_table(frn->tb_id_in);

29
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
View File

@ -272,9 +272,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL * sCL -> sCL
*/ */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */ /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/ { sIV, sIV, sSR, sES, sCW, sCW, sTW, sTW, sCL, sIV }, /*ack*/ { sIV, sIG, sSR, sES, sCW, sCW, sTW, sTW, sCL, sIV },
/* /*
* sSS -> sIV Might be a half-open connection. * sSS -> sIG Might be a half-open connection.
* sSR -> sSR Might answer late resent SYN. * sSR -> sSR Might answer late resent SYN.
* sES -> sES :-) * sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK. * sFW -> sCW Normal close request answered by ACK.
@ -917,8 +917,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
switch (new_state) { switch (new_state) {
case TCP_CONNTRACK_IGNORE: case TCP_CONNTRACK_IGNORE:
/* Either SYN in ORIGINAL /* Ignored packets:
* or SYN/ACK in REPLY. */ *
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
*/
if (index == TCP_SYNACK_SET if (index == TCP_SYNACK_SET
&& conntrack->proto.tcp.last_index == TCP_SYN_SET && conntrack->proto.tcp.last_index == TCP_SYN_SET
&& conntrack->proto.tcp.last_dir != dir && conntrack->proto.tcp.last_dir != dir
@ -985,13 +989,20 @@ static int tcp_packet(struct ip_conntrack *conntrack,
} }
case TCP_CONNTRACK_CLOSE: case TCP_CONNTRACK_CLOSE:
if (index == TCP_RST_SET if (index == TCP_RST_SET
&& test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
&& conntrack->proto.tcp.last_index == TCP_SYN_SET && conntrack->proto.tcp.last_index == TCP_SYN_SET)
|| (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
&& conntrack->proto.tcp.last_index == TCP_ACK_SET))
&& ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) { && ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) {
/* RST sent to invalid SYN we had let trough /* RST sent to invalid SYN or ACK we had let trough
* SYN was in window then, tear down connection. * at a) and c) above:
*
* a) SYN was in window then
* c) we hold a half-open connection.
*
* Delete our connection entry.
* We skip window checking, because packet might ACK * We skip window checking, because packet might ACK
* segments we ignored in the SYN. */ * segments we ignored. */
goto in_window; goto in_window;
} }
/* Just fall trough */ /* Just fall trough */

1
net/ipv4/netfilter/ipt_recent.c
View File

@ -532,6 +532,7 @@ match(const struct sk_buff *skb,
} }
if(info->seconds && info->hit_count) { if(info->seconds && info->hit_count) {
for(pkt_count = 0, hits_found = 0; pkt_count < ip_pkt_list_tot; pkt_count++) { for(pkt_count = 0, hits_found = 0; pkt_count < ip_pkt_list_tot; pkt_count++) {
if(r_list[location].last_pkts[pkt_count] == 0) break;
if(time_before_eq(now,r_list[location].last_pkts[pkt_count]+info->seconds*HZ)) hits_found++; if(time_before_eq(now,r_list[location].last_pkts[pkt_count]+info->seconds*HZ)) hits_found++;
} }
if(hits_found >= info->hit_count) ans = !info->invert; else ans = info->invert; if(hits_found >= info->hit_count) ans = !info->invert; else ans = info->invert;

29
net/netfilter/nf_conntrack_proto_tcp.c
View File

@ -280,9 +280,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL * sCL -> sCL
*/ */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */ /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/ { sIV, sIV, sSR, sES, sCW, sCW, sTW, sTW, sCL, sIV }, /*ack*/ { sIV, sIG, sSR, sES, sCW, sCW, sTW, sTW, sCL, sIV },
/* /*
* sSS -> sIV Might be a half-open connection. * sSS -> sIG Might be a half-open connection.
* sSR -> sSR Might answer late resent SYN. * sSR -> sSR Might answer late resent SYN.
* sES -> sES :-) * sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK. * sFW -> sCW Normal close request answered by ACK.
@ -912,8 +912,12 @@ static int tcp_packet(struct nf_conn *conntrack,
switch (new_state) { switch (new_state) {
case TCP_CONNTRACK_IGNORE: case TCP_CONNTRACK_IGNORE:
/* Either SYN in ORIGINAL /* Ignored packets:
* or SYN/ACK in REPLY. */ *
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
*/
if (index == TCP_SYNACK_SET if (index == TCP_SYNACK_SET
&& conntrack->proto.tcp.last_index == TCP_SYN_SET && conntrack->proto.tcp.last_index == TCP_SYN_SET
&& conntrack->proto.tcp.last_dir != dir && conntrack->proto.tcp.last_dir != dir
@ -979,13 +983,20 @@ static int tcp_packet(struct nf_conn *conntrack,
} }
case TCP_CONNTRACK_CLOSE: case TCP_CONNTRACK_CLOSE:
if (index == TCP_RST_SET if (index == TCP_RST_SET
&& test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
&& conntrack->proto.tcp.last_index == TCP_SYN_SET && conntrack->proto.tcp.last_index == TCP_SYN_SET)
|| (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
&& conntrack->proto.tcp.last_index == TCP_ACK_SET))
&& ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) { && ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) {
/* RST sent to invalid SYN we had let trough /* RST sent to invalid SYN or ACK we had let trough
* SYN was in window then, tear down connection. * at a) and c) above:
*
* a) SYN was in window then
* c) we hold a half-open connection.
*
* Delete our connection entry.
* We skip window checking, because packet might ACK * We skip window checking, because packet might ACK
* segments we ignored in the SYN. */ * segments we ignored. */
goto in_window; goto in_window;
} }
/* Just fall trough */ /* Just fall trough */