Commit d8d8f6a4fd635dcc9e4f946394c1fbde85eeab66
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Showing 20 changed files Side-by-side Diff
- include/linux/filter.h
- include/linux/inet.h
- include/linux/ip.h
- include/net/sock.h
- net/atm/br2684.c
- net/bridge/br_input.c
- net/bridge/br_netfilter.c
- net/core/filter.c
- net/core/pktgen.c
- net/core/utils.c
- net/ethernet/eth.c
- net/ipv4/ip_fragment.c
- net/ipv4/ip_output.c
- net/ipv4/ipvs/ip_vs_xmit.c
- net/ipv4/netfilter/ipt_helper.c
- net/x25/af_x25.c
- net/xfrm/xfrm_user.c
- security/selinux/include/av_perm_to_string.h
- security/selinux/include/av_permissions.h
- security/selinux/xfrm.c
include/linux/filter.h
... | ... | @@ -143,7 +143,7 @@ |
143 | 143 | struct sk_buff; |
144 | 144 | struct sock; |
145 | 145 | |
146 | -extern int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen); | |
146 | +extern unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen); | |
147 | 147 | extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); |
148 | 148 | extern int sk_chk_filter(struct sock_filter *filter, int flen); |
149 | 149 | #endif /* __KERNEL__ */ |
include/linux/inet.h
include/linux/ip.h
... | ... | @@ -90,14 +90,14 @@ |
90 | 90 | #error "Please fix <asm/byteorder.h>" |
91 | 91 | #endif |
92 | 92 | __u8 tos; |
93 | - __u16 tot_len; | |
94 | - __u16 id; | |
95 | - __u16 frag_off; | |
93 | + __be16 tot_len; | |
94 | + __be16 id; | |
95 | + __be16 frag_off; | |
96 | 96 | __u8 ttl; |
97 | 97 | __u8 protocol; |
98 | 98 | __u16 check; |
99 | - __u32 saddr; | |
100 | - __u32 daddr; | |
99 | + __be32 saddr; | |
100 | + __be32 daddr; | |
101 | 101 | /*The options start here. */ |
102 | 102 | }; |
103 | 103 |
include/net/sock.h
... | ... | @@ -856,8 +856,8 @@ |
856 | 856 | |
857 | 857 | filter = sk->sk_filter; |
858 | 858 | if (filter) { |
859 | - int pkt_len = sk_run_filter(skb, filter->insns, | |
860 | - filter->len); | |
859 | + unsigned int pkt_len = sk_run_filter(skb, filter->insns, | |
860 | + filter->len); | |
861 | 861 | if (!pkt_len) |
862 | 862 | err = -EPERM; |
863 | 863 | else |
net/atm/br2684.c
net/bridge/br_input.c
net/bridge/br_netfilter.c
... | ... | @@ -394,8 +394,9 @@ |
394 | 394 | * target in particular. Save the original destination IP |
395 | 395 | * address to be able to detect DNAT afterwards. */ |
396 | 396 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, |
397 | - const struct net_device *in, const struct net_device *out, | |
398 | - int (*okfn)(struct sk_buff *)) | |
397 | + const struct net_device *in, | |
398 | + const struct net_device *out, | |
399 | + int (*okfn)(struct sk_buff *)) | |
399 | 400 | { |
400 | 401 | struct iphdr *iph; |
401 | 402 | __u32 len; |
402 | 403 | |
... | ... | @@ -412,8 +413,10 @@ |
412 | 413 | goto out; |
413 | 414 | |
414 | 415 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { |
416 | + u8 *vhdr = skb->data; | |
415 | 417 | skb_pull(skb, VLAN_HLEN); |
416 | - (skb)->nh.raw += VLAN_HLEN; | |
418 | + skb_postpull_rcsum(skb, vhdr, VLAN_HLEN); | |
419 | + skb->nh.raw += VLAN_HLEN; | |
417 | 420 | } |
418 | 421 | return br_nf_pre_routing_ipv6(hook, skb, in, out, okfn); |
419 | 422 | } |
420 | 423 | |
... | ... | @@ -429,8 +432,10 @@ |
429 | 432 | goto out; |
430 | 433 | |
431 | 434 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { |
435 | + u8 *vhdr = skb->data; | |
432 | 436 | skb_pull(skb, VLAN_HLEN); |
433 | - (skb)->nh.raw += VLAN_HLEN; | |
437 | + skb_postpull_rcsum(skb, vhdr, VLAN_HLEN); | |
438 | + skb->nh.raw += VLAN_HLEN; | |
434 | 439 | } |
435 | 440 | |
436 | 441 | if (!pskb_may_pull(skb, sizeof(struct iphdr))) |
net/core/filter.c
... | ... | @@ -75,7 +75,7 @@ |
75 | 75 | * len is the number of filter blocks in the array. |
76 | 76 | */ |
77 | 77 | |
78 | -int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen) | |
78 | +unsigned int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen) | |
79 | 79 | { |
80 | 80 | struct sock_filter *fentry; /* We walk down these */ |
81 | 81 | void *ptr; |
82 | 82 | |
... | ... | @@ -241,9 +241,9 @@ |
241 | 241 | A = X; |
242 | 242 | continue; |
243 | 243 | case BPF_RET|BPF_K: |
244 | - return ((unsigned int)fentry->k); | |
244 | + return fentry->k; | |
245 | 245 | case BPF_RET|BPF_A: |
246 | - return ((unsigned int)A); | |
246 | + return A; | |
247 | 247 | case BPF_ST: |
248 | 248 | mem[fentry->k] = A; |
249 | 249 | continue; |
net/core/pktgen.c
... | ... | @@ -473,7 +473,6 @@ |
473 | 473 | |
474 | 474 | static int pktgen_remove_device(struct pktgen_thread* t, struct pktgen_dev *i); |
475 | 475 | static int pktgen_add_device(struct pktgen_thread* t, const char* ifname); |
476 | -static struct pktgen_thread* pktgen_find_thread(const char* name); | |
477 | 476 | static struct pktgen_dev *pktgen_find_dev(struct pktgen_thread* t, const char* ifname); |
478 | 477 | static int pktgen_device_event(struct notifier_block *, unsigned long, void *); |
479 | 478 | static void pktgen_run_all_threads(void); |
... | ... | @@ -2883,7 +2882,7 @@ |
2883 | 2882 | return add_dev_to_thread(t, pkt_dev); |
2884 | 2883 | } |
2885 | 2884 | |
2886 | -static struct pktgen_thread *pktgen_find_thread(const char* name) | |
2885 | +static struct pktgen_thread * __init pktgen_find_thread(const char* name) | |
2887 | 2886 | { |
2888 | 2887 | struct pktgen_thread *t = NULL; |
2889 | 2888 | |
... | ... | @@ -2900,7 +2899,7 @@ |
2900 | 2899 | return t; |
2901 | 2900 | } |
2902 | 2901 | |
2903 | -static int pktgen_create_thread(const char* name, int cpu) | |
2902 | +static int __init pktgen_create_thread(const char* name, int cpu) | |
2904 | 2903 | { |
2905 | 2904 | struct pktgen_thread *t = NULL; |
2906 | 2905 | struct proc_dir_entry *pe; |
net/core/utils.c
net/ethernet/eth.c
net/ipv4/ip_fragment.c
net/ipv4/ip_output.c
... | ... | @@ -418,7 +418,7 @@ |
418 | 418 | struct sk_buff *skb2; |
419 | 419 | unsigned int mtu, hlen, left, len, ll_rs; |
420 | 420 | int offset; |
421 | - int not_last_frag; | |
421 | + __be16 not_last_frag; | |
422 | 422 | struct rtable *rt = (struct rtable*)skb->dst; |
423 | 423 | int err = 0; |
424 | 424 | |
... | ... | @@ -1180,7 +1180,7 @@ |
1180 | 1180 | struct ip_options *opt = NULL; |
1181 | 1181 | struct rtable *rt = inet->cork.rt; |
1182 | 1182 | struct iphdr *iph; |
1183 | - int df = 0; | |
1183 | + __be16 df = 0; | |
1184 | 1184 | __u8 ttl; |
1185 | 1185 | int err = 0; |
1186 | 1186 |
net/ipv4/ipvs/ip_vs_xmit.c
... | ... | @@ -322,7 +322,7 @@ |
322 | 322 | struct net_device *tdev; /* Device to other host */ |
323 | 323 | struct iphdr *old_iph = skb->nh.iph; |
324 | 324 | u8 tos = old_iph->tos; |
325 | - u16 df = old_iph->frag_off; | |
325 | + __be16 df = old_iph->frag_off; | |
326 | 326 | struct iphdr *iph; /* Our new IP header */ |
327 | 327 | int max_headroom; /* The extra header space needed */ |
328 | 328 | int mtu; |
net/ipv4/netfilter/ipt_helper.c
... | ... | @@ -13,6 +13,7 @@ |
13 | 13 | #include <linux/module.h> |
14 | 14 | #include <linux/skbuff.h> |
15 | 15 | #include <linux/netfilter.h> |
16 | +#include <linux/interrupt.h> | |
16 | 17 | #if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE) |
17 | 18 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
18 | 19 | #include <linux/netfilter_ipv4/ip_conntrack_core.h> |
net/x25/af_x25.c
... | ... | @@ -540,12 +540,7 @@ |
540 | 540 | sk->sk_state = TCP_ESTABLISHED; |
541 | 541 | sk->sk_sleep = osk->sk_sleep; |
542 | 542 | sk->sk_backlog_rcv = osk->sk_backlog_rcv; |
543 | - | |
544 | - if (sock_flag(osk, SOCK_ZAPPED)) | |
545 | - sock_set_flag(sk, SOCK_ZAPPED); | |
546 | - | |
547 | - if (sock_flag(osk, SOCK_DBG)) | |
548 | - sock_set_flag(sk, SOCK_DBG); | |
543 | + sock_copy_flags(sk, osk); | |
549 | 544 | |
550 | 545 | ox25 = x25_sk(osk); |
551 | 546 | x25->t21 = ox25->t21; |
net/xfrm/xfrm_user.c
security/selinux/include/av_perm_to_string.h
... | ... | @@ -238,6 +238,5 @@ |
238 | 238 | S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") |
239 | 239 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") |
240 | 240 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") |
241 | - S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELFROM, "relabelfrom") | |
242 | - S_(SECCLASS_ASSOCIATION, ASSOCIATION__RELABELTO, "relabelto") | |
241 | + S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") |
security/selinux/include/av_permissions.h
... | ... | @@ -908,8 +908,7 @@ |
908 | 908 | |
909 | 909 | #define ASSOCIATION__SENDTO 0x00000001UL |
910 | 910 | #define ASSOCIATION__RECVFROM 0x00000002UL |
911 | -#define ASSOCIATION__RELABELFROM 0x00000004UL | |
912 | -#define ASSOCIATION__RELABELTO 0x00000008UL | |
911 | +#define ASSOCIATION__SETCONTEXT 0x00000004UL | |
913 | 912 | |
914 | 913 | #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL |
915 | 914 | #define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL |
security/selinux/xfrm.c
... | ... | @@ -137,15 +137,9 @@ |
137 | 137 | * Must be permitted to relabel from default socket type (process type) |
138 | 138 | * to specified context |
139 | 139 | */ |
140 | - rc = avc_has_perm(tsec->sid, tsec->sid, | |
141 | - SECCLASS_ASSOCIATION, | |
142 | - ASSOCIATION__RELABELFROM, NULL); | |
143 | - if (rc) | |
144 | - goto out; | |
145 | - | |
146 | 140 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, |
147 | 141 | SECCLASS_ASSOCIATION, |
148 | - ASSOCIATION__RELABELTO, NULL); | |
142 | + ASSOCIATION__SETCONTEXT, NULL); | |
149 | 143 | if (rc) |
150 | 144 | goto out; |
151 | 145 |