mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-11 23:50:25 +00:00
Merge branch 'master' of git://1984.lsi.us.es/net
This commit is contained in:
commit
ecd159fc5f
@ -287,7 +287,17 @@ extern unsigned int ip6t_do_table(struct sk_buff *skb,
|
||||
struct xt_table *table);
|
||||
|
||||
/* Check for an extension */
|
||||
extern int ip6t_ext_hdr(u8 nexthdr);
|
||||
static inline int
|
||||
ip6t_ext_hdr(u8 nexthdr)
|
||||
{ return (nexthdr == IPPROTO_HOPOPTS) ||
|
||||
(nexthdr == IPPROTO_ROUTING) ||
|
||||
(nexthdr == IPPROTO_FRAGMENT) ||
|
||||
(nexthdr == IPPROTO_ESP) ||
|
||||
(nexthdr == IPPROTO_AH) ||
|
||||
(nexthdr == IPPROTO_NONE) ||
|
||||
(nexthdr == IPPROTO_DSTOPTS);
|
||||
}
|
||||
|
||||
/* find specified header and get offset to it */
|
||||
extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
|
||||
int target, unsigned short *fragoff);
|
||||
|
@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
|
||||
|
||||
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
|
||||
if (iph == NULL)
|
||||
return -NF_DROP;
|
||||
return -NF_ACCEPT;
|
||||
|
||||
/* Conntrack defragments packets, we might still see fragments
|
||||
* inside ICMP packets though. */
|
||||
if (iph->frag_off & htons(IP_OFFSET))
|
||||
return -NF_DROP;
|
||||
return -NF_ACCEPT;
|
||||
|
||||
*dataoff = nhoff + (iph->ihl << 2);
|
||||
*protonum = iph->protocol;
|
||||
|
||||
/* Check bogus IP headers */
|
||||
if (*dataoff > skb->len) {
|
||||
pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: "
|
||||
"nhoff %u, ihl %u, skblen %u\n",
|
||||
nhoff, iph->ihl << 2, skb->len);
|
||||
return -NF_ACCEPT;
|
||||
}
|
||||
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
|
@ -78,19 +78,6 @@ EXPORT_SYMBOL_GPL(ip6t_alloc_initial_table);
|
||||
|
||||
Hence the start of any table is given by get_table() below. */
|
||||
|
||||
/* Check for an extension */
|
||||
int
|
||||
ip6t_ext_hdr(u8 nexthdr)
|
||||
{
|
||||
return (nexthdr == IPPROTO_HOPOPTS) ||
|
||||
(nexthdr == IPPROTO_ROUTING) ||
|
||||
(nexthdr == IPPROTO_FRAGMENT) ||
|
||||
(nexthdr == IPPROTO_ESP) ||
|
||||
(nexthdr == IPPROTO_AH) ||
|
||||
(nexthdr == IPPROTO_NONE) ||
|
||||
(nexthdr == IPPROTO_DSTOPTS);
|
||||
}
|
||||
|
||||
/* Returns whether matches rule or not. */
|
||||
/* Performance critical - called for every packet */
|
||||
static inline bool
|
||||
@ -2366,7 +2353,6 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
|
||||
EXPORT_SYMBOL(ip6t_register_table);
|
||||
EXPORT_SYMBOL(ip6t_unregister_table);
|
||||
EXPORT_SYMBOL(ip6t_do_table);
|
||||
EXPORT_SYMBOL(ip6t_ext_hdr);
|
||||
EXPORT_SYMBOL(ipv6_find_hdr);
|
||||
|
||||
module_init(ip6_tables_init);
|
||||
|
@ -1592,7 +1592,7 @@ static int nf_conntrack_init_net(struct net *net)
|
||||
return 0;
|
||||
|
||||
err_timeout:
|
||||
nf_conntrack_timeout_fini(net);
|
||||
nf_conntrack_ecache_fini(net);
|
||||
err_ecache:
|
||||
nf_conntrack_tstamp_fini(net);
|
||||
err_tstamp:
|
||||
|
@ -584,8 +584,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
|
||||
* Let's try to use the data from the packet.
|
||||
*/
|
||||
sender->td_end = end;
|
||||
win <<= sender->td_scale;
|
||||
sender->td_maxwin = (win == 0 ? 1 : win);
|
||||
swin = win << sender->td_scale;
|
||||
sender->td_maxwin = (swin == 0 ? 1 : swin);
|
||||
sender->td_maxend = end + sender->td_maxwin;
|
||||
/*
|
||||
* We haven't seen traffic in the other direction yet
|
||||
|
Loading…
x
Reference in New Issue
Block a user