tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
net: missing bits of net-namespace / sysctl
ipcomp: Fix warnings after ipcomp consolidation.
dccp: Add check for truncated ICMPv6 DCCP error packets
dccp: Fix incorrect length check for ICMPv4 packets
dccp: Add check for sequence number in ICMPv6 message
dccp: Fix sequence number check for ICMPv4 packets
dccp: Bug-Fix - AWL was never updated
dccp: Allow to distinguish original and retransmitted packets

Linus Torvalds 4f31f308 14863617

+58 -50
unified split
+1 -1
net/dccp/dccp.h
··· 226 226 227 227 extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb); 228 228 229 - extern int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb); 229 + extern int dccp_retransmit_skb(struct sock *sk); 230 230 231 231 extern void dccp_send_ack(struct sock *sk); 232 232 extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk);
+5 -4
net/dccp/ipv4.c
··· 196 196 static void dccp_v4_err(struct sk_buff *skb, u32 info) 197 197 { 198 198 const struct iphdr *iph = (struct iphdr *)skb->data; 199 - const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + 200 - (iph->ihl << 2)); 199 + const u8 offset = iph->ihl << 2; 200 + const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 201 201 struct dccp_sock *dp; 202 202 struct inet_sock *inet; 203 203 const int type = icmp_hdr(skb)->type; ··· 207 207 int err; 208 208 struct net *net = dev_net(skb->dev); 209 209 210 - if (skb->len < (iph->ihl << 2) + 8) { 210 + if (skb->len < offset + sizeof(*dh) || 211 + skb->len < offset + __dccp_basic_hdr_len(dh)) { 211 212 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS); 212 213 return; 213 214 } ··· 239 238 dp = dccp_sk(sk); 240 239 seq = dccp_hdr_seq(dh); 241 240 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 242 - !between48(seq, dp->dccps_swl, dp->dccps_swh)) { 241 + !between48(seq, dp->dccps_awl, dp->dccps_awh)) { 243 242 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 244 243 goto out; 245 244 }
+15 -1
net/dccp/ipv6.c
··· 89 89 { 90 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 91 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 92 + struct dccp_sock *dp; 92 93 struct ipv6_pinfo *np; 93 94 struct sock *sk; 94 95 int err; 95 96 __u64 seq; 96 97 struct net *net = dev_net(skb->dev); 98 + 99 + if (skb->len < offset + sizeof(*dh) || 100 + skb->len < offset + __dccp_basic_hdr_len(dh)) { 101 + ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 102 + return; 103 + } 97 104 98 105 sk = inet6_lookup(net, &dccp_hashinfo, 99 106 &hdr->daddr, dh->dccph_dport, ··· 122 115 123 116 if (sk->sk_state == DCCP_CLOSED) 124 117 goto out; 118 + 119 + dp = dccp_sk(sk); 120 + seq = dccp_hdr_seq(dh); 121 + if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 122 + !between48(seq, dp->dccps_awl, dp->dccps_awh)) { 123 + NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 124 + goto out; 125 + } 125 126 126 127 np = inet6_sk(sk); 127 128 ··· 183 168 184 169 icmpv6_err_convert(type, code, &err); 185 170 186 - seq = dccp_hdr_seq(dh); 187 171 /* Might be for an request_sock */ 188 172 switch (sk->sk_state) { 189 173 struct request_sock *req, **prev;
+31 -22
net/dccp/output.c
··· 53 53 dccp_packet_hdr_len(dcb->dccpd_type); 54 54 int err, set_ack = 1; 55 55 u64 ackno = dp->dccps_gsr; 56 - 57 - dccp_inc_seqno(&dp->dccps_gss); 56 + /* 57 + * Increment GSS here already in case the option code needs it. 58 + * Update GSS for real only if option processing below succeeds. 59 + */ 60 + dcb->dccpd_seq = ADD48(dp->dccps_gss, 1); 58 61 59 62 switch (dcb->dccpd_type) { 60 63 case DCCP_PKT_DATA: ··· 69 66 70 67 case DCCP_PKT_REQUEST: 71 68 set_ack = 0; 69 + /* Use ISS on the first (non-retransmitted) Request. */ 70 + if (icsk->icsk_retransmits == 0) 71 + dcb->dccpd_seq = dp->dccps_iss; 72 72 /* fall through */ 73 73 74 74 case DCCP_PKT_SYNC: ··· 90 84 break; 91 85 } 92 86 93 - dcb->dccpd_seq = dp->dccps_gss; 94 - 95 87 if (dccp_insert_options(sk, skb)) { 96 88 kfree_skb(skb); 97 89 return -EPROTO; ··· 107 103 /* XXX For now we're using only 48 bits sequence numbers */ 108 104 dh->dccph_x = 1; 109 105 110 - dp->dccps_awh = dp->dccps_gss; 106 + dccp_update_gss(sk, dcb->dccpd_seq); 111 107 dccp_hdr_set_seq(dh, dp->dccps_gss); 112 108 if (set_ack) 113 109 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno); ··· 116 112 case DCCP_PKT_REQUEST: 117 113 dccp_hdr_request(skb)->dccph_req_service = 118 114 dp->dccps_service; 115 + /* 116 + * Limit Ack window to ISS <= P.ackno <= GSS, so that 117 + * only Responses to Requests we sent are considered. 118 + */ 119 + dp->dccps_awl = dp->dccps_iss; 119 120 break; 120 121 case DCCP_PKT_RESET: 121 122 dccp_hdr_reset(skb)->dccph_reset_code = ··· 293 284 } 294 285 } 295 286 296 - int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb) 287 + /** 288 + * dccp_retransmit_skb - Retransmit Request, Close, or CloseReq packets 289 + * There are only four retransmittable packet types in DCCP: 290 + * - Request in client-REQUEST state (sec. 8.1.1), 291 + * - CloseReq in server-CLOSEREQ state (sec. 8.3), 292 + * - Close in node-CLOSING state (sec. 8.3), 293 + * - Acks in client-PARTOPEN state (sec. 8.1.5, handled by dccp_delack_timer()). 294 + * This function expects sk->sk_send_head to contain the original skb. 295 + */ 296 + int dccp_retransmit_skb(struct sock *sk) 297 297 { 298 + WARN_ON(sk->sk_send_head == NULL); 299 + 298 300 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0) 299 301 return -EHOSTUNREACH; /* Routing failure or similar. */ 300 302 301 - return dccp_transmit_skb(sk, (skb_cloned(skb) ? 302 - pskb_copy(skb, GFP_ATOMIC): 303 - skb_clone(skb, GFP_ATOMIC))); 303 + /* this count is used to distinguish original and retransmitted skb */ 304 + inet_csk(sk)->icsk_retransmits++; 305 + 306 + return dccp_transmit_skb(sk, skb_clone(sk->sk_send_head, GFP_ATOMIC)); 304 307 } 305 308 306 309 struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst, ··· 458 437 459 438 dccp_sync_mss(sk, dst_mtu(dst)); 460 439 461 - /* 462 - * SWL and AWL are initially adjusted so that they are not less than 463 - * the initial Sequence Numbers received and sent, respectively: 464 - * SWL := max(GSR + 1 - floor(W/4), ISR), 465 - * AWL := max(GSS - W' + 1, ISS). 466 - * These adjustments MUST be applied only at the beginning of the 467 - * connection. 468 - */ 469 - dccp_update_gss(sk, dp->dccps_iss); 470 - dccp_set_seqno(&dp->dccps_awl, max48(dp->dccps_awl, dp->dccps_iss)); 471 - 472 - /* S.GAR - greatest valid acknowledgement number received on a non-Sync; 473 - * initialized to S.ISS (sec. 8.5) */ 440 + /* Initialise GAR as per 8.5; AWL/AWH are set in dccp_transmit_skb() */ 474 441 dp->dccps_gar = dp->dccps_iss; 475 442 476 443 icsk->icsk_retransmits = 0;
+4 -16
net/dccp/timer.c
··· 99 99 } 100 100 101 101 /* 102 - * sk->sk_send_head has to have one skb with 103 - * DCCP_SKB_CB(skb)->dccpd_type set to one of the retransmittable DCCP 104 - * packet types. The only packets eligible for retransmission are: 105 - * -- Requests in client-REQUEST state (sec. 8.1.1) 106 - * -- Acks in client-PARTOPEN state (sec. 8.1.5) 107 - * -- CloseReq in server-CLOSEREQ state (sec. 8.3) 108 - * -- Close in node-CLOSING state (sec. 8.3) */ 109 - WARN_ON(sk->sk_send_head == NULL); 110 - 111 - /* 112 102 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was 113 103 * sent, no need to retransmit, this sock is dead. 114 104 */ 115 105 if (dccp_write_timeout(sk)) 116 - goto out; 106 + return; 117 107 118 108 /* 119 109 * We want to know the number of packets retransmitted, not the ··· 112 122 if (icsk->icsk_retransmits == 0) 113 123 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS); 114 124 115 - if (dccp_retransmit_skb(sk, sk->sk_send_head) < 0) { 125 + if (dccp_retransmit_skb(sk) != 0) { 116 126 /* 117 127 * Retransmission failed because of local congestion, 118 128 * do not backoff. 119 129 */ 120 - if (icsk->icsk_retransmits == 0) 130 + if (--icsk->icsk_retransmits == 0) 121 131 icsk->icsk_retransmits = 1; 122 132 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 123 133 min(icsk->icsk_rto, 124 134 TCP_RESOURCE_PROBE_INTERVAL), 125 135 DCCP_RTO_MAX); 126 - goto out; 136 + return; 127 137 } 128 138 129 139 backoff: 130 140 icsk->icsk_backoff++; 131 - icsk->icsk_retransmits++; 132 141 133 142 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX); 134 143 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto, 135 144 DCCP_RTO_MAX); 136 145 if (icsk->icsk_retransmits > sysctl_dccp_retries1) 137 146 __sk_dst_reset(sk); 138 - out:; 139 147 } 140 148 141 149 static void dccp_write_timer(unsigned long data)
+1 -3
net/ipv4/ipcomp.c
··· 104 104 105 105 static int ipcomp4_init_state(struct xfrm_state *x) 106 106 { 107 - int err; 108 - struct ipcomp_data *ipcd; 109 - struct xfrm_algo_desc *calg_desc; 107 + int err = -EINVAL; 110 108 111 109 x->props.header_len = 0; 112 110 switch (x->props.mode) {
+1 -3
net/ipv6/ipcomp6.c
··· 134 134 135 135 static int ipcomp6_init_state(struct xfrm_state *x) 136 136 { 137 - int err; 138 - struct ipcomp_data *ipcd; 139 - struct xfrm_algo_desc *calg_desc; 137 + int err = -EINVAL; 140 138 141 139 x->props.header_len = 0; 142 140 switch (x->props.mode) {