summaryrefslogtreecommitdiffstats
path: root/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
* [AX.25]: Fix potencial memory hole.Ralf Baechle DL5RB2006-03-191-1/+1
| | | | | | | | | | | | | | | | | | If the AX.25 dialect chosen by the sysadmin is set to DAMA master / 3 (or DAMA slave / 2, if CONFIG_AX25_DAMA_SLAVE=n) ax25_kick() will fall through the switch statement without calling ax25_send_iframe() or any other function that would eventually free skbn thus leaking the packet. Fix by restricting the sysctl inferface to allow only actually supported AX.25 dialects. The system administration mistake needed for this to happen is rather unlikely, so this is an uncritical hole. Coverity #651. Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] ieee80211: Fix QoS is not active problemHong Liu2006-03-151-2/+2
| | | | | | | | | | | | Fix QoS is not active even the network and the card is QOS enabled. The problem is we pass the wrong ieee80211_network address to ipw_handle_beacon/ipw_handle_probe_response, thus the ieee80211_network->qos_data.active will not be set, causing the driver not sending QoS frames at all. Signed-off-by: Hong Liu <hong.liu@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] ieee80211: Fix CCMP decryption problem when QoS is enabledZhu Yi2006-03-151-1/+1
| | | | | | | Use the correct STYPE for Qos data. Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [PATCH] SUNRPC: Fix potential deadlock in RPC codeTrond Myklebust2006-03-141-8/+5
| | | | | | | | | | | | In rpc_wake_up() and rpc_wake_up_status(), it is possible for the call to __rpc_wake_up_task() to fail if another thread happens to be calling rpc_wake_up_task() on the same rpc_task. Problem noticed by Bruno Faccini. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] SUNRPC: fix a NULL pointer dereference in net/sunrpc/clnt.cAdrian Bunk2006-03-141-1/+2
| | | | | | | | | | The Coverity checker spotted this possible NULL pointer dereference in rpc_new_client(). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [TCP]: Fix zero port problem in IPv6Herbert Xu2006-03-131-1/+5
| | | | | | | | | When we link a socket into the hash table, we need to make sure that we set the num/port fields so that it shows us with a non-zero port value in proc/netlink and on the wire. This code and comment is copied over from the IPv4 stack as is. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [NETFILTER]: arp_tables: fix NULL pointer dereferencePatrick McHardy2006-03-131-1/+1
| | | | | | | | | | The check is wrong and lets NULL-ptrs slip through since !IS_ERR(NULL) is true. Coverity #190 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4/6]: Fix UFO error propagationPatrick McHardy2006-03-132-6/+8
| | | | | | | | | | When ufo_append_data fails err is uninitialized, but returned back. Strangely gcc doesn't notice it. Coverity #901 and #902 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: tcp_highspeed: fix AIMD table out-of-bounds accessPatrick McHardy2006-03-131-1/+1
| | | | | | | Covertiy #547 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Fix use-after-free in netlink_recvmsgPatrick McHardy2006-03-131-2/+3
| | | | | | | | | | The skb given to netlink_cmsg_recv_pktinfo is already freed, move it up a few lines. Coverity #948 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Fix leak in ah6_inputPatrick McHardy2006-03-131-1/+1
| | | | | | | | | tmp_hdr is not freed when ipv6_clear_mutable_options fails. Coverity #650 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET_SCHED]: act_api: fix skb leak in error pathPatrick McHardy2006-03-131-1/+1
| | | | | | | | | | The skb is allocated by the function, so it needs to be freed instead of trimmed on overrun. Coverity #614 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nfnetlink_queue: fix possible NULL-ptr dereferencePatrick McHardy2006-03-131-1/+5
| | | | | | | | | | Fix NULL-ptr dereference when a config message for a non-existant queue containing only an NFQA_CFG_PARAMS attribute is received. Coverity #433 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Fix tcp_tso_should_defer() when limit>=65536David S. Miller2006-03-121-0/+4
| | | | | | | | | | That's >= a full sized TSO frame, so we should always return 0 in that case. Based upon a report and initial patch from Lachlan Andrew, final patch suggested by Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix wrong option spelling in Makefile for CONFIG_BRIDGE_EBT_ULOGGregor Maier2006-03-121-1/+1
| | | | | | Signed-off-by: Gregor Maier <gregor@net.in.tum.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: fix ipv6_saddr_score struct elementBrian Haley2006-03-121-1/+1
| | | | | | | | | | The scope element in the ipv6_saddr_score struct used in ipv6_dev_get_saddr() is an unsigned integer, but __ipv6_addr_src_scope() returns a signed integer (and can return -1). Signed-off-by: Brian Haley <brian.haley@hp.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] fix file countingDipankar Sarma2006-03-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I have benchmarked this on an x86_64 NUMA system and see no significant performance difference on kernbench. Tested on both x86_64 and powerpc. The way we do file struct accounting is not very suitable for batched freeing. For scalability reasons, file accounting was constructor/destructor based. This meant that nr_files was decremented only when the object was removed from the slab cache. This is susceptible to slab fragmentation. With RCU based file structure, consequent batched freeing and a test program like Serge's, we just speed this up and end up with a very fragmented slab - llm22:~ # cat /proc/sys/fs/file-nr 587730 0 758844 At the same time, I see only a 2000+ objects in filp cache. The following patch I fixes this problem. This patch changes the file counting by removing the filp_count_lock. Instead we use a separate percpu counter, nr_files, for now and all accesses to it are through get_nr_files() api. In the sysctl handler for nr_files, we populate files_stat.nr_files before returning to user. Counting files as an when they are created and destroyed (as opposed to inside slab) allows us to correctly count open files with RCU. Signed-off-by: Dipankar Sarma <dipankar@in.ibm.com> Cc: "Paul E. McKenney" <paulmck@us.ibm.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumptionThomas Graf2006-03-072-2/+2
| | | | | | | | | | | | | The size of the skb carrying the netlink message is not equivalent to the length of the actual netlink message due to padding. ip_queue matches the length of the payload against the original packet size to determine if packet mangling is desired, due to the above wrong assumption arbitary packets may not be mangled depening on their original size. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP] ccid3: Divide by zero fixIan McDonald2006-03-051-3/+7
| | | | | | | | | | | | In rare circumstances 0 is returned by dccp_li_hist_calc_i_mean which leads to a divide by zero in ccid3_hc_rx_packet_recv. Explicitly check for zero return now. Update copyright notice at same time. Found by Arnaldo. Signed-off-by: Ian McDonald <imcdnzl@gmail.com> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: keep atmsvc failure messages quietChas Williams2006-03-051-8/+2
| | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: generate kobject remove eventStephen Hemminger2006-03-051-0/+1
| | | | | | | | | | The earlier round of kobject/sysfs changes to bridge caused it not to generate a uevent on removal. Don't think any application cares (not sure about Xen) but since it generates add uevent it should generate remove as well. Signed-off-by: Stephen Hemminger <shemmigner@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: port timer initializationStephen Hemminger2006-03-052-3/+2
| | | | | | | | | Initialize the STP timers for a port when it is created, rather than when it is enabled. This will prevent future race conditions where timer gets started before port is enabled. Signed-off-by: Stephen Hemminger <shemmigner@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BRIDGE]: fix crash in STPStephen Hemminger2006-03-051-14/+15
| | | | | | | | | | | | | Bridge would crash because of uninitailized timer if STP is used and device was inserted into a bridge before bridge was up. This got introduced when the delayed port checking was added. Fix is to not enable STP on port unless bridge is up. Bugzilla: http://bugzilla.kernel.org/show_bug.cgi?id=6140 Dup: http://bugzilla.kernel.org/show_bug.cgi?id=6156 Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'upstream-fixes' of ↵Jeff Garzik2006-03-011-11/+5
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| * [PATCH] ieee80211_rx.c: is_beaconPete Zaitcev2006-02-281-11/+5
| | | | | | | | | | | | | | Fix broken is_beacon(). Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | [REQSK]: Don't reset rskq_defer_accept in reqsk_queue_allocArnaldo Carvalho de Melo2006-02-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | In 295f7324ff8d9ea58b4d3ec93b1aaa1d80e048a9 I moved defer_accept from tcp_sock to request_queue and mistakingly reset it at reqsl_queue_alloc, causing calls to setsockopt(TCP_DEFER_ACCEPT ) to be lost after bind, the fix is to remove the zeroing of rskq_defer_accept from reqsl_queue_alloc. Thanks to Alexandra N. Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> for reporting and testing the suggested fix. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Restore {ipt,ip6t,ebt}_LOG compatibilityPatrick McHardy2006-02-273-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | The nfnetlink_log infrastructure changes broke compatiblity of the LOG targets. They currently use whatever log backend was registered first, which means that if ipt_ULOG was loaded first, no messages will be printed to the ring buffer anymore. Restore compatiblity by using the old log functions by default and only use the nf_log backend if the user explicitly said so. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_queue: fix end-of-list checkPatrick McHardy2006-02-271-1/+1
| | | | | | | | | | | | | | | | | | The comparison wants to find out if the last list iteration reached the end of the list. It needs to compare the iterator with the list head to do this, not the element it is looking for. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_queue: remove unnecessary check for outfnPatrick McHardy2006-02-271-1/+1
| | | | | | | | | | | | | | | | The only point of registering a queue handler is to provide an outfn, so there is no need to check for it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_queue: fix rerouting after packet manglingPatrick McHardy2006-02-271-7/+15
| | | | | | | | | | | | | | | | | | Packets should be rerouted when they come back from userspace, not before. Also move the queue_rerouters to RCU to avoid taking the queue_handler_lock for each reinjected packet. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_queue: check if rerouter is present before using itPatrick McHardy2006-02-271-2/+2
| | | | | | | | | | | | | | | | | | | | Every rerouter needs to provide a save and a reroute function, we don't need to check for them. But we do need to check if a rerouter is registered at all for the current family, with bridging for example packets of unregistered families can hit nf_queue. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_queue: don't copy registered rerouter dataPatrick McHardy2006-02-271-19/+9
| | | | | | | | | | | | | | Use the registered data structure instead of copying it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPSEC]: Kill post_input hook and do NAT-T in esp_input directlyHerbert Xu2006-02-272-97/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The only reason post_input exists at all is that it gives us the potential to adjust the checksums incrementally in future which we ought to do. However, after thinking about it for a bit we can adjust the checksums without using this post_input stuff at all. The crucial point is that only the inner-most NAT-T SA needs to be considered when adjusting checksums. What's more, the checksum adjustment comes down to a single u32 due to the linearity of IP checksums. We just happen to have a spare u32 lying around in our skb structure :) When ip_summed is set to CHECKSUM_NONE on input, the value of skb->csum is currently unused. All we have to do is to make that the checksum adjustment and voila, there goes all the post_input and decap structures! I've left in the decap data structures for now since it's intricately woven into the sec_path stuff. We can kill them later too. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPSEC] esp: Kill unnecessary block and indentationHerbert Xu2006-02-271-44/+43
|/ | | | | | | | | We used to keep sg on the stack which is why the extra block was useful. We've long since stopped doing that so let's kill the block and save some indentation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Do not ignore IPV6_MTU socket option.YOSHIFUJI Hideaki2006-02-241-2/+13
| | | | | | | Based on patch by Hoerdt Mickael <hoerdt@clarinet.u-strasbg.fr>. Signed-off-by: YOSHIFUJI Hideaki <yosufuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] ip6_tunnel: release cached dst on change of tunnel paramsHugo Santos2006-02-241-0/+1
| | | | | | | | | | The included patch fixes ip6_tunnel to release the cached dst entry when the tunnel parameters (such as tunnel endpoints) are changed so they are used immediatly for the next encapsulated packets. Signed-off-by: Hugo Santos <hsantos@av.it.pt> Acked-by: Ville Nuorvala <vnuorval@tcs.hut.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Use TOS when doing tunnel lookupsHerbert Xu2006-02-241-1/+4
| | | | | | | | We should use the TOS because it's one of the routing keys. It also means that we update the correct routing cache entry when PMTU occurs. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] ethernet: Fix first packet goes out with MAC 00:00:00:00:00:00Jamal Hadi Salim2006-02-241-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you turn off ARP on a netdevice then the first packet always goes out with a dstMAC of all zeroes. This is because the first packet is used to resolve ARP entries. Even though the ARP entry may be resolved (I tried by setting a static ARP entry for a host i was pinging from), it gets overwritten by virtue of having the netdevice disabling ARP. Subsequent packets go out fine with correct dstMAC address (which may be why people have ignored reporting this issue). To cut the story short: the culprit code is in net/ethernet/eth.c::eth_header() ---- /* * Anyway, the loopback-device should never use this function... */ if (dev->flags & (IFF_LOOPBACK|IFF_NOARP)) { memset(eth->h_dest, 0, dev->addr_len); return ETH_HLEN; } if(daddr) { memcpy(eth->h_dest,daddr,dev->addr_len); return ETH_HLEN; } ---- Note how the h_dest is being reset when device has IFF_NOARP. As a note: All devices including loopback pass a daddr. loopback in fact passes a 0 all the time ;-> This means i can delete the check totaly or i can remove the IFF_NOARP Alexey says: -------------------- I think, it was me who did this crap. It was so long ago I do not remember why it was made. I remember some troubles with dummy device. It tried to resolve addresses, apparently, without success and generated errors instead of blackholing. I think the problem was eventually solved at neighbour level. After some thinking I suspect the deletion of this chunk could change behaviour of some parts which do not use neighbour cache f.e. packet socket. I think safer approach would be to move this chunk after if (daddr). And the possibility to remove this completely could be analyzed later. -------------------- Patch updated with Alexey's safer suggestions. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Eliminate refcounting confusion by creating __xfrm_state_put().Herbert Xu2006-02-243-6/+6
| | | | | | | | | | | | | We often just do an atomic_dec(&x->refcnt) on an xfrm_state object because we know there is more than 1 reference remaining and thus we can elide the heavier xfrm_state_put() call. Do this behind an inline function called __xfrm_state_put() so that is more obvious and also to allow us to more cleanly add refcount debugging later. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Fix garbage collection of multipath route entriesSuresh Bhogavilli2006-02-241-1/+1
| | | | | | | | | | When garbage collecting route cache entries of multipath routes in rt_garbage_collect(), entries were deleted from the hash bucket 'i' while holding a spin lock on bucket 'k' resulting in a system hang. Delete entries, if any, from bucket 'k' instead. Signed-off-by: Suresh Bhogavilli <sbhogavilli@verisign.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix bridge netfilter related in xfrm_lookupPatrick McHardy2006-02-242-3/+5
| | | | | | | | | | | | | The bridge-netfilter code attaches a fake dst_entry with dst->ops == NULL to purely bridged packets. When these packets are SNATed and a policy lookup is done, xfrm_lookup crashes because it tries to dereference dst->ops. Change xfrm_lookup not to dereference dst->ops before checking for the DST_NOXFRM flag and set this flag in the fake dst_entry. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'fixes.b8' of ↵Linus Torvalds2006-02-211-1/+1
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/bird
| * [PATCH] missing ntohs() in ip6_tunnelAl Viro2006-02-181-1/+1
| | | | | | | | | | | | ->payload_len is net-endian Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | [NET]: NETFILTER: remove duplicated lines and fix order in skb_clone().YOSHIFUJI Hideaki2006-02-201-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | Some of netfilter-related members are initalized / copied twice in skb_clone(). Remove one. Pointed out by Olivier MATZ <olivier.matz@6wind.com>. And this patch also fixes order of copying / clearing members. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Fix outgoing redirects to loopbackPatrick McHardy2006-02-201-11/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When redirecting an outgoing packet to loopback, it keeps the original conntrack reference and information from the outgoing path, which falsely triggers the check for DNAT on input and the dst_entry is released to trigger rerouting. ip_route_input refuses to route the packet because it has a local source address and it is dropped. Look at the packet itself to dermine if it was NATed. Also fix a missing inversion that causes unneccesary xfrm lookups. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Fix NAT PMTUD problemsPatrick McHardy2006-02-201-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ICMP errors are only SNATed when their source matches the source of the connection they are related to, otherwise the source address is not changed. This creates problems with ICMP frag. required messages originating from a router behind the NAT, if private IPs are used the packet has a good change of getting dropped on the path to its destination. Always NAT ICMP errors similar to the original connection. Based on report by Al Viro. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [XFRM]: Fix policy double putPatrick McHardy2006-02-201-2/+0
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The policy is put once immediately and once at the error label, which results in the following Oops: kernel BUG at net/xfrm/xfrm_policy.c:250! invalid opcode: 0000 [#2] PREEMPT [...] CPU: 0 EIP: 0060:[<c028caf7>] Not tainted VLI EFLAGS: 00210246 (2.6.16-rc3 #39) EIP is at __xfrm_policy_destroy+0xf/0x46 eax: d49f2000 ebx: d49f2000 ecx: f74bd880 edx: f74bd280 esi: d49f2000 edi: 00000001 ebp: cd506dcc esp: cd506dc8 ds: 007b es: 007b ss: 0068 Process ssh (pid: 31970, threadinfo=cd506000 task=cfb04a70) Stack: <0>cd506000 cd506e34 c028e92b ebde7280 cd506e58 cd506ec0 f74bd280 00000000 00000214 0000000a 0000000a 00000000 00000002 f7ae6000 00000000 cd506e58 cd506e14 c0299e36 f74bd280 e873fe00 c02943fd cd506ec0 ebde7280 f271f440 Call Trace: [<c0103a44>] show_stack_log_lvl+0xaa/0xb5 [<c0103b75>] show_registers+0x126/0x18c [<c0103e68>] die+0x14e/0x1db [<c02b6809>] do_trap+0x7c/0x96 [<c0104237>] do_invalid_op+0x89/0x93 [<c01035af>] error_code+0x4f/0x54 [<c028e92b>] xfrm_lookup+0x349/0x3c2 [<c02b0b0d>] ip6_datagram_connect+0x317/0x452 [<c0281749>] inet_dgram_connect+0x49/0x54 [<c02404d2>] sys_connect+0x51/0x68 [<c0240928>] sys_socketcall+0x6f/0x166 [<c0102aa1>] syscall_call+0x7/0xb Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: Fix TCP/UDP HW checksum handling for IPv6 packetYasuyuki Kozakai2006-02-162-2/+6
| | | | | | | | | | | If skb->ip_summed is CHECKSUM_HW here, skb->csum includes checksum of actual IPv6 header and extension headers. Then such excess checksum must be subtruct when nf_conntrack calculates TCP/UDP checksum with pseudo IPv6 header. Spotted by Ben Skeggs. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: attach conntrack to locally generated ICMPv6 errorYasuyuki Kozakai2006-02-161-0/+6
| | | | | | | | | | Locally generated ICMPv6 errors should be associated with the conntrack of the original packet. Since the conntrack entry may not be in the hash tables (for the first packet), it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECTYasuyuki Kozakai2006-02-161-0/+2
| | | | | | | | | | TCP RSTs generated by the REJECT target should be associated with the conntrack of the original TCP packet. Since the conntrack entry is usually not is the hash tables, it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>