Merge branch 'master' of git://1984.lsi.us.es/net (ecd159fc) · Commits · e / devices / android_kernel_teracube_emerald

include/linux/netfilter_ipv6/ip6_tables.h

+11 −1

Original line number	Diff line number	Diff line
		@@ -287,7 +287,17 @@ extern unsigned int ip6t_do_table(struct sk_buff *skb,
		struct xt_table *table);

		/* Check for an extension */
		extern int ip6t_ext_hdr(u8 nexthdr);
		static inline int
		ip6t_ext_hdr(u8 nexthdr)
		{ return (nexthdr == IPPROTO_HOPOPTS) \|\|
		(nexthdr == IPPROTO_ROUTING) \|\|
		(nexthdr == IPPROTO_FRAGMENT) \|\|
		(nexthdr == IPPROTO_ESP) \|\|
		(nexthdr == IPPROTO_AH) \|\|
		(nexthdr == IPPROTO_NONE) \|\|
		(nexthdr == IPPROTO_DSTOPTS);
		}

		/* find specified header and get offset to it */
		extern int ipv6_find_hdr(const struct sk_buff skb, unsigned int offset,
		int target, unsigned short *fragoff);

+10 −2

Original line number	Diff line number	Diff line
		@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,

		iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
		if (iph == NULL)
		return -NF_DROP;
		return -NF_ACCEPT;

		/* Conntrack defragments packets, we might still see fragments
		* inside ICMP packets though. */
		if (iph->frag_off & htons(IP_OFFSET))
		return -NF_DROP;
		return -NF_ACCEPT;

		*dataoff = nhoff + (iph->ihl << 2);
		*protonum = iph->protocol;

		/* Check bogus IP headers */
		if (*dataoff > skb->len) {
		pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: "
		"nhoff %u, ihl %u, skblen %u\n",
		nhoff, iph->ihl << 2, skb->len);
		return -NF_ACCEPT;
		}

		return NF_ACCEPT;
		}

+0 −14

Original line number	Diff line number	Diff line
		@@ -78,19 +78,6 @@ EXPORT_SYMBOL_GPL(ip6t_alloc_initial_table);

		Hence the start of any table is given by get_table() below. */

		/* Check for an extension */
		int
		ip6t_ext_hdr(u8 nexthdr)
		{
		return (nexthdr == IPPROTO_HOPOPTS) \|\|
		(nexthdr == IPPROTO_ROUTING) \|\|
		(nexthdr == IPPROTO_FRAGMENT) \|\|
		(nexthdr == IPPROTO_ESP) \|\|
		(nexthdr == IPPROTO_AH) \|\|
		(nexthdr == IPPROTO_NONE) \|\|
		(nexthdr == IPPROTO_DSTOPTS);
		}

		/* Returns whether matches rule or not. */
		/* Performance critical - called for every packet */
		static inline bool
		@@ -2366,7 +2353,6 @@ int ipv6_find_hdr(const struct sk_buff skb, unsigned int offset,
		EXPORT_SYMBOL(ip6t_register_table);
		EXPORT_SYMBOL(ip6t_unregister_table);
		EXPORT_SYMBOL(ip6t_do_table);
		EXPORT_SYMBOL(ip6t_ext_hdr);
		EXPORT_SYMBOL(ipv6_find_hdr);

		module_init(ip6_tables_init);

+1 −1

Original line number	Diff line number	Diff line
		@@ -1592,7 +1592,7 @@ static int nf_conntrack_init_net(struct net *net)
		return 0;

		err_timeout:
		nf_conntrack_timeout_fini(net);
		nf_conntrack_ecache_fini(net);
		err_ecache:
		nf_conntrack_tstamp_fini(net);
		err_tstamp:

+2 −2

Original line number	Diff line number	Diff line
		@@ -584,8 +584,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
		* Let's try to use the data from the packet.
		*/
		sender->td_end = end;
		win <<= sender->td_scale;
		sender->td_maxwin = (win == 0 ? 1 : win);
		swin = win << sender->td_scale;
		sender->td_maxwin = (swin == 0 ? 1 : swin);
		sender->td_maxend = end + sender->td_maxwin;
		/*
		* We haven't seen traffic in the other direction yet