From 8b8aa4b5a66ecf90f0a7033c8cbc49cfd97c4347 Mon Sep 17 00:00:00 2001 From: YOSHIFUJI Hideaki Date: Sun, 20 Nov 2005 12:18:17 +0900 Subject: [PATCH 01/13] [IPV6]: Fix memory management error during setting up new advapi sockopts. Signed-off-by: YOSHIFUJI Hideaki --- net/ipv6/exthdrs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 922549581abc..748577b76d75 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -628,6 +628,7 @@ ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, if (!tot_len) return NULL; + tot_len += sizeof(*opt2); opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); if (!opt2) return ERR_PTR(-ENOBUFS); @@ -668,7 +669,7 @@ ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, return opt2; out: - sock_kfree_s(sk, p, tot_len); + sock_kfree_s(sk, opt2, opt2->tot_len); return ERR_PTR(err); } From a305989386e402f48b216786a5c8cf440b33bdad Mon Sep 17 00:00:00 2001 From: Ville Nuorvala Date: Sun, 20 Nov 2005 12:21:59 +0900 Subject: [PATCH 02/13] [IPV6]: Fix calculation of AH length during filling ancillary data. Signed-off-by: YOSHIFUJI Hideaki --- net/ipv6/datagram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index cc518405b3e1..c4a3a993acb7 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -437,7 +437,7 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb) break; case IPPROTO_AH: nexthdr = ptr[0]; - len = (ptr[1] + 1) << 2; + len = (ptr[1] + 2) << 2; break; default: nexthdr = ptr[0]; From df9890c31a1a447254f39e40c3fd81ad6547945b Mon Sep 17 00:00:00 2001 From: YOSHIFUJI Hideaki Date: Sun, 20 Nov 2005 12:23:18 +0900 Subject: [PATCH 03/13] [IPV6]: Fix sending extension headers before and including routing header. Based on suggestion from Masahide Nakamura . Signed-off-by: YOSHIFUJI Hideaki --- include/net/ipv6.h | 2 ++ net/ipv6/exthdrs.c | 19 +++++++++++++++++++ net/ipv6/ip6_flowlabel.c | 16 ++++++---------- net/ipv6/raw.c | 4 +++- net/ipv6/udp.c | 4 +++- 5 files changed, 33 insertions(+), 12 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 65ec86678a08..53c76c8a6900 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -237,6 +237,8 @@ extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_t int newtype, struct ipv6_opt_hdr __user *newopt, int newoptlen); +struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, + struct ipv6_txoptions *opt); extern int ip6_frag_nqueues; extern atomic_t ip6_frag_mem; diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 748577b76d75..be6faf311387 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -673,3 +673,22 @@ out: return ERR_PTR(err); } +struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, + struct ipv6_txoptions *opt) +{ + /* + * ignore the dest before srcrt unless srcrt is being included. + * --yoshfuji + */ + if (opt && opt->dst0opt && !opt->srcrt) { + if (opt_space != opt) { + memcpy(opt_space, opt, sizeof(*opt_space)); + opt = opt_space; + } + opt->opt_nflen -= ipv6_optlen(opt->dst0opt); + opt->dst0opt = NULL; + } + + return opt; +} + diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index bbbe80cdaf72..1cf02765fb5c 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -225,20 +225,16 @@ struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions * opt_space, struct ip6_flowlabel * fl, struct ipv6_txoptions * fopt) { - struct ipv6_txoptions * fl_opt = fl ? fl->opt : NULL; - - if (fopt == NULL || fopt->opt_flen == 0) { - if (!fl_opt || !fl_opt->dst0opt || fl_opt->srcrt) - return fl_opt; - } - + struct ipv6_txoptions * fl_opt = fl->opt; + + if (fopt == NULL || fopt->opt_flen == 0) + return fl_opt; + if (fl_opt != NULL) { opt_space->hopopt = fl_opt->hopopt; - opt_space->dst0opt = fl_opt->srcrt ? fl_opt->dst0opt : NULL; + opt_space->dst0opt = fl_opt->dst0opt; opt_space->srcrt = fl_opt->srcrt; opt_space->opt_nflen = fl_opt->opt_nflen; - if (fl_opt->dst0opt && !fl_opt->srcrt) - opt_space->opt_nflen -= ipv6_optlen(fl_opt->dst0opt); } else { if (fopt->opt_nflen == 0) return fopt; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index a1265a320b11..d77d3352c967 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -756,7 +756,9 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, } if (opt == NULL) opt = np->opt; - opt = fl6_merge_options(&opt_space, flowlabel, opt); + if (flowlabel) + opt = fl6_merge_options(&opt_space, flowlabel, opt); + opt = ipv6_fixup_options(&opt_space, opt); fl.proto = proto; rawv6_probe_proto_opt(&fl, msg); diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index bf9519341fd3..e2b87cc68b7b 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -778,7 +778,9 @@ do_udp_sendmsg: } if (opt == NULL) opt = np->opt; - opt = fl6_merge_options(&opt_space, flowlabel, opt); + if (flowlabel) + opt = fl6_merge_options(&opt_space, flowlabel, opt); + opt = ipv6_fixup_options(&opt_space, opt); fl->proto = IPPROTO_UDP; ipv6_addr_copy(&fl->fl6_dst, daddr); From aa8751667dcd757dd9a711b51140adf181501c44 Mon Sep 17 00:00:00 2001 From: Andrea Bittau Date: Sun, 20 Nov 2005 13:41:05 -0800 Subject: [PATCH 04/13] [PKT_SCHED]: sch_netem: correctly order packets to be sent simultaneously If two packets were queued to be sent at the same time in the future, their order would be reversed. This would occur because the queue is traversed back to front, and a position is found by checking whether the new packet needs to be sent before the packet being examined. If the new packet is to be sent at the same time of a previous packet, it would end up before the old packet in the queue. This patch places packets in the correct order when they are queued to be sent at a same time in the future. Signed-off-by: Andrea Bittau Signed-off-by: David S. Miller --- net/sched/sch_netem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c index cdc8d283791c..82fb07aa06a5 100644 --- a/net/sched/sch_netem.c +++ b/net/sched/sch_netem.c @@ -464,7 +464,7 @@ static int tfifo_enqueue(struct sk_buff *nskb, struct Qdisc *sch) const struct netem_skb_cb *cb = (const struct netem_skb_cb *)skb->cb; - if (PSCHED_TLESS(cb->time_to_send, ncb->time_to_send)) + if (!PSCHED_TLESS(ncb->time_to_send, cb->time_to_send)) break; } From fb0d366b0803571f06a5b838f02c6706fc287995 Mon Sep 17 00:00:00 2001 From: Kris Katterjohn Date: Sun, 20 Nov 2005 13:41:34 -0800 Subject: [PATCH 05/13] [NET]: Reject socket filter if division by constant zero is attempted. This way we don't have to check it in sk_run_filter(). Signed-off-by: Kris Katterjohn Signed-off-by: David S. Miller --- net/core/filter.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 079c2edff789..2841bfce29d6 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -116,8 +116,6 @@ int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int flen) A /= X; continue; case BPF_ALU|BPF_DIV|BPF_K: - if (fentry->k == 0) - return 0; A /= fentry->k; continue; case BPF_ALU|BPF_AND|BPF_X: @@ -320,6 +318,10 @@ int sk_chk_filter(struct sock_filter *filter, int flen) } } + /* check for division by zero -Kris Katterjohn 2005-10-30 */ + if (ftest->code == (BPF_ALU|BPF_DIV|BPF_K) && ftest->k == 0) + return -EINVAL; + /* check that memory operations use valid addresses. */ if (ftest->k >= BPF_MEMWORDS) { /* but it might not be a memory operation... */ From 4909724b5dee8fb7c52bbe90afa40c65b17be9eb Mon Sep 17 00:00:00 2001 From: Alexandra Kossovsky Date: Sun, 20 Nov 2005 13:41:59 -0800 Subject: [PATCH 06/13] [COMPAT] net: SIOCGIFCONF data corruption From: Alexandra Kossovsky From http://bugzilla.kernel.org/show_bug.cgi?id=4746 There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit application running amd64 kernel. I do not think that this problem is exploitable, but any data corruption may lead to security problems. Following code demonstrates the problem #include #include #include #include #include #include char buf[256]; main() { int s = socket(AF_INET, SOCK_DGRAM, 0); struct ifconf req; int i; req.ifc_buf = buf; req.ifc_len = 41; printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req)); printf("Len %d\n", req.ifc_len); for (i = 41; i < 256; i++) if (buf[i] != 0) printf("Byte %d is corrupted\n", i); } Steps to reproduce: Compile the code above into 32-bit elf and run it. You'll get Result 0 Len 32 Byte 48 is corrupted Byte 52 is corrupted Byte 53 is corrupted Byte 54 is corrupted Byte 55 is corrupted Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- fs/compat_ioctl.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index 31b7efd94d66..43a2508ac696 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -686,7 +686,8 @@ static int dev_ifconf(unsigned int fd, unsigned int cmd, unsigned long arg) ifr = ifc.ifc_req; ifr32 = compat_ptr(ifc32.ifcbuf); - for (i = 0, j = 0; i < ifc32.ifc_len && j < ifc.ifc_len; + for (i = 0, j = 0; + i + sizeof (struct ifreq32) < ifc32.ifc_len && j < ifc.ifc_len; i += sizeof (struct ifreq32), j += sizeof (struct ifreq)) { if (copy_in_user(ifr32, ifr, sizeof (struct ifreq32))) return -EFAULT; @@ -702,10 +703,7 @@ static int dev_ifconf(unsigned int fd, unsigned int cmd, unsigned long arg) i = ((i / sizeof(struct ifreq)) * sizeof(struct ifreq32)); ifc32.ifc_len = i; } else { - if (i <= ifc32.ifc_len) - ifc32.ifc_len = i; - else - ifc32.ifc_len = i - sizeof (struct ifreq32); + ifc32.ifc_len = i; } if (copy_to_user(compat_ptr(arg), &ifc32, sizeof(struct ifconf32))) return -EFAULT; From 5d5780df23537ad0db72267fe11103d2c23d9b2a Mon Sep 17 00:00:00 2001 From: Yan Zheng Date: Sun, 20 Nov 2005 13:42:20 -0800 Subject: [PATCH 07/13] [IPV6]: Acquire addrconf_hash_lock for read in addrconf_verify(...) addrconf_verify(...) only traverse address hash table when addrconf_hash_lock is held for writing, and it may hold addrconf_hash_lock for a long time. So I think it's better to acquire addrconf_hash_lock for reading instead of writing Signed-off-by: Yan Zheng Signed-off-by: David S. Miller --- net/ipv6/addrconf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 56a09a4ac410..a16064ba0caf 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2627,7 +2627,7 @@ static void addrconf_verify(unsigned long foo) for (i=0; i < IN6_ADDR_HSIZE; i++) { restart: - write_lock(&addrconf_hash_lock); + read_lock(&addrconf_hash_lock); for (ifp=inet6_addr_lst[i]; ifp; ifp=ifp->lst_next) { unsigned long age; #ifdef CONFIG_IPV6_PRIVACY @@ -2649,7 +2649,7 @@ restart: if (age >= ifp->valid_lft) { spin_unlock(&ifp->lock); in6_ifa_hold(ifp); - write_unlock(&addrconf_hash_lock); + read_unlock(&addrconf_hash_lock); ipv6_del_addr(ifp); goto restart; } else if (age >= ifp->prefered_lft) { @@ -2668,7 +2668,7 @@ restart: if (deprecate) { in6_ifa_hold(ifp); - write_unlock(&addrconf_hash_lock); + read_unlock(&addrconf_hash_lock); ipv6_ifa_notify(0, ifp); in6_ifa_put(ifp); @@ -2686,7 +2686,7 @@ restart: in6_ifa_hold(ifp); in6_ifa_hold(ifpub); spin_unlock(&ifp->lock); - write_unlock(&addrconf_hash_lock); + read_unlock(&addrconf_hash_lock); ipv6_create_tempaddr(ifpub, ifp); in6_ifa_put(ifpub); in6_ifa_put(ifp); @@ -2703,7 +2703,7 @@ restart: spin_unlock(&ifp->lock); } } - write_unlock(&addrconf_hash_lock); + read_unlock(&addrconf_hash_lock); } addr_chk_timer.expires = time_before(next, jiffies + HZ) ? jiffies + HZ : next; From c9e53cbe7ad6eabb3c7c5140b6127b4e5f9ee840 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 20 Nov 2005 21:09:00 -0800 Subject: [PATCH 08/13] [FIB_TRIE]: Don't show local table in /proc/net/route output Don't show local table to behave similar to fib_hash. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/fib_trie.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 66247f38b371..705e3ce86df9 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -2378,6 +2378,7 @@ static unsigned fib_flag_trans(int type, u32 mask, const struct fib_info *fi) */ static int fib_route_seq_show(struct seq_file *seq, void *v) { + const struct fib_trie_iter *iter = seq->private; struct leaf *l = v; int i; char bf[128]; @@ -2389,6 +2390,8 @@ static int fib_route_seq_show(struct seq_file *seq, void *v) return 0; } + if (iter->trie == trie_local) + return 0; if (IS_TNODE(l)) return 0; From 2b8f2ff6f4c11fff9c3016b54fa261f522a54b70 Mon Sep 17 00:00:00 2001 From: Yasuyuki Kozakai Date: Sun, 20 Nov 2005 21:09:55 -0800 Subject: [PATCH 09/13] [NETFILTER]: fixed dependencies between modules related with ip_conntrack - IP_NF_CONNTRACK_MARK is bool and depends on only IP_NF_CONNTRACK which is tristate. If a variable depends on IP_NF_CONNTRACK_MARK and doesn't care about IP_NF_CONNTRACK, it can be y. This must be avoided. - IP_NF_CT_ACCT has same problem. - IP_NF_TARGET_CLUSTERIP also depends on IP_NF_MANGLE. Signed-off-by: Yasuyuki Kozakai Signed-off-by: Harald Welte Signed-off-by: David S. Miller --- net/ipv4/netfilter/Kconfig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 9d3c8b5f327e..0bc00528d888 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig @@ -440,7 +440,7 @@ config IP_NF_MATCH_COMMENT config IP_NF_MATCH_CONNMARK tristate 'Connection mark match support' depends on IP_NF_IPTABLES - depends on IP_NF_CONNTRACK_MARK || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) + depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) help This option adds a `connmark' match, which allows you to match the connection mark value previously set for the session by `CONNMARK'. @@ -452,7 +452,7 @@ config IP_NF_MATCH_CONNMARK config IP_NF_MATCH_CONNBYTES tristate 'Connection byte/packet counter match support' depends on IP_NF_IPTABLES - depends on IP_NF_CT_ACCT || (NF_CT_ACCT && NF_CONNTRACK_IPV4) + depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK_IPV4) help This option adds a `connbytes' match, which allows you to match the number of bytes and/or packets for each direction within a connection. @@ -767,7 +767,7 @@ config IP_NF_TARGET_TTL config IP_NF_TARGET_CONNMARK tristate 'CONNMARK target support' depends on IP_NF_MANGLE - depends on IP_NF_CONNTRACK_MARK || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) + depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) help This option adds a `CONNMARK' target, which allows one to manipulate the connection mark value. Similar to the MARK target, but @@ -779,8 +779,8 @@ config IP_NF_TARGET_CONNMARK config IP_NF_TARGET_CLUSTERIP tristate "CLUSTERIP target support (EXPERIMENTAL)" - depends on IP_NF_IPTABLES && EXPERIMENTAL - depends on IP_NF_CONNTRACK_MARK || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) + depends on IP_NF_MANGLE && EXPERIMENTAL + depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) help The CLUSTERIP target allows you to build load-balancing clusters of network servers without having a dedicated load-balancing From bd4cfb594bdea00c3920b31bd12f497fc4a2e79c Mon Sep 17 00:00:00 2001 From: Nicolas Kaiser Date: Sun, 20 Nov 2005 21:11:31 -0800 Subject: [PATCH 10/13] [NETFILTER]: Remove ARRAY_SIZE duplicate Signed-off-by: Nicolas Kaiser Signed-off-by: Harald Welte Signed-off-by: David S. Miller --- include/linux/netfilter_ipv4/ipt_sctp.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/include/linux/netfilter_ipv4/ipt_sctp.h b/include/linux/netfilter_ipv4/ipt_sctp.h index e93a9ec99fc2..80b3dbacd193 100644 --- a/include/linux/netfilter_ipv4/ipt_sctp.h +++ b/include/linux/netfilter_ipv4/ipt_sctp.h @@ -7,8 +7,6 @@ #define IPT_SCTP_VALID_FLAGS 0x07 -#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0])) - struct ipt_sctp_flag_info { u_int8_t chunktype; @@ -59,21 +57,21 @@ struct ipt_sctp_info { #define SCTP_CHUNKMAP_RESET(chunkmap) \ do { \ int i; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \ chunkmap[i] = 0; \ } while (0) #define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ do { \ int i; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \ chunkmap[i] = ~0; \ } while (0) #define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ do { \ int i; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \ destmap[i] = srcmap[i]; \ } while (0) @@ -81,7 +79,7 @@ struct ipt_sctp_info { ({ \ int i; \ int flag = 1; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ + for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \ if (chunkmap[i]) { \ flag = 0; \ break; \ @@ -94,7 +92,7 @@ struct ipt_sctp_info { ({ \ int i; \ int flag = 1; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ + for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \ if (chunkmap[i] != ~0) { \ flag = 0; \ break; \ From a516b04950f62d36b33db00c0d3c69d09dae99a9 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 20 Nov 2005 21:16:13 -0800 Subject: [PATCH 11/13] [DCCP]: Add missing no_policy flag to struct net_protocol Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/dccp/proto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/dccp/proto.c b/net/dccp/proto.c index e0ace7cbb996..8a6b2a9e4581 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -46,6 +46,7 @@ atomic_t dccp_orphan_count = ATOMIC_INIT(0); static struct net_protocol dccp_protocol = { .handler = dccp_v4_rcv, .err_handler = dccp_v4_err, + .no_policy = 1, }; const char *dccp_packet_name(const int type) From b84f4cc977ec4a1260dc8d9165efc9319a93c2a2 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 20 Nov 2005 21:19:21 -0800 Subject: [PATCH 12/13] [NET]: Use unused bit for ipvs_property field in struct sk_buff Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/linux/skbuff.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 0a8ea8b35816..e797d9ef0e28 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -264,16 +264,14 @@ struct sk_buff { nohdr:1, nfctinfo:3; __u8 pkt_type:3, - fclone:2; + fclone:2, + ipvs_property:1; __be16 protocol; void (*destructor)(struct sk_buff *skb); #ifdef CONFIG_NETFILTER __u32 nfmark; struct nf_conntrack *nfct; -#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) - __u8 ipvs_property:1; -#endif #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) struct sk_buff *nfct_reasm; #endif From 461ddf3b90bb149b99c3f675959c1bd6b11ed936 Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Sun, 20 Nov 2005 21:25:15 -0800 Subject: [PATCH 13/13] [NET]: kernel-doc fixes Fix kernel-doc warnings in network files. Signed-off-by: Randy Dunlap Signed-off-by: David S. Miller --- Documentation/DocBook/kernel-api.tmpl | 6 ++++-- include/linux/skbuff.h | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl index 096aed62c326..767433bdbc40 100644 --- a/Documentation/DocBook/kernel-api.tmpl +++ b/Documentation/DocBook/kernel-api.tmpl @@ -237,8 +237,10 @@ X!Ilib/string.c Driver Support !Enet/core/dev.c !Enet/ethernet/eth.c -!Einclude/linux/etherdevice.h -!Enet/core/wireless.c +!Iinclude/linux/etherdevice.h + Synchronous PPP !Edrivers/net/wan/syncppp.c diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index e797d9ef0e28..8c5d6001a923 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -206,6 +206,7 @@ enum { * @nfct: Associated connection, if any * @ipvs_property: skbuff is owned by ipvs * @nfctinfo: Relationship of this skb to the connection + * @nfct_reasm: netfilter conntrack re-assembly pointer * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c * @tc_index: Traffic control index * @tc_verd: traffic control verdict