netfilter: nf_ct_dccp: add missing DCCP protocol changes in event cache

[safe/jmp/linux-2.6] / net / llc / llc_input.c

diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 13b4624..57ad974 100644 (file)
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -12,6 +12,7 @@
  * See the GNU General Public License for more details.
  */
 #include <linux/netdevice.h>
+#include <net/net_namespace.h>
 #include <net/llc.h>
 #include <net/llc_pdu.h>
 #include <net/llc_sap.h>
@@ -99,22 +100,31 @@ out:
 static inline int llc_fixup_skb(struct sk_buff *skb)
 {
        u8 llc_len = 2;
-       struct llc_pdu_sn *pdu;
+       struct llc_pdu_un *pdu;
 
-       if (!pskb_may_pull(skb, sizeof(*pdu)))
+       if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
                return 0;
 
-       pdu = (struct llc_pdu_sn *)skb->data;
+       pdu = (struct llc_pdu_un *)skb->data;
        if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
                llc_len = 1;
        llc_len += 2;
-       skb->h.raw += llc_len;
+
+       if (unlikely(!pskb_may_pull(skb, llc_len)))
+               return 0;
+
+       skb->transport_header += llc_len;
        skb_pull(skb, llc_len);
        if (skb->protocol == htons(ETH_P_802_2)) {
-               u16 pdulen = eth_hdr(skb)->h_proto,
-                   data_size = ntohs(pdulen) - llc_len;
+               __be16 pdulen = eth_hdr(skb)->h_proto;
+               s32 data_size = ntohs(pdulen) - llc_len;
 
-               skb_trim(skb, data_size);
+               if (data_size < 0 ||
+                   ((skb_tail_pointer(skb) -
+                     (u8 *)pdu) - llc_len) < data_size)
+                       return 0;
+               if (unlikely(pskb_trim_rcsum(skb, data_size)))
+                       return 0;
        }
        return 1;
 }
@@ -137,13 +147,18 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
        struct llc_sap *sap;
        struct llc_pdu_sn *pdu;
        int dest;
+       int (*rcv)(struct sk_buff *, struct net_device *,
+                  struct packet_type *, struct net_device *);
+
+       if (!net_eq(dev_net(dev), &init_net))
+               goto drop;
 
        /*
         * When the interface is in promisc. mode, drop all the crap that it
         * receives, do not try to analyse it.
         */
        if (unlikely(skb->pkt_type == PACKET_OTHERHOST)) {
-               dprintk("%s: PACKET_OTHERHOST\n", __FUNCTION__);
+               dprintk("%s: PACKET_OTHERHOST\n", __func__);
                goto drop;
        }
        skb = skb_share_check(skb, GFP_ATOMIC);
@@ -156,27 +171,34 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
               goto handle_station;
        sap = llc_sap_find(pdu->dsap);
        if (unlikely(!sap)) {/* unknown SAP */
-               dprintk("%s: llc_sap_find(%02X) failed!\n", __FUNCTION__,
-                       pdu->dsap);
+               dprintk("%s: llc_sap_find(%02X) failed!\n", __func__,
+                       pdu->dsap);
                goto drop;
        }
        /*
         * First the upper layer protocols that don't need the full
         * LLC functionality
         */
-       if (sap->rcv_func) {
-               sap->rcv_func(skb, dev, pt, orig_dev);
-               goto out;
+       rcv = rcu_dereference(sap->rcv_func);
+       if (rcv) {
+               struct sk_buff *cskb = skb_clone(skb, GFP_ATOMIC);
+               if (cskb)
+                       rcv(cskb, dev, pt, orig_dev);
        }
        dest = llc_pdu_type(skb);
        if (unlikely(!dest || !llc_type_handlers[dest - 1]))
-               goto drop;
+               goto drop_put;
        llc_type_handlers[dest - 1](sap, skb);
+out_put:
+       llc_sap_put(sap);
 out:
        return 0;
 drop:
        kfree_skb(skb);
        goto out;
+drop_put:
+       kfree_skb(skb);
+       goto out_put;
 handle_station:
        if (!llc_station_handler)
                goto drop;