diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h index 6b01ba297727099dc11bc4f91bea4e5899cf44b2..2f4e98b90cc0d0849f9bf2489cc5ddd183a3fa58 100644 --- a/include/linux/netfilter/nf_conntrack_tcp.h +++ b/include/linux/netfilter/nf_conntrack_tcp.h @@ -25,7 +25,7 @@ enum tcp_conntrack { #define IP_CT_TCP_FLAG_SACK_PERM 0x02 /* This sender sent FIN first */ -#define IP_CT_TCP_FLAG_CLOSE_INIT 0x03 +#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 #ifdef __KERNEL__ diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 0be235418a2f490b2b56f1942e05e6110fd767e0..24c8786d12e9f0bc2af9b3fde7bf092ad87439be 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h @@ -190,6 +190,7 @@ struct arpt_replace /* The argument to ARPT_SO_ADD_COUNTERS. */ #define arpt_counters_info xt_counters_info +#define arpt_counters xt_counters /* The argument to ARPT_SO_GET_ENTRIES. */ struct arpt_get_entries diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index d60fd7321e6363f98a1c09bbfb2a3cc7d9853415..864009643675fe195be002f09e50bfeb69b0e417 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -305,7 +305,7 @@ static int inet_create(struct socket *sock, int protocol) sk->sk_reuse = 1; inet = inet_sk(sk); - inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK; + inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0; if (SOCK_RAW == sock->type) { inet->num = protocol; diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 25c8a42965dff1d3eeea77f8ac8dad2809c33e28..480ace9819f6d97ea0245b742445481f7fcb14e5 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -174,9 +174,10 @@ struct in_device *inetdev_init(struct net_device *dev) ip_mc_init_dev(in_dev); if (dev->flags & IFF_UP) ip_mc_up(in_dev); -out: + /* we can receive as soon as ip_ptr is set -- do this last */ rcu_assign_pointer(dev->ip_ptr, in_dev); +out: return in_dev; out_kfree: kfree(in_dev); diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 730a7a44c883f0247c40e84348c8c953859b15c6..00d6dea9f7f3440aa1b6369a09f790e87e6ef72d 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c @@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum, nat = nfct_nat(ct); if (!nat) - return NF_DROP; + return NF_ACCEPT; switch (ctinfo) { case IP_CT_RELATED: diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 832a5e6e2d7e6270808bbfc70a26eddba49250a6..0e0e4262f4dc46a570c72c4a829699ef6fa6faf0 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -171,7 +171,7 @@ static int inet6_create(struct socket *sock, int protocol) sk->sk_reuse = 1; inet = inet_sk(sk); - inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK; + inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0; if (SOCK_RAW == sock->type) { inet->num = protocol; diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 37e5fca923aa14ec0322f543466a8d09e6d7fbab..d9c15402ba6619023b6f28633e14666ee615b09f 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -835,6 +835,8 @@ void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, s->nfct_reasm = skb; s2 = s->next; + s->next = NULL; + NF_HOOK_THRESH(PF_INET6, hooknum, s, in, out, okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); s = s2; diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index f0bbe36799cffad5b6fa60891b08ed51ac58869f..167d888d1df263f29ee3734ba4ee6864931b70f6 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -124,8 +124,8 @@ void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, padlen = len % 4; err.length = htons(len); len += padlen; - sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); - chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); + chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); + sctp_addto_chunk(chunk, paylen, payload); } /* 3.3.2 Initiation (INIT) (1)