Linux kernel source tree https://git.amat.us/linux/atom/net?h=v3.0.56 2012-12-10T18:45:08Z 2012-12-10T18:45:08Z Michal Kubecek mkubecek@suse.cz 2012-12-04T10:09:13Z urn:sha1:bc436ddffc68d8c9e3e2e69e3253445af85c0881 Stable-3.0 commit 42ab5316 (ipv4: fix redirect handling) was backport of mainline commit 9cc20b26 from 3.2-rc3 where hh member of struct dst_entry was already gone. However, in 3.0 we still have it and we have to clean it as well, otherwise it keeps pointing to the cleaned up (and unusable) hh_cache entry and packets cannot be sent out. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Cc: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-12-03T20:59:14Z Oliver Hartkopp socketcan@hartkopp.net 2012-11-26T21:24:23Z urn:sha1:f6a8d4ccb6a92e815669e65dd1140280876f3bd1 commit 81b401100c01d2357031e874689f89bd788d13cd upstream. Set in the rx_ifindex to pass the correct interface index in the case of a message timeout detection. Usually the rx_ifindex value is set at receive time. But when no CAN frame has been received the RX_TIMEOUT notification did not contain a valid value. Reported-by: Andre Naujoks <nautsch2@googlemail.com> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-12-03T20:59:14Z Simon Wunderlich simon.wunderlich@s2003.tu-chemnitz.de 2012-11-13T17:43:03Z urn:sha1:34ef0d5705afa428c02781a5c12f3178caa12559 commit b78a4932f5fb11fadf41e69c606a33fa6787574c upstream. The check whether the IBSS is active and can be removed should be performed before deinitializing the fields used for the check/search. Otherwise, the configured BSS will not be found and removed properly. To make it more clear for the future, rename sdata->u.ibss to the local pointer ifibss which is used within the checks. This behaviour was introduced by f3209bea110cade12e2b133da8b8499689cb0e2e ("mac80211: fix IBSS teardown race") Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Cc: Ignacy Gawedzki <i@lri.fr> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:54Z Ulrich Weber ulrich.weber@sophos.com 2012-10-25T05:34:45Z urn:sha1:328325bf4fe39db557c2ea012a69b764734f27e5 commit 38fe36a248ec3228f8e6507955d7ceb0432d2000 upstream. ICMP tuples have id in src and type/code in dst. So comparing src.u.all with dst.u.all will always fail here and ip_xfrm_me_harder() is called for every ICMP packet, even if there was no NAT. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:54Z Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-08-31T09:55:53Z urn:sha1:9e8b32b0a0e7981f157b2073dd4c6f354340c3e6 commit 64f509ce71b08d037998e93dd51180c19b2f464c upstream. Clients should not send such packets. By accepting them, we open up a hole by wich ephemeral ports can be discovered in an off-path attack. See: "Reflection scan: an Off-Path Attack on TCP" by Jan Wrobel, http://arxiv.org/abs/1201.2074 Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:46Z Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-08-31T09:55:54Z urn:sha1:d87b26d50da9eca1be14216c9f7dac5b9b0ae3f9 commit 4a70bbfaef0361d27272629d1a250a937edcafe4 upstream. We spare nothing by not validating the sequence number of dataless ACK packets and enabling it makes harder off-path attacks. See: "Reflection scan: an Off-Path Attack on TCP" by Jan Wrobel, http://arxiv.org/abs/1201.2074 Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:36Z Tom Herbert therbert@google.com 2012-11-16T09:04:15Z urn:sha1:3cc4eadd5674d1f00be32e5e4bdc74fbb3714185 [ Upstream commit baefa31db2f2b13a05d1b81bdf2d20d487f58b0a ] In commit c445477d74ab3779 which adds aRFS to the kernel, the CPU selected for RFS is not set correctly when CPU is changing. This is causing OOO packets and probably other issues. Signed-off-by: Tom Herbert <therbert@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:36Z Jiri Pirko jiri@resnulli.us 2012-11-14T02:51:04Z urn:sha1:c5d6a966762eb5bac5960235461fd6893aaa8498 [ Upstream commit a652208e0b52c190e57f2a075ffb5e897fe31c3b ] Check (ha->addr == dev->dev_addr) is always true because dev_addr_init() sets this. Correct the check to behave properly on addr removal. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:36Z Hannes Frederic Sowa hannes@stressinduktion.org 2012-11-10T19:52:34Z urn:sha1:db4bf38b4bb475c4d149410f56e79012980f3331 [ Upstream commit d4596bad2a713fcd0def492b1960e6d899d5baa8 ] Cc: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26T19:34:35Z Xi Wang xi.wang@gmail.com 2012-11-11T11:20:01Z urn:sha1:26aeb8bdda7619453e0958e8c38a84c7add3643b [ Upstream commit 0c9f79be295c99ac7e4b569ca493d75fdcc19e4e ] (1<<optname) is undefined behavior in C with a negative optname or optname larger than 31. In those cases the result of the shift is not necessarily zero (e.g., on x86). This patch simplifies the code with a switch statement on optname. It also allows the compiler to generate better code (e.g., using a 64-bit mask). Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>