Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nf_conntrack_proto_tcp.c

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 69f687740c76b755fa46f1e4d63c35314c130ddb..9758a7dfd83ef95c0bcab1257d63cb38d9faed88 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -419,10 +419,9 @@ static void tcp_options(const struct sk_buff *skb,
                                 && opsize == TCPOLEN_WINDOW) {
                                state->td_scale = *(u_int8_t *)ptr;
 
-                               if (state->td_scale > 14) {
-                                       /* See RFC1323 */
-                                       state->td_scale = 14;
-                               }
+                               if (state->td_scale > TCP_MAX_WSCALE)
+                                       state->td_scale = TCP_MAX_WSCALE;
+
                                state->flags |=
                                        IP_CT_TCP_FLAG_WINDOW_SCALE;
                        }
@@ -750,7 +749,6 @@ static const u8 tcp_valid_flags[(TCPHDR_FIN|TCPHDR_SYN|TCPHDR_RST|TCPHDR_ACK|
 static int tcp_error(struct net *net, struct nf_conn *tmpl,
                     struct sk_buff *skb,
                     unsigned int dataoff,
-                    enum ip_conntrack_info *ctinfo,
                     u_int8_t pf,
                     unsigned int hooknum)
 {
@@ -1173,6 +1171,22 @@ static bool tcp_new(struct nf_conn *ct, const struct sk_buff *skb,
        return true;
 }
 
+static bool tcp_can_early_drop(const struct nf_conn *ct)
+{
+       switch (ct->proto.tcp.state) {
+       case TCP_CONNTRACK_FIN_WAIT:
+       case TCP_CONNTRACK_LAST_ACK:
+       case TCP_CONNTRACK_TIME_WAIT:
+       case TCP_CONNTRACK_CLOSE:
+       case TCP_CONNTRACK_CLOSE_WAIT:
+               return true;
+       default:
+               break;
+       }
+
+       return false;
+}
+
 #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
 
 #include <linux/netfilter/nfnetlink.h>
@@ -1235,7 +1249,8 @@ static int nlattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct)
        if (!pattr)
                return 0;
 
-       err = nla_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, pattr, tcp_nla_policy);
+       err = nla_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, pattr,
+                              tcp_nla_policy, NULL);
        if (err < 0)
                return err;
 
@@ -1550,6 +1565,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
        .get_timeouts           = tcp_get_timeouts,
        .new                    = tcp_new,
        .error                  = tcp_error,
+       .can_early_drop         = tcp_can_early_drop,
 #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
        .to_nlattr              = tcp_to_nlattr,
        .nlattr_size            = tcp_nlattr_size,
@@ -1587,6 +1603,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 __read_mostly =
        .get_timeouts           = tcp_get_timeouts,
        .new                    = tcp_new,
        .error                  = tcp_error,
+       .can_early_drop         = tcp_can_early_drop,
 #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
        .to_nlattr              = tcp_to_nlattr,
        .nlattr_size            = tcp_nlattr_size,