update to 2.4.20-pre4

11 files changed, 94 insertions, 42 deletions

diff --git a/br-nf-bds/linux/net/Config.in b/br-nf-bds/linux/net/Config.in
index 946679f..1e6279f 100644
--- a/br-nf-bds/linux/net/Config.in
+++ b/br-nf-bds/linux/net/Config.in
@@ -43,23 +43,31 @@ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
       if [ "$CONFIG_INET" = "y" -a "$CONFIG_ATM_LANE" != "n" ]; then
 	 tristate '    Multi-Protocol Over ATM (MPOA) support' CONFIG_ATM_MPOA
       fi
+      tristate '  RFC1483/2684 Bridged protocols' CONFIG_ATM_BR2684
+      if [ "$CONFIG_ATM_BR2684" != "n" ]; then
+            bool '    Per-VC IP filter kludge' CONFIG_ATM_BR2684_IPFILTER
+      fi
    fi
-
-   dep_tristate '802.1Q VLAN Support (EXPERIMENTAL)' CONFIG_VLAN_8021Q $CONFIG_EXPERIMENTAL
-
 fi
+tristate '802.1Q VLAN Support' CONFIG_VLAN_8021Q
 
 comment ' '
 tristate 'The IPX protocol' CONFIG_IPX
 if [ "$CONFIG_IPX" != "n" ]; then
    source net/ipx/Config.in
 fi
+
 tristate 'Appletalk protocol support' CONFIG_ATALK
+source drivers/net/appletalk/Config.in
+
 tristate 'DECnet Support' CONFIG_DECNET
 if [ "$CONFIG_DECNET" != "n" ]; then
    source net/decnet/Config.in
 fi
 dep_tristate '802.1d Ethernet Bridging' CONFIG_BRIDGE $CONFIG_INET
+if [ "$CONFIG_BRIDGE" != "n" -a "$CONFIG_NETFILTER" != "n" ]; then
+   source net/bridge/netfilter/Config.in
+fi
 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
    if [ "$CONFIG_BRIDGE" != "n" -a "$CONFIG_NETFILTER" != "n" ]; then
       bool '  netfilter (firewalling) support' CONFIG_BRIDGE_NF
@@ -73,10 +81,10 @@ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
 #   fi
    if [ "$CONFIG_INET" = "y" ]; then
       tristate 'Acorn Econet/AUN protocols (EXPERIMENTAL)' CONFIG_ECONET
-   fi
-   if [ "$CONFIG_ECONET" != "n" ]; then
-      bool '  AUN over UDP' CONFIG_ECONET_AUNUDP
-      bool '  Native Econet' CONFIG_ECONET_NATIVE
+      if [ "$CONFIG_ECONET" != "n" ]; then
+	 bool '  AUN over UDP' CONFIG_ECONET_AUNUDP
+	 bool '  Native Econet' CONFIG_ECONET_NATIVE
+      fi
    fi
    tristate 'WAN router' CONFIG_WAN_ROUTER
    bool 'Fast switching (read help!)' CONFIG_NET_FASTROUTE
@@ -92,4 +100,9 @@ fi
 #bool 'Network code profiler' CONFIG_NET_PROFILE
 endmenu
 
+mainmenu_option next_comment
+comment 'Network testing'
+tristate 'Packet Generator (USE WITH CAUTION)' CONFIG_NET_PKTGEN
+endmenu
+
 endmenu
diff --git a/br-nf-bds/linux/net/bridge/Makefile b/br-nf-bds/linux/net/bridge/Makefile
index 25c2314..d069395 100644
--- a/br-nf-bds/linux/net/bridge/Makefile
+++ b/br-nf-bds/linux/net/bridge/Makefile
@@ -7,6 +7,12 @@
 #
 # Note 2! The CFLAGS definition is now in the main makefile...
 
+ifneq ($(CONFIG_BRIDGE_EBT_BROUTE),n)
+ifneq ($(CONFIG_BRIDGE_EBT_BROUTE),)
+export-objs := br.o
+endif
+endif
+
 O_TARGET	:= bridge.o
 obj-y		:= br.o br_device.o br_fdb.o br_forward.o br_if.o br_input.o \
 			br_ioctl.o br_notify.o br_stp.o br_stp_bpdu.o \
diff --git a/br-nf-bds/linux/net/bridge/br.c b/br-nf-bds/linux/net/bridge/br.c
index 2ef8028..2109a5d 100644
--- a/br-nf-bds/linux/net/bridge/br.c
+++ b/br-nf-bds/linux/net/bridge/br.c
@@ -5,7 +5,7 @@
  *	Authors:
  *	Lennert Buytenhek		<buytenh@gnu.org>
  *
- *	$Id: br.c,v 1.1 2002/06/01 19:23:52 bdschuym Exp $
+ *	$Id: br.c,v 1.2 2002/08/24 08:44:40 bdschuym Exp $
  *
  *	This program is free software; you can redistribute it and/or
  *	modify it under the terms of the GNU General Public License
@@ -28,6 +28,14 @@
 #include "../atm/lec.h"
 #endif
 
+#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \
+    defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE)
+unsigned int (*broute_decision) (unsigned int hook, struct sk_buff **pskb,
+                        const struct net_device *in,
+                        const struct net_device *out,
+                        int (*okfn)(struct sk_buff *)) = NULL;
+#endif
+
 void br_dec_use_count()
 {
 	MOD_DEC_USE_COUNT;
@@ -82,7 +90,12 @@ static void __exit br_deinit(void)
 #endif
 }
 
+#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \
+    defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE)
+EXPORT_SYMBOL(broute_decision);
+#else
 EXPORT_NO_SYMBOLS;
+#endif
 
 module_init(br_init)
 module_exit(br_deinit)
diff --git a/br-nf-bds/linux/net/bridge/br_forward.c b/br-nf-bds/linux/net/bridge/br_forward.c
index 05d1587..69ef227 100644
--- a/br-nf-bds/linux/net/bridge/br_forward.c
+++ b/br-nf-bds/linux/net/bridge/br_forward.c
@@ -5,7 +5,7 @@
  *	Authors:
  *	Lennert Buytenhek		<buytenh@gnu.org>
  *
- *	$Id: br_forward.c,v 1.1 2002/06/01 19:23:53 bdschuym Exp $
+ *	$Id: br_forward.c,v 1.2 2002/08/24 08:44:40 bdschuym Exp $
  *
  *	This program is free software; you can redistribute it and/or
  *	modify it under the terms of the GNU General Public License
@@ -48,12 +48,8 @@ int br_forward_finish(struct sk_buff *skb)
 
 static void __br_deliver(struct net_bridge_port *to, struct sk_buff *skb)
 {
-	struct net_device *indev;
-
-	indev = skb->dev;
 	skb->dev = to->dev;
-
-	NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, indev, skb->dev,
+	NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
 			br_forward_finish);
 }
 
diff --git a/br-nf-bds/linux/net/bridge/br_input.c b/br-nf-bds/linux/net/bridge/br_input.c
index b9487dc..d42a65d 100644
--- a/br-nf-bds/linux/net/bridge/br_input.c
+++ b/br-nf-bds/linux/net/bridge/br_input.c
@@ -5,7 +5,7 @@
  *	Authors:
  *	Lennert Buytenhek		<buytenh@gnu.org>
  *
- *	$Id: br_input.c,v 1.1 2002/06/01 19:23:53 bdschuym Exp $
+ *	$Id: br_input.c,v 1.2 2002/08/24 08:44:40 bdschuym Exp $
  *
  *	This program is free software; you can redistribute it and/or
  *	modify it under the terms of the GNU General Public License
@@ -19,6 +19,10 @@
 #include <linux/if_bridge.h>
 #include <linux/netfilter_bridge.h>
 #include "br_private.h"
+#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \
+    defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE)
+#include <linux/netfilter.h>
+#endif
 
 unsigned char bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 };
 
@@ -112,7 +116,7 @@ err_nolock:
 	return 0;
 }
 
-void br_handle_frame(struct sk_buff *skb)
+int br_handle_frame(struct sk_buff *skb)
 {
 	struct net_bridge *br;
 	unsigned char *dest;
@@ -146,23 +150,32 @@ void br_handle_frame(struct sk_buff *skb)
 		goto handle_special_frame;
 
 	if (p->state == BR_STATE_FORWARDING) {
+#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \
+    defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE)
+		if (broute_decision && broute_decision(NF_BR_BROUTING, &skb,
+		   skb->dev, NULL, NULL) == NF_DROP)
+			return -1;
+#endif
 		NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
 			br_handle_frame_finish);
 		read_unlock(&br->lock);
-		return;
+		return 0;
 	}
 
 err:
 	read_unlock(&br->lock);
 err_nolock:
 	kfree_skb(skb);
-	return;
+	return 0;
 
 handle_special_frame:
 	if (!dest[5]) {
 		br_stp_handle_bpdu(skb);
-		return;
+		read_unlock(&br->lock);
+		return 0;
 	}
 
+	read_unlock(&br->lock);
 	kfree_skb(skb);
+	return 0;
 }
diff --git a/br-nf-bds/linux/net/bridge/br_netfilter.c b/br-nf-bds/linux/net/bridge/br_netfilter.c
index 6f0981d..a41d9ed 100644
--- a/br-nf-bds/linux/net/bridge/br_netfilter.c
+++ b/br-nf-bds/linux/net/bridge/br_netfilter.c
@@ -6,7 +6,7 @@
  *	Lennert Buytenhek               <buytenh@gnu.org>
  *	Bart De Schuymer		<bart.de.schuymer@pandora.be>
  *
- *	$Id: br_netfilter.c,v 1.1 2002/06/01 19:23:54 bdschuym Exp $
+ *	$Id: br_netfilter.c,v 1.2 2002/08/24 08:44:40 bdschuym Exp $
  *
  *	This program is free software; you can redistribute it and/or
  *	modify it under the terms of the GNU General Public License
diff --git a/br-nf-bds/linux/net/bridge/br_private.h b/br-nf-bds/linux/net/bridge/br_private.h
index 155afc9..540a330 100644
--- a/br-nf-bds/linux/net/bridge/br_private.h
+++ b/br-nf-bds/linux/net/bridge/br_private.h
@@ -4,7 +4,7 @@
  *	Authors:
  *	Lennert Buytenhek		<buytenh@gnu.org>
  *
- *	$Id: br_private.h,v 1.1 2002/06/01 19:23:55 bdschuym Exp $
+ *	$Id: br_private.h,v 1.2 2002/08/24 08:44:41 bdschuym Exp $
  *
  *	This program is free software; you can redistribute it and/or
  *	modify it under the terms of the GNU General Public License
@@ -120,7 +120,7 @@ extern void br_dec_use_count(void);
 extern void br_inc_use_count(void);
 
 /* br_device.c */
-extern int  br_dev_xmit(struct sk_buff *skb, struct net_device *dev);
+extern int br_dev_xmit(struct sk_buff *skb, struct net_device *dev);
 extern void br_dev_setup(struct net_device *dev);
 extern int br_dev_xmit(struct sk_buff *skb, struct net_device *dev);
 
@@ -145,10 +145,10 @@ extern void br_fdb_insert(struct net_bridge *br,
 /* br_forward.c */
 extern void br_deliver(struct net_bridge_port *to,
 		struct sk_buff *skb);
-extern int  br_dev_queue_push_xmit(struct sk_buff *skb);
+extern int br_dev_queue_push_xmit(struct sk_buff *skb);
 extern void br_forward(struct net_bridge_port *to,
 		struct sk_buff *skb);
-extern int  br_forward_finish(struct sk_buff *skb);
+extern int br_forward_finish(struct sk_buff *skb);
 extern void br_flood_deliver(struct net_bridge *br,
 		      struct sk_buff *skb,
 		      int clone);
@@ -169,8 +169,8 @@ extern void br_get_port_ifindices(struct net_bridge *br,
 			   int *ifindices);
 
 /* br_input.c */
-extern int  br_handle_frame_finish(struct sk_buff *skb);
-extern void br_handle_frame(struct sk_buff *skb);
+extern int br_handle_frame_finish(struct sk_buff *skb);
+extern int br_handle_frame(struct sk_buff *skb);
 
 /* br_ioctl.c */
 extern void br_call_ioctl_atomic(void (*fn)(void));
diff --git a/br-nf-bds/linux/net/core/netfilter.c b/br-nf-bds/linux/net/core/netfilter.c
index 573968e..198dad6 100644
--- a/br-nf-bds/linux/net/core/netfilter.c
+++ b/br-nf-bds/linux/net/core/netfilter.c
@@ -83,8 +83,7 @@ void nf_unregister_hook(struct nf_hook_ops *reg)
 /* Do exclusive ranges overlap? */
 static inline int overlap(int min1, int max1, int min2, int max2)
 {
-	return (min1 >= min2 && min1 < max2)
-		|| (max1 > min2 && max1 <= max2);
+	return max1 > min2 && min1 < max2;
 }
 
 /* Functions to register sockopt ranges (exclusive). */
diff --git a/br-nf-bds/linux/net/core/skbuff.c b/br-nf-bds/linux/net/core/skbuff.c
index 3a95500..d492fed 100644
--- a/br-nf-bds/linux/net/core/skbuff.c
+++ b/br-nf-bds/linux/net/core/skbuff.c
@@ -4,7 +4,7 @@
  *	Authors:	Alan Cox <iiitac@pyr.swan.ac.uk>
  *			Florian La Roche <rzsfl@rz.uni-sb.de>
  *
- *	Version:	$Id: skbuff.c,v 1.1 2002/06/02 20:51:42 bdschuym Exp $
+ *	Version:	$Id: skbuff.c,v 1.2 2002/08/24 08:45:29 bdschuym Exp $
  *
  *	Fixes:	
  *		Alan Cox	:	Fixed the worst of the load balancer bugs.
@@ -754,7 +754,7 @@ int ___pskb_trim(struct sk_buff *skb, unsigned int len, int realloc)
 			if (skb_cloned(skb)) {
 				if (!realloc)
 					BUG();
-				if (!pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+				if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 					return -ENOMEM;
 			}
 			if (len <= offset) {
diff --git a/br-nf-bds/linux/net/ipv4/ip_output.c b/br-nf-bds/linux/net/ipv4/ip_output.c
index c8d6fc4..2da82b4 100644
--- a/br-nf-bds/linux/net/ipv4/ip_output.c
+++ b/br-nf-bds/linux/net/ipv4/ip_output.c
@@ -5,7 +5,7 @@
  *
  *		The Internet Protocol (IP) output module.
  *
- * Version:	$Id: ip_output.c,v 1.1 2002/06/01 19:23:49 bdschuym Exp $
+ * Version:	$Id: ip_output.c,v 1.2 2002/08/24 08:46:04 bdschuym Exp $
  *
  * Authors:	Ross Biro, <bir7@leland.Stanford.Edu>
  *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
@@ -134,9 +134,10 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
 	iph->version  = 4;
 	iph->ihl      = 5;
 	iph->tos      = sk->protinfo.af_inet.tos;
-	iph->frag_off = 0;
 	if (ip_dont_fragment(sk, &rt->u.dst))
-		iph->frag_off |= htons(IP_DF);
+		iph->frag_off = htons(IP_DF);
+	else
+		iph->frag_off = 0;
 	iph->ttl      = sk->protinfo.af_inet.ttl;
 	iph->daddr    = rt->rt_dst;
 	iph->saddr    = rt->rt_src;
@@ -307,9 +308,6 @@ static inline int ip_queue_xmit2(struct sk_buff *skb)
 	if (skb->len > rt->u.dst.pmtu)
 		goto fragment;
 
-	if (ip_dont_fragment(sk, &rt->u.dst))
-		iph->frag_off |= __constant_htons(IP_DF);
-
 	ip_select_ident(iph, &rt->u.dst, sk);
 
 	/* Add an IP checksum. */
@@ -323,8 +321,8 @@ fragment:
 		/* Reject packet ONLY if TCP might fragment
 		 * it itself, if were careful enough.
 		 */
-		iph->frag_off |= __constant_htons(IP_DF);
-		NETDEBUG(printk(KERN_DEBUG "sending pkt_too_big to self\n"));
+		NETDEBUG(printk(KERN_DEBUG "sending pkt_too_big (len[%u] pmtu[%u]) to self\n",
+				skb->len, rt->u.dst.pmtu));
 
 		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 			  htonl(rt->u.dst.pmtu));
@@ -383,7 +381,10 @@ packet_routed:
 	iph = (struct iphdr *) skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0));
 	*((__u16 *)iph)	= htons((4 << 12) | (5 << 8) | (sk->protinfo.af_inet.tos & 0xff));
 	iph->tot_len = htons(skb->len);
-	iph->frag_off = 0;
+	if (ip_dont_fragment(sk, &rt->u.dst))
+		iph->frag_off = __constant_htons(IP_DF);
+	else
+		iph->frag_off = 0;
 	iph->ttl      = sk->protinfo.af_inet.ttl;
 	iph->protocol = sk->protocol;
 	iph->saddr    = rt->rt_src;
@@ -519,8 +520,18 @@ static int ip_build_xmit_slow(struct sock *sk,
 		/*
 		 *	Get the memory we require with some space left for alignment.
 		 */
-
-		skb = sock_alloc_send_skb(sk, fraglen+hh_len+15, flags&MSG_DONTWAIT, &err);
+		if (!(flags & MSG_DONTWAIT) || nfrags == 0) {
+			skb = sock_alloc_send_skb(sk, fraglen + hh_len + 15,
+						  (flags & MSG_DONTWAIT), &err);
+		} else {
+			/* On a non-blocking write, we check for send buffer
+			 * usage on the first fragment only.
+			 */
+			skb = sock_wmalloc(sk, fraglen + hh_len + 15, 1,
+					   sk->allocation);
+			if (!skb)
+				err = -ENOBUFS;
+		}
 		if (skb == NULL)
 			goto error;
 
diff --git a/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c b/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c
index a840f66..b9f47ea 100644
--- a/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c
+++ b/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c
@@ -9,6 +9,7 @@
  * 	  a table
  */
 #include <linux/config.h>
+#include <linux/cache.h>
 #include <linux/skbuff.h>
 #include <linux/kmod.h>
 #include <linux/vmalloc.h>
@@ -97,7 +98,7 @@ struct ipt_table_info
 	unsigned int underflow[NF_IP_NUMHOOKS];
 
 	/* ipt_entry tables: one per CPU */
-	char entries[0] __attribute__((aligned(SMP_CACHE_BYTES)));
+	char entries[0] ____cacheline_aligned;
 };
 
 static LIST_HEAD(ipt_target);