From 65d49b1d927c8af1665330be72d4e4097270f915 Mon Sep 17 00:00:00 2001
From: "John W. Linville" <linville@tuxdriver.com>
Date: Wed, 11 Mar 2009 11:05:25 -0400
Subject: [PATCH] --- yaml --- r: 132529 b: refs/heads/master c:
 6f16bf3bdb94b567e2b6663378efb2dbf40db133 h: refs/heads/master i:   132527:
 8ef94cd027650c76222785fd8f2bd5d13e278fbf v: v3

---
 [refs]                                          |  2 +-
 trunk/include/net/netfilter/nf_conntrack_core.h |  3 +--
 trunk/net/core/dev.c                            |  5 ++---
 trunk/net/ipv6/netfilter/nf_conntrack_reasm.c   |  8 ++++----
 trunk/net/netfilter/nf_conntrack_core.c         |  2 +-
 trunk/net/netfilter/nf_conntrack_netlink.c      |  1 -
 trunk/net/netfilter/nf_conntrack_proto_tcp.c    |  4 ++--
 trunk/net/wireless/Kconfig                      | 10 ++++++++++
 trunk/net/wireless/lib80211_crypt_ccmp.c        |  2 ++
 trunk/net/wireless/lib80211_crypt_tkip.c        |  4 ++++
 10 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/[refs] b/[refs]
index 66cdb3e5fdba..fe487f609b92 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 4ada8107f465b97326751de66d3c11ed78bf8214
+refs/heads/master: 6f16bf3bdb94b567e2b6663378efb2dbf40db133
diff --git a/trunk/include/net/netfilter/nf_conntrack_core.h b/trunk/include/net/netfilter/nf_conntrack_core.h
index 5a449b44ba33..c25068e38516 100644
--- a/trunk/include/net/netfilter/nf_conntrack_core.h
+++ b/trunk/include/net/netfilter/nf_conntrack_core.h
@@ -62,8 +62,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
 	if (ct && ct != &nf_conntrack_untracked) {
 		if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
 			ret = __nf_conntrack_confirm(skb);
-		if (likely(ret == NF_ACCEPT))
-			nf_ct_deliver_cached_events(ct);
+		nf_ct_deliver_cached_events(ct);
 	}
 	return ret;
 }
diff --git a/trunk/net/core/dev.c b/trunk/net/core/dev.c
index 2565f6d1d661..f1129706ce7b 100644
--- a/trunk/net/core/dev.c
+++ b/trunk/net/core/dev.c
@@ -2588,9 +2588,9 @@ static int process_backlog(struct napi_struct *napi, int quota)
 		local_irq_disable();
 		skb = __skb_dequeue(&queue->input_pkt_queue);
 		if (!skb) {
+			__napi_complete(napi);
 			local_irq_enable();
-			napi_complete(napi);
-			goto out;
+			break;
 		}
 		local_irq_enable();
 
@@ -2599,7 +2599,6 @@ static int process_backlog(struct napi_struct *napi, int quota)
 
 	napi_gro_flush(napi);
 
-out:
 	return work;
 }
 
diff --git a/trunk/net/ipv6/netfilter/nf_conntrack_reasm.c b/trunk/net/ipv6/netfilter/nf_conntrack_reasm.c
index 058a5e4a60c3..ed4d79a9e4a6 100644
--- a/trunk/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/trunk/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
 		if (!ipv6_ext_hdr(nexthdr)) {
 			return -1;
 		}
-		if (nexthdr == NEXTHDR_NONE) {
-			pr_debug("next header is none\n");
-			return -1;
-		}
 		if (len < (int)sizeof(struct ipv6_opt_hdr)) {
 			pr_debug("too short\n");
 			return -1;
 		}
+		if (nexthdr == NEXTHDR_NONE) {
+			pr_debug("next header is none\n");
+			return -1;
+		}
 		if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
 			BUG();
 		if (nexthdr == NEXTHDR_AUTH)
diff --git a/trunk/net/netfilter/nf_conntrack_core.c b/trunk/net/netfilter/nf_conntrack_core.c
index f4935e344b61..90ce9ddb9451 100644
--- a/trunk/net/netfilter/nf_conntrack_core.c
+++ b/trunk/net/netfilter/nf_conntrack_core.c
@@ -726,7 +726,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
 	NF_CT_ASSERT(skb->nfct);
 
 	ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
-	if (ret <= 0) {
+	if (ret < 0) {
 		/* Invalid: inverse of the return code tells
 		 * the netfilter core what to do */
 		pr_debug("nf_conntrack_in: Can't track with proto module\n");
diff --git a/trunk/net/netfilter/nf_conntrack_netlink.c b/trunk/net/netfilter/nf_conntrack_netlink.c
index ed6d873ad384..cb78aa00399e 100644
--- a/trunk/net/netfilter/nf_conntrack_netlink.c
+++ b/trunk/net/netfilter/nf_conntrack_netlink.c
@@ -1780,7 +1780,6 @@ ctnetlink_create_expect(struct nlattr *cda[], u_int8_t u3, u32 pid, int report)
 		goto out;
 	}
 
-	exp->class = 0;
 	exp->expectfn = NULL;
 	exp->flags = 0;
 	exp->master = ct;
diff --git a/trunk/net/netfilter/nf_conntrack_proto_tcp.c b/trunk/net/netfilter/nf_conntrack_proto_tcp.c
index f3fd154d1ddd..a1edb9c1adee 100644
--- a/trunk/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/trunk/net/netfilter/nf_conntrack_proto_tcp.c
@@ -859,7 +859,7 @@ static int tcp_packet(struct nf_conn *ct,
 			 */
 			if (nf_ct_kill(ct))
 				return -NF_REPEAT;
-			return NF_DROP;
+			return -NF_DROP;
 		}
 		/* Fall through */
 	case TCP_CONNTRACK_IGNORE:
@@ -892,7 +892,7 @@ static int tcp_packet(struct nf_conn *ct,
 				nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
 					  "nf_ct_tcp: killing out of sync session ");
 			nf_ct_kill(ct);
-			return NF_DROP;
+			return -NF_DROP;
 		}
 		ct->proto.tcp.last_index = index;
 		ct->proto.tcp.last_dir = dir;
diff --git a/trunk/net/wireless/Kconfig b/trunk/net/wireless/Kconfig
index e28e2b8fa436..092ae6faccca 100644
--- a/trunk/net/wireless/Kconfig
+++ b/trunk/net/wireless/Kconfig
@@ -102,3 +102,13 @@ config LIB80211_CRYPT_CCMP
 
 config LIB80211_CRYPT_TKIP
 	tristate
+
+config LIB80211_DEBUG
+	bool "lib80211 debugging messages"
+	depends on LIB80211
+	default n
+	---help---
+	  You can enable this if you want verbose debugging messages
+	  from lib80211.
+
+	  If unsure, say N.
diff --git a/trunk/net/wireless/lib80211_crypt_ccmp.c b/trunk/net/wireless/lib80211_crypt_ccmp.c
index db428194c16a..2301dc1edc4c 100644
--- a/trunk/net/wireless/lib80211_crypt_ccmp.c
+++ b/trunk/net/wireless/lib80211_crypt_ccmp.c
@@ -337,6 +337,7 @@ static int lib80211_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 	pos += 8;
 
 	if (ccmp_replay_check(pn, key->rx_pn)) {
+#ifdef CONFIG_LIB80211_DEBUG
 		if (net_ratelimit()) {
 			printk(KERN_DEBUG "CCMP: replay detected: STA=%pM "
 				 "previous PN %02x%02x%02x%02x%02x%02x "
@@ -346,6 +347,7 @@ static int lib80211_ccmp_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 				 key->rx_pn[3], key->rx_pn[4], key->rx_pn[5],
 				 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5]);
 		}
+#endif
 		key->dot11RSNAStatsCCMPReplays++;
 		return -4;
 	}
diff --git a/trunk/net/wireless/lib80211_crypt_tkip.c b/trunk/net/wireless/lib80211_crypt_tkip.c
index 7e8e22bfed90..c36287399d7e 100644
--- a/trunk/net/wireless/lib80211_crypt_tkip.c
+++ b/trunk/net/wireless/lib80211_crypt_tkip.c
@@ -465,12 +465,14 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 	pos += 8;
 
 	if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
+#ifdef CONFIG_LIB80211_DEBUG
 		if (net_ratelimit()) {
 			printk(KERN_DEBUG "TKIP: replay detected: STA=%pM"
 			       " previous TSC %08x%04x received TSC "
 			       "%08x%04x\n", hdr->addr2,
 			       tkey->rx_iv32, tkey->rx_iv16, iv32, iv16);
 		}
+#endif
 		tkey->dot11RSNAStatsTKIPReplays++;
 		return -4;
 	}
@@ -505,10 +507,12 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
 			 * it needs to be recalculated for the next packet. */
 			tkey->rx_phase1_done = 0;
 		}
+#ifdef CONFIG_LIB80211_DEBUG
 		if (net_ratelimit()) {
 			printk(KERN_DEBUG "TKIP: ICV error detected: STA="
 			       "%pM\n", hdr->addr2);
 		}
+#endif
 		tkey->dot11RSNAStatsTKIPICVErrors++;
 		return -5;
 	}