aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2007-02-08[NETFILTER]: ip6_tables: support MH matchMasahide NAKAMURA
This introduces match for Mobility Header (MH) described by Mobile IPv6 specification (RFC3775). User can specify the MH type or its range to be matched. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Yasuyuki Kozakai <kozakai@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: {ip,ip6}_tables: use struct xt_table instead of redefined ↵Jan Engelhardt
structure names Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functionsJan Engelhardt
Use the x_tables functions directly to make it better visible which parts are shared between ip_tables and ip6_tables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: x_tables: fix return values for LOG/ULOGJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: NAT: optional source port randomization supportEric Leblond
This patch adds support to NAT to randomize source ports. Signed-off-by: Eric Leblond <eric@inl.fr> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: add IPv6-capable TCPMSS targetPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NET]: Add UDPLITE support in a few missing spotsPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: bridge-netfilter: use nf_register_hooks/nf_unregister_hooksPatrick McHardy
Additionally mark the init function __init. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: nf_nat: remove broken HOOKNAME macroPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: Remove useless comparisons before assignmentsJan Engelhardt
Remove unnecessary if() constructs before assignment. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: tcp conntrack: do liberal tracking for picked up connectionsPatrick McHardy
Do liberal tracking (only RSTs need to be in-window) for connections picked up without seeing a SYN to deal with window scaling. Also change logging of invalid packets not to log packets accepted by liberal tracking to avoid spamming the logs. Based on suggestion from James Ralston <ralston@pobox.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETFILTER]: Add SANE connection tracking helperMichal Schmidt
This is nf_conntrack_sane, a netfilter connection tracking helper module for the SANE protocol used by the 'saned' daemon to make scanners available via network. The SANE protocol uses separate control & data connections, similar to passive FTP. The helper module is needed to recognize the data connection as RELATED to the control one. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IRLAN]: handle out of memory errorsAkinobu Mita
This patch checks return values: - irlmp_register_client() - irlmp_register_service() - irlan_open() Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IRDA]: handle out of memory errorsAkinobu Mita
This patch checks return value of memory allocation functions for irda subsystem and fixes memory leaks in error cases. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NET]: unregister_netdevice as voidStephen Hemminger
There was no real useful information from the unregister_netdevice() return code, the only error occurred in a situation that was a driver bug. So change it to a void function. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPV6] RAW: Add checksum default defines for MH.Masahide NAKAMURA
Add checksum default defines for mobility header(MH) which goes through raw socket. As the result kernel's behavior is to handle MH checksum as default. This patch also removes verifying inbound MH checksum at mip6_mh_filter() since it did not consider user specified checksum offset and was redundant check with raw socket code. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPV4/IPV6] multicast: Check add_grhead() return valueAlexey Dobriyan
add_grhead() allocates memory with GFP_ATOMIC and in at least two places skb from it passed to skb_put() without checking. Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[XFRM]: Fix missed error setting in xfrm4_policy.cDavid S. Miller
When we can't find the afinfo we should return EAFNOSUPPORT. GCC warned about the uninitialized 'err' for this path as well. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPSEC]: IPv4 over IPv6 IPsec tunnelMiika Komu
This is the patch to support IPv4 over IPv6 IPsec. Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Diego Beltrami <Diego.Beltrami@hiit.fi> Signed-off-by: Kazunori Miyazawa <miyazawa@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPSEC]: IPv6 over IPv4 IPsec tunnelMiika Komu
This is the patch to support IPv6 over IPv4 IPsec Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Diego Beltrami <Diego.Beltrami@hiit.fi> Signed-off-by: Kazunori Miyazawa <miyazawa@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPSEC]: exporting xfrm_state_afinfoMiika Komu
This patch exports xfrm_state_afinfo. Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Diego Beltrami <Diego.Beltrami@hiit.fi> Signed-off-by: Kazunori Miyazawa <miyazawa@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[DCCP]: Warning fixes.Andrew Morton
net/dccp/ccids/ccid3.c: In function `ccid3_hc_rx_packet_recv': net/dccp/ccids/ccid3.c:1007: warning: long int format, different type arg (arg 3) net/dccp/ccids/ccid3.c:1007: warning: long int format, different type arg (arg 4) opaque types must be suitably cast for printing. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NET] net/wanrouter/wanmain.c: cleanupsAdrian Bunk
This patch contains the following cleanups: - make the following needlessly global functions static: - lock_adapter_irq() - unlock_adapter_irq() - #if 0 the following unused global functions: - wanrouter_encapsulate() - wanrouter_type_trans() Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[ATM]: Fix for crash in adummy_init()Daniel Walker
This was reported by Ingo Molnar here, http://lkml.org/lkml/2006/12/18/119 The problem is that adummy_init() depends on atm_init() , but adummy_init() is called first. So I put atm_init() into subsys_initcall which seems appropriate, and it will still get module_init() if it becomes a module. Interesting to note that you could crash your system here if you just load the modules in the wrong order. Signed-off-by: Daniel Walker <dwalker@mvista.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NET]: user of the jiffies rounding code: NetworkingArjan van de Ven
This patch introduces users of the round_jiffies() function in the networking code. These timers all were of the "about once a second" or "about once every X seconds" variety and several showed up in the "what wakes the cpu up" profiles that the tickless patches provide. Some timers are highly dynamic based on network load; but even on low activity systems they still show up so the rounding is done only in cases of low activity, allowing higher frequency timers in the high activity case. The various hardware watchdogs are an obvious case; they run every 2 seconds but aren't otherwise specific of exactly when they need to run. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[TCP]: Don't apply FIN exception to full TSO segments.John Heffner
Signed-off-by: John Heffner <jheffner@psc.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[TCP]: Check num sacks in SACK fast pathBaruch Even
We clear the unused parts of the SACK cache, This prevents us from mistakenly taking the cache data if the old data in the SACK cache is the same as the data in the SACK block. This assumes that we never receive an empty SACK block with start and end both at zero. Signed-off-by: Baruch Even <baruch@ev-en.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[TCP]: Seperate DSACK from SACK fast pathBaruch Even
Move DSACK code outside the SACK fast-path checking code. If the DSACK determined that the information was too old we stayed with a partial cache copied. Most likely this matters very little since the next packet will not be DSACK and we will find it in the cache. but it's still not good form and there is little reason to couple the two checks. Since the SACK receive cache doesn't need the data to be in host order we also remove the ntohl in the checking loop. Signed-off-by: Baruch Even <baruch@ev-en.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[TCP]: Advance fast path pointer for first block onlyBaruch Even
Only advance the SACK fast-path pointer for the first block, the fast-path assumes that only the first block advances next time so we should not move the cached skb for the next sack blocks. Signed-off-by: Baruch Even <baruch@ev-en.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[PACKET]: Fix skb->cb clobbering between aux and sockaddrHerbert Xu
Both aux data and sockaddr tries to use the same buffer which obviously doesn't work. We just happen to have 4 bytes free in the skb->cb if you take away the maximum length of sockaddr_ll. That's just enough to store the one piece of info from aux data that we can't generate at recvmsg(2) time. This is what the following patch does. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[PACKET]: Add optional checksum computation for recvmsgHerbert Xu
This patch is needed to make ISC's DHCP server (and probably other DHCP servers/clients using AF_PACKET) to be able to serve another client on the same Xen host. The problem is that packets between different domains on the same Xen host only have partial checksums. Unfortunately this piece of information is not passed along in AF_PACKET unless you're using the mmap interface. Since dhcpd doesn't support packet-mmap, UDP packets from the same host come out with apparently bogus checksums. This patch adds a mechanism for AF_PACKET recvmsg(2) to return the status along with the packet. It does so by adding a new cmsg that contains this information along with some other relevant data such as the original packet length. I didn't include the time stamp information since there is already a cmsg for that. This patch also changes the mmap code to set the CSUMNOTREADY flag on all packets instead of just outoing packets on cooked sockets. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPV4/IPV6]: Always wait for IPSEC SA resolution in socket contexts.David S. Miller
Do this even for non-blocking sockets. This avoids the silly -EAGAIN that applications can see now, even for non-blocking sockets in some cases (f.e. connect()). With help from Venkat Tekkirala. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[TCP]: remove tcp header from tcp_v4_check (take #2)Frederik Deweerdt
The tcphdr struct passed to tcp_v4_check is not used, the following patch removes it from the parameter list. This adds the netfilter modifications missing in the patch I sent for rc3-mm1. Signed-off-by: Frederik Deweerdt <frederik.deweerdt@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[IPV6] ROUTE: Do not route packets to link-local address on other device.YOSHIFUJI Hideaki
With help from Wei Dong <weid@np.css.fujitsu.com>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NETLINK]: Don't BUG on undersized allocationsPatrick McHardy
Currently netlink users BUG when the allocated skb for an event notification is undersized. While this is certainly a kernel bug, its not critical and crashing the kernel is too drastic, especially when considering that these errors have appeared multiple times in the past and it BUGs even if no listeners are present. This patch replaces BUG by WARN_ON and changes the notification functions to inform potential listeners of undersized allocations using a unique error code (EMSGSIZE). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-08[NET_SCHED] sch_prio: class statistics printing enabledJarek Poplawski
This patch adds a dump_stats callback to enable printing of basic statistics of prio classes. (With help of Patrick McHardy). Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-07Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6: (28 commits) sysfs: Shadow directory support Driver Core: Increase the default timeout value of the firmware subsystem Driver core: allow to delay the uevent at device creation time Driver core: add device_type to struct device Driver core: add uevent vars for devices of a class SYSFS: Fix missing include of list.h in sysfs.h HOWTO: Add a reference to Harbison and Steele sysfs: error handling in sysfs, fill_read_buffer() kobject: kobject_put cleanup sysfs: kobject_put cleanup sysfs: suppress lockdep warnings Driver core: fix race in sysfs between sysfs_remove_file() and read()/write() driver core: Change function call order in device_bind_driver(). driver core: Don't stop probing on ->probe errors. driver core fixes: device_register() retval check in platform.c driver core fixes: make_class_name() retval checks /sys/modules/*/holders USB: add the sysfs driver name to all modules SERIO: add the sysfs driver name to all modules PCI: add the sysfs driver name to all modules ...
2007-02-07Network: convert network devices to use struct device instead of class_deviceGreg Kroah-Hartman
This lets the network core have the ability to handle suspend/resume issues, if it wants to. Thanks to Frederik Deweerdt <frederik.deweerdt@gmail.com> for the arm driver fixes. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-02-05[PATCH] softmac: avoid assert in ieee80211softmac_wx_get_rateJohn W. Linville
Unconfigured bcm43xx device can hit an assert() during wx_get_rate queries. This is because bcm43xx calls ieee80211softmac_start late (i.e. during open instead of probe). bcm43xx_net_open -> bcm43xx_init_board -> bcm43xx_select_wireless_core -> ieee80211softmac_start Fix is to check that device is running before completing ieee80211softmac_wx_get_rate. Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-02-02[NETFILTER]: nf_conntrack_h323: fix compile error with CONFIG_IPV6=m, ↵Adrian Bunk
CONFIG_NF_CONNTRACK_H323=y Fix this by letting NF_CONNTRACK_H323 depend on (IPV6 || IPV6=n). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-02[NETFILTER]: ctnetlink: fix compile failure with NF_CONNTRACK_MARK=nPatrick McHardy
CC net/netfilter/nf_conntrack_netlink.o net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_conntrack_event': net/netfilter/nf_conntrack_netlink.c:392: error: 'struct nf_conn' has no member named 'mark' make[3]: *** [net/netfilter/nf_conntrack_netlink.o] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-02[NET_SCHED]: act_ipt: fix regression in ipt actionPatrick McHardy
The x_tables patch broke target module autoloading in the ipt action by replacing the ipt_find_target call (which does autoloading) by xt_find_target (which doesn't do autoloading). Additionally xt_find_target may return ERR_PTR values in case of an error, which are not handled. Use xt_request_find_target, which does both autoloading and ERR_PTR handling properly. Also don't forget to drop the target module reference again when xt_check_target fails. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[NETFILTER]: xt_hashlimit: fix ip6tables dependencyPatrick McHardy
IP6_NF_IPTABLES=m, CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y results in a linker error since ipv6_find_hdr is defined in ip6_tables.c. Fix similar to Adrian Bunk's H.323 conntrack patch: selecting ip6_tables to be build as module requires hashlimit to be built as module as well. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[SCTP]: Force update of the rto when processing HB-ACKVlad Yasevich
When processing a HEARTBEAT-ACK it's possible that the transport rto timers will not be updated because a prior T3-RTX processing would have cleared the rto_pending flag on the transport. However, if we received a valid HEARTBEAT-ACK, we want to force update the rto variables, so re-set the rto_pending flag before calling sctp_transport_update_rto(). Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[IPV6]: fix BUG of ndisc_send_redirect()Li Yewang
When I tested IPv6 redirect function about kernel 2.6.19.1, and found that the kernel can send redirect packets whose target address is global address, and the target is not the actual endpoint of communication. But the criteria conform to RFC2461, the target address defines as following: Target Address An IP address that is a better first hop to use for he ICMP Destination Address. When the target is the actual endpoint of communication, i.e., the destination is a neighbor, the Target Address field MUST contain the same value as the ICMP Destination Address field. Otherwise the target is a better first-hop router and the Target Address MUST be the router's link-local address so that hosts can uniquely identify routers. According to this definition, when a router redirect to a host, the target address either the better first-hop router's link-local address or the same as the ICMP destination address field. But the function of ndisc_send_redirect() in net/ipv6/ndisc.c, does not check the target address correctly. There is another definition about receive Redirect message in RFC2461: 8.1. Validation of Redirect Messages A host MUST silently discard any received Redirect message that does not satisfy all of the following validity checks: ...... - The ICMP Target Address is either a link-local address (when redirected to a router) or the same as the ICMP Destination Address (when redirected to the on-link destination). ...... And the receive redirect function of ndisc_redirect_rcv() implemented this definition, checks the target address correctly. if (ipv6_addr_equal(dest, target)) { on_link = 1; } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { ND_PRINTK2(KERN_WARNING "ICMPv6 Redirect: target address is not link-local.\n"); return; } So, I think the send redirect function must check the target address also. Signed-off-by: Li Yewang <lyw@nanjing-fnst.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[IPV6]: Fix up some CONFIG typosNeil Horman
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[NETFILTER]: SIP conntrack: fix out of bounds memory accessPatrick McHardy
When checking for an @-sign in skp_epaddr_len, make sure not to run over the packet boundaries. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[NETFILTER]: SIP conntrack: fix skipping over user info in SIP headersLars Immisch
When trying to skip over the username in the Contact header, stop at the end of the line if no @ is found to avoid mangling following headers. We don't need to worry about continuation lines because we search inside a SIP URI. Fixes Netfilter Bugzilla #532. Signed-off-by: Lars Immisch <lars@ibp.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[NETFILTER]: xt_connbytes: fix division by zeroPatrick McHardy
When the packet counter of a connection is zero a division by zero occurs in div64_64(). Fix that by using zero as average value, which is correct as long as the packet counter didn't overflow, at which point we have lost anyway. Additionally we're probably going to go back to 64 bit counters in 2.6.21. Based on patch from Jonas Berlin <xkr47@outerspace.dyndns.org>, with suggestions from KOVACS Krisztian <hidden@balabit.hu>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30[PATCH] knfsd: ratelimit some nfsd messages that are triggered by external ↵NeilBrown
events Also remove {NFSD,RPC}_PARANOIA as having the defines doesn't really add anything. The printks covered by RPC_PARANOIA were triggered by badly formatted packets and so should be ratelimited. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>