aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2006-02-15[BRIDGE]: Fix deadlock in br_stp_disable_bridgeAdrian Drzewiecki
Looks like somebody forgot to use the _bh spin_lock variant. We ran into a deadlock where br->hello_timer expired while br_stp_disable_br() walked br->port_list. Signed-off-by: Adrian Drzewiecki <z@drze.net> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15[NETFILTER]: Fix xfrm lookup after SNATPatrick McHardy
To find out if a packet needs to be handled by IPsec after SNAT, packets are currently rerouted in POST_ROUTING and a new xfrm lookup is done. This breaks SNAT of non-unicast packets to non-local addresses because the packet is routed as incoming packet and no neighbour entry is bound to the dst_entry. In general, it seems to be a bad idea to replace the dst_entry after the packet was already sent to the output routine because its state might not match what's expected. This patch changes the xfrm lookup in POST_ROUTING to re-use the original dst_entry without routing the packet again. This means no policy routing can be used for transport mode transforms (which keep the original route) when packets are SNATed to match the policy, but it looks like the best we can do for now. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[NET]: Revert skb_copy_datagram_iovec() recursion elimination.David S. Miller
Revert the following changeset: bc8dfcb93970ad7139c976356bfc99d7e251deaf Recursive SKB frag lists are really possible and disallowing them breaks things. Noticed by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[IPSEC]: Fix strange IPsec freeze.Herbert Xu
Problem discovered and initial patch by Olaf Kirch: there's a problem with IPsec that has been bugging some of our users for the last couple of kernel revs. Every now and then, IPsec will freeze the machine completely. This is with openswan user land, and with kernels up to and including 2.6.16-rc2. I managed to debug this a little, and what happens is that we end up looping in xfrm_lookup, and never get out. With a bit of debug printks added, I can this happening: ip_route_output_flow calls xfrm_lookup xfrm_find_bundle returns NULL (apparently we're in the middle of negotiating a new SA or something) We therefore call xfrm_tmpl_resolve. This returns EAGAIN We go to sleep, waiting for a policy update. Then we loop back to the top Apparently, the dst_orig that was passed into xfrm_lookup has been dropped from the routing table (obsolete=2) This leads to the endless loop, because we now create a new bundle, check the new bundle and find it's stale (stale_bundle -> xfrm_bundle_ok -> dst_check() return 0) People have been testing with the patch below, which seems to fix the problem partially. They still see connection hangs however (things only clear up when they start a new ping or new ssh). So the patch is obvsiouly not sufficient, and something else seems to go wrong. I'm grateful for any hints you may have... I suggest that we simply bail out always. If the dst decides to die on us later on, the packet will be dropped anyway. So there is no great urgency to retry here. Once we have the proper resolution queueing, we can then do the retry again. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Olaf Kirch <okir@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[IPV6] Don't store dst_entry for RAW socketNicolas DICHTEL
Signed-off-by: Nicolas DICHTEL <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[NETLINK] genetlink: Fix bugs spotted by Andrew Morton.Jamal Hadi Salim
- panic() doesn't return. - Don't forget to unlock on genl_register_family() error path - genl_rcv_msg() is called via pointer so there's no point in declaring it `inline'. Notes: genl_ctrl_event() ignores the genlmsg_multicast() return value. lots of things ignore the genl_ctrl_event() return value. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[BRIDGE]: Better fix for netfilter missing symbol has_bridge_parentStephen Hemminger
Horms patch was the best of the three fixes. Dave, already applied Harald's version, so this patch converts that to the better one. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[NETFILTER] Fix Kconfig menu level for x_tablesHarald Welte
The new x_tables related Kconfig options appear at the wrong menu level without this patch. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6David S. Miller
2006-02-13[P8023]: Fix tainting of kernel.Dave Jones
Missing license tag. I've assumed this is GPL. (It could also use a MODULE_AUTHOR) Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[IPV4] ICMP: Invert default for invalid icmp msgs sysctlDave Jones
isic can trigger these msgs to be spewed at a very high rate. There's already a sysctl to turn them off. Given these messages aren't useful for most people, this patch disables them by default. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[ATM]: Ratelimit atmsvc failure messagesDave Jones
This seems to be trivial to trigger. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-13[Bluetooth] Fix NULL pointer dereferences of the HCI socketMarcel Holtmann
This patch fixes the two NULL pointer dereferences found by the sfuzz tool from Ilja van Sprundel. The first one was a call of getsockname() for an unbound socket and the second was calling accept() while this operation isn't implemented for the HCI socket interface. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-02-13[Bluetooth] Reduce L2CAP MTU for RFCOMM connectionsMarcel Holtmann
This patch reduces the default L2CAP MTU for all RFCOMM connections from 1024 to 1013 to improve the interoperability with some broken RFCOMM implementations. To make this more flexible the L2CAP MTU becomes also a module parameter and so it can changed at runtime. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-02-12[PATCH] netfilter: fix build error due to missing has_bridge_parent macroJesper Juhl
net/bridge/br_netfilter.c: In function `br_nf_post_routing': net/bridge/br_netfilter.c:808: warning: implicit declaration of function `has_bridge_parent' Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: Harald Welte <laforge@netfilter.org> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-09[BRIDGE]: fix error handling for add interface to bridgeStephen Hemminger
Refactor how the bridge code interacts with kobject system. It should still use kobjects even if not using sysfs. Fix the error unwind handling in br_add_if. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[BRIDGE]: netfilter handle RCU during removalStephen Hemminger
Bridge netfilter code needs to handle the case where device is removed from bridge while packet in process. In these cases the bridge_parent can become null while processing. This should fix: http://bugzilla.kernel.org/show_bug.cgi?id=5803 Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[BRIDGE]: fix for RCU and deadlock on device removalStephen Hemminger
Change Bridge receive path to correctly handle RCU removal of device from bridge. Also fixes deadlock between carrier_check and del_nbp. This replaces the previous deleted flag fix. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[TCP]: rcvbuf lock when tcp_moderate_rcvbuf enabledJohn Heffner
The rcvbuf lock should probably be honored here. Signed-off-by: John Heffner <jheffner@psc.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[IRDA]: out of range array access David Binderman
This patch fixes an out of range array access in irnet_irda.c. Author: David Binderman <dcb314@hotmail.com> Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[IRDA]: Set proper IrLAP device address lengthSamuel Ortiz
This patch set IrDA's addr_len properly, i.e to 4 bytes, the size of the IrLAP device address. Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[NETLINK]: illegal use of pid in rtnetlinkAlexey Kuznetsov
When a netlink message is not related to a netlink socket, it is issued by kernel socket with pid 0. Netlink "pid" has nothing to do with current->pid. I called it incorrectly, if it was named "port", the confusion would be avoided. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-09[NETLINK]: Fix a severe bugAlexey Kuznetsov
netlink overrun was broken while improvement of netlink. Destination socket is used in the place where it was meant to be source socket, so that now overrun is never sent to user netlink sockets, when it should be, and it even can be set on kernel socket, which results in complete deadlock of rtnetlink. Suggested fix is to restore status quo passing source socket as additional argument to netlink_attachskb(). A little explanation: overrun is set on a socket, when it failed to receive some message and sender of this messages does not or even have no way to handle this error. This happens in two cases: 1. when kernel sends something. Kernel never retransmits and cannot wait for buffer space. 2. when user sends a broadcast and the message was not delivered to some recipients. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-08[IPV6]: Address autoconfiguration does not work after device down/up cycleKristian Slavov
If you set network interface down and up again, the IPv6 address autoconfiguration does not work. 'ip addr' shows that the link-local address is in tentative state. We don't even react to periodical router advertisements. During NETDEV_DOWN we clear IF_READY, and we don't set it back in NETDEV_UP. While starting to perform DAD on the link-local address, we notice that the device is not in IF_READY, and we abort autoconfiguration process (which would eventually send router solicitations). Acked-by: Juha-Matti Tapio <jmtapio@verkkotelakka.net> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-07[PATCH] net/ipv6/mcast.c NULL noise removalAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-02-07[PATCH] ipv4 NULL noise removalAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-02-07[PATCH] remove bogus asm/bug.h includes.Al Viro
A bunch of asm/bug.h includes are both not needed (since it will get pulled anyway) and bogus (since they are done too early). Removed. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-02-05Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
2006-02-05[PATCH] percpu data: only iterate over possible CPUsEric Dumazet
percpu_data blindly allocates bootmem memory to store NR_CPUS instances of cpudata, instead of allocating memory only for possible cpus. As a preparation for changing that, we need to convert various 0 -> NR_CPUS loops to use for_each_cpu(). (The above only applies to users of asm-generic/percpu.h. powerpc has gone it alone and is presently only allocating memory for present CPUs, so it's currently corrupting memory). Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: James Bottomley <James.Bottomley@steeleye.com> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Jens Axboe <axboe@suse.de> Cc: Anton Blanchard <anton@samba.org> Acked-by: William Irwin <wli@holomorphy.com> Cc: Andi Kleen <ak@muc.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-04[NETFILTER]: Fix check whether dst_entry needs to be released after NATPatrick McHardy
After DNAT the original dst_entry needs to be released if present so the packet doesn't skip input routing with its new address. The current check for DNAT in ip_nat_in is reversed and checks for SNAT. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: Prepare {ipt,ip6t}_policy match for x_tables unificationPatrick McHardy
The IPv4 and IPv6 version of the policy match are identical besides address comparison and the data structure used for userspace communication. Unify the data structures to break compatiblity now (before it is released), so we can port it to x_tables in 2.6.17. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: Fix ip6t_policy address matchingPatrick McHardy
Fix two bugs in ip6t_policy address matching: - misorder arguments to ip6_masked_addrcmp, mask must be the second argument - inversion incorrectly applied to the entire expression instead of just the address comparison Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: Check policy length in policy match strict modePatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: Fix possible overflow in netfilters do_replace()Kirill Korotaev
netfilter's do_replace() can overflow on addition within SMP_ALIGN() and/or on multiplication by NR_CPUS, resulting in a buffer overflow on the copy_from_user(). In practice, the overflow on addition is triggerable on all systems, whereas the multiplication one might require much physical memory to be present due to the check above. Either is sufficient to overwrite arbitrary amounts of kernel memory. I really hate adding the same check to all 4 versions of do_replace(), but the code is duplicate... Found by Solar Designer during security audit of OpenVZ.org Signed-Off-By: Kirill Korotaev <dev@openvz.org> Signed-Off-By: Solar Designer <solar@openwall.com> Signed-off-by: Patrck McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: nf_conntrack: fix incorrect memset() size in FTP helperSamir Bellabes
This memset() is executing with a bad size. According to Yasuyuki Kozakai, this memset() can be deleted, as 'ftp' is declared in global area. Signed-off-by: Samir Bellabes <sbellabes@mandriva.com> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: Fix missing src port initialization in tftp expectation maskPatrick McHardy
Reported by David Ahern <dahern@avaya.com>, netfilter bugzilla #426. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: nfnetlink_queue: fix packet marking over netlinkPatrick McHardy
The packet marked is the netlink skb, not the queued skb. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_logPatrick McHardy
The skb allocated is always of size nlbufsize, even if that is smaller than the size needed for the current packet. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: ULOG/nfnetlink_log: Use better default value for 'nlbufsiz'Holger Eitzenberger
Performance tests showed that ULOG may fail on heavy loaded systems because of failed order-N allocations (N >= 1). The default value of 4096 is not optimal in the sense that it actually allocates _two_ contigous physical pages. Reasoning: ULOG uses alloc_skb(), which adds another ~300 bytes for skb_shared_info. This patch sets the default value to NLMSG_GOODSIZE and adds some documentation at the top. Signed-off-by: Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: nf_conntrack: check address family when finding protocol moduleYasuyuki Kozakai
__nf_conntrack_{l3}proto_find() doesn't check the passed protocol family, then it's possible to touch out of the array which has only AF_MAX items. Spotted by Pablo Neira Ayuso. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: ctnetlink: add MODULE_ALIAS for expectation subsystemPablo Neira Ayuso
Add load-on-demand support for expectation request. eg. conntrack -L expect Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[NETFILTER]: ctnetlink: Fix subsystem used for expectation eventsMarcus Sundberg
The ctnetlink expectation events should use the NFNL_SUBSYS_CTNETLINK_EXP subsystem, not NFNL_SUBSYS_CTNETLINK. Signed-off-by: Marcus Sundberg <marcus@ingate.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04[ICMP]: Fix extra dst release when ip_options_echo failsHerbert Xu
When two ip_route_output_key lookups in icmp_send were combined I forgot to change the error path for ip_options_echo to not drop the dst reference since it now sits before the dst lookup. To fix it we simply jump past the ip_rt_put call. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-03Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
2006-02-02[NET]: Add CONFIG_NETDEBUG to suppress bad packet messages.Stephen Hemminger
If you are on a hostile network, or are running protocol tests, you can easily get the logged swamped by messages about bad UDP and ICMP packets. This turns those messages off unless a config option is enabled. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Acked-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-02[IPV4]: Remove suprious use of goto out: in icmp_replyHorms
This seems to be an artifact of the follwoing commit in February '02. e7e173af42dbf37b1d946f9ee00219cb3b2bea6a In a nutshell, goto out and return actually do the same thing, and both are called in this function. This patch removes out. Signed-Off-By: Horms <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-02[IPV6]: Fix illegal dst locking in softirq context.Herbert Xu
On Tue, Jan 31, 2006 at 10:24:32PM +0100, Ingo Molnar wrote: > > [<c04de9e8>] _write_lock+0x8/0x10 > [<c0499015>] inet6_destroy_sock+0x25/0x100 > [<c04b8672>] tcp_v6_destroy_sock+0x12/0x20 > [<c046bbda>] inet_csk_destroy_sock+0x4a/0x150 > [<c047625c>] tcp_rcv_state_process+0xd4c/0xdd0 > [<c047d8e9>] tcp_v4_do_rcv+0xa9/0x340 > [<c047eabb>] tcp_v4_rcv+0x8eb/0x9d0 OK this is definitely broken. We should never touch the dst lock in softirq context. Since inet6_destroy_sock may be called from that context due to the asynchronous nature of sockets, we can't take the lock there. In fact this sk_dst_reset is totally redundant since all IPv6 sockets use inet_sock_destruct as their socket destructor which always cleans up the dst anyway. So the solution is to simply remove the call. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-02[IPV4] multipath_wrandom: Fix softirq-unsafe spin lock usageHerbert Xu
The spin locks in multipath_wrandom may be obtained from either process context or softirq context depending on whether the packet is locally or remotely generated. Therefore we need to disable BH processing when taking these locks. This bug was found by Ingo's lock validator. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-02[SCTP]: Fix 'fast retransmit' to send a TSN only once.Vlad Yasevich
SCTP used to "fast retransmit" a TSN every time we hit the number of missing reports for the TSN. However the Implementers Guide specifies that we should only "fast retransmit" a given TSN once. Subsequent retransmits should be timeouts only. Also change the number of missing reports to 3 as per the latest IG(similar to TCP). Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-02[IPV6]: Don't hold extra ref count in ipv6_ifa_notifyHerbert Xu
Currently the logic in ipv6_ifa_notify is to hold an extra reference count for addrconf dst's that get added to the routing table. Thus, when addrconf dst entries are taken out of the routing table, we need to drop that dst. However, addrconf dst entries may be removed from the routing table by means other than __ipv6_ifa_notify. So we're faced with the choice of either fixing up all places where addrconf dst entries are removed, or dropping the extra reference count altogether. I chose the latter because the ifp itself always holds a dst reference count of 1 while it's alive. This is dropped just before we kfree the ifp object. Therefore we know that in __ipv6_ifa_notify we will always hold that count. This bug was found by Eric W. Biederman. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>