aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2006-01-07[NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harderPatrick McHardy
ip_route_me_harder doesn't use the port numbers of the xfrm lookup and uses ip_route_input for non-local addresses which doesn't do a xfrm lookup, ip6_route_me_harder doesn't do a xfrm lookup at all. Use xfrm_decode_session and do the lookup manually, make sure both only do the lookup if the packet hasn't been transformed already. Makeing sure the lookup only happens once needs a new field in the IP6CB, which exceeds the size of skb->cb. The size of skb->cb is increased to 48b. Apparently the IPv6 mobile extensions need some more room anyway. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[IPV4]: reset IPCB flags when neccessaryPatrick McHardy
Reset IPSKB_XFRM_TUNNEL_SIZE flags in ipip and ip_gre hard_start_xmit function before the packet reenters IP. This is neccessary so the encapsulated packets are checked not to be oversized in xfrm4_output.c again. Reset all flags in sit when a packet changes its address family. Also remove some obsolete IPSKB flags. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[IPV4/6]: Netfilter IPsec input hooksPatrick McHardy
When the innermost transform uses transport mode the decapsulated packet is not visible to netfilter. Pass the packet through the PRE_ROUTING and LOCAL_IN hooks again before handing it to upper layer protocols to make netfilter-visibility symetrical to the output path. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[IPV6]: Move nextheader offset to the IP6CBPatrick McHardy
Move nextheader offset to the IP6CB to make it possible to pass a packet to ip6_input_finish multiple times and have it skip already parsed headers. As a nice side effect this gets rid of the manual hopopts skipping in ip6_input_finish. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[XFRM]: Netfilter IPsec output hooksPatrick McHardy
Call netfilter hooks before IPsec transforms. Packets visit the FORWARD/LOCAL_OUT and POST_ROUTING hook before the first encapsulation and the LOCAL_OUT and POST_ROUTING hook before each following tunnel mode transform. Patch from Herbert Xu <herbert@gondor.apana.org.au>: Move the loop from dst_output into xfrm4_output/xfrm6_output since they're the only ones who need to it. xfrm{4,6}_output_one() processes the first SA all subsequent transport mode SAs and is called in a loop that calls the netfilter hooks between each two calls. In order to avoid the tail call issue, I've added the inline function nf_hook which is nf_hook_slow plus the empty list check. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[DCCP]: ipv6.c needs net/ip6_checksum.cDavid S. Miller
Reported by Dave Jones. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
2006-01-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuildLinus Torvalds
2006-01-06[NET]: Endian-annotate in_aton()Alexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NET]: Endian-annotate struct iphdrAlexey Dobriyan
And fix trivial warnings that emerged. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[LSM-IPSec]: Corrections to LSM-IPSec NethooksTrent Jaeger
This patch contains two corrections to the LSM-IPsec Nethooks patches previously applied. (1) free a security context on a failed insert via xfrm_user interface in xfrm_add_policy. Memory leak. (2) change the authorization of the allocation of a security context in a xfrm_policy or xfrm_state from both relabelfrom and relabelto to setcontext. Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[PKTGEN]: Adds missing __init.Luiz Capitulino
pktgen_find_thread() and pktgen_create_thread() are only called at initialization time. Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NETFILTER]: ipt_helper.c needs linux/interrupt.hJoe
From: Joe <joecool1029@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[BRIDGE] netfilter: vlan + hw checksum = bug?Stephen Hemminger
It looks like the bridge netfilter code does not correctly update the hardware checksum after popping off the VLAN header. This is by inspection, I have *not* tested this. To test you would need to set up a filtering bridge with vlans and a device the does hardware receive checksum (skge, or sungem) Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[X25]: Fix for broken x25 module.Shaun Pereira
When a user-space server application calls bind on a socket, then in kernel space this bound socket is considered 'x25-linked' and the SOCK_ZAPPED flag is unset.(As in x25_bind()/af_x25.c). Now when a user-space client application attempts to connect to the server on the listening socket, if the kernel accepts this in-coming call, then it returns a new socket to userland and attempts to reply to the caller. The reply/x25_sendmsg() will fail, because the new socket created on call-accept has its SOCK_ZAPPED flag set by x25_make_new(). (sock_init_data() called by x25_alloc_socket() called by x25_make_new() sets the flag to SOCK_ZAPPED)). Fix: Using the sock_copy_flag() routine available in sock.h fixes this. Tested on 32 and 64 bit kernels with x25 over tcp. Signed-off-by: Shaun Pereira <pereira.shaun@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NET]: Change sk_run_filter()'s return type in net/core/filter.cKris Katterjohn
It should return an unsigned value, and fix sk_filter() as well. Signed-off-by: Kris Katterjohn <kjak@ispwest.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NET]: Use newer is_multicast_ether_addr() in some filesKris Katterjohn
This uses is_multicast_ether_addr() because it has recently been changed to do the same thing these seperate tests are doing. Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06kbuild: un-stringnify KBUILD_MODNAMESam Ravnborg
Now when kbuild passes KBUILD_MODNAME with "" do not __stringify it when used. Remove __stringnify for all users. This also fixes the output of: $ ls -l /sys/module/ drwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia drwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia_core drwxr-xr-x 3 root root 0 2006-01-05 14:24 "processor" drwxr-xr-x 3 root root 0 2006-01-05 14:24 "psmouse" The quoting of the module names will be gone again. Thanks to GregKH + Kay Sievers for reproting this. Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
2006-01-06SUNRPC: Make krb5 report unsupported encryption typesJ. Bruce Fields
Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Make spkm3 report unsupported encryption typesJ. Bruce Fields
Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Update the spkm3 code to use the make_checksum interfaceJ. Bruce Fields
Also update the tokenlen calculations to accomodate g_token_size(). Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Clean up xprt_destroy()Trond Myklebust
We ought never to be calling xprt_destroy() if there are still active rpc_tasks. Optimise away the broken code that attempts to "fix" that case. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Ensure client closes the socket when server initiates a closeTrond Myklebust
If the server decides to close the RPC socket, we currently don't actually respond until either another RPC call is scheduled, or until xprt_autoclose() gets called by the socket expiry timer (which may be up to 5 minutes later). This patch ensures that xprt_autoclose() is called much sooner if the server closes the socket. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: get rid of cl_chattyChuck Lever
Clean up: Every ULP that uses the in-kernel RPC client, except the NLM client, sets cl_chatty. There's no reason why NLM shouldn't set it, so just get rid of cl_chatty and always be verbose. Test-plan: Compile with CONFIG_NFS enabled. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: transport switch API for setting port numberChuck Lever
At some point, transport endpoint addresses will no longer be IPv4. To hide the structure of the rpc_xprt's address field from ULPs and port mappers, add an API for setting the port number during an RPC bind operation. Test-plan: Destructive testing (unplugging the network temporarily). Connectathon with UDP and TCP. NFSv2/3 and NFSv4 mounting should be carefully checked. Probably need to rig a server where certain services aren't running, or that returns an error for some typical operation. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: new interface to force an RPC rebindChuck Lever
We'd like to hide fields in rpc_xprt and rpc_clnt from upper layer protocols. Start by creating an API to force RPC rebind, replacing logic that simply sets cl_port to zero. Test-plan: Destructive testing (unplugging the network temporarily). Connectathon with UDP and TCP. NFSv2/3 and NFSv4 mounting should be carefully checked. Probably need to rig a server where certain services aren't running, or that returns an error for some typical operation. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: switchable buffer allocationChuck Lever
Add RPC client transport switch support for replacing buffer management on a per-transport basis. In the current IPv4 socket transport implementation, RPC buffers are allocated as needed for each RPC message that is sent. Some transport implementations may choose to use pre-allocated buffers for encoding, sending, receiving, and unmarshalling RPC messages, however. For transports capable of direct data placement, the buffers can be carved out of a pre-registered area of memory rather than from a slab cache. Test-plan: Millions of fsx operations. Performance characterization with "sio" and "iozone". Use oprofile and other tools to look for significant regression in CPU utilization. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: net/sunrpc/xdr.c: remove xdr_decode_string()Adrian Bunk
This patch removes ths unused function xdr_decode_string(). Signed-off-by: Adrian Bunk <bunk@stusta.de> Acked-by: Neil Brown <neilb@suse.de> Acked-by: Charles Lever <Charles.Lever@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Fix a potential race in rpc_pipefs.Trond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Ensure that SIGKILL will always terminate a synchronous RPC call.Trond Myklebust
...and make sure that the "intr" flag also enables SIGHUP and SIGTERM to interrupt RPC calls too (as per the Solaris implementation). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: rpc_execute should not return task->tk_status;Trond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Get rid of some unused exportsTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06NFSv4: stateful NFSv4 RPC call interfaceTrond Myklebust
The NFSv4 model requires us to complete all RPC calls that might establish state on the server whether or not the user wants to interrupt it. We may also need to schedule new work (including new RPC calls) in order to cancel the new state. The asynchronous RPC model will allow us to ensure that RPC calls always complete, but in order to allow for "synchronous" RPC, we want to add the ability to wait for completion. The waits are, of course, interruptible. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Further cleanupsTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06RPC: Clean up RPC task structureTrond Myklebust
Shrink the RPC task structure. Instead of storing separate pointers for task->tk_exit and task->tk_release, put them in a structure. Also pass the user data pointer as a parameter instead of passing it via task->tk_calldata. This enables us to nest callbacks. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06SUNRPC: Yet more RPC cleanupsTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-01-06[PATCH] Keep nfsd from exiting when seeing recv() errorsOlaf Kirch
I submitted this one previously - svc_tcp_recvfrom currently returns any errors to the caller, including ECONNRESET and the like. This is something svc_recv isn't able to deal with: len = svsk->sk_recvfrom(rqstp); [...] if (len == 0 || len == -EAGAIN) { [...] return -EAGAIN; } [...] return len; The nfsd main loop will exit when it sees an error code other than EAGAIN. The following patch fixes this problem svc_recv is not equipped to deal with error codes other than EAGAIN, and will propagate anything else (such as ECONNRESET) up to nfsd, causing it to exit. Signed-off-by: Olaf Kirch <okir@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-06[PATCH] knfsd: fix hash function for IP addresses on 64bit little-endian ↵NeilBrown
machines. The hash.h hash_long function, when used on a 64 bit machine, ignores many of the middle-order bits. (The prime chosen it too bit-sparse). IP addresses for clients of an NFS server are very likely to differ only in the low-order bits. As addresses are stored in network-byte-order, these bits become middle-order bits in a little-endian 64bit 'long', and so do not contribute to the hash. Thus you can have the situation where all clients appear on one hash chain. So, until hash_long is fixed (or maybe forever), us a hash function that works well on IP addresses - xor the bytes together. Thanks to "Iozone" <capps@iozone.org> for identifying this problem. Cc: "Iozone" <capps@iozone.org> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-05[NET]: Change 1500 to ETH_DATA_LEN in some filesKris Katterjohn
These patches add the header linux/if_ether.h and change 1500 to ETH_DATA_LEN in some files. Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[IPVS]: Another file needs linux/interrupt.hAndrew Morton
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Use HOPLIMIT metric as TTL of TCP reset sent by REJECTYasuyuki Kozakai
HOPLIMIT metric is appropriate to TCP reset sent by REJECT target than hard-coded max TTL. Thanks to David S. Miller for hint. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: nf_conntrack_l3proto_ipv4.c needs net/route.hPatrick McHardy
CC [M] net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.o net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c: In function 'ipv4_refrag': net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c:198: error: dereferencing pointer to incomplete type make[3]: *** [net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.o] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stackPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: make ipv6_find_hdr() find transport protocol headerPatrick McHardy
The original ipv6_find_hdr() finds the specified header in IPv6 packets. This makes it possible to get transport header so that we can kill similar loop in ip6_match_packet(). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Call POST_ROUTING hook before fragmentationPatrick McHardy
Call POST_ROUTING hook before fragmentation to get rid of the okfn use in ip_refrag and save the useless fragmentation/defragmentation step when NAT is used. The patch introduces one user-visible change, the POSTROUTING chain in the mangle table gets entire packets, not fragments, which should simplify use of the MARK and CLASSIFY targets for queueing as a nice side-effect. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Remove okfn usage in ip_vs_core.cPatrick McHardy
okfn should only be used from different contexts to avoid deep call chains, i.e. by nf_queue. Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: ctnetlink: Fix dumping of helper namePatrick McHardy
Properly dump the helper name instead of internal kernel data. Based on patch by Marcus Sundberg <marcus@ingate.com>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Fix module_param types and permissionsPatrick McHardy
Fix netfilter module_param types and permissions. Also fix an off-by-one in the ipt_ULOG nlbufsiz < 128k check. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Filter dumped entries based on the layer 3 protocol numberPablo Neira Ayuso
Dump entries of a given Layer 3 protocol number. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-05[NETFILTER]: Add ctnetlink port for nf_conntrackPablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>