aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2008-09-09Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6
2008-09-09[Bluetooth] Reject L2CAP connections on an insecure ACL linkMarcel Holtmann
The Security Mode 4 of the Bluetooth 2.1 specification has strict authentication and encryption requirements. It is the initiators job to create a secure ACL link. However in case of malicious devices, the acceptor has to make sure that the ACL is encrypted before allowing any kind of L2CAP connection. The only exception here is the PSM 1 for the service discovery protocol, because that is allowed to run on an insecure ACL link. Previously it was enough to reject a L2CAP connection during the connection setup phase, but with Bluetooth 2.1 it is forbidden to do any L2CAP protocol exchange on an insecure link (except SDP). The new hci_conn_check_link_mode() function can be used to check the integrity of an ACL link. This functions also takes care of the cases where Security Mode 4 is disabled or one of the devices is based on an older specification. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-09[Bluetooth] Enforce correct authentication requirementsMarcel Holtmann
With the introduction of Security Mode 4 and Simple Pairing from the Bluetooth 2.1 specification it became mandatory that the initiator requires authentication and encryption before any L2CAP channel can be established. The only exception here is PSM 1 for the service discovery protocol (SDP). It is meant to be used without any encryption since it contains only public information. This is how Bluetooth 2.0 and before handle connections on PSM 1. For Bluetooth 2.1 devices the pairing procedure differentiates between no bonding, general bonding and dedicated bonding. The L2CAP layer wrongly uses always general bonding when creating new connections, but it should not do this for SDP connections. In this case the authentication requirement should be no bonding and the just-works model should be used, but in case of non-SDP connection it is required to use general bonding. If the new connection requires man-in-the-middle (MITM) protection, it also first wrongly creates an unauthenticated link key and then later on requests an upgrade to an authenticated link key to provide full MITM protection. With Simple Pairing the link key generation is an expensive operation (compared to Bluetooth 2.0 and before) and doing this twice during a connection setup causes a noticeable delay when establishing a new connection. This should be avoided to not regress from the expected Bluetooth 2.0 connection times. The authentication requirements are known up-front and so enforce them. To fulfill these requirements the hci_connect() function has been extended with an authentication requirement parameter that will be stored inside the connection information and can be retrieved by userspace at any time. This allows the correct IO capabilities exchange and results in the expected behavior. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-09[Bluetooth] Fix reference counting during ACL config stageMarcel Holtmann
The ACL config stage keeps holding a reference count on incoming connections when requesting the extended features. This results in keeping an ACL link up without any users. The problem here is that the Bluetooth specification doesn't define an ownership of the ACL link and thus it can happen that the implementation on the initiator side doesn't care about disconnecting unused links. In this case the acceptor needs to take care of this. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-08Merge branch 'dccp' of git://eden-feed.erg.abdn.ac.uk/dccp_expDavid S. Miller
Conflicts: net/dccp/input.c net/dccp/options.c
2008-09-08Merge branch 'master' of ↵David S. Miller
master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 Conflicts: net/mac80211/mlme.c
2008-09-09ipvs: Embed user stats structure into kernel stats structureSven Wegener
Instead of duplicating the fields, integrate a user stats structure into the kernel stats structure. This is more robust when the members are changed, because they are now automatically kept in sync. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Reviewed-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-09ipvs: Restrict connection table size via KconfigSven Wegener
Instead of checking the value in include/net/ip_vs.h, we can just restrict the range in our Kconfig file. This will prevent values outside of the range early. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Reviewed-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-09IPVS: Remove incorrect ip_route_me_harder(), fix IPv6Julius Volz
Remove an incorrect ip_route_me_harder() that was probably a result of merging my IPv6 patches with the local client patches. With this, IPv6+NAT are working again. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-09ipvs: handle PARTIAL_CHECKSUMSimon Horman
Now that LVS can load balance locally generated traffic, packets may come from the loopback device and thus may have a partial checksum. The existing code allows for the case where there is no checksum at all for TCP, however Herbert Xu has confirmed that this is not legal. Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julius Volz <juliusv@google.com>
2008-09-08netns bridge: cleanup bridges during netns stopAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Stephen Hemminger <shemming@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08netns bridge: allow bridges in netns!Alexey Dobriyan
Bridge as netdevice doesn't cross netns boundaries. Bridge ports and bridge itself live in same netns. Notifiers are fixed. netns propagated from userspace socket for setup and teardown. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Stephen Hemminger <shemming@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08warn: Turn the netdev timeout WARN_ON() into a WARN()Arjan van de Ven
this patch turns the netdev timeout WARN_ON_ONCE() into a WARN_ONCE(), so that the device and driver names are inside the warning message. This helps automated tools like kerneloops.org to collect the data and do statistics, as well as making it more likely that humans cut-n-paste the important message as part of a bugreport. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6
2008-09-08net: Enable TSO if supported by at least one deviceHerbert Xu
As it stands users of netdev_compute_features (e.g., bridges/bonding) will only enable TSO if all consituent devices support it. This is unnecessarily pessimistic since even on devices that do not support hardware TSO and SG, emulated TSO still performs to a par with TSO off. This patch enables TSO if at least on constituent device supports it in hardware. The direct beneficiaries will be virtualisation that uses bridging since this means that TSO will always be enabled for communication from the host to the guests. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: bridge: don't allow setting hello time to zero netns : fix kernel panic in timewait socket destruction pkt_sched: Fix qdisc state in net_tx_action() netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul netfilter: nf_conntrack_gre: nf_ct_gre_keymap_flush() fixlet netfilter: nf_conntrack_gre: more locking around keymap list netfilter: nf_conntrack_sip: de-static helper pointers
2008-09-08bridge: don't allow setting hello time to zeroStephen Hemminger
Dushan Tcholich reports that on his system ksoftirqd can consume between %6 to %10 of cpu time, and cause ~200 context switches per second. He then correlated this with a report by bdupree@techfinesse.com: http://marc.info/?l=linux-kernel&m=119613299024398&w=2 and the culprit cause seems to be starting the bridge interface. In particular, when starting the bridge interface, his scripts are specifying a hello timer interval of "0". The bridge hello time can't be safely set to values less than 1 second, otherwise it is possible to end up with a runaway timer. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08netns : fix kernel panic in timewait socket destructionDaniel Lezcano
How to reproduce ? - create a network namespace - use tcp protocol and get timewait socket - exit the network namespace - after a moment (when the timewait socket is destroyed), the kernel panics. # BUG: unable to handle kernel NULL pointer dereference at 0000000000000007 IP: [<ffffffff821e394d>] inet_twdr_do_twkill_work+0x6e/0xb8 PGD 119985067 PUD 11c5c0067 PMD 0 Oops: 0000 [1] SMP CPU 1 Modules linked in: ipv6 button battery ac loop dm_mod tg3 libphy ext3 jbd edd fan thermal processor thermal_sys sg sata_svw libata dock serverworks sd_mod scsi_mod ide_disk ide_core [last unloaded: freq_table] Pid: 0, comm: swapper Not tainted 2.6.27-rc2 #3 RIP: 0010:[<ffffffff821e394d>] [<ffffffff821e394d>] inet_twdr_do_twkill_work+0x6e/0xb8 RSP: 0018:ffff88011ff7fed0 EFLAGS: 00010246 RAX: ffffffffffffffff RBX: ffffffff82339420 RCX: ffff88011ff7ff30 RDX: 0000000000000001 RSI: ffff88011a4d03c0 RDI: ffff88011ac2fc00 RBP: ffffffff823392e0 R08: 0000000000000000 R09: ffff88002802a200 R10: ffff8800a5c4b000 R11: ffffffff823e4080 R12: ffff88011ac2fc00 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000041cbd940(0000) GS:ffff8800bff839c0(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000007 CR3: 00000000bd87c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process swapper (pid: 0, threadinfo ffff8800bff9e000, task ffff88011ff76690) Stack: ffffffff823392e0 0000000000000100 ffffffff821e3a3a 0000000000000008 0000000000000000 ffffffff821e3a61 ffff8800bff7c000 ffffffff8203c7e7 ffff88011ff7ff10 ffff88011ff7ff10 0000000000000021 ffffffff82351108 Call Trace: <IRQ> [<ffffffff821e3a3a>] ? inet_twdr_hangman+0x0/0x9e [<ffffffff821e3a61>] ? inet_twdr_hangman+0x27/0x9e [<ffffffff8203c7e7>] ? run_timer_softirq+0x12c/0x193 [<ffffffff820390d1>] ? __do_softirq+0x5e/0xcd [<ffffffff8200d08c>] ? call_softirq+0x1c/0x28 [<ffffffff8200e611>] ? do_softirq+0x2c/0x68 [<ffffffff8201a055>] ? smp_apic_timer_interrupt+0x8e/0xa9 [<ffffffff8200cad6>] ? apic_timer_interrupt+0x66/0x70 <EOI> [<ffffffff82011f4c>] ? default_idle+0x27/0x3b [<ffffffff8200abbd>] ? cpu_idle+0x5f/0x7d Code: e8 01 00 00 4c 89 e7 41 ff c5 e8 8d fd ff ff 49 8b 44 24 38 4c 89 e7 65 8b 14 25 24 00 00 00 89 d2 48 8b 80 e8 00 00 00 48 f7 d0 <48> 8b 04 d0 48 ff 40 58 e8 fc fc ff ff 48 89 df e8 c0 5f 04 00 RIP [<ffffffff821e394d>] inet_twdr_do_twkill_work+0x6e/0xb8 RSP <ffff88011ff7fed0> CR2: 0000000000000007 This patch provides a function to purge all timewait sockets related to a network namespace. The timewait sockets life cycle is not tied with the network namespace, that means the timewait sockets stay alive while the network namespace dies. The timewait sockets are for avoiding to receive a duplicate packet from the network, if the network namespace is freed, the network stack is removed, so no chance to receive any packets from the outside world. Furthermore, having a pending destruction timer on these sockets with a network namespace freed is not safe and will lead to an oops if the timer callback which try to access data belonging to the namespace like for example in: inet_twdr_do_twkill_work -> NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITED); Purging the timewait sockets at the network namespace destruction will: 1) speed up memory freeing for the namespace 2) fix kernel panic on asynchronous timewait destruction Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by: Denis V. Lunev <den@openvz.org> Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08mac80211: add missing kernel-docRandy Dunlap
Fix mac80211 kernel-doc missing struct field: Warning(linux-2.6.27-rc1-git2//net/mac80211/sta_info.h:329): No description found for parameter 'tid_seq[IEEE80211_QOS_CTL_TID_MASK + 1]' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-09-08mac80211: Fix rate scale initialization in IBSSEmmanuel Grumbach
This patch address some IBSS rate issues introduced or not covered by "mac80211: eliminate IBSS warning in rate_lowest_index()" and "cfg80211 API for channels/bitrates, mac80211 and driver conversion". This patch: 1. Moves addition of IBSS station from prepare_for_handlers to ieee80211_rx_bss_info when triggered from beacon eliminating bogus supported rates. 2. Initialize properly supported rates also in IBSS merging 3. Ensure that mandatory rates are always added into supported rates. This is needed in case when station addition is triggered from non beacon/probe packet. Some management frames need to be sent 4. Remove initialization of supported rates from self rates. This path was dead code after 6bc37c06bc4 and in general incorrect. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Cc: Vladimir Koutny <vlado@work.ksp.sk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-09-08mac80211: Fix low bit rate in IBSSTomas Winkler
This patch fixes regression in iwlwifi IBSS rate scaling caused by patch: commit 6bc37c06bc424bcf3f944e6a79e2d5bb537e02ed Author: Vladimir Koutny <vlado@work.ksp.sk> Date: Fri Jun 13 16:50:44 2008 +0200 mac80211: eliminate IBSS warning in rate_lowest_index() An IBSS station is added in prepare_for_handlers where the rate scaling was initialized only with single rate matching the received packet. The correct rate scale information should be updated only in ieee80211_rx_bss_info function where beacon is parsed. Because of coding error the rate info was left untouched. If a beacon has triggered the connection the rate remined 1Mbps. This patch fixes this coding error Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Cc: Vladimir Koutny <vlado@work.ksp.sk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-09-07pkt_sched: Fix qdisc state in net_tx_action()Jarek Poplawski
net_tx_action() can skip __QDISC_STATE_SCHED bit clearing while qdisc is neither ran nor rescheduled, which may cause endless loop in dev_deactivate(). Reported-by: Denys Fedoryshchenko <denys@visp.net.lb> Tested-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-07netfilter: nf_conntrack_irc: make sure string is terminated before calling ↵Patrick McHardy
simple_strtoul Alexey Dobriyan points out: 1. simple_strtoul() silently accepts all characters for given base even if result won't fit into unsigned long. This is amazing stupidity in itself, but 2. nf_conntrack_irc helper use simple_strtoul() for DCC request parsing. Data first copied into 64KB buffer, so theoretically nothing prevents reading past the end of it, since data comes from network given 1). This is not actually a problem currently since we're guaranteed to have a 0 byte in skb_shared_info or in the buffer the data is copied to, but to make this more robust, make sure the string is actually terminated. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-07netfilter: nf_conntrack_gre: nf_ct_gre_keymap_flush() fixletAlexey Dobriyan
It does "kfree(list_head)" which looks wrong because entity that was allocated is definitely not list_head. However, this all works because list_head is first item in struct nf_ct_gre_keymap. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-07netfilter: nf_conntrack_gre: more locking around keymap listAlexey Dobriyan
gre_keymap_list should be protected in all places. (unless I'm misreading something) Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-07netfilter: nf_conntrack_sip: de-static helper pointersAlexey Dobriyan
Helper's ->help hook can run concurrently with itself, so iterating over SIP helpers with static pointer won't work reliably. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-08IPVS: use ipv6_addr_copy()Simon Horman
It is standard to use ipv6_addr_copy() to fill in the in6 element of a union nf_inet_addr snet. Thanks to Julius Volz for pointing this out. Cc: Brian Haley <brian.haley@hp.com> Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julius Volz <juliusv@google.com>
2008-09-08IPVS: fix bogus indentationSimon Horman
Sorry, this was my error. Thanks to Julius Volz for pointing it out. Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julius Volz <juliusv@google.com>
2008-09-08ipvs: Reject ipv6 link-local addresses for destinationsSven Wegener
We can't use non-local link-local addresses for destinations, without knowing the interface on which we can reach the address. Reject them for now. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-08ipvs: Mark tcp/udp v4 and v6 debug functions staticSven Wegener
They are only used in this file, so they should be static Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-08ipvs: Return negative error values from ip_vs_edit_service()Sven Wegener
Like the other code in this function does. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-08ipvs: Use pointer to address from sync messageSven Wegener
We want a pointer to it, not the value casted to a pointer. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05cfg80211: keep track of supported interface modesLuis R. Rodriguez
It is obviously good for userspace to know up front which interface modes a given piece of hardware might support (even if adding such an interface might fail later because of concurrency issues), so let's make cfg80211 aware of that. For good measure, disallow adding interfaces in all other modes so drivers don't forget to announce support for one mode when they add it. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Stephen Blackheath <tramp.enshrine.stephen@blacksapphire.com> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-09-05Revert "mac80211: Use IWEVASSOCREQIE instead of IWEVCUSTOM"Linus Torvalds
This reverts commit 087d833e5a9f67ba933cb32eaf5a2279c1a5b47c, which was reported to break wireless at least in some combinations with 32bit user space and a 64bit kernel. Alex Williamnson bisected it to this commit. Reported-and-bisected-by: Alex Williamson <alex.williamson@hp.com> Acked-by: John W. Linville <linville@tuxdriver.com> Cc: David Miller <davem@davemloft.net> Cc: Jouni Malinen <jouni.malinen@atheros.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-05ipvs: load balance ipv6 connections from a local processSimon Horman
This allows IPVS to load balance IPv6 connections made by a local process. For example a proxy server running locally. External client --> pound:443 -> Local:443 --> IPVS:80 --> RealServer This is an extenstion to the IPv4 work done in this area by Siim Põder and Malcolm Turnbull. Cc: Siim Põder <siim@p6drad-teel.net> Cc: Malcolm Turnbull <malcolm@loadbalancer.org> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05ipvs: load balance IPv4 connections from a local processMalcolm Turnbull
This allows IPVS to load balance connections made by a local process. For example a proxy server running locally. External client --> pound:443 -> Local:443 --> IPVS:80 --> RealServer Signed-off-by: Siim Põder <siim@p6drad-teel.net> Signed-off-by: Malcolm Turnbull <malcolm@loadbalancer.org> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Allow adding IPv6 services from userspaceJulius Volz
Allow adding IPv6 services through the genetlink interface and add checks to see if the chosen scheduler is supported with IPv6 and whether the supplied prefix length is sane. Make sure the service count exported via the sockopt interface only counts IPv4 services. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Activate IPv6 Netfilter hooksJulius Volz
Register the previously defined or adapted netfilter hook functions for IPv6 as PF_INET6 hooks. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Adjust various debug outputs to use new macrosJulius Volz
Adjust various debug outputs to use the new *_BUF macro variants for correct output of v4/v6 addresses. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Add function to determine if IPv6 address is localVince Busam
Add __ip_vs_addr_is_local_v6() to find out if an IPv6 address belongs to a local interface. Use this function to decide whether to set the IP_VS_CONN_F_LOCALNODE flag for IPv6 destinations. Signed-off-by: Vince Busam <vbusam@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Turn off FTP application helper for IPv6Julius Volz
Immediately return from FTP application helper and do nothing when dealing with IPv6 packets. IPv6 is not supported by this helper yet. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IVPS: Disable sync daemon for IPv6 connectionsJulius Volz
Disable the sync daemon for IPv6 connections, works only with IPv4 for now. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Convert procfs files for IPv6 entry outputVince Busam
Correctly output IPv6 connection/service/dest entries in procfs files. Signed-off-by: Vince Busam <vbusam@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Convert real server lookup functionsJulius Volz
Convert functions for looking up destinations (real servers) to support IPv6 services/dests. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Add/adjust Netfilter hook functions and helpers for v6Julius Volz
Add Netfilter hook functions or modify existing ones, if possible, to process IPv6 packets. Some support functions are also added/modified for this. ip_vs_nat_icmp_v6() was already added in the patch that added the v6 xmit functions, as it is called from one of them. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Extend scheduling functions for IPv6 supportJulius Volz
Convert ip_vs_schedule() and ip_vs_sched_persist() to support scheduling of IPv6 connections. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Add and bind IPv6 xmit functionsJulius Volz
Add xmit functions for IPv6. Also add the already needed __ip_vs_get_out_rt_v6() to ip_vs_core.c. Bind the new xmit functions to v6 connections. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Add IPv6 support to xmit() support functionsJulius Volz
Add IPv6 support to IP_VS_XMIT() and to the xmit routing cache, introducing a new function __ip_vs_get_out_rt_v6(). Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Extend functions for getting/creating connectionsJulius Volz
Extend functions for getting/creating connections and connection templates for IPv6 support and fix the callers. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
2008-09-05IPVS: Extend protocol DNAT/SNAT and state handlersJulius Volz
Extend protocol DNAT/SNAT and state handlers to work with IPv6. Also change/introduce new checksumming helper functions for this. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>