aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2008-06-09netfilter: {ip,ip6,nfnetlink}_queue: misc cleanupsRami Rosen
- No need to perform data_len = 0 in the switch command, since data_len is initialized to 0 in the beginning of the ipq_build_packet_message() method. - {ip,ip6}_queue: We can reach nlmsg_failure only from one place; skb is sure to be NULL when getting there; since skb is NULL, there is no need to check this fact and call kfree_skb(). Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: ctnetlink: include conntrack status in destroy event messageFabian Hugelshofer
When a conntrack is destroyed, the connection status does not get exported to netlink. I don't see a reason for not doing so. This patch exports the status on all conntrack events. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: nf_conntrack: properly account terminating packetsFabian Hugelshofer
Currently the last packet of a connection isn't accounted when its causing abnormal termination. Introduces nf_ct_kill_acct() which increments the accounting counters on conntrack kill. The new function was necessary, because there are calls to nf_ct_kill() which don't need accounting: nf_conntrack_proto_tcp.c line ~847: Kills ct and returns NF_REPEAT. We don't want to count twice. nf_conntrack_proto_tcp.c line ~880: Kills ct and returns NF_DROP. I think we don't want to count dropped packets. nf_conntrack_netlink.c line ~824: As far as I can see ctnetlink_del_conntrack() is used to destroy a conntrack on behalf of the user. There is an sk_buff, but I don't think this is an actual packet. Incrementing counters here is therefore not desired. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: nf_conntrack: add nf_ct_kill()Patrick McHardy
Encapsulate the common if (del_timer(&ct->timeout)) ct->timeout.function((unsigned long)ct) sequence in a new function. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: nf_conntrack_extend: use krealloc() in nf_conntrack_extend.c V2Pekka Enberg
The ksize() API is going away because it is being abused and it doesn't even work consistenly across different allocators. Therefore, convert net/netfilter/nf_conntrack_extend.c to use krealloc(). Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: ip6_tables: add ip6tables security tableJames Morris
This is a port of the IPv4 security table for IPv6. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: ip_tables: add iptables security table for mandatory access ↵James Morris
control rules The following patch implements a new "security" table for iptables, so that MAC (SELinux etc.) networking rules can be managed separately to standard DAC rules. This is to help with distro integration of the new secmark-based network controls, per various previous discussions. The need for a separate table arises from the fact that existing tools and usage of iptables will likely clash with centralized MAC policy management. The SECMARK and CONNSECMARK targets will still be valid in the mangle table to prevent breakage of existing users. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: ctnetlink: add full support for SCTP to ctnetlinkPablo Neira Ayuso
This patch adds full support for SCTP to ctnetlink. This includes three new attributes: state, original vtag and reply vtag. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: ctnetlink: group errors into logical errno setsPablo Neira Ayuso
This patch groups ctnetlink errors into three logical sets: * Malformed messages: if ctnetlink receives a message without some mandatory attribute, then it returns EINVAL. * Unsupported operations: if userspace tries to perform an unsupported operation, then it returns EOPNOTSUPP. * Unchangeable: if userspace tries to change some attribute of the conntrack object that can only be set once, then it returns EBUSY. This patch reduces the number of -EINVAL from 23 to 14 and it results in 5 -EBUSY and 6 -EOPNOTSUPP. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09netfilter: ebtables: add IPv6 supportKuo-lang Tseng
It implements matching functions for IPv6 address & traffic class (merged from the patch sent by Jan Engelhardt [jengelh@computergmbh.de] http://marc.info/?l=netfilter-devel&m=120182168424052&w=2), protocol, and layer-4 port id. Corresponding watcher logging function is also added for IPv6. Signed-off-by: Kuo-lang Tseng <kuo-lang.tseng@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09af_iucv: exploit target message class support of IUCVUrsula Braun
The first 4 bytes of data to be sent are stored additionally into the message class field of the send request. A receiving target program (not an af_iucv socket program) can make use of this information to pre-screen incoming messages. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09iucv: prevent cpu hotplug when walking cpu_online_map.Heiko Carstens
The code used preempt_disable() to prevent cpu hotplug, however that doesn't protect for cpus being added. So use get_online_cpus() instead. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09iucv: fix section mismatch warning.Heiko Carstens
WARNING: net/iucv/built-in.o(.exit.text+0x9c): Section mismatch in reference from the function iucv_exit() to the variable .cpuinit.data:iucv_cpu_notifier This warning is caused by a reference from unregister_hotcpu_notifier() from an exit function to a cpuinitdata annotated data structurre. This is a false positive warning since for the non CPU_HOTPLUG case unregister_hotcpu_notifier() is a nop. Use __refdata instead of __cpuinitdata to get rid of the warning. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09sctp: Fix problems with the new SCTP_DELAYED_ACK codeVlad Yasevich
The default sack frequency should be 2. Also fix copy/paste error when updating all transports. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05netlink: Remove nonblock parameter from netlink_attachskbDenis V. Lunev
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Message rejection rework preparatory changesAllan Stephens
This patch defines a few new message header manipulation routines, and generalizes the usefulness of another, in preparation for upcoming rework of TIPC's message rejection code. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Fix bugs in rejection of message with short headerAllan Stephens
This patch ensures that TIPC doesn't try to access non-existent message header fields when rejecting a message with a short header. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Message header creation optimizationsAllan Stephens
This patch eliminates several cases where message header fields were being set to the same value twice. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Expand link sequence gap field to 13 bitsAllan Stephens
This patch increases the "sequence gap" field of the LINK_PROTOCOL message header from 8 bits to 13 bits (utilizing 5 previously unused 0 bits). This ensures that the field is big enough to indicate the loss of up to 8191 consecutive messages on the link, thereby accommodating the current worst-case scenario of 4000 lost messages. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Add missing spinlock in name table display codeAllan Stephens
This patch ensures that the display code that traverses the publication lists belonging to a name table entry take its associated spinlock, to protect against a possible change to one of its "head of list" pointers caused by a simultaneous name table lookup operation by another thread of control. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Prevent display of name table types with no publicationsAllan Stephens
This patch adds a check to prevent TIPC's name table display code from listing a name type entry if it exists only to hold subscription info, rather than published names. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Optimize message initialization routineAllan Stephens
This patch eliminates the rarely-used "error code" argument when initializing a TIPC message header, since the default value of zero is the desired result in most cases; the few exceptional cases now set the error code explicitly. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Prevent access of non-existent field in short message headerAllan Stephens
This patch eliminates a case where TIPC's link code could try reading a field that is not present in a short message header. (The random value obtained was not being used, but the read operation could result in an invalid memory access exception in extremely rare circumstances.) Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Minor optimizations to received message processingAllan Stephens
This patch enhances TIPC's handler for incoming messages in two ways: - the trivial, single-use routine for processing non-sequenced messages has been merged into the main handler - the interface that received a message is now identified without having to access and/or modify the associated sk_buff Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Fix minor bugs in link session number handlingAllan Stephens
This patch introduces a new, out-of-range value to indicate that a link endpoint does not have an existing session established with its peer, eliminating the risk that the previously used "invalid session number" value (i.e. zero) might eventually be assigned as a valid session number and cause incorrect link behavior. The patch also introduces explicit bit masking when assigning a new link session number to ensure it does not exceed 16 bits. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Fix bugs in message error code display when debuggingAllan Stephens
This patch corrects two problems in the display of error code information in TIPC messages when debugging: - no longer tries to display error code in NAME_DISTRIBUTOR messages, which don't have the error field - now displays error code in 24 byte data messages, which do have the error field Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Standardize error checking on incoming messages via native APIAllan Stephens
This patch re-orders & re-groups the error checks performed on messages being delivered to native API ports, in order to clarify the similarities and differences required for the various message types. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04tipc: Fix bug in connection setup via native APIAllan Stephens
This patch fixes a bug that prevented TIPC from receiving a connection setup request message on a native TIPC port. The revised connection setup logic ensures that validation of the source of a connection-based message is skipped if the port is not yet connected to a peer. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-25irda: Push BKL down into irda ioctl handlersAlan Cox
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-25wanrouter: Push down BKLAlan Cox
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-25Merge branch 'master' of ↵David S. Miller
master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/cpmac.c net/mac80211/mlme.c
2008-05-23vlan: Use bitmask of feature flags instead of seperate feature bitsPatrick McHardy
Herbert Xu points out that the use of seperate feature bits for features to be propagated to VLAN devices is going to get messy real soon. Replace the VLAN feature bits by a bitmask of feature flags to be propagated and restore the old GSO_SHIFT/MASK values. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21net: The world is not perfect patch.Rami Rosen
Unless there will be any objection here, I suggest consider the following patch which simply removes the code for the -DI_WISH_WORLD_WERE_PERFECT in the three methods which use it. The compilation errors we get when using -DI_WISH_WORLD_WERE_PERFECT show that this code was not built and not used for really a long time. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21xfrm_user: Remove zero length key checks.David S. Miller
The crypto layer will determine whether that is valid or not. Suggested by Herbert Xu, based upon a report and patch by Martin Willi. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
2008-05-21net/ipv4/arp.c: Use common hex_asc helpersDenis Cheng
Here the local hexbuf is a duplicate of global const char hex_asc from lib/hexdump.c, except the hex letters' cases: const char hexbuf[] = "0123456789ABCDEF"; const char hex_asc[] = "0123456789abcdef"; and here to print HW addresses, the hex cases are not significant. Thanks to Harvey Harrison to introduce the hex_asc_hi/hex_asc_lo helpers. Signed-off-by: Denis Cheng <crquan@gmail.com> Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21tcp: TCP connection times out if ICMP frag needed is delayedSridhar Samudrala
We are seeing an issue with TCP in handling an ICMP frag needed message that is received after net.ipv4.tcp_retries1 retransmits. The default value of retries1 is 3. So if the path mtu changes and ICMP frag needed is lost for the first 3 retransmits or if it gets delayed until 3 retransmits are done, TCP doesn't update MSS correctly and continues to retransmit the orginal message until it timesout after tcp_retries2 retransmits. I am seeing this issue even with the latest 2.6.25.4 kernel. In tcp_retransmit_timer(), when retransmits counter exceeds tcp_retries1 value, the dst cache entry of the socket is reset. At this time, if we receive an ICMP frag needed message, the dst entry gets updated with the new MTU, but the TCP sockets dst_cache entry remains NULL. So the next time when we try to retransmit after the ICMP frag needed is received, tcp_retransmit_skb() gets called. Here the cur_mss value is calculated at the start of the routine with a NULL sk_dst_cache. Instead we should call tcp_current_mss after the rebuild_header that caches the dst entry with the updated mtu. Also the rebuild_header should be called before tcp_fragment so that skb is fragmented if the mss goes down. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21tipc: Fix initialization sequence problems when entering network modeAllan Stephens
This patch ensures that TIPC's topology service and configuration service are shut down before switching into "network mode". This ensures that TIPC does not mistakenly try to send unnecessary "publication withdraw" messages to other nodes before it is fully initialized for sending off-node messages. Note that the node's current network address is now updated only after the two services are shut down; this ensures that any existing connections to the topology server are terminated correctly using the old address. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21tipc: Update "previous node" indicators when node address changesAllan Stephens
This patch ensures that the "previous node" field in any existing TIPC port message header templates is updated properly when a TIPC network address is assigned to the node. (Previously, only the "originating node" field was updated.) Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21tipc: Optimize null pointer check during neighbor discoveryAllan Stephens
This patch optimizes TIPC neighbor discovery code to avoid testing for a null node pointer when the pointer is already known to be non-null. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21tipc: Prevent node object duplication due to simultaneous discoveryAllan Stephens
This patch ensures that the simultaneous discovery of the same neighboring node by multiple interfaces does not cause TIPC to add the node into its internal data structures more than once. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21tipc: Fix skb_under_panic when configuring TIPC without privilegesAllan Stephens
This patch prevents a TIPC configuration command requiring network administrator privileges from triggering an skbuff underrun if it is issued by a process lacking those privileges. The revised error handling code avoids the use of a potentially uninitialized global variable by transforming the unauthorized command into a new command, then following the standard command processing path to generate the required error message. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21ip6mr: Use on-device stats instead of private ones.Pavel Emelyanov
Similar to ipmr. [ Fix build failures -DaveM ] Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21ipmr: Use on-device stats instead of private ones.Pavel Emelyanov
These devices use the private area of appropriate size for statistics. Turning them to use on-device ones make them "privless" and thus - really small wrt kmalloc cache, they are allocated from. Besides, code looks nicer, because of absence of multi-braced type casts and dereferences. [ Fix build failures -DaveM ] Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21ip6tnl: Use on-device stats instead of private ones.Pavel Emelyanov
This tunnel uses its own private structure and requires separate patch to switch from private stats to on-device ones. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21ipmr: Ipip tunnel uses on-device stats.Pavel Emelyanov
The ipmr uses ipip tunnels for its purposes and updates the tunnels' stats, but the ipip driver is already switched to use on-device ones. Actually, this is a part of the patch #4 from this set. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21sit: Use on-device stats instead of private ones.Pavel Emelyanov
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21ipip: Use on-device stats instead of private ones.Pavel Emelyanov
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21ipgre: Use on-device stats instead of private ones.Pavel Emelyanov
Just switch from tunnel->stat to tunnel->dev->stats. The ip_tunnel->stat member itself will be removed after I fix its other users (very soon). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21bridge: Use on-device stats instead of private ones.Pavel Emelyanov
Even though bridges require 6 fields from struct net_device_stats, the on-device stats are always there, so we may just use them. The br_dev_get_stats is no longer required after this. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-21net: The dev->get_stats pointer is not NULL nowadays.Pavel Emelyanov
And so does the pointer is returns, but sysfs and netlinks still check for both cases. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>