diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-11-23 16:55:49 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-11-23 16:55:49 -0500 |
| commit | eb5aaedd8b24e1de04468c06e19a1d8efb79f0dc (patch) | |
| tree | 41bd44f97a455a1a1179cef4c553d19378d4ef92 /net/ipv4 | |
| parent | f3a443af9e85d6c6c7e7506400024a85a8dd9496 (diff) | |
| parent | 4a25417c20fac00b3afd58ce27408f964d19e708 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networkign fixes from David Miller:
"Networking bug fixes, Cacio e Pepe edition:
1) BNX2X accidently accesses chip rev specific registers without an
appropriate guard, fix from Ariel Elior.
2) When we removed the routing cache, we set ip_rt_max_size to ~0 just
to keep reporting a value to userspace via sysfs. But the ipv4
IPSEC layer was using this to tune itself which is completely bogus
to now do. Fix from Steffen Klassert.
3) Missing initialization in netfilter ipset code from Jozsef
Kadlecsik.
4) Check CTA_TIMEOUT_NAME length properly in netfilter cttimeout code,
fix from Florian Westphal.
5) After removing the routing cache, we inadvertantly are caching
multicast routes that end up looping back locally, we cannot do
that legitimately any more. Fix from Julian Anastasov.
6) Revert a race fix for 8139cp qemu/kvm that doesn't actually work
properly on real hardware. From Francois Romieu.
7) Fixup errors in example command lines in VXLAN device docs."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
bnx2x: remove redundant warning log
vxlan: fix command usage in its doc
8139cp: revert "set ring address before enabling receiver"
ipv4: do not cache looped multicasts
netfilter: cttimeout: fix buffer overflow
netfilter: ipset: Fix range bug in hash:ip,port,net
xfrm: Fix the gc threshold value for ipv4
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/route.c | 9 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_policy.c | 13 |
2 files changed, 7 insertions, 15 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index a8c651216fa6..df251424d816 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -1785,6 +1785,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res, | |||
| 1785 | if (dev_out->flags & IFF_LOOPBACK) | 1785 | if (dev_out->flags & IFF_LOOPBACK) |
| 1786 | flags |= RTCF_LOCAL; | 1786 | flags |= RTCF_LOCAL; |
| 1787 | 1787 | ||
| 1788 | do_cache = true; | ||
| 1788 | if (type == RTN_BROADCAST) { | 1789 | if (type == RTN_BROADCAST) { |
| 1789 | flags |= RTCF_BROADCAST | RTCF_LOCAL; | 1790 | flags |= RTCF_BROADCAST | RTCF_LOCAL; |
| 1790 | fi = NULL; | 1791 | fi = NULL; |
| @@ -1793,6 +1794,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res, | |||
| 1793 | if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, | 1794 | if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, |
| 1794 | fl4->flowi4_proto)) | 1795 | fl4->flowi4_proto)) |
| 1795 | flags &= ~RTCF_LOCAL; | 1796 | flags &= ~RTCF_LOCAL; |
| 1797 | else | ||
| 1798 | do_cache = false; | ||
| 1796 | /* If multicast route do not exist use | 1799 | /* If multicast route do not exist use |
| 1797 | * default one, but do not gateway in this case. | 1800 | * default one, but do not gateway in this case. |
| 1798 | * Yes, it is hack. | 1801 | * Yes, it is hack. |
| @@ -1802,8 +1805,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res, | |||
| 1802 | } | 1805 | } |
| 1803 | 1806 | ||
| 1804 | fnhe = NULL; | 1807 | fnhe = NULL; |
| 1805 | do_cache = fi != NULL; | 1808 | do_cache &= fi != NULL; |
| 1806 | if (fi) { | 1809 | if (do_cache) { |
| 1807 | struct rtable __rcu **prth; | 1810 | struct rtable __rcu **prth; |
| 1808 | struct fib_nh *nh = &FIB_RES_NH(*res); | 1811 | struct fib_nh *nh = &FIB_RES_NH(*res); |
| 1809 | 1812 | ||
| @@ -2597,7 +2600,7 @@ int __init ip_rt_init(void) | |||
| 2597 | pr_err("Unable to create route proc files\n"); | 2600 | pr_err("Unable to create route proc files\n"); |
| 2598 | #ifdef CONFIG_XFRM | 2601 | #ifdef CONFIG_XFRM |
| 2599 | xfrm_init(); | 2602 | xfrm_init(); |
| 2600 | xfrm4_init(ip_rt_max_size); | 2603 | xfrm4_init(); |
| 2601 | #endif | 2604 | #endif |
| 2602 | rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); | 2605 | rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); |
| 2603 | 2606 | ||
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 05c5ab8d983c..3be0ac2c1920 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
| @@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void) | |||
| 279 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); | 279 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); |
| 280 | } | 280 | } |
| 281 | 281 | ||
| 282 | void __init xfrm4_init(int rt_max_size) | 282 | void __init xfrm4_init(void) |
| 283 | { | 283 | { |
| 284 | /* | ||
| 285 | * Select a default value for the gc_thresh based on the main route | ||
| 286 | * table hash size. It seems to me the worst case scenario is when | ||
| 287 | * we have ipsec operating in transport mode, in which we create a | ||
| 288 | * dst_entry per socket. The xfrm gc algorithm starts trying to remove | ||
| 289 | * entries at gc_thresh, and prevents new allocations as 2*gc_thresh | ||
| 290 | * so lets set an initial xfrm gc_thresh value at the rt_max_size/2. | ||
| 291 | * That will let us store an ipsec connection per route table entry, | ||
| 292 | * and start cleaning when were 1/2 full | ||
| 293 | */ | ||
| 294 | xfrm4_dst_ops.gc_thresh = rt_max_size/2; | ||
| 295 | dst_entries_init(&xfrm4_dst_ops); | 284 | dst_entries_init(&xfrm4_dst_ops); |
| 296 | 285 | ||
| 297 | xfrm4_state_init(); | 286 | xfrm4_state_init(); |