diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-16 10:56:58 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-16 10:56:58 -0400 |
| commit | 8e91f178a2bb4a3e52e76f6263c251ffb816eb17 (patch) | |
| tree | 684ddff23b86c974b80f210389ab6d23555d6003 /net | |
| parent | 8032b526d1a3bd91ad633dd3a3b5fdbc47ad54f1 (diff) | |
| parent | ea8dbdd17099a9a5864ebd4c87e01e657b19c7ab (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits)
r8169: revert "r8169: read MAC address from EEPROM on init (2nd attempt)"
r8169: use hardware auto-padding.
igb: remove ASPM L0s workaround
netxen: remove old flash check.
mv643xx_eth: fix unicast address filter corruption on mtu change
xfrm: Fix xfrm_state_find() wrt. wildcard source address.
emac: Fix clock control for 405EX and 405EXr chips
ixgbe: fix multiple unicast address support
via-velocity: Fix DMA mapping length errors on transmit.
qlge: bugfix: Pad outbound frames smaller than 60 bytes.
qlge: bugfix: Move netif_napi_del() to common call point.
qlge: bugfix: Tell hw to strip vlan header.
qlge: bugfix: Increase filter on inbound csum.
dnet: replace obsolete *netif_rx_* functions with *napi_*
net: Add be2net driver.
dnet: Fix warnings on 64-bit.
dnet: Dave DNET ethernet controller driver (updated)
ipv6: Fix BUG when disabled ipv6 module is unloaded
bnx2x: Using DMAE to initialize the chip
bnx2x: Casting page alignment
...
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv6/af_inet6.c | 3 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 90 |
2 files changed, 61 insertions, 32 deletions
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index da944eca2ca6..9c8309ed35cf 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c | |||
| @@ -1192,6 +1192,9 @@ module_init(inet6_init); | |||
| 1192 | 1192 | ||
| 1193 | static void __exit inet6_exit(void) | 1193 | static void __exit inet6_exit(void) |
| 1194 | { | 1194 | { |
| 1195 | if (disable_ipv6) | ||
| 1196 | return; | ||
| 1197 | |||
| 1195 | /* First of all disallow new sockets creation. */ | 1198 | /* First of all disallow new sockets creation. */ |
| 1196 | sock_unregister(PF_INET6); | 1199 | sock_unregister(PF_INET6); |
| 1197 | /* Disallow any further netlink messages */ | 1200 | /* Disallow any further netlink messages */ |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index e25ff62ab2a6..62a5425cc6aa 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -748,12 +748,51 @@ static void xfrm_hash_grow_check(struct net *net, int have_hash_collision) | |||
| 748 | schedule_work(&net->xfrm.state_hash_work); | 748 | schedule_work(&net->xfrm.state_hash_work); |
| 749 | } | 749 | } |
| 750 | 750 | ||
| 751 | static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x, | ||
| 752 | struct flowi *fl, unsigned short family, | ||
| 753 | xfrm_address_t *daddr, xfrm_address_t *saddr, | ||
| 754 | struct xfrm_state **best, int *acq_in_progress, | ||
| 755 | int *error) | ||
| 756 | { | ||
| 757 | /* Resolution logic: | ||
| 758 | * 1. There is a valid state with matching selector. Done. | ||
| 759 | * 2. Valid state with inappropriate selector. Skip. | ||
| 760 | * | ||
| 761 | * Entering area of "sysdeps". | ||
| 762 | * | ||
| 763 | * 3. If state is not valid, selector is temporary, it selects | ||
| 764 | * only session which triggered previous resolution. Key | ||
| 765 | * manager will do something to install a state with proper | ||
| 766 | * selector. | ||
| 767 | */ | ||
| 768 | if (x->km.state == XFRM_STATE_VALID) { | ||
| 769 | if ((x->sel.family && | ||
| 770 | !xfrm_selector_match(&x->sel, fl, x->sel.family)) || | ||
| 771 | !security_xfrm_state_pol_flow_match(x, pol, fl)) | ||
| 772 | return; | ||
| 773 | |||
| 774 | if (!*best || | ||
| 775 | (*best)->km.dying > x->km.dying || | ||
| 776 | ((*best)->km.dying == x->km.dying && | ||
| 777 | (*best)->curlft.add_time < x->curlft.add_time)) | ||
| 778 | *best = x; | ||
| 779 | } else if (x->km.state == XFRM_STATE_ACQ) { | ||
| 780 | *acq_in_progress = 1; | ||
| 781 | } else if (x->km.state == XFRM_STATE_ERROR || | ||
| 782 | x->km.state == XFRM_STATE_EXPIRED) { | ||
| 783 | if (xfrm_selector_match(&x->sel, fl, x->sel.family) && | ||
| 784 | security_xfrm_state_pol_flow_match(x, pol, fl)) | ||
| 785 | *error = -ESRCH; | ||
| 786 | } | ||
| 787 | } | ||
| 788 | |||
| 751 | struct xfrm_state * | 789 | struct xfrm_state * |
| 752 | xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | 790 | xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, |
| 753 | struct flowi *fl, struct xfrm_tmpl *tmpl, | 791 | struct flowi *fl, struct xfrm_tmpl *tmpl, |
| 754 | struct xfrm_policy *pol, int *err, | 792 | struct xfrm_policy *pol, int *err, |
| 755 | unsigned short family) | 793 | unsigned short family) |
| 756 | { | 794 | { |
| 795 | static xfrm_address_t saddr_wildcard = { }; | ||
| 757 | struct net *net = xp_net(pol); | 796 | struct net *net = xp_net(pol); |
| 758 | unsigned int h; | 797 | unsigned int h; |
| 759 | struct hlist_node *entry; | 798 | struct hlist_node *entry; |
| @@ -773,40 +812,27 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
| 773 | xfrm_state_addr_check(x, daddr, saddr, family) && | 812 | xfrm_state_addr_check(x, daddr, saddr, family) && |
| 774 | tmpl->mode == x->props.mode && | 813 | tmpl->mode == x->props.mode && |
| 775 | tmpl->id.proto == x->id.proto && | 814 | tmpl->id.proto == x->id.proto && |
| 776 | (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) { | 815 | (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) |
| 777 | /* Resolution logic: | 816 | xfrm_state_look_at(pol, x, fl, family, daddr, saddr, |
| 778 | 1. There is a valid state with matching selector. | 817 | &best, &acquire_in_progress, &error); |
| 779 | Done. | 818 | } |
| 780 | 2. Valid state with inappropriate selector. Skip. | 819 | if (best) |
| 781 | 820 | goto found; | |
| 782 | Entering area of "sysdeps". | 821 | |
| 783 | 822 | h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family); | |
| 784 | 3. If state is not valid, selector is temporary, | 823 | hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) { |
| 785 | it selects only session which triggered | 824 | if (x->props.family == family && |
| 786 | previous resolution. Key manager will do | 825 | x->props.reqid == tmpl->reqid && |
| 787 | something to install a state with proper | 826 | !(x->props.flags & XFRM_STATE_WILDRECV) && |
| 788 | selector. | 827 | xfrm_state_addr_check(x, daddr, saddr, family) && |
| 789 | */ | 828 | tmpl->mode == x->props.mode && |
| 790 | if (x->km.state == XFRM_STATE_VALID) { | 829 | tmpl->id.proto == x->id.proto && |
| 791 | if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) || | 830 | (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) |
| 792 | !security_xfrm_state_pol_flow_match(x, pol, fl)) | 831 | xfrm_state_look_at(pol, x, fl, family, daddr, saddr, |
| 793 | continue; | 832 | &best, &acquire_in_progress, &error); |
| 794 | if (!best || | ||
| 795 | best->km.dying > x->km.dying || | ||
| 796 | (best->km.dying == x->km.dying && | ||
| 797 | best->curlft.add_time < x->curlft.add_time)) | ||
| 798 | best = x; | ||
| 799 | } else if (x->km.state == XFRM_STATE_ACQ) { | ||
| 800 | acquire_in_progress = 1; | ||
| 801 | } else if (x->km.state == XFRM_STATE_ERROR || | ||
| 802 | x->km.state == XFRM_STATE_EXPIRED) { | ||
| 803 | if (xfrm_selector_match(&x->sel, fl, x->sel.family) && | ||
| 804 | security_xfrm_state_pol_flow_match(x, pol, fl)) | ||
| 805 | error = -ESRCH; | ||
| 806 | } | ||
| 807 | } | ||
| 808 | } | 833 | } |
| 809 | 834 | ||
| 835 | found: | ||
| 810 | x = best; | 836 | x = best; |
| 811 | if (!x && !error && !acquire_in_progress) { | 837 | if (!x && !error && !acquire_in_progress) { |
| 812 | if (tmpl->id.spi && | 838 | if (tmpl->id.spi && |