aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter_bridge.h1
-rw-r--r--include/linux/security.h40
-rw-r--r--include/linux/skbuff.h33
-rw-r--r--include/net/af_unix.h6
-rw-r--r--include/net/ip6_route.h12
-rw-r--r--include/net/ipv6.h3
-rw-r--r--include/net/netdma.h2
-rw-r--r--include/net/netevent.h33
-rw-r--r--include/net/scm.h29
-rw-r--r--include/net/tcp.h3
10 files changed, 140 insertions, 22 deletions
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 31f02ba036ce..10c13dc4665b 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -6,7 +6,6 @@
6 6
7#include <linux/netfilter.h> 7#include <linux/netfilter.h>
8#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER) 8#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
9#include <asm/atomic.h>
10#include <linux/if_ether.h> 9#include <linux/if_ether.h>
11#endif 10#endif
12 11
diff --git a/include/linux/security.h b/include/linux/security.h
index f75303831d09..6bc2aad494ff 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1109,6 +1109,16 @@ struct swap_info_struct;
1109 * @name contains the name of the security module being unstacked. 1109 * @name contains the name of the security module being unstacked.
1110 * @ops contains a pointer to the struct security_operations of the module to unstack. 1110 * @ops contains a pointer to the struct security_operations of the module to unstack.
1111 * 1111 *
1112 * @secid_to_secctx:
1113 * Convert secid to security context.
1114 * @secid contains the security ID.
1115 * @secdata contains the pointer that stores the converted security context.
1116 *
1117 * @release_secctx:
1118 * Release the security context.
1119 * @secdata contains the security context.
1120 * @seclen contains the length of the security context.
1121 *
1112 * This is the main security structure. 1122 * This is the main security structure.
1113 */ 1123 */
1114struct security_operations { 1124struct security_operations {
@@ -1289,6 +1299,8 @@ struct security_operations {
1289 1299
1290 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1300 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1291 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1301 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1302 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
1303 void (*release_secctx)(char *secdata, u32 seclen);
1292 1304
1293#ifdef CONFIG_SECURITY_NETWORK 1305#ifdef CONFIG_SECURITY_NETWORK
1294 int (*unix_stream_connect) (struct socket * sock, 1306 int (*unix_stream_connect) (struct socket * sock,
@@ -1317,7 +1329,7 @@ struct security_operations {
1317 int (*socket_shutdown) (struct socket * sock, int how); 1329 int (*socket_shutdown) (struct socket * sock, int how);
1318 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); 1330 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
1319 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); 1331 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1320 int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen); 1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1321 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1322 void (*sk_free_security) (struct sock *sk); 1334 void (*sk_free_security) (struct sock *sk);
1323 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
@@ -2059,6 +2071,16 @@ static inline int security_netlink_recv(struct sk_buff * skb, int cap)
2059 return security_ops->netlink_recv(skb, cap); 2071 return security_ops->netlink_recv(skb, cap);
2060} 2072}
2061 2073
2074static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2075{
2076 return security_ops->secid_to_secctx(secid, secdata, seclen);
2077}
2078
2079static inline void security_release_secctx(char *secdata, u32 seclen)
2080{
2081 return security_ops->release_secctx(secdata, seclen);
2082}
2083
2062/* prototypes */ 2084/* prototypes */
2063extern int security_init (void); 2085extern int security_init (void);
2064extern int register_security (struct security_operations *ops); 2086extern int register_security (struct security_operations *ops);
@@ -2725,6 +2747,14 @@ static inline void securityfs_remove(struct dentry *dentry)
2725{ 2747{
2726} 2748}
2727 2749
2750static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2751{
2752 return -EOPNOTSUPP;
2753}
2754
2755static inline void security_release_secctx(char *secdata, u32 seclen)
2756{
2757}
2728#endif /* CONFIG_SECURITY */ 2758#endif /* CONFIG_SECURITY */
2729 2759
2730#ifdef CONFIG_SECURITY_NETWORK 2760#ifdef CONFIG_SECURITY_NETWORK
@@ -2840,10 +2870,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
2840 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); 2870 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
2841} 2871}
2842 2872
2843static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 2873static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2844 u32 *seclen)
2845{ 2874{
2846 return security_ops->socket_getpeersec_dgram(skb, secdata, seclen); 2875 return security_ops->socket_getpeersec_dgram(sock, skb, secid);
2847} 2876}
2848 2877
2849static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 2878static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
@@ -2968,8 +2997,7 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
2968 return -ENOPROTOOPT; 2997 return -ENOPROTOOPT;
2969} 2998}
2970 2999
2971static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 3000static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2972 u32 *seclen)
2973{ 3001{
2974 return -ENOPROTOOPT; 3002 return -ENOPROTOOPT;
2975} 3003}
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 4307e764ef0a..19c96d498e20 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -604,12 +604,17 @@ static inline __u32 skb_queue_len(const struct sk_buff_head *list_)
604 return list_->qlen; 604 return list_->qlen;
605} 605}
606 606
607extern struct lock_class_key skb_queue_lock_key; 607/*
608 608 * This function creates a split out lock class for each invocation;
609 * this is needed for now since a whole lot of users of the skb-queue
610 * infrastructure in drivers have different locking usage (in hardirq)
611 * than the networking core (in softirq only). In the long run either the
612 * network layer or drivers should need annotation to consolidate the
613 * main types of usage into 3 classes.
614 */
609static inline void skb_queue_head_init(struct sk_buff_head *list) 615static inline void skb_queue_head_init(struct sk_buff_head *list)
610{ 616{
611 spin_lock_init(&list->lock); 617 spin_lock_init(&list->lock);
612 lockdep_set_class(&list->lock, &skb_queue_lock_key);
613 list->prev = list->next = (struct sk_buff *)list; 618 list->prev = list->next = (struct sk_buff *)list;
614 list->qlen = 0; 619 list->qlen = 0;
615} 620}
@@ -1104,6 +1109,28 @@ static inline struct sk_buff *dev_alloc_skb(unsigned int length)
1104 return __dev_alloc_skb(length, GFP_ATOMIC); 1109 return __dev_alloc_skb(length, GFP_ATOMIC);
1105} 1110}
1106 1111
1112extern struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
1113 unsigned int length, gfp_t gfp_mask);
1114
1115/**
1116 * netdev_alloc_skb - allocate an skbuff for rx on a specific device
1117 * @dev: network device to receive on
1118 * @length: length to allocate
1119 *
1120 * Allocate a new &sk_buff and assign it a usage count of one. The
1121 * buffer has unspecified headroom built in. Users should allocate
1122 * the headroom they think they need without accounting for the
1123 * built in space. The built in space is used for optimisations.
1124 *
1125 * %NULL is returned if there is no free memory. Although this function
1126 * allocates memory it can be called from an interrupt.
1127 */
1128static inline struct sk_buff *netdev_alloc_skb(struct net_device *dev,
1129 unsigned int length)
1130{
1131 return __netdev_alloc_skb(dev, length, GFP_ATOMIC);
1132}
1133
1107/** 1134/**
1108 * skb_cow - copy header of skb when it is required 1135 * skb_cow - copy header of skb when it is required
1109 * @skb: buffer to cow 1136 * @skb: buffer to cow
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 2fec827c8801..c0398f5a8cb9 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -54,15 +54,13 @@ struct unix_skb_parms {
54 struct ucred creds; /* Skb credentials */ 54 struct ucred creds; /* Skb credentials */
55 struct scm_fp_list *fp; /* Passed files */ 55 struct scm_fp_list *fp; /* Passed files */
56#ifdef CONFIG_SECURITY_NETWORK 56#ifdef CONFIG_SECURITY_NETWORK
57 char *secdata; /* Security context */ 57 u32 secid; /* Security ID */
58 u32 seclen; /* Security length */
59#endif 58#endif
60}; 59};
61 60
62#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) 61#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb))
63#define UNIXCREDS(skb) (&UNIXCB((skb)).creds) 62#define UNIXCREDS(skb) (&UNIXCB((skb)).creds)
64#define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata) 63#define UNIXSID(skb) (&UNIXCB((skb)).secid)
65#define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen)
66 64
67#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) 65#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock)
68#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) 66#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock)
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index ab29dafb1a6a..96b0e66406ec 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -139,16 +139,22 @@ extern rwlock_t rt6_lock;
139/* 139/*
140 * Store a destination cache entry in a socket 140 * Store a destination cache entry in a socket
141 */ 141 */
142static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst, 142static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
143 struct in6_addr *daddr) 143 struct in6_addr *daddr)
144{ 144{
145 struct ipv6_pinfo *np = inet6_sk(sk); 145 struct ipv6_pinfo *np = inet6_sk(sk);
146 struct rt6_info *rt = (struct rt6_info *) dst; 146 struct rt6_info *rt = (struct rt6_info *) dst;
147 147
148 write_lock(&sk->sk_dst_lock);
149 sk_setup_caps(sk, dst); 148 sk_setup_caps(sk, dst);
150 np->daddr_cache = daddr; 149 np->daddr_cache = daddr;
151 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 150 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
151}
152
153static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
154 struct in6_addr *daddr)
155{
156 write_lock(&sk->sk_dst_lock);
157 __ip6_dst_store(sk, dst, daddr);
152 write_unlock(&sk->sk_dst_lock); 158 write_unlock(&sk->sk_dst_lock);
153} 159}
154 160
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index a8fdf7970b37..ece7e8a84ffd 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -468,6 +468,9 @@ extern void ip6_flush_pending_frames(struct sock *sk);
468extern int ip6_dst_lookup(struct sock *sk, 468extern int ip6_dst_lookup(struct sock *sk,
469 struct dst_entry **dst, 469 struct dst_entry **dst,
470 struct flowi *fl); 470 struct flowi *fl);
471extern int ip6_sk_dst_lookup(struct sock *sk,
472 struct dst_entry **dst,
473 struct flowi *fl);
471 474
472/* 475/*
473 * skb processing functions 476 * skb processing functions
diff --git a/include/net/netdma.h b/include/net/netdma.h
index ceae5ee85c04..7f53cd1d8b1e 100644
--- a/include/net/netdma.h
+++ b/include/net/netdma.h
@@ -29,7 +29,7 @@ static inline struct dma_chan *get_softnet_dma(void)
29{ 29{
30 struct dma_chan *chan; 30 struct dma_chan *chan;
31 rcu_read_lock(); 31 rcu_read_lock();
32 chan = rcu_dereference(__get_cpu_var(softnet_data.net_dma)); 32 chan = rcu_dereference(__get_cpu_var(softnet_data).net_dma);
33 if (chan) 33 if (chan)
34 dma_chan_get(chan); 34 dma_chan_get(chan);
35 rcu_read_unlock(); 35 rcu_read_unlock();
diff --git a/include/net/netevent.h b/include/net/netevent.h
new file mode 100644
index 000000000000..e5d216241423
--- /dev/null
+++ b/include/net/netevent.h
@@ -0,0 +1,33 @@
1#ifndef _NET_EVENT_H
2#define _NET_EVENT_H
3
4/*
5 * Generic netevent notifiers
6 *
7 * Authors:
8 * Tom Tucker <tom@opengridcomputing.com>
9 * Steve Wise <swise@opengridcomputing.com>
10 *
11 * Changes:
12 */
13#ifdef __KERNEL__
14
15#include <net/dst.h>
16
17struct netevent_redirect {
18 struct dst_entry *old;
19 struct dst_entry *new;
20};
21
22enum netevent_notif_type {
23 NETEVENT_NEIGH_UPDATE = 1, /* arg is struct neighbour ptr */
24 NETEVENT_PMTU_UPDATE, /* arg is struct dst_entry ptr */
25 NETEVENT_REDIRECT, /* arg is struct netevent_redirect ptr */
26};
27
28extern int register_netevent_notifier(struct notifier_block *nb);
29extern int unregister_netevent_notifier(struct notifier_block *nb);
30extern int call_netevent_notifiers(unsigned long val, void *v);
31
32#endif
33#endif
diff --git a/include/net/scm.h b/include/net/scm.h
index 02daa097cdcd..5637d5e22d5f 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -3,6 +3,7 @@
3 3
4#include <linux/limits.h> 4#include <linux/limits.h>
5#include <linux/net.h> 5#include <linux/net.h>
6#include <linux/security.h>
6 7
7/* Well, we should have at least one descriptor open 8/* Well, we should have at least one descriptor open
8 * to accept passed FDs 8) 9 * to accept passed FDs 8)
@@ -20,8 +21,7 @@ struct scm_cookie
20 struct ucred creds; /* Skb credentials */ 21 struct ucred creds; /* Skb credentials */
21 struct scm_fp_list *fp; /* Passed files */ 22 struct scm_fp_list *fp; /* Passed files */
22#ifdef CONFIG_SECURITY_NETWORK 23#ifdef CONFIG_SECURITY_NETWORK
23 char *secdata; /* Security context */ 24 u32 secid; /* Passed security ID */
24 u32 seclen; /* Security length */
25#endif 25#endif
26 unsigned long seq; /* Connection seqno */ 26 unsigned long seq; /* Connection seqno */
27}; 27};
@@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
32extern void __scm_destroy(struct scm_cookie *scm); 32extern void __scm_destroy(struct scm_cookie *scm);
33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); 33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
34 34
35#ifdef CONFIG_SECURITY_NETWORK
36static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
37{
38 security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
39}
40#else
41static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
42{ }
43#endif /* CONFIG_SECURITY_NETWORK */
44
35static __inline__ void scm_destroy(struct scm_cookie *scm) 45static __inline__ void scm_destroy(struct scm_cookie *scm)
36{ 46{
37 if (scm && scm->fp) 47 if (scm && scm->fp)
@@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
47 scm->creds.pid = p->tgid; 57 scm->creds.pid = p->tgid;
48 scm->fp = NULL; 58 scm->fp = NULL;
49 scm->seq = 0; 59 scm->seq = 0;
60 unix_get_peersec_dgram(sock, scm);
50 if (msg->msg_controllen <= 0) 61 if (msg->msg_controllen <= 0)
51 return 0; 62 return 0;
52 return __scm_send(sock, msg, scm); 63 return __scm_send(sock, msg, scm);
@@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
55#ifdef CONFIG_SECURITY_NETWORK 66#ifdef CONFIG_SECURITY_NETWORK
56static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 67static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
57{ 68{
58 if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) 69 char *secdata;
59 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); 70 u32 seclen;
71 int err;
72
73 if (test_bit(SOCK_PASSSEC, &sock->flags)) {
74 err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
75
76 if (!err) {
77 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
78 security_release_secctx(secdata, seclen);
79 }
80 }
60} 81}
61#else 82#else
62static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 83static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 0720bddff1e9..7a093d0aa0fe 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -914,6 +914,9 @@ static inline void tcp_set_state(struct sock *sk, int state)
914 914
915static inline void tcp_done(struct sock *sk) 915static inline void tcp_done(struct sock *sk)
916{ 916{
917 if(sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
918 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
919
917 tcp_set_state(sk, TCP_CLOSE); 920 tcp_set_state(sk, TCP_CLOSE);
918 tcp_clear_xmit_timers(sk); 921 tcp_clear_xmit_timers(sk);
919 922