aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/802/Kconfig7
-rw-r--r--net/802/Makefile2
-rw-r--r--net/802/garp.c636
-rw-r--r--net/802/psnap.c5
-rw-r--r--net/802/stp.c102
-rw-r--r--net/8021q/Kconfig10
-rw-r--r--net/8021q/Makefile12
-rw-r--r--net/8021q/vlan.c91
-rw-r--r--net/8021q/vlan.h88
-rw-r--r--net/8021q/vlan_core.c64
-rw-r--r--net/8021q/vlan_dev.c307
-rw-r--r--net/8021q/vlan_gvrp.c66
-rw-r--r--net/8021q/vlan_netlink.c7
-rw-r--r--net/8021q/vlanproc.c13
-rw-r--r--net/9p/trans_fd.c2
-rw-r--r--net/Kconfig8
-rw-r--r--net/Makefile4
-rw-r--r--net/appletalk/aarp.c4
-rw-r--r--net/appletalk/ddp.c10
-rw-r--r--net/atm/addr.c10
-rw-r--r--net/atm/addr.h4
-rw-r--r--net/atm/br2684.c92
-rw-r--r--net/atm/clip.c2
-rw-r--r--net/atm/common.c8
-rw-r--r--net/atm/lec.c55
-rw-r--r--net/atm/lec.h10
-rw-r--r--net/atm/mpc.c24
-rw-r--r--net/ax25/af_ax25.c8
-rw-r--r--net/ax25/ax25_in.c2
-rw-r--r--net/ax25/ax25_std_timer.c8
-rw-r--r--net/ax25/ax25_subr.c11
-rw-r--r--net/ax25/sysctl_net_ax25.c14
-rw-r--r--net/bluetooth/af_bluetooth.c55
-rw-r--r--net/bluetooth/bnep/bnep.h4
-rw-r--r--net/bluetooth/bnep/core.c26
-rw-r--r--net/bluetooth/bnep/netdev.c4
-rw-r--r--net/bluetooth/bnep/sock.c4
-rw-r--r--net/bluetooth/hci_conn.c96
-rw-r--r--net/bluetooth/hci_core.c42
-rw-r--r--net/bluetooth/hci_event.c512
-rw-r--r--net/bluetooth/hci_sock.c18
-rw-r--r--net/bluetooth/hci_sysfs.c384
-rw-r--r--net/bluetooth/hidp/core.c10
-rw-r--r--net/bluetooth/l2cap.c339
-rw-r--r--net/bluetooth/rfcomm/core.c98
-rw-r--r--net/bluetooth/rfcomm/sock.c25
-rw-r--r--net/bluetooth/rfcomm/tty.c83
-rw-r--r--net/bluetooth/sco.c16
-rw-r--r--net/bridge/Kconfig1
-rw-r--r--net/bridge/br.c18
-rw-r--r--net/bridge/br_device.c38
-rw-r--r--net/bridge/br_fdb.c3
-rw-r--r--net/bridge/br_forward.c6
-rw-r--r--net/bridge/br_if.c25
-rw-r--r--net/bridge/br_input.c25
-rw-r--r--net/bridge/br_ioctl.c2
-rw-r--r--net/bridge/br_netfilter.c63
-rw-r--r--net/bridge/br_notify.c4
-rw-r--r--net/bridge/br_private.h16
-rw-r--r--net/bridge/br_private_stp.h2
-rw-r--r--net/bridge/br_stp.c28
-rw-r--r--net/bridge/br_stp_bpdu.c16
-rw-r--r--net/bridge/br_stp_if.c6
-rw-r--r--net/bridge/br_stp_timer.c2
-rw-r--r--net/bridge/netfilter/Kconfig11
-rw-r--r--net/bridge/netfilter/Makefile1
-rw-r--r--net/bridge/netfilter/ebt_ip6.c144
-rw-r--r--net/bridge/netfilter/ebt_log.c66
-rw-r--r--net/bridge/netfilter/ebtable_filter.c18
-rw-r--r--net/bridge/netfilter/ebtable_nat.c18
-rw-r--r--net/can/af_can.c14
-rw-r--r--net/can/bcm.c25
-rw-r--r--net/can/raw.c5
-rw-r--r--net/compat.c54
-rw-r--r--net/core/datagram.c95
-rw-r--r--net/core/dev.c583
-rw-r--r--net/core/dev_mcast.c24
-rw-r--r--net/core/ethtool.c37
-rw-r--r--net/core/fib_rules.c6
-rw-r--r--net/core/filter.c1
-rw-r--r--net/core/flow.c2
-rw-r--r--net/core/iovec.c2
-rw-r--r--net/core/link_watch.c11
-rw-r--r--net/core/neighbour.c30
-rw-r--r--net/core/net-sysfs.c26
-rw-r--r--net/core/net_namespace.c3
-rw-r--r--net/core/netpoll.c25
-rw-r--r--net/core/pktgen.c148
-rw-r--r--net/core/request_sock.c2
-rw-r--r--net/core/rtnetlink.c29
-rw-r--r--net/core/skbuff.c195
-rw-r--r--net/core/sock.c10
-rw-r--r--net/core/stream.c6
-rw-r--r--net/core/sysctl_net_core.c43
-rw-r--r--net/core/user_dma.c8
-rw-r--r--net/core/utils.c5
-rw-r--r--net/dccp/ackvec.c29
-rw-r--r--net/dccp/ccids/ccid3.c41
-rw-r--r--net/dccp/ccids/lib/loss_interval.c10
-rw-r--r--net/dccp/ccids/lib/packet_history.c103
-rw-r--r--net/dccp/ccids/lib/packet_history.h30
-rw-r--r--net/dccp/ccids/lib/tfrc.c8
-rw-r--r--net/dccp/ccids/lib/tfrc.h25
-rw-r--r--net/dccp/ccids/lib/tfrc_equation.c8
-rw-r--r--net/dccp/dccp.h22
-rw-r--r--net/dccp/input.c12
-rw-r--r--net/dccp/ipv4.c37
-rw-r--r--net/dccp/ipv6.c34
-rw-r--r--net/dccp/minisocks.c11
-rw-r--r--net/dccp/options.c18
-rw-r--r--net/dccp/output.c55
-rw-r--r--net/dccp/probe.c2
-rw-r--r--net/dccp/proto.c13
-rw-r--r--net/dccp/timer.c24
-rw-r--r--net/decnet/af_decnet.c34
-rw-r--r--net/decnet/dn_route.c2
-rw-r--r--net/decnet/dn_rules.c2
-rw-r--r--net/econet/af_econet.c8
-rw-r--r--net/ieee80211/ieee80211_rx.c2
-rw-r--r--net/ieee80211/ieee80211_tx.c86
-rw-r--r--net/ieee80211/ieee80211_wx.c137
-rw-r--r--net/ipv4/Kconfig4
-rw-r--r--net/ipv4/af_inet.c114
-rw-r--r--net/ipv4/arp.c9
-rw-r--r--net/ipv4/datagram.c2
-rw-r--r--net/ipv4/devinet.c65
-rw-r--r--net/ipv4/esp4.c2
-rw-r--r--net/ipv4/fib_frontend.c20
-rw-r--r--net/ipv4/fib_hash.c8
-rw-r--r--net/ipv4/fib_rules.c4
-rw-r--r--net/ipv4/fib_semantics.c7
-rw-r--r--net/ipv4/fib_trie.c47
-rw-r--r--net/ipv4/icmp.c53
-rw-r--r--net/ipv4/igmp.c73
-rw-r--r--net/ipv4/inet_connection_sock.c42
-rw-r--r--net/ipv4/inet_diag.c2
-rw-r--r--net/ipv4/inet_fragment.c20
-rw-r--r--net/ipv4/inet_hashtables.c31
-rw-r--r--net/ipv4/inet_lro.c3
-rw-r--r--net/ipv4/inet_timewait_sock.c23
-rw-r--r--net/ipv4/inetpeer.c2
-rw-r--r--net/ipv4/ip_forward.c11
-rw-r--r--net/ipv4/ip_fragment.c67
-rw-r--r--net/ipv4/ip_gre.c32
-rw-r--r--net/ipv4/ip_input.c40
-rw-r--r--net/ipv4/ip_options.c2
-rw-r--r--net/ipv4/ip_output.c37
-rw-r--r--net/ipv4/ip_sockglue.c2
-rw-r--r--net/ipv4/ipcomp.c319
-rw-r--r--net/ipv4/ipconfig.c6
-rw-r--r--net/ipv4/ipip.c24
-rw-r--r--net/ipv4/ipmr.c125
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_conn.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c5
-rw-r--r--net/ipv4/ipvs/ip_vs_ctl.c29
-rw-r--r--net/ipv4/ipvs/ip_vs_dh.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_est.c118
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_lblc.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_lblcr.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_lc.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_nq.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_proto.c6
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_ah.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_esp.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_rr.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_sched.c6
-rw-r--r--net/ipv4/ipvs/ip_vs_sed.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_sh.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_sync.c433
-rw-r--r--net/ipv4/ipvs/ip_vs_wlc.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_wrr.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c2
-rw-r--r--net/ipv4/netfilter/Kconfig15
-rw-r--r--net/ipv4/netfilter/Makefile1
-rw-r--r--net/ipv4/netfilter/arptable_filter.c39
-rw-r--r--net/ipv4/netfilter/ip_queue.c5
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c5
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c2
-rw-r--r--net/ipv4/netfilter/ipt_addrtype.c2
-rw-r--r--net/ipv4/netfilter/ipt_recent.c2
-rw-r--r--net/ipv4/netfilter/iptable_security.c180
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c18
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c5
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c11
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_common.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_sctp.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c38
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c16
-rw-r--r--net/ipv4/proc.c115
-rw-r--r--net/ipv4/protocol.c2
-rw-r--r--net/ipv4/raw.c19
-rw-r--r--net/ipv4/route.c371
-rw-r--r--net/ipv4/syncookies.c12
-rw-r--r--net/ipv4/sysctl_net_ipv4.c13
-rw-r--r--net/ipv4/tcp.c154
-rw-r--r--net/ipv4/tcp_diag.c2
-rw-r--r--net/ipv4/tcp_input.c339
-rw-r--r--net/ipv4/tcp_ipv4.c358
-rw-r--r--net/ipv4/tcp_minisocks.c166
-rw-r--r--net/ipv4/tcp_output.c468
-rw-r--r--net/ipv4/tcp_probe.c2
-rw-r--r--net/ipv4/tcp_timer.c34
-rw-r--r--net/ipv4/tunnel4.c2
-rw-r--r--net/ipv4/udp.c89
-rw-r--r--net/ipv4/udp_impl.h2
-rw-r--r--net/ipv4/udplite.c3
-rw-r--r--net/ipv4/xfrm4_mode_beet.c6
-rw-r--r--net/ipv4/xfrm4_mode_tunnel.c2
-rw-r--r--net/ipv6/Kconfig4
-rw-r--r--net/ipv6/addrconf.c222
-rw-r--r--net/ipv6/addrlabel.c106
-rw-r--r--net/ipv6/af_inet6.c42
-rw-r--r--net/ipv6/anycast.c2
-rw-r--r--net/ipv6/datagram.c54
-rw-r--r--net/ipv6/esp6.c4
-rw-r--r--net/ipv6/exthdrs.c6
-rw-r--r--net/ipv6/fib6_rules.c3
-rw-r--r--net/ipv6/icmp.c28
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/inet6_hashtables.c17
-rw-r--r--net/ipv6/ip6_fib.c94
-rw-r--r--net/ipv6/ip6_flowlabel.c2
-rw-r--r--net/ipv6/ip6_input.c16
-rw-r--r--net/ipv6/ip6_output.c29
-rw-r--r--net/ipv6/ip6_tunnel.c28
-rw-r--r--net/ipv6/ip6mr.c83
-rw-r--r--net/ipv6/ipcomp6.c302
-rw-r--r--net/ipv6/ipv6_sockglue.c61
-rw-r--r--net/ipv6/mcast.c9
-rw-r--r--net/ipv6/mip6.c8
-rw-r--r--net/ipv6/ndisc.c13
-rw-r--r--net/ipv6/netfilter/Kconfig12
-rw-r--r--net/ipv6/netfilter/Makefile1
-rw-r--r--net/ipv6/netfilter/ip6_queue.c5
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c31
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c2
-rw-r--r--net/ipv6/netfilter/ip6table_security.c172
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c5
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c13
-rw-r--r--net/ipv6/proc.c34
-rw-r--r--net/ipv6/protocol.c2
-rw-r--r--net/ipv6/raw.c25
-rw-r--r--net/ipv6/reassembly.c69
-rw-r--r--net/ipv6/route.c125
-rw-r--r--net/ipv6/sit.c70
-rw-r--r--net/ipv6/syncookies.c30
-rw-r--r--net/ipv6/sysctl_net_ipv6.c45
-rw-r--r--net/ipv6/tcp_ipv6.c309
-rw-r--r--net/ipv6/tunnel6.c2
-rw-r--r--net/ipv6/udp.c67
-rw-r--r--net/ipv6/udp_impl.h2
-rw-r--r--net/ipv6/udplite.c2
-rw-r--r--net/ipv6/xfrm6_mode_beet.c29
-rw-r--r--net/ipv6/xfrm6_policy.c4
-rw-r--r--net/ipx/af_ipx.c4
-rw-r--r--net/irda/af_irda.c12
-rw-r--r--net/irda/ircomm/ircomm_tty.c14
-rw-r--r--net/irda/irlap_frame.c2
-rw-r--r--net/irda/irnet/irnet.h1
-rw-r--r--net/irda/irnet/irnet_ppp.c57
-rw-r--r--net/irda/irnet/irnet_ppp.h7
-rw-r--r--net/irda/irnetlink.c4
-rw-r--r--net/iucv/af_iucv.c9
-rw-r--r--net/iucv/iucv.c42
-rw-r--r--net/key/af_key.c629
-rw-r--r--net/llc/af_llc.c4
-rw-r--r--net/llc/llc_input.c2
-rw-r--r--net/llc/llc_sap.c10
-rw-r--r--net/mac80211/Kconfig164
-rw-r--r--net/mac80211/Makefile20
-rw-r--r--net/mac80211/aes_ccm.c53
-rw-r--r--net/mac80211/aes_ccm.h6
-rw-r--r--net/mac80211/cfg.c147
-rw-r--r--net/mac80211/debugfs.c58
-rw-r--r--net/mac80211/debugfs_key.c14
-rw-r--r--net/mac80211/debugfs_netdev.c59
-rw-r--r--net/mac80211/debugfs_netdev.h5
-rw-r--r--net/mac80211/debugfs_sta.c56
-rw-r--r--net/mac80211/ieee80211_i.h191
-rw-r--r--net/mac80211/iface.c396
-rw-r--r--net/mac80211/key.c20
-rw-r--r--net/mac80211/key.h54
-rw-r--r--net/mac80211/main.c629
-rw-r--r--net/mac80211/mesh.c38
-rw-r--r--net/mac80211/mesh.h7
-rw-r--r--net/mac80211/mesh_hwmp.c21
-rw-r--r--net/mac80211/mesh_pathtbl.c65
-rw-r--r--net/mac80211/mesh_plink.c88
-rw-r--r--net/mac80211/michael.c116
-rw-r--r--net/mac80211/michael.h8
-rw-r--r--net/mac80211/mlme.c1181
-rw-r--r--net/mac80211/rate.c12
-rw-r--r--net/mac80211/rate.h37
-rw-r--r--net/mac80211/rc80211_pid.h9
-rw-r--r--net/mac80211/rc80211_pid_algo.c71
-rw-r--r--net/mac80211/rc80211_pid_debugfs.c8
-rw-r--r--net/mac80211/rx.c795
-rw-r--r--net/mac80211/sta_info.c55
-rw-r--r--net/mac80211/sta_info.h168
-rw-r--r--net/mac80211/tkip.c282
-rw-r--r--net/mac80211/tkip.h8
-rw-r--r--net/mac80211/tx.c1209
-rw-r--r--net/mac80211/util.c141
-rw-r--r--net/mac80211/wep.c75
-rw-r--r--net/mac80211/wep.h2
-rw-r--r--net/mac80211/wext.c179
-rw-r--r--net/mac80211/wme.c684
-rw-r--r--net/mac80211/wme.h43
-rw-r--r--net/mac80211/wpa.c403
-rw-r--r--net/netfilter/Kconfig14
-rw-r--r--net/netfilter/Makefile2
-rw-r--r--net/netfilter/nf_conntrack_acct.c104
-rw-r--r--net/netfilter/nf_conntrack_core.c65
-rw-r--r--net/netfilter/nf_conntrack_expect.c4
-rw-r--r--net/netfilter/nf_conntrack_extend.c27
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c22
-rw-r--r--net/netfilter/nf_conntrack_helper.c1
-rw-r--r--net/netfilter/nf_conntrack_netlink.c113
-rw-r--r--net/netfilter/nf_conntrack_proto_dccp.c3
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c80
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c59
-rw-r--r--net/netfilter/nf_conntrack_standalone.c46
-rw-r--r--net/netfilter/nf_log.c4
-rw-r--r--net/netfilter/nf_sockopt.c2
-rw-r--r--net/netfilter/nfnetlink_log.c8
-rw-r--r--net/netfilter/nfnetlink_queue.c3
-rw-r--r--net/netfilter/xt_CONNSECMARK.c10
-rw-r--r--net/netfilter/xt_SECMARK.c10
-rw-r--r--net/netfilter/xt_TCPMSS.c42
-rw-r--r--net/netfilter/xt_connbytes.c8
-rw-r--r--net/netfilter/xt_connlimit.c3
-rw-r--r--net/netfilter/xt_hashlimit.c4
-rw-r--r--net/netfilter/xt_string.c38
-rw-r--r--net/netfilter/xt_time.c2
-rw-r--r--net/netlabel/netlabel_cipso_v4.c9
-rw-r--r--net/netlabel/netlabel_domainhash.c3
-rw-r--r--net/netlabel/netlabel_mgmt.c12
-rw-r--r--net/netlabel/netlabel_unlabeled.c10
-rw-r--r--net/netlink/af_netlink.c13
-rw-r--r--net/netlink/attr.c19
-rw-r--r--net/netlink/genetlink.c21
-rw-r--r--net/netrom/af_netrom.c26
-rw-r--r--net/packet/af_packet.c226
-rw-r--r--net/rfkill/rfkill-input.c122
-rw-r--r--net/rfkill/rfkill-input.h1
-rw-r--r--net/rfkill/rfkill.c387
-rw-r--r--net/rose/af_rose.c28
-rw-r--r--net/rose/rose_route.c29
-rw-r--r--net/rxrpc/af_rxrpc.c6
-rw-r--r--net/rxrpc/ar-accept.c2
-rw-r--r--net/rxrpc/ar-input.c5
-rw-r--r--net/sched/Kconfig11
-rw-r--r--net/sched/act_api.c20
-rw-r--r--net/sched/act_gact.c2
-rw-r--r--net/sched/act_ipt.c2
-rw-r--r--net/sched/act_mirred.c4
-rw-r--r--net/sched/act_nat.c2
-rw-r--r--net/sched/act_pedit.c2
-rw-r--r--net/sched/act_police.c10
-rw-r--r--net/sched/act_simple.c2
-rw-r--r--net/sched/cls_api.c20
-rw-r--r--net/sched/cls_flow.c52
-rw-r--r--net/sched/cls_route.c12
-rw-r--r--net/sched/cls_u32.c28
-rw-r--r--net/sched/sch_api.c695
-rw-r--r--net/sched/sch_atm.c37
-rw-r--r--net/sched/sch_cbq.c194
-rw-r--r--net/sched/sch_dsmark.c28
-rw-r--r--net/sched/sch_fifo.c49
-rw-r--r--net/sched/sch_generic.c389
-rw-r--r--net/sched/sch_gred.c17
-rw-r--r--net/sched/sch_hfsc.c126
-rw-r--r--net/sched/sch_htb.c265
-rw-r--r--net/sched/sch_ingress.c4
-rw-r--r--net/sched/sch_netem.c70
-rw-r--r--net/sched/sch_prio.c163
-rw-r--r--net/sched/sch_red.c42
-rw-r--r--net/sched/sch_sfq.c30
-rw-r--r--net/sched/sch_tbf.c54
-rw-r--r--net/sched/sch_teql.c57
-rw-r--r--net/sctp/Kconfig4
-rw-r--r--net/sctp/Makefile4
-rw-r--r--net/sctp/associola.c40
-rw-r--r--net/sctp/auth.c7
-rw-r--r--net/sctp/bind_addr.c37
-rw-r--r--net/sctp/endpointola.c4
-rw-r--r--net/sctp/input.c38
-rw-r--r--net/sctp/ipv6.c42
-rw-r--r--net/sctp/output.c22
-rw-r--r--net/sctp/outqueue.c158
-rw-r--r--net/sctp/proc.c136
-rw-r--r--net/sctp/protocol.c70
-rw-r--r--net/sctp/sm_make_chunk.c7
-rw-r--r--net/sctp/sm_sideeffect.c44
-rw-r--r--net/sctp/sm_statefuns.c25
-rw-r--r--net/sctp/socket.c485
-rw-r--r--net/sctp/transport.c53
-rw-r--r--net/sctp/ulpevent.c5
-rw-r--r--net/socket.c236
-rw-r--r--net/sunrpc/auth_gss/Makefile4
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c29
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_crypto.c10
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c4
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c26
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_unseal.c16
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c72
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_mech.c4
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_token.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c12
-rw-r--r--net/sunrpc/auth_unix.c2
-rw-r--r--net/sunrpc/clnt.c161
-rw-r--r--net/sunrpc/rpc_pipe.c2
-rw-r--r--net/sunrpc/rpcb_clnt.c377
-rw-r--r--net/sunrpc/sched.c23
-rw-r--r--net/sunrpc/svc.c110
-rw-r--r--net/sunrpc/sysctl.c18
-rw-r--r--net/sunrpc/xprt.c9
-rw-r--r--net/sunrpc/xprtrdma/svc_rdma.c35
-rw-r--r--net/sunrpc/xprtrdma/svc_rdma_recvfrom.c92
-rw-r--r--net/sunrpc/xprtrdma/svc_rdma_sendto.c167
-rw-r--r--net/sunrpc/xprtrdma/svc_rdma_transport.c200
-rw-r--r--net/sunrpc/xprtsock.c2
-rw-r--r--net/sysctl_net.c53
-rw-r--r--net/tipc/bcast.c36
-rw-r--r--net/tipc/bcast.h22
-rw-r--r--net/tipc/bearer.c10
-rw-r--r--net/tipc/bearer.h2
-rw-r--r--net/tipc/cluster.c20
-rw-r--r--net/tipc/cluster.h10
-rw-r--r--net/tipc/config.c11
-rw-r--r--net/tipc/core.c13
-rw-r--r--net/tipc/core.h126
-rw-r--r--net/tipc/dbg.c231
-rw-r--r--net/tipc/dbg.h12
-rw-r--r--net/tipc/discover.c16
-rw-r--r--net/tipc/discover.h2
-rw-r--r--net/tipc/eth_media.c10
-rw-r--r--net/tipc/link.c124
-rw-r--r--net/tipc/link.h2
-rw-r--r--net/tipc/msg.c13
-rw-r--r--net/tipc/msg.h42
-rw-r--r--net/tipc/name_distr.c6
-rw-r--r--net/tipc/name_table.c55
-rw-r--r--net/tipc/name_table.h2
-rw-r--r--net/tipc/net.c16
-rw-r--r--net/tipc/net.h4
-rw-r--r--net/tipc/netlink.c16
-rw-r--r--net/tipc/node.c115
-rw-r--r--net/tipc/node.h42
-rw-r--r--net/tipc/node_subscr.c4
-rw-r--r--net/tipc/node_subscr.h10
-rw-r--r--net/tipc/port.c115
-rw-r--r--net/tipc/port.h2
-rw-r--r--net/tipc/ref.c14
-rw-r--r--net/tipc/socket.c62
-rw-r--r--net/tipc/subscr.c249
-rw-r--r--net/tipc/subscr.h34
-rw-r--r--net/tipc/user_reg.c14
-rw-r--r--net/tipc/zone.c4
-rw-r--r--net/tipc/zone.h2
-rw-r--r--net/unix/af_unix.c87
-rw-r--r--net/unix/garbage.c18
-rw-r--r--net/wanrouter/Kconfig2
-rw-r--r--net/wanrouter/wanmain.c33
-rw-r--r--net/wanrouter/wanproc.c2
-rw-r--r--net/wireless/Kconfig12
-rw-r--r--net/wireless/core.c33
-rw-r--r--net/wireless/nl80211.c293
-rw-r--r--net/wireless/radiotap.c16
-rw-r--r--net/wireless/reg.c18
-rw-r--r--net/wireless/wext.c585
-rw-r--r--net/x25/af_x25.c11
-rw-r--r--net/x25/x25_dev.c2
-rw-r--r--net/xfrm/Kconfig6
-rw-r--r--net/xfrm/Makefile1
-rw-r--r--net/xfrm/xfrm_algo.c8
-rw-r--r--net/xfrm/xfrm_ipcomp.c384
-rw-r--r--net/xfrm/xfrm_output.c5
-rw-r--r--net/xfrm/xfrm_policy.c8
-rw-r--r--net/xfrm/xfrm_state.c34
-rw-r--r--net/xfrm/xfrm_user.c3
485 files changed, 17605 insertions, 13236 deletions
diff --git a/net/802/Kconfig b/net/802/Kconfig
new file mode 100644
index 000000000000..be33d27c8e69
--- /dev/null
+++ b/net/802/Kconfig
@@ -0,0 +1,7 @@
1config STP
2 tristate
3 select LLC
4
5config GARP
6 tristate
7 select STP
diff --git a/net/802/Makefile b/net/802/Makefile
index 68569ffddea1..7893d679910c 100644
--- a/net/802/Makefile
+++ b/net/802/Makefile
@@ -10,3 +10,5 @@ obj-$(CONFIG_FDDI) += fddi.o
10obj-$(CONFIG_HIPPI) += hippi.o 10obj-$(CONFIG_HIPPI) += hippi.o
11obj-$(CONFIG_IPX) += p8022.o psnap.o p8023.o 11obj-$(CONFIG_IPX) += p8022.o psnap.o p8023.o
12obj-$(CONFIG_ATALK) += p8022.o psnap.o 12obj-$(CONFIG_ATALK) += p8022.o psnap.o
13obj-$(CONFIG_STP) += stp.o
14obj-$(CONFIG_GARP) += garp.o
diff --git a/net/802/garp.c b/net/802/garp.c
new file mode 100644
index 000000000000..1dcb0660c49d
--- /dev/null
+++ b/net/802/garp.c
@@ -0,0 +1,636 @@
1/*
2 * IEEE 802.1D Generic Attribute Registration Protocol (GARP)
3 *
4 * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
9 */
10#include <linux/kernel.h>
11#include <linux/timer.h>
12#include <linux/skbuff.h>
13#include <linux/netdevice.h>
14#include <linux/etherdevice.h>
15#include <linux/rtnetlink.h>
16#include <linux/llc.h>
17#include <net/llc.h>
18#include <net/llc_pdu.h>
19#include <net/garp.h>
20#include <asm/unaligned.h>
21
22static unsigned int garp_join_time __read_mostly = 200;
23module_param(garp_join_time, uint, 0644);
24MODULE_PARM_DESC(garp_join_time, "Join time in ms (default 200ms)");
25MODULE_LICENSE("GPL");
26
27static const struct garp_state_trans {
28 u8 state;
29 u8 action;
30} garp_applicant_state_table[GARP_APPLICANT_MAX + 1][GARP_EVENT_MAX + 1] = {
31 [GARP_APPLICANT_VA] = {
32 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_AA,
33 .action = GARP_ACTION_S_JOIN_IN },
34 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_AA },
35 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VA },
36 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VA },
37 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VA },
38 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VP },
39 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_INVALID },
40 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_LA },
41 },
42 [GARP_APPLICANT_AA] = {
43 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_QA,
44 .action = GARP_ACTION_S_JOIN_IN },
45 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_QA },
46 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VA },
47 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VA },
48 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VA },
49 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VP },
50 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_INVALID },
51 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_LA },
52 },
53 [GARP_APPLICANT_QA] = {
54 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_INVALID },
55 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_QA },
56 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VA },
57 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VA },
58 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VP },
59 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VP },
60 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_INVALID },
61 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_LA },
62 },
63 [GARP_APPLICANT_LA] = {
64 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_VO,
65 .action = GARP_ACTION_S_LEAVE_EMPTY },
66 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_LA },
67 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VO },
68 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_LA },
69 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_LA },
70 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VO },
71 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_VA },
72 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_INVALID },
73 },
74 [GARP_APPLICANT_VP] = {
75 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_AA,
76 .action = GARP_ACTION_S_JOIN_IN },
77 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_AP },
78 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VP },
79 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VP },
80 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VP },
81 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VP },
82 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_INVALID },
83 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_VO },
84 },
85 [GARP_APPLICANT_AP] = {
86 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_QA,
87 .action = GARP_ACTION_S_JOIN_IN },
88 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_QP },
89 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VP },
90 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VP },
91 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VP },
92 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VP },
93 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_INVALID },
94 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_AO },
95 },
96 [GARP_APPLICANT_QP] = {
97 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_INVALID },
98 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_QP },
99 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VP },
100 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VP },
101 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VP },
102 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VP },
103 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_INVALID },
104 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_QO },
105 },
106 [GARP_APPLICANT_VO] = {
107 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_INVALID },
108 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_AO },
109 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VO },
110 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VO },
111 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VO },
112 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VO },
113 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_VP },
114 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_INVALID },
115 },
116 [GARP_APPLICANT_AO] = {
117 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_INVALID },
118 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_QO },
119 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VO },
120 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VO },
121 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VO },
122 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VO },
123 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_AP },
124 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_INVALID },
125 },
126 [GARP_APPLICANT_QO] = {
127 [GARP_EVENT_TRANSMIT_PDU] = { .state = GARP_APPLICANT_INVALID },
128 [GARP_EVENT_R_JOIN_IN] = { .state = GARP_APPLICANT_QO },
129 [GARP_EVENT_R_JOIN_EMPTY] = { .state = GARP_APPLICANT_VO },
130 [GARP_EVENT_R_EMPTY] = { .state = GARP_APPLICANT_VO },
131 [GARP_EVENT_R_LEAVE_IN] = { .state = GARP_APPLICANT_VO },
132 [GARP_EVENT_R_LEAVE_EMPTY] = { .state = GARP_APPLICANT_VO },
133 [GARP_EVENT_REQ_JOIN] = { .state = GARP_APPLICANT_QP },
134 [GARP_EVENT_REQ_LEAVE] = { .state = GARP_APPLICANT_INVALID },
135 },
136};
137
138static int garp_attr_cmp(const struct garp_attr *attr,
139 const void *data, u8 len, u8 type)
140{
141 if (attr->type != type)
142 return attr->type - type;
143 if (attr->dlen != len)
144 return attr->dlen - len;
145 return memcmp(attr->data, data, len);
146}
147
148static struct garp_attr *garp_attr_lookup(const struct garp_applicant *app,
149 const void *data, u8 len, u8 type)
150{
151 struct rb_node *parent = app->gid.rb_node;
152 struct garp_attr *attr;
153 int d;
154
155 while (parent) {
156 attr = rb_entry(parent, struct garp_attr, node);
157 d = garp_attr_cmp(attr, data, len, type);
158 if (d < 0)
159 parent = parent->rb_left;
160 else if (d > 0)
161 parent = parent->rb_right;
162 else
163 return attr;
164 }
165 return NULL;
166}
167
168static void garp_attr_insert(struct garp_applicant *app, struct garp_attr *new)
169{
170 struct rb_node *parent = NULL, **p = &app->gid.rb_node;
171 struct garp_attr *attr;
172 int d;
173
174 while (*p) {
175 parent = *p;
176 attr = rb_entry(parent, struct garp_attr, node);
177 d = garp_attr_cmp(attr, new->data, new->dlen, new->type);
178 if (d < 0)
179 p = &parent->rb_left;
180 else if (d > 0)
181 p = &parent->rb_right;
182 }
183 rb_link_node(&new->node, parent, p);
184 rb_insert_color(&new->node, &app->gid);
185}
186
187static struct garp_attr *garp_attr_create(struct garp_applicant *app,
188 const void *data, u8 len, u8 type)
189{
190 struct garp_attr *attr;
191
192 attr = kmalloc(sizeof(*attr) + len, GFP_ATOMIC);
193 if (!attr)
194 return attr;
195 attr->state = GARP_APPLICANT_VO;
196 attr->type = type;
197 attr->dlen = len;
198 memcpy(attr->data, data, len);
199 garp_attr_insert(app, attr);
200 return attr;
201}
202
203static void garp_attr_destroy(struct garp_applicant *app, struct garp_attr *attr)
204{
205 rb_erase(&attr->node, &app->gid);
206 kfree(attr);
207}
208
209static int garp_pdu_init(struct garp_applicant *app)
210{
211 struct sk_buff *skb;
212 struct garp_pdu_hdr *gp;
213
214#define LLC_RESERVE sizeof(struct llc_pdu_un)
215 skb = alloc_skb(app->dev->mtu + LL_RESERVED_SPACE(app->dev),
216 GFP_ATOMIC);
217 if (!skb)
218 return -ENOMEM;
219
220 skb->dev = app->dev;
221 skb->protocol = htons(ETH_P_802_2);
222 skb_reserve(skb, LL_RESERVED_SPACE(app->dev) + LLC_RESERVE);
223
224 gp = (struct garp_pdu_hdr *)__skb_put(skb, sizeof(*gp));
225 put_unaligned(htons(GARP_PROTOCOL_ID), &gp->protocol);
226
227 app->pdu = skb;
228 return 0;
229}
230
231static int garp_pdu_append_end_mark(struct garp_applicant *app)
232{
233 if (skb_tailroom(app->pdu) < sizeof(u8))
234 return -1;
235 *(u8 *)__skb_put(app->pdu, sizeof(u8)) = GARP_END_MARK;
236 return 0;
237}
238
239static void garp_pdu_queue(struct garp_applicant *app)
240{
241 if (!app->pdu)
242 return;
243
244 garp_pdu_append_end_mark(app);
245 garp_pdu_append_end_mark(app);
246
247 llc_pdu_header_init(app->pdu, LLC_PDU_TYPE_U, LLC_SAP_BSPAN,
248 LLC_SAP_BSPAN, LLC_PDU_CMD);
249 llc_pdu_init_as_ui_cmd(app->pdu);
250 llc_mac_hdr_init(app->pdu, app->dev->dev_addr,
251 app->app->proto.group_address);
252
253 skb_queue_tail(&app->queue, app->pdu);
254 app->pdu = NULL;
255}
256
257static void garp_queue_xmit(struct garp_applicant *app)
258{
259 struct sk_buff *skb;
260
261 while ((skb = skb_dequeue(&app->queue)))
262 dev_queue_xmit(skb);
263}
264
265static int garp_pdu_append_msg(struct garp_applicant *app, u8 attrtype)
266{
267 struct garp_msg_hdr *gm;
268
269 if (skb_tailroom(app->pdu) < sizeof(*gm))
270 return -1;
271 gm = (struct garp_msg_hdr *)__skb_put(app->pdu, sizeof(*gm));
272 gm->attrtype = attrtype;
273 garp_cb(app->pdu)->cur_type = attrtype;
274 return 0;
275}
276
277static int garp_pdu_append_attr(struct garp_applicant *app,
278 const struct garp_attr *attr,
279 enum garp_attr_event event)
280{
281 struct garp_attr_hdr *ga;
282 unsigned int len;
283 int err;
284again:
285 if (!app->pdu) {
286 err = garp_pdu_init(app);
287 if (err < 0)
288 return err;
289 }
290
291 if (garp_cb(app->pdu)->cur_type != attr->type) {
292 if (garp_cb(app->pdu)->cur_type &&
293 garp_pdu_append_end_mark(app) < 0)
294 goto queue;
295 if (garp_pdu_append_msg(app, attr->type) < 0)
296 goto queue;
297 }
298
299 len = sizeof(*ga) + attr->dlen;
300 if (skb_tailroom(app->pdu) < len)
301 goto queue;
302 ga = (struct garp_attr_hdr *)__skb_put(app->pdu, len);
303 ga->len = len;
304 ga->event = event;
305 memcpy(ga->data, attr->data, attr->dlen);
306 return 0;
307
308queue:
309 garp_pdu_queue(app);
310 goto again;
311}
312
313static void garp_attr_event(struct garp_applicant *app,
314 struct garp_attr *attr, enum garp_event event)
315{
316 enum garp_applicant_state state;
317
318 state = garp_applicant_state_table[attr->state][event].state;
319 if (state == GARP_APPLICANT_INVALID)
320 return;
321
322 switch (garp_applicant_state_table[attr->state][event].action) {
323 case GARP_ACTION_NONE:
324 break;
325 case GARP_ACTION_S_JOIN_IN:
326 /* When appending the attribute fails, don't update state in
327 * order to retry on next TRANSMIT_PDU event. */
328 if (garp_pdu_append_attr(app, attr, GARP_JOIN_IN) < 0)
329 return;
330 break;
331 case GARP_ACTION_S_LEAVE_EMPTY:
332 garp_pdu_append_attr(app, attr, GARP_LEAVE_EMPTY);
333 /* As a pure applicant, sending a leave message implies that
334 * the attribute was unregistered and can be destroyed. */
335 garp_attr_destroy(app, attr);
336 return;
337 default:
338 WARN_ON(1);
339 }
340
341 attr->state = state;
342}
343
344int garp_request_join(const struct net_device *dev,
345 const struct garp_application *appl,
346 const void *data, u8 len, u8 type)
347{
348 struct garp_port *port = dev->garp_port;
349 struct garp_applicant *app = port->applicants[appl->type];
350 struct garp_attr *attr;
351
352 spin_lock_bh(&app->lock);
353 attr = garp_attr_create(app, data, len, type);
354 if (!attr) {
355 spin_unlock_bh(&app->lock);
356 return -ENOMEM;
357 }
358 garp_attr_event(app, attr, GARP_EVENT_REQ_JOIN);
359 spin_unlock_bh(&app->lock);
360 return 0;
361}
362EXPORT_SYMBOL_GPL(garp_request_join);
363
364void garp_request_leave(const struct net_device *dev,
365 const struct garp_application *appl,
366 const void *data, u8 len, u8 type)
367{
368 struct garp_port *port = dev->garp_port;
369 struct garp_applicant *app = port->applicants[appl->type];
370 struct garp_attr *attr;
371
372 spin_lock_bh(&app->lock);
373 attr = garp_attr_lookup(app, data, len, type);
374 if (!attr) {
375 spin_unlock_bh(&app->lock);
376 return;
377 }
378 garp_attr_event(app, attr, GARP_EVENT_REQ_LEAVE);
379 spin_unlock_bh(&app->lock);
380}
381EXPORT_SYMBOL_GPL(garp_request_leave);
382
383static void garp_gid_event(struct garp_applicant *app, enum garp_event event)
384{
385 struct rb_node *node, *next;
386 struct garp_attr *attr;
387
388 for (node = rb_first(&app->gid);
389 next = node ? rb_next(node) : NULL, node != NULL;
390 node = next) {
391 attr = rb_entry(node, struct garp_attr, node);
392 garp_attr_event(app, attr, event);
393 }
394}
395
396static void garp_join_timer_arm(struct garp_applicant *app)
397{
398 unsigned long delay;
399
400 delay = (u64)msecs_to_jiffies(garp_join_time) * net_random() >> 32;
401 mod_timer(&app->join_timer, jiffies + delay);
402}
403
404static void garp_join_timer(unsigned long data)
405{
406 struct garp_applicant *app = (struct garp_applicant *)data;
407
408 spin_lock(&app->lock);
409 garp_gid_event(app, GARP_EVENT_TRANSMIT_PDU);
410 garp_pdu_queue(app);
411 spin_unlock(&app->lock);
412
413 garp_queue_xmit(app);
414 garp_join_timer_arm(app);
415}
416
417static int garp_pdu_parse_end_mark(struct sk_buff *skb)
418{
419 if (!pskb_may_pull(skb, sizeof(u8)))
420 return -1;
421 if (*skb->data == GARP_END_MARK) {
422 skb_pull(skb, sizeof(u8));
423 return -1;
424 }
425 return 0;
426}
427
428static int garp_pdu_parse_attr(struct garp_applicant *app, struct sk_buff *skb,
429 u8 attrtype)
430{
431 const struct garp_attr_hdr *ga;
432 struct garp_attr *attr;
433 enum garp_event event;
434 unsigned int dlen;
435
436 if (!pskb_may_pull(skb, sizeof(*ga)))
437 return -1;
438 ga = (struct garp_attr_hdr *)skb->data;
439 if (ga->len < sizeof(*ga))
440 return -1;
441
442 if (!pskb_may_pull(skb, ga->len))
443 return -1;
444 skb_pull(skb, ga->len);
445 dlen = sizeof(*ga) - ga->len;
446
447 if (attrtype > app->app->maxattr)
448 return 0;
449
450 switch (ga->event) {
451 case GARP_LEAVE_ALL:
452 if (dlen != 0)
453 return -1;
454 garp_gid_event(app, GARP_EVENT_R_LEAVE_EMPTY);
455 return 0;
456 case GARP_JOIN_EMPTY:
457 event = GARP_EVENT_R_JOIN_EMPTY;
458 break;
459 case GARP_JOIN_IN:
460 event = GARP_EVENT_R_JOIN_IN;
461 break;
462 case GARP_LEAVE_EMPTY:
463 event = GARP_EVENT_R_LEAVE_EMPTY;
464 break;
465 case GARP_EMPTY:
466 event = GARP_EVENT_R_EMPTY;
467 break;
468 default:
469 return 0;
470 }
471
472 if (dlen == 0)
473 return -1;
474 attr = garp_attr_lookup(app, ga->data, dlen, attrtype);
475 if (attr == NULL)
476 return 0;
477 garp_attr_event(app, attr, event);
478 return 0;
479}
480
481static int garp_pdu_parse_msg(struct garp_applicant *app, struct sk_buff *skb)
482{
483 const struct garp_msg_hdr *gm;
484
485 if (!pskb_may_pull(skb, sizeof(*gm)))
486 return -1;
487 gm = (struct garp_msg_hdr *)skb->data;
488 if (gm->attrtype == 0)
489 return -1;
490 skb_pull(skb, sizeof(*gm));
491
492 while (skb->len > 0) {
493 if (garp_pdu_parse_attr(app, skb, gm->attrtype) < 0)
494 return -1;
495 if (garp_pdu_parse_end_mark(skb) < 0)
496 break;
497 }
498 return 0;
499}
500
501static void garp_pdu_rcv(const struct stp_proto *proto, struct sk_buff *skb,
502 struct net_device *dev)
503{
504 struct garp_application *appl = proto->data;
505 struct garp_port *port;
506 struct garp_applicant *app;
507 const struct garp_pdu_hdr *gp;
508
509 port = rcu_dereference(dev->garp_port);
510 if (!port)
511 goto err;
512 app = rcu_dereference(port->applicants[appl->type]);
513 if (!app)
514 goto err;
515
516 if (!pskb_may_pull(skb, sizeof(*gp)))
517 goto err;
518 gp = (struct garp_pdu_hdr *)skb->data;
519 if (get_unaligned(&gp->protocol) != htons(GARP_PROTOCOL_ID))
520 goto err;
521 skb_pull(skb, sizeof(*gp));
522
523 spin_lock(&app->lock);
524 while (skb->len > 0) {
525 if (garp_pdu_parse_msg(app, skb) < 0)
526 break;
527 if (garp_pdu_parse_end_mark(skb) < 0)
528 break;
529 }
530 spin_unlock(&app->lock);
531err:
532 kfree_skb(skb);
533}
534
535static int garp_init_port(struct net_device *dev)
536{
537 struct garp_port *port;
538
539 port = kzalloc(sizeof(*port), GFP_KERNEL);
540 if (!port)
541 return -ENOMEM;
542 rcu_assign_pointer(dev->garp_port, port);
543 return 0;
544}
545
546static void garp_release_port(struct net_device *dev)
547{
548 struct garp_port *port = dev->garp_port;
549 unsigned int i;
550
551 for (i = 0; i <= GARP_APPLICATION_MAX; i++) {
552 if (port->applicants[i])
553 return;
554 }
555 rcu_assign_pointer(dev->garp_port, NULL);
556 synchronize_rcu();
557 kfree(port);
558}
559
560int garp_init_applicant(struct net_device *dev, struct garp_application *appl)
561{
562 struct garp_applicant *app;
563 int err;
564
565 ASSERT_RTNL();
566
567 if (!dev->garp_port) {
568 err = garp_init_port(dev);
569 if (err < 0)
570 goto err1;
571 }
572
573 err = -ENOMEM;
574 app = kzalloc(sizeof(*app), GFP_KERNEL);
575 if (!app)
576 goto err2;
577
578 err = dev_mc_add(dev, appl->proto.group_address, ETH_ALEN, 0);
579 if (err < 0)
580 goto err3;
581
582 app->dev = dev;
583 app->app = appl;
584 app->gid = RB_ROOT;
585 spin_lock_init(&app->lock);
586 skb_queue_head_init(&app->queue);
587 rcu_assign_pointer(dev->garp_port->applicants[appl->type], app);
588 setup_timer(&app->join_timer, garp_join_timer, (unsigned long)app);
589 garp_join_timer_arm(app);
590 return 0;
591
592err3:
593 kfree(app);
594err2:
595 garp_release_port(dev);
596err1:
597 return err;
598}
599EXPORT_SYMBOL_GPL(garp_init_applicant);
600
601void garp_uninit_applicant(struct net_device *dev, struct garp_application *appl)
602{
603 struct garp_port *port = dev->garp_port;
604 struct garp_applicant *app = port->applicants[appl->type];
605
606 ASSERT_RTNL();
607
608 rcu_assign_pointer(port->applicants[appl->type], NULL);
609 synchronize_rcu();
610
611 /* Delete timer and generate a final TRANSMIT_PDU event to flush out
612 * all pending messages before the applicant is gone. */
613 del_timer_sync(&app->join_timer);
614 garp_gid_event(app, GARP_EVENT_TRANSMIT_PDU);
615 garp_pdu_queue(app);
616 garp_queue_xmit(app);
617
618 dev_mc_delete(dev, appl->proto.group_address, ETH_ALEN, 0);
619 kfree(app);
620 garp_release_port(dev);
621}
622EXPORT_SYMBOL_GPL(garp_uninit_applicant);
623
624int garp_register_application(struct garp_application *appl)
625{
626 appl->proto.rcv = garp_pdu_rcv;
627 appl->proto.data = appl;
628 return stp_proto_register(&appl->proto);
629}
630EXPORT_SYMBOL_GPL(garp_register_application);
631
632void garp_unregister_application(struct garp_application *appl)
633{
634 stp_proto_unregister(&appl->proto);
635}
636EXPORT_SYMBOL_GPL(garp_unregister_application);
diff --git a/net/802/psnap.c b/net/802/psnap.c
index 31128cb92a23..b3cfe5a14fca 100644
--- a/net/802/psnap.c
+++ b/net/802/psnap.c
@@ -20,6 +20,7 @@
20#include <linux/mm.h> 20#include <linux/mm.h>
21#include <linux/in.h> 21#include <linux/in.h>
22#include <linux/init.h> 22#include <linux/init.h>
23#include <linux/rculist.h>
23 24
24static LIST_HEAD(snap_list); 25static LIST_HEAD(snap_list);
25static DEFINE_SPINLOCK(snap_lock); 26static DEFINE_SPINLOCK(snap_lock);
@@ -30,11 +31,9 @@ static struct llc_sap *snap_sap;
30 */ 31 */
31static struct datalink_proto *find_snap_client(unsigned char *desc) 32static struct datalink_proto *find_snap_client(unsigned char *desc)
32{ 33{
33 struct list_head *entry;
34 struct datalink_proto *proto = NULL, *p; 34 struct datalink_proto *proto = NULL, *p;
35 35
36 list_for_each_rcu(entry, &snap_list) { 36 list_for_each_entry_rcu(p, &snap_list, node) {
37 p = list_entry(entry, struct datalink_proto, node);
38 if (!memcmp(p->type, desc, 5)) { 37 if (!memcmp(p->type, desc, 5)) {
39 proto = p; 38 proto = p;
40 break; 39 break;
diff --git a/net/802/stp.c b/net/802/stp.c
new file mode 100644
index 000000000000..0b7a24452d11
--- /dev/null
+++ b/net/802/stp.c
@@ -0,0 +1,102 @@
1/*
2 * STP SAP demux
3 *
4 * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
9 */
10#include <linux/mutex.h>
11#include <linux/skbuff.h>
12#include <linux/etherdevice.h>
13#include <linux/llc.h>
14#include <net/llc.h>
15#include <net/llc_pdu.h>
16#include <net/stp.h>
17
18/* 01:80:c2:00:00:20 - 01:80:c2:00:00:2F */
19#define GARP_ADDR_MIN 0x20
20#define GARP_ADDR_MAX 0x2F
21#define GARP_ADDR_RANGE (GARP_ADDR_MAX - GARP_ADDR_MIN)
22
23static const struct stp_proto *garp_protos[GARP_ADDR_RANGE + 1] __read_mostly;
24static const struct stp_proto *stp_proto __read_mostly;
25
26static struct llc_sap *sap __read_mostly;
27static unsigned int sap_registered;
28static DEFINE_MUTEX(stp_proto_mutex);
29
30/* Called under rcu_read_lock from LLC */
31static int stp_pdu_rcv(struct sk_buff *skb, struct net_device *dev,
32 struct packet_type *pt, struct net_device *orig_dev)
33{
34 const struct ethhdr *eh = eth_hdr(skb);
35 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
36 const struct stp_proto *proto;
37
38 if (pdu->ssap != LLC_SAP_BSPAN ||
39 pdu->dsap != LLC_SAP_BSPAN ||
40 pdu->ctrl_1 != LLC_PDU_TYPE_U)
41 goto err;
42
43 if (eh->h_dest[5] >= GARP_ADDR_MIN && eh->h_dest[5] <= GARP_ADDR_MAX) {
44 proto = rcu_dereference(garp_protos[eh->h_dest[5] -
45 GARP_ADDR_MIN]);
46 if (proto &&
47 compare_ether_addr(eh->h_dest, proto->group_address))
48 goto err;
49 } else
50 proto = rcu_dereference(stp_proto);
51
52 if (!proto)
53 goto err;
54
55 proto->rcv(proto, skb, dev);
56 return 0;
57
58err:
59 kfree_skb(skb);
60 return 0;
61}
62
63int stp_proto_register(const struct stp_proto *proto)
64{
65 int err = 0;
66
67 mutex_lock(&stp_proto_mutex);
68 if (sap_registered++ == 0) {
69 sap = llc_sap_open(LLC_SAP_BSPAN, stp_pdu_rcv);
70 if (!sap) {
71 err = -ENOMEM;
72 goto out;
73 }
74 }
75 if (is_zero_ether_addr(proto->group_address))
76 rcu_assign_pointer(stp_proto, proto);
77 else
78 rcu_assign_pointer(garp_protos[proto->group_address[5] -
79 GARP_ADDR_MIN], proto);
80out:
81 mutex_unlock(&stp_proto_mutex);
82 return err;
83}
84EXPORT_SYMBOL_GPL(stp_proto_register);
85
86void stp_proto_unregister(const struct stp_proto *proto)
87{
88 mutex_lock(&stp_proto_mutex);
89 if (is_zero_ether_addr(proto->group_address))
90 rcu_assign_pointer(stp_proto, NULL);
91 else
92 rcu_assign_pointer(garp_protos[proto->group_address[5] -
93 GARP_ADDR_MIN], NULL);
94 synchronize_rcu();
95
96 if (--sap_registered == 0)
97 llc_sap_put(sap);
98 mutex_unlock(&stp_proto_mutex);
99}
100EXPORT_SYMBOL_GPL(stp_proto_unregister);
101
102MODULE_LICENSE("GPL");
diff --git a/net/8021q/Kconfig b/net/8021q/Kconfig
index c4a382e450e2..fa073a54963e 100644
--- a/net/8021q/Kconfig
+++ b/net/8021q/Kconfig
@@ -17,3 +17,13 @@ config VLAN_8021Q
17 will be called 8021q. 17 will be called 8021q.
18 18
19 If unsure, say N. 19 If unsure, say N.
20
21config VLAN_8021Q_GVRP
22 bool "GVRP (GARP VLAN Registration Protocol) support"
23 depends on VLAN_8021Q
24 select GARP
25 help
26 Select this to enable GVRP end-system support. GVRP is used for
27 automatic propagation of registered VLANs to switches.
28
29 If unsure, say N.
diff --git a/net/8021q/Makefile b/net/8021q/Makefile
index 10ca7f486c3a..9f4f174ead1c 100644
--- a/net/8021q/Makefile
+++ b/net/8021q/Makefile
@@ -1,12 +1,10 @@
1# 1#
2# Makefile for the Linux VLAN layer. 2# Makefile for the Linux VLAN layer.
3# 3#
4obj-$(subst m,y,$(CONFIG_VLAN_8021Q)) += vlan_core.o
5obj-$(CONFIG_VLAN_8021Q) += 8021q.o
4 6
5obj-$(CONFIG_VLAN_8021Q) += 8021q.o 78021q-y := vlan.o vlan_dev.o vlan_netlink.o
6 88021q-$(CONFIG_VLAN_8021Q_GVRP) += vlan_gvrp.o
78021q-objs := vlan.o vlan_dev.o vlan_netlink.o 98021q-$(CONFIG_PROC_FS) += vlanproc.o
8
9ifeq ($(CONFIG_PROC_FS),y)
108021q-objs += vlanproc.o
11endif
12 10
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 51961300b586..b661f47bf10a 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -18,21 +18,20 @@
18 * 2 of the License, or (at your option) any later version. 18 * 2 of the License, or (at your option) any later version.
19 */ 19 */
20 20
21#include <asm/uaccess.h> /* for copy_from_user */
22#include <linux/capability.h> 21#include <linux/capability.h>
23#include <linux/module.h> 22#include <linux/module.h>
24#include <linux/netdevice.h> 23#include <linux/netdevice.h>
25#include <linux/skbuff.h> 24#include <linux/skbuff.h>
26#include <net/datalink.h>
27#include <linux/mm.h>
28#include <linux/in.h>
29#include <linux/init.h> 25#include <linux/init.h>
26#include <linux/rculist.h>
30#include <net/p8022.h> 27#include <net/p8022.h>
31#include <net/arp.h> 28#include <net/arp.h>
32#include <linux/rtnetlink.h> 29#include <linux/rtnetlink.h>
33#include <linux/notifier.h> 30#include <linux/notifier.h>
31#include <net/rtnetlink.h>
34#include <net/net_namespace.h> 32#include <net/net_namespace.h>
35#include <net/netns/generic.h> 33#include <net/netns/generic.h>
34#include <asm/uaccess.h>
36 35
37#include <linux/if_vlan.h> 36#include <linux/if_vlan.h>
38#include "vlan.h" 37#include "vlan.h"
@@ -83,13 +82,12 @@ static struct vlan_group *__vlan_find_group(struct net_device *real_dev)
83 * 82 *
84 * Must be invoked with RCU read lock (no preempt) 83 * Must be invoked with RCU read lock (no preempt)
85 */ 84 */
86struct net_device *__find_vlan_dev(struct net_device *real_dev, 85struct net_device *__find_vlan_dev(struct net_device *real_dev, u16 vlan_id)
87 unsigned short VID)
88{ 86{
89 struct vlan_group *grp = __vlan_find_group(real_dev); 87 struct vlan_group *grp = __vlan_find_group(real_dev);
90 88
91 if (grp) 89 if (grp)
92 return vlan_group_get_device(grp, VID); 90 return vlan_group_get_device(grp, vlan_id);
93 91
94 return NULL; 92 return NULL;
95} 93}
@@ -117,14 +115,14 @@ static struct vlan_group *vlan_group_alloc(struct net_device *real_dev)
117 return grp; 115 return grp;
118} 116}
119 117
120static int vlan_group_prealloc_vid(struct vlan_group *vg, int vid) 118static int vlan_group_prealloc_vid(struct vlan_group *vg, u16 vlan_id)
121{ 119{
122 struct net_device **array; 120 struct net_device **array;
123 unsigned int size; 121 unsigned int size;
124 122
125 ASSERT_RTNL(); 123 ASSERT_RTNL();
126 124
127 array = vg->vlan_devices_arrays[vid / VLAN_GROUP_ARRAY_PART_LEN]; 125 array = vg->vlan_devices_arrays[vlan_id / VLAN_GROUP_ARRAY_PART_LEN];
128 if (array != NULL) 126 if (array != NULL)
129 return 0; 127 return 0;
130 128
@@ -133,7 +131,7 @@ static int vlan_group_prealloc_vid(struct vlan_group *vg, int vid)
133 if (array == NULL) 131 if (array == NULL)
134 return -ENOBUFS; 132 return -ENOBUFS;
135 133
136 vg->vlan_devices_arrays[vid / VLAN_GROUP_ARRAY_PART_LEN] = array; 134 vg->vlan_devices_arrays[vlan_id / VLAN_GROUP_ARRAY_PART_LEN] = array;
137 return 0; 135 return 0;
138} 136}
139 137
@@ -147,7 +145,7 @@ void unregister_vlan_dev(struct net_device *dev)
147 struct vlan_dev_info *vlan = vlan_dev_info(dev); 145 struct vlan_dev_info *vlan = vlan_dev_info(dev);
148 struct net_device *real_dev = vlan->real_dev; 146 struct net_device *real_dev = vlan->real_dev;
149 struct vlan_group *grp; 147 struct vlan_group *grp;
150 unsigned short vlan_id = vlan->vlan_id; 148 u16 vlan_id = vlan->vlan_id;
151 149
152 ASSERT_RTNL(); 150 ASSERT_RTNL();
153 151
@@ -165,8 +163,12 @@ void unregister_vlan_dev(struct net_device *dev)
165 163
166 synchronize_net(); 164 synchronize_net();
167 165
166 unregister_netdevice(dev);
167
168 /* If the group is now empty, kill off the group. */ 168 /* If the group is now empty, kill off the group. */
169 if (grp->nr_vlans == 0) { 169 if (grp->nr_vlans == 0) {
170 vlan_gvrp_uninit_applicant(real_dev);
171
170 if (real_dev->features & NETIF_F_HW_VLAN_RX) 172 if (real_dev->features & NETIF_F_HW_VLAN_RX)
171 real_dev->vlan_rx_register(real_dev, NULL); 173 real_dev->vlan_rx_register(real_dev, NULL);
172 174
@@ -178,8 +180,6 @@ void unregister_vlan_dev(struct net_device *dev)
178 180
179 /* Get rid of the vlan's reference to real_dev */ 181 /* Get rid of the vlan's reference to real_dev */
180 dev_put(real_dev); 182 dev_put(real_dev);
181
182 unregister_netdevice(dev);
183} 183}
184 184
185static void vlan_transfer_operstate(const struct net_device *dev, 185static void vlan_transfer_operstate(const struct net_device *dev,
@@ -203,7 +203,7 @@ static void vlan_transfer_operstate(const struct net_device *dev,
203 } 203 }
204} 204}
205 205
206int vlan_check_real_dev(struct net_device *real_dev, unsigned short vlan_id) 206int vlan_check_real_dev(struct net_device *real_dev, u16 vlan_id)
207{ 207{
208 char *name = real_dev->name; 208 char *name = real_dev->name;
209 209
@@ -240,7 +240,7 @@ int register_vlan_dev(struct net_device *dev)
240{ 240{
241 struct vlan_dev_info *vlan = vlan_dev_info(dev); 241 struct vlan_dev_info *vlan = vlan_dev_info(dev);
242 struct net_device *real_dev = vlan->real_dev; 242 struct net_device *real_dev = vlan->real_dev;
243 unsigned short vlan_id = vlan->vlan_id; 243 u16 vlan_id = vlan->vlan_id;
244 struct vlan_group *grp, *ngrp = NULL; 244 struct vlan_group *grp, *ngrp = NULL;
245 int err; 245 int err;
246 246
@@ -249,15 +249,18 @@ int register_vlan_dev(struct net_device *dev)
249 ngrp = grp = vlan_group_alloc(real_dev); 249 ngrp = grp = vlan_group_alloc(real_dev);
250 if (!grp) 250 if (!grp)
251 return -ENOBUFS; 251 return -ENOBUFS;
252 err = vlan_gvrp_init_applicant(real_dev);
253 if (err < 0)
254 goto out_free_group;
252 } 255 }
253 256
254 err = vlan_group_prealloc_vid(grp, vlan_id); 257 err = vlan_group_prealloc_vid(grp, vlan_id);
255 if (err < 0) 258 if (err < 0)
256 goto out_free_group; 259 goto out_uninit_applicant;
257 260
258 err = register_netdevice(dev); 261 err = register_netdevice(dev);
259 if (err < 0) 262 if (err < 0)
260 goto out_free_group; 263 goto out_uninit_applicant;
261 264
262 /* Account for reference in struct vlan_dev_info */ 265 /* Account for reference in struct vlan_dev_info */
263 dev_hold(real_dev); 266 dev_hold(real_dev);
@@ -278,6 +281,9 @@ int register_vlan_dev(struct net_device *dev)
278 281
279 return 0; 282 return 0;
280 283
284out_uninit_applicant:
285 if (ngrp)
286 vlan_gvrp_uninit_applicant(real_dev);
281out_free_group: 287out_free_group:
282 if (ngrp) 288 if (ngrp)
283 vlan_group_free(ngrp); 289 vlan_group_free(ngrp);
@@ -287,8 +293,7 @@ out_free_group:
287/* Attach a VLAN device to a mac address (ie Ethernet Card). 293/* Attach a VLAN device to a mac address (ie Ethernet Card).
288 * Returns 0 if the device was created or a negative error code otherwise. 294 * Returns 0 if the device was created or a negative error code otherwise.
289 */ 295 */
290static int register_vlan_device(struct net_device *real_dev, 296static int register_vlan_device(struct net_device *real_dev, u16 vlan_id)
291 unsigned short VLAN_ID)
292{ 297{
293 struct net_device *new_dev; 298 struct net_device *new_dev;
294 struct net *net = dev_net(real_dev); 299 struct net *net = dev_net(real_dev);
@@ -296,10 +301,10 @@ static int register_vlan_device(struct net_device *real_dev,
296 char name[IFNAMSIZ]; 301 char name[IFNAMSIZ];
297 int err; 302 int err;
298 303
299 if (VLAN_ID >= VLAN_VID_MASK) 304 if (vlan_id >= VLAN_VID_MASK)
300 return -ERANGE; 305 return -ERANGE;
301 306
302 err = vlan_check_real_dev(real_dev, VLAN_ID); 307 err = vlan_check_real_dev(real_dev, vlan_id);
303 if (err < 0) 308 if (err < 0)
304 return err; 309 return err;
305 310
@@ -307,26 +312,26 @@ static int register_vlan_device(struct net_device *real_dev,
307 switch (vn->name_type) { 312 switch (vn->name_type) {
308 case VLAN_NAME_TYPE_RAW_PLUS_VID: 313 case VLAN_NAME_TYPE_RAW_PLUS_VID:
309 /* name will look like: eth1.0005 */ 314 /* name will look like: eth1.0005 */
310 snprintf(name, IFNAMSIZ, "%s.%.4i", real_dev->name, VLAN_ID); 315 snprintf(name, IFNAMSIZ, "%s.%.4i", real_dev->name, vlan_id);
311 break; 316 break;
312 case VLAN_NAME_TYPE_PLUS_VID_NO_PAD: 317 case VLAN_NAME_TYPE_PLUS_VID_NO_PAD:
313 /* Put our vlan.VID in the name. 318 /* Put our vlan.VID in the name.
314 * Name will look like: vlan5 319 * Name will look like: vlan5
315 */ 320 */
316 snprintf(name, IFNAMSIZ, "vlan%i", VLAN_ID); 321 snprintf(name, IFNAMSIZ, "vlan%i", vlan_id);
317 break; 322 break;
318 case VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD: 323 case VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD:
319 /* Put our vlan.VID in the name. 324 /* Put our vlan.VID in the name.
320 * Name will look like: eth0.5 325 * Name will look like: eth0.5
321 */ 326 */
322 snprintf(name, IFNAMSIZ, "%s.%i", real_dev->name, VLAN_ID); 327 snprintf(name, IFNAMSIZ, "%s.%i", real_dev->name, vlan_id);
323 break; 328 break;
324 case VLAN_NAME_TYPE_PLUS_VID: 329 case VLAN_NAME_TYPE_PLUS_VID:
325 /* Put our vlan.VID in the name. 330 /* Put our vlan.VID in the name.
326 * Name will look like: vlan0005 331 * Name will look like: vlan0005
327 */ 332 */
328 default: 333 default:
329 snprintf(name, IFNAMSIZ, "vlan%.4i", VLAN_ID); 334 snprintf(name, IFNAMSIZ, "vlan%.4i", vlan_id);
330 } 335 }
331 336
332 new_dev = alloc_netdev(sizeof(struct vlan_dev_info), name, 337 new_dev = alloc_netdev(sizeof(struct vlan_dev_info), name,
@@ -341,7 +346,7 @@ static int register_vlan_device(struct net_device *real_dev,
341 */ 346 */
342 new_dev->mtu = real_dev->mtu; 347 new_dev->mtu = real_dev->mtu;
343 348
344 vlan_dev_info(new_dev)->vlan_id = VLAN_ID; /* 1 through VLAN_VID_MASK */ 349 vlan_dev_info(new_dev)->vlan_id = vlan_id;
345 vlan_dev_info(new_dev)->real_dev = real_dev; 350 vlan_dev_info(new_dev)->real_dev = real_dev;
346 vlan_dev_info(new_dev)->dent = NULL; 351 vlan_dev_info(new_dev)->dent = NULL;
347 vlan_dev_info(new_dev)->flags = VLAN_FLAG_REORDER_HDR; 352 vlan_dev_info(new_dev)->flags = VLAN_FLAG_REORDER_HDR;
@@ -387,14 +392,8 @@ static void vlan_transfer_features(struct net_device *dev,
387{ 392{
388 unsigned long old_features = vlandev->features; 393 unsigned long old_features = vlandev->features;
389 394
390 if (dev->features & NETIF_F_VLAN_TSO) { 395 vlandev->features &= ~dev->vlan_features;
391 vlandev->features &= ~VLAN_TSO_FEATURES; 396 vlandev->features |= dev->features & dev->vlan_features;
392 vlandev->features |= dev->features & VLAN_TSO_FEATURES;
393 }
394 if (dev->features & NETIF_F_VLAN_CSUM) {
395 vlandev->features &= ~NETIF_F_ALL_CSUM;
396 vlandev->features |= dev->features & NETIF_F_ALL_CSUM;
397 }
398 397
399 if (old_features != vlandev->features) 398 if (old_features != vlandev->features)
400 netdev_features_change(vlandev); 399 netdev_features_change(vlandev);
@@ -541,7 +540,6 @@ static struct notifier_block vlan_notifier_block __read_mostly = {
541static int vlan_ioctl_handler(struct net *net, void __user *arg) 540static int vlan_ioctl_handler(struct net *net, void __user *arg)
542{ 541{
543 int err; 542 int err;
544 unsigned short vid = 0;
545 struct vlan_ioctl_args args; 543 struct vlan_ioctl_args args;
546 struct net_device *dev = NULL; 544 struct net_device *dev = NULL;
547 545
@@ -568,8 +566,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
568 goto out; 566 goto out;
569 567
570 err = -EINVAL; 568 err = -EINVAL;
571 if (args.cmd != ADD_VLAN_CMD && 569 if (args.cmd != ADD_VLAN_CMD && !is_vlan_dev(dev))
572 !(dev->priv_flags & IFF_802_1Q_VLAN))
573 goto out; 570 goto out;
574 } 571 }
575 572
@@ -597,9 +594,9 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
597 err = -EPERM; 594 err = -EPERM;
598 if (!capable(CAP_NET_ADMIN)) 595 if (!capable(CAP_NET_ADMIN))
599 break; 596 break;
600 err = vlan_dev_set_vlan_flag(dev, 597 err = vlan_dev_change_flags(dev,
601 args.u.flag, 598 args.vlan_qos ? args.u.flag : 0,
602 args.vlan_qos); 599 args.u.flag);
603 break; 600 break;
604 601
605 case SET_VLAN_NAME_TYPE_CMD: 602 case SET_VLAN_NAME_TYPE_CMD:
@@ -643,8 +640,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
643 640
644 case GET_VLAN_VID_CMD: 641 case GET_VLAN_VID_CMD:
645 err = 0; 642 err = 0;
646 vlan_dev_get_vid(dev, &vid); 643 args.u.VID = vlan_dev_vlan_id(dev);
647 args.u.VID = vid;
648 if (copy_to_user(arg, &args, 644 if (copy_to_user(arg, &args,
649 sizeof(struct vlan_ioctl_args))) 645 sizeof(struct vlan_ioctl_args)))
650 err = -EFAULT; 646 err = -EFAULT;
@@ -719,14 +715,20 @@ static int __init vlan_proto_init(void)
719 if (err < 0) 715 if (err < 0)
720 goto err2; 716 goto err2;
721 717
722 err = vlan_netlink_init(); 718 err = vlan_gvrp_init();
723 if (err < 0) 719 if (err < 0)
724 goto err3; 720 goto err3;
725 721
722 err = vlan_netlink_init();
723 if (err < 0)
724 goto err4;
725
726 dev_add_pack(&vlan_packet_type); 726 dev_add_pack(&vlan_packet_type);
727 vlan_ioctl_set(vlan_ioctl_handler); 727 vlan_ioctl_set(vlan_ioctl_handler);
728 return 0; 728 return 0;
729 729
730err4:
731 vlan_gvrp_uninit();
730err3: 732err3:
731 unregister_netdevice_notifier(&vlan_notifier_block); 733 unregister_netdevice_notifier(&vlan_notifier_block);
732err2: 734err2:
@@ -751,8 +753,9 @@ static void __exit vlan_cleanup_module(void)
751 BUG_ON(!hlist_empty(&vlan_group_hash[i])); 753 BUG_ON(!hlist_empty(&vlan_group_hash[i]));
752 754
753 unregister_pernet_gen_device(vlan_net_id, &vlan_net_ops); 755 unregister_pernet_gen_device(vlan_net_id, &vlan_net_ops);
754
755 synchronize_net(); 756 synchronize_net();
757
758 vlan_gvrp_uninit();
756} 759}
757 760
758module_init(vlan_proto_init); 761module_init(vlan_proto_init);
diff --git a/net/8021q/vlan.h b/net/8021q/vlan.h
index 79625696e86a..a6603a4d917f 100644
--- a/net/8021q/vlan.h
+++ b/net/8021q/vlan.h
@@ -3,12 +3,59 @@
3 3
4#include <linux/if_vlan.h> 4#include <linux/if_vlan.h>
5 5
6
7/**
8 * struct vlan_priority_tci_mapping - vlan egress priority mappings
9 * @priority: skb priority
10 * @vlan_qos: vlan priority: (skb->priority << 13) & 0xE000
11 * @next: pointer to next struct
12 */
13struct vlan_priority_tci_mapping {
14 u32 priority;
15 u16 vlan_qos;
16 struct vlan_priority_tci_mapping *next;
17};
18
19/**
20 * struct vlan_dev_info - VLAN private device data
21 * @nr_ingress_mappings: number of ingress priority mappings
22 * @ingress_priority_map: ingress priority mappings
23 * @nr_egress_mappings: number of egress priority mappings
24 * @egress_priority_map: hash of egress priority mappings
25 * @vlan_id: VLAN identifier
26 * @flags: device flags
27 * @real_dev: underlying netdevice
28 * @real_dev_addr: address of underlying netdevice
29 * @dent: proc dir entry
30 * @cnt_inc_headroom_on_tx: statistic - number of skb expansions on TX
31 * @cnt_encap_on_xmit: statistic - number of skb encapsulations on TX
32 */
33struct vlan_dev_info {
34 unsigned int nr_ingress_mappings;
35 u32 ingress_priority_map[8];
36 unsigned int nr_egress_mappings;
37 struct vlan_priority_tci_mapping *egress_priority_map[16];
38
39 u16 vlan_id;
40 u16 flags;
41
42 struct net_device *real_dev;
43 unsigned char real_dev_addr[ETH_ALEN];
44
45 struct proc_dir_entry *dent;
46 unsigned long cnt_inc_headroom_on_tx;
47 unsigned long cnt_encap_on_xmit;
48};
49
50static inline struct vlan_dev_info *vlan_dev_info(const struct net_device *dev)
51{
52 return netdev_priv(dev);
53}
54
6#define VLAN_GRP_HASH_SHIFT 5 55#define VLAN_GRP_HASH_SHIFT 5
7#define VLAN_GRP_HASH_SIZE (1 << VLAN_GRP_HASH_SHIFT) 56#define VLAN_GRP_HASH_SIZE (1 << VLAN_GRP_HASH_SHIFT)
8#define VLAN_GRP_HASH_MASK (VLAN_GRP_HASH_SIZE - 1) 57#define VLAN_GRP_HASH_MASK (VLAN_GRP_HASH_SIZE - 1)
9 58
10#define VLAN_TSO_FEATURES (NETIF_F_TSO | NETIF_F_TSO6 | NETIF_F_SG)
11
12/* Find a VLAN device by the MAC address of its Ethernet device, and 59/* Find a VLAN device by the MAC address of its Ethernet device, and
13 * it's VLAN ID. The default configuration is to have VLAN's scope 60 * it's VLAN ID. The default configuration is to have VLAN's scope
14 * to be box-wide, so the MAC will be ignored. The mac will only be 61 * to be box-wide, so the MAC will be ignored. The mac will only be
@@ -20,26 +67,47 @@
20 * Must be invoked with rcu_read_lock (ie preempt disabled) 67 * Must be invoked with rcu_read_lock (ie preempt disabled)
21 * or with RTNL. 68 * or with RTNL.
22 */ 69 */
23struct net_device *__find_vlan_dev(struct net_device *real_dev, 70struct net_device *__find_vlan_dev(struct net_device *real_dev, u16 vlan_id);
24 unsigned short VID); /* vlan.c */
25 71
26/* found in vlan_dev.c */ 72/* found in vlan_dev.c */
27int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev, 73int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
28 struct packet_type *ptype, struct net_device *orig_dev); 74 struct packet_type *ptype, struct net_device *orig_dev);
29void vlan_dev_set_ingress_priority(const struct net_device *dev, 75void vlan_dev_set_ingress_priority(const struct net_device *dev,
30 u32 skb_prio, short vlan_prio); 76 u32 skb_prio, u16 vlan_prio);
31int vlan_dev_set_egress_priority(const struct net_device *dev, 77int vlan_dev_set_egress_priority(const struct net_device *dev,
32 u32 skb_prio, short vlan_prio); 78 u32 skb_prio, u16 vlan_prio);
33int vlan_dev_set_vlan_flag(const struct net_device *dev, 79int vlan_dev_change_flags(const struct net_device *dev, u32 flag, u32 mask);
34 u32 flag, short flag_val);
35void vlan_dev_get_realdev_name(const struct net_device *dev, char *result); 80void vlan_dev_get_realdev_name(const struct net_device *dev, char *result);
36void vlan_dev_get_vid(const struct net_device *dev, unsigned short *result);
37 81
38int vlan_check_real_dev(struct net_device *real_dev, unsigned short vlan_id); 82int vlan_check_real_dev(struct net_device *real_dev, u16 vlan_id);
39void vlan_setup(struct net_device *dev); 83void vlan_setup(struct net_device *dev);
40int register_vlan_dev(struct net_device *dev); 84int register_vlan_dev(struct net_device *dev);
41void unregister_vlan_dev(struct net_device *dev); 85void unregister_vlan_dev(struct net_device *dev);
42 86
87static inline u32 vlan_get_ingress_priority(struct net_device *dev,
88 u16 vlan_tci)
89{
90 struct vlan_dev_info *vip = vlan_dev_info(dev);
91
92 return vip->ingress_priority_map[(vlan_tci >> 13) & 0x7];
93}
94
95#ifdef CONFIG_VLAN_8021Q_GVRP
96extern int vlan_gvrp_request_join(const struct net_device *dev);
97extern void vlan_gvrp_request_leave(const struct net_device *dev);
98extern int vlan_gvrp_init_applicant(struct net_device *dev);
99extern void vlan_gvrp_uninit_applicant(struct net_device *dev);
100extern int vlan_gvrp_init(void);
101extern void vlan_gvrp_uninit(void);
102#else
103static inline int vlan_gvrp_request_join(const struct net_device *dev) { return 0; }
104static inline void vlan_gvrp_request_leave(const struct net_device *dev) {}
105static inline int vlan_gvrp_init_applicant(struct net_device *dev) { return 0; }
106static inline void vlan_gvrp_uninit_applicant(struct net_device *dev) {}
107static inline int vlan_gvrp_init(void) { return 0; }
108static inline void vlan_gvrp_uninit(void) {}
109#endif
110
43int vlan_netlink_init(void); 111int vlan_netlink_init(void);
44void vlan_netlink_fini(void); 112void vlan_netlink_fini(void);
45 113
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
new file mode 100644
index 000000000000..916061f681b6
--- /dev/null
+++ b/net/8021q/vlan_core.c
@@ -0,0 +1,64 @@
1#include <linux/skbuff.h>
2#include <linux/netdevice.h>
3#include <linux/if_vlan.h>
4#include "vlan.h"
5
6/* VLAN rx hw acceleration helper. This acts like netif_{rx,receive_skb}(). */
7int __vlan_hwaccel_rx(struct sk_buff *skb, struct vlan_group *grp,
8 u16 vlan_tci, int polling)
9{
10 struct net_device_stats *stats;
11
12 if (skb_bond_should_drop(skb)) {
13 dev_kfree_skb_any(skb);
14 return NET_RX_DROP;
15 }
16
17 skb->vlan_tci = vlan_tci;
18 netif_nit_deliver(skb);
19
20 skb->dev = vlan_group_get_device(grp, vlan_tci & VLAN_VID_MASK);
21 if (skb->dev == NULL) {
22 dev_kfree_skb_any(skb);
23 /* Not NET_RX_DROP, this is not being dropped
24 * due to congestion. */
25 return NET_RX_SUCCESS;
26 }
27 skb->dev->last_rx = jiffies;
28 skb->vlan_tci = 0;
29
30 stats = &skb->dev->stats;
31 stats->rx_packets++;
32 stats->rx_bytes += skb->len;
33
34 skb->priority = vlan_get_ingress_priority(skb->dev, vlan_tci);
35 switch (skb->pkt_type) {
36 case PACKET_BROADCAST:
37 break;
38 case PACKET_MULTICAST:
39 stats->multicast++;
40 break;
41 case PACKET_OTHERHOST:
42 /* Our lower layer thinks this is not local, let's make sure.
43 * This allows the VLAN to have a different MAC than the
44 * underlying device, and still route correctly. */
45 if (!compare_ether_addr(eth_hdr(skb)->h_dest,
46 skb->dev->dev_addr))
47 skb->pkt_type = PACKET_HOST;
48 break;
49 };
50 return (polling ? netif_receive_skb(skb) : netif_rx(skb));
51}
52EXPORT_SYMBOL(__vlan_hwaccel_rx);
53
54struct net_device *vlan_dev_real_dev(const struct net_device *dev)
55{
56 return vlan_dev_info(dev)->real_dev;
57}
58EXPORT_SYMBOL_GPL(vlan_dev_real_dev);
59
60u16 vlan_dev_vlan_id(const struct net_device *dev)
61{
62 return vlan_dev_info(dev)->vlan_id;
63}
64EXPORT_SYMBOL_GPL(vlan_dev_vlan_id);
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index b1cfbaa88db2..4bf014e51f8c 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -21,21 +21,15 @@
21 */ 21 */
22 22
23#include <linux/module.h> 23#include <linux/module.h>
24#include <linux/mm.h>
25#include <linux/in.h>
26#include <linux/init.h>
27#include <asm/uaccess.h> /* for copy_from_user */
28#include <linux/skbuff.h> 24#include <linux/skbuff.h>
29#include <linux/netdevice.h> 25#include <linux/netdevice.h>
30#include <linux/etherdevice.h> 26#include <linux/etherdevice.h>
31#include <net/datalink.h> 27#include <linux/ethtool.h>
32#include <net/p8022.h>
33#include <net/arp.h> 28#include <net/arp.h>
34 29
35#include "vlan.h" 30#include "vlan.h"
36#include "vlanproc.h" 31#include "vlanproc.h"
37#include <linux/if_vlan.h> 32#include <linux/if_vlan.h>
38#include <net/ip.h>
39 33
40/* 34/*
41 * Rebuild the Ethernet MAC header. This is called after an ARP 35 * Rebuild the Ethernet MAC header. This is called after an ARP
@@ -73,11 +67,8 @@ static int vlan_dev_rebuild_header(struct sk_buff *skb)
73static inline struct sk_buff *vlan_check_reorder_header(struct sk_buff *skb) 67static inline struct sk_buff *vlan_check_reorder_header(struct sk_buff *skb)
74{ 68{
75 if (vlan_dev_info(skb->dev)->flags & VLAN_FLAG_REORDER_HDR) { 69 if (vlan_dev_info(skb->dev)->flags & VLAN_FLAG_REORDER_HDR) {
76 if (skb_shared(skb) || skb_cloned(skb)) { 70 if (skb_cow(skb, skb_headroom(skb)) < 0)
77 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC); 71 skb = NULL;
78 kfree_skb(skb);
79 skb = nskb;
80 }
81 if (skb) { 72 if (skb) {
82 /* Lifted from Gleb's VLAN code... */ 73 /* Lifted from Gleb's VLAN code... */
83 memmove(skb->data - ETH_HLEN, 74 memmove(skb->data - ETH_HLEN,
@@ -149,9 +140,9 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
149 struct packet_type *ptype, struct net_device *orig_dev) 140 struct packet_type *ptype, struct net_device *orig_dev)
150{ 141{
151 struct vlan_hdr *vhdr; 142 struct vlan_hdr *vhdr;
152 unsigned short vid;
153 struct net_device_stats *stats; 143 struct net_device_stats *stats;
154 unsigned short vlan_TCI; 144 u16 vlan_id;
145 u16 vlan_tci;
155 146
156 skb = skb_share_check(skb, GFP_ATOMIC); 147 skb = skb_share_check(skb, GFP_ATOMIC);
157 if (skb == NULL) 148 if (skb == NULL)
@@ -161,14 +152,14 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
161 goto err_free; 152 goto err_free;
162 153
163 vhdr = (struct vlan_hdr *)skb->data; 154 vhdr = (struct vlan_hdr *)skb->data;
164 vlan_TCI = ntohs(vhdr->h_vlan_TCI); 155 vlan_tci = ntohs(vhdr->h_vlan_TCI);
165 vid = (vlan_TCI & VLAN_VID_MASK); 156 vlan_id = vlan_tci & VLAN_VID_MASK;
166 157
167 rcu_read_lock(); 158 rcu_read_lock();
168 skb->dev = __find_vlan_dev(dev, vid); 159 skb->dev = __find_vlan_dev(dev, vlan_id);
169 if (!skb->dev) { 160 if (!skb->dev) {
170 pr_debug("%s: ERROR: No net_device for VID: %u on dev: %s\n", 161 pr_debug("%s: ERROR: No net_device for VID: %u on dev: %s\n",
171 __func__, (unsigned int)vid, dev->name); 162 __func__, vlan_id, dev->name);
172 goto err_unlock; 163 goto err_unlock;
173 } 164 }
174 165
@@ -180,11 +171,10 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
180 171
181 skb_pull_rcsum(skb, VLAN_HLEN); 172 skb_pull_rcsum(skb, VLAN_HLEN);
182 173
183 skb->priority = vlan_get_ingress_priority(skb->dev, 174 skb->priority = vlan_get_ingress_priority(skb->dev, vlan_tci);
184 ntohs(vhdr->h_vlan_TCI));
185 175
186 pr_debug("%s: priority: %u for TCI: %hu\n", 176 pr_debug("%s: priority: %u for TCI: %hu\n",
187 __func__, skb->priority, ntohs(vhdr->h_vlan_TCI)); 177 __func__, skb->priority, vlan_tci);
188 178
189 switch (skb->pkt_type) { 179 switch (skb->pkt_type) {
190 case PACKET_BROADCAST: /* Yeah, stats collect these together.. */ 180 case PACKET_BROADCAST: /* Yeah, stats collect these together.. */
@@ -227,7 +217,7 @@ err_free:
227 return NET_RX_DROP; 217 return NET_RX_DROP;
228} 218}
229 219
230static inline unsigned short 220static inline u16
231vlan_dev_get_egress_qos_mask(struct net_device *dev, struct sk_buff *skb) 221vlan_dev_get_egress_qos_mask(struct net_device *dev, struct sk_buff *skb)
232{ 222{
233 struct vlan_priority_tci_mapping *mp; 223 struct vlan_priority_tci_mapping *mp;
@@ -259,103 +249,44 @@ static int vlan_dev_hard_header(struct sk_buff *skb, struct net_device *dev,
259 unsigned int len) 249 unsigned int len)
260{ 250{
261 struct vlan_hdr *vhdr; 251 struct vlan_hdr *vhdr;
262 unsigned short veth_TCI = 0; 252 unsigned int vhdrlen = 0;
263 int rc = 0; 253 u16 vlan_tci = 0;
264 int build_vlan_header = 0; 254 int rc;
265 struct net_device *vdev = dev;
266
267 pr_debug("%s: skb: %p type: %hx len: %u vlan_id: %hx, daddr: %p\n",
268 __func__, skb, type, len, vlan_dev_info(dev)->vlan_id,
269 daddr);
270
271 /* build vlan header only if re_order_header flag is NOT set. This
272 * fixes some programs that get confused when they see a VLAN device
273 * sending a frame that is VLAN encoded (the consensus is that the VLAN
274 * device should look completely like an Ethernet device when the
275 * REORDER_HEADER flag is set) The drawback to this is some extra
276 * header shuffling in the hard_start_xmit. Users can turn off this
277 * REORDER behaviour with the vconfig tool.
278 */
279 if (!(vlan_dev_info(dev)->flags & VLAN_FLAG_REORDER_HDR))
280 build_vlan_header = 1;
281 255
282 if (build_vlan_header) { 256 if (WARN_ON(skb_headroom(skb) < dev->hard_header_len))
283 vhdr = (struct vlan_hdr *) skb_push(skb, VLAN_HLEN); 257 return -ENOSPC;
284 258
285 /* build the four bytes that make this a VLAN header. */ 259 if (!(vlan_dev_info(dev)->flags & VLAN_FLAG_REORDER_HDR)) {
286 260 vhdr = (struct vlan_hdr *) skb_push(skb, VLAN_HLEN);
287 /* Now, construct the second two bytes. This field looks
288 * something like:
289 * usr_priority: 3 bits (high bits)
290 * CFI 1 bit
291 * VLAN ID 12 bits (low bits)
292 *
293 */
294 veth_TCI = vlan_dev_info(dev)->vlan_id;
295 veth_TCI |= vlan_dev_get_egress_qos_mask(dev, skb);
296 261
297 vhdr->h_vlan_TCI = htons(veth_TCI); 262 vlan_tci = vlan_dev_info(dev)->vlan_id;
263 vlan_tci |= vlan_dev_get_egress_qos_mask(dev, skb);
264 vhdr->h_vlan_TCI = htons(vlan_tci);
298 265
299 /* 266 /*
300 * Set the protocol type. For a packet of type ETH_P_802_3 we 267 * Set the protocol type. For a packet of type ETH_P_802_3 we
301 * put the length in here instead. It is up to the 802.2 268 * put the length in here instead. It is up to the 802.2
302 * layer to carry protocol information. 269 * layer to carry protocol information.
303 */ 270 */
304
305 if (type != ETH_P_802_3) 271 if (type != ETH_P_802_3)
306 vhdr->h_vlan_encapsulated_proto = htons(type); 272 vhdr->h_vlan_encapsulated_proto = htons(type);
307 else 273 else
308 vhdr->h_vlan_encapsulated_proto = htons(len); 274 vhdr->h_vlan_encapsulated_proto = htons(len);
309 275
310 skb->protocol = htons(ETH_P_8021Q); 276 skb->protocol = htons(ETH_P_8021Q);
311 skb_reset_network_header(skb); 277 type = ETH_P_8021Q;
278 vhdrlen = VLAN_HLEN;
312 } 279 }
313 280
314 /* Before delegating work to the lower layer, enter our MAC-address */ 281 /* Before delegating work to the lower layer, enter our MAC-address */
315 if (saddr == NULL) 282 if (saddr == NULL)
316 saddr = dev->dev_addr; 283 saddr = dev->dev_addr;
317 284
285 /* Now make the underlying real hard header */
318 dev = vlan_dev_info(dev)->real_dev; 286 dev = vlan_dev_info(dev)->real_dev;
319 287 rc = dev_hard_header(skb, dev, type, daddr, saddr, len + vhdrlen);
320 /* MPLS can send us skbuffs w/out enough space. This check will grow 288 if (rc > 0)
321 * the skb if it doesn't have enough headroom. Not a beautiful solution, 289 rc += vhdrlen;
322 * so I'll tick a counter so that users can know it's happening...
323 * If they care...
324 */
325
326 /* NOTE: This may still break if the underlying device is not the final
327 * device (and thus there are more headers to add...) It should work for
328 * good-ole-ethernet though.
329 */
330 if (skb_headroom(skb) < dev->hard_header_len) {
331 struct sk_buff *sk_tmp = skb;
332 skb = skb_realloc_headroom(sk_tmp, dev->hard_header_len);
333 kfree_skb(sk_tmp);
334 if (skb == NULL) {
335 struct net_device_stats *stats = &vdev->stats;
336 stats->tx_dropped++;
337 return -ENOMEM;
338 }
339 vlan_dev_info(vdev)->cnt_inc_headroom_on_tx++;
340 pr_debug("%s: %s: had to grow skb\n", __func__, vdev->name);
341 }
342
343 if (build_vlan_header) {
344 /* Now make the underlying real hard header */
345 rc = dev_hard_header(skb, dev, ETH_P_8021Q, daddr, saddr,
346 len + VLAN_HLEN);
347 if (rc > 0)
348 rc += VLAN_HLEN;
349 else if (rc < 0)
350 rc -= VLAN_HLEN;
351 } else
352 /* If here, then we'll just make a normal looking ethernet
353 * frame, but, the hard_start_xmit method will insert the tag
354 * (it has to be able to do this for bridged and other skbs
355 * that don't come down the protocol stack in an orderly manner.
356 */
357 rc = dev_hard_header(skb, dev, type, daddr, saddr, len);
358
359 return rc; 290 return rc;
360} 291}
361 292
@@ -369,78 +300,49 @@ static int vlan_dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
369 * NOTE: THIS ASSUMES DIX ETHERNET, SPECIFICALLY NOT SUPPORTING 300 * NOTE: THIS ASSUMES DIX ETHERNET, SPECIFICALLY NOT SUPPORTING
370 * OTHER THINGS LIKE FDDI/TokenRing/802.3 SNAPs... 301 * OTHER THINGS LIKE FDDI/TokenRing/802.3 SNAPs...
371 */ 302 */
372
373 if (veth->h_vlan_proto != htons(ETH_P_8021Q) || 303 if (veth->h_vlan_proto != htons(ETH_P_8021Q) ||
374 vlan_dev_info(dev)->flags & VLAN_FLAG_REORDER_HDR) { 304 vlan_dev_info(dev)->flags & VLAN_FLAG_REORDER_HDR) {
375 int orig_headroom = skb_headroom(skb); 305 unsigned int orig_headroom = skb_headroom(skb);
376 unsigned short veth_TCI; 306 u16 vlan_tci;
377 307
378 /* This is not a VLAN frame...but we can fix that! */
379 vlan_dev_info(dev)->cnt_encap_on_xmit++; 308 vlan_dev_info(dev)->cnt_encap_on_xmit++;
380 309
381 pr_debug("%s: proto to encap: 0x%hx\n", 310 vlan_tci = vlan_dev_info(dev)->vlan_id;
382 __func__, ntohs(veth->h_vlan_proto)); 311 vlan_tci |= vlan_dev_get_egress_qos_mask(dev, skb);
383 /* Construct the second two bytes. This field looks something 312 skb = __vlan_put_tag(skb, vlan_tci);
384 * like:
385 * usr_priority: 3 bits (high bits)
386 * CFI 1 bit
387 * VLAN ID 12 bits (low bits)
388 */
389 veth_TCI = vlan_dev_info(dev)->vlan_id;
390 veth_TCI |= vlan_dev_get_egress_qos_mask(dev, skb);
391
392 skb = __vlan_put_tag(skb, veth_TCI);
393 if (!skb) { 313 if (!skb) {
394 stats->tx_dropped++; 314 stats->tx_dropped++;
395 return 0; 315 return NETDEV_TX_OK;
396 } 316 }
397 317
398 if (orig_headroom < VLAN_HLEN) 318 if (orig_headroom < VLAN_HLEN)
399 vlan_dev_info(dev)->cnt_inc_headroom_on_tx++; 319 vlan_dev_info(dev)->cnt_inc_headroom_on_tx++;
400 } 320 }
401 321
402 pr_debug("%s: about to send skb: %p to dev: %s\n", 322 stats->tx_packets++;
403 __func__, skb, skb->dev->name);
404 pr_debug(" " MAC_FMT " " MAC_FMT " %4hx %4hx %4hx\n",
405 veth->h_dest[0], veth->h_dest[1], veth->h_dest[2],
406 veth->h_dest[3], veth->h_dest[4], veth->h_dest[5],
407 veth->h_source[0], veth->h_source[1], veth->h_source[2],
408 veth->h_source[3], veth->h_source[4], veth->h_source[5],
409 veth->h_vlan_proto, veth->h_vlan_TCI,
410 veth->h_vlan_encapsulated_proto);
411
412 stats->tx_packets++; /* for statics only */
413 stats->tx_bytes += skb->len; 323 stats->tx_bytes += skb->len;
414 324
415 skb->dev = vlan_dev_info(dev)->real_dev; 325 skb->dev = vlan_dev_info(dev)->real_dev;
416 dev_queue_xmit(skb); 326 dev_queue_xmit(skb);
417 327 return NETDEV_TX_OK;
418 return 0;
419} 328}
420 329
421static int vlan_dev_hwaccel_hard_start_xmit(struct sk_buff *skb, 330static int vlan_dev_hwaccel_hard_start_xmit(struct sk_buff *skb,
422 struct net_device *dev) 331 struct net_device *dev)
423{ 332{
424 struct net_device_stats *stats = &dev->stats; 333 struct net_device_stats *stats = &dev->stats;
425 unsigned short veth_TCI; 334 u16 vlan_tci;
426 335
427 /* Construct the second two bytes. This field looks something 336 vlan_tci = vlan_dev_info(dev)->vlan_id;
428 * like: 337 vlan_tci |= vlan_dev_get_egress_qos_mask(dev, skb);
429 * usr_priority: 3 bits (high bits) 338 skb = __vlan_hwaccel_put_tag(skb, vlan_tci);
430 * CFI 1 bit
431 * VLAN ID 12 bits (low bits)
432 */
433 veth_TCI = vlan_dev_info(dev)->vlan_id;
434 veth_TCI |= vlan_dev_get_egress_qos_mask(dev, skb);
435 skb = __vlan_hwaccel_put_tag(skb, veth_TCI);
436 339
437 stats->tx_packets++; 340 stats->tx_packets++;
438 stats->tx_bytes += skb->len; 341 stats->tx_bytes += skb->len;
439 342
440 skb->dev = vlan_dev_info(dev)->real_dev; 343 skb->dev = vlan_dev_info(dev)->real_dev;
441 dev_queue_xmit(skb); 344 dev_queue_xmit(skb);
442 345 return NETDEV_TX_OK;
443 return 0;
444} 346}
445 347
446static int vlan_dev_change_mtu(struct net_device *dev, int new_mtu) 348static int vlan_dev_change_mtu(struct net_device *dev, int new_mtu)
@@ -457,7 +359,7 @@ static int vlan_dev_change_mtu(struct net_device *dev, int new_mtu)
457} 359}
458 360
459void vlan_dev_set_ingress_priority(const struct net_device *dev, 361void vlan_dev_set_ingress_priority(const struct net_device *dev,
460 u32 skb_prio, short vlan_prio) 362 u32 skb_prio, u16 vlan_prio)
461{ 363{
462 struct vlan_dev_info *vlan = vlan_dev_info(dev); 364 struct vlan_dev_info *vlan = vlan_dev_info(dev);
463 365
@@ -470,7 +372,7 @@ void vlan_dev_set_ingress_priority(const struct net_device *dev,
470} 372}
471 373
472int vlan_dev_set_egress_priority(const struct net_device *dev, 374int vlan_dev_set_egress_priority(const struct net_device *dev,
473 u32 skb_prio, short vlan_prio) 375 u32 skb_prio, u16 vlan_prio)
474{ 376{
475 struct vlan_dev_info *vlan = vlan_dev_info(dev); 377 struct vlan_dev_info *vlan = vlan_dev_info(dev);
476 struct vlan_priority_tci_mapping *mp = NULL; 378 struct vlan_priority_tci_mapping *mp = NULL;
@@ -507,18 +409,23 @@ int vlan_dev_set_egress_priority(const struct net_device *dev,
507} 409}
508 410
509/* Flags are defined in the vlan_flags enum in include/linux/if_vlan.h file. */ 411/* Flags are defined in the vlan_flags enum in include/linux/if_vlan.h file. */
510int vlan_dev_set_vlan_flag(const struct net_device *dev, 412int vlan_dev_change_flags(const struct net_device *dev, u32 flags, u32 mask)
511 u32 flag, short flag_val)
512{ 413{
513 /* verify flag is supported */ 414 struct vlan_dev_info *vlan = vlan_dev_info(dev);
514 if (flag == VLAN_FLAG_REORDER_HDR) { 415 u32 old_flags = vlan->flags;
515 if (flag_val) 416
516 vlan_dev_info(dev)->flags |= VLAN_FLAG_REORDER_HDR; 417 if (mask & ~(VLAN_FLAG_REORDER_HDR | VLAN_FLAG_GVRP))
418 return -EINVAL;
419
420 vlan->flags = (old_flags & ~mask) | (flags & mask);
421
422 if (netif_running(dev) && (vlan->flags ^ old_flags) & VLAN_FLAG_GVRP) {
423 if (vlan->flags & VLAN_FLAG_GVRP)
424 vlan_gvrp_request_join(dev);
517 else 425 else
518 vlan_dev_info(dev)->flags &= ~VLAN_FLAG_REORDER_HDR; 426 vlan_gvrp_request_leave(dev);
519 return 0;
520 } 427 }
521 return -EINVAL; 428 return 0;
522} 429}
523 430
524void vlan_dev_get_realdev_name(const struct net_device *dev, char *result) 431void vlan_dev_get_realdev_name(const struct net_device *dev, char *result)
@@ -526,11 +433,6 @@ void vlan_dev_get_realdev_name(const struct net_device *dev, char *result)
526 strncpy(result, vlan_dev_info(dev)->real_dev->name, 23); 433 strncpy(result, vlan_dev_info(dev)->real_dev->name, 23);
527} 434}
528 435
529void vlan_dev_get_vid(const struct net_device *dev, unsigned short *result)
530{
531 *result = vlan_dev_info(dev)->vlan_id;
532}
533
534static int vlan_dev_open(struct net_device *dev) 436static int vlan_dev_open(struct net_device *dev)
535{ 437{
536 struct vlan_dev_info *vlan = vlan_dev_info(dev); 438 struct vlan_dev_info *vlan = vlan_dev_info(dev);
@@ -543,21 +445,44 @@ static int vlan_dev_open(struct net_device *dev)
543 if (compare_ether_addr(dev->dev_addr, real_dev->dev_addr)) { 445 if (compare_ether_addr(dev->dev_addr, real_dev->dev_addr)) {
544 err = dev_unicast_add(real_dev, dev->dev_addr, ETH_ALEN); 446 err = dev_unicast_add(real_dev, dev->dev_addr, ETH_ALEN);
545 if (err < 0) 447 if (err < 0)
546 return err; 448 goto out;
449 }
450
451 if (dev->flags & IFF_ALLMULTI) {
452 err = dev_set_allmulti(real_dev, 1);
453 if (err < 0)
454 goto del_unicast;
547 } 455 }
456 if (dev->flags & IFF_PROMISC) {
457 err = dev_set_promiscuity(real_dev, 1);
458 if (err < 0)
459 goto clear_allmulti;
460 }
461
548 memcpy(vlan->real_dev_addr, real_dev->dev_addr, ETH_ALEN); 462 memcpy(vlan->real_dev_addr, real_dev->dev_addr, ETH_ALEN);
549 463
550 if (dev->flags & IFF_ALLMULTI) 464 if (vlan->flags & VLAN_FLAG_GVRP)
551 dev_set_allmulti(real_dev, 1); 465 vlan_gvrp_request_join(dev);
552 if (dev->flags & IFF_PROMISC)
553 dev_set_promiscuity(real_dev, 1);
554 466
555 return 0; 467 return 0;
468
469clear_allmulti:
470 if (dev->flags & IFF_ALLMULTI)
471 dev_set_allmulti(real_dev, -1);
472del_unicast:
473 if (compare_ether_addr(dev->dev_addr, real_dev->dev_addr))
474 dev_unicast_delete(real_dev, dev->dev_addr, ETH_ALEN);
475out:
476 return err;
556} 477}
557 478
558static int vlan_dev_stop(struct net_device *dev) 479static int vlan_dev_stop(struct net_device *dev)
559{ 480{
560 struct net_device *real_dev = vlan_dev_info(dev)->real_dev; 481 struct vlan_dev_info *vlan = vlan_dev_info(dev);
482 struct net_device *real_dev = vlan->real_dev;
483
484 if (vlan->flags & VLAN_FLAG_GVRP)
485 vlan_gvrp_request_leave(dev);
561 486
562 dev_mc_unsync(real_dev, dev); 487 dev_mc_unsync(real_dev, dev);
563 dev_unicast_unsync(real_dev, dev); 488 dev_unicast_unsync(real_dev, dev);
@@ -644,6 +569,24 @@ static void vlan_dev_set_rx_mode(struct net_device *vlan_dev)
644 * separate class since they always nest. 569 * separate class since they always nest.
645 */ 570 */
646static struct lock_class_key vlan_netdev_xmit_lock_key; 571static struct lock_class_key vlan_netdev_xmit_lock_key;
572static struct lock_class_key vlan_netdev_addr_lock_key;
573
574static void vlan_dev_set_lockdep_one(struct net_device *dev,
575 struct netdev_queue *txq,
576 void *_subclass)
577{
578 lockdep_set_class_and_subclass(&txq->_xmit_lock,
579 &vlan_netdev_xmit_lock_key,
580 *(int *)_subclass);
581}
582
583static void vlan_dev_set_lockdep_class(struct net_device *dev, int subclass)
584{
585 lockdep_set_class_and_subclass(&dev->addr_list_lock,
586 &vlan_netdev_addr_lock_key,
587 subclass);
588 netdev_for_each_tx_queue(dev, vlan_dev_set_lockdep_one, &subclass);
589}
647 590
648static const struct header_ops vlan_header_ops = { 591static const struct header_ops vlan_header_ops = {
649 .create = vlan_dev_hard_header, 592 .create = vlan_dev_hard_header,
@@ -663,10 +606,7 @@ static int vlan_dev_init(struct net_device *dev)
663 (1<<__LINK_STATE_DORMANT))) | 606 (1<<__LINK_STATE_DORMANT))) |
664 (1<<__LINK_STATE_PRESENT); 607 (1<<__LINK_STATE_PRESENT);
665 608
666 if (real_dev->features & NETIF_F_VLAN_TSO) 609 dev->features |= real_dev->features & real_dev->vlan_features;
667 dev->features |= real_dev->features & VLAN_TSO_FEATURES;
668 if (real_dev->features & NETIF_F_VLAN_CSUM)
669 dev->features |= real_dev->features & NETIF_F_ALL_CSUM;
670 610
671 /* ipv6 shared card related stuff */ 611 /* ipv6 shared card related stuff */
672 dev->dev_id = real_dev->dev_id; 612 dev->dev_id = real_dev->dev_id;
@@ -686,11 +626,10 @@ static int vlan_dev_init(struct net_device *dev)
686 dev->hard_start_xmit = vlan_dev_hard_start_xmit; 626 dev->hard_start_xmit = vlan_dev_hard_start_xmit;
687 } 627 }
688 628
689 if (real_dev->priv_flags & IFF_802_1Q_VLAN) 629 if (is_vlan_dev(real_dev))
690 subclass = 1; 630 subclass = 1;
691 631
692 lockdep_set_class_and_subclass(&dev->_xmit_lock, 632 vlan_dev_set_lockdep_class(dev, subclass);
693 &vlan_netdev_xmit_lock_key, subclass);
694 return 0; 633 return 0;
695} 634}
696 635
@@ -708,6 +647,35 @@ static void vlan_dev_uninit(struct net_device *dev)
708 } 647 }
709} 648}
710 649
650static u32 vlan_ethtool_get_rx_csum(struct net_device *dev)
651{
652 const struct vlan_dev_info *vlan = vlan_dev_info(dev);
653 struct net_device *real_dev = vlan->real_dev;
654
655 if (real_dev->ethtool_ops == NULL ||
656 real_dev->ethtool_ops->get_rx_csum == NULL)
657 return 0;
658 return real_dev->ethtool_ops->get_rx_csum(real_dev);
659}
660
661static u32 vlan_ethtool_get_flags(struct net_device *dev)
662{
663 const struct vlan_dev_info *vlan = vlan_dev_info(dev);
664 struct net_device *real_dev = vlan->real_dev;
665
666 if (!(real_dev->features & NETIF_F_HW_VLAN_RX) ||
667 real_dev->ethtool_ops == NULL ||
668 real_dev->ethtool_ops->get_flags == NULL)
669 return 0;
670 return real_dev->ethtool_ops->get_flags(real_dev);
671}
672
673static const struct ethtool_ops vlan_ethtool_ops = {
674 .get_link = ethtool_op_get_link,
675 .get_rx_csum = vlan_ethtool_get_rx_csum,
676 .get_flags = vlan_ethtool_get_flags,
677};
678
711void vlan_setup(struct net_device *dev) 679void vlan_setup(struct net_device *dev)
712{ 680{
713 ether_setup(dev); 681 ether_setup(dev);
@@ -726,6 +694,7 @@ void vlan_setup(struct net_device *dev)
726 dev->change_rx_flags = vlan_dev_change_rx_flags; 694 dev->change_rx_flags = vlan_dev_change_rx_flags;
727 dev->do_ioctl = vlan_dev_ioctl; 695 dev->do_ioctl = vlan_dev_ioctl;
728 dev->destructor = free_netdev; 696 dev->destructor = free_netdev;
697 dev->ethtool_ops = &vlan_ethtool_ops;
729 698
730 memset(dev->broadcast, 0, ETH_ALEN); 699 memset(dev->broadcast, 0, ETH_ALEN);
731} 700}
diff --git a/net/8021q/vlan_gvrp.c b/net/8021q/vlan_gvrp.c
new file mode 100644
index 000000000000..061ceceeef12
--- /dev/null
+++ b/net/8021q/vlan_gvrp.c
@@ -0,0 +1,66 @@
1/*
2 * IEEE 802.1Q GARP VLAN Registration Protocol (GVRP)
3 *
4 * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
9 */
10#include <linux/types.h>
11#include <linux/if_vlan.h>
12#include <net/garp.h>
13#include "vlan.h"
14
15#define GARP_GVRP_ADDRESS { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x21 }
16
17enum gvrp_attributes {
18 GVRP_ATTR_INVALID,
19 GVRP_ATTR_VID,
20 __GVRP_ATTR_MAX
21};
22#define GVRP_ATTR_MAX (__GVRP_ATTR_MAX - 1)
23
24static struct garp_application vlan_gvrp_app __read_mostly = {
25 .proto.group_address = GARP_GVRP_ADDRESS,
26 .maxattr = GVRP_ATTR_MAX,
27 .type = GARP_APPLICATION_GVRP,
28};
29
30int vlan_gvrp_request_join(const struct net_device *dev)
31{
32 const struct vlan_dev_info *vlan = vlan_dev_info(dev);
33 __be16 vlan_id = htons(vlan->vlan_id);
34
35 return garp_request_join(vlan->real_dev, &vlan_gvrp_app,
36 &vlan_id, sizeof(vlan_id), GVRP_ATTR_VID);
37}
38
39void vlan_gvrp_request_leave(const struct net_device *dev)
40{
41 const struct vlan_dev_info *vlan = vlan_dev_info(dev);
42 __be16 vlan_id = htons(vlan->vlan_id);
43
44 garp_request_leave(vlan->real_dev, &vlan_gvrp_app,
45 &vlan_id, sizeof(vlan_id), GVRP_ATTR_VID);
46}
47
48int vlan_gvrp_init_applicant(struct net_device *dev)
49{
50 return garp_init_applicant(dev, &vlan_gvrp_app);
51}
52
53void vlan_gvrp_uninit_applicant(struct net_device *dev)
54{
55 garp_uninit_applicant(dev, &vlan_gvrp_app);
56}
57
58int __init vlan_gvrp_init(void)
59{
60 return garp_register_application(&vlan_gvrp_app);
61}
62
63void vlan_gvrp_uninit(void)
64{
65 garp_unregister_application(&vlan_gvrp_app);
66}
diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
index c93e69ec28ed..e9c91dcecc9b 100644
--- a/net/8021q/vlan_netlink.c
+++ b/net/8021q/vlan_netlink.c
@@ -59,7 +59,8 @@ static int vlan_validate(struct nlattr *tb[], struct nlattr *data[])
59 } 59 }
60 if (data[IFLA_VLAN_FLAGS]) { 60 if (data[IFLA_VLAN_FLAGS]) {
61 flags = nla_data(data[IFLA_VLAN_FLAGS]); 61 flags = nla_data(data[IFLA_VLAN_FLAGS]);
62 if ((flags->flags & flags->mask) & ~VLAN_FLAG_REORDER_HDR) 62 if ((flags->flags & flags->mask) &
63 ~(VLAN_FLAG_REORDER_HDR | VLAN_FLAG_GVRP))
63 return -EINVAL; 64 return -EINVAL;
64 } 65 }
65 66
@@ -75,7 +76,6 @@ static int vlan_validate(struct nlattr *tb[], struct nlattr *data[])
75static int vlan_changelink(struct net_device *dev, 76static int vlan_changelink(struct net_device *dev,
76 struct nlattr *tb[], struct nlattr *data[]) 77 struct nlattr *tb[], struct nlattr *data[])
77{ 78{
78 struct vlan_dev_info *vlan = vlan_dev_info(dev);
79 struct ifla_vlan_flags *flags; 79 struct ifla_vlan_flags *flags;
80 struct ifla_vlan_qos_mapping *m; 80 struct ifla_vlan_qos_mapping *m;
81 struct nlattr *attr; 81 struct nlattr *attr;
@@ -83,8 +83,7 @@ static int vlan_changelink(struct net_device *dev,
83 83
84 if (data[IFLA_VLAN_FLAGS]) { 84 if (data[IFLA_VLAN_FLAGS]) {
85 flags = nla_data(data[IFLA_VLAN_FLAGS]); 85 flags = nla_data(data[IFLA_VLAN_FLAGS]);
86 vlan->flags = (vlan->flags & ~flags->mask) | 86 vlan_dev_change_flags(dev, flags->flags, flags->mask);
87 (flags->flags & flags->mask);
88 } 87 }
89 if (data[IFLA_VLAN_INGRESS_QOS]) { 88 if (data[IFLA_VLAN_INGRESS_QOS]) {
90 nla_for_each_nested(attr, data[IFLA_VLAN_INGRESS_QOS], rem) { 89 nla_for_each_nested(attr, data[IFLA_VLAN_INGRESS_QOS], rem) {
diff --git a/net/8021q/vlanproc.c b/net/8021q/vlanproc.c
index 08b54b593d56..0feefa4e1a4b 100644
--- a/net/8021q/vlanproc.c
+++ b/net/8021q/vlanproc.c
@@ -18,16 +18,9 @@
18 *****************************************************************************/ 18 *****************************************************************************/
19 19
20#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/stddef.h> /* offsetof(), etc. */ 21#include <linux/errno.h>
22#include <linux/errno.h> /* return codes */
23#include <linux/kernel.h> 22#include <linux/kernel.h>
24#include <linux/slab.h> /* kmalloc(), kfree() */ 23#include <linux/string.h>
25#include <linux/mm.h>
26#include <linux/string.h> /* inline mem*, str* functions */
27#include <linux/init.h> /* __initfunc et al. */
28#include <asm/byteorder.h> /* htons(), etc. */
29#include <asm/uaccess.h> /* copy_to_user */
30#include <asm/io.h>
31#include <linux/proc_fs.h> 24#include <linux/proc_fs.h>
32#include <linux/seq_file.h> 25#include <linux/seq_file.h>
33#include <linux/fs.h> 26#include <linux/fs.h>
@@ -290,7 +283,7 @@ static int vlandev_seq_show(struct seq_file *seq, void *offset)
290 static const char fmt[] = "%30s %12lu\n"; 283 static const char fmt[] = "%30s %12lu\n";
291 int i; 284 int i;
292 285
293 if (!(vlandev->priv_flags & IFF_802_1Q_VLAN)) 286 if (!is_vlan_dev(vlandev))
294 return 0; 287 return 0;
295 288
296 seq_printf(seq, 289 seq_printf(seq,
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 4507f744f44e..cdf137af7adc 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -1285,7 +1285,7 @@ static int p9_socket_open(struct p9_trans *trans, struct socket *csocket)
1285 int fd, ret; 1285 int fd, ret;
1286 1286
1287 csocket->sk->sk_allocation = GFP_NOIO; 1287 csocket->sk->sk_allocation = GFP_NOIO;
1288 fd = sock_map_fd(csocket); 1288 fd = sock_map_fd(csocket, 0);
1289 if (fd < 0) { 1289 if (fd < 0) {
1290 P9_EPRINTK(KERN_ERR, "p9_socket_open: failed to map fd\n"); 1290 P9_EPRINTK(KERN_ERR, "p9_socket_open: failed to map fd\n");
1291 return fd; 1291 return fd;
diff --git a/net/Kconfig b/net/Kconfig
index acbf7c60e89b..7612cc8c337c 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -2,9 +2,7 @@
2# Network configuration 2# Network configuration
3# 3#
4 4
5menu "Networking" 5menuconfig NET
6
7config NET
8 bool "Networking support" 6 bool "Networking support"
9 ---help--- 7 ---help---
10 Unless you really know what you are doing, you should say Y here. 8 Unless you really know what you are doing, you should say Y here.
@@ -22,7 +20,6 @@ config NET
22 recommended to read the NET-HOWTO, available from 20 recommended to read the NET-HOWTO, available from
23 <http://www.tldp.org/docs.html#howto>. 21 <http://www.tldp.org/docs.html#howto>.
24 22
25# Make sure that all config symbols are dependent on NET
26if NET 23if NET
27 24
28menu "Networking options" 25menu "Networking options"
@@ -181,6 +178,7 @@ source "net/dccp/Kconfig"
181source "net/sctp/Kconfig" 178source "net/sctp/Kconfig"
182source "net/tipc/Kconfig" 179source "net/tipc/Kconfig"
183source "net/atm/Kconfig" 180source "net/atm/Kconfig"
181source "net/802/Kconfig"
184source "net/bridge/Kconfig" 182source "net/bridge/Kconfig"
185source "net/8021q/Kconfig" 183source "net/8021q/Kconfig"
186source "net/decnet/Kconfig" 184source "net/decnet/Kconfig"
@@ -251,5 +249,3 @@ source "net/rfkill/Kconfig"
251source "net/9p/Kconfig" 249source "net/9p/Kconfig"
252 250
253endif # if NET 251endif # if NET
254endmenu # Networking
255
diff --git a/net/Makefile b/net/Makefile
index b7a13643b549..4f43e7f874f3 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -42,7 +42,9 @@ obj-$(CONFIG_AF_RXRPC) += rxrpc/
42obj-$(CONFIG_ATM) += atm/ 42obj-$(CONFIG_ATM) += atm/
43obj-$(CONFIG_DECNET) += decnet/ 43obj-$(CONFIG_DECNET) += decnet/
44obj-$(CONFIG_ECONET) += econet/ 44obj-$(CONFIG_ECONET) += econet/
45obj-$(CONFIG_VLAN_8021Q) += 8021q/ 45ifneq ($(CONFIG_VLAN_8021Q),)
46obj-y += 8021q/
47endif
46obj-$(CONFIG_IP_DCCP) += dccp/ 48obj-$(CONFIG_IP_DCCP) += dccp/
47obj-$(CONFIG_IP_SCTP) += sctp/ 49obj-$(CONFIG_IP_SCTP) += sctp/
48obj-y += wireless/ 50obj-y += wireless/
diff --git a/net/appletalk/aarp.c b/net/appletalk/aarp.c
index 25aa37ce9430..b25c1e909d14 100644
--- a/net/appletalk/aarp.c
+++ b/net/appletalk/aarp.c
@@ -333,7 +333,7 @@ static int aarp_device_event(struct notifier_block *this, unsigned long event,
333 struct net_device *dev = ptr; 333 struct net_device *dev = ptr;
334 int ct; 334 int ct;
335 335
336 if (dev_net(dev) != &init_net) 336 if (!net_eq(dev_net(dev), &init_net))
337 return NOTIFY_DONE; 337 return NOTIFY_DONE;
338 338
339 if (event == NETDEV_DOWN) { 339 if (event == NETDEV_DOWN) {
@@ -716,7 +716,7 @@ static int aarp_rcv(struct sk_buff *skb, struct net_device *dev,
716 struct atalk_addr sa, *ma, da; 716 struct atalk_addr sa, *ma, da;
717 struct atalk_iface *ifa; 717 struct atalk_iface *ifa;
718 718
719 if (dev_net(dev) != &init_net) 719 if (!net_eq(dev_net(dev), &init_net))
720 goto out0; 720 goto out0;
721 721
722 /* We only do Ethernet SNAP AARP. */ 722 /* We only do Ethernet SNAP AARP. */
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 44cd42f7786b..0c850427a85b 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -648,7 +648,7 @@ static int ddp_device_event(struct notifier_block *this, unsigned long event,
648{ 648{
649 struct net_device *dev = ptr; 649 struct net_device *dev = ptr;
650 650
651 if (dev_net(dev) != &init_net) 651 if (!net_eq(dev_net(dev), &init_net))
652 return NOTIFY_DONE; 652 return NOTIFY_DONE;
653 653
654 if (event == NETDEV_DOWN) 654 if (event == NETDEV_DOWN)
@@ -959,7 +959,7 @@ static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset,
959 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 959 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
960 int end; 960 int end;
961 961
962 BUG_TRAP(start <= offset + len); 962 WARN_ON(start > offset + len);
963 963
964 end = start + skb_shinfo(skb)->frags[i].size; 964 end = start + skb_shinfo(skb)->frags[i].size;
965 if ((copy = end - offset) > 0) { 965 if ((copy = end - offset) > 0) {
@@ -986,7 +986,7 @@ static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset,
986 for (; list; list = list->next) { 986 for (; list; list = list->next) {
987 int end; 987 int end;
988 988
989 BUG_TRAP(start <= offset + len); 989 WARN_ON(start > offset + len);
990 990
991 end = start + list->len; 991 end = start + list->len;
992 if ((copy = end - offset) > 0) { 992 if ((copy = end - offset) > 0) {
@@ -1405,7 +1405,7 @@ static int atalk_rcv(struct sk_buff *skb, struct net_device *dev,
1405 int origlen; 1405 int origlen;
1406 __u16 len_hops; 1406 __u16 len_hops;
1407 1407
1408 if (dev_net(dev) != &init_net) 1408 if (!net_eq(dev_net(dev), &init_net))
1409 goto freeit; 1409 goto freeit;
1410 1410
1411 /* Don't mangle buffer if shared */ 1411 /* Don't mangle buffer if shared */
@@ -1493,7 +1493,7 @@ freeit:
1493static int ltalk_rcv(struct sk_buff *skb, struct net_device *dev, 1493static int ltalk_rcv(struct sk_buff *skb, struct net_device *dev,
1494 struct packet_type *pt, struct net_device *orig_dev) 1494 struct packet_type *pt, struct net_device *orig_dev)
1495{ 1495{
1496 if (dev_net(dev) != &init_net) 1496 if (!net_eq(dev_net(dev), &init_net))
1497 goto freeit; 1497 goto freeit;
1498 1498
1499 /* Expand any short form frames */ 1499 /* Expand any short form frames */
diff --git a/net/atm/addr.c b/net/atm/addr.c
index 6afa77d63bb5..82e85abc303d 100644
--- a/net/atm/addr.c
+++ b/net/atm/addr.c
@@ -9,7 +9,7 @@
9#include "signaling.h" 9#include "signaling.h"
10#include "addr.h" 10#include "addr.h"
11 11
12static int check_addr(struct sockaddr_atmsvc *addr) 12static int check_addr(const struct sockaddr_atmsvc *addr)
13{ 13{
14 int i; 14 int i;
15 15
@@ -23,7 +23,7 @@ static int check_addr(struct sockaddr_atmsvc *addr)
23 return -EINVAL; 23 return -EINVAL;
24} 24}
25 25
26static int identical(struct sockaddr_atmsvc *a, struct sockaddr_atmsvc *b) 26static int identical(const struct sockaddr_atmsvc *a, const struct sockaddr_atmsvc *b)
27{ 27{
28 if (*a->sas_addr.prv) 28 if (*a->sas_addr.prv)
29 if (memcmp(a->sas_addr.prv, b->sas_addr.prv, ATM_ESA_LEN)) 29 if (memcmp(a->sas_addr.prv, b->sas_addr.prv, ATM_ESA_LEN))
@@ -35,7 +35,7 @@ static int identical(struct sockaddr_atmsvc *a, struct sockaddr_atmsvc *b)
35 return !strcmp(a->sas_addr.pub, b->sas_addr.pub); 35 return !strcmp(a->sas_addr.pub, b->sas_addr.pub);
36} 36}
37 37
38static void notify_sigd(struct atm_dev *dev) 38static void notify_sigd(const struct atm_dev *dev)
39{ 39{
40 struct sockaddr_atmpvc pvc; 40 struct sockaddr_atmpvc pvc;
41 41
@@ -63,7 +63,7 @@ void atm_reset_addr(struct atm_dev *dev, enum atm_addr_type_t atype)
63 notify_sigd(dev); 63 notify_sigd(dev);
64} 64}
65 65
66int atm_add_addr(struct atm_dev *dev, struct sockaddr_atmsvc *addr, 66int atm_add_addr(struct atm_dev *dev, const struct sockaddr_atmsvc *addr,
67 enum atm_addr_type_t atype) 67 enum atm_addr_type_t atype)
68{ 68{
69 unsigned long flags; 69 unsigned long flags;
@@ -98,7 +98,7 @@ int atm_add_addr(struct atm_dev *dev, struct sockaddr_atmsvc *addr,
98 return 0; 98 return 0;
99} 99}
100 100
101int atm_del_addr(struct atm_dev *dev, struct sockaddr_atmsvc *addr, 101int atm_del_addr(struct atm_dev *dev, const struct sockaddr_atmsvc *addr,
102 enum atm_addr_type_t atype) 102 enum atm_addr_type_t atype)
103{ 103{
104 unsigned long flags; 104 unsigned long flags;
diff --git a/net/atm/addr.h b/net/atm/addr.h
index f39433ad45da..6837e9e7eb13 100644
--- a/net/atm/addr.h
+++ b/net/atm/addr.h
@@ -10,9 +10,9 @@
10#include <linux/atmdev.h> 10#include <linux/atmdev.h>
11 11
12void atm_reset_addr(struct atm_dev *dev, enum atm_addr_type_t type); 12void atm_reset_addr(struct atm_dev *dev, enum atm_addr_type_t type);
13int atm_add_addr(struct atm_dev *dev, struct sockaddr_atmsvc *addr, 13int atm_add_addr(struct atm_dev *dev, const struct sockaddr_atmsvc *addr,
14 enum atm_addr_type_t type); 14 enum atm_addr_type_t type);
15int atm_del_addr(struct atm_dev *dev, struct sockaddr_atmsvc *addr, 15int atm_del_addr(struct atm_dev *dev, const struct sockaddr_atmsvc *addr,
16 enum atm_addr_type_t type); 16 enum atm_addr_type_t type);
17int atm_get_addr(struct atm_dev *dev, struct sockaddr_atmsvc __user *buf, 17int atm_get_addr(struct atm_dev *dev, struct sockaddr_atmsvc __user *buf,
18 size_t size, enum atm_addr_type_t type); 18 size_t size, enum atm_addr_type_t type);
diff --git a/net/atm/br2684.c b/net/atm/br2684.c
index 9d52ebfc1962..8d9a6f158880 100644
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -52,12 +52,12 @@ static void skb_debug(const struct sk_buff *skb)
52#define ETHERTYPE_IPV6 0x86, 0xdd 52#define ETHERTYPE_IPV6 0x86, 0xdd
53#define PAD_BRIDGED 0x00, 0x00 53#define PAD_BRIDGED 0x00, 0x00
54 54
55static unsigned char ethertype_ipv4[] = { ETHERTYPE_IPV4 }; 55static const unsigned char ethertype_ipv4[] = { ETHERTYPE_IPV4 };
56static unsigned char ethertype_ipv6[] = { ETHERTYPE_IPV6 }; 56static const unsigned char ethertype_ipv6[] = { ETHERTYPE_IPV6 };
57static unsigned char llc_oui_pid_pad[] = 57static const unsigned char llc_oui_pid_pad[] =
58 { LLC, SNAP_BRIDGED, PID_ETHERNET, PAD_BRIDGED }; 58 { LLC, SNAP_BRIDGED, PID_ETHERNET, PAD_BRIDGED };
59static unsigned char llc_oui_ipv4[] = { LLC, SNAP_ROUTED, ETHERTYPE_IPV4 }; 59static const unsigned char llc_oui_ipv4[] = { LLC, SNAP_ROUTED, ETHERTYPE_IPV4 };
60static unsigned char llc_oui_ipv6[] = { LLC, SNAP_ROUTED, ETHERTYPE_IPV6 }; 60static const unsigned char llc_oui_ipv6[] = { LLC, SNAP_ROUTED, ETHERTYPE_IPV6 };
61 61
62enum br2684_encaps { 62enum br2684_encaps {
63 e_vc = BR2684_ENCAPS_VC, 63 e_vc = BR2684_ENCAPS_VC,
@@ -188,10 +188,13 @@ static int br2684_xmit_vcc(struct sk_buff *skb, struct br2684_dev *brdev,
188 return 0; 188 return 0;
189 } 189 }
190 } 190 }
191 } else { 191 } else { /* e_vc */
192 skb_push(skb, 2); 192 if (brdev->payload == p_bridged) {
193 if (brdev->payload == p_bridged) 193 skb_push(skb, 2);
194 memset(skb->data, 0, 2); 194 memset(skb->data, 0, 2);
195 } else { /* p_routed */
196 skb_pull(skb, ETH_HLEN);
197 }
195 } 198 }
196 skb_debug(skb); 199 skb_debug(skb);
197 200
@@ -214,8 +217,8 @@ static int br2684_xmit_vcc(struct sk_buff *skb, struct br2684_dev *brdev,
214 return 1; 217 return 1;
215} 218}
216 219
217static inline struct br2684_vcc *pick_outgoing_vcc(struct sk_buff *skb, 220static inline struct br2684_vcc *pick_outgoing_vcc(const struct sk_buff *skb,
218 struct br2684_dev *brdev) 221 const struct br2684_dev *brdev)
219{ 222{
220 return list_empty(&brdev->brvccs) ? NULL : list_entry_brvcc(brdev->brvccs.next); /* 1 vcc/dev right now */ 223 return list_empty(&brdev->brvccs) ? NULL : list_entry_brvcc(brdev->brvccs.next); /* 1 vcc/dev right now */
221} 224}
@@ -377,11 +380,8 @@ static void br2684_push(struct atm_vcc *atmvcc, struct sk_buff *skb)
377 (skb->data + 6, ethertype_ipv4, 380 (skb->data + 6, ethertype_ipv4,
378 sizeof(ethertype_ipv4)) == 0) 381 sizeof(ethertype_ipv4)) == 0)
379 skb->protocol = __constant_htons(ETH_P_IP); 382 skb->protocol = __constant_htons(ETH_P_IP);
380 else { 383 else
381 brdev->stats.rx_errors++; 384 goto error;
382 dev_kfree_skb(skb);
383 return;
384 }
385 skb_pull(skb, sizeof(llc_oui_ipv4)); 385 skb_pull(skb, sizeof(llc_oui_ipv4));
386 skb_reset_network_header(skb); 386 skb_reset_network_header(skb);
387 skb->pkt_type = PACKET_HOST; 387 skb->pkt_type = PACKET_HOST;
@@ -394,44 +394,56 @@ static void br2684_push(struct atm_vcc *atmvcc, struct sk_buff *skb)
394 (memcmp(skb->data, llc_oui_pid_pad, 7) == 0)) { 394 (memcmp(skb->data, llc_oui_pid_pad, 7) == 0)) {
395 skb_pull(skb, sizeof(llc_oui_pid_pad)); 395 skb_pull(skb, sizeof(llc_oui_pid_pad));
396 skb->protocol = eth_type_trans(skb, net_dev); 396 skb->protocol = eth_type_trans(skb, net_dev);
397 } else { 397 } else
398 brdev->stats.rx_errors++; 398 goto error;
399 dev_kfree_skb(skb);
400 return;
401 }
402 399
403 } else { 400 } else { /* e_vc */
404 /* first 2 chars should be 0 */ 401 if (brdev->payload == p_routed) {
405 if (*((u16 *) (skb->data)) != 0) { 402 struct iphdr *iph;
406 brdev->stats.rx_errors++; 403
407 dev_kfree_skb(skb); 404 skb_reset_network_header(skb);
408 return; 405 iph = ip_hdr(skb);
406 if (iph->version == 4)
407 skb->protocol = __constant_htons(ETH_P_IP);
408 else if (iph->version == 6)
409 skb->protocol = __constant_htons(ETH_P_IPV6);
410 else
411 goto error;
412 skb->pkt_type = PACKET_HOST;
413 } else { /* p_bridged */
414 /* first 2 chars should be 0 */
415 if (*((u16 *) (skb->data)) != 0)
416 goto error;
417 skb_pull(skb, BR2684_PAD_LEN);
418 skb->protocol = eth_type_trans(skb, net_dev);
409 } 419 }
410 skb_pull(skb, BR2684_PAD_LEN + ETH_HLEN); /* pad, dstmac, srcmac, ethtype */
411 skb->protocol = eth_type_trans(skb, net_dev);
412 } 420 }
413 421
414#ifdef CONFIG_ATM_BR2684_IPFILTER 422#ifdef CONFIG_ATM_BR2684_IPFILTER
415 if (unlikely(packet_fails_filter(skb->protocol, brvcc, skb))) { 423 if (unlikely(packet_fails_filter(skb->protocol, brvcc, skb)))
416 brdev->stats.rx_dropped++; 424 goto dropped;
417 dev_kfree_skb(skb);
418 return;
419 }
420#endif /* CONFIG_ATM_BR2684_IPFILTER */ 425#endif /* CONFIG_ATM_BR2684_IPFILTER */
421 skb->dev = net_dev; 426 skb->dev = net_dev;
422 ATM_SKB(skb)->vcc = atmvcc; /* needed ? */ 427 ATM_SKB(skb)->vcc = atmvcc; /* needed ? */
423 pr_debug("received packet's protocol: %x\n", ntohs(skb->protocol)); 428 pr_debug("received packet's protocol: %x\n", ntohs(skb->protocol));
424 skb_debug(skb); 429 skb_debug(skb);
425 if (unlikely(!(net_dev->flags & IFF_UP))) { 430 /* sigh, interface is down? */
426 /* sigh, interface is down */ 431 if (unlikely(!(net_dev->flags & IFF_UP)))
427 brdev->stats.rx_dropped++; 432 goto dropped;
428 dev_kfree_skb(skb);
429 return;
430 }
431 brdev->stats.rx_packets++; 433 brdev->stats.rx_packets++;
432 brdev->stats.rx_bytes += skb->len; 434 brdev->stats.rx_bytes += skb->len;
433 memset(ATM_SKB(skb), 0, sizeof(struct atm_skb_data)); 435 memset(ATM_SKB(skb), 0, sizeof(struct atm_skb_data));
434 netif_rx(skb); 436 netif_rx(skb);
437 return;
438
439dropped:
440 brdev->stats.rx_dropped++;
441 goto free_skb;
442error:
443 brdev->stats.rx_errors++;
444free_skb:
445 dev_kfree_skb(skb);
446 return;
435} 447}
436 448
437/* 449/*
@@ -518,9 +530,9 @@ static int br2684_regvcc(struct atm_vcc *atmvcc, void __user * arg)
518 struct sk_buff *next = skb->next; 530 struct sk_buff *next = skb->next;
519 531
520 skb->next = skb->prev = NULL; 532 skb->next = skb->prev = NULL;
533 br2684_push(atmvcc, skb);
521 BRPRIV(skb->dev)->stats.rx_bytes -= skb->len; 534 BRPRIV(skb->dev)->stats.rx_bytes -= skb->len;
522 BRPRIV(skb->dev)->stats.rx_packets--; 535 BRPRIV(skb->dev)->stats.rx_packets--;
523 br2684_push(atmvcc, skb);
524 536
525 skb = next; 537 skb = next;
526 } 538 }
diff --git a/net/atm/clip.c b/net/atm/clip.c
index 6f8223ebf551..5b5b96344ce6 100644
--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -612,7 +612,7 @@ static int clip_device_event(struct notifier_block *this, unsigned long event,
612{ 612{
613 struct net_device *dev = arg; 613 struct net_device *dev = arg;
614 614
615 if (dev_net(dev) != &init_net) 615 if (!net_eq(dev_net(dev), &init_net))
616 return NOTIFY_DONE; 616 return NOTIFY_DONE;
617 617
618 if (event == NETDEV_UNREGISTER) { 618 if (event == NETDEV_UNREGISTER) {
diff --git a/net/atm/common.c b/net/atm/common.c
index c865517ba449..d34edbe754c8 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -262,7 +262,7 @@ static int adjust_tp(struct atm_trafprm *tp,unsigned char aal)
262} 262}
263 263
264 264
265static int check_ci(struct atm_vcc *vcc, short vpi, int vci) 265static int check_ci(const struct atm_vcc *vcc, short vpi, int vci)
266{ 266{
267 struct hlist_head *head = &vcc_hash[vci & 267 struct hlist_head *head = &vcc_hash[vci &
268 (VCC_HTABLE_SIZE - 1)]; 268 (VCC_HTABLE_SIZE - 1)];
@@ -290,7 +290,7 @@ static int check_ci(struct atm_vcc *vcc, short vpi, int vci)
290} 290}
291 291
292 292
293static int find_ci(struct atm_vcc *vcc, short *vpi, int *vci) 293static int find_ci(const struct atm_vcc *vcc, short *vpi, int *vci)
294{ 294{
295 static short p; /* poor man's per-device cache */ 295 static short p; /* poor man's per-device cache */
296 static int c; 296 static int c;
@@ -646,7 +646,7 @@ static int atm_change_qos(struct atm_vcc *vcc,struct atm_qos *qos)
646} 646}
647 647
648 648
649static int check_tp(struct atm_trafprm *tp) 649static int check_tp(const struct atm_trafprm *tp)
650{ 650{
651 /* @@@ Should be merged with adjust_tp */ 651 /* @@@ Should be merged with adjust_tp */
652 if (!tp->traffic_class || tp->traffic_class == ATM_ANYCLASS) return 0; 652 if (!tp->traffic_class || tp->traffic_class == ATM_ANYCLASS) return 0;
@@ -663,7 +663,7 @@ static int check_tp(struct atm_trafprm *tp)
663} 663}
664 664
665 665
666static int check_qos(struct atm_qos *qos) 666static int check_qos(const struct atm_qos *qos)
667{ 667{
668 int error; 668 int error;
669 669
diff --git a/net/atm/lec.c b/net/atm/lec.c
index 653aca3573ac..5799fb52365a 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -65,36 +65,36 @@ static int lec_close(struct net_device *dev);
65static struct net_device_stats *lec_get_stats(struct net_device *dev); 65static struct net_device_stats *lec_get_stats(struct net_device *dev);
66static void lec_init(struct net_device *dev); 66static void lec_init(struct net_device *dev);
67static struct lec_arp_table *lec_arp_find(struct lec_priv *priv, 67static struct lec_arp_table *lec_arp_find(struct lec_priv *priv,
68 unsigned char *mac_addr); 68 const unsigned char *mac_addr);
69static int lec_arp_remove(struct lec_priv *priv, 69static int lec_arp_remove(struct lec_priv *priv,
70 struct lec_arp_table *to_remove); 70 struct lec_arp_table *to_remove);
71/* LANE2 functions */ 71/* LANE2 functions */
72static void lane2_associate_ind(struct net_device *dev, u8 *mac_address, 72static void lane2_associate_ind(struct net_device *dev, const u8 *mac_address,
73 u8 *tlvs, u32 sizeoftlvs); 73 const u8 *tlvs, u32 sizeoftlvs);
74static int lane2_resolve(struct net_device *dev, u8 *dst_mac, int force, 74static int lane2_resolve(struct net_device *dev, const u8 *dst_mac, int force,
75 u8 **tlvs, u32 *sizeoftlvs); 75 u8 **tlvs, u32 *sizeoftlvs);
76static int lane2_associate_req(struct net_device *dev, u8 *lan_dst, 76static int lane2_associate_req(struct net_device *dev, const u8 *lan_dst,
77 u8 *tlvs, u32 sizeoftlvs); 77 const u8 *tlvs, u32 sizeoftlvs);
78 78
79static int lec_addr_delete(struct lec_priv *priv, unsigned char *atm_addr, 79static int lec_addr_delete(struct lec_priv *priv, const unsigned char *atm_addr,
80 unsigned long permanent); 80 unsigned long permanent);
81static void lec_arp_check_empties(struct lec_priv *priv, 81static void lec_arp_check_empties(struct lec_priv *priv,
82 struct atm_vcc *vcc, struct sk_buff *skb); 82 struct atm_vcc *vcc, struct sk_buff *skb);
83static void lec_arp_destroy(struct lec_priv *priv); 83static void lec_arp_destroy(struct lec_priv *priv);
84static void lec_arp_init(struct lec_priv *priv); 84static void lec_arp_init(struct lec_priv *priv);
85static struct atm_vcc *lec_arp_resolve(struct lec_priv *priv, 85static struct atm_vcc *lec_arp_resolve(struct lec_priv *priv,
86 unsigned char *mac_to_find, 86 const unsigned char *mac_to_find,
87 int is_rdesc, 87 int is_rdesc,
88 struct lec_arp_table **ret_entry); 88 struct lec_arp_table **ret_entry);
89static void lec_arp_update(struct lec_priv *priv, unsigned char *mac_addr, 89static void lec_arp_update(struct lec_priv *priv, const unsigned char *mac_addr,
90 unsigned char *atm_addr, unsigned long remoteflag, 90 const unsigned char *atm_addr, unsigned long remoteflag,
91 unsigned int targetless_le_arp); 91 unsigned int targetless_le_arp);
92static void lec_flush_complete(struct lec_priv *priv, unsigned long tran_id); 92static void lec_flush_complete(struct lec_priv *priv, unsigned long tran_id);
93static int lec_mcast_make(struct lec_priv *priv, struct atm_vcc *vcc); 93static int lec_mcast_make(struct lec_priv *priv, struct atm_vcc *vcc);
94static void lec_set_flush_tran_id(struct lec_priv *priv, 94static void lec_set_flush_tran_id(struct lec_priv *priv,
95 unsigned char *atm_addr, 95 const unsigned char *atm_addr,
96 unsigned long tran_id); 96 unsigned long tran_id);
97static void lec_vcc_added(struct lec_priv *priv, struct atmlec_ioc *ioc_data, 97static void lec_vcc_added(struct lec_priv *priv, const struct atmlec_ioc *ioc_data,
98 struct atm_vcc *vcc, 98 struct atm_vcc *vcc,
99 void (*old_push) (struct atm_vcc *vcc, 99 void (*old_push) (struct atm_vcc *vcc,
100 struct sk_buff *skb)); 100 struct sk_buff *skb));
@@ -634,7 +634,7 @@ static struct atm_dev lecatm_dev = {
634 */ 634 */
635static int 635static int
636send_to_lecd(struct lec_priv *priv, atmlec_msg_type type, 636send_to_lecd(struct lec_priv *priv, atmlec_msg_type type,
637 unsigned char *mac_addr, unsigned char *atm_addr, 637 const unsigned char *mac_addr, const unsigned char *atm_addr,
638 struct sk_buff *data) 638 struct sk_buff *data)
639{ 639{
640 struct sock *sk; 640 struct sock *sk;
@@ -705,10 +705,9 @@ static void lec_init(struct net_device *dev)
705 dev->set_multicast_list = lec_set_multicast_list; 705 dev->set_multicast_list = lec_set_multicast_list;
706 dev->do_ioctl = NULL; 706 dev->do_ioctl = NULL;
707 printk("%s: Initialized!\n", dev->name); 707 printk("%s: Initialized!\n", dev->name);
708 return;
709} 708}
710 709
711static unsigned char lec_ctrl_magic[] = { 710static const unsigned char lec_ctrl_magic[] = {
712 0xff, 711 0xff,
713 0x00, 712 0x00,
714 0x01, 713 0x01,
@@ -1276,7 +1275,7 @@ module_exit(lane_module_cleanup);
1276 * lec will be used. 1275 * lec will be used.
1277 * If dst_mac == NULL, targetless LE_ARP will be sent 1276 * If dst_mac == NULL, targetless LE_ARP will be sent
1278 */ 1277 */
1279static int lane2_resolve(struct net_device *dev, u8 *dst_mac, int force, 1278static int lane2_resolve(struct net_device *dev, const u8 *dst_mac, int force,
1280 u8 **tlvs, u32 *sizeoftlvs) 1279 u8 **tlvs, u32 *sizeoftlvs)
1281{ 1280{
1282 unsigned long flags; 1281 unsigned long flags;
@@ -1322,8 +1321,8 @@ static int lane2_resolve(struct net_device *dev, u8 *dst_mac, int force,
1322 * Returns 1 for success, 0 for failure (out of memory) 1321 * Returns 1 for success, 0 for failure (out of memory)
1323 * 1322 *
1324 */ 1323 */
1325static int lane2_associate_req(struct net_device *dev, u8 *lan_dst, 1324static int lane2_associate_req(struct net_device *dev, const u8 *lan_dst,
1326 u8 *tlvs, u32 sizeoftlvs) 1325 const u8 *tlvs, u32 sizeoftlvs)
1327{ 1326{
1328 int retval; 1327 int retval;
1329 struct sk_buff *skb; 1328 struct sk_buff *skb;
@@ -1358,8 +1357,8 @@ static int lane2_associate_req(struct net_device *dev, u8 *lan_dst,
1358 * LANE2: 3.1.5, LE_ASSOCIATE.indication 1357 * LANE2: 3.1.5, LE_ASSOCIATE.indication
1359 * 1358 *
1360 */ 1359 */
1361static void lane2_associate_ind(struct net_device *dev, u8 *mac_addr, 1360static void lane2_associate_ind(struct net_device *dev, const u8 *mac_addr,
1362 u8 *tlvs, u32 sizeoftlvs) 1361 const u8 *tlvs, u32 sizeoftlvs)
1363{ 1362{
1364#if 0 1363#if 0
1365 int i = 0; 1364 int i = 0;
@@ -1744,7 +1743,7 @@ static void lec_arp_destroy(struct lec_priv *priv)
1744 * Find entry by mac_address 1743 * Find entry by mac_address
1745 */ 1744 */
1746static struct lec_arp_table *lec_arp_find(struct lec_priv *priv, 1745static struct lec_arp_table *lec_arp_find(struct lec_priv *priv,
1747 unsigned char *mac_addr) 1746 const unsigned char *mac_addr)
1748{ 1747{
1749 struct hlist_node *node; 1748 struct hlist_node *node;
1750 struct hlist_head *head; 1749 struct hlist_head *head;
@@ -1764,7 +1763,7 @@ static struct lec_arp_table *lec_arp_find(struct lec_priv *priv,
1764} 1763}
1765 1764
1766static struct lec_arp_table *make_entry(struct lec_priv *priv, 1765static struct lec_arp_table *make_entry(struct lec_priv *priv,
1767 unsigned char *mac_addr) 1766 const unsigned char *mac_addr)
1768{ 1767{
1769 struct lec_arp_table *to_return; 1768 struct lec_arp_table *to_return;
1770 1769
@@ -1921,7 +1920,7 @@ restart:
1921 * 1920 *
1922 */ 1921 */
1923static struct atm_vcc *lec_arp_resolve(struct lec_priv *priv, 1922static struct atm_vcc *lec_arp_resolve(struct lec_priv *priv,
1924 unsigned char *mac_to_find, int is_rdesc, 1923 const unsigned char *mac_to_find, int is_rdesc,
1925 struct lec_arp_table **ret_entry) 1924 struct lec_arp_table **ret_entry)
1926{ 1925{
1927 unsigned long flags; 1926 unsigned long flags;
@@ -2017,7 +2016,7 @@ out:
2017} 2016}
2018 2017
2019static int 2018static int
2020lec_addr_delete(struct lec_priv *priv, unsigned char *atm_addr, 2019lec_addr_delete(struct lec_priv *priv, const unsigned char *atm_addr,
2021 unsigned long permanent) 2020 unsigned long permanent)
2022{ 2021{
2023 unsigned long flags; 2022 unsigned long flags;
@@ -2047,8 +2046,8 @@ lec_addr_delete(struct lec_priv *priv, unsigned char *atm_addr,
2047 * Notifies: Response to arp_request (atm_addr != NULL) 2046 * Notifies: Response to arp_request (atm_addr != NULL)
2048 */ 2047 */
2049static void 2048static void
2050lec_arp_update(struct lec_priv *priv, unsigned char *mac_addr, 2049lec_arp_update(struct lec_priv *priv, const unsigned char *mac_addr,
2051 unsigned char *atm_addr, unsigned long remoteflag, 2050 const unsigned char *atm_addr, unsigned long remoteflag,
2052 unsigned int targetless_le_arp) 2051 unsigned int targetless_le_arp)
2053{ 2052{
2054 unsigned long flags; 2053 unsigned long flags;
@@ -2148,7 +2147,7 @@ out:
2148 * Notifies: Vcc setup ready 2147 * Notifies: Vcc setup ready
2149 */ 2148 */
2150static void 2149static void
2151lec_vcc_added(struct lec_priv *priv, struct atmlec_ioc *ioc_data, 2150lec_vcc_added(struct lec_priv *priv, const struct atmlec_ioc *ioc_data,
2152 struct atm_vcc *vcc, 2151 struct atm_vcc *vcc,
2153 void (*old_push) (struct atm_vcc *vcc, struct sk_buff *skb)) 2152 void (*old_push) (struct atm_vcc *vcc, struct sk_buff *skb))
2154{ 2153{
@@ -2336,7 +2335,7 @@ restart:
2336 2335
2337static void 2336static void
2338lec_set_flush_tran_id(struct lec_priv *priv, 2337lec_set_flush_tran_id(struct lec_priv *priv,
2339 unsigned char *atm_addr, unsigned long tran_id) 2338 const unsigned char *atm_addr, unsigned long tran_id)
2340{ 2339{
2341 unsigned long flags; 2340 unsigned long flags;
2342 struct hlist_node *node; 2341 struct hlist_node *node;
diff --git a/net/atm/lec.h b/net/atm/lec.h
index b41cda7ea1e1..0d376682c1a3 100644
--- a/net/atm/lec.h
+++ b/net/atm/lec.h
@@ -42,12 +42,12 @@ struct lecdatahdr_8025 {
42 * 42 *
43 */ 43 */
44struct lane2_ops { 44struct lane2_ops {
45 int (*resolve) (struct net_device *dev, u8 *dst_mac, int force, 45 int (*resolve) (struct net_device *dev, const u8 *dst_mac, int force,
46 u8 **tlvs, u32 *sizeoftlvs); 46 u8 **tlvs, u32 *sizeoftlvs);
47 int (*associate_req) (struct net_device *dev, u8 *lan_dst, 47 int (*associate_req) (struct net_device *dev, const u8 *lan_dst,
48 u8 *tlvs, u32 sizeoftlvs); 48 const u8 *tlvs, u32 sizeoftlvs);
49 void (*associate_indicator) (struct net_device *dev, u8 *mac_addr, 49 void (*associate_indicator) (struct net_device *dev, const u8 *mac_addr,
50 u8 *tlvs, u32 sizeoftlvs); 50 const u8 *tlvs, u32 sizeoftlvs);
51}; 51};
52 52
53/* 53/*
diff --git a/net/atm/mpc.c b/net/atm/mpc.c
index 9db332e7a6c0..11b16d16661c 100644
--- a/net/atm/mpc.c
+++ b/net/atm/mpc.c
@@ -62,11 +62,13 @@ static void MPOA_cache_impos_rcvd(struct k_message *msg, struct mpoa_client *mpc
62static void set_mpc_ctrl_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc); 62static void set_mpc_ctrl_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc);
63static void set_mps_mac_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc); 63static void set_mps_mac_addr_rcvd(struct k_message *mesg, struct mpoa_client *mpc);
64 64
65static uint8_t *copy_macs(struct mpoa_client *mpc, uint8_t *router_mac, 65static const uint8_t *copy_macs(struct mpoa_client *mpc,
66 uint8_t *tlvs, uint8_t mps_macs, uint8_t device_type); 66 const uint8_t *router_mac,
67 const uint8_t *tlvs, uint8_t mps_macs,
68 uint8_t device_type);
67static void purge_egress_shortcut(struct atm_vcc *vcc, eg_cache_entry *entry); 69static void purge_egress_shortcut(struct atm_vcc *vcc, eg_cache_entry *entry);
68 70
69static void send_set_mps_ctrl_addr(char *addr, struct mpoa_client *mpc); 71static void send_set_mps_ctrl_addr(const char *addr, struct mpoa_client *mpc);
70static void mpoad_close(struct atm_vcc *vcc); 72static void mpoad_close(struct atm_vcc *vcc);
71static int msg_from_mpoad(struct atm_vcc *vcc, struct sk_buff *skb); 73static int msg_from_mpoad(struct atm_vcc *vcc, struct sk_buff *skb);
72 74
@@ -351,12 +353,12 @@ static const char *mpoa_device_type_string(char type)
351 * lec sees a TLV it uses the pointer to call this function. 353 * lec sees a TLV it uses the pointer to call this function.
352 * 354 *
353 */ 355 */
354static void lane2_assoc_ind(struct net_device *dev, uint8_t *mac_addr, 356static void lane2_assoc_ind(struct net_device *dev, const u8 *mac_addr,
355 uint8_t *tlvs, uint32_t sizeoftlvs) 357 const u8 *tlvs, u32 sizeoftlvs)
356{ 358{
357 uint32_t type; 359 uint32_t type;
358 uint8_t length, mpoa_device_type, number_of_mps_macs; 360 uint8_t length, mpoa_device_type, number_of_mps_macs;
359 uint8_t *end_of_tlvs; 361 const uint8_t *end_of_tlvs;
360 struct mpoa_client *mpc; 362 struct mpoa_client *mpc;
361 363
362 mpoa_device_type = number_of_mps_macs = 0; /* silence gcc */ 364 mpoa_device_type = number_of_mps_macs = 0; /* silence gcc */
@@ -430,8 +432,10 @@ static void lane2_assoc_ind(struct net_device *dev, uint8_t *mac_addr,
430 * plus the possible MAC address(es) to mpc->mps_macs. 432 * plus the possible MAC address(es) to mpc->mps_macs.
431 * For a freshly allocated MPOA client mpc->mps_macs == 0. 433 * For a freshly allocated MPOA client mpc->mps_macs == 0.
432 */ 434 */
433static uint8_t *copy_macs(struct mpoa_client *mpc, uint8_t *router_mac, 435static const uint8_t *copy_macs(struct mpoa_client *mpc,
434 uint8_t *tlvs, uint8_t mps_macs, uint8_t device_type) 436 const uint8_t *router_mac,
437 const uint8_t *tlvs, uint8_t mps_macs,
438 uint8_t device_type)
435{ 439{
436 int num_macs; 440 int num_macs;
437 num_macs = (mps_macs > 1) ? mps_macs : 1; 441 num_macs = (mps_macs > 1) ? mps_macs : 1;
@@ -811,7 +815,7 @@ static int atm_mpoa_mpoad_attach (struct atm_vcc *vcc, int arg)
811 return arg; 815 return arg;
812} 816}
813 817
814static void send_set_mps_ctrl_addr(char *addr, struct mpoa_client *mpc) 818static void send_set_mps_ctrl_addr(const char *addr, struct mpoa_client *mpc)
815{ 819{
816 struct k_message mesg; 820 struct k_message mesg;
817 821
@@ -964,7 +968,7 @@ static int mpoa_event_listener(struct notifier_block *mpoa_notifier, unsigned lo
964 968
965 dev = (struct net_device *)dev_ptr; 969 dev = (struct net_device *)dev_ptr;
966 970
967 if (dev_net(dev) != &init_net) 971 if (!net_eq(dev_net(dev), &init_net))
968 return NOTIFY_DONE; 972 return NOTIFY_DONE;
969 973
970 if (dev->name == NULL || strncmp(dev->name, "lec", 3)) 974 if (dev->name == NULL || strncmp(dev->name, "lec", 3))
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 2712544cf0ca..01c83e2a4c19 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -116,7 +116,7 @@ static int ax25_device_event(struct notifier_block *this, unsigned long event,
116{ 116{
117 struct net_device *dev = (struct net_device *)ptr; 117 struct net_device *dev = (struct net_device *)ptr;
118 118
119 if (dev_net(dev) != &init_net) 119 if (!net_eq(dev_net(dev), &init_net))
120 return NOTIFY_DONE; 120 return NOTIFY_DONE;
121 121
122 /* Reject non AX.25 devices */ 122 /* Reject non AX.25 devices */
@@ -893,13 +893,11 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
893 893
894 sk->sk_destruct = ax25_free_sock; 894 sk->sk_destruct = ax25_free_sock;
895 sk->sk_type = osk->sk_type; 895 sk->sk_type = osk->sk_type;
896 sk->sk_socket = osk->sk_socket;
897 sk->sk_priority = osk->sk_priority; 896 sk->sk_priority = osk->sk_priority;
898 sk->sk_protocol = osk->sk_protocol; 897 sk->sk_protocol = osk->sk_protocol;
899 sk->sk_rcvbuf = osk->sk_rcvbuf; 898 sk->sk_rcvbuf = osk->sk_rcvbuf;
900 sk->sk_sndbuf = osk->sk_sndbuf; 899 sk->sk_sndbuf = osk->sk_sndbuf;
901 sk->sk_state = TCP_ESTABLISHED; 900 sk->sk_state = TCP_ESTABLISHED;
902 sk->sk_sleep = osk->sk_sleep;
903 sock_copy_flags(sk, osk); 901 sock_copy_flags(sk, osk);
904 902
905 oax25 = ax25_sk(osk); 903 oax25 = ax25_sk(osk);
@@ -1361,13 +1359,11 @@ static int ax25_accept(struct socket *sock, struct socket *newsock, int flags)
1361 goto out; 1359 goto out;
1362 1360
1363 newsk = skb->sk; 1361 newsk = skb->sk;
1364 newsk->sk_socket = newsock; 1362 sock_graft(newsk, newsock);
1365 newsk->sk_sleep = &newsock->wait;
1366 1363
1367 /* Now attach up the new socket */ 1364 /* Now attach up the new socket */
1368 kfree_skb(skb); 1365 kfree_skb(skb);
1369 sk->sk_ack_backlog--; 1366 sk->sk_ack_backlog--;
1370 newsock->sk = newsk;
1371 newsock->state = SS_CONNECTED; 1367 newsock->state = SS_CONNECTED;
1372 1368
1373out: 1369out:
diff --git a/net/ax25/ax25_in.c b/net/ax25/ax25_in.c
index 33790a8efbc8..4a5ba978a804 100644
--- a/net/ax25/ax25_in.c
+++ b/net/ax25/ax25_in.c
@@ -451,7 +451,7 @@ int ax25_kiss_rcv(struct sk_buff *skb, struct net_device *dev,
451 skb->sk = NULL; /* Initially we don't know who it's for */ 451 skb->sk = NULL; /* Initially we don't know who it's for */
452 skb->destructor = NULL; /* Who initializes this, dammit?! */ 452 skb->destructor = NULL; /* Who initializes this, dammit?! */
453 453
454 if (dev_net(dev) != &init_net) { 454 if (!net_eq(dev_net(dev), &init_net)) {
455 kfree_skb(skb); 455 kfree_skb(skb);
456 return 0; 456 return 0;
457 } 457 }
diff --git a/net/ax25/ax25_std_timer.c b/net/ax25/ax25_std_timer.c
index 96e4b9273250..cdc7e751ef36 100644
--- a/net/ax25/ax25_std_timer.c
+++ b/net/ax25/ax25_std_timer.c
@@ -39,11 +39,9 @@ void ax25_std_heartbeat_expiry(ax25_cb *ax25)
39 39
40 switch (ax25->state) { 40 switch (ax25->state) {
41 case AX25_STATE_0: 41 case AX25_STATE_0:
42 /* Magic here: If we listen() and a new link dies before it 42 if (!sk ||
43 is accepted() it isn't 'dead' so doesn't get removed. */ 43 sock_flag(sk, SOCK_DESTROY) ||
44 if (!sk || sock_flag(sk, SOCK_DESTROY) || 44 sock_flag(sk, SOCK_DEAD)) {
45 (sk->sk_state == TCP_LISTEN &&
46 sock_flag(sk, SOCK_DEAD))) {
47 if (sk) { 45 if (sk) {
48 sock_hold(sk); 46 sock_hold(sk);
49 ax25_destroy_socket(ax25); 47 ax25_destroy_socket(ax25);
diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c
index d8f215733175..034aa10a5198 100644
--- a/net/ax25/ax25_subr.c
+++ b/net/ax25/ax25_subr.c
@@ -64,20 +64,15 @@ void ax25_frames_acked(ax25_cb *ax25, unsigned short nr)
64 64
65void ax25_requeue_frames(ax25_cb *ax25) 65void ax25_requeue_frames(ax25_cb *ax25)
66{ 66{
67 struct sk_buff *skb, *skb_prev = NULL; 67 struct sk_buff *skb;
68 68
69 /* 69 /*
70 * Requeue all the un-ack-ed frames on the output queue to be picked 70 * Requeue all the un-ack-ed frames on the output queue to be picked
71 * up by ax25_kick called from the timer. This arrangement handles the 71 * up by ax25_kick called from the timer. This arrangement handles the
72 * possibility of an empty output queue. 72 * possibility of an empty output queue.
73 */ 73 */
74 while ((skb = skb_dequeue(&ax25->ack_queue)) != NULL) { 74 while ((skb = skb_dequeue_tail(&ax25->ack_queue)) != NULL)
75 if (skb_prev == NULL) 75 skb_queue_head(&ax25->write_queue, skb);
76 skb_queue_head(&ax25->write_queue, skb);
77 else
78 skb_append(skb_prev, skb, &ax25->write_queue);
79 skb_prev = skb;
80 }
81} 76}
82 77
83/* 78/*
diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
index f597987b2424..f288fc4aef9b 100644
--- a/net/ax25/sysctl_net_ax25.c
+++ b/net/ax25/sysctl_net_ax25.c
@@ -36,6 +36,7 @@ static struct ctl_path ax25_path[] = {
36 { .procname = "ax25", .ctl_name = NET_AX25, }, 36 { .procname = "ax25", .ctl_name = NET_AX25, },
37 { } 37 { }
38}; 38};
39
39static const ctl_table ax25_param_table[] = { 40static const ctl_table ax25_param_table[] = {
40 { 41 {
41 .ctl_name = NET_AX25_IP_DEFAULT_MODE, 42 .ctl_name = NET_AX25_IP_DEFAULT_MODE,
@@ -167,6 +168,7 @@ static const ctl_table ax25_param_table[] = {
167 .extra1 = &min_proto, 168 .extra1 = &min_proto,
168 .extra2 = &max_proto 169 .extra2 = &max_proto
169 }, 170 },
171#ifdef CONFIG_AX25_DAMA_SLAVE
170 { 172 {
171 .ctl_name = NET_AX25_DAMA_SLAVE_TIMEOUT, 173 .ctl_name = NET_AX25_DAMA_SLAVE_TIMEOUT,
172 .procname = "dama_slave_timeout", 174 .procname = "dama_slave_timeout",
@@ -177,6 +179,8 @@ static const ctl_table ax25_param_table[] = {
177 .extra1 = &min_ds_timeout, 179 .extra1 = &min_ds_timeout,
178 .extra2 = &max_ds_timeout 180 .extra2 = &max_ds_timeout
179 }, 181 },
182#endif
183
180 { .ctl_name = 0 } /* that's all, folks! */ 184 { .ctl_name = 0 } /* that's all, folks! */
181}; 185};
182 186
@@ -210,16 +214,6 @@ void ax25_register_sysctl(void)
210 ax25_table[n].procname = ax25_dev->dev->name; 214 ax25_table[n].procname = ax25_dev->dev->name;
211 ax25_table[n].mode = 0555; 215 ax25_table[n].mode = 0555;
212 216
213#ifndef CONFIG_AX25_DAMA_SLAVE
214 /*
215 * We do not wish to have a representation of this parameter
216 * in /proc/sys/ when configured *not* to include the
217 * AX.25 DAMA slave code, do we?
218 */
219
220 child[AX25_VALUES_DS_TIMEOUT].procname = NULL;
221#endif
222
223 child[AX25_MAX_VALUES].ctl_name = 0; /* just in case... */ 217 child[AX25_MAX_VALUES].ctl_name = 0; /* just in case... */
224 218
225 for (k = 0; k < AX25_MAX_VALUES; k++) 219 for (k = 0; k < AX25_MAX_VALUES; k++)
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index d366423c8392..1edfdf4c095b 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -36,6 +36,7 @@
36#include <linux/init.h> 36#include <linux/init.h>
37#include <linux/poll.h> 37#include <linux/poll.h>
38#include <net/sock.h> 38#include <net/sock.h>
39#include <asm/ioctls.h>
39 40
40#if defined(CONFIG_KMOD) 41#if defined(CONFIG_KMOD)
41#include <linux/kmod.h> 42#include <linux/kmod.h>
@@ -48,7 +49,7 @@
48#define BT_DBG(D...) 49#define BT_DBG(D...)
49#endif 50#endif
50 51
51#define VERSION "2.11" 52#define VERSION "2.12"
52 53
53/* Bluetooth sockets */ 54/* Bluetooth sockets */
54#define BT_MAX_PROTO 8 55#define BT_MAX_PROTO 8
@@ -266,6 +267,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
266 267
267 skb_reset_transport_header(skb); 268 skb_reset_transport_header(skb);
268 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 269 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
270 if (err == 0)
271 sock_recv_timestamp(msg, sk, skb);
269 272
270 skb_free_datagram(sk, skb); 273 skb_free_datagram(sk, skb);
271 274
@@ -329,6 +332,54 @@ unsigned int bt_sock_poll(struct file * file, struct socket *sock, poll_table *w
329} 332}
330EXPORT_SYMBOL(bt_sock_poll); 333EXPORT_SYMBOL(bt_sock_poll);
331 334
335int bt_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
336{
337 struct sock *sk = sock->sk;
338 struct sk_buff *skb;
339 long amount;
340 int err;
341
342 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
343
344 switch (cmd) {
345 case TIOCOUTQ:
346 if (sk->sk_state == BT_LISTEN)
347 return -EINVAL;
348
349 amount = sk->sk_sndbuf - atomic_read(&sk->sk_wmem_alloc);
350 if (amount < 0)
351 amount = 0;
352 err = put_user(amount, (int __user *) arg);
353 break;
354
355 case TIOCINQ:
356 if (sk->sk_state == BT_LISTEN)
357 return -EINVAL;
358
359 lock_sock(sk);
360 skb = skb_peek(&sk->sk_receive_queue);
361 amount = skb ? skb->len : 0;
362 release_sock(sk);
363 err = put_user(amount, (int __user *) arg);
364 break;
365
366 case SIOCGSTAMP:
367 err = sock_get_timestamp(sk, (struct timeval __user *) arg);
368 break;
369
370 case SIOCGSTAMPNS:
371 err = sock_get_timestampns(sk, (struct timespec __user *) arg);
372 break;
373
374 default:
375 err = -ENOIOCTLCMD;
376 break;
377 }
378
379 return err;
380}
381EXPORT_SYMBOL(bt_sock_ioctl);
382
332int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo) 383int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
333{ 384{
334 DECLARE_WAITQUEUE(wait, current); 385 DECLARE_WAITQUEUE(wait, current);
@@ -405,7 +456,7 @@ static void __exit bt_exit(void)
405subsys_initcall(bt_init); 456subsys_initcall(bt_init);
406module_exit(bt_exit); 457module_exit(bt_exit);
407 458
408MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 459MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
409MODULE_DESCRIPTION("Bluetooth Core ver " VERSION); 460MODULE_DESCRIPTION("Bluetooth Core ver " VERSION);
410MODULE_VERSION(VERSION); 461MODULE_VERSION(VERSION);
411MODULE_LICENSE("GPL"); 462MODULE_LICENSE("GPL");
diff --git a/net/bluetooth/bnep/bnep.h b/net/bluetooth/bnep/bnep.h
index e69244dd8de8..b69bf4e7c48b 100644
--- a/net/bluetooth/bnep/bnep.h
+++ b/net/bluetooth/bnep/bnep.h
@@ -16,10 +16,6 @@
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17*/ 17*/
18 18
19/*
20 * $Id: bnep.h,v 1.5 2002/08/04 21:23:58 maxk Exp $
21 */
22
23#ifndef _BNEP_H 19#ifndef _BNEP_H
24#define _BNEP_H 20#define _BNEP_H
25 21
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index f85d94643aaf..80ba30cf4b68 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -25,10 +25,6 @@
25 SOFTWARE IS DISCLAIMED. 25 SOFTWARE IS DISCLAIMED.
26*/ 26*/
27 27
28/*
29 * $Id: core.c,v 1.20 2002/08/04 21:23:58 maxk Exp $
30 */
31
32#include <linux/module.h> 28#include <linux/module.h>
33 29
34#include <linux/kernel.h> 30#include <linux/kernel.h>
@@ -61,7 +57,10 @@
61#define BT_DBG(D...) 57#define BT_DBG(D...)
62#endif 58#endif
63 59
64#define VERSION "1.2" 60#define VERSION "1.3"
61
62static int compress_src = 1;
63static int compress_dst = 1;
65 64
66static LIST_HEAD(bnep_session_list); 65static LIST_HEAD(bnep_session_list);
67static DECLARE_RWSEM(bnep_session_sem); 66static DECLARE_RWSEM(bnep_session_sem);
@@ -422,10 +421,10 @@ static inline int bnep_tx_frame(struct bnep_session *s, struct sk_buff *skb)
422 iv[il++] = (struct kvec) { &type, 1 }; 421 iv[il++] = (struct kvec) { &type, 1 };
423 len++; 422 len++;
424 423
425 if (!compare_ether_addr(eh->h_dest, s->eh.h_source)) 424 if (compress_src && !compare_ether_addr(eh->h_dest, s->eh.h_source))
426 type |= 0x01; 425 type |= 0x01;
427 426
428 if (!compare_ether_addr(eh->h_source, s->eh.h_dest)) 427 if (compress_dst && !compare_ether_addr(eh->h_source, s->eh.h_dest))
429 type |= 0x02; 428 type |= 0x02;
430 429
431 if (type) 430 if (type)
@@ -507,6 +506,11 @@ static int bnep_session(void *arg)
507 /* Delete network device */ 506 /* Delete network device */
508 unregister_netdev(dev); 507 unregister_netdev(dev);
509 508
509 /* Wakeup user-space polling for socket errors */
510 s->sock->sk->sk_err = EUNATCH;
511
512 wake_up_interruptible(s->sock->sk->sk_sleep);
513
510 /* Release the socket */ 514 /* Release the socket */
511 fput(s->sock->file); 515 fput(s->sock->file);
512 516
@@ -726,7 +730,13 @@ static void __exit bnep_exit(void)
726module_init(bnep_init); 730module_init(bnep_init);
727module_exit(bnep_exit); 731module_exit(bnep_exit);
728 732
729MODULE_AUTHOR("David Libault <david.libault@inventel.fr>, Maxim Krasnyansky <maxk@qualcomm.com>"); 733module_param(compress_src, bool, 0644);
734MODULE_PARM_DESC(compress_src, "Compress sources headers");
735
736module_param(compress_dst, bool, 0644);
737MODULE_PARM_DESC(compress_dst, "Compress destination headers");
738
739MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
730MODULE_DESCRIPTION("Bluetooth BNEP ver " VERSION); 740MODULE_DESCRIPTION("Bluetooth BNEP ver " VERSION);
731MODULE_VERSION(VERSION); 741MODULE_VERSION(VERSION);
732MODULE_LICENSE("GPL"); 742MODULE_LICENSE("GPL");
diff --git a/net/bluetooth/bnep/netdev.c b/net/bluetooth/bnep/netdev.c
index 95e3837e4312..d9fa0ab2c87f 100644
--- a/net/bluetooth/bnep/netdev.c
+++ b/net/bluetooth/bnep/netdev.c
@@ -25,10 +25,6 @@
25 SOFTWARE IS DISCLAIMED. 25 SOFTWARE IS DISCLAIMED.
26*/ 26*/
27 27
28/*
29 * $Id: netdev.c,v 1.8 2002/08/04 21:23:58 maxk Exp $
30 */
31
32#include <linux/module.h> 28#include <linux/module.h>
33 29
34#include <linux/socket.h> 30#include <linux/socket.h>
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 201e5b1ce473..8ffb57f2303a 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -24,10 +24,6 @@
24 SOFTWARE IS DISCLAIMED. 24 SOFTWARE IS DISCLAIMED.
25*/ 25*/
26 26
27/*
28 * $Id: sock.c,v 1.4 2002/08/04 21:23:58 maxk Exp $
29 */
30
31#include <linux/module.h> 27#include <linux/module.h>
32 28
33#include <linux/types.h> 29#include <linux/types.h>
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index f8880261da0e..ca8d05245ca0 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -59,24 +59,31 @@ void hci_acl_connect(struct hci_conn *conn)
59 BT_DBG("%p", conn); 59 BT_DBG("%p", conn);
60 60
61 conn->state = BT_CONNECT; 61 conn->state = BT_CONNECT;
62 conn->out = 1; 62 conn->out = 1;
63
63 conn->link_mode = HCI_LM_MASTER; 64 conn->link_mode = HCI_LM_MASTER;
64 65
65 conn->attempt++; 66 conn->attempt++;
66 67
68 conn->link_policy = hdev->link_policy;
69
67 memset(&cp, 0, sizeof(cp)); 70 memset(&cp, 0, sizeof(cp));
68 bacpy(&cp.bdaddr, &conn->dst); 71 bacpy(&cp.bdaddr, &conn->dst);
69 cp.pscan_rep_mode = 0x02; 72 cp.pscan_rep_mode = 0x02;
70 73
71 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) && 74 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
72 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 75 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
73 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 76 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
74 cp.pscan_mode = ie->data.pscan_mode; 77 cp.pscan_mode = ie->data.pscan_mode;
75 cp.clock_offset = ie->data.clock_offset | cpu_to_le16(0x8000); 78 cp.clock_offset = ie->data.clock_offset |
79 cpu_to_le16(0x8000);
80 }
81
76 memcpy(conn->dev_class, ie->data.dev_class, 3); 82 memcpy(conn->dev_class, ie->data.dev_class, 3);
83 conn->ssp_mode = ie->data.ssp_mode;
77 } 84 }
78 85
79 cp.pkt_type = cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK); 86 cp.pkt_type = cpu_to_le16(conn->pkt_type);
80 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 87 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
81 cp.role_switch = 0x01; 88 cp.role_switch = 0x01;
82 else 89 else
@@ -122,7 +129,7 @@ void hci_add_sco(struct hci_conn *conn, __u16 handle)
122 conn->out = 1; 129 conn->out = 1;
123 130
124 cp.handle = cpu_to_le16(handle); 131 cp.handle = cpu_to_le16(handle);
125 cp.pkt_type = cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 132 cp.pkt_type = cpu_to_le16(conn->pkt_type);
126 133
127 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 134 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
128} 135}
@@ -138,7 +145,7 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
138 conn->out = 1; 145 conn->out = 1;
139 146
140 cp.handle = cpu_to_le16(handle); 147 cp.handle = cpu_to_le16(handle);
141 cp.pkt_type = cpu_to_le16(hdev->esco_type); 148 cp.pkt_type = cpu_to_le16(conn->pkt_type);
142 149
143 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 150 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
144 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 151 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
@@ -163,11 +170,13 @@ static void hci_conn_timeout(unsigned long arg)
163 170
164 switch (conn->state) { 171 switch (conn->state) {
165 case BT_CONNECT: 172 case BT_CONNECT:
173 case BT_CONNECT2:
166 if (conn->type == ACL_LINK) 174 if (conn->type == ACL_LINK)
167 hci_acl_connect_cancel(conn); 175 hci_acl_connect_cancel(conn);
168 else 176 else
169 hci_acl_disconn(conn, 0x13); 177 hci_acl_disconn(conn, 0x13);
170 break; 178 break;
179 case BT_CONFIG:
171 case BT_CONNECTED: 180 case BT_CONNECTED:
172 hci_acl_disconn(conn, 0x13); 181 hci_acl_disconn(conn, 0x13);
173 break; 182 break;
@@ -199,13 +208,28 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
199 return NULL; 208 return NULL;
200 209
201 bacpy(&conn->dst, dst); 210 bacpy(&conn->dst, dst);
202 conn->hdev = hdev; 211 conn->hdev = hdev;
203 conn->type = type; 212 conn->type = type;
204 conn->mode = HCI_CM_ACTIVE; 213 conn->mode = HCI_CM_ACTIVE;
205 conn->state = BT_OPEN; 214 conn->state = BT_OPEN;
206 215
207 conn->power_save = 1; 216 conn->power_save = 1;
208 217
218 switch (type) {
219 case ACL_LINK:
220 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
221 break;
222 case SCO_LINK:
223 if (lmp_esco_capable(hdev))
224 conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
225 else
226 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
227 break;
228 case ESCO_LINK:
229 conn->pkt_type = hdev->esco_type;
230 break;
231 }
232
209 skb_queue_head_init(&conn->data_q); 233 skb_queue_head_init(&conn->data_q);
210 234
211 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 235 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
@@ -221,8 +245,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
221 if (hdev->notify) 245 if (hdev->notify)
222 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 246 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
223 247
224 hci_conn_add_sysfs(conn);
225
226 tasklet_enable(&hdev->tx_task); 248 tasklet_enable(&hdev->tx_task);
227 249
228 return conn; 250 return conn;
@@ -254,12 +276,14 @@ int hci_conn_del(struct hci_conn *conn)
254 } 276 }
255 277
256 tasklet_disable(&hdev->tx_task); 278 tasklet_disable(&hdev->tx_task);
279
257 hci_conn_hash_del(hdev, conn); 280 hci_conn_hash_del(hdev, conn);
258 if (hdev->notify) 281 if (hdev->notify)
259 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 282 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
283
260 tasklet_enable(&hdev->tx_task); 284 tasklet_enable(&hdev->tx_task);
285
261 skb_queue_purge(&conn->data_q); 286 skb_queue_purge(&conn->data_q);
262 hci_conn_del_sysfs(conn);
263 287
264 return 0; 288 return 0;
265} 289}
@@ -355,13 +379,21 @@ int hci_conn_auth(struct hci_conn *conn)
355{ 379{
356 BT_DBG("conn %p", conn); 380 BT_DBG("conn %p", conn);
357 381
382 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) {
383 if (!(conn->auth_type & 0x01)) {
384 conn->auth_type = HCI_AT_GENERAL_BONDING_MITM;
385 conn->link_mode &= ~HCI_LM_AUTH;
386 }
387 }
388
358 if (conn->link_mode & HCI_LM_AUTH) 389 if (conn->link_mode & HCI_LM_AUTH)
359 return 1; 390 return 1;
360 391
361 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 392 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
362 struct hci_cp_auth_requested cp; 393 struct hci_cp_auth_requested cp;
363 cp.handle = cpu_to_le16(conn->handle); 394 cp.handle = cpu_to_le16(conn->handle);
364 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 395 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
396 sizeof(cp), &cp);
365 } 397 }
366 return 0; 398 return 0;
367} 399}
@@ -373,7 +405,7 @@ int hci_conn_encrypt(struct hci_conn *conn)
373 BT_DBG("conn %p", conn); 405 BT_DBG("conn %p", conn);
374 406
375 if (conn->link_mode & HCI_LM_ENCRYPT) 407 if (conn->link_mode & HCI_LM_ENCRYPT)
376 return 1; 408 return hci_conn_auth(conn);
377 409
378 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 410 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
379 return 0; 411 return 0;
@@ -382,7 +414,8 @@ int hci_conn_encrypt(struct hci_conn *conn)
382 struct hci_cp_set_conn_encrypt cp; 414 struct hci_cp_set_conn_encrypt cp;
383 cp.handle = cpu_to_le16(conn->handle); 415 cp.handle = cpu_to_le16(conn->handle);
384 cp.encrypt = 1; 416 cp.encrypt = 1;
385 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp); 417 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
418 sizeof(cp), &cp);
386 } 419 }
387 return 0; 420 return 0;
388} 421}
@@ -396,7 +429,8 @@ int hci_conn_change_link_key(struct hci_conn *conn)
396 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 429 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
397 struct hci_cp_change_conn_link_key cp; 430 struct hci_cp_change_conn_link_key cp;
398 cp.handle = cpu_to_le16(conn->handle); 431 cp.handle = cpu_to_le16(conn->handle);
399 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp); 432 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
433 sizeof(cp), &cp);
400 } 434 }
401 return 0; 435 return 0;
402} 436}
@@ -498,6 +532,8 @@ void hci_conn_hash_flush(struct hci_dev *hdev)
498 532
499 c->state = BT_CLOSED; 533 c->state = BT_CLOSED;
500 534
535 hci_conn_del_sysfs(c);
536
501 hci_proto_disconn_ind(c, 0x16); 537 hci_proto_disconn_ind(c, 0x16);
502 hci_conn_del(c); 538 hci_conn_del(c);
503 } 539 }
@@ -600,3 +636,23 @@ int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
600 636
601 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 637 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
602} 638}
639
640int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
641{
642 struct hci_auth_info_req req;
643 struct hci_conn *conn;
644
645 if (copy_from_user(&req, arg, sizeof(req)))
646 return -EFAULT;
647
648 hci_dev_lock_bh(hdev);
649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
650 if (conn)
651 req.type = conn->auth_type;
652 hci_dev_unlock_bh(hdev);
653
654 if (!conn)
655 return -ENOENT;
656
657 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
658}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index aec6929f5c16..f5b21cb93699 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -279,10 +279,20 @@ static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
279 279
280 BT_DBG("%s %x", hdev->name, encrypt); 280 BT_DBG("%s %x", hdev->name, encrypt);
281 281
282 /* Authentication */ 282 /* Encryption */
283 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 283 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
284} 284}
285 285
286static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
287{
288 __le16 policy = cpu_to_le16(opt);
289
290 BT_DBG("%s %x", hdev->name, opt);
291
292 /* Default link policy */
293 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
294}
295
286/* Get HCI device by index. 296/* Get HCI device by index.
287 * Device is held on return. */ 297 * Device is held on return. */
288struct hci_dev *hci_dev_get(int index) 298struct hci_dev *hci_dev_get(int index)
@@ -694,32 +704,35 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
694 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 704 msecs_to_jiffies(HCI_INIT_TIMEOUT));
695 break; 705 break;
696 706
697 case HCISETPTYPE:
698 hdev->pkt_type = (__u16) dr.dev_opt;
699 break;
700
701 case HCISETLINKPOL: 707 case HCISETLINKPOL:
702 hdev->link_policy = (__u16) dr.dev_opt; 708 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
709 msecs_to_jiffies(HCI_INIT_TIMEOUT));
703 break; 710 break;
704 711
705 case HCISETLINKMODE: 712 case HCISETLINKMODE:
706 hdev->link_mode = ((__u16) dr.dev_opt) & (HCI_LM_MASTER | HCI_LM_ACCEPT); 713 hdev->link_mode = ((__u16) dr.dev_opt) &
714 (HCI_LM_MASTER | HCI_LM_ACCEPT);
715 break;
716
717 case HCISETPTYPE:
718 hdev->pkt_type = (__u16) dr.dev_opt;
707 break; 719 break;
708 720
709 case HCISETACLMTU: 721 case HCISETACLMTU:
710 hdev->acl_mtu = *((__u16 *)&dr.dev_opt + 1); 722 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
711 hdev->acl_pkts = *((__u16 *)&dr.dev_opt + 0); 723 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
712 break; 724 break;
713 725
714 case HCISETSCOMTU: 726 case HCISETSCOMTU:
715 hdev->sco_mtu = *((__u16 *)&dr.dev_opt + 1); 727 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
716 hdev->sco_pkts = *((__u16 *)&dr.dev_opt + 0); 728 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
717 break; 729 break;
718 730
719 default: 731 default:
720 err = -EINVAL; 732 err = -EINVAL;
721 break; 733 break;
722 } 734 }
735
723 hci_dev_put(hdev); 736 hci_dev_put(hdev);
724 return err; 737 return err;
725} 738}
@@ -1270,9 +1283,12 @@ static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int
1270 struct hci_conn *c; 1283 struct hci_conn *c;
1271 c = list_entry(p, struct hci_conn, list); 1284 c = list_entry(p, struct hci_conn, list);
1272 1285
1273 if (c->type != type || c->state != BT_CONNECTED 1286 if (c->type != type || skb_queue_empty(&c->data_q))
1274 || skb_queue_empty(&c->data_q)) 1287 continue;
1288
1289 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
1275 continue; 1290 continue;
1291
1276 num++; 1292 num++;
1277 1293
1278 if (c->sent < min) { 1294 if (c->sent < min) {
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6aef8f24e581..0e3db289f4be 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -110,6 +110,25 @@ static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
110 hci_dev_unlock(hdev); 110 hci_dev_unlock(hdev);
111} 111}
112 112
113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
113static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{ 133{
115 struct hci_rp_write_link_policy *rp = (void *) skb->data; 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
@@ -128,13 +147,41 @@ static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128 hci_dev_lock(hdev); 147 hci_dev_lock(hdev);
129 148
130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131 if (conn) { 150 if (conn)
132 conn->link_policy = get_unaligned_le16(sent + 2); 151 conn->link_policy = get_unaligned_le16(sent + 2);
133 }
134 152
135 hci_dev_unlock(hdev); 153 hci_dev_unlock(hdev);
136} 154}
137 155
156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
182 hci_req_complete(hdev, status);
183}
184
138static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
139{ 186{
140 __u8 status = *((__u8 *) skb->data); 187 __u8 status = *((__u8 *) skb->data);
@@ -151,12 +198,14 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
151 198
152 BT_DBG("%s status 0x%x", hdev->name, status); 199 BT_DBG("%s status 0x%x", hdev->name, status);
153 200
201 if (status)
202 return;
203
154 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
155 if (!sent) 205 if (!sent)
156 return; 206 return;
157 207
158 if (!status) 208 memcpy(hdev->dev_name, sent, 248);
159 memcpy(hdev->dev_name, sent, 248);
160} 209}
161 210
162static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 211static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -266,12 +315,14 @@ static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
266 315
267 BT_DBG("%s status 0x%x", hdev->name, status); 316 BT_DBG("%s status 0x%x", hdev->name, status);
268 317
318 if (status)
319 return;
320
269 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 321 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
270 if (!sent) 322 if (!sent)
271 return; 323 return;
272 324
273 if (!status) 325 memcpy(hdev->dev_class, sent, 3);
274 memcpy(hdev->dev_class, sent, 3);
275} 326}
276 327
277static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 328static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
@@ -286,7 +337,7 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
286 337
287 setting = __le16_to_cpu(rp->voice_setting); 338 setting = __le16_to_cpu(rp->voice_setting);
288 339
289 if (hdev->voice_setting == setting ) 340 if (hdev->voice_setting == setting)
290 return; 341 return;
291 342
292 hdev->voice_setting = setting; 343 hdev->voice_setting = setting;
@@ -303,28 +354,31 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
303static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 354static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
304{ 355{
305 __u8 status = *((__u8 *) skb->data); 356 __u8 status = *((__u8 *) skb->data);
357 __u16 setting;
306 void *sent; 358 void *sent;
307 359
308 BT_DBG("%s status 0x%x", hdev->name, status); 360 BT_DBG("%s status 0x%x", hdev->name, status);
309 361
362 if (status)
363 return;
364
310 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 365 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
311 if (!sent) 366 if (!sent)
312 return; 367 return;
313 368
314 if (!status) { 369 setting = get_unaligned_le16(sent);
315 __u16 setting = get_unaligned_le16(sent);
316 370
317 if (hdev->voice_setting != setting) { 371 if (hdev->voice_setting == setting)
318 hdev->voice_setting = setting; 372 return;
319 373
320 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 374 hdev->voice_setting = setting;
321 375
322 if (hdev->notify) { 376 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
323 tasklet_disable(&hdev->tx_task); 377
324 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 378 if (hdev->notify) {
325 tasklet_enable(&hdev->tx_task); 379 tasklet_disable(&hdev->tx_task);
326 } 380 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
327 } 381 tasklet_enable(&hdev->tx_task);
328 } 382 }
329} 383}
330 384
@@ -337,6 +391,35 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
337 hci_req_complete(hdev, status); 391 hci_req_complete(hdev, status);
338} 392}
339 393
394static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
395{
396 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
397
398 BT_DBG("%s status 0x%x", hdev->name, rp->status);
399
400 if (rp->status)
401 return;
402
403 hdev->ssp_mode = rp->mode;
404}
405
406static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
407{
408 __u8 status = *((__u8 *) skb->data);
409 void *sent;
410
411 BT_DBG("%s status 0x%x", hdev->name, status);
412
413 if (status)
414 return;
415
416 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
417 if (!sent)
418 return;
419
420 hdev->ssp_mode = *((__u8 *) sent);
421}
422
340static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 423static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
341{ 424{
342 struct hci_rp_read_local_version *rp = (void *) skb->data; 425 struct hci_rp_read_local_version *rp = (void *) skb->data;
@@ -347,8 +430,8 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
347 return; 430 return;
348 431
349 hdev->hci_ver = rp->hci_ver; 432 hdev->hci_ver = rp->hci_ver;
350 hdev->hci_rev = btohs(rp->hci_rev); 433 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
351 hdev->manufacturer = btohs(rp->manufacturer); 434 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
352 435
353 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 436 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
354 hdev->manufacturer, 437 hdev->manufacturer,
@@ -536,11 +619,119 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
536 hci_dev_unlock(hdev); 619 hci_dev_unlock(hdev);
537} 620}
538 621
622static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
623{
624 struct hci_cp_auth_requested *cp;
625 struct hci_conn *conn;
626
627 BT_DBG("%s status 0x%x", hdev->name, status);
628
629 if (!status)
630 return;
631
632 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
633 if (!cp)
634 return;
635
636 hci_dev_lock(hdev);
637
638 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
639 if (conn) {
640 if (conn->state == BT_CONFIG) {
641 hci_proto_connect_cfm(conn, status);
642 hci_conn_put(conn);
643 }
644 }
645
646 hci_dev_unlock(hdev);
647}
648
649static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
650{
651 struct hci_cp_set_conn_encrypt *cp;
652 struct hci_conn *conn;
653
654 BT_DBG("%s status 0x%x", hdev->name, status);
655
656 if (!status)
657 return;
658
659 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
660 if (!cp)
661 return;
662
663 hci_dev_lock(hdev);
664
665 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
666 if (conn) {
667 if (conn->state == BT_CONFIG) {
668 hci_proto_connect_cfm(conn, status);
669 hci_conn_put(conn);
670 }
671 }
672
673 hci_dev_unlock(hdev);
674}
675
539static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 676static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
540{ 677{
541 BT_DBG("%s status 0x%x", hdev->name, status); 678 BT_DBG("%s status 0x%x", hdev->name, status);
542} 679}
543 680
681static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
682{
683 struct hci_cp_read_remote_features *cp;
684 struct hci_conn *conn;
685
686 BT_DBG("%s status 0x%x", hdev->name, status);
687
688 if (!status)
689 return;
690
691 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
692 if (!cp)
693 return;
694
695 hci_dev_lock(hdev);
696
697 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
698 if (conn) {
699 if (conn->state == BT_CONFIG) {
700 hci_proto_connect_cfm(conn, status);
701 hci_conn_put(conn);
702 }
703 }
704
705 hci_dev_unlock(hdev);
706}
707
708static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
709{
710 struct hci_cp_read_remote_ext_features *cp;
711 struct hci_conn *conn;
712
713 BT_DBG("%s status 0x%x", hdev->name, status);
714
715 if (!status)
716 return;
717
718 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
719 if (!cp)
720 return;
721
722 hci_dev_lock(hdev);
723
724 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
725 if (conn) {
726 if (conn->state == BT_CONFIG) {
727 hci_proto_connect_cfm(conn, status);
728 hci_conn_put(conn);
729 }
730 }
731
732 hci_dev_unlock(hdev);
733}
734
544static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 735static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
545{ 736{
546 struct hci_cp_setup_sync_conn *cp; 737 struct hci_cp_setup_sync_conn *cp;
@@ -653,6 +844,7 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
653 memcpy(data.dev_class, info->dev_class, 3); 844 memcpy(data.dev_class, info->dev_class, 3);
654 data.clock_offset = info->clock_offset; 845 data.clock_offset = info->clock_offset;
655 data.rssi = 0x00; 846 data.rssi = 0x00;
847 data.ssp_mode = 0x00;
656 info++; 848 info++;
657 hci_inquiry_cache_update(hdev, &data); 849 hci_inquiry_cache_update(hdev, &data);
658 } 850 }
@@ -675,7 +867,14 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
675 867
676 if (!ev->status) { 868 if (!ev->status) {
677 conn->handle = __le16_to_cpu(ev->handle); 869 conn->handle = __le16_to_cpu(ev->handle);
678 conn->state = BT_CONNECTED; 870
871 if (conn->type == ACL_LINK) {
872 conn->state = BT_CONFIG;
873 hci_conn_hold(conn);
874 } else
875 conn->state = BT_CONNECTED;
876
877 hci_conn_add_sysfs(conn);
679 878
680 if (test_bit(HCI_AUTH, &hdev->flags)) 879 if (test_bit(HCI_AUTH, &hdev->flags))
681 conn->link_mode |= HCI_LM_AUTH; 880 conn->link_mode |= HCI_LM_AUTH;
@@ -687,30 +886,17 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
687 if (conn->type == ACL_LINK) { 886 if (conn->type == ACL_LINK) {
688 struct hci_cp_read_remote_features cp; 887 struct hci_cp_read_remote_features cp;
689 cp.handle = ev->handle; 888 cp.handle = ev->handle;
690 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, sizeof(cp), &cp); 889 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
691 } 890 sizeof(cp), &cp);
692
693 /* Set link policy */
694 if (conn->type == ACL_LINK && hdev->link_policy) {
695 struct hci_cp_write_link_policy cp;
696 cp.handle = ev->handle;
697 cp.policy = cpu_to_le16(hdev->link_policy);
698 hci_send_cmd(hdev, HCI_OP_WRITE_LINK_POLICY, sizeof(cp), &cp);
699 } 891 }
700 892
701 /* Set packet type for incoming connection */ 893 /* Set packet type for incoming connection */
702 if (!conn->out) { 894 if (!conn->out && hdev->hci_ver < 3) {
703 struct hci_cp_change_conn_ptype cp; 895 struct hci_cp_change_conn_ptype cp;
704 cp.handle = ev->handle; 896 cp.handle = ev->handle;
705 cp.pkt_type = (conn->type == ACL_LINK) ? 897 cp.pkt_type = cpu_to_le16(conn->pkt_type);
706 cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK): 898 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
707 cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 899 sizeof(cp), &cp);
708
709 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
710 } else {
711 /* Update disconnect timer */
712 hci_conn_hold(conn);
713 hci_conn_put(conn);
714 } 900 }
715 } else 901 } else
716 conn->state = BT_CLOSED; 902 conn->state = BT_CLOSED;
@@ -730,9 +916,10 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
730 } 916 }
731 } 917 }
732 918
733 hci_proto_connect_cfm(conn, ev->status); 919 if (ev->status) {
734 if (ev->status) 920 hci_proto_connect_cfm(conn, ev->status);
735 hci_conn_del(conn); 921 hci_conn_del(conn);
922 }
736 923
737unlock: 924unlock:
738 hci_dev_unlock(hdev); 925 hci_dev_unlock(hdev);
@@ -752,10 +939,14 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
752 939
753 if (mask & HCI_LM_ACCEPT) { 940 if (mask & HCI_LM_ACCEPT) {
754 /* Connection accepted */ 941 /* Connection accepted */
942 struct inquiry_entry *ie;
755 struct hci_conn *conn; 943 struct hci_conn *conn;
756 944
757 hci_dev_lock(hdev); 945 hci_dev_lock(hdev);
758 946
947 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
948 memcpy(ie->data.dev_class, ev->dev_class, 3);
949
759 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 950 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
760 if (!conn) { 951 if (!conn) {
761 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 952 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
@@ -786,7 +977,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
786 struct hci_cp_accept_sync_conn_req cp; 977 struct hci_cp_accept_sync_conn_req cp;
787 978
788 bacpy(&cp.bdaddr, &ev->bdaddr); 979 bacpy(&cp.bdaddr, &ev->bdaddr);
789 cp.pkt_type = cpu_to_le16(hdev->esco_type); 980 cp.pkt_type = cpu_to_le16(conn->pkt_type);
790 981
791 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 982 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
792 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 983 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
@@ -822,6 +1013,9 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff
822 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1013 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
823 if (conn) { 1014 if (conn) {
824 conn->state = BT_CLOSED; 1015 conn->state = BT_CLOSED;
1016
1017 hci_conn_del_sysfs(conn);
1018
825 hci_proto_disconn_ind(conn, ev->reason); 1019 hci_proto_disconn_ind(conn, ev->reason);
826 hci_conn_del(conn); 1020 hci_conn_del(conn);
827 } 1021 }
@@ -845,15 +1039,29 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
845 1039
846 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1040 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
847 1041
848 hci_auth_cfm(conn, ev->status); 1042 if (conn->state == BT_CONFIG) {
1043 if (!ev->status && hdev->ssp_mode > 0 &&
1044 conn->ssp_mode > 0) {
1045 struct hci_cp_set_conn_encrypt cp;
1046 cp.handle = ev->handle;
1047 cp.encrypt = 0x01;
1048 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1049 sizeof(cp), &cp);
1050 } else {
1051 conn->state = BT_CONNECTED;
1052 hci_proto_connect_cfm(conn, ev->status);
1053 hci_conn_put(conn);
1054 }
1055 } else
1056 hci_auth_cfm(conn, ev->status);
849 1057
850 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1058 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
851 if (!ev->status) { 1059 if (!ev->status) {
852 struct hci_cp_set_conn_encrypt cp; 1060 struct hci_cp_set_conn_encrypt cp;
853 cp.handle = cpu_to_le16(conn->handle); 1061 cp.handle = ev->handle;
854 cp.encrypt = 1; 1062 cp.encrypt = 0x01;
855 hci_send_cmd(conn->hdev, 1063 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
856 HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp); 1064 sizeof(cp), &cp);
857 } else { 1065 } else {
858 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1066 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
859 hci_encrypt_cfm(conn, ev->status, 0x00); 1067 hci_encrypt_cfm(conn, ev->status, 0x00);
@@ -883,15 +1091,24 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1091 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
884 if (conn) { 1092 if (conn) {
885 if (!ev->status) { 1093 if (!ev->status) {
886 if (ev->encrypt) 1094 if (ev->encrypt) {
1095 /* Encryption implies authentication */
1096 conn->link_mode |= HCI_LM_AUTH;
887 conn->link_mode |= HCI_LM_ENCRYPT; 1097 conn->link_mode |= HCI_LM_ENCRYPT;
888 else 1098 } else
889 conn->link_mode &= ~HCI_LM_ENCRYPT; 1099 conn->link_mode &= ~HCI_LM_ENCRYPT;
890 } 1100 }
891 1101
892 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1102 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
893 1103
894 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1104 if (conn->state == BT_CONFIG) {
1105 if (!ev->status)
1106 conn->state = BT_CONNECTED;
1107
1108 hci_proto_connect_cfm(conn, ev->status);
1109 hci_conn_put(conn);
1110 } else
1111 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
895 } 1112 }
896 1113
897 hci_dev_unlock(hdev); 1114 hci_dev_unlock(hdev);
@@ -926,14 +1143,29 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
926 1143
927 BT_DBG("%s status %d", hdev->name, ev->status); 1144 BT_DBG("%s status %d", hdev->name, ev->status);
928 1145
929 if (ev->status)
930 return;
931
932 hci_dev_lock(hdev); 1146 hci_dev_lock(hdev);
933 1147
934 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
935 if (conn) 1149 if (conn) {
936 memcpy(conn->features, ev->features, 8); 1150 if (!ev->status)
1151 memcpy(conn->features, ev->features, 8);
1152
1153 if (conn->state == BT_CONFIG) {
1154 if (!ev->status && lmp_ssp_capable(hdev) &&
1155 lmp_ssp_capable(conn)) {
1156 struct hci_cp_read_remote_ext_features cp;
1157 cp.handle = ev->handle;
1158 cp.page = 0x01;
1159 hci_send_cmd(hdev,
1160 HCI_OP_READ_REMOTE_EXT_FEATURES,
1161 sizeof(cp), &cp);
1162 } else {
1163 conn->state = BT_CONNECTED;
1164 hci_proto_connect_cfm(conn, ev->status);
1165 hci_conn_put(conn);
1166 }
1167 }
1168 }
937 1169
938 hci_dev_unlock(hdev); 1170 hci_dev_unlock(hdev);
939} 1171}
@@ -974,10 +1206,22 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
974 hci_cc_role_discovery(hdev, skb); 1206 hci_cc_role_discovery(hdev, skb);
975 break; 1207 break;
976 1208
1209 case HCI_OP_READ_LINK_POLICY:
1210 hci_cc_read_link_policy(hdev, skb);
1211 break;
1212
977 case HCI_OP_WRITE_LINK_POLICY: 1213 case HCI_OP_WRITE_LINK_POLICY:
978 hci_cc_write_link_policy(hdev, skb); 1214 hci_cc_write_link_policy(hdev, skb);
979 break; 1215 break;
980 1216
1217 case HCI_OP_READ_DEF_LINK_POLICY:
1218 hci_cc_read_def_link_policy(hdev, skb);
1219 break;
1220
1221 case HCI_OP_WRITE_DEF_LINK_POLICY:
1222 hci_cc_write_def_link_policy(hdev, skb);
1223 break;
1224
981 case HCI_OP_RESET: 1225 case HCI_OP_RESET:
982 hci_cc_reset(hdev, skb); 1226 hci_cc_reset(hdev, skb);
983 break; 1227 break;
@@ -1022,6 +1266,14 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
1022 hci_cc_host_buffer_size(hdev, skb); 1266 hci_cc_host_buffer_size(hdev, skb);
1023 break; 1267 break;
1024 1268
1269 case HCI_OP_READ_SSP_MODE:
1270 hci_cc_read_ssp_mode(hdev, skb);
1271 break;
1272
1273 case HCI_OP_WRITE_SSP_MODE:
1274 hci_cc_write_ssp_mode(hdev, skb);
1275 break;
1276
1025 case HCI_OP_READ_LOCAL_VERSION: 1277 case HCI_OP_READ_LOCAL_VERSION:
1026 hci_cc_read_local_version(hdev, skb); 1278 hci_cc_read_local_version(hdev, skb);
1027 break; 1279 break;
@@ -1076,10 +1328,26 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1076 hci_cs_add_sco(hdev, ev->status); 1328 hci_cs_add_sco(hdev, ev->status);
1077 break; 1329 break;
1078 1330
1331 case HCI_OP_AUTH_REQUESTED:
1332 hci_cs_auth_requested(hdev, ev->status);
1333 break;
1334
1335 case HCI_OP_SET_CONN_ENCRYPT:
1336 hci_cs_set_conn_encrypt(hdev, ev->status);
1337 break;
1338
1079 case HCI_OP_REMOTE_NAME_REQ: 1339 case HCI_OP_REMOTE_NAME_REQ:
1080 hci_cs_remote_name_req(hdev, ev->status); 1340 hci_cs_remote_name_req(hdev, ev->status);
1081 break; 1341 break;
1082 1342
1343 case HCI_OP_READ_REMOTE_FEATURES:
1344 hci_cs_read_remote_features(hdev, ev->status);
1345 break;
1346
1347 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1348 hci_cs_read_remote_ext_features(hdev, ev->status);
1349 break;
1350
1083 case HCI_OP_SETUP_SYNC_CONN: 1351 case HCI_OP_SETUP_SYNC_CONN:
1084 hci_cs_setup_sync_conn(hdev, ev->status); 1352 hci_cs_setup_sync_conn(hdev, ev->status);
1085 break; 1353 break;
@@ -1235,6 +1503,22 @@ static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *sk
1235 hci_dev_unlock(hdev); 1503 hci_dev_unlock(hdev);
1236} 1504}
1237 1505
1506static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1507{
1508 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1509 struct hci_conn *conn;
1510
1511 BT_DBG("%s status %d", hdev->name, ev->status);
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1516 if (conn && !ev->status)
1517 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1518
1519 hci_dev_unlock(hdev);
1520}
1521
1238static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1522static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1239{ 1523{
1240 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1524 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
@@ -1275,6 +1559,7 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1275 memcpy(data.dev_class, info->dev_class, 3); 1559 memcpy(data.dev_class, info->dev_class, 3);
1276 data.clock_offset = info->clock_offset; 1560 data.clock_offset = info->clock_offset;
1277 data.rssi = info->rssi; 1561 data.rssi = info->rssi;
1562 data.ssp_mode = 0x00;
1278 info++; 1563 info++;
1279 hci_inquiry_cache_update(hdev, &data); 1564 hci_inquiry_cache_update(hdev, &data);
1280 } 1565 }
@@ -1289,6 +1574,7 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1289 memcpy(data.dev_class, info->dev_class, 3); 1574 memcpy(data.dev_class, info->dev_class, 3);
1290 data.clock_offset = info->clock_offset; 1575 data.clock_offset = info->clock_offset;
1291 data.rssi = info->rssi; 1576 data.rssi = info->rssi;
1577 data.ssp_mode = 0x00;
1292 info++; 1578 info++;
1293 hci_inquiry_cache_update(hdev, &data); 1579 hci_inquiry_cache_update(hdev, &data);
1294 } 1580 }
@@ -1299,7 +1585,43 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1299 1585
1300static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1586static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1301{ 1587{
1588 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1589 struct hci_conn *conn;
1590
1302 BT_DBG("%s", hdev->name); 1591 BT_DBG("%s", hdev->name);
1592
1593 hci_dev_lock(hdev);
1594
1595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1596 if (conn) {
1597 if (!ev->status && ev->page == 0x01) {
1598 struct inquiry_entry *ie;
1599
1600 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1601 ie->data.ssp_mode = (ev->features[0] & 0x01);
1602
1603 conn->ssp_mode = (ev->features[0] & 0x01);
1604 }
1605
1606 if (conn->state == BT_CONFIG) {
1607 if (!ev->status && hdev->ssp_mode > 0 &&
1608 conn->ssp_mode > 0) {
1609 if (conn->out) {
1610 struct hci_cp_auth_requested cp;
1611 cp.handle = ev->handle;
1612 hci_send_cmd(hdev,
1613 HCI_OP_AUTH_REQUESTED,
1614 sizeof(cp), &cp);
1615 }
1616 } else {
1617 conn->state = BT_CONNECTED;
1618 hci_proto_connect_cfm(conn, ev->status);
1619 hci_conn_put(conn);
1620 }
1621 }
1622 }
1623
1624 hci_dev_unlock(hdev);
1303} 1625}
1304 1626
1305static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1627static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1312,12 +1634,22 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
1312 hci_dev_lock(hdev); 1634 hci_dev_lock(hdev);
1313 1635
1314 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1636 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1315 if (!conn) 1637 if (!conn) {
1316 goto unlock; 1638 if (ev->link_type == ESCO_LINK)
1639 goto unlock;
1640
1641 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1642 if (!conn)
1643 goto unlock;
1644
1645 conn->type = SCO_LINK;
1646 }
1317 1647
1318 if (!ev->status) { 1648 if (!ev->status) {
1319 conn->handle = __le16_to_cpu(ev->handle); 1649 conn->handle = __le16_to_cpu(ev->handle);
1320 conn->state = BT_CONNECTED; 1650 conn->state = BT_CONNECTED;
1651
1652 hci_conn_add_sysfs(conn);
1321 } else 1653 } else
1322 conn->state = BT_CLOSED; 1654 conn->state = BT_CLOSED;
1323 1655
@@ -1371,6 +1703,7 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1371 memcpy(data.dev_class, info->dev_class, 3); 1703 memcpy(data.dev_class, info->dev_class, 3);
1372 data.clock_offset = info->clock_offset; 1704 data.clock_offset = info->clock_offset;
1373 data.rssi = info->rssi; 1705 data.rssi = info->rssi;
1706 data.ssp_mode = 0x01;
1374 info++; 1707 info++;
1375 hci_inquiry_cache_update(hdev, &data); 1708 hci_inquiry_cache_update(hdev, &data);
1376 } 1709 }
@@ -1378,6 +1711,53 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1378 hci_dev_unlock(hdev); 1711 hci_dev_unlock(hdev);
1379} 1712}
1380 1713
1714static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1715{
1716 struct hci_ev_io_capa_request *ev = (void *) skb->data;
1717 struct hci_conn *conn;
1718
1719 BT_DBG("%s", hdev->name);
1720
1721 hci_dev_lock(hdev);
1722
1723 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1724 if (conn)
1725 hci_conn_hold(conn);
1726
1727 hci_dev_unlock(hdev);
1728}
1729
1730static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1731{
1732 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1733 struct hci_conn *conn;
1734
1735 BT_DBG("%s", hdev->name);
1736
1737 hci_dev_lock(hdev);
1738
1739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1740 if (conn)
1741 hci_conn_put(conn);
1742
1743 hci_dev_unlock(hdev);
1744}
1745
1746static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1747{
1748 struct hci_ev_remote_host_features *ev = (void *) skb->data;
1749 struct inquiry_entry *ie;
1750
1751 BT_DBG("%s", hdev->name);
1752
1753 hci_dev_lock(hdev);
1754
1755 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1756 ie->data.ssp_mode = (ev->features[0] & 0x01);
1757
1758 hci_dev_unlock(hdev);
1759}
1760
1381void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 1761void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1382{ 1762{
1383 struct hci_event_hdr *hdr = (void *) skb->data; 1763 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -1470,6 +1850,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1470 hci_clock_offset_evt(hdev, skb); 1850 hci_clock_offset_evt(hdev, skb);
1471 break; 1851 break;
1472 1852
1853 case HCI_EV_PKT_TYPE_CHANGE:
1854 hci_pkt_type_change_evt(hdev, skb);
1855 break;
1856
1473 case HCI_EV_PSCAN_REP_MODE: 1857 case HCI_EV_PSCAN_REP_MODE:
1474 hci_pscan_rep_mode_evt(hdev, skb); 1858 hci_pscan_rep_mode_evt(hdev, skb);
1475 break; 1859 break;
@@ -1498,6 +1882,18 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1498 hci_extended_inquiry_result_evt(hdev, skb); 1882 hci_extended_inquiry_result_evt(hdev, skb);
1499 break; 1883 break;
1500 1884
1885 case HCI_EV_IO_CAPA_REQUEST:
1886 hci_io_capa_request_evt(hdev, skb);
1887 break;
1888
1889 case HCI_EV_SIMPLE_PAIR_COMPLETE:
1890 hci_simple_pair_complete_evt(hdev, skb);
1891 break;
1892
1893 case HCI_EV_REMOTE_HOST_FEATURES:
1894 hci_remote_host_features_evt(hdev, skb);
1895 break;
1896
1501 default: 1897 default:
1502 BT_DBG("%s event 0x%x", hdev->name, event); 1898 BT_DBG("%s event 0x%x", hdev->name, event);
1503 break; 1899 break;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 747fabd735d2..d62579b67959 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -193,19 +193,11 @@ static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsign
193 193
194 return 0; 194 return 0;
195 195
196 case HCISETSECMGR:
197 if (!capable(CAP_NET_ADMIN))
198 return -EACCES;
199
200 if (arg)
201 set_bit(HCI_SECMGR, &hdev->flags);
202 else
203 clear_bit(HCI_SECMGR, &hdev->flags);
204
205 return 0;
206
207 case HCIGETCONNINFO: 196 case HCIGETCONNINFO:
208 return hci_get_conn_info(hdev, (void __user *)arg); 197 return hci_get_conn_info(hdev, (void __user *) arg);
198
199 case HCIGETAUTHINFO:
200 return hci_get_auth_info(hdev, (void __user *) arg);
209 201
210 default: 202 default:
211 if (hdev->ioctl) 203 if (hdev->ioctl)
@@ -217,7 +209,7 @@ static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsign
217static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 209static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
218{ 210{
219 struct sock *sk = sock->sk; 211 struct sock *sk = sock->sk;
220 void __user *argp = (void __user *)arg; 212 void __user *argp = (void __user *) arg;
221 int err; 213 int err;
222 214
223 BT_DBG("cmd %x arg %lx", cmd, arg); 215 BT_DBG("cmd %x arg %lx", cmd, arg);
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 84360c117d4e..f4f6615cad9f 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -3,8 +3,6 @@
3#include <linux/kernel.h> 3#include <linux/kernel.h>
4#include <linux/init.h> 4#include <linux/init.h>
5 5
6#include <linux/platform_device.h>
7
8#include <net/bluetooth/bluetooth.h> 6#include <net/bluetooth/bluetooth.h>
9#include <net/bluetooth/hci_core.h> 7#include <net/bluetooth/hci_core.h>
10 8
@@ -12,10 +10,164 @@
12#undef BT_DBG 10#undef BT_DBG
13#define BT_DBG(D...) 11#define BT_DBG(D...)
14#endif 12#endif
13
14struct class *bt_class = NULL;
15EXPORT_SYMBOL_GPL(bt_class);
16
15static struct workqueue_struct *btaddconn; 17static struct workqueue_struct *btaddconn;
16static struct workqueue_struct *btdelconn; 18static struct workqueue_struct *btdelconn;
17 19
18static inline char *typetostr(int type) 20static inline char *link_typetostr(int type)
21{
22 switch (type) {
23 case ACL_LINK:
24 return "ACL";
25 case SCO_LINK:
26 return "SCO";
27 case ESCO_LINK:
28 return "eSCO";
29 default:
30 return "UNKNOWN";
31 }
32}
33
34static ssize_t show_link_type(struct device *dev, struct device_attribute *attr, char *buf)
35{
36 struct hci_conn *conn = dev_get_drvdata(dev);
37 return sprintf(buf, "%s\n", link_typetostr(conn->type));
38}
39
40static ssize_t show_link_address(struct device *dev, struct device_attribute *attr, char *buf)
41{
42 struct hci_conn *conn = dev_get_drvdata(dev);
43 bdaddr_t bdaddr;
44 baswap(&bdaddr, &conn->dst);
45 return sprintf(buf, "%s\n", batostr(&bdaddr));
46}
47
48static ssize_t show_link_features(struct device *dev, struct device_attribute *attr, char *buf)
49{
50 struct hci_conn *conn = dev_get_drvdata(dev);
51
52 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
53 conn->features[0], conn->features[1],
54 conn->features[2], conn->features[3],
55 conn->features[4], conn->features[5],
56 conn->features[6], conn->features[7]);
57}
58
59#define LINK_ATTR(_name,_mode,_show,_store) \
60struct device_attribute link_attr_##_name = __ATTR(_name,_mode,_show,_store)
61
62static LINK_ATTR(type, S_IRUGO, show_link_type, NULL);
63static LINK_ATTR(address, S_IRUGO, show_link_address, NULL);
64static LINK_ATTR(features, S_IRUGO, show_link_features, NULL);
65
66static struct attribute *bt_link_attrs[] = {
67 &link_attr_type.attr,
68 &link_attr_address.attr,
69 &link_attr_features.attr,
70 NULL
71};
72
73static struct attribute_group bt_link_group = {
74 .attrs = bt_link_attrs,
75};
76
77static struct attribute_group *bt_link_groups[] = {
78 &bt_link_group,
79 NULL
80};
81
82static void bt_link_release(struct device *dev)
83{
84 void *data = dev_get_drvdata(dev);
85 kfree(data);
86}
87
88static struct device_type bt_link = {
89 .name = "link",
90 .groups = bt_link_groups,
91 .release = bt_link_release,
92};
93
94static void add_conn(struct work_struct *work)
95{
96 struct hci_conn *conn = container_of(work, struct hci_conn, work);
97
98 flush_workqueue(btdelconn);
99
100 if (device_add(&conn->dev) < 0) {
101 BT_ERR("Failed to register connection device");
102 return;
103 }
104}
105
106void hci_conn_add_sysfs(struct hci_conn *conn)
107{
108 struct hci_dev *hdev = conn->hdev;
109
110 BT_DBG("conn %p", conn);
111
112 conn->dev.type = &bt_link;
113 conn->dev.class = bt_class;
114 conn->dev.parent = &hdev->dev;
115
116 snprintf(conn->dev.bus_id, BUS_ID_SIZE, "%s:%d",
117 hdev->name, conn->handle);
118
119 dev_set_drvdata(&conn->dev, conn);
120
121 device_initialize(&conn->dev);
122
123 INIT_WORK(&conn->work, add_conn);
124
125 queue_work(btaddconn, &conn->work);
126}
127
128/*
129 * The rfcomm tty device will possibly retain even when conn
130 * is down, and sysfs doesn't support move zombie device,
131 * so we should move the device before conn device is destroyed.
132 */
133static int __match_tty(struct device *dev, void *data)
134{
135 return !strncmp(dev->bus_id, "rfcomm", 6);
136}
137
138static void del_conn(struct work_struct *work)
139{
140 struct hci_conn *conn = container_of(work, struct hci_conn, work);
141 struct hci_dev *hdev = conn->hdev;
142
143 while (1) {
144 struct device *dev;
145
146 dev = device_find_child(&conn->dev, NULL, __match_tty);
147 if (!dev)
148 break;
149 device_move(dev, NULL);
150 put_device(dev);
151 }
152
153 device_del(&conn->dev);
154 put_device(&conn->dev);
155 hci_dev_put(hdev);
156}
157
158void hci_conn_del_sysfs(struct hci_conn *conn)
159{
160 BT_DBG("conn %p", conn);
161
162 if (!device_is_registered(&conn->dev))
163 return;
164
165 INIT_WORK(&conn->work, del_conn);
166
167 queue_work(btdelconn, &conn->work);
168}
169
170static inline char *host_typetostr(int type)
19{ 171{
20 switch (type) { 172 switch (type) {
21 case HCI_VIRTUAL: 173 case HCI_VIRTUAL:
@@ -40,7 +192,7 @@ static inline char *typetostr(int type)
40static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf) 192static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf)
41{ 193{
42 struct hci_dev *hdev = dev_get_drvdata(dev); 194 struct hci_dev *hdev = dev_get_drvdata(dev);
43 return sprintf(buf, "%s\n", typetostr(hdev->type)); 195 return sprintf(buf, "%s\n", host_typetostr(hdev->type));
44} 196}
45 197
46static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf) 198static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf)
@@ -113,11 +265,13 @@ static ssize_t show_inquiry_cache(struct device *dev, struct device_attribute *a
113 struct inquiry_data *data = &e->data; 265 struct inquiry_data *data = &e->data;
114 bdaddr_t bdaddr; 266 bdaddr_t bdaddr;
115 baswap(&bdaddr, &data->bdaddr); 267 baswap(&bdaddr, &data->bdaddr);
116 n += sprintf(buf + n, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %u\n", 268 n += sprintf(buf + n, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
117 batostr(&bdaddr), 269 batostr(&bdaddr),
118 data->pscan_rep_mode, data->pscan_period_mode, data->pscan_mode, 270 data->pscan_rep_mode, data->pscan_period_mode,
119 data->dev_class[2], data->dev_class[1], data->dev_class[0], 271 data->pscan_mode, data->dev_class[2],
120 __le16_to_cpu(data->clock_offset), data->rssi, e->timestamp); 272 data->dev_class[1], data->dev_class[0],
273 __le16_to_cpu(data->clock_offset),
274 data->rssi, data->ssp_mode, e->timestamp);
121 } 275 }
122 276
123 hci_dev_unlock_bh(hdev); 277 hci_dev_unlock_bh(hdev);
@@ -219,178 +373,62 @@ static DEVICE_ATTR(sniff_max_interval, S_IRUGO | S_IWUSR,
219static DEVICE_ATTR(sniff_min_interval, S_IRUGO | S_IWUSR, 373static DEVICE_ATTR(sniff_min_interval, S_IRUGO | S_IWUSR,
220 show_sniff_min_interval, store_sniff_min_interval); 374 show_sniff_min_interval, store_sniff_min_interval);
221 375
222static struct device_attribute *bt_attrs[] = { 376static struct attribute *bt_host_attrs[] = {
223 &dev_attr_type, 377 &dev_attr_type.attr,
224 &dev_attr_name, 378 &dev_attr_name.attr,
225 &dev_attr_class, 379 &dev_attr_class.attr,
226 &dev_attr_address, 380 &dev_attr_address.attr,
227 &dev_attr_features, 381 &dev_attr_features.attr,
228 &dev_attr_manufacturer, 382 &dev_attr_manufacturer.attr,
229 &dev_attr_hci_version, 383 &dev_attr_hci_version.attr,
230 &dev_attr_hci_revision, 384 &dev_attr_hci_revision.attr,
231 &dev_attr_inquiry_cache, 385 &dev_attr_inquiry_cache.attr,
232 &dev_attr_idle_timeout, 386 &dev_attr_idle_timeout.attr,
233 &dev_attr_sniff_max_interval, 387 &dev_attr_sniff_max_interval.attr,
234 &dev_attr_sniff_min_interval, 388 &dev_attr_sniff_min_interval.attr,
235 NULL 389 NULL
236}; 390};
237 391
238static ssize_t show_conn_type(struct device *dev, struct device_attribute *attr, char *buf) 392static struct attribute_group bt_host_group = {
239{ 393 .attrs = bt_host_attrs,
240 struct hci_conn *conn = dev_get_drvdata(dev);
241 return sprintf(buf, "%s\n", conn->type == ACL_LINK ? "ACL" : "SCO");
242}
243
244static ssize_t show_conn_address(struct device *dev, struct device_attribute *attr, char *buf)
245{
246 struct hci_conn *conn = dev_get_drvdata(dev);
247 bdaddr_t bdaddr;
248 baswap(&bdaddr, &conn->dst);
249 return sprintf(buf, "%s\n", batostr(&bdaddr));
250}
251
252#define CONN_ATTR(_name,_mode,_show,_store) \
253struct device_attribute conn_attr_##_name = __ATTR(_name,_mode,_show,_store)
254
255static CONN_ATTR(type, S_IRUGO, show_conn_type, NULL);
256static CONN_ATTR(address, S_IRUGO, show_conn_address, NULL);
257
258static struct device_attribute *conn_attrs[] = {
259 &conn_attr_type,
260 &conn_attr_address,
261 NULL
262}; 394};
263 395
264struct class *bt_class = NULL; 396static struct attribute_group *bt_host_groups[] = {
265EXPORT_SYMBOL_GPL(bt_class); 397 &bt_host_group,
266 398 NULL
267static struct bus_type bt_bus = {
268 .name = "bluetooth",
269}; 399};
270 400
271static struct platform_device *bt_platform; 401static void bt_host_release(struct device *dev)
272
273static void bt_release(struct device *dev)
274{ 402{
275 void *data = dev_get_drvdata(dev); 403 void *data = dev_get_drvdata(dev);
276 kfree(data); 404 kfree(data);
277} 405}
278 406
279static void add_conn(struct work_struct *work) 407static struct device_type bt_host = {
280{ 408 .name = "host",
281 struct hci_conn *conn = container_of(work, struct hci_conn, work); 409 .groups = bt_host_groups,
282 int i; 410 .release = bt_host_release,
283 411};
284 flush_workqueue(btdelconn);
285
286 if (device_add(&conn->dev) < 0) {
287 BT_ERR("Failed to register connection device");
288 return;
289 }
290
291 for (i = 0; conn_attrs[i]; i++)
292 if (device_create_file(&conn->dev, conn_attrs[i]) < 0)
293 BT_ERR("Failed to create connection attribute");
294}
295
296void hci_conn_add_sysfs(struct hci_conn *conn)
297{
298 struct hci_dev *hdev = conn->hdev;
299 bdaddr_t *ba = &conn->dst;
300
301 BT_DBG("conn %p", conn);
302
303 conn->dev.bus = &bt_bus;
304 conn->dev.parent = &hdev->dev;
305
306 conn->dev.release = bt_release;
307
308 snprintf(conn->dev.bus_id, BUS_ID_SIZE,
309 "%s%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X",
310 conn->type == ACL_LINK ? "acl" : "sco",
311 ba->b[5], ba->b[4], ba->b[3],
312 ba->b[2], ba->b[1], ba->b[0]);
313
314 dev_set_drvdata(&conn->dev, conn);
315
316 device_initialize(&conn->dev);
317
318 INIT_WORK(&conn->work, add_conn);
319
320 queue_work(btaddconn, &conn->work);
321}
322
323/*
324 * The rfcomm tty device will possibly retain even when conn
325 * is down, and sysfs doesn't support move zombie device,
326 * so we should move the device before conn device is destroyed.
327 */
328static int __match_tty(struct device *dev, void *data)
329{
330 return !strncmp(dev->bus_id, "rfcomm", 6);
331}
332
333static void del_conn(struct work_struct *work)
334{
335 struct hci_conn *conn = container_of(work, struct hci_conn, work);
336 struct hci_dev *hdev = conn->hdev;
337
338 while (1) {
339 struct device *dev;
340
341 dev = device_find_child(&conn->dev, NULL, __match_tty);
342 if (!dev)
343 break;
344 device_move(dev, NULL);
345 put_device(dev);
346 }
347
348 device_del(&conn->dev);
349 put_device(&conn->dev);
350 hci_dev_put(hdev);
351}
352
353void hci_conn_del_sysfs(struct hci_conn *conn)
354{
355 BT_DBG("conn %p", conn);
356
357 if (!device_is_registered(&conn->dev))
358 return;
359
360 INIT_WORK(&conn->work, del_conn);
361
362 queue_work(btdelconn, &conn->work);
363}
364 412
365int hci_register_sysfs(struct hci_dev *hdev) 413int hci_register_sysfs(struct hci_dev *hdev)
366{ 414{
367 struct device *dev = &hdev->dev; 415 struct device *dev = &hdev->dev;
368 unsigned int i;
369 int err; 416 int err;
370 417
371 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 418 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
372 419
373 dev->bus = &bt_bus; 420 dev->type = &bt_host;
421 dev->class = bt_class;
374 dev->parent = hdev->parent; 422 dev->parent = hdev->parent;
375 423
376 strlcpy(dev->bus_id, hdev->name, BUS_ID_SIZE); 424 strlcpy(dev->bus_id, hdev->name, BUS_ID_SIZE);
377 425
378 dev->release = bt_release;
379
380 dev_set_drvdata(dev, hdev); 426 dev_set_drvdata(dev, hdev);
381 427
382 err = device_register(dev); 428 err = device_register(dev);
383 if (err < 0) 429 if (err < 0)
384 return err; 430 return err;
385 431
386 for (i = 0; bt_attrs[i]; i++)
387 if (device_create_file(dev, bt_attrs[i]) < 0)
388 BT_ERR("Failed to create device attribute");
389
390 if (sysfs_create_link(&bt_class->subsys.kobj,
391 &dev->kobj, kobject_name(&dev->kobj)) < 0)
392 BT_ERR("Failed to create class symlink");
393
394 return 0; 432 return 0;
395} 433}
396 434
@@ -398,67 +436,35 @@ void hci_unregister_sysfs(struct hci_dev *hdev)
398{ 436{
399 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 437 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
400 438
401 sysfs_remove_link(&bt_class->subsys.kobj,
402 kobject_name(&hdev->dev.kobj));
403
404 device_del(&hdev->dev); 439 device_del(&hdev->dev);
405} 440}
406 441
407int __init bt_sysfs_init(void) 442int __init bt_sysfs_init(void)
408{ 443{
409 int err;
410
411 btaddconn = create_singlethread_workqueue("btaddconn"); 444 btaddconn = create_singlethread_workqueue("btaddconn");
412 if (!btaddconn) { 445 if (!btaddconn)
413 err = -ENOMEM; 446 return -ENOMEM;
414 goto out;
415 }
416 447
417 btdelconn = create_singlethread_workqueue("btdelconn"); 448 btdelconn = create_singlethread_workqueue("btdelconn");
418 if (!btdelconn) { 449 if (!btdelconn) {
419 err = -ENOMEM; 450 destroy_workqueue(btaddconn);
420 goto out_del; 451 return -ENOMEM;
421 } 452 }
422 453
423 bt_platform = platform_device_register_simple("bluetooth", -1, NULL, 0);
424 if (IS_ERR(bt_platform)) {
425 err = PTR_ERR(bt_platform);
426 goto out_platform;
427 }
428
429 err = bus_register(&bt_bus);
430 if (err < 0)
431 goto out_bus;
432
433 bt_class = class_create(THIS_MODULE, "bluetooth"); 454 bt_class = class_create(THIS_MODULE, "bluetooth");
434 if (IS_ERR(bt_class)) { 455 if (IS_ERR(bt_class)) {
435 err = PTR_ERR(bt_class); 456 destroy_workqueue(btdelconn);
436 goto out_class; 457 destroy_workqueue(btaddconn);
458 return PTR_ERR(bt_class);
437 } 459 }
438 460
439 return 0; 461 return 0;
440
441out_class:
442 bus_unregister(&bt_bus);
443out_bus:
444 platform_device_unregister(bt_platform);
445out_platform:
446 destroy_workqueue(btdelconn);
447out_del:
448 destroy_workqueue(btaddconn);
449out:
450 return err;
451} 462}
452 463
453void bt_sysfs_cleanup(void) 464void bt_sysfs_cleanup(void)
454{ 465{
455 destroy_workqueue(btaddconn); 466 destroy_workqueue(btaddconn);
456
457 destroy_workqueue(btdelconn); 467 destroy_workqueue(btdelconn);
458 468
459 class_destroy(bt_class); 469 class_destroy(bt_class);
460
461 bus_unregister(&bt_bus);
462
463 platform_device_unregister(bt_platform);
464} 470}
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 519cdb920f93..96434d774c84 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -581,6 +581,12 @@ static int hidp_session(void *arg)
581 hid_free_device(session->hid); 581 hid_free_device(session->hid);
582 } 582 }
583 583
584 /* Wakeup user-space polling for socket errors */
585 session->intr_sock->sk->sk_err = EUNATCH;
586 session->ctrl_sock->sk->sk_err = EUNATCH;
587
588 hidp_schedule(session);
589
584 fput(session->intr_sock->file); 590 fput(session->intr_sock->file);
585 591
586 wait_event_timeout(*(ctrl_sk->sk_sleep), 592 wait_event_timeout(*(ctrl_sk->sk_sleep),
@@ -879,6 +885,10 @@ int hidp_del_connection(struct hidp_conndel_req *req)
879 skb_queue_purge(&session->ctrl_transmit); 885 skb_queue_purge(&session->ctrl_transmit);
880 skb_queue_purge(&session->intr_transmit); 886 skb_queue_purge(&session->intr_transmit);
881 887
888 /* Wakeup user-space polling for socket errors */
889 session->intr_sock->sk->sk_err = EUNATCH;
890 session->ctrl_sock->sk->sk_err = EUNATCH;
891
882 /* Kill session thread */ 892 /* Kill session thread */
883 atomic_inc(&session->terminate); 893 atomic_inc(&session->terminate);
884 hidp_schedule(session); 894 hidp_schedule(session);
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6e180d255505..3396d5bdef1c 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -55,7 +55,7 @@
55#define BT_DBG(D...) 55#define BT_DBG(D...)
56#endif 56#endif
57 57
58#define VERSION "2.9" 58#define VERSION "2.10"
59 59
60static u32 l2cap_feat_mask = 0x0000; 60static u32 l2cap_feat_mask = 0x0000;
61 61
@@ -76,11 +76,21 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
76static void l2cap_sock_timeout(unsigned long arg) 76static void l2cap_sock_timeout(unsigned long arg)
77{ 77{
78 struct sock *sk = (struct sock *) arg; 78 struct sock *sk = (struct sock *) arg;
79 int reason;
79 80
80 BT_DBG("sock %p state %d", sk, sk->sk_state); 81 BT_DBG("sock %p state %d", sk, sk->sk_state);
81 82
82 bh_lock_sock(sk); 83 bh_lock_sock(sk);
83 __l2cap_sock_close(sk, ETIMEDOUT); 84
85 if (sk->sk_state == BT_CONNECT &&
86 (l2cap_pi(sk)->link_mode & (L2CAP_LM_AUTH |
87 L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)))
88 reason = ECONNREFUSED;
89 else
90 reason = ETIMEDOUT;
91
92 __l2cap_sock_close(sk, reason);
93
84 bh_unlock_sock(sk); 94 bh_unlock_sock(sk);
85 95
86 l2cap_sock_kill(sk); 96 l2cap_sock_kill(sk);
@@ -240,7 +250,7 @@ static void l2cap_chan_del(struct sock *sk, int err)
240 hci_conn_put(conn->hcon); 250 hci_conn_put(conn->hcon);
241 } 251 }
242 252
243 sk->sk_state = BT_CLOSED; 253 sk->sk_state = BT_CLOSED;
244 sock_set_flag(sk, SOCK_ZAPPED); 254 sock_set_flag(sk, SOCK_ZAPPED);
245 255
246 if (err) 256 if (err)
@@ -253,6 +263,21 @@ static void l2cap_chan_del(struct sock *sk, int err)
253 sk->sk_state_change(sk); 263 sk->sk_state_change(sk);
254} 264}
255 265
266/* Service level security */
267static inline int l2cap_check_link_mode(struct sock *sk)
268{
269 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
270
271 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
272 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE))
273 return hci_conn_encrypt(conn->hcon);
274
275 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH)
276 return hci_conn_auth(conn->hcon);
277
278 return 1;
279}
280
256static inline u8 l2cap_get_ident(struct l2cap_conn *conn) 281static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
257{ 282{
258 u8 id; 283 u8 id;
@@ -287,6 +312,36 @@ static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16
287 return hci_send_acl(conn->hcon, skb, 0); 312 return hci_send_acl(conn->hcon, skb, 0);
288} 313}
289 314
315static void l2cap_do_start(struct sock *sk)
316{
317 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
318
319 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
320 if (l2cap_check_link_mode(sk)) {
321 struct l2cap_conn_req req;
322 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
323 req.psm = l2cap_pi(sk)->psm;
324
325 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
326
327 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
328 L2CAP_CONN_REQ, sizeof(req), &req);
329 }
330 } else {
331 struct l2cap_info_req req;
332 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
333
334 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
335 conn->info_ident = l2cap_get_ident(conn);
336
337 mod_timer(&conn->info_timer, jiffies +
338 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
339
340 l2cap_send_cmd(conn, conn->info_ident,
341 L2CAP_INFO_REQ, sizeof(req), &req);
342 }
343}
344
290/* ---- L2CAP connections ---- */ 345/* ---- L2CAP connections ---- */
291static void l2cap_conn_start(struct l2cap_conn *conn) 346static void l2cap_conn_start(struct l2cap_conn *conn)
292{ 347{
@@ -301,16 +356,37 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
301 bh_lock_sock(sk); 356 bh_lock_sock(sk);
302 357
303 if (sk->sk_type != SOCK_SEQPACKET) { 358 if (sk->sk_type != SOCK_SEQPACKET) {
304 l2cap_sock_clear_timer(sk); 359 bh_unlock_sock(sk);
305 sk->sk_state = BT_CONNECTED; 360 continue;
306 sk->sk_state_change(sk); 361 }
307 } else if (sk->sk_state == BT_CONNECT) { 362
308 struct l2cap_conn_req req; 363 if (sk->sk_state == BT_CONNECT) {
309 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 364 if (l2cap_check_link_mode(sk)) {
310 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 365 struct l2cap_conn_req req;
311 req.psm = l2cap_pi(sk)->psm; 366 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
312 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 367 req.psm = l2cap_pi(sk)->psm;
368
369 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
370
371 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
313 L2CAP_CONN_REQ, sizeof(req), &req); 372 L2CAP_CONN_REQ, sizeof(req), &req);
373 }
374 } else if (sk->sk_state == BT_CONNECT2) {
375 struct l2cap_conn_rsp rsp;
376 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
377 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
378
379 if (l2cap_check_link_mode(sk)) {
380 sk->sk_state = BT_CONFIG;
381 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
382 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
383 } else {
384 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
385 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
386 }
387
388 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
389 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
314 } 390 }
315 391
316 bh_unlock_sock(sk); 392 bh_unlock_sock(sk);
@@ -321,22 +397,27 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
321 397
322static void l2cap_conn_ready(struct l2cap_conn *conn) 398static void l2cap_conn_ready(struct l2cap_conn *conn)
323{ 399{
324 BT_DBG("conn %p", conn); 400 struct l2cap_chan_list *l = &conn->chan_list;
401 struct sock *sk;
325 402
326 if (conn->chan_list.head || !hlist_empty(&l2cap_sk_list.head)) { 403 BT_DBG("conn %p", conn);
327 struct l2cap_info_req req;
328 404
329 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 405 read_lock(&l->lock);
330 406
331 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 407 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
332 conn->info_ident = l2cap_get_ident(conn); 408 bh_lock_sock(sk);
333 409
334 mod_timer(&conn->info_timer, 410 if (sk->sk_type != SOCK_SEQPACKET) {
335 jiffies + msecs_to_jiffies(L2CAP_INFO_TIMEOUT)); 411 l2cap_sock_clear_timer(sk);
412 sk->sk_state = BT_CONNECTED;
413 sk->sk_state_change(sk);
414 } else if (sk->sk_state == BT_CONNECT)
415 l2cap_do_start(sk);
336 416
337 l2cap_send_cmd(conn, conn->info_ident, 417 bh_unlock_sock(sk);
338 L2CAP_INFO_REQ, sizeof(req), &req);
339 } 418 }
419
420 read_unlock(&l->lock);
340} 421}
341 422
342/* Notify sockets that we cannot guaranty reliability anymore */ 423/* Notify sockets that we cannot guaranty reliability anymore */
@@ -388,7 +469,8 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
388 469
389 conn->feat_mask = 0; 470 conn->feat_mask = 0;
390 471
391 setup_timer(&conn->info_timer, l2cap_info_timeout, (unsigned long)conn); 472 setup_timer(&conn->info_timer, l2cap_info_timeout,
473 (unsigned long) conn);
392 474
393 spin_lock_init(&conn->lock); 475 spin_lock_init(&conn->lock);
394 rwlock_init(&conn->chan_list.lock); 476 rwlock_init(&conn->chan_list.lock);
@@ -500,7 +582,7 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
500 while ((sk = bt_accept_dequeue(parent, NULL))) 582 while ((sk = bt_accept_dequeue(parent, NULL)))
501 l2cap_sock_close(sk); 583 l2cap_sock_close(sk);
502 584
503 parent->sk_state = BT_CLOSED; 585 parent->sk_state = BT_CLOSED;
504 sock_set_flag(parent, SOCK_ZAPPED); 586 sock_set_flag(parent, SOCK_ZAPPED);
505} 587}
506 588
@@ -543,9 +625,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
543 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 625 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
544 l2cap_send_cmd(conn, l2cap_get_ident(conn), 626 l2cap_send_cmd(conn, l2cap_get_ident(conn),
545 L2CAP_DISCONN_REQ, sizeof(req), &req); 627 L2CAP_DISCONN_REQ, sizeof(req), &req);
546 } else { 628 } else
547 l2cap_chan_del(sk, reason); 629 l2cap_chan_del(sk, reason);
548 }
549 break; 630 break;
550 631
551 case BT_CONNECT: 632 case BT_CONNECT:
@@ -614,9 +695,9 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
614 sock_reset_flag(sk, SOCK_ZAPPED); 695 sock_reset_flag(sk, SOCK_ZAPPED);
615 696
616 sk->sk_protocol = proto; 697 sk->sk_protocol = proto;
617 sk->sk_state = BT_OPEN; 698 sk->sk_state = BT_OPEN;
618 699
619 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long)sk); 700 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
620 701
621 bt_sock_link(&l2cap_sk_list, sk); 702 bt_sock_link(&l2cap_sk_list, sk);
622 return sk; 703 return sk;
@@ -729,22 +810,11 @@ static int l2cap_do_connect(struct sock *sk)
729 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 810 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
730 811
731 if (hcon->state == BT_CONNECTED) { 812 if (hcon->state == BT_CONNECTED) {
732 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)) { 813 if (sk->sk_type != SOCK_SEQPACKET) {
733 l2cap_conn_ready(conn);
734 goto done;
735 }
736
737 if (sk->sk_type == SOCK_SEQPACKET) {
738 struct l2cap_conn_req req;
739 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
740 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
741 req.psm = l2cap_pi(sk)->psm;
742 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
743 L2CAP_CONN_REQ, sizeof(req), &req);
744 } else {
745 l2cap_sock_clear_timer(sk); 814 l2cap_sock_clear_timer(sk);
746 sk->sk_state = BT_CONNECTED; 815 sk->sk_state = BT_CONNECTED;
747 } 816 } else
817 l2cap_do_start(sk);
748 } 818 }
749 819
750done: 820done:
@@ -1145,7 +1215,8 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
1145 __l2cap_sock_close(sk, 0); 1215 __l2cap_sock_close(sk, 0);
1146 1216
1147 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1217 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1148 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1218 err = bt_sock_wait_state(sk, BT_CLOSED,
1219 sk->sk_lingertime);
1149 } 1220 }
1150 release_sock(sk); 1221 release_sock(sk);
1151 return err; 1222 return err;
@@ -1189,6 +1260,11 @@ static void l2cap_chan_ready(struct sock *sk)
1189 */ 1260 */
1190 parent->sk_data_ready(parent, 0); 1261 parent->sk_data_ready(parent, 0);
1191 } 1262 }
1263
1264 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
1265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1266 hci_conn_change_link_key(conn->hcon);
1267 }
1192} 1268}
1193 1269
1194/* Copy frame to all raw sockets on that connection */ 1270/* Copy frame to all raw sockets on that connection */
@@ -1477,7 +1553,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
1477 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 1553 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1478 struct l2cap_conn_rsp rsp; 1554 struct l2cap_conn_rsp rsp;
1479 struct sock *sk, *parent; 1555 struct sock *sk, *parent;
1480 int result = 0, status = 0; 1556 int result, status = 0;
1481 1557
1482 u16 dcid = 0, scid = __le16_to_cpu(req->scid); 1558 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1483 __le16 psm = req->psm; 1559 __le16 psm = req->psm;
@@ -1526,25 +1602,24 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
1526 1602
1527 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 1603 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1528 1604
1529 /* Service level security */
1530 result = L2CAP_CR_PEND;
1531 status = L2CAP_CS_AUTHEN_PEND;
1532 sk->sk_state = BT_CONNECT2;
1533 l2cap_pi(sk)->ident = cmd->ident; 1605 l2cap_pi(sk)->ident = cmd->ident;
1534 1606
1535 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) || 1607 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1536 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) { 1608 if (l2cap_check_link_mode(sk)) {
1537 if (!hci_conn_encrypt(conn->hcon)) 1609 sk->sk_state = BT_CONFIG;
1538 goto done; 1610 result = L2CAP_CR_SUCCESS;
1539 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) { 1611 status = L2CAP_CS_NO_INFO;
1540 if (!hci_conn_auth(conn->hcon)) 1612 } else {
1541 goto done; 1613 sk->sk_state = BT_CONNECT2;
1614 result = L2CAP_CR_PEND;
1615 status = L2CAP_CS_AUTHEN_PEND;
1616 }
1617 } else {
1618 sk->sk_state = BT_CONNECT2;
1619 result = L2CAP_CR_PEND;
1620 status = L2CAP_CS_NO_INFO;
1542 } 1621 }
1543 1622
1544 sk->sk_state = BT_CONFIG;
1545 result = status = 0;
1546
1547done:
1548 write_unlock_bh(&list->lock); 1623 write_unlock_bh(&list->lock);
1549 1624
1550response: 1625response:
@@ -1556,6 +1631,21 @@ sendresp:
1556 rsp.result = cpu_to_le16(result); 1631 rsp.result = cpu_to_le16(result);
1557 rsp.status = cpu_to_le16(status); 1632 rsp.status = cpu_to_le16(status);
1558 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1633 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1634
1635 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1636 struct l2cap_info_req info;
1637 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1638
1639 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1640 conn->info_ident = l2cap_get_ident(conn);
1641
1642 mod_timer(&conn->info_timer, jiffies +
1643 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1644
1645 l2cap_send_cmd(conn, conn->info_ident,
1646 L2CAP_INFO_REQ, sizeof(info), &info);
1647 }
1648
1559 return 0; 1649 return 0;
1560} 1650}
1561 1651
@@ -1664,9 +1754,9 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
1664 } 1754 }
1665 1755
1666 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) { 1756 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1667 u8 req[64]; 1757 u8 buf[64];
1668 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1758 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1669 l2cap_build_conf_req(sk, req), req); 1759 l2cap_build_conf_req(sk, buf), buf);
1670 } 1760 }
1671 1761
1672unlock: 1762unlock:
@@ -1708,7 +1798,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
1708 1798
1709 default: 1799 default:
1710 sk->sk_state = BT_DISCONN; 1800 sk->sk_state = BT_DISCONN;
1711 sk->sk_err = ECONNRESET; 1801 sk->sk_err = ECONNRESET;
1712 l2cap_sock_set_timer(sk, HZ * 5); 1802 l2cap_sock_set_timer(sk, HZ * 5);
1713 { 1803 {
1714 struct l2cap_disconn_req req; 1804 struct l2cap_disconn_req req;
@@ -2080,10 +2170,8 @@ static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2080static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status) 2170static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2081{ 2171{
2082 struct l2cap_chan_list *l; 2172 struct l2cap_chan_list *l;
2083 struct l2cap_conn *conn = conn = hcon->l2cap_data; 2173 struct l2cap_conn *conn = hcon->l2cap_data;
2084 struct l2cap_conn_rsp rsp;
2085 struct sock *sk; 2174 struct sock *sk;
2086 int result;
2087 2175
2088 if (!conn) 2176 if (!conn)
2089 return 0; 2177 return 0;
@@ -2095,45 +2183,65 @@ static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2095 read_lock(&l->lock); 2183 read_lock(&l->lock);
2096 2184
2097 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 2185 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2186 struct l2cap_pinfo *pi = l2cap_pi(sk);
2187
2098 bh_lock_sock(sk); 2188 bh_lock_sock(sk);
2099 2189
2100 if (sk->sk_state != BT_CONNECT2 || 2190 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2101 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) || 2191 !(hcon->link_mode & HCI_LM_ENCRYPT) &&
2102 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) { 2192 !status) {
2103 bh_unlock_sock(sk); 2193 bh_unlock_sock(sk);
2104 continue; 2194 continue;
2105 } 2195 }
2106 2196
2107 if (!status) { 2197 if (sk->sk_state == BT_CONNECT) {
2108 sk->sk_state = BT_CONFIG; 2198 if (!status) {
2109 result = 0; 2199 struct l2cap_conn_req req;
2110 } else { 2200 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2111 sk->sk_state = BT_DISCONN; 2201 req.psm = l2cap_pi(sk)->psm;
2112 l2cap_sock_set_timer(sk, HZ/10);
2113 result = L2CAP_CR_SEC_BLOCK;
2114 }
2115 2202
2116 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2203 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2117 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2204
2118 rsp.result = cpu_to_le16(result); 2205 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2119 rsp.status = cpu_to_le16(0); 2206 L2CAP_CONN_REQ, sizeof(req), &req);
2120 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2207 } else {
2121 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2208 l2cap_sock_clear_timer(sk);
2209 l2cap_sock_set_timer(sk, HZ / 10);
2210 }
2211 } else if (sk->sk_state == BT_CONNECT2) {
2212 struct l2cap_conn_rsp rsp;
2213 __u16 result;
2214
2215 if (!status) {
2216 sk->sk_state = BT_CONFIG;
2217 result = L2CAP_CR_SUCCESS;
2218 } else {
2219 sk->sk_state = BT_DISCONN;
2220 l2cap_sock_set_timer(sk, HZ / 10);
2221 result = L2CAP_CR_SEC_BLOCK;
2222 }
2223
2224 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2225 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2226 rsp.result = cpu_to_le16(result);
2227 rsp.status = cpu_to_le16(0);
2228 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2229 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2230 }
2122 2231
2123 bh_unlock_sock(sk); 2232 bh_unlock_sock(sk);
2124 } 2233 }
2125 2234
2126 read_unlock(&l->lock); 2235 read_unlock(&l->lock);
2236
2127 return 0; 2237 return 0;
2128} 2238}
2129 2239
2130static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status) 2240static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2131{ 2241{
2132 struct l2cap_chan_list *l; 2242 struct l2cap_chan_list *l;
2133 struct l2cap_conn *conn = hcon->l2cap_data; 2243 struct l2cap_conn *conn = hcon->l2cap_data;
2134 struct l2cap_conn_rsp rsp;
2135 struct sock *sk; 2244 struct sock *sk;
2136 int result;
2137 2245
2138 if (!conn) 2246 if (!conn)
2139 return 0; 2247 return 0;
@@ -2145,36 +2253,59 @@ static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status)
2145 read_lock(&l->lock); 2253 read_lock(&l->lock);
2146 2254
2147 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 2255 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2256 struct l2cap_pinfo *pi = l2cap_pi(sk);
2257
2148 bh_lock_sock(sk); 2258 bh_lock_sock(sk);
2149 2259
2150 if (sk->sk_state != BT_CONNECT2) { 2260 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2261 (sk->sk_state == BT_CONNECTED ||
2262 sk->sk_state == BT_CONFIG) &&
2263 !status && encrypt == 0x00) {
2264 __l2cap_sock_close(sk, ECONNREFUSED);
2151 bh_unlock_sock(sk); 2265 bh_unlock_sock(sk);
2152 continue; 2266 continue;
2153 } 2267 }
2154 2268
2155 if (!status) { 2269 if (sk->sk_state == BT_CONNECT) {
2156 sk->sk_state = BT_CONFIG; 2270 if (!status) {
2157 result = 0; 2271 struct l2cap_conn_req req;
2158 } else { 2272 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2159 sk->sk_state = BT_DISCONN; 2273 req.psm = l2cap_pi(sk)->psm;
2160 l2cap_sock_set_timer(sk, HZ/10); 2274
2161 result = L2CAP_CR_SEC_BLOCK; 2275 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2162 }
2163 2276
2164 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2277 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2165 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2278 L2CAP_CONN_REQ, sizeof(req), &req);
2166 rsp.result = cpu_to_le16(result); 2279 } else {
2167 rsp.status = cpu_to_le16(0); 2280 l2cap_sock_clear_timer(sk);
2168 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2281 l2cap_sock_set_timer(sk, HZ / 10);
2169 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2282 }
2283 } else if (sk->sk_state == BT_CONNECT2) {
2284 struct l2cap_conn_rsp rsp;
2285 __u16 result;
2286
2287 if (!status) {
2288 sk->sk_state = BT_CONFIG;
2289 result = L2CAP_CR_SUCCESS;
2290 } else {
2291 sk->sk_state = BT_DISCONN;
2292 l2cap_sock_set_timer(sk, HZ / 10);
2293 result = L2CAP_CR_SEC_BLOCK;
2294 }
2170 2295
2171 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) 2296 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2172 hci_conn_change_link_key(hcon); 2297 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2298 rsp.result = cpu_to_le16(result);
2299 rsp.status = cpu_to_le16(0);
2300 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2301 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2302 }
2173 2303
2174 bh_unlock_sock(sk); 2304 bh_unlock_sock(sk);
2175 } 2305 }
2176 2306
2177 read_unlock(&l->lock); 2307 read_unlock(&l->lock);
2308
2178 return 0; 2309 return 0;
2179} 2310}
2180 2311
@@ -2301,9 +2432,9 @@ static const struct proto_ops l2cap_sock_ops = {
2301 .sendmsg = l2cap_sock_sendmsg, 2432 .sendmsg = l2cap_sock_sendmsg,
2302 .recvmsg = bt_sock_recvmsg, 2433 .recvmsg = bt_sock_recvmsg,
2303 .poll = bt_sock_poll, 2434 .poll = bt_sock_poll,
2435 .ioctl = bt_sock_ioctl,
2304 .mmap = sock_no_mmap, 2436 .mmap = sock_no_mmap,
2305 .socketpair = sock_no_socketpair, 2437 .socketpair = sock_no_socketpair,
2306 .ioctl = sock_no_ioctl,
2307 .shutdown = l2cap_sock_shutdown, 2438 .shutdown = l2cap_sock_shutdown,
2308 .setsockopt = l2cap_sock_setsockopt, 2439 .setsockopt = l2cap_sock_setsockopt,
2309 .getsockopt = l2cap_sock_getsockopt 2440 .getsockopt = l2cap_sock_getsockopt
@@ -2385,7 +2516,7 @@ EXPORT_SYMBOL(l2cap_load);
2385module_init(l2cap_init); 2516module_init(l2cap_init);
2386module_exit(l2cap_exit); 2517module_exit(l2cap_exit);
2387 2518
2388MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2519MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2389MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 2520MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2390MODULE_VERSION(VERSION); 2521MODULE_VERSION(VERSION);
2391MODULE_LICENSE("GPL"); 2522MODULE_LICENSE("GPL");
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index eb62558e9b09..ba537fae0a4c 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -23,8 +23,6 @@
23 23
24/* 24/*
25 * Bluetooth RFCOMM core. 25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */ 26 */
29 27
30#include <linux/module.h> 28#include <linux/module.h>
@@ -53,7 +51,7 @@
53#define BT_DBG(D...) 51#define BT_DBG(D...)
54#endif 52#endif
55 53
56#define VERSION "1.8" 54#define VERSION "1.10"
57 55
58static int disable_cfc = 0; 56static int disable_cfc = 0;
59static int channel_mtu = -1; 57static int channel_mtu = -1;
@@ -230,6 +228,21 @@ static int rfcomm_l2sock_create(struct socket **sock)
230 return err; 228 return err;
231} 229}
232 230
231static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
232{
233 struct sock *sk = d->session->sock->sk;
234
235 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
236 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
237 return 1;
238 } else if (d->link_mode & RFCOMM_LM_AUTH) {
239 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
240 return 1;
241 }
242
243 return 0;
244}
245
233/* ---- RFCOMM DLCs ---- */ 246/* ---- RFCOMM DLCs ---- */
234static void rfcomm_dlc_timeout(unsigned long arg) 247static void rfcomm_dlc_timeout(unsigned long arg)
235{ 248{
@@ -371,15 +384,23 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
371 d->addr = __addr(s->initiator, dlci); 384 d->addr = __addr(s->initiator, dlci);
372 d->priority = 7; 385 d->priority = 7;
373 386
374 d->state = BT_CONFIG; 387 d->state = BT_CONFIG;
375 rfcomm_dlc_link(s, d); 388 rfcomm_dlc_link(s, d);
376 389
390 d->out = 1;
391
377 d->mtu = s->mtu; 392 d->mtu = s->mtu;
378 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 393 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
379 394
380 if (s->state == BT_CONNECTED) 395 if (s->state == BT_CONNECTED) {
381 rfcomm_send_pn(s, 1, d); 396 if (rfcomm_check_link_mode(d))
397 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
398 else
399 rfcomm_send_pn(s, 1, d);
400 }
401
382 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 402 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
403
383 return 0; 404 return 0;
384} 405}
385 406
@@ -423,8 +444,8 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
423 444
424 rfcomm_dlc_lock(d); 445 rfcomm_dlc_lock(d);
425 d->state = BT_CLOSED; 446 d->state = BT_CLOSED;
426 rfcomm_dlc_unlock(d);
427 d->state_change(d, err); 447 d->state_change(d, err);
448 rfcomm_dlc_unlock(d);
428 449
429 skb_queue_purge(&d->tx_queue); 450 skb_queue_purge(&d->tx_queue);
430 rfcomm_dlc_unlink(d); 451 rfcomm_dlc_unlink(d);
@@ -1146,21 +1167,6 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1146 return 0; 1167 return 0;
1147} 1168}
1148 1169
1149static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1150{
1151 struct sock *sk = d->session->sock->sk;
1152
1153 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1154 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1155 return 1;
1156 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1157 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1158 return 1;
1159 }
1160
1161 return 0;
1162}
1163
1164static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1170static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1165{ 1171{
1166 struct sock *sk = d->session->sock->sk; 1172 struct sock *sk = d->session->sock->sk;
@@ -1205,10 +1211,8 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1205 if (rfcomm_check_link_mode(d)) { 1211 if (rfcomm_check_link_mode(d)) {
1206 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1212 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1207 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1208 return 0; 1214 } else
1209 } 1215 rfcomm_dlc_accept(d);
1210
1211 rfcomm_dlc_accept(d);
1212 } 1216 }
1213 return 0; 1217 return 0;
1214 } 1218 }
@@ -1223,10 +1227,8 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1223 if (rfcomm_check_link_mode(d)) { 1227 if (rfcomm_check_link_mode(d)) {
1224 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1228 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1225 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1229 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1226 return 0; 1230 } else
1227 } 1231 rfcomm_dlc_accept(d);
1228
1229 rfcomm_dlc_accept(d);
1230 } else { 1232 } else {
1231 rfcomm_send_dm(s, dlci); 1233 rfcomm_send_dm(s, dlci);
1232 } 1234 }
@@ -1459,8 +1461,12 @@ static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb
1459 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1461 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1460 1462
1461 rfcomm_dlc_lock(d); 1463 rfcomm_dlc_lock(d);
1464
1465 d->remote_v24_sig = msc->v24_sig;
1466
1462 if (d->modem_status) 1467 if (d->modem_status)
1463 d->modem_status(d, msc->v24_sig); 1468 d->modem_status(d, msc->v24_sig);
1469
1464 rfcomm_dlc_unlock(d); 1470 rfcomm_dlc_unlock(d);
1465 1471
1466 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1472 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
@@ -1636,7 +1642,11 @@ static void rfcomm_process_connect(struct rfcomm_session *s)
1636 d = list_entry(p, struct rfcomm_dlc, list); 1642 d = list_entry(p, struct rfcomm_dlc, list);
1637 if (d->state == BT_CONFIG) { 1643 if (d->state == BT_CONFIG) {
1638 d->mtu = s->mtu; 1644 d->mtu = s->mtu;
1639 rfcomm_send_pn(s, 1, d); 1645 if (rfcomm_check_link_mode(d)) {
1646 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1647 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1648 } else
1649 rfcomm_send_pn(s, 1, d);
1640 } 1650 }
1641 } 1651 }
1642} 1652}
@@ -1709,7 +1719,11 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1709 1719
1710 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1720 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1711 rfcomm_dlc_clear_timer(d); 1721 rfcomm_dlc_clear_timer(d);
1712 rfcomm_dlc_accept(d); 1722 if (d->out) {
1723 rfcomm_send_pn(s, 1, d);
1724 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1725 } else
1726 rfcomm_dlc_accept(d);
1713 if (d->link_mode & RFCOMM_LM_SECURE) { 1727 if (d->link_mode & RFCOMM_LM_SECURE) {
1714 struct sock *sk = s->sock->sk; 1728 struct sock *sk = s->sock->sk;
1715 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1729 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
@@ -1717,7 +1731,10 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1717 continue; 1731 continue;
1718 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1732 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1719 rfcomm_dlc_clear_timer(d); 1733 rfcomm_dlc_clear_timer(d);
1720 rfcomm_send_dm(s, d->dlci); 1734 if (!d->out)
1735 rfcomm_send_dm(s, d->dlci);
1736 else
1737 d->state = BT_CLOSED;
1721 __rfcomm_dlc_close(d, ECONNREFUSED); 1738 __rfcomm_dlc_close(d, ECONNREFUSED);
1722 continue; 1739 continue;
1723 } 1740 }
@@ -1726,7 +1743,7 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1726 continue; 1743 continue;
1727 1744
1728 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1745 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1729 d->mscex == RFCOMM_MSCEX_OK) 1746 d->mscex == RFCOMM_MSCEX_OK)
1730 rfcomm_process_tx(d); 1747 rfcomm_process_tx(d);
1731 } 1748 }
1732} 1749}
@@ -1954,7 +1971,8 @@ static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1954 list_for_each_safe(p, n, &s->dlcs) { 1971 list_for_each_safe(p, n, &s->dlcs) {
1955 d = list_entry(p, struct rfcomm_dlc, list); 1972 d = list_entry(p, struct rfcomm_dlc, list);
1956 1973
1957 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1974 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
1975 !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1958 continue; 1976 continue;
1959 1977
1960 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1978 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
@@ -1988,6 +2006,14 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1988 list_for_each_safe(p, n, &s->dlcs) { 2006 list_for_each_safe(p, n, &s->dlcs) {
1989 d = list_entry(p, struct rfcomm_dlc, list); 2007 d = list_entry(p, struct rfcomm_dlc, list);
1990 2008
2009 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2010 (d->state == BT_CONNECTED ||
2011 d->state == BT_CONFIG) &&
2012 !status && encrypt == 0x00) {
2013 __rfcomm_dlc_close(d, ECONNREFUSED);
2014 continue;
2015 }
2016
1991 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2017 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1992 continue; 2018 continue;
1993 2019
@@ -2089,7 +2115,7 @@ MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2089module_param(l2cap_mtu, uint, 0644); 2115module_param(l2cap_mtu, uint, 0644);
2090MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2116MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2091 2117
2092MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2118MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2093MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2119MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2094MODULE_VERSION(VERSION); 2120MODULE_VERSION(VERSION);
2095MODULE_LICENSE("GPL"); 2121MODULE_LICENSE("GPL");
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 5083adcbfae5..8a972b6ba85f 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -23,8 +23,6 @@
23 23
24/* 24/*
25 * RFCOMM sockets. 25 * RFCOMM sockets.
26 *
27 * $Id: sock.c,v 1.24 2002/10/03 01:00:34 maxk Exp $
28 */ 26 */
29 27
30#include <linux/module.h> 28#include <linux/module.h>
@@ -309,13 +307,13 @@ static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int
309 sk->sk_destruct = rfcomm_sock_destruct; 307 sk->sk_destruct = rfcomm_sock_destruct;
310 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 308 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
311 309
312 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 310 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
313 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 311 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
314 312
315 sock_reset_flag(sk, SOCK_ZAPPED); 313 sock_reset_flag(sk, SOCK_ZAPPED);
316 314
317 sk->sk_protocol = proto; 315 sk->sk_protocol = proto;
318 sk->sk_state = BT_OPEN; 316 sk->sk_state = BT_OPEN;
319 317
320 bt_sock_link(&rfcomm_sk_list, sk); 318 bt_sock_link(&rfcomm_sk_list, sk);
321 319
@@ -413,6 +411,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
413 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 411 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
414 rfcomm_pi(sk)->channel = sa->rc_channel; 412 rfcomm_pi(sk)->channel = sa->rc_channel;
415 413
414 d->link_mode = rfcomm_pi(sk)->link_mode;
415
416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
417 if (!err) 417 if (!err)
418 err = bt_sock_wait_state(sk, BT_CONNECTED, 418 err = bt_sock_wait_state(sk, BT_CONNECTED,
@@ -688,6 +688,8 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
688 copied += chunk; 688 copied += chunk;
689 size -= chunk; 689 size -= chunk;
690 690
691 sock_recv_timestamp(msg, sk, skb);
692
691 if (!(flags & MSG_PEEK)) { 693 if (!(flags & MSG_PEEK)) {
692 atomic_sub(chunk, &sk->sk_rmem_alloc); 694 atomic_sub(chunk, &sk->sk_rmem_alloc);
693 695
@@ -793,15 +795,20 @@ static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned lon
793 struct sock *sk = sock->sk; 795 struct sock *sk = sock->sk;
794 int err; 796 int err;
795 797
796 lock_sock(sk); 798 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
799
800 err = bt_sock_ioctl(sock, cmd, arg);
797 801
802 if (err == -ENOIOCTLCMD) {
798#ifdef CONFIG_BT_RFCOMM_TTY 803#ifdef CONFIG_BT_RFCOMM_TTY
799 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 804 lock_sock(sk);
805 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
806 release_sock(sk);
800#else 807#else
801 err = -EOPNOTSUPP; 808 err = -EOPNOTSUPP;
802#endif 809#endif
810 }
803 811
804 release_sock(sk);
805 return err; 812 return err;
806} 813}
807 814
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index c3f749abb2d0..d3340dd52bcf 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -23,8 +23,6 @@
23 23
24/* 24/*
25 * RFCOMM TTY. 25 * RFCOMM TTY.
26 *
27 * $Id: tty.c,v 1.24 2002/10/03 01:54:38 holtmann Exp $
28 */ 26 */
29 27
30#include <linux/module.h> 28#include <linux/module.h>
@@ -77,6 +75,8 @@ struct rfcomm_dev {
77 struct device *tty_dev; 75 struct device *tty_dev;
78 76
79 atomic_t wmem_alloc; 77 atomic_t wmem_alloc;
78
79 struct sk_buff_head pending;
80}; 80};
81 81
82static LIST_HEAD(rfcomm_dev_list); 82static LIST_HEAD(rfcomm_dev_list);
@@ -264,13 +264,34 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
264 init_waitqueue_head(&dev->wait); 264 init_waitqueue_head(&dev->wait);
265 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 265 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
266 266
267 skb_queue_head_init(&dev->pending);
268
267 rfcomm_dlc_lock(dlc); 269 rfcomm_dlc_lock(dlc);
270
271 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
272 struct sock *sk = dlc->owner;
273 struct sk_buff *skb;
274
275 BUG_ON(!sk);
276
277 rfcomm_dlc_throttle(dlc);
278
279 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
280 skb_orphan(skb);
281 skb_queue_tail(&dev->pending, skb);
282 atomic_sub(skb->len, &sk->sk_rmem_alloc);
283 }
284 }
285
268 dlc->data_ready = rfcomm_dev_data_ready; 286 dlc->data_ready = rfcomm_dev_data_ready;
269 dlc->state_change = rfcomm_dev_state_change; 287 dlc->state_change = rfcomm_dev_state_change;
270 dlc->modem_status = rfcomm_dev_modem_status; 288 dlc->modem_status = rfcomm_dev_modem_status;
271 289
272 dlc->owner = dev; 290 dlc->owner = dev;
273 dev->dlc = dlc; 291 dev->dlc = dlc;
292
293 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
294
274 rfcomm_dlc_unlock(dlc); 295 rfcomm_dlc_unlock(dlc);
275 296
276 /* It's safe to call __module_get() here because socket already 297 /* It's safe to call __module_get() here because socket already
@@ -539,11 +560,16 @@ static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
539 struct rfcomm_dev *dev = dlc->owner; 560 struct rfcomm_dev *dev = dlc->owner;
540 struct tty_struct *tty; 561 struct tty_struct *tty;
541 562
542 if (!dev || !(tty = dev->tty)) { 563 if (!dev) {
543 kfree_skb(skb); 564 kfree_skb(skb);
544 return; 565 return;
545 } 566 }
546 567
568 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) {
569 skb_queue_tail(&dev->pending, skb);
570 return;
571 }
572
547 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 573 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
548 574
549 tty_insert_flip_string(tty, skb->data, skb->len); 575 tty_insert_flip_string(tty, skb->data, skb->len);
@@ -566,11 +592,22 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
566 if (dlc->state == BT_CLOSED) { 592 if (dlc->state == BT_CLOSED) {
567 if (!dev->tty) { 593 if (!dev->tty) {
568 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 594 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
569 if (rfcomm_dev_get(dev->id) == NULL) 595 /* Drop DLC lock here to avoid deadlock
596 * 1. rfcomm_dev_get will take rfcomm_dev_lock
597 * but in rfcomm_dev_add there's lock order:
598 * rfcomm_dev_lock -> dlc lock
599 * 2. rfcomm_dev_put will deadlock if it's
600 * the last reference
601 */
602 rfcomm_dlc_unlock(dlc);
603 if (rfcomm_dev_get(dev->id) == NULL) {
604 rfcomm_dlc_lock(dlc);
570 return; 605 return;
606 }
571 607
572 rfcomm_dev_del(dev); 608 rfcomm_dev_del(dev);
573 rfcomm_dev_put(dev); 609 rfcomm_dev_put(dev);
610 rfcomm_dlc_lock(dlc);
574 } 611 }
575 } else 612 } else
576 tty_hangup(dev->tty); 613 tty_hangup(dev->tty);
@@ -606,14 +643,31 @@ static void rfcomm_tty_wakeup(unsigned long arg)
606 return; 643 return;
607 644
608 BT_DBG("dev %p tty %p", dev, tty); 645 BT_DBG("dev %p tty %p", dev, tty);
646 tty_wakeup(tty);
647}
609 648
610 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) 649static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
611 (tty->ldisc.write_wakeup)(tty); 650{
651 struct tty_struct *tty = dev->tty;
652 struct sk_buff *skb;
653 int inserted = 0;
612 654
613 wake_up_interruptible(&tty->write_wait); 655 if (!tty)
614#ifdef SERIAL_HAVE_POLL_WAIT 656 return;
615 wake_up_interruptible(&tty->poll_wait); 657
616#endif 658 BT_DBG("dev %p tty %p", dev, tty);
659
660 rfcomm_dlc_lock(dev->dlc);
661
662 while ((skb = skb_dequeue(&dev->pending))) {
663 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
664 kfree_skb(skb);
665 }
666
667 rfcomm_dlc_unlock(dev->dlc);
668
669 if (inserted > 0)
670 tty_flip_buffer_push(tty);
617} 671}
618 672
619static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 673static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
@@ -680,6 +734,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
680 if (err == 0) 734 if (err == 0)
681 device_move(dev->tty_dev, rfcomm_get_device(dev)); 735 device_move(dev->tty_dev, rfcomm_get_device(dev));
682 736
737 rfcomm_tty_copy_pending(dev);
738
739 rfcomm_dlc_unthrottle(dev->dlc);
740
683 return err; 741 return err;
684} 742}
685 743
@@ -994,9 +1052,7 @@ static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
994 return; 1052 return;
995 1053
996 skb_queue_purge(&dev->dlc->tx_queue); 1054 skb_queue_purge(&dev->dlc->tx_queue);
997 1055 tty_wakeup(tty);
998 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
999 tty->ldisc.write_wakeup(tty);
1000} 1056}
1001 1057
1002static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) 1058static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch)
@@ -1112,6 +1168,7 @@ int rfcomm_init_ttys(void)
1112 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1168 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1113 rfcomm_tty_driver->init_termios = tty_std_termios; 1169 rfcomm_tty_driver->init_termios = tty_std_termios;
1114 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1170 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1171 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1115 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1172 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1116 1173
1117 if (tty_register_driver(rfcomm_tty_driver)) { 1174 if (tty_register_driver(rfcomm_tty_driver)) {
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index b0d487e2db20..a16011fedc1d 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -53,7 +53,9 @@
53#define BT_DBG(D...) 53#define BT_DBG(D...)
54#endif 54#endif
55 55
56#define VERSION "0.5" 56#define VERSION "0.6"
57
58static int disable_esco = 0;
57 59
58static const struct proto_ops sco_sock_ops; 60static const struct proto_ops sco_sock_ops;
59 61
@@ -193,7 +195,10 @@ static int sco_connect(struct sock *sk)
193 195
194 err = -ENOMEM; 196 err = -ENOMEM;
195 197
196 type = lmp_esco_capable(hdev) ? ESCO_LINK : SCO_LINK; 198 if (lmp_esco_capable(hdev) && !disable_esco)
199 type = ESCO_LINK;
200 else
201 type = SCO_LINK;
197 202
198 hcon = hci_connect(hdev, type, dst); 203 hcon = hci_connect(hdev, type, dst);
199 if (!hcon) 204 if (!hcon)
@@ -921,7 +926,7 @@ static const struct proto_ops sco_sock_ops = {
921 .sendmsg = sco_sock_sendmsg, 926 .sendmsg = sco_sock_sendmsg,
922 .recvmsg = bt_sock_recvmsg, 927 .recvmsg = bt_sock_recvmsg,
923 .poll = bt_sock_poll, 928 .poll = bt_sock_poll,
924 .ioctl = sock_no_ioctl, 929 .ioctl = bt_sock_ioctl,
925 .mmap = sock_no_mmap, 930 .mmap = sock_no_mmap,
926 .socketpair = sock_no_socketpair, 931 .socketpair = sock_no_socketpair,
927 .shutdown = sock_no_shutdown, 932 .shutdown = sock_no_shutdown,
@@ -994,7 +999,10 @@ static void __exit sco_exit(void)
994module_init(sco_init); 999module_init(sco_init);
995module_exit(sco_exit); 1000module_exit(sco_exit);
996 1001
997MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 1002module_param(disable_esco, bool, 0644);
1003MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1004
1005MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
998MODULE_DESCRIPTION("Bluetooth SCO ver " VERSION); 1006MODULE_DESCRIPTION("Bluetooth SCO ver " VERSION);
999MODULE_VERSION(VERSION); 1007MODULE_VERSION(VERSION);
1000MODULE_LICENSE("GPL"); 1008MODULE_LICENSE("GPL");
diff --git a/net/bridge/Kconfig b/net/bridge/Kconfig
index 12265aff7099..e143ca678881 100644
--- a/net/bridge/Kconfig
+++ b/net/bridge/Kconfig
@@ -5,6 +5,7 @@
5config BRIDGE 5config BRIDGE
6 tristate "802.1d Ethernet Bridging" 6 tristate "802.1d Ethernet Bridging"
7 select LLC 7 select LLC
8 select STP
8 ---help--- 9 ---help---
9 If you say Y here, then your Linux box will be able to act as an 10 If you say Y here, then your Linux box will be able to act as an
10 Ethernet bridge, which means that the different Ethernet segments it 11 Ethernet bridge, which means that the different Ethernet segments it
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 8f3c58e5f7a5..573acdf6f9ff 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br.c,v 1.47 2001/12/24 00:56:41 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -20,21 +18,24 @@
20#include <linux/init.h> 18#include <linux/init.h>
21#include <linux/llc.h> 19#include <linux/llc.h>
22#include <net/llc.h> 20#include <net/llc.h>
21#include <net/stp.h>
23 22
24#include "br_private.h" 23#include "br_private.h"
25 24
26int (*br_should_route_hook)(struct sk_buff *skb); 25int (*br_should_route_hook)(struct sk_buff *skb);
27 26
28static struct llc_sap *br_stp_sap; 27static const struct stp_proto br_stp_proto = {
28 .rcv = br_stp_rcv,
29};
29 30
30static int __init br_init(void) 31static int __init br_init(void)
31{ 32{
32 int err; 33 int err;
33 34
34 br_stp_sap = llc_sap_open(LLC_SAP_BSPAN, br_stp_rcv); 35 err = stp_proto_register(&br_stp_proto);
35 if (!br_stp_sap) { 36 if (err < 0) {
36 printk(KERN_ERR "bridge: can't register sap for STP\n"); 37 printk(KERN_ERR "bridge: can't register sap for STP\n");
37 return -EADDRINUSE; 38 return err;
38 } 39 }
39 40
40 err = br_fdb_init(); 41 err = br_fdb_init();
@@ -67,13 +68,13 @@ err_out2:
67err_out1: 68err_out1:
68 br_fdb_fini(); 69 br_fdb_fini();
69err_out: 70err_out:
70 llc_sap_put(br_stp_sap); 71 stp_proto_unregister(&br_stp_proto);
71 return err; 72 return err;
72} 73}
73 74
74static void __exit br_deinit(void) 75static void __exit br_deinit(void)
75{ 76{
76 rcu_assign_pointer(br_stp_sap->rcv_func, NULL); 77 stp_proto_unregister(&br_stp_proto);
77 78
78 br_netlink_fini(); 79 br_netlink_fini();
79 unregister_netdevice_notifier(&br_device_notifier); 80 unregister_netdevice_notifier(&br_device_notifier);
@@ -84,7 +85,6 @@ static void __exit br_deinit(void)
84 synchronize_net(); 85 synchronize_net();
85 86
86 br_netfilter_fini(); 87 br_netfilter_fini();
87 llc_sap_put(br_stp_sap);
88 br_fdb_get_hook = NULL; 88 br_fdb_get_hook = NULL;
89 br_fdb_put_hook = NULL; 89 br_fdb_put_hook = NULL;
90 90
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index bf7787395fe0..4f52c3d50ebe 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_device.c,v 1.6 2001/12/24 00:59:55 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -21,12 +19,6 @@
21#include <asm/uaccess.h> 19#include <asm/uaccess.h>
22#include "br_private.h" 20#include "br_private.h"
23 21
24static struct net_device_stats *br_dev_get_stats(struct net_device *dev)
25{
26 struct net_bridge *br = netdev_priv(dev);
27 return &br->statistics;
28}
29
30/* net device transmit always called with no BH (preempt_disabled) */ 22/* net device transmit always called with no BH (preempt_disabled) */
31int br_dev_xmit(struct sk_buff *skb, struct net_device *dev) 23int br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
32{ 24{
@@ -34,8 +26,8 @@ int br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
34 const unsigned char *dest = skb->data; 26 const unsigned char *dest = skb->data;
35 struct net_bridge_fdb_entry *dst; 27 struct net_bridge_fdb_entry *dst;
36 28
37 br->statistics.tx_packets++; 29 dev->stats.tx_packets++;
38 br->statistics.tx_bytes += skb->len; 30 dev->stats.tx_bytes += skb->len;
39 31
40 skb_reset_mac_header(skb); 32 skb_reset_mac_header(skb);
41 skb_pull(skb, ETH_HLEN); 33 skb_pull(skb, ETH_HLEN);
@@ -76,10 +68,17 @@ static int br_dev_stop(struct net_device *dev)
76 68
77static int br_change_mtu(struct net_device *dev, int new_mtu) 69static int br_change_mtu(struct net_device *dev, int new_mtu)
78{ 70{
79 if (new_mtu < 68 || new_mtu > br_min_mtu(netdev_priv(dev))) 71 struct net_bridge *br = netdev_priv(dev);
72 if (new_mtu < 68 || new_mtu > br_min_mtu(br))
80 return -EINVAL; 73 return -EINVAL;
81 74
82 dev->mtu = new_mtu; 75 dev->mtu = new_mtu;
76
77#ifdef CONFIG_BRIDGE_NETFILTER
78 /* remember the MTU in the rtable for PMTU */
79 br->fake_rtable.u.dst.metrics[RTAX_MTU - 1] = new_mtu;
80#endif
81
83 return 0; 82 return 0;
84} 83}
85 84
@@ -95,6 +94,7 @@ static int br_set_mac_address(struct net_device *dev, void *p)
95 spin_lock_bh(&br->lock); 94 spin_lock_bh(&br->lock);
96 memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN); 95 memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
97 br_stp_change_bridge_id(br, addr->sa_data); 96 br_stp_change_bridge_id(br, addr->sa_data);
97 br->flags |= BR_SET_MAC_ADDR;
98 spin_unlock_bh(&br->lock); 98 spin_unlock_bh(&br->lock);
99 99
100 return 0; 100 return 0;
@@ -148,11 +148,16 @@ static int br_set_tx_csum(struct net_device *dev, u32 data)
148} 148}
149 149
150static struct ethtool_ops br_ethtool_ops = { 150static struct ethtool_ops br_ethtool_ops = {
151 .get_drvinfo = br_getinfo, 151 .get_drvinfo = br_getinfo,
152 .get_link = ethtool_op_get_link, 152 .get_link = ethtool_op_get_link,
153 .set_sg = br_set_sg, 153 .get_tx_csum = ethtool_op_get_tx_csum,
154 .set_tx_csum = br_set_tx_csum, 154 .set_tx_csum = br_set_tx_csum,
155 .set_tso = br_set_tso, 155 .get_sg = ethtool_op_get_sg,
156 .set_sg = br_set_sg,
157 .get_tso = ethtool_op_get_tso,
158 .set_tso = br_set_tso,
159 .get_ufo = ethtool_op_get_ufo,
160 .get_flags = ethtool_op_get_flags,
156}; 161};
157 162
158void br_dev_setup(struct net_device *dev) 163void br_dev_setup(struct net_device *dev)
@@ -161,7 +166,6 @@ void br_dev_setup(struct net_device *dev)
161 ether_setup(dev); 166 ether_setup(dev);
162 167
163 dev->do_ioctl = br_dev_ioctl; 168 dev->do_ioctl = br_dev_ioctl;
164 dev->get_stats = br_dev_get_stats;
165 dev->hard_start_xmit = br_dev_xmit; 169 dev->hard_start_xmit = br_dev_xmit;
166 dev->open = br_dev_open; 170 dev->open = br_dev_open;
167 dev->set_multicast_list = br_dev_set_multicast_list; 171 dev->set_multicast_list = br_dev_set_multicast_list;
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 72c5976a5ce3..a48f5efdb6bf 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_fdb.c,v 1.6 2002/01/17 00:57:07 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -15,6 +13,7 @@
15 13
16#include <linux/kernel.h> 14#include <linux/kernel.h>
17#include <linux/init.h> 15#include <linux/init.h>
16#include <linux/rculist.h>
18#include <linux/spinlock.h> 17#include <linux/spinlock.h>
19#include <linux/times.h> 18#include <linux/times.h>
20#include <linux/netdevice.h> 19#include <linux/netdevice.h>
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index bdd7c35c3c7b..bdd9ccea17ce 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_forward.c,v 1.4 2001/08/14 22:05:57 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -91,7 +89,7 @@ void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
91/* called with rcu_read_lock */ 89/* called with rcu_read_lock */
92void br_forward(const struct net_bridge_port *to, struct sk_buff *skb) 90void br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
93{ 91{
94 if (should_deliver(to, skb)) { 92 if (!skb_warn_if_lro(skb) && should_deliver(to, skb)) {
95 __br_forward(to, skb); 93 __br_forward(to, skb);
96 return; 94 return;
97 } 95 }
@@ -115,7 +113,7 @@ static void br_flood(struct net_bridge *br, struct sk_buff *skb,
115 struct sk_buff *skb2; 113 struct sk_buff *skb2;
116 114
117 if ((skb2 = skb_clone(skb, GFP_ATOMIC)) == NULL) { 115 if ((skb2 = skb_clone(skb, GFP_ATOMIC)) == NULL) {
118 br->statistics.tx_dropped++; 116 br->dev->stats.tx_dropped++;
119 kfree_skb(skb); 117 kfree_skb(skb);
120 return; 118 return;
121 } 119 }
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index c2397f503b0f..63c18aacde8c 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_if.c,v 1.7 2001/12/24 00:59:55 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -204,6 +202,9 @@ static struct net_device *new_bridge_dev(const char *name)
204 br->topology_change = 0; 202 br->topology_change = 0;
205 br->topology_change_detected = 0; 203 br->topology_change_detected = 0;
206 br->ageing_time = 300 * HZ; 204 br->ageing_time = 300 * HZ;
205
206 br_netfilter_rtable_init(br);
207
207 INIT_LIST_HEAD(&br->age_list); 208 INIT_LIST_HEAD(&br->age_list);
208 209
209 br_stp_timer_init(br); 210 br_stp_timer_init(br);
@@ -375,6 +376,10 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
375 if (IS_ERR(p)) 376 if (IS_ERR(p))
376 return PTR_ERR(p); 377 return PTR_ERR(p);
377 378
379 err = dev_set_promiscuity(dev, 1);
380 if (err)
381 goto put_back;
382
378 err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj), 383 err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj),
379 SYSFS_BRIDGE_PORT_ATTR); 384 SYSFS_BRIDGE_PORT_ATTR);
380 if (err) 385 if (err)
@@ -389,7 +394,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
389 goto err2; 394 goto err2;
390 395
391 rcu_assign_pointer(dev->br_port, p); 396 rcu_assign_pointer(dev->br_port, p);
392 dev_set_promiscuity(dev, 1); 397 dev_disable_lro(dev);
393 398
394 list_add_rcu(&p->list, &br->port_list); 399 list_add_rcu(&p->list, &br->port_list);
395 400
@@ -413,12 +418,12 @@ err2:
413 br_fdb_delete_by_port(br, p, 1); 418 br_fdb_delete_by_port(br, p, 1);
414err1: 419err1:
415 kobject_del(&p->kobj); 420 kobject_del(&p->kobj);
416 goto put_back;
417err0: 421err0:
418 kobject_put(&p->kobj); 422 kobject_put(&p->kobj);
419 423 dev_set_promiscuity(dev, -1);
420put_back: 424put_back:
421 dev_put(dev); 425 dev_put(dev);
426 kfree(p);
422 return err; 427 return err;
423} 428}
424 429
@@ -442,12 +447,16 @@ int br_del_if(struct net_bridge *br, struct net_device *dev)
442 447
443void __exit br_cleanup_bridges(void) 448void __exit br_cleanup_bridges(void)
444{ 449{
445 struct net_device *dev, *nxt; 450 struct net_device *dev;
446 451
447 rtnl_lock(); 452 rtnl_lock();
448 for_each_netdev_safe(&init_net, dev, nxt) 453restart:
449 if (dev->priv_flags & IFF_EBRIDGE) 454 for_each_netdev(&init_net, dev) {
455 if (dev->priv_flags & IFF_EBRIDGE) {
450 del_br(dev->priv); 456 del_br(dev->priv);
457 goto restart;
458 }
459 }
451 rtnl_unlock(); 460 rtnl_unlock();
452 461
453} 462}
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 255c00f60ce7..30b88777c3df 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_input.c,v 1.10 2001/12/24 04:50:20 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -24,13 +22,13 @@ const u8 br_group_address[ETH_ALEN] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 };
24 22
25static void br_pass_frame_up(struct net_bridge *br, struct sk_buff *skb) 23static void br_pass_frame_up(struct net_bridge *br, struct sk_buff *skb)
26{ 24{
27 struct net_device *indev; 25 struct net_device *indev, *brdev = br->dev;
28 26
29 br->statistics.rx_packets++; 27 brdev->stats.rx_packets++;
30 br->statistics.rx_bytes += skb->len; 28 brdev->stats.rx_bytes += skb->len;
31 29
32 indev = skb->dev; 30 indev = skb->dev;
33 skb->dev = br->dev; 31 skb->dev = brdev;
34 32
35 NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 33 NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL,
36 netif_receive_skb); 34 netif_receive_skb);
@@ -64,7 +62,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
64 dst = NULL; 62 dst = NULL;
65 63
66 if (is_multicast_ether_addr(dest)) { 64 if (is_multicast_ether_addr(dest)) {
67 br->statistics.multicast++; 65 br->dev->stats.multicast++;
68 skb2 = skb; 66 skb2 = skb;
69 } else if ((dst = __br_fdb_get(br, dest)) && dst->is_local) { 67 } else if ((dst = __br_fdb_get(br, dest)) && dst->is_local) {
70 skb2 = skb; 68 skb2 = skb;
@@ -136,14 +134,11 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
136 if (skb->protocol == htons(ETH_P_PAUSE)) 134 if (skb->protocol == htons(ETH_P_PAUSE))
137 goto drop; 135 goto drop;
138 136
139 /* Process STP BPDU's through normal netif_receive_skb() path */ 137 if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
140 if (p->br->stp_enabled != BR_NO_STP) { 138 NULL, br_handle_local_finish))
141 if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 139 return NULL; /* frame consumed by filter */
142 NULL, br_handle_local_finish)) 140 else
143 return NULL; 141 return skb; /* continue processing */
144 else
145 return skb;
146 }
147 } 142 }
148 143
149 switch (p->state) { 144 switch (p->state) {
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
index 0655a5f07f58..eeee218eed80 100644
--- a/net/bridge/br_ioctl.c
+++ b/net/bridge/br_ioctl.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_ioctl.c,v 1.4 2000/11/08 05:16:40 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index bb90cd7bace3..6a9a6cd74b1e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -101,33 +101,30 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
101 pppoe_proto(skb) == htons(PPP_IPV6) && \ 101 pppoe_proto(skb) == htons(PPP_IPV6) && \
102 brnf_filter_pppoe_tagged) 102 brnf_filter_pppoe_tagged)
103 103
104/* We need these fake structures to make netfilter happy -- 104/*
105 * lots of places assume that skb->dst != NULL, which isn't 105 * Initialize bogus route table used to keep netfilter happy.
106 * all that unreasonable.
107 *
108 * Currently, we fill in the PMTU entry because netfilter 106 * Currently, we fill in the PMTU entry because netfilter
109 * refragmentation needs it, and the rt_flags entry because 107 * refragmentation needs it, and the rt_flags entry because
110 * ipt_REJECT needs it. Future netfilter modules might 108 * ipt_REJECT needs it. Future netfilter modules might
111 * require us to fill additional fields. */ 109 * require us to fill additional fields.
112static struct net_device __fake_net_device = { 110 */
113 .hard_header_len = ETH_HLEN, 111void br_netfilter_rtable_init(struct net_bridge *br)
114#ifdef CONFIG_NET_NS 112{
115 .nd_net = &init_net, 113 struct rtable *rt = &br->fake_rtable;
116#endif
117};
118 114
119static struct rtable __fake_rtable = { 115 atomic_set(&rt->u.dst.__refcnt, 1);
120 .u = { 116 rt->u.dst.dev = br->dev;
121 .dst = { 117 rt->u.dst.path = &rt->u.dst;
122 .__refcnt = ATOMIC_INIT(1), 118 rt->u.dst.metrics[RTAX_MTU - 1] = 1500;
123 .dev = &__fake_net_device, 119 rt->u.dst.flags = DST_NOXFRM;
124 .path = &__fake_rtable.u.dst, 120}
125 .metrics = {[RTAX_MTU - 1] = 1500}, 121
126 .flags = DST_NOXFRM, 122static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
127 } 123{
128 }, 124 struct net_bridge_port *port = rcu_dereference(dev->br_port);
129 .rt_flags = 0, 125
130}; 126 return port ? &port->br->fake_rtable : NULL;
127}
131 128
132static inline struct net_device *bridge_parent(const struct net_device *dev) 129static inline struct net_device *bridge_parent(const struct net_device *dev)
133{ 130{
@@ -226,8 +223,12 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
226 } 223 }
227 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; 224 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
228 225
229 skb->rtable = &__fake_rtable; 226 skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
230 dst_hold(&__fake_rtable.u.dst); 227 if (!skb->rtable) {
228 kfree_skb(skb);
229 return 0;
230 }
231 dst_hold(&skb->rtable->u.dst);
231 232
232 skb->dev = nf_bridge->physindev; 233 skb->dev = nf_bridge->physindev;
233 nf_bridge_push_encap_header(skb); 234 nf_bridge_push_encap_header(skb);
@@ -391,8 +392,12 @@ bridged_dnat:
391 skb->pkt_type = PACKET_HOST; 392 skb->pkt_type = PACKET_HOST;
392 } 393 }
393 } else { 394 } else {
394 skb->rtable = &__fake_rtable; 395 skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
395 dst_hold(&__fake_rtable.u.dst); 396 if (!skb->rtable) {
397 kfree_skb(skb);
398 return 0;
399 }
400 dst_hold(&skb->rtable->u.dst);
396 } 401 }
397 402
398 skb->dev = nf_bridge->physindev; 403 skb->dev = nf_bridge->physindev;
@@ -611,8 +616,8 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
611 const struct net_device *out, 616 const struct net_device *out,
612 int (*okfn)(struct sk_buff *)) 617 int (*okfn)(struct sk_buff *))
613{ 618{
614 if (skb->rtable == &__fake_rtable) { 619 if (skb->rtable && skb->rtable == bridge_parent_rtable(in)) {
615 dst_release(&__fake_rtable.u.dst); 620 dst_release(&skb->rtable->u.dst);
616 skb->rtable = NULL; 621 skb->rtable = NULL;
617 } 622 }
618 623
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c
index 00644a544e3c..76340bdd052e 100644
--- a/net/bridge/br_notify.c
+++ b/net/bridge/br_notify.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_notify.c,v 1.2 2000/02/21 15:51:34 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -37,7 +35,7 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
37 struct net_bridge_port *p = dev->br_port; 35 struct net_bridge_port *p = dev->br_port;
38 struct net_bridge *br; 36 struct net_bridge *br;
39 37
40 if (dev_net(dev) != &init_net) 38 if (!net_eq(dev_net(dev), &init_net))
41 return NOTIFY_DONE; 39 return NOTIFY_DONE;
42 40
43 /* not a port of a bridge */ 41 /* not a port of a bridge */
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index c11b554fd109..c3dc18ddc043 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -4,8 +4,6 @@
4 * Authors: 4 * Authors:
5 * Lennert Buytenhek <buytenh@gnu.org> 5 * Lennert Buytenhek <buytenh@gnu.org>
6 * 6 *
7 * $Id: br_private.h,v 1.7 2001/12/24 00:59:55 davem Exp $
8 *
9 * This program is free software; you can redistribute it and/or 7 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License 8 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 9 * as published by the Free Software Foundation; either version
@@ -17,6 +15,7 @@
17 15
18#include <linux/netdevice.h> 16#include <linux/netdevice.h>
19#include <linux/if_bridge.h> 17#include <linux/if_bridge.h>
18#include <net/route.h>
20 19
21#define BR_HASH_BITS 8 20#define BR_HASH_BITS 8
22#define BR_HASH_SIZE (1 << BR_HASH_BITS) 21#define BR_HASH_SIZE (1 << BR_HASH_BITS)
@@ -90,11 +89,15 @@ struct net_bridge
90 spinlock_t lock; 89 spinlock_t lock;
91 struct list_head port_list; 90 struct list_head port_list;
92 struct net_device *dev; 91 struct net_device *dev;
93 struct net_device_stats statistics;
94 spinlock_t hash_lock; 92 spinlock_t hash_lock;
95 struct hlist_head hash[BR_HASH_SIZE]; 93 struct hlist_head hash[BR_HASH_SIZE];
96 struct list_head age_list; 94 struct list_head age_list;
97 unsigned long feature_mask; 95 unsigned long feature_mask;
96#ifdef CONFIG_BRIDGE_NETFILTER
97 struct rtable fake_rtable;
98#endif
99 unsigned long flags;
100#define BR_SET_MAC_ADDR 0x00000001
98 101
99 /* STP */ 102 /* STP */
100 bridge_id designated_root; 103 bridge_id designated_root;
@@ -198,9 +201,11 @@ extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __us
198#ifdef CONFIG_BRIDGE_NETFILTER 201#ifdef CONFIG_BRIDGE_NETFILTER
199extern int br_netfilter_init(void); 202extern int br_netfilter_init(void);
200extern void br_netfilter_fini(void); 203extern void br_netfilter_fini(void);
204extern void br_netfilter_rtable_init(struct net_bridge *);
201#else 205#else
202#define br_netfilter_init() (0) 206#define br_netfilter_init() (0)
203#define br_netfilter_fini() do { } while(0) 207#define br_netfilter_fini() do { } while(0)
208#define br_netfilter_rtable_init(x)
204#endif 209#endif
205 210
206/* br_stp.c */ 211/* br_stp.c */
@@ -227,8 +232,9 @@ extern void br_stp_set_path_cost(struct net_bridge_port *p,
227extern ssize_t br_show_bridge_id(char *buf, const struct bridge_id *id); 232extern ssize_t br_show_bridge_id(char *buf, const struct bridge_id *id);
228 233
229/* br_stp_bpdu.c */ 234/* br_stp_bpdu.c */
230extern int br_stp_rcv(struct sk_buff *skb, struct net_device *dev, 235struct stp_proto;
231 struct packet_type *pt, struct net_device *orig_dev); 236extern void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb,
237 struct net_device *dev);
232 238
233/* br_stp_timer.c */ 239/* br_stp_timer.c */
234extern void br_stp_timer_init(struct net_bridge *br); 240extern void br_stp_timer_init(struct net_bridge *br);
diff --git a/net/bridge/br_private_stp.h b/net/bridge/br_private_stp.h
index e29f01ac1adf..8b650f7fbfa0 100644
--- a/net/bridge/br_private_stp.h
+++ b/net/bridge/br_private_stp.h
@@ -4,8 +4,6 @@
4 * Authors: 4 * Authors:
5 * Lennert Buytenhek <buytenh@gnu.org> 5 * Lennert Buytenhek <buytenh@gnu.org>
6 * 6 *
7 * $Id: br_private_stp.h,v 1.3 2001/02/05 06:03:47 davem Exp $
8 *
9 * This program is free software; you can redistribute it and/or 7 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License 8 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 9 * as published by the Free Software Foundation; either version
diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
index e38034aa56f5..6e63ec3f1fcf 100644
--- a/net/bridge/br_stp.c
+++ b/net/bridge/br_stp.c
@@ -5,14 +5,13 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_stp.c,v 1.4 2000/06/19 10:13:35 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version. 11 * 2 of the License, or (at your option) any later version.
14 */ 12 */
15#include <linux/kernel.h> 13#include <linux/kernel.h>
14#include <linux/rculist.h>
16 15
17#include "br_private.h" 16#include "br_private.h"
18#include "br_private_stp.h" 17#include "br_private_stp.h"
@@ -369,14 +368,25 @@ static void br_make_blocking(struct net_bridge_port *p)
369/* called under bridge lock */ 368/* called under bridge lock */
370static void br_make_forwarding(struct net_bridge_port *p) 369static void br_make_forwarding(struct net_bridge_port *p)
371{ 370{
372 if (p->state == BR_STATE_BLOCKING) { 371 struct net_bridge *br = p->br;
373 if (p->br->stp_enabled == BR_KERNEL_STP)
374 p->state = BR_STATE_LISTENING;
375 else
376 p->state = BR_STATE_LEARNING;
377 372
378 br_log_state(p); 373 if (p->state != BR_STATE_BLOCKING)
379 mod_timer(&p->forward_delay_timer, jiffies + p->br->forward_delay); } 374 return;
375
376 if (br->forward_delay == 0) {
377 p->state = BR_STATE_FORWARDING;
378 br_topology_change_detection(br);
379 del_timer(&p->forward_delay_timer);
380 }
381 else if (p->br->stp_enabled == BR_KERNEL_STP)
382 p->state = BR_STATE_LISTENING;
383 else
384 p->state = BR_STATE_LEARNING;
385
386 br_log_state(p);
387
388 if (br->forward_delay != 0)
389 mod_timer(&p->forward_delay_timer, jiffies + br->forward_delay);
380} 390}
381 391
382/* called under bridge lock */ 392/* called under bridge lock */
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index ddeb6e5d45d6..8b200f96f722 100644
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_stp_bpdu.c,v 1.3 2001/11/10 02:35:25 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -20,6 +18,7 @@
20#include <net/net_namespace.h> 18#include <net/net_namespace.h>
21#include <net/llc.h> 19#include <net/llc.h>
22#include <net/llc_pdu.h> 20#include <net/llc_pdu.h>
21#include <net/stp.h>
23#include <asm/unaligned.h> 22#include <asm/unaligned.h>
24 23
25#include "br_private.h" 24#include "br_private.h"
@@ -133,26 +132,20 @@ void br_send_tcn_bpdu(struct net_bridge_port *p)
133 * 132 *
134 * NO locks, but rcu_read_lock (preempt_disabled) 133 * NO locks, but rcu_read_lock (preempt_disabled)
135 */ 134 */
136int br_stp_rcv(struct sk_buff *skb, struct net_device *dev, 135void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb,
137 struct packet_type *pt, struct net_device *orig_dev) 136 struct net_device *dev)
138{ 137{
139 const struct llc_pdu_un *pdu = llc_pdu_un_hdr(skb);
140 const unsigned char *dest = eth_hdr(skb)->h_dest; 138 const unsigned char *dest = eth_hdr(skb)->h_dest;
141 struct net_bridge_port *p = rcu_dereference(dev->br_port); 139 struct net_bridge_port *p = rcu_dereference(dev->br_port);
142 struct net_bridge *br; 140 struct net_bridge *br;
143 const unsigned char *buf; 141 const unsigned char *buf;
144 142
145 if (dev_net(dev) != &init_net) 143 if (!net_eq(dev_net(dev), &init_net))
146 goto err; 144 goto err;
147 145
148 if (!p) 146 if (!p)
149 goto err; 147 goto err;
150 148
151 if (pdu->ssap != LLC_SAP_BSPAN
152 || pdu->dsap != LLC_SAP_BSPAN
153 || pdu->ctrl_1 != LLC_PDU_TYPE_U)
154 goto err;
155
156 if (!pskb_may_pull(skb, 4)) 149 if (!pskb_may_pull(skb, 4))
157 goto err; 150 goto err;
158 151
@@ -226,5 +219,4 @@ int br_stp_rcv(struct sk_buff *skb, struct net_device *dev,
226 spin_unlock(&br->lock); 219 spin_unlock(&br->lock);
227 err: 220 err:
228 kfree_skb(skb); 221 kfree_skb(skb);
229 return 0;
230} 222}
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 1a430eccec9b..9a52ac5b4525 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_stp_if.c,v 1.4 2001/04/14 21:14:39 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -216,6 +214,10 @@ void br_stp_recalculate_bridge_id(struct net_bridge *br)
216 const unsigned char *addr = br_mac_zero; 214 const unsigned char *addr = br_mac_zero;
217 struct net_bridge_port *p; 215 struct net_bridge_port *p;
218 216
217 /* user has chosen a value so keep it */
218 if (br->flags & BR_SET_MAC_ADDR)
219 return;
220
219 list_for_each_entry(p, &br->port_list, list) { 221 list_for_each_entry(p, &br->port_list, list) {
220 if (addr == br_mac_zero || 222 if (addr == br_mac_zero ||
221 memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0) 223 memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0)
diff --git a/net/bridge/br_stp_timer.c b/net/bridge/br_stp_timer.c
index 77f5255e6915..772a140bfdf0 100644
--- a/net/bridge/br_stp_timer.c
+++ b/net/bridge/br_stp_timer.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * 7 *
8 * $Id: br_stp_timer.c,v 1.3 2000/05/05 02:17:17 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index 7beeefa0f9c0..909479794999 100644
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -83,6 +83,15 @@ config BRIDGE_EBT_IP
83 83
84 To compile it as a module, choose M here. If unsure, say N. 84 To compile it as a module, choose M here. If unsure, say N.
85 85
86config BRIDGE_EBT_IP6
87 tristate "ebt: IP6 filter support"
88 depends on BRIDGE_NF_EBTABLES && IPV6
89 help
90 This option adds the IP6 match, which allows basic IPV6 header field
91 filtering.
92
93 To compile it as a module, choose M here. If unsure, say N.
94
86config BRIDGE_EBT_LIMIT 95config BRIDGE_EBT_LIMIT
87 tristate "ebt: limit match support" 96 tristate "ebt: limit match support"
88 depends on BRIDGE_NF_EBTABLES 97 depends on BRIDGE_NF_EBTABLES
@@ -221,7 +230,7 @@ config BRIDGE_EBT_NFLOG
221 either the old LOG target, the old ULOG target or nfnetlink_log 230 either the old LOG target, the old ULOG target or nfnetlink_log
222 as backend. 231 as backend.
223 232
224 This option adds the ulog watcher, that you can use in any rule 233 This option adds the nflog watcher, that you can use in any rule
225 in any ebtables table. 234 in any ebtables table.
226 235
227 To compile it as a module, choose M here. If unsure, say N. 236 To compile it as a module, choose M here. If unsure, say N.
diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile
index 83715d73a503..0718699540b0 100644
--- a/net/bridge/netfilter/Makefile
+++ b/net/bridge/netfilter/Makefile
@@ -14,6 +14,7 @@ obj-$(CONFIG_BRIDGE_EBT_802_3) += ebt_802_3.o
14obj-$(CONFIG_BRIDGE_EBT_AMONG) += ebt_among.o 14obj-$(CONFIG_BRIDGE_EBT_AMONG) += ebt_among.o
15obj-$(CONFIG_BRIDGE_EBT_ARP) += ebt_arp.o 15obj-$(CONFIG_BRIDGE_EBT_ARP) += ebt_arp.o
16obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o 16obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o
17obj-$(CONFIG_BRIDGE_EBT_IP6) += ebt_ip6.o
17obj-$(CONFIG_BRIDGE_EBT_LIMIT) += ebt_limit.o 18obj-$(CONFIG_BRIDGE_EBT_LIMIT) += ebt_limit.o
18obj-$(CONFIG_BRIDGE_EBT_MARK) += ebt_mark_m.o 19obj-$(CONFIG_BRIDGE_EBT_MARK) += ebt_mark_m.o
19obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_pkttype.o 20obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_pkttype.o
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
new file mode 100644
index 000000000000..36efb3a75249
--- /dev/null
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -0,0 +1,144 @@
1/*
2 * ebt_ip6
3 *
4 * Authors:
5 * Manohar Castelino <manohar.r.castelino@intel.com>
6 * Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
7 * Jan Engelhardt <jengelh@computergmbh.de>
8 *
9 * Summary:
10 * This is just a modification of the IPv4 code written by
11 * Bart De Schuymer <bdschuym@pandora.be>
12 * with the changes required to support IPv6
13 *
14 * Jan, 2008
15 */
16
17#include <linux/netfilter_bridge/ebtables.h>
18#include <linux/netfilter_bridge/ebt_ip6.h>
19#include <linux/ipv6.h>
20#include <net/ipv6.h>
21#include <linux/in.h>
22#include <linux/module.h>
23#include <net/dsfield.h>
24
25struct tcpudphdr {
26 __be16 src;
27 __be16 dst;
28};
29
30static int ebt_filter_ip6(const struct sk_buff *skb,
31 const struct net_device *in,
32 const struct net_device *out, const void *data,
33 unsigned int datalen)
34{
35 const struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
36 const struct ipv6hdr *ih6;
37 struct ipv6hdr _ip6h;
38 const struct tcpudphdr *pptr;
39 struct tcpudphdr _ports;
40 struct in6_addr tmp_addr;
41 int i;
42
43 ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h);
44 if (ih6 == NULL)
45 return EBT_NOMATCH;
46 if (info->bitmask & EBT_IP6_TCLASS &&
47 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
48 return EBT_NOMATCH;
49 for (i = 0; i < 4; i++)
50 tmp_addr.in6_u.u6_addr32[i] = ih6->saddr.in6_u.u6_addr32[i] &
51 info->smsk.in6_u.u6_addr32[i];
52 if (info->bitmask & EBT_IP6_SOURCE &&
53 FWINV((ipv6_addr_cmp(&tmp_addr, &info->saddr) != 0),
54 EBT_IP6_SOURCE))
55 return EBT_NOMATCH;
56 for (i = 0; i < 4; i++)
57 tmp_addr.in6_u.u6_addr32[i] = ih6->daddr.in6_u.u6_addr32[i] &
58 info->dmsk.in6_u.u6_addr32[i];
59 if (info->bitmask & EBT_IP6_DEST &&
60 FWINV((ipv6_addr_cmp(&tmp_addr, &info->daddr) != 0), EBT_IP6_DEST))
61 return EBT_NOMATCH;
62 if (info->bitmask & EBT_IP6_PROTO) {
63 uint8_t nexthdr = ih6->nexthdr;
64 int offset_ph;
65
66 offset_ph = ipv6_skip_exthdr(skb, sizeof(_ip6h), &nexthdr);
67 if (offset_ph == -1)
68 return EBT_NOMATCH;
69 if (FWINV(info->protocol != nexthdr, EBT_IP6_PROTO))
70 return EBT_NOMATCH;
71 if (!(info->bitmask & EBT_IP6_DPORT) &&
72 !(info->bitmask & EBT_IP6_SPORT))
73 return EBT_MATCH;
74 pptr = skb_header_pointer(skb, offset_ph, sizeof(_ports),
75 &_ports);
76 if (pptr == NULL)
77 return EBT_NOMATCH;
78 if (info->bitmask & EBT_IP6_DPORT) {
79 u32 dst = ntohs(pptr->dst);
80 if (FWINV(dst < info->dport[0] ||
81 dst > info->dport[1], EBT_IP6_DPORT))
82 return EBT_NOMATCH;
83 }
84 if (info->bitmask & EBT_IP6_SPORT) {
85 u32 src = ntohs(pptr->src);
86 if (FWINV(src < info->sport[0] ||
87 src > info->sport[1], EBT_IP6_SPORT))
88 return EBT_NOMATCH;
89 }
90 return EBT_MATCH;
91 }
92 return EBT_MATCH;
93}
94
95static int ebt_ip6_check(const char *tablename, unsigned int hookmask,
96 const struct ebt_entry *e, void *data, unsigned int datalen)
97{
98 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
99
100 if (datalen != EBT_ALIGN(sizeof(struct ebt_ip6_info)))
101 return -EINVAL;
102 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
103 return -EINVAL;
104 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
105 return -EINVAL;
106 if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) {
107 if (info->invflags & EBT_IP6_PROTO)
108 return -EINVAL;
109 if (info->protocol != IPPROTO_TCP &&
110 info->protocol != IPPROTO_UDP &&
111 info->protocol != IPPROTO_UDPLITE &&
112 info->protocol != IPPROTO_SCTP &&
113 info->protocol != IPPROTO_DCCP)
114 return -EINVAL;
115 }
116 if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])
117 return -EINVAL;
118 if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])
119 return -EINVAL;
120 return 0;
121}
122
123static struct ebt_match filter_ip6 =
124{
125 .name = EBT_IP6_MATCH,
126 .match = ebt_filter_ip6,
127 .check = ebt_ip6_check,
128 .me = THIS_MODULE,
129};
130
131static int __init ebt_ip6_init(void)
132{
133 return ebt_register_match(&filter_ip6);
134}
135
136static void __exit ebt_ip6_fini(void)
137{
138 ebt_unregister_match(&filter_ip6);
139}
140
141module_init(ebt_ip6_init);
142module_exit(ebt_ip6_fini);
143MODULE_DESCRIPTION("Ebtables: IPv6 protocol packet match");
144MODULE_LICENSE("GPL");
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 0b209e4aad0a..2f430d4ae911 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -18,6 +18,9 @@
18#include <linux/if_arp.h> 18#include <linux/if_arp.h>
19#include <linux/spinlock.h> 19#include <linux/spinlock.h>
20#include <net/netfilter/nf_log.h> 20#include <net/netfilter/nf_log.h>
21#include <linux/ipv6.h>
22#include <net/ipv6.h>
23#include <linux/in6.h>
21 24
22static DEFINE_SPINLOCK(ebt_log_lock); 25static DEFINE_SPINLOCK(ebt_log_lock);
23 26
@@ -58,6 +61,27 @@ static void print_MAC(const unsigned char *p)
58 printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); 61 printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':');
59} 62}
60 63
64static void
65print_ports(const struct sk_buff *skb, uint8_t protocol, int offset)
66{
67 if (protocol == IPPROTO_TCP ||
68 protocol == IPPROTO_UDP ||
69 protocol == IPPROTO_UDPLITE ||
70 protocol == IPPROTO_SCTP ||
71 protocol == IPPROTO_DCCP) {
72 const struct tcpudphdr *pptr;
73 struct tcpudphdr _ports;
74
75 pptr = skb_header_pointer(skb, offset,
76 sizeof(_ports), &_ports);
77 if (pptr == NULL) {
78 printk(" INCOMPLETE TCP/UDP header");
79 return;
80 }
81 printk(" SPT=%u DPT=%u", ntohs(pptr->src), ntohs(pptr->dst));
82 }
83}
84
61#define myNIPQUAD(a) a[0], a[1], a[2], a[3] 85#define myNIPQUAD(a) a[0], a[1], a[2], a[3]
62static void 86static void
63ebt_log_packet(unsigned int pf, unsigned int hooknum, 87ebt_log_packet(unsigned int pf, unsigned int hooknum,
@@ -95,25 +119,35 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum,
95 printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u, IP " 119 printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u, IP "
96 "tos=0x%02X, IP proto=%d", NIPQUAD(ih->saddr), 120 "tos=0x%02X, IP proto=%d", NIPQUAD(ih->saddr),
97 NIPQUAD(ih->daddr), ih->tos, ih->protocol); 121 NIPQUAD(ih->daddr), ih->tos, ih->protocol);
98 if (ih->protocol == IPPROTO_TCP || 122 print_ports(skb, ih->protocol, ih->ihl*4);
99 ih->protocol == IPPROTO_UDP || 123 goto out;
100 ih->protocol == IPPROTO_UDPLITE || 124 }
101 ih->protocol == IPPROTO_SCTP || 125
102 ih->protocol == IPPROTO_DCCP) { 126#if defined(CONFIG_BRIDGE_EBT_IP6) || defined(CONFIG_BRIDGE_EBT_IP6_MODULE)
103 const struct tcpudphdr *pptr; 127 if ((bitmask & EBT_LOG_IP6) && eth_hdr(skb)->h_proto ==
104 struct tcpudphdr _ports; 128 htons(ETH_P_IPV6)) {
105 129 const struct ipv6hdr *ih;
106 pptr = skb_header_pointer(skb, ih->ihl*4, 130 struct ipv6hdr _iph;
107 sizeof(_ports), &_ports); 131 uint8_t nexthdr;
108 if (pptr == NULL) { 132 int offset_ph;
109 printk(" INCOMPLETE TCP/UDP header"); 133
110 goto out; 134 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
111 } 135 if (ih == NULL) {
112 printk(" SPT=%u DPT=%u", ntohs(pptr->src), 136 printk(" INCOMPLETE IPv6 header");
113 ntohs(pptr->dst)); 137 goto out;
114 } 138 }
139 printk(" IPv6 SRC=%x:%x:%x:%x:%x:%x:%x:%x "
140 "IPv6 DST=%x:%x:%x:%x:%x:%x:%x:%x, IPv6 "
141 "priority=0x%01X, Next Header=%d", NIP6(ih->saddr),
142 NIP6(ih->daddr), ih->priority, ih->nexthdr);
143 nexthdr = ih->nexthdr;
144 offset_ph = ipv6_skip_exthdr(skb, sizeof(_iph), &nexthdr);
145 if (offset_ph == -1)
146 goto out;
147 print_ports(skb, nexthdr, offset_ph);
115 goto out; 148 goto out;
116 } 149 }
150#endif
117 151
118 if ((bitmask & EBT_LOG_ARP) && 152 if ((bitmask & EBT_LOG_ARP) &&
119 ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) || 153 ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) ||
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 690bc3ab186c..1a58af51a2e2 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -93,28 +93,20 @@ static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
93 93
94static int __init ebtable_filter_init(void) 94static int __init ebtable_filter_init(void)
95{ 95{
96 int i, j, ret; 96 int ret;
97 97
98 ret = ebt_register_table(&frame_filter); 98 ret = ebt_register_table(&frame_filter);
99 if (ret < 0) 99 if (ret < 0)
100 return ret; 100 return ret;
101 for (i = 0; i < ARRAY_SIZE(ebt_ops_filter); i++) 101 ret = nf_register_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter));
102 if ((ret = nf_register_hook(&ebt_ops_filter[i])) < 0) 102 if (ret < 0)
103 goto cleanup; 103 ebt_unregister_table(&frame_filter);
104 return ret;
105cleanup:
106 for (j = 0; j < i; j++)
107 nf_unregister_hook(&ebt_ops_filter[j]);
108 ebt_unregister_table(&frame_filter);
109 return ret; 104 return ret;
110} 105}
111 106
112static void __exit ebtable_filter_fini(void) 107static void __exit ebtable_filter_fini(void)
113{ 108{
114 int i; 109 nf_unregister_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter));
115
116 for (i = 0; i < ARRAY_SIZE(ebt_ops_filter); i++)
117 nf_unregister_hook(&ebt_ops_filter[i]);
118 ebt_unregister_table(&frame_filter); 110 ebt_unregister_table(&frame_filter);
119} 111}
120 112
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 5b495fe2d0b6..f60c1e78e575 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -100,28 +100,20 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
100 100
101static int __init ebtable_nat_init(void) 101static int __init ebtable_nat_init(void)
102{ 102{
103 int i, ret, j; 103 int ret;
104 104
105 ret = ebt_register_table(&frame_nat); 105 ret = ebt_register_table(&frame_nat);
106 if (ret < 0) 106 if (ret < 0)
107 return ret; 107 return ret;
108 for (i = 0; i < ARRAY_SIZE(ebt_ops_nat); i++) 108 ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat));
109 if ((ret = nf_register_hook(&ebt_ops_nat[i])) < 0) 109 if (ret < 0)
110 goto cleanup; 110 ebt_unregister_table(&frame_nat);
111 return ret;
112cleanup:
113 for (j = 0; j < i; j++)
114 nf_unregister_hook(&ebt_ops_nat[j]);
115 ebt_unregister_table(&frame_nat);
116 return ret; 111 return ret;
117} 112}
118 113
119static void __exit ebtable_nat_fini(void) 114static void __exit ebtable_nat_fini(void)
120{ 115{
121 int i; 116 nf_unregister_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat));
122
123 for (i = 0; i < ARRAY_SIZE(ebt_ops_nat); i++)
124 nf_unregister_hook(&ebt_ops_nat[i]);
125 ebt_unregister_table(&frame_nat); 117 ebt_unregister_table(&frame_nat);
126} 118}
127 119
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 7e8ca2836452..8035fbf526ae 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -205,12 +205,19 @@ static int can_create(struct net *net, struct socket *sock, int protocol)
205 * -ENOBUFS on full driver queue (see net_xmit_errno()) 205 * -ENOBUFS on full driver queue (see net_xmit_errno())
206 * -ENOMEM when local loopback failed at calling skb_clone() 206 * -ENOMEM when local loopback failed at calling skb_clone()
207 * -EPERM when trying to send on a non-CAN interface 207 * -EPERM when trying to send on a non-CAN interface
208 * -EINVAL when the skb->data does not contain a valid CAN frame
208 */ 209 */
209int can_send(struct sk_buff *skb, int loop) 210int can_send(struct sk_buff *skb, int loop)
210{ 211{
211 struct sk_buff *newskb = NULL; 212 struct sk_buff *newskb = NULL;
213 struct can_frame *cf = (struct can_frame *)skb->data;
212 int err; 214 int err;
213 215
216 if (skb->len != sizeof(struct can_frame) || cf->can_dlc > 8) {
217 kfree_skb(skb);
218 return -EINVAL;
219 }
220
214 if (skb->dev->type != ARPHRD_CAN) { 221 if (skb->dev->type != ARPHRD_CAN) {
215 kfree_skb(skb); 222 kfree_skb(skb);
216 return -EPERM; 223 return -EPERM;
@@ -605,13 +612,16 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev,
605 struct packet_type *pt, struct net_device *orig_dev) 612 struct packet_type *pt, struct net_device *orig_dev)
606{ 613{
607 struct dev_rcv_lists *d; 614 struct dev_rcv_lists *d;
615 struct can_frame *cf = (struct can_frame *)skb->data;
608 int matches; 616 int matches;
609 617
610 if (dev->type != ARPHRD_CAN || dev_net(dev) != &init_net) { 618 if (dev->type != ARPHRD_CAN || !net_eq(dev_net(dev), &init_net)) {
611 kfree_skb(skb); 619 kfree_skb(skb);
612 return 0; 620 return 0;
613 } 621 }
614 622
623 BUG_ON(skb->len != sizeof(struct can_frame) || cf->can_dlc > 8);
624
615 /* update statistics */ 625 /* update statistics */
616 can_stats.rx_frames++; 626 can_stats.rx_frames++;
617 can_stats.rx_frames_delta++; 627 can_stats.rx_frames_delta++;
@@ -718,7 +728,7 @@ static int can_notifier(struct notifier_block *nb, unsigned long msg,
718 struct net_device *dev = (struct net_device *)data; 728 struct net_device *dev = (struct net_device *)data;
719 struct dev_rcv_lists *d; 729 struct dev_rcv_lists *d;
720 730
721 if (dev_net(dev) != &init_net) 731 if (!net_eq(dev_net(dev), &init_net))
722 return NOTIFY_DONE; 732 return NOTIFY_DONE;
723 733
724 if (dev->type != ARPHRD_CAN) 734 if (dev->type != ARPHRD_CAN)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index d9a3a9d13bed..d0dd382001e2 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -298,7 +298,7 @@ static void bcm_send_to_user(struct bcm_op *op, struct bcm_msg_head *head,
298 298
299 if (head->nframes) { 299 if (head->nframes) {
300 /* can_frames starting here */ 300 /* can_frames starting here */
301 firstframe = (struct can_frame *) skb_tail_pointer(skb); 301 firstframe = (struct can_frame *)skb_tail_pointer(skb);
302 302
303 memcpy(skb_put(skb, datalen), frames, datalen); 303 memcpy(skb_put(skb, datalen), frames, datalen);
304 304
@@ -826,6 +826,10 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
826 for (i = 0; i < msg_head->nframes; i++) { 826 for (i = 0; i < msg_head->nframes; i++) {
827 err = memcpy_fromiovec((u8 *)&op->frames[i], 827 err = memcpy_fromiovec((u8 *)&op->frames[i],
828 msg->msg_iov, CFSIZ); 828 msg->msg_iov, CFSIZ);
829
830 if (op->frames[i].can_dlc > 8)
831 err = -EINVAL;
832
829 if (err < 0) 833 if (err < 0)
830 return err; 834 return err;
831 835
@@ -858,6 +862,10 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
858 for (i = 0; i < msg_head->nframes; i++) { 862 for (i = 0; i < msg_head->nframes; i++) {
859 err = memcpy_fromiovec((u8 *)&op->frames[i], 863 err = memcpy_fromiovec((u8 *)&op->frames[i],
860 msg->msg_iov, CFSIZ); 864 msg->msg_iov, CFSIZ);
865
866 if (op->frames[i].can_dlc > 8)
867 err = -EINVAL;
868
861 if (err < 0) { 869 if (err < 0) {
862 if (op->frames != &op->sframe) 870 if (op->frames != &op->sframe)
863 kfree(op->frames); 871 kfree(op->frames);
@@ -1164,9 +1172,12 @@ static int bcm_tx_send(struct msghdr *msg, int ifindex, struct sock *sk)
1164 1172
1165 skb->dev = dev; 1173 skb->dev = dev;
1166 skb->sk = sk; 1174 skb->sk = sk;
1167 can_send(skb, 1); /* send with loopback */ 1175 err = can_send(skb, 1); /* send with loopback */
1168 dev_put(dev); 1176 dev_put(dev);
1169 1177
1178 if (err)
1179 return err;
1180
1170 return CFSIZ + MHSIZ; 1181 return CFSIZ + MHSIZ;
1171} 1182}
1172 1183
@@ -1185,6 +1196,10 @@ static int bcm_sendmsg(struct kiocb *iocb, struct socket *sock,
1185 if (!bo->bound) 1196 if (!bo->bound)
1186 return -ENOTCONN; 1197 return -ENOTCONN;
1187 1198
1199 /* check for valid message length from userspace */
1200 if (size < MHSIZ || (size - MHSIZ) % CFSIZ)
1201 return -EINVAL;
1202
1188 /* check for alternative ifindex for this bcm_op */ 1203 /* check for alternative ifindex for this bcm_op */
1189 1204
1190 if (!ifindex && msg->msg_name) { 1205 if (!ifindex && msg->msg_name) {
@@ -1259,8 +1274,8 @@ static int bcm_sendmsg(struct kiocb *iocb, struct socket *sock,
1259 break; 1274 break;
1260 1275
1261 case TX_SEND: 1276 case TX_SEND:
1262 /* we need at least one can_frame */ 1277 /* we need exactly one can_frame behind the msg head */
1263 if (msg_head.nframes < 1) 1278 if ((msg_head.nframes != 1) || (size != CFSIZ + MHSIZ))
1264 ret = -EINVAL; 1279 ret = -EINVAL;
1265 else 1280 else
1266 ret = bcm_tx_send(msg, ifindex, sk); 1281 ret = bcm_tx_send(msg, ifindex, sk);
@@ -1288,7 +1303,7 @@ static int bcm_notifier(struct notifier_block *nb, unsigned long msg,
1288 struct bcm_op *op; 1303 struct bcm_op *op;
1289 int notify_enodev = 0; 1304 int notify_enodev = 0;
1290 1305
1291 if (dev_net(dev) != &init_net) 1306 if (!net_eq(dev_net(dev), &init_net))
1292 return NOTIFY_DONE; 1307 return NOTIFY_DONE;
1293 1308
1294 if (dev->type != ARPHRD_CAN) 1309 if (dev->type != ARPHRD_CAN)
diff --git a/net/can/raw.c b/net/can/raw.c
index 69877b8e7e9c..6e0663faaf9f 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -210,7 +210,7 @@ static int raw_notifier(struct notifier_block *nb,
210 struct raw_sock *ro = container_of(nb, struct raw_sock, notifier); 210 struct raw_sock *ro = container_of(nb, struct raw_sock, notifier);
211 struct sock *sk = &ro->sk; 211 struct sock *sk = &ro->sk;
212 212
213 if (dev_net(dev) != &init_net) 213 if (!net_eq(dev_net(dev), &init_net))
214 return NOTIFY_DONE; 214 return NOTIFY_DONE;
215 215
216 if (dev->type != ARPHRD_CAN) 216 if (dev->type != ARPHRD_CAN)
@@ -632,6 +632,9 @@ static int raw_sendmsg(struct kiocb *iocb, struct socket *sock,
632 } else 632 } else
633 ifindex = ro->ifindex; 633 ifindex = ro->ifindex;
634 634
635 if (size != sizeof(struct can_frame))
636 return -EINVAL;
637
635 dev = dev_get_by_index(&init_net, ifindex); 638 dev = dev_get_by_index(&init_net, ifindex);
636 if (!dev) 639 if (!dev)
637 return -ENXIO; 640 return -ENXIO;
diff --git a/net/compat.c b/net/compat.c
index c823f6f290cb..67fb6a3834a3 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -75,7 +75,7 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
75 75
76/* I've named the args so it is easy to tell whose space the pointers are in. */ 76/* I've named the args so it is easy to tell whose space the pointers are in. */
77int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, 77int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
78 char *kern_address, int mode) 78 struct sockaddr *kern_address, int mode)
79{ 79{
80 int tot_len; 80 int tot_len;
81 81
@@ -722,9 +722,10 @@ EXPORT_SYMBOL(compat_mc_getsockopt);
722 722
723/* Argument list sizes for compat_sys_socketcall */ 723/* Argument list sizes for compat_sys_socketcall */
724#define AL(x) ((x) * sizeof(u32)) 724#define AL(x) ((x) * sizeof(u32))
725static unsigned char nas[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3), 725static unsigned char nas[19]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
726 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6), 726 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
727 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3)}; 727 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3),
728 AL(6)};
728#undef AL 729#undef AL
729 730
730asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags) 731asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned flags)
@@ -737,13 +738,52 @@ asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, uns
737 return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); 738 return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT);
738} 739}
739 740
741asmlinkage long compat_sys_paccept(int fd, struct sockaddr __user *upeer_sockaddr,
742 int __user *upeer_addrlen,
743 const compat_sigset_t __user *sigmask,
744 compat_size_t sigsetsize, int flags)
745{
746 compat_sigset_t ss32;
747 sigset_t ksigmask, sigsaved;
748 int ret;
749
750 if (sigmask) {
751 if (sigsetsize != sizeof(compat_sigset_t))
752 return -EINVAL;
753 if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
754 return -EFAULT;
755 sigset_from_compat(&ksigmask, &ss32);
756
757 sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP));
758 sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
759 }
760
761 ret = do_accept(fd, upeer_sockaddr, upeer_addrlen, flags);
762
763 if (ret == -ERESTARTNOHAND) {
764 /*
765 * Don't restore the signal mask yet. Let do_signal() deliver
766 * the signal on the way back to userspace, before the signal
767 * mask is restored.
768 */
769 if (sigmask) {
770 memcpy(&current->saved_sigmask, &sigsaved,
771 sizeof(sigsaved));
772 set_restore_sigmask();
773 }
774 } else if (sigmask)
775 sigprocmask(SIG_SETMASK, &sigsaved, NULL);
776
777 return ret;
778}
779
740asmlinkage long compat_sys_socketcall(int call, u32 __user *args) 780asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
741{ 781{
742 int ret; 782 int ret;
743 u32 a[6]; 783 u32 a[6];
744 u32 a0, a1; 784 u32 a0, a1;
745 785
746 if (call < SYS_SOCKET || call > SYS_RECVMSG) 786 if (call < SYS_SOCKET || call > SYS_PACCEPT)
747 return -EINVAL; 787 return -EINVAL;
748 if (copy_from_user(a, args, nas[call])) 788 if (copy_from_user(a, args, nas[call]))
749 return -EFAULT; 789 return -EFAULT;
@@ -764,7 +804,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
764 ret = sys_listen(a0, a1); 804 ret = sys_listen(a0, a1);
765 break; 805 break;
766 case SYS_ACCEPT: 806 case SYS_ACCEPT:
767 ret = sys_accept(a0, compat_ptr(a1), compat_ptr(a[2])); 807 ret = do_accept(a0, compat_ptr(a1), compat_ptr(a[2]), 0);
768 break; 808 break;
769 case SYS_GETSOCKNAME: 809 case SYS_GETSOCKNAME:
770 ret = sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2])); 810 ret = sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2]));
@@ -804,6 +844,10 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
804 case SYS_RECVMSG: 844 case SYS_RECVMSG:
805 ret = compat_sys_recvmsg(a0, compat_ptr(a1), a[2]); 845 ret = compat_sys_recvmsg(a0, compat_ptr(a1), a[2]);
806 break; 846 break;
847 case SYS_PACCEPT:
848 ret = compat_sys_paccept(a0, compat_ptr(a1), compat_ptr(a[2]),
849 compat_ptr(a[3]), a[4], a[5]);
850 break;
807 default: 851 default:
808 ret = -EINVAL; 852 ret = -EINVAL;
809 break; 853 break;
diff --git a/net/core/datagram.c b/net/core/datagram.c
index 8a28fc93b724..52f577a0f544 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -285,7 +285,7 @@ int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
285 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 285 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
286 int end; 286 int end;
287 287
288 BUG_TRAP(start <= offset + len); 288 WARN_ON(start > offset + len);
289 289
290 end = start + skb_shinfo(skb)->frags[i].size; 290 end = start + skb_shinfo(skb)->frags[i].size;
291 if ((copy = end - offset) > 0) { 291 if ((copy = end - offset) > 0) {
@@ -315,7 +315,7 @@ int skb_copy_datagram_iovec(const struct sk_buff *skb, int offset,
315 for (; list; list = list->next) { 315 for (; list; list = list->next) {
316 int end; 316 int end;
317 317
318 BUG_TRAP(start <= offset + len); 318 WARN_ON(start > offset + len);
319 319
320 end = start + list->len; 320 end = start + list->len;
321 if ((copy = end - offset) > 0) { 321 if ((copy = end - offset) > 0) {
@@ -339,6 +339,93 @@ fault:
339 return -EFAULT; 339 return -EFAULT;
340} 340}
341 341
342/**
343 * skb_copy_datagram_from_iovec - Copy a datagram from an iovec.
344 * @skb: buffer to copy
345 * @offset: offset in the buffer to start copying to
346 * @from: io vector to copy to
347 * @len: amount of data to copy to buffer from iovec
348 *
349 * Returns 0 or -EFAULT.
350 * Note: the iovec is modified during the copy.
351 */
352int skb_copy_datagram_from_iovec(struct sk_buff *skb, int offset,
353 struct iovec *from, int len)
354{
355 int start = skb_headlen(skb);
356 int i, copy = start - offset;
357
358 /* Copy header. */
359 if (copy > 0) {
360 if (copy > len)
361 copy = len;
362 if (memcpy_fromiovec(skb->data + offset, from, copy))
363 goto fault;
364 if ((len -= copy) == 0)
365 return 0;
366 offset += copy;
367 }
368
369 /* Copy paged appendix. Hmm... why does this look so complicated? */
370 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
371 int end;
372
373 WARN_ON(start > offset + len);
374
375 end = start + skb_shinfo(skb)->frags[i].size;
376 if ((copy = end - offset) > 0) {
377 int err;
378 u8 *vaddr;
379 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
380 struct page *page = frag->page;
381
382 if (copy > len)
383 copy = len;
384 vaddr = kmap(page);
385 err = memcpy_fromiovec(vaddr + frag->page_offset +
386 offset - start, from, copy);
387 kunmap(page);
388 if (err)
389 goto fault;
390
391 if (!(len -= copy))
392 return 0;
393 offset += copy;
394 }
395 start = end;
396 }
397
398 if (skb_shinfo(skb)->frag_list) {
399 struct sk_buff *list = skb_shinfo(skb)->frag_list;
400
401 for (; list; list = list->next) {
402 int end;
403
404 WARN_ON(start > offset + len);
405
406 end = start + list->len;
407 if ((copy = end - offset) > 0) {
408 if (copy > len)
409 copy = len;
410 if (skb_copy_datagram_from_iovec(list,
411 offset - start,
412 from, copy))
413 goto fault;
414 if ((len -= copy) == 0)
415 return 0;
416 offset += copy;
417 }
418 start = end;
419 }
420 }
421 if (!len)
422 return 0;
423
424fault:
425 return -EFAULT;
426}
427EXPORT_SYMBOL(skb_copy_datagram_from_iovec);
428
342static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset, 429static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset,
343 u8 __user *to, int len, 430 u8 __user *to, int len,
344 __wsum *csump) 431 __wsum *csump)
@@ -366,7 +453,7 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset,
366 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 453 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
367 int end; 454 int end;
368 455
369 BUG_TRAP(start <= offset + len); 456 WARN_ON(start > offset + len);
370 457
371 end = start + skb_shinfo(skb)->frags[i].size; 458 end = start + skb_shinfo(skb)->frags[i].size;
372 if ((copy = end - offset) > 0) { 459 if ((copy = end - offset) > 0) {
@@ -402,7 +489,7 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset,
402 for (; list; list=list->next) { 489 for (; list; list=list->next) {
403 int end; 490 int end;
404 491
405 BUG_TRAP(start <= offset + len); 492 WARN_ON(start > offset + len);
406 493
407 end = start + list->len; 494 end = start + list->len;
408 if ((copy = end - offset) > 0) { 495 if ((copy = end - offset) > 0) {
diff --git a/net/core/dev.c b/net/core/dev.c
index 582963077877..60c51f765887 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -90,6 +90,7 @@
90#include <linux/if_ether.h> 90#include <linux/if_ether.h>
91#include <linux/netdevice.h> 91#include <linux/netdevice.h>
92#include <linux/etherdevice.h> 92#include <linux/etherdevice.h>
93#include <linux/ethtool.h>
93#include <linux/notifier.h> 94#include <linux/notifier.h>
94#include <linux/skbuff.h> 95#include <linux/skbuff.h>
95#include <net/net_namespace.h> 96#include <net/net_namespace.h>
@@ -119,6 +120,12 @@
119#include <linux/err.h> 120#include <linux/err.h>
120#include <linux/ctype.h> 121#include <linux/ctype.h>
121#include <linux/if_arp.h> 122#include <linux/if_arp.h>
123#include <linux/if_vlan.h>
124#include <linux/ip.h>
125#include <linux/ipv6.h>
126#include <linux/in.h>
127#include <linux/jhash.h>
128#include <linux/random.h>
122 129
123#include "net-sysfs.h" 130#include "net-sysfs.h"
124 131
@@ -254,9 +261,9 @@ static RAW_NOTIFIER_HEAD(netdev_chain);
254 261
255DEFINE_PER_CPU(struct softnet_data, softnet_data); 262DEFINE_PER_CPU(struct softnet_data, softnet_data);
256 263
257#ifdef CONFIG_DEBUG_LOCK_ALLOC 264#ifdef CONFIG_LOCKDEP
258/* 265/*
259 * register_netdevice() inits dev->_xmit_lock and sets lockdep class 266 * register_netdevice() inits txq->_xmit_lock and sets lockdep class
260 * according to dev->type 267 * according to dev->type
261 */ 268 */
262static const unsigned short netdev_lock_type[] = 269static const unsigned short netdev_lock_type[] =
@@ -294,6 +301,7 @@ static const char *netdev_lock_name[] =
294 "_xmit_NONE"}; 301 "_xmit_NONE"};
295 302
296static struct lock_class_key netdev_xmit_lock_key[ARRAY_SIZE(netdev_lock_type)]; 303static struct lock_class_key netdev_xmit_lock_key[ARRAY_SIZE(netdev_lock_type)];
304static struct lock_class_key netdev_addr_lock_key[ARRAY_SIZE(netdev_lock_type)];
297 305
298static inline unsigned short netdev_lock_pos(unsigned short dev_type) 306static inline unsigned short netdev_lock_pos(unsigned short dev_type)
299{ 307{
@@ -306,8 +314,8 @@ static inline unsigned short netdev_lock_pos(unsigned short dev_type)
306 return ARRAY_SIZE(netdev_lock_type) - 1; 314 return ARRAY_SIZE(netdev_lock_type) - 1;
307} 315}
308 316
309static inline void netdev_set_lockdep_class(spinlock_t *lock, 317static inline void netdev_set_xmit_lockdep_class(spinlock_t *lock,
310 unsigned short dev_type) 318 unsigned short dev_type)
311{ 319{
312 int i; 320 int i;
313 321
@@ -315,9 +323,22 @@ static inline void netdev_set_lockdep_class(spinlock_t *lock,
315 lockdep_set_class_and_name(lock, &netdev_xmit_lock_key[i], 323 lockdep_set_class_and_name(lock, &netdev_xmit_lock_key[i],
316 netdev_lock_name[i]); 324 netdev_lock_name[i]);
317} 325}
326
327static inline void netdev_set_addr_lockdep_class(struct net_device *dev)
328{
329 int i;
330
331 i = netdev_lock_pos(dev->type);
332 lockdep_set_class_and_name(&dev->addr_list_lock,
333 &netdev_addr_lock_key[i],
334 netdev_lock_name[i]);
335}
318#else 336#else
319static inline void netdev_set_lockdep_class(spinlock_t *lock, 337static inline void netdev_set_xmit_lockdep_class(spinlock_t *lock,
320 unsigned short dev_type) 338 unsigned short dev_type)
339{
340}
341static inline void netdev_set_addr_lockdep_class(struct net_device *dev)
321{ 342{
322} 343}
323#endif 344#endif
@@ -453,7 +474,7 @@ static int netdev_boot_setup_add(char *name, struct ifmap *map)
453 for (i = 0; i < NETDEV_BOOT_SETUP_MAX; i++) { 474 for (i = 0; i < NETDEV_BOOT_SETUP_MAX; i++) {
454 if (s[i].name[0] == '\0' || s[i].name[0] == ' ') { 475 if (s[i].name[0] == '\0' || s[i].name[0] == ' ') {
455 memset(s[i].name, 0, sizeof(s[i].name)); 476 memset(s[i].name, 0, sizeof(s[i].name));
456 strcpy(s[i].name, name); 477 strlcpy(s[i].name, name, IFNAMSIZ);
457 memcpy(&s[i].map, map, sizeof(s[i].map)); 478 memcpy(&s[i].map, map, sizeof(s[i].map));
458 break; 479 break;
459 } 480 }
@@ -478,7 +499,7 @@ int netdev_boot_setup_check(struct net_device *dev)
478 499
479 for (i = 0; i < NETDEV_BOOT_SETUP_MAX; i++) { 500 for (i = 0; i < NETDEV_BOOT_SETUP_MAX; i++) {
480 if (s[i].name[0] != '\0' && s[i].name[0] != ' ' && 501 if (s[i].name[0] != '\0' && s[i].name[0] != ' ' &&
481 !strncmp(dev->name, s[i].name, strlen(s[i].name))) { 502 !strcmp(dev->name, s[i].name)) {
482 dev->irq = s[i].map.irq; 503 dev->irq = s[i].map.irq;
483 dev->base_addr = s[i].map.base_addr; 504 dev->base_addr = s[i].map.base_addr;
484 dev->mem_start = s[i].map.mem_start; 505 dev->mem_start = s[i].map.mem_start;
@@ -960,6 +981,12 @@ void netdev_state_change(struct net_device *dev)
960 } 981 }
961} 982}
962 983
984void netdev_bonding_change(struct net_device *dev)
985{
986 call_netdevice_notifiers(NETDEV_BONDING_FAILOVER, dev);
987}
988EXPORT_SYMBOL(netdev_bonding_change);
989
963/** 990/**
964 * dev_load - load a network module 991 * dev_load - load a network module
965 * @net: the applicable net namespace 992 * @net: the applicable net namespace
@@ -1116,6 +1143,29 @@ int dev_close(struct net_device *dev)
1116} 1143}
1117 1144
1118 1145
1146/**
1147 * dev_disable_lro - disable Large Receive Offload on a device
1148 * @dev: device
1149 *
1150 * Disable Large Receive Offload (LRO) on a net device. Must be
1151 * called under RTNL. This is needed if received packets may be
1152 * forwarded to another interface.
1153 */
1154void dev_disable_lro(struct net_device *dev)
1155{
1156 if (dev->ethtool_ops && dev->ethtool_ops->get_flags &&
1157 dev->ethtool_ops->set_flags) {
1158 u32 flags = dev->ethtool_ops->get_flags(dev);
1159 if (flags & ETH_FLAG_LRO) {
1160 flags &= ~ETH_FLAG_LRO;
1161 dev->ethtool_ops->set_flags(dev, flags);
1162 }
1163 }
1164 WARN_ON(dev->features & NETIF_F_LRO);
1165}
1166EXPORT_SYMBOL(dev_disable_lro);
1167
1168
1119static int dev_boot_phase = 1; 1169static int dev_boot_phase = 1;
1120 1170
1121/* 1171/*
@@ -1289,19 +1339,23 @@ static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
1289} 1339}
1290 1340
1291 1341
1292void __netif_schedule(struct net_device *dev) 1342static inline void __netif_reschedule(struct Qdisc *q)
1293{ 1343{
1294 if (!test_and_set_bit(__LINK_STATE_SCHED, &dev->state)) { 1344 struct softnet_data *sd;
1295 unsigned long flags; 1345 unsigned long flags;
1296 struct softnet_data *sd;
1297 1346
1298 local_irq_save(flags); 1347 local_irq_save(flags);
1299 sd = &__get_cpu_var(softnet_data); 1348 sd = &__get_cpu_var(softnet_data);
1300 dev->next_sched = sd->output_queue; 1349 q->next_sched = sd->output_queue;
1301 sd->output_queue = dev; 1350 sd->output_queue = q;
1302 raise_softirq_irqoff(NET_TX_SOFTIRQ); 1351 raise_softirq_irqoff(NET_TX_SOFTIRQ);
1303 local_irq_restore(flags); 1352 local_irq_restore(flags);
1304 } 1353}
1354
1355void __netif_schedule(struct Qdisc *q)
1356{
1357 if (!test_and_set_bit(__QDISC_STATE_SCHED, &q->state))
1358 __netif_reschedule(q);
1305} 1359}
1306EXPORT_SYMBOL(__netif_schedule); 1360EXPORT_SYMBOL(__netif_schedule);
1307 1361
@@ -1362,6 +1416,29 @@ void netif_device_attach(struct net_device *dev)
1362} 1416}
1363EXPORT_SYMBOL(netif_device_attach); 1417EXPORT_SYMBOL(netif_device_attach);
1364 1418
1419static bool can_checksum_protocol(unsigned long features, __be16 protocol)
1420{
1421 return ((features & NETIF_F_GEN_CSUM) ||
1422 ((features & NETIF_F_IP_CSUM) &&
1423 protocol == htons(ETH_P_IP)) ||
1424 ((features & NETIF_F_IPV6_CSUM) &&
1425 protocol == htons(ETH_P_IPV6)));
1426}
1427
1428static bool dev_can_checksum(struct net_device *dev, struct sk_buff *skb)
1429{
1430 if (can_checksum_protocol(dev->features, skb->protocol))
1431 return true;
1432
1433 if (skb->protocol == htons(ETH_P_8021Q)) {
1434 struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data;
1435 if (can_checksum_protocol(dev->features & dev->vlan_features,
1436 veh->h_vlan_encapsulated_proto))
1437 return true;
1438 }
1439
1440 return false;
1441}
1365 1442
1366/* 1443/*
1367 * Invalidate hardware checksum when packet is to be mangled, and 1444 * Invalidate hardware checksum when packet is to be mangled, and
@@ -1542,7 +1619,8 @@ static int dev_gso_segment(struct sk_buff *skb)
1542 return 0; 1619 return 0;
1543} 1620}
1544 1621
1545int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) 1622int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev,
1623 struct netdev_queue *txq)
1546{ 1624{
1547 if (likely(!skb->next)) { 1625 if (likely(!skb->next)) {
1548 if (!list_empty(&ptype_all)) 1626 if (!list_empty(&ptype_all))
@@ -1571,9 +1649,7 @@ gso:
1571 skb->next = nskb; 1649 skb->next = nskb;
1572 return rc; 1650 return rc;
1573 } 1651 }
1574 if (unlikely((netif_queue_stopped(dev) || 1652 if (unlikely(netif_tx_queue_stopped(txq) && skb->next))
1575 netif_subqueue_stopped(dev, skb)) &&
1576 skb->next))
1577 return NETDEV_TX_BUSY; 1653 return NETDEV_TX_BUSY;
1578 } while (skb->next); 1654 } while (skb->next);
1579 1655
@@ -1584,6 +1660,73 @@ out_kfree_skb:
1584 return 0; 1660 return 0;
1585} 1661}
1586 1662
1663static u32 simple_tx_hashrnd;
1664static int simple_tx_hashrnd_initialized = 0;
1665
1666static u16 simple_tx_hash(struct net_device *dev, struct sk_buff *skb)
1667{
1668 u32 addr1, addr2, ports;
1669 u32 hash, ihl;
1670 u8 ip_proto;
1671
1672 if (unlikely(!simple_tx_hashrnd_initialized)) {
1673 get_random_bytes(&simple_tx_hashrnd, 4);
1674 simple_tx_hashrnd_initialized = 1;
1675 }
1676
1677 switch (skb->protocol) {
1678 case __constant_htons(ETH_P_IP):
1679 ip_proto = ip_hdr(skb)->protocol;
1680 addr1 = ip_hdr(skb)->saddr;
1681 addr2 = ip_hdr(skb)->daddr;
1682 ihl = ip_hdr(skb)->ihl;
1683 break;
1684 case __constant_htons(ETH_P_IPV6):
1685 ip_proto = ipv6_hdr(skb)->nexthdr;
1686 addr1 = ipv6_hdr(skb)->saddr.s6_addr32[3];
1687 addr2 = ipv6_hdr(skb)->daddr.s6_addr32[3];
1688 ihl = (40 >> 2);
1689 break;
1690 default:
1691 return 0;
1692 }
1693
1694
1695 switch (ip_proto) {
1696 case IPPROTO_TCP:
1697 case IPPROTO_UDP:
1698 case IPPROTO_DCCP:
1699 case IPPROTO_ESP:
1700 case IPPROTO_AH:
1701 case IPPROTO_SCTP:
1702 case IPPROTO_UDPLITE:
1703 ports = *((u32 *) (skb_network_header(skb) + (ihl * 4)));
1704 break;
1705
1706 default:
1707 ports = 0;
1708 break;
1709 }
1710
1711 hash = jhash_3words(addr1, addr2, ports, simple_tx_hashrnd);
1712
1713 return (u16) (((u64) hash * dev->real_num_tx_queues) >> 32);
1714}
1715
1716static struct netdev_queue *dev_pick_tx(struct net_device *dev,
1717 struct sk_buff *skb)
1718{
1719 u16 queue_index = 0;
1720
1721 if (dev->select_queue)
1722 queue_index = dev->select_queue(dev, skb);
1723 else if (dev->real_num_tx_queues > 1)
1724 queue_index = simple_tx_hash(dev, skb);
1725
1726 skb_set_queue_mapping(skb, queue_index);
1727 return netdev_get_tx_queue(dev, queue_index);
1728}
1729
1587/** 1730/**
1588 * dev_queue_xmit - transmit a buffer 1731 * dev_queue_xmit - transmit a buffer
1589 * @skb: buffer to transmit 1732 * @skb: buffer to transmit
@@ -1609,10 +1752,10 @@ out_kfree_skb:
1609 * the BH enable code must have IRQs enabled so that it will not deadlock. 1752 * the BH enable code must have IRQs enabled so that it will not deadlock.
1610 * --BLG 1753 * --BLG
1611 */ 1754 */
1612
1613int dev_queue_xmit(struct sk_buff *skb) 1755int dev_queue_xmit(struct sk_buff *skb)
1614{ 1756{
1615 struct net_device *dev = skb->dev; 1757 struct net_device *dev = skb->dev;
1758 struct netdev_queue *txq;
1616 struct Qdisc *q; 1759 struct Qdisc *q;
1617 int rc = -ENOMEM; 1760 int rc = -ENOMEM;
1618 1761
@@ -1640,55 +1783,37 @@ int dev_queue_xmit(struct sk_buff *skb)
1640 if (skb->ip_summed == CHECKSUM_PARTIAL) { 1783 if (skb->ip_summed == CHECKSUM_PARTIAL) {
1641 skb_set_transport_header(skb, skb->csum_start - 1784 skb_set_transport_header(skb, skb->csum_start -
1642 skb_headroom(skb)); 1785 skb_headroom(skb));
1643 1786 if (!dev_can_checksum(dev, skb) && skb_checksum_help(skb))
1644 if (!(dev->features & NETIF_F_GEN_CSUM) && 1787 goto out_kfree_skb;
1645 !((dev->features & NETIF_F_IP_CSUM) &&
1646 skb->protocol == htons(ETH_P_IP)) &&
1647 !((dev->features & NETIF_F_IPV6_CSUM) &&
1648 skb->protocol == htons(ETH_P_IPV6)))
1649 if (skb_checksum_help(skb))
1650 goto out_kfree_skb;
1651 } 1788 }
1652 1789
1653gso: 1790gso:
1654 spin_lock_prefetch(&dev->queue_lock);
1655
1656 /* Disable soft irqs for various locks below. Also 1791 /* Disable soft irqs for various locks below. Also
1657 * stops preemption for RCU. 1792 * stops preemption for RCU.
1658 */ 1793 */
1659 rcu_read_lock_bh(); 1794 rcu_read_lock_bh();
1660 1795
1661 /* Updates of qdisc are serialized by queue_lock. 1796 txq = dev_pick_tx(dev, skb);
1662 * The struct Qdisc which is pointed to by qdisc is now a 1797 q = rcu_dereference(txq->qdisc);
1663 * rcu structure - it may be accessed without acquiring
1664 * a lock (but the structure may be stale.) The freeing of the
1665 * qdisc will be deferred until it's known that there are no
1666 * more references to it.
1667 *
1668 * If the qdisc has an enqueue function, we still need to
1669 * hold the queue_lock before calling it, since queue_lock
1670 * also serializes access to the device queue.
1671 */
1672 1798
1673 q = rcu_dereference(dev->qdisc);
1674#ifdef CONFIG_NET_CLS_ACT 1799#ifdef CONFIG_NET_CLS_ACT
1675 skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_EGRESS); 1800 skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_EGRESS);
1676#endif 1801#endif
1677 if (q->enqueue) { 1802 if (q->enqueue) {
1678 /* Grab device queue */ 1803 spinlock_t *root_lock = qdisc_lock(q);
1679 spin_lock(&dev->queue_lock); 1804
1680 q = dev->qdisc; 1805 spin_lock(root_lock);
1681 if (q->enqueue) { 1806
1682 /* reset queue_mapping to zero */ 1807 if (unlikely(test_bit(__QDISC_STATE_DEACTIVATED, &q->state))) {
1683 skb_set_queue_mapping(skb, 0); 1808 kfree_skb(skb);
1684 rc = q->enqueue(skb, q); 1809 rc = NET_XMIT_DROP;
1685 qdisc_run(dev); 1810 } else {
1686 spin_unlock(&dev->queue_lock); 1811 rc = qdisc_enqueue_root(skb, q);
1687 1812 qdisc_run(q);
1688 rc = rc == NET_XMIT_BYPASS ? NET_XMIT_SUCCESS : rc;
1689 goto out;
1690 } 1813 }
1691 spin_unlock(&dev->queue_lock); 1814 spin_unlock(root_lock);
1815
1816 goto out;
1692 } 1817 }
1693 1818
1694 /* The device has no queue. Common case for software devices: 1819 /* The device has no queue. Common case for software devices:
@@ -1706,19 +1831,18 @@ gso:
1706 if (dev->flags & IFF_UP) { 1831 if (dev->flags & IFF_UP) {
1707 int cpu = smp_processor_id(); /* ok because BHs are off */ 1832 int cpu = smp_processor_id(); /* ok because BHs are off */
1708 1833
1709 if (dev->xmit_lock_owner != cpu) { 1834 if (txq->xmit_lock_owner != cpu) {
1710 1835
1711 HARD_TX_LOCK(dev, cpu); 1836 HARD_TX_LOCK(dev, txq, cpu);
1712 1837
1713 if (!netif_queue_stopped(dev) && 1838 if (!netif_tx_queue_stopped(txq)) {
1714 !netif_subqueue_stopped(dev, skb)) {
1715 rc = 0; 1839 rc = 0;
1716 if (!dev_hard_start_xmit(skb, dev)) { 1840 if (!dev_hard_start_xmit(skb, dev, txq)) {
1717 HARD_TX_UNLOCK(dev); 1841 HARD_TX_UNLOCK(dev, txq);
1718 goto out; 1842 goto out;
1719 } 1843 }
1720 } 1844 }
1721 HARD_TX_UNLOCK(dev); 1845 HARD_TX_UNLOCK(dev, txq);
1722 if (net_ratelimit()) 1846 if (net_ratelimit())
1723 printk(KERN_CRIT "Virtual device %s asks to " 1847 printk(KERN_CRIT "Virtual device %s asks to "
1724 "queue packet!\n", dev->name); 1848 "queue packet!\n", dev->name);
@@ -1792,7 +1916,6 @@ int netif_rx(struct sk_buff *skb)
1792 if (queue->input_pkt_queue.qlen <= netdev_max_backlog) { 1916 if (queue->input_pkt_queue.qlen <= netdev_max_backlog) {
1793 if (queue->input_pkt_queue.qlen) { 1917 if (queue->input_pkt_queue.qlen) {
1794enqueue: 1918enqueue:
1795 dev_hold(skb->dev);
1796 __skb_queue_tail(&queue->input_pkt_queue, skb); 1919 __skb_queue_tail(&queue->input_pkt_queue, skb);
1797 local_irq_restore(flags); 1920 local_irq_restore(flags);
1798 return NET_RX_SUCCESS; 1921 return NET_RX_SUCCESS;
@@ -1824,22 +1947,6 @@ int netif_rx_ni(struct sk_buff *skb)
1824 1947
1825EXPORT_SYMBOL(netif_rx_ni); 1948EXPORT_SYMBOL(netif_rx_ni);
1826 1949
1827static inline struct net_device *skb_bond(struct sk_buff *skb)
1828{
1829 struct net_device *dev = skb->dev;
1830
1831 if (dev->master) {
1832 if (skb_bond_should_drop(skb)) {
1833 kfree_skb(skb);
1834 return NULL;
1835 }
1836 skb->dev = dev->master;
1837 }
1838
1839 return dev;
1840}
1841
1842
1843static void net_tx_action(struct softirq_action *h) 1950static void net_tx_action(struct softirq_action *h)
1844{ 1951{
1845 struct softnet_data *sd = &__get_cpu_var(softnet_data); 1952 struct softnet_data *sd = &__get_cpu_var(softnet_data);
@@ -1856,13 +1963,13 @@ static void net_tx_action(struct softirq_action *h)
1856 struct sk_buff *skb = clist; 1963 struct sk_buff *skb = clist;
1857 clist = clist->next; 1964 clist = clist->next;
1858 1965
1859 BUG_TRAP(!atomic_read(&skb->users)); 1966 WARN_ON(atomic_read(&skb->users));
1860 __kfree_skb(skb); 1967 __kfree_skb(skb);
1861 } 1968 }
1862 } 1969 }
1863 1970
1864 if (sd->output_queue) { 1971 if (sd->output_queue) {
1865 struct net_device *head; 1972 struct Qdisc *head;
1866 1973
1867 local_irq_disable(); 1974 local_irq_disable();
1868 head = sd->output_queue; 1975 head = sd->output_queue;
@@ -1870,17 +1977,22 @@ static void net_tx_action(struct softirq_action *h)
1870 local_irq_enable(); 1977 local_irq_enable();
1871 1978
1872 while (head) { 1979 while (head) {
1873 struct net_device *dev = head; 1980 struct Qdisc *q = head;
1874 head = head->next_sched; 1981 spinlock_t *root_lock;
1875 1982
1876 smp_mb__before_clear_bit(); 1983 head = head->next_sched;
1877 clear_bit(__LINK_STATE_SCHED, &dev->state);
1878 1984
1879 if (spin_trylock(&dev->queue_lock)) { 1985 root_lock = qdisc_lock(q);
1880 qdisc_run(dev); 1986 if (spin_trylock(root_lock)) {
1881 spin_unlock(&dev->queue_lock); 1987 smp_mb__before_clear_bit();
1988 clear_bit(__QDISC_STATE_SCHED,
1989 &q->state);
1990 qdisc_run(q);
1991 spin_unlock(root_lock);
1882 } else { 1992 } else {
1883 netif_schedule(dev); 1993 if (!test_bit(__QDISC_STATE_DEACTIVATED,
1994 &q->state))
1995 __netif_reschedule(q);
1884 } 1996 }
1885 } 1997 }
1886 } 1998 }
@@ -1961,10 +2073,11 @@ static inline struct sk_buff *handle_macvlan(struct sk_buff *skb,
1961 */ 2073 */
1962static int ing_filter(struct sk_buff *skb) 2074static int ing_filter(struct sk_buff *skb)
1963{ 2075{
1964 struct Qdisc *q;
1965 struct net_device *dev = skb->dev; 2076 struct net_device *dev = skb->dev;
1966 int result = TC_ACT_OK;
1967 u32 ttl = G_TC_RTTL(skb->tc_verd); 2077 u32 ttl = G_TC_RTTL(skb->tc_verd);
2078 struct netdev_queue *rxq;
2079 int result = TC_ACT_OK;
2080 struct Qdisc *q;
1968 2081
1969 if (MAX_RED_LOOP < ttl++) { 2082 if (MAX_RED_LOOP < ttl++) {
1970 printk(KERN_WARNING 2083 printk(KERN_WARNING
@@ -1976,10 +2089,15 @@ static int ing_filter(struct sk_buff *skb)
1976 skb->tc_verd = SET_TC_RTTL(skb->tc_verd, ttl); 2089 skb->tc_verd = SET_TC_RTTL(skb->tc_verd, ttl);
1977 skb->tc_verd = SET_TC_AT(skb->tc_verd, AT_INGRESS); 2090 skb->tc_verd = SET_TC_AT(skb->tc_verd, AT_INGRESS);
1978 2091
1979 spin_lock(&dev->ingress_lock); 2092 rxq = &dev->rx_queue;
1980 if ((q = dev->qdisc_ingress) != NULL) 2093
1981 result = q->enqueue(skb, q); 2094 q = rxq->qdisc;
1982 spin_unlock(&dev->ingress_lock); 2095 if (q != &noop_qdisc) {
2096 spin_lock(qdisc_lock(q));
2097 if (likely(!test_bit(__QDISC_STATE_DEACTIVATED, &q->state)))
2098 result = qdisc_enqueue_root(skb, q);
2099 spin_unlock(qdisc_lock(q));
2100 }
1983 2101
1984 return result; 2102 return result;
1985} 2103}
@@ -1988,7 +2106,7 @@ static inline struct sk_buff *handle_ing(struct sk_buff *skb,
1988 struct packet_type **pt_prev, 2106 struct packet_type **pt_prev,
1989 int *ret, struct net_device *orig_dev) 2107 int *ret, struct net_device *orig_dev)
1990{ 2108{
1991 if (!skb->dev->qdisc_ingress) 2109 if (skb->dev->rx_queue.qdisc == &noop_qdisc)
1992 goto out; 2110 goto out;
1993 2111
1994 if (*pt_prev) { 2112 if (*pt_prev) {
@@ -2012,6 +2130,33 @@ out:
2012} 2130}
2013#endif 2131#endif
2014 2132
2133/*
2134 * netif_nit_deliver - deliver received packets to network taps
2135 * @skb: buffer
2136 *
2137 * This function is used to deliver incoming packets to network
2138 * taps. It should be used when the normal netif_receive_skb path
2139 * is bypassed, for example because of VLAN acceleration.
2140 */
2141void netif_nit_deliver(struct sk_buff *skb)
2142{
2143 struct packet_type *ptype;
2144
2145 if (list_empty(&ptype_all))
2146 return;
2147
2148 skb_reset_network_header(skb);
2149 skb_reset_transport_header(skb);
2150 skb->mac_len = skb->network_header - skb->mac_header;
2151
2152 rcu_read_lock();
2153 list_for_each_entry_rcu(ptype, &ptype_all, list) {
2154 if (!ptype->dev || ptype->dev == skb->dev)
2155 deliver_skb(skb, ptype, skb->dev);
2156 }
2157 rcu_read_unlock();
2158}
2159
2015/** 2160/**
2016 * netif_receive_skb - process receive buffer from network 2161 * netif_receive_skb - process receive buffer from network
2017 * @skb: buffer to process 2162 * @skb: buffer to process
@@ -2031,6 +2176,7 @@ int netif_receive_skb(struct sk_buff *skb)
2031{ 2176{
2032 struct packet_type *ptype, *pt_prev; 2177 struct packet_type *ptype, *pt_prev;
2033 struct net_device *orig_dev; 2178 struct net_device *orig_dev;
2179 struct net_device *null_or_orig;
2034 int ret = NET_RX_DROP; 2180 int ret = NET_RX_DROP;
2035 __be16 type; 2181 __be16 type;
2036 2182
@@ -2044,10 +2190,14 @@ int netif_receive_skb(struct sk_buff *skb)
2044 if (!skb->iif) 2190 if (!skb->iif)
2045 skb->iif = skb->dev->ifindex; 2191 skb->iif = skb->dev->ifindex;
2046 2192
2047 orig_dev = skb_bond(skb); 2193 null_or_orig = NULL;
2048 2194 orig_dev = skb->dev;
2049 if (!orig_dev) 2195 if (orig_dev->master) {
2050 return NET_RX_DROP; 2196 if (skb_bond_should_drop(skb))
2197 null_or_orig = orig_dev; /* deliver only exact match */
2198 else
2199 skb->dev = orig_dev->master;
2200 }
2051 2201
2052 __get_cpu_var(netdev_rx_stat).total++; 2202 __get_cpu_var(netdev_rx_stat).total++;
2053 2203
@@ -2059,6 +2209,10 @@ int netif_receive_skb(struct sk_buff *skb)
2059 2209
2060 rcu_read_lock(); 2210 rcu_read_lock();
2061 2211
2212 /* Don't receive packets in an exiting network namespace */
2213 if (!net_alive(dev_net(skb->dev)))
2214 goto out;
2215
2062#ifdef CONFIG_NET_CLS_ACT 2216#ifdef CONFIG_NET_CLS_ACT
2063 if (skb->tc_verd & TC_NCLS) { 2217 if (skb->tc_verd & TC_NCLS) {
2064 skb->tc_verd = CLR_TC_NCLS(skb->tc_verd); 2218 skb->tc_verd = CLR_TC_NCLS(skb->tc_verd);
@@ -2067,7 +2221,8 @@ int netif_receive_skb(struct sk_buff *skb)
2067#endif 2221#endif
2068 2222
2069 list_for_each_entry_rcu(ptype, &ptype_all, list) { 2223 list_for_each_entry_rcu(ptype, &ptype_all, list) {
2070 if (!ptype->dev || ptype->dev == skb->dev) { 2224 if (ptype->dev == null_or_orig || ptype->dev == skb->dev ||
2225 ptype->dev == orig_dev) {
2071 if (pt_prev) 2226 if (pt_prev)
2072 ret = deliver_skb(skb, pt_prev, orig_dev); 2227 ret = deliver_skb(skb, pt_prev, orig_dev);
2073 pt_prev = ptype; 2228 pt_prev = ptype;
@@ -2092,7 +2247,8 @@ ncls:
2092 list_for_each_entry_rcu(ptype, 2247 list_for_each_entry_rcu(ptype,
2093 &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) { 2248 &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) {
2094 if (ptype->type == type && 2249 if (ptype->type == type &&
2095 (!ptype->dev || ptype->dev == skb->dev)) { 2250 (ptype->dev == null_or_orig || ptype->dev == skb->dev ||
2251 ptype->dev == orig_dev)) {
2096 if (pt_prev) 2252 if (pt_prev)
2097 ret = deliver_skb(skb, pt_prev, orig_dev); 2253 ret = deliver_skb(skb, pt_prev, orig_dev);
2098 pt_prev = ptype; 2254 pt_prev = ptype;
@@ -2114,6 +2270,20 @@ out:
2114 return ret; 2270 return ret;
2115} 2271}
2116 2272
2273/* Network device is going away, flush any packets still pending */
2274static void flush_backlog(void *arg)
2275{
2276 struct net_device *dev = arg;
2277 struct softnet_data *queue = &__get_cpu_var(softnet_data);
2278 struct sk_buff *skb, *tmp;
2279
2280 skb_queue_walk_safe(&queue->input_pkt_queue, skb, tmp)
2281 if (skb->dev == dev) {
2282 __skb_unlink(skb, &queue->input_pkt_queue);
2283 kfree_skb(skb);
2284 }
2285}
2286
2117static int process_backlog(struct napi_struct *napi, int quota) 2287static int process_backlog(struct napi_struct *napi, int quota)
2118{ 2288{
2119 int work = 0; 2289 int work = 0;
@@ -2123,7 +2293,6 @@ static int process_backlog(struct napi_struct *napi, int quota)
2123 napi->weight = weight_p; 2293 napi->weight = weight_p;
2124 do { 2294 do {
2125 struct sk_buff *skb; 2295 struct sk_buff *skb;
2126 struct net_device *dev;
2127 2296
2128 local_irq_disable(); 2297 local_irq_disable();
2129 skb = __skb_dequeue(&queue->input_pkt_queue); 2298 skb = __skb_dequeue(&queue->input_pkt_queue);
@@ -2132,14 +2301,9 @@ static int process_backlog(struct napi_struct *napi, int quota)
2132 local_irq_enable(); 2301 local_irq_enable();
2133 break; 2302 break;
2134 } 2303 }
2135
2136 local_irq_enable(); 2304 local_irq_enable();
2137 2305
2138 dev = skb->dev;
2139
2140 netif_receive_skb(skb); 2306 netif_receive_skb(skb);
2141
2142 dev_put(dev);
2143 } while (++work < quota && jiffies == start_time); 2307 } while (++work < quota && jiffies == start_time);
2144 2308
2145 return work; 2309 return work;
@@ -2239,7 +2403,7 @@ out:
2239 */ 2403 */
2240 if (!cpus_empty(net_dma.channel_mask)) { 2404 if (!cpus_empty(net_dma.channel_mask)) {
2241 int chan_idx; 2405 int chan_idx;
2242 for_each_cpu_mask(chan_idx, net_dma.channel_mask) { 2406 for_each_cpu_mask_nr(chan_idx, net_dma.channel_mask) {
2243 struct dma_chan *chan = net_dma.channels[chan_idx]; 2407 struct dma_chan *chan = net_dma.channels[chan_idx];
2244 if (chan) 2408 if (chan)
2245 dma_async_memcpy_issue_pending(chan); 2409 dma_async_memcpy_issue_pending(chan);
@@ -2747,16 +2911,29 @@ int netdev_set_master(struct net_device *slave, struct net_device *master)
2747 return 0; 2911 return 0;
2748} 2912}
2749 2913
2750static void __dev_set_promiscuity(struct net_device *dev, int inc) 2914static int __dev_set_promiscuity(struct net_device *dev, int inc)
2751{ 2915{
2752 unsigned short old_flags = dev->flags; 2916 unsigned short old_flags = dev->flags;
2753 2917
2754 ASSERT_RTNL(); 2918 ASSERT_RTNL();
2755 2919
2756 if ((dev->promiscuity += inc) == 0) 2920 dev->flags |= IFF_PROMISC;
2757 dev->flags &= ~IFF_PROMISC; 2921 dev->promiscuity += inc;
2758 else 2922 if (dev->promiscuity == 0) {
2759 dev->flags |= IFF_PROMISC; 2923 /*
2924 * Avoid overflow.
2925 * If inc causes overflow, untouch promisc and return error.
2926 */
2927 if (inc < 0)
2928 dev->flags &= ~IFF_PROMISC;
2929 else {
2930 dev->promiscuity -= inc;
2931 printk(KERN_WARNING "%s: promiscuity touches roof, "
2932 "set promiscuity failed, promiscuity feature "
2933 "of device might be broken.\n", dev->name);
2934 return -EOVERFLOW;
2935 }
2936 }
2760 if (dev->flags != old_flags) { 2937 if (dev->flags != old_flags) {
2761 printk(KERN_INFO "device %s %s promiscuous mode\n", 2938 printk(KERN_INFO "device %s %s promiscuous mode\n",
2762 dev->name, (dev->flags & IFF_PROMISC) ? "entered" : 2939 dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
@@ -2774,6 +2951,7 @@ static void __dev_set_promiscuity(struct net_device *dev, int inc)
2774 if (dev->change_rx_flags) 2951 if (dev->change_rx_flags)
2775 dev->change_rx_flags(dev, IFF_PROMISC); 2952 dev->change_rx_flags(dev, IFF_PROMISC);
2776 } 2953 }
2954 return 0;
2777} 2955}
2778 2956
2779/** 2957/**
@@ -2785,14 +2963,19 @@ static void __dev_set_promiscuity(struct net_device *dev, int inc)
2785 * remains above zero the interface remains promiscuous. Once it hits zero 2963 * remains above zero the interface remains promiscuous. Once it hits zero
2786 * the device reverts back to normal filtering operation. A negative inc 2964 * the device reverts back to normal filtering operation. A negative inc
2787 * value is used to drop promiscuity on the device. 2965 * value is used to drop promiscuity on the device.
2966 * Return 0 if successful or a negative errno code on error.
2788 */ 2967 */
2789void dev_set_promiscuity(struct net_device *dev, int inc) 2968int dev_set_promiscuity(struct net_device *dev, int inc)
2790{ 2969{
2791 unsigned short old_flags = dev->flags; 2970 unsigned short old_flags = dev->flags;
2971 int err;
2792 2972
2793 __dev_set_promiscuity(dev, inc); 2973 err = __dev_set_promiscuity(dev, inc);
2974 if (err < 0)
2975 return err;
2794 if (dev->flags != old_flags) 2976 if (dev->flags != old_flags)
2795 dev_set_rx_mode(dev); 2977 dev_set_rx_mode(dev);
2978 return err;
2796} 2979}
2797 2980
2798/** 2981/**
@@ -2805,22 +2988,38 @@ void dev_set_promiscuity(struct net_device *dev, int inc)
2805 * to all interfaces. Once it hits zero the device reverts back to normal 2988 * to all interfaces. Once it hits zero the device reverts back to normal
2806 * filtering operation. A negative @inc value is used to drop the counter 2989 * filtering operation. A negative @inc value is used to drop the counter
2807 * when releasing a resource needing all multicasts. 2990 * when releasing a resource needing all multicasts.
2991 * Return 0 if successful or a negative errno code on error.
2808 */ 2992 */
2809 2993
2810void dev_set_allmulti(struct net_device *dev, int inc) 2994int dev_set_allmulti(struct net_device *dev, int inc)
2811{ 2995{
2812 unsigned short old_flags = dev->flags; 2996 unsigned short old_flags = dev->flags;
2813 2997
2814 ASSERT_RTNL(); 2998 ASSERT_RTNL();
2815 2999
2816 dev->flags |= IFF_ALLMULTI; 3000 dev->flags |= IFF_ALLMULTI;
2817 if ((dev->allmulti += inc) == 0) 3001 dev->allmulti += inc;
2818 dev->flags &= ~IFF_ALLMULTI; 3002 if (dev->allmulti == 0) {
3003 /*
3004 * Avoid overflow.
3005 * If inc causes overflow, untouch allmulti and return error.
3006 */
3007 if (inc < 0)
3008 dev->flags &= ~IFF_ALLMULTI;
3009 else {
3010 dev->allmulti -= inc;
3011 printk(KERN_WARNING "%s: allmulti touches roof, "
3012 "set allmulti failed, allmulti feature of "
3013 "device might be broken.\n", dev->name);
3014 return -EOVERFLOW;
3015 }
3016 }
2819 if (dev->flags ^ old_flags) { 3017 if (dev->flags ^ old_flags) {
2820 if (dev->change_rx_flags) 3018 if (dev->change_rx_flags)
2821 dev->change_rx_flags(dev, IFF_ALLMULTI); 3019 dev->change_rx_flags(dev, IFF_ALLMULTI);
2822 dev_set_rx_mode(dev); 3020 dev_set_rx_mode(dev);
2823 } 3021 }
3022 return 0;
2824} 3023}
2825 3024
2826/* 3025/*
@@ -2859,9 +3058,9 @@ void __dev_set_rx_mode(struct net_device *dev)
2859 3058
2860void dev_set_rx_mode(struct net_device *dev) 3059void dev_set_rx_mode(struct net_device *dev)
2861{ 3060{
2862 netif_tx_lock_bh(dev); 3061 netif_addr_lock_bh(dev);
2863 __dev_set_rx_mode(dev); 3062 __dev_set_rx_mode(dev);
2864 netif_tx_unlock_bh(dev); 3063 netif_addr_unlock_bh(dev);
2865} 3064}
2866 3065
2867int __dev_addr_delete(struct dev_addr_list **list, int *count, 3066int __dev_addr_delete(struct dev_addr_list **list, int *count,
@@ -2939,11 +3138,11 @@ int dev_unicast_delete(struct net_device *dev, void *addr, int alen)
2939 3138
2940 ASSERT_RTNL(); 3139 ASSERT_RTNL();
2941 3140
2942 netif_tx_lock_bh(dev); 3141 netif_addr_lock_bh(dev);
2943 err = __dev_addr_delete(&dev->uc_list, &dev->uc_count, addr, alen, 0); 3142 err = __dev_addr_delete(&dev->uc_list, &dev->uc_count, addr, alen, 0);
2944 if (!err) 3143 if (!err)
2945 __dev_set_rx_mode(dev); 3144 __dev_set_rx_mode(dev);
2946 netif_tx_unlock_bh(dev); 3145 netif_addr_unlock_bh(dev);
2947 return err; 3146 return err;
2948} 3147}
2949EXPORT_SYMBOL(dev_unicast_delete); 3148EXPORT_SYMBOL(dev_unicast_delete);
@@ -2951,7 +3150,7 @@ EXPORT_SYMBOL(dev_unicast_delete);
2951/** 3150/**
2952 * dev_unicast_add - add a secondary unicast address 3151 * dev_unicast_add - add a secondary unicast address
2953 * @dev: device 3152 * @dev: device
2954 * @addr: address to delete 3153 * @addr: address to add
2955 * @alen: length of @addr 3154 * @alen: length of @addr
2956 * 3155 *
2957 * Add a secondary unicast address to the device or increase 3156 * Add a secondary unicast address to the device or increase
@@ -2965,11 +3164,11 @@ int dev_unicast_add(struct net_device *dev, void *addr, int alen)
2965 3164
2966 ASSERT_RTNL(); 3165 ASSERT_RTNL();
2967 3166
2968 netif_tx_lock_bh(dev); 3167 netif_addr_lock_bh(dev);
2969 err = __dev_addr_add(&dev->uc_list, &dev->uc_count, addr, alen, 0); 3168 err = __dev_addr_add(&dev->uc_list, &dev->uc_count, addr, alen, 0);
2970 if (!err) 3169 if (!err)
2971 __dev_set_rx_mode(dev); 3170 __dev_set_rx_mode(dev);
2972 netif_tx_unlock_bh(dev); 3171 netif_addr_unlock_bh(dev);
2973 return err; 3172 return err;
2974} 3173}
2975EXPORT_SYMBOL(dev_unicast_add); 3174EXPORT_SYMBOL(dev_unicast_add);
@@ -3036,12 +3235,12 @@ int dev_unicast_sync(struct net_device *to, struct net_device *from)
3036{ 3235{
3037 int err = 0; 3236 int err = 0;
3038 3237
3039 netif_tx_lock_bh(to); 3238 netif_addr_lock_bh(to);
3040 err = __dev_addr_sync(&to->uc_list, &to->uc_count, 3239 err = __dev_addr_sync(&to->uc_list, &to->uc_count,
3041 &from->uc_list, &from->uc_count); 3240 &from->uc_list, &from->uc_count);
3042 if (!err) 3241 if (!err)
3043 __dev_set_rx_mode(to); 3242 __dev_set_rx_mode(to);
3044 netif_tx_unlock_bh(to); 3243 netif_addr_unlock_bh(to);
3045 return err; 3244 return err;
3046} 3245}
3047EXPORT_SYMBOL(dev_unicast_sync); 3246EXPORT_SYMBOL(dev_unicast_sync);
@@ -3057,15 +3256,15 @@ EXPORT_SYMBOL(dev_unicast_sync);
3057 */ 3256 */
3058void dev_unicast_unsync(struct net_device *to, struct net_device *from) 3257void dev_unicast_unsync(struct net_device *to, struct net_device *from)
3059{ 3258{
3060 netif_tx_lock_bh(from); 3259 netif_addr_lock_bh(from);
3061 netif_tx_lock_bh(to); 3260 netif_addr_lock(to);
3062 3261
3063 __dev_addr_unsync(&to->uc_list, &to->uc_count, 3262 __dev_addr_unsync(&to->uc_list, &to->uc_count,
3064 &from->uc_list, &from->uc_count); 3263 &from->uc_list, &from->uc_count);
3065 __dev_set_rx_mode(to); 3264 __dev_set_rx_mode(to);
3066 3265
3067 netif_tx_unlock_bh(to); 3266 netif_addr_unlock(to);
3068 netif_tx_unlock_bh(from); 3267 netif_addr_unlock_bh(from);
3069} 3268}
3070EXPORT_SYMBOL(dev_unicast_unsync); 3269EXPORT_SYMBOL(dev_unicast_unsync);
3071 3270
@@ -3085,7 +3284,7 @@ static void __dev_addr_discard(struct dev_addr_list **list)
3085 3284
3086static void dev_addr_discard(struct net_device *dev) 3285static void dev_addr_discard(struct net_device *dev)
3087{ 3286{
3088 netif_tx_lock_bh(dev); 3287 netif_addr_lock_bh(dev);
3089 3288
3090 __dev_addr_discard(&dev->uc_list); 3289 __dev_addr_discard(&dev->uc_list);
3091 dev->uc_count = 0; 3290 dev->uc_count = 0;
@@ -3093,7 +3292,7 @@ static void dev_addr_discard(struct net_device *dev)
3093 __dev_addr_discard(&dev->mc_list); 3292 __dev_addr_discard(&dev->mc_list);
3094 dev->mc_count = 0; 3293 dev->mc_count = 0;
3095 3294
3096 netif_tx_unlock_bh(dev); 3295 netif_addr_unlock_bh(dev);
3097} 3296}
3098 3297
3099unsigned dev_get_flags(const struct net_device *dev) 3298unsigned dev_get_flags(const struct net_device *dev)
@@ -3656,7 +3855,7 @@ static void rollback_registered(struct net_device *dev)
3656 dev->uninit(dev); 3855 dev->uninit(dev);
3657 3856
3658 /* Notifier chain MUST detach us from master device. */ 3857 /* Notifier chain MUST detach us from master device. */
3659 BUG_TRAP(!dev->master); 3858 WARN_ON(dev->master);
3660 3859
3661 /* Remove entries from kobject tree */ 3860 /* Remove entries from kobject tree */
3662 netdev_unregister_kobject(dev); 3861 netdev_unregister_kobject(dev);
@@ -3666,6 +3865,21 @@ static void rollback_registered(struct net_device *dev)
3666 dev_put(dev); 3865 dev_put(dev);
3667} 3866}
3668 3867
3868static void __netdev_init_queue_locks_one(struct net_device *dev,
3869 struct netdev_queue *dev_queue,
3870 void *_unused)
3871{
3872 spin_lock_init(&dev_queue->_xmit_lock);
3873 netdev_set_xmit_lockdep_class(&dev_queue->_xmit_lock, dev->type);
3874 dev_queue->xmit_lock_owner = -1;
3875}
3876
3877static void netdev_init_queue_locks(struct net_device *dev)
3878{
3879 netdev_for_each_tx_queue(dev, __netdev_init_queue_locks_one, NULL);
3880 __netdev_init_queue_locks_one(dev, &dev->rx_queue, NULL);
3881}
3882
3669/** 3883/**
3670 * register_netdevice - register a network device 3884 * register_netdevice - register a network device
3671 * @dev: device to register 3885 * @dev: device to register
@@ -3700,11 +3914,9 @@ int register_netdevice(struct net_device *dev)
3700 BUG_ON(!dev_net(dev)); 3914 BUG_ON(!dev_net(dev));
3701 net = dev_net(dev); 3915 net = dev_net(dev);
3702 3916
3703 spin_lock_init(&dev->queue_lock); 3917 spin_lock_init(&dev->addr_list_lock);
3704 spin_lock_init(&dev->_xmit_lock); 3918 netdev_set_addr_lockdep_class(dev);
3705 netdev_set_lockdep_class(&dev->_xmit_lock, dev->type); 3919 netdev_init_queue_locks(dev);
3706 dev->xmit_lock_owner = -1;
3707 spin_lock_init(&dev->ingress_lock);
3708 3920
3709 dev->iflink = -1; 3921 dev->iflink = -1;
3710 3922
@@ -3784,6 +3996,10 @@ int register_netdevice(struct net_device *dev)
3784 } 3996 }
3785 } 3997 }
3786 3998
3999 /* Enable software GSO if SG is supported. */
4000 if (dev->features & NETIF_F_SG)
4001 dev->features |= NETIF_F_GSO;
4002
3787 netdev_initialize_kobject(dev); 4003 netdev_initialize_kobject(dev);
3788 ret = netdev_register_kobject(dev); 4004 ret = netdev_register_kobject(dev);
3789 if (ret) 4005 if (ret)
@@ -3961,13 +4177,15 @@ void netdev_run_todo(void)
3961 4177
3962 dev->reg_state = NETREG_UNREGISTERED; 4178 dev->reg_state = NETREG_UNREGISTERED;
3963 4179
4180 on_each_cpu(flush_backlog, dev, 1);
4181
3964 netdev_wait_allrefs(dev); 4182 netdev_wait_allrefs(dev);
3965 4183
3966 /* paranoia */ 4184 /* paranoia */
3967 BUG_ON(atomic_read(&dev->refcnt)); 4185 BUG_ON(atomic_read(&dev->refcnt));
3968 BUG_TRAP(!dev->ip_ptr); 4186 WARN_ON(dev->ip_ptr);
3969 BUG_TRAP(!dev->ip6_ptr); 4187 WARN_ON(dev->ip6_ptr);
3970 BUG_TRAP(!dev->dn_ptr); 4188 WARN_ON(dev->dn_ptr);
3971 4189
3972 if (dev->destructor) 4190 if (dev->destructor)
3973 dev->destructor(dev); 4191 dev->destructor(dev);
@@ -3985,6 +4203,20 @@ static struct net_device_stats *internal_stats(struct net_device *dev)
3985 return &dev->stats; 4203 return &dev->stats;
3986} 4204}
3987 4205
4206static void netdev_init_one_queue(struct net_device *dev,
4207 struct netdev_queue *queue,
4208 void *_unused)
4209{
4210 queue->dev = dev;
4211}
4212
4213static void netdev_init_queues(struct net_device *dev)
4214{
4215 netdev_init_one_queue(dev, &dev->rx_queue, NULL);
4216 netdev_for_each_tx_queue(dev, netdev_init_one_queue, NULL);
4217 spin_lock_init(&dev->tx_global_lock);
4218}
4219
3988/** 4220/**
3989 * alloc_netdev_mq - allocate network device 4221 * alloc_netdev_mq - allocate network device
3990 * @sizeof_priv: size of private data to allocate space for 4222 * @sizeof_priv: size of private data to allocate space for
@@ -3999,14 +4231,14 @@ static struct net_device_stats *internal_stats(struct net_device *dev)
3999struct net_device *alloc_netdev_mq(int sizeof_priv, const char *name, 4231struct net_device *alloc_netdev_mq(int sizeof_priv, const char *name,
4000 void (*setup)(struct net_device *), unsigned int queue_count) 4232 void (*setup)(struct net_device *), unsigned int queue_count)
4001{ 4233{
4002 void *p; 4234 struct netdev_queue *tx;
4003 struct net_device *dev; 4235 struct net_device *dev;
4004 int alloc_size; 4236 size_t alloc_size;
4237 void *p;
4005 4238
4006 BUG_ON(strlen(name) >= sizeof(dev->name)); 4239 BUG_ON(strlen(name) >= sizeof(dev->name));
4007 4240
4008 alloc_size = sizeof(struct net_device) + 4241 alloc_size = sizeof(struct net_device);
4009 sizeof(struct net_device_subqueue) * (queue_count - 1);
4010 if (sizeof_priv) { 4242 if (sizeof_priv) {
4011 /* ensure 32-byte alignment of private area */ 4243 /* ensure 32-byte alignment of private area */
4012 alloc_size = (alloc_size + NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST; 4244 alloc_size = (alloc_size + NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST;
@@ -4021,22 +4253,33 @@ struct net_device *alloc_netdev_mq(int sizeof_priv, const char *name,
4021 return NULL; 4253 return NULL;
4022 } 4254 }
4023 4255
4256 tx = kcalloc(queue_count, sizeof(struct netdev_queue), GFP_KERNEL);
4257 if (!tx) {
4258 printk(KERN_ERR "alloc_netdev: Unable to allocate "
4259 "tx qdiscs.\n");
4260 kfree(p);
4261 return NULL;
4262 }
4263
4024 dev = (struct net_device *) 4264 dev = (struct net_device *)
4025 (((long)p + NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST); 4265 (((long)p + NETDEV_ALIGN_CONST) & ~NETDEV_ALIGN_CONST);
4026 dev->padded = (char *)dev - (char *)p; 4266 dev->padded = (char *)dev - (char *)p;
4027 dev_net_set(dev, &init_net); 4267 dev_net_set(dev, &init_net);
4028 4268
4269 dev->_tx = tx;
4270 dev->num_tx_queues = queue_count;
4271 dev->real_num_tx_queues = queue_count;
4272
4029 if (sizeof_priv) { 4273 if (sizeof_priv) {
4030 dev->priv = ((char *)dev + 4274 dev->priv = ((char *)dev +
4031 ((sizeof(struct net_device) + 4275 ((sizeof(struct net_device) + NETDEV_ALIGN_CONST)
4032 (sizeof(struct net_device_subqueue) *
4033 (queue_count - 1)) + NETDEV_ALIGN_CONST)
4034 & ~NETDEV_ALIGN_CONST)); 4276 & ~NETDEV_ALIGN_CONST));
4035 } 4277 }
4036 4278
4037 dev->egress_subqueue_count = queue_count;
4038 dev->gso_max_size = GSO_MAX_SIZE; 4279 dev->gso_max_size = GSO_MAX_SIZE;
4039 4280
4281 netdev_init_queues(dev);
4282
4040 dev->get_stats = internal_stats; 4283 dev->get_stats = internal_stats;
4041 netpoll_netdev_init(dev); 4284 netpoll_netdev_init(dev);
4042 setup(dev); 4285 setup(dev);
@@ -4057,6 +4300,8 @@ void free_netdev(struct net_device *dev)
4057{ 4300{
4058 release_net(dev_net(dev)); 4301 release_net(dev_net(dev));
4059 4302
4303 kfree(dev->_tx);
4304
4060 /* Compatibility with error handling in drivers */ 4305 /* Compatibility with error handling in drivers */
4061 if (dev->reg_state == NETREG_UNINITIALIZED) { 4306 if (dev->reg_state == NETREG_UNINITIALIZED) {
4062 kfree((char *)dev - dev->padded); 4307 kfree((char *)dev - dev->padded);
@@ -4238,7 +4483,7 @@ static int dev_cpu_callback(struct notifier_block *nfb,
4238 void *ocpu) 4483 void *ocpu)
4239{ 4484{
4240 struct sk_buff **list_skb; 4485 struct sk_buff **list_skb;
4241 struct net_device **list_net; 4486 struct Qdisc **list_net;
4242 struct sk_buff *skb; 4487 struct sk_buff *skb;
4243 unsigned int cpu, oldcpu = (unsigned long)ocpu; 4488 unsigned int cpu, oldcpu = (unsigned long)ocpu;
4244 struct softnet_data *sd, *oldsd; 4489 struct softnet_data *sd, *oldsd;
@@ -4300,7 +4545,7 @@ static void net_dma_rebalance(struct net_dma *net_dma)
4300 i = 0; 4545 i = 0;
4301 cpu = first_cpu(cpu_online_map); 4546 cpu = first_cpu(cpu_online_map);
4302 4547
4303 for_each_cpu_mask(chan_idx, net_dma->channel_mask) { 4548 for_each_cpu_mask_nr(chan_idx, net_dma->channel_mask) {
4304 chan = net_dma->channels[chan_idx]; 4549 chan = net_dma->channels[chan_idx];
4305 4550
4306 n = ((num_online_cpus() / cpus_weight(net_dma->channel_mask)) 4551 n = ((num_online_cpus() / cpus_weight(net_dma->channel_mask))
@@ -4467,6 +4712,26 @@ err_name:
4467 return -ENOMEM; 4712 return -ENOMEM;
4468} 4713}
4469 4714
4715char *netdev_drivername(struct net_device *dev, char *buffer, int len)
4716{
4717 struct device_driver *driver;
4718 struct device *parent;
4719
4720 if (len <= 0 || !buffer)
4721 return buffer;
4722 buffer[0] = 0;
4723
4724 parent = dev->dev.parent;
4725
4726 if (!parent)
4727 return buffer;
4728
4729 driver = parent->driver;
4730 if (driver && driver->name)
4731 strlcpy(buffer, driver->name, len);
4732 return buffer;
4733}
4734
4470static void __net_exit netdev_exit(struct net *net) 4735static void __net_exit netdev_exit(struct net *net)
4471{ 4736{
4472 kfree(net->dev_name_head); 4737 kfree(net->dev_name_head);
@@ -4563,8 +4828,8 @@ static int __init net_dev_init(void)
4563 4828
4564 dev_boot_phase = 0; 4829 dev_boot_phase = 0;
4565 4830
4566 open_softirq(NET_TX_SOFTIRQ, net_tx_action, NULL); 4831 open_softirq(NET_TX_SOFTIRQ, net_tx_action);
4567 open_softirq(NET_RX_SOFTIRQ, net_rx_action, NULL); 4832 open_softirq(NET_RX_SOFTIRQ, net_rx_action);
4568 4833
4569 hotcpu_notifier(dev_cpu_callback, 0); 4834 hotcpu_notifier(dev_cpu_callback, 0);
4570 dst_init(); 4835 dst_init();
diff --git a/net/core/dev_mcast.c b/net/core/dev_mcast.c
index f8a3455f4493..5402b3b38e0d 100644
--- a/net/core/dev_mcast.c
+++ b/net/core/dev_mcast.c
@@ -72,7 +72,7 @@ int dev_mc_delete(struct net_device *dev, void *addr, int alen, int glbl)
72{ 72{
73 int err; 73 int err;
74 74
75 netif_tx_lock_bh(dev); 75 netif_addr_lock_bh(dev);
76 err = __dev_addr_delete(&dev->mc_list, &dev->mc_count, 76 err = __dev_addr_delete(&dev->mc_list, &dev->mc_count,
77 addr, alen, glbl); 77 addr, alen, glbl);
78 if (!err) { 78 if (!err) {
@@ -83,7 +83,7 @@ int dev_mc_delete(struct net_device *dev, void *addr, int alen, int glbl)
83 83
84 __dev_set_rx_mode(dev); 84 __dev_set_rx_mode(dev);
85 } 85 }
86 netif_tx_unlock_bh(dev); 86 netif_addr_unlock_bh(dev);
87 return err; 87 return err;
88} 88}
89 89
@@ -95,11 +95,11 @@ int dev_mc_add(struct net_device *dev, void *addr, int alen, int glbl)
95{ 95{
96 int err; 96 int err;
97 97
98 netif_tx_lock_bh(dev); 98 netif_addr_lock_bh(dev);
99 err = __dev_addr_add(&dev->mc_list, &dev->mc_count, addr, alen, glbl); 99 err = __dev_addr_add(&dev->mc_list, &dev->mc_count, addr, alen, glbl);
100 if (!err) 100 if (!err)
101 __dev_set_rx_mode(dev); 101 __dev_set_rx_mode(dev);
102 netif_tx_unlock_bh(dev); 102 netif_addr_unlock_bh(dev);
103 return err; 103 return err;
104} 104}
105 105
@@ -119,12 +119,12 @@ int dev_mc_sync(struct net_device *to, struct net_device *from)
119{ 119{
120 int err = 0; 120 int err = 0;
121 121
122 netif_tx_lock_bh(to); 122 netif_addr_lock_bh(to);
123 err = __dev_addr_sync(&to->mc_list, &to->mc_count, 123 err = __dev_addr_sync(&to->mc_list, &to->mc_count,
124 &from->mc_list, &from->mc_count); 124 &from->mc_list, &from->mc_count);
125 if (!err) 125 if (!err)
126 __dev_set_rx_mode(to); 126 __dev_set_rx_mode(to);
127 netif_tx_unlock_bh(to); 127 netif_addr_unlock_bh(to);
128 128
129 return err; 129 return err;
130} 130}
@@ -143,15 +143,15 @@ EXPORT_SYMBOL(dev_mc_sync);
143 */ 143 */
144void dev_mc_unsync(struct net_device *to, struct net_device *from) 144void dev_mc_unsync(struct net_device *to, struct net_device *from)
145{ 145{
146 netif_tx_lock_bh(from); 146 netif_addr_lock_bh(from);
147 netif_tx_lock_bh(to); 147 netif_addr_lock(to);
148 148
149 __dev_addr_unsync(&to->mc_list, &to->mc_count, 149 __dev_addr_unsync(&to->mc_list, &to->mc_count,
150 &from->mc_list, &from->mc_count); 150 &from->mc_list, &from->mc_count);
151 __dev_set_rx_mode(to); 151 __dev_set_rx_mode(to);
152 152
153 netif_tx_unlock_bh(to); 153 netif_addr_unlock(to);
154 netif_tx_unlock_bh(from); 154 netif_addr_unlock_bh(from);
155} 155}
156EXPORT_SYMBOL(dev_mc_unsync); 156EXPORT_SYMBOL(dev_mc_unsync);
157 157
@@ -164,7 +164,7 @@ static int dev_mc_seq_show(struct seq_file *seq, void *v)
164 if (v == SEQ_START_TOKEN) 164 if (v == SEQ_START_TOKEN)
165 return 0; 165 return 0;
166 166
167 netif_tx_lock_bh(dev); 167 netif_addr_lock_bh(dev);
168 for (m = dev->mc_list; m; m = m->next) { 168 for (m = dev->mc_list; m; m = m->next) {
169 int i; 169 int i;
170 170
@@ -176,7 +176,7 @@ static int dev_mc_seq_show(struct seq_file *seq, void *v)
176 176
177 seq_putc(seq, '\n'); 177 seq_putc(seq, '\n');
178 } 178 }
179 netif_tx_unlock_bh(dev); 179 netif_addr_unlock_bh(dev);
180 return 0; 180 return 0;
181} 181}
182 182
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 0133b5ebd545..14ada537f895 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -209,6 +209,36 @@ static int ethtool_get_drvinfo(struct net_device *dev, void __user *useraddr)
209 return 0; 209 return 0;
210} 210}
211 211
212static int ethtool_set_rxhash(struct net_device *dev, void __user *useraddr)
213{
214 struct ethtool_rxnfc cmd;
215
216 if (!dev->ethtool_ops->set_rxhash)
217 return -EOPNOTSUPP;
218
219 if (copy_from_user(&cmd, useraddr, sizeof(cmd)))
220 return -EFAULT;
221
222 return dev->ethtool_ops->set_rxhash(dev, &cmd);
223}
224
225static int ethtool_get_rxhash(struct net_device *dev, void __user *useraddr)
226{
227 struct ethtool_rxnfc info;
228
229 if (!dev->ethtool_ops->get_rxhash)
230 return -EOPNOTSUPP;
231
232 if (copy_from_user(&info, useraddr, sizeof(info)))
233 return -EFAULT;
234
235 dev->ethtool_ops->get_rxhash(dev, &info);
236
237 if (copy_to_user(useraddr, &info, sizeof(info)))
238 return -EFAULT;
239 return 0;
240}
241
212static int ethtool_get_regs(struct net_device *dev, char __user *useraddr) 242static int ethtool_get_regs(struct net_device *dev, char __user *useraddr)
213{ 243{
214 struct ethtool_regs regs; 244 struct ethtool_regs regs;
@@ -826,6 +856,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr)
826 case ETHTOOL_GGSO: 856 case ETHTOOL_GGSO:
827 case ETHTOOL_GFLAGS: 857 case ETHTOOL_GFLAGS:
828 case ETHTOOL_GPFLAGS: 858 case ETHTOOL_GPFLAGS:
859 case ETHTOOL_GRXFH:
829 break; 860 break;
830 default: 861 default:
831 if (!capable(CAP_NET_ADMIN)) 862 if (!capable(CAP_NET_ADMIN))
@@ -977,6 +1008,12 @@ int dev_ethtool(struct net *net, struct ifreq *ifr)
977 rc = ethtool_set_value(dev, useraddr, 1008 rc = ethtool_set_value(dev, useraddr,
978 dev->ethtool_ops->set_priv_flags); 1009 dev->ethtool_ops->set_priv_flags);
979 break; 1010 break;
1011 case ETHTOOL_GRXFH:
1012 rc = ethtool_get_rxhash(dev, useraddr);
1013 break;
1014 case ETHTOOL_SRXFH:
1015 rc = ethtool_set_rxhash(dev, useraddr);
1016 break;
980 default: 1017 default:
981 rc = -EOPNOTSUPP; 1018 rc = -EOPNOTSUPP;
982 } 1019 }
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index e3e9ab0f74e3..79de3b14a8d1 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -69,7 +69,7 @@ static void rules_ops_put(struct fib_rules_ops *ops)
69static void flush_route_cache(struct fib_rules_ops *ops) 69static void flush_route_cache(struct fib_rules_ops *ops)
70{ 70{
71 if (ops->flush_cache) 71 if (ops->flush_cache)
72 ops->flush_cache(); 72 ops->flush_cache(ops);
73} 73}
74 74
75int fib_rules_register(struct fib_rules_ops *ops) 75int fib_rules_register(struct fib_rules_ops *ops)
@@ -226,7 +226,7 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
226 226
227 ops = lookup_rules_ops(net, frh->family); 227 ops = lookup_rules_ops(net, frh->family);
228 if (ops == NULL) { 228 if (ops == NULL) {
229 err = EAFNOSUPPORT; 229 err = -EAFNOSUPPORT;
230 goto errout; 230 goto errout;
231 } 231 }
232 232
@@ -365,7 +365,7 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
365 365
366 ops = lookup_rules_ops(net, frh->family); 366 ops = lookup_rules_ops(net, frh->family);
367 if (ops == NULL) { 367 if (ops == NULL) {
368 err = EAFNOSUPPORT; 368 err = -EAFNOSUPPORT;
369 goto errout; 369 goto errout;
370 } 370 }
371 371
diff --git a/net/core/filter.c b/net/core/filter.c
index 4f8369729a4e..df3744355839 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -68,7 +68,6 @@ static inline void *load_pointer(struct sk_buff *skb, int k,
68 * sk_filter - run a packet through a socket filter 68 * sk_filter - run a packet through a socket filter
69 * @sk: sock associated with &sk_buff 69 * @sk: sock associated with &sk_buff
70 * @skb: buffer to filter 70 * @skb: buffer to filter
71 * @needlock: set to 1 if the sock is not locked by caller.
72 * 71 *
73 * Run the filter code and then cut skb->data to correct size returned by 72 * Run the filter code and then cut skb->data to correct size returned by
74 * sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller 73 * sk_run_filter. If pkt_len is 0 we toss packet. If skb->len is smaller
diff --git a/net/core/flow.c b/net/core/flow.c
index 19991175fdeb..5cf81052d044 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -298,7 +298,7 @@ void flow_cache_flush(void)
298 init_completion(&info.completion); 298 init_completion(&info.completion);
299 299
300 local_bh_disable(); 300 local_bh_disable();
301 smp_call_function(flow_cache_flush_per_cpu, &info, 1, 0); 301 smp_call_function(flow_cache_flush_per_cpu, &info, 0);
302 flow_cache_flush_tasklet((unsigned long)&info); 302 flow_cache_flush_tasklet((unsigned long)&info);
303 local_bh_enable(); 303 local_bh_enable();
304 304
diff --git a/net/core/iovec.c b/net/core/iovec.c
index 755c37fdaee7..4c9c0121c9da 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -36,7 +36,7 @@
36 * in any case. 36 * in any case.
37 */ 37 */
38 38
39int verify_iovec(struct msghdr *m, struct iovec *iov, char *address, int mode) 39int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
40{ 40{
41 int size, err, ct; 41 int size, err, ct;
42 42
diff --git a/net/core/link_watch.c b/net/core/link_watch.c
index a5e372b9ec4d..bf8f7af699d7 100644
--- a/net/core/link_watch.c
+++ b/net/core/link_watch.c
@@ -77,10 +77,10 @@ static void rfc2863_policy(struct net_device *dev)
77} 77}
78 78
79 79
80static int linkwatch_urgent_event(struct net_device *dev) 80static bool linkwatch_urgent_event(struct net_device *dev)
81{ 81{
82 return netif_running(dev) && netif_carrier_ok(dev) && 82 return netif_running(dev) && netif_carrier_ok(dev) &&
83 dev->qdisc != dev->qdisc_sleeping; 83 qdisc_tx_changing(dev);
84} 84}
85 85
86 86
@@ -180,10 +180,9 @@ static void __linkwatch_run_queue(int urgent_only)
180 180
181 rfc2863_policy(dev); 181 rfc2863_policy(dev);
182 if (dev->flags & IFF_UP) { 182 if (dev->flags & IFF_UP) {
183 if (netif_carrier_ok(dev)) { 183 if (netif_carrier_ok(dev))
184 WARN_ON(dev->qdisc_sleeping == &noop_qdisc);
185 dev_activate(dev); 184 dev_activate(dev);
186 } else 185 else
187 dev_deactivate(dev); 186 dev_deactivate(dev);
188 187
189 netdev_state_change(dev); 188 netdev_state_change(dev);
@@ -214,7 +213,7 @@ static void linkwatch_event(struct work_struct *dummy)
214 213
215void linkwatch_fire_event(struct net_device *dev) 214void linkwatch_fire_event(struct net_device *dev)
216{ 215{
217 int urgent = linkwatch_urgent_event(dev); 216 bool urgent = linkwatch_urgent_event(dev);
218 217
219 if (!test_and_set_bit(__LINK_STATE_LINKWATCH_PENDING, &dev->state)) { 218 if (!test_and_set_bit(__LINK_STATE_LINKWATCH_PENDING, &dev->state)) {
220 dev_hold(dev); 219 dev_hold(dev);
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 5d9d7130bd6e..9d92e41826e7 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -930,6 +930,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
930 buff = neigh->arp_queue.next; 930 buff = neigh->arp_queue.next;
931 __skb_unlink(buff, &neigh->arp_queue); 931 __skb_unlink(buff, &neigh->arp_queue);
932 kfree_skb(buff); 932 kfree_skb(buff);
933 NEIGH_CACHE_STAT_INC(neigh->tbl, unres_discards);
933 } 934 }
934 __skb_queue_tail(&neigh->arp_queue, skb); 935 __skb_queue_tail(&neigh->arp_queue, skb);
935 } 936 }
@@ -1714,7 +1715,8 @@ static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1714 return nla_nest_end(skb, nest); 1715 return nla_nest_end(skb, nest);
1715 1716
1716nla_put_failure: 1717nla_put_failure:
1717 return nla_nest_cancel(skb, nest); 1718 nla_nest_cancel(skb, nest);
1719 return -EMSGSIZE;
1718} 1720}
1719 1721
1720static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl, 1722static int neightbl_fill_info(struct sk_buff *skb, struct neigh_table *tbl,
@@ -2057,9 +2059,9 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
2057 goto nla_put_failure; 2059 goto nla_put_failure;
2058 } 2060 }
2059 2061
2060 ci.ndm_used = now - neigh->used; 2062 ci.ndm_used = jiffies_to_clock_t(now - neigh->used);
2061 ci.ndm_confirmed = now - neigh->confirmed; 2063 ci.ndm_confirmed = jiffies_to_clock_t(now - neigh->confirmed);
2062 ci.ndm_updated = now - neigh->updated; 2064 ci.ndm_updated = jiffies_to_clock_t(now - neigh->updated);
2063 ci.ndm_refcnt = atomic_read(&neigh->refcnt) - 1; 2065 ci.ndm_refcnt = atomic_read(&neigh->refcnt) - 1;
2064 read_unlock_bh(&neigh->lock); 2066 read_unlock_bh(&neigh->lock);
2065 2067
@@ -2279,6 +2281,7 @@ static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos)
2279 struct neighbour *n = neigh_get_first(seq); 2281 struct neighbour *n = neigh_get_first(seq);
2280 2282
2281 if (n) { 2283 if (n) {
2284 --(*pos);
2282 while (*pos) { 2285 while (*pos) {
2283 n = neigh_get_next(seq, n, pos); 2286 n = neigh_get_next(seq, n, pos);
2284 if (!n) 2287 if (!n)
@@ -2339,6 +2342,7 @@ static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos)
2339 struct pneigh_entry *pn = pneigh_get_first(seq); 2342 struct pneigh_entry *pn = pneigh_get_first(seq);
2340 2343
2341 if (pn) { 2344 if (pn) {
2345 --(*pos);
2342 while (*pos) { 2346 while (*pos) {
2343 pn = pneigh_get_next(seq, pn, pos); 2347 pn = pneigh_get_next(seq, pn, pos);
2344 if (!pn) 2348 if (!pn)
@@ -2352,10 +2356,11 @@ static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos)
2352{ 2356{
2353 struct neigh_seq_state *state = seq->private; 2357 struct neigh_seq_state *state = seq->private;
2354 void *rc; 2358 void *rc;
2359 loff_t idxpos = *pos;
2355 2360
2356 rc = neigh_get_idx(seq, pos); 2361 rc = neigh_get_idx(seq, &idxpos);
2357 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) 2362 if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY))
2358 rc = pneigh_get_idx(seq, pos); 2363 rc = pneigh_get_idx(seq, &idxpos);
2359 2364
2360 return rc; 2365 return rc;
2361} 2366}
@@ -2364,7 +2369,6 @@ void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl
2364 __acquires(tbl->lock) 2369 __acquires(tbl->lock)
2365{ 2370{
2366 struct neigh_seq_state *state = seq->private; 2371 struct neigh_seq_state *state = seq->private;
2367 loff_t pos_minus_one;
2368 2372
2369 state->tbl = tbl; 2373 state->tbl = tbl;
2370 state->bucket = 0; 2374 state->bucket = 0;
@@ -2372,8 +2376,7 @@ void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl
2372 2376
2373 read_lock_bh(&tbl->lock); 2377 read_lock_bh(&tbl->lock);
2374 2378
2375 pos_minus_one = *pos - 1; 2379 return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
2376 return *pos ? neigh_get_idx_any(seq, &pos_minus_one) : SEQ_START_TOKEN;
2377} 2380}
2378EXPORT_SYMBOL(neigh_seq_start); 2381EXPORT_SYMBOL(neigh_seq_start);
2379 2382
@@ -2383,7 +2386,7 @@ void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2383 void *rc; 2386 void *rc;
2384 2387
2385 if (v == SEQ_START_TOKEN) { 2388 if (v == SEQ_START_TOKEN) {
2386 rc = neigh_get_idx(seq, pos); 2389 rc = neigh_get_first(seq);
2387 goto out; 2390 goto out;
2388 } 2391 }
2389 2392
@@ -2461,12 +2464,12 @@ static int neigh_stat_seq_show(struct seq_file *seq, void *v)
2461 struct neigh_statistics *st = v; 2464 struct neigh_statistics *st = v;
2462 2465
2463 if (v == SEQ_START_TOKEN) { 2466 if (v == SEQ_START_TOKEN) {
2464 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs\n"); 2467 seq_printf(seq, "entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs unresolved_discards\n");
2465 return 0; 2468 return 0;
2466 } 2469 }
2467 2470
2468 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx " 2471 seq_printf(seq, "%08x %08lx %08lx %08lx %08lx %08lx %08lx "
2469 "%08lx %08lx %08lx %08lx\n", 2472 "%08lx %08lx %08lx %08lx %08lx\n",
2470 atomic_read(&tbl->entries), 2473 atomic_read(&tbl->entries),
2471 2474
2472 st->allocs, 2475 st->allocs,
@@ -2482,7 +2485,8 @@ static int neigh_stat_seq_show(struct seq_file *seq, void *v)
2482 st->rcv_probes_ucast, 2485 st->rcv_probes_ucast,
2483 2486
2484 st->periodic_gc_runs, 2487 st->periodic_gc_runs,
2485 st->forced_gc_runs 2488 st->forced_gc_runs,
2489 st->unres_discards
2486 ); 2490 );
2487 2491
2488 return 0; 2492 return 0;
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 90e2177af081..c1f4e0d428c0 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -242,11 +242,11 @@ static ssize_t netstat_show(const struct device *d,
242 offset % sizeof(unsigned long) != 0); 242 offset % sizeof(unsigned long) != 0);
243 243
244 read_lock(&dev_base_lock); 244 read_lock(&dev_base_lock);
245 if (dev_isalive(dev) && dev->get_stats && 245 if (dev_isalive(dev)) {
246 (stats = (*dev->get_stats)(dev))) 246 stats = dev->get_stats(dev);
247 ret = sprintf(buf, fmt_ulong, 247 ret = sprintf(buf, fmt_ulong,
248 *(unsigned long *)(((u8 *) stats) + offset)); 248 *(unsigned long *)(((u8 *) stats) + offset));
249 249 }
250 read_unlock(&dev_base_lock); 250 read_unlock(&dev_base_lock);
251 return ret; 251 return ret;
252} 252}
@@ -318,7 +318,7 @@ static struct attribute_group netstat_group = {
318 .attrs = netstat_attrs, 318 .attrs = netstat_attrs,
319}; 319};
320 320
321#ifdef CONFIG_WIRELESS_EXT 321#ifdef CONFIG_WIRELESS_EXT_SYSFS
322/* helper function that does all the locking etc for wireless stats */ 322/* helper function that does all the locking etc for wireless stats */
323static ssize_t wireless_show(struct device *d, char *buf, 323static ssize_t wireless_show(struct device *d, char *buf,
324 ssize_t (*format)(const struct iw_statistics *, 324 ssize_t (*format)(const struct iw_statistics *,
@@ -457,10 +457,9 @@ int netdev_register_kobject(struct net_device *net)
457 strlcpy(dev->bus_id, net->name, BUS_ID_SIZE); 457 strlcpy(dev->bus_id, net->name, BUS_ID_SIZE);
458 458
459#ifdef CONFIG_SYSFS 459#ifdef CONFIG_SYSFS
460 if (net->get_stats) 460 *groups++ = &netstat_group;
461 *groups++ = &netstat_group;
462 461
463#ifdef CONFIG_WIRELESS_EXT 462#ifdef CONFIG_WIRELESS_EXT_SYSFS
464 if (net->wireless_handlers && net->wireless_handlers->get_wireless_stats) 463 if (net->wireless_handlers && net->wireless_handlers->get_wireless_stats)
465 *groups++ = &wireless_group; 464 *groups++ = &wireless_group;
466#endif 465#endif
@@ -469,6 +468,19 @@ int netdev_register_kobject(struct net_device *net)
469 return device_add(dev); 468 return device_add(dev);
470} 469}
471 470
471int netdev_class_create_file(struct class_attribute *class_attr)
472{
473 return class_create_file(&net_class, class_attr);
474}
475
476void netdev_class_remove_file(struct class_attribute *class_attr)
477{
478 class_remove_file(&net_class, class_attr);
479}
480
481EXPORT_SYMBOL(netdev_class_create_file);
482EXPORT_SYMBOL(netdev_class_remove_file);
483
472void netdev_initialize_kobject(struct net_device *net) 484void netdev_initialize_kobject(struct net_device *net)
473{ 485{
474 struct device *device = &(net->dev); 486 struct device *device = &(net->dev);
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 72b4c184dd84..7c52fe277b62 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -140,6 +140,9 @@ static void cleanup_net(struct work_struct *work)
140 struct pernet_operations *ops; 140 struct pernet_operations *ops;
141 struct net *net; 141 struct net *net;
142 142
143 /* Be very certain incoming network packets will not find us */
144 rcu_barrier();
145
143 net = container_of(work, struct net, work); 146 net = container_of(work, struct net, work);
144 147
145 mutex_lock(&net_mutex); 148 mutex_lock(&net_mutex);
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 8fb134da0346..6c7af390be0a 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -58,25 +58,28 @@ static void queue_process(struct work_struct *work)
58 58
59 while ((skb = skb_dequeue(&npinfo->txq))) { 59 while ((skb = skb_dequeue(&npinfo->txq))) {
60 struct net_device *dev = skb->dev; 60 struct net_device *dev = skb->dev;
61 struct netdev_queue *txq;
61 62
62 if (!netif_device_present(dev) || !netif_running(dev)) { 63 if (!netif_device_present(dev) || !netif_running(dev)) {
63 __kfree_skb(skb); 64 __kfree_skb(skb);
64 continue; 65 continue;
65 } 66 }
66 67
68 txq = netdev_get_tx_queue(dev, skb_get_queue_mapping(skb));
69
67 local_irq_save(flags); 70 local_irq_save(flags);
68 netif_tx_lock(dev); 71 __netif_tx_lock(txq, smp_processor_id());
69 if ((netif_queue_stopped(dev) || 72 if (netif_tx_queue_stopped(txq) ||
70 netif_subqueue_stopped(dev, skb)) || 73 netif_tx_queue_frozen(txq) ||
71 dev->hard_start_xmit(skb, dev) != NETDEV_TX_OK) { 74 dev->hard_start_xmit(skb, dev) != NETDEV_TX_OK) {
72 skb_queue_head(&npinfo->txq, skb); 75 skb_queue_head(&npinfo->txq, skb);
73 netif_tx_unlock(dev); 76 __netif_tx_unlock(txq);
74 local_irq_restore(flags); 77 local_irq_restore(flags);
75 78
76 schedule_delayed_work(&npinfo->tx_work, HZ/10); 79 schedule_delayed_work(&npinfo->tx_work, HZ/10);
77 return; 80 return;
78 } 81 }
79 netif_tx_unlock(dev); 82 __netif_tx_unlock(txq);
80 local_irq_restore(flags); 83 local_irq_restore(flags);
81 } 84 }
82} 85}
@@ -278,17 +281,19 @@ static void netpoll_send_skb(struct netpoll *np, struct sk_buff *skb)
278 281
279 /* don't get messages out of order, and no recursion */ 282 /* don't get messages out of order, and no recursion */
280 if (skb_queue_len(&npinfo->txq) == 0 && !netpoll_owner_active(dev)) { 283 if (skb_queue_len(&npinfo->txq) == 0 && !netpoll_owner_active(dev)) {
284 struct netdev_queue *txq;
281 unsigned long flags; 285 unsigned long flags;
282 286
287 txq = netdev_get_tx_queue(dev, skb_get_queue_mapping(skb));
288
283 local_irq_save(flags); 289 local_irq_save(flags);
284 /* try until next clock tick */ 290 /* try until next clock tick */
285 for (tries = jiffies_to_usecs(1)/USEC_PER_POLL; 291 for (tries = jiffies_to_usecs(1)/USEC_PER_POLL;
286 tries > 0; --tries) { 292 tries > 0; --tries) {
287 if (netif_tx_trylock(dev)) { 293 if (__netif_tx_trylock(txq)) {
288 if (!netif_queue_stopped(dev) && 294 if (!netif_tx_queue_stopped(txq))
289 !netif_subqueue_stopped(dev, skb))
290 status = dev->hard_start_xmit(skb, dev); 295 status = dev->hard_start_xmit(skb, dev);
291 netif_tx_unlock(dev); 296 __netif_tx_unlock(txq);
292 297
293 if (status == NETDEV_TX_OK) 298 if (status == NETDEV_TX_OK)
294 break; 299 break;
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index fdf537707e51..a756847e3814 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -168,7 +168,7 @@
168#include <asm/div64.h> /* do_div */ 168#include <asm/div64.h> /* do_div */
169#include <asm/timex.h> 169#include <asm/timex.h>
170 170
171#define VERSION "pktgen v2.69: Packet Generator for packet performance testing.\n" 171#define VERSION "pktgen v2.70: Packet Generator for packet performance testing.\n"
172 172
173#define IP_NAME_SZ 32 173#define IP_NAME_SZ 32
174#define MAX_MPLS_LABELS 16 /* This is the max label stack depth */ 174#define MAX_MPLS_LABELS 16 /* This is the max label stack depth */
@@ -189,6 +189,7 @@
189#define F_FLOW_SEQ (1<<11) /* Sequential flows */ 189#define F_FLOW_SEQ (1<<11) /* Sequential flows */
190#define F_IPSEC_ON (1<<12) /* ipsec on for flows */ 190#define F_IPSEC_ON (1<<12) /* ipsec on for flows */
191#define F_QUEUE_MAP_RND (1<<13) /* queue map Random */ 191#define F_QUEUE_MAP_RND (1<<13) /* queue map Random */
192#define F_QUEUE_MAP_CPU (1<<14) /* queue map mirrors smp_processor_id() */
192 193
193/* Thread control flag bits */ 194/* Thread control flag bits */
194#define T_TERMINATE (1<<0) 195#define T_TERMINATE (1<<0)
@@ -621,6 +622,9 @@ static int pktgen_if_show(struct seq_file *seq, void *v)
621 if (pkt_dev->flags & F_QUEUE_MAP_RND) 622 if (pkt_dev->flags & F_QUEUE_MAP_RND)
622 seq_printf(seq, "QUEUE_MAP_RND "); 623 seq_printf(seq, "QUEUE_MAP_RND ");
623 624
625 if (pkt_dev->flags & F_QUEUE_MAP_CPU)
626 seq_printf(seq, "QUEUE_MAP_CPU ");
627
624 if (pkt_dev->cflows) { 628 if (pkt_dev->cflows) {
625 if (pkt_dev->flags & F_FLOW_SEQ) 629 if (pkt_dev->flags & F_FLOW_SEQ)
626 seq_printf(seq, "FLOW_SEQ "); /*in sequence flows*/ 630 seq_printf(seq, "FLOW_SEQ "); /*in sequence flows*/
@@ -1134,6 +1138,12 @@ static ssize_t pktgen_if_write(struct file *file,
1134 1138
1135 else if (strcmp(f, "!QUEUE_MAP_RND") == 0) 1139 else if (strcmp(f, "!QUEUE_MAP_RND") == 0)
1136 pkt_dev->flags &= ~F_QUEUE_MAP_RND; 1140 pkt_dev->flags &= ~F_QUEUE_MAP_RND;
1141
1142 else if (strcmp(f, "QUEUE_MAP_CPU") == 0)
1143 pkt_dev->flags |= F_QUEUE_MAP_CPU;
1144
1145 else if (strcmp(f, "!QUEUE_MAP_CPU") == 0)
1146 pkt_dev->flags &= ~F_QUEUE_MAP_CPU;
1137#ifdef CONFIG_XFRM 1147#ifdef CONFIG_XFRM
1138 else if (strcmp(f, "IPSEC") == 0) 1148 else if (strcmp(f, "IPSEC") == 0)
1139 pkt_dev->flags |= F_IPSEC_ON; 1149 pkt_dev->flags |= F_IPSEC_ON;
@@ -1875,7 +1885,7 @@ static int pktgen_device_event(struct notifier_block *unused,
1875{ 1885{
1876 struct net_device *dev = ptr; 1886 struct net_device *dev = ptr;
1877 1887
1878 if (dev_net(dev) != &init_net) 1888 if (!net_eq(dev_net(dev), &init_net))
1879 return NOTIFY_DONE; 1889 return NOTIFY_DONE;
1880 1890
1881 /* It is OK that we do not hold the group lock right now, 1891 /* It is OK that we do not hold the group lock right now,
@@ -1895,6 +1905,23 @@ static int pktgen_device_event(struct notifier_block *unused,
1895 return NOTIFY_DONE; 1905 return NOTIFY_DONE;
1896} 1906}
1897 1907
1908static struct net_device *pktgen_dev_get_by_name(struct pktgen_dev *pkt_dev, const char *ifname)
1909{
1910 char b[IFNAMSIZ+5];
1911 int i = 0;
1912
1913 for(i=0; ifname[i] != '@'; i++) {
1914 if(i == IFNAMSIZ)
1915 break;
1916
1917 b[i] = ifname[i];
1918 }
1919 b[i] = 0;
1920
1921 return dev_get_by_name(&init_net, b);
1922}
1923
1924
1898/* Associate pktgen_dev with a device. */ 1925/* Associate pktgen_dev with a device. */
1899 1926
1900static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname) 1927static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname)
@@ -1908,7 +1935,7 @@ static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname)
1908 pkt_dev->odev = NULL; 1935 pkt_dev->odev = NULL;
1909 } 1936 }
1910 1937
1911 odev = dev_get_by_name(&init_net, ifname); 1938 odev = pktgen_dev_get_by_name(pkt_dev, ifname);
1912 if (!odev) { 1939 if (!odev) {
1913 printk(KERN_ERR "pktgen: no such netdevice: \"%s\"\n", ifname); 1940 printk(KERN_ERR "pktgen: no such netdevice: \"%s\"\n", ifname);
1914 return -ENODEV; 1941 return -ENODEV;
@@ -1934,6 +1961,8 @@ static int pktgen_setup_dev(struct pktgen_dev *pkt_dev, const char *ifname)
1934 */ 1961 */
1935static void pktgen_setup_inject(struct pktgen_dev *pkt_dev) 1962static void pktgen_setup_inject(struct pktgen_dev *pkt_dev)
1936{ 1963{
1964 int ntxq;
1965
1937 if (!pkt_dev->odev) { 1966 if (!pkt_dev->odev) {
1938 printk(KERN_ERR "pktgen: ERROR: pkt_dev->odev == NULL in " 1967 printk(KERN_ERR "pktgen: ERROR: pkt_dev->odev == NULL in "
1939 "setup_inject.\n"); 1968 "setup_inject.\n");
@@ -1942,6 +1971,33 @@ static void pktgen_setup_inject(struct pktgen_dev *pkt_dev)
1942 return; 1971 return;
1943 } 1972 }
1944 1973
1974 /* make sure that we don't pick a non-existing transmit queue */
1975 ntxq = pkt_dev->odev->real_num_tx_queues;
1976 if (ntxq <= num_online_cpus() && (pkt_dev->flags & F_QUEUE_MAP_CPU)) {
1977 printk(KERN_WARNING "pktgen: WARNING: QUEUE_MAP_CPU "
1978 "disabled because CPU count (%d) exceeds number ",
1979 num_online_cpus());
1980 printk(KERN_WARNING "pktgen: WARNING: of tx queues "
1981 "(%d) on %s \n", ntxq, pkt_dev->odev->name);
1982 pkt_dev->flags &= ~F_QUEUE_MAP_CPU;
1983 }
1984 if (ntxq <= pkt_dev->queue_map_min) {
1985 printk(KERN_WARNING "pktgen: WARNING: Requested "
1986 "queue_map_min (%d) exceeds number of tx\n",
1987 pkt_dev->queue_map_min);
1988 printk(KERN_WARNING "pktgen: WARNING: queues (%d) on "
1989 "%s, resetting\n", ntxq, pkt_dev->odev->name);
1990 pkt_dev->queue_map_min = ntxq - 1;
1991 }
1992 if (ntxq <= pkt_dev->queue_map_max) {
1993 printk(KERN_WARNING "pktgen: WARNING: Requested "
1994 "queue_map_max (%d) exceeds number of tx\n",
1995 pkt_dev->queue_map_max);
1996 printk(KERN_WARNING "pktgen: WARNING: queues (%d) on "
1997 "%s, resetting\n", ntxq, pkt_dev->odev->name);
1998 pkt_dev->queue_map_max = ntxq - 1;
1999 }
2000
1945 /* Default to the interface's mac if not explicitly set. */ 2001 /* Default to the interface's mac if not explicitly set. */
1946 2002
1947 if (is_zero_ether_addr(pkt_dev->src_mac)) 2003 if (is_zero_ether_addr(pkt_dev->src_mac))
@@ -2085,15 +2141,19 @@ static inline int f_pick(struct pktgen_dev *pkt_dev)
2085 if (pkt_dev->flows[flow].count >= pkt_dev->lflow) { 2141 if (pkt_dev->flows[flow].count >= pkt_dev->lflow) {
2086 /* reset time */ 2142 /* reset time */
2087 pkt_dev->flows[flow].count = 0; 2143 pkt_dev->flows[flow].count = 0;
2144 pkt_dev->flows[flow].flags = 0;
2088 pkt_dev->curfl += 1; 2145 pkt_dev->curfl += 1;
2089 if (pkt_dev->curfl >= pkt_dev->cflows) 2146 if (pkt_dev->curfl >= pkt_dev->cflows)
2090 pkt_dev->curfl = 0; /*reset */ 2147 pkt_dev->curfl = 0; /*reset */
2091 } 2148 }
2092 } else { 2149 } else {
2093 flow = random32() % pkt_dev->cflows; 2150 flow = random32() % pkt_dev->cflows;
2151 pkt_dev->curfl = flow;
2094 2152
2095 if (pkt_dev->flows[flow].count > pkt_dev->lflow) 2153 if (pkt_dev->flows[flow].count > pkt_dev->lflow) {
2096 pkt_dev->flows[flow].count = 0; 2154 pkt_dev->flows[flow].count = 0;
2155 pkt_dev->flows[flow].flags = 0;
2156 }
2097 } 2157 }
2098 2158
2099 return pkt_dev->curfl; 2159 return pkt_dev->curfl;
@@ -2123,6 +2183,28 @@ static void get_ipsec_sa(struct pktgen_dev *pkt_dev, int flow)
2123 } 2183 }
2124} 2184}
2125#endif 2185#endif
2186static void set_cur_queue_map(struct pktgen_dev *pkt_dev)
2187{
2188
2189 if (pkt_dev->flags & F_QUEUE_MAP_CPU)
2190 pkt_dev->cur_queue_map = smp_processor_id();
2191
2192 else if (pkt_dev->queue_map_min < pkt_dev->queue_map_max) {
2193 __u16 t;
2194 if (pkt_dev->flags & F_QUEUE_MAP_RND) {
2195 t = random32() %
2196 (pkt_dev->queue_map_max -
2197 pkt_dev->queue_map_min + 1)
2198 + pkt_dev->queue_map_min;
2199 } else {
2200 t = pkt_dev->cur_queue_map + 1;
2201 if (t > pkt_dev->queue_map_max)
2202 t = pkt_dev->queue_map_min;
2203 }
2204 pkt_dev->cur_queue_map = t;
2205 }
2206}
2207
2126/* Increment/randomize headers according to flags and current values 2208/* Increment/randomize headers according to flags and current values
2127 * for IP src/dest, UDP src/dst port, MAC-Addr src/dst 2209 * for IP src/dest, UDP src/dst port, MAC-Addr src/dst
2128 */ 2210 */
@@ -2144,7 +2226,7 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev)
2144 mc = random32() % pkt_dev->src_mac_count; 2226 mc = random32() % pkt_dev->src_mac_count;
2145 else { 2227 else {
2146 mc = pkt_dev->cur_src_mac_offset++; 2228 mc = pkt_dev->cur_src_mac_offset++;
2147 if (pkt_dev->cur_src_mac_offset > 2229 if (pkt_dev->cur_src_mac_offset >=
2148 pkt_dev->src_mac_count) 2230 pkt_dev->src_mac_count)
2149 pkt_dev->cur_src_mac_offset = 0; 2231 pkt_dev->cur_src_mac_offset = 0;
2150 } 2232 }
@@ -2171,7 +2253,7 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev)
2171 2253
2172 else { 2254 else {
2173 mc = pkt_dev->cur_dst_mac_offset++; 2255 mc = pkt_dev->cur_dst_mac_offset++;
2174 if (pkt_dev->cur_dst_mac_offset > 2256 if (pkt_dev->cur_dst_mac_offset >=
2175 pkt_dev->dst_mac_count) { 2257 pkt_dev->dst_mac_count) {
2176 pkt_dev->cur_dst_mac_offset = 0; 2258 pkt_dev->cur_dst_mac_offset = 0;
2177 } 2259 }
@@ -2325,19 +2407,7 @@ static void mod_cur_headers(struct pktgen_dev *pkt_dev)
2325 pkt_dev->cur_pkt_size = t; 2407 pkt_dev->cur_pkt_size = t;
2326 } 2408 }
2327 2409
2328 if (pkt_dev->queue_map_min < pkt_dev->queue_map_max) { 2410 set_cur_queue_map(pkt_dev);
2329 __u16 t;
2330 if (pkt_dev->flags & F_QUEUE_MAP_RND) {
2331 t = random32() %
2332 (pkt_dev->queue_map_max - pkt_dev->queue_map_min + 1)
2333 + pkt_dev->queue_map_min;
2334 } else {
2335 t = pkt_dev->cur_queue_map + 1;
2336 if (t > pkt_dev->queue_map_max)
2337 t = pkt_dev->queue_map_min;
2338 }
2339 pkt_dev->cur_queue_map = t;
2340 }
2341 2411
2342 pkt_dev->flows[flow].count++; 2412 pkt_dev->flows[flow].count++;
2343} 2413}
@@ -2458,7 +2528,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
2458 __be16 *vlan_encapsulated_proto = NULL; /* packet type ID field (or len) for VLAN tag */ 2528 __be16 *vlan_encapsulated_proto = NULL; /* packet type ID field (or len) for VLAN tag */
2459 __be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */ 2529 __be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */
2460 __be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */ 2530 __be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */
2461 2531 u16 queue_map;
2462 2532
2463 if (pkt_dev->nr_labels) 2533 if (pkt_dev->nr_labels)
2464 protocol = htons(ETH_P_MPLS_UC); 2534 protocol = htons(ETH_P_MPLS_UC);
@@ -2469,6 +2539,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
2469 /* Update any of the values, used when we're incrementing various 2539 /* Update any of the values, used when we're incrementing various
2470 * fields. 2540 * fields.
2471 */ 2541 */
2542 queue_map = pkt_dev->cur_queue_map;
2472 mod_cur_headers(pkt_dev); 2543 mod_cur_headers(pkt_dev);
2473 2544
2474 datalen = (odev->hard_header_len + 16) & ~0xf; 2545 datalen = (odev->hard_header_len + 16) & ~0xf;
@@ -2507,7 +2578,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
2507 skb->network_header = skb->tail; 2578 skb->network_header = skb->tail;
2508 skb->transport_header = skb->network_header + sizeof(struct iphdr); 2579 skb->transport_header = skb->network_header + sizeof(struct iphdr);
2509 skb_put(skb, sizeof(struct iphdr) + sizeof(struct udphdr)); 2580 skb_put(skb, sizeof(struct iphdr) + sizeof(struct udphdr));
2510 skb_set_queue_mapping(skb, pkt_dev->cur_queue_map); 2581 skb_set_queue_mapping(skb, queue_map);
2511 iph = ip_hdr(skb); 2582 iph = ip_hdr(skb);
2512 udph = udp_hdr(skb); 2583 udph = udp_hdr(skb);
2513 2584
@@ -2797,6 +2868,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
2797 __be16 *vlan_encapsulated_proto = NULL; /* packet type ID field (or len) for VLAN tag */ 2868 __be16 *vlan_encapsulated_proto = NULL; /* packet type ID field (or len) for VLAN tag */
2798 __be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */ 2869 __be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */
2799 __be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */ 2870 __be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */
2871 u16 queue_map;
2800 2872
2801 if (pkt_dev->nr_labels) 2873 if (pkt_dev->nr_labels)
2802 protocol = htons(ETH_P_MPLS_UC); 2874 protocol = htons(ETH_P_MPLS_UC);
@@ -2807,6 +2879,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
2807 /* Update any of the values, used when we're incrementing various 2879 /* Update any of the values, used when we're incrementing various
2808 * fields. 2880 * fields.
2809 */ 2881 */
2882 queue_map = pkt_dev->cur_queue_map;
2810 mod_cur_headers(pkt_dev); 2883 mod_cur_headers(pkt_dev);
2811 2884
2812 skb = alloc_skb(pkt_dev->cur_pkt_size + 64 + 16 + 2885 skb = alloc_skb(pkt_dev->cur_pkt_size + 64 + 16 +
@@ -2844,7 +2917,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
2844 skb->network_header = skb->tail; 2917 skb->network_header = skb->tail;
2845 skb->transport_header = skb->network_header + sizeof(struct ipv6hdr); 2918 skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);
2846 skb_put(skb, sizeof(struct ipv6hdr) + sizeof(struct udphdr)); 2919 skb_put(skb, sizeof(struct ipv6hdr) + sizeof(struct udphdr));
2847 skb_set_queue_mapping(skb, pkt_dev->cur_queue_map); 2920 skb_set_queue_mapping(skb, queue_map);
2848 iph = ipv6_hdr(skb); 2921 iph = ipv6_hdr(skb);
2849 udph = udp_hdr(skb); 2922 udph = udp_hdr(skb);
2850 2923
@@ -3263,7 +3336,9 @@ static void pktgen_rem_thread(struct pktgen_thread *t)
3263static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev) 3336static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3264{ 3337{
3265 struct net_device *odev = NULL; 3338 struct net_device *odev = NULL;
3339 struct netdev_queue *txq;
3266 __u64 idle_start = 0; 3340 __u64 idle_start = 0;
3341 u16 queue_map;
3267 int ret; 3342 int ret;
3268 3343
3269 odev = pkt_dev->odev; 3344 odev = pkt_dev->odev;
@@ -3285,9 +3360,16 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3285 } 3360 }
3286 } 3361 }
3287 3362
3288 if ((netif_queue_stopped(odev) || 3363 if (!pkt_dev->skb) {
3289 (pkt_dev->skb && 3364 set_cur_queue_map(pkt_dev);
3290 netif_subqueue_stopped(odev, pkt_dev->skb))) || 3365 queue_map = pkt_dev->cur_queue_map;
3366 } else {
3367 queue_map = skb_get_queue_mapping(pkt_dev->skb);
3368 }
3369
3370 txq = netdev_get_tx_queue(odev, queue_map);
3371 if (netif_tx_queue_stopped(txq) ||
3372 netif_tx_queue_frozen(txq) ||
3291 need_resched()) { 3373 need_resched()) {
3292 idle_start = getCurUs(); 3374 idle_start = getCurUs();
3293 3375
@@ -3303,8 +3385,8 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3303 3385
3304 pkt_dev->idle_acc += getCurUs() - idle_start; 3386 pkt_dev->idle_acc += getCurUs() - idle_start;
3305 3387
3306 if (netif_queue_stopped(odev) || 3388 if (netif_tx_queue_stopped(txq) ||
3307 netif_subqueue_stopped(odev, pkt_dev->skb)) { 3389 netif_tx_queue_frozen(txq)) {
3308 pkt_dev->next_tx_us = getCurUs(); /* TODO */ 3390 pkt_dev->next_tx_us = getCurUs(); /* TODO */
3309 pkt_dev->next_tx_ns = 0; 3391 pkt_dev->next_tx_ns = 0;
3310 goto out; /* Try the next interface */ 3392 goto out; /* Try the next interface */
@@ -3331,9 +3413,13 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3331 } 3413 }
3332 } 3414 }
3333 3415
3334 netif_tx_lock_bh(odev); 3416 /* fill_packet() might have changed the queue */
3335 if (!netif_queue_stopped(odev) && 3417 queue_map = skb_get_queue_mapping(pkt_dev->skb);
3336 !netif_subqueue_stopped(odev, pkt_dev->skb)) { 3418 txq = netdev_get_tx_queue(odev, queue_map);
3419
3420 __netif_tx_lock_bh(txq);
3421 if (!netif_tx_queue_stopped(txq) &&
3422 !netif_tx_queue_frozen(txq)) {
3337 3423
3338 atomic_inc(&(pkt_dev->skb->users)); 3424 atomic_inc(&(pkt_dev->skb->users));
3339 retry_now: 3425 retry_now:
@@ -3377,7 +3463,7 @@ static __inline__ void pktgen_xmit(struct pktgen_dev *pkt_dev)
3377 pkt_dev->next_tx_ns = 0; 3463 pkt_dev->next_tx_ns = 0;
3378 } 3464 }
3379 3465
3380 netif_tx_unlock_bh(odev); 3466 __netif_tx_unlock_bh(txq);
3381 3467
3382 /* If pkt_dev->count is zero, then run forever */ 3468 /* If pkt_dev->count is zero, then run forever */
3383 if ((pkt_dev->count != 0) && (pkt_dev->sofar >= pkt_dev->count)) { 3469 if ((pkt_dev->count != 0) && (pkt_dev->sofar >= pkt_dev->count)) {
diff --git a/net/core/request_sock.c b/net/core/request_sock.c
index 2d3035d3abd7..7552495aff7a 100644
--- a/net/core/request_sock.c
+++ b/net/core/request_sock.c
@@ -123,7 +123,7 @@ void reqsk_queue_destroy(struct request_sock_queue *queue)
123 } 123 }
124 } 124 }
125 125
126 BUG_TRAP(lopt->qlen == 0); 126 WARN_ON(lopt->qlen != 0);
127 if (lopt_size > PAGE_SIZE) 127 if (lopt_size > PAGE_SIZE)
128 vfree(lopt); 128 vfree(lopt);
129 else 129 else
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index cf857c4dc7b1..71edb8b36341 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -498,7 +498,8 @@ int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics)
498 return nla_nest_end(skb, mx); 498 return nla_nest_end(skb, mx);
499 499
500nla_put_failure: 500nla_put_failure:
501 return nla_nest_cancel(skb, mx); 501 nla_nest_cancel(skb, mx);
502 return -EMSGSIZE;
502} 503}
503 504
504int rtnl_put_cacheinfo(struct sk_buff *skb, struct dst_entry *dst, u32 id, 505int rtnl_put_cacheinfo(struct sk_buff *skb, struct dst_entry *dst, u32 id,
@@ -604,8 +605,11 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
604 int type, u32 pid, u32 seq, u32 change, 605 int type, u32 pid, u32 seq, u32 change,
605 unsigned int flags) 606 unsigned int flags)
606{ 607{
608 struct netdev_queue *txq;
607 struct ifinfomsg *ifm; 609 struct ifinfomsg *ifm;
608 struct nlmsghdr *nlh; 610 struct nlmsghdr *nlh;
611 struct net_device_stats *stats;
612 struct nlattr *attr;
609 613
610 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ifm), flags); 614 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ifm), flags);
611 if (nlh == NULL) 615 if (nlh == NULL)
@@ -632,8 +636,9 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
632 if (dev->master) 636 if (dev->master)
633 NLA_PUT_U32(skb, IFLA_MASTER, dev->master->ifindex); 637 NLA_PUT_U32(skb, IFLA_MASTER, dev->master->ifindex);
634 638
635 if (dev->qdisc_sleeping) 639 txq = netdev_get_tx_queue(dev, 0);
636 NLA_PUT_STRING(skb, IFLA_QDISC, dev->qdisc_sleeping->ops->id); 640 if (txq->qdisc_sleeping)
641 NLA_PUT_STRING(skb, IFLA_QDISC, txq->qdisc_sleeping->ops->id);
637 642
638 if (1) { 643 if (1) {
639 struct rtnl_link_ifmap map = { 644 struct rtnl_link_ifmap map = {
@@ -652,19 +657,13 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
652 NLA_PUT(skb, IFLA_BROADCAST, dev->addr_len, dev->broadcast); 657 NLA_PUT(skb, IFLA_BROADCAST, dev->addr_len, dev->broadcast);
653 } 658 }
654 659
655 if (dev->get_stats) { 660 attr = nla_reserve(skb, IFLA_STATS,
656 struct net_device_stats *stats = dev->get_stats(dev); 661 sizeof(struct rtnl_link_stats));
657 if (stats) { 662 if (attr == NULL)
658 struct nlattr *attr; 663 goto nla_put_failure;
659
660 attr = nla_reserve(skb, IFLA_STATS,
661 sizeof(struct rtnl_link_stats));
662 if (attr == NULL)
663 goto nla_put_failure;
664 664
665 copy_rtnl_link_stats(nla_data(attr), stats); 665 stats = dev->get_stats(dev);
666 } 666 copy_rtnl_link_stats(nla_data(attr), stats);
667 }
668 667
669 if (dev->rtnl_link_ops) { 668 if (dev->rtnl_link_ops) {
670 if (rtnl_link_fill(skb, dev) < 0) 669 if (rtnl_link_fill(skb, dev) < 0)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 5c459f2b7985..ca1ccdf1ef76 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4,8 +4,6 @@
4 * Authors: Alan Cox <iiitac@pyr.swan.ac.uk> 4 * Authors: Alan Cox <iiitac@pyr.swan.ac.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de> 5 * Florian La Roche <rzsfl@rz.uni-sb.de>
6 * 6 *
7 * Version: $Id: skbuff.c,v 1.90 2001/11/07 05:56:19 davem Exp $
8 *
9 * Fixes: 7 * Fixes:
10 * Alan Cox : Fixed the worst of the load 8 * Alan Cox : Fixed the worst of the load
11 * balancer bugs. 9 * balancer bugs.
@@ -461,6 +459,8 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
461 new->tc_verd = old->tc_verd; 459 new->tc_verd = old->tc_verd;
462#endif 460#endif
463#endif 461#endif
462 new->vlan_tci = old->vlan_tci;
463
464 skb_copy_secmark(new, old); 464 skb_copy_secmark(new, old);
465} 465}
466 466
@@ -485,6 +485,9 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
485 C(head); 485 C(head);
486 C(data); 486 C(data);
487 C(truesize); 487 C(truesize);
488#if defined(CONFIG_MAC80211) || defined(CONFIG_MAC80211_MODULE)
489 C(do_not_encrypt);
490#endif
488 atomic_set(&n->users, 1); 491 atomic_set(&n->users, 1);
489 492
490 atomic_inc(&(skb_shinfo(skb)->dataref)); 493 atomic_inc(&(skb_shinfo(skb)->dataref));
@@ -1200,7 +1203,7 @@ int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1200 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1203 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1201 int end; 1204 int end;
1202 1205
1203 BUG_TRAP(start <= offset + len); 1206 WARN_ON(start > offset + len);
1204 1207
1205 end = start + skb_shinfo(skb)->frags[i].size; 1208 end = start + skb_shinfo(skb)->frags[i].size;
1206 if ((copy = end - offset) > 0) { 1209 if ((copy = end - offset) > 0) {
@@ -1229,7 +1232,7 @@ int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1229 for (; list; list = list->next) { 1232 for (; list; list = list->next) {
1230 int end; 1233 int end;
1231 1234
1232 BUG_TRAP(start <= offset + len); 1235 WARN_ON(start > offset + len);
1233 1236
1234 end = start + list->len; 1237 end = start + list->len;
1235 if ((copy = end - offset) > 0) { 1238 if ((copy = end - offset) > 0) {
@@ -1282,107 +1285,83 @@ static inline int spd_fill_page(struct splice_pipe_desc *spd, struct page *page,
1282 return 0; 1285 return 0;
1283} 1286}
1284 1287
1285/* 1288static inline void __segment_seek(struct page **page, unsigned int *poff,
1286 * Map linear and fragment data from the skb to spd. Returns number of 1289 unsigned int *plen, unsigned int off)
1287 * pages mapped.
1288 */
1289static int __skb_splice_bits(struct sk_buff *skb, unsigned int *offset,
1290 unsigned int *total_len,
1291 struct splice_pipe_desc *spd)
1292{ 1290{
1293 unsigned int nr_pages = spd->nr_pages; 1291 *poff += off;
1294 unsigned int poff, plen, len, toff, tlen; 1292 *page += *poff / PAGE_SIZE;
1295 int headlen, seg; 1293 *poff = *poff % PAGE_SIZE;
1294 *plen -= off;
1295}
1296 1296
1297 toff = *offset; 1297static inline int __splice_segment(struct page *page, unsigned int poff,
1298 tlen = *total_len; 1298 unsigned int plen, unsigned int *off,
1299 if (!tlen) 1299 unsigned int *len, struct sk_buff *skb,
1300 goto err; 1300 struct splice_pipe_desc *spd)
1301{
1302 if (!*len)
1303 return 1;
1301 1304
1302 /* 1305 /* skip this segment if already processed */
1303 * if the offset is greater than the linear part, go directly to 1306 if (*off >= plen) {
1304 * the fragments. 1307 *off -= plen;
1305 */ 1308 return 0;
1306 headlen = skb_headlen(skb);
1307 if (toff >= headlen) {
1308 toff -= headlen;
1309 goto map_frag;
1310 } 1309 }
1311 1310
1312 /* 1311 /* ignore any bits we already processed */
1313 * first map the linear region into the pages/partial map, skipping 1312 if (*off) {
1314 * any potential initial offset. 1313 __segment_seek(&page, &poff, &plen, *off);
1315 */ 1314 *off = 0;
1316 len = 0; 1315 }
1317 while (len < headlen) {
1318 void *p = skb->data + len;
1319
1320 poff = (unsigned long) p & (PAGE_SIZE - 1);
1321 plen = min_t(unsigned int, headlen - len, PAGE_SIZE - poff);
1322 len += plen;
1323
1324 if (toff) {
1325 if (plen <= toff) {
1326 toff -= plen;
1327 continue;
1328 }
1329 plen -= toff;
1330 poff += toff;
1331 toff = 0;
1332 }
1333 1316
1334 plen = min(plen, tlen); 1317 do {
1335 if (!plen) 1318 unsigned int flen = min(*len, plen);
1336 break;
1337 1319
1338 /* 1320 /* the linear region may spread across several pages */
1339 * just jump directly to update and return, no point 1321 flen = min_t(unsigned int, flen, PAGE_SIZE - poff);
1340 * in going over fragments when the output is full.
1341 */
1342 if (spd_fill_page(spd, virt_to_page(p), plen, poff, skb))
1343 goto done;
1344 1322
1345 tlen -= plen; 1323 if (spd_fill_page(spd, page, flen, poff, skb))
1346 } 1324 return 1;
1325
1326 __segment_seek(&page, &poff, &plen, flen);
1327 *len -= flen;
1328
1329 } while (*len && plen);
1330
1331 return 0;
1332}
1333
1334/*
1335 * Map linear and fragment data from the skb to spd. It reports failure if the
1336 * pipe is full or if we already spliced the requested length.
1337 */
1338static int __skb_splice_bits(struct sk_buff *skb, unsigned int *offset,
1339 unsigned int *len,
1340 struct splice_pipe_desc *spd)
1341{
1342 int seg;
1343
1344 /*
1345 * map the linear part
1346 */
1347 if (__splice_segment(virt_to_page(skb->data),
1348 (unsigned long) skb->data & (PAGE_SIZE - 1),
1349 skb_headlen(skb),
1350 offset, len, skb, spd))
1351 return 1;
1347 1352
1348 /* 1353 /*
1349 * then map the fragments 1354 * then map the fragments
1350 */ 1355 */
1351map_frag:
1352 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) { 1356 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) {
1353 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg]; 1357 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg];
1354 1358
1355 plen = f->size; 1359 if (__splice_segment(f->page, f->page_offset, f->size,
1356 poff = f->page_offset; 1360 offset, len, skb, spd))
1357 1361 return 1;
1358 if (toff) {
1359 if (plen <= toff) {
1360 toff -= plen;
1361 continue;
1362 }
1363 plen -= toff;
1364 poff += toff;
1365 toff = 0;
1366 }
1367
1368 plen = min(plen, tlen);
1369 if (!plen)
1370 break;
1371
1372 if (spd_fill_page(spd, f->page, plen, poff, skb))
1373 break;
1374
1375 tlen -= plen;
1376 } 1362 }
1377 1363
1378done: 1364 return 0;
1379 if (spd->nr_pages - nr_pages) {
1380 *offset = 0;
1381 *total_len = tlen;
1382 return 0;
1383 }
1384err:
1385 return 1;
1386} 1365}
1387 1366
1388/* 1367/*
@@ -1445,6 +1424,7 @@ done:
1445 1424
1446 if (spd.nr_pages) { 1425 if (spd.nr_pages) {
1447 int ret; 1426 int ret;
1427 struct sock *sk = __skb->sk;
1448 1428
1449 /* 1429 /*
1450 * Drop the socket lock, otherwise we have reverse 1430 * Drop the socket lock, otherwise we have reverse
@@ -1455,9 +1435,9 @@ done:
1455 * we call into ->sendpage() with the i_mutex lock held 1435 * we call into ->sendpage() with the i_mutex lock held
1456 * and networking will grab the socket lock. 1436 * and networking will grab the socket lock.
1457 */ 1437 */
1458 release_sock(__skb->sk); 1438 release_sock(sk);
1459 ret = splice_to_pipe(pipe, &spd); 1439 ret = splice_to_pipe(pipe, &spd);
1460 lock_sock(__skb->sk); 1440 lock_sock(sk);
1461 return ret; 1441 return ret;
1462 } 1442 }
1463 1443
@@ -1498,7 +1478,7 @@ int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1498 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 1478 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1499 int end; 1479 int end;
1500 1480
1501 BUG_TRAP(start <= offset + len); 1481 WARN_ON(start > offset + len);
1502 1482
1503 end = start + frag->size; 1483 end = start + frag->size;
1504 if ((copy = end - offset) > 0) { 1484 if ((copy = end - offset) > 0) {
@@ -1526,7 +1506,7 @@ int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1526 for (; list; list = list->next) { 1506 for (; list; list = list->next) {
1527 int end; 1507 int end;
1528 1508
1529 BUG_TRAP(start <= offset + len); 1509 WARN_ON(start > offset + len);
1530 1510
1531 end = start + list->len; 1511 end = start + list->len;
1532 if ((copy = end - offset) > 0) { 1512 if ((copy = end - offset) > 0) {
@@ -1575,7 +1555,7 @@ __wsum skb_checksum(const struct sk_buff *skb, int offset,
1575 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1555 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1576 int end; 1556 int end;
1577 1557
1578 BUG_TRAP(start <= offset + len); 1558 WARN_ON(start > offset + len);
1579 1559
1580 end = start + skb_shinfo(skb)->frags[i].size; 1560 end = start + skb_shinfo(skb)->frags[i].size;
1581 if ((copy = end - offset) > 0) { 1561 if ((copy = end - offset) > 0) {
@@ -1604,7 +1584,7 @@ __wsum skb_checksum(const struct sk_buff *skb, int offset,
1604 for (; list; list = list->next) { 1584 for (; list; list = list->next) {
1605 int end; 1585 int end;
1606 1586
1607 BUG_TRAP(start <= offset + len); 1587 WARN_ON(start > offset + len);
1608 1588
1609 end = start + list->len; 1589 end = start + list->len;
1610 if ((copy = end - offset) > 0) { 1590 if ((copy = end - offset) > 0) {
@@ -1652,7 +1632,7 @@ __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1652 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1632 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1653 int end; 1633 int end;
1654 1634
1655 BUG_TRAP(start <= offset + len); 1635 WARN_ON(start > offset + len);
1656 1636
1657 end = start + skb_shinfo(skb)->frags[i].size; 1637 end = start + skb_shinfo(skb)->frags[i].size;
1658 if ((copy = end - offset) > 0) { 1638 if ((copy = end - offset) > 0) {
@@ -1685,7 +1665,7 @@ __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1685 __wsum csum2; 1665 __wsum csum2;
1686 int end; 1666 int end;
1687 1667
1688 BUG_TRAP(start <= offset + len); 1668 WARN_ON(start > offset + len);
1689 1669
1690 end = start + list->len; 1670 end = start + list->len;
1691 if ((copy = end - offset) > 0) { 1671 if ((copy = end - offset) > 0) {
@@ -2276,13 +2256,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, int features)
2276 segs = nskb; 2256 segs = nskb;
2277 tail = nskb; 2257 tail = nskb;
2278 2258
2279 nskb->dev = skb->dev; 2259 __copy_skb_header(nskb, skb);
2280 skb_copy_queue_mapping(nskb, skb);
2281 nskb->priority = skb->priority;
2282 nskb->protocol = skb->protocol;
2283 nskb->dst = dst_clone(skb->dst);
2284 memcpy(nskb->cb, skb->cb, sizeof(skb->cb));
2285 nskb->pkt_type = skb->pkt_type;
2286 nskb->mac_len = skb->mac_len; 2260 nskb->mac_len = skb->mac_len;
2287 2261
2288 skb_reserve(nskb, headroom); 2262 skb_reserve(nskb, headroom);
@@ -2293,6 +2267,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, int features)
2293 skb_copy_from_linear_data(skb, skb_put(nskb, doffset), 2267 skb_copy_from_linear_data(skb, skb_put(nskb, doffset),
2294 doffset); 2268 doffset);
2295 if (!sg) { 2269 if (!sg) {
2270 nskb->ip_summed = CHECKSUM_NONE;
2296 nskb->csum = skb_copy_and_csum_bits(skb, offset, 2271 nskb->csum = skb_copy_and_csum_bits(skb, offset,
2297 skb_put(nskb, len), 2272 skb_put(nskb, len),
2298 len, 0); 2273 len, 0);
@@ -2302,8 +2277,6 @@ struct sk_buff *skb_segment(struct sk_buff *skb, int features)
2302 frag = skb_shinfo(nskb)->frags; 2277 frag = skb_shinfo(nskb)->frags;
2303 k = 0; 2278 k = 0;
2304 2279
2305 nskb->ip_summed = CHECKSUM_PARTIAL;
2306 nskb->csum = skb->csum;
2307 skb_copy_from_linear_data_offset(skb, offset, 2280 skb_copy_from_linear_data_offset(skb, offset,
2308 skb_put(nskb, hsize), hsize); 2281 skb_put(nskb, hsize), hsize);
2309 2282
@@ -2395,7 +2368,7 @@ __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2395 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 2368 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2396 int end; 2369 int end;
2397 2370
2398 BUG_TRAP(start <= offset + len); 2371 WARN_ON(start > offset + len);
2399 2372
2400 end = start + skb_shinfo(skb)->frags[i].size; 2373 end = start + skb_shinfo(skb)->frags[i].size;
2401 if ((copy = end - offset) > 0) { 2374 if ((copy = end - offset) > 0) {
@@ -2419,7 +2392,7 @@ __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2419 for (; list; list = list->next) { 2392 for (; list; list = list->next) {
2420 int end; 2393 int end;
2421 2394
2422 BUG_TRAP(start <= offset + len); 2395 WARN_ON(start > offset + len);
2423 2396
2424 end = start + list->len; 2397 end = start + list->len;
2425 if ((copy = end - offset) > 0) { 2398 if ((copy = end - offset) > 0) {
@@ -2584,6 +2557,13 @@ bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
2584 return true; 2557 return true;
2585} 2558}
2586 2559
2560void __skb_warn_lro_forwarding(const struct sk_buff *skb)
2561{
2562 if (net_ratelimit())
2563 pr_warning("%s: received packets cannot be forwarded"
2564 " while LRO is enabled\n", skb->dev->name);
2565}
2566
2587EXPORT_SYMBOL(___pskb_trim); 2567EXPORT_SYMBOL(___pskb_trim);
2588EXPORT_SYMBOL(__kfree_skb); 2568EXPORT_SYMBOL(__kfree_skb);
2589EXPORT_SYMBOL(kfree_skb); 2569EXPORT_SYMBOL(kfree_skb);
@@ -2617,6 +2597,7 @@ EXPORT_SYMBOL(skb_seq_read);
2617EXPORT_SYMBOL(skb_abort_seq_read); 2597EXPORT_SYMBOL(skb_abort_seq_read);
2618EXPORT_SYMBOL(skb_find_text); 2598EXPORT_SYMBOL(skb_find_text);
2619EXPORT_SYMBOL(skb_append_datato_frags); 2599EXPORT_SYMBOL(skb_append_datato_frags);
2600EXPORT_SYMBOL(__skb_warn_lro_forwarding);
2620 2601
2621EXPORT_SYMBOL_GPL(skb_to_sgvec); 2602EXPORT_SYMBOL_GPL(skb_to_sgvec);
2622EXPORT_SYMBOL_GPL(skb_cow_data); 2603EXPORT_SYMBOL_GPL(skb_cow_data);
diff --git a/net/core/sock.c b/net/core/sock.c
index 88094cb09c06..91f8bbc93526 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -7,8 +7,6 @@
7 * handler for protocols to use and generic option handler. 7 * handler for protocols to use and generic option handler.
8 * 8 *
9 * 9 *
10 * Version: $Id: sock.c,v 1.117 2002/02/01 22:01:03 davem Exp $
11 *
12 * Authors: Ross Biro 10 * Authors: Ross Biro
13 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
14 * Florian La Roche, <flla@stud.uni-sb.de> 12 * Florian La Roche, <flla@stud.uni-sb.de>
@@ -182,7 +180,7 @@ static const char *af_family_clock_key_strings[AF_MAX+1] = {
182 "clock-AF_ASH" , "clock-AF_ECONET" , "clock-AF_ATMSVC" , 180 "clock-AF_ASH" , "clock-AF_ECONET" , "clock-AF_ATMSVC" ,
183 "clock-21" , "clock-AF_SNA" , "clock-AF_IRDA" , 181 "clock-21" , "clock-AF_SNA" , "clock-AF_IRDA" ,
184 "clock-AF_PPPOX" , "clock-AF_WANPIPE" , "clock-AF_LLC" , 182 "clock-AF_PPPOX" , "clock-AF_WANPIPE" , "clock-AF_LLC" ,
185 "clock-27" , "clock-28" , "clock-29" , 183 "clock-27" , "clock-28" , "clock-AF_CAN" ,
186 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , 184 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" ,
187 "clock-AF_RXRPC" , "clock-AF_MAX" 185 "clock-AF_RXRPC" , "clock-AF_MAX"
188}; 186};
@@ -1068,7 +1066,7 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
1068 * to be taken into account in all callers. -acme 1066 * to be taken into account in all callers. -acme
1069 */ 1067 */
1070 sk_refcnt_debug_inc(newsk); 1068 sk_refcnt_debug_inc(newsk);
1071 newsk->sk_socket = NULL; 1069 sk_set_socket(newsk, NULL);
1072 newsk->sk_sleep = NULL; 1070 newsk->sk_sleep = NULL;
1073 1071
1074 if (newsk->sk_prot->sockets_allocated) 1072 if (newsk->sk_prot->sockets_allocated)
@@ -1444,7 +1442,7 @@ int __sk_mem_schedule(struct sock *sk, int size, int kind)
1444 /* Under pressure. */ 1442 /* Under pressure. */
1445 if (allocated > prot->sysctl_mem[1]) 1443 if (allocated > prot->sysctl_mem[1])
1446 if (prot->enter_memory_pressure) 1444 if (prot->enter_memory_pressure)
1447 prot->enter_memory_pressure(); 1445 prot->enter_memory_pressure(sk);
1448 1446
1449 /* Over hard limit. */ 1447 /* Over hard limit. */
1450 if (allocated > prot->sysctl_mem[2]) 1448 if (allocated > prot->sysctl_mem[2])
@@ -1704,7 +1702,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1704 sk->sk_rcvbuf = sysctl_rmem_default; 1702 sk->sk_rcvbuf = sysctl_rmem_default;
1705 sk->sk_sndbuf = sysctl_wmem_default; 1703 sk->sk_sndbuf = sysctl_wmem_default;
1706 sk->sk_state = TCP_CLOSE; 1704 sk->sk_state = TCP_CLOSE;
1707 sk->sk_socket = sock; 1705 sk_set_socket(sk, sock);
1708 1706
1709 sock_set_flag(sk, SOCK_ZAPPED); 1707 sock_set_flag(sk, SOCK_ZAPPED);
1710 1708
diff --git a/net/core/stream.c b/net/core/stream.c
index 4a0ad152c9c4..a6b3437ff082 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -192,13 +192,13 @@ void sk_stream_kill_queues(struct sock *sk)
192 __skb_queue_purge(&sk->sk_error_queue); 192 __skb_queue_purge(&sk->sk_error_queue);
193 193
194 /* Next, the write queue. */ 194 /* Next, the write queue. */
195 BUG_TRAP(skb_queue_empty(&sk->sk_write_queue)); 195 WARN_ON(!skb_queue_empty(&sk->sk_write_queue));
196 196
197 /* Account for returned memory. */ 197 /* Account for returned memory. */
198 sk_mem_reclaim(sk); 198 sk_mem_reclaim(sk);
199 199
200 BUG_TRAP(!sk->sk_wmem_queued); 200 WARN_ON(sk->sk_wmem_queued);
201 BUG_TRAP(!sk->sk_forward_alloc); 201 WARN_ON(sk->sk_forward_alloc);
202 202
203 /* It is _impossible_ for the backlog to contain anything 203 /* It is _impossible_ for the backlog to contain anything
204 * when we get here. All user references to this socket 204 * when we get here. All user references to this socket
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 5fc801057244..f686467ff12b 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -67,7 +67,7 @@ static struct ctl_table net_core_table[] = {
67 { 67 {
68 .ctl_name = NET_CORE_MSG_COST, 68 .ctl_name = NET_CORE_MSG_COST,
69 .procname = "message_cost", 69 .procname = "message_cost",
70 .data = &net_msg_cost, 70 .data = &net_ratelimit_state.interval,
71 .maxlen = sizeof(int), 71 .maxlen = sizeof(int),
72 .mode = 0644, 72 .mode = 0644,
73 .proc_handler = &proc_dointvec_jiffies, 73 .proc_handler = &proc_dointvec_jiffies,
@@ -76,7 +76,7 @@ static struct ctl_table net_core_table[] = {
76 { 76 {
77 .ctl_name = NET_CORE_MSG_BURST, 77 .ctl_name = NET_CORE_MSG_BURST,
78 .procname = "message_burst", 78 .procname = "message_burst",
79 .data = &net_msg_burst, 79 .data = &net_ratelimit_state.burst,
80 .maxlen = sizeof(int), 80 .maxlen = sizeof(int),
81 .mode = 0644, 81 .mode = 0644,
82 .proc_handler = &proc_dointvec, 82 .proc_handler = &proc_dointvec,
@@ -125,14 +125,6 @@ static struct ctl_table net_core_table[] = {
125#endif /* CONFIG_XFRM */ 125#endif /* CONFIG_XFRM */
126#endif /* CONFIG_NET */ 126#endif /* CONFIG_NET */
127 { 127 {
128 .ctl_name = NET_CORE_SOMAXCONN,
129 .procname = "somaxconn",
130 .data = &init_net.core.sysctl_somaxconn,
131 .maxlen = sizeof(int),
132 .mode = 0644,
133 .proc_handler = &proc_dointvec
134 },
135 {
136 .ctl_name = NET_CORE_BUDGET, 128 .ctl_name = NET_CORE_BUDGET,
137 .procname = "netdev_budget", 129 .procname = "netdev_budget",
138 .data = &netdev_budget, 130 .data = &netdev_budget,
@@ -151,6 +143,18 @@ static struct ctl_table net_core_table[] = {
151 { .ctl_name = 0 } 143 { .ctl_name = 0 }
152}; 144};
153 145
146static struct ctl_table netns_core_table[] = {
147 {
148 .ctl_name = NET_CORE_SOMAXCONN,
149 .procname = "somaxconn",
150 .data = &init_net.core.sysctl_somaxconn,
151 .maxlen = sizeof(int),
152 .mode = 0644,
153 .proc_handler = &proc_dointvec
154 },
155 { .ctl_name = 0 }
156};
157
154static __net_initdata struct ctl_path net_core_path[] = { 158static __net_initdata struct ctl_path net_core_path[] = {
155 { .procname = "net", .ctl_name = CTL_NET, }, 159 { .procname = "net", .ctl_name = CTL_NET, },
156 { .procname = "core", .ctl_name = NET_CORE, }, 160 { .procname = "core", .ctl_name = NET_CORE, },
@@ -159,23 +163,17 @@ static __net_initdata struct ctl_path net_core_path[] = {
159 163
160static __net_init int sysctl_core_net_init(struct net *net) 164static __net_init int sysctl_core_net_init(struct net *net)
161{ 165{
162 struct ctl_table *tbl, *tmp; 166 struct ctl_table *tbl;
163 167
164 net->core.sysctl_somaxconn = SOMAXCONN; 168 net->core.sysctl_somaxconn = SOMAXCONN;
165 169
166 tbl = net_core_table; 170 tbl = netns_core_table;
167 if (net != &init_net) { 171 if (net != &init_net) {
168 tbl = kmemdup(tbl, sizeof(net_core_table), GFP_KERNEL); 172 tbl = kmemdup(tbl, sizeof(netns_core_table), GFP_KERNEL);
169 if (tbl == NULL) 173 if (tbl == NULL)
170 goto err_dup; 174 goto err_dup;
171 175
172 for (tmp = tbl; tmp->procname; tmp++) { 176 tbl[0].data = &net->core.sysctl_somaxconn;
173 if (tmp->data >= (void *)&init_net &&
174 tmp->data < (void *)(&init_net + 1))
175 tmp->data += (char *)net - (char *)&init_net;
176 else
177 tmp->mode &= ~0222;
178 }
179 } 177 }
180 178
181 net->core.sysctl_hdr = register_net_sysctl_table(net, 179 net->core.sysctl_hdr = register_net_sysctl_table(net,
@@ -186,7 +184,7 @@ static __net_init int sysctl_core_net_init(struct net *net)
186 return 0; 184 return 0;
187 185
188err_reg: 186err_reg:
189 if (tbl != net_core_table) 187 if (tbl != netns_core_table)
190 kfree(tbl); 188 kfree(tbl);
191err_dup: 189err_dup:
192 return -ENOMEM; 190 return -ENOMEM;
@@ -198,7 +196,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
198 196
199 tbl = net->core.sysctl_hdr->ctl_table_arg; 197 tbl = net->core.sysctl_hdr->ctl_table_arg;
200 unregister_net_sysctl_table(net->core.sysctl_hdr); 198 unregister_net_sysctl_table(net->core.sysctl_hdr);
201 BUG_ON(tbl == net_core_table); 199 BUG_ON(tbl == netns_core_table);
202 kfree(tbl); 200 kfree(tbl);
203} 201}
204 202
@@ -209,6 +207,7 @@ static __net_initdata struct pernet_operations sysctl_core_ops = {
209 207
210static __init int sysctl_core_init(void) 208static __init int sysctl_core_init(void)
211{ 209{
210 register_net_sysctl_rotable(net_core_path, net_core_table);
212 return register_pernet_subsys(&sysctl_core_ops); 211 return register_pernet_subsys(&sysctl_core_ops);
213} 212}
214 213
diff --git a/net/core/user_dma.c b/net/core/user_dma.c
index 0ad1cd57bc39..164b090d5ac3 100644
--- a/net/core/user_dma.c
+++ b/net/core/user_dma.c
@@ -27,13 +27,13 @@
27 27
28#include <linux/dmaengine.h> 28#include <linux/dmaengine.h>
29#include <linux/socket.h> 29#include <linux/socket.h>
30#include <linux/rtnetlink.h> /* for BUG_TRAP */
31#include <net/tcp.h> 30#include <net/tcp.h>
32#include <net/netdma.h> 31#include <net/netdma.h>
33 32
34#define NET_DMA_DEFAULT_COPYBREAK 4096 33#define NET_DMA_DEFAULT_COPYBREAK 4096
35 34
36int sysctl_tcp_dma_copybreak = NET_DMA_DEFAULT_COPYBREAK; 35int sysctl_tcp_dma_copybreak = NET_DMA_DEFAULT_COPYBREAK;
36EXPORT_SYMBOL(sysctl_tcp_dma_copybreak);
37 37
38/** 38/**
39 * dma_skb_copy_datagram_iovec - Copy a datagram to an iovec. 39 * dma_skb_copy_datagram_iovec - Copy a datagram to an iovec.
@@ -71,11 +71,11 @@ int dma_skb_copy_datagram_iovec(struct dma_chan *chan,
71 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 71 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
72 int end; 72 int end;
73 73
74 BUG_TRAP(start <= offset + len); 74 WARN_ON(start > offset + len);
75 75
76 end = start + skb_shinfo(skb)->frags[i].size; 76 end = start + skb_shinfo(skb)->frags[i].size;
77 copy = end - offset; 77 copy = end - offset;
78 if ((copy = end - offset) > 0) { 78 if (copy > 0) {
79 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 79 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
80 struct page *page = frag->page; 80 struct page *page = frag->page;
81 81
@@ -100,7 +100,7 @@ int dma_skb_copy_datagram_iovec(struct dma_chan *chan,
100 for (; list; list = list->next) { 100 for (; list; list = list->next) {
101 int end; 101 int end;
102 102
103 BUG_TRAP(start <= offset + len); 103 WARN_ON(start > offset + len);
104 104
105 end = start + list->len; 105 end = start + list->len;
106 copy = end - offset; 106 copy = end - offset;
diff --git a/net/core/utils.c b/net/core/utils.c
index 8031eb59054e..72e0ebe964a0 100644
--- a/net/core/utils.c
+++ b/net/core/utils.c
@@ -31,17 +31,16 @@
31#include <asm/system.h> 31#include <asm/system.h>
32#include <asm/uaccess.h> 32#include <asm/uaccess.h>
33 33
34int net_msg_cost __read_mostly = 5*HZ;
35int net_msg_burst __read_mostly = 10;
36int net_msg_warn __read_mostly = 1; 34int net_msg_warn __read_mostly = 1;
37EXPORT_SYMBOL(net_msg_warn); 35EXPORT_SYMBOL(net_msg_warn);
38 36
37DEFINE_RATELIMIT_STATE(net_ratelimit_state, 5 * HZ, 10);
39/* 38/*
40 * All net warning printk()s should be guarded by this function. 39 * All net warning printk()s should be guarded by this function.
41 */ 40 */
42int net_ratelimit(void) 41int net_ratelimit(void)
43{ 42{
44 return __printk_ratelimit(net_msg_cost, net_msg_burst); 43 return __ratelimit(&net_ratelimit_state);
45} 44}
46EXPORT_SYMBOL(net_ratelimit); 45EXPORT_SYMBOL(net_ratelimit);
47 46
diff --git a/net/dccp/ackvec.c b/net/dccp/ackvec.c
index 6de4bd195d28..1e8be246ad15 100644
--- a/net/dccp/ackvec.c
+++ b/net/dccp/ackvec.c
@@ -290,12 +290,12 @@ int dccp_ackvec_add(struct dccp_ackvec *av, const struct sock *sk,
290 290
291 while (1) { 291 while (1) {
292 const u8 len = dccp_ackvec_len(av, index); 292 const u8 len = dccp_ackvec_len(av, index);
293 const u8 state = dccp_ackvec_state(av, index); 293 const u8 av_state = dccp_ackvec_state(av, index);
294 /* 294 /*
295 * valid packets not yet in av_buf have a reserved 295 * valid packets not yet in av_buf have a reserved
296 * entry, with a len equal to 0. 296 * entry, with a len equal to 0.
297 */ 297 */
298 if (state == DCCP_ACKVEC_STATE_NOT_RECEIVED && 298 if (av_state == DCCP_ACKVEC_STATE_NOT_RECEIVED &&
299 len == 0 && delta == 0) { /* Found our 299 len == 0 && delta == 0) { /* Found our
300 reserved seat! */ 300 reserved seat! */
301 dccp_pr_debug("Found %llu reserved seat!\n", 301 dccp_pr_debug("Found %llu reserved seat!\n",
@@ -325,31 +325,6 @@ out_duplicate:
325 return -EILSEQ; 325 return -EILSEQ;
326} 326}
327 327
328#ifdef CONFIG_IP_DCCP_DEBUG
329void dccp_ackvector_print(const u64 ackno, const unsigned char *vector, int len)
330{
331 dccp_pr_debug_cat("ACK vector len=%d, ackno=%llu |", len,
332 (unsigned long long)ackno);
333
334 while (len--) {
335 const u8 state = (*vector & DCCP_ACKVEC_STATE_MASK) >> 6;
336 const u8 rl = *vector & DCCP_ACKVEC_LEN_MASK;
337
338 dccp_pr_debug_cat("%d,%d|", state, rl);
339 ++vector;
340 }
341
342 dccp_pr_debug_cat("\n");
343}
344
345void dccp_ackvec_print(const struct dccp_ackvec *av)
346{
347 dccp_ackvector_print(av->av_buf_ackno,
348 av->av_buf + av->av_buf_head,
349 av->av_vec_len);
350}
351#endif
352
353static void dccp_ackvec_throw_record(struct dccp_ackvec *av, 328static void dccp_ackvec_throw_record(struct dccp_ackvec *av,
354 struct dccp_ackvec_record *avr) 329 struct dccp_ackvec_record *avr)
355{ 330{
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
index cd61dea2eea1..f6756e0c9e69 100644
--- a/net/dccp/ccids/ccid3.c
+++ b/net/dccp/ccids/ccid3.c
@@ -159,8 +159,8 @@ static void ccid3_hc_tx_update_x(struct sock *sk, ktime_t *stamp)
159 } else if (ktime_us_delta(now, hctx->ccid3hctx_t_ld) 159 } else if (ktime_us_delta(now, hctx->ccid3hctx_t_ld)
160 - (s64)hctx->ccid3hctx_rtt >= 0) { 160 - (s64)hctx->ccid3hctx_rtt >= 0) {
161 161
162 hctx->ccid3hctx_x = 162 hctx->ccid3hctx_x = min(2 * hctx->ccid3hctx_x, min_rate);
163 max(min(2 * hctx->ccid3hctx_x, min_rate), 163 hctx->ccid3hctx_x = max(hctx->ccid3hctx_x,
164 scaled_div(((__u64)hctx->ccid3hctx_s) << 6, 164 scaled_div(((__u64)hctx->ccid3hctx_s) << 6,
165 hctx->ccid3hctx_rtt)); 165 hctx->ccid3hctx_rtt));
166 hctx->ccid3hctx_t_ld = now; 166 hctx->ccid3hctx_t_ld = now;
@@ -193,22 +193,17 @@ static inline void ccid3_hc_tx_update_s(struct ccid3_hc_tx_sock *hctx, int len)
193 193
194/* 194/*
195 * Update Window Counter using the algorithm from [RFC 4342, 8.1]. 195 * Update Window Counter using the algorithm from [RFC 4342, 8.1].
196 * The algorithm is not applicable if RTT < 4 microseconds. 196 * As elsewhere, RTT > 0 is assumed by using dccp_sample_rtt().
197 */ 197 */
198static inline void ccid3_hc_tx_update_win_count(struct ccid3_hc_tx_sock *hctx, 198static inline void ccid3_hc_tx_update_win_count(struct ccid3_hc_tx_sock *hctx,
199 ktime_t now) 199 ktime_t now)
200{ 200{
201 u32 quarter_rtts; 201 u32 delta = ktime_us_delta(now, hctx->ccid3hctx_t_last_win_count),
202 202 quarter_rtts = (4 * delta) / hctx->ccid3hctx_rtt;
203 if (unlikely(hctx->ccid3hctx_rtt < 4)) /* avoid divide-by-zero */
204 return;
205
206 quarter_rtts = ktime_us_delta(now, hctx->ccid3hctx_t_last_win_count);
207 quarter_rtts /= hctx->ccid3hctx_rtt / 4;
208 203
209 if (quarter_rtts > 0) { 204 if (quarter_rtts > 0) {
210 hctx->ccid3hctx_t_last_win_count = now; 205 hctx->ccid3hctx_t_last_win_count = now;
211 hctx->ccid3hctx_last_win_count += min_t(u32, quarter_rtts, 5); 206 hctx->ccid3hctx_last_win_count += min(quarter_rtts, 5U);
212 hctx->ccid3hctx_last_win_count &= 0xF; /* mod 16 */ 207 hctx->ccid3hctx_last_win_count &= 0xF; /* mod 16 */
213 } 208 }
214} 209}
@@ -334,8 +329,14 @@ static int ccid3_hc_tx_send_packet(struct sock *sk, struct sk_buff *skb)
334 hctx->ccid3hctx_x = rfc3390_initial_rate(sk); 329 hctx->ccid3hctx_x = rfc3390_initial_rate(sk);
335 hctx->ccid3hctx_t_ld = now; 330 hctx->ccid3hctx_t_ld = now;
336 } else { 331 } else {
337 /* Sender does not have RTT sample: X_pps = 1 pkt/sec */ 332 /*
338 hctx->ccid3hctx_x = hctx->ccid3hctx_s; 333 * Sender does not have RTT sample:
334 * - set fallback RTT (RFC 4340, 3.4) since a RTT value
335 * is needed in several parts (e.g. window counter);
336 * - set sending rate X_pps = 1pps as per RFC 3448, 4.2.
337 */
338 hctx->ccid3hctx_rtt = DCCP_FALLBACK_RTT;
339 hctx->ccid3hctx_x = hctx->ccid3hctx_s;
339 hctx->ccid3hctx_x <<= 6; 340 hctx->ccid3hctx_x <<= 6;
340 } 341 }
341 ccid3_update_send_interval(hctx); 342 ccid3_update_send_interval(hctx);
@@ -793,7 +794,7 @@ static void ccid3_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb)
793{ 794{
794 struct ccid3_hc_rx_sock *hcrx = ccid3_hc_rx_sk(sk); 795 struct ccid3_hc_rx_sock *hcrx = ccid3_hc_rx_sk(sk);
795 enum ccid3_fback_type do_feedback = CCID3_FBACK_NONE; 796 enum ccid3_fback_type do_feedback = CCID3_FBACK_NONE;
796 const u32 ndp = dccp_sk(sk)->dccps_options_received.dccpor_ndp; 797 const u64 ndp = dccp_sk(sk)->dccps_options_received.dccpor_ndp;
797 const bool is_data_packet = dccp_data_packet(skb); 798 const bool is_data_packet = dccp_data_packet(skb);
798 799
799 if (unlikely(hcrx->ccid3hcrx_state == TFRC_RSTATE_NO_DATA)) { 800 if (unlikely(hcrx->ccid3hcrx_state == TFRC_RSTATE_NO_DATA)) {
@@ -824,18 +825,16 @@ static void ccid3_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb)
824 } 825 }
825 826
826 /* 827 /*
827 * Handle pending losses and otherwise check for new loss 828 * Perform loss detection and handle pending losses
828 */ 829 */
829 if (tfrc_rx_hist_loss_pending(&hcrx->ccid3hcrx_hist) && 830 if (tfrc_rx_handle_loss(&hcrx->ccid3hcrx_hist, &hcrx->ccid3hcrx_li_hist,
830 tfrc_rx_handle_loss(&hcrx->ccid3hcrx_hist, 831 skb, ndp, ccid3_first_li, sk)) {
831 &hcrx->ccid3hcrx_li_hist,
832 skb, ndp, ccid3_first_li, sk) ) {
833 do_feedback = CCID3_FBACK_PARAM_CHANGE; 832 do_feedback = CCID3_FBACK_PARAM_CHANGE;
834 goto done_receiving; 833 goto done_receiving;
835 } 834 }
836 835
837 if (tfrc_rx_hist_new_loss_indicated(&hcrx->ccid3hcrx_hist, skb, ndp)) 836 if (tfrc_rx_hist_loss_pending(&hcrx->ccid3hcrx_hist))
838 goto update_records; 837 return; /* done receiving */
839 838
840 /* 839 /*
841 * Handle data packets: RTT sampling and monitoring p 840 * Handle data packets: RTT sampling and monitoring p
diff --git a/net/dccp/ccids/lib/loss_interval.c b/net/dccp/ccids/lib/loss_interval.c
index 849e181e698f..bcd6ac415bb9 100644
--- a/net/dccp/ccids/lib/loss_interval.c
+++ b/net/dccp/ccids/lib/loss_interval.c
@@ -90,14 +90,14 @@ u8 tfrc_lh_update_i_mean(struct tfrc_loss_hist *lh, struct sk_buff *skb)
90{ 90{
91 struct tfrc_loss_interval *cur = tfrc_lh_peek(lh); 91 struct tfrc_loss_interval *cur = tfrc_lh_peek(lh);
92 u32 old_i_mean = lh->i_mean; 92 u32 old_i_mean = lh->i_mean;
93 s64 length; 93 s64 len;
94 94
95 if (cur == NULL) /* not initialised */ 95 if (cur == NULL) /* not initialised */
96 return 0; 96 return 0;
97 97
98 length = dccp_delta_seqno(cur->li_seqno, DCCP_SKB_CB(skb)->dccpd_seq); 98 len = dccp_delta_seqno(cur->li_seqno, DCCP_SKB_CB(skb)->dccpd_seq) + 1;
99 99
100 if (length - cur->li_length <= 0) /* duplicate or reordered */ 100 if (len - (s64)cur->li_length <= 0) /* duplicate or reordered */
101 return 0; 101 return 0;
102 102
103 if (SUB16(dccp_hdr(skb)->dccph_ccval, cur->li_ccval) > 4) 103 if (SUB16(dccp_hdr(skb)->dccph_ccval, cur->li_ccval) > 4)
@@ -114,7 +114,7 @@ u8 tfrc_lh_update_i_mean(struct tfrc_loss_hist *lh, struct sk_buff *skb)
114 if (tfrc_lh_length(lh) == 1) /* due to RFC 3448, 6.3.1 */ 114 if (tfrc_lh_length(lh) == 1) /* due to RFC 3448, 6.3.1 */
115 return 0; 115 return 0;
116 116
117 cur->li_length = length; 117 cur->li_length = len;
118 tfrc_lh_calc_i_mean(lh); 118 tfrc_lh_calc_i_mean(lh);
119 119
120 return (lh->i_mean < old_i_mean); 120 return (lh->i_mean < old_i_mean);
@@ -159,7 +159,7 @@ int tfrc_lh_interval_add(struct tfrc_loss_hist *lh, struct tfrc_rx_hist *rh,
159 else { 159 else {
160 cur->li_length = dccp_delta_seqno(cur->li_seqno, new->li_seqno); 160 cur->li_length = dccp_delta_seqno(cur->li_seqno, new->li_seqno);
161 new->li_length = dccp_delta_seqno(new->li_seqno, 161 new->li_length = dccp_delta_seqno(new->li_seqno,
162 tfrc_rx_hist_last_rcv(rh)->tfrchrx_seqno); 162 tfrc_rx_hist_last_rcv(rh)->tfrchrx_seqno) + 1;
163 if (lh->counter > (2*LIH_SIZE)) 163 if (lh->counter > (2*LIH_SIZE))
164 lh->counter -= LIH_SIZE; 164 lh->counter -= LIH_SIZE;
165 165
diff --git a/net/dccp/ccids/lib/packet_history.c b/net/dccp/ccids/lib/packet_history.c
index 20af1a693427..6cc108afdc3b 100644
--- a/net/dccp/ccids/lib/packet_history.c
+++ b/net/dccp/ccids/lib/packet_history.c
@@ -153,7 +153,7 @@ void tfrc_rx_packet_history_exit(void)
153 153
154static inline void tfrc_rx_hist_entry_from_skb(struct tfrc_rx_hist_entry *entry, 154static inline void tfrc_rx_hist_entry_from_skb(struct tfrc_rx_hist_entry *entry,
155 const struct sk_buff *skb, 155 const struct sk_buff *skb,
156 const u32 ndp) 156 const u64 ndp)
157{ 157{
158 const struct dccp_hdr *dh = dccp_hdr(skb); 158 const struct dccp_hdr *dh = dccp_hdr(skb);
159 159
@@ -166,7 +166,7 @@ static inline void tfrc_rx_hist_entry_from_skb(struct tfrc_rx_hist_entry *entry,
166 166
167void tfrc_rx_hist_add_packet(struct tfrc_rx_hist *h, 167void tfrc_rx_hist_add_packet(struct tfrc_rx_hist *h,
168 const struct sk_buff *skb, 168 const struct sk_buff *skb,
169 const u32 ndp) 169 const u64 ndp)
170{ 170{
171 struct tfrc_rx_hist_entry *entry = tfrc_rx_hist_last_rcv(h); 171 struct tfrc_rx_hist_entry *entry = tfrc_rx_hist_last_rcv(h);
172 172
@@ -206,31 +206,39 @@ static void tfrc_rx_hist_swap(struct tfrc_rx_hist *h, const u8 a, const u8 b)
206 * 206 *
207 * In the descriptions, `Si' refers to the sequence number of entry number i, 207 * In the descriptions, `Si' refers to the sequence number of entry number i,
208 * whose NDP count is `Ni' (lower case is used for variables). 208 * whose NDP count is `Ni' (lower case is used for variables).
209 * Note: All __after_loss functions expect that a test against duplicates has 209 * Note: All __xxx_loss functions expect that a test against duplicates has been
210 * been performed already: the seqno of the skb must not be less than the 210 * performed already: the seqno of the skb must not be less than the seqno
211 * seqno of loss_prev; and it must not equal that of any valid hist_entry. 211 * of loss_prev; and it must not equal that of any valid history entry.
212 */ 212 */
213static void __do_track_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u64 n1)
214{
215 u64 s0 = tfrc_rx_hist_loss_prev(h)->tfrchrx_seqno,
216 s1 = DCCP_SKB_CB(skb)->dccpd_seq;
217
218 if (!dccp_loss_free(s0, s1, n1)) { /* gap between S0 and S1 */
219 h->loss_count = 1;
220 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 1), skb, n1);
221 }
222}
223
213static void __one_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n2) 224static void __one_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n2)
214{ 225{
215 u64 s0 = tfrc_rx_hist_loss_prev(h)->tfrchrx_seqno, 226 u64 s0 = tfrc_rx_hist_loss_prev(h)->tfrchrx_seqno,
216 s1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_seqno, 227 s1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_seqno,
217 s2 = DCCP_SKB_CB(skb)->dccpd_seq; 228 s2 = DCCP_SKB_CB(skb)->dccpd_seq;
218 int n1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_ndp,
219 d12 = dccp_delta_seqno(s1, s2), d2;
220 229
221 if (d12 > 0) { /* S1 < S2 */ 230 if (likely(dccp_delta_seqno(s1, s2) > 0)) { /* S1 < S2 */
222 h->loss_count = 2; 231 h->loss_count = 2;
223 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 2), skb, n2); 232 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 2), skb, n2);
224 return; 233 return;
225 } 234 }
226 235
227 /* S0 < S2 < S1 */ 236 /* S0 < S2 < S1 */
228 d2 = dccp_delta_seqno(s0, s2);
229 237
230 if (d2 == 1 || n2 >= d2) { /* S2 is direct successor of S0 */ 238 if (dccp_loss_free(s0, s2, n2)) {
231 int d21 = -d12; 239 u64 n1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_ndp;
232 240
233 if (d21 == 1 || n1 >= d21) { 241 if (dccp_loss_free(s2, s1, n1)) {
234 /* hole is filled: S0, S2, and S1 are consecutive */ 242 /* hole is filled: S0, S2, and S1 are consecutive */
235 h->loss_count = 0; 243 h->loss_count = 0;
236 h->loss_start = tfrc_rx_hist_index(h, 1); 244 h->loss_start = tfrc_rx_hist_index(h, 1);
@@ -238,9 +246,9 @@ static void __one_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n2
238 /* gap between S2 and S1: just update loss_prev */ 246 /* gap between S2 and S1: just update loss_prev */
239 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_loss_prev(h), skb, n2); 247 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_loss_prev(h), skb, n2);
240 248
241 } else { /* hole between S0 and S2 */ 249 } else { /* gap between S0 and S2 */
242 /* 250 /*
243 * Reorder history to insert S2 between S0 and s1 251 * Reorder history to insert S2 between S0 and S1
244 */ 252 */
245 tfrc_rx_hist_swap(h, 0, 3); 253 tfrc_rx_hist_swap(h, 0, 3);
246 h->loss_start = tfrc_rx_hist_index(h, 3); 254 h->loss_start = tfrc_rx_hist_index(h, 3);
@@ -256,22 +264,18 @@ static int __two_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n3)
256 s1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_seqno, 264 s1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_seqno,
257 s2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_seqno, 265 s2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_seqno,
258 s3 = DCCP_SKB_CB(skb)->dccpd_seq; 266 s3 = DCCP_SKB_CB(skb)->dccpd_seq;
259 int n1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_ndp,
260 d23 = dccp_delta_seqno(s2, s3), d13, d3, d31;
261 267
262 if (d23 > 0) { /* S2 < S3 */ 268 if (likely(dccp_delta_seqno(s2, s3) > 0)) { /* S2 < S3 */
263 h->loss_count = 3; 269 h->loss_count = 3;
264 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 3), skb, n3); 270 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 3), skb, n3);
265 return 1; 271 return 1;
266 } 272 }
267 273
268 /* S3 < S2 */ 274 /* S3 < S2 */
269 d13 = dccp_delta_seqno(s1, s3);
270 275
271 if (d13 > 0) { 276 if (dccp_delta_seqno(s1, s3) > 0) { /* S1 < S3 < S2 */
272 /* 277 /*
273 * The sequence number order is S1, S3, S2 278 * Reorder history to insert S3 between S1 and S2
274 * Reorder history to insert entry between S1 and S2
275 */ 279 */
276 tfrc_rx_hist_swap(h, 2, 3); 280 tfrc_rx_hist_swap(h, 2, 3);
277 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 2), skb, n3); 281 tfrc_rx_hist_entry_from_skb(tfrc_rx_hist_entry(h, 2), skb, n3);
@@ -280,17 +284,15 @@ static int __two_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n3)
280 } 284 }
281 285
282 /* S0 < S3 < S1 */ 286 /* S0 < S3 < S1 */
283 d31 = -d13;
284 d3 = dccp_delta_seqno(s0, s3);
285 287
286 if (d3 == 1 || n3 >= d3) { /* S3 is a successor of S0 */ 288 if (dccp_loss_free(s0, s3, n3)) {
289 u64 n1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_ndp;
287 290
288 if (d31 == 1 || n1 >= d31) { 291 if (dccp_loss_free(s3, s1, n1)) {
289 /* hole between S0 and S1 filled by S3 */ 292 /* hole between S0 and S1 filled by S3 */
290 int d2 = dccp_delta_seqno(s1, s2), 293 u64 n2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_ndp;
291 n2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_ndp;
292 294
293 if (d2 == 1 || n2 >= d2) { 295 if (dccp_loss_free(s1, s2, n2)) {
294 /* entire hole filled by S0, S3, S1, S2 */ 296 /* entire hole filled by S0, S3, S1, S2 */
295 h->loss_start = tfrc_rx_hist_index(h, 2); 297 h->loss_start = tfrc_rx_hist_index(h, 2);
296 h->loss_count = 0; 298 h->loss_count = 0;
@@ -307,8 +309,8 @@ static int __two_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n3)
307 } 309 }
308 310
309 /* 311 /*
310 * The remaining case: S3 is not a successor of S0. 312 * The remaining case: S0 < S3 < S1 < S2; gap between S0 and S3
311 * Sequence order is S0, S3, S1, S2; reorder to insert between S0 and S1 313 * Reorder history to insert S3 between S0 and S1.
312 */ 314 */
313 tfrc_rx_hist_swap(h, 0, 3); 315 tfrc_rx_hist_swap(h, 0, 3);
314 h->loss_start = tfrc_rx_hist_index(h, 3); 316 h->loss_start = tfrc_rx_hist_index(h, 3);
@@ -318,33 +320,25 @@ static int __two_after_loss(struct tfrc_rx_hist *h, struct sk_buff *skb, u32 n3)
318 return 1; 320 return 1;
319} 321}
320 322
321/* return the signed modulo-2^48 sequence number distance from entry e1 to e2 */
322static s64 tfrc_rx_hist_delta_seqno(struct tfrc_rx_hist *h, u8 e1, u8 e2)
323{
324 DCCP_BUG_ON(e1 > h->loss_count || e2 > h->loss_count);
325
326 return dccp_delta_seqno(tfrc_rx_hist_entry(h, e1)->tfrchrx_seqno,
327 tfrc_rx_hist_entry(h, e2)->tfrchrx_seqno);
328}
329
330/* recycle RX history records to continue loss detection if necessary */ 323/* recycle RX history records to continue loss detection if necessary */
331static void __three_after_loss(struct tfrc_rx_hist *h) 324static void __three_after_loss(struct tfrc_rx_hist *h)
332{ 325{
333 /* 326 /*
334 * The distance between S0 and S1 is always greater than 1 and the NDP 327 * At this stage we know already that there is a gap between S0 and S1
335 * count of S1 is smaller than this distance. Otherwise there would 328 * (since S0 was the highest sequence number received before detecting
336 * have been no loss. Hence it is only necessary to see whether there 329 * the loss). To recycle the loss record, it is thus only necessary to
337 * are further missing data packets between S1/S2 and S2/S3. 330 * check for other possible gaps between S1/S2 and between S2/S3.
338 */ 331 */
339 int d2 = tfrc_rx_hist_delta_seqno(h, 1, 2), 332 u64 s1 = tfrc_rx_hist_entry(h, 1)->tfrchrx_seqno,
340 d3 = tfrc_rx_hist_delta_seqno(h, 2, 3), 333 s2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_seqno,
341 n2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_ndp, 334 s3 = tfrc_rx_hist_entry(h, 3)->tfrchrx_seqno;
335 u64 n2 = tfrc_rx_hist_entry(h, 2)->tfrchrx_ndp,
342 n3 = tfrc_rx_hist_entry(h, 3)->tfrchrx_ndp; 336 n3 = tfrc_rx_hist_entry(h, 3)->tfrchrx_ndp;
343 337
344 if (d2 == 1 || n2 >= d2) { /* S2 is successor to S1 */ 338 if (dccp_loss_free(s1, s2, n2)) {
345 339
346 if (d3 == 1 || n3 >= d3) { 340 if (dccp_loss_free(s2, s3, n3)) {
347 /* S3 is successor of S2: entire hole is filled */ 341 /* no gap between S2 and S3: entire hole is filled */
348 h->loss_start = tfrc_rx_hist_index(h, 3); 342 h->loss_start = tfrc_rx_hist_index(h, 3);
349 h->loss_count = 0; 343 h->loss_count = 0;
350 } else { 344 } else {
@@ -353,7 +347,7 @@ static void __three_after_loss(struct tfrc_rx_hist *h)
353 h->loss_count = 1; 347 h->loss_count = 1;
354 } 348 }
355 349
356 } else { /* gap between S1 and S2 */ 350 } else { /* gap between S1 and S2 */
357 h->loss_start = tfrc_rx_hist_index(h, 1); 351 h->loss_start = tfrc_rx_hist_index(h, 1);
358 h->loss_count = 2; 352 h->loss_count = 2;
359 } 353 }
@@ -370,15 +364,20 @@ static void __three_after_loss(struct tfrc_rx_hist *h)
370 * Chooses action according to pending loss, updates LI database when a new 364 * Chooses action according to pending loss, updates LI database when a new
371 * loss was detected, and does required post-processing. Returns 1 when caller 365 * loss was detected, and does required post-processing. Returns 1 when caller
372 * should send feedback, 0 otherwise. 366 * should send feedback, 0 otherwise.
367 * Since it also takes care of reordering during loss detection and updates the
368 * records accordingly, the caller should not perform any more RX history
369 * operations when loss_count is greater than 0 after calling this function.
373 */ 370 */
374int tfrc_rx_handle_loss(struct tfrc_rx_hist *h, 371int tfrc_rx_handle_loss(struct tfrc_rx_hist *h,
375 struct tfrc_loss_hist *lh, 372 struct tfrc_loss_hist *lh,
376 struct sk_buff *skb, u32 ndp, 373 struct sk_buff *skb, const u64 ndp,
377 u32 (*calc_first_li)(struct sock *), struct sock *sk) 374 u32 (*calc_first_li)(struct sock *), struct sock *sk)
378{ 375{
379 int is_new_loss = 0; 376 int is_new_loss = 0;
380 377
381 if (h->loss_count == 1) { 378 if (h->loss_count == 0) {
379 __do_track_loss(h, skb, ndp);
380 } else if (h->loss_count == 1) {
382 __one_after_loss(h, skb, ndp); 381 __one_after_loss(h, skb, ndp);
383 } else if (h->loss_count != 2) { 382 } else if (h->loss_count != 2) {
384 DCCP_BUG("invalid loss_count %d", h->loss_count); 383 DCCP_BUG("invalid loss_count %d", h->loss_count);
diff --git a/net/dccp/ccids/lib/packet_history.h b/net/dccp/ccids/lib/packet_history.h
index c7eeda49cb20..461cc91cce88 100644
--- a/net/dccp/ccids/lib/packet_history.h
+++ b/net/dccp/ccids/lib/packet_history.h
@@ -64,7 +64,7 @@ struct tfrc_rx_hist_entry {
64 u64 tfrchrx_seqno:48, 64 u64 tfrchrx_seqno:48,
65 tfrchrx_ccval:4, 65 tfrchrx_ccval:4,
66 tfrchrx_type:4; 66 tfrchrx_type:4;
67 u32 tfrchrx_ndp; /* In fact it is from 8 to 24 bits */ 67 u64 tfrchrx_ndp:48;
68 ktime_t tfrchrx_tstamp; 68 ktime_t tfrchrx_tstamp;
69}; 69};
70 70
@@ -118,41 +118,21 @@ static inline struct tfrc_rx_hist_entry *
118 return h->ring[h->loss_start]; 118 return h->ring[h->loss_start];
119} 119}
120 120
121/* initialise loss detection and disable RTT sampling */
122static inline void tfrc_rx_hist_loss_indicated(struct tfrc_rx_hist *h)
123{
124 h->loss_count = 1;
125}
126
127/* indicate whether previously a packet was detected missing */ 121/* indicate whether previously a packet was detected missing */
128static inline int tfrc_rx_hist_loss_pending(const struct tfrc_rx_hist *h) 122static inline bool tfrc_rx_hist_loss_pending(const struct tfrc_rx_hist *h)
129{
130 return h->loss_count;
131}
132
133/* any data packets missing between last reception and skb ? */
134static inline int tfrc_rx_hist_new_loss_indicated(struct tfrc_rx_hist *h,
135 const struct sk_buff *skb,
136 u32 ndp)
137{ 123{
138 int delta = dccp_delta_seqno(tfrc_rx_hist_last_rcv(h)->tfrchrx_seqno, 124 return h->loss_count > 0;
139 DCCP_SKB_CB(skb)->dccpd_seq);
140
141 if (delta > 1 && ndp < delta)
142 tfrc_rx_hist_loss_indicated(h);
143
144 return tfrc_rx_hist_loss_pending(h);
145} 125}
146 126
147extern void tfrc_rx_hist_add_packet(struct tfrc_rx_hist *h, 127extern void tfrc_rx_hist_add_packet(struct tfrc_rx_hist *h,
148 const struct sk_buff *skb, const u32 ndp); 128 const struct sk_buff *skb, const u64 ndp);
149 129
150extern int tfrc_rx_hist_duplicate(struct tfrc_rx_hist *h, struct sk_buff *skb); 130extern int tfrc_rx_hist_duplicate(struct tfrc_rx_hist *h, struct sk_buff *skb);
151 131
152struct tfrc_loss_hist; 132struct tfrc_loss_hist;
153extern int tfrc_rx_handle_loss(struct tfrc_rx_hist *h, 133extern int tfrc_rx_handle_loss(struct tfrc_rx_hist *h,
154 struct tfrc_loss_hist *lh, 134 struct tfrc_loss_hist *lh,
155 struct sk_buff *skb, u32 ndp, 135 struct sk_buff *skb, const u64 ndp,
156 u32 (*first_li)(struct sock *sk), 136 u32 (*first_li)(struct sock *sk),
157 struct sock *sk); 137 struct sock *sk);
158extern u32 tfrc_rx_hist_sample_rtt(struct tfrc_rx_hist *h, 138extern u32 tfrc_rx_hist_sample_rtt(struct tfrc_rx_hist *h,
diff --git a/net/dccp/ccids/lib/tfrc.c b/net/dccp/ccids/lib/tfrc.c
index d1dfbb8de64c..97ecec0a8e76 100644
--- a/net/dccp/ccids/lib/tfrc.c
+++ b/net/dccp/ccids/lib/tfrc.c
@@ -14,14 +14,6 @@ module_param(tfrc_debug, bool, 0444);
14MODULE_PARM_DESC(tfrc_debug, "Enable debug messages"); 14MODULE_PARM_DESC(tfrc_debug, "Enable debug messages");
15#endif 15#endif
16 16
17extern int tfrc_tx_packet_history_init(void);
18extern void tfrc_tx_packet_history_exit(void);
19extern int tfrc_rx_packet_history_init(void);
20extern void tfrc_rx_packet_history_exit(void);
21
22extern int tfrc_li_init(void);
23extern void tfrc_li_exit(void);
24
25static int __init tfrc_module_init(void) 17static int __init tfrc_module_init(void)
26{ 18{
27 int rc = tfrc_li_init(); 19 int rc = tfrc_li_init();
diff --git a/net/dccp/ccids/lib/tfrc.h b/net/dccp/ccids/lib/tfrc.h
index 1fb1187bbf1c..ed9857527acf 100644
--- a/net/dccp/ccids/lib/tfrc.h
+++ b/net/dccp/ccids/lib/tfrc.h
@@ -15,7 +15,7 @@
15 * (at your option) any later version. 15 * (at your option) any later version.
16 */ 16 */
17#include <linux/types.h> 17#include <linux/types.h>
18#include <asm/div64.h> 18#include <linux/math64.h>
19#include "../../dccp.h" 19#include "../../dccp.h"
20/* internal includes that this module exports: */ 20/* internal includes that this module exports: */
21#include "loss_interval.h" 21#include "loss_interval.h"
@@ -29,21 +29,19 @@ extern int tfrc_debug;
29#endif 29#endif
30 30
31/* integer-arithmetic divisions of type (a * 1000000)/b */ 31/* integer-arithmetic divisions of type (a * 1000000)/b */
32static inline u64 scaled_div(u64 a, u32 b) 32static inline u64 scaled_div(u64 a, u64 b)
33{ 33{
34 BUG_ON(b==0); 34 BUG_ON(b==0);
35 a *= 1000000; 35 return div64_u64(a * 1000000, b);
36 do_div(a, b);
37 return a;
38} 36}
39 37
40static inline u32 scaled_div32(u64 a, u32 b) 38static inline u32 scaled_div32(u64 a, u64 b)
41{ 39{
42 u64 result = scaled_div(a, b); 40 u64 result = scaled_div(a, b);
43 41
44 if (result > UINT_MAX) { 42 if (result > UINT_MAX) {
45 DCCP_CRIT("Overflow: a(%llu)/b(%u) > ~0U", 43 DCCP_CRIT("Overflow: %llu/%llu > UINT_MAX",
46 (unsigned long long)a, b); 44 (unsigned long long)a, (unsigned long long)b);
47 return UINT_MAX; 45 return UINT_MAX;
48 } 46 }
49 return result; 47 return result;
@@ -58,7 +56,14 @@ static inline u32 tfrc_ewma(const u32 avg, const u32 newval, const u8 weight)
58 return avg ? (weight * avg + (10 - weight) * newval) / 10 : newval; 56 return avg ? (weight * avg + (10 - weight) * newval) / 10 : newval;
59} 57}
60 58
61extern u32 tfrc_calc_x(u16 s, u32 R, u32 p); 59extern u32 tfrc_calc_x(u16 s, u32 R, u32 p);
62extern u32 tfrc_calc_x_reverse_lookup(u32 fvalue); 60extern u32 tfrc_calc_x_reverse_lookup(u32 fvalue);
63 61
62extern int tfrc_tx_packet_history_init(void);
63extern void tfrc_tx_packet_history_exit(void);
64extern int tfrc_rx_packet_history_init(void);
65extern void tfrc_rx_packet_history_exit(void);
66
67extern int tfrc_li_init(void);
68extern void tfrc_li_exit(void);
64#endif /* _TFRC_H_ */ 69#endif /* _TFRC_H_ */
diff --git a/net/dccp/ccids/lib/tfrc_equation.c b/net/dccp/ccids/lib/tfrc_equation.c
index e4e64b76c10c..2f20a29cffe4 100644
--- a/net/dccp/ccids/lib/tfrc_equation.c
+++ b/net/dccp/ccids/lib/tfrc_equation.c
@@ -661,7 +661,7 @@ u32 tfrc_calc_x(u16 s, u32 R, u32 p)
661 661
662EXPORT_SYMBOL_GPL(tfrc_calc_x); 662EXPORT_SYMBOL_GPL(tfrc_calc_x);
663 663
664/* 664/**
665 * tfrc_calc_x_reverse_lookup - try to find p given f(p) 665 * tfrc_calc_x_reverse_lookup - try to find p given f(p)
666 * 666 *
667 * @fvalue: function value to match, scaled by 1000000 667 * @fvalue: function value to match, scaled by 1000000
@@ -676,11 +676,11 @@ u32 tfrc_calc_x_reverse_lookup(u32 fvalue)
676 676
677 /* Error cases. */ 677 /* Error cases. */
678 if (fvalue < tfrc_calc_x_lookup[0][1]) { 678 if (fvalue < tfrc_calc_x_lookup[0][1]) {
679 DCCP_WARN("fvalue %d smaller than resolution\n", fvalue); 679 DCCP_WARN("fvalue %u smaller than resolution\n", fvalue);
680 return tfrc_calc_x_lookup[0][1]; 680 return TFRC_SMALLEST_P;
681 } 681 }
682 if (fvalue > tfrc_calc_x_lookup[TFRC_CALC_X_ARRSIZE - 1][0]) { 682 if (fvalue > tfrc_calc_x_lookup[TFRC_CALC_X_ARRSIZE - 1][0]) {
683 DCCP_WARN("fvalue %d exceeds bounds!\n", fvalue); 683 DCCP_WARN("fvalue %u exceeds bounds!\n", fvalue);
684 return 1000000; 684 return 1000000;
685 } 685 }
686 686
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index f44d492d3b74..b4bc6e095a0e 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -153,6 +153,21 @@ static inline u64 max48(const u64 seq1, const u64 seq2)
153 return after48(seq1, seq2) ? seq1 : seq2; 153 return after48(seq1, seq2) ? seq1 : seq2;
154} 154}
155 155
156/**
157 * dccp_loss_free - Evaluates condition for data loss from RFC 4340, 7.7.1
158 * @s1: start sequence number
159 * @s2: end sequence number
160 * @ndp: NDP count on packet with sequence number @s2
161 * Returns true if the sequence range s1...s2 has no data loss.
162 */
163static inline bool dccp_loss_free(const u64 s1, const u64 s2, const u64 ndp)
164{
165 s64 delta = dccp_delta_seqno(s1, s2);
166
167 WARN_ON(delta < 0);
168 return (u64)delta <= ndp + 1;
169}
170
156enum { 171enum {
157 DCCP_MIB_NUM = 0, 172 DCCP_MIB_NUM = 0,
158 DCCP_MIB_ACTIVEOPENS, /* ActiveOpens */ 173 DCCP_MIB_ACTIVEOPENS, /* ActiveOpens */
@@ -211,10 +226,11 @@ static inline void dccp_csum_outgoing(struct sk_buff *skb)
211 226
212extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb); 227extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb);
213 228
214extern int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb); 229extern int dccp_retransmit_skb(struct sock *sk);
215 230
216extern void dccp_send_ack(struct sock *sk); 231extern void dccp_send_ack(struct sock *sk);
217extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk); 232extern void dccp_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
233 struct request_sock *rsk);
218 234
219extern void dccp_send_sync(struct sock *sk, const u64 seq, 235extern void dccp_send_sync(struct sock *sk, const u64 seq,
220 const enum dccp_pkt_type pkt_type); 236 const enum dccp_pkt_type pkt_type);
@@ -262,7 +278,7 @@ extern int dccp_rcv_established(struct sock *sk, struct sk_buff *skb,
262 const struct dccp_hdr *dh, const unsigned len); 278 const struct dccp_hdr *dh, const unsigned len);
263 279
264extern int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized); 280extern int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized);
265extern int dccp_destroy_sock(struct sock *sk); 281extern void dccp_destroy_sock(struct sock *sk);
266 282
267extern void dccp_close(struct sock *sk, long timeout); 283extern void dccp_close(struct sock *sk, long timeout);
268extern struct sk_buff *dccp_make_response(struct sock *sk, 284extern struct sk_buff *dccp_make_response(struct sock *sk,
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 08392ed86c25..803933ab396d 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -411,12 +411,6 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
411 struct dccp_sock *dp = dccp_sk(sk); 411 struct dccp_sock *dp = dccp_sk(sk);
412 long tstamp = dccp_timestamp(); 412 long tstamp = dccp_timestamp();
413 413
414 /* Stop the REQUEST timer */
415 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
416 BUG_TRAP(sk->sk_send_head != NULL);
417 __kfree_skb(sk->sk_send_head);
418 sk->sk_send_head = NULL;
419
420 if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, 414 if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq,
421 dp->dccps_awl, dp->dccps_awh)) { 415 dp->dccps_awl, dp->dccps_awh)) {
422 dccp_pr_debug("invalid ackno: S.AWL=%llu, " 416 dccp_pr_debug("invalid ackno: S.AWL=%llu, "
@@ -441,6 +435,12 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
441 DCCP_ACKVEC_STATE_RECEIVED)) 435 DCCP_ACKVEC_STATE_RECEIVED))
442 goto out_invalid_packet; /* FIXME: change error code */ 436 goto out_invalid_packet; /* FIXME: change error code */
443 437
438 /* Stop the REQUEST timer */
439 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
440 WARN_ON(sk->sk_send_head == NULL);
441 kfree_skb(sk->sk_send_head);
442 sk->sk_send_head = NULL;
443
444 dp->dccps_isr = DCCP_SKB_CB(skb)->dccpd_seq; 444 dp->dccps_isr = DCCP_SKB_CB(skb)->dccpd_seq;
445 dccp_update_gsr(sk, dp->dccps_isr); 445 dccp_update_gsr(sk, dp->dccps_isr);
446 /* 446 /*
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index b348dd70c685..882c5c4de69e 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -196,8 +196,8 @@ static inline void dccp_do_pmtu_discovery(struct sock *sk,
196static void dccp_v4_err(struct sk_buff *skb, u32 info) 196static void dccp_v4_err(struct sk_buff *skb, u32 info)
197{ 197{
198 const struct iphdr *iph = (struct iphdr *)skb->data; 198 const struct iphdr *iph = (struct iphdr *)skb->data;
199 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + 199 const u8 offset = iph->ihl << 2;
200 (iph->ihl << 2)); 200 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
201 struct dccp_sock *dp; 201 struct dccp_sock *dp;
202 struct inet_sock *inet; 202 struct inet_sock *inet;
203 const int type = icmp_hdr(skb)->type; 203 const int type = icmp_hdr(skb)->type;
@@ -205,17 +205,19 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
205 struct sock *sk; 205 struct sock *sk;
206 __u64 seq; 206 __u64 seq;
207 int err; 207 int err;
208 struct net *net = dev_net(skb->dev);
208 209
209 if (skb->len < (iph->ihl << 2) + 8) { 210 if (skb->len < offset + sizeof(*dh) ||
210 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 211 skb->len < offset + __dccp_basic_hdr_len(dh)) {
212 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
211 return; 213 return;
212 } 214 }
213 215
214 sk = inet_lookup(dev_net(skb->dev), &dccp_hashinfo, 216 sk = inet_lookup(net, &dccp_hashinfo,
215 iph->daddr, dh->dccph_dport, 217 iph->daddr, dh->dccph_dport,
216 iph->saddr, dh->dccph_sport, inet_iif(skb)); 218 iph->saddr, dh->dccph_sport, inet_iif(skb));
217 if (sk == NULL) { 219 if (sk == NULL) {
218 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 220 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
219 return; 221 return;
220 } 222 }
221 223
@@ -229,7 +231,7 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
229 * servers this needs to be solved differently. 231 * servers this needs to be solved differently.
230 */ 232 */
231 if (sock_owned_by_user(sk)) 233 if (sock_owned_by_user(sk))
232 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 234 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
233 235
234 if (sk->sk_state == DCCP_CLOSED) 236 if (sk->sk_state == DCCP_CLOSED)
235 goto out; 237 goto out;
@@ -237,8 +239,8 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
237 dp = dccp_sk(sk); 239 dp = dccp_sk(sk);
238 seq = dccp_hdr_seq(dh); 240 seq = dccp_hdr_seq(dh);
239 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 241 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
240 !between48(seq, dp->dccps_swl, dp->dccps_swh)) { 242 !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
241 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 243 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
242 goto out; 244 goto out;
243 } 245 }
244 246
@@ -282,10 +284,10 @@ static void dccp_v4_err(struct sk_buff *skb, u32 info)
282 * ICMPs are not backlogged, hence we cannot get an established 284 * ICMPs are not backlogged, hence we cannot get an established
283 * socket here. 285 * socket here.
284 */ 286 */
285 BUG_TRAP(!req->sk); 287 WARN_ON(req->sk);
286 288
287 if (seq != dccp_rsk(req)->dreq_iss) { 289 if (seq != dccp_rsk(req)->dreq_iss) {
288 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 290 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
289 goto out; 291 goto out;
290 } 292 }
291 /* 293 /*
@@ -408,9 +410,9 @@ struct sock *dccp_v4_request_recv_sock(struct sock *sk, struct sk_buff *skb,
408 return newsk; 410 return newsk;
409 411
410exit_overflow: 412exit_overflow:
411 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 413 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
412exit: 414exit:
413 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 415 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
414 dst_release(dst); 416 dst_release(dst);
415 return NULL; 417 return NULL;
416} 418}
@@ -464,7 +466,7 @@ static struct dst_entry* dccp_v4_route_skb(struct net *net, struct sock *sk,
464 466
465 security_skb_classify_flow(skb, &fl); 467 security_skb_classify_flow(skb, &fl);
466 if (ip_route_output_flow(net, &rt, &fl, sk, 0)) { 468 if (ip_route_output_flow(net, &rt, &fl, sk, 0)) {
467 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 469 IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
468 return NULL; 470 return NULL;
469 } 471 }
470 472
@@ -589,7 +591,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
589 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 591 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
590 goto drop; 592 goto drop;
591 593
592 req = reqsk_alloc(&dccp_request_sock_ops); 594 req = inet_reqsk_alloc(&dccp_request_sock_ops);
593 if (req == NULL) 595 if (req == NULL)
594 goto drop; 596 goto drop;
595 597
@@ -605,7 +607,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
605 ireq = inet_rsk(req); 607 ireq = inet_rsk(req);
606 ireq->loc_addr = ip_hdr(skb)->daddr; 608 ireq->loc_addr = ip_hdr(skb)->daddr;
607 ireq->rmt_addr = ip_hdr(skb)->saddr; 609 ireq->rmt_addr = ip_hdr(skb)->saddr;
608 ireq->opt = NULL;
609 610
610 /* 611 /*
611 * Step 3: Process LISTEN state 612 * Step 3: Process LISTEN state
@@ -739,8 +740,8 @@ int dccp_invalid_packet(struct sk_buff *skb)
739 * If P.type is not Data, Ack, or DataAck and P.X == 0 (the packet 740 * If P.type is not Data, Ack, or DataAck and P.X == 0 (the packet
740 * has short sequence numbers), drop packet and return 741 * has short sequence numbers), drop packet and return
741 */ 742 */
742 if (dh->dccph_type >= DCCP_PKT_DATA && 743 if ((dh->dccph_type < DCCP_PKT_DATA ||
743 dh->dccph_type <= DCCP_PKT_DATAACK && dh->dccph_x == 0) { 744 dh->dccph_type > DCCP_PKT_DATAACK) && dh->dccph_x == 0) {
744 DCCP_WARN("P.type (%s) not Data || [Data]Ack, while P.X == 0\n", 745 DCCP_WARN("P.type (%s) not Data || [Data]Ack, while P.X == 0\n",
745 dccp_packet_name(dh->dccph_type)); 746 dccp_packet_name(dh->dccph_type));
746 return 1; 747 return 1;
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 9b1129bb7ece..5e1ee0da2c40 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -89,12 +89,20 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
89{ 89{
90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data;
91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
92 struct dccp_sock *dp;
92 struct ipv6_pinfo *np; 93 struct ipv6_pinfo *np;
93 struct sock *sk; 94 struct sock *sk;
94 int err; 95 int err;
95 __u64 seq; 96 __u64 seq;
97 struct net *net = dev_net(skb->dev);
96 98
97 sk = inet6_lookup(dev_net(skb->dev), &dccp_hashinfo, 99 if (skb->len < offset + sizeof(*dh) ||
100 skb->len < offset + __dccp_basic_hdr_len(dh)) {
101 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
102 return;
103 }
104
105 sk = inet6_lookup(net, &dccp_hashinfo,
98 &hdr->daddr, dh->dccph_dport, 106 &hdr->daddr, dh->dccph_dport,
99 &hdr->saddr, dh->dccph_sport, inet6_iif(skb)); 107 &hdr->saddr, dh->dccph_sport, inet6_iif(skb));
100 108
@@ -110,11 +118,19 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
110 118
111 bh_lock_sock(sk); 119 bh_lock_sock(sk);
112 if (sock_owned_by_user(sk)) 120 if (sock_owned_by_user(sk))
113 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 121 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
114 122
115 if (sk->sk_state == DCCP_CLOSED) 123 if (sk->sk_state == DCCP_CLOSED)
116 goto out; 124 goto out;
117 125
126 dp = dccp_sk(sk);
127 seq = dccp_hdr_seq(dh);
128 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
129 !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
130 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
131 goto out;
132 }
133
118 np = inet6_sk(sk); 134 np = inet6_sk(sk);
119 135
120 if (type == ICMPV6_PKT_TOOBIG) { 136 if (type == ICMPV6_PKT_TOOBIG) {
@@ -167,7 +183,6 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
167 183
168 icmpv6_err_convert(type, code, &err); 184 icmpv6_err_convert(type, code, &err);
169 185
170 seq = dccp_hdr_seq(dh);
171 /* Might be for an request_sock */ 186 /* Might be for an request_sock */
172 switch (sk->sk_state) { 187 switch (sk->sk_state) {
173 struct request_sock *req, **prev; 188 struct request_sock *req, **prev;
@@ -185,10 +200,10 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
185 * ICMPs are not backlogged, hence we cannot get an established 200 * ICMPs are not backlogged, hence we cannot get an established
186 * socket here. 201 * socket here.
187 */ 202 */
188 BUG_TRAP(req->sk == NULL); 203 WARN_ON(req->sk != NULL);
189 204
190 if (seq != dccp_rsk(req)->dreq_iss) { 205 if (seq != dccp_rsk(req)->dreq_iss) {
191 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 206 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
192 goto out; 207 goto out;
193 } 208 }
194 209
@@ -421,7 +436,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
421 ireq6 = inet6_rsk(req); 436 ireq6 = inet6_rsk(req);
422 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); 437 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
423 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); 438 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
424 ireq6->pktopts = NULL;
425 439
426 if (ipv6_opt_accepted(sk, skb) || 440 if (ipv6_opt_accepted(sk, skb) ||
427 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 441 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
@@ -630,9 +644,9 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
630 return newsk; 644 return newsk;
631 645
632out_overflow: 646out_overflow:
633 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 647 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
634out: 648out:
635 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 649 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
636 if (opt != NULL && opt != np->opt) 650 if (opt != NULL && opt != np->opt)
637 sock_kfree_s(sk, opt, opt->tot_len); 651 sock_kfree_s(sk, opt, opt->tot_len);
638 dst_release(dst); 652 dst_release(dst);
@@ -1092,10 +1106,10 @@ static int dccp_v6_init_sock(struct sock *sk)
1092 return err; 1106 return err;
1093} 1107}
1094 1108
1095static int dccp_v6_destroy_sock(struct sock *sk) 1109static void dccp_v6_destroy_sock(struct sock *sk)
1096{ 1110{
1097 dccp_destroy_sock(sk); 1111 dccp_destroy_sock(sk);
1098 return inet6_destroy_sock(sk); 1112 inet6_destroy_sock(sk);
1099} 1113}
1100 1114
1101static struct timewait_sock_ops dccp6_timewait_sock_ops = { 1115static struct timewait_sock_ops dccp6_timewait_sock_ops = {
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c
index 33ad48321b08..b2804e2d1b8c 100644
--- a/net/dccp/minisocks.c
+++ b/net/dccp/minisocks.c
@@ -165,12 +165,12 @@ out_free:
165 /* See dccp_v4_conn_request */ 165 /* See dccp_v4_conn_request */
166 newdmsk->dccpms_sequence_window = req->rcv_wnd; 166 newdmsk->dccpms_sequence_window = req->rcv_wnd;
167 167
168 newdp->dccps_gar = newdp->dccps_isr = dreq->dreq_isr; 168 newdp->dccps_gar = newdp->dccps_iss = dreq->dreq_iss;
169 dccp_update_gsr(newsk, dreq->dreq_isr);
170
171 newdp->dccps_iss = dreq->dreq_iss;
172 dccp_update_gss(newsk, dreq->dreq_iss); 169 dccp_update_gss(newsk, dreq->dreq_iss);
173 170
171 newdp->dccps_isr = dreq->dreq_isr;
172 dccp_update_gsr(newsk, dreq->dreq_isr);
173
174 /* 174 /*
175 * SWL and AWL are initially adjusted so that they are not less than 175 * SWL and AWL are initially adjusted so that they are not less than
176 * the initial Sequence Numbers received and sent, respectively: 176 * the initial Sequence Numbers received and sent, respectively:
@@ -296,7 +296,8 @@ int dccp_child_process(struct sock *parent, struct sock *child,
296 296
297EXPORT_SYMBOL_GPL(dccp_child_process); 297EXPORT_SYMBOL_GPL(dccp_child_process);
298 298
299void dccp_reqsk_send_ack(struct sk_buff *skb, struct request_sock *rsk) 299void dccp_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
300 struct request_sock *rsk)
300{ 301{
301 DCCP_BUG("DCCP-ACK packets are never sent in LISTEN/RESPOND state"); 302 DCCP_BUG("DCCP-ACK packets are never sent in LISTEN/RESPOND state");
302} 303}
diff --git a/net/dccp/options.c b/net/dccp/options.c
index d2a84a2fecee..dc7c158a2f4b 100644
--- a/net/dccp/options.c
+++ b/net/dccp/options.c
@@ -107,9 +107,11 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
107 * 107 *
108 * CCID-specific options are ignored during connection setup, as 108 * CCID-specific options are ignored during connection setup, as
109 * negotiation may still be in progress (see RFC 4340, 10.3). 109 * negotiation may still be in progress (see RFC 4340, 10.3).
110 * The same applies to Ack Vectors, as these depend on the CCID.
110 * 111 *
111 */ 112 */
112 if (dreq != NULL && opt >= 128) 113 if (dreq != NULL && (opt >= 128 ||
114 opt == DCCPO_ACK_VECTOR_0 || opt == DCCPO_ACK_VECTOR_1))
113 goto ignore_option; 115 goto ignore_option;
114 116
115 switch (opt) { 117 switch (opt) {
@@ -122,12 +124,12 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
122 mandatory = 1; 124 mandatory = 1;
123 break; 125 break;
124 case DCCPO_NDP_COUNT: 126 case DCCPO_NDP_COUNT:
125 if (len > 3) 127 if (len > 6)
126 goto out_invalid_option; 128 goto out_invalid_option;
127 129
128 opt_recv->dccpor_ndp = dccp_decode_value_var(value, len); 130 opt_recv->dccpor_ndp = dccp_decode_value_var(value, len);
129 dccp_pr_debug("%s rx opt: NDP count=%d\n", dccp_role(sk), 131 dccp_pr_debug("%s opt: NDP count=%llu\n", dccp_role(sk),
130 opt_recv->dccpor_ndp); 132 (unsigned long long)opt_recv->dccpor_ndp);
131 break; 133 break;
132 case DCCPO_CHANGE_L: 134 case DCCPO_CHANGE_L:
133 /* fall through */ 135 /* fall through */
@@ -305,9 +307,11 @@ static void dccp_encode_value_var(const u32 value, unsigned char *to,
305 *to++ = (value & 0xFF); 307 *to++ = (value & 0xFF);
306} 308}
307 309
308static inline int dccp_ndp_len(const int ndp) 310static inline u8 dccp_ndp_len(const u64 ndp)
309{ 311{
310 return likely(ndp <= 0xFF) ? 1 : ndp <= 0xFFFF ? 2 : 3; 312 if (likely(ndp <= 0xFF))
313 return 1;
314 return likely(ndp <= USHORT_MAX) ? 2 : (ndp <= UINT_MAX ? 4 : 6);
311} 315}
312 316
313int dccp_insert_option(struct sock *sk, struct sk_buff *skb, 317int dccp_insert_option(struct sock *sk, struct sk_buff *skb,
@@ -334,7 +338,7 @@ EXPORT_SYMBOL_GPL(dccp_insert_option);
334static int dccp_insert_option_ndp(struct sock *sk, struct sk_buff *skb) 338static int dccp_insert_option_ndp(struct sock *sk, struct sk_buff *skb)
335{ 339{
336 struct dccp_sock *dp = dccp_sk(sk); 340 struct dccp_sock *dp = dccp_sk(sk);
337 int ndp = dp->dccps_ndp_count; 341 u64 ndp = dp->dccps_ndp_count;
338 342
339 if (dccp_non_data_packet(skb)) 343 if (dccp_non_data_packet(skb))
340 ++dp->dccps_ndp_count; 344 ++dp->dccps_ndp_count;
diff --git a/net/dccp/output.c b/net/dccp/output.c
index 1f8a9b64c083..d06945c7d3df 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -53,8 +53,11 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
53 dccp_packet_hdr_len(dcb->dccpd_type); 53 dccp_packet_hdr_len(dcb->dccpd_type);
54 int err, set_ack = 1; 54 int err, set_ack = 1;
55 u64 ackno = dp->dccps_gsr; 55 u64 ackno = dp->dccps_gsr;
56 56 /*
57 dccp_inc_seqno(&dp->dccps_gss); 57 * Increment GSS here already in case the option code needs it.
58 * Update GSS for real only if option processing below succeeds.
59 */
60 dcb->dccpd_seq = ADD48(dp->dccps_gss, 1);
58 61
59 switch (dcb->dccpd_type) { 62 switch (dcb->dccpd_type) {
60 case DCCP_PKT_DATA: 63 case DCCP_PKT_DATA:
@@ -66,6 +69,9 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
66 69
67 case DCCP_PKT_REQUEST: 70 case DCCP_PKT_REQUEST:
68 set_ack = 0; 71 set_ack = 0;
72 /* Use ISS on the first (non-retransmitted) Request. */
73 if (icsk->icsk_retransmits == 0)
74 dcb->dccpd_seq = dp->dccps_iss;
69 /* fall through */ 75 /* fall through */
70 76
71 case DCCP_PKT_SYNC: 77 case DCCP_PKT_SYNC:
@@ -84,8 +90,6 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
84 break; 90 break;
85 } 91 }
86 92
87 dcb->dccpd_seq = dp->dccps_gss;
88
89 if (dccp_insert_options(sk, skb)) { 93 if (dccp_insert_options(sk, skb)) {
90 kfree_skb(skb); 94 kfree_skb(skb);
91 return -EPROTO; 95 return -EPROTO;
@@ -103,7 +107,7 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
103 /* XXX For now we're using only 48 bits sequence numbers */ 107 /* XXX For now we're using only 48 bits sequence numbers */
104 dh->dccph_x = 1; 108 dh->dccph_x = 1;
105 109
106 dp->dccps_awh = dp->dccps_gss; 110 dccp_update_gss(sk, dcb->dccpd_seq);
107 dccp_hdr_set_seq(dh, dp->dccps_gss); 111 dccp_hdr_set_seq(dh, dp->dccps_gss);
108 if (set_ack) 112 if (set_ack)
109 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno); 113 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno);
@@ -112,6 +116,11 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
112 case DCCP_PKT_REQUEST: 116 case DCCP_PKT_REQUEST:
113 dccp_hdr_request(skb)->dccph_req_service = 117 dccp_hdr_request(skb)->dccph_req_service =
114 dp->dccps_service; 118 dp->dccps_service;
119 /*
120 * Limit Ack window to ISS <= P.ackno <= GSS, so that
121 * only Responses to Requests we sent are considered.
122 */
123 dp->dccps_awl = dp->dccps_iss;
115 break; 124 break;
116 case DCCP_PKT_RESET: 125 case DCCP_PKT_RESET:
117 dccp_hdr_reset(skb)->dccph_reset_code = 126 dccp_hdr_reset(skb)->dccph_reset_code =
@@ -284,14 +293,26 @@ void dccp_write_xmit(struct sock *sk, int block)
284 } 293 }
285} 294}
286 295
287int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb) 296/**
297 * dccp_retransmit_skb - Retransmit Request, Close, or CloseReq packets
298 * There are only four retransmittable packet types in DCCP:
299 * - Request in client-REQUEST state (sec. 8.1.1),
300 * - CloseReq in server-CLOSEREQ state (sec. 8.3),
301 * - Close in node-CLOSING state (sec. 8.3),
302 * - Acks in client-PARTOPEN state (sec. 8.1.5, handled by dccp_delack_timer()).
303 * This function expects sk->sk_send_head to contain the original skb.
304 */
305int dccp_retransmit_skb(struct sock *sk)
288{ 306{
307 WARN_ON(sk->sk_send_head == NULL);
308
289 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0) 309 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0)
290 return -EHOSTUNREACH; /* Routing failure or similar. */ 310 return -EHOSTUNREACH; /* Routing failure or similar. */
291 311
292 return dccp_transmit_skb(sk, (skb_cloned(skb) ? 312 /* this count is used to distinguish original and retransmitted skb */
293 pskb_copy(skb, GFP_ATOMIC): 313 inet_csk(sk)->icsk_retransmits++;
294 skb_clone(skb, GFP_ATOMIC))); 314
315 return dccp_transmit_skb(sk, skb_clone(sk->sk_send_head, GFP_ATOMIC));
295} 316}
296 317
297struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst, 318struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst,
@@ -437,19 +458,7 @@ static inline void dccp_connect_init(struct sock *sk)
437 458
438 dccp_sync_mss(sk, dst_mtu(dst)); 459 dccp_sync_mss(sk, dst_mtu(dst));
439 460
440 /* 461 /* Initialise GAR as per 8.5; AWL/AWH are set in dccp_transmit_skb() */
441 * SWL and AWL are initially adjusted so that they are not less than
442 * the initial Sequence Numbers received and sent, respectively:
443 * SWL := max(GSR + 1 - floor(W/4), ISR),
444 * AWL := max(GSS - W' + 1, ISS).
445 * These adjustments MUST be applied only at the beginning of the
446 * connection.
447 */
448 dccp_update_gss(sk, dp->dccps_iss);
449 dccp_set_seqno(&dp->dccps_awl, max48(dp->dccps_awl, dp->dccps_iss));
450
451 /* S.GAR - greatest valid acknowledgement number received on a non-Sync;
452 * initialized to S.ISS (sec. 8.5) */
453 dp->dccps_gar = dp->dccps_iss; 462 dp->dccps_gar = dp->dccps_iss;
454 463
455 icsk->icsk_retransmits = 0; 464 icsk->icsk_retransmits = 0;
@@ -508,6 +517,7 @@ void dccp_send_ack(struct sock *sk)
508 517
509EXPORT_SYMBOL_GPL(dccp_send_ack); 518EXPORT_SYMBOL_GPL(dccp_send_ack);
510 519
520#if 0
511/* FIXME: Is this still necessary (11.3) - currently nowhere used by DCCP. */ 521/* FIXME: Is this still necessary (11.3) - currently nowhere used by DCCP. */
512void dccp_send_delayed_ack(struct sock *sk) 522void dccp_send_delayed_ack(struct sock *sk)
513{ 523{
@@ -538,6 +548,7 @@ void dccp_send_delayed_ack(struct sock *sk)
538 icsk->icsk_ack.timeout = timeout; 548 icsk->icsk_ack.timeout = timeout;
539 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout); 549 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
540} 550}
551#endif
541 552
542void dccp_send_sync(struct sock *sk, const u64 ackno, 553void dccp_send_sync(struct sock *sk, const u64 ackno,
543 const enum dccp_pkt_type pkt_type) 554 const enum dccp_pkt_type pkt_type)
diff --git a/net/dccp/probe.c b/net/dccp/probe.c
index 0bcdc9250279..81368a7f5379 100644
--- a/net/dccp/probe.c
+++ b/net/dccp/probe.c
@@ -42,7 +42,7 @@ static int bufsize = 64 * 1024;
42 42
43static const char procname[] = "dccpprobe"; 43static const char procname[] = "dccpprobe";
44 44
45struct { 45static struct {
46 struct kfifo *fifo; 46 struct kfifo *fifo;
47 spinlock_t lock; 47 spinlock_t lock;
48 wait_queue_head_t wait; 48 wait_queue_head_t wait;
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 9dfe2470962c..1ca3b26eed0f 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -237,7 +237,7 @@ int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized)
237 237
238EXPORT_SYMBOL_GPL(dccp_init_sock); 238EXPORT_SYMBOL_GPL(dccp_init_sock);
239 239
240int dccp_destroy_sock(struct sock *sk) 240void dccp_destroy_sock(struct sock *sk)
241{ 241{
242 struct dccp_sock *dp = dccp_sk(sk); 242 struct dccp_sock *dp = dccp_sk(sk);
243 struct dccp_minisock *dmsk = dccp_msk(sk); 243 struct dccp_minisock *dmsk = dccp_msk(sk);
@@ -268,8 +268,6 @@ int dccp_destroy_sock(struct sock *sk)
268 268
269 /* clean up feature negotiation state */ 269 /* clean up feature negotiation state */
270 dccp_feat_clean(dmsk); 270 dccp_feat_clean(dmsk);
271
272 return 0;
273} 271}
274 272
275EXPORT_SYMBOL_GPL(dccp_destroy_sock); 273EXPORT_SYMBOL_GPL(dccp_destroy_sock);
@@ -329,7 +327,7 @@ int dccp_disconnect(struct sock *sk, int flags)
329 inet_csk_delack_init(sk); 327 inet_csk_delack_init(sk);
330 __sk_dst_reset(sk); 328 __sk_dst_reset(sk);
331 329
332 BUG_TRAP(!inet->num || icsk->icsk_bind_hash); 330 WARN_ON(inet->num && !icsk->icsk_bind_hash);
333 331
334 sk->sk_error_report(sk); 332 sk->sk_error_report(sk);
335 return err; 333 return err;
@@ -476,6 +474,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type,
476 474
477 if (copy_from_user(&opt, optval, sizeof(opt))) 475 if (copy_from_user(&opt, optval, sizeof(opt)))
478 return -EFAULT; 476 return -EFAULT;
477 /*
478 * rfc4340: 6.1. Change Options
479 */
480 if (opt.dccpsf_len < 1)
481 return -EINVAL;
479 482
480 val = kmalloc(opt.dccpsf_len, GFP_KERNEL); 483 val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
481 if (!val) 484 if (!val)
@@ -983,7 +986,7 @@ adjudge_to_death:
983 */ 986 */
984 local_bh_disable(); 987 local_bh_disable();
985 bh_lock_sock(sk); 988 bh_lock_sock(sk);
986 BUG_TRAP(!sock_owned_by_user(sk)); 989 WARN_ON(sock_owned_by_user(sk));
987 990
988 /* Have we already been destroyed by a softirq or backlog? */ 991 /* Have we already been destroyed by a softirq or backlog? */
989 if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED) 992 if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED)
diff --git a/net/dccp/timer.c b/net/dccp/timer.c
index 8703a792b560..54b3c7e9e016 100644
--- a/net/dccp/timer.c
+++ b/net/dccp/timer.c
@@ -99,21 +99,11 @@ static void dccp_retransmit_timer(struct sock *sk)
99 } 99 }
100 100
101 /* 101 /*
102 * sk->sk_send_head has to have one skb with
103 * DCCP_SKB_CB(skb)->dccpd_type set to one of the retransmittable DCCP
104 * packet types. The only packets eligible for retransmission are:
105 * -- Requests in client-REQUEST state (sec. 8.1.1)
106 * -- Acks in client-PARTOPEN state (sec. 8.1.5)
107 * -- CloseReq in server-CLOSEREQ state (sec. 8.3)
108 * -- Close in node-CLOSING state (sec. 8.3) */
109 BUG_TRAP(sk->sk_send_head != NULL);
110
111 /*
112 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was 102 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was
113 * sent, no need to retransmit, this sock is dead. 103 * sent, no need to retransmit, this sock is dead.
114 */ 104 */
115 if (dccp_write_timeout(sk)) 105 if (dccp_write_timeout(sk))
116 goto out; 106 return;
117 107
118 /* 108 /*
119 * We want to know the number of packets retransmitted, not the 109 * We want to know the number of packets retransmitted, not the
@@ -122,30 +112,28 @@ static void dccp_retransmit_timer(struct sock *sk)
122 if (icsk->icsk_retransmits == 0) 112 if (icsk->icsk_retransmits == 0)
123 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS); 113 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS);
124 114
125 if (dccp_retransmit_skb(sk, sk->sk_send_head) < 0) { 115 if (dccp_retransmit_skb(sk) != 0) {
126 /* 116 /*
127 * Retransmission failed because of local congestion, 117 * Retransmission failed because of local congestion,
128 * do not backoff. 118 * do not backoff.
129 */ 119 */
130 if (icsk->icsk_retransmits == 0) 120 if (--icsk->icsk_retransmits == 0)
131 icsk->icsk_retransmits = 1; 121 icsk->icsk_retransmits = 1;
132 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 122 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
133 min(icsk->icsk_rto, 123 min(icsk->icsk_rto,
134 TCP_RESOURCE_PROBE_INTERVAL), 124 TCP_RESOURCE_PROBE_INTERVAL),
135 DCCP_RTO_MAX); 125 DCCP_RTO_MAX);
136 goto out; 126 return;
137 } 127 }
138 128
139backoff: 129backoff:
140 icsk->icsk_backoff++; 130 icsk->icsk_backoff++;
141 icsk->icsk_retransmits++;
142 131
143 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX); 132 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX);
144 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto, 133 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto,
145 DCCP_RTO_MAX); 134 DCCP_RTO_MAX);
146 if (icsk->icsk_retransmits > sysctl_dccp_retries1) 135 if (icsk->icsk_retransmits > sysctl_dccp_retries1)
147 __sk_dst_reset(sk); 136 __sk_dst_reset(sk);
148out:;
149} 137}
150 138
151static void dccp_write_timer(unsigned long data) 139static void dccp_write_timer(unsigned long data)
@@ -224,7 +212,7 @@ static void dccp_delack_timer(unsigned long data)
224 if (sock_owned_by_user(sk)) { 212 if (sock_owned_by_user(sk)) {
225 /* Try again later. */ 213 /* Try again later. */
226 icsk->icsk_ack.blocked = 1; 214 icsk->icsk_ack.blocked = 1;
227 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKLOCKED); 215 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOCKED);
228 sk_reset_timer(sk, &icsk->icsk_delack_timer, 216 sk_reset_timer(sk, &icsk->icsk_delack_timer,
229 jiffies + TCP_DELACK_MIN); 217 jiffies + TCP_DELACK_MIN);
230 goto out; 218 goto out;
@@ -254,7 +242,7 @@ static void dccp_delack_timer(unsigned long data)
254 icsk->icsk_ack.ato = TCP_ATO_MIN; 242 icsk->icsk_ack.ato = TCP_ATO_MIN;
255 } 243 }
256 dccp_send_ack(sk); 244 dccp_send_ack(sk);
257 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKS); 245 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKS);
258 } 246 }
259out: 247out:
260 bh_unlock_sock(sk); 248 bh_unlock_sock(sk);
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index fc2efe899e91..3c23ab33dbc0 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -451,7 +451,7 @@ static void dn_destruct(struct sock *sk)
451 451
452static int dn_memory_pressure; 452static int dn_memory_pressure;
453 453
454static void dn_enter_memory_pressure(void) 454static void dn_enter_memory_pressure(struct sock *sk)
455{ 455{
456 if (!dn_memory_pressure) { 456 if (!dn_memory_pressure) {
457 dn_memory_pressure = 1; 457 dn_memory_pressure = 1;
@@ -1719,6 +1719,8 @@ static int dn_recvmsg(struct kiocb *iocb, struct socket *sock,
1719 * See if there is data ready to read, sleep if there isn't 1719 * See if there is data ready to read, sleep if there isn't
1720 */ 1720 */
1721 for(;;) { 1721 for(;;) {
1722 DEFINE_WAIT(wait);
1723
1722 if (sk->sk_err) 1724 if (sk->sk_err)
1723 goto out; 1725 goto out;
1724 1726
@@ -1748,14 +1750,11 @@ static int dn_recvmsg(struct kiocb *iocb, struct socket *sock,
1748 goto out; 1750 goto out;
1749 } 1751 }
1750 1752
1751 set_bit(SOCK_ASYNC_WAITDATA, &sock->flags); 1753 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
1752 SOCK_SLEEP_PRE(sk) 1754 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1753 1755 sk_wait_event(sk, &timeo, dn_data_ready(sk, queue, flags, target));
1754 if (!dn_data_ready(sk, queue, flags, target)) 1756 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1755 schedule(); 1757 finish_wait(sk->sk_sleep, &wait);
1756
1757 SOCK_SLEEP_POST(sk)
1758 clear_bit(SOCK_ASYNC_WAITDATA, &sock->flags);
1759 } 1758 }
1760 1759
1761 for(skb = queue->next; skb != (struct sk_buff *)queue; skb = nskb) { 1760 for(skb = queue->next; skb != (struct sk_buff *)queue; skb = nskb) {
@@ -2002,18 +2001,19 @@ static int dn_sendmsg(struct kiocb *iocb, struct socket *sock,
2002 * size. 2001 * size.
2003 */ 2002 */
2004 if (dn_queue_too_long(scp, queue, flags)) { 2003 if (dn_queue_too_long(scp, queue, flags)) {
2004 DEFINE_WAIT(wait);
2005
2005 if (flags & MSG_DONTWAIT) { 2006 if (flags & MSG_DONTWAIT) {
2006 err = -EWOULDBLOCK; 2007 err = -EWOULDBLOCK;
2007 goto out; 2008 goto out;
2008 } 2009 }
2009 2010
2010 SOCK_SLEEP_PRE(sk) 2011 prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE);
2011 2012 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
2012 if (dn_queue_too_long(scp, queue, flags)) 2013 sk_wait_event(sk, &timeo,
2013 schedule(); 2014 !dn_queue_too_long(scp, queue, flags));
2014 2015 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
2015 SOCK_SLEEP_POST(sk) 2016 finish_wait(sk->sk_sleep, &wait);
2016
2017 continue; 2017 continue;
2018 } 2018 }
2019 2019
@@ -2089,7 +2089,7 @@ static int dn_device_event(struct notifier_block *this, unsigned long event,
2089{ 2089{
2090 struct net_device *dev = (struct net_device *)ptr; 2090 struct net_device *dev = (struct net_device *)ptr;
2091 2091
2092 if (dev_net(dev) != &init_net) 2092 if (!net_eq(dev_net(dev), &init_net))
2093 return NOTIFY_DONE; 2093 return NOTIFY_DONE;
2094 2094
2095 switch(event) { 2095 switch(event) {
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index f50e88bf2661..821bd1cdec04 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -580,7 +580,7 @@ int dn_route_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type
580 struct dn_dev *dn = (struct dn_dev *)dev->dn_ptr; 580 struct dn_dev *dn = (struct dn_dev *)dev->dn_ptr;
581 unsigned char padlen = 0; 581 unsigned char padlen = 0;
582 582
583 if (dev_net(dev) != &init_net) 583 if (!net_eq(dev_net(dev), &init_net))
584 goto dump_it; 584 goto dump_it;
585 585
586 if (dn == NULL) 586 if (dn == NULL)
diff --git a/net/decnet/dn_rules.c b/net/decnet/dn_rules.c
index 5b7539b7fe0c..14fbca55e908 100644
--- a/net/decnet/dn_rules.c
+++ b/net/decnet/dn_rules.c
@@ -229,7 +229,7 @@ static u32 dn_fib_rule_default_pref(struct fib_rules_ops *ops)
229 return 0; 229 return 0;
230} 230}
231 231
232static void dn_fib_rule_flush_cache(void) 232static void dn_fib_rule_flush_cache(struct fib_rules_ops *ops)
233{ 233{
234 dn_rt_cache_flush(-1); 234 dn_rt_cache_flush(-1);
235} 235}
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 7c9bb13b1539..8789d2bb1b06 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -573,9 +573,7 @@ static int econet_release(struct socket *sock)
573 573
574 sk->sk_state_change(sk); /* It is useless. Just for sanity. */ 574 sk->sk_state_change(sk); /* It is useless. Just for sanity. */
575 575
576 sock->sk = NULL; 576 sock_orphan(sk);
577 sk->sk_socket = NULL;
578 sock_set_flag(sk, SOCK_DEAD);
579 577
580 /* Purge queues */ 578 /* Purge queues */
581 579
@@ -1064,7 +1062,7 @@ static int econet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet
1064 struct sock *sk; 1062 struct sock *sk;
1065 struct ec_device *edev = dev->ec_ptr; 1063 struct ec_device *edev = dev->ec_ptr;
1066 1064
1067 if (dev_net(dev) != &init_net) 1065 if (!net_eq(dev_net(dev), &init_net))
1068 goto drop; 1066 goto drop;
1069 1067
1070 if (skb->pkt_type == PACKET_OTHERHOST) 1068 if (skb->pkt_type == PACKET_OTHERHOST)
@@ -1121,7 +1119,7 @@ static int econet_notifier(struct notifier_block *this, unsigned long msg, void
1121 struct net_device *dev = (struct net_device *)data; 1119 struct net_device *dev = (struct net_device *)data;
1122 struct ec_device *edev; 1120 struct ec_device *edev;
1123 1121
1124 if (dev_net(dev) != &init_net) 1122 if (!net_eq(dev_net(dev), &init_net))
1125 return NOTIFY_DONE; 1123 return NOTIFY_DONE;
1126 1124
1127 switch (msg) { 1125 switch (msg) {
diff --git a/net/ieee80211/ieee80211_rx.c b/net/ieee80211/ieee80211_rx.c
index 200ee1e63728..69dbc342a464 100644
--- a/net/ieee80211/ieee80211_rx.c
+++ b/net/ieee80211/ieee80211_rx.c
@@ -391,7 +391,7 @@ int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb,
391 391
392 wstats.updated = 0; 392 wstats.updated = 0;
393 if (rx_stats->mask & IEEE80211_STATMASK_RSSI) { 393 if (rx_stats->mask & IEEE80211_STATMASK_RSSI) {
394 wstats.level = rx_stats->rssi; 394 wstats.level = rx_stats->signal;
395 wstats.updated |= IW_QUAL_LEVEL_UPDATED; 395 wstats.updated |= IW_QUAL_LEVEL_UPDATED;
396 } else 396 } else
397 wstats.updated |= IW_QUAL_LEVEL_INVALID; 397 wstats.updated |= IW_QUAL_LEVEL_INVALID;
diff --git a/net/ieee80211/ieee80211_tx.c b/net/ieee80211/ieee80211_tx.c
index d8b02603cbe5..d996547f7a62 100644
--- a/net/ieee80211/ieee80211_tx.c
+++ b/net/ieee80211/ieee80211_tx.c
@@ -542,90 +542,4 @@ int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
542 return 1; 542 return 1;
543} 543}
544 544
545/* Incoming 802.11 strucure is converted to a TXB
546 * a block of 802.11 fragment packets (stored as skbs) */
547int ieee80211_tx_frame(struct ieee80211_device *ieee,
548 struct ieee80211_hdr *frame, int hdr_len, int total_len,
549 int encrypt_mpdu)
550{
551 struct ieee80211_txb *txb = NULL;
552 unsigned long flags;
553 struct net_device_stats *stats = &ieee->stats;
554 struct sk_buff *skb_frag;
555 int priority = -1;
556 int fraglen = total_len;
557 int headroom = ieee->tx_headroom;
558 struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
559
560 spin_lock_irqsave(&ieee->lock, flags);
561
562 if (encrypt_mpdu && (!ieee->sec.encrypt || !crypt))
563 encrypt_mpdu = 0;
564
565 /* If there is no driver handler to take the TXB, dont' bother
566 * creating it... */
567 if (!ieee->hard_start_xmit) {
568 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
569 goto success;
570 }
571
572 if (unlikely(total_len < 24)) {
573 printk(KERN_WARNING "%s: skb too small (%d).\n",
574 ieee->dev->name, total_len);
575 goto success;
576 }
577
578 if (encrypt_mpdu) {
579 frame->frame_ctl |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
580 fraglen += crypt->ops->extra_mpdu_prefix_len +
581 crypt->ops->extra_mpdu_postfix_len;
582 headroom += crypt->ops->extra_mpdu_prefix_len;
583 }
584
585 /* When we allocate the TXB we allocate enough space for the reserve
586 * and full fragment bytes (bytes_per_frag doesn't include prefix,
587 * postfix, header, FCS, etc.) */
588 txb = ieee80211_alloc_txb(1, fraglen, headroom, GFP_ATOMIC);
589 if (unlikely(!txb)) {
590 printk(KERN_WARNING "%s: Could not allocate TXB\n",
591 ieee->dev->name);
592 goto failed;
593 }
594 txb->encrypted = 0;
595 txb->payload_size = fraglen;
596
597 skb_frag = txb->fragments[0];
598
599 memcpy(skb_put(skb_frag, total_len), frame, total_len);
600
601 if (ieee->config &
602 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
603 skb_put(skb_frag, 4);
604
605 /* To avoid overcomplicating things, we do the corner-case frame
606 * encryption in software. The only real situation where encryption is
607 * needed here is during software-based shared key authentication. */
608 if (encrypt_mpdu)
609 ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
610
611 success:
612 spin_unlock_irqrestore(&ieee->lock, flags);
613
614 if (txb) {
615 if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
616 stats->tx_packets++;
617 stats->tx_bytes += txb->payload_size;
618 return 0;
619 }
620 ieee80211_txb_free(txb);
621 }
622 return 0;
623
624 failed:
625 spin_unlock_irqrestore(&ieee->lock, flags);
626 stats->tx_errors++;
627 return 1;
628}
629
630EXPORT_SYMBOL(ieee80211_tx_frame);
631EXPORT_SYMBOL(ieee80211_txb_free); 545EXPORT_SYMBOL(ieee80211_txb_free);
diff --git a/net/ieee80211/ieee80211_wx.c b/net/ieee80211/ieee80211_wx.c
index 623489afa62c..973832dd7faf 100644
--- a/net/ieee80211/ieee80211_wx.c
+++ b/net/ieee80211/ieee80211_wx.c
@@ -43,8 +43,9 @@ static const char *ieee80211_modes[] = {
43 43
44#define MAX_CUSTOM_LEN 64 44#define MAX_CUSTOM_LEN 64
45static char *ieee80211_translate_scan(struct ieee80211_device *ieee, 45static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
46 char *start, char *stop, 46 char *start, char *stop,
47 struct ieee80211_network *network) 47 struct ieee80211_network *network,
48 struct iw_request_info *info)
48{ 49{
49 char custom[MAX_CUSTOM_LEN]; 50 char custom[MAX_CUSTOM_LEN];
50 char *p; 51 char *p;
@@ -57,7 +58,7 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
57 iwe.cmd = SIOCGIWAP; 58 iwe.cmd = SIOCGIWAP;
58 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 59 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
59 memcpy(iwe.u.ap_addr.sa_data, network->bssid, ETH_ALEN); 60 memcpy(iwe.u.ap_addr.sa_data, network->bssid, ETH_ALEN);
60 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_ADDR_LEN); 61 start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_ADDR_LEN);
61 62
62 /* Remaining entries will be displayed in the order we provide them */ 63 /* Remaining entries will be displayed in the order we provide them */
63 64
@@ -66,17 +67,19 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
66 iwe.u.data.flags = 1; 67 iwe.u.data.flags = 1;
67 if (network->flags & NETWORK_EMPTY_ESSID) { 68 if (network->flags & NETWORK_EMPTY_ESSID) {
68 iwe.u.data.length = sizeof("<hidden>"); 69 iwe.u.data.length = sizeof("<hidden>");
69 start = iwe_stream_add_point(start, stop, &iwe, "<hidden>"); 70 start = iwe_stream_add_point(info, start, stop,
71 &iwe, "<hidden>");
70 } else { 72 } else {
71 iwe.u.data.length = min(network->ssid_len, (u8) 32); 73 iwe.u.data.length = min(network->ssid_len, (u8) 32);
72 start = iwe_stream_add_point(start, stop, &iwe, network->ssid); 74 start = iwe_stream_add_point(info, start, stop,
75 &iwe, network->ssid);
73 } 76 }
74 77
75 /* Add the protocol name */ 78 /* Add the protocol name */
76 iwe.cmd = SIOCGIWNAME; 79 iwe.cmd = SIOCGIWNAME;
77 snprintf(iwe.u.name, IFNAMSIZ, "IEEE 802.11%s", 80 snprintf(iwe.u.name, IFNAMSIZ, "IEEE 802.11%s",
78 ieee80211_modes[network->mode]); 81 ieee80211_modes[network->mode]);
79 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_CHAR_LEN); 82 start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_CHAR_LEN);
80 83
81 /* Add mode */ 84 /* Add mode */
82 iwe.cmd = SIOCGIWMODE; 85 iwe.cmd = SIOCGIWMODE;
@@ -86,7 +89,8 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
86 else 89 else
87 iwe.u.mode = IW_MODE_ADHOC; 90 iwe.u.mode = IW_MODE_ADHOC;
88 91
89 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_UINT_LEN); 92 start = iwe_stream_add_event(info, start, stop,
93 &iwe, IW_EV_UINT_LEN);
90 } 94 }
91 95
92 /* Add channel and frequency */ 96 /* Add channel and frequency */
@@ -95,7 +99,7 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
95 iwe.u.freq.m = ieee80211_channel_to_freq(ieee, network->channel); 99 iwe.u.freq.m = ieee80211_channel_to_freq(ieee, network->channel);
96 iwe.u.freq.e = 6; 100 iwe.u.freq.e = 6;
97 iwe.u.freq.i = 0; 101 iwe.u.freq.i = 0;
98 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_FREQ_LEN); 102 start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_FREQ_LEN);
99 103
100 /* Add encryption capability */ 104 /* Add encryption capability */
101 iwe.cmd = SIOCGIWENCODE; 105 iwe.cmd = SIOCGIWENCODE;
@@ -104,12 +108,13 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
104 else 108 else
105 iwe.u.data.flags = IW_ENCODE_DISABLED; 109 iwe.u.data.flags = IW_ENCODE_DISABLED;
106 iwe.u.data.length = 0; 110 iwe.u.data.length = 0;
107 start = iwe_stream_add_point(start, stop, &iwe, network->ssid); 111 start = iwe_stream_add_point(info, start, stop,
112 &iwe, network->ssid);
108 113
109 /* Add basic and extended rates */ 114 /* Add basic and extended rates */
110 /* Rate : stuffing multiple values in a single event require a bit 115 /* Rate : stuffing multiple values in a single event require a bit
111 * more of magic - Jean II */ 116 * more of magic - Jean II */
112 current_val = start + IW_EV_LCP_LEN; 117 current_val = start + iwe_stream_lcp_len(info);
113 iwe.cmd = SIOCGIWRATE; 118 iwe.cmd = SIOCGIWRATE;
114 /* Those two flags are ignored... */ 119 /* Those two flags are ignored... */
115 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0; 120 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
@@ -124,17 +129,19 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
124 /* Bit rate given in 500 kb/s units (+ 0x80) */ 129 /* Bit rate given in 500 kb/s units (+ 0x80) */
125 iwe.u.bitrate.value = ((rate & 0x7f) * 500000); 130 iwe.u.bitrate.value = ((rate & 0x7f) * 500000);
126 /* Add new value to event */ 131 /* Add new value to event */
127 current_val = iwe_stream_add_value(start, current_val, stop, &iwe, IW_EV_PARAM_LEN); 132 current_val = iwe_stream_add_value(info, start, current_val,
133 stop, &iwe, IW_EV_PARAM_LEN);
128 } 134 }
129 for (; j < network->rates_ex_len; j++) { 135 for (; j < network->rates_ex_len; j++) {
130 rate = network->rates_ex[j] & 0x7F; 136 rate = network->rates_ex[j] & 0x7F;
131 /* Bit rate given in 500 kb/s units (+ 0x80) */ 137 /* Bit rate given in 500 kb/s units (+ 0x80) */
132 iwe.u.bitrate.value = ((rate & 0x7f) * 500000); 138 iwe.u.bitrate.value = ((rate & 0x7f) * 500000);
133 /* Add new value to event */ 139 /* Add new value to event */
134 current_val = iwe_stream_add_value(start, current_val, stop, &iwe, IW_EV_PARAM_LEN); 140 current_val = iwe_stream_add_value(info, start, current_val,
141 stop, &iwe, IW_EV_PARAM_LEN);
135 } 142 }
136 /* Check if we added any rate */ 143 /* Check if we added any rate */
137 if((current_val - start) > IW_EV_LCP_LEN) 144 if ((current_val - start) > iwe_stream_lcp_len(info))
138 start = current_val; 145 start = current_val;
139 146
140 /* Add quality statistics */ 147 /* Add quality statistics */
@@ -181,14 +188,14 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
181 iwe.u.qual.level = network->stats.signal; 188 iwe.u.qual.level = network->stats.signal;
182 } 189 }
183 190
184 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_QUAL_LEN); 191 start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_QUAL_LEN);
185 192
186 iwe.cmd = IWEVCUSTOM; 193 iwe.cmd = IWEVCUSTOM;
187 p = custom; 194 p = custom;
188 195
189 iwe.u.data.length = p - custom; 196 iwe.u.data.length = p - custom;
190 if (iwe.u.data.length) 197 if (iwe.u.data.length)
191 start = iwe_stream_add_point(start, stop, &iwe, custom); 198 start = iwe_stream_add_point(info, start, stop, &iwe, custom);
192 199
193 memset(&iwe, 0, sizeof(iwe)); 200 memset(&iwe, 0, sizeof(iwe));
194 if (network->wpa_ie_len) { 201 if (network->wpa_ie_len) {
@@ -196,7 +203,7 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
196 memcpy(buf, network->wpa_ie, network->wpa_ie_len); 203 memcpy(buf, network->wpa_ie, network->wpa_ie_len);
197 iwe.cmd = IWEVGENIE; 204 iwe.cmd = IWEVGENIE;
198 iwe.u.data.length = network->wpa_ie_len; 205 iwe.u.data.length = network->wpa_ie_len;
199 start = iwe_stream_add_point(start, stop, &iwe, buf); 206 start = iwe_stream_add_point(info, start, stop, &iwe, buf);
200 } 207 }
201 208
202 memset(&iwe, 0, sizeof(iwe)); 209 memset(&iwe, 0, sizeof(iwe));
@@ -205,7 +212,7 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
205 memcpy(buf, network->rsn_ie, network->rsn_ie_len); 212 memcpy(buf, network->rsn_ie, network->rsn_ie_len);
206 iwe.cmd = IWEVGENIE; 213 iwe.cmd = IWEVGENIE;
207 iwe.u.data.length = network->rsn_ie_len; 214 iwe.u.data.length = network->rsn_ie_len;
208 start = iwe_stream_add_point(start, stop, &iwe, buf); 215 start = iwe_stream_add_point(info, start, stop, &iwe, buf);
209 } 216 }
210 217
211 /* Add EXTRA: Age to display seconds since last beacon/probe response 218 /* Add EXTRA: Age to display seconds since last beacon/probe response
@@ -217,7 +224,7 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
217 jiffies_to_msecs(jiffies - network->last_scanned)); 224 jiffies_to_msecs(jiffies - network->last_scanned));
218 iwe.u.data.length = p - custom; 225 iwe.u.data.length = p - custom;
219 if (iwe.u.data.length) 226 if (iwe.u.data.length)
220 start = iwe_stream_add_point(start, stop, &iwe, custom); 227 start = iwe_stream_add_point(info, start, stop, &iwe, custom);
221 228
222 /* Add spectrum management information */ 229 /* Add spectrum management information */
223 iwe.cmd = -1; 230 iwe.cmd = -1;
@@ -238,7 +245,7 @@ static char *ieee80211_translate_scan(struct ieee80211_device *ieee,
238 245
239 if (iwe.cmd == IWEVCUSTOM) { 246 if (iwe.cmd == IWEVCUSTOM) {
240 iwe.u.data.length = p - custom; 247 iwe.u.data.length = p - custom;
241 start = iwe_stream_add_point(start, stop, &iwe, custom); 248 start = iwe_stream_add_point(info, start, stop, &iwe, custom);
242 } 249 }
243 250
244 return start; 251 return start;
@@ -272,7 +279,8 @@ int ieee80211_wx_get_scan(struct ieee80211_device *ieee,
272 279
273 if (ieee->scan_age == 0 || 280 if (ieee->scan_age == 0 ||
274 time_after(network->last_scanned + ieee->scan_age, jiffies)) 281 time_after(network->last_scanned + ieee->scan_age, jiffies))
275 ev = ieee80211_translate_scan(ieee, ev, stop, network); 282 ev = ieee80211_translate_scan(ieee, ev, stop, network,
283 info);
276 else 284 else
277 IEEE80211_DEBUG_SCAN("Not showing network '%s (" 285 IEEE80211_DEBUG_SCAN("Not showing network '%s ("
278 "%s)' due to age (%dms).\n", 286 "%s)' due to age (%dms).\n",
@@ -744,98 +752,9 @@ int ieee80211_wx_get_encodeext(struct ieee80211_device *ieee,
744 return 0; 752 return 0;
745} 753}
746 754
747int ieee80211_wx_set_auth(struct net_device *dev,
748 struct iw_request_info *info,
749 union iwreq_data *wrqu,
750 char *extra)
751{
752 struct ieee80211_device *ieee = netdev_priv(dev);
753 unsigned long flags;
754 int err = 0;
755
756 spin_lock_irqsave(&ieee->lock, flags);
757
758 switch (wrqu->param.flags & IW_AUTH_INDEX) {
759 case IW_AUTH_WPA_VERSION:
760 case IW_AUTH_CIPHER_PAIRWISE:
761 case IW_AUTH_CIPHER_GROUP:
762 case IW_AUTH_KEY_MGMT:
763 /*
764 * Host AP driver does not use these parameters and allows
765 * wpa_supplicant to control them internally.
766 */
767 break;
768 case IW_AUTH_TKIP_COUNTERMEASURES:
769 break; /* FIXME */
770 case IW_AUTH_DROP_UNENCRYPTED:
771 ieee->drop_unencrypted = !!wrqu->param.value;
772 break;
773 case IW_AUTH_80211_AUTH_ALG:
774 break; /* FIXME */
775 case IW_AUTH_WPA_ENABLED:
776 ieee->privacy_invoked = ieee->wpa_enabled = !!wrqu->param.value;
777 break;
778 case IW_AUTH_RX_UNENCRYPTED_EAPOL:
779 ieee->ieee802_1x = !!wrqu->param.value;
780 break;
781 case IW_AUTH_PRIVACY_INVOKED:
782 ieee->privacy_invoked = !!wrqu->param.value;
783 break;
784 default:
785 err = -EOPNOTSUPP;
786 break;
787 }
788 spin_unlock_irqrestore(&ieee->lock, flags);
789 return err;
790}
791
792int ieee80211_wx_get_auth(struct net_device *dev,
793 struct iw_request_info *info,
794 union iwreq_data *wrqu,
795 char *extra)
796{
797 struct ieee80211_device *ieee = netdev_priv(dev);
798 unsigned long flags;
799 int err = 0;
800
801 spin_lock_irqsave(&ieee->lock, flags);
802
803 switch (wrqu->param.flags & IW_AUTH_INDEX) {
804 case IW_AUTH_WPA_VERSION:
805 case IW_AUTH_CIPHER_PAIRWISE:
806 case IW_AUTH_CIPHER_GROUP:
807 case IW_AUTH_KEY_MGMT:
808 case IW_AUTH_TKIP_COUNTERMEASURES: /* FIXME */
809 case IW_AUTH_80211_AUTH_ALG: /* FIXME */
810 /*
811 * Host AP driver does not use these parameters and allows
812 * wpa_supplicant to control them internally.
813 */
814 err = -EOPNOTSUPP;
815 break;
816 case IW_AUTH_DROP_UNENCRYPTED:
817 wrqu->param.value = ieee->drop_unencrypted;
818 break;
819 case IW_AUTH_WPA_ENABLED:
820 wrqu->param.value = ieee->wpa_enabled;
821 break;
822 case IW_AUTH_RX_UNENCRYPTED_EAPOL:
823 wrqu->param.value = ieee->ieee802_1x;
824 break;
825 default:
826 err = -EOPNOTSUPP;
827 break;
828 }
829 spin_unlock_irqrestore(&ieee->lock, flags);
830 return err;
831}
832
833EXPORT_SYMBOL(ieee80211_wx_set_encodeext); 755EXPORT_SYMBOL(ieee80211_wx_set_encodeext);
834EXPORT_SYMBOL(ieee80211_wx_get_encodeext); 756EXPORT_SYMBOL(ieee80211_wx_get_encodeext);
835 757
836EXPORT_SYMBOL(ieee80211_wx_get_scan); 758EXPORT_SYMBOL(ieee80211_wx_get_scan);
837EXPORT_SYMBOL(ieee80211_wx_set_encode); 759EXPORT_SYMBOL(ieee80211_wx_set_encode);
838EXPORT_SYMBOL(ieee80211_wx_get_encode); 760EXPORT_SYMBOL(ieee80211_wx_get_encode);
839
840EXPORT_SYMBOL_GPL(ieee80211_wx_set_auth);
841EXPORT_SYMBOL_GPL(ieee80211_wx_get_auth);
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 4670683b4688..591ea23639ca 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -356,10 +356,8 @@ config INET_ESP
356 356
357config INET_IPCOMP 357config INET_IPCOMP
358 tristate "IP: IPComp transformation" 358 tristate "IP: IPComp transformation"
359 select XFRM
360 select INET_XFRM_TUNNEL 359 select INET_XFRM_TUNNEL
361 select CRYPTO 360 select XFRM_IPCOMP
362 select CRYPTO_DEFLATE
363 ---help--- 361 ---help---
364 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 362 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
365 typically needed for IPsec. 363 typically needed for IPsec.
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 24eca23c2db3..8a3ac1fa71a9 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * PF_INET protocol family socket handler. 6 * PF_INET protocol family socket handler.
7 * 7 *
8 * Version: $Id: af_inet.c,v 1.137 2002/02/01 22:01:03 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Florian La Roche, <flla@stud.uni-sb.de> 10 * Florian La Roche, <flla@stud.uni-sb.de>
@@ -112,12 +110,11 @@
112#include <net/ipip.h> 110#include <net/ipip.h>
113#include <net/inet_common.h> 111#include <net/inet_common.h>
114#include <net/xfrm.h> 112#include <net/xfrm.h>
113#include <net/net_namespace.h>
115#ifdef CONFIG_IP_MROUTE 114#ifdef CONFIG_IP_MROUTE
116#include <linux/mroute.h> 115#include <linux/mroute.h>
117#endif 116#endif
118 117
119DEFINE_SNMP_STAT(struct linux_mib, net_statistics) __read_mostly;
120
121extern void ip_mc_drop_socket(struct sock *sk); 118extern void ip_mc_drop_socket(struct sock *sk);
122 119
123/* The inetsw table contains everything that inet_create needs to 120/* The inetsw table contains everything that inet_create needs to
@@ -151,10 +148,10 @@ void inet_sock_destruct(struct sock *sk)
151 return; 148 return;
152 } 149 }
153 150
154 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 151 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
155 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 152 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
156 BUG_TRAP(!sk->sk_wmem_queued); 153 WARN_ON(sk->sk_wmem_queued);
157 BUG_TRAP(!sk->sk_forward_alloc); 154 WARN_ON(sk->sk_forward_alloc);
158 155
159 kfree(inet->opt); 156 kfree(inet->opt);
160 dst_release(sk->sk_dst_cache); 157 dst_release(sk->sk_dst_cache);
@@ -267,7 +264,6 @@ static inline int inet_netns_ok(struct net *net, int protocol)
267static int inet_create(struct net *net, struct socket *sock, int protocol) 264static int inet_create(struct net *net, struct socket *sock, int protocol)
268{ 265{
269 struct sock *sk; 266 struct sock *sk;
270 struct list_head *p;
271 struct inet_protosw *answer; 267 struct inet_protosw *answer;
272 struct inet_sock *inet; 268 struct inet_sock *inet;
273 struct proto *answer_prot; 269 struct proto *answer_prot;
@@ -284,13 +280,12 @@ static int inet_create(struct net *net, struct socket *sock, int protocol)
284 sock->state = SS_UNCONNECTED; 280 sock->state = SS_UNCONNECTED;
285 281
286 /* Look for the requested type/protocol pair. */ 282 /* Look for the requested type/protocol pair. */
287 answer = NULL;
288lookup_protocol: 283lookup_protocol:
289 err = -ESOCKTNOSUPPORT; 284 err = -ESOCKTNOSUPPORT;
290 rcu_read_lock(); 285 rcu_read_lock();
291 list_for_each_rcu(p, &inetsw[sock->type]) { 286 list_for_each_entry_rcu(answer, &inetsw[sock->type], list) {
292 answer = list_entry(p, struct inet_protosw, list);
293 287
288 err = 0;
294 /* Check the non-wild match. */ 289 /* Check the non-wild match. */
295 if (protocol == answer->protocol) { 290 if (protocol == answer->protocol) {
296 if (protocol != IPPROTO_IP) 291 if (protocol != IPPROTO_IP)
@@ -305,10 +300,9 @@ lookup_protocol:
305 break; 300 break;
306 } 301 }
307 err = -EPROTONOSUPPORT; 302 err = -EPROTONOSUPPORT;
308 answer = NULL;
309 } 303 }
310 304
311 if (unlikely(answer == NULL)) { 305 if (unlikely(err)) {
312 if (try_loading_module < 2) { 306 if (try_loading_module < 2) {
313 rcu_read_unlock(); 307 rcu_read_unlock();
314 /* 308 /*
@@ -344,7 +338,7 @@ lookup_protocol:
344 answer_flags = answer->flags; 338 answer_flags = answer->flags;
345 rcu_read_unlock(); 339 rcu_read_unlock();
346 340
347 BUG_TRAP(answer_prot->slab != NULL); 341 WARN_ON(answer_prot->slab == NULL);
348 342
349 err = -ENOBUFS; 343 err = -ENOBUFS;
350 sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot); 344 sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot);
@@ -664,8 +658,8 @@ int inet_accept(struct socket *sock, struct socket *newsock, int flags)
664 658
665 lock_sock(sk2); 659 lock_sock(sk2);
666 660
667 BUG_TRAP((1 << sk2->sk_state) & 661 WARN_ON(!((1 << sk2->sk_state) &
668 (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_CLOSE)); 662 (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_CLOSE)));
669 663
670 sock_graft(sk2, newsock); 664 sock_graft(sk2, newsock);
671 665
@@ -1341,50 +1335,70 @@ static struct net_protocol icmp_protocol = {
1341 .netns_ok = 1, 1335 .netns_ok = 1,
1342}; 1336};
1343 1337
1344static int __init init_ipv4_mibs(void) 1338static __net_init int ipv4_mib_init_net(struct net *net)
1345{ 1339{
1346 if (snmp_mib_init((void **)net_statistics, 1340 if (snmp_mib_init((void **)net->mib.tcp_statistics,
1347 sizeof(struct linux_mib)) < 0)
1348 goto err_net_mib;
1349 if (snmp_mib_init((void **)ip_statistics,
1350 sizeof(struct ipstats_mib)) < 0)
1351 goto err_ip_mib;
1352 if (snmp_mib_init((void **)icmp_statistics,
1353 sizeof(struct icmp_mib)) < 0)
1354 goto err_icmp_mib;
1355 if (snmp_mib_init((void **)icmpmsg_statistics,
1356 sizeof(struct icmpmsg_mib)) < 0)
1357 goto err_icmpmsg_mib;
1358 if (snmp_mib_init((void **)tcp_statistics,
1359 sizeof(struct tcp_mib)) < 0) 1341 sizeof(struct tcp_mib)) < 0)
1360 goto err_tcp_mib; 1342 goto err_tcp_mib;
1361 if (snmp_mib_init((void **)udp_statistics, 1343 if (snmp_mib_init((void **)net->mib.ip_statistics,
1344 sizeof(struct ipstats_mib)) < 0)
1345 goto err_ip_mib;
1346 if (snmp_mib_init((void **)net->mib.net_statistics,
1347 sizeof(struct linux_mib)) < 0)
1348 goto err_net_mib;
1349 if (snmp_mib_init((void **)net->mib.udp_statistics,
1362 sizeof(struct udp_mib)) < 0) 1350 sizeof(struct udp_mib)) < 0)
1363 goto err_udp_mib; 1351 goto err_udp_mib;
1364 if (snmp_mib_init((void **)udplite_statistics, 1352 if (snmp_mib_init((void **)net->mib.udplite_statistics,
1365 sizeof(struct udp_mib)) < 0) 1353 sizeof(struct udp_mib)) < 0)
1366 goto err_udplite_mib; 1354 goto err_udplite_mib;
1355 if (snmp_mib_init((void **)net->mib.icmp_statistics,
1356 sizeof(struct icmp_mib)) < 0)
1357 goto err_icmp_mib;
1358 if (snmp_mib_init((void **)net->mib.icmpmsg_statistics,
1359 sizeof(struct icmpmsg_mib)) < 0)
1360 goto err_icmpmsg_mib;
1367 1361
1368 tcp_mib_init(); 1362 tcp_mib_init(net);
1369
1370 return 0; 1363 return 0;
1371 1364
1372err_udplite_mib:
1373 snmp_mib_free((void **)udp_statistics);
1374err_udp_mib:
1375 snmp_mib_free((void **)tcp_statistics);
1376err_tcp_mib:
1377 snmp_mib_free((void **)icmpmsg_statistics);
1378err_icmpmsg_mib: 1365err_icmpmsg_mib:
1379 snmp_mib_free((void **)icmp_statistics); 1366 snmp_mib_free((void **)net->mib.icmp_statistics);
1380err_icmp_mib: 1367err_icmp_mib:
1381 snmp_mib_free((void **)ip_statistics); 1368 snmp_mib_free((void **)net->mib.udplite_statistics);
1382err_ip_mib: 1369err_udplite_mib:
1383 snmp_mib_free((void **)net_statistics); 1370 snmp_mib_free((void **)net->mib.udp_statistics);
1371err_udp_mib:
1372 snmp_mib_free((void **)net->mib.net_statistics);
1384err_net_mib: 1373err_net_mib:
1374 snmp_mib_free((void **)net->mib.ip_statistics);
1375err_ip_mib:
1376 snmp_mib_free((void **)net->mib.tcp_statistics);
1377err_tcp_mib:
1385 return -ENOMEM; 1378 return -ENOMEM;
1386} 1379}
1387 1380
1381static __net_exit void ipv4_mib_exit_net(struct net *net)
1382{
1383 snmp_mib_free((void **)net->mib.icmpmsg_statistics);
1384 snmp_mib_free((void **)net->mib.icmp_statistics);
1385 snmp_mib_free((void **)net->mib.udplite_statistics);
1386 snmp_mib_free((void **)net->mib.udp_statistics);
1387 snmp_mib_free((void **)net->mib.net_statistics);
1388 snmp_mib_free((void **)net->mib.ip_statistics);
1389 snmp_mib_free((void **)net->mib.tcp_statistics);
1390}
1391
1392static __net_initdata struct pernet_operations ipv4_mib_ops = {
1393 .init = ipv4_mib_init_net,
1394 .exit = ipv4_mib_exit_net,
1395};
1396
1397static int __init init_ipv4_mibs(void)
1398{
1399 return register_pernet_subsys(&ipv4_mib_ops);
1400}
1401
1388static int ipv4_proc_init(void); 1402static int ipv4_proc_init(void);
1389 1403
1390/* 1404/*
@@ -1425,6 +1439,10 @@ static int __init inet_init(void)
1425 1439
1426 (void)sock_register(&inet_family_ops); 1440 (void)sock_register(&inet_family_ops);
1427 1441
1442#ifdef CONFIG_SYSCTL
1443 ip_static_sysctl_init();
1444#endif
1445
1428 /* 1446 /*
1429 * Add all the base protocols. 1447 * Add all the base protocols.
1430 */ 1448 */
@@ -1481,14 +1499,15 @@ static int __init inet_init(void)
1481 * Initialise the multicast router 1499 * Initialise the multicast router
1482 */ 1500 */
1483#if defined(CONFIG_IP_MROUTE) 1501#if defined(CONFIG_IP_MROUTE)
1484 ip_mr_init(); 1502 if (ip_mr_init())
1503 printk(KERN_CRIT "inet_init: Cannot init ipv4 mroute\n");
1485#endif 1504#endif
1486 /* 1505 /*
1487 * Initialise per-cpu ipv4 mibs 1506 * Initialise per-cpu ipv4 mibs
1488 */ 1507 */
1489 1508
1490 if (init_ipv4_mibs()) 1509 if (init_ipv4_mibs())
1491 printk(KERN_CRIT "inet_init: Cannot init ipv4 mibs\n"); ; 1510 printk(KERN_CRIT "inet_init: Cannot init ipv4 mibs\n");
1492 1511
1493 ipv4_proc_init(); 1512 ipv4_proc_init();
1494 1513
@@ -1560,5 +1579,4 @@ EXPORT_SYMBOL(inet_sock_destruct);
1560EXPORT_SYMBOL(inet_stream_connect); 1579EXPORT_SYMBOL(inet_stream_connect);
1561EXPORT_SYMBOL(inet_stream_ops); 1580EXPORT_SYMBOL(inet_stream_ops);
1562EXPORT_SYMBOL(inet_unregister_protosw); 1581EXPORT_SYMBOL(inet_unregister_protosw);
1563EXPORT_SYMBOL(net_statistics);
1564EXPORT_SYMBOL(sysctl_ip_nonlocal_bind); 1582EXPORT_SYMBOL(sysctl_ip_nonlocal_bind);
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 9b539fa9fe18..b043eda60b04 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1,7 +1,5 @@
1/* linux/net/ipv4/arp.c 1/* linux/net/ipv4/arp.c
2 * 2 *
3 * Version: $Id: arp.c,v 1.99 2001/08/30 22:55:42 davem Exp $
4 *
5 * Copyright (C) 1994 by Florian La Roche 3 * Copyright (C) 1994 by Florian La Roche
6 * 4 *
7 * This module implements the Address Resolution Protocol ARP (RFC 826), 5 * This module implements the Address Resolution Protocol ARP (RFC 826),
@@ -423,11 +421,12 @@ static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev)
423 struct rtable *rt; 421 struct rtable *rt;
424 int flag = 0; 422 int flag = 0;
425 /*unsigned long now; */ 423 /*unsigned long now; */
424 struct net *net = dev_net(dev);
426 425
427 if (ip_route_output_key(dev_net(dev), &rt, &fl) < 0) 426 if (ip_route_output_key(net, &rt, &fl) < 0)
428 return 1; 427 return 1;
429 if (rt->u.dst.dev != dev) { 428 if (rt->u.dst.dev != dev) {
430 NET_INC_STATS_BH(LINUX_MIB_ARPFILTER); 429 NET_INC_STATS_BH(net, LINUX_MIB_ARPFILTER);
431 flag = 1; 430 flag = 1;
432 } 431 }
433 ip_rt_put(rt); 432 ip_rt_put(rt);
@@ -1199,7 +1198,7 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
1199 switch (event) { 1198 switch (event) {
1200 case NETDEV_CHANGEADDR: 1199 case NETDEV_CHANGEADDR:
1201 neigh_changeaddr(&arp_tbl, dev); 1200 neigh_changeaddr(&arp_tbl, dev);
1202 rt_cache_flush(0); 1201 rt_cache_flush(dev_net(dev), 0);
1203 break; 1202 break;
1204 default: 1203 default:
1205 break; 1204 break;
diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
index 0c0c73f368ce..5e6c5a0f3fde 100644
--- a/net/ipv4/datagram.c
+++ b/net/ipv4/datagram.c
@@ -52,7 +52,7 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
52 inet->sport, usin->sin_port, sk, 1); 52 inet->sport, usin->sin_port, sk, 1);
53 if (err) { 53 if (err) {
54 if (err == -ENETUNREACH) 54 if (err == -ENETUNREACH)
55 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 55 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
56 return err; 56 return err;
57 } 57 }
58 58
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 6848e4760f34..b12dae2b0b2d 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * NET3 IP device support routines. 2 * NET3 IP device support routines.
3 * 3 *
4 * Version: $Id: devinet.c,v 1.44 2001/10/31 21:55:54 davem Exp $
5 *
6 * This program is free software; you can redistribute it and/or 4 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License 5 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 6 * as published by the Free Software Foundation; either version
@@ -90,7 +88,6 @@ static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
90 [IFA_LOCAL] = { .type = NLA_U32 }, 88 [IFA_LOCAL] = { .type = NLA_U32 },
91 [IFA_ADDRESS] = { .type = NLA_U32 }, 89 [IFA_ADDRESS] = { .type = NLA_U32 },
92 [IFA_BROADCAST] = { .type = NLA_U32 }, 90 [IFA_BROADCAST] = { .type = NLA_U32 },
93 [IFA_ANYCAST] = { .type = NLA_U32 },
94 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 91 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
95}; 92};
96 93
@@ -141,8 +138,8 @@ void in_dev_finish_destroy(struct in_device *idev)
141{ 138{
142 struct net_device *dev = idev->dev; 139 struct net_device *dev = idev->dev;
143 140
144 BUG_TRAP(!idev->ifa_list); 141 WARN_ON(idev->ifa_list);
145 BUG_TRAP(!idev->mc_list); 142 WARN_ON(idev->mc_list);
146#ifdef NET_REFCNT_DEBUG 143#ifdef NET_REFCNT_DEBUG
147 printk(KERN_DEBUG "in_dev_finish_destroy: %p=%s\n", 144 printk(KERN_DEBUG "in_dev_finish_destroy: %p=%s\n",
148 idev, dev ? dev->name : "NIL"); 145 idev, dev ? dev->name : "NIL");
@@ -171,6 +168,8 @@ static struct in_device *inetdev_init(struct net_device *dev)
171 in_dev->dev = dev; 168 in_dev->dev = dev;
172 if ((in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl)) == NULL) 169 if ((in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl)) == NULL)
173 goto out_kfree; 170 goto out_kfree;
171 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
172 dev_disable_lro(dev);
174 /* Reference in_dev->dev */ 173 /* Reference in_dev->dev */
175 dev_hold(dev); 174 dev_hold(dev);
176 /* Account for reference dev->ip_ptr (below) */ 175 /* Account for reference dev->ip_ptr (below) */
@@ -400,7 +399,7 @@ static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
400 } 399 }
401 ipv4_devconf_setall(in_dev); 400 ipv4_devconf_setall(in_dev);
402 if (ifa->ifa_dev != in_dev) { 401 if (ifa->ifa_dev != in_dev) {
403 BUG_TRAP(!ifa->ifa_dev); 402 WARN_ON(ifa->ifa_dev);
404 in_dev_hold(in_dev); 403 in_dev_hold(in_dev);
405 ifa->ifa_dev = in_dev; 404 ifa->ifa_dev = in_dev;
406 } 405 }
@@ -536,9 +535,6 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh)
536 if (tb[IFA_BROADCAST]) 535 if (tb[IFA_BROADCAST])
537 ifa->ifa_broadcast = nla_get_be32(tb[IFA_BROADCAST]); 536 ifa->ifa_broadcast = nla_get_be32(tb[IFA_BROADCAST]);
538 537
539 if (tb[IFA_ANYCAST])
540 ifa->ifa_anycast = nla_get_be32(tb[IFA_ANYCAST]);
541
542 if (tb[IFA_LABEL]) 538 if (tb[IFA_LABEL])
543 nla_strlcpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 539 nla_strlcpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
544 else 540 else
@@ -745,7 +741,6 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
745 break; 741 break;
746 inet_del_ifa(in_dev, ifap, 0); 742 inet_del_ifa(in_dev, ifap, 0);
747 ifa->ifa_broadcast = 0; 743 ifa->ifa_broadcast = 0;
748 ifa->ifa_anycast = 0;
749 ifa->ifa_scope = 0; 744 ifa->ifa_scope = 0;
750 } 745 }
751 746
@@ -1018,7 +1013,7 @@ static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1018 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1013 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1019 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1014 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1020 if (named++ == 0) 1015 if (named++ == 0)
1021 continue; 1016 goto skip;
1022 dot = strchr(old, ':'); 1017 dot = strchr(old, ':');
1023 if (dot == NULL) { 1018 if (dot == NULL) {
1024 sprintf(old, ":%d", named); 1019 sprintf(old, ":%d", named);
@@ -1029,9 +1024,16 @@ static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1029 } else { 1024 } else {
1030 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1025 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1031 } 1026 }
1027skip:
1028 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1032 } 1029 }
1033} 1030}
1034 1031
1032static inline bool inetdev_valid_mtu(unsigned mtu)
1033{
1034 return mtu >= 68;
1035}
1036
1035/* Called only under RTNL semaphore */ 1037/* Called only under RTNL semaphore */
1036 1038
1037static int inetdev_event(struct notifier_block *this, unsigned long event, 1039static int inetdev_event(struct notifier_block *this, unsigned long event,
@@ -1051,6 +1053,10 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1051 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1053 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1052 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1054 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1053 } 1055 }
1056 } else if (event == NETDEV_CHANGEMTU) {
1057 /* Re-enabling IP */
1058 if (inetdev_valid_mtu(dev->mtu))
1059 in_dev = inetdev_init(dev);
1054 } 1060 }
1055 goto out; 1061 goto out;
1056 } 1062 }
@@ -1061,7 +1067,7 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1061 dev->ip_ptr = NULL; 1067 dev->ip_ptr = NULL;
1062 break; 1068 break;
1063 case NETDEV_UP: 1069 case NETDEV_UP:
1064 if (dev->mtu < 68) 1070 if (!inetdev_valid_mtu(dev->mtu))
1065 break; 1071 break;
1066 if (dev->flags & IFF_LOOPBACK) { 1072 if (dev->flags & IFF_LOOPBACK) {
1067 struct in_ifaddr *ifa; 1073 struct in_ifaddr *ifa;
@@ -1083,9 +1089,9 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1083 ip_mc_down(in_dev); 1089 ip_mc_down(in_dev);
1084 break; 1090 break;
1085 case NETDEV_CHANGEMTU: 1091 case NETDEV_CHANGEMTU:
1086 if (dev->mtu >= 68) 1092 if (inetdev_valid_mtu(dev->mtu))
1087 break; 1093 break;
1088 /* MTU falled under 68, disable IP */ 1094 /* disable IP when MTU is not enough */
1089 case NETDEV_UNREGISTER: 1095 case NETDEV_UNREGISTER:
1090 inetdev_destroy(in_dev); 1096 inetdev_destroy(in_dev);
1091 break; 1097 break;
@@ -1113,7 +1119,6 @@ static inline size_t inet_nlmsg_size(void)
1113 + nla_total_size(4) /* IFA_ADDRESS */ 1119 + nla_total_size(4) /* IFA_ADDRESS */
1114 + nla_total_size(4) /* IFA_LOCAL */ 1120 + nla_total_size(4) /* IFA_LOCAL */
1115 + nla_total_size(4) /* IFA_BROADCAST */ 1121 + nla_total_size(4) /* IFA_BROADCAST */
1116 + nla_total_size(4) /* IFA_ANYCAST */
1117 + nla_total_size(IFNAMSIZ); /* IFA_LABEL */ 1122 + nla_total_size(IFNAMSIZ); /* IFA_LABEL */
1118} 1123}
1119 1124
@@ -1143,9 +1148,6 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
1143 if (ifa->ifa_broadcast) 1148 if (ifa->ifa_broadcast)
1144 NLA_PUT_BE32(skb, IFA_BROADCAST, ifa->ifa_broadcast); 1149 NLA_PUT_BE32(skb, IFA_BROADCAST, ifa->ifa_broadcast);
1145 1150
1146 if (ifa->ifa_anycast)
1147 NLA_PUT_BE32(skb, IFA_ANYCAST, ifa->ifa_anycast);
1148
1149 if (ifa->ifa_label[0]) 1151 if (ifa->ifa_label[0])
1150 NLA_PUT_STRING(skb, IFA_LABEL, ifa->ifa_label); 1152 NLA_PUT_STRING(skb, IFA_LABEL, ifa->ifa_label);
1151 1153
@@ -1250,6 +1252,8 @@ static void inet_forward_change(struct net *net)
1250 read_lock(&dev_base_lock); 1252 read_lock(&dev_base_lock);
1251 for_each_netdev(net, dev) { 1253 for_each_netdev(net, dev) {
1252 struct in_device *in_dev; 1254 struct in_device *in_dev;
1255 if (on)
1256 dev_disable_lro(dev);
1253 rcu_read_lock(); 1257 rcu_read_lock();
1254 in_dev = __in_dev_get_rcu(dev); 1258 in_dev = __in_dev_get_rcu(dev);
1255 if (in_dev) 1259 if (in_dev)
@@ -1257,8 +1261,6 @@ static void inet_forward_change(struct net *net)
1257 rcu_read_unlock(); 1261 rcu_read_unlock();
1258 } 1262 }
1259 read_unlock(&dev_base_lock); 1263 read_unlock(&dev_base_lock);
1260
1261 rt_cache_flush(0);
1262} 1264}
1263 1265
1264static int devinet_conf_proc(ctl_table *ctl, int write, 1266static int devinet_conf_proc(ctl_table *ctl, int write,
@@ -1344,10 +1346,19 @@ static int devinet_sysctl_forward(ctl_table *ctl, int write,
1344 if (write && *valp != val) { 1346 if (write && *valp != val) {
1345 struct net *net = ctl->extra2; 1347 struct net *net = ctl->extra2;
1346 1348
1347 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) 1349 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
1348 inet_forward_change(net); 1350 rtnl_lock();
1349 else if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) 1351 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
1350 rt_cache_flush(0); 1352 inet_forward_change(net);
1353 } else if (*valp) {
1354 struct ipv4_devconf *cnf = ctl->extra1;
1355 struct in_device *idev =
1356 container_of(cnf, struct in_device, cnf);
1357 dev_disable_lro(idev->dev);
1358 }
1359 rtnl_unlock();
1360 rt_cache_flush(net, 0);
1361 }
1351 } 1362 }
1352 1363
1353 return ret; 1364 return ret;
@@ -1360,9 +1371,10 @@ int ipv4_doint_and_flush(ctl_table *ctl, int write,
1360 int *valp = ctl->data; 1371 int *valp = ctl->data;
1361 int val = *valp; 1372 int val = *valp;
1362 int ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1373 int ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1374 struct net *net = ctl->extra2;
1363 1375
1364 if (write && *valp != val) 1376 if (write && *valp != val)
1365 rt_cache_flush(0); 1377 rt_cache_flush(net, 0);
1366 1378
1367 return ret; 1379 return ret;
1368} 1380}
@@ -1373,9 +1385,10 @@ int ipv4_doint_and_flush_strategy(ctl_table *table, int __user *name, int nlen,
1373{ 1385{
1374 int ret = devinet_conf_sysctl(table, name, nlen, oldval, oldlenp, 1386 int ret = devinet_conf_sysctl(table, name, nlen, oldval, oldlenp,
1375 newval, newlen); 1387 newval, newlen);
1388 struct net *net = table->extra2;
1376 1389
1377 if (ret == 1) 1390 if (ret == 1)
1378 rt_cache_flush(0); 1391 rt_cache_flush(net, 0);
1379 1392
1380 return ret; 1393 return ret;
1381} 1394}
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 4e73e5708e70..21515d4c49eb 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -575,7 +575,7 @@ static int esp_init_state(struct xfrm_state *x)
575 crypto_aead_ivsize(aead); 575 crypto_aead_ivsize(aead);
576 if (x->props.mode == XFRM_MODE_TUNNEL) 576 if (x->props.mode == XFRM_MODE_TUNNEL)
577 x->props.header_len += sizeof(struct iphdr); 577 x->props.header_len += sizeof(struct iphdr);
578 else if (x->props.mode == XFRM_MODE_BEET) 578 else if (x->props.mode == XFRM_MODE_BEET && x->sel.family != AF_INET6)
579 x->props.header_len += IPV4_BEET_PHMAXLEN; 579 x->props.header_len += IPV4_BEET_PHMAXLEN;
580 if (x->encap) { 580 if (x->encap) {
581 struct xfrm_encap_tmpl *encap = x->encap; 581 struct xfrm_encap_tmpl *encap = x->encap;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 0f1557a4ac7a..65c1503f8cc8 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * IPv4 Forwarding Information Base: FIB frontend. 6 * IPv4 Forwarding Information Base: FIB frontend.
7 * 7 *
8 * Version: $Id: fib_frontend.c,v 1.26 2001/10/31 21:55:54 davem Exp $
9 *
10 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 8 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
@@ -146,7 +144,7 @@ static void fib_flush(struct net *net)
146 } 144 }
147 145
148 if (flushed) 146 if (flushed)
149 rt_cache_flush(-1); 147 rt_cache_flush(net, -1);
150} 148}
151 149
152/* 150/*
@@ -506,7 +504,6 @@ const struct nla_policy rtm_ipv4_policy[RTA_MAX+1] = {
506 [RTA_PREFSRC] = { .type = NLA_U32 }, 504 [RTA_PREFSRC] = { .type = NLA_U32 },
507 [RTA_METRICS] = { .type = NLA_NESTED }, 505 [RTA_METRICS] = { .type = NLA_NESTED },
508 [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) }, 506 [RTA_MULTIPATH] = { .len = sizeof(struct rtnexthop) },
509 [RTA_PROTOINFO] = { .type = NLA_U32 },
510 [RTA_FLOW] = { .type = NLA_U32 }, 507 [RTA_FLOW] = { .type = NLA_U32 },
511}; 508};
512 509
@@ -900,21 +897,22 @@ static void fib_disable_ip(struct net_device *dev, int force)
900{ 897{
901 if (fib_sync_down_dev(dev, force)) 898 if (fib_sync_down_dev(dev, force))
902 fib_flush(dev_net(dev)); 899 fib_flush(dev_net(dev));
903 rt_cache_flush(0); 900 rt_cache_flush(dev_net(dev), 0);
904 arp_ifdown(dev); 901 arp_ifdown(dev);
905} 902}
906 903
907static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, void *ptr) 904static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, void *ptr)
908{ 905{
909 struct in_ifaddr *ifa = (struct in_ifaddr*)ptr; 906 struct in_ifaddr *ifa = (struct in_ifaddr*)ptr;
907 struct net_device *dev = ifa->ifa_dev->dev;
910 908
911 switch (event) { 909 switch (event) {
912 case NETDEV_UP: 910 case NETDEV_UP:
913 fib_add_ifaddr(ifa); 911 fib_add_ifaddr(ifa);
914#ifdef CONFIG_IP_ROUTE_MULTIPATH 912#ifdef CONFIG_IP_ROUTE_MULTIPATH
915 fib_sync_up(ifa->ifa_dev->dev); 913 fib_sync_up(dev);
916#endif 914#endif
917 rt_cache_flush(-1); 915 rt_cache_flush(dev_net(dev), -1);
918 break; 916 break;
919 case NETDEV_DOWN: 917 case NETDEV_DOWN:
920 fib_del_ifaddr(ifa); 918 fib_del_ifaddr(ifa);
@@ -922,9 +920,9 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
922 /* Last address was deleted from this interface. 920 /* Last address was deleted from this interface.
923 Disable IP. 921 Disable IP.
924 */ 922 */
925 fib_disable_ip(ifa->ifa_dev->dev, 1); 923 fib_disable_ip(dev, 1);
926 } else { 924 } else {
927 rt_cache_flush(-1); 925 rt_cache_flush(dev_net(dev), -1);
928 } 926 }
929 break; 927 break;
930 } 928 }
@@ -952,14 +950,14 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
952#ifdef CONFIG_IP_ROUTE_MULTIPATH 950#ifdef CONFIG_IP_ROUTE_MULTIPATH
953 fib_sync_up(dev); 951 fib_sync_up(dev);
954#endif 952#endif
955 rt_cache_flush(-1); 953 rt_cache_flush(dev_net(dev), -1);
956 break; 954 break;
957 case NETDEV_DOWN: 955 case NETDEV_DOWN:
958 fib_disable_ip(dev, 0); 956 fib_disable_ip(dev, 0);
959 break; 957 break;
960 case NETDEV_CHANGEMTU: 958 case NETDEV_CHANGEMTU:
961 case NETDEV_CHANGE: 959 case NETDEV_CHANGE:
962 rt_cache_flush(0); 960 rt_cache_flush(dev_net(dev), 0);
963 break; 961 break;
964 } 962 }
965 return NOTIFY_DONE; 963 return NOTIFY_DONE;
diff --git a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
index 2e2fc3376ac9..c8cac6c7f881 100644
--- a/net/ipv4/fib_hash.c
+++ b/net/ipv4/fib_hash.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * IPv4 FIB: lookup engine and maintenance routines. 6 * IPv4 FIB: lookup engine and maintenance routines.
7 * 7 *
8 * Version: $Id: fib_hash.c,v 1.13 2001/10/31 21:55:54 davem Exp $
9 *
10 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 8 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
@@ -474,7 +472,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
474 472
475 fib_release_info(fi_drop); 473 fib_release_info(fi_drop);
476 if (state & FA_S_ACCESSED) 474 if (state & FA_S_ACCESSED)
477 rt_cache_flush(-1); 475 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1);
478 rtmsg_fib(RTM_NEWROUTE, key, fa, cfg->fc_dst_len, tb->tb_id, 476 rtmsg_fib(RTM_NEWROUTE, key, fa, cfg->fc_dst_len, tb->tb_id,
479 &cfg->fc_nlinfo, NLM_F_REPLACE); 477 &cfg->fc_nlinfo, NLM_F_REPLACE);
480 return 0; 478 return 0;
@@ -534,7 +532,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
534 532
535 if (new_f) 533 if (new_f)
536 fz->fz_nent++; 534 fz->fz_nent++;
537 rt_cache_flush(-1); 535 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1);
538 536
539 rtmsg_fib(RTM_NEWROUTE, key, new_fa, cfg->fc_dst_len, tb->tb_id, 537 rtmsg_fib(RTM_NEWROUTE, key, new_fa, cfg->fc_dst_len, tb->tb_id,
540 &cfg->fc_nlinfo, 0); 538 &cfg->fc_nlinfo, 0);
@@ -616,7 +614,7 @@ static int fn_hash_delete(struct fib_table *tb, struct fib_config *cfg)
616 write_unlock_bh(&fib_hash_lock); 614 write_unlock_bh(&fib_hash_lock);
617 615
618 if (fa->fa_state & FA_S_ACCESSED) 616 if (fa->fa_state & FA_S_ACCESSED)
619 rt_cache_flush(-1); 617 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1);
620 fn_free_alias(fa, f); 618 fn_free_alias(fa, f);
621 if (kill_fn) { 619 if (kill_fn) {
622 fn_free_node(f); 620 fn_free_node(f);
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 1fb56876be54..6080d7120821 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -258,9 +258,9 @@ static size_t fib4_rule_nlmsg_payload(struct fib_rule *rule)
258 + nla_total_size(4); /* flow */ 258 + nla_total_size(4); /* flow */
259} 259}
260 260
261static void fib4_rule_flush_cache(void) 261static void fib4_rule_flush_cache(struct fib_rules_ops *ops)
262{ 262{
263 rt_cache_flush(-1); 263 rt_cache_flush(ops->fro_net, -1);
264} 264}
265 265
266static struct fib_rules_ops fib4_rules_ops_template = { 266static struct fib_rules_ops fib4_rules_ops_template = {
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 3b83c34019fc..ded2ae34eab1 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * IPv4 Forwarding Information Base: semantics. 6 * IPv4 Forwarding Information Base: semantics.
7 * 7 *
8 * Version: $Id: fib_semantics.c,v 1.19 2002/01/12 07:54:56 davem Exp $
9 *
10 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 8 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
@@ -960,7 +958,10 @@ int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
960 rtm->rtm_dst_len = dst_len; 958 rtm->rtm_dst_len = dst_len;
961 rtm->rtm_src_len = 0; 959 rtm->rtm_src_len = 0;
962 rtm->rtm_tos = tos; 960 rtm->rtm_tos = tos;
963 rtm->rtm_table = tb_id; 961 if (tb_id < 256)
962 rtm->rtm_table = tb_id;
963 else
964 rtm->rtm_table = RT_TABLE_COMPAT;
964 NLA_PUT_U32(skb, RTA_TABLE, tb_id); 965 NLA_PUT_U32(skb, RTA_TABLE, tb_id);
965 rtm->rtm_type = type; 966 rtm->rtm_type = type;
966 rtm->rtm_flags = fi->fib_flags; 967 rtm->rtm_flags = fi->fib_flags;
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 4b02d14e7ab9..5cb72786a8af 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -22,8 +22,6 @@
22 * IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson 22 * IP-address lookup using LC-tries. Stefan Nilsson and Gunnar Karlsson
23 * IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999 23 * IEEE Journal on Selected Areas in Communications, 17(6):1083-1092, June 1999
24 * 24 *
25 * Version: $Id: fib_trie.c,v 1.3 2005/06/08 14:20:01 robert Exp $
26 *
27 * 25 *
28 * Code from fib_hash has been reused which includes the following header: 26 * Code from fib_hash has been reused which includes the following header:
29 * 27 *
@@ -1273,7 +1271,7 @@ static int fn_trie_insert(struct fib_table *tb, struct fib_config *cfg)
1273 1271
1274 fib_release_info(fi_drop); 1272 fib_release_info(fi_drop);
1275 if (state & FA_S_ACCESSED) 1273 if (state & FA_S_ACCESSED)
1276 rt_cache_flush(-1); 1274 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1);
1277 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, 1275 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen,
1278 tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE); 1276 tb->tb_id, &cfg->fc_nlinfo, NLM_F_REPLACE);
1279 1277
@@ -1318,7 +1316,7 @@ static int fn_trie_insert(struct fib_table *tb, struct fib_config *cfg)
1318 list_add_tail_rcu(&new_fa->fa_list, 1316 list_add_tail_rcu(&new_fa->fa_list,
1319 (fa ? &fa->fa_list : fa_head)); 1317 (fa ? &fa->fa_list : fa_head));
1320 1318
1321 rt_cache_flush(-1); 1319 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1);
1322 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id, 1320 rtmsg_fib(RTM_NEWROUTE, htonl(key), new_fa, plen, tb->tb_id,
1323 &cfg->fc_nlinfo, 0); 1321 &cfg->fc_nlinfo, 0);
1324succeeded: 1322succeeded:
@@ -1359,17 +1357,17 @@ static int check_leaf(struct trie *t, struct leaf *l,
1359 t->stats.semantic_match_miss++; 1357 t->stats.semantic_match_miss++;
1360#endif 1358#endif
1361 if (err <= 0) 1359 if (err <= 0)
1362 return plen; 1360 return err;
1363 } 1361 }
1364 1362
1365 return -1; 1363 return 1;
1366} 1364}
1367 1365
1368static int fn_trie_lookup(struct fib_table *tb, const struct flowi *flp, 1366static int fn_trie_lookup(struct fib_table *tb, const struct flowi *flp,
1369 struct fib_result *res) 1367 struct fib_result *res)
1370{ 1368{
1371 struct trie *t = (struct trie *) tb->tb_data; 1369 struct trie *t = (struct trie *) tb->tb_data;
1372 int plen, ret = 0; 1370 int ret;
1373 struct node *n; 1371 struct node *n;
1374 struct tnode *pn; 1372 struct tnode *pn;
1375 int pos, bits; 1373 int pos, bits;
@@ -1393,10 +1391,7 @@ static int fn_trie_lookup(struct fib_table *tb, const struct flowi *flp,
1393 1391
1394 /* Just a leaf? */ 1392 /* Just a leaf? */
1395 if (IS_LEAF(n)) { 1393 if (IS_LEAF(n)) {
1396 plen = check_leaf(t, (struct leaf *)n, key, flp, res); 1394 ret = check_leaf(t, (struct leaf *)n, key, flp, res);
1397 if (plen < 0)
1398 goto failed;
1399 ret = 0;
1400 goto found; 1395 goto found;
1401 } 1396 }
1402 1397
@@ -1421,11 +1416,9 @@ static int fn_trie_lookup(struct fib_table *tb, const struct flowi *flp,
1421 } 1416 }
1422 1417
1423 if (IS_LEAF(n)) { 1418 if (IS_LEAF(n)) {
1424 plen = check_leaf(t, (struct leaf *)n, key, flp, res); 1419 ret = check_leaf(t, (struct leaf *)n, key, flp, res);
1425 if (plen < 0) 1420 if (ret > 0)
1426 goto backtrace; 1421 goto backtrace;
1427
1428 ret = 0;
1429 goto found; 1422 goto found;
1430 } 1423 }
1431 1424
@@ -1666,7 +1659,7 @@ static int fn_trie_delete(struct fib_table *tb, struct fib_config *cfg)
1666 trie_leaf_remove(t, l); 1659 trie_leaf_remove(t, l);
1667 1660
1668 if (fa->fa_state & FA_S_ACCESSED) 1661 if (fa->fa_state & FA_S_ACCESSED)
1669 rt_cache_flush(-1); 1662 rt_cache_flush(cfg->fc_nlinfo.nl_net, -1);
1670 1663
1671 fib_release_info(fa->fa_info); 1664 fib_release_info(fa->fa_info);
1672 alias_free_mem_rcu(fa); 1665 alias_free_mem_rcu(fa);
@@ -2258,25 +2251,7 @@ static int fib_triestat_seq_show(struct seq_file *seq, void *v)
2258 2251
2259static int fib_triestat_seq_open(struct inode *inode, struct file *file) 2252static int fib_triestat_seq_open(struct inode *inode, struct file *file)
2260{ 2253{
2261 int err; 2254 return single_open_net(inode, file, fib_triestat_seq_show);
2262 struct net *net;
2263
2264 net = get_proc_net(inode);
2265 if (net == NULL)
2266 return -ENXIO;
2267 err = single_open(file, fib_triestat_seq_show, net);
2268 if (err < 0) {
2269 put_net(net);
2270 return err;
2271 }
2272 return 0;
2273}
2274
2275static int fib_triestat_seq_release(struct inode *ino, struct file *f)
2276{
2277 struct seq_file *seq = f->private_data;
2278 put_net(seq->private);
2279 return single_release(ino, f);
2280} 2255}
2281 2256
2282static const struct file_operations fib_triestat_fops = { 2257static const struct file_operations fib_triestat_fops = {
@@ -2284,7 +2259,7 @@ static const struct file_operations fib_triestat_fops = {
2284 .open = fib_triestat_seq_open, 2259 .open = fib_triestat_seq_open,
2285 .read = seq_read, 2260 .read = seq_read,
2286 .llseek = seq_lseek, 2261 .llseek = seq_lseek,
2287 .release = fib_triestat_seq_release, 2262 .release = single_release_net,
2288}; 2263};
2289 2264
2290static struct node *fib_trie_get_idx(struct seq_file *seq, loff_t pos) 2265static struct node *fib_trie_get_idx(struct seq_file *seq, loff_t pos)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 87397351ddac..55c355e63234 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -3,8 +3,6 @@
3 * 3 *
4 * Alan Cox, <alan@redhat.com> 4 * Alan Cox, <alan@redhat.com>
5 * 5 *
6 * Version: $Id: icmp.c,v 1.85 2002/02/01 22:01:03 davem Exp $
7 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License 7 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 8 * as published by the Free Software Foundation; either version
@@ -113,12 +111,6 @@ struct icmp_bxm {
113 unsigned char optbuf[40]; 111 unsigned char optbuf[40];
114}; 112};
115 113
116/*
117 * Statistics
118 */
119DEFINE_SNMP_STAT(struct icmp_mib, icmp_statistics) __read_mostly;
120DEFINE_SNMP_STAT(struct icmpmsg_mib, icmpmsg_statistics) __read_mostly;
121
122/* An array of errno for error messages from dest unreach. */ 114/* An array of errno for error messages from dest unreach. */
123/* RFC 1122: 3.2.2.1 States that NET_UNREACH, HOST_UNREACH and SR_FAILED MUST be considered 'transient errs'. */ 115/* RFC 1122: 3.2.2.1 States that NET_UNREACH, HOST_UNREACH and SR_FAILED MUST be considered 'transient errs'. */
124 116
@@ -212,18 +204,22 @@ static struct sock *icmp_sk(struct net *net)
212 return net->ipv4.icmp_sk[smp_processor_id()]; 204 return net->ipv4.icmp_sk[smp_processor_id()];
213} 205}
214 206
215static inline int icmp_xmit_lock(struct sock *sk) 207static inline struct sock *icmp_xmit_lock(struct net *net)
216{ 208{
209 struct sock *sk;
210
217 local_bh_disable(); 211 local_bh_disable();
218 212
213 sk = icmp_sk(net);
214
219 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 215 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
220 /* This can happen if the output path signals a 216 /* This can happen if the output path signals a
221 * dst_link_failure() for an outgoing ICMP packet. 217 * dst_link_failure() for an outgoing ICMP packet.
222 */ 218 */
223 local_bh_enable(); 219 local_bh_enable();
224 return 1; 220 return NULL;
225 } 221 }
226 return 0; 222 return sk;
227} 223}
228 224
229static inline void icmp_xmit_unlock(struct sock *sk) 225static inline void icmp_xmit_unlock(struct sock *sk)
@@ -298,10 +294,10 @@ out:
298/* 294/*
299 * Maintain the counters used in the SNMP statistics for outgoing ICMP 295 * Maintain the counters used in the SNMP statistics for outgoing ICMP
300 */ 296 */
301void icmp_out_count(unsigned char type) 297void icmp_out_count(struct net *net, unsigned char type)
302{ 298{
303 ICMPMSGOUT_INC_STATS(type); 299 ICMPMSGOUT_INC_STATS(net, type);
304 ICMP_INC_STATS(ICMP_MIB_OUTMSGS); 300 ICMP_INC_STATS(net, ICMP_MIB_OUTMSGS);
305} 301}
306 302
307/* 303/*
@@ -362,15 +358,17 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
362 struct ipcm_cookie ipc; 358 struct ipcm_cookie ipc;
363 struct rtable *rt = skb->rtable; 359 struct rtable *rt = skb->rtable;
364 struct net *net = dev_net(rt->u.dst.dev); 360 struct net *net = dev_net(rt->u.dst.dev);
365 struct sock *sk = icmp_sk(net); 361 struct sock *sk;
366 struct inet_sock *inet = inet_sk(sk); 362 struct inet_sock *inet;
367 __be32 daddr; 363 __be32 daddr;
368 364
369 if (ip_options_echo(&icmp_param->replyopts, skb)) 365 if (ip_options_echo(&icmp_param->replyopts, skb))
370 return; 366 return;
371 367
372 if (icmp_xmit_lock(sk)) 368 sk = icmp_xmit_lock(net);
369 if (sk == NULL)
373 return; 370 return;
371 inet = inet_sk(sk);
374 372
375 icmp_param->data.icmph.checksum = 0; 373 icmp_param->data.icmph.checksum = 0;
376 374
@@ -427,7 +425,6 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
427 if (!rt) 425 if (!rt)
428 goto out; 426 goto out;
429 net = dev_net(rt->u.dst.dev); 427 net = dev_net(rt->u.dst.dev);
430 sk = icmp_sk(net);
431 428
432 /* 429 /*
433 * Find the original header. It is expected to be valid, of course. 430 * Find the original header. It is expected to be valid, of course.
@@ -491,7 +488,8 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
491 } 488 }
492 } 489 }
493 490
494 if (icmp_xmit_lock(sk)) 491 sk = icmp_xmit_lock(net);
492 if (sk == NULL)
495 return; 493 return;
496 494
497 /* 495 /*
@@ -765,7 +763,7 @@ static void icmp_unreach(struct sk_buff *skb)
765out: 763out:
766 return; 764 return;
767out_err: 765out_err:
768 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 766 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
769 goto out; 767 goto out;
770} 768}
771 769
@@ -805,7 +803,7 @@ static void icmp_redirect(struct sk_buff *skb)
805out: 803out:
806 return; 804 return;
807out_err: 805out_err:
808 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 806 ICMP_INC_STATS_BH(dev_net(skb->dev), ICMP_MIB_INERRORS);
809 goto out; 807 goto out;
810} 808}
811 809
@@ -876,7 +874,7 @@ static void icmp_timestamp(struct sk_buff *skb)
876out: 874out:
877 return; 875 return;
878out_err: 876out_err:
879 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 877 ICMP_INC_STATS_BH(dev_net(skb->dst->dev), ICMP_MIB_INERRORS);
880 goto out; 878 goto out;
881} 879}
882 880
@@ -975,6 +973,7 @@ int icmp_rcv(struct sk_buff *skb)
975{ 973{
976 struct icmphdr *icmph; 974 struct icmphdr *icmph;
977 struct rtable *rt = skb->rtable; 975 struct rtable *rt = skb->rtable;
976 struct net *net = dev_net(rt->u.dst.dev);
978 977
979 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { 978 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
980 int nh; 979 int nh;
@@ -995,7 +994,7 @@ int icmp_rcv(struct sk_buff *skb)
995 skb_set_network_header(skb, nh); 994 skb_set_network_header(skb, nh);
996 } 995 }
997 996
998 ICMP_INC_STATS_BH(ICMP_MIB_INMSGS); 997 ICMP_INC_STATS_BH(net, ICMP_MIB_INMSGS);
999 998
1000 switch (skb->ip_summed) { 999 switch (skb->ip_summed) {
1001 case CHECKSUM_COMPLETE: 1000 case CHECKSUM_COMPLETE:
@@ -1013,7 +1012,7 @@ int icmp_rcv(struct sk_buff *skb)
1013 1012
1014 icmph = icmp_hdr(skb); 1013 icmph = icmp_hdr(skb);
1015 1014
1016 ICMPMSGIN_INC_STATS_BH(icmph->type); 1015 ICMPMSGIN_INC_STATS_BH(net, icmph->type);
1017 /* 1016 /*
1018 * 18 is the highest 'known' ICMP type. Anything else is a mystery 1017 * 18 is the highest 'known' ICMP type. Anything else is a mystery
1019 * 1018 *
@@ -1029,9 +1028,6 @@ int icmp_rcv(struct sk_buff *skb)
1029 */ 1028 */
1030 1029
1031 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { 1030 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1032 struct net *net;
1033
1034 net = dev_net(rt->u.dst.dev);
1035 /* 1031 /*
1036 * RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be 1032 * RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be
1037 * silently ignored (we let user decide with a sysctl). 1033 * silently ignored (we let user decide with a sysctl).
@@ -1057,7 +1053,7 @@ drop:
1057 kfree_skb(skb); 1053 kfree_skb(skb);
1058 return 0; 1054 return 0;
1059error: 1055error:
1060 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 1056 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
1061 goto drop; 1057 goto drop;
1062} 1058}
1063 1059
@@ -1217,5 +1213,4 @@ int __init icmp_init(void)
1217 1213
1218EXPORT_SYMBOL(icmp_err_convert); 1214EXPORT_SYMBOL(icmp_err_convert);
1219EXPORT_SYMBOL(icmp_send); 1215EXPORT_SYMBOL(icmp_send);
1220EXPORT_SYMBOL(icmp_statistics);
1221EXPORT_SYMBOL(xrlim_allow); 1216EXPORT_SYMBOL(xrlim_allow);
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 2769dc4a4c84..f70fac612596 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -8,8 +8,6 @@
8 * the older version didn't come out right using gcc 2.5.8, the newer one 8 * the older version didn't come out right using gcc 2.5.8, the newer one
9 * seems to fall out with gcc 2.6.2. 9 * seems to fall out with gcc 2.6.2.
10 * 10 *
11 * Version: $Id: igmp.c,v 1.47 2002/02/01 22:01:03 davem Exp $
12 *
13 * Authors: 11 * Authors:
14 * Alan Cox <Alan.Cox@linux.org> 12 * Alan Cox <Alan.Cox@linux.org>
15 * 13 *
@@ -291,6 +289,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
291 struct rtable *rt; 289 struct rtable *rt;
292 struct iphdr *pip; 290 struct iphdr *pip;
293 struct igmpv3_report *pig; 291 struct igmpv3_report *pig;
292 struct net *net = dev_net(dev);
294 293
295 skb = alloc_skb(size + LL_ALLOCATED_SPACE(dev), GFP_ATOMIC); 294 skb = alloc_skb(size + LL_ALLOCATED_SPACE(dev), GFP_ATOMIC);
296 if (skb == NULL) 295 if (skb == NULL)
@@ -301,7 +300,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
301 .nl_u = { .ip4_u = { 300 .nl_u = { .ip4_u = {
302 .daddr = IGMPV3_ALL_MCR } }, 301 .daddr = IGMPV3_ALL_MCR } },
303 .proto = IPPROTO_IGMP }; 302 .proto = IPPROTO_IGMP };
304 if (ip_route_output_key(&init_net, &rt, &fl)) { 303 if (ip_route_output_key(net, &rt, &fl)) {
305 kfree_skb(skb); 304 kfree_skb(skb);
306 return NULL; 305 return NULL;
307 } 306 }
@@ -631,6 +630,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
631 struct igmphdr *ih; 630 struct igmphdr *ih;
632 struct rtable *rt; 631 struct rtable *rt;
633 struct net_device *dev = in_dev->dev; 632 struct net_device *dev = in_dev->dev;
633 struct net *net = dev_net(dev);
634 __be32 group = pmc ? pmc->multiaddr : 0; 634 __be32 group = pmc ? pmc->multiaddr : 0;
635 __be32 dst; 635 __be32 dst;
636 636
@@ -645,7 +645,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
645 struct flowi fl = { .oif = dev->ifindex, 645 struct flowi fl = { .oif = dev->ifindex,
646 .nl_u = { .ip4_u = { .daddr = dst } }, 646 .nl_u = { .ip4_u = { .daddr = dst } },
647 .proto = IPPROTO_IGMP }; 647 .proto = IPPROTO_IGMP };
648 if (ip_route_output_key(&init_net, &rt, &fl)) 648 if (ip_route_output_key(net, &rt, &fl))
649 return -1; 649 return -1;
650 } 650 }
651 if (rt->rt_src == 0) { 651 if (rt->rt_src == 0) {
@@ -1198,9 +1198,6 @@ void ip_mc_inc_group(struct in_device *in_dev, __be32 addr)
1198 1198
1199 ASSERT_RTNL(); 1199 ASSERT_RTNL();
1200 1200
1201 if (dev_net(in_dev->dev) != &init_net)
1202 return;
1203
1204 for (im=in_dev->mc_list; im; im=im->next) { 1201 for (im=in_dev->mc_list; im; im=im->next) {
1205 if (im->multiaddr == addr) { 1202 if (im->multiaddr == addr) {
1206 im->users++; 1203 im->users++;
@@ -1280,9 +1277,6 @@ void ip_mc_dec_group(struct in_device *in_dev, __be32 addr)
1280 1277
1281 ASSERT_RTNL(); 1278 ASSERT_RTNL();
1282 1279
1283 if (dev_net(in_dev->dev) != &init_net)
1284 return;
1285
1286 for (ip=&in_dev->mc_list; (i=*ip)!=NULL; ip=&i->next) { 1280 for (ip=&in_dev->mc_list; (i=*ip)!=NULL; ip=&i->next) {
1287 if (i->multiaddr==addr) { 1281 if (i->multiaddr==addr) {
1288 if (--i->users == 0) { 1282 if (--i->users == 0) {
@@ -1310,9 +1304,6 @@ void ip_mc_down(struct in_device *in_dev)
1310 1304
1311 ASSERT_RTNL(); 1305 ASSERT_RTNL();
1312 1306
1313 if (dev_net(in_dev->dev) != &init_net)
1314 return;
1315
1316 for (i=in_dev->mc_list; i; i=i->next) 1307 for (i=in_dev->mc_list; i; i=i->next)
1317 igmp_group_dropped(i); 1308 igmp_group_dropped(i);
1318 1309
@@ -1333,9 +1324,6 @@ void ip_mc_init_dev(struct in_device *in_dev)
1333{ 1324{
1334 ASSERT_RTNL(); 1325 ASSERT_RTNL();
1335 1326
1336 if (dev_net(in_dev->dev) != &init_net)
1337 return;
1338
1339 in_dev->mc_tomb = NULL; 1327 in_dev->mc_tomb = NULL;
1340#ifdef CONFIG_IP_MULTICAST 1328#ifdef CONFIG_IP_MULTICAST
1341 in_dev->mr_gq_running = 0; 1329 in_dev->mr_gq_running = 0;
@@ -1359,9 +1347,6 @@ void ip_mc_up(struct in_device *in_dev)
1359 1347
1360 ASSERT_RTNL(); 1348 ASSERT_RTNL();
1361 1349
1362 if (dev_net(in_dev->dev) != &init_net)
1363 return;
1364
1365 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1350 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS);
1366 1351
1367 for (i=in_dev->mc_list; i; i=i->next) 1352 for (i=in_dev->mc_list; i; i=i->next)
@@ -1378,9 +1363,6 @@ void ip_mc_destroy_dev(struct in_device *in_dev)
1378 1363
1379 ASSERT_RTNL(); 1364 ASSERT_RTNL();
1380 1365
1381 if (dev_net(in_dev->dev) != &init_net)
1382 return;
1383
1384 /* Deactivate timers */ 1366 /* Deactivate timers */
1385 ip_mc_down(in_dev); 1367 ip_mc_down(in_dev);
1386 1368
@@ -1397,7 +1379,7 @@ void ip_mc_destroy_dev(struct in_device *in_dev)
1397 write_unlock_bh(&in_dev->mc_list_lock); 1379 write_unlock_bh(&in_dev->mc_list_lock);
1398} 1380}
1399 1381
1400static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr) 1382static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr)
1401{ 1383{
1402 struct flowi fl = { .nl_u = { .ip4_u = 1384 struct flowi fl = { .nl_u = { .ip4_u =
1403 { .daddr = imr->imr_multiaddr.s_addr } } }; 1385 { .daddr = imr->imr_multiaddr.s_addr } } };
@@ -1406,19 +1388,19 @@ static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr)
1406 struct in_device *idev = NULL; 1388 struct in_device *idev = NULL;
1407 1389
1408 if (imr->imr_ifindex) { 1390 if (imr->imr_ifindex) {
1409 idev = inetdev_by_index(&init_net, imr->imr_ifindex); 1391 idev = inetdev_by_index(net, imr->imr_ifindex);
1410 if (idev) 1392 if (idev)
1411 __in_dev_put(idev); 1393 __in_dev_put(idev);
1412 return idev; 1394 return idev;
1413 } 1395 }
1414 if (imr->imr_address.s_addr) { 1396 if (imr->imr_address.s_addr) {
1415 dev = ip_dev_find(&init_net, imr->imr_address.s_addr); 1397 dev = ip_dev_find(net, imr->imr_address.s_addr);
1416 if (!dev) 1398 if (!dev)
1417 return NULL; 1399 return NULL;
1418 dev_put(dev); 1400 dev_put(dev);
1419 } 1401 }
1420 1402
1421 if (!dev && !ip_route_output_key(&init_net, &rt, &fl)) { 1403 if (!dev && !ip_route_output_key(net, &rt, &fl)) {
1422 dev = rt->u.dst.dev; 1404 dev = rt->u.dst.dev;
1423 ip_rt_put(rt); 1405 ip_rt_put(rt);
1424 } 1406 }
@@ -1756,18 +1738,16 @@ int ip_mc_join_group(struct sock *sk , struct ip_mreqn *imr)
1756 struct ip_mc_socklist *iml=NULL, *i; 1738 struct ip_mc_socklist *iml=NULL, *i;
1757 struct in_device *in_dev; 1739 struct in_device *in_dev;
1758 struct inet_sock *inet = inet_sk(sk); 1740 struct inet_sock *inet = inet_sk(sk);
1741 struct net *net = sock_net(sk);
1759 int ifindex; 1742 int ifindex;
1760 int count = 0; 1743 int count = 0;
1761 1744
1762 if (!ipv4_is_multicast(addr)) 1745 if (!ipv4_is_multicast(addr))
1763 return -EINVAL; 1746 return -EINVAL;
1764 1747
1765 if (sock_net(sk) != &init_net)
1766 return -EPROTONOSUPPORT;
1767
1768 rtnl_lock(); 1748 rtnl_lock();
1769 1749
1770 in_dev = ip_mc_find_dev(imr); 1750 in_dev = ip_mc_find_dev(net, imr);
1771 1751
1772 if (!in_dev) { 1752 if (!in_dev) {
1773 iml = NULL; 1753 iml = NULL;
@@ -1829,15 +1809,13 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
1829 struct inet_sock *inet = inet_sk(sk); 1809 struct inet_sock *inet = inet_sk(sk);
1830 struct ip_mc_socklist *iml, **imlp; 1810 struct ip_mc_socklist *iml, **imlp;
1831 struct in_device *in_dev; 1811 struct in_device *in_dev;
1812 struct net *net = sock_net(sk);
1832 __be32 group = imr->imr_multiaddr.s_addr; 1813 __be32 group = imr->imr_multiaddr.s_addr;
1833 u32 ifindex; 1814 u32 ifindex;
1834 int ret = -EADDRNOTAVAIL; 1815 int ret = -EADDRNOTAVAIL;
1835 1816
1836 if (sock_net(sk) != &init_net)
1837 return -EPROTONOSUPPORT;
1838
1839 rtnl_lock(); 1817 rtnl_lock();
1840 in_dev = ip_mc_find_dev(imr); 1818 in_dev = ip_mc_find_dev(net, imr);
1841 ifindex = imr->imr_ifindex; 1819 ifindex = imr->imr_ifindex;
1842 for (imlp = &inet->mc_list; (iml = *imlp) != NULL; imlp = &iml->next) { 1820 for (imlp = &inet->mc_list; (iml = *imlp) != NULL; imlp = &iml->next) {
1843 if (iml->multi.imr_multiaddr.s_addr != group) 1821 if (iml->multi.imr_multiaddr.s_addr != group)
@@ -1875,21 +1853,19 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
1875 struct in_device *in_dev = NULL; 1853 struct in_device *in_dev = NULL;
1876 struct inet_sock *inet = inet_sk(sk); 1854 struct inet_sock *inet = inet_sk(sk);
1877 struct ip_sf_socklist *psl; 1855 struct ip_sf_socklist *psl;
1856 struct net *net = sock_net(sk);
1878 int leavegroup = 0; 1857 int leavegroup = 0;
1879 int i, j, rv; 1858 int i, j, rv;
1880 1859
1881 if (!ipv4_is_multicast(addr)) 1860 if (!ipv4_is_multicast(addr))
1882 return -EINVAL; 1861 return -EINVAL;
1883 1862
1884 if (sock_net(sk) != &init_net)
1885 return -EPROTONOSUPPORT;
1886
1887 rtnl_lock(); 1863 rtnl_lock();
1888 1864
1889 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 1865 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr;
1890 imr.imr_address.s_addr = mreqs->imr_interface; 1866 imr.imr_address.s_addr = mreqs->imr_interface;
1891 imr.imr_ifindex = ifindex; 1867 imr.imr_ifindex = ifindex;
1892 in_dev = ip_mc_find_dev(&imr); 1868 in_dev = ip_mc_find_dev(net, &imr);
1893 1869
1894 if (!in_dev) { 1870 if (!in_dev) {
1895 err = -ENODEV; 1871 err = -ENODEV;
@@ -2009,6 +1985,7 @@ int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2009 struct in_device *in_dev; 1985 struct in_device *in_dev;
2010 struct inet_sock *inet = inet_sk(sk); 1986 struct inet_sock *inet = inet_sk(sk);
2011 struct ip_sf_socklist *newpsl, *psl; 1987 struct ip_sf_socklist *newpsl, *psl;
1988 struct net *net = sock_net(sk);
2012 int leavegroup = 0; 1989 int leavegroup = 0;
2013 1990
2014 if (!ipv4_is_multicast(addr)) 1991 if (!ipv4_is_multicast(addr))
@@ -2017,15 +1994,12 @@ int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2017 msf->imsf_fmode != MCAST_EXCLUDE) 1994 msf->imsf_fmode != MCAST_EXCLUDE)
2018 return -EINVAL; 1995 return -EINVAL;
2019 1996
2020 if (sock_net(sk) != &init_net)
2021 return -EPROTONOSUPPORT;
2022
2023 rtnl_lock(); 1997 rtnl_lock();
2024 1998
2025 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 1999 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2026 imr.imr_address.s_addr = msf->imsf_interface; 2000 imr.imr_address.s_addr = msf->imsf_interface;
2027 imr.imr_ifindex = ifindex; 2001 imr.imr_ifindex = ifindex;
2028 in_dev = ip_mc_find_dev(&imr); 2002 in_dev = ip_mc_find_dev(net, &imr);
2029 2003
2030 if (!in_dev) { 2004 if (!in_dev) {
2031 err = -ENODEV; 2005 err = -ENODEV;
@@ -2096,19 +2070,17 @@ int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
2096 struct in_device *in_dev; 2070 struct in_device *in_dev;
2097 struct inet_sock *inet = inet_sk(sk); 2071 struct inet_sock *inet = inet_sk(sk);
2098 struct ip_sf_socklist *psl; 2072 struct ip_sf_socklist *psl;
2073 struct net *net = sock_net(sk);
2099 2074
2100 if (!ipv4_is_multicast(addr)) 2075 if (!ipv4_is_multicast(addr))
2101 return -EINVAL; 2076 return -EINVAL;
2102 2077
2103 if (sock_net(sk) != &init_net)
2104 return -EPROTONOSUPPORT;
2105
2106 rtnl_lock(); 2078 rtnl_lock();
2107 2079
2108 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2080 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2109 imr.imr_address.s_addr = msf->imsf_interface; 2081 imr.imr_address.s_addr = msf->imsf_interface;
2110 imr.imr_ifindex = 0; 2082 imr.imr_ifindex = 0;
2111 in_dev = ip_mc_find_dev(&imr); 2083 in_dev = ip_mc_find_dev(net, &imr);
2112 2084
2113 if (!in_dev) { 2085 if (!in_dev) {
2114 err = -ENODEV; 2086 err = -ENODEV;
@@ -2165,9 +2137,6 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
2165 if (!ipv4_is_multicast(addr)) 2137 if (!ipv4_is_multicast(addr))
2166 return -EINVAL; 2138 return -EINVAL;
2167 2139
2168 if (sock_net(sk) != &init_net)
2169 return -EPROTONOSUPPORT;
2170
2171 rtnl_lock(); 2140 rtnl_lock();
2172 2141
2173 err = -EADDRNOTAVAIL; 2142 err = -EADDRNOTAVAIL;
@@ -2248,19 +2217,17 @@ void ip_mc_drop_socket(struct sock *sk)
2248{ 2217{
2249 struct inet_sock *inet = inet_sk(sk); 2218 struct inet_sock *inet = inet_sk(sk);
2250 struct ip_mc_socklist *iml; 2219 struct ip_mc_socklist *iml;
2220 struct net *net = sock_net(sk);
2251 2221
2252 if (inet->mc_list == NULL) 2222 if (inet->mc_list == NULL)
2253 return; 2223 return;
2254 2224
2255 if (sock_net(sk) != &init_net)
2256 return;
2257
2258 rtnl_lock(); 2225 rtnl_lock();
2259 while ((iml = inet->mc_list) != NULL) { 2226 while ((iml = inet->mc_list) != NULL) {
2260 struct in_device *in_dev; 2227 struct in_device *in_dev;
2261 inet->mc_list = iml->next; 2228 inet->mc_list = iml->next;
2262 2229
2263 in_dev = inetdev_by_index(&init_net, iml->multi.imr_ifindex); 2230 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex);
2264 (void) ip_mc_leave_src(sk, iml, in_dev); 2231 (void) ip_mc_leave_src(sk, iml, in_dev);
2265 if (in_dev != NULL) { 2232 if (in_dev != NULL) {
2266 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2233 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 828ea211ff21..0c1ae68ee84b 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -103,7 +103,8 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum)
103 rover = net_random() % remaining + low; 103 rover = net_random() % remaining + low;
104 104
105 do { 105 do {
106 head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)]; 106 head = &hashinfo->bhash[inet_bhashfn(net, rover,
107 hashinfo->bhash_size)];
107 spin_lock(&head->lock); 108 spin_lock(&head->lock);
108 inet_bind_bucket_for_each(tb, node, &head->chain) 109 inet_bind_bucket_for_each(tb, node, &head->chain)
109 if (tb->ib_net == net && tb->port == rover) 110 if (tb->ib_net == net && tb->port == rover)
@@ -130,7 +131,8 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum)
130 */ 131 */
131 snum = rover; 132 snum = rover;
132 } else { 133 } else {
133 head = &hashinfo->bhash[inet_bhashfn(snum, hashinfo->bhash_size)]; 134 head = &hashinfo->bhash[inet_bhashfn(net, snum,
135 hashinfo->bhash_size)];
134 spin_lock(&head->lock); 136 spin_lock(&head->lock);
135 inet_bind_bucket_for_each(tb, node, &head->chain) 137 inet_bind_bucket_for_each(tb, node, &head->chain)
136 if (tb->ib_net == net && tb->port == snum) 138 if (tb->ib_net == net && tb->port == snum)
@@ -165,7 +167,7 @@ tb_not_found:
165success: 167success:
166 if (!inet_csk(sk)->icsk_bind_hash) 168 if (!inet_csk(sk)->icsk_bind_hash)
167 inet_bind_hash(sk, tb, snum); 169 inet_bind_hash(sk, tb, snum);
168 BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb); 170 WARN_ON(inet_csk(sk)->icsk_bind_hash != tb);
169 ret = 0; 171 ret = 0;
170 172
171fail_unlock: 173fail_unlock:
@@ -258,7 +260,7 @@ struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
258 } 260 }
259 261
260 newsk = reqsk_queue_get_child(&icsk->icsk_accept_queue, sk); 262 newsk = reqsk_queue_get_child(&icsk->icsk_accept_queue, sk);
261 BUG_TRAP(newsk->sk_state != TCP_SYN_RECV); 263 WARN_ON(newsk->sk_state == TCP_SYN_RECV);
262out: 264out:
263 release_sock(sk); 265 release_sock(sk);
264 return newsk; 266 return newsk;
@@ -336,15 +338,16 @@ struct dst_entry* inet_csk_route_req(struct sock *sk,
336 .uli_u = { .ports = 338 .uli_u = { .ports =
337 { .sport = inet_sk(sk)->sport, 339 { .sport = inet_sk(sk)->sport,
338 .dport = ireq->rmt_port } } }; 340 .dport = ireq->rmt_port } } };
341 struct net *net = sock_net(sk);
339 342
340 security_req_classify_flow(req, &fl); 343 security_req_classify_flow(req, &fl);
341 if (ip_route_output_flow(sock_net(sk), &rt, &fl, sk, 0)) { 344 if (ip_route_output_flow(net, &rt, &fl, sk, 0)) {
342 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 345 IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
343 return NULL; 346 return NULL;
344 } 347 }
345 if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) { 348 if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) {
346 ip_rt_put(rt); 349 ip_rt_put(rt);
347 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 350 IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
348 return NULL; 351 return NULL;
349 } 352 }
350 return &rt->u.dst; 353 return &rt->u.dst;
@@ -383,7 +386,7 @@ struct request_sock *inet_csk_search_req(const struct sock *sk,
383 ireq->rmt_addr == raddr && 386 ireq->rmt_addr == raddr &&
384 ireq->loc_addr == laddr && 387 ireq->loc_addr == laddr &&
385 AF_INET_FAMILY(req->rsk_ops->family)) { 388 AF_INET_FAMILY(req->rsk_ops->family)) {
386 BUG_TRAP(!req->sk); 389 WARN_ON(req->sk);
387 *prevp = prev; 390 *prevp = prev;
388 break; 391 break;
389 } 392 }
@@ -419,7 +422,8 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
419 struct inet_connection_sock *icsk = inet_csk(parent); 422 struct inet_connection_sock *icsk = inet_csk(parent);
420 struct request_sock_queue *queue = &icsk->icsk_accept_queue; 423 struct request_sock_queue *queue = &icsk->icsk_accept_queue;
421 struct listen_sock *lopt = queue->listen_opt; 424 struct listen_sock *lopt = queue->listen_opt;
422 int thresh = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries; 425 int max_retries = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries;
426 int thresh = max_retries;
423 unsigned long now = jiffies; 427 unsigned long now = jiffies;
424 struct request_sock **reqp, *req; 428 struct request_sock **reqp, *req;
425 int i, budget; 429 int i, budget;
@@ -455,6 +459,9 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
455 } 459 }
456 } 460 }
457 461
462 if (queue->rskq_defer_accept)
463 max_retries = queue->rskq_defer_accept;
464
458 budget = 2 * (lopt->nr_table_entries / (timeout / interval)); 465 budget = 2 * (lopt->nr_table_entries / (timeout / interval));
459 i = lopt->clock_hand; 466 i = lopt->clock_hand;
460 467
@@ -462,8 +469,9 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
462 reqp=&lopt->syn_table[i]; 469 reqp=&lopt->syn_table[i];
463 while ((req = *reqp) != NULL) { 470 while ((req = *reqp) != NULL) {
464 if (time_after_eq(now, req->expires)) { 471 if (time_after_eq(now, req->expires)) {
465 if (req->retrans < thresh && 472 if ((req->retrans < thresh ||
466 !req->rsk_ops->rtx_syn_ack(parent, req)) { 473 (inet_rsk(req)->acked && req->retrans < max_retries))
474 && !req->rsk_ops->rtx_syn_ack(parent, req)) {
467 unsigned long timeo; 475 unsigned long timeo;
468 476
469 if (req->retrans++ == 0) 477 if (req->retrans++ == 0)
@@ -531,14 +539,14 @@ EXPORT_SYMBOL_GPL(inet_csk_clone);
531 */ 539 */
532void inet_csk_destroy_sock(struct sock *sk) 540void inet_csk_destroy_sock(struct sock *sk)
533{ 541{
534 BUG_TRAP(sk->sk_state == TCP_CLOSE); 542 WARN_ON(sk->sk_state != TCP_CLOSE);
535 BUG_TRAP(sock_flag(sk, SOCK_DEAD)); 543 WARN_ON(!sock_flag(sk, SOCK_DEAD));
536 544
537 /* It cannot be in hash table! */ 545 /* It cannot be in hash table! */
538 BUG_TRAP(sk_unhashed(sk)); 546 WARN_ON(!sk_unhashed(sk));
539 547
540 /* If it has not 0 inet_sk(sk)->num, it must be bound */ 548 /* If it has not 0 inet_sk(sk)->num, it must be bound */
541 BUG_TRAP(!inet_sk(sk)->num || inet_csk(sk)->icsk_bind_hash); 549 WARN_ON(inet_sk(sk)->num && !inet_csk(sk)->icsk_bind_hash);
542 550
543 sk->sk_prot->destroy(sk); 551 sk->sk_prot->destroy(sk);
544 552
@@ -621,7 +629,7 @@ void inet_csk_listen_stop(struct sock *sk)
621 629
622 local_bh_disable(); 630 local_bh_disable();
623 bh_lock_sock(child); 631 bh_lock_sock(child);
624 BUG_TRAP(!sock_owned_by_user(child)); 632 WARN_ON(sock_owned_by_user(child));
625 sock_hold(child); 633 sock_hold(child);
626 634
627 sk->sk_prot->disconnect(child, O_NONBLOCK); 635 sk->sk_prot->disconnect(child, O_NONBLOCK);
@@ -639,7 +647,7 @@ void inet_csk_listen_stop(struct sock *sk)
639 sk_acceptq_removed(sk); 647 sk_acceptq_removed(sk);
640 __reqsk_free(req); 648 __reqsk_free(req);
641 } 649 }
642 BUG_TRAP(!sk->sk_ack_backlog); 650 WARN_ON(sk->sk_ack_backlog);
643} 651}
644 652
645EXPORT_SYMBOL_GPL(inet_csk_listen_stop); 653EXPORT_SYMBOL_GPL(inet_csk_listen_stop);
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index da97695e7096..c10036e7a463 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * inet_diag.c Module for monitoring INET transport protocols sockets. 2 * inet_diag.c Module for monitoring INET transport protocols sockets.
3 * 3 *
4 * Version: $Id: inet_diag.c,v 1.3 2002/02/01 22:01:04 davem Exp $
5 *
6 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 4 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 4ed429bd5951..6c52e08f786e 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -134,8 +134,8 @@ void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f,
134 struct sk_buff *fp; 134 struct sk_buff *fp;
135 struct netns_frags *nf; 135 struct netns_frags *nf;
136 136
137 BUG_TRAP(q->last_in & INET_FRAG_COMPLETE); 137 WARN_ON(!(q->last_in & INET_FRAG_COMPLETE));
138 BUG_TRAP(del_timer(&q->timer) == 0); 138 WARN_ON(del_timer(&q->timer) != 0);
139 139
140 /* Release all fragment data. */ 140 /* Release all fragment data. */
141 fp = q->fragments; 141 fp = q->fragments;
@@ -192,14 +192,21 @@ EXPORT_SYMBOL(inet_frag_evictor);
192 192
193static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf, 193static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf,
194 struct inet_frag_queue *qp_in, struct inet_frags *f, 194 struct inet_frag_queue *qp_in, struct inet_frags *f,
195 unsigned int hash, void *arg) 195 void *arg)
196{ 196{
197 struct inet_frag_queue *qp; 197 struct inet_frag_queue *qp;
198#ifdef CONFIG_SMP 198#ifdef CONFIG_SMP
199 struct hlist_node *n; 199 struct hlist_node *n;
200#endif 200#endif
201 unsigned int hash;
201 202
202 write_lock(&f->lock); 203 write_lock(&f->lock);
204 /*
205 * While we stayed w/o the lock other CPU could update
206 * the rnd seed, so we need to re-calculate the hash
207 * chain. Fortunatelly the qp_in can be used to get one.
208 */
209 hash = f->hashfn(qp_in);
203#ifdef CONFIG_SMP 210#ifdef CONFIG_SMP
204 /* With SMP race we have to recheck hash table, because 211 /* With SMP race we have to recheck hash table, because
205 * such entry could be created on other cpu, while we 212 * such entry could be created on other cpu, while we
@@ -247,7 +254,7 @@ static struct inet_frag_queue *inet_frag_alloc(struct netns_frags *nf,
247} 254}
248 255
249static struct inet_frag_queue *inet_frag_create(struct netns_frags *nf, 256static struct inet_frag_queue *inet_frag_create(struct netns_frags *nf,
250 struct inet_frags *f, void *arg, unsigned int hash) 257 struct inet_frags *f, void *arg)
251{ 258{
252 struct inet_frag_queue *q; 259 struct inet_frag_queue *q;
253 260
@@ -255,7 +262,7 @@ static struct inet_frag_queue *inet_frag_create(struct netns_frags *nf,
255 if (q == NULL) 262 if (q == NULL)
256 return NULL; 263 return NULL;
257 264
258 return inet_frag_intern(nf, q, f, hash, arg); 265 return inet_frag_intern(nf, q, f, arg);
259} 266}
260 267
261struct inet_frag_queue *inet_frag_find(struct netns_frags *nf, 268struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
@@ -264,7 +271,6 @@ struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
264 struct inet_frag_queue *q; 271 struct inet_frag_queue *q;
265 struct hlist_node *n; 272 struct hlist_node *n;
266 273
267 read_lock(&f->lock);
268 hlist_for_each_entry(q, n, &f->hash[hash], list) { 274 hlist_for_each_entry(q, n, &f->hash[hash], list) {
269 if (q->net == nf && f->match(q, key)) { 275 if (q->net == nf && f->match(q, key)) {
270 atomic_inc(&q->refcnt); 276 atomic_inc(&q->refcnt);
@@ -274,6 +280,6 @@ struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
274 } 280 }
275 read_unlock(&f->lock); 281 read_unlock(&f->lock);
276 282
277 return inet_frag_create(nf, f, key, hash); 283 return inet_frag_create(nf, f, key);
278} 284}
279EXPORT_SYMBOL(inet_frag_find); 285EXPORT_SYMBOL(inet_frag_find);
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 2023d37b2708..44981906fb91 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -70,7 +70,8 @@ void inet_bind_hash(struct sock *sk, struct inet_bind_bucket *tb,
70static void __inet_put_port(struct sock *sk) 70static void __inet_put_port(struct sock *sk)
71{ 71{
72 struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo; 72 struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
73 const int bhash = inet_bhashfn(inet_sk(sk)->num, hashinfo->bhash_size); 73 const int bhash = inet_bhashfn(sock_net(sk), inet_sk(sk)->num,
74 hashinfo->bhash_size);
74 struct inet_bind_hashbucket *head = &hashinfo->bhash[bhash]; 75 struct inet_bind_hashbucket *head = &hashinfo->bhash[bhash];
75 struct inet_bind_bucket *tb; 76 struct inet_bind_bucket *tb;
76 77
@@ -95,7 +96,8 @@ EXPORT_SYMBOL(inet_put_port);
95void __inet_inherit_port(struct sock *sk, struct sock *child) 96void __inet_inherit_port(struct sock *sk, struct sock *child)
96{ 97{
97 struct inet_hashinfo *table = sk->sk_prot->h.hashinfo; 98 struct inet_hashinfo *table = sk->sk_prot->h.hashinfo;
98 const int bhash = inet_bhashfn(inet_sk(child)->num, table->bhash_size); 99 const int bhash = inet_bhashfn(sock_net(sk), inet_sk(child)->num,
100 table->bhash_size);
99 struct inet_bind_hashbucket *head = &table->bhash[bhash]; 101 struct inet_bind_hashbucket *head = &table->bhash[bhash];
100 struct inet_bind_bucket *tb; 102 struct inet_bind_bucket *tb;
101 103
@@ -192,7 +194,7 @@ struct sock *__inet_lookup_listener(struct net *net,
192 const struct hlist_head *head; 194 const struct hlist_head *head;
193 195
194 read_lock(&hashinfo->lhash_lock); 196 read_lock(&hashinfo->lhash_lock);
195 head = &hashinfo->listening_hash[inet_lhashfn(hnum)]; 197 head = &hashinfo->listening_hash[inet_lhashfn(net, hnum)];
196 if (!hlist_empty(head)) { 198 if (!hlist_empty(head)) {
197 const struct inet_sock *inet = inet_sk((sk = __sk_head(head))); 199 const struct inet_sock *inet = inet_sk((sk = __sk_head(head)));
198 200
@@ -225,7 +227,7 @@ struct sock * __inet_lookup_established(struct net *net,
225 /* Optimize here for direct hit, only listening connections can 227 /* Optimize here for direct hit, only listening connections can
226 * have wildcards anyways. 228 * have wildcards anyways.
227 */ 229 */
228 unsigned int hash = inet_ehashfn(daddr, hnum, saddr, sport); 230 unsigned int hash = inet_ehashfn(net, daddr, hnum, saddr, sport);
229 struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash); 231 struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash);
230 rwlock_t *lock = inet_ehash_lockp(hashinfo, hash); 232 rwlock_t *lock = inet_ehash_lockp(hashinfo, hash);
231 233
@@ -265,13 +267,13 @@ static int __inet_check_established(struct inet_timewait_death_row *death_row,
265 int dif = sk->sk_bound_dev_if; 267 int dif = sk->sk_bound_dev_if;
266 INET_ADDR_COOKIE(acookie, saddr, daddr) 268 INET_ADDR_COOKIE(acookie, saddr, daddr)
267 const __portpair ports = INET_COMBINED_PORTS(inet->dport, lport); 269 const __portpair ports = INET_COMBINED_PORTS(inet->dport, lport);
268 unsigned int hash = inet_ehashfn(daddr, lport, saddr, inet->dport); 270 struct net *net = sock_net(sk);
271 unsigned int hash = inet_ehashfn(net, daddr, lport, saddr, inet->dport);
269 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash); 272 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
270 rwlock_t *lock = inet_ehash_lockp(hinfo, hash); 273 rwlock_t *lock = inet_ehash_lockp(hinfo, hash);
271 struct sock *sk2; 274 struct sock *sk2;
272 const struct hlist_node *node; 275 const struct hlist_node *node;
273 struct inet_timewait_sock *tw; 276 struct inet_timewait_sock *tw;
274 struct net *net = sock_net(sk);
275 277
276 prefetch(head->chain.first); 278 prefetch(head->chain.first);
277 write_lock(lock); 279 write_lock(lock);
@@ -303,18 +305,18 @@ unique:
303 inet->num = lport; 305 inet->num = lport;
304 inet->sport = htons(lport); 306 inet->sport = htons(lport);
305 sk->sk_hash = hash; 307 sk->sk_hash = hash;
306 BUG_TRAP(sk_unhashed(sk)); 308 WARN_ON(!sk_unhashed(sk));
307 __sk_add_node(sk, &head->chain); 309 __sk_add_node(sk, &head->chain);
308 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 310 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
309 write_unlock(lock); 311 write_unlock(lock);
310 312
311 if (twp) { 313 if (twp) {
312 *twp = tw; 314 *twp = tw;
313 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED); 315 NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
314 } else if (tw) { 316 } else if (tw) {
315 /* Silly. Should hash-dance instead... */ 317 /* Silly. Should hash-dance instead... */
316 inet_twsk_deschedule(tw, death_row); 318 inet_twsk_deschedule(tw, death_row);
317 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED); 319 NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
318 320
319 inet_twsk_put(tw); 321 inet_twsk_put(tw);
320 } 322 }
@@ -340,7 +342,7 @@ void __inet_hash_nolisten(struct sock *sk)
340 rwlock_t *lock; 342 rwlock_t *lock;
341 struct inet_ehash_bucket *head; 343 struct inet_ehash_bucket *head;
342 344
343 BUG_TRAP(sk_unhashed(sk)); 345 WARN_ON(!sk_unhashed(sk));
344 346
345 sk->sk_hash = inet_sk_ehashfn(sk); 347 sk->sk_hash = inet_sk_ehashfn(sk);
346 head = inet_ehash_bucket(hashinfo, sk->sk_hash); 348 head = inet_ehash_bucket(hashinfo, sk->sk_hash);
@@ -365,7 +367,7 @@ static void __inet_hash(struct sock *sk)
365 return; 367 return;
366 } 368 }
367 369
368 BUG_TRAP(sk_unhashed(sk)); 370 WARN_ON(!sk_unhashed(sk));
369 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)]; 371 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
370 lock = &hashinfo->lhash_lock; 372 lock = &hashinfo->lhash_lock;
371 373
@@ -438,7 +440,8 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
438 local_bh_disable(); 440 local_bh_disable();
439 for (i = 1; i <= remaining; i++) { 441 for (i = 1; i <= remaining; i++) {
440 port = low + (i + offset) % remaining; 442 port = low + (i + offset) % remaining;
441 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; 443 head = &hinfo->bhash[inet_bhashfn(net, port,
444 hinfo->bhash_size)];
442 spin_lock(&head->lock); 445 spin_lock(&head->lock);
443 446
444 /* Does not bother with rcv_saddr checks, 447 /* Does not bother with rcv_saddr checks,
@@ -447,7 +450,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
447 */ 450 */
448 inet_bind_bucket_for_each(tb, node, &head->chain) { 451 inet_bind_bucket_for_each(tb, node, &head->chain) {
449 if (tb->ib_net == net && tb->port == port) { 452 if (tb->ib_net == net && tb->port == port) {
450 BUG_TRAP(!hlist_empty(&tb->owners)); 453 WARN_ON(hlist_empty(&tb->owners));
451 if (tb->fastreuse >= 0) 454 if (tb->fastreuse >= 0)
452 goto next_port; 455 goto next_port;
453 if (!check_established(death_row, sk, 456 if (!check_established(death_row, sk,
@@ -493,7 +496,7 @@ ok:
493 goto out; 496 goto out;
494 } 497 }
495 498
496 head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)]; 499 head = &hinfo->bhash[inet_bhashfn(net, snum, hinfo->bhash_size)];
497 tb = inet_csk(sk)->icsk_bind_hash; 500 tb = inet_csk(sk)->icsk_bind_hash;
498 spin_lock_bh(&head->lock); 501 spin_lock_bh(&head->lock);
499 if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) { 502 if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
diff --git a/net/ipv4/inet_lro.c b/net/ipv4/inet_lro.c
index 4a4d49fca1f2..cfd034a2b96e 100644
--- a/net/ipv4/inet_lro.c
+++ b/net/ipv4/inet_lro.c
@@ -383,8 +383,7 @@ static int __lro_proc_skb(struct net_lro_mgr *lro_mgr, struct sk_buff *skb,
383out2: /* send aggregated SKBs to stack */ 383out2: /* send aggregated SKBs to stack */
384 lro_flush(lro_mgr, lro_desc); 384 lro_flush(lro_mgr, lro_desc);
385 385
386out: /* Original SKB has to be posted to stack */ 386out:
387 skb->ip_summed = lro_mgr->ip_summed;
388 return 1; 387 return 1;
389} 388}
390 389
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index ce16e9ac24c1..d985bd613d25 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -32,7 +32,8 @@ static void __inet_twsk_kill(struct inet_timewait_sock *tw,
32 write_unlock(lock); 32 write_unlock(lock);
33 33
34 /* Disassociate with bind bucket. */ 34 /* Disassociate with bind bucket. */
35 bhead = &hashinfo->bhash[inet_bhashfn(tw->tw_num, hashinfo->bhash_size)]; 35 bhead = &hashinfo->bhash[inet_bhashfn(twsk_net(tw), tw->tw_num,
36 hashinfo->bhash_size)];
36 spin_lock(&bhead->lock); 37 spin_lock(&bhead->lock);
37 tb = tw->tw_tb; 38 tb = tw->tw_tb;
38 __hlist_del(&tw->tw_bind_node); 39 __hlist_del(&tw->tw_bind_node);
@@ -81,10 +82,11 @@ void __inet_twsk_hashdance(struct inet_timewait_sock *tw, struct sock *sk,
81 Note, that any socket with inet->num != 0 MUST be bound in 82 Note, that any socket with inet->num != 0 MUST be bound in
82 binding cache, even if it is closed. 83 binding cache, even if it is closed.
83 */ 84 */
84 bhead = &hashinfo->bhash[inet_bhashfn(inet->num, hashinfo->bhash_size)]; 85 bhead = &hashinfo->bhash[inet_bhashfn(twsk_net(tw), inet->num,
86 hashinfo->bhash_size)];
85 spin_lock(&bhead->lock); 87 spin_lock(&bhead->lock);
86 tw->tw_tb = icsk->icsk_bind_hash; 88 tw->tw_tb = icsk->icsk_bind_hash;
87 BUG_TRAP(icsk->icsk_bind_hash); 89 WARN_ON(!icsk->icsk_bind_hash);
88 inet_twsk_add_bind_node(tw, &tw->tw_tb->owners); 90 inet_twsk_add_bind_node(tw, &tw->tw_tb->owners);
89 spin_unlock(&bhead->lock); 91 spin_unlock(&bhead->lock);
90 92
@@ -158,6 +160,9 @@ rescan:
158 __inet_twsk_del_dead_node(tw); 160 __inet_twsk_del_dead_node(tw);
159 spin_unlock(&twdr->death_lock); 161 spin_unlock(&twdr->death_lock);
160 __inet_twsk_kill(tw, twdr->hashinfo); 162 __inet_twsk_kill(tw, twdr->hashinfo);
163#ifdef CONFIG_NET_NS
164 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITED);
165#endif
161 inet_twsk_put(tw); 166 inet_twsk_put(tw);
162 killed++; 167 killed++;
163 spin_lock(&twdr->death_lock); 168 spin_lock(&twdr->death_lock);
@@ -176,8 +181,9 @@ rescan:
176 } 181 }
177 182
178 twdr->tw_count -= killed; 183 twdr->tw_count -= killed;
179 NET_ADD_STATS_BH(LINUX_MIB_TIMEWAITED, killed); 184#ifndef CONFIG_NET_NS
180 185 NET_ADD_STATS_BH(&init_net, LINUX_MIB_TIMEWAITED, killed);
186#endif
181 return ret; 187 return ret;
182} 188}
183 189
@@ -370,6 +376,9 @@ void inet_twdr_twcal_tick(unsigned long data)
370 &twdr->twcal_row[slot]) { 376 &twdr->twcal_row[slot]) {
371 __inet_twsk_del_dead_node(tw); 377 __inet_twsk_del_dead_node(tw);
372 __inet_twsk_kill(tw, twdr->hashinfo); 378 __inet_twsk_kill(tw, twdr->hashinfo);
379#ifdef CONFIG_NET_NS
380 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITKILLED);
381#endif
373 inet_twsk_put(tw); 382 inet_twsk_put(tw);
374 killed++; 383 killed++;
375 } 384 }
@@ -393,7 +402,9 @@ void inet_twdr_twcal_tick(unsigned long data)
393out: 402out:
394 if ((twdr->tw_count -= killed) == 0) 403 if ((twdr->tw_count -= killed) == 0)
395 del_timer(&twdr->tw_timer); 404 del_timer(&twdr->tw_timer);
396 NET_ADD_STATS_BH(LINUX_MIB_TIMEWAITKILLED, killed); 405#ifndef CONFIG_NET_NS
406 NET_ADD_STATS_BH(&init_net, LINUX_MIB_TIMEWAITKILLED, killed);
407#endif
397 spin_unlock(&twdr->death_lock); 408 spin_unlock(&twdr->death_lock);
398} 409}
399 410
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index af995198f643..a456ceeac3f2 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -3,8 +3,6 @@
3 * 3 *
4 * This source is covered by the GNU GPL, the same as all kernel sources. 4 * This source is covered by the GNU GPL, the same as all kernel sources.
5 * 5 *
6 * Version: $Id: inetpeer.c,v 1.7 2001/09/20 21:22:50 davem Exp $
7 *
8 * Authors: Andrey V. Savochkin <saw@msu.ru> 6 * Authors: Andrey V. Savochkin <saw@msu.ru>
9 */ 7 */
10 8
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 4813c39b438b..450016b89a18 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The IP forwarding functionality. 6 * The IP forwarding functionality.
7 * 7 *
8 * Version: $Id: ip_forward.c,v 1.48 2000/12/13 18:31:48 davem Exp $
9 *
10 * Authors: see ip.c 8 * Authors: see ip.c
11 * 9 *
12 * Fixes: 10 * Fixes:
@@ -44,7 +42,7 @@ static int ip_forward_finish(struct sk_buff *skb)
44{ 42{
45 struct ip_options * opt = &(IPCB(skb)->opt); 43 struct ip_options * opt = &(IPCB(skb)->opt);
46 44
47 IP_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); 45 IP_INC_STATS_BH(dev_net(skb->dst->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
48 46
49 if (unlikely(opt->optlen)) 47 if (unlikely(opt->optlen))
50 ip_forward_options(skb); 48 ip_forward_options(skb);
@@ -58,6 +56,9 @@ int ip_forward(struct sk_buff *skb)
58 struct rtable *rt; /* Route we use */ 56 struct rtable *rt; /* Route we use */
59 struct ip_options * opt = &(IPCB(skb)->opt); 57 struct ip_options * opt = &(IPCB(skb)->opt);
60 58
59 if (skb_warn_if_lro(skb))
60 goto drop;
61
61 if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb)) 62 if (!xfrm4_policy_check(NULL, XFRM_POLICY_FWD, skb))
62 goto drop; 63 goto drop;
63 64
@@ -87,7 +88,7 @@ int ip_forward(struct sk_buff *skb)
87 88
88 if (unlikely(skb->len > dst_mtu(&rt->u.dst) && !skb_is_gso(skb) && 89 if (unlikely(skb->len > dst_mtu(&rt->u.dst) && !skb_is_gso(skb) &&
89 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) { 90 (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
90 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 91 IP_INC_STATS(dev_net(rt->u.dst.dev), IPSTATS_MIB_FRAGFAILS);
91 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 92 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
92 htonl(dst_mtu(&rt->u.dst))); 93 htonl(dst_mtu(&rt->u.dst)));
93 goto drop; 94 goto drop;
@@ -122,7 +123,7 @@ sr_failed:
122 123
123too_many_hops: 124too_many_hops:
124 /* Tell the sender its packet died... */ 125 /* Tell the sender its packet died... */
125 IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); 126 IP_INC_STATS_BH(dev_net(skb->dst->dev), IPSTATS_MIB_INHDRERRORS);
126 icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0); 127 icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
127drop: 128drop:
128 kfree_skb(skb); 129 kfree_skb(skb);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index cd6ce6ac6358..2152d222b954 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The IP fragmentation functionality. 6 * The IP fragmentation functionality.
7 * 7 *
8 * Version: $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $
9 *
10 * Authors: Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG> 8 * Authors: Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG>
11 * Alan Cox <Alan.Cox@linux.org> 9 * Alan Cox <Alan.Cox@linux.org>
12 * 10 *
@@ -180,7 +178,7 @@ static void ip_evictor(struct net *net)
180 178
181 evicted = inet_frag_evictor(&net->ipv4.frags, &ip4_frags); 179 evicted = inet_frag_evictor(&net->ipv4.frags, &ip4_frags);
182 if (evicted) 180 if (evicted)
183 IP_ADD_STATS_BH(IPSTATS_MIB_REASMFAILS, evicted); 181 IP_ADD_STATS_BH(net, IPSTATS_MIB_REASMFAILS, evicted);
184} 182}
185 183
186/* 184/*
@@ -189,8 +187,10 @@ static void ip_evictor(struct net *net)
189static void ip_expire(unsigned long arg) 187static void ip_expire(unsigned long arg)
190{ 188{
191 struct ipq *qp; 189 struct ipq *qp;
190 struct net *net;
192 191
193 qp = container_of((struct inet_frag_queue *) arg, struct ipq, q); 192 qp = container_of((struct inet_frag_queue *) arg, struct ipq, q);
193 net = container_of(qp->q.net, struct net, ipv4.frags);
194 194
195 spin_lock(&qp->q.lock); 195 spin_lock(&qp->q.lock);
196 196
@@ -199,14 +199,12 @@ static void ip_expire(unsigned long arg)
199 199
200 ipq_kill(qp); 200 ipq_kill(qp);
201 201
202 IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); 202 IP_INC_STATS_BH(net, IPSTATS_MIB_REASMTIMEOUT);
203 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 203 IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
204 204
205 if ((qp->q.last_in & INET_FRAG_FIRST_IN) && qp->q.fragments != NULL) { 205 if ((qp->q.last_in & INET_FRAG_FIRST_IN) && qp->q.fragments != NULL) {
206 struct sk_buff *head = qp->q.fragments; 206 struct sk_buff *head = qp->q.fragments;
207 struct net *net;
208 207
209 net = container_of(qp->q.net, struct net, ipv4.frags);
210 /* Send an ICMP "Fragment Reassembly Timeout" message. */ 208 /* Send an ICMP "Fragment Reassembly Timeout" message. */
211 if ((head->dev = dev_get_by_index(net, qp->iif)) != NULL) { 209 if ((head->dev = dev_get_by_index(net, qp->iif)) != NULL) {
212 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); 210 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
@@ -229,6 +227,8 @@ static inline struct ipq *ip_find(struct net *net, struct iphdr *iph, u32 user)
229 227
230 arg.iph = iph; 228 arg.iph = iph;
231 arg.user = user; 229 arg.user = user;
230
231 read_lock(&ip4_frags.lock);
232 hash = ipqhashfn(iph->id, iph->saddr, iph->daddr, iph->protocol); 232 hash = ipqhashfn(iph->id, iph->saddr, iph->daddr, iph->protocol);
233 233
234 q = inet_frag_find(&net->ipv4.frags, &ip4_frags, &arg, hash); 234 q = inet_frag_find(&net->ipv4.frags, &ip4_frags, &arg, hash);
@@ -261,7 +261,10 @@ static inline int ip_frag_too_far(struct ipq *qp)
261 rc = qp->q.fragments && (end - start) > max; 261 rc = qp->q.fragments && (end - start) > max;
262 262
263 if (rc) { 263 if (rc) {
264 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 264 struct net *net;
265
266 net = container_of(qp->q.net, struct net, ipv4.frags);
267 IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
265 } 268 }
266 269
267 return rc; 270 return rc;
@@ -485,8 +488,8 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
485 qp->q.fragments = head; 488 qp->q.fragments = head;
486 } 489 }
487 490
488 BUG_TRAP(head != NULL); 491 WARN_ON(head == NULL);
489 BUG_TRAP(FRAG_CB(head)->offset == 0); 492 WARN_ON(FRAG_CB(head)->offset != 0);
490 493
491 /* Allocate a new buffer for the datagram. */ 494 /* Allocate a new buffer for the datagram. */
492 ihlen = ip_hdrlen(head); 495 ihlen = ip_hdrlen(head);
@@ -545,7 +548,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
545 iph = ip_hdr(head); 548 iph = ip_hdr(head);
546 iph->frag_off = 0; 549 iph->frag_off = 0;
547 iph->tot_len = htons(len); 550 iph->tot_len = htons(len);
548 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); 551 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMOKS);
549 qp->q.fragments = NULL; 552 qp->q.fragments = NULL;
550 return 0; 553 return 0;
551 554
@@ -560,7 +563,7 @@ out_oversize:
560 "Oversized IP packet from " NIPQUAD_FMT ".\n", 563 "Oversized IP packet from " NIPQUAD_FMT ".\n",
561 NIPQUAD(qp->saddr)); 564 NIPQUAD(qp->saddr));
562out_fail: 565out_fail:
563 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 566 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMFAILS);
564 return err; 567 return err;
565} 568}
566 569
@@ -570,9 +573,9 @@ int ip_defrag(struct sk_buff *skb, u32 user)
570 struct ipq *qp; 573 struct ipq *qp;
571 struct net *net; 574 struct net *net;
572 575
573 IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
574
575 net = skb->dev ? dev_net(skb->dev) : dev_net(skb->dst->dev); 576 net = skb->dev ? dev_net(skb->dev) : dev_net(skb->dst->dev);
577 IP_INC_STATS_BH(net, IPSTATS_MIB_REASMREQDS);
578
576 /* Start by cleaning up the memory. */ 579 /* Start by cleaning up the memory. */
577 if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh) 580 if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh)
578 ip_evictor(net); 581 ip_evictor(net);
@@ -590,7 +593,7 @@ int ip_defrag(struct sk_buff *skb, u32 user)
590 return ret; 593 return ret;
591 } 594 }
592 595
593 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 596 IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
594 kfree_skb(skb); 597 kfree_skb(skb);
595 return -ENOMEM; 598 return -ENOMEM;
596} 599}
@@ -598,7 +601,7 @@ int ip_defrag(struct sk_buff *skb, u32 user)
598#ifdef CONFIG_SYSCTL 601#ifdef CONFIG_SYSCTL
599static int zero; 602static int zero;
600 603
601static struct ctl_table ip4_frags_ctl_table[] = { 604static struct ctl_table ip4_frags_ns_ctl_table[] = {
602 { 605 {
603 .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH, 606 .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH,
604 .procname = "ipfrag_high_thresh", 607 .procname = "ipfrag_high_thresh",
@@ -624,6 +627,10 @@ static struct ctl_table ip4_frags_ctl_table[] = {
624 .proc_handler = &proc_dointvec_jiffies, 627 .proc_handler = &proc_dointvec_jiffies,
625 .strategy = &sysctl_jiffies 628 .strategy = &sysctl_jiffies
626 }, 629 },
630 { }
631};
632
633static struct ctl_table ip4_frags_ctl_table[] = {
627 { 634 {
628 .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, 635 .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL,
629 .procname = "ipfrag_secret_interval", 636 .procname = "ipfrag_secret_interval",
@@ -644,22 +651,20 @@ static struct ctl_table ip4_frags_ctl_table[] = {
644 { } 651 { }
645}; 652};
646 653
647static int ip4_frags_ctl_register(struct net *net) 654static int ip4_frags_ns_ctl_register(struct net *net)
648{ 655{
649 struct ctl_table *table; 656 struct ctl_table *table;
650 struct ctl_table_header *hdr; 657 struct ctl_table_header *hdr;
651 658
652 table = ip4_frags_ctl_table; 659 table = ip4_frags_ns_ctl_table;
653 if (net != &init_net) { 660 if (net != &init_net) {
654 table = kmemdup(table, sizeof(ip4_frags_ctl_table), GFP_KERNEL); 661 table = kmemdup(table, sizeof(ip4_frags_ns_ctl_table), GFP_KERNEL);
655 if (table == NULL) 662 if (table == NULL)
656 goto err_alloc; 663 goto err_alloc;
657 664
658 table[0].data = &net->ipv4.frags.high_thresh; 665 table[0].data = &net->ipv4.frags.high_thresh;
659 table[1].data = &net->ipv4.frags.low_thresh; 666 table[1].data = &net->ipv4.frags.low_thresh;
660 table[2].data = &net->ipv4.frags.timeout; 667 table[2].data = &net->ipv4.frags.timeout;
661 table[3].mode &= ~0222;
662 table[4].mode &= ~0222;
663 } 668 }
664 669
665 hdr = register_net_sysctl_table(net, net_ipv4_ctl_path, table); 670 hdr = register_net_sysctl_table(net, net_ipv4_ctl_path, table);
@@ -676,7 +681,7 @@ err_alloc:
676 return -ENOMEM; 681 return -ENOMEM;
677} 682}
678 683
679static void ip4_frags_ctl_unregister(struct net *net) 684static void ip4_frags_ns_ctl_unregister(struct net *net)
680{ 685{
681 struct ctl_table *table; 686 struct ctl_table *table;
682 687
@@ -684,13 +689,22 @@ static void ip4_frags_ctl_unregister(struct net *net)
684 unregister_net_sysctl_table(net->ipv4.frags_hdr); 689 unregister_net_sysctl_table(net->ipv4.frags_hdr);
685 kfree(table); 690 kfree(table);
686} 691}
692
693static void ip4_frags_ctl_register(void)
694{
695 register_net_sysctl_rotable(net_ipv4_ctl_path, ip4_frags_ctl_table);
696}
687#else 697#else
688static inline int ip4_frags_ctl_register(struct net *net) 698static inline int ip4_frags_ns_ctl_register(struct net *net)
689{ 699{
690 return 0; 700 return 0;
691} 701}
692 702
693static inline void ip4_frags_ctl_unregister(struct net *net) 703static inline void ip4_frags_ns_ctl_unregister(struct net *net)
704{
705}
706
707static inline void ip4_frags_ctl_register(void)
694{ 708{
695} 709}
696#endif 710#endif
@@ -714,12 +728,12 @@ static int ipv4_frags_init_net(struct net *net)
714 728
715 inet_frags_init_net(&net->ipv4.frags); 729 inet_frags_init_net(&net->ipv4.frags);
716 730
717 return ip4_frags_ctl_register(net); 731 return ip4_frags_ns_ctl_register(net);
718} 732}
719 733
720static void ipv4_frags_exit_net(struct net *net) 734static void ipv4_frags_exit_net(struct net *net)
721{ 735{
722 ip4_frags_ctl_unregister(net); 736 ip4_frags_ns_ctl_unregister(net);
723 inet_frags_exit_net(&net->ipv4.frags, &ip4_frags); 737 inet_frags_exit_net(&net->ipv4.frags, &ip4_frags);
724} 738}
725 739
@@ -730,6 +744,7 @@ static struct pernet_operations ip4_frags_ops = {
730 744
731void __init ipfrag_init(void) 745void __init ipfrag_init(void)
732{ 746{
747 ip4_frags_ctl_register();
733 register_pernet_subsys(&ip4_frags_ops); 748 register_pernet_subsys(&ip4_frags_ops);
734 ip4_frags.hashfn = ip4_hashfn; 749 ip4_frags.hashfn = ip4_hashfn;
735 ip4_frags.constructor = ip4_frag_init; 750 ip4_frags.constructor = ip4_frag_init;
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 4342cba4ff82..2a61158ea722 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -473,6 +473,8 @@ static int ipgre_rcv(struct sk_buff *skb)
473 read_lock(&ipgre_lock); 473 read_lock(&ipgre_lock);
474 if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev), 474 if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev),
475 iph->saddr, iph->daddr, key)) != NULL) { 475 iph->saddr, iph->daddr, key)) != NULL) {
476 struct net_device_stats *stats = &tunnel->dev->stats;
477
476 secpath_reset(skb); 478 secpath_reset(skb);
477 479
478 skb->protocol = *(__be16*)(h + 2); 480 skb->protocol = *(__be16*)(h + 2);
@@ -497,28 +499,28 @@ static int ipgre_rcv(struct sk_buff *skb)
497 /* Looped back packet, drop it! */ 499 /* Looped back packet, drop it! */
498 if (skb->rtable->fl.iif == 0) 500 if (skb->rtable->fl.iif == 0)
499 goto drop; 501 goto drop;
500 tunnel->stat.multicast++; 502 stats->multicast++;
501 skb->pkt_type = PACKET_BROADCAST; 503 skb->pkt_type = PACKET_BROADCAST;
502 } 504 }
503#endif 505#endif
504 506
505 if (((flags&GRE_CSUM) && csum) || 507 if (((flags&GRE_CSUM) && csum) ||
506 (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) { 508 (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
507 tunnel->stat.rx_crc_errors++; 509 stats->rx_crc_errors++;
508 tunnel->stat.rx_errors++; 510 stats->rx_errors++;
509 goto drop; 511 goto drop;
510 } 512 }
511 if (tunnel->parms.i_flags&GRE_SEQ) { 513 if (tunnel->parms.i_flags&GRE_SEQ) {
512 if (!(flags&GRE_SEQ) || 514 if (!(flags&GRE_SEQ) ||
513 (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) { 515 (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
514 tunnel->stat.rx_fifo_errors++; 516 stats->rx_fifo_errors++;
515 tunnel->stat.rx_errors++; 517 stats->rx_errors++;
516 goto drop; 518 goto drop;
517 } 519 }
518 tunnel->i_seqno = seqno + 1; 520 tunnel->i_seqno = seqno + 1;
519 } 521 }
520 tunnel->stat.rx_packets++; 522 stats->rx_packets++;
521 tunnel->stat.rx_bytes += skb->len; 523 stats->rx_bytes += skb->len;
522 skb->dev = tunnel->dev; 524 skb->dev = tunnel->dev;
523 dst_release(skb->dst); 525 dst_release(skb->dst);
524 skb->dst = NULL; 526 skb->dst = NULL;
@@ -540,7 +542,7 @@ drop_nolock:
540static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 542static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
541{ 543{
542 struct ip_tunnel *tunnel = netdev_priv(dev); 544 struct ip_tunnel *tunnel = netdev_priv(dev);
543 struct net_device_stats *stats = &tunnel->stat; 545 struct net_device_stats *stats = &tunnel->dev->stats;
544 struct iphdr *old_iph = ip_hdr(skb); 546 struct iphdr *old_iph = ip_hdr(skb);
545 struct iphdr *tiph; 547 struct iphdr *tiph;
546 u8 tos; 548 u8 tos;
@@ -554,7 +556,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
554 int mtu; 556 int mtu;
555 557
556 if (tunnel->recursion++) { 558 if (tunnel->recursion++) {
557 tunnel->stat.collisions++; 559 stats->collisions++;
558 goto tx_error; 560 goto tx_error;
559 } 561 }
560 562
@@ -570,7 +572,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
570 /* NBMA tunnel */ 572 /* NBMA tunnel */
571 573
572 if (skb->dst == NULL) { 574 if (skb->dst == NULL) {
573 tunnel->stat.tx_fifo_errors++; 575 stats->tx_fifo_errors++;
574 goto tx_error; 576 goto tx_error;
575 } 577 }
576 578
@@ -621,7 +623,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
621 .tos = RT_TOS(tos) } }, 623 .tos = RT_TOS(tos) } },
622 .proto = IPPROTO_GRE }; 624 .proto = IPPROTO_GRE };
623 if (ip_route_output_key(dev_net(dev), &rt, &fl)) { 625 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
624 tunnel->stat.tx_carrier_errors++; 626 stats->tx_carrier_errors++;
625 goto tx_error; 627 goto tx_error;
626 } 628 }
627 } 629 }
@@ -629,7 +631,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
629 631
630 if (tdev == dev) { 632 if (tdev == dev) {
631 ip_rt_put(rt); 633 ip_rt_put(rt);
632 tunnel->stat.collisions++; 634 stats->collisions++;
633 goto tx_error; 635 goto tx_error;
634 } 636 }
635 637
@@ -954,11 +956,6 @@ done:
954 return err; 956 return err;
955} 957}
956 958
957static struct net_device_stats *ipgre_tunnel_get_stats(struct net_device *dev)
958{
959 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
960}
961
962static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu) 959static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
963{ 960{
964 struct ip_tunnel *tunnel = netdev_priv(dev); 961 struct ip_tunnel *tunnel = netdev_priv(dev);
@@ -1084,7 +1081,6 @@ static void ipgre_tunnel_setup(struct net_device *dev)
1084 dev->uninit = ipgre_tunnel_uninit; 1081 dev->uninit = ipgre_tunnel_uninit;
1085 dev->destructor = free_netdev; 1082 dev->destructor = free_netdev;
1086 dev->hard_start_xmit = ipgre_tunnel_xmit; 1083 dev->hard_start_xmit = ipgre_tunnel_xmit;
1087 dev->get_stats = ipgre_tunnel_get_stats;
1088 dev->do_ioctl = ipgre_tunnel_ioctl; 1084 dev->do_ioctl = ipgre_tunnel_ioctl;
1089 dev->change_mtu = ipgre_tunnel_change_mtu; 1085 dev->change_mtu = ipgre_tunnel_change_mtu;
1090 1086
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index ff77a4a7f9ec..e0bed56c51f1 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The Internet Protocol (IP) module. 6 * The Internet Protocol (IP) module.
7 * 7 *
8 * Version: $Id: ip_input.c,v 1.55 2002/01/12 07:39:45 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Donald Becker, <becker@super.org> 10 * Donald Becker, <becker@super.org>
@@ -147,12 +145,6 @@
147#include <linux/netlink.h> 145#include <linux/netlink.h>
148 146
149/* 147/*
150 * SNMP management statistics
151 */
152
153DEFINE_SNMP_STAT(struct ipstats_mib, ip_statistics) __read_mostly;
154
155/*
156 * Process Router Attention IP option 148 * Process Router Attention IP option
157 */ 149 */
158int ip_call_ra_chain(struct sk_buff *skb) 150int ip_call_ra_chain(struct sk_buff *skb)
@@ -232,16 +224,16 @@ static int ip_local_deliver_finish(struct sk_buff *skb)
232 protocol = -ret; 224 protocol = -ret;
233 goto resubmit; 225 goto resubmit;
234 } 226 }
235 IP_INC_STATS_BH(IPSTATS_MIB_INDELIVERS); 227 IP_INC_STATS_BH(net, IPSTATS_MIB_INDELIVERS);
236 } else { 228 } else {
237 if (!raw) { 229 if (!raw) {
238 if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { 230 if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
239 IP_INC_STATS_BH(IPSTATS_MIB_INUNKNOWNPROTOS); 231 IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS);
240 icmp_send(skb, ICMP_DEST_UNREACH, 232 icmp_send(skb, ICMP_DEST_UNREACH,
241 ICMP_PROT_UNREACH, 0); 233 ICMP_PROT_UNREACH, 0);
242 } 234 }
243 } else 235 } else
244 IP_INC_STATS_BH(IPSTATS_MIB_INDELIVERS); 236 IP_INC_STATS_BH(net, IPSTATS_MIB_INDELIVERS);
245 kfree_skb(skb); 237 kfree_skb(skb);
246 } 238 }
247 } 239 }
@@ -283,7 +275,7 @@ static inline int ip_rcv_options(struct sk_buff *skb)
283 --ANK (980813) 275 --ANK (980813)
284 */ 276 */
285 if (skb_cow(skb, skb_headroom(skb))) { 277 if (skb_cow(skb, skb_headroom(skb))) {
286 IP_INC_STATS_BH(IPSTATS_MIB_INDISCARDS); 278 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
287 goto drop; 279 goto drop;
288 } 280 }
289 281
@@ -292,7 +284,7 @@ static inline int ip_rcv_options(struct sk_buff *skb)
292 opt->optlen = iph->ihl*4 - sizeof(struct iphdr); 284 opt->optlen = iph->ihl*4 - sizeof(struct iphdr);
293 285
294 if (ip_options_compile(dev_net(dev), opt, skb)) { 286 if (ip_options_compile(dev_net(dev), opt, skb)) {
295 IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); 287 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
296 goto drop; 288 goto drop;
297 } 289 }
298 290
@@ -336,9 +328,11 @@ static int ip_rcv_finish(struct sk_buff *skb)
336 skb->dev); 328 skb->dev);
337 if (unlikely(err)) { 329 if (unlikely(err)) {
338 if (err == -EHOSTUNREACH) 330 if (err == -EHOSTUNREACH)
339 IP_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS); 331 IP_INC_STATS_BH(dev_net(skb->dev),
332 IPSTATS_MIB_INADDRERRORS);
340 else if (err == -ENETUNREACH) 333 else if (err == -ENETUNREACH)
341 IP_INC_STATS_BH(IPSTATS_MIB_INNOROUTES); 334 IP_INC_STATS_BH(dev_net(skb->dev),
335 IPSTATS_MIB_INNOROUTES);
342 goto drop; 336 goto drop;
343 } 337 }
344 } 338 }
@@ -359,9 +353,9 @@ static int ip_rcv_finish(struct sk_buff *skb)
359 353
360 rt = skb->rtable; 354 rt = skb->rtable;
361 if (rt->rt_type == RTN_MULTICAST) 355 if (rt->rt_type == RTN_MULTICAST)
362 IP_INC_STATS_BH(IPSTATS_MIB_INMCASTPKTS); 356 IP_INC_STATS_BH(dev_net(rt->u.dst.dev), IPSTATS_MIB_INMCASTPKTS);
363 else if (rt->rt_type == RTN_BROADCAST) 357 else if (rt->rt_type == RTN_BROADCAST)
364 IP_INC_STATS_BH(IPSTATS_MIB_INBCASTPKTS); 358 IP_INC_STATS_BH(dev_net(rt->u.dst.dev), IPSTATS_MIB_INBCASTPKTS);
365 359
366 return dst_input(skb); 360 return dst_input(skb);
367 361
@@ -384,10 +378,10 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
384 if (skb->pkt_type == PACKET_OTHERHOST) 378 if (skb->pkt_type == PACKET_OTHERHOST)
385 goto drop; 379 goto drop;
386 380
387 IP_INC_STATS_BH(IPSTATS_MIB_INRECEIVES); 381 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INRECEIVES);
388 382
389 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) { 383 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
390 IP_INC_STATS_BH(IPSTATS_MIB_INDISCARDS); 384 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
391 goto out; 385 goto out;
392 } 386 }
393 387
@@ -420,7 +414,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
420 414
421 len = ntohs(iph->tot_len); 415 len = ntohs(iph->tot_len);
422 if (skb->len < len) { 416 if (skb->len < len) {
423 IP_INC_STATS_BH(IPSTATS_MIB_INTRUNCATEDPKTS); 417 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INTRUNCATEDPKTS);
424 goto drop; 418 goto drop;
425 } else if (len < (iph->ihl*4)) 419 } else if (len < (iph->ihl*4))
426 goto inhdr_error; 420 goto inhdr_error;
@@ -430,7 +424,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
430 * Note this now means skb->len holds ntohs(iph->tot_len). 424 * Note this now means skb->len holds ntohs(iph->tot_len).
431 */ 425 */
432 if (pskb_trim_rcsum(skb, len)) { 426 if (pskb_trim_rcsum(skb, len)) {
433 IP_INC_STATS_BH(IPSTATS_MIB_INDISCARDS); 427 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
434 goto drop; 428 goto drop;
435 } 429 }
436 430
@@ -441,11 +435,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
441 ip_rcv_finish); 435 ip_rcv_finish);
442 436
443inhdr_error: 437inhdr_error:
444 IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); 438 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
445drop: 439drop:
446 kfree_skb(skb); 440 kfree_skb(skb);
447out: 441out:
448 return NET_RX_DROP; 442 return NET_RX_DROP;
449} 443}
450
451EXPORT_SYMBOL(ip_statistics);
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 33126ad2cfdc..be3f18a7a40e 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The options processing module for ip.c 6 * The options processing module for ip.c
7 * 7 *
8 * Version: $Id: ip_options.c,v 1.21 2001/09/01 00:31:50 davem Exp $
9 *
10 * Authors: A.N.Kuznetsov 8 * Authors: A.N.Kuznetsov
11 * 9 *
12 */ 10 */
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index e527628f56cf..d533a89e08de 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The Internet Protocol (IP) output module. 6 * The Internet Protocol (IP) output module.
7 * 7 *
8 * Version: $Id: ip_output.c,v 1.100 2002/02/01 22:01:03 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Donald Becker, <becker@super.org> 10 * Donald Becker, <becker@super.org>
@@ -120,7 +118,7 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb)
120 __skb_pull(newskb, skb_network_offset(newskb)); 118 __skb_pull(newskb, skb_network_offset(newskb));
121 newskb->pkt_type = PACKET_LOOPBACK; 119 newskb->pkt_type = PACKET_LOOPBACK;
122 newskb->ip_summed = CHECKSUM_UNNECESSARY; 120 newskb->ip_summed = CHECKSUM_UNNECESSARY;
123 BUG_TRAP(newskb->dst); 121 WARN_ON(!newskb->dst);
124 netif_rx(newskb); 122 netif_rx(newskb);
125 return 0; 123 return 0;
126} 124}
@@ -184,9 +182,9 @@ static inline int ip_finish_output2(struct sk_buff *skb)
184 unsigned int hh_len = LL_RESERVED_SPACE(dev); 182 unsigned int hh_len = LL_RESERVED_SPACE(dev);
185 183
186 if (rt->rt_type == RTN_MULTICAST) 184 if (rt->rt_type == RTN_MULTICAST)
187 IP_INC_STATS(IPSTATS_MIB_OUTMCASTPKTS); 185 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_OUTMCASTPKTS);
188 else if (rt->rt_type == RTN_BROADCAST) 186 else if (rt->rt_type == RTN_BROADCAST)
189 IP_INC_STATS(IPSTATS_MIB_OUTBCASTPKTS); 187 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_OUTBCASTPKTS);
190 188
191 /* Be paranoid, rather than too clever. */ 189 /* Be paranoid, rather than too clever. */
192 if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) { 190 if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
@@ -246,7 +244,7 @@ int ip_mc_output(struct sk_buff *skb)
246 /* 244 /*
247 * If the indicated interface is up and running, send the packet. 245 * If the indicated interface is up and running, send the packet.
248 */ 246 */
249 IP_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 247 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_OUTREQUESTS);
250 248
251 skb->dev = dev; 249 skb->dev = dev;
252 skb->protocol = htons(ETH_P_IP); 250 skb->protocol = htons(ETH_P_IP);
@@ -300,7 +298,7 @@ int ip_output(struct sk_buff *skb)
300{ 298{
301 struct net_device *dev = skb->dst->dev; 299 struct net_device *dev = skb->dst->dev;
302 300
303 IP_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 301 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_OUTREQUESTS);
304 302
305 skb->dev = dev; 303 skb->dev = dev;
306 skb->protocol = htons(ETH_P_IP); 304 skb->protocol = htons(ETH_P_IP);
@@ -391,7 +389,7 @@ packet_routed:
391 return ip_local_out(skb); 389 return ip_local_out(skb);
392 390
393no_route: 391no_route:
394 IP_INC_STATS(IPSTATS_MIB_OUTNOROUTES); 392 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
395 kfree_skb(skb); 393 kfree_skb(skb);
396 return -EHOSTUNREACH; 394 return -EHOSTUNREACH;
397} 395}
@@ -453,7 +451,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
453 iph = ip_hdr(skb); 451 iph = ip_hdr(skb);
454 452
455 if (unlikely((iph->frag_off & htons(IP_DF)) && !skb->local_df)) { 453 if (unlikely((iph->frag_off & htons(IP_DF)) && !skb->local_df)) {
456 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 454 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
457 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 455 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
458 htonl(ip_skb_dst_mtu(skb))); 456 htonl(ip_skb_dst_mtu(skb)));
459 kfree_skb(skb); 457 kfree_skb(skb);
@@ -544,7 +542,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
544 err = output(skb); 542 err = output(skb);
545 543
546 if (!err) 544 if (!err)
547 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES); 545 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
548 if (err || !frag) 546 if (err || !frag)
549 break; 547 break;
550 548
@@ -554,7 +552,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
554 } 552 }
555 553
556 if (err == 0) { 554 if (err == 0) {
557 IP_INC_STATS(IPSTATS_MIB_FRAGOKS); 555 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
558 return 0; 556 return 0;
559 } 557 }
560 558
@@ -563,7 +561,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
563 kfree_skb(frag); 561 kfree_skb(frag);
564 frag = skb; 562 frag = skb;
565 } 563 }
566 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 564 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
567 return err; 565 return err;
568 } 566 }
569 567
@@ -675,15 +673,15 @@ slow_path:
675 if (err) 673 if (err)
676 goto fail; 674 goto fail;
677 675
678 IP_INC_STATS(IPSTATS_MIB_FRAGCREATES); 676 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
679 } 677 }
680 kfree_skb(skb); 678 kfree_skb(skb);
681 IP_INC_STATS(IPSTATS_MIB_FRAGOKS); 679 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
682 return err; 680 return err;
683 681
684fail: 682fail:
685 kfree_skb(skb); 683 kfree_skb(skb);
686 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 684 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
687 return err; 685 return err;
688} 686}
689 687
@@ -1049,7 +1047,7 @@ alloc_new_skb:
1049 1047
1050error: 1048error:
1051 inet->cork.length -= length; 1049 inet->cork.length -= length;
1052 IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1050 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1053 return err; 1051 return err;
1054} 1052}
1055 1053
@@ -1191,7 +1189,7 @@ ssize_t ip_append_page(struct sock *sk, struct page *page,
1191 1189
1192error: 1190error:
1193 inet->cork.length -= size; 1191 inet->cork.length -= size;
1194 IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1192 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1195 return err; 1193 return err;
1196} 1194}
1197 1195
@@ -1213,6 +1211,7 @@ int ip_push_pending_frames(struct sock *sk)
1213 struct sk_buff *skb, *tmp_skb; 1211 struct sk_buff *skb, *tmp_skb;
1214 struct sk_buff **tail_skb; 1212 struct sk_buff **tail_skb;
1215 struct inet_sock *inet = inet_sk(sk); 1213 struct inet_sock *inet = inet_sk(sk);
1214 struct net *net = sock_net(sk);
1216 struct ip_options *opt = NULL; 1215 struct ip_options *opt = NULL;
1217 struct rtable *rt = (struct rtable *)inet->cork.dst; 1216 struct rtable *rt = (struct rtable *)inet->cork.dst;
1218 struct iphdr *iph; 1217 struct iphdr *iph;
@@ -1282,7 +1281,7 @@ int ip_push_pending_frames(struct sock *sk)
1282 skb->dst = dst_clone(&rt->u.dst); 1281 skb->dst = dst_clone(&rt->u.dst);
1283 1282
1284 if (iph->protocol == IPPROTO_ICMP) 1283 if (iph->protocol == IPPROTO_ICMP)
1285 icmp_out_count(((struct icmphdr *) 1284 icmp_out_count(net, ((struct icmphdr *)
1286 skb_transport_header(skb))->type); 1285 skb_transport_header(skb))->type);
1287 1286
1288 /* Netfilter gets whole the not fragmented skb. */ 1287 /* Netfilter gets whole the not fragmented skb. */
@@ -1299,7 +1298,7 @@ out:
1299 return err; 1298 return err;
1300 1299
1301error: 1300error:
1302 IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1301 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
1303 goto out; 1302 goto out;
1304} 1303}
1305 1304
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index e0514e82308e..105d92a039b9 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The IP to API glue. 6 * The IP to API glue.
7 * 7 *
8 * Version: $Id: ip_sockglue.c,v 1.62 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: see ip.c 8 * Authors: see ip.c
11 * 9 *
12 * Fixes: 10 * Fixes:
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index a75807b971b3..38ccb6dfb02e 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -14,153 +14,14 @@
14 * - Adaptive compression. 14 * - Adaptive compression.
15 */ 15 */
16#include <linux/module.h> 16#include <linux/module.h>
17#include <linux/crypto.h>
18#include <linux/err.h> 17#include <linux/err.h>
19#include <linux/pfkeyv2.h>
20#include <linux/percpu.h>
21#include <linux/smp.h>
22#include <linux/list.h>
23#include <linux/vmalloc.h>
24#include <linux/rtnetlink.h> 18#include <linux/rtnetlink.h>
25#include <linux/mutex.h>
26#include <net/ip.h> 19#include <net/ip.h>
27#include <net/xfrm.h> 20#include <net/xfrm.h>
28#include <net/icmp.h> 21#include <net/icmp.h>
29#include <net/ipcomp.h> 22#include <net/ipcomp.h>
30#include <net/protocol.h> 23#include <net/protocol.h>
31 24#include <net/sock.h>
32struct ipcomp_tfms {
33 struct list_head list;
34 struct crypto_comp **tfms;
35 int users;
36};
37
38static DEFINE_MUTEX(ipcomp_resource_mutex);
39static void **ipcomp_scratches;
40static int ipcomp_scratch_users;
41static LIST_HEAD(ipcomp_tfms_list);
42
43static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
44{
45 struct ipcomp_data *ipcd = x->data;
46 const int plen = skb->len;
47 int dlen = IPCOMP_SCRATCH_SIZE;
48 const u8 *start = skb->data;
49 const int cpu = get_cpu();
50 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
51 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
52 int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
53
54 if (err)
55 goto out;
56
57 if (dlen < (plen + sizeof(struct ip_comp_hdr))) {
58 err = -EINVAL;
59 goto out;
60 }
61
62 err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
63 if (err)
64 goto out;
65
66 skb->truesize += dlen - plen;
67 __skb_put(skb, dlen - plen);
68 skb_copy_to_linear_data(skb, scratch, dlen);
69out:
70 put_cpu();
71 return err;
72}
73
74static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
75{
76 int nexthdr;
77 int err = -ENOMEM;
78 struct ip_comp_hdr *ipch;
79
80 if (skb_linearize_cow(skb))
81 goto out;
82
83 skb->ip_summed = CHECKSUM_NONE;
84
85 /* Remove ipcomp header and decompress original payload */
86 ipch = (void *)skb->data;
87 nexthdr = ipch->nexthdr;
88
89 skb->transport_header = skb->network_header + sizeof(*ipch);
90 __skb_pull(skb, sizeof(*ipch));
91 err = ipcomp_decompress(x, skb);
92 if (err)
93 goto out;
94
95 err = nexthdr;
96
97out:
98 return err;
99}
100
101static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
102{
103 struct ipcomp_data *ipcd = x->data;
104 const int plen = skb->len;
105 int dlen = IPCOMP_SCRATCH_SIZE;
106 u8 *start = skb->data;
107 const int cpu = get_cpu();
108 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
109 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
110 int err;
111
112 local_bh_disable();
113 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
114 local_bh_enable();
115 if (err)
116 goto out;
117
118 if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
119 err = -EMSGSIZE;
120 goto out;
121 }
122
123 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
124 put_cpu();
125
126 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
127 return 0;
128
129out:
130 put_cpu();
131 return err;
132}
133
134static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
135{
136 int err;
137 struct ip_comp_hdr *ipch;
138 struct ipcomp_data *ipcd = x->data;
139
140 if (skb->len < ipcd->threshold) {
141 /* Don't bother compressing */
142 goto out_ok;
143 }
144
145 if (skb_linearize_cow(skb))
146 goto out_ok;
147
148 err = ipcomp_compress(x, skb);
149
150 if (err) {
151 goto out_ok;
152 }
153
154 /* Install ipcomp header, convert into ipcomp datagram. */
155 ipch = ip_comp_hdr(skb);
156 ipch->nexthdr = *skb_mac_header(skb);
157 ipch->flags = 0;
158 ipch->cpi = htons((u16 )ntohl(x->id.spi));
159 *skb_mac_header(skb) = IPPROTO_COMP;
160out_ok:
161 skb_push(skb, -skb_network_offset(skb));
162 return 0;
163}
164 25
165static void ipcomp4_err(struct sk_buff *skb, u32 info) 26static void ipcomp4_err(struct sk_buff *skb, u32 info)
166{ 27{
@@ -241,155 +102,9 @@ out:
241 return err; 102 return err;
242} 103}
243 104
244static void ipcomp_free_scratches(void) 105static int ipcomp4_init_state(struct xfrm_state *x)
245{
246 int i;
247 void **scratches;
248
249 if (--ipcomp_scratch_users)
250 return;
251
252 scratches = ipcomp_scratches;
253 if (!scratches)
254 return;
255
256 for_each_possible_cpu(i)
257 vfree(*per_cpu_ptr(scratches, i));
258
259 free_percpu(scratches);
260}
261
262static void **ipcomp_alloc_scratches(void)
263{
264 int i;
265 void **scratches;
266
267 if (ipcomp_scratch_users++)
268 return ipcomp_scratches;
269
270 scratches = alloc_percpu(void *);
271 if (!scratches)
272 return NULL;
273
274 ipcomp_scratches = scratches;
275
276 for_each_possible_cpu(i) {
277 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
278 if (!scratch)
279 return NULL;
280 *per_cpu_ptr(scratches, i) = scratch;
281 }
282
283 return scratches;
284}
285
286static void ipcomp_free_tfms(struct crypto_comp **tfms)
287{
288 struct ipcomp_tfms *pos;
289 int cpu;
290
291 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
292 if (pos->tfms == tfms)
293 break;
294 }
295
296 BUG_TRAP(pos);
297
298 if (--pos->users)
299 return;
300
301 list_del(&pos->list);
302 kfree(pos);
303
304 if (!tfms)
305 return;
306
307 for_each_possible_cpu(cpu) {
308 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
309 crypto_free_comp(tfm);
310 }
311 free_percpu(tfms);
312}
313
314static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
315{
316 struct ipcomp_tfms *pos;
317 struct crypto_comp **tfms;
318 int cpu;
319
320 /* This can be any valid CPU ID so we don't need locking. */
321 cpu = raw_smp_processor_id();
322
323 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
324 struct crypto_comp *tfm;
325
326 tfms = pos->tfms;
327 tfm = *per_cpu_ptr(tfms, cpu);
328
329 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
330 pos->users++;
331 return tfms;
332 }
333 }
334
335 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
336 if (!pos)
337 return NULL;
338
339 pos->users = 1;
340 INIT_LIST_HEAD(&pos->list);
341 list_add(&pos->list, &ipcomp_tfms_list);
342
343 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
344 if (!tfms)
345 goto error;
346
347 for_each_possible_cpu(cpu) {
348 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
349 CRYPTO_ALG_ASYNC);
350 if (IS_ERR(tfm))
351 goto error;
352 *per_cpu_ptr(tfms, cpu) = tfm;
353 }
354
355 return tfms;
356
357error:
358 ipcomp_free_tfms(tfms);
359 return NULL;
360}
361
362static void ipcomp_free_data(struct ipcomp_data *ipcd)
363{ 106{
364 if (ipcd->tfms) 107 int err = -EINVAL;
365 ipcomp_free_tfms(ipcd->tfms);
366 ipcomp_free_scratches();
367}
368
369static void ipcomp_destroy(struct xfrm_state *x)
370{
371 struct ipcomp_data *ipcd = x->data;
372 if (!ipcd)
373 return;
374 xfrm_state_delete_tunnel(x);
375 mutex_lock(&ipcomp_resource_mutex);
376 ipcomp_free_data(ipcd);
377 mutex_unlock(&ipcomp_resource_mutex);
378 kfree(ipcd);
379}
380
381static int ipcomp_init_state(struct xfrm_state *x)
382{
383 int err;
384 struct ipcomp_data *ipcd;
385 struct xfrm_algo_desc *calg_desc;
386
387 err = -EINVAL;
388 if (!x->calg)
389 goto out;
390
391 if (x->encap)
392 goto out;
393 108
394 x->props.header_len = 0; 109 x->props.header_len = 0;
395 switch (x->props.mode) { 110 switch (x->props.mode) {
@@ -402,40 +117,22 @@ static int ipcomp_init_state(struct xfrm_state *x)
402 goto out; 117 goto out;
403 } 118 }
404 119
405 err = -ENOMEM; 120 err = ipcomp_init_state(x);
406 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL); 121 if (err)
407 if (!ipcd)
408 goto out; 122 goto out;
409 123
410 mutex_lock(&ipcomp_resource_mutex);
411 if (!ipcomp_alloc_scratches())
412 goto error;
413
414 ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
415 if (!ipcd->tfms)
416 goto error;
417 mutex_unlock(&ipcomp_resource_mutex);
418
419 if (x->props.mode == XFRM_MODE_TUNNEL) { 124 if (x->props.mode == XFRM_MODE_TUNNEL) {
420 err = ipcomp_tunnel_attach(x); 125 err = ipcomp_tunnel_attach(x);
421 if (err) 126 if (err)
422 goto error_tunnel; 127 goto error_tunnel;
423 } 128 }
424 129
425 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
426 BUG_ON(!calg_desc);
427 ipcd->threshold = calg_desc->uinfo.comp.threshold;
428 x->data = ipcd;
429 err = 0; 130 err = 0;
430out: 131out:
431 return err; 132 return err;
432 133
433error_tunnel: 134error_tunnel:
434 mutex_lock(&ipcomp_resource_mutex); 135 ipcomp_destroy(x);
435error:
436 ipcomp_free_data(ipcd);
437 mutex_unlock(&ipcomp_resource_mutex);
438 kfree(ipcd);
439 goto out; 136 goto out;
440} 137}
441 138
@@ -443,7 +140,7 @@ static const struct xfrm_type ipcomp_type = {
443 .description = "IPCOMP4", 140 .description = "IPCOMP4",
444 .owner = THIS_MODULE, 141 .owner = THIS_MODULE,
445 .proto = IPPROTO_COMP, 142 .proto = IPPROTO_COMP,
446 .init_state = ipcomp_init_state, 143 .init_state = ipcomp4_init_state,
447 .destructor = ipcomp_destroy, 144 .destructor = ipcomp_destroy,
448 .input = ipcomp_input, 145 .input = ipcomp_input,
449 .output = ipcomp_output 146 .output = ipcomp_output
@@ -481,7 +178,7 @@ module_init(ipcomp4_init);
481module_exit(ipcomp4_fini); 178module_exit(ipcomp4_fini);
482 179
483MODULE_LICENSE("GPL"); 180MODULE_LICENSE("GPL");
484MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) - RFC3173"); 181MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp/IPv4) - RFC3173");
485MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 182MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
486 183
487MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_COMP); 184MODULE_ALIAS_XFRM_TYPE(AF_INET, XFRM_PROTO_COMP);
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index ed45037ce9be..42065fff46c4 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -1,6 +1,4 @@
1/* 1/*
2 * $Id: ipconfig.c,v 1.46 2002/02/01 22:01:04 davem Exp $
3 *
4 * Automatic Configuration of IP -- use DHCP, BOOTP, RARP, or 2 * Automatic Configuration of IP -- use DHCP, BOOTP, RARP, or
5 * user-supplied information to configure own IP address and routes. 3 * user-supplied information to configure own IP address and routes.
6 * 4 *
@@ -434,7 +432,7 @@ ic_rarp_recv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
434 unsigned char *sha, *tha; /* s for "source", t for "target" */ 432 unsigned char *sha, *tha; /* s for "source", t for "target" */
435 struct ic_device *d; 433 struct ic_device *d;
436 434
437 if (dev_net(dev) != &init_net) 435 if (!net_eq(dev_net(dev), &init_net))
438 goto drop; 436 goto drop;
439 437
440 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) 438 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
@@ -854,7 +852,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
854 struct ic_device *d; 852 struct ic_device *d;
855 int len, ext_len; 853 int len, ext_len;
856 854
857 if (dev_net(dev) != &init_net) 855 if (!net_eq(dev_net(dev), &init_net))
858 goto drop; 856 goto drop;
859 857
860 /* Perform verifications before taking the lock. */ 858 /* Perform verifications before taking the lock. */
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index af5cb53da5cc..4c6d2caf9203 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * Linux NET3: IP/IP protocol decoder. 2 * Linux NET3: IP/IP protocol decoder.
3 * 3 *
4 * Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
5 *
6 * Authors: 4 * Authors:
7 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 5 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
8 * 6 *
@@ -368,8 +366,8 @@ static int ipip_rcv(struct sk_buff *skb)
368 skb->protocol = htons(ETH_P_IP); 366 skb->protocol = htons(ETH_P_IP);
369 skb->pkt_type = PACKET_HOST; 367 skb->pkt_type = PACKET_HOST;
370 368
371 tunnel->stat.rx_packets++; 369 tunnel->dev->stats.rx_packets++;
372 tunnel->stat.rx_bytes += skb->len; 370 tunnel->dev->stats.rx_bytes += skb->len;
373 skb->dev = tunnel->dev; 371 skb->dev = tunnel->dev;
374 dst_release(skb->dst); 372 dst_release(skb->dst);
375 skb->dst = NULL; 373 skb->dst = NULL;
@@ -392,7 +390,7 @@ static int ipip_rcv(struct sk_buff *skb)
392static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 390static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
393{ 391{
394 struct ip_tunnel *tunnel = netdev_priv(dev); 392 struct ip_tunnel *tunnel = netdev_priv(dev);
395 struct net_device_stats *stats = &tunnel->stat; 393 struct net_device_stats *stats = &tunnel->dev->stats;
396 struct iphdr *tiph = &tunnel->parms.iph; 394 struct iphdr *tiph = &tunnel->parms.iph;
397 u8 tos = tunnel->parms.iph.tos; 395 u8 tos = tunnel->parms.iph.tos;
398 __be16 df = tiph->frag_off; 396 __be16 df = tiph->frag_off;
@@ -405,7 +403,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
405 int mtu; 403 int mtu;
406 404
407 if (tunnel->recursion++) { 405 if (tunnel->recursion++) {
408 tunnel->stat.collisions++; 406 stats->collisions++;
409 goto tx_error; 407 goto tx_error;
410 } 408 }
411 409
@@ -418,7 +416,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
418 if (!dst) { 416 if (!dst) {
419 /* NBMA tunnel */ 417 /* NBMA tunnel */
420 if ((rt = skb->rtable) == NULL) { 418 if ((rt = skb->rtable) == NULL) {
421 tunnel->stat.tx_fifo_errors++; 419 stats->tx_fifo_errors++;
422 goto tx_error; 420 goto tx_error;
423 } 421 }
424 if ((dst = rt->rt_gateway) == 0) 422 if ((dst = rt->rt_gateway) == 0)
@@ -433,7 +431,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
433 .tos = RT_TOS(tos) } }, 431 .tos = RT_TOS(tos) } },
434 .proto = IPPROTO_IPIP }; 432 .proto = IPPROTO_IPIP };
435 if (ip_route_output_key(dev_net(dev), &rt, &fl)) { 433 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
436 tunnel->stat.tx_carrier_errors++; 434 stats->tx_carrier_errors++;
437 goto tx_error_icmp; 435 goto tx_error_icmp;
438 } 436 }
439 } 437 }
@@ -441,7 +439,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
441 439
442 if (tdev == dev) { 440 if (tdev == dev) {
443 ip_rt_put(rt); 441 ip_rt_put(rt);
444 tunnel->stat.collisions++; 442 stats->collisions++;
445 goto tx_error; 443 goto tx_error;
446 } 444 }
447 445
@@ -451,7 +449,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
451 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu; 449 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
452 450
453 if (mtu < 68) { 451 if (mtu < 68) {
454 tunnel->stat.collisions++; 452 stats->collisions++;
455 ip_rt_put(rt); 453 ip_rt_put(rt);
456 goto tx_error; 454 goto tx_error;
457 } 455 }
@@ -685,11 +683,6 @@ done:
685 return err; 683 return err;
686} 684}
687 685
688static struct net_device_stats *ipip_tunnel_get_stats(struct net_device *dev)
689{
690 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
691}
692
693static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu) 686static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
694{ 687{
695 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr)) 688 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
@@ -702,7 +695,6 @@ static void ipip_tunnel_setup(struct net_device *dev)
702{ 695{
703 dev->uninit = ipip_tunnel_uninit; 696 dev->uninit = ipip_tunnel_uninit;
704 dev->hard_start_xmit = ipip_tunnel_xmit; 697 dev->hard_start_xmit = ipip_tunnel_xmit;
705 dev->get_stats = ipip_tunnel_get_stats;
706 dev->do_ioctl = ipip_tunnel_ioctl; 698 dev->do_ioctl = ipip_tunnel_ioctl;
707 dev->change_mtu = ipip_tunnel_change_mtu; 699 dev->change_mtu = ipip_tunnel_change_mtu;
708 dev->destructor = free_netdev; 700 dev->destructor = free_netdev;
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 11700a4dcd95..c519b8d30eee 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -9,8 +9,6 @@
9 * as published by the Free Software Foundation; either version 9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version. 10 * 2 of the License, or (at your option) any later version.
11 * 11 *
12 * Version: $Id: ipmr.c,v 1.65 2001/10/31 21:55:54 davem Exp $
13 *
14 * Fixes: 12 * Fixes:
15 * Michael Chastain : Incorrect size of copying. 13 * Michael Chastain : Incorrect size of copying.
16 * Alan Cox : Added the cache manager code 14 * Alan Cox : Added the cache manager code
@@ -120,6 +118,31 @@ static struct timer_list ipmr_expire_timer;
120 118
121/* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */ 119/* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */
122 120
121static void ipmr_del_tunnel(struct net_device *dev, struct vifctl *v)
122{
123 dev_close(dev);
124
125 dev = __dev_get_by_name(&init_net, "tunl0");
126 if (dev) {
127 struct ifreq ifr;
128 mm_segment_t oldfs;
129 struct ip_tunnel_parm p;
130
131 memset(&p, 0, sizeof(p));
132 p.iph.daddr = v->vifc_rmt_addr.s_addr;
133 p.iph.saddr = v->vifc_lcl_addr.s_addr;
134 p.iph.version = 4;
135 p.iph.ihl = 5;
136 p.iph.protocol = IPPROTO_IPIP;
137 sprintf(p.name, "dvmrp%d", v->vifc_vifi);
138 ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
139
140 oldfs = get_fs(); set_fs(KERNEL_DS);
141 dev->do_ioctl(dev, &ifr, SIOCDELTUNNEL);
142 set_fs(oldfs);
143 }
144}
145
123static 146static
124struct net_device *ipmr_new_tunnel(struct vifctl *v) 147struct net_device *ipmr_new_tunnel(struct vifctl *v)
125{ 148{
@@ -161,6 +184,7 @@ struct net_device *ipmr_new_tunnel(struct vifctl *v)
161 184
162 if (dev_open(dev)) 185 if (dev_open(dev))
163 goto failure; 186 goto failure;
187 dev_hold(dev);
164 } 188 }
165 } 189 }
166 return dev; 190 return dev;
@@ -181,26 +205,20 @@ static int reg_vif_num = -1;
181static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev) 205static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev)
182{ 206{
183 read_lock(&mrt_lock); 207 read_lock(&mrt_lock);
184 ((struct net_device_stats*)netdev_priv(dev))->tx_bytes += skb->len; 208 dev->stats.tx_bytes += skb->len;
185 ((struct net_device_stats*)netdev_priv(dev))->tx_packets++; 209 dev->stats.tx_packets++;
186 ipmr_cache_report(skb, reg_vif_num, IGMPMSG_WHOLEPKT); 210 ipmr_cache_report(skb, reg_vif_num, IGMPMSG_WHOLEPKT);
187 read_unlock(&mrt_lock); 211 read_unlock(&mrt_lock);
188 kfree_skb(skb); 212 kfree_skb(skb);
189 return 0; 213 return 0;
190} 214}
191 215
192static struct net_device_stats *reg_vif_get_stats(struct net_device *dev)
193{
194 return (struct net_device_stats*)netdev_priv(dev);
195}
196
197static void reg_vif_setup(struct net_device *dev) 216static void reg_vif_setup(struct net_device *dev)
198{ 217{
199 dev->type = ARPHRD_PIMREG; 218 dev->type = ARPHRD_PIMREG;
200 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 8; 219 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 8;
201 dev->flags = IFF_NOARP; 220 dev->flags = IFF_NOARP;
202 dev->hard_start_xmit = reg_vif_xmit; 221 dev->hard_start_xmit = reg_vif_xmit;
203 dev->get_stats = reg_vif_get_stats;
204 dev->destructor = free_netdev; 222 dev->destructor = free_netdev;
205} 223}
206 224
@@ -209,8 +227,7 @@ static struct net_device *ipmr_reg_vif(void)
209 struct net_device *dev; 227 struct net_device *dev;
210 struct in_device *in_dev; 228 struct in_device *in_dev;
211 229
212 dev = alloc_netdev(sizeof(struct net_device_stats), "pimreg", 230 dev = alloc_netdev(0, "pimreg", reg_vif_setup);
213 reg_vif_setup);
214 231
215 if (dev == NULL) 232 if (dev == NULL)
216 return NULL; 233 return NULL;
@@ -234,6 +251,8 @@ static struct net_device *ipmr_reg_vif(void)
234 if (dev_open(dev)) 251 if (dev_open(dev))
235 goto failure; 252 goto failure;
236 253
254 dev_hold(dev);
255
237 return dev; 256 return dev;
238 257
239failure: 258failure:
@@ -248,9 +267,10 @@ failure:
248 267
249/* 268/*
250 * Delete a VIF entry 269 * Delete a VIF entry
270 * @notify: Set to 1, if the caller is a notifier_call
251 */ 271 */
252 272
253static int vif_delete(int vifi) 273static int vif_delete(int vifi, int notify)
254{ 274{
255 struct vif_device *v; 275 struct vif_device *v;
256 struct net_device *dev; 276 struct net_device *dev;
@@ -293,7 +313,7 @@ static int vif_delete(int vifi)
293 ip_rt_multicast_event(in_dev); 313 ip_rt_multicast_event(in_dev);
294 } 314 }
295 315
296 if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER)) 316 if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER) && !notify)
297 unregister_netdevice(dev); 317 unregister_netdevice(dev);
298 318
299 dev_put(dev); 319 dev_put(dev);
@@ -398,6 +418,7 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
398 struct vif_device *v = &vif_table[vifi]; 418 struct vif_device *v = &vif_table[vifi];
399 struct net_device *dev; 419 struct net_device *dev;
400 struct in_device *in_dev; 420 struct in_device *in_dev;
421 int err;
401 422
402 /* Is vif busy ? */ 423 /* Is vif busy ? */
403 if (VIF_EXISTS(vifi)) 424 if (VIF_EXISTS(vifi))
@@ -415,18 +436,34 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
415 dev = ipmr_reg_vif(); 436 dev = ipmr_reg_vif();
416 if (!dev) 437 if (!dev)
417 return -ENOBUFS; 438 return -ENOBUFS;
439 err = dev_set_allmulti(dev, 1);
440 if (err) {
441 unregister_netdevice(dev);
442 dev_put(dev);
443 return err;
444 }
418 break; 445 break;
419#endif 446#endif
420 case VIFF_TUNNEL: 447 case VIFF_TUNNEL:
421 dev = ipmr_new_tunnel(vifc); 448 dev = ipmr_new_tunnel(vifc);
422 if (!dev) 449 if (!dev)
423 return -ENOBUFS; 450 return -ENOBUFS;
451 err = dev_set_allmulti(dev, 1);
452 if (err) {
453 ipmr_del_tunnel(dev, vifc);
454 dev_put(dev);
455 return err;
456 }
424 break; 457 break;
425 case 0: 458 case 0:
426 dev = ip_dev_find(&init_net, vifc->vifc_lcl_addr.s_addr); 459 dev = ip_dev_find(&init_net, vifc->vifc_lcl_addr.s_addr);
427 if (!dev) 460 if (!dev)
428 return -EADDRNOTAVAIL; 461 return -EADDRNOTAVAIL;
429 dev_put(dev); 462 err = dev_set_allmulti(dev, 1);
463 if (err) {
464 dev_put(dev);
465 return err;
466 }
430 break; 467 break;
431 default: 468 default:
432 return -EINVAL; 469 return -EINVAL;
@@ -435,7 +472,6 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
435 if ((in_dev = __in_dev_get_rtnl(dev)) == NULL) 472 if ((in_dev = __in_dev_get_rtnl(dev)) == NULL)
436 return -EADDRNOTAVAIL; 473 return -EADDRNOTAVAIL;
437 IPV4_DEVCONF(in_dev->cnf, MC_FORWARDING)++; 474 IPV4_DEVCONF(in_dev->cnf, MC_FORWARDING)++;
438 dev_set_allmulti(dev, +1);
439 ip_rt_multicast_event(in_dev); 475 ip_rt_multicast_event(in_dev);
440 476
441 /* 477 /*
@@ -458,7 +494,6 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
458 494
459 /* And finish update writing critical data */ 495 /* And finish update writing critical data */
460 write_lock_bh(&mrt_lock); 496 write_lock_bh(&mrt_lock);
461 dev_hold(dev);
462 v->dev=dev; 497 v->dev=dev;
463#ifdef CONFIG_IP_PIMSM 498#ifdef CONFIG_IP_PIMSM
464 if (v->flags&VIFF_REGISTER) 499 if (v->flags&VIFF_REGISTER)
@@ -805,7 +840,7 @@ static void mroute_clean_tables(struct sock *sk)
805 */ 840 */
806 for (i=0; i<maxvif; i++) { 841 for (i=0; i<maxvif; i++) {
807 if (!(vif_table[i].flags&VIFF_STATIC)) 842 if (!(vif_table[i].flags&VIFF_STATIC))
808 vif_delete(i); 843 vif_delete(i, 0);
809 } 844 }
810 845
811 /* 846 /*
@@ -918,7 +953,7 @@ int ip_mroute_setsockopt(struct sock *sk,int optname,char __user *optval,int opt
918 if (optname==MRT_ADD_VIF) { 953 if (optname==MRT_ADD_VIF) {
919 ret = vif_add(&vif, sk==mroute_socket); 954 ret = vif_add(&vif, sk==mroute_socket);
920 } else { 955 } else {
921 ret = vif_delete(vif.vifc_vifi); 956 ret = vif_delete(vif.vifc_vifi, 0);
922 } 957 }
923 rtnl_unlock(); 958 rtnl_unlock();
924 return ret; 959 return ret;
@@ -1089,7 +1124,7 @@ static int ipmr_device_event(struct notifier_block *this, unsigned long event, v
1089 struct vif_device *v; 1124 struct vif_device *v;
1090 int ct; 1125 int ct;
1091 1126
1092 if (dev_net(dev) != &init_net) 1127 if (!net_eq(dev_net(dev), &init_net))
1093 return NOTIFY_DONE; 1128 return NOTIFY_DONE;
1094 1129
1095 if (event != NETDEV_UNREGISTER) 1130 if (event != NETDEV_UNREGISTER)
@@ -1097,7 +1132,7 @@ static int ipmr_device_event(struct notifier_block *this, unsigned long event, v
1097 v=&vif_table[0]; 1132 v=&vif_table[0];
1098 for (ct=0;ct<maxvif;ct++,v++) { 1133 for (ct=0;ct<maxvif;ct++,v++) {
1099 if (v->dev==dev) 1134 if (v->dev==dev)
1100 vif_delete(ct); 1135 vif_delete(ct, 1);
1101 } 1136 }
1102 return NOTIFY_DONE; 1137 return NOTIFY_DONE;
1103} 1138}
@@ -1143,7 +1178,7 @@ static inline int ipmr_forward_finish(struct sk_buff *skb)
1143{ 1178{
1144 struct ip_options * opt = &(IPCB(skb)->opt); 1179 struct ip_options * opt = &(IPCB(skb)->opt);
1145 1180
1146 IP_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); 1181 IP_INC_STATS_BH(dev_net(skb->dst->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
1147 1182
1148 if (unlikely(opt->optlen)) 1183 if (unlikely(opt->optlen))
1149 ip_forward_options(skb); 1184 ip_forward_options(skb);
@@ -1170,8 +1205,8 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1170 if (vif->flags & VIFF_REGISTER) { 1205 if (vif->flags & VIFF_REGISTER) {
1171 vif->pkt_out++; 1206 vif->pkt_out++;
1172 vif->bytes_out+=skb->len; 1207 vif->bytes_out+=skb->len;
1173 ((struct net_device_stats*)netdev_priv(vif->dev))->tx_bytes += skb->len; 1208 vif->dev->stats.tx_bytes += skb->len;
1174 ((struct net_device_stats*)netdev_priv(vif->dev))->tx_packets++; 1209 vif->dev->stats.tx_packets++;
1175 ipmr_cache_report(skb, vifi, IGMPMSG_WHOLEPKT); 1210 ipmr_cache_report(skb, vifi, IGMPMSG_WHOLEPKT);
1176 kfree_skb(skb); 1211 kfree_skb(skb);
1177 return; 1212 return;
@@ -1206,7 +1241,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1206 to blackhole. 1241 to blackhole.
1207 */ 1242 */
1208 1243
1209 IP_INC_STATS_BH(IPSTATS_MIB_FRAGFAILS); 1244 IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
1210 ip_rt_put(rt); 1245 ip_rt_put(rt);
1211 goto out_free; 1246 goto out_free;
1212 } 1247 }
@@ -1230,8 +1265,8 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1230 if (vif->flags & VIFF_TUNNEL) { 1265 if (vif->flags & VIFF_TUNNEL) {
1231 ip_encap(skb, vif->local, vif->remote); 1266 ip_encap(skb, vif->local, vif->remote);
1232 /* FIXME: extra output firewall step used to be here. --RR */ 1267 /* FIXME: extra output firewall step used to be here. --RR */
1233 ((struct ip_tunnel *)netdev_priv(vif->dev))->stat.tx_packets++; 1268 vif->dev->stats.tx_packets++;
1234 ((struct ip_tunnel *)netdev_priv(vif->dev))->stat.tx_bytes+=skb->len; 1269 vif->dev->stats.tx_bytes += skb->len;
1235 } 1270 }
1236 1271
1237 IPCB(skb)->flags |= IPSKB_FORWARDED; 1272 IPCB(skb)->flags |= IPSKB_FORWARDED;
@@ -1487,8 +1522,8 @@ int pim_rcv_v1(struct sk_buff * skb)
1487 skb->pkt_type = PACKET_HOST; 1522 skb->pkt_type = PACKET_HOST;
1488 dst_release(skb->dst); 1523 dst_release(skb->dst);
1489 skb->dst = NULL; 1524 skb->dst = NULL;
1490 ((struct net_device_stats*)netdev_priv(reg_dev))->rx_bytes += skb->len; 1525 reg_dev->stats.rx_bytes += skb->len;
1491 ((struct net_device_stats*)netdev_priv(reg_dev))->rx_packets++; 1526 reg_dev->stats.rx_packets++;
1492 nf_reset(skb); 1527 nf_reset(skb);
1493 netif_rx(skb); 1528 netif_rx(skb);
1494 dev_put(reg_dev); 1529 dev_put(reg_dev);
@@ -1542,8 +1577,8 @@ static int pim_rcv(struct sk_buff * skb)
1542 skb->ip_summed = 0; 1577 skb->ip_summed = 0;
1543 skb->pkt_type = PACKET_HOST; 1578 skb->pkt_type = PACKET_HOST;
1544 dst_release(skb->dst); 1579 dst_release(skb->dst);
1545 ((struct net_device_stats*)netdev_priv(reg_dev))->rx_bytes += skb->len; 1580 reg_dev->stats.rx_bytes += skb->len;
1546 ((struct net_device_stats*)netdev_priv(reg_dev))->rx_packets++; 1581 reg_dev->stats.rx_packets++;
1547 skb->dst = NULL; 1582 skb->dst = NULL;
1548 nf_reset(skb); 1583 nf_reset(skb);
1549 netif_rx(skb); 1584 netif_rx(skb);
@@ -1887,16 +1922,36 @@ static struct net_protocol pim_protocol = {
1887 * Setup for IP multicast routing 1922 * Setup for IP multicast routing
1888 */ 1923 */
1889 1924
1890void __init ip_mr_init(void) 1925int __init ip_mr_init(void)
1891{ 1926{
1927 int err;
1928
1892 mrt_cachep = kmem_cache_create("ip_mrt_cache", 1929 mrt_cachep = kmem_cache_create("ip_mrt_cache",
1893 sizeof(struct mfc_cache), 1930 sizeof(struct mfc_cache),
1894 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, 1931 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC,
1895 NULL); 1932 NULL);
1933 if (!mrt_cachep)
1934 return -ENOMEM;
1935
1896 setup_timer(&ipmr_expire_timer, ipmr_expire_process, 0); 1936 setup_timer(&ipmr_expire_timer, ipmr_expire_process, 0);
1897 register_netdevice_notifier(&ip_mr_notifier); 1937 err = register_netdevice_notifier(&ip_mr_notifier);
1938 if (err)
1939 goto reg_notif_fail;
1898#ifdef CONFIG_PROC_FS 1940#ifdef CONFIG_PROC_FS
1899 proc_net_fops_create(&init_net, "ip_mr_vif", 0, &ipmr_vif_fops); 1941 err = -ENOMEM;
1900 proc_net_fops_create(&init_net, "ip_mr_cache", 0, &ipmr_mfc_fops); 1942 if (!proc_net_fops_create(&init_net, "ip_mr_vif", 0, &ipmr_vif_fops))
1943 goto proc_vif_fail;
1944 if (!proc_net_fops_create(&init_net, "ip_mr_cache", 0, &ipmr_mfc_fops))
1945 goto proc_cache_fail;
1901#endif 1946#endif
1947 return 0;
1948reg_notif_fail:
1949 kmem_cache_destroy(mrt_cachep);
1950#ifdef CONFIG_PROC_FS
1951proc_vif_fail:
1952 unregister_netdevice_notifier(&ip_mr_notifier);
1953proc_cache_fail:
1954 proc_net_remove(&init_net, "ip_mr_vif");
1955#endif
1956 return err;
1902} 1957}
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index 535abe0c45e7..201b8ea3020d 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_app.c: Application module support for IPVS 2 * ip_vs_app.c: Application module support for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_app.c,v 1.17 2003/03/22 06:31:21 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -610,7 +608,7 @@ int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri,
610} 608}
611 609
612 610
613int ip_vs_app_init(void) 611int __init ip_vs_app_init(void)
614{ 612{
615 /* we will replace it with proc_net_ipvs_create() soon */ 613 /* we will replace it with proc_net_ipvs_create() soon */
616 proc_net_fops_create(&init_net, "ip_vs_app", 0, &ip_vs_app_fops); 614 proc_net_fops_create(&init_net, "ip_vs_app", 0, &ip_vs_app_fops);
diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index 65f1ba112752..44a6872dc245 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -5,8 +5,6 @@
5 * high-performance and highly available server based on a 5 * high-performance and highly available server based on a
6 * cluster of servers. 6 * cluster of servers.
7 * 7 *
8 * Version: $Id: ip_vs_conn.c,v 1.31 2003/04/18 09:03:16 wensong Exp $
9 *
10 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
11 * Peter Kese <peter.kese@ijs.si> 9 * Peter Kese <peter.kese@ijs.si>
12 * Julian Anastasov <ja@ssi.bg> 10 * Julian Anastasov <ja@ssi.bg>
@@ -967,7 +965,7 @@ static void ip_vs_conn_flush(void)
967} 965}
968 966
969 967
970int ip_vs_conn_init(void) 968int __init ip_vs_conn_init(void)
971{ 969{
972 int idx; 970 int idx;
973 971
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 963981a9d501..a7879eafc3b5 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -5,8 +5,6 @@
5 * high-performance and highly available server based on a 5 * high-performance and highly available server based on a
6 * cluster of servers. 6 * cluster of servers.
7 * 7 *
8 * Version: $Id: ip_vs_core.c,v 1.34 2003/05/10 03:05:23 wensong Exp $
9 *
10 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
11 * Peter Kese <peter.kese@ijs.si> 9 * Peter Kese <peter.kese@ijs.si>
12 * Julian Anastasov <ja@ssi.bg> 10 * Julian Anastasov <ja@ssi.bg>
@@ -993,7 +991,8 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
993 == sysctl_ip_vs_sync_threshold[0])) || 991 == sysctl_ip_vs_sync_threshold[0])) ||
994 ((cp->protocol == IPPROTO_TCP) && (cp->old_state != cp->state) && 992 ((cp->protocol == IPPROTO_TCP) && (cp->old_state != cp->state) &&
995 ((cp->state == IP_VS_TCP_S_FIN_WAIT) || 993 ((cp->state == IP_VS_TCP_S_FIN_WAIT) ||
996 (cp->state == IP_VS_TCP_S_CLOSE))))) 994 (cp->state == IP_VS_TCP_S_CLOSE_WAIT) ||
995 (cp->state == IP_VS_TCP_S_TIME_WAIT)))))
997 ip_vs_sync_conn(cp); 996 ip_vs_sync_conn(cp);
998 cp->old_state = cp->state; 997 cp->old_state = cp->state;
999 998
diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c
index 94c5767c8e01..6379705a8dcb 100644
--- a/net/ipv4/ipvs/ip_vs_ctl.c
+++ b/net/ipv4/ipvs/ip_vs_ctl.c
@@ -5,8 +5,6 @@
5 * high-performance and highly available server based on a 5 * high-performance and highly available server based on a
6 * cluster of servers. 6 * cluster of servers.
7 * 7 *
8 * Version: $Id: ip_vs_ctl.c,v 1.36 2003/06/08 09:31:19 wensong Exp $
9 *
10 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
11 * Peter Kese <peter.kese@ijs.si> 9 * Peter Kese <peter.kese@ijs.si>
12 * Julian Anastasov <ja@ssi.bg> 10 * Julian Anastasov <ja@ssi.bg>
@@ -685,9 +683,22 @@ static void
685ip_vs_zero_stats(struct ip_vs_stats *stats) 683ip_vs_zero_stats(struct ip_vs_stats *stats)
686{ 684{
687 spin_lock_bh(&stats->lock); 685 spin_lock_bh(&stats->lock);
688 memset(stats, 0, (char *)&stats->lock - (char *)stats); 686
689 spin_unlock_bh(&stats->lock); 687 stats->conns = 0;
688 stats->inpkts = 0;
689 stats->outpkts = 0;
690 stats->inbytes = 0;
691 stats->outbytes = 0;
692
693 stats->cps = 0;
694 stats->inpps = 0;
695 stats->outpps = 0;
696 stats->inbps = 0;
697 stats->outbps = 0;
698
690 ip_vs_zero_estimator(stats); 699 ip_vs_zero_estimator(stats);
700
701 spin_unlock_bh(&stats->lock);
691} 702}
692 703
693/* 704/*
@@ -1591,7 +1602,7 @@ static struct ctl_table vs_vars[] = {
1591 { .ctl_name = 0 } 1602 { .ctl_name = 0 }
1592}; 1603};
1593 1604
1594struct ctl_path net_vs_ctl_path[] = { 1605const struct ctl_path net_vs_ctl_path[] = {
1595 { .procname = "net", .ctl_name = CTL_NET, }, 1606 { .procname = "net", .ctl_name = CTL_NET, },
1596 { .procname = "ipv4", .ctl_name = NET_IPV4, }, 1607 { .procname = "ipv4", .ctl_name = NET_IPV4, },
1597 { .procname = "vs", }, 1608 { .procname = "vs", },
@@ -1786,7 +1797,9 @@ static const struct file_operations ip_vs_info_fops = {
1786 1797
1787#endif 1798#endif
1788 1799
1789struct ip_vs_stats ip_vs_stats; 1800struct ip_vs_stats ip_vs_stats = {
1801 .lock = __SPIN_LOCK_UNLOCKED(ip_vs_stats.lock),
1802};
1790 1803
1791#ifdef CONFIG_PROC_FS 1804#ifdef CONFIG_PROC_FS
1792static int ip_vs_stats_show(struct seq_file *seq, void *v) 1805static int ip_vs_stats_show(struct seq_file *seq, void *v)
@@ -2308,7 +2321,7 @@ static struct nf_sockopt_ops ip_vs_sockopts = {
2308}; 2321};
2309 2322
2310 2323
2311int ip_vs_control_init(void) 2324int __init ip_vs_control_init(void)
2312{ 2325{
2313 int ret; 2326 int ret;
2314 int idx; 2327 int idx;
@@ -2335,8 +2348,6 @@ int ip_vs_control_init(void)
2335 INIT_LIST_HEAD(&ip_vs_rtable[idx]); 2348 INIT_LIST_HEAD(&ip_vs_rtable[idx]);
2336 } 2349 }
2337 2350
2338 memset(&ip_vs_stats, 0, sizeof(ip_vs_stats));
2339 spin_lock_init(&ip_vs_stats.lock);
2340 ip_vs_new_estimator(&ip_vs_stats); 2351 ip_vs_new_estimator(&ip_vs_stats);
2341 2352
2342 /* Hook the defense timer */ 2353 /* Hook the defense timer */
diff --git a/net/ipv4/ipvs/ip_vs_dh.c b/net/ipv4/ipvs/ip_vs_dh.c
index dcf5d46aaa5e..fa66824d264f 100644
--- a/net/ipv4/ipvs/ip_vs_dh.c
+++ b/net/ipv4/ipvs/ip_vs_dh.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Destination Hashing scheduling module 2 * IPVS: Destination Hashing scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_dh.c,v 1.5 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@gnuchina.org> 4 * Authors: Wensong Zhang <wensong@gnuchina.org>
7 * 5 *
8 * Inspired by the consistent hashing scheduler patch from 6 * Inspired by the consistent hashing scheduler patch from
@@ -235,6 +233,7 @@ static struct ip_vs_scheduler ip_vs_dh_scheduler =
235 .name = "dh", 233 .name = "dh",
236 .refcnt = ATOMIC_INIT(0), 234 .refcnt = ATOMIC_INIT(0),
237 .module = THIS_MODULE, 235 .module = THIS_MODULE,
236 .n_list = LIST_HEAD_INIT(ip_vs_dh_scheduler.n_list),
238 .init_service = ip_vs_dh_init_svc, 237 .init_service = ip_vs_dh_init_svc,
239 .done_service = ip_vs_dh_done_svc, 238 .done_service = ip_vs_dh_done_svc,
240 .update_service = ip_vs_dh_update_svc, 239 .update_service = ip_vs_dh_update_svc,
@@ -244,7 +243,6 @@ static struct ip_vs_scheduler ip_vs_dh_scheduler =
244 243
245static int __init ip_vs_dh_init(void) 244static int __init ip_vs_dh_init(void)
246{ 245{
247 INIT_LIST_HEAD(&ip_vs_dh_scheduler.n_list);
248 return register_ip_vs_scheduler(&ip_vs_dh_scheduler); 246 return register_ip_vs_scheduler(&ip_vs_dh_scheduler);
249} 247}
250 248
diff --git a/net/ipv4/ipvs/ip_vs_est.c b/net/ipv4/ipvs/ip_vs_est.c
index dfa0d713c801..5a20f93bd7f9 100644
--- a/net/ipv4/ipvs/ip_vs_est.c
+++ b/net/ipv4/ipvs/ip_vs_est.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_est.c: simple rate estimator for IPVS 2 * ip_vs_est.c: simple rate estimator for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_est.c,v 1.4 2002/11/30 01:50:35 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -19,6 +17,7 @@
19#include <linux/types.h> 17#include <linux/types.h>
20#include <linux/interrupt.h> 18#include <linux/interrupt.h>
21#include <linux/sysctl.h> 19#include <linux/sysctl.h>
20#include <linux/list.h>
22 21
23#include <net/ip_vs.h> 22#include <net/ip_vs.h>
24 23
@@ -46,28 +45,11 @@
46 */ 45 */
47 46
48 47
49struct ip_vs_estimator 48static void estimation_timer(unsigned long arg);
50{
51 struct ip_vs_estimator *next;
52 struct ip_vs_stats *stats;
53
54 u32 last_conns;
55 u32 last_inpkts;
56 u32 last_outpkts;
57 u64 last_inbytes;
58 u64 last_outbytes;
59
60 u32 cps;
61 u32 inpps;
62 u32 outpps;
63 u32 inbps;
64 u32 outbps;
65};
66
67 49
68static struct ip_vs_estimator *est_list = NULL; 50static LIST_HEAD(est_list);
69static DEFINE_RWLOCK(est_lock); 51static DEFINE_SPINLOCK(est_lock);
70static struct timer_list est_timer; 52static DEFINE_TIMER(est_timer, estimation_timer, 0, 0);
71 53
72static void estimation_timer(unsigned long arg) 54static void estimation_timer(unsigned long arg)
73{ 55{
@@ -78,9 +60,9 @@ static void estimation_timer(unsigned long arg)
78 u64 n_inbytes, n_outbytes; 60 u64 n_inbytes, n_outbytes;
79 u32 rate; 61 u32 rate;
80 62
81 read_lock(&est_lock); 63 spin_lock(&est_lock);
82 for (e = est_list; e; e = e->next) { 64 list_for_each_entry(e, &est_list, list) {
83 s = e->stats; 65 s = container_of(e, struct ip_vs_stats, est);
84 66
85 spin_lock(&s->lock); 67 spin_lock(&s->lock);
86 n_conns = s->conns; 68 n_conns = s->conns;
@@ -116,19 +98,16 @@ static void estimation_timer(unsigned long arg)
116 s->outbps = (e->outbps+0xF)>>5; 98 s->outbps = (e->outbps+0xF)>>5;
117 spin_unlock(&s->lock); 99 spin_unlock(&s->lock);
118 } 100 }
119 read_unlock(&est_lock); 101 spin_unlock(&est_lock);
120 mod_timer(&est_timer, jiffies + 2*HZ); 102 mod_timer(&est_timer, jiffies + 2*HZ);
121} 103}
122 104
123int ip_vs_new_estimator(struct ip_vs_stats *stats) 105void ip_vs_new_estimator(struct ip_vs_stats *stats)
124{ 106{
125 struct ip_vs_estimator *est; 107 struct ip_vs_estimator *est = &stats->est;
126 108
127 est = kzalloc(sizeof(*est), GFP_KERNEL); 109 INIT_LIST_HEAD(&est->list);
128 if (est == NULL)
129 return -ENOMEM;
130 110
131 est->stats = stats;
132 est->last_conns = stats->conns; 111 est->last_conns = stats->conns;
133 est->cps = stats->cps<<10; 112 est->cps = stats->cps<<10;
134 113
@@ -144,59 +123,40 @@ int ip_vs_new_estimator(struct ip_vs_stats *stats)
144 est->last_outbytes = stats->outbytes; 123 est->last_outbytes = stats->outbytes;
145 est->outbps = stats->outbps<<5; 124 est->outbps = stats->outbps<<5;
146 125
147 write_lock_bh(&est_lock); 126 spin_lock_bh(&est_lock);
148 est->next = est_list; 127 if (list_empty(&est_list))
149 if (est->next == NULL) { 128 mod_timer(&est_timer, jiffies + 2 * HZ);
150 setup_timer(&est_timer, estimation_timer, 0); 129 list_add(&est->list, &est_list);
151 est_timer.expires = jiffies + 2*HZ; 130 spin_unlock_bh(&est_lock);
152 add_timer(&est_timer);
153 }
154 est_list = est;
155 write_unlock_bh(&est_lock);
156 return 0;
157} 131}
158 132
159void ip_vs_kill_estimator(struct ip_vs_stats *stats) 133void ip_vs_kill_estimator(struct ip_vs_stats *stats)
160{ 134{
161 struct ip_vs_estimator *est, **pest; 135 struct ip_vs_estimator *est = &stats->est;
162 int killed = 0; 136
163 137 spin_lock_bh(&est_lock);
164 write_lock_bh(&est_lock); 138 list_del(&est->list);
165 pest = &est_list; 139 while (list_empty(&est_list) && try_to_del_timer_sync(&est_timer) < 0) {
166 while ((est=*pest) != NULL) { 140 spin_unlock_bh(&est_lock);
167 if (est->stats != stats) { 141 cpu_relax();
168 pest = &est->next; 142 spin_lock_bh(&est_lock);
169 continue;
170 }
171 *pest = est->next;
172 kfree(est);
173 killed++;
174 } 143 }
175 if (killed && est_list == NULL) 144 spin_unlock_bh(&est_lock);
176 del_timer_sync(&est_timer);
177 write_unlock_bh(&est_lock);
178} 145}
179 146
180void ip_vs_zero_estimator(struct ip_vs_stats *stats) 147void ip_vs_zero_estimator(struct ip_vs_stats *stats)
181{ 148{
182 struct ip_vs_estimator *e; 149 struct ip_vs_estimator *est = &stats->est;
183 150
184 write_lock_bh(&est_lock); 151 /* set counters zero, caller must hold the stats->lock lock */
185 for (e = est_list; e; e = e->next) { 152 est->last_inbytes = 0;
186 if (e->stats != stats) 153 est->last_outbytes = 0;
187 continue; 154 est->last_conns = 0;
188 155 est->last_inpkts = 0;
189 /* set counters zero */ 156 est->last_outpkts = 0;
190 e->last_conns = 0; 157 est->cps = 0;
191 e->last_inpkts = 0; 158 est->inpps = 0;
192 e->last_outpkts = 0; 159 est->outpps = 0;
193 e->last_inbytes = 0; 160 est->inbps = 0;
194 e->last_outbytes = 0; 161 est->outbps = 0;
195 e->cps = 0;
196 e->inpps = 0;
197 e->outpps = 0;
198 e->inbps = 0;
199 e->outbps = 0;
200 }
201 write_unlock_bh(&est_lock);
202} 162}
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index 59aa166b7678..c1c758e4f733 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_ftp.c: IPVS ftp application module 2 * ip_vs_ftp.c: IPVS ftp application module
3 * 3 *
4 * Version: $Id: ip_vs_ftp.c,v 1.13 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * Changes: 6 * Changes:
diff --git a/net/ipv4/ipvs/ip_vs_lblc.c b/net/ipv4/ipvs/ip_vs_lblc.c
index 3888642706ad..7a6a319f544a 100644
--- a/net/ipv4/ipvs/ip_vs_lblc.c
+++ b/net/ipv4/ipvs/ip_vs_lblc.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Locality-Based Least-Connection scheduling module 2 * IPVS: Locality-Based Least-Connection scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_lblc.c,v 1.10 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@gnuchina.org> 4 * Authors: Wensong Zhang <wensong@gnuchina.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -541,6 +539,7 @@ static struct ip_vs_scheduler ip_vs_lblc_scheduler =
541 .name = "lblc", 539 .name = "lblc",
542 .refcnt = ATOMIC_INIT(0), 540 .refcnt = ATOMIC_INIT(0),
543 .module = THIS_MODULE, 541 .module = THIS_MODULE,
542 .n_list = LIST_HEAD_INIT(ip_vs_lblc_scheduler.n_list),
544 .init_service = ip_vs_lblc_init_svc, 543 .init_service = ip_vs_lblc_init_svc,
545 .done_service = ip_vs_lblc_done_svc, 544 .done_service = ip_vs_lblc_done_svc,
546 .update_service = ip_vs_lblc_update_svc, 545 .update_service = ip_vs_lblc_update_svc,
@@ -552,7 +551,6 @@ static int __init ip_vs_lblc_init(void)
552{ 551{
553 int ret; 552 int ret;
554 553
555 INIT_LIST_HEAD(&ip_vs_lblc_scheduler.n_list);
556 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table); 554 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table);
557 ret = register_ip_vs_scheduler(&ip_vs_lblc_scheduler); 555 ret = register_ip_vs_scheduler(&ip_vs_lblc_scheduler);
558 if (ret) 556 if (ret)
diff --git a/net/ipv4/ipvs/ip_vs_lblcr.c b/net/ipv4/ipvs/ip_vs_lblcr.c
index daa260eb21cf..c234e73968a6 100644
--- a/net/ipv4/ipvs/ip_vs_lblcr.c
+++ b/net/ipv4/ipvs/ip_vs_lblcr.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Locality-Based Least-Connection with Replication scheduler 2 * IPVS: Locality-Based Least-Connection with Replication scheduler
3 * 3 *
4 * Version: $Id: ip_vs_lblcr.c,v 1.11 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@gnuchina.org> 4 * Authors: Wensong Zhang <wensong@gnuchina.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -730,6 +728,7 @@ static struct ip_vs_scheduler ip_vs_lblcr_scheduler =
730 .name = "lblcr", 728 .name = "lblcr",
731 .refcnt = ATOMIC_INIT(0), 729 .refcnt = ATOMIC_INIT(0),
732 .module = THIS_MODULE, 730 .module = THIS_MODULE,
731 .n_list = LIST_HEAD_INIT(ip_vs_lblcr_scheduler.n_list),
733 .init_service = ip_vs_lblcr_init_svc, 732 .init_service = ip_vs_lblcr_init_svc,
734 .done_service = ip_vs_lblcr_done_svc, 733 .done_service = ip_vs_lblcr_done_svc,
735 .update_service = ip_vs_lblcr_update_svc, 734 .update_service = ip_vs_lblcr_update_svc,
@@ -741,7 +740,6 @@ static int __init ip_vs_lblcr_init(void)
741{ 740{
742 int ret; 741 int ret;
743 742
744 INIT_LIST_HEAD(&ip_vs_lblcr_scheduler.n_list);
745 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table); 743 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars_table);
746 ret = register_ip_vs_scheduler(&ip_vs_lblcr_scheduler); 744 ret = register_ip_vs_scheduler(&ip_vs_lblcr_scheduler);
747 if (ret) 745 if (ret)
diff --git a/net/ipv4/ipvs/ip_vs_lc.c b/net/ipv4/ipvs/ip_vs_lc.c
index d88fef90a641..ebcdbf75ac65 100644
--- a/net/ipv4/ipvs/ip_vs_lc.c
+++ b/net/ipv4/ipvs/ip_vs_lc.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Least-Connection Scheduling module 2 * IPVS: Least-Connection Scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_lc.c,v 1.10 2003/04/18 09:03:16 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -100,6 +98,7 @@ static struct ip_vs_scheduler ip_vs_lc_scheduler = {
100 .name = "lc", 98 .name = "lc",
101 .refcnt = ATOMIC_INIT(0), 99 .refcnt = ATOMIC_INIT(0),
102 .module = THIS_MODULE, 100 .module = THIS_MODULE,
101 .n_list = LIST_HEAD_INIT(ip_vs_lc_scheduler.n_list),
103 .init_service = ip_vs_lc_init_svc, 102 .init_service = ip_vs_lc_init_svc,
104 .done_service = ip_vs_lc_done_svc, 103 .done_service = ip_vs_lc_done_svc,
105 .update_service = ip_vs_lc_update_svc, 104 .update_service = ip_vs_lc_update_svc,
@@ -109,7 +108,6 @@ static struct ip_vs_scheduler ip_vs_lc_scheduler = {
109 108
110static int __init ip_vs_lc_init(void) 109static int __init ip_vs_lc_init(void)
111{ 110{
112 INIT_LIST_HEAD(&ip_vs_lc_scheduler.n_list);
113 return register_ip_vs_scheduler(&ip_vs_lc_scheduler) ; 111 return register_ip_vs_scheduler(&ip_vs_lc_scheduler) ;
114} 112}
115 113
diff --git a/net/ipv4/ipvs/ip_vs_nq.c b/net/ipv4/ipvs/ip_vs_nq.c
index bc2a9e5f2a7b..92f3a6770031 100644
--- a/net/ipv4/ipvs/ip_vs_nq.c
+++ b/net/ipv4/ipvs/ip_vs_nq.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Never Queue scheduling module 2 * IPVS: Never Queue scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_nq.c,v 1.2 2003/06/08 09:31:19 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -138,6 +136,7 @@ static struct ip_vs_scheduler ip_vs_nq_scheduler =
138 .name = "nq", 136 .name = "nq",
139 .refcnt = ATOMIC_INIT(0), 137 .refcnt = ATOMIC_INIT(0),
140 .module = THIS_MODULE, 138 .module = THIS_MODULE,
139 .n_list = LIST_HEAD_INIT(ip_vs_nq_scheduler.n_list),
141 .init_service = ip_vs_nq_init_svc, 140 .init_service = ip_vs_nq_init_svc,
142 .done_service = ip_vs_nq_done_svc, 141 .done_service = ip_vs_nq_done_svc,
143 .update_service = ip_vs_nq_update_svc, 142 .update_service = ip_vs_nq_update_svc,
@@ -147,7 +146,6 @@ static struct ip_vs_scheduler ip_vs_nq_scheduler =
147 146
148static int __init ip_vs_nq_init(void) 147static int __init ip_vs_nq_init(void)
149{ 148{
150 INIT_LIST_HEAD(&ip_vs_nq_scheduler.n_list);
151 return register_ip_vs_scheduler(&ip_vs_nq_scheduler); 149 return register_ip_vs_scheduler(&ip_vs_nq_scheduler);
152} 150}
153 151
diff --git a/net/ipv4/ipvs/ip_vs_proto.c b/net/ipv4/ipvs/ip_vs_proto.c
index 4b1c16cbb16b..6099a88fc200 100644
--- a/net/ipv4/ipvs/ip_vs_proto.c
+++ b/net/ipv4/ipvs/ip_vs_proto.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_proto.c: transport protocol load balancing support for IPVS 2 * ip_vs_proto.c: transport protocol load balancing support for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_proto.c,v 1.2 2003/04/18 09:03:16 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Julian Anastasov <ja@ssi.bg> 5 * Julian Anastasov <ja@ssi.bg>
8 * 6 *
@@ -45,7 +43,7 @@ static struct ip_vs_protocol *ip_vs_proto_table[IP_VS_PROTO_TAB_SIZE];
45/* 43/*
46 * register an ipvs protocol 44 * register an ipvs protocol
47 */ 45 */
48static int __used register_ip_vs_protocol(struct ip_vs_protocol *pp) 46static int __used __init register_ip_vs_protocol(struct ip_vs_protocol *pp)
49{ 47{
50 unsigned hash = IP_VS_PROTO_HASH(pp->protocol); 48 unsigned hash = IP_VS_PROTO_HASH(pp->protocol);
51 49
@@ -192,7 +190,7 @@ ip_vs_tcpudp_debug_packet(struct ip_vs_protocol *pp,
192} 190}
193 191
194 192
195int ip_vs_protocol_init(void) 193int __init ip_vs_protocol_init(void)
196{ 194{
197 char protocols[64]; 195 char protocols[64];
198#define REGISTER_PROTOCOL(p) \ 196#define REGISTER_PROTOCOL(p) \
diff --git a/net/ipv4/ipvs/ip_vs_proto_ah.c b/net/ipv4/ipvs/ip_vs_proto_ah.c
index 4bf835e1d86d..73e0ea87c1f5 100644
--- a/net/ipv4/ipvs/ip_vs_proto_ah.c
+++ b/net/ipv4/ipvs/ip_vs_proto_ah.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_proto_ah.c: AH IPSec load balancing support for IPVS 2 * ip_vs_proto_ah.c: AH IPSec load balancing support for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_proto_ah.c,v 1.1 2003/07/04 15:04:37 wensong Exp $
5 *
6 * Authors: Julian Anastasov <ja@ssi.bg>, February 2002 4 * Authors: Julian Anastasov <ja@ssi.bg>, February 2002
7 * Wensong Zhang <wensong@linuxvirtualserver.org> 5 * Wensong Zhang <wensong@linuxvirtualserver.org>
8 * 6 *
diff --git a/net/ipv4/ipvs/ip_vs_proto_esp.c b/net/ipv4/ipvs/ip_vs_proto_esp.c
index db6a6b7b1a0b..21d70c8ffa54 100644
--- a/net/ipv4/ipvs/ip_vs_proto_esp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_esp.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_proto_esp.c: ESP IPSec load balancing support for IPVS 2 * ip_vs_proto_esp.c: ESP IPSec load balancing support for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_proto_esp.c,v 1.1 2003/07/04 15:04:37 wensong Exp $
5 *
6 * Authors: Julian Anastasov <ja@ssi.bg>, February 2002 4 * Authors: Julian Anastasov <ja@ssi.bg>, February 2002
7 * Wensong Zhang <wensong@linuxvirtualserver.org> 5 * Wensong Zhang <wensong@linuxvirtualserver.org>
8 * 6 *
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index b83dc14b0a4d..d0ea467986a0 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_proto_tcp.c: TCP load balancing support for IPVS 2 * ip_vs_proto_tcp.c: TCP load balancing support for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_proto_tcp.c,v 1.3 2002/11/30 01:50:35 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Julian Anastasov <ja@ssi.bg> 5 * Julian Anastasov <ja@ssi.bg>
8 * 6 *
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index 75771cb3cd6f..c6be5d56823f 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_proto_udp.c: UDP load balancing support for IPVS 2 * ip_vs_proto_udp.c: UDP load balancing support for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_proto_udp.c,v 1.3 2002/11/30 01:50:35 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Julian Anastasov <ja@ssi.bg> 5 * Julian Anastasov <ja@ssi.bg>
8 * 6 *
diff --git a/net/ipv4/ipvs/ip_vs_rr.c b/net/ipv4/ipvs/ip_vs_rr.c
index 433f8a947924..358110d17e59 100644
--- a/net/ipv4/ipvs/ip_vs_rr.c
+++ b/net/ipv4/ipvs/ip_vs_rr.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Round-Robin Scheduling module 2 * IPVS: Round-Robin Scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_rr.c,v 1.9 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Peter Kese <peter.kese@ijs.si> 5 * Peter Kese <peter.kese@ijs.si>
8 * 6 *
@@ -96,6 +94,7 @@ static struct ip_vs_scheduler ip_vs_rr_scheduler = {
96 .name = "rr", /* name */ 94 .name = "rr", /* name */
97 .refcnt = ATOMIC_INIT(0), 95 .refcnt = ATOMIC_INIT(0),
98 .module = THIS_MODULE, 96 .module = THIS_MODULE,
97 .n_list = LIST_HEAD_INIT(ip_vs_rr_scheduler.n_list),
99 .init_service = ip_vs_rr_init_svc, 98 .init_service = ip_vs_rr_init_svc,
100 .done_service = ip_vs_rr_done_svc, 99 .done_service = ip_vs_rr_done_svc,
101 .update_service = ip_vs_rr_update_svc, 100 .update_service = ip_vs_rr_update_svc,
@@ -104,7 +103,6 @@ static struct ip_vs_scheduler ip_vs_rr_scheduler = {
104 103
105static int __init ip_vs_rr_init(void) 104static int __init ip_vs_rr_init(void)
106{ 105{
107 INIT_LIST_HEAD(&ip_vs_rr_scheduler.n_list);
108 return register_ip_vs_scheduler(&ip_vs_rr_scheduler); 106 return register_ip_vs_scheduler(&ip_vs_rr_scheduler);
109} 107}
110 108
diff --git a/net/ipv4/ipvs/ip_vs_sched.c b/net/ipv4/ipvs/ip_vs_sched.c
index 121a32b1b756..a46ad9e35016 100644
--- a/net/ipv4/ipvs/ip_vs_sched.c
+++ b/net/ipv4/ipvs/ip_vs_sched.c
@@ -5,8 +5,6 @@
5 * high-performance and highly available server based on a 5 * high-performance and highly available server based on a
6 * cluster of servers. 6 * cluster of servers.
7 * 7 *
8 * Version: $Id: ip_vs_sched.c,v 1.13 2003/05/10 03:05:23 wensong Exp $
9 *
10 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
11 * Peter Kese <peter.kese@ijs.si> 9 * Peter Kese <peter.kese@ijs.si>
12 * 10 *
@@ -186,7 +184,7 @@ int register_ip_vs_scheduler(struct ip_vs_scheduler *scheduler)
186 184
187 write_lock_bh(&__ip_vs_sched_lock); 185 write_lock_bh(&__ip_vs_sched_lock);
188 186
189 if (scheduler->n_list.next != &scheduler->n_list) { 187 if (!list_empty(&scheduler->n_list)) {
190 write_unlock_bh(&__ip_vs_sched_lock); 188 write_unlock_bh(&__ip_vs_sched_lock);
191 ip_vs_use_count_dec(); 189 ip_vs_use_count_dec();
192 IP_VS_ERR("register_ip_vs_scheduler(): [%s] scheduler " 190 IP_VS_ERR("register_ip_vs_scheduler(): [%s] scheduler "
@@ -231,7 +229,7 @@ int unregister_ip_vs_scheduler(struct ip_vs_scheduler *scheduler)
231 } 229 }
232 230
233 write_lock_bh(&__ip_vs_sched_lock); 231 write_lock_bh(&__ip_vs_sched_lock);
234 if (scheduler->n_list.next == &scheduler->n_list) { 232 if (list_empty(&scheduler->n_list)) {
235 write_unlock_bh(&__ip_vs_sched_lock); 233 write_unlock_bh(&__ip_vs_sched_lock);
236 IP_VS_ERR("unregister_ip_vs_scheduler(): [%s] scheduler " 234 IP_VS_ERR("unregister_ip_vs_scheduler(): [%s] scheduler "
237 "is not in the list. failed\n", scheduler->name); 235 "is not in the list. failed\n", scheduler->name);
diff --git a/net/ipv4/ipvs/ip_vs_sed.c b/net/ipv4/ipvs/ip_vs_sed.c
index dd7c128f9db3..77663d84cbd1 100644
--- a/net/ipv4/ipvs/ip_vs_sed.c
+++ b/net/ipv4/ipvs/ip_vs_sed.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Shortest Expected Delay scheduling module 2 * IPVS: Shortest Expected Delay scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_sed.c,v 1.1 2003/05/10 03:06:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -140,6 +138,7 @@ static struct ip_vs_scheduler ip_vs_sed_scheduler =
140 .name = "sed", 138 .name = "sed",
141 .refcnt = ATOMIC_INIT(0), 139 .refcnt = ATOMIC_INIT(0),
142 .module = THIS_MODULE, 140 .module = THIS_MODULE,
141 .n_list = LIST_HEAD_INIT(ip_vs_sed_scheduler.n_list),
143 .init_service = ip_vs_sed_init_svc, 142 .init_service = ip_vs_sed_init_svc,
144 .done_service = ip_vs_sed_done_svc, 143 .done_service = ip_vs_sed_done_svc,
145 .update_service = ip_vs_sed_update_svc, 144 .update_service = ip_vs_sed_update_svc,
@@ -149,7 +148,6 @@ static struct ip_vs_scheduler ip_vs_sed_scheduler =
149 148
150static int __init ip_vs_sed_init(void) 149static int __init ip_vs_sed_init(void)
151{ 150{
152 INIT_LIST_HEAD(&ip_vs_sed_scheduler.n_list);
153 return register_ip_vs_scheduler(&ip_vs_sed_scheduler); 151 return register_ip_vs_scheduler(&ip_vs_sed_scheduler);
154} 152}
155 153
diff --git a/net/ipv4/ipvs/ip_vs_sh.c b/net/ipv4/ipvs/ip_vs_sh.c
index 1b25b00ef1e1..7b979e228056 100644
--- a/net/ipv4/ipvs/ip_vs_sh.c
+++ b/net/ipv4/ipvs/ip_vs_sh.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Source Hashing scheduling module 2 * IPVS: Source Hashing scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_sh.c,v 1.5 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@gnuchina.org> 4 * Authors: Wensong Zhang <wensong@gnuchina.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -232,6 +230,7 @@ static struct ip_vs_scheduler ip_vs_sh_scheduler =
232 .name = "sh", 230 .name = "sh",
233 .refcnt = ATOMIC_INIT(0), 231 .refcnt = ATOMIC_INIT(0),
234 .module = THIS_MODULE, 232 .module = THIS_MODULE,
233 .n_list = LIST_HEAD_INIT(ip_vs_sh_scheduler.n_list),
235 .init_service = ip_vs_sh_init_svc, 234 .init_service = ip_vs_sh_init_svc,
236 .done_service = ip_vs_sh_done_svc, 235 .done_service = ip_vs_sh_done_svc,
237 .update_service = ip_vs_sh_update_svc, 236 .update_service = ip_vs_sh_update_svc,
@@ -241,7 +240,6 @@ static struct ip_vs_scheduler ip_vs_sh_scheduler =
241 240
242static int __init ip_vs_sh_init(void) 241static int __init ip_vs_sh_init(void)
243{ 242{
244 INIT_LIST_HEAD(&ip_vs_sh_scheduler.n_list);
245 return register_ip_vs_scheduler(&ip_vs_sh_scheduler); 243 return register_ip_vs_scheduler(&ip_vs_sh_scheduler);
246} 244}
247 245
diff --git a/net/ipv4/ipvs/ip_vs_sync.c b/net/ipv4/ipvs/ip_vs_sync.c
index eff54efe0351..a652da2c3200 100644
--- a/net/ipv4/ipvs/ip_vs_sync.c
+++ b/net/ipv4/ipvs/ip_vs_sync.c
@@ -5,8 +5,6 @@
5 * high-performance and highly available server based on a 5 * high-performance and highly available server based on a
6 * cluster of servers. 6 * cluster of servers.
7 * 7 *
8 * Version: $Id: ip_vs_sync.c,v 1.13 2003/06/08 09:31:19 wensong Exp $
9 *
10 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
11 * 9 *
12 * ip_vs_sync: sync connection info from master load balancer to backups 10 * ip_vs_sync: sync connection info from master load balancer to backups
@@ -29,10 +27,12 @@
29#include <linux/in.h> 27#include <linux/in.h>
30#include <linux/igmp.h> /* for ip_mc_join_group */ 28#include <linux/igmp.h> /* for ip_mc_join_group */
31#include <linux/udp.h> 29#include <linux/udp.h>
30#include <linux/err.h>
31#include <linux/kthread.h>
32#include <linux/wait.h>
32 33
33#include <net/ip.h> 34#include <net/ip.h>
34#include <net/sock.h> 35#include <net/sock.h>
35#include <asm/uaccess.h> /* for get_fs and set_fs */
36 36
37#include <net/ip_vs.h> 37#include <net/ip_vs.h>
38 38
@@ -68,8 +68,8 @@ struct ip_vs_sync_conn_options {
68}; 68};
69 69
70struct ip_vs_sync_thread_data { 70struct ip_vs_sync_thread_data {
71 struct completion *startup; 71 struct socket *sock;
72 int state; 72 char *buf;
73}; 73};
74 74
75#define SIMPLE_CONN_SIZE (sizeof(struct ip_vs_sync_conn)) 75#define SIMPLE_CONN_SIZE (sizeof(struct ip_vs_sync_conn))
@@ -140,18 +140,19 @@ volatile int ip_vs_backup_syncid = 0;
140char ip_vs_master_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 140char ip_vs_master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
141char ip_vs_backup_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 141char ip_vs_backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
142 142
143/* sync daemon tasks */
144static struct task_struct *sync_master_thread;
145static struct task_struct *sync_backup_thread;
146
143/* multicast addr */ 147/* multicast addr */
144static struct sockaddr_in mcast_addr; 148static struct sockaddr_in mcast_addr = {
149 .sin_family = AF_INET,
150 .sin_port = __constant_htons(IP_VS_SYNC_PORT),
151 .sin_addr.s_addr = __constant_htonl(IP_VS_SYNC_GROUP),
152};
145 153
146 154
147static inline void sb_queue_tail(struct ip_vs_sync_buff *sb) 155static inline struct ip_vs_sync_buff *sb_dequeue(void)
148{
149 spin_lock(&ip_vs_sync_lock);
150 list_add_tail(&sb->list, &ip_vs_sync_queue);
151 spin_unlock(&ip_vs_sync_lock);
152}
153
154static inline struct ip_vs_sync_buff * sb_dequeue(void)
155{ 156{
156 struct ip_vs_sync_buff *sb; 157 struct ip_vs_sync_buff *sb;
157 158
@@ -195,6 +196,16 @@ static inline void ip_vs_sync_buff_release(struct ip_vs_sync_buff *sb)
195 kfree(sb); 196 kfree(sb);
196} 197}
197 198
199static inline void sb_queue_tail(struct ip_vs_sync_buff *sb)
200{
201 spin_lock(&ip_vs_sync_lock);
202 if (ip_vs_sync_state & IP_VS_STATE_MASTER)
203 list_add_tail(&sb->list, &ip_vs_sync_queue);
204 else
205 ip_vs_sync_buff_release(sb);
206 spin_unlock(&ip_vs_sync_lock);
207}
208
198/* 209/*
199 * Get the current sync buffer if it has been created for more 210 * Get the current sync buffer if it has been created for more
200 * than the specified time or the specified time is zero. 211 * than the specified time or the specified time is zero.
@@ -574,14 +585,17 @@ static int bind_mcastif_addr(struct socket *sock, char *ifname)
574static struct socket * make_send_sock(void) 585static struct socket * make_send_sock(void)
575{ 586{
576 struct socket *sock; 587 struct socket *sock;
588 int result;
577 589
578 /* First create a socket */ 590 /* First create a socket */
579 if (sock_create_kern(PF_INET, SOCK_DGRAM, IPPROTO_UDP, &sock) < 0) { 591 result = sock_create_kern(PF_INET, SOCK_DGRAM, IPPROTO_UDP, &sock);
592 if (result < 0) {
580 IP_VS_ERR("Error during creation of socket; terminating\n"); 593 IP_VS_ERR("Error during creation of socket; terminating\n");
581 return NULL; 594 return ERR_PTR(result);
582 } 595 }
583 596
584 if (set_mcast_if(sock->sk, ip_vs_master_mcast_ifn) < 0) { 597 result = set_mcast_if(sock->sk, ip_vs_master_mcast_ifn);
598 if (result < 0) {
585 IP_VS_ERR("Error setting outbound mcast interface\n"); 599 IP_VS_ERR("Error setting outbound mcast interface\n");
586 goto error; 600 goto error;
587 } 601 }
@@ -589,14 +603,15 @@ static struct socket * make_send_sock(void)
589 set_mcast_loop(sock->sk, 0); 603 set_mcast_loop(sock->sk, 0);
590 set_mcast_ttl(sock->sk, 1); 604 set_mcast_ttl(sock->sk, 1);
591 605
592 if (bind_mcastif_addr(sock, ip_vs_master_mcast_ifn) < 0) { 606 result = bind_mcastif_addr(sock, ip_vs_master_mcast_ifn);
607 if (result < 0) {
593 IP_VS_ERR("Error binding address of the mcast interface\n"); 608 IP_VS_ERR("Error binding address of the mcast interface\n");
594 goto error; 609 goto error;
595 } 610 }
596 611
597 if (sock->ops->connect(sock, 612 result = sock->ops->connect(sock, (struct sockaddr *) &mcast_addr,
598 (struct sockaddr*)&mcast_addr, 613 sizeof(struct sockaddr), 0);
599 sizeof(struct sockaddr), 0) < 0) { 614 if (result < 0) {
600 IP_VS_ERR("Error connecting to the multicast addr\n"); 615 IP_VS_ERR("Error connecting to the multicast addr\n");
601 goto error; 616 goto error;
602 } 617 }
@@ -605,7 +620,7 @@ static struct socket * make_send_sock(void)
605 620
606 error: 621 error:
607 sock_release(sock); 622 sock_release(sock);
608 return NULL; 623 return ERR_PTR(result);
609} 624}
610 625
611 626
@@ -615,27 +630,30 @@ static struct socket * make_send_sock(void)
615static struct socket * make_receive_sock(void) 630static struct socket * make_receive_sock(void)
616{ 631{
617 struct socket *sock; 632 struct socket *sock;
633 int result;
618 634
619 /* First create a socket */ 635 /* First create a socket */
620 if (sock_create_kern(PF_INET, SOCK_DGRAM, IPPROTO_UDP, &sock) < 0) { 636 result = sock_create_kern(PF_INET, SOCK_DGRAM, IPPROTO_UDP, &sock);
637 if (result < 0) {
621 IP_VS_ERR("Error during creation of socket; terminating\n"); 638 IP_VS_ERR("Error during creation of socket; terminating\n");
622 return NULL; 639 return ERR_PTR(result);
623 } 640 }
624 641
625 /* it is equivalent to the REUSEADDR option in user-space */ 642 /* it is equivalent to the REUSEADDR option in user-space */
626 sock->sk->sk_reuse = 1; 643 sock->sk->sk_reuse = 1;
627 644
628 if (sock->ops->bind(sock, 645 result = sock->ops->bind(sock, (struct sockaddr *) &mcast_addr,
629 (struct sockaddr*)&mcast_addr, 646 sizeof(struct sockaddr));
630 sizeof(struct sockaddr)) < 0) { 647 if (result < 0) {
631 IP_VS_ERR("Error binding to the multicast addr\n"); 648 IP_VS_ERR("Error binding to the multicast addr\n");
632 goto error; 649 goto error;
633 } 650 }
634 651
635 /* join the multicast group */ 652 /* join the multicast group */
636 if (join_mcast_group(sock->sk, 653 result = join_mcast_group(sock->sk,
637 (struct in_addr*)&mcast_addr.sin_addr, 654 (struct in_addr *) &mcast_addr.sin_addr,
638 ip_vs_backup_mcast_ifn) < 0) { 655 ip_vs_backup_mcast_ifn);
656 if (result < 0) {
639 IP_VS_ERR("Error joining to the multicast group\n"); 657 IP_VS_ERR("Error joining to the multicast group\n");
640 goto error; 658 goto error;
641 } 659 }
@@ -644,7 +662,7 @@ static struct socket * make_receive_sock(void)
644 662
645 error: 663 error:
646 sock_release(sock); 664 sock_release(sock);
647 return NULL; 665 return ERR_PTR(result);
648} 666}
649 667
650 668
@@ -702,44 +720,29 @@ ip_vs_receive(struct socket *sock, char *buffer, const size_t buflen)
702} 720}
703 721
704 722
705static DECLARE_WAIT_QUEUE_HEAD(sync_wait); 723static int sync_thread_master(void *data)
706static pid_t sync_master_pid = 0;
707static pid_t sync_backup_pid = 0;
708
709static DECLARE_WAIT_QUEUE_HEAD(stop_sync_wait);
710static int stop_master_sync = 0;
711static int stop_backup_sync = 0;
712
713static void sync_master_loop(void)
714{ 724{
715 struct socket *sock; 725 struct ip_vs_sync_thread_data *tinfo = data;
716 struct ip_vs_sync_buff *sb; 726 struct ip_vs_sync_buff *sb;
717 727
718 /* create the sending multicast socket */
719 sock = make_send_sock();
720 if (!sock)
721 return;
722
723 IP_VS_INFO("sync thread started: state = MASTER, mcast_ifn = %s, " 728 IP_VS_INFO("sync thread started: state = MASTER, mcast_ifn = %s, "
724 "syncid = %d\n", 729 "syncid = %d\n",
725 ip_vs_master_mcast_ifn, ip_vs_master_syncid); 730 ip_vs_master_mcast_ifn, ip_vs_master_syncid);
726 731
727 for (;;) { 732 while (!kthread_should_stop()) {
728 while ((sb=sb_dequeue())) { 733 while ((sb = sb_dequeue())) {
729 ip_vs_send_sync_msg(sock, sb->mesg); 734 ip_vs_send_sync_msg(tinfo->sock, sb->mesg);
730 ip_vs_sync_buff_release(sb); 735 ip_vs_sync_buff_release(sb);
731 } 736 }
732 737
733 /* check if entries stay in curr_sb for 2 seconds */ 738 /* check if entries stay in curr_sb for 2 seconds */
734 if ((sb = get_curr_sync_buff(2*HZ))) { 739 sb = get_curr_sync_buff(2 * HZ);
735 ip_vs_send_sync_msg(sock, sb->mesg); 740 if (sb) {
741 ip_vs_send_sync_msg(tinfo->sock, sb->mesg);
736 ip_vs_sync_buff_release(sb); 742 ip_vs_sync_buff_release(sb);
737 } 743 }
738 744
739 if (stop_master_sync) 745 schedule_timeout_interruptible(HZ);
740 break;
741
742 msleep_interruptible(1000);
743 } 746 }
744 747
745 /* clean up the sync_buff queue */ 748 /* clean up the sync_buff queue */
@@ -753,267 +756,175 @@ static void sync_master_loop(void)
753 } 756 }
754 757
755 /* release the sending multicast socket */ 758 /* release the sending multicast socket */
756 sock_release(sock); 759 sock_release(tinfo->sock);
760 kfree(tinfo);
761
762 return 0;
757} 763}
758 764
759 765
760static void sync_backup_loop(void) 766static int sync_thread_backup(void *data)
761{ 767{
762 struct socket *sock; 768 struct ip_vs_sync_thread_data *tinfo = data;
763 char *buf;
764 int len; 769 int len;
765 770
766 if (!(buf = kmalloc(sync_recv_mesg_maxlen, GFP_ATOMIC))) {
767 IP_VS_ERR("sync_backup_loop: kmalloc error\n");
768 return;
769 }
770
771 /* create the receiving multicast socket */
772 sock = make_receive_sock();
773 if (!sock)
774 goto out;
775
776 IP_VS_INFO("sync thread started: state = BACKUP, mcast_ifn = %s, " 771 IP_VS_INFO("sync thread started: state = BACKUP, mcast_ifn = %s, "
777 "syncid = %d\n", 772 "syncid = %d\n",
778 ip_vs_backup_mcast_ifn, ip_vs_backup_syncid); 773 ip_vs_backup_mcast_ifn, ip_vs_backup_syncid);
779 774
780 for (;;) { 775 while (!kthread_should_stop()) {
781 /* do you have data now? */ 776 wait_event_interruptible(*tinfo->sock->sk->sk_sleep,
782 while (!skb_queue_empty(&(sock->sk->sk_receive_queue))) { 777 !skb_queue_empty(&tinfo->sock->sk->sk_receive_queue)
783 if ((len = 778 || kthread_should_stop());
784 ip_vs_receive(sock, buf, 779
785 sync_recv_mesg_maxlen)) <= 0) { 780 /* do we have data now? */
781 while (!skb_queue_empty(&(tinfo->sock->sk->sk_receive_queue))) {
782 len = ip_vs_receive(tinfo->sock, tinfo->buf,
783 sync_recv_mesg_maxlen);
784 if (len <= 0) {
786 IP_VS_ERR("receiving message error\n"); 785 IP_VS_ERR("receiving message error\n");
787 break; 786 break;
788 } 787 }
789 /* disable bottom half, because it accessed the data 788
789 /* disable bottom half, because it accesses the data
790 shared by softirq while getting/creating conns */ 790 shared by softirq while getting/creating conns */
791 local_bh_disable(); 791 local_bh_disable();
792 ip_vs_process_message(buf, len); 792 ip_vs_process_message(tinfo->buf, len);
793 local_bh_enable(); 793 local_bh_enable();
794 } 794 }
795
796 if (stop_backup_sync)
797 break;
798
799 msleep_interruptible(1000);
800 } 795 }
801 796
802 /* release the sending multicast socket */ 797 /* release the sending multicast socket */
803 sock_release(sock); 798 sock_release(tinfo->sock);
799 kfree(tinfo->buf);
800 kfree(tinfo);
804 801
805 out: 802 return 0;
806 kfree(buf);
807} 803}
808 804
809 805
810static void set_sync_pid(int sync_state, pid_t sync_pid) 806int start_sync_thread(int state, char *mcast_ifn, __u8 syncid)
811{
812 if (sync_state == IP_VS_STATE_MASTER)
813 sync_master_pid = sync_pid;
814 else if (sync_state == IP_VS_STATE_BACKUP)
815 sync_backup_pid = sync_pid;
816}
817
818static void set_stop_sync(int sync_state, int set)
819{ 807{
820 if (sync_state == IP_VS_STATE_MASTER) 808 struct ip_vs_sync_thread_data *tinfo;
821 stop_master_sync = set; 809 struct task_struct **realtask, *task;
822 else if (sync_state == IP_VS_STATE_BACKUP) 810 struct socket *sock;
823 stop_backup_sync = set; 811 char *name, *buf = NULL;
824 else { 812 int (*threadfn)(void *data);
825 stop_master_sync = set; 813 int result = -ENOMEM;
826 stop_backup_sync = set;
827 }
828}
829 814
830static int sync_thread(void *startup) 815 IP_VS_DBG(7, "%s: pid %d\n", __func__, task_pid_nr(current));
831{ 816 IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
832 DECLARE_WAITQUEUE(wait, current); 817 sizeof(struct ip_vs_sync_conn));
833 mm_segment_t oldmm;
834 int state;
835 const char *name;
836 struct ip_vs_sync_thread_data *tinfo = startup;
837 818
838 /* increase the module use count */ 819 if (state == IP_VS_STATE_MASTER) {
839 ip_vs_use_count_inc(); 820 if (sync_master_thread)
821 return -EEXIST;
840 822
841 if (ip_vs_sync_state & IP_VS_STATE_MASTER && !sync_master_pid) { 823 strlcpy(ip_vs_master_mcast_ifn, mcast_ifn,
842 state = IP_VS_STATE_MASTER; 824 sizeof(ip_vs_master_mcast_ifn));
825 ip_vs_master_syncid = syncid;
826 realtask = &sync_master_thread;
843 name = "ipvs_syncmaster"; 827 name = "ipvs_syncmaster";
844 } else if (ip_vs_sync_state & IP_VS_STATE_BACKUP && !sync_backup_pid) { 828 threadfn = sync_thread_master;
845 state = IP_VS_STATE_BACKUP; 829 sock = make_send_sock();
830 } else if (state == IP_VS_STATE_BACKUP) {
831 if (sync_backup_thread)
832 return -EEXIST;
833
834 strlcpy(ip_vs_backup_mcast_ifn, mcast_ifn,
835 sizeof(ip_vs_backup_mcast_ifn));
836 ip_vs_backup_syncid = syncid;
837 realtask = &sync_backup_thread;
846 name = "ipvs_syncbackup"; 838 name = "ipvs_syncbackup";
839 threadfn = sync_thread_backup;
840 sock = make_receive_sock();
847 } else { 841 } else {
848 IP_VS_BUG();
849 ip_vs_use_count_dec();
850 return -EINVAL; 842 return -EINVAL;
851 } 843 }
852 844
853 daemonize(name); 845 if (IS_ERR(sock)) {
854 846 result = PTR_ERR(sock);
855 oldmm = get_fs(); 847 goto out;
856 set_fs(KERNEL_DS); 848 }
857
858 /* Block all signals */
859 spin_lock_irq(&current->sighand->siglock);
860 siginitsetinv(&current->blocked, 0);
861 recalc_sigpending();
862 spin_unlock_irq(&current->sighand->siglock);
863 849
864 /* set the maximum length of sync message */
865 set_sync_mesg_maxlen(state); 850 set_sync_mesg_maxlen(state);
851 if (state == IP_VS_STATE_BACKUP) {
852 buf = kmalloc(sync_recv_mesg_maxlen, GFP_KERNEL);
853 if (!buf)
854 goto outsocket;
855 }
866 856
867 /* set up multicast address */ 857 tinfo = kmalloc(sizeof(*tinfo), GFP_KERNEL);
868 mcast_addr.sin_family = AF_INET; 858 if (!tinfo)
869 mcast_addr.sin_port = htons(IP_VS_SYNC_PORT); 859 goto outbuf;
870 mcast_addr.sin_addr.s_addr = htonl(IP_VS_SYNC_GROUP);
871
872 add_wait_queue(&sync_wait, &wait);
873
874 set_sync_pid(state, task_pid_nr(current));
875 complete(tinfo->startup);
876
877 /*
878 * once we call the completion queue above, we should
879 * null out that reference, since its allocated on the
880 * stack of the creating kernel thread
881 */
882 tinfo->startup = NULL;
883
884 /* processing master/backup loop here */
885 if (state == IP_VS_STATE_MASTER)
886 sync_master_loop();
887 else if (state == IP_VS_STATE_BACKUP)
888 sync_backup_loop();
889 else IP_VS_BUG();
890
891 remove_wait_queue(&sync_wait, &wait);
892
893 /* thread exits */
894
895 /*
896 * If we weren't explicitly stopped, then we
897 * exited in error, and should undo our state
898 */
899 if ((!stop_master_sync) && (!stop_backup_sync))
900 ip_vs_sync_state -= tinfo->state;
901 860
902 set_sync_pid(state, 0); 861 tinfo->sock = sock;
903 IP_VS_INFO("sync thread stopped!\n"); 862 tinfo->buf = buf;
904 863
905 set_fs(oldmm); 864 task = kthread_run(threadfn, tinfo, name);
865 if (IS_ERR(task)) {
866 result = PTR_ERR(task);
867 goto outtinfo;
868 }
906 869
907 /* decrease the module use count */ 870 /* mark as active */
908 ip_vs_use_count_dec(); 871 *realtask = task;
872 ip_vs_sync_state |= state;
909 873
910 set_stop_sync(state, 0); 874 /* increase the module use count */
911 wake_up(&stop_sync_wait); 875 ip_vs_use_count_inc();
912 876
913 /*
914 * we need to free the structure that was allocated
915 * for us in start_sync_thread
916 */
917 kfree(tinfo);
918 return 0; 877 return 0;
919}
920
921
922static int fork_sync_thread(void *startup)
923{
924 pid_t pid;
925
926 /* fork the sync thread here, then the parent process of the
927 sync thread is the init process after this thread exits. */
928 repeat:
929 if ((pid = kernel_thread(sync_thread, startup, 0)) < 0) {
930 IP_VS_ERR("could not create sync_thread due to %d... "
931 "retrying.\n", pid);
932 msleep_interruptible(1000);
933 goto repeat;
934 }
935 878
936 return 0; 879outtinfo:
880 kfree(tinfo);
881outbuf:
882 kfree(buf);
883outsocket:
884 sock_release(sock);
885out:
886 return result;
937} 887}
938 888
939 889
940int start_sync_thread(int state, char *mcast_ifn, __u8 syncid) 890int stop_sync_thread(int state)
941{ 891{
942 DECLARE_COMPLETION_ONSTACK(startup);
943 pid_t pid;
944 struct ip_vs_sync_thread_data *tinfo;
945
946 if ((state == IP_VS_STATE_MASTER && sync_master_pid) ||
947 (state == IP_VS_STATE_BACKUP && sync_backup_pid))
948 return -EEXIST;
949
950 /*
951 * Note that tinfo will be freed in sync_thread on exit
952 */
953 tinfo = kmalloc(sizeof(struct ip_vs_sync_thread_data), GFP_KERNEL);
954 if (!tinfo)
955 return -ENOMEM;
956
957 IP_VS_DBG(7, "%s: pid %d\n", __func__, task_pid_nr(current)); 892 IP_VS_DBG(7, "%s: pid %d\n", __func__, task_pid_nr(current));
958 IP_VS_DBG(7, "Each ip_vs_sync_conn entry need %Zd bytes\n",
959 sizeof(struct ip_vs_sync_conn));
960 893
961 ip_vs_sync_state |= state;
962 if (state == IP_VS_STATE_MASTER) { 894 if (state == IP_VS_STATE_MASTER) {
963 strlcpy(ip_vs_master_mcast_ifn, mcast_ifn, 895 if (!sync_master_thread)
964 sizeof(ip_vs_master_mcast_ifn)); 896 return -ESRCH;
965 ip_vs_master_syncid = syncid;
966 } else {
967 strlcpy(ip_vs_backup_mcast_ifn, mcast_ifn,
968 sizeof(ip_vs_backup_mcast_ifn));
969 ip_vs_backup_syncid = syncid;
970 }
971
972 tinfo->state = state;
973 tinfo->startup = &startup;
974
975 repeat:
976 if ((pid = kernel_thread(fork_sync_thread, tinfo, 0)) < 0) {
977 IP_VS_ERR("could not create fork_sync_thread due to %d... "
978 "retrying.\n", pid);
979 msleep_interruptible(1000);
980 goto repeat;
981 }
982
983 wait_for_completion(&startup);
984
985 return 0;
986}
987 897
898 IP_VS_INFO("stopping master sync thread %d ...\n",
899 task_pid_nr(sync_master_thread));
988 900
989int stop_sync_thread(int state) 901 /*
990{ 902 * The lock synchronizes with sb_queue_tail(), so that we don't
991 DECLARE_WAITQUEUE(wait, current); 903 * add sync buffers to the queue, when we are already in
904 * progress of stopping the master sync daemon.
905 */
992 906
993 if ((state == IP_VS_STATE_MASTER && !sync_master_pid) || 907 spin_lock_bh(&ip_vs_sync_lock);
994 (state == IP_VS_STATE_BACKUP && !sync_backup_pid)) 908 ip_vs_sync_state &= ~IP_VS_STATE_MASTER;
995 return -ESRCH; 909 spin_unlock_bh(&ip_vs_sync_lock);
910 kthread_stop(sync_master_thread);
911 sync_master_thread = NULL;
912 } else if (state == IP_VS_STATE_BACKUP) {
913 if (!sync_backup_thread)
914 return -ESRCH;
915
916 IP_VS_INFO("stopping backup sync thread %d ...\n",
917 task_pid_nr(sync_backup_thread));
918
919 ip_vs_sync_state &= ~IP_VS_STATE_BACKUP;
920 kthread_stop(sync_backup_thread);
921 sync_backup_thread = NULL;
922 } else {
923 return -EINVAL;
924 }
996 925
997 IP_VS_DBG(7, "%s: pid %d\n", __func__, task_pid_nr(current)); 926 /* decrease the module use count */
998 IP_VS_INFO("stopping sync thread %d ...\n", 927 ip_vs_use_count_dec();
999 (state == IP_VS_STATE_MASTER) ?
1000 sync_master_pid : sync_backup_pid);
1001
1002 __set_current_state(TASK_UNINTERRUPTIBLE);
1003 add_wait_queue(&stop_sync_wait, &wait);
1004 set_stop_sync(state, 1);
1005 ip_vs_sync_state -= state;
1006 wake_up(&sync_wait);
1007 schedule();
1008 __set_current_state(TASK_RUNNING);
1009 remove_wait_queue(&stop_sync_wait, &wait);
1010
1011 /* Note: no need to reap the sync thread, because its parent
1012 process is the init process */
1013
1014 if ((state == IP_VS_STATE_MASTER && stop_master_sync) ||
1015 (state == IP_VS_STATE_BACKUP && stop_backup_sync))
1016 IP_VS_BUG();
1017 928
1018 return 0; 929 return 0;
1019} 930}
diff --git a/net/ipv4/ipvs/ip_vs_wlc.c b/net/ipv4/ipvs/ip_vs_wlc.c
index 8a9d913261d8..9b0ef86bb1f7 100644
--- a/net/ipv4/ipvs/ip_vs_wlc.c
+++ b/net/ipv4/ipvs/ip_vs_wlc.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Weighted Least-Connection Scheduling module 2 * IPVS: Weighted Least-Connection Scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_wlc.c,v 1.13 2003/04/18 09:03:16 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Peter Kese <peter.kese@ijs.si> 5 * Peter Kese <peter.kese@ijs.si>
8 * 6 *
@@ -128,6 +126,7 @@ static struct ip_vs_scheduler ip_vs_wlc_scheduler =
128 .name = "wlc", 126 .name = "wlc",
129 .refcnt = ATOMIC_INIT(0), 127 .refcnt = ATOMIC_INIT(0),
130 .module = THIS_MODULE, 128 .module = THIS_MODULE,
129 .n_list = LIST_HEAD_INIT(ip_vs_wlc_scheduler.n_list),
131 .init_service = ip_vs_wlc_init_svc, 130 .init_service = ip_vs_wlc_init_svc,
132 .done_service = ip_vs_wlc_done_svc, 131 .done_service = ip_vs_wlc_done_svc,
133 .update_service = ip_vs_wlc_update_svc, 132 .update_service = ip_vs_wlc_update_svc,
@@ -137,7 +136,6 @@ static struct ip_vs_scheduler ip_vs_wlc_scheduler =
137 136
138static int __init ip_vs_wlc_init(void) 137static int __init ip_vs_wlc_init(void)
139{ 138{
140 INIT_LIST_HEAD(&ip_vs_wlc_scheduler.n_list);
141 return register_ip_vs_scheduler(&ip_vs_wlc_scheduler); 139 return register_ip_vs_scheduler(&ip_vs_wlc_scheduler);
142} 140}
143 141
diff --git a/net/ipv4/ipvs/ip_vs_wrr.c b/net/ipv4/ipvs/ip_vs_wrr.c
index 85c680add6df..0d86a79b87b5 100644
--- a/net/ipv4/ipvs/ip_vs_wrr.c
+++ b/net/ipv4/ipvs/ip_vs_wrr.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * IPVS: Weighted Round-Robin Scheduling module 2 * IPVS: Weighted Round-Robin Scheduling module
3 * 3 *
4 * Version: $Id: ip_vs_wrr.c,v 1.12 2002/09/15 08:14:08 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -214,6 +212,7 @@ static struct ip_vs_scheduler ip_vs_wrr_scheduler = {
214 .name = "wrr", 212 .name = "wrr",
215 .refcnt = ATOMIC_INIT(0), 213 .refcnt = ATOMIC_INIT(0),
216 .module = THIS_MODULE, 214 .module = THIS_MODULE,
215 .n_list = LIST_HEAD_INIT(ip_vs_wrr_scheduler.n_list),
217 .init_service = ip_vs_wrr_init_svc, 216 .init_service = ip_vs_wrr_init_svc,
218 .done_service = ip_vs_wrr_done_svc, 217 .done_service = ip_vs_wrr_done_svc,
219 .update_service = ip_vs_wrr_update_svc, 218 .update_service = ip_vs_wrr_update_svc,
@@ -222,7 +221,6 @@ static struct ip_vs_scheduler ip_vs_wrr_scheduler = {
222 221
223static int __init ip_vs_wrr_init(void) 222static int __init ip_vs_wrr_init(void)
224{ 223{
225 INIT_LIST_HEAD(&ip_vs_wrr_scheduler.n_list);
226 return register_ip_vs_scheduler(&ip_vs_wrr_scheduler) ; 224 return register_ip_vs_scheduler(&ip_vs_wrr_scheduler) ;
227} 225}
228 226
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index f63006caea03..9892d4aca42e 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * ip_vs_xmit.c: various packet transmitters for IPVS 2 * ip_vs_xmit.c: various packet transmitters for IPVS
3 * 3 *
4 * Version: $Id: ip_vs_xmit.c,v 1.2 2002/11/30 01:50:35 wensong Exp $
5 *
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> 4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Julian Anastasov <ja@ssi.bg> 5 * Julian Anastasov <ja@ssi.bg>
8 * 6 *
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 2767841a8cef..90eb7cb47e77 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -213,8 +213,7 @@ config IP_NF_TARGET_NETMAP
213 help 213 help
214 NETMAP is an implementation of static 1:1 NAT mapping of network 214 NETMAP is an implementation of static 1:1 NAT mapping of network
215 addresses. It maps the network address part, while keeping the host 215 addresses. It maps the network address part, while keeping the host
216 address part intact. It is similar to Fast NAT, except that 216 address part intact.
217 Netfilter's connection tracking doesn't work well with Fast NAT.
218 217
219 To compile it as a module, choose M here. If unsure, say N. 218 To compile it as a module, choose M here. If unsure, say N.
220 219
@@ -365,6 +364,18 @@ config IP_NF_RAW
365 If you want to compile it as a module, say M here and read 364 If you want to compile it as a module, say M here and read
366 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. 365 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
367 366
367# security table for MAC policy
368config IP_NF_SECURITY
369 tristate "Security table"
370 depends on IP_NF_IPTABLES
371 depends on SECURITY
372 depends on NETFILTER_ADVANCED
373 help
374 This option adds a `security' table to iptables, for use
375 with Mandatory Access Control (MAC) policy.
376
377 If unsure, say N.
378
368# ARP tables 379# ARP tables
369config IP_NF_ARPTABLES 380config IP_NF_ARPTABLES
370 tristate "ARP tables support" 381 tristate "ARP tables support"
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index d9b92fbf5579..3f31291f37ce 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -42,6 +42,7 @@ obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
42obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o 42obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
43obj-$(CONFIG_NF_NAT) += iptable_nat.o 43obj-$(CONFIG_NF_NAT) += iptable_nat.o
44obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o 44obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
45obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
45 46
46# matches 47# matches
47obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o 48obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 3be4d07e7ed9..082f5dd3156c 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -55,32 +55,53 @@ static struct xt_table packet_filter = {
55}; 55};
56 56
57/* The work comes in here from netfilter.c */ 57/* The work comes in here from netfilter.c */
58static unsigned int arpt_hook(unsigned int hook, 58static unsigned int arpt_in_hook(unsigned int hook,
59 struct sk_buff *skb, 59 struct sk_buff *skb,
60 const struct net_device *in, 60 const struct net_device *in,
61 const struct net_device *out, 61 const struct net_device *out,
62 int (*okfn)(struct sk_buff *)) 62 int (*okfn)(struct sk_buff *))
63{ 63{
64 return arpt_do_table(skb, hook, in, out, init_net.ipv4.arptable_filter); 64 return arpt_do_table(skb, hook, in, out,
65 dev_net(in)->ipv4.arptable_filter);
66}
67
68static unsigned int arpt_out_hook(unsigned int hook,
69 struct sk_buff *skb,
70 const struct net_device *in,
71 const struct net_device *out,
72 int (*okfn)(struct sk_buff *))
73{
74 return arpt_do_table(skb, hook, in, out,
75 dev_net(out)->ipv4.arptable_filter);
76}
77
78static unsigned int arpt_forward_hook(unsigned int hook,
79 struct sk_buff *skb,
80 const struct net_device *in,
81 const struct net_device *out,
82 int (*okfn)(struct sk_buff *))
83{
84 return arpt_do_table(skb, hook, in, out,
85 dev_net(in)->ipv4.arptable_filter);
65} 86}
66 87
67static struct nf_hook_ops arpt_ops[] __read_mostly = { 88static struct nf_hook_ops arpt_ops[] __read_mostly = {
68 { 89 {
69 .hook = arpt_hook, 90 .hook = arpt_in_hook,
70 .owner = THIS_MODULE, 91 .owner = THIS_MODULE,
71 .pf = NF_ARP, 92 .pf = NF_ARP,
72 .hooknum = NF_ARP_IN, 93 .hooknum = NF_ARP_IN,
73 .priority = NF_IP_PRI_FILTER, 94 .priority = NF_IP_PRI_FILTER,
74 }, 95 },
75 { 96 {
76 .hook = arpt_hook, 97 .hook = arpt_out_hook,
77 .owner = THIS_MODULE, 98 .owner = THIS_MODULE,
78 .pf = NF_ARP, 99 .pf = NF_ARP,
79 .hooknum = NF_ARP_OUT, 100 .hooknum = NF_ARP_OUT,
80 .priority = NF_IP_PRI_FILTER, 101 .priority = NF_IP_PRI_FILTER,
81 }, 102 },
82 { 103 {
83 .hook = arpt_hook, 104 .hook = arpt_forward_hook,
84 .owner = THIS_MODULE, 105 .owner = THIS_MODULE,
85 .pf = NF_ARP, 106 .pf = NF_ARP,
86 .hooknum = NF_ARP_FORWARD, 107 .hooknum = NF_ARP_FORWARD,
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 26a37cedcf2e..432ce9d1c11c 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -156,7 +156,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
156 case IPQ_COPY_META: 156 case IPQ_COPY_META:
157 case IPQ_COPY_NONE: 157 case IPQ_COPY_NONE:
158 size = NLMSG_SPACE(sizeof(*pmsg)); 158 size = NLMSG_SPACE(sizeof(*pmsg));
159 data_len = 0;
160 break; 159 break;
161 160
162 case IPQ_COPY_PACKET: 161 case IPQ_COPY_PACKET:
@@ -224,8 +223,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
224 return skb; 223 return skb;
225 224
226nlmsg_failure: 225nlmsg_failure:
227 if (skb)
228 kfree_skb(skb);
229 *errp = -EINVAL; 226 *errp = -EINVAL;
230 printk(KERN_ERR "ip_queue: error creating packet message\n"); 227 printk(KERN_ERR "ip_queue: error creating packet message\n");
231 return NULL; 228 return NULL;
@@ -480,7 +477,7 @@ ipq_rcv_dev_event(struct notifier_block *this,
480{ 477{
481 struct net_device *dev = ptr; 478 struct net_device *dev = ptr;
482 479
483 if (dev_net(dev) != &init_net) 480 if (!net_eq(dev_net(dev), &init_net))
484 return NOTIFY_DONE; 481 return NOTIFY_DONE;
485 482
486 /* Drop any packets associated with the downed device */ 483 /* Drop any packets associated with the downed device */
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 1819ad7ab910..fafe8ebb4c55 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -475,11 +475,10 @@ static void arp_print(struct arp_payload *payload)
475#define HBUFFERLEN 30 475#define HBUFFERLEN 30
476 char hbuffer[HBUFFERLEN]; 476 char hbuffer[HBUFFERLEN];
477 int j,k; 477 int j,k;
478 const char hexbuf[]= "0123456789abcdef";
479 478
480 for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) { 479 for (k=0, j=0; k < HBUFFERLEN-3 && j < ETH_ALEN; j++) {
481 hbuffer[k++]=hexbuf[(payload->src_hw[j]>>4)&15]; 480 hbuffer[k++] = hex_asc_hi(payload->src_hw[j]);
482 hbuffer[k++]=hexbuf[payload->src_hw[j]&15]; 481 hbuffer[k++] = hex_asc_lo(payload->src_hw[j]);
483 hbuffer[k++]=':'; 482 hbuffer[k++]=':';
484 } 483 }
485 hbuffer[--k]='\0'; 484 hbuffer[--k]='\0';
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 84c26dd27d81..0841aefaa503 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -120,7 +120,7 @@ static int masq_device_event(struct notifier_block *this,
120{ 120{
121 const struct net_device *dev = ptr; 121 const struct net_device *dev = ptr;
122 122
123 if (dev_net(dev) != &init_net) 123 if (!net_eq(dev_net(dev), &init_net))
124 return NOTIFY_DONE; 124 return NOTIFY_DONE;
125 125
126 if (event == NETDEV_DOWN) { 126 if (event == NETDEV_DOWN) {
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 49587a497229..462a22c97877 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -70,7 +70,7 @@ addrtype_mt_v1(const struct sk_buff *skb, const struct net_device *in,
70 (info->flags & IPT_ADDRTYPE_INVERT_SOURCE); 70 (info->flags & IPT_ADDRTYPE_INVERT_SOURCE);
71 if (ret && info->dest) 71 if (ret && info->dest)
72 ret &= match_type(dev, iph->daddr, info->dest) ^ 72 ret &= match_type(dev, iph->daddr, info->dest) ^
73 (info->flags & IPT_ADDRTYPE_INVERT_DEST); 73 !!(info->flags & IPT_ADDRTYPE_INVERT_DEST);
74 return ret; 74 return ret;
75} 75}
76 76
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 21cb053f5d7d..3974d7cae5c0 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -305,10 +305,10 @@ static void recent_mt_destroy(const struct xt_match *match, void *matchinfo)
305 spin_lock_bh(&recent_lock); 305 spin_lock_bh(&recent_lock);
306 list_del(&t->list); 306 list_del(&t->list);
307 spin_unlock_bh(&recent_lock); 307 spin_unlock_bh(&recent_lock);
308 recent_table_flush(t);
309#ifdef CONFIG_PROC_FS 308#ifdef CONFIG_PROC_FS
310 remove_proc_entry(t->name, proc_dir); 309 remove_proc_entry(t->name, proc_dir);
311#endif 310#endif
311 recent_table_flush(t);
312 kfree(t); 312 kfree(t);
313 } 313 }
314 mutex_unlock(&recent_mutex); 314 mutex_unlock(&recent_mutex);
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
new file mode 100644
index 000000000000..db6d312128e1
--- /dev/null
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -0,0 +1,180 @@
1/*
2 * "security" table
3 *
4 * This is for use by Mandatory Access Control (MAC) security models,
5 * which need to be able to manage security policy in separate context
6 * to DAC.
7 *
8 * Based on iptable_mangle.c
9 *
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 * Copyright (C) 2000-2004 Netfilter Core Team <coreteam <at> netfilter.org>
12 * Copyright (C) 2008 Red Hat, Inc., James Morris <jmorris <at> redhat.com>
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2 as
16 * published by the Free Software Foundation.
17 */
18#include <linux/module.h>
19#include <linux/netfilter_ipv4/ip_tables.h>
20#include <net/ip.h>
21
22MODULE_LICENSE("GPL");
23MODULE_AUTHOR("James Morris <jmorris <at> redhat.com>");
24MODULE_DESCRIPTION("iptables security table, for MAC rules");
25
26#define SECURITY_VALID_HOOKS (1 << NF_INET_LOCAL_IN) | \
27 (1 << NF_INET_FORWARD) | \
28 (1 << NF_INET_LOCAL_OUT)
29
30static struct
31{
32 struct ipt_replace repl;
33 struct ipt_standard entries[3];
34 struct ipt_error term;
35} initial_table __net_initdata = {
36 .repl = {
37 .name = "security",
38 .valid_hooks = SECURITY_VALID_HOOKS,
39 .num_entries = 4,
40 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
41 .hook_entry = {
42 [NF_INET_LOCAL_IN] = 0,
43 [NF_INET_FORWARD] = sizeof(struct ipt_standard),
44 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
45 },
46 .underflow = {
47 [NF_INET_LOCAL_IN] = 0,
48 [NF_INET_FORWARD] = sizeof(struct ipt_standard),
49 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
50 },
51 },
52 .entries = {
53 IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
54 IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
55 IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
56 },
57 .term = IPT_ERROR_INIT, /* ERROR */
58};
59
60static struct xt_table security_table = {
61 .name = "security",
62 .valid_hooks = SECURITY_VALID_HOOKS,
63 .lock = __RW_LOCK_UNLOCKED(security_table.lock),
64 .me = THIS_MODULE,
65 .af = AF_INET,
66};
67
68static unsigned int
69ipt_local_in_hook(unsigned int hook,
70 struct sk_buff *skb,
71 const struct net_device *in,
72 const struct net_device *out,
73 int (*okfn)(struct sk_buff *))
74{
75 return ipt_do_table(skb, hook, in, out,
76 nf_local_in_net(in, out)->ipv4.iptable_security);
77}
78
79static unsigned int
80ipt_forward_hook(unsigned int hook,
81 struct sk_buff *skb,
82 const struct net_device *in,
83 const struct net_device *out,
84 int (*okfn)(struct sk_buff *))
85{
86 return ipt_do_table(skb, hook, in, out,
87 nf_forward_net(in, out)->ipv4.iptable_security);
88}
89
90static unsigned int
91ipt_local_out_hook(unsigned int hook,
92 struct sk_buff *skb,
93 const struct net_device *in,
94 const struct net_device *out,
95 int (*okfn)(struct sk_buff *))
96{
97 /* Somebody is playing with raw sockets. */
98 if (skb->len < sizeof(struct iphdr)
99 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
100 if (net_ratelimit())
101 printk(KERN_INFO "iptable_security: ignoring short "
102 "SOCK_RAW packet.\n");
103 return NF_ACCEPT;
104 }
105 return ipt_do_table(skb, hook, in, out,
106 nf_local_out_net(in, out)->ipv4.iptable_security);
107}
108
109static struct nf_hook_ops ipt_ops[] __read_mostly = {
110 {
111 .hook = ipt_local_in_hook,
112 .owner = THIS_MODULE,
113 .pf = PF_INET,
114 .hooknum = NF_INET_LOCAL_IN,
115 .priority = NF_IP_PRI_SECURITY,
116 },
117 {
118 .hook = ipt_forward_hook,
119 .owner = THIS_MODULE,
120 .pf = PF_INET,
121 .hooknum = NF_INET_FORWARD,
122 .priority = NF_IP_PRI_SECURITY,
123 },
124 {
125 .hook = ipt_local_out_hook,
126 .owner = THIS_MODULE,
127 .pf = PF_INET,
128 .hooknum = NF_INET_LOCAL_OUT,
129 .priority = NF_IP_PRI_SECURITY,
130 },
131};
132
133static int __net_init iptable_security_net_init(struct net *net)
134{
135 net->ipv4.iptable_security =
136 ipt_register_table(net, &security_table, &initial_table.repl);
137
138 if (IS_ERR(net->ipv4.iptable_security))
139 return PTR_ERR(net->ipv4.iptable_security);
140
141 return 0;
142}
143
144static void __net_exit iptable_security_net_exit(struct net *net)
145{
146 ipt_unregister_table(net->ipv4.iptable_security);
147}
148
149static struct pernet_operations iptable_security_net_ops = {
150 .init = iptable_security_net_init,
151 .exit = iptable_security_net_exit,
152};
153
154static int __init iptable_security_init(void)
155{
156 int ret;
157
158 ret = register_pernet_subsys(&iptable_security_net_ops);
159 if (ret < 0)
160 return ret;
161
162 ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
163 if (ret < 0)
164 goto cleanup_table;
165
166 return ret;
167
168cleanup_table:
169 unregister_pernet_subsys(&iptable_security_net_ops);
170 return ret;
171}
172
173static void __exit iptable_security_fini(void)
174{
175 nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
176 unregister_pernet_subsys(&iptable_security_net_ops);
177}
178
179module_init(iptable_security_init);
180module_exit(iptable_security_fini);
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 40a46d482490..3a020720e40b 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -18,19 +18,7 @@
18#include <net/netfilter/nf_conntrack_l3proto.h> 18#include <net/netfilter/nf_conntrack_l3proto.h>
19#include <net/netfilter/nf_conntrack_l4proto.h> 19#include <net/netfilter/nf_conntrack_l4proto.h>
20#include <net/netfilter/nf_conntrack_expect.h> 20#include <net/netfilter/nf_conntrack_expect.h>
21 21#include <net/netfilter/nf_conntrack_acct.h>
22#ifdef CONFIG_NF_CT_ACCT
23static unsigned int
24seq_print_counters(struct seq_file *s,
25 const struct ip_conntrack_counter *counter)
26{
27 return seq_printf(s, "packets=%llu bytes=%llu ",
28 (unsigned long long)counter->packets,
29 (unsigned long long)counter->bytes);
30}
31#else
32#define seq_print_counters(x, y) 0
33#endif
34 22
35struct ct_iter_state { 23struct ct_iter_state {
36 unsigned int bucket; 24 unsigned int bucket;
@@ -127,7 +115,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
127 l3proto, l4proto)) 115 l3proto, l4proto))
128 return -ENOSPC; 116 return -ENOSPC;
129 117
130 if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL])) 118 if (seq_print_acct(s, ct, IP_CT_DIR_ORIGINAL))
131 return -ENOSPC; 119 return -ENOSPC;
132 120
133 if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status))) 121 if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status)))
@@ -138,7 +126,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
138 l3proto, l4proto)) 126 l3proto, l4proto))
139 return -ENOSPC; 127 return -ENOSPC;
140 128
141 if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY])) 129 if (seq_print_acct(s, ct, IP_CT_DIR_REPLY))
142 return -ENOSPC; 130 return -ENOSPC;
143 131
144 if (test_bit(IPS_ASSURED_BIT, &ct->status)) 132 if (test_bit(IPS_ASSURED_BIT, &ct->status))
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 78ab19accace..97791048fa9b 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -87,9 +87,8 @@ static int icmp_packet(struct nf_conn *ct,
87 means this will only run once even if count hits zero twice 87 means this will only run once even if count hits zero twice
88 (theoretically possible with SMP) */ 88 (theoretically possible with SMP) */
89 if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { 89 if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
90 if (atomic_dec_and_test(&ct->proto.icmp.count) 90 if (atomic_dec_and_test(&ct->proto.icmp.count))
91 && del_timer(&ct->timeout)) 91 nf_ct_kill_acct(ct, ctinfo, skb);
92 ct->timeout.function((unsigned long)ct);
93 } else { 92 } else {
94 atomic_inc(&ct->proto.icmp.count); 93 atomic_inc(&ct->proto.icmp.count);
95 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); 94 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 04578593e100..6c6a3cba8d50 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -240,12 +240,12 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
240 This is only required for source (ie. NAT/masq) mappings. 240 This is only required for source (ie. NAT/masq) mappings.
241 So far, we don't do local source mappings, so multiple 241 So far, we don't do local source mappings, so multiple
242 manips not an issue. */ 242 manips not an issue. */
243 if (maniptype == IP_NAT_MANIP_SRC) { 243 if (maniptype == IP_NAT_MANIP_SRC &&
244 !(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
244 if (find_appropriate_src(orig_tuple, tuple, range)) { 245 if (find_appropriate_src(orig_tuple, tuple, range)) {
245 pr_debug("get_unique_tuple: Found current src map\n"); 246 pr_debug("get_unique_tuple: Found current src map\n");
246 if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) 247 if (!nf_nat_used_tuple(tuple, ct))
247 if (!nf_nat_used_tuple(tuple, ct)) 248 return;
248 return;
249 } 249 }
250 } 250 }
251 251
@@ -556,7 +556,6 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
556 556
557 spin_lock_bh(&nf_nat_lock); 557 spin_lock_bh(&nf_nat_lock);
558 hlist_del_rcu(&nat->bysource); 558 hlist_del_rcu(&nat->bysource);
559 nat->ct = NULL;
560 spin_unlock_bh(&nf_nat_lock); 559 spin_unlock_bh(&nf_nat_lock);
561} 560}
562 561
@@ -570,8 +569,8 @@ static void nf_nat_move_storage(void *new, void *old)
570 return; 569 return;
571 570
572 spin_lock_bh(&nf_nat_lock); 571 spin_lock_bh(&nf_nat_lock);
573 hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
574 new_nat->ct = ct; 572 new_nat->ct = ct;
573 hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
575 spin_unlock_bh(&nf_nat_lock); 574 spin_unlock_bh(&nf_nat_lock);
576} 575}
577 576
diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c
index 91537f11273f..6c4f11f51446 100644
--- a/net/ipv4/netfilter/nf_nat_proto_common.c
+++ b/net/ipv4/netfilter/nf_nat_proto_common.c
@@ -73,9 +73,13 @@ bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
73 range_size = ntohs(range->max.all) - min + 1; 73 range_size = ntohs(range->max.all) - min + 1;
74 } 74 }
75 75
76 off = *rover;
77 if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) 76 if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
78 off = net_random(); 77 off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip,
78 maniptype == IP_NAT_MANIP_SRC
79 ? tuple->dst.u.all
80 : tuple->src.u.all);
81 else
82 off = *rover;
79 83
80 for (i = 0; i < range_size; i++, off++) { 84 for (i = 0; i < range_size; i++, off++) {
81 *portptr = htons(min + off % range_size); 85 *portptr = htons(min + off % range_size);
diff --git a/net/ipv4/netfilter/nf_nat_proto_sctp.c b/net/ipv4/netfilter/nf_nat_proto_sctp.c
index 82e4c0e286b8..65e470bc6123 100644
--- a/net/ipv4/netfilter/nf_nat_proto_sctp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_sctp.c
@@ -36,7 +36,7 @@ sctp_manip_pkt(struct sk_buff *skb,
36 sctp_sctphdr_t *hdr; 36 sctp_sctphdr_t *hdr;
37 unsigned int hdroff = iphdroff + iph->ihl*4; 37 unsigned int hdroff = iphdroff + iph->ihl*4;
38 __be32 oldip, newip; 38 __be32 oldip, newip;
39 u32 crc32; 39 __be32 crc32;
40 40
41 if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 41 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
42 return false; 42 return false;
@@ -61,7 +61,7 @@ sctp_manip_pkt(struct sk_buff *skb,
61 crc32 = sctp_update_cksum((u8 *)skb->data, skb_headlen(skb), 61 crc32 = sctp_update_cksum((u8 *)skb->data, skb_headlen(skb),
62 crc32); 62 crc32);
63 crc32 = sctp_end_cksum(crc32); 63 crc32 = sctp_end_cksum(crc32);
64 hdr->checksum = htonl(crc32); 64 hdr->checksum = crc32;
65 65
66 return true; 66 return true;
67} 67}
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 4334d5cabc5b..14544320c545 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -318,11 +318,11 @@ static int mangle_content_len(struct sk_buff *skb,
318 buffer, buflen); 318 buffer, buflen);
319} 319}
320 320
321static unsigned mangle_sdp_packet(struct sk_buff *skb, const char **dptr, 321static int mangle_sdp_packet(struct sk_buff *skb, const char **dptr,
322 unsigned int dataoff, unsigned int *datalen, 322 unsigned int dataoff, unsigned int *datalen,
323 enum sdp_header_types type, 323 enum sdp_header_types type,
324 enum sdp_header_types term, 324 enum sdp_header_types term,
325 char *buffer, int buflen) 325 char *buffer, int buflen)
326{ 326{
327 enum ip_conntrack_info ctinfo; 327 enum ip_conntrack_info ctinfo;
328 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 328 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
@@ -330,9 +330,9 @@ static unsigned mangle_sdp_packet(struct sk_buff *skb, const char **dptr,
330 330
331 if (ct_sip_get_sdp_header(ct, *dptr, dataoff, *datalen, type, term, 331 if (ct_sip_get_sdp_header(ct, *dptr, dataoff, *datalen, type, term,
332 &matchoff, &matchlen) <= 0) 332 &matchoff, &matchlen) <= 0)
333 return 0; 333 return -ENOENT;
334 return mangle_packet(skb, dptr, datalen, matchoff, matchlen, 334 return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
335 buffer, buflen); 335 buffer, buflen) ? 0 : -EINVAL;
336} 336}
337 337
338static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, const char **dptr, 338static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, const char **dptr,
@@ -346,8 +346,8 @@ static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, const char **dptr,
346 unsigned int buflen; 346 unsigned int buflen;
347 347
348 buflen = sprintf(buffer, NIPQUAD_FMT, NIPQUAD(addr->ip)); 348 buflen = sprintf(buffer, NIPQUAD_FMT, NIPQUAD(addr->ip));
349 if (!mangle_sdp_packet(skb, dptr, dataoff, datalen, type, term, 349 if (mangle_sdp_packet(skb, dptr, dataoff, datalen, type, term,
350 buffer, buflen)) 350 buffer, buflen))
351 return 0; 351 return 0;
352 352
353 return mangle_content_len(skb, dptr, datalen); 353 return mangle_content_len(skb, dptr, datalen);
@@ -381,15 +381,27 @@ static unsigned int ip_nat_sdp_session(struct sk_buff *skb, const char **dptr,
381 381
382 /* Mangle session description owner and contact addresses */ 382 /* Mangle session description owner and contact addresses */
383 buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(addr->ip)); 383 buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(addr->ip));
384 if (!mangle_sdp_packet(skb, dptr, dataoff, datalen, 384 if (mangle_sdp_packet(skb, dptr, dataoff, datalen,
385 SDP_HDR_OWNER_IP4, SDP_HDR_MEDIA, 385 SDP_HDR_OWNER_IP4, SDP_HDR_MEDIA,
386 buffer, buflen)) 386 buffer, buflen))
387 return 0; 387 return 0;
388 388
389 if (!mangle_sdp_packet(skb, dptr, dataoff, datalen, 389 switch (mangle_sdp_packet(skb, dptr, dataoff, datalen,
390 SDP_HDR_CONNECTION_IP4, SDP_HDR_MEDIA, 390 SDP_HDR_CONNECTION_IP4, SDP_HDR_MEDIA,
391 buffer, buflen)) 391 buffer, buflen)) {
392 case 0:
393 /*
394 * RFC 2327:
395 *
396 * Session description
397 *
398 * c=* (connection information - not required if included in all media)
399 */
400 case -ENOENT:
401 break;
402 default:
392 return 0; 403 return 0;
404 }
393 405
394 return mangle_content_len(skb, dptr, datalen); 406 return mangle_content_len(skb, dptr, datalen);
395} 407}
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 5daefad3d193..ffeaffc3fffe 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -232,6 +232,11 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
232 } 232 }
233 } 233 }
234 } 234 }
235
236 /* don't trust len bigger than ctx buffer */
237 if (*len > ctx->end - ctx->pointer)
238 return 0;
239
235 return 1; 240 return 1;
236} 241}
237 242
@@ -250,6 +255,10 @@ static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
250 if (!asn1_length_decode(ctx, &def, &len)) 255 if (!asn1_length_decode(ctx, &def, &len))
251 return 0; 256 return 0;
252 257
258 /* primitive shall be definite, indefinite shall be constructed */
259 if (*con == ASN1_PRI && !def)
260 return 0;
261
253 if (def) 262 if (def)
254 *eoc = ctx->pointer + len; 263 *eoc = ctx->pointer + len;
255 else 264 else
@@ -430,10 +439,15 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
430 unsigned int *len) 439 unsigned int *len)
431{ 440{
432 unsigned long subid; 441 unsigned long subid;
433 unsigned int size;
434 unsigned long *optr; 442 unsigned long *optr;
443 size_t size;
435 444
436 size = eoc - ctx->pointer + 1; 445 size = eoc - ctx->pointer + 1;
446
447 /* first subid actually encodes first two subids */
448 if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
449 return 0;
450
437 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); 451 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
438 if (*oid == NULL) { 452 if (*oid == NULL) {
439 if (net_ratelimit()) 453 if (net_ratelimit())
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 552169b41b16..8f5a403f6f6b 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -7,8 +7,6 @@
7 * PROC file system. It is mainly used for debugging and 7 * PROC file system. It is mainly used for debugging and
8 * statistics. 8 * statistics.
9 * 9 *
10 * Version: $Id: proc.c,v 1.45 2001/05/16 16:45:35 davem Exp $
11 *
12 * Authors: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 10 * Authors: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
13 * Gerald J. Heim, <heim@peanuts.informatik.uni-tuebingen.de> 11 * Gerald J. Heim, <heim@peanuts.informatik.uni-tuebingen.de>
14 * Fred Baumgarten, <dc6iq@insu1.etec.uni-karlsruhe.de> 12 * Fred Baumgarten, <dc6iq@insu1.etec.uni-karlsruhe.de>
@@ -73,32 +71,7 @@ static int sockstat_seq_show(struct seq_file *seq, void *v)
73 71
74static int sockstat_seq_open(struct inode *inode, struct file *file) 72static int sockstat_seq_open(struct inode *inode, struct file *file)
75{ 73{
76 int err; 74 return single_open_net(inode, file, sockstat_seq_show);
77 struct net *net;
78
79 err = -ENXIO;
80 net = get_proc_net(inode);
81 if (net == NULL)
82 goto err_net;
83
84 err = single_open(file, sockstat_seq_show, net);
85 if (err < 0)
86 goto err_open;
87
88 return 0;
89
90err_open:
91 put_net(net);
92err_net:
93 return err;
94}
95
96static int sockstat_seq_release(struct inode *inode, struct file *file)
97{
98 struct net *net = ((struct seq_file *)file->private_data)->private;
99
100 put_net(net);
101 return single_release(inode, file);
102} 75}
103 76
104static const struct file_operations sockstat_seq_fops = { 77static const struct file_operations sockstat_seq_fops = {
@@ -106,7 +79,7 @@ static const struct file_operations sockstat_seq_fops = {
106 .open = sockstat_seq_open, 79 .open = sockstat_seq_open,
107 .read = seq_read, 80 .read = seq_read,
108 .llseek = seq_lseek, 81 .llseek = seq_lseek,
109 .release = sockstat_seq_release, 82 .release = single_release_net,
110}; 83};
111 84
112/* snmp items */ 85/* snmp items */
@@ -259,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = {
259 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD), 232 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),
260 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO), 233 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),
261 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS), 234 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
235 SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
236 SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
262 SNMP_MIB_SENTINEL 237 SNMP_MIB_SENTINEL
263}; 238};
264 239
@@ -268,11 +243,12 @@ static void icmpmsg_put(struct seq_file *seq)
268 243
269 int j, i, count; 244 int j, i, count;
270 static int out[PERLINE]; 245 static int out[PERLINE];
246 struct net *net = seq->private;
271 247
272 count = 0; 248 count = 0;
273 for (i = 0; i < ICMPMSG_MIB_MAX; i++) { 249 for (i = 0; i < ICMPMSG_MIB_MAX; i++) {
274 250
275 if (snmp_fold_field((void **) icmpmsg_statistics, i)) 251 if (snmp_fold_field((void **) net->mib.icmpmsg_statistics, i))
276 out[count++] = i; 252 out[count++] = i;
277 if (count < PERLINE) 253 if (count < PERLINE)
278 continue; 254 continue;
@@ -284,7 +260,7 @@ static void icmpmsg_put(struct seq_file *seq)
284 seq_printf(seq, "\nIcmpMsg: "); 260 seq_printf(seq, "\nIcmpMsg: ");
285 for (j = 0; j < PERLINE; ++j) 261 for (j = 0; j < PERLINE; ++j)
286 seq_printf(seq, " %lu", 262 seq_printf(seq, " %lu",
287 snmp_fold_field((void **) icmpmsg_statistics, 263 snmp_fold_field((void **) net->mib.icmpmsg_statistics,
288 out[j])); 264 out[j]));
289 seq_putc(seq, '\n'); 265 seq_putc(seq, '\n');
290 } 266 }
@@ -296,7 +272,7 @@ static void icmpmsg_put(struct seq_file *seq)
296 seq_printf(seq, "\nIcmpMsg:"); 272 seq_printf(seq, "\nIcmpMsg:");
297 for (j = 0; j < count; ++j) 273 for (j = 0; j < count; ++j)
298 seq_printf(seq, " %lu", snmp_fold_field((void **) 274 seq_printf(seq, " %lu", snmp_fold_field((void **)
299 icmpmsg_statistics, out[j])); 275 net->mib.icmpmsg_statistics, out[j]));
300 } 276 }
301 277
302#undef PERLINE 278#undef PERLINE
@@ -305,6 +281,7 @@ static void icmpmsg_put(struct seq_file *seq)
305static void icmp_put(struct seq_file *seq) 281static void icmp_put(struct seq_file *seq)
306{ 282{
307 int i; 283 int i;
284 struct net *net = seq->private;
308 285
309 seq_puts(seq, "\nIcmp: InMsgs InErrors"); 286 seq_puts(seq, "\nIcmp: InMsgs InErrors");
310 for (i=0; icmpmibmap[i].name != NULL; i++) 287 for (i=0; icmpmibmap[i].name != NULL; i++)
@@ -313,18 +290,18 @@ static void icmp_put(struct seq_file *seq)
313 for (i=0; icmpmibmap[i].name != NULL; i++) 290 for (i=0; icmpmibmap[i].name != NULL; i++)
314 seq_printf(seq, " Out%s", icmpmibmap[i].name); 291 seq_printf(seq, " Out%s", icmpmibmap[i].name);
315 seq_printf(seq, "\nIcmp: %lu %lu", 292 seq_printf(seq, "\nIcmp: %lu %lu",
316 snmp_fold_field((void **) icmp_statistics, ICMP_MIB_INMSGS), 293 snmp_fold_field((void **) net->mib.icmp_statistics, ICMP_MIB_INMSGS),
317 snmp_fold_field((void **) icmp_statistics, ICMP_MIB_INERRORS)); 294 snmp_fold_field((void **) net->mib.icmp_statistics, ICMP_MIB_INERRORS));
318 for (i=0; icmpmibmap[i].name != NULL; i++) 295 for (i=0; icmpmibmap[i].name != NULL; i++)
319 seq_printf(seq, " %lu", 296 seq_printf(seq, " %lu",
320 snmp_fold_field((void **) icmpmsg_statistics, 297 snmp_fold_field((void **) net->mib.icmpmsg_statistics,
321 icmpmibmap[i].index)); 298 icmpmibmap[i].index));
322 seq_printf(seq, " %lu %lu", 299 seq_printf(seq, " %lu %lu",
323 snmp_fold_field((void **) icmp_statistics, ICMP_MIB_OUTMSGS), 300 snmp_fold_field((void **) net->mib.icmp_statistics, ICMP_MIB_OUTMSGS),
324 snmp_fold_field((void **) icmp_statistics, ICMP_MIB_OUTERRORS)); 301 snmp_fold_field((void **) net->mib.icmp_statistics, ICMP_MIB_OUTERRORS));
325 for (i=0; icmpmibmap[i].name != NULL; i++) 302 for (i=0; icmpmibmap[i].name != NULL; i++)
326 seq_printf(seq, " %lu", 303 seq_printf(seq, " %lu",
327 snmp_fold_field((void **) icmpmsg_statistics, 304 snmp_fold_field((void **) net->mib.icmpmsg_statistics,
328 icmpmibmap[i].index | 0x100)); 305 icmpmibmap[i].index | 0x100));
329} 306}
330 307
@@ -334,6 +311,7 @@ static void icmp_put(struct seq_file *seq)
334static int snmp_seq_show(struct seq_file *seq, void *v) 311static int snmp_seq_show(struct seq_file *seq, void *v)
335{ 312{
336 int i; 313 int i;
314 struct net *net = seq->private;
337 315
338 seq_puts(seq, "Ip: Forwarding DefaultTTL"); 316 seq_puts(seq, "Ip: Forwarding DefaultTTL");
339 317
@@ -341,12 +319,12 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
341 seq_printf(seq, " %s", snmp4_ipstats_list[i].name); 319 seq_printf(seq, " %s", snmp4_ipstats_list[i].name);
342 320
343 seq_printf(seq, "\nIp: %d %d", 321 seq_printf(seq, "\nIp: %d %d",
344 IPV4_DEVCONF_ALL(&init_net, FORWARDING) ? 1 : 2, 322 IPV4_DEVCONF_ALL(net, FORWARDING) ? 1 : 2,
345 sysctl_ip_default_ttl); 323 sysctl_ip_default_ttl);
346 324
347 for (i = 0; snmp4_ipstats_list[i].name != NULL; i++) 325 for (i = 0; snmp4_ipstats_list[i].name != NULL; i++)
348 seq_printf(seq, " %lu", 326 seq_printf(seq, " %lu",
349 snmp_fold_field((void **)ip_statistics, 327 snmp_fold_field((void **)net->mib.ip_statistics,
350 snmp4_ipstats_list[i].entry)); 328 snmp4_ipstats_list[i].entry));
351 329
352 icmp_put(seq); /* RFC 2011 compatibility */ 330 icmp_put(seq); /* RFC 2011 compatibility */
@@ -361,11 +339,11 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
361 /* MaxConn field is signed, RFC 2012 */ 339 /* MaxConn field is signed, RFC 2012 */
362 if (snmp4_tcp_list[i].entry == TCP_MIB_MAXCONN) 340 if (snmp4_tcp_list[i].entry == TCP_MIB_MAXCONN)
363 seq_printf(seq, " %ld", 341 seq_printf(seq, " %ld",
364 snmp_fold_field((void **)tcp_statistics, 342 snmp_fold_field((void **)net->mib.tcp_statistics,
365 snmp4_tcp_list[i].entry)); 343 snmp4_tcp_list[i].entry));
366 else 344 else
367 seq_printf(seq, " %lu", 345 seq_printf(seq, " %lu",
368 snmp_fold_field((void **)tcp_statistics, 346 snmp_fold_field((void **)net->mib.tcp_statistics,
369 snmp4_tcp_list[i].entry)); 347 snmp4_tcp_list[i].entry));
370 } 348 }
371 349
@@ -376,7 +354,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
376 seq_puts(seq, "\nUdp:"); 354 seq_puts(seq, "\nUdp:");
377 for (i = 0; snmp4_udp_list[i].name != NULL; i++) 355 for (i = 0; snmp4_udp_list[i].name != NULL; i++)
378 seq_printf(seq, " %lu", 356 seq_printf(seq, " %lu",
379 snmp_fold_field((void **)udp_statistics, 357 snmp_fold_field((void **)net->mib.udp_statistics,
380 snmp4_udp_list[i].entry)); 358 snmp4_udp_list[i].entry));
381 359
382 /* the UDP and UDP-Lite MIBs are the same */ 360 /* the UDP and UDP-Lite MIBs are the same */
@@ -387,7 +365,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
387 seq_puts(seq, "\nUdpLite:"); 365 seq_puts(seq, "\nUdpLite:");
388 for (i = 0; snmp4_udp_list[i].name != NULL; i++) 366 for (i = 0; snmp4_udp_list[i].name != NULL; i++)
389 seq_printf(seq, " %lu", 367 seq_printf(seq, " %lu",
390 snmp_fold_field((void **)udplite_statistics, 368 snmp_fold_field((void **)net->mib.udplite_statistics,
391 snmp4_udp_list[i].entry)); 369 snmp4_udp_list[i].entry));
392 370
393 seq_putc(seq, '\n'); 371 seq_putc(seq, '\n');
@@ -396,7 +374,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
396 374
397static int snmp_seq_open(struct inode *inode, struct file *file) 375static int snmp_seq_open(struct inode *inode, struct file *file)
398{ 376{
399 return single_open(file, snmp_seq_show, NULL); 377 return single_open_net(inode, file, snmp_seq_show);
400} 378}
401 379
402static const struct file_operations snmp_seq_fops = { 380static const struct file_operations snmp_seq_fops = {
@@ -404,7 +382,7 @@ static const struct file_operations snmp_seq_fops = {
404 .open = snmp_seq_open, 382 .open = snmp_seq_open,
405 .read = seq_read, 383 .read = seq_read,
406 .llseek = seq_lseek, 384 .llseek = seq_lseek,
407 .release = single_release, 385 .release = single_release_net,
408}; 386};
409 387
410 388
@@ -415,6 +393,7 @@ static const struct file_operations snmp_seq_fops = {
415static int netstat_seq_show(struct seq_file *seq, void *v) 393static int netstat_seq_show(struct seq_file *seq, void *v)
416{ 394{
417 int i; 395 int i;
396 struct net *net = seq->private;
418 397
419 seq_puts(seq, "TcpExt:"); 398 seq_puts(seq, "TcpExt:");
420 for (i = 0; snmp4_net_list[i].name != NULL; i++) 399 for (i = 0; snmp4_net_list[i].name != NULL; i++)
@@ -423,7 +402,7 @@ static int netstat_seq_show(struct seq_file *seq, void *v)
423 seq_puts(seq, "\nTcpExt:"); 402 seq_puts(seq, "\nTcpExt:");
424 for (i = 0; snmp4_net_list[i].name != NULL; i++) 403 for (i = 0; snmp4_net_list[i].name != NULL; i++)
425 seq_printf(seq, " %lu", 404 seq_printf(seq, " %lu",
426 snmp_fold_field((void **)net_statistics, 405 snmp_fold_field((void **)net->mib.net_statistics,
427 snmp4_net_list[i].entry)); 406 snmp4_net_list[i].entry));
428 407
429 seq_puts(seq, "\nIpExt:"); 408 seq_puts(seq, "\nIpExt:");
@@ -433,7 +412,7 @@ static int netstat_seq_show(struct seq_file *seq, void *v)
433 seq_puts(seq, "\nIpExt:"); 412 seq_puts(seq, "\nIpExt:");
434 for (i = 0; snmp4_ipextstats_list[i].name != NULL; i++) 413 for (i = 0; snmp4_ipextstats_list[i].name != NULL; i++)
435 seq_printf(seq, " %lu", 414 seq_printf(seq, " %lu",
436 snmp_fold_field((void **)ip_statistics, 415 snmp_fold_field((void **)net->mib.ip_statistics,
437 snmp4_ipextstats_list[i].entry)); 416 snmp4_ipextstats_list[i].entry));
438 417
439 seq_putc(seq, '\n'); 418 seq_putc(seq, '\n');
@@ -442,7 +421,7 @@ static int netstat_seq_show(struct seq_file *seq, void *v)
442 421
443static int netstat_seq_open(struct inode *inode, struct file *file) 422static int netstat_seq_open(struct inode *inode, struct file *file)
444{ 423{
445 return single_open(file, netstat_seq_show, NULL); 424 return single_open_net(inode, file, netstat_seq_show);
446} 425}
447 426
448static const struct file_operations netstat_seq_fops = { 427static const struct file_operations netstat_seq_fops = {
@@ -450,18 +429,32 @@ static const struct file_operations netstat_seq_fops = {
450 .open = netstat_seq_open, 429 .open = netstat_seq_open,
451 .read = seq_read, 430 .read = seq_read,
452 .llseek = seq_lseek, 431 .llseek = seq_lseek,
453 .release = single_release, 432 .release = single_release_net,
454}; 433};
455 434
456static __net_init int ip_proc_init_net(struct net *net) 435static __net_init int ip_proc_init_net(struct net *net)
457{ 436{
458 if (!proc_net_fops_create(net, "sockstat", S_IRUGO, &sockstat_seq_fops)) 437 if (!proc_net_fops_create(net, "sockstat", S_IRUGO, &sockstat_seq_fops))
459 return -ENOMEM; 438 goto out_sockstat;
439 if (!proc_net_fops_create(net, "netstat", S_IRUGO, &netstat_seq_fops))
440 goto out_netstat;
441 if (!proc_net_fops_create(net, "snmp", S_IRUGO, &snmp_seq_fops))
442 goto out_snmp;
443
460 return 0; 444 return 0;
445
446out_snmp:
447 proc_net_remove(net, "netstat");
448out_netstat:
449 proc_net_remove(net, "sockstat");
450out_sockstat:
451 return -ENOMEM;
461} 452}
462 453
463static __net_exit void ip_proc_exit_net(struct net *net) 454static __net_exit void ip_proc_exit_net(struct net *net)
464{ 455{
456 proc_net_remove(net, "snmp");
457 proc_net_remove(net, "netstat");
465 proc_net_remove(net, "sockstat"); 458 proc_net_remove(net, "sockstat");
466} 459}
467 460
@@ -472,24 +465,6 @@ static __net_initdata struct pernet_operations ip_proc_ops = {
472 465
473int __init ip_misc_proc_init(void) 466int __init ip_misc_proc_init(void)
474{ 467{
475 int rc = 0; 468 return register_pernet_subsys(&ip_proc_ops);
476
477 if (register_pernet_subsys(&ip_proc_ops))
478 goto out_pernet;
479
480 if (!proc_net_fops_create(&init_net, "netstat", S_IRUGO, &netstat_seq_fops))
481 goto out_netstat;
482
483 if (!proc_net_fops_create(&init_net, "snmp", S_IRUGO, &snmp_seq_fops))
484 goto out_snmp;
485out:
486 return rc;
487out_snmp:
488 proc_net_remove(&init_net, "netstat");
489out_netstat:
490 unregister_pernet_subsys(&ip_proc_ops);
491out_pernet:
492 rc = -ENOMEM;
493 goto out;
494} 469}
495 470
diff --git a/net/ipv4/protocol.c b/net/ipv4/protocol.c
index 971ab9356e51..ea50da0649fd 100644
--- a/net/ipv4/protocol.c
+++ b/net/ipv4/protocol.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * INET protocol dispatch tables. 6 * INET protocol dispatch tables.
7 * 7 *
8 * Version: $Id: protocol.c,v 1.14 2001/05/18 02:25:49 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * 10 *
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index fead049daf43..cd975743bcd2 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * RAW - implementation of IP "raw" sockets. 6 * RAW - implementation of IP "raw" sockets.
7 * 7 *
8 * Version: $Id: raw.c,v 1.64 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * 10 *
@@ -322,6 +320,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
322 unsigned int flags) 320 unsigned int flags)
323{ 321{
324 struct inet_sock *inet = inet_sk(sk); 322 struct inet_sock *inet = inet_sk(sk);
323 struct net *net = sock_net(sk);
325 struct iphdr *iph; 324 struct iphdr *iph;
326 struct sk_buff *skb; 325 struct sk_buff *skb;
327 unsigned int iphlen; 326 unsigned int iphlen;
@@ -370,7 +369,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
370 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); 369 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
371 } 370 }
372 if (iph->protocol == IPPROTO_ICMP) 371 if (iph->protocol == IPPROTO_ICMP)
373 icmp_out_count(((struct icmphdr *) 372 icmp_out_count(net, ((struct icmphdr *)
374 skb_transport_header(skb))->type); 373 skb_transport_header(skb))->type);
375 374
376 err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev, 375 err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
@@ -386,7 +385,7 @@ error_fault:
386 err = -EFAULT; 385 err = -EFAULT;
387 kfree_skb(skb); 386 kfree_skb(skb);
388error: 387error:
389 IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 388 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
390 return err; 389 return err;
391} 390}
392 391
@@ -608,6 +607,13 @@ static void raw_close(struct sock *sk, long timeout)
608 sk_common_release(sk); 607 sk_common_release(sk);
609} 608}
610 609
610static void raw_destroy(struct sock *sk)
611{
612 lock_sock(sk);
613 ip_flush_pending_frames(sk);
614 release_sock(sk);
615}
616
611/* This gets rid of all the nasties in af_inet. -DaveM */ 617/* This gets rid of all the nasties in af_inet. -DaveM */
612static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) 618static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
613{ 619{
@@ -820,6 +826,7 @@ struct proto raw_prot = {
820 .name = "RAW", 826 .name = "RAW",
821 .owner = THIS_MODULE, 827 .owner = THIS_MODULE,
822 .close = raw_close, 828 .close = raw_close,
829 .destroy = raw_destroy,
823 .connect = ip4_datagram_connect, 830 .connect = ip4_datagram_connect,
824 .disconnect = udp_disconnect, 831 .disconnect = udp_disconnect,
825 .ioctl = raw_ioctl, 832 .ioctl = raw_ioctl,
@@ -925,7 +932,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
925 srcp = inet->num; 932 srcp = inet->num;
926 933
927 seq_printf(seq, "%4d: %08X:%04X %08X:%04X" 934 seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
928 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d", 935 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
929 i, src, srcp, dest, destp, sp->sk_state, 936 i, src, srcp, dest, destp, sp->sk_state,
930 atomic_read(&sp->sk_wmem_alloc), 937 atomic_read(&sp->sk_wmem_alloc),
931 atomic_read(&sp->sk_rmem_alloc), 938 atomic_read(&sp->sk_rmem_alloc),
@@ -938,7 +945,7 @@ static int raw_seq_show(struct seq_file *seq, void *v)
938 if (v == SEQ_START_TOKEN) 945 if (v == SEQ_START_TOKEN)
939 seq_printf(seq, " sl local_address rem_address st tx_queue " 946 seq_printf(seq, " sl local_address rem_address st tx_queue "
940 "rx_queue tr tm->when retrnsmt uid timeout " 947 "rx_queue tr tm->when retrnsmt uid timeout "
941 "inode drops\n"); 948 "inode ref pointer drops\n");
942 else 949 else
943 raw_sock_seq_show(seq, v, raw_seq_private(seq)->bucket); 950 raw_sock_seq_show(seq, v, raw_seq_private(seq)->bucket);
944 return 0; 951 return 0;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index df41026b60db..6ee5354c9aa1 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * ROUTE - implementation of the IP router. 6 * ROUTE - implementation of the IP router.
7 * 7 *
8 * Version: $Id: route.c,v 1.103 2002/01/12 07:44:09 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Alan Cox, <gw4pts@gw4pts.ampr.org> 10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
@@ -134,7 +132,6 @@ static int ip_rt_secret_interval __read_mostly = 10 * 60 * HZ;
134 132
135static void rt_worker_func(struct work_struct *work); 133static void rt_worker_func(struct work_struct *work);
136static DECLARE_DELAYED_WORK(expires_work, rt_worker_func); 134static DECLARE_DELAYED_WORK(expires_work, rt_worker_func);
137static struct timer_list rt_secret_timer;
138 135
139/* 136/*
140 * Interface to generic destination cache. 137 * Interface to generic destination cache.
@@ -253,20 +250,25 @@ static inline void rt_hash_lock_init(void)
253static struct rt_hash_bucket *rt_hash_table __read_mostly; 250static struct rt_hash_bucket *rt_hash_table __read_mostly;
254static unsigned rt_hash_mask __read_mostly; 251static unsigned rt_hash_mask __read_mostly;
255static unsigned int rt_hash_log __read_mostly; 252static unsigned int rt_hash_log __read_mostly;
256static atomic_t rt_genid __read_mostly;
257 253
258static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat); 254static DEFINE_PER_CPU(struct rt_cache_stat, rt_cache_stat);
259#define RT_CACHE_STAT_INC(field) \ 255#define RT_CACHE_STAT_INC(field) \
260 (__raw_get_cpu_var(rt_cache_stat).field++) 256 (__raw_get_cpu_var(rt_cache_stat).field++)
261 257
262static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx) 258static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
259 int genid)
263{ 260{
264 return jhash_3words((__force u32)(__be32)(daddr), 261 return jhash_3words((__force u32)(__be32)(daddr),
265 (__force u32)(__be32)(saddr), 262 (__force u32)(__be32)(saddr),
266 idx, atomic_read(&rt_genid)) 263 idx, genid)
267 & rt_hash_mask; 264 & rt_hash_mask;
268} 265}
269 266
267static inline int rt_genid(struct net *net)
268{
269 return atomic_read(&net->ipv4.rt_genid);
270}
271
270#ifdef CONFIG_PROC_FS 272#ifdef CONFIG_PROC_FS
271struct rt_cache_iter_state { 273struct rt_cache_iter_state {
272 struct seq_net_private p; 274 struct seq_net_private p;
@@ -336,7 +338,7 @@ static void *rt_cache_seq_start(struct seq_file *seq, loff_t *pos)
336 struct rt_cache_iter_state *st = seq->private; 338 struct rt_cache_iter_state *st = seq->private;
337 if (*pos) 339 if (*pos)
338 return rt_cache_get_idx(seq, *pos - 1); 340 return rt_cache_get_idx(seq, *pos - 1);
339 st->genid = atomic_read(&rt_genid); 341 st->genid = rt_genid(seq_file_net(seq));
340 return SEQ_START_TOKEN; 342 return SEQ_START_TOKEN;
341} 343}
342 344
@@ -683,6 +685,11 @@ static inline int compare_netns(struct rtable *rt1, struct rtable *rt2)
683 return dev_net(rt1->u.dst.dev) == dev_net(rt2->u.dst.dev); 685 return dev_net(rt1->u.dst.dev) == dev_net(rt2->u.dst.dev);
684} 686}
685 687
688static inline int rt_is_expired(struct rtable *rth)
689{
690 return rth->rt_genid != rt_genid(dev_net(rth->u.dst.dev));
691}
692
686/* 693/*
687 * Perform a full scan of hash table and free all entries. 694 * Perform a full scan of hash table and free all entries.
688 * Can be called by a softirq or a process. 695 * Can be called by a softirq or a process.
@@ -692,6 +699,7 @@ static void rt_do_flush(int process_context)
692{ 699{
693 unsigned int i; 700 unsigned int i;
694 struct rtable *rth, *next; 701 struct rtable *rth, *next;
702 struct rtable * tail;
695 703
696 for (i = 0; i <= rt_hash_mask; i++) { 704 for (i = 0; i <= rt_hash_mask; i++) {
697 if (process_context && need_resched()) 705 if (process_context && need_resched())
@@ -701,11 +709,39 @@ static void rt_do_flush(int process_context)
701 continue; 709 continue;
702 710
703 spin_lock_bh(rt_hash_lock_addr(i)); 711 spin_lock_bh(rt_hash_lock_addr(i));
712#ifdef CONFIG_NET_NS
713 {
714 struct rtable ** prev, * p;
715
716 rth = rt_hash_table[i].chain;
717
718 /* defer releasing the head of the list after spin_unlock */
719 for (tail = rth; tail; tail = tail->u.dst.rt_next)
720 if (!rt_is_expired(tail))
721 break;
722 if (rth != tail)
723 rt_hash_table[i].chain = tail;
724
725 /* call rt_free on entries after the tail requiring flush */
726 prev = &rt_hash_table[i].chain;
727 for (p = *prev; p; p = next) {
728 next = p->u.dst.rt_next;
729 if (!rt_is_expired(p)) {
730 prev = &p->u.dst.rt_next;
731 } else {
732 *prev = next;
733 rt_free(p);
734 }
735 }
736 }
737#else
704 rth = rt_hash_table[i].chain; 738 rth = rt_hash_table[i].chain;
705 rt_hash_table[i].chain = NULL; 739 rt_hash_table[i].chain = NULL;
740 tail = NULL;
741#endif
706 spin_unlock_bh(rt_hash_lock_addr(i)); 742 spin_unlock_bh(rt_hash_lock_addr(i));
707 743
708 for (; rth; rth = next) { 744 for (; rth != tail; rth = next) {
709 next = rth->u.dst.rt_next; 745 next = rth->u.dst.rt_next;
710 rt_free(rth); 746 rt_free(rth);
711 } 747 }
@@ -738,7 +774,7 @@ static void rt_check_expire(void)
738 continue; 774 continue;
739 spin_lock_bh(rt_hash_lock_addr(i)); 775 spin_lock_bh(rt_hash_lock_addr(i));
740 while ((rth = *rthp) != NULL) { 776 while ((rth = *rthp) != NULL) {
741 if (rth->rt_genid != atomic_read(&rt_genid)) { 777 if (rt_is_expired(rth)) {
742 *rthp = rth->u.dst.rt_next; 778 *rthp = rth->u.dst.rt_next;
743 rt_free(rth); 779 rt_free(rth);
744 continue; 780 continue;
@@ -781,21 +817,21 @@ static void rt_worker_func(struct work_struct *work)
781 * many times (2^24) without giving recent rt_genid. 817 * many times (2^24) without giving recent rt_genid.
782 * Jenkins hash is strong enough that litle changes of rt_genid are OK. 818 * Jenkins hash is strong enough that litle changes of rt_genid are OK.
783 */ 819 */
784static void rt_cache_invalidate(void) 820static void rt_cache_invalidate(struct net *net)
785{ 821{
786 unsigned char shuffle; 822 unsigned char shuffle;
787 823
788 get_random_bytes(&shuffle, sizeof(shuffle)); 824 get_random_bytes(&shuffle, sizeof(shuffle));
789 atomic_add(shuffle + 1U, &rt_genid); 825 atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
790} 826}
791 827
792/* 828/*
793 * delay < 0 : invalidate cache (fast : entries will be deleted later) 829 * delay < 0 : invalidate cache (fast : entries will be deleted later)
794 * delay >= 0 : invalidate & flush cache (can be long) 830 * delay >= 0 : invalidate & flush cache (can be long)
795 */ 831 */
796void rt_cache_flush(int delay) 832void rt_cache_flush(struct net *net, int delay)
797{ 833{
798 rt_cache_invalidate(); 834 rt_cache_invalidate(net);
799 if (delay >= 0) 835 if (delay >= 0)
800 rt_do_flush(!in_softirq()); 836 rt_do_flush(!in_softirq());
801} 837}
@@ -803,10 +839,11 @@ void rt_cache_flush(int delay)
803/* 839/*
804 * We change rt_genid and let gc do the cleanup 840 * We change rt_genid and let gc do the cleanup
805 */ 841 */
806static void rt_secret_rebuild(unsigned long dummy) 842static void rt_secret_rebuild(unsigned long __net)
807{ 843{
808 rt_cache_invalidate(); 844 struct net *net = (struct net *)__net;
809 mod_timer(&rt_secret_timer, jiffies + ip_rt_secret_interval); 845 rt_cache_invalidate(net);
846 mod_timer(&net->ipv4.rt_secret_timer, jiffies + ip_rt_secret_interval);
810} 847}
811 848
812/* 849/*
@@ -882,7 +919,7 @@ static int rt_garbage_collect(struct dst_ops *ops)
882 rthp = &rt_hash_table[k].chain; 919 rthp = &rt_hash_table[k].chain;
883 spin_lock_bh(rt_hash_lock_addr(k)); 920 spin_lock_bh(rt_hash_lock_addr(k));
884 while ((rth = *rthp) != NULL) { 921 while ((rth = *rthp) != NULL) {
885 if (rth->rt_genid == atomic_read(&rt_genid) && 922 if (!rt_is_expired(rth) &&
886 !rt_may_expire(rth, tmo, expire)) { 923 !rt_may_expire(rth, tmo, expire)) {
887 tmo >>= 1; 924 tmo >>= 1;
888 rthp = &rth->u.dst.rt_next; 925 rthp = &rth->u.dst.rt_next;
@@ -964,7 +1001,7 @@ restart:
964 1001
965 spin_lock_bh(rt_hash_lock_addr(hash)); 1002 spin_lock_bh(rt_hash_lock_addr(hash));
966 while ((rth = *rthp) != NULL) { 1003 while ((rth = *rthp) != NULL) {
967 if (rth->rt_genid != atomic_read(&rt_genid)) { 1004 if (rt_is_expired(rth)) {
968 *rthp = rth->u.dst.rt_next; 1005 *rthp = rth->u.dst.rt_next;
969 rt_free(rth); 1006 rt_free(rth);
970 continue; 1007 continue;
@@ -1140,7 +1177,7 @@ static void rt_del(unsigned hash, struct rtable *rt)
1140 spin_lock_bh(rt_hash_lock_addr(hash)); 1177 spin_lock_bh(rt_hash_lock_addr(hash));
1141 ip_rt_put(rt); 1178 ip_rt_put(rt);
1142 while ((aux = *rthp) != NULL) { 1179 while ((aux = *rthp) != NULL) {
1143 if (aux == rt || (aux->rt_genid != atomic_read(&rt_genid))) { 1180 if (aux == rt || rt_is_expired(aux)) {
1144 *rthp = aux->u.dst.rt_next; 1181 *rthp = aux->u.dst.rt_next;
1145 rt_free(aux); 1182 rt_free(aux);
1146 continue; 1183 continue;
@@ -1182,7 +1219,8 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1182 1219
1183 for (i = 0; i < 2; i++) { 1220 for (i = 0; i < 2; i++) {
1184 for (k = 0; k < 2; k++) { 1221 for (k = 0; k < 2; k++) {
1185 unsigned hash = rt_hash(daddr, skeys[i], ikeys[k]); 1222 unsigned hash = rt_hash(daddr, skeys[i], ikeys[k],
1223 rt_genid(net));
1186 1224
1187 rthp=&rt_hash_table[hash].chain; 1225 rthp=&rt_hash_table[hash].chain;
1188 1226
@@ -1194,7 +1232,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1194 rth->fl.fl4_src != skeys[i] || 1232 rth->fl.fl4_src != skeys[i] ||
1195 rth->fl.oif != ikeys[k] || 1233 rth->fl.oif != ikeys[k] ||
1196 rth->fl.iif != 0 || 1234 rth->fl.iif != 0 ||
1197 rth->rt_genid != atomic_read(&rt_genid) || 1235 rt_is_expired(rth) ||
1198 !net_eq(dev_net(rth->u.dst.dev), net)) { 1236 !net_eq(dev_net(rth->u.dst.dev), net)) {
1199 rthp = &rth->u.dst.rt_next; 1237 rthp = &rth->u.dst.rt_next;
1200 continue; 1238 continue;
@@ -1233,7 +1271,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
1233 rt->u.dst.neighbour = NULL; 1271 rt->u.dst.neighbour = NULL;
1234 rt->u.dst.hh = NULL; 1272 rt->u.dst.hh = NULL;
1235 rt->u.dst.xfrm = NULL; 1273 rt->u.dst.xfrm = NULL;
1236 rt->rt_genid = atomic_read(&rt_genid); 1274 rt->rt_genid = rt_genid(net);
1237 rt->rt_flags |= RTCF_REDIRECTED; 1275 rt->rt_flags |= RTCF_REDIRECTED;
1238 1276
1239 /* Gateway is different ... */ 1277 /* Gateway is different ... */
@@ -1297,7 +1335,8 @@ static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
1297 } else if ((rt->rt_flags & RTCF_REDIRECTED) || 1335 } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
1298 rt->u.dst.expires) { 1336 rt->u.dst.expires) {
1299 unsigned hash = rt_hash(rt->fl.fl4_dst, rt->fl.fl4_src, 1337 unsigned hash = rt_hash(rt->fl.fl4_dst, rt->fl.fl4_src,
1300 rt->fl.oif); 1338 rt->fl.oif,
1339 rt_genid(dev_net(dst->dev)));
1301#if RT_CACHE_DEBUG >= 1 1340#if RT_CACHE_DEBUG >= 1
1302 printk(KERN_DEBUG "ipv4_negative_advice: redirect to " 1341 printk(KERN_DEBUG "ipv4_negative_advice: redirect to "
1303 NIPQUAD_FMT "/%02x dropped\n", 1342 NIPQUAD_FMT "/%02x dropped\n",
@@ -1390,7 +1429,8 @@ static int ip_error(struct sk_buff *skb)
1390 break; 1429 break;
1391 case ENETUNREACH: 1430 case ENETUNREACH:
1392 code = ICMP_NET_UNREACH; 1431 code = ICMP_NET_UNREACH;
1393 IP_INC_STATS_BH(IPSTATS_MIB_INNOROUTES); 1432 IP_INC_STATS_BH(dev_net(rt->u.dst.dev),
1433 IPSTATS_MIB_INNOROUTES);
1394 break; 1434 break;
1395 case EACCES: 1435 case EACCES:
1396 code = ICMP_PKT_FILTERED; 1436 code = ICMP_PKT_FILTERED;
@@ -1446,7 +1486,8 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1446 1486
1447 for (k = 0; k < 2; k++) { 1487 for (k = 0; k < 2; k++) {
1448 for (i = 0; i < 2; i++) { 1488 for (i = 0; i < 2; i++) {
1449 unsigned hash = rt_hash(daddr, skeys[i], ikeys[k]); 1489 unsigned hash = rt_hash(daddr, skeys[i], ikeys[k],
1490 rt_genid(net));
1450 1491
1451 rcu_read_lock(); 1492 rcu_read_lock();
1452 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth; 1493 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
@@ -1461,21 +1502,21 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1461 rth->fl.iif != 0 || 1502 rth->fl.iif != 0 ||
1462 dst_metric_locked(&rth->u.dst, RTAX_MTU) || 1503 dst_metric_locked(&rth->u.dst, RTAX_MTU) ||
1463 !net_eq(dev_net(rth->u.dst.dev), net) || 1504 !net_eq(dev_net(rth->u.dst.dev), net) ||
1464 rth->rt_genid != atomic_read(&rt_genid)) 1505 rt_is_expired(rth))
1465 continue; 1506 continue;
1466 1507
1467 if (new_mtu < 68 || new_mtu >= old_mtu) { 1508 if (new_mtu < 68 || new_mtu >= old_mtu) {
1468 1509
1469 /* BSD 4.2 compatibility hack :-( */ 1510 /* BSD 4.2 compatibility hack :-( */
1470 if (mtu == 0 && 1511 if (mtu == 0 &&
1471 old_mtu >= dst_metric(&rth->u.dst, RTAX_MTU) && 1512 old_mtu >= dst_mtu(&rth->u.dst) &&
1472 old_mtu >= 68 + (iph->ihl << 2)) 1513 old_mtu >= 68 + (iph->ihl << 2))
1473 old_mtu -= iph->ihl << 2; 1514 old_mtu -= iph->ihl << 2;
1474 1515
1475 mtu = guess_mtu(old_mtu); 1516 mtu = guess_mtu(old_mtu);
1476 } 1517 }
1477 if (mtu <= dst_metric(&rth->u.dst, RTAX_MTU)) { 1518 if (mtu <= dst_mtu(&rth->u.dst)) {
1478 if (mtu < dst_metric(&rth->u.dst, RTAX_MTU)) { 1519 if (mtu < dst_mtu(&rth->u.dst)) {
1479 dst_confirm(&rth->u.dst); 1520 dst_confirm(&rth->u.dst);
1480 if (mtu < ip_rt_min_pmtu) { 1521 if (mtu < ip_rt_min_pmtu) {
1481 mtu = ip_rt_min_pmtu; 1522 mtu = ip_rt_min_pmtu;
@@ -1497,7 +1538,7 @@ unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph,
1497 1538
1498static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu) 1539static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
1499{ 1540{
1500 if (dst_metric(dst, RTAX_MTU) > mtu && mtu >= 68 && 1541 if (dst_mtu(dst) > mtu && mtu >= 68 &&
1501 !(dst_metric_locked(dst, RTAX_MTU))) { 1542 !(dst_metric_locked(dst, RTAX_MTU))) {
1502 if (mtu < ip_rt_min_pmtu) { 1543 if (mtu < ip_rt_min_pmtu) {
1503 mtu = ip_rt_min_pmtu; 1544 mtu = ip_rt_min_pmtu;
@@ -1626,7 +1667,7 @@ static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
1626 1667
1627 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0) 1668 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0)
1628 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = sysctl_ip_default_ttl; 1669 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = sysctl_ip_default_ttl;
1629 if (dst_metric(&rt->u.dst, RTAX_MTU) > IP_MAX_MTU) 1670 if (dst_mtu(&rt->u.dst) > IP_MAX_MTU)
1630 rt->u.dst.metrics[RTAX_MTU-1] = IP_MAX_MTU; 1671 rt->u.dst.metrics[RTAX_MTU-1] = IP_MAX_MTU;
1631 if (dst_metric(&rt->u.dst, RTAX_ADVMSS) == 0) 1672 if (dst_metric(&rt->u.dst, RTAX_ADVMSS) == 0)
1632 rt->u.dst.metrics[RTAX_ADVMSS-1] = max_t(unsigned int, rt->u.dst.dev->mtu - 40, 1673 rt->u.dst.metrics[RTAX_ADVMSS-1] = max_t(unsigned int, rt->u.dst.dev->mtu - 40,
@@ -1696,7 +1737,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1696 rth->fl.oif = 0; 1737 rth->fl.oif = 0;
1697 rth->rt_gateway = daddr; 1738 rth->rt_gateway = daddr;
1698 rth->rt_spec_dst= spec_dst; 1739 rth->rt_spec_dst= spec_dst;
1699 rth->rt_genid = atomic_read(&rt_genid); 1740 rth->rt_genid = rt_genid(dev_net(dev));
1700 rth->rt_flags = RTCF_MULTICAST; 1741 rth->rt_flags = RTCF_MULTICAST;
1701 rth->rt_type = RTN_MULTICAST; 1742 rth->rt_type = RTN_MULTICAST;
1702 if (our) { 1743 if (our) {
@@ -1711,7 +1752,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1711 RT_CACHE_STAT_INC(in_slow_mc); 1752 RT_CACHE_STAT_INC(in_slow_mc);
1712 1753
1713 in_dev_put(in_dev); 1754 in_dev_put(in_dev);
1714 hash = rt_hash(daddr, saddr, dev->ifindex); 1755 hash = rt_hash(daddr, saddr, dev->ifindex, rt_genid(dev_net(dev)));
1715 return rt_intern_hash(hash, rth, &skb->rtable); 1756 return rt_intern_hash(hash, rth, &skb->rtable);
1716 1757
1717e_nobufs: 1758e_nobufs:
@@ -1792,7 +1833,7 @@ static int __mkroute_input(struct sk_buff *skb,
1792 if (err) 1833 if (err)
1793 flags |= RTCF_DIRECTSRC; 1834 flags |= RTCF_DIRECTSRC;
1794 1835
1795 if (out_dev == in_dev && err && !(flags & RTCF_MASQ) && 1836 if (out_dev == in_dev && err &&
1796 (IN_DEV_SHARED_MEDIA(out_dev) || 1837 (IN_DEV_SHARED_MEDIA(out_dev) ||
1797 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) 1838 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res))))
1798 flags |= RTCF_DOREDIRECT; 1839 flags |= RTCF_DOREDIRECT;
@@ -1837,7 +1878,7 @@ static int __mkroute_input(struct sk_buff *skb,
1837 1878
1838 rth->u.dst.input = ip_forward; 1879 rth->u.dst.input = ip_forward;
1839 rth->u.dst.output = ip_output; 1880 rth->u.dst.output = ip_output;
1840 rth->rt_genid = atomic_read(&rt_genid); 1881 rth->rt_genid = rt_genid(dev_net(rth->u.dst.dev));
1841 1882
1842 rt_set_nexthop(rth, res, itag); 1883 rt_set_nexthop(rth, res, itag);
1843 1884
@@ -1872,7 +1913,8 @@ static int ip_mkroute_input(struct sk_buff *skb,
1872 return err; 1913 return err;
1873 1914
1874 /* put it into the cache */ 1915 /* put it into the cache */
1875 hash = rt_hash(daddr, saddr, fl->iif); 1916 hash = rt_hash(daddr, saddr, fl->iif,
1917 rt_genid(dev_net(rth->u.dst.dev)));
1876 return rt_intern_hash(hash, rth, &skb->rtable); 1918 return rt_intern_hash(hash, rth, &skb->rtable);
1877} 1919}
1878 1920
@@ -1998,7 +2040,7 @@ local_input:
1998 goto e_nobufs; 2040 goto e_nobufs;
1999 2041
2000 rth->u.dst.output= ip_rt_bug; 2042 rth->u.dst.output= ip_rt_bug;
2001 rth->rt_genid = atomic_read(&rt_genid); 2043 rth->rt_genid = rt_genid(net);
2002 2044
2003 atomic_set(&rth->u.dst.__refcnt, 1); 2045 atomic_set(&rth->u.dst.__refcnt, 1);
2004 rth->u.dst.flags= DST_HOST; 2046 rth->u.dst.flags= DST_HOST;
@@ -2028,7 +2070,7 @@ local_input:
2028 rth->rt_flags &= ~RTCF_LOCAL; 2070 rth->rt_flags &= ~RTCF_LOCAL;
2029 } 2071 }
2030 rth->rt_type = res.type; 2072 rth->rt_type = res.type;
2031 hash = rt_hash(daddr, saddr, fl.iif); 2073 hash = rt_hash(daddr, saddr, fl.iif, rt_genid(net));
2032 err = rt_intern_hash(hash, rth, &skb->rtable); 2074 err = rt_intern_hash(hash, rth, &skb->rtable);
2033 goto done; 2075 goto done;
2034 2076
@@ -2079,7 +2121,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2079 2121
2080 net = dev_net(dev); 2122 net = dev_net(dev);
2081 tos &= IPTOS_RT_MASK; 2123 tos &= IPTOS_RT_MASK;
2082 hash = rt_hash(daddr, saddr, iif); 2124 hash = rt_hash(daddr, saddr, iif, rt_genid(net));
2083 2125
2084 rcu_read_lock(); 2126 rcu_read_lock();
2085 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth; 2127 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
@@ -2091,7 +2133,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2091 (rth->fl.fl4_tos ^ tos)) == 0 && 2133 (rth->fl.fl4_tos ^ tos)) == 0 &&
2092 rth->fl.mark == skb->mark && 2134 rth->fl.mark == skb->mark &&
2093 net_eq(dev_net(rth->u.dst.dev), net) && 2135 net_eq(dev_net(rth->u.dst.dev), net) &&
2094 rth->rt_genid == atomic_read(&rt_genid)) { 2136 !rt_is_expired(rth)) {
2095 dst_use(&rth->u.dst, jiffies); 2137 dst_use(&rth->u.dst, jiffies);
2096 RT_CACHE_STAT_INC(in_hit); 2138 RT_CACHE_STAT_INC(in_hit);
2097 rcu_read_unlock(); 2139 rcu_read_unlock();
@@ -2219,7 +2261,7 @@ static int __mkroute_output(struct rtable **result,
2219 rth->rt_spec_dst= fl->fl4_src; 2261 rth->rt_spec_dst= fl->fl4_src;
2220 2262
2221 rth->u.dst.output=ip_output; 2263 rth->u.dst.output=ip_output;
2222 rth->rt_genid = atomic_read(&rt_genid); 2264 rth->rt_genid = rt_genid(dev_net(dev_out));
2223 2265
2224 RT_CACHE_STAT_INC(out_slow_tot); 2266 RT_CACHE_STAT_INC(out_slow_tot);
2225 2267
@@ -2268,7 +2310,8 @@ static int ip_mkroute_output(struct rtable **rp,
2268 int err = __mkroute_output(&rth, res, fl, oldflp, dev_out, flags); 2310 int err = __mkroute_output(&rth, res, fl, oldflp, dev_out, flags);
2269 unsigned hash; 2311 unsigned hash;
2270 if (err == 0) { 2312 if (err == 0) {
2271 hash = rt_hash(oldflp->fl4_dst, oldflp->fl4_src, oldflp->oif); 2313 hash = rt_hash(oldflp->fl4_dst, oldflp->fl4_src, oldflp->oif,
2314 rt_genid(dev_net(dev_out)));
2272 err = rt_intern_hash(hash, rth, rp); 2315 err = rt_intern_hash(hash, rth, rp);
2273 } 2316 }
2274 2317
@@ -2480,7 +2523,7 @@ int __ip_route_output_key(struct net *net, struct rtable **rp,
2480 unsigned hash; 2523 unsigned hash;
2481 struct rtable *rth; 2524 struct rtable *rth;
2482 2525
2483 hash = rt_hash(flp->fl4_dst, flp->fl4_src, flp->oif); 2526 hash = rt_hash(flp->fl4_dst, flp->fl4_src, flp->oif, rt_genid(net));
2484 2527
2485 rcu_read_lock_bh(); 2528 rcu_read_lock_bh();
2486 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth; 2529 for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
@@ -2493,7 +2536,7 @@ int __ip_route_output_key(struct net *net, struct rtable **rp,
2493 !((rth->fl.fl4_tos ^ flp->fl4_tos) & 2536 !((rth->fl.fl4_tos ^ flp->fl4_tos) &
2494 (IPTOS_RT_MASK | RTO_ONLINK)) && 2537 (IPTOS_RT_MASK | RTO_ONLINK)) &&
2495 net_eq(dev_net(rth->u.dst.dev), net) && 2538 net_eq(dev_net(rth->u.dst.dev), net) &&
2496 rth->rt_genid == atomic_read(&rt_genid)) { 2539 !rt_is_expired(rth)) {
2497 dst_use(&rth->u.dst, jiffies); 2540 dst_use(&rth->u.dst, jiffies);
2498 RT_CACHE_STAT_INC(out_hit); 2541 RT_CACHE_STAT_INC(out_hit);
2499 rcu_read_unlock_bh(); 2542 rcu_read_unlock_bh();
@@ -2524,7 +2567,7 @@ static struct dst_ops ipv4_dst_blackhole_ops = {
2524}; 2567};
2525 2568
2526 2569
2527static int ipv4_dst_blackhole(struct rtable **rp, struct flowi *flp) 2570static int ipv4_dst_blackhole(struct net *net, struct rtable **rp, struct flowi *flp)
2528{ 2571{
2529 struct rtable *ort = *rp; 2572 struct rtable *ort = *rp;
2530 struct rtable *rt = (struct rtable *) 2573 struct rtable *rt = (struct rtable *)
@@ -2548,7 +2591,7 @@ static int ipv4_dst_blackhole(struct rtable **rp, struct flowi *flp)
2548 rt->idev = ort->idev; 2591 rt->idev = ort->idev;
2549 if (rt->idev) 2592 if (rt->idev)
2550 in_dev_hold(rt->idev); 2593 in_dev_hold(rt->idev);
2551 rt->rt_genid = atomic_read(&rt_genid); 2594 rt->rt_genid = rt_genid(net);
2552 rt->rt_flags = ort->rt_flags; 2595 rt->rt_flags = ort->rt_flags;
2553 rt->rt_type = ort->rt_type; 2596 rt->rt_type = ort->rt_type;
2554 rt->rt_dst = ort->rt_dst; 2597 rt->rt_dst = ort->rt_dst;
@@ -2584,7 +2627,7 @@ int ip_route_output_flow(struct net *net, struct rtable **rp, struct flowi *flp,
2584 err = __xfrm_lookup((struct dst_entry **)rp, flp, sk, 2627 err = __xfrm_lookup((struct dst_entry **)rp, flp, sk,
2585 flags ? XFRM_LOOKUP_WAIT : 0); 2628 flags ? XFRM_LOOKUP_WAIT : 0);
2586 if (err == -EREMOTE) 2629 if (err == -EREMOTE)
2587 err = ipv4_dst_blackhole(rp, flp); 2630 err = ipv4_dst_blackhole(net, rp, flp);
2588 2631
2589 return err; 2632 return err;
2590 } 2633 }
@@ -2803,7 +2846,7 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
2803 rt = rcu_dereference(rt->u.dst.rt_next), idx++) { 2846 rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
2804 if (!net_eq(dev_net(rt->u.dst.dev), net) || idx < s_idx) 2847 if (!net_eq(dev_net(rt->u.dst.dev), net) || idx < s_idx)
2805 continue; 2848 continue;
2806 if (rt->rt_genid != atomic_read(&rt_genid)) 2849 if (rt_is_expired(rt))
2807 continue; 2850 continue;
2808 skb->dst = dst_clone(&rt->u.dst); 2851 skb->dst = dst_clone(&rt->u.dst);
2809 if (rt_fill_info(skb, NETLINK_CB(cb->skb).pid, 2852 if (rt_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -2827,19 +2870,25 @@ done:
2827 2870
2828void ip_rt_multicast_event(struct in_device *in_dev) 2871void ip_rt_multicast_event(struct in_device *in_dev)
2829{ 2872{
2830 rt_cache_flush(0); 2873 rt_cache_flush(dev_net(in_dev->dev), 0);
2831} 2874}
2832 2875
2833#ifdef CONFIG_SYSCTL 2876#ifdef CONFIG_SYSCTL
2834static int flush_delay; 2877static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write,
2835
2836static int ipv4_sysctl_rtcache_flush(ctl_table *ctl, int write,
2837 struct file *filp, void __user *buffer, 2878 struct file *filp, void __user *buffer,
2838 size_t *lenp, loff_t *ppos) 2879 size_t *lenp, loff_t *ppos)
2839{ 2880{
2840 if (write) { 2881 if (write) {
2841 proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 2882 int flush_delay;
2842 rt_cache_flush(flush_delay); 2883 ctl_table ctl;
2884 struct net *net;
2885
2886 memcpy(&ctl, __ctl, sizeof(ctl));
2887 ctl.data = &flush_delay;
2888 proc_dointvec(&ctl, write, filp, buffer, lenp, ppos);
2889
2890 net = (struct net *)__ctl->extra1;
2891 rt_cache_flush(net, flush_delay);
2843 return 0; 2892 return 0;
2844 } 2893 }
2845 2894
@@ -2855,24 +2904,79 @@ static int ipv4_sysctl_rtcache_flush_strategy(ctl_table *table,
2855 size_t newlen) 2904 size_t newlen)
2856{ 2905{
2857 int delay; 2906 int delay;
2907 struct net *net;
2858 if (newlen != sizeof(int)) 2908 if (newlen != sizeof(int))
2859 return -EINVAL; 2909 return -EINVAL;
2860 if (get_user(delay, (int __user *)newval)) 2910 if (get_user(delay, (int __user *)newval))
2861 return -EFAULT; 2911 return -EFAULT;
2862 rt_cache_flush(delay); 2912 net = (struct net *)table->extra1;
2913 rt_cache_flush(net, delay);
2863 return 0; 2914 return 0;
2864} 2915}
2865 2916
2866ctl_table ipv4_route_table[] = { 2917static void rt_secret_reschedule(int old)
2867 { 2918{
2868 .ctl_name = NET_IPV4_ROUTE_FLUSH, 2919 struct net *net;
2869 .procname = "flush", 2920 int new = ip_rt_secret_interval;
2870 .data = &flush_delay, 2921 int diff = new - old;
2871 .maxlen = sizeof(int), 2922
2872 .mode = 0200, 2923 if (!diff)
2873 .proc_handler = &ipv4_sysctl_rtcache_flush, 2924 return;
2874 .strategy = &ipv4_sysctl_rtcache_flush_strategy, 2925
2875 }, 2926 rtnl_lock();
2927 for_each_net(net) {
2928 int deleted = del_timer_sync(&net->ipv4.rt_secret_timer);
2929
2930 if (!new)
2931 continue;
2932
2933 if (deleted) {
2934 long time = net->ipv4.rt_secret_timer.expires - jiffies;
2935
2936 if (time <= 0 || (time += diff) <= 0)
2937 time = 0;
2938
2939 net->ipv4.rt_secret_timer.expires = time;
2940 } else
2941 net->ipv4.rt_secret_timer.expires = new;
2942
2943 net->ipv4.rt_secret_timer.expires += jiffies;
2944 add_timer(&net->ipv4.rt_secret_timer);
2945 }
2946 rtnl_unlock();
2947}
2948
2949static int ipv4_sysctl_rt_secret_interval(ctl_table *ctl, int write,
2950 struct file *filp,
2951 void __user *buffer, size_t *lenp,
2952 loff_t *ppos)
2953{
2954 int old = ip_rt_secret_interval;
2955 int ret = proc_dointvec_jiffies(ctl, write, filp, buffer, lenp, ppos);
2956
2957 rt_secret_reschedule(old);
2958
2959 return ret;
2960}
2961
2962static int ipv4_sysctl_rt_secret_interval_strategy(ctl_table *table,
2963 int __user *name,
2964 int nlen,
2965 void __user *oldval,
2966 size_t __user *oldlenp,
2967 void __user *newval,
2968 size_t newlen)
2969{
2970 int old = ip_rt_secret_interval;
2971 int ret = sysctl_jiffies(table, name, nlen, oldval, oldlenp, newval,
2972 newlen);
2973
2974 rt_secret_reschedule(old);
2975
2976 return ret;
2977}
2978
2979static ctl_table ipv4_route_table[] = {
2876 { 2980 {
2877 .ctl_name = NET_IPV4_ROUTE_GC_THRESH, 2981 .ctl_name = NET_IPV4_ROUTE_GC_THRESH,
2878 .procname = "gc_thresh", 2982 .procname = "gc_thresh",
@@ -3006,13 +3110,120 @@ ctl_table ipv4_route_table[] = {
3006 .data = &ip_rt_secret_interval, 3110 .data = &ip_rt_secret_interval,
3007 .maxlen = sizeof(int), 3111 .maxlen = sizeof(int),
3008 .mode = 0644, 3112 .mode = 0644,
3009 .proc_handler = &proc_dointvec_jiffies, 3113 .proc_handler = &ipv4_sysctl_rt_secret_interval,
3010 .strategy = &sysctl_jiffies, 3114 .strategy = &ipv4_sysctl_rt_secret_interval_strategy,
3011 }, 3115 },
3012 { .ctl_name = 0 } 3116 { .ctl_name = 0 }
3013}; 3117};
3118
3119static struct ctl_table empty[1];
3120
3121static struct ctl_table ipv4_skeleton[] =
3122{
3123 { .procname = "route", .ctl_name = NET_IPV4_ROUTE,
3124 .mode = 0555, .child = ipv4_route_table},
3125 { .procname = "neigh", .ctl_name = NET_IPV4_NEIGH,
3126 .mode = 0555, .child = empty},
3127 { }
3128};
3129
3130static __net_initdata struct ctl_path ipv4_path[] = {
3131 { .procname = "net", .ctl_name = CTL_NET, },
3132 { .procname = "ipv4", .ctl_name = NET_IPV4, },
3133 { },
3134};
3135
3136static struct ctl_table ipv4_route_flush_table[] = {
3137 {
3138 .ctl_name = NET_IPV4_ROUTE_FLUSH,
3139 .procname = "flush",
3140 .maxlen = sizeof(int),
3141 .mode = 0200,
3142 .proc_handler = &ipv4_sysctl_rtcache_flush,
3143 .strategy = &ipv4_sysctl_rtcache_flush_strategy,
3144 },
3145 { .ctl_name = 0 },
3146};
3147
3148static __net_initdata struct ctl_path ipv4_route_path[] = {
3149 { .procname = "net", .ctl_name = CTL_NET, },
3150 { .procname = "ipv4", .ctl_name = NET_IPV4, },
3151 { .procname = "route", .ctl_name = NET_IPV4_ROUTE, },
3152 { },
3153};
3154
3155static __net_init int sysctl_route_net_init(struct net *net)
3156{
3157 struct ctl_table *tbl;
3158
3159 tbl = ipv4_route_flush_table;
3160 if (net != &init_net) {
3161 tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
3162 if (tbl == NULL)
3163 goto err_dup;
3164 }
3165 tbl[0].extra1 = net;
3166
3167 net->ipv4.route_hdr =
3168 register_net_sysctl_table(net, ipv4_route_path, tbl);
3169 if (net->ipv4.route_hdr == NULL)
3170 goto err_reg;
3171 return 0;
3172
3173err_reg:
3174 if (tbl != ipv4_route_flush_table)
3175 kfree(tbl);
3176err_dup:
3177 return -ENOMEM;
3178}
3179
3180static __net_exit void sysctl_route_net_exit(struct net *net)
3181{
3182 struct ctl_table *tbl;
3183
3184 tbl = net->ipv4.route_hdr->ctl_table_arg;
3185 unregister_net_sysctl_table(net->ipv4.route_hdr);
3186 BUG_ON(tbl == ipv4_route_flush_table);
3187 kfree(tbl);
3188}
3189
3190static __net_initdata struct pernet_operations sysctl_route_ops = {
3191 .init = sysctl_route_net_init,
3192 .exit = sysctl_route_net_exit,
3193};
3014#endif 3194#endif
3015 3195
3196
3197static __net_init int rt_secret_timer_init(struct net *net)
3198{
3199 atomic_set(&net->ipv4.rt_genid,
3200 (int) ((num_physpages ^ (num_physpages>>8)) ^
3201 (jiffies ^ (jiffies >> 7))));
3202
3203 net->ipv4.rt_secret_timer.function = rt_secret_rebuild;
3204 net->ipv4.rt_secret_timer.data = (unsigned long)net;
3205 init_timer_deferrable(&net->ipv4.rt_secret_timer);
3206
3207 if (ip_rt_secret_interval) {
3208 net->ipv4.rt_secret_timer.expires =
3209 jiffies + net_random() % ip_rt_secret_interval +
3210 ip_rt_secret_interval;
3211 add_timer(&net->ipv4.rt_secret_timer);
3212 }
3213 return 0;
3214}
3215
3216static __net_exit void rt_secret_timer_exit(struct net *net)
3217{
3218 del_timer_sync(&net->ipv4.rt_secret_timer);
3219}
3220
3221static __net_initdata struct pernet_operations rt_secret_timer_ops = {
3222 .init = rt_secret_timer_init,
3223 .exit = rt_secret_timer_exit,
3224};
3225
3226
3016#ifdef CONFIG_NET_CLS_ROUTE 3227#ifdef CONFIG_NET_CLS_ROUTE
3017struct ip_rt_acct *ip_rt_acct __read_mostly; 3228struct ip_rt_acct *ip_rt_acct __read_mostly;
3018#endif /* CONFIG_NET_CLS_ROUTE */ 3229#endif /* CONFIG_NET_CLS_ROUTE */
@@ -3031,9 +3242,6 @@ int __init ip_rt_init(void)
3031{ 3242{
3032 int rc = 0; 3243 int rc = 0;
3033 3244
3034 atomic_set(&rt_genid, (int) ((num_physpages ^ (num_physpages>>8)) ^
3035 (jiffies ^ (jiffies >> 7))));
3036
3037#ifdef CONFIG_NET_CLS_ROUTE 3245#ifdef CONFIG_NET_CLS_ROUTE
3038 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct)); 3246 ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct));
3039 if (!ip_rt_acct) 3247 if (!ip_rt_acct)
@@ -3065,19 +3273,14 @@ int __init ip_rt_init(void)
3065 devinet_init(); 3273 devinet_init();
3066 ip_fib_init(); 3274 ip_fib_init();
3067 3275
3068 rt_secret_timer.function = rt_secret_rebuild;
3069 rt_secret_timer.data = 0;
3070 init_timer_deferrable(&rt_secret_timer);
3071
3072 /* All the timers, started at system startup tend 3276 /* All the timers, started at system startup tend
3073 to synchronize. Perturb it a bit. 3277 to synchronize. Perturb it a bit.
3074 */ 3278 */
3075 schedule_delayed_work(&expires_work, 3279 schedule_delayed_work(&expires_work,
3076 net_random() % ip_rt_gc_interval + ip_rt_gc_interval); 3280 net_random() % ip_rt_gc_interval + ip_rt_gc_interval);
3077 3281
3078 rt_secret_timer.expires = jiffies + net_random() % ip_rt_secret_interval + 3282 if (register_pernet_subsys(&rt_secret_timer_ops))
3079 ip_rt_secret_interval; 3283 printk(KERN_ERR "Unable to setup rt_secret_timer\n");
3080 add_timer(&rt_secret_timer);
3081 3284
3082 if (ip_rt_proc_init()) 3285 if (ip_rt_proc_init())
3083 printk(KERN_ERR "Unable to create route proc files\n"); 3286 printk(KERN_ERR "Unable to create route proc files\n");
@@ -3087,9 +3290,23 @@ int __init ip_rt_init(void)
3087#endif 3290#endif
3088 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL); 3291 rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL);
3089 3292
3293#ifdef CONFIG_SYSCTL
3294 register_pernet_subsys(&sysctl_route_ops);
3295#endif
3090 return rc; 3296 return rc;
3091} 3297}
3092 3298
3299#ifdef CONFIG_SYSCTL
3300/*
3301 * We really need to sanitize the damn ipv4 init order, then all
3302 * this nonsense will go away.
3303 */
3304void __init ip_static_sysctl_init(void)
3305{
3306 register_sysctl_paths(ipv4_path, ipv4_skeleton);
3307}
3308#endif
3309
3093EXPORT_SYMBOL(__ip_select_ident); 3310EXPORT_SYMBOL(__ip_select_ident);
3094EXPORT_SYMBOL(ip_route_input); 3311EXPORT_SYMBOL(ip_route_input);
3095EXPORT_SYMBOL(ip_route_output_key); 3312EXPORT_SYMBOL(ip_route_output_key);
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 73ba98921d64..9d38005abbac 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -8,8 +8,6 @@
8 * modify it under the terms of the GNU General Public License 8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version. 10 * 2 of the License, or (at your option) any later version.
11 *
12 * $Id: syncookies.c,v 1.18 2002/02/01 22:01:04 davem Exp $
13 */ 11 */
14 12
15#include <linux/tcp.h> 13#include <linux/tcp.h>
@@ -175,7 +173,7 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
175 ; 173 ;
176 *mssp = msstab[mssind] + 1; 174 *mssp = msstab[mssind] + 1;
177 175
178 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESSENT); 176 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
179 177
180 return secure_tcp_syn_cookie(iph->saddr, iph->daddr, 178 return secure_tcp_syn_cookie(iph->saddr, iph->daddr,
181 th->source, th->dest, ntohl(th->seq), 179 th->source, th->dest, ntohl(th->seq),
@@ -271,11 +269,11 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
271 269
272 if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || 270 if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) ||
273 (mss = cookie_check(skb, cookie)) == 0) { 271 (mss = cookie_check(skb, cookie)) == 0) {
274 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED); 272 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED);
275 goto out; 273 goto out;
276 } 274 }
277 275
278 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESRECV); 276 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESRECV);
279 277
280 /* check for timestamp cookie support */ 278 /* check for timestamp cookie support */
281 memset(&tcp_opt, 0, sizeof(tcp_opt)); 279 memset(&tcp_opt, 0, sizeof(tcp_opt));
@@ -285,7 +283,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
285 cookie_check_timestamp(&tcp_opt); 283 cookie_check_timestamp(&tcp_opt);
286 284
287 ret = NULL; 285 ret = NULL;
288 req = reqsk_alloc(&tcp_request_sock_ops); /* for safety */ 286 req = inet_reqsk_alloc(&tcp_request_sock_ops); /* for safety */
289 if (!req) 287 if (!req)
290 goto out; 288 goto out;
291 289
@@ -301,7 +299,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
301 ireq->rmt_port = th->source; 299 ireq->rmt_port = th->source;
302 ireq->loc_addr = ip_hdr(skb)->daddr; 300 ireq->loc_addr = ip_hdr(skb)->daddr;
303 ireq->rmt_addr = ip_hdr(skb)->saddr; 301 ireq->rmt_addr = ip_hdr(skb)->saddr;
304 ireq->opt = NULL; 302 ireq->ecn_ok = 0;
305 ireq->snd_wscale = tcp_opt.snd_wscale; 303 ireq->snd_wscale = tcp_opt.snd_wscale;
306 ireq->rcv_wscale = tcp_opt.rcv_wscale; 304 ireq->rcv_wscale = tcp_opt.rcv_wscale;
307 ireq->sack_ok = tcp_opt.sack_ok; 305 ireq->sack_ok = tcp_opt.sack_ok;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index c437f804ee38..e0689fd7b798 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem. 2 * sysctl_net_ipv4.c: sysctl interface to net IPV4 subsystem.
3 * 3 *
4 * $Id: sysctl_net_ipv4.c,v 1.50 2001/10/20 00:00:11 davem Exp $
5 *
6 * Begun April 1, 1996, Mike Shaver. 4 * Begun April 1, 1996, Mike Shaver.
7 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS] 5 * Added /proc/sys/net/ipv4 directory entry (empty =) ). [MS]
8 */ 6 */
@@ -234,6 +232,7 @@ static struct ctl_table ipv4_table[] = {
234 .mode = 0644, 232 .mode = 0644,
235 .proc_handler = &ipv4_doint_and_flush, 233 .proc_handler = &ipv4_doint_and_flush,
236 .strategy = &ipv4_doint_and_flush_strategy, 234 .strategy = &ipv4_doint_and_flush_strategy,
235 .extra2 = &init_net,
237 }, 236 },
238 { 237 {
239 .ctl_name = NET_IPV4_NO_PMTU_DISC, 238 .ctl_name = NET_IPV4_NO_PMTU_DISC,
@@ -403,13 +402,6 @@ static struct ctl_table ipv4_table[] = {
403 .proc_handler = &ipv4_local_port_range, 402 .proc_handler = &ipv4_local_port_range,
404 .strategy = &ipv4_sysctl_local_port_range, 403 .strategy = &ipv4_sysctl_local_port_range,
405 }, 404 },
406 {
407 .ctl_name = NET_IPV4_ROUTE,
408 .procname = "route",
409 .maxlen = 0,
410 .mode = 0555,
411 .child = ipv4_route_table
412 },
413#ifdef CONFIG_IP_MULTICAST 405#ifdef CONFIG_IP_MULTICAST
414 { 406 {
415 .ctl_name = NET_IPV4_IGMP_MAX_MEMBERSHIPS, 407 .ctl_name = NET_IPV4_IGMP_MAX_MEMBERSHIPS,
@@ -795,7 +787,8 @@ static struct ctl_table ipv4_net_table[] = {
795 .data = &init_net.ipv4.sysctl_icmp_ratelimit, 787 .data = &init_net.ipv4.sysctl_icmp_ratelimit,
796 .maxlen = sizeof(int), 788 .maxlen = sizeof(int),
797 .mode = 0644, 789 .mode = 0644,
798 .proc_handler = &proc_dointvec 790 .proc_handler = &proc_dointvec_ms_jiffies,
791 .strategy = &sysctl_ms_jiffies
799 }, 792 },
800 { 793 {
801 .ctl_name = NET_IPV4_ICMP_RATEMASK, 794 .ctl_name = NET_IPV4_ICMP_RATEMASK,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f88653138621..1ab341e5d3e0 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * Implementation of the Transmission Control Protocol(TCP). 6 * Implementation of the Transmission Control Protocol(TCP).
7 * 7 *
8 * Version: $Id: tcp.c,v 1.216 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Mark Evans, <evansmp@uhura.aston.ac.uk> 10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
@@ -255,11 +253,14 @@
255#include <linux/init.h> 253#include <linux/init.h>
256#include <linux/fs.h> 254#include <linux/fs.h>
257#include <linux/skbuff.h> 255#include <linux/skbuff.h>
256#include <linux/scatterlist.h>
258#include <linux/splice.h> 257#include <linux/splice.h>
259#include <linux/net.h> 258#include <linux/net.h>
260#include <linux/socket.h> 259#include <linux/socket.h>
261#include <linux/random.h> 260#include <linux/random.h>
262#include <linux/bootmem.h> 261#include <linux/bootmem.h>
262#include <linux/highmem.h>
263#include <linux/swap.h>
263#include <linux/cache.h> 264#include <linux/cache.h>
264#include <linux/err.h> 265#include <linux/err.h>
265#include <linux/crypto.h> 266#include <linux/crypto.h>
@@ -276,8 +277,6 @@
276 277
277int sysctl_tcp_fin_timeout __read_mostly = TCP_FIN_TIMEOUT; 278int sysctl_tcp_fin_timeout __read_mostly = TCP_FIN_TIMEOUT;
278 279
279DEFINE_SNMP_STAT(struct tcp_mib, tcp_statistics) __read_mostly;
280
281atomic_t tcp_orphan_count = ATOMIC_INIT(0); 280atomic_t tcp_orphan_count = ATOMIC_INIT(0);
282 281
283EXPORT_SYMBOL_GPL(tcp_orphan_count); 282EXPORT_SYMBOL_GPL(tcp_orphan_count);
@@ -315,10 +314,10 @@ int tcp_memory_pressure __read_mostly;
315 314
316EXPORT_SYMBOL(tcp_memory_pressure); 315EXPORT_SYMBOL(tcp_memory_pressure);
317 316
318void tcp_enter_memory_pressure(void) 317void tcp_enter_memory_pressure(struct sock *sk)
319{ 318{
320 if (!tcp_memory_pressure) { 319 if (!tcp_memory_pressure) {
321 NET_INC_STATS(LINUX_MIB_TCPMEMORYPRESSURES); 320 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMEMORYPRESSURES);
322 tcp_memory_pressure = 1; 321 tcp_memory_pressure = 1;
323 } 322 }
324} 323}
@@ -343,8 +342,8 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
343 return inet_csk_listen_poll(sk); 342 return inet_csk_listen_poll(sk);
344 343
345 /* Socket is not locked. We are protected from async events 344 /* Socket is not locked. We are protected from async events
346 by poll logic and correct handling of state changes 345 * by poll logic and correct handling of state changes
347 made by another threads is impossible in any case. 346 * made by other threads is impossible in any case.
348 */ 347 */
349 348
350 mask = 0; 349 mask = 0;
@@ -370,10 +369,10 @@ unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
370 * in state CLOSE_WAIT. One solution is evident --- to set POLLHUP 369 * in state CLOSE_WAIT. One solution is evident --- to set POLLHUP
371 * if and only if shutdown has been made in both directions. 370 * if and only if shutdown has been made in both directions.
372 * Actually, it is interesting to look how Solaris and DUX 371 * Actually, it is interesting to look how Solaris and DUX
373 * solve this dilemma. I would prefer, if PULLHUP were maskable, 372 * solve this dilemma. I would prefer, if POLLHUP were maskable,
374 * then we could set it on SND_SHUTDOWN. BTW examples given 373 * then we could set it on SND_SHUTDOWN. BTW examples given
375 * in Stevens' books assume exactly this behaviour, it explains 374 * in Stevens' books assume exactly this behaviour, it explains
376 * why PULLHUP is incompatible with POLLOUT. --ANK 375 * why POLLHUP is incompatible with POLLOUT. --ANK
377 * 376 *
378 * NOTE. Check for TCP_CLOSE is added. The goal is to prevent 377 * NOTE. Check for TCP_CLOSE is added. The goal is to prevent
379 * blocking on fresh not-connected or disconnected socket. --ANK 378 * blocking on fresh not-connected or disconnected socket. --ANK
@@ -648,7 +647,7 @@ struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp)
648 } 647 }
649 __kfree_skb(skb); 648 __kfree_skb(skb);
650 } else { 649 } else {
651 sk->sk_prot->enter_memory_pressure(); 650 sk->sk_prot->enter_memory_pressure(sk);
652 sk_stream_moderate_sndbuf(sk); 651 sk_stream_moderate_sndbuf(sk);
653 } 652 }
654 return NULL; 653 return NULL;
@@ -1097,7 +1096,7 @@ void tcp_cleanup_rbuf(struct sock *sk, int copied)
1097#if TCP_DEBUG 1096#if TCP_DEBUG
1098 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); 1097 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue);
1099 1098
1100 BUG_TRAP(!skb || before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq)); 1099 WARN_ON(skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq));
1101#endif 1100#endif
1102 1101
1103 if (inet_csk_ack_scheduled(sk)) { 1102 if (inet_csk_ack_scheduled(sk)) {
@@ -1152,7 +1151,7 @@ static void tcp_prequeue_process(struct sock *sk)
1152 struct sk_buff *skb; 1151 struct sk_buff *skb;
1153 struct tcp_sock *tp = tcp_sk(sk); 1152 struct tcp_sock *tp = tcp_sk(sk);
1154 1153
1155 NET_INC_STATS_USER(LINUX_MIB_TCPPREQUEUED); 1154 NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPPREQUEUED);
1156 1155
1157 /* RX process wants to run with disabled BHs, though it is not 1156 /* RX process wants to run with disabled BHs, though it is not
1158 * necessary */ 1157 * necessary */
@@ -1206,7 +1205,8 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
1206 return -ENOTCONN; 1205 return -ENOTCONN;
1207 while ((skb = tcp_recv_skb(sk, seq, &offset)) != NULL) { 1206 while ((skb = tcp_recv_skb(sk, seq, &offset)) != NULL) {
1208 if (offset < skb->len) { 1207 if (offset < skb->len) {
1209 size_t used, len; 1208 int used;
1209 size_t len;
1210 1210
1211 len = skb->len - offset; 1211 len = skb->len - offset;
1212 /* Stop reading if we hit a patch of urgent data */ 1212 /* Stop reading if we hit a patch of urgent data */
@@ -1227,7 +1227,14 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
1227 copied += used; 1227 copied += used;
1228 offset += used; 1228 offset += used;
1229 } 1229 }
1230 if (offset != skb->len) 1230 /*
1231 * If recv_actor drops the lock (e.g. TCP splice
1232 * receive) the skb pointer might be invalid when
1233 * getting here: tcp_collapse might have deleted it
1234 * while aggregating skbs from the socket queue.
1235 */
1236 skb = tcp_recv_skb(sk, seq-1, &offset);
1237 if (!skb || (offset+1 != skb->len))
1231 break; 1238 break;
1232 } 1239 }
1233 if (tcp_hdr(skb)->fin) { 1240 if (tcp_hdr(skb)->fin) {
@@ -1351,7 +1358,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1351 goto found_ok_skb; 1358 goto found_ok_skb;
1352 if (tcp_hdr(skb)->fin) 1359 if (tcp_hdr(skb)->fin)
1353 goto found_fin_ok; 1360 goto found_fin_ok;
1354 BUG_TRAP(flags & MSG_PEEK); 1361 WARN_ON(!(flags & MSG_PEEK));
1355 skb = skb->next; 1362 skb = skb->next;
1356 } while (skb != (struct sk_buff *)&sk->sk_receive_queue); 1363 } while (skb != (struct sk_buff *)&sk->sk_receive_queue);
1357 1364
@@ -1414,8 +1421,8 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1414 1421
1415 tp->ucopy.len = len; 1422 tp->ucopy.len = len;
1416 1423
1417 BUG_TRAP(tp->copied_seq == tp->rcv_nxt || 1424 WARN_ON(tp->copied_seq != tp->rcv_nxt &&
1418 (flags & (MSG_PEEK | MSG_TRUNC))); 1425 !(flags & (MSG_PEEK | MSG_TRUNC)));
1419 1426
1420 /* Ugly... If prequeue is not empty, we have to 1427 /* Ugly... If prequeue is not empty, we have to
1421 * process it before releasing socket, otherwise 1428 * process it before releasing socket, otherwise
@@ -1466,7 +1473,7 @@ int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1466 /* __ Restore normal policy in scheduler __ */ 1473 /* __ Restore normal policy in scheduler __ */
1467 1474
1468 if ((chunk = len - tp->ucopy.len) != 0) { 1475 if ((chunk = len - tp->ucopy.len) != 0) {
1469 NET_ADD_STATS_USER(LINUX_MIB_TCPDIRECTCOPYFROMBACKLOG, chunk); 1476 NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMBACKLOG, chunk);
1470 len -= chunk; 1477 len -= chunk;
1471 copied += chunk; 1478 copied += chunk;
1472 } 1479 }
@@ -1477,7 +1484,7 @@ do_prequeue:
1477 tcp_prequeue_process(sk); 1484 tcp_prequeue_process(sk);
1478 1485
1479 if ((chunk = len - tp->ucopy.len) != 0) { 1486 if ((chunk = len - tp->ucopy.len) != 0) {
1480 NET_ADD_STATS_USER(LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk); 1487 NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
1481 len -= chunk; 1488 len -= chunk;
1482 copied += chunk; 1489 copied += chunk;
1483 } 1490 }
@@ -1592,7 +1599,7 @@ skip_copy:
1592 tcp_prequeue_process(sk); 1599 tcp_prequeue_process(sk);
1593 1600
1594 if (copied > 0 && (chunk = len - tp->ucopy.len) != 0) { 1601 if (copied > 0 && (chunk = len - tp->ucopy.len) != 0) {
1595 NET_ADD_STATS_USER(LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk); 1602 NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
1596 len -= chunk; 1603 len -= chunk;
1597 copied += chunk; 1604 copied += chunk;
1598 } 1605 }
@@ -1659,12 +1666,12 @@ void tcp_set_state(struct sock *sk, int state)
1659 switch (state) { 1666 switch (state) {
1660 case TCP_ESTABLISHED: 1667 case TCP_ESTABLISHED:
1661 if (oldstate != TCP_ESTABLISHED) 1668 if (oldstate != TCP_ESTABLISHED)
1662 TCP_INC_STATS(TCP_MIB_CURRESTAB); 1669 TCP_INC_STATS(sock_net(sk), TCP_MIB_CURRESTAB);
1663 break; 1670 break;
1664 1671
1665 case TCP_CLOSE: 1672 case TCP_CLOSE:
1666 if (oldstate == TCP_CLOSE_WAIT || oldstate == TCP_ESTABLISHED) 1673 if (oldstate == TCP_CLOSE_WAIT || oldstate == TCP_ESTABLISHED)
1667 TCP_INC_STATS(TCP_MIB_ESTABRESETS); 1674 TCP_INC_STATS(sock_net(sk), TCP_MIB_ESTABRESETS);
1668 1675
1669 sk->sk_prot->unhash(sk); 1676 sk->sk_prot->unhash(sk);
1670 if (inet_csk(sk)->icsk_bind_hash && 1677 if (inet_csk(sk)->icsk_bind_hash &&
@@ -1673,7 +1680,7 @@ void tcp_set_state(struct sock *sk, int state)
1673 /* fall through */ 1680 /* fall through */
1674 default: 1681 default:
1675 if (oldstate==TCP_ESTABLISHED) 1682 if (oldstate==TCP_ESTABLISHED)
1676 TCP_DEC_STATS(TCP_MIB_CURRESTAB); 1683 TCP_DEC_STATS(sock_net(sk), TCP_MIB_CURRESTAB);
1677 } 1684 }
1678 1685
1679 /* Change state AFTER socket is unhashed to avoid closed 1686 /* Change state AFTER socket is unhashed to avoid closed
@@ -1784,13 +1791,13 @@ void tcp_close(struct sock *sk, long timeout)
1784 */ 1791 */
1785 if (data_was_unread) { 1792 if (data_was_unread) {
1786 /* Unread data was tossed, zap the connection. */ 1793 /* Unread data was tossed, zap the connection. */
1787 NET_INC_STATS_USER(LINUX_MIB_TCPABORTONCLOSE); 1794 NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPABORTONCLOSE);
1788 tcp_set_state(sk, TCP_CLOSE); 1795 tcp_set_state(sk, TCP_CLOSE);
1789 tcp_send_active_reset(sk, GFP_KERNEL); 1796 tcp_send_active_reset(sk, GFP_KERNEL);
1790 } else if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) { 1797 } else if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
1791 /* Check zero linger _after_ checking for unread data. */ 1798 /* Check zero linger _after_ checking for unread data. */
1792 sk->sk_prot->disconnect(sk, 0); 1799 sk->sk_prot->disconnect(sk, 0);
1793 NET_INC_STATS_USER(LINUX_MIB_TCPABORTONDATA); 1800 NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPABORTONDATA);
1794 } else if (tcp_close_state(sk)) { 1801 } else if (tcp_close_state(sk)) {
1795 /* We FIN if the application ate all the data before 1802 /* We FIN if the application ate all the data before
1796 * zapping the connection. 1803 * zapping the connection.
@@ -1837,7 +1844,7 @@ adjudge_to_death:
1837 */ 1844 */
1838 local_bh_disable(); 1845 local_bh_disable();
1839 bh_lock_sock(sk); 1846 bh_lock_sock(sk);
1840 BUG_TRAP(!sock_owned_by_user(sk)); 1847 WARN_ON(sock_owned_by_user(sk));
1841 1848
1842 /* Have we already been destroyed by a softirq or backlog? */ 1849 /* Have we already been destroyed by a softirq or backlog? */
1843 if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE) 1850 if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
@@ -1862,7 +1869,8 @@ adjudge_to_death:
1862 if (tp->linger2 < 0) { 1869 if (tp->linger2 < 0) {
1863 tcp_set_state(sk, TCP_CLOSE); 1870 tcp_set_state(sk, TCP_CLOSE);
1864 tcp_send_active_reset(sk, GFP_ATOMIC); 1871 tcp_send_active_reset(sk, GFP_ATOMIC);
1865 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONLINGER); 1872 NET_INC_STATS_BH(sock_net(sk),
1873 LINUX_MIB_TCPABORTONLINGER);
1866 } else { 1874 } else {
1867 const int tmo = tcp_fin_time(sk); 1875 const int tmo = tcp_fin_time(sk);
1868 1876
@@ -1884,7 +1892,8 @@ adjudge_to_death:
1884 "sockets\n"); 1892 "sockets\n");
1885 tcp_set_state(sk, TCP_CLOSE); 1893 tcp_set_state(sk, TCP_CLOSE);
1886 tcp_send_active_reset(sk, GFP_ATOMIC); 1894 tcp_send_active_reset(sk, GFP_ATOMIC);
1887 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY); 1895 NET_INC_STATS_BH(sock_net(sk),
1896 LINUX_MIB_TCPABORTONMEMORY);
1888 } 1897 }
1889 } 1898 }
1890 1899
@@ -1964,7 +1973,7 @@ int tcp_disconnect(struct sock *sk, int flags)
1964 memset(&tp->rx_opt, 0, sizeof(tp->rx_opt)); 1973 memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
1965 __sk_dst_reset(sk); 1974 __sk_dst_reset(sk);
1966 1975
1967 BUG_TRAP(!inet->num || icsk->icsk_bind_hash); 1976 WARN_ON(inet->num && !icsk->icsk_bind_hash);
1968 1977
1969 sk->sk_error_report(sk); 1978 sk->sk_error_report(sk);
1970 return err; 1979 return err;
@@ -2105,12 +2114,15 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
2105 break; 2114 break;
2106 2115
2107 case TCP_DEFER_ACCEPT: 2116 case TCP_DEFER_ACCEPT:
2108 if (val < 0) { 2117 icsk->icsk_accept_queue.rskq_defer_accept = 0;
2109 err = -EINVAL; 2118 if (val > 0) {
2110 } else { 2119 /* Translate value in seconds to number of
2111 if (val > MAX_TCP_ACCEPT_DEFERRED) 2120 * retransmits */
2112 val = MAX_TCP_ACCEPT_DEFERRED; 2121 while (icsk->icsk_accept_queue.rskq_defer_accept < 32 &&
2113 icsk->icsk_accept_queue.rskq_defer_accept = val; 2122 val > ((TCP_TIMEOUT_INIT / HZ) <<
2123 icsk->icsk_accept_queue.rskq_defer_accept))
2124 icsk->icsk_accept_queue.rskq_defer_accept++;
2125 icsk->icsk_accept_queue.rskq_defer_accept++;
2114 } 2126 }
2115 break; 2127 break;
2116 2128
@@ -2292,7 +2304,8 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
2292 val = (val ? : sysctl_tcp_fin_timeout) / HZ; 2304 val = (val ? : sysctl_tcp_fin_timeout) / HZ;
2293 break; 2305 break;
2294 case TCP_DEFER_ACCEPT: 2306 case TCP_DEFER_ACCEPT:
2295 val = icsk->icsk_accept_queue.rskq_defer_accept; 2307 val = !icsk->icsk_accept_queue.rskq_defer_accept ? 0 :
2308 ((TCP_TIMEOUT_INIT / HZ) << (icsk->icsk_accept_queue.rskq_defer_accept - 1));
2296 break; 2309 break;
2297 case TCP_WINDOW_CLAMP: 2310 case TCP_WINDOW_CLAMP:
2298 val = tp->window_clamp; 2311 val = tp->window_clamp;
@@ -2575,12 +2588,69 @@ void __tcp_put_md5sig_pool(void)
2575} 2588}
2576 2589
2577EXPORT_SYMBOL(__tcp_put_md5sig_pool); 2590EXPORT_SYMBOL(__tcp_put_md5sig_pool);
2591
2592int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
2593 struct tcphdr *th)
2594{
2595 struct scatterlist sg;
2596 int err;
2597
2598 __sum16 old_checksum = th->check;
2599 th->check = 0;
2600 /* options aren't included in the hash */
2601 sg_init_one(&sg, th, sizeof(struct tcphdr));
2602 err = crypto_hash_update(&hp->md5_desc, &sg, sizeof(struct tcphdr));
2603 th->check = old_checksum;
2604 return err;
2605}
2606
2607EXPORT_SYMBOL(tcp_md5_hash_header);
2608
2609int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
2610 struct sk_buff *skb, unsigned header_len)
2611{
2612 struct scatterlist sg;
2613 const struct tcphdr *tp = tcp_hdr(skb);
2614 struct hash_desc *desc = &hp->md5_desc;
2615 unsigned i;
2616 const unsigned head_data_len = skb_headlen(skb) > header_len ?
2617 skb_headlen(skb) - header_len : 0;
2618 const struct skb_shared_info *shi = skb_shinfo(skb);
2619
2620 sg_init_table(&sg, 1);
2621
2622 sg_set_buf(&sg, ((u8 *) tp) + header_len, head_data_len);
2623 if (crypto_hash_update(desc, &sg, head_data_len))
2624 return 1;
2625
2626 for (i = 0; i < shi->nr_frags; ++i) {
2627 const struct skb_frag_struct *f = &shi->frags[i];
2628 sg_set_page(&sg, f->page, f->size, f->page_offset);
2629 if (crypto_hash_update(desc, &sg, f->size))
2630 return 1;
2631 }
2632
2633 return 0;
2634}
2635
2636EXPORT_SYMBOL(tcp_md5_hash_skb_data);
2637
2638int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, struct tcp_md5sig_key *key)
2639{
2640 struct scatterlist sg;
2641
2642 sg_init_one(&sg, key->key, key->keylen);
2643 return crypto_hash_update(&hp->md5_desc, &sg, key->keylen);
2644}
2645
2646EXPORT_SYMBOL(tcp_md5_hash_key);
2647
2578#endif 2648#endif
2579 2649
2580void tcp_done(struct sock *sk) 2650void tcp_done(struct sock *sk)
2581{ 2651{
2582 if(sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV) 2652 if(sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
2583 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS); 2653 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
2584 2654
2585 tcp_set_state(sk, TCP_CLOSE); 2655 tcp_set_state(sk, TCP_CLOSE);
2586 tcp_clear_xmit_timers(sk); 2656 tcp_clear_xmit_timers(sk);
@@ -2609,7 +2679,7 @@ __setup("thash_entries=", set_thash_entries);
2609void __init tcp_init(void) 2679void __init tcp_init(void)
2610{ 2680{
2611 struct sk_buff *skb = NULL; 2681 struct sk_buff *skb = NULL;
2612 unsigned long limit; 2682 unsigned long nr_pages, limit;
2613 int order, i, max_share; 2683 int order, i, max_share;
2614 2684
2615 BUILD_BUG_ON(sizeof(struct tcp_skb_cb) > sizeof(skb->cb)); 2685 BUILD_BUG_ON(sizeof(struct tcp_skb_cb) > sizeof(skb->cb));
@@ -2678,8 +2748,9 @@ void __init tcp_init(void)
2678 * is up to 1/2 at 256 MB, decreasing toward zero with the amount of 2748 * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
2679 * memory, with a floor of 128 pages. 2749 * memory, with a floor of 128 pages.
2680 */ 2750 */
2681 limit = min(nr_all_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT); 2751 nr_pages = totalram_pages - totalhigh_pages;
2682 limit = (limit * (nr_all_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11); 2752 limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
2753 limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
2683 limit = max(limit, 128UL); 2754 limit = max(limit, 128UL);
2684 sysctl_tcp_mem[0] = limit / 4 * 3; 2755 sysctl_tcp_mem[0] = limit / 4 * 3;
2685 sysctl_tcp_mem[1] = limit; 2756 sysctl_tcp_mem[1] = limit;
@@ -2716,4 +2787,3 @@ EXPORT_SYMBOL(tcp_splice_read);
2716EXPORT_SYMBOL(tcp_sendpage); 2787EXPORT_SYMBOL(tcp_sendpage);
2717EXPORT_SYMBOL(tcp_setsockopt); 2788EXPORT_SYMBOL(tcp_setsockopt);
2718EXPORT_SYMBOL(tcp_shutdown); 2789EXPORT_SYMBOL(tcp_shutdown);
2719EXPORT_SYMBOL(tcp_statistics);
diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c
index 2fbcc7d1b1a0..838d491dfda7 100644
--- a/net/ipv4/tcp_diag.c
+++ b/net/ipv4/tcp_diag.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * tcp_diag.c Module for monitoring TCP transport protocols sockets. 2 * tcp_diag.c Module for monitoring TCP transport protocols sockets.
3 * 3 *
4 * Version: $Id: tcp_diag.c,v 1.3 2002/02/01 22:01:04 davem Exp $
5 *
6 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 4 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
7 * 5 *
8 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index b54d9d37b636..67ccce2a96bd 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * Implementation of the Transmission Control Protocol(TCP). 6 * Implementation of the Transmission Control Protocol(TCP).
7 * 7 *
8 * Version: $Id: tcp_input.c,v 1.243 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Mark Evans, <evansmp@uhura.aston.ac.uk> 10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
@@ -604,7 +602,7 @@ static u32 tcp_rto_min(struct sock *sk)
604 u32 rto_min = TCP_RTO_MIN; 602 u32 rto_min = TCP_RTO_MIN;
605 603
606 if (dst && dst_metric_locked(dst, RTAX_RTO_MIN)) 604 if (dst && dst_metric_locked(dst, RTAX_RTO_MIN))
607 rto_min = dst_metric(dst, RTAX_RTO_MIN); 605 rto_min = dst_metric_rtt(dst, RTAX_RTO_MIN);
608 return rto_min; 606 return rto_min;
609} 607}
610 608
@@ -731,6 +729,7 @@ void tcp_update_metrics(struct sock *sk)
731 if (dst && (dst->flags & DST_HOST)) { 729 if (dst && (dst->flags & DST_HOST)) {
732 const struct inet_connection_sock *icsk = inet_csk(sk); 730 const struct inet_connection_sock *icsk = inet_csk(sk);
733 int m; 731 int m;
732 unsigned long rtt;
734 733
735 if (icsk->icsk_backoff || !tp->srtt) { 734 if (icsk->icsk_backoff || !tp->srtt) {
736 /* This session failed to estimate rtt. Why? 735 /* This session failed to estimate rtt. Why?
@@ -742,7 +741,8 @@ void tcp_update_metrics(struct sock *sk)
742 return; 741 return;
743 } 742 }
744 743
745 m = dst_metric(dst, RTAX_RTT) - tp->srtt; 744 rtt = dst_metric_rtt(dst, RTAX_RTT);
745 m = rtt - tp->srtt;
746 746
747 /* If newly calculated rtt larger than stored one, 747 /* If newly calculated rtt larger than stored one,
748 * store new one. Otherwise, use EWMA. Remember, 748 * store new one. Otherwise, use EWMA. Remember,
@@ -750,12 +750,13 @@ void tcp_update_metrics(struct sock *sk)
750 */ 750 */
751 if (!(dst_metric_locked(dst, RTAX_RTT))) { 751 if (!(dst_metric_locked(dst, RTAX_RTT))) {
752 if (m <= 0) 752 if (m <= 0)
753 dst->metrics[RTAX_RTT - 1] = tp->srtt; 753 set_dst_metric_rtt(dst, RTAX_RTT, tp->srtt);
754 else 754 else
755 dst->metrics[RTAX_RTT - 1] -= (m >> 3); 755 set_dst_metric_rtt(dst, RTAX_RTT, rtt - (m >> 3));
756 } 756 }
757 757
758 if (!(dst_metric_locked(dst, RTAX_RTTVAR))) { 758 if (!(dst_metric_locked(dst, RTAX_RTTVAR))) {
759 unsigned long var;
759 if (m < 0) 760 if (m < 0)
760 m = -m; 761 m = -m;
761 762
@@ -764,11 +765,13 @@ void tcp_update_metrics(struct sock *sk)
764 if (m < tp->mdev) 765 if (m < tp->mdev)
765 m = tp->mdev; 766 m = tp->mdev;
766 767
767 if (m >= dst_metric(dst, RTAX_RTTVAR)) 768 var = dst_metric_rtt(dst, RTAX_RTTVAR);
768 dst->metrics[RTAX_RTTVAR - 1] = m; 769 if (m >= var)
770 var = m;
769 else 771 else
770 dst->metrics[RTAX_RTTVAR-1] -= 772 var -= (var - m) >> 2;
771 (dst_metric(dst, RTAX_RTTVAR) - m)>>2; 773
774 set_dst_metric_rtt(dst, RTAX_RTTVAR, var);
772 } 775 }
773 776
774 if (tp->snd_ssthresh >= 0xFFFF) { 777 if (tp->snd_ssthresh >= 0xFFFF) {
@@ -899,7 +902,7 @@ static void tcp_init_metrics(struct sock *sk)
899 if (dst_metric(dst, RTAX_RTT) == 0) 902 if (dst_metric(dst, RTAX_RTT) == 0)
900 goto reset; 903 goto reset;
901 904
902 if (!tp->srtt && dst_metric(dst, RTAX_RTT) < (TCP_TIMEOUT_INIT << 3)) 905 if (!tp->srtt && dst_metric_rtt(dst, RTAX_RTT) < (TCP_TIMEOUT_INIT << 3))
903 goto reset; 906 goto reset;
904 907
905 /* Initial rtt is determined from SYN,SYN-ACK. 908 /* Initial rtt is determined from SYN,SYN-ACK.
@@ -916,12 +919,12 @@ static void tcp_init_metrics(struct sock *sk)
916 * to low value, and then abruptly stops to do it and starts to delay 919 * to low value, and then abruptly stops to do it and starts to delay
917 * ACKs, wait for troubles. 920 * ACKs, wait for troubles.
918 */ 921 */
919 if (dst_metric(dst, RTAX_RTT) > tp->srtt) { 922 if (dst_metric_rtt(dst, RTAX_RTT) > tp->srtt) {
920 tp->srtt = dst_metric(dst, RTAX_RTT); 923 tp->srtt = dst_metric_rtt(dst, RTAX_RTT);
921 tp->rtt_seq = tp->snd_nxt; 924 tp->rtt_seq = tp->snd_nxt;
922 } 925 }
923 if (dst_metric(dst, RTAX_RTTVAR) > tp->mdev) { 926 if (dst_metric_rtt(dst, RTAX_RTTVAR) > tp->mdev) {
924 tp->mdev = dst_metric(dst, RTAX_RTTVAR); 927 tp->mdev = dst_metric_rtt(dst, RTAX_RTTVAR);
925 tp->mdev_max = tp->rttvar = max(tp->mdev, tcp_rto_min(sk)); 928 tp->mdev_max = tp->rttvar = max(tp->mdev, tcp_rto_min(sk));
926 } 929 }
927 tcp_set_rto(sk); 930 tcp_set_rto(sk);
@@ -949,17 +952,21 @@ static void tcp_update_reordering(struct sock *sk, const int metric,
949{ 952{
950 struct tcp_sock *tp = tcp_sk(sk); 953 struct tcp_sock *tp = tcp_sk(sk);
951 if (metric > tp->reordering) { 954 if (metric > tp->reordering) {
955 int mib_idx;
956
952 tp->reordering = min(TCP_MAX_REORDERING, metric); 957 tp->reordering = min(TCP_MAX_REORDERING, metric);
953 958
954 /* This exciting event is worth to be remembered. 8) */ 959 /* This exciting event is worth to be remembered. 8) */
955 if (ts) 960 if (ts)
956 NET_INC_STATS_BH(LINUX_MIB_TCPTSREORDER); 961 mib_idx = LINUX_MIB_TCPTSREORDER;
957 else if (tcp_is_reno(tp)) 962 else if (tcp_is_reno(tp))
958 NET_INC_STATS_BH(LINUX_MIB_TCPRENOREORDER); 963 mib_idx = LINUX_MIB_TCPRENOREORDER;
959 else if (tcp_is_fack(tp)) 964 else if (tcp_is_fack(tp))
960 NET_INC_STATS_BH(LINUX_MIB_TCPFACKREORDER); 965 mib_idx = LINUX_MIB_TCPFACKREORDER;
961 else 966 else
962 NET_INC_STATS_BH(LINUX_MIB_TCPSACKREORDER); 967 mib_idx = LINUX_MIB_TCPSACKREORDER;
968
969 NET_INC_STATS_BH(sock_net(sk), mib_idx);
963#if FASTRETRANS_DEBUG > 1 970#if FASTRETRANS_DEBUG > 1
964 printk(KERN_DEBUG "Disorder%d %d %u f%u s%u rr%d\n", 971 printk(KERN_DEBUG "Disorder%d %d %u f%u s%u rr%d\n",
965 tp->rx_opt.sack_ok, inet_csk(sk)->icsk_ca_state, 972 tp->rx_opt.sack_ok, inet_csk(sk)->icsk_ca_state,
@@ -1155,7 +1162,7 @@ static void tcp_mark_lost_retrans(struct sock *sk)
1155 tp->lost_out += tcp_skb_pcount(skb); 1162 tp->lost_out += tcp_skb_pcount(skb);
1156 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 1163 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
1157 } 1164 }
1158 NET_INC_STATS_BH(LINUX_MIB_TCPLOSTRETRANSMIT); 1165 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPLOSTRETRANSMIT);
1159 } else { 1166 } else {
1160 if (before(ack_seq, new_low_seq)) 1167 if (before(ack_seq, new_low_seq))
1161 new_low_seq = ack_seq; 1168 new_low_seq = ack_seq;
@@ -1167,10 +1174,11 @@ static void tcp_mark_lost_retrans(struct sock *sk)
1167 tp->lost_retrans_low = new_low_seq; 1174 tp->lost_retrans_low = new_low_seq;
1168} 1175}
1169 1176
1170static int tcp_check_dsack(struct tcp_sock *tp, struct sk_buff *ack_skb, 1177static int tcp_check_dsack(struct sock *sk, struct sk_buff *ack_skb,
1171 struct tcp_sack_block_wire *sp, int num_sacks, 1178 struct tcp_sack_block_wire *sp, int num_sacks,
1172 u32 prior_snd_una) 1179 u32 prior_snd_una)
1173{ 1180{
1181 struct tcp_sock *tp = tcp_sk(sk);
1174 u32 start_seq_0 = get_unaligned_be32(&sp[0].start_seq); 1182 u32 start_seq_0 = get_unaligned_be32(&sp[0].start_seq);
1175 u32 end_seq_0 = get_unaligned_be32(&sp[0].end_seq); 1183 u32 end_seq_0 = get_unaligned_be32(&sp[0].end_seq);
1176 int dup_sack = 0; 1184 int dup_sack = 0;
@@ -1178,7 +1186,7 @@ static int tcp_check_dsack(struct tcp_sock *tp, struct sk_buff *ack_skb,
1178 if (before(start_seq_0, TCP_SKB_CB(ack_skb)->ack_seq)) { 1186 if (before(start_seq_0, TCP_SKB_CB(ack_skb)->ack_seq)) {
1179 dup_sack = 1; 1187 dup_sack = 1;
1180 tcp_dsack_seen(tp); 1188 tcp_dsack_seen(tp);
1181 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV); 1189 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPDSACKRECV);
1182 } else if (num_sacks > 1) { 1190 } else if (num_sacks > 1) {
1183 u32 end_seq_1 = get_unaligned_be32(&sp[1].end_seq); 1191 u32 end_seq_1 = get_unaligned_be32(&sp[1].end_seq);
1184 u32 start_seq_1 = get_unaligned_be32(&sp[1].start_seq); 1192 u32 start_seq_1 = get_unaligned_be32(&sp[1].start_seq);
@@ -1187,7 +1195,8 @@ static int tcp_check_dsack(struct tcp_sock *tp, struct sk_buff *ack_skb,
1187 !before(start_seq_0, start_seq_1)) { 1195 !before(start_seq_0, start_seq_1)) {
1188 dup_sack = 1; 1196 dup_sack = 1;
1189 tcp_dsack_seen(tp); 1197 tcp_dsack_seen(tp);
1190 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV); 1198 NET_INC_STATS_BH(sock_net(sk),
1199 LINUX_MIB_TCPDSACKOFORECV);
1191 } 1200 }
1192 } 1201 }
1193 1202
@@ -1392,9 +1401,9 @@ static struct sk_buff *tcp_maybe_skipping_dsack(struct sk_buff *skb,
1392 1401
1393 if (before(next_dup->start_seq, skip_to_seq)) { 1402 if (before(next_dup->start_seq, skip_to_seq)) {
1394 skb = tcp_sacktag_skip(skb, sk, next_dup->start_seq, fack_count); 1403 skb = tcp_sacktag_skip(skb, sk, next_dup->start_seq, fack_count);
1395 tcp_sacktag_walk(skb, sk, NULL, 1404 skb = tcp_sacktag_walk(skb, sk, NULL,
1396 next_dup->start_seq, next_dup->end_seq, 1405 next_dup->start_seq, next_dup->end_seq,
1397 1, fack_count, reord, flag); 1406 1, fack_count, reord, flag);
1398 } 1407 }
1399 1408
1400 return skb; 1409 return skb;
@@ -1414,10 +1423,10 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb,
1414 unsigned char *ptr = (skb_transport_header(ack_skb) + 1423 unsigned char *ptr = (skb_transport_header(ack_skb) +
1415 TCP_SKB_CB(ack_skb)->sacked); 1424 TCP_SKB_CB(ack_skb)->sacked);
1416 struct tcp_sack_block_wire *sp_wire = (struct tcp_sack_block_wire *)(ptr+2); 1425 struct tcp_sack_block_wire *sp_wire = (struct tcp_sack_block_wire *)(ptr+2);
1417 struct tcp_sack_block sp[4]; 1426 struct tcp_sack_block sp[TCP_NUM_SACKS];
1418 struct tcp_sack_block *cache; 1427 struct tcp_sack_block *cache;
1419 struct sk_buff *skb; 1428 struct sk_buff *skb;
1420 int num_sacks = (ptr[1] - TCPOLEN_SACK_BASE) >> 3; 1429 int num_sacks = min(TCP_NUM_SACKS, (ptr[1] - TCPOLEN_SACK_BASE) >> 3);
1421 int used_sacks; 1430 int used_sacks;
1422 int reord = tp->packets_out; 1431 int reord = tp->packets_out;
1423 int flag = 0; 1432 int flag = 0;
@@ -1432,7 +1441,7 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb,
1432 tcp_highest_sack_reset(sk); 1441 tcp_highest_sack_reset(sk);
1433 } 1442 }
1434 1443
1435 found_dup_sack = tcp_check_dsack(tp, ack_skb, sp_wire, 1444 found_dup_sack = tcp_check_dsack(sk, ack_skb, sp_wire,
1436 num_sacks, prior_snd_una); 1445 num_sacks, prior_snd_una);
1437 if (found_dup_sack) 1446 if (found_dup_sack)
1438 flag |= FLAG_DSACKING_ACK; 1447 flag |= FLAG_DSACKING_ACK;
@@ -1458,18 +1467,22 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb,
1458 if (!tcp_is_sackblock_valid(tp, dup_sack, 1467 if (!tcp_is_sackblock_valid(tp, dup_sack,
1459 sp[used_sacks].start_seq, 1468 sp[used_sacks].start_seq,
1460 sp[used_sacks].end_seq)) { 1469 sp[used_sacks].end_seq)) {
1470 int mib_idx;
1471
1461 if (dup_sack) { 1472 if (dup_sack) {
1462 if (!tp->undo_marker) 1473 if (!tp->undo_marker)
1463 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKIGNOREDNOUNDO); 1474 mib_idx = LINUX_MIB_TCPDSACKIGNOREDNOUNDO;
1464 else 1475 else
1465 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKIGNOREDOLD); 1476 mib_idx = LINUX_MIB_TCPDSACKIGNOREDOLD;
1466 } else { 1477 } else {
1467 /* Don't count olds caused by ACK reordering */ 1478 /* Don't count olds caused by ACK reordering */
1468 if ((TCP_SKB_CB(ack_skb)->ack_seq != tp->snd_una) && 1479 if ((TCP_SKB_CB(ack_skb)->ack_seq != tp->snd_una) &&
1469 !after(sp[used_sacks].end_seq, tp->snd_una)) 1480 !after(sp[used_sacks].end_seq, tp->snd_una))
1470 continue; 1481 continue;
1471 NET_INC_STATS_BH(LINUX_MIB_TCPSACKDISCARD); 1482 mib_idx = LINUX_MIB_TCPSACKDISCARD;
1472 } 1483 }
1484
1485 NET_INC_STATS_BH(sock_net(sk), mib_idx);
1473 if (i == 0) 1486 if (i == 0)
1474 first_sack_index = -1; 1487 first_sack_index = -1;
1475 continue; 1488 continue;
@@ -1616,10 +1629,10 @@ advance_sp:
1616out: 1629out:
1617 1630
1618#if FASTRETRANS_DEBUG > 0 1631#if FASTRETRANS_DEBUG > 0
1619 BUG_TRAP((int)tp->sacked_out >= 0); 1632 WARN_ON((int)tp->sacked_out < 0);
1620 BUG_TRAP((int)tp->lost_out >= 0); 1633 WARN_ON((int)tp->lost_out < 0);
1621 BUG_TRAP((int)tp->retrans_out >= 0); 1634 WARN_ON((int)tp->retrans_out < 0);
1622 BUG_TRAP((int)tcp_packets_in_flight(tp) >= 0); 1635 WARN_ON((int)tcp_packets_in_flight(tp) < 0);
1623#endif 1636#endif
1624 return flag; 1637 return flag;
1625} 1638}
@@ -1962,7 +1975,7 @@ static int tcp_check_sack_reneging(struct sock *sk, int flag)
1962{ 1975{
1963 if (flag & FLAG_SACK_RENEGING) { 1976 if (flag & FLAG_SACK_RENEGING) {
1964 struct inet_connection_sock *icsk = inet_csk(sk); 1977 struct inet_connection_sock *icsk = inet_csk(sk);
1965 NET_INC_STATS_BH(LINUX_MIB_TCPSACKRENEGING); 1978 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSACKRENEGING);
1966 1979
1967 tcp_enter_loss(sk, 1); 1980 tcp_enter_loss(sk, 1);
1968 icsk->icsk_retransmits++; 1981 icsk->icsk_retransmits++;
@@ -2168,7 +2181,7 @@ static void tcp_mark_head_lost(struct sock *sk, int packets)
2168 int err; 2181 int err;
2169 unsigned int mss; 2182 unsigned int mss;
2170 2183
2171 BUG_TRAP(packets <= tp->packets_out); 2184 WARN_ON(packets > tp->packets_out);
2172 if (tp->lost_skb_hint) { 2185 if (tp->lost_skb_hint) {
2173 skb = tp->lost_skb_hint; 2186 skb = tp->lost_skb_hint;
2174 cnt = tp->lost_cnt_hint; 2187 cnt = tp->lost_cnt_hint;
@@ -2382,15 +2395,19 @@ static int tcp_try_undo_recovery(struct sock *sk)
2382 struct tcp_sock *tp = tcp_sk(sk); 2395 struct tcp_sock *tp = tcp_sk(sk);
2383 2396
2384 if (tcp_may_undo(tp)) { 2397 if (tcp_may_undo(tp)) {
2398 int mib_idx;
2399
2385 /* Happy end! We did not retransmit anything 2400 /* Happy end! We did not retransmit anything
2386 * or our original transmission succeeded. 2401 * or our original transmission succeeded.
2387 */ 2402 */
2388 DBGUNDO(sk, inet_csk(sk)->icsk_ca_state == TCP_CA_Loss ? "loss" : "retrans"); 2403 DBGUNDO(sk, inet_csk(sk)->icsk_ca_state == TCP_CA_Loss ? "loss" : "retrans");
2389 tcp_undo_cwr(sk, 1); 2404 tcp_undo_cwr(sk, 1);
2390 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Loss) 2405 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Loss)
2391 NET_INC_STATS_BH(LINUX_MIB_TCPLOSSUNDO); 2406 mib_idx = LINUX_MIB_TCPLOSSUNDO;
2392 else 2407 else
2393 NET_INC_STATS_BH(LINUX_MIB_TCPFULLUNDO); 2408 mib_idx = LINUX_MIB_TCPFULLUNDO;
2409
2410 NET_INC_STATS_BH(sock_net(sk), mib_idx);
2394 tp->undo_marker = 0; 2411 tp->undo_marker = 0;
2395 } 2412 }
2396 if (tp->snd_una == tp->high_seq && tcp_is_reno(tp)) { 2413 if (tp->snd_una == tp->high_seq && tcp_is_reno(tp)) {
@@ -2413,7 +2430,7 @@ static void tcp_try_undo_dsack(struct sock *sk)
2413 DBGUNDO(sk, "D-SACK"); 2430 DBGUNDO(sk, "D-SACK");
2414 tcp_undo_cwr(sk, 1); 2431 tcp_undo_cwr(sk, 1);
2415 tp->undo_marker = 0; 2432 tp->undo_marker = 0;
2416 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKUNDO); 2433 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPDSACKUNDO);
2417 } 2434 }
2418} 2435}
2419 2436
@@ -2436,7 +2453,7 @@ static int tcp_try_undo_partial(struct sock *sk, int acked)
2436 2453
2437 DBGUNDO(sk, "Hoe"); 2454 DBGUNDO(sk, "Hoe");
2438 tcp_undo_cwr(sk, 0); 2455 tcp_undo_cwr(sk, 0);
2439 NET_INC_STATS_BH(LINUX_MIB_TCPPARTIALUNDO); 2456 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPPARTIALUNDO);
2440 2457
2441 /* So... Do not make Hoe's retransmit yet. 2458 /* So... Do not make Hoe's retransmit yet.
2442 * If the first packet was delayed, the rest 2459 * If the first packet was delayed, the rest
@@ -2465,7 +2482,7 @@ static int tcp_try_undo_loss(struct sock *sk)
2465 DBGUNDO(sk, "partial loss"); 2482 DBGUNDO(sk, "partial loss");
2466 tp->lost_out = 0; 2483 tp->lost_out = 0;
2467 tcp_undo_cwr(sk, 1); 2484 tcp_undo_cwr(sk, 1);
2468 NET_INC_STATS_BH(LINUX_MIB_TCPLOSSUNDO); 2485 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPLOSSUNDO);
2469 inet_csk(sk)->icsk_retransmits = 0; 2486 inet_csk(sk)->icsk_retransmits = 0;
2470 tp->undo_marker = 0; 2487 tp->undo_marker = 0;
2471 if (tcp_is_sack(tp)) 2488 if (tcp_is_sack(tp))
@@ -2483,6 +2500,20 @@ static inline void tcp_complete_cwr(struct sock *sk)
2483 tcp_ca_event(sk, CA_EVENT_COMPLETE_CWR); 2500 tcp_ca_event(sk, CA_EVENT_COMPLETE_CWR);
2484} 2501}
2485 2502
2503static void tcp_try_keep_open(struct sock *sk)
2504{
2505 struct tcp_sock *tp = tcp_sk(sk);
2506 int state = TCP_CA_Open;
2507
2508 if (tcp_left_out(tp) || tp->retrans_out || tp->undo_marker)
2509 state = TCP_CA_Disorder;
2510
2511 if (inet_csk(sk)->icsk_ca_state != state) {
2512 tcp_set_ca_state(sk, state);
2513 tp->high_seq = tp->snd_nxt;
2514 }
2515}
2516
2486static void tcp_try_to_open(struct sock *sk, int flag) 2517static void tcp_try_to_open(struct sock *sk, int flag)
2487{ 2518{
2488 struct tcp_sock *tp = tcp_sk(sk); 2519 struct tcp_sock *tp = tcp_sk(sk);
@@ -2496,15 +2527,7 @@ static void tcp_try_to_open(struct sock *sk, int flag)
2496 tcp_enter_cwr(sk, 1); 2527 tcp_enter_cwr(sk, 1);
2497 2528
2498 if (inet_csk(sk)->icsk_ca_state != TCP_CA_CWR) { 2529 if (inet_csk(sk)->icsk_ca_state != TCP_CA_CWR) {
2499 int state = TCP_CA_Open; 2530 tcp_try_keep_open(sk);
2500
2501 if (tcp_left_out(tp) || tp->retrans_out || tp->undo_marker)
2502 state = TCP_CA_Disorder;
2503
2504 if (inet_csk(sk)->icsk_ca_state != state) {
2505 tcp_set_ca_state(sk, state);
2506 tp->high_seq = tp->snd_nxt;
2507 }
2508 tcp_moderate_cwnd(tp); 2531 tcp_moderate_cwnd(tp);
2509 } else { 2532 } else {
2510 tcp_cwnd_down(sk, flag); 2533 tcp_cwnd_down(sk, flag);
@@ -2556,7 +2579,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2556 int is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP)); 2579 int is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP));
2557 int do_lost = is_dupack || ((flag & FLAG_DATA_SACKED) && 2580 int do_lost = is_dupack || ((flag & FLAG_DATA_SACKED) &&
2558 (tcp_fackets_out(tp) > tp->reordering)); 2581 (tcp_fackets_out(tp) > tp->reordering));
2559 int fast_rexmit = 0; 2582 int fast_rexmit = 0, mib_idx;
2560 2583
2561 if (WARN_ON(!tp->packets_out && tp->sacked_out)) 2584 if (WARN_ON(!tp->packets_out && tp->sacked_out))
2562 tp->sacked_out = 0; 2585 tp->sacked_out = 0;
@@ -2578,7 +2601,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2578 icsk->icsk_ca_state != TCP_CA_Open && 2601 icsk->icsk_ca_state != TCP_CA_Open &&
2579 tp->fackets_out > tp->reordering) { 2602 tp->fackets_out > tp->reordering) {
2580 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering); 2603 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering);
2581 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS); 2604 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPLOSS);
2582 } 2605 }
2583 2606
2584 /* D. Check consistency of the current state. */ 2607 /* D. Check consistency of the current state. */
@@ -2587,7 +2610,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2587 /* E. Check state exit conditions. State can be terminated 2610 /* E. Check state exit conditions. State can be terminated
2588 * when high_seq is ACKed. */ 2611 * when high_seq is ACKed. */
2589 if (icsk->icsk_ca_state == TCP_CA_Open) { 2612 if (icsk->icsk_ca_state == TCP_CA_Open) {
2590 BUG_TRAP(tp->retrans_out == 0); 2613 WARN_ON(tp->retrans_out != 0);
2591 tp->retrans_stamp = 0; 2614 tp->retrans_stamp = 0;
2592 } else if (!before(tp->snd_una, tp->high_seq)) { 2615 } else if (!before(tp->snd_una, tp->high_seq)) {
2593 switch (icsk->icsk_ca_state) { 2616 switch (icsk->icsk_ca_state) {
@@ -2679,9 +2702,11 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2679 /* Otherwise enter Recovery state */ 2702 /* Otherwise enter Recovery state */
2680 2703
2681 if (tcp_is_reno(tp)) 2704 if (tcp_is_reno(tp))
2682 NET_INC_STATS_BH(LINUX_MIB_TCPRENORECOVERY); 2705 mib_idx = LINUX_MIB_TCPRENORECOVERY;
2683 else 2706 else
2684 NET_INC_STATS_BH(LINUX_MIB_TCPSACKRECOVERY); 2707 mib_idx = LINUX_MIB_TCPSACKRECOVERY;
2708
2709 NET_INC_STATS_BH(sock_net(sk), mib_idx);
2685 2710
2686 tp->high_seq = tp->snd_nxt; 2711 tp->high_seq = tp->snd_nxt;
2687 tp->prior_ssthresh = 0; 2712 tp->prior_ssthresh = 0;
@@ -2947,9 +2972,9 @@ static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets)
2947 } 2972 }
2948 2973
2949#if FASTRETRANS_DEBUG > 0 2974#if FASTRETRANS_DEBUG > 0
2950 BUG_TRAP((int)tp->sacked_out >= 0); 2975 WARN_ON((int)tp->sacked_out < 0);
2951 BUG_TRAP((int)tp->lost_out >= 0); 2976 WARN_ON((int)tp->lost_out < 0);
2952 BUG_TRAP((int)tp->retrans_out >= 0); 2977 WARN_ON((int)tp->retrans_out < 0);
2953 if (!tp->packets_out && tcp_is_sack(tp)) { 2978 if (!tp->packets_out && tcp_is_sack(tp)) {
2954 icsk = inet_csk(sk); 2979 icsk = inet_csk(sk);
2955 if (tp->lost_out) { 2980 if (tp->lost_out) {
@@ -3192,7 +3217,7 @@ static int tcp_process_frto(struct sock *sk, int flag)
3192 } 3217 }
3193 tp->frto_counter = 0; 3218 tp->frto_counter = 0;
3194 tp->undo_marker = 0; 3219 tp->undo_marker = 0;
3195 NET_INC_STATS_BH(LINUX_MIB_TCPSPURIOUSRTOS); 3220 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSPURIOUSRTOS);
3196 } 3221 }
3197 return 0; 3222 return 0;
3198} 3223}
@@ -3245,12 +3270,12 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3245 3270
3246 tcp_ca_event(sk, CA_EVENT_FAST_ACK); 3271 tcp_ca_event(sk, CA_EVENT_FAST_ACK);
3247 3272
3248 NET_INC_STATS_BH(LINUX_MIB_TCPHPACKS); 3273 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPACKS);
3249 } else { 3274 } else {
3250 if (ack_seq != TCP_SKB_CB(skb)->end_seq) 3275 if (ack_seq != TCP_SKB_CB(skb)->end_seq)
3251 flag |= FLAG_DATA; 3276 flag |= FLAG_DATA;
3252 else 3277 else
3253 NET_INC_STATS_BH(LINUX_MIB_TCPPUREACKS); 3278 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPPUREACKS);
3254 3279
3255 flag |= tcp_ack_update_window(sk, skb, ack, ack_seq); 3280 flag |= tcp_ack_update_window(sk, skb, ack, ack_seq);
3256 3281
@@ -3267,6 +3292,7 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3267 * log. Something worked... 3292 * log. Something worked...
3268 */ 3293 */
3269 sk->sk_err_soft = 0; 3294 sk->sk_err_soft = 0;
3295 icsk->icsk_probes_out = 0;
3270 tp->rcv_tstamp = tcp_time_stamp; 3296 tp->rcv_tstamp = tcp_time_stamp;
3271 prior_packets = tp->packets_out; 3297 prior_packets = tp->packets_out;
3272 if (!prior_packets) 3298 if (!prior_packets)
@@ -3299,8 +3325,6 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag)
3299 return 1; 3325 return 1;
3300 3326
3301no_queue: 3327no_queue:
3302 icsk->icsk_probes_out = 0;
3303
3304 /* If this ack opens up a zero window, clear backoff. It was 3328 /* If this ack opens up a zero window, clear backoff. It was
3305 * being used to time the probes, and is probably far higher than 3329 * being used to time the probes, and is probably far higher than
3306 * it needs to be for normal retransmission. 3330 * it needs to be for normal retransmission.
@@ -3310,8 +3334,11 @@ no_queue:
3310 return 1; 3334 return 1;
3311 3335
3312old_ack: 3336old_ack:
3313 if (TCP_SKB_CB(skb)->sacked) 3337 if (TCP_SKB_CB(skb)->sacked) {
3314 tcp_sacktag_write_queue(sk, skb, prior_snd_una); 3338 tcp_sacktag_write_queue(sk, skb, prior_snd_una);
3339 if (icsk->icsk_ca_state == TCP_CA_Open)
3340 tcp_try_keep_open(sk);
3341 }
3315 3342
3316uninteresting_ack: 3343uninteresting_ack:
3317 SOCK_DEBUG(sk, "Ack %u out of %u:%u\n", ack, tp->snd_una, tp->snd_nxt); 3344 SOCK_DEBUG(sk, "Ack %u out of %u:%u\n", ack, tp->snd_una, tp->snd_nxt);
@@ -3441,6 +3468,43 @@ static int tcp_fast_parse_options(struct sk_buff *skb, struct tcphdr *th,
3441 return 1; 3468 return 1;
3442} 3469}
3443 3470
3471#ifdef CONFIG_TCP_MD5SIG
3472/*
3473 * Parse MD5 Signature option
3474 */
3475u8 *tcp_parse_md5sig_option(struct tcphdr *th)
3476{
3477 int length = (th->doff << 2) - sizeof (*th);
3478 u8 *ptr = (u8*)(th + 1);
3479
3480 /* If the TCP option is too short, we can short cut */
3481 if (length < TCPOLEN_MD5SIG)
3482 return NULL;
3483
3484 while (length > 0) {
3485 int opcode = *ptr++;
3486 int opsize;
3487
3488 switch(opcode) {
3489 case TCPOPT_EOL:
3490 return NULL;
3491 case TCPOPT_NOP:
3492 length--;
3493 continue;
3494 default:
3495 opsize = *ptr++;
3496 if (opsize < 2 || opsize > length)
3497 return NULL;
3498 if (opcode == TCPOPT_MD5SIG)
3499 return ptr;
3500 }
3501 ptr += opsize - 2;
3502 length -= opsize;
3503 }
3504 return NULL;
3505}
3506#endif
3507
3444static inline void tcp_store_ts_recent(struct tcp_sock *tp) 3508static inline void tcp_store_ts_recent(struct tcp_sock *tp)
3445{ 3509{
3446 tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; 3510 tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
@@ -3653,26 +3717,33 @@ static inline int tcp_sack_extend(struct tcp_sack_block *sp, u32 seq,
3653 return 0; 3717 return 0;
3654} 3718}
3655 3719
3656static void tcp_dsack_set(struct tcp_sock *tp, u32 seq, u32 end_seq) 3720static void tcp_dsack_set(struct sock *sk, u32 seq, u32 end_seq)
3657{ 3721{
3722 struct tcp_sock *tp = tcp_sk(sk);
3723
3658 if (tcp_is_sack(tp) && sysctl_tcp_dsack) { 3724 if (tcp_is_sack(tp) && sysctl_tcp_dsack) {
3725 int mib_idx;
3726
3659 if (before(seq, tp->rcv_nxt)) 3727 if (before(seq, tp->rcv_nxt))
3660 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOLDSENT); 3728 mib_idx = LINUX_MIB_TCPDSACKOLDSENT;
3661 else 3729 else
3662 NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFOSENT); 3730 mib_idx = LINUX_MIB_TCPDSACKOFOSENT;
3731
3732 NET_INC_STATS_BH(sock_net(sk), mib_idx);
3663 3733
3664 tp->rx_opt.dsack = 1; 3734 tp->rx_opt.dsack = 1;
3665 tp->duplicate_sack[0].start_seq = seq; 3735 tp->duplicate_sack[0].start_seq = seq;
3666 tp->duplicate_sack[0].end_seq = end_seq; 3736 tp->duplicate_sack[0].end_seq = end_seq;
3667 tp->rx_opt.eff_sacks = min(tp->rx_opt.num_sacks + 1, 3737 tp->rx_opt.eff_sacks = tp->rx_opt.num_sacks + 1;
3668 4 - tp->rx_opt.tstamp_ok);
3669 } 3738 }
3670} 3739}
3671 3740
3672static void tcp_dsack_extend(struct tcp_sock *tp, u32 seq, u32 end_seq) 3741static void tcp_dsack_extend(struct sock *sk, u32 seq, u32 end_seq)
3673{ 3742{
3743 struct tcp_sock *tp = tcp_sk(sk);
3744
3674 if (!tp->rx_opt.dsack) 3745 if (!tp->rx_opt.dsack)
3675 tcp_dsack_set(tp, seq, end_seq); 3746 tcp_dsack_set(sk, seq, end_seq);
3676 else 3747 else
3677 tcp_sack_extend(tp->duplicate_sack, seq, end_seq); 3748 tcp_sack_extend(tp->duplicate_sack, seq, end_seq);
3678} 3749}
@@ -3683,7 +3754,7 @@ static void tcp_send_dupack(struct sock *sk, struct sk_buff *skb)
3683 3754
3684 if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && 3755 if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq &&
3685 before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) { 3756 before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) {
3686 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKLOST); 3757 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOST);
3687 tcp_enter_quickack_mode(sk); 3758 tcp_enter_quickack_mode(sk);
3688 3759
3689 if (tcp_is_sack(tp) && sysctl_tcp_dsack) { 3760 if (tcp_is_sack(tp) && sysctl_tcp_dsack) {
@@ -3691,7 +3762,7 @@ static void tcp_send_dupack(struct sock *sk, struct sk_buff *skb)
3691 3762
3692 if (after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) 3763 if (after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt))
3693 end_seq = tp->rcv_nxt; 3764 end_seq = tp->rcv_nxt;
3694 tcp_dsack_set(tp, TCP_SKB_CB(skb)->seq, end_seq); 3765 tcp_dsack_set(sk, TCP_SKB_CB(skb)->seq, end_seq);
3695 } 3766 }
3696 } 3767 }
3697 3768
@@ -3718,9 +3789,8 @@ static void tcp_sack_maybe_coalesce(struct tcp_sock *tp)
3718 * Decrease num_sacks. 3789 * Decrease num_sacks.
3719 */ 3790 */
3720 tp->rx_opt.num_sacks--; 3791 tp->rx_opt.num_sacks--;
3721 tp->rx_opt.eff_sacks = min(tp->rx_opt.num_sacks + 3792 tp->rx_opt.eff_sacks = tp->rx_opt.num_sacks +
3722 tp->rx_opt.dsack, 3793 tp->rx_opt.dsack;
3723 4 - tp->rx_opt.tstamp_ok);
3724 for (i = this_sack; i < tp->rx_opt.num_sacks; i++) 3794 for (i = this_sack; i < tp->rx_opt.num_sacks; i++)
3725 sp[i] = sp[i + 1]; 3795 sp[i] = sp[i + 1];
3726 continue; 3796 continue;
@@ -3770,7 +3840,7 @@ static void tcp_sack_new_ofo_skb(struct sock *sk, u32 seq, u32 end_seq)
3770 * 3840 *
3771 * If the sack array is full, forget about the last one. 3841 * If the sack array is full, forget about the last one.
3772 */ 3842 */
3773 if (this_sack >= 4) { 3843 if (this_sack >= TCP_NUM_SACKS) {
3774 this_sack--; 3844 this_sack--;
3775 tp->rx_opt.num_sacks--; 3845 tp->rx_opt.num_sacks--;
3776 sp--; 3846 sp--;
@@ -3783,8 +3853,7 @@ new_sack:
3783 sp->start_seq = seq; 3853 sp->start_seq = seq;
3784 sp->end_seq = end_seq; 3854 sp->end_seq = end_seq;
3785 tp->rx_opt.num_sacks++; 3855 tp->rx_opt.num_sacks++;
3786 tp->rx_opt.eff_sacks = min(tp->rx_opt.num_sacks + tp->rx_opt.dsack, 3856 tp->rx_opt.eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack;
3787 4 - tp->rx_opt.tstamp_ok);
3788} 3857}
3789 3858
3790/* RCV.NXT advances, some SACKs should be eaten. */ 3859/* RCV.NXT advances, some SACKs should be eaten. */
@@ -3808,7 +3877,7 @@ static void tcp_sack_remove(struct tcp_sock *tp)
3808 int i; 3877 int i;
3809 3878
3810 /* RCV.NXT must cover all the block! */ 3879 /* RCV.NXT must cover all the block! */
3811 BUG_TRAP(!before(tp->rcv_nxt, sp->end_seq)); 3880 WARN_ON(before(tp->rcv_nxt, sp->end_seq));
3812 3881
3813 /* Zap this SACK, by moving forward any other SACKS. */ 3882 /* Zap this SACK, by moving forward any other SACKS. */
3814 for (i=this_sack+1; i < num_sacks; i++) 3883 for (i=this_sack+1; i < num_sacks; i++)
@@ -3821,9 +3890,8 @@ static void tcp_sack_remove(struct tcp_sock *tp)
3821 } 3890 }
3822 if (num_sacks != tp->rx_opt.num_sacks) { 3891 if (num_sacks != tp->rx_opt.num_sacks) {
3823 tp->rx_opt.num_sacks = num_sacks; 3892 tp->rx_opt.num_sacks = num_sacks;
3824 tp->rx_opt.eff_sacks = min(tp->rx_opt.num_sacks + 3893 tp->rx_opt.eff_sacks = tp->rx_opt.num_sacks +
3825 tp->rx_opt.dsack, 3894 tp->rx_opt.dsack;
3826 4 - tp->rx_opt.tstamp_ok);
3827 } 3895 }
3828} 3896}
3829 3897
@@ -3844,7 +3912,7 @@ static void tcp_ofo_queue(struct sock *sk)
3844 __u32 dsack = dsack_high; 3912 __u32 dsack = dsack_high;
3845 if (before(TCP_SKB_CB(skb)->end_seq, dsack_high)) 3913 if (before(TCP_SKB_CB(skb)->end_seq, dsack_high))
3846 dsack_high = TCP_SKB_CB(skb)->end_seq; 3914 dsack_high = TCP_SKB_CB(skb)->end_seq;
3847 tcp_dsack_extend(tp, TCP_SKB_CB(skb)->seq, dsack); 3915 tcp_dsack_extend(sk, TCP_SKB_CB(skb)->seq, dsack);
3848 } 3916 }
3849 3917
3850 if (!after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) { 3918 if (!after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) {
@@ -3902,8 +3970,7 @@ static void tcp_data_queue(struct sock *sk, struct sk_buff *skb)
3902 3970
3903 if (tp->rx_opt.dsack) { 3971 if (tp->rx_opt.dsack) {
3904 tp->rx_opt.dsack = 0; 3972 tp->rx_opt.dsack = 0;
3905 tp->rx_opt.eff_sacks = min_t(unsigned int, tp->rx_opt.num_sacks, 3973 tp->rx_opt.eff_sacks = tp->rx_opt.num_sacks;
3906 4 - tp->rx_opt.tstamp_ok);
3907 } 3974 }
3908 3975
3909 /* Queue data for delivery to the user. 3976 /* Queue data for delivery to the user.
@@ -3972,8 +4039,8 @@ queue_and_out:
3972 4039
3973 if (!after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) { 4040 if (!after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) {
3974 /* A retransmit, 2nd most common case. Force an immediate ack. */ 4041 /* A retransmit, 2nd most common case. Force an immediate ack. */
3975 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKLOST); 4042 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOST);
3976 tcp_dsack_set(tp, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq); 4043 tcp_dsack_set(sk, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq);
3977 4044
3978out_of_window: 4045out_of_window:
3979 tcp_enter_quickack_mode(sk); 4046 tcp_enter_quickack_mode(sk);
@@ -3995,7 +4062,7 @@ drop:
3995 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, 4062 tp->rcv_nxt, TCP_SKB_CB(skb)->seq,
3996 TCP_SKB_CB(skb)->end_seq); 4063 TCP_SKB_CB(skb)->end_seq);
3997 4064
3998 tcp_dsack_set(tp, TCP_SKB_CB(skb)->seq, tp->rcv_nxt); 4065 tcp_dsack_set(sk, TCP_SKB_CB(skb)->seq, tp->rcv_nxt);
3999 4066
4000 /* If window is closed, drop tail of packet. But after 4067 /* If window is closed, drop tail of packet. But after
4001 * remembering D-SACK for its head made in previous line. 4068 * remembering D-SACK for its head made in previous line.
@@ -4060,12 +4127,12 @@ drop:
4060 if (!after(end_seq, TCP_SKB_CB(skb1)->end_seq)) { 4127 if (!after(end_seq, TCP_SKB_CB(skb1)->end_seq)) {
4061 /* All the bits are present. Drop. */ 4128 /* All the bits are present. Drop. */
4062 __kfree_skb(skb); 4129 __kfree_skb(skb);
4063 tcp_dsack_set(tp, seq, end_seq); 4130 tcp_dsack_set(sk, seq, end_seq);
4064 goto add_sack; 4131 goto add_sack;
4065 } 4132 }
4066 if (after(seq, TCP_SKB_CB(skb1)->seq)) { 4133 if (after(seq, TCP_SKB_CB(skb1)->seq)) {
4067 /* Partial overlap. */ 4134 /* Partial overlap. */
4068 tcp_dsack_set(tp, seq, 4135 tcp_dsack_set(sk, seq,
4069 TCP_SKB_CB(skb1)->end_seq); 4136 TCP_SKB_CB(skb1)->end_seq);
4070 } else { 4137 } else {
4071 skb1 = skb1->prev; 4138 skb1 = skb1->prev;
@@ -4078,12 +4145,12 @@ drop:
4078 (struct sk_buff *)&tp->out_of_order_queue && 4145 (struct sk_buff *)&tp->out_of_order_queue &&
4079 after(end_seq, TCP_SKB_CB(skb1)->seq)) { 4146 after(end_seq, TCP_SKB_CB(skb1)->seq)) {
4080 if (before(end_seq, TCP_SKB_CB(skb1)->end_seq)) { 4147 if (before(end_seq, TCP_SKB_CB(skb1)->end_seq)) {
4081 tcp_dsack_extend(tp, TCP_SKB_CB(skb1)->seq, 4148 tcp_dsack_extend(sk, TCP_SKB_CB(skb1)->seq,
4082 end_seq); 4149 end_seq);
4083 break; 4150 break;
4084 } 4151 }
4085 __skb_unlink(skb1, &tp->out_of_order_queue); 4152 __skb_unlink(skb1, &tp->out_of_order_queue);
4086 tcp_dsack_extend(tp, TCP_SKB_CB(skb1)->seq, 4153 tcp_dsack_extend(sk, TCP_SKB_CB(skb1)->seq,
4087 TCP_SKB_CB(skb1)->end_seq); 4154 TCP_SKB_CB(skb1)->end_seq);
4088 __kfree_skb(skb1); 4155 __kfree_skb(skb1);
4089 } 4156 }
@@ -4114,7 +4181,7 @@ tcp_collapse(struct sock *sk, struct sk_buff_head *list,
4114 struct sk_buff *next = skb->next; 4181 struct sk_buff *next = skb->next;
4115 __skb_unlink(skb, list); 4182 __skb_unlink(skb, list);
4116 __kfree_skb(skb); 4183 __kfree_skb(skb);
4117 NET_INC_STATS_BH(LINUX_MIB_TCPRCVCOLLAPSED); 4184 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPRCVCOLLAPSED);
4118 skb = next; 4185 skb = next;
4119 continue; 4186 continue;
4120 } 4187 }
@@ -4182,7 +4249,7 @@ tcp_collapse(struct sock *sk, struct sk_buff_head *list,
4182 struct sk_buff *next = skb->next; 4249 struct sk_buff *next = skb->next;
4183 __skb_unlink(skb, list); 4250 __skb_unlink(skb, list);
4184 __kfree_skb(skb); 4251 __kfree_skb(skb);
4185 NET_INC_STATS_BH(LINUX_MIB_TCPRCVCOLLAPSED); 4252 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPRCVCOLLAPSED);
4186 skb = next; 4253 skb = next;
4187 if (skb == tail || 4254 if (skb == tail ||
4188 tcp_hdr(skb)->syn || 4255 tcp_hdr(skb)->syn ||
@@ -4245,7 +4312,7 @@ static int tcp_prune_ofo_queue(struct sock *sk)
4245 int res = 0; 4312 int res = 0;
4246 4313
4247 if (!skb_queue_empty(&tp->out_of_order_queue)) { 4314 if (!skb_queue_empty(&tp->out_of_order_queue)) {
4248 NET_INC_STATS_BH(LINUX_MIB_OFOPRUNED); 4315 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_OFOPRUNED);
4249 __skb_queue_purge(&tp->out_of_order_queue); 4316 __skb_queue_purge(&tp->out_of_order_queue);
4250 4317
4251 /* Reset SACK state. A conforming SACK implementation will 4318 /* Reset SACK state. A conforming SACK implementation will
@@ -4274,7 +4341,7 @@ static int tcp_prune_queue(struct sock *sk)
4274 4341
4275 SOCK_DEBUG(sk, "prune_queue: c=%x\n", tp->copied_seq); 4342 SOCK_DEBUG(sk, "prune_queue: c=%x\n", tp->copied_seq);
4276 4343
4277 NET_INC_STATS_BH(LINUX_MIB_PRUNECALLED); 4344 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PRUNECALLED);
4278 4345
4279 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 4346 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
4280 tcp_clamp_window(sk); 4347 tcp_clamp_window(sk);
@@ -4303,7 +4370,7 @@ static int tcp_prune_queue(struct sock *sk)
4303 * drop receive data on the floor. It will get retransmitted 4370 * drop receive data on the floor. It will get retransmitted
4304 * and hopefully then we'll have sufficient space. 4371 * and hopefully then we'll have sufficient space.
4305 */ 4372 */
4306 NET_INC_STATS_BH(LINUX_MIB_RCVPRUNED); 4373 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_RCVPRUNED);
4307 4374
4308 /* Massive buffer overcommit. */ 4375 /* Massive buffer overcommit. */
4309 tp->pred_flags = 0; 4376 tp->pred_flags = 0;
@@ -4532,49 +4599,6 @@ static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th)
4532 } 4599 }
4533} 4600}
4534 4601
4535static int tcp_defer_accept_check(struct sock *sk)
4536{
4537 struct tcp_sock *tp = tcp_sk(sk);
4538
4539 if (tp->defer_tcp_accept.request) {
4540 int queued_data = tp->rcv_nxt - tp->copied_seq;
4541 int hasfin = !skb_queue_empty(&sk->sk_receive_queue) ?
4542 tcp_hdr((struct sk_buff *)
4543 sk->sk_receive_queue.prev)->fin : 0;
4544
4545 if (queued_data && hasfin)
4546 queued_data--;
4547
4548 if (queued_data &&
4549 tp->defer_tcp_accept.listen_sk->sk_state == TCP_LISTEN) {
4550 if (sock_flag(sk, SOCK_KEEPOPEN)) {
4551 inet_csk_reset_keepalive_timer(sk,
4552 keepalive_time_when(tp));
4553 } else {
4554 inet_csk_delete_keepalive_timer(sk);
4555 }
4556
4557 inet_csk_reqsk_queue_add(
4558 tp->defer_tcp_accept.listen_sk,
4559 tp->defer_tcp_accept.request,
4560 sk);
4561
4562 tp->defer_tcp_accept.listen_sk->sk_data_ready(
4563 tp->defer_tcp_accept.listen_sk, 0);
4564
4565 sock_put(tp->defer_tcp_accept.listen_sk);
4566 sock_put(sk);
4567 tp->defer_tcp_accept.listen_sk = NULL;
4568 tp->defer_tcp_accept.request = NULL;
4569 } else if (hasfin ||
4570 tp->defer_tcp_accept.listen_sk->sk_state != TCP_LISTEN) {
4571 tcp_reset(sk);
4572 return -1;
4573 }
4574 }
4575 return 0;
4576}
4577
4578static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen) 4602static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen)
4579{ 4603{
4580 struct tcp_sock *tp = tcp_sk(sk); 4604 struct tcp_sock *tp = tcp_sk(sk);
@@ -4776,7 +4800,7 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
4776 tcp_data_snd_check(sk); 4800 tcp_data_snd_check(sk);
4777 return 0; 4801 return 0;
4778 } else { /* Header too small */ 4802 } else { /* Header too small */
4779 TCP_INC_STATS_BH(TCP_MIB_INERRS); 4803 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
4780 goto discard; 4804 goto discard;
4781 } 4805 }
4782 } else { 4806 } else {
@@ -4813,7 +4837,7 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
4813 4837
4814 __skb_pull(skb, tcp_header_len); 4838 __skb_pull(skb, tcp_header_len);
4815 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq; 4839 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
4816 NET_INC_STATS_BH(LINUX_MIB_TCPHPHITSTOUSER); 4840 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPHITSTOUSER);
4817 } 4841 }
4818 if (copied_early) 4842 if (copied_early)
4819 tcp_cleanup_rbuf(sk, skb->len); 4843 tcp_cleanup_rbuf(sk, skb->len);
@@ -4836,7 +4860,7 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
4836 if ((int)skb->truesize > sk->sk_forward_alloc) 4860 if ((int)skb->truesize > sk->sk_forward_alloc)
4837 goto step5; 4861 goto step5;
4838 4862
4839 NET_INC_STATS_BH(LINUX_MIB_TCPHPHITS); 4863 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPHITS);
4840 4864
4841 /* Bulk data transfer: receiver */ 4865 /* Bulk data transfer: receiver */
4842 __skb_pull(skb, tcp_header_len); 4866 __skb_pull(skb, tcp_header_len);
@@ -4880,7 +4904,7 @@ slow_path:
4880 if (tcp_fast_parse_options(skb, th, tp) && tp->rx_opt.saw_tstamp && 4904 if (tcp_fast_parse_options(skb, th, tp) && tp->rx_opt.saw_tstamp &&
4881 tcp_paws_discard(sk, skb)) { 4905 tcp_paws_discard(sk, skb)) {
4882 if (!th->rst) { 4906 if (!th->rst) {
4883 NET_INC_STATS_BH(LINUX_MIB_PAWSESTABREJECTED); 4907 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED);
4884 tcp_send_dupack(sk, skb); 4908 tcp_send_dupack(sk, skb);
4885 goto discard; 4909 goto discard;
4886 } 4910 }
@@ -4915,8 +4939,8 @@ slow_path:
4915 tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); 4939 tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
4916 4940
4917 if (th->syn && !before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) { 4941 if (th->syn && !before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) {
4918 TCP_INC_STATS_BH(TCP_MIB_INERRS); 4942 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
4919 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONSYN); 4943 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONSYN);
4920 tcp_reset(sk); 4944 tcp_reset(sk);
4921 return 1; 4945 return 1;
4922 } 4946 }
@@ -4935,12 +4959,10 @@ step5:
4935 4959
4936 tcp_data_snd_check(sk); 4960 tcp_data_snd_check(sk);
4937 tcp_ack_snd_check(sk); 4961 tcp_ack_snd_check(sk);
4938
4939 tcp_defer_accept_check(sk);
4940 return 0; 4962 return 0;
4941 4963
4942csum_error: 4964csum_error:
4943 TCP_INC_STATS_BH(TCP_MIB_INERRS); 4965 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
4944 4966
4945discard: 4967discard:
4946 __kfree_skb(skb); 4968 __kfree_skb(skb);
@@ -4974,7 +4996,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
4974 if (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr && 4996 if (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr &&
4975 !between(tp->rx_opt.rcv_tsecr, tp->retrans_stamp, 4997 !between(tp->rx_opt.rcv_tsecr, tp->retrans_stamp,
4976 tcp_time_stamp)) { 4998 tcp_time_stamp)) {
4977 NET_INC_STATS_BH(LINUX_MIB_PAWSACTIVEREJECTED); 4999 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED);
4978 goto reset_and_undo; 5000 goto reset_and_undo;
4979 } 5001 }
4980 5002
@@ -5258,7 +5280,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5258 if (tcp_fast_parse_options(skb, th, tp) && tp->rx_opt.saw_tstamp && 5280 if (tcp_fast_parse_options(skb, th, tp) && tp->rx_opt.saw_tstamp &&
5259 tcp_paws_discard(sk, skb)) { 5281 tcp_paws_discard(sk, skb)) {
5260 if (!th->rst) { 5282 if (!th->rst) {
5261 NET_INC_STATS_BH(LINUX_MIB_PAWSESTABREJECTED); 5283 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED);
5262 tcp_send_dupack(sk, skb); 5284 tcp_send_dupack(sk, skb);
5263 goto discard; 5285 goto discard;
5264 } 5286 }
@@ -5287,7 +5309,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5287 * Check for a SYN in window. 5309 * Check for a SYN in window.
5288 */ 5310 */
5289 if (th->syn && !before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) { 5311 if (th->syn && !before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) {
5290 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONSYN); 5312 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONSYN);
5291 tcp_reset(sk); 5313 tcp_reset(sk);
5292 return 1; 5314 return 1;
5293 } 5315 }
@@ -5369,7 +5391,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5369 (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && 5391 (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq &&
5370 after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt))) { 5392 after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt))) {
5371 tcp_done(sk); 5393 tcp_done(sk);
5372 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONDATA); 5394 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONDATA);
5373 return 1; 5395 return 1;
5374 } 5396 }
5375 5397
@@ -5429,7 +5451,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
5429 if (sk->sk_shutdown & RCV_SHUTDOWN) { 5451 if (sk->sk_shutdown & RCV_SHUTDOWN) {
5430 if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && 5452 if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq &&
5431 after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { 5453 after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) {
5432 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONDATA); 5454 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONDATA);
5433 tcp_reset(sk); 5455 tcp_reset(sk);
5434 return 1; 5456 return 1;
5435 } 5457 }
@@ -5458,6 +5480,9 @@ EXPORT_SYMBOL(sysctl_tcp_ecn);
5458EXPORT_SYMBOL(sysctl_tcp_reordering); 5480EXPORT_SYMBOL(sysctl_tcp_reordering);
5459EXPORT_SYMBOL(sysctl_tcp_adv_win_scale); 5481EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
5460EXPORT_SYMBOL(tcp_parse_options); 5482EXPORT_SYMBOL(tcp_parse_options);
5483#ifdef CONFIG_TCP_MD5SIG
5484EXPORT_SYMBOL(tcp_parse_md5sig_option);
5485#endif
5461EXPORT_SYMBOL(tcp_rcv_established); 5486EXPORT_SYMBOL(tcp_rcv_established);
5462EXPORT_SYMBOL(tcp_rcv_state_process); 5487EXPORT_SYMBOL(tcp_rcv_state_process);
5463EXPORT_SYMBOL(tcp_initialize_rcv_mss); 5488EXPORT_SYMBOL(tcp_initialize_rcv_mss);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index cd601a866c2f..44c1e934824b 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * Implementation of the Transmission Control Protocol(TCP). 6 * Implementation of the Transmission Control Protocol(TCP).
7 * 7 *
8 * Version: $Id: tcp_ipv4.c,v 1.240 2002/02/01 22:01:04 davem Exp $
9 *
10 * IPv4 specific functions 8 * IPv4 specific functions
11 * 9 *
12 * 10 *
@@ -85,18 +83,18 @@
85int sysctl_tcp_tw_reuse __read_mostly; 83int sysctl_tcp_tw_reuse __read_mostly;
86int sysctl_tcp_low_latency __read_mostly; 84int sysctl_tcp_low_latency __read_mostly;
87 85
88/* Check TCP sequence numbers in ICMP packets. */
89#define ICMP_MIN_LENGTH 8
90
91void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb);
92 86
93#ifdef CONFIG_TCP_MD5SIG 87#ifdef CONFIG_TCP_MD5SIG
94static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, 88static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
95 __be32 addr); 89 __be32 addr);
96static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 90static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
97 __be32 saddr, __be32 daddr, 91 __be32 daddr, __be32 saddr, struct tcphdr *th);
98 struct tcphdr *th, int protocol, 92#else
99 unsigned int tcplen); 93static inline
94struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
95{
96 return NULL;
97}
100#endif 98#endif
101 99
102struct inet_hashinfo __cacheline_aligned tcp_hashinfo = { 100struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
@@ -176,7 +174,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
176 inet->sport, usin->sin_port, sk, 1); 174 inet->sport, usin->sin_port, sk, 1);
177 if (tmp < 0) { 175 if (tmp < 0) {
178 if (tmp == -ENETUNREACH) 176 if (tmp == -ENETUNREACH)
179 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 177 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
180 return tmp; 178 return tmp;
181 } 179 }
182 180
@@ -344,16 +342,17 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
344 struct sock *sk; 342 struct sock *sk;
345 __u32 seq; 343 __u32 seq;
346 int err; 344 int err;
345 struct net *net = dev_net(skb->dev);
347 346
348 if (skb->len < (iph->ihl << 2) + 8) { 347 if (skb->len < (iph->ihl << 2) + 8) {
349 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 348 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
350 return; 349 return;
351 } 350 }
352 351
353 sk = inet_lookup(dev_net(skb->dev), &tcp_hashinfo, iph->daddr, th->dest, 352 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
354 iph->saddr, th->source, inet_iif(skb)); 353 iph->saddr, th->source, inet_iif(skb));
355 if (!sk) { 354 if (!sk) {
356 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 355 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
357 return; 356 return;
358 } 357 }
359 if (sk->sk_state == TCP_TIME_WAIT) { 358 if (sk->sk_state == TCP_TIME_WAIT) {
@@ -366,7 +365,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
366 * servers this needs to be solved differently. 365 * servers this needs to be solved differently.
367 */ 366 */
368 if (sock_owned_by_user(sk)) 367 if (sock_owned_by_user(sk))
369 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 368 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
370 369
371 if (sk->sk_state == TCP_CLOSE) 370 if (sk->sk_state == TCP_CLOSE)
372 goto out; 371 goto out;
@@ -375,7 +374,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
375 seq = ntohl(th->seq); 374 seq = ntohl(th->seq);
376 if (sk->sk_state != TCP_LISTEN && 375 if (sk->sk_state != TCP_LISTEN &&
377 !between(seq, tp->snd_una, tp->snd_nxt)) { 376 !between(seq, tp->snd_una, tp->snd_nxt)) {
378 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 377 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
379 goto out; 378 goto out;
380 } 379 }
381 380
@@ -419,10 +418,10 @@ void tcp_v4_err(struct sk_buff *skb, u32 info)
419 /* ICMPs are not backlogged, hence we cannot get 418 /* ICMPs are not backlogged, hence we cannot get
420 an established socket here. 419 an established socket here.
421 */ 420 */
422 BUG_TRAP(!req->sk); 421 WARN_ON(req->sk);
423 422
424 if (seq != tcp_rsk(req)->snt_isn) { 423 if (seq != tcp_rsk(req)->snt_isn) {
425 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 424 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
426 goto out; 425 goto out;
427 } 426 }
428 427
@@ -544,6 +543,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
544#ifdef CONFIG_TCP_MD5SIG 543#ifdef CONFIG_TCP_MD5SIG
545 struct tcp_md5sig_key *key; 544 struct tcp_md5sig_key *key;
546#endif 545#endif
546 struct net *net;
547 547
548 /* Never send a reset in response to a reset. */ 548 /* Never send a reset in response to a reset. */
549 if (th->rst) 549 if (th->rst)
@@ -582,12 +582,9 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
582 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED; 582 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
583 rep.th.doff = arg.iov[0].iov_len / 4; 583 rep.th.doff = arg.iov[0].iov_len / 4;
584 584
585 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[1], 585 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
586 key, 586 key, ip_hdr(skb)->daddr,
587 ip_hdr(skb)->daddr, 587 ip_hdr(skb)->saddr, &rep.th);
588 ip_hdr(skb)->saddr,
589 &rep.th, IPPROTO_TCP,
590 arg.iov[0].iov_len);
591 } 588 }
592#endif 589#endif
593 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, 590 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
@@ -595,20 +592,21 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
595 sizeof(struct tcphdr), IPPROTO_TCP, 0); 592 sizeof(struct tcphdr), IPPROTO_TCP, 0);
596 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 593 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
597 594
598 ip_send_reply(dev_net(skb->dst->dev)->ipv4.tcp_sock, skb, 595 net = dev_net(skb->dst->dev);
596 ip_send_reply(net->ipv4.tcp_sock, skb,
599 &arg, arg.iov[0].iov_len); 597 &arg, arg.iov[0].iov_len);
600 598
601 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 599 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
602 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS); 600 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
603} 601}
604 602
605/* The code following below sending ACKs in SYN-RECV and TIME-WAIT states 603/* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
606 outside socket context is ugly, certainly. What can I do? 604 outside socket context is ugly, certainly. What can I do?
607 */ 605 */
608 606
609static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk, 607static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
610 struct sk_buff *skb, u32 seq, u32 ack, 608 u32 win, u32 ts, int oif,
611 u32 win, u32 ts) 609 struct tcp_md5sig_key *key)
612{ 610{
613 struct tcphdr *th = tcp_hdr(skb); 611 struct tcphdr *th = tcp_hdr(skb);
614 struct { 612 struct {
@@ -620,10 +618,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
620 ]; 618 ];
621 } rep; 619 } rep;
622 struct ip_reply_arg arg; 620 struct ip_reply_arg arg;
623#ifdef CONFIG_TCP_MD5SIG 621 struct net *net = dev_net(skb->dev);
624 struct tcp_md5sig_key *key;
625 struct tcp_md5sig_key tw_key;
626#endif
627 622
628 memset(&rep.th, 0, sizeof(struct tcphdr)); 623 memset(&rep.th, 0, sizeof(struct tcphdr));
629 memset(&arg, 0, sizeof(arg)); 624 memset(&arg, 0, sizeof(arg));
@@ -649,23 +644,6 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
649 rep.th.window = htons(win); 644 rep.th.window = htons(win);
650 645
651#ifdef CONFIG_TCP_MD5SIG 646#ifdef CONFIG_TCP_MD5SIG
652 /*
653 * The SKB holds an imcoming packet, but may not have a valid ->sk
654 * pointer. This is especially the case when we're dealing with a
655 * TIME_WAIT ack, because the sk structure is long gone, and only
656 * the tcp_timewait_sock remains. So the md5 key is stashed in that
657 * structure, and we use it in preference. I believe that (twsk ||
658 * skb->sk) holds true, but we program defensively.
659 */
660 if (!twsk && skb->sk) {
661 key = tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr);
662 } else if (twsk && twsk->tw_md5_keylen) {
663 tw_key.key = twsk->tw_md5_key;
664 tw_key.keylen = twsk->tw_md5_keylen;
665 key = &tw_key;
666 } else
667 key = NULL;
668
669 if (key) { 647 if (key) {
670 int offset = (ts) ? 3 : 0; 648 int offset = (ts) ? 3 : 0;
671 649
@@ -676,25 +654,22 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
676 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED; 654 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
677 rep.th.doff = arg.iov[0].iov_len/4; 655 rep.th.doff = arg.iov[0].iov_len/4;
678 656
679 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[offset], 657 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
680 key, 658 key, ip_hdr(skb)->saddr,
681 ip_hdr(skb)->daddr, 659 ip_hdr(skb)->daddr, &rep.th);
682 ip_hdr(skb)->saddr,
683 &rep.th, IPPROTO_TCP,
684 arg.iov[0].iov_len);
685 } 660 }
686#endif 661#endif
687 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, 662 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
688 ip_hdr(skb)->saddr, /* XXX */ 663 ip_hdr(skb)->saddr, /* XXX */
689 arg.iov[0].iov_len, IPPROTO_TCP, 0); 664 arg.iov[0].iov_len, IPPROTO_TCP, 0);
690 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 665 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
691 if (twsk) 666 if (oif)
692 arg.bound_dev_if = twsk->tw_sk.tw_bound_dev_if; 667 arg.bound_dev_if = oif;
693 668
694 ip_send_reply(dev_net(skb->dev)->ipv4.tcp_sock, skb, 669 ip_send_reply(net->ipv4.tcp_sock, skb,
695 &arg, arg.iov[0].iov_len); 670 &arg, arg.iov[0].iov_len);
696 671
697 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 672 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
698} 673}
699 674
700static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb) 675static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
@@ -702,19 +677,24 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
702 struct inet_timewait_sock *tw = inet_twsk(sk); 677 struct inet_timewait_sock *tw = inet_twsk(sk);
703 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 678 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
704 679
705 tcp_v4_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 680 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
706 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 681 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
707 tcptw->tw_ts_recent); 682 tcptw->tw_ts_recent,
683 tw->tw_bound_dev_if,
684 tcp_twsk_md5_key(tcptw)
685 );
708 686
709 inet_twsk_put(tw); 687 inet_twsk_put(tw);
710} 688}
711 689
712static void tcp_v4_reqsk_send_ack(struct sk_buff *skb, 690static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
713 struct request_sock *req) 691 struct request_sock *req)
714{ 692{
715 tcp_v4_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, 693 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1,
716 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, 694 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
717 req->ts_recent); 695 req->ts_recent,
696 0,
697 tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr));
718} 698}
719 699
720/* 700/*
@@ -1004,32 +984,13 @@ static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1004 newkey, cmd.tcpm_keylen); 984 newkey, cmd.tcpm_keylen);
1005} 985}
1006 986
1007static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 987static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1008 __be32 saddr, __be32 daddr, 988 __be32 daddr, __be32 saddr, int nbytes)
1009 struct tcphdr *th, int protocol,
1010 unsigned int tcplen)
1011{ 989{
1012 struct scatterlist sg[4];
1013 __u16 data_len;
1014 int block = 0;
1015 __sum16 old_checksum;
1016 struct tcp_md5sig_pool *hp;
1017 struct tcp4_pseudohdr *bp; 990 struct tcp4_pseudohdr *bp;
1018 struct hash_desc *desc; 991 struct scatterlist sg;
1019 int err;
1020 unsigned int nbytes = 0;
1021
1022 /*
1023 * Okay, so RFC2385 is turned on for this connection,
1024 * so we need to generate the MD5 hash for the packet now.
1025 */
1026
1027 hp = tcp_get_md5sig_pool();
1028 if (!hp)
1029 goto clear_hash_noput;
1030 992
1031 bp = &hp->md5_blk.ip4; 993 bp = &hp->md5_blk.ip4;
1032 desc = &hp->md5_desc;
1033 994
1034 /* 995 /*
1035 * 1. the TCP pseudo-header (in the order: source IP address, 996 * 1. the TCP pseudo-header (in the order: source IP address,
@@ -1039,86 +1000,96 @@ static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
1039 bp->saddr = saddr; 1000 bp->saddr = saddr;
1040 bp->daddr = daddr; 1001 bp->daddr = daddr;
1041 bp->pad = 0; 1002 bp->pad = 0;
1042 bp->protocol = protocol; 1003 bp->protocol = IPPROTO_TCP;
1043 bp->len = htons(tcplen); 1004 bp->len = cpu_to_be16(nbytes);
1044
1045 sg_init_table(sg, 4);
1046 1005
1047 sg_set_buf(&sg[block++], bp, sizeof(*bp)); 1006 sg_init_one(&sg, bp, sizeof(*bp));
1048 nbytes += sizeof(*bp); 1007 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1049 1008}
1050 /* 2. the TCP header, excluding options, and assuming a
1051 * checksum of zero/
1052 */
1053 old_checksum = th->check;
1054 th->check = 0;
1055 sg_set_buf(&sg[block++], th, sizeof(struct tcphdr));
1056 nbytes += sizeof(struct tcphdr);
1057
1058 /* 3. the TCP segment data (if any) */
1059 data_len = tcplen - (th->doff << 2);
1060 if (data_len > 0) {
1061 unsigned char *data = (unsigned char *)th + (th->doff << 2);
1062 sg_set_buf(&sg[block++], data, data_len);
1063 nbytes += data_len;
1064 }
1065 1009
1066 /* 4. an independently-specified key or password, known to both 1010static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
1067 * TCPs and presumably connection-specific 1011 __be32 daddr, __be32 saddr, struct tcphdr *th)
1068 */ 1012{
1069 sg_set_buf(&sg[block++], key->key, key->keylen); 1013 struct tcp_md5sig_pool *hp;
1070 nbytes += key->keylen; 1014 struct hash_desc *desc;
1071 1015
1072 sg_mark_end(&sg[block - 1]); 1016 hp = tcp_get_md5sig_pool();
1017 if (!hp)
1018 goto clear_hash_noput;
1019 desc = &hp->md5_desc;
1073 1020
1074 /* Now store the Hash into the packet */ 1021 if (crypto_hash_init(desc))
1075 err = crypto_hash_init(desc);
1076 if (err)
1077 goto clear_hash; 1022 goto clear_hash;
1078 err = crypto_hash_update(desc, sg, nbytes); 1023 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1079 if (err)
1080 goto clear_hash; 1024 goto clear_hash;
1081 err = crypto_hash_final(desc, md5_hash); 1025 if (tcp_md5_hash_header(hp, th))
1082 if (err) 1026 goto clear_hash;
1027 if (tcp_md5_hash_key(hp, key))
1028 goto clear_hash;
1029 if (crypto_hash_final(desc, md5_hash))
1083 goto clear_hash; 1030 goto clear_hash;
1084 1031
1085 /* Reset header, and free up the crypto */
1086 tcp_put_md5sig_pool(); 1032 tcp_put_md5sig_pool();
1087 th->check = old_checksum;
1088
1089out:
1090 return 0; 1033 return 0;
1034
1091clear_hash: 1035clear_hash:
1092 tcp_put_md5sig_pool(); 1036 tcp_put_md5sig_pool();
1093clear_hash_noput: 1037clear_hash_noput:
1094 memset(md5_hash, 0, 16); 1038 memset(md5_hash, 0, 16);
1095 goto out; 1039 return 1;
1096} 1040}
1097 1041
1098int tcp_v4_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 1042int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1099 struct sock *sk, 1043 struct sock *sk, struct request_sock *req,
1100 struct dst_entry *dst, 1044 struct sk_buff *skb)
1101 struct request_sock *req,
1102 struct tcphdr *th, int protocol,
1103 unsigned int tcplen)
1104{ 1045{
1046 struct tcp_md5sig_pool *hp;
1047 struct hash_desc *desc;
1048 struct tcphdr *th = tcp_hdr(skb);
1105 __be32 saddr, daddr; 1049 __be32 saddr, daddr;
1106 1050
1107 if (sk) { 1051 if (sk) {
1108 saddr = inet_sk(sk)->saddr; 1052 saddr = inet_sk(sk)->saddr;
1109 daddr = inet_sk(sk)->daddr; 1053 daddr = inet_sk(sk)->daddr;
1054 } else if (req) {
1055 saddr = inet_rsk(req)->loc_addr;
1056 daddr = inet_rsk(req)->rmt_addr;
1110 } else { 1057 } else {
1111 struct rtable *rt = (struct rtable *)dst; 1058 const struct iphdr *iph = ip_hdr(skb);
1112 BUG_ON(!rt); 1059 saddr = iph->saddr;
1113 saddr = rt->rt_src; 1060 daddr = iph->daddr;
1114 daddr = rt->rt_dst;
1115 } 1061 }
1116 return tcp_v4_do_calc_md5_hash(md5_hash, key, 1062
1117 saddr, daddr, 1063 hp = tcp_get_md5sig_pool();
1118 th, protocol, tcplen); 1064 if (!hp)
1065 goto clear_hash_noput;
1066 desc = &hp->md5_desc;
1067
1068 if (crypto_hash_init(desc))
1069 goto clear_hash;
1070
1071 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1072 goto clear_hash;
1073 if (tcp_md5_hash_header(hp, th))
1074 goto clear_hash;
1075 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1076 goto clear_hash;
1077 if (tcp_md5_hash_key(hp, key))
1078 goto clear_hash;
1079 if (crypto_hash_final(desc, md5_hash))
1080 goto clear_hash;
1081
1082 tcp_put_md5sig_pool();
1083 return 0;
1084
1085clear_hash:
1086 tcp_put_md5sig_pool();
1087clear_hash_noput:
1088 memset(md5_hash, 0, 16);
1089 return 1;
1119} 1090}
1120 1091
1121EXPORT_SYMBOL(tcp_v4_calc_md5_hash); 1092EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1122 1093
1123static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb) 1094static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1124{ 1095{
@@ -1134,80 +1105,32 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1134 struct tcp_md5sig_key *hash_expected; 1105 struct tcp_md5sig_key *hash_expected;
1135 const struct iphdr *iph = ip_hdr(skb); 1106 const struct iphdr *iph = ip_hdr(skb);
1136 struct tcphdr *th = tcp_hdr(skb); 1107 struct tcphdr *th = tcp_hdr(skb);
1137 int length = (th->doff << 2) - sizeof(struct tcphdr);
1138 int genhash; 1108 int genhash;
1139 unsigned char *ptr;
1140 unsigned char newhash[16]; 1109 unsigned char newhash[16];
1141 1110
1142 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr); 1111 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1112 hash_location = tcp_parse_md5sig_option(th);
1143 1113
1144 /*
1145 * If the TCP option length is less than the TCP_MD5SIG
1146 * option length, then we can shortcut
1147 */
1148 if (length < TCPOLEN_MD5SIG) {
1149 if (hash_expected)
1150 return 1;
1151 else
1152 return 0;
1153 }
1154
1155 /* Okay, we can't shortcut - we have to grub through the options */
1156 ptr = (unsigned char *)(th + 1);
1157 while (length > 0) {
1158 int opcode = *ptr++;
1159 int opsize;
1160
1161 switch (opcode) {
1162 case TCPOPT_EOL:
1163 goto done_opts;
1164 case TCPOPT_NOP:
1165 length--;
1166 continue;
1167 default:
1168 opsize = *ptr++;
1169 if (opsize < 2)
1170 goto done_opts;
1171 if (opsize > length)
1172 goto done_opts;
1173
1174 if (opcode == TCPOPT_MD5SIG) {
1175 hash_location = ptr;
1176 goto done_opts;
1177 }
1178 }
1179 ptr += opsize-2;
1180 length -= opsize;
1181 }
1182done_opts:
1183 /* We've parsed the options - do we have a hash? */ 1114 /* We've parsed the options - do we have a hash? */
1184 if (!hash_expected && !hash_location) 1115 if (!hash_expected && !hash_location)
1185 return 0; 1116 return 0;
1186 1117
1187 if (hash_expected && !hash_location) { 1118 if (hash_expected && !hash_location) {
1188 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found " 1119 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1189 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1190 NIPQUAD(iph->saddr), ntohs(th->source),
1191 NIPQUAD(iph->daddr), ntohs(th->dest));
1192 return 1; 1120 return 1;
1193 } 1121 }
1194 1122
1195 if (!hash_expected && hash_location) { 1123 if (!hash_expected && hash_location) {
1196 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found " 1124 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1197 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1198 NIPQUAD(iph->saddr), ntohs(th->source),
1199 NIPQUAD(iph->daddr), ntohs(th->dest));
1200 return 1; 1125 return 1;
1201 } 1126 }
1202 1127
1203 /* Okay, so this is hash_expected and hash_location - 1128 /* Okay, so this is hash_expected and hash_location -
1204 * so we need to calculate the checksum. 1129 * so we need to calculate the checksum.
1205 */ 1130 */
1206 genhash = tcp_v4_do_calc_md5_hash(newhash, 1131 genhash = tcp_v4_md5_hash_skb(newhash,
1207 hash_expected, 1132 hash_expected,
1208 iph->saddr, iph->daddr, 1133 NULL, NULL, skb);
1209 th, sk->sk_protocol,
1210 skb->len);
1211 1134
1212 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 1135 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1213 if (net_ratelimit()) { 1136 if (net_ratelimit()) {
@@ -1285,7 +1208,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1285 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1208 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1286 goto drop; 1209 goto drop;
1287 1210
1288 req = reqsk_alloc(&tcp_request_sock_ops); 1211 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1289 if (!req) 1212 if (!req)
1290 goto drop; 1213 goto drop;
1291 1214
@@ -1351,7 +1274,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1351 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL && 1274 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL &&
1352 (s32)(peer->tcp_ts - req->ts_recent) > 1275 (s32)(peer->tcp_ts - req->ts_recent) >
1353 TCP_PAWS_WINDOW) { 1276 TCP_PAWS_WINDOW) {
1354 NET_INC_STATS_BH(LINUX_MIB_PAWSPASSIVEREJECTED); 1277 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1355 goto drop_and_release; 1278 goto drop_and_release;
1356 } 1279 }
1357 } 1280 }
@@ -1456,6 +1379,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1456 if (newkey != NULL) 1379 if (newkey != NULL)
1457 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr, 1380 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr,
1458 newkey, key->keylen); 1381 newkey, key->keylen);
1382 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1459 } 1383 }
1460#endif 1384#endif
1461 1385
@@ -1465,9 +1389,9 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1465 return newsk; 1389 return newsk;
1466 1390
1467exit_overflow: 1391exit_overflow:
1468 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 1392 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1469exit: 1393exit:
1470 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 1394 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1471 dst_release(dst); 1395 dst_release(dst);
1472 return NULL; 1396 return NULL;
1473} 1397}
@@ -1594,7 +1518,7 @@ discard:
1594 return 0; 1518 return 0;
1595 1519
1596csum_err: 1520csum_err:
1597 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1521 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1598 goto discard; 1522 goto discard;
1599} 1523}
1600 1524
@@ -1608,12 +1532,13 @@ int tcp_v4_rcv(struct sk_buff *skb)
1608 struct tcphdr *th; 1532 struct tcphdr *th;
1609 struct sock *sk; 1533 struct sock *sk;
1610 int ret; 1534 int ret;
1535 struct net *net = dev_net(skb->dev);
1611 1536
1612 if (skb->pkt_type != PACKET_HOST) 1537 if (skb->pkt_type != PACKET_HOST)
1613 goto discard_it; 1538 goto discard_it;
1614 1539
1615 /* Count it even if it's bad */ 1540 /* Count it even if it's bad */
1616 TCP_INC_STATS_BH(TCP_MIB_INSEGS); 1541 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1617 1542
1618 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1543 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1619 goto discard_it; 1544 goto discard_it;
@@ -1642,7 +1567,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
1642 TCP_SKB_CB(skb)->flags = iph->tos; 1567 TCP_SKB_CB(skb)->flags = iph->tos;
1643 TCP_SKB_CB(skb)->sacked = 0; 1568 TCP_SKB_CB(skb)->sacked = 0;
1644 1569
1645 sk = __inet_lookup(dev_net(skb->dev), &tcp_hashinfo, iph->saddr, 1570 sk = __inet_lookup(net, &tcp_hashinfo, iph->saddr,
1646 th->source, iph->daddr, th->dest, inet_iif(skb)); 1571 th->source, iph->daddr, th->dest, inet_iif(skb));
1647 if (!sk) 1572 if (!sk)
1648 goto no_tcp_socket; 1573 goto no_tcp_socket;
@@ -1689,7 +1614,7 @@ no_tcp_socket:
1689 1614
1690 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) { 1615 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1691bad_packet: 1616bad_packet:
1692 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1617 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1693 } else { 1618 } else {
1694 tcp_v4_send_reset(NULL, skb); 1619 tcp_v4_send_reset(NULL, skb);
1695 } 1620 }
@@ -1710,7 +1635,7 @@ do_time_wait:
1710 } 1635 }
1711 1636
1712 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) { 1637 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1713 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1638 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1714 inet_twsk_put(inet_twsk(sk)); 1639 inet_twsk_put(inet_twsk(sk));
1715 goto discard_it; 1640 goto discard_it;
1716 } 1641 }
@@ -1818,7 +1743,7 @@ struct inet_connection_sock_af_ops ipv4_specific = {
1818#ifdef CONFIG_TCP_MD5SIG 1743#ifdef CONFIG_TCP_MD5SIG
1819static struct tcp_sock_af_ops tcp_sock_ipv4_specific = { 1744static struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1820 .md5_lookup = tcp_v4_md5_lookup, 1745 .md5_lookup = tcp_v4_md5_lookup,
1821 .calc_md5_hash = tcp_v4_calc_md5_hash, 1746 .calc_md5_hash = tcp_v4_md5_hash_skb,
1822 .md5_add = tcp_v4_md5_add_func, 1747 .md5_add = tcp_v4_md5_add_func,
1823 .md5_parse = tcp_v4_parse_md5_keys, 1748 .md5_parse = tcp_v4_parse_md5_keys,
1824}; 1749};
@@ -1875,7 +1800,7 @@ static int tcp_v4_init_sock(struct sock *sk)
1875 return 0; 1800 return 0;
1876} 1801}
1877 1802
1878int tcp_v4_destroy_sock(struct sock *sk) 1803void tcp_v4_destroy_sock(struct sock *sk)
1879{ 1804{
1880 struct tcp_sock *tp = tcp_sk(sk); 1805 struct tcp_sock *tp = tcp_sk(sk);
1881 1806
@@ -1918,17 +1843,7 @@ int tcp_v4_destroy_sock(struct sock *sk)
1918 sk->sk_sndmsg_page = NULL; 1843 sk->sk_sndmsg_page = NULL;
1919 } 1844 }
1920 1845
1921 if (tp->defer_tcp_accept.request) {
1922 reqsk_free(tp->defer_tcp_accept.request);
1923 sock_put(tp->defer_tcp_accept.listen_sk);
1924 sock_put(sk);
1925 tp->defer_tcp_accept.listen_sk = NULL;
1926 tp->defer_tcp_accept.request = NULL;
1927 }
1928
1929 atomic_dec(&tcp_sockets_allocated); 1846 atomic_dec(&tcp_sockets_allocated);
1930
1931 return 0;
1932} 1847}
1933 1848
1934EXPORT_SYMBOL(tcp_v4_destroy_sock); 1849EXPORT_SYMBOL(tcp_v4_destroy_sock);
@@ -1971,8 +1886,7 @@ static void *listening_get_next(struct seq_file *seq, void *cur)
1971 req = req->dl_next; 1886 req = req->dl_next;
1972 while (1) { 1887 while (1) {
1973 while (req) { 1888 while (req) {
1974 if (req->rsk_ops->family == st->family && 1889 if (req->rsk_ops->family == st->family) {
1975 net_eq(sock_net(req->sk), net)) {
1976 cur = req; 1890 cur = req;
1977 goto out; 1891 goto out;
1978 } 1892 }
@@ -2303,7 +2217,7 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2303 } 2217 }
2304 2218
2305 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX " 2219 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2306 "%08X %5d %8d %lu %d %p %u %u %u %u %d%n", 2220 "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n",
2307 i, src, srcp, dest, destp, sk->sk_state, 2221 i, src, srcp, dest, destp, sk->sk_state,
2308 tp->write_seq - tp->snd_una, 2222 tp->write_seq - tp->snd_una,
2309 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog : 2223 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog :
@@ -2315,8 +2229,8 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2315 icsk->icsk_probes_out, 2229 icsk->icsk_probes_out,
2316 sock_i_ino(sk), 2230 sock_i_ino(sk),
2317 atomic_read(&sk->sk_refcnt), sk, 2231 atomic_read(&sk->sk_refcnt), sk,
2318 icsk->icsk_rto, 2232 jiffies_to_clock_t(icsk->icsk_rto),
2319 icsk->icsk_ack.ato, 2233 jiffies_to_clock_t(icsk->icsk_ack.ato),
2320 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, 2234 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2321 tp->snd_cwnd, 2235 tp->snd_cwnd,
2322 tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh, 2236 tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh,
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 019c8c16e5cc..f976fc57892c 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * Implementation of the Transmission Control Protocol(TCP). 6 * Implementation of the Transmission Control Protocol(TCP).
7 * 7 *
8 * Version: $Id: tcp_minisocks.c,v 1.15 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Mark Evans, <evansmp@uhura.aston.ac.uk> 10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
@@ -246,7 +244,7 @@ kill:
246 } 244 }
247 245
248 if (paws_reject) 246 if (paws_reject)
249 NET_INC_STATS_BH(LINUX_MIB_PAWSESTABREJECTED); 247 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_PAWSESTABREJECTED);
250 248
251 if (!th->rst) { 249 if (!th->rst) {
252 /* In this case we must reset the TIMEWAIT timer. 250 /* In this case we must reset the TIMEWAIT timer.
@@ -482,7 +480,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
482 newtp->rx_opt.mss_clamp = req->mss; 480 newtp->rx_opt.mss_clamp = req->mss;
483 TCP_ECN_openreq_child(newtp, req); 481 TCP_ECN_openreq_child(newtp, req);
484 482
485 TCP_INC_STATS_BH(TCP_MIB_PASSIVEOPENS); 483 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_PASSIVEOPENS);
486 } 484 }
487 return newsk; 485 return newsk;
488} 486}
@@ -571,8 +569,10 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
571 does sequence test, SYN is truncated, and thus we consider 569 does sequence test, SYN is truncated, and thus we consider
572 it a bare ACK. 570 it a bare ACK.
573 571
574 Both ends (listening sockets) accept the new incoming 572 If icsk->icsk_accept_queue.rskq_defer_accept, we silently drop this
575 connection and try to talk to each other. 8-) 573 bare ACK. Otherwise, we create an established connection. Both
574 ends (listening sockets) accept the new incoming connection and try
575 to talk to each other. 8-)
576 576
577 Note: This case is both harmless, and rare. Possibility is about the 577 Note: This case is both harmless, and rare. Possibility is about the
578 same as us discovering intelligent life on another plant tomorrow. 578 same as us discovering intelligent life on another plant tomorrow.
@@ -609,108 +609,96 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
609 tcp_rsk(req)->rcv_isn + 1, tcp_rsk(req)->rcv_isn + 1 + req->rcv_wnd)) { 609 tcp_rsk(req)->rcv_isn + 1, tcp_rsk(req)->rcv_isn + 1 + req->rcv_wnd)) {
610 /* Out of window: send ACK and drop. */ 610 /* Out of window: send ACK and drop. */
611 if (!(flg & TCP_FLAG_RST)) 611 if (!(flg & TCP_FLAG_RST))
612 req->rsk_ops->send_ack(skb, req); 612 req->rsk_ops->send_ack(sk, skb, req);
613 if (paws_reject) 613 if (paws_reject)
614 NET_INC_STATS_BH(LINUX_MIB_PAWSESTABREJECTED); 614 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED);
615 return NULL; 615 return NULL;
616 } 616 }
617 617
618 /* In sequence, PAWS is OK. */ 618 /* In sequence, PAWS is OK. */
619 619
620 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_isn + 1)) 620 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_isn + 1))
621 req->ts_recent = tmp_opt.rcv_tsval; 621 req->ts_recent = tmp_opt.rcv_tsval;
622 622
623 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) { 623 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) {
624 /* Truncate SYN, it is out of window starting 624 /* Truncate SYN, it is out of window starting
625 at tcp_rsk(req)->rcv_isn + 1. */ 625 at tcp_rsk(req)->rcv_isn + 1. */
626 flg &= ~TCP_FLAG_SYN; 626 flg &= ~TCP_FLAG_SYN;
627 } 627 }
628 628
629 /* RFC793: "second check the RST bit" and 629 /* RFC793: "second check the RST bit" and
630 * "fourth, check the SYN bit" 630 * "fourth, check the SYN bit"
631 */ 631 */
632 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) { 632 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) {
633 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS); 633 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
634 goto embryonic_reset; 634 goto embryonic_reset;
635 } 635 }
636 636
637 /* ACK sequence verified above, just make sure ACK is 637 /* ACK sequence verified above, just make sure ACK is
638 * set. If ACK not set, just silently drop the packet. 638 * set. If ACK not set, just silently drop the packet.
639 */ 639 */
640 if (!(flg & TCP_FLAG_ACK)) 640 if (!(flg & TCP_FLAG_ACK))
641 return NULL; 641 return NULL;
642 642
643 /* OK, ACK is valid, create big socket and 643 /* If TCP_DEFER_ACCEPT is set, drop bare ACK. */
644 * feed this segment to it. It will repeat all 644 if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
645 * the tests. THIS SEGMENT MUST MOVE SOCKET TO 645 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
646 * ESTABLISHED STATE. If it will be dropped after 646 inet_rsk(req)->acked = 1;
647 * socket is created, wait for troubles. 647 return NULL;
648 */ 648 }
649 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, 649
650 req, NULL); 650 /* OK, ACK is valid, create big socket and
651 if (child == NULL) 651 * feed this segment to it. It will repeat all
652 goto listen_overflow; 652 * the tests. THIS SEGMENT MUST MOVE SOCKET TO
653 * ESTABLISHED STATE. If it will be dropped after
654 * socket is created, wait for troubles.
655 */
656 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
657 if (child == NULL)
658 goto listen_overflow;
653#ifdef CONFIG_TCP_MD5SIG 659#ifdef CONFIG_TCP_MD5SIG
654 else { 660 else {
655 /* Copy over the MD5 key from the original socket */ 661 /* Copy over the MD5 key from the original socket */
656 struct tcp_md5sig_key *key; 662 struct tcp_md5sig_key *key;
657 struct tcp_sock *tp = tcp_sk(sk); 663 struct tcp_sock *tp = tcp_sk(sk);
658 key = tp->af_specific->md5_lookup(sk, child); 664 key = tp->af_specific->md5_lookup(sk, child);
659 if (key != NULL) { 665 if (key != NULL) {
660 /* 666 /*
661 * We're using one, so create a matching key on the 667 * We're using one, so create a matching key on the
662 * newsk structure. If we fail to get memory then we 668 * newsk structure. If we fail to get memory then we
663 * end up not copying the key across. Shucks. 669 * end up not copying the key across. Shucks.
664 */ 670 */
665 char *newkey = kmemdup(key->key, key->keylen, 671 char *newkey = kmemdup(key->key, key->keylen,
666 GFP_ATOMIC); 672 GFP_ATOMIC);
667 if (newkey) { 673 if (newkey) {
668 if (!tcp_alloc_md5sig_pool()) 674 if (!tcp_alloc_md5sig_pool())
669 BUG(); 675 BUG();
670 tp->af_specific->md5_add(child, child, 676 tp->af_specific->md5_add(child, child, newkey,
671 newkey, 677 key->keylen);
672 key->keylen);
673 }
674 } 678 }
675 } 679 }
680 }
676#endif 681#endif
677 682
678 inet_csk_reqsk_queue_unlink(sk, req, prev); 683 inet_csk_reqsk_queue_unlink(sk, req, prev);
679 inet_csk_reqsk_queue_removed(sk, req); 684 inet_csk_reqsk_queue_removed(sk, req);
680 685
681 if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept && 686 inet_csk_reqsk_queue_add(sk, req, child);
682 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) { 687 return child;
683 688
684 /* the accept queue handling is done is est recv slow 689listen_overflow:
685 * path so lets make sure to start there 690 if (!sysctl_tcp_abort_on_overflow) {
686 */ 691 inet_rsk(req)->acked = 1;
687 tcp_sk(child)->pred_flags = 0; 692 return NULL;
688 sock_hold(sk); 693 }
689 sock_hold(child);
690 tcp_sk(child)->defer_tcp_accept.listen_sk = sk;
691 tcp_sk(child)->defer_tcp_accept.request = req;
692
693 inet_csk_reset_keepalive_timer(child,
694 inet_csk(sk)->icsk_accept_queue.rskq_defer_accept * HZ);
695 } else {
696 inet_csk_reqsk_queue_add(sk, req, child);
697 }
698
699 return child;
700
701 listen_overflow:
702 if (!sysctl_tcp_abort_on_overflow) {
703 inet_rsk(req)->acked = 1;
704 return NULL;
705 }
706 694
707 embryonic_reset: 695embryonic_reset:
708 NET_INC_STATS_BH(LINUX_MIB_EMBRYONICRSTS); 696 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
709 if (!(flg & TCP_FLAG_RST)) 697 if (!(flg & TCP_FLAG_RST))
710 req->rsk_ops->send_reset(sk, skb); 698 req->rsk_ops->send_reset(sk, skb);
711 699
712 inet_csk_reqsk_queue_drop(sk, req, prev); 700 inet_csk_reqsk_queue_drop(sk, req, prev);
713 return NULL; 701 return NULL;
714} 702}
715 703
716/* 704/*
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index e399bde7813a..8165f5aa8c71 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * Implementation of the Transmission Control Protocol(TCP). 6 * Implementation of the Transmission Control Protocol(TCP).
7 * 7 *
8 * Version: $Id: tcp_output.c,v 1.146 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Mark Evans, <evansmp@uhura.aston.ac.uk> 10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
@@ -347,28 +345,82 @@ static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
347 TCP_SKB_CB(skb)->end_seq = seq; 345 TCP_SKB_CB(skb)->end_seq = seq;
348} 346}
349 347
350static void tcp_build_and_update_options(__be32 *ptr, struct tcp_sock *tp, 348#define OPTION_SACK_ADVERTISE (1 << 0)
351 __u32 tstamp, __u8 **md5_hash) 349#define OPTION_TS (1 << 1)
352{ 350#define OPTION_MD5 (1 << 2)
353 if (tp->rx_opt.tstamp_ok) { 351
352struct tcp_out_options {
353 u8 options; /* bit field of OPTION_* */
354 u8 ws; /* window scale, 0 to disable */
355 u8 num_sack_blocks; /* number of SACK blocks to include */
356 u16 mss; /* 0 to disable */
357 __u32 tsval, tsecr; /* need to include OPTION_TS */
358};
359
360static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
361 const struct tcp_out_options *opts,
362 __u8 **md5_hash) {
363 if (unlikely(OPTION_MD5 & opts->options)) {
364 *ptr++ = htonl((TCPOPT_NOP << 24) |
365 (TCPOPT_NOP << 16) |
366 (TCPOPT_MD5SIG << 8) |
367 TCPOLEN_MD5SIG);
368 *md5_hash = (__u8 *)ptr;
369 ptr += 4;
370 } else {
371 *md5_hash = NULL;
372 }
373
374 if (likely(OPTION_TS & opts->options)) {
375 if (unlikely(OPTION_SACK_ADVERTISE & opts->options)) {
376 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
377 (TCPOLEN_SACK_PERM << 16) |
378 (TCPOPT_TIMESTAMP << 8) |
379 TCPOLEN_TIMESTAMP);
380 } else {
381 *ptr++ = htonl((TCPOPT_NOP << 24) |
382 (TCPOPT_NOP << 16) |
383 (TCPOPT_TIMESTAMP << 8) |
384 TCPOLEN_TIMESTAMP);
385 }
386 *ptr++ = htonl(opts->tsval);
387 *ptr++ = htonl(opts->tsecr);
388 }
389
390 if (unlikely(opts->mss)) {
391 *ptr++ = htonl((TCPOPT_MSS << 24) |
392 (TCPOLEN_MSS << 16) |
393 opts->mss);
394 }
395
396 if (unlikely(OPTION_SACK_ADVERTISE & opts->options &&
397 !(OPTION_TS & opts->options))) {
354 *ptr++ = htonl((TCPOPT_NOP << 24) | 398 *ptr++ = htonl((TCPOPT_NOP << 24) |
355 (TCPOPT_NOP << 16) | 399 (TCPOPT_NOP << 16) |
356 (TCPOPT_TIMESTAMP << 8) | 400 (TCPOPT_SACK_PERM << 8) |
357 TCPOLEN_TIMESTAMP); 401 TCPOLEN_SACK_PERM);
358 *ptr++ = htonl(tstamp); 402 }
359 *ptr++ = htonl(tp->rx_opt.ts_recent); 403
404 if (unlikely(opts->ws)) {
405 *ptr++ = htonl((TCPOPT_NOP << 24) |
406 (TCPOPT_WINDOW << 16) |
407 (TCPOLEN_WINDOW << 8) |
408 opts->ws);
360 } 409 }
361 if (tp->rx_opt.eff_sacks) { 410
362 struct tcp_sack_block *sp = tp->rx_opt.dsack ? tp->duplicate_sack : tp->selective_acks; 411 if (unlikely(opts->num_sack_blocks)) {
412 struct tcp_sack_block *sp = tp->rx_opt.dsack ?
413 tp->duplicate_sack : tp->selective_acks;
363 int this_sack; 414 int this_sack;
364 415
365 *ptr++ = htonl((TCPOPT_NOP << 24) | 416 *ptr++ = htonl((TCPOPT_NOP << 24) |
366 (TCPOPT_NOP << 16) | 417 (TCPOPT_NOP << 16) |
367 (TCPOPT_SACK << 8) | 418 (TCPOPT_SACK << 8) |
368 (TCPOLEN_SACK_BASE + (tp->rx_opt.eff_sacks * 419 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
369 TCPOLEN_SACK_PERBLOCK))); 420 TCPOLEN_SACK_PERBLOCK)));
370 421
371 for (this_sack = 0; this_sack < tp->rx_opt.eff_sacks; this_sack++) { 422 for (this_sack = 0; this_sack < opts->num_sack_blocks;
423 ++this_sack) {
372 *ptr++ = htonl(sp[this_sack].start_seq); 424 *ptr++ = htonl(sp[this_sack].start_seq);
373 *ptr++ = htonl(sp[this_sack].end_seq); 425 *ptr++ = htonl(sp[this_sack].end_seq);
374 } 426 }
@@ -378,81 +430,139 @@ static void tcp_build_and_update_options(__be32 *ptr, struct tcp_sock *tp,
378 tp->rx_opt.eff_sacks--; 430 tp->rx_opt.eff_sacks--;
379 } 431 }
380 } 432 }
433}
434
435static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
436 struct tcp_out_options *opts,
437 struct tcp_md5sig_key **md5) {
438 struct tcp_sock *tp = tcp_sk(sk);
439 unsigned size = 0;
440
381#ifdef CONFIG_TCP_MD5SIG 441#ifdef CONFIG_TCP_MD5SIG
382 if (md5_hash) { 442 *md5 = tp->af_specific->md5_lookup(sk, sk);
383 *ptr++ = htonl((TCPOPT_NOP << 24) | 443 if (*md5) {
384 (TCPOPT_NOP << 16) | 444 opts->options |= OPTION_MD5;
385 (TCPOPT_MD5SIG << 8) | 445 size += TCPOLEN_MD5SIG_ALIGNED;
386 TCPOLEN_MD5SIG);
387 *md5_hash = (__u8 *)ptr;
388 } 446 }
447#else
448 *md5 = NULL;
389#endif 449#endif
450
451 /* We always get an MSS option. The option bytes which will be seen in
452 * normal data packets should timestamps be used, must be in the MSS
453 * advertised. But we subtract them from tp->mss_cache so that
454 * calculations in tcp_sendmsg are simpler etc. So account for this
455 * fact here if necessary. If we don't do this correctly, as a
456 * receiver we won't recognize data packets as being full sized when we
457 * should, and thus we won't abide by the delayed ACK rules correctly.
458 * SACKs don't matter, we never delay an ACK when we have any of those
459 * going out. */
460 opts->mss = tcp_advertise_mss(sk);
461 size += TCPOLEN_MSS_ALIGNED;
462
463 if (likely(sysctl_tcp_timestamps && *md5 == NULL)) {
464 opts->options |= OPTION_TS;
465 opts->tsval = TCP_SKB_CB(skb)->when;
466 opts->tsecr = tp->rx_opt.ts_recent;
467 size += TCPOLEN_TSTAMP_ALIGNED;
468 }
469 if (likely(sysctl_tcp_window_scaling)) {
470 opts->ws = tp->rx_opt.rcv_wscale;
471 if(likely(opts->ws))
472 size += TCPOLEN_WSCALE_ALIGNED;
473 }
474 if (likely(sysctl_tcp_sack)) {
475 opts->options |= OPTION_SACK_ADVERTISE;
476 if (unlikely(!(OPTION_TS & opts->options)))
477 size += TCPOLEN_SACKPERM_ALIGNED;
478 }
479
480 return size;
390} 481}
391 482
392/* Construct a tcp options header for a SYN or SYN_ACK packet. 483static unsigned tcp_synack_options(struct sock *sk,
393 * If this is every changed make sure to change the definition of 484 struct request_sock *req,
394 * MAX_SYN_SIZE to match the new maximum number of options that you 485 unsigned mss, struct sk_buff *skb,
395 * can generate. 486 struct tcp_out_options *opts,
396 * 487 struct tcp_md5sig_key **md5) {
397 * Note - that with the RFC2385 TCP option, we make room for the 488 unsigned size = 0;
398 * 16 byte MD5 hash. This will be filled in later, so the pointer for the 489 struct inet_request_sock *ireq = inet_rsk(req);
399 * location to be filled is passed back up. 490 char doing_ts;
400 */ 491
401static void tcp_syn_build_options(__be32 *ptr, int mss, int ts, int sack,
402 int offer_wscale, int wscale, __u32 tstamp,
403 __u32 ts_recent, __u8 **md5_hash)
404{
405 /* We always get an MSS option.
406 * The option bytes which will be seen in normal data
407 * packets should timestamps be used, must be in the MSS
408 * advertised. But we subtract them from tp->mss_cache so
409 * that calculations in tcp_sendmsg are simpler etc.
410 * So account for this fact here if necessary. If we
411 * don't do this correctly, as a receiver we won't
412 * recognize data packets as being full sized when we
413 * should, and thus we won't abide by the delayed ACK
414 * rules correctly.
415 * SACKs don't matter, we never delay an ACK when we
416 * have any of those going out.
417 */
418 *ptr++ = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | mss);
419 if (ts) {
420 if (sack)
421 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
422 (TCPOLEN_SACK_PERM << 16) |
423 (TCPOPT_TIMESTAMP << 8) |
424 TCPOLEN_TIMESTAMP);
425 else
426 *ptr++ = htonl((TCPOPT_NOP << 24) |
427 (TCPOPT_NOP << 16) |
428 (TCPOPT_TIMESTAMP << 8) |
429 TCPOLEN_TIMESTAMP);
430 *ptr++ = htonl(tstamp); /* TSVAL */
431 *ptr++ = htonl(ts_recent); /* TSECR */
432 } else if (sack)
433 *ptr++ = htonl((TCPOPT_NOP << 24) |
434 (TCPOPT_NOP << 16) |
435 (TCPOPT_SACK_PERM << 8) |
436 TCPOLEN_SACK_PERM);
437 if (offer_wscale)
438 *ptr++ = htonl((TCPOPT_NOP << 24) |
439 (TCPOPT_WINDOW << 16) |
440 (TCPOLEN_WINDOW << 8) |
441 (wscale));
442#ifdef CONFIG_TCP_MD5SIG 492#ifdef CONFIG_TCP_MD5SIG
443 /* 493 *md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req);
444 * If MD5 is enabled, then we set the option, and include the size 494 if (*md5) {
445 * (always 18). The actual MD5 hash is added just before the 495 opts->options |= OPTION_MD5;
446 * packet is sent. 496 size += TCPOLEN_MD5SIG_ALIGNED;
447 */ 497 }
448 if (md5_hash) { 498#else
449 *ptr++ = htonl((TCPOPT_NOP << 24) | 499 *md5 = NULL;
450 (TCPOPT_NOP << 16) | 500#endif
451 (TCPOPT_MD5SIG << 8) | 501
452 TCPOLEN_MD5SIG); 502 /* we can't fit any SACK blocks in a packet with MD5 + TS
453 *md5_hash = (__u8 *)ptr; 503 options. There was discussion about disabling SACK rather than TS in
504 order to fit in better with old, buggy kernels, but that was deemed
505 to be unnecessary. */
506 doing_ts = ireq->tstamp_ok && !(*md5 && ireq->sack_ok);
507
508 opts->mss = mss;
509 size += TCPOLEN_MSS_ALIGNED;
510
511 if (likely(ireq->wscale_ok)) {
512 opts->ws = ireq->rcv_wscale;
513 if(likely(opts->ws))
514 size += TCPOLEN_WSCALE_ALIGNED;
515 }
516 if (likely(doing_ts)) {
517 opts->options |= OPTION_TS;
518 opts->tsval = TCP_SKB_CB(skb)->when;
519 opts->tsecr = req->ts_recent;
520 size += TCPOLEN_TSTAMP_ALIGNED;
454 } 521 }
522 if (likely(ireq->sack_ok)) {
523 opts->options |= OPTION_SACK_ADVERTISE;
524 if (unlikely(!doing_ts))
525 size += TCPOLEN_SACKPERM_ALIGNED;
526 }
527
528 return size;
529}
530
531static unsigned tcp_established_options(struct sock *sk, struct sk_buff *skb,
532 struct tcp_out_options *opts,
533 struct tcp_md5sig_key **md5) {
534 struct tcp_skb_cb *tcb = skb ? TCP_SKB_CB(skb) : NULL;
535 struct tcp_sock *tp = tcp_sk(sk);
536 unsigned size = 0;
537
538#ifdef CONFIG_TCP_MD5SIG
539 *md5 = tp->af_specific->md5_lookup(sk, sk);
540 if (unlikely(*md5)) {
541 opts->options |= OPTION_MD5;
542 size += TCPOLEN_MD5SIG_ALIGNED;
543 }
544#else
545 *md5 = NULL;
455#endif 546#endif
547
548 if (likely(tp->rx_opt.tstamp_ok)) {
549 opts->options |= OPTION_TS;
550 opts->tsval = tcb ? tcb->when : 0;
551 opts->tsecr = tp->rx_opt.ts_recent;
552 size += TCPOLEN_TSTAMP_ALIGNED;
553 }
554
555 if (unlikely(tp->rx_opt.eff_sacks)) {
556 const unsigned remaining = MAX_TCP_OPTION_SPACE - size;
557 opts->num_sack_blocks =
558 min_t(unsigned, tp->rx_opt.eff_sacks,
559 (remaining - TCPOLEN_SACK_BASE_ALIGNED) /
560 TCPOLEN_SACK_PERBLOCK);
561 size += TCPOLEN_SACK_BASE_ALIGNED +
562 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
563 }
564
565 return size;
456} 566}
457 567
458/* This routine actually transmits TCP packets queued in by 568/* This routine actually transmits TCP packets queued in by
@@ -473,13 +583,11 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
473 struct inet_sock *inet; 583 struct inet_sock *inet;
474 struct tcp_sock *tp; 584 struct tcp_sock *tp;
475 struct tcp_skb_cb *tcb; 585 struct tcp_skb_cb *tcb;
476 int tcp_header_size; 586 struct tcp_out_options opts;
477#ifdef CONFIG_TCP_MD5SIG 587 unsigned tcp_options_size, tcp_header_size;
478 struct tcp_md5sig_key *md5; 588 struct tcp_md5sig_key *md5;
479 __u8 *md5_hash_location; 589 __u8 *md5_hash_location;
480#endif
481 struct tcphdr *th; 590 struct tcphdr *th;
482 int sysctl_flags;
483 int err; 591 int err;
484 592
485 BUG_ON(!skb || !tcp_skb_pcount(skb)); 593 BUG_ON(!skb || !tcp_skb_pcount(skb));
@@ -502,50 +610,18 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
502 inet = inet_sk(sk); 610 inet = inet_sk(sk);
503 tp = tcp_sk(sk); 611 tp = tcp_sk(sk);
504 tcb = TCP_SKB_CB(skb); 612 tcb = TCP_SKB_CB(skb);
505 tcp_header_size = tp->tcp_header_len; 613 memset(&opts, 0, sizeof(opts));
506
507#define SYSCTL_FLAG_TSTAMPS 0x1
508#define SYSCTL_FLAG_WSCALE 0x2
509#define SYSCTL_FLAG_SACK 0x4
510 614
511 sysctl_flags = 0; 615 if (unlikely(tcb->flags & TCPCB_FLAG_SYN))
512 if (unlikely(tcb->flags & TCPCB_FLAG_SYN)) { 616 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
513 tcp_header_size = sizeof(struct tcphdr) + TCPOLEN_MSS; 617 else
514 if (sysctl_tcp_timestamps) { 618 tcp_options_size = tcp_established_options(sk, skb, &opts,
515 tcp_header_size += TCPOLEN_TSTAMP_ALIGNED; 619 &md5);
516 sysctl_flags |= SYSCTL_FLAG_TSTAMPS; 620 tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
517 }
518 if (sysctl_tcp_window_scaling) {
519 tcp_header_size += TCPOLEN_WSCALE_ALIGNED;
520 sysctl_flags |= SYSCTL_FLAG_WSCALE;
521 }
522 if (sysctl_tcp_sack) {
523 sysctl_flags |= SYSCTL_FLAG_SACK;
524 if (!(sysctl_flags & SYSCTL_FLAG_TSTAMPS))
525 tcp_header_size += TCPOLEN_SACKPERM_ALIGNED;
526 }
527 } else if (unlikely(tp->rx_opt.eff_sacks)) {
528 /* A SACK is 2 pad bytes, a 2 byte header, plus
529 * 2 32-bit sequence numbers for each SACK block.
530 */
531 tcp_header_size += (TCPOLEN_SACK_BASE_ALIGNED +
532 (tp->rx_opt.eff_sacks *
533 TCPOLEN_SACK_PERBLOCK));
534 }
535 621
536 if (tcp_packets_in_flight(tp) == 0) 622 if (tcp_packets_in_flight(tp) == 0)
537 tcp_ca_event(sk, CA_EVENT_TX_START); 623 tcp_ca_event(sk, CA_EVENT_TX_START);
538 624
539#ifdef CONFIG_TCP_MD5SIG
540 /*
541 * Are we doing MD5 on this segment? If so - make
542 * room for it.
543 */
544 md5 = tp->af_specific->md5_lookup(sk, sk);
545 if (md5)
546 tcp_header_size += TCPOLEN_MD5SIG_ALIGNED;
547#endif
548
549 skb_push(skb, tcp_header_size); 625 skb_push(skb, tcp_header_size);
550 skb_reset_transport_header(skb); 626 skb_reset_transport_header(skb);
551 skb_set_owner_w(skb, sk); 627 skb_set_owner_w(skb, sk);
@@ -576,39 +652,16 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
576 th->urg = 1; 652 th->urg = 1;
577 } 653 }
578 654
579 if (unlikely(tcb->flags & TCPCB_FLAG_SYN)) { 655 tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location);
580 tcp_syn_build_options((__be32 *)(th + 1), 656 if (likely((tcb->flags & TCPCB_FLAG_SYN) == 0))
581 tcp_advertise_mss(sk),
582 (sysctl_flags & SYSCTL_FLAG_TSTAMPS),
583 (sysctl_flags & SYSCTL_FLAG_SACK),
584 (sysctl_flags & SYSCTL_FLAG_WSCALE),
585 tp->rx_opt.rcv_wscale,
586 tcb->when,
587 tp->rx_opt.ts_recent,
588
589#ifdef CONFIG_TCP_MD5SIG
590 md5 ? &md5_hash_location :
591#endif
592 NULL);
593 } else {
594 tcp_build_and_update_options((__be32 *)(th + 1),
595 tp, tcb->when,
596#ifdef CONFIG_TCP_MD5SIG
597 md5 ? &md5_hash_location :
598#endif
599 NULL);
600 TCP_ECN_send(sk, skb, tcp_header_size); 657 TCP_ECN_send(sk, skb, tcp_header_size);
601 }
602 658
603#ifdef CONFIG_TCP_MD5SIG 659#ifdef CONFIG_TCP_MD5SIG
604 /* Calculate the MD5 hash, as we have all we need now */ 660 /* Calculate the MD5 hash, as we have all we need now */
605 if (md5) { 661 if (md5) {
662 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
606 tp->af_specific->calc_md5_hash(md5_hash_location, 663 tp->af_specific->calc_md5_hash(md5_hash_location,
607 md5, 664 md5, sk, NULL, skb);
608 sk, NULL, NULL,
609 tcp_hdr(skb),
610 sk->sk_protocol,
611 skb->len);
612 } 665 }
613#endif 666#endif
614 667
@@ -621,7 +674,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
621 tcp_event_data_sent(tp, skb, sk); 674 tcp_event_data_sent(tp, skb, sk);
622 675
623 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq) 676 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
624 TCP_INC_STATS(TCP_MIB_OUTSEGS); 677 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
625 678
626 err = icsk->icsk_af_ops->queue_xmit(skb, 0); 679 err = icsk->icsk_af_ops->queue_xmit(skb, 0);
627 if (likely(err <= 0)) 680 if (likely(err <= 0))
@@ -630,10 +683,6 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
630 tcp_enter_cwr(sk, 1); 683 tcp_enter_cwr(sk, 1);
631 684
632 return net_xmit_eval(err); 685 return net_xmit_eval(err);
633
634#undef SYSCTL_FLAG_TSTAMPS
635#undef SYSCTL_FLAG_WSCALE
636#undef SYSCTL_FLAG_SACK
637} 686}
638 687
639/* This routine just queue's the buffer 688/* This routine just queue's the buffer
@@ -974,6 +1023,9 @@ unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
974 u32 mss_now; 1023 u32 mss_now;
975 u16 xmit_size_goal; 1024 u16 xmit_size_goal;
976 int doing_tso = 0; 1025 int doing_tso = 0;
1026 unsigned header_len;
1027 struct tcp_out_options opts;
1028 struct tcp_md5sig_key *md5;
977 1029
978 mss_now = tp->mss_cache; 1030 mss_now = tp->mss_cache;
979 1031
@@ -986,14 +1038,16 @@ unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
986 mss_now = tcp_sync_mss(sk, mtu); 1038 mss_now = tcp_sync_mss(sk, mtu);
987 } 1039 }
988 1040
989 if (tp->rx_opt.eff_sacks) 1041 header_len = tcp_established_options(sk, NULL, &opts, &md5) +
990 mss_now -= (TCPOLEN_SACK_BASE_ALIGNED + 1042 sizeof(struct tcphdr);
991 (tp->rx_opt.eff_sacks * TCPOLEN_SACK_PERBLOCK)); 1043 /* The mss_cache is sized based on tp->tcp_header_len, which assumes
992 1044 * some common options. If this is an odd packet (because we have SACK
993#ifdef CONFIG_TCP_MD5SIG 1045 * blocks etc) then our calculated header_len will be different, and
994 if (tp->af_specific->md5_lookup(sk, sk)) 1046 * we have to adjust mss_now correspondingly */
995 mss_now -= TCPOLEN_MD5SIG_ALIGNED; 1047 if (header_len != tp->tcp_header_len) {
996#endif 1048 int delta = (int) header_len - tp->tcp_header_len;
1049 mss_now -= delta;
1050 }
997 1051
998 xmit_size_goal = mss_now; 1052 xmit_size_goal = mss_now;
999 1053
@@ -1913,7 +1967,7 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
1913 1967
1914 if (err == 0) { 1968 if (err == 0) {
1915 /* Update global TCP statistics. */ 1969 /* Update global TCP statistics. */
1916 TCP_INC_STATS(TCP_MIB_RETRANSSEGS); 1970 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
1917 1971
1918 tp->total_retrans++; 1972 tp->total_retrans++;
1919 1973
@@ -1988,14 +2042,17 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
1988 2042
1989 if (sacked & TCPCB_LOST) { 2043 if (sacked & TCPCB_LOST) {
1990 if (!(sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS))) { 2044 if (!(sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS))) {
2045 int mib_idx;
2046
1991 if (tcp_retransmit_skb(sk, skb)) { 2047 if (tcp_retransmit_skb(sk, skb)) {
1992 tp->retransmit_skb_hint = NULL; 2048 tp->retransmit_skb_hint = NULL;
1993 return; 2049 return;
1994 } 2050 }
1995 if (icsk->icsk_ca_state != TCP_CA_Loss) 2051 if (icsk->icsk_ca_state != TCP_CA_Loss)
1996 NET_INC_STATS_BH(LINUX_MIB_TCPFASTRETRANS); 2052 mib_idx = LINUX_MIB_TCPFASTRETRANS;
1997 else 2053 else
1998 NET_INC_STATS_BH(LINUX_MIB_TCPSLOWSTARTRETRANS); 2054 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS;
2055 NET_INC_STATS_BH(sock_net(sk), mib_idx);
1999 2056
2000 if (skb == tcp_write_queue_head(sk)) 2057 if (skb == tcp_write_queue_head(sk))
2001 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 2058 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
@@ -2065,7 +2122,7 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
2065 inet_csk(sk)->icsk_rto, 2122 inet_csk(sk)->icsk_rto,
2066 TCP_RTO_MAX); 2123 TCP_RTO_MAX);
2067 2124
2068 NET_INC_STATS_BH(LINUX_MIB_TCPFORWARDRETRANS); 2125 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFORWARDRETRANS);
2069 } 2126 }
2070} 2127}
2071 2128
@@ -2119,7 +2176,7 @@ void tcp_send_active_reset(struct sock *sk, gfp_t priority)
2119 /* NOTE: No TCP options attached and we never retransmit this. */ 2176 /* NOTE: No TCP options attached and we never retransmit this. */
2120 skb = alloc_skb(MAX_TCP_HEADER, priority); 2177 skb = alloc_skb(MAX_TCP_HEADER, priority);
2121 if (!skb) { 2178 if (!skb) {
2122 NET_INC_STATS(LINUX_MIB_TCPABORTFAILED); 2179 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
2123 return; 2180 return;
2124 } 2181 }
2125 2182
@@ -2130,7 +2187,9 @@ void tcp_send_active_reset(struct sock *sk, gfp_t priority)
2130 /* Send it off. */ 2187 /* Send it off. */
2131 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2188 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2132 if (tcp_transmit_skb(sk, skb, 0, priority)) 2189 if (tcp_transmit_skb(sk, skb, 0, priority))
2133 NET_INC_STATS(LINUX_MIB_TCPABORTFAILED); 2190 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
2191
2192 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS);
2134} 2193}
2135 2194
2136/* WARNING: This routine must only be called when we have already sent 2195/* WARNING: This routine must only be called when we have already sent
@@ -2178,11 +2237,10 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2178 struct tcp_sock *tp = tcp_sk(sk); 2237 struct tcp_sock *tp = tcp_sk(sk);
2179 struct tcphdr *th; 2238 struct tcphdr *th;
2180 int tcp_header_size; 2239 int tcp_header_size;
2240 struct tcp_out_options opts;
2181 struct sk_buff *skb; 2241 struct sk_buff *skb;
2182#ifdef CONFIG_TCP_MD5SIG
2183 struct tcp_md5sig_key *md5; 2242 struct tcp_md5sig_key *md5;
2184 __u8 *md5_hash_location; 2243 __u8 *md5_hash_location;
2185#endif
2186 2244
2187 skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC); 2245 skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
2188 if (skb == NULL) 2246 if (skb == NULL)
@@ -2193,18 +2251,27 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2193 2251
2194 skb->dst = dst_clone(dst); 2252 skb->dst = dst_clone(dst);
2195 2253
2196 tcp_header_size = (sizeof(struct tcphdr) + TCPOLEN_MSS + 2254 if (req->rcv_wnd == 0) { /* ignored for retransmitted syns */
2197 (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0) + 2255 __u8 rcv_wscale;
2198 (ireq->wscale_ok ? TCPOLEN_WSCALE_ALIGNED : 0) + 2256 /* Set this up on the first call only */
2199 /* SACK_PERM is in the place of NOP NOP of TS */ 2257 req->window_clamp = tp->window_clamp ? : dst_metric(dst, RTAX_WINDOW);
2200 ((ireq->sack_ok && !ireq->tstamp_ok) ? TCPOLEN_SACKPERM_ALIGNED : 0)); 2258 /* tcp_full_space because it is guaranteed to be the first packet */
2259 tcp_select_initial_window(tcp_full_space(sk),
2260 dst_metric(dst, RTAX_ADVMSS) - (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0),
2261 &req->rcv_wnd,
2262 &req->window_clamp,
2263 ireq->wscale_ok,
2264 &rcv_wscale);
2265 ireq->rcv_wscale = rcv_wscale;
2266 }
2267
2268 memset(&opts, 0, sizeof(opts));
2269 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2270 tcp_header_size = tcp_synack_options(sk, req,
2271 dst_metric(dst, RTAX_ADVMSS),
2272 skb, &opts, &md5) +
2273 sizeof(struct tcphdr);
2201 2274
2202#ifdef CONFIG_TCP_MD5SIG
2203 /* Are we doing MD5 on this segment? If so - make room for it */
2204 md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req);
2205 if (md5)
2206 tcp_header_size += TCPOLEN_MD5SIG_ALIGNED;
2207#endif
2208 skb_push(skb, tcp_header_size); 2275 skb_push(skb, tcp_header_size);
2209 skb_reset_transport_header(skb); 2276 skb_reset_transport_header(skb);
2210 2277
@@ -2222,19 +2289,6 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2222 TCPCB_FLAG_SYN | TCPCB_FLAG_ACK); 2289 TCPCB_FLAG_SYN | TCPCB_FLAG_ACK);
2223 th->seq = htonl(TCP_SKB_CB(skb)->seq); 2290 th->seq = htonl(TCP_SKB_CB(skb)->seq);
2224 th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1); 2291 th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1);
2225 if (req->rcv_wnd == 0) { /* ignored for retransmitted syns */
2226 __u8 rcv_wscale;
2227 /* Set this up on the first call only */
2228 req->window_clamp = tp->window_clamp ? : dst_metric(dst, RTAX_WINDOW);
2229 /* tcp_full_space because it is guaranteed to be the first packet */
2230 tcp_select_initial_window(tcp_full_space(sk),
2231 dst_metric(dst, RTAX_ADVMSS) - (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0),
2232 &req->rcv_wnd,
2233 &req->window_clamp,
2234 ireq->wscale_ok,
2235 &rcv_wscale);
2236 ireq->rcv_wscale = rcv_wscale;
2237 }
2238 2292
2239 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ 2293 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
2240 th->window = htons(min(req->rcv_wnd, 65535U)); 2294 th->window = htons(min(req->rcv_wnd, 65535U));
@@ -2243,29 +2297,15 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2243 TCP_SKB_CB(skb)->when = cookie_init_timestamp(req); 2297 TCP_SKB_CB(skb)->when = cookie_init_timestamp(req);
2244 else 2298 else
2245#endif 2299#endif
2246 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2300 tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location);
2247 tcp_syn_build_options((__be32 *)(th + 1), dst_metric(dst, RTAX_ADVMSS), ireq->tstamp_ok,
2248 ireq->sack_ok, ireq->wscale_ok, ireq->rcv_wscale,
2249 TCP_SKB_CB(skb)->when,
2250 req->ts_recent,
2251 (
2252#ifdef CONFIG_TCP_MD5SIG
2253 md5 ? &md5_hash_location :
2254#endif
2255 NULL)
2256 );
2257
2258 th->doff = (tcp_header_size >> 2); 2301 th->doff = (tcp_header_size >> 2);
2259 TCP_INC_STATS(TCP_MIB_OUTSEGS); 2302 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
2260 2303
2261#ifdef CONFIG_TCP_MD5SIG 2304#ifdef CONFIG_TCP_MD5SIG
2262 /* Okay, we have all we need - do the md5 hash if needed */ 2305 /* Okay, we have all we need - do the md5 hash if needed */
2263 if (md5) { 2306 if (md5) {
2264 tp->af_specific->calc_md5_hash(md5_hash_location, 2307 tp->af_specific->calc_md5_hash(md5_hash_location,
2265 md5, 2308 md5, NULL, req, skb);
2266 NULL, dst, req,
2267 tcp_hdr(skb), sk->sk_protocol,
2268 skb->len);
2269 } 2309 }
2270#endif 2310#endif
2271 2311
@@ -2365,7 +2405,7 @@ int tcp_connect(struct sock *sk)
2365 */ 2405 */
2366 tp->snd_nxt = tp->write_seq; 2406 tp->snd_nxt = tp->write_seq;
2367 tp->pushed_seq = tp->write_seq; 2407 tp->pushed_seq = tp->write_seq;
2368 TCP_INC_STATS(TCP_MIB_ACTIVEOPENS); 2408 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS);
2369 2409
2370 /* Timer for repeating the SYN until an answer. */ 2410 /* Timer for repeating the SYN until an answer. */
2371 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 2411 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index 5ff0ce6e9d39..7ddc30f0744f 100644
--- a/net/ipv4/tcp_probe.c
+++ b/net/ipv4/tcp_probe.c
@@ -224,7 +224,7 @@ static __init int tcpprobe_init(void)
224 if (bufsize < 0) 224 if (bufsize < 0)
225 return -EINVAL; 225 return -EINVAL;
226 226
227 tcp_probe.log = kcalloc(sizeof(struct tcp_log), bufsize, GFP_KERNEL); 227 tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL);
228 if (!tcp_probe.log) 228 if (!tcp_probe.log)
229 goto err0; 229 goto err0;
230 230
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 4de68cf5f2aa..5ab6ba19c3ce 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * Implementation of the Transmission Control Protocol(TCP). 6 * Implementation of the Transmission Control Protocol(TCP).
7 * 7 *
8 * Version: $Id: tcp_timer.c,v 1.88 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Mark Evans, <evansmp@uhura.aston.ac.uk> 10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
@@ -50,7 +48,7 @@ static void tcp_write_err(struct sock *sk)
50 sk->sk_error_report(sk); 48 sk->sk_error_report(sk);
51 49
52 tcp_done(sk); 50 tcp_done(sk);
53 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONTIMEOUT); 51 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONTIMEOUT);
54} 52}
55 53
56/* Do not allow orphaned sockets to eat all our resources. 54/* Do not allow orphaned sockets to eat all our resources.
@@ -91,7 +89,7 @@ static int tcp_out_of_resources(struct sock *sk, int do_reset)
91 if (do_reset) 89 if (do_reset)
92 tcp_send_active_reset(sk, GFP_ATOMIC); 90 tcp_send_active_reset(sk, GFP_ATOMIC);
93 tcp_done(sk); 91 tcp_done(sk);
94 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY); 92 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONMEMORY);
95 return 1; 93 return 1;
96 } 94 }
97 return 0; 95 return 0;
@@ -181,7 +179,7 @@ static void tcp_delack_timer(unsigned long data)
181 if (sock_owned_by_user(sk)) { 179 if (sock_owned_by_user(sk)) {
182 /* Try again later. */ 180 /* Try again later. */
183 icsk->icsk_ack.blocked = 1; 181 icsk->icsk_ack.blocked = 1;
184 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKLOCKED); 182 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOCKED);
185 sk_reset_timer(sk, &icsk->icsk_delack_timer, jiffies + TCP_DELACK_MIN); 183 sk_reset_timer(sk, &icsk->icsk_delack_timer, jiffies + TCP_DELACK_MIN);
186 goto out_unlock; 184 goto out_unlock;
187 } 185 }
@@ -200,7 +198,7 @@ static void tcp_delack_timer(unsigned long data)
200 if (!skb_queue_empty(&tp->ucopy.prequeue)) { 198 if (!skb_queue_empty(&tp->ucopy.prequeue)) {
201 struct sk_buff *skb; 199 struct sk_buff *skb;
202 200
203 NET_INC_STATS_BH(LINUX_MIB_TCPSCHEDULERFAILED); 201 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSCHEDULERFAILED);
204 202
205 while ((skb = __skb_dequeue(&tp->ucopy.prequeue)) != NULL) 203 while ((skb = __skb_dequeue(&tp->ucopy.prequeue)) != NULL)
206 sk->sk_backlog_rcv(sk, skb); 204 sk->sk_backlog_rcv(sk, skb);
@@ -220,7 +218,7 @@ static void tcp_delack_timer(unsigned long data)
220 icsk->icsk_ack.ato = TCP_ATO_MIN; 218 icsk->icsk_ack.ato = TCP_ATO_MIN;
221 } 219 }
222 tcp_send_ack(sk); 220 tcp_send_ack(sk);
223 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKS); 221 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKS);
224 } 222 }
225 TCP_CHECK_TIMER(sk); 223 TCP_CHECK_TIMER(sk);
226 224
@@ -289,7 +287,7 @@ static void tcp_retransmit_timer(struct sock *sk)
289 if (!tp->packets_out) 287 if (!tp->packets_out)
290 goto out; 288 goto out;
291 289
292 BUG_TRAP(!tcp_write_queue_empty(sk)); 290 WARN_ON(tcp_write_queue_empty(sk));
293 291
294 if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) && 292 if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) &&
295 !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) { 293 !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) {
@@ -328,24 +326,27 @@ static void tcp_retransmit_timer(struct sock *sk)
328 goto out; 326 goto out;
329 327
330 if (icsk->icsk_retransmits == 0) { 328 if (icsk->icsk_retransmits == 0) {
329 int mib_idx;
330
331 if (icsk->icsk_ca_state == TCP_CA_Disorder || 331 if (icsk->icsk_ca_state == TCP_CA_Disorder ||
332 icsk->icsk_ca_state == TCP_CA_Recovery) { 332 icsk->icsk_ca_state == TCP_CA_Recovery) {
333 if (tcp_is_sack(tp)) { 333 if (tcp_is_sack(tp)) {
334 if (icsk->icsk_ca_state == TCP_CA_Recovery) 334 if (icsk->icsk_ca_state == TCP_CA_Recovery)
335 NET_INC_STATS_BH(LINUX_MIB_TCPSACKRECOVERYFAIL); 335 mib_idx = LINUX_MIB_TCPSACKRECOVERYFAIL;
336 else 336 else
337 NET_INC_STATS_BH(LINUX_MIB_TCPSACKFAILURES); 337 mib_idx = LINUX_MIB_TCPSACKFAILURES;
338 } else { 338 } else {
339 if (icsk->icsk_ca_state == TCP_CA_Recovery) 339 if (icsk->icsk_ca_state == TCP_CA_Recovery)
340 NET_INC_STATS_BH(LINUX_MIB_TCPRENORECOVERYFAIL); 340 mib_idx = LINUX_MIB_TCPRENORECOVERYFAIL;
341 else 341 else
342 NET_INC_STATS_BH(LINUX_MIB_TCPRENOFAILURES); 342 mib_idx = LINUX_MIB_TCPRENOFAILURES;
343 } 343 }
344 } else if (icsk->icsk_ca_state == TCP_CA_Loss) { 344 } else if (icsk->icsk_ca_state == TCP_CA_Loss) {
345 NET_INC_STATS_BH(LINUX_MIB_TCPLOSSFAILURES); 345 mib_idx = LINUX_MIB_TCPLOSSFAILURES;
346 } else { 346 } else {
347 NET_INC_STATS_BH(LINUX_MIB_TCPTIMEOUTS); 347 mib_idx = LINUX_MIB_TCPTIMEOUTS;
348 } 348 }
349 NET_INC_STATS_BH(sock_net(sk), mib_idx);
349 } 350 }
350 351
351 if (tcp_use_frto(sk)) { 352 if (tcp_use_frto(sk)) {
@@ -489,11 +490,6 @@ static void tcp_keepalive_timer (unsigned long data)
489 goto death; 490 goto death;
490 } 491 }
491 492
492 if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) {
493 tcp_send_active_reset(sk, GFP_ATOMIC);
494 goto death;
495 }
496
497 if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE) 493 if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE)
498 goto out; 494 goto out;
499 495
diff --git a/net/ipv4/tunnel4.c b/net/ipv4/tunnel4.c
index d3b709a6f264..cb1f0e83830b 100644
--- a/net/ipv4/tunnel4.c
+++ b/net/ipv4/tunnel4.c
@@ -97,7 +97,7 @@ static int tunnel64_rcv(struct sk_buff *skb)
97{ 97{
98 struct xfrm_tunnel *handler; 98 struct xfrm_tunnel *handler;
99 99
100 if (!pskb_may_pull(skb, sizeof(struct iphdr))) 100 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
101 goto drop; 101 goto drop;
102 102
103 for (handler = tunnel64_handlers; handler; handler = handler->next) 103 for (handler = tunnel64_handlers; handler; handler = handler->next)
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index db1cb7c96d63..8e42fbbd5761 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * The User Datagram Protocol (UDP). 6 * The User Datagram Protocol (UDP).
7 * 7 *
8 * Version: $Id: udp.c,v 1.102 2002/02/01 22:01:04 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 10 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
@@ -110,9 +108,6 @@
110 * Snmp MIB for the UDP layer 108 * Snmp MIB for the UDP layer
111 */ 109 */
112 110
113DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
114EXPORT_SYMBOL(udp_statistics);
115
116DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6) __read_mostly; 111DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6) __read_mostly;
117EXPORT_SYMBOL(udp_stats_in6); 112EXPORT_SYMBOL(udp_stats_in6);
118 113
@@ -136,7 +131,7 @@ static inline int __udp_lib_lport_inuse(struct net *net, __u16 num,
136 struct sock *sk; 131 struct sock *sk;
137 struct hlist_node *node; 132 struct hlist_node *node;
138 133
139 sk_for_each(sk, node, &udptable[num & (UDP_HTABLE_SIZE - 1)]) 134 sk_for_each(sk, node, &udptable[udp_hashfn(net, num)])
140 if (net_eq(sock_net(sk), net) && sk->sk_hash == num) 135 if (net_eq(sock_net(sk), net) && sk->sk_hash == num)
141 return 1; 136 return 1;
142 return 0; 137 return 0;
@@ -176,7 +171,7 @@ int udp_lib_get_port(struct sock *sk, unsigned short snum,
176 for (i = 0; i < UDP_HTABLE_SIZE; i++) { 171 for (i = 0; i < UDP_HTABLE_SIZE; i++) {
177 int size = 0; 172 int size = 0;
178 173
179 head = &udptable[rover & (UDP_HTABLE_SIZE - 1)]; 174 head = &udptable[udp_hashfn(net, rover)];
180 if (hlist_empty(head)) 175 if (hlist_empty(head))
181 goto gotit; 176 goto gotit;
182 177
@@ -213,7 +208,7 @@ int udp_lib_get_port(struct sock *sk, unsigned short snum,
213gotit: 208gotit:
214 snum = rover; 209 snum = rover;
215 } else { 210 } else {
216 head = &udptable[snum & (UDP_HTABLE_SIZE - 1)]; 211 head = &udptable[udp_hashfn(net, snum)];
217 212
218 sk_for_each(sk2, node, head) 213 sk_for_each(sk2, node, head)
219 if (sk2->sk_hash == snum && 214 if (sk2->sk_hash == snum &&
@@ -229,7 +224,7 @@ gotit:
229 inet_sk(sk)->num = snum; 224 inet_sk(sk)->num = snum;
230 sk->sk_hash = snum; 225 sk->sk_hash = snum;
231 if (sk_unhashed(sk)) { 226 if (sk_unhashed(sk)) {
232 head = &udptable[snum & (UDP_HTABLE_SIZE - 1)]; 227 head = &udptable[udp_hashfn(net, snum)];
233 sk_add_node(sk, head); 228 sk_add_node(sk, head);
234 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 229 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
235 } 230 }
@@ -266,7 +261,7 @@ static struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
266 int badness = -1; 261 int badness = -1;
267 262
268 read_lock(&udp_hash_lock); 263 read_lock(&udp_hash_lock);
269 sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) { 264 sk_for_each(sk, node, &udptable[udp_hashfn(net, hnum)]) {
270 struct inet_sock *inet = inet_sk(sk); 265 struct inet_sock *inet = inet_sk(sk);
271 266
272 if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum && 267 if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum &&
@@ -356,11 +351,12 @@ void __udp4_lib_err(struct sk_buff *skb, u32 info, struct hlist_head udptable[])
356 struct sock *sk; 351 struct sock *sk;
357 int harderr; 352 int harderr;
358 int err; 353 int err;
354 struct net *net = dev_net(skb->dev);
359 355
360 sk = __udp4_lib_lookup(dev_net(skb->dev), iph->daddr, uh->dest, 356 sk = __udp4_lib_lookup(net, iph->daddr, uh->dest,
361 iph->saddr, uh->source, skb->dev->ifindex, udptable); 357 iph->saddr, uh->source, skb->dev->ifindex, udptable);
362 if (sk == NULL) { 358 if (sk == NULL) {
363 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 359 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
364 return; /* No socket for error */ 360 return; /* No socket for error */
365 } 361 }
366 362
@@ -420,7 +416,7 @@ void udp_err(struct sk_buff *skb, u32 info)
420/* 416/*
421 * Throw away all pending data and cancel the corking. Socket is locked. 417 * Throw away all pending data and cancel the corking. Socket is locked.
422 */ 418 */
423static void udp_flush_pending_frames(struct sock *sk) 419void udp_flush_pending_frames(struct sock *sk)
424{ 420{
425 struct udp_sock *up = udp_sk(sk); 421 struct udp_sock *up = udp_sk(sk);
426 422
@@ -430,6 +426,7 @@ static void udp_flush_pending_frames(struct sock *sk)
430 ip_flush_pending_frames(sk); 426 ip_flush_pending_frames(sk);
431 } 427 }
432} 428}
429EXPORT_SYMBOL(udp_flush_pending_frames);
433 430
434/** 431/**
435 * udp4_hwcsum_outgoing - handle outgoing HW checksumming 432 * udp4_hwcsum_outgoing - handle outgoing HW checksumming
@@ -527,7 +524,8 @@ out:
527 up->len = 0; 524 up->len = 0;
528 up->pending = 0; 525 up->pending = 0;
529 if (!err) 526 if (!err)
530 UDP_INC_STATS_USER(UDP_MIB_OUTDATAGRAMS, is_udplite); 527 UDP_INC_STATS_USER(sock_net(sk),
528 UDP_MIB_OUTDATAGRAMS, is_udplite);
531 return err; 529 return err;
532} 530}
533 531
@@ -655,11 +653,13 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
655 .uli_u = { .ports = 653 .uli_u = { .ports =
656 { .sport = inet->sport, 654 { .sport = inet->sport,
657 .dport = dport } } }; 655 .dport = dport } } };
656 struct net *net = sock_net(sk);
657
658 security_sk_classify_flow(sk, &fl); 658 security_sk_classify_flow(sk, &fl);
659 err = ip_route_output_flow(sock_net(sk), &rt, &fl, sk, 1); 659 err = ip_route_output_flow(net, &rt, &fl, sk, 1);
660 if (err) { 660 if (err) {
661 if (err == -ENETUNREACH) 661 if (err == -ENETUNREACH)
662 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 662 IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
663 goto out; 663 goto out;
664 } 664 }
665 665
@@ -726,7 +726,8 @@ out:
726 * seems like overkill. 726 * seems like overkill.
727 */ 727 */
728 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 728 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
729 UDP_INC_STATS_USER(UDP_MIB_SNDBUFERRORS, is_udplite); 729 UDP_INC_STATS_USER(sock_net(sk),
730 UDP_MIB_SNDBUFERRORS, is_udplite);
730 } 731 }
731 return err; 732 return err;
732 733
@@ -889,7 +890,8 @@ try_again:
889 goto out_free; 890 goto out_free;
890 891
891 if (!peeked) 892 if (!peeked)
892 UDP_INC_STATS_USER(UDP_MIB_INDATAGRAMS, is_udplite); 893 UDP_INC_STATS_USER(sock_net(sk),
894 UDP_MIB_INDATAGRAMS, is_udplite);
893 895
894 sock_recv_timestamp(msg, sk, skb); 896 sock_recv_timestamp(msg, sk, skb);
895 897
@@ -918,7 +920,7 @@ out:
918csum_copy_err: 920csum_copy_err:
919 lock_sock(sk); 921 lock_sock(sk);
920 if (!skb_kill_datagram(sk, skb, flags)) 922 if (!skb_kill_datagram(sk, skb, flags))
921 UDP_INC_STATS_USER(UDP_MIB_INERRORS, is_udplite); 923 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
922 release_sock(sk); 924 release_sock(sk);
923 925
924 if (noblock) 926 if (noblock)
@@ -987,9 +989,12 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
987 up->encap_rcv != NULL) { 989 up->encap_rcv != NULL) {
988 int ret; 990 int ret;
989 991
992 bh_unlock_sock(sk);
990 ret = (*up->encap_rcv)(sk, skb); 993 ret = (*up->encap_rcv)(sk, skb);
994 bh_lock_sock(sk);
991 if (ret <= 0) { 995 if (ret <= 0) {
992 UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, 996 UDP_INC_STATS_BH(sock_net(sk),
997 UDP_MIB_INDATAGRAMS,
993 is_udplite); 998 is_udplite);
994 return -ret; 999 return -ret;
995 } 1000 }
@@ -1041,15 +1046,18 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
1041 1046
1042 if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) { 1047 if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) {
1043 /* Note that an ENOMEM error is charged twice */ 1048 /* Note that an ENOMEM error is charged twice */
1044 if (rc == -ENOMEM) 1049 if (rc == -ENOMEM) {
1045 UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS, is_udplite); 1050 UDP_INC_STATS_BH(sock_net(sk),
1051 UDP_MIB_RCVBUFERRORS, is_udplite);
1052 atomic_inc(&sk->sk_drops);
1053 }
1046 goto drop; 1054 goto drop;
1047 } 1055 }
1048 1056
1049 return 0; 1057 return 0;
1050 1058
1051drop: 1059drop:
1052 UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite); 1060 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
1053 kfree_skb(skb); 1061 kfree_skb(skb);
1054 return -1; 1062 return -1;
1055} 1063}
@@ -1060,7 +1068,7 @@ drop:
1060 * Note: called only from the BH handler context, 1068 * Note: called only from the BH handler context,
1061 * so we don't need to lock the hashes. 1069 * so we don't need to lock the hashes.
1062 */ 1070 */
1063static int __udp4_lib_mcast_deliver(struct sk_buff *skb, 1071static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
1064 struct udphdr *uh, 1072 struct udphdr *uh,
1065 __be32 saddr, __be32 daddr, 1073 __be32 saddr, __be32 daddr,
1066 struct hlist_head udptable[]) 1074 struct hlist_head udptable[])
@@ -1069,7 +1077,7 @@ static int __udp4_lib_mcast_deliver(struct sk_buff *skb,
1069 int dif; 1077 int dif;
1070 1078
1071 read_lock(&udp_hash_lock); 1079 read_lock(&udp_hash_lock);
1072 sk = sk_head(&udptable[ntohs(uh->dest) & (UDP_HTABLE_SIZE - 1)]); 1080 sk = sk_head(&udptable[udp_hashfn(net, ntohs(uh->dest))]);
1073 dif = skb->dev->ifindex; 1081 dif = skb->dev->ifindex;
1074 sk = udp_v4_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif); 1082 sk = udp_v4_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif);
1075 if (sk) { 1083 if (sk) {
@@ -1086,7 +1094,7 @@ static int __udp4_lib_mcast_deliver(struct sk_buff *skb,
1086 if (skb1) { 1094 if (skb1) {
1087 int ret = 0; 1095 int ret = 0;
1088 1096
1089 bh_lock_sock_nested(sk); 1097 bh_lock_sock(sk);
1090 if (!sock_owned_by_user(sk)) 1098 if (!sock_owned_by_user(sk))
1091 ret = udp_queue_rcv_skb(sk, skb1); 1099 ret = udp_queue_rcv_skb(sk, skb1);
1092 else 1100 else
@@ -1157,6 +1165,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1157 struct rtable *rt = (struct rtable*)skb->dst; 1165 struct rtable *rt = (struct rtable*)skb->dst;
1158 __be32 saddr = ip_hdr(skb)->saddr; 1166 __be32 saddr = ip_hdr(skb)->saddr;
1159 __be32 daddr = ip_hdr(skb)->daddr; 1167 __be32 daddr = ip_hdr(skb)->daddr;
1168 struct net *net = dev_net(skb->dev);
1160 1169
1161 /* 1170 /*
1162 * Validate the packet. 1171 * Validate the packet.
@@ -1179,14 +1188,15 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1179 goto csum_error; 1188 goto csum_error;
1180 1189
1181 if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) 1190 if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST))
1182 return __udp4_lib_mcast_deliver(skb, uh, saddr, daddr, udptable); 1191 return __udp4_lib_mcast_deliver(net, skb, uh,
1192 saddr, daddr, udptable);
1183 1193
1184 sk = __udp4_lib_lookup(dev_net(skb->dev), saddr, uh->source, daddr, 1194 sk = __udp4_lib_lookup(net, saddr, uh->source, daddr,
1185 uh->dest, inet_iif(skb), udptable); 1195 uh->dest, inet_iif(skb), udptable);
1186 1196
1187 if (sk != NULL) { 1197 if (sk != NULL) {
1188 int ret = 0; 1198 int ret = 0;
1189 bh_lock_sock_nested(sk); 1199 bh_lock_sock(sk);
1190 if (!sock_owned_by_user(sk)) 1200 if (!sock_owned_by_user(sk))
1191 ret = udp_queue_rcv_skb(sk, skb); 1201 ret = udp_queue_rcv_skb(sk, skb);
1192 else 1202 else
@@ -1210,7 +1220,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1210 if (udp_lib_checksum_complete(skb)) 1220 if (udp_lib_checksum_complete(skb))
1211 goto csum_error; 1221 goto csum_error;
1212 1222
1213 UDP_INC_STATS_BH(UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); 1223 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
1214 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1224 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
1215 1225
1216 /* 1226 /*
@@ -1244,7 +1254,7 @@ csum_error:
1244 ntohs(uh->dest), 1254 ntohs(uh->dest),
1245 ulen); 1255 ulen);
1246drop: 1256drop:
1247 UDP_INC_STATS_BH(UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); 1257 UDP_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE);
1248 kfree_skb(skb); 1258 kfree_skb(skb);
1249 return 0; 1259 return 0;
1250} 1260}
@@ -1254,12 +1264,11 @@ int udp_rcv(struct sk_buff *skb)
1254 return __udp4_lib_rcv(skb, udp_hash, IPPROTO_UDP); 1264 return __udp4_lib_rcv(skb, udp_hash, IPPROTO_UDP);
1255} 1265}
1256 1266
1257int udp_destroy_sock(struct sock *sk) 1267void udp_destroy_sock(struct sock *sk)
1258{ 1268{
1259 lock_sock(sk); 1269 lock_sock(sk);
1260 udp_flush_pending_frames(sk); 1270 udp_flush_pending_frames(sk);
1261 release_sock(sk); 1271 release_sock(sk);
1262 return 0;
1263} 1272}
1264 1273
1265/* 1274/*
@@ -1318,6 +1327,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
1318 return -ENOPROTOOPT; 1327 return -ENOPROTOOPT;
1319 if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ 1328 if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
1320 val = 8; 1329 val = 8;
1330 else if (val > USHORT_MAX)
1331 val = USHORT_MAX;
1321 up->pcslen = val; 1332 up->pcslen = val;
1322 up->pcflag |= UDPLITE_SEND_CC; 1333 up->pcflag |= UDPLITE_SEND_CC;
1323 break; 1334 break;
@@ -1330,6 +1341,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
1330 return -ENOPROTOOPT; 1341 return -ENOPROTOOPT;
1331 if (val != 0 && val < 8) /* Avoid silly minimal values. */ 1342 if (val != 0 && val < 8) /* Avoid silly minimal values. */
1332 val = 8; 1343 val = 8;
1344 else if (val > USHORT_MAX)
1345 val = USHORT_MAX;
1333 up->pcrlen = val; 1346 up->pcrlen = val;
1334 up->pcflag |= UDPLITE_RECV_CC; 1347 up->pcflag |= UDPLITE_RECV_CC;
1335 break; 1348 break;
@@ -1452,7 +1465,8 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
1452 spin_lock_bh(&rcvq->lock); 1465 spin_lock_bh(&rcvq->lock);
1453 while ((skb = skb_peek(rcvq)) != NULL && 1466 while ((skb = skb_peek(rcvq)) != NULL &&
1454 udp_lib_checksum_complete(skb)) { 1467 udp_lib_checksum_complete(skb)) {
1455 UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_lite); 1468 UDP_INC_STATS_BH(sock_net(sk),
1469 UDP_MIB_INERRORS, is_lite);
1456 __skb_unlink(skb, rcvq); 1470 __skb_unlink(skb, rcvq);
1457 kfree_skb(skb); 1471 kfree_skb(skb);
1458 } 1472 }
@@ -1628,12 +1642,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
1628 __u16 srcp = ntohs(inet->sport); 1642 __u16 srcp = ntohs(inet->sport);
1629 1643
1630 seq_printf(f, "%4d: %08X:%04X %08X:%04X" 1644 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
1631 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p%n", 1645 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d%n",
1632 bucket, src, srcp, dest, destp, sp->sk_state, 1646 bucket, src, srcp, dest, destp, sp->sk_state,
1633 atomic_read(&sp->sk_wmem_alloc), 1647 atomic_read(&sp->sk_wmem_alloc),
1634 atomic_read(&sp->sk_rmem_alloc), 1648 atomic_read(&sp->sk_rmem_alloc),
1635 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), 1649 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
1636 atomic_read(&sp->sk_refcnt), sp, len); 1650 atomic_read(&sp->sk_refcnt), sp,
1651 atomic_read(&sp->sk_drops), len);
1637} 1652}
1638 1653
1639int udp4_seq_show(struct seq_file *seq, void *v) 1654int udp4_seq_show(struct seq_file *seq, void *v)
@@ -1642,7 +1657,7 @@ int udp4_seq_show(struct seq_file *seq, void *v)
1642 seq_printf(seq, "%-127s\n", 1657 seq_printf(seq, "%-127s\n",
1643 " sl local_address rem_address st tx_queue " 1658 " sl local_address rem_address st tx_queue "
1644 "rx_queue tr tm->when retrnsmt uid timeout " 1659 "rx_queue tr tm->when retrnsmt uid timeout "
1645 "inode"); 1660 "inode ref pointer drops");
1646 else { 1661 else {
1647 struct udp_iter_state *state = seq->private; 1662 struct udp_iter_state *state = seq->private;
1648 int len; 1663 int len;
diff --git a/net/ipv4/udp_impl.h b/net/ipv4/udp_impl.h
index 7288bf7977fb..2e9bad2fa1bc 100644
--- a/net/ipv4/udp_impl.h
+++ b/net/ipv4/udp_impl.h
@@ -26,7 +26,7 @@ extern int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
26extern int udp_sendpage(struct sock *sk, struct page *page, int offset, 26extern int udp_sendpage(struct sock *sk, struct page *page, int offset,
27 size_t size, int flags); 27 size_t size, int flags);
28extern int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb); 28extern int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb);
29extern int udp_destroy_sock(struct sock *sk); 29extern void udp_destroy_sock(struct sock *sk);
30 30
31#ifdef CONFIG_PROC_FS 31#ifdef CONFIG_PROC_FS
32extern int udp4_seq_show(struct seq_file *seq, void *v); 32extern int udp4_seq_show(struct seq_file *seq, void *v);
diff --git a/net/ipv4/udplite.c b/net/ipv4/udplite.c
index 72ce26b6c4d3..3c807964da96 100644
--- a/net/ipv4/udplite.c
+++ b/net/ipv4/udplite.c
@@ -1,8 +1,6 @@
1/* 1/*
2 * UDPLITE An implementation of the UDP-Lite protocol (RFC 3828). 2 * UDPLITE An implementation of the UDP-Lite protocol (RFC 3828).
3 * 3 *
4 * Version: $Id: udplite.c,v 1.25 2006/10/19 07:22:36 gerrit Exp $
5 *
6 * Authors: Gerrit Renker <gerrit@erg.abdn.ac.uk> 4 * Authors: Gerrit Renker <gerrit@erg.abdn.ac.uk>
7 * 5 *
8 * Changes: 6 * Changes:
@@ -13,7 +11,6 @@
13 * 2 of the License, or (at your option) any later version. 11 * 2 of the License, or (at your option) any later version.
14 */ 12 */
15#include "udp_impl.h" 13#include "udp_impl.h"
16DEFINE_SNMP_STAT(struct udp_mib, udplite_statistics) __read_mostly;
17 14
18struct hlist_head udplite_hash[UDP_HTABLE_SIZE]; 15struct hlist_head udplite_hash[UDP_HTABLE_SIZE];
19 16
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
index 9c798abce736..63418185f524 100644
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@@ -47,8 +47,10 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
47 if (unlikely(optlen)) 47 if (unlikely(optlen))
48 hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4); 48 hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
49 49
50 skb_set_network_header(skb, IPV4_BEET_PHMAXLEN - x->props.header_len - 50 skb_set_network_header(skb, -x->props.header_len -
51 hdrlen); 51 hdrlen + (XFRM_MODE_SKB_CB(skb)->ihl - sizeof(*top_iph)));
52 if (x->sel.family != AF_INET6)
53 skb->network_header += IPV4_BEET_PHMAXLEN;
52 skb->mac_header = skb->network_header + 54 skb->mac_header = skb->network_header +
53 offsetof(struct iphdr, protocol); 55 offsetof(struct iphdr, protocol);
54 skb->transport_header = skb->network_header + sizeof(*top_iph); 56 skb->transport_header = skb->network_header + sizeof(*top_iph);
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 584e6d74e3a9..7135279f3f84 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -52,7 +52,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
52 IP_ECN_clear(top_iph); 52 IP_ECN_clear(top_iph);
53 53
54 top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? 54 top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
55 0 : XFRM_MODE_SKB_CB(skb)->frag_off; 55 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
56 ip_select_ident(top_iph, dst->child, NULL); 56 ip_select_ident(top_iph, dst->child, NULL);
57 57
58 top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); 58 top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 42814a2ec9d7..ec992159b5f8 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -96,10 +96,8 @@ config INET6_ESP
96 96
97config INET6_IPCOMP 97config INET6_IPCOMP
98 tristate "IPv6: IPComp transformation" 98 tristate "IPv6: IPComp transformation"
99 select XFRM
100 select INET6_XFRM_TUNNEL 99 select INET6_XFRM_TUNNEL
101 select CRYPTO 100 select XFRM_IPCOMP
102 select CRYPTO_DEFLATE
103 ---help--- 101 ---help---
104 Support for IP Payload Compression Protocol (IPComp) (RFC3173), 102 Support for IP Payload Compression Protocol (IPComp) (RFC3173),
105 typically needed for IPsec. 103 typically needed for IPsec.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 3a835578fd1c..7b6a584b62dd 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -6,8 +6,6 @@
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 * 8 *
9 * $Id: addrconf.c,v 1.69 2001/10/31 21:55:54 davem Exp $
10 *
11 * This program is free software; you can redistribute it and/or 9 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License 10 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 11 * as published by the Free Software Foundation; either version
@@ -121,6 +119,7 @@ static void ipv6_regen_rndid(unsigned long data);
121static int desync_factor = MAX_DESYNC_FACTOR * HZ; 119static int desync_factor = MAX_DESYNC_FACTOR * HZ;
122#endif 120#endif
123 121
122static int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
124static int ipv6_count_addresses(struct inet6_dev *idev); 123static int ipv6_count_addresses(struct inet6_dev *idev);
125 124
126/* 125/*
@@ -154,7 +153,7 @@ static int ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
154 153
155static ATOMIC_NOTIFIER_HEAD(inet6addr_chain); 154static ATOMIC_NOTIFIER_HEAD(inet6addr_chain);
156 155
157struct ipv6_devconf ipv6_devconf __read_mostly = { 156static struct ipv6_devconf ipv6_devconf __read_mostly = {
158 .forwarding = 0, 157 .forwarding = 0,
159 .hop_limit = IPV6_DEFAULT_HOPLIMIT, 158 .hop_limit = IPV6_DEFAULT_HOPLIMIT,
160 .mtu6 = IPV6_MIN_MTU, 159 .mtu6 = IPV6_MIN_MTU,
@@ -185,6 +184,8 @@ struct ipv6_devconf ipv6_devconf __read_mostly = {
185#endif 184#endif
186 .proxy_ndp = 0, 185 .proxy_ndp = 0,
187 .accept_source_route = 0, /* we do not accept RH0 by default. */ 186 .accept_source_route = 0, /* we do not accept RH0 by default. */
187 .disable_ipv6 = 0,
188 .accept_dad = 1,
188}; 189};
189 190
190static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { 191static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
@@ -217,6 +218,8 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
217#endif 218#endif
218 .proxy_ndp = 0, 219 .proxy_ndp = 0,
219 .accept_source_route = 0, /* we do not accept RH0 by default. */ 220 .accept_source_route = 0, /* we do not accept RH0 by default. */
221 .disable_ipv6 = 0,
222 .accept_dad = 1,
220}; 223};
221 224
222/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */ 225/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
@@ -226,9 +229,15 @@ const struct in6_addr in6addr_linklocal_allnodes = IN6ADDR_LINKLOCAL_ALLNODES_IN
226const struct in6_addr in6addr_linklocal_allrouters = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 229const struct in6_addr in6addr_linklocal_allrouters = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
227 230
228/* Check if a valid qdisc is available */ 231/* Check if a valid qdisc is available */
229static inline int addrconf_qdisc_ok(struct net_device *dev) 232static inline bool addrconf_qdisc_ok(const struct net_device *dev)
230{ 233{
231 return (dev->qdisc != &noop_qdisc); 234 return !qdisc_tx_is_noop(dev);
235}
236
237/* Check if a route is valid prefix route */
238static inline int addrconf_is_prefix_route(const struct rt6_info *rt)
239{
240 return ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0);
232} 241}
233 242
234static void addrconf_del_timer(struct inet6_ifaddr *ifp) 243static void addrconf_del_timer(struct inet6_ifaddr *ifp)
@@ -304,8 +313,10 @@ static void in6_dev_finish_destroy_rcu(struct rcu_head *head)
304void in6_dev_finish_destroy(struct inet6_dev *idev) 313void in6_dev_finish_destroy(struct inet6_dev *idev)
305{ 314{
306 struct net_device *dev = idev->dev; 315 struct net_device *dev = idev->dev;
307 BUG_TRAP(idev->addr_list==NULL); 316
308 BUG_TRAP(idev->mc_list==NULL); 317 WARN_ON(idev->addr_list != NULL);
318 WARN_ON(idev->mc_list != NULL);
319
309#ifdef NET_REFCNT_DEBUG 320#ifdef NET_REFCNT_DEBUG
310 printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL"); 321 printk(KERN_DEBUG "in6_dev_finish_destroy: %s\n", dev ? dev->name : "NIL");
311#endif 322#endif
@@ -344,6 +355,8 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
344 kfree(ndev); 355 kfree(ndev);
345 return NULL; 356 return NULL;
346 } 357 }
358 if (ndev->cnf.forwarding)
359 dev_disable_lro(dev);
347 /* We refer to the device */ 360 /* We refer to the device */
348 dev_hold(dev); 361 dev_hold(dev);
349 362
@@ -372,6 +385,9 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
372 */ 385 */
373 in6_dev_hold(ndev); 386 in6_dev_hold(ndev);
374 387
388 if (dev->flags & (IFF_NOARP | IFF_LOOPBACK))
389 ndev->cnf.accept_dad = -1;
390
375#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE) 391#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
376 if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) { 392 if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) {
377 printk(KERN_INFO 393 printk(KERN_INFO
@@ -438,6 +454,8 @@ static void dev_forward_change(struct inet6_dev *idev)
438 if (!idev) 454 if (!idev)
439 return; 455 return;
440 dev = idev->dev; 456 dev = idev->dev;
457 if (idev->cnf.forwarding)
458 dev_disable_lro(dev);
441 if (dev && (dev->flags & IFF_MULTICAST)) { 459 if (dev && (dev->flags & IFF_MULTICAST)) {
442 if (idev->cnf.forwarding) 460 if (idev->cnf.forwarding)
443 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allrouters); 461 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allrouters);
@@ -483,12 +501,14 @@ static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
483 if (p == &net->ipv6.devconf_dflt->forwarding) 501 if (p == &net->ipv6.devconf_dflt->forwarding)
484 return; 502 return;
485 503
504 rtnl_lock();
486 if (p == &net->ipv6.devconf_all->forwarding) { 505 if (p == &net->ipv6.devconf_all->forwarding) {
487 __s32 newf = net->ipv6.devconf_all->forwarding; 506 __s32 newf = net->ipv6.devconf_all->forwarding;
488 net->ipv6.devconf_dflt->forwarding = newf; 507 net->ipv6.devconf_dflt->forwarding = newf;
489 addrconf_forward_change(net, newf); 508 addrconf_forward_change(net, newf);
490 } else if ((!*p) ^ (!old)) 509 } else if ((!*p) ^ (!old))
491 dev_forward_change((struct inet6_dev *)table->extra1); 510 dev_forward_change((struct inet6_dev *)table->extra1);
511 rtnl_unlock();
492 512
493 if (*p) 513 if (*p)
494 rt6_purge_dflt_routers(net); 514 rt6_purge_dflt_routers(net);
@@ -499,8 +519,9 @@ static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
499 519
500void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp) 520void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp)
501{ 521{
502 BUG_TRAP(ifp->if_next==NULL); 522 WARN_ON(ifp->if_next != NULL);
503 BUG_TRAP(ifp->lst_next==NULL); 523 WARN_ON(ifp->lst_next != NULL);
524
504#ifdef NET_REFCNT_DEBUG 525#ifdef NET_REFCNT_DEBUG
505 printk(KERN_DEBUG "inet6_ifa_finish_destroy\n"); 526 printk(KERN_DEBUG "inet6_ifa_finish_destroy\n");
506#endif 527#endif
@@ -568,6 +589,13 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
568 struct rt6_info *rt; 589 struct rt6_info *rt;
569 int hash; 590 int hash;
570 int err = 0; 591 int err = 0;
592 int addr_type = ipv6_addr_type(addr);
593
594 if (addr_type == IPV6_ADDR_ANY ||
595 addr_type & IPV6_ADDR_MULTICAST ||
596 (!(idev->dev->flags & IFF_LOOPBACK) &&
597 addr_type & IPV6_ADDR_LOOPBACK))
598 return ERR_PTR(-EADDRNOTAVAIL);
571 599
572 rcu_read_lock_bh(); 600 rcu_read_lock_bh();
573 if (idev->dead) { 601 if (idev->dead) {
@@ -731,8 +759,13 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp)
731 onlink = -1; 759 onlink = -1;
732 760
733 spin_lock(&ifa->lock); 761 spin_lock(&ifa->lock);
734 lifetime = min_t(unsigned long, 762
735 ifa->valid_lft, 0x7fffffffUL/HZ); 763 lifetime = addrconf_timeout_fixup(ifa->valid_lft, HZ);
764 /*
765 * Note: Because this address is
766 * not permanent, lifetime <
767 * LONG_MAX / HZ here.
768 */
736 if (time_before(expires, 769 if (time_before(expires,
737 ifa->tstamp + lifetime * HZ)) 770 ifa->tstamp + lifetime * HZ))
738 expires = ifa->tstamp + lifetime * HZ; 771 expires = ifa->tstamp + lifetime * HZ;
@@ -744,12 +777,12 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp)
744 } 777 }
745 write_unlock_bh(&idev->lock); 778 write_unlock_bh(&idev->lock);
746 779
780 addrconf_del_timer(ifp);
781
747 ipv6_ifa_notify(RTM_DELADDR, ifp); 782 ipv6_ifa_notify(RTM_DELADDR, ifp);
748 783
749 atomic_notifier_call_chain(&inet6addr_chain, NETDEV_DOWN, ifp); 784 atomic_notifier_call_chain(&inet6addr_chain, NETDEV_DOWN, ifp);
750 785
751 addrconf_del_timer(ifp);
752
753 /* 786 /*
754 * Purge or update corresponding prefix 787 * Purge or update corresponding prefix
755 * 788 *
@@ -772,7 +805,7 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp)
772 ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len); 805 ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len);
773 rt = rt6_lookup(net, &prefix, NULL, ifp->idev->dev->ifindex, 1); 806 rt = rt6_lookup(net, &prefix, NULL, ifp->idev->dev->ifindex, 1);
774 807
775 if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) { 808 if (rt && addrconf_is_prefix_route(rt)) {
776 if (onlink == 0) { 809 if (onlink == 0) {
777 ip6_del_rt(rt); 810 ip6_del_rt(rt);
778 rt = NULL; 811 rt = NULL;
@@ -953,7 +986,8 @@ static inline int ipv6_saddr_preferred(int type)
953 return 0; 986 return 0;
954} 987}
955 988
956static int ipv6_get_saddr_eval(struct ipv6_saddr_score *score, 989static int ipv6_get_saddr_eval(struct net *net,
990 struct ipv6_saddr_score *score,
957 struct ipv6_saddr_dst *dst, 991 struct ipv6_saddr_dst *dst,
958 int i) 992 int i)
959{ 993{
@@ -1032,7 +1066,8 @@ static int ipv6_get_saddr_eval(struct ipv6_saddr_score *score,
1032 break; 1066 break;
1033 case IPV6_SADDR_RULE_LABEL: 1067 case IPV6_SADDR_RULE_LABEL:
1034 /* Rule 6: Prefer matching label */ 1068 /* Rule 6: Prefer matching label */
1035 ret = ipv6_addr_label(&score->ifa->addr, score->addr_type, 1069 ret = ipv6_addr_label(net,
1070 &score->ifa->addr, score->addr_type,
1036 score->ifa->idev->dev->ifindex) == dst->label; 1071 score->ifa->idev->dev->ifindex) == dst->label;
1037 break; 1072 break;
1038#ifdef CONFIG_IPV6_PRIVACY 1073#ifdef CONFIG_IPV6_PRIVACY
@@ -1071,13 +1106,12 @@ out:
1071 return ret; 1106 return ret;
1072} 1107}
1073 1108
1074int ipv6_dev_get_saddr(struct net_device *dst_dev, 1109int ipv6_dev_get_saddr(struct net *net, struct net_device *dst_dev,
1075 const struct in6_addr *daddr, unsigned int prefs, 1110 const struct in6_addr *daddr, unsigned int prefs,
1076 struct in6_addr *saddr) 1111 struct in6_addr *saddr)
1077{ 1112{
1078 struct ipv6_saddr_score scores[2], 1113 struct ipv6_saddr_score scores[2],
1079 *score = &scores[0], *hiscore = &scores[1]; 1114 *score = &scores[0], *hiscore = &scores[1];
1080 struct net *net = dev_net(dst_dev);
1081 struct ipv6_saddr_dst dst; 1115 struct ipv6_saddr_dst dst;
1082 struct net_device *dev; 1116 struct net_device *dev;
1083 int dst_type; 1117 int dst_type;
@@ -1086,7 +1120,7 @@ int ipv6_dev_get_saddr(struct net_device *dst_dev,
1086 dst.addr = daddr; 1120 dst.addr = daddr;
1087 dst.ifindex = dst_dev ? dst_dev->ifindex : 0; 1121 dst.ifindex = dst_dev ? dst_dev->ifindex : 0;
1088 dst.scope = __ipv6_addr_src_scope(dst_type); 1122 dst.scope = __ipv6_addr_src_scope(dst_type);
1089 dst.label = ipv6_addr_label(daddr, dst_type, dst.ifindex); 1123 dst.label = ipv6_addr_label(net, daddr, dst_type, dst.ifindex);
1090 dst.prefs = prefs; 1124 dst.prefs = prefs;
1091 1125
1092 hiscore->rule = -1; 1126 hiscore->rule = -1;
@@ -1154,8 +1188,8 @@ int ipv6_dev_get_saddr(struct net_device *dst_dev,
1154 for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) { 1188 for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) {
1155 int minihiscore, miniscore; 1189 int minihiscore, miniscore;
1156 1190
1157 minihiscore = ipv6_get_saddr_eval(hiscore, &dst, i); 1191 minihiscore = ipv6_get_saddr_eval(net, hiscore, &dst, i);
1158 miniscore = ipv6_get_saddr_eval(score, &dst, i); 1192 miniscore = ipv6_get_saddr_eval(net, score, &dst, i);
1159 1193
1160 if (minihiscore > miniscore) { 1194 if (minihiscore > miniscore) {
1161 if (i == IPV6_SADDR_RULE_SCOPE && 1195 if (i == IPV6_SADDR_RULE_SCOPE &&
@@ -1395,6 +1429,20 @@ static void addrconf_dad_stop(struct inet6_ifaddr *ifp)
1395 1429
1396void addrconf_dad_failure(struct inet6_ifaddr *ifp) 1430void addrconf_dad_failure(struct inet6_ifaddr *ifp)
1397{ 1431{
1432 struct inet6_dev *idev = ifp->idev;
1433 if (idev->cnf.accept_dad > 1 && !idev->cnf.disable_ipv6) {
1434 struct in6_addr addr;
1435
1436 addr.s6_addr32[0] = htonl(0xfe800000);
1437 addr.s6_addr32[1] = 0;
1438
1439 if (!ipv6_generate_eui64(addr.s6_addr + 8, idev->dev) &&
1440 ipv6_addr_equal(&ifp->addr, &addr)) {
1441 /* DAD failed for link-local based on MAC address */
1442 idev->cnf.disable_ipv6 = 1;
1443 }
1444 }
1445
1398 if (net_ratelimit()) 1446 if (net_ratelimit())
1399 printk(KERN_INFO "%s: duplicate address detected!\n", ifp->idev->dev->name); 1447 printk(KERN_INFO "%s: duplicate address detected!\n", ifp->idev->dev->name);
1400 addrconf_dad_stop(ifp); 1448 addrconf_dad_stop(ifp);
@@ -1640,6 +1688,7 @@ addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
1640 .fc_dst_len = plen, 1688 .fc_dst_len = plen,
1641 .fc_flags = RTF_UP | flags, 1689 .fc_flags = RTF_UP | flags,
1642 .fc_nlinfo.nl_net = dev_net(dev), 1690 .fc_nlinfo.nl_net = dev_net(dev),
1691 .fc_protocol = RTPROT_KERNEL,
1643 }; 1692 };
1644 1693
1645 ipv6_addr_copy(&cfg.fc_dst, pfx); 1694 ipv6_addr_copy(&cfg.fc_dst, pfx);
@@ -1722,7 +1771,6 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1722 __u32 valid_lft; 1771 __u32 valid_lft;
1723 __u32 prefered_lft; 1772 __u32 prefered_lft;
1724 int addr_type; 1773 int addr_type;
1725 unsigned long rt_expires;
1726 struct inet6_dev *in6_dev; 1774 struct inet6_dev *in6_dev;
1727 1775
1728 pinfo = (struct prefix_info *) opt; 1776 pinfo = (struct prefix_info *) opt;
@@ -1764,37 +1812,32 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1764 * 2) Configure prefixes with the auto flag set 1812 * 2) Configure prefixes with the auto flag set
1765 */ 1813 */
1766 1814
1767 if (valid_lft == INFINITY_LIFE_TIME) 1815 if (pinfo->onlink) {
1768 rt_expires = ~0UL; 1816 struct rt6_info *rt;
1769 else if (valid_lft >= 0x7FFFFFFF/HZ) { 1817 unsigned long rt_expires;
1818
1770 /* Avoid arithmetic overflow. Really, we could 1819 /* Avoid arithmetic overflow. Really, we could
1771 * save rt_expires in seconds, likely valid_lft, 1820 * save rt_expires in seconds, likely valid_lft,
1772 * but it would require division in fib gc, that it 1821 * but it would require division in fib gc, that it
1773 * not good. 1822 * not good.
1774 */ 1823 */
1775 rt_expires = 0x7FFFFFFF - (0x7FFFFFFF % HZ); 1824 if (HZ > USER_HZ)
1776 } else 1825 rt_expires = addrconf_timeout_fixup(valid_lft, HZ);
1777 rt_expires = valid_lft * HZ; 1826 else
1827 rt_expires = addrconf_timeout_fixup(valid_lft, USER_HZ);
1778 1828
1779 /* 1829 if (addrconf_finite_timeout(rt_expires))
1780 * We convert this (in jiffies) to clock_t later. 1830 rt_expires *= HZ;
1781 * Avoid arithmetic overflow there as well.
1782 * Overflow can happen only if HZ < USER_HZ.
1783 */
1784 if (HZ < USER_HZ && ~rt_expires && rt_expires > 0x7FFFFFFF / USER_HZ)
1785 rt_expires = 0x7FFFFFFF / USER_HZ;
1786 1831
1787 if (pinfo->onlink) {
1788 struct rt6_info *rt;
1789 rt = rt6_lookup(dev_net(dev), &pinfo->prefix, NULL, 1832 rt = rt6_lookup(dev_net(dev), &pinfo->prefix, NULL,
1790 dev->ifindex, 1); 1833 dev->ifindex, 1);
1791 1834
1792 if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) { 1835 if (rt && addrconf_is_prefix_route(rt)) {
1793 /* Autoconf prefix route */ 1836 /* Autoconf prefix route */
1794 if (valid_lft == 0) { 1837 if (valid_lft == 0) {
1795 ip6_del_rt(rt); 1838 ip6_del_rt(rt);
1796 rt = NULL; 1839 rt = NULL;
1797 } else if (~rt_expires) { 1840 } else if (addrconf_finite_timeout(rt_expires)) {
1798 /* not infinity */ 1841 /* not infinity */
1799 rt->rt6i_expires = jiffies + rt_expires; 1842 rt->rt6i_expires = jiffies + rt_expires;
1800 rt->rt6i_flags |= RTF_EXPIRES; 1843 rt->rt6i_flags |= RTF_EXPIRES;
@@ -1803,9 +1846,9 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1803 rt->rt6i_expires = 0; 1846 rt->rt6i_expires = 0;
1804 } 1847 }
1805 } else if (valid_lft) { 1848 } else if (valid_lft) {
1806 int flags = RTF_ADDRCONF | RTF_PREFIX_RT;
1807 clock_t expires = 0; 1849 clock_t expires = 0;
1808 if (~rt_expires) { 1850 int flags = RTF_ADDRCONF | RTF_PREFIX_RT;
1851 if (addrconf_finite_timeout(rt_expires)) {
1809 /* not infinity */ 1852 /* not infinity */
1810 flags |= RTF_EXPIRES; 1853 flags |= RTF_EXPIRES;
1811 expires = jiffies_to_clock_t(rt_expires); 1854 expires = jiffies_to_clock_t(rt_expires);
@@ -1823,6 +1866,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1823 struct inet6_ifaddr * ifp; 1866 struct inet6_ifaddr * ifp;
1824 struct in6_addr addr; 1867 struct in6_addr addr;
1825 int create = 0, update_lft = 0; 1868 int create = 0, update_lft = 0;
1869 struct net *net = dev_net(dev);
1826 1870
1827 if (pinfo->prefix_len == 64) { 1871 if (pinfo->prefix_len == 64) {
1828 memcpy(&addr, &pinfo->prefix, 8); 1872 memcpy(&addr, &pinfo->prefix, 8);
@@ -1841,7 +1885,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1841 1885
1842ok: 1886ok:
1843 1887
1844 ifp = ipv6_get_ifaddr(dev_net(dev), &addr, dev, 1); 1888 ifp = ipv6_get_ifaddr(net, &addr, dev, 1);
1845 1889
1846 if (ifp == NULL && valid_lft) { 1890 if (ifp == NULL && valid_lft) {
1847 int max_addresses = in6_dev->cnf.max_addresses; 1891 int max_addresses = in6_dev->cnf.max_addresses;
@@ -1849,7 +1893,7 @@ ok:
1849 1893
1850#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 1894#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1851 if (in6_dev->cnf.optimistic_dad && 1895 if (in6_dev->cnf.optimistic_dad &&
1852 !ipv6_devconf.forwarding) 1896 !net->ipv6.devconf_all->forwarding)
1853 addr_flags = IFA_F_OPTIMISTIC; 1897 addr_flags = IFA_F_OPTIMISTIC;
1854#endif 1898#endif
1855 1899
@@ -2027,7 +2071,7 @@ err_exit:
2027 * Manual configuration of address on an interface 2071 * Manual configuration of address on an interface
2028 */ 2072 */
2029static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx, 2073static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
2030 int plen, __u8 ifa_flags, __u32 prefered_lft, 2074 unsigned int plen, __u8 ifa_flags, __u32 prefered_lft,
2031 __u32 valid_lft) 2075 __u32 valid_lft)
2032{ 2076{
2033 struct inet6_ifaddr *ifp; 2077 struct inet6_ifaddr *ifp;
@@ -2036,9 +2080,13 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
2036 int scope; 2080 int scope;
2037 u32 flags; 2081 u32 flags;
2038 clock_t expires; 2082 clock_t expires;
2083 unsigned long timeout;
2039 2084
2040 ASSERT_RTNL(); 2085 ASSERT_RTNL();
2041 2086
2087 if (plen > 128)
2088 return -EINVAL;
2089
2042 /* check the lifetime */ 2090 /* check the lifetime */
2043 if (!valid_lft || prefered_lft > valid_lft) 2091 if (!valid_lft || prefered_lft > valid_lft)
2044 return -EINVAL; 2092 return -EINVAL;
@@ -2052,22 +2100,23 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
2052 2100
2053 scope = ipv6_addr_scope(pfx); 2101 scope = ipv6_addr_scope(pfx);
2054 2102
2055 if (valid_lft == INFINITY_LIFE_TIME) { 2103 timeout = addrconf_timeout_fixup(valid_lft, HZ);
2056 ifa_flags |= IFA_F_PERMANENT; 2104 if (addrconf_finite_timeout(timeout)) {
2057 flags = 0; 2105 expires = jiffies_to_clock_t(timeout * HZ);
2058 expires = 0; 2106 valid_lft = timeout;
2059 } else {
2060 if (valid_lft >= 0x7FFFFFFF/HZ)
2061 valid_lft = 0x7FFFFFFF/HZ;
2062 flags = RTF_EXPIRES; 2107 flags = RTF_EXPIRES;
2063 expires = jiffies_to_clock_t(valid_lft * HZ); 2108 } else {
2109 expires = 0;
2110 flags = 0;
2111 ifa_flags |= IFA_F_PERMANENT;
2064 } 2112 }
2065 2113
2066 if (prefered_lft == 0) 2114 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
2067 ifa_flags |= IFA_F_DEPRECATED; 2115 if (addrconf_finite_timeout(timeout)) {
2068 else if ((prefered_lft >= 0x7FFFFFFF/HZ) && 2116 if (timeout == 0)
2069 (prefered_lft != INFINITY_LIFE_TIME)) 2117 ifa_flags |= IFA_F_DEPRECATED;
2070 prefered_lft = 0x7FFFFFFF/HZ; 2118 prefered_lft = timeout;
2119 }
2071 2120
2072 ifp = ipv6_add_addr(idev, pfx, plen, scope, ifa_flags); 2121 ifp = ipv6_add_addr(idev, pfx, plen, scope, ifa_flags);
2073 2122
@@ -2095,12 +2144,15 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
2095} 2144}
2096 2145
2097static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, 2146static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx,
2098 int plen) 2147 unsigned int plen)
2099{ 2148{
2100 struct inet6_ifaddr *ifp; 2149 struct inet6_ifaddr *ifp;
2101 struct inet6_dev *idev; 2150 struct inet6_dev *idev;
2102 struct net_device *dev; 2151 struct net_device *dev;
2103 2152
2153 if (plen > 128)
2154 return -EINVAL;
2155
2104 dev = __dev_get_by_index(net, ifindex); 2156 dev = __dev_get_by_index(net, ifindex);
2105 if (!dev) 2157 if (!dev)
2106 return -ENODEV; 2158 return -ENODEV;
@@ -2270,7 +2322,7 @@ static void addrconf_add_linklocal(struct inet6_dev *idev, struct in6_addr *addr
2270 2322
2271#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 2323#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
2272 if (idev->cnf.optimistic_dad && 2324 if (idev->cnf.optimistic_dad &&
2273 !ipv6_devconf.forwarding) 2325 !dev_net(idev->dev)->ipv6.devconf_all->forwarding)
2274 addr_flags |= IFA_F_OPTIMISTIC; 2326 addr_flags |= IFA_F_OPTIMISTIC;
2275#endif 2327#endif
2276 2328
@@ -2725,6 +2777,7 @@ static void addrconf_dad_start(struct inet6_ifaddr *ifp, u32 flags)
2725 spin_lock_bh(&ifp->lock); 2777 spin_lock_bh(&ifp->lock);
2726 2778
2727 if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) || 2779 if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
2780 idev->cnf.accept_dad < 1 ||
2728 !(ifp->flags&IFA_F_TENTATIVE) || 2781 !(ifp->flags&IFA_F_TENTATIVE) ||
2729 ifp->flags & IFA_F_NODAD) { 2782 ifp->flags & IFA_F_NODAD) {
2730 ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC); 2783 ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC);
@@ -2772,6 +2825,11 @@ static void addrconf_dad_timer(unsigned long data)
2772 read_unlock_bh(&idev->lock); 2825 read_unlock_bh(&idev->lock);
2773 goto out; 2826 goto out;
2774 } 2827 }
2828 if (idev->cnf.accept_dad > 1 && idev->cnf.disable_ipv6) {
2829 read_unlock_bh(&idev->lock);
2830 addrconf_dad_failure(ifp);
2831 return;
2832 }
2775 spin_lock_bh(&ifp->lock); 2833 spin_lock_bh(&ifp->lock);
2776 if (ifp->probes == 0) { 2834 if (ifp->probes == 0) {
2777 /* 2835 /*
@@ -3169,26 +3227,28 @@ static int inet6_addr_modify(struct inet6_ifaddr *ifp, u8 ifa_flags,
3169{ 3227{
3170 u32 flags; 3228 u32 flags;
3171 clock_t expires; 3229 clock_t expires;
3230 unsigned long timeout;
3172 3231
3173 if (!valid_lft || (prefered_lft > valid_lft)) 3232 if (!valid_lft || (prefered_lft > valid_lft))
3174 return -EINVAL; 3233 return -EINVAL;
3175 3234
3176 if (valid_lft == INFINITY_LIFE_TIME) { 3235 timeout = addrconf_timeout_fixup(valid_lft, HZ);
3177 ifa_flags |= IFA_F_PERMANENT; 3236 if (addrconf_finite_timeout(timeout)) {
3178 flags = 0; 3237 expires = jiffies_to_clock_t(timeout * HZ);
3179 expires = 0; 3238 valid_lft = timeout;
3180 } else {
3181 if (valid_lft >= 0x7FFFFFFF/HZ)
3182 valid_lft = 0x7FFFFFFF/HZ;
3183 flags = RTF_EXPIRES; 3239 flags = RTF_EXPIRES;
3184 expires = jiffies_to_clock_t(valid_lft * HZ); 3240 } else {
3241 expires = 0;
3242 flags = 0;
3243 ifa_flags |= IFA_F_PERMANENT;
3185 } 3244 }
3186 3245
3187 if (prefered_lft == 0) 3246 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
3188 ifa_flags |= IFA_F_DEPRECATED; 3247 if (addrconf_finite_timeout(timeout)) {
3189 else if ((prefered_lft >= 0x7FFFFFFF/HZ) && 3248 if (timeout == 0)
3190 (prefered_lft != INFINITY_LIFE_TIME)) 3249 ifa_flags |= IFA_F_DEPRECATED;
3191 prefered_lft = 0x7FFFFFFF/HZ; 3250 prefered_lft = timeout;
3251 }
3192 3252
3193 spin_lock_bh(&ifp->lock); 3253 spin_lock_bh(&ifp->lock);
3194 ifp->flags = (ifp->flags & ~(IFA_F_DEPRECATED | IFA_F_PERMANENT | IFA_F_NODAD | IFA_F_HOMEADDRESS)) | ifa_flags; 3254 ifp->flags = (ifp->flags & ~(IFA_F_DEPRECATED | IFA_F_PERMANENT | IFA_F_NODAD | IFA_F_HOMEADDRESS)) | ifa_flags;
@@ -3629,6 +3689,8 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
3629#ifdef CONFIG_IPV6_MROUTE 3689#ifdef CONFIG_IPV6_MROUTE
3630 array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding; 3690 array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding;
3631#endif 3691#endif
3692 array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6;
3693 array[DEVCONF_ACCEPT_DAD] = cnf->accept_dad;
3632} 3694}
3633 3695
3634static inline size_t inet6_if_nlmsg_size(void) 3696static inline size_t inet6_if_nlmsg_size(void)
@@ -4188,6 +4250,22 @@ static struct addrconf_sysctl_table
4188 }, 4250 },
4189#endif 4251#endif
4190 { 4252 {
4253 .ctl_name = CTL_UNNUMBERED,
4254 .procname = "disable_ipv6",
4255 .data = &ipv6_devconf.disable_ipv6,
4256 .maxlen = sizeof(int),
4257 .mode = 0644,
4258 .proc_handler = &proc_dointvec,
4259 },
4260 {
4261 .ctl_name = CTL_UNNUMBERED,
4262 .procname = "accept_dad",
4263 .data = &ipv6_devconf.accept_dad,
4264 .maxlen = sizeof(int),
4265 .mode = 0644,
4266 .proc_handler = &proc_dointvec,
4267 },
4268 {
4191 .ctl_name = 0, /* sentinel */ 4269 .ctl_name = 0, /* sentinel */
4192 } 4270 }
4193 }, 4271 },
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index 9bfa8846f262..08909039d87b 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -29,6 +29,9 @@
29 */ 29 */
30struct ip6addrlbl_entry 30struct ip6addrlbl_entry
31{ 31{
32#ifdef CONFIG_NET_NS
33 struct net *lbl_net;
34#endif
32 struct in6_addr prefix; 35 struct in6_addr prefix;
33 int prefixlen; 36 int prefixlen;
34 int ifindex; 37 int ifindex;
@@ -46,6 +49,16 @@ static struct ip6addrlbl_table
46 u32 seq; 49 u32 seq;
47} ip6addrlbl_table; 50} ip6addrlbl_table;
48 51
52static inline
53struct net *ip6addrlbl_net(const struct ip6addrlbl_entry *lbl)
54{
55#ifdef CONFIG_NET_NS
56 return lbl->lbl_net;
57#else
58 return &init_net;
59#endif
60}
61
49/* 62/*
50 * Default policy table (RFC3484 + extensions) 63 * Default policy table (RFC3484 + extensions)
51 * 64 *
@@ -65,7 +78,7 @@ static struct ip6addrlbl_table
65 78
66#define IPV6_ADDR_LABEL_DEFAULT 0xffffffffUL 79#define IPV6_ADDR_LABEL_DEFAULT 0xffffffffUL
67 80
68static const __initdata struct ip6addrlbl_init_table 81static const __net_initdata struct ip6addrlbl_init_table
69{ 82{
70 const struct in6_addr *prefix; 83 const struct in6_addr *prefix;
71 int prefixlen; 84 int prefixlen;
@@ -108,6 +121,9 @@ static const __initdata struct ip6addrlbl_init_table
108/* Object management */ 121/* Object management */
109static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p) 122static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p)
110{ 123{
124#ifdef CONFIG_NET_NS
125 release_net(p->lbl_net);
126#endif
111 kfree(p); 127 kfree(p);
112} 128}
113 129
@@ -128,10 +144,13 @@ static inline void ip6addrlbl_put(struct ip6addrlbl_entry *p)
128} 144}
129 145
130/* Find label */ 146/* Find label */
131static int __ip6addrlbl_match(struct ip6addrlbl_entry *p, 147static int __ip6addrlbl_match(struct net *net,
148 struct ip6addrlbl_entry *p,
132 const struct in6_addr *addr, 149 const struct in6_addr *addr,
133 int addrtype, int ifindex) 150 int addrtype, int ifindex)
134{ 151{
152 if (!net_eq(ip6addrlbl_net(p), net))
153 return 0;
135 if (p->ifindex && p->ifindex != ifindex) 154 if (p->ifindex && p->ifindex != ifindex)
136 return 0; 155 return 0;
137 if (p->addrtype && p->addrtype != addrtype) 156 if (p->addrtype && p->addrtype != addrtype)
@@ -141,19 +160,21 @@ static int __ip6addrlbl_match(struct ip6addrlbl_entry *p,
141 return 1; 160 return 1;
142} 161}
143 162
144static struct ip6addrlbl_entry *__ipv6_addr_label(const struct in6_addr *addr, 163static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net,
164 const struct in6_addr *addr,
145 int type, int ifindex) 165 int type, int ifindex)
146{ 166{
147 struct hlist_node *pos; 167 struct hlist_node *pos;
148 struct ip6addrlbl_entry *p; 168 struct ip6addrlbl_entry *p;
149 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { 169 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {
150 if (__ip6addrlbl_match(p, addr, type, ifindex)) 170 if (__ip6addrlbl_match(net, p, addr, type, ifindex))
151 return p; 171 return p;
152 } 172 }
153 return NULL; 173 return NULL;
154} 174}
155 175
156u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex) 176u32 ipv6_addr_label(struct net *net,
177 const struct in6_addr *addr, int type, int ifindex)
157{ 178{
158 u32 label; 179 u32 label;
159 struct ip6addrlbl_entry *p; 180 struct ip6addrlbl_entry *p;
@@ -161,7 +182,7 @@ u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex)
161 type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK; 182 type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK;
162 183
163 rcu_read_lock(); 184 rcu_read_lock();
164 p = __ipv6_addr_label(addr, type, ifindex); 185 p = __ipv6_addr_label(net, addr, type, ifindex);
165 label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT; 186 label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT;
166 rcu_read_unlock(); 187 rcu_read_unlock();
167 188
@@ -174,7 +195,8 @@ u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex)
174} 195}
175 196
176/* allocate one entry */ 197/* allocate one entry */
177static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix, 198static struct ip6addrlbl_entry *ip6addrlbl_alloc(struct net *net,
199 const struct in6_addr *prefix,
178 int prefixlen, int ifindex, 200 int prefixlen, int ifindex,
179 u32 label) 201 u32 label)
180{ 202{
@@ -216,6 +238,9 @@ static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix,
216 newp->addrtype = addrtype; 238 newp->addrtype = addrtype;
217 newp->label = label; 239 newp->label = label;
218 INIT_HLIST_NODE(&newp->list); 240 INIT_HLIST_NODE(&newp->list);
241#ifdef CONFIG_NET_NS
242 newp->lbl_net = hold_net(net);
243#endif
219 atomic_set(&newp->refcnt, 1); 244 atomic_set(&newp->refcnt, 1);
220 return newp; 245 return newp;
221} 246}
@@ -237,6 +262,7 @@ static int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int replace)
237 hlist_for_each_entry_safe(p, pos, n, 262 hlist_for_each_entry_safe(p, pos, n,
238 &ip6addrlbl_table.head, list) { 263 &ip6addrlbl_table.head, list) {
239 if (p->prefixlen == newp->prefixlen && 264 if (p->prefixlen == newp->prefixlen &&
265 net_eq(ip6addrlbl_net(p), ip6addrlbl_net(newp)) &&
240 p->ifindex == newp->ifindex && 266 p->ifindex == newp->ifindex &&
241 ipv6_addr_equal(&p->prefix, &newp->prefix)) { 267 ipv6_addr_equal(&p->prefix, &newp->prefix)) {
242 if (!replace) { 268 if (!replace) {
@@ -261,7 +287,8 @@ out:
261} 287}
262 288
263/* add a label */ 289/* add a label */
264static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen, 290static int ip6addrlbl_add(struct net *net,
291 const struct in6_addr *prefix, int prefixlen,
265 int ifindex, u32 label, int replace) 292 int ifindex, u32 label, int replace)
266{ 293{
267 struct ip6addrlbl_entry *newp; 294 struct ip6addrlbl_entry *newp;
@@ -274,7 +301,7 @@ static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen,
274 (unsigned int)label, 301 (unsigned int)label,
275 replace); 302 replace);
276 303
277 newp = ip6addrlbl_alloc(prefix, prefixlen, ifindex, label); 304 newp = ip6addrlbl_alloc(net, prefix, prefixlen, ifindex, label);
278 if (IS_ERR(newp)) 305 if (IS_ERR(newp))
279 return PTR_ERR(newp); 306 return PTR_ERR(newp);
280 spin_lock(&ip6addrlbl_table.lock); 307 spin_lock(&ip6addrlbl_table.lock);
@@ -286,7 +313,8 @@ static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen,
286} 313}
287 314
288/* remove a label */ 315/* remove a label */
289static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, 316static int __ip6addrlbl_del(struct net *net,
317 const struct in6_addr *prefix, int prefixlen,
290 int ifindex) 318 int ifindex)
291{ 319{
292 struct ip6addrlbl_entry *p = NULL; 320 struct ip6addrlbl_entry *p = NULL;
@@ -300,6 +328,7 @@ static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,
300 328
301 hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) { 329 hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) {
302 if (p->prefixlen == prefixlen && 330 if (p->prefixlen == prefixlen &&
331 net_eq(ip6addrlbl_net(p), net) &&
303 p->ifindex == ifindex && 332 p->ifindex == ifindex &&
304 ipv6_addr_equal(&p->prefix, prefix)) { 333 ipv6_addr_equal(&p->prefix, prefix)) {
305 hlist_del_rcu(&p->list); 334 hlist_del_rcu(&p->list);
@@ -311,7 +340,8 @@ static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,
311 return ret; 340 return ret;
312} 341}
313 342
314static int ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen, 343static int ip6addrlbl_del(struct net *net,
344 const struct in6_addr *prefix, int prefixlen,
315 int ifindex) 345 int ifindex)
316{ 346{
317 struct in6_addr prefix_buf; 347 struct in6_addr prefix_buf;
@@ -324,13 +354,13 @@ static int ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,
324 354
325 ipv6_addr_prefix(&prefix_buf, prefix, prefixlen); 355 ipv6_addr_prefix(&prefix_buf, prefix, prefixlen);
326 spin_lock(&ip6addrlbl_table.lock); 356 spin_lock(&ip6addrlbl_table.lock);
327 ret = __ip6addrlbl_del(&prefix_buf, prefixlen, ifindex); 357 ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex);
328 spin_unlock(&ip6addrlbl_table.lock); 358 spin_unlock(&ip6addrlbl_table.lock);
329 return ret; 359 return ret;
330} 360}
331 361
332/* add default label */ 362/* add default label */
333static __init int ip6addrlbl_init(void) 363static int __net_init ip6addrlbl_net_init(struct net *net)
334{ 364{
335 int err = 0; 365 int err = 0;
336 int i; 366 int i;
@@ -338,7 +368,8 @@ static __init int ip6addrlbl_init(void)
338 ADDRLABEL(KERN_DEBUG "%s()\n", __func__); 368 ADDRLABEL(KERN_DEBUG "%s()\n", __func__);
339 369
340 for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) { 370 for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) {
341 int ret = ip6addrlbl_add(ip6addrlbl_init_table[i].prefix, 371 int ret = ip6addrlbl_add(net,
372 ip6addrlbl_init_table[i].prefix,
342 ip6addrlbl_init_table[i].prefixlen, 373 ip6addrlbl_init_table[i].prefixlen,
343 0, 374 0,
344 ip6addrlbl_init_table[i].label, 0); 375 ip6addrlbl_init_table[i].label, 0);
@@ -349,11 +380,32 @@ static __init int ip6addrlbl_init(void)
349 return err; 380 return err;
350} 381}
351 382
383static void __net_exit ip6addrlbl_net_exit(struct net *net)
384{
385 struct ip6addrlbl_entry *p = NULL;
386 struct hlist_node *pos, *n;
387
388 /* Remove all labels belonging to the exiting net */
389 spin_lock(&ip6addrlbl_table.lock);
390 hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) {
391 if (net_eq(ip6addrlbl_net(p), net)) {
392 hlist_del_rcu(&p->list);
393 ip6addrlbl_put(p);
394 }
395 }
396 spin_unlock(&ip6addrlbl_table.lock);
397}
398
399static struct pernet_operations ipv6_addr_label_ops = {
400 .init = ip6addrlbl_net_init,
401 .exit = ip6addrlbl_net_exit,
402};
403
352int __init ipv6_addr_label_init(void) 404int __init ipv6_addr_label_init(void)
353{ 405{
354 spin_lock_init(&ip6addrlbl_table.lock); 406 spin_lock_init(&ip6addrlbl_table.lock);
355 407
356 return ip6addrlbl_init(); 408 return register_pernet_subsys(&ipv6_addr_label_ops);
357} 409}
358 410
359static const struct nla_policy ifal_policy[IFAL_MAX+1] = { 411static const struct nla_policy ifal_policy[IFAL_MAX+1] = {
@@ -371,9 +423,6 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh,
371 u32 label; 423 u32 label;
372 int err = 0; 424 int err = 0;
373 425
374 if (net != &init_net)
375 return 0;
376
377 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); 426 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);
378 if (err < 0) 427 if (err < 0)
379 return err; 428 return err;
@@ -385,7 +434,7 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh,
385 return -EINVAL; 434 return -EINVAL;
386 435
387 if (ifal->ifal_index && 436 if (ifal->ifal_index &&
388 !__dev_get_by_index(&init_net, ifal->ifal_index)) 437 !__dev_get_by_index(net, ifal->ifal_index))
389 return -EINVAL; 438 return -EINVAL;
390 439
391 if (!tb[IFAL_ADDRESS]) 440 if (!tb[IFAL_ADDRESS])
@@ -403,12 +452,12 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh,
403 452
404 switch(nlh->nlmsg_type) { 453 switch(nlh->nlmsg_type) {
405 case RTM_NEWADDRLABEL: 454 case RTM_NEWADDRLABEL:
406 err = ip6addrlbl_add(pfx, ifal->ifal_prefixlen, 455 err = ip6addrlbl_add(net, pfx, ifal->ifal_prefixlen,
407 ifal->ifal_index, label, 456 ifal->ifal_index, label,
408 nlh->nlmsg_flags & NLM_F_REPLACE); 457 nlh->nlmsg_flags & NLM_F_REPLACE);
409 break; 458 break;
410 case RTM_DELADDRLABEL: 459 case RTM_DELADDRLABEL:
411 err = ip6addrlbl_del(pfx, ifal->ifal_prefixlen, 460 err = ip6addrlbl_del(net, pfx, ifal->ifal_prefixlen,
412 ifal->ifal_index); 461 ifal->ifal_index);
413 break; 462 break;
414 default: 463 default:
@@ -458,12 +507,10 @@ static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb)
458 int idx = 0, s_idx = cb->args[0]; 507 int idx = 0, s_idx = cb->args[0];
459 int err; 508 int err;
460 509
461 if (net != &init_net)
462 return 0;
463
464 rcu_read_lock(); 510 rcu_read_lock();
465 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { 511 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) {
466 if (idx >= s_idx) { 512 if (idx >= s_idx &&
513 net_eq(ip6addrlbl_net(p), net)) {
467 if ((err = ip6addrlbl_fill(skb, p, 514 if ((err = ip6addrlbl_fill(skb, p,
468 ip6addrlbl_table.seq, 515 ip6addrlbl_table.seq,
469 NETLINK_CB(cb->skb).pid, 516 NETLINK_CB(cb->skb).pid,
@@ -499,9 +546,6 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
499 struct ip6addrlbl_entry *p; 546 struct ip6addrlbl_entry *p;
500 struct sk_buff *skb; 547 struct sk_buff *skb;
501 548
502 if (net != &init_net)
503 return 0;
504
505 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); 549 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);
506 if (err < 0) 550 if (err < 0)
507 return err; 551 return err;
@@ -513,7 +557,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
513 return -EINVAL; 557 return -EINVAL;
514 558
515 if (ifal->ifal_index && 559 if (ifal->ifal_index &&
516 !__dev_get_by_index(&init_net, ifal->ifal_index)) 560 !__dev_get_by_index(net, ifal->ifal_index))
517 return -EINVAL; 561 return -EINVAL;
518 562
519 if (!tb[IFAL_ADDRESS]) 563 if (!tb[IFAL_ADDRESS])
@@ -524,7 +568,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
524 return -EINVAL; 568 return -EINVAL;
525 569
526 rcu_read_lock(); 570 rcu_read_lock();
527 p = __ipv6_addr_label(addr, ipv6_addr_type(addr), ifal->ifal_index); 571 p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);
528 if (p && ip6addrlbl_hold(p)) 572 if (p && ip6addrlbl_hold(p))
529 p = NULL; 573 p = NULL;
530 lseq = ip6addrlbl_table.seq; 574 lseq = ip6addrlbl_table.seq;
@@ -552,7 +596,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
552 goto out; 596 goto out;
553 } 597 }
554 598
555 err = rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid); 599 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
556out: 600out:
557 return err; 601 return err;
558} 602}
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 3c6aafb02183..95055f8c3f35 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -7,8 +7,6 @@
7 * 7 *
8 * Adapted from linux/net/ipv4/af_inet.c 8 * Adapted from linux/net/ipv4/af_inet.c
9 * 9 *
10 * $Id: af_inet6.c,v 1.66 2002/02/01 22:01:04 davem Exp $
11 *
12 * Fixes: 10 * Fixes:
13 * piggy, Karl Knutson : Socket protocol table 11 * piggy, Karl Knutson : Socket protocol table
14 * Hideaki YOSHIFUJI : sin6_scope_id support 12 * Hideaki YOSHIFUJI : sin6_scope_id support
@@ -61,9 +59,7 @@
61 59
62#include <asm/uaccess.h> 60#include <asm/uaccess.h>
63#include <asm/system.h> 61#include <asm/system.h>
64#ifdef CONFIG_IPV6_MROUTE
65#include <linux/mroute6.h> 62#include <linux/mroute6.h>
66#endif
67 63
68MODULE_AUTHOR("Cast of dozens"); 64MODULE_AUTHOR("Cast of dozens");
69MODULE_DESCRIPTION("IPv6 protocol stack for Linux"); 65MODULE_DESCRIPTION("IPv6 protocol stack for Linux");
@@ -87,7 +83,6 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol)
87 struct inet_sock *inet; 83 struct inet_sock *inet;
88 struct ipv6_pinfo *np; 84 struct ipv6_pinfo *np;
89 struct sock *sk; 85 struct sock *sk;
90 struct list_head *p;
91 struct inet_protosw *answer; 86 struct inet_protosw *answer;
92 struct proto *answer_prot; 87 struct proto *answer_prot;
93 unsigned char answer_flags; 88 unsigned char answer_flags;
@@ -101,13 +96,12 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol)
101 build_ehash_secret(); 96 build_ehash_secret();
102 97
103 /* Look for the requested type/protocol pair. */ 98 /* Look for the requested type/protocol pair. */
104 answer = NULL;
105lookup_protocol: 99lookup_protocol:
106 err = -ESOCKTNOSUPPORT; 100 err = -ESOCKTNOSUPPORT;
107 rcu_read_lock(); 101 rcu_read_lock();
108 list_for_each_rcu(p, &inetsw6[sock->type]) { 102 list_for_each_entry_rcu(answer, &inetsw6[sock->type], list) {
109 answer = list_entry(p, struct inet_protosw, list);
110 103
104 err = 0;
111 /* Check the non-wild match. */ 105 /* Check the non-wild match. */
112 if (protocol == answer->protocol) { 106 if (protocol == answer->protocol) {
113 if (protocol != IPPROTO_IP) 107 if (protocol != IPPROTO_IP)
@@ -122,10 +116,9 @@ lookup_protocol:
122 break; 116 break;
123 } 117 }
124 err = -EPROTONOSUPPORT; 118 err = -EPROTONOSUPPORT;
125 answer = NULL;
126 } 119 }
127 120
128 if (!answer) { 121 if (err) {
129 if (try_loading_module < 2) { 122 if (try_loading_module < 2) {
130 rcu_read_unlock(); 123 rcu_read_unlock();
131 /* 124 /*
@@ -157,7 +150,7 @@ lookup_protocol:
157 answer_flags = answer->flags; 150 answer_flags = answer->flags;
158 rcu_read_unlock(); 151 rcu_read_unlock();
159 152
160 BUG_TRAP(answer_prot->slab != NULL); 153 WARN_ON(answer_prot->slab == NULL);
161 154
162 err = -ENOBUFS; 155 err = -ENOBUFS;
163 sk = sk_alloc(net, PF_INET6, GFP_KERNEL, answer_prot); 156 sk = sk_alloc(net, PF_INET6, GFP_KERNEL, answer_prot);
@@ -191,7 +184,7 @@ lookup_protocol:
191 np->mcast_hops = -1; 184 np->mcast_hops = -1;
192 np->mc_loop = 1; 185 np->mc_loop = 1;
193 np->pmtudisc = IPV6_PMTUDISC_WANT; 186 np->pmtudisc = IPV6_PMTUDISC_WANT;
194 np->ipv6only = init_net.ipv6.sysctl.bindv6only; 187 np->ipv6only = net->ipv6.sysctl.bindv6only;
195 188
196 /* Init the ipv4 part of the socket since we can have sockets 189 /* Init the ipv4 part of the socket since we can have sockets
197 * using v6 API for ipv4. 190 * using v6 API for ipv4.
@@ -373,7 +366,7 @@ int inet6_release(struct socket *sock)
373 366
374EXPORT_SYMBOL(inet6_release); 367EXPORT_SYMBOL(inet6_release);
375 368
376int inet6_destroy_sock(struct sock *sk) 369void inet6_destroy_sock(struct sock *sk)
377{ 370{
378 struct ipv6_pinfo *np = inet6_sk(sk); 371 struct ipv6_pinfo *np = inet6_sk(sk);
379 struct sk_buff *skb; 372 struct sk_buff *skb;
@@ -391,8 +384,6 @@ int inet6_destroy_sock(struct sock *sk)
391 384
392 if ((opt = xchg(&np->opt, NULL)) != NULL) 385 if ((opt = xchg(&np->opt, NULL)) != NULL)
393 sock_kfree_s(sk, opt, opt->tot_len); 386 sock_kfree_s(sk, opt, opt->tot_len);
394
395 return 0;
396} 387}
397 388
398EXPORT_SYMBOL_GPL(inet6_destroy_sock); 389EXPORT_SYMBOL_GPL(inet6_destroy_sock);
@@ -943,6 +934,11 @@ static int __init inet6_init(void)
943 if (err) 934 if (err)
944 goto out_unregister_sock; 935 goto out_unregister_sock;
945 936
937#ifdef CONFIG_SYSCTL
938 err = ipv6_static_sysctl_register();
939 if (err)
940 goto static_sysctl_fail;
941#endif
946 /* 942 /*
947 * ipngwg API draft makes clear that the correct semantics 943 * ipngwg API draft makes clear that the correct semantics
948 * for TCP and UDP is to consider one TCP and UDP instance 944 * for TCP and UDP is to consider one TCP and UDP instance
@@ -956,9 +952,9 @@ static int __init inet6_init(void)
956 err = icmpv6_init(); 952 err = icmpv6_init();
957 if (err) 953 if (err)
958 goto icmp_fail; 954 goto icmp_fail;
959#ifdef CONFIG_IPV6_MROUTE 955 err = ip6_mr_init();
960 ip6_mr_init(); 956 if (err)
961#endif 957 goto ipmr_fail;
962 err = ndisc_init(); 958 err = ndisc_init();
963 if (err) 959 if (err)
964 goto ndisc_fail; 960 goto ndisc_fail;
@@ -1061,10 +1057,16 @@ netfilter_fail:
1061igmp_fail: 1057igmp_fail:
1062 ndisc_cleanup(); 1058 ndisc_cleanup();
1063ndisc_fail: 1059ndisc_fail:
1060 ip6_mr_cleanup();
1061ipmr_fail:
1064 icmpv6_cleanup(); 1062 icmpv6_cleanup();
1065icmp_fail: 1063icmp_fail:
1066 unregister_pernet_subsys(&inet6_net_ops); 1064 unregister_pernet_subsys(&inet6_net_ops);
1067register_pernet_fail: 1065register_pernet_fail:
1066#ifdef CONFIG_SYSCTL
1067 ipv6_static_sysctl_unregister();
1068static_sysctl_fail:
1069#endif
1068 cleanup_ipv6_mibs(); 1070 cleanup_ipv6_mibs();
1069out_unregister_sock: 1071out_unregister_sock:
1070 sock_unregister(PF_INET6); 1072 sock_unregister(PF_INET6);
@@ -1115,10 +1117,14 @@ static void __exit inet6_exit(void)
1115 ipv6_netfilter_fini(); 1117 ipv6_netfilter_fini();
1116 igmp6_cleanup(); 1118 igmp6_cleanup();
1117 ndisc_cleanup(); 1119 ndisc_cleanup();
1120 ip6_mr_cleanup();
1118 icmpv6_cleanup(); 1121 icmpv6_cleanup();
1119 rawv6_exit(); 1122 rawv6_exit();
1120 1123
1121 unregister_pernet_subsys(&inet6_net_ops); 1124 unregister_pernet_subsys(&inet6_net_ops);
1125#ifdef CONFIG_SYSCTL
1126 ipv6_static_sysctl_unregister();
1127#endif
1122 cleanup_ipv6_mibs(); 1128 cleanup_ipv6_mibs();
1123 proto_unregister(&rawv6_prot); 1129 proto_unregister(&rawv6_prot);
1124 proto_unregister(&udplitev6_prot); 1130 proto_unregister(&udplitev6_prot);
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index 4e1b29fabdf0..8336cd81cb4f 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -60,7 +60,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
60 struct inet6_dev *idev; 60 struct inet6_dev *idev;
61 struct ipv6_ac_socklist *pac; 61 struct ipv6_ac_socklist *pac;
62 struct net *net = sock_net(sk); 62 struct net *net = sock_net(sk);
63 int ishost = !ipv6_devconf.forwarding; 63 int ishost = !net->ipv6.devconf_all->forwarding;
64 int err = 0; 64 int err = 0;
65 65
66 if (!capable(CAP_NET_ADMIN)) 66 if (!capable(CAP_NET_ADMIN))
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 94fa6ae77cfe..410046a8cc91 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: datagram.c,v 1.24 2002/02/01 22:01:04 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -496,7 +494,8 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
496 return 0; 494 return 0;
497} 495}
498 496
499int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, 497int datagram_send_ctl(struct net *net,
498 struct msghdr *msg, struct flowi *fl,
500 struct ipv6_txoptions *opt, 499 struct ipv6_txoptions *opt,
501 int *hlimit, int *tclass) 500 int *hlimit, int *tclass)
502{ 501{
@@ -509,7 +508,6 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
509 508
510 for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { 509 for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
511 int addr_type; 510 int addr_type;
512 struct net_device *dev = NULL;
513 511
514 if (!CMSG_OK(msg, cmsg)) { 512 if (!CMSG_OK(msg, cmsg)) {
515 err = -EINVAL; 513 err = -EINVAL;
@@ -522,6 +520,9 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
522 switch (cmsg->cmsg_type) { 520 switch (cmsg->cmsg_type) {
523 case IPV6_PKTINFO: 521 case IPV6_PKTINFO:
524 case IPV6_2292PKTINFO: 522 case IPV6_2292PKTINFO:
523 {
524 struct net_device *dev = NULL;
525
525 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) { 526 if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
526 err = -EINVAL; 527 err = -EINVAL;
527 goto exit_f; 528 goto exit_f;
@@ -535,32 +536,32 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
535 fl->oif = src_info->ipi6_ifindex; 536 fl->oif = src_info->ipi6_ifindex;
536 } 537 }
537 538
538 addr_type = ipv6_addr_type(&src_info->ipi6_addr); 539 addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
539 540
540 if (addr_type == IPV6_ADDR_ANY) 541 if (fl->oif) {
541 break; 542 dev = dev_get_by_index(net, fl->oif);
543 if (!dev)
544 return -ENODEV;
545 } else if (addr_type & IPV6_ADDR_LINKLOCAL)
546 return -EINVAL;
542 547
543 if (addr_type & IPV6_ADDR_LINKLOCAL) { 548 if (addr_type != IPV6_ADDR_ANY) {
544 if (!src_info->ipi6_ifindex) 549 int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
545 return -EINVAL; 550 if (!ipv6_chk_addr(net, &src_info->ipi6_addr,
546 else { 551 strict ? dev : NULL, 0))
547 dev = dev_get_by_index(&init_net, src_info->ipi6_ifindex); 552 err = -EINVAL;
548 if (!dev) 553 else
549 return -ENODEV; 554 ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr);
550 }
551 }
552 if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
553 dev, 0)) {
554 if (dev)
555 dev_put(dev);
556 err = -EINVAL;
557 goto exit_f;
558 } 555 }
556
559 if (dev) 557 if (dev)
560 dev_put(dev); 558 dev_put(dev);
561 559
562 ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr); 560 if (err)
561 goto exit_f;
562
563 break; 563 break;
564 }
564 565
565 case IPV6_FLOWINFO: 566 case IPV6_FLOWINFO:
566 if (cmsg->cmsg_len < CMSG_LEN(4)) { 567 if (cmsg->cmsg_len < CMSG_LEN(4)) {
@@ -702,6 +703,11 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
702 } 703 }
703 704
704 *hlimit = *(int *)CMSG_DATA(cmsg); 705 *hlimit = *(int *)CMSG_DATA(cmsg);
706 if (*hlimit < -1 || *hlimit > 0xff) {
707 err = -EINVAL;
708 goto exit_f;
709 }
710
705 break; 711 break;
706 712
707 case IPV6_TCLASS: 713 case IPV6_TCLASS:
@@ -726,7 +732,7 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
726 LIMIT_NETDEBUG(KERN_DEBUG "invalid cmsg type: %d\n", 732 LIMIT_NETDEBUG(KERN_DEBUG "invalid cmsg type: %d\n",
727 cmsg->cmsg_type); 733 cmsg->cmsg_type);
728 err = -EINVAL; 734 err = -EINVAL;
729 break; 735 goto exit_f;
730 } 736 }
731 } 737 }
732 738
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index c6bb4c6d24b3..b181b08fb761 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -521,6 +521,10 @@ static int esp6_init_state(struct xfrm_state *x)
521 crypto_aead_ivsize(aead); 521 crypto_aead_ivsize(aead);
522 switch (x->props.mode) { 522 switch (x->props.mode) {
523 case XFRM_MODE_BEET: 523 case XFRM_MODE_BEET:
524 if (x->sel.family != AF_INET6)
525 x->props.header_len += IPV4_BEET_PHMAXLEN +
526 (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
527 break;
524 case XFRM_MODE_TRANSPORT: 528 case XFRM_MODE_TRANSPORT:
525 break; 529 break;
526 case XFRM_MODE_TUNNEL: 530 case XFRM_MODE_TUNNEL:
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 3cd1c993d52b..837c830d6d8e 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -7,8 +7,6 @@
7 * Andi Kleen <ak@muc.de> 7 * Andi Kleen <ak@muc.de>
8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9 * 9 *
10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $
11 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License 11 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 12 * as published by the Free Software Foundation; either version
@@ -321,7 +319,7 @@ static int ipv6_rthdr_rcv(struct sk_buff *skb)
321 int n, i; 319 int n, i;
322 struct ipv6_rt_hdr *hdr; 320 struct ipv6_rt_hdr *hdr;
323 struct rt0_hdr *rthdr; 321 struct rt0_hdr *rthdr;
324 int accept_source_route = ipv6_devconf.accept_source_route; 322 int accept_source_route = dev_net(skb->dev)->ipv6.devconf_all->accept_source_route;
325 323
326 idev = in6_dev_get(skb->dev); 324 idev = in6_dev_get(skb->dev);
327 if (idev) { 325 if (idev) {
@@ -445,7 +443,7 @@ looped_back:
445 kfree_skb(skb); 443 kfree_skb(skb);
446 return -1; 444 return -1;
447 } 445 }
448 if (!ipv6_chk_home_addr(&init_net, addr)) { 446 if (!ipv6_chk_home_addr(dev_net(skb->dst->dev), addr)) {
449 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 447 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
450 IPSTATS_MIB_INADDRERRORS); 448 IPSTATS_MIB_INADDRERRORS);
451 kfree_skb(skb); 449 kfree_skb(skb);
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 8d05527524e3..f5de3f9dc692 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -93,7 +93,8 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
93 if (flags & RT6_LOOKUP_F_SRCPREF_COA) 93 if (flags & RT6_LOOKUP_F_SRCPREF_COA)
94 srcprefs |= IPV6_PREFER_SRC_COA; 94 srcprefs |= IPV6_PREFER_SRC_COA;
95 95
96 if (ipv6_dev_get_saddr(ip6_dst_idev(&rt->u.dst)->dev, 96 if (ipv6_dev_get_saddr(net,
97 ip6_dst_idev(&rt->u.dst)->dev,
97 &flp->fl6_dst, srcprefs, 98 &flp->fl6_dst, srcprefs,
98 &saddr)) 99 &saddr))
99 goto again; 100 goto again;
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index d42dd16d3487..b3157a0cc15d 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: icmp.c,v 1.38 2002/02/08 03:57:19 davem Exp $
9 *
10 * Based on net/ipv4/icmp.c 8 * Based on net/ipv4/icmp.c
11 * 9 *
12 * RFC 1885 10 * RFC 1885
@@ -93,19 +91,22 @@ static struct inet6_protocol icmpv6_protocol = {
93 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 91 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
94}; 92};
95 93
96static __inline__ int icmpv6_xmit_lock(struct sock *sk) 94static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
97{ 95{
96 struct sock *sk;
97
98 local_bh_disable(); 98 local_bh_disable();
99 99
100 sk = icmpv6_sk(net);
100 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 101 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
101 /* This can happen if the output path (f.e. SIT or 102 /* This can happen if the output path (f.e. SIT or
102 * ip6ip6 tunnel) signals dst_link_failure() for an 103 * ip6ip6 tunnel) signals dst_link_failure() for an
103 * outgoing ICMP6 packet. 104 * outgoing ICMP6 packet.
104 */ 105 */
105 local_bh_enable(); 106 local_bh_enable();
106 return 1; 107 return NULL;
107 } 108 }
108 return 0; 109 return sk;
109} 110}
110 111
111static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 112static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
@@ -394,11 +395,10 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
394 fl.fl_icmp_code = code; 395 fl.fl_icmp_code = code;
395 security_skb_classify_flow(skb, &fl); 396 security_skb_classify_flow(skb, &fl);
396 397
397 sk = icmpv6_sk(net); 398 sk = icmpv6_xmit_lock(net);
398 np = inet6_sk(sk); 399 if (sk == NULL)
399
400 if (icmpv6_xmit_lock(sk))
401 return; 400 return;
401 np = inet6_sk(sk);
402 402
403 if (!icmpv6_xrlim_allow(sk, type, &fl)) 403 if (!icmpv6_xrlim_allow(sk, type, &fl))
404 goto out; 404 goto out;
@@ -541,11 +541,10 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
541 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 541 fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
542 security_skb_classify_flow(skb, &fl); 542 security_skb_classify_flow(skb, &fl);
543 543
544 sk = icmpv6_sk(net); 544 sk = icmpv6_xmit_lock(net);
545 np = inet6_sk(sk); 545 if (sk == NULL)
546
547 if (icmpv6_xmit_lock(sk))
548 return; 546 return;
547 np = inet6_sk(sk);
549 548
550 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 549 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
551 fl.oif = np->mcast_oif; 550 fl.oif = np->mcast_oif;
@@ -956,7 +955,8 @@ ctl_table ipv6_icmp_table_template[] = {
956 .data = &init_net.ipv6.sysctl.icmpv6_time, 955 .data = &init_net.ipv6.sysctl.icmpv6_time,
957 .maxlen = sizeof(int), 956 .maxlen = sizeof(int),
958 .mode = 0644, 957 .mode = 0644,
959 .proc_handler = &proc_dointvec 958 .proc_handler = &proc_dointvec_ms_jiffies,
959 .strategy = &sysctl_ms_jiffies
960 }, 960 },
961 { .ctl_name = 0 }, 961 { .ctl_name = 0 },
962}; 962};
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 87801cc1b2f8..16d43f20b32f 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -98,7 +98,7 @@ struct request_sock *inet6_csk_search_req(const struct sock *sk,
98 ipv6_addr_equal(&treq->rmt_addr, raddr) && 98 ipv6_addr_equal(&treq->rmt_addr, raddr) &&
99 ipv6_addr_equal(&treq->loc_addr, laddr) && 99 ipv6_addr_equal(&treq->loc_addr, laddr) &&
100 (!treq->iif || treq->iif == iif)) { 100 (!treq->iif || treq->iif == iif)) {
101 BUG_TRAP(req->sk == NULL); 101 WARN_ON(req->sk != NULL);
102 *prevp = prev; 102 *prevp = prev;
103 return req; 103 return req;
104 } 104 }
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index 580014aea4d6..1646a5658255 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -28,7 +28,7 @@ void __inet6_hash(struct sock *sk)
28 struct hlist_head *list; 28 struct hlist_head *list;
29 rwlock_t *lock; 29 rwlock_t *lock;
30 30
31 BUG_TRAP(sk_unhashed(sk)); 31 WARN_ON(!sk_unhashed(sk));
32 32
33 if (sk->sk_state == TCP_LISTEN) { 33 if (sk->sk_state == TCP_LISTEN) {
34 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)]; 34 list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
@@ -68,7 +68,7 @@ struct sock *__inet6_lookup_established(struct net *net,
68 /* Optimize here for direct hit, only listening connections can 68 /* Optimize here for direct hit, only listening connections can
69 * have wildcards anyways. 69 * have wildcards anyways.
70 */ 70 */
71 unsigned int hash = inet6_ehashfn(daddr, hnum, saddr, sport); 71 unsigned int hash = inet6_ehashfn(net, daddr, hnum, saddr, sport);
72 struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash); 72 struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash);
73 rwlock_t *lock = inet_ehash_lockp(hashinfo, hash); 73 rwlock_t *lock = inet_ehash_lockp(hashinfo, hash);
74 74
@@ -104,7 +104,8 @@ struct sock *inet6_lookup_listener(struct net *net,
104 int score, hiscore = 0; 104 int score, hiscore = 0;
105 105
106 read_lock(&hashinfo->lhash_lock); 106 read_lock(&hashinfo->lhash_lock);
107 sk_for_each(sk, node, &hashinfo->listening_hash[inet_lhashfn(hnum)]) { 107 sk_for_each(sk, node,
108 &hashinfo->listening_hash[inet_lhashfn(net, hnum)]) {
108 if (net_eq(sock_net(sk), net) && inet_sk(sk)->num == hnum && 109 if (net_eq(sock_net(sk), net) && inet_sk(sk)->num == hnum &&
109 sk->sk_family == PF_INET6) { 110 sk->sk_family == PF_INET6) {
110 const struct ipv6_pinfo *np = inet6_sk(sk); 111 const struct ipv6_pinfo *np = inet6_sk(sk);
@@ -165,14 +166,14 @@ static int __inet6_check_established(struct inet_timewait_death_row *death_row,
165 const struct in6_addr *saddr = &np->daddr; 166 const struct in6_addr *saddr = &np->daddr;
166 const int dif = sk->sk_bound_dev_if; 167 const int dif = sk->sk_bound_dev_if;
167 const __portpair ports = INET_COMBINED_PORTS(inet->dport, lport); 168 const __portpair ports = INET_COMBINED_PORTS(inet->dport, lport);
168 const unsigned int hash = inet6_ehashfn(daddr, lport, saddr, 169 struct net *net = sock_net(sk);
170 const unsigned int hash = inet6_ehashfn(net, daddr, lport, saddr,
169 inet->dport); 171 inet->dport);
170 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash); 172 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
171 rwlock_t *lock = inet_ehash_lockp(hinfo, hash); 173 rwlock_t *lock = inet_ehash_lockp(hinfo, hash);
172 struct sock *sk2; 174 struct sock *sk2;
173 const struct hlist_node *node; 175 const struct hlist_node *node;
174 struct inet_timewait_sock *tw; 176 struct inet_timewait_sock *tw;
175 struct net *net = sock_net(sk);
176 177
177 prefetch(head->chain.first); 178 prefetch(head->chain.first);
178 write_lock(lock); 179 write_lock(lock);
@@ -201,7 +202,7 @@ unique:
201 * in hash table socket with a funny identity. */ 202 * in hash table socket with a funny identity. */
202 inet->num = lport; 203 inet->num = lport;
203 inet->sport = htons(lport); 204 inet->sport = htons(lport);
204 BUG_TRAP(sk_unhashed(sk)); 205 WARN_ON(!sk_unhashed(sk));
205 __sk_add_node(sk, &head->chain); 206 __sk_add_node(sk, &head->chain);
206 sk->sk_hash = hash; 207 sk->sk_hash = hash;
207 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 208 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
@@ -209,11 +210,11 @@ unique:
209 210
210 if (twp != NULL) { 211 if (twp != NULL) {
211 *twp = tw; 212 *twp = tw;
212 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED); 213 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);
213 } else if (tw != NULL) { 214 } else if (tw != NULL) {
214 /* Silly. Should hash-dance instead... */ 215 /* Silly. Should hash-dance instead... */
215 inet_twsk_deschedule(tw, death_row); 216 inet_twsk_deschedule(tw, death_row);
216 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED); 217 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_TIMEWAITRECYCLED);
217 218
218 inet_twsk_put(tw); 219 inet_twsk_put(tw);
219 } 220 }
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 1ee4fa17c129..29c7c99e69f7 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: ip6_fib.c,v 1.25 2001/10/31 21:55:55 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -289,7 +287,7 @@ static int fib6_dump_node(struct fib6_walker_t *w)
289 w->leaf = rt; 287 w->leaf = rt;
290 return 1; 288 return 1;
291 } 289 }
292 BUG_TRAP(res!=0); 290 WARN_ON(res == 0);
293 } 291 }
294 w->leaf = NULL; 292 w->leaf = NULL;
295 return 0; 293 return 0;
@@ -380,6 +378,7 @@ static int inet6_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
380 378
381 arg.skb = skb; 379 arg.skb = skb;
382 arg.cb = cb; 380 arg.cb = cb;
381 arg.net = net;
383 w->args = &arg; 382 w->args = &arg;
384 383
385 for (h = s_h; h < FIB_TABLE_HASHSZ; h++, s_e = 0) { 384 for (h = s_h; h < FIB_TABLE_HASHSZ; h++, s_e = 0) {
@@ -663,17 +662,17 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
663 662
664static __inline__ void fib6_start_gc(struct net *net, struct rt6_info *rt) 663static __inline__ void fib6_start_gc(struct net *net, struct rt6_info *rt)
665{ 664{
666 if (net->ipv6.ip6_fib_timer->expires == 0 && 665 if (!timer_pending(&net->ipv6.ip6_fib_timer) &&
667 (rt->rt6i_flags & (RTF_EXPIRES|RTF_CACHE))) 666 (rt->rt6i_flags & (RTF_EXPIRES|RTF_CACHE)))
668 mod_timer(net->ipv6.ip6_fib_timer, jiffies + 667 mod_timer(&net->ipv6.ip6_fib_timer,
669 net->ipv6.sysctl.ip6_rt_gc_interval); 668 jiffies + net->ipv6.sysctl.ip6_rt_gc_interval);
670} 669}
671 670
672void fib6_force_start_gc(struct net *net) 671void fib6_force_start_gc(struct net *net)
673{ 672{
674 if (net->ipv6.ip6_fib_timer->expires == 0) 673 if (!timer_pending(&net->ipv6.ip6_fib_timer))
675 mod_timer(net->ipv6.ip6_fib_timer, jiffies + 674 mod_timer(&net->ipv6.ip6_fib_timer,
676 net->ipv6.sysctl.ip6_rt_gc_interval); 675 jiffies + net->ipv6.sysctl.ip6_rt_gc_interval);
677} 676}
678 677
679/* 678/*
@@ -780,7 +779,7 @@ out:
780 pn->leaf = fib6_find_prefix(info->nl_net, pn); 779 pn->leaf = fib6_find_prefix(info->nl_net, pn);
781#if RT6_DEBUG >= 2 780#if RT6_DEBUG >= 2
782 if (!pn->leaf) { 781 if (!pn->leaf) {
783 BUG_TRAP(pn->leaf != NULL); 782 WARN_ON(pn->leaf == NULL);
784 pn->leaf = info->nl_net->ipv6.ip6_null_entry; 783 pn->leaf = info->nl_net->ipv6.ip6_null_entry;
785 } 784 }
786#endif 785#endif
@@ -944,7 +943,7 @@ struct fib6_node * fib6_locate(struct fib6_node *root,
944 943
945#ifdef CONFIG_IPV6_SUBTREES 944#ifdef CONFIG_IPV6_SUBTREES
946 if (src_len) { 945 if (src_len) {
947 BUG_TRAP(saddr!=NULL); 946 WARN_ON(saddr == NULL);
948 if (fn && fn->subtree) 947 if (fn && fn->subtree)
949 fn = fib6_locate_1(fn->subtree, saddr, src_len, 948 fn = fib6_locate_1(fn->subtree, saddr, src_len,
950 offsetof(struct rt6_info, rt6i_src)); 949 offsetof(struct rt6_info, rt6i_src));
@@ -998,9 +997,9 @@ static struct fib6_node *fib6_repair_tree(struct net *net,
998 RT6_TRACE("fixing tree: plen=%d iter=%d\n", fn->fn_bit, iter); 997 RT6_TRACE("fixing tree: plen=%d iter=%d\n", fn->fn_bit, iter);
999 iter++; 998 iter++;
1000 999
1001 BUG_TRAP(!(fn->fn_flags&RTN_RTINFO)); 1000 WARN_ON(fn->fn_flags & RTN_RTINFO);
1002 BUG_TRAP(!(fn->fn_flags&RTN_TL_ROOT)); 1001 WARN_ON(fn->fn_flags & RTN_TL_ROOT);
1003 BUG_TRAP(fn->leaf==NULL); 1002 WARN_ON(fn->leaf != NULL);
1004 1003
1005 children = 0; 1004 children = 0;
1006 child = NULL; 1005 child = NULL;
@@ -1016,7 +1015,7 @@ static struct fib6_node *fib6_repair_tree(struct net *net,
1016 fn->leaf = fib6_find_prefix(net, fn); 1015 fn->leaf = fib6_find_prefix(net, fn);
1017#if RT6_DEBUG >= 2 1016#if RT6_DEBUG >= 2
1018 if (fn->leaf==NULL) { 1017 if (fn->leaf==NULL) {
1019 BUG_TRAP(fn->leaf); 1018 WARN_ON(!fn->leaf);
1020 fn->leaf = net->ipv6.ip6_null_entry; 1019 fn->leaf = net->ipv6.ip6_null_entry;
1021 } 1020 }
1022#endif 1021#endif
@@ -1027,16 +1026,17 @@ static struct fib6_node *fib6_repair_tree(struct net *net,
1027 pn = fn->parent; 1026 pn = fn->parent;
1028#ifdef CONFIG_IPV6_SUBTREES 1027#ifdef CONFIG_IPV6_SUBTREES
1029 if (FIB6_SUBTREE(pn) == fn) { 1028 if (FIB6_SUBTREE(pn) == fn) {
1030 BUG_TRAP(fn->fn_flags&RTN_ROOT); 1029 WARN_ON(!(fn->fn_flags & RTN_ROOT));
1031 FIB6_SUBTREE(pn) = NULL; 1030 FIB6_SUBTREE(pn) = NULL;
1032 nstate = FWS_L; 1031 nstate = FWS_L;
1033 } else { 1032 } else {
1034 BUG_TRAP(!(fn->fn_flags&RTN_ROOT)); 1033 WARN_ON(fn->fn_flags & RTN_ROOT);
1035#endif 1034#endif
1036 if (pn->right == fn) pn->right = child; 1035 if (pn->right == fn) pn->right = child;
1037 else if (pn->left == fn) pn->left = child; 1036 else if (pn->left == fn) pn->left = child;
1038#if RT6_DEBUG >= 2 1037#if RT6_DEBUG >= 2
1039 else BUG_TRAP(0); 1038 else
1039 WARN_ON(1);
1040#endif 1040#endif
1041 if (child) 1041 if (child)
1042 child->parent = pn; 1042 child->parent = pn;
@@ -1156,14 +1156,14 @@ int fib6_del(struct rt6_info *rt, struct nl_info *info)
1156 1156
1157#if RT6_DEBUG >= 2 1157#if RT6_DEBUG >= 2
1158 if (rt->u.dst.obsolete>0) { 1158 if (rt->u.dst.obsolete>0) {
1159 BUG_TRAP(fn==NULL); 1159 WARN_ON(fn != NULL);
1160 return -ENOENT; 1160 return -ENOENT;
1161 } 1161 }
1162#endif 1162#endif
1163 if (fn == NULL || rt == net->ipv6.ip6_null_entry) 1163 if (fn == NULL || rt == net->ipv6.ip6_null_entry)
1164 return -ENOENT; 1164 return -ENOENT;
1165 1165
1166 BUG_TRAP(fn->fn_flags&RTN_RTINFO); 1166 WARN_ON(!(fn->fn_flags & RTN_RTINFO));
1167 1167
1168 if (!(rt->rt6i_flags&RTF_CACHE)) { 1168 if (!(rt->rt6i_flags&RTF_CACHE)) {
1169 struct fib6_node *pn = fn; 1169 struct fib6_node *pn = fn;
@@ -1268,7 +1268,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
1268 w->node = pn; 1268 w->node = pn;
1269#ifdef CONFIG_IPV6_SUBTREES 1269#ifdef CONFIG_IPV6_SUBTREES
1270 if (FIB6_SUBTREE(pn) == fn) { 1270 if (FIB6_SUBTREE(pn) == fn) {
1271 BUG_TRAP(fn->fn_flags&RTN_ROOT); 1271 WARN_ON(!(fn->fn_flags & RTN_ROOT));
1272 w->state = FWS_L; 1272 w->state = FWS_L;
1273 continue; 1273 continue;
1274 } 1274 }
@@ -1283,7 +1283,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
1283 continue; 1283 continue;
1284 } 1284 }
1285#if RT6_DEBUG >= 2 1285#if RT6_DEBUG >= 2
1286 BUG_TRAP(0); 1286 WARN_ON(1);
1287#endif 1287#endif
1288 } 1288 }
1289 } 1289 }
@@ -1325,7 +1325,7 @@ static int fib6_clean_node(struct fib6_walker_t *w)
1325 } 1325 }
1326 return 0; 1326 return 0;
1327 } 1327 }
1328 BUG_TRAP(res==0); 1328 WARN_ON(res != 0);
1329 } 1329 }
1330 w->leaf = rt; 1330 w->leaf = rt;
1331 return 0; 1331 return 0;
@@ -1449,27 +1449,23 @@ void fib6_run_gc(unsigned long expires, struct net *net)
1449 gc_args.timeout = expires ? (int)expires : 1449 gc_args.timeout = expires ? (int)expires :
1450 net->ipv6.sysctl.ip6_rt_gc_interval; 1450 net->ipv6.sysctl.ip6_rt_gc_interval;
1451 } else { 1451 } else {
1452 local_bh_disable(); 1452 if (!spin_trylock_bh(&fib6_gc_lock)) {
1453 if (!spin_trylock(&fib6_gc_lock)) { 1453 mod_timer(&net->ipv6.ip6_fib_timer, jiffies + HZ);
1454 mod_timer(net->ipv6.ip6_fib_timer, jiffies + HZ);
1455 local_bh_enable();
1456 return; 1454 return;
1457 } 1455 }
1458 gc_args.timeout = net->ipv6.sysctl.ip6_rt_gc_interval; 1456 gc_args.timeout = net->ipv6.sysctl.ip6_rt_gc_interval;
1459 } 1457 }
1460 gc_args.more = 0;
1461 1458
1462 icmp6_dst_gc(&gc_args.more); 1459 gc_args.more = icmp6_dst_gc();
1463 1460
1464 fib6_clean_all(net, fib6_age, 0, NULL); 1461 fib6_clean_all(net, fib6_age, 0, NULL);
1465 1462
1466 if (gc_args.more) 1463 if (gc_args.more)
1467 mod_timer(net->ipv6.ip6_fib_timer, jiffies + 1464 mod_timer(&net->ipv6.ip6_fib_timer,
1468 net->ipv6.sysctl.ip6_rt_gc_interval); 1465 round_jiffies(jiffies
1469 else { 1466 + net->ipv6.sysctl.ip6_rt_gc_interval));
1470 del_timer(net->ipv6.ip6_fib_timer); 1467 else
1471 net->ipv6.ip6_fib_timer->expires = 0; 1468 del_timer(&net->ipv6.ip6_fib_timer);
1472 }
1473 spin_unlock_bh(&fib6_gc_lock); 1469 spin_unlock_bh(&fib6_gc_lock);
1474} 1470}
1475 1471
@@ -1480,24 +1476,15 @@ static void fib6_gc_timer_cb(unsigned long arg)
1480 1476
1481static int fib6_net_init(struct net *net) 1477static int fib6_net_init(struct net *net)
1482{ 1478{
1483 int ret; 1479 setup_timer(&net->ipv6.ip6_fib_timer, fib6_gc_timer_cb, (unsigned long)net);
1484 struct timer_list *timer;
1485
1486 ret = -ENOMEM;
1487 timer = kzalloc(sizeof(*timer), GFP_KERNEL);
1488 if (!timer)
1489 goto out;
1490
1491 setup_timer(timer, fib6_gc_timer_cb, (unsigned long)net);
1492 net->ipv6.ip6_fib_timer = timer;
1493 1480
1494 net->ipv6.rt6_stats = kzalloc(sizeof(*net->ipv6.rt6_stats), GFP_KERNEL); 1481 net->ipv6.rt6_stats = kzalloc(sizeof(*net->ipv6.rt6_stats), GFP_KERNEL);
1495 if (!net->ipv6.rt6_stats) 1482 if (!net->ipv6.rt6_stats)
1496 goto out_timer; 1483 goto out_timer;
1497 1484
1498 net->ipv6.fib_table_hash = 1485 net->ipv6.fib_table_hash = kcalloc(FIB_TABLE_HASHSZ,
1499 kzalloc(sizeof(*net->ipv6.fib_table_hash)*FIB_TABLE_HASHSZ, 1486 sizeof(*net->ipv6.fib_table_hash),
1500 GFP_KERNEL); 1487 GFP_KERNEL);
1501 if (!net->ipv6.fib_table_hash) 1488 if (!net->ipv6.fib_table_hash)
1502 goto out_rt6_stats; 1489 goto out_rt6_stats;
1503 1490
@@ -1523,9 +1510,7 @@ static int fib6_net_init(struct net *net)
1523#endif 1510#endif
1524 fib6_tables_init(net); 1511 fib6_tables_init(net);
1525 1512
1526 ret = 0; 1513 return 0;
1527out:
1528 return ret;
1529 1514
1530#ifdef CONFIG_IPV6_MULTIPLE_TABLES 1515#ifdef CONFIG_IPV6_MULTIPLE_TABLES
1531out_fib6_main_tbl: 1516out_fib6_main_tbl:
@@ -1536,15 +1521,14 @@ out_fib_table_hash:
1536out_rt6_stats: 1521out_rt6_stats:
1537 kfree(net->ipv6.rt6_stats); 1522 kfree(net->ipv6.rt6_stats);
1538out_timer: 1523out_timer:
1539 kfree(timer); 1524 return -ENOMEM;
1540 goto out;
1541 } 1525 }
1542 1526
1543static void fib6_net_exit(struct net *net) 1527static void fib6_net_exit(struct net *net)
1544{ 1528{
1545 rt6_ifdown(net, NULL); 1529 rt6_ifdown(net, NULL);
1546 del_timer_sync(net->ipv6.ip6_fib_timer); 1530 del_timer_sync(&net->ipv6.ip6_fib_timer);
1547 kfree(net->ipv6.ip6_fib_timer); 1531
1548#ifdef CONFIG_IPV6_MULTIPLE_TABLES 1532#ifdef CONFIG_IPV6_MULTIPLE_TABLES
1549 kfree(net->ipv6.fib6_local_tbl); 1533 kfree(net->ipv6.fib6_local_tbl);
1550#endif 1534#endif
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index eb7a940310f4..37a4e777e347 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -354,7 +354,7 @@ fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
354 msg.msg_control = (void*)(fl->opt+1); 354 msg.msg_control = (void*)(fl->opt+1);
355 flowi.oif = 0; 355 flowi.oif = 0;
356 356
357 err = datagram_send_ctl(&msg, &flowi, fl->opt, &junk, &junk); 357 err = datagram_send_ctl(net, &msg, &flowi, fl->opt, &junk, &junk);
358 if (err) 358 if (err)
359 goto done; 359 goto done;
360 err = -EINVAL; 360 err = -EINVAL;
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 4e5c8615832c..7e14cccd0561 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -6,8 +6,6 @@
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Ian P. Morris <I.P.Morris@soton.ac.uk> 7 * Ian P. Morris <I.P.Morris@soton.ac.uk>
8 * 8 *
9 * $Id: ip6_input.c,v 1.19 2000/12/13 18:31:50 davem Exp $
10 *
11 * Based in linux/net/ipv4/ip_input.c 9 * Based in linux/net/ipv4/ip_input.c
12 * 10 *
13 * This program is free software; you can redistribute it and/or 11 * This program is free software; you can redistribute it and/or
@@ -73,7 +71,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
73 71
74 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INRECEIVES); 72 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INRECEIVES);
75 73
76 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) { 74 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
75 !idev || unlikely(idev->cnf.disable_ipv6)) {
77 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS); 76 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INDISCARDS);
78 rcu_read_unlock(); 77 rcu_read_unlock();
79 goto out; 78 goto out;
@@ -102,6 +101,15 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
102 if (hdr->version != 6) 101 if (hdr->version != 6)
103 goto err; 102 goto err;
104 103
104 /*
105 * RFC4291 2.5.3
106 * A packet received on an interface with a destination address
107 * of loopback must be dropped.
108 */
109 if (!(dev->flags & IFF_LOOPBACK) &&
110 ipv6_addr_loopback(&hdr->daddr))
111 goto err;
112
105 skb->transport_header = skb->network_header + sizeof(*hdr); 113 skb->transport_header = skb->network_header + sizeof(*hdr);
106 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 114 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
107 115
@@ -241,7 +249,7 @@ int ip6_mc_input(struct sk_buff *skb)
241 /* 249 /*
242 * IPv6 multicast router mode is now supported ;) 250 * IPv6 multicast router mode is now supported ;)
243 */ 251 */
244 if (ipv6_devconf.mc_forwarding && 252 if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding &&
245 likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) { 253 likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) {
246 /* 254 /*
247 * Okay, we try to forward - split and duplicate 255 * Okay, we try to forward - split and duplicate
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 48cdce9c696c..0e844c2736a7 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: ip6_output.c,v 1.34 2002/02/01 22:01:04 davem Exp $
9 *
10 * Based on linux/net/ipv4/ip_output.c 8 * Based on linux/net/ipv4/ip_output.c
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
@@ -118,7 +116,7 @@ static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
118 __skb_pull(newskb, skb_network_offset(newskb)); 116 __skb_pull(newskb, skb_network_offset(newskb));
119 newskb->pkt_type = PACKET_LOOPBACK; 117 newskb->pkt_type = PACKET_LOOPBACK;
120 newskb->ip_summed = CHECKSUM_UNNECESSARY; 118 newskb->ip_summed = CHECKSUM_UNNECESSARY;
121 BUG_TRAP(newskb->dst); 119 WARN_ON(!newskb->dst);
122 120
123 netif_rx(newskb); 121 netif_rx(newskb);
124 return 0; 122 return 0;
@@ -175,6 +173,13 @@ static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
175 173
176int ip6_output(struct sk_buff *skb) 174int ip6_output(struct sk_buff *skb)
177{ 175{
176 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
177 if (unlikely(idev->cnf.disable_ipv6)) {
178 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS);
179 kfree_skb(skb);
180 return 0;
181 }
182
178 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 183 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
179 dst_allfrag(skb->dst)) 184 dst_allfrag(skb->dst))
180 return ip6_fragment(skb, ip6_output2); 185 return ip6_fragment(skb, ip6_output2);
@@ -231,6 +236,10 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
231 skb_reset_network_header(skb); 236 skb_reset_network_header(skb);
232 hdr = ipv6_hdr(skb); 237 hdr = ipv6_hdr(skb);
233 238
239 /* Allow local fragmentation. */
240 if (ipfragok)
241 skb->local_df = 1;
242
234 /* 243 /*
235 * Fill in the IPv6 header 244 * Fill in the IPv6 header
236 */ 245 */
@@ -260,7 +269,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
260 skb->mark = sk->sk_mark; 269 skb->mark = sk->sk_mark;
261 270
262 mtu = dst_mtu(dst); 271 mtu = dst_mtu(dst);
263 if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { 272 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
264 IP6_INC_STATS(ip6_dst_idev(skb->dst), 273 IP6_INC_STATS(ip6_dst_idev(skb->dst),
265 IPSTATS_MIB_OUTREQUESTS); 274 IPSTATS_MIB_OUTREQUESTS);
266 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 275 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
@@ -406,9 +415,12 @@ int ip6_forward(struct sk_buff *skb)
406 struct inet6_skb_parm *opt = IP6CB(skb); 415 struct inet6_skb_parm *opt = IP6CB(skb);
407 struct net *net = dev_net(dst->dev); 416 struct net *net = dev_net(dst->dev);
408 417
409 if (ipv6_devconf.forwarding == 0) 418 if (net->ipv6.devconf_all->forwarding == 0)
410 goto error; 419 goto error;
411 420
421 if (skb_warn_if_lro(skb))
422 goto drop;
423
412 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 424 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
413 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 425 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
414 goto drop; 426 goto drop;
@@ -450,7 +462,7 @@ int ip6_forward(struct sk_buff *skb)
450 } 462 }
451 463
452 /* XXX: idev->cnf.proxy_ndp? */ 464 /* XXX: idev->cnf.proxy_ndp? */
453 if (ipv6_devconf.proxy_ndp && 465 if (net->ipv6.devconf_all->proxy_ndp &&
454 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 466 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
455 int proxied = ip6_forward_proxy_check(skb); 467 int proxied = ip6_forward_proxy_check(skb);
456 if (proxied > 0) 468 if (proxied > 0)
@@ -497,7 +509,8 @@ int ip6_forward(struct sk_buff *skb)
497 int addrtype = ipv6_addr_type(&hdr->saddr); 509 int addrtype = ipv6_addr_type(&hdr->saddr);
498 510
499 /* This check is security critical. */ 511 /* This check is security critical. */
500 if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK)) 512 if (addrtype == IPV6_ADDR_ANY ||
513 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
501 goto error; 514 goto error;
502 if (addrtype & IPV6_ADDR_LINKLOCAL) { 515 if (addrtype & IPV6_ADDR_LINKLOCAL) {
503 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 516 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
@@ -921,7 +934,7 @@ static int ip6_dst_lookup_tail(struct sock *sk,
921 goto out_err_release; 934 goto out_err_release;
922 935
923 if (ipv6_addr_any(&fl->fl6_src)) { 936 if (ipv6_addr_any(&fl->fl6_src)) {
924 err = ipv6_dev_get_saddr(ip6_dst_idev(*dst)->dev, 937 err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev,
925 &fl->fl6_dst, 938 &fl->fl6_dst,
926 sk ? inet6_sk(sk)->srcprefs : 0, 939 sk ? inet6_sk(sk)->srcprefs : 0,
927 &fl->fl6_src); 940 &fl->fl6_src);
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 2bda3ba100b1..17c7b098cdb0 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -6,8 +6,6 @@
6 * Ville Nuorvala <vnuorval@tcs.hut.fi> 6 * Ville Nuorvala <vnuorval@tcs.hut.fi>
7 * Yasuyuki Kozakai <kozakai@linux-ipv6.org> 7 * Yasuyuki Kozakai <kozakai@linux-ipv6.org>
8 * 8 *
9 * $Id$
10 *
11 * Based on: 9 * Based on:
12 * linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c 10 * linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c
13 * 11 *
@@ -711,7 +709,7 @@ static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol,
711 } 709 }
712 710
713 if (!ip6_tnl_rcv_ctl(t)) { 711 if (!ip6_tnl_rcv_ctl(t)) {
714 t->stat.rx_dropped++; 712 t->dev->stats.rx_dropped++;
715 read_unlock(&ip6_tnl_lock); 713 read_unlock(&ip6_tnl_lock);
716 goto discard; 714 goto discard;
717 } 715 }
@@ -728,8 +726,8 @@ static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol,
728 726
729 dscp_ecn_decapsulate(t, ipv6h, skb); 727 dscp_ecn_decapsulate(t, ipv6h, skb);
730 728
731 t->stat.rx_packets++; 729 t->dev->stats.rx_packets++;
732 t->stat.rx_bytes += skb->len; 730 t->dev->stats.rx_bytes += skb->len;
733 netif_rx(skb); 731 netif_rx(skb);
734 read_unlock(&ip6_tnl_lock); 732 read_unlock(&ip6_tnl_lock);
735 return 0; 733 return 0;
@@ -849,7 +847,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
849 __u32 *pmtu) 847 __u32 *pmtu)
850{ 848{
851 struct ip6_tnl *t = netdev_priv(dev); 849 struct ip6_tnl *t = netdev_priv(dev);
852 struct net_device_stats *stats = &t->stat; 850 struct net_device_stats *stats = &t->dev->stats;
853 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 851 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
854 struct ipv6_tel_txoption opt; 852 struct ipv6_tel_txoption opt;
855 struct dst_entry *dst; 853 struct dst_entry *dst;
@@ -1043,11 +1041,11 @@ static int
1043ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1041ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1044{ 1042{
1045 struct ip6_tnl *t = netdev_priv(dev); 1043 struct ip6_tnl *t = netdev_priv(dev);
1046 struct net_device_stats *stats = &t->stat; 1044 struct net_device_stats *stats = &t->dev->stats;
1047 int ret; 1045 int ret;
1048 1046
1049 if (t->recursion++) { 1047 if (t->recursion++) {
1050 t->stat.collisions++; 1048 stats->collisions++;
1051 goto tx_err; 1049 goto tx_err;
1052 } 1050 }
1053 1051
@@ -1289,19 +1287,6 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1289} 1287}
1290 1288
1291/** 1289/**
1292 * ip6_tnl_get_stats - return the stats for tunnel device
1293 * @dev: virtual device associated with tunnel
1294 *
1295 * Return: stats for device
1296 **/
1297
1298static struct net_device_stats *
1299ip6_tnl_get_stats(struct net_device *dev)
1300{
1301 return &(((struct ip6_tnl *)netdev_priv(dev))->stat);
1302}
1303
1304/**
1305 * ip6_tnl_change_mtu - change mtu manually for tunnel device 1290 * ip6_tnl_change_mtu - change mtu manually for tunnel device
1306 * @dev: virtual device associated with tunnel 1291 * @dev: virtual device associated with tunnel
1307 * @new_mtu: the new mtu 1292 * @new_mtu: the new mtu
@@ -1334,7 +1319,6 @@ static void ip6_tnl_dev_setup(struct net_device *dev)
1334 dev->uninit = ip6_tnl_dev_uninit; 1319 dev->uninit = ip6_tnl_dev_uninit;
1335 dev->destructor = free_netdev; 1320 dev->destructor = free_netdev;
1336 dev->hard_start_xmit = ip6_tnl_xmit; 1321 dev->hard_start_xmit = ip6_tnl_xmit;
1337 dev->get_stats = ip6_tnl_get_stats;
1338 dev->do_ioctl = ip6_tnl_ioctl; 1322 dev->do_ioctl = ip6_tnl_ioctl;
1339 dev->change_mtu = ip6_tnl_change_mtu; 1323 dev->change_mtu = ip6_tnl_change_mtu;
1340 1324
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 2de3c464fe75..095bc453ff4c 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -197,7 +197,7 @@ static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
197 const char *name = vif->dev ? vif->dev->name : "none"; 197 const char *name = vif->dev ? vif->dev->name : "none";
198 198
199 seq_printf(seq, 199 seq_printf(seq,
200 "%2Zd %-10s %8ld %7ld %8ld %7ld %05X\n", 200 "%2td %-10s %8ld %7ld %8ld %7ld %05X\n",
201 vif - vif6_table, 201 vif - vif6_table,
202 name, vif->bytes_in, vif->pkt_in, 202 name, vif->bytes_in, vif->pkt_in,
203 vif->bytes_out, vif->pkt_out, 203 vif->bytes_out, vif->pkt_out,
@@ -388,8 +388,8 @@ static int pim6_rcv(struct sk_buff *skb)
388 skb->ip_summed = 0; 388 skb->ip_summed = 0;
389 skb->pkt_type = PACKET_HOST; 389 skb->pkt_type = PACKET_HOST;
390 dst_release(skb->dst); 390 dst_release(skb->dst);
391 ((struct net_device_stats *)netdev_priv(reg_dev))->rx_bytes += skb->len; 391 reg_dev->stats.rx_bytes += skb->len;
392 ((struct net_device_stats *)netdev_priv(reg_dev))->rx_packets++; 392 reg_dev->stats.rx_packets++;
393 skb->dst = NULL; 393 skb->dst = NULL;
394 nf_reset(skb); 394 nf_reset(skb);
395 netif_rx(skb); 395 netif_rx(skb);
@@ -409,26 +409,20 @@ static struct inet6_protocol pim6_protocol = {
409static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev) 409static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev)
410{ 410{
411 read_lock(&mrt_lock); 411 read_lock(&mrt_lock);
412 ((struct net_device_stats *)netdev_priv(dev))->tx_bytes += skb->len; 412 dev->stats.tx_bytes += skb->len;
413 ((struct net_device_stats *)netdev_priv(dev))->tx_packets++; 413 dev->stats.tx_packets++;
414 ip6mr_cache_report(skb, reg_vif_num, MRT6MSG_WHOLEPKT); 414 ip6mr_cache_report(skb, reg_vif_num, MRT6MSG_WHOLEPKT);
415 read_unlock(&mrt_lock); 415 read_unlock(&mrt_lock);
416 kfree_skb(skb); 416 kfree_skb(skb);
417 return 0; 417 return 0;
418} 418}
419 419
420static struct net_device_stats *reg_vif_get_stats(struct net_device *dev)
421{
422 return (struct net_device_stats *)netdev_priv(dev);
423}
424
425static void reg_vif_setup(struct net_device *dev) 420static void reg_vif_setup(struct net_device *dev)
426{ 421{
427 dev->type = ARPHRD_PIMREG; 422 dev->type = ARPHRD_PIMREG;
428 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8; 423 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8;
429 dev->flags = IFF_NOARP; 424 dev->flags = IFF_NOARP;
430 dev->hard_start_xmit = reg_vif_xmit; 425 dev->hard_start_xmit = reg_vif_xmit;
431 dev->get_stats = reg_vif_get_stats;
432 dev->destructor = free_netdev; 426 dev->destructor = free_netdev;
433} 427}
434 428
@@ -436,9 +430,7 @@ static struct net_device *ip6mr_reg_vif(void)
436{ 430{
437 struct net_device *dev; 431 struct net_device *dev;
438 432
439 dev = alloc_netdev(sizeof(struct net_device_stats), "pim6reg", 433 dev = alloc_netdev(0, "pim6reg", reg_vif_setup);
440 reg_vif_setup);
441
442 if (dev == NULL) 434 if (dev == NULL)
443 return NULL; 435 return NULL;
444 436
@@ -451,6 +443,7 @@ static struct net_device *ip6mr_reg_vif(void)
451 if (dev_open(dev)) 443 if (dev_open(dev))
452 goto failure; 444 goto failure;
453 445
446 dev_hold(dev);
454 return dev; 447 return dev;
455 448
456failure: 449failure:
@@ -603,6 +596,7 @@ static int mif6_add(struct mif6ctl *vifc, int mrtsock)
603 int vifi = vifc->mif6c_mifi; 596 int vifi = vifc->mif6c_mifi;
604 struct mif_device *v = &vif6_table[vifi]; 597 struct mif_device *v = &vif6_table[vifi];
605 struct net_device *dev; 598 struct net_device *dev;
599 int err;
606 600
607 /* Is vif busy ? */ 601 /* Is vif busy ? */
608 if (MIF_EXISTS(vifi)) 602 if (MIF_EXISTS(vifi))
@@ -620,20 +614,28 @@ static int mif6_add(struct mif6ctl *vifc, int mrtsock)
620 dev = ip6mr_reg_vif(); 614 dev = ip6mr_reg_vif();
621 if (!dev) 615 if (!dev)
622 return -ENOBUFS; 616 return -ENOBUFS;
617 err = dev_set_allmulti(dev, 1);
618 if (err) {
619 unregister_netdevice(dev);
620 dev_put(dev);
621 return err;
622 }
623 break; 623 break;
624#endif 624#endif
625 case 0: 625 case 0:
626 dev = dev_get_by_index(&init_net, vifc->mif6c_pifi); 626 dev = dev_get_by_index(&init_net, vifc->mif6c_pifi);
627 if (!dev) 627 if (!dev)
628 return -EADDRNOTAVAIL; 628 return -EADDRNOTAVAIL;
629 dev_put(dev); 629 err = dev_set_allmulti(dev, 1);
630 if (err) {
631 dev_put(dev);
632 return err;
633 }
630 break; 634 break;
631 default: 635 default:
632 return -EINVAL; 636 return -EINVAL;
633 } 637 }
634 638
635 dev_set_allmulti(dev, 1);
636
637 /* 639 /*
638 * Fill in the VIF structures 640 * Fill in the VIF structures
639 */ 641 */
@@ -652,7 +654,6 @@ static int mif6_add(struct mif6ctl *vifc, int mrtsock)
652 654
653 /* And finish update writing critical data */ 655 /* And finish update writing critical data */
654 write_lock_bh(&mrt_lock); 656 write_lock_bh(&mrt_lock);
655 dev_hold(dev);
656 v->dev = dev; 657 v->dev = dev;
657#ifdef CONFIG_IPV6_PIMSM_V2 658#ifdef CONFIG_IPV6_PIMSM_V2
658 if (v->flags & MIFF_REGISTER) 659 if (v->flags & MIFF_REGISTER)
@@ -934,7 +935,7 @@ static int ip6mr_device_event(struct notifier_block *this,
934 struct mif_device *v; 935 struct mif_device *v;
935 int ct; 936 int ct;
936 937
937 if (dev_net(dev) != &init_net) 938 if (!net_eq(dev_net(dev), &init_net))
938 return NOTIFY_DONE; 939 return NOTIFY_DONE;
939 940
940 if (event != NETDEV_UNREGISTER) 941 if (event != NETDEV_UNREGISTER)
@@ -956,23 +957,51 @@ static struct notifier_block ip6_mr_notifier = {
956 * Setup for IP multicast routing 957 * Setup for IP multicast routing
957 */ 958 */
958 959
959void __init ip6_mr_init(void) 960int __init ip6_mr_init(void)
960{ 961{
962 int err;
963
961 mrt_cachep = kmem_cache_create("ip6_mrt_cache", 964 mrt_cachep = kmem_cache_create("ip6_mrt_cache",
962 sizeof(struct mfc6_cache), 965 sizeof(struct mfc6_cache),
963 0, SLAB_HWCACHE_ALIGN, 966 0, SLAB_HWCACHE_ALIGN,
964 NULL); 967 NULL);
965 if (!mrt_cachep) 968 if (!mrt_cachep)
966 panic("cannot allocate ip6_mrt_cache"); 969 return -ENOMEM;
967 970
968 setup_timer(&ipmr_expire_timer, ipmr_expire_process, 0); 971 setup_timer(&ipmr_expire_timer, ipmr_expire_process, 0);
969 register_netdevice_notifier(&ip6_mr_notifier); 972 err = register_netdevice_notifier(&ip6_mr_notifier);
973 if (err)
974 goto reg_notif_fail;
975#ifdef CONFIG_PROC_FS
976 err = -ENOMEM;
977 if (!proc_net_fops_create(&init_net, "ip6_mr_vif", 0, &ip6mr_vif_fops))
978 goto proc_vif_fail;
979 if (!proc_net_fops_create(&init_net, "ip6_mr_cache",
980 0, &ip6mr_mfc_fops))
981 goto proc_cache_fail;
982#endif
983 return 0;
984reg_notif_fail:
985 kmem_cache_destroy(mrt_cachep);
970#ifdef CONFIG_PROC_FS 986#ifdef CONFIG_PROC_FS
971 proc_net_fops_create(&init_net, "ip6_mr_vif", 0, &ip6mr_vif_fops); 987proc_vif_fail:
972 proc_net_fops_create(&init_net, "ip6_mr_cache", 0, &ip6mr_mfc_fops); 988 unregister_netdevice_notifier(&ip6_mr_notifier);
989proc_cache_fail:
990 proc_net_remove(&init_net, "ip6_mr_vif");
973#endif 991#endif
992 return err;
974} 993}
975 994
995void ip6_mr_cleanup(void)
996{
997#ifdef CONFIG_PROC_FS
998 proc_net_remove(&init_net, "ip6_mr_cache");
999 proc_net_remove(&init_net, "ip6_mr_vif");
1000#endif
1001 unregister_netdevice_notifier(&ip6_mr_notifier);
1002 del_timer(&ipmr_expire_timer);
1003 kmem_cache_destroy(mrt_cachep);
1004}
976 1005
977static int ip6mr_mfc_add(struct mf6cctl *mfc, int mrtsock) 1006static int ip6mr_mfc_add(struct mf6cctl *mfc, int mrtsock)
978{ 1007{
@@ -1248,7 +1277,7 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, int
1248 1277
1249#endif 1278#endif
1250 /* 1279 /*
1251 * Spurious command, or MRT_VERSION which you cannot 1280 * Spurious command, or MRT6_VERSION which you cannot
1252 * set. 1281 * set.
1253 */ 1282 */
1254 default: 1283 default:
@@ -1377,8 +1406,8 @@ static int ip6mr_forward2(struct sk_buff *skb, struct mfc6_cache *c, int vifi)
1377 if (vif->flags & MIFF_REGISTER) { 1406 if (vif->flags & MIFF_REGISTER) {
1378 vif->pkt_out++; 1407 vif->pkt_out++;
1379 vif->bytes_out += skb->len; 1408 vif->bytes_out += skb->len;
1380 ((struct net_device_stats *)netdev_priv(vif->dev))->tx_bytes += skb->len; 1409 vif->dev->stats.tx_bytes += skb->len;
1381 ((struct net_device_stats *)netdev_priv(vif->dev))->tx_packets++; 1410 vif->dev->stats.tx_packets++;
1382 ip6mr_cache_report(skb, vifi, MRT6MSG_WHOLEPKT); 1411 ip6mr_cache_report(skb, vifi, MRT6MSG_WHOLEPKT);
1383 kfree_skb(skb); 1412 kfree_skb(skb);
1384 return 0; 1413 return 0;
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index ee6de425ce6b..4545e4306862 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -50,125 +50,6 @@
50#include <linux/icmpv6.h> 50#include <linux/icmpv6.h>
51#include <linux/mutex.h> 51#include <linux/mutex.h>
52 52
53struct ipcomp6_tfms {
54 struct list_head list;
55 struct crypto_comp **tfms;
56 int users;
57};
58
59static DEFINE_MUTEX(ipcomp6_resource_mutex);
60static void **ipcomp6_scratches;
61static int ipcomp6_scratch_users;
62static LIST_HEAD(ipcomp6_tfms_list);
63
64static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb)
65{
66 int nexthdr;
67 int err = -ENOMEM;
68 struct ip_comp_hdr *ipch;
69 int plen, dlen;
70 struct ipcomp_data *ipcd = x->data;
71 u8 *start, *scratch;
72 struct crypto_comp *tfm;
73 int cpu;
74
75 if (skb_linearize_cow(skb))
76 goto out;
77
78 skb->ip_summed = CHECKSUM_NONE;
79
80 /* Remove ipcomp header and decompress original payload */
81 ipch = (void *)skb->data;
82 nexthdr = ipch->nexthdr;
83
84 skb->transport_header = skb->network_header + sizeof(*ipch);
85 __skb_pull(skb, sizeof(*ipch));
86
87 /* decompression */
88 plen = skb->len;
89 dlen = IPCOMP_SCRATCH_SIZE;
90 start = skb->data;
91
92 cpu = get_cpu();
93 scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
94 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
95
96 err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
97 if (err)
98 goto out_put_cpu;
99
100 if (dlen < (plen + sizeof(*ipch))) {
101 err = -EINVAL;
102 goto out_put_cpu;
103 }
104
105 err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
106 if (err) {
107 goto out_put_cpu;
108 }
109
110 skb->truesize += dlen - plen;
111 __skb_put(skb, dlen - plen);
112 skb_copy_to_linear_data(skb, scratch, dlen);
113 err = nexthdr;
114
115out_put_cpu:
116 put_cpu();
117out:
118 return err;
119}
120
121static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
122{
123 int err;
124 struct ip_comp_hdr *ipch;
125 struct ipcomp_data *ipcd = x->data;
126 int plen, dlen;
127 u8 *start, *scratch;
128 struct crypto_comp *tfm;
129 int cpu;
130
131 /* check whether datagram len is larger than threshold */
132 if (skb->len < ipcd->threshold) {
133 goto out_ok;
134 }
135
136 if (skb_linearize_cow(skb))
137 goto out_ok;
138
139 /* compression */
140 plen = skb->len;
141 dlen = IPCOMP_SCRATCH_SIZE;
142 start = skb->data;
143
144 cpu = get_cpu();
145 scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
146 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
147
148 local_bh_disable();
149 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
150 local_bh_enable();
151 if (err || (dlen + sizeof(*ipch)) >= plen) {
152 put_cpu();
153 goto out_ok;
154 }
155 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
156 put_cpu();
157 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
158
159 /* insert ipcomp header and replace datagram */
160 ipch = ip_comp_hdr(skb);
161 ipch->nexthdr = *skb_mac_header(skb);
162 ipch->flags = 0;
163 ipch->cpi = htons((u16 )ntohl(x->id.spi));
164 *skb_mac_header(skb) = IPPROTO_COMP;
165
166out_ok:
167 skb_push(skb, -skb_network_offset(skb));
168
169 return 0;
170}
171
172static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 53static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
173 int type, int code, int offset, __be32 info) 54 int type, int code, int offset, __be32 info)
174{ 55{
@@ -251,160 +132,9 @@ out:
251 return err; 132 return err;
252} 133}
253 134
254static void ipcomp6_free_scratches(void)
255{
256 int i;
257 void **scratches;
258
259 if (--ipcomp6_scratch_users)
260 return;
261
262 scratches = ipcomp6_scratches;
263 if (!scratches)
264 return;
265
266 for_each_possible_cpu(i) {
267 void *scratch = *per_cpu_ptr(scratches, i);
268
269 vfree(scratch);
270 }
271
272 free_percpu(scratches);
273}
274
275static void **ipcomp6_alloc_scratches(void)
276{
277 int i;
278 void **scratches;
279
280 if (ipcomp6_scratch_users++)
281 return ipcomp6_scratches;
282
283 scratches = alloc_percpu(void *);
284 if (!scratches)
285 return NULL;
286
287 ipcomp6_scratches = scratches;
288
289 for_each_possible_cpu(i) {
290 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
291 if (!scratch)
292 return NULL;
293 *per_cpu_ptr(scratches, i) = scratch;
294 }
295
296 return scratches;
297}
298
299static void ipcomp6_free_tfms(struct crypto_comp **tfms)
300{
301 struct ipcomp6_tfms *pos;
302 int cpu;
303
304 list_for_each_entry(pos, &ipcomp6_tfms_list, list) {
305 if (pos->tfms == tfms)
306 break;
307 }
308
309 BUG_TRAP(pos);
310
311 if (--pos->users)
312 return;
313
314 list_del(&pos->list);
315 kfree(pos);
316
317 if (!tfms)
318 return;
319
320 for_each_possible_cpu(cpu) {
321 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
322 crypto_free_comp(tfm);
323 }
324 free_percpu(tfms);
325}
326
327static struct crypto_comp **ipcomp6_alloc_tfms(const char *alg_name)
328{
329 struct ipcomp6_tfms *pos;
330 struct crypto_comp **tfms;
331 int cpu;
332
333 /* This can be any valid CPU ID so we don't need locking. */
334 cpu = raw_smp_processor_id();
335
336 list_for_each_entry(pos, &ipcomp6_tfms_list, list) {
337 struct crypto_comp *tfm;
338
339 tfms = pos->tfms;
340 tfm = *per_cpu_ptr(tfms, cpu);
341
342 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
343 pos->users++;
344 return tfms;
345 }
346 }
347
348 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
349 if (!pos)
350 return NULL;
351
352 pos->users = 1;
353 INIT_LIST_HEAD(&pos->list);
354 list_add(&pos->list, &ipcomp6_tfms_list);
355
356 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
357 if (!tfms)
358 goto error;
359
360 for_each_possible_cpu(cpu) {
361 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
362 CRYPTO_ALG_ASYNC);
363 if (IS_ERR(tfm))
364 goto error;
365 *per_cpu_ptr(tfms, cpu) = tfm;
366 }
367
368 return tfms;
369
370error:
371 ipcomp6_free_tfms(tfms);
372 return NULL;
373}
374
375static void ipcomp6_free_data(struct ipcomp_data *ipcd)
376{
377 if (ipcd->tfms)
378 ipcomp6_free_tfms(ipcd->tfms);
379 ipcomp6_free_scratches();
380}
381
382static void ipcomp6_destroy(struct xfrm_state *x)
383{
384 struct ipcomp_data *ipcd = x->data;
385 if (!ipcd)
386 return;
387 xfrm_state_delete_tunnel(x);
388 mutex_lock(&ipcomp6_resource_mutex);
389 ipcomp6_free_data(ipcd);
390 mutex_unlock(&ipcomp6_resource_mutex);
391 kfree(ipcd);
392
393 xfrm6_tunnel_free_spi((xfrm_address_t *)&x->props.saddr);
394}
395
396static int ipcomp6_init_state(struct xfrm_state *x) 135static int ipcomp6_init_state(struct xfrm_state *x)
397{ 136{
398 int err; 137 int err = -EINVAL;
399 struct ipcomp_data *ipcd;
400 struct xfrm_algo_desc *calg_desc;
401
402 err = -EINVAL;
403 if (!x->calg)
404 goto out;
405
406 if (x->encap)
407 goto out;
408 138
409 x->props.header_len = 0; 139 x->props.header_len = 0;
410 switch (x->props.mode) { 140 switch (x->props.mode) {
@@ -417,39 +147,21 @@ static int ipcomp6_init_state(struct xfrm_state *x)
417 goto out; 147 goto out;
418 } 148 }
419 149
420 err = -ENOMEM; 150 err = ipcomp_init_state(x);
421 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL); 151 if (err)
422 if (!ipcd)
423 goto out; 152 goto out;
424 153
425 mutex_lock(&ipcomp6_resource_mutex);
426 if (!ipcomp6_alloc_scratches())
427 goto error;
428
429 ipcd->tfms = ipcomp6_alloc_tfms(x->calg->alg_name);
430 if (!ipcd->tfms)
431 goto error;
432 mutex_unlock(&ipcomp6_resource_mutex);
433
434 if (x->props.mode == XFRM_MODE_TUNNEL) { 154 if (x->props.mode == XFRM_MODE_TUNNEL) {
435 err = ipcomp6_tunnel_attach(x); 155 err = ipcomp6_tunnel_attach(x);
436 if (err) 156 if (err)
437 goto error_tunnel; 157 goto error_tunnel;
438 } 158 }
439 159
440 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
441 BUG_ON(!calg_desc);
442 ipcd->threshold = calg_desc->uinfo.comp.threshold;
443 x->data = ipcd;
444 err = 0; 160 err = 0;
445out: 161out:
446 return err; 162 return err;
447error_tunnel: 163error_tunnel:
448 mutex_lock(&ipcomp6_resource_mutex); 164 ipcomp_destroy(x);
449error:
450 ipcomp6_free_data(ipcd);
451 mutex_unlock(&ipcomp6_resource_mutex);
452 kfree(ipcd);
453 165
454 goto out; 166 goto out;
455} 167}
@@ -460,9 +172,9 @@ static const struct xfrm_type ipcomp6_type =
460 .owner = THIS_MODULE, 172 .owner = THIS_MODULE,
461 .proto = IPPROTO_COMP, 173 .proto = IPPROTO_COMP,
462 .init_state = ipcomp6_init_state, 174 .init_state = ipcomp6_init_state,
463 .destructor = ipcomp6_destroy, 175 .destructor = ipcomp_destroy,
464 .input = ipcomp6_input, 176 .input = ipcomp_input,
465 .output = ipcomp6_output, 177 .output = ipcomp_output,
466 .hdr_offset = xfrm6_find_1stfragopt, 178 .hdr_offset = xfrm6_find_1stfragopt,
467}; 179};
468 180
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 56d55fecf8ec..4e5eac301f91 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -7,8 +7,6 @@
7 * 7 *
8 * Based on linux/net/ipv4/ip_sockglue.c 8 * Based on linux/net/ipv4/ip_sockglue.c
9 * 9 *
10 * $Id: ipv6_sockglue.c,v 1.41 2002/02/01 22:01:04 davem Exp $
11 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License 11 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 12 * as published by the Free Software Foundation; either version
@@ -61,13 +59,13 @@ DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics) __read_mostly;
61struct ip6_ra_chain *ip6_ra_chain; 59struct ip6_ra_chain *ip6_ra_chain;
62DEFINE_RWLOCK(ip6_ra_lock); 60DEFINE_RWLOCK(ip6_ra_lock);
63 61
64int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *)) 62int ip6_ra_control(struct sock *sk, int sel)
65{ 63{
66 struct ip6_ra_chain *ra, *new_ra, **rap; 64 struct ip6_ra_chain *ra, *new_ra, **rap;
67 65
68 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 66 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */
69 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num != IPPROTO_RAW) 67 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num != IPPROTO_RAW)
70 return -EINVAL; 68 return -ENOPROTOOPT;
71 69
72 new_ra = (sel>=0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 70 new_ra = (sel>=0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
73 71
@@ -83,8 +81,6 @@ int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *))
83 *rap = ra->next; 81 *rap = ra->next;
84 write_unlock_bh(&ip6_ra_lock); 82 write_unlock_bh(&ip6_ra_lock);
85 83
86 if (ra->destructor)
87 ra->destructor(sk);
88 sock_put(sk); 84 sock_put(sk);
89 kfree(ra); 85 kfree(ra);
90 return 0; 86 return 0;
@@ -96,7 +92,6 @@ int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *))
96 } 92 }
97 new_ra->sk = sk; 93 new_ra->sk = sk;
98 new_ra->sel = sel; 94 new_ra->sel = sel;
99 new_ra->destructor = destructor;
100 new_ra->next = ra; 95 new_ra->next = ra;
101 *rap = new_ra; 96 *rap = new_ra;
102 sock_hold(sk); 97 sock_hold(sk);
@@ -161,9 +156,17 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
161 struct ipv6_txoptions *opt; 156 struct ipv6_txoptions *opt;
162 struct sk_buff *pktopt; 157 struct sk_buff *pktopt;
163 158
164 if (sk->sk_protocol != IPPROTO_UDP && 159 if (sk->sk_type == SOCK_RAW)
165 sk->sk_protocol != IPPROTO_UDPLITE && 160 break;
166 sk->sk_protocol != IPPROTO_TCP) 161
162 if (sk->sk_protocol == IPPROTO_UDP ||
163 sk->sk_protocol == IPPROTO_UDPLITE) {
164 struct udp_sock *up = udp_sk(sk);
165 if (up->pending == AF_INET6) {
166 retv = -EBUSY;
167 break;
168 }
169 } else if (sk->sk_protocol != IPPROTO_TCP)
167 break; 170 break;
168 171
169 if (sk->sk_state != TCP_ESTABLISHED) { 172 if (sk->sk_state != TCP_ESTABLISHED) {
@@ -337,18 +340,23 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
337 case IPV6_DSTOPTS: 340 case IPV6_DSTOPTS:
338 { 341 {
339 struct ipv6_txoptions *opt; 342 struct ipv6_txoptions *opt;
343
344 /* remove any sticky options header with a zero option
345 * length, per RFC3542.
346 */
340 if (optlen == 0) 347 if (optlen == 0)
341 optval = NULL; 348 optval = NULL;
349 else if (optval == NULL)
350 goto e_inval;
351 else if (optlen < sizeof(struct ipv6_opt_hdr) ||
352 optlen & 0x7 || optlen > 8 * 255)
353 goto e_inval;
342 354
343 /* hop-by-hop / destination options are privileged option */ 355 /* hop-by-hop / destination options are privileged option */
344 retv = -EPERM; 356 retv = -EPERM;
345 if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW)) 357 if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW))
346 break; 358 break;
347 359
348 if (optlen < sizeof(struct ipv6_opt_hdr) ||
349 optlen & 0x7 || optlen > 8 * 255)
350 goto e_inval;
351
352 opt = ipv6_renew_options(sk, np->opt, optname, 360 opt = ipv6_renew_options(sk, np->opt, optname,
353 (struct ipv6_opt_hdr __user *)optval, 361 (struct ipv6_opt_hdr __user *)optval,
354 optlen); 362 optlen);
@@ -416,7 +424,7 @@ sticky_done:
416 msg.msg_controllen = optlen; 424 msg.msg_controllen = optlen;
417 msg.msg_control = (void*)(opt+1); 425 msg.msg_control = (void*)(opt+1);
418 426
419 retv = datagram_send_ctl(&msg, &fl, opt, &junk, &junk); 427 retv = datagram_send_ctl(net, &msg, &fl, opt, &junk, &junk);
420 if (retv) 428 if (retv)
421 goto done; 429 goto done;
422update: 430update:
@@ -438,7 +446,7 @@ done:
438 446
439 case IPV6_MULTICAST_HOPS: 447 case IPV6_MULTICAST_HOPS:
440 if (sk->sk_type == SOCK_STREAM) 448 if (sk->sk_type == SOCK_STREAM)
441 goto e_inval; 449 break;
442 if (optlen < sizeof(int)) 450 if (optlen < sizeof(int))
443 goto e_inval; 451 goto e_inval;
444 if (val > 255 || val < -1) 452 if (val > 255 || val < -1)
@@ -450,13 +458,15 @@ done:
450 case IPV6_MULTICAST_LOOP: 458 case IPV6_MULTICAST_LOOP:
451 if (optlen < sizeof(int)) 459 if (optlen < sizeof(int))
452 goto e_inval; 460 goto e_inval;
461 if (val != valbool)
462 goto e_inval;
453 np->mc_loop = valbool; 463 np->mc_loop = valbool;
454 retv = 0; 464 retv = 0;
455 break; 465 break;
456 466
457 case IPV6_MULTICAST_IF: 467 case IPV6_MULTICAST_IF:
458 if (sk->sk_type == SOCK_STREAM) 468 if (sk->sk_type == SOCK_STREAM)
459 goto e_inval; 469 break;
460 if (optlen < sizeof(int)) 470 if (optlen < sizeof(int))
461 goto e_inval; 471 goto e_inval;
462 472
@@ -621,7 +631,7 @@ done:
621 case IPV6_ROUTER_ALERT: 631 case IPV6_ROUTER_ALERT:
622 if (optlen < sizeof(int)) 632 if (optlen < sizeof(int))
623 goto e_inval; 633 goto e_inval;
624 retv = ip6_ra_control(sk, val, NULL); 634 retv = ip6_ra_control(sk, val);
625 break; 635 break;
626 case IPV6_MTU_DISCOVER: 636 case IPV6_MTU_DISCOVER:
627 if (optlen < sizeof(int)) 637 if (optlen < sizeof(int))
@@ -832,7 +842,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
832 len = min_t(unsigned int, len, ipv6_optlen(hdr)); 842 len = min_t(unsigned int, len, ipv6_optlen(hdr));
833 if (copy_to_user(optval, hdr, len)) 843 if (copy_to_user(optval, hdr, len))
834 return -EFAULT; 844 return -EFAULT;
835 return ipv6_optlen(hdr); 845 return len;
836} 846}
837 847
838static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, 848static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
@@ -852,7 +862,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
852 if (sk->sk_protocol != IPPROTO_UDP && 862 if (sk->sk_protocol != IPPROTO_UDP &&
853 sk->sk_protocol != IPPROTO_UDPLITE && 863 sk->sk_protocol != IPPROTO_UDPLITE &&
854 sk->sk_protocol != IPPROTO_TCP) 864 sk->sk_protocol != IPPROTO_TCP)
855 return -EINVAL; 865 return -ENOPROTOOPT;
856 if (sk->sk_state != TCP_ESTABLISHED) 866 if (sk->sk_state != TCP_ESTABLISHED)
857 return -ENOTCONN; 867 return -ENOTCONN;
858 val = sk->sk_family; 868 val = sk->sk_family;
@@ -866,6 +876,8 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
866 return -EINVAL; 876 return -EINVAL;
867 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 877 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0)))
868 return -EFAULT; 878 return -EFAULT;
879 if (gsf.gf_group.ss_family != AF_INET6)
880 return -EADDRNOTAVAIL;
869 lock_sock(sk); 881 lock_sock(sk);
870 err = ip6_mc_msfget(sk, &gsf, 882 err = ip6_mc_msfget(sk, &gsf,
871 (struct group_filter __user *)optval, optlen); 883 (struct group_filter __user *)optval, optlen);
@@ -899,7 +911,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
899 } else { 911 } else {
900 if (np->rxopt.bits.rxinfo) { 912 if (np->rxopt.bits.rxinfo) {
901 struct in6_pktinfo src_info; 913 struct in6_pktinfo src_info;
902 src_info.ipi6_ifindex = np->mcast_oif; 914 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : sk->sk_bound_dev_if;
903 ipv6_addr_copy(&src_info.ipi6_addr, &np->daddr); 915 ipv6_addr_copy(&src_info.ipi6_addr, &np->daddr);
904 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); 916 put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info);
905 } 917 }
@@ -909,7 +921,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
909 } 921 }
910 if (np->rxopt.bits.rxoinfo) { 922 if (np->rxopt.bits.rxoinfo) {
911 struct in6_pktinfo src_info; 923 struct in6_pktinfo src_info;
912 src_info.ipi6_ifindex = np->mcast_oif; 924 src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : sk->sk_bound_dev_if;
913 ipv6_addr_copy(&src_info.ipi6_addr, &np->daddr); 925 ipv6_addr_copy(&src_info.ipi6_addr, &np->daddr);
914 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); 926 put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
915 } 927 }
@@ -975,6 +987,9 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
975 len = ipv6_getsockopt_sticky(sk, np->opt, 987 len = ipv6_getsockopt_sticky(sk, np->opt,
976 optname, optval, len); 988 optname, optval, len);
977 release_sock(sk); 989 release_sock(sk);
990 /* check if ipv6_getsockopt_sticky() returns err code */
991 if (len < 0)
992 return len;
978 return put_user(len, optlen); 993 return put_user(len, optlen);
979 } 994 }
980 995
@@ -1025,7 +1040,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
1025 dst_release(dst); 1040 dst_release(dst);
1026 } 1041 }
1027 if (val < 0) 1042 if (val < 0)
1028 val = ipv6_devconf.hop_limit; 1043 val = sock_net(sk)->ipv6.devconf_all->hop_limit;
1029 break; 1044 break;
1030 } 1045 }
1031 1046
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index fd632dd7f98d..e7c03bcc2788 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: mcast.c,v 1.40 2002/02/08 03:57:19 davem Exp $
9 *
10 * Based on linux/ipv4/igmp.c and linux/ipv4/ip_sockglue.c 8 * Based on linux/ipv4/igmp.c and linux/ipv4/ip_sockglue.c
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
@@ -153,7 +151,7 @@ static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml,
153#define IGMP6_UNSOLICITED_IVAL (10*HZ) 151#define IGMP6_UNSOLICITED_IVAL (10*HZ)
154#define MLD_QRV_DEFAULT 2 152#define MLD_QRV_DEFAULT 2
155 153
156#define MLD_V1_SEEN(idev) (ipv6_devconf.force_mld_version == 1 || \ 154#define MLD_V1_SEEN(idev) (dev_net((idev)->dev)->ipv6.devconf_all->force_mld_version == 1 || \
157 (idev)->cnf.force_mld_version == 1 || \ 155 (idev)->cnf.force_mld_version == 1 || \
158 ((idev)->mc_v1_seen && \ 156 ((idev)->mc_v1_seen && \
159 time_before(jiffies, (idev)->mc_v1_seen))) 157 time_before(jiffies, (idev)->mc_v1_seen)))
@@ -164,7 +162,6 @@ static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml,
164 ((MLDV2_MASK(value, nbmant) | (1<<(nbmant))) << \ 162 ((MLDV2_MASK(value, nbmant) | (1<<(nbmant))) << \
165 (MLDV2_MASK((value) >> (nbmant), nbexp) + (nbexp)))) 163 (MLDV2_MASK((value) >> (nbmant), nbexp) + (nbexp))))
166 164
167#define MLDV2_QQIC(value) MLDV2_EXP(0x80, 4, 3, value)
168#define MLDV2_MRC(value) MLDV2_EXP(0x8000, 12, 3, value) 165#define MLDV2_MRC(value) MLDV2_EXP(0x8000, 12, 3, value)
169 166
170#define IPV6_MLD_MAX_MSF 64 167#define IPV6_MLD_MAX_MSF 64
@@ -370,10 +367,6 @@ int ip6_mc_source(int add, int omode, struct sock *sk,
370 int pmclocked = 0; 367 int pmclocked = 0;
371 int err; 368 int err;
372 369
373 if (pgsr->gsr_group.ss_family != AF_INET6 ||
374 pgsr->gsr_source.ss_family != AF_INET6)
375 return -EINVAL;
376
377 source = &((struct sockaddr_in6 *)&pgsr->gsr_source)->sin6_addr; 370 source = &((struct sockaddr_in6 *)&pgsr->gsr_source)->sin6_addr;
378 group = &((struct sockaddr_in6 *)&pgsr->gsr_group)->sin6_addr; 371 group = &((struct sockaddr_in6 *)&pgsr->gsr_group)->sin6_addr;
379 372
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index ad1cc5bbf977..31295c8f6196 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -164,8 +164,8 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb)
164 calc_padlen(sizeof(*dstopt), 6)); 164 calc_padlen(sizeof(*dstopt), 6));
165 165
166 hao->type = IPV6_TLV_HAO; 166 hao->type = IPV6_TLV_HAO;
167 BUILD_BUG_ON(sizeof(*hao) != 18);
167 hao->length = sizeof(*hao) - 2; 168 hao->length = sizeof(*hao) - 2;
168 BUG_TRAP(hao->length == 16);
169 169
170 len = ((char *)hao - (char *)dstopt) + sizeof(*hao); 170 len = ((char *)hao - (char *)dstopt) + sizeof(*hao);
171 171
@@ -174,7 +174,7 @@ static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb)
174 memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr)); 174 memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr));
175 spin_unlock_bh(&x->lock); 175 spin_unlock_bh(&x->lock);
176 176
177 BUG_TRAP(len == x->props.header_len); 177 WARN_ON(len != x->props.header_len);
178 dstopt->hdrlen = (x->props.header_len >> 3) - 1; 178 dstopt->hdrlen = (x->props.header_len >> 3) - 1;
179 179
180 return 0; 180 return 0;
@@ -317,7 +317,7 @@ static int mip6_destopt_init_state(struct xfrm_state *x)
317 x->props.header_len = sizeof(struct ipv6_destopt_hdr) + 317 x->props.header_len = sizeof(struct ipv6_destopt_hdr) +
318 calc_padlen(sizeof(struct ipv6_destopt_hdr), 6) + 318 calc_padlen(sizeof(struct ipv6_destopt_hdr), 6) +
319 sizeof(struct ipv6_destopt_hao); 319 sizeof(struct ipv6_destopt_hao);
320 BUG_TRAP(x->props.header_len == 24); 320 WARN_ON(x->props.header_len != 24);
321 321
322 return 0; 322 return 0;
323} 323}
@@ -380,7 +380,7 @@ static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb)
380 rt2->rt_hdr.segments_left = 1; 380 rt2->rt_hdr.segments_left = 1;
381 memset(&rt2->reserved, 0, sizeof(rt2->reserved)); 381 memset(&rt2->reserved, 0, sizeof(rt2->reserved));
382 382
383 BUG_TRAP(rt2->rt_hdr.hdrlen == 2); 383 WARN_ON(rt2->rt_hdr.hdrlen != 2);
384 384
385 memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr)); 385 memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr));
386 spin_lock_bh(&x->lock); 386 spin_lock_bh(&x->lock);
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 282fdb31f8ed..f1c62ba0f56b 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -549,7 +549,7 @@ static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
549 override = 0; 549 override = 0;
550 in6_ifa_put(ifp); 550 in6_ifa_put(ifp);
551 } else { 551 } else {
552 if (ipv6_dev_get_saddr(dev, daddr, 552 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
553 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 553 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
554 &tmpaddr)) 554 &tmpaddr))
555 return; 555 return;
@@ -784,15 +784,17 @@ static void ndisc_recv_ns(struct sk_buff *skb)
784 784
785 idev = ifp->idev; 785 idev = ifp->idev;
786 } else { 786 } else {
787 struct net *net = dev_net(dev);
788
787 idev = in6_dev_get(dev); 789 idev = in6_dev_get(dev);
788 if (!idev) { 790 if (!idev) {
789 /* XXX: count this drop? */ 791 /* XXX: count this drop? */
790 return; 792 return;
791 } 793 }
792 794
793 if (ipv6_chk_acast_addr(dev_net(dev), dev, &msg->target) || 795 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
794 (idev->cnf.forwarding && 796 (idev->cnf.forwarding &&
795 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 797 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
796 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 798 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
797 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 799 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
798 skb->pkt_type != PACKET_HOST && 800 skb->pkt_type != PACKET_HOST &&
@@ -921,6 +923,7 @@ static void ndisc_recv_na(struct sk_buff *skb)
921 923
922 if (neigh) { 924 if (neigh) {
923 u8 old_flags = neigh->flags; 925 u8 old_flags = neigh->flags;
926 struct net *net = dev_net(dev);
924 927
925 if (neigh->nud_state & NUD_FAILED) 928 if (neigh->nud_state & NUD_FAILED)
926 goto out; 929 goto out;
@@ -931,8 +934,8 @@ static void ndisc_recv_na(struct sk_buff *skb)
931 * has already sent a NA to us. 934 * has already sent a NA to us.
932 */ 935 */
933 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 936 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
934 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 937 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
935 pneigh_lookup(&nd_tbl, dev_net(dev), &msg->target, dev, 0)) { 938 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
936 /* XXX: idev->cnf.prixy_ndp */ 939 /* XXX: idev->cnf.prixy_ndp */
937 goto out; 940 goto out;
938 } 941 }
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 6cae5475737e..0cfcce7b18d8 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -208,5 +208,17 @@ config IP6_NF_RAW
208 If you want to compile it as a module, say M here and read 208 If you want to compile it as a module, say M here and read
209 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. 209 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
210 210
211# security table for MAC policy
212config IP6_NF_SECURITY
213 tristate "Security table"
214 depends on IP6_NF_IPTABLES
215 depends on SECURITY
216 depends on NETFILTER_ADVANCED
217 help
218 This option adds a `security' table to iptables, for use
219 with Mandatory Access Control (MAC) policy.
220
221 If unsure, say N.
222
211endmenu 223endmenu
212 224
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index fbf2c14ed887..3f17c948eefb 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -8,6 +8,7 @@ obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
8obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o 8obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
9obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o 9obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
10obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o 10obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
11obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o
11 12
12# objects for l3 independent conntrack 13# objects for l3 independent conntrack
13nf_conntrack_ipv6-objs := nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o nf_conntrack_reasm.o 14nf_conntrack_ipv6-objs := nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o nf_conntrack_reasm.o
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 2eff3ae8977d..5859c046cbc4 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -159,7 +159,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
159 case IPQ_COPY_META: 159 case IPQ_COPY_META:
160 case IPQ_COPY_NONE: 160 case IPQ_COPY_NONE:
161 size = NLMSG_SPACE(sizeof(*pmsg)); 161 size = NLMSG_SPACE(sizeof(*pmsg));
162 data_len = 0;
163 break; 162 break;
164 163
165 case IPQ_COPY_PACKET: 164 case IPQ_COPY_PACKET:
@@ -226,8 +225,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
226 return skb; 225 return skb;
227 226
228nlmsg_failure: 227nlmsg_failure:
229 if (skb)
230 kfree_skb(skb);
231 *errp = -EINVAL; 228 *errp = -EINVAL;
232 printk(KERN_ERR "ip6_queue: error creating packet message\n"); 229 printk(KERN_ERR "ip6_queue: error creating packet message\n");
233 return NULL; 230 return NULL;
@@ -483,7 +480,7 @@ ipq_rcv_dev_event(struct notifier_block *this,
483{ 480{
484 struct net_device *dev = ptr; 481 struct net_device *dev = ptr;
485 482
486 if (dev_net(dev) != &init_net) 483 if (!net_eq(dev_net(dev), &init_net))
487 return NOTIFY_DONE; 484 return NOTIFY_DONE;
488 485
489 /* Drop any packets associated with the downed device */ 486 /* Drop any packets associated with the downed device */
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index f979e48b469b..55a2c290bad4 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -61,13 +61,25 @@ static struct xt_table packet_filter = {
61 61
62/* The work comes in here from netfilter.c. */ 62/* The work comes in here from netfilter.c. */
63static unsigned int 63static unsigned int
64ip6t_hook(unsigned int hook, 64ip6t_local_in_hook(unsigned int hook,
65 struct sk_buff *skb, 65 struct sk_buff *skb,
66 const struct net_device *in, 66 const struct net_device *in,
67 const struct net_device *out, 67 const struct net_device *out,
68 int (*okfn)(struct sk_buff *)) 68 int (*okfn)(struct sk_buff *))
69{
70 return ip6t_do_table(skb, hook, in, out,
71 nf_local_in_net(in, out)->ipv6.ip6table_filter);
72}
73
74static unsigned int
75ip6t_forward_hook(unsigned int hook,
76 struct sk_buff *skb,
77 const struct net_device *in,
78 const struct net_device *out,
79 int (*okfn)(struct sk_buff *))
69{ 80{
70 return ip6t_do_table(skb, hook, in, out, init_net.ipv6.ip6table_filter); 81 return ip6t_do_table(skb, hook, in, out,
82 nf_forward_net(in, out)->ipv6.ip6table_filter);
71} 83}
72 84
73static unsigned int 85static unsigned int
@@ -87,19 +99,20 @@ ip6t_local_out_hook(unsigned int hook,
87 } 99 }
88#endif 100#endif
89 101
90 return ip6t_do_table(skb, hook, in, out, init_net.ipv6.ip6table_filter); 102 return ip6t_do_table(skb, hook, in, out,
103 nf_local_out_net(in, out)->ipv6.ip6table_filter);
91} 104}
92 105
93static struct nf_hook_ops ip6t_ops[] __read_mostly = { 106static struct nf_hook_ops ip6t_ops[] __read_mostly = {
94 { 107 {
95 .hook = ip6t_hook, 108 .hook = ip6t_local_in_hook,
96 .owner = THIS_MODULE, 109 .owner = THIS_MODULE,
97 .pf = PF_INET6, 110 .pf = PF_INET6,
98 .hooknum = NF_INET_LOCAL_IN, 111 .hooknum = NF_INET_LOCAL_IN,
99 .priority = NF_IP6_PRI_FILTER, 112 .priority = NF_IP6_PRI_FILTER,
100 }, 113 },
101 { 114 {
102 .hook = ip6t_hook, 115 .hook = ip6t_forward_hook,
103 .owner = THIS_MODULE, 116 .owner = THIS_MODULE,
104 .pf = PF_INET6, 117 .pf = PF_INET6,
105 .hooknum = NF_INET_FORWARD, 118 .hooknum = NF_INET_FORWARD,
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 27a5e8b48d93..f405cea21a8b 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -129,7 +129,7 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = {
129 .priority = NF_IP6_PRI_MANGLE, 129 .priority = NF_IP6_PRI_MANGLE,
130 }, 130 },
131 { 131 {
132 .hook = ip6t_local_hook, 132 .hook = ip6t_route_hook,
133 .owner = THIS_MODULE, 133 .owner = THIS_MODULE,
134 .pf = PF_INET6, 134 .pf = PF_INET6,
135 .hooknum = NF_INET_LOCAL_IN, 135 .hooknum = NF_INET_LOCAL_IN,
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c
new file mode 100644
index 000000000000..6e7131036bc6
--- /dev/null
+++ b/net/ipv6/netfilter/ip6table_security.c
@@ -0,0 +1,172 @@
1/*
2 * "security" table for IPv6
3 *
4 * This is for use by Mandatory Access Control (MAC) security models,
5 * which need to be able to manage security policy in separate context
6 * to DAC.
7 *
8 * Based on iptable_mangle.c
9 *
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 * Copyright (C) 2000-2004 Netfilter Core Team <coreteam <at> netfilter.org>
12 * Copyright (C) 2008 Red Hat, Inc., James Morris <jmorris <at> redhat.com>
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2 as
16 * published by the Free Software Foundation.
17 */
18#include <linux/module.h>
19#include <linux/netfilter_ipv6/ip6_tables.h>
20
21MODULE_LICENSE("GPL");
22MODULE_AUTHOR("James Morris <jmorris <at> redhat.com>");
23MODULE_DESCRIPTION("ip6tables security table, for MAC rules");
24
25#define SECURITY_VALID_HOOKS (1 << NF_INET_LOCAL_IN) | \
26 (1 << NF_INET_FORWARD) | \
27 (1 << NF_INET_LOCAL_OUT)
28
29static struct
30{
31 struct ip6t_replace repl;
32 struct ip6t_standard entries[3];
33 struct ip6t_error term;
34} initial_table __net_initdata = {
35 .repl = {
36 .name = "security",
37 .valid_hooks = SECURITY_VALID_HOOKS,
38 .num_entries = 4,
39 .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error),
40 .hook_entry = {
41 [NF_INET_LOCAL_IN] = 0,
42 [NF_INET_FORWARD] = sizeof(struct ip6t_standard),
43 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2,
44 },
45 .underflow = {
46 [NF_INET_LOCAL_IN] = 0,
47 [NF_INET_FORWARD] = sizeof(struct ip6t_standard),
48 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2,
49 },
50 },
51 .entries = {
52 IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
53 IP6T_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
54 IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
55 },
56 .term = IP6T_ERROR_INIT, /* ERROR */
57};
58
59static struct xt_table security_table = {
60 .name = "security",
61 .valid_hooks = SECURITY_VALID_HOOKS,
62 .lock = __RW_LOCK_UNLOCKED(security_table.lock),
63 .me = THIS_MODULE,
64 .af = AF_INET6,
65};
66
67static unsigned int
68ip6t_local_in_hook(unsigned int hook,
69 struct sk_buff *skb,
70 const struct net_device *in,
71 const struct net_device *out,
72 int (*okfn)(struct sk_buff *))
73{
74 return ip6t_do_table(skb, hook, in, out,
75 nf_local_in_net(in, out)->ipv6.ip6table_security);
76}
77
78static unsigned int
79ip6t_forward_hook(unsigned int hook,
80 struct sk_buff *skb,
81 const struct net_device *in,
82 const struct net_device *out,
83 int (*okfn)(struct sk_buff *))
84{
85 return ip6t_do_table(skb, hook, in, out,
86 nf_forward_net(in, out)->ipv6.ip6table_security);
87}
88
89static unsigned int
90ip6t_local_out_hook(unsigned int hook,
91 struct sk_buff *skb,
92 const struct net_device *in,
93 const struct net_device *out,
94 int (*okfn)(struct sk_buff *))
95{
96 /* TBD: handle short packets via raw socket */
97 return ip6t_do_table(skb, hook, in, out,
98 nf_local_out_net(in, out)->ipv6.ip6table_security);
99}
100
101static struct nf_hook_ops ip6t_ops[] __read_mostly = {
102 {
103 .hook = ip6t_local_in_hook,
104 .owner = THIS_MODULE,
105 .pf = PF_INET6,
106 .hooknum = NF_INET_LOCAL_IN,
107 .priority = NF_IP6_PRI_SECURITY,
108 },
109 {
110 .hook = ip6t_forward_hook,
111 .owner = THIS_MODULE,
112 .pf = PF_INET6,
113 .hooknum = NF_INET_FORWARD,
114 .priority = NF_IP6_PRI_SECURITY,
115 },
116 {
117 .hook = ip6t_local_out_hook,
118 .owner = THIS_MODULE,
119 .pf = PF_INET6,
120 .hooknum = NF_INET_LOCAL_OUT,
121 .priority = NF_IP6_PRI_SECURITY,
122 },
123};
124
125static int __net_init ip6table_security_net_init(struct net *net)
126{
127 net->ipv6.ip6table_security =
128 ip6t_register_table(net, &security_table, &initial_table.repl);
129
130 if (IS_ERR(net->ipv6.ip6table_security))
131 return PTR_ERR(net->ipv6.ip6table_security);
132
133 return 0;
134}
135
136static void __net_exit ip6table_security_net_exit(struct net *net)
137{
138 ip6t_unregister_table(net->ipv6.ip6table_security);
139}
140
141static struct pernet_operations ip6table_security_net_ops = {
142 .init = ip6table_security_net_init,
143 .exit = ip6table_security_net_exit,
144};
145
146static int __init ip6table_security_init(void)
147{
148 int ret;
149
150 ret = register_pernet_subsys(&ip6table_security_net_ops);
151 if (ret < 0)
152 return ret;
153
154 ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
155 if (ret < 0)
156 goto cleanup_table;
157
158 return ret;
159
160cleanup_table:
161 unregister_pernet_subsys(&ip6table_security_net_ops);
162 return ret;
163}
164
165static void __exit ip6table_security_fini(void)
166{
167 nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
168 unregister_pernet_subsys(&ip6table_security_net_ops);
169}
170
171module_init(ip6table_security_init);
172module_exit(ip6table_security_fini);
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index ee713b03e9ec..14d47d833545 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -89,9 +89,8 @@ static int icmpv6_packet(struct nf_conn *ct,
89 means this will only run once even if count hits zero twice 89 means this will only run once even if count hits zero twice
90 (theoretically possible with SMP) */ 90 (theoretically possible with SMP) */
91 if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { 91 if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
92 if (atomic_dec_and_test(&ct->proto.icmp.count) 92 if (atomic_dec_and_test(&ct->proto.icmp.count))
93 && del_timer(&ct->timeout)) 93 nf_ct_kill_acct(ct, ctinfo, skb);
94 ct->timeout.function((unsigned long)ct);
95 } else { 94 } else {
96 atomic_inc(&ct->proto.icmp.count); 95 atomic_inc(&ct->proto.icmp.count);
97 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); 96 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 2dccad48058c..52d06dd4b817 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -207,9 +207,12 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst)
207 arg.id = id; 207 arg.id = id;
208 arg.src = src; 208 arg.src = src;
209 arg.dst = dst; 209 arg.dst = dst;
210
211 read_lock_bh(&nf_frags.lock);
210 hash = ip6qhashfn(id, src, dst); 212 hash = ip6qhashfn(id, src, dst);
211 213
212 q = inet_frag_find(&nf_init_frags, &nf_frags, &arg, hash); 214 q = inet_frag_find(&nf_init_frags, &nf_frags, &arg, hash);
215 local_bh_enable();
213 if (q == NULL) 216 if (q == NULL)
214 goto oom; 217 goto oom;
215 218
@@ -413,8 +416,8 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
413 416
414 fq_kill(fq); 417 fq_kill(fq);
415 418
416 BUG_TRAP(head != NULL); 419 WARN_ON(head == NULL);
417 BUG_TRAP(NFCT_FRAG6_CB(head)->offset == 0); 420 WARN_ON(NFCT_FRAG6_CB(head)->offset != 0);
418 421
419 /* Unfragmented part is taken from the first segment. */ 422 /* Unfragmented part is taken from the first segment. */
420 payload_len = ((head->data - skb_network_header(head)) - 423 payload_len = ((head->data - skb_network_header(head)) -
@@ -638,10 +641,10 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
638 goto ret_orig; 641 goto ret_orig;
639 } 642 }
640 643
641 spin_lock(&fq->q.lock); 644 spin_lock_bh(&fq->q.lock);
642 645
643 if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { 646 if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) {
644 spin_unlock(&fq->q.lock); 647 spin_unlock_bh(&fq->q.lock);
645 pr_debug("Can't insert skb to queue\n"); 648 pr_debug("Can't insert skb to queue\n");
646 fq_put(fq); 649 fq_put(fq);
647 goto ret_orig; 650 goto ret_orig;
@@ -653,7 +656,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
653 if (ret_skb == NULL) 656 if (ret_skb == NULL)
654 pr_debug("Can't reassemble fragmented packets\n"); 657 pr_debug("Can't reassemble fragmented packets\n");
655 } 658 }
656 spin_unlock(&fq->q.lock); 659 spin_unlock_bh(&fq->q.lock);
657 660
658 fq_put(fq); 661 fq_put(fq);
659 return ret_skb; 662 return ret_skb;
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index df0736a4cafa..0179b66864f1 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -7,8 +7,6 @@
7 * PROC file system. This is very similar to the IPv4 version, 7 * PROC file system. This is very similar to the IPv4 version,
8 * except it reports the sockets in the INET6 address family. 8 * except it reports the sockets in the INET6 address family.
9 * 9 *
10 * Version: $Id: proc.c,v 1.17 2002/02/01 22:01:04 davem Exp $
11 *
12 * Authors: David S. Miller (davem@caip.rutgers.edu) 10 * Authors: David S. Miller (davem@caip.rutgers.edu)
13 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> 11 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
14 * 12 *
@@ -185,32 +183,7 @@ static int snmp6_seq_show(struct seq_file *seq, void *v)
185 183
186static int sockstat6_seq_open(struct inode *inode, struct file *file) 184static int sockstat6_seq_open(struct inode *inode, struct file *file)
187{ 185{
188 int err; 186 return single_open_net(inode, file, sockstat6_seq_show);
189 struct net *net;
190
191 err = -ENXIO;
192 net = get_proc_net(inode);
193 if (net == NULL)
194 goto err_net;
195
196 err = single_open(file, sockstat6_seq_show, net);
197 if (err < 0)
198 goto err_open;
199
200 return 0;
201
202err_open:
203 put_net(net);
204err_net:
205 return err;
206}
207
208static int sockstat6_seq_release(struct inode *inode, struct file *file)
209{
210 struct net *net = ((struct seq_file *)file->private_data)->private;
211
212 put_net(net);
213 return single_release(inode, file);
214} 187}
215 188
216static const struct file_operations sockstat6_seq_fops = { 189static const struct file_operations sockstat6_seq_fops = {
@@ -218,7 +191,7 @@ static const struct file_operations sockstat6_seq_fops = {
218 .open = sockstat6_seq_open, 191 .open = sockstat6_seq_open,
219 .read = seq_read, 192 .read = seq_read,
220 .llseek = seq_lseek, 193 .llseek = seq_lseek,
221 .release = sockstat6_seq_release, 194 .release = single_release_net,
222}; 195};
223 196
224static int snmp6_seq_open(struct inode *inode, struct file *file) 197static int snmp6_seq_open(struct inode *inode, struct file *file)
@@ -241,7 +214,7 @@ int snmp6_register_dev(struct inet6_dev *idev)
241 if (!idev || !idev->dev) 214 if (!idev || !idev->dev)
242 return -EINVAL; 215 return -EINVAL;
243 216
244 if (dev_net(idev->dev) != &init_net) 217 if (!net_eq(dev_net(idev->dev), &init_net))
245 return 0; 218 return 0;
246 219
247 if (!proc_net_devsnmp6) 220 if (!proc_net_devsnmp6)
@@ -313,7 +286,6 @@ proc_net_fail:
313 286
314void ipv6_misc_proc_exit(void) 287void ipv6_misc_proc_exit(void)
315{ 288{
316 proc_net_remove(&init_net, "sockstat6");
317 proc_net_remove(&init_net, "dev_snmp6"); 289 proc_net_remove(&init_net, "dev_snmp6");
318 proc_net_remove(&init_net, "snmp6"); 290 proc_net_remove(&init_net, "snmp6");
319 unregister_pernet_subsys(&ipv6_proc_ops); 291 unregister_pernet_subsys(&ipv6_proc_ops);
diff --git a/net/ipv6/protocol.c b/net/ipv6/protocol.c
index f929f47b925e..9ab789159913 100644
--- a/net/ipv6/protocol.c
+++ b/net/ipv6/protocol.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * PF_INET6 protocol dispatch tables. 6 * PF_INET6 protocol dispatch tables.
7 * 7 *
8 * Version: $Id: protocol.c,v 1.10 2001/05/18 02:25:49 davem Exp $
9 *
10 * Authors: Pedro Roque <roque@di.fc.ul.pt> 8 * Authors: Pedro Roque <roque@di.fc.ul.pt>
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 232e0dc45bf5..e53e493606c5 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -7,8 +7,6 @@
7 * 7 *
8 * Adapted from linux/net/ipv4/raw.c 8 * Adapted from linux/net/ipv4/raw.c
9 * 9 *
10 * $Id: raw.c,v 1.51 2002/02/01 22:01:04 davem Exp $
11 *
12 * Fixes: 10 * Fixes:
13 * Hideaki YOSHIFUJI : sin6_scope_id support 11 * Hideaki YOSHIFUJI : sin6_scope_id support
14 * YOSHIFUJI,H.@USAGI : raw checksum (RFC2292(bis) compliance) 12 * YOSHIFUJI,H.@USAGI : raw checksum (RFC2292(bis) compliance)
@@ -379,14 +377,14 @@ static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb)
379 skb_checksum_complete(skb)) { 377 skb_checksum_complete(skb)) {
380 atomic_inc(&sk->sk_drops); 378 atomic_inc(&sk->sk_drops);
381 kfree_skb(skb); 379 kfree_skb(skb);
382 return 0; 380 return NET_RX_DROP;
383 } 381 }
384 382
385 /* Charge it to the socket. */ 383 /* Charge it to the socket. */
386 if (sock_queue_rcv_skb(sk,skb)<0) { 384 if (sock_queue_rcv_skb(sk,skb)<0) {
387 atomic_inc(&sk->sk_drops); 385 atomic_inc(&sk->sk_drops);
388 kfree_skb(skb); 386 kfree_skb(skb);
389 return 0; 387 return NET_RX_DROP;
390 } 388 }
391 389
392 return 0; 390 return 0;
@@ -431,7 +429,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
431 if (skb_checksum_complete(skb)) { 429 if (skb_checksum_complete(skb)) {
432 atomic_inc(&sk->sk_drops); 430 atomic_inc(&sk->sk_drops);
433 kfree_skb(skb); 431 kfree_skb(skb);
434 return 0; 432 return NET_RX_DROP;
435 } 433 }
436 } 434 }
437 435
@@ -813,7 +811,7 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
813 memset(opt, 0, sizeof(struct ipv6_txoptions)); 811 memset(opt, 0, sizeof(struct ipv6_txoptions));
814 opt->tot_len = sizeof(struct ipv6_txoptions); 812 opt->tot_len = sizeof(struct ipv6_txoptions);
815 813
816 err = datagram_send_ctl(msg, &fl, opt, &hlimit, &tclass); 814 err = datagram_send_ctl(sock_net(sk), msg, &fl, opt, &hlimit, &tclass);
817 if (err < 0) { 815 if (err < 0) {
818 fl6_sock_release(flowlabel); 816 fl6_sock_release(flowlabel);
819 return err; 817 return err;
@@ -1159,11 +1157,20 @@ static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
1159static void rawv6_close(struct sock *sk, long timeout) 1157static void rawv6_close(struct sock *sk, long timeout)
1160{ 1158{
1161 if (inet_sk(sk)->num == IPPROTO_RAW) 1159 if (inet_sk(sk)->num == IPPROTO_RAW)
1162 ip6_ra_control(sk, -1, NULL); 1160 ip6_ra_control(sk, -1);
1163 ip6mr_sk_done(sk); 1161 ip6mr_sk_done(sk);
1164 sk_common_release(sk); 1162 sk_common_release(sk);
1165} 1163}
1166 1164
1165static void raw6_destroy(struct sock *sk)
1166{
1167 lock_sock(sk);
1168 ip6_flush_pending_frames(sk);
1169 release_sock(sk);
1170
1171 inet6_destroy_sock(sk);
1172}
1173
1167static int rawv6_init_sk(struct sock *sk) 1174static int rawv6_init_sk(struct sock *sk)
1168{ 1175{
1169 struct raw6_sock *rp = raw6_sk(sk); 1176 struct raw6_sock *rp = raw6_sk(sk);
@@ -1187,11 +1194,11 @@ struct proto rawv6_prot = {
1187 .name = "RAWv6", 1194 .name = "RAWv6",
1188 .owner = THIS_MODULE, 1195 .owner = THIS_MODULE,
1189 .close = rawv6_close, 1196 .close = rawv6_close,
1197 .destroy = raw6_destroy,
1190 .connect = ip6_datagram_connect, 1198 .connect = ip6_datagram_connect,
1191 .disconnect = udp_disconnect, 1199 .disconnect = udp_disconnect,
1192 .ioctl = rawv6_ioctl, 1200 .ioctl = rawv6_ioctl,
1193 .init = rawv6_init_sk, 1201 .init = rawv6_init_sk,
1194 .destroy = inet6_destroy_sock,
1195 .setsockopt = rawv6_setsockopt, 1202 .setsockopt = rawv6_setsockopt,
1196 .getsockopt = rawv6_getsockopt, 1203 .getsockopt = rawv6_getsockopt,
1197 .sendmsg = rawv6_sendmsg, 1204 .sendmsg = rawv6_sendmsg,
@@ -1244,7 +1251,7 @@ static int raw6_seq_show(struct seq_file *seq, void *v)
1244 "local_address " 1251 "local_address "
1245 "remote_address " 1252 "remote_address "
1246 "st tx_queue rx_queue tr tm->when retrnsmt" 1253 "st tx_queue rx_queue tr tm->when retrnsmt"
1247 " uid timeout inode drops\n"); 1254 " uid timeout inode ref pointer drops\n");
1248 else 1255 else
1249 raw6_sock_seq_show(seq, v, raw_seq_private(seq)->bucket); 1256 raw6_sock_seq_show(seq, v, raw_seq_private(seq)->bucket);
1250 return 0; 1257 return 0;
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 798cabc7535b..89184b576e23 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: reassembly.c,v 1.26 2001/03/07 22:00:57 davem Exp $
9 *
10 * Based on: net/ipv4/ip_fragment.c 8 * Based on: net/ipv4/ip_fragment.c
11 * 9 *
12 * This program is free software; you can redistribute it and/or 10 * This program is free software; you can redistribute it and/or
@@ -247,6 +245,8 @@ fq_find(struct net *net, __be32 id, struct in6_addr *src, struct in6_addr *dst,
247 arg.id = id; 245 arg.id = id;
248 arg.src = src; 246 arg.src = src;
249 arg.dst = dst; 247 arg.dst = dst;
248
249 read_lock(&ip6_frags.lock);
250 hash = ip6qhashfn(id, src, dst); 250 hash = ip6qhashfn(id, src, dst);
251 251
252 q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash); 252 q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);
@@ -473,8 +473,8 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
473 fq->q.fragments = head; 473 fq->q.fragments = head;
474 } 474 }
475 475
476 BUG_TRAP(head != NULL); 476 WARN_ON(head == NULL);
477 BUG_TRAP(FRAG6_CB(head)->offset == 0); 477 WARN_ON(FRAG6_CB(head)->offset != 0);
478 478
479 /* Unfragmented part is taken from the first segment. */ 479 /* Unfragmented part is taken from the first segment. */
480 payload_len = ((head->data - skb_network_header(head)) - 480 payload_len = ((head->data - skb_network_header(head)) -
@@ -632,7 +632,7 @@ static struct inet6_protocol frag_protocol =
632}; 632};
633 633
634#ifdef CONFIG_SYSCTL 634#ifdef CONFIG_SYSCTL
635static struct ctl_table ip6_frags_ctl_table[] = { 635static struct ctl_table ip6_frags_ns_ctl_table[] = {
636 { 636 {
637 .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, 637 .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
638 .procname = "ip6frag_high_thresh", 638 .procname = "ip6frag_high_thresh",
@@ -658,6 +658,10 @@ static struct ctl_table ip6_frags_ctl_table[] = {
658 .proc_handler = &proc_dointvec_jiffies, 658 .proc_handler = &proc_dointvec_jiffies,
659 .strategy = &sysctl_jiffies, 659 .strategy = &sysctl_jiffies,
660 }, 660 },
661 { }
662};
663
664static struct ctl_table ip6_frags_ctl_table[] = {
661 { 665 {
662 .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, 666 .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
663 .procname = "ip6frag_secret_interval", 667 .procname = "ip6frag_secret_interval",
@@ -670,21 +674,20 @@ static struct ctl_table ip6_frags_ctl_table[] = {
670 { } 674 { }
671}; 675};
672 676
673static int ip6_frags_sysctl_register(struct net *net) 677static int ip6_frags_ns_sysctl_register(struct net *net)
674{ 678{
675 struct ctl_table *table; 679 struct ctl_table *table;
676 struct ctl_table_header *hdr; 680 struct ctl_table_header *hdr;
677 681
678 table = ip6_frags_ctl_table; 682 table = ip6_frags_ns_ctl_table;
679 if (net != &init_net) { 683 if (net != &init_net) {
680 table = kmemdup(table, sizeof(ip6_frags_ctl_table), GFP_KERNEL); 684 table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL);
681 if (table == NULL) 685 if (table == NULL)
682 goto err_alloc; 686 goto err_alloc;
683 687
684 table[0].data = &net->ipv6.frags.high_thresh; 688 table[0].data = &net->ipv6.frags.high_thresh;
685 table[1].data = &net->ipv6.frags.low_thresh; 689 table[1].data = &net->ipv6.frags.low_thresh;
686 table[2].data = &net->ipv6.frags.timeout; 690 table[2].data = &net->ipv6.frags.timeout;
687 table[3].mode &= ~0222;
688 } 691 }
689 692
690 hdr = register_net_sysctl_table(net, net_ipv6_ctl_path, table); 693 hdr = register_net_sysctl_table(net, net_ipv6_ctl_path, table);
@@ -701,7 +704,7 @@ err_alloc:
701 return -ENOMEM; 704 return -ENOMEM;
702} 705}
703 706
704static void ip6_frags_sysctl_unregister(struct net *net) 707static void ip6_frags_ns_sysctl_unregister(struct net *net)
705{ 708{
706 struct ctl_table *table; 709 struct ctl_table *table;
707 710
@@ -709,13 +712,36 @@ static void ip6_frags_sysctl_unregister(struct net *net)
709 unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr); 712 unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr);
710 kfree(table); 713 kfree(table);
711} 714}
715
716static struct ctl_table_header *ip6_ctl_header;
717
718static int ip6_frags_sysctl_register(void)
719{
720 ip6_ctl_header = register_net_sysctl_rotable(net_ipv6_ctl_path,
721 ip6_frags_ctl_table);
722 return ip6_ctl_header == NULL ? -ENOMEM : 0;
723}
724
725static void ip6_frags_sysctl_unregister(void)
726{
727 unregister_net_sysctl_table(ip6_ctl_header);
728}
712#else 729#else
713static inline int ip6_frags_sysctl_register(struct net *net) 730static inline int ip6_frags_ns_sysctl_register(struct net *net)
714{ 731{
715 return 0; 732 return 0;
716} 733}
717 734
718static inline void ip6_frags_sysctl_unregister(struct net *net) 735static inline void ip6_frags_ns_sysctl_unregister(struct net *net)
736{
737}
738
739static inline int ip6_frags_sysctl_register(void)
740{
741 return 0;
742}
743
744static inline void ip6_frags_sysctl_unregister(void)
719{ 745{
720} 746}
721#endif 747#endif
@@ -728,12 +754,12 @@ static int ipv6_frags_init_net(struct net *net)
728 754
729 inet_frags_init_net(&net->ipv6.frags); 755 inet_frags_init_net(&net->ipv6.frags);
730 756
731 return ip6_frags_sysctl_register(net); 757 return ip6_frags_ns_sysctl_register(net);
732} 758}
733 759
734static void ipv6_frags_exit_net(struct net *net) 760static void ipv6_frags_exit_net(struct net *net)
735{ 761{
736 ip6_frags_sysctl_unregister(net); 762 ip6_frags_ns_sysctl_unregister(net);
737 inet_frags_exit_net(&net->ipv6.frags, &ip6_frags); 763 inet_frags_exit_net(&net->ipv6.frags, &ip6_frags);
738} 764}
739 765
@@ -750,7 +776,13 @@ int __init ipv6_frag_init(void)
750 if (ret) 776 if (ret)
751 goto out; 777 goto out;
752 778
753 register_pernet_subsys(&ip6_frags_ops); 779 ret = ip6_frags_sysctl_register();
780 if (ret)
781 goto err_sysctl;
782
783 ret = register_pernet_subsys(&ip6_frags_ops);
784 if (ret)
785 goto err_pernet;
754 786
755 ip6_frags.hashfn = ip6_hashfn; 787 ip6_frags.hashfn = ip6_hashfn;
756 ip6_frags.constructor = ip6_frag_init; 788 ip6_frags.constructor = ip6_frag_init;
@@ -763,11 +795,18 @@ int __init ipv6_frag_init(void)
763 inet_frags_init(&ip6_frags); 795 inet_frags_init(&ip6_frags);
764out: 796out:
765 return ret; 797 return ret;
798
799err_pernet:
800 ip6_frags_sysctl_unregister();
801err_sysctl:
802 inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT);
803 goto out;
766} 804}
767 805
768void ipv6_frag_exit(void) 806void ipv6_frag_exit(void)
769{ 807{
770 inet_frags_fini(&ip6_frags); 808 inet_frags_fini(&ip6_frags);
809 ip6_frags_sysctl_unregister();
771 unregister_pernet_subsys(&ip6_frags_ops); 810 unregister_pernet_subsys(&ip6_frags_ops);
772 inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); 811 inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT);
773} 812}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 48534c6c0735..9af6115f0f50 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: route.c,v 1.56 2001/10/31 21:55:55 davem Exp $
9 *
10 * This program is free software; you can redistribute it and/or 8 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License 9 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 10 * as published by the Free Software Foundation; either version
@@ -230,7 +228,7 @@ static __inline__ int rt6_check_expired(const struct rt6_info *rt)
230static inline int rt6_need_strict(struct in6_addr *daddr) 228static inline int rt6_need_strict(struct in6_addr *daddr)
231{ 229{
232 return (ipv6_addr_type(daddr) & 230 return (ipv6_addr_type(daddr) &
233 (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL)); 231 (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL | IPV6_ADDR_LOOPBACK));
234} 232}
235 233
236/* 234/*
@@ -239,21 +237,26 @@ static inline int rt6_need_strict(struct in6_addr *daddr)
239 237
240static inline struct rt6_info *rt6_device_match(struct net *net, 238static inline struct rt6_info *rt6_device_match(struct net *net,
241 struct rt6_info *rt, 239 struct rt6_info *rt,
240 struct in6_addr *saddr,
242 int oif, 241 int oif,
243 int strict) 242 int flags)
244{ 243{
245 struct rt6_info *local = NULL; 244 struct rt6_info *local = NULL;
246 struct rt6_info *sprt; 245 struct rt6_info *sprt;
247 246
248 if (oif) { 247 if (!oif && ipv6_addr_any(saddr))
249 for (sprt = rt; sprt; sprt = sprt->u.dst.rt6_next) { 248 goto out;
250 struct net_device *dev = sprt->rt6i_dev; 249
250 for (sprt = rt; sprt; sprt = sprt->u.dst.rt6_next) {
251 struct net_device *dev = sprt->rt6i_dev;
252
253 if (oif) {
251 if (dev->ifindex == oif) 254 if (dev->ifindex == oif)
252 return sprt; 255 return sprt;
253 if (dev->flags & IFF_LOOPBACK) { 256 if (dev->flags & IFF_LOOPBACK) {
254 if (sprt->rt6i_idev == NULL || 257 if (sprt->rt6i_idev == NULL ||
255 sprt->rt6i_idev->dev->ifindex != oif) { 258 sprt->rt6i_idev->dev->ifindex != oif) {
256 if (strict && oif) 259 if (flags & RT6_LOOKUP_F_IFACE && oif)
257 continue; 260 continue;
258 if (local && (!oif || 261 if (local && (!oif ||
259 local->rt6i_idev->dev->ifindex == oif)) 262 local->rt6i_idev->dev->ifindex == oif))
@@ -261,14 +264,21 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
261 } 264 }
262 local = sprt; 265 local = sprt;
263 } 266 }
267 } else {
268 if (ipv6_chk_addr(net, saddr, dev,
269 flags & RT6_LOOKUP_F_IFACE))
270 return sprt;
264 } 271 }
272 }
265 273
274 if (oif) {
266 if (local) 275 if (local)
267 return local; 276 return local;
268 277
269 if (strict) 278 if (flags & RT6_LOOKUP_F_IFACE)
270 return net->ipv6.ip6_null_entry; 279 return net->ipv6.ip6_null_entry;
271 } 280 }
281out:
272 return rt; 282 return rt;
273} 283}
274 284
@@ -446,7 +456,7 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
446 struct route_info *rinfo = (struct route_info *) opt; 456 struct route_info *rinfo = (struct route_info *) opt;
447 struct in6_addr prefix_buf, *prefix; 457 struct in6_addr prefix_buf, *prefix;
448 unsigned int pref; 458 unsigned int pref;
449 u32 lifetime; 459 unsigned long lifetime;
450 struct rt6_info *rt; 460 struct rt6_info *rt;
451 461
452 if (len < sizeof(struct route_info)) { 462 if (len < sizeof(struct route_info)) {
@@ -472,13 +482,7 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
472 if (pref == ICMPV6_ROUTER_PREF_INVALID) 482 if (pref == ICMPV6_ROUTER_PREF_INVALID)
473 pref = ICMPV6_ROUTER_PREF_MEDIUM; 483 pref = ICMPV6_ROUTER_PREF_MEDIUM;
474 484
475 lifetime = ntohl(rinfo->lifetime); 485 lifetime = addrconf_timeout_fixup(ntohl(rinfo->lifetime), HZ);
476 if (lifetime == 0xffffffff) {
477 /* infinity */
478 } else if (lifetime > 0x7fffffff/HZ - 1) {
479 /* Avoid arithmetic overflow */
480 lifetime = 0x7fffffff/HZ - 1;
481 }
482 486
483 if (rinfo->length == 3) 487 if (rinfo->length == 3)
484 prefix = (struct in6_addr *)rinfo->prefix; 488 prefix = (struct in6_addr *)rinfo->prefix;
@@ -506,7 +510,7 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
506 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 510 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
507 511
508 if (rt) { 512 if (rt) {
509 if (lifetime == 0xffffffff) { 513 if (!addrconf_finite_timeout(lifetime)) {
510 rt->rt6i_flags &= ~RTF_EXPIRES; 514 rt->rt6i_flags &= ~RTF_EXPIRES;
511 } else { 515 } else {
512 rt->rt6i_expires = jiffies + HZ * lifetime; 516 rt->rt6i_expires = jiffies + HZ * lifetime;
@@ -547,7 +551,7 @@ static struct rt6_info *ip6_pol_route_lookup(struct net *net,
547 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src); 551 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src);
548restart: 552restart:
549 rt = fn->leaf; 553 rt = fn->leaf;
550 rt = rt6_device_match(net, rt, fl->oif, flags); 554 rt = rt6_device_match(net, rt, &fl->fl6_src, fl->oif, flags);
551 BACKTRACK(net, &fl->fl6_src); 555 BACKTRACK(net, &fl->fl6_src);
552out: 556out:
553 dst_use(&rt->u.dst, jiffies); 557 dst_use(&rt->u.dst, jiffies);
@@ -672,7 +676,7 @@ static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table,
672 int strict = 0; 676 int strict = 0;
673 int attempts = 3; 677 int attempts = 3;
674 int err; 678 int err;
675 int reachable = ipv6_devconf.forwarding ? 0 : RT6_LOOKUP_F_REACHABLE; 679 int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
676 680
677 strict |= flags & RT6_LOOKUP_F_IFACE; 681 strict |= flags & RT6_LOOKUP_F_IFACE;
678 682
@@ -974,13 +978,12 @@ out:
974 return &rt->u.dst; 978 return &rt->u.dst;
975} 979}
976 980
977int icmp6_dst_gc(int *more) 981int icmp6_dst_gc(void)
978{ 982{
979 struct dst_entry *dst, *next, **pprev; 983 struct dst_entry *dst, *next, **pprev;
980 int freed; 984 int more = 0;
981 985
982 next = NULL; 986 next = NULL;
983 freed = 0;
984 987
985 spin_lock_bh(&icmp6_dst_lock); 988 spin_lock_bh(&icmp6_dst_lock);
986 pprev = &icmp6_dst_gc_list; 989 pprev = &icmp6_dst_gc_list;
@@ -989,16 +992,15 @@ int icmp6_dst_gc(int *more)
989 if (!atomic_read(&dst->__refcnt)) { 992 if (!atomic_read(&dst->__refcnt)) {
990 *pprev = dst->next; 993 *pprev = dst->next;
991 dst_free(dst); 994 dst_free(dst);
992 freed++;
993 } else { 995 } else {
994 pprev = &dst->next; 996 pprev = &dst->next;
995 (*more)++; 997 ++more;
996 } 998 }
997 } 999 }
998 1000
999 spin_unlock_bh(&icmp6_dst_lock); 1001 spin_unlock_bh(&icmp6_dst_lock);
1000 1002
1001 return freed; 1003 return more;
1002} 1004}
1003 1005
1004static int ip6_dst_gc(struct dst_ops *ops) 1006static int ip6_dst_gc(struct dst_ops *ops)
@@ -1054,7 +1056,7 @@ int ip6_dst_hoplimit(struct dst_entry *dst)
1054 hoplimit = idev->cnf.hop_limit; 1056 hoplimit = idev->cnf.hop_limit;
1055 in6_dev_put(idev); 1057 in6_dev_put(idev);
1056 } else 1058 } else
1057 hoplimit = ipv6_devconf.hop_limit; 1059 hoplimit = dev_net(dev)->ipv6.devconf_all->hop_limit;
1058 } 1060 }
1059 return hoplimit; 1061 return hoplimit;
1060} 1062}
@@ -1247,7 +1249,7 @@ install_route:
1247 1249
1248 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0) 1250 if (dst_metric(&rt->u.dst, RTAX_HOPLIMIT) == 0)
1249 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = -1; 1251 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = -1;
1250 if (!dst_metric(&rt->u.dst, RTAX_MTU)) 1252 if (!dst_mtu(&rt->u.dst))
1251 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(dev); 1253 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(dev);
1252 if (!dst_metric(&rt->u.dst, RTAX_ADVMSS)) 1254 if (!dst_metric(&rt->u.dst, RTAX_ADVMSS))
1253 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst)); 1255 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst));
@@ -2104,7 +2106,8 @@ static inline size_t rt6_nlmsg_size(void)
2104 + nla_total_size(sizeof(struct rta_cacheinfo)); 2106 + nla_total_size(sizeof(struct rta_cacheinfo));
2105} 2107}
2106 2108
2107static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt, 2109static int rt6_fill_node(struct net *net,
2110 struct sk_buff *skb, struct rt6_info *rt,
2108 struct in6_addr *dst, struct in6_addr *src, 2111 struct in6_addr *dst, struct in6_addr *src,
2109 int iif, int type, u32 pid, u32 seq, 2112 int iif, int type, u32 pid, u32 seq,
2110 int prefix, int nowait, unsigned int flags) 2113 int prefix, int nowait, unsigned int flags)
@@ -2185,8 +2188,9 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
2185#endif 2188#endif
2186 NLA_PUT_U32(skb, RTA_IIF, iif); 2189 NLA_PUT_U32(skb, RTA_IIF, iif);
2187 } else if (dst) { 2190 } else if (dst) {
2191 struct inet6_dev *idev = ip6_dst_idev(&rt->u.dst);
2188 struct in6_addr saddr_buf; 2192 struct in6_addr saddr_buf;
2189 if (ipv6_dev_get_saddr(ip6_dst_idev(&rt->u.dst)->dev, 2193 if (ipv6_dev_get_saddr(net, idev ? idev->dev : NULL,
2190 dst, 0, &saddr_buf) == 0) 2194 dst, 0, &saddr_buf) == 0)
2191 NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf); 2195 NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf);
2192 } 2196 }
@@ -2202,8 +2206,12 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
2202 2206
2203 NLA_PUT_U32(skb, RTA_PRIORITY, rt->rt6i_metric); 2207 NLA_PUT_U32(skb, RTA_PRIORITY, rt->rt6i_metric);
2204 2208
2205 expires = (rt->rt6i_flags & RTF_EXPIRES) ? 2209 if (!(rt->rt6i_flags & RTF_EXPIRES))
2206 rt->rt6i_expires - jiffies : 0; 2210 expires = 0;
2211 else if (rt->rt6i_expires - jiffies < INT_MAX)
2212 expires = rt->rt6i_expires - jiffies;
2213 else
2214 expires = INT_MAX;
2207 2215
2208 if (rtnl_put_cacheinfo(skb, &rt->u.dst, 0, 0, 0, 2216 if (rtnl_put_cacheinfo(skb, &rt->u.dst, 0, 0, 0,
2209 expires, rt->u.dst.error) < 0) 2217 expires, rt->u.dst.error) < 0)
@@ -2227,7 +2235,8 @@ int rt6_dump_route(struct rt6_info *rt, void *p_arg)
2227 } else 2235 } else
2228 prefix = 0; 2236 prefix = 0;
2229 2237
2230 return rt6_fill_node(arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE, 2238 return rt6_fill_node(arg->net,
2239 arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE,
2231 NETLINK_CB(arg->cb->skb).pid, arg->cb->nlh->nlmsg_seq, 2240 NETLINK_CB(arg->cb->skb).pid, arg->cb->nlh->nlmsg_seq,
2232 prefix, 0, NLM_F_MULTI); 2241 prefix, 0, NLM_F_MULTI);
2233} 2242}
@@ -2293,7 +2302,7 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
2293 rt = (struct rt6_info*) ip6_route_output(net, NULL, &fl); 2302 rt = (struct rt6_info*) ip6_route_output(net, NULL, &fl);
2294 skb->dst = &rt->u.dst; 2303 skb->dst = &rt->u.dst;
2295 2304
2296 err = rt6_fill_node(skb, rt, &fl.fl6_dst, &fl.fl6_src, iif, 2305 err = rt6_fill_node(net, skb, rt, &fl.fl6_dst, &fl.fl6_src, iif,
2297 RTM_NEWROUTE, NETLINK_CB(in_skb).pid, 2306 RTM_NEWROUTE, NETLINK_CB(in_skb).pid,
2298 nlh->nlmsg_seq, 0, 0, 0); 2307 nlh->nlmsg_seq, 0, 0, 0);
2299 if (err < 0) { 2308 if (err < 0) {
@@ -2320,7 +2329,7 @@ void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info)
2320 if (skb == NULL) 2329 if (skb == NULL)
2321 goto errout; 2330 goto errout;
2322 2331
2323 err = rt6_fill_node(skb, rt, NULL, NULL, 0, 2332 err = rt6_fill_node(net, skb, rt, NULL, NULL, 0,
2324 event, info->pid, seq, 0, 0, 0); 2333 event, info->pid, seq, 0, 0, 0);
2325 if (err < 0) { 2334 if (err < 0) {
2326 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */ 2335 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
@@ -2408,26 +2417,7 @@ static int ipv6_route_show(struct seq_file *m, void *v)
2408 2417
2409static int ipv6_route_open(struct inode *inode, struct file *file) 2418static int ipv6_route_open(struct inode *inode, struct file *file)
2410{ 2419{
2411 int err; 2420 return single_open_net(inode, file, ipv6_route_show);
2412 struct net *net = get_proc_net(inode);
2413 if (!net)
2414 return -ENXIO;
2415
2416 err = single_open(file, ipv6_route_show, net);
2417 if (err < 0) {
2418 put_net(net);
2419 return err;
2420 }
2421
2422 return 0;
2423}
2424
2425static int ipv6_route_release(struct inode *inode, struct file *file)
2426{
2427 struct seq_file *seq = file->private_data;
2428 struct net *net = seq->private;
2429 put_net(net);
2430 return single_release(inode, file);
2431} 2421}
2432 2422
2433static const struct file_operations ipv6_route_proc_fops = { 2423static const struct file_operations ipv6_route_proc_fops = {
@@ -2435,7 +2425,7 @@ static const struct file_operations ipv6_route_proc_fops = {
2435 .open = ipv6_route_open, 2425 .open = ipv6_route_open,
2436 .read = seq_read, 2426 .read = seq_read,
2437 .llseek = seq_lseek, 2427 .llseek = seq_lseek,
2438 .release = ipv6_route_release, 2428 .release = single_release_net,
2439}; 2429};
2440 2430
2441static int rt6_stats_seq_show(struct seq_file *seq, void *v) 2431static int rt6_stats_seq_show(struct seq_file *seq, void *v)
@@ -2455,26 +2445,7 @@ static int rt6_stats_seq_show(struct seq_file *seq, void *v)
2455 2445
2456static int rt6_stats_seq_open(struct inode *inode, struct file *file) 2446static int rt6_stats_seq_open(struct inode *inode, struct file *file)
2457{ 2447{
2458 int err; 2448 return single_open_net(inode, file, rt6_stats_seq_show);
2459 struct net *net = get_proc_net(inode);
2460 if (!net)
2461 return -ENXIO;
2462
2463 err = single_open(file, rt6_stats_seq_show, net);
2464 if (err < 0) {
2465 put_net(net);
2466 return err;
2467 }
2468
2469 return 0;
2470}
2471
2472static int rt6_stats_seq_release(struct inode *inode, struct file *file)
2473{
2474 struct seq_file *seq = file->private_data;
2475 struct net *net = (struct net *)seq->private;
2476 put_net(net);
2477 return single_release(inode, file);
2478} 2449}
2479 2450
2480static const struct file_operations rt6_stats_seq_fops = { 2451static const struct file_operations rt6_stats_seq_fops = {
@@ -2482,7 +2453,7 @@ static const struct file_operations rt6_stats_seq_fops = {
2482 .open = rt6_stats_seq_open, 2453 .open = rt6_stats_seq_open,
2483 .read = seq_read, 2454 .read = seq_read,
2484 .llseek = seq_lseek, 2455 .llseek = seq_lseek,
2485 .release = rt6_stats_seq_release, 2456 .release = single_release_net,
2486}; 2457};
2487#endif /* CONFIG_PROC_FS */ 2458#endif /* CONFIG_PROC_FS */
2488 2459
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 3de6ffdaedf2..b7a50e968506 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -6,8 +6,6 @@
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 * 8 *
9 * $Id: sit.c,v 1.53 2001/09/25 05:09:53 davem Exp $
10 *
11 * This program is free software; you can redistribute it and/or 9 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License 10 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 11 * as published by the Free Software Foundation; either version
@@ -222,15 +220,18 @@ __ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
222 220
223} 221}
224 222
225static int ipip6_tunnel_get_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a) 223static int ipip6_tunnel_get_prl(struct ip_tunnel *t,
224 struct ip_tunnel_prl __user *a)
226{ 225{
227 struct ip_tunnel_prl *kp; 226 struct ip_tunnel_prl kprl, *kp;
228 struct ip_tunnel_prl_entry *prl; 227 struct ip_tunnel_prl_entry *prl;
229 unsigned int cmax, c = 0, ca, len; 228 unsigned int cmax, c = 0, ca, len;
230 int ret = 0; 229 int ret = 0;
231 230
232 cmax = a->datalen / sizeof(*a); 231 if (copy_from_user(&kprl, a, sizeof(kprl)))
233 if (cmax > 1 && a->addr != htonl(INADDR_ANY)) 232 return -EFAULT;
233 cmax = kprl.datalen / sizeof(kprl);
234 if (cmax > 1 && kprl.addr != htonl(INADDR_ANY))
234 cmax = 1; 235 cmax = 1;
235 236
236 /* For simple GET or for root users, 237 /* For simple GET or for root users,
@@ -261,26 +262,25 @@ static int ipip6_tunnel_get_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
261 for (prl = t->prl; prl; prl = prl->next) { 262 for (prl = t->prl; prl; prl = prl->next) {
262 if (c > cmax) 263 if (c > cmax)
263 break; 264 break;
264 if (a->addr != htonl(INADDR_ANY) && prl->addr != a->addr) 265 if (kprl.addr != htonl(INADDR_ANY) && prl->addr != kprl.addr)
265 continue; 266 continue;
266 kp[c].addr = prl->addr; 267 kp[c].addr = prl->addr;
267 kp[c].flags = prl->flags; 268 kp[c].flags = prl->flags;
268 c++; 269 c++;
269 if (a->addr != htonl(INADDR_ANY)) 270 if (kprl.addr != htonl(INADDR_ANY))
270 break; 271 break;
271 } 272 }
272out: 273out:
273 read_unlock(&ipip6_lock); 274 read_unlock(&ipip6_lock);
274 275
275 len = sizeof(*kp) * c; 276 len = sizeof(*kp) * c;
276 ret = len ? copy_to_user(a->data, kp, len) : 0; 277 ret = 0;
278 if ((len && copy_to_user(a + 1, kp, len)) || put_user(len, &a->datalen))
279 ret = -EFAULT;
277 280
278 kfree(kp); 281 kfree(kp);
279 if (ret)
280 return -EFAULT;
281 282
282 a->datalen = len; 283 return ret;
283 return 0;
284} 284}
285 285
286static int 286static int
@@ -491,13 +491,13 @@ static int ipip6_rcv(struct sk_buff *skb)
491 491
492 if ((tunnel->dev->priv_flags & IFF_ISATAP) && 492 if ((tunnel->dev->priv_flags & IFF_ISATAP) &&
493 !isatap_chksrc(skb, iph, tunnel)) { 493 !isatap_chksrc(skb, iph, tunnel)) {
494 tunnel->stat.rx_errors++; 494 tunnel->dev->stats.rx_errors++;
495 read_unlock(&ipip6_lock); 495 read_unlock(&ipip6_lock);
496 kfree_skb(skb); 496 kfree_skb(skb);
497 return 0; 497 return 0;
498 } 498 }
499 tunnel->stat.rx_packets++; 499 tunnel->dev->stats.rx_packets++;
500 tunnel->stat.rx_bytes += skb->len; 500 tunnel->dev->stats.rx_bytes += skb->len;
501 skb->dev = tunnel->dev; 501 skb->dev = tunnel->dev;
502 dst_release(skb->dst); 502 dst_release(skb->dst);
503 skb->dst = NULL; 503 skb->dst = NULL;
@@ -537,7 +537,7 @@ static inline __be32 try_6to4(struct in6_addr *v6dst)
537static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 537static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
538{ 538{
539 struct ip_tunnel *tunnel = netdev_priv(dev); 539 struct ip_tunnel *tunnel = netdev_priv(dev);
540 struct net_device_stats *stats = &tunnel->stat; 540 struct net_device_stats *stats = &tunnel->dev->stats;
541 struct iphdr *tiph = &tunnel->parms.iph; 541 struct iphdr *tiph = &tunnel->parms.iph;
542 struct ipv6hdr *iph6 = ipv6_hdr(skb); 542 struct ipv6hdr *iph6 = ipv6_hdr(skb);
543 u8 tos = tunnel->parms.iph.tos; 543 u8 tos = tunnel->parms.iph.tos;
@@ -551,7 +551,7 @@ static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
551 int addr_type; 551 int addr_type;
552 552
553 if (tunnel->recursion++) { 553 if (tunnel->recursion++) {
554 tunnel->stat.collisions++; 554 stats->collisions++;
555 goto tx_error; 555 goto tx_error;
556 } 556 }
557 557
@@ -618,20 +618,20 @@ static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
618 .oif = tunnel->parms.link, 618 .oif = tunnel->parms.link,
619 .proto = IPPROTO_IPV6 }; 619 .proto = IPPROTO_IPV6 };
620 if (ip_route_output_key(dev_net(dev), &rt, &fl)) { 620 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
621 tunnel->stat.tx_carrier_errors++; 621 stats->tx_carrier_errors++;
622 goto tx_error_icmp; 622 goto tx_error_icmp;
623 } 623 }
624 } 624 }
625 if (rt->rt_type != RTN_UNICAST) { 625 if (rt->rt_type != RTN_UNICAST) {
626 ip_rt_put(rt); 626 ip_rt_put(rt);
627 tunnel->stat.tx_carrier_errors++; 627 stats->tx_carrier_errors++;
628 goto tx_error_icmp; 628 goto tx_error_icmp;
629 } 629 }
630 tdev = rt->u.dst.dev; 630 tdev = rt->u.dst.dev;
631 631
632 if (tdev == dev) { 632 if (tdev == dev) {
633 ip_rt_put(rt); 633 ip_rt_put(rt);
634 tunnel->stat.collisions++; 634 stats->collisions++;
635 goto tx_error; 635 goto tx_error;
636 } 636 }
637 637
@@ -641,7 +641,7 @@ static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
641 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu; 641 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
642 642
643 if (mtu < 68) { 643 if (mtu < 68) {
644 tunnel->stat.collisions++; 644 stats->collisions++;
645 ip_rt_put(rt); 645 ip_rt_put(rt);
646 goto tx_error; 646 goto tx_error;
647 } 647 }
@@ -873,11 +873,20 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
873 break; 873 break;
874 874
875 case SIOCGETPRL: 875 case SIOCGETPRL:
876 err = -EINVAL;
877 if (dev == sitn->fb_tunnel_dev)
878 goto done;
879 err = -ENOENT;
880 if (!(t = netdev_priv(dev)))
881 goto done;
882 err = ipip6_tunnel_get_prl(t, ifr->ifr_ifru.ifru_data);
883 break;
884
876 case SIOCADDPRL: 885 case SIOCADDPRL:
877 case SIOCDELPRL: 886 case SIOCDELPRL:
878 case SIOCCHGPRL: 887 case SIOCCHGPRL:
879 err = -EPERM; 888 err = -EPERM;
880 if (cmd != SIOCGETPRL && !capable(CAP_NET_ADMIN)) 889 if (!capable(CAP_NET_ADMIN))
881 goto done; 890 goto done;
882 err = -EINVAL; 891 err = -EINVAL;
883 if (dev == sitn->fb_tunnel_dev) 892 if (dev == sitn->fb_tunnel_dev)
@@ -890,12 +899,6 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
890 goto done; 899 goto done;
891 900
892 switch (cmd) { 901 switch (cmd) {
893 case SIOCGETPRL:
894 err = ipip6_tunnel_get_prl(t, &prl);
895 if (!err && copy_to_user(ifr->ifr_ifru.ifru_data,
896 &prl, sizeof(prl)))
897 err = -EFAULT;
898 break;
899 case SIOCDELPRL: 902 case SIOCDELPRL:
900 err = ipip6_tunnel_del_prl(t, &prl); 903 err = ipip6_tunnel_del_prl(t, &prl);
901 break; 904 break;
@@ -904,8 +907,7 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
904 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL); 907 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
905 break; 908 break;
906 } 909 }
907 if (cmd != SIOCGETPRL) 910 netdev_state_change(dev);
908 netdev_state_change(dev);
909 break; 911 break;
910 912
911 default: 913 default:
@@ -916,11 +918,6 @@ done:
916 return err; 918 return err;
917} 919}
918 920
919static struct net_device_stats *ipip6_tunnel_get_stats(struct net_device *dev)
920{
921 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
922}
923
924static int ipip6_tunnel_change_mtu(struct net_device *dev, int new_mtu) 921static int ipip6_tunnel_change_mtu(struct net_device *dev, int new_mtu)
925{ 922{
926 if (new_mtu < IPV6_MIN_MTU || new_mtu > 0xFFF8 - sizeof(struct iphdr)) 923 if (new_mtu < IPV6_MIN_MTU || new_mtu > 0xFFF8 - sizeof(struct iphdr))
@@ -934,7 +931,6 @@ static void ipip6_tunnel_setup(struct net_device *dev)
934 dev->uninit = ipip6_tunnel_uninit; 931 dev->uninit = ipip6_tunnel_uninit;
935 dev->destructor = free_netdev; 932 dev->destructor = free_netdev;
936 dev->hard_start_xmit = ipip6_tunnel_xmit; 933 dev->hard_start_xmit = ipip6_tunnel_xmit;
937 dev->get_stats = ipip6_tunnel_get_stats;
938 dev->do_ioctl = ipip6_tunnel_ioctl; 934 dev->do_ioctl = ipip6_tunnel_ioctl;
939 dev->change_mtu = ipip6_tunnel_change_mtu; 935 dev->change_mtu = ipip6_tunnel_change_mtu;
940 936
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 938ce4ecde55..ec394cf5a19b 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -137,7 +137,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
137 ; 137 ;
138 *mssp = msstab[mssind] + 1; 138 *mssp = msstab[mssind] + 1;
139 139
140 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESSENT); 140 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT);
141 141
142 return secure_tcp_syn_cookie(&iph->saddr, &iph->daddr, th->source, 142 return secure_tcp_syn_cookie(&iph->saddr, &iph->daddr, th->source,
143 th->dest, ntohl(th->seq), 143 th->dest, ntohl(th->seq),
@@ -177,11 +177,11 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
177 177
178 if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) || 178 if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) ||
179 (mss = cookie_check(skb, cookie)) == 0) { 179 (mss = cookie_check(skb, cookie)) == 0) {
180 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED); 180 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED);
181 goto out; 181 goto out;
182 } 182 }
183 183
184 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESRECV); 184 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESRECV);
185 185
186 /* check for timestamp cookie support */ 186 /* check for timestamp cookie support */
187 memset(&tcp_opt, 0, sizeof(tcp_opt)); 187 memset(&tcp_opt, 0, sizeof(tcp_opt));
@@ -198,12 +198,9 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
198 ireq = inet_rsk(req); 198 ireq = inet_rsk(req);
199 ireq6 = inet6_rsk(req); 199 ireq6 = inet6_rsk(req);
200 treq = tcp_rsk(req); 200 treq = tcp_rsk(req);
201 ireq6->pktopts = NULL;
202 201
203 if (security_inet_conn_request(sk, skb, req)) { 202 if (security_inet_conn_request(sk, skb, req))
204 reqsk_free(req); 203 goto out_free;
205 goto out;
206 }
207 204
208 req->mss = mss; 205 req->mss = mss;
209 ireq->rmt_port = th->source; 206 ireq->rmt_port = th->source;
@@ -224,6 +221,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
224 221
225 req->expires = 0UL; 222 req->expires = 0UL;
226 req->retrans = 0; 223 req->retrans = 0;
224 ireq->ecn_ok = 0;
227 ireq->snd_wscale = tcp_opt.snd_wscale; 225 ireq->snd_wscale = tcp_opt.snd_wscale;
228 ireq->rcv_wscale = tcp_opt.rcv_wscale; 226 ireq->rcv_wscale = tcp_opt.rcv_wscale;
229 ireq->sack_ok = tcp_opt.sack_ok; 227 ireq->sack_ok = tcp_opt.sack_ok;
@@ -255,14 +253,13 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
255 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 253 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
256 fl.fl_ip_sport = inet_sk(sk)->sport; 254 fl.fl_ip_sport = inet_sk(sk)->sport;
257 security_req_classify_flow(req, &fl); 255 security_req_classify_flow(req, &fl);
258 if (ip6_dst_lookup(sk, &dst, &fl)) { 256 if (ip6_dst_lookup(sk, &dst, &fl))
259 reqsk_free(req); 257 goto out_free;
260 goto out; 258
261 }
262 if (final_p) 259 if (final_p)
263 ipv6_addr_copy(&fl.fl6_dst, final_p); 260 ipv6_addr_copy(&fl.fl6_dst, final_p);
264 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 261 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
265 goto out; 262 goto out_free;
266 } 263 }
267 264
268 req->window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); 265 req->window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW);
@@ -273,7 +270,10 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
273 ireq->rcv_wscale = rcv_wscale; 270 ireq->rcv_wscale = rcv_wscale;
274 271
275 ret = get_cookie_sock(sk, skb, req, dst); 272 ret = get_cookie_sock(sk, skb, req, dst);
276 273out:
277out: return ret; 274 return ret;
275out_free:
276 reqsk_free(req);
277 return NULL;
278} 278}
279 279
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 3804dcbbfab0..587f8f60c489 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -37,6 +37,10 @@ static ctl_table ipv6_table_template[] = {
37 .mode = 0644, 37 .mode = 0644,
38 .proc_handler = &proc_dointvec 38 .proc_handler = &proc_dointvec
39 }, 39 },
40 { .ctl_name = 0 }
41};
42
43static ctl_table ipv6_table[] = {
40 { 44 {
41 .ctl_name = NET_IPV6_MLD_MAX_MSF, 45 .ctl_name = NET_IPV6_MLD_MAX_MSF,
42 .procname = "mld_max_msf", 46 .procname = "mld_max_msf",
@@ -80,12 +84,6 @@ static int ipv6_sysctl_net_init(struct net *net)
80 84
81 ipv6_table[2].data = &net->ipv6.sysctl.bindv6only; 85 ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
82 86
83 /* We don't want this value to be per namespace, it should be global
84 to all namespaces, so make it read-only when we are not in the
85 init network namespace */
86 if (net != &init_net)
87 ipv6_table[3].mode = 0444;
88
89 net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path, 87 net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
90 ipv6_table); 88 ipv6_table);
91 if (!net->ipv6.sysctl.table) 89 if (!net->ipv6.sysctl.table)
@@ -126,12 +124,45 @@ static struct pernet_operations ipv6_sysctl_net_ops = {
126 .exit = ipv6_sysctl_net_exit, 124 .exit = ipv6_sysctl_net_exit,
127}; 125};
128 126
127static struct ctl_table_header *ip6_header;
128
129int ipv6_sysctl_register(void) 129int ipv6_sysctl_register(void)
130{ 130{
131 return register_pernet_subsys(&ipv6_sysctl_net_ops); 131 int err = -ENOMEM;;
132
133 ip6_header = register_net_sysctl_rotable(net_ipv6_ctl_path, ipv6_table);
134 if (ip6_header == NULL)
135 goto out;
136
137 err = register_pernet_subsys(&ipv6_sysctl_net_ops);
138 if (err)
139 goto err_pernet;
140out:
141 return err;
142
143err_pernet:
144 unregister_net_sysctl_table(ip6_header);
145 goto out;
132} 146}
133 147
134void ipv6_sysctl_unregister(void) 148void ipv6_sysctl_unregister(void)
135{ 149{
150 unregister_net_sysctl_table(ip6_header);
136 unregister_pernet_subsys(&ipv6_sysctl_net_ops); 151 unregister_pernet_subsys(&ipv6_sysctl_net_ops);
137} 152}
153
154static struct ctl_table_header *ip6_base;
155
156int ipv6_static_sysctl_register(void)
157{
158 static struct ctl_table empty[1];
159 ip6_base = register_sysctl_paths(net_ipv6_ctl_path, empty);
160 if (ip6_base == NULL)
161 return -ENOMEM;
162 return 0;
163}
164
165void ipv6_static_sysctl_unregister(void)
166{
167 unregister_net_sysctl_table(ip6_base);
168}
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 715965f0fac0..5b90b369ccb2 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -5,8 +5,6 @@
5 * Authors: 5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt> 6 * Pedro Roque <roque@di.fc.ul.pt>
7 * 7 *
8 * $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9 *
10 * Based on: 8 * Based on:
11 * linux/net/ipv4/tcp.c 9 * linux/net/ipv4/tcp.c
12 * linux/net/ipv4/tcp_input.c 10 * linux/net/ipv4/tcp_input.c
@@ -71,9 +69,8 @@
71#include <linux/scatterlist.h> 69#include <linux/scatterlist.h>
72 70
73static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 71static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req); 72static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75static void tcp_v6_send_check(struct sock *sk, int len, 73 struct request_sock *req);
76 struct sk_buff *skb);
77 74
78static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 75static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79 76
@@ -82,6 +79,12 @@ static struct inet_connection_sock_af_ops ipv6_specific;
82#ifdef CONFIG_TCP_MD5SIG 79#ifdef CONFIG_TCP_MD5SIG
83static struct tcp_sock_af_ops tcp_sock_ipv6_specific; 80static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 81static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
82#else
83static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
84 struct in6_addr *addr)
85{
86 return NULL;
87}
85#endif 88#endif
86 89
87static void tcp_v6_hash(struct sock *sk) 90static void tcp_v6_hash(struct sock *sk)
@@ -321,8 +324,9 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
321 int err; 324 int err;
322 struct tcp_sock *tp; 325 struct tcp_sock *tp;
323 __u32 seq; 326 __u32 seq;
327 struct net *net = dev_net(skb->dev);
324 328
325 sk = inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, &hdr->daddr, 329 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
326 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 330 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
327 331
328 if (sk == NULL) { 332 if (sk == NULL) {
@@ -337,7 +341,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
337 341
338 bh_lock_sock(sk); 342 bh_lock_sock(sk);
339 if (sock_owned_by_user(sk)) 343 if (sock_owned_by_user(sk))
340 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 344 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
341 345
342 if (sk->sk_state == TCP_CLOSE) 346 if (sk->sk_state == TCP_CLOSE)
343 goto out; 347 goto out;
@@ -346,7 +350,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
346 seq = ntohl(th->seq); 350 seq = ntohl(th->seq);
347 if (sk->sk_state != TCP_LISTEN && 351 if (sk->sk_state != TCP_LISTEN &&
348 !between(seq, tp->snd_una, tp->snd_nxt)) { 352 !between(seq, tp->snd_una, tp->snd_nxt)) {
349 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 353 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
350 goto out; 354 goto out;
351 } 355 }
352 356
@@ -418,10 +422,10 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
418 /* ICMPs are not backlogged, hence we cannot get 422 /* ICMPs are not backlogged, hence we cannot get
419 * an established socket here. 423 * an established socket here.
420 */ 424 */
421 BUG_TRAP(req->sk == NULL); 425 WARN_ON(req->sk != NULL);
422 426
423 if (seq != tcp_rsk(req)->snt_isn) { 427 if (seq != tcp_rsk(req)->snt_isn) {
424 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 428 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
425 goto out; 429 goto out;
426 } 430 }
427 431
@@ -733,109 +737,105 @@ static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
733 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 737 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
734} 738}
735 739
736static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 740static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
737 struct in6_addr *saddr, 741 struct in6_addr *daddr,
738 struct in6_addr *daddr, 742 struct in6_addr *saddr, int nbytes)
739 struct tcphdr *th, int protocol,
740 unsigned int tcplen)
741{ 743{
742 struct scatterlist sg[4];
743 __u16 data_len;
744 int block = 0;
745 __sum16 cksum;
746 struct tcp_md5sig_pool *hp;
747 struct tcp6_pseudohdr *bp; 744 struct tcp6_pseudohdr *bp;
748 struct hash_desc *desc; 745 struct scatterlist sg;
749 int err;
750 unsigned int nbytes = 0;
751 746
752 hp = tcp_get_md5sig_pool();
753 if (!hp) {
754 printk(KERN_WARNING "%s(): hash pool not found...\n", __func__);
755 goto clear_hash_noput;
756 }
757 bp = &hp->md5_blk.ip6; 747 bp = &hp->md5_blk.ip6;
758 desc = &hp->md5_desc;
759
760 /* 1. TCP pseudo-header (RFC2460) */ 748 /* 1. TCP pseudo-header (RFC2460) */
761 ipv6_addr_copy(&bp->saddr, saddr); 749 ipv6_addr_copy(&bp->saddr, saddr);
762 ipv6_addr_copy(&bp->daddr, daddr); 750 ipv6_addr_copy(&bp->daddr, daddr);
763 bp->len = htonl(tcplen); 751 bp->protocol = cpu_to_be32(IPPROTO_TCP);
764 bp->protocol = htonl(protocol); 752 bp->len = cpu_to_be32(nbytes);
765 753
766 sg_init_table(sg, 4); 754 sg_init_one(&sg, bp, sizeof(*bp));
767 755 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
768 sg_set_buf(&sg[block++], bp, sizeof(*bp)); 756}
769 nbytes += sizeof(*bp);
770
771 /* 2. TCP header, excluding options */
772 cksum = th->check;
773 th->check = 0;
774 sg_set_buf(&sg[block++], th, sizeof(*th));
775 nbytes += sizeof(*th);
776
777 /* 3. TCP segment data (if any) */
778 data_len = tcplen - (th->doff << 2);
779 if (data_len > 0) {
780 u8 *data = (u8 *)th + (th->doff << 2);
781 sg_set_buf(&sg[block++], data, data_len);
782 nbytes += data_len;
783 }
784 757
785 /* 4. shared key */ 758static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
786 sg_set_buf(&sg[block++], key->key, key->keylen); 759 struct in6_addr *daddr, struct in6_addr *saddr,
787 nbytes += key->keylen; 760 struct tcphdr *th)
761{
762 struct tcp_md5sig_pool *hp;
763 struct hash_desc *desc;
788 764
789 sg_mark_end(&sg[block - 1]); 765 hp = tcp_get_md5sig_pool();
766 if (!hp)
767 goto clear_hash_noput;
768 desc = &hp->md5_desc;
790 769
791 /* Now store the hash into the packet */ 770 if (crypto_hash_init(desc))
792 err = crypto_hash_init(desc);
793 if (err) {
794 printk(KERN_WARNING "%s(): hash_init failed\n", __func__);
795 goto clear_hash; 771 goto clear_hash;
796 } 772 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
797 err = crypto_hash_update(desc, sg, nbytes);
798 if (err) {
799 printk(KERN_WARNING "%s(): hash_update failed\n", __func__);
800 goto clear_hash; 773 goto clear_hash;
801 } 774 if (tcp_md5_hash_header(hp, th))
802 err = crypto_hash_final(desc, md5_hash); 775 goto clear_hash;
803 if (err) { 776 if (tcp_md5_hash_key(hp, key))
804 printk(KERN_WARNING "%s(): hash_final failed\n", __func__); 777 goto clear_hash;
778 if (crypto_hash_final(desc, md5_hash))
805 goto clear_hash; 779 goto clear_hash;
806 }
807 780
808 /* Reset header, and free up the crypto */
809 tcp_put_md5sig_pool(); 781 tcp_put_md5sig_pool();
810 th->check = cksum;
811out:
812 return 0; 782 return 0;
783
813clear_hash: 784clear_hash:
814 tcp_put_md5sig_pool(); 785 tcp_put_md5sig_pool();
815clear_hash_noput: 786clear_hash_noput:
816 memset(md5_hash, 0, 16); 787 memset(md5_hash, 0, 16);
817 goto out; 788 return 1;
818} 789}
819 790
820static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 791static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
821 struct sock *sk, 792 struct sock *sk, struct request_sock *req,
822 struct dst_entry *dst, 793 struct sk_buff *skb)
823 struct request_sock *req,
824 struct tcphdr *th, int protocol,
825 unsigned int tcplen)
826{ 794{
827 struct in6_addr *saddr, *daddr; 795 struct in6_addr *saddr, *daddr;
796 struct tcp_md5sig_pool *hp;
797 struct hash_desc *desc;
798 struct tcphdr *th = tcp_hdr(skb);
828 799
829 if (sk) { 800 if (sk) {
830 saddr = &inet6_sk(sk)->saddr; 801 saddr = &inet6_sk(sk)->saddr;
831 daddr = &inet6_sk(sk)->daddr; 802 daddr = &inet6_sk(sk)->daddr;
832 } else { 803 } else if (req) {
833 saddr = &inet6_rsk(req)->loc_addr; 804 saddr = &inet6_rsk(req)->loc_addr;
834 daddr = &inet6_rsk(req)->rmt_addr; 805 daddr = &inet6_rsk(req)->rmt_addr;
806 } else {
807 struct ipv6hdr *ip6h = ipv6_hdr(skb);
808 saddr = &ip6h->saddr;
809 daddr = &ip6h->daddr;
835 } 810 }
836 return tcp_v6_do_calc_md5_hash(md5_hash, key, 811
837 saddr, daddr, 812 hp = tcp_get_md5sig_pool();
838 th, protocol, tcplen); 813 if (!hp)
814 goto clear_hash_noput;
815 desc = &hp->md5_desc;
816
817 if (crypto_hash_init(desc))
818 goto clear_hash;
819
820 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
821 goto clear_hash;
822 if (tcp_md5_hash_header(hp, th))
823 goto clear_hash;
824 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
825 goto clear_hash;
826 if (tcp_md5_hash_key(hp, key))
827 goto clear_hash;
828 if (crypto_hash_final(desc, md5_hash))
829 goto clear_hash;
830
831 tcp_put_md5sig_pool();
832 return 0;
833
834clear_hash:
835 tcp_put_md5sig_pool();
836clear_hash_noput:
837 memset(md5_hash, 0, 16);
838 return 1;
839} 839}
840 840
841static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 841static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
@@ -844,74 +844,31 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
844 struct tcp_md5sig_key *hash_expected; 844 struct tcp_md5sig_key *hash_expected;
845 struct ipv6hdr *ip6h = ipv6_hdr(skb); 845 struct ipv6hdr *ip6h = ipv6_hdr(skb);
846 struct tcphdr *th = tcp_hdr(skb); 846 struct tcphdr *th = tcp_hdr(skb);
847 int length = (th->doff << 2) - sizeof (*th);
848 int genhash; 847 int genhash;
849 u8 *ptr;
850 u8 newhash[16]; 848 u8 newhash[16];
851 849
852 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 850 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
851 hash_location = tcp_parse_md5sig_option(th);
853 852
854 /* If the TCP option is too short, we can short cut */ 853 /* We've parsed the options - do we have a hash? */
855 if (length < TCPOLEN_MD5SIG) 854 if (!hash_expected && !hash_location)
856 return hash_expected ? 1 : 0; 855 return 0;
857
858 /* parse options */
859 ptr = (u8*)(th + 1);
860 while (length > 0) {
861 int opcode = *ptr++;
862 int opsize;
863
864 switch(opcode) {
865 case TCPOPT_EOL:
866 goto done_opts;
867 case TCPOPT_NOP:
868 length--;
869 continue;
870 default:
871 opsize = *ptr++;
872 if (opsize < 2 || opsize > length)
873 goto done_opts;
874 if (opcode == TCPOPT_MD5SIG) {
875 hash_location = ptr;
876 goto done_opts;
877 }
878 }
879 ptr += opsize - 2;
880 length -= opsize;
881 }
882 856
883done_opts: 857 if (hash_expected && !hash_location) {
884 /* do we have a hash as expected? */ 858 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
885 if (!hash_expected) {
886 if (!hash_location)
887 return 0;
888 if (net_ratelimit()) {
889 printk(KERN_INFO "MD5 Hash NOT expected but found "
890 "(" NIP6_FMT ", %u)->"
891 "(" NIP6_FMT ", %u)\n",
892 NIP6(ip6h->saddr), ntohs(th->source),
893 NIP6(ip6h->daddr), ntohs(th->dest));
894 }
895 return 1; 859 return 1;
896 } 860 }
897 861
898 if (!hash_location) { 862 if (!hash_expected && hash_location) {
899 if (net_ratelimit()) { 863 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
900 printk(KERN_INFO "MD5 Hash expected but NOT found "
901 "(" NIP6_FMT ", %u)->"
902 "(" NIP6_FMT ", %u)\n",
903 NIP6(ip6h->saddr), ntohs(th->source),
904 NIP6(ip6h->daddr), ntohs(th->dest));
905 }
906 return 1; 864 return 1;
907 } 865 }
908 866
909 /* check the signature */ 867 /* check the signature */
910 genhash = tcp_v6_do_calc_md5_hash(newhash, 868 genhash = tcp_v6_md5_hash_skb(newhash,
911 hash_expected, 869 hash_expected,
912 &ip6h->saddr, &ip6h->daddr, 870 NULL, NULL, skb);
913 th, sk->sk_protocol, 871
914 skb->len);
915 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 872 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
916 if (net_ratelimit()) { 873 if (net_ratelimit()) {
917 printk(KERN_INFO "MD5 Hash %s for " 874 printk(KERN_INFO "MD5 Hash %s for "
@@ -1048,10 +1005,9 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1048 (TCPOPT_NOP << 16) | 1005 (TCPOPT_NOP << 16) |
1049 (TCPOPT_MD5SIG << 8) | 1006 (TCPOPT_MD5SIG << 8) |
1050 TCPOLEN_MD5SIG); 1007 TCPOLEN_MD5SIG);
1051 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key, 1008 tcp_v6_md5_hash_hdr((__u8 *)&opt[1], key,
1052 &ipv6_hdr(skb)->daddr, 1009 &ipv6_hdr(skb)->daddr,
1053 &ipv6_hdr(skb)->saddr, 1010 &ipv6_hdr(skb)->saddr, t1);
1054 t1, IPPROTO_TCP, tot_len);
1055 } 1011 }
1056#endif 1012#endif
1057 1013
@@ -1079,8 +1035,8 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1079 1035
1080 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1036 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1081 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1037 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1082 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1038 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1083 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS); 1039 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1084 return; 1040 return;
1085 } 1041 }
1086 } 1042 }
@@ -1088,8 +1044,8 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1088 kfree_skb(buff); 1044 kfree_skb(buff);
1089} 1045}
1090 1046
1091static void tcp_v6_send_ack(struct tcp_timewait_sock *tw, 1047static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1092 struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts) 1048 struct tcp_md5sig_key *key)
1093{ 1049{
1094 struct tcphdr *th = tcp_hdr(skb), *t1; 1050 struct tcphdr *th = tcp_hdr(skb), *t1;
1095 struct sk_buff *buff; 1051 struct sk_buff *buff;
@@ -1098,22 +1054,6 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1098 struct sock *ctl_sk = net->ipv6.tcp_sk; 1054 struct sock *ctl_sk = net->ipv6.tcp_sk;
1099 unsigned int tot_len = sizeof(struct tcphdr); 1055 unsigned int tot_len = sizeof(struct tcphdr);
1100 __be32 *topt; 1056 __be32 *topt;
1101#ifdef CONFIG_TCP_MD5SIG
1102 struct tcp_md5sig_key *key;
1103 struct tcp_md5sig_key tw_key;
1104#endif
1105
1106#ifdef CONFIG_TCP_MD5SIG
1107 if (!tw && skb->sk) {
1108 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1109 } else if (tw && tw->tw_md5_keylen) {
1110 tw_key.key = tw->tw_md5_key;
1111 tw_key.keylen = tw->tw_md5_keylen;
1112 key = &tw_key;
1113 } else {
1114 key = NULL;
1115 }
1116#endif
1117 1057
1118 if (ts) 1058 if (ts)
1119 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1059 tot_len += TCPOLEN_TSTAMP_ALIGNED;
@@ -1154,10 +1094,9 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1154 if (key) { 1094 if (key) {
1155 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1095 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1156 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1096 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1157 tcp_v6_do_calc_md5_hash((__u8 *)topt, key, 1097 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1158 &ipv6_hdr(skb)->daddr, 1098 &ipv6_hdr(skb)->saddr,
1159 &ipv6_hdr(skb)->saddr, 1099 &ipv6_hdr(skb)->daddr, t1);
1160 t1, IPPROTO_TCP, tot_len);
1161 } 1100 }
1162#endif 1101#endif
1163 1102
@@ -1180,7 +1119,7 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1180 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { 1119 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1181 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1120 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1182 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1121 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1183 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1122 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1184 return; 1123 return;
1185 } 1124 }
1186 } 1125 }
@@ -1193,16 +1132,18 @@ static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1193 struct inet_timewait_sock *tw = inet_twsk(sk); 1132 struct inet_timewait_sock *tw = inet_twsk(sk);
1194 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1133 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1195 1134
1196 tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1135 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1197 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1136 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1198 tcptw->tw_ts_recent); 1137 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1199 1138
1200 inet_twsk_put(tw); 1139 inet_twsk_put(tw);
1201} 1140}
1202 1141
1203static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req) 1142static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1143 struct request_sock *req)
1204{ 1144{
1205 tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent); 1145 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1146 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1206} 1147}
1207 1148
1208 1149
@@ -1299,7 +1240,6 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1299 treq = inet6_rsk(req); 1240 treq = inet6_rsk(req);
1300 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1241 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1301 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1242 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1302 treq->pktopts = NULL;
1303 if (!want_cookie) 1243 if (!want_cookie)
1304 TCP_ECN_create_request(req, tcp_hdr(skb)); 1244 TCP_ECN_create_request(req, tcp_hdr(skb));
1305 1245
@@ -1539,9 +1479,9 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1539 return newsk; 1479 return newsk;
1540 1480
1541out_overflow: 1481out_overflow:
1542 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 1482 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1543out: 1483out:
1544 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 1484 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1545 if (opt && opt != np->opt) 1485 if (opt && opt != np->opt)
1546 sock_kfree_s(sk, opt, opt->tot_len); 1486 sock_kfree_s(sk, opt, opt->tot_len);
1547 dst_release(dst); 1487 dst_release(dst);
@@ -1670,7 +1610,7 @@ discard:
1670 kfree_skb(skb); 1610 kfree_skb(skb);
1671 return 0; 1611 return 0;
1672csum_err: 1612csum_err:
1673 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1613 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1674 goto discard; 1614 goto discard;
1675 1615
1676 1616
@@ -1708,6 +1648,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
1708 struct tcphdr *th; 1648 struct tcphdr *th;
1709 struct sock *sk; 1649 struct sock *sk;
1710 int ret; 1650 int ret;
1651 struct net *net = dev_net(skb->dev);
1711 1652
1712 if (skb->pkt_type != PACKET_HOST) 1653 if (skb->pkt_type != PACKET_HOST)
1713 goto discard_it; 1654 goto discard_it;
@@ -1715,7 +1656,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
1715 /* 1656 /*
1716 * Count it even if it's bad. 1657 * Count it even if it's bad.
1717 */ 1658 */
1718 TCP_INC_STATS_BH(TCP_MIB_INSEGS); 1659 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1719 1660
1720 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1661 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1721 goto discard_it; 1662 goto discard_it;
@@ -1739,7 +1680,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
1739 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb)); 1680 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1740 TCP_SKB_CB(skb)->sacked = 0; 1681 TCP_SKB_CB(skb)->sacked = 0;
1741 1682
1742 sk = __inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, 1683 sk = __inet6_lookup(net, &tcp_hashinfo,
1743 &ipv6_hdr(skb)->saddr, th->source, 1684 &ipv6_hdr(skb)->saddr, th->source,
1744 &ipv6_hdr(skb)->daddr, ntohs(th->dest), 1685 &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1745 inet6_iif(skb)); 1686 inet6_iif(skb));
@@ -1787,7 +1728,7 @@ no_tcp_socket:
1787 1728
1788 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1729 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1789bad_packet: 1730bad_packet:
1790 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1731 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1791 } else { 1732 } else {
1792 tcp_v6_send_reset(NULL, skb); 1733 tcp_v6_send_reset(NULL, skb);
1793 } 1734 }
@@ -1812,7 +1753,7 @@ do_time_wait:
1812 } 1753 }
1813 1754
1814 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1755 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1815 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1756 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1816 inet_twsk_put(inet_twsk(sk)); 1757 inet_twsk_put(inet_twsk(sk));
1817 goto discard_it; 1758 goto discard_it;
1818 } 1759 }
@@ -1872,7 +1813,7 @@ static struct inet_connection_sock_af_ops ipv6_specific = {
1872#ifdef CONFIG_TCP_MD5SIG 1813#ifdef CONFIG_TCP_MD5SIG
1873static struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1814static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1874 .md5_lookup = tcp_v6_md5_lookup, 1815 .md5_lookup = tcp_v6_md5_lookup,
1875 .calc_md5_hash = tcp_v6_calc_md5_hash, 1816 .calc_md5_hash = tcp_v6_md5_hash_skb,
1876 .md5_add = tcp_v6_md5_add_func, 1817 .md5_add = tcp_v6_md5_add_func,
1877 .md5_parse = tcp_v6_parse_md5_keys, 1818 .md5_parse = tcp_v6_parse_md5_keys,
1878}; 1819};
@@ -1904,7 +1845,7 @@ static struct inet_connection_sock_af_ops ipv6_mapped = {
1904#ifdef CONFIG_TCP_MD5SIG 1845#ifdef CONFIG_TCP_MD5SIG
1905static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1846static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1906 .md5_lookup = tcp_v4_md5_lookup, 1847 .md5_lookup = tcp_v4_md5_lookup,
1907 .calc_md5_hash = tcp_v4_calc_md5_hash, 1848 .calc_md5_hash = tcp_v4_md5_hash_skb,
1908 .md5_add = tcp_v6_md5_add_func, 1849 .md5_add = tcp_v6_md5_add_func,
1909 .md5_parse = tcp_v6_parse_md5_keys, 1850 .md5_parse = tcp_v6_parse_md5_keys,
1910}; 1851};
@@ -1961,7 +1902,7 @@ static int tcp_v6_init_sock(struct sock *sk)
1961 return 0; 1902 return 0;
1962} 1903}
1963 1904
1964static int tcp_v6_destroy_sock(struct sock *sk) 1905static void tcp_v6_destroy_sock(struct sock *sk)
1965{ 1906{
1966#ifdef CONFIG_TCP_MD5SIG 1907#ifdef CONFIG_TCP_MD5SIG
1967 /* Clean up the MD5 key list */ 1908 /* Clean up the MD5 key list */
@@ -1969,7 +1910,7 @@ static int tcp_v6_destroy_sock(struct sock *sk)
1969 tcp_v6_clear_md5_list(sk); 1910 tcp_v6_clear_md5_list(sk);
1970#endif 1911#endif
1971 tcp_v4_destroy_sock(sk); 1912 tcp_v4_destroy_sock(sk);
1972 return inet6_destroy_sock(sk); 1913 inet6_destroy_sock(sk);
1973} 1914}
1974 1915
1975#ifdef CONFIG_PROC_FS 1916#ifdef CONFIG_PROC_FS
@@ -2037,7 +1978,7 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2037 1978
2038 seq_printf(seq, 1979 seq_printf(seq,
2039 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1980 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2040 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n", 1981 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
2041 i, 1982 i,
2042 src->s6_addr32[0], src->s6_addr32[1], 1983 src->s6_addr32[0], src->s6_addr32[1],
2043 src->s6_addr32[2], src->s6_addr32[3], srcp, 1984 src->s6_addr32[2], src->s6_addr32[3], srcp,
@@ -2053,8 +1994,8 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2053 icsk->icsk_probes_out, 1994 icsk->icsk_probes_out,
2054 sock_i_ino(sp), 1995 sock_i_ino(sp),
2055 atomic_read(&sp->sk_refcnt), sp, 1996 atomic_read(&sp->sk_refcnt), sp,
2056 icsk->icsk_rto, 1997 jiffies_to_clock_t(icsk->icsk_rto),
2057 icsk->icsk_ack.ato, 1998 jiffies_to_clock_t(icsk->icsk_ack.ato),
2058 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 1999 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2059 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh 2000 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2060 ); 2001 );
diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c
index 6323921b40be..669f280989c3 100644
--- a/net/ipv6/tunnel6.c
+++ b/net/ipv6/tunnel6.c
@@ -109,7 +109,7 @@ static int tunnel46_rcv(struct sk_buff *skb)
109{ 109{
110 struct xfrm6_tunnel *handler; 110 struct xfrm6_tunnel *handler;
111 111
112 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 112 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
113 goto drop; 113 goto drop;
114 114
115 for (handler = tunnel46_handlers; handler; handler = handler->next) 115 for (handler = tunnel46_handlers; handler; handler = handler->next)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 1fd784f3e2ec..a6aecf76a71b 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -7,8 +7,6 @@
7 * 7 *
8 * Based on linux/ipv4/udp.c 8 * Based on linux/ipv4/udp.c
9 * 9 *
10 * $Id: udp.c,v 1.65 2002/02/01 22:01:04 davem Exp $
11 *
12 * Fixes: 10 * Fixes:
13 * Hideaki YOSHIFUJI : sin6_scope_id support 11 * Hideaki YOSHIFUJI : sin6_scope_id support
14 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 12 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
@@ -67,7 +65,7 @@ static struct sock *__udp6_lib_lookup(struct net *net,
67 int badness = -1; 65 int badness = -1;
68 66
69 read_lock(&udp_hash_lock); 67 read_lock(&udp_hash_lock);
70 sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) { 68 sk_for_each(sk, node, &udptable[udp_hashfn(net, hnum)]) {
71 struct inet_sock *inet = inet_sk(sk); 69 struct inet_sock *inet = inet_sk(sk);
72 70
73 if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum && 71 if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum &&
@@ -168,7 +166,8 @@ try_again:
168 goto out_free; 166 goto out_free;
169 167
170 if (!peeked) 168 if (!peeked)
171 UDP6_INC_STATS_USER(UDP_MIB_INDATAGRAMS, is_udplite); 169 UDP6_INC_STATS_USER(sock_net(sk),
170 UDP_MIB_INDATAGRAMS, is_udplite);
172 171
173 sock_recv_timestamp(msg, sk, skb); 172 sock_recv_timestamp(msg, sk, skb);
174 173
@@ -215,7 +214,7 @@ out:
215csum_copy_err: 214csum_copy_err:
216 lock_sock(sk); 215 lock_sock(sk);
217 if (!skb_kill_datagram(sk, skb, flags)) 216 if (!skb_kill_datagram(sk, skb, flags))
218 UDP6_INC_STATS_USER(UDP_MIB_INERRORS, is_udplite); 217 UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
219 release_sock(sk); 218 release_sock(sk);
220 219
221 if (flags & MSG_DONTWAIT) 220 if (flags & MSG_DONTWAIT)
@@ -299,14 +298,17 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
299 298
300 if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) { 299 if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) {
301 /* Note that an ENOMEM error is charged twice */ 300 /* Note that an ENOMEM error is charged twice */
302 if (rc == -ENOMEM) 301 if (rc == -ENOMEM) {
303 UDP6_INC_STATS_BH(UDP_MIB_RCVBUFERRORS, is_udplite); 302 UDP6_INC_STATS_BH(sock_net(sk),
303 UDP_MIB_RCVBUFERRORS, is_udplite);
304 atomic_inc(&sk->sk_drops);
305 }
304 goto drop; 306 goto drop;
305 } 307 }
306 308
307 return 0; 309 return 0;
308drop: 310drop:
309 UDP6_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite); 311 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
310 kfree_skb(skb); 312 kfree_skb(skb);
311 return -1; 313 return -1;
312} 314}
@@ -355,15 +357,16 @@ static struct sock *udp_v6_mcast_next(struct sock *sk,
355 * Note: called only from the BH handler context, 357 * Note: called only from the BH handler context,
356 * so we don't need to lock the hashes. 358 * so we don't need to lock the hashes.
357 */ 359 */
358static int __udp6_lib_mcast_deliver(struct sk_buff *skb, struct in6_addr *saddr, 360static int __udp6_lib_mcast_deliver(struct net *net, struct sk_buff *skb,
359 struct in6_addr *daddr, struct hlist_head udptable[]) 361 struct in6_addr *saddr, struct in6_addr *daddr,
362 struct hlist_head udptable[])
360{ 363{
361 struct sock *sk, *sk2; 364 struct sock *sk, *sk2;
362 const struct udphdr *uh = udp_hdr(skb); 365 const struct udphdr *uh = udp_hdr(skb);
363 int dif; 366 int dif;
364 367
365 read_lock(&udp_hash_lock); 368 read_lock(&udp_hash_lock);
366 sk = sk_head(&udptable[ntohs(uh->dest) & (UDP_HTABLE_SIZE - 1)]); 369 sk = sk_head(&udptable[udp_hashfn(net, ntohs(uh->dest))]);
367 dif = inet6_iif(skb); 370 dif = inet6_iif(skb);
368 sk = udp_v6_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif); 371 sk = udp_v6_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif);
369 if (!sk) { 372 if (!sk) {
@@ -376,7 +379,7 @@ static int __udp6_lib_mcast_deliver(struct sk_buff *skb, struct in6_addr *saddr,
376 uh->source, saddr, dif))) { 379 uh->source, saddr, dif))) {
377 struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC); 380 struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC);
378 if (buff) { 381 if (buff) {
379 bh_lock_sock_nested(sk2); 382 bh_lock_sock(sk2);
380 if (!sock_owned_by_user(sk2)) 383 if (!sock_owned_by_user(sk2))
381 udpv6_queue_rcv_skb(sk2, buff); 384 udpv6_queue_rcv_skb(sk2, buff);
382 else 385 else
@@ -384,7 +387,7 @@ static int __udp6_lib_mcast_deliver(struct sk_buff *skb, struct in6_addr *saddr,
384 bh_unlock_sock(sk2); 387 bh_unlock_sock(sk2);
385 } 388 }
386 } 389 }
387 bh_lock_sock_nested(sk); 390 bh_lock_sock(sk);
388 if (!sock_owned_by_user(sk)) 391 if (!sock_owned_by_user(sk))
389 udpv6_queue_rcv_skb(sk, skb); 392 udpv6_queue_rcv_skb(sk, skb);
390 else 393 else
@@ -437,6 +440,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
437 struct net_device *dev = skb->dev; 440 struct net_device *dev = skb->dev;
438 struct in6_addr *saddr, *daddr; 441 struct in6_addr *saddr, *daddr;
439 u32 ulen = 0; 442 u32 ulen = 0;
443 struct net *net = dev_net(skb->dev);
440 444
441 if (!pskb_may_pull(skb, sizeof(struct udphdr))) 445 if (!pskb_may_pull(skb, sizeof(struct udphdr)))
442 goto short_packet; 446 goto short_packet;
@@ -475,7 +479,8 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
475 * Multicast receive code 479 * Multicast receive code
476 */ 480 */
477 if (ipv6_addr_is_multicast(daddr)) 481 if (ipv6_addr_is_multicast(daddr))
478 return __udp6_lib_mcast_deliver(skb, saddr, daddr, udptable); 482 return __udp6_lib_mcast_deliver(net, skb,
483 saddr, daddr, udptable);
479 484
480 /* Unicast */ 485 /* Unicast */
481 486
@@ -483,7 +488,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
483 * check socket cache ... must talk to Alan about his plans 488 * check socket cache ... must talk to Alan about his plans
484 * for sock caches... i'll skip this for now. 489 * for sock caches... i'll skip this for now.
485 */ 490 */
486 sk = __udp6_lib_lookup(dev_net(skb->dev), saddr, uh->source, 491 sk = __udp6_lib_lookup(net, saddr, uh->source,
487 daddr, uh->dest, inet6_iif(skb), udptable); 492 daddr, uh->dest, inet6_iif(skb), udptable);
488 493
489 if (sk == NULL) { 494 if (sk == NULL) {
@@ -492,7 +497,8 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
492 497
493 if (udp_lib_checksum_complete(skb)) 498 if (udp_lib_checksum_complete(skb))
494 goto discard; 499 goto discard;
495 UDP6_INC_STATS_BH(UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); 500 UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
501 proto == IPPROTO_UDPLITE);
496 502
497 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev); 503 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
498 504
@@ -502,7 +508,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
502 508
503 /* deliver */ 509 /* deliver */
504 510
505 bh_lock_sock_nested(sk); 511 bh_lock_sock(sk);
506 if (!sock_owned_by_user(sk)) 512 if (!sock_owned_by_user(sk))
507 udpv6_queue_rcv_skb(sk, skb); 513 udpv6_queue_rcv_skb(sk, skb);
508 else 514 else
@@ -517,7 +523,7 @@ short_packet:
517 ulen, skb->len); 523 ulen, skb->len);
518 524
519discard: 525discard:
520 UDP6_INC_STATS_BH(UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); 526 UDP6_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE);
521 kfree_skb(skb); 527 kfree_skb(skb);
522 return 0; 528 return 0;
523} 529}
@@ -534,7 +540,9 @@ static void udp_v6_flush_pending_frames(struct sock *sk)
534{ 540{
535 struct udp_sock *up = udp_sk(sk); 541 struct udp_sock *up = udp_sk(sk);
536 542
537 if (up->pending) { 543 if (up->pending == AF_INET)
544 udp_flush_pending_frames(sk);
545 else if (up->pending) {
538 up->len = 0; 546 up->len = 0;
539 up->pending = 0; 547 up->pending = 0;
540 ip6_flush_pending_frames(sk); 548 ip6_flush_pending_frames(sk);
@@ -585,7 +593,8 @@ out:
585 up->len = 0; 593 up->len = 0;
586 up->pending = 0; 594 up->pending = 0;
587 if (!err) 595 if (!err)
588 UDP6_INC_STATS_USER(UDP_MIB_OUTDATAGRAMS, is_udplite); 596 UDP6_INC_STATS_USER(sock_net(sk),
597 UDP_MIB_OUTDATAGRAMS, is_udplite);
589 return err; 598 return err;
590} 599}
591 600
@@ -731,7 +740,7 @@ do_udp_sendmsg:
731 memset(opt, 0, sizeof(struct ipv6_txoptions)); 740 memset(opt, 0, sizeof(struct ipv6_txoptions));
732 opt->tot_len = sizeof(*opt); 741 opt->tot_len = sizeof(*opt);
733 742
734 err = datagram_send_ctl(msg, &fl, opt, &hlimit, &tclass); 743 err = datagram_send_ctl(sock_net(sk), msg, &fl, opt, &hlimit, &tclass);
735 if (err < 0) { 744 if (err < 0) {
736 fl6_sock_release(flowlabel); 745 fl6_sock_release(flowlabel);
737 return err; 746 return err;
@@ -848,12 +857,14 @@ do_append_data:
848 } else { 857 } else {
849 dst_release(dst); 858 dst_release(dst);
850 } 859 }
860 dst = NULL;
851 } 861 }
852 862
853 if (err > 0) 863 if (err > 0)
854 err = np->recverr ? net_xmit_errno(err) : 0; 864 err = np->recverr ? net_xmit_errno(err) : 0;
855 release_sock(sk); 865 release_sock(sk);
856out: 866out:
867 dst_release(dst);
857 fl6_sock_release(flowlabel); 868 fl6_sock_release(flowlabel);
858 if (!err) 869 if (!err)
859 return len; 870 return len;
@@ -865,7 +876,8 @@ out:
865 * seems like overkill. 876 * seems like overkill.
866 */ 877 */
867 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 878 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
868 UDP6_INC_STATS_USER(UDP_MIB_SNDBUFERRORS, is_udplite); 879 UDP6_INC_STATS_USER(sock_net(sk),
880 UDP_MIB_SNDBUFERRORS, is_udplite);
869 } 881 }
870 return err; 882 return err;
871 883
@@ -877,15 +889,13 @@ do_confirm:
877 goto out; 889 goto out;
878} 890}
879 891
880int udpv6_destroy_sock(struct sock *sk) 892void udpv6_destroy_sock(struct sock *sk)
881{ 893{
882 lock_sock(sk); 894 lock_sock(sk);
883 udp_v6_flush_pending_frames(sk); 895 udp_v6_flush_pending_frames(sk);
884 release_sock(sk); 896 release_sock(sk);
885 897
886 inet6_destroy_sock(sk); 898 inet6_destroy_sock(sk);
887
888 return 0;
889} 899}
890 900
891/* 901/*
@@ -951,7 +961,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
951 srcp = ntohs(inet->sport); 961 srcp = ntohs(inet->sport);
952 seq_printf(seq, 962 seq_printf(seq,
953 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 963 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
954 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p\n", 964 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
955 bucket, 965 bucket,
956 src->s6_addr32[0], src->s6_addr32[1], 966 src->s6_addr32[0], src->s6_addr32[1],
957 src->s6_addr32[2], src->s6_addr32[3], srcp, 967 src->s6_addr32[2], src->s6_addr32[3], srcp,
@@ -963,7 +973,8 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
963 0, 0L, 0, 973 0, 0L, 0,
964 sock_i_uid(sp), 0, 974 sock_i_uid(sp), 0,
965 sock_i_ino(sp), 975 sock_i_ino(sp),
966 atomic_read(&sp->sk_refcnt), sp); 976 atomic_read(&sp->sk_refcnt), sp,
977 atomic_read(&sp->sk_drops));
967} 978}
968 979
969int udp6_seq_show(struct seq_file *seq, void *v) 980int udp6_seq_show(struct seq_file *seq, void *v)
@@ -974,7 +985,7 @@ int udp6_seq_show(struct seq_file *seq, void *v)
974 "local_address " 985 "local_address "
975 "remote_address " 986 "remote_address "
976 "st tx_queue rx_queue tr tm->when retrnsmt" 987 "st tx_queue rx_queue tr tm->when retrnsmt"
977 " uid timeout inode\n"); 988 " uid timeout inode ref pointer drops\n");
978 else 989 else
979 udp6_sock_seq_show(seq, v, ((struct udp_iter_state *)seq->private)->bucket); 990 udp6_sock_seq_show(seq, v, ((struct udp_iter_state *)seq->private)->bucket);
980 return 0; 991 return 0;
diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index 321b81a4d418..92dd7da766d8 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -29,7 +29,7 @@ extern int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk,
29 struct msghdr *msg, size_t len, 29 struct msghdr *msg, size_t len,
30 int noblock, int flags, int *addr_len); 30 int noblock, int flags, int *addr_len);
31extern int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb); 31extern int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb);
32extern int udpv6_destroy_sock(struct sock *sk); 32extern void udpv6_destroy_sock(struct sock *sk);
33 33
34#ifdef CONFIG_PROC_FS 34#ifdef CONFIG_PROC_FS
35extern int udp6_seq_show(struct seq_file *seq, void *v); 35extern int udp6_seq_show(struct seq_file *seq, void *v);
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index 491efd00a866..f6cdcb348e05 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -2,8 +2,6 @@
2 * UDPLITEv6 An implementation of the UDP-Lite protocol over IPv6. 2 * UDPLITEv6 An implementation of the UDP-Lite protocol over IPv6.
3 * See also net/ipv4/udplite.c 3 * See also net/ipv4/udplite.c
4 * 4 *
5 * Version: $Id: udplite.c,v 1.9 2006/10/19 08:28:10 gerrit Exp $
6 *
7 * Authors: Gerrit Renker <gerrit@erg.abdn.ac.uk> 5 * Authors: Gerrit Renker <gerrit@erg.abdn.ac.uk>
8 * 6 *
9 * Changes: 7 * Changes:
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
index d6ce400f585f..bbd48b101bae 100644
--- a/net/ipv6/xfrm6_mode_beet.c
+++ b/net/ipv6/xfrm6_mode_beet.c
@@ -40,16 +40,39 @@ static void xfrm6_beet_make_header(struct sk_buff *skb)
40static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb) 40static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
41{ 41{
42 struct ipv6hdr *top_iph; 42 struct ipv6hdr *top_iph;
43 43 struct ip_beet_phdr *ph;
44 skb_set_network_header(skb, -x->props.header_len); 44 struct iphdr *iphv4;
45 int optlen, hdr_len;
46
47 iphv4 = ip_hdr(skb);
48 hdr_len = 0;
49 optlen = XFRM_MODE_SKB_CB(skb)->optlen;
50 if (unlikely(optlen))
51 hdr_len += IPV4_BEET_PHMAXLEN - (optlen & 4);
52
53 skb_set_network_header(skb, -x->props.header_len - hdr_len);
54 if (x->sel.family != AF_INET6)
55 skb->network_header += IPV4_BEET_PHMAXLEN;
45 skb->mac_header = skb->network_header + 56 skb->mac_header = skb->network_header +
46 offsetof(struct ipv6hdr, nexthdr); 57 offsetof(struct ipv6hdr, nexthdr);
47 skb->transport_header = skb->network_header + sizeof(*top_iph); 58 skb->transport_header = skb->network_header + sizeof(*top_iph);
48 __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl); 59 ph = (struct ip_beet_phdr *)__skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl-hdr_len);
49 60
50 xfrm6_beet_make_header(skb); 61 xfrm6_beet_make_header(skb);
51 62
52 top_iph = ipv6_hdr(skb); 63 top_iph = ipv6_hdr(skb);
64 if (unlikely(optlen)) {
65
66 BUG_ON(optlen < 0);
67
68 ph->padlen = 4 - (optlen & 4);
69 ph->hdrlen = optlen / 8;
70 ph->nexthdr = top_iph->nexthdr;
71 if (ph->padlen)
72 memset(ph + 1, IPOPT_NOP, ph->padlen);
73
74 top_iph->nexthdr = IPPROTO_BEETPH;
75 }
53 76
54 ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr); 77 ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
55 ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr); 78 ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 8f1e0543b3c4..08e4cbbe3f04 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -52,12 +52,14 @@ static struct dst_entry *xfrm6_dst_lookup(int tos, xfrm_address_t *saddr,
52static int xfrm6_get_saddr(xfrm_address_t *saddr, xfrm_address_t *daddr) 52static int xfrm6_get_saddr(xfrm_address_t *saddr, xfrm_address_t *daddr)
53{ 53{
54 struct dst_entry *dst; 54 struct dst_entry *dst;
55 struct net_device *dev;
55 56
56 dst = xfrm6_dst_lookup(0, NULL, daddr); 57 dst = xfrm6_dst_lookup(0, NULL, daddr);
57 if (IS_ERR(dst)) 58 if (IS_ERR(dst))
58 return -EHOSTUNREACH; 59 return -EHOSTUNREACH;
59 60
60 ipv6_dev_get_saddr(ip6_dst_idev(dst)->dev, 61 dev = ip6_dst_idev(dst)->dev;
62 ipv6_dev_get_saddr(dev_net(dev), dev,
61 (struct in6_addr *)&daddr->a6, 0, 63 (struct in6_addr *)&daddr->a6, 0,
62 (struct in6_addr *)&saddr->a6); 64 (struct in6_addr *)&saddr->a6);
63 dst_release(dst); 65 dst_release(dst);
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 81ae8735f5e3..b6e70f92e7fb 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -335,7 +335,7 @@ static int ipxitf_device_event(struct notifier_block *notifier,
335 struct net_device *dev = ptr; 335 struct net_device *dev = ptr;
336 struct ipx_interface *i, *tmp; 336 struct ipx_interface *i, *tmp;
337 337
338 if (dev_net(dev) != &init_net) 338 if (!net_eq(dev_net(dev), &init_net))
339 return NOTIFY_DONE; 339 return NOTIFY_DONE;
340 340
341 if (event != NETDEV_DOWN && event != NETDEV_UP) 341 if (event != NETDEV_DOWN && event != NETDEV_UP)
@@ -1636,7 +1636,7 @@ static int ipx_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_ty
1636 u16 ipx_pktsize; 1636 u16 ipx_pktsize;
1637 int rc = 0; 1637 int rc = 0;
1638 1638
1639 if (dev_net(dev) != &init_net) 1639 if (!net_eq(dev_net(dev), &init_net))
1640 goto drop; 1640 goto drop;
1641 1641
1642 /* Not ours */ 1642 /* Not ours */
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index ae54b20d0470..3eb5bcc75f99 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1093,11 +1093,6 @@ static int irda_create(struct net *net, struct socket *sock, int protocol)
1093 1093
1094 init_waitqueue_head(&self->query_wait); 1094 init_waitqueue_head(&self->query_wait);
1095 1095
1096 /* Initialise networking socket struct */
1097 sock_init_data(sock, sk); /* Note : set sk->sk_refcnt to 1 */
1098 sk->sk_family = PF_IRDA;
1099 sk->sk_protocol = protocol;
1100
1101 switch (sock->type) { 1096 switch (sock->type) {
1102 case SOCK_STREAM: 1097 case SOCK_STREAM:
1103 sock->ops = &irda_stream_ops; 1098 sock->ops = &irda_stream_ops;
@@ -1124,13 +1119,20 @@ static int irda_create(struct net *net, struct socket *sock, int protocol)
1124 self->max_sdu_size_rx = TTP_SAR_UNBOUND; 1119 self->max_sdu_size_rx = TTP_SAR_UNBOUND;
1125 break; 1120 break;
1126 default: 1121 default:
1122 sk_free(sk);
1127 return -ESOCKTNOSUPPORT; 1123 return -ESOCKTNOSUPPORT;
1128 } 1124 }
1129 break; 1125 break;
1130 default: 1126 default:
1127 sk_free(sk);
1131 return -ESOCKTNOSUPPORT; 1128 return -ESOCKTNOSUPPORT;
1132 } 1129 }
1133 1130
1131 /* Initialise networking socket struct */
1132 sock_init_data(sock, sk); /* Note : set sk->sk_refcnt to 1 */
1133 sk->sk_family = PF_IRDA;
1134 sk->sk_protocol = protocol;
1135
1134 /* Register as a client with IrLMP */ 1136 /* Register as a client with IrLMP */
1135 self->ckey = irlmp_register_client(0, NULL, NULL, NULL); 1137 self->ckey = irlmp_register_client(0, NULL, NULL, NULL);
1136 self->mask.word = 0xffff; 1138 self->mask.word = 0xffff;
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
index 76c3057d0179..e4e2caeb9d82 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -650,12 +650,7 @@ static void ircomm_tty_do_softint(struct work_struct *work)
650 } 650 }
651 651
652 /* Check if user (still) wants to be waken up */ 652 /* Check if user (still) wants to be waken up */
653 if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && 653 tty_wakeup(tty);
654 tty->ldisc.write_wakeup)
655 {
656 (tty->ldisc.write_wakeup)(tty);
657 }
658 wake_up_interruptible(&tty->write_wait);
659} 654}
660 655
661/* 656/*
@@ -1141,6 +1136,7 @@ static int ircomm_tty_data_indication(void *instance, void *sap,
1141 struct sk_buff *skb) 1136 struct sk_buff *skb)
1142{ 1137{
1143 struct ircomm_tty_cb *self = (struct ircomm_tty_cb *) instance; 1138 struct ircomm_tty_cb *self = (struct ircomm_tty_cb *) instance;
1139 struct tty_ldisc *ld;
1144 1140
1145 IRDA_DEBUG(2, "%s()\n", __func__ ); 1141 IRDA_DEBUG(2, "%s()\n", __func__ );
1146 1142
@@ -1173,7 +1169,11 @@ static int ircomm_tty_data_indication(void *instance, void *sap,
1173 * involve the flip buffers, since we are not running in an interrupt 1169 * involve the flip buffers, since we are not running in an interrupt
1174 * handler 1170 * handler
1175 */ 1171 */
1176 self->tty->ldisc.receive_buf(self->tty, skb->data, NULL, skb->len); 1172
1173 ld = tty_ldisc_ref(self->tty);
1174 if (ld)
1175 ld->ops->receive_buf(self->tty, skb->data, NULL, skb->len);
1176 tty_ldisc_deref(ld);
1177 1177
1178 /* No need to kfree_skb - see ircomm_ttp_data_indication() */ 1178 /* No need to kfree_skb - see ircomm_ttp_data_indication() */
1179 1179
diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c
index 90894534f3cc..f17b65af9c9b 100644
--- a/net/irda/irlap_frame.c
+++ b/net/irda/irlap_frame.c
@@ -1326,7 +1326,7 @@ int irlap_driver_rcv(struct sk_buff *skb, struct net_device *dev,
1326 int command; 1326 int command;
1327 __u8 control; 1327 __u8 control;
1328 1328
1329 if (dev_net(dev) != &init_net) 1329 if (!net_eq(dev_net(dev), &init_net))
1330 goto out; 1330 goto out;
1331 1331
1332 /* FIXME: should we get our own field? */ 1332 /* FIXME: should we get our own field? */
diff --git a/net/irda/irnet/irnet.h b/net/irda/irnet/irnet.h
index b001c361ad30..bccf4d0059f0 100644
--- a/net/irda/irnet/irnet.h
+++ b/net/irda/irnet/irnet.h
@@ -241,6 +241,7 @@
241#include <linux/module.h> 241#include <linux/module.h>
242 242
243#include <linux/kernel.h> 243#include <linux/kernel.h>
244#include <linux/smp_lock.h>
244#include <linux/skbuff.h> 245#include <linux/skbuff.h>
245#include <linux/tty.h> 246#include <linux/tty.h>
246#include <linux/proc_fs.h> 247#include <linux/proc_fs.h>
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c
index e0eab5927c4f..6d8ae03c14f5 100644
--- a/net/irda/irnet/irnet_ppp.c
+++ b/net/irda/irnet/irnet_ppp.c
@@ -479,6 +479,7 @@ dev_irnet_open(struct inode * inode,
479 ap = kzalloc(sizeof(*ap), GFP_KERNEL); 479 ap = kzalloc(sizeof(*ap), GFP_KERNEL);
480 DABORT(ap == NULL, -ENOMEM, FS_ERROR, "Can't allocate struct irnet...\n"); 480 DABORT(ap == NULL, -ENOMEM, FS_ERROR, "Can't allocate struct irnet...\n");
481 481
482 lock_kernel();
482 /* initialize the irnet structure */ 483 /* initialize the irnet structure */
483 ap->file = file; 484 ap->file = file;
484 485
@@ -500,6 +501,7 @@ dev_irnet_open(struct inode * inode,
500 { 501 {
501 DERROR(FS_ERROR, "Can't setup IrDA link...\n"); 502 DERROR(FS_ERROR, "Can't setup IrDA link...\n");
502 kfree(ap); 503 kfree(ap);
504 unlock_kernel();
503 return err; 505 return err;
504 } 506 }
505 507
@@ -510,6 +512,7 @@ dev_irnet_open(struct inode * inode,
510 file->private_data = ap; 512 file->private_data = ap;
511 513
512 DEXIT(FS_TRACE, " - ap=0x%p\n", ap); 514 DEXIT(FS_TRACE, " - ap=0x%p\n", ap);
515 unlock_kernel();
513 return 0; 516 return 0;
514} 517}
515 518
@@ -628,8 +631,8 @@ dev_irnet_poll(struct file * file,
628 * This is the way pppd configure us and control us while the PPP 631 * This is the way pppd configure us and control us while the PPP
629 * instance is active. 632 * instance is active.
630 */ 633 */
631static int 634static long
632dev_irnet_ioctl(struct inode * inode, 635dev_irnet_ioctl(
633 struct file * file, 636 struct file * file,
634 unsigned int cmd, 637 unsigned int cmd,
635 unsigned long arg) 638 unsigned long arg)
@@ -660,6 +663,7 @@ dev_irnet_ioctl(struct inode * inode,
660 { 663 {
661 DEBUG(FS_INFO, "Entering PPP discipline.\n"); 664 DEBUG(FS_INFO, "Entering PPP discipline.\n");
662 /* PPP channel setup (ap->chan in configued in dev_irnet_open())*/ 665 /* PPP channel setup (ap->chan in configued in dev_irnet_open())*/
666 lock_kernel();
663 err = ppp_register_channel(&ap->chan); 667 err = ppp_register_channel(&ap->chan);
664 if(err == 0) 668 if(err == 0)
665 { 669 {
@@ -672,12 +676,14 @@ dev_irnet_ioctl(struct inode * inode,
672 } 676 }
673 else 677 else
674 DERROR(FS_ERROR, "Can't setup PPP channel...\n"); 678 DERROR(FS_ERROR, "Can't setup PPP channel...\n");
679 unlock_kernel();
675 } 680 }
676 else 681 else
677 { 682 {
678 /* In theory, should be N_TTY */ 683 /* In theory, should be N_TTY */
679 DEBUG(FS_INFO, "Exiting PPP discipline.\n"); 684 DEBUG(FS_INFO, "Exiting PPP discipline.\n");
680 /* Disconnect from the generic PPP layer */ 685 /* Disconnect from the generic PPP layer */
686 lock_kernel();
681 if(ap->ppp_open) 687 if(ap->ppp_open)
682 { 688 {
683 ap->ppp_open = 0; 689 ap->ppp_open = 0;
@@ -686,24 +692,20 @@ dev_irnet_ioctl(struct inode * inode,
686 else 692 else
687 DERROR(FS_ERROR, "Channel not registered !\n"); 693 DERROR(FS_ERROR, "Channel not registered !\n");
688 err = 0; 694 err = 0;
695 unlock_kernel();
689 } 696 }
690 break; 697 break;
691 698
692 /* Query PPP channel and unit number */ 699 /* Query PPP channel and unit number */
693 case PPPIOCGCHAN: 700 case PPPIOCGCHAN:
694 if(!ap->ppp_open) 701 if(ap->ppp_open && !put_user(ppp_channel_index(&ap->chan),
695 break; 702 (int __user *)argp))
696 if(put_user(ppp_channel_index(&ap->chan), (int __user *)argp)) 703 err = 0;
697 break;
698 DEBUG(FS_INFO, "Query channel.\n");
699 err = 0;
700 break; 704 break;
701 case PPPIOCGUNIT: 705 case PPPIOCGUNIT:
702 if(!ap->ppp_open) 706 lock_kernel();
703 break; 707 if(ap->ppp_open && !put_user(ppp_unit_number(&ap->chan),
704 if(put_user(ppp_unit_number(&ap->chan), (int __user *)argp)) 708 (int __user *)argp))
705 break;
706 DEBUG(FS_INFO, "Query unit number.\n");
707 err = 0; 709 err = 0;
708 break; 710 break;
709 711
@@ -723,34 +725,39 @@ dev_irnet_ioctl(struct inode * inode,
723 DEBUG(FS_INFO, "Standard PPP ioctl.\n"); 725 DEBUG(FS_INFO, "Standard PPP ioctl.\n");
724 if(!capable(CAP_NET_ADMIN)) 726 if(!capable(CAP_NET_ADMIN))
725 err = -EPERM; 727 err = -EPERM;
726 else 728 else {
729 lock_kernel();
727 err = ppp_irnet_ioctl(&ap->chan, cmd, arg); 730 err = ppp_irnet_ioctl(&ap->chan, cmd, arg);
731 unlock_kernel();
732 }
728 break; 733 break;
729 734
730 /* TTY IOCTLs : Pretend that we are a tty, to keep pppd happy */ 735 /* TTY IOCTLs : Pretend that we are a tty, to keep pppd happy */
731 /* Get termios */ 736 /* Get termios */
732 case TCGETS: 737 case TCGETS:
733 DEBUG(FS_INFO, "Get termios.\n"); 738 DEBUG(FS_INFO, "Get termios.\n");
739 lock_kernel();
734#ifndef TCGETS2 740#ifndef TCGETS2
735 if(kernel_termios_to_user_termios((struct termios __user *)argp, &ap->termios)) 741 if(!kernel_termios_to_user_termios((struct termios __user *)argp, &ap->termios))
736 break; 742 err = 0;
737#else 743#else
738 if(kernel_termios_to_user_termios_1((struct termios __user *)argp, &ap->termios)) 744 if(kernel_termios_to_user_termios_1((struct termios __user *)argp, &ap->termios))
739 break; 745 err = 0;
740#endif 746#endif
741 err = 0; 747 unlock_kernel();
742 break; 748 break;
743 /* Set termios */ 749 /* Set termios */
744 case TCSETSF: 750 case TCSETSF:
745 DEBUG(FS_INFO, "Set termios.\n"); 751 DEBUG(FS_INFO, "Set termios.\n");
752 lock_kernel();
746#ifndef TCGETS2 753#ifndef TCGETS2
747 if(user_termios_to_kernel_termios(&ap->termios, (struct termios __user *)argp)) 754 if(!user_termios_to_kernel_termios(&ap->termios, (struct termios __user *)argp))
748 break; 755 err = 0;
749#else 756#else
750 if(user_termios_to_kernel_termios_1(&ap->termios, (struct termios __user *)argp)) 757 if(!user_termios_to_kernel_termios_1(&ap->termios, (struct termios __user *)argp))
751 break; 758 err = 0;
752#endif 759#endif
753 err = 0; 760 unlock_kernel();
754 break; 761 break;
755 762
756 /* Set DTR/RTS */ 763 /* Set DTR/RTS */
@@ -773,7 +780,9 @@ dev_irnet_ioctl(struct inode * inode,
773 * We should also worry that we don't accept junk here and that 780 * We should also worry that we don't accept junk here and that
774 * we get rid of our own buffers */ 781 * we get rid of our own buffers */
775#ifdef FLUSH_TO_PPP 782#ifdef FLUSH_TO_PPP
783 lock_kernel();
776 ppp_output_wakeup(&ap->chan); 784 ppp_output_wakeup(&ap->chan);
785 unlock_kernel();
777#endif /* FLUSH_TO_PPP */ 786#endif /* FLUSH_TO_PPP */
778 err = 0; 787 err = 0;
779 break; 788 break;
@@ -788,7 +797,7 @@ dev_irnet_ioctl(struct inode * inode,
788 797
789 default: 798 default:
790 DERROR(FS_ERROR, "Unsupported ioctl (0x%X)\n", cmd); 799 DERROR(FS_ERROR, "Unsupported ioctl (0x%X)\n", cmd);
791 err = -ENOIOCTLCMD; 800 err = -ENOTTY;
792 } 801 }
793 802
794 DEXIT(FS_TRACE, " - err = 0x%X\n", err); 803 DEXIT(FS_TRACE, " - err = 0x%X\n", err);
diff --git a/net/irda/irnet/irnet_ppp.h b/net/irda/irnet/irnet_ppp.h
index d2beb7df8f7f..d9f8bd4ebd05 100644
--- a/net/irda/irnet/irnet_ppp.h
+++ b/net/irda/irnet/irnet_ppp.h
@@ -76,9 +76,8 @@ static ssize_t
76static unsigned int 76static unsigned int
77 dev_irnet_poll(struct file *, 77 dev_irnet_poll(struct file *,
78 poll_table *); 78 poll_table *);
79static int 79static long
80 dev_irnet_ioctl(struct inode *, 80 dev_irnet_ioctl(struct file *,
81 struct file *,
82 unsigned int, 81 unsigned int,
83 unsigned long); 82 unsigned long);
84/* ------------------------ PPP INTERFACE ------------------------ */ 83/* ------------------------ PPP INTERFACE ------------------------ */
@@ -102,7 +101,7 @@ static struct file_operations irnet_device_fops =
102 .read = dev_irnet_read, 101 .read = dev_irnet_read,
103 .write = dev_irnet_write, 102 .write = dev_irnet_write,
104 .poll = dev_irnet_poll, 103 .poll = dev_irnet_poll,
105 .ioctl = dev_irnet_ioctl, 104 .unlocked_ioctl = dev_irnet_ioctl,
106 .open = dev_irnet_open, 105 .open = dev_irnet_open,
107 .release = dev_irnet_close 106 .release = dev_irnet_close
108 /* Also : llseek, readdir, mmap, flush, fsync, fasync, lock, readv, writev */ 107 /* Also : llseek, readdir, mmap, flush, fsync, fasync, lock, readv, writev */
diff --git a/net/irda/irnetlink.c b/net/irda/irnetlink.c
index 9e1fb82e3220..2f05ec1037ab 100644
--- a/net/irda/irnetlink.c
+++ b/net/irda/irnetlink.c
@@ -101,8 +101,8 @@ static int irda_nl_get_mode(struct sk_buff *skb, struct genl_info *info)
101 101
102 hdr = genlmsg_put(msg, info->snd_pid, info->snd_seq, 102 hdr = genlmsg_put(msg, info->snd_pid, info->snd_seq,
103 &irda_nl_family, 0, IRDA_NL_CMD_GET_MODE); 103 &irda_nl_family, 0, IRDA_NL_CMD_GET_MODE);
104 if (IS_ERR(hdr)) { 104 if (hdr == NULL) {
105 ret = PTR_ERR(hdr); 105 ret = -EMSGSIZE;
106 goto err_out; 106 goto err_out;
107 } 107 }
108 108
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 7b0038f45b16..29f7baa25110 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -644,6 +644,7 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
644 } 644 }
645 645
646 txmsg.class = 0; 646 txmsg.class = 0;
647 memcpy(&txmsg.class, skb->data, skb->len >= 4 ? 4 : skb->len);
647 txmsg.tag = iucv->send_tag++; 648 txmsg.tag = iucv->send_tag++;
648 memcpy(skb->cb, &txmsg.tag, 4); 649 memcpy(skb->cb, &txmsg.tag, 4);
649 skb_queue_tail(&iucv->send_skb_q, skb); 650 skb_queue_tail(&iucv->send_skb_q, skb);
@@ -1135,8 +1136,7 @@ static void iucv_callback_txdone(struct iucv_path *path,
1135 if (this) 1136 if (this)
1136 kfree_skb(this); 1137 kfree_skb(this);
1137 } 1138 }
1138 if (!this) 1139 BUG_ON(!this);
1139 printk(KERN_ERR "AF_IUCV msg tag %u not found\n", msg->tag);
1140 1140
1141 if (sk->sk_state == IUCV_CLOSING) { 1141 if (sk->sk_state == IUCV_CLOSING) {
1142 if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) { 1142 if (skb_queue_empty(&iucv_sk(sk)->send_skb_q)) {
@@ -1196,7 +1196,7 @@ static int __init afiucv_init(void)
1196 } 1196 }
1197 cpcmd("QUERY USERID", iucv_userid, sizeof(iucv_userid), &err); 1197 cpcmd("QUERY USERID", iucv_userid, sizeof(iucv_userid), &err);
1198 if (unlikely(err)) { 1198 if (unlikely(err)) {
1199 printk(KERN_ERR "AF_IUCV needs the VM userid\n"); 1199 WARN_ON(err);
1200 err = -EPROTONOSUPPORT; 1200 err = -EPROTONOSUPPORT;
1201 goto out; 1201 goto out;
1202 } 1202 }
@@ -1210,7 +1210,6 @@ static int __init afiucv_init(void)
1210 err = sock_register(&iucv_sock_family_ops); 1210 err = sock_register(&iucv_sock_family_ops);
1211 if (err) 1211 if (err)
1212 goto out_proto; 1212 goto out_proto;
1213 printk(KERN_INFO "AF_IUCV lowlevel driver initialized\n");
1214 return 0; 1213 return 0;
1215 1214
1216out_proto: 1215out_proto:
@@ -1226,8 +1225,6 @@ static void __exit afiucv_exit(void)
1226 sock_unregister(PF_IUCV); 1225 sock_unregister(PF_IUCV);
1227 proto_unregister(&iucv_proto); 1226 proto_unregister(&iucv_proto);
1228 iucv_unregister(&af_iucv_handler, 0); 1227 iucv_unregister(&af_iucv_handler, 0);
1229
1230 printk(KERN_INFO "AF_IUCV lowlevel driver unloaded\n");
1231} 1228}
1232 1229
1233module_init(afiucv_init); 1230module_init(afiucv_init);
diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
index 918970762131..705959b31e24 100644
--- a/net/iucv/iucv.c
+++ b/net/iucv/iucv.c
@@ -474,14 +474,14 @@ static void iucv_setmask_mp(void)
474{ 474{
475 int cpu; 475 int cpu;
476 476
477 preempt_disable(); 477 get_online_cpus();
478 for_each_online_cpu(cpu) 478 for_each_online_cpu(cpu)
479 /* Enable all cpus with a declared buffer. */ 479 /* Enable all cpus with a declared buffer. */
480 if (cpu_isset(cpu, iucv_buffer_cpumask) && 480 if (cpu_isset(cpu, iucv_buffer_cpumask) &&
481 !cpu_isset(cpu, iucv_irq_cpumask)) 481 !cpu_isset(cpu, iucv_irq_cpumask))
482 smp_call_function_single(cpu, iucv_allow_cpu, 482 smp_call_function_single(cpu, iucv_allow_cpu,
483 NULL, 0, 1); 483 NULL, 1);
484 preempt_enable(); 484 put_online_cpus();
485} 485}
486 486
487/** 487/**
@@ -497,8 +497,8 @@ static void iucv_setmask_up(void)
497 /* Disable all cpu but the first in cpu_irq_cpumask. */ 497 /* Disable all cpu but the first in cpu_irq_cpumask. */
498 cpumask = iucv_irq_cpumask; 498 cpumask = iucv_irq_cpumask;
499 cpu_clear(first_cpu(iucv_irq_cpumask), cpumask); 499 cpu_clear(first_cpu(iucv_irq_cpumask), cpumask);
500 for_each_cpu_mask(cpu, cpumask) 500 for_each_cpu_mask_nr(cpu, cpumask)
501 smp_call_function_single(cpu, iucv_block_cpu, NULL, 0, 1); 501 smp_call_function_single(cpu, iucv_block_cpu, NULL, 1);
502} 502}
503 503
504/** 504/**
@@ -521,16 +521,18 @@ static int iucv_enable(void)
521 goto out; 521 goto out;
522 /* Declare per cpu buffers. */ 522 /* Declare per cpu buffers. */
523 rc = -EIO; 523 rc = -EIO;
524 preempt_disable(); 524 get_online_cpus();
525 for_each_online_cpu(cpu) 525 for_each_online_cpu(cpu)
526 smp_call_function_single(cpu, iucv_declare_cpu, NULL, 0, 1); 526 smp_call_function_single(cpu, iucv_declare_cpu, NULL, 1);
527 preempt_enable(); 527 preempt_enable();
528 if (cpus_empty(iucv_buffer_cpumask)) 528 if (cpus_empty(iucv_buffer_cpumask))
529 /* No cpu could declare an iucv buffer. */ 529 /* No cpu could declare an iucv buffer. */
530 goto out_path; 530 goto out_path;
531 put_online_cpus();
531 return 0; 532 return 0;
532 533
533out_path: 534out_path:
535 put_online_cpus();
534 kfree(iucv_path_table); 536 kfree(iucv_path_table);
535out: 537out:
536 return rc; 538 return rc;
@@ -545,7 +547,7 @@ out:
545 */ 547 */
546static void iucv_disable(void) 548static void iucv_disable(void)
547{ 549{
548 on_each_cpu(iucv_retrieve_cpu, NULL, 0, 1); 550 on_each_cpu(iucv_retrieve_cpu, NULL, 1);
549 kfree(iucv_path_table); 551 kfree(iucv_path_table);
550} 552}
551 553
@@ -564,8 +566,11 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self,
564 return NOTIFY_BAD; 566 return NOTIFY_BAD;
565 iucv_param[cpu] = kmalloc_node(sizeof(union iucv_param), 567 iucv_param[cpu] = kmalloc_node(sizeof(union iucv_param),
566 GFP_KERNEL|GFP_DMA, cpu_to_node(cpu)); 568 GFP_KERNEL|GFP_DMA, cpu_to_node(cpu));
567 if (!iucv_param[cpu]) 569 if (!iucv_param[cpu]) {
570 kfree(iucv_irq_data[cpu]);
571 iucv_irq_data[cpu] = NULL;
568 return NOTIFY_BAD; 572 return NOTIFY_BAD;
573 }
569 break; 574 break;
570 case CPU_UP_CANCELED: 575 case CPU_UP_CANCELED:
571 case CPU_UP_CANCELED_FROZEN: 576 case CPU_UP_CANCELED_FROZEN:
@@ -580,7 +585,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self,
580 case CPU_ONLINE_FROZEN: 585 case CPU_ONLINE_FROZEN:
581 case CPU_DOWN_FAILED: 586 case CPU_DOWN_FAILED:
582 case CPU_DOWN_FAILED_FROZEN: 587 case CPU_DOWN_FAILED_FROZEN:
583 smp_call_function_single(cpu, iucv_declare_cpu, NULL, 0, 1); 588 smp_call_function_single(cpu, iucv_declare_cpu, NULL, 1);
584 break; 589 break;
585 case CPU_DOWN_PREPARE: 590 case CPU_DOWN_PREPARE:
586 case CPU_DOWN_PREPARE_FROZEN: 591 case CPU_DOWN_PREPARE_FROZEN:
@@ -589,16 +594,16 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self,
589 if (cpus_empty(cpumask)) 594 if (cpus_empty(cpumask))
590 /* Can't offline last IUCV enabled cpu. */ 595 /* Can't offline last IUCV enabled cpu. */
591 return NOTIFY_BAD; 596 return NOTIFY_BAD;
592 smp_call_function_single(cpu, iucv_retrieve_cpu, NULL, 0, 1); 597 smp_call_function_single(cpu, iucv_retrieve_cpu, NULL, 1);
593 if (cpus_empty(iucv_irq_cpumask)) 598 if (cpus_empty(iucv_irq_cpumask))
594 smp_call_function_single(first_cpu(iucv_buffer_cpumask), 599 smp_call_function_single(first_cpu(iucv_buffer_cpumask),
595 iucv_allow_cpu, NULL, 0, 1); 600 iucv_allow_cpu, NULL, 1);
596 break; 601 break;
597 } 602 }
598 return NOTIFY_OK; 603 return NOTIFY_OK;
599} 604}
600 605
601static struct notifier_block __cpuinitdata iucv_cpu_notifier = { 606static struct notifier_block __refdata iucv_cpu_notifier = {
602 .notifier_call = iucv_cpu_notify, 607 .notifier_call = iucv_cpu_notify,
603}; 608};
604 609
@@ -652,7 +657,7 @@ static void iucv_cleanup_queue(void)
652 * pending interrupts force them to the work queue by calling 657 * pending interrupts force them to the work queue by calling
653 * an empty function on all cpus. 658 * an empty function on all cpus.
654 */ 659 */
655 smp_call_function(__iucv_cleanup_queue, NULL, 0, 1); 660 smp_call_function(__iucv_cleanup_queue, NULL, 1);
656 spin_lock_irq(&iucv_queue_lock); 661 spin_lock_irq(&iucv_queue_lock);
657 list_for_each_entry_safe(p, n, &iucv_task_queue, list) { 662 list_for_each_entry_safe(p, n, &iucv_task_queue, list) {
658 /* Remove stale work items from the task queue. */ 663 /* Remove stale work items from the task queue. */
@@ -1559,16 +1564,11 @@ static void iucv_external_interrupt(u16 code)
1559 1564
1560 p = iucv_irq_data[smp_processor_id()]; 1565 p = iucv_irq_data[smp_processor_id()];
1561 if (p->ippathid >= iucv_max_pathid) { 1566 if (p->ippathid >= iucv_max_pathid) {
1562 printk(KERN_WARNING "iucv_do_int: Got interrupt with " 1567 WARN_ON(p->ippathid >= iucv_max_pathid);
1563 "pathid %d > max_connections (%ld)\n",
1564 p->ippathid, iucv_max_pathid - 1);
1565 iucv_sever_pathid(p->ippathid, iucv_error_no_listener); 1568 iucv_sever_pathid(p->ippathid, iucv_error_no_listener);
1566 return; 1569 return;
1567 } 1570 }
1568 if (p->iptype < 0x01 || p->iptype > 0x09) { 1571 BUG_ON(p->iptype < 0x01 || p->iptype > 0x09);
1569 printk(KERN_ERR "iucv_do_int: unknown iucv interrupt\n");
1570 return;
1571 }
1572 work = kmalloc(sizeof(struct iucv_irq_list), GFP_ATOMIC); 1572 work = kmalloc(sizeof(struct iucv_irq_list), GFP_ATOMIC);
1573 if (!work) { 1573 if (!work) {
1574 printk(KERN_WARNING "iucv_external_interrupt: out of memory\n"); 1574 printk(KERN_WARNING "iucv_external_interrupt: out of memory\n");
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 9bba7ac5fee0..d628df97e02e 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -96,8 +96,8 @@ static void pfkey_sock_destruct(struct sock *sk)
96 return; 96 return;
97 } 97 }
98 98
99 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 99 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
100 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 100 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
101 101
102 atomic_dec(&pfkey_socks_nr); 102 atomic_dec(&pfkey_socks_nr);
103} 103}
@@ -579,25 +579,43 @@ static uint8_t pfkey_proto_from_xfrm(uint8_t proto)
579 return (proto ? proto : IPSEC_PROTO_ANY); 579 return (proto ? proto : IPSEC_PROTO_ANY);
580} 580}
581 581
582static int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, 582static inline int pfkey_sockaddr_len(sa_family_t family)
583 xfrm_address_t *xaddr)
584{ 583{
585 switch (((struct sockaddr*)(addr + 1))->sa_family) { 584 switch (family) {
585 case AF_INET:
586 return sizeof(struct sockaddr_in);
587#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
588 case AF_INET6:
589 return sizeof(struct sockaddr_in6);
590#endif
591 }
592 return 0;
593}
594
595static
596int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
597{
598 switch (sa->sa_family) {
586 case AF_INET: 599 case AF_INET:
587 xaddr->a4 = 600 xaddr->a4 =
588 ((struct sockaddr_in *)(addr + 1))->sin_addr.s_addr; 601 ((struct sockaddr_in *)sa)->sin_addr.s_addr;
589 return AF_INET; 602 return AF_INET;
590#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 603#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
591 case AF_INET6: 604 case AF_INET6:
592 memcpy(xaddr->a6, 605 memcpy(xaddr->a6,
593 &((struct sockaddr_in6 *)(addr + 1))->sin6_addr, 606 &((struct sockaddr_in6 *)sa)->sin6_addr,
594 sizeof(struct in6_addr)); 607 sizeof(struct in6_addr));
595 return AF_INET6; 608 return AF_INET6;
596#endif 609#endif
597 default:
598 return 0;
599 } 610 }
600 /* NOTREACHED */ 611 return 0;
612}
613
614static
615int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, xfrm_address_t *xaddr)
616{
617 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
618 xaddr);
601} 619}
602 620
603static struct xfrm_state *pfkey_xfrm_state_lookup(struct sadb_msg *hdr, void **ext_hdrs) 621static struct xfrm_state *pfkey_xfrm_state_lookup(struct sadb_msg *hdr, void **ext_hdrs)
@@ -642,20 +660,11 @@ static struct xfrm_state *pfkey_xfrm_state_lookup(struct sadb_msg *hdr, void **
642} 660}
643 661
644#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) 662#define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
663
645static int 664static int
646pfkey_sockaddr_size(sa_family_t family) 665pfkey_sockaddr_size(sa_family_t family)
647{ 666{
648 switch (family) { 667 return PFKEY_ALIGN8(pfkey_sockaddr_len(family));
649 case AF_INET:
650 return PFKEY_ALIGN8(sizeof(struct sockaddr_in));
651#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
652 case AF_INET6:
653 return PFKEY_ALIGN8(sizeof(struct sockaddr_in6));
654#endif
655 default:
656 return 0;
657 }
658 /* NOTREACHED */
659} 668}
660 669
661static inline int pfkey_mode_from_xfrm(int mode) 670static inline int pfkey_mode_from_xfrm(int mode)
@@ -687,6 +696,36 @@ static inline int pfkey_mode_to_xfrm(int mode)
687 } 696 }
688} 697}
689 698
699static unsigned int pfkey_sockaddr_fill(xfrm_address_t *xaddr, __be16 port,
700 struct sockaddr *sa,
701 unsigned short family)
702{
703 switch (family) {
704 case AF_INET:
705 {
706 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
707 sin->sin_family = AF_INET;
708 sin->sin_port = port;
709 sin->sin_addr.s_addr = xaddr->a4;
710 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
711 return 32;
712 }
713#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
714 case AF_INET6:
715 {
716 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
717 sin6->sin6_family = AF_INET6;
718 sin6->sin6_port = port;
719 sin6->sin6_flowinfo = 0;
720 ipv6_addr_copy(&sin6->sin6_addr, (struct in6_addr *)xaddr->a6);
721 sin6->sin6_scope_id = 0;
722 return 128;
723 }
724#endif
725 }
726 return 0;
727}
728
690static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x, 729static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
691 int add_keys, int hsc) 730 int add_keys, int hsc)
692{ 731{
@@ -697,13 +736,9 @@ static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
697 struct sadb_address *addr; 736 struct sadb_address *addr;
698 struct sadb_key *key; 737 struct sadb_key *key;
699 struct sadb_x_sa2 *sa2; 738 struct sadb_x_sa2 *sa2;
700 struct sockaddr_in *sin;
701 struct sadb_x_sec_ctx *sec_ctx; 739 struct sadb_x_sec_ctx *sec_ctx;
702 struct xfrm_sec_ctx *xfrm_ctx; 740 struct xfrm_sec_ctx *xfrm_ctx;
703 int ctx_size = 0; 741 int ctx_size = 0;
704#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
705 struct sockaddr_in6 *sin6;
706#endif
707 int size; 742 int size;
708 int auth_key_size = 0; 743 int auth_key_size = 0;
709 int encrypt_key_size = 0; 744 int encrypt_key_size = 0;
@@ -732,14 +767,7 @@ static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
732 } 767 }
733 768
734 /* identity & sensitivity */ 769 /* identity & sensitivity */
735 770 if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr, x->props.family))
736 if ((x->props.family == AF_INET &&
737 x->sel.saddr.a4 != x->props.saddr.a4)
738#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
739 || (x->props.family == AF_INET6 &&
740 memcmp (x->sel.saddr.a6, x->props.saddr.a6, sizeof (struct in6_addr)))
741#endif
742 )
743 size += sizeof(struct sadb_address) + sockaddr_size; 771 size += sizeof(struct sadb_address) + sockaddr_size;
744 772
745 if (add_keys) { 773 if (add_keys) {
@@ -861,29 +889,12 @@ static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
861 protocol's number." - RFC2367 */ 889 protocol's number." - RFC2367 */
862 addr->sadb_address_proto = 0; 890 addr->sadb_address_proto = 0;
863 addr->sadb_address_reserved = 0; 891 addr->sadb_address_reserved = 0;
864 if (x->props.family == AF_INET) {
865 addr->sadb_address_prefixlen = 32;
866 892
867 sin = (struct sockaddr_in *) (addr + 1); 893 addr->sadb_address_prefixlen =
868 sin->sin_family = AF_INET; 894 pfkey_sockaddr_fill(&x->props.saddr, 0,
869 sin->sin_addr.s_addr = x->props.saddr.a4; 895 (struct sockaddr *) (addr + 1),
870 sin->sin_port = 0; 896 x->props.family);
871 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 897 if (!addr->sadb_address_prefixlen)
872 }
873#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
874 else if (x->props.family == AF_INET6) {
875 addr->sadb_address_prefixlen = 128;
876
877 sin6 = (struct sockaddr_in6 *) (addr + 1);
878 sin6->sin6_family = AF_INET6;
879 sin6->sin6_port = 0;
880 sin6->sin6_flowinfo = 0;
881 memcpy(&sin6->sin6_addr, x->props.saddr.a6,
882 sizeof(struct in6_addr));
883 sin6->sin6_scope_id = 0;
884 }
885#endif
886 else
887 BUG(); 898 BUG();
888 899
889 /* dst address */ 900 /* dst address */
@@ -894,70 +905,32 @@ static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
894 sizeof(uint64_t); 905 sizeof(uint64_t);
895 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 906 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
896 addr->sadb_address_proto = 0; 907 addr->sadb_address_proto = 0;
897 addr->sadb_address_prefixlen = 32; /* XXX */
898 addr->sadb_address_reserved = 0; 908 addr->sadb_address_reserved = 0;
899 if (x->props.family == AF_INET) {
900 sin = (struct sockaddr_in *) (addr + 1);
901 sin->sin_family = AF_INET;
902 sin->sin_addr.s_addr = x->id.daddr.a4;
903 sin->sin_port = 0;
904 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
905 909
906 if (x->sel.saddr.a4 != x->props.saddr.a4) { 910 addr->sadb_address_prefixlen =
907 addr = (struct sadb_address*) skb_put(skb, 911 pfkey_sockaddr_fill(&x->id.daddr, 0,
908 sizeof(struct sadb_address)+sockaddr_size); 912 (struct sockaddr *) (addr + 1),
909 addr->sadb_address_len = 913 x->props.family);
910 (sizeof(struct sadb_address)+sockaddr_size)/ 914 if (!addr->sadb_address_prefixlen)
911 sizeof(uint64_t); 915 BUG();
912 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
913 addr->sadb_address_proto =
914 pfkey_proto_from_xfrm(x->sel.proto);
915 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
916 addr->sadb_address_reserved = 0;
917
918 sin = (struct sockaddr_in *) (addr + 1);
919 sin->sin_family = AF_INET;
920 sin->sin_addr.s_addr = x->sel.saddr.a4;
921 sin->sin_port = x->sel.sport;
922 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
923 }
924 }
925#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
926 else if (x->props.family == AF_INET6) {
927 addr->sadb_address_prefixlen = 128;
928 916
929 sin6 = (struct sockaddr_in6 *) (addr + 1); 917 if (xfrm_addr_cmp(&x->sel.saddr, &x->props.saddr,
930 sin6->sin6_family = AF_INET6; 918 x->props.family)) {
931 sin6->sin6_port = 0; 919 addr = (struct sadb_address*) skb_put(skb,
932 sin6->sin6_flowinfo = 0; 920 sizeof(struct sadb_address)+sockaddr_size);
933 memcpy(&sin6->sin6_addr, x->id.daddr.a6, sizeof(struct in6_addr)); 921 addr->sadb_address_len =
934 sin6->sin6_scope_id = 0; 922 (sizeof(struct sadb_address)+sockaddr_size)/
923 sizeof(uint64_t);
924 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
925 addr->sadb_address_proto =
926 pfkey_proto_from_xfrm(x->sel.proto);
927 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
928 addr->sadb_address_reserved = 0;
935 929
936 if (memcmp (x->sel.saddr.a6, x->props.saddr.a6, 930 pfkey_sockaddr_fill(&x->sel.saddr, x->sel.sport,
937 sizeof(struct in6_addr))) { 931 (struct sockaddr *) (addr + 1),
938 addr = (struct sadb_address *) skb_put(skb, 932 x->props.family);
939 sizeof(struct sadb_address)+sockaddr_size);
940 addr->sadb_address_len =
941 (sizeof(struct sadb_address)+sockaddr_size)/
942 sizeof(uint64_t);
943 addr->sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
944 addr->sadb_address_proto =
945 pfkey_proto_from_xfrm(x->sel.proto);
946 addr->sadb_address_prefixlen = x->sel.prefixlen_s;
947 addr->sadb_address_reserved = 0;
948
949 sin6 = (struct sockaddr_in6 *) (addr + 1);
950 sin6->sin6_family = AF_INET6;
951 sin6->sin6_port = x->sel.sport;
952 sin6->sin6_flowinfo = 0;
953 memcpy(&sin6->sin6_addr, x->sel.saddr.a6,
954 sizeof(struct in6_addr));
955 sin6->sin6_scope_id = 0;
956 }
957 } 933 }
958#endif
959 else
960 BUG();
961 934
962 /* auth key */ 935 /* auth key */
963 if (add_keys && auth_key_size) { 936 if (add_keys && auth_key_size) {
@@ -1853,10 +1826,6 @@ static int
1853parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq) 1826parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1854{ 1827{
1855 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr; 1828 struct xfrm_tmpl *t = xp->xfrm_vec + xp->xfrm_nr;
1856 struct sockaddr_in *sin;
1857#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1858 struct sockaddr_in6 *sin6;
1859#endif
1860 int mode; 1829 int mode;
1861 1830
1862 if (xp->xfrm_nr >= XFRM_MAX_DEPTH) 1831 if (xp->xfrm_nr >= XFRM_MAX_DEPTH)
@@ -1881,31 +1850,19 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq)
1881 1850
1882 /* addresses present only in tunnel mode */ 1851 /* addresses present only in tunnel mode */
1883 if (t->mode == XFRM_MODE_TUNNEL) { 1852 if (t->mode == XFRM_MODE_TUNNEL) {
1884 struct sockaddr *sa; 1853 u8 *sa = (u8 *) (rq + 1);
1885 sa = (struct sockaddr *)(rq+1); 1854 int family, socklen;
1886 switch(sa->sa_family) { 1855
1887 case AF_INET: 1856 family = pfkey_sockaddr_extract((struct sockaddr *)sa,
1888 sin = (struct sockaddr_in*)sa; 1857 &t->saddr);
1889 t->saddr.a4 = sin->sin_addr.s_addr; 1858 if (!family)
1890 sin++;
1891 if (sin->sin_family != AF_INET)
1892 return -EINVAL;
1893 t->id.daddr.a4 = sin->sin_addr.s_addr;
1894 break;
1895#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1896 case AF_INET6:
1897 sin6 = (struct sockaddr_in6*)sa;
1898 memcpy(t->saddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr));
1899 sin6++;
1900 if (sin6->sin6_family != AF_INET6)
1901 return -EINVAL;
1902 memcpy(t->id.daddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr));
1903 break;
1904#endif
1905 default:
1906 return -EINVAL; 1859 return -EINVAL;
1907 } 1860
1908 t->encap_family = sa->sa_family; 1861 socklen = pfkey_sockaddr_len(family);
1862 if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen),
1863 &t->id.daddr) != family)
1864 return -EINVAL;
1865 t->encap_family = family;
1909 } else 1866 } else
1910 t->encap_family = xp->family; 1867 t->encap_family = xp->family;
1911 1868
@@ -1952,9 +1909,7 @@ static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp)
1952 1909
1953 for (i=0; i<xp->xfrm_nr; i++) { 1910 for (i=0; i<xp->xfrm_nr; i++) {
1954 t = xp->xfrm_vec + i; 1911 t = xp->xfrm_vec + i;
1955 socklen += (t->encap_family == AF_INET ? 1912 socklen += pfkey_sockaddr_len(t->encap_family);
1956 sizeof(struct sockaddr_in) :
1957 sizeof(struct sockaddr_in6));
1958 } 1913 }
1959 1914
1960 return sizeof(struct sadb_msg) + 1915 return sizeof(struct sadb_msg) +
@@ -1987,18 +1942,12 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in
1987 struct sadb_address *addr; 1942 struct sadb_address *addr;
1988 struct sadb_lifetime *lifetime; 1943 struct sadb_lifetime *lifetime;
1989 struct sadb_x_policy *pol; 1944 struct sadb_x_policy *pol;
1990 struct sockaddr_in *sin;
1991 struct sadb_x_sec_ctx *sec_ctx; 1945 struct sadb_x_sec_ctx *sec_ctx;
1992 struct xfrm_sec_ctx *xfrm_ctx; 1946 struct xfrm_sec_ctx *xfrm_ctx;
1993#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1994 struct sockaddr_in6 *sin6;
1995#endif
1996 int i; 1947 int i;
1997 int size; 1948 int size;
1998 int sockaddr_size = pfkey_sockaddr_size(xp->family); 1949 int sockaddr_size = pfkey_sockaddr_size(xp->family);
1999 int socklen = (xp->family == AF_INET ? 1950 int socklen = pfkey_sockaddr_len(xp->family);
2000 sizeof(struct sockaddr_in) :
2001 sizeof(struct sockaddr_in6));
2002 1951
2003 size = pfkey_xfrm_policy2msg_size(xp); 1952 size = pfkey_xfrm_policy2msg_size(xp);
2004 1953
@@ -2016,26 +1965,10 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in
2016 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 1965 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2017 addr->sadb_address_prefixlen = xp->selector.prefixlen_s; 1966 addr->sadb_address_prefixlen = xp->selector.prefixlen_s;
2018 addr->sadb_address_reserved = 0; 1967 addr->sadb_address_reserved = 0;
2019 /* src address */ 1968 if (!pfkey_sockaddr_fill(&xp->selector.saddr,
2020 if (xp->family == AF_INET) { 1969 xp->selector.sport,
2021 sin = (struct sockaddr_in *) (addr + 1); 1970 (struct sockaddr *) (addr + 1),
2022 sin->sin_family = AF_INET; 1971 xp->family))
2023 sin->sin_addr.s_addr = xp->selector.saddr.a4;
2024 sin->sin_port = xp->selector.sport;
2025 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2026 }
2027#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2028 else if (xp->family == AF_INET6) {
2029 sin6 = (struct sockaddr_in6 *) (addr + 1);
2030 sin6->sin6_family = AF_INET6;
2031 sin6->sin6_port = xp->selector.sport;
2032 sin6->sin6_flowinfo = 0;
2033 memcpy(&sin6->sin6_addr, xp->selector.saddr.a6,
2034 sizeof(struct in6_addr));
2035 sin6->sin6_scope_id = 0;
2036 }
2037#endif
2038 else
2039 BUG(); 1972 BUG();
2040 1973
2041 /* dst address */ 1974 /* dst address */
@@ -2048,26 +1981,10 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in
2048 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto); 1981 addr->sadb_address_proto = pfkey_proto_from_xfrm(xp->selector.proto);
2049 addr->sadb_address_prefixlen = xp->selector.prefixlen_d; 1982 addr->sadb_address_prefixlen = xp->selector.prefixlen_d;
2050 addr->sadb_address_reserved = 0; 1983 addr->sadb_address_reserved = 0;
2051 if (xp->family == AF_INET) { 1984
2052 sin = (struct sockaddr_in *) (addr + 1); 1985 pfkey_sockaddr_fill(&xp->selector.daddr, xp->selector.dport,
2053 sin->sin_family = AF_INET; 1986 (struct sockaddr *) (addr + 1),
2054 sin->sin_addr.s_addr = xp->selector.daddr.a4; 1987 xp->family);
2055 sin->sin_port = xp->selector.dport;
2056 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2057 }
2058#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2059 else if (xp->family == AF_INET6) {
2060 sin6 = (struct sockaddr_in6 *) (addr + 1);
2061 sin6->sin6_family = AF_INET6;
2062 sin6->sin6_port = xp->selector.dport;
2063 sin6->sin6_flowinfo = 0;
2064 memcpy(&sin6->sin6_addr, xp->selector.daddr.a6,
2065 sizeof(struct in6_addr));
2066 sin6->sin6_scope_id = 0;
2067 }
2068#endif
2069 else
2070 BUG();
2071 1988
2072 /* hard time */ 1989 /* hard time */
2073 lifetime = (struct sadb_lifetime *) skb_put(skb, 1990 lifetime = (struct sadb_lifetime *) skb_put(skb,
@@ -2121,12 +2038,13 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in
2121 int mode; 2038 int mode;
2122 2039
2123 req_size = sizeof(struct sadb_x_ipsecrequest); 2040 req_size = sizeof(struct sadb_x_ipsecrequest);
2124 if (t->mode == XFRM_MODE_TUNNEL) 2041 if (t->mode == XFRM_MODE_TUNNEL) {
2125 req_size += ((t->encap_family == AF_INET ? 2042 socklen = pfkey_sockaddr_len(t->encap_family);
2126 sizeof(struct sockaddr_in) : 2043 req_size += socklen * 2;
2127 sizeof(struct sockaddr_in6)) * 2); 2044 } else {
2128 else
2129 size -= 2*socklen; 2045 size -= 2*socklen;
2046 socklen = 0;
2047 }
2130 rq = (void*)skb_put(skb, req_size); 2048 rq = (void*)skb_put(skb, req_size);
2131 pol->sadb_x_policy_len += req_size/8; 2049 pol->sadb_x_policy_len += req_size/8;
2132 memset(rq, 0, sizeof(*rq)); 2050 memset(rq, 0, sizeof(*rq));
@@ -2141,42 +2059,15 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in
2141 if (t->optional) 2059 if (t->optional)
2142 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE; 2060 rq->sadb_x_ipsecrequest_level = IPSEC_LEVEL_USE;
2143 rq->sadb_x_ipsecrequest_reqid = t->reqid; 2061 rq->sadb_x_ipsecrequest_reqid = t->reqid;
2062
2144 if (t->mode == XFRM_MODE_TUNNEL) { 2063 if (t->mode == XFRM_MODE_TUNNEL) {
2145 switch (t->encap_family) { 2064 u8 *sa = (void *)(rq + 1);
2146 case AF_INET: 2065 pfkey_sockaddr_fill(&t->saddr, 0,
2147 sin = (void*)(rq+1); 2066 (struct sockaddr *)sa,
2148 sin->sin_family = AF_INET; 2067 t->encap_family);
2149 sin->sin_addr.s_addr = t->saddr.a4; 2068 pfkey_sockaddr_fill(&t->id.daddr, 0,
2150 sin->sin_port = 0; 2069 (struct sockaddr *) (sa + socklen),
2151 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 2070 t->encap_family);
2152 sin++;
2153 sin->sin_family = AF_INET;
2154 sin->sin_addr.s_addr = t->id.daddr.a4;
2155 sin->sin_port = 0;
2156 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
2157 break;
2158#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2159 case AF_INET6:
2160 sin6 = (void*)(rq+1);
2161 sin6->sin6_family = AF_INET6;
2162 sin6->sin6_port = 0;
2163 sin6->sin6_flowinfo = 0;
2164 memcpy(&sin6->sin6_addr, t->saddr.a6,
2165 sizeof(struct in6_addr));
2166 sin6->sin6_scope_id = 0;
2167
2168 sin6++;
2169 sin6->sin6_family = AF_INET6;
2170 sin6->sin6_port = 0;
2171 sin6->sin6_flowinfo = 0;
2172 memcpy(&sin6->sin6_addr, t->id.daddr.a6,
2173 sizeof(struct in6_addr));
2174 sin6->sin6_scope_id = 0;
2175 break;
2176#endif
2177 default:
2178 break;
2179 }
2180 } 2071 }
2181 } 2072 }
2182 2073
@@ -2459,61 +2350,31 @@ out:
2459#ifdef CONFIG_NET_KEY_MIGRATE 2350#ifdef CONFIG_NET_KEY_MIGRATE
2460static int pfkey_sockaddr_pair_size(sa_family_t family) 2351static int pfkey_sockaddr_pair_size(sa_family_t family)
2461{ 2352{
2462 switch (family) { 2353 return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2);
2463 case AF_INET:
2464 return PFKEY_ALIGN8(sizeof(struct sockaddr_in) * 2);
2465#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2466 case AF_INET6:
2467 return PFKEY_ALIGN8(sizeof(struct sockaddr_in6) * 2);
2468#endif
2469 default:
2470 return 0;
2471 }
2472 /* NOTREACHED */
2473} 2354}
2474 2355
2475static int parse_sockaddr_pair(struct sadb_x_ipsecrequest *rq, 2356static int parse_sockaddr_pair(struct sadb_x_ipsecrequest *rq,
2476 xfrm_address_t *saddr, xfrm_address_t *daddr, 2357 xfrm_address_t *saddr, xfrm_address_t *daddr,
2477 u16 *family) 2358 u16 *family)
2478{ 2359{
2479 struct sockaddr *sa = (struct sockaddr *)(rq + 1); 2360 u8 *sa = (u8 *) (rq + 1);
2361 int af, socklen;
2362
2480 if (rq->sadb_x_ipsecrequest_len < 2363 if (rq->sadb_x_ipsecrequest_len <
2481 pfkey_sockaddr_pair_size(sa->sa_family)) 2364 pfkey_sockaddr_pair_size(((struct sockaddr *)sa)->sa_family))
2482 return -EINVAL; 2365 return -EINVAL;
2483 2366
2484 switch (sa->sa_family) { 2367 af = pfkey_sockaddr_extract((struct sockaddr *) sa,
2485 case AF_INET: 2368 saddr);
2486 { 2369 if (!af)
2487 struct sockaddr_in *sin; 2370 return -EINVAL;
2488 sin = (struct sockaddr_in *)sa; 2371
2489 if ((sin+1)->sin_family != AF_INET) 2372 socklen = pfkey_sockaddr_len(af);
2490 return -EINVAL; 2373 if (pfkey_sockaddr_extract((struct sockaddr *) (sa + socklen),
2491 memcpy(&saddr->a4, &sin->sin_addr, sizeof(saddr->a4)); 2374 daddr) != af)
2492 sin++;
2493 memcpy(&daddr->a4, &sin->sin_addr, sizeof(daddr->a4));
2494 *family = AF_INET;
2495 break;
2496 }
2497#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2498 case AF_INET6:
2499 {
2500 struct sockaddr_in6 *sin6;
2501 sin6 = (struct sockaddr_in6 *)sa;
2502 if ((sin6+1)->sin6_family != AF_INET6)
2503 return -EINVAL;
2504 memcpy(&saddr->a6, &sin6->sin6_addr,
2505 sizeof(saddr->a6));
2506 sin6++;
2507 memcpy(&daddr->a6, &sin6->sin6_addr,
2508 sizeof(daddr->a6));
2509 *family = AF_INET6;
2510 break;
2511 }
2512#endif
2513 default:
2514 return -EINVAL; 2375 return -EINVAL;
2515 }
2516 2376
2377 *family = af;
2517 return 0; 2378 return 0;
2518} 2379}
2519 2380
@@ -3030,6 +2891,9 @@ static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c)
3030 2891
3031static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) 2892static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c)
3032{ 2893{
2894 if (atomic_read(&pfkey_socks_nr) == 0)
2895 return 0;
2896
3033 switch (c->event) { 2897 switch (c->event) {
3034 case XFRM_MSG_EXPIRE: 2898 case XFRM_MSG_EXPIRE:
3035 return key_notify_sa_expire(x, c); 2899 return key_notify_sa_expire(x, c);
@@ -3091,10 +2955,6 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3091 struct sadb_msg *hdr; 2955 struct sadb_msg *hdr;
3092 struct sadb_address *addr; 2956 struct sadb_address *addr;
3093 struct sadb_x_policy *pol; 2957 struct sadb_x_policy *pol;
3094 struct sockaddr_in *sin;
3095#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3096 struct sockaddr_in6 *sin6;
3097#endif
3098 int sockaddr_size; 2958 int sockaddr_size;
3099 int size; 2959 int size;
3100 struct sadb_x_sec_ctx *sec_ctx; 2960 struct sadb_x_sec_ctx *sec_ctx;
@@ -3143,29 +3003,11 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3143 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3003 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3144 addr->sadb_address_proto = 0; 3004 addr->sadb_address_proto = 0;
3145 addr->sadb_address_reserved = 0; 3005 addr->sadb_address_reserved = 0;
3146 if (x->props.family == AF_INET) { 3006 addr->sadb_address_prefixlen =
3147 addr->sadb_address_prefixlen = 32; 3007 pfkey_sockaddr_fill(&x->props.saddr, 0,
3148 3008 (struct sockaddr *) (addr + 1),
3149 sin = (struct sockaddr_in *) (addr + 1); 3009 x->props.family);
3150 sin->sin_family = AF_INET; 3010 if (!addr->sadb_address_prefixlen)
3151 sin->sin_addr.s_addr = x->props.saddr.a4;
3152 sin->sin_port = 0;
3153 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3154 }
3155#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3156 else if (x->props.family == AF_INET6) {
3157 addr->sadb_address_prefixlen = 128;
3158
3159 sin6 = (struct sockaddr_in6 *) (addr + 1);
3160 sin6->sin6_family = AF_INET6;
3161 sin6->sin6_port = 0;
3162 sin6->sin6_flowinfo = 0;
3163 memcpy(&sin6->sin6_addr,
3164 x->props.saddr.a6, sizeof(struct in6_addr));
3165 sin6->sin6_scope_id = 0;
3166 }
3167#endif
3168 else
3169 BUG(); 3011 BUG();
3170 3012
3171 /* dst address */ 3013 /* dst address */
@@ -3177,29 +3019,11 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct
3177 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3019 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3178 addr->sadb_address_proto = 0; 3020 addr->sadb_address_proto = 0;
3179 addr->sadb_address_reserved = 0; 3021 addr->sadb_address_reserved = 0;
3180 if (x->props.family == AF_INET) { 3022 addr->sadb_address_prefixlen =
3181 addr->sadb_address_prefixlen = 32; 3023 pfkey_sockaddr_fill(&x->id.daddr, 0,
3182 3024 (struct sockaddr *) (addr + 1),
3183 sin = (struct sockaddr_in *) (addr + 1); 3025 x->props.family);
3184 sin->sin_family = AF_INET; 3026 if (!addr->sadb_address_prefixlen)
3185 sin->sin_addr.s_addr = x->id.daddr.a4;
3186 sin->sin_port = 0;
3187 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3188 }
3189#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3190 else if (x->props.family == AF_INET6) {
3191 addr->sadb_address_prefixlen = 128;
3192
3193 sin6 = (struct sockaddr_in6 *) (addr + 1);
3194 sin6->sin6_family = AF_INET6;
3195 sin6->sin6_port = 0;
3196 sin6->sin6_flowinfo = 0;
3197 memcpy(&sin6->sin6_addr,
3198 x->id.daddr.a6, sizeof(struct in6_addr));
3199 sin6->sin6_scope_id = 0;
3200 }
3201#endif
3202 else
3203 BUG(); 3027 BUG();
3204 3028
3205 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy)); 3029 pol = (struct sadb_x_policy *) skb_put(skb, sizeof(struct sadb_x_policy));
@@ -3325,10 +3149,6 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3325 struct sadb_sa *sa; 3149 struct sadb_sa *sa;
3326 struct sadb_address *addr; 3150 struct sadb_address *addr;
3327 struct sadb_x_nat_t_port *n_port; 3151 struct sadb_x_nat_t_port *n_port;
3328 struct sockaddr_in *sin;
3329#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3330 struct sockaddr_in6 *sin6;
3331#endif
3332 int sockaddr_size; 3152 int sockaddr_size;
3333 int size; 3153 int size;
3334 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0); 3154 __u8 satype = (x->id.proto == IPPROTO_ESP ? SADB_SATYPE_ESP : 0);
@@ -3392,29 +3212,11 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3392 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC; 3212 addr->sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
3393 addr->sadb_address_proto = 0; 3213 addr->sadb_address_proto = 0;
3394 addr->sadb_address_reserved = 0; 3214 addr->sadb_address_reserved = 0;
3395 if (x->props.family == AF_INET) { 3215 addr->sadb_address_prefixlen =
3396 addr->sadb_address_prefixlen = 32; 3216 pfkey_sockaddr_fill(&x->props.saddr, 0,
3397 3217 (struct sockaddr *) (addr + 1),
3398 sin = (struct sockaddr_in *) (addr + 1); 3218 x->props.family);
3399 sin->sin_family = AF_INET; 3219 if (!addr->sadb_address_prefixlen)
3400 sin->sin_addr.s_addr = x->props.saddr.a4;
3401 sin->sin_port = 0;
3402 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3403 }
3404#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3405 else if (x->props.family == AF_INET6) {
3406 addr->sadb_address_prefixlen = 128;
3407
3408 sin6 = (struct sockaddr_in6 *) (addr + 1);
3409 sin6->sin6_family = AF_INET6;
3410 sin6->sin6_port = 0;
3411 sin6->sin6_flowinfo = 0;
3412 memcpy(&sin6->sin6_addr,
3413 x->props.saddr.a6, sizeof(struct in6_addr));
3414 sin6->sin6_scope_id = 0;
3415 }
3416#endif
3417 else
3418 BUG(); 3220 BUG();
3419 3221
3420 /* NAT_T_SPORT (old port) */ 3222 /* NAT_T_SPORT (old port) */
@@ -3433,28 +3235,11 @@ static int pfkey_send_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
3433 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST; 3235 addr->sadb_address_exttype = SADB_EXT_ADDRESS_DST;
3434 addr->sadb_address_proto = 0; 3236 addr->sadb_address_proto = 0;
3435 addr->sadb_address_reserved = 0; 3237 addr->sadb_address_reserved = 0;
3436 if (x->props.family == AF_INET) { 3238 addr->sadb_address_prefixlen =
3437 addr->sadb_address_prefixlen = 32; 3239 pfkey_sockaddr_fill(ipaddr, 0,
3438 3240 (struct sockaddr *) (addr + 1),
3439 sin = (struct sockaddr_in *) (addr + 1); 3241 x->props.family);
3440 sin->sin_family = AF_INET; 3242 if (!addr->sadb_address_prefixlen)
3441 sin->sin_addr.s_addr = ipaddr->a4;
3442 sin->sin_port = 0;
3443 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3444 }
3445#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3446 else if (x->props.family == AF_INET6) {
3447 addr->sadb_address_prefixlen = 128;
3448
3449 sin6 = (struct sockaddr_in6 *) (addr + 1);
3450 sin6->sin6_family = AF_INET6;
3451 sin6->sin6_port = 0;
3452 sin6->sin6_flowinfo = 0;
3453 memcpy(&sin6->sin6_addr, &ipaddr->a6, sizeof(struct in6_addr));
3454 sin6->sin6_scope_id = 0;
3455 }
3456#endif
3457 else
3458 BUG(); 3243 BUG();
3459 3244
3460 /* NAT_T_DPORT (new port) */ 3245 /* NAT_T_DPORT (new port) */
@@ -3472,10 +3257,6 @@ static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3472 struct xfrm_selector *sel) 3257 struct xfrm_selector *sel)
3473{ 3258{
3474 struct sadb_address *addr; 3259 struct sadb_address *addr;
3475 struct sockaddr_in *sin;
3476#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3477 struct sockaddr_in6 *sin6;
3478#endif
3479 addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize); 3260 addr = (struct sadb_address *)skb_put(skb, sizeof(struct sadb_address) + sasize);
3480 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8; 3261 addr->sadb_address_len = (sizeof(struct sadb_address) + sasize)/8;
3481 addr->sadb_address_exttype = type; 3262 addr->sadb_address_exttype = type;
@@ -3484,50 +3265,16 @@ static int set_sadb_address(struct sk_buff *skb, int sasize, int type,
3484 3265
3485 switch (type) { 3266 switch (type) {
3486 case SADB_EXT_ADDRESS_SRC: 3267 case SADB_EXT_ADDRESS_SRC:
3487 if (sel->family == AF_INET) { 3268 addr->sadb_address_prefixlen = sel->prefixlen_s;
3488 addr->sadb_address_prefixlen = sel->prefixlen_s; 3269 pfkey_sockaddr_fill(&sel->saddr, 0,
3489 sin = (struct sockaddr_in *)(addr + 1); 3270 (struct sockaddr *)(addr + 1),
3490 sin->sin_family = AF_INET; 3271 sel->family);
3491 memcpy(&sin->sin_addr.s_addr, &sel->saddr,
3492 sizeof(sin->sin_addr.s_addr));
3493 sin->sin_port = 0;
3494 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3495 }
3496#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3497 else if (sel->family == AF_INET6) {
3498 addr->sadb_address_prefixlen = sel->prefixlen_s;
3499 sin6 = (struct sockaddr_in6 *)(addr + 1);
3500 sin6->sin6_family = AF_INET6;
3501 sin6->sin6_port = 0;
3502 sin6->sin6_flowinfo = 0;
3503 sin6->sin6_scope_id = 0;
3504 memcpy(&sin6->sin6_addr.s6_addr, &sel->saddr,
3505 sizeof(sin6->sin6_addr.s6_addr));
3506 }
3507#endif
3508 break; 3272 break;
3509 case SADB_EXT_ADDRESS_DST: 3273 case SADB_EXT_ADDRESS_DST:
3510 if (sel->family == AF_INET) { 3274 addr->sadb_address_prefixlen = sel->prefixlen_d;
3511 addr->sadb_address_prefixlen = sel->prefixlen_d; 3275 pfkey_sockaddr_fill(&sel->daddr, 0,
3512 sin = (struct sockaddr_in *)(addr + 1); 3276 (struct sockaddr *)(addr + 1),
3513 sin->sin_family = AF_INET; 3277 sel->family);
3514 memcpy(&sin->sin_addr.s_addr, &sel->daddr,
3515 sizeof(sin->sin_addr.s_addr));
3516 sin->sin_port = 0;
3517 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
3518 }
3519#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3520 else if (sel->family == AF_INET6) {
3521 addr->sadb_address_prefixlen = sel->prefixlen_d;
3522 sin6 = (struct sockaddr_in6 *)(addr + 1);
3523 sin6->sin6_family = AF_INET6;
3524 sin6->sin6_port = 0;
3525 sin6->sin6_flowinfo = 0;
3526 sin6->sin6_scope_id = 0;
3527 memcpy(&sin6->sin6_addr.s6_addr, &sel->daddr,
3528 sizeof(sin6->sin6_addr.s6_addr));
3529 }
3530#endif
3531 break; 3278 break;
3532 default: 3279 default:
3533 return -EINVAL; 3280 return -EINVAL;
@@ -3542,10 +3289,8 @@ static int set_ipsecrequest(struct sk_buff *skb,
3542 xfrm_address_t *src, xfrm_address_t *dst) 3289 xfrm_address_t *src, xfrm_address_t *dst)
3543{ 3290{
3544 struct sadb_x_ipsecrequest *rq; 3291 struct sadb_x_ipsecrequest *rq;
3545 struct sockaddr_in *sin; 3292 u8 *sa;
3546#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3293 int socklen = pfkey_sockaddr_len(family);
3547 struct sockaddr_in6 *sin6;
3548#endif
3549 int size_req; 3294 int size_req;
3550 3295
3551 size_req = sizeof(struct sadb_x_ipsecrequest) + 3296 size_req = sizeof(struct sadb_x_ipsecrequest) +
@@ -3559,38 +3304,10 @@ static int set_ipsecrequest(struct sk_buff *skb,
3559 rq->sadb_x_ipsecrequest_level = level; 3304 rq->sadb_x_ipsecrequest_level = level;
3560 rq->sadb_x_ipsecrequest_reqid = reqid; 3305 rq->sadb_x_ipsecrequest_reqid = reqid;
3561 3306
3562 switch (family) { 3307 sa = (u8 *) (rq + 1);
3563 case AF_INET: 3308 if (!pfkey_sockaddr_fill(src, 0, (struct sockaddr *)sa, family) ||
3564 sin = (struct sockaddr_in *)(rq + 1); 3309 !pfkey_sockaddr_fill(dst, 0, (struct sockaddr *)(sa + socklen), family))
3565 sin->sin_family = AF_INET;
3566 memcpy(&sin->sin_addr.s_addr, src,
3567 sizeof(sin->sin_addr.s_addr));
3568 sin++;
3569 sin->sin_family = AF_INET;
3570 memcpy(&sin->sin_addr.s_addr, dst,
3571 sizeof(sin->sin_addr.s_addr));
3572 break;
3573#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3574 case AF_INET6:
3575 sin6 = (struct sockaddr_in6 *)(rq + 1);
3576 sin6->sin6_family = AF_INET6;
3577 sin6->sin6_port = 0;
3578 sin6->sin6_flowinfo = 0;
3579 sin6->sin6_scope_id = 0;
3580 memcpy(&sin6->sin6_addr.s6_addr, src,
3581 sizeof(sin6->sin6_addr.s6_addr));
3582 sin6++;
3583 sin6->sin6_family = AF_INET6;
3584 sin6->sin6_port = 0;
3585 sin6->sin6_flowinfo = 0;
3586 sin6->sin6_scope_id = 0;
3587 memcpy(&sin6->sin6_addr.s6_addr, dst,
3588 sizeof(sin6->sin6_addr.s6_addr));
3589 break;
3590#endif
3591 default:
3592 return -EINVAL; 3310 return -EINVAL;
3593 }
3594 3311
3595 return 0; 3312 return 0;
3596} 3313}
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 97101dcde4c0..5bcc452a247f 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -128,10 +128,8 @@ static int llc_ui_send_data(struct sock* sk, struct sk_buff *skb, int noblock)
128 128
129static void llc_ui_sk_init(struct socket *sock, struct sock *sk) 129static void llc_ui_sk_init(struct socket *sock, struct sock *sk)
130{ 130{
131 sock_graft(sk, sock);
131 sk->sk_type = sock->type; 132 sk->sk_type = sock->type;
132 sk->sk_sleep = &sock->wait;
133 sk->sk_socket = sock;
134 sock->sk = sk;
135 sock->ops = &llc_ui_ops; 133 sock->ops = &llc_ui_ops;
136} 134}
137 135
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 1c45f172991e..57ad974e4d94 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -150,7 +150,7 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
150 int (*rcv)(struct sk_buff *, struct net_device *, 150 int (*rcv)(struct sk_buff *, struct net_device *,
151 struct packet_type *, struct net_device *); 151 struct packet_type *, struct net_device *);
152 152
153 if (dev_net(dev) != &init_net) 153 if (!net_eq(dev_net(dev), &init_net))
154 goto drop; 154 goto drop;
155 155
156 /* 156 /*
diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
index e2ddde755019..008de1fc42ca 100644
--- a/net/llc/llc_sap.c
+++ b/net/llc/llc_sap.c
@@ -286,12 +286,14 @@ void llc_build_and_send_xid_pkt(struct llc_sap *sap, struct sk_buff *skb,
286 * 286 *
287 * Sends received pdus to the sap state machine. 287 * Sends received pdus to the sap state machine.
288 */ 288 */
289static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb) 289static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
290 struct sock *sk)
290{ 291{
291 struct llc_sap_state_ev *ev = llc_sap_ev(skb); 292 struct llc_sap_state_ev *ev = llc_sap_ev(skb);
292 293
293 ev->type = LLC_SAP_EV_TYPE_PDU; 294 ev->type = LLC_SAP_EV_TYPE_PDU;
294 ev->reason = 0; 295 ev->reason = 0;
296 skb->sk = sk;
295 llc_sap_state_process(sap, skb); 297 llc_sap_state_process(sap, skb);
296} 298}
297 299
@@ -360,8 +362,7 @@ static void llc_sap_mcast(struct llc_sap *sap,
360 break; 362 break;
361 363
362 sock_hold(sk); 364 sock_hold(sk);
363 skb_set_owner_r(skb1, sk); 365 llc_sap_rcv(sap, skb1, sk);
364 llc_sap_rcv(sap, skb1);
365 sock_put(sk); 366 sock_put(sk);
366 } 367 }
367 read_unlock_bh(&sap->sk_list.lock); 368 read_unlock_bh(&sap->sk_list.lock);
@@ -381,8 +382,7 @@ void llc_sap_handler(struct llc_sap *sap, struct sk_buff *skb)
381 } else { 382 } else {
382 struct sock *sk = llc_lookup_dgram(sap, &laddr); 383 struct sock *sk = llc_lookup_dgram(sap, &laddr);
383 if (sk) { 384 if (sk) {
384 skb_set_owner_r(skb, sk); 385 llc_sap_rcv(sap, skb, sk);
385 llc_sap_rcv(sap, skb);
386 sock_put(sk); 386 sock_put(sk);
387 } else 387 } else
388 kfree_skb(skb); 388 kfree_skb(skb);
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index a24b459dd45a..80d693392b0f 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -7,7 +7,6 @@ config MAC80211
7 select CRC32 7 select CRC32
8 select WIRELESS_EXT 8 select WIRELESS_EXT
9 select CFG80211 9 select CFG80211
10 select NET_SCH_FIFO
11 ---help--- 10 ---help---
12 This option enables the hardware independent IEEE 802.11 11 This option enables the hardware independent IEEE 802.11
13 networking stack. 12 networking stack.
@@ -15,6 +14,14 @@ config MAC80211
15menu "Rate control algorithm selection" 14menu "Rate control algorithm selection"
16 depends on MAC80211 != n 15 depends on MAC80211 != n
17 16
17config MAC80211_RC_PID
18 bool "PID controller based rate control algorithm" if EMBEDDED
19 default y
20 ---help---
21 This option enables a TX rate control algorithm for
22 mac80211 that uses a PID controller to select the TX
23 rate.
24
18choice 25choice
19 prompt "Default rate control algorithm" 26 prompt "Default rate control algorithm"
20 default MAC80211_RC_DEFAULT_PID 27 default MAC80211_RC_DEFAULT_PID
@@ -26,40 +33,19 @@ choice
26 33
27config MAC80211_RC_DEFAULT_PID 34config MAC80211_RC_DEFAULT_PID
28 bool "PID controller based rate control algorithm" 35 bool "PID controller based rate control algorithm"
29 select MAC80211_RC_PID 36 depends on MAC80211_RC_PID
30 ---help--- 37 ---help---
31 Select the PID controller based rate control as the 38 Select the PID controller based rate control as the
32 default rate control algorithm. You should choose 39 default rate control algorithm. You should choose
33 this unless you know what you are doing. 40 this unless you know what you are doing.
34 41
35config MAC80211_RC_DEFAULT_NONE
36 bool "No default algorithm"
37 depends on EMBEDDED
38 help
39 Selecting this option will select no default algorithm
40 and allow you to not build any. Do not choose this
41 option unless you know your driver comes with another
42 suitable algorithm.
43endchoice 42endchoice
44 43
45comment "Selecting 'y' for an algorithm will"
46comment "build the algorithm into mac80211."
47
48config MAC80211_RC_DEFAULT 44config MAC80211_RC_DEFAULT
49 string 45 string
50 default "pid" if MAC80211_RC_DEFAULT_PID 46 default "pid" if MAC80211_RC_DEFAULT_PID
51 default "" 47 default ""
52 48
53config MAC80211_RC_PID
54 tristate "PID controller based rate control algorithm"
55 ---help---
56 This option enables a TX rate control algorithm for
57 mac80211 that uses a PID controller to select the TX
58 rate.
59
60 Say Y or M unless you're sure you want to use a
61 different rate control algorithm.
62
63endmenu 49endmenu
64 50
65config MAC80211_MESH 51config MAC80211_MESH
@@ -89,10 +75,16 @@ config MAC80211_DEBUGFS
89 75
90 Say N unless you know you need this. 76 Say N unless you know you need this.
91 77
78menuconfig MAC80211_DEBUG_MENU
79 bool "Select mac80211 debugging features"
80 depends on MAC80211
81 ---help---
82 This option collects various mac80211 debug settings.
83
92config MAC80211_DEBUG_PACKET_ALIGNMENT 84config MAC80211_DEBUG_PACKET_ALIGNMENT
93 bool "Enable packet alignment debugging" 85 bool "Enable packet alignment debugging"
94 depends on MAC80211 86 depends on MAC80211_DEBUG_MENU
95 help 87 ---help---
96 This option is recommended for driver authors and strongly 88 This option is recommended for driver authors and strongly
97 discouraged for everybody else, it will trigger a warning 89 discouraged for everybody else, it will trigger a warning
98 when a driver hands mac80211 a buffer that is aligned in 90 when a driver hands mac80211 a buffer that is aligned in
@@ -101,33 +93,95 @@ config MAC80211_DEBUG_PACKET_ALIGNMENT
101 93
102 Say N unless you're writing a mac80211 based driver. 94 Say N unless you're writing a mac80211 based driver.
103 95
104config MAC80211_DEBUG 96config MAC80211_NOINLINE
105 bool "Enable debugging output" 97 bool "Do not inline TX/RX handlers"
106 depends on MAC80211 98 depends on MAC80211_DEBUG_MENU
107 ---help--- 99 ---help---
108 This option will enable debug tracing output for the 100 This option affects code generation in mac80211, when
109 ieee80211 network stack. 101 selected some functions are marked "noinline" to allow
102 easier debugging of problems in the transmit and receive
103 paths.
104
105 This option increases code size a bit and inserts a lot
106 of function calls in the code, but is otherwise safe to
107 enable.
110 108
111 If you are not trying to debug or develop the ieee80211 109 If unsure, say N unless you expect to be finding problems
112 subsystem, you most likely want to say N here. 110 in mac80211.
111
112config MAC80211_VERBOSE_DEBUG
113 bool "Verbose debugging output"
114 depends on MAC80211_DEBUG_MENU
115 ---help---
116 Selecting this option causes mac80211 to print out
117 many debugging messages. It should not be selected
118 on production systems as some of the messages are
119 remotely triggerable.
120
121 Do not select this option.
113 122
114config MAC80211_HT_DEBUG 123config MAC80211_HT_DEBUG
115 bool "Enable HT debugging output" 124 bool "Verbose HT debugging"
116 depends on MAC80211_DEBUG 125 depends on MAC80211_DEBUG_MENU
117 ---help--- 126 ---help---
118 This option enables 802.11n High Throughput features 127 This option enables 802.11n High Throughput features
119 debug tracing output. 128 debug tracing output.
120 129
121 If you are not trying to debug of develop the ieee80211 130 It should not be selected on production systems as some
122 subsystem, you most likely want to say N here. 131 of the messages are remotely triggerable.
123 132
124config MAC80211_VERBOSE_DEBUG 133 Do not select this option.
125 bool "Verbose debugging output" 134
126 depends on MAC80211_DEBUG 135config MAC80211_TKIP_DEBUG
136 bool "Verbose TKIP debugging"
137 depends on MAC80211_DEBUG_MENU
138 ---help---
139 Selecting this option causes mac80211 to print out
140 very verbose TKIP debugging messages. It should not
141 be selected on production systems as those messages
142 are remotely triggerable.
143
144 Do not select this option.
145
146config MAC80211_IBSS_DEBUG
147 bool "Verbose IBSS debugging"
148 depends on MAC80211_DEBUG_MENU
149 ---help---
150 Selecting this option causes mac80211 to print out
151 very verbose IBSS debugging messages. It should not
152 be selected on production systems as those messages
153 are remotely triggerable.
154
155 Do not select this option.
156
157config MAC80211_VERBOSE_PS_DEBUG
158 bool "Verbose powersave mode debugging"
159 depends on MAC80211_DEBUG_MENU
160 ---help---
161 Selecting this option causes mac80211 to print out very
162 verbose power save mode debugging messages (when mac80211
163 is an AP and has power saving stations.)
164 It should not be selected on production systems as those
165 messages are remotely triggerable.
166
167 Do not select this option.
168
169config MAC80211_VERBOSE_MPL_DEBUG
170 bool "Verbose mesh peer link debugging"
171 depends on MAC80211_DEBUG_MENU
172 depends on MAC80211_MESH
173 ---help---
174 Selecting this option causes mac80211 to print out very
175 verbose mesh peer link debugging messages (when mac80211
176 is taking part in a mesh network).
177 It should not be selected on production systems as those
178 messages are remotely triggerable.
179
180 Do not select this option.
127 181
128config MAC80211_LOWTX_FRAME_DUMP 182config MAC80211_LOWTX_FRAME_DUMP
129 bool "Debug frame dumping" 183 bool "Debug frame dumping"
130 depends on MAC80211_DEBUG 184 depends on MAC80211_DEBUG_MENU
131 ---help--- 185 ---help---
132 Selecting this option will cause the stack to 186 Selecting this option will cause the stack to
133 print a message for each frame that is handed 187 print a message for each frame that is handed
@@ -138,30 +192,20 @@ config MAC80211_LOWTX_FRAME_DUMP
138 If unsure, say N and insert the debugging code 192 If unsure, say N and insert the debugging code
139 you require into the driver you are debugging. 193 you require into the driver you are debugging.
140 194
141config TKIP_DEBUG
142 bool "TKIP debugging"
143 depends on MAC80211_DEBUG
144
145config MAC80211_DEBUG_COUNTERS 195config MAC80211_DEBUG_COUNTERS
146 bool "Extra statistics for TX/RX debugging" 196 bool "Extra statistics for TX/RX debugging"
147 depends on MAC80211_DEBUG 197 depends on MAC80211_DEBUG_MENU
148 198 depends on MAC80211_DEBUGFS
149config MAC80211_IBSS_DEBUG
150 bool "Support for IBSS testing"
151 depends on MAC80211_DEBUG
152 ---help--- 199 ---help---
153 Say Y here if you intend to debug the IBSS code. 200 Selecting this option causes mac80211 to keep additional
201 and very verbose statistics about TX and RX handler use
202 and show them in debugfs.
154 203
155config MAC80211_VERBOSE_PS_DEBUG 204 If unsure, say N.
156 bool "Verbose powersave mode debugging"
157 depends on MAC80211_DEBUG
158 ---help---
159 Say Y here to print out verbose powersave
160 mode debug messages.
161 205
162config MAC80211_VERBOSE_MPL_DEBUG 206config MAC80211_VERBOSE_SPECT_MGMT_DEBUG
163 bool "Verbose mesh peer link debugging" 207 bool "Verbose Spectrum Management (IEEE 802.11h)debugging"
164 depends on MAC80211_DEBUG && MAC80211_MESH 208 depends on MAC80211_DEBUG_MENU
165 ---help--- 209 ---help---
166 Say Y here to print out verbose mesh peer link 210 Say Y here to print out verbose Spectrum Management (IEEE 802.11h)
167 debug messages. 211 debug messages.
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index 4e5847fd316c..a169b0201d61 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -1,13 +1,5 @@
1obj-$(CONFIG_MAC80211) += mac80211.o 1obj-$(CONFIG_MAC80211) += mac80211.o
2 2
3# objects for PID algorithm
4rc80211_pid-y := rc80211_pid_algo.o
5rc80211_pid-$(CONFIG_MAC80211_DEBUGFS) += rc80211_pid_debugfs.o
6
7# build helper for PID algorithm
8rc-pid-y := $(rc80211_pid-y)
9rc-pid-m := rc80211_pid.o
10
11# mac80211 objects 3# mac80211 objects
12mac80211-y := \ 4mac80211-y := \
13 main.o \ 5 main.o \
@@ -26,10 +18,10 @@ mac80211-y := \
26 tx.o \ 18 tx.o \
27 key.o \ 19 key.o \
28 util.o \ 20 util.o \
21 wme.o \
29 event.o 22 event.o
30 23
31mac80211-$(CONFIG_MAC80211_LEDS) += led.o 24mac80211-$(CONFIG_MAC80211_LEDS) += led.o
32mac80211-$(CONFIG_NET_SCHED) += wme.o
33mac80211-$(CONFIG_MAC80211_DEBUGFS) += \ 25mac80211-$(CONFIG_MAC80211_DEBUGFS) += \
34 debugfs.o \ 26 debugfs.o \
35 debugfs_sta.o \ 27 debugfs_sta.o \
@@ -42,10 +34,8 @@ mac80211-$(CONFIG_MAC80211_MESH) += \
42 mesh_plink.o \ 34 mesh_plink.o \
43 mesh_hwmp.o 35 mesh_hwmp.o
44 36
37# objects for PID algorithm
38rc80211_pid-y := rc80211_pid_algo.o
39rc80211_pid-$(CONFIG_MAC80211_DEBUGFS) += rc80211_pid_debugfs.o
45 40
46# Build rate control algorithm(s) 41mac80211-$(CONFIG_MAC80211_RC_PID) += $(rc80211_pid-y)
47CFLAGS_rc80211_pid_algo.o += -DRC80211_PID_COMPILE
48mac80211-$(CONFIG_MAC80211_RC_PID) += $(rc-pid-$(CONFIG_MAC80211_RC_PID))
49
50# Modular rate algorithms are assigned to mac80211-m - make separate modules
51obj-m += $(mac80211-m)
diff --git a/net/mac80211/aes_ccm.c b/net/mac80211/aes_ccm.c
index 59f1691f62c8..a87cb3ba2df6 100644
--- a/net/mac80211/aes_ccm.c
+++ b/net/mac80211/aes_ccm.c
@@ -16,31 +16,28 @@
16#include "key.h" 16#include "key.h"
17#include "aes_ccm.h" 17#include "aes_ccm.h"
18 18
19 19static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *scratch, u8 *a)
20static void ieee80211_aes_encrypt(struct crypto_cipher *tfm,
21 const u8 pt[16], u8 ct[16])
22{
23 crypto_cipher_encrypt_one(tfm, ct, pt);
24}
25
26
27static inline void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
28 u8 *b, u8 *s_0, u8 *a)
29{ 20{
30 int i; 21 int i;
22 u8 *b_0, *aad, *b, *s_0;
31 23
32 ieee80211_aes_encrypt(tfm, b_0, b); 24 b_0 = scratch + 3 * AES_BLOCK_LEN;
25 aad = scratch + 4 * AES_BLOCK_LEN;
26 b = scratch;
27 s_0 = scratch + AES_BLOCK_LEN;
28
29 crypto_cipher_encrypt_one(tfm, b, b_0);
33 30
34 /* Extra Authenticate-only data (always two AES blocks) */ 31 /* Extra Authenticate-only data (always two AES blocks) */
35 for (i = 0; i < AES_BLOCK_LEN; i++) 32 for (i = 0; i < AES_BLOCK_LEN; i++)
36 aad[i] ^= b[i]; 33 aad[i] ^= b[i];
37 ieee80211_aes_encrypt(tfm, aad, b); 34 crypto_cipher_encrypt_one(tfm, b, aad);
38 35
39 aad += AES_BLOCK_LEN; 36 aad += AES_BLOCK_LEN;
40 37
41 for (i = 0; i < AES_BLOCK_LEN; i++) 38 for (i = 0; i < AES_BLOCK_LEN; i++)
42 aad[i] ^= b[i]; 39 aad[i] ^= b[i];
43 ieee80211_aes_encrypt(tfm, aad, a); 40 crypto_cipher_encrypt_one(tfm, a, aad);
44 41
45 /* Mask out bits from auth-only-b_0 */ 42 /* Mask out bits from auth-only-b_0 */
46 b_0[0] &= 0x07; 43 b_0[0] &= 0x07;
@@ -48,24 +45,26 @@ static inline void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *b_0, u8 *aad,
48 /* S_0 is used to encrypt T (= MIC) */ 45 /* S_0 is used to encrypt T (= MIC) */
49 b_0[14] = 0; 46 b_0[14] = 0;
50 b_0[15] = 0; 47 b_0[15] = 0;
51 ieee80211_aes_encrypt(tfm, b_0, s_0); 48 crypto_cipher_encrypt_one(tfm, s_0, b_0);
52} 49}
53 50
54 51
55void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, 52void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
56 u8 *b_0, u8 *aad, u8 *data, size_t data_len, 53 u8 *data, size_t data_len,
57 u8 *cdata, u8 *mic) 54 u8 *cdata, u8 *mic)
58{ 55{
59 int i, j, last_len, num_blocks; 56 int i, j, last_len, num_blocks;
60 u8 *pos, *cpos, *b, *s_0, *e; 57 u8 *pos, *cpos, *b, *s_0, *e, *b_0, *aad;
61 58
62 b = scratch; 59 b = scratch;
63 s_0 = scratch + AES_BLOCK_LEN; 60 s_0 = scratch + AES_BLOCK_LEN;
64 e = scratch + 2 * AES_BLOCK_LEN; 61 e = scratch + 2 * AES_BLOCK_LEN;
62 b_0 = scratch + 3 * AES_BLOCK_LEN;
63 aad = scratch + 4 * AES_BLOCK_LEN;
65 64
66 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); 65 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
67 last_len = data_len % AES_BLOCK_LEN; 66 last_len = data_len % AES_BLOCK_LEN;
68 aes_ccm_prepare(tfm, b_0, aad, b, s_0, b); 67 aes_ccm_prepare(tfm, scratch, b);
69 68
70 /* Process payload blocks */ 69 /* Process payload blocks */
71 pos = data; 70 pos = data;
@@ -77,11 +76,11 @@ void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
77 /* Authentication followed by encryption */ 76 /* Authentication followed by encryption */
78 for (i = 0; i < blen; i++) 77 for (i = 0; i < blen; i++)
79 b[i] ^= pos[i]; 78 b[i] ^= pos[i];
80 ieee80211_aes_encrypt(tfm, b, b); 79 crypto_cipher_encrypt_one(tfm, b, b);
81 80
82 b_0[14] = (j >> 8) & 0xff; 81 b_0[14] = (j >> 8) & 0xff;
83 b_0[15] = j & 0xff; 82 b_0[15] = j & 0xff;
84 ieee80211_aes_encrypt(tfm, b_0, e); 83 crypto_cipher_encrypt_one(tfm, e, b_0);
85 for (i = 0; i < blen; i++) 84 for (i = 0; i < blen; i++)
86 *cpos++ = *pos++ ^ e[i]; 85 *cpos++ = *pos++ ^ e[i];
87 } 86 }
@@ -92,19 +91,20 @@ void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
92 91
93 92
94int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch, 93int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
95 u8 *b_0, u8 *aad, u8 *cdata, size_t data_len, 94 u8 *cdata, size_t data_len, u8 *mic, u8 *data)
96 u8 *mic, u8 *data)
97{ 95{
98 int i, j, last_len, num_blocks; 96 int i, j, last_len, num_blocks;
99 u8 *pos, *cpos, *b, *s_0, *a; 97 u8 *pos, *cpos, *b, *s_0, *a, *b_0, *aad;
100 98
101 b = scratch; 99 b = scratch;
102 s_0 = scratch + AES_BLOCK_LEN; 100 s_0 = scratch + AES_BLOCK_LEN;
103 a = scratch + 2 * AES_BLOCK_LEN; 101 a = scratch + 2 * AES_BLOCK_LEN;
102 b_0 = scratch + 3 * AES_BLOCK_LEN;
103 aad = scratch + 4 * AES_BLOCK_LEN;
104 104
105 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); 105 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
106 last_len = data_len % AES_BLOCK_LEN; 106 last_len = data_len % AES_BLOCK_LEN;
107 aes_ccm_prepare(tfm, b_0, aad, b, s_0, a); 107 aes_ccm_prepare(tfm, scratch, a);
108 108
109 /* Process payload blocks */ 109 /* Process payload blocks */
110 cpos = cdata; 110 cpos = cdata;
@@ -116,13 +116,12 @@ int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
116 /* Decryption followed by authentication */ 116 /* Decryption followed by authentication */
117 b_0[14] = (j >> 8) & 0xff; 117 b_0[14] = (j >> 8) & 0xff;
118 b_0[15] = j & 0xff; 118 b_0[15] = j & 0xff;
119 ieee80211_aes_encrypt(tfm, b_0, b); 119 crypto_cipher_encrypt_one(tfm, b, b_0);
120 for (i = 0; i < blen; i++) { 120 for (i = 0; i < blen; i++) {
121 *pos = *cpos++ ^ b[i]; 121 *pos = *cpos++ ^ b[i];
122 a[i] ^= *pos++; 122 a[i] ^= *pos++;
123 } 123 }
124 124 crypto_cipher_encrypt_one(tfm, a, a);
125 ieee80211_aes_encrypt(tfm, a, a);
126 } 125 }
127 126
128 for (i = 0; i < CCMP_MIC_LEN; i++) { 127 for (i = 0; i < CCMP_MIC_LEN; i++) {
@@ -134,7 +133,7 @@ int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
134} 133}
135 134
136 135
137struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[]) 136struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[])
138{ 137{
139 struct crypto_cipher *tfm; 138 struct crypto_cipher *tfm;
140 139
diff --git a/net/mac80211/aes_ccm.h b/net/mac80211/aes_ccm.h
index 885f19030b29..6e7820ef3448 100644
--- a/net/mac80211/aes_ccm.h
+++ b/net/mac80211/aes_ccm.h
@@ -14,12 +14,12 @@
14 14
15#define AES_BLOCK_LEN 16 15#define AES_BLOCK_LEN 16
16 16
17struct crypto_cipher * ieee80211_aes_key_setup_encrypt(const u8 key[]); 17struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[]);
18void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, 18void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
19 u8 *b_0, u8 *aad, u8 *data, size_t data_len, 19 u8 *data, size_t data_len,
20 u8 *cdata, u8 *mic); 20 u8 *cdata, u8 *mic);
21int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch, 21int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
22 u8 *b_0, u8 *aad, u8 *cdata, size_t data_len, 22 u8 *cdata, size_t data_len,
23 u8 *mic, u8 *data); 23 u8 *mic, u8 *data);
24void ieee80211_aes_key_free(struct crypto_cipher *tfm); 24void ieee80211_aes_key_free(struct crypto_cipher *tfm);
25 25
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 699d97b8de5e..297c257864c7 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -50,14 +50,11 @@ static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
50 struct ieee80211_sub_if_data *sdata; 50 struct ieee80211_sub_if_data *sdata;
51 int err; 51 int err;
52 52
53 if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
54 return -ENODEV;
55
56 itype = nl80211_type_to_mac80211_type(type); 53 itype = nl80211_type_to_mac80211_type(type);
57 if (itype == IEEE80211_IF_TYPE_INVALID) 54 if (itype == IEEE80211_IF_TYPE_INVALID)
58 return -EINVAL; 55 return -EINVAL;
59 56
60 err = ieee80211_if_add(local->mdev, name, &dev, itype, params); 57 err = ieee80211_if_add(local, name, &dev, itype, params);
61 if (err || itype != IEEE80211_IF_TYPE_MNTR || !flags) 58 if (err || itype != IEEE80211_IF_TYPE_MNTR || !flags)
62 return err; 59 return err;
63 60
@@ -68,21 +65,16 @@ static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
68 65
69static int ieee80211_del_iface(struct wiphy *wiphy, int ifindex) 66static int ieee80211_del_iface(struct wiphy *wiphy, int ifindex)
70{ 67{
71 struct ieee80211_local *local = wiphy_priv(wiphy);
72 struct net_device *dev; 68 struct net_device *dev;
73 char *name;
74
75 if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
76 return -ENODEV;
77 69
78 /* we're under RTNL */ 70 /* we're under RTNL */
79 dev = __dev_get_by_index(&init_net, ifindex); 71 dev = __dev_get_by_index(&init_net, ifindex);
80 if (!dev) 72 if (!dev)
81 return 0; 73 return -ENODEV;
82 74
83 name = dev->name; 75 ieee80211_if_remove(dev);
84 76
85 return ieee80211_if_remove(local->mdev, name, -1); 77 return 0;
86} 78}
87 79
88static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex, 80static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex,
@@ -93,29 +85,25 @@ static int ieee80211_change_iface(struct wiphy *wiphy, int ifindex,
93 struct net_device *dev; 85 struct net_device *dev;
94 enum ieee80211_if_types itype; 86 enum ieee80211_if_types itype;
95 struct ieee80211_sub_if_data *sdata; 87 struct ieee80211_sub_if_data *sdata;
96 88 int ret;
97 if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED))
98 return -ENODEV;
99 89
100 /* we're under RTNL */ 90 /* we're under RTNL */
101 dev = __dev_get_by_index(&init_net, ifindex); 91 dev = __dev_get_by_index(&init_net, ifindex);
102 if (!dev) 92 if (!dev)
103 return -ENODEV; 93 return -ENODEV;
104 94
105 if (netif_running(dev))
106 return -EBUSY;
107
108 itype = nl80211_type_to_mac80211_type(type); 95 itype = nl80211_type_to_mac80211_type(type);
109 if (itype == IEEE80211_IF_TYPE_INVALID) 96 if (itype == IEEE80211_IF_TYPE_INVALID)
110 return -EINVAL; 97 return -EINVAL;
111 98
112 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 99 if (dev == local->mdev)
113
114 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN)
115 return -EOPNOTSUPP; 100 return -EOPNOTSUPP;
116 101
117 ieee80211_if_reinit(dev); 102 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
118 ieee80211_if_set_type(dev, itype); 103
104 ret = ieee80211_if_change_type(sdata, itype);
105 if (ret)
106 return ret;
119 107
120 if (ieee80211_vif_is_mesh(&sdata->vif) && params->mesh_id_len) 108 if (ieee80211_vif_is_mesh(&sdata->vif) && params->mesh_id_len)
121 ieee80211_if_sta_set_mesh_id(&sdata->u.sta, 109 ieee80211_if_sta_set_mesh_id(&sdata->u.sta,
@@ -133,12 +121,16 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
133 u8 key_idx, u8 *mac_addr, 121 u8 key_idx, u8 *mac_addr,
134 struct key_params *params) 122 struct key_params *params)
135{ 123{
124 struct ieee80211_local *local = wiphy_priv(wiphy);
136 struct ieee80211_sub_if_data *sdata; 125 struct ieee80211_sub_if_data *sdata;
137 struct sta_info *sta = NULL; 126 struct sta_info *sta = NULL;
138 enum ieee80211_key_alg alg; 127 enum ieee80211_key_alg alg;
139 struct ieee80211_key *key; 128 struct ieee80211_key *key;
140 int err; 129 int err;
141 130
131 if (dev == local->mdev)
132 return -EOPNOTSUPP;
133
142 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 134 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
143 135
144 switch (params->cipher) { 136 switch (params->cipher) {
@@ -183,10 +175,14 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
183static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, 175static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
184 u8 key_idx, u8 *mac_addr) 176 u8 key_idx, u8 *mac_addr)
185{ 177{
178 struct ieee80211_local *local = wiphy_priv(wiphy);
186 struct ieee80211_sub_if_data *sdata; 179 struct ieee80211_sub_if_data *sdata;
187 struct sta_info *sta; 180 struct sta_info *sta;
188 int ret; 181 int ret;
189 182
183 if (dev == local->mdev)
184 return -EOPNOTSUPP;
185
190 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 186 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
191 187
192 rcu_read_lock(); 188 rcu_read_lock();
@@ -227,7 +223,8 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
227 void (*callback)(void *cookie, 223 void (*callback)(void *cookie,
228 struct key_params *params)) 224 struct key_params *params))
229{ 225{
230 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 226 struct ieee80211_local *local = wiphy_priv(wiphy);
227 struct ieee80211_sub_if_data *sdata;
231 struct sta_info *sta = NULL; 228 struct sta_info *sta = NULL;
232 u8 seq[6] = {0}; 229 u8 seq[6] = {0};
233 struct key_params params; 230 struct key_params params;
@@ -236,6 +233,11 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
236 u16 iv16; 233 u16 iv16;
237 int err = -ENOENT; 234 int err = -ENOENT;
238 235
236 if (dev == local->mdev)
237 return -EOPNOTSUPP;
238
239 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
240
239 rcu_read_lock(); 241 rcu_read_lock();
240 242
241 if (mac_addr) { 243 if (mac_addr) {
@@ -256,8 +258,8 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
256 case ALG_TKIP: 258 case ALG_TKIP:
257 params.cipher = WLAN_CIPHER_SUITE_TKIP; 259 params.cipher = WLAN_CIPHER_SUITE_TKIP;
258 260
259 iv32 = key->u.tkip.iv32; 261 iv32 = key->u.tkip.tx.iv32;
260 iv16 = key->u.tkip.iv16; 262 iv16 = key->u.tkip.tx.iv16;
261 263
262 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE && 264 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
263 sdata->local->ops->get_tkip_seq) 265 sdata->local->ops->get_tkip_seq)
@@ -309,8 +311,12 @@ static int ieee80211_config_default_key(struct wiphy *wiphy,
309 struct net_device *dev, 311 struct net_device *dev,
310 u8 key_idx) 312 u8 key_idx)
311{ 313{
314 struct ieee80211_local *local = wiphy_priv(wiphy);
312 struct ieee80211_sub_if_data *sdata; 315 struct ieee80211_sub_if_data *sdata;
313 316
317 if (dev == local->mdev)
318 return -EOPNOTSUPP;
319
314 rcu_read_lock(); 320 rcu_read_lock();
315 321
316 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 322 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -485,15 +491,21 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
485 491
486 kfree(old); 492 kfree(old);
487 493
488 return ieee80211_if_config_beacon(sdata->dev); 494 return ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
489} 495}
490 496
491static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev, 497static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
492 struct beacon_parameters *params) 498 struct beacon_parameters *params)
493{ 499{
494 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 500 struct ieee80211_local *local = wiphy_priv(wiphy);
501 struct ieee80211_sub_if_data *sdata;
495 struct beacon_data *old; 502 struct beacon_data *old;
496 503
504 if (dev == local->mdev)
505 return -EOPNOTSUPP;
506
507 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
508
497 if (sdata->vif.type != IEEE80211_IF_TYPE_AP) 509 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
498 return -EINVAL; 510 return -EINVAL;
499 511
@@ -508,9 +520,15 @@ static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
508static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev, 520static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
509 struct beacon_parameters *params) 521 struct beacon_parameters *params)
510{ 522{
511 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 523 struct ieee80211_local *local = wiphy_priv(wiphy);
524 struct ieee80211_sub_if_data *sdata;
512 struct beacon_data *old; 525 struct beacon_data *old;
513 526
527 if (dev == local->mdev)
528 return -EOPNOTSUPP;
529
530 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
531
514 if (sdata->vif.type != IEEE80211_IF_TYPE_AP) 532 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
515 return -EINVAL; 533 return -EINVAL;
516 534
@@ -524,9 +542,15 @@ static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
524 542
525static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev) 543static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
526{ 544{
527 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 545 struct ieee80211_local *local = wiphy_priv(wiphy);
546 struct ieee80211_sub_if_data *sdata;
528 struct beacon_data *old; 547 struct beacon_data *old;
529 548
549 if (dev == local->mdev)
550 return -EOPNOTSUPP;
551
552 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
553
530 if (sdata->vif.type != IEEE80211_IF_TYPE_AP) 554 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
531 return -EINVAL; 555 return -EINVAL;
532 556
@@ -539,7 +563,7 @@ static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
539 synchronize_rcu(); 563 synchronize_rcu();
540 kfree(old); 564 kfree(old);
541 565
542 return ieee80211_if_config_beacon(dev); 566 return ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
543} 567}
544 568
545/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ 569/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
@@ -602,6 +626,7 @@ static void sta_apply_parameters(struct ieee80211_local *local,
602 */ 626 */
603 627
604 if (params->station_flags & STATION_FLAG_CHANGED) { 628 if (params->station_flags & STATION_FLAG_CHANGED) {
629 spin_lock_bh(&sta->lock);
605 sta->flags &= ~WLAN_STA_AUTHORIZED; 630 sta->flags &= ~WLAN_STA_AUTHORIZED;
606 if (params->station_flags & STATION_FLAG_AUTHORIZED) 631 if (params->station_flags & STATION_FLAG_AUTHORIZED)
607 sta->flags |= WLAN_STA_AUTHORIZED; 632 sta->flags |= WLAN_STA_AUTHORIZED;
@@ -613,6 +638,7 @@ static void sta_apply_parameters(struct ieee80211_local *local,
613 sta->flags &= ~WLAN_STA_WME; 638 sta->flags &= ~WLAN_STA_WME;
614 if (params->station_flags & STATION_FLAG_WME) 639 if (params->station_flags & STATION_FLAG_WME)
615 sta->flags |= WLAN_STA_WME; 640 sta->flags |= WLAN_STA_WME;
641 spin_unlock_bh(&sta->lock);
616 } 642 }
617 643
618 /* 644 /*
@@ -660,11 +686,14 @@ static void sta_apply_parameters(struct ieee80211_local *local,
660static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev, 686static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
661 u8 *mac, struct station_parameters *params) 687 u8 *mac, struct station_parameters *params)
662{ 688{
663 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 689 struct ieee80211_local *local = wiphy_priv(wiphy);
664 struct sta_info *sta; 690 struct sta_info *sta;
665 struct ieee80211_sub_if_data *sdata; 691 struct ieee80211_sub_if_data *sdata;
666 int err; 692 int err;
667 693
694 if (dev == local->mdev || params->vlan == local->mdev)
695 return -EOPNOTSUPP;
696
668 /* Prevent a race with changing the rate control algorithm */ 697 /* Prevent a race with changing the rate control algorithm */
669 if (!netif_running(dev)) 698 if (!netif_running(dev))
670 return -ENETDOWN; 699 return -ENETDOWN;
@@ -672,7 +701,7 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
672 if (params->vlan) { 701 if (params->vlan) {
673 sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); 702 sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
674 703
675 if (sdata->vif.type != IEEE80211_IF_TYPE_VLAN || 704 if (sdata->vif.type != IEEE80211_IF_TYPE_VLAN &&
676 sdata->vif.type != IEEE80211_IF_TYPE_AP) 705 sdata->vif.type != IEEE80211_IF_TYPE_AP)
677 return -EINVAL; 706 return -EINVAL;
678 } else 707 } else
@@ -715,10 +744,15 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
715static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev, 744static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
716 u8 *mac) 745 u8 *mac)
717{ 746{
718 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 747 struct ieee80211_local *local = wiphy_priv(wiphy);
719 struct ieee80211_local *local = sdata->local; 748 struct ieee80211_sub_if_data *sdata;
720 struct sta_info *sta; 749 struct sta_info *sta;
721 750
751 if (dev == local->mdev)
752 return -EOPNOTSUPP;
753
754 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
755
722 if (mac) { 756 if (mac) {
723 rcu_read_lock(); 757 rcu_read_lock();
724 758
@@ -744,10 +778,13 @@ static int ieee80211_change_station(struct wiphy *wiphy,
744 u8 *mac, 778 u8 *mac,
745 struct station_parameters *params) 779 struct station_parameters *params)
746{ 780{
747 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 781 struct ieee80211_local *local = wiphy_priv(wiphy);
748 struct sta_info *sta; 782 struct sta_info *sta;
749 struct ieee80211_sub_if_data *vlansdata; 783 struct ieee80211_sub_if_data *vlansdata;
750 784
785 if (dev == local->mdev || params->vlan == local->mdev)
786 return -EOPNOTSUPP;
787
751 rcu_read_lock(); 788 rcu_read_lock();
752 789
753 /* XXX: get sta belonging to dev */ 790 /* XXX: get sta belonging to dev */
@@ -760,13 +797,13 @@ static int ieee80211_change_station(struct wiphy *wiphy,
760 if (params->vlan && params->vlan != sta->sdata->dev) { 797 if (params->vlan && params->vlan != sta->sdata->dev) {
761 vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); 798 vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
762 799
763 if (vlansdata->vif.type != IEEE80211_IF_TYPE_VLAN || 800 if (vlansdata->vif.type != IEEE80211_IF_TYPE_VLAN &&
764 vlansdata->vif.type != IEEE80211_IF_TYPE_AP) { 801 vlansdata->vif.type != IEEE80211_IF_TYPE_AP) {
765 rcu_read_unlock(); 802 rcu_read_unlock();
766 return -EINVAL; 803 return -EINVAL;
767 } 804 }
768 805
769 sta->sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); 806 sta->sdata = vlansdata;
770 ieee80211_send_layer2_update(sta); 807 ieee80211_send_layer2_update(sta);
771 } 808 }
772 809
@@ -781,15 +818,20 @@ static int ieee80211_change_station(struct wiphy *wiphy,
781static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev, 818static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
782 u8 *dst, u8 *next_hop) 819 u8 *dst, u8 *next_hop)
783{ 820{
784 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 821 struct ieee80211_local *local = wiphy_priv(wiphy);
785 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 822 struct ieee80211_sub_if_data *sdata;
786 struct mesh_path *mpath; 823 struct mesh_path *mpath;
787 struct sta_info *sta; 824 struct sta_info *sta;
788 int err; 825 int err;
789 826
827 if (dev == local->mdev)
828 return -EOPNOTSUPP;
829
790 if (!netif_running(dev)) 830 if (!netif_running(dev))
791 return -ENETDOWN; 831 return -ENETDOWN;
792 832
833 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
834
793 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 835 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
794 return -ENOTSUPP; 836 return -ENOTSUPP;
795 837
@@ -831,14 +873,19 @@ static int ieee80211_change_mpath(struct wiphy *wiphy,
831 struct net_device *dev, 873 struct net_device *dev,
832 u8 *dst, u8 *next_hop) 874 u8 *dst, u8 *next_hop)
833{ 875{
834 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 876 struct ieee80211_local *local = wiphy_priv(wiphy);
835 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 877 struct ieee80211_sub_if_data *sdata;
836 struct mesh_path *mpath; 878 struct mesh_path *mpath;
837 struct sta_info *sta; 879 struct sta_info *sta;
838 880
881 if (dev == local->mdev)
882 return -EOPNOTSUPP;
883
839 if (!netif_running(dev)) 884 if (!netif_running(dev))
840 return -ENETDOWN; 885 return -ENETDOWN;
841 886
887 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
888
842 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 889 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
843 return -ENOTSUPP; 890 return -ENOTSUPP;
844 891
@@ -905,9 +952,15 @@ static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev,
905 u8 *dst, u8 *next_hop, struct mpath_info *pinfo) 952 u8 *dst, u8 *next_hop, struct mpath_info *pinfo)
906 953
907{ 954{
908 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 955 struct ieee80211_local *local = wiphy_priv(wiphy);
956 struct ieee80211_sub_if_data *sdata;
909 struct mesh_path *mpath; 957 struct mesh_path *mpath;
910 958
959 if (dev == local->mdev)
960 return -EOPNOTSUPP;
961
962 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
963
911 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 964 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
912 return -ENOTSUPP; 965 return -ENOTSUPP;
913 966
@@ -927,9 +980,15 @@ static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
927 int idx, u8 *dst, u8 *next_hop, 980 int idx, u8 *dst, u8 *next_hop,
928 struct mpath_info *pinfo) 981 struct mpath_info *pinfo)
929{ 982{
930 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 983 struct ieee80211_local *local = wiphy_priv(wiphy);
984 struct ieee80211_sub_if_data *sdata;
931 struct mesh_path *mpath; 985 struct mesh_path *mpath;
932 986
987 if (dev == local->mdev)
988 return -EOPNOTSUPP;
989
990 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
991
933 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) 992 if (sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)
934 return -ENOTSUPP; 993 return -ENOTSUPP;
935 994
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 1cccbfd781f6..ee509f1109e2 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -70,16 +70,6 @@ DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s",
70 70
71/* statistics stuff */ 71/* statistics stuff */
72 72
73static inline int rtnl_lock_local(struct ieee80211_local *local)
74{
75 rtnl_lock();
76 if (unlikely(local->reg_state != IEEE80211_DEV_REGISTERED)) {
77 rtnl_unlock();
78 return -ENODEV;
79 }
80 return 0;
81}
82
83#define DEBUGFS_STATS_FILE(name, buflen, fmt, value...) \ 73#define DEBUGFS_STATS_FILE(name, buflen, fmt, value...) \
84 DEBUGFS_READONLY_FILE(stats_ ##name, buflen, fmt, ##value) 74 DEBUGFS_READONLY_FILE(stats_ ##name, buflen, fmt, ##value)
85 75
@@ -96,10 +86,7 @@ static ssize_t format_devstat_counter(struct ieee80211_local *local,
96 if (!local->ops->get_stats) 86 if (!local->ops->get_stats)
97 return -EOPNOTSUPP; 87 return -EOPNOTSUPP;
98 88
99 res = rtnl_lock_local(local); 89 rtnl_lock();
100 if (res)
101 return res;
102
103 res = local->ops->get_stats(local_to_hw(local), &stats); 90 res = local->ops->get_stats(local_to_hw(local), &stats);
104 rtnl_unlock(); 91 rtnl_unlock();
105 if (!res) 92 if (!res)
@@ -197,45 +184,6 @@ DEBUGFS_STATS_FILE(rx_handlers_fragments, 20, "%u",
197DEBUGFS_STATS_FILE(tx_status_drop, 20, "%u", 184DEBUGFS_STATS_FILE(tx_status_drop, 20, "%u",
198 local->tx_status_drop); 185 local->tx_status_drop);
199 186
200static ssize_t stats_wme_rx_queue_read(struct file *file,
201 char __user *userbuf,
202 size_t count, loff_t *ppos)
203{
204 struct ieee80211_local *local = file->private_data;
205 char buf[NUM_RX_DATA_QUEUES*15], *p = buf;
206 int i;
207
208 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
209 p += scnprintf(p, sizeof(buf)+buf-p,
210 "%u\n", local->wme_rx_queue[i]);
211
212 return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
213}
214
215static const struct file_operations stats_wme_rx_queue_ops = {
216 .read = stats_wme_rx_queue_read,
217 .open = mac80211_open_file_generic,
218};
219
220static ssize_t stats_wme_tx_queue_read(struct file *file,
221 char __user *userbuf,
222 size_t count, loff_t *ppos)
223{
224 struct ieee80211_local *local = file->private_data;
225 char buf[NUM_TX_DATA_QUEUES*15], *p = buf;
226 int i;
227
228 for (i = 0; i < NUM_TX_DATA_QUEUES; i++)
229 p += scnprintf(p, sizeof(buf)+buf-p,
230 "%u\n", local->wme_tx_queue[i]);
231
232 return simple_read_from_buffer(userbuf, count, ppos, buf, p-buf);
233}
234
235static const struct file_operations stats_wme_tx_queue_ops = {
236 .read = stats_wme_tx_queue_read,
237 .open = mac80211_open_file_generic,
238};
239#endif 187#endif
240 188
241DEBUGFS_DEVSTATS_FILE(dot11ACKFailureCount); 189DEBUGFS_DEVSTATS_FILE(dot11ACKFailureCount);
@@ -303,8 +251,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
303 DEBUGFS_STATS_ADD(rx_expand_skb_head2); 251 DEBUGFS_STATS_ADD(rx_expand_skb_head2);
304 DEBUGFS_STATS_ADD(rx_handlers_fragments); 252 DEBUGFS_STATS_ADD(rx_handlers_fragments);
305 DEBUGFS_STATS_ADD(tx_status_drop); 253 DEBUGFS_STATS_ADD(tx_status_drop);
306 DEBUGFS_STATS_ADD(wme_tx_queue);
307 DEBUGFS_STATS_ADD(wme_rx_queue);
308#endif 254#endif
309 DEBUGFS_STATS_ADD(dot11ACKFailureCount); 255 DEBUGFS_STATS_ADD(dot11ACKFailureCount);
310 DEBUGFS_STATS_ADD(dot11RTSFailureCount); 256 DEBUGFS_STATS_ADD(dot11RTSFailureCount);
@@ -356,8 +302,6 @@ void debugfs_hw_del(struct ieee80211_local *local)
356 DEBUGFS_STATS_DEL(rx_expand_skb_head2); 302 DEBUGFS_STATS_DEL(rx_expand_skb_head2);
357 DEBUGFS_STATS_DEL(rx_handlers_fragments); 303 DEBUGFS_STATS_DEL(rx_handlers_fragments);
358 DEBUGFS_STATS_DEL(tx_status_drop); 304 DEBUGFS_STATS_DEL(tx_status_drop);
359 DEBUGFS_STATS_DEL(wme_tx_queue);
360 DEBUGFS_STATS_DEL(wme_rx_queue);
361#endif 305#endif
362 DEBUGFS_STATS_DEL(dot11ACKFailureCount); 306 DEBUGFS_STATS_DEL(dot11ACKFailureCount);
363 DEBUGFS_STATS_DEL(dot11RTSFailureCount); 307 DEBUGFS_STATS_DEL(dot11RTSFailureCount);
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c
index 19efc3a6a932..cf82acec913a 100644
--- a/net/mac80211/debugfs_key.c
+++ b/net/mac80211/debugfs_key.c
@@ -97,8 +97,8 @@ static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,
97 break; 97 break;
98 case ALG_TKIP: 98 case ALG_TKIP:
99 len = scnprintf(buf, sizeof(buf), "%08x %04x\n", 99 len = scnprintf(buf, sizeof(buf), "%08x %04x\n",
100 key->u.tkip.iv32, 100 key->u.tkip.tx.iv32,
101 key->u.tkip.iv16); 101 key->u.tkip.tx.iv16);
102 break; 102 break;
103 case ALG_CCMP: 103 case ALG_CCMP:
104 tpn = key->u.ccmp.tx_pn; 104 tpn = key->u.ccmp.tx_pn;
@@ -128,8 +128,8 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
128 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 128 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
129 p += scnprintf(p, sizeof(buf)+buf-p, 129 p += scnprintf(p, sizeof(buf)+buf-p,
130 "%08x %04x\n", 130 "%08x %04x\n",
131 key->u.tkip.iv32_rx[i], 131 key->u.tkip.rx[i].iv32,
132 key->u.tkip.iv16_rx[i]); 132 key->u.tkip.rx[i].iv16);
133 len = p - buf; 133 len = p - buf;
134 break; 134 break;
135 case ALG_CCMP: 135 case ALG_CCMP:
@@ -265,7 +265,7 @@ void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
265 key = sdata->default_key; 265 key = sdata->default_key;
266 if (key) { 266 if (key) {
267 sprintf(buf, "../keys/%d", key->debugfs.cnt); 267 sprintf(buf, "../keys/%d", key->debugfs.cnt);
268 sdata->debugfs.default_key = 268 sdata->common_debugfs.default_key =
269 debugfs_create_symlink("default_key", 269 debugfs_create_symlink("default_key",
270 sdata->debugfsdir, buf); 270 sdata->debugfsdir, buf);
271 } else 271 } else
@@ -277,8 +277,8 @@ void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata)
277 if (!sdata) 277 if (!sdata)
278 return; 278 return;
279 279
280 debugfs_remove(sdata->debugfs.default_key); 280 debugfs_remove(sdata->common_debugfs.default_key);
281 sdata->debugfs.default_key = NULL; 281 sdata->common_debugfs.default_key = NULL;
282} 282}
283 283
284void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key, 284void ieee80211_debugfs_key_sta_del(struct ieee80211_key *key,
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index e3326d046944..8165df578c92 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -155,8 +155,9 @@ static const struct file_operations name##_ops = { \
155 __IEEE80211_IF_WFILE(name) 155 __IEEE80211_IF_WFILE(name)
156 156
157/* common attributes */ 157/* common attributes */
158IEEE80211_IF_FILE(channel_use, channel_use, DEC);
159IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC); 158IEEE80211_IF_FILE(drop_unencrypted, drop_unencrypted, DEC);
159IEEE80211_IF_FILE(force_unicast_rateidx, force_unicast_rateidx, DEC);
160IEEE80211_IF_FILE(max_ratectrl_rateidx, max_ratectrl_rateidx, DEC);
160 161
161/* STA/IBSS attributes */ 162/* STA/IBSS attributes */
162IEEE80211_IF_FILE(state, u.sta.state, DEC); 163IEEE80211_IF_FILE(state, u.sta.state, DEC);
@@ -192,8 +193,6 @@ __IEEE80211_IF_FILE(flags);
192IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC); 193IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
193IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC); 194IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC);
194IEEE80211_IF_FILE(num_beacons, u.ap.num_beacons, DEC); 195IEEE80211_IF_FILE(num_beacons, u.ap.num_beacons, DEC);
195IEEE80211_IF_FILE(force_unicast_rateidx, u.ap.force_unicast_rateidx, DEC);
196IEEE80211_IF_FILE(max_ratectrl_rateidx, u.ap.max_ratectrl_rateidx, DEC);
197 196
198static ssize_t ieee80211_if_fmt_num_buffered_multicast( 197static ssize_t ieee80211_if_fmt_num_buffered_multicast(
199 const struct ieee80211_sub_if_data *sdata, char *buf, int buflen) 198 const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
@@ -248,8 +247,10 @@ IEEE80211_IF_WFILE(min_discovery_timeout,
248 247
249static void add_sta_files(struct ieee80211_sub_if_data *sdata) 248static void add_sta_files(struct ieee80211_sub_if_data *sdata)
250{ 249{
251 DEBUGFS_ADD(channel_use, sta);
252 DEBUGFS_ADD(drop_unencrypted, sta); 250 DEBUGFS_ADD(drop_unencrypted, sta);
251 DEBUGFS_ADD(force_unicast_rateidx, sta);
252 DEBUGFS_ADD(max_ratectrl_rateidx, sta);
253
253 DEBUGFS_ADD(state, sta); 254 DEBUGFS_ADD(state, sta);
254 DEBUGFS_ADD(bssid, sta); 255 DEBUGFS_ADD(bssid, sta);
255 DEBUGFS_ADD(prev_bssid, sta); 256 DEBUGFS_ADD(prev_bssid, sta);
@@ -269,27 +270,30 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
269 270
270static void add_ap_files(struct ieee80211_sub_if_data *sdata) 271static void add_ap_files(struct ieee80211_sub_if_data *sdata)
271{ 272{
272 DEBUGFS_ADD(channel_use, ap);
273 DEBUGFS_ADD(drop_unencrypted, ap); 273 DEBUGFS_ADD(drop_unencrypted, ap);
274 DEBUGFS_ADD(force_unicast_rateidx, ap);
275 DEBUGFS_ADD(max_ratectrl_rateidx, ap);
276
274 DEBUGFS_ADD(num_sta_ps, ap); 277 DEBUGFS_ADD(num_sta_ps, ap);
275 DEBUGFS_ADD(dtim_count, ap); 278 DEBUGFS_ADD(dtim_count, ap);
276 DEBUGFS_ADD(num_beacons, ap); 279 DEBUGFS_ADD(num_beacons, ap);
277 DEBUGFS_ADD(force_unicast_rateidx, ap);
278 DEBUGFS_ADD(max_ratectrl_rateidx, ap);
279 DEBUGFS_ADD(num_buffered_multicast, ap); 280 DEBUGFS_ADD(num_buffered_multicast, ap);
280} 281}
281 282
282static void add_wds_files(struct ieee80211_sub_if_data *sdata) 283static void add_wds_files(struct ieee80211_sub_if_data *sdata)
283{ 284{
284 DEBUGFS_ADD(channel_use, wds);
285 DEBUGFS_ADD(drop_unencrypted, wds); 285 DEBUGFS_ADD(drop_unencrypted, wds);
286 DEBUGFS_ADD(force_unicast_rateidx, wds);
287 DEBUGFS_ADD(max_ratectrl_rateidx, wds);
288
286 DEBUGFS_ADD(peer, wds); 289 DEBUGFS_ADD(peer, wds);
287} 290}
288 291
289static void add_vlan_files(struct ieee80211_sub_if_data *sdata) 292static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
290{ 293{
291 DEBUGFS_ADD(channel_use, vlan);
292 DEBUGFS_ADD(drop_unencrypted, vlan); 294 DEBUGFS_ADD(drop_unencrypted, vlan);
295 DEBUGFS_ADD(force_unicast_rateidx, vlan);
296 DEBUGFS_ADD(max_ratectrl_rateidx, vlan);
293} 297}
294 298
295static void add_monitor_files(struct ieee80211_sub_if_data *sdata) 299static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
@@ -376,8 +380,10 @@ static void add_files(struct ieee80211_sub_if_data *sdata)
376 380
377static void del_sta_files(struct ieee80211_sub_if_data *sdata) 381static void del_sta_files(struct ieee80211_sub_if_data *sdata)
378{ 382{
379 DEBUGFS_DEL(channel_use, sta);
380 DEBUGFS_DEL(drop_unencrypted, sta); 383 DEBUGFS_DEL(drop_unencrypted, sta);
384 DEBUGFS_DEL(force_unicast_rateidx, sta);
385 DEBUGFS_DEL(max_ratectrl_rateidx, sta);
386
381 DEBUGFS_DEL(state, sta); 387 DEBUGFS_DEL(state, sta);
382 DEBUGFS_DEL(bssid, sta); 388 DEBUGFS_DEL(bssid, sta);
383 DEBUGFS_DEL(prev_bssid, sta); 389 DEBUGFS_DEL(prev_bssid, sta);
@@ -397,27 +403,30 @@ static void del_sta_files(struct ieee80211_sub_if_data *sdata)
397 403
398static void del_ap_files(struct ieee80211_sub_if_data *sdata) 404static void del_ap_files(struct ieee80211_sub_if_data *sdata)
399{ 405{
400 DEBUGFS_DEL(channel_use, ap);
401 DEBUGFS_DEL(drop_unencrypted, ap); 406 DEBUGFS_DEL(drop_unencrypted, ap);
407 DEBUGFS_DEL(force_unicast_rateidx, ap);
408 DEBUGFS_DEL(max_ratectrl_rateidx, ap);
409
402 DEBUGFS_DEL(num_sta_ps, ap); 410 DEBUGFS_DEL(num_sta_ps, ap);
403 DEBUGFS_DEL(dtim_count, ap); 411 DEBUGFS_DEL(dtim_count, ap);
404 DEBUGFS_DEL(num_beacons, ap); 412 DEBUGFS_DEL(num_beacons, ap);
405 DEBUGFS_DEL(force_unicast_rateidx, ap);
406 DEBUGFS_DEL(max_ratectrl_rateidx, ap);
407 DEBUGFS_DEL(num_buffered_multicast, ap); 413 DEBUGFS_DEL(num_buffered_multicast, ap);
408} 414}
409 415
410static void del_wds_files(struct ieee80211_sub_if_data *sdata) 416static void del_wds_files(struct ieee80211_sub_if_data *sdata)
411{ 417{
412 DEBUGFS_DEL(channel_use, wds);
413 DEBUGFS_DEL(drop_unencrypted, wds); 418 DEBUGFS_DEL(drop_unencrypted, wds);
419 DEBUGFS_DEL(force_unicast_rateidx, wds);
420 DEBUGFS_DEL(max_ratectrl_rateidx, wds);
421
414 DEBUGFS_DEL(peer, wds); 422 DEBUGFS_DEL(peer, wds);
415} 423}
416 424
417static void del_vlan_files(struct ieee80211_sub_if_data *sdata) 425static void del_vlan_files(struct ieee80211_sub_if_data *sdata)
418{ 426{
419 DEBUGFS_DEL(channel_use, vlan);
420 DEBUGFS_DEL(drop_unencrypted, vlan); 427 DEBUGFS_DEL(drop_unencrypted, vlan);
428 DEBUGFS_DEL(force_unicast_rateidx, vlan);
429 DEBUGFS_DEL(max_ratectrl_rateidx, vlan);
421} 430}
422 431
423static void del_monitor_files(struct ieee80211_sub_if_data *sdata) 432static void del_monitor_files(struct ieee80211_sub_if_data *sdata)
@@ -467,12 +476,12 @@ static void del_mesh_config(struct ieee80211_sub_if_data *sdata)
467} 476}
468#endif 477#endif
469 478
470static void del_files(struct ieee80211_sub_if_data *sdata, int type) 479static void del_files(struct ieee80211_sub_if_data *sdata)
471{ 480{
472 if (!sdata->debugfsdir) 481 if (!sdata->debugfsdir)
473 return; 482 return;
474 483
475 switch (type) { 484 switch (sdata->vif.type) {
476 case IEEE80211_IF_TYPE_MESH_POINT: 485 case IEEE80211_IF_TYPE_MESH_POINT:
477#ifdef CONFIG_MAC80211_MESH 486#ifdef CONFIG_MAC80211_MESH
478 del_mesh_stats(sdata); 487 del_mesh_stats(sdata);
@@ -512,29 +521,23 @@ void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
512 sprintf(buf, "netdev:%s", sdata->dev->name); 521 sprintf(buf, "netdev:%s", sdata->dev->name);
513 sdata->debugfsdir = debugfs_create_dir(buf, 522 sdata->debugfsdir = debugfs_create_dir(buf,
514 sdata->local->hw.wiphy->debugfsdir); 523 sdata->local->hw.wiphy->debugfsdir);
524 add_files(sdata);
515} 525}
516 526
517void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata) 527void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata)
518{ 528{
519 del_files(sdata, sdata->vif.type); 529 del_files(sdata);
520 debugfs_remove(sdata->debugfsdir); 530 debugfs_remove(sdata->debugfsdir);
521 sdata->debugfsdir = NULL; 531 sdata->debugfsdir = NULL;
522} 532}
523 533
524void ieee80211_debugfs_change_if_type(struct ieee80211_sub_if_data *sdata, 534static int netdev_notify(struct notifier_block *nb,
525 int oldtype)
526{
527 del_files(sdata, oldtype);
528 add_files(sdata);
529}
530
531static int netdev_notify(struct notifier_block * nb,
532 unsigned long state, 535 unsigned long state,
533 void *ndev) 536 void *ndev)
534{ 537{
535 struct net_device *dev = ndev; 538 struct net_device *dev = ndev;
536 struct dentry *dir; 539 struct dentry *dir;
537 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 540 struct ieee80211_sub_if_data *sdata;
538 char buf[10+IFNAMSIZ]; 541 char buf[10+IFNAMSIZ];
539 542
540 if (state != NETDEV_CHANGENAME) 543 if (state != NETDEV_CHANGENAME)
@@ -546,6 +549,8 @@ static int netdev_notify(struct notifier_block * nb,
546 if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid) 549 if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
547 return 0; 550 return 0;
548 551
552 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
553
549 sprintf(buf, "netdev:%s", dev->name); 554 sprintf(buf, "netdev:%s", dev->name);
550 dir = sdata->debugfsdir; 555 dir = sdata->debugfsdir;
551 if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf)) 556 if (!debugfs_rename(dir->d_parent, dir, dir->d_parent, buf))
diff --git a/net/mac80211/debugfs_netdev.h b/net/mac80211/debugfs_netdev.h
index a690071fde8a..7af731f0b731 100644
--- a/net/mac80211/debugfs_netdev.h
+++ b/net/mac80211/debugfs_netdev.h
@@ -6,8 +6,6 @@
6#ifdef CONFIG_MAC80211_DEBUGFS 6#ifdef CONFIG_MAC80211_DEBUGFS
7void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata); 7void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata);
8void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata); 8void ieee80211_debugfs_remove_netdev(struct ieee80211_sub_if_data *sdata);
9void ieee80211_debugfs_change_if_type(struct ieee80211_sub_if_data *sdata,
10 int oldtype);
11void ieee80211_debugfs_netdev_init(void); 9void ieee80211_debugfs_netdev_init(void);
12void ieee80211_debugfs_netdev_exit(void); 10void ieee80211_debugfs_netdev_exit(void);
13#else 11#else
@@ -17,9 +15,6 @@ static inline void ieee80211_debugfs_add_netdev(
17static inline void ieee80211_debugfs_remove_netdev( 15static inline void ieee80211_debugfs_remove_netdev(
18 struct ieee80211_sub_if_data *sdata) 16 struct ieee80211_sub_if_data *sdata)
19{} 17{}
20static inline void ieee80211_debugfs_change_if_type(
21 struct ieee80211_sub_if_data *sdata, int oldtype)
22{}
23static inline void ieee80211_debugfs_netdev_init(void) 18static inline void ieee80211_debugfs_netdev_init(void)
24{} 19{}
25 20
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 6d47a1d31b37..79a062782d52 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -63,10 +63,9 @@ STA_FILE(tx_fragments, tx_fragments, LU);
63STA_FILE(tx_filtered, tx_filtered_count, LU); 63STA_FILE(tx_filtered, tx_filtered_count, LU);
64STA_FILE(tx_retry_failed, tx_retry_failed, LU); 64STA_FILE(tx_retry_failed, tx_retry_failed, LU);
65STA_FILE(tx_retry_count, tx_retry_count, LU); 65STA_FILE(tx_retry_count, tx_retry_count, LU);
66STA_FILE(last_rssi, last_rssi, D);
67STA_FILE(last_signal, last_signal, D); 66STA_FILE(last_signal, last_signal, D);
67STA_FILE(last_qual, last_qual, D);
68STA_FILE(last_noise, last_noise, D); 68STA_FILE(last_noise, last_noise, D);
69STA_FILE(channel_use, channel_use, D);
70STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU); 69STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU);
71 70
72static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 71static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
@@ -74,14 +73,15 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
74{ 73{
75 char buf[100]; 74 char buf[100];
76 struct sta_info *sta = file->private_data; 75 struct sta_info *sta = file->private_data;
76 u32 staflags = get_sta_flags(sta);
77 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s", 77 int res = scnprintf(buf, sizeof(buf), "%s%s%s%s%s%s%s",
78 sta->flags & WLAN_STA_AUTH ? "AUTH\n" : "", 78 staflags & WLAN_STA_AUTH ? "AUTH\n" : "",
79 sta->flags & WLAN_STA_ASSOC ? "ASSOC\n" : "", 79 staflags & WLAN_STA_ASSOC ? "ASSOC\n" : "",
80 sta->flags & WLAN_STA_PS ? "PS\n" : "", 80 staflags & WLAN_STA_PS ? "PS\n" : "",
81 sta->flags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "", 81 staflags & WLAN_STA_AUTHORIZED ? "AUTHORIZED\n" : "",
82 sta->flags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "", 82 staflags & WLAN_STA_SHORT_PREAMBLE ? "SHORT PREAMBLE\n" : "",
83 sta->flags & WLAN_STA_WME ? "WME\n" : "", 83 staflags & WLAN_STA_WME ? "WME\n" : "",
84 sta->flags & WLAN_STA_WDS ? "WDS\n" : ""); 84 staflags & WLAN_STA_WDS ? "WDS\n" : "");
85 return simple_read_from_buffer(userbuf, count, ppos, buf, res); 85 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
86} 86}
87STA_OPS(flags); 87STA_OPS(flags);
@@ -123,36 +123,6 @@ static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf,
123} 123}
124STA_OPS(last_seq_ctrl); 124STA_OPS(last_seq_ctrl);
125 125
126#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
127static ssize_t sta_wme_rx_queue_read(struct file *file, char __user *userbuf,
128 size_t count, loff_t *ppos)
129{
130 char buf[15*NUM_RX_DATA_QUEUES], *p = buf;
131 int i;
132 struct sta_info *sta = file->private_data;
133 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
134 p += scnprintf(p, sizeof(buf)+buf-p, "%u ",
135 sta->wme_rx_queue[i]);
136 p += scnprintf(p, sizeof(buf)+buf-p, "\n");
137 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
138}
139STA_OPS(wme_rx_queue);
140
141static ssize_t sta_wme_tx_queue_read(struct file *file, char __user *userbuf,
142 size_t count, loff_t *ppos)
143{
144 char buf[15*NUM_TX_DATA_QUEUES], *p = buf;
145 int i;
146 struct sta_info *sta = file->private_data;
147 for (i = 0; i < NUM_TX_DATA_QUEUES; i++)
148 p += scnprintf(p, sizeof(buf)+buf-p, "%u ",
149 sta->wme_tx_queue[i]);
150 p += scnprintf(p, sizeof(buf)+buf-p, "\n");
151 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
152}
153STA_OPS(wme_tx_queue);
154#endif
155
156static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf, 126static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
157 size_t count, loff_t *ppos) 127 size_t count, loff_t *ppos)
158{ 128{
@@ -293,10 +263,6 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
293 DEBUGFS_ADD(num_ps_buf_frames); 263 DEBUGFS_ADD(num_ps_buf_frames);
294 DEBUGFS_ADD(inactive_ms); 264 DEBUGFS_ADD(inactive_ms);
295 DEBUGFS_ADD(last_seq_ctrl); 265 DEBUGFS_ADD(last_seq_ctrl);
296#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
297 DEBUGFS_ADD(wme_rx_queue);
298 DEBUGFS_ADD(wme_tx_queue);
299#endif
300 DEBUGFS_ADD(agg_status); 266 DEBUGFS_ADD(agg_status);
301} 267}
302 268
@@ -306,10 +272,6 @@ void ieee80211_sta_debugfs_remove(struct sta_info *sta)
306 DEBUGFS_DEL(num_ps_buf_frames); 272 DEBUGFS_DEL(num_ps_buf_frames);
307 DEBUGFS_DEL(inactive_ms); 273 DEBUGFS_DEL(inactive_ms);
308 DEBUGFS_DEL(last_seq_ctrl); 274 DEBUGFS_DEL(last_seq_ctrl);
309#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
310 DEBUGFS_DEL(wme_rx_queue);
311 DEBUGFS_DEL(wme_tx_queue);
312#endif
313 DEBUGFS_DEL(agg_status); 275 DEBUGFS_DEL(agg_status);
314 276
315 debugfs_remove(sta->debugfs.dir); 277 debugfs_remove(sta->debugfs.dir);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index c7314bf4bec2..4498d8713652 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -2,6 +2,7 @@
2 * Copyright 2002-2005, Instant802 Networks, Inc. 2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005, Devicescape Software, Inc. 3 * Copyright 2005, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
5 * 6 *
6 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
@@ -23,6 +24,8 @@
23#include <linux/spinlock.h> 24#include <linux/spinlock.h>
24#include <linux/etherdevice.h> 25#include <linux/etherdevice.h>
25#include <net/wireless.h> 26#include <net/wireless.h>
27#include <net/iw_handler.h>
28#include <net/mac80211.h>
26#include "key.h" 29#include "key.h"
27#include "sta_info.h" 30#include "sta_info.h"
28 31
@@ -79,10 +82,11 @@ struct ieee80211_sta_bss {
79 82
80 u8 bssid[ETH_ALEN]; 83 u8 bssid[ETH_ALEN];
81 u8 ssid[IEEE80211_MAX_SSID_LEN]; 84 u8 ssid[IEEE80211_MAX_SSID_LEN];
85 u8 dtim_period;
82 u16 capability; /* host byte order */ 86 u16 capability; /* host byte order */
83 enum ieee80211_band band; 87 enum ieee80211_band band;
84 int freq; 88 int freq;
85 int rssi, signal, noise; 89 int signal, noise, qual;
86 u8 *wpa_ie; 90 u8 *wpa_ie;
87 size_t wpa_ie_len; 91 size_t wpa_ie_len;
88 u8 *rsn_ie; 92 u8 *rsn_ie;
@@ -91,6 +95,8 @@ struct ieee80211_sta_bss {
91 size_t wmm_ie_len; 95 size_t wmm_ie_len;
92 u8 *ht_ie; 96 u8 *ht_ie;
93 size_t ht_ie_len; 97 size_t ht_ie_len;
98 u8 *ht_add_ie;
99 size_t ht_add_ie_len;
94#ifdef CONFIG_MAC80211_MESH 100#ifdef CONFIG_MAC80211_MESH
95 u8 *mesh_id; 101 u8 *mesh_id;
96 size_t mesh_id_len; 102 size_t mesh_id_len;
@@ -147,7 +153,6 @@ typedef unsigned __bitwise__ ieee80211_tx_result;
147#define IEEE80211_TX_UNICAST BIT(1) 153#define IEEE80211_TX_UNICAST BIT(1)
148#define IEEE80211_TX_PS_BUFFERED BIT(2) 154#define IEEE80211_TX_PS_BUFFERED BIT(2)
149#define IEEE80211_TX_PROBE_LAST_FRAG BIT(3) 155#define IEEE80211_TX_PROBE_LAST_FRAG BIT(3)
150#define IEEE80211_TX_INJECTED BIT(4)
151 156
152struct ieee80211_tx_data { 157struct ieee80211_tx_data {
153 struct sk_buff *skb; 158 struct sk_buff *skb;
@@ -157,13 +162,12 @@ struct ieee80211_tx_data {
157 struct sta_info *sta; 162 struct sta_info *sta;
158 struct ieee80211_key *key; 163 struct ieee80211_key *key;
159 164
160 struct ieee80211_tx_control *control;
161 struct ieee80211_channel *channel; 165 struct ieee80211_channel *channel;
162 struct ieee80211_rate *rate; 166 s8 rate_idx;
163 /* use this rate (if set) for last fragment; rate can 167 /* use this rate (if set) for last fragment; rate can
164 * be set to lower rate for the first fragments, e.g., 168 * be set to lower rate for the first fragments, e.g.,
165 * when using CTS protection with IEEE 802.11g. */ 169 * when using CTS protection with IEEE 802.11g. */
166 struct ieee80211_rate *last_frag_rate; 170 s8 last_frag_rate_idx;
167 171
168 /* Extra fragments (in addition to the first fragment 172 /* Extra fragments (in addition to the first fragment
169 * in skb) */ 173 * in skb) */
@@ -202,32 +206,16 @@ struct ieee80211_rx_data {
202 unsigned int flags; 206 unsigned int flags;
203 int sent_ps_buffered; 207 int sent_ps_buffered;
204 int queue; 208 int queue;
205 int load;
206 u32 tkip_iv32; 209 u32 tkip_iv32;
207 u16 tkip_iv16; 210 u16 tkip_iv16;
208}; 211};
209 212
210/* flags used in struct ieee80211_tx_packet_data.flags */
211#define IEEE80211_TXPD_REQ_TX_STATUS BIT(0)
212#define IEEE80211_TXPD_DO_NOT_ENCRYPT BIT(1)
213#define IEEE80211_TXPD_REQUEUE BIT(2)
214#define IEEE80211_TXPD_EAPOL_FRAME BIT(3)
215#define IEEE80211_TXPD_AMPDU BIT(4)
216/* Stored in sk_buff->cb */
217struct ieee80211_tx_packet_data {
218 int ifindex;
219 unsigned long jiffies;
220 unsigned int flags;
221 u8 queue;
222};
223
224struct ieee80211_tx_stored_packet { 213struct ieee80211_tx_stored_packet {
225 struct ieee80211_tx_control control;
226 struct sk_buff *skb; 214 struct sk_buff *skb;
227 struct sk_buff **extra_frag; 215 struct sk_buff **extra_frag;
228 struct ieee80211_rate *last_frag_rate; 216 s8 last_frag_rate_idx;
229 int num_extra_frag; 217 int num_extra_frag;
230 unsigned int last_frag_rate_ctrl_probe; 218 bool last_frag_rate_ctrl_probe;
231}; 219};
232 220
233struct beacon_data { 221struct beacon_data {
@@ -251,8 +239,6 @@ struct ieee80211_if_ap {
251 struct sk_buff_head ps_bc_buf; 239 struct sk_buff_head ps_bc_buf;
252 atomic_t num_sta_ps; /* number of stations in PS mode */ 240 atomic_t num_sta_ps; /* number of stations in PS mode */
253 int dtim_count; 241 int dtim_count;
254 int force_unicast_rateidx; /* forced TX rateidx for unicast frames */
255 int max_ratectrl_rateidx; /* max TX rateidx for rate control */
256 int num_beacons; /* number of TXed beacon frames for this BSS */ 242 int num_beacons; /* number of TXed beacon frames for this BSS */
257}; 243};
258 244
@@ -262,7 +248,6 @@ struct ieee80211_if_wds {
262}; 248};
263 249
264struct ieee80211_if_vlan { 250struct ieee80211_if_vlan {
265 struct ieee80211_sub_if_data *ap;
266 struct list_head list; 251 struct list_head list;
267}; 252};
268 253
@@ -436,8 +421,6 @@ struct ieee80211_sub_if_data {
436 */ 421 */
437 u64 basic_rates; 422 u64 basic_rates;
438 423
439 u16 sequence;
440
441 /* Fragment table for host-based reassembly */ 424 /* Fragment table for host-based reassembly */
442 struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX]; 425 struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX];
443 unsigned int fragment_next; 426 unsigned int fragment_next;
@@ -446,16 +429,18 @@ struct ieee80211_sub_if_data {
446 struct ieee80211_key *keys[NUM_DEFAULT_KEYS]; 429 struct ieee80211_key *keys[NUM_DEFAULT_KEYS];
447 struct ieee80211_key *default_key; 430 struct ieee80211_key *default_key;
448 431
432 /* BSS configuration for this interface. */
433 struct ieee80211_bss_conf bss_conf;
434
449 /* 435 /*
450 * BSS configuration for this interface. 436 * AP this belongs to: self in AP mode and
451 * 437 * corresponding AP in VLAN mode, NULL for
452 * FIXME: I feel bad putting this here when we already have a 438 * all others (might be needed later in IBSS)
453 * bss pointer, but the bss pointer is just wrong when
454 * you have multiple virtual STA mode interfaces...
455 * This needs to be fixed.
456 */ 439 */
457 struct ieee80211_bss_conf bss_conf; 440 struct ieee80211_if_ap *bss;
458 struct ieee80211_if_ap *bss; /* BSS that this device belongs to */ 441
442 int force_unicast_rateidx; /* forced TX rateidx for unicast frames */
443 int max_ratectrl_rateidx; /* max TX rateidx for rate control */
459 444
460 union { 445 union {
461 struct ieee80211_if_ap ap; 446 struct ieee80211_if_ap ap;
@@ -464,14 +449,11 @@ struct ieee80211_sub_if_data {
464 struct ieee80211_if_sta sta; 449 struct ieee80211_if_sta sta;
465 u32 mntr_flags; 450 u32 mntr_flags;
466 } u; 451 } u;
467 int channel_use;
468 int channel_use_raw;
469 452
470#ifdef CONFIG_MAC80211_DEBUGFS 453#ifdef CONFIG_MAC80211_DEBUGFS
471 struct dentry *debugfsdir; 454 struct dentry *debugfsdir;
472 union { 455 union {
473 struct { 456 struct {
474 struct dentry *channel_use;
475 struct dentry *drop_unencrypted; 457 struct dentry *drop_unencrypted;
476 struct dentry *state; 458 struct dentry *state;
477 struct dentry *bssid; 459 struct dentry *bssid;
@@ -488,9 +470,10 @@ struct ieee80211_sub_if_data {
488 struct dentry *auth_transaction; 470 struct dentry *auth_transaction;
489 struct dentry *flags; 471 struct dentry *flags;
490 struct dentry *num_beacons_sta; 472 struct dentry *num_beacons_sta;
473 struct dentry *force_unicast_rateidx;
474 struct dentry *max_ratectrl_rateidx;
491 } sta; 475 } sta;
492 struct { 476 struct {
493 struct dentry *channel_use;
494 struct dentry *drop_unencrypted; 477 struct dentry *drop_unencrypted;
495 struct dentry *num_sta_ps; 478 struct dentry *num_sta_ps;
496 struct dentry *dtim_count; 479 struct dentry *dtim_count;
@@ -500,19 +483,23 @@ struct ieee80211_sub_if_data {
500 struct dentry *num_buffered_multicast; 483 struct dentry *num_buffered_multicast;
501 } ap; 484 } ap;
502 struct { 485 struct {
503 struct dentry *channel_use;
504 struct dentry *drop_unencrypted; 486 struct dentry *drop_unencrypted;
505 struct dentry *peer; 487 struct dentry *peer;
488 struct dentry *force_unicast_rateidx;
489 struct dentry *max_ratectrl_rateidx;
506 } wds; 490 } wds;
507 struct { 491 struct {
508 struct dentry *channel_use;
509 struct dentry *drop_unencrypted; 492 struct dentry *drop_unencrypted;
493 struct dentry *force_unicast_rateidx;
494 struct dentry *max_ratectrl_rateidx;
510 } vlan; 495 } vlan;
511 struct { 496 struct {
512 struct dentry *mode; 497 struct dentry *mode;
513 } monitor; 498 } monitor;
514 struct dentry *default_key;
515 } debugfs; 499 } debugfs;
500 struct {
501 struct dentry *default_key;
502 } common_debugfs;
516 503
517#ifdef CONFIG_MAC80211_MESH 504#ifdef CONFIG_MAC80211_MESH
518 struct dentry *mesh_stats_dir; 505 struct dentry *mesh_stats_dir;
@@ -553,8 +540,6 @@ struct ieee80211_sub_if_data *vif_to_sdata(struct ieee80211_vif *p)
553 return container_of(p, struct ieee80211_sub_if_data, vif); 540 return container_of(p, struct ieee80211_sub_if_data, vif);
554} 541}
555 542
556#define IEEE80211_DEV_TO_SUB_IF(dev) netdev_priv(dev)
557
558enum { 543enum {
559 IEEE80211_RX_MSG = 1, 544 IEEE80211_RX_MSG = 1,
560 IEEE80211_TX_STATUS_MSG = 2, 545 IEEE80211_TX_STATUS_MSG = 2,
@@ -562,6 +547,9 @@ enum {
562 IEEE80211_ADDBA_MSG = 4, 547 IEEE80211_ADDBA_MSG = 4,
563}; 548};
564 549
550/* maximum number of hardware queues we support. */
551#define QD_MAX_QUEUES (IEEE80211_MAX_AMPDU_QUEUES + IEEE80211_MAX_QUEUES)
552
565struct ieee80211_local { 553struct ieee80211_local {
566 /* embed the driver visible part. 554 /* embed the driver visible part.
567 * don't cast (use the static inlines below), but we keep 555 * don't cast (use the static inlines below), but we keep
@@ -570,6 +558,8 @@ struct ieee80211_local {
570 558
571 const struct ieee80211_ops *ops; 559 const struct ieee80211_ops *ops;
572 560
561 unsigned long queue_pool[BITS_TO_LONGS(QD_MAX_QUEUES)];
562
573 struct net_device *mdev; /* wmaster# - "master" 802.11 device */ 563 struct net_device *mdev; /* wmaster# - "master" 802.11 device */
574 int open_count; 564 int open_count;
575 int monitors, cooked_mntrs; 565 int monitors, cooked_mntrs;
@@ -581,12 +571,6 @@ struct ieee80211_local {
581 bool tim_in_locked_section; /* see ieee80211_beacon_get() */ 571 bool tim_in_locked_section; /* see ieee80211_beacon_get() */
582 int tx_headroom; /* required headroom for hardware/radiotap */ 572 int tx_headroom; /* required headroom for hardware/radiotap */
583 573
584 enum {
585 IEEE80211_DEV_UNINITIALIZED = 0,
586 IEEE80211_DEV_REGISTERED,
587 IEEE80211_DEV_UNREGISTERED,
588 } reg_state;
589
590 /* Tasklet and skb queue to process calls from IRQ mode. All frames 574 /* Tasklet and skb queue to process calls from IRQ mode. All frames
591 * added to skb_queue will be processed, but frames in 575 * added to skb_queue will be processed, but frames in
592 * skb_queue_unreliable may be dropped if the total length of these 576 * skb_queue_unreliable may be dropped if the total length of these
@@ -610,8 +594,9 @@ struct ieee80211_local {
610 struct sta_info *sta_hash[STA_HASH_SIZE]; 594 struct sta_info *sta_hash[STA_HASH_SIZE];
611 struct timer_list sta_cleanup; 595 struct timer_list sta_cleanup;
612 596
613 unsigned long state[NUM_TX_DATA_QUEUES_AMPDU]; 597 unsigned long queues_pending[BITS_TO_LONGS(IEEE80211_MAX_QUEUES)];
614 struct ieee80211_tx_stored_packet pending_packet[NUM_TX_DATA_QUEUES_AMPDU]; 598 unsigned long queues_pending_run[BITS_TO_LONGS(IEEE80211_MAX_QUEUES)];
599 struct ieee80211_tx_stored_packet pending_packet[IEEE80211_MAX_QUEUES];
615 struct tasklet_struct tx_pending_tasklet; 600 struct tasklet_struct tx_pending_tasklet;
616 601
617 /* number of interfaces with corresponding IFF_ flags */ 602 /* number of interfaces with corresponding IFF_ flags */
@@ -677,9 +662,6 @@ struct ieee80211_local {
677 assoc_led_name[32], radio_led_name[32]; 662 assoc_led_name[32], radio_led_name[32];
678#endif 663#endif
679 664
680 u32 channel_use;
681 u32 channel_use_raw;
682
683#ifdef CONFIG_MAC80211_DEBUGFS 665#ifdef CONFIG_MAC80211_DEBUGFS
684 struct work_struct sta_debugfs_add; 666 struct work_struct sta_debugfs_add;
685#endif 667#endif
@@ -705,8 +687,6 @@ struct ieee80211_local {
705 unsigned int rx_expand_skb_head2; 687 unsigned int rx_expand_skb_head2;
706 unsigned int rx_handlers_fragments; 688 unsigned int rx_handlers_fragments;
707 unsigned int tx_status_drop; 689 unsigned int tx_status_drop;
708 unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
709 unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
710#define I802_DEBUG_INC(c) (c)++ 690#define I802_DEBUG_INC(c) (c)++
711#else /* CONFIG_MAC80211_DEBUG_COUNTERS */ 691#else /* CONFIG_MAC80211_DEBUG_COUNTERS */
712#define I802_DEBUG_INC(c) do { } while (0) 692#define I802_DEBUG_INC(c) do { } while (0)
@@ -764,8 +744,6 @@ struct ieee80211_local {
764 struct dentry *rx_expand_skb_head2; 744 struct dentry *rx_expand_skb_head2;
765 struct dentry *rx_handlers_fragments; 745 struct dentry *rx_handlers_fragments;
766 struct dentry *tx_status_drop; 746 struct dentry *tx_status_drop;
767 struct dentry *wme_tx_queue;
768 struct dentry *wme_rx_queue;
769#endif 747#endif
770 struct dentry *dot11ACKFailureCount; 748 struct dentry *dot11ACKFailureCount;
771 struct dentry *dot11RTSFailureCount; 749 struct dentry *dot11RTSFailureCount;
@@ -778,6 +756,16 @@ struct ieee80211_local {
778#endif 756#endif
779}; 757};
780 758
759static inline struct ieee80211_sub_if_data *
760IEEE80211_DEV_TO_SUB_IF(struct net_device *dev)
761{
762 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
763
764 BUG_ON(!local || local->mdev == dev);
765
766 return netdev_priv(dev);
767}
768
781/* this struct represents 802.11n's RA/TID combination */ 769/* this struct represents 802.11n's RA/TID combination */
782struct ieee80211_ra_tid { 770struct ieee80211_ra_tid {
783 u8 ra[ETH_ALEN]; 771 u8 ra[ETH_ALEN];
@@ -809,6 +797,10 @@ struct ieee802_11_elems {
809 u8 *preq; 797 u8 *preq;
810 u8 *prep; 798 u8 *prep;
811 u8 *perr; 799 u8 *perr;
800 u8 *ch_switch_elem;
801 u8 *country_elem;
802 u8 *pwr_constr_elem;
803 u8 *quiet_elem; /* first quite element */
812 804
813 /* length of them, respectively */ 805 /* length of them, respectively */
814 u8 ssid_len; 806 u8 ssid_len;
@@ -833,6 +825,11 @@ struct ieee802_11_elems {
833 u8 preq_len; 825 u8 preq_len;
834 u8 prep_len; 826 u8 prep_len;
835 u8 perr_len; 827 u8 perr_len;
828 u8 ch_switch_elem_len;
829 u8 country_elem_len;
830 u8 pwr_constr_elem_len;
831 u8 quiet_elem_len;
832 u8 num_of_quiet_elem; /* can be more the one */
836}; 833};
837 834
838static inline struct ieee80211_local *hw_to_local( 835static inline struct ieee80211_local *hw_to_local(
@@ -847,11 +844,6 @@ static inline struct ieee80211_hw *local_to_hw(
847 return &local->hw; 844 return &local->hw;
848} 845}
849 846
850enum ieee80211_link_state_t {
851 IEEE80211_LINK_STATE_XOFF = 0,
852 IEEE80211_LINK_STATE_PENDING,
853};
854
855struct sta_attribute { 847struct sta_attribute {
856 struct attribute attr; 848 struct attribute attr;
857 ssize_t (*show)(const struct sta_info *, char *buf); 849 ssize_t (*show)(const struct sta_info *, char *buf);
@@ -867,39 +859,16 @@ static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
867 859
868/* ieee80211.c */ 860/* ieee80211.c */
869int ieee80211_hw_config(struct ieee80211_local *local); 861int ieee80211_hw_config(struct ieee80211_local *local);
870int ieee80211_if_config(struct net_device *dev); 862int ieee80211_if_config(struct ieee80211_sub_if_data *sdata, u32 changed);
871int ieee80211_if_config_beacon(struct net_device *dev);
872void ieee80211_tx_set_protected(struct ieee80211_tx_data *tx); 863void ieee80211_tx_set_protected(struct ieee80211_tx_data *tx);
873void ieee80211_if_setup(struct net_device *dev);
874u32 ieee80211_handle_ht(struct ieee80211_local *local, int enable_ht, 864u32 ieee80211_handle_ht(struct ieee80211_local *local, int enable_ht,
875 struct ieee80211_ht_info *req_ht_cap, 865 struct ieee80211_ht_info *req_ht_cap,
876 struct ieee80211_ht_bss_info *req_bss_cap); 866 struct ieee80211_ht_bss_info *req_bss_cap);
877 867
878/* ieee80211_ioctl.c */ 868/* ieee80211_ioctl.c */
879extern const struct iw_handler_def ieee80211_iw_handler_def; 869extern const struct iw_handler_def ieee80211_iw_handler_def;
870int ieee80211_set_freq(struct net_device *dev, int freq);
880 871
881
882/* Least common multiple of the used rates (in 100 kbps). This is used to
883 * calculate rate_inv values for each rate so that only integers are needed. */
884#define CHAN_UTIL_RATE_LCM 95040
885/* 1 usec is 1/8 * (95040/10) = 1188 */
886#define CHAN_UTIL_PER_USEC 1188
887/* Amount of bits to shift the result right to scale the total utilization
888 * to values that will not wrap around 32-bit integers. */
889#define CHAN_UTIL_SHIFT 9
890/* Theoretical maximum of channel utilization counter in 10 ms (stat_time=1):
891 * (CHAN_UTIL_PER_USEC * 10000) >> CHAN_UTIL_SHIFT = 23203. So dividing the
892 * raw value with about 23 should give utilization in 10th of a percentage
893 * (1/1000). However, utilization is only estimated and not all intervals
894 * between frames etc. are calculated. 18 seems to give numbers that are closer
895 * to the real maximum. */
896#define CHAN_UTIL_PER_10MS 18
897#define CHAN_UTIL_HDR_LONG (202 * CHAN_UTIL_PER_USEC)
898#define CHAN_UTIL_HDR_SHORT (40 * CHAN_UTIL_PER_USEC)
899
900
901/* ieee80211_ioctl.c */
902int ieee80211_set_freq(struct ieee80211_local *local, int freq);
903/* ieee80211_sta.c */ 872/* ieee80211_sta.c */
904void ieee80211_sta_timer(unsigned long data); 873void ieee80211_sta_timer(unsigned long data);
905void ieee80211_sta_work(struct work_struct *work); 874void ieee80211_sta_work(struct work_struct *work);
@@ -912,21 +881,23 @@ int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid);
912int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len); 881int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len);
913void ieee80211_sta_req_auth(struct net_device *dev, 882void ieee80211_sta_req_auth(struct net_device *dev,
914 struct ieee80211_if_sta *ifsta); 883 struct ieee80211_if_sta *ifsta);
915int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len); 884int ieee80211_sta_scan_results(struct net_device *dev,
885 struct iw_request_info *info,
886 char *buf, size_t len);
916ieee80211_rx_result ieee80211_sta_rx_scan( 887ieee80211_rx_result ieee80211_sta_rx_scan(
917 struct net_device *dev, struct sk_buff *skb, 888 struct net_device *dev, struct sk_buff *skb,
918 struct ieee80211_rx_status *rx_status); 889 struct ieee80211_rx_status *rx_status);
919void ieee80211_rx_bss_list_init(struct net_device *dev); 890void ieee80211_rx_bss_list_init(struct ieee80211_local *local);
920void ieee80211_rx_bss_list_deinit(struct net_device *dev); 891void ieee80211_rx_bss_list_deinit(struct ieee80211_local *local);
921int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len); 892int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len);
922struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev, 893struct sta_info *ieee80211_ibss_add_sta(struct net_device *dev,
923 struct sk_buff *skb, u8 *bssid, 894 struct sk_buff *skb, u8 *bssid,
924 u8 *addr); 895 u8 *addr, u64 supp_rates);
925int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason); 896int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason);
926int ieee80211_sta_disassociate(struct net_device *dev, u16 reason); 897int ieee80211_sta_disassociate(struct net_device *dev, u16 reason);
927void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata, 898void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
928 u32 changed); 899 u32 changed);
929void ieee80211_reset_erp_info(struct net_device *dev); 900u32 ieee80211_reset_erp_info(struct net_device *dev);
930int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie, 901int ieee80211_ht_cap_ie_to_ht_info(struct ieee80211_ht_cap *ht_cap_ie,
931 struct ieee80211_ht_info *ht_info); 902 struct ieee80211_ht_info *ht_info);
932int ieee80211_ht_addt_info_ie_to_ht_bss_info( 903int ieee80211_ht_addt_info_ie_to_ht_bss_info(
@@ -937,10 +908,10 @@ void ieee80211_send_addba_request(struct net_device *dev, const u8 *da,
937 u16 agg_size, u16 timeout); 908 u16 agg_size, u16 timeout);
938void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid, 909void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid,
939 u16 initiator, u16 reason_code); 910 u16 initiator, u16 reason_code);
911void ieee80211_send_bar(struct net_device *dev, u8 *ra, u16 tid, u16 ssn);
940 912
941void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *da, 913void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *da,
942 u16 tid, u16 initiator, u16 reason); 914 u16 tid, u16 initiator, u16 reason);
943void sta_rx_agg_session_timer_expired(unsigned long data);
944void sta_addba_resp_timer_expired(unsigned long data); 915void sta_addba_resp_timer_expired(unsigned long data);
945void ieee80211_sta_tear_down_BA_sessions(struct net_device *dev, u8 *addr); 916void ieee80211_sta_tear_down_BA_sessions(struct net_device *dev, u8 *addr);
946u64 ieee80211_sta_get_rates(struct ieee80211_local *local, 917u64 ieee80211_sta_get_rates(struct ieee80211_local *local,
@@ -958,17 +929,15 @@ static inline void ieee80211_start_mesh(struct net_device *dev)
958{} 929{}
959#endif 930#endif
960 931
961/* ieee80211_iface.c */ 932/* interface handling */
962int ieee80211_if_add(struct net_device *dev, const char *name, 933void ieee80211_if_setup(struct net_device *dev);
963 struct net_device **new_dev, int type, 934int ieee80211_if_add(struct ieee80211_local *local, const char *name,
935 struct net_device **new_dev, enum ieee80211_if_types type,
964 struct vif_params *params); 936 struct vif_params *params);
965void ieee80211_if_set_type(struct net_device *dev, int type); 937int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
966void ieee80211_if_reinit(struct net_device *dev); 938 enum ieee80211_if_types type);
967void __ieee80211_if_del(struct ieee80211_local *local, 939void ieee80211_if_remove(struct net_device *dev);
968 struct ieee80211_sub_if_data *sdata); 940void ieee80211_remove_interfaces(struct ieee80211_local *local);
969int ieee80211_if_remove(struct net_device *dev, const char *name, int id);
970void ieee80211_if_free(struct net_device *dev);
971void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata);
972 941
973/* tx handling */ 942/* tx handling */
974void ieee80211_clear_tx_pending(struct ieee80211_local *local); 943void ieee80211_clear_tx_pending(struct ieee80211_local *local);
@@ -988,4 +957,10 @@ int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
988void mac80211_ev_michael_mic_failure(struct net_device *dev, int keyidx, 957void mac80211_ev_michael_mic_failure(struct net_device *dev, int keyidx,
989 struct ieee80211_hdr *hdr); 958 struct ieee80211_hdr *hdr);
990 959
960#ifdef CONFIG_MAC80211_NOINLINE
961#define debug_noinline noinline
962#else
963#define debug_noinline
964#endif
965
991#endif /* IEEE80211_I_H */ 966#endif /* IEEE80211_I_H */
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 06e88a5a036d..610ed1d9893a 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -2,6 +2,7 @@
2 * Copyright 2002-2005, Instant802 Networks, Inc. 2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz> 4 * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
5 * 6 *
6 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
@@ -17,38 +18,164 @@
17#include "debugfs_netdev.h" 18#include "debugfs_netdev.h"
18#include "mesh.h" 19#include "mesh.h"
19 20
20void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata) 21/*
22 * Called when the netdev is removed or, by the code below, before
23 * the interface type changes.
24 */
25static void ieee80211_teardown_sdata(struct net_device *dev)
21{ 26{
27 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
28 struct ieee80211_local *local = sdata->local;
29 struct beacon_data *beacon;
30 struct sk_buff *skb;
31 int flushed;
22 int i; 32 int i;
23 33
24 /* Default values for sub-interface parameters */ 34 ieee80211_debugfs_remove_netdev(sdata);
25 sdata->drop_unencrypted = 0; 35
36 /* free extra data */
37 ieee80211_free_keys(sdata);
38
26 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) 39 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
27 skb_queue_head_init(&sdata->fragments[i].skb_list); 40 __skb_queue_purge(&sdata->fragments[i].skb_list);
41 sdata->fragment_next = 0;
28 42
29 INIT_LIST_HEAD(&sdata->key_list); 43 switch (sdata->vif.type) {
44 case IEEE80211_IF_TYPE_AP:
45 beacon = sdata->u.ap.beacon;
46 rcu_assign_pointer(sdata->u.ap.beacon, NULL);
47 synchronize_rcu();
48 kfree(beacon);
49
50 while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
51 local->total_ps_buffered--;
52 dev_kfree_skb(skb);
53 }
54
55 break;
56 case IEEE80211_IF_TYPE_MESH_POINT:
57 /* Allow compiler to elide mesh_rmc_free call. */
58 if (ieee80211_vif_is_mesh(&sdata->vif))
59 mesh_rmc_free(dev);
60 /* fall through */
61 case IEEE80211_IF_TYPE_STA:
62 case IEEE80211_IF_TYPE_IBSS:
63 kfree(sdata->u.sta.extra_ie);
64 kfree(sdata->u.sta.assocreq_ies);
65 kfree(sdata->u.sta.assocresp_ies);
66 kfree_skb(sdata->u.sta.probe_resp);
67 break;
68 case IEEE80211_IF_TYPE_WDS:
69 case IEEE80211_IF_TYPE_VLAN:
70 case IEEE80211_IF_TYPE_MNTR:
71 break;
72 case IEEE80211_IF_TYPE_INVALID:
73 BUG();
74 break;
75 }
76
77 flushed = sta_info_flush(local, sdata);
78 WARN_ON(flushed);
30} 79}
31 80
32static void ieee80211_if_sdata_deinit(struct ieee80211_sub_if_data *sdata) 81/*
82 * Helper function to initialise an interface to a specific type.
83 */
84static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
85 enum ieee80211_if_types type)
33{ 86{
34 int i; 87 struct ieee80211_if_sta *ifsta;
35 88
36 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) { 89 /* clear type-dependent union */
37 __skb_queue_purge(&sdata->fragments[i].skb_list); 90 memset(&sdata->u, 0, sizeof(sdata->u));
91
92 /* and set some type-dependent values */
93 sdata->vif.type = type;
94
95 /* only monitor differs */
96 sdata->dev->type = ARPHRD_ETHER;
97
98 switch (type) {
99 case IEEE80211_IF_TYPE_AP:
100 skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
101 INIT_LIST_HEAD(&sdata->u.ap.vlans);
102 break;
103 case IEEE80211_IF_TYPE_MESH_POINT:
104 case IEEE80211_IF_TYPE_STA:
105 case IEEE80211_IF_TYPE_IBSS:
106 ifsta = &sdata->u.sta;
107 INIT_WORK(&ifsta->work, ieee80211_sta_work);
108 setup_timer(&ifsta->timer, ieee80211_sta_timer,
109 (unsigned long) sdata);
110 skb_queue_head_init(&ifsta->skb_queue);
111
112 ifsta->capab = WLAN_CAPABILITY_ESS;
113 ifsta->auth_algs = IEEE80211_AUTH_ALG_OPEN |
114 IEEE80211_AUTH_ALG_SHARED_KEY;
115 ifsta->flags |= IEEE80211_STA_CREATE_IBSS |
116 IEEE80211_STA_AUTO_BSSID_SEL |
117 IEEE80211_STA_AUTO_CHANNEL_SEL;
118 if (ieee80211_num_regular_queues(&sdata->local->hw) >= 4)
119 ifsta->flags |= IEEE80211_STA_WMM_ENABLED;
120
121 if (ieee80211_vif_is_mesh(&sdata->vif))
122 ieee80211_mesh_init_sdata(sdata);
123 break;
124 case IEEE80211_IF_TYPE_MNTR:
125 sdata->dev->type = ARPHRD_IEEE80211_RADIOTAP;
126 sdata->dev->hard_start_xmit = ieee80211_monitor_start_xmit;
127 sdata->u.mntr_flags = MONITOR_FLAG_CONTROL |
128 MONITOR_FLAG_OTHER_BSS;
129 break;
130 case IEEE80211_IF_TYPE_WDS:
131 case IEEE80211_IF_TYPE_VLAN:
132 break;
133 case IEEE80211_IF_TYPE_INVALID:
134 BUG();
135 break;
38 } 136 }
137
138 ieee80211_debugfs_add_netdev(sdata);
139}
140
141int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
142 enum ieee80211_if_types type)
143{
144 ASSERT_RTNL();
145
146 if (type == sdata->vif.type)
147 return 0;
148
149 /*
150 * We could, here, on changes between IBSS/STA/MESH modes,
151 * invoke an MLME function instead that disassociates etc.
152 * and goes into the requested mode.
153 */
154
155 if (netif_running(sdata->dev))
156 return -EBUSY;
157
158 /* Purge and reset type-dependent state. */
159 ieee80211_teardown_sdata(sdata->dev);
160 ieee80211_setup_sdata(sdata, type);
161
162 /* reset some values that shouldn't be kept across type changes */
163 sdata->basic_rates = 0;
164 sdata->drop_unencrypted = 0;
165
166 return 0;
39} 167}
40 168
41/* Must be called with rtnl lock held. */ 169int ieee80211_if_add(struct ieee80211_local *local, const char *name,
42int ieee80211_if_add(struct net_device *dev, const char *name, 170 struct net_device **new_dev, enum ieee80211_if_types type,
43 struct net_device **new_dev, int type,
44 struct vif_params *params) 171 struct vif_params *params)
45{ 172{
46 struct net_device *ndev; 173 struct net_device *ndev;
47 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
48 struct ieee80211_sub_if_data *sdata = NULL; 174 struct ieee80211_sub_if_data *sdata = NULL;
49 int ret; 175 int ret, i;
50 176
51 ASSERT_RTNL(); 177 ASSERT_RTNL();
178
52 ndev = alloc_netdev(sizeof(*sdata) + local->hw.vif_data_size, 179 ndev = alloc_netdev(sizeof(*sdata) + local->hw.vif_data_size,
53 name, ieee80211_if_setup); 180 name, ieee80211_if_setup);
54 if (!ndev) 181 if (!ndev)
@@ -68,26 +195,33 @@ int ieee80211_if_add(struct net_device *dev, const char *name,
68 goto fail; 195 goto fail;
69 196
70 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN); 197 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
71 ndev->base_addr = dev->base_addr;
72 ndev->irq = dev->irq;
73 ndev->mem_start = dev->mem_start;
74 ndev->mem_end = dev->mem_end;
75 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy)); 198 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
76 199
77 sdata = IEEE80211_DEV_TO_SUB_IF(ndev); 200 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */
201 sdata = netdev_priv(ndev);
78 ndev->ieee80211_ptr = &sdata->wdev; 202 ndev->ieee80211_ptr = &sdata->wdev;
203
204 /* initialise type-independent data */
79 sdata->wdev.wiphy = local->hw.wiphy; 205 sdata->wdev.wiphy = local->hw.wiphy;
80 sdata->vif.type = IEEE80211_IF_TYPE_AP;
81 sdata->dev = ndev;
82 sdata->local = local; 206 sdata->local = local;
83 ieee80211_if_sdata_init(sdata); 207 sdata->dev = ndev;
208
209 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
210 skb_queue_head_init(&sdata->fragments[i].skb_list);
211
212 INIT_LIST_HEAD(&sdata->key_list);
213
214 sdata->force_unicast_rateidx = -1;
215 sdata->max_ratectrl_rateidx = -1;
216
217 /* setup type-dependent data */
218 ieee80211_setup_sdata(sdata, type);
84 219
85 ret = register_netdevice(ndev); 220 ret = register_netdevice(ndev);
86 if (ret) 221 if (ret)
87 goto fail; 222 goto fail;
88 223
89 ieee80211_debugfs_add_netdev(sdata); 224 ndev->uninit = ieee80211_teardown_sdata;
90 ieee80211_if_set_type(ndev, type);
91 225
92 if (ieee80211_vif_is_mesh(&sdata->vif) && 226 if (ieee80211_vif_is_mesh(&sdata->vif) &&
93 params && params->mesh_id_len) 227 params && params->mesh_id_len)
@@ -95,11 +229,6 @@ int ieee80211_if_add(struct net_device *dev, const char *name,
95 params->mesh_id_len, 229 params->mesh_id_len,
96 params->mesh_id); 230 params->mesh_id);
97 231
98 /* we're under RTNL so all this is fine */
99 if (unlikely(local->reg_state == IEEE80211_DEV_UNREGISTERED)) {
100 __ieee80211_if_del(local, sdata);
101 return -ENODEV;
102 }
103 list_add_tail_rcu(&sdata->list, &local->interfaces); 232 list_add_tail_rcu(&sdata->list, &local->interfaces);
104 233
105 if (new_dev) 234 if (new_dev)
@@ -107,217 +236,34 @@ int ieee80211_if_add(struct net_device *dev, const char *name,
107 236
108 return 0; 237 return 0;
109 238
110fail: 239 fail:
111 free_netdev(ndev); 240 free_netdev(ndev);
112 return ret; 241 return ret;
113} 242}
114 243
115void ieee80211_if_set_type(struct net_device *dev, int type) 244void ieee80211_if_remove(struct net_device *dev)
116{
117 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
118 int oldtype = sdata->vif.type;
119
120 /*
121 * We need to call this function on the master interface
122 * which already has a hard_start_xmit routine assigned
123 * which must not be changed.
124 */
125 if (dev != sdata->local->mdev)
126 dev->hard_start_xmit = ieee80211_subif_start_xmit;
127
128 /*
129 * Called even when register_netdevice fails, it would
130 * oops if assigned before initialising the rest.
131 */
132 dev->uninit = ieee80211_if_reinit;
133
134 /* most have no BSS pointer */
135 sdata->bss = NULL;
136 sdata->vif.type = type;
137
138 sdata->basic_rates = 0;
139
140 switch (type) {
141 case IEEE80211_IF_TYPE_WDS:
142 /* nothing special */
143 break;
144 case IEEE80211_IF_TYPE_VLAN:
145 sdata->u.vlan.ap = NULL;
146 break;
147 case IEEE80211_IF_TYPE_AP:
148 sdata->u.ap.force_unicast_rateidx = -1;
149 sdata->u.ap.max_ratectrl_rateidx = -1;
150 skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
151 sdata->bss = &sdata->u.ap;
152 INIT_LIST_HEAD(&sdata->u.ap.vlans);
153 break;
154 case IEEE80211_IF_TYPE_MESH_POINT:
155 case IEEE80211_IF_TYPE_STA:
156 case IEEE80211_IF_TYPE_IBSS: {
157 struct ieee80211_sub_if_data *msdata;
158 struct ieee80211_if_sta *ifsta;
159
160 ifsta = &sdata->u.sta;
161 INIT_WORK(&ifsta->work, ieee80211_sta_work);
162 setup_timer(&ifsta->timer, ieee80211_sta_timer,
163 (unsigned long) sdata);
164 skb_queue_head_init(&ifsta->skb_queue);
165
166 ifsta->capab = WLAN_CAPABILITY_ESS;
167 ifsta->auth_algs = IEEE80211_AUTH_ALG_OPEN |
168 IEEE80211_AUTH_ALG_SHARED_KEY;
169 ifsta->flags |= IEEE80211_STA_CREATE_IBSS |
170 IEEE80211_STA_WMM_ENABLED |
171 IEEE80211_STA_AUTO_BSSID_SEL |
172 IEEE80211_STA_AUTO_CHANNEL_SEL;
173
174 msdata = IEEE80211_DEV_TO_SUB_IF(sdata->local->mdev);
175 sdata->bss = &msdata->u.ap;
176
177 if (ieee80211_vif_is_mesh(&sdata->vif))
178 ieee80211_mesh_init_sdata(sdata);
179 break;
180 }
181 case IEEE80211_IF_TYPE_MNTR:
182 dev->type = ARPHRD_IEEE80211_RADIOTAP;
183 dev->hard_start_xmit = ieee80211_monitor_start_xmit;
184 sdata->u.mntr_flags = MONITOR_FLAG_CONTROL |
185 MONITOR_FLAG_OTHER_BSS;
186 break;
187 default:
188 printk(KERN_WARNING "%s: %s: Unknown interface type 0x%x",
189 dev->name, __func__, type);
190 }
191 ieee80211_debugfs_change_if_type(sdata, oldtype);
192}
193
194/* Must be called with rtnl lock held. */
195void ieee80211_if_reinit(struct net_device *dev)
196{ 245{
197 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
198 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 246 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
199 struct sk_buff *skb;
200 int flushed;
201 247
202 ASSERT_RTNL(); 248 ASSERT_RTNL();
203 249
204 ieee80211_free_keys(sdata); 250 list_del_rcu(&sdata->list);
205 251 synchronize_rcu();
206 ieee80211_if_sdata_deinit(sdata);
207
208 /* Need to handle mesh specially to allow eliding the function call */
209 if (ieee80211_vif_is_mesh(&sdata->vif))
210 mesh_rmc_free(dev);
211
212 switch (sdata->vif.type) {
213 case IEEE80211_IF_TYPE_INVALID:
214 /* cannot happen */
215 WARN_ON(1);
216 break;
217 case IEEE80211_IF_TYPE_AP: {
218 /* Remove all virtual interfaces that use this BSS
219 * as their sdata->bss */
220 struct ieee80211_sub_if_data *tsdata, *n;
221 struct beacon_data *beacon;
222
223 list_for_each_entry_safe(tsdata, n, &local->interfaces, list) {
224 if (tsdata != sdata && tsdata->bss == &sdata->u.ap) {
225 printk(KERN_DEBUG "%s: removing virtual "
226 "interface %s because its BSS interface"
227 " is being removed\n",
228 sdata->dev->name, tsdata->dev->name);
229 list_del_rcu(&tsdata->list);
230 /*
231 * We have lots of time and can afford
232 * to sync for each interface
233 */
234 synchronize_rcu();
235 __ieee80211_if_del(local, tsdata);
236 }
237 }
238
239 beacon = sdata->u.ap.beacon;
240 rcu_assign_pointer(sdata->u.ap.beacon, NULL);
241 synchronize_rcu();
242 kfree(beacon);
243
244 while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
245 local->total_ps_buffered--;
246 dev_kfree_skb(skb);
247 }
248
249 break;
250 }
251 case IEEE80211_IF_TYPE_WDS:
252 /* nothing to do */
253 break;
254 case IEEE80211_IF_TYPE_MESH_POINT:
255 case IEEE80211_IF_TYPE_STA:
256 case IEEE80211_IF_TYPE_IBSS:
257 kfree(sdata->u.sta.extra_ie);
258 sdata->u.sta.extra_ie = NULL;
259 kfree(sdata->u.sta.assocreq_ies);
260 sdata->u.sta.assocreq_ies = NULL;
261 kfree(sdata->u.sta.assocresp_ies);
262 sdata->u.sta.assocresp_ies = NULL;
263 if (sdata->u.sta.probe_resp) {
264 dev_kfree_skb(sdata->u.sta.probe_resp);
265 sdata->u.sta.probe_resp = NULL;
266 }
267
268 break;
269 case IEEE80211_IF_TYPE_MNTR:
270 dev->type = ARPHRD_ETHER;
271 break;
272 case IEEE80211_IF_TYPE_VLAN:
273 sdata->u.vlan.ap = NULL;
274 break;
275 }
276
277 flushed = sta_info_flush(local, sdata);
278 WARN_ON(flushed);
279
280 memset(&sdata->u, 0, sizeof(sdata->u));
281 ieee80211_if_sdata_init(sdata);
282}
283
284/* Must be called with rtnl lock held. */
285void __ieee80211_if_del(struct ieee80211_local *local,
286 struct ieee80211_sub_if_data *sdata)
287{
288 struct net_device *dev = sdata->dev;
289
290 ieee80211_debugfs_remove_netdev(sdata);
291 unregister_netdevice(dev); 252 unregister_netdevice(dev);
292 /* Except master interface, the net_device will be freed by
293 * net_device->destructor (i. e. ieee80211_if_free). */
294} 253}
295 254
296/* Must be called with rtnl lock held. */ 255/*
297int ieee80211_if_remove(struct net_device *dev, const char *name, int id) 256 * Remove all interfaces, may only be called at hardware unregistration
257 * time because it doesn't do RCU-safe list removals.
258 */
259void ieee80211_remove_interfaces(struct ieee80211_local *local)
298{ 260{
299 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 261 struct ieee80211_sub_if_data *sdata, *tmp;
300 struct ieee80211_sub_if_data *sdata, *n;
301 262
302 ASSERT_RTNL(); 263 ASSERT_RTNL();
303 264
304 list_for_each_entry_safe(sdata, n, &local->interfaces, list) { 265 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
305 if ((sdata->vif.type == id || id == -1) && 266 list_del(&sdata->list);
306 strcmp(name, sdata->dev->name) == 0 && 267 unregister_netdevice(sdata->dev);
307 sdata->dev != local->mdev) {
308 list_del_rcu(&sdata->list);
309 synchronize_rcu();
310 __ieee80211_if_del(local, sdata);
311 return 0;
312 }
313 } 268 }
314 return -ENODEV;
315}
316
317void ieee80211_if_free(struct net_device *dev)
318{
319 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
320
321 ieee80211_if_sdata_deinit(sdata);
322 free_netdev(dev);
323} 269}
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 150d66dbda9d..6597c779e35a 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -321,8 +321,15 @@ void ieee80211_key_link(struct ieee80211_key *key,
321 * some hardware cannot handle TKIP with QoS, so 321 * some hardware cannot handle TKIP with QoS, so
322 * we indicate whether QoS could be in use. 322 * we indicate whether QoS could be in use.
323 */ 323 */
324 if (sta->flags & WLAN_STA_WME) 324 if (test_sta_flags(sta, WLAN_STA_WME))
325 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; 325 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
326
327 /*
328 * This key is for a specific sta interface,
329 * inform the driver that it should try to store
330 * this key as pairwise key.
331 */
332 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
326 } else { 333 } else {
327 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) { 334 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
328 struct sta_info *ap; 335 struct sta_info *ap;
@@ -335,7 +342,7 @@ void ieee80211_key_link(struct ieee80211_key *key,
335 /* same here, the AP could be using QoS */ 342 /* same here, the AP could be using QoS */
336 ap = sta_info_get(key->local, key->sdata->u.sta.bssid); 343 ap = sta_info_get(key->local, key->sdata->u.sta.bssid);
337 if (ap) { 344 if (ap) {
338 if (ap->flags & WLAN_STA_WME) 345 if (test_sta_flags(ap, WLAN_STA_WME))
339 key->conf.flags |= 346 key->conf.flags |=
340 IEEE80211_KEY_FLAG_WMM_STA; 347 IEEE80211_KEY_FLAG_WMM_STA;
341 } 348 }
@@ -380,6 +387,15 @@ void ieee80211_key_free(struct ieee80211_key *key)
380 if (!key) 387 if (!key)
381 return; 388 return;
382 389
390 if (!key->sdata) {
391 /* The key has not been linked yet, simply free it
392 * and don't Oops */
393 if (key->conf.alg == ALG_CCMP)
394 ieee80211_aes_key_free(key->u.ccmp.tfm);
395 kfree(key);
396 return;
397 }
398
383 spin_lock_irqsave(&key->sdata->local->key_lock, flags); 399 spin_lock_irqsave(&key->sdata->local->key_lock, flags);
384 __ieee80211_key_free(key); 400 __ieee80211_key_free(key);
385 spin_unlock_irqrestore(&key->sdata->local->key_lock, flags); 401 spin_unlock_irqrestore(&key->sdata->local->key_lock, flags);
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index f52c3df1fe9a..425816e0996c 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -16,31 +16,18 @@
16#include <linux/rcupdate.h> 16#include <linux/rcupdate.h>
17#include <net/mac80211.h> 17#include <net/mac80211.h>
18 18
19/* ALG_TKIP 19#define WEP_IV_LEN 4
20 * struct ieee80211_key::key is encoded as a 256-bit (32 byte) data block: 20#define WEP_ICV_LEN 4
21 * Temporal Encryption Key (128 bits) 21#define ALG_TKIP_KEY_LEN 32
22 * Temporal Authenticator Tx MIC Key (64 bits) 22#define ALG_CCMP_KEY_LEN 16
23 * Temporal Authenticator Rx MIC Key (64 bits) 23#define CCMP_HDR_LEN 8
24 */ 24#define CCMP_MIC_LEN 8
25 25#define CCMP_TK_LEN 16
26#define WEP_IV_LEN 4 26#define CCMP_PN_LEN 6
27#define WEP_ICV_LEN 4 27#define TKIP_IV_LEN 8
28 28#define TKIP_ICV_LEN 4
29#define ALG_TKIP_KEY_LEN 32 29
30/* Starting offsets for each key */ 30#define NUM_RX_DATA_QUEUES 17
31#define ALG_TKIP_TEMP_ENCR_KEY 0
32#define ALG_TKIP_TEMP_AUTH_TX_MIC_KEY 16
33#define ALG_TKIP_TEMP_AUTH_RX_MIC_KEY 24
34#define TKIP_IV_LEN 8
35#define TKIP_ICV_LEN 4
36
37#define ALG_CCMP_KEY_LEN 16
38#define CCMP_HDR_LEN 8
39#define CCMP_MIC_LEN 8
40#define CCMP_TK_LEN 16
41#define CCMP_PN_LEN 6
42
43#define NUM_RX_DATA_QUEUES 17
44 31
45struct ieee80211_local; 32struct ieee80211_local;
46struct ieee80211_sub_if_data; 33struct ieee80211_sub_if_data;
@@ -69,6 +56,13 @@ enum ieee80211_internal_key_flags {
69 KEY_FLAG_TODO_ADD_DEBUGFS = BIT(5), 56 KEY_FLAG_TODO_ADD_DEBUGFS = BIT(5),
70}; 57};
71 58
59struct tkip_ctx {
60 u32 iv32;
61 u16 iv16;
62 u16 p1k[5];
63 int initialized;
64};
65
72struct ieee80211_key { 66struct ieee80211_key {
73 struct ieee80211_local *local; 67 struct ieee80211_local *local;
74 struct ieee80211_sub_if_data *sdata; 68 struct ieee80211_sub_if_data *sdata;
@@ -85,16 +79,10 @@ struct ieee80211_key {
85 union { 79 union {
86 struct { 80 struct {
87 /* last used TSC */ 81 /* last used TSC */
88 u32 iv32; 82 struct tkip_ctx tx;
89 u16 iv16;
90 u16 p1k[5];
91 int tx_initialized;
92 83
93 /* last received RSC */ 84 /* last received RSC */
94 u32 iv32_rx[NUM_RX_DATA_QUEUES]; 85 struct tkip_ctx rx[NUM_RX_DATA_QUEUES];
95 u16 iv16_rx[NUM_RX_DATA_QUEUES];
96 u16 p1k_rx[NUM_RX_DATA_QUEUES][5];
97 int rx_initialized[NUM_RX_DATA_QUEUES];
98 } tkip; 86 } tkip;
99 struct { 87 struct {
100 u8 tx_pn[6]; 88 u8 tx_pn[6];
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 915afadb0602..aa5a191598c9 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -35,8 +35,6 @@
35#include "debugfs.h" 35#include "debugfs.h"
36#include "debugfs_netdev.h" 36#include "debugfs_netdev.h"
37 37
38#define SUPP_MCS_SET_LEN 16
39
40/* 38/*
41 * For seeing transmitted packets on monitor interfaces 39 * For seeing transmitted packets on monitor interfaces
42 * we have a radiotap header too. 40 * we have a radiotap header too.
@@ -107,12 +105,18 @@ static int ieee80211_master_open(struct net_device *dev)
107 105
108 /* we hold the RTNL here so can safely walk the list */ 106 /* we hold the RTNL here so can safely walk the list */
109 list_for_each_entry(sdata, &local->interfaces, list) { 107 list_for_each_entry(sdata, &local->interfaces, list) {
110 if (sdata->dev != dev && netif_running(sdata->dev)) { 108 if (netif_running(sdata->dev)) {
111 res = 0; 109 res = 0;
112 break; 110 break;
113 } 111 }
114 } 112 }
115 return res; 113
114 if (res)
115 return res;
116
117 netif_tx_start_all_queues(local->mdev);
118
119 return 0;
116} 120}
117 121
118static int ieee80211_master_stop(struct net_device *dev) 122static int ieee80211_master_stop(struct net_device *dev)
@@ -122,7 +126,7 @@ static int ieee80211_master_stop(struct net_device *dev)
122 126
123 /* we hold the RTNL here so can safely walk the list */ 127 /* we hold the RTNL here so can safely walk the list */
124 list_for_each_entry(sdata, &local->interfaces, list) 128 list_for_each_entry(sdata, &local->interfaces, list)
125 if (sdata->dev != dev && netif_running(sdata->dev)) 129 if (netif_running(sdata->dev))
126 dev_close(sdata->dev); 130 dev_close(sdata->dev);
127 131
128 return 0; 132 return 0;
@@ -147,9 +151,7 @@ static int ieee80211_change_mtu(struct net_device *dev, int new_mtu)
147 /* FIX: what would be proper limits for MTU? 151 /* FIX: what would be proper limits for MTU?
148 * This interface uses 802.3 frames. */ 152 * This interface uses 802.3 frames. */
149 if (new_mtu < 256 || 153 if (new_mtu < 256 ||
150 new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6 - meshhdrlen) { 154 new_mtu > IEEE80211_MAX_DATA_LEN - 24 - 6 - meshhdrlen) {
151 printk(KERN_WARNING "%s: invalid MTU %d\n",
152 dev->name, new_mtu);
153 return -EINVAL; 155 return -EINVAL;
154 } 156 }
155 157
@@ -180,10 +182,11 @@ static int ieee80211_open(struct net_device *dev)
180{ 182{
181 struct ieee80211_sub_if_data *sdata, *nsdata; 183 struct ieee80211_sub_if_data *sdata, *nsdata;
182 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 184 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
185 struct sta_info *sta;
183 struct ieee80211_if_init_conf conf; 186 struct ieee80211_if_init_conf conf;
187 u32 changed = 0;
184 int res; 188 int res;
185 bool need_hw_reconfig = 0; 189 bool need_hw_reconfig = 0;
186 struct sta_info *sta;
187 190
188 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 191 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
189 192
@@ -191,7 +194,7 @@ static int ieee80211_open(struct net_device *dev)
191 list_for_each_entry(nsdata, &local->interfaces, list) { 194 list_for_each_entry(nsdata, &local->interfaces, list) {
192 struct net_device *ndev = nsdata->dev; 195 struct net_device *ndev = nsdata->dev;
193 196
194 if (ndev != dev && ndev != local->mdev && netif_running(ndev)) { 197 if (ndev != dev && netif_running(ndev)) {
195 /* 198 /*
196 * Allow only a single IBSS interface to be up at any 199 * Allow only a single IBSS interface to be up at any
197 * time. This is restricted because beacon distribution 200 * time. This is restricted because beacon distribution
@@ -207,30 +210,6 @@ static int ieee80211_open(struct net_device *dev)
207 return -EBUSY; 210 return -EBUSY;
208 211
209 /* 212 /*
210 * Disallow multiple IBSS/STA mode interfaces.
211 *
212 * This is a technical restriction, it is possible although
213 * most likely not IEEE 802.11 compliant to have multiple
214 * STAs with just a single hardware (the TSF timer will not
215 * be adjusted properly.)
216 *
217 * However, because mac80211 uses the master device's BSS
218 * information for each STA/IBSS interface, doing this will
219 * currently corrupt that BSS information completely, unless,
220 * a not very useful case, both STAs are associated to the
221 * same BSS.
222 *
223 * To remove this restriction, the BSS information needs to
224 * be embedded in the STA/IBSS mode sdata instead of using
225 * the master device's BSS structure.
226 */
227 if ((sdata->vif.type == IEEE80211_IF_TYPE_STA ||
228 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) &&
229 (nsdata->vif.type == IEEE80211_IF_TYPE_STA ||
230 nsdata->vif.type == IEEE80211_IF_TYPE_IBSS))
231 return -EBUSY;
232
233 /*
234 * The remaining checks are only performed for interfaces 213 * The remaining checks are only performed for interfaces
235 * with the same MAC address. 214 * with the same MAC address.
236 */ 215 */
@@ -249,7 +228,7 @@ static int ieee80211_open(struct net_device *dev)
249 */ 228 */
250 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN && 229 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN &&
251 nsdata->vif.type == IEEE80211_IF_TYPE_AP) 230 nsdata->vif.type == IEEE80211_IF_TYPE_AP)
252 sdata->u.vlan.ap = nsdata; 231 sdata->bss = &nsdata->u.ap;
253 } 232 }
254 } 233 }
255 234
@@ -259,14 +238,20 @@ static int ieee80211_open(struct net_device *dev)
259 return -ENOLINK; 238 return -ENOLINK;
260 break; 239 break;
261 case IEEE80211_IF_TYPE_VLAN: 240 case IEEE80211_IF_TYPE_VLAN:
262 if (!sdata->u.vlan.ap) 241 if (!sdata->bss)
263 return -ENOLINK; 242 return -ENOLINK;
243 list_add(&sdata->u.vlan.list, &sdata->bss->vlans);
264 break; 244 break;
265 case IEEE80211_IF_TYPE_AP: 245 case IEEE80211_IF_TYPE_AP:
246 sdata->bss = &sdata->u.ap;
247 break;
248 case IEEE80211_IF_TYPE_MESH_POINT:
249 /* mesh ifaces must set allmulti to forward mcast traffic */
250 atomic_inc(&local->iff_allmultis);
251 break;
266 case IEEE80211_IF_TYPE_STA: 252 case IEEE80211_IF_TYPE_STA:
267 case IEEE80211_IF_TYPE_MNTR: 253 case IEEE80211_IF_TYPE_MNTR:
268 case IEEE80211_IF_TYPE_IBSS: 254 case IEEE80211_IF_TYPE_IBSS:
269 case IEEE80211_IF_TYPE_MESH_POINT:
270 /* no special treatment */ 255 /* no special treatment */
271 break; 256 break;
272 case IEEE80211_IF_TYPE_INVALID: 257 case IEEE80211_IF_TYPE_INVALID:
@@ -280,14 +265,13 @@ static int ieee80211_open(struct net_device *dev)
280 if (local->ops->start) 265 if (local->ops->start)
281 res = local->ops->start(local_to_hw(local)); 266 res = local->ops->start(local_to_hw(local));
282 if (res) 267 if (res)
283 return res; 268 goto err_del_bss;
284 need_hw_reconfig = 1; 269 need_hw_reconfig = 1;
285 ieee80211_led_radio(local, local->hw.conf.radio_enabled); 270 ieee80211_led_radio(local, local->hw.conf.radio_enabled);
286 } 271 }
287 272
288 switch (sdata->vif.type) { 273 switch (sdata->vif.type) {
289 case IEEE80211_IF_TYPE_VLAN: 274 case IEEE80211_IF_TYPE_VLAN:
290 list_add(&sdata->u.vlan.list, &sdata->u.vlan.ap->u.ap.vlans);
291 /* no need to tell driver */ 275 /* no need to tell driver */
292 break; 276 break;
293 case IEEE80211_IF_TYPE_MNTR: 277 case IEEE80211_IF_TYPE_MNTR:
@@ -310,9 +294,9 @@ static int ieee80211_open(struct net_device *dev)
310 if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS) 294 if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS)
311 local->fif_other_bss++; 295 local->fif_other_bss++;
312 296
313 netif_tx_lock_bh(local->mdev); 297 netif_addr_lock_bh(local->mdev);
314 ieee80211_configure_filter(local); 298 ieee80211_configure_filter(local);
315 netif_tx_unlock_bh(local->mdev); 299 netif_addr_unlock_bh(local->mdev);
316 break; 300 break;
317 case IEEE80211_IF_TYPE_STA: 301 case IEEE80211_IF_TYPE_STA:
318 case IEEE80211_IF_TYPE_IBSS: 302 case IEEE80211_IF_TYPE_IBSS:
@@ -326,8 +310,10 @@ static int ieee80211_open(struct net_device *dev)
326 if (res) 310 if (res)
327 goto err_stop; 311 goto err_stop;
328 312
329 ieee80211_if_config(dev); 313 if (ieee80211_vif_is_mesh(&sdata->vif))
330 ieee80211_reset_erp_info(dev); 314 ieee80211_start_mesh(sdata->dev);
315 changed |= ieee80211_reset_erp_info(dev);
316 ieee80211_bss_info_change_notify(sdata, changed);
331 ieee80211_enable_keys(sdata); 317 ieee80211_enable_keys(sdata);
332 318
333 if (sdata->vif.type == IEEE80211_IF_TYPE_STA && 319 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
@@ -346,6 +332,7 @@ static int ieee80211_open(struct net_device *dev)
346 goto err_del_interface; 332 goto err_del_interface;
347 } 333 }
348 334
335 /* no locking required since STA is not live yet */
349 sta->flags |= WLAN_STA_AUTHORIZED; 336 sta->flags |= WLAN_STA_AUTHORIZED;
350 337
351 res = sta_info_insert(sta); 338 res = sta_info_insert(sta);
@@ -385,13 +372,13 @@ static int ieee80211_open(struct net_device *dev)
385 * yet be effective. Trigger execution of ieee80211_sta_work 372 * yet be effective. Trigger execution of ieee80211_sta_work
386 * to fix this. 373 * to fix this.
387 */ 374 */
388 if(sdata->vif.type == IEEE80211_IF_TYPE_STA || 375 if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
389 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 376 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
390 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 377 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
391 queue_work(local->hw.workqueue, &ifsta->work); 378 queue_work(local->hw.workqueue, &ifsta->work);
392 } 379 }
393 380
394 netif_start_queue(dev); 381 netif_tx_start_all_queues(dev);
395 382
396 return 0; 383 return 0;
397 err_del_interface: 384 err_del_interface:
@@ -399,6 +386,10 @@ static int ieee80211_open(struct net_device *dev)
399 err_stop: 386 err_stop:
400 if (!local->open_count && local->ops->stop) 387 if (!local->open_count && local->ops->stop)
401 local->ops->stop(local_to_hw(local)); 388 local->ops->stop(local_to_hw(local));
389 err_del_bss:
390 sdata->bss = NULL;
391 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN)
392 list_del(&sdata->u.vlan.list);
402 return res; 393 return res;
403} 394}
404 395
@@ -412,7 +403,7 @@ static int ieee80211_stop(struct net_device *dev)
412 /* 403 /*
413 * Stop TX on this interface first. 404 * Stop TX on this interface first.
414 */ 405 */
415 netif_stop_queue(dev); 406 netif_tx_stop_all_queues(dev);
416 407
417 /* 408 /*
418 * Now delete all active aggregation sessions. 409 * Now delete all active aggregation sessions.
@@ -481,7 +472,6 @@ static int ieee80211_stop(struct net_device *dev)
481 switch (sdata->vif.type) { 472 switch (sdata->vif.type) {
482 case IEEE80211_IF_TYPE_VLAN: 473 case IEEE80211_IF_TYPE_VLAN:
483 list_del(&sdata->u.vlan.list); 474 list_del(&sdata->u.vlan.list);
484 sdata->u.vlan.ap = NULL;
485 /* no need to tell driver */ 475 /* no need to tell driver */
486 break; 476 break;
487 case IEEE80211_IF_TYPE_MNTR: 477 case IEEE80211_IF_TYPE_MNTR:
@@ -503,14 +493,18 @@ static int ieee80211_stop(struct net_device *dev)
503 if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS) 493 if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS)
504 local->fif_other_bss--; 494 local->fif_other_bss--;
505 495
506 netif_tx_lock_bh(local->mdev); 496 netif_addr_lock_bh(local->mdev);
507 ieee80211_configure_filter(local); 497 ieee80211_configure_filter(local);
508 netif_tx_unlock_bh(local->mdev); 498 netif_addr_unlock_bh(local->mdev);
509 break; 499 break;
510 case IEEE80211_IF_TYPE_MESH_POINT: 500 case IEEE80211_IF_TYPE_MESH_POINT:
501 /* allmulti is always set on mesh ifaces */
502 atomic_dec(&local->iff_allmultis);
503 /* fall through */
511 case IEEE80211_IF_TYPE_STA: 504 case IEEE80211_IF_TYPE_STA:
512 case IEEE80211_IF_TYPE_IBSS: 505 case IEEE80211_IF_TYPE_IBSS:
513 sdata->u.sta.state = IEEE80211_DISABLED; 506 sdata->u.sta.state = IEEE80211_DISABLED;
507 memset(sdata->u.sta.bssid, 0, ETH_ALEN);
514 del_timer_sync(&sdata->u.sta.timer); 508 del_timer_sync(&sdata->u.sta.timer);
515 /* 509 /*
516 * When we get here, the interface is marked down. 510 * When we get here, the interface is marked down.
@@ -529,8 +523,6 @@ static int ieee80211_stop(struct net_device *dev)
529 local->sta_hw_scanning = 0; 523 local->sta_hw_scanning = 0;
530 } 524 }
531 525
532 flush_workqueue(local->hw.workqueue);
533
534 sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED; 526 sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED;
535 kfree(sdata->u.sta.extra_ie); 527 kfree(sdata->u.sta.extra_ie);
536 sdata->u.sta.extra_ie = NULL; 528 sdata->u.sta.extra_ie = NULL;
@@ -545,6 +537,8 @@ static int ieee80211_stop(struct net_device *dev)
545 local->ops->remove_interface(local_to_hw(local), &conf); 537 local->ops->remove_interface(local_to_hw(local), &conf);
546 } 538 }
547 539
540 sdata->bss = NULL;
541
548 if (local->open_count == 0) { 542 if (local->open_count == 0) {
549 if (netif_running(local->mdev)) 543 if (netif_running(local->mdev))
550 dev_close(local->mdev); 544 dev_close(local->mdev);
@@ -554,6 +548,8 @@ static int ieee80211_stop(struct net_device *dev)
554 548
555 ieee80211_led_radio(local, 0); 549 ieee80211_led_radio(local, 0);
556 550
551 flush_workqueue(local->hw.workqueue);
552
557 tasklet_disable(&local->tx_pending_tasklet); 553 tasklet_disable(&local->tx_pending_tasklet);
558 tasklet_disable(&local->tasklet); 554 tasklet_disable(&local->tasklet);
559 } 555 }
@@ -583,17 +579,19 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
583 579
584 sta = sta_info_get(local, ra); 580 sta = sta_info_get(local, ra);
585 if (!sta) { 581 if (!sta) {
582#ifdef CONFIG_MAC80211_HT_DEBUG
586 printk(KERN_DEBUG "Could not find the station\n"); 583 printk(KERN_DEBUG "Could not find the station\n");
587 rcu_read_unlock(); 584#endif
588 return -ENOENT; 585 ret = -ENOENT;
586 goto exit;
589 } 587 }
590 588
591 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 589 spin_lock_bh(&sta->lock);
592 590
593 /* we have tried too many times, receiver does not want A-MPDU */ 591 /* we have tried too many times, receiver does not want A-MPDU */
594 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 592 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
595 ret = -EBUSY; 593 ret = -EBUSY;
596 goto start_ba_exit; 594 goto err_unlock_sta;
597 } 595 }
598 596
599 state = &sta->ampdu_mlme.tid_state_tx[tid]; 597 state = &sta->ampdu_mlme.tid_state_tx[tid];
@@ -604,18 +602,20 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
604 "idle on tid %u\n", tid); 602 "idle on tid %u\n", tid);
605#endif /* CONFIG_MAC80211_HT_DEBUG */ 603#endif /* CONFIG_MAC80211_HT_DEBUG */
606 ret = -EAGAIN; 604 ret = -EAGAIN;
607 goto start_ba_exit; 605 goto err_unlock_sta;
608 } 606 }
609 607
610 /* prepare A-MPDU MLME for Tx aggregation */ 608 /* prepare A-MPDU MLME for Tx aggregation */
611 sta->ampdu_mlme.tid_tx[tid] = 609 sta->ampdu_mlme.tid_tx[tid] =
612 kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC); 610 kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
613 if (!sta->ampdu_mlme.tid_tx[tid]) { 611 if (!sta->ampdu_mlme.tid_tx[tid]) {
612#ifdef CONFIG_MAC80211_HT_DEBUG
614 if (net_ratelimit()) 613 if (net_ratelimit())
615 printk(KERN_ERR "allocate tx mlme to tid %d failed\n", 614 printk(KERN_ERR "allocate tx mlme to tid %d failed\n",
616 tid); 615 tid);
616#endif
617 ret = -ENOMEM; 617 ret = -ENOMEM;
618 goto start_ba_exit; 618 goto err_unlock_sta;
619 } 619 }
620 /* Tx timer */ 620 /* Tx timer */
621 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function = 621 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function =
@@ -624,10 +624,6 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
624 (unsigned long)&sta->timer_to_tid[tid]; 624 (unsigned long)&sta->timer_to_tid[tid];
625 init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 625 init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
626 626
627 /* ensure that TX flow won't interrupt us
628 * until the end of the call to requeue function */
629 spin_lock_bh(&local->mdev->queue_lock);
630
631 /* create a new queue for this aggregation */ 627 /* create a new queue for this aggregation */
632 ret = ieee80211_ht_agg_queue_add(local, sta, tid); 628 ret = ieee80211_ht_agg_queue_add(local, sta, tid);
633 629
@@ -638,7 +634,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
638 printk(KERN_DEBUG "BA request denied - queue unavailable for" 634 printk(KERN_DEBUG "BA request denied - queue unavailable for"
639 " tid %d\n", tid); 635 " tid %d\n", tid);
640#endif /* CONFIG_MAC80211_HT_DEBUG */ 636#endif /* CONFIG_MAC80211_HT_DEBUG */
641 goto start_ba_err; 637 goto err_unlock_queue;
642 } 638 }
643 sdata = sta->sdata; 639 sdata = sta->sdata;
644 640
@@ -654,18 +650,18 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
654 /* No need to requeue the packets in the agg queue, since we 650 /* No need to requeue the packets in the agg queue, since we
655 * held the tx lock: no packet could be enqueued to the newly 651 * held the tx lock: no packet could be enqueued to the newly
656 * allocated queue */ 652 * allocated queue */
657 ieee80211_ht_agg_queue_remove(local, sta, tid, 0); 653 ieee80211_ht_agg_queue_remove(local, sta, tid, 0);
658#ifdef CONFIG_MAC80211_HT_DEBUG 654#ifdef CONFIG_MAC80211_HT_DEBUG
659 printk(KERN_DEBUG "BA request denied - HW unavailable for" 655 printk(KERN_DEBUG "BA request denied - HW unavailable for"
660 " tid %d\n", tid); 656 " tid %d\n", tid);
661#endif /* CONFIG_MAC80211_HT_DEBUG */ 657#endif /* CONFIG_MAC80211_HT_DEBUG */
662 *state = HT_AGG_STATE_IDLE; 658 *state = HT_AGG_STATE_IDLE;
663 goto start_ba_err; 659 goto err_unlock_queue;
664 } 660 }
665 661
666 /* Will put all the packets in the new SW queue */ 662 /* Will put all the packets in the new SW queue */
667 ieee80211_requeue(local, ieee802_1d_to_ac[tid]); 663 ieee80211_requeue(local, ieee802_1d_to_ac[tid]);
668 spin_unlock_bh(&local->mdev->queue_lock); 664 spin_unlock_bh(&sta->lock);
669 665
670 /* send an addBA request */ 666 /* send an addBA request */
671 sta->ampdu_mlme.dialog_token_allocator++; 667 sta->ampdu_mlme.dialog_token_allocator++;
@@ -673,25 +669,27 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
673 sta->ampdu_mlme.dialog_token_allocator; 669 sta->ampdu_mlme.dialog_token_allocator;
674 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num; 670 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
675 671
672
676 ieee80211_send_addba_request(sta->sdata->dev, ra, tid, 673 ieee80211_send_addba_request(sta->sdata->dev, ra, tid,
677 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 674 sta->ampdu_mlme.tid_tx[tid]->dialog_token,
678 sta->ampdu_mlme.tid_tx[tid]->ssn, 675 sta->ampdu_mlme.tid_tx[tid]->ssn,
679 0x40, 5000); 676 0x40, 5000);
680
681 /* activate the timer for the recipient's addBA response */ 677 /* activate the timer for the recipient's addBA response */
682 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires = 678 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires =
683 jiffies + ADDBA_RESP_INTERVAL; 679 jiffies + ADDBA_RESP_INTERVAL;
684 add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 680 add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
681#ifdef CONFIG_MAC80211_HT_DEBUG
685 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 682 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
686 goto start_ba_exit; 683#endif
684 goto exit;
687 685
688start_ba_err: 686err_unlock_queue:
689 kfree(sta->ampdu_mlme.tid_tx[tid]); 687 kfree(sta->ampdu_mlme.tid_tx[tid]);
690 sta->ampdu_mlme.tid_tx[tid] = NULL; 688 sta->ampdu_mlme.tid_tx[tid] = NULL;
691 spin_unlock_bh(&local->mdev->queue_lock);
692 ret = -EBUSY; 689 ret = -EBUSY;
693start_ba_exit: 690err_unlock_sta:
694 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 691 spin_unlock_bh(&sta->lock);
692exit:
695 rcu_read_unlock(); 693 rcu_read_unlock();
696 return ret; 694 return ret;
697} 695}
@@ -719,7 +717,7 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw,
719 717
720 /* check if the TID is in aggregation */ 718 /* check if the TID is in aggregation */
721 state = &sta->ampdu_mlme.tid_state_tx[tid]; 719 state = &sta->ampdu_mlme.tid_state_tx[tid];
722 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 720 spin_lock_bh(&sta->lock);
723 721
724 if (*state != HT_AGG_STATE_OPERATIONAL) { 722 if (*state != HT_AGG_STATE_OPERATIONAL) {
725 ret = -ENOENT; 723 ret = -ENOENT;
@@ -749,7 +747,7 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_hw *hw,
749 } 747 }
750 748
751stop_BA_exit: 749stop_BA_exit:
752 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 750 spin_unlock_bh(&sta->lock);
753 rcu_read_unlock(); 751 rcu_read_unlock();
754 return ret; 752 return ret;
755} 753}
@@ -763,8 +761,10 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
763 DECLARE_MAC_BUF(mac); 761 DECLARE_MAC_BUF(mac);
764 762
765 if (tid >= STA_TID_NUM) { 763 if (tid >= STA_TID_NUM) {
764#ifdef CONFIG_MAC80211_HT_DEBUG
766 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 765 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
767 tid, STA_TID_NUM); 766 tid, STA_TID_NUM);
767#endif
768 return; 768 return;
769 } 769 }
770 770
@@ -772,18 +772,22 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
772 sta = sta_info_get(local, ra); 772 sta = sta_info_get(local, ra);
773 if (!sta) { 773 if (!sta) {
774 rcu_read_unlock(); 774 rcu_read_unlock();
775#ifdef CONFIG_MAC80211_HT_DEBUG
775 printk(KERN_DEBUG "Could not find station: %s\n", 776 printk(KERN_DEBUG "Could not find station: %s\n",
776 print_mac(mac, ra)); 777 print_mac(mac, ra));
778#endif
777 return; 779 return;
778 } 780 }
779 781
780 state = &sta->ampdu_mlme.tid_state_tx[tid]; 782 state = &sta->ampdu_mlme.tid_state_tx[tid];
781 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 783 spin_lock_bh(&sta->lock);
782 784
783 if (!(*state & HT_ADDBA_REQUESTED_MSK)) { 785 if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
786#ifdef CONFIG_MAC80211_HT_DEBUG
784 printk(KERN_DEBUG "addBA was not requested yet, state is %d\n", 787 printk(KERN_DEBUG "addBA was not requested yet, state is %d\n",
785 *state); 788 *state);
786 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 789#endif
790 spin_unlock_bh(&sta->lock);
787 rcu_read_unlock(); 791 rcu_read_unlock();
788 return; 792 return;
789 } 793 }
@@ -793,10 +797,12 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u16 tid)
793 *state |= HT_ADDBA_DRV_READY_MSK; 797 *state |= HT_ADDBA_DRV_READY_MSK;
794 798
795 if (*state == HT_AGG_STATE_OPERATIONAL) { 799 if (*state == HT_AGG_STATE_OPERATIONAL) {
800#ifdef CONFIG_MAC80211_HT_DEBUG
796 printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid); 801 printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid);
802#endif
797 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]); 803 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
798 } 804 }
799 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 805 spin_unlock_bh(&sta->lock);
800 rcu_read_unlock(); 806 rcu_read_unlock();
801} 807}
802EXPORT_SYMBOL(ieee80211_start_tx_ba_cb); 808EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
@@ -810,8 +816,10 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
810 DECLARE_MAC_BUF(mac); 816 DECLARE_MAC_BUF(mac);
811 817
812 if (tid >= STA_TID_NUM) { 818 if (tid >= STA_TID_NUM) {
819#ifdef CONFIG_MAC80211_HT_DEBUG
813 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 820 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
814 tid, STA_TID_NUM); 821 tid, STA_TID_NUM);
822#endif
815 return; 823 return;
816 } 824 }
817 825
@@ -823,17 +831,23 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
823 rcu_read_lock(); 831 rcu_read_lock();
824 sta = sta_info_get(local, ra); 832 sta = sta_info_get(local, ra);
825 if (!sta) { 833 if (!sta) {
834#ifdef CONFIG_MAC80211_HT_DEBUG
826 printk(KERN_DEBUG "Could not find station: %s\n", 835 printk(KERN_DEBUG "Could not find station: %s\n",
827 print_mac(mac, ra)); 836 print_mac(mac, ra));
837#endif
828 rcu_read_unlock(); 838 rcu_read_unlock();
829 return; 839 return;
830 } 840 }
831 state = &sta->ampdu_mlme.tid_state_tx[tid]; 841 state = &sta->ampdu_mlme.tid_state_tx[tid];
832 842
833 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 843 /* NOTE: no need to use sta->lock in this state check, as
844 * ieee80211_stop_tx_ba_session will let only one stop call to
845 * pass through per sta/tid
846 */
834 if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) { 847 if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) {
848#ifdef CONFIG_MAC80211_HT_DEBUG
835 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n"); 849 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n");
836 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 850#endif
837 rcu_read_unlock(); 851 rcu_read_unlock();
838 return; 852 return;
839 } 853 }
@@ -844,23 +858,20 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
844 858
845 agg_queue = sta->tid_to_tx_q[tid]; 859 agg_queue = sta->tid_to_tx_q[tid];
846 860
847 /* avoid ordering issues: we are the only one that can modify
848 * the content of the qdiscs */
849 spin_lock_bh(&local->mdev->queue_lock);
850 /* remove the queue for this aggregation */
851 ieee80211_ht_agg_queue_remove(local, sta, tid, 1); 861 ieee80211_ht_agg_queue_remove(local, sta, tid, 1);
852 spin_unlock_bh(&local->mdev->queue_lock);
853 862
854 /* we just requeued the all the frames that were in the removed 863 /* We just requeued the all the frames that were in the
855 * queue, and since we might miss a softirq we do netif_schedule. 864 * removed queue, and since we might miss a softirq we do
856 * ieee80211_wake_queue is not used here as this queue is not 865 * netif_schedule_queue. ieee80211_wake_queue is not used
857 * necessarily stopped */ 866 * here as this queue is not necessarily stopped
858 netif_schedule(local->mdev); 867 */
868 netif_schedule_queue(netdev_get_tx_queue(local->mdev, agg_queue));
869 spin_lock_bh(&sta->lock);
859 *state = HT_AGG_STATE_IDLE; 870 *state = HT_AGG_STATE_IDLE;
860 sta->ampdu_mlme.addba_req_num[tid] = 0; 871 sta->ampdu_mlme.addba_req_num[tid] = 0;
861 kfree(sta->ampdu_mlme.tid_tx[tid]); 872 kfree(sta->ampdu_mlme.tid_tx[tid]);
862 sta->ampdu_mlme.tid_tx[tid] = NULL; 873 sta->ampdu_mlme.tid_tx[tid] = NULL;
863 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 874 spin_unlock_bh(&sta->lock);
864 875
865 rcu_read_unlock(); 876 rcu_read_unlock();
866} 877}
@@ -874,9 +885,11 @@ void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
874 struct sk_buff *skb = dev_alloc_skb(0); 885 struct sk_buff *skb = dev_alloc_skb(0);
875 886
876 if (unlikely(!skb)) { 887 if (unlikely(!skb)) {
888#ifdef CONFIG_MAC80211_HT_DEBUG
877 if (net_ratelimit()) 889 if (net_ratelimit())
878 printk(KERN_WARNING "%s: Not enough memory, " 890 printk(KERN_WARNING "%s: Not enough memory, "
879 "dropping start BA session", skb->dev->name); 891 "dropping start BA session", skb->dev->name);
892#endif
880 return; 893 return;
881 } 894 }
882 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 895 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
@@ -897,9 +910,11 @@ void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_hw *hw,
897 struct sk_buff *skb = dev_alloc_skb(0); 910 struct sk_buff *skb = dev_alloc_skb(0);
898 911
899 if (unlikely(!skb)) { 912 if (unlikely(!skb)) {
913#ifdef CONFIG_MAC80211_HT_DEBUG
900 if (net_ratelimit()) 914 if (net_ratelimit())
901 printk(KERN_WARNING "%s: Not enough memory, " 915 printk(KERN_WARNING "%s: Not enough memory, "
902 "dropping stop BA session", skb->dev->name); 916 "dropping stop BA session", skb->dev->name);
917#endif
903 return; 918 return;
904 } 919 }
905 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 920 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
@@ -950,7 +965,6 @@ static const struct header_ops ieee80211_header_ops = {
950 .cache_update = eth_header_cache_update, 965 .cache_update = eth_header_cache_update,
951}; 966};
952 967
953/* Must not be called for mdev */
954void ieee80211_if_setup(struct net_device *dev) 968void ieee80211_if_setup(struct net_device *dev)
955{ 969{
956 ether_setup(dev); 970 ether_setup(dev);
@@ -960,67 +974,52 @@ void ieee80211_if_setup(struct net_device *dev)
960 dev->change_mtu = ieee80211_change_mtu; 974 dev->change_mtu = ieee80211_change_mtu;
961 dev->open = ieee80211_open; 975 dev->open = ieee80211_open;
962 dev->stop = ieee80211_stop; 976 dev->stop = ieee80211_stop;
963 dev->destructor = ieee80211_if_free; 977 dev->destructor = free_netdev;
964} 978}
965 979
966/* everything else */ 980/* everything else */
967 981
968static int __ieee80211_if_config(struct net_device *dev, 982int ieee80211_if_config(struct ieee80211_sub_if_data *sdata, u32 changed)
969 struct sk_buff *beacon,
970 struct ieee80211_tx_control *control)
971{ 983{
972 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 984 struct ieee80211_local *local = sdata->local;
973 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
974 struct ieee80211_if_conf conf; 985 struct ieee80211_if_conf conf;
975 986
976 if (!local->ops->config_interface || !netif_running(dev)) 987 if (WARN_ON(!netif_running(sdata->dev)))
988 return 0;
989
990 if (!local->ops->config_interface)
977 return 0; 991 return 0;
978 992
979 memset(&conf, 0, sizeof(conf)); 993 memset(&conf, 0, sizeof(conf));
980 conf.type = sdata->vif.type; 994 conf.changed = changed;
995
981 if (sdata->vif.type == IEEE80211_IF_TYPE_STA || 996 if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
982 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 997 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
983 conf.bssid = sdata->u.sta.bssid; 998 conf.bssid = sdata->u.sta.bssid;
984 conf.ssid = sdata->u.sta.ssid; 999 conf.ssid = sdata->u.sta.ssid;
985 conf.ssid_len = sdata->u.sta.ssid_len; 1000 conf.ssid_len = sdata->u.sta.ssid_len;
986 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
987 conf.beacon = beacon;
988 conf.beacon_control = control;
989 ieee80211_start_mesh(dev);
990 } else if (sdata->vif.type == IEEE80211_IF_TYPE_AP) { 1001 } else if (sdata->vif.type == IEEE80211_IF_TYPE_AP) {
1002 conf.bssid = sdata->dev->dev_addr;
991 conf.ssid = sdata->u.ap.ssid; 1003 conf.ssid = sdata->u.ap.ssid;
992 conf.ssid_len = sdata->u.ap.ssid_len; 1004 conf.ssid_len = sdata->u.ap.ssid_len;
993 conf.beacon = beacon; 1005 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
994 conf.beacon_control = control; 1006 u8 zero[ETH_ALEN] = { 0 };
1007 conf.bssid = zero;
1008 conf.ssid = zero;
1009 conf.ssid_len = 0;
1010 } else {
1011 WARN_ON(1);
1012 return -EINVAL;
995 } 1013 }
996 return local->ops->config_interface(local_to_hw(local),
997 &sdata->vif, &conf);
998}
999 1014
1000int ieee80211_if_config(struct net_device *dev) 1015 if (WARN_ON(!conf.bssid && (changed & IEEE80211_IFCC_BSSID)))
1001{ 1016 return -EINVAL;
1002 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1003 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1004 if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT &&
1005 (local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE))
1006 return ieee80211_if_config_beacon(dev);
1007 return __ieee80211_if_config(dev, NULL, NULL);
1008}
1009 1017
1010int ieee80211_if_config_beacon(struct net_device *dev) 1018 if (WARN_ON(!conf.ssid && (changed & IEEE80211_IFCC_SSID)))
1011{ 1019 return -EINVAL;
1012 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1013 struct ieee80211_tx_control control;
1014 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1015 struct sk_buff *skb;
1016 1020
1017 if (!(local->hw.flags & IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE)) 1021 return local->ops->config_interface(local_to_hw(local),
1018 return 0; 1022 &sdata->vif, &conf);
1019 skb = ieee80211_beacon_get(local_to_hw(local), &sdata->vif,
1020 &control);
1021 if (!skb)
1022 return -ENOMEM;
1023 return __ieee80211_if_config(dev, skb, &control);
1024} 1023}
1025 1024
1026int ieee80211_hw_config(struct ieee80211_local *local) 1025int ieee80211_hw_config(struct ieee80211_local *local)
@@ -1067,56 +1066,84 @@ u32 ieee80211_handle_ht(struct ieee80211_local *local, int enable_ht,
1067 struct ieee80211_supported_band *sband; 1066 struct ieee80211_supported_band *sband;
1068 struct ieee80211_ht_info ht_conf; 1067 struct ieee80211_ht_info ht_conf;
1069 struct ieee80211_ht_bss_info ht_bss_conf; 1068 struct ieee80211_ht_bss_info ht_bss_conf;
1070 int i;
1071 u32 changed = 0; 1069 u32 changed = 0;
1070 int i;
1071 u8 max_tx_streams = IEEE80211_HT_CAP_MAX_STREAMS;
1072 u8 tx_mcs_set_cap;
1072 1073
1073 sband = local->hw.wiphy->bands[conf->channel->band]; 1074 sband = local->hw.wiphy->bands[conf->channel->band];
1074 1075
1076 memset(&ht_conf, 0, sizeof(struct ieee80211_ht_info));
1077 memset(&ht_bss_conf, 0, sizeof(struct ieee80211_ht_bss_info));
1078
1075 /* HT is not supported */ 1079 /* HT is not supported */
1076 if (!sband->ht_info.ht_supported) { 1080 if (!sband->ht_info.ht_supported) {
1077 conf->flags &= ~IEEE80211_CONF_SUPPORT_HT_MODE; 1081 conf->flags &= ~IEEE80211_CONF_SUPPORT_HT_MODE;
1078 return 0; 1082 goto out;
1079 } 1083 }
1080 1084
1081 memset(&ht_conf, 0, sizeof(struct ieee80211_ht_info)); 1085 /* disable HT */
1082 memset(&ht_bss_conf, 0, sizeof(struct ieee80211_ht_bss_info)); 1086 if (!enable_ht) {
1083 1087 if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE)
1084 if (enable_ht) {
1085 if (!(conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE))
1086 changed |= BSS_CHANGED_HT; 1088 changed |= BSS_CHANGED_HT;
1089 conf->flags &= ~IEEE80211_CONF_SUPPORT_HT_MODE;
1090 conf->ht_conf.ht_supported = 0;
1091 goto out;
1092 }
1087 1093
1088 conf->flags |= IEEE80211_CONF_SUPPORT_HT_MODE;
1089 ht_conf.ht_supported = 1;
1090 1094
1091 ht_conf.cap = req_ht_cap->cap & sband->ht_info.cap; 1095 if (!(conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE))
1092 ht_conf.cap &= ~(IEEE80211_HT_CAP_MIMO_PS); 1096 changed |= BSS_CHANGED_HT;
1093 ht_conf.cap |= sband->ht_info.cap & IEEE80211_HT_CAP_MIMO_PS;
1094 1097
1095 for (i = 0; i < SUPP_MCS_SET_LEN; i++) 1098 conf->flags |= IEEE80211_CONF_SUPPORT_HT_MODE;
1096 ht_conf.supp_mcs_set[i] = 1099 ht_conf.ht_supported = 1;
1097 sband->ht_info.supp_mcs_set[i] &
1098 req_ht_cap->supp_mcs_set[i];
1099 1100
1100 ht_bss_conf.primary_channel = req_bss_cap->primary_channel; 1101 ht_conf.cap = req_ht_cap->cap & sband->ht_info.cap;
1101 ht_bss_conf.bss_cap = req_bss_cap->bss_cap; 1102 ht_conf.cap &= ~(IEEE80211_HT_CAP_MIMO_PS);
1102 ht_bss_conf.bss_op_mode = req_bss_cap->bss_op_mode; 1103 ht_conf.cap |= sband->ht_info.cap & IEEE80211_HT_CAP_MIMO_PS;
1104 ht_bss_conf.primary_channel = req_bss_cap->primary_channel;
1105 ht_bss_conf.bss_cap = req_bss_cap->bss_cap;
1106 ht_bss_conf.bss_op_mode = req_bss_cap->bss_op_mode;
1103 1107
1104 ht_conf.ampdu_factor = req_ht_cap->ampdu_factor; 1108 ht_conf.ampdu_factor = req_ht_cap->ampdu_factor;
1105 ht_conf.ampdu_density = req_ht_cap->ampdu_density; 1109 ht_conf.ampdu_density = req_ht_cap->ampdu_density;
1106 1110
1107 /* if bss configuration changed store the new one */ 1111 /* Bits 96-100 */
1108 if (memcmp(&conf->ht_conf, &ht_conf, sizeof(ht_conf)) || 1112 tx_mcs_set_cap = sband->ht_info.supp_mcs_set[12];
1109 memcmp(&conf->ht_bss_conf, &ht_bss_conf, sizeof(ht_bss_conf))) { 1113
1110 changed |= BSS_CHANGED_HT; 1114 /* configure suppoerted Tx MCS according to requested MCS
1111 memcpy(&conf->ht_conf, &ht_conf, sizeof(ht_conf)); 1115 * (based in most cases on Rx capabilities of peer) and self
1112 memcpy(&conf->ht_bss_conf, &ht_bss_conf, sizeof(ht_bss_conf)); 1116 * Tx MCS capabilities (as defined by low level driver HW
1113 } 1117 * Tx capabilities) */
1114 } else { 1118 if (!(tx_mcs_set_cap & IEEE80211_HT_CAP_MCS_TX_DEFINED))
1115 if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) 1119 goto check_changed;
1116 changed |= BSS_CHANGED_HT; 1120
1117 conf->flags &= ~IEEE80211_CONF_SUPPORT_HT_MODE; 1121 /* Counting from 0 therfore + 1 */
1118 } 1122 if (tx_mcs_set_cap & IEEE80211_HT_CAP_MCS_TX_RX_DIFF)
1123 max_tx_streams = ((tx_mcs_set_cap &
1124 IEEE80211_HT_CAP_MCS_TX_STREAMS) >> 2) + 1;
1119 1125
1126 for (i = 0; i < max_tx_streams; i++)
1127 ht_conf.supp_mcs_set[i] =
1128 sband->ht_info.supp_mcs_set[i] &
1129 req_ht_cap->supp_mcs_set[i];
1130
1131 if (tx_mcs_set_cap & IEEE80211_HT_CAP_MCS_TX_UEQM)
1132 for (i = IEEE80211_SUPP_MCS_SET_UEQM;
1133 i < IEEE80211_SUPP_MCS_SET_LEN; i++)
1134 ht_conf.supp_mcs_set[i] =
1135 sband->ht_info.supp_mcs_set[i] &
1136 req_ht_cap->supp_mcs_set[i];
1137
1138check_changed:
1139 /* if bss configuration changed store the new one */
1140 if (memcmp(&conf->ht_conf, &ht_conf, sizeof(ht_conf)) ||
1141 memcmp(&conf->ht_bss_conf, &ht_bss_conf, sizeof(ht_bss_conf))) {
1142 changed |= BSS_CHANGED_HT;
1143 memcpy(&conf->ht_conf, &ht_conf, sizeof(ht_conf));
1144 memcpy(&conf->ht_bss_conf, &ht_bss_conf, sizeof(ht_bss_conf));
1145 }
1146out:
1120 return changed; 1147 return changed;
1121} 1148}
1122 1149
@@ -1135,50 +1162,30 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
1135 changed); 1162 changed);
1136} 1163}
1137 1164
1138void ieee80211_reset_erp_info(struct net_device *dev) 1165u32 ieee80211_reset_erp_info(struct net_device *dev)
1139{ 1166{
1140 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1167 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1141 1168
1142 sdata->bss_conf.use_cts_prot = 0; 1169 sdata->bss_conf.use_cts_prot = 0;
1143 sdata->bss_conf.use_short_preamble = 0; 1170 sdata->bss_conf.use_short_preamble = 0;
1144 ieee80211_bss_info_change_notify(sdata, 1171 return BSS_CHANGED_ERP_CTS_PROT | BSS_CHANGED_ERP_PREAMBLE;
1145 BSS_CHANGED_ERP_CTS_PROT |
1146 BSS_CHANGED_ERP_PREAMBLE);
1147} 1172}
1148 1173
1149void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw, 1174void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
1150 struct sk_buff *skb, 1175 struct sk_buff *skb)
1151 struct ieee80211_tx_status *status)
1152{ 1176{
1153 struct ieee80211_local *local = hw_to_local(hw); 1177 struct ieee80211_local *local = hw_to_local(hw);
1154 struct ieee80211_tx_status *saved; 1178 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1155 int tmp; 1179 int tmp;
1156 1180
1157 skb->dev = local->mdev; 1181 skb->dev = local->mdev;
1158 saved = kmalloc(sizeof(struct ieee80211_tx_status), GFP_ATOMIC);
1159 if (unlikely(!saved)) {
1160 if (net_ratelimit())
1161 printk(KERN_WARNING "%s: Not enough memory, "
1162 "dropping tx status", skb->dev->name);
1163 /* should be dev_kfree_skb_irq, but due to this function being
1164 * named _irqsafe instead of just _irq we can't be sure that
1165 * people won't call it from non-irq contexts */
1166 dev_kfree_skb_any(skb);
1167 return;
1168 }
1169 memcpy(saved, status, sizeof(struct ieee80211_tx_status));
1170 /* copy pointer to saved status into skb->cb for use by tasklet */
1171 memcpy(skb->cb, &saved, sizeof(saved));
1172
1173 skb->pkt_type = IEEE80211_TX_STATUS_MSG; 1182 skb->pkt_type = IEEE80211_TX_STATUS_MSG;
1174 skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ? 1183 skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
1175 &local->skb_queue : &local->skb_queue_unreliable, skb); 1184 &local->skb_queue : &local->skb_queue_unreliable, skb);
1176 tmp = skb_queue_len(&local->skb_queue) + 1185 tmp = skb_queue_len(&local->skb_queue) +
1177 skb_queue_len(&local->skb_queue_unreliable); 1186 skb_queue_len(&local->skb_queue_unreliable);
1178 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT && 1187 while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
1179 (skb = skb_dequeue(&local->skb_queue_unreliable))) { 1188 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
1180 memcpy(&saved, skb->cb, sizeof(saved));
1181 kfree(saved);
1182 dev_kfree_skb_irq(skb); 1189 dev_kfree_skb_irq(skb);
1183 tmp--; 1190 tmp--;
1184 I802_DEBUG_INC(local->tx_status_drop); 1191 I802_DEBUG_INC(local->tx_status_drop);
@@ -1192,7 +1199,6 @@ static void ieee80211_tasklet_handler(unsigned long data)
1192 struct ieee80211_local *local = (struct ieee80211_local *) data; 1199 struct ieee80211_local *local = (struct ieee80211_local *) data;
1193 struct sk_buff *skb; 1200 struct sk_buff *skb;
1194 struct ieee80211_rx_status rx_status; 1201 struct ieee80211_rx_status rx_status;
1195 struct ieee80211_tx_status *tx_status;
1196 struct ieee80211_ra_tid *ra_tid; 1202 struct ieee80211_ra_tid *ra_tid;
1197 1203
1198 while ((skb = skb_dequeue(&local->skb_queue)) || 1204 while ((skb = skb_dequeue(&local->skb_queue)) ||
@@ -1207,12 +1213,8 @@ static void ieee80211_tasklet_handler(unsigned long data)
1207 __ieee80211_rx(local_to_hw(local), skb, &rx_status); 1213 __ieee80211_rx(local_to_hw(local), skb, &rx_status);
1208 break; 1214 break;
1209 case IEEE80211_TX_STATUS_MSG: 1215 case IEEE80211_TX_STATUS_MSG:
1210 /* get pointer to saved status out of skb->cb */
1211 memcpy(&tx_status, skb->cb, sizeof(tx_status));
1212 skb->pkt_type = 0; 1216 skb->pkt_type = 0;
1213 ieee80211_tx_status(local_to_hw(local), 1217 ieee80211_tx_status(local_to_hw(local), skb);
1214 skb, tx_status);
1215 kfree(tx_status);
1216 break; 1218 break;
1217 case IEEE80211_DELBA_MSG: 1219 case IEEE80211_DELBA_MSG:
1218 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 1220 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
@@ -1226,9 +1228,8 @@ static void ieee80211_tasklet_handler(unsigned long data)
1226 ra_tid->ra, ra_tid->tid); 1228 ra_tid->ra, ra_tid->tid);
1227 dev_kfree_skb(skb); 1229 dev_kfree_skb(skb);
1228 break ; 1230 break ;
1229 default: /* should never get here! */ 1231 default:
1230 printk(KERN_ERR "%s: Unknown message type (%d)\n", 1232 WARN_ON(1);
1231 wiphy_name(local->hw.wiphy), skb->pkt_type);
1232 dev_kfree_skb(skb); 1233 dev_kfree_skb(skb);
1233 break; 1234 break;
1234 } 1235 }
@@ -1238,27 +1239,12 @@ static void ieee80211_tasklet_handler(unsigned long data)
1238/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to 1239/* Remove added headers (e.g., QoS control), encryption header/MIC, etc. to
1239 * make a prepared TX frame (one that has been given to hw) to look like brand 1240 * make a prepared TX frame (one that has been given to hw) to look like brand
1240 * new IEEE 802.11 frame that is ready to go through TX processing again. 1241 * new IEEE 802.11 frame that is ready to go through TX processing again.
1241 * Also, tx_packet_data in cb is restored from tx_control. */ 1242 */
1242static void ieee80211_remove_tx_extra(struct ieee80211_local *local, 1243static void ieee80211_remove_tx_extra(struct ieee80211_local *local,
1243 struct ieee80211_key *key, 1244 struct ieee80211_key *key,
1244 struct sk_buff *skb, 1245 struct sk_buff *skb)
1245 struct ieee80211_tx_control *control)
1246{ 1246{
1247 int hdrlen, iv_len, mic_len; 1247 int hdrlen, iv_len, mic_len;
1248 struct ieee80211_tx_packet_data *pkt_data;
1249
1250 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1251 pkt_data->ifindex = vif_to_sdata(control->vif)->dev->ifindex;
1252 pkt_data->flags = 0;
1253 if (control->flags & IEEE80211_TXCTL_REQ_TX_STATUS)
1254 pkt_data->flags |= IEEE80211_TXPD_REQ_TX_STATUS;
1255 if (control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT)
1256 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
1257 if (control->flags & IEEE80211_TXCTL_REQUEUE)
1258 pkt_data->flags |= IEEE80211_TXPD_REQUEUE;
1259 if (control->flags & IEEE80211_TXCTL_EAPOL_FRAME)
1260 pkt_data->flags |= IEEE80211_TXPD_EAPOL_FRAME;
1261 pkt_data->queue = control->queue;
1262 1248
1263 hdrlen = ieee80211_get_hdrlen_from_skb(skb); 1249 hdrlen = ieee80211_get_hdrlen_from_skb(skb);
1264 1250
@@ -1305,17 +1291,18 @@ no_key:
1305 1291
1306static void ieee80211_handle_filtered_frame(struct ieee80211_local *local, 1292static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
1307 struct sta_info *sta, 1293 struct sta_info *sta,
1308 struct sk_buff *skb, 1294 struct sk_buff *skb)
1309 struct ieee80211_tx_status *status)
1310{ 1295{
1296 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1297
1311 sta->tx_filtered_count++; 1298 sta->tx_filtered_count++;
1312 1299
1313 /* 1300 /*
1314 * Clear the TX filter mask for this STA when sending the next 1301 * Clear the TX filter mask for this STA when sending the next
1315 * packet. If the STA went to power save mode, this will happen 1302 * packet. If the STA went to power save mode, this will happen
1316 * happen when it wakes up for the next time. 1303 * when it wakes up for the next time.
1317 */ 1304 */
1318 sta->flags |= WLAN_STA_CLEAR_PS_FILT; 1305 set_sta_flags(sta, WLAN_STA_CLEAR_PS_FILT);
1319 1306
1320 /* 1307 /*
1321 * This code races in the following way: 1308 * This code races in the following way:
@@ -1347,84 +1334,89 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
1347 * can be unknown, for example with different interrupt status 1334 * can be unknown, for example with different interrupt status
1348 * bits. 1335 * bits.
1349 */ 1336 */
1350 if (sta->flags & WLAN_STA_PS && 1337 if (test_sta_flags(sta, WLAN_STA_PS) &&
1351 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) { 1338 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
1352 ieee80211_remove_tx_extra(local, sta->key, skb, 1339 ieee80211_remove_tx_extra(local, sta->key, skb);
1353 &status->control);
1354 skb_queue_tail(&sta->tx_filtered, skb); 1340 skb_queue_tail(&sta->tx_filtered, skb);
1355 return; 1341 return;
1356 } 1342 }
1357 1343
1358 if (!(sta->flags & WLAN_STA_PS) && 1344 if (!test_sta_flags(sta, WLAN_STA_PS) &&
1359 !(status->control.flags & IEEE80211_TXCTL_REQUEUE)) { 1345 !(info->flags & IEEE80211_TX_CTL_REQUEUE)) {
1360 /* Software retry the packet once */ 1346 /* Software retry the packet once */
1361 status->control.flags |= IEEE80211_TXCTL_REQUEUE; 1347 info->flags |= IEEE80211_TX_CTL_REQUEUE;
1362 ieee80211_remove_tx_extra(local, sta->key, skb, 1348 ieee80211_remove_tx_extra(local, sta->key, skb);
1363 &status->control);
1364 dev_queue_xmit(skb); 1349 dev_queue_xmit(skb);
1365 return; 1350 return;
1366 } 1351 }
1367 1352
1353#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1368 if (net_ratelimit()) 1354 if (net_ratelimit())
1369 printk(KERN_DEBUG "%s: dropped TX filtered frame, " 1355 printk(KERN_DEBUG "%s: dropped TX filtered frame, "
1370 "queue_len=%d PS=%d @%lu\n", 1356 "queue_len=%d PS=%d @%lu\n",
1371 wiphy_name(local->hw.wiphy), 1357 wiphy_name(local->hw.wiphy),
1372 skb_queue_len(&sta->tx_filtered), 1358 skb_queue_len(&sta->tx_filtered),
1373 !!(sta->flags & WLAN_STA_PS), jiffies); 1359 !!test_sta_flags(sta, WLAN_STA_PS), jiffies);
1360#endif
1374 dev_kfree_skb(skb); 1361 dev_kfree_skb(skb);
1375} 1362}
1376 1363
1377void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb, 1364void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
1378 struct ieee80211_tx_status *status)
1379{ 1365{
1380 struct sk_buff *skb2; 1366 struct sk_buff *skb2;
1381 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1367 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1382 struct ieee80211_local *local = hw_to_local(hw); 1368 struct ieee80211_local *local = hw_to_local(hw);
1369 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1383 u16 frag, type; 1370 u16 frag, type;
1371 __le16 fc;
1384 struct ieee80211_tx_status_rtap_hdr *rthdr; 1372 struct ieee80211_tx_status_rtap_hdr *rthdr;
1385 struct ieee80211_sub_if_data *sdata; 1373 struct ieee80211_sub_if_data *sdata;
1386 struct net_device *prev_dev = NULL; 1374 struct net_device *prev_dev = NULL;
1387 1375 struct sta_info *sta;
1388 if (!status) {
1389 printk(KERN_ERR
1390 "%s: ieee80211_tx_status called with NULL status\n",
1391 wiphy_name(local->hw.wiphy));
1392 dev_kfree_skb(skb);
1393 return;
1394 }
1395 1376
1396 rcu_read_lock(); 1377 rcu_read_lock();
1397 1378
1398 if (status->excessive_retries) { 1379 if (info->status.excessive_retries) {
1399 struct sta_info *sta;
1400 sta = sta_info_get(local, hdr->addr1); 1380 sta = sta_info_get(local, hdr->addr1);
1401 if (sta) { 1381 if (sta) {
1402 if (sta->flags & WLAN_STA_PS) { 1382 if (test_sta_flags(sta, WLAN_STA_PS)) {
1403 /* 1383 /*
1404 * The STA is in power save mode, so assume 1384 * The STA is in power save mode, so assume
1405 * that this TX packet failed because of that. 1385 * that this TX packet failed because of that.
1406 */ 1386 */
1407 status->excessive_retries = 0; 1387 ieee80211_handle_filtered_frame(local, sta, skb);
1408 status->flags |= IEEE80211_TX_STATUS_TX_FILTERED;
1409 ieee80211_handle_filtered_frame(local, sta,
1410 skb, status);
1411 rcu_read_unlock(); 1388 rcu_read_unlock();
1412 return; 1389 return;
1413 } 1390 }
1414 } 1391 }
1415 } 1392 }
1416 1393
1417 if (status->flags & IEEE80211_TX_STATUS_TX_FILTERED) { 1394 fc = hdr->frame_control;
1418 struct sta_info *sta; 1395
1396 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
1397 (ieee80211_is_data_qos(fc))) {
1398 u16 tid, ssn;
1399 u8 *qc;
1400 sta = sta_info_get(local, hdr->addr1);
1401 if (sta) {
1402 qc = ieee80211_get_qos_ctl(hdr);
1403 tid = qc[0] & 0xf;
1404 ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
1405 & IEEE80211_SCTL_SEQ);
1406 ieee80211_send_bar(sta->sdata->dev, hdr->addr1,
1407 tid, ssn);
1408 }
1409 }
1410
1411 if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
1419 sta = sta_info_get(local, hdr->addr1); 1412 sta = sta_info_get(local, hdr->addr1);
1420 if (sta) { 1413 if (sta) {
1421 ieee80211_handle_filtered_frame(local, sta, skb, 1414 ieee80211_handle_filtered_frame(local, sta, skb);
1422 status);
1423 rcu_read_unlock(); 1415 rcu_read_unlock();
1424 return; 1416 return;
1425 } 1417 }
1426 } else 1418 } else
1427 rate_control_tx_status(local->mdev, skb, status); 1419 rate_control_tx_status(local->mdev, skb);
1428 1420
1429 rcu_read_unlock(); 1421 rcu_read_unlock();
1430 1422
@@ -1438,14 +1430,14 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
1438 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG; 1430 frag = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
1439 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE; 1431 type = le16_to_cpu(hdr->frame_control) & IEEE80211_FCTL_FTYPE;
1440 1432
1441 if (status->flags & IEEE80211_TX_STATUS_ACK) { 1433 if (info->flags & IEEE80211_TX_STAT_ACK) {
1442 if (frag == 0) { 1434 if (frag == 0) {
1443 local->dot11TransmittedFrameCount++; 1435 local->dot11TransmittedFrameCount++;
1444 if (is_multicast_ether_addr(hdr->addr1)) 1436 if (is_multicast_ether_addr(hdr->addr1))
1445 local->dot11MulticastTransmittedFrameCount++; 1437 local->dot11MulticastTransmittedFrameCount++;
1446 if (status->retry_count > 0) 1438 if (info->status.retry_count > 0)
1447 local->dot11RetryCount++; 1439 local->dot11RetryCount++;
1448 if (status->retry_count > 1) 1440 if (info->status.retry_count > 1)
1449 local->dot11MultipleRetryCount++; 1441 local->dot11MultipleRetryCount++;
1450 } 1442 }
1451 1443
@@ -1482,7 +1474,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
1482 return; 1474 return;
1483 } 1475 }
1484 1476
1485 rthdr = (struct ieee80211_tx_status_rtap_hdr*) 1477 rthdr = (struct ieee80211_tx_status_rtap_hdr *)
1486 skb_push(skb, sizeof(*rthdr)); 1478 skb_push(skb, sizeof(*rthdr));
1487 1479
1488 memset(rthdr, 0, sizeof(*rthdr)); 1480 memset(rthdr, 0, sizeof(*rthdr));
@@ -1491,17 +1483,17 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb,
1491 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) | 1483 cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
1492 (1 << IEEE80211_RADIOTAP_DATA_RETRIES)); 1484 (1 << IEEE80211_RADIOTAP_DATA_RETRIES));
1493 1485
1494 if (!(status->flags & IEEE80211_TX_STATUS_ACK) && 1486 if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
1495 !is_multicast_ether_addr(hdr->addr1)) 1487 !is_multicast_ether_addr(hdr->addr1))
1496 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL); 1488 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_FAIL);
1497 1489
1498 if ((status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS) && 1490 if ((info->flags & IEEE80211_TX_CTL_USE_RTS_CTS) &&
1499 (status->control.flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) 1491 (info->flags & IEEE80211_TX_CTL_USE_CTS_PROTECT))
1500 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS); 1492 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_CTS);
1501 else if (status->control.flags & IEEE80211_TXCTL_USE_RTS_CTS) 1493 else if (info->flags & IEEE80211_TX_CTL_USE_RTS_CTS)
1502 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS); 1494 rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_F_TX_RTS);
1503 1495
1504 rthdr->data_retries = status->retry_count; 1496 rthdr->data_retries = info->status.retry_count;
1505 1497
1506 /* XXX: is this sufficient for BPF? */ 1498 /* XXX: is this sufficient for BPF? */
1507 skb_set_mac_header(skb, 0); 1499 skb_set_mac_header(skb, 0);
@@ -1627,7 +1619,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1627 int result; 1619 int result;
1628 enum ieee80211_band band; 1620 enum ieee80211_band band;
1629 struct net_device *mdev; 1621 struct net_device *mdev;
1630 struct ieee80211_sub_if_data *sdata; 1622 struct wireless_dev *mwdev;
1631 1623
1632 /* 1624 /*
1633 * generic code guarantees at least one band, 1625 * generic code guarantees at least one band,
@@ -1651,19 +1643,30 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1651 if (result < 0) 1643 if (result < 0)
1652 return result; 1644 return result;
1653 1645
1654 /* for now, mdev needs sub_if_data :/ */ 1646 /*
1655 mdev = alloc_netdev(sizeof(struct ieee80211_sub_if_data), 1647 * We use the number of queues for feature tests (QoS, HT) internally
1656 "wmaster%d", ether_setup); 1648 * so restrict them appropriately.
1649 */
1650 if (hw->queues > IEEE80211_MAX_QUEUES)
1651 hw->queues = IEEE80211_MAX_QUEUES;
1652 if (hw->ampdu_queues > IEEE80211_MAX_AMPDU_QUEUES)
1653 hw->ampdu_queues = IEEE80211_MAX_AMPDU_QUEUES;
1654 if (hw->queues < 4)
1655 hw->ampdu_queues = 0;
1656
1657 mdev = alloc_netdev_mq(sizeof(struct wireless_dev),
1658 "wmaster%d", ether_setup,
1659 ieee80211_num_queues(hw));
1657 if (!mdev) 1660 if (!mdev)
1658 goto fail_mdev_alloc; 1661 goto fail_mdev_alloc;
1659 1662
1660 sdata = IEEE80211_DEV_TO_SUB_IF(mdev); 1663 mwdev = netdev_priv(mdev);
1661 mdev->ieee80211_ptr = &sdata->wdev; 1664 mdev->ieee80211_ptr = mwdev;
1662 sdata->wdev.wiphy = local->hw.wiphy; 1665 mwdev->wiphy = local->hw.wiphy;
1663 1666
1664 local->mdev = mdev; 1667 local->mdev = mdev;
1665 1668
1666 ieee80211_rx_bss_list_init(mdev); 1669 ieee80211_rx_bss_list_init(local);
1667 1670
1668 mdev->hard_start_xmit = ieee80211_master_start_xmit; 1671 mdev->hard_start_xmit = ieee80211_master_start_xmit;
1669 mdev->open = ieee80211_master_open; 1672 mdev->open = ieee80211_master_open;
@@ -1672,18 +1675,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1672 mdev->header_ops = &ieee80211_header_ops; 1675 mdev->header_ops = &ieee80211_header_ops;
1673 mdev->set_multicast_list = ieee80211_master_set_multicast_list; 1676 mdev->set_multicast_list = ieee80211_master_set_multicast_list;
1674 1677
1675 sdata->vif.type = IEEE80211_IF_TYPE_AP;
1676 sdata->dev = mdev;
1677 sdata->local = local;
1678 sdata->u.ap.force_unicast_rateidx = -1;
1679 sdata->u.ap.max_ratectrl_rateidx = -1;
1680 ieee80211_if_sdata_init(sdata);
1681
1682 /* no RCU needed since we're still during init phase */
1683 list_add_tail(&sdata->list, &local->interfaces);
1684
1685 name = wiphy_dev(local->hw.wiphy)->driver->name; 1678 name = wiphy_dev(local->hw.wiphy)->driver->name;
1686 local->hw.workqueue = create_singlethread_workqueue(name); 1679 local->hw.workqueue = create_freezeable_workqueue(name);
1687 if (!local->hw.workqueue) { 1680 if (!local->hw.workqueue) {
1688 result = -ENOMEM; 1681 result = -ENOMEM;
1689 goto fail_workqueue; 1682 goto fail_workqueue;
@@ -1699,15 +1692,21 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1699 1692
1700 debugfs_hw_add(local); 1693 debugfs_hw_add(local);
1701 1694
1702 local->hw.conf.beacon_int = 1000; 1695 if (local->hw.conf.beacon_int < 10)
1696 local->hw.conf.beacon_int = 100;
1697
1698 if (local->hw.max_listen_interval == 0)
1699 local->hw.max_listen_interval = 1;
1700
1701 local->hw.conf.listen_interval = local->hw.max_listen_interval;
1703 1702
1704 local->wstats_flags |= local->hw.max_rssi ? 1703 local->wstats_flags |= local->hw.flags & (IEEE80211_HW_SIGNAL_UNSPEC |
1705 IW_QUAL_LEVEL_UPDATED : IW_QUAL_LEVEL_INVALID; 1704 IEEE80211_HW_SIGNAL_DB |
1706 local->wstats_flags |= local->hw.max_signal ? 1705 IEEE80211_HW_SIGNAL_DBM) ?
1707 IW_QUAL_QUAL_UPDATED : IW_QUAL_QUAL_INVALID; 1706 IW_QUAL_QUAL_UPDATED : IW_QUAL_QUAL_INVALID;
1708 local->wstats_flags |= local->hw.max_noise ? 1707 local->wstats_flags |= local->hw.flags & IEEE80211_HW_NOISE_DBM ?
1709 IW_QUAL_NOISE_UPDATED : IW_QUAL_NOISE_INVALID; 1708 IW_QUAL_NOISE_UPDATED : IW_QUAL_NOISE_INVALID;
1710 if (local->hw.max_rssi < 0 || local->hw.max_noise < 0) 1709 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
1711 local->wstats_flags |= IW_QUAL_DBM; 1710 local->wstats_flags |= IW_QUAL_DBM;
1712 1711
1713 result = sta_info_start(local); 1712 result = sta_info_start(local);
@@ -1726,9 +1725,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1726 if (result < 0) 1725 if (result < 0)
1727 goto fail_dev; 1726 goto fail_dev;
1728 1727
1729 ieee80211_debugfs_add_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
1730 ieee80211_if_set_type(local->mdev, IEEE80211_IF_TYPE_AP);
1731
1732 result = ieee80211_init_rate_ctrl_alg(local, 1728 result = ieee80211_init_rate_ctrl_alg(local,
1733 hw->rate_control_algorithm); 1729 hw->rate_control_algorithm);
1734 if (result < 0) { 1730 if (result < 0) {
@@ -1740,21 +1736,20 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1740 result = ieee80211_wep_init(local); 1736 result = ieee80211_wep_init(local);
1741 1737
1742 if (result < 0) { 1738 if (result < 0) {
1743 printk(KERN_DEBUG "%s: Failed to initialize wep\n", 1739 printk(KERN_DEBUG "%s: Failed to initialize wep: %d\n",
1744 wiphy_name(local->hw.wiphy)); 1740 wiphy_name(local->hw.wiphy), result);
1745 goto fail_wep; 1741 goto fail_wep;
1746 } 1742 }
1747 1743
1748 ieee80211_install_qdisc(local->mdev); 1744 local->mdev->select_queue = ieee80211_select_queue;
1749 1745
1750 /* add one default STA interface */ 1746 /* add one default STA interface */
1751 result = ieee80211_if_add(local->mdev, "wlan%d", NULL, 1747 result = ieee80211_if_add(local, "wlan%d", NULL,
1752 IEEE80211_IF_TYPE_STA, NULL); 1748 IEEE80211_IF_TYPE_STA, NULL);
1753 if (result) 1749 if (result)
1754 printk(KERN_WARNING "%s: Failed to add default virtual iface\n", 1750 printk(KERN_WARNING "%s: Failed to add default virtual iface\n",
1755 wiphy_name(local->hw.wiphy)); 1751 wiphy_name(local->hw.wiphy));
1756 1752
1757 local->reg_state = IEEE80211_DEV_REGISTERED;
1758 rtnl_unlock(); 1753 rtnl_unlock();
1759 1754
1760 ieee80211_led_init(local); 1755 ieee80211_led_init(local);
@@ -1764,7 +1759,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
1764fail_wep: 1759fail_wep:
1765 rate_control_deinitialize(local); 1760 rate_control_deinitialize(local);
1766fail_rate: 1761fail_rate:
1767 ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(local->mdev));
1768 unregister_netdevice(local->mdev); 1762 unregister_netdevice(local->mdev);
1769 local->mdev = NULL; 1763 local->mdev = NULL;
1770fail_dev: 1764fail_dev:
@@ -1774,10 +1768,8 @@ fail_sta_info:
1774 debugfs_hw_del(local); 1768 debugfs_hw_del(local);
1775 destroy_workqueue(local->hw.workqueue); 1769 destroy_workqueue(local->hw.workqueue);
1776fail_workqueue: 1770fail_workqueue:
1777 if (local->mdev != NULL) { 1771 if (local->mdev)
1778 ieee80211_if_free(local->mdev); 1772 free_netdev(local->mdev);
1779 local->mdev = NULL;
1780 }
1781fail_mdev_alloc: 1773fail_mdev_alloc:
1782 wiphy_unregister(local->hw.wiphy); 1774 wiphy_unregister(local->hw.wiphy);
1783 return result; 1775 return result;
@@ -1787,42 +1779,27 @@ EXPORT_SYMBOL(ieee80211_register_hw);
1787void ieee80211_unregister_hw(struct ieee80211_hw *hw) 1779void ieee80211_unregister_hw(struct ieee80211_hw *hw)
1788{ 1780{
1789 struct ieee80211_local *local = hw_to_local(hw); 1781 struct ieee80211_local *local = hw_to_local(hw);
1790 struct ieee80211_sub_if_data *sdata, *tmp;
1791 1782
1792 tasklet_kill(&local->tx_pending_tasklet); 1783 tasklet_kill(&local->tx_pending_tasklet);
1793 tasklet_kill(&local->tasklet); 1784 tasklet_kill(&local->tasklet);
1794 1785
1795 rtnl_lock(); 1786 rtnl_lock();
1796 1787
1797 BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED);
1798
1799 local->reg_state = IEEE80211_DEV_UNREGISTERED;
1800
1801 /* 1788 /*
1802 * At this point, interface list manipulations are fine 1789 * At this point, interface list manipulations are fine
1803 * because the driver cannot be handing us frames any 1790 * because the driver cannot be handing us frames any
1804 * more and the tasklet is killed. 1791 * more and the tasklet is killed.
1805 */ 1792 */
1806 1793
1807 /* 1794 /* First, we remove all virtual interfaces. */
1808 * First, we remove all non-master interfaces. Do this because they 1795 ieee80211_remove_interfaces(local);
1809 * may have bss pointer dependency on the master, and when we free
1810 * the master these would be freed as well, breaking our list
1811 * iteration completely.
1812 */
1813 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
1814 if (sdata->dev == local->mdev)
1815 continue;
1816 list_del(&sdata->list);
1817 __ieee80211_if_del(local, sdata);
1818 }
1819 1796
1820 /* then, finally, remove the master interface */ 1797 /* then, finally, remove the master interface */
1821 __ieee80211_if_del(local, IEEE80211_DEV_TO_SUB_IF(local->mdev)); 1798 unregister_netdevice(local->mdev);
1822 1799
1823 rtnl_unlock(); 1800 rtnl_unlock();
1824 1801
1825 ieee80211_rx_bss_list_deinit(local->mdev); 1802 ieee80211_rx_bss_list_deinit(local);
1826 ieee80211_clear_tx_pending(local); 1803 ieee80211_clear_tx_pending(local);
1827 sta_info_stop(local); 1804 sta_info_stop(local);
1828 rate_control_deinitialize(local); 1805 rate_control_deinitialize(local);
@@ -1839,8 +1816,7 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
1839 wiphy_unregister(local->hw.wiphy); 1816 wiphy_unregister(local->hw.wiphy);
1840 ieee80211_wep_free(local); 1817 ieee80211_wep_free(local);
1841 ieee80211_led_exit(local); 1818 ieee80211_led_exit(local);
1842 ieee80211_if_free(local->mdev); 1819 free_netdev(local->mdev);
1843 local->mdev = NULL;
1844} 1820}
1845EXPORT_SYMBOL(ieee80211_unregister_hw); 1821EXPORT_SYMBOL(ieee80211_unregister_hw);
1846 1822
@@ -1857,27 +1833,17 @@ static int __init ieee80211_init(void)
1857 struct sk_buff *skb; 1833 struct sk_buff *skb;
1858 int ret; 1834 int ret;
1859 1835
1860 BUILD_BUG_ON(sizeof(struct ieee80211_tx_packet_data) > sizeof(skb->cb)); 1836 BUILD_BUG_ON(sizeof(struct ieee80211_tx_info) > sizeof(skb->cb));
1837 BUILD_BUG_ON(offsetof(struct ieee80211_tx_info, driver_data) +
1838 IEEE80211_TX_INFO_DRIVER_DATA_SIZE > sizeof(skb->cb));
1861 1839
1862 ret = rc80211_pid_init(); 1840 ret = rc80211_pid_init();
1863 if (ret) 1841 if (ret)
1864 goto out; 1842 return ret;
1865
1866 ret = ieee80211_wme_register();
1867 if (ret) {
1868 printk(KERN_DEBUG "ieee80211_init: failed to "
1869 "initialize WME (err=%d)\n", ret);
1870 goto out_cleanup_pid;
1871 }
1872 1843
1873 ieee80211_debugfs_netdev_init(); 1844 ieee80211_debugfs_netdev_init();
1874 1845
1875 return 0; 1846 return 0;
1876
1877 out_cleanup_pid:
1878 rc80211_pid_exit();
1879 out:
1880 return ret;
1881} 1847}
1882 1848
1883static void __exit ieee80211_exit(void) 1849static void __exit ieee80211_exit(void)
@@ -1893,7 +1859,6 @@ static void __exit ieee80211_exit(void)
1893 if (mesh_allocated) 1859 if (mesh_allocated)
1894 ieee80211s_stop(); 1860 ieee80211s_stop();
1895 1861
1896 ieee80211_wme_unregister();
1897 ieee80211_debugfs_netdev_exit(); 1862 ieee80211_debugfs_netdev_exit();
1898} 1863}
1899 1864
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 697ef67f96b6..35f2f95f2fa7 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -315,6 +315,13 @@ struct mesh_table *mesh_table_alloc(int size_order)
315 return newtbl; 315 return newtbl;
316} 316}
317 317
318static void __mesh_table_free(struct mesh_table *tbl)
319{
320 kfree(tbl->hash_buckets);
321 kfree(tbl->hashwlock);
322 kfree(tbl);
323}
324
318void mesh_table_free(struct mesh_table *tbl, bool free_leafs) 325void mesh_table_free(struct mesh_table *tbl, bool free_leafs)
319{ 326{
320 struct hlist_head *mesh_hash; 327 struct hlist_head *mesh_hash;
@@ -330,9 +337,7 @@ void mesh_table_free(struct mesh_table *tbl, bool free_leafs)
330 } 337 }
331 spin_unlock(&tbl->hashwlock[i]); 338 spin_unlock(&tbl->hashwlock[i]);
332 } 339 }
333 kfree(tbl->hash_buckets); 340 __mesh_table_free(tbl);
334 kfree(tbl->hashwlock);
335 kfree(tbl);
336} 341}
337 342
338static void ieee80211_mesh_path_timer(unsigned long data) 343static void ieee80211_mesh_path_timer(unsigned long data)
@@ -349,21 +354,16 @@ struct mesh_table *mesh_table_grow(struct mesh_table *tbl)
349{ 354{
350 struct mesh_table *newtbl; 355 struct mesh_table *newtbl;
351 struct hlist_head *oldhash; 356 struct hlist_head *oldhash;
352 struct hlist_node *p; 357 struct hlist_node *p, *q;
353 int err = 0;
354 int i; 358 int i;
355 359
356 if (atomic_read(&tbl->entries) 360 if (atomic_read(&tbl->entries)
357 < tbl->mean_chain_len * (tbl->hash_mask + 1)) { 361 < tbl->mean_chain_len * (tbl->hash_mask + 1))
358 err = -EPERM;
359 goto endgrow; 362 goto endgrow;
360 }
361 363
362 newtbl = mesh_table_alloc(tbl->size_order + 1); 364 newtbl = mesh_table_alloc(tbl->size_order + 1);
363 if (!newtbl) { 365 if (!newtbl)
364 err = -ENOMEM;
365 goto endgrow; 366 goto endgrow;
366 }
367 367
368 newtbl->free_node = tbl->free_node; 368 newtbl->free_node = tbl->free_node;
369 newtbl->mean_chain_len = tbl->mean_chain_len; 369 newtbl->mean_chain_len = tbl->mean_chain_len;
@@ -373,13 +373,19 @@ struct mesh_table *mesh_table_grow(struct mesh_table *tbl)
373 oldhash = tbl->hash_buckets; 373 oldhash = tbl->hash_buckets;
374 for (i = 0; i <= tbl->hash_mask; i++) 374 for (i = 0; i <= tbl->hash_mask; i++)
375 hlist_for_each(p, &oldhash[i]) 375 hlist_for_each(p, &oldhash[i])
376 tbl->copy_node(p, newtbl); 376 if (tbl->copy_node(p, newtbl) < 0)
377 goto errcopy;
377 378
379 return newtbl;
380
381errcopy:
382 for (i = 0; i <= newtbl->hash_mask; i++) {
383 hlist_for_each_safe(p, q, &newtbl->hash_buckets[i])
384 tbl->free_node(p, 0);
385 }
386 __mesh_table_free(newtbl);
378endgrow: 387endgrow:
379 if (err) 388 return NULL;
380 return NULL;
381 else
382 return newtbl;
383} 389}
384 390
385/** 391/**
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 2e161f6d8288..7495fbb0d211 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -109,7 +109,7 @@ struct mesh_table {
109 __u32 hash_rnd; /* Used for hash generation */ 109 __u32 hash_rnd; /* Used for hash generation */
110 atomic_t entries; /* Up to MAX_MESH_NEIGHBOURS */ 110 atomic_t entries; /* Up to MAX_MESH_NEIGHBOURS */
111 void (*free_node) (struct hlist_node *p, bool free_leafs); 111 void (*free_node) (struct hlist_node *p, bool free_leafs);
112 void (*copy_node) (struct hlist_node *p, struct mesh_table *newtbl); 112 int (*copy_node) (struct hlist_node *p, struct mesh_table *newtbl);
113 int size_order; 113 int size_order;
114 int mean_chain_len; 114 int mean_chain_len;
115}; 115};
@@ -214,8 +214,7 @@ void ieee80211s_stop(void);
214void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata); 214void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata);
215 215
216/* Mesh paths */ 216/* Mesh paths */
217int mesh_nexthop_lookup(u8 *next_hop, struct sk_buff *skb, 217int mesh_nexthop_lookup(struct sk_buff *skb, struct net_device *dev);
218 struct net_device *dev);
219void mesh_path_start_discovery(struct net_device *dev); 218void mesh_path_start_discovery(struct net_device *dev);
220struct mesh_path *mesh_path_lookup(u8 *dst, struct net_device *dev); 219struct mesh_path *mesh_path_lookup(u8 *dst, struct net_device *dev);
221struct mesh_path *mesh_path_lookup_by_idx(int idx, struct net_device *dev); 220struct mesh_path *mesh_path_lookup_by_idx(int idx, struct net_device *dev);
@@ -286,6 +285,4 @@ static inline void mesh_path_activate(struct mesh_path *mpath)
286#define mesh_allocated 0 285#define mesh_allocated 0
287#endif 286#endif
288 287
289#define MESH_PREQ(skb) (skb->cb + 30)
290
291#endif /* IEEE80211S_H */ 288#endif /* IEEE80211S_H */
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index af0cd1e3e213..08aca446ca01 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -26,7 +26,7 @@ static inline u32 u32_field_get(u8 *preq_elem, int offset, bool ae)
26{ 26{
27 if (ae) 27 if (ae)
28 offset += 6; 28 offset += 6;
29 return le32_to_cpu(get_unaligned((__le32 *) (preq_elem + offset))); 29 return get_unaligned_le32(preq_elem + offset);
30} 30}
31 31
32/* HWMP IE processing macros */ 32/* HWMP IE processing macros */
@@ -758,29 +758,30 @@ enddiscovery:
758/** 758/**
759 * ieee80211s_lookup_nexthop - put the appropriate next hop on a mesh frame 759 * ieee80211s_lookup_nexthop - put the appropriate next hop on a mesh frame
760 * 760 *
761 * @next_hop: output argument for next hop address 761 * @skb: 802.11 frame to be sent
762 * @skb: frame to be sent
763 * @dev: network device the frame will be sent through 762 * @dev: network device the frame will be sent through
763 * @fwd_frame: true if this frame was originally from a different host
764 * 764 *
765 * Returns: 0 if the next hop was found. Nonzero otherwise. If no next hop is 765 * Returns: 0 if the next hop was found. Nonzero otherwise. If no next hop is
766 * found, the function will start a path discovery and queue the frame so it is 766 * found, the function will start a path discovery and queue the frame so it is
767 * sent when the path is resolved. This means the caller must not free the skb 767 * sent when the path is resolved. This means the caller must not free the skb
768 * in this case. 768 * in this case.
769 */ 769 */
770int mesh_nexthop_lookup(u8 *next_hop, struct sk_buff *skb, 770int mesh_nexthop_lookup(struct sk_buff *skb, struct net_device *dev)
771 struct net_device *dev)
772{ 771{
773 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 772 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
774 struct sk_buff *skb_to_free = NULL; 773 struct sk_buff *skb_to_free = NULL;
775 struct mesh_path *mpath; 774 struct mesh_path *mpath;
775 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
776 u8 *dst_addr = hdr->addr3;
776 int err = 0; 777 int err = 0;
777 778
778 rcu_read_lock(); 779 rcu_read_lock();
779 mpath = mesh_path_lookup(skb->data, dev); 780 mpath = mesh_path_lookup(dst_addr, dev);
780 781
781 if (!mpath) { 782 if (!mpath) {
782 mesh_path_add(skb->data, dev); 783 mesh_path_add(dst_addr, dev);
783 mpath = mesh_path_lookup(skb->data, dev); 784 mpath = mesh_path_lookup(dst_addr, dev);
784 if (!mpath) { 785 if (!mpath) {
785 dev_kfree_skb(skb); 786 dev_kfree_skb(skb);
786 sdata->u.sta.mshstats.dropped_frames_no_route++; 787 sdata->u.sta.mshstats.dropped_frames_no_route++;
@@ -792,13 +793,13 @@ int mesh_nexthop_lookup(u8 *next_hop, struct sk_buff *skb,
792 if (mpath->flags & MESH_PATH_ACTIVE) { 793 if (mpath->flags & MESH_PATH_ACTIVE) {
793 if (time_after(jiffies, mpath->exp_time - 794 if (time_after(jiffies, mpath->exp_time -
794 msecs_to_jiffies(sdata->u.sta.mshcfg.path_refresh_time)) 795 msecs_to_jiffies(sdata->u.sta.mshcfg.path_refresh_time))
795 && skb->pkt_type != PACKET_OTHERHOST 796 && !memcmp(dev->dev_addr, hdr->addr4, ETH_ALEN)
796 && !(mpath->flags & MESH_PATH_RESOLVING) 797 && !(mpath->flags & MESH_PATH_RESOLVING)
797 && !(mpath->flags & MESH_PATH_FIXED)) { 798 && !(mpath->flags & MESH_PATH_FIXED)) {
798 mesh_queue_preq(mpath, 799 mesh_queue_preq(mpath,
799 PREQ_Q_F_START | PREQ_Q_F_REFRESH); 800 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
800 } 801 }
801 memcpy(next_hop, mpath->next_hop->addr, 802 memcpy(hdr->addr1, mpath->next_hop->addr,
802 ETH_ALEN); 803 ETH_ALEN);
803 } else { 804 } else {
804 if (!(mpath->flags & MESH_PATH_RESOLVING)) { 805 if (!(mpath->flags & MESH_PATH_RESOLVING)) {
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 99c2d360888e..838ee60492ad 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -158,19 +158,14 @@ int mesh_path_add(u8 *dst, struct net_device *dev)
158 if (atomic_add_unless(&sdata->u.sta.mpaths, 1, MESH_MAX_MPATHS) == 0) 158 if (atomic_add_unless(&sdata->u.sta.mpaths, 1, MESH_MAX_MPATHS) == 0)
159 return -ENOSPC; 159 return -ENOSPC;
160 160
161 err = -ENOMEM;
161 new_mpath = kzalloc(sizeof(struct mesh_path), GFP_KERNEL); 162 new_mpath = kzalloc(sizeof(struct mesh_path), GFP_KERNEL);
162 if (!new_mpath) { 163 if (!new_mpath)
163 atomic_dec(&sdata->u.sta.mpaths); 164 goto err_path_alloc;
164 err = -ENOMEM; 165
165 goto endadd2;
166 }
167 new_node = kmalloc(sizeof(struct mpath_node), GFP_KERNEL); 166 new_node = kmalloc(sizeof(struct mpath_node), GFP_KERNEL);
168 if (!new_node) { 167 if (!new_node)
169 kfree(new_mpath); 168 goto err_node_alloc;
170 atomic_dec(&sdata->u.sta.mpaths);
171 err = -ENOMEM;
172 goto endadd2;
173 }
174 169
175 read_lock(&pathtbl_resize_lock); 170 read_lock(&pathtbl_resize_lock);
176 memcpy(new_mpath->dst, dst, ETH_ALEN); 171 memcpy(new_mpath->dst, dst, ETH_ALEN);
@@ -189,16 +184,11 @@ int mesh_path_add(u8 *dst, struct net_device *dev)
189 184
190 spin_lock(&mesh_paths->hashwlock[hash_idx]); 185 spin_lock(&mesh_paths->hashwlock[hash_idx]);
191 186
187 err = -EEXIST;
192 hlist_for_each_entry(node, n, bucket, list) { 188 hlist_for_each_entry(node, n, bucket, list) {
193 mpath = node->mpath; 189 mpath = node->mpath;
194 if (mpath->dev == dev && memcmp(dst, mpath->dst, ETH_ALEN) 190 if (mpath->dev == dev && memcmp(dst, mpath->dst, ETH_ALEN) == 0)
195 == 0) { 191 goto err_exists;
196 err = -EEXIST;
197 atomic_dec(&sdata->u.sta.mpaths);
198 kfree(new_node);
199 kfree(new_mpath);
200 goto endadd;
201 }
202 } 192 }
203 193
204 hlist_add_head_rcu(&new_node->list, bucket); 194 hlist_add_head_rcu(&new_node->list, bucket);
@@ -206,10 +196,9 @@ int mesh_path_add(u8 *dst, struct net_device *dev)
206 mesh_paths->mean_chain_len * (mesh_paths->hash_mask + 1)) 196 mesh_paths->mean_chain_len * (mesh_paths->hash_mask + 1))
207 grow = 1; 197 grow = 1;
208 198
209endadd:
210 spin_unlock(&mesh_paths->hashwlock[hash_idx]); 199 spin_unlock(&mesh_paths->hashwlock[hash_idx]);
211 read_unlock(&pathtbl_resize_lock); 200 read_unlock(&pathtbl_resize_lock);
212 if (!err && grow) { 201 if (grow) {
213 struct mesh_table *oldtbl, *newtbl; 202 struct mesh_table *oldtbl, *newtbl;
214 203
215 write_lock(&pathtbl_resize_lock); 204 write_lock(&pathtbl_resize_lock);
@@ -217,7 +206,7 @@ endadd:
217 newtbl = mesh_table_grow(mesh_paths); 206 newtbl = mesh_table_grow(mesh_paths);
218 if (!newtbl) { 207 if (!newtbl) {
219 write_unlock(&pathtbl_resize_lock); 208 write_unlock(&pathtbl_resize_lock);
220 return -ENOMEM; 209 return 0;
221 } 210 }
222 rcu_assign_pointer(mesh_paths, newtbl); 211 rcu_assign_pointer(mesh_paths, newtbl);
223 write_unlock(&pathtbl_resize_lock); 212 write_unlock(&pathtbl_resize_lock);
@@ -225,7 +214,16 @@ endadd:
225 synchronize_rcu(); 214 synchronize_rcu();
226 mesh_table_free(oldtbl, false); 215 mesh_table_free(oldtbl, false);
227 } 216 }
228endadd2: 217 return 0;
218
219err_exists:
220 spin_unlock(&mesh_paths->hashwlock[hash_idx]);
221 read_unlock(&pathtbl_resize_lock);
222 kfree(new_node);
223err_node_alloc:
224 kfree(new_mpath);
225err_path_alloc:
226 atomic_dec(&sdata->u.sta.mpaths);
229 return err; 227 return err;
230} 228}
231 229
@@ -264,7 +262,6 @@ void mesh_plink_broken(struct sta_info *sta)
264 } 262 }
265 rcu_read_unlock(); 263 rcu_read_unlock();
266} 264}
267EXPORT_SYMBOL(mesh_plink_broken);
268 265
269/** 266/**
270 * mesh_path_flush_by_nexthop - Deletes mesh paths if their next hop matches 267 * mesh_path_flush_by_nexthop - Deletes mesh paths if their next hop matches
@@ -391,18 +388,15 @@ void mesh_path_tx_pending(struct mesh_path *mpath)
391void mesh_path_discard_frame(struct sk_buff *skb, struct net_device *dev) 388void mesh_path_discard_frame(struct sk_buff *skb, struct net_device *dev)
392{ 389{
393 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 390 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
391 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
394 struct mesh_path *mpath; 392 struct mesh_path *mpath;
395 u32 dsn = 0; 393 u32 dsn = 0;
396 394
397 if (skb->pkt_type == PACKET_OTHERHOST) { 395 if (memcmp(hdr->addr4, dev->dev_addr, ETH_ALEN) != 0) {
398 struct ieee80211s_hdr *prev_meshhdr;
399 int mshhdrlen;
400 u8 *ra, *da; 396 u8 *ra, *da;
401 397
402 prev_meshhdr = ((struct ieee80211s_hdr *)skb->cb); 398 da = hdr->addr3;
403 mshhdrlen = ieee80211_get_mesh_hdrlen(prev_meshhdr); 399 ra = hdr->addr2;
404 da = skb->data;
405 ra = MESH_PREQ(skb);
406 mpath = mesh_path_lookup(da, dev); 400 mpath = mesh_path_lookup(da, dev);
407 if (mpath) 401 if (mpath)
408 dsn = ++mpath->dsn; 402 dsn = ++mpath->dsn;
@@ -460,25 +454,28 @@ static void mesh_path_node_free(struct hlist_node *p, bool free_leafs)
460 struct mpath_node *node = hlist_entry(p, struct mpath_node, list); 454 struct mpath_node *node = hlist_entry(p, struct mpath_node, list);
461 mpath = node->mpath; 455 mpath = node->mpath;
462 hlist_del_rcu(p); 456 hlist_del_rcu(p);
463 synchronize_rcu();
464 if (free_leafs) 457 if (free_leafs)
465 kfree(mpath); 458 kfree(mpath);
466 kfree(node); 459 kfree(node);
467} 460}
468 461
469static void mesh_path_node_copy(struct hlist_node *p, struct mesh_table *newtbl) 462static int mesh_path_node_copy(struct hlist_node *p, struct mesh_table *newtbl)
470{ 463{
471 struct mesh_path *mpath; 464 struct mesh_path *mpath;
472 struct mpath_node *node, *new_node; 465 struct mpath_node *node, *new_node;
473 u32 hash_idx; 466 u32 hash_idx;
474 467
468 new_node = kmalloc(sizeof(struct mpath_node), GFP_ATOMIC);
469 if (new_node == NULL)
470 return -ENOMEM;
471
475 node = hlist_entry(p, struct mpath_node, list); 472 node = hlist_entry(p, struct mpath_node, list);
476 mpath = node->mpath; 473 mpath = node->mpath;
477 new_node = kmalloc(sizeof(struct mpath_node), GFP_KERNEL);
478 new_node->mpath = mpath; 474 new_node->mpath = mpath;
479 hash_idx = mesh_table_hash(mpath->dst, mpath->dev, newtbl); 475 hash_idx = mesh_table_hash(mpath->dst, mpath->dev, newtbl);
480 hlist_add_head(&new_node->list, 476 hlist_add_head(&new_node->list,
481 &newtbl->hash_buckets[hash_idx]); 477 &newtbl->hash_buckets[hash_idx]);
478 return 0;
482} 479}
483 480
484int mesh_pathtbl_init(void) 481int mesh_pathtbl_init(void)
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 37f0c2b94ae7..9efeb1f07025 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -79,7 +79,7 @@ void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
79 * 79 *
80 * @sta: mes peer link to restart 80 * @sta: mes peer link to restart
81 * 81 *
82 * Locking: this function must be called holding sta->plink_lock 82 * Locking: this function must be called holding sta->lock
83 */ 83 */
84static inline void mesh_plink_fsm_restart(struct sta_info *sta) 84static inline void mesh_plink_fsm_restart(struct sta_info *sta)
85{ 85{
@@ -105,7 +105,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
105 if (!sta) 105 if (!sta)
106 return NULL; 106 return NULL;
107 107
108 sta->flags |= WLAN_STA_AUTHORIZED; 108 sta->flags = WLAN_STA_AUTHORIZED;
109 sta->supp_rates[local->hw.conf.channel->band] = rates; 109 sta->supp_rates[local->hw.conf.channel->band] = rates;
110 110
111 return sta; 111 return sta;
@@ -118,7 +118,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
118 * 118 *
119 * All mesh paths with this peer as next hop will be flushed 119 * All mesh paths with this peer as next hop will be flushed
120 * 120 *
121 * Locking: the caller must hold sta->plink_lock 121 * Locking: the caller must hold sta->lock
122 */ 122 */
123static void __mesh_plink_deactivate(struct sta_info *sta) 123static void __mesh_plink_deactivate(struct sta_info *sta)
124{ 124{
@@ -139,9 +139,9 @@ static void __mesh_plink_deactivate(struct sta_info *sta)
139 */ 139 */
140void mesh_plink_deactivate(struct sta_info *sta) 140void mesh_plink_deactivate(struct sta_info *sta)
141{ 141{
142 spin_lock_bh(&sta->plink_lock); 142 spin_lock_bh(&sta->lock);
143 __mesh_plink_deactivate(sta); 143 __mesh_plink_deactivate(sta);
144 spin_unlock_bh(&sta->plink_lock); 144 spin_unlock_bh(&sta->lock);
145} 145}
146 146
147static int mesh_plink_frame_tx(struct net_device *dev, 147static int mesh_plink_frame_tx(struct net_device *dev,
@@ -270,10 +270,10 @@ static void mesh_plink_timer(unsigned long data)
270 */ 270 */
271 sta = (struct sta_info *) data; 271 sta = (struct sta_info *) data;
272 272
273 spin_lock_bh(&sta->plink_lock); 273 spin_lock_bh(&sta->lock);
274 if (sta->ignore_plink_timer) { 274 if (sta->ignore_plink_timer) {
275 sta->ignore_plink_timer = false; 275 sta->ignore_plink_timer = false;
276 spin_unlock_bh(&sta->plink_lock); 276 spin_unlock_bh(&sta->lock);
277 return; 277 return;
278 } 278 }
279 mpl_dbg("Mesh plink timer for %s fired on state %d\n", 279 mpl_dbg("Mesh plink timer for %s fired on state %d\n",
@@ -298,7 +298,7 @@ static void mesh_plink_timer(unsigned long data)
298 rand % sta->plink_timeout; 298 rand % sta->plink_timeout;
299 ++sta->plink_retries; 299 ++sta->plink_retries;
300 mod_plink_timer(sta, sta->plink_timeout); 300 mod_plink_timer(sta, sta->plink_timeout);
301 spin_unlock_bh(&sta->plink_lock); 301 spin_unlock_bh(&sta->lock);
302 mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid, 302 mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid,
303 0, 0); 303 0, 0);
304 break; 304 break;
@@ -311,7 +311,7 @@ static void mesh_plink_timer(unsigned long data)
311 reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT); 311 reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT);
312 sta->plink_state = PLINK_HOLDING; 312 sta->plink_state = PLINK_HOLDING;
313 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 313 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
314 spin_unlock_bh(&sta->plink_lock); 314 spin_unlock_bh(&sta->lock);
315 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, plid, 315 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, plid,
316 reason); 316 reason);
317 break; 317 break;
@@ -319,10 +319,10 @@ static void mesh_plink_timer(unsigned long data)
319 /* holding timer */ 319 /* holding timer */
320 del_timer(&sta->plink_timer); 320 del_timer(&sta->plink_timer);
321 mesh_plink_fsm_restart(sta); 321 mesh_plink_fsm_restart(sta);
322 spin_unlock_bh(&sta->plink_lock); 322 spin_unlock_bh(&sta->lock);
323 break; 323 break;
324 default: 324 default:
325 spin_unlock_bh(&sta->plink_lock); 325 spin_unlock_bh(&sta->lock);
326 break; 326 break;
327 } 327 }
328} 328}
@@ -344,16 +344,16 @@ int mesh_plink_open(struct sta_info *sta)
344 DECLARE_MAC_BUF(mac); 344 DECLARE_MAC_BUF(mac);
345#endif 345#endif
346 346
347 spin_lock_bh(&sta->plink_lock); 347 spin_lock_bh(&sta->lock);
348 get_random_bytes(&llid, 2); 348 get_random_bytes(&llid, 2);
349 sta->llid = llid; 349 sta->llid = llid;
350 if (sta->plink_state != PLINK_LISTEN) { 350 if (sta->plink_state != PLINK_LISTEN) {
351 spin_unlock_bh(&sta->plink_lock); 351 spin_unlock_bh(&sta->lock);
352 return -EBUSY; 352 return -EBUSY;
353 } 353 }
354 sta->plink_state = PLINK_OPN_SNT; 354 sta->plink_state = PLINK_OPN_SNT;
355 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata)); 355 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
356 spin_unlock_bh(&sta->plink_lock); 356 spin_unlock_bh(&sta->lock);
357 mpl_dbg("Mesh plink: starting establishment with %s\n", 357 mpl_dbg("Mesh plink: starting establishment with %s\n",
358 print_mac(mac, sta->addr)); 358 print_mac(mac, sta->addr));
359 359
@@ -367,10 +367,10 @@ void mesh_plink_block(struct sta_info *sta)
367 DECLARE_MAC_BUF(mac); 367 DECLARE_MAC_BUF(mac);
368#endif 368#endif
369 369
370 spin_lock_bh(&sta->plink_lock); 370 spin_lock_bh(&sta->lock);
371 __mesh_plink_deactivate(sta); 371 __mesh_plink_deactivate(sta);
372 sta->plink_state = PLINK_BLOCKED; 372 sta->plink_state = PLINK_BLOCKED;
373 spin_unlock_bh(&sta->plink_lock); 373 spin_unlock_bh(&sta->lock);
374} 374}
375 375
376int mesh_plink_close(struct sta_info *sta) 376int mesh_plink_close(struct sta_info *sta)
@@ -383,14 +383,14 @@ int mesh_plink_close(struct sta_info *sta)
383 383
384 mpl_dbg("Mesh plink: closing link with %s\n", 384 mpl_dbg("Mesh plink: closing link with %s\n",
385 print_mac(mac, sta->addr)); 385 print_mac(mac, sta->addr));
386 spin_lock_bh(&sta->plink_lock); 386 spin_lock_bh(&sta->lock);
387 sta->reason = cpu_to_le16(MESH_LINK_CANCELLED); 387 sta->reason = cpu_to_le16(MESH_LINK_CANCELLED);
388 reason = sta->reason; 388 reason = sta->reason;
389 389
390 if (sta->plink_state == PLINK_LISTEN || 390 if (sta->plink_state == PLINK_LISTEN ||
391 sta->plink_state == PLINK_BLOCKED) { 391 sta->plink_state == PLINK_BLOCKED) {
392 mesh_plink_fsm_restart(sta); 392 mesh_plink_fsm_restart(sta);
393 spin_unlock_bh(&sta->plink_lock); 393 spin_unlock_bh(&sta->lock);
394 return 0; 394 return 0;
395 } else if (sta->plink_state == PLINK_ESTAB) { 395 } else if (sta->plink_state == PLINK_ESTAB) {
396 __mesh_plink_deactivate(sta); 396 __mesh_plink_deactivate(sta);
@@ -402,7 +402,7 @@ int mesh_plink_close(struct sta_info *sta)
402 sta->plink_state = PLINK_HOLDING; 402 sta->plink_state = PLINK_HOLDING;
403 llid = sta->llid; 403 llid = sta->llid;
404 plid = sta->plid; 404 plid = sta->plid;
405 spin_unlock_bh(&sta->plink_lock); 405 spin_unlock_bh(&sta->lock);
406 mesh_plink_frame_tx(sta->sdata->dev, PLINK_CLOSE, sta->addr, llid, 406 mesh_plink_frame_tx(sta->sdata->dev, PLINK_CLOSE, sta->addr, llid,
407 plid, reason); 407 plid, reason);
408 return 0; 408 return 0;
@@ -490,7 +490,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
490 /* avoid warning */ 490 /* avoid warning */
491 break; 491 break;
492 } 492 }
493 spin_lock_bh(&sta->plink_lock); 493 spin_lock_bh(&sta->lock);
494 } else if (!sta) { 494 } else if (!sta) {
495 /* ftype == PLINK_OPEN */ 495 /* ftype == PLINK_OPEN */
496 u64 rates; 496 u64 rates;
@@ -512,9 +512,9 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
512 return; 512 return;
513 } 513 }
514 event = OPN_ACPT; 514 event = OPN_ACPT;
515 spin_lock_bh(&sta->plink_lock); 515 spin_lock_bh(&sta->lock);
516 } else { 516 } else {
517 spin_lock_bh(&sta->plink_lock); 517 spin_lock_bh(&sta->lock);
518 switch (ftype) { 518 switch (ftype) {
519 case PLINK_OPEN: 519 case PLINK_OPEN:
520 if (!mesh_plink_free_count(sdata) || 520 if (!mesh_plink_free_count(sdata) ||
@@ -551,7 +551,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
551 break; 551 break;
552 default: 552 default:
553 mpl_dbg("Mesh plink: unknown frame subtype\n"); 553 mpl_dbg("Mesh plink: unknown frame subtype\n");
554 spin_unlock_bh(&sta->plink_lock); 554 spin_unlock_bh(&sta->lock);
555 rcu_read_unlock(); 555 rcu_read_unlock();
556 return; 556 return;
557 } 557 }
@@ -568,7 +568,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
568 switch (event) { 568 switch (event) {
569 case CLS_ACPT: 569 case CLS_ACPT:
570 mesh_plink_fsm_restart(sta); 570 mesh_plink_fsm_restart(sta);
571 spin_unlock_bh(&sta->plink_lock); 571 spin_unlock_bh(&sta->lock);
572 break; 572 break;
573 case OPN_ACPT: 573 case OPN_ACPT:
574 sta->plink_state = PLINK_OPN_RCVD; 574 sta->plink_state = PLINK_OPN_RCVD;
@@ -576,14 +576,14 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
576 get_random_bytes(&llid, 2); 576 get_random_bytes(&llid, 2);
577 sta->llid = llid; 577 sta->llid = llid;
578 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata)); 578 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
579 spin_unlock_bh(&sta->plink_lock); 579 spin_unlock_bh(&sta->lock);
580 mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid, 580 mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid,
581 0, 0); 581 0, 0);
582 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, 582 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr,
583 llid, plid, 0); 583 llid, plid, 0);
584 break; 584 break;
585 default: 585 default:
586 spin_unlock_bh(&sta->plink_lock); 586 spin_unlock_bh(&sta->lock);
587 break; 587 break;
588 } 588 }
589 break; 589 break;
@@ -603,7 +603,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
603 sta->ignore_plink_timer = true; 603 sta->ignore_plink_timer = true;
604 604
605 llid = sta->llid; 605 llid = sta->llid;
606 spin_unlock_bh(&sta->plink_lock); 606 spin_unlock_bh(&sta->lock);
607 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, 607 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
608 plid, reason); 608 plid, reason);
609 break; 609 break;
@@ -612,7 +612,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
612 sta->plink_state = PLINK_OPN_RCVD; 612 sta->plink_state = PLINK_OPN_RCVD;
613 sta->plid = plid; 613 sta->plid = plid;
614 llid = sta->llid; 614 llid = sta->llid;
615 spin_unlock_bh(&sta->plink_lock); 615 spin_unlock_bh(&sta->lock);
616 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid, 616 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid,
617 plid, 0); 617 plid, 0);
618 break; 618 break;
@@ -622,10 +622,10 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
622 dot11MeshConfirmTimeout(sdata))) 622 dot11MeshConfirmTimeout(sdata)))
623 sta->ignore_plink_timer = true; 623 sta->ignore_plink_timer = true;
624 624
625 spin_unlock_bh(&sta->plink_lock); 625 spin_unlock_bh(&sta->lock);
626 break; 626 break;
627 default: 627 default:
628 spin_unlock_bh(&sta->plink_lock); 628 spin_unlock_bh(&sta->lock);
629 break; 629 break;
630 } 630 }
631 break; 631 break;
@@ -645,13 +645,13 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
645 sta->ignore_plink_timer = true; 645 sta->ignore_plink_timer = true;
646 646
647 llid = sta->llid; 647 llid = sta->llid;
648 spin_unlock_bh(&sta->plink_lock); 648 spin_unlock_bh(&sta->lock);
649 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, 649 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
650 plid, reason); 650 plid, reason);
651 break; 651 break;
652 case OPN_ACPT: 652 case OPN_ACPT:
653 llid = sta->llid; 653 llid = sta->llid;
654 spin_unlock_bh(&sta->plink_lock); 654 spin_unlock_bh(&sta->lock);
655 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid, 655 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid,
656 plid, 0); 656 plid, 0);
657 break; 657 break;
@@ -659,12 +659,12 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
659 del_timer(&sta->plink_timer); 659 del_timer(&sta->plink_timer);
660 sta->plink_state = PLINK_ESTAB; 660 sta->plink_state = PLINK_ESTAB;
661 mesh_plink_inc_estab_count(sdata); 661 mesh_plink_inc_estab_count(sdata);
662 spin_unlock_bh(&sta->plink_lock); 662 spin_unlock_bh(&sta->lock);
663 mpl_dbg("Mesh plink with %s ESTABLISHED\n", 663 mpl_dbg("Mesh plink with %s ESTABLISHED\n",
664 print_mac(mac, sta->addr)); 664 print_mac(mac, sta->addr));
665 break; 665 break;
666 default: 666 default:
667 spin_unlock_bh(&sta->plink_lock); 667 spin_unlock_bh(&sta->lock);
668 break; 668 break;
669 } 669 }
670 break; 670 break;
@@ -684,7 +684,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
684 sta->ignore_plink_timer = true; 684 sta->ignore_plink_timer = true;
685 685
686 llid = sta->llid; 686 llid = sta->llid;
687 spin_unlock_bh(&sta->plink_lock); 687 spin_unlock_bh(&sta->lock);
688 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, 688 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
689 plid, reason); 689 plid, reason);
690 break; 690 break;
@@ -692,14 +692,14 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
692 del_timer(&sta->plink_timer); 692 del_timer(&sta->plink_timer);
693 sta->plink_state = PLINK_ESTAB; 693 sta->plink_state = PLINK_ESTAB;
694 mesh_plink_inc_estab_count(sdata); 694 mesh_plink_inc_estab_count(sdata);
695 spin_unlock_bh(&sta->plink_lock); 695 spin_unlock_bh(&sta->lock);
696 mpl_dbg("Mesh plink with %s ESTABLISHED\n", 696 mpl_dbg("Mesh plink with %s ESTABLISHED\n",
697 print_mac(mac, sta->addr)); 697 print_mac(mac, sta->addr));
698 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid, 698 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid,
699 plid, 0); 699 plid, 0);
700 break; 700 break;
701 default: 701 default:
702 spin_unlock_bh(&sta->plink_lock); 702 spin_unlock_bh(&sta->lock);
703 break; 703 break;
704 } 704 }
705 break; 705 break;
@@ -713,18 +713,18 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
713 sta->plink_state = PLINK_HOLDING; 713 sta->plink_state = PLINK_HOLDING;
714 llid = sta->llid; 714 llid = sta->llid;
715 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 715 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
716 spin_unlock_bh(&sta->plink_lock); 716 spin_unlock_bh(&sta->lock);
717 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, 717 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
718 plid, reason); 718 plid, reason);
719 break; 719 break;
720 case OPN_ACPT: 720 case OPN_ACPT:
721 llid = sta->llid; 721 llid = sta->llid;
722 spin_unlock_bh(&sta->plink_lock); 722 spin_unlock_bh(&sta->lock);
723 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid, 723 mesh_plink_frame_tx(dev, PLINK_CONFIRM, sta->addr, llid,
724 plid, 0); 724 plid, 0);
725 break; 725 break;
726 default: 726 default:
727 spin_unlock_bh(&sta->plink_lock); 727 spin_unlock_bh(&sta->lock);
728 break; 728 break;
729 } 729 }
730 break; 730 break;
@@ -734,7 +734,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
734 if (del_timer(&sta->plink_timer)) 734 if (del_timer(&sta->plink_timer))
735 sta->ignore_plink_timer = 1; 735 sta->ignore_plink_timer = 1;
736 mesh_plink_fsm_restart(sta); 736 mesh_plink_fsm_restart(sta);
737 spin_unlock_bh(&sta->plink_lock); 737 spin_unlock_bh(&sta->lock);
738 break; 738 break;
739 case OPN_ACPT: 739 case OPN_ACPT:
740 case CNF_ACPT: 740 case CNF_ACPT:
@@ -742,19 +742,19 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
742 case CNF_RJCT: 742 case CNF_RJCT:
743 llid = sta->llid; 743 llid = sta->llid;
744 reason = sta->reason; 744 reason = sta->reason;
745 spin_unlock_bh(&sta->plink_lock); 745 spin_unlock_bh(&sta->lock);
746 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, 746 mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
747 plid, reason); 747 plid, reason);
748 break; 748 break;
749 default: 749 default:
750 spin_unlock_bh(&sta->plink_lock); 750 spin_unlock_bh(&sta->lock);
751 } 751 }
752 break; 752 break;
753 default: 753 default:
754 /* should not get here, PLINK_BLOCKED is dealt with at the 754 /* should not get here, PLINK_BLOCKED is dealt with at the
755 * beggining of the function 755 * beggining of the function
756 */ 756 */
757 spin_unlock_bh(&sta->plink_lock); 757 spin_unlock_bh(&sta->lock);
758 break; 758 break;
759 } 759 }
760 760
diff --git a/net/mac80211/michael.c b/net/mac80211/michael.c
index 0f844f7895f1..408649bd4702 100644
--- a/net/mac80211/michael.c
+++ b/net/mac80211/michael.c
@@ -6,85 +6,68 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9
10#include <linux/types.h> 9#include <linux/types.h>
10#include <linux/bitops.h>
11#include <linux/ieee80211.h>
12#include <asm/unaligned.h>
11 13
12#include "michael.h" 14#include "michael.h"
13 15
14static inline u32 rotr(u32 val, int bits) 16static void michael_block(struct michael_mic_ctx *mctx, u32 val)
15{
16 return (val >> bits) | (val << (32 - bits));
17}
18
19
20static inline u32 rotl(u32 val, int bits)
21{
22 return (val << bits) | (val >> (32 - bits));
23}
24
25
26static inline u32 xswap(u32 val)
27{
28 return ((val & 0xff00ff00) >> 8) | ((val & 0x00ff00ff) << 8);
29}
30
31
32#define michael_block(l, r) \
33do { \
34 r ^= rotl(l, 17); \
35 l += r; \
36 r ^= xswap(l); \
37 l += r; \
38 r ^= rotl(l, 3); \
39 l += r; \
40 r ^= rotr(l, 2); \
41 l += r; \
42} while (0)
43
44
45static inline u32 michael_get32(u8 *data)
46{ 17{
47 return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24); 18 mctx->l ^= val;
19 mctx->r ^= rol32(mctx->l, 17);
20 mctx->l += mctx->r;
21 mctx->r ^= ((mctx->l & 0xff00ff00) >> 8) |
22 ((mctx->l & 0x00ff00ff) << 8);
23 mctx->l += mctx->r;
24 mctx->r ^= rol32(mctx->l, 3);
25 mctx->l += mctx->r;
26 mctx->r ^= ror32(mctx->l, 2);
27 mctx->l += mctx->r;
48} 28}
49 29
50 30static void michael_mic_hdr(struct michael_mic_ctx *mctx, const u8 *key,
51static inline void michael_put32(u32 val, u8 *data) 31 struct ieee80211_hdr *hdr)
52{ 32{
53 data[0] = val & 0xff; 33 u8 *da, *sa, tid;
54 data[1] = (val >> 8) & 0xff; 34
55 data[2] = (val >> 16) & 0xff; 35 da = ieee80211_get_DA(hdr);
56 data[3] = (val >> 24) & 0xff; 36 sa = ieee80211_get_SA(hdr);
37 if (ieee80211_is_data_qos(hdr->frame_control))
38 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
39 else
40 tid = 0;
41
42 mctx->l = get_unaligned_le32(key);
43 mctx->r = get_unaligned_le32(key + 4);
44
45 /*
46 * A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC
47 * calculation, but it is _not_ transmitted
48 */
49 michael_block(mctx, get_unaligned_le32(da));
50 michael_block(mctx, get_unaligned_le16(&da[4]) |
51 (get_unaligned_le16(sa) << 16));
52 michael_block(mctx, get_unaligned_le32(&sa[2]));
53 michael_block(mctx, tid);
57} 54}
58 55
59 56void michael_mic(const u8 *key, struct ieee80211_hdr *hdr,
60void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority, 57 const u8 *data, size_t data_len, u8 *mic)
61 u8 *data, size_t data_len, u8 *mic)
62{ 58{
63 u32 l, r, val; 59 u32 val;
64 size_t block, blocks, left; 60 size_t block, blocks, left;
61 struct michael_mic_ctx mctx;
65 62
66 l = michael_get32(key); 63 michael_mic_hdr(&mctx, key, hdr);
67 r = michael_get32(key + 4);
68
69 /* A pseudo header (DA, SA, Priority, 0, 0, 0) is used in Michael MIC
70 * calculation, but it is _not_ transmitted */
71 l ^= michael_get32(da);
72 michael_block(l, r);
73 l ^= da[4] | (da[5] << 8) | (sa[0] << 16) | (sa[1] << 24);
74 michael_block(l, r);
75 l ^= michael_get32(&sa[2]);
76 michael_block(l, r);
77 l ^= priority;
78 michael_block(l, r);
79 64
80 /* Real data */ 65 /* Real data */
81 blocks = data_len / 4; 66 blocks = data_len / 4;
82 left = data_len % 4; 67 left = data_len % 4;
83 68
84 for (block = 0; block < blocks; block++) { 69 for (block = 0; block < blocks; block++)
85 l ^= michael_get32(&data[block * 4]); 70 michael_block(&mctx, get_unaligned_le32(&data[block * 4]));
86 michael_block(l, r);
87 }
88 71
89 /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make 72 /* Partial block of 0..3 bytes and padding: 0x5a + 4..7 zeros to make
90 * total length a multiple of 4. */ 73 * total length a multiple of 4. */
@@ -94,11 +77,10 @@ void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority,
94 left--; 77 left--;
95 val |= data[blocks * 4 + left]; 78 val |= data[blocks * 4 + left];
96 } 79 }
97 l ^= val;
98 michael_block(l, r);
99 /* last block is zero, so l ^ 0 = l */
100 michael_block(l, r);
101 80
102 michael_put32(l, mic); 81 michael_block(&mctx, val);
103 michael_put32(r, mic + 4); 82 michael_block(&mctx, 0);
83
84 put_unaligned_le32(mctx.l, mic);
85 put_unaligned_le32(mctx.r, mic + 4);
104} 86}
diff --git a/net/mac80211/michael.h b/net/mac80211/michael.h
index 2e6aebabeea1..3b848dad9587 100644
--- a/net/mac80211/michael.h
+++ b/net/mac80211/michael.h
@@ -14,7 +14,11 @@
14 14
15#define MICHAEL_MIC_LEN 8 15#define MICHAEL_MIC_LEN 8
16 16
17void michael_mic(u8 *key, u8 *da, u8 *sa, u8 priority, 17struct michael_mic_ctx {
18 u8 *data, size_t data_len, u8 *mic); 18 u32 l, r;
19};
20
21void michael_mic(const u8 *key, struct ieee80211_hdr *hdr,
22 const u8 *data, size_t data_len, u8 *mic);
19 23
20#endif /* MICHAEL_H */ 24#endif /* MICHAEL_H */
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 7cfd12e0d1e2..9bb68c6a8f44 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -44,7 +44,7 @@
44#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ) 44#define IEEE80211_RETRY_AUTH_INTERVAL (1 * HZ)
45#define IEEE80211_SCAN_INTERVAL (2 * HZ) 45#define IEEE80211_SCAN_INTERVAL (2 * HZ)
46#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ) 46#define IEEE80211_SCAN_INTERVAL_SLOW (15 * HZ)
47#define IEEE80211_IBSS_JOIN_TIMEOUT (20 * HZ) 47#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
48 48
49#define IEEE80211_PROBE_DELAY (HZ / 33) 49#define IEEE80211_PROBE_DELAY (HZ / 33)
50#define IEEE80211_CHANNEL_TIME (HZ / 33) 50#define IEEE80211_CHANNEL_TIME (HZ / 33)
@@ -78,7 +78,7 @@ static void ieee80211_send_probe_req(struct net_device *dev, u8 *dst,
78static struct ieee80211_sta_bss * 78static struct ieee80211_sta_bss *
79ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int freq, 79ieee80211_rx_bss_get(struct net_device *dev, u8 *bssid, int freq,
80 u8 *ssid, u8 ssid_len); 80 u8 *ssid, u8 ssid_len);
81static void ieee80211_rx_bss_put(struct net_device *dev, 81static void ieee80211_rx_bss_put(struct ieee80211_local *local,
82 struct ieee80211_sta_bss *bss); 82 struct ieee80211_sta_bss *bss);
83static int ieee80211_sta_find_ibss(struct net_device *dev, 83static int ieee80211_sta_find_ibss(struct net_device *dev,
84 struct ieee80211_if_sta *ifsta); 84 struct ieee80211_if_sta *ifsta);
@@ -87,6 +87,7 @@ static int ieee80211_sta_start_scan(struct net_device *dev,
87 u8 *ssid, size_t ssid_len); 87 u8 *ssid, size_t ssid_len);
88static int ieee80211_sta_config_auth(struct net_device *dev, 88static int ieee80211_sta_config_auth(struct net_device *dev,
89 struct ieee80211_if_sta *ifsta); 89 struct ieee80211_if_sta *ifsta);
90static void sta_rx_agg_session_timer_expired(unsigned long data);
90 91
91 92
92void ieee802_11_parse_elems(u8 *start, size_t len, 93void ieee802_11_parse_elems(u8 *start, size_t len,
@@ -203,6 +204,25 @@ void ieee802_11_parse_elems(u8 *start, size_t len,
203 elems->perr = pos; 204 elems->perr = pos;
204 elems->perr_len = elen; 205 elems->perr_len = elen;
205 break; 206 break;
207 case WLAN_EID_CHANNEL_SWITCH:
208 elems->ch_switch_elem = pos;
209 elems->ch_switch_elem_len = elen;
210 break;
211 case WLAN_EID_QUIET:
212 if (!elems->quiet_elem) {
213 elems->quiet_elem = pos;
214 elems->quiet_elem_len = elen;
215 }
216 elems->num_of_quiet_elem++;
217 break;
218 case WLAN_EID_COUNTRY:
219 elems->country_elem = pos;
220 elems->country_elem_len = elen;
221 break;
222 case WLAN_EID_PWR_CONSTRAINT:
223 elems->pwr_constr_elem = pos;
224 elems->pwr_constr_elem_len = elen;
225 break;
206 default: 226 default:
207 break; 227 break;
208 } 228 }
@@ -256,19 +276,8 @@ static void ieee80211_sta_def_wmm_params(struct net_device *dev,
256 qparam.cw_max = 1023; 276 qparam.cw_max = 1023;
257 qparam.txop = 0; 277 qparam.txop = 0;
258 278
259 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++) 279 for (i = 0; i < local_to_hw(local)->queues; i++)
260 local->ops->conf_tx(local_to_hw(local), 280 local->ops->conf_tx(local_to_hw(local), i, &qparam);
261 i + IEEE80211_TX_QUEUE_DATA0,
262 &qparam);
263
264 if (ibss) {
265 /* IBSS uses different parameters for Beacon sending */
266 qparam.cw_min++;
267 qparam.cw_min *= 2;
268 qparam.cw_min--;
269 local->ops->conf_tx(local_to_hw(local),
270 IEEE80211_TX_QUEUE_BEACON, &qparam);
271 }
272 } 281 }
273} 282}
274 283
@@ -282,6 +291,12 @@ static void ieee80211_sta_wmm_params(struct net_device *dev,
282 int count; 291 int count;
283 u8 *pos; 292 u8 *pos;
284 293
294 if (!(ifsta->flags & IEEE80211_STA_WMM_ENABLED))
295 return;
296
297 if (!wmm_param)
298 return;
299
285 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 300 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
286 return; 301 return;
287 count = wmm_param[6] & 0x0f; 302 count = wmm_param[6] & 0x0f;
@@ -305,37 +320,33 @@ static void ieee80211_sta_wmm_params(struct net_device *dev,
305 320
306 switch (aci) { 321 switch (aci) {
307 case 1: 322 case 1:
308 queue = IEEE80211_TX_QUEUE_DATA3; 323 queue = 3;
309 if (acm) { 324 if (acm)
310 local->wmm_acm |= BIT(0) | BIT(3); 325 local->wmm_acm |= BIT(0) | BIT(3);
311 }
312 break; 326 break;
313 case 2: 327 case 2:
314 queue = IEEE80211_TX_QUEUE_DATA1; 328 queue = 1;
315 if (acm) { 329 if (acm)
316 local->wmm_acm |= BIT(4) | BIT(5); 330 local->wmm_acm |= BIT(4) | BIT(5);
317 }
318 break; 331 break;
319 case 3: 332 case 3:
320 queue = IEEE80211_TX_QUEUE_DATA0; 333 queue = 0;
321 if (acm) { 334 if (acm)
322 local->wmm_acm |= BIT(6) | BIT(7); 335 local->wmm_acm |= BIT(6) | BIT(7);
323 }
324 break; 336 break;
325 case 0: 337 case 0:
326 default: 338 default:
327 queue = IEEE80211_TX_QUEUE_DATA2; 339 queue = 2;
328 if (acm) { 340 if (acm)
329 local->wmm_acm |= BIT(1) | BIT(2); 341 local->wmm_acm |= BIT(1) | BIT(2);
330 }
331 break; 342 break;
332 } 343 }
333 344
334 params.aifs = pos[0] & 0x0f; 345 params.aifs = pos[0] & 0x0f;
335 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 346 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
336 params.cw_min = ecw2cw(pos[1] & 0x0f); 347 params.cw_min = ecw2cw(pos[1] & 0x0f);
337 params.txop = pos[2] | (pos[3] << 8); 348 params.txop = get_unaligned_le16(pos + 2);
338#ifdef CONFIG_MAC80211_DEBUG 349#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
339 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 350 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d "
340 "cWmin=%d cWmax=%d txop=%d\n", 351 "cWmin=%d cWmax=%d txop=%d\n",
341 dev->name, queue, aci, acm, params.aifs, params.cw_min, 352 dev->name, queue, aci, acm, params.aifs, params.cw_min,
@@ -355,11 +366,14 @@ static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
355 bool use_short_preamble) 366 bool use_short_preamble)
356{ 367{
357 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf; 368 struct ieee80211_bss_conf *bss_conf = &sdata->bss_conf;
369#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
358 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 370 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
359 DECLARE_MAC_BUF(mac); 371 DECLARE_MAC_BUF(mac);
372#endif
360 u32 changed = 0; 373 u32 changed = 0;
361 374
362 if (use_protection != bss_conf->use_cts_prot) { 375 if (use_protection != bss_conf->use_cts_prot) {
376#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
363 if (net_ratelimit()) { 377 if (net_ratelimit()) {
364 printk(KERN_DEBUG "%s: CTS protection %s (BSSID=" 378 printk(KERN_DEBUG "%s: CTS protection %s (BSSID="
365 "%s)\n", 379 "%s)\n",
@@ -367,11 +381,13 @@ static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
367 use_protection ? "enabled" : "disabled", 381 use_protection ? "enabled" : "disabled",
368 print_mac(mac, ifsta->bssid)); 382 print_mac(mac, ifsta->bssid));
369 } 383 }
384#endif
370 bss_conf->use_cts_prot = use_protection; 385 bss_conf->use_cts_prot = use_protection;
371 changed |= BSS_CHANGED_ERP_CTS_PROT; 386 changed |= BSS_CHANGED_ERP_CTS_PROT;
372 } 387 }
373 388
374 if (use_short_preamble != bss_conf->use_short_preamble) { 389 if (use_short_preamble != bss_conf->use_short_preamble) {
390#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
375 if (net_ratelimit()) { 391 if (net_ratelimit()) {
376 printk(KERN_DEBUG "%s: switched to %s barker preamble" 392 printk(KERN_DEBUG "%s: switched to %s barker preamble"
377 " (BSSID=%s)\n", 393 " (BSSID=%s)\n",
@@ -379,6 +395,7 @@ static u32 ieee80211_handle_protect_preamb(struct ieee80211_sub_if_data *sdata,
379 use_short_preamble ? "short" : "long", 395 use_short_preamble ? "short" : "long",
380 print_mac(mac, ifsta->bssid)); 396 print_mac(mac, ifsta->bssid));
381 } 397 }
398#endif
382 bss_conf->use_short_preamble = use_short_preamble; 399 bss_conf->use_short_preamble = use_short_preamble;
383 changed |= BSS_CHANGED_ERP_PREAMBLE; 400 changed |= BSS_CHANGED_ERP_PREAMBLE;
384 } 401 }
@@ -461,51 +478,21 @@ int ieee80211_ht_addt_info_ie_to_ht_bss_info(
461static void ieee80211_sta_send_associnfo(struct net_device *dev, 478static void ieee80211_sta_send_associnfo(struct net_device *dev,
462 struct ieee80211_if_sta *ifsta) 479 struct ieee80211_if_sta *ifsta)
463{ 480{
464 char *buf;
465 size_t len;
466 int i;
467 union iwreq_data wrqu; 481 union iwreq_data wrqu;
468 482
469 if (!ifsta->assocreq_ies && !ifsta->assocresp_ies)
470 return;
471
472 buf = kmalloc(50 + 2 * (ifsta->assocreq_ies_len +
473 ifsta->assocresp_ies_len), GFP_KERNEL);
474 if (!buf)
475 return;
476
477 len = sprintf(buf, "ASSOCINFO(");
478 if (ifsta->assocreq_ies) { 483 if (ifsta->assocreq_ies) {
479 len += sprintf(buf + len, "ReqIEs="); 484 memset(&wrqu, 0, sizeof(wrqu));
480 for (i = 0; i < ifsta->assocreq_ies_len; i++) { 485 wrqu.data.length = ifsta->assocreq_ies_len;
481 len += sprintf(buf + len, "%02x", 486 wireless_send_event(dev, IWEVASSOCREQIE, &wrqu,
482 ifsta->assocreq_ies[i]); 487 ifsta->assocreq_ies);
483 }
484 } 488 }
485 if (ifsta->assocresp_ies) {
486 if (ifsta->assocreq_ies)
487 len += sprintf(buf + len, " ");
488 len += sprintf(buf + len, "RespIEs=");
489 for (i = 0; i < ifsta->assocresp_ies_len; i++) {
490 len += sprintf(buf + len, "%02x",
491 ifsta->assocresp_ies[i]);
492 }
493 }
494 len += sprintf(buf + len, ")");
495 489
496 if (len > IW_CUSTOM_MAX) { 490 if (ifsta->assocresp_ies) {
497 len = sprintf(buf, "ASSOCRESPIE="); 491 memset(&wrqu, 0, sizeof(wrqu));
498 for (i = 0; i < ifsta->assocresp_ies_len; i++) { 492 wrqu.data.length = ifsta->assocresp_ies_len;
499 len += sprintf(buf + len, "%02x", 493 wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu,
500 ifsta->assocresp_ies[i]); 494 ifsta->assocresp_ies);
501 }
502 } 495 }
503
504 memset(&wrqu, 0, sizeof(wrqu));
505 wrqu.data.length = len;
506 wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
507
508 kfree(buf);
509} 496}
510 497
511 498
@@ -534,10 +521,11 @@ static void ieee80211_set_associated(struct net_device *dev,
534 /* set timing information */ 521 /* set timing information */
535 sdata->bss_conf.beacon_int = bss->beacon_int; 522 sdata->bss_conf.beacon_int = bss->beacon_int;
536 sdata->bss_conf.timestamp = bss->timestamp; 523 sdata->bss_conf.timestamp = bss->timestamp;
524 sdata->bss_conf.dtim_period = bss->dtim_period;
537 525
538 changed |= ieee80211_handle_bss_capability(sdata, bss); 526 changed |= ieee80211_handle_bss_capability(sdata, bss);
539 527
540 ieee80211_rx_bss_put(dev, bss); 528 ieee80211_rx_bss_put(local, bss);
541 } 529 }
542 530
543 if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) { 531 if (conf->flags & IEEE80211_CONF_SUPPORT_HT_MODE) {
@@ -547,16 +535,15 @@ static void ieee80211_set_associated(struct net_device *dev,
547 sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf; 535 sdata->bss_conf.ht_bss_conf = &conf->ht_bss_conf;
548 } 536 }
549 537
550 netif_carrier_on(dev);
551 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET; 538 ifsta->flags |= IEEE80211_STA_PREV_BSSID_SET;
552 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN); 539 memcpy(ifsta->prev_bssid, sdata->u.sta.bssid, ETH_ALEN);
553 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN); 540 memcpy(wrqu.ap_addr.sa_data, sdata->u.sta.bssid, ETH_ALEN);
554 ieee80211_sta_send_associnfo(dev, ifsta); 541 ieee80211_sta_send_associnfo(dev, ifsta);
555 } else { 542 } else {
543 netif_carrier_off(dev);
556 ieee80211_sta_tear_down_BA_sessions(dev, ifsta->bssid); 544 ieee80211_sta_tear_down_BA_sessions(dev, ifsta->bssid);
557 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED; 545 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
558 netif_carrier_off(dev); 546 changed |= ieee80211_reset_erp_info(dev);
559 ieee80211_reset_erp_info(dev);
560 547
561 sdata->bss_conf.assoc_ht = 0; 548 sdata->bss_conf.assoc_ht = 0;
562 sdata->bss_conf.ht_conf = NULL; 549 sdata->bss_conf.ht_conf = NULL;
@@ -569,6 +556,10 @@ static void ieee80211_set_associated(struct net_device *dev,
569 556
570 sdata->bss_conf.assoc = assoc; 557 sdata->bss_conf.assoc = assoc;
571 ieee80211_bss_info_change_notify(sdata, changed); 558 ieee80211_bss_info_change_notify(sdata, changed);
559
560 if (assoc)
561 netif_carrier_on(dev);
562
572 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 563 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
573 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 564 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
574} 565}
@@ -586,7 +577,6 @@ void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
586 int encrypt) 577 int encrypt)
587{ 578{
588 struct ieee80211_sub_if_data *sdata; 579 struct ieee80211_sub_if_data *sdata;
589 struct ieee80211_tx_packet_data *pkt_data;
590 580
591 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 581 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
592 skb->dev = sdata->local->mdev; 582 skb->dev = sdata->local->mdev;
@@ -594,11 +584,8 @@ void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb,
594 skb_set_network_header(skb, 0); 584 skb_set_network_header(skb, 0);
595 skb_set_transport_header(skb, 0); 585 skb_set_transport_header(skb, 0);
596 586
597 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 587 skb->iif = sdata->dev->ifindex;
598 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data)); 588 skb->do_not_encrypt = !encrypt;
599 pkt_data->ifindex = sdata->dev->ifindex;
600 if (!encrypt)
601 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
602 589
603 dev_queue_xmit(skb); 590 dev_queue_xmit(skb);
604} 591}
@@ -727,9 +714,8 @@ static void ieee80211_send_assoc(struct net_device *dev,
727 if (bss) { 714 if (bss) {
728 if (bss->capability & WLAN_CAPABILITY_PRIVACY) 715 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
729 capab |= WLAN_CAPABILITY_PRIVACY; 716 capab |= WLAN_CAPABILITY_PRIVACY;
730 if (bss->wmm_ie) { 717 if (bss->wmm_ie)
731 wmm = 1; 718 wmm = 1;
732 }
733 719
734 /* get all rates supported by the device and the AP as 720 /* get all rates supported by the device and the AP as
735 * some APs don't like getting a superset of their rates 721 * some APs don't like getting a superset of their rates
@@ -737,7 +723,11 @@ static void ieee80211_send_assoc(struct net_device *dev,
737 * b-only mode) */ 723 * b-only mode) */
738 rates_len = ieee80211_compatible_rates(bss, sband, &rates); 724 rates_len = ieee80211_compatible_rates(bss, sband, &rates);
739 725
740 ieee80211_rx_bss_put(dev, bss); 726 if ((bss->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
727 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
728 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
729
730 ieee80211_rx_bss_put(local, bss);
741 } else { 731 } else {
742 rates = ~0; 732 rates = ~0;
743 rates_len = sband->n_bitrates; 733 rates_len = sband->n_bitrates;
@@ -754,7 +744,8 @@ static void ieee80211_send_assoc(struct net_device *dev,
754 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 744 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
755 IEEE80211_STYPE_REASSOC_REQ); 745 IEEE80211_STYPE_REASSOC_REQ);
756 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab); 746 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
757 mgmt->u.reassoc_req.listen_interval = cpu_to_le16(1); 747 mgmt->u.reassoc_req.listen_interval =
748 cpu_to_le16(local->hw.conf.listen_interval);
758 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid, 749 memcpy(mgmt->u.reassoc_req.current_ap, ifsta->prev_bssid,
759 ETH_ALEN); 750 ETH_ALEN);
760 } else { 751 } else {
@@ -762,7 +753,8 @@ static void ieee80211_send_assoc(struct net_device *dev,
762 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 753 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
763 IEEE80211_STYPE_ASSOC_REQ); 754 IEEE80211_STYPE_ASSOC_REQ);
764 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab); 755 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
765 mgmt->u.assoc_req.listen_interval = cpu_to_le16(1); 756 mgmt->u.reassoc_req.listen_interval =
757 cpu_to_le16(local->hw.conf.listen_interval);
766 } 758 }
767 759
768 /* SSID */ 760 /* SSID */
@@ -791,7 +783,7 @@ static void ieee80211_send_assoc(struct net_device *dev,
791 } 783 }
792 } 784 }
793 785
794 if (count == 8) { 786 if (rates_len > count) {
795 pos = skb_put(skb, rates_len - count + 2); 787 pos = skb_put(skb, rates_len - count + 2);
796 *pos++ = WLAN_EID_EXT_SUPP_RATES; 788 *pos++ = WLAN_EID_EXT_SUPP_RATES;
797 *pos++ = rates_len - count; 789 *pos++ = rates_len - count;
@@ -804,6 +796,26 @@ static void ieee80211_send_assoc(struct net_device *dev,
804 } 796 }
805 } 797 }
806 798
799 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
800 /* 1. power capabilities */
801 pos = skb_put(skb, 4);
802 *pos++ = WLAN_EID_PWR_CAPABILITY;
803 *pos++ = 2;
804 *pos++ = 0; /* min tx power */
805 *pos++ = local->hw.conf.channel->max_power; /* max tx power */
806
807 /* 2. supported channels */
808 /* TODO: get this in reg domain format */
809 pos = skb_put(skb, 2 * sband->n_channels + 2);
810 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
811 *pos++ = 2 * sband->n_channels;
812 for (i = 0; i < sband->n_channels; i++) {
813 *pos++ = ieee80211_frequency_to_channel(
814 sband->channels[i].center_freq);
815 *pos++ = 1; /* one channel in the subband*/
816 }
817 }
818
807 if (ifsta->extra_ie) { 819 if (ifsta->extra_ie) {
808 pos = skb_put(skb, ifsta->extra_ie_len); 820 pos = skb_put(skb, ifsta->extra_ie_len);
809 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len); 821 memcpy(pos, ifsta->extra_ie, ifsta->extra_ie_len);
@@ -821,9 +833,32 @@ static void ieee80211_send_assoc(struct net_device *dev,
821 *pos++ = 1; /* WME ver */ 833 *pos++ = 1; /* WME ver */
822 *pos++ = 0; 834 *pos++ = 0;
823 } 835 }
836
824 /* wmm support is a must to HT */ 837 /* wmm support is a must to HT */
825 if (wmm && sband->ht_info.ht_supported) { 838 if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
826 __le16 tmp = cpu_to_le16(sband->ht_info.cap); 839 sband->ht_info.ht_supported && bss->ht_add_ie) {
840 struct ieee80211_ht_addt_info *ht_add_info =
841 (struct ieee80211_ht_addt_info *)bss->ht_add_ie;
842 u16 cap = sband->ht_info.cap;
843 __le16 tmp;
844 u32 flags = local->hw.conf.channel->flags;
845
846 switch (ht_add_info->ht_param & IEEE80211_HT_IE_CHA_SEC_OFFSET) {
847 case IEEE80211_HT_IE_CHA_SEC_ABOVE:
848 if (flags & IEEE80211_CHAN_NO_FAT_ABOVE) {
849 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
850 cap &= ~IEEE80211_HT_CAP_SGI_40;
851 }
852 break;
853 case IEEE80211_HT_IE_CHA_SEC_BELOW:
854 if (flags & IEEE80211_CHAN_NO_FAT_BELOW) {
855 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH;
856 cap &= ~IEEE80211_HT_CAP_SGI_40;
857 }
858 break;
859 }
860
861 tmp = cpu_to_le16(cap);
827 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2); 862 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap)+2);
828 *pos++ = WLAN_EID_HT_CAPABILITY; 863 *pos++ = WLAN_EID_HT_CAPABILITY;
829 *pos++ = sizeof(struct ieee80211_ht_cap); 864 *pos++ = sizeof(struct ieee80211_ht_cap);
@@ -926,7 +961,7 @@ static int ieee80211_privacy_mismatch(struct net_device *dev,
926 wep_privacy = !!ieee80211_sta_wep_configured(dev); 961 wep_privacy = !!ieee80211_sta_wep_configured(dev);
927 privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED); 962 privacy_invoked = !!(ifsta->flags & IEEE80211_STA_PRIVACY_INVOKED);
928 963
929 ieee80211_rx_bss_put(dev, bss); 964 ieee80211_rx_bss_put(local, bss);
930 965
931 if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked)) 966 if ((bss_privacy == wep_privacy) || (bss_privacy == privacy_invoked))
932 return 0; 967 return 0;
@@ -1118,14 +1153,10 @@ static void ieee80211_auth_challenge(struct net_device *dev,
1118 u8 *pos; 1153 u8 *pos;
1119 struct ieee802_11_elems elems; 1154 struct ieee802_11_elems elems;
1120 1155
1121 printk(KERN_DEBUG "%s: replying to auth challenge\n", dev->name);
1122 pos = mgmt->u.auth.variable; 1156 pos = mgmt->u.auth.variable;
1123 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 1157 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1124 if (!elems.challenge) { 1158 if (!elems.challenge)
1125 printk(KERN_DEBUG "%s: no challenge IE in shared key auth "
1126 "frame\n", dev->name);
1127 return; 1159 return;
1128 }
1129 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2, 1160 ieee80211_send_auth(dev, ifsta, 3, elems.challenge - 2,
1130 elems.challenge_len + 2, 1); 1161 elems.challenge_len + 2, 1);
1131} 1162}
@@ -1141,8 +1172,8 @@ static void ieee80211_send_addba_resp(struct net_device *dev, u8 *da, u16 tid,
1141 struct ieee80211_mgmt *mgmt; 1172 struct ieee80211_mgmt *mgmt;
1142 u16 capab; 1173 u16 capab;
1143 1174
1144 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 + 1175 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1145 sizeof(mgmt->u.action.u.addba_resp)); 1176
1146 if (!skb) { 1177 if (!skb) {
1147 printk(KERN_DEBUG "%s: failed to allocate buffer " 1178 printk(KERN_DEBUG "%s: failed to allocate buffer "
1148 "for addba resp frame\n", dev->name); 1179 "for addba resp frame\n", dev->name);
@@ -1190,9 +1221,7 @@ void ieee80211_send_addba_request(struct net_device *dev, const u8 *da,
1190 struct ieee80211_mgmt *mgmt; 1221 struct ieee80211_mgmt *mgmt;
1191 u16 capab; 1222 u16 capab;
1192 1223
1193 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 + 1224 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1194 sizeof(mgmt->u.action.u.addba_req));
1195
1196 1225
1197 if (!skb) { 1226 if (!skb) {
1198 printk(KERN_ERR "%s: failed to allocate buffer " 1227 printk(KERN_ERR "%s: failed to allocate buffer "
@@ -1293,7 +1322,7 @@ static void ieee80211_sta_process_addba_request(struct net_device *dev,
1293 1322
1294 1323
1295 /* examine state machine */ 1324 /* examine state machine */
1296 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx); 1325 spin_lock_bh(&sta->lock);
1297 1326
1298 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) { 1327 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) {
1299#ifdef CONFIG_MAC80211_HT_DEBUG 1328#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -1309,9 +1338,11 @@ static void ieee80211_sta_process_addba_request(struct net_device *dev,
1309 sta->ampdu_mlme.tid_rx[tid] = 1338 sta->ampdu_mlme.tid_rx[tid] =
1310 kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC); 1339 kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
1311 if (!sta->ampdu_mlme.tid_rx[tid]) { 1340 if (!sta->ampdu_mlme.tid_rx[tid]) {
1341#ifdef CONFIG_MAC80211_HT_DEBUG
1312 if (net_ratelimit()) 1342 if (net_ratelimit())
1313 printk(KERN_ERR "allocate rx mlme to tid %d failed\n", 1343 printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
1314 tid); 1344 tid);
1345#endif
1315 goto end; 1346 goto end;
1316 } 1347 }
1317 /* rx timer */ 1348 /* rx timer */
@@ -1325,16 +1356,18 @@ static void ieee80211_sta_process_addba_request(struct net_device *dev,
1325 1356
1326 /* prepare reordering buffer */ 1357 /* prepare reordering buffer */
1327 tid_agg_rx->reorder_buf = 1358 tid_agg_rx->reorder_buf =
1328 kmalloc(buf_size * sizeof(struct sk_buf *), GFP_ATOMIC); 1359 kmalloc(buf_size * sizeof(struct sk_buff *), GFP_ATOMIC);
1329 if (!tid_agg_rx->reorder_buf) { 1360 if (!tid_agg_rx->reorder_buf) {
1361#ifdef CONFIG_MAC80211_HT_DEBUG
1330 if (net_ratelimit()) 1362 if (net_ratelimit())
1331 printk(KERN_ERR "can not allocate reordering buffer " 1363 printk(KERN_ERR "can not allocate reordering buffer "
1332 "to tid %d\n", tid); 1364 "to tid %d\n", tid);
1365#endif
1333 kfree(sta->ampdu_mlme.tid_rx[tid]); 1366 kfree(sta->ampdu_mlme.tid_rx[tid]);
1334 goto end; 1367 goto end;
1335 } 1368 }
1336 memset(tid_agg_rx->reorder_buf, 0, 1369 memset(tid_agg_rx->reorder_buf, 0,
1337 buf_size * sizeof(struct sk_buf *)); 1370 buf_size * sizeof(struct sk_buff *));
1338 1371
1339 if (local->ops->ampdu_action) 1372 if (local->ops->ampdu_action)
1340 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START, 1373 ret = local->ops->ampdu_action(hw, IEEE80211_AMPDU_RX_START,
@@ -1360,7 +1393,7 @@ static void ieee80211_sta_process_addba_request(struct net_device *dev,
1360 tid_agg_rx->stored_mpdu_num = 0; 1393 tid_agg_rx->stored_mpdu_num = 0;
1361 status = WLAN_STATUS_SUCCESS; 1394 status = WLAN_STATUS_SUCCESS;
1362end: 1395end:
1363 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); 1396 spin_unlock_bh(&sta->lock);
1364 1397
1365end_no_lock: 1398end_no_lock:
1366 ieee80211_send_addba_resp(sta->sdata->dev, sta->addr, tid, 1399 ieee80211_send_addba_resp(sta->sdata->dev, sta->addr, tid,
@@ -1392,18 +1425,16 @@ static void ieee80211_sta_process_addba_resp(struct net_device *dev,
1392 1425
1393 state = &sta->ampdu_mlme.tid_state_tx[tid]; 1426 state = &sta->ampdu_mlme.tid_state_tx[tid];
1394 1427
1395 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 1428 spin_lock_bh(&sta->lock);
1396 1429
1397 if (!(*state & HT_ADDBA_REQUESTED_MSK)) { 1430 if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1398 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1431 spin_unlock_bh(&sta->lock);
1399 printk(KERN_DEBUG "state not HT_ADDBA_REQUESTED_MSK:"
1400 "%d\n", *state);
1401 goto addba_resp_exit; 1432 goto addba_resp_exit;
1402 } 1433 }
1403 1434
1404 if (mgmt->u.action.u.addba_resp.dialog_token != 1435 if (mgmt->u.action.u.addba_resp.dialog_token !=
1405 sta->ampdu_mlme.tid_tx[tid]->dialog_token) { 1436 sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
1406 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1437 spin_unlock_bh(&sta->lock);
1407#ifdef CONFIG_MAC80211_HT_DEBUG 1438#ifdef CONFIG_MAC80211_HT_DEBUG
1408 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 1439 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
1409#endif /* CONFIG_MAC80211_HT_DEBUG */ 1440#endif /* CONFIG_MAC80211_HT_DEBUG */
@@ -1416,26 +1447,18 @@ static void ieee80211_sta_process_addba_resp(struct net_device *dev,
1416#endif /* CONFIG_MAC80211_HT_DEBUG */ 1447#endif /* CONFIG_MAC80211_HT_DEBUG */
1417 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 1448 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
1418 == WLAN_STATUS_SUCCESS) { 1449 == WLAN_STATUS_SUCCESS) {
1419 if (*state & HT_ADDBA_RECEIVED_MSK)
1420 printk(KERN_DEBUG "double addBA response\n");
1421
1422 *state |= HT_ADDBA_RECEIVED_MSK; 1450 *state |= HT_ADDBA_RECEIVED_MSK;
1423 sta->ampdu_mlme.addba_req_num[tid] = 0; 1451 sta->ampdu_mlme.addba_req_num[tid] = 0;
1424 1452
1425 if (*state == HT_AGG_STATE_OPERATIONAL) { 1453 if (*state == HT_AGG_STATE_OPERATIONAL)
1426 printk(KERN_DEBUG "Aggregation on for tid %d \n", tid);
1427 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]); 1454 ieee80211_wake_queue(hw, sta->tid_to_tx_q[tid]);
1428 }
1429 1455
1430 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1456 spin_unlock_bh(&sta->lock);
1431 printk(KERN_DEBUG "recipient accepted agg: tid %d \n", tid);
1432 } else { 1457 } else {
1433 printk(KERN_DEBUG "recipient rejected agg: tid %d \n", tid);
1434
1435 sta->ampdu_mlme.addba_req_num[tid]++; 1458 sta->ampdu_mlme.addba_req_num[tid]++;
1436 /* this will allow the state check in stop_BA_session */ 1459 /* this will allow the state check in stop_BA_session */
1437 *state = HT_AGG_STATE_OPERATIONAL; 1460 *state = HT_AGG_STATE_OPERATIONAL;
1438 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1461 spin_unlock_bh(&sta->lock);
1439 ieee80211_stop_tx_ba_session(hw, sta->addr, tid, 1462 ieee80211_stop_tx_ba_session(hw, sta->addr, tid,
1440 WLAN_BACK_INITIATOR); 1463 WLAN_BACK_INITIATOR);
1441 } 1464 }
@@ -1454,8 +1477,7 @@ void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid,
1454 struct ieee80211_mgmt *mgmt; 1477 struct ieee80211_mgmt *mgmt;
1455 u16 params; 1478 u16 params;
1456 1479
1457 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom + 1 + 1480 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
1458 sizeof(mgmt->u.action.u.delba));
1459 1481
1460 if (!skb) { 1482 if (!skb) {
1461 printk(KERN_ERR "%s: failed to allocate buffer " 1483 printk(KERN_ERR "%s: failed to allocate buffer "
@@ -1488,6 +1510,35 @@ void ieee80211_send_delba(struct net_device *dev, const u8 *da, u16 tid,
1488 ieee80211_sta_tx(dev, skb, 0); 1510 ieee80211_sta_tx(dev, skb, 0);
1489} 1511}
1490 1512
1513void ieee80211_send_bar(struct net_device *dev, u8 *ra, u16 tid, u16 ssn)
1514{
1515 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1516 struct sk_buff *skb;
1517 struct ieee80211_bar *bar;
1518 u16 bar_control = 0;
1519
1520 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
1521 if (!skb) {
1522 printk(KERN_ERR "%s: failed to allocate buffer for "
1523 "bar frame\n", dev->name);
1524 return;
1525 }
1526 skb_reserve(skb, local->hw.extra_tx_headroom);
1527 bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
1528 memset(bar, 0, sizeof(*bar));
1529 bar->frame_control = IEEE80211_FC(IEEE80211_FTYPE_CTL,
1530 IEEE80211_STYPE_BACK_REQ);
1531 memcpy(bar->ra, ra, ETH_ALEN);
1532 memcpy(bar->ta, dev->dev_addr, ETH_ALEN);
1533 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
1534 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
1535 bar_control |= (u16)(tid << 12);
1536 bar->control = cpu_to_le16(bar_control);
1537 bar->start_seq_num = cpu_to_le16(ssn);
1538
1539 ieee80211_sta_tx(dev, skb, 0);
1540}
1541
1491void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid, 1542void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid,
1492 u16 initiator, u16 reason) 1543 u16 initiator, u16 reason)
1493{ 1544{
@@ -1506,17 +1557,17 @@ void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid,
1506 } 1557 }
1507 1558
1508 /* check if TID is in operational state */ 1559 /* check if TID is in operational state */
1509 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx); 1560 spin_lock_bh(&sta->lock);
1510 if (sta->ampdu_mlme.tid_state_rx[tid] 1561 if (sta->ampdu_mlme.tid_state_rx[tid]
1511 != HT_AGG_STATE_OPERATIONAL) { 1562 != HT_AGG_STATE_OPERATIONAL) {
1512 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); 1563 spin_unlock_bh(&sta->lock);
1513 rcu_read_unlock(); 1564 rcu_read_unlock();
1514 return; 1565 return;
1515 } 1566 }
1516 sta->ampdu_mlme.tid_state_rx[tid] = 1567 sta->ampdu_mlme.tid_state_rx[tid] =
1517 HT_AGG_STATE_REQ_STOP_BA_MSK | 1568 HT_AGG_STATE_REQ_STOP_BA_MSK |
1518 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 1569 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
1519 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); 1570 spin_unlock_bh(&sta->lock);
1520 1571
1521 /* stop HW Rx aggregation. ampdu_action existence 1572 /* stop HW Rx aggregation. ampdu_action existence
1522 * already verified in session init so we add the BUG_ON */ 1573 * already verified in session init so we add the BUG_ON */
@@ -1531,7 +1582,7 @@ void ieee80211_sta_stop_rx_ba_session(struct net_device *dev, u8 *ra, u16 tid,
1531 ra, tid, NULL); 1582 ra, tid, NULL);
1532 if (ret) 1583 if (ret)
1533 printk(KERN_DEBUG "HW problem - can not stop rx " 1584 printk(KERN_DEBUG "HW problem - can not stop rx "
1534 "aggergation for tid %d\n", tid); 1585 "aggregation for tid %d\n", tid);
1535 1586
1536 /* shutdown timer has not expired */ 1587 /* shutdown timer has not expired */
1537 if (initiator != WLAN_BACK_TIMER) 1588 if (initiator != WLAN_BACK_TIMER)
@@ -1593,10 +1644,10 @@ static void ieee80211_sta_process_delba(struct net_device *dev,
1593 ieee80211_sta_stop_rx_ba_session(dev, sta->addr, tid, 1644 ieee80211_sta_stop_rx_ba_session(dev, sta->addr, tid,
1594 WLAN_BACK_INITIATOR, 0); 1645 WLAN_BACK_INITIATOR, 0);
1595 else { /* WLAN_BACK_RECIPIENT */ 1646 else { /* WLAN_BACK_RECIPIENT */
1596 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 1647 spin_lock_bh(&sta->lock);
1597 sta->ampdu_mlme.tid_state_tx[tid] = 1648 sta->ampdu_mlme.tid_state_tx[tid] =
1598 HT_AGG_STATE_OPERATIONAL; 1649 HT_AGG_STATE_OPERATIONAL;
1599 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1650 spin_unlock_bh(&sta->lock);
1600 ieee80211_stop_tx_ba_session(&local->hw, sta->addr, tid, 1651 ieee80211_stop_tx_ba_session(&local->hw, sta->addr, tid,
1601 WLAN_BACK_RECIPIENT); 1652 WLAN_BACK_RECIPIENT);
1602 } 1653 }
@@ -1614,7 +1665,7 @@ void sta_addba_resp_timer_expired(unsigned long data)
1614 * only one argument, and both sta_info and TID are needed, so init 1665 * only one argument, and both sta_info and TID are needed, so init
1615 * flow in sta_info_create gives the TID as data, while the timer_to_id 1666 * flow in sta_info_create gives the TID as data, while the timer_to_id
1616 * array gives the sta through container_of */ 1667 * array gives the sta through container_of */
1617 u16 tid = *(int *)data; 1668 u16 tid = *(u8 *)data;
1618 struct sta_info *temp_sta = container_of((void *)data, 1669 struct sta_info *temp_sta = container_of((void *)data,
1619 struct sta_info, timer_to_tid[tid]); 1670 struct sta_info, timer_to_tid[tid]);
1620 1671
@@ -1633,20 +1684,24 @@ void sta_addba_resp_timer_expired(unsigned long data)
1633 1684
1634 state = &sta->ampdu_mlme.tid_state_tx[tid]; 1685 state = &sta->ampdu_mlme.tid_state_tx[tid];
1635 /* check if the TID waits for addBA response */ 1686 /* check if the TID waits for addBA response */
1636 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); 1687 spin_lock_bh(&sta->lock);
1637 if (!(*state & HT_ADDBA_REQUESTED_MSK)) { 1688 if (!(*state & HT_ADDBA_REQUESTED_MSK)) {
1638 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1689 spin_unlock_bh(&sta->lock);
1639 *state = HT_AGG_STATE_IDLE; 1690 *state = HT_AGG_STATE_IDLE;
1691#ifdef CONFIG_MAC80211_HT_DEBUG
1640 printk(KERN_DEBUG "timer expired on tid %d but we are not " 1692 printk(KERN_DEBUG "timer expired on tid %d but we are not "
1641 "expecting addBA response there", tid); 1693 "expecting addBA response there", tid);
1694#endif
1642 goto timer_expired_exit; 1695 goto timer_expired_exit;
1643 } 1696 }
1644 1697
1698#ifdef CONFIG_MAC80211_HT_DEBUG
1645 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 1699 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
1700#endif
1646 1701
1647 /* go through the state check in stop_BA_session */ 1702 /* go through the state check in stop_BA_session */
1648 *state = HT_AGG_STATE_OPERATIONAL; 1703 *state = HT_AGG_STATE_OPERATIONAL;
1649 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 1704 spin_unlock_bh(&sta->lock);
1650 ieee80211_stop_tx_ba_session(hw, temp_sta->addr, tid, 1705 ieee80211_stop_tx_ba_session(hw, temp_sta->addr, tid,
1651 WLAN_BACK_INITIATOR); 1706 WLAN_BACK_INITIATOR);
1652 1707
@@ -1659,10 +1714,10 @@ timer_expired_exit:
1659 * resetting it after each frame that arrives from the originator. 1714 * resetting it after each frame that arrives from the originator.
1660 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed. 1715 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
1661 */ 1716 */
1662void sta_rx_agg_session_timer_expired(unsigned long data) 1717static void sta_rx_agg_session_timer_expired(unsigned long data)
1663{ 1718{
1664 /* not an elegant detour, but there is no choice as the timer passes 1719 /* not an elegant detour, but there is no choice as the timer passes
1665 * only one argument, and verious sta_info are needed here, so init 1720 * only one argument, and various sta_info are needed here, so init
1666 * flow in sta_info_create gives the TID as data, while the timer_to_id 1721 * flow in sta_info_create gives the TID as data, while the timer_to_id
1667 * array gives the sta through container_of */ 1722 * array gives the sta through container_of */
1668 u8 *ptid = (u8 *)data; 1723 u8 *ptid = (u8 *)data;
@@ -1670,7 +1725,9 @@ void sta_rx_agg_session_timer_expired(unsigned long data)
1670 struct sta_info *sta = container_of(timer_to_id, struct sta_info, 1725 struct sta_info *sta = container_of(timer_to_id, struct sta_info,
1671 timer_to_tid[0]); 1726 timer_to_tid[0]);
1672 1727
1728#ifdef CONFIG_MAC80211_HT_DEBUG
1673 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid); 1729 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
1730#endif
1674 ieee80211_sta_stop_rx_ba_session(sta->sdata->dev, sta->addr, 1731 ieee80211_sta_stop_rx_ba_session(sta->sdata->dev, sta->addr,
1675 (u16)*ptid, WLAN_BACK_TIMER, 1732 (u16)*ptid, WLAN_BACK_TIMER,
1676 WLAN_REASON_QSTA_TIMEOUT); 1733 WLAN_REASON_QSTA_TIMEOUT);
@@ -1690,6 +1747,71 @@ void ieee80211_sta_tear_down_BA_sessions(struct net_device *dev, u8 *addr)
1690 } 1747 }
1691} 1748}
1692 1749
1750static void ieee80211_send_refuse_measurement_request(struct net_device *dev,
1751 struct ieee80211_msrment_ie *request_ie,
1752 const u8 *da, const u8 *bssid,
1753 u8 dialog_token)
1754{
1755 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1756 struct sk_buff *skb;
1757 struct ieee80211_mgmt *msr_report;
1758
1759 skb = dev_alloc_skb(sizeof(*msr_report) + local->hw.extra_tx_headroom +
1760 sizeof(struct ieee80211_msrment_ie));
1761
1762 if (!skb) {
1763 printk(KERN_ERR "%s: failed to allocate buffer for "
1764 "measurement report frame\n", dev->name);
1765 return;
1766 }
1767
1768 skb_reserve(skb, local->hw.extra_tx_headroom);
1769 msr_report = (struct ieee80211_mgmt *)skb_put(skb, 24);
1770 memset(msr_report, 0, 24);
1771 memcpy(msr_report->da, da, ETH_ALEN);
1772 memcpy(msr_report->sa, dev->dev_addr, ETH_ALEN);
1773 memcpy(msr_report->bssid, bssid, ETH_ALEN);
1774 msr_report->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1775 IEEE80211_STYPE_ACTION);
1776
1777 skb_put(skb, 1 + sizeof(msr_report->u.action.u.measurement));
1778 msr_report->u.action.category = WLAN_CATEGORY_SPECTRUM_MGMT;
1779 msr_report->u.action.u.measurement.action_code =
1780 WLAN_ACTION_SPCT_MSR_RPRT;
1781 msr_report->u.action.u.measurement.dialog_token = dialog_token;
1782
1783 msr_report->u.action.u.measurement.element_id = WLAN_EID_MEASURE_REPORT;
1784 msr_report->u.action.u.measurement.length =
1785 sizeof(struct ieee80211_msrment_ie);
1786
1787 memset(&msr_report->u.action.u.measurement.msr_elem, 0,
1788 sizeof(struct ieee80211_msrment_ie));
1789 msr_report->u.action.u.measurement.msr_elem.token = request_ie->token;
1790 msr_report->u.action.u.measurement.msr_elem.mode |=
1791 IEEE80211_SPCT_MSR_RPRT_MODE_REFUSED;
1792 msr_report->u.action.u.measurement.msr_elem.type = request_ie->type;
1793
1794 ieee80211_sta_tx(dev, skb, 0);
1795}
1796
1797static void ieee80211_sta_process_measurement_req(struct net_device *dev,
1798 struct ieee80211_mgmt *mgmt,
1799 size_t len)
1800{
1801 /*
1802 * Ignoring measurement request is spec violation.
1803 * Mandatory measurements must be reported optional
1804 * measurements might be refused or reported incapable
1805 * For now just refuse
1806 * TODO: Answer basic measurement as unmeasured
1807 */
1808 ieee80211_send_refuse_measurement_request(dev,
1809 &mgmt->u.action.u.measurement.msr_elem,
1810 mgmt->sa, mgmt->bssid,
1811 mgmt->u.action.u.measurement.dialog_token);
1812}
1813
1814
1693static void ieee80211_rx_mgmt_auth(struct net_device *dev, 1815static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1694 struct ieee80211_if_sta *ifsta, 1816 struct ieee80211_if_sta *ifsta,
1695 struct ieee80211_mgmt *mgmt, 1817 struct ieee80211_mgmt *mgmt,
@@ -1700,73 +1822,41 @@ static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1700 DECLARE_MAC_BUF(mac); 1822 DECLARE_MAC_BUF(mac);
1701 1823
1702 if (ifsta->state != IEEE80211_AUTHENTICATE && 1824 if (ifsta->state != IEEE80211_AUTHENTICATE &&
1703 sdata->vif.type != IEEE80211_IF_TYPE_IBSS) { 1825 sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
1704 printk(KERN_DEBUG "%s: authentication frame received from "
1705 "%s, but not in authenticate state - ignored\n",
1706 dev->name, print_mac(mac, mgmt->sa));
1707 return; 1826 return;
1708 }
1709 1827
1710 if (len < 24 + 6) { 1828 if (len < 24 + 6)
1711 printk(KERN_DEBUG "%s: too short (%zd) authentication frame "
1712 "received from %s - ignored\n",
1713 dev->name, len, print_mac(mac, mgmt->sa));
1714 return; 1829 return;
1715 }
1716 1830
1717 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 1831 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1718 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1832 memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0)
1719 printk(KERN_DEBUG "%s: authentication frame received from "
1720 "unknown AP (SA=%s BSSID=%s) - "
1721 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1722 print_mac(mac, mgmt->bssid));
1723 return; 1833 return;
1724 }
1725 1834
1726 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 1835 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
1727 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) { 1836 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
1728 printk(KERN_DEBUG "%s: authentication frame received from "
1729 "unknown BSSID (SA=%s BSSID=%s) - "
1730 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1731 print_mac(mac, mgmt->bssid));
1732 return; 1837 return;
1733 }
1734 1838
1735 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 1839 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1736 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 1840 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1737 status_code = le16_to_cpu(mgmt->u.auth.status_code); 1841 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1738 1842
1739 printk(KERN_DEBUG "%s: RX authentication from %s (alg=%d "
1740 "transaction=%d status=%d)\n",
1741 dev->name, print_mac(mac, mgmt->sa), auth_alg,
1742 auth_transaction, status_code);
1743
1744 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 1843 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
1745 /* IEEE 802.11 standard does not require authentication in IBSS 1844 /*
1845 * IEEE 802.11 standard does not require authentication in IBSS
1746 * networks and most implementations do not seem to use it. 1846 * networks and most implementations do not seem to use it.
1747 * However, try to reply to authentication attempts if someone 1847 * However, try to reply to authentication attempts if someone
1748 * has actually implemented this. 1848 * has actually implemented this.
1749 * TODO: Could implement shared key authentication. */ 1849 */
1750 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) { 1850 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1)
1751 printk(KERN_DEBUG "%s: unexpected IBSS authentication "
1752 "frame (alg=%d transaction=%d)\n",
1753 dev->name, auth_alg, auth_transaction);
1754 return; 1851 return;
1755 }
1756 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0); 1852 ieee80211_send_auth(dev, ifsta, 2, NULL, 0, 0);
1757 } 1853 }
1758 1854
1759 if (auth_alg != ifsta->auth_alg || 1855 if (auth_alg != ifsta->auth_alg ||
1760 auth_transaction != ifsta->auth_transaction) { 1856 auth_transaction != ifsta->auth_transaction)
1761 printk(KERN_DEBUG "%s: unexpected authentication frame "
1762 "(alg=%d transaction=%d)\n",
1763 dev->name, auth_alg, auth_transaction);
1764 return; 1857 return;
1765 }
1766 1858
1767 if (status_code != WLAN_STATUS_SUCCESS) { 1859 if (status_code != WLAN_STATUS_SUCCESS) {
1768 printk(KERN_DEBUG "%s: AP denied authentication (auth_alg=%d "
1769 "code=%d)\n", dev->name, ifsta->auth_alg, status_code);
1770 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) { 1860 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
1771 u8 algs[3]; 1861 u8 algs[3];
1772 const int num_algs = ARRAY_SIZE(algs); 1862 const int num_algs = ARRAY_SIZE(algs);
@@ -1795,9 +1885,6 @@ static void ieee80211_rx_mgmt_auth(struct net_device *dev,
1795 !ieee80211_sta_wep_configured(dev)) 1885 !ieee80211_sta_wep_configured(dev))
1796 continue; 1886 continue;
1797 ifsta->auth_alg = algs[pos]; 1887 ifsta->auth_alg = algs[pos];
1798 printk(KERN_DEBUG "%s: set auth_alg=%d for "
1799 "next try\n",
1800 dev->name, ifsta->auth_alg);
1801 break; 1888 break;
1802 } 1889 }
1803 } 1890 }
@@ -1827,30 +1914,16 @@ static void ieee80211_rx_mgmt_deauth(struct net_device *dev,
1827 u16 reason_code; 1914 u16 reason_code;
1828 DECLARE_MAC_BUF(mac); 1915 DECLARE_MAC_BUF(mac);
1829 1916
1830 if (len < 24 + 2) { 1917 if (len < 24 + 2)
1831 printk(KERN_DEBUG "%s: too short (%zd) deauthentication frame "
1832 "received from %s - ignored\n",
1833 dev->name, len, print_mac(mac, mgmt->sa));
1834 return; 1918 return;
1835 }
1836 1919
1837 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1920 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN))
1838 printk(KERN_DEBUG "%s: deauthentication frame received from "
1839 "unknown AP (SA=%s BSSID=%s) - "
1840 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1841 print_mac(mac, mgmt->bssid));
1842 return; 1921 return;
1843 }
1844 1922
1845 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code); 1923 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
1846 1924
1847 printk(KERN_DEBUG "%s: RX deauthentication from %s" 1925 if (ifsta->flags & IEEE80211_STA_AUTHENTICATED)
1848 " (reason=%d)\n",
1849 dev->name, print_mac(mac, mgmt->sa), reason_code);
1850
1851 if (ifsta->flags & IEEE80211_STA_AUTHENTICATED) {
1852 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name); 1926 printk(KERN_DEBUG "%s: deauthenticated\n", dev->name);
1853 }
1854 1927
1855 if (ifsta->state == IEEE80211_AUTHENTICATE || 1928 if (ifsta->state == IEEE80211_AUTHENTICATE ||
1856 ifsta->state == IEEE80211_ASSOCIATE || 1929 ifsta->state == IEEE80211_ASSOCIATE ||
@@ -1873,27 +1946,14 @@ static void ieee80211_rx_mgmt_disassoc(struct net_device *dev,
1873 u16 reason_code; 1946 u16 reason_code;
1874 DECLARE_MAC_BUF(mac); 1947 DECLARE_MAC_BUF(mac);
1875 1948
1876 if (len < 24 + 2) { 1949 if (len < 24 + 2)
1877 printk(KERN_DEBUG "%s: too short (%zd) disassociation frame "
1878 "received from %s - ignored\n",
1879 dev->name, len, print_mac(mac, mgmt->sa));
1880 return; 1950 return;
1881 }
1882 1951
1883 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1952 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN))
1884 printk(KERN_DEBUG "%s: disassociation frame received from "
1885 "unknown AP (SA=%s BSSID=%s) - "
1886 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1887 print_mac(mac, mgmt->bssid));
1888 return; 1953 return;
1889 }
1890 1954
1891 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1955 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
1892 1956
1893 printk(KERN_DEBUG "%s: RX disassociation from %s"
1894 " (reason=%d)\n",
1895 dev->name, print_mac(mac, mgmt->sa), reason_code);
1896
1897 if (ifsta->flags & IEEE80211_STA_ASSOCIATED) 1957 if (ifsta->flags & IEEE80211_STA_ASSOCIATED)
1898 printk(KERN_DEBUG "%s: disassociated\n", dev->name); 1958 printk(KERN_DEBUG "%s: disassociated\n", dev->name);
1899 1959
@@ -1929,27 +1989,14 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
1929 /* AssocResp and ReassocResp have identical structure, so process both 1989 /* AssocResp and ReassocResp have identical structure, so process both
1930 * of them in this function. */ 1990 * of them in this function. */
1931 1991
1932 if (ifsta->state != IEEE80211_ASSOCIATE) { 1992 if (ifsta->state != IEEE80211_ASSOCIATE)
1933 printk(KERN_DEBUG "%s: association frame received from "
1934 "%s, but not in associate state - ignored\n",
1935 dev->name, print_mac(mac, mgmt->sa));
1936 return; 1993 return;
1937 }
1938 1994
1939 if (len < 24 + 6) { 1995 if (len < 24 + 6)
1940 printk(KERN_DEBUG "%s: too short (%zd) association frame "
1941 "received from %s - ignored\n",
1942 dev->name, len, print_mac(mac, mgmt->sa));
1943 return; 1996 return;
1944 }
1945 1997
1946 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0) { 1998 if (memcmp(ifsta->bssid, mgmt->sa, ETH_ALEN) != 0)
1947 printk(KERN_DEBUG "%s: association frame received from "
1948 "unknown AP (SA=%s BSSID=%s) - "
1949 "ignored\n", dev->name, print_mac(mac, mgmt->sa),
1950 print_mac(mac, mgmt->bssid));
1951 return; 1999 return;
1952 }
1953 2000
1954 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info); 2001 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
1955 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2002 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
@@ -2013,10 +2060,10 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2013 local->hw.conf.channel->center_freq, 2060 local->hw.conf.channel->center_freq,
2014 ifsta->ssid, ifsta->ssid_len); 2061 ifsta->ssid, ifsta->ssid_len);
2015 if (bss) { 2062 if (bss) {
2016 sta->last_rssi = bss->rssi;
2017 sta->last_signal = bss->signal; 2063 sta->last_signal = bss->signal;
2064 sta->last_qual = bss->qual;
2018 sta->last_noise = bss->noise; 2065 sta->last_noise = bss->noise;
2019 ieee80211_rx_bss_put(dev, bss); 2066 ieee80211_rx_bss_put(local, bss);
2020 } 2067 }
2021 2068
2022 err = sta_info_insert(sta); 2069 err = sta_info_insert(sta);
@@ -2026,6 +2073,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2026 rcu_read_unlock(); 2073 rcu_read_unlock();
2027 return; 2074 return;
2028 } 2075 }
2076 /* update new sta with its last rx activity */
2077 sta->last_rx = jiffies;
2029 } 2078 }
2030 2079
2031 /* 2080 /*
@@ -2038,8 +2087,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2038 * to between the sta_info_alloc() and sta_info_insert() above. 2087 * to between the sta_info_alloc() and sta_info_insert() above.
2039 */ 2088 */
2040 2089
2041 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP | 2090 set_sta_flags(sta, WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_AP |
2042 WLAN_STA_AUTHORIZED; 2091 WLAN_STA_AUTHORIZED);
2043 2092
2044 rates = 0; 2093 rates = 0;
2045 basic_rates = 0; 2094 basic_rates = 0;
@@ -2083,7 +2132,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2083 else 2132 else
2084 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 2133 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
2085 2134
2086 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param) { 2135 if (elems.ht_cap_elem && elems.ht_info_elem && elems.wmm_param &&
2136 (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2087 struct ieee80211_ht_bss_info bss_info; 2137 struct ieee80211_ht_bss_info bss_info;
2088 ieee80211_ht_cap_ie_to_ht_info( 2138 ieee80211_ht_cap_ie_to_ht_info(
2089 (struct ieee80211_ht_cap *) 2139 (struct ieee80211_ht_cap *)
@@ -2096,8 +2146,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2096 2146
2097 rate_control_rate_init(sta, local); 2147 rate_control_rate_init(sta, local);
2098 2148
2099 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) { 2149 if (elems.wmm_param) {
2100 sta->flags |= WLAN_STA_WME; 2150 set_sta_flags(sta, WLAN_STA_WME);
2101 rcu_read_unlock(); 2151 rcu_read_unlock();
2102 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param, 2152 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2103 elems.wmm_param_len); 2153 elems.wmm_param_len);
@@ -2133,10 +2183,9 @@ static void __ieee80211_rx_bss_hash_add(struct net_device *dev,
2133 2183
2134 2184
2135/* Caller must hold local->sta_bss_lock */ 2185/* Caller must hold local->sta_bss_lock */
2136static void __ieee80211_rx_bss_hash_del(struct net_device *dev, 2186static void __ieee80211_rx_bss_hash_del(struct ieee80211_local *local,
2137 struct ieee80211_sta_bss *bss) 2187 struct ieee80211_sta_bss *bss)
2138{ 2188{
2139 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2140 struct ieee80211_sta_bss *b, *prev = NULL; 2189 struct ieee80211_sta_bss *b, *prev = NULL;
2141 b = local->sta_bss_hash[STA_HASH(bss->bssid)]; 2190 b = local->sta_bss_hash[STA_HASH(bss->bssid)];
2142 while (b) { 2191 while (b) {
@@ -2281,45 +2330,42 @@ static void ieee80211_rx_bss_free(struct ieee80211_sta_bss *bss)
2281 kfree(bss->rsn_ie); 2330 kfree(bss->rsn_ie);
2282 kfree(bss->wmm_ie); 2331 kfree(bss->wmm_ie);
2283 kfree(bss->ht_ie); 2332 kfree(bss->ht_ie);
2333 kfree(bss->ht_add_ie);
2284 kfree(bss_mesh_id(bss)); 2334 kfree(bss_mesh_id(bss));
2285 kfree(bss_mesh_cfg(bss)); 2335 kfree(bss_mesh_cfg(bss));
2286 kfree(bss); 2336 kfree(bss);
2287} 2337}
2288 2338
2289 2339
2290static void ieee80211_rx_bss_put(struct net_device *dev, 2340static void ieee80211_rx_bss_put(struct ieee80211_local *local,
2291 struct ieee80211_sta_bss *bss) 2341 struct ieee80211_sta_bss *bss)
2292{ 2342{
2293 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2294
2295 local_bh_disable(); 2343 local_bh_disable();
2296 if (!atomic_dec_and_lock(&bss->users, &local->sta_bss_lock)) { 2344 if (!atomic_dec_and_lock(&bss->users, &local->sta_bss_lock)) {
2297 local_bh_enable(); 2345 local_bh_enable();
2298 return; 2346 return;
2299 } 2347 }
2300 2348
2301 __ieee80211_rx_bss_hash_del(dev, bss); 2349 __ieee80211_rx_bss_hash_del(local, bss);
2302 list_del(&bss->list); 2350 list_del(&bss->list);
2303 spin_unlock_bh(&local->sta_bss_lock); 2351 spin_unlock_bh(&local->sta_bss_lock);
2304 ieee80211_rx_bss_free(bss); 2352 ieee80211_rx_bss_free(bss);
2305} 2353}
2306 2354
2307 2355
2308void ieee80211_rx_bss_list_init(struct net_device *dev) 2356void ieee80211_rx_bss_list_init(struct ieee80211_local *local)
2309{ 2357{
2310 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2311 spin_lock_init(&local->sta_bss_lock); 2358 spin_lock_init(&local->sta_bss_lock);
2312 INIT_LIST_HEAD(&local->sta_bss_list); 2359 INIT_LIST_HEAD(&local->sta_bss_list);
2313} 2360}
2314 2361
2315 2362
2316void ieee80211_rx_bss_list_deinit(struct net_device *dev) 2363void ieee80211_rx_bss_list_deinit(struct ieee80211_local *local)
2317{ 2364{
2318 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2319 struct ieee80211_sta_bss *bss, *tmp; 2365 struct ieee80211_sta_bss *bss, *tmp;
2320 2366
2321 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list) 2367 list_for_each_entry_safe(bss, tmp, &local->sta_bss_list, list)
2322 ieee80211_rx_bss_put(dev, bss); 2368 ieee80211_rx_bss_put(local, bss);
2323} 2369}
2324 2370
2325 2371
@@ -2331,11 +2377,10 @@ static int ieee80211_sta_join_ibss(struct net_device *dev,
2331 int res, rates, i, j; 2377 int res, rates, i, j;
2332 struct sk_buff *skb; 2378 struct sk_buff *skb;
2333 struct ieee80211_mgmt *mgmt; 2379 struct ieee80211_mgmt *mgmt;
2334 struct ieee80211_tx_control control;
2335 struct rate_selection ratesel;
2336 u8 *pos; 2380 u8 *pos;
2337 struct ieee80211_sub_if_data *sdata; 2381 struct ieee80211_sub_if_data *sdata;
2338 struct ieee80211_supported_band *sband; 2382 struct ieee80211_supported_band *sband;
2383 union iwreq_data wrqu;
2339 2384
2340 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 2385 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2341 2386
@@ -2349,7 +2394,7 @@ static int ieee80211_sta_join_ibss(struct net_device *dev,
2349 local->ops->reset_tsf(local_to_hw(local)); 2394 local->ops->reset_tsf(local_to_hw(local));
2350 } 2395 }
2351 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN); 2396 memcpy(ifsta->bssid, bss->bssid, ETH_ALEN);
2352 res = ieee80211_if_config(dev); 2397 res = ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID);
2353 if (res) 2398 if (res)
2354 return res; 2399 return res;
2355 2400
@@ -2358,32 +2403,27 @@ static int ieee80211_sta_join_ibss(struct net_device *dev,
2358 sdata->drop_unencrypted = bss->capability & 2403 sdata->drop_unencrypted = bss->capability &
2359 WLAN_CAPABILITY_PRIVACY ? 1 : 0; 2404 WLAN_CAPABILITY_PRIVACY ? 1 : 0;
2360 2405
2361 res = ieee80211_set_freq(local, bss->freq); 2406 res = ieee80211_set_freq(dev, bss->freq);
2362 2407
2363 if (local->oper_channel->flags & IEEE80211_CHAN_NO_IBSS) { 2408 if (res)
2364 printk(KERN_DEBUG "%s: IBSS not allowed on frequency " 2409 return res;
2365 "%d MHz\n", dev->name, local->oper_channel->center_freq);
2366 return -1;
2367 }
2368 2410
2369 /* Set beacon template */ 2411 /* Build IBSS probe response */
2370 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 2412 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400);
2371 do { 2413 if (skb) {
2372 if (!skb)
2373 break;
2374
2375 skb_reserve(skb, local->hw.extra_tx_headroom); 2414 skb_reserve(skb, local->hw.extra_tx_headroom);
2376 2415
2377 mgmt = (struct ieee80211_mgmt *) 2416 mgmt = (struct ieee80211_mgmt *)
2378 skb_put(skb, 24 + sizeof(mgmt->u.beacon)); 2417 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
2379 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 2418 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2380 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 2419 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2381 IEEE80211_STYPE_BEACON); 2420 IEEE80211_STYPE_PROBE_RESP);
2382 memset(mgmt->da, 0xff, ETH_ALEN); 2421 memset(mgmt->da, 0xff, ETH_ALEN);
2383 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN); 2422 memcpy(mgmt->sa, dev->dev_addr, ETH_ALEN);
2384 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN); 2423 memcpy(mgmt->bssid, ifsta->bssid, ETH_ALEN);
2385 mgmt->u.beacon.beacon_int = 2424 mgmt->u.beacon.beacon_int =
2386 cpu_to_le16(local->hw.conf.beacon_int); 2425 cpu_to_le16(local->hw.conf.beacon_int);
2426 mgmt->u.beacon.timestamp = cpu_to_le64(bss->timestamp);
2387 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability); 2427 mgmt->u.beacon.capab_info = cpu_to_le16(bss->capability);
2388 2428
2389 pos = skb_put(skb, 2 + ifsta->ssid_len); 2429 pos = skb_put(skb, 2 + ifsta->ssid_len);
@@ -2421,65 +2461,29 @@ static int ieee80211_sta_join_ibss(struct net_device *dev,
2421 memcpy(pos, &bss->supp_rates[8], rates); 2461 memcpy(pos, &bss->supp_rates[8], rates);
2422 } 2462 }
2423 2463
2424 memset(&control, 0, sizeof(control)); 2464 ifsta->probe_resp = skb;
2425 rate_control_get_rate(dev, sband, skb, &ratesel);
2426 if (!ratesel.rate) {
2427 printk(KERN_DEBUG "%s: Failed to determine TX rate "
2428 "for IBSS beacon\n", dev->name);
2429 break;
2430 }
2431 control.vif = &sdata->vif;
2432 control.tx_rate = ratesel.rate;
2433 if (sdata->bss_conf.use_short_preamble &&
2434 ratesel.rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
2435 control.flags |= IEEE80211_TXCTL_SHORT_PREAMBLE;
2436 control.antenna_sel_tx = local->hw.conf.antenna_sel_tx;
2437 control.flags |= IEEE80211_TXCTL_NO_ACK;
2438 control.retry_limit = 1;
2439
2440 ifsta->probe_resp = skb_copy(skb, GFP_ATOMIC);
2441 if (ifsta->probe_resp) {
2442 mgmt = (struct ieee80211_mgmt *)
2443 ifsta->probe_resp->data;
2444 mgmt->frame_control =
2445 IEEE80211_FC(IEEE80211_FTYPE_MGMT,
2446 IEEE80211_STYPE_PROBE_RESP);
2447 } else {
2448 printk(KERN_DEBUG "%s: Could not allocate ProbeResp "
2449 "template for IBSS\n", dev->name);
2450 }
2451
2452 if (local->ops->beacon_update &&
2453 local->ops->beacon_update(local_to_hw(local),
2454 skb, &control) == 0) {
2455 printk(KERN_DEBUG "%s: Configured IBSS beacon "
2456 "template\n", dev->name);
2457 skb = NULL;
2458 }
2459
2460 rates = 0;
2461 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2462 for (i = 0; i < bss->supp_rates_len; i++) {
2463 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2464 for (j = 0; j < sband->n_bitrates; j++)
2465 if (sband->bitrates[j].bitrate == bitrate)
2466 rates |= BIT(j);
2467 }
2468 ifsta->supp_rates_bits[local->hw.conf.channel->band] = rates;
2469 2465
2470 ieee80211_sta_def_wmm_params(dev, bss, 1); 2466 ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
2471 } while (0); 2467 }
2472 2468
2473 if (skb) { 2469 rates = 0;
2474 printk(KERN_DEBUG "%s: Failed to configure IBSS beacon " 2470 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
2475 "template\n", dev->name); 2471 for (i = 0; i < bss->supp_rates_len; i++) {
2476 dev_kfree_skb(skb); 2472 int bitrate = (bss->supp_rates[i] & 0x7f) * 5;
2473 for (j = 0; j < sband->n_bitrates; j++)
2474 if (sband->bitrates[j].bitrate == bitrate)
2475 rates |= BIT(j);
2477 } 2476 }
2477 ifsta->supp_rates_bits[local->hw.conf.channel->band] = rates;
2478
2479 ieee80211_sta_def_wmm_params(dev, bss, 1);
2478 2480
2479 ifsta->state = IEEE80211_IBSS_JOINED; 2481 ifsta->state = IEEE80211_IBSS_JOINED;
2480 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL); 2482 mod_timer(&ifsta->timer, jiffies + IEEE80211_IBSS_MERGE_INTERVAL);
2481 2483
2482 ieee80211_rx_bss_put(dev, bss); 2484 memset(&wrqu, 0, sizeof(wrqu));
2485 memcpy(wrqu.ap_addr.sa_data, bss->bssid, ETH_ALEN);
2486 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
2483 2487
2484 return res; 2488 return res;
2485} 2489}
@@ -2525,11 +2529,10 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2525 struct ieee80211_mgmt *mgmt, 2529 struct ieee80211_mgmt *mgmt,
2526 size_t len, 2530 size_t len,
2527 struct ieee80211_rx_status *rx_status, 2531 struct ieee80211_rx_status *rx_status,
2532 struct ieee802_11_elems *elems,
2528 int beacon) 2533 int beacon)
2529{ 2534{
2530 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 2535 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2531 struct ieee802_11_elems elems;
2532 size_t baselen;
2533 int freq, clen; 2536 int freq, clen;
2534 struct ieee80211_sta_bss *bss; 2537 struct ieee80211_sta_bss *bss;
2535 struct sta_info *sta; 2538 struct sta_info *sta;
@@ -2542,35 +2545,24 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2542 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN)) 2545 if (!beacon && memcmp(mgmt->da, dev->dev_addr, ETH_ALEN))
2543 return; /* ignore ProbeResp to foreign address */ 2546 return; /* ignore ProbeResp to foreign address */
2544 2547
2545#if 0
2546 printk(KERN_DEBUG "%s: RX %s from %s to %s\n",
2547 dev->name, beacon ? "Beacon" : "Probe Response",
2548 print_mac(mac, mgmt->sa), print_mac(mac2, mgmt->da));
2549#endif
2550
2551 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2552 if (baselen > len)
2553 return;
2554
2555 beacon_timestamp = le64_to_cpu(mgmt->u.beacon.timestamp); 2548 beacon_timestamp = le64_to_cpu(mgmt->u.beacon.timestamp);
2556 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2557 2549
2558 if (ieee80211_vif_is_mesh(&sdata->vif) && elems.mesh_id && 2550 if (ieee80211_vif_is_mesh(&sdata->vif) && elems->mesh_id &&
2559 elems.mesh_config && mesh_matches_local(&elems, dev)) { 2551 elems->mesh_config && mesh_matches_local(elems, dev)) {
2560 u64 rates = ieee80211_sta_get_rates(local, &elems, 2552 u64 rates = ieee80211_sta_get_rates(local, elems,
2561 rx_status->band); 2553 rx_status->band);
2562 2554
2563 mesh_neighbour_update(mgmt->sa, rates, dev, 2555 mesh_neighbour_update(mgmt->sa, rates, dev,
2564 mesh_peer_accepts_plinks(&elems, dev)); 2556 mesh_peer_accepts_plinks(elems, dev));
2565 } 2557 }
2566 2558
2567 rcu_read_lock(); 2559 rcu_read_lock();
2568 2560
2569 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems.supp_rates && 2561 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && elems->supp_rates &&
2570 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 && 2562 memcmp(mgmt->bssid, sdata->u.sta.bssid, ETH_ALEN) == 0 &&
2571 (sta = sta_info_get(local, mgmt->sa))) { 2563 (sta = sta_info_get(local, mgmt->sa))) {
2572 u64 prev_rates; 2564 u64 prev_rates;
2573 u64 supp_rates = ieee80211_sta_get_rates(local, &elems, 2565 u64 supp_rates = ieee80211_sta_get_rates(local, elems,
2574 rx_status->band); 2566 rx_status->band);
2575 2567
2576 prev_rates = sta->supp_rates[rx_status->band]; 2568 prev_rates = sta->supp_rates[rx_status->band];
@@ -2582,21 +2574,12 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2582 sta->supp_rates[rx_status->band] = 2574 sta->supp_rates[rx_status->band] =
2583 sdata->u.sta.supp_rates_bits[rx_status->band]; 2575 sdata->u.sta.supp_rates_bits[rx_status->band];
2584 } 2576 }
2585 if (sta->supp_rates[rx_status->band] != prev_rates) {
2586 printk(KERN_DEBUG "%s: updated supp_rates set for "
2587 "%s based on beacon info (0x%llx & 0x%llx -> "
2588 "0x%llx)\n",
2589 dev->name, print_mac(mac, sta->addr),
2590 (unsigned long long) prev_rates,
2591 (unsigned long long) supp_rates,
2592 (unsigned long long) sta->supp_rates[rx_status->band]);
2593 }
2594 } 2577 }
2595 2578
2596 rcu_read_unlock(); 2579 rcu_read_unlock();
2597 2580
2598 if (elems.ds_params && elems.ds_params_len == 1) 2581 if (elems->ds_params && elems->ds_params_len == 1)
2599 freq = ieee80211_channel_to_frequency(elems.ds_params[0]); 2582 freq = ieee80211_channel_to_frequency(elems->ds_params[0]);
2600 else 2583 else
2601 freq = rx_status->freq; 2584 freq = rx_status->freq;
2602 2585
@@ -2606,23 +2589,23 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2606 return; 2589 return;
2607 2590
2608#ifdef CONFIG_MAC80211_MESH 2591#ifdef CONFIG_MAC80211_MESH
2609 if (elems.mesh_config) 2592 if (elems->mesh_config)
2610 bss = ieee80211_rx_mesh_bss_get(dev, elems.mesh_id, 2593 bss = ieee80211_rx_mesh_bss_get(dev, elems->mesh_id,
2611 elems.mesh_id_len, elems.mesh_config, freq); 2594 elems->mesh_id_len, elems->mesh_config, freq);
2612 else 2595 else
2613#endif 2596#endif
2614 bss = ieee80211_rx_bss_get(dev, mgmt->bssid, freq, 2597 bss = ieee80211_rx_bss_get(dev, mgmt->bssid, freq,
2615 elems.ssid, elems.ssid_len); 2598 elems->ssid, elems->ssid_len);
2616 if (!bss) { 2599 if (!bss) {
2617#ifdef CONFIG_MAC80211_MESH 2600#ifdef CONFIG_MAC80211_MESH
2618 if (elems.mesh_config) 2601 if (elems->mesh_config)
2619 bss = ieee80211_rx_mesh_bss_add(dev, elems.mesh_id, 2602 bss = ieee80211_rx_mesh_bss_add(dev, elems->mesh_id,
2620 elems.mesh_id_len, elems.mesh_config, 2603 elems->mesh_id_len, elems->mesh_config,
2621 elems.mesh_config_len, freq); 2604 elems->mesh_config_len, freq);
2622 else 2605 else
2623#endif 2606#endif
2624 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq, 2607 bss = ieee80211_rx_bss_add(dev, mgmt->bssid, freq,
2625 elems.ssid, elems.ssid_len); 2608 elems->ssid, elems->ssid_len);
2626 if (!bss) 2609 if (!bss)
2627 return; 2610 return;
2628 } else { 2611 } else {
@@ -2635,46 +2618,76 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2635 } 2618 }
2636 2619
2637 /* save the ERP value so that it is available at association time */ 2620 /* save the ERP value so that it is available at association time */
2638 if (elems.erp_info && elems.erp_info_len >= 1) { 2621 if (elems->erp_info && elems->erp_info_len >= 1) {
2639 bss->erp_value = elems.erp_info[0]; 2622 bss->erp_value = elems->erp_info[0];
2640 bss->has_erp_value = 1; 2623 bss->has_erp_value = 1;
2641 } 2624 }
2642 2625
2643 if (elems.ht_cap_elem && 2626 if (elems->ht_cap_elem &&
2644 (!bss->ht_ie || bss->ht_ie_len != elems.ht_cap_elem_len || 2627 (!bss->ht_ie || bss->ht_ie_len != elems->ht_cap_elem_len ||
2645 memcmp(bss->ht_ie, elems.ht_cap_elem, elems.ht_cap_elem_len))) { 2628 memcmp(bss->ht_ie, elems->ht_cap_elem, elems->ht_cap_elem_len))) {
2646 kfree(bss->ht_ie); 2629 kfree(bss->ht_ie);
2647 bss->ht_ie = kmalloc(elems.ht_cap_elem_len + 2, GFP_ATOMIC); 2630 bss->ht_ie = kmalloc(elems->ht_cap_elem_len + 2, GFP_ATOMIC);
2648 if (bss->ht_ie) { 2631 if (bss->ht_ie) {
2649 memcpy(bss->ht_ie, elems.ht_cap_elem - 2, 2632 memcpy(bss->ht_ie, elems->ht_cap_elem - 2,
2650 elems.ht_cap_elem_len + 2); 2633 elems->ht_cap_elem_len + 2);
2651 bss->ht_ie_len = elems.ht_cap_elem_len + 2; 2634 bss->ht_ie_len = elems->ht_cap_elem_len + 2;
2652 } else 2635 } else
2653 bss->ht_ie_len = 0; 2636 bss->ht_ie_len = 0;
2654 } else if (!elems.ht_cap_elem && bss->ht_ie) { 2637 } else if (!elems->ht_cap_elem && bss->ht_ie) {
2655 kfree(bss->ht_ie); 2638 kfree(bss->ht_ie);
2656 bss->ht_ie = NULL; 2639 bss->ht_ie = NULL;
2657 bss->ht_ie_len = 0; 2640 bss->ht_ie_len = 0;
2658 } 2641 }
2659 2642
2643 if (elems->ht_info_elem &&
2644 (!bss->ht_add_ie ||
2645 bss->ht_add_ie_len != elems->ht_info_elem_len ||
2646 memcmp(bss->ht_add_ie, elems->ht_info_elem,
2647 elems->ht_info_elem_len))) {
2648 kfree(bss->ht_add_ie);
2649 bss->ht_add_ie =
2650 kmalloc(elems->ht_info_elem_len + 2, GFP_ATOMIC);
2651 if (bss->ht_add_ie) {
2652 memcpy(bss->ht_add_ie, elems->ht_info_elem - 2,
2653 elems->ht_info_elem_len + 2);
2654 bss->ht_add_ie_len = elems->ht_info_elem_len + 2;
2655 } else
2656 bss->ht_add_ie_len = 0;
2657 } else if (!elems->ht_info_elem && bss->ht_add_ie) {
2658 kfree(bss->ht_add_ie);
2659 bss->ht_add_ie = NULL;
2660 bss->ht_add_ie_len = 0;
2661 }
2662
2660 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int); 2663 bss->beacon_int = le16_to_cpu(mgmt->u.beacon.beacon_int);
2661 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info); 2664 bss->capability = le16_to_cpu(mgmt->u.beacon.capab_info);
2662 2665
2666 if (elems->tim) {
2667 struct ieee80211_tim_ie *tim_ie =
2668 (struct ieee80211_tim_ie *)elems->tim;
2669 bss->dtim_period = tim_ie->dtim_period;
2670 }
2671
2672 /* set default value for buggy APs */
2673 if (!elems->tim || bss->dtim_period == 0)
2674 bss->dtim_period = 1;
2675
2663 bss->supp_rates_len = 0; 2676 bss->supp_rates_len = 0;
2664 if (elems.supp_rates) { 2677 if (elems->supp_rates) {
2665 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 2678 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2666 if (clen > elems.supp_rates_len) 2679 if (clen > elems->supp_rates_len)
2667 clen = elems.supp_rates_len; 2680 clen = elems->supp_rates_len;
2668 memcpy(&bss->supp_rates[bss->supp_rates_len], elems.supp_rates, 2681 memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates,
2669 clen); 2682 clen);
2670 bss->supp_rates_len += clen; 2683 bss->supp_rates_len += clen;
2671 } 2684 }
2672 if (elems.ext_supp_rates) { 2685 if (elems->ext_supp_rates) {
2673 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 2686 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
2674 if (clen > elems.ext_supp_rates_len) 2687 if (clen > elems->ext_supp_rates_len)
2675 clen = elems.ext_supp_rates_len; 2688 clen = elems->ext_supp_rates_len;
2676 memcpy(&bss->supp_rates[bss->supp_rates_len], 2689 memcpy(&bss->supp_rates[bss->supp_rates_len],
2677 elems.ext_supp_rates, clen); 2690 elems->ext_supp_rates, clen);
2678 bss->supp_rates_len += clen; 2691 bss->supp_rates_len += clen;
2679 } 2692 }
2680 2693
@@ -2682,9 +2695,9 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2682 2695
2683 bss->timestamp = beacon_timestamp; 2696 bss->timestamp = beacon_timestamp;
2684 bss->last_update = jiffies; 2697 bss->last_update = jiffies;
2685 bss->rssi = rx_status->ssi;
2686 bss->signal = rx_status->signal; 2698 bss->signal = rx_status->signal;
2687 bss->noise = rx_status->noise; 2699 bss->noise = rx_status->noise;
2700 bss->qual = rx_status->qual;
2688 if (!beacon && !bss->probe_resp) 2701 if (!beacon && !bss->probe_resp)
2689 bss->probe_resp = true; 2702 bss->probe_resp = true;
2690 2703
@@ -2694,37 +2707,37 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2694 */ 2707 */
2695 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 2708 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
2696 bss->probe_resp && beacon) { 2709 bss->probe_resp && beacon) {
2697 ieee80211_rx_bss_put(dev, bss); 2710 ieee80211_rx_bss_put(local, bss);
2698 return; 2711 return;
2699 } 2712 }
2700 2713
2701 if (elems.wpa && 2714 if (elems->wpa &&
2702 (!bss->wpa_ie || bss->wpa_ie_len != elems.wpa_len || 2715 (!bss->wpa_ie || bss->wpa_ie_len != elems->wpa_len ||
2703 memcmp(bss->wpa_ie, elems.wpa, elems.wpa_len))) { 2716 memcmp(bss->wpa_ie, elems->wpa, elems->wpa_len))) {
2704 kfree(bss->wpa_ie); 2717 kfree(bss->wpa_ie);
2705 bss->wpa_ie = kmalloc(elems.wpa_len + 2, GFP_ATOMIC); 2718 bss->wpa_ie = kmalloc(elems->wpa_len + 2, GFP_ATOMIC);
2706 if (bss->wpa_ie) { 2719 if (bss->wpa_ie) {
2707 memcpy(bss->wpa_ie, elems.wpa - 2, elems.wpa_len + 2); 2720 memcpy(bss->wpa_ie, elems->wpa - 2, elems->wpa_len + 2);
2708 bss->wpa_ie_len = elems.wpa_len + 2; 2721 bss->wpa_ie_len = elems->wpa_len + 2;
2709 } else 2722 } else
2710 bss->wpa_ie_len = 0; 2723 bss->wpa_ie_len = 0;
2711 } else if (!elems.wpa && bss->wpa_ie) { 2724 } else if (!elems->wpa && bss->wpa_ie) {
2712 kfree(bss->wpa_ie); 2725 kfree(bss->wpa_ie);
2713 bss->wpa_ie = NULL; 2726 bss->wpa_ie = NULL;
2714 bss->wpa_ie_len = 0; 2727 bss->wpa_ie_len = 0;
2715 } 2728 }
2716 2729
2717 if (elems.rsn && 2730 if (elems->rsn &&
2718 (!bss->rsn_ie || bss->rsn_ie_len != elems.rsn_len || 2731 (!bss->rsn_ie || bss->rsn_ie_len != elems->rsn_len ||
2719 memcmp(bss->rsn_ie, elems.rsn, elems.rsn_len))) { 2732 memcmp(bss->rsn_ie, elems->rsn, elems->rsn_len))) {
2720 kfree(bss->rsn_ie); 2733 kfree(bss->rsn_ie);
2721 bss->rsn_ie = kmalloc(elems.rsn_len + 2, GFP_ATOMIC); 2734 bss->rsn_ie = kmalloc(elems->rsn_len + 2, GFP_ATOMIC);
2722 if (bss->rsn_ie) { 2735 if (bss->rsn_ie) {
2723 memcpy(bss->rsn_ie, elems.rsn - 2, elems.rsn_len + 2); 2736 memcpy(bss->rsn_ie, elems->rsn - 2, elems->rsn_len + 2);
2724 bss->rsn_ie_len = elems.rsn_len + 2; 2737 bss->rsn_ie_len = elems->rsn_len + 2;
2725 } else 2738 } else
2726 bss->rsn_ie_len = 0; 2739 bss->rsn_ie_len = 0;
2727 } else if (!elems.rsn && bss->rsn_ie) { 2740 } else if (!elems->rsn && bss->rsn_ie) {
2728 kfree(bss->rsn_ie); 2741 kfree(bss->rsn_ie);
2729 bss->rsn_ie = NULL; 2742 bss->rsn_ie = NULL;
2730 bss->rsn_ie_len = 0; 2743 bss->rsn_ie_len = 0;
@@ -2744,20 +2757,21 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2744 * inclusion of the WMM Parameters in beacons, however, is optional. 2757 * inclusion of the WMM Parameters in beacons, however, is optional.
2745 */ 2758 */
2746 2759
2747 if (elems.wmm_param && 2760 if (elems->wmm_param &&
2748 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_param_len || 2761 (!bss->wmm_ie || bss->wmm_ie_len != elems->wmm_param_len ||
2749 memcmp(bss->wmm_ie, elems.wmm_param, elems.wmm_param_len))) { 2762 memcmp(bss->wmm_ie, elems->wmm_param, elems->wmm_param_len))) {
2750 kfree(bss->wmm_ie); 2763 kfree(bss->wmm_ie);
2751 bss->wmm_ie = kmalloc(elems.wmm_param_len + 2, GFP_ATOMIC); 2764 bss->wmm_ie = kmalloc(elems->wmm_param_len + 2, GFP_ATOMIC);
2752 if (bss->wmm_ie) { 2765 if (bss->wmm_ie) {
2753 memcpy(bss->wmm_ie, elems.wmm_param - 2, 2766 memcpy(bss->wmm_ie, elems->wmm_param - 2,
2754 elems.wmm_param_len + 2); 2767 elems->wmm_param_len + 2);
2755 bss->wmm_ie_len = elems.wmm_param_len + 2; 2768 bss->wmm_ie_len = elems->wmm_param_len + 2;
2756 } else 2769 } else
2757 bss->wmm_ie_len = 0; 2770 bss->wmm_ie_len = 0;
2758 } else if (elems.wmm_info && 2771 } else if (elems->wmm_info &&
2759 (!bss->wmm_ie || bss->wmm_ie_len != elems.wmm_info_len || 2772 (!bss->wmm_ie || bss->wmm_ie_len != elems->wmm_info_len ||
2760 memcmp(bss->wmm_ie, elems.wmm_info, elems.wmm_info_len))) { 2773 memcmp(bss->wmm_ie, elems->wmm_info,
2774 elems->wmm_info_len))) {
2761 /* As for certain AP's Fifth bit is not set in WMM IE in 2775 /* As for certain AP's Fifth bit is not set in WMM IE in
2762 * beacon frames.So while parsing the beacon frame the 2776 * beacon frames.So while parsing the beacon frame the
2763 * wmm_info structure is used instead of wmm_param. 2777 * wmm_info structure is used instead of wmm_param.
@@ -2767,14 +2781,14 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2767 * n-band association. 2781 * n-band association.
2768 */ 2782 */
2769 kfree(bss->wmm_ie); 2783 kfree(bss->wmm_ie);
2770 bss->wmm_ie = kmalloc(elems.wmm_info_len + 2, GFP_ATOMIC); 2784 bss->wmm_ie = kmalloc(elems->wmm_info_len + 2, GFP_ATOMIC);
2771 if (bss->wmm_ie) { 2785 if (bss->wmm_ie) {
2772 memcpy(bss->wmm_ie, elems.wmm_info - 2, 2786 memcpy(bss->wmm_ie, elems->wmm_info - 2,
2773 elems.wmm_info_len + 2); 2787 elems->wmm_info_len + 2);
2774 bss->wmm_ie_len = elems.wmm_info_len + 2; 2788 bss->wmm_ie_len = elems->wmm_info_len + 2;
2775 } else 2789 } else
2776 bss->wmm_ie_len = 0; 2790 bss->wmm_ie_len = 0;
2777 } else if (!elems.wmm_param && !elems.wmm_info && bss->wmm_ie) { 2791 } else if (!elems->wmm_param && !elems->wmm_info && bss->wmm_ie) {
2778 kfree(bss->wmm_ie); 2792 kfree(bss->wmm_ie);
2779 bss->wmm_ie = NULL; 2793 bss->wmm_ie = NULL;
2780 bss->wmm_ie_len = 0; 2794 bss->wmm_ie_len = 0;
@@ -2785,8 +2799,9 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2785 !local->sta_sw_scanning && !local->sta_hw_scanning && 2799 !local->sta_sw_scanning && !local->sta_hw_scanning &&
2786 bss->capability & WLAN_CAPABILITY_IBSS && 2800 bss->capability & WLAN_CAPABILITY_IBSS &&
2787 bss->freq == local->oper_channel->center_freq && 2801 bss->freq == local->oper_channel->center_freq &&
2788 elems.ssid_len == sdata->u.sta.ssid_len && 2802 elems->ssid_len == sdata->u.sta.ssid_len &&
2789 memcmp(elems.ssid, sdata->u.sta.ssid, sdata->u.sta.ssid_len) == 0) { 2803 memcmp(elems->ssid, sdata->u.sta.ssid,
2804 sdata->u.sta.ssid_len) == 0) {
2790 if (rx_status->flag & RX_FLAG_TSFT) { 2805 if (rx_status->flag & RX_FLAG_TSFT) {
2791 /* in order for correct IBSS merging we need mactime 2806 /* in order for correct IBSS merging we need mactime
2792 * 2807 *
@@ -2823,19 +2838,19 @@ static void ieee80211_rx_bss_info(struct net_device *dev,
2823 jiffies); 2838 jiffies);
2824#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 2839#endif /* CONFIG_MAC80211_IBSS_DEBUG */
2825 if (beacon_timestamp > rx_timestamp) { 2840 if (beacon_timestamp > rx_timestamp) {
2826#ifndef CONFIG_MAC80211_IBSS_DEBUG 2841#ifdef CONFIG_MAC80211_IBSS_DEBUG
2827 if (net_ratelimit()) 2842 printk(KERN_DEBUG "%s: beacon TSF higher than "
2843 "local TSF - IBSS merge with BSSID %s\n",
2844 dev->name, print_mac(mac, mgmt->bssid));
2828#endif 2845#endif
2829 printk(KERN_DEBUG "%s: beacon TSF higher than "
2830 "local TSF - IBSS merge with BSSID %s\n",
2831 dev->name, print_mac(mac, mgmt->bssid));
2832 ieee80211_sta_join_ibss(dev, &sdata->u.sta, bss); 2846 ieee80211_sta_join_ibss(dev, &sdata->u.sta, bss);
2833 ieee80211_ibss_add_sta(dev, NULL, 2847 ieee80211_ibss_add_sta(dev, NULL,
2834 mgmt->bssid, mgmt->sa); 2848 mgmt->bssid, mgmt->sa,
2849 BIT(rx_status->rate_idx));
2835 } 2850 }
2836 } 2851 }
2837 2852
2838 ieee80211_rx_bss_put(dev, bss); 2853 ieee80211_rx_bss_put(local, bss);
2839} 2854}
2840 2855
2841 2856
@@ -2844,7 +2859,17 @@ static void ieee80211_rx_mgmt_probe_resp(struct net_device *dev,
2844 size_t len, 2859 size_t len,
2845 struct ieee80211_rx_status *rx_status) 2860 struct ieee80211_rx_status *rx_status)
2846{ 2861{
2847 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 0); 2862 size_t baselen;
2863 struct ieee802_11_elems elems;
2864
2865 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2866 if (baselen > len)
2867 return;
2868
2869 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2870 &elems);
2871
2872 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, &elems, 0);
2848} 2873}
2849 2874
2850 2875
@@ -2861,7 +2886,14 @@ static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2861 struct ieee80211_conf *conf = &local->hw.conf; 2886 struct ieee80211_conf *conf = &local->hw.conf;
2862 u32 changed = 0; 2887 u32 changed = 0;
2863 2888
2864 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, 1); 2889 /* Process beacon from the current BSS */
2890 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2891 if (baselen > len)
2892 return;
2893
2894 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2895
2896 ieee80211_rx_bss_info(dev, mgmt, len, rx_status, &elems, 1);
2865 2897
2866 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 2898 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2867 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 2899 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
@@ -2872,17 +2904,8 @@ static void ieee80211_rx_mgmt_beacon(struct net_device *dev,
2872 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0) 2904 memcmp(ifsta->bssid, mgmt->bssid, ETH_ALEN) != 0)
2873 return; 2905 return;
2874 2906
2875 /* Process beacon from the current BSS */ 2907 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2876 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2908 elems.wmm_param_len);
2877 if (baselen > len)
2878 return;
2879
2880 ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, &elems);
2881
2882 if (elems.wmm_param && (ifsta->flags & IEEE80211_STA_WMM_ENABLED)) {
2883 ieee80211_sta_wmm_params(dev, ifsta, elems.wmm_param,
2884 elems.wmm_param_len);
2885 }
2886 2909
2887 /* Do not send changes to driver if we are scanning. This removes 2910 /* Do not send changes to driver if we are scanning. This removes
2888 * requirement that driver's bss_info_changed function needs to be 2911 * requirement that driver's bss_info_changed function needs to be
@@ -2959,11 +2982,11 @@ static void ieee80211_rx_mgmt_probe_req(struct net_device *dev,
2959 pos = mgmt->u.probe_req.variable; 2982 pos = mgmt->u.probe_req.variable;
2960 if (pos[0] != WLAN_EID_SSID || 2983 if (pos[0] != WLAN_EID_SSID ||
2961 pos + 2 + pos[1] > end) { 2984 pos + 2 + pos[1] > end) {
2962 if (net_ratelimit()) { 2985#ifdef CONFIG_MAC80211_IBSS_DEBUG
2963 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq " 2986 printk(KERN_DEBUG "%s: Invalid SSID IE in ProbeReq "
2964 "from %s\n", 2987 "from %s\n",
2965 dev->name, print_mac(mac, mgmt->sa)); 2988 dev->name, print_mac(mac, mgmt->sa));
2966 } 2989#endif
2967 return; 2990 return;
2968 } 2991 }
2969 if (pos[1] != 0 && 2992 if (pos[1] != 0 &&
@@ -2994,11 +3017,24 @@ static void ieee80211_rx_mgmt_action(struct net_device *dev,
2994 struct ieee80211_rx_status *rx_status) 3017 struct ieee80211_rx_status *rx_status)
2995{ 3018{
2996 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3019 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3020 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2997 3021
2998 if (len < IEEE80211_MIN_ACTION_SIZE) 3022 if (len < IEEE80211_MIN_ACTION_SIZE)
2999 return; 3023 return;
3000 3024
3001 switch (mgmt->u.action.category) { 3025 switch (mgmt->u.action.category) {
3026 case WLAN_CATEGORY_SPECTRUM_MGMT:
3027 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
3028 break;
3029 switch (mgmt->u.action.u.chan_switch.action_code) {
3030 case WLAN_ACTION_SPCT_MSR_REQ:
3031 if (len < (IEEE80211_MIN_ACTION_SIZE +
3032 sizeof(mgmt->u.action.u.measurement)))
3033 break;
3034 ieee80211_sta_process_measurement_req(dev, mgmt, len);
3035 break;
3036 }
3037 break;
3002 case WLAN_CATEGORY_BACK: 3038 case WLAN_CATEGORY_BACK:
3003 switch (mgmt->u.action.u.addba_req.action_code) { 3039 switch (mgmt->u.action.u.addba_req.action_code) {
3004 case WLAN_ACTION_ADDBA_REQ: 3040 case WLAN_ACTION_ADDBA_REQ:
@@ -3019,11 +3055,6 @@ static void ieee80211_rx_mgmt_action(struct net_device *dev,
3019 break; 3055 break;
3020 ieee80211_sta_process_delba(dev, mgmt, len); 3056 ieee80211_sta_process_delba(dev, mgmt, len);
3021 break; 3057 break;
3022 default:
3023 if (net_ratelimit())
3024 printk(KERN_DEBUG "%s: Rx unknown A-MPDU action\n",
3025 dev->name);
3026 break;
3027 } 3058 }
3028 break; 3059 break;
3029 case PLINK_CATEGORY: 3060 case PLINK_CATEGORY:
@@ -3034,11 +3065,6 @@ static void ieee80211_rx_mgmt_action(struct net_device *dev,
3034 if (ieee80211_vif_is_mesh(&sdata->vif)) 3065 if (ieee80211_vif_is_mesh(&sdata->vif))
3035 mesh_rx_path_sel_frame(dev, mgmt, len); 3066 mesh_rx_path_sel_frame(dev, mgmt, len);
3036 break; 3067 break;
3037 default:
3038 if (net_ratelimit())
3039 printk(KERN_DEBUG "%s: Rx unknown action frame - "
3040 "category=%d\n", dev->name, mgmt->u.action.category);
3041 break;
3042 } 3068 }
3043} 3069}
3044 3070
@@ -3074,11 +3100,6 @@ void ieee80211_sta_rx_mgmt(struct net_device *dev, struct sk_buff *skb,
3074 skb_queue_tail(&ifsta->skb_queue, skb); 3100 skb_queue_tail(&ifsta->skb_queue, skb);
3075 queue_work(local->hw.workqueue, &ifsta->work); 3101 queue_work(local->hw.workqueue, &ifsta->work);
3076 return; 3102 return;
3077 default:
3078 printk(KERN_DEBUG "%s: received unknown management frame - "
3079 "stype=%d\n", dev->name,
3080 (fc & IEEE80211_FCTL_STYPE) >> 4);
3081 break;
3082 } 3103 }
3083 3104
3084 fail: 3105 fail:
@@ -3142,33 +3163,32 @@ ieee80211_sta_rx_scan(struct net_device *dev, struct sk_buff *skb,
3142 struct ieee80211_rx_status *rx_status) 3163 struct ieee80211_rx_status *rx_status)
3143{ 3164{
3144 struct ieee80211_mgmt *mgmt; 3165 struct ieee80211_mgmt *mgmt;
3145 u16 fc; 3166 __le16 fc;
3146 3167
3147 if (skb->len < 2) 3168 if (skb->len < 2)
3148 return RX_DROP_UNUSABLE; 3169 return RX_DROP_UNUSABLE;
3149 3170
3150 mgmt = (struct ieee80211_mgmt *) skb->data; 3171 mgmt = (struct ieee80211_mgmt *) skb->data;
3151 fc = le16_to_cpu(mgmt->frame_control); 3172 fc = mgmt->frame_control;
3152 3173
3153 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL) 3174 if (ieee80211_is_ctl(fc))
3154 return RX_CONTINUE; 3175 return RX_CONTINUE;
3155 3176
3156 if (skb->len < 24) 3177 if (skb->len < 24)
3157 return RX_DROP_MONITOR; 3178 return RX_DROP_MONITOR;
3158 3179
3159 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) { 3180 if (ieee80211_is_probe_resp(fc)) {
3160 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP) { 3181 ieee80211_rx_mgmt_probe_resp(dev, mgmt, skb->len, rx_status);
3161 ieee80211_rx_mgmt_probe_resp(dev, mgmt, 3182 dev_kfree_skb(skb);
3162 skb->len, rx_status); 3183 return RX_QUEUED;
3163 dev_kfree_skb(skb); 3184 }
3164 return RX_QUEUED; 3185
3165 } else if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) { 3186 if (ieee80211_is_beacon(fc)) {
3166 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, 3187 ieee80211_rx_mgmt_beacon(dev, mgmt, skb->len, rx_status);
3167 rx_status); 3188 dev_kfree_skb(skb);
3168 dev_kfree_skb(skb); 3189 return RX_QUEUED;
3169 return RX_QUEUED;
3170 }
3171 } 3190 }
3191
3172 return RX_CONTINUE; 3192 return RX_CONTINUE;
3173} 3193}
3174 3194
@@ -3208,8 +3228,10 @@ static void ieee80211_sta_expire(struct net_device *dev, unsigned long exp_time)
3208 spin_lock_irqsave(&local->sta_lock, flags); 3228 spin_lock_irqsave(&local->sta_lock, flags);
3209 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 3229 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
3210 if (time_after(jiffies, sta->last_rx + exp_time)) { 3230 if (time_after(jiffies, sta->last_rx + exp_time)) {
3231#ifdef CONFIG_MAC80211_IBSS_DEBUG
3211 printk(KERN_DEBUG "%s: expiring inactive STA %s\n", 3232 printk(KERN_DEBUG "%s: expiring inactive STA %s\n",
3212 dev->name, print_mac(mac, sta->addr)); 3233 dev->name, print_mac(mac, sta->addr));
3234#endif
3213 __sta_info_unlink(&sta); 3235 __sta_info_unlink(&sta);
3214 if (sta) 3236 if (sta)
3215 list_add(&sta->list, &tmp_list); 3237 list_add(&sta->list, &tmp_list);
@@ -3248,7 +3270,7 @@ static void ieee80211_mesh_housekeeping(struct net_device *dev,
3248 3270
3249 free_plinks = mesh_plink_availables(sdata); 3271 free_plinks = mesh_plink_availables(sdata);
3250 if (free_plinks != sdata->u.sta.accepting_plinks) 3272 if (free_plinks != sdata->u.sta.accepting_plinks)
3251 ieee80211_if_config_beacon(dev); 3273 ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3252 3274
3253 mod_timer(&ifsta->timer, jiffies + 3275 mod_timer(&ifsta->timer, jiffies +
3254 IEEE80211_MESH_HOUSEKEEPING_INTERVAL); 3276 IEEE80211_MESH_HOUSEKEEPING_INTERVAL);
@@ -3262,6 +3284,7 @@ void ieee80211_start_mesh(struct net_device *dev)
3262 ifsta = &sdata->u.sta; 3284 ifsta = &sdata->u.sta;
3263 ifsta->state = IEEE80211_MESH_UP; 3285 ifsta->state = IEEE80211_MESH_UP;
3264 ieee80211_sta_timer((unsigned long)sdata); 3286 ieee80211_sta_timer((unsigned long)sdata);
3287 ieee80211_if_config(sdata, IEEE80211_IFCC_BEACON);
3265} 3288}
3266#endif 3289#endif
3267 3290
@@ -3292,13 +3315,10 @@ void ieee80211_sta_work(struct work_struct *work)
3292 if (local->sta_sw_scanning || local->sta_hw_scanning) 3315 if (local->sta_sw_scanning || local->sta_hw_scanning)
3293 return; 3316 return;
3294 3317
3295 if (sdata->vif.type != IEEE80211_IF_TYPE_STA && 3318 if (WARN_ON(sdata->vif.type != IEEE80211_IF_TYPE_STA &&
3296 sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 3319 sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
3297 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT) { 3320 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT))
3298 printk(KERN_DEBUG "%s: ieee80211_sta_work: non-STA interface "
3299 "(type=%d)\n", dev->name, sdata->vif.type);
3300 return; 3321 return;
3301 }
3302 ifsta = &sdata->u.sta; 3322 ifsta = &sdata->u.sta;
3303 3323
3304 while ((skb = skb_dequeue(&ifsta->skb_queue))) 3324 while ((skb = skb_dequeue(&ifsta->skb_queue)))
@@ -3352,8 +3372,7 @@ void ieee80211_sta_work(struct work_struct *work)
3352 break; 3372 break;
3353#endif 3373#endif
3354 default: 3374 default:
3355 printk(KERN_DEBUG "ieee80211_sta_work: Unknown state %d\n", 3375 WARN_ON(1);
3356 ifsta->state);
3357 break; 3376 break;
3358 } 3377 }
3359 3378
@@ -3388,8 +3407,6 @@ static void ieee80211_sta_reset_auth(struct net_device *dev,
3388 ifsta->auth_alg = WLAN_AUTH_LEAP; 3407 ifsta->auth_alg = WLAN_AUTH_LEAP;
3389 else 3408 else
3390 ifsta->auth_alg = WLAN_AUTH_OPEN; 3409 ifsta->auth_alg = WLAN_AUTH_OPEN;
3391 printk(KERN_DEBUG "%s: Initial auth_alg=%d\n", dev->name,
3392 ifsta->auth_alg);
3393 ifsta->auth_transaction = -1; 3410 ifsta->auth_transaction = -1;
3394 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED; 3411 ifsta->flags &= ~IEEE80211_STA_ASSOCIATED;
3395 ifsta->auth_tries = ifsta->assoc_tries = 0; 3412 ifsta->auth_tries = ifsta->assoc_tries = 0;
@@ -3478,9 +3495,9 @@ static int ieee80211_sta_config_auth(struct net_device *dev,
3478 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len)) 3495 !ieee80211_sta_match_ssid(ifsta, bss->ssid, bss->ssid_len))
3479 continue; 3496 continue;
3480 3497
3481 if (!selected || top_rssi < bss->rssi) { 3498 if (!selected || top_rssi < bss->signal) {
3482 selected = bss; 3499 selected = bss;
3483 top_rssi = bss->rssi; 3500 top_rssi = bss->signal;
3484 } 3501 }
3485 } 3502 }
3486 if (selected) 3503 if (selected)
@@ -3488,13 +3505,13 @@ static int ieee80211_sta_config_auth(struct net_device *dev,
3488 spin_unlock_bh(&local->sta_bss_lock); 3505 spin_unlock_bh(&local->sta_bss_lock);
3489 3506
3490 if (selected) { 3507 if (selected) {
3491 ieee80211_set_freq(local, selected->freq); 3508 ieee80211_set_freq(dev, selected->freq);
3492 if (!(ifsta->flags & IEEE80211_STA_SSID_SET)) 3509 if (!(ifsta->flags & IEEE80211_STA_SSID_SET))
3493 ieee80211_sta_set_ssid(dev, selected->ssid, 3510 ieee80211_sta_set_ssid(dev, selected->ssid,
3494 selected->ssid_len); 3511 selected->ssid_len);
3495 ieee80211_sta_set_bssid(dev, selected->bssid); 3512 ieee80211_sta_set_bssid(dev, selected->bssid);
3496 ieee80211_sta_def_wmm_params(dev, selected, 0); 3513 ieee80211_sta_def_wmm_params(dev, selected, 0);
3497 ieee80211_rx_bss_put(dev, selected); 3514 ieee80211_rx_bss_put(local, selected);
3498 ifsta->state = IEEE80211_AUTHENTICATE; 3515 ifsta->state = IEEE80211_AUTHENTICATE;
3499 ieee80211_sta_reset_auth(dev, ifsta); 3516 ieee80211_sta_reset_auth(dev, ifsta);
3500 return 0; 3517 return 0;
@@ -3523,6 +3540,7 @@ static int ieee80211_sta_create_ibss(struct net_device *dev,
3523 struct ieee80211_supported_band *sband; 3540 struct ieee80211_supported_band *sband;
3524 u8 bssid[ETH_ALEN], *pos; 3541 u8 bssid[ETH_ALEN], *pos;
3525 int i; 3542 int i;
3543 int ret;
3526 DECLARE_MAC_BUF(mac); 3544 DECLARE_MAC_BUF(mac);
3527 3545
3528#if 0 3546#if 0
@@ -3552,14 +3570,16 @@ static int ieee80211_sta_create_ibss(struct net_device *dev,
3552 sband = local->hw.wiphy->bands[bss->band]; 3570 sband = local->hw.wiphy->bands[bss->band];
3553 3571
3554 if (local->hw.conf.beacon_int == 0) 3572 if (local->hw.conf.beacon_int == 0)
3555 local->hw.conf.beacon_int = 10000; 3573 local->hw.conf.beacon_int = 100;
3556 bss->beacon_int = local->hw.conf.beacon_int; 3574 bss->beacon_int = local->hw.conf.beacon_int;
3557 bss->last_update = jiffies; 3575 bss->last_update = jiffies;
3558 bss->capability = WLAN_CAPABILITY_IBSS; 3576 bss->capability = WLAN_CAPABILITY_IBSS;
3559 if (sdata->default_key) { 3577
3578 if (sdata->default_key)
3560 bss->capability |= WLAN_CAPABILITY_PRIVACY; 3579 bss->capability |= WLAN_CAPABILITY_PRIVACY;
3561 } else 3580 else
3562 sdata->drop_unencrypted = 0; 3581 sdata->drop_unencrypted = 0;
3582
3563 bss->supp_rates_len = sband->n_bitrates; 3583 bss->supp_rates_len = sband->n_bitrates;
3564 pos = bss->supp_rates; 3584 pos = bss->supp_rates;
3565 for (i = 0; i < sband->n_bitrates; i++) { 3585 for (i = 0; i < sband->n_bitrates; i++) {
@@ -3567,7 +3587,9 @@ static int ieee80211_sta_create_ibss(struct net_device *dev,
3567 *pos++ = (u8) (rate / 5); 3587 *pos++ = (u8) (rate / 5);
3568 } 3588 }
3569 3589
3570 return ieee80211_sta_join_ibss(dev, ifsta, bss); 3590 ret = ieee80211_sta_join_ibss(dev, ifsta, bss);
3591 ieee80211_rx_bss_put(local, bss);
3592 return ret;
3571} 3593}
3572 3594
3573 3595
@@ -3608,18 +3630,35 @@ static int ieee80211_sta_find_ibss(struct net_device *dev,
3608 spin_unlock_bh(&local->sta_bss_lock); 3630 spin_unlock_bh(&local->sta_bss_lock);
3609 3631
3610#ifdef CONFIG_MAC80211_IBSS_DEBUG 3632#ifdef CONFIG_MAC80211_IBSS_DEBUG
3611 printk(KERN_DEBUG " sta_find_ibss: selected %s current " 3633 if (found)
3612 "%s\n", print_mac(mac, bssid), print_mac(mac2, ifsta->bssid)); 3634 printk(KERN_DEBUG " sta_find_ibss: selected %s current "
3635 "%s\n", print_mac(mac, bssid),
3636 print_mac(mac2, ifsta->bssid));
3613#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3637#endif /* CONFIG_MAC80211_IBSS_DEBUG */
3614 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 && 3638
3615 (bss = ieee80211_rx_bss_get(dev, bssid, 3639 if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3616 local->hw.conf.channel->center_freq, 3640 int ret;
3617 ifsta->ssid, ifsta->ssid_len))) { 3641 int search_freq;
3642
3643 if (ifsta->flags & IEEE80211_STA_AUTO_CHANNEL_SEL)
3644 search_freq = bss->freq;
3645 else
3646 search_freq = local->hw.conf.channel->center_freq;
3647
3648 bss = ieee80211_rx_bss_get(dev, bssid, search_freq,
3649 ifsta->ssid, ifsta->ssid_len);
3650 if (!bss)
3651 goto dont_join;
3652
3618 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s" 3653 printk(KERN_DEBUG "%s: Selected IBSS BSSID %s"
3619 " based on configured SSID\n", 3654 " based on configured SSID\n",
3620 dev->name, print_mac(mac, bssid)); 3655 dev->name, print_mac(mac, bssid));
3621 return ieee80211_sta_join_ibss(dev, ifsta, bss); 3656 ret = ieee80211_sta_join_ibss(dev, ifsta, bss);
3657 ieee80211_rx_bss_put(local, bss);
3658 return ret;
3622 } 3659 }
3660
3661dont_join:
3623#ifdef CONFIG_MAC80211_IBSS_DEBUG 3662#ifdef CONFIG_MAC80211_IBSS_DEBUG
3624 printk(KERN_DEBUG " did not try to join ibss\n"); 3663 printk(KERN_DEBUG " did not try to join ibss\n");
3625#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 3664#endif /* CONFIG_MAC80211_IBSS_DEBUG */
@@ -3668,28 +3707,45 @@ int ieee80211_sta_set_ssid(struct net_device *dev, char *ssid, size_t len)
3668{ 3707{
3669 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 3708 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3670 struct ieee80211_if_sta *ifsta; 3709 struct ieee80211_if_sta *ifsta;
3710 int res;
3671 3711
3672 if (len > IEEE80211_MAX_SSID_LEN) 3712 if (len > IEEE80211_MAX_SSID_LEN)
3673 return -EINVAL; 3713 return -EINVAL;
3674 3714
3675 ifsta = &sdata->u.sta; 3715 ifsta = &sdata->u.sta;
3676 3716
3677 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0) 3717 if (ifsta->ssid_len != len || memcmp(ifsta->ssid, ssid, len) != 0) {
3718 memset(ifsta->ssid, 0, sizeof(ifsta->ssid));
3719 memcpy(ifsta->ssid, ssid, len);
3720 ifsta->ssid_len = len;
3678 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET; 3721 ifsta->flags &= ~IEEE80211_STA_PREV_BSSID_SET;
3679 memcpy(ifsta->ssid, ssid, len); 3722
3680 memset(ifsta->ssid + len, 0, IEEE80211_MAX_SSID_LEN - len); 3723 res = 0;
3681 ifsta->ssid_len = len; 3724 /*
3725 * Hack! MLME code needs to be cleaned up to have different
3726 * entry points for configuration and internal selection change
3727 */
3728 if (netif_running(sdata->dev))
3729 res = ieee80211_if_config(sdata, IEEE80211_IFCC_SSID);
3730 if (res) {
3731 printk(KERN_DEBUG "%s: Failed to config new SSID to "
3732 "the low-level driver\n", dev->name);
3733 return res;
3734 }
3735 }
3682 3736
3683 if (len) 3737 if (len)
3684 ifsta->flags |= IEEE80211_STA_SSID_SET; 3738 ifsta->flags |= IEEE80211_STA_SSID_SET;
3685 else 3739 else
3686 ifsta->flags &= ~IEEE80211_STA_SSID_SET; 3740 ifsta->flags &= ~IEEE80211_STA_SSID_SET;
3741
3687 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS && 3742 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
3688 !(ifsta->flags & IEEE80211_STA_BSSID_SET)) { 3743 !(ifsta->flags & IEEE80211_STA_BSSID_SET)) {
3689 ifsta->ibss_join_req = jiffies; 3744 ifsta->ibss_join_req = jiffies;
3690 ifsta->state = IEEE80211_IBSS_SEARCH; 3745 ifsta->state = IEEE80211_IBSS_SEARCH;
3691 return ieee80211_sta_find_ibss(dev, ifsta); 3746 return ieee80211_sta_find_ibss(dev, ifsta);
3692 } 3747 }
3748
3693 return 0; 3749 return 0;
3694} 3750}
3695 3751
@@ -3715,7 +3771,12 @@ int ieee80211_sta_set_bssid(struct net_device *dev, u8 *bssid)
3715 3771
3716 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) { 3772 if (memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0) {
3717 memcpy(ifsta->bssid, bssid, ETH_ALEN); 3773 memcpy(ifsta->bssid, bssid, ETH_ALEN);
3718 res = ieee80211_if_config(dev); 3774 res = 0;
3775 /*
3776 * Hack! See also ieee80211_sta_set_ssid.
3777 */
3778 if (netif_running(sdata->dev))
3779 res = ieee80211_if_config(sdata, IEEE80211_IFCC_BSSID);
3719 if (res) { 3780 if (res) {
3720 printk(KERN_DEBUG "%s: Failed to config new BSSID to " 3781 printk(KERN_DEBUG "%s: Failed to config new BSSID to "
3721 "the low-level driver\n", dev->name); 3782 "the low-level driver\n", dev->name);
@@ -3738,7 +3799,7 @@ static void ieee80211_send_nullfunc(struct ieee80211_local *local,
3738{ 3799{
3739 struct sk_buff *skb; 3800 struct sk_buff *skb;
3740 struct ieee80211_hdr *nullfunc; 3801 struct ieee80211_hdr *nullfunc;
3741 u16 fc; 3802 __le16 fc;
3742 3803
3743 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24); 3804 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24);
3744 if (!skb) { 3805 if (!skb) {
@@ -3750,11 +3811,11 @@ static void ieee80211_send_nullfunc(struct ieee80211_local *local,
3750 3811
3751 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24); 3812 nullfunc = (struct ieee80211_hdr *) skb_put(skb, 24);
3752 memset(nullfunc, 0, 24); 3813 memset(nullfunc, 0, 24);
3753 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC | 3814 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
3754 IEEE80211_FCTL_TODS; 3815 IEEE80211_FCTL_TODS);
3755 if (powersave) 3816 if (powersave)
3756 fc |= IEEE80211_FCTL_PM; 3817 fc |= cpu_to_le16(IEEE80211_FCTL_PM);
3757 nullfunc->frame_control = cpu_to_le16(fc); 3818 nullfunc->frame_control = fc;
3758 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN); 3819 memcpy(nullfunc->addr1, sdata->u.sta.bssid, ETH_ALEN);
3759 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN); 3820 memcpy(nullfunc->addr2, sdata->dev->dev_addr, ETH_ALEN);
3760 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN); 3821 memcpy(nullfunc->addr3, sdata->u.sta.bssid, ETH_ALEN);
@@ -3802,6 +3863,7 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw)
3802 3863
3803 3864
3804 netif_tx_lock_bh(local->mdev); 3865 netif_tx_lock_bh(local->mdev);
3866 netif_addr_lock(local->mdev);
3805 local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC; 3867 local->filter_flags &= ~FIF_BCN_PRBRESP_PROMISC;
3806 local->ops->configure_filter(local_to_hw(local), 3868 local->ops->configure_filter(local_to_hw(local),
3807 FIF_BCN_PRBRESP_PROMISC, 3869 FIF_BCN_PRBRESP_PROMISC,
@@ -3809,15 +3871,11 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw)
3809 local->mdev->mc_count, 3871 local->mdev->mc_count,
3810 local->mdev->mc_list); 3872 local->mdev->mc_list);
3811 3873
3874 netif_addr_unlock(local->mdev);
3812 netif_tx_unlock_bh(local->mdev); 3875 netif_tx_unlock_bh(local->mdev);
3813 3876
3814 rcu_read_lock(); 3877 rcu_read_lock();
3815 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 3878 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3816
3817 /* No need to wake the master device. */
3818 if (sdata->dev == local->mdev)
3819 continue;
3820
3821 /* Tell AP we're back */ 3879 /* Tell AP we're back */
3822 if (sdata->vif.type == IEEE80211_IF_TYPE_STA && 3880 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
3823 sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED) 3881 sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)
@@ -3834,7 +3892,7 @@ done:
3834 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 3892 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
3835 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 3893 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
3836 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) || 3894 if (!(ifsta->flags & IEEE80211_STA_BSSID_SET) ||
3837 (!ifsta->state == IEEE80211_IBSS_JOINED && 3895 (!(ifsta->state == IEEE80211_IBSS_JOINED) &&
3838 !ieee80211_sta_active_ibss(dev))) 3896 !ieee80211_sta_active_ibss(dev)))
3839 ieee80211_sta_find_ibss(dev, ifsta); 3897 ieee80211_sta_find_ibss(dev, ifsta);
3840 } 3898 }
@@ -3983,12 +4041,6 @@ static int ieee80211_sta_start_scan(struct net_device *dev,
3983 4041
3984 rcu_read_lock(); 4042 rcu_read_lock();
3985 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4043 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3986
3987 /* Don't stop the master interface, otherwise we can't transmit
3988 * probes! */
3989 if (sdata->dev == local->mdev)
3990 continue;
3991
3992 netif_stop_queue(sdata->dev); 4044 netif_stop_queue(sdata->dev);
3993 if (sdata->vif.type == IEEE80211_IF_TYPE_STA && 4045 if (sdata->vif.type == IEEE80211_IF_TYPE_STA &&
3994 (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED)) 4046 (sdata->u.sta.flags & IEEE80211_STA_ASSOCIATED))
@@ -4006,14 +4058,14 @@ static int ieee80211_sta_start_scan(struct net_device *dev,
4006 local->scan_band = IEEE80211_BAND_2GHZ; 4058 local->scan_band = IEEE80211_BAND_2GHZ;
4007 local->scan_dev = dev; 4059 local->scan_dev = dev;
4008 4060
4009 netif_tx_lock_bh(local->mdev); 4061 netif_addr_lock_bh(local->mdev);
4010 local->filter_flags |= FIF_BCN_PRBRESP_PROMISC; 4062 local->filter_flags |= FIF_BCN_PRBRESP_PROMISC;
4011 local->ops->configure_filter(local_to_hw(local), 4063 local->ops->configure_filter(local_to_hw(local),
4012 FIF_BCN_PRBRESP_PROMISC, 4064 FIF_BCN_PRBRESP_PROMISC,
4013 &local->filter_flags, 4065 &local->filter_flags,
4014 local->mdev->mc_count, 4066 local->mdev->mc_count,
4015 local->mdev->mc_list); 4067 local->mdev->mc_list);
4016 netif_tx_unlock_bh(local->mdev); 4068 netif_addr_unlock_bh(local->mdev);
4017 4069
4018 /* TODO: start scan as soon as all nullfunc frames are ACKed */ 4070 /* TODO: start scan as soon as all nullfunc frames are ACKed */
4019 queue_delayed_work(local->hw.workqueue, &local->scan_work, 4071 queue_delayed_work(local->hw.workqueue, &local->scan_work,
@@ -4048,6 +4100,7 @@ int ieee80211_sta_req_scan(struct net_device *dev, u8 *ssid, size_t ssid_len)
4048 4100
4049static char * 4101static char *
4050ieee80211_sta_scan_result(struct net_device *dev, 4102ieee80211_sta_scan_result(struct net_device *dev,
4103 struct iw_request_info *info,
4051 struct ieee80211_sta_bss *bss, 4104 struct ieee80211_sta_bss *bss,
4052 char *current_ev, char *end_buf) 4105 char *current_ev, char *end_buf)
4053{ 4106{
@@ -4062,7 +4115,7 @@ ieee80211_sta_scan_result(struct net_device *dev,
4062 iwe.cmd = SIOCGIWAP; 4115 iwe.cmd = SIOCGIWAP;
4063 iwe.u.ap_addr.sa_family = ARPHRD_ETHER; 4116 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
4064 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN); 4117 memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
4065 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4118 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4066 IW_EV_ADDR_LEN); 4119 IW_EV_ADDR_LEN);
4067 4120
4068 memset(&iwe, 0, sizeof(iwe)); 4121 memset(&iwe, 0, sizeof(iwe));
@@ -4070,13 +4123,13 @@ ieee80211_sta_scan_result(struct net_device *dev,
4070 if (bss_mesh_cfg(bss)) { 4123 if (bss_mesh_cfg(bss)) {
4071 iwe.u.data.length = bss_mesh_id_len(bss); 4124 iwe.u.data.length = bss_mesh_id_len(bss);
4072 iwe.u.data.flags = 1; 4125 iwe.u.data.flags = 1;
4073 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4126 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
4074 bss_mesh_id(bss)); 4127 &iwe, bss_mesh_id(bss));
4075 } else { 4128 } else {
4076 iwe.u.data.length = bss->ssid_len; 4129 iwe.u.data.length = bss->ssid_len;
4077 iwe.u.data.flags = 1; 4130 iwe.u.data.flags = 1;
4078 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4131 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
4079 bss->ssid); 4132 &iwe, bss->ssid);
4080 } 4133 }
4081 4134
4082 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) 4135 if (bss->capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)
@@ -4089,31 +4142,30 @@ ieee80211_sta_scan_result(struct net_device *dev,
4089 iwe.u.mode = IW_MODE_MASTER; 4142 iwe.u.mode = IW_MODE_MASTER;
4090 else 4143 else
4091 iwe.u.mode = IW_MODE_ADHOC; 4144 iwe.u.mode = IW_MODE_ADHOC;
4092 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4145 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
4093 IW_EV_UINT_LEN); 4146 &iwe, IW_EV_UINT_LEN);
4094 } 4147 }
4095 4148
4096 memset(&iwe, 0, sizeof(iwe)); 4149 memset(&iwe, 0, sizeof(iwe));
4097 iwe.cmd = SIOCGIWFREQ; 4150 iwe.cmd = SIOCGIWFREQ;
4098 iwe.u.freq.m = bss->freq; 4151 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq);
4099 iwe.u.freq.e = 6; 4152 iwe.u.freq.e = 0;
4100 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4153 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4101 IW_EV_FREQ_LEN); 4154 IW_EV_FREQ_LEN);
4102 4155
4103 memset(&iwe, 0, sizeof(iwe)); 4156 memset(&iwe, 0, sizeof(iwe));
4104 iwe.cmd = SIOCGIWFREQ; 4157 iwe.cmd = SIOCGIWFREQ;
4105 iwe.u.freq.m = ieee80211_frequency_to_channel(bss->freq); 4158 iwe.u.freq.m = bss->freq;
4106 iwe.u.freq.e = 0; 4159 iwe.u.freq.e = 6;
4107 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4160 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4108 IW_EV_FREQ_LEN); 4161 IW_EV_FREQ_LEN);
4109
4110 memset(&iwe, 0, sizeof(iwe)); 4162 memset(&iwe, 0, sizeof(iwe));
4111 iwe.cmd = IWEVQUAL; 4163 iwe.cmd = IWEVQUAL;
4112 iwe.u.qual.qual = bss->signal; 4164 iwe.u.qual.qual = bss->qual;
4113 iwe.u.qual.level = bss->rssi; 4165 iwe.u.qual.level = bss->signal;
4114 iwe.u.qual.noise = bss->noise; 4166 iwe.u.qual.noise = bss->noise;
4115 iwe.u.qual.updated = local->wstats_flags; 4167 iwe.u.qual.updated = local->wstats_flags;
4116 current_ev = iwe_stream_add_event(current_ev, end_buf, &iwe, 4168 current_ev = iwe_stream_add_event(info, current_ev, end_buf, &iwe,
4117 IW_EV_QUAL_LEN); 4169 IW_EV_QUAL_LEN);
4118 4170
4119 memset(&iwe, 0, sizeof(iwe)); 4171 memset(&iwe, 0, sizeof(iwe));
@@ -4123,27 +4175,36 @@ ieee80211_sta_scan_result(struct net_device *dev,
4123 else 4175 else
4124 iwe.u.data.flags = IW_ENCODE_DISABLED; 4176 iwe.u.data.flags = IW_ENCODE_DISABLED;
4125 iwe.u.data.length = 0; 4177 iwe.u.data.length = 0;
4126 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, ""); 4178 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
4179 &iwe, "");
4127 4180
4128 if (bss && bss->wpa_ie) { 4181 if (bss && bss->wpa_ie) {
4129 memset(&iwe, 0, sizeof(iwe)); 4182 memset(&iwe, 0, sizeof(iwe));
4130 iwe.cmd = IWEVGENIE; 4183 iwe.cmd = IWEVGENIE;
4131 iwe.u.data.length = bss->wpa_ie_len; 4184 iwe.u.data.length = bss->wpa_ie_len;
4132 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4185 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
4133 bss->wpa_ie); 4186 &iwe, bss->wpa_ie);
4134 } 4187 }
4135 4188
4136 if (bss && bss->rsn_ie) { 4189 if (bss && bss->rsn_ie) {
4137 memset(&iwe, 0, sizeof(iwe)); 4190 memset(&iwe, 0, sizeof(iwe));
4138 iwe.cmd = IWEVGENIE; 4191 iwe.cmd = IWEVGENIE;
4139 iwe.u.data.length = bss->rsn_ie_len; 4192 iwe.u.data.length = bss->rsn_ie_len;
4140 current_ev = iwe_stream_add_point(current_ev, end_buf, &iwe, 4193 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
4141 bss->rsn_ie); 4194 &iwe, bss->rsn_ie);
4195 }
4196
4197 if (bss && bss->ht_ie) {
4198 memset(&iwe, 0, sizeof(iwe));
4199 iwe.cmd = IWEVGENIE;
4200 iwe.u.data.length = bss->ht_ie_len;
4201 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
4202 &iwe, bss->ht_ie);
4142 } 4203 }
4143 4204
4144 if (bss && bss->supp_rates_len > 0) { 4205 if (bss && bss->supp_rates_len > 0) {
4145 /* display all supported rates in readable format */ 4206 /* display all supported rates in readable format */
4146 char *p = current_ev + IW_EV_LCP_LEN; 4207 char *p = current_ev + iwe_stream_lcp_len(info);
4147 int i; 4208 int i;
4148 4209
4149 memset(&iwe, 0, sizeof(iwe)); 4210 memset(&iwe, 0, sizeof(iwe));
@@ -4154,7 +4215,7 @@ ieee80211_sta_scan_result(struct net_device *dev,
4154 for (i = 0; i < bss->supp_rates_len; i++) { 4215 for (i = 0; i < bss->supp_rates_len; i++) {
4155 iwe.u.bitrate.value = ((bss->supp_rates[i] & 4216 iwe.u.bitrate.value = ((bss->supp_rates[i] &
4156 0x7f) * 500000); 4217 0x7f) * 500000);
4157 p = iwe_stream_add_value(current_ev, p, 4218 p = iwe_stream_add_value(info, current_ev, p,
4158 end_buf, &iwe, IW_EV_PARAM_LEN); 4219 end_buf, &iwe, IW_EV_PARAM_LEN);
4159 } 4220 }
4160 current_ev = p; 4221 current_ev = p;
@@ -4168,8 +4229,16 @@ ieee80211_sta_scan_result(struct net_device *dev,
4168 iwe.cmd = IWEVCUSTOM; 4229 iwe.cmd = IWEVCUSTOM;
4169 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp)); 4230 sprintf(buf, "tsf=%016llx", (unsigned long long)(bss->timestamp));
4170 iwe.u.data.length = strlen(buf); 4231 iwe.u.data.length = strlen(buf);
4171 current_ev = iwe_stream_add_point(current_ev, end_buf, 4232 current_ev = iwe_stream_add_point(info, current_ev,
4233 end_buf,
4172 &iwe, buf); 4234 &iwe, buf);
4235 memset(&iwe, 0, sizeof(iwe));
4236 iwe.cmd = IWEVCUSTOM;
4237 sprintf(buf, " Last beacon: %dms ago",
4238 jiffies_to_msecs(jiffies - bss->last_update));
4239 iwe.u.data.length = strlen(buf);
4240 current_ev = iwe_stream_add_point(info, current_ev,
4241 end_buf, &iwe, buf);
4173 kfree(buf); 4242 kfree(buf);
4174 } 4243 }
4175 } 4244 }
@@ -4183,31 +4252,36 @@ ieee80211_sta_scan_result(struct net_device *dev,
4183 iwe.cmd = IWEVCUSTOM; 4252 iwe.cmd = IWEVCUSTOM;
4184 sprintf(buf, "Mesh network (version %d)", cfg[0]); 4253 sprintf(buf, "Mesh network (version %d)", cfg[0]);
4185 iwe.u.data.length = strlen(buf); 4254 iwe.u.data.length = strlen(buf);
4186 current_ev = iwe_stream_add_point(current_ev, end_buf, 4255 current_ev = iwe_stream_add_point(info, current_ev,
4256 end_buf,
4187 &iwe, buf); 4257 &iwe, buf);
4188 sprintf(buf, "Path Selection Protocol ID: " 4258 sprintf(buf, "Path Selection Protocol ID: "
4189 "0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3], 4259 "0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3],
4190 cfg[4]); 4260 cfg[4]);
4191 iwe.u.data.length = strlen(buf); 4261 iwe.u.data.length = strlen(buf);
4192 current_ev = iwe_stream_add_point(current_ev, end_buf, 4262 current_ev = iwe_stream_add_point(info, current_ev,
4263 end_buf,
4193 &iwe, buf); 4264 &iwe, buf);
4194 sprintf(buf, "Path Selection Metric ID: " 4265 sprintf(buf, "Path Selection Metric ID: "
4195 "0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7], 4266 "0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7],
4196 cfg[8]); 4267 cfg[8]);
4197 iwe.u.data.length = strlen(buf); 4268 iwe.u.data.length = strlen(buf);
4198 current_ev = iwe_stream_add_point(current_ev, end_buf, 4269 current_ev = iwe_stream_add_point(info, current_ev,
4270 end_buf,
4199 &iwe, buf); 4271 &iwe, buf);
4200 sprintf(buf, "Congestion Control Mode ID: " 4272 sprintf(buf, "Congestion Control Mode ID: "
4201 "0x%02X%02X%02X%02X", cfg[9], cfg[10], 4273 "0x%02X%02X%02X%02X", cfg[9], cfg[10],
4202 cfg[11], cfg[12]); 4274 cfg[11], cfg[12]);
4203 iwe.u.data.length = strlen(buf); 4275 iwe.u.data.length = strlen(buf);
4204 current_ev = iwe_stream_add_point(current_ev, end_buf, 4276 current_ev = iwe_stream_add_point(info, current_ev,
4277 end_buf,
4205 &iwe, buf); 4278 &iwe, buf);
4206 sprintf(buf, "Channel Precedence: " 4279 sprintf(buf, "Channel Precedence: "
4207 "0x%02X%02X%02X%02X", cfg[13], cfg[14], 4280 "0x%02X%02X%02X%02X", cfg[13], cfg[14],
4208 cfg[15], cfg[16]); 4281 cfg[15], cfg[16]);
4209 iwe.u.data.length = strlen(buf); 4282 iwe.u.data.length = strlen(buf);
4210 current_ev = iwe_stream_add_point(current_ev, end_buf, 4283 current_ev = iwe_stream_add_point(info, current_ev,
4284 end_buf,
4211 &iwe, buf); 4285 &iwe, buf);
4212 kfree(buf); 4286 kfree(buf);
4213 } 4287 }
@@ -4217,7 +4291,9 @@ ieee80211_sta_scan_result(struct net_device *dev,
4217} 4291}
4218 4292
4219 4293
4220int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len) 4294int ieee80211_sta_scan_results(struct net_device *dev,
4295 struct iw_request_info *info,
4296 char *buf, size_t len)
4221{ 4297{
4222 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 4298 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4223 char *current_ev = buf; 4299 char *current_ev = buf;
@@ -4230,8 +4306,8 @@ int ieee80211_sta_scan_results(struct net_device *dev, char *buf, size_t len)
4230 spin_unlock_bh(&local->sta_bss_lock); 4306 spin_unlock_bh(&local->sta_bss_lock);
4231 return -E2BIG; 4307 return -E2BIG;
4232 } 4308 }
4233 current_ev = ieee80211_sta_scan_result(dev, bss, current_ev, 4309 current_ev = ieee80211_sta_scan_result(dev, info, bss,
4234 end_buf); 4310 current_ev, end_buf);
4235 } 4311 }
4236 spin_unlock_bh(&local->sta_bss_lock); 4312 spin_unlock_bh(&local->sta_bss_lock);
4237 return current_ev - buf; 4313 return current_ev - buf;
@@ -4242,6 +4318,7 @@ int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
4242{ 4318{
4243 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4319 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4244 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 4320 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4321
4245 kfree(ifsta->extra_ie); 4322 kfree(ifsta->extra_ie);
4246 if (len == 0) { 4323 if (len == 0) {
4247 ifsta->extra_ie = NULL; 4324 ifsta->extra_ie = NULL;
@@ -4259,14 +4336,15 @@ int ieee80211_sta_set_extra_ie(struct net_device *dev, char *ie, size_t len)
4259} 4336}
4260 4337
4261 4338
4262struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev, 4339struct sta_info *ieee80211_ibss_add_sta(struct net_device *dev,
4263 struct sk_buff *skb, u8 *bssid, 4340 struct sk_buff *skb, u8 *bssid,
4264 u8 *addr) 4341 u8 *addr, u64 supp_rates)
4265{ 4342{
4266 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 4343 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
4267 struct sta_info *sta; 4344 struct sta_info *sta;
4268 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4345 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4269 DECLARE_MAC_BUF(mac); 4346 DECLARE_MAC_BUF(mac);
4347 int band = local->hw.conf.channel->band;
4270 4348
4271 /* TODO: Could consider removing the least recently used entry and 4349 /* TODO: Could consider removing the least recently used entry and
4272 * allow new one to be added. */ 4350 * allow new one to be added. */
@@ -4278,17 +4356,24 @@ struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
4278 return NULL; 4356 return NULL;
4279 } 4357 }
4280 4358
4359 if (compare_ether_addr(bssid, sdata->u.sta.bssid))
4360 return NULL;
4361
4362#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
4281 printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n", 4363 printk(KERN_DEBUG "%s: Adding new IBSS station %s (dev=%s)\n",
4282 wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name); 4364 wiphy_name(local->hw.wiphy), print_mac(mac, addr), dev->name);
4365#endif
4283 4366
4284 sta = sta_info_alloc(sdata, addr, GFP_ATOMIC); 4367 sta = sta_info_alloc(sdata, addr, GFP_ATOMIC);
4285 if (!sta) 4368 if (!sta)
4286 return NULL; 4369 return NULL;
4287 4370
4288 sta->flags |= WLAN_STA_AUTHORIZED; 4371 set_sta_flags(sta, WLAN_STA_AUTHORIZED);
4289 4372
4290 sta->supp_rates[local->hw.conf.channel->band] = 4373 if (supp_rates)
4291 sdata->u.sta.supp_rates_bits[local->hw.conf.channel->band]; 4374 sta->supp_rates[band] = supp_rates;
4375 else
4376 sta->supp_rates[band] = sdata->u.sta.supp_rates_bits[band];
4292 4377
4293 rate_control_rate_init(sta, local); 4378 rate_control_rate_init(sta, local);
4294 4379
@@ -4304,7 +4389,7 @@ int ieee80211_sta_deauthenticate(struct net_device *dev, u16 reason)
4304 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4389 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4305 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 4390 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4306 4391
4307 printk(KERN_DEBUG "%s: deauthenticate(reason=%d)\n", 4392 printk(KERN_DEBUG "%s: deauthenticating by local choice (reason=%d)\n",
4308 dev->name, reason); 4393 dev->name, reason);
4309 4394
4310 if (sdata->vif.type != IEEE80211_IF_TYPE_STA && 4395 if (sdata->vif.type != IEEE80211_IF_TYPE_STA &&
@@ -4322,7 +4407,7 @@ int ieee80211_sta_disassociate(struct net_device *dev, u16 reason)
4322 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 4407 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4323 struct ieee80211_if_sta *ifsta = &sdata->u.sta; 4408 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
4324 4409
4325 printk(KERN_DEBUG "%s: disassociate(reason=%d)\n", 4410 printk(KERN_DEBUG "%s: disassociating by local choice (reason=%d)\n",
4326 dev->name, reason); 4411 dev->name, reason);
4327 4412
4328 if (sdata->vif.type != IEEE80211_IF_TYPE_STA) 4413 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
@@ -4346,12 +4431,10 @@ void ieee80211_notify_mac(struct ieee80211_hw *hw,
4346 case IEEE80211_NOTIFY_RE_ASSOC: 4431 case IEEE80211_NOTIFY_RE_ASSOC:
4347 rcu_read_lock(); 4432 rcu_read_lock();
4348 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 4433 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
4434 if (sdata->vif.type != IEEE80211_IF_TYPE_STA)
4435 continue;
4349 4436
4350 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) { 4437 ieee80211_sta_req_auth(sdata->dev, &sdata->u.sta);
4351 ieee80211_sta_req_auth(sdata->dev,
4352 &sdata->u.sta);
4353 }
4354
4355 } 4438 }
4356 rcu_read_unlock(); 4439 rcu_read_unlock();
4357 break; 4440 break;
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 841df93807fc..0388c090dfe9 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -176,20 +176,24 @@ void rate_control_get_rate(struct net_device *dev,
176 rcu_read_lock(); 176 rcu_read_lock();
177 sta = sta_info_get(local, hdr->addr1); 177 sta = sta_info_get(local, hdr->addr1);
178 178
179 memset(sel, 0, sizeof(struct rate_selection)); 179 sel->rate_idx = -1;
180 sel->nonerp_idx = -1;
181 sel->probe_idx = -1;
180 182
181 ref->ops->get_rate(ref->priv, dev, sband, skb, sel); 183 ref->ops->get_rate(ref->priv, dev, sband, skb, sel);
182 184
185 BUG_ON(sel->rate_idx < 0);
186
183 /* Select a non-ERP backup rate. */ 187 /* Select a non-ERP backup rate. */
184 if (!sel->nonerp) { 188 if (sel->nonerp_idx < 0) {
185 for (i = 0; i < sband->n_bitrates; i++) { 189 for (i = 0; i < sband->n_bitrates; i++) {
186 struct ieee80211_rate *rate = &sband->bitrates[i]; 190 struct ieee80211_rate *rate = &sband->bitrates[i];
187 if (sel->rate->bitrate < rate->bitrate) 191 if (sband->bitrates[sel->rate_idx].bitrate < rate->bitrate)
188 break; 192 break;
189 193
190 if (rate_supported(sta, sband->band, i) && 194 if (rate_supported(sta, sband->band, i) &&
191 !(rate->flags & IEEE80211_RATE_ERP_G)) 195 !(rate->flags & IEEE80211_RATE_ERP_G))
192 sel->nonerp = rate; 196 sel->nonerp_idx = i;
193 } 197 }
194 } 198 }
195 199
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 5b45f33cb766..ede7ab56f65b 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -19,22 +19,22 @@
19#include "ieee80211_i.h" 19#include "ieee80211_i.h"
20#include "sta_info.h" 20#include "sta_info.h"
21 21
22/* TODO: kdoc */ 22/**
23 * struct rate_selection - rate selection for rate control algos
24 * @rate: selected transmission rate index
25 * @nonerp: Non-ERP rate to use instead if ERP cannot be used
26 * @probe: rate for probing (or -1)
27 *
28 */
23struct rate_selection { 29struct rate_selection {
24 /* Selected transmission rate */ 30 s8 rate_idx, nonerp_idx, probe_idx;
25 struct ieee80211_rate *rate;
26 /* Non-ERP rate to use if mac80211 decides it cannot use an ERP rate */
27 struct ieee80211_rate *nonerp;
28 /* probe with this rate, or NULL for no probing */
29 struct ieee80211_rate *probe;
30}; 31};
31 32
32struct rate_control_ops { 33struct rate_control_ops {
33 struct module *module; 34 struct module *module;
34 const char *name; 35 const char *name;
35 void (*tx_status)(void *priv, struct net_device *dev, 36 void (*tx_status)(void *priv, struct net_device *dev,
36 struct sk_buff *skb, 37 struct sk_buff *skb);
37 struct ieee80211_tx_status *status);
38 void (*get_rate)(void *priv, struct net_device *dev, 38 void (*get_rate)(void *priv, struct net_device *dev,
39 struct ieee80211_supported_band *band, 39 struct ieee80211_supported_band *band,
40 struct sk_buff *skb, 40 struct sk_buff *skb,
@@ -76,13 +76,12 @@ struct rate_control_ref *rate_control_get(struct rate_control_ref *ref);
76void rate_control_put(struct rate_control_ref *ref); 76void rate_control_put(struct rate_control_ref *ref);
77 77
78static inline void rate_control_tx_status(struct net_device *dev, 78static inline void rate_control_tx_status(struct net_device *dev,
79 struct sk_buff *skb, 79 struct sk_buff *skb)
80 struct ieee80211_tx_status *status)
81{ 80{
82 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 81 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
83 struct rate_control_ref *ref = local->rate_ctrl; 82 struct rate_control_ref *ref = local->rate_ctrl;
84 83
85 ref->ops->tx_status(ref->priv, dev, skb, status); 84 ref->ops->tx_status(ref->priv, dev, skb);
86} 85}
87 86
88 87
@@ -138,7 +137,7 @@ static inline int rate_supported(struct sta_info *sta,
138 return (sta == NULL || sta->supp_rates[band] & BIT(index)); 137 return (sta == NULL || sta->supp_rates[band] & BIT(index));
139} 138}
140 139
141static inline int 140static inline s8
142rate_lowest_index(struct ieee80211_local *local, 141rate_lowest_index(struct ieee80211_local *local,
143 struct ieee80211_supported_band *sband, 142 struct ieee80211_supported_band *sband,
144 struct sta_info *sta) 143 struct sta_info *sta)
@@ -155,14 +154,6 @@ rate_lowest_index(struct ieee80211_local *local,
155 return 0; 154 return 0;
156} 155}
157 156
158static inline struct ieee80211_rate *
159rate_lowest(struct ieee80211_local *local,
160 struct ieee80211_supported_band *sband,
161 struct sta_info *sta)
162{
163 return &sband->bitrates[rate_lowest_index(local, sband, sta)];
164}
165
166 157
167/* functions for rate control related to a device */ 158/* functions for rate control related to a device */
168int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 159int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
@@ -171,9 +162,7 @@ void rate_control_deinitialize(struct ieee80211_local *local);
171 162
172 163
173/* Rate control algorithms */ 164/* Rate control algorithms */
174#if defined(RC80211_PID_COMPILE) || \ 165#ifdef CONFIG_MAC80211_RC_PID
175 (defined(CONFIG_MAC80211_RC_PID) && \
176 !defined(CONFIG_MAC80211_RC_PID_MODULE))
177extern int rc80211_pid_init(void); 166extern int rc80211_pid_init(void);
178extern void rc80211_pid_exit(void); 167extern void rc80211_pid_exit(void);
179#else 168#else
diff --git a/net/mac80211/rc80211_pid.h b/net/mac80211/rc80211_pid.h
index 04afc13ed825..0a9135b974b5 100644
--- a/net/mac80211/rc80211_pid.h
+++ b/net/mac80211/rc80211_pid.h
@@ -61,7 +61,7 @@ enum rc_pid_event_type {
61union rc_pid_event_data { 61union rc_pid_event_data {
62 /* RC_PID_EVENT_TX_STATUS */ 62 /* RC_PID_EVENT_TX_STATUS */
63 struct { 63 struct {
64 struct ieee80211_tx_status tx_status; 64 struct ieee80211_tx_info tx_status;
65 }; 65 };
66 /* RC_PID_EVENT_TYPE_RATE_CHANGE */ 66 /* RC_PID_EVENT_TYPE_RATE_CHANGE */
67 /* RC_PID_EVENT_TYPE_TX_RATE */ 67 /* RC_PID_EVENT_TYPE_TX_RATE */
@@ -141,7 +141,6 @@ struct rc_pid_events_file_info {
141 * rate behaviour values (lower means we should trust more what we learnt 141 * rate behaviour values (lower means we should trust more what we learnt
142 * about behaviour of rates, higher means we should trust more the natural 142 * about behaviour of rates, higher means we should trust more the natural
143 * ordering of rates) 143 * ordering of rates)
144 * @fast_start: if Y, push high rates right after initialization
145 */ 144 */
146struct rc_pid_debugfs_entries { 145struct rc_pid_debugfs_entries {
147 struct dentry *dir; 146 struct dentry *dir;
@@ -154,11 +153,10 @@ struct rc_pid_debugfs_entries {
154 struct dentry *sharpen_factor; 153 struct dentry *sharpen_factor;
155 struct dentry *sharpen_duration; 154 struct dentry *sharpen_duration;
156 struct dentry *norm_offset; 155 struct dentry *norm_offset;
157 struct dentry *fast_start;
158}; 156};
159 157
160void rate_control_pid_event_tx_status(struct rc_pid_event_buffer *buf, 158void rate_control_pid_event_tx_status(struct rc_pid_event_buffer *buf,
161 struct ieee80211_tx_status *stat); 159 struct ieee80211_tx_info *stat);
162 160
163void rate_control_pid_event_rate_change(struct rc_pid_event_buffer *buf, 161void rate_control_pid_event_rate_change(struct rc_pid_event_buffer *buf,
164 int index, int rate); 162 int index, int rate);
@@ -267,9 +265,6 @@ struct rc_pid_info {
267 /* Normalization offset. */ 265 /* Normalization offset. */
268 unsigned int norm_offset; 266 unsigned int norm_offset;
269 267
270 /* Fast starst parameter. */
271 unsigned int fast_start;
272
273 /* Rates information. */ 268 /* Rates information. */
274 struct rc_pid_rateinfo *rinfo; 269 struct rc_pid_rateinfo *rinfo;
275 270
diff --git a/net/mac80211/rc80211_pid_algo.c b/net/mac80211/rc80211_pid_algo.c
index a849b745bdb5..a914ba73ccf5 100644
--- a/net/mac80211/rc80211_pid_algo.c
+++ b/net/mac80211/rc80211_pid_algo.c
@@ -237,8 +237,7 @@ static void rate_control_pid_sample(struct rc_pid_info *pinfo,
237} 237}
238 238
239static void rate_control_pid_tx_status(void *priv, struct net_device *dev, 239static void rate_control_pid_tx_status(void *priv, struct net_device *dev,
240 struct sk_buff *skb, 240 struct sk_buff *skb)
241 struct ieee80211_tx_status *status)
242{ 241{
243 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 242 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
244 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 243 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
@@ -248,6 +247,7 @@ static void rate_control_pid_tx_status(void *priv, struct net_device *dev,
248 struct rc_pid_sta_info *spinfo; 247 struct rc_pid_sta_info *spinfo;
249 unsigned long period; 248 unsigned long period;
250 struct ieee80211_supported_band *sband; 249 struct ieee80211_supported_band *sband;
250 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
251 251
252 rcu_read_lock(); 252 rcu_read_lock();
253 253
@@ -259,35 +259,35 @@ static void rate_control_pid_tx_status(void *priv, struct net_device *dev,
259 259
260 /* Don't update the state if we're not controlling the rate. */ 260 /* Don't update the state if we're not controlling the rate. */
261 sdata = sta->sdata; 261 sdata = sta->sdata;
262 if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) { 262 if (sdata->force_unicast_rateidx > -1) {
263 sta->txrate_idx = sdata->bss->max_ratectrl_rateidx; 263 sta->txrate_idx = sdata->max_ratectrl_rateidx;
264 goto unlock; 264 goto unlock;
265 } 265 }
266 266
267 /* Ignore all frames that were sent with a different rate than the rate 267 /* Ignore all frames that were sent with a different rate than the rate
268 * we currently advise mac80211 to use. */ 268 * we currently advise mac80211 to use. */
269 if (status->control.tx_rate != &sband->bitrates[sta->txrate_idx]) 269 if (info->tx_rate_idx != sta->txrate_idx)
270 goto unlock; 270 goto unlock;
271 271
272 spinfo = sta->rate_ctrl_priv; 272 spinfo = sta->rate_ctrl_priv;
273 spinfo->tx_num_xmit++; 273 spinfo->tx_num_xmit++;
274 274
275#ifdef CONFIG_MAC80211_DEBUGFS 275#ifdef CONFIG_MAC80211_DEBUGFS
276 rate_control_pid_event_tx_status(&spinfo->events, status); 276 rate_control_pid_event_tx_status(&spinfo->events, info);
277#endif 277#endif
278 278
279 /* We count frames that totally failed to be transmitted as two bad 279 /* We count frames that totally failed to be transmitted as two bad
280 * frames, those that made it out but had some retries as one good and 280 * frames, those that made it out but had some retries as one good and
281 * one bad frame. */ 281 * one bad frame. */
282 if (status->excessive_retries) { 282 if (info->status.excessive_retries) {
283 spinfo->tx_num_failed += 2; 283 spinfo->tx_num_failed += 2;
284 spinfo->tx_num_xmit++; 284 spinfo->tx_num_xmit++;
285 } else if (status->retry_count) { 285 } else if (info->status.retry_count) {
286 spinfo->tx_num_failed++; 286 spinfo->tx_num_failed++;
287 spinfo->tx_num_xmit++; 287 spinfo->tx_num_xmit++;
288 } 288 }
289 289
290 if (status->excessive_retries) { 290 if (info->status.excessive_retries) {
291 sta->tx_retry_failed++; 291 sta->tx_retry_failed++;
292 sta->tx_num_consecutive_failures++; 292 sta->tx_num_consecutive_failures++;
293 sta->tx_num_mpdu_fail++; 293 sta->tx_num_mpdu_fail++;
@@ -295,8 +295,8 @@ static void rate_control_pid_tx_status(void *priv, struct net_device *dev,
295 sta->tx_num_consecutive_failures = 0; 295 sta->tx_num_consecutive_failures = 0;
296 sta->tx_num_mpdu_ok++; 296 sta->tx_num_mpdu_ok++;
297 } 297 }
298 sta->tx_retry_count += status->retry_count; 298 sta->tx_retry_count += info->status.retry_count;
299 sta->tx_num_mpdu_fail += status->retry_count; 299 sta->tx_num_mpdu_fail += info->status.retry_count;
300 300
301 /* Update PID controller state. */ 301 /* Update PID controller state. */
302 period = (HZ * pinfo->sampling_period + 500) / 1000; 302 period = (HZ * pinfo->sampling_period + 500) / 1000;
@@ -330,15 +330,15 @@ static void rate_control_pid_get_rate(void *priv, struct net_device *dev,
330 fc = le16_to_cpu(hdr->frame_control); 330 fc = le16_to_cpu(hdr->frame_control);
331 if ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA || 331 if ((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA ||
332 is_multicast_ether_addr(hdr->addr1) || !sta) { 332 is_multicast_ether_addr(hdr->addr1) || !sta) {
333 sel->rate = rate_lowest(local, sband, sta); 333 sel->rate_idx = rate_lowest_index(local, sband, sta);
334 rcu_read_unlock(); 334 rcu_read_unlock();
335 return; 335 return;
336 } 336 }
337 337
338 /* If a forced rate is in effect, select it. */ 338 /* If a forced rate is in effect, select it. */
339 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 339 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
340 if (sdata->bss && sdata->bss->force_unicast_rateidx > -1) 340 if (sdata->force_unicast_rateidx > -1)
341 sta->txrate_idx = sdata->bss->force_unicast_rateidx; 341 sta->txrate_idx = sdata->force_unicast_rateidx;
342 342
343 rateidx = sta->txrate_idx; 343 rateidx = sta->txrate_idx;
344 344
@@ -349,7 +349,7 @@ static void rate_control_pid_get_rate(void *priv, struct net_device *dev,
349 349
350 rcu_read_unlock(); 350 rcu_read_unlock();
351 351
352 sel->rate = &sband->bitrates[rateidx]; 352 sel->rate_idx = rateidx;
353 353
354#ifdef CONFIG_MAC80211_DEBUGFS 354#ifdef CONFIG_MAC80211_DEBUGFS
355 rate_control_pid_event_tx_rate( 355 rate_control_pid_event_tx_rate(
@@ -398,13 +398,25 @@ static void *rate_control_pid_alloc(struct ieee80211_local *local)
398 return NULL; 398 return NULL;
399 } 399 }
400 400
401 pinfo->target = RC_PID_TARGET_PF;
402 pinfo->sampling_period = RC_PID_INTERVAL;
403 pinfo->coeff_p = RC_PID_COEFF_P;
404 pinfo->coeff_i = RC_PID_COEFF_I;
405 pinfo->coeff_d = RC_PID_COEFF_D;
406 pinfo->smoothing_shift = RC_PID_SMOOTHING_SHIFT;
407 pinfo->sharpen_factor = RC_PID_SHARPENING_FACTOR;
408 pinfo->sharpen_duration = RC_PID_SHARPENING_DURATION;
409 pinfo->norm_offset = RC_PID_NORM_OFFSET;
410 pinfo->rinfo = rinfo;
411 pinfo->oldrate = 0;
412
401 /* Sort the rates. This is optimized for the most common case (i.e. 413 /* Sort the rates. This is optimized for the most common case (i.e.
402 * almost-sorted CCK+OFDM rates). Kind of bubble-sort with reversed 414 * almost-sorted CCK+OFDM rates). Kind of bubble-sort with reversed
403 * mapping too. */ 415 * mapping too. */
404 for (i = 0; i < sband->n_bitrates; i++) { 416 for (i = 0; i < sband->n_bitrates; i++) {
405 rinfo[i].index = i; 417 rinfo[i].index = i;
406 rinfo[i].rev_index = i; 418 rinfo[i].rev_index = i;
407 if (pinfo->fast_start) 419 if (RC_PID_FAST_START)
408 rinfo[i].diff = 0; 420 rinfo[i].diff = 0;
409 else 421 else
410 rinfo[i].diff = i * pinfo->norm_offset; 422 rinfo[i].diff = i * pinfo->norm_offset;
@@ -425,19 +437,6 @@ static void *rate_control_pid_alloc(struct ieee80211_local *local)
425 break; 437 break;
426 } 438 }
427 439
428 pinfo->target = RC_PID_TARGET_PF;
429 pinfo->sampling_period = RC_PID_INTERVAL;
430 pinfo->coeff_p = RC_PID_COEFF_P;
431 pinfo->coeff_i = RC_PID_COEFF_I;
432 pinfo->coeff_d = RC_PID_COEFF_D;
433 pinfo->smoothing_shift = RC_PID_SMOOTHING_SHIFT;
434 pinfo->sharpen_factor = RC_PID_SHARPENING_FACTOR;
435 pinfo->sharpen_duration = RC_PID_SHARPENING_DURATION;
436 pinfo->norm_offset = RC_PID_NORM_OFFSET;
437 pinfo->fast_start = RC_PID_FAST_START;
438 pinfo->rinfo = rinfo;
439 pinfo->oldrate = 0;
440
441#ifdef CONFIG_MAC80211_DEBUGFS 440#ifdef CONFIG_MAC80211_DEBUGFS
442 de = &pinfo->dentries; 441 de = &pinfo->dentries;
443 de->dir = debugfs_create_dir("rc80211_pid", 442 de->dir = debugfs_create_dir("rc80211_pid",
@@ -465,9 +464,6 @@ static void *rate_control_pid_alloc(struct ieee80211_local *local)
465 de->norm_offset = debugfs_create_u32("norm_offset", 464 de->norm_offset = debugfs_create_u32("norm_offset",
466 S_IRUSR | S_IWUSR, de->dir, 465 S_IRUSR | S_IWUSR, de->dir,
467 &pinfo->norm_offset); 466 &pinfo->norm_offset);
468 de->fast_start = debugfs_create_bool("fast_start",
469 S_IRUSR | S_IWUSR, de->dir,
470 &pinfo->fast_start);
471#endif 467#endif
472 468
473 return pinfo; 469 return pinfo;
@@ -479,7 +475,6 @@ static void rate_control_pid_free(void *priv)
479#ifdef CONFIG_MAC80211_DEBUGFS 475#ifdef CONFIG_MAC80211_DEBUGFS
480 struct rc_pid_debugfs_entries *de = &pinfo->dentries; 476 struct rc_pid_debugfs_entries *de = &pinfo->dentries;
481 477
482 debugfs_remove(de->fast_start);
483 debugfs_remove(de->norm_offset); 478 debugfs_remove(de->norm_offset);
484 debugfs_remove(de->sharpen_duration); 479 debugfs_remove(de->sharpen_duration);
485 debugfs_remove(de->sharpen_factor); 480 debugfs_remove(de->sharpen_factor);
@@ -540,11 +535,6 @@ static struct rate_control_ops mac80211_rcpid = {
540#endif 535#endif
541}; 536};
542 537
543MODULE_DESCRIPTION("PID controller based rate control algorithm");
544MODULE_AUTHOR("Stefano Brivio");
545MODULE_AUTHOR("Mattias Nissler");
546MODULE_LICENSE("GPL");
547
548int __init rc80211_pid_init(void) 538int __init rc80211_pid_init(void)
549{ 539{
550 return ieee80211_rate_control_register(&mac80211_rcpid); 540 return ieee80211_rate_control_register(&mac80211_rcpid);
@@ -554,8 +544,3 @@ void rc80211_pid_exit(void)
554{ 544{
555 ieee80211_rate_control_unregister(&mac80211_rcpid); 545 ieee80211_rate_control_unregister(&mac80211_rcpid);
556} 546}
557
558#ifdef CONFIG_MAC80211_RC_PID_MODULE
559module_init(rc80211_pid_init);
560module_exit(rc80211_pid_exit);
561#endif
diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c
index ff5c380f3c13..8121d3bc6835 100644
--- a/net/mac80211/rc80211_pid_debugfs.c
+++ b/net/mac80211/rc80211_pid_debugfs.c
@@ -39,11 +39,11 @@ static void rate_control_pid_event(struct rc_pid_event_buffer *buf,
39} 39}
40 40
41void rate_control_pid_event_tx_status(struct rc_pid_event_buffer *buf, 41void rate_control_pid_event_tx_status(struct rc_pid_event_buffer *buf,
42 struct ieee80211_tx_status *stat) 42 struct ieee80211_tx_info *stat)
43{ 43{
44 union rc_pid_event_data evd; 44 union rc_pid_event_data evd;
45 45
46 memcpy(&evd.tx_status, stat, sizeof(struct ieee80211_tx_status)); 46 memcpy(&evd.tx_status, stat, sizeof(struct ieee80211_tx_info));
47 rate_control_pid_event(buf, RC_PID_EVENT_TYPE_TX_STATUS, &evd); 47 rate_control_pid_event(buf, RC_PID_EVENT_TYPE_TX_STATUS, &evd);
48} 48}
49 49
@@ -167,8 +167,8 @@ static ssize_t rate_control_pid_events_read(struct file *file, char __user *buf,
167 switch (ev->type) { 167 switch (ev->type) {
168 case RC_PID_EVENT_TYPE_TX_STATUS: 168 case RC_PID_EVENT_TYPE_TX_STATUS:
169 p += snprintf(pb + p, length - p, "tx_status %u %u", 169 p += snprintf(pb + p, length - p, "tx_status %u %u",
170 ev->data.tx_status.excessive_retries, 170 ev->data.tx_status.status.excessive_retries,
171 ev->data.tx_status.retry_count); 171 ev->data.tx_status.status.retry_count);
172 break; 172 break;
173 case RC_PID_EVENT_TYPE_RATE_CHANGE: 173 case RC_PID_EVENT_TYPE_RATE_CHANGE:
174 p += snprintf(pb + p, length - p, "rate_change %d %d", 174 p += snprintf(pb + p, length - p, "rate_change %d %d",
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 1958bfb361c6..6db854505193 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -61,22 +61,147 @@ static inline int should_drop_frame(struct ieee80211_rx_status *status,
61 int present_fcs_len, 61 int present_fcs_len,
62 int radiotap_len) 62 int radiotap_len)
63{ 63{
64 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 64 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
65 65
66 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC)) 66 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
67 return 1; 67 return 1;
68 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len)) 68 if (unlikely(skb->len < 16 + present_fcs_len + radiotap_len))
69 return 1; 69 return 1;
70 if (((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_FTYPE)) == 70 if (ieee80211_is_ctl(hdr->frame_control) &&
71 cpu_to_le16(IEEE80211_FTYPE_CTL)) && 71 !ieee80211_is_pspoll(hdr->frame_control) &&
72 ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE)) != 72 !ieee80211_is_back_req(hdr->frame_control))
73 cpu_to_le16(IEEE80211_STYPE_PSPOLL)) &&
74 ((hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE)) !=
75 cpu_to_le16(IEEE80211_STYPE_BACK_REQ)))
76 return 1; 73 return 1;
77 return 0; 74 return 0;
78} 75}
79 76
77static int
78ieee80211_rx_radiotap_len(struct ieee80211_local *local,
79 struct ieee80211_rx_status *status)
80{
81 int len;
82
83 /* always present fields */
84 len = sizeof(struct ieee80211_radiotap_header) + 9;
85
86 if (status->flag & RX_FLAG_TSFT)
87 len += 8;
88 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB ||
89 local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
90 len += 1;
91 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
92 len += 1;
93
94 if (len & 1) /* padding for RX_FLAGS if necessary */
95 len++;
96
97 /* make sure radiotap starts at a naturally aligned address */
98 if (len % 8)
99 len = roundup(len, 8);
100
101 return len;
102}
103
104/**
105 * ieee80211_add_rx_radiotap_header - add radiotap header
106 *
107 * add a radiotap header containing all the fields which the hardware provided.
108 */
109static void
110ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
111 struct sk_buff *skb,
112 struct ieee80211_rx_status *status,
113 struct ieee80211_rate *rate,
114 int rtap_len)
115{
116 struct ieee80211_radiotap_header *rthdr;
117 unsigned char *pos;
118
119 rthdr = (struct ieee80211_radiotap_header *)skb_push(skb, rtap_len);
120 memset(rthdr, 0, rtap_len);
121
122 /* radiotap header, set always present flags */
123 rthdr->it_present =
124 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
125 (1 << IEEE80211_RADIOTAP_RATE) |
126 (1 << IEEE80211_RADIOTAP_CHANNEL) |
127 (1 << IEEE80211_RADIOTAP_ANTENNA) |
128 (1 << IEEE80211_RADIOTAP_RX_FLAGS));
129 rthdr->it_len = cpu_to_le16(rtap_len);
130
131 pos = (unsigned char *)(rthdr+1);
132
133 /* the order of the following fields is important */
134
135 /* IEEE80211_RADIOTAP_TSFT */
136 if (status->flag & RX_FLAG_TSFT) {
137 *(__le64 *)pos = cpu_to_le64(status->mactime);
138 rthdr->it_present |=
139 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
140 pos += 8;
141 }
142
143 /* IEEE80211_RADIOTAP_FLAGS */
144 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
145 *pos |= IEEE80211_RADIOTAP_F_FCS;
146 pos++;
147
148 /* IEEE80211_RADIOTAP_RATE */
149 *pos = rate->bitrate / 5;
150 pos++;
151
152 /* IEEE80211_RADIOTAP_CHANNEL */
153 *(__le16 *)pos = cpu_to_le16(status->freq);
154 pos += 2;
155 if (status->band == IEEE80211_BAND_5GHZ)
156 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_OFDM |
157 IEEE80211_CHAN_5GHZ);
158 else
159 *(__le16 *)pos = cpu_to_le16(IEEE80211_CHAN_DYN |
160 IEEE80211_CHAN_2GHZ);
161 pos += 2;
162
163 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
164 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) {
165 *pos = status->signal;
166 rthdr->it_present |=
167 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
168 pos++;
169 }
170
171 /* IEEE80211_RADIOTAP_DBM_ANTNOISE */
172 if (local->hw.flags & IEEE80211_HW_NOISE_DBM) {
173 *pos = status->noise;
174 rthdr->it_present |=
175 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTNOISE);
176 pos++;
177 }
178
179 /* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */
180
181 /* IEEE80211_RADIOTAP_ANTENNA */
182 *pos = status->antenna;
183 pos++;
184
185 /* IEEE80211_RADIOTAP_DB_ANTSIGNAL */
186 if (local->hw.flags & IEEE80211_HW_SIGNAL_DB) {
187 *pos = status->signal;
188 rthdr->it_present |=
189 cpu_to_le32(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL);
190 pos++;
191 }
192
193 /* IEEE80211_RADIOTAP_DB_ANTNOISE is not used */
194
195 /* IEEE80211_RADIOTAP_RX_FLAGS */
196 /* ensure 2 byte alignment for the 2 byte field as required */
197 if ((pos - (unsigned char *)rthdr) & 1)
198 pos++;
199 /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
200 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
201 *(__le16 *)pos |= cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
202 pos += 2;
203}
204
80/* 205/*
81 * This function copies a received frame to all monitor interfaces and 206 * This function copies a received frame to all monitor interfaces and
82 * returns a cleaned-up SKB that no longer includes the FCS nor the 207 * returns a cleaned-up SKB that no longer includes the FCS nor the
@@ -89,17 +214,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
89{ 214{
90 struct ieee80211_sub_if_data *sdata; 215 struct ieee80211_sub_if_data *sdata;
91 int needed_headroom = 0; 216 int needed_headroom = 0;
92 struct ieee80211_radiotap_header *rthdr;
93 __le64 *rttsft = NULL;
94 struct ieee80211_rtap_fixed_data {
95 u8 flags;
96 u8 rate;
97 __le16 chan_freq;
98 __le16 chan_flags;
99 u8 antsignal;
100 u8 padding_for_rxflags;
101 __le16 rx_flags;
102 } __attribute__ ((packed)) *rtfixed;
103 struct sk_buff *skb, *skb2; 217 struct sk_buff *skb, *skb2;
104 struct net_device *prev_dev = NULL; 218 struct net_device *prev_dev = NULL;
105 int present_fcs_len = 0; 219 int present_fcs_len = 0;
@@ -116,8 +230,8 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
116 if (status->flag & RX_FLAG_RADIOTAP) 230 if (status->flag & RX_FLAG_RADIOTAP)
117 rtap_len = ieee80211_get_radiotap_len(origskb->data); 231 rtap_len = ieee80211_get_radiotap_len(origskb->data);
118 else 232 else
119 /* room for radiotap header, always present fields and TSFT */ 233 /* room for the radiotap header based on driver features */
120 needed_headroom = sizeof(*rthdr) + sizeof(*rtfixed) + 8; 234 needed_headroom = ieee80211_rx_radiotap_len(local, status);
121 235
122 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) 236 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
123 present_fcs_len = FCS_LEN; 237 present_fcs_len = FCS_LEN;
@@ -163,55 +277,9 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
163 } 277 }
164 278
165 /* if necessary, prepend radiotap information */ 279 /* if necessary, prepend radiotap information */
166 if (!(status->flag & RX_FLAG_RADIOTAP)) { 280 if (!(status->flag & RX_FLAG_RADIOTAP))
167 rtfixed = (void *) skb_push(skb, sizeof(*rtfixed)); 281 ieee80211_add_rx_radiotap_header(local, skb, status, rate,
168 rtap_len = sizeof(*rthdr) + sizeof(*rtfixed); 282 needed_headroom);
169 if (status->flag & RX_FLAG_TSFT) {
170 rttsft = (void *) skb_push(skb, sizeof(*rttsft));
171 rtap_len += 8;
172 }
173 rthdr = (void *) skb_push(skb, sizeof(*rthdr));
174 memset(rthdr, 0, sizeof(*rthdr));
175 memset(rtfixed, 0, sizeof(*rtfixed));
176 rthdr->it_present =
177 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
178 (1 << IEEE80211_RADIOTAP_RATE) |
179 (1 << IEEE80211_RADIOTAP_CHANNEL) |
180 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) |
181 (1 << IEEE80211_RADIOTAP_RX_FLAGS));
182 rtfixed->flags = 0;
183 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
184 rtfixed->flags |= IEEE80211_RADIOTAP_F_FCS;
185
186 if (rttsft) {
187 *rttsft = cpu_to_le64(status->mactime);
188 rthdr->it_present |=
189 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
190 }
191
192 /* FIXME: when radiotap gets a 'bad PLCP' flag use it here */
193 rtfixed->rx_flags = 0;
194 if (status->flag &
195 (RX_FLAG_FAILED_FCS_CRC | RX_FLAG_FAILED_PLCP_CRC))
196 rtfixed->rx_flags |=
197 cpu_to_le16(IEEE80211_RADIOTAP_F_RX_BADFCS);
198
199 rtfixed->rate = rate->bitrate / 5;
200
201 rtfixed->chan_freq = cpu_to_le16(status->freq);
202
203 if (status->band == IEEE80211_BAND_5GHZ)
204 rtfixed->chan_flags =
205 cpu_to_le16(IEEE80211_CHAN_OFDM |
206 IEEE80211_CHAN_5GHZ);
207 else
208 rtfixed->chan_flags =
209 cpu_to_le16(IEEE80211_CHAN_DYN |
210 IEEE80211_CHAN_2GHZ);
211
212 rtfixed->antsignal = status->ssi;
213 rthdr->it_len = cpu_to_le16(rtap_len);
214 }
215 283
216 skb_reset_mac_header(skb); 284 skb_reset_mac_header(skb);
217 skb->ip_summed = CHECKSUM_UNNECESSARY; 285 skb->ip_summed = CHECKSUM_UNNECESSARY;
@@ -253,33 +321,33 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
253 321
254static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) 322static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
255{ 323{
256 u8 *data = rx->skb->data; 324 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
257 int tid; 325 int tid;
258 326
259 /* does the frame have a qos control field? */ 327 /* does the frame have a qos control field? */
260 if (WLAN_FC_IS_QOS_DATA(rx->fc)) { 328 if (ieee80211_is_data_qos(hdr->frame_control)) {
261 u8 *qc = data + ieee80211_get_hdrlen(rx->fc) - QOS_CONTROL_LEN; 329 u8 *qc = ieee80211_get_qos_ctl(hdr);
262 /* frame has qos control */ 330 /* frame has qos control */
263 tid = qc[0] & QOS_CONTROL_TID_MASK; 331 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
264 if (qc[0] & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) 332 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
265 rx->flags |= IEEE80211_RX_AMSDU; 333 rx->flags |= IEEE80211_RX_AMSDU;
266 else 334 else
267 rx->flags &= ~IEEE80211_RX_AMSDU; 335 rx->flags &= ~IEEE80211_RX_AMSDU;
268 } else { 336 } else {
269 if (unlikely((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)) { 337 /*
270 /* Separate TID for management frames */ 338 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
271 tid = NUM_RX_DATA_QUEUES - 1; 339 *
272 } else { 340 * Sequence numbers for management frames, QoS data
273 /* no qos control present */ 341 * frames with a broadcast/multicast address in the
274 tid = 0; /* 802.1d - Best Effort */ 342 * Address 1 field, and all non-QoS data frames sent
275 } 343 * by QoS STAs are assigned using an additional single
344 * modulo-4096 counter, [...]
345 *
346 * We also use that counter for non-QoS STAs.
347 */
348 tid = NUM_RX_DATA_QUEUES - 1;
276 } 349 }
277 350
278 I802_DEBUG_INC(rx->local->wme_rx_queue[tid]);
279 /* only a debug counter, sta might not be assigned properly yet */
280 if (rx->sta)
281 I802_DEBUG_INC(rx->sta->wme_rx_queue[tid]);
282
283 rx->queue = tid; 351 rx->queue = tid;
284 /* Set skb->priority to 1d tag if highest order bit of TID is not set. 352 /* Set skb->priority to 1d tag if highest order bit of TID is not set.
285 * For now, set skb->priority to 0 for other cases. */ 353 * For now, set skb->priority to 0 for other cases. */
@@ -289,9 +357,10 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
289static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx) 357static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx)
290{ 358{
291#ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT 359#ifdef CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT
360 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
292 int hdrlen; 361 int hdrlen;
293 362
294 if (!WLAN_FC_DATA_PRESENT(rx->fc)) 363 if (!ieee80211_is_data_present(hdr->frame_control))
295 return; 364 return;
296 365
297 /* 366 /*
@@ -313,7 +382,7 @@ static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx)
313 * header and the payload is not supported, the driver is required 382 * header and the payload is not supported, the driver is required
314 * to move the 802.11 header further back in that case. 383 * to move the 802.11 header further back in that case.
315 */ 384 */
316 hdrlen = ieee80211_get_hdrlen(rx->fc); 385 hdrlen = ieee80211_hdrlen(hdr->frame_control);
317 if (rx->flags & IEEE80211_RX_AMSDU) 386 if (rx->flags & IEEE80211_RX_AMSDU)
318 hdrlen += ETH_HLEN; 387 hdrlen += ETH_HLEN;
319 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3); 388 WARN_ON_ONCE(((unsigned long)(rx->skb->data + hdrlen)) & 3);
@@ -321,51 +390,9 @@ static void ieee80211_verify_ip_alignment(struct ieee80211_rx_data *rx)
321} 390}
322 391
323 392
324static u32 ieee80211_rx_load_stats(struct ieee80211_local *local,
325 struct sk_buff *skb,
326 struct ieee80211_rx_status *status,
327 struct ieee80211_rate *rate)
328{
329 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
330 u32 load = 0, hdrtime;
331
332 /* Estimate total channel use caused by this frame */
333
334 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
335 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
336
337 if (status->band == IEEE80211_BAND_5GHZ ||
338 (status->band == IEEE80211_BAND_5GHZ &&
339 rate->flags & IEEE80211_RATE_ERP_G))
340 hdrtime = CHAN_UTIL_HDR_SHORT;
341 else
342 hdrtime = CHAN_UTIL_HDR_LONG;
343
344 load = hdrtime;
345 if (!is_multicast_ether_addr(hdr->addr1))
346 load += hdrtime;
347
348 /* TODO: optimise again */
349 load += skb->len * CHAN_UTIL_RATE_LCM / rate->bitrate;
350
351 /* Divide channel_use by 8 to avoid wrapping around the counter */
352 load >>= CHAN_UTIL_SHIFT;
353
354 return load;
355}
356
357/* rx handlers */ 393/* rx handlers */
358 394
359static ieee80211_rx_result 395static ieee80211_rx_result debug_noinline
360ieee80211_rx_h_if_stats(struct ieee80211_rx_data *rx)
361{
362 if (rx->sta)
363 rx->sta->channel_use_raw += rx->load;
364 rx->sdata->channel_use_raw += rx->load;
365 return RX_CONTINUE;
366}
367
368static ieee80211_rx_result
369ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx) 396ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
370{ 397{
371 struct ieee80211_local *local = rx->local; 398 struct ieee80211_local *local = rx->local;
@@ -394,14 +421,11 @@ ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
394static ieee80211_rx_result 421static ieee80211_rx_result
395ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx) 422ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
396{ 423{
397 int hdrlen = ieee80211_get_hdrlen(rx->fc); 424 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
398 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 425 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
399
400#define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
401 426
402 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) { 427 if (ieee80211_is_data(hdr->frame_control)) {
403 if (!((rx->fc & IEEE80211_FCTL_FROMDS) && 428 if (!ieee80211_has_a4(hdr->frame_control))
404 (rx->fc & IEEE80211_FCTL_TODS)))
405 return RX_DROP_MONITOR; 429 return RX_DROP_MONITOR;
406 if (memcmp(hdr->addr4, rx->dev->dev_addr, ETH_ALEN) == 0) 430 if (memcmp(hdr->addr4, rx->dev->dev_addr, ETH_ALEN) == 0)
407 return RX_DROP_MONITOR; 431 return RX_DROP_MONITOR;
@@ -414,27 +438,30 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
414 if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) { 438 if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) {
415 struct ieee80211_mgmt *mgmt; 439 struct ieee80211_mgmt *mgmt;
416 440
417 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT) 441 if (!ieee80211_is_mgmt(hdr->frame_control))
418 return RX_DROP_MONITOR; 442 return RX_DROP_MONITOR;
419 443
420 switch (rx->fc & IEEE80211_FCTL_STYPE) { 444 if (ieee80211_is_action(hdr->frame_control)) {
421 case IEEE80211_STYPE_ACTION:
422 mgmt = (struct ieee80211_mgmt *)hdr; 445 mgmt = (struct ieee80211_mgmt *)hdr;
423 if (mgmt->u.action.category != PLINK_CATEGORY) 446 if (mgmt->u.action.category != PLINK_CATEGORY)
424 return RX_DROP_MONITOR; 447 return RX_DROP_MONITOR;
425 /* fall through on else */
426 case IEEE80211_STYPE_PROBE_REQ:
427 case IEEE80211_STYPE_PROBE_RESP:
428 case IEEE80211_STYPE_BEACON:
429 return RX_CONTINUE; 448 return RX_CONTINUE;
430 break;
431 default:
432 return RX_DROP_MONITOR;
433 } 449 }
434 450
435 } else if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && 451 if (ieee80211_is_probe_req(hdr->frame_control) ||
436 is_multicast_ether_addr(hdr->addr1) && 452 ieee80211_is_probe_resp(hdr->frame_control) ||
437 mesh_rmc_check(hdr->addr4, msh_h_get(hdr, hdrlen), rx->dev)) 453 ieee80211_is_beacon(hdr->frame_control))
454 return RX_CONTINUE;
455
456 return RX_DROP_MONITOR;
457
458 }
459
460#define msh_h_get(h, l) ((struct ieee80211s_hdr *) ((u8 *)h + l))
461
462 if (ieee80211_is_data(hdr->frame_control) &&
463 is_multicast_ether_addr(hdr->addr1) &&
464 mesh_rmc_check(hdr->addr4, msh_h_get(hdr, hdrlen), rx->dev))
438 return RX_DROP_MONITOR; 465 return RX_DROP_MONITOR;
439#undef msh_h_get 466#undef msh_h_get
440 467
@@ -442,16 +469,14 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
442} 469}
443 470
444 471
445static ieee80211_rx_result 472static ieee80211_rx_result debug_noinline
446ieee80211_rx_h_check(struct ieee80211_rx_data *rx) 473ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
447{ 474{
448 struct ieee80211_hdr *hdr; 475 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
449
450 hdr = (struct ieee80211_hdr *) rx->skb->data;
451 476
452 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ 477 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
453 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { 478 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
454 if (unlikely(rx->fc & IEEE80211_FCTL_RETRY && 479 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
455 rx->sta->last_seq_ctrl[rx->queue] == 480 rx->sta->last_seq_ctrl[rx->queue] ==
456 hdr->seq_ctrl)) { 481 hdr->seq_ctrl)) {
457 if (rx->flags & IEEE80211_RX_RA_MATCH) { 482 if (rx->flags & IEEE80211_RX_RA_MATCH) {
@@ -480,15 +505,14 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
480 if (ieee80211_vif_is_mesh(&rx->sdata->vif)) 505 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
481 return ieee80211_rx_mesh_check(rx); 506 return ieee80211_rx_mesh_check(rx);
482 507
483 if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA || 508 if (unlikely((ieee80211_is_data(hdr->frame_control) ||
484 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL && 509 ieee80211_is_pspoll(hdr->frame_control)) &&
485 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
486 rx->sdata->vif.type != IEEE80211_IF_TYPE_IBSS && 510 rx->sdata->vif.type != IEEE80211_IF_TYPE_IBSS &&
487 (!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) { 511 (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) {
488 if ((!(rx->fc & IEEE80211_FCTL_FROMDS) && 512 if ((!ieee80211_has_fromds(hdr->frame_control) &&
489 !(rx->fc & IEEE80211_FCTL_TODS) && 513 !ieee80211_has_tods(hdr->frame_control) &&
490 (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) 514 ieee80211_is_data(hdr->frame_control)) ||
491 || !(rx->flags & IEEE80211_RX_RA_MATCH)) { 515 !(rx->flags & IEEE80211_RX_RA_MATCH)) {
492 /* Drop IBSS frames and frames for other hosts 516 /* Drop IBSS frames and frames for other hosts
493 * silently. */ 517 * silently. */
494 return RX_DROP_MONITOR; 518 return RX_DROP_MONITOR;
@@ -501,10 +525,10 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
501} 525}
502 526
503 527
504static ieee80211_rx_result 528static ieee80211_rx_result debug_noinline
505ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) 529ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
506{ 530{
507 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 531 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
508 int keyidx; 532 int keyidx;
509 int hdrlen; 533 int hdrlen;
510 ieee80211_rx_result result = RX_DROP_UNUSABLE; 534 ieee80211_rx_result result = RX_DROP_UNUSABLE;
@@ -536,7 +560,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
536 * possible. 560 * possible.
537 */ 561 */
538 562
539 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) 563 if (!ieee80211_has_protected(hdr->frame_control))
540 return RX_CONTINUE; 564 return RX_CONTINUE;
541 565
542 /* 566 /*
@@ -565,7 +589,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
565 (rx->status->flag & RX_FLAG_IV_STRIPPED)) 589 (rx->status->flag & RX_FLAG_IV_STRIPPED))
566 return RX_CONTINUE; 590 return RX_CONTINUE;
567 591
568 hdrlen = ieee80211_get_hdrlen(rx->fc); 592 hdrlen = ieee80211_hdrlen(hdr->frame_control);
569 593
570 if (rx->skb->len < 8 + hdrlen) 594 if (rx->skb->len < 8 + hdrlen)
571 return RX_DROP_UNUSABLE; /* TODO: count this? */ 595 return RX_DROP_UNUSABLE; /* TODO: count this? */
@@ -592,17 +616,12 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
592 rx->key->tx_rx_count++; 616 rx->key->tx_rx_count++;
593 /* TODO: add threshold stuff again */ 617 /* TODO: add threshold stuff again */
594 } else { 618 } else {
595#ifdef CONFIG_MAC80211_DEBUG
596 if (net_ratelimit())
597 printk(KERN_DEBUG "%s: RX protected frame,"
598 " but have no key\n", rx->dev->name);
599#endif /* CONFIG_MAC80211_DEBUG */
600 return RX_DROP_MONITOR; 619 return RX_DROP_MONITOR;
601 } 620 }
602 621
603 /* Check for weak IVs if possible */ 622 /* Check for weak IVs if possible */
604 if (rx->sta && rx->key->conf.alg == ALG_WEP && 623 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
605 ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) && 624 ieee80211_is_data(hdr->frame_control) &&
606 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) || 625 (!(rx->status->flag & RX_FLAG_IV_STRIPPED) ||
607 !(rx->status->flag & RX_FLAG_DECRYPTED)) && 626 !(rx->status->flag & RX_FLAG_DECRYPTED)) &&
608 ieee80211_wep_is_weak_iv(rx->skb, rx->key)) 627 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
@@ -633,10 +652,8 @@ static void ap_sta_ps_start(struct net_device *dev, struct sta_info *sta)
633 652
634 sdata = sta->sdata; 653 sdata = sta->sdata;
635 654
636 if (sdata->bss) 655 atomic_inc(&sdata->bss->num_sta_ps);
637 atomic_inc(&sdata->bss->num_sta_ps); 656 set_and_clear_sta_flags(sta, WLAN_STA_PS, WLAN_STA_PSPOLL);
638 sta->flags |= WLAN_STA_PS;
639 sta->flags &= ~WLAN_STA_PSPOLL;
640#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 657#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
641 printk(KERN_DEBUG "%s: STA %s aid %d enters power save mode\n", 658 printk(KERN_DEBUG "%s: STA %s aid %d enters power save mode\n",
642 dev->name, print_mac(mac, sta->addr), sta->aid); 659 dev->name, print_mac(mac, sta->addr), sta->aid);
@@ -649,15 +666,14 @@ static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
649 struct sk_buff *skb; 666 struct sk_buff *skb;
650 int sent = 0; 667 int sent = 0;
651 struct ieee80211_sub_if_data *sdata; 668 struct ieee80211_sub_if_data *sdata;
652 struct ieee80211_tx_packet_data *pkt_data; 669 struct ieee80211_tx_info *info;
653 DECLARE_MAC_BUF(mac); 670 DECLARE_MAC_BUF(mac);
654 671
655 sdata = sta->sdata; 672 sdata = sta->sdata;
656 673
657 if (sdata->bss) 674 atomic_dec(&sdata->bss->num_sta_ps);
658 atomic_dec(&sdata->bss->num_sta_ps);
659 675
660 sta->flags &= ~(WLAN_STA_PS | WLAN_STA_PSPOLL); 676 clear_sta_flags(sta, WLAN_STA_PS | WLAN_STA_PSPOLL);
661 677
662 if (!skb_queue_empty(&sta->ps_tx_buf)) 678 if (!skb_queue_empty(&sta->ps_tx_buf))
663 sta_info_clear_tim_bit(sta); 679 sta_info_clear_tim_bit(sta);
@@ -669,13 +685,13 @@ static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
669 685
670 /* Send all buffered frames to the station */ 686 /* Send all buffered frames to the station */
671 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { 687 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) {
672 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 688 info = IEEE80211_SKB_CB(skb);
673 sent++; 689 sent++;
674 pkt_data->flags |= IEEE80211_TXPD_REQUEUE; 690 info->flags |= IEEE80211_TX_CTL_REQUEUE;
675 dev_queue_xmit(skb); 691 dev_queue_xmit(skb);
676 } 692 }
677 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { 693 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
678 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 694 info = IEEE80211_SKB_CB(skb);
679 local->total_ps_buffered--; 695 local->total_ps_buffered--;
680 sent++; 696 sent++;
681#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 697#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
@@ -683,19 +699,19 @@ static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta)
683 "since STA not sleeping anymore\n", dev->name, 699 "since STA not sleeping anymore\n", dev->name,
684 print_mac(mac, sta->addr), sta->aid); 700 print_mac(mac, sta->addr), sta->aid);
685#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 701#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
686 pkt_data->flags |= IEEE80211_TXPD_REQUEUE; 702 info->flags |= IEEE80211_TX_CTL_REQUEUE;
687 dev_queue_xmit(skb); 703 dev_queue_xmit(skb);
688 } 704 }
689 705
690 return sent; 706 return sent;
691} 707}
692 708
693static ieee80211_rx_result 709static ieee80211_rx_result debug_noinline
694ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 710ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
695{ 711{
696 struct sta_info *sta = rx->sta; 712 struct sta_info *sta = rx->sta;
697 struct net_device *dev = rx->dev; 713 struct net_device *dev = rx->dev;
698 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 714 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
699 715
700 if (!sta) 716 if (!sta)
701 return RX_CONTINUE; 717 return RX_CONTINUE;
@@ -725,24 +741,26 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
725 741
726 sta->rx_fragments++; 742 sta->rx_fragments++;
727 sta->rx_bytes += rx->skb->len; 743 sta->rx_bytes += rx->skb->len;
728 sta->last_rssi = rx->status->ssi;
729 sta->last_signal = rx->status->signal; 744 sta->last_signal = rx->status->signal;
745 sta->last_qual = rx->status->qual;
730 sta->last_noise = rx->status->noise; 746 sta->last_noise = rx->status->noise;
731 747
732 if (!(rx->fc & IEEE80211_FCTL_MOREFRAGS)) { 748 if (!ieee80211_has_morefrags(hdr->frame_control) &&
749 (rx->sdata->vif.type == IEEE80211_IF_TYPE_AP ||
750 rx->sdata->vif.type == IEEE80211_IF_TYPE_VLAN)) {
733 /* Change STA power saving mode only in the end of a frame 751 /* Change STA power saving mode only in the end of a frame
734 * exchange sequence */ 752 * exchange sequence */
735 if ((sta->flags & WLAN_STA_PS) && !(rx->fc & IEEE80211_FCTL_PM)) 753 if (test_sta_flags(sta, WLAN_STA_PS) &&
754 !ieee80211_has_pm(hdr->frame_control))
736 rx->sent_ps_buffered += ap_sta_ps_end(dev, sta); 755 rx->sent_ps_buffered += ap_sta_ps_end(dev, sta);
737 else if (!(sta->flags & WLAN_STA_PS) && 756 else if (!test_sta_flags(sta, WLAN_STA_PS) &&
738 (rx->fc & IEEE80211_FCTL_PM)) 757 ieee80211_has_pm(hdr->frame_control))
739 ap_sta_ps_start(dev, sta); 758 ap_sta_ps_start(dev, sta);
740 } 759 }
741 760
742 /* Drop data::nullfunc frames silently, since they are used only to 761 /* Drop data::nullfunc frames silently, since they are used only to
743 * control station power saving mode. */ 762 * control station power saving mode. */
744 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA && 763 if (ieee80211_is_nullfunc(hdr->frame_control)) {
745 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_NULLFUNC) {
746 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc); 764 I802_DEBUG_INC(rx->local->rx_handlers_drop_nullfunc);
747 /* Update counter and free packet here to avoid counting this 765 /* Update counter and free packet here to avoid counting this
748 * as a dropped packed. */ 766 * as a dropped packed. */
@@ -768,7 +786,7 @@ ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
768 sdata->fragment_next = 0; 786 sdata->fragment_next = 0;
769 787
770 if (!skb_queue_empty(&entry->skb_list)) { 788 if (!skb_queue_empty(&entry->skb_list)) {
771#ifdef CONFIG_MAC80211_DEBUG 789#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
772 struct ieee80211_hdr *hdr = 790 struct ieee80211_hdr *hdr =
773 (struct ieee80211_hdr *) entry->skb_list.next->data; 791 (struct ieee80211_hdr *) entry->skb_list.next->data;
774 DECLARE_MAC_BUF(mac); 792 DECLARE_MAC_BUF(mac);
@@ -780,7 +798,7 @@ ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
780 jiffies - entry->first_frag_time, entry->seq, 798 jiffies - entry->first_frag_time, entry->seq,
781 entry->last_frag, print_mac(mac, hdr->addr1), 799 entry->last_frag, print_mac(mac, hdr->addr1),
782 print_mac(mac2, hdr->addr2)); 800 print_mac(mac2, hdr->addr2));
783#endif /* CONFIG_MAC80211_DEBUG */ 801#endif
784 __skb_queue_purge(&entry->skb_list); 802 __skb_queue_purge(&entry->skb_list);
785 } 803 }
786 804
@@ -837,7 +855,7 @@ ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
837 return NULL; 855 return NULL;
838} 856}
839 857
840static ieee80211_rx_result 858static ieee80211_rx_result debug_noinline
841ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) 859ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
842{ 860{
843 struct ieee80211_hdr *hdr; 861 struct ieee80211_hdr *hdr;
@@ -901,18 +919,8 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
901 break; 919 break;
902 } 920 }
903 rpn = rx->key->u.ccmp.rx_pn[rx->queue]; 921 rpn = rx->key->u.ccmp.rx_pn[rx->queue];
904 if (memcmp(pn, rpn, CCMP_PN_LEN) != 0) { 922 if (memcmp(pn, rpn, CCMP_PN_LEN))
905 if (net_ratelimit())
906 printk(KERN_DEBUG "%s: defrag: CCMP PN not "
907 "sequential A2=%s"
908 " PN=%02x%02x%02x%02x%02x%02x "
909 "(expected %02x%02x%02x%02x%02x%02x)\n",
910 rx->dev->name, print_mac(mac, hdr->addr2),
911 rpn[0], rpn[1], rpn[2], rpn[3], rpn[4],
912 rpn[5], pn[0], pn[1], pn[2], pn[3],
913 pn[4], pn[5]);
914 return RX_DROP_UNUSABLE; 923 return RX_DROP_UNUSABLE;
915 }
916 memcpy(entry->last_pn, pn, CCMP_PN_LEN); 924 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
917 } 925 }
918 926
@@ -953,7 +961,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
953 return RX_CONTINUE; 961 return RX_CONTINUE;
954} 962}
955 963
956static ieee80211_rx_result 964static ieee80211_rx_result debug_noinline
957ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx) 965ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
958{ 966{
959 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev); 967 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(rx->dev);
@@ -988,7 +996,7 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
988 * Tell TX path to send one frame even though the STA may 996 * Tell TX path to send one frame even though the STA may
989 * still remain is PS mode after this frame exchange. 997 * still remain is PS mode after this frame exchange.
990 */ 998 */
991 rx->sta->flags |= WLAN_STA_PSPOLL; 999 set_sta_flags(rx->sta, WLAN_STA_PSPOLL);
992 1000
993#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1001#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
994 printk(KERN_DEBUG "STA %s aid %d: PS Poll (entries after %d)\n", 1002 printk(KERN_DEBUG "STA %s aid %d: PS Poll (entries after %d)\n",
@@ -1016,7 +1024,7 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1016 * have nothing buffered for it? 1024 * have nothing buffered for it?
1017 */ 1025 */
1018 printk(KERN_DEBUG "%s: STA %s sent PS Poll even " 1026 printk(KERN_DEBUG "%s: STA %s sent PS Poll even "
1019 "though there is no buffered frames for it\n", 1027 "though there are no buffered frames for it\n",
1020 rx->dev->name, print_mac(mac, rx->sta->addr)); 1028 rx->dev->name, print_mac(mac, rx->sta->addr));
1021#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1029#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1022 } 1030 }
@@ -1028,22 +1036,22 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1028 return RX_QUEUED; 1036 return RX_QUEUED;
1029} 1037}
1030 1038
1031static ieee80211_rx_result 1039static ieee80211_rx_result debug_noinline
1032ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx) 1040ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx)
1033{ 1041{
1034 u16 fc = rx->fc;
1035 u8 *data = rx->skb->data; 1042 u8 *data = rx->skb->data;
1036 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) data; 1043 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)data;
1037 1044
1038 if (!WLAN_FC_IS_QOS_DATA(fc)) 1045 if (!ieee80211_is_data_qos(hdr->frame_control))
1039 return RX_CONTINUE; 1046 return RX_CONTINUE;
1040 1047
1041 /* remove the qos control field, update frame type and meta-data */ 1048 /* remove the qos control field, update frame type and meta-data */
1042 memmove(data + 2, data, ieee80211_get_hdrlen(fc) - 2); 1049 memmove(data + IEEE80211_QOS_CTL_LEN, data,
1043 hdr = (struct ieee80211_hdr *) skb_pull(rx->skb, 2); 1050 ieee80211_hdrlen(hdr->frame_control) - IEEE80211_QOS_CTL_LEN);
1051 hdr = (struct ieee80211_hdr *)skb_pull(rx->skb, IEEE80211_QOS_CTL_LEN);
1044 /* change frame type to non QOS */ 1052 /* change frame type to non QOS */
1045 rx->fc = fc &= ~IEEE80211_STYPE_QOS_DATA; 1053 rx->fc &= ~IEEE80211_STYPE_QOS_DATA;
1046 hdr->frame_control = cpu_to_le16(fc); 1054 hdr->frame_control &= ~cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1047 1055
1048 return RX_CONTINUE; 1056 return RX_CONTINUE;
1049} 1057}
@@ -1051,14 +1059,9 @@ ieee80211_rx_h_remove_qos_control(struct ieee80211_rx_data *rx)
1051static int 1059static int
1052ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx) 1060ieee80211_802_1x_port_control(struct ieee80211_rx_data *rx)
1053{ 1061{
1054 if (unlikely(!rx->sta || !(rx->sta->flags & WLAN_STA_AUTHORIZED))) { 1062 if (unlikely(!rx->sta ||
1055#ifdef CONFIG_MAC80211_DEBUG 1063 !test_sta_flags(rx->sta, WLAN_STA_AUTHORIZED)))
1056 if (net_ratelimit())
1057 printk(KERN_DEBUG "%s: dropped frame "
1058 "(unauthorized port)\n", rx->dev->name);
1059#endif /* CONFIG_MAC80211_DEBUG */
1060 return -EACCES; 1064 return -EACCES;
1061 }
1062 1065
1063 return 0; 1066 return 0;
1064} 1067}
@@ -1091,7 +1094,7 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1091 u16 fc, hdrlen, ethertype; 1094 u16 fc, hdrlen, ethertype;
1092 u8 *payload; 1095 u8 *payload;
1093 u8 dst[ETH_ALEN]; 1096 u8 dst[ETH_ALEN];
1094 u8 src[ETH_ALEN]; 1097 u8 src[ETH_ALEN] __aligned(2);
1095 struct sk_buff *skb = rx->skb; 1098 struct sk_buff *skb = rx->skb;
1096 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1099 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1097 DECLARE_MAC_BUF(mac); 1100 DECLARE_MAC_BUF(mac);
@@ -1106,20 +1109,9 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1106 1109
1107 hdrlen = ieee80211_get_hdrlen(fc); 1110 hdrlen = ieee80211_get_hdrlen(fc);
1108 1111
1109 if (ieee80211_vif_is_mesh(&sdata->vif)) { 1112 if (ieee80211_vif_is_mesh(&sdata->vif))
1110 int meshhdrlen = ieee80211_get_mesh_hdrlen( 1113 hdrlen += ieee80211_get_mesh_hdrlen(
1111 (struct ieee80211s_hdr *) (skb->data + hdrlen)); 1114 (struct ieee80211s_hdr *) (skb->data + hdrlen));
1112 /* Copy on cb:
1113 * - mesh header: to be used for mesh forwarding
1114 * decision. It will also be used as mesh header template at
1115 * tx.c:ieee80211_subif_start_xmit() if interface
1116 * type is mesh and skb->pkt_type == PACKET_OTHERHOST
1117 * - ta: to be used if a RERR needs to be sent.
1118 */
1119 memcpy(skb->cb, skb->data + hdrlen, meshhdrlen);
1120 memcpy(MESH_PREQ(skb), hdr->addr2, ETH_ALEN);
1121 hdrlen += meshhdrlen;
1122 }
1123 1115
1124 /* convert IEEE 802.11 header + possible LLC headers into Ethernet 1116 /* convert IEEE 802.11 header + possible LLC headers into Ethernet
1125 * header 1117 * header
@@ -1138,16 +1130,8 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1138 memcpy(src, hdr->addr2, ETH_ALEN); 1130 memcpy(src, hdr->addr2, ETH_ALEN);
1139 1131
1140 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_AP && 1132 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_AP &&
1141 sdata->vif.type != IEEE80211_IF_TYPE_VLAN)) { 1133 sdata->vif.type != IEEE80211_IF_TYPE_VLAN))
1142 if (net_ratelimit())
1143 printk(KERN_DEBUG "%s: dropped ToDS frame "
1144 "(BSSID=%s SA=%s DA=%s)\n",
1145 dev->name,
1146 print_mac(mac, hdr->addr1),
1147 print_mac(mac2, hdr->addr2),
1148 print_mac(mac3, hdr->addr3));
1149 return -1; 1134 return -1;
1150 }
1151 break; 1135 break;
1152 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 1136 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
1153 /* RA TA DA SA */ 1137 /* RA TA DA SA */
@@ -1155,17 +1139,8 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1155 memcpy(src, hdr->addr4, ETH_ALEN); 1139 memcpy(src, hdr->addr4, ETH_ALEN);
1156 1140
1157 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_WDS && 1141 if (unlikely(sdata->vif.type != IEEE80211_IF_TYPE_WDS &&
1158 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT)) { 1142 sdata->vif.type != IEEE80211_IF_TYPE_MESH_POINT))
1159 if (net_ratelimit())
1160 printk(KERN_DEBUG "%s: dropped FromDS&ToDS "
1161 "frame (RA=%s TA=%s DA=%s SA=%s)\n",
1162 rx->dev->name,
1163 print_mac(mac, hdr->addr1),
1164 print_mac(mac2, hdr->addr2),
1165 print_mac(mac3, hdr->addr3),
1166 print_mac(mac4, hdr->addr4));
1167 return -1; 1143 return -1;
1168 }
1169 break; 1144 break;
1170 case IEEE80211_FCTL_FROMDS: 1145 case IEEE80211_FCTL_FROMDS:
1171 /* DA BSSID SA */ 1146 /* DA BSSID SA */
@@ -1182,27 +1157,13 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1182 memcpy(dst, hdr->addr1, ETH_ALEN); 1157 memcpy(dst, hdr->addr1, ETH_ALEN);
1183 memcpy(src, hdr->addr2, ETH_ALEN); 1158 memcpy(src, hdr->addr2, ETH_ALEN);
1184 1159
1185 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS) { 1160 if (sdata->vif.type != IEEE80211_IF_TYPE_IBSS)
1186 if (net_ratelimit()) {
1187 printk(KERN_DEBUG "%s: dropped IBSS frame "
1188 "(DA=%s SA=%s BSSID=%s)\n",
1189 dev->name,
1190 print_mac(mac, hdr->addr1),
1191 print_mac(mac2, hdr->addr2),
1192 print_mac(mac3, hdr->addr3));
1193 }
1194 return -1; 1161 return -1;
1195 }
1196 break; 1162 break;
1197 } 1163 }
1198 1164
1199 if (unlikely(skb->len - hdrlen < 8)) { 1165 if (unlikely(skb->len - hdrlen < 8))
1200 if (net_ratelimit()) {
1201 printk(KERN_DEBUG "%s: RX too short data frame "
1202 "payload\n", dev->name);
1203 }
1204 return -1; 1166 return -1;
1205 }
1206 1167
1207 payload = skb->data + hdrlen; 1168 payload = skb->data + hdrlen;
1208 ethertype = (payload[6] << 8) | payload[7]; 1169 ethertype = (payload[6] << 8) | payload[7];
@@ -1234,7 +1195,7 @@ ieee80211_data_to_8023(struct ieee80211_rx_data *rx)
1234 */ 1195 */
1235static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx) 1196static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx)
1236{ 1197{
1237 static const u8 pae_group_addr[ETH_ALEN] 1198 static const u8 pae_group_addr[ETH_ALEN] __aligned(2)
1238 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 }; 1199 = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x03 };
1239 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; 1200 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1240 1201
@@ -1297,38 +1258,6 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1297 } 1258 }
1298 } 1259 }
1299 1260
1300 /* Mesh forwarding */
1301 if (ieee80211_vif_is_mesh(&sdata->vif)) {
1302 u8 *mesh_ttl = &((struct ieee80211s_hdr *)skb->cb)->ttl;
1303 (*mesh_ttl)--;
1304
1305 if (is_multicast_ether_addr(skb->data)) {
1306 if (*mesh_ttl > 0) {
1307 xmit_skb = skb_copy(skb, GFP_ATOMIC);
1308 if (xmit_skb)
1309 xmit_skb->pkt_type = PACKET_OTHERHOST;
1310 else if (net_ratelimit())
1311 printk(KERN_DEBUG "%s: failed to clone "
1312 "multicast frame\n", dev->name);
1313 } else
1314 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.sta,
1315 dropped_frames_ttl);
1316 } else if (skb->pkt_type != PACKET_OTHERHOST &&
1317 compare_ether_addr(dev->dev_addr, skb->data) != 0) {
1318 if (*mesh_ttl == 0) {
1319 IEEE80211_IFSTA_MESH_CTR_INC(&sdata->u.sta,
1320 dropped_frames_ttl);
1321 dev_kfree_skb(skb);
1322 skb = NULL;
1323 } else {
1324 xmit_skb = skb;
1325 xmit_skb->pkt_type = PACKET_OTHERHOST;
1326 if (!(dev->flags & IFF_PROMISC))
1327 skb = NULL;
1328 }
1329 }
1330 }
1331
1332 if (skb) { 1261 if (skb) {
1333 /* deliver to local stack */ 1262 /* deliver to local stack */
1334 skb->protocol = eth_type_trans(skb, dev); 1263 skb->protocol = eth_type_trans(skb, dev);
@@ -1345,7 +1274,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1345 } 1274 }
1346} 1275}
1347 1276
1348static ieee80211_rx_result 1277static ieee80211_rx_result debug_noinline
1349ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx) 1278ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1350{ 1279{
1351 struct net_device *dev = rx->dev; 1280 struct net_device *dev = rx->dev;
@@ -1394,10 +1323,8 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1394 1323
1395 padding = ((4 - subframe_len) & 0x3); 1324 padding = ((4 - subframe_len) & 0x3);
1396 /* the last MSDU has no padding */ 1325 /* the last MSDU has no padding */
1397 if (subframe_len > remaining) { 1326 if (subframe_len > remaining)
1398 printk(KERN_DEBUG "%s: wrong buffer size\n", dev->name);
1399 return RX_DROP_UNUSABLE; 1327 return RX_DROP_UNUSABLE;
1400 }
1401 1328
1402 skb_pull(skb, sizeof(struct ethhdr)); 1329 skb_pull(skb, sizeof(struct ethhdr));
1403 /* if last subframe reuse skb */ 1330 /* if last subframe reuse skb */
@@ -1418,8 +1345,6 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1418 eth = (struct ethhdr *) skb_pull(skb, ntohs(len) + 1345 eth = (struct ethhdr *) skb_pull(skb, ntohs(len) +
1419 padding); 1346 padding);
1420 if (!eth) { 1347 if (!eth) {
1421 printk(KERN_DEBUG "%s: wrong buffer size\n",
1422 dev->name);
1423 dev_kfree_skb(frame); 1348 dev_kfree_skb(frame);
1424 return RX_DROP_UNUSABLE; 1349 return RX_DROP_UNUSABLE;
1425 } 1350 }
@@ -1462,7 +1387,64 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1462 return RX_QUEUED; 1387 return RX_QUEUED;
1463} 1388}
1464 1389
1465static ieee80211_rx_result 1390static ieee80211_rx_result debug_noinline
1391ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1392{
1393 struct ieee80211_hdr *hdr;
1394 struct ieee80211s_hdr *mesh_hdr;
1395 unsigned int hdrlen;
1396 struct sk_buff *skb = rx->skb, *fwd_skb;
1397
1398 hdr = (struct ieee80211_hdr *) skb->data;
1399 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1400 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1401
1402 if (!ieee80211_is_data(hdr->frame_control))
1403 return RX_CONTINUE;
1404
1405 if (!mesh_hdr->ttl)
1406 /* illegal frame */
1407 return RX_DROP_MONITOR;
1408
1409 if (compare_ether_addr(rx->dev->dev_addr, hdr->addr3) == 0)
1410 return RX_CONTINUE;
1411
1412 mesh_hdr->ttl--;
1413
1414 if (rx->flags & IEEE80211_RX_RA_MATCH) {
1415 if (!mesh_hdr->ttl)
1416 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.sta,
1417 dropped_frames_ttl);
1418 else {
1419 struct ieee80211_hdr *fwd_hdr;
1420 fwd_skb = skb_copy(skb, GFP_ATOMIC);
1421
1422 if (!fwd_skb && net_ratelimit())
1423 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1424 rx->dev->name);
1425
1426 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1427 /*
1428 * Save TA to addr1 to send TA a path error if a
1429 * suitable next hop is not found
1430 */
1431 memcpy(fwd_hdr->addr1, fwd_hdr->addr2, ETH_ALEN);
1432 memcpy(fwd_hdr->addr2, rx->dev->dev_addr, ETH_ALEN);
1433 fwd_skb->dev = rx->local->mdev;
1434 fwd_skb->iif = rx->dev->ifindex;
1435 dev_queue_xmit(fwd_skb);
1436 }
1437 }
1438
1439 if (is_multicast_ether_addr(hdr->addr3) ||
1440 rx->dev->flags & IFF_PROMISC)
1441 return RX_CONTINUE;
1442 else
1443 return RX_DROP_MONITOR;
1444}
1445
1446
1447static ieee80211_rx_result debug_noinline
1466ieee80211_rx_h_data(struct ieee80211_rx_data *rx) 1448ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1467{ 1449{
1468 struct net_device *dev = rx->dev; 1450 struct net_device *dev = rx->dev;
@@ -1493,21 +1475,21 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1493 return RX_QUEUED; 1475 return RX_QUEUED;
1494} 1476}
1495 1477
1496static ieee80211_rx_result 1478static ieee80211_rx_result debug_noinline
1497ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx) 1479ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1498{ 1480{
1499 struct ieee80211_local *local = rx->local; 1481 struct ieee80211_local *local = rx->local;
1500 struct ieee80211_hw *hw = &local->hw; 1482 struct ieee80211_hw *hw = &local->hw;
1501 struct sk_buff *skb = rx->skb; 1483 struct sk_buff *skb = rx->skb;
1502 struct ieee80211_bar *bar = (struct ieee80211_bar *) skb->data; 1484 struct ieee80211_bar *bar = (struct ieee80211_bar *)skb->data;
1503 struct tid_ampdu_rx *tid_agg_rx; 1485 struct tid_ampdu_rx *tid_agg_rx;
1504 u16 start_seq_num; 1486 u16 start_seq_num;
1505 u16 tid; 1487 u16 tid;
1506 1488
1507 if (likely((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_CTL)) 1489 if (likely(!ieee80211_is_ctl(bar->frame_control)))
1508 return RX_CONTINUE; 1490 return RX_CONTINUE;
1509 1491
1510 if ((rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BACK_REQ) { 1492 if (ieee80211_is_back_req(bar->frame_control)) {
1511 if (!rx->sta) 1493 if (!rx->sta)
1512 return RX_CONTINUE; 1494 return RX_CONTINUE;
1513 tid = le16_to_cpu(bar->control) >> 12; 1495 tid = le16_to_cpu(bar->control) >> 12;
@@ -1537,7 +1519,7 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1537 return RX_CONTINUE; 1519 return RX_CONTINUE;
1538} 1520}
1539 1521
1540static ieee80211_rx_result 1522static ieee80211_rx_result debug_noinline
1541ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 1523ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
1542{ 1524{
1543 struct ieee80211_sub_if_data *sdata; 1525 struct ieee80211_sub_if_data *sdata;
@@ -1561,41 +1543,27 @@ static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1561 struct ieee80211_hdr *hdr, 1543 struct ieee80211_hdr *hdr,
1562 struct ieee80211_rx_data *rx) 1544 struct ieee80211_rx_data *rx)
1563{ 1545{
1564 int keyidx, hdrlen; 1546 int keyidx;
1547 unsigned int hdrlen;
1565 DECLARE_MAC_BUF(mac); 1548 DECLARE_MAC_BUF(mac);
1566 DECLARE_MAC_BUF(mac2); 1549 DECLARE_MAC_BUF(mac2);
1567 1550
1568 hdrlen = ieee80211_get_hdrlen_from_skb(rx->skb); 1551 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1569 if (rx->skb->len >= hdrlen + 4) 1552 if (rx->skb->len >= hdrlen + 4)
1570 keyidx = rx->skb->data[hdrlen + 3] >> 6; 1553 keyidx = rx->skb->data[hdrlen + 3] >> 6;
1571 else 1554 else
1572 keyidx = -1; 1555 keyidx = -1;
1573 1556
1574 if (net_ratelimit())
1575 printk(KERN_DEBUG "%s: TKIP hwaccel reported Michael MIC "
1576 "failure from %s to %s keyidx=%d\n",
1577 dev->name, print_mac(mac, hdr->addr2),
1578 print_mac(mac2, hdr->addr1), keyidx);
1579
1580 if (!rx->sta) { 1557 if (!rx->sta) {
1581 /* 1558 /*
1582 * Some hardware seem to generate incorrect Michael MIC 1559 * Some hardware seem to generate incorrect Michael MIC
1583 * reports; ignore them to avoid triggering countermeasures. 1560 * reports; ignore them to avoid triggering countermeasures.
1584 */ 1561 */
1585 if (net_ratelimit())
1586 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1587 "error for unknown address %s\n",
1588 dev->name, print_mac(mac, hdr->addr2));
1589 goto ignore; 1562 goto ignore;
1590 } 1563 }
1591 1564
1592 if (!(rx->fc & IEEE80211_FCTL_PROTECTED)) { 1565 if (!ieee80211_has_protected(hdr->frame_control))
1593 if (net_ratelimit())
1594 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1595 "error for a frame with no PROTECTED flag (src "
1596 "%s)\n", dev->name, print_mac(mac, hdr->addr2));
1597 goto ignore; 1566 goto ignore;
1598 }
1599 1567
1600 if (rx->sdata->vif.type == IEEE80211_IF_TYPE_AP && keyidx) { 1568 if (rx->sdata->vif.type == IEEE80211_IF_TYPE_AP && keyidx) {
1601 /* 1569 /*
@@ -1604,24 +1572,12 @@ static void ieee80211_rx_michael_mic_report(struct net_device *dev,
1604 * group keys and only the AP is sending real multicast 1572 * group keys and only the AP is sending real multicast
1605 * frames in the BSS. 1573 * frames in the BSS.
1606 */ 1574 */
1607 if (net_ratelimit())
1608 printk(KERN_DEBUG "%s: ignored Michael MIC error for "
1609 "a frame with non-zero keyidx (%d)"
1610 " (src %s)\n", dev->name, keyidx,
1611 print_mac(mac, hdr->addr2));
1612 goto ignore; 1575 goto ignore;
1613 } 1576 }
1614 1577
1615 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA && 1578 if (!ieee80211_is_data(hdr->frame_control) &&
1616 ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT || 1579 !ieee80211_is_auth(hdr->frame_control))
1617 (rx->fc & IEEE80211_FCTL_STYPE) != IEEE80211_STYPE_AUTH)) {
1618 if (net_ratelimit())
1619 printk(KERN_DEBUG "%s: ignored spurious Michael MIC "
1620 "error for a frame that cannot be encrypted "
1621 "(fc=0x%04x) (src %s)\n",
1622 dev->name, rx->fc, print_mac(mac, hdr->addr2));
1623 goto ignore; 1580 goto ignore;
1624 }
1625 1581
1626 mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr); 1582 mac80211_ev_michael_mic_failure(rx->dev, keyidx, hdr);
1627 ignore: 1583 ignore:
@@ -1710,67 +1666,61 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx)
1710 dev_kfree_skb(skb); 1666 dev_kfree_skb(skb);
1711} 1667}
1712 1668
1713typedef ieee80211_rx_result (*ieee80211_rx_handler)(struct ieee80211_rx_data *);
1714static ieee80211_rx_handler ieee80211_rx_handlers[] =
1715{
1716 ieee80211_rx_h_if_stats,
1717 ieee80211_rx_h_passive_scan,
1718 ieee80211_rx_h_check,
1719 ieee80211_rx_h_decrypt,
1720 ieee80211_rx_h_sta_process,
1721 ieee80211_rx_h_defragment,
1722 ieee80211_rx_h_ps_poll,
1723 ieee80211_rx_h_michael_mic_verify,
1724 /* this must be after decryption - so header is counted in MPDU mic
1725 * must be before pae and data, so QOS_DATA format frames
1726 * are not passed to user space by these functions
1727 */
1728 ieee80211_rx_h_remove_qos_control,
1729 ieee80211_rx_h_amsdu,
1730 ieee80211_rx_h_data,
1731 ieee80211_rx_h_ctrl,
1732 ieee80211_rx_h_mgmt,
1733 NULL
1734};
1735 1669
1736static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, 1670static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
1737 struct ieee80211_rx_data *rx, 1671 struct ieee80211_rx_data *rx,
1738 struct sk_buff *skb) 1672 struct sk_buff *skb)
1739{ 1673{
1740 ieee80211_rx_handler *handler;
1741 ieee80211_rx_result res = RX_DROP_MONITOR; 1674 ieee80211_rx_result res = RX_DROP_MONITOR;
1742 1675
1743 rx->skb = skb; 1676 rx->skb = skb;
1744 rx->sdata = sdata; 1677 rx->sdata = sdata;
1745 rx->dev = sdata->dev; 1678 rx->dev = sdata->dev;
1746 1679
1747 for (handler = ieee80211_rx_handlers; *handler != NULL; handler++) { 1680#define CALL_RXH(rxh) \
1748 res = (*handler)(rx); 1681 do { \
1749 1682 res = rxh(rx); \
1750 switch (res) { 1683 if (res != RX_CONTINUE) \
1751 case RX_CONTINUE: 1684 goto rxh_done; \
1752 continue; 1685 } while (0);
1753 case RX_DROP_UNUSABLE: 1686
1754 case RX_DROP_MONITOR: 1687 CALL_RXH(ieee80211_rx_h_passive_scan)
1755 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 1688 CALL_RXH(ieee80211_rx_h_check)
1756 if (rx->sta) 1689 CALL_RXH(ieee80211_rx_h_decrypt)
1757 rx->sta->rx_dropped++; 1690 CALL_RXH(ieee80211_rx_h_sta_process)
1758 break; 1691 CALL_RXH(ieee80211_rx_h_defragment)
1759 case RX_QUEUED: 1692 CALL_RXH(ieee80211_rx_h_ps_poll)
1760 I802_DEBUG_INC(sdata->local->rx_handlers_queued); 1693 CALL_RXH(ieee80211_rx_h_michael_mic_verify)
1761 break; 1694 /* must be after MMIC verify so header is counted in MPDU mic */
1762 } 1695 CALL_RXH(ieee80211_rx_h_remove_qos_control)
1763 break; 1696 CALL_RXH(ieee80211_rx_h_amsdu)
1764 } 1697 if (ieee80211_vif_is_mesh(&sdata->vif))
1765 1698 CALL_RXH(ieee80211_rx_h_mesh_fwding);
1699 CALL_RXH(ieee80211_rx_h_data)
1700 CALL_RXH(ieee80211_rx_h_ctrl)
1701 CALL_RXH(ieee80211_rx_h_mgmt)
1702
1703#undef CALL_RXH
1704
1705 rxh_done:
1766 switch (res) { 1706 switch (res) {
1767 case RX_CONTINUE:
1768 case RX_DROP_MONITOR: 1707 case RX_DROP_MONITOR:
1708 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1709 if (rx->sta)
1710 rx->sta->rx_dropped++;
1711 /* fall through */
1712 case RX_CONTINUE:
1769 ieee80211_rx_cooked_monitor(rx); 1713 ieee80211_rx_cooked_monitor(rx);
1770 break; 1714 break;
1771 case RX_DROP_UNUSABLE: 1715 case RX_DROP_UNUSABLE:
1716 I802_DEBUG_INC(sdata->local->rx_handlers_drop);
1717 if (rx->sta)
1718 rx->sta->rx_dropped++;
1772 dev_kfree_skb(rx->skb); 1719 dev_kfree_skb(rx->skb);
1773 break; 1720 break;
1721 case RX_QUEUED:
1722 I802_DEBUG_INC(sdata->local->rx_handlers_queued);
1723 break;
1774 } 1724 }
1775} 1725}
1776 1726
@@ -1801,9 +1751,13 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1801 case IEEE80211_IF_TYPE_IBSS: 1751 case IEEE80211_IF_TYPE_IBSS:
1802 if (!bssid) 1752 if (!bssid)
1803 return 0; 1753 return 0;
1804 if ((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT && 1754 if (ieee80211_is_beacon(hdr->frame_control)) {
1805 (rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_BEACON) 1755 if (!rx->sta)
1756 rx->sta = ieee80211_ibss_add_sta(sdata->dev,
1757 rx->skb, bssid, hdr->addr2,
1758 BIT(rx->status->rate_idx));
1806 return 1; 1759 return 1;
1760 }
1807 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) { 1761 else if (!ieee80211_bssid_match(bssid, sdata->u.sta.bssid)) {
1808 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 1762 if (!(rx->flags & IEEE80211_RX_IN_SCAN))
1809 return 0; 1763 return 0;
@@ -1816,7 +1770,8 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1816 rx->flags &= ~IEEE80211_RX_RA_MATCH; 1770 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1817 } else if (!rx->sta) 1771 } else if (!rx->sta)
1818 rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb, 1772 rx->sta = ieee80211_ibss_add_sta(sdata->dev, rx->skb,
1819 bssid, hdr->addr2); 1773 bssid, hdr->addr2,
1774 BIT(rx->status->rate_idx));
1820 break; 1775 break;
1821 case IEEE80211_IF_TYPE_MESH_POINT: 1776 case IEEE80211_IF_TYPE_MESH_POINT:
1822 if (!multicast && 1777 if (!multicast &&
@@ -1840,15 +1795,9 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1840 return 0; 1795 return 0;
1841 rx->flags &= ~IEEE80211_RX_RA_MATCH; 1796 rx->flags &= ~IEEE80211_RX_RA_MATCH;
1842 } 1797 }
1843 if (sdata->dev == sdata->local->mdev &&
1844 !(rx->flags & IEEE80211_RX_IN_SCAN))
1845 /* do not receive anything via
1846 * master device when not scanning */
1847 return 0;
1848 break; 1798 break;
1849 case IEEE80211_IF_TYPE_WDS: 1799 case IEEE80211_IF_TYPE_WDS:
1850 if (bssid || 1800 if (bssid || !ieee80211_is_data(hdr->frame_control))
1851 (rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)
1852 return 0; 1801 return 0;
1853 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2)) 1802 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
1854 return 0; 1803 return 0;
@@ -1872,7 +1821,6 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
1872static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, 1821static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1873 struct sk_buff *skb, 1822 struct sk_buff *skb,
1874 struct ieee80211_rx_status *status, 1823 struct ieee80211_rx_status *status,
1875 u32 load,
1876 struct ieee80211_rate *rate) 1824 struct ieee80211_rate *rate)
1877{ 1825{
1878 struct ieee80211_local *local = hw_to_local(hw); 1826 struct ieee80211_local *local = hw_to_local(hw);
@@ -1891,7 +1839,6 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
1891 rx.local = local; 1839 rx.local = local;
1892 1840
1893 rx.status = status; 1841 rx.status = status;
1894 rx.load = load;
1895 rx.rate = rate; 1842 rx.rate = rate;
1896 rx.fc = le16_to_cpu(hdr->frame_control); 1843 rx.fc = le16_to_cpu(hdr->frame_control);
1897 type = rx.fc & IEEE80211_FCTL_FTYPE; 1844 type = rx.fc & IEEE80211_FCTL_FTYPE;
@@ -2000,7 +1947,6 @@ u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2000 struct ieee80211_rx_status status; 1947 struct ieee80211_rx_status status;
2001 u16 head_seq_num, buf_size; 1948 u16 head_seq_num, buf_size;
2002 int index; 1949 int index;
2003 u32 pkt_load;
2004 struct ieee80211_supported_band *sband; 1950 struct ieee80211_supported_band *sband;
2005 struct ieee80211_rate *rate; 1951 struct ieee80211_rate *rate;
2006 1952
@@ -2035,12 +1981,9 @@ u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2035 sizeof(status)); 1981 sizeof(status));
2036 sband = local->hw.wiphy->bands[status.band]; 1982 sband = local->hw.wiphy->bands[status.band];
2037 rate = &sband->bitrates[status.rate_idx]; 1983 rate = &sband->bitrates[status.rate_idx];
2038 pkt_load = ieee80211_rx_load_stats(local,
2039 tid_agg_rx->reorder_buf[index],
2040 &status, rate);
2041 __ieee80211_rx_handle_packet(hw, 1984 __ieee80211_rx_handle_packet(hw,
2042 tid_agg_rx->reorder_buf[index], 1985 tid_agg_rx->reorder_buf[index],
2043 &status, pkt_load, rate); 1986 &status, rate);
2044 tid_agg_rx->stored_mpdu_num--; 1987 tid_agg_rx->stored_mpdu_num--;
2045 tid_agg_rx->reorder_buf[index] = NULL; 1988 tid_agg_rx->reorder_buf[index] = NULL;
2046 } 1989 }
@@ -2082,11 +2025,8 @@ u8 ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
2082 sizeof(status)); 2025 sizeof(status));
2083 sband = local->hw.wiphy->bands[status.band]; 2026 sband = local->hw.wiphy->bands[status.band];
2084 rate = &sband->bitrates[status.rate_idx]; 2027 rate = &sband->bitrates[status.rate_idx];
2085 pkt_load = ieee80211_rx_load_stats(local,
2086 tid_agg_rx->reorder_buf[index],
2087 &status, rate);
2088 __ieee80211_rx_handle_packet(hw, tid_agg_rx->reorder_buf[index], 2028 __ieee80211_rx_handle_packet(hw, tid_agg_rx->reorder_buf[index],
2089 &status, pkt_load, rate); 2029 &status, rate);
2090 tid_agg_rx->stored_mpdu_num--; 2030 tid_agg_rx->stored_mpdu_num--;
2091 tid_agg_rx->reorder_buf[index] = NULL; 2031 tid_agg_rx->reorder_buf[index] = NULL;
2092 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); 2032 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
@@ -2103,32 +2043,29 @@ static u8 ieee80211_rx_reorder_ampdu(struct ieee80211_local *local,
2103 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 2043 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2104 struct sta_info *sta; 2044 struct sta_info *sta;
2105 struct tid_ampdu_rx *tid_agg_rx; 2045 struct tid_ampdu_rx *tid_agg_rx;
2106 u16 fc, sc; 2046 u16 sc;
2107 u16 mpdu_seq_num; 2047 u16 mpdu_seq_num;
2108 u8 ret = 0, *qc; 2048 u8 ret = 0;
2109 int tid; 2049 int tid;
2110 2050
2111 sta = sta_info_get(local, hdr->addr2); 2051 sta = sta_info_get(local, hdr->addr2);
2112 if (!sta) 2052 if (!sta)
2113 return ret; 2053 return ret;
2114 2054
2115 fc = le16_to_cpu(hdr->frame_control);
2116
2117 /* filter the QoS data rx stream according to 2055 /* filter the QoS data rx stream according to
2118 * STA/TID and check if this STA/TID is on aggregation */ 2056 * STA/TID and check if this STA/TID is on aggregation */
2119 if (!WLAN_FC_IS_QOS_DATA(fc)) 2057 if (!ieee80211_is_data_qos(hdr->frame_control))
2120 goto end_reorder; 2058 goto end_reorder;
2121 2059
2122 qc = skb->data + ieee80211_get_hdrlen(fc) - QOS_CONTROL_LEN; 2060 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
2123 tid = qc[0] & QOS_CONTROL_TID_MASK;
2124 2061
2125 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL) 2062 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL)
2126 goto end_reorder; 2063 goto end_reorder;
2127 2064
2128 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid]; 2065 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
2129 2066
2130 /* null data frames are excluded */ 2067 /* qos null data frames are excluded */
2131 if (unlikely(fc & IEEE80211_STYPE_NULLFUNC)) 2068 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
2132 goto end_reorder; 2069 goto end_reorder;
2133 2070
2134 /* new un-ordered ampdu frame - process it */ 2071 /* new un-ordered ampdu frame - process it */
@@ -2165,7 +2102,6 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2165 struct ieee80211_rx_status *status) 2102 struct ieee80211_rx_status *status)
2166{ 2103{
2167 struct ieee80211_local *local = hw_to_local(hw); 2104 struct ieee80211_local *local = hw_to_local(hw);
2168 u32 pkt_load;
2169 struct ieee80211_rate *rate = NULL; 2105 struct ieee80211_rate *rate = NULL;
2170 struct ieee80211_supported_band *sband; 2106 struct ieee80211_supported_band *sband;
2171 2107
@@ -2205,11 +2141,8 @@ void __ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb,
2205 return; 2141 return;
2206 } 2142 }
2207 2143
2208 pkt_load = ieee80211_rx_load_stats(local, skb, status, rate);
2209 local->channel_use_raw += pkt_load;
2210
2211 if (!ieee80211_rx_reorder_ampdu(local, skb)) 2144 if (!ieee80211_rx_reorder_ampdu(local, skb))
2212 __ieee80211_rx_handle_packet(hw, skb, status, pkt_load, rate); 2145 __ieee80211_rx_handle_packet(hw, skb, status, rate);
2213 2146
2214 rcu_read_unlock(); 2147 rcu_read_unlock();
2215} 2148}
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 7d4fe4a52929..f2ba653b9d69 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -135,6 +135,7 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx,
135/** 135/**
136 * __sta_info_free - internal STA free helper 136 * __sta_info_free - internal STA free helper
137 * 137 *
138 * @local: pointer to the global information
138 * @sta: STA info to free 139 * @sta: STA info to free
139 * 140 *
140 * This function must undo everything done by sta_info_alloc() 141 * This function must undo everything done by sta_info_alloc()
@@ -202,14 +203,12 @@ void sta_info_destroy(struct sta_info *sta)
202 dev_kfree_skb_any(skb); 203 dev_kfree_skb_any(skb);
203 204
204 for (i = 0; i < STA_TID_NUM; i++) { 205 for (i = 0; i < STA_TID_NUM; i++) {
205 spin_lock_bh(&sta->ampdu_mlme.ampdu_rx); 206 spin_lock_bh(&sta->lock);
206 if (sta->ampdu_mlme.tid_rx[i]) 207 if (sta->ampdu_mlme.tid_rx[i])
207 del_timer_sync(&sta->ampdu_mlme.tid_rx[i]->session_timer); 208 del_timer_sync(&sta->ampdu_mlme.tid_rx[i]->session_timer);
208 spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx);
209 spin_lock_bh(&sta->ampdu_mlme.ampdu_tx);
210 if (sta->ampdu_mlme.tid_tx[i]) 209 if (sta->ampdu_mlme.tid_tx[i])
211 del_timer_sync(&sta->ampdu_mlme.tid_tx[i]->addba_resp_timer); 210 del_timer_sync(&sta->ampdu_mlme.tid_tx[i]->addba_resp_timer);
212 spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); 211 spin_unlock_bh(&sta->lock);
213 } 212 }
214 213
215 __sta_info_free(local, sta); 214 __sta_info_free(local, sta);
@@ -236,6 +235,9 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
236 if (!sta) 235 if (!sta)
237 return NULL; 236 return NULL;
238 237
238 spin_lock_init(&sta->lock);
239 spin_lock_init(&sta->flaglock);
240
239 memcpy(sta->addr, addr, ETH_ALEN); 241 memcpy(sta->addr, addr, ETH_ALEN);
240 sta->local = local; 242 sta->local = local;
241 sta->sdata = sdata; 243 sta->sdata = sdata;
@@ -249,15 +251,13 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
249 return NULL; 251 return NULL;
250 } 252 }
251 253
252 spin_lock_init(&sta->ampdu_mlme.ampdu_rx);
253 spin_lock_init(&sta->ampdu_mlme.ampdu_tx);
254 for (i = 0; i < STA_TID_NUM; i++) { 254 for (i = 0; i < STA_TID_NUM; i++) {
255 /* timer_to_tid must be initialized with identity mapping to 255 /* timer_to_tid must be initialized with identity mapping to
256 * enable session_timer's data differentiation. refer to 256 * enable session_timer's data differentiation. refer to
257 * sta_rx_agg_session_timer_expired for useage */ 257 * sta_rx_agg_session_timer_expired for useage */
258 sta->timer_to_tid[i] = i; 258 sta->timer_to_tid[i] = i;
259 /* tid to tx queue: initialize according to HW (0 is valid) */ 259 /* tid to tx queue: initialize according to HW (0 is valid) */
260 sta->tid_to_tx_q[i] = local->hw.queues; 260 sta->tid_to_tx_q[i] = ieee80211_num_queues(&local->hw);
261 /* rx */ 261 /* rx */
262 sta->ampdu_mlme.tid_state_rx[i] = HT_AGG_STATE_IDLE; 262 sta->ampdu_mlme.tid_state_rx[i] = HT_AGG_STATE_IDLE;
263 sta->ampdu_mlme.tid_rx[i] = NULL; 263 sta->ampdu_mlme.tid_rx[i] = NULL;
@@ -276,7 +276,6 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
276 276
277#ifdef CONFIG_MAC80211_MESH 277#ifdef CONFIG_MAC80211_MESH
278 sta->plink_state = PLINK_LISTEN; 278 sta->plink_state = PLINK_LISTEN;
279 spin_lock_init(&sta->plink_lock);
280 init_timer(&sta->plink_timer); 279 init_timer(&sta->plink_timer);
281#endif 280#endif
282 281
@@ -321,7 +320,9 @@ int sta_info_insert(struct sta_info *sta)
321 /* notify driver */ 320 /* notify driver */
322 if (local->ops->sta_notify) { 321 if (local->ops->sta_notify) {
323 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) 322 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN)
324 sdata = sdata->u.vlan.ap; 323 sdata = container_of(sdata->bss,
324 struct ieee80211_sub_if_data,
325 u.ap);
325 326
326 local->ops->sta_notify(local_to_hw(local), &sdata->vif, 327 local->ops->sta_notify(local_to_hw(local), &sdata->vif,
327 STA_NOTIFY_ADD, sta->addr); 328 STA_NOTIFY_ADD, sta->addr);
@@ -376,8 +377,10 @@ static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
376static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss, 377static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss,
377 struct sta_info *sta) 378 struct sta_info *sta)
378{ 379{
379 if (bss) 380 BUG_ON(!bss);
380 __bss_tim_set(bss, sta->aid); 381
382 __bss_tim_set(bss, sta->aid);
383
381 if (sta->local->ops->set_tim) { 384 if (sta->local->ops->set_tim) {
382 sta->local->tim_in_locked_section = true; 385 sta->local->tim_in_locked_section = true;
383 sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 1); 386 sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 1);
@@ -389,6 +392,8 @@ void sta_info_set_tim_bit(struct sta_info *sta)
389{ 392{
390 unsigned long flags; 393 unsigned long flags;
391 394
395 BUG_ON(!sta->sdata->bss);
396
392 spin_lock_irqsave(&sta->local->sta_lock, flags); 397 spin_lock_irqsave(&sta->local->sta_lock, flags);
393 __sta_info_set_tim_bit(sta->sdata->bss, sta); 398 __sta_info_set_tim_bit(sta->sdata->bss, sta);
394 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 399 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
@@ -397,8 +402,10 @@ void sta_info_set_tim_bit(struct sta_info *sta)
397static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss, 402static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss,
398 struct sta_info *sta) 403 struct sta_info *sta)
399{ 404{
400 if (bss) 405 BUG_ON(!bss);
401 __bss_tim_clear(bss, sta->aid); 406
407 __bss_tim_clear(bss, sta->aid);
408
402 if (sta->local->ops->set_tim) { 409 if (sta->local->ops->set_tim) {
403 sta->local->tim_in_locked_section = true; 410 sta->local->tim_in_locked_section = true;
404 sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 0); 411 sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 0);
@@ -410,6 +417,8 @@ void sta_info_clear_tim_bit(struct sta_info *sta)
410{ 417{
411 unsigned long flags; 418 unsigned long flags;
412 419
420 BUG_ON(!sta->sdata->bss);
421
413 spin_lock_irqsave(&sta->local->sta_lock, flags); 422 spin_lock_irqsave(&sta->local->sta_lock, flags);
414 __sta_info_clear_tim_bit(sta->sdata->bss, sta); 423 __sta_info_clear_tim_bit(sta->sdata->bss, sta);
415 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 424 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
@@ -437,10 +446,10 @@ void __sta_info_unlink(struct sta_info **sta)
437 446
438 list_del(&(*sta)->list); 447 list_del(&(*sta)->list);
439 448
440 if ((*sta)->flags & WLAN_STA_PS) { 449 if (test_and_clear_sta_flags(*sta, WLAN_STA_PS)) {
441 (*sta)->flags &= ~WLAN_STA_PS; 450 BUG_ON(!sdata->bss);
442 if (sdata->bss) 451
443 atomic_dec(&sdata->bss->num_sta_ps); 452 atomic_dec(&sdata->bss->num_sta_ps);
444 __sta_info_clear_tim_bit(sdata->bss, *sta); 453 __sta_info_clear_tim_bit(sdata->bss, *sta);
445 } 454 }
446 455
@@ -448,7 +457,9 @@ void __sta_info_unlink(struct sta_info **sta)
448 457
449 if (local->ops->sta_notify) { 458 if (local->ops->sta_notify) {
450 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) 459 if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN)
451 sdata = sdata->u.vlan.ap; 460 sdata = container_of(sdata->bss,
461 struct ieee80211_sub_if_data,
462 u.ap);
452 463
453 local->ops->sta_notify(local_to_hw(local), &sdata->vif, 464 local->ops->sta_notify(local_to_hw(local), &sdata->vif,
454 STA_NOTIFY_REMOVE, (*sta)->addr); 465 STA_NOTIFY_REMOVE, (*sta)->addr);
@@ -515,20 +526,20 @@ static inline int sta_info_buffer_expired(struct ieee80211_local *local,
515 struct sta_info *sta, 526 struct sta_info *sta,
516 struct sk_buff *skb) 527 struct sk_buff *skb)
517{ 528{
518 struct ieee80211_tx_packet_data *pkt_data; 529 struct ieee80211_tx_info *info;
519 int timeout; 530 int timeout;
520 531
521 if (!skb) 532 if (!skb)
522 return 0; 533 return 0;
523 534
524 pkt_data = (struct ieee80211_tx_packet_data *) skb->cb; 535 info = IEEE80211_SKB_CB(skb);
525 536
526 /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */ 537 /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
527 timeout = (sta->listen_interval * local->hw.conf.beacon_int * 32 / 538 timeout = (sta->listen_interval * local->hw.conf.beacon_int * 32 /
528 15625) * HZ; 539 15625) * HZ;
529 if (timeout < STA_TX_BUFFER_EXPIRE) 540 if (timeout < STA_TX_BUFFER_EXPIRE)
530 timeout = STA_TX_BUFFER_EXPIRE; 541 timeout = STA_TX_BUFFER_EXPIRE;
531 return time_after(jiffies, pkt_data->jiffies + timeout); 542 return time_after(jiffies, info->control.jiffies + timeout);
532} 543}
533 544
534 545
@@ -557,8 +568,10 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
557 568
558 sdata = sta->sdata; 569 sdata = sta->sdata;
559 local->total_ps_buffered--; 570 local->total_ps_buffered--;
571#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
560 printk(KERN_DEBUG "Buffered frame expired (STA " 572 printk(KERN_DEBUG "Buffered frame expired (STA "
561 "%s)\n", print_mac(mac, sta->addr)); 573 "%s)\n", print_mac(mac, sta->addr));
574#endif
562 dev_kfree_skb(skb); 575 dev_kfree_skb(skb);
563 576
564 if (skb_queue_empty(&sta->ps_tx_buf)) 577 if (skb_queue_empty(&sta->ps_tx_buf))
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index f8c95bc9659c..109db787ccb7 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -32,7 +32,7 @@
32 * @WLAN_STA_WDS: Station is one of our WDS peers. 32 * @WLAN_STA_WDS: Station is one of our WDS peers.
33 * @WLAN_STA_PSPOLL: Station has just PS-polled us. 33 * @WLAN_STA_PSPOLL: Station has just PS-polled us.
34 * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the 34 * @WLAN_STA_CLEAR_PS_FILT: Clear PS filter in hardware (using the
35 * IEEE80211_TXCTL_CLEAR_PS_FILT control flag) when the next 35 * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next
36 * frame to this station is transmitted. 36 * frame to this station is transmitted.
37 */ 37 */
38enum ieee80211_sta_info_flags { 38enum ieee80211_sta_info_flags {
@@ -129,23 +129,19 @@ enum plink_state {
129 * 129 *
130 * @tid_state_rx: TID's state in Rx session state machine. 130 * @tid_state_rx: TID's state in Rx session state machine.
131 * @tid_rx: aggregation info for Rx per TID 131 * @tid_rx: aggregation info for Rx per TID
132 * @ampdu_rx: for locking sections in aggregation Rx flow
133 * @tid_state_tx: TID's state in Tx session state machine. 132 * @tid_state_tx: TID's state in Tx session state machine.
134 * @tid_tx: aggregation info for Tx per TID 133 * @tid_tx: aggregation info for Tx per TID
135 * @addba_req_num: number of times addBA request has been sent. 134 * @addba_req_num: number of times addBA request has been sent.
136 * @ampdu_tx: for locking sectionsi in aggregation Tx flow
137 * @dialog_token_allocator: dialog token enumerator for each new session; 135 * @dialog_token_allocator: dialog token enumerator for each new session;
138 */ 136 */
139struct sta_ampdu_mlme { 137struct sta_ampdu_mlme {
140 /* rx */ 138 /* rx */
141 u8 tid_state_rx[STA_TID_NUM]; 139 u8 tid_state_rx[STA_TID_NUM];
142 struct tid_ampdu_rx *tid_rx[STA_TID_NUM]; 140 struct tid_ampdu_rx *tid_rx[STA_TID_NUM];
143 spinlock_t ampdu_rx;
144 /* tx */ 141 /* tx */
145 u8 tid_state_tx[STA_TID_NUM]; 142 u8 tid_state_tx[STA_TID_NUM];
146 struct tid_ampdu_tx *tid_tx[STA_TID_NUM]; 143 struct tid_ampdu_tx *tid_tx[STA_TID_NUM];
147 u8 addba_req_num[STA_TID_NUM]; 144 u8 addba_req_num[STA_TID_NUM];
148 spinlock_t ampdu_tx;
149 u8 dialog_token_allocator; 145 u8 dialog_token_allocator;
150}; 146};
151 147
@@ -164,9 +160,20 @@ struct sta_ampdu_mlme {
164 * @list: global linked list entry 160 * @list: global linked list entry
165 * @hnext: hash table linked list pointer 161 * @hnext: hash table linked list pointer
166 * @local: pointer to the global information 162 * @local: pointer to the global information
163 * @sdata: TBD
164 * @key: TBD
165 * @rate_ctrl: TBD
166 * @rate_ctrl_priv: TBD
167 * @lock: used for locking all fields that require locking, see comments
168 * in the header file.
169 * @flaglock: spinlock for flags accesses
170 * @ht_info: HT capabilities of this STA
171 * @supp_rates: Bitmap of supported rates (per band)
167 * @addr: MAC address of this STA 172 * @addr: MAC address of this STA
168 * @aid: STA's unique AID (1..2007, 0 = not assigned yet), 173 * @aid: STA's unique AID (1..2007, 0 = not assigned yet),
169 * only used in AP (and IBSS?) mode 174 * only used in AP (and IBSS?) mode
175 * @listen_interval: TBD
176 * @pin_status: TBD
170 * @flags: STA flags, see &enum ieee80211_sta_info_flags 177 * @flags: STA flags, see &enum ieee80211_sta_info_flags
171 * @ps_tx_buf: buffer of frames to transmit to this station 178 * @ps_tx_buf: buffer of frames to transmit to this station
172 * when it leaves power saving state 179 * when it leaves power saving state
@@ -175,8 +182,41 @@ struct sta_ampdu_mlme {
175 * power saving state 182 * power saving state
176 * @rx_packets: Number of MSDUs received from this STA 183 * @rx_packets: Number of MSDUs received from this STA
177 * @rx_bytes: Number of bytes received from this STA 184 * @rx_bytes: Number of bytes received from this STA
178 * @supp_rates: Bitmap of supported rates (per band) 185 * @wep_weak_iv_count: TBD
179 * @ht_info: HT capabilities of this STA 186 * @last_rx: TBD
187 * @num_duplicates: number of duplicate frames received from this STA
188 * @rx_fragments: number of received MPDUs
189 * @rx_dropped: number of dropped MPDUs from this STA
190 * @last_signal: signal of last received frame from this STA
191 * @last_qual: qual of last received frame from this STA
192 * @last_noise: noise of last received frame from this STA
193 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue)
194 * @wme_rx_queue: TBD
195 * @tx_filtered_count: TBD
196 * @tx_retry_failed: TBD
197 * @tx_retry_count: TBD
198 * @tx_num_consecutive_failures: TBD
199 * @tx_num_mpdu_ok: TBD
200 * @tx_num_mpdu_fail: TBD
201 * @fail_avg: moving percentage of failed MSDUs
202 * @tx_packets: number of RX/TX MSDUs
203 * @tx_bytes: TBD
204 * @tx_fragments: number of transmitted MPDUs
205 * @txrate_idx: TBD
206 * @last_txrate_idx: TBD
207 * @wme_tx_queue: TBD
208 * @ampdu_mlme: TBD
209 * @timer_to_tid: identity mapping to ID timers
210 * @tid_to_tx_q: map tid to tx queue
211 * @llid: Local link ID
212 * @plid: Peer link ID
213 * @reason: Cancel reason on PLINK_HOLDING state
214 * @plink_retries: Retries in establishment
215 * @ignore_plink_timer: TBD
216 * @plink_state plink_state: TBD
217 * @plink_timeout: TBD
218 * @plink_timer: TBD
219 * @debugfs: debug filesystem info
180 */ 220 */
181struct sta_info { 221struct sta_info {
182 /* General information, mostly static */ 222 /* General information, mostly static */
@@ -187,6 +227,8 @@ struct sta_info {
187 struct ieee80211_key *key; 227 struct ieee80211_key *key;
188 struct rate_control_ref *rate_ctrl; 228 struct rate_control_ref *rate_ctrl;
189 void *rate_ctrl_priv; 229 void *rate_ctrl_priv;
230 spinlock_t lock;
231 spinlock_t flaglock;
190 struct ieee80211_ht_info ht_info; 232 struct ieee80211_ht_info ht_info;
191 u64 supp_rates[IEEE80211_NUM_BANDS]; 233 u64 supp_rates[IEEE80211_NUM_BANDS];
192 u8 addr[ETH_ALEN]; 234 u8 addr[ETH_ALEN];
@@ -199,7 +241,10 @@ struct sta_info {
199 */ 241 */
200 u8 pin_status; 242 u8 pin_status;
201 243
202 /* frequently updated information, needs locking? */ 244 /*
245 * frequently updated, locked with own spinlock (flaglock),
246 * use the accessors defined below
247 */
203 u32 flags; 248 u32 flags;
204 249
205 /* 250 /*
@@ -213,14 +258,12 @@ struct sta_info {
213 unsigned long rx_packets, rx_bytes; 258 unsigned long rx_packets, rx_bytes;
214 unsigned long wep_weak_iv_count; 259 unsigned long wep_weak_iv_count;
215 unsigned long last_rx; 260 unsigned long last_rx;
216 unsigned long num_duplicates; /* number of duplicate frames received 261 unsigned long num_duplicates;
217 * from this STA */ 262 unsigned long rx_fragments;
218 unsigned long rx_fragments; /* number of received MPDUs */ 263 unsigned long rx_dropped;
219 unsigned long rx_dropped; /* number of dropped MPDUs from this STA */ 264 int last_signal;
220 int last_rssi; /* RSSI of last received frame from this STA */ 265 int last_qual;
221 int last_signal; /* signal of last received frame from this STA */ 266 int last_noise;
222 int last_noise; /* noise of last received frame from this STA */
223 /* last received seq/frag number from this STA (per RX queue) */
224 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES]; 267 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
225#ifdef CONFIG_MAC80211_DEBUG_COUNTERS 268#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
226 unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES]; 269 unsigned int wme_rx_queue[NUM_RX_DATA_QUEUES];
@@ -237,42 +280,36 @@ struct sta_info {
237 unsigned int fail_avg; 280 unsigned int fail_avg;
238 281
239 /* Updated from TX path only, no locking requirements */ 282 /* Updated from TX path only, no locking requirements */
240 unsigned long tx_packets; /* number of RX/TX MSDUs */ 283 unsigned long tx_packets;
241 unsigned long tx_bytes; 284 unsigned long tx_bytes;
242 unsigned long tx_fragments; /* number of transmitted MPDUs */ 285 unsigned long tx_fragments;
243 int txrate_idx; 286 int txrate_idx;
244 int last_txrate_idx; 287 int last_txrate_idx;
288 u16 tid_seq[IEEE80211_QOS_CTL_TID_MASK + 1];
245#ifdef CONFIG_MAC80211_DEBUG_COUNTERS 289#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
246 unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES]; 290 unsigned int wme_tx_queue[NUM_RX_DATA_QUEUES];
247#endif 291#endif
248 292
249 /* Debug counters, no locking doesn't matter */
250 int channel_use;
251 int channel_use_raw;
252
253 /* 293 /*
254 * Aggregation information, comes with own locking. 294 * Aggregation information, locked with lock.
255 */ 295 */
256 struct sta_ampdu_mlme ampdu_mlme; 296 struct sta_ampdu_mlme ampdu_mlme;
257 u8 timer_to_tid[STA_TID_NUM]; /* identity mapping to ID timers */ 297 u8 timer_to_tid[STA_TID_NUM];
258 u8 tid_to_tx_q[STA_TID_NUM]; /* map tid to tx queue */ 298 u8 tid_to_tx_q[STA_TID_NUM];
259 299
260#ifdef CONFIG_MAC80211_MESH 300#ifdef CONFIG_MAC80211_MESH
261 /* 301 /*
262 * Mesh peer link attributes 302 * Mesh peer link attributes
263 * TODO: move to a sub-structure that is referenced with pointer? 303 * TODO: move to a sub-structure that is referenced with pointer?
264 */ 304 */
265 __le16 llid; /* Local link ID */ 305 __le16 llid;
266 __le16 plid; /* Peer link ID */ 306 __le16 plid;
267 __le16 reason; /* Cancel reason on PLINK_HOLDING state */ 307 __le16 reason;
268 u8 plink_retries; /* Retries in establishment */ 308 u8 plink_retries;
269 bool ignore_plink_timer; 309 bool ignore_plink_timer;
270 enum plink_state plink_state; 310 enum plink_state plink_state;
271 u32 plink_timeout; 311 u32 plink_timeout;
272 struct timer_list plink_timer; 312 struct timer_list plink_timer;
273 spinlock_t plink_lock; /* For peer_state reads / updates and other
274 updates in the structure. Ensures robust
275 transitions for the peerlink FSM */
276#endif 313#endif
277 314
278#ifdef CONFIG_MAC80211_DEBUGFS 315#ifdef CONFIG_MAC80211_DEBUGFS
@@ -299,6 +336,73 @@ static inline enum plink_state sta_plink_state(struct sta_info *sta)
299 return PLINK_LISTEN; 336 return PLINK_LISTEN;
300} 337}
301 338
339static inline void set_sta_flags(struct sta_info *sta, const u32 flags)
340{
341 unsigned long irqfl;
342
343 spin_lock_irqsave(&sta->flaglock, irqfl);
344 sta->flags |= flags;
345 spin_unlock_irqrestore(&sta->flaglock, irqfl);
346}
347
348static inline void clear_sta_flags(struct sta_info *sta, const u32 flags)
349{
350 unsigned long irqfl;
351
352 spin_lock_irqsave(&sta->flaglock, irqfl);
353 sta->flags &= ~flags;
354 spin_unlock_irqrestore(&sta->flaglock, irqfl);
355}
356
357static inline void set_and_clear_sta_flags(struct sta_info *sta,
358 const u32 set, const u32 clear)
359{
360 unsigned long irqfl;
361
362 spin_lock_irqsave(&sta->flaglock, irqfl);
363 sta->flags |= set;
364 sta->flags &= ~clear;
365 spin_unlock_irqrestore(&sta->flaglock, irqfl);
366}
367
368static inline u32 test_sta_flags(struct sta_info *sta, const u32 flags)
369{
370 u32 ret;
371 unsigned long irqfl;
372
373 spin_lock_irqsave(&sta->flaglock, irqfl);
374 ret = sta->flags & flags;
375 spin_unlock_irqrestore(&sta->flaglock, irqfl);
376
377 return ret;
378}
379
380static inline u32 test_and_clear_sta_flags(struct sta_info *sta,
381 const u32 flags)
382{
383 u32 ret;
384 unsigned long irqfl;
385
386 spin_lock_irqsave(&sta->flaglock, irqfl);
387 ret = sta->flags & flags;
388 sta->flags &= ~flags;
389 spin_unlock_irqrestore(&sta->flaglock, irqfl);
390
391 return ret;
392}
393
394static inline u32 get_sta_flags(struct sta_info *sta)
395{
396 u32 ret;
397 unsigned long irqfl;
398
399 spin_lock_irqsave(&sta->flaglock, irqfl);
400 ret = sta->flags;
401 spin_unlock_irqrestore(&sta->flaglock, irqfl);
402
403 return ret;
404}
405
302 406
303/* Maximum number of concurrently registered stations */ 407/* Maximum number of concurrently registered stations */
304#define MAX_STA_COUNT 2007 408#define MAX_STA_COUNT 2007
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 09093da24af6..995f7af3d25e 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -6,25 +6,23 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9
10#include <linux/kernel.h> 9#include <linux/kernel.h>
10#include <linux/bitops.h>
11#include <linux/types.h> 11#include <linux/types.h>
12#include <linux/netdevice.h> 12#include <linux/netdevice.h>
13#include <asm/unaligned.h>
13 14
14#include <net/mac80211.h> 15#include <net/mac80211.h>
15#include "key.h" 16#include "key.h"
16#include "tkip.h" 17#include "tkip.h"
17#include "wep.h" 18#include "wep.h"
18 19
19
20/* TKIP key mixing functions */
21
22
23#define PHASE1_LOOP_COUNT 8 20#define PHASE1_LOOP_COUNT 8
24 21
25 22/*
26/* 2-byte by 2-byte subset of the full AES S-box table; second part of this 23 * 2-byte by 2-byte subset of the full AES S-box table; second part of this
27 * table is identical to first part but byte-swapped */ 24 * table is identical to first part but byte-swapped
25 */
28static const u16 tkip_sbox[256] = 26static const u16 tkip_sbox[256] =
29{ 27{
30 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154, 28 0xC6A5, 0xF884, 0xEE99, 0xF68D, 0xFF0D, 0xD6BD, 0xDEB1, 0x9154,
@@ -61,84 +59,54 @@ static const u16 tkip_sbox[256] =
61 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A, 59 0x82C3, 0x29B0, 0x5A77, 0x1E11, 0x7BCB, 0xA8FC, 0x6DD6, 0x2C3A,
62}; 60};
63 61
64 62static u16 tkipS(u16 val)
65static inline u16 Mk16(u8 x, u8 y)
66{ 63{
67 return ((u16) x << 8) | (u16) y; 64 return tkip_sbox[val & 0xff] ^ swab16(tkip_sbox[val >> 8]);
68} 65}
69 66
70 67static u8 *write_tkip_iv(u8 *pos, u16 iv16)
71static inline u8 Hi8(u16 v)
72{
73 return v >> 8;
74}
75
76
77static inline u8 Lo8(u16 v)
78{
79 return v & 0xff;
80}
81
82
83static inline u16 Hi16(u32 v)
84{
85 return v >> 16;
86}
87
88
89static inline u16 Lo16(u32 v)
90{
91 return v & 0xffff;
92}
93
94
95static inline u16 RotR1(u16 v)
96{
97 return (v >> 1) | ((v & 0x0001) << 15);
98}
99
100
101static inline u16 tkip_S(u16 val)
102{ 68{
103 u16 a = tkip_sbox[Hi8(val)]; 69 *pos++ = iv16 >> 8;
104 70 *pos++ = ((iv16 >> 8) | 0x20) & 0x7f;
105 return tkip_sbox[Lo8(val)] ^ Hi8(a) ^ (Lo8(a) << 8); 71 *pos++ = iv16 & 0xFF;
72 return pos;
106} 73}
107 74
108 75/*
109 76 * P1K := Phase1(TA, TK, TSC)
110/* P1K := Phase1(TA, TK, TSC)
111 * TA = transmitter address (48 bits) 77 * TA = transmitter address (48 bits)
112 * TK = dot11DefaultKeyValue or dot11KeyMappingValue (128 bits) 78 * TK = dot11DefaultKeyValue or dot11KeyMappingValue (128 bits)
113 * TSC = TKIP sequence counter (48 bits, only 32 msb bits used) 79 * TSC = TKIP sequence counter (48 bits, only 32 msb bits used)
114 * P1K: 80 bits 80 * P1K: 80 bits
115 */ 81 */
116static void tkip_mixing_phase1(const u8 *ta, const u8 *tk, u32 tsc_IV32, 82static void tkip_mixing_phase1(const u8 *tk, struct tkip_ctx *ctx,
117 u16 *p1k) 83 const u8 *ta, u32 tsc_IV32)
118{ 84{
119 int i, j; 85 int i, j;
86 u16 *p1k = ctx->p1k;
120 87
121 p1k[0] = Lo16(tsc_IV32); 88 p1k[0] = tsc_IV32 & 0xFFFF;
122 p1k[1] = Hi16(tsc_IV32); 89 p1k[1] = tsc_IV32 >> 16;
123 p1k[2] = Mk16(ta[1], ta[0]); 90 p1k[2] = get_unaligned_le16(ta + 0);
124 p1k[3] = Mk16(ta[3], ta[2]); 91 p1k[3] = get_unaligned_le16(ta + 2);
125 p1k[4] = Mk16(ta[5], ta[4]); 92 p1k[4] = get_unaligned_le16(ta + 4);
126 93
127 for (i = 0; i < PHASE1_LOOP_COUNT; i++) { 94 for (i = 0; i < PHASE1_LOOP_COUNT; i++) {
128 j = 2 * (i & 1); 95 j = 2 * (i & 1);
129 p1k[0] += tkip_S(p1k[4] ^ Mk16(tk[ 1 + j], tk[ 0 + j])); 96 p1k[0] += tkipS(p1k[4] ^ get_unaligned_le16(tk + 0 + j));
130 p1k[1] += tkip_S(p1k[0] ^ Mk16(tk[ 5 + j], tk[ 4 + j])); 97 p1k[1] += tkipS(p1k[0] ^ get_unaligned_le16(tk + 4 + j));
131 p1k[2] += tkip_S(p1k[1] ^ Mk16(tk[ 9 + j], tk[ 8 + j])); 98 p1k[2] += tkipS(p1k[1] ^ get_unaligned_le16(tk + 8 + j));
132 p1k[3] += tkip_S(p1k[2] ^ Mk16(tk[13 + j], tk[12 + j])); 99 p1k[3] += tkipS(p1k[2] ^ get_unaligned_le16(tk + 12 + j));
133 p1k[4] += tkip_S(p1k[3] ^ Mk16(tk[ 1 + j], tk[ 0 + j])) + i; 100 p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i;
134 } 101 }
102 ctx->initialized = 1;
135} 103}
136 104
137 105static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx,
138static void tkip_mixing_phase2(const u16 *p1k, const u8 *tk, u16 tsc_IV16, 106 u16 tsc_IV16, u8 *rc4key)
139 u8 *rc4key)
140{ 107{
141 u16 ppk[6]; 108 u16 ppk[6];
109 const u16 *p1k = ctx->p1k;
142 int i; 110 int i;
143 111
144 ppk[0] = p1k[0]; 112 ppk[0] = p1k[0];
@@ -148,70 +116,35 @@ static void tkip_mixing_phase2(const u16 *p1k, const u8 *tk, u16 tsc_IV16,
148 ppk[4] = p1k[4]; 116 ppk[4] = p1k[4];
149 ppk[5] = p1k[4] + tsc_IV16; 117 ppk[5] = p1k[4] + tsc_IV16;
150 118
151 ppk[0] += tkip_S(ppk[5] ^ Mk16(tk[ 1], tk[ 0])); 119 ppk[0] += tkipS(ppk[5] ^ get_unaligned_le16(tk + 0));
152 ppk[1] += tkip_S(ppk[0] ^ Mk16(tk[ 3], tk[ 2])); 120 ppk[1] += tkipS(ppk[0] ^ get_unaligned_le16(tk + 2));
153 ppk[2] += tkip_S(ppk[1] ^ Mk16(tk[ 5], tk[ 4])); 121 ppk[2] += tkipS(ppk[1] ^ get_unaligned_le16(tk + 4));
154 ppk[3] += tkip_S(ppk[2] ^ Mk16(tk[ 7], tk[ 6])); 122 ppk[3] += tkipS(ppk[2] ^ get_unaligned_le16(tk + 6));
155 ppk[4] += tkip_S(ppk[3] ^ Mk16(tk[ 9], tk[ 8])); 123 ppk[4] += tkipS(ppk[3] ^ get_unaligned_le16(tk + 8));
156 ppk[5] += tkip_S(ppk[4] ^ Mk16(tk[11], tk[10])); 124 ppk[5] += tkipS(ppk[4] ^ get_unaligned_le16(tk + 10));
157 ppk[0] += RotR1(ppk[5] ^ Mk16(tk[13], tk[12])); 125 ppk[0] += ror16(ppk[5] ^ get_unaligned_le16(tk + 12), 1);
158 ppk[1] += RotR1(ppk[0] ^ Mk16(tk[15], tk[14])); 126 ppk[1] += ror16(ppk[0] ^ get_unaligned_le16(tk + 14), 1);
159 ppk[2] += RotR1(ppk[1]); 127 ppk[2] += ror16(ppk[1], 1);
160 ppk[3] += RotR1(ppk[2]); 128 ppk[3] += ror16(ppk[2], 1);
161 ppk[4] += RotR1(ppk[3]); 129 ppk[4] += ror16(ppk[3], 1);
162 ppk[5] += RotR1(ppk[4]); 130 ppk[5] += ror16(ppk[4], 1);
163 131
164 rc4key[0] = Hi8(tsc_IV16); 132 rc4key = write_tkip_iv(rc4key, tsc_IV16);
165 rc4key[1] = (Hi8(tsc_IV16) | 0x20) & 0x7f; 133 *rc4key++ = ((ppk[5] ^ get_unaligned_le16(tk)) >> 1) & 0xFF;
166 rc4key[2] = Lo8(tsc_IV16); 134
167 rc4key[3] = Lo8((ppk[5] ^ Mk16(tk[1], tk[0])) >> 1); 135 for (i = 0; i < 6; i++)
168 136 put_unaligned_le16(ppk[i], rc4key + 2 * i);
169 for (i = 0; i < 6; i++) {
170 rc4key[4 + 2 * i] = Lo8(ppk[i]);
171 rc4key[5 + 2 * i] = Hi8(ppk[i]);
172 }
173} 137}
174 138
175
176/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets 139/* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets
177 * of the IV. Returns pointer to the octet following IVs (i.e., beginning of 140 * of the IV. Returns pointer to the octet following IVs (i.e., beginning of
178 * the packet payload). */ 141 * the packet payload). */
179u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, 142u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16)
180 u8 iv0, u8 iv1, u8 iv2)
181{ 143{
182 *pos++ = iv0; 144 pos = write_tkip_iv(pos, iv16);
183 *pos++ = iv1;
184 *pos++ = iv2;
185 *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */; 145 *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */;
186 *pos++ = key->u.tkip.iv32 & 0xff; 146 put_unaligned_le32(key->u.tkip.tx.iv32, pos);
187 *pos++ = (key->u.tkip.iv32 >> 8) & 0xff; 147 return pos + 4;
188 *pos++ = (key->u.tkip.iv32 >> 16) & 0xff;
189 *pos++ = (key->u.tkip.iv32 >> 24) & 0xff;
190 return pos;
191}
192
193
194void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
195 u16 *phase1key)
196{
197 tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
198 key->u.tkip.iv32, phase1key);
199}
200
201void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
202 u8 *rc4key)
203{
204 /* Calculate per-packet key */
205 if (key->u.tkip.iv16 == 0 || !key->u.tkip.tx_initialized) {
206 /* IV16 wrapped around - perform TKIP phase 1 */
207 tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
208 key->u.tkip.iv32, key->u.tkip.p1k);
209 key->u.tkip.tx_initialized = 1;
210 }
211
212 tkip_mixing_phase2(key->u.tkip.p1k,
213 &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
214 key->u.tkip.iv16, rc4key);
215} 148}
216 149
217void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf, 150void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf,
@@ -220,48 +153,44 @@ void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf,
220{ 153{
221 struct ieee80211_key *key = (struct ieee80211_key *) 154 struct ieee80211_key *key = (struct ieee80211_key *)
222 container_of(keyconf, struct ieee80211_key, conf); 155 container_of(keyconf, struct ieee80211_key, conf);
223 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 156 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
224 u8 *data = (u8 *) hdr; 157 u8 *data;
225 u16 fc = le16_to_cpu(hdr->frame_control); 158 const u8 *tk;
226 int hdr_len = ieee80211_get_hdrlen(fc); 159 struct tkip_ctx *ctx;
227 u8 *ta = hdr->addr2;
228 u16 iv16; 160 u16 iv16;
229 u32 iv32; 161 u32 iv32;
230 162
231 iv16 = data[hdr_len] << 8; 163 data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control);
232 iv16 += data[hdr_len + 2]; 164 iv16 = data[2] | (data[0] << 8);
233 iv32 = data[hdr_len + 4] | (data[hdr_len + 5] << 8) | 165 iv32 = get_unaligned_le32(&data[4]);
234 (data[hdr_len + 6] << 16) | (data[hdr_len + 7] << 24); 166
167 tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
168 ctx = &key->u.tkip.tx;
235 169
236#ifdef CONFIG_TKIP_DEBUG 170#ifdef CONFIG_MAC80211_TKIP_DEBUG
237 printk(KERN_DEBUG "TKIP encrypt: iv16 = 0x%04x, iv32 = 0x%08x\n", 171 printk(KERN_DEBUG "TKIP encrypt: iv16 = 0x%04x, iv32 = 0x%08x\n",
238 iv16, iv32); 172 iv16, iv32);
239 173
240 if (iv32 != key->u.tkip.iv32) { 174 if (iv32 != ctx->iv32) {
241 printk(KERN_DEBUG "skb: iv32 = 0x%08x key: iv32 = 0x%08x\n", 175 printk(KERN_DEBUG "skb: iv32 = 0x%08x key: iv32 = 0x%08x\n",
242 iv32, key->u.tkip.iv32); 176 iv32, ctx->iv32);
243 printk(KERN_DEBUG "Wrap around of iv16 in the middle of a " 177 printk(KERN_DEBUG "Wrap around of iv16 in the middle of a "
244 "fragmented packet\n"); 178 "fragmented packet\n");
245 } 179 }
246#endif /* CONFIG_TKIP_DEBUG */ 180#endif
247 181
248 /* Update the p1k only when the iv16 in the packet wraps around, this 182 /* Update the p1k only when the iv16 in the packet wraps around, this
249 * might occur after the wrap around of iv16 in the key in case of 183 * might occur after the wrap around of iv16 in the key in case of
250 * fragmented packets. */ 184 * fragmented packets. */
251 if (iv16 == 0 || !key->u.tkip.tx_initialized) { 185 if (iv16 == 0 || !ctx->initialized)
252 /* IV16 wrapped around - perform TKIP phase 1 */ 186 tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32);
253 tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY],
254 iv32, key->u.tkip.p1k);
255 key->u.tkip.tx_initialized = 1;
256 }
257 187
258 if (type == IEEE80211_TKIP_P1_KEY) { 188 if (type == IEEE80211_TKIP_P1_KEY) {
259 memcpy(outkey, key->u.tkip.p1k, sizeof(u16) * 5); 189 memcpy(outkey, ctx->p1k, sizeof(u16) * 5);
260 return; 190 return;
261 } 191 }
262 192
263 tkip_mixing_phase2(key->u.tkip.p1k, 193 tkip_mixing_phase2(tk, ctx, iv16, outkey);
264 &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY], iv16, outkey);
265} 194}
266EXPORT_SYMBOL(ieee80211_get_tkip_key); 195EXPORT_SYMBOL(ieee80211_get_tkip_key);
267 196
@@ -275,13 +204,19 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
275 u8 *pos, size_t payload_len, u8 *ta) 204 u8 *pos, size_t payload_len, u8 *ta)
276{ 205{
277 u8 rc4key[16]; 206 u8 rc4key[16];
207 struct tkip_ctx *ctx = &key->u.tkip.tx;
208 const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
209
210 /* Calculate per-packet key */
211 if (ctx->iv16 == 0 || !ctx->initialized)
212 tkip_mixing_phase1(tk, ctx, ta, ctx->iv32);
213
214 tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key);
278 215
279 ieee80211_tkip_gen_rc4key(key, ta, rc4key); 216 pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
280 pos = ieee80211_tkip_add_iv(pos, key, rc4key[0], rc4key[1], rc4key[2]);
281 ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len); 217 ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
282} 218}
283 219
284
285/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the 220/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the
286 * beginning of the buffer containing IEEE 802.11 header payload, i.e., 221 * beginning of the buffer containing IEEE 802.11 header payload, i.e.,
287 * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the 222 * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
@@ -296,15 +231,16 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
296 u32 iv16; 231 u32 iv16;
297 u8 rc4key[16], keyid, *pos = payload; 232 u8 rc4key[16], keyid, *pos = payload;
298 int res; 233 int res;
234 const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
299 235
300 if (payload_len < 12) 236 if (payload_len < 12)
301 return -1; 237 return -1;
302 238
303 iv16 = (pos[0] << 8) | pos[2]; 239 iv16 = (pos[0] << 8) | pos[2];
304 keyid = pos[3]; 240 keyid = pos[3];
305 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 241 iv32 = get_unaligned_le32(pos + 4);
306 pos += 8; 242 pos += 8;
307#ifdef CONFIG_TKIP_DEBUG 243#ifdef CONFIG_MAC80211_TKIP_DEBUG
308 { 244 {
309 int i; 245 int i;
310 printk(KERN_DEBUG "TKIP decrypt: data(len=%zd)", payload_len); 246 printk(KERN_DEBUG "TKIP decrypt: data(len=%zd)", payload_len);
@@ -314,7 +250,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
314 printk(KERN_DEBUG "TKIP decrypt: iv16=%04x iv32=%08x\n", 250 printk(KERN_DEBUG "TKIP decrypt: iv16=%04x iv32=%08x\n",
315 iv16, iv32); 251 iv16, iv32);
316 } 252 }
317#endif /* CONFIG_TKIP_DEBUG */ 253#endif
318 254
319 if (!(keyid & (1 << 5))) 255 if (!(keyid & (1 << 5)))
320 return TKIP_DECRYPT_NO_EXT_IV; 256 return TKIP_DECRYPT_NO_EXT_IV;
@@ -322,50 +258,48 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
322 if ((keyid >> 6) != key->conf.keyidx) 258 if ((keyid >> 6) != key->conf.keyidx)
323 return TKIP_DECRYPT_INVALID_KEYIDX; 259 return TKIP_DECRYPT_INVALID_KEYIDX;
324 260
325 if (key->u.tkip.rx_initialized[queue] && 261 if (key->u.tkip.rx[queue].initialized &&
326 (iv32 < key->u.tkip.iv32_rx[queue] || 262 (iv32 < key->u.tkip.rx[queue].iv32 ||
327 (iv32 == key->u.tkip.iv32_rx[queue] && 263 (iv32 == key->u.tkip.rx[queue].iv32 &&
328 iv16 <= key->u.tkip.iv16_rx[queue]))) { 264 iv16 <= key->u.tkip.rx[queue].iv16))) {
329#ifdef CONFIG_TKIP_DEBUG 265#ifdef CONFIG_MAC80211_TKIP_DEBUG
330 DECLARE_MAC_BUF(mac); 266 DECLARE_MAC_BUF(mac);
331 printk(KERN_DEBUG "TKIP replay detected for RX frame from " 267 printk(KERN_DEBUG "TKIP replay detected for RX frame from "
332 "%s (RX IV (%04x,%02x) <= prev. IV (%04x,%02x)\n", 268 "%s (RX IV (%04x,%02x) <= prev. IV (%04x,%02x)\n",
333 print_mac(mac, ta), 269 print_mac(mac, ta),
334 iv32, iv16, key->u.tkip.iv32_rx[queue], 270 iv32, iv16, key->u.tkip.rx[queue].iv32,
335 key->u.tkip.iv16_rx[queue]); 271 key->u.tkip.rx[queue].iv16);
336#endif /* CONFIG_TKIP_DEBUG */ 272#endif
337 return TKIP_DECRYPT_REPLAY; 273 return TKIP_DECRYPT_REPLAY;
338 } 274 }
339 275
340 if (only_iv) { 276 if (only_iv) {
341 res = TKIP_DECRYPT_OK; 277 res = TKIP_DECRYPT_OK;
342 key->u.tkip.rx_initialized[queue] = 1; 278 key->u.tkip.rx[queue].initialized = 1;
343 goto done; 279 goto done;
344 } 280 }
345 281
346 if (!key->u.tkip.rx_initialized[queue] || 282 if (!key->u.tkip.rx[queue].initialized ||
347 key->u.tkip.iv32_rx[queue] != iv32) { 283 key->u.tkip.rx[queue].iv32 != iv32) {
348 key->u.tkip.rx_initialized[queue] = 1;
349 /* IV16 wrapped around - perform TKIP phase 1 */ 284 /* IV16 wrapped around - perform TKIP phase 1 */
350 tkip_mixing_phase1(ta, &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY], 285 tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32);
351 iv32, key->u.tkip.p1k_rx[queue]); 286#ifdef CONFIG_MAC80211_TKIP_DEBUG
352#ifdef CONFIG_TKIP_DEBUG
353 { 287 {
354 int i; 288 int i;
289 u8 key_offset = NL80211_TKIP_DATA_OFFSET_ENCR_KEY;
355 DECLARE_MAC_BUF(mac); 290 DECLARE_MAC_BUF(mac);
356 printk(KERN_DEBUG "TKIP decrypt: Phase1 TA=%s" 291 printk(KERN_DEBUG "TKIP decrypt: Phase1 TA=%s"
357 " TK=", print_mac(mac, ta)); 292 " TK=", print_mac(mac, ta));
358 for (i = 0; i < 16; i++) 293 for (i = 0; i < 16; i++)
359 printk("%02x ", 294 printk("%02x ",
360 key->conf.key[ 295 key->conf.key[key_offset + i]);
361 ALG_TKIP_TEMP_ENCR_KEY + i]);
362 printk("\n"); 296 printk("\n");
363 printk(KERN_DEBUG "TKIP decrypt: P1K="); 297 printk(KERN_DEBUG "TKIP decrypt: P1K=");
364 for (i = 0; i < 5; i++) 298 for (i = 0; i < 5; i++)
365 printk("%04x ", key->u.tkip.p1k_rx[queue][i]); 299 printk("%04x ", key->u.tkip.rx[queue].p1k[i]);
366 printk("\n"); 300 printk("\n");
367 } 301 }
368#endif /* CONFIG_TKIP_DEBUG */ 302#endif
369 if (key->local->ops->update_tkip_key && 303 if (key->local->ops->update_tkip_key &&
370 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 304 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
371 u8 bcast[ETH_ALEN] = 305 u8 bcast[ETH_ALEN] =
@@ -377,14 +311,12 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
377 311
378 key->local->ops->update_tkip_key( 312 key->local->ops->update_tkip_key(
379 local_to_hw(key->local), &key->conf, 313 local_to_hw(key->local), &key->conf,
380 sta_addr, iv32, key->u.tkip.p1k_rx[queue]); 314 sta_addr, iv32, key->u.tkip.rx[queue].p1k);
381 } 315 }
382 } 316 }
383 317
384 tkip_mixing_phase2(key->u.tkip.p1k_rx[queue], 318 tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key);
385 &key->conf.key[ALG_TKIP_TEMP_ENCR_KEY], 319#ifdef CONFIG_MAC80211_TKIP_DEBUG
386 iv16, rc4key);
387#ifdef CONFIG_TKIP_DEBUG
388 { 320 {
389 int i; 321 int i;
390 printk(KERN_DEBUG "TKIP decrypt: Phase2 rc4key="); 322 printk(KERN_DEBUG "TKIP decrypt: Phase2 rc4key=");
@@ -392,7 +324,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
392 printk("%02x ", rc4key[i]); 324 printk("%02x ", rc4key[i]);
393 printk("\n"); 325 printk("\n");
394 } 326 }
395#endif /* CONFIG_TKIP_DEBUG */ 327#endif
396 328
397 res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12); 329 res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12);
398 done: 330 done:
@@ -409,5 +341,3 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
409 341
410 return res; 342 return res;
411} 343}
412
413
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h
index b7c2ee763d9d..d4714383f5fc 100644
--- a/net/mac80211/tkip.h
+++ b/net/mac80211/tkip.h
@@ -13,12 +13,8 @@
13#include <linux/crypto.h> 13#include <linux/crypto.h>
14#include "key.h" 14#include "key.h"
15 15
16u8 * ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, 16u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16);
17 u8 iv0, u8 iv1, u8 iv2); 17
18void ieee80211_tkip_gen_phase1key(struct ieee80211_key *key, u8 *ta,
19 u16 *phase1key);
20void ieee80211_tkip_gen_rc4key(struct ieee80211_key *key, u8 *ta,
21 u8 *rc4key);
22void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, 18void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
23 struct ieee80211_key *key, 19 struct ieee80211_key *key,
24 u8 *pos, size_t payload_len, u8 *ta); 20 u8 *pos, size_t payload_len, u8 *ta);
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 1d7dd54aacef..4788f7b91f49 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -38,23 +38,12 @@
38 38
39/* misc utils */ 39/* misc utils */
40 40
41static inline void ieee80211_include_sequence(struct ieee80211_sub_if_data *sdata,
42 struct ieee80211_hdr *hdr)
43{
44 /* Set the sequence number for this frame. */
45 hdr->seq_ctrl = cpu_to_le16(sdata->sequence);
46
47 /* Increase the sequence number. */
48 sdata->sequence = (sdata->sequence + 0x10) & IEEE80211_SCTL_SEQ;
49}
50
51#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP 41#ifdef CONFIG_MAC80211_LOWTX_FRAME_DUMP
52static void ieee80211_dump_frame(const char *ifname, const char *title, 42static void ieee80211_dump_frame(const char *ifname, const char *title,
53 const struct sk_buff *skb) 43 const struct sk_buff *skb)
54{ 44{
55 const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 45 const struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
56 u16 fc; 46 unsigned int hdrlen;
57 int hdrlen;
58 DECLARE_MAC_BUF(mac); 47 DECLARE_MAC_BUF(mac);
59 48
60 printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len); 49 printk(KERN_DEBUG "%s: %s (len=%d)", ifname, title, skb->len);
@@ -63,13 +52,12 @@ static void ieee80211_dump_frame(const char *ifname, const char *title,
63 return; 52 return;
64 } 53 }
65 54
66 fc = le16_to_cpu(hdr->frame_control); 55 hdrlen = ieee80211_hdrlen(hdr->frame_control);
67 hdrlen = ieee80211_get_hdrlen(fc);
68 if (hdrlen > skb->len) 56 if (hdrlen > skb->len)
69 hdrlen = skb->len; 57 hdrlen = skb->len;
70 if (hdrlen >= 4) 58 if (hdrlen >= 4)
71 printk(" FC=0x%04x DUR=0x%04x", 59 printk(" FC=0x%04x DUR=0x%04x",
72 fc, le16_to_cpu(hdr->duration_id)); 60 le16_to_cpu(hdr->frame_control), le16_to_cpu(hdr->duration_id));
73 if (hdrlen >= 10) 61 if (hdrlen >= 10)
74 printk(" A1=%s", print_mac(mac, hdr->addr1)); 62 printk(" A1=%s", print_mac(mac, hdr->addr1));
75 if (hdrlen >= 16) 63 if (hdrlen >= 16)
@@ -87,15 +75,16 @@ static inline void ieee80211_dump_frame(const char *ifname, const char *title,
87} 75}
88#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */ 76#endif /* CONFIG_MAC80211_LOWTX_FRAME_DUMP */
89 77
90static u16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr, 78static __le16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
91 int next_frag_len) 79 int next_frag_len)
92{ 80{
93 int rate, mrate, erp, dur, i; 81 int rate, mrate, erp, dur, i;
94 struct ieee80211_rate *txrate = tx->rate; 82 struct ieee80211_rate *txrate;
95 struct ieee80211_local *local = tx->local; 83 struct ieee80211_local *local = tx->local;
96 struct ieee80211_supported_band *sband; 84 struct ieee80211_supported_band *sband;
97 85
98 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 86 sband = local->hw.wiphy->bands[tx->channel->band];
87 txrate = &sband->bitrates[tx->rate_idx];
99 88
100 erp = 0; 89 erp = 0;
101 if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE) 90 if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
@@ -139,7 +128,7 @@ static u16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
139 128
140 /* data/mgmt */ 129 /* data/mgmt */
141 if (0 /* FIX: data/mgmt during CFP */) 130 if (0 /* FIX: data/mgmt during CFP */)
142 return 32768; 131 return cpu_to_le16(32768);
143 132
144 if (group_addr) /* Group address as the destination - no ACK */ 133 if (group_addr) /* Group address as the destination - no ACK */
145 return 0; 134 return 0;
@@ -209,19 +198,7 @@ static u16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
209 tx->sdata->bss_conf.use_short_preamble); 198 tx->sdata->bss_conf.use_short_preamble);
210 } 199 }
211 200
212 return dur; 201 return cpu_to_le16(dur);
213}
214
215static inline int __ieee80211_queue_stopped(const struct ieee80211_local *local,
216 int queue)
217{
218 return test_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
219}
220
221static inline int __ieee80211_queue_pending(const struct ieee80211_local *local,
222 int queue)
223{
224 return test_bit(IEEE80211_LINK_STATE_PENDING, &local->state[queue]);
225} 202}
226 203
227static int inline is_ieee80211_device(struct net_device *dev, 204static int inline is_ieee80211_device(struct net_device *dev,
@@ -233,16 +210,16 @@ static int inline is_ieee80211_device(struct net_device *dev,
233 210
234/* tx handlers */ 211/* tx handlers */
235 212
236static ieee80211_tx_result 213static ieee80211_tx_result debug_noinline
237ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx) 214ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
238{ 215{
239#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 216#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
240 struct sk_buff *skb = tx->skb; 217 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
241 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
242#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 218#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
219 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
243 u32 sta_flags; 220 u32 sta_flags;
244 221
245 if (unlikely(tx->flags & IEEE80211_TX_INJECTED)) 222 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
246 return TX_CONTINUE; 223 return TX_CONTINUE;
247 224
248 if (unlikely(tx->local->sta_sw_scanning) && 225 if (unlikely(tx->local->sta_sw_scanning) &&
@@ -256,7 +233,7 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
256 if (tx->flags & IEEE80211_TX_PS_BUFFERED) 233 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
257 return TX_CONTINUE; 234 return TX_CONTINUE;
258 235
259 sta_flags = tx->sta ? tx->sta->flags : 0; 236 sta_flags = tx->sta ? get_sta_flags(tx->sta) : 0;
260 237
261 if (likely(tx->flags & IEEE80211_TX_UNICAST)) { 238 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
262 if (unlikely(!(sta_flags & WLAN_STA_ASSOC) && 239 if (unlikely(!(sta_flags & WLAN_STA_ASSOC) &&
@@ -287,17 +264,6 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
287 return TX_CONTINUE; 264 return TX_CONTINUE;
288} 265}
289 266
290static ieee80211_tx_result
291ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
292{
293 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
294
295 if (ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)) >= 24)
296 ieee80211_include_sequence(tx->sdata, hdr);
297
298 return TX_CONTINUE;
299}
300
301/* This function is called whenever the AP is about to exceed the maximum limit 267/* This function is called whenever the AP is about to exceed the maximum limit
302 * of buffered frames for power saving STAs. This situation should not really 268 * of buffered frames for power saving STAs. This situation should not really
303 * happen often during normal operation, so dropping the oldest buffered packet 269 * happen often during normal operation, so dropping the oldest buffered packet
@@ -316,8 +282,7 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
316 282
317 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 283 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
318 struct ieee80211_if_ap *ap; 284 struct ieee80211_if_ap *ap;
319 if (sdata->dev == local->mdev || 285 if (sdata->vif.type != IEEE80211_IF_TYPE_AP)
320 sdata->vif.type != IEEE80211_IF_TYPE_AP)
321 continue; 286 continue;
322 ap = &sdata->u.ap; 287 ap = &sdata->u.ap;
323 skb = skb_dequeue(&ap->ps_bc_buf); 288 skb = skb_dequeue(&ap->ps_bc_buf);
@@ -340,13 +305,17 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
340 rcu_read_unlock(); 305 rcu_read_unlock();
341 306
342 local->total_ps_buffered = total; 307 local->total_ps_buffered = total;
308#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
343 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n", 309 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n",
344 wiphy_name(local->hw.wiphy), purged); 310 wiphy_name(local->hw.wiphy), purged);
311#endif
345} 312}
346 313
347static ieee80211_tx_result 314static ieee80211_tx_result
348ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx) 315ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
349{ 316{
317 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
318
350 /* 319 /*
351 * broadcast/multicast frame 320 * broadcast/multicast frame
352 * 321 *
@@ -355,8 +324,12 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
355 * This is done either by the hardware or us. 324 * This is done either by the hardware or us.
356 */ 325 */
357 326
358 /* not AP/IBSS or ordered frame */ 327 /* powersaving STAs only in AP/VLAN mode */
359 if (!tx->sdata->bss || (tx->fc & IEEE80211_FCTL_ORDER)) 328 if (!tx->sdata->bss)
329 return TX_CONTINUE;
330
331 /* no buffering for ordered frames */
332 if (tx->fc & IEEE80211_FCTL_ORDER)
360 return TX_CONTINUE; 333 return TX_CONTINUE;
361 334
362 /* no stations in PS mode */ 335 /* no stations in PS mode */
@@ -369,11 +342,13 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
369 purge_old_ps_buffers(tx->local); 342 purge_old_ps_buffers(tx->local);
370 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >= 343 if (skb_queue_len(&tx->sdata->bss->ps_bc_buf) >=
371 AP_MAX_BC_BUFFER) { 344 AP_MAX_BC_BUFFER) {
345#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
372 if (net_ratelimit()) { 346 if (net_ratelimit()) {
373 printk(KERN_DEBUG "%s: BC TX buffer full - " 347 printk(KERN_DEBUG "%s: BC TX buffer full - "
374 "dropping the oldest frame\n", 348 "dropping the oldest frame\n",
375 tx->dev->name); 349 tx->dev->name);
376 } 350 }
351#endif
377 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf)); 352 dev_kfree_skb(skb_dequeue(&tx->sdata->bss->ps_bc_buf));
378 } else 353 } else
379 tx->local->total_ps_buffered++; 354 tx->local->total_ps_buffered++;
@@ -382,7 +357,7 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
382 } 357 }
383 358
384 /* buffered in hardware */ 359 /* buffered in hardware */
385 tx->control->flags |= IEEE80211_TXCTL_SEND_AFTER_DTIM; 360 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
386 361
387 return TX_CONTINUE; 362 return TX_CONTINUE;
388} 363}
@@ -391,6 +366,8 @@ static ieee80211_tx_result
391ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) 366ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
392{ 367{
393 struct sta_info *sta = tx->sta; 368 struct sta_info *sta = tx->sta;
369 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
370 u32 staflags;
394 DECLARE_MAC_BUF(mac); 371 DECLARE_MAC_BUF(mac);
395 372
396 if (unlikely(!sta || 373 if (unlikely(!sta ||
@@ -398,9 +375,10 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
398 (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP))) 375 (tx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PROBE_RESP)))
399 return TX_CONTINUE; 376 return TX_CONTINUE;
400 377
401 if (unlikely((sta->flags & WLAN_STA_PS) && 378 staflags = get_sta_flags(sta);
402 !(sta->flags & WLAN_STA_PSPOLL))) { 379
403 struct ieee80211_tx_packet_data *pkt_data; 380 if (unlikely((staflags & WLAN_STA_PS) &&
381 !(staflags & WLAN_STA_PSPOLL))) {
404#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 382#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
405 printk(KERN_DEBUG "STA %s aid %d: PS buffer (entries " 383 printk(KERN_DEBUG "STA %s aid %d: PS buffer (entries "
406 "before %d)\n", 384 "before %d)\n",
@@ -411,11 +389,13 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
411 purge_old_ps_buffers(tx->local); 389 purge_old_ps_buffers(tx->local);
412 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) { 390 if (skb_queue_len(&sta->ps_tx_buf) >= STA_MAX_TX_BUFFER) {
413 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf); 391 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf);
392#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
414 if (net_ratelimit()) { 393 if (net_ratelimit()) {
415 printk(KERN_DEBUG "%s: STA %s TX " 394 printk(KERN_DEBUG "%s: STA %s TX "
416 "buffer full - dropping oldest frame\n", 395 "buffer full - dropping oldest frame\n",
417 tx->dev->name, print_mac(mac, sta->addr)); 396 tx->dev->name, print_mac(mac, sta->addr));
418 } 397 }
398#endif
419 dev_kfree_skb(old); 399 dev_kfree_skb(old);
420 } else 400 } else
421 tx->local->total_ps_buffered++; 401 tx->local->total_ps_buffered++;
@@ -424,24 +404,23 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
424 if (skb_queue_empty(&sta->ps_tx_buf)) 404 if (skb_queue_empty(&sta->ps_tx_buf))
425 sta_info_set_tim_bit(sta); 405 sta_info_set_tim_bit(sta);
426 406
427 pkt_data = (struct ieee80211_tx_packet_data *)tx->skb->cb; 407 info->control.jiffies = jiffies;
428 pkt_data->jiffies = jiffies;
429 skb_queue_tail(&sta->ps_tx_buf, tx->skb); 408 skb_queue_tail(&sta->ps_tx_buf, tx->skb);
430 return TX_QUEUED; 409 return TX_QUEUED;
431 } 410 }
432#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 411#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
433 else if (unlikely(sta->flags & WLAN_STA_PS)) { 412 else if (unlikely(test_sta_flags(sta, WLAN_STA_PS))) {
434 printk(KERN_DEBUG "%s: STA %s in PS mode, but pspoll " 413 printk(KERN_DEBUG "%s: STA %s in PS mode, but pspoll "
435 "set -> send frame\n", tx->dev->name, 414 "set -> send frame\n", tx->dev->name,
436 print_mac(mac, sta->addr)); 415 print_mac(mac, sta->addr));
437 } 416 }
438#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 417#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
439 sta->flags &= ~WLAN_STA_PSPOLL; 418 clear_sta_flags(sta, WLAN_STA_PSPOLL);
440 419
441 return TX_CONTINUE; 420 return TX_CONTINUE;
442} 421}
443 422
444static ieee80211_tx_result 423static ieee80211_tx_result debug_noinline
445ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx) 424ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
446{ 425{
447 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED)) 426 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
@@ -453,21 +432,22 @@ ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
453 return ieee80211_tx_h_multicast_ps_buf(tx); 432 return ieee80211_tx_h_multicast_ps_buf(tx);
454} 433}
455 434
456static ieee80211_tx_result 435static ieee80211_tx_result debug_noinline
457ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) 436ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
458{ 437{
459 struct ieee80211_key *key; 438 struct ieee80211_key *key;
439 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
460 u16 fc = tx->fc; 440 u16 fc = tx->fc;
461 441
462 if (unlikely(tx->control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT)) 442 if (unlikely(tx->skb->do_not_encrypt))
463 tx->key = NULL; 443 tx->key = NULL;
464 else if (tx->sta && (key = rcu_dereference(tx->sta->key))) 444 else if (tx->sta && (key = rcu_dereference(tx->sta->key)))
465 tx->key = key; 445 tx->key = key;
466 else if ((key = rcu_dereference(tx->sdata->default_key))) 446 else if ((key = rcu_dereference(tx->sdata->default_key)))
467 tx->key = key; 447 tx->key = key;
468 else if (tx->sdata->drop_unencrypted && 448 else if (tx->sdata->drop_unencrypted &&
469 !(tx->control->flags & IEEE80211_TXCTL_EAPOL_FRAME) && 449 (tx->skb->protocol != cpu_to_be16(ETH_P_PAE)) &&
470 !(tx->flags & IEEE80211_TX_INJECTED)) { 450 !(info->flags & IEEE80211_TX_CTL_INJECTED)) {
471 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted); 451 I802_DEBUG_INC(tx->local->tx_handlers_drop_unencrypted);
472 return TX_DROP; 452 return TX_DROP;
473 } else 453 } else
@@ -496,15 +476,197 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
496 } 476 }
497 477
498 if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 478 if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
499 tx->control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT; 479 tx->skb->do_not_encrypt = 1;
500 480
501 return TX_CONTINUE; 481 return TX_CONTINUE;
502} 482}
503 483
504static ieee80211_tx_result 484static ieee80211_tx_result debug_noinline
485ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
486{
487 struct rate_selection rsel;
488 struct ieee80211_supported_band *sband;
489 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
490
491 sband = tx->local->hw.wiphy->bands[tx->channel->band];
492
493 if (likely(tx->rate_idx < 0)) {
494 rate_control_get_rate(tx->dev, sband, tx->skb, &rsel);
495 tx->rate_idx = rsel.rate_idx;
496 if (unlikely(rsel.probe_idx >= 0)) {
497 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
498 tx->flags |= IEEE80211_TX_PROBE_LAST_FRAG;
499 info->control.alt_retry_rate_idx = tx->rate_idx;
500 tx->rate_idx = rsel.probe_idx;
501 } else
502 info->control.alt_retry_rate_idx = -1;
503
504 if (unlikely(tx->rate_idx < 0))
505 return TX_DROP;
506 } else
507 info->control.alt_retry_rate_idx = -1;
508
509 if (tx->sdata->bss_conf.use_cts_prot &&
510 (tx->flags & IEEE80211_TX_FRAGMENTED) && (rsel.nonerp_idx >= 0)) {
511 tx->last_frag_rate_idx = tx->rate_idx;
512 if (rsel.probe_idx >= 0)
513 tx->flags &= ~IEEE80211_TX_PROBE_LAST_FRAG;
514 else
515 tx->flags |= IEEE80211_TX_PROBE_LAST_FRAG;
516 tx->rate_idx = rsel.nonerp_idx;
517 info->tx_rate_idx = rsel.nonerp_idx;
518 info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
519 } else {
520 tx->last_frag_rate_idx = tx->rate_idx;
521 info->tx_rate_idx = tx->rate_idx;
522 }
523 info->tx_rate_idx = tx->rate_idx;
524
525 return TX_CONTINUE;
526}
527
528static ieee80211_tx_result debug_noinline
529ieee80211_tx_h_misc(struct ieee80211_tx_data *tx)
530{
531 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
532 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
533 struct ieee80211_supported_band *sband;
534
535 sband = tx->local->hw.wiphy->bands[tx->channel->band];
536
537 if (tx->sta)
538 info->control.aid = tx->sta->aid;
539
540 if (!info->control.retry_limit) {
541 if (!is_multicast_ether_addr(hdr->addr1)) {
542 int len = min_t(int, tx->skb->len + FCS_LEN,
543 tx->local->fragmentation_threshold);
544 if (len > tx->local->rts_threshold
545 && tx->local->rts_threshold <
546 IEEE80211_MAX_RTS_THRESHOLD) {
547 info->flags |= IEEE80211_TX_CTL_USE_RTS_CTS;
548 info->flags |=
549 IEEE80211_TX_CTL_LONG_RETRY_LIMIT;
550 info->control.retry_limit =
551 tx->local->long_retry_limit;
552 } else {
553 info->control.retry_limit =
554 tx->local->short_retry_limit;
555 }
556 } else {
557 info->control.retry_limit = 1;
558 }
559 }
560
561 if (tx->flags & IEEE80211_TX_FRAGMENTED) {
562 /* Do not use multiple retry rates when sending fragmented
563 * frames.
564 * TODO: The last fragment could still use multiple retry
565 * rates. */
566 info->control.alt_retry_rate_idx = -1;
567 }
568
569 /* Use CTS protection for unicast frames sent using extended rates if
570 * there are associated non-ERP stations and RTS/CTS is not configured
571 * for the frame. */
572 if ((tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE) &&
573 (sband->bitrates[tx->rate_idx].flags & IEEE80211_RATE_ERP_G) &&
574 (tx->flags & IEEE80211_TX_UNICAST) &&
575 tx->sdata->bss_conf.use_cts_prot &&
576 !(info->flags & IEEE80211_TX_CTL_USE_RTS_CTS))
577 info->flags |= IEEE80211_TX_CTL_USE_CTS_PROTECT;
578
579 /* Transmit data frames using short preambles if the driver supports
580 * short preambles at the selected rate and short preambles are
581 * available on the network at the current point in time. */
582 if (ieee80211_is_data(hdr->frame_control) &&
583 (sband->bitrates[tx->rate_idx].flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
584 tx->sdata->bss_conf.use_short_preamble &&
585 (!tx->sta || test_sta_flags(tx->sta, WLAN_STA_SHORT_PREAMBLE))) {
586 info->flags |= IEEE80211_TX_CTL_SHORT_PREAMBLE;
587 }
588
589 if ((info->flags & IEEE80211_TX_CTL_USE_RTS_CTS) ||
590 (info->flags & IEEE80211_TX_CTL_USE_CTS_PROTECT)) {
591 struct ieee80211_rate *rate;
592 s8 baserate = -1;
593 int idx;
594
595 /* Do not use multiple retry rates when using RTS/CTS */
596 info->control.alt_retry_rate_idx = -1;
597
598 /* Use min(data rate, max base rate) as CTS/RTS rate */
599 rate = &sband->bitrates[tx->rate_idx];
600
601 for (idx = 0; idx < sband->n_bitrates; idx++) {
602 if (sband->bitrates[idx].bitrate > rate->bitrate)
603 continue;
604 if (tx->sdata->basic_rates & BIT(idx) &&
605 (baserate < 0 ||
606 (sband->bitrates[baserate].bitrate
607 < sband->bitrates[idx].bitrate)))
608 baserate = idx;
609 }
610
611 if (baserate >= 0)
612 info->control.rts_cts_rate_idx = baserate;
613 else
614 info->control.rts_cts_rate_idx = 0;
615 }
616
617 if (tx->sta)
618 info->control.aid = tx->sta->aid;
619
620 return TX_CONTINUE;
621}
622
623static ieee80211_tx_result debug_noinline
624ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
625{
626 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
627 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
628 u16 *seq;
629 u8 *qc;
630 int tid;
631
632 /* only for injected frames */
633 if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
634 return TX_CONTINUE;
635
636 if (ieee80211_hdrlen(hdr->frame_control) < 24)
637 return TX_CONTINUE;
638
639 if (!ieee80211_is_data_qos(hdr->frame_control)) {
640 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
641 return TX_CONTINUE;
642 }
643
644 /*
645 * This should be true for injected/management frames only, for
646 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
647 * above since they are not QoS-data frames.
648 */
649 if (!tx->sta)
650 return TX_CONTINUE;
651
652 /* include per-STA, per-TID sequence counter */
653
654 qc = ieee80211_get_qos_ctl(hdr);
655 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
656 seq = &tx->sta->tid_seq[tid];
657
658 hdr->seq_ctrl = cpu_to_le16(*seq);
659
660 /* Increase the sequence number. */
661 *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
662
663 return TX_CONTINUE;
664}
665
666static ieee80211_tx_result debug_noinline
505ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx) 667ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
506{ 668{
507 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data; 669 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
508 size_t hdrlen, per_fragm, num_fragm, payload_len, left; 670 size_t hdrlen, per_fragm, num_fragm, payload_len, left;
509 struct sk_buff **frags, *first, *frag; 671 struct sk_buff **frags, *first, *frag;
510 int i; 672 int i;
@@ -515,9 +677,19 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
515 if (!(tx->flags & IEEE80211_TX_FRAGMENTED)) 677 if (!(tx->flags & IEEE80211_TX_FRAGMENTED))
516 return TX_CONTINUE; 678 return TX_CONTINUE;
517 679
680 /*
681 * Warn when submitting a fragmented A-MPDU frame and drop it.
682 * This scenario is handled in __ieee80211_tx_prepare but extra
683 * caution taken here as fragmented ampdu may cause Tx stop.
684 */
685 if (WARN_ON(tx->flags & IEEE80211_TX_CTL_AMPDU ||
686 skb_get_queue_mapping(tx->skb) >=
687 ieee80211_num_regular_queues(&tx->local->hw)))
688 return TX_DROP;
689
518 first = tx->skb; 690 first = tx->skb;
519 691
520 hdrlen = ieee80211_get_hdrlen(tx->fc); 692 hdrlen = ieee80211_hdrlen(hdr->frame_control);
521 payload_len = first->len - hdrlen; 693 payload_len = first->len - hdrlen;
522 per_fragm = frag_threshold - hdrlen - FCS_LEN; 694 per_fragm = frag_threshold - hdrlen - FCS_LEN;
523 num_fragm = DIV_ROUND_UP(payload_len, per_fragm); 695 num_fragm = DIV_ROUND_UP(payload_len, per_fragm);
@@ -558,6 +730,9 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
558 fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG)); 730 fhdr->seq_ctrl = cpu_to_le16(seq | ((i + 1) & IEEE80211_SCTL_FRAG));
559 copylen = left > per_fragm ? per_fragm : left; 731 copylen = left > per_fragm ? per_fragm : left;
560 memcpy(skb_put(frag, copylen), pos, copylen); 732 memcpy(skb_put(frag, copylen), pos, copylen);
733 memcpy(frag->cb, first->cb, sizeof(frag->cb));
734 skb_copy_queue_mapping(frag, first);
735 frag->do_not_encrypt = first->do_not_encrypt;
561 736
562 pos += copylen; 737 pos += copylen;
563 left -= copylen; 738 left -= copylen;
@@ -570,7 +745,6 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
570 return TX_CONTINUE; 745 return TX_CONTINUE;
571 746
572 fail: 747 fail:
573 printk(KERN_DEBUG "%s: failed to fragment frame\n", tx->dev->name);
574 if (frags) { 748 if (frags) {
575 for (i = 0; i < num_fragm - 1; i++) 749 for (i = 0; i < num_fragm - 1; i++)
576 if (frags[i]) 750 if (frags[i])
@@ -581,7 +755,7 @@ ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
581 return TX_DROP; 755 return TX_DROP;
582} 756}
583 757
584static ieee80211_tx_result 758static ieee80211_tx_result debug_noinline
585ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx) 759ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
586{ 760{
587 if (!tx->key) 761 if (!tx->key)
@@ -601,236 +775,57 @@ ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
601 return TX_DROP; 775 return TX_DROP;
602} 776}
603 777
604static ieee80211_tx_result 778static ieee80211_tx_result debug_noinline
605ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) 779ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
606{ 780{
607 struct rate_selection rsel; 781 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
608 struct ieee80211_supported_band *sband; 782 int next_len, i;
609 783 int group_addr = is_multicast_ether_addr(hdr->addr1);
610 sband = tx->local->hw.wiphy->bands[tx->local->hw.conf.channel->band];
611
612 if (likely(!tx->rate)) {
613 rate_control_get_rate(tx->dev, sband, tx->skb, &rsel);
614 tx->rate = rsel.rate;
615 if (unlikely(rsel.probe)) {
616 tx->control->flags |=
617 IEEE80211_TXCTL_RATE_CTRL_PROBE;
618 tx->flags |= IEEE80211_TX_PROBE_LAST_FRAG;
619 tx->control->alt_retry_rate = tx->rate;
620 tx->rate = rsel.probe;
621 } else
622 tx->control->alt_retry_rate = NULL;
623
624 if (!tx->rate)
625 return TX_DROP;
626 } else
627 tx->control->alt_retry_rate = NULL;
628 784
629 if (tx->sdata->bss_conf.use_cts_prot && 785 if (!(tx->flags & IEEE80211_TX_FRAGMENTED)) {
630 (tx->flags & IEEE80211_TX_FRAGMENTED) && rsel.nonerp) { 786 hdr->duration_id = ieee80211_duration(tx, group_addr, 0);
631 tx->last_frag_rate = tx->rate; 787 return TX_CONTINUE;
632 if (rsel.probe)
633 tx->flags &= ~IEEE80211_TX_PROBE_LAST_FRAG;
634 else
635 tx->flags |= IEEE80211_TX_PROBE_LAST_FRAG;
636 tx->rate = rsel.nonerp;
637 tx->control->tx_rate = rsel.nonerp;
638 tx->control->flags &= ~IEEE80211_TXCTL_RATE_CTRL_PROBE;
639 } else {
640 tx->last_frag_rate = tx->rate;
641 tx->control->tx_rate = tx->rate;
642 } 788 }
643 tx->control->tx_rate = tx->rate;
644
645 return TX_CONTINUE;
646}
647 789
648static ieee80211_tx_result 790 hdr->duration_id = ieee80211_duration(tx, group_addr,
649ieee80211_tx_h_misc(struct ieee80211_tx_data *tx) 791 tx->extra_frag[0]->len);
650{
651 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) tx->skb->data;
652 u16 fc = le16_to_cpu(hdr->frame_control);
653 u16 dur;
654 struct ieee80211_tx_control *control = tx->control;
655 792
656 if (!control->retry_limit) { 793 for (i = 0; i < tx->num_extra_frag; i++) {
657 if (!is_multicast_ether_addr(hdr->addr1)) { 794 if (i + 1 < tx->num_extra_frag) {
658 if (tx->skb->len + FCS_LEN > tx->local->rts_threshold 795 next_len = tx->extra_frag[i + 1]->len;
659 && tx->local->rts_threshold <
660 IEEE80211_MAX_RTS_THRESHOLD) {
661 control->flags |=
662 IEEE80211_TXCTL_USE_RTS_CTS;
663 control->flags |=
664 IEEE80211_TXCTL_LONG_RETRY_LIMIT;
665 control->retry_limit =
666 tx->local->long_retry_limit;
667 } else {
668 control->retry_limit =
669 tx->local->short_retry_limit;
670 }
671 } else { 796 } else {
672 control->retry_limit = 1; 797 next_len = 0;
798 tx->rate_idx = tx->last_frag_rate_idx;
673 } 799 }
674 }
675 800
676 if (tx->flags & IEEE80211_TX_FRAGMENTED) { 801 hdr = (struct ieee80211_hdr *)tx->extra_frag[i]->data;
677 /* Do not use multiple retry rates when sending fragmented 802 hdr->duration_id = ieee80211_duration(tx, 0, next_len);
678 * frames.
679 * TODO: The last fragment could still use multiple retry
680 * rates. */
681 control->alt_retry_rate = NULL;
682 }
683
684 /* Use CTS protection for unicast frames sent using extended rates if
685 * there are associated non-ERP stations and RTS/CTS is not configured
686 * for the frame. */
687 if ((tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE) &&
688 (tx->rate->flags & IEEE80211_RATE_ERP_G) &&
689 (tx->flags & IEEE80211_TX_UNICAST) &&
690 tx->sdata->bss_conf.use_cts_prot &&
691 !(control->flags & IEEE80211_TXCTL_USE_RTS_CTS))
692 control->flags |= IEEE80211_TXCTL_USE_CTS_PROTECT;
693
694 /* Transmit data frames using short preambles if the driver supports
695 * short preambles at the selected rate and short preambles are
696 * available on the network at the current point in time. */
697 if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
698 (tx->rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
699 tx->sdata->bss_conf.use_short_preamble &&
700 (!tx->sta || (tx->sta->flags & WLAN_STA_SHORT_PREAMBLE))) {
701 tx->control->flags |= IEEE80211_TXCTL_SHORT_PREAMBLE;
702 }
703
704 /* Setup duration field for the first fragment of the frame. Duration
705 * for remaining fragments will be updated when they are being sent
706 * to low-level driver in ieee80211_tx(). */
707 dur = ieee80211_duration(tx, is_multicast_ether_addr(hdr->addr1),
708 (tx->flags & IEEE80211_TX_FRAGMENTED) ?
709 tx->extra_frag[0]->len : 0);
710 hdr->duration_id = cpu_to_le16(dur);
711
712 if ((control->flags & IEEE80211_TXCTL_USE_RTS_CTS) ||
713 (control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)) {
714 struct ieee80211_supported_band *sband;
715 struct ieee80211_rate *rate, *baserate;
716 int idx;
717
718 sband = tx->local->hw.wiphy->bands[
719 tx->local->hw.conf.channel->band];
720
721 /* Do not use multiple retry rates when using RTS/CTS */
722 control->alt_retry_rate = NULL;
723
724 /* Use min(data rate, max base rate) as CTS/RTS rate */
725 rate = tx->rate;
726 baserate = NULL;
727
728 for (idx = 0; idx < sband->n_bitrates; idx++) {
729 if (sband->bitrates[idx].bitrate > rate->bitrate)
730 continue;
731 if (tx->sdata->basic_rates & BIT(idx) &&
732 (!baserate ||
733 (baserate->bitrate < sband->bitrates[idx].bitrate)))
734 baserate = &sband->bitrates[idx];
735 }
736
737 if (baserate)
738 control->rts_cts_rate = baserate;
739 else
740 control->rts_cts_rate = &sband->bitrates[0];
741 }
742
743 if (tx->sta) {
744 control->aid = tx->sta->aid;
745 tx->sta->tx_packets++;
746 tx->sta->tx_fragments++;
747 tx->sta->tx_bytes += tx->skb->len;
748 if (tx->extra_frag) {
749 int i;
750 tx->sta->tx_fragments += tx->num_extra_frag;
751 for (i = 0; i < tx->num_extra_frag; i++) {
752 tx->sta->tx_bytes +=
753 tx->extra_frag[i]->len;
754 }
755 }
756 } 803 }
757 804
758 return TX_CONTINUE; 805 return TX_CONTINUE;
759} 806}
760 807
761static ieee80211_tx_result 808static ieee80211_tx_result debug_noinline
762ieee80211_tx_h_load_stats(struct ieee80211_tx_data *tx) 809ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
763{ 810{
764 struct ieee80211_local *local = tx->local; 811 int i;
765 struct sk_buff *skb = tx->skb;
766 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
767 u32 load = 0, hdrtime;
768 struct ieee80211_rate *rate = tx->rate;
769
770 /* TODO: this could be part of tx_status handling, so that the number
771 * of retries would be known; TX rate should in that case be stored
772 * somewhere with the packet */
773
774 /* Estimate total channel use caused by this frame */
775
776 /* 1 bit at 1 Mbit/s takes 1 usec; in channel_use values,
777 * 1 usec = 1/8 * (1080 / 10) = 13.5 */
778
779 if (tx->channel->band == IEEE80211_BAND_5GHZ ||
780 (tx->channel->band == IEEE80211_BAND_2GHZ &&
781 rate->flags & IEEE80211_RATE_ERP_G))
782 hdrtime = CHAN_UTIL_HDR_SHORT;
783 else
784 hdrtime = CHAN_UTIL_HDR_LONG;
785
786 load = hdrtime;
787 if (!is_multicast_ether_addr(hdr->addr1))
788 load += hdrtime;
789
790 if (tx->control->flags & IEEE80211_TXCTL_USE_RTS_CTS)
791 load += 2 * hdrtime;
792 else if (tx->control->flags & IEEE80211_TXCTL_USE_CTS_PROTECT)
793 load += hdrtime;
794 812
795 /* TODO: optimise again */ 813 if (!tx->sta)
796 load += skb->len * CHAN_UTIL_RATE_LCM / rate->bitrate; 814 return TX_CONTINUE;
797 815
816 tx->sta->tx_packets++;
817 tx->sta->tx_fragments++;
818 tx->sta->tx_bytes += tx->skb->len;
798 if (tx->extra_frag) { 819 if (tx->extra_frag) {
799 int i; 820 tx->sta->tx_fragments += tx->num_extra_frag;
800 for (i = 0; i < tx->num_extra_frag; i++) { 821 for (i = 0; i < tx->num_extra_frag; i++)
801 load += 2 * hdrtime; 822 tx->sta->tx_bytes += tx->extra_frag[i]->len;
802 load += tx->extra_frag[i]->len *
803 tx->rate->bitrate;
804 }
805 } 823 }
806 824
807 /* Divide channel_use by 8 to avoid wrapping around the counter */
808 load >>= CHAN_UTIL_SHIFT;
809 local->channel_use_raw += load;
810 if (tx->sta)
811 tx->sta->channel_use_raw += load;
812 tx->sdata->channel_use_raw += load;
813
814 return TX_CONTINUE; 825 return TX_CONTINUE;
815} 826}
816 827
817 828
818typedef ieee80211_tx_result (*ieee80211_tx_handler)(struct ieee80211_tx_data *);
819static ieee80211_tx_handler ieee80211_tx_handlers[] =
820{
821 ieee80211_tx_h_check_assoc,
822 ieee80211_tx_h_sequence,
823 ieee80211_tx_h_ps_buf,
824 ieee80211_tx_h_select_key,
825 ieee80211_tx_h_michael_mic_add,
826 ieee80211_tx_h_fragment,
827 ieee80211_tx_h_encrypt,
828 ieee80211_tx_h_rate_ctrl,
829 ieee80211_tx_h_misc,
830 ieee80211_tx_h_load_stats,
831 NULL
832};
833
834/* actual transmit path */ 829/* actual transmit path */
835 830
836/* 831/*
@@ -854,12 +849,12 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
854 (struct ieee80211_radiotap_header *) skb->data; 849 (struct ieee80211_radiotap_header *) skb->data;
855 struct ieee80211_supported_band *sband; 850 struct ieee80211_supported_band *sband;
856 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len); 851 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len);
857 struct ieee80211_tx_control *control = tx->control; 852 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
858 853
859 sband = tx->local->hw.wiphy->bands[tx->local->hw.conf.channel->band]; 854 sband = tx->local->hw.wiphy->bands[tx->channel->band];
860 855
861 control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT; 856 skb->do_not_encrypt = 1;
862 tx->flags |= IEEE80211_TX_INJECTED; 857 info->flags |= IEEE80211_TX_CTL_INJECTED;
863 tx->flags &= ~IEEE80211_TX_FRAGMENTED; 858 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
864 859
865 /* 860 /*
@@ -896,7 +891,7 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
896 r = &sband->bitrates[i]; 891 r = &sband->bitrates[i];
897 892
898 if (r->bitrate == target_rate) { 893 if (r->bitrate == target_rate) {
899 tx->rate = r; 894 tx->rate_idx = i;
900 break; 895 break;
901 } 896 }
902 } 897 }
@@ -907,7 +902,7 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
907 * radiotap uses 0 for 1st ant, mac80211 is 1 for 902 * radiotap uses 0 for 1st ant, mac80211 is 1 for
908 * 1st ant 903 * 1st ant
909 */ 904 */
910 control->antenna_sel_tx = (*iterator.this_arg) + 1; 905 info->antenna_sel_tx = (*iterator.this_arg) + 1;
911 break; 906 break;
912 907
913#if 0 908#if 0
@@ -931,8 +926,7 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
931 skb_trim(skb, skb->len - FCS_LEN); 926 skb_trim(skb, skb->len - FCS_LEN);
932 } 927 }
933 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP) 928 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
934 control->flags &= 929 tx->skb->do_not_encrypt = 0;
935 ~IEEE80211_TXCTL_DO_NOT_ENCRYPT;
936 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG) 930 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
937 tx->flags |= IEEE80211_TX_FRAGMENTED; 931 tx->flags |= IEEE80211_TX_FRAGMENTED;
938 break; 932 break;
@@ -967,12 +961,12 @@ __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
967static ieee80211_tx_result 961static ieee80211_tx_result
968__ieee80211_tx_prepare(struct ieee80211_tx_data *tx, 962__ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
969 struct sk_buff *skb, 963 struct sk_buff *skb,
970 struct net_device *dev, 964 struct net_device *dev)
971 struct ieee80211_tx_control *control)
972{ 965{
973 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 966 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
974 struct ieee80211_hdr *hdr; 967 struct ieee80211_hdr *hdr;
975 struct ieee80211_sub_if_data *sdata; 968 struct ieee80211_sub_if_data *sdata;
969 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
976 970
977 int hdrlen; 971 int hdrlen;
978 972
@@ -981,7 +975,9 @@ __ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
981 tx->dev = dev; /* use original interface */ 975 tx->dev = dev; /* use original interface */
982 tx->local = local; 976 tx->local = local;
983 tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev); 977 tx->sdata = IEEE80211_DEV_TO_SUB_IF(dev);
984 tx->control = control; 978 tx->channel = local->hw.conf.channel;
979 tx->rate_idx = -1;
980 tx->last_frag_rate_idx = -1;
985 /* 981 /*
986 * Set this flag (used below to indicate "automatic fragmentation"), 982 * Set this flag (used below to indicate "automatic fragmentation"),
987 * it will be cleared/left by radiotap as desired. 983 * it will be cleared/left by radiotap as desired.
@@ -1008,34 +1004,33 @@ __ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1008 1004
1009 if (is_multicast_ether_addr(hdr->addr1)) { 1005 if (is_multicast_ether_addr(hdr->addr1)) {
1010 tx->flags &= ~IEEE80211_TX_UNICAST; 1006 tx->flags &= ~IEEE80211_TX_UNICAST;
1011 control->flags |= IEEE80211_TXCTL_NO_ACK; 1007 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1012 } else { 1008 } else {
1013 tx->flags |= IEEE80211_TX_UNICAST; 1009 tx->flags |= IEEE80211_TX_UNICAST;
1014 control->flags &= ~IEEE80211_TXCTL_NO_ACK; 1010 info->flags &= ~IEEE80211_TX_CTL_NO_ACK;
1015 } 1011 }
1016 1012
1017 if (tx->flags & IEEE80211_TX_FRAGMENTED) { 1013 if (tx->flags & IEEE80211_TX_FRAGMENTED) {
1018 if ((tx->flags & IEEE80211_TX_UNICAST) && 1014 if ((tx->flags & IEEE80211_TX_UNICAST) &&
1019 skb->len + FCS_LEN > local->fragmentation_threshold && 1015 skb->len + FCS_LEN > local->fragmentation_threshold &&
1020 !local->ops->set_frag_threshold) 1016 !local->ops->set_frag_threshold &&
1017 !(info->flags & IEEE80211_TX_CTL_AMPDU))
1021 tx->flags |= IEEE80211_TX_FRAGMENTED; 1018 tx->flags |= IEEE80211_TX_FRAGMENTED;
1022 else 1019 else
1023 tx->flags &= ~IEEE80211_TX_FRAGMENTED; 1020 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
1024 } 1021 }
1025 1022
1026 if (!tx->sta) 1023 if (!tx->sta)
1027 control->flags |= IEEE80211_TXCTL_CLEAR_PS_FILT; 1024 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1028 else if (tx->sta->flags & WLAN_STA_CLEAR_PS_FILT) { 1025 else if (test_and_clear_sta_flags(tx->sta, WLAN_STA_CLEAR_PS_FILT))
1029 control->flags |= IEEE80211_TXCTL_CLEAR_PS_FILT; 1026 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1030 tx->sta->flags &= ~WLAN_STA_CLEAR_PS_FILT;
1031 }
1032 1027
1033 hdrlen = ieee80211_get_hdrlen(tx->fc); 1028 hdrlen = ieee80211_get_hdrlen(tx->fc);
1034 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) { 1029 if (skb->len > hdrlen + sizeof(rfc1042_header) + 2) {
1035 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)]; 1030 u8 *pos = &skb->data[hdrlen + sizeof(rfc1042_header)];
1036 tx->ethertype = (pos[0] << 8) | pos[1]; 1031 tx->ethertype = (pos[0] << 8) | pos[1];
1037 } 1032 }
1038 control->flags |= IEEE80211_TXCTL_FIRST_FRAGMENT; 1033 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1039 1034
1040 return TX_CONTINUE; 1035 return TX_CONTINUE;
1041} 1036}
@@ -1045,14 +1040,11 @@ __ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1045 */ 1040 */
1046static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx, 1041static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1047 struct sk_buff *skb, 1042 struct sk_buff *skb,
1048 struct net_device *mdev, 1043 struct net_device *mdev)
1049 struct ieee80211_tx_control *control)
1050{ 1044{
1051 struct ieee80211_tx_packet_data *pkt_data;
1052 struct net_device *dev; 1045 struct net_device *dev;
1053 1046
1054 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb; 1047 dev = dev_get_by_index(&init_net, skb->iif);
1055 dev = dev_get_by_index(&init_net, pkt_data->ifindex);
1056 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) { 1048 if (unlikely(dev && !is_ieee80211_device(dev, mdev))) {
1057 dev_put(dev); 1049 dev_put(dev);
1058 dev = NULL; 1050 dev = NULL;
@@ -1060,7 +1052,7 @@ static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1060 if (unlikely(!dev)) 1052 if (unlikely(!dev))
1061 return -ENODEV; 1053 return -ENODEV;
1062 /* initialises tx with control */ 1054 /* initialises tx with control */
1063 __ieee80211_tx_prepare(tx, skb, dev, control); 1055 __ieee80211_tx_prepare(tx, skb, dev);
1064 dev_put(dev); 1056 dev_put(dev);
1065 return 0; 1057 return 0;
1066} 1058}
@@ -1068,50 +1060,50 @@ static int ieee80211_tx_prepare(struct ieee80211_tx_data *tx,
1068static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb, 1060static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
1069 struct ieee80211_tx_data *tx) 1061 struct ieee80211_tx_data *tx)
1070{ 1062{
1071 struct ieee80211_tx_control *control = tx->control; 1063 struct ieee80211_tx_info *info;
1072 int ret, i; 1064 int ret, i;
1073 1065
1074 if (!ieee80211_qdisc_installed(local->mdev) &&
1075 __ieee80211_queue_stopped(local, 0)) {
1076 netif_stop_queue(local->mdev);
1077 return IEEE80211_TX_AGAIN;
1078 }
1079 if (skb) { 1066 if (skb) {
1067 if (netif_subqueue_stopped(local->mdev, skb))
1068 return IEEE80211_TX_AGAIN;
1069 info = IEEE80211_SKB_CB(skb);
1070
1080 ieee80211_dump_frame(wiphy_name(local->hw.wiphy), 1071 ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
1081 "TX to low-level driver", skb); 1072 "TX to low-level driver", skb);
1082 ret = local->ops->tx(local_to_hw(local), skb, control); 1073 ret = local->ops->tx(local_to_hw(local), skb);
1083 if (ret) 1074 if (ret)
1084 return IEEE80211_TX_AGAIN; 1075 return IEEE80211_TX_AGAIN;
1085 local->mdev->trans_start = jiffies; 1076 local->mdev->trans_start = jiffies;
1086 ieee80211_led_tx(local, 1); 1077 ieee80211_led_tx(local, 1);
1087 } 1078 }
1088 if (tx->extra_frag) { 1079 if (tx->extra_frag) {
1089 control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
1090 IEEE80211_TXCTL_USE_CTS_PROTECT |
1091 IEEE80211_TXCTL_CLEAR_PS_FILT |
1092 IEEE80211_TXCTL_FIRST_FRAGMENT);
1093 for (i = 0; i < tx->num_extra_frag; i++) { 1080 for (i = 0; i < tx->num_extra_frag; i++) {
1094 if (!tx->extra_frag[i]) 1081 if (!tx->extra_frag[i])
1095 continue; 1082 continue;
1096 if (__ieee80211_queue_stopped(local, control->queue)) 1083 info = IEEE80211_SKB_CB(tx->extra_frag[i]);
1084 info->flags &= ~(IEEE80211_TX_CTL_USE_RTS_CTS |
1085 IEEE80211_TX_CTL_USE_CTS_PROTECT |
1086 IEEE80211_TX_CTL_CLEAR_PS_FILT |
1087 IEEE80211_TX_CTL_FIRST_FRAGMENT);
1088 if (netif_subqueue_stopped(local->mdev,
1089 tx->extra_frag[i]))
1097 return IEEE80211_TX_FRAG_AGAIN; 1090 return IEEE80211_TX_FRAG_AGAIN;
1098 if (i == tx->num_extra_frag) { 1091 if (i == tx->num_extra_frag) {
1099 control->tx_rate = tx->last_frag_rate; 1092 info->tx_rate_idx = tx->last_frag_rate_idx;
1100 1093
1101 if (tx->flags & IEEE80211_TX_PROBE_LAST_FRAG) 1094 if (tx->flags & IEEE80211_TX_PROBE_LAST_FRAG)
1102 control->flags |= 1095 info->flags |=
1103 IEEE80211_TXCTL_RATE_CTRL_PROBE; 1096 IEEE80211_TX_CTL_RATE_CTRL_PROBE;
1104 else 1097 else
1105 control->flags &= 1098 info->flags &=
1106 ~IEEE80211_TXCTL_RATE_CTRL_PROBE; 1099 ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
1107 } 1100 }
1108 1101
1109 ieee80211_dump_frame(wiphy_name(local->hw.wiphy), 1102 ieee80211_dump_frame(wiphy_name(local->hw.wiphy),
1110 "TX to low-level driver", 1103 "TX to low-level driver",
1111 tx->extra_frag[i]); 1104 tx->extra_frag[i]);
1112 ret = local->ops->tx(local_to_hw(local), 1105 ret = local->ops->tx(local_to_hw(local),
1113 tx->extra_frag[i], 1106 tx->extra_frag[i]);
1114 control);
1115 if (ret) 1107 if (ret)
1116 return IEEE80211_TX_FRAG_AGAIN; 1108 return IEEE80211_TX_FRAG_AGAIN;
1117 local->mdev->trans_start = jiffies; 1109 local->mdev->trans_start = jiffies;
@@ -1124,17 +1116,65 @@ static int __ieee80211_tx(struct ieee80211_local *local, struct sk_buff *skb,
1124 return IEEE80211_TX_OK; 1116 return IEEE80211_TX_OK;
1125} 1117}
1126 1118
1127static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb, 1119/*
1128 struct ieee80211_tx_control *control) 1120 * Invoke TX handlers, return 0 on success and non-zero if the
1121 * frame was dropped or queued.
1122 */
1123static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1124{
1125 struct sk_buff *skb = tx->skb;
1126 ieee80211_tx_result res = TX_DROP;
1127 int i;
1128
1129#define CALL_TXH(txh) \
1130 res = txh(tx); \
1131 if (res != TX_CONTINUE) \
1132 goto txh_done;
1133
1134 CALL_TXH(ieee80211_tx_h_check_assoc)
1135 CALL_TXH(ieee80211_tx_h_ps_buf)
1136 CALL_TXH(ieee80211_tx_h_select_key)
1137 CALL_TXH(ieee80211_tx_h_michael_mic_add)
1138 CALL_TXH(ieee80211_tx_h_rate_ctrl)
1139 CALL_TXH(ieee80211_tx_h_misc)
1140 CALL_TXH(ieee80211_tx_h_sequence)
1141 CALL_TXH(ieee80211_tx_h_fragment)
1142 /* handlers after fragment must be aware of tx info fragmentation! */
1143 CALL_TXH(ieee80211_tx_h_encrypt)
1144 CALL_TXH(ieee80211_tx_h_calculate_duration)
1145 CALL_TXH(ieee80211_tx_h_stats)
1146#undef CALL_TXH
1147
1148 txh_done:
1149 if (unlikely(res == TX_DROP)) {
1150 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1151 dev_kfree_skb(skb);
1152 for (i = 0; i < tx->num_extra_frag; i++)
1153 if (tx->extra_frag[i])
1154 dev_kfree_skb(tx->extra_frag[i]);
1155 kfree(tx->extra_frag);
1156 return -1;
1157 } else if (unlikely(res == TX_QUEUED)) {
1158 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1159 return -1;
1160 }
1161
1162 return 0;
1163}
1164
1165static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb)
1129{ 1166{
1130 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1167 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1131 struct sta_info *sta; 1168 struct sta_info *sta;
1132 ieee80211_tx_handler *handler;
1133 struct ieee80211_tx_data tx; 1169 struct ieee80211_tx_data tx;
1134 ieee80211_tx_result res = TX_DROP, res_prepare; 1170 ieee80211_tx_result res_prepare;
1171 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1135 int ret, i; 1172 int ret, i;
1173 u16 queue;
1174
1175 queue = skb_get_queue_mapping(skb);
1136 1176
1137 WARN_ON(__ieee80211_queue_pending(local, control->queue)); 1177 WARN_ON(test_bit(queue, local->queues_pending));
1138 1178
1139 if (unlikely(skb->len < 10)) { 1179 if (unlikely(skb->len < 10)) {
1140 dev_kfree_skb(skb); 1180 dev_kfree_skb(skb);
@@ -1144,7 +1184,7 @@ static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
1144 rcu_read_lock(); 1184 rcu_read_lock();
1145 1185
1146 /* initialises tx */ 1186 /* initialises tx */
1147 res_prepare = __ieee80211_tx_prepare(&tx, skb, dev, control); 1187 res_prepare = __ieee80211_tx_prepare(&tx, skb, dev);
1148 1188
1149 if (res_prepare == TX_DROP) { 1189 if (res_prepare == TX_DROP) {
1150 dev_kfree_skb(skb); 1190 dev_kfree_skb(skb);
@@ -1154,79 +1194,54 @@ static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
1154 1194
1155 sta = tx.sta; 1195 sta = tx.sta;
1156 tx.channel = local->hw.conf.channel; 1196 tx.channel = local->hw.conf.channel;
1197 info->band = tx.channel->band;
1157 1198
1158 for (handler = ieee80211_tx_handlers; *handler != NULL; 1199 if (invoke_tx_handlers(&tx))
1159 handler++) { 1200 goto out;
1160 res = (*handler)(&tx);
1161 if (res != TX_CONTINUE)
1162 break;
1163 }
1164
1165 skb = tx.skb; /* handlers are allowed to change skb */
1166
1167 if (unlikely(res == TX_DROP)) {
1168 I802_DEBUG_INC(local->tx_handlers_drop);
1169 goto drop;
1170 }
1171
1172 if (unlikely(res == TX_QUEUED)) {
1173 I802_DEBUG_INC(local->tx_handlers_queued);
1174 rcu_read_unlock();
1175 return 0;
1176 }
1177
1178 if (tx.extra_frag) {
1179 for (i = 0; i < tx.num_extra_frag; i++) {
1180 int next_len, dur;
1181 struct ieee80211_hdr *hdr =
1182 (struct ieee80211_hdr *)
1183 tx.extra_frag[i]->data;
1184
1185 if (i + 1 < tx.num_extra_frag) {
1186 next_len = tx.extra_frag[i + 1]->len;
1187 } else {
1188 next_len = 0;
1189 tx.rate = tx.last_frag_rate;
1190 }
1191 dur = ieee80211_duration(&tx, 0, next_len);
1192 hdr->duration_id = cpu_to_le16(dur);
1193 }
1194 }
1195 1201
1196retry: 1202retry:
1197 ret = __ieee80211_tx(local, skb, &tx); 1203 ret = __ieee80211_tx(local, skb, &tx);
1198 if (ret) { 1204 if (ret) {
1199 struct ieee80211_tx_stored_packet *store = 1205 struct ieee80211_tx_stored_packet *store;
1200 &local->pending_packet[control->queue]; 1206
1207 /*
1208 * Since there are no fragmented frames on A-MPDU
1209 * queues, there's no reason for a driver to reject
1210 * a frame there, warn and drop it.
1211 */
1212 if (WARN_ON(queue >= ieee80211_num_regular_queues(&local->hw)))
1213 goto drop;
1214
1215 store = &local->pending_packet[queue];
1201 1216
1202 if (ret == IEEE80211_TX_FRAG_AGAIN) 1217 if (ret == IEEE80211_TX_FRAG_AGAIN)
1203 skb = NULL; 1218 skb = NULL;
1204 set_bit(IEEE80211_LINK_STATE_PENDING, 1219
1205 &local->state[control->queue]); 1220 set_bit(queue, local->queues_pending);
1206 smp_mb(); 1221 smp_mb();
1207 /* When the driver gets out of buffers during sending of 1222 /*
1208 * fragments and calls ieee80211_stop_queue, there is 1223 * When the driver gets out of buffers during sending of
1209 * a small window between IEEE80211_LINK_STATE_XOFF and 1224 * fragments and calls ieee80211_stop_queue, the netif
1210 * IEEE80211_LINK_STATE_PENDING flags are set. If a buffer 1225 * subqueue is stopped. There is, however, a small window
1226 * in which the PENDING bit is not yet set. If a buffer
1211 * gets available in that window (i.e. driver calls 1227 * gets available in that window (i.e. driver calls
1212 * ieee80211_wake_queue), we would end up with ieee80211_tx 1228 * ieee80211_wake_queue), we would end up with ieee80211_tx
1213 * called with IEEE80211_LINK_STATE_PENDING. Prevent this by 1229 * called with the PENDING bit still set. Prevent this by
1214 * continuing transmitting here when that situation is 1230 * continuing transmitting here when that situation is
1215 * possible to have happened. */ 1231 * possible to have happened.
1216 if (!__ieee80211_queue_stopped(local, control->queue)) { 1232 */
1217 clear_bit(IEEE80211_LINK_STATE_PENDING, 1233 if (!__netif_subqueue_stopped(local->mdev, queue)) {
1218 &local->state[control->queue]); 1234 clear_bit(queue, local->queues_pending);
1219 goto retry; 1235 goto retry;
1220 } 1236 }
1221 memcpy(&store->control, control,
1222 sizeof(struct ieee80211_tx_control));
1223 store->skb = skb; 1237 store->skb = skb;
1224 store->extra_frag = tx.extra_frag; 1238 store->extra_frag = tx.extra_frag;
1225 store->num_extra_frag = tx.num_extra_frag; 1239 store->num_extra_frag = tx.num_extra_frag;
1226 store->last_frag_rate = tx.last_frag_rate; 1240 store->last_frag_rate_idx = tx.last_frag_rate_idx;
1227 store->last_frag_rate_ctrl_probe = 1241 store->last_frag_rate_ctrl_probe =
1228 !!(tx.flags & IEEE80211_TX_PROBE_LAST_FRAG); 1242 !!(tx.flags & IEEE80211_TX_PROBE_LAST_FRAG);
1229 } 1243 }
1244 out:
1230 rcu_read_unlock(); 1245 rcu_read_unlock();
1231 return 0; 1246 return 0;
1232 1247
@@ -1243,24 +1258,58 @@ retry:
1243 1258
1244/* device xmit handlers */ 1259/* device xmit handlers */
1245 1260
1261static int ieee80211_skb_resize(struct ieee80211_local *local,
1262 struct sk_buff *skb,
1263 int head_need, bool may_encrypt)
1264{
1265 int tail_need = 0;
1266
1267 /*
1268 * This could be optimised, devices that do full hardware
1269 * crypto (including TKIP MMIC) need no tailroom... But we
1270 * have no drivers for such devices currently.
1271 */
1272 if (may_encrypt) {
1273 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1274 tail_need -= skb_tailroom(skb);
1275 tail_need = max_t(int, tail_need, 0);
1276 }
1277
1278 if (head_need || tail_need) {
1279 /* Sorry. Can't account for this any more */
1280 skb_orphan(skb);
1281 }
1282
1283 if (skb_header_cloned(skb))
1284 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1285 else
1286 I802_DEBUG_INC(local->tx_expand_skb_head);
1287
1288 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1289 printk(KERN_DEBUG "%s: failed to reallocate TX buffer\n",
1290 wiphy_name(local->hw.wiphy));
1291 return -ENOMEM;
1292 }
1293
1294 /* update truesize too */
1295 skb->truesize += head_need + tail_need;
1296
1297 return 0;
1298}
1299
1246int ieee80211_master_start_xmit(struct sk_buff *skb, 1300int ieee80211_master_start_xmit(struct sk_buff *skb,
1247 struct net_device *dev) 1301 struct net_device *dev)
1248{ 1302{
1249 struct ieee80211_tx_control control; 1303 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1250 struct ieee80211_tx_packet_data *pkt_data; 1304 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1251 struct net_device *odev = NULL; 1305 struct net_device *odev = NULL;
1252 struct ieee80211_sub_if_data *osdata; 1306 struct ieee80211_sub_if_data *osdata;
1253 int headroom; 1307 int headroom;
1308 bool may_encrypt;
1254 int ret; 1309 int ret;
1255 1310
1256 /* 1311 if (skb->iif)
1257 * copy control out of the skb so other people can use skb->cb 1312 odev = dev_get_by_index(&init_net, skb->iif);
1258 */
1259 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1260 memset(&control, 0, sizeof(struct ieee80211_tx_control));
1261
1262 if (pkt_data->ifindex)
1263 odev = dev_get_by_index(&init_net, pkt_data->ifindex);
1264 if (unlikely(odev && !is_ieee80211_device(odev, dev))) { 1313 if (unlikely(odev && !is_ieee80211_device(odev, dev))) {
1265 dev_put(odev); 1314 dev_put(odev);
1266 odev = NULL; 1315 odev = NULL;
@@ -1273,32 +1322,43 @@ int ieee80211_master_start_xmit(struct sk_buff *skb,
1273 dev_kfree_skb(skb); 1322 dev_kfree_skb(skb);
1274 return 0; 1323 return 0;
1275 } 1324 }
1325
1326 memset(info, 0, sizeof(*info));
1327
1328 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
1329
1276 osdata = IEEE80211_DEV_TO_SUB_IF(odev); 1330 osdata = IEEE80211_DEV_TO_SUB_IF(odev);
1277 1331
1278 headroom = osdata->local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM; 1332 if (ieee80211_vif_is_mesh(&osdata->vif) &&
1279 if (skb_headroom(skb) < headroom) { 1333 ieee80211_is_data(hdr->frame_control)) {
1280 if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) { 1334 if (ieee80211_is_data(hdr->frame_control)) {
1281 dev_kfree_skb(skb); 1335 if (is_multicast_ether_addr(hdr->addr3))
1282 dev_put(odev); 1336 memcpy(hdr->addr1, hdr->addr3, ETH_ALEN);
1283 return 0; 1337 else
1338 if (mesh_nexthop_lookup(skb, odev))
1339 return 0;
1340 if (memcmp(odev->dev_addr, hdr->addr4, ETH_ALEN) != 0)
1341 IEEE80211_IFSTA_MESH_CTR_INC(&osdata->u.sta,
1342 fwded_frames);
1284 } 1343 }
1285 } 1344 }
1286 1345
1287 control.vif = &osdata->vif; 1346 may_encrypt = !skb->do_not_encrypt;
1288 control.type = osdata->vif.type; 1347
1289 if (pkt_data->flags & IEEE80211_TXPD_REQ_TX_STATUS) 1348 headroom = osdata->local->tx_headroom;
1290 control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS; 1349 if (may_encrypt)
1291 if (pkt_data->flags & IEEE80211_TXPD_DO_NOT_ENCRYPT) 1350 headroom += IEEE80211_ENCRYPT_HEADROOM;
1292 control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT; 1351 headroom -= skb_headroom(skb);
1293 if (pkt_data->flags & IEEE80211_TXPD_REQUEUE) 1352 headroom = max_t(int, 0, headroom);
1294 control.flags |= IEEE80211_TXCTL_REQUEUE; 1353
1295 if (pkt_data->flags & IEEE80211_TXPD_EAPOL_FRAME) 1354 if (ieee80211_skb_resize(osdata->local, skb, headroom, may_encrypt)) {
1296 control.flags |= IEEE80211_TXCTL_EAPOL_FRAME; 1355 dev_kfree_skb(skb);
1297 if (pkt_data->flags & IEEE80211_TXPD_AMPDU) 1356 dev_put(odev);
1298 control.flags |= IEEE80211_TXCTL_AMPDU; 1357 return 0;
1299 control.queue = pkt_data->queue; 1358 }
1300 1359
1301 ret = ieee80211_tx(odev, skb, &control); 1360 info->control.vif = &osdata->vif;
1361 ret = ieee80211_tx(odev, skb);
1302 dev_put(odev); 1362 dev_put(odev);
1303 1363
1304 return ret; 1364 return ret;
@@ -1308,7 +1368,6 @@ int ieee80211_monitor_start_xmit(struct sk_buff *skb,
1308 struct net_device *dev) 1368 struct net_device *dev)
1309{ 1369{
1310 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1370 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1311 struct ieee80211_tx_packet_data *pkt_data;
1312 struct ieee80211_radiotap_header *prthdr = 1371 struct ieee80211_radiotap_header *prthdr =
1313 (struct ieee80211_radiotap_header *)skb->data; 1372 (struct ieee80211_radiotap_header *)skb->data;
1314 u16 len_rthdr; 1373 u16 len_rthdr;
@@ -1330,12 +1389,12 @@ int ieee80211_monitor_start_xmit(struct sk_buff *skb,
1330 1389
1331 skb->dev = local->mdev; 1390 skb->dev = local->mdev;
1332 1391
1333 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
1334 memset(pkt_data, 0, sizeof(*pkt_data));
1335 /* needed because we set skb device to master */ 1392 /* needed because we set skb device to master */
1336 pkt_data->ifindex = dev->ifindex; 1393 skb->iif = dev->ifindex;
1337 1394
1338 pkt_data->flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT; 1395 /* sometimes we do encrypt injected frames, will be fixed
1396 * up in radiotap parser if not wanted */
1397 skb->do_not_encrypt = 0;
1339 1398
1340 /* 1399 /*
1341 * fix up the pointers accounting for the radiotap 1400 * fix up the pointers accounting for the radiotap
@@ -1379,10 +1438,10 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1379 struct net_device *dev) 1438 struct net_device *dev)
1380{ 1439{
1381 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1440 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1382 struct ieee80211_tx_packet_data *pkt_data;
1383 struct ieee80211_sub_if_data *sdata; 1441 struct ieee80211_sub_if_data *sdata;
1384 int ret = 1, head_need; 1442 int ret = 1, head_need;
1385 u16 ethertype, hdrlen, meshhdrlen = 0, fc; 1443 u16 ethertype, hdrlen, meshhdrlen = 0;
1444 __le16 fc;
1386 struct ieee80211_hdr hdr; 1445 struct ieee80211_hdr hdr;
1387 struct ieee80211s_hdr mesh_hdr; 1446 struct ieee80211s_hdr mesh_hdr;
1388 const u8 *encaps_data; 1447 const u8 *encaps_data;
@@ -1393,8 +1452,6 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1393 1452
1394 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1453 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1395 if (unlikely(skb->len < ETH_HLEN)) { 1454 if (unlikely(skb->len < ETH_HLEN)) {
1396 printk(KERN_DEBUG "%s: short skb (len=%d)\n",
1397 dev->name, skb->len);
1398 ret = 0; 1455 ret = 0;
1399 goto fail; 1456 goto fail;
1400 } 1457 }
@@ -1405,12 +1462,12 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1405 /* convert Ethernet header to proper 802.11 header (based on 1462 /* convert Ethernet header to proper 802.11 header (based on
1406 * operation mode) */ 1463 * operation mode) */
1407 ethertype = (skb->data[12] << 8) | skb->data[13]; 1464 ethertype = (skb->data[12] << 8) | skb->data[13];
1408 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA; 1465 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
1409 1466
1410 switch (sdata->vif.type) { 1467 switch (sdata->vif.type) {
1411 case IEEE80211_IF_TYPE_AP: 1468 case IEEE80211_IF_TYPE_AP:
1412 case IEEE80211_IF_TYPE_VLAN: 1469 case IEEE80211_IF_TYPE_VLAN:
1413 fc |= IEEE80211_FCTL_FROMDS; 1470 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
1414 /* DA BSSID SA */ 1471 /* DA BSSID SA */
1415 memcpy(hdr.addr1, skb->data, ETH_ALEN); 1472 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1416 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1473 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
@@ -1418,7 +1475,7 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1418 hdrlen = 24; 1475 hdrlen = 24;
1419 break; 1476 break;
1420 case IEEE80211_IF_TYPE_WDS: 1477 case IEEE80211_IF_TYPE_WDS:
1421 fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS; 1478 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1422 /* RA TA DA SA */ 1479 /* RA TA DA SA */
1423 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN); 1480 memcpy(hdr.addr1, sdata->u.wds.remote_addr, ETH_ALEN);
1424 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1481 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
@@ -1428,37 +1485,24 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1428 break; 1485 break;
1429#ifdef CONFIG_MAC80211_MESH 1486#ifdef CONFIG_MAC80211_MESH
1430 case IEEE80211_IF_TYPE_MESH_POINT: 1487 case IEEE80211_IF_TYPE_MESH_POINT:
1431 fc |= IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS; 1488 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1432 /* RA TA DA SA */ 1489 /* RA TA DA SA */
1433 if (is_multicast_ether_addr(skb->data)) 1490 memset(hdr.addr1, 0, ETH_ALEN);
1434 memcpy(hdr.addr1, skb->data, ETH_ALEN);
1435 else if (mesh_nexthop_lookup(hdr.addr1, skb, dev))
1436 return 0;
1437 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN); 1491 memcpy(hdr.addr2, dev->dev_addr, ETH_ALEN);
1438 memcpy(hdr.addr3, skb->data, ETH_ALEN); 1492 memcpy(hdr.addr3, skb->data, ETH_ALEN);
1439 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN); 1493 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
1440 if (skb->pkt_type == PACKET_OTHERHOST) { 1494 if (!sdata->u.sta.mshcfg.dot11MeshTTL) {
1441 /* Forwarded frame, keep mesh ttl and seqnum */ 1495 /* Do not send frames with mesh_ttl == 0 */
1442 struct ieee80211s_hdr *prev_meshhdr; 1496 sdata->u.sta.mshstats.dropped_frames_ttl++;
1443 prev_meshhdr = ((struct ieee80211s_hdr *)skb->cb); 1497 ret = 0;
1444 meshhdrlen = ieee80211_get_mesh_hdrlen(prev_meshhdr); 1498 goto fail;
1445 memcpy(&mesh_hdr, prev_meshhdr, meshhdrlen);
1446 sdata->u.sta.mshstats.fwded_frames++;
1447 } else {
1448 if (!sdata->u.sta.mshcfg.dot11MeshTTL) {
1449 /* Do not send frames with mesh_ttl == 0 */
1450 sdata->u.sta.mshstats.dropped_frames_ttl++;
1451 ret = 0;
1452 goto fail;
1453 }
1454 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
1455 sdata);
1456 } 1499 }
1500 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr, sdata);
1457 hdrlen = 30; 1501 hdrlen = 30;
1458 break; 1502 break;
1459#endif 1503#endif
1460 case IEEE80211_IF_TYPE_STA: 1504 case IEEE80211_IF_TYPE_STA:
1461 fc |= IEEE80211_FCTL_TODS; 1505 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
1462 /* BSSID SA DA */ 1506 /* BSSID SA DA */
1463 memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN); 1507 memcpy(hdr.addr1, sdata->u.sta.bssid, ETH_ALEN);
1464 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN); 1508 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
@@ -1486,13 +1530,14 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1486 rcu_read_lock(); 1530 rcu_read_lock();
1487 sta = sta_info_get(local, hdr.addr1); 1531 sta = sta_info_get(local, hdr.addr1);
1488 if (sta) 1532 if (sta)
1489 sta_flags = sta->flags; 1533 sta_flags = get_sta_flags(sta);
1490 rcu_read_unlock(); 1534 rcu_read_unlock();
1491 } 1535 }
1492 1536
1493 /* receiver is QoS enabled, use a QoS type frame */ 1537 /* receiver and we are QoS enabled, use a QoS type frame */
1494 if (sta_flags & WLAN_STA_WME) { 1538 if (sta_flags & WLAN_STA_WME &&
1495 fc |= IEEE80211_STYPE_QOS_DATA; 1539 ieee80211_num_regular_queues(&local->hw) >= 4) {
1540 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1496 hdrlen += 2; 1541 hdrlen += 2;
1497 } 1542 }
1498 1543
@@ -1500,7 +1545,8 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1500 * Drop unicast frames to unauthorised stations unless they are 1545 * Drop unicast frames to unauthorised stations unless they are
1501 * EAPOL frames from the local station. 1546 * EAPOL frames from the local station.
1502 */ 1547 */
1503 if (unlikely(!is_multicast_ether_addr(hdr.addr1) && 1548 if (!ieee80211_vif_is_mesh(&sdata->vif) &&
1549 unlikely(!is_multicast_ether_addr(hdr.addr1) &&
1504 !(sta_flags & WLAN_STA_AUTHORIZED) && 1550 !(sta_flags & WLAN_STA_AUTHORIZED) &&
1505 !(ethertype == ETH_P_PAE && 1551 !(ethertype == ETH_P_PAE &&
1506 compare_ether_addr(dev->dev_addr, 1552 compare_ether_addr(dev->dev_addr,
@@ -1520,7 +1566,7 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1520 goto fail; 1566 goto fail;
1521 } 1567 }
1522 1568
1523 hdr.frame_control = cpu_to_le16(fc); 1569 hdr.frame_control = fc;
1524 hdr.duration_id = 0; 1570 hdr.duration_id = 0;
1525 hdr.seq_ctrl = 0; 1571 hdr.seq_ctrl = 0;
1526 1572
@@ -1555,32 +1601,26 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1555 * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and 1601 * build in headroom in __dev_alloc_skb() (linux/skbuff.h) and
1556 * alloc_skb() (net/core/skbuff.c) 1602 * alloc_skb() (net/core/skbuff.c)
1557 */ 1603 */
1558 head_need = hdrlen + encaps_len + meshhdrlen + local->tx_headroom; 1604 head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
1559 head_need -= skb_headroom(skb);
1560 1605
1561 /* We are going to modify skb data, so make a copy of it if happens to 1606 /*
1562 * be cloned. This could happen, e.g., with Linux bridge code passing 1607 * So we need to modify the skb header and hence need a copy of
1563 * us broadcast frames. */ 1608 * that. The head_need variable above doesn't, so far, include
1564 1609 * the needed header space that we don't need right away. If we
1565 if (head_need > 0 || skb_header_cloned(skb)) { 1610 * can, then we don't reallocate right now but only after the
1566#if 0 1611 * frame arrives at the master device (if it does...)
1567 printk(KERN_DEBUG "%s: need to reallocate buffer for %d bytes " 1612 *
1568 "of headroom\n", dev->name, head_need); 1613 * If we cannot, however, then we will reallocate to include all
1569#endif 1614 * the ever needed space. Also, if we need to reallocate it anyway,
1615 * make it big enough for everything we may ever need.
1616 */
1570 1617
1571 if (skb_header_cloned(skb)) 1618 if (head_need > 0 || skb_cloned(skb)) {
1572 I802_DEBUG_INC(local->tx_expand_skb_head_cloned); 1619 head_need += IEEE80211_ENCRYPT_HEADROOM;
1573 else 1620 head_need += local->tx_headroom;
1574 I802_DEBUG_INC(local->tx_expand_skb_head); 1621 head_need = max_t(int, 0, head_need);
1575 /* Since we have to reallocate the buffer, make sure that there 1622 if (ieee80211_skb_resize(local, skb, head_need, true))
1576 * is enough room for possible WEP IV/ICV and TKIP (8 bytes
1577 * before payload and 12 after). */
1578 if (pskb_expand_head(skb, (head_need > 0 ? head_need + 8 : 8),
1579 12, GFP_ATOMIC)) {
1580 printk(KERN_DEBUG "%s: failed to reallocate TX buffer"
1581 "\n", dev->name);
1582 goto fail; 1623 goto fail;
1583 }
1584 } 1624 }
1585 1625
1586 if (encaps_data) { 1626 if (encaps_data) {
@@ -1595,7 +1635,7 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1595 h_pos += meshhdrlen; 1635 h_pos += meshhdrlen;
1596 } 1636 }
1597 1637
1598 if (fc & IEEE80211_STYPE_QOS_DATA) { 1638 if (ieee80211_is_data_qos(fc)) {
1599 __le16 *qos_control; 1639 __le16 *qos_control;
1600 1640
1601 qos_control = (__le16*) skb_push(skb, 2); 1641 qos_control = (__le16*) skb_push(skb, 2);
@@ -1611,11 +1651,7 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1611 nh_pos += hdrlen; 1651 nh_pos += hdrlen;
1612 h_pos += hdrlen; 1652 h_pos += hdrlen;
1613 1653
1614 pkt_data = (struct ieee80211_tx_packet_data *)skb->cb; 1654 skb->iif = dev->ifindex;
1615 memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
1616 pkt_data->ifindex = dev->ifindex;
1617 if (ethertype == ETH_P_PAE)
1618 pkt_data->flags |= IEEE80211_TXPD_EAPOL_FRAME;
1619 1655
1620 skb->dev = local->mdev; 1656 skb->dev = local->mdev;
1621 dev->stats.tx_packets++; 1657 dev->stats.tx_packets++;
@@ -1640,46 +1676,60 @@ int ieee80211_subif_start_xmit(struct sk_buff *skb,
1640 return ret; 1676 return ret;
1641} 1677}
1642 1678
1643/* helper functions for pending packets for when queues are stopped */
1644 1679
1680/*
1681 * ieee80211_clear_tx_pending may not be called in a context where
1682 * it is possible that it packets could come in again.
1683 */
1645void ieee80211_clear_tx_pending(struct ieee80211_local *local) 1684void ieee80211_clear_tx_pending(struct ieee80211_local *local)
1646{ 1685{
1647 int i, j; 1686 int i, j;
1648 struct ieee80211_tx_stored_packet *store; 1687 struct ieee80211_tx_stored_packet *store;
1649 1688
1650 for (i = 0; i < local->hw.queues; i++) { 1689 for (i = 0; i < ieee80211_num_regular_queues(&local->hw); i++) {
1651 if (!__ieee80211_queue_pending(local, i)) 1690 if (!test_bit(i, local->queues_pending))
1652 continue; 1691 continue;
1653 store = &local->pending_packet[i]; 1692 store = &local->pending_packet[i];
1654 kfree_skb(store->skb); 1693 kfree_skb(store->skb);
1655 for (j = 0; j < store->num_extra_frag; j++) 1694 for (j = 0; j < store->num_extra_frag; j++)
1656 kfree_skb(store->extra_frag[j]); 1695 kfree_skb(store->extra_frag[j]);
1657 kfree(store->extra_frag); 1696 kfree(store->extra_frag);
1658 clear_bit(IEEE80211_LINK_STATE_PENDING, &local->state[i]); 1697 clear_bit(i, local->queues_pending);
1659 } 1698 }
1660} 1699}
1661 1700
1701/*
1702 * Transmit all pending packets. Called from tasklet, locks master device
1703 * TX lock so that no new packets can come in.
1704 */
1662void ieee80211_tx_pending(unsigned long data) 1705void ieee80211_tx_pending(unsigned long data)
1663{ 1706{
1664 struct ieee80211_local *local = (struct ieee80211_local *)data; 1707 struct ieee80211_local *local = (struct ieee80211_local *)data;
1665 struct net_device *dev = local->mdev; 1708 struct net_device *dev = local->mdev;
1666 struct ieee80211_tx_stored_packet *store; 1709 struct ieee80211_tx_stored_packet *store;
1667 struct ieee80211_tx_data tx; 1710 struct ieee80211_tx_data tx;
1668 int i, ret, reschedule = 0; 1711 int i, ret;
1669 1712
1670 netif_tx_lock_bh(dev); 1713 netif_tx_lock_bh(dev);
1671 for (i = 0; i < local->hw.queues; i++) { 1714 for (i = 0; i < ieee80211_num_regular_queues(&local->hw); i++) {
1672 if (__ieee80211_queue_stopped(local, i)) 1715 /* Check that this queue is ok */
1716 if (__netif_subqueue_stopped(local->mdev, i) &&
1717 !test_bit(i, local->queues_pending_run))
1673 continue; 1718 continue;
1674 if (!__ieee80211_queue_pending(local, i)) { 1719
1675 reschedule = 1; 1720 if (!test_bit(i, local->queues_pending)) {
1721 clear_bit(i, local->queues_pending_run);
1722 ieee80211_wake_queue(&local->hw, i);
1676 continue; 1723 continue;
1677 } 1724 }
1725
1726 clear_bit(i, local->queues_pending_run);
1727 netif_start_subqueue(local->mdev, i);
1728
1678 store = &local->pending_packet[i]; 1729 store = &local->pending_packet[i];
1679 tx.control = &store->control;
1680 tx.extra_frag = store->extra_frag; 1730 tx.extra_frag = store->extra_frag;
1681 tx.num_extra_frag = store->num_extra_frag; 1731 tx.num_extra_frag = store->num_extra_frag;
1682 tx.last_frag_rate = store->last_frag_rate; 1732 tx.last_frag_rate_idx = store->last_frag_rate_idx;
1683 tx.flags = 0; 1733 tx.flags = 0;
1684 if (store->last_frag_rate_ctrl_probe) 1734 if (store->last_frag_rate_ctrl_probe)
1685 tx.flags |= IEEE80211_TX_PROBE_LAST_FRAG; 1735 tx.flags |= IEEE80211_TX_PROBE_LAST_FRAG;
@@ -1688,19 +1738,11 @@ void ieee80211_tx_pending(unsigned long data)
1688 if (ret == IEEE80211_TX_FRAG_AGAIN) 1738 if (ret == IEEE80211_TX_FRAG_AGAIN)
1689 store->skb = NULL; 1739 store->skb = NULL;
1690 } else { 1740 } else {
1691 clear_bit(IEEE80211_LINK_STATE_PENDING, 1741 clear_bit(i, local->queues_pending);
1692 &local->state[i]); 1742 ieee80211_wake_queue(&local->hw, i);
1693 reschedule = 1;
1694 } 1743 }
1695 } 1744 }
1696 netif_tx_unlock_bh(dev); 1745 netif_tx_unlock_bh(dev);
1697 if (reschedule) {
1698 if (!ieee80211_qdisc_installed(dev)) {
1699 if (!__ieee80211_queue_stopped(local, 0))
1700 netif_wake_queue(dev);
1701 } else
1702 netif_schedule(dev);
1703 }
1704} 1746}
1705 1747
1706/* functions for drivers to get certain frames */ 1748/* functions for drivers to get certain frames */
@@ -1769,23 +1811,24 @@ static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
1769} 1811}
1770 1812
1771struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw, 1813struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1772 struct ieee80211_vif *vif, 1814 struct ieee80211_vif *vif)
1773 struct ieee80211_tx_control *control)
1774{ 1815{
1775 struct ieee80211_local *local = hw_to_local(hw); 1816 struct ieee80211_local *local = hw_to_local(hw);
1776 struct sk_buff *skb; 1817 struct sk_buff *skb = NULL;
1818 struct ieee80211_tx_info *info;
1777 struct net_device *bdev; 1819 struct net_device *bdev;
1778 struct ieee80211_sub_if_data *sdata = NULL; 1820 struct ieee80211_sub_if_data *sdata = NULL;
1779 struct ieee80211_if_ap *ap = NULL; 1821 struct ieee80211_if_ap *ap = NULL;
1822 struct ieee80211_if_sta *ifsta = NULL;
1780 struct rate_selection rsel; 1823 struct rate_selection rsel;
1781 struct beacon_data *beacon; 1824 struct beacon_data *beacon;
1782 struct ieee80211_supported_band *sband; 1825 struct ieee80211_supported_band *sband;
1783 struct ieee80211_mgmt *mgmt; 1826 struct ieee80211_mgmt *mgmt;
1784 int *num_beacons; 1827 int *num_beacons;
1785 bool err = true; 1828 enum ieee80211_band band = local->hw.conf.channel->band;
1786 u8 *pos; 1829 u8 *pos;
1787 1830
1788 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1831 sband = local->hw.wiphy->bands[band];
1789 1832
1790 rcu_read_lock(); 1833 rcu_read_lock();
1791 1834
@@ -1810,9 +1853,6 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1810 memcpy(skb_put(skb, beacon->head_len), beacon->head, 1853 memcpy(skb_put(skb, beacon->head_len), beacon->head,
1811 beacon->head_len); 1854 beacon->head_len);
1812 1855
1813 ieee80211_include_sequence(sdata,
1814 (struct ieee80211_hdr *)skb->data);
1815
1816 /* 1856 /*
1817 * Not very nice, but we want to allow the driver to call 1857 * Not very nice, but we want to allow the driver to call
1818 * ieee80211_beacon_get() as a response to the set_tim() 1858 * ieee80211_beacon_get() as a response to the set_tim()
@@ -1835,9 +1875,24 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1835 beacon->tail, beacon->tail_len); 1875 beacon->tail, beacon->tail_len);
1836 1876
1837 num_beacons = &ap->num_beacons; 1877 num_beacons = &ap->num_beacons;
1878 } else
1879 goto out;
1880 } else if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
1881 struct ieee80211_hdr *hdr;
1882 ifsta = &sdata->u.sta;
1838 1883
1839 err = false; 1884 if (!ifsta->probe_resp)
1840 } 1885 goto out;
1886
1887 skb = skb_copy(ifsta->probe_resp, GFP_ATOMIC);
1888 if (!skb)
1889 goto out;
1890
1891 hdr = (struct ieee80211_hdr *) skb->data;
1892 hdr->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT,
1893 IEEE80211_STYPE_BEACON);
1894
1895 num_beacons = &ifsta->num_beacons;
1841 } else if (ieee80211_vif_is_mesh(&sdata->vif)) { 1896 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
1842 /* headroom, head length, tail length and maximum TIM length */ 1897 /* headroom, head length, tail length and maximum TIM length */
1843 skb = dev_alloc_skb(local->tx_headroom + 400); 1898 skb = dev_alloc_skb(local->tx_headroom + 400);
@@ -1848,8 +1903,8 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1848 mgmt = (struct ieee80211_mgmt *) 1903 mgmt = (struct ieee80211_mgmt *)
1849 skb_put(skb, 24 + sizeof(mgmt->u.beacon)); 1904 skb_put(skb, 24 + sizeof(mgmt->u.beacon));
1850 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 1905 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
1851 mgmt->frame_control = IEEE80211_FC(IEEE80211_FTYPE_MGMT, 1906 mgmt->frame_control =
1852 IEEE80211_STYPE_BEACON); 1907 cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON);
1853 memset(mgmt->da, 0xff, ETH_ALEN); 1908 memset(mgmt->da, 0xff, ETH_ALEN);
1854 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN); 1909 memcpy(mgmt->sa, sdata->dev->dev_addr, ETH_ALEN);
1855 /* BSSID is left zeroed, wildcard value */ 1910 /* BSSID is left zeroed, wildcard value */
@@ -1864,44 +1919,42 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
1864 mesh_mgmt_ies_add(skb, sdata->dev); 1919 mesh_mgmt_ies_add(skb, sdata->dev);
1865 1920
1866 num_beacons = &sdata->u.sta.num_beacons; 1921 num_beacons = &sdata->u.sta.num_beacons;
1867 1922 } else {
1868 err = false; 1923 WARN_ON(1);
1924 goto out;
1869 } 1925 }
1870 1926
1871 if (err) { 1927 info = IEEE80211_SKB_CB(skb);
1872#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1928
1873 if (net_ratelimit()) 1929 skb->do_not_encrypt = 1;
1874 printk(KERN_DEBUG "no beacon data avail for %s\n", 1930
1875 bdev->name); 1931 info->band = band;
1876#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 1932 rate_control_get_rate(local->mdev, sband, skb, &rsel);
1933
1934 if (unlikely(rsel.rate_idx < 0)) {
1935 if (net_ratelimit()) {
1936 printk(KERN_DEBUG "%s: ieee80211_beacon_get: "
1937 "no rate found\n",
1938 wiphy_name(local->hw.wiphy));
1939 }
1940 dev_kfree_skb_any(skb);
1877 skb = NULL; 1941 skb = NULL;
1878 goto out; 1942 goto out;
1879 } 1943 }
1880 1944
1881 if (control) { 1945 info->control.vif = vif;
1882 rate_control_get_rate(local->mdev, sband, skb, &rsel); 1946 info->tx_rate_idx = rsel.rate_idx;
1883 if (!rsel.rate) { 1947
1884 if (net_ratelimit()) { 1948 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1885 printk(KERN_DEBUG "%s: ieee80211_beacon_get: " 1949 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1886 "no rate found\n", 1950 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
1887 wiphy_name(local->hw.wiphy)); 1951 if (sdata->bss_conf.use_short_preamble &&
1888 } 1952 sband->bitrates[rsel.rate_idx].flags & IEEE80211_RATE_SHORT_PREAMBLE)
1889 dev_kfree_skb(skb); 1953 info->flags |= IEEE80211_TX_CTL_SHORT_PREAMBLE;
1890 skb = NULL; 1954
1891 goto out; 1955 info->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
1892 } 1956 info->control.retry_limit = 1;
1893 1957
1894 control->vif = vif;
1895 control->tx_rate = rsel.rate;
1896 if (sdata->bss_conf.use_short_preamble &&
1897 rsel.rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
1898 control->flags |= IEEE80211_TXCTL_SHORT_PREAMBLE;
1899 control->antenna_sel_tx = local->hw.conf.antenna_sel_tx;
1900 control->flags |= IEEE80211_TXCTL_NO_ACK;
1901 control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
1902 control->retry_limit = 1;
1903 control->flags |= IEEE80211_TXCTL_CLEAR_PS_FILT;
1904 }
1905 (*num_beacons)++; 1958 (*num_beacons)++;
1906out: 1959out:
1907 rcu_read_unlock(); 1960 rcu_read_unlock();
@@ -1911,14 +1964,13 @@ EXPORT_SYMBOL(ieee80211_beacon_get);
1911 1964
1912void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 1965void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1913 const void *frame, size_t frame_len, 1966 const void *frame, size_t frame_len,
1914 const struct ieee80211_tx_control *frame_txctl, 1967 const struct ieee80211_tx_info *frame_txctl,
1915 struct ieee80211_rts *rts) 1968 struct ieee80211_rts *rts)
1916{ 1969{
1917 const struct ieee80211_hdr *hdr = frame; 1970 const struct ieee80211_hdr *hdr = frame;
1918 u16 fctl;
1919 1971
1920 fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS; 1972 rts->frame_control =
1921 rts->frame_control = cpu_to_le16(fctl); 1973 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
1922 rts->duration = ieee80211_rts_duration(hw, vif, frame_len, 1974 rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
1923 frame_txctl); 1975 frame_txctl);
1924 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra)); 1976 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
@@ -1928,14 +1980,13 @@ EXPORT_SYMBOL(ieee80211_rts_get);
1928 1980
1929void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 1981void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1930 const void *frame, size_t frame_len, 1982 const void *frame, size_t frame_len,
1931 const struct ieee80211_tx_control *frame_txctl, 1983 const struct ieee80211_tx_info *frame_txctl,
1932 struct ieee80211_cts *cts) 1984 struct ieee80211_cts *cts)
1933{ 1985{
1934 const struct ieee80211_hdr *hdr = frame; 1986 const struct ieee80211_hdr *hdr = frame;
1935 u16 fctl;
1936 1987
1937 fctl = IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS; 1988 cts->frame_control =
1938 cts->frame_control = cpu_to_le16(fctl); 1989 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
1939 cts->duration = ieee80211_ctstoself_duration(hw, vif, 1990 cts->duration = ieee80211_ctstoself_duration(hw, vif,
1940 frame_len, frame_txctl); 1991 frame_len, frame_txctl);
1941 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra)); 1992 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
@@ -1944,23 +1995,21 @@ EXPORT_SYMBOL(ieee80211_ctstoself_get);
1944 1995
1945struct sk_buff * 1996struct sk_buff *
1946ieee80211_get_buffered_bc(struct ieee80211_hw *hw, 1997ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
1947 struct ieee80211_vif *vif, 1998 struct ieee80211_vif *vif)
1948 struct ieee80211_tx_control *control)
1949{ 1999{
1950 struct ieee80211_local *local = hw_to_local(hw); 2000 struct ieee80211_local *local = hw_to_local(hw);
1951 struct sk_buff *skb; 2001 struct sk_buff *skb = NULL;
1952 struct sta_info *sta; 2002 struct sta_info *sta;
1953 ieee80211_tx_handler *handler;
1954 struct ieee80211_tx_data tx; 2003 struct ieee80211_tx_data tx;
1955 ieee80211_tx_result res = TX_DROP;
1956 struct net_device *bdev; 2004 struct net_device *bdev;
1957 struct ieee80211_sub_if_data *sdata; 2005 struct ieee80211_sub_if_data *sdata;
1958 struct ieee80211_if_ap *bss = NULL; 2006 struct ieee80211_if_ap *bss = NULL;
1959 struct beacon_data *beacon; 2007 struct beacon_data *beacon;
2008 struct ieee80211_tx_info *info;
1960 2009
1961 sdata = vif_to_sdata(vif); 2010 sdata = vif_to_sdata(vif);
1962 bdev = sdata->dev; 2011 bdev = sdata->dev;
1963 2012 bss = &sdata->u.ap;
1964 2013
1965 if (!bss) 2014 if (!bss)
1966 return NULL; 2015 return NULL;
@@ -1968,19 +2017,16 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
1968 rcu_read_lock(); 2017 rcu_read_lock();
1969 beacon = rcu_dereference(bss->beacon); 2018 beacon = rcu_dereference(bss->beacon);
1970 2019
1971 if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || 2020 if (sdata->vif.type != IEEE80211_IF_TYPE_AP || !beacon || !beacon->head)
1972 !beacon->head) { 2021 goto out;
1973 rcu_read_unlock();
1974 return NULL;
1975 }
1976 2022
1977 if (bss->dtim_count != 0) 2023 if (bss->dtim_count != 0)
1978 return NULL; /* send buffered bc/mc only after DTIM beacon */ 2024 goto out; /* send buffered bc/mc only after DTIM beacon */
1979 memset(control, 0, sizeof(*control)); 2025
1980 while (1) { 2026 while (1) {
1981 skb = skb_dequeue(&bss->ps_bc_buf); 2027 skb = skb_dequeue(&bss->ps_bc_buf);
1982 if (!skb) 2028 if (!skb)
1983 return NULL; 2029 goto out;
1984 local->total_ps_buffered--; 2030 local->total_ps_buffered--;
1985 2031
1986 if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) { 2032 if (!skb_queue_empty(&bss->ps_bc_buf) && skb->len >= 2) {
@@ -1993,30 +2039,21 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
1993 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 2039 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1994 } 2040 }
1995 2041
1996 if (!ieee80211_tx_prepare(&tx, skb, local->mdev, control)) 2042 if (!ieee80211_tx_prepare(&tx, skb, local->mdev))
1997 break; 2043 break;
1998 dev_kfree_skb_any(skb); 2044 dev_kfree_skb_any(skb);
1999 } 2045 }
2046
2047 info = IEEE80211_SKB_CB(skb);
2048
2000 sta = tx.sta; 2049 sta = tx.sta;
2001 tx.flags |= IEEE80211_TX_PS_BUFFERED; 2050 tx.flags |= IEEE80211_TX_PS_BUFFERED;
2002 tx.channel = local->hw.conf.channel; 2051 tx.channel = local->hw.conf.channel;
2052 info->band = tx.channel->band;
2003 2053
2004 for (handler = ieee80211_tx_handlers; *handler != NULL; handler++) { 2054 if (invoke_tx_handlers(&tx))
2005 res = (*handler)(&tx);
2006 if (res == TX_DROP || res == TX_QUEUED)
2007 break;
2008 }
2009 skb = tx.skb; /* handlers are allowed to change skb */
2010
2011 if (res == TX_DROP) {
2012 I802_DEBUG_INC(local->tx_handlers_drop);
2013 dev_kfree_skb(skb);
2014 skb = NULL; 2055 skb = NULL;
2015 } else if (res == TX_QUEUED) { 2056 out:
2016 I802_DEBUG_INC(local->tx_handlers_queued);
2017 skb = NULL;
2018 }
2019
2020 rcu_read_unlock(); 2057 rcu_read_unlock();
2021 2058
2022 return skb; 2059 return skb;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 131e9e6c8a32..0d463c80c404 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -34,49 +34,48 @@ void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
34 34
35/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */ 35/* See IEEE 802.1H for LLC/SNAP encapsulation/decapsulation */
36/* Ethernet-II snap header (RFC1042 for most EtherTypes) */ 36/* Ethernet-II snap header (RFC1042 for most EtherTypes) */
37const unsigned char rfc1042_header[] = 37const unsigned char rfc1042_header[] __aligned(2) =
38 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 38 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
39 39
40/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */ 40/* Bridge-Tunnel header (for EtherTypes ETH_P_AARP and ETH_P_IPX) */
41const unsigned char bridge_tunnel_header[] = 41const unsigned char bridge_tunnel_header[] __aligned(2) =
42 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 }; 42 { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8 };
43 43
44 44
45u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len, 45u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len,
46 enum ieee80211_if_types type) 46 enum ieee80211_if_types type)
47{ 47{
48 u16 fc; 48 __le16 fc = hdr->frame_control;
49 49
50 /* drop ACK/CTS frames and incorrect hdr len (ctrl) */ 50 /* drop ACK/CTS frames and incorrect hdr len (ctrl) */
51 if (len < 16) 51 if (len < 16)
52 return NULL; 52 return NULL;
53 53
54 fc = le16_to_cpu(hdr->frame_control); 54 if (ieee80211_is_data(fc)) {
55
56 switch (fc & IEEE80211_FCTL_FTYPE) {
57 case IEEE80211_FTYPE_DATA:
58 if (len < 24) /* drop incorrect hdr len (data) */ 55 if (len < 24) /* drop incorrect hdr len (data) */
59 return NULL; 56 return NULL;
60 switch (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { 57
61 case IEEE80211_FCTL_TODS: 58 if (ieee80211_has_a4(fc))
62 return hdr->addr1;
63 case (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
64 return NULL; 59 return NULL;
65 case IEEE80211_FCTL_FROMDS: 60 if (ieee80211_has_tods(fc))
61 return hdr->addr1;
62 if (ieee80211_has_fromds(fc))
66 return hdr->addr2; 63 return hdr->addr2;
67 case 0: 64
68 return hdr->addr3; 65 return hdr->addr3;
69 } 66 }
70 break; 67
71 case IEEE80211_FTYPE_MGMT: 68 if (ieee80211_is_mgmt(fc)) {
72 if (len < 24) /* drop incorrect hdr len (mgmt) */ 69 if (len < 24) /* drop incorrect hdr len (mgmt) */
73 return NULL; 70 return NULL;
74 return hdr->addr3; 71 return hdr->addr3;
75 case IEEE80211_FTYPE_CTL: 72 }
76 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL) 73
74 if (ieee80211_is_ctl(fc)) {
75 if(ieee80211_is_pspoll(fc))
77 return hdr->addr1; 76 return hdr->addr1;
78 else if ((fc & IEEE80211_FCTL_STYPE) == 77
79 IEEE80211_STYPE_BACK_REQ) { 78 if (ieee80211_is_back_req(fc)) {
80 switch (type) { 79 switch (type) {
81 case IEEE80211_IF_TYPE_STA: 80 case IEEE80211_IF_TYPE_STA:
82 return hdr->addr2; 81 return hdr->addr2;
@@ -84,11 +83,9 @@ u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len,
84 case IEEE80211_IF_TYPE_VLAN: 83 case IEEE80211_IF_TYPE_VLAN:
85 return hdr->addr1; 84 return hdr->addr1;
86 default: 85 default:
87 return NULL; 86 break; /* fall through to the return */
88 } 87 }
89 } 88 }
90 else
91 return NULL;
92 } 89 }
93 90
94 return NULL; 91 return NULL;
@@ -133,14 +130,46 @@ int ieee80211_get_hdrlen(u16 fc)
133} 130}
134EXPORT_SYMBOL(ieee80211_get_hdrlen); 131EXPORT_SYMBOL(ieee80211_get_hdrlen);
135 132
136int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb) 133unsigned int ieee80211_hdrlen(__le16 fc)
137{ 134{
138 const struct ieee80211_hdr *hdr = (const struct ieee80211_hdr *) skb->data; 135 unsigned int hdrlen = 24;
139 int hdrlen; 136
137 if (ieee80211_is_data(fc)) {
138 if (ieee80211_has_a4(fc))
139 hdrlen = 30;
140 if (ieee80211_is_data_qos(fc))
141 hdrlen += IEEE80211_QOS_CTL_LEN;
142 goto out;
143 }
144
145 if (ieee80211_is_ctl(fc)) {
146 /*
147 * ACK and CTS are 10 bytes, all others 16. To see how
148 * to get this condition consider
149 * subtype mask: 0b0000000011110000 (0x00F0)
150 * ACK subtype: 0b0000000011010000 (0x00D0)
151 * CTS subtype: 0b0000000011000000 (0x00C0)
152 * bits that matter: ^^^ (0x00E0)
153 * value of those: 0b0000000011000000 (0x00C0)
154 */
155 if ((fc & cpu_to_le16(0x00E0)) == cpu_to_le16(0x00C0))
156 hdrlen = 10;
157 else
158 hdrlen = 16;
159 }
160out:
161 return hdrlen;
162}
163EXPORT_SYMBOL(ieee80211_hdrlen);
164
165unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
166{
167 const struct ieee80211_hdr *hdr = (const struct ieee80211_hdr *)skb->data;
168 unsigned int hdrlen;
140 169
141 if (unlikely(skb->len < 10)) 170 if (unlikely(skb->len < 10))
142 return 0; 171 return 0;
143 hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_control)); 172 hdrlen = ieee80211_hdrlen(hdr->frame_control);
144 if (unlikely(hdrlen > skb->len)) 173 if (unlikely(hdrlen > skb->len))
145 return 0; 174 return 0;
146 return hdrlen; 175 return hdrlen;
@@ -258,7 +287,7 @@ EXPORT_SYMBOL(ieee80211_generic_frame_duration);
258 287
259__le16 ieee80211_rts_duration(struct ieee80211_hw *hw, 288__le16 ieee80211_rts_duration(struct ieee80211_hw *hw,
260 struct ieee80211_vif *vif, size_t frame_len, 289 struct ieee80211_vif *vif, size_t frame_len,
261 const struct ieee80211_tx_control *frame_txctl) 290 const struct ieee80211_tx_info *frame_txctl)
262{ 291{
263 struct ieee80211_local *local = hw_to_local(hw); 292 struct ieee80211_local *local = hw_to_local(hw);
264 struct ieee80211_rate *rate; 293 struct ieee80211_rate *rate;
@@ -266,10 +295,13 @@ __le16 ieee80211_rts_duration(struct ieee80211_hw *hw,
266 bool short_preamble; 295 bool short_preamble;
267 int erp; 296 int erp;
268 u16 dur; 297 u16 dur;
298 struct ieee80211_supported_band *sband;
299
300 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
269 301
270 short_preamble = sdata->bss_conf.use_short_preamble; 302 short_preamble = sdata->bss_conf.use_short_preamble;
271 303
272 rate = frame_txctl->rts_cts_rate; 304 rate = &sband->bitrates[frame_txctl->control.rts_cts_rate_idx];
273 305
274 erp = 0; 306 erp = 0;
275 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE) 307 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
@@ -292,7 +324,7 @@ EXPORT_SYMBOL(ieee80211_rts_duration);
292__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw, 324__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
293 struct ieee80211_vif *vif, 325 struct ieee80211_vif *vif,
294 size_t frame_len, 326 size_t frame_len,
295 const struct ieee80211_tx_control *frame_txctl) 327 const struct ieee80211_tx_info *frame_txctl)
296{ 328{
297 struct ieee80211_local *local = hw_to_local(hw); 329 struct ieee80211_local *local = hw_to_local(hw);
298 struct ieee80211_rate *rate; 330 struct ieee80211_rate *rate;
@@ -300,10 +332,13 @@ __le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
300 bool short_preamble; 332 bool short_preamble;
301 int erp; 333 int erp;
302 u16 dur; 334 u16 dur;
335 struct ieee80211_supported_band *sband;
336
337 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
303 338
304 short_preamble = sdata->bss_conf.use_short_preamble; 339 short_preamble = sdata->bss_conf.use_short_preamble;
305 340
306 rate = frame_txctl->rts_cts_rate; 341 rate = &sband->bitrates[frame_txctl->control.rts_cts_rate_idx];
307 erp = 0; 342 erp = 0;
308 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE) 343 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
309 erp = rate->flags & IEEE80211_RATE_ERP_G; 344 erp = rate->flags & IEEE80211_RATE_ERP_G;
@@ -311,7 +346,7 @@ __le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
311 /* Data frame duration */ 346 /* Data frame duration */
312 dur = ieee80211_frame_duration(local, frame_len, rate->bitrate, 347 dur = ieee80211_frame_duration(local, frame_len, rate->bitrate,
313 erp, short_preamble); 348 erp, short_preamble);
314 if (!(frame_txctl->flags & IEEE80211_TXCTL_NO_ACK)) { 349 if (!(frame_txctl->flags & IEEE80211_TX_CTL_NO_ACK)) {
315 /* ACK duration */ 350 /* ACK duration */
316 dur += ieee80211_frame_duration(local, 10, rate->bitrate, 351 dur += ieee80211_frame_duration(local, 10, rate->bitrate,
317 erp, short_preamble); 352 erp, short_preamble);
@@ -325,17 +360,11 @@ void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
325{ 360{
326 struct ieee80211_local *local = hw_to_local(hw); 361 struct ieee80211_local *local = hw_to_local(hw);
327 362
328 if (test_and_clear_bit(IEEE80211_LINK_STATE_XOFF, 363 if (test_bit(queue, local->queues_pending)) {
329 &local->state[queue])) { 364 set_bit(queue, local->queues_pending_run);
330 if (test_bit(IEEE80211_LINK_STATE_PENDING, 365 tasklet_schedule(&local->tx_pending_tasklet);
331 &local->state[queue])) 366 } else {
332 tasklet_schedule(&local->tx_pending_tasklet); 367 netif_wake_subqueue(local->mdev, queue);
333 else
334 if (!ieee80211_qdisc_installed(local->mdev)) {
335 if (queue == 0)
336 netif_wake_queue(local->mdev);
337 } else
338 __netif_schedule(local->mdev);
339 } 368 }
340} 369}
341EXPORT_SYMBOL(ieee80211_wake_queue); 370EXPORT_SYMBOL(ieee80211_wake_queue);
@@ -344,29 +373,15 @@ void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
344{ 373{
345 struct ieee80211_local *local = hw_to_local(hw); 374 struct ieee80211_local *local = hw_to_local(hw);
346 375
347 if (!ieee80211_qdisc_installed(local->mdev) && queue == 0) 376 netif_stop_subqueue(local->mdev, queue);
348 netif_stop_queue(local->mdev);
349 set_bit(IEEE80211_LINK_STATE_XOFF, &local->state[queue]);
350} 377}
351EXPORT_SYMBOL(ieee80211_stop_queue); 378EXPORT_SYMBOL(ieee80211_stop_queue);
352 379
353void ieee80211_start_queues(struct ieee80211_hw *hw)
354{
355 struct ieee80211_local *local = hw_to_local(hw);
356 int i;
357
358 for (i = 0; i < local->hw.queues; i++)
359 clear_bit(IEEE80211_LINK_STATE_XOFF, &local->state[i]);
360 if (!ieee80211_qdisc_installed(local->mdev))
361 netif_start_queue(local->mdev);
362}
363EXPORT_SYMBOL(ieee80211_start_queues);
364
365void ieee80211_stop_queues(struct ieee80211_hw *hw) 380void ieee80211_stop_queues(struct ieee80211_hw *hw)
366{ 381{
367 int i; 382 int i;
368 383
369 for (i = 0; i < hw->queues; i++) 384 for (i = 0; i < ieee80211_num_queues(hw); i++)
370 ieee80211_stop_queue(hw, i); 385 ieee80211_stop_queue(hw, i);
371} 386}
372EXPORT_SYMBOL(ieee80211_stop_queues); 387EXPORT_SYMBOL(ieee80211_stop_queues);
@@ -375,7 +390,7 @@ void ieee80211_wake_queues(struct ieee80211_hw *hw)
375{ 390{
376 int i; 391 int i;
377 392
378 for (i = 0; i < hw->queues; i++) 393 for (i = 0; i < hw->queues + hw->ampdu_queues; i++)
379 ieee80211_wake_queue(hw, i); 394 ieee80211_wake_queue(hw, i);
380} 395}
381EXPORT_SYMBOL(ieee80211_wake_queues); 396EXPORT_SYMBOL(ieee80211_wake_queues);
@@ -404,8 +419,6 @@ void ieee80211_iterate_active_interfaces(
404 case IEEE80211_IF_TYPE_MESH_POINT: 419 case IEEE80211_IF_TYPE_MESH_POINT:
405 break; 420 break;
406 } 421 }
407 if (sdata->dev == local->mdev)
408 continue;
409 if (netif_running(sdata->dev)) 422 if (netif_running(sdata->dev))
410 iterator(data, sdata->dev->dev_addr, 423 iterator(data, sdata->dev->dev_addr,
411 &sdata->vif); 424 &sdata->vif);
@@ -439,8 +452,6 @@ void ieee80211_iterate_active_interfaces_atomic(
439 case IEEE80211_IF_TYPE_MESH_POINT: 452 case IEEE80211_IF_TYPE_MESH_POINT:
440 break; 453 break;
441 } 454 }
442 if (sdata->dev == local->mdev)
443 continue;
444 if (netif_running(sdata->dev)) 455 if (netif_running(sdata->dev))
445 iterator(data, sdata->dev->dev_addr, 456 iterator(data, sdata->dev->dev_addr,
446 &sdata->vif); 457 &sdata->vif);
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index affcecd78c10..5c2bf0a3d4db 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -31,13 +31,13 @@ int ieee80211_wep_init(struct ieee80211_local *local)
31 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 31 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
32 CRYPTO_ALG_ASYNC); 32 CRYPTO_ALG_ASYNC);
33 if (IS_ERR(local->wep_tx_tfm)) 33 if (IS_ERR(local->wep_tx_tfm))
34 return -ENOMEM; 34 return PTR_ERR(local->wep_tx_tfm);
35 35
36 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 36 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
37 CRYPTO_ALG_ASYNC); 37 CRYPTO_ALG_ASYNC);
38 if (IS_ERR(local->wep_rx_tfm)) { 38 if (IS_ERR(local->wep_rx_tfm)) {
39 crypto_free_blkcipher(local->wep_tx_tfm); 39 crypto_free_blkcipher(local->wep_tx_tfm);
40 return -ENOMEM; 40 return PTR_ERR(local->wep_rx_tfm);
41 } 41 }
42 42
43 return 0; 43 return 0;
@@ -84,24 +84,17 @@ static u8 *ieee80211_wep_add_iv(struct ieee80211_local *local,
84 struct sk_buff *skb, 84 struct sk_buff *skb,
85 struct ieee80211_key *key) 85 struct ieee80211_key *key)
86{ 86{
87 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 87 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
88 u16 fc; 88 unsigned int hdrlen;
89 int hdrlen;
90 u8 *newhdr; 89 u8 *newhdr;
91 90
92 fc = le16_to_cpu(hdr->frame_control); 91 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
93 fc |= IEEE80211_FCTL_PROTECTED;
94 hdr->frame_control = cpu_to_le16(fc);
95 92
96 if ((skb_headroom(skb) < WEP_IV_LEN || 93 if (WARN_ON(skb_tailroom(skb) < WEP_ICV_LEN ||
97 skb_tailroom(skb) < WEP_ICV_LEN)) { 94 skb_headroom(skb) < WEP_IV_LEN))
98 I802_DEBUG_INC(local->tx_expand_skb_head); 95 return NULL;
99 if (unlikely(pskb_expand_head(skb, WEP_IV_LEN, WEP_ICV_LEN,
100 GFP_ATOMIC)))
101 return NULL;
102 }
103 96
104 hdrlen = ieee80211_get_hdrlen(fc); 97 hdrlen = ieee80211_hdrlen(hdr->frame_control);
105 newhdr = skb_push(skb, WEP_IV_LEN); 98 newhdr = skb_push(skb, WEP_IV_LEN);
106 memmove(newhdr, newhdr + WEP_IV_LEN, hdrlen); 99 memmove(newhdr, newhdr + WEP_IV_LEN, hdrlen);
107 ieee80211_wep_get_iv(local, key, newhdr + hdrlen); 100 ieee80211_wep_get_iv(local, key, newhdr + hdrlen);
@@ -113,12 +106,10 @@ static void ieee80211_wep_remove_iv(struct ieee80211_local *local,
113 struct sk_buff *skb, 106 struct sk_buff *skb,
114 struct ieee80211_key *key) 107 struct ieee80211_key *key)
115{ 108{
116 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 109 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
117 u16 fc; 110 unsigned int hdrlen;
118 int hdrlen;
119 111
120 fc = le16_to_cpu(hdr->frame_control); 112 hdrlen = ieee80211_hdrlen(hdr->frame_control);
121 hdrlen = ieee80211_get_hdrlen(fc);
122 memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen); 113 memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
123 skb_pull(skb, WEP_IV_LEN); 114 skb_pull(skb, WEP_IV_LEN);
124} 115}
@@ -228,17 +219,15 @@ int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
228 u32 klen; 219 u32 klen;
229 u8 *rc4key; 220 u8 *rc4key;
230 u8 keyidx; 221 u8 keyidx;
231 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 222 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
232 u16 fc; 223 unsigned int hdrlen;
233 int hdrlen;
234 size_t len; 224 size_t len;
235 int ret = 0; 225 int ret = 0;
236 226
237 fc = le16_to_cpu(hdr->frame_control); 227 if (!ieee80211_has_protected(hdr->frame_control))
238 if (!(fc & IEEE80211_FCTL_PROTECTED))
239 return -1; 228 return -1;
240 229
241 hdrlen = ieee80211_get_hdrlen(fc); 230 hdrlen = ieee80211_hdrlen(hdr->frame_control);
242 231
243 if (skb->len < 8 + hdrlen) 232 if (skb->len < 8 + hdrlen)
244 return -1; 233 return -1;
@@ -264,11 +253,8 @@ int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
264 253
265 if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen, 254 if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen,
266 skb->data + hdrlen + WEP_IV_LEN, 255 skb->data + hdrlen + WEP_IV_LEN,
267 len)) { 256 len))
268 if (net_ratelimit())
269 printk(KERN_DEBUG "WEP decrypt failed (ICV)\n");
270 ret = -1; 257 ret = -1;
271 }
272 258
273 kfree(rc4key); 259 kfree(rc4key);
274 260
@@ -285,17 +271,15 @@ int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
285 271
286u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key) 272u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
287{ 273{
288 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 274 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
289 u16 fc; 275 unsigned int hdrlen;
290 int hdrlen;
291 u8 *ivpos; 276 u8 *ivpos;
292 u32 iv; 277 u32 iv;
293 278
294 fc = le16_to_cpu(hdr->frame_control); 279 if (!ieee80211_has_protected(hdr->frame_control))
295 if (!(fc & IEEE80211_FCTL_PROTECTED))
296 return NULL; 280 return NULL;
297 281
298 hdrlen = ieee80211_get_hdrlen(fc); 282 hdrlen = ieee80211_hdrlen(hdr->frame_control);
299 ivpos = skb->data + hdrlen; 283 ivpos = skb->data + hdrlen;
300 iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2]; 284 iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2];
301 285
@@ -314,14 +298,8 @@ ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
314 return RX_CONTINUE; 298 return RX_CONTINUE;
315 299
316 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 300 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
317 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) { 301 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key))
318#ifdef CONFIG_MAC80211_DEBUG
319 if (net_ratelimit())
320 printk(KERN_DEBUG "%s: RX WEP frame, decrypt "
321 "failed\n", rx->dev->name);
322#endif /* CONFIG_MAC80211_DEBUG */
323 return RX_DROP_UNUSABLE; 302 return RX_DROP_UNUSABLE;
324 }
325 } else if (!(rx->status->flag & RX_FLAG_IV_STRIPPED)) { 303 } else if (!(rx->status->flag & RX_FLAG_IV_STRIPPED)) {
326 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); 304 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
327 /* remove ICV */ 305 /* remove ICV */
@@ -333,11 +311,16 @@ ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
333 311
334static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 312static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
335{ 313{
314 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
315
316 info->control.iv_len = WEP_IV_LEN;
317 info->control.icv_len = WEP_ICV_LEN;
318
336 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) { 319 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) {
337 if (ieee80211_wep_encrypt(tx->local, skb, tx->key)) 320 if (ieee80211_wep_encrypt(tx->local, skb, tx->key))
338 return -1; 321 return -1;
339 } else { 322 } else {
340 tx->control->key_idx = tx->key->conf.hw_key_idx; 323 info->control.hw_key = &tx->key->conf;
341 if (tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) { 324 if (tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) {
342 if (!ieee80211_wep_add_iv(tx->local, skb, tx->key)) 325 if (!ieee80211_wep_add_iv(tx->local, skb, tx->key))
343 return -1; 326 return -1;
@@ -349,8 +332,6 @@ static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
349ieee80211_tx_result 332ieee80211_tx_result
350ieee80211_crypto_wep_encrypt(struct ieee80211_tx_data *tx) 333ieee80211_crypto_wep_encrypt(struct ieee80211_tx_data *tx)
351{ 334{
352 tx->control->iv_len = WEP_IV_LEN;
353 tx->control->icv_len = WEP_ICV_LEN;
354 ieee80211_tx_set_protected(tx); 335 ieee80211_tx_set_protected(tx);
355 336
356 if (wep_encrypt_skb(tx, tx->skb) < 0) { 337 if (wep_encrypt_skb(tx, tx->skb) < 0) {
diff --git a/net/mac80211/wep.h b/net/mac80211/wep.h
index 363779c50658..e587172115b8 100644
--- a/net/mac80211/wep.h
+++ b/net/mac80211/wep.h
@@ -26,7 +26,7 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local, struct sk_buff *skb,
26 struct ieee80211_key *key); 26 struct ieee80211_key *key);
27int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb, 27int ieee80211_wep_decrypt(struct ieee80211_local *local, struct sk_buff *skb,
28 struct ieee80211_key *key); 28 struct ieee80211_key *key);
29u8 * ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key); 29u8 *ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
30 30
31ieee80211_rx_result 31ieee80211_rx_result
32ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx); 32ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx);
diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c
index 457ebf9e85ae..34fa8ed1e784 100644
--- a/net/mac80211/wext.c
+++ b/net/mac80211/wext.c
@@ -95,6 +95,13 @@ static int ieee80211_set_encryption(struct net_device *dev, u8 *sta_addr,
95 } 95 }
96 } 96 }
97 97
98 if (alg == ALG_WEP &&
99 key_len != LEN_WEP40 && key_len != LEN_WEP104) {
100 ieee80211_key_free(key);
101 err = -EINVAL;
102 goto out_unlock;
103 }
104
98 ieee80211_key_link(key, sdata, sta); 105 ieee80211_key_link(key, sdata, sta);
99 106
100 if (set_tx_key || (!sta && !sdata->default_key && key)) 107 if (set_tx_key || (!sta && !sdata->default_key && key))
@@ -135,7 +142,39 @@ static int ieee80211_ioctl_giwname(struct net_device *dev,
135 struct iw_request_info *info, 142 struct iw_request_info *info,
136 char *name, char *extra) 143 char *name, char *extra)
137{ 144{
145 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
146 struct ieee80211_supported_band *sband;
147 u8 is_ht = 0, is_a = 0, is_b = 0, is_g = 0;
148
149
150 sband = local->hw.wiphy->bands[IEEE80211_BAND_5GHZ];
151 if (sband) {
152 is_a = 1;
153 is_ht |= sband->ht_info.ht_supported;
154 }
155
156 sband = local->hw.wiphy->bands[IEEE80211_BAND_2GHZ];
157 if (sband) {
158 int i;
159 /* Check for mandatory rates */
160 for (i = 0; i < sband->n_bitrates; i++) {
161 if (sband->bitrates[i].bitrate == 10)
162 is_b = 1;
163 if (sband->bitrates[i].bitrate == 60)
164 is_g = 1;
165 }
166 is_ht |= sband->ht_info.ht_supported;
167 }
168
138 strcpy(name, "IEEE 802.11"); 169 strcpy(name, "IEEE 802.11");
170 if (is_a)
171 strcat(name, "a");
172 if (is_b)
173 strcat(name, "b");
174 if (is_g)
175 strcat(name, "g");
176 if (is_ht)
177 strcat(name, "n");
139 178
140 return 0; 179 return 0;
141} 180}
@@ -169,14 +208,26 @@ static int ieee80211_ioctl_giwrange(struct net_device *dev,
169 range->num_encoding_sizes = 2; 208 range->num_encoding_sizes = 2;
170 range->max_encoding_tokens = NUM_DEFAULT_KEYS; 209 range->max_encoding_tokens = NUM_DEFAULT_KEYS;
171 210
172 range->max_qual.qual = local->hw.max_signal; 211 if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC ||
173 range->max_qual.level = local->hw.max_rssi; 212 local->hw.flags & IEEE80211_HW_SIGNAL_DB)
174 range->max_qual.noise = local->hw.max_noise; 213 range->max_qual.level = local->hw.max_signal;
214 else if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
215 range->max_qual.level = -110;
216 else
217 range->max_qual.level = 0;
218
219 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
220 range->max_qual.noise = -110;
221 else
222 range->max_qual.noise = 0;
223
224 range->max_qual.qual = 100;
175 range->max_qual.updated = local->wstats_flags; 225 range->max_qual.updated = local->wstats_flags;
176 226
177 range->avg_qual.qual = local->hw.max_signal/2; 227 range->avg_qual.qual = 50;
178 range->avg_qual.level = 0; 228 /* not always true but better than nothing */
179 range->avg_qual.noise = 0; 229 range->avg_qual.level = range->max_qual.level / 2;
230 range->avg_qual.noise = range->max_qual.noise / 2;
180 range->avg_qual.updated = local->wstats_flags; 231 range->avg_qual.updated = local->wstats_flags;
181 232
182 range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 | 233 range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
@@ -245,15 +296,7 @@ static int ieee80211_ioctl_siwmode(struct net_device *dev,
245 return -EINVAL; 296 return -EINVAL;
246 } 297 }
247 298
248 if (type == sdata->vif.type) 299 return ieee80211_if_change_type(sdata, type);
249 return 0;
250 if (netif_running(dev))
251 return -EBUSY;
252
253 ieee80211_if_reinit(dev);
254 ieee80211_if_set_type(dev, type);
255
256 return 0;
257} 300}
258 301
259 302
@@ -290,14 +333,22 @@ static int ieee80211_ioctl_giwmode(struct net_device *dev,
290 return 0; 333 return 0;
291} 334}
292 335
293int ieee80211_set_freq(struct ieee80211_local *local, int freqMHz) 336int ieee80211_set_freq(struct net_device *dev, int freqMHz)
294{ 337{
295 int ret = -EINVAL; 338 int ret = -EINVAL;
296 struct ieee80211_channel *chan; 339 struct ieee80211_channel *chan;
340 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
341 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
297 342
298 chan = ieee80211_get_channel(local->hw.wiphy, freqMHz); 343 chan = ieee80211_get_channel(local->hw.wiphy, freqMHz);
299 344
300 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) { 345 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) {
346 if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS &&
347 chan->flags & IEEE80211_CHAN_NO_IBSS) {
348 printk(KERN_DEBUG "%s: IBSS not allowed on frequency "
349 "%d MHz\n", dev->name, chan->center_freq);
350 return ret;
351 }
301 local->oper_channel = chan; 352 local->oper_channel = chan;
302 353
303 if (local->sta_sw_scanning || local->sta_hw_scanning) 354 if (local->sta_sw_scanning || local->sta_hw_scanning)
@@ -315,7 +366,6 @@ static int ieee80211_ioctl_siwfreq(struct net_device *dev,
315 struct iw_request_info *info, 366 struct iw_request_info *info,
316 struct iw_freq *freq, char *extra) 367 struct iw_freq *freq, char *extra)
317{ 368{
318 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
319 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 369 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
320 370
321 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) 371 if (sdata->vif.type == IEEE80211_IF_TYPE_STA)
@@ -329,14 +379,14 @@ static int ieee80211_ioctl_siwfreq(struct net_device *dev,
329 IEEE80211_STA_AUTO_CHANNEL_SEL; 379 IEEE80211_STA_AUTO_CHANNEL_SEL;
330 return 0; 380 return 0;
331 } else 381 } else
332 return ieee80211_set_freq(local, 382 return ieee80211_set_freq(dev,
333 ieee80211_channel_to_frequency(freq->m)); 383 ieee80211_channel_to_frequency(freq->m));
334 } else { 384 } else {
335 int i, div = 1000000; 385 int i, div = 1000000;
336 for (i = 0; i < freq->e; i++) 386 for (i = 0; i < freq->e; i++)
337 div /= 10; 387 div /= 10;
338 if (div > 0) 388 if (div > 0)
339 return ieee80211_set_freq(local, freq->m / div); 389 return ieee80211_set_freq(dev, freq->m / div);
340 else 390 else
341 return -EINVAL; 391 return -EINVAL;
342 } 392 }
@@ -394,7 +444,7 @@ static int ieee80211_ioctl_siwessid(struct net_device *dev,
394 memset(sdata->u.ap.ssid + len, 0, 444 memset(sdata->u.ap.ssid + len, 0,
395 IEEE80211_MAX_SSID_LEN - len); 445 IEEE80211_MAX_SSID_LEN - len);
396 sdata->u.ap.ssid_len = len; 446 sdata->u.ap.ssid_len = len;
397 return ieee80211_if_config(dev); 447 return ieee80211_if_config(sdata, IEEE80211_IFCC_SSID);
398 } 448 }
399 return -EOPNOTSUPP; 449 return -EOPNOTSUPP;
400} 450}
@@ -489,9 +539,15 @@ static int ieee80211_ioctl_giwap(struct net_device *dev,
489 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 539 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
490 if (sdata->vif.type == IEEE80211_IF_TYPE_STA || 540 if (sdata->vif.type == IEEE80211_IF_TYPE_STA ||
491 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) { 541 sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
492 ap_addr->sa_family = ARPHRD_ETHER; 542 if (sdata->u.sta.state == IEEE80211_ASSOCIATED ||
493 memcpy(&ap_addr->sa_data, sdata->u.sta.bssid, ETH_ALEN); 543 sdata->u.sta.state == IEEE80211_IBSS_JOINED) {
494 return 0; 544 ap_addr->sa_family = ARPHRD_ETHER;
545 memcpy(&ap_addr->sa_data, sdata->u.sta.bssid, ETH_ALEN);
546 return 0;
547 } else {
548 memset(&ap_addr->sa_data, 0, ETH_ALEN);
549 return 0;
550 }
495 } else if (sdata->vif.type == IEEE80211_IF_TYPE_WDS) { 551 } else if (sdata->vif.type == IEEE80211_IF_TYPE_WDS) {
496 ap_addr->sa_family = ARPHRD_ETHER; 552 ap_addr->sa_family = ARPHRD_ETHER;
497 memcpy(&ap_addr->sa_data, sdata->u.wds.remote_addr, ETH_ALEN); 553 memcpy(&ap_addr->sa_data, sdata->u.wds.remote_addr, ETH_ALEN);
@@ -542,7 +598,7 @@ static int ieee80211_ioctl_giwscan(struct net_device *dev,
542 if (local->sta_sw_scanning || local->sta_hw_scanning) 598 if (local->sta_sw_scanning || local->sta_hw_scanning)
543 return -EAGAIN; 599 return -EAGAIN;
544 600
545 res = ieee80211_sta_scan_results(dev, extra, data->length); 601 res = ieee80211_sta_scan_results(dev, info, extra, data->length);
546 if (res >= 0) { 602 if (res >= 0) {
547 data->length = res; 603 data->length = res;
548 return 0; 604 return 0;
@@ -563,16 +619,14 @@ static int ieee80211_ioctl_siwrate(struct net_device *dev,
563 struct ieee80211_supported_band *sband; 619 struct ieee80211_supported_band *sband;
564 620
565 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 621 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
566 if (!sdata->bss)
567 return -ENODEV;
568 622
569 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 623 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
570 624
571 /* target_rate = -1, rate->fixed = 0 means auto only, so use all rates 625 /* target_rate = -1, rate->fixed = 0 means auto only, so use all rates
572 * target_rate = X, rate->fixed = 1 means only rate X 626 * target_rate = X, rate->fixed = 1 means only rate X
573 * target_rate = X, rate->fixed = 0 means all rates <= X */ 627 * target_rate = X, rate->fixed = 0 means all rates <= X */
574 sdata->bss->max_ratectrl_rateidx = -1; 628 sdata->max_ratectrl_rateidx = -1;
575 sdata->bss->force_unicast_rateidx = -1; 629 sdata->force_unicast_rateidx = -1;
576 if (rate->value < 0) 630 if (rate->value < 0)
577 return 0; 631 return 0;
578 632
@@ -581,9 +635,9 @@ static int ieee80211_ioctl_siwrate(struct net_device *dev,
581 int this_rate = brate->bitrate; 635 int this_rate = brate->bitrate;
582 636
583 if (target_rate == this_rate) { 637 if (target_rate == this_rate) {
584 sdata->bss->max_ratectrl_rateidx = i; 638 sdata->max_ratectrl_rateidx = i;
585 if (rate->fixed) 639 if (rate->fixed)
586 sdata->bss->force_unicast_rateidx = i; 640 sdata->force_unicast_rateidx = i;
587 err = 0; 641 err = 0;
588 break; 642 break;
589 } 643 }
@@ -696,6 +750,9 @@ static int ieee80211_ioctl_siwrts(struct net_device *dev,
696 750
697 if (rts->disabled) 751 if (rts->disabled)
698 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD; 752 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
753 else if (!rts->fixed)
754 /* if the rts value is not fixed, then take default */
755 local->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
699 else if (rts->value < 0 || rts->value > IEEE80211_MAX_RTS_THRESHOLD) 756 else if (rts->value < 0 || rts->value > IEEE80211_MAX_RTS_THRESHOLD)
700 return -EINVAL; 757 return -EINVAL;
701 else 758 else
@@ -733,6 +790,8 @@ static int ieee80211_ioctl_siwfrag(struct net_device *dev,
733 790
734 if (frag->disabled) 791 if (frag->disabled)
735 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD; 792 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
793 else if (!frag->fixed)
794 local->fragmentation_threshold = IEEE80211_MAX_FRAG_THRESHOLD;
736 else if (frag->value < 256 || 795 else if (frag->value < 256 ||
737 frag->value > IEEE80211_MAX_FRAG_THRESHOLD) 796 frag->value > IEEE80211_MAX_FRAG_THRESHOLD)
738 return -EINVAL; 797 return -EINVAL;
@@ -924,6 +983,58 @@ static int ieee80211_ioctl_giwencode(struct net_device *dev,
924 erq->length = sdata->keys[idx]->conf.keylen; 983 erq->length = sdata->keys[idx]->conf.keylen;
925 erq->flags |= IW_ENCODE_ENABLED; 984 erq->flags |= IW_ENCODE_ENABLED;
926 985
986 if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
987 struct ieee80211_if_sta *ifsta = &sdata->u.sta;
988 switch (ifsta->auth_alg) {
989 case WLAN_AUTH_OPEN:
990 case WLAN_AUTH_LEAP:
991 erq->flags |= IW_ENCODE_OPEN;
992 break;
993 case WLAN_AUTH_SHARED_KEY:
994 erq->flags |= IW_ENCODE_RESTRICTED;
995 break;
996 }
997 }
998
999 return 0;
1000}
1001
1002static int ieee80211_ioctl_siwpower(struct net_device *dev,
1003 struct iw_request_info *info,
1004 struct iw_param *wrq,
1005 char *extra)
1006{
1007 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1008 struct ieee80211_conf *conf = &local->hw.conf;
1009
1010 if (wrq->disabled) {
1011 conf->flags &= ~IEEE80211_CONF_PS;
1012 return ieee80211_hw_config(local);
1013 }
1014
1015 switch (wrq->flags & IW_POWER_MODE) {
1016 case IW_POWER_ON: /* If not specified */
1017 case IW_POWER_MODE: /* If set all mask */
1018 case IW_POWER_ALL_R: /* If explicitely state all */
1019 conf->flags |= IEEE80211_CONF_PS;
1020 break;
1021 default: /* Otherwise we don't support it */
1022 return -EINVAL;
1023 }
1024
1025 return ieee80211_hw_config(local);
1026}
1027
1028static int ieee80211_ioctl_giwpower(struct net_device *dev,
1029 struct iw_request_info *info,
1030 union iwreq_data *wrqu,
1031 char *extra)
1032{
1033 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1034 struct ieee80211_conf *conf = &local->hw.conf;
1035
1036 wrqu->power.disabled = !(conf->flags & IEEE80211_CONF_PS);
1037
927 return 0; 1038 return 0;
928} 1039}
929 1040
@@ -995,8 +1106,8 @@ static struct iw_statistics *ieee80211_get_wireless_stats(struct net_device *dev
995 wstats->qual.noise = 0; 1106 wstats->qual.noise = 0;
996 wstats->qual.updated = IW_QUAL_ALL_INVALID; 1107 wstats->qual.updated = IW_QUAL_ALL_INVALID;
997 } else { 1108 } else {
998 wstats->qual.level = sta->last_rssi; 1109 wstats->qual.level = sta->last_signal;
999 wstats->qual.qual = sta->last_signal; 1110 wstats->qual.qual = sta->last_qual;
1000 wstats->qual.noise = sta->last_noise; 1111 wstats->qual.noise = sta->last_noise;
1001 wstats->qual.updated = local->wstats_flags; 1112 wstats->qual.updated = local->wstats_flags;
1002 } 1113 }
@@ -1129,8 +1240,8 @@ static const iw_handler ieee80211_handler[] =
1129 (iw_handler) ieee80211_ioctl_giwretry, /* SIOCGIWRETRY */ 1240 (iw_handler) ieee80211_ioctl_giwretry, /* SIOCGIWRETRY */
1130 (iw_handler) ieee80211_ioctl_siwencode, /* SIOCSIWENCODE */ 1241 (iw_handler) ieee80211_ioctl_siwencode, /* SIOCSIWENCODE */
1131 (iw_handler) ieee80211_ioctl_giwencode, /* SIOCGIWENCODE */ 1242 (iw_handler) ieee80211_ioctl_giwencode, /* SIOCGIWENCODE */
1132 (iw_handler) NULL, /* SIOCSIWPOWER */ 1243 (iw_handler) ieee80211_ioctl_siwpower, /* SIOCSIWPOWER */
1133 (iw_handler) NULL, /* SIOCGIWPOWER */ 1244 (iw_handler) ieee80211_ioctl_giwpower, /* SIOCGIWPOWER */
1134 (iw_handler) NULL, /* -- hole -- */ 1245 (iw_handler) NULL, /* -- hole -- */
1135 (iw_handler) NULL, /* -- hole -- */ 1246 (iw_handler) NULL, /* -- hole -- */
1136 (iw_handler) ieee80211_ioctl_siwgenie, /* SIOCSIWGENIE */ 1247 (iw_handler) ieee80211_ioctl_siwgenie, /* SIOCSIWGENIE */
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index dc1598b86004..4310e2f65661 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -18,61 +18,42 @@
18#include "ieee80211_i.h" 18#include "ieee80211_i.h"
19#include "wme.h" 19#include "wme.h"
20 20
21/* maximum number of hardware queues we support. */ 21/* Default mapping in classifier to work with default
22#define TC_80211_MAX_QUEUES 16 22 * queue setup.
23 23 */
24const int ieee802_1d_to_ac[8] = { 2, 3, 3, 2, 1, 1, 0, 0 }; 24const int ieee802_1d_to_ac[8] = { 2, 3, 3, 2, 1, 1, 0, 0 };
25 25
26struct ieee80211_sched_data
27{
28 unsigned long qdisc_pool[BITS_TO_LONGS(TC_80211_MAX_QUEUES)];
29 struct tcf_proto *filter_list;
30 struct Qdisc *queues[TC_80211_MAX_QUEUES];
31 struct sk_buff_head requeued[TC_80211_MAX_QUEUES];
32};
33
34static const char llc_ip_hdr[8] = {0xAA, 0xAA, 0x3, 0, 0, 0, 0x08, 0}; 26static const char llc_ip_hdr[8] = {0xAA, 0xAA, 0x3, 0, 0, 0, 0x08, 0};
35 27
36/* given a data frame determine the 802.1p/1d tag to use */ 28/* Given a data frame determine the 802.1p/1d tag to use. */
37static inline unsigned classify_1d(struct sk_buff *skb, struct Qdisc *qd) 29static unsigned int classify_1d(struct sk_buff *skb)
38{ 30{
39 struct iphdr *ip; 31 unsigned int dscp;
40 int dscp;
41 int offset;
42
43 struct ieee80211_sched_data *q = qdisc_priv(qd);
44 struct tcf_result res = { -1, 0 };
45
46 /* if there is a user set filter list, call out to that */
47 if (q->filter_list) {
48 tc_classify(skb, q->filter_list, &res);
49 if (res.class != -1)
50 return res.class;
51 }
52 32
53 /* skb->priority values from 256->263 are magic values to 33 /* skb->priority values from 256->263 are magic values to
54 * directly indicate a specific 802.1d priority. 34 * directly indicate a specific 802.1d priority. This is used
55 * This is used to allow 802.1d priority to be passed directly in 35 * to allow 802.1d priority to be passed directly in from VLAN
56 * from VLAN tags, etc. */ 36 * tags, etc.
37 */
57 if (skb->priority >= 256 && skb->priority <= 263) 38 if (skb->priority >= 256 && skb->priority <= 263)
58 return skb->priority - 256; 39 return skb->priority - 256;
59 40
60 /* check there is a valid IP header present */ 41 switch (skb->protocol) {
61 offset = ieee80211_get_hdrlen_from_skb(skb); 42 case __constant_htons(ETH_P_IP):
62 if (skb->len < offset + sizeof(llc_ip_hdr) + sizeof(*ip) || 43 dscp = ip_hdr(skb)->tos & 0xfc;
63 memcmp(skb->data + offset, llc_ip_hdr, sizeof(llc_ip_hdr))) 44 break;
64 return 0;
65 45
66 ip = (struct iphdr *) (skb->data + offset + sizeof(llc_ip_hdr)); 46 default:
47 return 0;
48 }
67 49
68 dscp = ip->tos & 0xfc;
69 if (dscp & 0x1c) 50 if (dscp & 0x1c)
70 return 0; 51 return 0;
71 return dscp >> 5; 52 return dscp >> 5;
72} 53}
73 54
74 55
75static inline int wme_downgrade_ac(struct sk_buff *skb) 56static int wme_downgrade_ac(struct sk_buff *skb)
76{ 57{
77 switch (skb->priority) { 58 switch (skb->priority) {
78 case 6: 59 case 6:
@@ -93,43 +74,38 @@ static inline int wme_downgrade_ac(struct sk_buff *skb)
93} 74}
94 75
95 76
96/* positive return value indicates which queue to use 77/* Indicate which queue to use. */
97 * negative return value indicates to drop the frame */ 78static u16 classify80211(struct sk_buff *skb, struct net_device *dev)
98static inline int classify80211(struct sk_buff *skb, struct Qdisc *qd)
99{ 79{
100 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr); 80 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
101 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 81 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
102 unsigned short fc = le16_to_cpu(hdr->frame_control);
103 int qos;
104 82
105 /* see if frame is data or non data frame */ 83 if (!ieee80211_is_data(hdr->frame_control)) {
106 if (unlikely((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA)) {
107 /* management frames go on AC_VO queue, but are sent 84 /* management frames go on AC_VO queue, but are sent
108 * without QoS control fields */ 85 * without QoS control fields */
109 return IEEE80211_TX_QUEUE_DATA0; 86 return 0;
110 } 87 }
111 88
112 if (0 /* injected */) { 89 if (0 /* injected */) {
113 /* use AC from radiotap */ 90 /* use AC from radiotap */
114 } 91 }
115 92
116 /* is this a QoS frame? */ 93 if (!ieee80211_is_data_qos(hdr->frame_control)) {
117 qos = fc & IEEE80211_STYPE_QOS_DATA;
118
119 if (!qos) {
120 skb->priority = 0; /* required for correct WPA/11i MIC */ 94 skb->priority = 0; /* required for correct WPA/11i MIC */
121 return ieee802_1d_to_ac[skb->priority]; 95 return ieee802_1d_to_ac[skb->priority];
122 } 96 }
123 97
124 /* use the data classifier to determine what 802.1d tag the 98 /* use the data classifier to determine what 802.1d tag the
125 * data frame has */ 99 * data frame has */
126 skb->priority = classify_1d(skb, qd); 100 skb->priority = classify_1d(skb);
127 101
128 /* in case we are a client verify acm is not set for this ac */ 102 /* in case we are a client verify acm is not set for this ac */
129 while (unlikely(local->wmm_acm & BIT(skb->priority))) { 103 while (unlikely(local->wmm_acm & BIT(skb->priority))) {
130 if (wme_downgrade_ac(skb)) { 104 if (wme_downgrade_ac(skb)) {
131 /* No AC with lower priority has acm=0, drop packet. */ 105 /* The old code would drop the packet in this
132 return -1; 106 * case.
107 */
108 return 0;
133 } 109 }
134 } 110 }
135 111
@@ -137,55 +113,52 @@ static inline int classify80211(struct sk_buff *skb, struct Qdisc *qd)
137 return ieee802_1d_to_ac[skb->priority]; 113 return ieee802_1d_to_ac[skb->priority];
138} 114}
139 115
140 116u16 ieee80211_select_queue(struct net_device *dev, struct sk_buff *skb)
141static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
142{ 117{
143 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
144 struct ieee80211_sched_data *q = qdisc_priv(qd);
145 struct ieee80211_tx_packet_data *pkt_data =
146 (struct ieee80211_tx_packet_data *) skb->cb;
147 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 118 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
148 unsigned short fc = le16_to_cpu(hdr->frame_control); 119 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
149 struct Qdisc *qdisc; 120 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
150 int err, queue;
151 struct sta_info *sta; 121 struct sta_info *sta;
122 u16 queue;
152 u8 tid; 123 u8 tid;
153 124
154 if (pkt_data->flags & IEEE80211_TXPD_REQUEUE) { 125 queue = classify80211(skb, dev);
155 queue = pkt_data->queue; 126 if (unlikely(queue >= local->hw.queues))
127 queue = local->hw.queues - 1;
128
129 if (info->flags & IEEE80211_TX_CTL_REQUEUE) {
156 rcu_read_lock(); 130 rcu_read_lock();
157 sta = sta_info_get(local, hdr->addr1); 131 sta = sta_info_get(local, hdr->addr1);
158 tid = skb->priority & QOS_CONTROL_TAG1D_MASK; 132 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
159 if (sta) { 133 if (sta) {
134 struct ieee80211_hw *hw = &local->hw;
160 int ampdu_queue = sta->tid_to_tx_q[tid]; 135 int ampdu_queue = sta->tid_to_tx_q[tid];
161 if ((ampdu_queue < local->hw.queues) && 136
162 test_bit(ampdu_queue, q->qdisc_pool)) { 137 if ((ampdu_queue < ieee80211_num_queues(hw)) &&
138 test_bit(ampdu_queue, local->queue_pool)) {
163 queue = ampdu_queue; 139 queue = ampdu_queue;
164 pkt_data->flags |= IEEE80211_TXPD_AMPDU; 140 info->flags |= IEEE80211_TX_CTL_AMPDU;
165 } else { 141 } else {
166 pkt_data->flags &= ~IEEE80211_TXPD_AMPDU; 142 info->flags &= ~IEEE80211_TX_CTL_AMPDU;
167 } 143 }
168 } 144 }
169 rcu_read_unlock(); 145 rcu_read_unlock();
170 skb_queue_tail(&q->requeued[queue], skb);
171 qd->q.qlen++;
172 return 0;
173 }
174 146
175 queue = classify80211(skb, qd); 147 return queue;
148 }
176 149
177 /* now we know the 1d priority, fill in the QoS header if there is one 150 /* Now we know the 1d priority, fill in the QoS header if
151 * there is one.
178 */ 152 */
179 if (WLAN_FC_IS_QOS_DATA(fc)) { 153 if (ieee80211_is_data_qos(hdr->frame_control)) {
180 u8 *p = skb->data + ieee80211_get_hdrlen(fc) - 2; 154 u8 *p = ieee80211_get_qos_ctl(hdr);
181 u8 ack_policy = 0; 155 u8 ack_policy = 0;
182 tid = skb->priority & QOS_CONTROL_TAG1D_MASK; 156 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
183 if (local->wifi_wme_noack_test) 157 if (local->wifi_wme_noack_test)
184 ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK << 158 ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK <<
185 QOS_CONTROL_ACK_POLICY_SHIFT; 159 QOS_CONTROL_ACK_POLICY_SHIFT;
186 /* qos header is 2 bytes, second reserved */ 160 /* qos header is 2 bytes, second reserved */
187 *p = ack_policy | tid; 161 *p++ = ack_policy | tid;
188 p++;
189 *p = 0; 162 *p = 0;
190 163
191 rcu_read_lock(); 164 rcu_read_lock();
@@ -193,476 +166,40 @@ static int wme_qdiscop_enqueue(struct sk_buff *skb, struct Qdisc* qd)
193 sta = sta_info_get(local, hdr->addr1); 166 sta = sta_info_get(local, hdr->addr1);
194 if (sta) { 167 if (sta) {
195 int ampdu_queue = sta->tid_to_tx_q[tid]; 168 int ampdu_queue = sta->tid_to_tx_q[tid];
196 if ((ampdu_queue < local->hw.queues) && 169 struct ieee80211_hw *hw = &local->hw;
197 test_bit(ampdu_queue, q->qdisc_pool)) { 170
171 if ((ampdu_queue < ieee80211_num_queues(hw)) &&
172 test_bit(ampdu_queue, local->queue_pool)) {
198 queue = ampdu_queue; 173 queue = ampdu_queue;
199 pkt_data->flags |= IEEE80211_TXPD_AMPDU; 174 info->flags |= IEEE80211_TX_CTL_AMPDU;
200 } else { 175 } else {
201 pkt_data->flags &= ~IEEE80211_TXPD_AMPDU; 176 info->flags &= ~IEEE80211_TX_CTL_AMPDU;
202 } 177 }
203 } 178 }
204 179
205 rcu_read_unlock(); 180 rcu_read_unlock();
206 } 181 }
207 182
208 if (unlikely(queue >= local->hw.queues)) {
209#if 0
210 if (net_ratelimit()) {
211 printk(KERN_DEBUG "%s - queue=%d (hw does not "
212 "support) -> %d\n",
213 __func__, queue, local->hw.queues - 1);
214 }
215#endif
216 queue = local->hw.queues - 1;
217 }
218
219 if (unlikely(queue < 0)) {
220 kfree_skb(skb);
221 err = NET_XMIT_DROP;
222 } else {
223 tid = skb->priority & QOS_CONTROL_TAG1D_MASK;
224 pkt_data->queue = (unsigned int) queue;
225 qdisc = q->queues[queue];
226 err = qdisc->enqueue(skb, qdisc);
227 if (err == NET_XMIT_SUCCESS) {
228 qd->q.qlen++;
229 qd->bstats.bytes += skb->len;
230 qd->bstats.packets++;
231 return NET_XMIT_SUCCESS;
232 }
233 }
234 qd->qstats.drops++;
235 return err;
236}
237
238
239/* TODO: clean up the cases where master_hard_start_xmit
240 * returns non 0 - it shouldn't ever do that. Once done we
241 * can remove this function */
242static int wme_qdiscop_requeue(struct sk_buff *skb, struct Qdisc* qd)
243{
244 struct ieee80211_sched_data *q = qdisc_priv(qd);
245 struct ieee80211_tx_packet_data *pkt_data =
246 (struct ieee80211_tx_packet_data *) skb->cb;
247 struct Qdisc *qdisc;
248 int err;
249
250 /* we recorded which queue to use earlier! */
251 qdisc = q->queues[pkt_data->queue];
252
253 if ((err = qdisc->ops->requeue(skb, qdisc)) == 0) {
254 qd->q.qlen++;
255 return 0;
256 }
257 qd->qstats.drops++;
258 return err;
259}
260
261
262static struct sk_buff *wme_qdiscop_dequeue(struct Qdisc* qd)
263{
264 struct ieee80211_sched_data *q = qdisc_priv(qd);
265 struct net_device *dev = qd->dev;
266 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
267 struct ieee80211_hw *hw = &local->hw;
268 struct sk_buff *skb;
269 struct Qdisc *qdisc;
270 int queue;
271
272 /* check all the h/w queues in numeric/priority order */
273 for (queue = 0; queue < hw->queues; queue++) {
274 /* see if there is room in this hardware queue */
275 if ((test_bit(IEEE80211_LINK_STATE_XOFF,
276 &local->state[queue])) ||
277 (test_bit(IEEE80211_LINK_STATE_PENDING,
278 &local->state[queue])) ||
279 (!test_bit(queue, q->qdisc_pool)))
280 continue;
281
282 /* there is space - try and get a frame */
283 skb = skb_dequeue(&q->requeued[queue]);
284 if (skb) {
285 qd->q.qlen--;
286 return skb;
287 }
288
289 qdisc = q->queues[queue];
290 skb = qdisc->dequeue(qdisc);
291 if (skb) {
292 qd->q.qlen--;
293 return skb;
294 }
295 }
296 /* returning a NULL here when all the h/w queues are full means we
297 * never need to call netif_stop_queue in the driver */
298 return NULL;
299}
300
301
302static void wme_qdiscop_reset(struct Qdisc* qd)
303{
304 struct ieee80211_sched_data *q = qdisc_priv(qd);
305 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
306 struct ieee80211_hw *hw = &local->hw;
307 int queue;
308
309 /* QUESTION: should we have some hardware flush functionality here? */
310
311 for (queue = 0; queue < hw->queues; queue++) {
312 skb_queue_purge(&q->requeued[queue]);
313 qdisc_reset(q->queues[queue]);
314 }
315 qd->q.qlen = 0;
316}
317
318
319static void wme_qdiscop_destroy(struct Qdisc* qd)
320{
321 struct ieee80211_sched_data *q = qdisc_priv(qd);
322 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
323 struct ieee80211_hw *hw = &local->hw;
324 int queue;
325
326 tcf_destroy_chain(q->filter_list);
327 q->filter_list = NULL;
328
329 for (queue=0; queue < hw->queues; queue++) {
330 skb_queue_purge(&q->requeued[queue]);
331 qdisc_destroy(q->queues[queue]);
332 q->queues[queue] = &noop_qdisc;
333 }
334}
335
336
337/* called whenever parameters are updated on existing qdisc */
338static int wme_qdiscop_tune(struct Qdisc *qd, struct nlattr *opt)
339{
340/* struct ieee80211_sched_data *q = qdisc_priv(qd);
341*/
342 /* check our options block is the right size */
343 /* copy any options to our local structure */
344/* Ignore options block for now - always use static mapping
345 struct tc_ieee80211_qopt *qopt = nla_data(opt);
346
347 if (opt->nla_len < nla_attr_size(sizeof(*qopt)))
348 return -EINVAL;
349 memcpy(q->tag2queue, qopt->tag2queue, sizeof(qopt->tag2queue));
350*/
351 return 0;
352}
353
354
355/* called during initial creation of qdisc on device */
356static int wme_qdiscop_init(struct Qdisc *qd, struct nlattr *opt)
357{
358 struct ieee80211_sched_data *q = qdisc_priv(qd);
359 struct net_device *dev = qd->dev;
360 struct ieee80211_local *local;
361 int queues;
362 int err = 0, i;
363
364 /* check that device is a mac80211 device */
365 if (!dev->ieee80211_ptr ||
366 dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
367 return -EINVAL;
368
369 /* check this device is an ieee80211 master type device */
370 if (dev->type != ARPHRD_IEEE80211)
371 return -EINVAL;
372
373 /* check that there is no qdisc currently attached to device
374 * this ensures that we will be the root qdisc. (I can't find a better
375 * way to test this explicitly) */
376 if (dev->qdisc_sleeping != &noop_qdisc)
377 return -EINVAL;
378
379 if (qd->flags & TCQ_F_INGRESS)
380 return -EINVAL;
381
382 local = wdev_priv(dev->ieee80211_ptr);
383 queues = local->hw.queues;
384
385 /* if options were passed in, set them */
386 if (opt) {
387 err = wme_qdiscop_tune(qd, opt);
388 }
389
390 /* create child queues */
391 for (i = 0; i < queues; i++) {
392 skb_queue_head_init(&q->requeued[i]);
393 q->queues[i] = qdisc_create_dflt(qd->dev, &pfifo_qdisc_ops,
394 qd->handle);
395 if (!q->queues[i]) {
396 q->queues[i] = &noop_qdisc;
397 printk(KERN_ERR "%s child qdisc %i creation failed\n",
398 dev->name, i);
399 }
400 }
401
402 /* reserve all legacy QoS queues */
403 for (i = 0; i < min(IEEE80211_TX_QUEUE_DATA4, queues); i++)
404 set_bit(i, q->qdisc_pool);
405
406 return err;
407}
408
409static int wme_qdiscop_dump(struct Qdisc *qd, struct sk_buff *skb)
410{
411/* struct ieee80211_sched_data *q = qdisc_priv(qd);
412 unsigned char *p = skb->tail;
413 struct tc_ieee80211_qopt opt;
414
415 memcpy(&opt.tag2queue, q->tag2queue, TC_80211_MAX_TAG + 1);
416 NLA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt);
417*/ return skb->len;
418/*
419nla_put_failure:
420 skb_trim(skb, p - skb->data);*/
421 return -1;
422}
423
424
425static int wme_classop_graft(struct Qdisc *qd, unsigned long arg,
426 struct Qdisc *new, struct Qdisc **old)
427{
428 struct ieee80211_sched_data *q = qdisc_priv(qd);
429 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
430 struct ieee80211_hw *hw = &local->hw;
431 unsigned long queue = arg - 1;
432
433 if (queue >= hw->queues)
434 return -EINVAL;
435
436 if (!new)
437 new = &noop_qdisc;
438
439 sch_tree_lock(qd);
440 *old = q->queues[queue];
441 q->queues[queue] = new;
442 qdisc_reset(*old);
443 sch_tree_unlock(qd);
444
445 return 0;
446}
447
448
449static struct Qdisc *
450wme_classop_leaf(struct Qdisc *qd, unsigned long arg)
451{
452 struct ieee80211_sched_data *q = qdisc_priv(qd);
453 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
454 struct ieee80211_hw *hw = &local->hw;
455 unsigned long queue = arg - 1;
456
457 if (queue >= hw->queues)
458 return NULL;
459
460 return q->queues[queue];
461}
462
463
464static unsigned long wme_classop_get(struct Qdisc *qd, u32 classid)
465{
466 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
467 struct ieee80211_hw *hw = &local->hw;
468 unsigned long queue = TC_H_MIN(classid);
469
470 if (queue - 1 >= hw->queues)
471 return 0;
472
473 return queue; 183 return queue;
474} 184}
475 185
476
477static unsigned long wme_classop_bind(struct Qdisc *qd, unsigned long parent,
478 u32 classid)
479{
480 return wme_classop_get(qd, classid);
481}
482
483
484static void wme_classop_put(struct Qdisc *q, unsigned long cl)
485{
486}
487
488
489static int wme_classop_change(struct Qdisc *qd, u32 handle, u32 parent,
490 struct nlattr **tca, unsigned long *arg)
491{
492 unsigned long cl = *arg;
493 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
494 struct ieee80211_hw *hw = &local->hw;
495
496 if (cl - 1 > hw->queues)
497 return -ENOENT;
498
499 /* TODO: put code to program hardware queue parameters here,
500 * to allow programming from tc command line */
501
502 return 0;
503}
504
505
506/* we don't support deleting hardware queues
507 * when we add WMM-SA support - TSPECs may be deleted here */
508static int wme_classop_delete(struct Qdisc *qd, unsigned long cl)
509{
510 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
511 struct ieee80211_hw *hw = &local->hw;
512
513 if (cl - 1 > hw->queues)
514 return -ENOENT;
515 return 0;
516}
517
518
519static int wme_classop_dump_class(struct Qdisc *qd, unsigned long cl,
520 struct sk_buff *skb, struct tcmsg *tcm)
521{
522 struct ieee80211_sched_data *q = qdisc_priv(qd);
523 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
524 struct ieee80211_hw *hw = &local->hw;
525
526 if (cl - 1 > hw->queues)
527 return -ENOENT;
528 tcm->tcm_handle = TC_H_MIN(cl);
529 tcm->tcm_parent = qd->handle;
530 tcm->tcm_info = q->queues[cl-1]->handle; /* do we need this? */
531 return 0;
532}
533
534
535static void wme_classop_walk(struct Qdisc *qd, struct qdisc_walker *arg)
536{
537 struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
538 struct ieee80211_hw *hw = &local->hw;
539 int queue;
540
541 if (arg->stop)
542 return;
543
544 for (queue = 0; queue < hw->queues; queue++) {
545 if (arg->count < arg->skip) {
546 arg->count++;
547 continue;
548 }
549 /* we should return classids for our internal queues here
550 * as well as the external ones */
551 if (arg->fn(qd, queue+1, arg) < 0) {
552 arg->stop = 1;
553 break;
554 }
555 arg->count++;
556 }
557}
558
559
560static struct tcf_proto ** wme_classop_find_tcf(struct Qdisc *qd,
561 unsigned long cl)
562{
563 struct ieee80211_sched_data *q = qdisc_priv(qd);
564
565 if (cl)
566 return NULL;
567
568 return &q->filter_list;
569}
570
571
572/* this qdisc is classful (i.e. has classes, some of which may have leaf qdiscs attached)
573 * - these are the operations on the classes */
574static const struct Qdisc_class_ops class_ops =
575{
576 .graft = wme_classop_graft,
577 .leaf = wme_classop_leaf,
578
579 .get = wme_classop_get,
580 .put = wme_classop_put,
581 .change = wme_classop_change,
582 .delete = wme_classop_delete,
583 .walk = wme_classop_walk,
584
585 .tcf_chain = wme_classop_find_tcf,
586 .bind_tcf = wme_classop_bind,
587 .unbind_tcf = wme_classop_put,
588
589 .dump = wme_classop_dump_class,
590};
591
592
593/* queueing discipline operations */
594static struct Qdisc_ops wme_qdisc_ops __read_mostly =
595{
596 .next = NULL,
597 .cl_ops = &class_ops,
598 .id = "ieee80211",
599 .priv_size = sizeof(struct ieee80211_sched_data),
600
601 .enqueue = wme_qdiscop_enqueue,
602 .dequeue = wme_qdiscop_dequeue,
603 .requeue = wme_qdiscop_requeue,
604 .drop = NULL, /* drop not needed since we are always the root qdisc */
605
606 .init = wme_qdiscop_init,
607 .reset = wme_qdiscop_reset,
608 .destroy = wme_qdiscop_destroy,
609 .change = wme_qdiscop_tune,
610
611 .dump = wme_qdiscop_dump,
612};
613
614
615void ieee80211_install_qdisc(struct net_device *dev)
616{
617 struct Qdisc *qdisc;
618
619 qdisc = qdisc_create_dflt(dev, &wme_qdisc_ops, TC_H_ROOT);
620 if (!qdisc) {
621 printk(KERN_ERR "%s: qdisc installation failed\n", dev->name);
622 return;
623 }
624
625 /* same handle as would be allocated by qdisc_alloc_handle() */
626 qdisc->handle = 0x80010000;
627
628 qdisc_lock_tree(dev);
629 list_add_tail(&qdisc->list, &dev->qdisc_list);
630 dev->qdisc_sleeping = qdisc;
631 qdisc_unlock_tree(dev);
632}
633
634
635int ieee80211_qdisc_installed(struct net_device *dev)
636{
637 return dev->qdisc_sleeping->ops == &wme_qdisc_ops;
638}
639
640
641int ieee80211_wme_register(void)
642{
643 return register_qdisc(&wme_qdisc_ops);
644}
645
646
647void ieee80211_wme_unregister(void)
648{
649 unregister_qdisc(&wme_qdisc_ops);
650}
651
652int ieee80211_ht_agg_queue_add(struct ieee80211_local *local, 186int ieee80211_ht_agg_queue_add(struct ieee80211_local *local,
653 struct sta_info *sta, u16 tid) 187 struct sta_info *sta, u16 tid)
654{ 188{
655 int i; 189 int i;
656 struct ieee80211_sched_data *q = 190
657 qdisc_priv(local->mdev->qdisc_sleeping); 191 /* XXX: currently broken due to cb/requeue use */
658 DECLARE_MAC_BUF(mac); 192 return -EPERM;
659 193
660 /* prepare the filter and save it for the SW queue 194 /* prepare the filter and save it for the SW queue
661 * matching the recieved HW queue */ 195 * matching the received HW queue */
196
197 if (!local->hw.ampdu_queues)
198 return -EPERM;
662 199
663 /* try to get a Qdisc from the pool */ 200 /* try to get a Qdisc from the pool */
664 for (i = IEEE80211_TX_QUEUE_BEACON; i < local->hw.queues; i++) 201 for (i = local->hw.queues; i < ieee80211_num_queues(&local->hw); i++)
665 if (!test_and_set_bit(i, q->qdisc_pool)) { 202 if (!test_and_set_bit(i, local->queue_pool)) {
666 ieee80211_stop_queue(local_to_hw(local), i); 203 ieee80211_stop_queue(local_to_hw(local), i);
667 sta->tid_to_tx_q[tid] = i; 204 sta->tid_to_tx_q[tid] = i;
668 205
@@ -671,11 +208,13 @@ int ieee80211_ht_agg_queue_add(struct ieee80211_local *local,
671 * on the previous queue 208 * on the previous queue
672 * since HT is strict in order */ 209 * since HT is strict in order */
673#ifdef CONFIG_MAC80211_HT_DEBUG 210#ifdef CONFIG_MAC80211_HT_DEBUG
674 if (net_ratelimit()) 211 if (net_ratelimit()) {
212 DECLARE_MAC_BUF(mac);
675 printk(KERN_DEBUG "allocated aggregation queue" 213 printk(KERN_DEBUG "allocated aggregation queue"
676 " %d tid %d addr %s pool=0x%lX", 214 " %d tid %d addr %s pool=0x%lX\n",
677 i, tid, print_mac(mac, sta->addr), 215 i, tid, print_mac(mac, sta->addr),
678 q->qdisc_pool[0]); 216 local->queue_pool[0]);
217 }
679#endif /* CONFIG_MAC80211_HT_DEBUG */ 218#endif /* CONFIG_MAC80211_HT_DEBUG */
680 return 0; 219 return 0;
681 } 220 }
@@ -684,44 +223,81 @@ int ieee80211_ht_agg_queue_add(struct ieee80211_local *local,
684} 223}
685 224
686/** 225/**
687 * the caller needs to hold local->mdev->queue_lock 226 * the caller needs to hold netdev_get_tx_queue(local->mdev, X)->lock
688 */ 227 */
689void ieee80211_ht_agg_queue_remove(struct ieee80211_local *local, 228void ieee80211_ht_agg_queue_remove(struct ieee80211_local *local,
690 struct sta_info *sta, u16 tid, 229 struct sta_info *sta, u16 tid,
691 u8 requeue) 230 u8 requeue)
692{ 231{
693 struct ieee80211_sched_data *q =
694 qdisc_priv(local->mdev->qdisc_sleeping);
695 int agg_queue = sta->tid_to_tx_q[tid]; 232 int agg_queue = sta->tid_to_tx_q[tid];
233 struct ieee80211_hw *hw = &local->hw;
696 234
697 /* return the qdisc to the pool */ 235 /* return the qdisc to the pool */
698 clear_bit(agg_queue, q->qdisc_pool); 236 clear_bit(agg_queue, local->queue_pool);
699 sta->tid_to_tx_q[tid] = local->hw.queues; 237 sta->tid_to_tx_q[tid] = ieee80211_num_queues(hw);
700 238
701 if (requeue) 239 if (requeue) {
702 ieee80211_requeue(local, agg_queue); 240 ieee80211_requeue(local, agg_queue);
703 else 241 } else {
704 q->queues[agg_queue]->ops->reset(q->queues[agg_queue]); 242 struct netdev_queue *txq;
243 spinlock_t *root_lock;
244 struct Qdisc *q;
245
246 txq = netdev_get_tx_queue(local->mdev, agg_queue);
247 q = rcu_dereference(txq->qdisc);
248 root_lock = qdisc_lock(q);
249
250 spin_lock_bh(root_lock);
251 qdisc_reset(q);
252 spin_unlock_bh(root_lock);
253 }
705} 254}
706 255
707void ieee80211_requeue(struct ieee80211_local *local, int queue) 256void ieee80211_requeue(struct ieee80211_local *local, int queue)
708{ 257{
709 struct Qdisc *root_qd = local->mdev->qdisc_sleeping; 258 struct netdev_queue *txq = netdev_get_tx_queue(local->mdev, queue);
710 struct ieee80211_sched_data *q = qdisc_priv(root_qd); 259 struct sk_buff_head list;
711 struct Qdisc *qdisc = q->queues[queue]; 260 spinlock_t *root_lock;
712 struct sk_buff *skb = NULL; 261 struct Qdisc *qdisc;
713 u32 len; 262 u32 len;
714 263
264 rcu_read_lock_bh();
265
266 qdisc = rcu_dereference(txq->qdisc);
715 if (!qdisc || !qdisc->dequeue) 267 if (!qdisc || !qdisc->dequeue)
716 return; 268 goto out_unlock;
269
270 skb_queue_head_init(&list);
717 271
718 printk(KERN_DEBUG "requeue: qlen = %d\n", qdisc->q.qlen); 272 root_lock = qdisc_root_lock(qdisc);
273 spin_lock(root_lock);
719 for (len = qdisc->q.qlen; len > 0; len--) { 274 for (len = qdisc->q.qlen; len > 0; len--) {
720 skb = qdisc->dequeue(qdisc); 275 struct sk_buff *skb = qdisc->dequeue(qdisc);
721 root_qd->q.qlen--; 276
722 /* packet will be classified again and */
723 /* skb->packet_data->queue will be overridden if needed */
724 if (skb) 277 if (skb)
725 wme_qdiscop_enqueue(skb, root_qd); 278 __skb_queue_tail(&list, skb);
279 }
280 spin_unlock(root_lock);
281
282 for (len = list.qlen; len > 0; len--) {
283 struct sk_buff *skb = __skb_dequeue(&list);
284 u16 new_queue;
285
286 BUG_ON(!skb);
287 new_queue = ieee80211_select_queue(local->mdev, skb);
288 skb_set_queue_mapping(skb, new_queue);
289
290 txq = netdev_get_tx_queue(local->mdev, new_queue);
291
292
293 qdisc = rcu_dereference(txq->qdisc);
294 root_lock = qdisc_root_lock(qdisc);
295
296 spin_lock(root_lock);
297 qdisc_enqueue_root(skb, qdisc);
298 spin_unlock(root_lock);
726 } 299 }
300
301out_unlock:
302 rcu_read_unlock_bh();
727} 303}
diff --git a/net/mac80211/wme.h b/net/mac80211/wme.h
index fcc6b05508cc..04de28c071a6 100644
--- a/net/mac80211/wme.h
+++ b/net/mac80211/wme.h
@@ -19,57 +19,16 @@
19#define QOS_CONTROL_ACK_POLICY_NORMAL 0 19#define QOS_CONTROL_ACK_POLICY_NORMAL 0
20#define QOS_CONTROL_ACK_POLICY_NOACK 1 20#define QOS_CONTROL_ACK_POLICY_NOACK 1
21 21
22#define QOS_CONTROL_TID_MASK 0x0f
23#define QOS_CONTROL_ACK_POLICY_SHIFT 5 22#define QOS_CONTROL_ACK_POLICY_SHIFT 5
24 23
25#define QOS_CONTROL_TAG1D_MASK 0x07
26
27extern const int ieee802_1d_to_ac[8]; 24extern const int ieee802_1d_to_ac[8];
28 25
29static inline int WLAN_FC_IS_QOS_DATA(u16 fc) 26u16 ieee80211_select_queue(struct net_device *dev, struct sk_buff *skb);
30{
31 return (fc & 0x8C) == 0x88;
32}
33
34#ifdef CONFIG_NET_SCHED
35void ieee80211_install_qdisc(struct net_device *dev);
36int ieee80211_qdisc_installed(struct net_device *dev);
37int ieee80211_ht_agg_queue_add(struct ieee80211_local *local, 27int ieee80211_ht_agg_queue_add(struct ieee80211_local *local,
38 struct sta_info *sta, u16 tid); 28 struct sta_info *sta, u16 tid);
39void ieee80211_ht_agg_queue_remove(struct ieee80211_local *local, 29void ieee80211_ht_agg_queue_remove(struct ieee80211_local *local,
40 struct sta_info *sta, u16 tid, 30 struct sta_info *sta, u16 tid,
41 u8 requeue); 31 u8 requeue);
42void ieee80211_requeue(struct ieee80211_local *local, int queue); 32void ieee80211_requeue(struct ieee80211_local *local, int queue);
43int ieee80211_wme_register(void);
44void ieee80211_wme_unregister(void);
45#else
46static inline void ieee80211_install_qdisc(struct net_device *dev)
47{
48}
49static inline int ieee80211_qdisc_installed(struct net_device *dev)
50{
51 return 0;
52}
53static inline int ieee80211_ht_agg_queue_add(struct ieee80211_local *local,
54 struct sta_info *sta, u16 tid)
55{
56 return -EAGAIN;
57}
58static inline void ieee80211_ht_agg_queue_remove(struct ieee80211_local *local,
59 struct sta_info *sta, u16 tid,
60 u8 requeue)
61{
62}
63static inline void ieee80211_requeue(struct ieee80211_local *local, int queue)
64{
65}
66static inline int ieee80211_wme_register(void)
67{
68 return 0;
69}
70static inline void ieee80211_wme_unregister(void)
71{
72}
73#endif /* CONFIG_NET_SCHED */
74 33
75#endif /* _WME_H */ 34#endif /* _WME_H */
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 45709ada8fee..2f33df0dcccf 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -11,6 +11,8 @@
11#include <linux/slab.h> 11#include <linux/slab.h>
12#include <linux/skbuff.h> 12#include <linux/skbuff.h>
13#include <linux/compiler.h> 13#include <linux/compiler.h>
14#include <linux/ieee80211.h>
15#include <asm/unaligned.h>
14#include <net/mac80211.h> 16#include <net/mac80211.h>
15 17
16#include "ieee80211_i.h" 18#include "ieee80211_i.h"
@@ -19,76 +21,30 @@
19#include "aes_ccm.h" 21#include "aes_ccm.h"
20#include "wpa.h" 22#include "wpa.h"
21 23
22static int ieee80211_get_hdr_info(const struct sk_buff *skb, u8 **sa, u8 **da,
23 u8 *qos_tid, u8 **data, size_t *data_len)
24{
25 struct ieee80211_hdr *hdr;
26 size_t hdrlen;
27 u16 fc;
28 int a4_included;
29 u8 *pos;
30
31 hdr = (struct ieee80211_hdr *) skb->data;
32 fc = le16_to_cpu(hdr->frame_control);
33
34 hdrlen = 24;
35 if ((fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) ==
36 (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) {
37 hdrlen += ETH_ALEN;
38 *sa = hdr->addr4;
39 *da = hdr->addr3;
40 } else if (fc & IEEE80211_FCTL_FROMDS) {
41 *sa = hdr->addr3;
42 *da = hdr->addr1;
43 } else if (fc & IEEE80211_FCTL_TODS) {
44 *sa = hdr->addr2;
45 *da = hdr->addr3;
46 } else {
47 *sa = hdr->addr2;
48 *da = hdr->addr1;
49 }
50
51 if (fc & 0x80)
52 hdrlen += 2;
53
54 *data = skb->data + hdrlen;
55 *data_len = skb->len - hdrlen;
56
57 a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
58 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS);
59 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA &&
60 fc & IEEE80211_STYPE_QOS_DATA) {
61 pos = (u8 *) &hdr->addr4;
62 if (a4_included)
63 pos += 6;
64 *qos_tid = pos[0] & 0x0f;
65 *qos_tid |= 0x80; /* qos_included flag */
66 } else
67 *qos_tid = 0;
68
69 return skb->len < hdrlen ? -1 : 0;
70}
71
72
73ieee80211_tx_result 24ieee80211_tx_result
74ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 25ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
75{ 26{
76 u8 *data, *sa, *da, *key, *mic, qos_tid; 27 u8 *data, *key, *mic, key_offset;
77 size_t data_len; 28 size_t data_len;
78 u16 fc; 29 unsigned int hdrlen;
30 struct ieee80211_hdr *hdr;
79 struct sk_buff *skb = tx->skb; 31 struct sk_buff *skb = tx->skb;
80 int authenticator; 32 int authenticator;
81 int wpa_test = 0; 33 int wpa_test = 0;
34 int tail;
82 35
83 fc = tx->fc; 36 hdr = (struct ieee80211_hdr *)skb->data;
84
85 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 || 37 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 ||
86 !WLAN_FC_DATA_PRESENT(fc)) 38 !ieee80211_is_data_present(hdr->frame_control))
87 return TX_CONTINUE; 39 return TX_CONTINUE;
88 40
89 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len)) 41 hdrlen = ieee80211_hdrlen(hdr->frame_control);
42 if (skb->len < hdrlen)
90 return TX_DROP; 43 return TX_DROP;
91 44
45 data = skb->data + hdrlen;
46 data_len = skb->len - hdrlen;
47
92 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && 48 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
93 !(tx->flags & IEEE80211_TX_FRAGMENTED) && 49 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
94 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) && 50 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) &&
@@ -98,26 +54,27 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
98 return TX_CONTINUE; 54 return TX_CONTINUE;
99 } 55 }
100 56
101 if (skb_tailroom(skb) < MICHAEL_MIC_LEN) { 57 tail = MICHAEL_MIC_LEN;
102 I802_DEBUG_INC(tx->local->tx_expand_skb_head); 58 if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
103 if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN, 59 tail += TKIP_ICV_LEN;
104 MICHAEL_MIC_LEN + TKIP_ICV_LEN, 60
105 GFP_ATOMIC))) { 61 if (WARN_ON(skb_tailroom(skb) < tail ||
106 printk(KERN_DEBUG "%s: failed to allocate more memory " 62 skb_headroom(skb) < TKIP_IV_LEN))
107 "for Michael MIC\n", tx->dev->name); 63 return TX_DROP;
108 return TX_DROP;
109 }
110 }
111 64
112#if 0 65#if 0
113 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */ 66 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
114#else 67#else
115 authenticator = 1; 68 authenticator = 1;
116#endif 69#endif
117 key = &tx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_TX_MIC_KEY : 70 /* At this point we know we're using ALG_TKIP. To get the MIC key
118 ALG_TKIP_TEMP_AUTH_RX_MIC_KEY]; 71 * we now will rely on the offset from the ieee80211_key_conf::key */
72 key_offset = authenticator ?
73 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
74 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
75 key = &tx->key->conf.key[key_offset];
119 mic = skb_put(skb, MICHAEL_MIC_LEN); 76 mic = skb_put(skb, MICHAEL_MIC_LEN);
120 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic); 77 michael_mic(key, hdr, data, data_len, mic);
121 78
122 return TX_CONTINUE; 79 return TX_CONTINUE;
123} 80}
@@ -126,47 +83,50 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
126ieee80211_rx_result 83ieee80211_rx_result
127ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 84ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
128{ 85{
129 u8 *data, *sa, *da, *key = NULL, qos_tid; 86 u8 *data, *key = NULL, key_offset;
130 size_t data_len; 87 size_t data_len;
131 u16 fc; 88 unsigned int hdrlen;
89 struct ieee80211_hdr *hdr;
132 u8 mic[MICHAEL_MIC_LEN]; 90 u8 mic[MICHAEL_MIC_LEN];
133 struct sk_buff *skb = rx->skb; 91 struct sk_buff *skb = rx->skb;
134 int authenticator = 1, wpa_test = 0; 92 int authenticator = 1, wpa_test = 0;
135 DECLARE_MAC_BUF(mac); 93 DECLARE_MAC_BUF(mac);
136 94
137 fc = rx->fc;
138
139 /* 95 /*
140 * No way to verify the MIC if the hardware stripped it 96 * No way to verify the MIC if the hardware stripped it
141 */ 97 */
142 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED) 98 if (rx->status->flag & RX_FLAG_MMIC_STRIPPED)
143 return RX_CONTINUE; 99 return RX_CONTINUE;
144 100
101 hdr = (struct ieee80211_hdr *)skb->data;
145 if (!rx->key || rx->key->conf.alg != ALG_TKIP || 102 if (!rx->key || rx->key->conf.alg != ALG_TKIP ||
146 !(rx->fc & IEEE80211_FCTL_PROTECTED) || !WLAN_FC_DATA_PRESENT(fc)) 103 !ieee80211_has_protected(hdr->frame_control) ||
104 !ieee80211_is_data_present(hdr->frame_control))
147 return RX_CONTINUE; 105 return RX_CONTINUE;
148 106
149 if (ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len) 107 hdrlen = ieee80211_hdrlen(hdr->frame_control);
150 || data_len < MICHAEL_MIC_LEN) 108 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
151 return RX_DROP_UNUSABLE; 109 return RX_DROP_UNUSABLE;
152 110
153 data_len -= MICHAEL_MIC_LEN; 111 data = skb->data + hdrlen;
112 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
154 113
155#if 0 114#if 0
156 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */ 115 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
157#else 116#else
158 authenticator = 1; 117 authenticator = 1;
159#endif 118#endif
160 key = &rx->key->conf.key[authenticator ? ALG_TKIP_TEMP_AUTH_RX_MIC_KEY : 119 /* At this point we know we're using ALG_TKIP. To get the MIC key
161 ALG_TKIP_TEMP_AUTH_TX_MIC_KEY]; 120 * we now will rely on the offset from the ieee80211_key_conf::key */
162 michael_mic(key, da, sa, qos_tid & 0x0f, data, data_len, mic); 121 key_offset = authenticator ?
122 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
123 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
124 key = &rx->key->conf.key[key_offset];
125 michael_mic(key, hdr, data, data_len, mic);
163 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) { 126 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) {
164 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 127 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
165 return RX_DROP_UNUSABLE; 128 return RX_DROP_UNUSABLE;
166 129
167 printk(KERN_DEBUG "%s: invalid Michael MIC in data frame from "
168 "%s\n", rx->dev->name, print_mac(mac, sa));
169
170 mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx, 130 mac80211_ev_michael_mic_failure(rx->dev, rx->key->conf.keyidx,
171 (void *) skb->data); 131 (void *) skb->data);
172 return RX_DROP_UNUSABLE; 132 return RX_DROP_UNUSABLE;
@@ -176,59 +136,58 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
176 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 136 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
177 137
178 /* update IV in key information to be able to detect replays */ 138 /* update IV in key information to be able to detect replays */
179 rx->key->u.tkip.iv32_rx[rx->queue] = rx->tkip_iv32; 139 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
180 rx->key->u.tkip.iv16_rx[rx->queue] = rx->tkip_iv16; 140 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
181 141
182 return RX_CONTINUE; 142 return RX_CONTINUE;
183} 143}
184 144
185 145
186static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, 146static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
187 struct sk_buff *skb, int test)
188{ 147{
189 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 148 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
190 struct ieee80211_key *key = tx->key; 149 struct ieee80211_key *key = tx->key;
191 int hdrlen, len, tailneed; 150 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
192 u16 fc; 151 unsigned int hdrlen;
152 int len, tail;
193 u8 *pos; 153 u8 *pos;
194 154
195 fc = le16_to_cpu(hdr->frame_control); 155 info->control.icv_len = TKIP_ICV_LEN;
196 hdrlen = ieee80211_get_hdrlen(fc); 156 info->control.iv_len = TKIP_IV_LEN;
157
158 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
159 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
160 /* hwaccel - with no need for preallocated room for IV/ICV */
161 info->control.hw_key = &tx->key->conf;
162 return 0;
163 }
164
165 hdrlen = ieee80211_hdrlen(hdr->frame_control);
197 len = skb->len - hdrlen; 166 len = skb->len - hdrlen;
198 167
199 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) 168 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
200 tailneed = 0; 169 tail = 0;
201 else 170 else
202 tailneed = TKIP_ICV_LEN; 171 tail = TKIP_ICV_LEN;
203 172
204 if ((skb_headroom(skb) < TKIP_IV_LEN || 173 if (WARN_ON(skb_tailroom(skb) < tail ||
205 skb_tailroom(skb) < tailneed)) { 174 skb_headroom(skb) < TKIP_IV_LEN))
206 I802_DEBUG_INC(tx->local->tx_expand_skb_head); 175 return -1;
207 if (unlikely(pskb_expand_head(skb, TKIP_IV_LEN, tailneed,
208 GFP_ATOMIC)))
209 return -1;
210 }
211 176
212 pos = skb_push(skb, TKIP_IV_LEN); 177 pos = skb_push(skb, TKIP_IV_LEN);
213 memmove(pos, pos + TKIP_IV_LEN, hdrlen); 178 memmove(pos, pos + TKIP_IV_LEN, hdrlen);
214 pos += hdrlen; 179 pos += hdrlen;
215 180
216 /* Increase IV for the frame */ 181 /* Increase IV for the frame */
217 key->u.tkip.iv16++; 182 key->u.tkip.tx.iv16++;
218 if (key->u.tkip.iv16 == 0) 183 if (key->u.tkip.tx.iv16 == 0)
219 key->u.tkip.iv32++; 184 key->u.tkip.tx.iv32++;
220 185
221 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 186 if (tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
222 hdr = (struct ieee80211_hdr *)skb->data;
223
224 /* hwaccel - with preallocated room for IV */ 187 /* hwaccel - with preallocated room for IV */
225 ieee80211_tkip_add_iv(pos, key, 188 ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
226 (u8) (key->u.tkip.iv16 >> 8),
227 (u8) (((key->u.tkip.iv16 >> 8) | 0x20) &
228 0x7f),
229 (u8) key->u.tkip.iv16);
230 189
231 tx->control->key_idx = tx->key->conf.hw_key_idx; 190 info->control.hw_key = &tx->key->conf;
232 return 0; 191 return 0;
233 } 192 }
234 193
@@ -246,28 +205,16 @@ ieee80211_tx_result
246ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx) 205ieee80211_crypto_tkip_encrypt(struct ieee80211_tx_data *tx)
247{ 206{
248 struct sk_buff *skb = tx->skb; 207 struct sk_buff *skb = tx->skb;
249 int wpa_test = 0, test = 0;
250 208
251 tx->control->icv_len = TKIP_ICV_LEN;
252 tx->control->iv_len = TKIP_IV_LEN;
253 ieee80211_tx_set_protected(tx); 209 ieee80211_tx_set_protected(tx);
254 210
255 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && 211 if (tkip_encrypt_skb(tx, skb) < 0)
256 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) &&
257 !wpa_test) {
258 /* hwaccel - with no need for preallocated room for IV/ICV */
259 tx->control->key_idx = tx->key->conf.hw_key_idx;
260 return TX_CONTINUE;
261 }
262
263 if (tkip_encrypt_skb(tx, skb, test) < 0)
264 return TX_DROP; 212 return TX_DROP;
265 213
266 if (tx->extra_frag) { 214 if (tx->extra_frag) {
267 int i; 215 int i;
268 for (i = 0; i < tx->num_extra_frag; i++) { 216 for (i = 0; i < tx->num_extra_frag; i++) {
269 if (tkip_encrypt_skb(tx, tx->extra_frag[i], test) 217 if (tkip_encrypt_skb(tx, tx->extra_frag[i]) < 0)
270 < 0)
271 return TX_DROP; 218 return TX_DROP;
272 } 219 }
273 } 220 }
@@ -280,16 +227,14 @@ ieee80211_rx_result
280ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 227ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
281{ 228{
282 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 229 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
283 u16 fc;
284 int hdrlen, res, hwaccel = 0, wpa_test = 0; 230 int hdrlen, res, hwaccel = 0, wpa_test = 0;
285 struct ieee80211_key *key = rx->key; 231 struct ieee80211_key *key = rx->key;
286 struct sk_buff *skb = rx->skb; 232 struct sk_buff *skb = rx->skb;
287 DECLARE_MAC_BUF(mac); 233 DECLARE_MAC_BUF(mac);
288 234
289 fc = le16_to_cpu(hdr->frame_control); 235 hdrlen = ieee80211_hdrlen(hdr->frame_control);
290 hdrlen = ieee80211_get_hdrlen(fc);
291 236
292 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) 237 if (!ieee80211_is_data(hdr->frame_control))
293 return RX_CONTINUE; 238 return RX_CONTINUE;
294 239
295 if (!rx->sta || skb->len - hdrlen < 12) 240 if (!rx->sta || skb->len - hdrlen < 12)
@@ -315,15 +260,8 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
315 hdr->addr1, hwaccel, rx->queue, 260 hdr->addr1, hwaccel, rx->queue,
316 &rx->tkip_iv32, 261 &rx->tkip_iv32,
317 &rx->tkip_iv16); 262 &rx->tkip_iv16);
318 if (res != TKIP_DECRYPT_OK || wpa_test) { 263 if (res != TKIP_DECRYPT_OK || wpa_test)
319#ifdef CONFIG_MAC80211_DEBUG
320 if (net_ratelimit())
321 printk(KERN_DEBUG "%s: TKIP decrypt failed for RX "
322 "frame from %s (res=%d)\n", rx->dev->name,
323 print_mac(mac, rx->sta->addr), res);
324#endif /* CONFIG_MAC80211_DEBUG */
325 return RX_DROP_UNUSABLE; 264 return RX_DROP_UNUSABLE;
326 }
327 265
328 /* Trim ICV */ 266 /* Trim ICV */
329 skb_trim(skb, skb->len - TKIP_ICV_LEN); 267 skb_trim(skb, skb->len - TKIP_ICV_LEN);
@@ -336,70 +274,68 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
336} 274}
337 275
338 276
339static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *b_0, u8 *aad, 277static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch,
340 int encrypted) 278 int encrypted)
341{ 279{
342 u16 fc; 280 __le16 mask_fc;
343 int a4_included, qos_included; 281 int a4_included;
344 u8 qos_tid, *fc_pos, *data, *sa, *da; 282 u8 qos_tid;
345 int len_a; 283 u8 *b_0, *aad;
346 size_t data_len; 284 u16 data_len, len_a;
347 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 285 unsigned int hdrlen;
286 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
348 287
349 fc_pos = (u8 *) &hdr->frame_control; 288 b_0 = scratch + 3 * AES_BLOCK_LEN;
350 fc = fc_pos[0] ^ (fc_pos[1] << 8); 289 aad = scratch + 4 * AES_BLOCK_LEN;
351 a4_included = (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == 290
352 (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS); 291 /*
353 292 * Mask FC: zero subtype b4 b5 b6
354 ieee80211_get_hdr_info(skb, &sa, &da, &qos_tid, &data, &data_len); 293 * Retry, PwrMgt, MoreData; set Protected
355 data_len -= CCMP_HDR_LEN + (encrypted ? CCMP_MIC_LEN : 0); 294 */
356 if (qos_tid & 0x80) { 295 mask_fc = hdr->frame_control;
357 qos_included = 1; 296 mask_fc &= ~cpu_to_le16(0x0070 | IEEE80211_FCTL_RETRY |
358 qos_tid &= 0x0f; 297 IEEE80211_FCTL_PM | IEEE80211_FCTL_MOREDATA);
359 } else 298 mask_fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
360 qos_included = 0; 299
361 /* First block, b_0 */ 300 hdrlen = ieee80211_hdrlen(hdr->frame_control);
301 len_a = hdrlen - 2;
302 a4_included = ieee80211_has_a4(hdr->frame_control);
303
304 if (ieee80211_is_data_qos(hdr->frame_control))
305 qos_tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
306 else
307 qos_tid = 0;
308
309 data_len = skb->len - hdrlen - CCMP_HDR_LEN;
310 if (encrypted)
311 data_len -= CCMP_MIC_LEN;
362 312
313 /* First block, b_0 */
363 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */ 314 b_0[0] = 0x59; /* flags: Adata: 1, M: 011, L: 001 */
364 /* Nonce: QoS Priority | A2 | PN */ 315 /* Nonce: QoS Priority | A2 | PN */
365 b_0[1] = qos_tid; 316 b_0[1] = qos_tid;
366 memcpy(&b_0[2], hdr->addr2, 6); 317 memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
367 memcpy(&b_0[8], pn, CCMP_PN_LEN); 318 memcpy(&b_0[8], pn, CCMP_PN_LEN);
368 /* l(m) */ 319 /* l(m) */
369 b_0[14] = (data_len >> 8) & 0xff; 320 put_unaligned_be16(data_len, &b_0[14]);
370 b_0[15] = data_len & 0xff;
371
372 321
373 /* AAD (extra authenticate-only data) / masked 802.11 header 322 /* AAD (extra authenticate-only data) / masked 802.11 header
374 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */ 323 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
375 324 put_unaligned_be16(len_a, &aad[0]);
376 len_a = a4_included ? 28 : 22; 325 put_unaligned(mask_fc, (__le16 *)&aad[2]);
377 if (qos_included) 326 memcpy(&aad[4], &hdr->addr1, 3 * ETH_ALEN);
378 len_a += 2;
379
380 aad[0] = 0; /* (len_a >> 8) & 0xff; */
381 aad[1] = len_a & 0xff;
382 /* Mask FC: zero subtype b4 b5 b6 */
383 aad[2] = fc_pos[0] & ~(BIT(4) | BIT(5) | BIT(6));
384 /* Retry, PwrMgt, MoreData; set Protected */
385 aad[3] = (fc_pos[1] & ~(BIT(3) | BIT(4) | BIT(5))) | BIT(6);
386 memcpy(&aad[4], &hdr->addr1, 18);
387 327
388 /* Mask Seq#, leave Frag# */ 328 /* Mask Seq#, leave Frag# */
389 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f; 329 aad[22] = *((u8 *) &hdr->seq_ctrl) & 0x0f;
390 aad[23] = 0; 330 aad[23] = 0;
331
391 if (a4_included) { 332 if (a4_included) {
392 memcpy(&aad[24], hdr->addr4, 6); 333 memcpy(&aad[24], hdr->addr4, ETH_ALEN);
393 aad[30] = 0; 334 aad[30] = qos_tid;
394 aad[31] = 0; 335 aad[31] = 0;
395 } else 336 } else {
396 memset(&aad[24], 0, 8); 337 memset(&aad[24], 0, ETH_ALEN + IEEE80211_QOS_CTL_LEN);
397 if (qos_included) { 338 aad[24] = qos_tid;
398 u8 *dpos = &aad[a4_included ? 30 : 24];
399
400 /* Mask QoS Control field */
401 dpos[0] = qos_tid;
402 dpos[1] = 0;
403 } 339 }
404} 340}
405 341
@@ -429,36 +365,37 @@ static inline int ccmp_hdr2pn(u8 *pn, u8 *hdr)
429} 365}
430 366
431 367
432static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, 368static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
433 struct sk_buff *skb, int test)
434{ 369{
435 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 370 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
436 struct ieee80211_key *key = tx->key; 371 struct ieee80211_key *key = tx->key;
437 int hdrlen, len, tailneed; 372 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
438 u16 fc; 373 int hdrlen, len, tail;
439 u8 *pos, *pn, *b_0, *aad, *scratch; 374 u8 *pos, *pn;
440 int i; 375 int i;
441 376
442 scratch = key->u.ccmp.tx_crypto_buf; 377 info->control.icv_len = CCMP_MIC_LEN;
443 b_0 = scratch + 3 * AES_BLOCK_LEN; 378 info->control.iv_len = CCMP_HDR_LEN;
444 aad = scratch + 4 * AES_BLOCK_LEN;
445 379
446 fc = le16_to_cpu(hdr->frame_control); 380 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
447 hdrlen = ieee80211_get_hdrlen(fc); 381 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
382 /* hwaccel - with no need for preallocated room for CCMP "
383 * header or MIC fields */
384 info->control.hw_key = &tx->key->conf;
385 return 0;
386 }
387
388 hdrlen = ieee80211_hdrlen(hdr->frame_control);
448 len = skb->len - hdrlen; 389 len = skb->len - hdrlen;
449 390
450 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) 391 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
451 tailneed = 0; 392 tail = 0;
452 else 393 else
453 tailneed = CCMP_MIC_LEN; 394 tail = CCMP_MIC_LEN;
454 395
455 if ((skb_headroom(skb) < CCMP_HDR_LEN || 396 if (WARN_ON(skb_tailroom(skb) < tail ||
456 skb_tailroom(skb) < tailneed)) { 397 skb_headroom(skb) < CCMP_HDR_LEN))
457 I802_DEBUG_INC(tx->local->tx_expand_skb_head); 398 return -1;
458 if (unlikely(pskb_expand_head(skb, CCMP_HDR_LEN, tailneed,
459 GFP_ATOMIC)))
460 return -1;
461 }
462 399
463 pos = skb_push(skb, CCMP_HDR_LEN); 400 pos = skb_push(skb, CCMP_HDR_LEN);
464 memmove(pos, pos + CCMP_HDR_LEN, hdrlen); 401 memmove(pos, pos + CCMP_HDR_LEN, hdrlen);
@@ -478,13 +415,13 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx,
478 415
479 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 416 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
480 /* hwaccel - with preallocated room for CCMP header */ 417 /* hwaccel - with preallocated room for CCMP header */
481 tx->control->key_idx = key->conf.hw_key_idx; 418 info->control.hw_key = &tx->key->conf;
482 return 0; 419 return 0;
483 } 420 }
484 421
485 pos += CCMP_HDR_LEN; 422 pos += CCMP_HDR_LEN;
486 ccmp_special_blocks(skb, pn, b_0, aad, 0); 423 ccmp_special_blocks(skb, pn, key->u.ccmp.tx_crypto_buf, 0);
487 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, b_0, aad, pos, len, 424 ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, key->u.ccmp.tx_crypto_buf, pos, len,
488 pos, skb_put(skb, CCMP_MIC_LEN)); 425 pos, skb_put(skb, CCMP_MIC_LEN));
489 426
490 return 0; 427 return 0;
@@ -495,28 +432,16 @@ ieee80211_tx_result
495ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx) 432ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
496{ 433{
497 struct sk_buff *skb = tx->skb; 434 struct sk_buff *skb = tx->skb;
498 int test = 0;
499 435
500 tx->control->icv_len = CCMP_MIC_LEN;
501 tx->control->iv_len = CCMP_HDR_LEN;
502 ieee80211_tx_set_protected(tx); 436 ieee80211_tx_set_protected(tx);
503 437
504 if ((tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) && 438 if (ccmp_encrypt_skb(tx, skb) < 0)
505 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
506 /* hwaccel - with no need for preallocated room for CCMP "
507 * header or MIC fields */
508 tx->control->key_idx = tx->key->conf.hw_key_idx;
509 return TX_CONTINUE;
510 }
511
512 if (ccmp_encrypt_skb(tx, skb, test) < 0)
513 return TX_DROP; 439 return TX_DROP;
514 440
515 if (tx->extra_frag) { 441 if (tx->extra_frag) {
516 int i; 442 int i;
517 for (i = 0; i < tx->num_extra_frag; i++) { 443 for (i = 0; i < tx->num_extra_frag; i++) {
518 if (ccmp_encrypt_skb(tx, tx->extra_frag[i], test) 444 if (ccmp_encrypt_skb(tx, tx->extra_frag[i]) < 0)
519 < 0)
520 return TX_DROP; 445 return TX_DROP;
521 } 446 }
522 } 447 }
@@ -528,8 +453,7 @@ ieee80211_crypto_ccmp_encrypt(struct ieee80211_tx_data *tx)
528ieee80211_rx_result 453ieee80211_rx_result
529ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) 454ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
530{ 455{
531 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 456 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
532 u16 fc;
533 int hdrlen; 457 int hdrlen;
534 struct ieee80211_key *key = rx->key; 458 struct ieee80211_key *key = rx->key;
535 struct sk_buff *skb = rx->skb; 459 struct sk_buff *skb = rx->skb;
@@ -537,10 +461,9 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
537 int data_len; 461 int data_len;
538 DECLARE_MAC_BUF(mac); 462 DECLARE_MAC_BUF(mac);
539 463
540 fc = le16_to_cpu(hdr->frame_control); 464 hdrlen = ieee80211_hdrlen(hdr->frame_control);
541 hdrlen = ieee80211_get_hdrlen(fc);
542 465
543 if ((rx->fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) 466 if (!ieee80211_is_data(hdr->frame_control))
544 return RX_CONTINUE; 467 return RX_CONTINUE;
545 468
546 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN; 469 data_len = skb->len - hdrlen - CCMP_HDR_LEN - CCMP_MIC_LEN;
@@ -554,41 +477,19 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
554 (void) ccmp_hdr2pn(pn, skb->data + hdrlen); 477 (void) ccmp_hdr2pn(pn, skb->data + hdrlen);
555 478
556 if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) { 479 if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) {
557#ifdef CONFIG_MAC80211_DEBUG
558 u8 *ppn = key->u.ccmp.rx_pn[rx->queue];
559
560 printk(KERN_DEBUG "%s: CCMP replay detected for RX frame from "
561 "%s (RX PN %02x%02x%02x%02x%02x%02x <= prev. PN "
562 "%02x%02x%02x%02x%02x%02x)\n", rx->dev->name,
563 print_mac(mac, rx->sta->addr),
564 pn[0], pn[1], pn[2], pn[3], pn[4], pn[5],
565 ppn[0], ppn[1], ppn[2], ppn[3], ppn[4], ppn[5]);
566#endif /* CONFIG_MAC80211_DEBUG */
567 key->u.ccmp.replays++; 480 key->u.ccmp.replays++;
568 return RX_DROP_UNUSABLE; 481 return RX_DROP_UNUSABLE;
569 } 482 }
570 483
571 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) { 484 if (!(rx->status->flag & RX_FLAG_DECRYPTED)) {
572 /* hardware didn't decrypt/verify MIC */ 485 /* hardware didn't decrypt/verify MIC */
573 u8 *scratch, *b_0, *aad; 486 ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1);
574
575 scratch = key->u.ccmp.rx_crypto_buf;
576 b_0 = scratch + 3 * AES_BLOCK_LEN;
577 aad = scratch + 4 * AES_BLOCK_LEN;
578
579 ccmp_special_blocks(skb, pn, b_0, aad, 1);
580 487
581 if (ieee80211_aes_ccm_decrypt( 488 if (ieee80211_aes_ccm_decrypt(
582 key->u.ccmp.tfm, scratch, b_0, aad, 489 key->u.ccmp.tfm, key->u.ccmp.rx_crypto_buf,
583 skb->data + hdrlen + CCMP_HDR_LEN, data_len, 490 skb->data + hdrlen + CCMP_HDR_LEN, data_len,
584 skb->data + skb->len - CCMP_MIC_LEN, 491 skb->data + skb->len - CCMP_MIC_LEN,
585 skb->data + hdrlen + CCMP_HDR_LEN)) { 492 skb->data + hdrlen + CCMP_HDR_LEN)) {
586#ifdef CONFIG_MAC80211_DEBUG
587 if (net_ratelimit())
588 printk(KERN_DEBUG "%s: CCMP decrypt failed "
589 "for RX frame from %s\n", rx->dev->name,
590 print_mac(mac, rx->sta->addr));
591#endif /* CONFIG_MAC80211_DEBUG */
592 return RX_DROP_UNUSABLE; 493 return RX_DROP_UNUSABLE;
593 } 494 }
594 } 495 }
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index aa8d80c35e28..ee898e74808d 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -33,9 +33,8 @@ config NF_CONNTRACK
33 into connections. 33 into connections.
34 34
35 This is required to do Masquerading or other kinds of Network 35 This is required to do Masquerading or other kinds of Network
36 Address Translation (except for Fast NAT). It can also be used to 36 Address Translation. It can also be used to enhance packet
37 enhance packet filtering (see `Connection state match support' 37 filtering (see `Connection state match support' below).
38 below).
39 38
40 To compile it as a module, choose M here. If unsure, say N. 39 To compile it as a module, choose M here. If unsure, say N.
41 40
@@ -50,6 +49,15 @@ config NF_CT_ACCT
50 Those counters can be used for flow-based accounting or the 49 Those counters can be used for flow-based accounting or the
51 `connbytes' match. 50 `connbytes' match.
52 51
52 Please note that currently this option only sets a default state.
53 You may change it at boot time with nf_conntrack.acct=0/1 kernel
54 paramater or by loading the nf_conntrack module with acct=0/1.
55
56 You may also disable/enable it on a running system with:
57 sysctl net.netfilter.nf_conntrack_acct=0/1
58
59 This option will be removed in 2.6.29.
60
53 If unsure, say `N'. 61 If unsure, say `N'.
54 62
55config NF_CONNTRACK_MARK 63config NF_CONNTRACK_MARK
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 5c4b183f6422..3bd2cc556aea 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -1,6 +1,6 @@
1netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o 1netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o
2 2
3nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_proto.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o nf_conntrack_extend.o 3nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_proto.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o nf_conntrack_extend.o nf_conntrack_acct.o
4nf_conntrack-$(CONFIG_NF_CONNTRACK_EVENTS) += nf_conntrack_ecache.o 4nf_conntrack-$(CONFIG_NF_CONNTRACK_EVENTS) += nf_conntrack_ecache.o
5 5
6obj-$(CONFIG_NETFILTER) = netfilter.o 6obj-$(CONFIG_NETFILTER) = netfilter.o
diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c
new file mode 100644
index 000000000000..59bd8b903a19
--- /dev/null
+++ b/net/netfilter/nf_conntrack_acct.c
@@ -0,0 +1,104 @@
1/* Accouting handling for netfilter. */
2
3/*
4 * (C) 2008 Krzysztof Piotr Oledzki <ole@ans.pl>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <linux/netfilter.h>
12#include <linux/kernel.h>
13#include <linux/moduleparam.h>
14
15#include <net/netfilter/nf_conntrack.h>
16#include <net/netfilter/nf_conntrack_extend.h>
17#include <net/netfilter/nf_conntrack_acct.h>
18
19#ifdef CONFIG_NF_CT_ACCT
20#define NF_CT_ACCT_DEFAULT 1
21#else
22#define NF_CT_ACCT_DEFAULT 0
23#endif
24
25int nf_ct_acct __read_mostly = NF_CT_ACCT_DEFAULT;
26EXPORT_SYMBOL_GPL(nf_ct_acct);
27
28module_param_named(acct, nf_ct_acct, bool, 0644);
29MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting.");
30
31#ifdef CONFIG_SYSCTL
32static struct ctl_table_header *acct_sysctl_header;
33static struct ctl_table acct_sysctl_table[] = {
34 {
35 .ctl_name = CTL_UNNUMBERED,
36 .procname = "nf_conntrack_acct",
37 .data = &nf_ct_acct,
38 .maxlen = sizeof(unsigned int),
39 .mode = 0644,
40 .proc_handler = &proc_dointvec,
41 },
42 {}
43};
44#endif /* CONFIG_SYSCTL */
45
46unsigned int
47seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir)
48{
49 struct nf_conn_counter *acct;
50
51 acct = nf_conn_acct_find(ct);
52 if (!acct)
53 return 0;
54
55 return seq_printf(s, "packets=%llu bytes=%llu ",
56 (unsigned long long)acct[dir].packets,
57 (unsigned long long)acct[dir].bytes);
58};
59EXPORT_SYMBOL_GPL(seq_print_acct);
60
61static struct nf_ct_ext_type acct_extend __read_mostly = {
62 .len = sizeof(struct nf_conn_counter[IP_CT_DIR_MAX]),
63 .align = __alignof__(struct nf_conn_counter[IP_CT_DIR_MAX]),
64 .id = NF_CT_EXT_ACCT,
65};
66
67int nf_conntrack_acct_init(void)
68{
69 int ret;
70
71#ifdef CONFIG_NF_CT_ACCT
72 printk(KERN_WARNING "CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Plase use\n");
73 printk(KERN_WARNING "nf_conntrack.acct=1 kernel paramater, acct=1 nf_conntrack module option or\n");
74 printk(KERN_WARNING "sysctl net.netfilter.nf_conntrack_acct=1 to enable it.\n");
75#endif
76
77 ret = nf_ct_extend_register(&acct_extend);
78 if (ret < 0) {
79 printk(KERN_ERR "nf_conntrack_acct: Unable to register extension\n");
80 return ret;
81 }
82
83#ifdef CONFIG_SYSCTL
84 acct_sysctl_header = register_sysctl_paths(nf_net_netfilter_sysctl_path,
85 acct_sysctl_table);
86
87 if (!acct_sysctl_header) {
88 nf_ct_extend_unregister(&acct_extend);
89
90 printk(KERN_ERR "nf_conntrack_acct: can't register to sysctl.\n");
91 return -ENOMEM;
92 }
93#endif
94
95 return 0;
96}
97
98void nf_conntrack_acct_fini(void)
99{
100#ifdef CONFIG_SYSCTL
101 unregister_sysctl_table(acct_sysctl_header);
102#endif
103 nf_ct_extend_unregister(&acct_extend);
104}
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index c4b1799da5d7..9d1830da8e84 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -37,6 +37,7 @@
37#include <net/netfilter/nf_conntrack_helper.h> 37#include <net/netfilter/nf_conntrack_helper.h>
38#include <net/netfilter/nf_conntrack_core.h> 38#include <net/netfilter/nf_conntrack_core.h>
39#include <net/netfilter/nf_conntrack_extend.h> 39#include <net/netfilter/nf_conntrack_extend.h>
40#include <net/netfilter/nf_conntrack_acct.h>
40 41
41#define NF_CONNTRACK_VERSION "0.5.0" 42#define NF_CONNTRACK_VERSION "0.5.0"
42 43
@@ -196,8 +197,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
196 if (l4proto && l4proto->destroy) 197 if (l4proto && l4proto->destroy)
197 l4proto->destroy(ct); 198 l4proto->destroy(ct);
198 199
199 nf_ct_ext_destroy(ct);
200
201 rcu_read_unlock(); 200 rcu_read_unlock();
202 201
203 spin_lock_bh(&nf_conntrack_lock); 202 spin_lock_bh(&nf_conntrack_lock);
@@ -466,7 +465,8 @@ static noinline int early_drop(unsigned int hash)
466} 465}
467 466
468struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig, 467struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
469 const struct nf_conntrack_tuple *repl) 468 const struct nf_conntrack_tuple *repl,
469 gfp_t gfp)
470{ 470{
471 struct nf_conn *ct = NULL; 471 struct nf_conn *ct = NULL;
472 472
@@ -491,7 +491,7 @@ struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
491 } 491 }
492 } 492 }
493 493
494 ct = kmem_cache_zalloc(nf_conntrack_cachep, GFP_ATOMIC); 494 ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp);
495 if (ct == NULL) { 495 if (ct == NULL) {
496 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); 496 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
497 atomic_dec(&nf_conntrack_count); 497 atomic_dec(&nf_conntrack_count);
@@ -520,6 +520,7 @@ static void nf_conntrack_free_rcu(struct rcu_head *head)
520 520
521void nf_conntrack_free(struct nf_conn *ct) 521void nf_conntrack_free(struct nf_conn *ct)
522{ 522{
523 nf_ct_ext_destroy(ct);
523 call_rcu(&ct->rcu, nf_conntrack_free_rcu); 524 call_rcu(&ct->rcu, nf_conntrack_free_rcu);
524} 525}
525EXPORT_SYMBOL_GPL(nf_conntrack_free); 526EXPORT_SYMBOL_GPL(nf_conntrack_free);
@@ -543,7 +544,7 @@ init_conntrack(const struct nf_conntrack_tuple *tuple,
543 return NULL; 544 return NULL;
544 } 545 }
545 546
546 ct = nf_conntrack_alloc(tuple, &repl_tuple); 547 ct = nf_conntrack_alloc(tuple, &repl_tuple, GFP_ATOMIC);
547 if (ct == NULL || IS_ERR(ct)) { 548 if (ct == NULL || IS_ERR(ct)) {
548 pr_debug("Can't allocate conntrack.\n"); 549 pr_debug("Can't allocate conntrack.\n");
549 return (struct nf_conntrack_tuple_hash *)ct; 550 return (struct nf_conntrack_tuple_hash *)ct;
@@ -555,6 +556,8 @@ init_conntrack(const struct nf_conntrack_tuple *tuple,
555 return NULL; 556 return NULL;
556 } 557 }
557 558
559 nf_ct_acct_ext_add(ct, GFP_ATOMIC);
560
558 spin_lock_bh(&nf_conntrack_lock); 561 spin_lock_bh(&nf_conntrack_lock);
559 exp = nf_ct_find_expectation(tuple); 562 exp = nf_ct_find_expectation(tuple);
560 if (exp) { 563 if (exp) {
@@ -828,17 +831,16 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
828 } 831 }
829 832
830acct: 833acct:
831#ifdef CONFIG_NF_CT_ACCT
832 if (do_acct) { 834 if (do_acct) {
833 ct->counters[CTINFO2DIR(ctinfo)].packets++; 835 struct nf_conn_counter *acct;
834 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
835 skb->len - skb_network_offset(skb);
836 836
837 if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000) 837 acct = nf_conn_acct_find(ct);
838 || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000)) 838 if (acct) {
839 event |= IPCT_COUNTER_FILLING; 839 acct[CTINFO2DIR(ctinfo)].packets++;
840 acct[CTINFO2DIR(ctinfo)].bytes +=
841 skb->len - skb_network_offset(skb);
842 }
840 } 843 }
841#endif
842 844
843 spin_unlock_bh(&nf_conntrack_lock); 845 spin_unlock_bh(&nf_conntrack_lock);
844 846
@@ -848,6 +850,32 @@ acct:
848} 850}
849EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct); 851EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
850 852
853bool __nf_ct_kill_acct(struct nf_conn *ct,
854 enum ip_conntrack_info ctinfo,
855 const struct sk_buff *skb,
856 int do_acct)
857{
858 if (do_acct) {
859 struct nf_conn_counter *acct;
860
861 spin_lock_bh(&nf_conntrack_lock);
862 acct = nf_conn_acct_find(ct);
863 if (acct) {
864 acct[CTINFO2DIR(ctinfo)].packets++;
865 acct[CTINFO2DIR(ctinfo)].bytes +=
866 skb->len - skb_network_offset(skb);
867 }
868 spin_unlock_bh(&nf_conntrack_lock);
869 }
870
871 if (del_timer(&ct->timeout)) {
872 ct->timeout.function((unsigned long)ct);
873 return true;
874 }
875 return false;
876}
877EXPORT_SYMBOL_GPL(__nf_ct_kill_acct);
878
851#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) 879#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
852 880
853#include <linux/netfilter/nfnetlink.h> 881#include <linux/netfilter/nfnetlink.h>
@@ -1004,9 +1032,10 @@ void nf_conntrack_cleanup(void)
1004 nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc, 1032 nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc,
1005 nf_conntrack_htable_size); 1033 nf_conntrack_htable_size);
1006 1034
1007 nf_conntrack_proto_fini(); 1035 nf_conntrack_acct_fini();
1008 nf_conntrack_helper_fini();
1009 nf_conntrack_expect_fini(); 1036 nf_conntrack_expect_fini();
1037 nf_conntrack_helper_fini();
1038 nf_conntrack_proto_fini();
1010} 1039}
1011 1040
1012struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced) 1041struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced)
@@ -1146,6 +1175,10 @@ int __init nf_conntrack_init(void)
1146 if (ret < 0) 1175 if (ret < 0)
1147 goto out_fini_expect; 1176 goto out_fini_expect;
1148 1177
1178 ret = nf_conntrack_acct_init();
1179 if (ret < 0)
1180 goto out_fini_helper;
1181
1149 /* For use by REJECT target */ 1182 /* For use by REJECT target */
1150 rcu_assign_pointer(ip_ct_attach, nf_conntrack_attach); 1183 rcu_assign_pointer(ip_ct_attach, nf_conntrack_attach);
1151 rcu_assign_pointer(nf_ct_destroy, destroy_conntrack); 1184 rcu_assign_pointer(nf_ct_destroy, destroy_conntrack);
@@ -1158,6 +1191,8 @@ int __init nf_conntrack_init(void)
1158 1191
1159 return ret; 1192 return ret;
1160 1193
1194out_fini_helper:
1195 nf_conntrack_helper_fini();
1161out_fini_expect: 1196out_fini_expect:
1162 nf_conntrack_expect_fini(); 1197 nf_conntrack_expect_fini();
1163out_fini_proto: 1198out_fini_proto:
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index e31beeb33b2b..e8f0dead267f 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -587,10 +587,10 @@ int __init nf_conntrack_expect_init(void)
587 return 0; 587 return 0;
588 588
589err3: 589err3:
590 kmem_cache_destroy(nf_ct_expect_cachep);
591err2:
590 nf_ct_free_hashtable(nf_ct_expect_hash, nf_ct_expect_vmalloc, 592 nf_ct_free_hashtable(nf_ct_expect_hash, nf_ct_expect_vmalloc,
591 nf_ct_expect_hsize); 593 nf_ct_expect_hsize);
592err2:
593 kmem_cache_destroy(nf_ct_expect_cachep);
594err1: 594err1:
595 return err; 595 return err;
596} 596}
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index bcc19fa4ed1e..4b2c769d555f 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -59,12 +59,19 @@ nf_ct_ext_create(struct nf_ct_ext **ext, enum nf_ct_ext_id id, gfp_t gfp)
59 if (!*ext) 59 if (!*ext)
60 return NULL; 60 return NULL;
61 61
62 INIT_RCU_HEAD(&(*ext)->rcu);
62 (*ext)->offset[id] = off; 63 (*ext)->offset[id] = off;
63 (*ext)->len = len; 64 (*ext)->len = len;
64 65
65 return (void *)(*ext) + off; 66 return (void *)(*ext) + off;
66} 67}
67 68
69static void __nf_ct_ext_free_rcu(struct rcu_head *head)
70{
71 struct nf_ct_ext *ext = container_of(head, struct nf_ct_ext, rcu);
72 kfree(ext);
73}
74
68void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) 75void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
69{ 76{
70 struct nf_ct_ext *new; 77 struct nf_ct_ext *new;
@@ -88,13 +95,11 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
88 newlen = newoff + t->len; 95 newlen = newoff + t->len;
89 rcu_read_unlock(); 96 rcu_read_unlock();
90 97
91 if (newlen >= ksize(ct->ext)) { 98 new = __krealloc(ct->ext, newlen, gfp);
92 new = kmalloc(newlen, gfp); 99 if (!new)
93 if (!new) 100 return NULL;
94 return NULL;
95
96 memcpy(new, ct->ext, ct->ext->len);
97 101
102 if (new != ct->ext) {
98 for (i = 0; i < NF_CT_EXT_NUM; i++) { 103 for (i = 0; i < NF_CT_EXT_NUM; i++) {
99 if (!nf_ct_ext_exist(ct, i)) 104 if (!nf_ct_ext_exist(ct, i))
100 continue; 105 continue;
@@ -106,14 +111,14 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
106 (void *)ct->ext + ct->ext->offset[i]); 111 (void *)ct->ext + ct->ext->offset[i]);
107 rcu_read_unlock(); 112 rcu_read_unlock();
108 } 113 }
109 kfree(ct->ext); 114 call_rcu(&ct->ext->rcu, __nf_ct_ext_free_rcu);
110 ct->ext = new; 115 ct->ext = new;
111 } 116 }
112 117
113 ct->ext->offset[id] = newoff; 118 new->offset[id] = newoff;
114 ct->ext->len = newlen; 119 new->len = newlen;
115 memset((void *)ct->ext + newoff, 0, newlen - newoff); 120 memset((void *)new + newoff, 0, newlen - newoff);
116 return (void *)ct->ext + newoff; 121 return (void *)new + newoff;
117} 122}
118EXPORT_SYMBOL(__nf_ct_ext_add); 123EXPORT_SYMBOL(__nf_ct_ext_add);
119 124
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 95da1a24aab7..2f83c158934d 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -619,6 +619,7 @@ static const struct nf_conntrack_expect_policy h245_exp_policy = {
619static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = { 619static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
620 .name = "H.245", 620 .name = "H.245",
621 .me = THIS_MODULE, 621 .me = THIS_MODULE,
622 .tuple.src.l3num = AF_UNSPEC,
622 .tuple.dst.protonum = IPPROTO_UDP, 623 .tuple.dst.protonum = IPPROTO_UDP,
623 .help = h245_help, 624 .help = h245_help,
624 .expect_policy = &h245_exp_policy, 625 .expect_policy = &h245_exp_policy,
@@ -1765,6 +1766,7 @@ static void __exit nf_conntrack_h323_fini(void)
1765 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]); 1766 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
1766 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]); 1767 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
1767 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]); 1768 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
1769 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
1768 kfree(h323_buffer); 1770 kfree(h323_buffer);
1769 pr_debug("nf_ct_h323: fini\n"); 1771 pr_debug("nf_ct_h323: fini\n");
1770} 1772}
@@ -1777,28 +1779,34 @@ static int __init nf_conntrack_h323_init(void)
1777 h323_buffer = kmalloc(65536, GFP_KERNEL); 1779 h323_buffer = kmalloc(65536, GFP_KERNEL);
1778 if (!h323_buffer) 1780 if (!h323_buffer)
1779 return -ENOMEM; 1781 return -ENOMEM;
1780 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]); 1782 ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245);
1781 if (ret < 0) 1783 if (ret < 0)
1782 goto err1; 1784 goto err1;
1783 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]); 1785 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]);
1784 if (ret < 0) 1786 if (ret < 0)
1785 goto err2; 1787 goto err2;
1786 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]); 1788 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]);
1787 if (ret < 0) 1789 if (ret < 0)
1788 goto err3; 1790 goto err3;
1789 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]); 1791 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]);
1790 if (ret < 0) 1792 if (ret < 0)
1791 goto err4; 1793 goto err4;
1794 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]);
1795 if (ret < 0)
1796 goto err5;
1792 pr_debug("nf_ct_h323: init success\n"); 1797 pr_debug("nf_ct_h323: init success\n");
1793 return 0; 1798 return 0;
1794 1799
1795err4: 1800err5:
1796 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]); 1801 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
1797err3: 1802err4:
1798 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]); 1803 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
1799err2: 1804err3:
1800 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]); 1805 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
1806err2:
1807 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
1801err1: 1808err1:
1809 kfree(h323_buffer);
1802 return ret; 1810 return ret;
1803} 1811}
1804 1812
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 7d1b11703741..8e0b4c8f62a8 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -20,6 +20,7 @@
20#include <linux/err.h> 20#include <linux/err.h>
21#include <linux/kernel.h> 21#include <linux/kernel.h>
22#include <linux/netdevice.h> 22#include <linux/netdevice.h>
23#include <linux/rculist.h>
23 24
24#include <net/netfilter/nf_conntrack.h> 25#include <net/netfilter/nf_conntrack.h>
25#include <net/netfilter/nf_conntrack_l3proto.h> 26#include <net/netfilter/nf_conntrack_l3proto.h>
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 0edefcfc5949..a8752031adcb 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -4,7 +4,7 @@
4 * (C) 2001 by Jay Schulist <jschlst@samba.org> 4 * (C) 2001 by Jay Schulist <jschlst@samba.org>
5 * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> 5 * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org>
6 * (C) 2003 by Patrick Mchardy <kaber@trash.net> 6 * (C) 2003 by Patrick Mchardy <kaber@trash.net>
7 * (C) 2005-2007 by Pablo Neira Ayuso <pablo@netfilter.org> 7 * (C) 2005-2008 by Pablo Neira Ayuso <pablo@netfilter.org>
8 * 8 *
9 * Initial connection tracking via netlink development funded and 9 * Initial connection tracking via netlink development funded and
10 * generally made possible by Network Robots, Inc. (www.networkrobots.com) 10 * generally made possible by Network Robots, Inc. (www.networkrobots.com)
@@ -18,6 +18,7 @@
18#include <linux/init.h> 18#include <linux/init.h>
19#include <linux/module.h> 19#include <linux/module.h>
20#include <linux/kernel.h> 20#include <linux/kernel.h>
21#include <linux/rculist.h>
21#include <linux/types.h> 22#include <linux/types.h>
22#include <linux/timer.h> 23#include <linux/timer.h>
23#include <linux/skbuff.h> 24#include <linux/skbuff.h>
@@ -36,6 +37,7 @@
36#include <net/netfilter/nf_conntrack_l3proto.h> 37#include <net/netfilter/nf_conntrack_l3proto.h>
37#include <net/netfilter/nf_conntrack_l4proto.h> 38#include <net/netfilter/nf_conntrack_l4proto.h>
38#include <net/netfilter/nf_conntrack_tuple.h> 39#include <net/netfilter/nf_conntrack_tuple.h>
40#include <net/netfilter/nf_conntrack_acct.h>
39#ifdef CONFIG_NF_NAT_NEEDED 41#ifdef CONFIG_NF_NAT_NEEDED
40#include <net/netfilter/nf_nat_core.h> 42#include <net/netfilter/nf_nat_core.h>
41#include <net/netfilter/nf_nat_protocol.h> 43#include <net/netfilter/nf_nat_protocol.h>
@@ -205,22 +207,26 @@ nla_put_failure:
205 return -1; 207 return -1;
206} 208}
207 209
208#ifdef CONFIG_NF_CT_ACCT
209static int 210static int
210ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct, 211ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct,
211 enum ip_conntrack_dir dir) 212 enum ip_conntrack_dir dir)
212{ 213{
213 enum ctattr_type type = dir ? CTA_COUNTERS_REPLY: CTA_COUNTERS_ORIG; 214 enum ctattr_type type = dir ? CTA_COUNTERS_REPLY: CTA_COUNTERS_ORIG;
214 struct nlattr *nest_count; 215 struct nlattr *nest_count;
216 const struct nf_conn_counter *acct;
217
218 acct = nf_conn_acct_find(ct);
219 if (!acct)
220 return 0;
215 221
216 nest_count = nla_nest_start(skb, type | NLA_F_NESTED); 222 nest_count = nla_nest_start(skb, type | NLA_F_NESTED);
217 if (!nest_count) 223 if (!nest_count)
218 goto nla_put_failure; 224 goto nla_put_failure;
219 225
220 NLA_PUT_BE32(skb, CTA_COUNTERS32_PACKETS, 226 NLA_PUT_BE64(skb, CTA_COUNTERS_PACKETS,
221 htonl(ct->counters[dir].packets)); 227 cpu_to_be64(acct[dir].packets));
222 NLA_PUT_BE32(skb, CTA_COUNTERS32_BYTES, 228 NLA_PUT_BE64(skb, CTA_COUNTERS_BYTES,
223 htonl(ct->counters[dir].bytes)); 229 cpu_to_be64(acct[dir].bytes));
224 230
225 nla_nest_end(skb, nest_count); 231 nla_nest_end(skb, nest_count);
226 232
@@ -229,9 +235,6 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct,
229nla_put_failure: 235nla_put_failure:
230 return -1; 236 return -1;
231} 237}
232#else
233#define ctnetlink_dump_counters(a, b, c) (0)
234#endif
235 238
236#ifdef CONFIG_NF_CONNTRACK_MARK 239#ifdef CONFIG_NF_CONNTRACK_MARK
237static inline int 240static inline int
@@ -475,14 +478,14 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
475 if (ctnetlink_dump_id(skb, ct) < 0) 478 if (ctnetlink_dump_id(skb, ct) < 0)
476 goto nla_put_failure; 479 goto nla_put_failure;
477 480
481 if (ctnetlink_dump_status(skb, ct) < 0)
482 goto nla_put_failure;
483
478 if (events & IPCT_DESTROY) { 484 if (events & IPCT_DESTROY) {
479 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || 485 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
480 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) 486 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
481 goto nla_put_failure; 487 goto nla_put_failure;
482 } else { 488 } else {
483 if (ctnetlink_dump_status(skb, ct) < 0)
484 goto nla_put_failure;
485
486 if (ctnetlink_dump_timeout(skb, ct) < 0) 489 if (ctnetlink_dump_timeout(skb, ct) < 0)
487 goto nla_put_failure; 490 goto nla_put_failure;
488 491
@@ -500,11 +503,6 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
500 goto nla_put_failure; 503 goto nla_put_failure;
501#endif 504#endif
502 505
503 if (events & IPCT_COUNTER_FILLING &&
504 (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
505 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
506 goto nla_put_failure;
507
508 if (events & IPCT_RELATED && 506 if (events & IPCT_RELATED &&
509 ctnetlink_dump_master(skb, ct) < 0) 507 ctnetlink_dump_master(skb, ct) < 0)
510 goto nla_put_failure; 508 goto nla_put_failure;
@@ -575,11 +573,15 @@ restart:
575 cb->args[1] = (unsigned long)ct; 573 cb->args[1] = (unsigned long)ct;
576 goto out; 574 goto out;
577 } 575 }
578#ifdef CONFIG_NF_CT_ACCT 576
579 if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == 577 if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) ==
580 IPCTNL_MSG_CT_GET_CTRZERO) 578 IPCTNL_MSG_CT_GET_CTRZERO) {
581 memset(&ct->counters, 0, sizeof(ct->counters)); 579 struct nf_conn_counter *acct;
582#endif 580
581 acct = nf_conn_acct_find(ct);
582 if (acct)
583 memset(acct, 0, sizeof(struct nf_conn_counter[IP_CT_DIR_MAX]));
584 }
583 } 585 }
584 if (cb->args[1]) { 586 if (cb->args[1]) {
585 cb->args[1] = 0; 587 cb->args[1] = 0;
@@ -812,9 +814,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
812 return -ENOENT; 814 return -ENOENT;
813 } 815 }
814 } 816 }
815 if (del_timer(&ct->timeout))
816 ct->timeout.function((unsigned long)ct);
817 817
818 nf_ct_kill(ct);
818 nf_ct_put(ct); 819 nf_ct_put(ct);
819 820
820 return 0; 821 return 0;
@@ -832,14 +833,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
832 u_int8_t u3 = nfmsg->nfgen_family; 833 u_int8_t u3 = nfmsg->nfgen_family;
833 int err = 0; 834 int err = 0;
834 835
835 if (nlh->nlmsg_flags & NLM_F_DUMP) { 836 if (nlh->nlmsg_flags & NLM_F_DUMP)
836#ifndef CONFIG_NF_CT_ACCT
837 if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO)
838 return -ENOTSUPP;
839#endif
840 return netlink_dump_start(ctnl, skb, nlh, ctnetlink_dump_table, 837 return netlink_dump_start(ctnl, skb, nlh, ctnetlink_dump_table,
841 ctnetlink_done); 838 ctnetlink_done);
842 }
843 839
844 if (cda[CTA_TUPLE_ORIG]) 840 if (cda[CTA_TUPLE_ORIG])
845 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); 841 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3);
@@ -891,20 +887,19 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
891 887
892 if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING)) 888 if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
893 /* unchangeable */ 889 /* unchangeable */
894 return -EINVAL; 890 return -EBUSY;
895 891
896 if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY)) 892 if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY))
897 /* SEEN_REPLY bit can only be set */ 893 /* SEEN_REPLY bit can only be set */
898 return -EINVAL; 894 return -EBUSY;
899
900 895
901 if (d & IPS_ASSURED && !(status & IPS_ASSURED)) 896 if (d & IPS_ASSURED && !(status & IPS_ASSURED))
902 /* ASSURED bit can only be set */ 897 /* ASSURED bit can only be set */
903 return -EINVAL; 898 return -EBUSY;
904 899
905 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { 900 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
906#ifndef CONFIG_NF_NAT_NEEDED 901#ifndef CONFIG_NF_NAT_NEEDED
907 return -EINVAL; 902 return -EOPNOTSUPP;
908#else 903#else
909 struct nf_nat_range range; 904 struct nf_nat_range range;
910 905
@@ -945,7 +940,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[])
945 940
946 /* don't change helper of sibling connections */ 941 /* don't change helper of sibling connections */
947 if (ct->master) 942 if (ct->master)
948 return -EINVAL; 943 return -EBUSY;
949 944
950 err = ctnetlink_parse_help(cda[CTA_HELP], &helpname); 945 err = ctnetlink_parse_help(cda[CTA_HELP], &helpname);
951 if (err < 0) 946 if (err < 0)
@@ -963,7 +958,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[])
963 958
964 helper = __nf_conntrack_helper_find_byname(helpname); 959 helper = __nf_conntrack_helper_find_byname(helpname);
965 if (helper == NULL) 960 if (helper == NULL)
966 return -EINVAL; 961 return -EOPNOTSUPP;
967 962
968 if (help) { 963 if (help) {
969 if (help->helper == helper) 964 if (help->helper == helper)
@@ -973,7 +968,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[])
973 /* need to zero data of old helper */ 968 /* need to zero data of old helper */
974 memset(&help->help, 0, sizeof(help->help)); 969 memset(&help->help, 0, sizeof(help->help));
975 } else { 970 } else {
976 help = nf_ct_helper_ext_add(ct, GFP_KERNEL); 971 help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
977 if (help == NULL) 972 if (help == NULL)
978 return -ENOMEM; 973 return -ENOMEM;
979 } 974 }
@@ -1130,7 +1125,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1130 struct nf_conn_help *help; 1125 struct nf_conn_help *help;
1131 struct nf_conntrack_helper *helper; 1126 struct nf_conntrack_helper *helper;
1132 1127
1133 ct = nf_conntrack_alloc(otuple, rtuple); 1128 ct = nf_conntrack_alloc(otuple, rtuple, GFP_KERNEL);
1134 if (ct == NULL || IS_ERR(ct)) 1129 if (ct == NULL || IS_ERR(ct))
1135 return -ENOMEM; 1130 return -ENOMEM;
1136 1131
@@ -1141,36 +1136,42 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1141 ct->timeout.expires = jiffies + ct->timeout.expires * HZ; 1136 ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
1142 ct->status |= IPS_CONFIRMED; 1137 ct->status |= IPS_CONFIRMED;
1143 1138
1139 rcu_read_lock();
1140 helper = __nf_ct_helper_find(rtuple);
1141 if (helper) {
1142 help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
1143 if (help == NULL) {
1144 rcu_read_unlock();
1145 err = -ENOMEM;
1146 goto err;
1147 }
1148 /* not in hash table yet so not strictly necessary */
1149 rcu_assign_pointer(help->helper, helper);
1150 }
1151
1144 if (cda[CTA_STATUS]) { 1152 if (cda[CTA_STATUS]) {
1145 err = ctnetlink_change_status(ct, cda); 1153 err = ctnetlink_change_status(ct, cda);
1146 if (err < 0) 1154 if (err < 0) {
1155 rcu_read_unlock();
1147 goto err; 1156 goto err;
1157 }
1148 } 1158 }
1149 1159
1150 if (cda[CTA_PROTOINFO]) { 1160 if (cda[CTA_PROTOINFO]) {
1151 err = ctnetlink_change_protoinfo(ct, cda); 1161 err = ctnetlink_change_protoinfo(ct, cda);
1152 if (err < 0) 1162 if (err < 0) {
1163 rcu_read_unlock();
1153 goto err; 1164 goto err;
1165 }
1154 } 1166 }
1155 1167
1168 nf_ct_acct_ext_add(ct, GFP_KERNEL);
1169
1156#if defined(CONFIG_NF_CONNTRACK_MARK) 1170#if defined(CONFIG_NF_CONNTRACK_MARK)
1157 if (cda[CTA_MARK]) 1171 if (cda[CTA_MARK])
1158 ct->mark = ntohl(nla_get_be32(cda[CTA_MARK])); 1172 ct->mark = ntohl(nla_get_be32(cda[CTA_MARK]));
1159#endif 1173#endif
1160 1174
1161 rcu_read_lock();
1162 helper = __nf_ct_helper_find(rtuple);
1163 if (helper) {
1164 help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
1165 if (help == NULL) {
1166 rcu_read_unlock();
1167 err = -ENOMEM;
1168 goto err;
1169 }
1170 /* not in hash table yet so not strictly necessary */
1171 rcu_assign_pointer(help->helper, helper);
1172 }
1173
1174 /* setup master conntrack: this is a confirmed expectation */ 1175 /* setup master conntrack: this is a confirmed expectation */
1175 if (master_ct) { 1176 if (master_ct) {
1176 __set_bit(IPS_EXPECTED_BIT, &ct->status); 1177 __set_bit(IPS_EXPECTED_BIT, &ct->status);
@@ -1258,12 +1259,12 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1258 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) { 1259 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) {
1259 /* we only allow nat config for new conntracks */ 1260 /* we only allow nat config for new conntracks */
1260 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { 1261 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
1261 err = -EINVAL; 1262 err = -EOPNOTSUPP;
1262 goto out_unlock; 1263 goto out_unlock;
1263 } 1264 }
1264 /* can't link an existing conntrack to a master */ 1265 /* can't link an existing conntrack to a master */
1265 if (cda[CTA_TUPLE_MASTER]) { 1266 if (cda[CTA_TUPLE_MASTER]) {
1266 err = -EINVAL; 1267 err = -EOPNOTSUPP;
1267 goto out_unlock; 1268 goto out_unlock;
1268 } 1269 }
1269 err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h), 1270 err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h),
@@ -1608,7 +1609,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1608 h = __nf_conntrack_helper_find_byname(name); 1609 h = __nf_conntrack_helper_find_byname(name);
1609 if (!h) { 1610 if (!h) {
1610 spin_unlock_bh(&nf_conntrack_lock); 1611 spin_unlock_bh(&nf_conntrack_lock);
1611 return -EINVAL; 1612 return -EOPNOTSUPP;
1612 } 1613 }
1613 for (i = 0; i < nf_ct_expect_hsize; i++) { 1614 for (i = 0; i < nf_ct_expect_hsize; i++) {
1614 hlist_for_each_entry_safe(exp, n, next, 1615 hlist_for_each_entry_safe(exp, n, next,
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
index afb4a1861d2c..e7866dd3cde6 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -475,8 +475,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
475 if (type == DCCP_PKT_RESET && 475 if (type == DCCP_PKT_RESET &&
476 !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { 476 !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
477 /* Tear down connection immediately if only reply is a RESET */ 477 /* Tear down connection immediately if only reply is a RESET */
478 if (del_timer(&ct->timeout)) 478 nf_ct_kill_acct(ct, ctinfo, skb);
479 ct->timeout.function((unsigned long)ct);
480 return NF_ACCEPT; 479 return NF_ACCEPT;
481 } 480 }
482 481
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index cbf2e27a22b2..30aa5b94a771 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -463,6 +463,82 @@ static bool sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
463 return true; 463 return true;
464} 464}
465 465
466#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
467
468#include <linux/netfilter/nfnetlink.h>
469#include <linux/netfilter/nfnetlink_conntrack.h>
470
471static int sctp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
472 const struct nf_conn *ct)
473{
474 struct nlattr *nest_parms;
475
476 read_lock_bh(&sctp_lock);
477 nest_parms = nla_nest_start(skb, CTA_PROTOINFO_SCTP | NLA_F_NESTED);
478 if (!nest_parms)
479 goto nla_put_failure;
480
481 NLA_PUT_U8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state);
482
483 NLA_PUT_BE32(skb,
484 CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
485 ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL]);
486
487 NLA_PUT_BE32(skb,
488 CTA_PROTOINFO_SCTP_VTAG_REPLY,
489 ct->proto.sctp.vtag[IP_CT_DIR_REPLY]);
490
491 read_unlock_bh(&sctp_lock);
492
493 nla_nest_end(skb, nest_parms);
494
495 return 0;
496
497nla_put_failure:
498 read_unlock_bh(&sctp_lock);
499 return -1;
500}
501
502static const struct nla_policy sctp_nla_policy[CTA_PROTOINFO_SCTP_MAX+1] = {
503 [CTA_PROTOINFO_SCTP_STATE] = { .type = NLA_U8 },
504 [CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] = { .type = NLA_U32 },
505 [CTA_PROTOINFO_SCTP_VTAG_REPLY] = { .type = NLA_U32 },
506};
507
508static int nlattr_to_sctp(struct nlattr *cda[], struct nf_conn *ct)
509{
510 struct nlattr *attr = cda[CTA_PROTOINFO_SCTP];
511 struct nlattr *tb[CTA_PROTOINFO_SCTP_MAX+1];
512 int err;
513
514 /* updates may not contain the internal protocol info, skip parsing */
515 if (!attr)
516 return 0;
517
518 err = nla_parse_nested(tb,
519 CTA_PROTOINFO_SCTP_MAX,
520 attr,
521 sctp_nla_policy);
522 if (err < 0)
523 return err;
524
525 if (!tb[CTA_PROTOINFO_SCTP_STATE] ||
526 !tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] ||
527 !tb[CTA_PROTOINFO_SCTP_VTAG_REPLY])
528 return -EINVAL;
529
530 write_lock_bh(&sctp_lock);
531 ct->proto.sctp.state = nla_get_u8(tb[CTA_PROTOINFO_SCTP_STATE]);
532 ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] =
533 nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]);
534 ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
535 nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY]);
536 write_unlock_bh(&sctp_lock);
537
538 return 0;
539}
540#endif
541
466#ifdef CONFIG_SYSCTL 542#ifdef CONFIG_SYSCTL
467static unsigned int sctp_sysctl_table_users; 543static unsigned int sctp_sysctl_table_users;
468static struct ctl_table_header *sctp_sysctl_header; 544static struct ctl_table_header *sctp_sysctl_header;
@@ -591,6 +667,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
591 .new = sctp_new, 667 .new = sctp_new,
592 .me = THIS_MODULE, 668 .me = THIS_MODULE,
593#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) 669#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
670 .to_nlattr = sctp_to_nlattr,
671 .from_nlattr = nlattr_to_sctp,
594 .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, 672 .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
595 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 673 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
596 .nla_policy = nf_ct_port_nla_policy, 674 .nla_policy = nf_ct_port_nla_policy,
@@ -617,6 +695,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
617 .new = sctp_new, 695 .new = sctp_new,
618 .me = THIS_MODULE, 696 .me = THIS_MODULE,
619#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) 697#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
698 .to_nlattr = sctp_to_nlattr,
699 .from_nlattr = nlattr_to_sctp,
620 .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, 700 .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
621 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, 701 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
622 .nla_policy = nf_ct_port_nla_policy, 702 .nla_policy = nf_ct_port_nla_policy,
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index ba94004fe323..6f61261888ef 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -67,7 +67,8 @@ static const char *const tcp_conntrack_names[] = {
67/* RFC1122 says the R2 limit should be at least 100 seconds. 67/* RFC1122 says the R2 limit should be at least 100 seconds.
68 Linux uses 15 packets as limit, which corresponds 68 Linux uses 15 packets as limit, which corresponds
69 to ~13-30min depending on RTO. */ 69 to ~13-30min depending on RTO. */
70static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; 70static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
71static unsigned int nf_ct_tcp_timeout_unacknowledged __read_mostly = 5 MINS;
71 72
72static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = { 73static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = {
73 [TCP_CONNTRACK_SYN_SENT] = 2 MINS, 74 [TCP_CONNTRACK_SYN_SENT] = 2 MINS,
@@ -331,12 +332,13 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph)
331 332
332 I. Upper bound for valid data: seq <= sender.td_maxend 333 I. Upper bound for valid data: seq <= sender.td_maxend
333 II. Lower bound for valid data: seq + len >= sender.td_end - receiver.td_maxwin 334 II. Lower bound for valid data: seq + len >= sender.td_end - receiver.td_maxwin
334 III. Upper bound for valid ack: sack <= receiver.td_end 335 III. Upper bound for valid (s)ack: sack <= receiver.td_end
335 IV. Lower bound for valid ack: ack >= receiver.td_end - MAXACKWINDOW 336 IV. Lower bound for valid (s)ack: sack >= receiver.td_end - MAXACKWINDOW
336 337
337 where sack is the highest right edge of sack block found in the packet. 338 where sack is the highest right edge of sack block found in the packet
339 or ack in the case of packet without SACK option.
338 340
339 The upper bound limit for a valid ack is not ignored - 341 The upper bound limit for a valid (s)ack is not ignored -
340 we doesn't have to deal with fragments. 342 we doesn't have to deal with fragments.
341*/ 343*/
342 344
@@ -606,12 +608,12 @@ static bool tcp_in_window(const struct nf_conn *ct,
606 before(seq, sender->td_maxend + 1), 608 before(seq, sender->td_maxend + 1),
607 after(end, sender->td_end - receiver->td_maxwin - 1), 609 after(end, sender->td_end - receiver->td_maxwin - 1),
608 before(sack, receiver->td_end + 1), 610 before(sack, receiver->td_end + 1),
609 after(ack, receiver->td_end - MAXACKWINDOW(sender))); 611 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1));
610 612
611 if (before(seq, sender->td_maxend + 1) && 613 if (before(seq, sender->td_maxend + 1) &&
612 after(end, sender->td_end - receiver->td_maxwin - 1) && 614 after(end, sender->td_end - receiver->td_maxwin - 1) &&
613 before(sack, receiver->td_end + 1) && 615 before(sack, receiver->td_end + 1) &&
614 after(ack, receiver->td_end - MAXACKWINDOW(sender))) { 616 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) {
615 /* 617 /*
616 * Take into account window scaling (RFC 1323). 618 * Take into account window scaling (RFC 1323).
617 */ 619 */
@@ -624,8 +626,10 @@ static bool tcp_in_window(const struct nf_conn *ct,
624 swin = win + (sack - ack); 626 swin = win + (sack - ack);
625 if (sender->td_maxwin < swin) 627 if (sender->td_maxwin < swin)
626 sender->td_maxwin = swin; 628 sender->td_maxwin = swin;
627 if (after(end, sender->td_end)) 629 if (after(end, sender->td_end)) {
628 sender->td_end = end; 630 sender->td_end = end;
631 sender->flags |= IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED;
632 }
629 /* 633 /*
630 * Update receiver data. 634 * Update receiver data.
631 */ 635 */
@@ -636,6 +640,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
636 if (win == 0) 640 if (win == 0)
637 receiver->td_maxend++; 641 receiver->td_maxend++;
638 } 642 }
643 if (ack == receiver->td_end)
644 receiver->flags &= ~IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED;
639 645
640 /* 646 /*
641 * Check retransmissions. 647 * Check retransmissions.
@@ -843,9 +849,14 @@ static int tcp_packet(struct nf_conn *ct,
843 /* Attempt to reopen a closed/aborted connection. 849 /* Attempt to reopen a closed/aborted connection.
844 * Delete this connection and look up again. */ 850 * Delete this connection and look up again. */
845 write_unlock_bh(&tcp_lock); 851 write_unlock_bh(&tcp_lock);
846 if (del_timer(&ct->timeout)) 852
847 ct->timeout.function((unsigned long)ct); 853 /* Only repeat if we can actually remove the timer.
848 return -NF_REPEAT; 854 * Destruction may already be in progress in process
855 * context and we must give it a chance to terminate.
856 */
857 if (nf_ct_kill(ct))
858 return -NF_REPEAT;
859 return -NF_DROP;
849 } 860 }
850 /* Fall through */ 861 /* Fall through */
851 case TCP_CONNTRACK_IGNORE: 862 case TCP_CONNTRACK_IGNORE:
@@ -877,8 +888,7 @@ static int tcp_packet(struct nf_conn *ct,
877 if (LOG_INVALID(IPPROTO_TCP)) 888 if (LOG_INVALID(IPPROTO_TCP))
878 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 889 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
879 "nf_ct_tcp: killing out of sync session "); 890 "nf_ct_tcp: killing out of sync session ");
880 if (del_timer(&ct->timeout)) 891 nf_ct_kill(ct);
881 ct->timeout.function((unsigned long)ct);
882 return -NF_DROP; 892 return -NF_DROP;
883 } 893 }
884 ct->proto.tcp.last_index = index; 894 ct->proto.tcp.last_index = index;
@@ -946,9 +956,16 @@ static int tcp_packet(struct nf_conn *ct,
946 if (old_state != new_state 956 if (old_state != new_state
947 && new_state == TCP_CONNTRACK_FIN_WAIT) 957 && new_state == TCP_CONNTRACK_FIN_WAIT)
948 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; 958 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
949 timeout = ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans 959
950 && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans 960 if (ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans &&
951 ? nf_ct_tcp_timeout_max_retrans : tcp_timeouts[new_state]; 961 tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans)
962 timeout = nf_ct_tcp_timeout_max_retrans;
963 else if ((ct->proto.tcp.seen[0].flags | ct->proto.tcp.seen[1].flags) &
964 IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED &&
965 tcp_timeouts[new_state] > nf_ct_tcp_timeout_unacknowledged)
966 timeout = nf_ct_tcp_timeout_unacknowledged;
967 else
968 timeout = tcp_timeouts[new_state];
952 write_unlock_bh(&tcp_lock); 969 write_unlock_bh(&tcp_lock);
953 970
954 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); 971 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
@@ -961,8 +978,7 @@ static int tcp_packet(struct nf_conn *ct,
961 problem case, so we can delete the conntrack 978 problem case, so we can delete the conntrack
962 immediately. --RR */ 979 immediately. --RR */
963 if (th->rst) { 980 if (th->rst) {
964 if (del_timer(&ct->timeout)) 981 nf_ct_kill_acct(ct, ctinfo, skb);
965 ct->timeout.function((unsigned long)ct);
966 return NF_ACCEPT; 982 return NF_ACCEPT;
967 } 983 }
968 } else if (!test_bit(IPS_ASSURED_BIT, &ct->status) 984 } else if (!test_bit(IPS_ASSURED_BIT, &ct->status)
@@ -1232,6 +1248,13 @@ static struct ctl_table tcp_sysctl_table[] = {
1232 .proc_handler = &proc_dointvec_jiffies, 1248 .proc_handler = &proc_dointvec_jiffies,
1233 }, 1249 },
1234 { 1250 {
1251 .procname = "nf_conntrack_tcp_timeout_unacknowledged",
1252 .data = &nf_ct_tcp_timeout_unacknowledged,
1253 .maxlen = sizeof(unsigned int),
1254 .mode = 0644,
1255 .proc_handler = &proc_dointvec_jiffies,
1256 },
1257 {
1235 .ctl_name = NET_NF_CONNTRACK_TCP_LOOSE, 1258 .ctl_name = NET_NF_CONNTRACK_TCP_LOOSE,
1236 .procname = "nf_conntrack_tcp_loose", 1259 .procname = "nf_conntrack_tcp_loose",
1237 .data = &nf_ct_tcp_loose, 1260 .data = &nf_ct_tcp_loose,
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 46ea542d0df9..8509db14670b 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -25,6 +25,7 @@
25#include <net/netfilter/nf_conntrack_l4proto.h> 25#include <net/netfilter/nf_conntrack_l4proto.h>
26#include <net/netfilter/nf_conntrack_expect.h> 26#include <net/netfilter/nf_conntrack_expect.h>
27#include <net/netfilter/nf_conntrack_helper.h> 27#include <net/netfilter/nf_conntrack_helper.h>
28#include <net/netfilter/nf_conntrack_acct.h>
28 29
29MODULE_LICENSE("GPL"); 30MODULE_LICENSE("GPL");
30 31
@@ -38,19 +39,6 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
38} 39}
39EXPORT_SYMBOL_GPL(print_tuple); 40EXPORT_SYMBOL_GPL(print_tuple);
40 41
41#ifdef CONFIG_NF_CT_ACCT
42static unsigned int
43seq_print_counters(struct seq_file *s,
44 const struct ip_conntrack_counter *counter)
45{
46 return seq_printf(s, "packets=%llu bytes=%llu ",
47 (unsigned long long)counter->packets,
48 (unsigned long long)counter->bytes);
49}
50#else
51#define seq_print_counters(x, y) 0
52#endif
53
54struct ct_iter_state { 42struct ct_iter_state {
55 unsigned int bucket; 43 unsigned int bucket;
56}; 44};
@@ -146,7 +134,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
146 l3proto, l4proto)) 134 l3proto, l4proto))
147 return -ENOSPC; 135 return -ENOSPC;
148 136
149 if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL])) 137 if (seq_print_acct(s, ct, IP_CT_DIR_ORIGINAL))
150 return -ENOSPC; 138 return -ENOSPC;
151 139
152 if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status))) 140 if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status)))
@@ -157,7 +145,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
157 l3proto, l4proto)) 145 l3proto, l4proto))
158 return -ENOSPC; 146 return -ENOSPC;
159 147
160 if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY])) 148 if (seq_print_acct(s, ct, IP_CT_DIR_REPLY))
161 return -ENOSPC; 149 return -ENOSPC;
162 150
163 if (test_bit(IPS_ASSURED_BIT, &ct->status)) 151 if (test_bit(IPS_ASSURED_BIT, &ct->status))
@@ -336,6 +324,7 @@ static int log_invalid_proto_min = 0;
336static int log_invalid_proto_max = 255; 324static int log_invalid_proto_max = 255;
337 325
338static struct ctl_table_header *nf_ct_sysctl_header; 326static struct ctl_table_header *nf_ct_sysctl_header;
327static struct ctl_table_header *nf_ct_netfilter_header;
339 328
340static ctl_table nf_ct_sysctl_table[] = { 329static ctl_table nf_ct_sysctl_table[] = {
341 { 330 {
@@ -396,12 +385,6 @@ static ctl_table nf_ct_sysctl_table[] = {
396 385
397static ctl_table nf_ct_netfilter_table[] = { 386static ctl_table nf_ct_netfilter_table[] = {
398 { 387 {
399 .ctl_name = NET_NETFILTER,
400 .procname = "netfilter",
401 .mode = 0555,
402 .child = nf_ct_sysctl_table,
403 },
404 {
405 .ctl_name = NET_NF_CONNTRACK_MAX, 388 .ctl_name = NET_NF_CONNTRACK_MAX,
406 .procname = "nf_conntrack_max", 389 .procname = "nf_conntrack_max",
407 .data = &nf_conntrack_max, 390 .data = &nf_conntrack_max,
@@ -421,18 +404,29 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
421 404
422static int nf_conntrack_standalone_init_sysctl(void) 405static int nf_conntrack_standalone_init_sysctl(void)
423{ 406{
424 nf_ct_sysctl_header = 407 nf_ct_netfilter_header =
425 register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table); 408 register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table);
426 if (nf_ct_sysctl_header == NULL) { 409 if (!nf_ct_netfilter_header)
427 printk("nf_conntrack: can't register to sysctl.\n"); 410 goto out;
428 return -ENOMEM; 411
429 } 412 nf_ct_sysctl_header =
413 register_sysctl_paths(nf_net_netfilter_sysctl_path,
414 nf_ct_sysctl_table);
415 if (!nf_ct_sysctl_header)
416 goto out_unregister_netfilter;
417
430 return 0; 418 return 0;
431 419
420out_unregister_netfilter:
421 unregister_sysctl_table(nf_ct_netfilter_header);
422out:
423 printk("nf_conntrack: can't register to sysctl.\n");
424 return -ENOMEM;
432} 425}
433 426
434static void nf_conntrack_standalone_fini_sysctl(void) 427static void nf_conntrack_standalone_fini_sysctl(void)
435{ 428{
429 unregister_sysctl_table(nf_ct_netfilter_header);
436 unregister_sysctl_table(nf_ct_sysctl_header); 430 unregister_sysctl_table(nf_ct_sysctl_header);
437} 431}
438#else 432#else
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index bc11d7092032..9fda6ee95a31 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -92,10 +92,6 @@ void nf_log_packet(int pf,
92 vsnprintf(prefix, sizeof(prefix), fmt, args); 92 vsnprintf(prefix, sizeof(prefix), fmt, args);
93 va_end(args); 93 va_end(args);
94 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix); 94 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix);
95 } else if (net_ratelimit()) {
96 printk(KERN_WARNING "nf_log_packet: can\'t log since "
97 "no backend logging module loaded in! Please either "
98 "load one, or disable logging explicitly\n");
99 } 95 }
100 rcu_read_unlock(); 96 rcu_read_unlock();
101} 97}
diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c
index 69d699f95f4c..01489681fa96 100644
--- a/net/netfilter/nf_sockopt.c
+++ b/net/netfilter/nf_sockopt.c
@@ -65,7 +65,7 @@ static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, int pf,
65{ 65{
66 struct nf_sockopt_ops *ops; 66 struct nf_sockopt_ops *ops;
67 67
68 if (sock_net(sk) != &init_net) 68 if (!net_eq(sock_net(sk), &init_net))
69 return ERR_PTR(-ENOPROTOOPT); 69 return ERR_PTR(-ENOPROTOOPT);
70 70
71 if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0) 71 if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index b8173af8c24a..9a35b57ab76d 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -453,6 +453,14 @@ __build_packet_message(struct nfulnl_instance *inst,
453 } 453 }
454 } 454 }
455 455
456 if (indev && skb_mac_header_was_set(skb)) {
457 NLA_PUT_BE16(inst->skb, NFULA_HWTYPE, htons(skb->dev->type));
458 NLA_PUT_BE16(inst->skb, NFULA_HWLEN,
459 htons(skb->dev->hard_header_len));
460 NLA_PUT(inst->skb, NFULA_HWHEADER, skb->dev->hard_header_len,
461 skb_mac_header(skb));
462 }
463
456 if (skb->tstamp.tv64) { 464 if (skb->tstamp.tv64) {
457 struct nfulnl_msg_packet_timestamp ts; 465 struct nfulnl_msg_packet_timestamp ts;
458 struct timeval tv = ktime_to_timeval(skb->tstamp); 466 struct timeval tv = ktime_to_timeval(skb->tstamp);
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 3447025ce068..8c860112ce05 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -243,7 +243,6 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
243 switch ((enum nfqnl_config_mode)queue->copy_mode) { 243 switch ((enum nfqnl_config_mode)queue->copy_mode) {
244 case NFQNL_COPY_META: 244 case NFQNL_COPY_META:
245 case NFQNL_COPY_NONE: 245 case NFQNL_COPY_NONE:
246 data_len = 0;
247 break; 246 break;
248 247
249 case NFQNL_COPY_PACKET: 248 case NFQNL_COPY_PACKET:
@@ -556,7 +555,7 @@ nfqnl_rcv_dev_event(struct notifier_block *this,
556{ 555{
557 struct net_device *dev = ptr; 556 struct net_device *dev = ptr;
558 557
559 if (dev_net(dev) != &init_net) 558 if (!net_eq(dev_net(dev), &init_net))
560 return NOTIFY_DONE; 559 return NOTIFY_DONE;
561 560
562 /* Drop any packets associated with the downed device */ 561 /* Drop any packets associated with the downed device */
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 211189eb2b67..76ca1f2421eb 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -8,7 +8,7 @@
8 * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> 8 * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
9 * by Henrik Nordstrom <hno@marasystems.com> 9 * by Henrik Nordstrom <hno@marasystems.com>
10 * 10 *
11 * (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 11 * (C) 2006,2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
12 * 12 *
13 * This program is free software; you can redistribute it and/or modify 13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License version 2 as 14 * it under the terms of the GNU General Public License version 2 as
@@ -94,6 +94,12 @@ connsecmark_tg_check(const char *tablename, const void *entry,
94{ 94{
95 const struct xt_connsecmark_target_info *info = targinfo; 95 const struct xt_connsecmark_target_info *info = targinfo;
96 96
97 if (strcmp(tablename, "mangle") && strcmp(tablename, "security")) {
98 printk(KERN_INFO PFX "target only valid in the \'mangle\' "
99 "or \'security\' tables, not \'%s\'.\n", tablename);
100 return false;
101 }
102
97 switch (info->mode) { 103 switch (info->mode) {
98 case CONNSECMARK_SAVE: 104 case CONNSECMARK_SAVE:
99 case CONNSECMARK_RESTORE: 105 case CONNSECMARK_RESTORE:
@@ -126,7 +132,6 @@ static struct xt_target connsecmark_tg_reg[] __read_mostly = {
126 .destroy = connsecmark_tg_destroy, 132 .destroy = connsecmark_tg_destroy,
127 .target = connsecmark_tg, 133 .target = connsecmark_tg,
128 .targetsize = sizeof(struct xt_connsecmark_target_info), 134 .targetsize = sizeof(struct xt_connsecmark_target_info),
129 .table = "mangle",
130 .me = THIS_MODULE, 135 .me = THIS_MODULE,
131 }, 136 },
132 { 137 {
@@ -136,7 +141,6 @@ static struct xt_target connsecmark_tg_reg[] __read_mostly = {
136 .destroy = connsecmark_tg_destroy, 141 .destroy = connsecmark_tg_destroy,
137 .target = connsecmark_tg, 142 .target = connsecmark_tg,
138 .targetsize = sizeof(struct xt_connsecmark_target_info), 143 .targetsize = sizeof(struct xt_connsecmark_target_info),
139 .table = "mangle",
140 .me = THIS_MODULE, 144 .me = THIS_MODULE,
141 }, 145 },
142}; 146};
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index c0284856ccd4..94f87ee7552b 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -5,7 +5,7 @@
5 * Based on the nfmark match by: 5 * Based on the nfmark match by:
6 * (C) 1999-2001 Marc Boucher <marc@mbsi.ca> 6 * (C) 1999-2001 Marc Boucher <marc@mbsi.ca>
7 * 7 *
8 * (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> 8 * (C) 2006,2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
9 * 9 *
10 * This program is free software; you can redistribute it and/or modify 10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2 as 11 * it under the terms of the GNU General Public License version 2 as
@@ -89,6 +89,12 @@ secmark_tg_check(const char *tablename, const void *entry,
89{ 89{
90 struct xt_secmark_target_info *info = targinfo; 90 struct xt_secmark_target_info *info = targinfo;
91 91
92 if (strcmp(tablename, "mangle") && strcmp(tablename, "security")) {
93 printk(KERN_INFO PFX "target only valid in the \'mangle\' "
94 "or \'security\' tables, not \'%s\'.\n", tablename);
95 return false;
96 }
97
92 if (mode && mode != info->mode) { 98 if (mode && mode != info->mode) {
93 printk(KERN_INFO PFX "mode already set to %hu cannot mix with " 99 printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
94 "rules for mode %hu\n", mode, info->mode); 100 "rules for mode %hu\n", mode, info->mode);
@@ -127,7 +133,6 @@ static struct xt_target secmark_tg_reg[] __read_mostly = {
127 .destroy = secmark_tg_destroy, 133 .destroy = secmark_tg_destroy,
128 .target = secmark_tg, 134 .target = secmark_tg,
129 .targetsize = sizeof(struct xt_secmark_target_info), 135 .targetsize = sizeof(struct xt_secmark_target_info),
130 .table = "mangle",
131 .me = THIS_MODULE, 136 .me = THIS_MODULE,
132 }, 137 },
133 { 138 {
@@ -137,7 +142,6 @@ static struct xt_target secmark_tg_reg[] __read_mostly = {
137 .destroy = secmark_tg_destroy, 142 .destroy = secmark_tg_destroy,
138 .target = secmark_tg, 143 .target = secmark_tg,
139 .targetsize = sizeof(struct xt_secmark_target_info), 144 .targetsize = sizeof(struct xt_secmark_target_info),
140 .table = "mangle",
141 .me = THIS_MODULE, 145 .me = THIS_MODULE,
142 }, 146 },
143}; 147};
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 217e2b686322..beb5094703cb 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -147,17 +147,21 @@ tcpmss_mangle_packet(struct sk_buff *skb,
147 return TCPOLEN_MSS; 147 return TCPOLEN_MSS;
148} 148}
149 149
150static u_int32_t tcpmss_reverse_mtu4(const struct iphdr *iph) 150static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
151 unsigned int family)
151{ 152{
152 struct flowi fl = { 153 struct flowi fl = {};
153 .fl4_dst = iph->saddr,
154 };
155 const struct nf_afinfo *ai; 154 const struct nf_afinfo *ai;
156 struct rtable *rt = NULL; 155 struct rtable *rt = NULL;
157 u_int32_t mtu = ~0U; 156 u_int32_t mtu = ~0U;
158 157
158 if (family == PF_INET)
159 fl.fl4_dst = ip_hdr(skb)->saddr;
160 else
161 fl.fl6_dst = ipv6_hdr(skb)->saddr;
162
159 rcu_read_lock(); 163 rcu_read_lock();
160 ai = nf_get_afinfo(AF_INET); 164 ai = nf_get_afinfo(family);
161 if (ai != NULL) 165 if (ai != NULL)
162 ai->route((struct dst_entry **)&rt, &fl); 166 ai->route((struct dst_entry **)&rt, &fl);
163 rcu_read_unlock(); 167 rcu_read_unlock();
@@ -178,7 +182,8 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
178 __be16 newlen; 182 __be16 newlen;
179 int ret; 183 int ret;
180 184
181 ret = tcpmss_mangle_packet(skb, targinfo, tcpmss_reverse_mtu4(iph), 185 ret = tcpmss_mangle_packet(skb, targinfo,
186 tcpmss_reverse_mtu(skb, PF_INET),
182 iph->ihl * 4, 187 iph->ihl * 4,
183 sizeof(*iph) + sizeof(struct tcphdr)); 188 sizeof(*iph) + sizeof(struct tcphdr));
184 if (ret < 0) 189 if (ret < 0)
@@ -193,28 +198,6 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
193} 198}
194 199
195#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 200#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
196static u_int32_t tcpmss_reverse_mtu6(const struct ipv6hdr *iph)
197{
198 struct flowi fl = {
199 .fl6_dst = iph->saddr,
200 };
201 const struct nf_afinfo *ai;
202 struct rtable *rt = NULL;
203 u_int32_t mtu = ~0U;
204
205 rcu_read_lock();
206 ai = nf_get_afinfo(AF_INET6);
207 if (ai != NULL)
208 ai->route((struct dst_entry **)&rt, &fl);
209 rcu_read_unlock();
210
211 if (rt != NULL) {
212 mtu = dst_mtu(&rt->u.dst);
213 dst_release(&rt->u.dst);
214 }
215 return mtu;
216}
217
218static unsigned int 201static unsigned int
219tcpmss_tg6(struct sk_buff *skb, const struct net_device *in, 202tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
220 const struct net_device *out, unsigned int hooknum, 203 const struct net_device *out, unsigned int hooknum,
@@ -229,7 +212,8 @@ tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
229 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); 212 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
230 if (tcphoff < 0) 213 if (tcphoff < 0)
231 return NF_DROP; 214 return NF_DROP;
232 ret = tcpmss_mangle_packet(skb, targinfo, tcpmss_reverse_mtu6(ipv6h), 215 ret = tcpmss_mangle_packet(skb, targinfo,
216 tcpmss_reverse_mtu(skb, PF_INET6),
233 tcphoff, 217 tcphoff,
234 sizeof(*ipv6h) + sizeof(struct tcphdr)); 218 sizeof(*ipv6h) + sizeof(struct tcphdr));
235 if (ret < 0) 219 if (ret < 0)
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index d7e8983cd37f..3e39c4fe1931 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -8,6 +8,7 @@
8#include <linux/netfilter/x_tables.h> 8#include <linux/netfilter/x_tables.h>
9#include <linux/netfilter/xt_connbytes.h> 9#include <linux/netfilter/xt_connbytes.h>
10#include <net/netfilter/nf_conntrack.h> 10#include <net/netfilter/nf_conntrack.h>
11#include <net/netfilter/nf_conntrack_acct.h>
11 12
12MODULE_LICENSE("GPL"); 13MODULE_LICENSE("GPL");
13MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 14MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
@@ -27,12 +28,15 @@ connbytes_mt(const struct sk_buff *skb, const struct net_device *in,
27 u_int64_t what = 0; /* initialize to make gcc happy */ 28 u_int64_t what = 0; /* initialize to make gcc happy */
28 u_int64_t bytes = 0; 29 u_int64_t bytes = 0;
29 u_int64_t pkts = 0; 30 u_int64_t pkts = 0;
30 const struct ip_conntrack_counter *counters; 31 const struct nf_conn_counter *counters;
31 32
32 ct = nf_ct_get(skb, &ctinfo); 33 ct = nf_ct_get(skb, &ctinfo);
33 if (!ct) 34 if (!ct)
34 return false; 35 return false;
35 counters = ct->counters; 36
37 counters = nf_conn_acct_find(ct);
38 if (!counters)
39 return false;
36 40
37 switch (sinfo->what) { 41 switch (sinfo->what) {
38 case XT_CONNBYTES_PKTS: 42 case XT_CONNBYTES_PKTS:
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 2e89a00df92c..70907f6baac3 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -73,7 +73,8 @@ connlimit_iphash6(const union nf_inet_addr *addr,
73static inline bool already_closed(const struct nf_conn *conn) 73static inline bool already_closed(const struct nf_conn *conn)
74{ 74{
75 if (nf_ct_protonum(conn) == IPPROTO_TCP) 75 if (nf_ct_protonum(conn) == IPPROTO_TCP)
76 return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT; 76 return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT ||
77 conn->proto.tcp.state == TCP_CONNTRACK_CLOSE;
77 else 78 else
78 return 0; 79 return 0;
79} 80}
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 6809af542a2c..d9418a267812 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -367,9 +367,7 @@ static void htable_gc(unsigned long htlong)
367 367
368static void htable_destroy(struct xt_hashlimit_htable *hinfo) 368static void htable_destroy(struct xt_hashlimit_htable *hinfo)
369{ 369{
370 /* remove timer, if it is pending */ 370 del_timer_sync(&hinfo->timer);
371 if (timer_pending(&hinfo->timer))
372 del_timer(&hinfo->timer);
373 371
374 /* remove proc entry */ 372 /* remove proc entry */
375 remove_proc_entry(hinfo->pde->name, 373 remove_proc_entry(hinfo->pde->name,
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 72f694d947f4..4903182a062b 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -29,12 +29,16 @@ string_mt(const struct sk_buff *skb, const struct net_device *in,
29{ 29{
30 const struct xt_string_info *conf = matchinfo; 30 const struct xt_string_info *conf = matchinfo;
31 struct ts_state state; 31 struct ts_state state;
32 int invert;
32 33
33 memset(&state, 0, sizeof(struct ts_state)); 34 memset(&state, 0, sizeof(struct ts_state));
34 35
36 invert = (match->revision == 0 ? conf->u.v0.invert :
37 conf->u.v1.flags & XT_STRING_FLAG_INVERT);
38
35 return (skb_find_text((struct sk_buff *)skb, conf->from_offset, 39 return (skb_find_text((struct sk_buff *)skb, conf->from_offset,
36 conf->to_offset, conf->config, &state) 40 conf->to_offset, conf->config, &state)
37 != UINT_MAX) ^ conf->invert; 41 != UINT_MAX) ^ invert;
38} 42}
39 43
40#define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m)) 44#define STRING_TEXT_PRIV(m) ((struct xt_string_info *)(m))
@@ -46,6 +50,7 @@ string_mt_check(const char *tablename, const void *ip,
46{ 50{
47 struct xt_string_info *conf = matchinfo; 51 struct xt_string_info *conf = matchinfo;
48 struct ts_config *ts_conf; 52 struct ts_config *ts_conf;
53 int flags = TS_AUTOLOAD;
49 54
50 /* Damn, can't handle this case properly with iptables... */ 55 /* Damn, can't handle this case properly with iptables... */
51 if (conf->from_offset > conf->to_offset) 56 if (conf->from_offset > conf->to_offset)
@@ -54,8 +59,15 @@ string_mt_check(const char *tablename, const void *ip,
54 return false; 59 return false;
55 if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE) 60 if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
56 return false; 61 return false;
62 if (match->revision == 1) {
63 if (conf->u.v1.flags &
64 ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT))
65 return false;
66 if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
67 flags |= TS_IGNORECASE;
68 }
57 ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen, 69 ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
58 GFP_KERNEL, TS_AUTOLOAD); 70 GFP_KERNEL, flags);
59 if (IS_ERR(ts_conf)) 71 if (IS_ERR(ts_conf))
60 return false; 72 return false;
61 73
@@ -72,6 +84,17 @@ static void string_mt_destroy(const struct xt_match *match, void *matchinfo)
72static struct xt_match string_mt_reg[] __read_mostly = { 84static struct xt_match string_mt_reg[] __read_mostly = {
73 { 85 {
74 .name = "string", 86 .name = "string",
87 .revision = 0,
88 .family = AF_INET,
89 .checkentry = string_mt_check,
90 .match = string_mt,
91 .destroy = string_mt_destroy,
92 .matchsize = sizeof(struct xt_string_info),
93 .me = THIS_MODULE
94 },
95 {
96 .name = "string",
97 .revision = 1,
75 .family = AF_INET, 98 .family = AF_INET,
76 .checkentry = string_mt_check, 99 .checkentry = string_mt_check,
77 .match = string_mt, 100 .match = string_mt,
@@ -81,6 +104,17 @@ static struct xt_match string_mt_reg[] __read_mostly = {
81 }, 104 },
82 { 105 {
83 .name = "string", 106 .name = "string",
107 .revision = 0,
108 .family = AF_INET6,
109 .checkentry = string_mt_check,
110 .match = string_mt,
111 .destroy = string_mt_destroy,
112 .matchsize = sizeof(struct xt_string_info),
113 .me = THIS_MODULE
114 },
115 {
116 .name = "string",
117 .revision = 1,
84 .family = AF_INET6, 118 .family = AF_INET6,
85 .checkentry = string_mt_check, 119 .checkentry = string_mt_check,
86 .match = string_mt, 120 .match = string_mt,
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index ed76baab4734..9f328593287e 100644
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -173,7 +173,7 @@ time_mt(const struct sk_buff *skb, const struct net_device *in,
173 __net_timestamp((struct sk_buff *)skb); 173 __net_timestamp((struct sk_buff *)skb);
174 174
175 stamp = ktime_to_ns(skb->tstamp); 175 stamp = ktime_to_ns(skb->tstamp);
176 do_div(stamp, NSEC_PER_SEC); 176 stamp = div_s64(stamp, NSEC_PER_SEC);
177 177
178 if (info->flags & XT_TIME_LOCAL_TZ) 178 if (info->flags & XT_TIME_LOCAL_TZ)
179 /* Adjust for local timezone */ 179 /* Adjust for local timezone */
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index fdc14a0d21af..0aec318bf0ef 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -584,19 +584,14 @@ list_start:
584 rcu_read_unlock(); 584 rcu_read_unlock();
585 585
586 genlmsg_end(ans_skb, data); 586 genlmsg_end(ans_skb, data);
587 587 return genlmsg_reply(ans_skb, info);
588 ret_val = genlmsg_reply(ans_skb, info);
589 if (ret_val != 0)
590 goto list_failure;
591
592 return 0;
593 588
594list_retry: 589list_retry:
595 /* XXX - this limit is a guesstimate */ 590 /* XXX - this limit is a guesstimate */
596 if (nlsze_mult < 4) { 591 if (nlsze_mult < 4) {
597 rcu_read_unlock(); 592 rcu_read_unlock();
598 kfree_skb(ans_skb); 593 kfree_skb(ans_skb);
599 nlsze_mult++; 594 nlsze_mult *= 2;
600 goto list_start; 595 goto list_start;
601 } 596 }
602list_failure_lock: 597list_failure_lock:
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index 02c2f7c0b255..643c032a3a57 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -30,8 +30,7 @@
30 */ 30 */
31 31
32#include <linux/types.h> 32#include <linux/types.h>
33#include <linux/rcupdate.h> 33#include <linux/rculist.h>
34#include <linux/list.h>
35#include <linux/skbuff.h> 34#include <linux/skbuff.h>
36#include <linux/spinlock.h> 35#include <linux/spinlock.h>
37#include <linux/string.h> 36#include <linux/string.h>
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index 22c191267808..44be5d5261f4 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -386,11 +386,7 @@ static int netlbl_mgmt_listdef(struct sk_buff *skb, struct genl_info *info)
386 rcu_read_unlock(); 386 rcu_read_unlock();
387 387
388 genlmsg_end(ans_skb, data); 388 genlmsg_end(ans_skb, data);
389 389 return genlmsg_reply(ans_skb, info);
390 ret_val = genlmsg_reply(ans_skb, info);
391 if (ret_val != 0)
392 goto listdef_failure;
393 return 0;
394 390
395listdef_failure_lock: 391listdef_failure_lock:
396 rcu_read_unlock(); 392 rcu_read_unlock();
@@ -501,11 +497,7 @@ static int netlbl_mgmt_version(struct sk_buff *skb, struct genl_info *info)
501 goto version_failure; 497 goto version_failure;
502 498
503 genlmsg_end(ans_skb, data); 499 genlmsg_end(ans_skb, data);
504 500 return genlmsg_reply(ans_skb, info);
505 ret_val = genlmsg_reply(ans_skb, info);
506 if (ret_val != 0)
507 goto version_failure;
508 return 0;
509 501
510version_failure: 502version_failure:
511 kfree_skb(ans_skb); 503 kfree_skb(ans_skb);
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 0099da5b2591..921c118ead89 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -954,7 +954,7 @@ static int netlbl_unlhsh_netdev_handler(struct notifier_block *this,
954 struct net_device *dev = ptr; 954 struct net_device *dev = ptr;
955 struct netlbl_unlhsh_iface *iface = NULL; 955 struct netlbl_unlhsh_iface *iface = NULL;
956 956
957 if (dev_net(dev) != &init_net) 957 if (!net_eq(dev_net(dev), &init_net))
958 return NOTIFY_DONE; 958 return NOTIFY_DONE;
959 959
960 /* XXX - should this be a check for NETDEV_DOWN or _UNREGISTER? */ 960 /* XXX - should this be a check for NETDEV_DOWN or _UNREGISTER? */
@@ -1107,11 +1107,7 @@ static int netlbl_unlabel_list(struct sk_buff *skb, struct genl_info *info)
1107 goto list_failure; 1107 goto list_failure;
1108 1108
1109 genlmsg_end(ans_skb, data); 1109 genlmsg_end(ans_skb, data);
1110 1110 return genlmsg_reply(ans_skb, info);
1111 ret_val = genlmsg_reply(ans_skb, info);
1112 if (ret_val != 0)
1113 goto list_failure;
1114 return 0;
1115 1111
1116list_failure: 1112list_failure:
1117 kfree_skb(ans_skb); 1113 kfree_skb(ans_skb);
@@ -1534,7 +1530,7 @@ static int netlbl_unlabel_staticlistdef(struct sk_buff *skb,
1534 } 1530 }
1535 } 1531 }
1536 list_for_each_entry_rcu(addr6, &iface->addr6_list, list) { 1532 list_for_each_entry_rcu(addr6, &iface->addr6_list, list) {
1537 if (addr6->valid || iter_addr6++ < skip_addr6) 1533 if (!addr6->valid || iter_addr6++ < skip_addr6)
1538 continue; 1534 continue;
1539 if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF, 1535 if (netlbl_unlabel_staticlist_gen(NLBL_UNLABEL_C_STATICLISTDEF,
1540 iface, 1536 iface,
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 9b97f8006c9c..b0eacc0007cc 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -158,9 +158,10 @@ static void netlink_sock_destruct(struct sock *sk)
158 printk(KERN_ERR "Freeing alive netlink socket %p\n", sk); 158 printk(KERN_ERR "Freeing alive netlink socket %p\n", sk);
159 return; 159 return;
160 } 160 }
161 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 161
162 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 162 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
163 BUG_TRAP(!nlk_sk(sk)->groups); 163 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
164 WARN_ON(nlk_sk(sk)->groups);
164} 165}
165 166
166/* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on 167/* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on
@@ -759,7 +760,7 @@ struct sock *netlink_getsockbyfilp(struct file *filp)
759 * 0: continue 760 * 0: continue
760 * 1: repeat lookup - reference dropped while waiting for socket memory. 761 * 1: repeat lookup - reference dropped while waiting for socket memory.
761 */ 762 */
762int netlink_attachskb(struct sock *sk, struct sk_buff *skb, int nonblock, 763int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
763 long *timeo, struct sock *ssk) 764 long *timeo, struct sock *ssk)
764{ 765{
765 struct netlink_sock *nlk; 766 struct netlink_sock *nlk;
@@ -886,13 +887,13 @@ retry:
886 return netlink_unicast_kernel(sk, skb); 887 return netlink_unicast_kernel(sk, skb);
887 888
888 if (sk_filter(sk, skb)) { 889 if (sk_filter(sk, skb)) {
889 int err = skb->len; 890 err = skb->len;
890 kfree_skb(skb); 891 kfree_skb(skb);
891 sock_put(sk); 892 sock_put(sk);
892 return err; 893 return err;
893 } 894 }
894 895
895 err = netlink_attachskb(sk, skb, nonblock, &timeo, ssk); 896 err = netlink_attachskb(sk, skb, &timeo, ssk);
896 if (err == 1) 897 if (err == 1)
897 goto retry; 898 goto retry;
898 if (err) 899 if (err)
diff --git a/net/netlink/attr.c b/net/netlink/attr.c
index feb326f4a752..2d106cfe1d27 100644
--- a/net/netlink/attr.c
+++ b/net/netlink/attr.c
@@ -132,6 +132,7 @@ errout:
132 * @maxtype: maximum attribute type to be expected 132 * @maxtype: maximum attribute type to be expected
133 * @head: head of attribute stream 133 * @head: head of attribute stream
134 * @len: length of attribute stream 134 * @len: length of attribute stream
135 * @policy: validation policy
135 * 136 *
136 * Parses a stream of attributes and stores a pointer to each attribute in 137 * Parses a stream of attributes and stores a pointer to each attribute in
137 * the tb array accessable via the attribute type. Attributes with a type 138 * the tb array accessable via the attribute type. Attributes with a type
@@ -194,7 +195,7 @@ struct nlattr *nla_find(struct nlattr *head, int len, int attrtype)
194/** 195/**
195 * nla_strlcpy - Copy string attribute payload into a sized buffer 196 * nla_strlcpy - Copy string attribute payload into a sized buffer
196 * @dst: where to copy the string to 197 * @dst: where to copy the string to
197 * @src: attribute to copy the string from 198 * @nla: attribute to copy the string from
198 * @dstsize: size of destination buffer 199 * @dstsize: size of destination buffer
199 * 200 *
200 * Copies at most dstsize - 1 bytes into the destination buffer. 201 * Copies at most dstsize - 1 bytes into the destination buffer.
@@ -340,9 +341,9 @@ struct nlattr *nla_reserve(struct sk_buff *skb, int attrtype, int attrlen)
340} 341}
341 342
342/** 343/**
343 * nla_reserve - reserve room for attribute without header 344 * nla_reserve_nohdr - reserve room for attribute without header
344 * @skb: socket buffer to reserve room on 345 * @skb: socket buffer to reserve room on
345 * @len: length of attribute payload 346 * @attrlen: length of attribute payload
346 * 347 *
347 * Reserves room for attribute payload without a header. 348 * Reserves room for attribute payload without a header.
348 * 349 *
@@ -400,13 +401,13 @@ void __nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
400 * @attrlen: length of attribute payload 401 * @attrlen: length of attribute payload
401 * @data: head of attribute payload 402 * @data: head of attribute payload
402 * 403 *
403 * Returns -1 if the tailroom of the skb is insufficient to store 404 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
404 * the attribute header and payload. 405 * the attribute header and payload.
405 */ 406 */
406int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data) 407int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
407{ 408{
408 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen))) 409 if (unlikely(skb_tailroom(skb) < nla_total_size(attrlen)))
409 return -1; 410 return -EMSGSIZE;
410 411
411 __nla_put(skb, attrtype, attrlen, data); 412 __nla_put(skb, attrtype, attrlen, data);
412 return 0; 413 return 0;
@@ -418,13 +419,13 @@ int nla_put(struct sk_buff *skb, int attrtype, int attrlen, const void *data)
418 * @attrlen: length of attribute payload 419 * @attrlen: length of attribute payload
419 * @data: head of attribute payload 420 * @data: head of attribute payload
420 * 421 *
421 * Returns -1 if the tailroom of the skb is insufficient to store 422 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
422 * the attribute payload. 423 * the attribute payload.
423 */ 424 */
424int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data) 425int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
425{ 426{
426 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 427 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
427 return -1; 428 return -EMSGSIZE;
428 429
429 __nla_put_nohdr(skb, attrlen, data); 430 __nla_put_nohdr(skb, attrlen, data);
430 return 0; 431 return 0;
@@ -436,13 +437,13 @@ int nla_put_nohdr(struct sk_buff *skb, int attrlen, const void *data)
436 * @attrlen: length of attribute payload 437 * @attrlen: length of attribute payload
437 * @data: head of attribute payload 438 * @data: head of attribute payload
438 * 439 *
439 * Returns -1 if the tailroom of the skb is insufficient to store 440 * Returns -EMSGSIZE if the tailroom of the skb is insufficient to store
440 * the attribute payload. 441 * the attribute payload.
441 */ 442 */
442int nla_append(struct sk_buff *skb, int attrlen, const void *data) 443int nla_append(struct sk_buff *skb, int attrlen, const void *data)
443{ 444{
444 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen))) 445 if (unlikely(skb_tailroom(skb) < NLA_ALIGN(attrlen)))
445 return -1; 446 return -EMSGSIZE;
446 447
447 memcpy(skb_put(skb, attrlen), data, attrlen); 448 memcpy(skb_put(skb, attrlen), data, attrlen);
448 return 0; 449 return 0;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index d16929c9b4bc..3e1191cecaf0 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -444,8 +444,11 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
444 if (ops->dumpit == NULL) 444 if (ops->dumpit == NULL)
445 return -EOPNOTSUPP; 445 return -EOPNOTSUPP;
446 446
447 return netlink_dump_start(genl_sock, skb, nlh, 447 genl_unlock();
448 ops->dumpit, ops->done); 448 err = netlink_dump_start(genl_sock, skb, nlh,
449 ops->dumpit, ops->done);
450 genl_lock();
451 return err;
449 } 452 }
450 453
451 if (ops->doit == NULL) 454 if (ops->doit == NULL)
@@ -554,7 +557,8 @@ static int ctrl_fill_info(struct genl_family *family, u32 pid, u32 seq,
554 return genlmsg_end(skb, hdr); 557 return genlmsg_end(skb, hdr);
555 558
556nla_put_failure: 559nla_put_failure:
557 return genlmsg_cancel(skb, hdr); 560 genlmsg_cancel(skb, hdr);
561 return -EMSGSIZE;
558} 562}
559 563
560static int ctrl_fill_mcgrp_info(struct genl_multicast_group *grp, u32 pid, 564static int ctrl_fill_mcgrp_info(struct genl_multicast_group *grp, u32 pid,
@@ -590,7 +594,8 @@ static int ctrl_fill_mcgrp_info(struct genl_multicast_group *grp, u32 pid,
590 return genlmsg_end(skb, hdr); 594 return genlmsg_end(skb, hdr);
591 595
592nla_put_failure: 596nla_put_failure:
593 return genlmsg_cancel(skb, hdr); 597 genlmsg_cancel(skb, hdr);
598 return -EMSGSIZE;
594} 599}
595 600
596static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb) 601static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
@@ -601,9 +606,6 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
601 int chains_to_skip = cb->args[0]; 606 int chains_to_skip = cb->args[0];
602 int fams_to_skip = cb->args[1]; 607 int fams_to_skip = cb->args[1];
603 608
604 if (chains_to_skip != 0)
605 genl_lock();
606
607 for (i = 0; i < GENL_FAM_TAB_SIZE; i++) { 609 for (i = 0; i < GENL_FAM_TAB_SIZE; i++) {
608 if (i < chains_to_skip) 610 if (i < chains_to_skip)
609 continue; 611 continue;
@@ -621,9 +623,6 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
621 } 623 }
622 624
623errout: 625errout:
624 if (chains_to_skip != 0)
625 genl_unlock();
626
627 cb->args[0] = i; 626 cb->args[0] = i;
628 cb->args[1] = n; 627 cb->args[1] = n;
629 628
@@ -768,7 +767,7 @@ static int __init genl_init(void)
768 767
769 /* we'll bump the group number right afterwards */ 768 /* we'll bump the group number right afterwards */
770 genl_sock = netlink_kernel_create(&init_net, NETLINK_GENERIC, 0, 769 genl_sock = netlink_kernel_create(&init_net, NETLINK_GENERIC, 0,
771 genl_rcv, NULL, THIS_MODULE); 770 genl_rcv, &genl_mutex, THIS_MODULE);
772 if (genl_sock == NULL) 771 if (genl_sock == NULL)
773 panic("GENL: Cannot initialize generic netlink\n"); 772 panic("GENL: Cannot initialize generic netlink\n");
774 773
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 4bae8b998cab..532e4faa29f7 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -73,6 +73,20 @@ static const struct proto_ops nr_proto_ops;
73 * separate class since they always nest. 73 * separate class since they always nest.
74 */ 74 */
75static struct lock_class_key nr_netdev_xmit_lock_key; 75static struct lock_class_key nr_netdev_xmit_lock_key;
76static struct lock_class_key nr_netdev_addr_lock_key;
77
78static void nr_set_lockdep_one(struct net_device *dev,
79 struct netdev_queue *txq,
80 void *_unused)
81{
82 lockdep_set_class(&txq->_xmit_lock, &nr_netdev_xmit_lock_key);
83}
84
85static void nr_set_lockdep_key(struct net_device *dev)
86{
87 lockdep_set_class(&dev->addr_list_lock, &nr_netdev_addr_lock_key);
88 netdev_for_each_tx_queue(dev, nr_set_lockdep_one, NULL);
89}
76 90
77/* 91/*
78 * Socket removal during an interrupt is now safe. 92 * Socket removal during an interrupt is now safe.
@@ -106,7 +120,7 @@ static int nr_device_event(struct notifier_block *this, unsigned long event, voi
106{ 120{
107 struct net_device *dev = (struct net_device *)ptr; 121 struct net_device *dev = (struct net_device *)ptr;
108 122
109 if (dev_net(dev) != &init_net) 123 if (!net_eq(dev_net(dev), &init_net))
110 return NOTIFY_DONE; 124 return NOTIFY_DONE;
111 125
112 if (event != NETDEV_DOWN) 126 if (event != NETDEV_DOWN)
@@ -475,13 +489,11 @@ static struct sock *nr_make_new(struct sock *osk)
475 sock_init_data(NULL, sk); 489 sock_init_data(NULL, sk);
476 490
477 sk->sk_type = osk->sk_type; 491 sk->sk_type = osk->sk_type;
478 sk->sk_socket = osk->sk_socket;
479 sk->sk_priority = osk->sk_priority; 492 sk->sk_priority = osk->sk_priority;
480 sk->sk_protocol = osk->sk_protocol; 493 sk->sk_protocol = osk->sk_protocol;
481 sk->sk_rcvbuf = osk->sk_rcvbuf; 494 sk->sk_rcvbuf = osk->sk_rcvbuf;
482 sk->sk_sndbuf = osk->sk_sndbuf; 495 sk->sk_sndbuf = osk->sk_sndbuf;
483 sk->sk_state = TCP_ESTABLISHED; 496 sk->sk_state = TCP_ESTABLISHED;
484 sk->sk_sleep = osk->sk_sleep;
485 sock_copy_flags(sk, osk); 497 sock_copy_flags(sk, osk);
486 498
487 skb_queue_head_init(&nr->ack_queue); 499 skb_queue_head_init(&nr->ack_queue);
@@ -538,11 +550,9 @@ static int nr_release(struct socket *sock)
538 sk->sk_state_change(sk); 550 sk->sk_state_change(sk);
539 sock_orphan(sk); 551 sock_orphan(sk);
540 sock_set_flag(sk, SOCK_DESTROY); 552 sock_set_flag(sk, SOCK_DESTROY);
541 sk->sk_socket = NULL;
542 break; 553 break;
543 554
544 default: 555 default:
545 sk->sk_socket = NULL;
546 break; 556 break;
547 } 557 }
548 558
@@ -810,13 +820,11 @@ static int nr_accept(struct socket *sock, struct socket *newsock, int flags)
810 goto out_release; 820 goto out_release;
811 821
812 newsk = skb->sk; 822 newsk = skb->sk;
813 newsk->sk_socket = newsock; 823 sock_graft(newsk, newsock);
814 newsk->sk_sleep = &newsock->wait;
815 824
816 /* Now attach up the new socket */ 825 /* Now attach up the new socket */
817 kfree_skb(skb); 826 kfree_skb(skb);
818 sk_acceptq_removed(sk); 827 sk_acceptq_removed(sk);
819 newsock->sk = newsk;
820 828
821out_release: 829out_release:
822 release_sock(sk); 830 release_sock(sk);
@@ -1436,7 +1444,7 @@ static int __init nr_proto_init(void)
1436 free_netdev(dev); 1444 free_netdev(dev);
1437 goto fail; 1445 goto fail;
1438 } 1446 }
1439 lockdep_set_class(&dev->_xmit_lock, &nr_netdev_xmit_lock_key); 1447 nr_set_lockdep_key(dev);
1440 dev_nr[i] = dev; 1448 dev_nr[i] = dev;
1441 } 1449 }
1442 1450
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 2cee87da4441..c718e7e3f7de 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -5,8 +5,6 @@
5 * 5 *
6 * PACKET - implements raw packet sockets. 6 * PACKET - implements raw packet sockets.
7 * 7 *
8 * Version: $Id: af_packet.c,v 1.61 2002/02/08 03:57:19 davem Exp $
9 *
10 * Authors: Ross Biro 8 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Alan Cox, <gw4pts@gw4pts.ampr.org> 10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
@@ -188,6 +186,9 @@ struct packet_sock {
188 unsigned int pg_vec_order; 186 unsigned int pg_vec_order;
189 unsigned int pg_vec_pages; 187 unsigned int pg_vec_pages;
190 unsigned int pg_vec_len; 188 unsigned int pg_vec_len;
189 enum tpacket_versions tp_version;
190 unsigned int tp_hdrlen;
191 unsigned int tp_reserve;
191#endif 192#endif
192}; 193};
193 194
@@ -203,14 +204,52 @@ struct packet_skb_cb {
203 204
204#ifdef CONFIG_PACKET_MMAP 205#ifdef CONFIG_PACKET_MMAP
205 206
206static inline struct tpacket_hdr *packet_lookup_frame(struct packet_sock *po, unsigned int position) 207static void *packet_lookup_frame(struct packet_sock *po, unsigned int position,
208 int status)
207{ 209{
208 unsigned int pg_vec_pos, frame_offset; 210 unsigned int pg_vec_pos, frame_offset;
211 union {
212 struct tpacket_hdr *h1;
213 struct tpacket2_hdr *h2;
214 void *raw;
215 } h;
209 216
210 pg_vec_pos = position / po->frames_per_block; 217 pg_vec_pos = position / po->frames_per_block;
211 frame_offset = position % po->frames_per_block; 218 frame_offset = position % po->frames_per_block;
212 219
213 return (struct tpacket_hdr *)(po->pg_vec[pg_vec_pos] + (frame_offset * po->frame_size)); 220 h.raw = po->pg_vec[pg_vec_pos] + (frame_offset * po->frame_size);
221 switch (po->tp_version) {
222 case TPACKET_V1:
223 if (status != h.h1->tp_status ? TP_STATUS_USER :
224 TP_STATUS_KERNEL)
225 return NULL;
226 break;
227 case TPACKET_V2:
228 if (status != h.h2->tp_status ? TP_STATUS_USER :
229 TP_STATUS_KERNEL)
230 return NULL;
231 break;
232 }
233 return h.raw;
234}
235
236static void __packet_set_status(struct packet_sock *po, void *frame, int status)
237{
238 union {
239 struct tpacket_hdr *h1;
240 struct tpacket2_hdr *h2;
241 void *raw;
242 } h;
243
244 h.raw = frame;
245 switch (po->tp_version) {
246 case TPACKET_V1:
247 h.h1->tp_status = status;
248 break;
249 case TPACKET_V2:
250 h.h2->tp_status = status;
251 break;
252 }
214} 253}
215#endif 254#endif
216 255
@@ -221,8 +260,8 @@ static inline struct packet_sock *pkt_sk(struct sock *sk)
221 260
222static void packet_sock_destruct(struct sock *sk) 261static void packet_sock_destruct(struct sock *sk)
223{ 262{
224 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 263 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
225 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 264 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
226 265
227 if (!sock_flag(sk, SOCK_DEAD)) { 266 if (!sock_flag(sk, SOCK_DEAD)) {
228 printk("Attempt to release alive packet socket: %p\n", sk); 267 printk("Attempt to release alive packet socket: %p\n", sk);
@@ -553,14 +592,19 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
553 struct sock *sk; 592 struct sock *sk;
554 struct packet_sock *po; 593 struct packet_sock *po;
555 struct sockaddr_ll *sll; 594 struct sockaddr_ll *sll;
556 struct tpacket_hdr *h; 595 union {
596 struct tpacket_hdr *h1;
597 struct tpacket2_hdr *h2;
598 void *raw;
599 } h;
557 u8 * skb_head = skb->data; 600 u8 * skb_head = skb->data;
558 int skb_len = skb->len; 601 int skb_len = skb->len;
559 unsigned int snaplen, res; 602 unsigned int snaplen, res;
560 unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER; 603 unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER;
561 unsigned short macoff, netoff; 604 unsigned short macoff, netoff, hdrlen;
562 struct sk_buff *copy_skb = NULL; 605 struct sk_buff *copy_skb = NULL;
563 struct timeval tv; 606 struct timeval tv;
607 struct timespec ts;
564 608
565 if (skb->pkt_type == PACKET_LOOPBACK) 609 if (skb->pkt_type == PACKET_LOOPBACK)
566 goto drop; 610 goto drop;
@@ -592,10 +636,13 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
592 snaplen = res; 636 snaplen = res;
593 637
594 if (sk->sk_type == SOCK_DGRAM) { 638 if (sk->sk_type == SOCK_DGRAM) {
595 macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16; 639 macoff = netoff = TPACKET_ALIGN(po->tp_hdrlen) + 16 +
640 po->tp_reserve;
596 } else { 641 } else {
597 unsigned maclen = skb_network_offset(skb); 642 unsigned maclen = skb_network_offset(skb);
598 netoff = TPACKET_ALIGN(TPACKET_HDRLEN + (maclen < 16 ? 16 : maclen)); 643 netoff = TPACKET_ALIGN(po->tp_hdrlen +
644 (maclen < 16 ? 16 : maclen)) +
645 po->tp_reserve;
599 macoff = netoff - maclen; 646 macoff = netoff - maclen;
600 } 647 }
601 648
@@ -618,9 +665,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
618 } 665 }
619 666
620 spin_lock(&sk->sk_receive_queue.lock); 667 spin_lock(&sk->sk_receive_queue.lock);
621 h = packet_lookup_frame(po, po->head); 668 h.raw = packet_lookup_frame(po, po->head, TP_STATUS_KERNEL);
622 669 if (!h.raw)
623 if (h->tp_status)
624 goto ring_is_full; 670 goto ring_is_full;
625 po->head = po->head != po->frame_max ? po->head+1 : 0; 671 po->head = po->head != po->frame_max ? po->head+1 : 0;
626 po->stats.tp_packets++; 672 po->stats.tp_packets++;
@@ -632,20 +678,41 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
632 status &= ~TP_STATUS_LOSING; 678 status &= ~TP_STATUS_LOSING;
633 spin_unlock(&sk->sk_receive_queue.lock); 679 spin_unlock(&sk->sk_receive_queue.lock);
634 680
635 skb_copy_bits(skb, 0, (u8*)h + macoff, snaplen); 681 skb_copy_bits(skb, 0, h.raw + macoff, snaplen);
636 682
637 h->tp_len = skb->len; 683 switch (po->tp_version) {
638 h->tp_snaplen = snaplen; 684 case TPACKET_V1:
639 h->tp_mac = macoff; 685 h.h1->tp_len = skb->len;
640 h->tp_net = netoff; 686 h.h1->tp_snaplen = snaplen;
641 if (skb->tstamp.tv64) 687 h.h1->tp_mac = macoff;
642 tv = ktime_to_timeval(skb->tstamp); 688 h.h1->tp_net = netoff;
643 else 689 if (skb->tstamp.tv64)
644 do_gettimeofday(&tv); 690 tv = ktime_to_timeval(skb->tstamp);
645 h->tp_sec = tv.tv_sec; 691 else
646 h->tp_usec = tv.tv_usec; 692 do_gettimeofday(&tv);
693 h.h1->tp_sec = tv.tv_sec;
694 h.h1->tp_usec = tv.tv_usec;
695 hdrlen = sizeof(*h.h1);
696 break;
697 case TPACKET_V2:
698 h.h2->tp_len = skb->len;
699 h.h2->tp_snaplen = snaplen;
700 h.h2->tp_mac = macoff;
701 h.h2->tp_net = netoff;
702 if (skb->tstamp.tv64)
703 ts = ktime_to_timespec(skb->tstamp);
704 else
705 getnstimeofday(&ts);
706 h.h2->tp_sec = ts.tv_sec;
707 h.h2->tp_nsec = ts.tv_nsec;
708 h.h2->tp_vlan_tci = skb->vlan_tci;
709 hdrlen = sizeof(*h.h2);
710 break;
711 default:
712 BUG();
713 }
647 714
648 sll = (struct sockaddr_ll*)((u8*)h + TPACKET_ALIGN(sizeof(*h))); 715 sll = h.raw + TPACKET_ALIGN(hdrlen);
649 sll->sll_halen = dev_parse_header(skb, sll->sll_addr); 716 sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
650 sll->sll_family = AF_PACKET; 717 sll->sll_family = AF_PACKET;
651 sll->sll_hatype = dev->type; 718 sll->sll_hatype = dev->type;
@@ -656,14 +723,14 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packe
656 else 723 else
657 sll->sll_ifindex = dev->ifindex; 724 sll->sll_ifindex = dev->ifindex;
658 725
659 h->tp_status = status; 726 __packet_set_status(po, h.raw, status);
660 smp_mb(); 727 smp_mb();
661 728
662 { 729 {
663 struct page *p_start, *p_end; 730 struct page *p_start, *p_end;
664 u8 *h_end = (u8 *)h + macoff + snaplen - 1; 731 u8 *h_end = h.raw + macoff + snaplen - 1;
665 732
666 p_start = virt_to_page(h); 733 p_start = virt_to_page(h.raw);
667 p_end = virt_to_page(h_end); 734 p_end = virt_to_page(h_end);
668 while (p_start <= p_end) { 735 while (p_start <= p_end) {
669 flush_dcache_page(p_start); 736 flush_dcache_page(p_start);
@@ -1109,6 +1176,7 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1109 aux.tp_snaplen = skb->len; 1176 aux.tp_snaplen = skb->len;
1110 aux.tp_mac = 0; 1177 aux.tp_mac = 0;
1111 aux.tp_net = skb_network_offset(skb); 1178 aux.tp_net = skb_network_offset(skb);
1179 aux.tp_vlan_tci = skb->vlan_tci;
1112 1180
1113 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); 1181 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux);
1114 } 1182 }
@@ -1175,7 +1243,8 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
1175 return 0; 1243 return 0;
1176} 1244}
1177 1245
1178static void packet_dev_mc(struct net_device *dev, struct packet_mclist *i, int what) 1246static int packet_dev_mc(struct net_device *dev, struct packet_mclist *i,
1247 int what)
1179{ 1248{
1180 switch (i->type) { 1249 switch (i->type) {
1181 case PACKET_MR_MULTICAST: 1250 case PACKET_MR_MULTICAST:
@@ -1185,13 +1254,14 @@ static void packet_dev_mc(struct net_device *dev, struct packet_mclist *i, int w
1185 dev_mc_delete(dev, i->addr, i->alen, 0); 1254 dev_mc_delete(dev, i->addr, i->alen, 0);
1186 break; 1255 break;
1187 case PACKET_MR_PROMISC: 1256 case PACKET_MR_PROMISC:
1188 dev_set_promiscuity(dev, what); 1257 return dev_set_promiscuity(dev, what);
1189 break; 1258 break;
1190 case PACKET_MR_ALLMULTI: 1259 case PACKET_MR_ALLMULTI:
1191 dev_set_allmulti(dev, what); 1260 return dev_set_allmulti(dev, what);
1192 break; 1261 break;
1193 default:; 1262 default:;
1194 } 1263 }
1264 return 0;
1195} 1265}
1196 1266
1197static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what) 1267static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what)
@@ -1245,7 +1315,11 @@ static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq)
1245 i->count = 1; 1315 i->count = 1;
1246 i->next = po->mclist; 1316 i->next = po->mclist;
1247 po->mclist = i; 1317 po->mclist = i;
1248 packet_dev_mc(dev, i, +1); 1318 err = packet_dev_mc(dev, i, 1);
1319 if (err) {
1320 po->mclist = i->next;
1321 kfree(i);
1322 }
1249 1323
1250done: 1324done:
1251 rtnl_unlock(); 1325 rtnl_unlock();
@@ -1358,6 +1432,38 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
1358 pkt_sk(sk)->copy_thresh = val; 1432 pkt_sk(sk)->copy_thresh = val;
1359 return 0; 1433 return 0;
1360 } 1434 }
1435 case PACKET_VERSION:
1436 {
1437 int val;
1438
1439 if (optlen != sizeof(val))
1440 return -EINVAL;
1441 if (po->pg_vec)
1442 return -EBUSY;
1443 if (copy_from_user(&val, optval, sizeof(val)))
1444 return -EFAULT;
1445 switch (val) {
1446 case TPACKET_V1:
1447 case TPACKET_V2:
1448 po->tp_version = val;
1449 return 0;
1450 default:
1451 return -EINVAL;
1452 }
1453 }
1454 case PACKET_RESERVE:
1455 {
1456 unsigned int val;
1457
1458 if (optlen != sizeof(val))
1459 return -EINVAL;
1460 if (po->pg_vec)
1461 return -EBUSY;
1462 if (copy_from_user(&val, optval, sizeof(val)))
1463 return -EFAULT;
1464 po->tp_reserve = val;
1465 return 0;
1466 }
1361#endif 1467#endif
1362 case PACKET_AUXDATA: 1468 case PACKET_AUXDATA:
1363 { 1469 {
@@ -1433,6 +1539,37 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1433 1539
1434 data = &val; 1540 data = &val;
1435 break; 1541 break;
1542#ifdef CONFIG_PACKET_MMAP
1543 case PACKET_VERSION:
1544 if (len > sizeof(int))
1545 len = sizeof(int);
1546 val = po->tp_version;
1547 data = &val;
1548 break;
1549 case PACKET_HDRLEN:
1550 if (len > sizeof(int))
1551 len = sizeof(int);
1552 if (copy_from_user(&val, optval, len))
1553 return -EFAULT;
1554 switch (val) {
1555 case TPACKET_V1:
1556 val = sizeof(struct tpacket_hdr);
1557 break;
1558 case TPACKET_V2:
1559 val = sizeof(struct tpacket2_hdr);
1560 break;
1561 default:
1562 return -EINVAL;
1563 }
1564 data = &val;
1565 break;
1566 case PACKET_RESERVE:
1567 if (len > sizeof(unsigned int))
1568 len = sizeof(unsigned int);
1569 val = po->tp_reserve;
1570 data = &val;
1571 break;
1572#endif
1436 default: 1573 default:
1437 return -ENOPROTOOPT; 1574 return -ENOPROTOOPT;
1438 } 1575 }
@@ -1540,7 +1677,7 @@ static int packet_ioctl(struct socket *sock, unsigned int cmd,
1540 case SIOCGIFDSTADDR: 1677 case SIOCGIFDSTADDR:
1541 case SIOCSIFDSTADDR: 1678 case SIOCSIFDSTADDR:
1542 case SIOCSIFFLAGS: 1679 case SIOCSIFFLAGS:
1543 if (sock_net(sk) != &init_net) 1680 if (!net_eq(sock_net(sk), &init_net))
1544 return -ENOIOCTLCMD; 1681 return -ENOIOCTLCMD;
1545 return inet_dgram_ops.ioctl(sock, cmd, arg); 1682 return inet_dgram_ops.ioctl(sock, cmd, arg);
1546#endif 1683#endif
@@ -1566,11 +1703,8 @@ static unsigned int packet_poll(struct file * file, struct socket *sock,
1566 spin_lock_bh(&sk->sk_receive_queue.lock); 1703 spin_lock_bh(&sk->sk_receive_queue.lock);
1567 if (po->pg_vec) { 1704 if (po->pg_vec) {
1568 unsigned last = po->head ? po->head-1 : po->frame_max; 1705 unsigned last = po->head ? po->head-1 : po->frame_max;
1569 struct tpacket_hdr *h;
1570
1571 h = packet_lookup_frame(po, last);
1572 1706
1573 if (h->tp_status) 1707 if (packet_lookup_frame(po, last, TP_STATUS_USER))
1574 mask |= POLLIN | POLLRDNORM; 1708 mask |= POLLIN | POLLRDNORM;
1575 } 1709 }
1576 spin_unlock_bh(&sk->sk_receive_queue.lock); 1710 spin_unlock_bh(&sk->sk_receive_queue.lock);
@@ -1665,11 +1799,21 @@ static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing
1665 if (unlikely(po->pg_vec)) 1799 if (unlikely(po->pg_vec))
1666 return -EBUSY; 1800 return -EBUSY;
1667 1801
1802 switch (po->tp_version) {
1803 case TPACKET_V1:
1804 po->tp_hdrlen = TPACKET_HDRLEN;
1805 break;
1806 case TPACKET_V2:
1807 po->tp_hdrlen = TPACKET2_HDRLEN;
1808 break;
1809 }
1810
1668 if (unlikely((int)req->tp_block_size <= 0)) 1811 if (unlikely((int)req->tp_block_size <= 0))
1669 return -EINVAL; 1812 return -EINVAL;
1670 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) 1813 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
1671 return -EINVAL; 1814 return -EINVAL;
1672 if (unlikely(req->tp_frame_size < TPACKET_HDRLEN)) 1815 if (unlikely(req->tp_frame_size < po->tp_hdrlen +
1816 po->tp_reserve))
1673 return -EINVAL; 1817 return -EINVAL;
1674 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1))) 1818 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1)))
1675 return -EINVAL; 1819 return -EINVAL;
@@ -1688,13 +1832,11 @@ static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing
1688 goto out; 1832 goto out;
1689 1833
1690 for (i = 0; i < req->tp_block_nr; i++) { 1834 for (i = 0; i < req->tp_block_nr; i++) {
1691 char *ptr = pg_vec[i]; 1835 void *ptr = pg_vec[i];
1692 struct tpacket_hdr *header;
1693 int k; 1836 int k;
1694 1837
1695 for (k = 0; k < po->frames_per_block; k++) { 1838 for (k = 0; k < po->frames_per_block; k++) {
1696 header = (struct tpacket_hdr *) ptr; 1839 __packet_set_status(po, ptr, TP_STATUS_KERNEL);
1697 header->tp_status = TP_STATUS_KERNEL;
1698 ptr += req->tp_frame_size; 1840 ptr += req->tp_frame_size;
1699 } 1841 }
1700 } 1842 }
diff --git a/net/rfkill/rfkill-input.c b/net/rfkill/rfkill-input.c
index e4b051dbed61..e5b69556bb5b 100644
--- a/net/rfkill/rfkill-input.c
+++ b/net/rfkill/rfkill-input.c
@@ -30,39 +30,62 @@ struct rfkill_task {
30 spinlock_t lock; /* for accessing last and desired state */ 30 spinlock_t lock; /* for accessing last and desired state */
31 unsigned long last; /* last schedule */ 31 unsigned long last; /* last schedule */
32 enum rfkill_state desired_state; /* on/off */ 32 enum rfkill_state desired_state; /* on/off */
33 enum rfkill_state current_state; /* on/off */
34}; 33};
35 34
36static void rfkill_task_handler(struct work_struct *work) 35static void rfkill_task_handler(struct work_struct *work)
37{ 36{
38 struct rfkill_task *task = container_of(work, struct rfkill_task, work); 37 struct rfkill_task *task = container_of(work, struct rfkill_task, work);
39 enum rfkill_state state;
40 38
41 mutex_lock(&task->mutex); 39 mutex_lock(&task->mutex);
42 40
43 /* 41 rfkill_switch_all(task->type, task->desired_state);
44 * Use temp variable to fetch desired state to keep it
45 * consistent even if rfkill_schedule_toggle() runs in
46 * another thread or interrupts us.
47 */
48 state = task->desired_state;
49 42
50 if (state != task->current_state) { 43 mutex_unlock(&task->mutex);
51 rfkill_switch_all(task->type, state); 44}
52 task->current_state = state; 45
46static void rfkill_task_epo_handler(struct work_struct *work)
47{
48 rfkill_epo();
49}
50
51static DECLARE_WORK(epo_work, rfkill_task_epo_handler);
52
53static void rfkill_schedule_epo(void)
54{
55 schedule_work(&epo_work);
56}
57
58static void rfkill_schedule_set(struct rfkill_task *task,
59 enum rfkill_state desired_state)
60{
61 unsigned long flags;
62
63 if (unlikely(work_pending(&epo_work)))
64 return;
65
66 spin_lock_irqsave(&task->lock, flags);
67
68 if (time_after(jiffies, task->last + msecs_to_jiffies(200))) {
69 task->desired_state = desired_state;
70 task->last = jiffies;
71 schedule_work(&task->work);
53 } 72 }
54 73
55 mutex_unlock(&task->mutex); 74 spin_unlock_irqrestore(&task->lock, flags);
56} 75}
57 76
58static void rfkill_schedule_toggle(struct rfkill_task *task) 77static void rfkill_schedule_toggle(struct rfkill_task *task)
59{ 78{
60 unsigned long flags; 79 unsigned long flags;
61 80
81 if (unlikely(work_pending(&epo_work)))
82 return;
83
62 spin_lock_irqsave(&task->lock, flags); 84 spin_lock_irqsave(&task->lock, flags);
63 85
64 if (time_after(jiffies, task->last + msecs_to_jiffies(200))) { 86 if (time_after(jiffies, task->last + msecs_to_jiffies(200))) {
65 task->desired_state = !task->desired_state; 87 task->desired_state =
88 rfkill_state_complement(task->desired_state);
66 task->last = jiffies; 89 task->last = jiffies;
67 schedule_work(&task->work); 90 schedule_work(&task->work);
68 } 91 }
@@ -70,26 +93,45 @@ static void rfkill_schedule_toggle(struct rfkill_task *task)
70 spin_unlock_irqrestore(&task->lock, flags); 93 spin_unlock_irqrestore(&task->lock, flags);
71} 94}
72 95
73#define DEFINE_RFKILL_TASK(n, t) \ 96#define DEFINE_RFKILL_TASK(n, t) \
74 struct rfkill_task n = { \ 97 struct rfkill_task n = { \
75 .work = __WORK_INITIALIZER(n.work, \ 98 .work = __WORK_INITIALIZER(n.work, \
76 rfkill_task_handler), \ 99 rfkill_task_handler), \
77 .type = t, \ 100 .type = t, \
78 .mutex = __MUTEX_INITIALIZER(n.mutex), \ 101 .mutex = __MUTEX_INITIALIZER(n.mutex), \
79 .lock = __SPIN_LOCK_UNLOCKED(n.lock), \ 102 .lock = __SPIN_LOCK_UNLOCKED(n.lock), \
80 .desired_state = RFKILL_STATE_ON, \ 103 .desired_state = RFKILL_STATE_UNBLOCKED, \
81 .current_state = RFKILL_STATE_ON, \
82 } 104 }
83 105
84static DEFINE_RFKILL_TASK(rfkill_wlan, RFKILL_TYPE_WLAN); 106static DEFINE_RFKILL_TASK(rfkill_wlan, RFKILL_TYPE_WLAN);
85static DEFINE_RFKILL_TASK(rfkill_bt, RFKILL_TYPE_BLUETOOTH); 107static DEFINE_RFKILL_TASK(rfkill_bt, RFKILL_TYPE_BLUETOOTH);
86static DEFINE_RFKILL_TASK(rfkill_uwb, RFKILL_TYPE_UWB); 108static DEFINE_RFKILL_TASK(rfkill_uwb, RFKILL_TYPE_UWB);
87static DEFINE_RFKILL_TASK(rfkill_wimax, RFKILL_TYPE_WIMAX); 109static DEFINE_RFKILL_TASK(rfkill_wimax, RFKILL_TYPE_WIMAX);
110static DEFINE_RFKILL_TASK(rfkill_wwan, RFKILL_TYPE_WWAN);
111
112static void rfkill_schedule_evsw_rfkillall(int state)
113{
114 /* EVERY radio type. state != 0 means radios ON */
115 /* handle EPO (emergency power off) through shortcut */
116 if (state) {
117 rfkill_schedule_set(&rfkill_wwan,
118 RFKILL_STATE_UNBLOCKED);
119 rfkill_schedule_set(&rfkill_wimax,
120 RFKILL_STATE_UNBLOCKED);
121 rfkill_schedule_set(&rfkill_uwb,
122 RFKILL_STATE_UNBLOCKED);
123 rfkill_schedule_set(&rfkill_bt,
124 RFKILL_STATE_UNBLOCKED);
125 rfkill_schedule_set(&rfkill_wlan,
126 RFKILL_STATE_UNBLOCKED);
127 } else
128 rfkill_schedule_epo();
129}
88 130
89static void rfkill_event(struct input_handle *handle, unsigned int type, 131static void rfkill_event(struct input_handle *handle, unsigned int type,
90 unsigned int code, int down) 132 unsigned int code, int data)
91{ 133{
92 if (type == EV_KEY && down == 1) { 134 if (type == EV_KEY && data == 1) {
93 switch (code) { 135 switch (code) {
94 case KEY_WLAN: 136 case KEY_WLAN:
95 rfkill_schedule_toggle(&rfkill_wlan); 137 rfkill_schedule_toggle(&rfkill_wlan);
@@ -106,6 +148,14 @@ static void rfkill_event(struct input_handle *handle, unsigned int type,
106 default: 148 default:
107 break; 149 break;
108 } 150 }
151 } else if (type == EV_SW) {
152 switch (code) {
153 case SW_RFKILL_ALL:
154 rfkill_schedule_evsw_rfkillall(data);
155 break;
156 default:
157 break;
158 }
109 } 159 }
110} 160}
111 161
@@ -123,6 +173,7 @@ static int rfkill_connect(struct input_handler *handler, struct input_dev *dev,
123 handle->handler = handler; 173 handle->handler = handler;
124 handle->name = "rfkill"; 174 handle->name = "rfkill";
125 175
176 /* causes rfkill_start() to be called */
126 error = input_register_handle(handle); 177 error = input_register_handle(handle);
127 if (error) 178 if (error)
128 goto err_free_handle; 179 goto err_free_handle;
@@ -140,6 +191,23 @@ static int rfkill_connect(struct input_handler *handler, struct input_dev *dev,
140 return error; 191 return error;
141} 192}
142 193
194static void rfkill_start(struct input_handle *handle)
195{
196 /* Take event_lock to guard against configuration changes, we
197 * should be able to deal with concurrency with rfkill_event()
198 * just fine (which event_lock will also avoid). */
199 spin_lock_irq(&handle->dev->event_lock);
200
201 if (test_bit(EV_SW, handle->dev->evbit)) {
202 if (test_bit(SW_RFKILL_ALL, handle->dev->swbit))
203 rfkill_schedule_evsw_rfkillall(test_bit(SW_RFKILL_ALL,
204 handle->dev->sw));
205 /* add resync for further EV_SW events here */
206 }
207
208 spin_unlock_irq(&handle->dev->event_lock);
209}
210
143static void rfkill_disconnect(struct input_handle *handle) 211static void rfkill_disconnect(struct input_handle *handle)
144{ 212{
145 input_close_device(handle); 213 input_close_device(handle);
@@ -168,6 +236,11 @@ static const struct input_device_id rfkill_ids[] = {
168 .evbit = { BIT_MASK(EV_KEY) }, 236 .evbit = { BIT_MASK(EV_KEY) },
169 .keybit = { [BIT_WORD(KEY_WIMAX)] = BIT_MASK(KEY_WIMAX) }, 237 .keybit = { [BIT_WORD(KEY_WIMAX)] = BIT_MASK(KEY_WIMAX) },
170 }, 238 },
239 {
240 .flags = INPUT_DEVICE_ID_MATCH_EVBIT | INPUT_DEVICE_ID_MATCH_SWBIT,
241 .evbit = { BIT(EV_SW) },
242 .swbit = { [BIT_WORD(SW_RFKILL_ALL)] = BIT_MASK(SW_RFKILL_ALL) },
243 },
171 { } 244 { }
172}; 245};
173 246
@@ -175,6 +248,7 @@ static struct input_handler rfkill_handler = {
175 .event = rfkill_event, 248 .event = rfkill_event,
176 .connect = rfkill_connect, 249 .connect = rfkill_connect,
177 .disconnect = rfkill_disconnect, 250 .disconnect = rfkill_disconnect,
251 .start = rfkill_start,
178 .name = "rfkill", 252 .name = "rfkill",
179 .id_table = rfkill_ids, 253 .id_table = rfkill_ids,
180}; 254};
diff --git a/net/rfkill/rfkill-input.h b/net/rfkill/rfkill-input.h
index 4dae5006fc77..f63d05045685 100644
--- a/net/rfkill/rfkill-input.h
+++ b/net/rfkill/rfkill-input.h
@@ -12,5 +12,6 @@
12#define __RFKILL_INPUT_H 12#define __RFKILL_INPUT_H
13 13
14void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state); 14void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state);
15void rfkill_epo(void);
15 16
16#endif /* __RFKILL_INPUT_H */ 17#endif /* __RFKILL_INPUT_H */
diff --git a/net/rfkill/rfkill.c b/net/rfkill/rfkill.c
index 4e10a95de832..74aecc098bad 100644
--- a/net/rfkill/rfkill.c
+++ b/net/rfkill/rfkill.c
@@ -39,8 +39,56 @@ MODULE_LICENSE("GPL");
39static LIST_HEAD(rfkill_list); /* list of registered rf switches */ 39static LIST_HEAD(rfkill_list); /* list of registered rf switches */
40static DEFINE_MUTEX(rfkill_mutex); 40static DEFINE_MUTEX(rfkill_mutex);
41 41
42static unsigned int rfkill_default_state = RFKILL_STATE_UNBLOCKED;
43module_param_named(default_state, rfkill_default_state, uint, 0444);
44MODULE_PARM_DESC(default_state,
45 "Default initial state for all radio types, 0 = radio off");
46
42static enum rfkill_state rfkill_states[RFKILL_TYPE_MAX]; 47static enum rfkill_state rfkill_states[RFKILL_TYPE_MAX];
43 48
49static BLOCKING_NOTIFIER_HEAD(rfkill_notifier_list);
50
51
52/**
53 * register_rfkill_notifier - Add notifier to rfkill notifier chain
54 * @nb: pointer to the new entry to add to the chain
55 *
56 * See blocking_notifier_chain_register() for return value and further
57 * observations.
58 *
59 * Adds a notifier to the rfkill notifier chain. The chain will be
60 * called with a pointer to the relevant rfkill structure as a parameter,
61 * refer to include/linux/rfkill.h for the possible events.
62 *
63 * Notifiers added to this chain are to always return NOTIFY_DONE. This
64 * chain is a blocking notifier chain: notifiers can sleep.
65 *
66 * Calls to this chain may have been done through a workqueue. One must
67 * assume unordered asynchronous behaviour, there is no way to know if
68 * actions related to the event that generated the notification have been
69 * carried out already.
70 */
71int register_rfkill_notifier(struct notifier_block *nb)
72{
73 return blocking_notifier_chain_register(&rfkill_notifier_list, nb);
74}
75EXPORT_SYMBOL_GPL(register_rfkill_notifier);
76
77/**
78 * unregister_rfkill_notifier - remove notifier from rfkill notifier chain
79 * @nb: pointer to the entry to remove from the chain
80 *
81 * See blocking_notifier_chain_unregister() for return value and further
82 * observations.
83 *
84 * Removes a notifier from the rfkill notifier chain.
85 */
86int unregister_rfkill_notifier(struct notifier_block *nb)
87{
88 return blocking_notifier_chain_unregister(&rfkill_notifier_list, nb);
89}
90EXPORT_SYMBOL_GPL(unregister_rfkill_notifier);
91
44 92
45static void rfkill_led_trigger(struct rfkill *rfkill, 93static void rfkill_led_trigger(struct rfkill *rfkill,
46 enum rfkill_state state) 94 enum rfkill_state state)
@@ -50,24 +98,115 @@ static void rfkill_led_trigger(struct rfkill *rfkill,
50 98
51 if (!led->name) 99 if (!led->name)
52 return; 100 return;
53 if (state == RFKILL_STATE_OFF) 101 if (state != RFKILL_STATE_UNBLOCKED)
54 led_trigger_event(led, LED_OFF); 102 led_trigger_event(led, LED_OFF);
55 else 103 else
56 led_trigger_event(led, LED_FULL); 104 led_trigger_event(led, LED_FULL);
57#endif /* CONFIG_RFKILL_LEDS */ 105#endif /* CONFIG_RFKILL_LEDS */
58} 106}
59 107
108#ifdef CONFIG_RFKILL_LEDS
109static void rfkill_led_trigger_activate(struct led_classdev *led)
110{
111 struct rfkill *rfkill = container_of(led->trigger,
112 struct rfkill, led_trigger);
113
114 rfkill_led_trigger(rfkill, rfkill->state);
115}
116#endif /* CONFIG_RFKILL_LEDS */
117
118static void notify_rfkill_state_change(struct rfkill *rfkill)
119{
120 blocking_notifier_call_chain(&rfkill_notifier_list,
121 RFKILL_STATE_CHANGED,
122 rfkill);
123}
124
125static void update_rfkill_state(struct rfkill *rfkill)
126{
127 enum rfkill_state newstate, oldstate;
128
129 if (rfkill->get_state) {
130 mutex_lock(&rfkill->mutex);
131 if (!rfkill->get_state(rfkill->data, &newstate)) {
132 oldstate = rfkill->state;
133 rfkill->state = newstate;
134 if (oldstate != newstate)
135 notify_rfkill_state_change(rfkill);
136 }
137 mutex_unlock(&rfkill->mutex);
138 }
139}
140
141/**
142 * rfkill_toggle_radio - wrapper for toggle_radio hook
143 * @rfkill: the rfkill struct to use
144 * @force: calls toggle_radio even if cache says it is not needed,
145 * and also makes sure notifications of the state will be
146 * sent even if it didn't change
147 * @state: the new state to call toggle_radio() with
148 *
149 * Calls rfkill->toggle_radio, enforcing the API for toggle_radio
150 * calls and handling all the red tape such as issuing notifications
151 * if the call is successful.
152 *
153 * Suspended devices are not touched at all, and -EAGAIN is returned.
154 *
155 * Note that the @force parameter cannot override a (possibly cached)
156 * state of RFKILL_STATE_HARD_BLOCKED. Any device making use of
157 * RFKILL_STATE_HARD_BLOCKED implements either get_state() or
158 * rfkill_force_state(), so the cache either is bypassed or valid.
159 *
160 * Note that we do call toggle_radio for RFKILL_STATE_SOFT_BLOCKED
161 * even if the radio is in RFKILL_STATE_HARD_BLOCKED state, so as to
162 * give the driver a hint that it should double-BLOCK the transmitter.
163 *
164 * Caller must have acquired rfkill->mutex.
165 */
60static int rfkill_toggle_radio(struct rfkill *rfkill, 166static int rfkill_toggle_radio(struct rfkill *rfkill,
61 enum rfkill_state state) 167 enum rfkill_state state,
168 int force)
62{ 169{
63 int retval = 0; 170 int retval = 0;
171 enum rfkill_state oldstate, newstate;
172
173 if (unlikely(rfkill->dev.power.power_state.event & PM_EVENT_SLEEP))
174 return -EBUSY;
64 175
65 if (state != rfkill->state) { 176 oldstate = rfkill->state;
177
178 if (rfkill->get_state && !force &&
179 !rfkill->get_state(rfkill->data, &newstate))
180 rfkill->state = newstate;
181
182 switch (state) {
183 case RFKILL_STATE_HARD_BLOCKED:
184 /* typically happens when refreshing hardware state,
185 * such as on resume */
186 state = RFKILL_STATE_SOFT_BLOCKED;
187 break;
188 case RFKILL_STATE_UNBLOCKED:
189 /* force can't override this, only rfkill_force_state() can */
190 if (rfkill->state == RFKILL_STATE_HARD_BLOCKED)
191 return -EPERM;
192 break;
193 case RFKILL_STATE_SOFT_BLOCKED:
194 /* nothing to do, we want to give drivers the hint to double
195 * BLOCK even a transmitter that is already in state
196 * RFKILL_STATE_HARD_BLOCKED */
197 break;
198 }
199
200 if (force || state != rfkill->state) {
66 retval = rfkill->toggle_radio(rfkill->data, state); 201 retval = rfkill->toggle_radio(rfkill->data, state);
67 if (!retval) { 202 /* never allow a HARD->SOFT downgrade! */
203 if (!retval && rfkill->state != RFKILL_STATE_HARD_BLOCKED)
68 rfkill->state = state; 204 rfkill->state = state;
69 rfkill_led_trigger(rfkill, state); 205 }
70 } 206
207 if (force || rfkill->state != oldstate) {
208 rfkill_led_trigger(rfkill, rfkill->state);
209 notify_rfkill_state_change(rfkill);
71 } 210 }
72 211
73 return retval; 212 return retval;
@@ -75,14 +214,13 @@ static int rfkill_toggle_radio(struct rfkill *rfkill,
75 214
76/** 215/**
77 * rfkill_switch_all - Toggle state of all switches of given type 216 * rfkill_switch_all - Toggle state of all switches of given type
78 * @type: type of interfaces to be affeceted 217 * @type: type of interfaces to be affected
79 * @state: the new state 218 * @state: the new state
80 * 219 *
81 * This function toggles state of all switches of given type unless 220 * This function toggles the state of all switches of given type,
82 * a specific switch is claimed by userspace in which case it is 221 * unless a specific switch is claimed by userspace (in which case,
83 * left alone. 222 * that switch is left alone) or suspended.
84 */ 223 */
85
86void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state) 224void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state)
87{ 225{
88 struct rfkill *rfkill; 226 struct rfkill *rfkill;
@@ -92,14 +230,77 @@ void rfkill_switch_all(enum rfkill_type type, enum rfkill_state state)
92 rfkill_states[type] = state; 230 rfkill_states[type] = state;
93 231
94 list_for_each_entry(rfkill, &rfkill_list, node) { 232 list_for_each_entry(rfkill, &rfkill_list, node) {
95 if ((!rfkill->user_claim) && (rfkill->type == type)) 233 if ((!rfkill->user_claim) && (rfkill->type == type)) {
96 rfkill_toggle_radio(rfkill, state); 234 mutex_lock(&rfkill->mutex);
235 rfkill_toggle_radio(rfkill, state, 0);
236 mutex_unlock(&rfkill->mutex);
237 }
97 } 238 }
98 239
99 mutex_unlock(&rfkill_mutex); 240 mutex_unlock(&rfkill_mutex);
100} 241}
101EXPORT_SYMBOL(rfkill_switch_all); 242EXPORT_SYMBOL(rfkill_switch_all);
102 243
244/**
245 * rfkill_epo - emergency power off all transmitters
246 *
247 * This kicks all non-suspended rfkill devices to RFKILL_STATE_SOFT_BLOCKED,
248 * ignoring everything in its path but rfkill_mutex and rfkill->mutex.
249 */
250void rfkill_epo(void)
251{
252 struct rfkill *rfkill;
253
254 mutex_lock(&rfkill_mutex);
255 list_for_each_entry(rfkill, &rfkill_list, node) {
256 mutex_lock(&rfkill->mutex);
257 rfkill_toggle_radio(rfkill, RFKILL_STATE_SOFT_BLOCKED, 1);
258 mutex_unlock(&rfkill->mutex);
259 }
260 mutex_unlock(&rfkill_mutex);
261}
262EXPORT_SYMBOL_GPL(rfkill_epo);
263
264/**
265 * rfkill_force_state - Force the internal rfkill radio state
266 * @rfkill: pointer to the rfkill class to modify.
267 * @state: the current radio state the class should be forced to.
268 *
269 * This function updates the internal state of the radio cached
270 * by the rfkill class. It should be used when the driver gets
271 * a notification by the firmware/hardware of the current *real*
272 * state of the radio rfkill switch.
273 *
274 * Devices which are subject to external changes on their rfkill
275 * state (such as those caused by a hardware rfkill line) MUST
276 * have their driver arrange to call rfkill_force_state() as soon
277 * as possible after such a change.
278 *
279 * This function may not be called from an atomic context.
280 */
281int rfkill_force_state(struct rfkill *rfkill, enum rfkill_state state)
282{
283 enum rfkill_state oldstate;
284
285 if (state != RFKILL_STATE_SOFT_BLOCKED &&
286 state != RFKILL_STATE_UNBLOCKED &&
287 state != RFKILL_STATE_HARD_BLOCKED)
288 return -EINVAL;
289
290 mutex_lock(&rfkill->mutex);
291
292 oldstate = rfkill->state;
293 rfkill->state = state;
294
295 if (state != oldstate)
296 notify_rfkill_state_change(rfkill);
297
298 mutex_unlock(&rfkill->mutex);
299
300 return 0;
301}
302EXPORT_SYMBOL(rfkill_force_state);
303
103static ssize_t rfkill_name_show(struct device *dev, 304static ssize_t rfkill_name_show(struct device *dev,
104 struct device_attribute *attr, 305 struct device_attribute *attr,
105 char *buf) 306 char *buf)
@@ -109,31 +310,31 @@ static ssize_t rfkill_name_show(struct device *dev,
109 return sprintf(buf, "%s\n", rfkill->name); 310 return sprintf(buf, "%s\n", rfkill->name);
110} 311}
111 312
112static ssize_t rfkill_type_show(struct device *dev, 313static const char *rfkill_get_type_str(enum rfkill_type type)
113 struct device_attribute *attr,
114 char *buf)
115{ 314{
116 struct rfkill *rfkill = to_rfkill(dev); 315 switch (type) {
117 const char *type;
118
119 switch (rfkill->type) {
120 case RFKILL_TYPE_WLAN: 316 case RFKILL_TYPE_WLAN:
121 type = "wlan"; 317 return "wlan";
122 break;
123 case RFKILL_TYPE_BLUETOOTH: 318 case RFKILL_TYPE_BLUETOOTH:
124 type = "bluetooth"; 319 return "bluetooth";
125 break;
126 case RFKILL_TYPE_UWB: 320 case RFKILL_TYPE_UWB:
127 type = "ultrawideband"; 321 return "ultrawideband";
128 break;
129 case RFKILL_TYPE_WIMAX: 322 case RFKILL_TYPE_WIMAX:
130 type = "wimax"; 323 return "wimax";
131 break; 324 case RFKILL_TYPE_WWAN:
325 return "wwan";
132 default: 326 default:
133 BUG(); 327 BUG();
134 } 328 }
329}
330
331static ssize_t rfkill_type_show(struct device *dev,
332 struct device_attribute *attr,
333 char *buf)
334{
335 struct rfkill *rfkill = to_rfkill(dev);
135 336
136 return sprintf(buf, "%s\n", type); 337 return sprintf(buf, "%s\n", rfkill_get_type_str(rfkill->type));
137} 338}
138 339
139static ssize_t rfkill_state_show(struct device *dev, 340static ssize_t rfkill_state_show(struct device *dev,
@@ -142,6 +343,7 @@ static ssize_t rfkill_state_show(struct device *dev,
142{ 343{
143 struct rfkill *rfkill = to_rfkill(dev); 344 struct rfkill *rfkill = to_rfkill(dev);
144 345
346 update_rfkill_state(rfkill);
145 return sprintf(buf, "%d\n", rfkill->state); 347 return sprintf(buf, "%d\n", rfkill->state);
146} 348}
147 349
@@ -156,10 +358,14 @@ static ssize_t rfkill_state_store(struct device *dev,
156 if (!capable(CAP_NET_ADMIN)) 358 if (!capable(CAP_NET_ADMIN))
157 return -EPERM; 359 return -EPERM;
158 360
361 /* RFKILL_STATE_HARD_BLOCKED is illegal here... */
362 if (state != RFKILL_STATE_UNBLOCKED &&
363 state != RFKILL_STATE_SOFT_BLOCKED)
364 return -EINVAL;
365
159 if (mutex_lock_interruptible(&rfkill->mutex)) 366 if (mutex_lock_interruptible(&rfkill->mutex))
160 return -ERESTARTSYS; 367 return -ERESTARTSYS;
161 error = rfkill_toggle_radio(rfkill, 368 error = rfkill_toggle_radio(rfkill, state, 0);
162 state ? RFKILL_STATE_ON : RFKILL_STATE_OFF);
163 mutex_unlock(&rfkill->mutex); 369 mutex_unlock(&rfkill->mutex);
164 370
165 return error ? error : count; 371 return error ? error : count;
@@ -171,7 +377,7 @@ static ssize_t rfkill_claim_show(struct device *dev,
171{ 377{
172 struct rfkill *rfkill = to_rfkill(dev); 378 struct rfkill *rfkill = to_rfkill(dev);
173 379
174 return sprintf(buf, "%d", rfkill->user_claim); 380 return sprintf(buf, "%d\n", rfkill->user_claim);
175} 381}
176 382
177static ssize_t rfkill_claim_store(struct device *dev, 383static ssize_t rfkill_claim_store(struct device *dev,
@@ -185,6 +391,9 @@ static ssize_t rfkill_claim_store(struct device *dev,
185 if (!capable(CAP_NET_ADMIN)) 391 if (!capable(CAP_NET_ADMIN))
186 return -EPERM; 392 return -EPERM;
187 393
394 if (rfkill->user_claim_unsupported)
395 return -EOPNOTSUPP;
396
188 /* 397 /*
189 * Take the global lock to make sure the kernel is not in 398 * Take the global lock to make sure the kernel is not in
190 * the middle of rfkill_switch_all 399 * the middle of rfkill_switch_all
@@ -193,18 +402,17 @@ static ssize_t rfkill_claim_store(struct device *dev,
193 if (error) 402 if (error)
194 return error; 403 return error;
195 404
196 if (rfkill->user_claim_unsupported) {
197 error = -EOPNOTSUPP;
198 goto out_unlock;
199 }
200 if (rfkill->user_claim != claim) { 405 if (rfkill->user_claim != claim) {
201 if (!claim) 406 if (!claim) {
407 mutex_lock(&rfkill->mutex);
202 rfkill_toggle_radio(rfkill, 408 rfkill_toggle_radio(rfkill,
203 rfkill_states[rfkill->type]); 409 rfkill_states[rfkill->type],
410 0);
411 mutex_unlock(&rfkill->mutex);
412 }
204 rfkill->user_claim = claim; 413 rfkill->user_claim = claim;
205 } 414 }
206 415
207out_unlock:
208 mutex_unlock(&rfkill_mutex); 416 mutex_unlock(&rfkill_mutex);
209 417
210 return error ? error : count; 418 return error ? error : count;
@@ -233,12 +441,12 @@ static int rfkill_suspend(struct device *dev, pm_message_t state)
233 441
234 if (dev->power.power_state.event != state.event) { 442 if (dev->power.power_state.event != state.event) {
235 if (state.event & PM_EVENT_SLEEP) { 443 if (state.event & PM_EVENT_SLEEP) {
236 mutex_lock(&rfkill->mutex); 444 /* Stop transmitter, keep state, no notifies */
237 445 update_rfkill_state(rfkill);
238 if (rfkill->state == RFKILL_STATE_ON)
239 rfkill->toggle_radio(rfkill->data,
240 RFKILL_STATE_OFF);
241 446
447 mutex_lock(&rfkill->mutex);
448 rfkill->toggle_radio(rfkill->data,
449 RFKILL_STATE_SOFT_BLOCKED);
242 mutex_unlock(&rfkill->mutex); 450 mutex_unlock(&rfkill->mutex);
243 } 451 }
244 452
@@ -255,13 +463,14 @@ static int rfkill_resume(struct device *dev)
255 if (dev->power.power_state.event != PM_EVENT_ON) { 463 if (dev->power.power_state.event != PM_EVENT_ON) {
256 mutex_lock(&rfkill->mutex); 464 mutex_lock(&rfkill->mutex);
257 465
258 if (rfkill->state == RFKILL_STATE_ON) 466 dev->power.power_state.event = PM_EVENT_ON;
259 rfkill->toggle_radio(rfkill->data, RFKILL_STATE_ON); 467
468 /* restore radio state AND notify everybody */
469 rfkill_toggle_radio(rfkill, rfkill->state, 1);
260 470
261 mutex_unlock(&rfkill->mutex); 471 mutex_unlock(&rfkill->mutex);
262 } 472 }
263 473
264 dev->power.power_state = PMSG_ON;
265 return 0; 474 return 0;
266} 475}
267#else 476#else
@@ -269,35 +478,75 @@ static int rfkill_resume(struct device *dev)
269#define rfkill_resume NULL 478#define rfkill_resume NULL
270#endif 479#endif
271 480
481static int rfkill_blocking_uevent_notifier(struct notifier_block *nb,
482 unsigned long eventid,
483 void *data)
484{
485 struct rfkill *rfkill = (struct rfkill *)data;
486
487 switch (eventid) {
488 case RFKILL_STATE_CHANGED:
489 kobject_uevent(&rfkill->dev.kobj, KOBJ_CHANGE);
490 break;
491 default:
492 break;
493 }
494
495 return NOTIFY_DONE;
496}
497
498static struct notifier_block rfkill_blocking_uevent_nb = {
499 .notifier_call = rfkill_blocking_uevent_notifier,
500 .priority = 0,
501};
502
503static int rfkill_dev_uevent(struct device *dev, struct kobj_uevent_env *env)
504{
505 struct rfkill *rfkill = to_rfkill(dev);
506 int error;
507
508 error = add_uevent_var(env, "RFKILL_NAME=%s", rfkill->name);
509 if (error)
510 return error;
511 error = add_uevent_var(env, "RFKILL_TYPE=%s",
512 rfkill_get_type_str(rfkill->type));
513 if (error)
514 return error;
515 error = add_uevent_var(env, "RFKILL_STATE=%d", rfkill->state);
516 return error;
517}
518
272static struct class rfkill_class = { 519static struct class rfkill_class = {
273 .name = "rfkill", 520 .name = "rfkill",
274 .dev_release = rfkill_release, 521 .dev_release = rfkill_release,
275 .dev_attrs = rfkill_dev_attrs, 522 .dev_attrs = rfkill_dev_attrs,
276 .suspend = rfkill_suspend, 523 .suspend = rfkill_suspend,
277 .resume = rfkill_resume, 524 .resume = rfkill_resume,
525 .dev_uevent = rfkill_dev_uevent,
278}; 526};
279 527
280static int rfkill_add_switch(struct rfkill *rfkill) 528static int rfkill_add_switch(struct rfkill *rfkill)
281{ 529{
282 int error;
283
284 mutex_lock(&rfkill_mutex); 530 mutex_lock(&rfkill_mutex);
285 531
286 error = rfkill_toggle_radio(rfkill, rfkill_states[rfkill->type]); 532 rfkill_toggle_radio(rfkill, rfkill_states[rfkill->type], 0);
287 if (!error) 533
288 list_add_tail(&rfkill->node, &rfkill_list); 534 list_add_tail(&rfkill->node, &rfkill_list);
289 535
290 mutex_unlock(&rfkill_mutex); 536 mutex_unlock(&rfkill_mutex);
291 537
292 return error; 538 return 0;
293} 539}
294 540
295static void rfkill_remove_switch(struct rfkill *rfkill) 541static void rfkill_remove_switch(struct rfkill *rfkill)
296{ 542{
297 mutex_lock(&rfkill_mutex); 543 mutex_lock(&rfkill_mutex);
298 list_del_init(&rfkill->node); 544 list_del_init(&rfkill->node);
299 rfkill_toggle_radio(rfkill, RFKILL_STATE_OFF);
300 mutex_unlock(&rfkill_mutex); 545 mutex_unlock(&rfkill_mutex);
546
547 mutex_lock(&rfkill->mutex);
548 rfkill_toggle_radio(rfkill, RFKILL_STATE_SOFT_BLOCKED, 1);
549 mutex_unlock(&rfkill->mutex);
301} 550}
302 551
303/** 552/**
@@ -306,9 +555,10 @@ static void rfkill_remove_switch(struct rfkill *rfkill)
306 * @type: type of the switch (RFKILL_TYPE_*) 555 * @type: type of the switch (RFKILL_TYPE_*)
307 * 556 *
308 * This function should be called by the network driver when it needs 557 * This function should be called by the network driver when it needs
309 * rfkill structure. Once the structure is allocated the driver shoud 558 * rfkill structure. Once the structure is allocated the driver should
310 * finish its initialization by setting name, private data, enable_radio 559 * finish its initialization by setting the name, private data, enable_radio
311 * and disable_radio methods and then register it with rfkill_register(). 560 * and disable_radio methods and then register it with rfkill_register().
561 *
312 * NOTE: If registration fails the structure shoudl be freed by calling 562 * NOTE: If registration fails the structure shoudl be freed by calling
313 * rfkill_free() otherwise rfkill_unregister() should be used. 563 * rfkill_free() otherwise rfkill_unregister() should be used.
314 */ 564 */
@@ -340,7 +590,7 @@ EXPORT_SYMBOL(rfkill_allocate);
340 * rfkill_free - Mark rfkill structure for deletion 590 * rfkill_free - Mark rfkill structure for deletion
341 * @rfkill: rfkill structure to be destroyed 591 * @rfkill: rfkill structure to be destroyed
342 * 592 *
343 * Decrements reference count of rfkill structure so it is destroyed. 593 * Decrements reference count of the rfkill structure so it is destroyed.
344 * Note that rfkill_free() should _not_ be called after rfkill_unregister(). 594 * Note that rfkill_free() should _not_ be called after rfkill_unregister().
345 */ 595 */
346void rfkill_free(struct rfkill *rfkill) 596void rfkill_free(struct rfkill *rfkill)
@@ -355,7 +605,10 @@ static void rfkill_led_trigger_register(struct rfkill *rfkill)
355#ifdef CONFIG_RFKILL_LEDS 605#ifdef CONFIG_RFKILL_LEDS
356 int error; 606 int error;
357 607
358 rfkill->led_trigger.name = rfkill->dev.bus_id; 608 if (!rfkill->led_trigger.name)
609 rfkill->led_trigger.name = rfkill->dev.bus_id;
610 if (!rfkill->led_trigger.activate)
611 rfkill->led_trigger.activate = rfkill_led_trigger_activate;
359 error = led_trigger_register(&rfkill->led_trigger); 612 error = led_trigger_register(&rfkill->led_trigger);
360 if (error) 613 if (error)
361 rfkill->led_trigger.name = NULL; 614 rfkill->led_trigger.name = NULL;
@@ -365,8 +618,10 @@ static void rfkill_led_trigger_register(struct rfkill *rfkill)
365static void rfkill_led_trigger_unregister(struct rfkill *rfkill) 618static void rfkill_led_trigger_unregister(struct rfkill *rfkill)
366{ 619{
367#ifdef CONFIG_RFKILL_LEDS 620#ifdef CONFIG_RFKILL_LEDS
368 if (rfkill->led_trigger.name) 621 if (rfkill->led_trigger.name) {
369 led_trigger_unregister(&rfkill->led_trigger); 622 led_trigger_unregister(&rfkill->led_trigger);
623 rfkill->led_trigger.name = NULL;
624 }
370#endif 625#endif
371} 626}
372 627
@@ -402,8 +657,8 @@ int rfkill_register(struct rfkill *rfkill)
402 657
403 error = device_add(dev); 658 error = device_add(dev);
404 if (error) { 659 if (error) {
405 rfkill_led_trigger_unregister(rfkill);
406 rfkill_remove_switch(rfkill); 660 rfkill_remove_switch(rfkill);
661 rfkill_led_trigger_unregister(rfkill);
407 return error; 662 return error;
408 } 663 }
409 664
@@ -412,7 +667,7 @@ int rfkill_register(struct rfkill *rfkill)
412EXPORT_SYMBOL(rfkill_register); 667EXPORT_SYMBOL(rfkill_register);
413 668
414/** 669/**
415 * rfkill_unregister - Uegister a rfkill structure. 670 * rfkill_unregister - Unregister a rfkill structure.
416 * @rfkill: rfkill structure to be unregistered 671 * @rfkill: rfkill structure to be unregistered
417 * 672 *
418 * This function should be called by the network driver during device 673 * This function should be called by the network driver during device
@@ -436,8 +691,13 @@ static int __init rfkill_init(void)
436 int error; 691 int error;
437 int i; 692 int i;
438 693
694 /* RFKILL_STATE_HARD_BLOCKED is illegal here... */
695 if (rfkill_default_state != RFKILL_STATE_SOFT_BLOCKED &&
696 rfkill_default_state != RFKILL_STATE_UNBLOCKED)
697 return -EINVAL;
698
439 for (i = 0; i < ARRAY_SIZE(rfkill_states); i++) 699 for (i = 0; i < ARRAY_SIZE(rfkill_states); i++)
440 rfkill_states[i] = RFKILL_STATE_ON; 700 rfkill_states[i] = rfkill_default_state;
441 701
442 error = class_register(&rfkill_class); 702 error = class_register(&rfkill_class);
443 if (error) { 703 if (error) {
@@ -445,11 +705,14 @@ static int __init rfkill_init(void)
445 return error; 705 return error;
446 } 706 }
447 707
708 register_rfkill_notifier(&rfkill_blocking_uevent_nb);
709
448 return 0; 710 return 0;
449} 711}
450 712
451static void __exit rfkill_exit(void) 713static void __exit rfkill_exit(void)
452{ 714{
715 unregister_rfkill_notifier(&rfkill_blocking_uevent_nb);
453 class_unregister(&rfkill_class); 716 class_unregister(&rfkill_class);
454} 717}
455 718
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 1ebf65294405..a7f1ce11bc22 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -74,6 +74,20 @@ ax25_address rose_callsign;
74 * separate class since they always nest. 74 * separate class since they always nest.
75 */ 75 */
76static struct lock_class_key rose_netdev_xmit_lock_key; 76static struct lock_class_key rose_netdev_xmit_lock_key;
77static struct lock_class_key rose_netdev_addr_lock_key;
78
79static void rose_set_lockdep_one(struct net_device *dev,
80 struct netdev_queue *txq,
81 void *_unused)
82{
83 lockdep_set_class(&txq->_xmit_lock, &rose_netdev_xmit_lock_key);
84}
85
86static void rose_set_lockdep_key(struct net_device *dev)
87{
88 lockdep_set_class(&dev->addr_list_lock, &rose_netdev_addr_lock_key);
89 netdev_for_each_tx_queue(dev, rose_set_lockdep_one, NULL);
90}
77 91
78/* 92/*
79 * Convert a ROSE address into text. 93 * Convert a ROSE address into text.
@@ -197,7 +211,7 @@ static int rose_device_event(struct notifier_block *this, unsigned long event,
197{ 211{
198 struct net_device *dev = (struct net_device *)ptr; 212 struct net_device *dev = (struct net_device *)ptr;
199 213
200 if (dev_net(dev) != &init_net) 214 if (!net_eq(dev_net(dev), &init_net))
201 return NOTIFY_DONE; 215 return NOTIFY_DONE;
202 216
203 if (event != NETDEV_DOWN) 217 if (event != NETDEV_DOWN)
@@ -566,13 +580,11 @@ static struct sock *rose_make_new(struct sock *osk)
566#endif 580#endif
567 581
568 sk->sk_type = osk->sk_type; 582 sk->sk_type = osk->sk_type;
569 sk->sk_socket = osk->sk_socket;
570 sk->sk_priority = osk->sk_priority; 583 sk->sk_priority = osk->sk_priority;
571 sk->sk_protocol = osk->sk_protocol; 584 sk->sk_protocol = osk->sk_protocol;
572 sk->sk_rcvbuf = osk->sk_rcvbuf; 585 sk->sk_rcvbuf = osk->sk_rcvbuf;
573 sk->sk_sndbuf = osk->sk_sndbuf; 586 sk->sk_sndbuf = osk->sk_sndbuf;
574 sk->sk_state = TCP_ESTABLISHED; 587 sk->sk_state = TCP_ESTABLISHED;
575 sk->sk_sleep = osk->sk_sleep;
576 sock_copy_flags(sk, osk); 588 sock_copy_flags(sk, osk);
577 589
578 init_timer(&rose->timer); 590 init_timer(&rose->timer);
@@ -759,7 +771,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
759 sock->state = SS_UNCONNECTED; 771 sock->state = SS_UNCONNECTED;
760 772
761 rose->neighbour = rose_get_neigh(&addr->srose_addr, &cause, 773 rose->neighbour = rose_get_neigh(&addr->srose_addr, &cause,
762 &diagnostic); 774 &diagnostic, 0);
763 if (!rose->neighbour) { 775 if (!rose->neighbour) {
764 err = -ENETUNREACH; 776 err = -ENETUNREACH;
765 goto out_release; 777 goto out_release;
@@ -855,7 +867,7 @@ rose_try_next_neigh:
855 867
856 if (sk->sk_state != TCP_ESTABLISHED) { 868 if (sk->sk_state != TCP_ESTABLISHED) {
857 /* Try next neighbour */ 869 /* Try next neighbour */
858 rose->neighbour = rose_get_neigh(&addr->srose_addr, &cause, &diagnostic); 870 rose->neighbour = rose_get_neigh(&addr->srose_addr, &cause, &diagnostic, 0);
859 if (rose->neighbour) 871 if (rose->neighbour)
860 goto rose_try_next_neigh; 872 goto rose_try_next_neigh;
861 873
@@ -924,14 +936,12 @@ static int rose_accept(struct socket *sock, struct socket *newsock, int flags)
924 goto out_release; 936 goto out_release;
925 937
926 newsk = skb->sk; 938 newsk = skb->sk;
927 newsk->sk_socket = newsock; 939 sock_graft(newsk, newsock);
928 newsk->sk_sleep = &newsock->wait;
929 940
930 /* Now attach up the new socket */ 941 /* Now attach up the new socket */
931 skb->sk = NULL; 942 skb->sk = NULL;
932 kfree_skb(skb); 943 kfree_skb(skb);
933 sk->sk_ack_backlog--; 944 sk->sk_ack_backlog--;
934 newsock->sk = newsk;
935 945
936out_release: 946out_release:
937 release_sock(sk); 947 release_sock(sk);
@@ -1580,7 +1590,7 @@ static int __init rose_proto_init(void)
1580 free_netdev(dev); 1590 free_netdev(dev);
1581 goto fail; 1591 goto fail;
1582 } 1592 }
1583 lockdep_set_class(&dev->_xmit_lock, &rose_netdev_xmit_lock_key); 1593 rose_set_lockdep_key(dev);
1584 dev_rose[i] = dev; 1594 dev_rose[i] = dev;
1585 } 1595 }
1586 1596
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index bd593871c81e..a81066a1010a 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -662,27 +662,34 @@ struct rose_route *rose_route_free_lci(unsigned int lci, struct rose_neigh *neig
662} 662}
663 663
664/* 664/*
665 * Find a neighbour given a ROSE address. 665 * Find a neighbour or a route given a ROSE address.
666 */ 666 */
667struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause, 667struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause,
668 unsigned char *diagnostic) 668 unsigned char *diagnostic, int new)
669{ 669{
670 struct rose_neigh *res = NULL; 670 struct rose_neigh *res = NULL;
671 struct rose_node *node; 671 struct rose_node *node;
672 int failed = 0; 672 int failed = 0;
673 int i; 673 int i;
674 674
675 spin_lock_bh(&rose_node_list_lock); 675 if (!new) spin_lock_bh(&rose_node_list_lock);
676 for (node = rose_node_list; node != NULL; node = node->next) { 676 for (node = rose_node_list; node != NULL; node = node->next) {
677 if (rosecmpm(addr, &node->address, node->mask) == 0) { 677 if (rosecmpm(addr, &node->address, node->mask) == 0) {
678 for (i = 0; i < node->count; i++) { 678 for (i = 0; i < node->count; i++) {
679 if (!rose_ftimer_running(node->neighbour[i])) { 679 if (new) {
680 res = node->neighbour[i]; 680 if (node->neighbour[i]->restarted) {
681 goto out; 681 res = node->neighbour[i];
682 } else 682 goto out;
683 failed = 1; 683 }
684 }
685 else {
686 if (!rose_ftimer_running(node->neighbour[i])) {
687 res = node->neighbour[i];
688 goto out;
689 } else
690 failed = 1;
691 }
684 } 692 }
685 break;
686 } 693 }
687 } 694 }
688 695
@@ -695,7 +702,7 @@ struct rose_neigh *rose_get_neigh(rose_address *addr, unsigned char *cause,
695 } 702 }
696 703
697out: 704out:
698 spin_unlock_bh(&rose_node_list_lock); 705 if (!new) spin_unlock_bh(&rose_node_list_lock);
699 706
700 return res; 707 return res;
701} 708}
@@ -1018,7 +1025,7 @@ int rose_route_frame(struct sk_buff *skb, ax25_cb *ax25)
1018 rose_route = rose_route->next; 1025 rose_route = rose_route->next;
1019 } 1026 }
1020 1027
1021 if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic)) == NULL) { 1028 if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic, 1)) == NULL) {
1022 rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic); 1029 rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic);
1023 goto out; 1030 goto out;
1024 } 1031 }
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 4b2682feeedc..32e489118beb 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -660,9 +660,9 @@ static void rxrpc_sock_destructor(struct sock *sk)
660 660
661 rxrpc_purge_queue(&sk->sk_receive_queue); 661 rxrpc_purge_queue(&sk->sk_receive_queue);
662 662
663 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 663 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
664 BUG_TRAP(sk_unhashed(sk)); 664 WARN_ON(!sk_unhashed(sk));
665 BUG_TRAP(!sk->sk_socket); 665 WARN_ON(sk->sk_socket);
666 666
667 if (!sock_flag(sk, SOCK_DEAD)) { 667 if (!sock_flag(sk, SOCK_DEAD)) {
668 printk("Attempt to release alive rxrpc socket: %p\n", sk); 668 printk("Attempt to release alive rxrpc socket: %p\n", sk);
diff --git a/net/rxrpc/ar-accept.c b/net/rxrpc/ar-accept.c
index bdfb77417794..77228f28fa36 100644
--- a/net/rxrpc/ar-accept.c
+++ b/net/rxrpc/ar-accept.c
@@ -100,7 +100,7 @@ static int rxrpc_accept_incoming_call(struct rxrpc_local *local,
100 100
101 trans = rxrpc_get_transport(local, peer, GFP_NOIO); 101 trans = rxrpc_get_transport(local, peer, GFP_NOIO);
102 rxrpc_put_peer(peer); 102 rxrpc_put_peer(peer);
103 if (!trans) { 103 if (IS_ERR(trans)) {
104 _debug("no trans"); 104 _debug("no trans");
105 ret = -EBUSY; 105 ret = -EBUSY;
106 goto error; 106 goto error;
diff --git a/net/rxrpc/ar-input.c b/net/rxrpc/ar-input.c
index f8a699e92962..f98c8027e5c1 100644
--- a/net/rxrpc/ar-input.c
+++ b/net/rxrpc/ar-input.c
@@ -21,6 +21,7 @@
21#include <net/af_rxrpc.h> 21#include <net/af_rxrpc.h>
22#include <net/ip.h> 22#include <net/ip.h>
23#include <net/udp.h> 23#include <net/udp.h>
24#include <net/net_namespace.h>
24#include "ar-internal.h" 25#include "ar-internal.h"
25 26
26unsigned long rxrpc_ack_timeout = 1; 27unsigned long rxrpc_ack_timeout = 1;
@@ -708,12 +709,12 @@ void rxrpc_data_ready(struct sock *sk, int count)
708 if (skb_checksum_complete(skb)) { 709 if (skb_checksum_complete(skb)) {
709 rxrpc_free_skb(skb); 710 rxrpc_free_skb(skb);
710 rxrpc_put_local(local); 711 rxrpc_put_local(local);
711 UDP_INC_STATS_BH(UDP_MIB_INERRORS, 0); 712 UDP_INC_STATS_BH(&init_net, UDP_MIB_INERRORS, 0);
712 _leave(" [CSUM failed]"); 713 _leave(" [CSUM failed]");
713 return; 714 return;
714 } 715 }
715 716
716 UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, 0); 717 UDP_INC_STATS_BH(&init_net, UDP_MIB_INDATAGRAMS, 0);
717 718
718 /* the socket buffer we have is owned by UDP, with UDP's data all over 719 /* the socket buffer we have is owned by UDP, with UDP's data all over
719 * it, but we really want our own */ 720 * it, but we really want our own */
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 82adfe6447d7..9437b27ff84d 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -106,17 +106,6 @@ config NET_SCH_PRIO
106 To compile this code as a module, choose M here: the 106 To compile this code as a module, choose M here: the
107 module will be called sch_prio. 107 module will be called sch_prio.
108 108
109config NET_SCH_RR
110 tristate "Multi Band Round Robin Queuing (RR)"
111 select NET_SCH_PRIO
112 ---help---
113 Say Y here if you want to use an n-band round robin packet
114 scheduler.
115
116 The module uses sch_prio for its framework and is aliased as
117 sch_rr, so it will load sch_prio, although it is referred
118 to using sch_rr.
119
120config NET_SCH_RED 109config NET_SCH_RED
121 tristate "Random Early Detection (RED)" 110 tristate "Random Early Detection (RED)"
122 ---help--- 111 ---help---
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 74e662cbb2c5..9974b3f04f05 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -41,7 +41,7 @@ void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo)
41 return; 41 return;
42 } 42 }
43 } 43 }
44 BUG_TRAP(0); 44 WARN_ON(1);
45} 45}
46EXPORT_SYMBOL(tcf_hash_destroy); 46EXPORT_SYMBOL(tcf_hash_destroy);
47 47
@@ -205,10 +205,9 @@ struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a, int bind,
205{ 205{
206 struct tcf_common *p = NULL; 206 struct tcf_common *p = NULL;
207 if (index && (p = tcf_hash_lookup(index, hinfo)) != NULL) { 207 if (index && (p = tcf_hash_lookup(index, hinfo)) != NULL) {
208 if (bind) { 208 if (bind)
209 p->tcfc_bindcnt++; 209 p->tcfc_bindcnt++;
210 p->tcfc_refcnt++; 210 p->tcfc_refcnt++;
211 }
212 a->priv = p; 211 a->priv = p;
213 } 212 }
214 return p; 213 return p;
@@ -752,7 +751,7 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
752 struct nlattr *tb[TCA_ACT_MAX+1]; 751 struct nlattr *tb[TCA_ACT_MAX+1];
753 struct nlattr *kind; 752 struct nlattr *kind;
754 struct tc_action *a = create_a(0); 753 struct tc_action *a = create_a(0);
755 int err = -EINVAL; 754 int err = -ENOMEM;
756 755
757 if (a == NULL) { 756 if (a == NULL) {
758 printk("tca_action_flush: couldnt create tc_action\n"); 757 printk("tca_action_flush: couldnt create tc_action\n");
@@ -763,7 +762,7 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
763 if (!skb) { 762 if (!skb) {
764 printk("tca_action_flush: failed skb alloc\n"); 763 printk("tca_action_flush: failed skb alloc\n");
765 kfree(a); 764 kfree(a);
766 return -ENOBUFS; 765 return err;
767 } 766 }
768 767
769 b = skb_tail_pointer(skb); 768 b = skb_tail_pointer(skb);
@@ -791,6 +790,8 @@ static int tca_action_flush(struct nlattr *nla, struct nlmsghdr *n, u32 pid)
791 err = a->ops->walk(skb, &dcb, RTM_DELACTION, a); 790 err = a->ops->walk(skb, &dcb, RTM_DELACTION, a);
792 if (err < 0) 791 if (err < 0)
793 goto nla_put_failure; 792 goto nla_put_failure;
793 if (err == 0)
794 goto noflush_out;
794 795
795 nla_nest_end(skb, nest); 796 nla_nest_end(skb, nest);
796 797
@@ -808,6 +809,7 @@ nla_put_failure:
808nlmsg_failure: 809nlmsg_failure:
809 module_put(a->ops->owner); 810 module_put(a->ops->owner);
810err_out: 811err_out:
812noflush_out:
811 kfree_skb(skb); 813 kfree_skb(skb);
812 kfree(a); 814 kfree(a);
813 return err; 815 return err;
@@ -825,8 +827,10 @@ tca_action_gd(struct nlattr *nla, struct nlmsghdr *n, u32 pid, int event)
825 return ret; 827 return ret;
826 828
827 if (event == RTM_DELACTION && n->nlmsg_flags&NLM_F_ROOT) { 829 if (event == RTM_DELACTION && n->nlmsg_flags&NLM_F_ROOT) {
828 if (tb[0] != NULL && tb[1] == NULL) 830 if (tb[1] != NULL)
829 return tca_action_flush(tb[0], n, pid); 831 return tca_action_flush(tb[1], n, pid);
832 else
833 return -EINVAL;
830 } 834 }
831 835
832 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 836 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) {
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
index 422872c4f14b..ac04289da5d7 100644
--- a/net/sched/act_gact.c
+++ b/net/sched/act_gact.c
@@ -139,7 +139,7 @@ static int tcf_gact(struct sk_buff *skb, struct tc_action *a, struct tcf_result
139#else 139#else
140 action = gact->tcf_action; 140 action = gact->tcf_action;
141#endif 141#endif
142 gact->tcf_bstats.bytes += skb->len; 142 gact->tcf_bstats.bytes += qdisc_pkt_len(skb);
143 gact->tcf_bstats.packets++; 143 gact->tcf_bstats.packets++;
144 if (action == TC_ACT_SHOT) 144 if (action == TC_ACT_SHOT)
145 gact->tcf_qstats.drops++; 145 gact->tcf_qstats.drops++;
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index da696fd3e341..d1263b3c96c3 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -205,7 +205,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
205 spin_lock(&ipt->tcf_lock); 205 spin_lock(&ipt->tcf_lock);
206 206
207 ipt->tcf_tm.lastuse = jiffies; 207 ipt->tcf_tm.lastuse = jiffies;
208 ipt->tcf_bstats.bytes += skb->len; 208 ipt->tcf_bstats.bytes += qdisc_pkt_len(skb);
209 ipt->tcf_bstats.packets++; 209 ipt->tcf_bstats.packets++;
210 210
211 /* yes, we have to worry about both in and out dev 211 /* yes, we have to worry about both in and out dev
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 1aff005d95cd..70341c020b6d 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -164,7 +164,7 @@ bad_mirred:
164 if (skb2 != NULL) 164 if (skb2 != NULL)
165 kfree_skb(skb2); 165 kfree_skb(skb2);
166 m->tcf_qstats.overlimits++; 166 m->tcf_qstats.overlimits++;
167 m->tcf_bstats.bytes += skb->len; 167 m->tcf_bstats.bytes += qdisc_pkt_len(skb);
168 m->tcf_bstats.packets++; 168 m->tcf_bstats.packets++;
169 spin_unlock(&m->tcf_lock); 169 spin_unlock(&m->tcf_lock);
170 /* should we be asking for packet to be dropped? 170 /* should we be asking for packet to be dropped?
@@ -184,7 +184,7 @@ bad_mirred:
184 goto bad_mirred; 184 goto bad_mirred;
185 } 185 }
186 186
187 m->tcf_bstats.bytes += skb2->len; 187 m->tcf_bstats.bytes += qdisc_pkt_len(skb2);
188 m->tcf_bstats.packets++; 188 m->tcf_bstats.packets++;
189 if (!(at & AT_EGRESS)) 189 if (!(at & AT_EGRESS))
190 if (m->tcfm_ok_push) 190 if (m->tcfm_ok_push)
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 0a3c8339767a..7b39ed485bca 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -124,7 +124,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
124 egress = p->flags & TCA_NAT_FLAG_EGRESS; 124 egress = p->flags & TCA_NAT_FLAG_EGRESS;
125 action = p->tcf_action; 125 action = p->tcf_action;
126 126
127 p->tcf_bstats.bytes += skb->len; 127 p->tcf_bstats.bytes += qdisc_pkt_len(skb);
128 p->tcf_bstats.packets++; 128 p->tcf_bstats.packets++;
129 129
130 spin_unlock(&p->tcf_lock); 130 spin_unlock(&p->tcf_lock);
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 3cc4cb9e500e..d5f4e3404864 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -182,7 +182,7 @@ static int tcf_pedit(struct sk_buff *skb, struct tc_action *a,
182bad: 182bad:
183 p->tcf_qstats.overlimits++; 183 p->tcf_qstats.overlimits++;
184done: 184done:
185 p->tcf_bstats.bytes += skb->len; 185 p->tcf_bstats.bytes += qdisc_pkt_len(skb);
186 p->tcf_bstats.packets++; 186 p->tcf_bstats.packets++;
187 spin_unlock(&p->tcf_lock); 187 spin_unlock(&p->tcf_lock);
188 return p->tcf_action; 188 return p->tcf_action;
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 0898120bbcc0..38015b493947 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -116,7 +116,7 @@ static void tcf_police_destroy(struct tcf_police *p)
116 return; 116 return;
117 } 117 }
118 } 118 }
119 BUG_TRAP(0); 119 WARN_ON(1);
120} 120}
121 121
122static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = { 122static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = {
@@ -272,7 +272,7 @@ static int tcf_act_police(struct sk_buff *skb, struct tc_action *a,
272 272
273 spin_lock(&police->tcf_lock); 273 spin_lock(&police->tcf_lock);
274 274
275 police->tcf_bstats.bytes += skb->len; 275 police->tcf_bstats.bytes += qdisc_pkt_len(skb);
276 police->tcf_bstats.packets++; 276 police->tcf_bstats.packets++;
277 277
278 if (police->tcfp_ewma_rate && 278 if (police->tcfp_ewma_rate &&
@@ -282,7 +282,7 @@ static int tcf_act_police(struct sk_buff *skb, struct tc_action *a,
282 return police->tcf_action; 282 return police->tcf_action;
283 } 283 }
284 284
285 if (skb->len <= police->tcfp_mtu) { 285 if (qdisc_pkt_len(skb) <= police->tcfp_mtu) {
286 if (police->tcfp_R_tab == NULL) { 286 if (police->tcfp_R_tab == NULL) {
287 spin_unlock(&police->tcf_lock); 287 spin_unlock(&police->tcf_lock);
288 return police->tcfp_result; 288 return police->tcfp_result;
@@ -295,12 +295,12 @@ static int tcf_act_police(struct sk_buff *skb, struct tc_action *a,
295 ptoks = toks + police->tcfp_ptoks; 295 ptoks = toks + police->tcfp_ptoks;
296 if (ptoks > (long)L2T_P(police, police->tcfp_mtu)) 296 if (ptoks > (long)L2T_P(police, police->tcfp_mtu))
297 ptoks = (long)L2T_P(police, police->tcfp_mtu); 297 ptoks = (long)L2T_P(police, police->tcfp_mtu);
298 ptoks -= L2T_P(police, skb->len); 298 ptoks -= L2T_P(police, qdisc_pkt_len(skb));
299 } 299 }
300 toks += police->tcfp_toks; 300 toks += police->tcfp_toks;
301 if (toks > (long)police->tcfp_burst) 301 if (toks > (long)police->tcfp_burst)
302 toks = police->tcfp_burst; 302 toks = police->tcfp_burst;
303 toks -= L2T(police, skb->len); 303 toks -= L2T(police, qdisc_pkt_len(skb));
304 if ((toks|ptoks) >= 0) { 304 if ((toks|ptoks) >= 0) {
305 police->tcfp_t_c = now; 305 police->tcfp_t_c = now;
306 police->tcfp_toks = toks; 306 police->tcfp_toks = toks;
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index 1d421d059caf..e7851ce92cfe 100644
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -41,7 +41,7 @@ static int tcf_simp(struct sk_buff *skb, struct tc_action *a, struct tcf_result
41 41
42 spin_lock(&d->tcf_lock); 42 spin_lock(&d->tcf_lock);
43 d->tcf_tm.lastuse = jiffies; 43 d->tcf_tm.lastuse = jiffies;
44 d->tcf_bstats.bytes += skb->len; 44 d->tcf_bstats.bytes += qdisc_pkt_len(skb);
45 d->tcf_bstats.packets++; 45 d->tcf_bstats.packets++;
46 46
47 /* print policy string followed by _ then packet count 47 /* print policy string followed by _ then packet count
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 9360fc81e8c7..8eb79e92e94c 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -120,6 +120,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
120{ 120{
121 struct net *net = sock_net(skb->sk); 121 struct net *net = sock_net(skb->sk);
122 struct nlattr *tca[TCA_MAX + 1]; 122 struct nlattr *tca[TCA_MAX + 1];
123 spinlock_t *root_lock;
123 struct tcmsg *t; 124 struct tcmsg *t;
124 u32 protocol; 125 u32 protocol;
125 u32 prio; 126 u32 prio;
@@ -166,7 +167,8 @@ replay:
166 167
167 /* Find qdisc */ 168 /* Find qdisc */
168 if (!parent) { 169 if (!parent) {
169 q = dev->qdisc_sleeping; 170 struct netdev_queue *dev_queue = netdev_get_tx_queue(dev, 0);
171 q = dev_queue->qdisc_sleeping;
170 parent = q->handle; 172 parent = q->handle;
171 } else { 173 } else {
172 q = qdisc_lookup(dev, TC_H_MAJ(t->tcm_parent)); 174 q = qdisc_lookup(dev, TC_H_MAJ(t->tcm_parent));
@@ -203,6 +205,8 @@ replay:
203 } 205 }
204 } 206 }
205 207
208 root_lock = qdisc_root_sleeping_lock(q);
209
206 if (tp == NULL) { 210 if (tp == NULL) {
207 /* Proto-tcf does not exist, create new one */ 211 /* Proto-tcf does not exist, create new one */
208 212
@@ -262,10 +266,10 @@ replay:
262 goto errout; 266 goto errout;
263 } 267 }
264 268
265 qdisc_lock_tree(dev); 269 spin_lock_bh(root_lock);
266 tp->next = *back; 270 tp->next = *back;
267 *back = tp; 271 *back = tp;
268 qdisc_unlock_tree(dev); 272 spin_unlock_bh(root_lock);
269 273
270 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) 274 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind))
271 goto errout; 275 goto errout;
@@ -274,9 +278,9 @@ replay:
274 278
275 if (fh == 0) { 279 if (fh == 0) {
276 if (n->nlmsg_type == RTM_DELTFILTER && t->tcm_handle == 0) { 280 if (n->nlmsg_type == RTM_DELTFILTER && t->tcm_handle == 0) {
277 qdisc_lock_tree(dev); 281 spin_lock_bh(root_lock);
278 *back = tp->next; 282 *back = tp->next;
279 qdisc_unlock_tree(dev); 283 spin_unlock_bh(root_lock);
280 284
281 tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER); 285 tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER);
282 tcf_destroy(tp); 286 tcf_destroy(tp);
@@ -334,7 +338,7 @@ static int tcf_fill_node(struct sk_buff *skb, struct tcf_proto *tp,
334 tcm->tcm_family = AF_UNSPEC; 338 tcm->tcm_family = AF_UNSPEC;
335 tcm->tcm__pad1 = 0; 339 tcm->tcm__pad1 = 0;
336 tcm->tcm__pad1 = 0; 340 tcm->tcm__pad1 = 0;
337 tcm->tcm_ifindex = tp->q->dev->ifindex; 341 tcm->tcm_ifindex = qdisc_dev(tp->q)->ifindex;
338 tcm->tcm_parent = tp->classid; 342 tcm->tcm_parent = tp->classid;
339 tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol); 343 tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol);
340 NLA_PUT_STRING(skb, TCA_KIND, tp->ops->kind); 344 NLA_PUT_STRING(skb, TCA_KIND, tp->ops->kind);
@@ -390,6 +394,7 @@ static int tcf_node_dump(struct tcf_proto *tp, unsigned long n,
390static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb) 394static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
391{ 395{
392 struct net *net = sock_net(skb->sk); 396 struct net *net = sock_net(skb->sk);
397 struct netdev_queue *dev_queue;
393 int t; 398 int t;
394 int s_t; 399 int s_t;
395 struct net_device *dev; 400 struct net_device *dev;
@@ -408,8 +413,9 @@ static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
408 if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL) 413 if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL)
409 return skb->len; 414 return skb->len;
410 415
416 dev_queue = netdev_get_tx_queue(dev, 0);
411 if (!tcm->tcm_parent) 417 if (!tcm->tcm_parent)
412 q = dev->qdisc_sleeping; 418 q = dev_queue->qdisc_sleeping;
413 else 419 else
414 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent)); 420 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
415 if (!q) 421 if (!q)
diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c
index 971b867e0484..8f63a1a94014 100644
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -36,6 +36,8 @@ struct flow_filter {
36 struct list_head list; 36 struct list_head list;
37 struct tcf_exts exts; 37 struct tcf_exts exts;
38 struct tcf_ematch_tree ematches; 38 struct tcf_ematch_tree ematches;
39 struct timer_list perturb_timer;
40 u32 perturb_period;
39 u32 handle; 41 u32 handle;
40 42
41 u32 nkeys; 43 u32 nkeys;
@@ -47,11 +49,9 @@ struct flow_filter {
47 u32 addend; 49 u32 addend;
48 u32 divisor; 50 u32 divisor;
49 u32 baseclass; 51 u32 baseclass;
52 u32 hashrnd;
50}; 53};
51 54
52static u32 flow_hashrnd __read_mostly;
53static int flow_hashrnd_initted __read_mostly;
54
55static const struct tcf_ext_map flow_ext_map = { 55static const struct tcf_ext_map flow_ext_map = {
56 .action = TCA_FLOW_ACT, 56 .action = TCA_FLOW_ACT,
57 .police = TCA_FLOW_POLICE, 57 .police = TCA_FLOW_POLICE,
@@ -348,7 +348,7 @@ static int flow_classify(struct sk_buff *skb, struct tcf_proto *tp,
348 } 348 }
349 349
350 if (f->mode == FLOW_MODE_HASH) 350 if (f->mode == FLOW_MODE_HASH)
351 classid = jhash2(keys, f->nkeys, flow_hashrnd); 351 classid = jhash2(keys, f->nkeys, f->hashrnd);
352 else { 352 else {
353 classid = keys[0]; 353 classid = keys[0];
354 classid = (classid & f->mask) ^ f->xor; 354 classid = (classid & f->mask) ^ f->xor;
@@ -369,6 +369,15 @@ static int flow_classify(struct sk_buff *skb, struct tcf_proto *tp,
369 return -1; 369 return -1;
370} 370}
371 371
372static void flow_perturbation(unsigned long arg)
373{
374 struct flow_filter *f = (struct flow_filter *)arg;
375
376 get_random_bytes(&f->hashrnd, 4);
377 if (f->perturb_period)
378 mod_timer(&f->perturb_timer, jiffies + f->perturb_period);
379}
380
372static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = { 381static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = {
373 [TCA_FLOW_KEYS] = { .type = NLA_U32 }, 382 [TCA_FLOW_KEYS] = { .type = NLA_U32 },
374 [TCA_FLOW_MODE] = { .type = NLA_U32 }, 383 [TCA_FLOW_MODE] = { .type = NLA_U32 },
@@ -381,6 +390,7 @@ static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = {
381 [TCA_FLOW_ACT] = { .type = NLA_NESTED }, 390 [TCA_FLOW_ACT] = { .type = NLA_NESTED },
382 [TCA_FLOW_POLICE] = { .type = NLA_NESTED }, 391 [TCA_FLOW_POLICE] = { .type = NLA_NESTED },
383 [TCA_FLOW_EMATCHES] = { .type = NLA_NESTED }, 392 [TCA_FLOW_EMATCHES] = { .type = NLA_NESTED },
393 [TCA_FLOW_PERTURB] = { .type = NLA_U32 },
384}; 394};
385 395
386static int flow_change(struct tcf_proto *tp, unsigned long base, 396static int flow_change(struct tcf_proto *tp, unsigned long base,
@@ -394,6 +404,7 @@ static int flow_change(struct tcf_proto *tp, unsigned long base,
394 struct tcf_exts e; 404 struct tcf_exts e;
395 struct tcf_ematch_tree t; 405 struct tcf_ematch_tree t;
396 unsigned int nkeys = 0; 406 unsigned int nkeys = 0;
407 unsigned int perturb_period = 0;
397 u32 baseclass = 0; 408 u32 baseclass = 0;
398 u32 keymask = 0; 409 u32 keymask = 0;
399 u32 mode; 410 u32 mode;
@@ -442,6 +453,14 @@ static int flow_change(struct tcf_proto *tp, unsigned long base,
442 mode = nla_get_u32(tb[TCA_FLOW_MODE]); 453 mode = nla_get_u32(tb[TCA_FLOW_MODE]);
443 if (mode != FLOW_MODE_HASH && nkeys > 1) 454 if (mode != FLOW_MODE_HASH && nkeys > 1)
444 goto err2; 455 goto err2;
456
457 if (mode == FLOW_MODE_HASH)
458 perturb_period = f->perturb_period;
459 if (tb[TCA_FLOW_PERTURB]) {
460 if (mode != FLOW_MODE_HASH)
461 goto err2;
462 perturb_period = nla_get_u32(tb[TCA_FLOW_PERTURB]) * HZ;
463 }
445 } else { 464 } else {
446 err = -EINVAL; 465 err = -EINVAL;
447 if (!handle) 466 if (!handle)
@@ -455,6 +474,12 @@ static int flow_change(struct tcf_proto *tp, unsigned long base,
455 if (mode != FLOW_MODE_HASH && nkeys > 1) 474 if (mode != FLOW_MODE_HASH && nkeys > 1)
456 goto err2; 475 goto err2;
457 476
477 if (tb[TCA_FLOW_PERTURB]) {
478 if (mode != FLOW_MODE_HASH)
479 goto err2;
480 perturb_period = nla_get_u32(tb[TCA_FLOW_PERTURB]) * HZ;
481 }
482
458 if (TC_H_MAJ(baseclass) == 0) 483 if (TC_H_MAJ(baseclass) == 0)
459 baseclass = TC_H_MAKE(tp->q->handle, baseclass); 484 baseclass = TC_H_MAKE(tp->q->handle, baseclass);
460 if (TC_H_MIN(baseclass) == 0) 485 if (TC_H_MIN(baseclass) == 0)
@@ -467,6 +492,11 @@ static int flow_change(struct tcf_proto *tp, unsigned long base,
467 492
468 f->handle = handle; 493 f->handle = handle;
469 f->mask = ~0U; 494 f->mask = ~0U;
495
496 get_random_bytes(&f->hashrnd, 4);
497 f->perturb_timer.function = flow_perturbation;
498 f->perturb_timer.data = (unsigned long)f;
499 init_timer_deferrable(&f->perturb_timer);
470 } 500 }
471 501
472 tcf_exts_change(tp, &f->exts, &e); 502 tcf_exts_change(tp, &f->exts, &e);
@@ -495,6 +525,11 @@ static int flow_change(struct tcf_proto *tp, unsigned long base,
495 if (baseclass) 525 if (baseclass)
496 f->baseclass = baseclass; 526 f->baseclass = baseclass;
497 527
528 f->perturb_period = perturb_period;
529 del_timer(&f->perturb_timer);
530 if (perturb_period)
531 mod_timer(&f->perturb_timer, jiffies + perturb_period);
532
498 if (*arg == 0) 533 if (*arg == 0)
499 list_add_tail(&f->list, &head->filters); 534 list_add_tail(&f->list, &head->filters);
500 535
@@ -512,6 +547,7 @@ err1:
512 547
513static void flow_destroy_filter(struct tcf_proto *tp, struct flow_filter *f) 548static void flow_destroy_filter(struct tcf_proto *tp, struct flow_filter *f)
514{ 549{
550 del_timer_sync(&f->perturb_timer);
515 tcf_exts_destroy(tp, &f->exts); 551 tcf_exts_destroy(tp, &f->exts);
516 tcf_em_tree_destroy(tp, &f->ematches); 552 tcf_em_tree_destroy(tp, &f->ematches);
517 kfree(f); 553 kfree(f);
@@ -532,11 +568,6 @@ static int flow_init(struct tcf_proto *tp)
532{ 568{
533 struct flow_head *head; 569 struct flow_head *head;
534 570
535 if (!flow_hashrnd_initted) {
536 get_random_bytes(&flow_hashrnd, 4);
537 flow_hashrnd_initted = 1;
538 }
539
540 head = kzalloc(sizeof(*head), GFP_KERNEL); 571 head = kzalloc(sizeof(*head), GFP_KERNEL);
541 if (head == NULL) 572 if (head == NULL)
542 return -ENOBUFS; 573 return -ENOBUFS;
@@ -605,6 +636,9 @@ static int flow_dump(struct tcf_proto *tp, unsigned long fh,
605 if (f->baseclass) 636 if (f->baseclass)
606 NLA_PUT_U32(skb, TCA_FLOW_BASECLASS, f->baseclass); 637 NLA_PUT_U32(skb, TCA_FLOW_BASECLASS, f->baseclass);
607 638
639 if (f->perturb_period)
640 NLA_PUT_U32(skb, TCA_FLOW_PERTURB, f->perturb_period / HZ);
641
608 if (tcf_exts_dump(skb, &f->exts, &flow_ext_map) < 0) 642 if (tcf_exts_dump(skb, &f->exts, &flow_ext_map) < 0)
609 goto nla_put_failure; 643 goto nla_put_failure;
610#ifdef CONFIG_NET_EMATCH 644#ifdef CONFIG_NET_EMATCH
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c
index 784dcb870b98..e3d8455eebc2 100644
--- a/net/sched/cls_route.c
+++ b/net/sched/cls_route.c
@@ -73,11 +73,13 @@ static __inline__ int route4_fastmap_hash(u32 id, int iif)
73} 73}
74 74
75static inline 75static inline
76void route4_reset_fastmap(struct net_device *dev, struct route4_head *head, u32 id) 76void route4_reset_fastmap(struct Qdisc *q, struct route4_head *head, u32 id)
77{ 77{
78 qdisc_lock_tree(dev); 78 spinlock_t *root_lock = qdisc_root_sleeping_lock(q);
79
80 spin_lock_bh(root_lock);
79 memset(head->fastmap, 0, sizeof(head->fastmap)); 81 memset(head->fastmap, 0, sizeof(head->fastmap));
80 qdisc_unlock_tree(dev); 82 spin_unlock_bh(root_lock);
81} 83}
82 84
83static inline void 85static inline void
@@ -302,7 +304,7 @@ static int route4_delete(struct tcf_proto *tp, unsigned long arg)
302 *fp = f->next; 304 *fp = f->next;
303 tcf_tree_unlock(tp); 305 tcf_tree_unlock(tp);
304 306
305 route4_reset_fastmap(tp->q->dev, head, f->id); 307 route4_reset_fastmap(tp->q, head, f->id);
306 route4_delete_filter(tp, f); 308 route4_delete_filter(tp, f);
307 309
308 /* Strip tree */ 310 /* Strip tree */
@@ -500,7 +502,7 @@ reinsert:
500 } 502 }
501 tcf_tree_unlock(tp); 503 tcf_tree_unlock(tp);
502 504
503 route4_reset_fastmap(tp->q->dev, head, f->id); 505 route4_reset_fastmap(tp->q, head, f->id);
504 *arg = (unsigned long)f; 506 *arg = (unsigned long)f;
505 return 0; 507 return 0;
506 508
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 4d755444c449..246f9065ce34 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -75,7 +75,6 @@ struct tc_u_hnode
75 75
76struct tc_u_common 76struct tc_u_common
77{ 77{
78 struct tc_u_common *next;
79 struct tc_u_hnode *hlist; 78 struct tc_u_hnode *hlist;
80 struct Qdisc *q; 79 struct Qdisc *q;
81 int refcnt; 80 int refcnt;
@@ -87,8 +86,6 @@ static const struct tcf_ext_map u32_ext_map = {
87 .police = TCA_U32_POLICE 86 .police = TCA_U32_POLICE
88}; 87};
89 88
90static struct tc_u_common *u32_list;
91
92static __inline__ unsigned u32_hash_fold(__be32 key, struct tc_u32_sel *sel, u8 fshift) 89static __inline__ unsigned u32_hash_fold(__be32 key, struct tc_u32_sel *sel, u8 fshift)
93{ 90{
94 unsigned h = ntohl(key & sel->hmask)>>fshift; 91 unsigned h = ntohl(key & sel->hmask)>>fshift;
@@ -287,9 +284,7 @@ static int u32_init(struct tcf_proto *tp)
287 struct tc_u_hnode *root_ht; 284 struct tc_u_hnode *root_ht;
288 struct tc_u_common *tp_c; 285 struct tc_u_common *tp_c;
289 286
290 for (tp_c = u32_list; tp_c; tp_c = tp_c->next) 287 tp_c = tp->q->u32_node;
291 if (tp_c->q == tp->q)
292 break;
293 288
294 root_ht = kzalloc(sizeof(*root_ht), GFP_KERNEL); 289 root_ht = kzalloc(sizeof(*root_ht), GFP_KERNEL);
295 if (root_ht == NULL) 290 if (root_ht == NULL)
@@ -307,8 +302,7 @@ static int u32_init(struct tcf_proto *tp)
307 return -ENOBUFS; 302 return -ENOBUFS;
308 } 303 }
309 tp_c->q = tp->q; 304 tp_c->q = tp->q;
310 tp_c->next = u32_list; 305 tp->q->u32_node = tp_c;
311 u32_list = tp_c;
312 } 306 }
313 307
314 tp_c->refcnt++; 308 tp_c->refcnt++;
@@ -351,7 +345,7 @@ static int u32_delete_key(struct tcf_proto *tp, struct tc_u_knode* key)
351 } 345 }
352 } 346 }
353 } 347 }
354 BUG_TRAP(0); 348 WARN_ON(1);
355 return 0; 349 return 0;
356} 350}
357 351
@@ -374,7 +368,7 @@ static int u32_destroy_hnode(struct tcf_proto *tp, struct tc_u_hnode *ht)
374 struct tc_u_common *tp_c = tp->data; 368 struct tc_u_common *tp_c = tp->data;
375 struct tc_u_hnode **hn; 369 struct tc_u_hnode **hn;
376 370
377 BUG_TRAP(!ht->refcnt); 371 WARN_ON(ht->refcnt);
378 372
379 u32_clear_hnode(tp, ht); 373 u32_clear_hnode(tp, ht);
380 374
@@ -386,7 +380,7 @@ static int u32_destroy_hnode(struct tcf_proto *tp, struct tc_u_hnode *ht)
386 } 380 }
387 } 381 }
388 382
389 BUG_TRAP(0); 383 WARN_ON(1);
390 return -ENOENT; 384 return -ENOENT;
391} 385}
392 386
@@ -395,21 +389,15 @@ static void u32_destroy(struct tcf_proto *tp)
395 struct tc_u_common *tp_c = tp->data; 389 struct tc_u_common *tp_c = tp->data;
396 struct tc_u_hnode *root_ht = xchg(&tp->root, NULL); 390 struct tc_u_hnode *root_ht = xchg(&tp->root, NULL);
397 391
398 BUG_TRAP(root_ht != NULL); 392 WARN_ON(root_ht == NULL);
399 393
400 if (root_ht && --root_ht->refcnt == 0) 394 if (root_ht && --root_ht->refcnt == 0)
401 u32_destroy_hnode(tp, root_ht); 395 u32_destroy_hnode(tp, root_ht);
402 396
403 if (--tp_c->refcnt == 0) { 397 if (--tp_c->refcnt == 0) {
404 struct tc_u_hnode *ht; 398 struct tc_u_hnode *ht;
405 struct tc_u_common **tp_cp;
406 399
407 for (tp_cp = &u32_list; *tp_cp; tp_cp = &(*tp_cp)->next) { 400 tp->q->u32_node = NULL;
408 if (*tp_cp == tp_c) {
409 *tp_cp = tp_c->next;
410 break;
411 }
412 }
413 401
414 for (ht = tp_c->hlist; ht; ht = ht->next) { 402 for (ht = tp_c->hlist; ht; ht = ht->next) {
415 ht->refcnt--; 403 ht->refcnt--;
@@ -419,7 +407,7 @@ static void u32_destroy(struct tcf_proto *tp)
419 while ((ht = tp_c->hlist) != NULL) { 407 while ((ht = tp_c->hlist) != NULL) {
420 tp_c->hlist = ht->next; 408 tp_c->hlist = ht->next;
421 409
422 BUG_TRAP(ht->refcnt == 0); 410 WARN_ON(ht->refcnt != 0);
423 411
424 kfree(ht); 412 kfree(ht);
425 } 413 }
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index c40773cdbe45..1122c952aa99 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -27,6 +27,7 @@
27#include <linux/kmod.h> 27#include <linux/kmod.h>
28#include <linux/list.h> 28#include <linux/list.h>
29#include <linux/hrtimer.h> 29#include <linux/hrtimer.h>
30#include <linux/lockdep.h>
30 31
31#include <net/net_namespace.h> 32#include <net/net_namespace.h>
32#include <net/sock.h> 33#include <net/sock.h>
@@ -99,7 +100,7 @@ static int tclass_notify(struct sk_buff *oskb, struct nlmsghdr *n,
99 ---requeue 100 ---requeue
100 101
101 requeues once dequeued packet. It is used for non-standard or 102 requeues once dequeued packet. It is used for non-standard or
102 just buggy devices, which can defer output even if dev->tbusy=0. 103 just buggy devices, which can defer output even if netif_queue_stopped()=0.
103 104
104 ---reset 105 ---reset
105 106
@@ -183,17 +184,70 @@ EXPORT_SYMBOL(unregister_qdisc);
183 (root qdisc, all its children, children of children etc.) 184 (root qdisc, all its children, children of children etc.)
184 */ 185 */
185 186
186struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle) 187struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle)
187{ 188{
188 struct Qdisc *q; 189 struct Qdisc *q;
189 190
190 list_for_each_entry(q, &dev->qdisc_list, list) { 191 if (!(root->flags & TCQ_F_BUILTIN) &&
192 root->handle == handle)
193 return root;
194
195 list_for_each_entry(q, &root->list, list) {
191 if (q->handle == handle) 196 if (q->handle == handle)
192 return q; 197 return q;
193 } 198 }
194 return NULL; 199 return NULL;
195} 200}
196 201
202/*
203 * This lock is needed until some qdiscs stop calling qdisc_tree_decrease_qlen()
204 * without rtnl_lock(); currently hfsc_dequeue(), netem_dequeue(), tbf_dequeue()
205 */
206static DEFINE_SPINLOCK(qdisc_list_lock);
207
208static void qdisc_list_add(struct Qdisc *q)
209{
210 if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) {
211 spin_lock_bh(&qdisc_list_lock);
212 list_add_tail(&q->list, &qdisc_root_sleeping(q)->list);
213 spin_unlock_bh(&qdisc_list_lock);
214 }
215}
216
217void qdisc_list_del(struct Qdisc *q)
218{
219 if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) {
220 spin_lock_bh(&qdisc_list_lock);
221 list_del(&q->list);
222 spin_unlock_bh(&qdisc_list_lock);
223 }
224}
225EXPORT_SYMBOL(qdisc_list_del);
226
227struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle)
228{
229 unsigned int i;
230 struct Qdisc *q;
231
232 spin_lock_bh(&qdisc_list_lock);
233
234 for (i = 0; i < dev->num_tx_queues; i++) {
235 struct netdev_queue *txq = netdev_get_tx_queue(dev, i);
236 struct Qdisc *txq_root = txq->qdisc_sleeping;
237
238 q = qdisc_match_from_root(txq_root, handle);
239 if (q)
240 goto unlock;
241 }
242
243 q = qdisc_match_from_root(dev->rx_queue.qdisc_sleeping, handle);
244
245unlock:
246 spin_unlock_bh(&qdisc_list_lock);
247
248 return q;
249}
250
197static struct Qdisc *qdisc_leaf(struct Qdisc *p, u32 classid) 251static struct Qdisc *qdisc_leaf(struct Qdisc *p, u32 classid)
198{ 252{
199 unsigned long cl; 253 unsigned long cl;
@@ -277,15 +331,137 @@ void qdisc_put_rtab(struct qdisc_rate_table *tab)
277} 331}
278EXPORT_SYMBOL(qdisc_put_rtab); 332EXPORT_SYMBOL(qdisc_put_rtab);
279 333
334static LIST_HEAD(qdisc_stab_list);
335static DEFINE_SPINLOCK(qdisc_stab_lock);
336
337static const struct nla_policy stab_policy[TCA_STAB_MAX + 1] = {
338 [TCA_STAB_BASE] = { .len = sizeof(struct tc_sizespec) },
339 [TCA_STAB_DATA] = { .type = NLA_BINARY },
340};
341
342static struct qdisc_size_table *qdisc_get_stab(struct nlattr *opt)
343{
344 struct nlattr *tb[TCA_STAB_MAX + 1];
345 struct qdisc_size_table *stab;
346 struct tc_sizespec *s;
347 unsigned int tsize = 0;
348 u16 *tab = NULL;
349 int err;
350
351 err = nla_parse_nested(tb, TCA_STAB_MAX, opt, stab_policy);
352 if (err < 0)
353 return ERR_PTR(err);
354 if (!tb[TCA_STAB_BASE])
355 return ERR_PTR(-EINVAL);
356
357 s = nla_data(tb[TCA_STAB_BASE]);
358
359 if (s->tsize > 0) {
360 if (!tb[TCA_STAB_DATA])
361 return ERR_PTR(-EINVAL);
362 tab = nla_data(tb[TCA_STAB_DATA]);
363 tsize = nla_len(tb[TCA_STAB_DATA]) / sizeof(u16);
364 }
365
366 if (!s || tsize != s->tsize || (!tab && tsize > 0))
367 return ERR_PTR(-EINVAL);
368
369 spin_lock(&qdisc_stab_lock);
370
371 list_for_each_entry(stab, &qdisc_stab_list, list) {
372 if (memcmp(&stab->szopts, s, sizeof(*s)))
373 continue;
374 if (tsize > 0 && memcmp(stab->data, tab, tsize * sizeof(u16)))
375 continue;
376 stab->refcnt++;
377 spin_unlock(&qdisc_stab_lock);
378 return stab;
379 }
380
381 spin_unlock(&qdisc_stab_lock);
382
383 stab = kmalloc(sizeof(*stab) + tsize * sizeof(u16), GFP_KERNEL);
384 if (!stab)
385 return ERR_PTR(-ENOMEM);
386
387 stab->refcnt = 1;
388 stab->szopts = *s;
389 if (tsize > 0)
390 memcpy(stab->data, tab, tsize * sizeof(u16));
391
392 spin_lock(&qdisc_stab_lock);
393 list_add_tail(&stab->list, &qdisc_stab_list);
394 spin_unlock(&qdisc_stab_lock);
395
396 return stab;
397}
398
399void qdisc_put_stab(struct qdisc_size_table *tab)
400{
401 if (!tab)
402 return;
403
404 spin_lock(&qdisc_stab_lock);
405
406 if (--tab->refcnt == 0) {
407 list_del(&tab->list);
408 kfree(tab);
409 }
410
411 spin_unlock(&qdisc_stab_lock);
412}
413EXPORT_SYMBOL(qdisc_put_stab);
414
415static int qdisc_dump_stab(struct sk_buff *skb, struct qdisc_size_table *stab)
416{
417 struct nlattr *nest;
418
419 nest = nla_nest_start(skb, TCA_STAB);
420 NLA_PUT(skb, TCA_STAB_BASE, sizeof(stab->szopts), &stab->szopts);
421 nla_nest_end(skb, nest);
422
423 return skb->len;
424
425nla_put_failure:
426 return -1;
427}
428
429void qdisc_calculate_pkt_len(struct sk_buff *skb, struct qdisc_size_table *stab)
430{
431 int pkt_len, slot;
432
433 pkt_len = skb->len + stab->szopts.overhead;
434 if (unlikely(!stab->szopts.tsize))
435 goto out;
436
437 slot = pkt_len + stab->szopts.cell_align;
438 if (unlikely(slot < 0))
439 slot = 0;
440
441 slot >>= stab->szopts.cell_log;
442 if (likely(slot < stab->szopts.tsize))
443 pkt_len = stab->data[slot];
444 else
445 pkt_len = stab->data[stab->szopts.tsize - 1] *
446 (slot / stab->szopts.tsize) +
447 stab->data[slot % stab->szopts.tsize];
448
449 pkt_len <<= stab->szopts.size_log;
450out:
451 if (unlikely(pkt_len < 1))
452 pkt_len = 1;
453 qdisc_skb_cb(skb)->pkt_len = pkt_len;
454}
455EXPORT_SYMBOL(qdisc_calculate_pkt_len);
456
280static enum hrtimer_restart qdisc_watchdog(struct hrtimer *timer) 457static enum hrtimer_restart qdisc_watchdog(struct hrtimer *timer)
281{ 458{
282 struct qdisc_watchdog *wd = container_of(timer, struct qdisc_watchdog, 459 struct qdisc_watchdog *wd = container_of(timer, struct qdisc_watchdog,
283 timer); 460 timer);
284 struct net_device *dev = wd->qdisc->dev;
285 461
286 wd->qdisc->flags &= ~TCQ_F_THROTTLED; 462 wd->qdisc->flags &= ~TCQ_F_THROTTLED;
287 smp_wmb(); 463 smp_wmb();
288 netif_schedule(dev); 464 __netif_schedule(qdisc_root(wd->qdisc));
289 465
290 return HRTIMER_NORESTART; 466 return HRTIMER_NORESTART;
291} 467}
@@ -302,6 +478,10 @@ void qdisc_watchdog_schedule(struct qdisc_watchdog *wd, psched_time_t expires)
302{ 478{
303 ktime_t time; 479 ktime_t time;
304 480
481 if (test_bit(__QDISC_STATE_DEACTIVATED,
482 &qdisc_root_sleeping(wd->qdisc)->state))
483 return;
484
305 wd->qdisc->flags |= TCQ_F_THROTTLED; 485 wd->qdisc->flags |= TCQ_F_THROTTLED;
306 time = ktime_set(0, 0); 486 time = ktime_set(0, 0);
307 time = ktime_add_ns(time, PSCHED_US2NS(expires)); 487 time = ktime_add_ns(time, PSCHED_US2NS(expires));
@@ -316,6 +496,110 @@ void qdisc_watchdog_cancel(struct qdisc_watchdog *wd)
316} 496}
317EXPORT_SYMBOL(qdisc_watchdog_cancel); 497EXPORT_SYMBOL(qdisc_watchdog_cancel);
318 498
499static struct hlist_head *qdisc_class_hash_alloc(unsigned int n)
500{
501 unsigned int size = n * sizeof(struct hlist_head), i;
502 struct hlist_head *h;
503
504 if (size <= PAGE_SIZE)
505 h = kmalloc(size, GFP_KERNEL);
506 else
507 h = (struct hlist_head *)
508 __get_free_pages(GFP_KERNEL, get_order(size));
509
510 if (h != NULL) {
511 for (i = 0; i < n; i++)
512 INIT_HLIST_HEAD(&h[i]);
513 }
514 return h;
515}
516
517static void qdisc_class_hash_free(struct hlist_head *h, unsigned int n)
518{
519 unsigned int size = n * sizeof(struct hlist_head);
520
521 if (size <= PAGE_SIZE)
522 kfree(h);
523 else
524 free_pages((unsigned long)h, get_order(size));
525}
526
527void qdisc_class_hash_grow(struct Qdisc *sch, struct Qdisc_class_hash *clhash)
528{
529 struct Qdisc_class_common *cl;
530 struct hlist_node *n, *next;
531 struct hlist_head *nhash, *ohash;
532 unsigned int nsize, nmask, osize;
533 unsigned int i, h;
534
535 /* Rehash when load factor exceeds 0.75 */
536 if (clhash->hashelems * 4 <= clhash->hashsize * 3)
537 return;
538 nsize = clhash->hashsize * 2;
539 nmask = nsize - 1;
540 nhash = qdisc_class_hash_alloc(nsize);
541 if (nhash == NULL)
542 return;
543
544 ohash = clhash->hash;
545 osize = clhash->hashsize;
546
547 sch_tree_lock(sch);
548 for (i = 0; i < osize; i++) {
549 hlist_for_each_entry_safe(cl, n, next, &ohash[i], hnode) {
550 h = qdisc_class_hash(cl->classid, nmask);
551 hlist_add_head(&cl->hnode, &nhash[h]);
552 }
553 }
554 clhash->hash = nhash;
555 clhash->hashsize = nsize;
556 clhash->hashmask = nmask;
557 sch_tree_unlock(sch);
558
559 qdisc_class_hash_free(ohash, osize);
560}
561EXPORT_SYMBOL(qdisc_class_hash_grow);
562
563int qdisc_class_hash_init(struct Qdisc_class_hash *clhash)
564{
565 unsigned int size = 4;
566
567 clhash->hash = qdisc_class_hash_alloc(size);
568 if (clhash->hash == NULL)
569 return -ENOMEM;
570 clhash->hashsize = size;
571 clhash->hashmask = size - 1;
572 clhash->hashelems = 0;
573 return 0;
574}
575EXPORT_SYMBOL(qdisc_class_hash_init);
576
577void qdisc_class_hash_destroy(struct Qdisc_class_hash *clhash)
578{
579 qdisc_class_hash_free(clhash->hash, clhash->hashsize);
580}
581EXPORT_SYMBOL(qdisc_class_hash_destroy);
582
583void qdisc_class_hash_insert(struct Qdisc_class_hash *clhash,
584 struct Qdisc_class_common *cl)
585{
586 unsigned int h;
587
588 INIT_HLIST_NODE(&cl->hnode);
589 h = qdisc_class_hash(cl->classid, clhash->hashmask);
590 hlist_add_head(&cl->hnode, &clhash->hash[h]);
591 clhash->hashelems++;
592}
593EXPORT_SYMBOL(qdisc_class_hash_insert);
594
595void qdisc_class_hash_remove(struct Qdisc_class_hash *clhash,
596 struct Qdisc_class_common *cl)
597{
598 hlist_del(&cl->hnode);
599 clhash->hashelems--;
600}
601EXPORT_SYMBOL(qdisc_class_hash_remove);
602
319/* Allocate an unique handle from space managed by kernel */ 603/* Allocate an unique handle from space managed by kernel */
320 604
321static u32 qdisc_alloc_handle(struct net_device *dev) 605static u32 qdisc_alloc_handle(struct net_device *dev)
@@ -332,47 +616,28 @@ static u32 qdisc_alloc_handle(struct net_device *dev)
332 return i>0 ? autohandle : 0; 616 return i>0 ? autohandle : 0;
333} 617}
334 618
335/* Attach toplevel qdisc to device dev */ 619/* Attach toplevel qdisc to device queue. */
336 620
337static struct Qdisc * 621static struct Qdisc *dev_graft_qdisc(struct netdev_queue *dev_queue,
338dev_graft_qdisc(struct net_device *dev, struct Qdisc *qdisc) 622 struct Qdisc *qdisc)
339{ 623{
340 struct Qdisc *oqdisc; 624 struct Qdisc *oqdisc = dev_queue->qdisc_sleeping;
341 625 spinlock_t *root_lock;
342 if (dev->flags & IFF_UP)
343 dev_deactivate(dev);
344
345 qdisc_lock_tree(dev);
346 if (qdisc && qdisc->flags&TCQ_F_INGRESS) {
347 oqdisc = dev->qdisc_ingress;
348 /* Prune old scheduler */
349 if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) {
350 /* delete */
351 qdisc_reset(oqdisc);
352 dev->qdisc_ingress = NULL;
353 } else { /* new */
354 dev->qdisc_ingress = qdisc;
355 }
356
357 } else {
358
359 oqdisc = dev->qdisc_sleeping;
360 626
361 /* Prune old scheduler */ 627 root_lock = qdisc_lock(oqdisc);
362 if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) 628 spin_lock_bh(root_lock);
363 qdisc_reset(oqdisc);
364 629
365 /* ... and graft new one */ 630 /* Prune old scheduler */
366 if (qdisc == NULL) 631 if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1)
367 qdisc = &noop_qdisc; 632 qdisc_reset(oqdisc);
368 dev->qdisc_sleeping = qdisc;
369 dev->qdisc = &noop_qdisc;
370 }
371 633
372 qdisc_unlock_tree(dev); 634 /* ... and graft new one */
635 if (qdisc == NULL)
636 qdisc = &noop_qdisc;
637 dev_queue->qdisc_sleeping = qdisc;
638 rcu_assign_pointer(dev_queue->qdisc, &noop_qdisc);
373 639
374 if (dev->flags & IFF_UP) 640 spin_unlock_bh(root_lock);
375 dev_activate(dev);
376 641
377 return oqdisc; 642 return oqdisc;
378} 643}
@@ -389,7 +654,7 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n)
389 if (TC_H_MAJ(parentid) == TC_H_MAJ(TC_H_INGRESS)) 654 if (TC_H_MAJ(parentid) == TC_H_MAJ(TC_H_INGRESS))
390 return; 655 return;
391 656
392 sch = qdisc_lookup(sch->dev, TC_H_MAJ(parentid)); 657 sch = qdisc_lookup(qdisc_dev(sch), TC_H_MAJ(parentid));
393 if (sch == NULL) { 658 if (sch == NULL) {
394 WARN_ON(parentid != TC_H_ROOT); 659 WARN_ON(parentid != TC_H_ROOT);
395 return; 660 return;
@@ -405,26 +670,61 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n)
405} 670}
406EXPORT_SYMBOL(qdisc_tree_decrease_qlen); 671EXPORT_SYMBOL(qdisc_tree_decrease_qlen);
407 672
408/* Graft qdisc "new" to class "classid" of qdisc "parent" or 673static void notify_and_destroy(struct sk_buff *skb, struct nlmsghdr *n, u32 clid,
409 to device "dev". 674 struct Qdisc *old, struct Qdisc *new)
675{
676 if (new || old)
677 qdisc_notify(skb, n, clid, old, new);
678
679 if (old)
680 qdisc_destroy(old);
681}
410 682
411 Old qdisc is not destroyed but returned in *old. 683/* Graft qdisc "new" to class "classid" of qdisc "parent" or
684 * to device "dev".
685 *
686 * When appropriate send a netlink notification using 'skb'
687 * and "n".
688 *
689 * On success, destroy old qdisc.
412 */ 690 */
413 691
414static int qdisc_graft(struct net_device *dev, struct Qdisc *parent, 692static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
415 u32 classid, 693 struct sk_buff *skb, struct nlmsghdr *n, u32 classid,
416 struct Qdisc *new, struct Qdisc **old) 694 struct Qdisc *new, struct Qdisc *old)
417{ 695{
696 struct Qdisc *q = old;
418 int err = 0; 697 int err = 0;
419 struct Qdisc *q = *old;
420
421 698
422 if (parent == NULL) { 699 if (parent == NULL) {
423 if (q && q->flags&TCQ_F_INGRESS) { 700 unsigned int i, num_q, ingress;
424 *old = dev_graft_qdisc(dev, q); 701
425 } else { 702 ingress = 0;
426 *old = dev_graft_qdisc(dev, new); 703 num_q = dev->num_tx_queues;
704 if ((q && q->flags & TCQ_F_INGRESS) ||
705 (new && new->flags & TCQ_F_INGRESS)) {
706 num_q = 1;
707 ingress = 1;
427 } 708 }
709
710 if (dev->flags & IFF_UP)
711 dev_deactivate(dev);
712
713 for (i = 0; i < num_q; i++) {
714 struct netdev_queue *dev_queue = &dev->rx_queue;
715
716 if (!ingress)
717 dev_queue = netdev_get_tx_queue(dev, i);
718
719 old = dev_graft_qdisc(dev_queue, new);
720 if (new && i > 0)
721 atomic_inc(&new->refcnt);
722
723 notify_and_destroy(skb, n, classid, old, new);
724 }
725
726 if (dev->flags & IFF_UP)
727 dev_activate(dev);
428 } else { 728 } else {
429 const struct Qdisc_class_ops *cops = parent->ops->cl_ops; 729 const struct Qdisc_class_ops *cops = parent->ops->cl_ops;
430 730
@@ -433,14 +733,20 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
433 if (cops) { 733 if (cops) {
434 unsigned long cl = cops->get(parent, classid); 734 unsigned long cl = cops->get(parent, classid);
435 if (cl) { 735 if (cl) {
436 err = cops->graft(parent, cl, new, old); 736 err = cops->graft(parent, cl, new, &old);
437 cops->put(parent, cl); 737 cops->put(parent, cl);
438 } 738 }
439 } 739 }
740 if (!err)
741 notify_and_destroy(skb, n, classid, old, new);
440 } 742 }
441 return err; 743 return err;
442} 744}
443 745
746/* lockdep annotation is needed for ingress; egress gets it only for name */
747static struct lock_class_key qdisc_tx_lock;
748static struct lock_class_key qdisc_rx_lock;
749
444/* 750/*
445 Allocate and initialize new qdisc. 751 Allocate and initialize new qdisc.
446 752
@@ -448,13 +754,14 @@ static int qdisc_graft(struct net_device *dev, struct Qdisc *parent,
448 */ 754 */
449 755
450static struct Qdisc * 756static struct Qdisc *
451qdisc_create(struct net_device *dev, u32 parent, u32 handle, 757qdisc_create(struct net_device *dev, struct netdev_queue *dev_queue,
452 struct nlattr **tca, int *errp) 758 u32 parent, u32 handle, struct nlattr **tca, int *errp)
453{ 759{
454 int err; 760 int err;
455 struct nlattr *kind = tca[TCA_KIND]; 761 struct nlattr *kind = tca[TCA_KIND];
456 struct Qdisc *sch; 762 struct Qdisc *sch;
457 struct Qdisc_ops *ops; 763 struct Qdisc_ops *ops;
764 struct qdisc_size_table *stab;
458 765
459 ops = qdisc_lookup_ops(kind); 766 ops = qdisc_lookup_ops(kind);
460#ifdef CONFIG_KMOD 767#ifdef CONFIG_KMOD
@@ -489,7 +796,7 @@ qdisc_create(struct net_device *dev, u32 parent, u32 handle,
489 if (ops == NULL) 796 if (ops == NULL)
490 goto err_out; 797 goto err_out;
491 798
492 sch = qdisc_alloc(dev, ops); 799 sch = qdisc_alloc(dev_queue, ops);
493 if (IS_ERR(sch)) { 800 if (IS_ERR(sch)) {
494 err = PTR_ERR(sch); 801 err = PTR_ERR(sch);
495 goto err_out2; 802 goto err_out2;
@@ -499,25 +806,40 @@ qdisc_create(struct net_device *dev, u32 parent, u32 handle,
499 806
500 if (handle == TC_H_INGRESS) { 807 if (handle == TC_H_INGRESS) {
501 sch->flags |= TCQ_F_INGRESS; 808 sch->flags |= TCQ_F_INGRESS;
502 sch->stats_lock = &dev->ingress_lock;
503 handle = TC_H_MAKE(TC_H_INGRESS, 0); 809 handle = TC_H_MAKE(TC_H_INGRESS, 0);
810 lockdep_set_class(qdisc_lock(sch), &qdisc_rx_lock);
504 } else { 811 } else {
505 sch->stats_lock = &dev->queue_lock;
506 if (handle == 0) { 812 if (handle == 0) {
507 handle = qdisc_alloc_handle(dev); 813 handle = qdisc_alloc_handle(dev);
508 err = -ENOMEM; 814 err = -ENOMEM;
509 if (handle == 0) 815 if (handle == 0)
510 goto err_out3; 816 goto err_out3;
511 } 817 }
818 lockdep_set_class(qdisc_lock(sch), &qdisc_tx_lock);
512 } 819 }
513 820
514 sch->handle = handle; 821 sch->handle = handle;
515 822
516 if (!ops->init || (err = ops->init(sch, tca[TCA_OPTIONS])) == 0) { 823 if (!ops->init || (err = ops->init(sch, tca[TCA_OPTIONS])) == 0) {
824 if (tca[TCA_STAB]) {
825 stab = qdisc_get_stab(tca[TCA_STAB]);
826 if (IS_ERR(stab)) {
827 err = PTR_ERR(stab);
828 goto err_out3;
829 }
830 sch->stab = stab;
831 }
517 if (tca[TCA_RATE]) { 832 if (tca[TCA_RATE]) {
833 spinlock_t *root_lock;
834
835 if ((sch->parent != TC_H_ROOT) &&
836 !(sch->flags & TCQ_F_INGRESS))
837 root_lock = qdisc_root_sleeping_lock(sch);
838 else
839 root_lock = qdisc_lock(sch);
840
518 err = gen_new_estimator(&sch->bstats, &sch->rate_est, 841 err = gen_new_estimator(&sch->bstats, &sch->rate_est,
519 sch->stats_lock, 842 root_lock, tca[TCA_RATE]);
520 tca[TCA_RATE]);
521 if (err) { 843 if (err) {
522 /* 844 /*
523 * Any broken qdiscs that would require 845 * Any broken qdiscs that would require
@@ -529,13 +851,13 @@ qdisc_create(struct net_device *dev, u32 parent, u32 handle,
529 goto err_out3; 851 goto err_out3;
530 } 852 }
531 } 853 }
532 qdisc_lock_tree(dev); 854
533 list_add_tail(&sch->list, &dev->qdisc_list); 855 qdisc_list_add(sch);
534 qdisc_unlock_tree(dev);
535 856
536 return sch; 857 return sch;
537 } 858 }
538err_out3: 859err_out3:
860 qdisc_put_stab(sch->stab);
539 dev_put(dev); 861 dev_put(dev);
540 kfree((char *) sch - sch->padded); 862 kfree((char *) sch - sch->padded);
541err_out2: 863err_out2:
@@ -547,18 +869,30 @@ err_out:
547 869
548static int qdisc_change(struct Qdisc *sch, struct nlattr **tca) 870static int qdisc_change(struct Qdisc *sch, struct nlattr **tca)
549{ 871{
550 if (tca[TCA_OPTIONS]) { 872 struct qdisc_size_table *stab = NULL;
551 int err; 873 int err = 0;
552 874
875 if (tca[TCA_OPTIONS]) {
553 if (sch->ops->change == NULL) 876 if (sch->ops->change == NULL)
554 return -EINVAL; 877 return -EINVAL;
555 err = sch->ops->change(sch, tca[TCA_OPTIONS]); 878 err = sch->ops->change(sch, tca[TCA_OPTIONS]);
556 if (err) 879 if (err)
557 return err; 880 return err;
558 } 881 }
882
883 if (tca[TCA_STAB]) {
884 stab = qdisc_get_stab(tca[TCA_STAB]);
885 if (IS_ERR(stab))
886 return PTR_ERR(stab);
887 }
888
889 qdisc_put_stab(sch->stab);
890 sch->stab = stab;
891
559 if (tca[TCA_RATE]) 892 if (tca[TCA_RATE])
560 gen_replace_estimator(&sch->bstats, &sch->rate_est, 893 gen_replace_estimator(&sch->bstats, &sch->rate_est,
561 sch->stats_lock, tca[TCA_RATE]); 894 qdisc_root_sleeping_lock(sch),
895 tca[TCA_RATE]);
562 return 0; 896 return 0;
563} 897}
564 898
@@ -634,10 +968,12 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
634 return -ENOENT; 968 return -ENOENT;
635 q = qdisc_leaf(p, clid); 969 q = qdisc_leaf(p, clid);
636 } else { /* ingress */ 970 } else { /* ingress */
637 q = dev->qdisc_ingress; 971 q = dev->rx_queue.qdisc_sleeping;
638 } 972 }
639 } else { 973 } else {
640 q = dev->qdisc_sleeping; 974 struct netdev_queue *dev_queue;
975 dev_queue = netdev_get_tx_queue(dev, 0);
976 q = dev_queue->qdisc_sleeping;
641 } 977 }
642 if (!q) 978 if (!q)
643 return -ENOENT; 979 return -ENOENT;
@@ -657,14 +993,8 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
657 return -EINVAL; 993 return -EINVAL;
658 if (q->handle == 0) 994 if (q->handle == 0)
659 return -ENOENT; 995 return -ENOENT;
660 if ((err = qdisc_graft(dev, p, clid, NULL, &q)) != 0) 996 if ((err = qdisc_graft(dev, p, skb, n, clid, NULL, q)) != 0)
661 return err; 997 return err;
662 if (q) {
663 qdisc_notify(skb, n, clid, q, NULL);
664 qdisc_lock_tree(dev);
665 qdisc_destroy(q);
666 qdisc_unlock_tree(dev);
667 }
668 } else { 998 } else {
669 qdisc_notify(skb, n, clid, NULL, q); 999 qdisc_notify(skb, n, clid, NULL, q);
670 } 1000 }
@@ -708,10 +1038,12 @@ replay:
708 return -ENOENT; 1038 return -ENOENT;
709 q = qdisc_leaf(p, clid); 1039 q = qdisc_leaf(p, clid);
710 } else { /*ingress */ 1040 } else { /*ingress */
711 q = dev->qdisc_ingress; 1041 q = dev->rx_queue.qdisc_sleeping;
712 } 1042 }
713 } else { 1043 } else {
714 q = dev->qdisc_sleeping; 1044 struct netdev_queue *dev_queue;
1045 dev_queue = netdev_get_tx_queue(dev, 0);
1046 q = dev_queue->qdisc_sleeping;
715 } 1047 }
716 1048
717 /* It may be default qdisc, ignore it */ 1049 /* It may be default qdisc, ignore it */
@@ -788,10 +1120,12 @@ create_n_graft:
788 if (!(n->nlmsg_flags&NLM_F_CREATE)) 1120 if (!(n->nlmsg_flags&NLM_F_CREATE))
789 return -ENOENT; 1121 return -ENOENT;
790 if (clid == TC_H_INGRESS) 1122 if (clid == TC_H_INGRESS)
791 q = qdisc_create(dev, tcm->tcm_parent, tcm->tcm_parent, 1123 q = qdisc_create(dev, &dev->rx_queue,
1124 tcm->tcm_parent, tcm->tcm_parent,
792 tca, &err); 1125 tca, &err);
793 else 1126 else
794 q = qdisc_create(dev, tcm->tcm_parent, tcm->tcm_handle, 1127 q = qdisc_create(dev, netdev_get_tx_queue(dev, 0),
1128 tcm->tcm_parent, tcm->tcm_handle,
795 tca, &err); 1129 tca, &err);
796 if (q == NULL) { 1130 if (q == NULL) {
797 if (err == -EAGAIN) 1131 if (err == -EAGAIN)
@@ -800,24 +1134,13 @@ create_n_graft:
800 } 1134 }
801 1135
802graft: 1136graft:
803 if (1) { 1137 err = qdisc_graft(dev, p, skb, n, clid, q, NULL);
804 struct Qdisc *old_q = NULL; 1138 if (err) {
805 err = qdisc_graft(dev, p, clid, q, &old_q); 1139 if (q)
806 if (err) { 1140 qdisc_destroy(q);
807 if (q) { 1141 return err;
808 qdisc_lock_tree(dev);
809 qdisc_destroy(q);
810 qdisc_unlock_tree(dev);
811 }
812 return err;
813 }
814 qdisc_notify(skb, n, clid, old_q, q);
815 if (old_q) {
816 qdisc_lock_tree(dev);
817 qdisc_destroy(old_q);
818 qdisc_unlock_tree(dev);
819 }
820 } 1142 }
1143
821 return 0; 1144 return 0;
822} 1145}
823 1146
@@ -834,7 +1157,7 @@ static int tc_fill_qdisc(struct sk_buff *skb, struct Qdisc *q, u32 clid,
834 tcm->tcm_family = AF_UNSPEC; 1157 tcm->tcm_family = AF_UNSPEC;
835 tcm->tcm__pad1 = 0; 1158 tcm->tcm__pad1 = 0;
836 tcm->tcm__pad2 = 0; 1159 tcm->tcm__pad2 = 0;
837 tcm->tcm_ifindex = q->dev->ifindex; 1160 tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
838 tcm->tcm_parent = clid; 1161 tcm->tcm_parent = clid;
839 tcm->tcm_handle = q->handle; 1162 tcm->tcm_handle = q->handle;
840 tcm->tcm_info = atomic_read(&q->refcnt); 1163 tcm->tcm_info = atomic_read(&q->refcnt);
@@ -843,8 +1166,11 @@ static int tc_fill_qdisc(struct sk_buff *skb, struct Qdisc *q, u32 clid,
843 goto nla_put_failure; 1166 goto nla_put_failure;
844 q->qstats.qlen = q->q.qlen; 1167 q->qstats.qlen = q->q.qlen;
845 1168
846 if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, 1169 if (q->stab && qdisc_dump_stab(skb, q->stab) < 0)
847 TCA_XSTATS, q->stats_lock, &d) < 0) 1170 goto nla_put_failure;
1171
1172 if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, TCA_XSTATS,
1173 qdisc_root_sleeping_lock(q), &d) < 0)
848 goto nla_put_failure; 1174 goto nla_put_failure;
849 1175
850 if (q->ops->dump_stats && q->ops->dump_stats(q, &d) < 0) 1176 if (q->ops->dump_stats && q->ops->dump_stats(q, &d) < 0)
@@ -894,13 +1220,57 @@ err_out:
894 return -EINVAL; 1220 return -EINVAL;
895} 1221}
896 1222
1223static bool tc_qdisc_dump_ignore(struct Qdisc *q)
1224{
1225 return (q->flags & TCQ_F_BUILTIN) ? true : false;
1226}
1227
1228static int tc_dump_qdisc_root(struct Qdisc *root, struct sk_buff *skb,
1229 struct netlink_callback *cb,
1230 int *q_idx_p, int s_q_idx)
1231{
1232 int ret = 0, q_idx = *q_idx_p;
1233 struct Qdisc *q;
1234
1235 if (!root)
1236 return 0;
1237
1238 q = root;
1239 if (q_idx < s_q_idx) {
1240 q_idx++;
1241 } else {
1242 if (!tc_qdisc_dump_ignore(q) &&
1243 tc_fill_qdisc(skb, q, q->parent, NETLINK_CB(cb->skb).pid,
1244 cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWQDISC) <= 0)
1245 goto done;
1246 q_idx++;
1247 }
1248 list_for_each_entry(q, &root->list, list) {
1249 if (q_idx < s_q_idx) {
1250 q_idx++;
1251 continue;
1252 }
1253 if (!tc_qdisc_dump_ignore(q) &&
1254 tc_fill_qdisc(skb, q, q->parent, NETLINK_CB(cb->skb).pid,
1255 cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWQDISC) <= 0)
1256 goto done;
1257 q_idx++;
1258 }
1259
1260out:
1261 *q_idx_p = q_idx;
1262 return ret;
1263done:
1264 ret = -1;
1265 goto out;
1266}
1267
897static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb) 1268static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb)
898{ 1269{
899 struct net *net = sock_net(skb->sk); 1270 struct net *net = sock_net(skb->sk);
900 int idx, q_idx; 1271 int idx, q_idx;
901 int s_idx, s_q_idx; 1272 int s_idx, s_q_idx;
902 struct net_device *dev; 1273 struct net_device *dev;
903 struct Qdisc *q;
904 1274
905 if (net != &init_net) 1275 if (net != &init_net)
906 return 0; 1276 return 0;
@@ -910,21 +1280,22 @@ static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb)
910 read_lock(&dev_base_lock); 1280 read_lock(&dev_base_lock);
911 idx = 0; 1281 idx = 0;
912 for_each_netdev(&init_net, dev) { 1282 for_each_netdev(&init_net, dev) {
1283 struct netdev_queue *dev_queue;
1284
913 if (idx < s_idx) 1285 if (idx < s_idx)
914 goto cont; 1286 goto cont;
915 if (idx > s_idx) 1287 if (idx > s_idx)
916 s_q_idx = 0; 1288 s_q_idx = 0;
917 q_idx = 0; 1289 q_idx = 0;
918 list_for_each_entry(q, &dev->qdisc_list, list) { 1290
919 if (q_idx < s_q_idx) { 1291 dev_queue = netdev_get_tx_queue(dev, 0);
920 q_idx++; 1292 if (tc_dump_qdisc_root(dev_queue->qdisc_sleeping, skb, cb, &q_idx, s_q_idx) < 0)
921 continue; 1293 goto done;
922 } 1294
923 if (tc_fill_qdisc(skb, q, q->parent, NETLINK_CB(cb->skb).pid, 1295 dev_queue = &dev->rx_queue;
924 cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWQDISC) <= 0) 1296 if (tc_dump_qdisc_root(dev_queue->qdisc_sleeping, skb, cb, &q_idx, s_q_idx) < 0)
925 goto done; 1297 goto done;
926 q_idx++; 1298
927 }
928cont: 1299cont:
929 idx++; 1300 idx++;
930 } 1301 }
@@ -949,6 +1320,7 @@ done:
949static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg) 1320static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
950{ 1321{
951 struct net *net = sock_net(skb->sk); 1322 struct net *net = sock_net(skb->sk);
1323 struct netdev_queue *dev_queue;
952 struct tcmsg *tcm = NLMSG_DATA(n); 1324 struct tcmsg *tcm = NLMSG_DATA(n);
953 struct nlattr *tca[TCA_MAX + 1]; 1325 struct nlattr *tca[TCA_MAX + 1];
954 struct net_device *dev; 1326 struct net_device *dev;
@@ -986,6 +1358,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
986 1358
987 /* Step 1. Determine qdisc handle X:0 */ 1359 /* Step 1. Determine qdisc handle X:0 */
988 1360
1361 dev_queue = netdev_get_tx_queue(dev, 0);
989 if (pid != TC_H_ROOT) { 1362 if (pid != TC_H_ROOT) {
990 u32 qid1 = TC_H_MAJ(pid); 1363 u32 qid1 = TC_H_MAJ(pid);
991 1364
@@ -996,7 +1369,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
996 } else if (qid1) { 1369 } else if (qid1) {
997 qid = qid1; 1370 qid = qid1;
998 } else if (qid == 0) 1371 } else if (qid == 0)
999 qid = dev->qdisc_sleeping->handle; 1372 qid = dev_queue->qdisc_sleeping->handle;
1000 1373
1001 /* Now qid is genuine qdisc handle consistent 1374 /* Now qid is genuine qdisc handle consistent
1002 both with parent and child. 1375 both with parent and child.
@@ -1007,7 +1380,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
1007 pid = TC_H_MAKE(qid, pid); 1380 pid = TC_H_MAKE(qid, pid);
1008 } else { 1381 } else {
1009 if (qid == 0) 1382 if (qid == 0)
1010 qid = dev->qdisc_sleeping->handle; 1383 qid = dev_queue->qdisc_sleeping->handle;
1011 } 1384 }
1012 1385
1013 /* OK. Locate qdisc */ 1386 /* OK. Locate qdisc */
@@ -1080,7 +1453,7 @@ static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q,
1080 nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); 1453 nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags);
1081 tcm = NLMSG_DATA(nlh); 1454 tcm = NLMSG_DATA(nlh);
1082 tcm->tcm_family = AF_UNSPEC; 1455 tcm->tcm_family = AF_UNSPEC;
1083 tcm->tcm_ifindex = q->dev->ifindex; 1456 tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
1084 tcm->tcm_parent = q->handle; 1457 tcm->tcm_parent = q->handle;
1085 tcm->tcm_handle = q->handle; 1458 tcm->tcm_handle = q->handle;
1086 tcm->tcm_info = 0; 1459 tcm->tcm_info = 0;
@@ -1088,8 +1461,8 @@ static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q,
1088 if (cl_ops->dump && cl_ops->dump(q, cl, skb, tcm) < 0) 1461 if (cl_ops->dump && cl_ops->dump(q, cl, skb, tcm) < 0)
1089 goto nla_put_failure; 1462 goto nla_put_failure;
1090 1463
1091 if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, 1464 if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, TCA_XSTATS,
1092 TCA_XSTATS, q->stats_lock, &d) < 0) 1465 qdisc_root_sleeping_lock(q), &d) < 0)
1093 goto nla_put_failure; 1466 goto nla_put_failure;
1094 1467
1095 if (cl_ops->dump_stats && cl_ops->dump_stats(q, cl, &d) < 0) 1468 if (cl_ops->dump_stats && cl_ops->dump_stats(q, cl, &d) < 0)
@@ -1140,15 +1513,62 @@ static int qdisc_class_dump(struct Qdisc *q, unsigned long cl, struct qdisc_walk
1140 a->cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTCLASS); 1513 a->cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTCLASS);
1141} 1514}
1142 1515
1516static int tc_dump_tclass_qdisc(struct Qdisc *q, struct sk_buff *skb,
1517 struct tcmsg *tcm, struct netlink_callback *cb,
1518 int *t_p, int s_t)
1519{
1520 struct qdisc_dump_args arg;
1521
1522 if (tc_qdisc_dump_ignore(q) ||
1523 *t_p < s_t || !q->ops->cl_ops ||
1524 (tcm->tcm_parent &&
1525 TC_H_MAJ(tcm->tcm_parent) != q->handle)) {
1526 (*t_p)++;
1527 return 0;
1528 }
1529 if (*t_p > s_t)
1530 memset(&cb->args[1], 0, sizeof(cb->args)-sizeof(cb->args[0]));
1531 arg.w.fn = qdisc_class_dump;
1532 arg.skb = skb;
1533 arg.cb = cb;
1534 arg.w.stop = 0;
1535 arg.w.skip = cb->args[1];
1536 arg.w.count = 0;
1537 q->ops->cl_ops->walk(q, &arg.w);
1538 cb->args[1] = arg.w.count;
1539 if (arg.w.stop)
1540 return -1;
1541 (*t_p)++;
1542 return 0;
1543}
1544
1545static int tc_dump_tclass_root(struct Qdisc *root, struct sk_buff *skb,
1546 struct tcmsg *tcm, struct netlink_callback *cb,
1547 int *t_p, int s_t)
1548{
1549 struct Qdisc *q;
1550
1551 if (!root)
1552 return 0;
1553
1554 if (tc_dump_tclass_qdisc(root, skb, tcm, cb, t_p, s_t) < 0)
1555 return -1;
1556
1557 list_for_each_entry(q, &root->list, list) {
1558 if (tc_dump_tclass_qdisc(q, skb, tcm, cb, t_p, s_t) < 0)
1559 return -1;
1560 }
1561
1562 return 0;
1563}
1564
1143static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb) 1565static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb)
1144{ 1566{
1567 struct tcmsg *tcm = (struct tcmsg*)NLMSG_DATA(cb->nlh);
1145 struct net *net = sock_net(skb->sk); 1568 struct net *net = sock_net(skb->sk);
1146 int t; 1569 struct netdev_queue *dev_queue;
1147 int s_t;
1148 struct net_device *dev; 1570 struct net_device *dev;
1149 struct Qdisc *q; 1571 int t, s_t;
1150 struct tcmsg *tcm = (struct tcmsg*)NLMSG_DATA(cb->nlh);
1151 struct qdisc_dump_args arg;
1152 1572
1153 if (net != &init_net) 1573 if (net != &init_net)
1154 return 0; 1574 return 0;
@@ -1161,28 +1581,15 @@ static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb)
1161 s_t = cb->args[0]; 1581 s_t = cb->args[0];
1162 t = 0; 1582 t = 0;
1163 1583
1164 list_for_each_entry(q, &dev->qdisc_list, list) { 1584 dev_queue = netdev_get_tx_queue(dev, 0);
1165 if (t < s_t || !q->ops->cl_ops || 1585 if (tc_dump_tclass_root(dev_queue->qdisc_sleeping, skb, tcm, cb, &t, s_t) < 0)
1166 (tcm->tcm_parent && 1586 goto done;
1167 TC_H_MAJ(tcm->tcm_parent) != q->handle)) { 1587
1168 t++; 1588 dev_queue = &dev->rx_queue;
1169 continue; 1589 if (tc_dump_tclass_root(dev_queue->qdisc_sleeping, skb, tcm, cb, &t, s_t) < 0)
1170 } 1590 goto done;
1171 if (t > s_t)
1172 memset(&cb->args[1], 0, sizeof(cb->args)-sizeof(cb->args[0]));
1173 arg.w.fn = qdisc_class_dump;
1174 arg.skb = skb;
1175 arg.cb = cb;
1176 arg.w.stop = 0;
1177 arg.w.skip = cb->args[1];
1178 arg.w.count = 0;
1179 q->ops->cl_ops->walk(q, &arg.w);
1180 cb->args[1] = arg.w.count;
1181 if (arg.w.stop)
1182 break;
1183 t++;
1184 }
1185 1591
1592done:
1186 cb->args[0] = t; 1593 cb->args[0] = t;
1187 1594
1188 dev_put(dev); 1595 dev_put(dev);
@@ -1252,12 +1659,12 @@ void tcf_destroy(struct tcf_proto *tp)
1252 kfree(tp); 1659 kfree(tp);
1253} 1660}
1254 1661
1255void tcf_destroy_chain(struct tcf_proto *fl) 1662void tcf_destroy_chain(struct tcf_proto **fl)
1256{ 1663{
1257 struct tcf_proto *tp; 1664 struct tcf_proto *tp;
1258 1665
1259 while ((tp = fl) != NULL) { 1666 while ((tp = *fl) != NULL) {
1260 fl = tp->next; 1667 *fl = tp->next;
1261 tcf_destroy(tp); 1668 tcf_destroy(tp);
1262 } 1669 }
1263} 1670}
diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
index 335273416384..43d37256c15e 100644
--- a/net/sched/sch_atm.c
+++ b/net/sched/sch_atm.c
@@ -160,9 +160,9 @@ static void atm_tc_put(struct Qdisc *sch, unsigned long cl)
160 *prev = flow->next; 160 *prev = flow->next;
161 pr_debug("atm_tc_put: qdisc %p\n", flow->q); 161 pr_debug("atm_tc_put: qdisc %p\n", flow->q);
162 qdisc_destroy(flow->q); 162 qdisc_destroy(flow->q);
163 tcf_destroy_chain(flow->filter_list); 163 tcf_destroy_chain(&flow->filter_list);
164 if (flow->sock) { 164 if (flow->sock) {
165 pr_debug("atm_tc_put: f_count %d\n", 165 pr_debug("atm_tc_put: f_count %ld\n",
166 file_count(flow->sock->file)); 166 file_count(flow->sock->file));
167 flow->vcc->pop = flow->old_pop; 167 flow->vcc->pop = flow->old_pop;
168 sockfd_put(flow->sock); 168 sockfd_put(flow->sock);
@@ -259,7 +259,7 @@ static int atm_tc_change(struct Qdisc *sch, u32 classid, u32 parent,
259 sock = sockfd_lookup(fd, &error); 259 sock = sockfd_lookup(fd, &error);
260 if (!sock) 260 if (!sock)
261 return error; /* f_count++ */ 261 return error; /* f_count++ */
262 pr_debug("atm_tc_change: f_count %d\n", file_count(sock->file)); 262 pr_debug("atm_tc_change: f_count %ld\n", file_count(sock->file));
263 if (sock->ops->family != PF_ATMSVC && sock->ops->family != PF_ATMPVC) { 263 if (sock->ops->family != PF_ATMSVC && sock->ops->family != PF_ATMPVC) {
264 error = -EPROTOTYPE; 264 error = -EPROTOTYPE;
265 goto err_out; 265 goto err_out;
@@ -296,7 +296,8 @@ static int atm_tc_change(struct Qdisc *sch, u32 classid, u32 parent,
296 goto err_out; 296 goto err_out;
297 } 297 }
298 flow->filter_list = NULL; 298 flow->filter_list = NULL;
299 flow->q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, classid); 299 flow->q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
300 &pfifo_qdisc_ops, classid);
300 if (!flow->q) 301 if (!flow->q)
301 flow->q = &noop_qdisc; 302 flow->q = &noop_qdisc;
302 pr_debug("atm_tc_change: qdisc %p\n", flow->q); 303 pr_debug("atm_tc_change: qdisc %p\n", flow->q);
@@ -414,7 +415,7 @@ static int atm_tc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
414 case TC_ACT_QUEUED: 415 case TC_ACT_QUEUED:
415 case TC_ACT_STOLEN: 416 case TC_ACT_STOLEN:
416 kfree_skb(skb); 417 kfree_skb(skb);
417 return NET_XMIT_SUCCESS; 418 return NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
418 case TC_ACT_SHOT: 419 case TC_ACT_SHOT:
419 kfree_skb(skb); 420 kfree_skb(skb);
420 goto drop; 421 goto drop;
@@ -428,17 +429,19 @@ static int atm_tc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
428#endif 429#endif
429 } 430 }
430 431
431 ret = flow->q->enqueue(skb, flow->q); 432 ret = qdisc_enqueue(skb, flow->q);
432 if (ret != 0) { 433 if (ret != 0) {
433drop: __maybe_unused 434drop: __maybe_unused
434 sch->qstats.drops++; 435 if (net_xmit_drop_count(ret)) {
435 if (flow) 436 sch->qstats.drops++;
436 flow->qstats.drops++; 437 if (flow)
438 flow->qstats.drops++;
439 }
437 return ret; 440 return ret;
438 } 441 }
439 sch->bstats.bytes += skb->len; 442 sch->bstats.bytes += qdisc_pkt_len(skb);
440 sch->bstats.packets++; 443 sch->bstats.packets++;
441 flow->bstats.bytes += skb->len; 444 flow->bstats.bytes += qdisc_pkt_len(skb);
442 flow->bstats.packets++; 445 flow->bstats.packets++;
443 /* 446 /*
444 * Okay, this may seem weird. We pretend we've dropped the packet if 447 * Okay, this may seem weird. We pretend we've dropped the packet if
@@ -454,7 +457,7 @@ drop: __maybe_unused
454 return 0; 457 return 0;
455 } 458 }
456 tasklet_schedule(&p->task); 459 tasklet_schedule(&p->task);
457 return NET_XMIT_BYPASS; 460 return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
458} 461}
459 462
460/* 463/*
@@ -529,7 +532,7 @@ static int atm_tc_requeue(struct sk_buff *skb, struct Qdisc *sch)
529 if (!ret) { 532 if (!ret) {
530 sch->q.qlen++; 533 sch->q.qlen++;
531 sch->qstats.requeues++; 534 sch->qstats.requeues++;
532 } else { 535 } else if (net_xmit_drop_count(ret)) {
533 sch->qstats.drops++; 536 sch->qstats.drops++;
534 p->link.qstats.drops++; 537 p->link.qstats.drops++;
535 } 538 }
@@ -555,7 +558,8 @@ static int atm_tc_init(struct Qdisc *sch, struct nlattr *opt)
555 558
556 pr_debug("atm_tc_init(sch %p,[qdisc %p],opt %p)\n", sch, p, opt); 559 pr_debug("atm_tc_init(sch %p,[qdisc %p],opt %p)\n", sch, p, opt);
557 p->flows = &p->link; 560 p->flows = &p->link;
558 p->link.q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, sch->handle); 561 p->link.q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
562 &pfifo_qdisc_ops, sch->handle);
559 if (!p->link.q) 563 if (!p->link.q)
560 p->link.q = &noop_qdisc; 564 p->link.q = &noop_qdisc;
561 pr_debug("atm_tc_init: link (%p) qdisc %p\n", &p->link, p->link.q); 565 pr_debug("atm_tc_init: link (%p) qdisc %p\n", &p->link, p->link.q);
@@ -586,10 +590,11 @@ static void atm_tc_destroy(struct Qdisc *sch)
586 struct atm_flow_data *flow; 590 struct atm_flow_data *flow;
587 591
588 pr_debug("atm_tc_destroy(sch %p,[qdisc %p])\n", sch, p); 592 pr_debug("atm_tc_destroy(sch %p,[qdisc %p])\n", sch, p);
593 for (flow = p->flows; flow; flow = flow->next)
594 tcf_destroy_chain(&flow->filter_list);
595
589 /* races ? */ 596 /* races ? */
590 while ((flow = p->flows)) { 597 while ((flow = p->flows)) {
591 tcf_destroy_chain(flow->filter_list);
592 flow->filter_list = NULL;
593 if (flow->ref > 1) 598 if (flow->ref > 1)
594 printk(KERN_ERR "atm_destroy: %p->ref = %d\n", flow, 599 printk(KERN_ERR "atm_destroy: %p->ref = %d\n", flow,
595 flow->ref); 600 flow->ref);
diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
index 09969c1fbc08..8b06fa900482 100644
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -73,11 +73,10 @@ struct cbq_sched_data;
73 73
74struct cbq_class 74struct cbq_class
75{ 75{
76 struct cbq_class *next; /* hash table link */ 76 struct Qdisc_class_common common;
77 struct cbq_class *next_alive; /* next class with backlog in this priority band */ 77 struct cbq_class *next_alive; /* next class with backlog in this priority band */
78 78
79/* Parameters */ 79/* Parameters */
80 u32 classid;
81 unsigned char priority; /* class priority */ 80 unsigned char priority; /* class priority */
82 unsigned char priority2; /* priority to be used after overlimit */ 81 unsigned char priority2; /* priority to be used after overlimit */
83 unsigned char ewma_log; /* time constant for idle time calculation */ 82 unsigned char ewma_log; /* time constant for idle time calculation */
@@ -144,7 +143,7 @@ struct cbq_class
144 143
145struct cbq_sched_data 144struct cbq_sched_data
146{ 145{
147 struct cbq_class *classes[16]; /* Hash table of all classes */ 146 struct Qdisc_class_hash clhash; /* Hash table of all classes */
148 int nclasses[TC_CBQ_MAXPRIO+1]; 147 int nclasses[TC_CBQ_MAXPRIO+1];
149 unsigned quanta[TC_CBQ_MAXPRIO+1]; 148 unsigned quanta[TC_CBQ_MAXPRIO+1];
150 149
@@ -177,23 +176,15 @@ struct cbq_sched_data
177 176
178#define L2T(cl,len) qdisc_l2t((cl)->R_tab,len) 177#define L2T(cl,len) qdisc_l2t((cl)->R_tab,len)
179 178
180
181static __inline__ unsigned cbq_hash(u32 h)
182{
183 h ^= h>>8;
184 h ^= h>>4;
185 return h&0xF;
186}
187
188static __inline__ struct cbq_class * 179static __inline__ struct cbq_class *
189cbq_class_lookup(struct cbq_sched_data *q, u32 classid) 180cbq_class_lookup(struct cbq_sched_data *q, u32 classid)
190{ 181{
191 struct cbq_class *cl; 182 struct Qdisc_class_common *clc;
192 183
193 for (cl = q->classes[cbq_hash(classid)]; cl; cl = cl->next) 184 clc = qdisc_class_find(&q->clhash, classid);
194 if (cl->classid == classid) 185 if (clc == NULL)
195 return cl; 186 return NULL;
196 return NULL; 187 return container_of(clc, struct cbq_class, common);
197} 188}
198 189
199#ifdef CONFIG_NET_CLS_ACT 190#ifdef CONFIG_NET_CLS_ACT
@@ -239,7 +230,7 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
239 (cl = cbq_class_lookup(q, prio)) != NULL) 230 (cl = cbq_class_lookup(q, prio)) != NULL)
240 return cl; 231 return cl;
241 232
242 *qerr = NET_XMIT_BYPASS; 233 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
243 for (;;) { 234 for (;;) {
244 int result = 0; 235 int result = 0;
245 defmap = head->defaults; 236 defmap = head->defaults;
@@ -265,7 +256,7 @@ cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
265 switch (result) { 256 switch (result) {
266 case TC_ACT_QUEUED: 257 case TC_ACT_QUEUED:
267 case TC_ACT_STOLEN: 258 case TC_ACT_STOLEN:
268 *qerr = NET_XMIT_SUCCESS; 259 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
269 case TC_ACT_SHOT: 260 case TC_ACT_SHOT:
270 return NULL; 261 return NULL;
271 case TC_ACT_RECLASSIFY: 262 case TC_ACT_RECLASSIFY:
@@ -379,7 +370,6 @@ static int
379cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch) 370cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
380{ 371{
381 struct cbq_sched_data *q = qdisc_priv(sch); 372 struct cbq_sched_data *q = qdisc_priv(sch);
382 int len = skb->len;
383 int uninitialized_var(ret); 373 int uninitialized_var(ret);
384 struct cbq_class *cl = cbq_classify(skb, sch, &ret); 374 struct cbq_class *cl = cbq_classify(skb, sch, &ret);
385 375
@@ -387,7 +377,7 @@ cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
387 q->rx_class = cl; 377 q->rx_class = cl;
388#endif 378#endif
389 if (cl == NULL) { 379 if (cl == NULL) {
390 if (ret == NET_XMIT_BYPASS) 380 if (ret & __NET_XMIT_BYPASS)
391 sch->qstats.drops++; 381 sch->qstats.drops++;
392 kfree_skb(skb); 382 kfree_skb(skb);
393 return ret; 383 return ret;
@@ -396,19 +386,22 @@ cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
396#ifdef CONFIG_NET_CLS_ACT 386#ifdef CONFIG_NET_CLS_ACT
397 cl->q->__parent = sch; 387 cl->q->__parent = sch;
398#endif 388#endif
399 if ((ret = cl->q->enqueue(skb, cl->q)) == NET_XMIT_SUCCESS) { 389 ret = qdisc_enqueue(skb, cl->q);
390 if (ret == NET_XMIT_SUCCESS) {
400 sch->q.qlen++; 391 sch->q.qlen++;
401 sch->bstats.packets++; 392 sch->bstats.packets++;
402 sch->bstats.bytes+=len; 393 sch->bstats.bytes += qdisc_pkt_len(skb);
403 cbq_mark_toplevel(q, cl); 394 cbq_mark_toplevel(q, cl);
404 if (!cl->next_alive) 395 if (!cl->next_alive)
405 cbq_activate_class(cl); 396 cbq_activate_class(cl);
406 return ret; 397 return ret;
407 } 398 }
408 399
409 sch->qstats.drops++; 400 if (net_xmit_drop_count(ret)) {
410 cbq_mark_toplevel(q, cl); 401 sch->qstats.drops++;
411 cl->qstats.drops++; 402 cbq_mark_toplevel(q, cl);
403 cl->qstats.drops++;
404 }
412 return ret; 405 return ret;
413} 406}
414 407
@@ -439,8 +432,10 @@ cbq_requeue(struct sk_buff *skb, struct Qdisc *sch)
439 cbq_activate_class(cl); 432 cbq_activate_class(cl);
440 return 0; 433 return 0;
441 } 434 }
442 sch->qstats.drops++; 435 if (net_xmit_drop_count(ret)) {
443 cl->qstats.drops++; 436 sch->qstats.drops++;
437 cl->qstats.drops++;
438 }
444 return ret; 439 return ret;
445} 440}
446 441
@@ -526,6 +521,10 @@ static void cbq_ovl_delay(struct cbq_class *cl)
526 struct cbq_sched_data *q = qdisc_priv(cl->qdisc); 521 struct cbq_sched_data *q = qdisc_priv(cl->qdisc);
527 psched_tdiff_t delay = cl->undertime - q->now; 522 psched_tdiff_t delay = cl->undertime - q->now;
528 523
524 if (test_bit(__QDISC_STATE_DEACTIVATED,
525 &qdisc_root_sleeping(cl->qdisc)->state))
526 return;
527
529 if (!cl->delayed) { 528 if (!cl->delayed) {
530 psched_time_t sched = q->now; 529 psched_time_t sched = q->now;
531 ktime_t expires; 530 ktime_t expires;
@@ -659,14 +658,13 @@ static enum hrtimer_restart cbq_undelay(struct hrtimer *timer)
659 } 658 }
660 659
661 sch->flags &= ~TCQ_F_THROTTLED; 660 sch->flags &= ~TCQ_F_THROTTLED;
662 netif_schedule(sch->dev); 661 __netif_schedule(qdisc_root(sch));
663 return HRTIMER_NORESTART; 662 return HRTIMER_NORESTART;
664} 663}
665 664
666#ifdef CONFIG_NET_CLS_ACT 665#ifdef CONFIG_NET_CLS_ACT
667static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child) 666static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child)
668{ 667{
669 int len = skb->len;
670 struct Qdisc *sch = child->__parent; 668 struct Qdisc *sch = child->__parent;
671 struct cbq_sched_data *q = qdisc_priv(sch); 669 struct cbq_sched_data *q = qdisc_priv(sch);
672 struct cbq_class *cl = q->rx_class; 670 struct cbq_class *cl = q->rx_class;
@@ -674,21 +672,24 @@ static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child)
674 q->rx_class = NULL; 672 q->rx_class = NULL;
675 673
676 if (cl && (cl = cbq_reclassify(skb, cl)) != NULL) { 674 if (cl && (cl = cbq_reclassify(skb, cl)) != NULL) {
675 int ret;
677 676
678 cbq_mark_toplevel(q, cl); 677 cbq_mark_toplevel(q, cl);
679 678
680 q->rx_class = cl; 679 q->rx_class = cl;
681 cl->q->__parent = sch; 680 cl->q->__parent = sch;
682 681
683 if (cl->q->enqueue(skb, cl->q) == 0) { 682 ret = qdisc_enqueue(skb, cl->q);
683 if (ret == NET_XMIT_SUCCESS) {
684 sch->q.qlen++; 684 sch->q.qlen++;
685 sch->bstats.packets++; 685 sch->bstats.packets++;
686 sch->bstats.bytes+=len; 686 sch->bstats.bytes += qdisc_pkt_len(skb);
687 if (!cl->next_alive) 687 if (!cl->next_alive)
688 cbq_activate_class(cl); 688 cbq_activate_class(cl);
689 return 0; 689 return 0;
690 } 690 }
691 sch->qstats.drops++; 691 if (net_xmit_drop_count(ret))
692 sch->qstats.drops++;
692 return 0; 693 return 0;
693 } 694 }
694 695
@@ -889,7 +890,7 @@ cbq_dequeue_prio(struct Qdisc *sch, int prio)
889 if (skb == NULL) 890 if (skb == NULL)
890 goto skip_class; 891 goto skip_class;
891 892
892 cl->deficit -= skb->len; 893 cl->deficit -= qdisc_pkt_len(skb);
893 q->tx_class = cl; 894 q->tx_class = cl;
894 q->tx_borrowed = borrow; 895 q->tx_borrowed = borrow;
895 if (borrow != cl) { 896 if (borrow != cl) {
@@ -897,11 +898,11 @@ cbq_dequeue_prio(struct Qdisc *sch, int prio)
897 borrow->xstats.borrows++; 898 borrow->xstats.borrows++;
898 cl->xstats.borrows++; 899 cl->xstats.borrows++;
899#else 900#else
900 borrow->xstats.borrows += skb->len; 901 borrow->xstats.borrows += qdisc_pkt_len(skb);
901 cl->xstats.borrows += skb->len; 902 cl->xstats.borrows += qdisc_pkt_len(skb);
902#endif 903#endif
903 } 904 }
904 q->tx_len = skb->len; 905 q->tx_len = qdisc_pkt_len(skb);
905 906
906 if (cl->deficit <= 0) { 907 if (cl->deficit <= 0) {
907 q->active[prio] = cl; 908 q->active[prio] = cl;
@@ -1071,13 +1072,14 @@ static void cbq_adjust_levels(struct cbq_class *this)
1071static void cbq_normalize_quanta(struct cbq_sched_data *q, int prio) 1072static void cbq_normalize_quanta(struct cbq_sched_data *q, int prio)
1072{ 1073{
1073 struct cbq_class *cl; 1074 struct cbq_class *cl;
1074 unsigned h; 1075 struct hlist_node *n;
1076 unsigned int h;
1075 1077
1076 if (q->quanta[prio] == 0) 1078 if (q->quanta[prio] == 0)
1077 return; 1079 return;
1078 1080
1079 for (h=0; h<16; h++) { 1081 for (h = 0; h < q->clhash.hashsize; h++) {
1080 for (cl = q->classes[h]; cl; cl = cl->next) { 1082 hlist_for_each_entry(cl, n, &q->clhash.hash[h], common.hnode) {
1081 /* BUGGGG... Beware! This expression suffer of 1083 /* BUGGGG... Beware! This expression suffer of
1082 arithmetic overflows! 1084 arithmetic overflows!
1083 */ 1085 */
@@ -1085,9 +1087,9 @@ static void cbq_normalize_quanta(struct cbq_sched_data *q, int prio)
1085 cl->quantum = (cl->weight*cl->allot*q->nclasses[prio])/ 1087 cl->quantum = (cl->weight*cl->allot*q->nclasses[prio])/
1086 q->quanta[prio]; 1088 q->quanta[prio];
1087 } 1089 }
1088 if (cl->quantum <= 0 || cl->quantum>32*cl->qdisc->dev->mtu) { 1090 if (cl->quantum <= 0 || cl->quantum>32*qdisc_dev(cl->qdisc)->mtu) {
1089 printk(KERN_WARNING "CBQ: class %08x has bad quantum==%ld, repaired.\n", cl->classid, cl->quantum); 1091 printk(KERN_WARNING "CBQ: class %08x has bad quantum==%ld, repaired.\n", cl->common.classid, cl->quantum);
1090 cl->quantum = cl->qdisc->dev->mtu/2 + 1; 1092 cl->quantum = qdisc_dev(cl->qdisc)->mtu/2 + 1;
1091 } 1093 }
1092 } 1094 }
1093 } 1095 }
@@ -1114,10 +1116,12 @@ static void cbq_sync_defmap(struct cbq_class *cl)
1114 if (split->defaults[i]) 1116 if (split->defaults[i])
1115 continue; 1117 continue;
1116 1118
1117 for (h=0; h<16; h++) { 1119 for (h = 0; h < q->clhash.hashsize; h++) {
1120 struct hlist_node *n;
1118 struct cbq_class *c; 1121 struct cbq_class *c;
1119 1122
1120 for (c = q->classes[h]; c; c = c->next) { 1123 hlist_for_each_entry(c, n, &q->clhash.hash[h],
1124 common.hnode) {
1121 if (c->split == split && c->level < level && 1125 if (c->split == split && c->level < level &&
1122 c->defmap&(1<<i)) { 1126 c->defmap&(1<<i)) {
1123 split->defaults[i] = c; 1127 split->defaults[i] = c;
@@ -1135,12 +1139,12 @@ static void cbq_change_defmap(struct cbq_class *cl, u32 splitid, u32 def, u32 ma
1135 if (splitid == 0) { 1139 if (splitid == 0) {
1136 if ((split = cl->split) == NULL) 1140 if ((split = cl->split) == NULL)
1137 return; 1141 return;
1138 splitid = split->classid; 1142 splitid = split->common.classid;
1139 } 1143 }
1140 1144
1141 if (split == NULL || split->classid != splitid) { 1145 if (split == NULL || split->common.classid != splitid) {
1142 for (split = cl->tparent; split; split = split->tparent) 1146 for (split = cl->tparent; split; split = split->tparent)
1143 if (split->classid == splitid) 1147 if (split->common.classid == splitid)
1144 break; 1148 break;
1145 } 1149 }
1146 1150
@@ -1163,13 +1167,7 @@ static void cbq_unlink_class(struct cbq_class *this)
1163 struct cbq_class *cl, **clp; 1167 struct cbq_class *cl, **clp;
1164 struct cbq_sched_data *q = qdisc_priv(this->qdisc); 1168 struct cbq_sched_data *q = qdisc_priv(this->qdisc);
1165 1169
1166 for (clp = &q->classes[cbq_hash(this->classid)]; (cl = *clp) != NULL; clp = &cl->next) { 1170 qdisc_class_hash_remove(&q->clhash, &this->common);
1167 if (cl == this) {
1168 *clp = cl->next;
1169 cl->next = NULL;
1170 break;
1171 }
1172 }
1173 1171
1174 if (this->tparent) { 1172 if (this->tparent) {
1175 clp=&this->sibling; 1173 clp=&this->sibling;
@@ -1188,19 +1186,17 @@ static void cbq_unlink_class(struct cbq_class *this)
1188 this->tparent->children = NULL; 1186 this->tparent->children = NULL;
1189 } 1187 }
1190 } else { 1188 } else {
1191 BUG_TRAP(this->sibling == this); 1189 WARN_ON(this->sibling != this);
1192 } 1190 }
1193} 1191}
1194 1192
1195static void cbq_link_class(struct cbq_class *this) 1193static void cbq_link_class(struct cbq_class *this)
1196{ 1194{
1197 struct cbq_sched_data *q = qdisc_priv(this->qdisc); 1195 struct cbq_sched_data *q = qdisc_priv(this->qdisc);
1198 unsigned h = cbq_hash(this->classid);
1199 struct cbq_class *parent = this->tparent; 1196 struct cbq_class *parent = this->tparent;
1200 1197
1201 this->sibling = this; 1198 this->sibling = this;
1202 this->next = q->classes[h]; 1199 qdisc_class_hash_insert(&q->clhash, &this->common);
1203 q->classes[h] = this;
1204 1200
1205 if (parent == NULL) 1201 if (parent == NULL)
1206 return; 1202 return;
@@ -1242,6 +1238,7 @@ cbq_reset(struct Qdisc* sch)
1242{ 1238{
1243 struct cbq_sched_data *q = qdisc_priv(sch); 1239 struct cbq_sched_data *q = qdisc_priv(sch);
1244 struct cbq_class *cl; 1240 struct cbq_class *cl;
1241 struct hlist_node *n;
1245 int prio; 1242 int prio;
1246 unsigned h; 1243 unsigned h;
1247 1244
@@ -1258,8 +1255,8 @@ cbq_reset(struct Qdisc* sch)
1258 for (prio = 0; prio <= TC_CBQ_MAXPRIO; prio++) 1255 for (prio = 0; prio <= TC_CBQ_MAXPRIO; prio++)
1259 q->active[prio] = NULL; 1256 q->active[prio] = NULL;
1260 1257
1261 for (h = 0; h < 16; h++) { 1258 for (h = 0; h < q->clhash.hashsize; h++) {
1262 for (cl = q->classes[h]; cl; cl = cl->next) { 1259 hlist_for_each_entry(cl, n, &q->clhash.hash[h], common.hnode) {
1263 qdisc_reset(cl->q); 1260 qdisc_reset(cl->q);
1264 1261
1265 cl->next_alive = NULL; 1262 cl->next_alive = NULL;
@@ -1406,11 +1403,16 @@ static int cbq_init(struct Qdisc *sch, struct nlattr *opt)
1406 if ((q->link.R_tab = qdisc_get_rtab(r, tb[TCA_CBQ_RTAB])) == NULL) 1403 if ((q->link.R_tab = qdisc_get_rtab(r, tb[TCA_CBQ_RTAB])) == NULL)
1407 return -EINVAL; 1404 return -EINVAL;
1408 1405
1406 err = qdisc_class_hash_init(&q->clhash);
1407 if (err < 0)
1408 goto put_rtab;
1409
1409 q->link.refcnt = 1; 1410 q->link.refcnt = 1;
1410 q->link.sibling = &q->link; 1411 q->link.sibling = &q->link;
1411 q->link.classid = sch->handle; 1412 q->link.common.classid = sch->handle;
1412 q->link.qdisc = sch; 1413 q->link.qdisc = sch;
1413 if (!(q->link.q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 1414 if (!(q->link.q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1415 &pfifo_qdisc_ops,
1414 sch->handle))) 1416 sch->handle)))
1415 q->link.q = &noop_qdisc; 1417 q->link.q = &noop_qdisc;
1416 1418
@@ -1419,7 +1421,7 @@ static int cbq_init(struct Qdisc *sch, struct nlattr *opt)
1419 q->link.cpriority = TC_CBQ_MAXPRIO-1; 1421 q->link.cpriority = TC_CBQ_MAXPRIO-1;
1420 q->link.ovl_strategy = TC_CBQ_OVL_CLASSIC; 1422 q->link.ovl_strategy = TC_CBQ_OVL_CLASSIC;
1421 q->link.overlimit = cbq_ovl_classic; 1423 q->link.overlimit = cbq_ovl_classic;
1422 q->link.allot = psched_mtu(sch->dev); 1424 q->link.allot = psched_mtu(qdisc_dev(sch));
1423 q->link.quantum = q->link.allot; 1425 q->link.quantum = q->link.allot;
1424 q->link.weight = q->link.R_tab->rate.rate; 1426 q->link.weight = q->link.R_tab->rate.rate;
1425 1427
@@ -1441,6 +1443,10 @@ static int cbq_init(struct Qdisc *sch, struct nlattr *opt)
1441 1443
1442 cbq_addprio(q, &q->link); 1444 cbq_addprio(q, &q->link);
1443 return 0; 1445 return 0;
1446
1447put_rtab:
1448 qdisc_put_rtab(q->link.R_tab);
1449 return err;
1444} 1450}
1445 1451
1446static __inline__ int cbq_dump_rate(struct sk_buff *skb, struct cbq_class *cl) 1452static __inline__ int cbq_dump_rate(struct sk_buff *skb, struct cbq_class *cl)
@@ -1521,7 +1527,7 @@ static __inline__ int cbq_dump_fopt(struct sk_buff *skb, struct cbq_class *cl)
1521 struct tc_cbq_fopt opt; 1527 struct tc_cbq_fopt opt;
1522 1528
1523 if (cl->split || cl->defmap) { 1529 if (cl->split || cl->defmap) {
1524 opt.split = cl->split ? cl->split->classid : 0; 1530 opt.split = cl->split ? cl->split->common.classid : 0;
1525 opt.defmap = cl->defmap; 1531 opt.defmap = cl->defmap;
1526 opt.defchange = ~0; 1532 opt.defchange = ~0;
1527 NLA_PUT(skb, TCA_CBQ_FOPT, sizeof(opt), &opt); 1533 NLA_PUT(skb, TCA_CBQ_FOPT, sizeof(opt), &opt);
@@ -1602,10 +1608,10 @@ cbq_dump_class(struct Qdisc *sch, unsigned long arg,
1602 struct nlattr *nest; 1608 struct nlattr *nest;
1603 1609
1604 if (cl->tparent) 1610 if (cl->tparent)
1605 tcm->tcm_parent = cl->tparent->classid; 1611 tcm->tcm_parent = cl->tparent->common.classid;
1606 else 1612 else
1607 tcm->tcm_parent = TC_H_ROOT; 1613 tcm->tcm_parent = TC_H_ROOT;
1608 tcm->tcm_handle = cl->classid; 1614 tcm->tcm_handle = cl->common.classid;
1609 tcm->tcm_info = cl->q->handle; 1615 tcm->tcm_info = cl->q->handle;
1610 1616
1611 nest = nla_nest_start(skb, TCA_OPTIONS); 1617 nest = nla_nest_start(skb, TCA_OPTIONS);
@@ -1650,8 +1656,10 @@ static int cbq_graft(struct Qdisc *sch, unsigned long arg, struct Qdisc *new,
1650 1656
1651 if (cl) { 1657 if (cl) {
1652 if (new == NULL) { 1658 if (new == NULL) {
1653 if ((new = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 1659 new = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1654 cl->classid)) == NULL) 1660 &pfifo_qdisc_ops,
1661 cl->common.classid);
1662 if (new == NULL)
1655 return -ENOBUFS; 1663 return -ENOBUFS;
1656 } else { 1664 } else {
1657#ifdef CONFIG_NET_CLS_ACT 1665#ifdef CONFIG_NET_CLS_ACT
@@ -1702,9 +1710,9 @@ static void cbq_destroy_class(struct Qdisc *sch, struct cbq_class *cl)
1702{ 1710{
1703 struct cbq_sched_data *q = qdisc_priv(sch); 1711 struct cbq_sched_data *q = qdisc_priv(sch);
1704 1712
1705 BUG_TRAP(!cl->filters); 1713 WARN_ON(cl->filters);
1706 1714
1707 tcf_destroy_chain(cl->filter_list); 1715 tcf_destroy_chain(&cl->filter_list);
1708 qdisc_destroy(cl->q); 1716 qdisc_destroy(cl->q);
1709 qdisc_put_rtab(cl->R_tab); 1717 qdisc_put_rtab(cl->R_tab);
1710 gen_kill_estimator(&cl->bstats, &cl->rate_est); 1718 gen_kill_estimator(&cl->bstats, &cl->rate_est);
@@ -1716,6 +1724,7 @@ static void
1716cbq_destroy(struct Qdisc* sch) 1724cbq_destroy(struct Qdisc* sch)
1717{ 1725{
1718 struct cbq_sched_data *q = qdisc_priv(sch); 1726 struct cbq_sched_data *q = qdisc_priv(sch);
1727 struct hlist_node *n, *next;
1719 struct cbq_class *cl; 1728 struct cbq_class *cl;
1720 unsigned h; 1729 unsigned h;
1721 1730
@@ -1727,20 +1736,16 @@ cbq_destroy(struct Qdisc* sch)
1727 * classes from root to leafs which means that filters can still 1736 * classes from root to leafs which means that filters can still
1728 * be bound to classes which have been destroyed already. --TGR '04 1737 * be bound to classes which have been destroyed already. --TGR '04
1729 */ 1738 */
1730 for (h = 0; h < 16; h++) { 1739 for (h = 0; h < q->clhash.hashsize; h++) {
1731 for (cl = q->classes[h]; cl; cl = cl->next) { 1740 hlist_for_each_entry(cl, n, &q->clhash.hash[h], common.hnode)
1732 tcf_destroy_chain(cl->filter_list); 1741 tcf_destroy_chain(&cl->filter_list);
1733 cl->filter_list = NULL;
1734 }
1735 } 1742 }
1736 for (h = 0; h < 16; h++) { 1743 for (h = 0; h < q->clhash.hashsize; h++) {
1737 struct cbq_class *next; 1744 hlist_for_each_entry_safe(cl, n, next, &q->clhash.hash[h],
1738 1745 common.hnode)
1739 for (cl = q->classes[h]; cl; cl = next) {
1740 next = cl->next;
1741 cbq_destroy_class(sch, cl); 1746 cbq_destroy_class(sch, cl);
1742 }
1743 } 1747 }
1748 qdisc_class_hash_destroy(&q->clhash);
1744} 1749}
1745 1750
1746static void cbq_put(struct Qdisc *sch, unsigned long arg) 1751static void cbq_put(struct Qdisc *sch, unsigned long arg)
@@ -1749,12 +1754,13 @@ static void cbq_put(struct Qdisc *sch, unsigned long arg)
1749 1754
1750 if (--cl->refcnt == 0) { 1755 if (--cl->refcnt == 0) {
1751#ifdef CONFIG_NET_CLS_ACT 1756#ifdef CONFIG_NET_CLS_ACT
1757 spinlock_t *root_lock = qdisc_root_sleeping_lock(sch);
1752 struct cbq_sched_data *q = qdisc_priv(sch); 1758 struct cbq_sched_data *q = qdisc_priv(sch);
1753 1759
1754 spin_lock_bh(&sch->dev->queue_lock); 1760 spin_lock_bh(root_lock);
1755 if (q->rx_class == cl) 1761 if (q->rx_class == cl)
1756 q->rx_class = NULL; 1762 q->rx_class = NULL;
1757 spin_unlock_bh(&sch->dev->queue_lock); 1763 spin_unlock_bh(root_lock);
1758#endif 1764#endif
1759 1765
1760 cbq_destroy_class(sch, cl); 1766 cbq_destroy_class(sch, cl);
@@ -1783,7 +1789,8 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t
1783 if (cl) { 1789 if (cl) {
1784 /* Check parent */ 1790 /* Check parent */
1785 if (parentid) { 1791 if (parentid) {
1786 if (cl->tparent && cl->tparent->classid != parentid) 1792 if (cl->tparent &&
1793 cl->tparent->common.classid != parentid)
1787 return -EINVAL; 1794 return -EINVAL;
1788 if (!cl->tparent && parentid != TC_H_ROOT) 1795 if (!cl->tparent && parentid != TC_H_ROOT)
1789 return -EINVAL; 1796 return -EINVAL;
@@ -1832,7 +1839,7 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t
1832 1839
1833 if (tca[TCA_RATE]) 1840 if (tca[TCA_RATE])
1834 gen_replace_estimator(&cl->bstats, &cl->rate_est, 1841 gen_replace_estimator(&cl->bstats, &cl->rate_est,
1835 &sch->dev->queue_lock, 1842 qdisc_root_sleeping_lock(sch),
1836 tca[TCA_RATE]); 1843 tca[TCA_RATE]);
1837 return 0; 1844 return 0;
1838 } 1845 }
@@ -1883,9 +1890,10 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t
1883 cl->R_tab = rtab; 1890 cl->R_tab = rtab;
1884 rtab = NULL; 1891 rtab = NULL;
1885 cl->refcnt = 1; 1892 cl->refcnt = 1;
1886 if (!(cl->q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, classid))) 1893 if (!(cl->q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1894 &pfifo_qdisc_ops, classid)))
1887 cl->q = &noop_qdisc; 1895 cl->q = &noop_qdisc;
1888 cl->classid = classid; 1896 cl->common.classid = classid;
1889 cl->tparent = parent; 1897 cl->tparent = parent;
1890 cl->qdisc = sch; 1898 cl->qdisc = sch;
1891 cl->allot = parent->allot; 1899 cl->allot = parent->allot;
@@ -1918,9 +1926,11 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t
1918 cbq_set_fopt(cl, nla_data(tb[TCA_CBQ_FOPT])); 1926 cbq_set_fopt(cl, nla_data(tb[TCA_CBQ_FOPT]));
1919 sch_tree_unlock(sch); 1927 sch_tree_unlock(sch);
1920 1928
1929 qdisc_class_hash_grow(sch, &q->clhash);
1930
1921 if (tca[TCA_RATE]) 1931 if (tca[TCA_RATE])
1922 gen_new_estimator(&cl->bstats, &cl->rate_est, 1932 gen_new_estimator(&cl->bstats, &cl->rate_est,
1923 &sch->dev->queue_lock, tca[TCA_RATE]); 1933 qdisc_root_sleeping_lock(sch), tca[TCA_RATE]);
1924 1934
1925 *arg = (unsigned long)cl; 1935 *arg = (unsigned long)cl;
1926 return 0; 1936 return 0;
@@ -2010,15 +2020,15 @@ static void cbq_unbind_filter(struct Qdisc *sch, unsigned long arg)
2010static void cbq_walk(struct Qdisc *sch, struct qdisc_walker *arg) 2020static void cbq_walk(struct Qdisc *sch, struct qdisc_walker *arg)
2011{ 2021{
2012 struct cbq_sched_data *q = qdisc_priv(sch); 2022 struct cbq_sched_data *q = qdisc_priv(sch);
2023 struct cbq_class *cl;
2024 struct hlist_node *n;
2013 unsigned h; 2025 unsigned h;
2014 2026
2015 if (arg->stop) 2027 if (arg->stop)
2016 return; 2028 return;
2017 2029
2018 for (h = 0; h < 16; h++) { 2030 for (h = 0; h < q->clhash.hashsize; h++) {
2019 struct cbq_class *cl; 2031 hlist_for_each_entry(cl, n, &q->clhash.hash[h], common.hnode) {
2020
2021 for (cl = q->classes[h]; cl; cl = cl->next) {
2022 if (arg->count < arg->skip) { 2032 if (arg->count < arg->skip) {
2023 arg->count++; 2033 arg->count++;
2024 continue; 2034 continue;
diff --git a/net/sched/sch_dsmark.c b/net/sched/sch_dsmark.c
index 0df911fd67b1..edd1298f85f6 100644
--- a/net/sched/sch_dsmark.c
+++ b/net/sched/sch_dsmark.c
@@ -60,7 +60,8 @@ static int dsmark_graft(struct Qdisc *sch, unsigned long arg,
60 sch, p, new, old); 60 sch, p, new, old);
61 61
62 if (new == NULL) { 62 if (new == NULL) {
63 new = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 63 new = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
64 &pfifo_qdisc_ops,
64 sch->handle); 65 sch->handle);
65 if (new == NULL) 66 if (new == NULL)
66 new = &noop_qdisc; 67 new = &noop_qdisc;
@@ -235,7 +236,7 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
235 case TC_ACT_QUEUED: 236 case TC_ACT_QUEUED:
236 case TC_ACT_STOLEN: 237 case TC_ACT_STOLEN:
237 kfree_skb(skb); 238 kfree_skb(skb);
238 return NET_XMIT_SUCCESS; 239 return NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
239 240
240 case TC_ACT_SHOT: 241 case TC_ACT_SHOT:
241 goto drop; 242 goto drop;
@@ -251,13 +252,14 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
251 } 252 }
252 } 253 }
253 254
254 err = p->q->enqueue(skb, p->q); 255 err = qdisc_enqueue(skb, p->q);
255 if (err != NET_XMIT_SUCCESS) { 256 if (err != NET_XMIT_SUCCESS) {
256 sch->qstats.drops++; 257 if (net_xmit_drop_count(err))
258 sch->qstats.drops++;
257 return err; 259 return err;
258 } 260 }
259 261
260 sch->bstats.bytes += skb->len; 262 sch->bstats.bytes += qdisc_pkt_len(skb);
261 sch->bstats.packets++; 263 sch->bstats.packets++;
262 sch->q.qlen++; 264 sch->q.qlen++;
263 265
@@ -266,7 +268,7 @@ static int dsmark_enqueue(struct sk_buff *skb, struct Qdisc *sch)
266drop: 268drop:
267 kfree_skb(skb); 269 kfree_skb(skb);
268 sch->qstats.drops++; 270 sch->qstats.drops++;
269 return NET_XMIT_BYPASS; 271 return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
270} 272}
271 273
272static struct sk_buff *dsmark_dequeue(struct Qdisc *sch) 274static struct sk_buff *dsmark_dequeue(struct Qdisc *sch)
@@ -320,7 +322,8 @@ static int dsmark_requeue(struct sk_buff *skb, struct Qdisc *sch)
320 322
321 err = p->q->ops->requeue(skb, p->q); 323 err = p->q->ops->requeue(skb, p->q);
322 if (err != NET_XMIT_SUCCESS) { 324 if (err != NET_XMIT_SUCCESS) {
323 sch->qstats.drops++; 325 if (net_xmit_drop_count(err))
326 sch->qstats.drops++;
324 return err; 327 return err;
325 } 328 }
326 329
@@ -390,7 +393,8 @@ static int dsmark_init(struct Qdisc *sch, struct nlattr *opt)
390 p->default_index = default_index; 393 p->default_index = default_index;
391 p->set_tc_index = nla_get_flag(tb[TCA_DSMARK_SET_TC_INDEX]); 394 p->set_tc_index = nla_get_flag(tb[TCA_DSMARK_SET_TC_INDEX]);
392 395
393 p->q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, sch->handle); 396 p->q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
397 &pfifo_qdisc_ops, sch->handle);
394 if (p->q == NULL) 398 if (p->q == NULL)
395 p->q = &noop_qdisc; 399 p->q = &noop_qdisc;
396 400
@@ -416,7 +420,7 @@ static void dsmark_destroy(struct Qdisc *sch)
416 420
417 pr_debug("dsmark_destroy(sch %p,[qdisc %p])\n", sch, p); 421 pr_debug("dsmark_destroy(sch %p,[qdisc %p])\n", sch, p);
418 422
419 tcf_destroy_chain(p->filter_list); 423 tcf_destroy_chain(&p->filter_list);
420 qdisc_destroy(p->q); 424 qdisc_destroy(p->q);
421 kfree(p->mask); 425 kfree(p->mask);
422} 426}
@@ -444,7 +448,8 @@ static int dsmark_dump_class(struct Qdisc *sch, unsigned long cl,
444 return nla_nest_end(skb, opts); 448 return nla_nest_end(skb, opts);
445 449
446nla_put_failure: 450nla_put_failure:
447 return nla_nest_cancel(skb, opts); 451 nla_nest_cancel(skb, opts);
452 return -EMSGSIZE;
448} 453}
449 454
450static int dsmark_dump(struct Qdisc *sch, struct sk_buff *skb) 455static int dsmark_dump(struct Qdisc *sch, struct sk_buff *skb)
@@ -466,7 +471,8 @@ static int dsmark_dump(struct Qdisc *sch, struct sk_buff *skb)
466 return nla_nest_end(skb, opts); 471 return nla_nest_end(skb, opts);
467 472
468nla_put_failure: 473nla_put_failure:
469 return nla_nest_cancel(skb, opts); 474 nla_nest_cancel(skb, opts);
475 return -EMSGSIZE;
470} 476}
471 477
472static const struct Qdisc_class_ops dsmark_class_ops = { 478static const struct Qdisc_class_ops dsmark_class_ops = {
diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c
index 95ed48221652..23d258bfe8ac 100644
--- a/net/sched/sch_fifo.c
+++ b/net/sched/sch_fifo.c
@@ -27,7 +27,7 @@ static int bfifo_enqueue(struct sk_buff *skb, struct Qdisc* sch)
27{ 27{
28 struct fifo_sched_data *q = qdisc_priv(sch); 28 struct fifo_sched_data *q = qdisc_priv(sch);
29 29
30 if (likely(sch->qstats.backlog + skb->len <= q->limit)) 30 if (likely(sch->qstats.backlog + qdisc_pkt_len(skb) <= q->limit))
31 return qdisc_enqueue_tail(skb, sch); 31 return qdisc_enqueue_tail(skb, sch);
32 32
33 return qdisc_reshape_fail(skb, sch); 33 return qdisc_reshape_fail(skb, sch);
@@ -48,10 +48,10 @@ static int fifo_init(struct Qdisc *sch, struct nlattr *opt)
48 struct fifo_sched_data *q = qdisc_priv(sch); 48 struct fifo_sched_data *q = qdisc_priv(sch);
49 49
50 if (opt == NULL) { 50 if (opt == NULL) {
51 u32 limit = sch->dev->tx_queue_len ? : 1; 51 u32 limit = qdisc_dev(sch)->tx_queue_len ? : 1;
52 52
53 if (sch->ops == &bfifo_qdisc_ops) 53 if (sch->ops == &bfifo_qdisc_ops)
54 limit *= sch->dev->mtu; 54 limit *= qdisc_dev(sch)->mtu;
55 55
56 q->limit = limit; 56 q->limit = limit;
57 } else { 57 } else {
@@ -107,3 +107,46 @@ struct Qdisc_ops bfifo_qdisc_ops __read_mostly = {
107 .owner = THIS_MODULE, 107 .owner = THIS_MODULE,
108}; 108};
109EXPORT_SYMBOL(bfifo_qdisc_ops); 109EXPORT_SYMBOL(bfifo_qdisc_ops);
110
111/* Pass size change message down to embedded FIFO */
112int fifo_set_limit(struct Qdisc *q, unsigned int limit)
113{
114 struct nlattr *nla;
115 int ret = -ENOMEM;
116
117 /* Hack to avoid sending change message to non-FIFO */
118 if (strncmp(q->ops->id + 1, "fifo", 4) != 0)
119 return 0;
120
121 nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL);
122 if (nla) {
123 nla->nla_type = RTM_NEWQDISC;
124 nla->nla_len = nla_attr_size(sizeof(struct tc_fifo_qopt));
125 ((struct tc_fifo_qopt *)nla_data(nla))->limit = limit;
126
127 ret = q->ops->change(q, nla);
128 kfree(nla);
129 }
130 return ret;
131}
132EXPORT_SYMBOL(fifo_set_limit);
133
134struct Qdisc *fifo_create_dflt(struct Qdisc *sch, struct Qdisc_ops *ops,
135 unsigned int limit)
136{
137 struct Qdisc *q;
138 int err = -ENOMEM;
139
140 q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
141 ops, TC_H_MAKE(sch->handle, 1));
142 if (q) {
143 err = fifo_set_limit(q, limit);
144 if (err < 0) {
145 qdisc_destroy(q);
146 q = NULL;
147 }
148 }
149
150 return q ? : ERR_PTR(err);
151}
152EXPORT_SYMBOL(fifo_create_dflt);
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index d355e5e47fe3..9634091ee2f0 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -29,58 +29,36 @@
29/* Main transmission queue. */ 29/* Main transmission queue. */
30 30
31/* Modifications to data participating in scheduling must be protected with 31/* Modifications to data participating in scheduling must be protected with
32 * dev->queue_lock spinlock. 32 * qdisc_lock(qdisc) spinlock.
33 * 33 *
34 * The idea is the following: 34 * The idea is the following:
35 * - enqueue, dequeue are serialized via top level device 35 * - enqueue, dequeue are serialized via qdisc root lock
36 * spinlock dev->queue_lock. 36 * - ingress filtering is also serialized via qdisc root lock
37 * - ingress filtering is serialized via top level device
38 * spinlock dev->ingress_lock.
39 * - updates to tree and tree walking are only done under the rtnl mutex. 37 * - updates to tree and tree walking are only done under the rtnl mutex.
40 */ 38 */
41 39
42void qdisc_lock_tree(struct net_device *dev)
43 __acquires(dev->queue_lock)
44 __acquires(dev->ingress_lock)
45{
46 spin_lock_bh(&dev->queue_lock);
47 spin_lock(&dev->ingress_lock);
48}
49EXPORT_SYMBOL(qdisc_lock_tree);
50
51void qdisc_unlock_tree(struct net_device *dev)
52 __releases(dev->ingress_lock)
53 __releases(dev->queue_lock)
54{
55 spin_unlock(&dev->ingress_lock);
56 spin_unlock_bh(&dev->queue_lock);
57}
58EXPORT_SYMBOL(qdisc_unlock_tree);
59
60static inline int qdisc_qlen(struct Qdisc *q) 40static inline int qdisc_qlen(struct Qdisc *q)
61{ 41{
62 return q->q.qlen; 42 return q->q.qlen;
63} 43}
64 44
65static inline int dev_requeue_skb(struct sk_buff *skb, struct net_device *dev, 45static inline int dev_requeue_skb(struct sk_buff *skb, struct Qdisc *q)
66 struct Qdisc *q)
67{ 46{
68 if (unlikely(skb->next)) 47 if (unlikely(skb->next))
69 dev->gso_skb = skb; 48 q->gso_skb = skb;
70 else 49 else
71 q->ops->requeue(skb, q); 50 q->ops->requeue(skb, q);
72 51
73 netif_schedule(dev); 52 __netif_schedule(q);
74 return 0; 53 return 0;
75} 54}
76 55
77static inline struct sk_buff *dev_dequeue_skb(struct net_device *dev, 56static inline struct sk_buff *dequeue_skb(struct Qdisc *q)
78 struct Qdisc *q)
79{ 57{
80 struct sk_buff *skb; 58 struct sk_buff *skb;
81 59
82 if ((skb = dev->gso_skb)) 60 if ((skb = q->gso_skb))
83 dev->gso_skb = NULL; 61 q->gso_skb = NULL;
84 else 62 else
85 skb = q->dequeue(q); 63 skb = q->dequeue(q);
86 64
@@ -88,12 +66,12 @@ static inline struct sk_buff *dev_dequeue_skb(struct net_device *dev,
88} 66}
89 67
90static inline int handle_dev_cpu_collision(struct sk_buff *skb, 68static inline int handle_dev_cpu_collision(struct sk_buff *skb,
91 struct net_device *dev, 69 struct netdev_queue *dev_queue,
92 struct Qdisc *q) 70 struct Qdisc *q)
93{ 71{
94 int ret; 72 int ret;
95 73
96 if (unlikely(dev->xmit_lock_owner == smp_processor_id())) { 74 if (unlikely(dev_queue->xmit_lock_owner == smp_processor_id())) {
97 /* 75 /*
98 * Same CPU holding the lock. It may be a transient 76 * Same CPU holding the lock. It may be a transient
99 * configuration error, when hard_start_xmit() recurses. We 77 * configuration error, when hard_start_xmit() recurses. We
@@ -103,7 +81,7 @@ static inline int handle_dev_cpu_collision(struct sk_buff *skb,
103 kfree_skb(skb); 81 kfree_skb(skb);
104 if (net_ratelimit()) 82 if (net_ratelimit())
105 printk(KERN_WARNING "Dead loop on netdevice %s, " 83 printk(KERN_WARNING "Dead loop on netdevice %s, "
106 "fix it urgently!\n", dev->name); 84 "fix it urgently!\n", dev_queue->dev->name);
107 ret = qdisc_qlen(q); 85 ret = qdisc_qlen(q);
108 } else { 86 } else {
109 /* 87 /*
@@ -111,22 +89,22 @@ static inline int handle_dev_cpu_collision(struct sk_buff *skb,
111 * some time. 89 * some time.
112 */ 90 */
113 __get_cpu_var(netdev_rx_stat).cpu_collision++; 91 __get_cpu_var(netdev_rx_stat).cpu_collision++;
114 ret = dev_requeue_skb(skb, dev, q); 92 ret = dev_requeue_skb(skb, q);
115 } 93 }
116 94
117 return ret; 95 return ret;
118} 96}
119 97
120/* 98/*
121 * NOTE: Called under dev->queue_lock with locally disabled BH. 99 * NOTE: Called under qdisc_lock(q) with locally disabled BH.
122 * 100 *
123 * __LINK_STATE_QDISC_RUNNING guarantees only one CPU can process this 101 * __QDISC_STATE_RUNNING guarantees only one CPU can process
124 * device at a time. dev->queue_lock serializes queue accesses for 102 * this qdisc at a time. qdisc_lock(q) serializes queue accesses for
125 * this device AND dev->qdisc pointer itself. 103 * this queue.
126 * 104 *
127 * netif_tx_lock serializes accesses to device driver. 105 * netif_tx_lock serializes accesses to device driver.
128 * 106 *
129 * dev->queue_lock and netif_tx_lock are mutually exclusive, 107 * qdisc_lock(q) and netif_tx_lock are mutually exclusive,
130 * if one is grabbed, another must be free. 108 * if one is grabbed, another must be free.
131 * 109 *
132 * Note, that this procedure can be called by a watchdog timer 110 * Note, that this procedure can be called by a watchdog timer
@@ -136,27 +114,33 @@ static inline int handle_dev_cpu_collision(struct sk_buff *skb,
136 * >0 - queue is not empty. 114 * >0 - queue is not empty.
137 * 115 *
138 */ 116 */
139static inline int qdisc_restart(struct net_device *dev) 117static inline int qdisc_restart(struct Qdisc *q)
140{ 118{
141 struct Qdisc *q = dev->qdisc; 119 struct netdev_queue *txq;
142 struct sk_buff *skb;
143 int ret = NETDEV_TX_BUSY; 120 int ret = NETDEV_TX_BUSY;
121 struct net_device *dev;
122 spinlock_t *root_lock;
123 struct sk_buff *skb;
144 124
145 /* Dequeue packet */ 125 /* Dequeue packet */
146 if (unlikely((skb = dev_dequeue_skb(dev, q)) == NULL)) 126 if (unlikely((skb = dequeue_skb(q)) == NULL))
147 return 0; 127 return 0;
148 128
129 root_lock = qdisc_lock(q);
130
131 /* And release qdisc */
132 spin_unlock(root_lock);
149 133
150 /* And release queue */ 134 dev = qdisc_dev(q);
151 spin_unlock(&dev->queue_lock); 135 txq = netdev_get_tx_queue(dev, skb_get_queue_mapping(skb));
152 136
153 HARD_TX_LOCK(dev, smp_processor_id()); 137 HARD_TX_LOCK(dev, txq, smp_processor_id());
154 if (!netif_subqueue_stopped(dev, skb)) 138 if (!netif_tx_queue_stopped(txq) &&
155 ret = dev_hard_start_xmit(skb, dev); 139 !netif_tx_queue_frozen(txq))
156 HARD_TX_UNLOCK(dev); 140 ret = dev_hard_start_xmit(skb, dev, txq);
141 HARD_TX_UNLOCK(dev, txq);
157 142
158 spin_lock(&dev->queue_lock); 143 spin_lock(root_lock);
159 q = dev->qdisc;
160 144
161 switch (ret) { 145 switch (ret) {
162 case NETDEV_TX_OK: 146 case NETDEV_TX_OK:
@@ -166,7 +150,7 @@ static inline int qdisc_restart(struct net_device *dev)
166 150
167 case NETDEV_TX_LOCKED: 151 case NETDEV_TX_LOCKED:
168 /* Driver try lock failed */ 152 /* Driver try lock failed */
169 ret = handle_dev_cpu_collision(skb, dev, q); 153 ret = handle_dev_cpu_collision(skb, txq, q);
170 break; 154 break;
171 155
172 default: 156 default:
@@ -175,33 +159,34 @@ static inline int qdisc_restart(struct net_device *dev)
175 printk(KERN_WARNING "BUG %s code %d qlen %d\n", 159 printk(KERN_WARNING "BUG %s code %d qlen %d\n",
176 dev->name, ret, q->q.qlen); 160 dev->name, ret, q->q.qlen);
177 161
178 ret = dev_requeue_skb(skb, dev, q); 162 ret = dev_requeue_skb(skb, q);
179 break; 163 break;
180 } 164 }
181 165
166 if (ret && (netif_tx_queue_stopped(txq) ||
167 netif_tx_queue_frozen(txq)))
168 ret = 0;
169
182 return ret; 170 return ret;
183} 171}
184 172
185void __qdisc_run(struct net_device *dev) 173void __qdisc_run(struct Qdisc *q)
186{ 174{
187 unsigned long start_time = jiffies; 175 unsigned long start_time = jiffies;
188 176
189 while (qdisc_restart(dev)) { 177 while (qdisc_restart(q)) {
190 if (netif_queue_stopped(dev))
191 break;
192
193 /* 178 /*
194 * Postpone processing if 179 * Postpone processing if
195 * 1. another process needs the CPU; 180 * 1. another process needs the CPU;
196 * 2. we've been doing it for too long. 181 * 2. we've been doing it for too long.
197 */ 182 */
198 if (need_resched() || jiffies != start_time) { 183 if (need_resched() || jiffies != start_time) {
199 netif_schedule(dev); 184 __netif_schedule(q);
200 break; 185 break;
201 } 186 }
202 } 187 }
203 188
204 clear_bit(__LINK_STATE_QDISC_RUNNING, &dev->state); 189 clear_bit(__QDISC_STATE_RUNNING, &q->state);
205} 190}
206 191
207static void dev_watchdog(unsigned long arg) 192static void dev_watchdog(unsigned long arg)
@@ -209,19 +194,35 @@ static void dev_watchdog(unsigned long arg)
209 struct net_device *dev = (struct net_device *)arg; 194 struct net_device *dev = (struct net_device *)arg;
210 195
211 netif_tx_lock(dev); 196 netif_tx_lock(dev);
212 if (dev->qdisc != &noop_qdisc) { 197 if (!qdisc_tx_is_noop(dev)) {
213 if (netif_device_present(dev) && 198 if (netif_device_present(dev) &&
214 netif_running(dev) && 199 netif_running(dev) &&
215 netif_carrier_ok(dev)) { 200 netif_carrier_ok(dev)) {
216 if (netif_queue_stopped(dev) && 201 int some_queue_stopped = 0;
217 time_after(jiffies, dev->trans_start + dev->watchdog_timeo)) { 202 unsigned int i;
203
204 for (i = 0; i < dev->num_tx_queues; i++) {
205 struct netdev_queue *txq;
206
207 txq = netdev_get_tx_queue(dev, i);
208 if (netif_tx_queue_stopped(txq)) {
209 some_queue_stopped = 1;
210 break;
211 }
212 }
218 213
219 printk(KERN_INFO "NETDEV WATCHDOG: %s: transmit timed out\n", 214 if (some_queue_stopped &&
220 dev->name); 215 time_after(jiffies, (dev->trans_start +
216 dev->watchdog_timeo))) {
217 char drivername[64];
218 printk(KERN_INFO "NETDEV WATCHDOG: %s (%s): transmit timed out\n",
219 dev->name, netdev_drivername(dev, drivername, 64));
221 dev->tx_timeout(dev); 220 dev->tx_timeout(dev);
222 WARN_ON_ONCE(1); 221 WARN_ON_ONCE(1);
223 } 222 }
224 if (!mod_timer(&dev->watchdog_timer, round_jiffies(jiffies + dev->watchdog_timeo))) 223 if (!mod_timer(&dev->watchdog_timer,
224 round_jiffies(jiffies +
225 dev->watchdog_timeo)))
225 dev_hold(dev); 226 dev_hold(dev);
226 } 227 }
227 } 228 }
@@ -317,12 +318,18 @@ struct Qdisc_ops noop_qdisc_ops __read_mostly = {
317 .owner = THIS_MODULE, 318 .owner = THIS_MODULE,
318}; 319};
319 320
321static struct netdev_queue noop_netdev_queue = {
322 .qdisc = &noop_qdisc,
323};
324
320struct Qdisc noop_qdisc = { 325struct Qdisc noop_qdisc = {
321 .enqueue = noop_enqueue, 326 .enqueue = noop_enqueue,
322 .dequeue = noop_dequeue, 327 .dequeue = noop_dequeue,
323 .flags = TCQ_F_BUILTIN, 328 .flags = TCQ_F_BUILTIN,
324 .ops = &noop_qdisc_ops, 329 .ops = &noop_qdisc_ops,
325 .list = LIST_HEAD_INIT(noop_qdisc.list), 330 .list = LIST_HEAD_INIT(noop_qdisc.list),
331 .q.lock = __SPIN_LOCK_UNLOCKED(noop_qdisc.q.lock),
332 .dev_queue = &noop_netdev_queue,
326}; 333};
327EXPORT_SYMBOL(noop_qdisc); 334EXPORT_SYMBOL(noop_qdisc);
328 335
@@ -335,12 +342,19 @@ static struct Qdisc_ops noqueue_qdisc_ops __read_mostly = {
335 .owner = THIS_MODULE, 342 .owner = THIS_MODULE,
336}; 343};
337 344
345static struct Qdisc noqueue_qdisc;
346static struct netdev_queue noqueue_netdev_queue = {
347 .qdisc = &noqueue_qdisc,
348};
349
338static struct Qdisc noqueue_qdisc = { 350static struct Qdisc noqueue_qdisc = {
339 .enqueue = NULL, 351 .enqueue = NULL,
340 .dequeue = noop_dequeue, 352 .dequeue = noop_dequeue,
341 .flags = TCQ_F_BUILTIN, 353 .flags = TCQ_F_BUILTIN,
342 .ops = &noqueue_qdisc_ops, 354 .ops = &noqueue_qdisc_ops,
343 .list = LIST_HEAD_INIT(noqueue_qdisc.list), 355 .list = LIST_HEAD_INIT(noqueue_qdisc.list),
356 .q.lock = __SPIN_LOCK_UNLOCKED(noqueue_qdisc.q.lock),
357 .dev_queue = &noqueue_netdev_queue,
344}; 358};
345 359
346 360
@@ -364,7 +378,7 @@ static int pfifo_fast_enqueue(struct sk_buff *skb, struct Qdisc* qdisc)
364{ 378{
365 struct sk_buff_head *list = prio2list(skb, qdisc); 379 struct sk_buff_head *list = prio2list(skb, qdisc);
366 380
367 if (skb_queue_len(list) < qdisc->dev->tx_queue_len) { 381 if (skb_queue_len(list) < qdisc_dev(qdisc)->tx_queue_len) {
368 qdisc->q.qlen++; 382 qdisc->q.qlen++;
369 return __qdisc_enqueue_tail(skb, qdisc, list); 383 return __qdisc_enqueue_tail(skb, qdisc, list);
370 } 384 }
@@ -440,7 +454,8 @@ static struct Qdisc_ops pfifo_fast_ops __read_mostly = {
440 .owner = THIS_MODULE, 454 .owner = THIS_MODULE,
441}; 455};
442 456
443struct Qdisc *qdisc_alloc(struct net_device *dev, struct Qdisc_ops *ops) 457struct Qdisc *qdisc_alloc(struct netdev_queue *dev_queue,
458 struct Qdisc_ops *ops)
444{ 459{
445 void *p; 460 void *p;
446 struct Qdisc *sch; 461 struct Qdisc *sch;
@@ -462,24 +477,25 @@ struct Qdisc *qdisc_alloc(struct net_device *dev, struct Qdisc_ops *ops)
462 sch->ops = ops; 477 sch->ops = ops;
463 sch->enqueue = ops->enqueue; 478 sch->enqueue = ops->enqueue;
464 sch->dequeue = ops->dequeue; 479 sch->dequeue = ops->dequeue;
465 sch->dev = dev; 480 sch->dev_queue = dev_queue;
466 dev_hold(dev); 481 dev_hold(qdisc_dev(sch));
467 atomic_set(&sch->refcnt, 1); 482 atomic_set(&sch->refcnt, 1);
468 483
469 return sch; 484 return sch;
470errout: 485errout:
471 return ERR_PTR(-err); 486 return ERR_PTR(err);
472} 487}
473 488
474struct Qdisc * qdisc_create_dflt(struct net_device *dev, struct Qdisc_ops *ops, 489struct Qdisc * qdisc_create_dflt(struct net_device *dev,
490 struct netdev_queue *dev_queue,
491 struct Qdisc_ops *ops,
475 unsigned int parentid) 492 unsigned int parentid)
476{ 493{
477 struct Qdisc *sch; 494 struct Qdisc *sch;
478 495
479 sch = qdisc_alloc(dev, ops); 496 sch = qdisc_alloc(dev_queue, ops);
480 if (IS_ERR(sch)) 497 if (IS_ERR(sch))
481 goto errout; 498 goto errout;
482 sch->stats_lock = &dev->queue_lock;
483 sch->parent = parentid; 499 sch->parent = parentid;
484 500
485 if (!ops->init || ops->init(sch, NULL) == 0) 501 if (!ops->init || ops->init(sch, NULL) == 0)
@@ -491,7 +507,7 @@ errout:
491} 507}
492EXPORT_SYMBOL(qdisc_create_dflt); 508EXPORT_SYMBOL(qdisc_create_dflt);
493 509
494/* Under dev->queue_lock and BH! */ 510/* Under qdisc_lock(qdisc) and BH! */
495 511
496void qdisc_reset(struct Qdisc *qdisc) 512void qdisc_reset(struct Qdisc *qdisc)
497{ 513{
@@ -502,17 +518,6 @@ void qdisc_reset(struct Qdisc *qdisc)
502} 518}
503EXPORT_SYMBOL(qdisc_reset); 519EXPORT_SYMBOL(qdisc_reset);
504 520
505/* this is the rcu callback function to clean up a qdisc when there
506 * are no further references to it */
507
508static void __qdisc_destroy(struct rcu_head *head)
509{
510 struct Qdisc *qdisc = container_of(head, struct Qdisc, q_rcu);
511 kfree((char *) qdisc - qdisc->padded);
512}
513
514/* Under dev->queue_lock and BH! */
515
516void qdisc_destroy(struct Qdisc *qdisc) 521void qdisc_destroy(struct Qdisc *qdisc)
517{ 522{
518 const struct Qdisc_ops *ops = qdisc->ops; 523 const struct Qdisc_ops *ops = qdisc->ops;
@@ -521,7 +526,11 @@ void qdisc_destroy(struct Qdisc *qdisc)
521 !atomic_dec_and_test(&qdisc->refcnt)) 526 !atomic_dec_and_test(&qdisc->refcnt))
522 return; 527 return;
523 528
524 list_del(&qdisc->list); 529#ifdef CONFIG_NET_SCHED
530 qdisc_list_del(qdisc);
531
532 qdisc_put_stab(qdisc->stab);
533#endif
525 gen_kill_estimator(&qdisc->bstats, &qdisc->rate_est); 534 gen_kill_estimator(&qdisc->bstats, &qdisc->rate_est);
526 if (ops->reset) 535 if (ops->reset)
527 ops->reset(qdisc); 536 ops->reset(qdisc);
@@ -529,65 +538,140 @@ void qdisc_destroy(struct Qdisc *qdisc)
529 ops->destroy(qdisc); 538 ops->destroy(qdisc);
530 539
531 module_put(ops->owner); 540 module_put(ops->owner);
532 dev_put(qdisc->dev); 541 dev_put(qdisc_dev(qdisc));
533 call_rcu(&qdisc->q_rcu, __qdisc_destroy); 542
543 kfree_skb(qdisc->gso_skb);
544
545 kfree((char *) qdisc - qdisc->padded);
534} 546}
535EXPORT_SYMBOL(qdisc_destroy); 547EXPORT_SYMBOL(qdisc_destroy);
536 548
549static bool dev_all_qdisc_sleeping_noop(struct net_device *dev)
550{
551 unsigned int i;
552
553 for (i = 0; i < dev->num_tx_queues; i++) {
554 struct netdev_queue *txq = netdev_get_tx_queue(dev, i);
555
556 if (txq->qdisc_sleeping != &noop_qdisc)
557 return false;
558 }
559 return true;
560}
561
562static void attach_one_default_qdisc(struct net_device *dev,
563 struct netdev_queue *dev_queue,
564 void *_unused)
565{
566 struct Qdisc *qdisc;
567
568 if (dev->tx_queue_len) {
569 qdisc = qdisc_create_dflt(dev, dev_queue,
570 &pfifo_fast_ops, TC_H_ROOT);
571 if (!qdisc) {
572 printk(KERN_INFO "%s: activation failed\n", dev->name);
573 return;
574 }
575 } else {
576 qdisc = &noqueue_qdisc;
577 }
578 dev_queue->qdisc_sleeping = qdisc;
579}
580
581static void transition_one_qdisc(struct net_device *dev,
582 struct netdev_queue *dev_queue,
583 void *_need_watchdog)
584{
585 struct Qdisc *new_qdisc = dev_queue->qdisc_sleeping;
586 int *need_watchdog_p = _need_watchdog;
587
588 if (!(new_qdisc->flags & TCQ_F_BUILTIN))
589 clear_bit(__QDISC_STATE_DEACTIVATED, &new_qdisc->state);
590
591 rcu_assign_pointer(dev_queue->qdisc, new_qdisc);
592 if (need_watchdog_p && new_qdisc != &noqueue_qdisc)
593 *need_watchdog_p = 1;
594}
595
537void dev_activate(struct net_device *dev) 596void dev_activate(struct net_device *dev)
538{ 597{
598 int need_watchdog;
599
539 /* No queueing discipline is attached to device; 600 /* No queueing discipline is attached to device;
540 create default one i.e. pfifo_fast for devices, 601 create default one i.e. pfifo_fast for devices,
541 which need queueing and noqueue_qdisc for 602 which need queueing and noqueue_qdisc for
542 virtual interfaces 603 virtual interfaces
543 */ 604 */
544 605
545 if (dev->qdisc_sleeping == &noop_qdisc) { 606 if (dev_all_qdisc_sleeping_noop(dev))
546 struct Qdisc *qdisc; 607 netdev_for_each_tx_queue(dev, attach_one_default_qdisc, NULL);
547 if (dev->tx_queue_len) {
548 qdisc = qdisc_create_dflt(dev, &pfifo_fast_ops,
549 TC_H_ROOT);
550 if (qdisc == NULL) {
551 printk(KERN_INFO "%s: activation failed\n", dev->name);
552 return;
553 }
554 list_add_tail(&qdisc->list, &dev->qdisc_list);
555 } else {
556 qdisc = &noqueue_qdisc;
557 }
558 dev->qdisc_sleeping = qdisc;
559 }
560 608
561 if (!netif_carrier_ok(dev)) 609 if (!netif_carrier_ok(dev))
562 /* Delay activation until next carrier-on event */ 610 /* Delay activation until next carrier-on event */
563 return; 611 return;
564 612
565 spin_lock_bh(&dev->queue_lock); 613 need_watchdog = 0;
566 rcu_assign_pointer(dev->qdisc, dev->qdisc_sleeping); 614 netdev_for_each_tx_queue(dev, transition_one_qdisc, &need_watchdog);
567 if (dev->qdisc != &noqueue_qdisc) { 615 transition_one_qdisc(dev, &dev->rx_queue, NULL);
616
617 if (need_watchdog) {
568 dev->trans_start = jiffies; 618 dev->trans_start = jiffies;
569 dev_watchdog_up(dev); 619 dev_watchdog_up(dev);
570 } 620 }
571 spin_unlock_bh(&dev->queue_lock);
572} 621}
573 622
574void dev_deactivate(struct net_device *dev) 623static void dev_deactivate_queue(struct net_device *dev,
624 struct netdev_queue *dev_queue,
625 void *_qdisc_default)
575{ 626{
627 struct Qdisc *qdisc_default = _qdisc_default;
576 struct Qdisc *qdisc; 628 struct Qdisc *qdisc;
577 struct sk_buff *skb;
578 int running;
579 629
580 spin_lock_bh(&dev->queue_lock); 630 qdisc = dev_queue->qdisc;
581 qdisc = dev->qdisc; 631 if (qdisc) {
582 dev->qdisc = &noop_qdisc; 632 spin_lock_bh(qdisc_lock(qdisc));
583 633
584 qdisc_reset(qdisc); 634 if (!(qdisc->flags & TCQ_F_BUILTIN))
635 set_bit(__QDISC_STATE_DEACTIVATED, &qdisc->state);
585 636
586 skb = dev->gso_skb; 637 rcu_assign_pointer(dev_queue->qdisc, qdisc_default);
587 dev->gso_skb = NULL; 638 qdisc_reset(qdisc);
588 spin_unlock_bh(&dev->queue_lock);
589 639
590 kfree_skb(skb); 640 spin_unlock_bh(qdisc_lock(qdisc));
641 }
642}
643
644static bool some_qdisc_is_busy(struct net_device *dev)
645{
646 unsigned int i;
647
648 for (i = 0; i < dev->num_tx_queues; i++) {
649 struct netdev_queue *dev_queue;
650 spinlock_t *root_lock;
651 struct Qdisc *q;
652 int val;
653
654 dev_queue = netdev_get_tx_queue(dev, i);
655 q = dev_queue->qdisc_sleeping;
656 root_lock = qdisc_lock(q);
657
658 spin_lock_bh(root_lock);
659
660 val = (test_bit(__QDISC_STATE_RUNNING, &q->state) ||
661 test_bit(__QDISC_STATE_SCHED, &q->state));
662
663 spin_unlock_bh(root_lock);
664
665 if (val)
666 return true;
667 }
668 return false;
669}
670
671void dev_deactivate(struct net_device *dev)
672{
673 netdev_for_each_tx_queue(dev, dev_deactivate_queue, &noop_qdisc);
674 dev_deactivate_queue(dev, &dev->rx_queue, &noop_qdisc);
591 675
592 dev_watchdog_down(dev); 676 dev_watchdog_down(dev);
593 677
@@ -595,55 +679,46 @@ void dev_deactivate(struct net_device *dev)
595 synchronize_rcu(); 679 synchronize_rcu();
596 680
597 /* Wait for outstanding qdisc_run calls. */ 681 /* Wait for outstanding qdisc_run calls. */
598 do { 682 while (some_qdisc_is_busy(dev))
599 while (test_bit(__LINK_STATE_QDISC_RUNNING, &dev->state)) 683 yield();
600 yield(); 684}
601 685
602 /* 686static void dev_init_scheduler_queue(struct net_device *dev,
603 * Double-check inside queue lock to ensure that all effects 687 struct netdev_queue *dev_queue,
604 * of the queue run are visible when we return. 688 void *_qdisc)
605 */ 689{
606 spin_lock_bh(&dev->queue_lock); 690 struct Qdisc *qdisc = _qdisc;
607 running = test_bit(__LINK_STATE_QDISC_RUNNING, &dev->state);
608 spin_unlock_bh(&dev->queue_lock);
609 691
610 /* 692 dev_queue->qdisc = qdisc;
611 * The running flag should never be set at this point because 693 dev_queue->qdisc_sleeping = qdisc;
612 * we've already set dev->qdisc to noop_qdisc *inside* the same
613 * pair of spin locks. That is, if any qdisc_run starts after
614 * our initial test it should see the noop_qdisc and then
615 * clear the RUNNING bit before dropping the queue lock. So
616 * if it is set here then we've found a bug.
617 */
618 } while (WARN_ON_ONCE(running));
619} 694}
620 695
621void dev_init_scheduler(struct net_device *dev) 696void dev_init_scheduler(struct net_device *dev)
622{ 697{
623 qdisc_lock_tree(dev); 698 netdev_for_each_tx_queue(dev, dev_init_scheduler_queue, &noop_qdisc);
624 dev->qdisc = &noop_qdisc; 699 dev_init_scheduler_queue(dev, &dev->rx_queue, &noop_qdisc);
625 dev->qdisc_sleeping = &noop_qdisc;
626 INIT_LIST_HEAD(&dev->qdisc_list);
627 qdisc_unlock_tree(dev);
628 700
629 setup_timer(&dev->watchdog_timer, dev_watchdog, (unsigned long)dev); 701 setup_timer(&dev->watchdog_timer, dev_watchdog, (unsigned long)dev);
630} 702}
631 703
632void dev_shutdown(struct net_device *dev) 704static void shutdown_scheduler_queue(struct net_device *dev,
705 struct netdev_queue *dev_queue,
706 void *_qdisc_default)
633{ 707{
634 struct Qdisc *qdisc; 708 struct Qdisc *qdisc = dev_queue->qdisc_sleeping;
709 struct Qdisc *qdisc_default = _qdisc_default;
710
711 if (qdisc) {
712 rcu_assign_pointer(dev_queue->qdisc, qdisc_default);
713 dev_queue->qdisc_sleeping = qdisc_default;
635 714
636 qdisc_lock_tree(dev);
637 qdisc = dev->qdisc_sleeping;
638 dev->qdisc = &noop_qdisc;
639 dev->qdisc_sleeping = &noop_qdisc;
640 qdisc_destroy(qdisc);
641#if defined(CONFIG_NET_SCH_INGRESS) || defined(CONFIG_NET_SCH_INGRESS_MODULE)
642 if ((qdisc = dev->qdisc_ingress) != NULL) {
643 dev->qdisc_ingress = NULL;
644 qdisc_destroy(qdisc); 715 qdisc_destroy(qdisc);
645 } 716 }
646#endif 717}
647 BUG_TRAP(!timer_pending(&dev->watchdog_timer)); 718
648 qdisc_unlock_tree(dev); 719void dev_shutdown(struct net_device *dev)
720{
721 netdev_for_each_tx_queue(dev, shutdown_scheduler_queue, &noop_qdisc);
722 shutdown_scheduler_queue(dev, &dev->rx_queue, &noop_qdisc);
723 WARN_ON(timer_pending(&dev->watchdog_timer));
649} 724}
diff --git a/net/sched/sch_gred.c b/net/sched/sch_gred.c
index 3a9d226ff1e4..c1ad6b8de105 100644
--- a/net/sched/sch_gred.c
+++ b/net/sched/sch_gred.c
@@ -164,7 +164,7 @@ static int gred_enqueue(struct sk_buff *skb, struct Qdisc* sch)
164 * if no default DP has been configured. This 164 * if no default DP has been configured. This
165 * allows for DP flows to be left untouched. 165 * allows for DP flows to be left untouched.
166 */ 166 */
167 if (skb_queue_len(&sch->q) < sch->dev->tx_queue_len) 167 if (skb_queue_len(&sch->q) < qdisc_dev(sch)->tx_queue_len)
168 return qdisc_enqueue_tail(skb, sch); 168 return qdisc_enqueue_tail(skb, sch);
169 else 169 else
170 goto drop; 170 goto drop;
@@ -188,7 +188,7 @@ static int gred_enqueue(struct sk_buff *skb, struct Qdisc* sch)
188 } 188 }
189 189
190 q->packetsin++; 190 q->packetsin++;
191 q->bytesin += skb->len; 191 q->bytesin += qdisc_pkt_len(skb);
192 192
193 if (gred_wred_mode(t)) 193 if (gred_wred_mode(t))
194 gred_load_wred_set(t, q); 194 gred_load_wred_set(t, q);
@@ -226,8 +226,8 @@ static int gred_enqueue(struct sk_buff *skb, struct Qdisc* sch)
226 break; 226 break;
227 } 227 }
228 228
229 if (q->backlog + skb->len <= q->limit) { 229 if (q->backlog + qdisc_pkt_len(skb) <= q->limit) {
230 q->backlog += skb->len; 230 q->backlog += qdisc_pkt_len(skb);
231 return qdisc_enqueue_tail(skb, sch); 231 return qdisc_enqueue_tail(skb, sch);
232 } 232 }
233 233
@@ -254,7 +254,7 @@ static int gred_requeue(struct sk_buff *skb, struct Qdisc* sch)
254 } else { 254 } else {
255 if (red_is_idling(&q->parms)) 255 if (red_is_idling(&q->parms))
256 red_end_of_idle_period(&q->parms); 256 red_end_of_idle_period(&q->parms);
257 q->backlog += skb->len; 257 q->backlog += qdisc_pkt_len(skb);
258 } 258 }
259 259
260 return qdisc_requeue(skb, sch); 260 return qdisc_requeue(skb, sch);
@@ -277,7 +277,7 @@ static struct sk_buff *gred_dequeue(struct Qdisc* sch)
277 "VQ 0x%x after dequeue, screwing up " 277 "VQ 0x%x after dequeue, screwing up "
278 "backlog.\n", tc_index_to_dp(skb)); 278 "backlog.\n", tc_index_to_dp(skb));
279 } else { 279 } else {
280 q->backlog -= skb->len; 280 q->backlog -= qdisc_pkt_len(skb);
281 281
282 if (!q->backlog && !gred_wred_mode(t)) 282 if (!q->backlog && !gred_wred_mode(t))
283 red_start_of_idle_period(&q->parms); 283 red_start_of_idle_period(&q->parms);
@@ -299,7 +299,7 @@ static unsigned int gred_drop(struct Qdisc* sch)
299 299
300 skb = qdisc_dequeue_tail(sch); 300 skb = qdisc_dequeue_tail(sch);
301 if (skb) { 301 if (skb) {
302 unsigned int len = skb->len; 302 unsigned int len = qdisc_pkt_len(skb);
303 struct gred_sched_data *q; 303 struct gred_sched_data *q;
304 u16 dp = tc_index_to_dp(skb); 304 u16 dp = tc_index_to_dp(skb);
305 305
@@ -582,7 +582,8 @@ append_opt:
582 return nla_nest_end(skb, opts); 582 return nla_nest_end(skb, opts);
583 583
584nla_put_failure: 584nla_put_failure:
585 return nla_nest_cancel(skb, opts); 585 nla_nest_cancel(skb, opts);
586 return -EMSGSIZE;
586} 587}
587 588
588static void gred_destroy(struct Qdisc *sch) 589static void gred_destroy(struct Qdisc *sch)
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index 87293d0db1d7..c1e77da8cd09 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -113,7 +113,7 @@ enum hfsc_class_flags
113 113
114struct hfsc_class 114struct hfsc_class
115{ 115{
116 u32 classid; /* class id */ 116 struct Qdisc_class_common cl_common;
117 unsigned int refcnt; /* usage count */ 117 unsigned int refcnt; /* usage count */
118 118
119 struct gnet_stats_basic bstats; 119 struct gnet_stats_basic bstats;
@@ -134,7 +134,6 @@ struct hfsc_class
134 struct rb_node vt_node; /* parent's vt_tree member */ 134 struct rb_node vt_node; /* parent's vt_tree member */
135 struct rb_root cf_tree; /* active children sorted by cl_f */ 135 struct rb_root cf_tree; /* active children sorted by cl_f */
136 struct rb_node cf_node; /* parent's cf_heap member */ 136 struct rb_node cf_node; /* parent's cf_heap member */
137 struct list_head hlist; /* hash list member */
138 struct list_head dlist; /* drop list member */ 137 struct list_head dlist; /* drop list member */
139 138
140 u64 cl_total; /* total work in bytes */ 139 u64 cl_total; /* total work in bytes */
@@ -177,13 +176,11 @@ struct hfsc_class
177 unsigned long cl_nactive; /* number of active children */ 176 unsigned long cl_nactive; /* number of active children */
178}; 177};
179 178
180#define HFSC_HSIZE 16
181
182struct hfsc_sched 179struct hfsc_sched
183{ 180{
184 u16 defcls; /* default class id */ 181 u16 defcls; /* default class id */
185 struct hfsc_class root; /* root class */ 182 struct hfsc_class root; /* root class */
186 struct list_head clhash[HFSC_HSIZE]; /* class hash */ 183 struct Qdisc_class_hash clhash; /* class hash */
187 struct rb_root eligible; /* eligible tree */ 184 struct rb_root eligible; /* eligible tree */
188 struct list_head droplist; /* active leaf class list (for 185 struct list_head droplist; /* active leaf class list (for
189 dropping) */ 186 dropping) */
@@ -898,7 +895,7 @@ qdisc_peek_len(struct Qdisc *sch)
898 printk("qdisc_peek_len: non work-conserving qdisc ?\n"); 895 printk("qdisc_peek_len: non work-conserving qdisc ?\n");
899 return 0; 896 return 0;
900 } 897 }
901 len = skb->len; 898 len = qdisc_pkt_len(skb);
902 if (unlikely(sch->ops->requeue(skb, sch) != NET_XMIT_SUCCESS)) { 899 if (unlikely(sch->ops->requeue(skb, sch) != NET_XMIT_SUCCESS)) {
903 if (net_ratelimit()) 900 if (net_ratelimit())
904 printk("qdisc_peek_len: failed to requeue\n"); 901 printk("qdisc_peek_len: failed to requeue\n");
@@ -933,26 +930,16 @@ hfsc_adjust_levels(struct hfsc_class *cl)
933 } while ((cl = cl->cl_parent) != NULL); 930 } while ((cl = cl->cl_parent) != NULL);
934} 931}
935 932
936static inline unsigned int
937hfsc_hash(u32 h)
938{
939 h ^= h >> 8;
940 h ^= h >> 4;
941
942 return h & (HFSC_HSIZE - 1);
943}
944
945static inline struct hfsc_class * 933static inline struct hfsc_class *
946hfsc_find_class(u32 classid, struct Qdisc *sch) 934hfsc_find_class(u32 classid, struct Qdisc *sch)
947{ 935{
948 struct hfsc_sched *q = qdisc_priv(sch); 936 struct hfsc_sched *q = qdisc_priv(sch);
949 struct hfsc_class *cl; 937 struct Qdisc_class_common *clc;
950 938
951 list_for_each_entry(cl, &q->clhash[hfsc_hash(classid)], hlist) { 939 clc = qdisc_class_find(&q->clhash, classid);
952 if (cl->classid == classid) 940 if (clc == NULL)
953 return cl; 941 return NULL;
954 } 942 return container_of(clc, struct hfsc_class, cl_common);
955 return NULL;
956} 943}
957 944
958static void 945static void
@@ -1032,7 +1019,8 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
1032 1019
1033 if (cl != NULL) { 1020 if (cl != NULL) {
1034 if (parentid) { 1021 if (parentid) {
1035 if (cl->cl_parent && cl->cl_parent->classid != parentid) 1022 if (cl->cl_parent &&
1023 cl->cl_parent->cl_common.classid != parentid)
1036 return -EINVAL; 1024 return -EINVAL;
1037 if (cl->cl_parent == NULL && parentid != TC_H_ROOT) 1025 if (cl->cl_parent == NULL && parentid != TC_H_ROOT)
1038 return -EINVAL; 1026 return -EINVAL;
@@ -1057,7 +1045,7 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
1057 1045
1058 if (tca[TCA_RATE]) 1046 if (tca[TCA_RATE])
1059 gen_replace_estimator(&cl->bstats, &cl->rate_est, 1047 gen_replace_estimator(&cl->bstats, &cl->rate_est,
1060 &sch->dev->queue_lock, 1048 qdisc_root_sleeping_lock(sch),
1061 tca[TCA_RATE]); 1049 tca[TCA_RATE]);
1062 return 0; 1050 return 0;
1063 } 1051 }
@@ -1091,11 +1079,12 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
1091 if (usc != NULL) 1079 if (usc != NULL)
1092 hfsc_change_usc(cl, usc, 0); 1080 hfsc_change_usc(cl, usc, 0);
1093 1081
1082 cl->cl_common.classid = classid;
1094 cl->refcnt = 1; 1083 cl->refcnt = 1;
1095 cl->classid = classid;
1096 cl->sched = q; 1084 cl->sched = q;
1097 cl->cl_parent = parent; 1085 cl->cl_parent = parent;
1098 cl->qdisc = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, classid); 1086 cl->qdisc = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1087 &pfifo_qdisc_ops, classid);
1099 if (cl->qdisc == NULL) 1088 if (cl->qdisc == NULL)
1100 cl->qdisc = &noop_qdisc; 1089 cl->qdisc = &noop_qdisc;
1101 INIT_LIST_HEAD(&cl->children); 1090 INIT_LIST_HEAD(&cl->children);
@@ -1103,7 +1092,7 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
1103 cl->cf_tree = RB_ROOT; 1092 cl->cf_tree = RB_ROOT;
1104 1093
1105 sch_tree_lock(sch); 1094 sch_tree_lock(sch);
1106 list_add_tail(&cl->hlist, &q->clhash[hfsc_hash(classid)]); 1095 qdisc_class_hash_insert(&q->clhash, &cl->cl_common);
1107 list_add_tail(&cl->siblings, &parent->children); 1096 list_add_tail(&cl->siblings, &parent->children);
1108 if (parent->level == 0) 1097 if (parent->level == 0)
1109 hfsc_purge_queue(sch, parent); 1098 hfsc_purge_queue(sch, parent);
@@ -1111,9 +1100,11 @@ hfsc_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
1111 cl->cl_pcvtoff = parent->cl_cvtoff; 1100 cl->cl_pcvtoff = parent->cl_cvtoff;
1112 sch_tree_unlock(sch); 1101 sch_tree_unlock(sch);
1113 1102
1103 qdisc_class_hash_grow(sch, &q->clhash);
1104
1114 if (tca[TCA_RATE]) 1105 if (tca[TCA_RATE])
1115 gen_new_estimator(&cl->bstats, &cl->rate_est, 1106 gen_new_estimator(&cl->bstats, &cl->rate_est,
1116 &sch->dev->queue_lock, tca[TCA_RATE]); 1107 qdisc_root_sleeping_lock(sch), tca[TCA_RATE]);
1117 *arg = (unsigned long)cl; 1108 *arg = (unsigned long)cl;
1118 return 0; 1109 return 0;
1119} 1110}
@@ -1123,7 +1114,7 @@ hfsc_destroy_class(struct Qdisc *sch, struct hfsc_class *cl)
1123{ 1114{
1124 struct hfsc_sched *q = qdisc_priv(sch); 1115 struct hfsc_sched *q = qdisc_priv(sch);
1125 1116
1126 tcf_destroy_chain(cl->filter_list); 1117 tcf_destroy_chain(&cl->filter_list);
1127 qdisc_destroy(cl->qdisc); 1118 qdisc_destroy(cl->qdisc);
1128 gen_kill_estimator(&cl->bstats, &cl->rate_est); 1119 gen_kill_estimator(&cl->bstats, &cl->rate_est);
1129 if (cl != &q->root) 1120 if (cl != &q->root)
@@ -1145,7 +1136,7 @@ hfsc_delete_class(struct Qdisc *sch, unsigned long arg)
1145 hfsc_adjust_levels(cl->cl_parent); 1136 hfsc_adjust_levels(cl->cl_parent);
1146 1137
1147 hfsc_purge_queue(sch, cl); 1138 hfsc_purge_queue(sch, cl);
1148 list_del(&cl->hlist); 1139 qdisc_class_hash_remove(&q->clhash, &cl->cl_common);
1149 1140
1150 if (--cl->refcnt == 0) 1141 if (--cl->refcnt == 0)
1151 hfsc_destroy_class(sch, cl); 1142 hfsc_destroy_class(sch, cl);
@@ -1168,14 +1159,14 @@ hfsc_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
1168 if (cl->level == 0) 1159 if (cl->level == 0)
1169 return cl; 1160 return cl;
1170 1161
1171 *qerr = NET_XMIT_BYPASS; 1162 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
1172 tcf = q->root.filter_list; 1163 tcf = q->root.filter_list;
1173 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) { 1164 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) {
1174#ifdef CONFIG_NET_CLS_ACT 1165#ifdef CONFIG_NET_CLS_ACT
1175 switch (result) { 1166 switch (result) {
1176 case TC_ACT_QUEUED: 1167 case TC_ACT_QUEUED:
1177 case TC_ACT_STOLEN: 1168 case TC_ACT_STOLEN:
1178 *qerr = NET_XMIT_SUCCESS; 1169 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
1179 case TC_ACT_SHOT: 1170 case TC_ACT_SHOT:
1180 return NULL; 1171 return NULL;
1181 } 1172 }
@@ -1211,8 +1202,9 @@ hfsc_graft_class(struct Qdisc *sch, unsigned long arg, struct Qdisc *new,
1211 if (cl->level > 0) 1202 if (cl->level > 0)
1212 return -EINVAL; 1203 return -EINVAL;
1213 if (new == NULL) { 1204 if (new == NULL) {
1214 new = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 1205 new = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1215 cl->classid); 1206 &pfifo_qdisc_ops,
1207 cl->cl_common.classid);
1216 if (new == NULL) 1208 if (new == NULL)
1217 new = &noop_qdisc; 1209 new = &noop_qdisc;
1218 } 1210 }
@@ -1345,8 +1337,9 @@ hfsc_dump_class(struct Qdisc *sch, unsigned long arg, struct sk_buff *skb,
1345 struct hfsc_class *cl = (struct hfsc_class *)arg; 1337 struct hfsc_class *cl = (struct hfsc_class *)arg;
1346 struct nlattr *nest; 1338 struct nlattr *nest;
1347 1339
1348 tcm->tcm_parent = cl->cl_parent ? cl->cl_parent->classid : TC_H_ROOT; 1340 tcm->tcm_parent = cl->cl_parent ? cl->cl_parent->cl_common.classid :
1349 tcm->tcm_handle = cl->classid; 1341 TC_H_ROOT;
1342 tcm->tcm_handle = cl->cl_common.classid;
1350 if (cl->level == 0) 1343 if (cl->level == 0)
1351 tcm->tcm_info = cl->qdisc->handle; 1344 tcm->tcm_info = cl->qdisc->handle;
1352 1345
@@ -1360,7 +1353,7 @@ hfsc_dump_class(struct Qdisc *sch, unsigned long arg, struct sk_buff *skb,
1360 1353
1361 nla_put_failure: 1354 nla_put_failure:
1362 nla_nest_cancel(skb, nest); 1355 nla_nest_cancel(skb, nest);
1363 return -1; 1356 return -EMSGSIZE;
1364} 1357}
1365 1358
1366static int 1359static int
@@ -1390,14 +1383,16 @@ static void
1390hfsc_walk(struct Qdisc *sch, struct qdisc_walker *arg) 1383hfsc_walk(struct Qdisc *sch, struct qdisc_walker *arg)
1391{ 1384{
1392 struct hfsc_sched *q = qdisc_priv(sch); 1385 struct hfsc_sched *q = qdisc_priv(sch);
1386 struct hlist_node *n;
1393 struct hfsc_class *cl; 1387 struct hfsc_class *cl;
1394 unsigned int i; 1388 unsigned int i;
1395 1389
1396 if (arg->stop) 1390 if (arg->stop)
1397 return; 1391 return;
1398 1392
1399 for (i = 0; i < HFSC_HSIZE; i++) { 1393 for (i = 0; i < q->clhash.hashsize; i++) {
1400 list_for_each_entry(cl, &q->clhash[i], hlist) { 1394 hlist_for_each_entry(cl, n, &q->clhash.hash[i],
1395 cl_common.hnode) {
1401 if (arg->count < arg->skip) { 1396 if (arg->count < arg->skip) {
1402 arg->count++; 1397 arg->count++;
1403 continue; 1398 continue;
@@ -1433,23 +1428,25 @@ hfsc_init_qdisc(struct Qdisc *sch, struct nlattr *opt)
1433{ 1428{
1434 struct hfsc_sched *q = qdisc_priv(sch); 1429 struct hfsc_sched *q = qdisc_priv(sch);
1435 struct tc_hfsc_qopt *qopt; 1430 struct tc_hfsc_qopt *qopt;
1436 unsigned int i; 1431 int err;
1437 1432
1438 if (opt == NULL || nla_len(opt) < sizeof(*qopt)) 1433 if (opt == NULL || nla_len(opt) < sizeof(*qopt))
1439 return -EINVAL; 1434 return -EINVAL;
1440 qopt = nla_data(opt); 1435 qopt = nla_data(opt);
1441 1436
1442 q->defcls = qopt->defcls; 1437 q->defcls = qopt->defcls;
1443 for (i = 0; i < HFSC_HSIZE; i++) 1438 err = qdisc_class_hash_init(&q->clhash);
1444 INIT_LIST_HEAD(&q->clhash[i]); 1439 if (err < 0)
1440 return err;
1445 q->eligible = RB_ROOT; 1441 q->eligible = RB_ROOT;
1446 INIT_LIST_HEAD(&q->droplist); 1442 INIT_LIST_HEAD(&q->droplist);
1447 skb_queue_head_init(&q->requeue); 1443 skb_queue_head_init(&q->requeue);
1448 1444
1445 q->root.cl_common.classid = sch->handle;
1449 q->root.refcnt = 1; 1446 q->root.refcnt = 1;
1450 q->root.classid = sch->handle;
1451 q->root.sched = q; 1447 q->root.sched = q;
1452 q->root.qdisc = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 1448 q->root.qdisc = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1449 &pfifo_qdisc_ops,
1453 sch->handle); 1450 sch->handle);
1454 if (q->root.qdisc == NULL) 1451 if (q->root.qdisc == NULL)
1455 q->root.qdisc = &noop_qdisc; 1452 q->root.qdisc = &noop_qdisc;
@@ -1457,7 +1454,8 @@ hfsc_init_qdisc(struct Qdisc *sch, struct nlattr *opt)
1457 q->root.vt_tree = RB_ROOT; 1454 q->root.vt_tree = RB_ROOT;
1458 q->root.cf_tree = RB_ROOT; 1455 q->root.cf_tree = RB_ROOT;
1459 1456
1460 list_add(&q->root.hlist, &q->clhash[hfsc_hash(q->root.classid)]); 1457 qdisc_class_hash_insert(&q->clhash, &q->root.cl_common);
1458 qdisc_class_hash_grow(sch, &q->clhash);
1461 1459
1462 qdisc_watchdog_init(&q->watchdog, sch); 1460 qdisc_watchdog_init(&q->watchdog, sch);
1463 1461
@@ -1520,10 +1518,11 @@ hfsc_reset_qdisc(struct Qdisc *sch)
1520{ 1518{
1521 struct hfsc_sched *q = qdisc_priv(sch); 1519 struct hfsc_sched *q = qdisc_priv(sch);
1522 struct hfsc_class *cl; 1520 struct hfsc_class *cl;
1521 struct hlist_node *n;
1523 unsigned int i; 1522 unsigned int i;
1524 1523
1525 for (i = 0; i < HFSC_HSIZE; i++) { 1524 for (i = 0; i < q->clhash.hashsize; i++) {
1526 list_for_each_entry(cl, &q->clhash[i], hlist) 1525 hlist_for_each_entry(cl, n, &q->clhash.hash[i], cl_common.hnode)
1527 hfsc_reset_class(cl); 1526 hfsc_reset_class(cl);
1528 } 1527 }
1529 __skb_queue_purge(&q->requeue); 1528 __skb_queue_purge(&q->requeue);
@@ -1537,13 +1536,20 @@ static void
1537hfsc_destroy_qdisc(struct Qdisc *sch) 1536hfsc_destroy_qdisc(struct Qdisc *sch)
1538{ 1537{
1539 struct hfsc_sched *q = qdisc_priv(sch); 1538 struct hfsc_sched *q = qdisc_priv(sch);
1540 struct hfsc_class *cl, *next; 1539 struct hlist_node *n, *next;
1540 struct hfsc_class *cl;
1541 unsigned int i; 1541 unsigned int i;
1542 1542
1543 for (i = 0; i < HFSC_HSIZE; i++) { 1543 for (i = 0; i < q->clhash.hashsize; i++) {
1544 list_for_each_entry_safe(cl, next, &q->clhash[i], hlist) 1544 hlist_for_each_entry(cl, n, &q->clhash.hash[i], cl_common.hnode)
1545 tcf_destroy_chain(&cl->filter_list);
1546 }
1547 for (i = 0; i < q->clhash.hashsize; i++) {
1548 hlist_for_each_entry_safe(cl, n, next, &q->clhash.hash[i],
1549 cl_common.hnode)
1545 hfsc_destroy_class(sch, cl); 1550 hfsc_destroy_class(sch, cl);
1546 } 1551 }
1552 qdisc_class_hash_destroy(&q->clhash);
1547 __skb_queue_purge(&q->requeue); 1553 __skb_queue_purge(&q->requeue);
1548 qdisc_watchdog_cancel(&q->watchdog); 1554 qdisc_watchdog_cancel(&q->watchdog);
1549} 1555}
@@ -1568,32 +1574,32 @@ static int
1568hfsc_enqueue(struct sk_buff *skb, struct Qdisc *sch) 1574hfsc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
1569{ 1575{
1570 struct hfsc_class *cl; 1576 struct hfsc_class *cl;
1571 unsigned int len;
1572 int err; 1577 int err;
1573 1578
1574 cl = hfsc_classify(skb, sch, &err); 1579 cl = hfsc_classify(skb, sch, &err);
1575 if (cl == NULL) { 1580 if (cl == NULL) {
1576 if (err == NET_XMIT_BYPASS) 1581 if (err & __NET_XMIT_BYPASS)
1577 sch->qstats.drops++; 1582 sch->qstats.drops++;
1578 kfree_skb(skb); 1583 kfree_skb(skb);
1579 return err; 1584 return err;
1580 } 1585 }
1581 1586
1582 len = skb->len; 1587 err = qdisc_enqueue(skb, cl->qdisc);
1583 err = cl->qdisc->enqueue(skb, cl->qdisc);
1584 if (unlikely(err != NET_XMIT_SUCCESS)) { 1588 if (unlikely(err != NET_XMIT_SUCCESS)) {
1585 cl->qstats.drops++; 1589 if (net_xmit_drop_count(err)) {
1586 sch->qstats.drops++; 1590 cl->qstats.drops++;
1591 sch->qstats.drops++;
1592 }
1587 return err; 1593 return err;
1588 } 1594 }
1589 1595
1590 if (cl->qdisc->q.qlen == 1) 1596 if (cl->qdisc->q.qlen == 1)
1591 set_active(cl, len); 1597 set_active(cl, qdisc_pkt_len(skb));
1592 1598
1593 cl->bstats.packets++; 1599 cl->bstats.packets++;
1594 cl->bstats.bytes += len; 1600 cl->bstats.bytes += qdisc_pkt_len(skb);
1595 sch->bstats.packets++; 1601 sch->bstats.packets++;
1596 sch->bstats.bytes += len; 1602 sch->bstats.bytes += qdisc_pkt_len(skb);
1597 sch->q.qlen++; 1603 sch->q.qlen++;
1598 1604
1599 return NET_XMIT_SUCCESS; 1605 return NET_XMIT_SUCCESS;
@@ -1643,9 +1649,9 @@ hfsc_dequeue(struct Qdisc *sch)
1643 return NULL; 1649 return NULL;
1644 } 1650 }
1645 1651
1646 update_vf(cl, skb->len, cur_time); 1652 update_vf(cl, qdisc_pkt_len(skb), cur_time);
1647 if (realtime) 1653 if (realtime)
1648 cl->cl_cumul += skb->len; 1654 cl->cl_cumul += qdisc_pkt_len(skb);
1649 1655
1650 if (cl->qdisc->q.qlen != 0) { 1656 if (cl->qdisc->q.qlen != 0) {
1651 if (cl->cl_flags & HFSC_RSC) { 1657 if (cl->cl_flags & HFSC_RSC) {
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index 5bc1ed490180..d14f02056ae6 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -24,10 +24,9 @@
24 * Jiri Fojtasek 24 * Jiri Fojtasek
25 * fixed requeue routine 25 * fixed requeue routine
26 * and many others. thanks. 26 * and many others. thanks.
27 *
28 * $Id: sch_htb.c,v 1.25 2003/12/07 11:08:25 devik Exp devik $
29 */ 27 */
30#include <linux/module.h> 28#include <linux/module.h>
29#include <linux/moduleparam.h>
31#include <linux/types.h> 30#include <linux/types.h>
32#include <linux/kernel.h> 31#include <linux/kernel.h>
33#include <linux/string.h> 32#include <linux/string.h>
@@ -52,14 +51,17 @@
52 one less than their parent. 51 one less than their parent.
53*/ 52*/
54 53
55#define HTB_HSIZE 16 /* classid hash size */ 54static int htb_hysteresis __read_mostly = 0; /* whether to use mode hysteresis for speedup */
56#define HTB_HYSTERESIS 1 /* whether to use mode hysteresis for speedup */
57#define HTB_VER 0x30011 /* major must be matched with number suplied by TC as version */ 55#define HTB_VER 0x30011 /* major must be matched with number suplied by TC as version */
58 56
59#if HTB_VER >> 16 != TC_HTB_PROTOVER 57#if HTB_VER >> 16 != TC_HTB_PROTOVER
60#error "Mismatched sch_htb.c and pkt_sch.h" 58#error "Mismatched sch_htb.c and pkt_sch.h"
61#endif 59#endif
62 60
61/* Module parameter and sysfs export */
62module_param (htb_hysteresis, int, 0640);
63MODULE_PARM_DESC(htb_hysteresis, "Hysteresis mode, less CPU load, less accurate");
64
63/* used internaly to keep status of single class */ 65/* used internaly to keep status of single class */
64enum htb_cmode { 66enum htb_cmode {
65 HTB_CANT_SEND, /* class can't send and can't borrow */ 67 HTB_CANT_SEND, /* class can't send and can't borrow */
@@ -69,8 +71,8 @@ enum htb_cmode {
69 71
70/* interior & leaf nodes; props specific to leaves are marked L: */ 72/* interior & leaf nodes; props specific to leaves are marked L: */
71struct htb_class { 73struct htb_class {
74 struct Qdisc_class_common common;
72 /* general class parameters */ 75 /* general class parameters */
73 u32 classid;
74 struct gnet_stats_basic bstats; 76 struct gnet_stats_basic bstats;
75 struct gnet_stats_queue qstats; 77 struct gnet_stats_queue qstats;
76 struct gnet_stats_rate_est rate_est; 78 struct gnet_stats_rate_est rate_est;
@@ -79,10 +81,8 @@ struct htb_class {
79 81
80 /* topology */ 82 /* topology */
81 int level; /* our level (see above) */ 83 int level; /* our level (see above) */
84 unsigned int children;
82 struct htb_class *parent; /* parent class */ 85 struct htb_class *parent; /* parent class */
83 struct hlist_node hlist; /* classid hash list item */
84 struct list_head sibling; /* sibling list item */
85 struct list_head children; /* children list */
86 86
87 union { 87 union {
88 struct htb_class_leaf { 88 struct htb_class_leaf {
@@ -137,8 +137,7 @@ static inline long L2T(struct htb_class *cl, struct qdisc_rate_table *rate,
137} 137}
138 138
139struct htb_sched { 139struct htb_sched {
140 struct list_head root; /* root classes list */ 140 struct Qdisc_class_hash clhash;
141 struct hlist_head hash[HTB_HSIZE]; /* hashed by classid */
142 struct list_head drops[TC_HTB_NUMPRIO];/* active leaves (for drops) */ 141 struct list_head drops[TC_HTB_NUMPRIO];/* active leaves (for drops) */
143 142
144 /* self list - roots of self generating tree */ 143 /* self list - roots of self generating tree */
@@ -160,7 +159,6 @@ struct htb_sched {
160 159
161 /* filters for qdisc itself */ 160 /* filters for qdisc itself */
162 struct tcf_proto *filter_list; 161 struct tcf_proto *filter_list;
163 int filter_cnt;
164 162
165 int rate2quantum; /* quant = rate / rate2quantum */ 163 int rate2quantum; /* quant = rate / rate2quantum */
166 psched_time_t now; /* cached dequeue time */ 164 psched_time_t now; /* cached dequeue time */
@@ -173,32 +171,16 @@ struct htb_sched {
173 long direct_pkts; 171 long direct_pkts;
174}; 172};
175 173
176/* compute hash of size HTB_HSIZE for given handle */
177static inline int htb_hash(u32 h)
178{
179#if HTB_HSIZE != 16
180#error "Declare new hash for your HTB_HSIZE"
181#endif
182 h ^= h >> 8; /* stolen from cbq_hash */
183 h ^= h >> 4;
184 return h & 0xf;
185}
186
187/* find class in global hash table using given handle */ 174/* find class in global hash table using given handle */
188static inline struct htb_class *htb_find(u32 handle, struct Qdisc *sch) 175static inline struct htb_class *htb_find(u32 handle, struct Qdisc *sch)
189{ 176{
190 struct htb_sched *q = qdisc_priv(sch); 177 struct htb_sched *q = qdisc_priv(sch);
191 struct hlist_node *p; 178 struct Qdisc_class_common *clc;
192 struct htb_class *cl;
193 179
194 if (TC_H_MAJ(handle) != sch->handle) 180 clc = qdisc_class_find(&q->clhash, handle);
181 if (clc == NULL)
195 return NULL; 182 return NULL;
196 183 return container_of(clc, struct htb_class, common);
197 hlist_for_each_entry(cl, p, q->hash + htb_hash(handle), hlist) {
198 if (cl->classid == handle)
199 return cl;
200 }
201 return NULL;
202} 184}
203 185
204/** 186/**
@@ -232,14 +214,14 @@ static struct htb_class *htb_classify(struct sk_buff *skb, struct Qdisc *sch,
232 if ((cl = htb_find(skb->priority, sch)) != NULL && cl->level == 0) 214 if ((cl = htb_find(skb->priority, sch)) != NULL && cl->level == 0)
233 return cl; 215 return cl;
234 216
235 *qerr = NET_XMIT_BYPASS; 217 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
236 tcf = q->filter_list; 218 tcf = q->filter_list;
237 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) { 219 while (tcf && (result = tc_classify(skb, tcf, &res)) >= 0) {
238#ifdef CONFIG_NET_CLS_ACT 220#ifdef CONFIG_NET_CLS_ACT
239 switch (result) { 221 switch (result) {
240 case TC_ACT_QUEUED: 222 case TC_ACT_QUEUED:
241 case TC_ACT_STOLEN: 223 case TC_ACT_STOLEN:
242 *qerr = NET_XMIT_SUCCESS; 224 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
243 case TC_ACT_SHOT: 225 case TC_ACT_SHOT:
244 return NULL; 226 return NULL;
245 } 227 }
@@ -279,7 +261,7 @@ static void htb_add_to_id_tree(struct rb_root *root,
279 parent = *p; 261 parent = *p;
280 c = rb_entry(parent, struct htb_class, node[prio]); 262 c = rb_entry(parent, struct htb_class, node[prio]);
281 263
282 if (cl->classid > c->classid) 264 if (cl->common.classid > c->common.classid)
283 p = &parent->rb_right; 265 p = &parent->rb_right;
284 else 266 else
285 p = &parent->rb_left; 267 p = &parent->rb_left;
@@ -443,7 +425,7 @@ static void htb_deactivate_prios(struct htb_sched *q, struct htb_class *cl)
443 /* we are removing child which is pointed to from 425 /* we are removing child which is pointed to from
444 parent feed - forget the pointer but remember 426 parent feed - forget the pointer but remember
445 classid */ 427 classid */
446 p->un.inner.last_ptr_id[prio] = cl->classid; 428 p->un.inner.last_ptr_id[prio] = cl->common.classid;
447 p->un.inner.ptr[prio] = NULL; 429 p->un.inner.ptr[prio] = NULL;
448 } 430 }
449 431
@@ -462,19 +444,21 @@ static void htb_deactivate_prios(struct htb_sched *q, struct htb_class *cl)
462 htb_remove_class_from_row(q, cl, mask); 444 htb_remove_class_from_row(q, cl, mask);
463} 445}
464 446
465#if HTB_HYSTERESIS
466static inline long htb_lowater(const struct htb_class *cl) 447static inline long htb_lowater(const struct htb_class *cl)
467{ 448{
468 return cl->cmode != HTB_CANT_SEND ? -cl->cbuffer : 0; 449 if (htb_hysteresis)
450 return cl->cmode != HTB_CANT_SEND ? -cl->cbuffer : 0;
451 else
452 return 0;
469} 453}
470static inline long htb_hiwater(const struct htb_class *cl) 454static inline long htb_hiwater(const struct htb_class *cl)
471{ 455{
472 return cl->cmode == HTB_CAN_SEND ? -cl->buffer : 0; 456 if (htb_hysteresis)
457 return cl->cmode == HTB_CAN_SEND ? -cl->buffer : 0;
458 else
459 return 0;
473} 460}
474#else 461
475#define htb_lowater(cl) (0)
476#define htb_hiwater(cl) (0)
477#endif
478 462
479/** 463/**
480 * htb_class_mode - computes and returns current class mode 464 * htb_class_mode - computes and returns current class mode
@@ -540,7 +524,7 @@ htb_change_class_mode(struct htb_sched *q, struct htb_class *cl, long *diff)
540 */ 524 */
541static inline void htb_activate(struct htb_sched *q, struct htb_class *cl) 525static inline void htb_activate(struct htb_sched *q, struct htb_class *cl)
542{ 526{
543 BUG_TRAP(!cl->level && cl->un.leaf.q && cl->un.leaf.q->q.qlen); 527 WARN_ON(cl->level || !cl->un.leaf.q || !cl->un.leaf.q->q.qlen);
544 528
545 if (!cl->prio_activity) { 529 if (!cl->prio_activity) {
546 cl->prio_activity = 1 << (cl->un.leaf.aprio = cl->un.leaf.prio); 530 cl->prio_activity = 1 << (cl->un.leaf.aprio = cl->un.leaf.prio);
@@ -558,7 +542,7 @@ static inline void htb_activate(struct htb_sched *q, struct htb_class *cl)
558 */ 542 */
559static inline void htb_deactivate(struct htb_sched *q, struct htb_class *cl) 543static inline void htb_deactivate(struct htb_sched *q, struct htb_class *cl)
560{ 544{
561 BUG_TRAP(cl->prio_activity); 545 WARN_ON(!cl->prio_activity);
562 546
563 htb_deactivate_prios(q, cl); 547 htb_deactivate_prios(q, cl);
564 cl->prio_activity = 0; 548 cl->prio_activity = 0;
@@ -583,26 +567,27 @@ static int htb_enqueue(struct sk_buff *skb, struct Qdisc *sch)
583 } 567 }
584#ifdef CONFIG_NET_CLS_ACT 568#ifdef CONFIG_NET_CLS_ACT
585 } else if (!cl) { 569 } else if (!cl) {
586 if (ret == NET_XMIT_BYPASS) 570 if (ret & __NET_XMIT_BYPASS)
587 sch->qstats.drops++; 571 sch->qstats.drops++;
588 kfree_skb(skb); 572 kfree_skb(skb);
589 return ret; 573 return ret;
590#endif 574#endif
591 } else if (cl->un.leaf.q->enqueue(skb, cl->un.leaf.q) != 575 } else if ((ret = qdisc_enqueue(skb, cl->un.leaf.q)) != NET_XMIT_SUCCESS) {
592 NET_XMIT_SUCCESS) { 576 if (net_xmit_drop_count(ret)) {
593 sch->qstats.drops++; 577 sch->qstats.drops++;
594 cl->qstats.drops++; 578 cl->qstats.drops++;
595 return NET_XMIT_DROP; 579 }
580 return ret;
596 } else { 581 } else {
597 cl->bstats.packets += 582 cl->bstats.packets +=
598 skb_is_gso(skb)?skb_shinfo(skb)->gso_segs:1; 583 skb_is_gso(skb)?skb_shinfo(skb)->gso_segs:1;
599 cl->bstats.bytes += skb->len; 584 cl->bstats.bytes += qdisc_pkt_len(skb);
600 htb_activate(q, cl); 585 htb_activate(q, cl);
601 } 586 }
602 587
603 sch->q.qlen++; 588 sch->q.qlen++;
604 sch->bstats.packets += skb_is_gso(skb)?skb_shinfo(skb)->gso_segs:1; 589 sch->bstats.packets += skb_is_gso(skb)?skb_shinfo(skb)->gso_segs:1;
605 sch->bstats.bytes += skb->len; 590 sch->bstats.bytes += qdisc_pkt_len(skb);
606 return NET_XMIT_SUCCESS; 591 return NET_XMIT_SUCCESS;
607} 592}
608 593
@@ -627,16 +612,18 @@ static int htb_requeue(struct sk_buff *skb, struct Qdisc *sch)
627 } 612 }
628#ifdef CONFIG_NET_CLS_ACT 613#ifdef CONFIG_NET_CLS_ACT
629 } else if (!cl) { 614 } else if (!cl) {
630 if (ret == NET_XMIT_BYPASS) 615 if (ret & __NET_XMIT_BYPASS)
631 sch->qstats.drops++; 616 sch->qstats.drops++;
632 kfree_skb(skb); 617 kfree_skb(skb);
633 return ret; 618 return ret;
634#endif 619#endif
635 } else if (cl->un.leaf.q->ops->requeue(skb, cl->un.leaf.q) != 620 } else if ((ret = cl->un.leaf.q->ops->requeue(skb, cl->un.leaf.q)) !=
636 NET_XMIT_SUCCESS) { 621 NET_XMIT_SUCCESS) {
637 sch->qstats.drops++; 622 if (net_xmit_drop_count(ret)) {
638 cl->qstats.drops++; 623 sch->qstats.drops++;
639 return NET_XMIT_DROP; 624 cl->qstats.drops++;
625 }
626 return ret;
640 } else 627 } else
641 htb_activate(q, cl); 628 htb_activate(q, cl);
642 629
@@ -659,7 +646,7 @@ static int htb_requeue(struct sk_buff *skb, struct Qdisc *sch)
659static void htb_charge_class(struct htb_sched *q, struct htb_class *cl, 646static void htb_charge_class(struct htb_sched *q, struct htb_class *cl,
660 int level, struct sk_buff *skb) 647 int level, struct sk_buff *skb)
661{ 648{
662 int bytes = skb->len; 649 int bytes = qdisc_pkt_len(skb);
663 long toks, diff; 650 long toks, diff;
664 enum htb_cmode old_mode; 651 enum htb_cmode old_mode;
665 652
@@ -746,10 +733,10 @@ static struct rb_node *htb_id_find_next_upper(int prio, struct rb_node *n,
746 while (n) { 733 while (n) {
747 struct htb_class *cl = 734 struct htb_class *cl =
748 rb_entry(n, struct htb_class, node[prio]); 735 rb_entry(n, struct htb_class, node[prio]);
749 if (id == cl->classid) 736 if (id == cl->common.classid)
750 return n; 737 return n;
751 738
752 if (id > cl->classid) { 739 if (id > cl->common.classid) {
753 n = n->rb_right; 740 n = n->rb_right;
754 } else { 741 } else {
755 r = n; 742 r = n;
@@ -774,7 +761,7 @@ static struct htb_class *htb_lookup_leaf(struct rb_root *tree, int prio,
774 u32 *pid; 761 u32 *pid;
775 } stk[TC_HTB_MAXDEPTH], *sp = stk; 762 } stk[TC_HTB_MAXDEPTH], *sp = stk;
776 763
777 BUG_TRAP(tree->rb_node); 764 WARN_ON(!tree->rb_node);
778 sp->root = tree->rb_node; 765 sp->root = tree->rb_node;
779 sp->pptr = pptr; 766 sp->pptr = pptr;
780 sp->pid = pid; 767 sp->pid = pid;
@@ -794,7 +781,7 @@ static struct htb_class *htb_lookup_leaf(struct rb_root *tree, int prio,
794 *sp->pptr = (*sp->pptr)->rb_left; 781 *sp->pptr = (*sp->pptr)->rb_left;
795 if (sp > stk) { 782 if (sp > stk) {
796 sp--; 783 sp--;
797 BUG_TRAP(*sp->pptr); 784 WARN_ON(!*sp->pptr);
798 if (!*sp->pptr) 785 if (!*sp->pptr)
799 return NULL; 786 return NULL;
800 htb_next_rb_node(sp->pptr); 787 htb_next_rb_node(sp->pptr);
@@ -809,7 +796,7 @@ static struct htb_class *htb_lookup_leaf(struct rb_root *tree, int prio,
809 sp->pid = cl->un.inner.last_ptr_id + prio; 796 sp->pid = cl->un.inner.last_ptr_id + prio;
810 } 797 }
811 } 798 }
812 BUG_TRAP(0); 799 WARN_ON(1);
813 return NULL; 800 return NULL;
814} 801}
815 802
@@ -827,7 +814,7 @@ static struct sk_buff *htb_dequeue_tree(struct htb_sched *q, int prio,
827 814
828 do { 815 do {
829next: 816next:
830 BUG_TRAP(cl); 817 WARN_ON(!cl);
831 if (!cl) 818 if (!cl)
832 return NULL; 819 return NULL;
833 820
@@ -859,7 +846,7 @@ next:
859 if (!cl->warned) { 846 if (!cl->warned) {
860 printk(KERN_WARNING 847 printk(KERN_WARNING
861 "htb: class %X isn't work conserving ?!\n", 848 "htb: class %X isn't work conserving ?!\n",
862 cl->classid); 849 cl->common.classid);
863 cl->warned = 1; 850 cl->warned = 1;
864 } 851 }
865 q->nwc_hit++; 852 q->nwc_hit++;
@@ -872,7 +859,8 @@ next:
872 } while (cl != start); 859 } while (cl != start);
873 860
874 if (likely(skb != NULL)) { 861 if (likely(skb != NULL)) {
875 if ((cl->un.leaf.deficit[level] -= skb->len) < 0) { 862 cl->un.leaf.deficit[level] -= qdisc_pkt_len(skb);
863 if (cl->un.leaf.deficit[level] < 0) {
876 cl->un.leaf.deficit[level] += cl->un.leaf.quantum; 864 cl->un.leaf.deficit[level] += cl->un.leaf.quantum;
877 htb_next_rb_node((level ? cl->parent->un.inner.ptr : q-> 865 htb_next_rb_node((level ? cl->parent->un.inner.ptr : q->
878 ptr[0]) + prio); 866 ptr[0]) + prio);
@@ -970,13 +958,12 @@ static unsigned int htb_drop(struct Qdisc *sch)
970static void htb_reset(struct Qdisc *sch) 958static void htb_reset(struct Qdisc *sch)
971{ 959{
972 struct htb_sched *q = qdisc_priv(sch); 960 struct htb_sched *q = qdisc_priv(sch);
973 int i; 961 struct htb_class *cl;
974 962 struct hlist_node *n;
975 for (i = 0; i < HTB_HSIZE; i++) { 963 unsigned int i;
976 struct hlist_node *p;
977 struct htb_class *cl;
978 964
979 hlist_for_each_entry(cl, p, q->hash + i, hlist) { 965 for (i = 0; i < q->clhash.hashsize; i++) {
966 hlist_for_each_entry(cl, n, &q->clhash.hash[i], common.hnode) {
980 if (cl->level) 967 if (cl->level)
981 memset(&cl->un.inner, 0, sizeof(cl->un.inner)); 968 memset(&cl->un.inner, 0, sizeof(cl->un.inner));
982 else { 969 else {
@@ -1034,16 +1021,16 @@ static int htb_init(struct Qdisc *sch, struct nlattr *opt)
1034 return -EINVAL; 1021 return -EINVAL;
1035 } 1022 }
1036 1023
1037 INIT_LIST_HEAD(&q->root); 1024 err = qdisc_class_hash_init(&q->clhash);
1038 for (i = 0; i < HTB_HSIZE; i++) 1025 if (err < 0)
1039 INIT_HLIST_HEAD(q->hash + i); 1026 return err;
1040 for (i = 0; i < TC_HTB_NUMPRIO; i++) 1027 for (i = 0; i < TC_HTB_NUMPRIO; i++)
1041 INIT_LIST_HEAD(q->drops + i); 1028 INIT_LIST_HEAD(q->drops + i);
1042 1029
1043 qdisc_watchdog_init(&q->watchdog, sch); 1030 qdisc_watchdog_init(&q->watchdog, sch);
1044 skb_queue_head_init(&q->direct_queue); 1031 skb_queue_head_init(&q->direct_queue);
1045 1032
1046 q->direct_qlen = sch->dev->tx_queue_len; 1033 q->direct_qlen = qdisc_dev(sch)->tx_queue_len;
1047 if (q->direct_qlen < 2) /* some devices have zero tx_queue_len */ 1034 if (q->direct_qlen < 2) /* some devices have zero tx_queue_len */
1048 q->direct_qlen = 2; 1035 q->direct_qlen = 2;
1049 1036
@@ -1056,11 +1043,12 @@ static int htb_init(struct Qdisc *sch, struct nlattr *opt)
1056 1043
1057static int htb_dump(struct Qdisc *sch, struct sk_buff *skb) 1044static int htb_dump(struct Qdisc *sch, struct sk_buff *skb)
1058{ 1045{
1046 spinlock_t *root_lock = qdisc_root_sleeping_lock(sch);
1059 struct htb_sched *q = qdisc_priv(sch); 1047 struct htb_sched *q = qdisc_priv(sch);
1060 struct nlattr *nest; 1048 struct nlattr *nest;
1061 struct tc_htb_glob gopt; 1049 struct tc_htb_glob gopt;
1062 1050
1063 spin_lock_bh(&sch->dev->queue_lock); 1051 spin_lock_bh(root_lock);
1064 1052
1065 gopt.direct_pkts = q->direct_pkts; 1053 gopt.direct_pkts = q->direct_pkts;
1066 gopt.version = HTB_VER; 1054 gopt.version = HTB_VER;
@@ -1074,11 +1062,11 @@ static int htb_dump(struct Qdisc *sch, struct sk_buff *skb)
1074 NLA_PUT(skb, TCA_HTB_INIT, sizeof(gopt), &gopt); 1062 NLA_PUT(skb, TCA_HTB_INIT, sizeof(gopt), &gopt);
1075 nla_nest_end(skb, nest); 1063 nla_nest_end(skb, nest);
1076 1064
1077 spin_unlock_bh(&sch->dev->queue_lock); 1065 spin_unlock_bh(root_lock);
1078 return skb->len; 1066 return skb->len;
1079 1067
1080nla_put_failure: 1068nla_put_failure:
1081 spin_unlock_bh(&sch->dev->queue_lock); 1069 spin_unlock_bh(root_lock);
1082 nla_nest_cancel(skb, nest); 1070 nla_nest_cancel(skb, nest);
1083 return -1; 1071 return -1;
1084} 1072}
@@ -1087,12 +1075,13 @@ static int htb_dump_class(struct Qdisc *sch, unsigned long arg,
1087 struct sk_buff *skb, struct tcmsg *tcm) 1075 struct sk_buff *skb, struct tcmsg *tcm)
1088{ 1076{
1089 struct htb_class *cl = (struct htb_class *)arg; 1077 struct htb_class *cl = (struct htb_class *)arg;
1078 spinlock_t *root_lock = qdisc_root_sleeping_lock(sch);
1090 struct nlattr *nest; 1079 struct nlattr *nest;
1091 struct tc_htb_opt opt; 1080 struct tc_htb_opt opt;
1092 1081
1093 spin_lock_bh(&sch->dev->queue_lock); 1082 spin_lock_bh(root_lock);
1094 tcm->tcm_parent = cl->parent ? cl->parent->classid : TC_H_ROOT; 1083 tcm->tcm_parent = cl->parent ? cl->parent->common.classid : TC_H_ROOT;
1095 tcm->tcm_handle = cl->classid; 1084 tcm->tcm_handle = cl->common.classid;
1096 if (!cl->level && cl->un.leaf.q) 1085 if (!cl->level && cl->un.leaf.q)
1097 tcm->tcm_info = cl->un.leaf.q->handle; 1086 tcm->tcm_info = cl->un.leaf.q->handle;
1098 1087
@@ -1112,11 +1101,11 @@ static int htb_dump_class(struct Qdisc *sch, unsigned long arg,
1112 NLA_PUT(skb, TCA_HTB_PARMS, sizeof(opt), &opt); 1101 NLA_PUT(skb, TCA_HTB_PARMS, sizeof(opt), &opt);
1113 1102
1114 nla_nest_end(skb, nest); 1103 nla_nest_end(skb, nest);
1115 spin_unlock_bh(&sch->dev->queue_lock); 1104 spin_unlock_bh(root_lock);
1116 return skb->len; 1105 return skb->len;
1117 1106
1118nla_put_failure: 1107nla_put_failure:
1119 spin_unlock_bh(&sch->dev->queue_lock); 1108 spin_unlock_bh(root_lock);
1120 nla_nest_cancel(skb, nest); 1109 nla_nest_cancel(skb, nest);
1121 return -1; 1110 return -1;
1122} 1111}
@@ -1146,8 +1135,9 @@ static int htb_graft(struct Qdisc *sch, unsigned long arg, struct Qdisc *new,
1146 1135
1147 if (cl && !cl->level) { 1136 if (cl && !cl->level) {
1148 if (new == NULL && 1137 if (new == NULL &&
1149 (new = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 1138 (new = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1150 cl->classid)) 1139 &pfifo_qdisc_ops,
1140 cl->common.classid))
1151 == NULL) 1141 == NULL)
1152 return -ENOBUFS; 1142 return -ENOBUFS;
1153 sch_tree_lock(sch); 1143 sch_tree_lock(sch);
@@ -1188,12 +1178,9 @@ static inline int htb_parent_last_child(struct htb_class *cl)
1188 if (!cl->parent) 1178 if (!cl->parent)
1189 /* the root class */ 1179 /* the root class */
1190 return 0; 1180 return 0;
1191 1181 if (cl->parent->children > 1)
1192 if (!(cl->parent->children.next == &cl->sibling &&
1193 cl->parent->children.prev == &cl->sibling))
1194 /* not the last child */ 1182 /* not the last child */
1195 return 0; 1183 return 0;
1196
1197 return 1; 1184 return 1;
1198} 1185}
1199 1186
@@ -1202,7 +1189,7 @@ static void htb_parent_to_leaf(struct htb_sched *q, struct htb_class *cl,
1202{ 1189{
1203 struct htb_class *parent = cl->parent; 1190 struct htb_class *parent = cl->parent;
1204 1191
1205 BUG_TRAP(!cl->level && cl->un.leaf.q && !cl->prio_activity); 1192 WARN_ON(cl->level || !cl->un.leaf.q || cl->prio_activity);
1206 1193
1207 if (parent->cmode != HTB_CAN_SEND) 1194 if (parent->cmode != HTB_CAN_SEND)
1208 htb_safe_rb_erase(&parent->pq_node, q->wait_pq + parent->level); 1195 htb_safe_rb_erase(&parent->pq_node, q->wait_pq + parent->level);
@@ -1221,32 +1208,15 @@ static void htb_parent_to_leaf(struct htb_sched *q, struct htb_class *cl,
1221 1208
1222static void htb_destroy_class(struct Qdisc *sch, struct htb_class *cl) 1209static void htb_destroy_class(struct Qdisc *sch, struct htb_class *cl)
1223{ 1210{
1224 struct htb_sched *q = qdisc_priv(sch);
1225
1226 if (!cl->level) { 1211 if (!cl->level) {
1227 BUG_TRAP(cl->un.leaf.q); 1212 WARN_ON(!cl->un.leaf.q);
1228 qdisc_destroy(cl->un.leaf.q); 1213 qdisc_destroy(cl->un.leaf.q);
1229 } 1214 }
1230 gen_kill_estimator(&cl->bstats, &cl->rate_est); 1215 gen_kill_estimator(&cl->bstats, &cl->rate_est);
1231 qdisc_put_rtab(cl->rate); 1216 qdisc_put_rtab(cl->rate);
1232 qdisc_put_rtab(cl->ceil); 1217 qdisc_put_rtab(cl->ceil);
1233 1218
1234 tcf_destroy_chain(cl->filter_list); 1219 tcf_destroy_chain(&cl->filter_list);
1235
1236 while (!list_empty(&cl->children))
1237 htb_destroy_class(sch, list_entry(cl->children.next,
1238 struct htb_class, sibling));
1239
1240 /* note: this delete may happen twice (see htb_delete) */
1241 hlist_del_init(&cl->hlist);
1242 list_del(&cl->sibling);
1243
1244 if (cl->prio_activity)
1245 htb_deactivate(q, cl);
1246
1247 if (cl->cmode != HTB_CAN_SEND)
1248 htb_safe_rb_erase(&cl->pq_node, q->wait_pq + cl->level);
1249
1250 kfree(cl); 1220 kfree(cl);
1251} 1221}
1252 1222
@@ -1254,18 +1224,27 @@ static void htb_destroy_class(struct Qdisc *sch, struct htb_class *cl)
1254static void htb_destroy(struct Qdisc *sch) 1224static void htb_destroy(struct Qdisc *sch)
1255{ 1225{
1256 struct htb_sched *q = qdisc_priv(sch); 1226 struct htb_sched *q = qdisc_priv(sch);
1227 struct hlist_node *n, *next;
1228 struct htb_class *cl;
1229 unsigned int i;
1257 1230
1258 qdisc_watchdog_cancel(&q->watchdog); 1231 qdisc_watchdog_cancel(&q->watchdog);
1259 /* This line used to be after htb_destroy_class call below 1232 /* This line used to be after htb_destroy_class call below
1260 and surprisingly it worked in 2.4. But it must precede it 1233 and surprisingly it worked in 2.4. But it must precede it
1261 because filter need its target class alive to be able to call 1234 because filter need its target class alive to be able to call
1262 unbind_filter on it (without Oops). */ 1235 unbind_filter on it (without Oops). */
1263 tcf_destroy_chain(q->filter_list); 1236 tcf_destroy_chain(&q->filter_list);
1264
1265 while (!list_empty(&q->root))
1266 htb_destroy_class(sch, list_entry(q->root.next,
1267 struct htb_class, sibling));
1268 1237
1238 for (i = 0; i < q->clhash.hashsize; i++) {
1239 hlist_for_each_entry(cl, n, &q->clhash.hash[i], common.hnode)
1240 tcf_destroy_chain(&cl->filter_list);
1241 }
1242 for (i = 0; i < q->clhash.hashsize; i++) {
1243 hlist_for_each_entry_safe(cl, n, next, &q->clhash.hash[i],
1244 common.hnode)
1245 htb_destroy_class(sch, cl);
1246 }
1247 qdisc_class_hash_destroy(&q->clhash);
1269 __skb_queue_purge(&q->direct_queue); 1248 __skb_queue_purge(&q->direct_queue);
1270} 1249}
1271 1250
@@ -1280,12 +1259,13 @@ static int htb_delete(struct Qdisc *sch, unsigned long arg)
1280 // TODO: why don't allow to delete subtree ? references ? does 1259 // TODO: why don't allow to delete subtree ? references ? does
1281 // tc subsys quarantee us that in htb_destroy it holds no class 1260 // tc subsys quarantee us that in htb_destroy it holds no class
1282 // refs so that we can remove children safely there ? 1261 // refs so that we can remove children safely there ?
1283 if (!list_empty(&cl->children) || cl->filter_cnt) 1262 if (cl->children || cl->filter_cnt)
1284 return -EBUSY; 1263 return -EBUSY;
1285 1264
1286 if (!cl->level && htb_parent_last_child(cl)) { 1265 if (!cl->level && htb_parent_last_child(cl)) {
1287 new_q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 1266 new_q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1288 cl->parent->classid); 1267 &pfifo_qdisc_ops,
1268 cl->parent->common.classid);
1289 last_child = 1; 1269 last_child = 1;
1290 } 1270 }
1291 1271
@@ -1298,11 +1278,16 @@ static int htb_delete(struct Qdisc *sch, unsigned long arg)
1298 } 1278 }
1299 1279
1300 /* delete from hash and active; remainder in destroy_class */ 1280 /* delete from hash and active; remainder in destroy_class */
1301 hlist_del_init(&cl->hlist); 1281 qdisc_class_hash_remove(&q->clhash, &cl->common);
1282 if (cl->parent)
1283 cl->parent->children--;
1302 1284
1303 if (cl->prio_activity) 1285 if (cl->prio_activity)
1304 htb_deactivate(q, cl); 1286 htb_deactivate(q, cl);
1305 1287
1288 if (cl->cmode != HTB_CAN_SEND)
1289 htb_safe_rb_erase(&cl->pq_node, q->wait_pq + cl->level);
1290
1306 if (last_child) 1291 if (last_child)
1307 htb_parent_to_leaf(q, cl, new_q); 1292 htb_parent_to_leaf(q, cl, new_q);
1308 1293
@@ -1387,12 +1372,10 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1387 goto failure; 1372 goto failure;
1388 1373
1389 gen_new_estimator(&cl->bstats, &cl->rate_est, 1374 gen_new_estimator(&cl->bstats, &cl->rate_est,
1390 &sch->dev->queue_lock, 1375 qdisc_root_sleeping_lock(sch),
1391 tca[TCA_RATE] ? : &est.nla); 1376 tca[TCA_RATE] ? : &est.nla);
1392 cl->refcnt = 1; 1377 cl->refcnt = 1;
1393 INIT_LIST_HEAD(&cl->sibling); 1378 cl->children = 0;
1394 INIT_HLIST_NODE(&cl->hlist);
1395 INIT_LIST_HEAD(&cl->children);
1396 INIT_LIST_HEAD(&cl->un.leaf.drop_list); 1379 INIT_LIST_HEAD(&cl->un.leaf.drop_list);
1397 RB_CLEAR_NODE(&cl->pq_node); 1380 RB_CLEAR_NODE(&cl->pq_node);
1398 1381
@@ -1402,7 +1385,8 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1402 /* create leaf qdisc early because it uses kmalloc(GFP_KERNEL) 1385 /* create leaf qdisc early because it uses kmalloc(GFP_KERNEL)
1403 so that can't be used inside of sch_tree_lock 1386 so that can't be used inside of sch_tree_lock
1404 -- thanks to Karlis Peisenieks */ 1387 -- thanks to Karlis Peisenieks */
1405 new_q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, classid); 1388 new_q = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
1389 &pfifo_qdisc_ops, classid);
1406 sch_tree_lock(sch); 1390 sch_tree_lock(sch);
1407 if (parent && !parent->level) { 1391 if (parent && !parent->level) {
1408 unsigned int qlen = parent->un.leaf.q->q.qlen; 1392 unsigned int qlen = parent->un.leaf.q->q.qlen;
@@ -1426,7 +1410,7 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1426 /* leaf (we) needs elementary qdisc */ 1410 /* leaf (we) needs elementary qdisc */
1427 cl->un.leaf.q = new_q ? new_q : &noop_qdisc; 1411 cl->un.leaf.q = new_q ? new_q : &noop_qdisc;
1428 1412
1429 cl->classid = classid; 1413 cl->common.classid = classid;
1430 cl->parent = parent; 1414 cl->parent = parent;
1431 1415
1432 /* set class to be in HTB_CAN_SEND state */ 1416 /* set class to be in HTB_CAN_SEND state */
@@ -1437,13 +1421,13 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1437 cl->cmode = HTB_CAN_SEND; 1421 cl->cmode = HTB_CAN_SEND;
1438 1422
1439 /* attach to the hash list and parent's family */ 1423 /* attach to the hash list and parent's family */
1440 hlist_add_head(&cl->hlist, q->hash + htb_hash(classid)); 1424 qdisc_class_hash_insert(&q->clhash, &cl->common);
1441 list_add_tail(&cl->sibling, 1425 if (parent)
1442 parent ? &parent->children : &q->root); 1426 parent->children++;
1443 } else { 1427 } else {
1444 if (tca[TCA_RATE]) 1428 if (tca[TCA_RATE])
1445 gen_replace_estimator(&cl->bstats, &cl->rate_est, 1429 gen_replace_estimator(&cl->bstats, &cl->rate_est,
1446 &sch->dev->queue_lock, 1430 qdisc_root_sleeping_lock(sch),
1447 tca[TCA_RATE]); 1431 tca[TCA_RATE]);
1448 sch_tree_lock(sch); 1432 sch_tree_lock(sch);
1449 } 1433 }
@@ -1455,13 +1439,13 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1455 if (!hopt->quantum && cl->un.leaf.quantum < 1000) { 1439 if (!hopt->quantum && cl->un.leaf.quantum < 1000) {
1456 printk(KERN_WARNING 1440 printk(KERN_WARNING
1457 "HTB: quantum of class %X is small. Consider r2q change.\n", 1441 "HTB: quantum of class %X is small. Consider r2q change.\n",
1458 cl->classid); 1442 cl->common.classid);
1459 cl->un.leaf.quantum = 1000; 1443 cl->un.leaf.quantum = 1000;
1460 } 1444 }
1461 if (!hopt->quantum && cl->un.leaf.quantum > 200000) { 1445 if (!hopt->quantum && cl->un.leaf.quantum > 200000) {
1462 printk(KERN_WARNING 1446 printk(KERN_WARNING
1463 "HTB: quantum of class %X is big. Consider r2q change.\n", 1447 "HTB: quantum of class %X is big. Consider r2q change.\n",
1464 cl->classid); 1448 cl->common.classid);
1465 cl->un.leaf.quantum = 200000; 1449 cl->un.leaf.quantum = 200000;
1466 } 1450 }
1467 if (hopt->quantum) 1451 if (hopt->quantum)
@@ -1484,6 +1468,8 @@ static int htb_change_class(struct Qdisc *sch, u32 classid,
1484 cl->ceil = ctab; 1468 cl->ceil = ctab;
1485 sch_tree_unlock(sch); 1469 sch_tree_unlock(sch);
1486 1470
1471 qdisc_class_hash_grow(sch, &q->clhash);
1472
1487 *arg = (unsigned long)cl; 1473 *arg = (unsigned long)cl;
1488 return 0; 1474 return 0;
1489 1475
@@ -1507,7 +1493,6 @@ static struct tcf_proto **htb_find_tcf(struct Qdisc *sch, unsigned long arg)
1507static unsigned long htb_bind_filter(struct Qdisc *sch, unsigned long parent, 1493static unsigned long htb_bind_filter(struct Qdisc *sch, unsigned long parent,
1508 u32 classid) 1494 u32 classid)
1509{ 1495{
1510 struct htb_sched *q = qdisc_priv(sch);
1511 struct htb_class *cl = htb_find(classid, sch); 1496 struct htb_class *cl = htb_find(classid, sch);
1512 1497
1513 /*if (cl && !cl->level) return 0; 1498 /*if (cl && !cl->level) return 0;
@@ -1521,35 +1506,29 @@ static unsigned long htb_bind_filter(struct Qdisc *sch, unsigned long parent,
1521 */ 1506 */
1522 if (cl) 1507 if (cl)
1523 cl->filter_cnt++; 1508 cl->filter_cnt++;
1524 else
1525 q->filter_cnt++;
1526 return (unsigned long)cl; 1509 return (unsigned long)cl;
1527} 1510}
1528 1511
1529static void htb_unbind_filter(struct Qdisc *sch, unsigned long arg) 1512static void htb_unbind_filter(struct Qdisc *sch, unsigned long arg)
1530{ 1513{
1531 struct htb_sched *q = qdisc_priv(sch);
1532 struct htb_class *cl = (struct htb_class *)arg; 1514 struct htb_class *cl = (struct htb_class *)arg;
1533 1515
1534 if (cl) 1516 if (cl)
1535 cl->filter_cnt--; 1517 cl->filter_cnt--;
1536 else
1537 q->filter_cnt--;
1538} 1518}
1539 1519
1540static void htb_walk(struct Qdisc *sch, struct qdisc_walker *arg) 1520static void htb_walk(struct Qdisc *sch, struct qdisc_walker *arg)
1541{ 1521{
1542 struct htb_sched *q = qdisc_priv(sch); 1522 struct htb_sched *q = qdisc_priv(sch);
1543 int i; 1523 struct htb_class *cl;
1524 struct hlist_node *n;
1525 unsigned int i;
1544 1526
1545 if (arg->stop) 1527 if (arg->stop)
1546 return; 1528 return;
1547 1529
1548 for (i = 0; i < HTB_HSIZE; i++) { 1530 for (i = 0; i < q->clhash.hashsize; i++) {
1549 struct hlist_node *p; 1531 hlist_for_each_entry(cl, n, &q->clhash.hash[i], common.hnode) {
1550 struct htb_class *cl;
1551
1552 hlist_for_each_entry(cl, p, q->hash + i, hlist) {
1553 if (arg->count < arg->skip) { 1532 if (arg->count < arg->skip) {
1554 arg->count++; 1533 arg->count++;
1555 continue; 1534 continue;
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 274b1ddb160c..4a2b77374358 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -77,7 +77,7 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
77 result = tc_classify(skb, p->filter_list, &res); 77 result = tc_classify(skb, p->filter_list, &res);
78 78
79 sch->bstats.packets++; 79 sch->bstats.packets++;
80 sch->bstats.bytes += skb->len; 80 sch->bstats.bytes += qdisc_pkt_len(skb);
81 switch (result) { 81 switch (result) {
82 case TC_ACT_SHOT: 82 case TC_ACT_SHOT:
83 result = TC_ACT_SHOT; 83 result = TC_ACT_SHOT;
@@ -104,7 +104,7 @@ static void ingress_destroy(struct Qdisc *sch)
104{ 104{
105 struct ingress_qdisc_data *p = qdisc_priv(sch); 105 struct ingress_qdisc_data *p = qdisc_priv(sch);
106 106
107 tcf_destroy_chain(p->filter_list); 107 tcf_destroy_chain(&p->filter_list);
108} 108}
109 109
110static int ingress_dump(struct Qdisc *sch, struct sk_buff *skb) 110static int ingress_dump(struct Qdisc *sch, struct sk_buff *skb)
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c
index c9c649b26eaa..3781e55046d0 100644
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -82,6 +82,13 @@ struct netem_skb_cb {
82 psched_time_t time_to_send; 82 psched_time_t time_to_send;
83}; 83};
84 84
85static inline struct netem_skb_cb *netem_skb_cb(struct sk_buff *skb)
86{
87 BUILD_BUG_ON(sizeof(skb->cb) <
88 sizeof(struct qdisc_skb_cb) + sizeof(struct netem_skb_cb));
89 return (struct netem_skb_cb *)qdisc_skb_cb(skb)->data;
90}
91
85/* init_crandom - initialize correlated random number generator 92/* init_crandom - initialize correlated random number generator
86 * Use entropy source for initial seed. 93 * Use entropy source for initial seed.
87 */ 94 */
@@ -169,7 +176,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
169 if (count == 0) { 176 if (count == 0) {
170 sch->qstats.drops++; 177 sch->qstats.drops++;
171 kfree_skb(skb); 178 kfree_skb(skb);
172 return NET_XMIT_BYPASS; 179 return NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
173 } 180 }
174 181
175 skb_orphan(skb); 182 skb_orphan(skb);
@@ -180,11 +187,11 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
180 * skb will be queued. 187 * skb will be queued.
181 */ 188 */
182 if (count > 1 && (skb2 = skb_clone(skb, GFP_ATOMIC)) != NULL) { 189 if (count > 1 && (skb2 = skb_clone(skb, GFP_ATOMIC)) != NULL) {
183 struct Qdisc *rootq = sch->dev->qdisc; 190 struct Qdisc *rootq = qdisc_root(sch);
184 u32 dupsave = q->duplicate; /* prevent duplicating a dup... */ 191 u32 dupsave = q->duplicate; /* prevent duplicating a dup... */
185 q->duplicate = 0; 192 q->duplicate = 0;
186 193
187 rootq->enqueue(skb2, rootq); 194 qdisc_enqueue_root(skb2, rootq);
188 q->duplicate = dupsave; 195 q->duplicate = dupsave;
189 } 196 }
190 197
@@ -205,7 +212,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
205 skb->data[net_random() % skb_headlen(skb)] ^= 1<<(net_random() % 8); 212 skb->data[net_random() % skb_headlen(skb)] ^= 1<<(net_random() % 8);
206 } 213 }
207 214
208 cb = (struct netem_skb_cb *)skb->cb; 215 cb = netem_skb_cb(skb);
209 if (q->gap == 0 /* not doing reordering */ 216 if (q->gap == 0 /* not doing reordering */
210 || q->counter < q->gap /* inside last reordering gap */ 217 || q->counter < q->gap /* inside last reordering gap */
211 || q->reorder < get_crandom(&q->reorder_cor)) { 218 || q->reorder < get_crandom(&q->reorder_cor)) {
@@ -218,7 +225,7 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
218 now = psched_get_time(); 225 now = psched_get_time();
219 cb->time_to_send = now + delay; 226 cb->time_to_send = now + delay;
220 ++q->counter; 227 ++q->counter;
221 ret = q->qdisc->enqueue(skb, q->qdisc); 228 ret = qdisc_enqueue(skb, q->qdisc);
222 } else { 229 } else {
223 /* 230 /*
224 * Do re-ordering by putting one out of N packets at the front 231 * Do re-ordering by putting one out of N packets at the front
@@ -231,10 +238,11 @@ static int netem_enqueue(struct sk_buff *skb, struct Qdisc *sch)
231 238
232 if (likely(ret == NET_XMIT_SUCCESS)) { 239 if (likely(ret == NET_XMIT_SUCCESS)) {
233 sch->q.qlen++; 240 sch->q.qlen++;
234 sch->bstats.bytes += skb->len; 241 sch->bstats.bytes += qdisc_pkt_len(skb);
235 sch->bstats.packets++; 242 sch->bstats.packets++;
236 } else 243 } else if (net_xmit_drop_count(ret)) {
237 sch->qstats.drops++; 244 sch->qstats.drops++;
245 }
238 246
239 pr_debug("netem: enqueue ret %d\n", ret); 247 pr_debug("netem: enqueue ret %d\n", ret);
240 return ret; 248 return ret;
@@ -277,8 +285,7 @@ static struct sk_buff *netem_dequeue(struct Qdisc *sch)
277 285
278 skb = q->qdisc->dequeue(q->qdisc); 286 skb = q->qdisc->dequeue(q->qdisc);
279 if (skb) { 287 if (skb) {
280 const struct netem_skb_cb *cb 288 const struct netem_skb_cb *cb = netem_skb_cb(skb);
281 = (const struct netem_skb_cb *)skb->cb;
282 psched_time_t now = psched_get_time(); 289 psched_time_t now = psched_get_time();
283 290
284 /* if more time remaining? */ 291 /* if more time remaining? */
@@ -310,28 +317,6 @@ static void netem_reset(struct Qdisc *sch)
310 qdisc_watchdog_cancel(&q->watchdog); 317 qdisc_watchdog_cancel(&q->watchdog);
311} 318}
312 319
313/* Pass size change message down to embedded FIFO */
314static int set_fifo_limit(struct Qdisc *q, int limit)
315{
316 struct nlattr *nla;
317 int ret = -ENOMEM;
318
319 /* Hack to avoid sending change message to non-FIFO */
320 if (strncmp(q->ops->id + 1, "fifo", 4) != 0)
321 return 0;
322
323 nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL);
324 if (nla) {
325 nla->nla_type = RTM_NEWQDISC;
326 nla->nla_len = nla_attr_size(sizeof(struct tc_fifo_qopt));
327 ((struct tc_fifo_qopt *)nla_data(nla))->limit = limit;
328
329 ret = q->ops->change(q, nla);
330 kfree(nla);
331 }
332 return ret;
333}
334
335/* 320/*
336 * Distribution data is a variable size payload containing 321 * Distribution data is a variable size payload containing
337 * signed 16 bit values. 322 * signed 16 bit values.
@@ -341,6 +326,7 @@ static int get_dist_table(struct Qdisc *sch, const struct nlattr *attr)
341 struct netem_sched_data *q = qdisc_priv(sch); 326 struct netem_sched_data *q = qdisc_priv(sch);
342 unsigned long n = nla_len(attr)/sizeof(__s16); 327 unsigned long n = nla_len(attr)/sizeof(__s16);
343 const __s16 *data = nla_data(attr); 328 const __s16 *data = nla_data(attr);
329 spinlock_t *root_lock;
344 struct disttable *d; 330 struct disttable *d;
345 int i; 331 int i;
346 332
@@ -355,9 +341,11 @@ static int get_dist_table(struct Qdisc *sch, const struct nlattr *attr)
355 for (i = 0; i < n; i++) 341 for (i = 0; i < n; i++)
356 d->table[i] = data[i]; 342 d->table[i] = data[i];
357 343
358 spin_lock_bh(&sch->dev->queue_lock); 344 root_lock = qdisc_root_sleeping_lock(sch);
345
346 spin_lock_bh(root_lock);
359 d = xchg(&q->delay_dist, d); 347 d = xchg(&q->delay_dist, d);
360 spin_unlock_bh(&sch->dev->queue_lock); 348 spin_unlock_bh(root_lock);
361 349
362 kfree(d); 350 kfree(d);
363 return 0; 351 return 0;
@@ -416,7 +404,7 @@ static int netem_change(struct Qdisc *sch, struct nlattr *opt)
416 if (ret < 0) 404 if (ret < 0)
417 return ret; 405 return ret;
418 406
419 ret = set_fifo_limit(q->qdisc, qopt->limit); 407 ret = fifo_set_limit(q->qdisc, qopt->limit);
420 if (ret) { 408 if (ret) {
421 pr_debug("netem: can't set fifo limit\n"); 409 pr_debug("netem: can't set fifo limit\n");
422 return ret; 410 return ret;
@@ -476,7 +464,7 @@ static int tfifo_enqueue(struct sk_buff *nskb, struct Qdisc *sch)
476{ 464{
477 struct fifo_sched_data *q = qdisc_priv(sch); 465 struct fifo_sched_data *q = qdisc_priv(sch);
478 struct sk_buff_head *list = &sch->q; 466 struct sk_buff_head *list = &sch->q;
479 psched_time_t tnext = ((struct netem_skb_cb *)nskb->cb)->time_to_send; 467 psched_time_t tnext = netem_skb_cb(nskb)->time_to_send;
480 struct sk_buff *skb; 468 struct sk_buff *skb;
481 469
482 if (likely(skb_queue_len(list) < q->limit)) { 470 if (likely(skb_queue_len(list) < q->limit)) {
@@ -487,8 +475,7 @@ static int tfifo_enqueue(struct sk_buff *nskb, struct Qdisc *sch)
487 } 475 }
488 476
489 skb_queue_reverse_walk(list, skb) { 477 skb_queue_reverse_walk(list, skb) {
490 const struct netem_skb_cb *cb 478 const struct netem_skb_cb *cb = netem_skb_cb(skb);
491 = (const struct netem_skb_cb *)skb->cb;
492 479
493 if (tnext >= cb->time_to_send) 480 if (tnext >= cb->time_to_send)
494 break; 481 break;
@@ -496,8 +483,8 @@ static int tfifo_enqueue(struct sk_buff *nskb, struct Qdisc *sch)
496 483
497 __skb_queue_after(list, skb, nskb); 484 __skb_queue_after(list, skb, nskb);
498 485
499 sch->qstats.backlog += nskb->len; 486 sch->qstats.backlog += qdisc_pkt_len(nskb);
500 sch->bstats.bytes += nskb->len; 487 sch->bstats.bytes += qdisc_pkt_len(nskb);
501 sch->bstats.packets++; 488 sch->bstats.packets++;
502 489
503 return NET_XMIT_SUCCESS; 490 return NET_XMIT_SUCCESS;
@@ -517,7 +504,7 @@ static int tfifo_init(struct Qdisc *sch, struct nlattr *opt)
517 504
518 q->limit = ctl->limit; 505 q->limit = ctl->limit;
519 } else 506 } else
520 q->limit = max_t(u32, sch->dev->tx_queue_len, 1); 507 q->limit = max_t(u32, qdisc_dev(sch)->tx_queue_len, 1);
521 508
522 q->oldest = PSCHED_PASTPERFECT; 509 q->oldest = PSCHED_PASTPERFECT;
523 return 0; 510 return 0;
@@ -558,7 +545,8 @@ static int netem_init(struct Qdisc *sch, struct nlattr *opt)
558 545
559 qdisc_watchdog_init(&q->watchdog, sch); 546 qdisc_watchdog_init(&q->watchdog, sch);
560 547
561 q->qdisc = qdisc_create_dflt(sch->dev, &tfifo_qdisc_ops, 548 q->qdisc = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
549 &tfifo_qdisc_ops,
562 TC_H_MAKE(sch->handle, 1)); 550 TC_H_MAKE(sch->handle, 1));
563 if (!q->qdisc) { 551 if (!q->qdisc) {
564 pr_debug("netem: qdisc create failed\n"); 552 pr_debug("netem: qdisc create failed\n");
diff --git a/net/sched/sch_prio.c b/net/sched/sch_prio.c
index 4aa2b45dad0a..a6697c686c7f 100644
--- a/net/sched/sch_prio.c
+++ b/net/sched/sch_prio.c
@@ -24,11 +24,9 @@
24struct prio_sched_data 24struct prio_sched_data
25{ 25{
26 int bands; 26 int bands;
27 int curband; /* for round-robin */
28 struct tcf_proto *filter_list; 27 struct tcf_proto *filter_list;
29 u8 prio2band[TC_PRIO_MAX+1]; 28 u8 prio2band[TC_PRIO_MAX+1];
30 struct Qdisc *queues[TCQ_PRIO_BANDS]; 29 struct Qdisc *queues[TCQ_PRIO_BANDS];
31 int mq;
32}; 30};
33 31
34 32
@@ -40,14 +38,14 @@ prio_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
40 struct tcf_result res; 38 struct tcf_result res;
41 int err; 39 int err;
42 40
43 *qerr = NET_XMIT_BYPASS; 41 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
44 if (TC_H_MAJ(skb->priority) != sch->handle) { 42 if (TC_H_MAJ(skb->priority) != sch->handle) {
45 err = tc_classify(skb, q->filter_list, &res); 43 err = tc_classify(skb, q->filter_list, &res);
46#ifdef CONFIG_NET_CLS_ACT 44#ifdef CONFIG_NET_CLS_ACT
47 switch (err) { 45 switch (err) {
48 case TC_ACT_STOLEN: 46 case TC_ACT_STOLEN:
49 case TC_ACT_QUEUED: 47 case TC_ACT_QUEUED:
50 *qerr = NET_XMIT_SUCCESS; 48 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
51 case TC_ACT_SHOT: 49 case TC_ACT_SHOT:
52 return NULL; 50 return NULL;
53 } 51 }
@@ -55,17 +53,14 @@ prio_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr)
55 if (!q->filter_list || err < 0) { 53 if (!q->filter_list || err < 0) {
56 if (TC_H_MAJ(band)) 54 if (TC_H_MAJ(band))
57 band = 0; 55 band = 0;
58 band = q->prio2band[band&TC_PRIO_MAX]; 56 return q->queues[q->prio2band[band&TC_PRIO_MAX]];
59 goto out;
60 } 57 }
61 band = res.classid; 58 band = res.classid;
62 } 59 }
63 band = TC_H_MIN(band) - 1; 60 band = TC_H_MIN(band) - 1;
64 if (band >= q->bands) 61 if (band >= q->bands)
65 band = q->prio2band[0]; 62 return q->queues[q->prio2band[0]];
66out: 63
67 if (q->mq)
68 skb_set_queue_mapping(skb, band);
69 return q->queues[band]; 64 return q->queues[band];
70} 65}
71 66
@@ -79,20 +74,22 @@ prio_enqueue(struct sk_buff *skb, struct Qdisc *sch)
79#ifdef CONFIG_NET_CLS_ACT 74#ifdef CONFIG_NET_CLS_ACT
80 if (qdisc == NULL) { 75 if (qdisc == NULL) {
81 76
82 if (ret == NET_XMIT_BYPASS) 77 if (ret & __NET_XMIT_BYPASS)
83 sch->qstats.drops++; 78 sch->qstats.drops++;
84 kfree_skb(skb); 79 kfree_skb(skb);
85 return ret; 80 return ret;
86 } 81 }
87#endif 82#endif
88 83
89 if ((ret = qdisc->enqueue(skb, qdisc)) == NET_XMIT_SUCCESS) { 84 ret = qdisc_enqueue(skb, qdisc);
90 sch->bstats.bytes += skb->len; 85 if (ret == NET_XMIT_SUCCESS) {
86 sch->bstats.bytes += qdisc_pkt_len(skb);
91 sch->bstats.packets++; 87 sch->bstats.packets++;
92 sch->q.qlen++; 88 sch->q.qlen++;
93 return NET_XMIT_SUCCESS; 89 return NET_XMIT_SUCCESS;
94 } 90 }
95 sch->qstats.drops++; 91 if (net_xmit_drop_count(ret))
92 sch->qstats.drops++;
96 return ret; 93 return ret;
97} 94}
98 95
@@ -106,7 +103,7 @@ prio_requeue(struct sk_buff *skb, struct Qdisc* sch)
106 qdisc = prio_classify(skb, sch, &ret); 103 qdisc = prio_classify(skb, sch, &ret);
107#ifdef CONFIG_NET_CLS_ACT 104#ifdef CONFIG_NET_CLS_ACT
108 if (qdisc == NULL) { 105 if (qdisc == NULL) {
109 if (ret == NET_XMIT_BYPASS) 106 if (ret & __NET_XMIT_BYPASS)
110 sch->qstats.drops++; 107 sch->qstats.drops++;
111 kfree_skb(skb); 108 kfree_skb(skb);
112 return ret; 109 return ret;
@@ -116,74 +113,31 @@ prio_requeue(struct sk_buff *skb, struct Qdisc* sch)
116 if ((ret = qdisc->ops->requeue(skb, qdisc)) == NET_XMIT_SUCCESS) { 113 if ((ret = qdisc->ops->requeue(skb, qdisc)) == NET_XMIT_SUCCESS) {
117 sch->q.qlen++; 114 sch->q.qlen++;
118 sch->qstats.requeues++; 115 sch->qstats.requeues++;
119 return 0; 116 return NET_XMIT_SUCCESS;
120 } 117 }
121 sch->qstats.drops++; 118 if (net_xmit_drop_count(ret))
122 return NET_XMIT_DROP; 119 sch->qstats.drops++;
120 return ret;
123} 121}
124 122
125 123
126static struct sk_buff * 124static struct sk_buff *prio_dequeue(struct Qdisc* sch)
127prio_dequeue(struct Qdisc* sch)
128{ 125{
129 struct sk_buff *skb;
130 struct prio_sched_data *q = qdisc_priv(sch); 126 struct prio_sched_data *q = qdisc_priv(sch);
131 int prio; 127 int prio;
132 struct Qdisc *qdisc;
133 128
134 for (prio = 0; prio < q->bands; prio++) { 129 for (prio = 0; prio < q->bands; prio++) {
135 /* Check if the target subqueue is available before 130 struct Qdisc *qdisc = q->queues[prio];
136 * pulling an skb. This way we avoid excessive requeues 131 struct sk_buff *skb = qdisc->dequeue(qdisc);
137 * for slower queues. 132 if (skb) {
138 */ 133 sch->q.qlen--;
139 if (!__netif_subqueue_stopped(sch->dev, (q->mq ? prio : 0))) { 134 return skb;
140 qdisc = q->queues[prio];
141 skb = qdisc->dequeue(qdisc);
142 if (skb) {
143 sch->q.qlen--;
144 return skb;
145 }
146 } 135 }
147 } 136 }
148 return NULL; 137 return NULL;
149 138
150} 139}
151 140
152static struct sk_buff *rr_dequeue(struct Qdisc* sch)
153{
154 struct sk_buff *skb;
155 struct prio_sched_data *q = qdisc_priv(sch);
156 struct Qdisc *qdisc;
157 int bandcount;
158
159 /* Only take one pass through the queues. If nothing is available,
160 * return nothing.
161 */
162 for (bandcount = 0; bandcount < q->bands; bandcount++) {
163 /* Check if the target subqueue is available before
164 * pulling an skb. This way we avoid excessive requeues
165 * for slower queues. If the queue is stopped, try the
166 * next queue.
167 */
168 if (!__netif_subqueue_stopped(sch->dev,
169 (q->mq ? q->curband : 0))) {
170 qdisc = q->queues[q->curband];
171 skb = qdisc->dequeue(qdisc);
172 if (skb) {
173 sch->q.qlen--;
174 q->curband++;
175 if (q->curband >= q->bands)
176 q->curband = 0;
177 return skb;
178 }
179 }
180 q->curband++;
181 if (q->curband >= q->bands)
182 q->curband = 0;
183 }
184 return NULL;
185}
186
187static unsigned int prio_drop(struct Qdisc* sch) 141static unsigned int prio_drop(struct Qdisc* sch)
188{ 142{
189 struct prio_sched_data *q = qdisc_priv(sch); 143 struct prio_sched_data *q = qdisc_priv(sch);
@@ -219,7 +173,7 @@ prio_destroy(struct Qdisc* sch)
219 int prio; 173 int prio;
220 struct prio_sched_data *q = qdisc_priv(sch); 174 struct prio_sched_data *q = qdisc_priv(sch);
221 175
222 tcf_destroy_chain(q->filter_list); 176 tcf_destroy_chain(&q->filter_list);
223 for (prio=0; prio<q->bands; prio++) 177 for (prio=0; prio<q->bands; prio++)
224 qdisc_destroy(q->queues[prio]); 178 qdisc_destroy(q->queues[prio]);
225} 179}
@@ -228,45 +182,22 @@ static int prio_tune(struct Qdisc *sch, struct nlattr *opt)
228{ 182{
229 struct prio_sched_data *q = qdisc_priv(sch); 183 struct prio_sched_data *q = qdisc_priv(sch);
230 struct tc_prio_qopt *qopt; 184 struct tc_prio_qopt *qopt;
231 struct nlattr *tb[TCA_PRIO_MAX + 1];
232 int err;
233 int i; 185 int i;
234 186
235 err = nla_parse_nested_compat(tb, TCA_PRIO_MAX, opt, NULL, qopt, 187 if (nla_len(opt) < sizeof(*qopt))
236 sizeof(*qopt)); 188 return -EINVAL;
237 if (err < 0) 189 qopt = nla_data(opt);
238 return err;
239
240 q->bands = qopt->bands;
241 /* If we're multiqueue, make sure the number of incoming bands
242 * matches the number of queues on the device we're associating with.
243 * If the number of bands requested is zero, then set q->bands to
244 * dev->egress_subqueue_count. Also, the root qdisc must be the
245 * only one that is enabled for multiqueue, since it's the only one
246 * that interacts with the underlying device.
247 */
248 q->mq = nla_get_flag(tb[TCA_PRIO_MQ]);
249 if (q->mq) {
250 if (sch->parent != TC_H_ROOT)
251 return -EINVAL;
252 if (netif_is_multiqueue(sch->dev)) {
253 if (q->bands == 0)
254 q->bands = sch->dev->egress_subqueue_count;
255 else if (q->bands != sch->dev->egress_subqueue_count)
256 return -EINVAL;
257 } else
258 return -EOPNOTSUPP;
259 }
260 190
261 if (q->bands > TCQ_PRIO_BANDS || q->bands < 2) 191 if (qopt->bands > TCQ_PRIO_BANDS || qopt->bands < 2)
262 return -EINVAL; 192 return -EINVAL;
263 193
264 for (i=0; i<=TC_PRIO_MAX; i++) { 194 for (i=0; i<=TC_PRIO_MAX; i++) {
265 if (qopt->priomap[i] >= q->bands) 195 if (qopt->priomap[i] >= qopt->bands)
266 return -EINVAL; 196 return -EINVAL;
267 } 197 }
268 198
269 sch_tree_lock(sch); 199 sch_tree_lock(sch);
200 q->bands = qopt->bands;
270 memcpy(q->prio2band, qopt->priomap, TC_PRIO_MAX+1); 201 memcpy(q->prio2band, qopt->priomap, TC_PRIO_MAX+1);
271 202
272 for (i=q->bands; i<TCQ_PRIO_BANDS; i++) { 203 for (i=q->bands; i<TCQ_PRIO_BANDS; i++) {
@@ -281,7 +212,8 @@ static int prio_tune(struct Qdisc *sch, struct nlattr *opt)
281 for (i=0; i<q->bands; i++) { 212 for (i=0; i<q->bands; i++) {
282 if (q->queues[i] == &noop_qdisc) { 213 if (q->queues[i] == &noop_qdisc) {
283 struct Qdisc *child; 214 struct Qdisc *child;
284 child = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops, 215 child = qdisc_create_dflt(qdisc_dev(sch), sch->dev_queue,
216 &pfifo_qdisc_ops,
285 TC_H_MAKE(sch->handle, i + 1)); 217 TC_H_MAKE(sch->handle, i + 1));
286 if (child) { 218 if (child) {
287 sch_tree_lock(sch); 219 sch_tree_lock(sch);
@@ -331,10 +263,6 @@ static int prio_dump(struct Qdisc *sch, struct sk_buff *skb)
331 nest = nla_nest_compat_start(skb, TCA_OPTIONS, sizeof(opt), &opt); 263 nest = nla_nest_compat_start(skb, TCA_OPTIONS, sizeof(opt), &opt);
332 if (nest == NULL) 264 if (nest == NULL)
333 goto nla_put_failure; 265 goto nla_put_failure;
334 if (q->mq) {
335 if (nla_put_flag(skb, TCA_PRIO_MQ) < 0)
336 goto nla_put_failure;
337 }
338 nla_nest_compat_end(skb, nest); 266 nla_nest_compat_end(skb, nest);
339 267
340 return skb->len; 268 return skb->len;
@@ -507,44 +435,17 @@ static struct Qdisc_ops prio_qdisc_ops __read_mostly = {
507 .owner = THIS_MODULE, 435 .owner = THIS_MODULE,
508}; 436};
509 437
510static struct Qdisc_ops rr_qdisc_ops __read_mostly = {
511 .next = NULL,
512 .cl_ops = &prio_class_ops,
513 .id = "rr",
514 .priv_size = sizeof(struct prio_sched_data),
515 .enqueue = prio_enqueue,
516 .dequeue = rr_dequeue,
517 .requeue = prio_requeue,
518 .drop = prio_drop,
519 .init = prio_init,
520 .reset = prio_reset,
521 .destroy = prio_destroy,
522 .change = prio_tune,
523 .dump = prio_dump,
524 .owner = THIS_MODULE,
525};
526
527static int __init prio_module_init(void) 438static int __init prio_module_init(void)
528{ 439{
529 int err; 440 return register_qdisc(&prio_qdisc_ops);
530
531 err = register_qdisc(&prio_qdisc_ops);
532 if (err < 0)
533 return err;
534 err = register_qdisc(&rr_qdisc_ops);
535 if (err < 0)
536 unregister_qdisc(&prio_qdisc_ops);
537 return err;
538} 441}
539 442
540static void __exit prio_module_exit(void) 443static void __exit prio_module_exit(void)
541{ 444{
542 unregister_qdisc(&prio_qdisc_ops); 445 unregister_qdisc(&prio_qdisc_ops);
543 unregister_qdisc(&rr_qdisc_ops);
544} 446}
545 447
546module_init(prio_module_init) 448module_init(prio_module_init)
547module_exit(prio_module_exit) 449module_exit(prio_module_exit)
548 450
549MODULE_LICENSE("GPL"); 451MODULE_LICENSE("GPL");
550MODULE_ALIAS("sch_rr");
diff --git a/net/sched/sch_red.c b/net/sched/sch_red.c
index 3dcd493f4f4a..5da05839e225 100644
--- a/net/sched/sch_red.c
+++ b/net/sched/sch_red.c
@@ -92,12 +92,12 @@ static int red_enqueue(struct sk_buff *skb, struct Qdisc* sch)
92 break; 92 break;
93 } 93 }
94 94
95 ret = child->enqueue(skb, child); 95 ret = qdisc_enqueue(skb, child);
96 if (likely(ret == NET_XMIT_SUCCESS)) { 96 if (likely(ret == NET_XMIT_SUCCESS)) {
97 sch->bstats.bytes += skb->len; 97 sch->bstats.bytes += qdisc_pkt_len(skb);
98 sch->bstats.packets++; 98 sch->bstats.packets++;
99 sch->q.qlen++; 99 sch->q.qlen++;
100 } else { 100 } else if (net_xmit_drop_count(ret)) {
101 q->stats.pdrop++; 101 q->stats.pdrop++;
102 sch->qstats.drops++; 102 sch->qstats.drops++;
103 } 103 }
@@ -174,33 +174,6 @@ static void red_destroy(struct Qdisc *sch)
174 qdisc_destroy(q->qdisc); 174 qdisc_destroy(q->qdisc);
175} 175}
176 176
177static struct Qdisc *red_create_dflt(struct Qdisc *sch, u32 limit)
178{
179 struct Qdisc *q;
180 struct nlattr *nla;
181 int ret;
182
183 q = qdisc_create_dflt(sch->dev, &bfifo_qdisc_ops,
184 TC_H_MAKE(sch->handle, 1));
185 if (q) {
186 nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)),
187 GFP_KERNEL);
188 if (nla) {
189 nla->nla_type = RTM_NEWQDISC;
190 nla->nla_len = nla_attr_size(sizeof(struct tc_fifo_qopt));
191 ((struct tc_fifo_qopt *)nla_data(nla))->limit = limit;
192
193 ret = q->ops->change(q, nla);
194 kfree(nla);
195
196 if (ret == 0)
197 return q;
198 }
199 qdisc_destroy(q);
200 }
201 return NULL;
202}
203
204static const struct nla_policy red_policy[TCA_RED_MAX + 1] = { 177static const struct nla_policy red_policy[TCA_RED_MAX + 1] = {
205 [TCA_RED_PARMS] = { .len = sizeof(struct tc_red_qopt) }, 178 [TCA_RED_PARMS] = { .len = sizeof(struct tc_red_qopt) },
206 [TCA_RED_STAB] = { .len = RED_STAB_SIZE }, 179 [TCA_RED_STAB] = { .len = RED_STAB_SIZE },
@@ -228,9 +201,9 @@ static int red_change(struct Qdisc *sch, struct nlattr *opt)
228 ctl = nla_data(tb[TCA_RED_PARMS]); 201 ctl = nla_data(tb[TCA_RED_PARMS]);
229 202
230 if (ctl->limit > 0) { 203 if (ctl->limit > 0) {
231 child = red_create_dflt(sch, ctl->limit); 204 child = fifo_create_dflt(sch, &bfifo_qdisc_ops, ctl->limit);
232 if (child == NULL) 205 if (IS_ERR(child))
233 return -ENOMEM; 206 return PTR_ERR(child);
234 } 207 }
235 208
236 sch_tree_lock(sch); 209 sch_tree_lock(sch);
@@ -281,7 +254,8 @@ static int red_dump(struct Qdisc *sch, struct sk_buff *skb)
281 return nla_nest_end(skb, opts); 254 return nla_nest_end(skb, opts);
282 255
283nla_put_failure: 256nla_put_failure:
284 return nla_nest_cancel(skb, opts); 257 nla_nest_cancel(skb, opts);
258 return -EMSGSIZE;
285} 259}
286 260
287static int red_dump_stats(struct Qdisc *sch, struct gnet_dump *d) 261static int red_dump_stats(struct Qdisc *sch, struct gnet_dump *d)
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index f0463d757a98..6e041d10dbdb 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -171,14 +171,14 @@ static unsigned int sfq_classify(struct sk_buff *skb, struct Qdisc *sch,
171 if (!q->filter_list) 171 if (!q->filter_list)
172 return sfq_hash(q, skb) + 1; 172 return sfq_hash(q, skb) + 1;
173 173
174 *qerr = NET_XMIT_BYPASS; 174 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_BYPASS;
175 result = tc_classify(skb, q->filter_list, &res); 175 result = tc_classify(skb, q->filter_list, &res);
176 if (result >= 0) { 176 if (result >= 0) {
177#ifdef CONFIG_NET_CLS_ACT 177#ifdef CONFIG_NET_CLS_ACT
178 switch (result) { 178 switch (result) {
179 case TC_ACT_STOLEN: 179 case TC_ACT_STOLEN:
180 case TC_ACT_QUEUED: 180 case TC_ACT_QUEUED:
181 *qerr = NET_XMIT_SUCCESS; 181 *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN;
182 case TC_ACT_SHOT: 182 case TC_ACT_SHOT:
183 return 0; 183 return 0;
184 } 184 }
@@ -245,7 +245,7 @@ static unsigned int sfq_drop(struct Qdisc *sch)
245 if (d > 1) { 245 if (d > 1) {
246 sfq_index x = q->dep[d + SFQ_DEPTH].next; 246 sfq_index x = q->dep[d + SFQ_DEPTH].next;
247 skb = q->qs[x].prev; 247 skb = q->qs[x].prev;
248 len = skb->len; 248 len = qdisc_pkt_len(skb);
249 __skb_unlink(skb, &q->qs[x]); 249 __skb_unlink(skb, &q->qs[x]);
250 kfree_skb(skb); 250 kfree_skb(skb);
251 sfq_dec(q, x); 251 sfq_dec(q, x);
@@ -261,7 +261,7 @@ static unsigned int sfq_drop(struct Qdisc *sch)
261 q->next[q->tail] = q->next[d]; 261 q->next[q->tail] = q->next[d];
262 q->allot[q->next[d]] += q->quantum; 262 q->allot[q->next[d]] += q->quantum;
263 skb = q->qs[d].prev; 263 skb = q->qs[d].prev;
264 len = skb->len; 264 len = qdisc_pkt_len(skb);
265 __skb_unlink(skb, &q->qs[d]); 265 __skb_unlink(skb, &q->qs[d]);
266 kfree_skb(skb); 266 kfree_skb(skb);
267 sfq_dec(q, d); 267 sfq_dec(q, d);
@@ -285,7 +285,7 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
285 285
286 hash = sfq_classify(skb, sch, &ret); 286 hash = sfq_classify(skb, sch, &ret);
287 if (hash == 0) { 287 if (hash == 0) {
288 if (ret == NET_XMIT_BYPASS) 288 if (ret & __NET_XMIT_BYPASS)
289 sch->qstats.drops++; 289 sch->qstats.drops++;
290 kfree_skb(skb); 290 kfree_skb(skb);
291 return ret; 291 return ret;
@@ -305,7 +305,7 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
305 if (q->qs[x].qlen >= q->limit) 305 if (q->qs[x].qlen >= q->limit)
306 return qdisc_drop(skb, sch); 306 return qdisc_drop(skb, sch);
307 307
308 sch->qstats.backlog += skb->len; 308 sch->qstats.backlog += qdisc_pkt_len(skb);
309 __skb_queue_tail(&q->qs[x], skb); 309 __skb_queue_tail(&q->qs[x], skb);
310 sfq_inc(q, x); 310 sfq_inc(q, x);
311 if (q->qs[x].qlen == 1) { /* The flow is new */ 311 if (q->qs[x].qlen == 1) { /* The flow is new */
@@ -320,7 +320,7 @@ sfq_enqueue(struct sk_buff *skb, struct Qdisc *sch)
320 } 320 }
321 } 321 }
322 if (++sch->q.qlen <= q->limit) { 322 if (++sch->q.qlen <= q->limit) {
323 sch->bstats.bytes += skb->len; 323 sch->bstats.bytes += qdisc_pkt_len(skb);
324 sch->bstats.packets++; 324 sch->bstats.packets++;
325 return 0; 325 return 0;
326 } 326 }
@@ -339,7 +339,7 @@ sfq_requeue(struct sk_buff *skb, struct Qdisc *sch)
339 339
340 hash = sfq_classify(skb, sch, &ret); 340 hash = sfq_classify(skb, sch, &ret);
341 if (hash == 0) { 341 if (hash == 0) {
342 if (ret == NET_XMIT_BYPASS) 342 if (ret & __NET_XMIT_BYPASS)
343 sch->qstats.drops++; 343 sch->qstats.drops++;
344 kfree_skb(skb); 344 kfree_skb(skb);
345 return ret; 345 return ret;
@@ -352,7 +352,7 @@ sfq_requeue(struct sk_buff *skb, struct Qdisc *sch)
352 q->hash[x] = hash; 352 q->hash[x] = hash;
353 } 353 }
354 354
355 sch->qstats.backlog += skb->len; 355 sch->qstats.backlog += qdisc_pkt_len(skb);
356 __skb_queue_head(&q->qs[x], skb); 356 __skb_queue_head(&q->qs[x], skb);
357 /* If selected queue has length q->limit+1, this means that 357 /* If selected queue has length q->limit+1, this means that
358 * all another queues are empty and we do simple tail drop. 358 * all another queues are empty and we do simple tail drop.
@@ -363,7 +363,7 @@ sfq_requeue(struct sk_buff *skb, struct Qdisc *sch)
363 skb = q->qs[x].prev; 363 skb = q->qs[x].prev;
364 __skb_unlink(skb, &q->qs[x]); 364 __skb_unlink(skb, &q->qs[x]);
365 sch->qstats.drops++; 365 sch->qstats.drops++;
366 sch->qstats.backlog -= skb->len; 366 sch->qstats.backlog -= qdisc_pkt_len(skb);
367 kfree_skb(skb); 367 kfree_skb(skb);
368 return NET_XMIT_CN; 368 return NET_XMIT_CN;
369 } 369 }
@@ -411,7 +411,7 @@ sfq_dequeue(struct Qdisc *sch)
411 skb = __skb_dequeue(&q->qs[a]); 411 skb = __skb_dequeue(&q->qs[a]);
412 sfq_dec(q, a); 412 sfq_dec(q, a);
413 sch->q.qlen--; 413 sch->q.qlen--;
414 sch->qstats.backlog -= skb->len; 414 sch->qstats.backlog -= qdisc_pkt_len(skb);
415 415
416 /* Is the slot empty? */ 416 /* Is the slot empty? */
417 if (q->qs[a].qlen == 0) { 417 if (q->qs[a].qlen == 0) {
@@ -423,7 +423,7 @@ sfq_dequeue(struct Qdisc *sch)
423 } 423 }
424 q->next[q->tail] = a; 424 q->next[q->tail] = a;
425 q->allot[a] += q->quantum; 425 q->allot[a] += q->quantum;
426 } else if ((q->allot[a] -= skb->len) <= 0) { 426 } else if ((q->allot[a] -= qdisc_pkt_len(skb)) <= 0) {
427 q->tail = a; 427 q->tail = a;
428 a = q->next[a]; 428 a = q->next[a];
429 q->allot[a] += q->quantum; 429 q->allot[a] += q->quantum;
@@ -461,7 +461,7 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt)
461 return -EINVAL; 461 return -EINVAL;
462 462
463 sch_tree_lock(sch); 463 sch_tree_lock(sch);
464 q->quantum = ctl->quantum ? : psched_mtu(sch->dev); 464 q->quantum = ctl->quantum ? : psched_mtu(qdisc_dev(sch));
465 q->perturb_period = ctl->perturb_period * HZ; 465 q->perturb_period = ctl->perturb_period * HZ;
466 if (ctl->limit) 466 if (ctl->limit)
467 q->limit = min_t(u32, ctl->limit, SFQ_DEPTH - 1); 467 q->limit = min_t(u32, ctl->limit, SFQ_DEPTH - 1);
@@ -502,7 +502,7 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
502 q->max_depth = 0; 502 q->max_depth = 0;
503 q->tail = SFQ_DEPTH; 503 q->tail = SFQ_DEPTH;
504 if (opt == NULL) { 504 if (opt == NULL) {
505 q->quantum = psched_mtu(sch->dev); 505 q->quantum = psched_mtu(qdisc_dev(sch));
506 q->perturb_period = 0; 506 q->perturb_period = 0;
507 q->perturbation = net_random(); 507 q->perturbation = net_random();
508 } else { 508 } else {
@@ -520,7 +520,7 @@ static void sfq_destroy(struct Qdisc *sch)
520{ 520{
521 struct sfq_sched_data *q = qdisc_priv(sch); 521 struct sfq_sched_data *q = qdisc_priv(sch);
522 522
523 tcf_destroy_chain(q->filter_list); 523 tcf_destroy_chain(&q->filter_list);
524 q->perturb_period = 0; 524 q->perturb_period = 0;
525 del_timer_sync(&q->perturb_timer); 525 del_timer_sync(&q->perturb_timer);
526} 526}
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index 0b7d78f59d8c..94c61598b86a 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -123,23 +123,18 @@ static int tbf_enqueue(struct sk_buff *skb, struct Qdisc* sch)
123 struct tbf_sched_data *q = qdisc_priv(sch); 123 struct tbf_sched_data *q = qdisc_priv(sch);
124 int ret; 124 int ret;
125 125
126 if (skb->len > q->max_size) { 126 if (qdisc_pkt_len(skb) > q->max_size)
127 sch->qstats.drops++; 127 return qdisc_reshape_fail(skb, sch);
128#ifdef CONFIG_NET_CLS_ACT
129 if (sch->reshape_fail == NULL || sch->reshape_fail(skb, sch))
130#endif
131 kfree_skb(skb);
132
133 return NET_XMIT_DROP;
134 }
135 128
136 if ((ret = q->qdisc->enqueue(skb, q->qdisc)) != 0) { 129 ret = qdisc_enqueue(skb, q->qdisc);
137 sch->qstats.drops++; 130 if (ret != 0) {
131 if (net_xmit_drop_count(ret))
132 sch->qstats.drops++;
138 return ret; 133 return ret;
139 } 134 }
140 135
141 sch->q.qlen++; 136 sch->q.qlen++;
142 sch->bstats.bytes += skb->len; 137 sch->bstats.bytes += qdisc_pkt_len(skb);
143 sch->bstats.packets++; 138 sch->bstats.packets++;
144 return 0; 139 return 0;
145} 140}
@@ -180,7 +175,7 @@ static struct sk_buff *tbf_dequeue(struct Qdisc* sch)
180 psched_time_t now; 175 psched_time_t now;
181 long toks; 176 long toks;
182 long ptoks = 0; 177 long ptoks = 0;
183 unsigned int len = skb->len; 178 unsigned int len = qdisc_pkt_len(skb);
184 179
185 now = psched_get_time(); 180 now = psched_get_time();
186 toks = psched_tdiff_bounded(now, q->t_c, q->buffer); 181 toks = psched_tdiff_bounded(now, q->t_c, q->buffer);
@@ -242,34 +237,6 @@ static void tbf_reset(struct Qdisc* sch)
242 qdisc_watchdog_cancel(&q->watchdog); 237 qdisc_watchdog_cancel(&q->watchdog);
243} 238}
244 239
245static struct Qdisc *tbf_create_dflt_qdisc(struct Qdisc *sch, u32 limit)
246{
247 struct Qdisc *q;
248 struct nlattr *nla;
249 int ret;
250
251 q = qdisc_create_dflt(sch->dev, &bfifo_qdisc_ops,
252 TC_H_MAKE(sch->handle, 1));
253 if (q) {
254 nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)),
255 GFP_KERNEL);
256 if (nla) {
257 nla->nla_type = RTM_NEWQDISC;
258 nla->nla_len = nla_attr_size(sizeof(struct tc_fifo_qopt));
259 ((struct tc_fifo_qopt *)nla_data(nla))->limit = limit;
260
261 ret = q->ops->change(q, nla);
262 kfree(nla);
263
264 if (ret == 0)
265 return q;
266 }
267 qdisc_destroy(q);
268 }
269
270 return NULL;
271}
272
273static const struct nla_policy tbf_policy[TCA_TBF_MAX + 1] = { 240static const struct nla_policy tbf_policy[TCA_TBF_MAX + 1] = {
274 [TCA_TBF_PARMS] = { .len = sizeof(struct tc_tbf_qopt) }, 241 [TCA_TBF_PARMS] = { .len = sizeof(struct tc_tbf_qopt) },
275 [TCA_TBF_RTAB] = { .type = NLA_BINARY, .len = TC_RTAB_SIZE }, 242 [TCA_TBF_RTAB] = { .type = NLA_BINARY, .len = TC_RTAB_SIZE },
@@ -322,8 +289,11 @@ static int tbf_change(struct Qdisc* sch, struct nlattr *opt)
322 goto done; 289 goto done;
323 290
324 if (qopt->limit > 0) { 291 if (qopt->limit > 0) {
325 if ((child = tbf_create_dflt_qdisc(sch, qopt->limit)) == NULL) 292 child = fifo_create_dflt(sch, &bfifo_qdisc_ops, qopt->limit);
293 if (IS_ERR(child)) {
294 err = PTR_ERR(child);
326 goto done; 295 goto done;
296 }
327 } 297 }
328 298
329 sch_tree_lock(sch); 299 sch_tree_lock(sch);
diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c
index 0444fd0f0d22..d35ef059abb1 100644
--- a/net/sched/sch_teql.c
+++ b/net/sched/sch_teql.c
@@ -78,12 +78,12 @@ struct teql_sched_data
78static int 78static int
79teql_enqueue(struct sk_buff *skb, struct Qdisc* sch) 79teql_enqueue(struct sk_buff *skb, struct Qdisc* sch)
80{ 80{
81 struct net_device *dev = sch->dev; 81 struct net_device *dev = qdisc_dev(sch);
82 struct teql_sched_data *q = qdisc_priv(sch); 82 struct teql_sched_data *q = qdisc_priv(sch);
83 83
84 if (q->q.qlen < dev->tx_queue_len) { 84 if (q->q.qlen < dev->tx_queue_len) {
85 __skb_queue_tail(&q->q, skb); 85 __skb_queue_tail(&q->q, skb);
86 sch->bstats.bytes += skb->len; 86 sch->bstats.bytes += qdisc_pkt_len(skb);
87 sch->bstats.packets++; 87 sch->bstats.packets++;
88 return 0; 88 return 0;
89 } 89 }
@@ -107,17 +107,19 @@ static struct sk_buff *
107teql_dequeue(struct Qdisc* sch) 107teql_dequeue(struct Qdisc* sch)
108{ 108{
109 struct teql_sched_data *dat = qdisc_priv(sch); 109 struct teql_sched_data *dat = qdisc_priv(sch);
110 struct netdev_queue *dat_queue;
110 struct sk_buff *skb; 111 struct sk_buff *skb;
111 112
112 skb = __skb_dequeue(&dat->q); 113 skb = __skb_dequeue(&dat->q);
114 dat_queue = netdev_get_tx_queue(dat->m->dev, 0);
113 if (skb == NULL) { 115 if (skb == NULL) {
114 struct net_device *m = dat->m->dev->qdisc->dev; 116 struct net_device *m = qdisc_dev(dat_queue->qdisc);
115 if (m) { 117 if (m) {
116 dat->m->slaves = sch; 118 dat->m->slaves = sch;
117 netif_wake_queue(m); 119 netif_wake_queue(m);
118 } 120 }
119 } 121 }
120 sch->q.qlen = dat->q.qlen + dat->m->dev->qdisc->q.qlen; 122 sch->q.qlen = dat->q.qlen + dat_queue->qdisc->q.qlen;
121 return skb; 123 return skb;
122} 124}
123 125
@@ -153,10 +155,16 @@ teql_destroy(struct Qdisc* sch)
153 if (q == master->slaves) { 155 if (q == master->slaves) {
154 master->slaves = NEXT_SLAVE(q); 156 master->slaves = NEXT_SLAVE(q);
155 if (q == master->slaves) { 157 if (q == master->slaves) {
158 struct netdev_queue *txq;
159 spinlock_t *root_lock;
160
161 txq = netdev_get_tx_queue(master->dev, 0);
156 master->slaves = NULL; 162 master->slaves = NULL;
157 spin_lock_bh(&master->dev->queue_lock); 163
158 qdisc_reset(master->dev->qdisc); 164 root_lock = qdisc_root_sleeping_lock(txq->qdisc);
159 spin_unlock_bh(&master->dev->queue_lock); 165 spin_lock_bh(root_lock);
166 qdisc_reset(txq->qdisc);
167 spin_unlock_bh(root_lock);
160 } 168 }
161 } 169 }
162 skb_queue_purge(&dat->q); 170 skb_queue_purge(&dat->q);
@@ -170,7 +178,7 @@ teql_destroy(struct Qdisc* sch)
170 178
171static int teql_qdisc_init(struct Qdisc *sch, struct nlattr *opt) 179static int teql_qdisc_init(struct Qdisc *sch, struct nlattr *opt)
172{ 180{
173 struct net_device *dev = sch->dev; 181 struct net_device *dev = qdisc_dev(sch);
174 struct teql_master *m = (struct teql_master*)sch->ops; 182 struct teql_master *m = (struct teql_master*)sch->ops;
175 struct teql_sched_data *q = qdisc_priv(sch); 183 struct teql_sched_data *q = qdisc_priv(sch);
176 184
@@ -216,7 +224,8 @@ static int teql_qdisc_init(struct Qdisc *sch, struct nlattr *opt)
216static int 224static int
217__teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *dev) 225__teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *dev)
218{ 226{
219 struct teql_sched_data *q = qdisc_priv(dev->qdisc); 227 struct netdev_queue *dev_queue = netdev_get_tx_queue(dev, 0);
228 struct teql_sched_data *q = qdisc_priv(dev_queue->qdisc);
220 struct neighbour *mn = skb->dst->neighbour; 229 struct neighbour *mn = skb->dst->neighbour;
221 struct neighbour *n = q->ncache; 230 struct neighbour *n = q->ncache;
222 231
@@ -252,7 +261,8 @@ __teql_resolve(struct sk_buff *skb, struct sk_buff *skb_res, struct net_device *
252static inline int teql_resolve(struct sk_buff *skb, 261static inline int teql_resolve(struct sk_buff *skb,
253 struct sk_buff *skb_res, struct net_device *dev) 262 struct sk_buff *skb_res, struct net_device *dev)
254{ 263{
255 if (dev->qdisc == &noop_qdisc) 264 struct netdev_queue *txq = netdev_get_tx_queue(dev, 0);
265 if (txq->qdisc == &noop_qdisc)
256 return -ENODEV; 266 return -ENODEV;
257 267
258 if (dev->header_ops == NULL || 268 if (dev->header_ops == NULL ||
@@ -268,7 +278,6 @@ static int teql_master_xmit(struct sk_buff *skb, struct net_device *dev)
268 struct Qdisc *start, *q; 278 struct Qdisc *start, *q;
269 int busy; 279 int busy;
270 int nores; 280 int nores;
271 int len = skb->len;
272 int subq = skb_get_queue_mapping(skb); 281 int subq = skb_get_queue_mapping(skb);
273 struct sk_buff *skb_res = NULL; 282 struct sk_buff *skb_res = NULL;
274 283
@@ -282,12 +291,13 @@ restart:
282 goto drop; 291 goto drop;
283 292
284 do { 293 do {
285 struct net_device *slave = q->dev; 294 struct net_device *slave = qdisc_dev(q);
295 struct netdev_queue *slave_txq;
286 296
287 if (slave->qdisc_sleeping != q) 297 slave_txq = netdev_get_tx_queue(slave, 0);
298 if (slave_txq->qdisc_sleeping != q)
288 continue; 299 continue;
289 if (netif_queue_stopped(slave) || 300 if (__netif_subqueue_stopped(slave, subq) ||
290 __netif_subqueue_stopped(slave, subq) ||
291 !netif_running(slave)) { 301 !netif_running(slave)) {
292 busy = 1; 302 busy = 1;
293 continue; 303 continue;
@@ -295,18 +305,19 @@ restart:
295 305
296 switch (teql_resolve(skb, skb_res, slave)) { 306 switch (teql_resolve(skb, skb_res, slave)) {
297 case 0: 307 case 0:
298 if (netif_tx_trylock(slave)) { 308 if (__netif_tx_trylock(slave_txq)) {
299 if (!netif_queue_stopped(slave) && 309 if (!netif_tx_queue_stopped(slave_txq) &&
300 !__netif_subqueue_stopped(slave, subq) && 310 !netif_tx_queue_frozen(slave_txq) &&
301 slave->hard_start_xmit(skb, slave) == 0) { 311 slave->hard_start_xmit(skb, slave) == 0) {
302 netif_tx_unlock(slave); 312 __netif_tx_unlock(slave_txq);
303 master->slaves = NEXT_SLAVE(q); 313 master->slaves = NEXT_SLAVE(q);
304 netif_wake_queue(dev); 314 netif_wake_queue(dev);
305 master->stats.tx_packets++; 315 master->stats.tx_packets++;
306 master->stats.tx_bytes += len; 316 master->stats.tx_bytes +=
317 qdisc_pkt_len(skb);
307 return 0; 318 return 0;
308 } 319 }
309 netif_tx_unlock(slave); 320 __netif_tx_unlock(slave_txq);
310 } 321 }
311 if (netif_queue_stopped(dev)) 322 if (netif_queue_stopped(dev))
312 busy = 1; 323 busy = 1;
@@ -352,7 +363,7 @@ static int teql_master_open(struct net_device *dev)
352 363
353 q = m->slaves; 364 q = m->slaves;
354 do { 365 do {
355 struct net_device *slave = q->dev; 366 struct net_device *slave = qdisc_dev(q);
356 367
357 if (slave == NULL) 368 if (slave == NULL)
358 return -EUNATCH; 369 return -EUNATCH;
@@ -403,7 +414,7 @@ static int teql_master_mtu(struct net_device *dev, int new_mtu)
403 q = m->slaves; 414 q = m->slaves;
404 if (q) { 415 if (q) {
405 do { 416 do {
406 if (new_mtu > q->dev->mtu) 417 if (new_mtu > qdisc_dev(q)->mtu)
407 return -EINVAL; 418 return -EINVAL;
408 } while ((q=NEXT_SLAVE(q)) != m->slaves); 419 } while ((q=NEXT_SLAVE(q)) != m->slaves);
409 } 420 }
diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
index 0b79f869c4ea..58b3e882a187 100644
--- a/net/sctp/Kconfig
+++ b/net/sctp/Kconfig
@@ -47,11 +47,11 @@ config SCTP_DBG_MSG
47 47
48config SCTP_DBG_OBJCNT 48config SCTP_DBG_OBJCNT
49 bool "SCTP: Debug object counts" 49 bool "SCTP: Debug object counts"
50 depends on PROC_FS
50 help 51 help
51 If you say Y, this will enable debugging support for counting the 52 If you say Y, this will enable debugging support for counting the
52 type of objects that are currently allocated. This is useful for 53 type of objects that are currently allocated. This is useful for
53 identifying memory leaks. If the /proc filesystem is enabled this 54 identifying memory leaks. This debug information can be viewed by
54 debug information can be viewed by
55 'cat /proc/net/sctp/sctp_dbg_objcnt' 55 'cat /proc/net/sctp/sctp_dbg_objcnt'
56 56
57 If unsure, say N 57 If unsure, say N
diff --git a/net/sctp/Makefile b/net/sctp/Makefile
index f5356b9d5ee3..6b794734380a 100644
--- a/net/sctp/Makefile
+++ b/net/sctp/Makefile
@@ -9,10 +9,10 @@ sctp-y := sm_statetable.o sm_statefuns.o sm_sideeffect.o \
9 transport.o chunk.o sm_make_chunk.o ulpevent.o \ 9 transport.o chunk.o sm_make_chunk.o ulpevent.o \
10 inqueue.o outqueue.o ulpqueue.o command.o \ 10 inqueue.o outqueue.o ulpqueue.o command.o \
11 tsnmap.o bind_addr.o socket.o primitive.o \ 11 tsnmap.o bind_addr.o socket.o primitive.o \
12 output.o input.o debug.o ssnmap.o proc.o \ 12 output.o input.o debug.o ssnmap.o auth.o
13 auth.o
14 13
15sctp-$(CONFIG_SCTP_DBG_OBJCNT) += objcnt.o 14sctp-$(CONFIG_SCTP_DBG_OBJCNT) += objcnt.o
15sctp-$(CONFIG_PROC_FS) += proc.o
16sctp-$(CONFIG_SYSCTL) += sysctl.o 16sctp-$(CONFIG_SYSCTL) += sysctl.o
17 17
18sctp-$(subst m,y,$(CONFIG_IPV6)) += ipv6.o 18sctp-$(subst m,y,$(CONFIG_IPV6)) += ipv6.o
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index b4cd2b71953f..8472b8b349c4 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -136,6 +136,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
136 136
137 /* Set association default SACK delay */ 137 /* Set association default SACK delay */
138 asoc->sackdelay = msecs_to_jiffies(sp->sackdelay); 138 asoc->sackdelay = msecs_to_jiffies(sp->sackdelay);
139 asoc->sackfreq = sp->sackfreq;
139 140
140 /* Set the association default flags controlling 141 /* Set the association default flags controlling
141 * Heartbeat, SACK delay, and Path MTU Discovery. 142 * Heartbeat, SACK delay, and Path MTU Discovery.
@@ -261,6 +262,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
261 * already received one packet.] 262 * already received one packet.]
262 */ 263 */
263 asoc->peer.sack_needed = 1; 264 asoc->peer.sack_needed = 1;
265 asoc->peer.sack_cnt = 0;
264 266
265 /* Assume that the peer will tell us if he recognizes ASCONF 267 /* Assume that the peer will tell us if he recognizes ASCONF
266 * as part of INIT exchange. 268 * as part of INIT exchange.
@@ -462,7 +464,7 @@ static void sctp_association_destroy(struct sctp_association *asoc)
462 spin_unlock_bh(&sctp_assocs_id_lock); 464 spin_unlock_bh(&sctp_assocs_id_lock);
463 } 465 }
464 466
465 BUG_TRAP(!atomic_read(&asoc->rmem_alloc)); 467 WARN_ON(atomic_read(&asoc->rmem_alloc));
466 468
467 if (asoc->base.malloced) { 469 if (asoc->base.malloced) {
468 kfree(asoc); 470 kfree(asoc);
@@ -474,6 +476,15 @@ static void sctp_association_destroy(struct sctp_association *asoc)
474void sctp_assoc_set_primary(struct sctp_association *asoc, 476void sctp_assoc_set_primary(struct sctp_association *asoc,
475 struct sctp_transport *transport) 477 struct sctp_transport *transport)
476{ 478{
479 int changeover = 0;
480
481 /* it's a changeover only if we already have a primary path
482 * that we are changing
483 */
484 if (asoc->peer.primary_path != NULL &&
485 asoc->peer.primary_path != transport)
486 changeover = 1 ;
487
477 asoc->peer.primary_path = transport; 488 asoc->peer.primary_path = transport;
478 489
479 /* Set a default msg_name for events. */ 490 /* Set a default msg_name for events. */
@@ -499,12 +510,12 @@ void sctp_assoc_set_primary(struct sctp_association *asoc,
499 * double switch to the same destination address. 510 * double switch to the same destination address.
500 */ 511 */
501 if (transport->cacc.changeover_active) 512 if (transport->cacc.changeover_active)
502 transport->cacc.cycling_changeover = 1; 513 transport->cacc.cycling_changeover = changeover;
503 514
504 /* 2) The sender MUST set CHANGEOVER_ACTIVE to indicate that 515 /* 2) The sender MUST set CHANGEOVER_ACTIVE to indicate that
505 * a changeover has occurred. 516 * a changeover has occurred.
506 */ 517 */
507 transport->cacc.changeover_active = 1; 518 transport->cacc.changeover_active = changeover;
508 519
509 /* 3) The sender MUST store the next TSN to be sent in 520 /* 3) The sender MUST store the next TSN to be sent in
510 * next_tsn_at_change. 521 * next_tsn_at_change.
@@ -615,6 +626,7 @@ struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc,
615 * association configured value. 626 * association configured value.
616 */ 627 */
617 peer->sackdelay = asoc->sackdelay; 628 peer->sackdelay = asoc->sackdelay;
629 peer->sackfreq = asoc->sackfreq;
618 630
619 /* Enable/disable heartbeat, SACK delay, and path MTU discovery 631 /* Enable/disable heartbeat, SACK delay, and path MTU discovery
620 * based on association setting. 632 * based on association setting.
@@ -641,6 +653,7 @@ struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc,
641 653
642 SCTP_DEBUG_PRINTK("sctp_assoc_add_peer:association %p PMTU set to " 654 SCTP_DEBUG_PRINTK("sctp_assoc_add_peer:association %p PMTU set to "
643 "%d\n", asoc, asoc->pathmtu); 655 "%d\n", asoc, asoc->pathmtu);
656 peer->pmtu_pending = 0;
644 657
645 asoc->frag_point = sctp_frag_point(sp, asoc->pathmtu); 658 asoc->frag_point = sctp_frag_point(sp, asoc->pathmtu);
646 659
@@ -1203,6 +1216,9 @@ void sctp_assoc_update_retran_path(struct sctp_association *asoc)
1203 struct list_head *head = &asoc->peer.transport_addr_list; 1216 struct list_head *head = &asoc->peer.transport_addr_list;
1204 struct list_head *pos; 1217 struct list_head *pos;
1205 1218
1219 if (asoc->peer.transport_count == 1)
1220 return;
1221
1206 /* Find the next transport in a round-robin fashion. */ 1222 /* Find the next transport in a round-robin fashion. */
1207 t = asoc->peer.retran_path; 1223 t = asoc->peer.retran_path;
1208 pos = &t->transports; 1224 pos = &t->transports;
@@ -1217,6 +1233,15 @@ void sctp_assoc_update_retran_path(struct sctp_association *asoc)
1217 1233
1218 t = list_entry(pos, struct sctp_transport, transports); 1234 t = list_entry(pos, struct sctp_transport, transports);
1219 1235
1236 /* We have exhausted the list, but didn't find any
1237 * other active transports. If so, use the next
1238 * transport.
1239 */
1240 if (t == asoc->peer.retran_path) {
1241 t = next;
1242 break;
1243 }
1244
1220 /* Try to find an active transport. */ 1245 /* Try to find an active transport. */
1221 1246
1222 if ((t->state == SCTP_ACTIVE) || 1247 if ((t->state == SCTP_ACTIVE) ||
@@ -1229,15 +1254,6 @@ void sctp_assoc_update_retran_path(struct sctp_association *asoc)
1229 if (!next) 1254 if (!next)
1230 next = t; 1255 next = t;
1231 } 1256 }
1232
1233 /* We have exhausted the list, but didn't find any
1234 * other active transports. If so, use the next
1235 * transport.
1236 */
1237 if (t == asoc->peer.retran_path) {
1238 t = next;
1239 break;
1240 }
1241 } 1257 }
1242 1258
1243 asoc->peer.retran_path = t; 1259 asoc->peer.retran_path = t;
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 675a5c3e68a6..52db5f60daa0 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -80,6 +80,10 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
80{ 80{
81 struct sctp_auth_bytes *key; 81 struct sctp_auth_bytes *key;
82 82
83 /* Verify that we are not going to overflow INT_MAX */
84 if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes))
85 return NULL;
86
83 /* Allocate the shared key */ 87 /* Allocate the shared key */
84 key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp); 88 key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
85 if (!key) 89 if (!key)
@@ -782,6 +786,9 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
782 for (i = 0; i < hmacs->shmac_num_idents; i++) { 786 for (i = 0; i < hmacs->shmac_num_idents; i++) {
783 id = hmacs->shmac_idents[i]; 787 id = hmacs->shmac_idents[i];
784 788
789 if (id > SCTP_AUTH_HMAC_ID_MAX)
790 return -EOPNOTSUPP;
791
785 if (SCTP_AUTH_HMAC_ID_SHA1 == id) 792 if (SCTP_AUTH_HMAC_ID_SHA1 == id)
786 has_sha1 = 1; 793 has_sha1 = 1;
787 794
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 80e6df06967a..f62bc2468935 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -348,6 +348,43 @@ int sctp_bind_addr_match(struct sctp_bind_addr *bp,
348 return match; 348 return match;
349} 349}
350 350
351/* Does the address 'addr' conflict with any addresses in
352 * the bp.
353 */
354int sctp_bind_addr_conflict(struct sctp_bind_addr *bp,
355 const union sctp_addr *addr,
356 struct sctp_sock *bp_sp,
357 struct sctp_sock *addr_sp)
358{
359 struct sctp_sockaddr_entry *laddr;
360 int conflict = 0;
361 struct sctp_sock *sp;
362
363 /* Pick the IPv6 socket as the basis of comparison
364 * since it's usually a superset of the IPv4.
365 * If there is no IPv6 socket, then default to bind_addr.
366 */
367 if (sctp_opt2sk(bp_sp)->sk_family == AF_INET6)
368 sp = bp_sp;
369 else if (sctp_opt2sk(addr_sp)->sk_family == AF_INET6)
370 sp = addr_sp;
371 else
372 sp = bp_sp;
373
374 rcu_read_lock();
375 list_for_each_entry_rcu(laddr, &bp->address_list, list) {
376 if (!laddr->valid)
377 continue;
378
379 conflict = sp->pf->cmp_addr(&laddr->a, addr, sp);
380 if (conflict)
381 break;
382 }
383 rcu_read_unlock();
384
385 return conflict;
386}
387
351/* Get the state of the entry in the bind_addr_list */ 388/* Get the state of the entry in the bind_addr_list */
352int sctp_bind_addr_state(const struct sctp_bind_addr *bp, 389int sctp_bind_addr_state(const struct sctp_bind_addr *bp,
353 const union sctp_addr *addr) 390 const union sctp_addr *addr)
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index e39a0cdef184..4c8d9f45ce09 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -103,6 +103,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
103 103
104 /* Initialize the CHUNKS parameter */ 104 /* Initialize the CHUNKS parameter */
105 auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS; 105 auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
106 auth_chunks->param_hdr.length = htons(sizeof(sctp_paramhdr_t));
106 107
107 /* If the Add-IP functionality is enabled, we must 108 /* If the Add-IP functionality is enabled, we must
108 * authenticate, ASCONF and ASCONF-ACK chunks 109 * authenticate, ASCONF and ASCONF-ACK chunks
@@ -110,8 +111,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
110 if (sctp_addip_enable) { 111 if (sctp_addip_enable) {
111 auth_chunks->chunks[0] = SCTP_CID_ASCONF; 112 auth_chunks->chunks[0] = SCTP_CID_ASCONF;
112 auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK; 113 auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
113 auth_chunks->param_hdr.length = 114 auth_chunks->param_hdr.length += htons(2);
114 htons(sizeof(sctp_paramhdr_t) + 2);
115 } 115 }
116 } 116 }
117 117
diff --git a/net/sctp/input.c b/net/sctp/input.c
index ca6b022b1df2..a49fa80b57b9 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -61,6 +61,7 @@
61#include <net/sctp/sctp.h> 61#include <net/sctp/sctp.h>
62#include <net/sctp/sm.h> 62#include <net/sctp/sm.h>
63#include <net/sctp/checksum.h> 63#include <net/sctp/checksum.h>
64#include <net/net_namespace.h>
64 65
65/* Forward declarations for internal helpers. */ 66/* Forward declarations for internal helpers. */
66static int sctp_rcv_ootb(struct sk_buff *); 67static int sctp_rcv_ootb(struct sk_buff *);
@@ -82,8 +83,8 @@ static inline int sctp_rcv_checksum(struct sk_buff *skb)
82{ 83{
83 struct sk_buff *list = skb_shinfo(skb)->frag_list; 84 struct sk_buff *list = skb_shinfo(skb)->frag_list;
84 struct sctphdr *sh = sctp_hdr(skb); 85 struct sctphdr *sh = sctp_hdr(skb);
85 __u32 cmp = ntohl(sh->checksum); 86 __be32 cmp = sh->checksum;
86 __u32 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb)); 87 __be32 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb));
87 88
88 for (; list; list = list->next) 89 for (; list; list = list->next)
89 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list), 90 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list),
@@ -430,6 +431,9 @@ struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
430 struct sock *sk = NULL; 431 struct sock *sk = NULL;
431 struct sctp_association *asoc; 432 struct sctp_association *asoc;
432 struct sctp_transport *transport = NULL; 433 struct sctp_transport *transport = NULL;
434 struct sctp_init_chunk *chunkhdr;
435 __u32 vtag = ntohl(sctphdr->vtag);
436 int len = skb->len - ((void *)sctphdr - (void *)skb->data);
433 437
434 *app = NULL; *tpp = NULL; 438 *app = NULL; *tpp = NULL;
435 439
@@ -451,8 +455,28 @@ struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
451 455
452 sk = asoc->base.sk; 456 sk = asoc->base.sk;
453 457
454 if (ntohl(sctphdr->vtag) != asoc->c.peer_vtag) { 458 /* RFC 4960, Appendix C. ICMP Handling
455 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 459 *
460 * ICMP6) An implementation MUST validate that the Verification Tag
461 * contained in the ICMP message matches the Verification Tag of
462 * the peer. If the Verification Tag is not 0 and does NOT
463 * match, discard the ICMP message. If it is 0 and the ICMP
464 * message contains enough bytes to verify that the chunk type is
465 * an INIT chunk and that the Initiate Tag matches the tag of the
466 * peer, continue with ICMP7. If the ICMP message is too short
467 * or the chunk type or the Initiate Tag does not match, silently
468 * discard the packet.
469 */
470 if (vtag == 0) {
471 chunkhdr = (struct sctp_init_chunk *)((void *)sctphdr
472 + sizeof(struct sctphdr));
473 if (len < sizeof(struct sctphdr) + sizeof(sctp_chunkhdr_t)
474 + sizeof(__be32) ||
475 chunkhdr->chunk_hdr.type != SCTP_CID_INIT ||
476 ntohl(chunkhdr->init_hdr.init_tag) != asoc->c.my_vtag) {
477 goto out;
478 }
479 } else if (vtag != asoc->c.peer_vtag) {
456 goto out; 480 goto out;
457 } 481 }
458 482
@@ -462,7 +486,7 @@ struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
462 * servers this needs to be solved differently. 486 * servers this needs to be solved differently.
463 */ 487 */
464 if (sock_owned_by_user(sk)) 488 if (sock_owned_by_user(sk))
465 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 489 NET_INC_STATS_BH(&init_net, LINUX_MIB_LOCKDROPPEDICMPS);
466 490
467 *app = asoc; 491 *app = asoc;
468 *tpp = transport; 492 *tpp = transport;
@@ -511,7 +535,7 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info)
511 int err; 535 int err;
512 536
513 if (skb->len < ihlen + 8) { 537 if (skb->len < ihlen + 8) {
514 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 538 ICMP_INC_STATS_BH(&init_net, ICMP_MIB_INERRORS);
515 return; 539 return;
516 } 540 }
517 541
@@ -525,7 +549,7 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info)
525 skb->network_header = saveip; 549 skb->network_header = saveip;
526 skb->transport_header = savesctp; 550 skb->transport_header = savesctp;
527 if (!sk) { 551 if (!sk) {
528 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 552 ICMP_INC_STATS_BH(&init_net, ICMP_MIB_INERRORS);
529 return; 553 return;
530 } 554 }
531 /* Warning: The sock lock is held. Remember to call 555 /* Warning: The sock lock is held. Remember to call
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index e45e44c60635..47f91afa0211 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -195,8 +195,7 @@ out:
195} 195}
196 196
197/* Based on tcp_v6_xmit() in tcp_ipv6.c. */ 197/* Based on tcp_v6_xmit() in tcp_ipv6.c. */
198static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport, 198static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
199 int ipfragok)
200{ 199{
201 struct sock *sk = skb->sk; 200 struct sock *sk = skb->sk;
202 struct ipv6_pinfo *np = inet6_sk(sk); 201 struct ipv6_pinfo *np = inet6_sk(sk);
@@ -231,7 +230,10 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport,
231 230
232 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); 231 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS);
233 232
234 return ip6_xmit(sk, skb, &fl, np->opt, ipfragok); 233 if (!(transport->param_flags & SPP_PMTUD_ENABLE))
234 skb->local_df = 1;
235
236 return ip6_xmit(sk, skb, &fl, np->opt, 0);
235} 237}
236 238
237/* Returns the dst cache entry for the given source and destination ip 239/* Returns the dst cache entry for the given source and destination ip
@@ -299,7 +301,8 @@ static inline int sctp_v6_addr_match_len(union sctp_addr *s1,
299/* Fills in the source address(saddr) based on the destination address(daddr) 301/* Fills in the source address(saddr) based on the destination address(daddr)
300 * and asoc's bind address list. 302 * and asoc's bind address list.
301 */ 303 */
302static void sctp_v6_get_saddr(struct sctp_association *asoc, 304static void sctp_v6_get_saddr(struct sctp_sock *sk,
305 struct sctp_association *asoc,
303 struct dst_entry *dst, 306 struct dst_entry *dst,
304 union sctp_addr *daddr, 307 union sctp_addr *daddr,
305 union sctp_addr *saddr) 308 union sctp_addr *saddr)
@@ -316,9 +319,10 @@ static void sctp_v6_get_saddr(struct sctp_association *asoc,
316 __func__, asoc, dst, NIP6(daddr->v6.sin6_addr)); 319 __func__, asoc, dst, NIP6(daddr->v6.sin6_addr));
317 320
318 if (!asoc) { 321 if (!asoc) {
319 ipv6_dev_get_saddr(dst ? ip6_dst_idev(dst)->dev : NULL, 322 ipv6_dev_get_saddr(sock_net(sctp_opt2sk(sk)),
323 dst ? ip6_dst_idev(dst)->dev : NULL,
320 &daddr->v6.sin6_addr, 324 &daddr->v6.sin6_addr,
321 inet6_sk(asoc->base.sk)->srcprefs, 325 inet6_sk(&sk->inet.sk)->srcprefs,
322 &saddr->v6.sin6_addr); 326 &saddr->v6.sin6_addr);
323 SCTP_DEBUG_PRINTK("saddr from ipv6_get_saddr: " NIP6_FMT "\n", 327 SCTP_DEBUG_PRINTK("saddr from ipv6_get_saddr: " NIP6_FMT "\n",
324 NIP6(saddr->v6.sin6_addr)); 328 NIP6(saddr->v6.sin6_addr));
@@ -726,6 +730,11 @@ static void sctp_v6_seq_dump_addr(struct seq_file *seq, union sctp_addr *addr)
726 seq_printf(seq, NIP6_FMT " ", NIP6(addr->v6.sin6_addr)); 730 seq_printf(seq, NIP6_FMT " ", NIP6(addr->v6.sin6_addr));
727} 731}
728 732
733static void sctp_v6_ecn_capable(struct sock *sk)
734{
735 inet6_sk(sk)->tclass |= INET_ECN_ECT_0;
736}
737
729/* Initialize a PF_INET6 socket msg_name. */ 738/* Initialize a PF_INET6 socket msg_name. */
730static void sctp_inet6_msgname(char *msgname, int *addr_len) 739static void sctp_inet6_msgname(char *msgname, int *addr_len)
731{ 740{
@@ -812,7 +821,7 @@ static int sctp_inet6_af_supported(sa_family_t family, struct sctp_sock *sp)
812 return 1; 821 return 1;
813 /* v4-mapped-v6 addresses */ 822 /* v4-mapped-v6 addresses */
814 case AF_INET: 823 case AF_INET:
815 if (!__ipv6_only_sock(sctp_opt2sk(sp)) && sp->v4mapped) 824 if (!__ipv6_only_sock(sctp_opt2sk(sp)))
816 return 1; 825 return 1;
817 default: 826 default:
818 return 0; 827 return 0;
@@ -834,6 +843,11 @@ static int sctp_inet6_cmp_addr(const union sctp_addr *addr1,
834 843
835 if (!af1 || !af2) 844 if (!af1 || !af2)
836 return 0; 845 return 0;
846
847 /* If the socket is IPv6 only, v4 addrs will not match */
848 if (__ipv6_only_sock(sctp_opt2sk(opt)) && af1 != af2)
849 return 0;
850
837 /* Today, wildcard AF_INET/AF_INET6. */ 851 /* Today, wildcard AF_INET/AF_INET6. */
838 if (sctp_is_any(addr1) || sctp_is_any(addr2)) 852 if (sctp_is_any(addr1) || sctp_is_any(addr2))
839 return 1; 853 return 1;
@@ -870,7 +884,11 @@ static int sctp_inet6_bind_verify(struct sctp_sock *opt, union sctp_addr *addr)
870 return 0; 884 return 0;
871 } 885 }
872 dev_put(dev); 886 dev_put(dev);
887 } else if (type == IPV6_ADDR_MAPPED) {
888 if (!opt->v4mapped)
889 return 0;
873 } 890 }
891
874 af = opt->pf->af; 892 af = opt->pf->af;
875 } 893 }
876 return af->available(addr, opt); 894 return af->available(addr, opt);
@@ -913,9 +931,12 @@ static int sctp_inet6_send_verify(struct sctp_sock *opt, union sctp_addr *addr)
913static int sctp_inet6_supported_addrs(const struct sctp_sock *opt, 931static int sctp_inet6_supported_addrs(const struct sctp_sock *opt,
914 __be16 *types) 932 __be16 *types)
915{ 933{
916 types[0] = SCTP_PARAM_IPV4_ADDRESS; 934 types[0] = SCTP_PARAM_IPV6_ADDRESS;
917 types[1] = SCTP_PARAM_IPV6_ADDRESS; 935 if (!opt || !ipv6_only_sock(sctp_opt2sk(opt))) {
918 return 2; 936 types[1] = SCTP_PARAM_IPV4_ADDRESS;
937 return 2;
938 }
939 return 1;
919} 940}
920 941
921static const struct proto_ops inet6_seqpacket_ops = { 942static const struct proto_ops inet6_seqpacket_ops = {
@@ -996,6 +1017,7 @@ static struct sctp_af sctp_af_inet6 = {
996 .skb_iif = sctp_v6_skb_iif, 1017 .skb_iif = sctp_v6_skb_iif,
997 .is_ce = sctp_v6_is_ce, 1018 .is_ce = sctp_v6_is_ce,
998 .seq_dump_addr = sctp_v6_seq_dump_addr, 1019 .seq_dump_addr = sctp_v6_seq_dump_addr,
1020 .ecn_capable = sctp_v6_ecn_capable,
999 .net_header_len = sizeof(struct ipv6hdr), 1021 .net_header_len = sizeof(struct ipv6hdr),
1000 .sockaddr_len = sizeof(struct sockaddr_in6), 1022 .sockaddr_len = sizeof(struct sockaddr_in6),
1001#ifdef CONFIG_COMPAT 1023#ifdef CONFIG_COMPAT
diff --git a/net/sctp/output.c b/net/sctp/output.c
index cf4f9fb6819d..0dc4a7dfb234 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -50,6 +50,7 @@
50#include <linux/init.h> 50#include <linux/init.h>
51#include <net/inet_ecn.h> 51#include <net/inet_ecn.h>
52#include <net/icmp.h> 52#include <net/icmp.h>
53#include <net/net_namespace.h>
53 54
54#ifndef TEST_FRAME 55#ifndef TEST_FRAME
55#include <net/tcp.h> 56#include <net/tcp.h>
@@ -157,7 +158,8 @@ void sctp_packet_free(struct sctp_packet *packet)
157 * packet can be sent only after receiving the COOKIE_ACK. 158 * packet can be sent only after receiving the COOKIE_ACK.
158 */ 159 */
159sctp_xmit_t sctp_packet_transmit_chunk(struct sctp_packet *packet, 160sctp_xmit_t sctp_packet_transmit_chunk(struct sctp_packet *packet,
160 struct sctp_chunk *chunk) 161 struct sctp_chunk *chunk,
162 int one_packet)
161{ 163{
162 sctp_xmit_t retval; 164 sctp_xmit_t retval;
163 int error = 0; 165 int error = 0;
@@ -175,7 +177,9 @@ sctp_xmit_t sctp_packet_transmit_chunk(struct sctp_packet *packet,
175 /* If we have an empty packet, then we can NOT ever 177 /* If we have an empty packet, then we can NOT ever
176 * return PMTU_FULL. 178 * return PMTU_FULL.
177 */ 179 */
178 retval = sctp_packet_append_chunk(packet, chunk); 180 if (!one_packet)
181 retval = sctp_packet_append_chunk(packet,
182 chunk);
179 } 183 }
180 break; 184 break;
181 185
@@ -361,7 +365,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
361 struct sctp_transport *tp = packet->transport; 365 struct sctp_transport *tp = packet->transport;
362 struct sctp_association *asoc = tp->asoc; 366 struct sctp_association *asoc = tp->asoc;
363 struct sctphdr *sh; 367 struct sctphdr *sh;
364 __u32 crc32 = 0; 368 __be32 crc32 = __constant_cpu_to_be32(0);
365 struct sk_buff *nskb; 369 struct sk_buff *nskb;
366 struct sctp_chunk *chunk, *tmp; 370 struct sctp_chunk *chunk, *tmp;
367 struct sock *sk; 371 struct sock *sk;
@@ -534,7 +538,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
534 /* 3) Put the resultant value into the checksum field in the 538 /* 3) Put the resultant value into the checksum field in the
535 * common header, and leave the rest of the bits unchanged. 539 * common header, and leave the rest of the bits unchanged.
536 */ 540 */
537 sh->checksum = htonl(crc32); 541 sh->checksum = crc32;
538 542
539 /* IP layer ECN support 543 /* IP layer ECN support
540 * From RFC 2481 544 * From RFC 2481
@@ -548,7 +552,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
548 * Note: The works for IPv6 layer checks this bit too later 552 * Note: The works for IPv6 layer checks this bit too later
549 * in transmission. See IP6_ECN_flow_xmit(). 553 * in transmission. See IP6_ECN_flow_xmit().
550 */ 554 */
551 INET_ECN_xmit(nskb->sk); 555 (*tp->af_specific->ecn_capable)(nskb->sk);
552 556
553 /* Set up the IP options. */ 557 /* Set up the IP options. */
554 /* BUG: not implemented 558 /* BUG: not implemented
@@ -582,17 +586,15 @@ int sctp_packet_transmit(struct sctp_packet *packet)
582 SCTP_DEBUG_PRINTK("***sctp_transmit_packet*** skb len %d\n", 586 SCTP_DEBUG_PRINTK("***sctp_transmit_packet*** skb len %d\n",
583 nskb->len); 587 nskb->len);
584 588
585 if (tp->param_flags & SPP_PMTUD_ENABLE) 589 nskb->local_df = packet->ipfragok;
586 (*tp->af_specific->sctp_xmit)(nskb, tp, packet->ipfragok); 590 (*tp->af_specific->sctp_xmit)(nskb, tp);
587 else
588 (*tp->af_specific->sctp_xmit)(nskb, tp, 1);
589 591
590out: 592out:
591 packet->size = packet->overhead; 593 packet->size = packet->overhead;
592 return err; 594 return err;
593no_route: 595no_route:
594 kfree_skb(nskb); 596 kfree_skb(nskb);
595 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 597 IP_INC_STATS_BH(&init_net, IPSTATS_MIB_OUTNOROUTES);
596 598
597 /* FIXME: Returning the 'err' will effect all the associations 599 /* FIXME: Returning the 'err' will effect all the associations
598 * associated with a socket, although only one of the paths of the 600 * associated with a socket, although only one of the paths of the
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 59edfd25a19c..4328ad5439c9 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -71,6 +71,8 @@ static void sctp_mark_missing(struct sctp_outq *q,
71 71
72static void sctp_generate_fwdtsn(struct sctp_outq *q, __u32 sack_ctsn); 72static void sctp_generate_fwdtsn(struct sctp_outq *q, __u32 sack_ctsn);
73 73
74static int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout);
75
74/* Add data to the front of the queue. */ 76/* Add data to the front of the queue. */
75static inline void sctp_outq_head_data(struct sctp_outq *q, 77static inline void sctp_outq_head_data(struct sctp_outq *q,
76 struct sctp_chunk *ch) 78 struct sctp_chunk *ch)
@@ -208,6 +210,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q)
208 INIT_LIST_HEAD(&q->sacked); 210 INIT_LIST_HEAD(&q->sacked);
209 INIT_LIST_HEAD(&q->abandoned); 211 INIT_LIST_HEAD(&q->abandoned);
210 212
213 q->fast_rtx = 0;
211 q->outstanding_bytes = 0; 214 q->outstanding_bytes = 0;
212 q->empty = 1; 215 q->empty = 1;
213 q->cork = 0; 216 q->cork = 0;
@@ -500,6 +503,7 @@ void sctp_retransmit(struct sctp_outq *q, struct sctp_transport *transport,
500 case SCTP_RTXR_FAST_RTX: 503 case SCTP_RTXR_FAST_RTX:
501 SCTP_INC_STATS(SCTP_MIB_FAST_RETRANSMITS); 504 SCTP_INC_STATS(SCTP_MIB_FAST_RETRANSMITS);
502 sctp_transport_lower_cwnd(transport, SCTP_LOWER_CWND_FAST_RTX); 505 sctp_transport_lower_cwnd(transport, SCTP_LOWER_CWND_FAST_RTX);
506 q->fast_rtx = 1;
503 break; 507 break;
504 case SCTP_RTXR_PMTUD: 508 case SCTP_RTXR_PMTUD:
505 SCTP_INC_STATS(SCTP_MIB_PMTUD_RETRANSMITS); 509 SCTP_INC_STATS(SCTP_MIB_PMTUD_RETRANSMITS);
@@ -518,9 +522,15 @@ void sctp_retransmit(struct sctp_outq *q, struct sctp_transport *transport,
518 * the sender SHOULD try to advance the "Advanced.Peer.Ack.Point" by 522 * the sender SHOULD try to advance the "Advanced.Peer.Ack.Point" by
519 * following the procedures outlined in C1 - C5. 523 * following the procedures outlined in C1 - C5.
520 */ 524 */
521 sctp_generate_fwdtsn(q, q->asoc->ctsn_ack_point); 525 if (reason == SCTP_RTXR_T3_RTX)
526 sctp_generate_fwdtsn(q, q->asoc->ctsn_ack_point);
522 527
523 error = sctp_outq_flush(q, /* rtx_timeout */ 1); 528 /* Flush the queues only on timeout, since fast_rtx is only
529 * triggered during sack processing and the queue
530 * will be flushed at the end.
531 */
532 if (reason != SCTP_RTXR_FAST_RTX)
533 error = sctp_outq_flush(q, /* rtx_timeout */ 1);
524 534
525 if (error) 535 if (error)
526 q->asoc->base.sk->sk_err = -error; 536 q->asoc->base.sk->sk_err = -error;
@@ -538,17 +548,23 @@ static int sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
538 int rtx_timeout, int *start_timer) 548 int rtx_timeout, int *start_timer)
539{ 549{
540 struct list_head *lqueue; 550 struct list_head *lqueue;
541 struct list_head *lchunk;
542 struct sctp_transport *transport = pkt->transport; 551 struct sctp_transport *transport = pkt->transport;
543 sctp_xmit_t status; 552 sctp_xmit_t status;
544 struct sctp_chunk *chunk, *chunk1; 553 struct sctp_chunk *chunk, *chunk1;
545 struct sctp_association *asoc; 554 struct sctp_association *asoc;
555 int fast_rtx;
546 int error = 0; 556 int error = 0;
557 int timer = 0;
558 int done = 0;
547 559
548 asoc = q->asoc; 560 asoc = q->asoc;
549 lqueue = &q->retransmit; 561 lqueue = &q->retransmit;
562 fast_rtx = q->fast_rtx;
550 563
551 /* RFC 2960 6.3.3 Handle T3-rtx Expiration 564 /* This loop handles time-out retransmissions, fast retransmissions,
565 * and retransmissions due to opening of whindow.
566 *
567 * RFC 2960 6.3.3 Handle T3-rtx Expiration
552 * 568 *
553 * E3) Determine how many of the earliest (i.e., lowest TSN) 569 * E3) Determine how many of the earliest (i.e., lowest TSN)
554 * outstanding DATA chunks for the address for which the 570 * outstanding DATA chunks for the address for which the
@@ -563,12 +579,12 @@ static int sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
563 * [Just to be painfully clear, if we are retransmitting 579 * [Just to be painfully clear, if we are retransmitting
564 * because a timeout just happened, we should send only ONE 580 * because a timeout just happened, we should send only ONE
565 * packet of retransmitted data.] 581 * packet of retransmitted data.]
582 *
583 * For fast retransmissions we also send only ONE packet. However,
584 * if we are just flushing the queue due to open window, we'll
585 * try to send as much as possible.
566 */ 586 */
567 lchunk = sctp_list_dequeue(lqueue); 587 list_for_each_entry_safe(chunk, chunk1, lqueue, transmitted_list) {
568
569 while (lchunk) {
570 chunk = list_entry(lchunk, struct sctp_chunk,
571 transmitted_list);
572 588
573 /* Make sure that Gap Acked TSNs are not retransmitted. A 589 /* Make sure that Gap Acked TSNs are not retransmitted. A
574 * simple approach is just to move such TSNs out of the 590 * simple approach is just to move such TSNs out of the
@@ -576,58 +592,60 @@ static int sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
576 * next chunk. 592 * next chunk.
577 */ 593 */
578 if (chunk->tsn_gap_acked) { 594 if (chunk->tsn_gap_acked) {
579 list_add_tail(lchunk, &transport->transmitted); 595 list_del(&chunk->transmitted_list);
580 lchunk = sctp_list_dequeue(lqueue); 596 list_add_tail(&chunk->transmitted_list,
597 &transport->transmitted);
581 continue; 598 continue;
582 } 599 }
583 600
601 /* If we are doing fast retransmit, ignore non-fast_rtransmit
602 * chunks
603 */
604 if (fast_rtx && !chunk->fast_retransmit)
605 continue;
606
584 /* Attempt to append this chunk to the packet. */ 607 /* Attempt to append this chunk to the packet. */
585 status = sctp_packet_append_chunk(pkt, chunk); 608 status = sctp_packet_append_chunk(pkt, chunk);
586 609
587 switch (status) { 610 switch (status) {
588 case SCTP_XMIT_PMTU_FULL: 611 case SCTP_XMIT_PMTU_FULL:
589 /* Send this packet. */ 612 /* Send this packet. */
590 if ((error = sctp_packet_transmit(pkt)) == 0) 613 error = sctp_packet_transmit(pkt);
591 *start_timer = 1;
592 614
593 /* If we are retransmitting, we should only 615 /* If we are retransmitting, we should only
594 * send a single packet. 616 * send a single packet.
595 */ 617 */
596 if (rtx_timeout) { 618 if (rtx_timeout || fast_rtx)
597 list_add(lchunk, lqueue); 619 done = 1;
598 lchunk = NULL;
599 }
600 620
601 /* Bundle lchunk in the next round. */ 621 /* Bundle next chunk in the next round. */
602 break; 622 break;
603 623
604 case SCTP_XMIT_RWND_FULL: 624 case SCTP_XMIT_RWND_FULL:
605 /* Send this packet. */ 625 /* Send this packet. */
606 if ((error = sctp_packet_transmit(pkt)) == 0) 626 error = sctp_packet_transmit(pkt);
607 *start_timer = 1;
608 627
609 /* Stop sending DATA as there is no more room 628 /* Stop sending DATA as there is no more room
610 * at the receiver. 629 * at the receiver.
611 */ 630 */
612 list_add(lchunk, lqueue); 631 done = 1;
613 lchunk = NULL;
614 break; 632 break;
615 633
616 case SCTP_XMIT_NAGLE_DELAY: 634 case SCTP_XMIT_NAGLE_DELAY:
617 /* Send this packet. */ 635 /* Send this packet. */
618 if ((error = sctp_packet_transmit(pkt)) == 0) 636 error = sctp_packet_transmit(pkt);
619 *start_timer = 1;
620 637
621 /* Stop sending DATA because of nagle delay. */ 638 /* Stop sending DATA because of nagle delay. */
622 list_add(lchunk, lqueue); 639 done = 1;
623 lchunk = NULL;
624 break; 640 break;
625 641
626 default: 642 default:
627 /* The append was successful, so add this chunk to 643 /* The append was successful, so add this chunk to
628 * the transmitted list. 644 * the transmitted list.
629 */ 645 */
630 list_add_tail(lchunk, &transport->transmitted); 646 list_del(&chunk->transmitted_list);
647 list_add_tail(&chunk->transmitted_list,
648 &transport->transmitted);
631 649
632 /* Mark the chunk as ineligible for fast retransmit 650 /* Mark the chunk as ineligible for fast retransmit
633 * after it is retransmitted. 651 * after it is retransmitted.
@@ -635,27 +653,44 @@ static int sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
635 if (chunk->fast_retransmit > 0) 653 if (chunk->fast_retransmit > 0)
636 chunk->fast_retransmit = -1; 654 chunk->fast_retransmit = -1;
637 655
638 *start_timer = 1; 656 /* Force start T3-rtx timer when fast retransmitting
639 q->empty = 0; 657 * the earliest outstanding TSN
658 */
659 if (!timer && fast_rtx &&
660 ntohl(chunk->subh.data_hdr->tsn) ==
661 asoc->ctsn_ack_point + 1)
662 timer = 2;
640 663
641 /* Retrieve a new chunk to bundle. */ 664 q->empty = 0;
642 lchunk = sctp_list_dequeue(lqueue);
643 break; 665 break;
644 } 666 }
645 667
646 /* If we are here due to a retransmit timeout or a fast 668 /* Set the timer if there were no errors */
647 * retransmit and if there are any chunks left in the retransmit 669 if (!error && !timer)
648 * queue that could not fit in the PMTU sized packet, they need 670 timer = 1;
649 * to be marked as ineligible for a subsequent fast retransmit. 671
650 */ 672 if (done)
651 if (rtx_timeout && !lchunk) { 673 break;
652 list_for_each_entry(chunk1, lqueue, transmitted_list) { 674 }
653 if (chunk1->fast_retransmit > 0) 675
654 chunk1->fast_retransmit = -1; 676 /* If we are here due to a retransmit timeout or a fast
655 } 677 * retransmit and if there are any chunks left in the retransmit
678 * queue that could not fit in the PMTU sized packet, they need
679 * to be marked as ineligible for a subsequent fast retransmit.
680 */
681 if (rtx_timeout || fast_rtx) {
682 list_for_each_entry(chunk1, lqueue, transmitted_list) {
683 if (chunk1->fast_retransmit > 0)
684 chunk1->fast_retransmit = -1;
656 } 685 }
657 } 686 }
658 687
688 *start_timer = timer;
689
690 /* Clear fast retransmit hint */
691 if (fast_rtx)
692 q->fast_rtx = 0;
693
659 return error; 694 return error;
660} 695}
661 696
@@ -669,6 +704,7 @@ int sctp_outq_uncork(struct sctp_outq *q)
669 return error; 704 return error;
670} 705}
671 706
707
672/* 708/*
673 * Try to flush an outqueue. 709 * Try to flush an outqueue.
674 * 710 *
@@ -678,7 +714,7 @@ int sctp_outq_uncork(struct sctp_outq *q)
678 * locking concerns must be made. Today we use the sock lock to protect 714 * locking concerns must be made. Today we use the sock lock to protect
679 * this function. 715 * this function.
680 */ 716 */
681int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout) 717static int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
682{ 718{
683 struct sctp_packet *packet; 719 struct sctp_packet *packet;
684 struct sctp_packet singleton; 720 struct sctp_packet singleton;
@@ -692,6 +728,7 @@ int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
692 sctp_xmit_t status; 728 sctp_xmit_t status;
693 int error = 0; 729 int error = 0;
694 int start_timer = 0; 730 int start_timer = 0;
731 int one_packet = 0;
695 732
696 /* These transports have chunks to send. */ 733 /* These transports have chunks to send. */
697 struct list_head transport_list; 734 struct list_head transport_list;
@@ -797,20 +834,33 @@ int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
797 if (sctp_test_T_bit(chunk)) { 834 if (sctp_test_T_bit(chunk)) {
798 packet->vtag = asoc->c.my_vtag; 835 packet->vtag = asoc->c.my_vtag;
799 } 836 }
800 case SCTP_CID_SACK: 837 /* The following chunks are "response" chunks, i.e.
801 case SCTP_CID_HEARTBEAT: 838 * they are generated in response to something we
839 * received. If we are sending these, then we can
840 * send only 1 packet containing these chunks.
841 */
802 case SCTP_CID_HEARTBEAT_ACK: 842 case SCTP_CID_HEARTBEAT_ACK:
803 case SCTP_CID_SHUTDOWN:
804 case SCTP_CID_SHUTDOWN_ACK: 843 case SCTP_CID_SHUTDOWN_ACK:
805 case SCTP_CID_ERROR:
806 case SCTP_CID_COOKIE_ECHO:
807 case SCTP_CID_COOKIE_ACK: 844 case SCTP_CID_COOKIE_ACK:
808 case SCTP_CID_ECN_ECNE: 845 case SCTP_CID_COOKIE_ECHO:
846 case SCTP_CID_ERROR:
809 case SCTP_CID_ECN_CWR: 847 case SCTP_CID_ECN_CWR:
810 case SCTP_CID_ASCONF:
811 case SCTP_CID_ASCONF_ACK: 848 case SCTP_CID_ASCONF_ACK:
849 one_packet = 1;
850 /* Fall throught */
851
852 case SCTP_CID_SACK:
853 case SCTP_CID_HEARTBEAT:
854 case SCTP_CID_SHUTDOWN:
855 case SCTP_CID_ECN_ECNE:
856 case SCTP_CID_ASCONF:
812 case SCTP_CID_FWD_TSN: 857 case SCTP_CID_FWD_TSN:
813 sctp_packet_transmit_chunk(packet, chunk); 858 status = sctp_packet_transmit_chunk(packet, chunk,
859 one_packet);
860 if (status != SCTP_XMIT_OK) {
861 /* put the chunk back */
862 list_add(&chunk->list, &q->control_chunk_list);
863 }
814 break; 864 break;
815 865
816 default: 866 default:
@@ -862,7 +912,8 @@ int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
862 rtx_timeout, &start_timer); 912 rtx_timeout, &start_timer);
863 913
864 if (start_timer) 914 if (start_timer)
865 sctp_transport_reset_timers(transport); 915 sctp_transport_reset_timers(transport,
916 start_timer-1);
866 917
867 /* This can happen on COOKIE-ECHO resend. Only 918 /* This can happen on COOKIE-ECHO resend. Only
868 * one chunk can get bundled with a COOKIE-ECHO. 919 * one chunk can get bundled with a COOKIE-ECHO.
@@ -940,7 +991,7 @@ int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
940 atomic_read(&chunk->skb->users) : -1); 991 atomic_read(&chunk->skb->users) : -1);
941 992
942 /* Add the chunk to the packet. */ 993 /* Add the chunk to the packet. */
943 status = sctp_packet_transmit_chunk(packet, chunk); 994 status = sctp_packet_transmit_chunk(packet, chunk, 0);
944 995
945 switch (status) { 996 switch (status) {
946 case SCTP_XMIT_PMTU_FULL: 997 case SCTP_XMIT_PMTU_FULL:
@@ -977,7 +1028,7 @@ int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
977 list_add_tail(&chunk->transmitted_list, 1028 list_add_tail(&chunk->transmitted_list,
978 &transport->transmitted); 1029 &transport->transmitted);
979 1030
980 sctp_transport_reset_timers(transport); 1031 sctp_transport_reset_timers(transport, start_timer-1);
981 1032
982 q->empty = 0; 1033 q->empty = 0;
983 1034
@@ -1205,7 +1256,6 @@ int sctp_outq_sack(struct sctp_outq *q, struct sctp_sackhdr *sack)
1205 * Make sure the empty queue handler will get run later. 1256 * Make sure the empty queue handler will get run later.
1206 */ 1257 */
1207 q->empty = (list_empty(&q->out_chunk_list) && 1258 q->empty = (list_empty(&q->out_chunk_list) &&
1208 list_empty(&q->control_chunk_list) &&
1209 list_empty(&q->retransmit)); 1259 list_empty(&q->retransmit));
1210 if (!q->empty) 1260 if (!q->empty)
1211 goto finish; 1261 goto finish;
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index 0aba759cb9b7..f268910620be 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -383,3 +383,139 @@ void sctp_assocs_proc_exit(void)
383{ 383{
384 remove_proc_entry("assocs", proc_net_sctp); 384 remove_proc_entry("assocs", proc_net_sctp);
385} 385}
386
387static void *sctp_remaddr_seq_start(struct seq_file *seq, loff_t *pos)
388{
389 if (*pos >= sctp_assoc_hashsize)
390 return NULL;
391
392 if (*pos < 0)
393 *pos = 0;
394
395 if (*pos == 0)
396 seq_printf(seq, "ADDR ASSOC_ID HB_ACT RTO MAX_PATH_RTX "
397 "REM_ADDR_RTX START\n");
398
399 return (void *)pos;
400}
401
402static void *sctp_remaddr_seq_next(struct seq_file *seq, void *v, loff_t *pos)
403{
404 if (++*pos >= sctp_assoc_hashsize)
405 return NULL;
406
407 return pos;
408}
409
410static void sctp_remaddr_seq_stop(struct seq_file *seq, void *v)
411{
412 return;
413}
414
415static int sctp_remaddr_seq_show(struct seq_file *seq, void *v)
416{
417 struct sctp_hashbucket *head;
418 struct sctp_ep_common *epb;
419 struct sctp_association *assoc;
420 struct hlist_node *node;
421 struct sctp_transport *tsp;
422 int hash = *(loff_t *)v;
423
424 if (hash >= sctp_assoc_hashsize)
425 return -ENOMEM;
426
427 head = &sctp_assoc_hashtable[hash];
428 sctp_local_bh_disable();
429 read_lock(&head->lock);
430 sctp_for_each_hentry(epb, node, &head->chain) {
431 assoc = sctp_assoc(epb);
432 list_for_each_entry(tsp, &assoc->peer.transport_addr_list,
433 transports) {
434 /*
435 * The remote address (ADDR)
436 */
437 tsp->af_specific->seq_dump_addr(seq, &tsp->ipaddr);
438 seq_printf(seq, " ");
439
440 /*
441 * The association ID (ASSOC_ID)
442 */
443 seq_printf(seq, "%d ", tsp->asoc->assoc_id);
444
445 /*
446 * If the Heartbeat is active (HB_ACT)
447 * Note: 1 = Active, 0 = Inactive
448 */
449 seq_printf(seq, "%d ", timer_pending(&tsp->hb_timer));
450
451 /*
452 * Retransmit time out (RTO)
453 */
454 seq_printf(seq, "%lu ", tsp->rto);
455
456 /*
457 * Maximum path retransmit count (PATH_MAX_RTX)
458 */
459 seq_printf(seq, "%d ", tsp->pathmaxrxt);
460
461 /*
462 * remote address retransmit count (REM_ADDR_RTX)
463 * Note: We don't have a way to tally this at the moment
464 * so lets just leave it as zero for the moment
465 */
466 seq_printf(seq, "0 ");
467
468 /*
469 * remote address start time (START). This is also not
470 * currently implemented, but we can record it with a
471 * jiffies marker in a subsequent patch
472 */
473 seq_printf(seq, "0");
474
475 seq_printf(seq, "\n");
476 }
477 }
478
479 read_unlock(&head->lock);
480 sctp_local_bh_enable();
481
482 return 0;
483
484}
485
486static const struct seq_operations sctp_remaddr_ops = {
487 .start = sctp_remaddr_seq_start,
488 .next = sctp_remaddr_seq_next,
489 .stop = sctp_remaddr_seq_stop,
490 .show = sctp_remaddr_seq_show,
491};
492
493/* Cleanup the proc fs entry for 'remaddr' object. */
494void sctp_remaddr_proc_exit(void)
495{
496 remove_proc_entry("remaddr", proc_net_sctp);
497}
498
499static int sctp_remaddr_seq_open(struct inode *inode, struct file *file)
500{
501 return seq_open(file, &sctp_remaddr_ops);
502}
503
504static const struct file_operations sctp_remaddr_seq_fops = {
505 .open = sctp_remaddr_seq_open,
506 .read = seq_read,
507 .llseek = seq_lseek,
508 .release = seq_release,
509};
510
511int __init sctp_remaddr_proc_init(void)
512{
513 struct proc_dir_entry *p;
514
515 p = create_proc_entry("remaddr", S_IRUGO, proc_net_sctp);
516 if (!p)
517 return -ENOMEM;
518 p->proc_fops = &sctp_remaddr_seq_fops;
519
520 return 0;
521}
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 0ec234b762c2..0b65354aaf64 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -52,6 +52,8 @@
52#include <linux/inetdevice.h> 52#include <linux/inetdevice.h>
53#include <linux/seq_file.h> 53#include <linux/seq_file.h>
54#include <linux/bootmem.h> 54#include <linux/bootmem.h>
55#include <linux/highmem.h>
56#include <linux/swap.h>
55#include <net/net_namespace.h> 57#include <net/net_namespace.h>
56#include <net/protocol.h> 58#include <net/protocol.h>
57#include <net/ip.h> 59#include <net/ip.h>
@@ -64,9 +66,12 @@
64 66
65/* Global data structures. */ 67/* Global data structures. */
66struct sctp_globals sctp_globals __read_mostly; 68struct sctp_globals sctp_globals __read_mostly;
67struct proc_dir_entry *proc_net_sctp;
68DEFINE_SNMP_STAT(struct sctp_mib, sctp_statistics) __read_mostly; 69DEFINE_SNMP_STAT(struct sctp_mib, sctp_statistics) __read_mostly;
69 70
71#ifdef CONFIG_PROC_FS
72struct proc_dir_entry *proc_net_sctp;
73#endif
74
70struct idr sctp_assocs_id; 75struct idr sctp_assocs_id;
71DEFINE_SPINLOCK(sctp_assocs_id_lock); 76DEFINE_SPINLOCK(sctp_assocs_id_lock);
72 77
@@ -97,6 +102,7 @@ struct sock *sctp_get_ctl_sock(void)
97/* Set up the proc fs entry for the SCTP protocol. */ 102/* Set up the proc fs entry for the SCTP protocol. */
98static __init int sctp_proc_init(void) 103static __init int sctp_proc_init(void)
99{ 104{
105#ifdef CONFIG_PROC_FS
100 if (!proc_net_sctp) { 106 if (!proc_net_sctp) {
101 struct proc_dir_entry *ent; 107 struct proc_dir_entry *ent;
102 ent = proc_mkdir("sctp", init_net.proc_net); 108 ent = proc_mkdir("sctp", init_net.proc_net);
@@ -108,16 +114,32 @@ static __init int sctp_proc_init(void)
108 } 114 }
109 115
110 if (sctp_snmp_proc_init()) 116 if (sctp_snmp_proc_init())
111 goto out_nomem; 117 goto out_snmp_proc_init;
112 if (sctp_eps_proc_init()) 118 if (sctp_eps_proc_init())
113 goto out_nomem; 119 goto out_eps_proc_init;
114 if (sctp_assocs_proc_init()) 120 if (sctp_assocs_proc_init())
115 goto out_nomem; 121 goto out_assocs_proc_init;
122 if (sctp_remaddr_proc_init())
123 goto out_remaddr_proc_init;
116 124
117 return 0; 125 return 0;
118 126
127out_remaddr_proc_init:
128 sctp_assocs_proc_exit();
129out_assocs_proc_init:
130 sctp_eps_proc_exit();
131out_eps_proc_init:
132 sctp_snmp_proc_exit();
133out_snmp_proc_init:
134 if (proc_net_sctp) {
135 proc_net_sctp = NULL;
136 remove_proc_entry("sctp", init_net.proc_net);
137 }
119out_nomem: 138out_nomem:
120 return -ENOMEM; 139 return -ENOMEM;
140#else
141 return 0;
142#endif /* CONFIG_PROC_FS */
121} 143}
122 144
123/* Clean up the proc fs entry for the SCTP protocol. 145/* Clean up the proc fs entry for the SCTP protocol.
@@ -126,14 +148,17 @@ out_nomem:
126 */ 148 */
127static void sctp_proc_exit(void) 149static void sctp_proc_exit(void)
128{ 150{
151#ifdef CONFIG_PROC_FS
129 sctp_snmp_proc_exit(); 152 sctp_snmp_proc_exit();
130 sctp_eps_proc_exit(); 153 sctp_eps_proc_exit();
131 sctp_assocs_proc_exit(); 154 sctp_assocs_proc_exit();
155 sctp_remaddr_proc_exit();
132 156
133 if (proc_net_sctp) { 157 if (proc_net_sctp) {
134 proc_net_sctp = NULL; 158 proc_net_sctp = NULL;
135 remove_proc_entry("sctp", init_net.proc_net); 159 remove_proc_entry("sctp", init_net.proc_net);
136 } 160 }
161#endif
137} 162}
138 163
139/* Private helper to extract ipv4 address and stash them in 164/* Private helper to extract ipv4 address and stash them in
@@ -358,6 +383,10 @@ static int sctp_v4_addr_valid(union sctp_addr *addr,
358 struct sctp_sock *sp, 383 struct sctp_sock *sp,
359 const struct sk_buff *skb) 384 const struct sk_buff *skb)
360{ 385{
386 /* IPv4 addresses not allowed */
387 if (sp && ipv6_only_sock(sctp_opt2sk(sp)))
388 return 0;
389
361 /* Is this a non-unicast address or a unusable SCTP address? */ 390 /* Is this a non-unicast address or a unusable SCTP address? */
362 if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) 391 if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr))
363 return 0; 392 return 0;
@@ -381,6 +410,9 @@ static int sctp_v4_available(union sctp_addr *addr, struct sctp_sock *sp)
381 !sysctl_ip_nonlocal_bind) 410 !sysctl_ip_nonlocal_bind)
382 return 0; 411 return 0;
383 412
413 if (ipv6_only_sock(sctp_opt2sk(sp)))
414 return 0;
415
384 return 1; 416 return 1;
385} 417}
386 418
@@ -470,11 +502,11 @@ static struct dst_entry *sctp_v4_get_dst(struct sctp_association *asoc,
470 /* Walk through the bind address list and look for a bind 502 /* Walk through the bind address list and look for a bind
471 * address that matches the source address of the returned dst. 503 * address that matches the source address of the returned dst.
472 */ 504 */
505 sctp_v4_dst_saddr(&dst_saddr, dst, htons(bp->port));
473 rcu_read_lock(); 506 rcu_read_lock();
474 list_for_each_entry_rcu(laddr, &bp->address_list, list) { 507 list_for_each_entry_rcu(laddr, &bp->address_list, list) {
475 if (!laddr->valid || (laddr->state != SCTP_ADDR_SRC)) 508 if (!laddr->valid || (laddr->state != SCTP_ADDR_SRC))
476 continue; 509 continue;
477 sctp_v4_dst_saddr(&dst_saddr, dst, htons(bp->port));
478 if (sctp_v4_cmp_addr(&dst_saddr, &laddr->a)) 510 if (sctp_v4_cmp_addr(&dst_saddr, &laddr->a))
479 goto out_unlock; 511 goto out_unlock;
480 } 512 }
@@ -519,7 +551,8 @@ out:
519/* For v4, the source address is cached in the route entry(dst). So no need 551/* For v4, the source address is cached in the route entry(dst). So no need
520 * to cache it separately and hence this is an empty routine. 552 * to cache it separately and hence this is an empty routine.
521 */ 553 */
522static void sctp_v4_get_saddr(struct sctp_association *asoc, 554static void sctp_v4_get_saddr(struct sctp_sock *sk,
555 struct sctp_association *asoc,
523 struct dst_entry *dst, 556 struct dst_entry *dst,
524 union sctp_addr *daddr, 557 union sctp_addr *daddr,
525 union sctp_addr *saddr) 558 union sctp_addr *saddr)
@@ -616,6 +649,11 @@ static void sctp_v4_seq_dump_addr(struct seq_file *seq, union sctp_addr *addr)
616 seq_printf(seq, "%d.%d.%d.%d ", NIPQUAD(addr->v4.sin_addr)); 649 seq_printf(seq, "%d.%d.%d.%d ", NIPQUAD(addr->v4.sin_addr));
617} 650}
618 651
652static void sctp_v4_ecn_capable(struct sock *sk)
653{
654 INET_ECN_xmit(sk);
655}
656
619/* Event handler for inet address addition/deletion events. 657/* Event handler for inet address addition/deletion events.
620 * The sctp_local_addr_list needs to be protocted by a spin lock since 658 * The sctp_local_addr_list needs to be protocted by a spin lock since
621 * multiple notifiers (say IPv4 and IPv6) may be running at the same 659 * multiple notifiers (say IPv4 and IPv6) may be running at the same
@@ -630,7 +668,7 @@ static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
630 struct sctp_sockaddr_entry *temp; 668 struct sctp_sockaddr_entry *temp;
631 int found = 0; 669 int found = 0;
632 670
633 if (dev_net(ifa->ifa_dev->dev) != &init_net) 671 if (!net_eq(dev_net(ifa->ifa_dev->dev), &init_net))
634 return NOTIFY_DONE; 672 return NOTIFY_DONE;
635 673
636 switch (ev) { 674 switch (ev) {
@@ -824,16 +862,21 @@ static int sctp_inet_supported_addrs(const struct sctp_sock *opt,
824 862
825/* Wrapper routine that calls the ip transmit routine. */ 863/* Wrapper routine that calls the ip transmit routine. */
826static inline int sctp_v4_xmit(struct sk_buff *skb, 864static inline int sctp_v4_xmit(struct sk_buff *skb,
827 struct sctp_transport *transport, int ipfragok) 865 struct sctp_transport *transport)
828{ 866{
867 struct inet_sock *inet = inet_sk(skb->sk);
868
829 SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, " 869 SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, "
830 "src:%u.%u.%u.%u, dst:%u.%u.%u.%u\n", 870 "src:%u.%u.%u.%u, dst:%u.%u.%u.%u\n",
831 __func__, skb, skb->len, 871 __func__, skb, skb->len,
832 NIPQUAD(skb->rtable->rt_src), 872 NIPQUAD(skb->rtable->rt_src),
833 NIPQUAD(skb->rtable->rt_dst)); 873 NIPQUAD(skb->rtable->rt_dst));
834 874
875 inet->pmtudisc = transport->param_flags & SPP_PMTUD_ENABLE ?
876 IP_PMTUDISC_DO : IP_PMTUDISC_DONT;
877
835 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); 878 SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS);
836 return ip_queue_xmit(skb, ipfragok); 879 return ip_queue_xmit(skb, 0);
837} 880}
838 881
839static struct sctp_af sctp_af_inet; 882static struct sctp_af sctp_af_inet;
@@ -934,6 +977,7 @@ static struct sctp_af sctp_af_inet = {
934 .skb_iif = sctp_v4_skb_iif, 977 .skb_iif = sctp_v4_skb_iif,
935 .is_ce = sctp_v4_is_ce, 978 .is_ce = sctp_v4_is_ce,
936 .seq_dump_addr = sctp_v4_seq_dump_addr, 979 .seq_dump_addr = sctp_v4_seq_dump_addr,
980 .ecn_capable = sctp_v4_ecn_capable,
937 .net_header_len = sizeof(struct iphdr), 981 .net_header_len = sizeof(struct iphdr),
938 .sockaddr_len = sizeof(struct sockaddr_in), 982 .sockaddr_len = sizeof(struct sockaddr_in),
939#ifdef CONFIG_COMPAT 983#ifdef CONFIG_COMPAT
@@ -1043,6 +1087,7 @@ SCTP_STATIC __init int sctp_init(void)
1043 int status = -EINVAL; 1087 int status = -EINVAL;
1044 unsigned long goal; 1088 unsigned long goal;
1045 unsigned long limit; 1089 unsigned long limit;
1090 unsigned long nr_pages;
1046 int max_share; 1091 int max_share;
1047 int order; 1092 int order;
1048 1093
@@ -1138,8 +1183,9 @@ SCTP_STATIC __init int sctp_init(void)
1138 * Note this initalizes the data in sctpv6_prot too 1183 * Note this initalizes the data in sctpv6_prot too
1139 * Unabashedly stolen from tcp_init 1184 * Unabashedly stolen from tcp_init
1140 */ 1185 */
1141 limit = min(num_physpages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT); 1186 nr_pages = totalram_pages - totalhigh_pages;
1142 limit = (limit * (num_physpages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11); 1187 limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
1188 limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
1143 limit = max(limit, 128UL); 1189 limit = max(limit, 128UL);
1144 sysctl_sctp_mem[0] = limit / 4 * 3; 1190 sysctl_sctp_mem[0] = limit / 4 * 3;
1145 sysctl_sctp_mem[1] = limit; 1191 sysctl_sctp_mem[1] = limit;
@@ -1149,7 +1195,7 @@ SCTP_STATIC __init int sctp_init(void)
1149 limit = (sysctl_sctp_mem[1]) << (PAGE_SHIFT - 7); 1195 limit = (sysctl_sctp_mem[1]) << (PAGE_SHIFT - 7);
1150 max_share = min(4UL*1024*1024, limit); 1196 max_share = min(4UL*1024*1024, limit);
1151 1197
1152 sysctl_sctp_rmem[0] = PAGE_SIZE; /* give each asoc 1 page min */ 1198 sysctl_sctp_rmem[0] = SK_MEM_QUANTUM; /* give each asoc 1 page min */
1153 sysctl_sctp_rmem[1] = (1500 *(sizeof(struct sk_buff) + 1)); 1199 sysctl_sctp_rmem[1] = (1500 *(sizeof(struct sk_buff) + 1));
1154 sysctl_sctp_rmem[2] = max(sysctl_sctp_rmem[1], max_share); 1200 sysctl_sctp_rmem[2] = max(sysctl_sctp_rmem[1], max_share);
1155 1201
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index bbc7107c86cf..e8ca4e54981f 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2364,8 +2364,13 @@ static int sctp_process_param(struct sctp_association *asoc,
2364 case SCTP_PARAM_IPV6_ADDRESS: 2364 case SCTP_PARAM_IPV6_ADDRESS:
2365 if (PF_INET6 != asoc->base.sk->sk_family) 2365 if (PF_INET6 != asoc->base.sk->sk_family)
2366 break; 2366 break;
2367 /* Fall through. */ 2367 goto do_addr_param;
2368
2368 case SCTP_PARAM_IPV4_ADDRESS: 2369 case SCTP_PARAM_IPV4_ADDRESS:
2370 /* v4 addresses are not allowed on v6-only socket */
2371 if (ipv6_only_sock(asoc->base.sk))
2372 break;
2373do_addr_param:
2369 af = sctp_get_af_specific(param_type2af(param.p->type)); 2374 af = sctp_get_af_specific(param_type2af(param.p->type));
2370 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2375 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2371 scope = sctp_scope(peer_addr); 2376 scope = sctp_scope(peer_addr);
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 23a9f1a95b7d..9732c797e8ed 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -190,20 +190,28 @@ static int sctp_gen_sack(struct sctp_association *asoc, int force,
190 * unacknowledged DATA chunk. ... 190 * unacknowledged DATA chunk. ...
191 */ 191 */
192 if (!asoc->peer.sack_needed) { 192 if (!asoc->peer.sack_needed) {
193 /* We will need a SACK for the next packet. */ 193 asoc->peer.sack_cnt++;
194 asoc->peer.sack_needed = 1;
195 194
196 /* Set the SACK delay timeout based on the 195 /* Set the SACK delay timeout based on the
197 * SACK delay for the last transport 196 * SACK delay for the last transport
198 * data was received from, or the default 197 * data was received from, or the default
199 * for the association. 198 * for the association.
200 */ 199 */
201 if (trans) 200 if (trans) {
201 /* We will need a SACK for the next packet. */
202 if (asoc->peer.sack_cnt >= trans->sackfreq - 1)
203 asoc->peer.sack_needed = 1;
204
202 asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = 205 asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] =
203 trans->sackdelay; 206 trans->sackdelay;
204 else 207 } else {
208 /* We will need a SACK for the next packet. */
209 if (asoc->peer.sack_cnt >= asoc->sackfreq - 1)
210 asoc->peer.sack_needed = 1;
211
205 asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = 212 asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] =
206 asoc->sackdelay; 213 asoc->sackdelay;
214 }
207 215
208 /* Restart the SACK timer. */ 216 /* Restart the SACK timer. */
209 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, 217 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
@@ -216,6 +224,7 @@ static int sctp_gen_sack(struct sctp_association *asoc, int force,
216 goto nomem; 224 goto nomem;
217 225
218 asoc->peer.sack_needed = 0; 226 asoc->peer.sack_needed = 0;
227 asoc->peer.sack_cnt = 0;
219 228
220 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(sack)); 229 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(sack));
221 230
@@ -655,7 +664,7 @@ static int sctp_cmd_process_sack(sctp_cmd_seq_t *cmds,
655 struct sctp_association *asoc, 664 struct sctp_association *asoc,
656 struct sctp_sackhdr *sackh) 665 struct sctp_sackhdr *sackh)
657{ 666{
658 int err; 667 int err = 0;
659 668
660 if (sctp_outq_sack(&asoc->outqueue, sackh)) { 669 if (sctp_outq_sack(&asoc->outqueue, sackh)) {
661 /* There are no more TSNs awaiting SACK. */ 670 /* There are no more TSNs awaiting SACK. */
@@ -663,11 +672,6 @@ static int sctp_cmd_process_sack(sctp_cmd_seq_t *cmds,
663 SCTP_ST_OTHER(SCTP_EVENT_NO_PENDING_TSN), 672 SCTP_ST_OTHER(SCTP_EVENT_NO_PENDING_TSN),
664 asoc->state, asoc->ep, asoc, NULL, 673 asoc->state, asoc->ep, asoc, NULL,
665 GFP_ATOMIC); 674 GFP_ATOMIC);
666 } else {
667 /* Windows may have opened, so we need
668 * to check if we have DATA to transmit
669 */
670 err = sctp_outq_flush(&asoc->outqueue, 0);
671 } 675 }
672 676
673 return err; 677 return err;
@@ -1472,8 +1476,15 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1472 break; 1476 break;
1473 1477
1474 case SCTP_CMD_DISCARD_PACKET: 1478 case SCTP_CMD_DISCARD_PACKET:
1475 /* We need to discard the whole packet. */ 1479 /* We need to discard the whole packet.
1480 * Uncork the queue since there might be
1481 * responses pending
1482 */
1476 chunk->pdiscard = 1; 1483 chunk->pdiscard = 1;
1484 if (asoc) {
1485 sctp_outq_uncork(&asoc->outqueue);
1486 local_cork = 0;
1487 }
1477 break; 1488 break;
1478 1489
1479 case SCTP_CMD_RTO_PENDING: 1490 case SCTP_CMD_RTO_PENDING:
@@ -1544,8 +1555,15 @@ static int sctp_cmd_interpreter(sctp_event_t event_type,
1544 } 1555 }
1545 1556
1546out: 1557out:
1547 if (local_cork) 1558 /* If this is in response to a received chunk, wait until
1548 sctp_outq_uncork(&asoc->outqueue); 1559 * we are done with the packet to open the queue so that we don't
1560 * send multiple packets in response to a single request.
1561 */
1562 if (asoc && SCTP_EVENT_T_CHUNK == event_type && chunk) {
1563 if (chunk->end_of_packet || chunk->singleton)
1564 sctp_outq_uncork(&asoc->outqueue);
1565 } else if (local_cork)
1566 sctp_outq_uncork(&asoc->outqueue);
1549 return error; 1567 return error;
1550nomem: 1568nomem:
1551 error = -ENOMEM; 1569 error = -ENOMEM;
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 0c9d5a6950fe..8848d329aa2c 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -795,8 +795,6 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
795 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, 795 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
796 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); 796 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
797 797
798 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
799
800 /* This will send the COOKIE ACK */ 798 /* This will send the COOKIE ACK */
801 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); 799 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
802 800
@@ -883,7 +881,6 @@ sctp_disposition_t sctp_sf_do_5_1E_ca(const struct sctp_endpoint *ep,
883 if (asoc->autoclose) 881 if (asoc->autoclose)
884 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, 882 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
885 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); 883 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
886 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
887 884
888 /* It may also notify its ULP about the successful 885 /* It may also notify its ULP about the successful
889 * establishment of the association with a Communication Up 886 * establishment of the association with a Communication Up
@@ -1781,7 +1778,6 @@ static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
1781 goto nomem; 1778 goto nomem;
1782 1779
1783 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); 1780 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1784 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1785 1781
1786 /* RFC 2960 5.1 Normal Establishment of an Association 1782 /* RFC 2960 5.1 Normal Establishment of an Association
1787 * 1783 *
@@ -1898,12 +1894,13 @@ static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
1898 1894
1899 } 1895 }
1900 } 1896 }
1901 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1902 1897
1903 repl = sctp_make_cookie_ack(new_asoc, chunk); 1898 repl = sctp_make_cookie_ack(new_asoc, chunk);
1904 if (!repl) 1899 if (!repl)
1905 goto nomem; 1900 goto nomem;
1906 1901
1902 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1903
1907 if (ev) 1904 if (ev)
1908 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, 1905 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1909 SCTP_ULPEVENT(ev)); 1906 SCTP_ULPEVENT(ev));
@@ -1911,9 +1908,6 @@ static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
1911 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, 1908 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1912 SCTP_ULPEVENT(ai_ev)); 1909 SCTP_ULPEVENT(ai_ev));
1913 1910
1914 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1915 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1916
1917 return SCTP_DISPOSITION_CONSUME; 1911 return SCTP_DISPOSITION_CONSUME;
1918 1912
1919nomem: 1913nomem:
@@ -3970,9 +3964,6 @@ sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep,
3970 return sctp_sf_pdiscard(ep, asoc, type, arg, commands); 3964 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3971 break; 3965 break;
3972 case SCTP_CID_ACTION_DISCARD_ERR: 3966 case SCTP_CID_ACTION_DISCARD_ERR:
3973 /* Discard the packet. */
3974 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3975
3976 /* Generate an ERROR chunk as response. */ 3967 /* Generate an ERROR chunk as response. */
3977 hdr = unk_chunk->chunk_hdr; 3968 hdr = unk_chunk->chunk_hdr;
3978 err_chunk = sctp_make_op_error(asoc, unk_chunk, 3969 err_chunk = sctp_make_op_error(asoc, unk_chunk,
@@ -3982,6 +3973,9 @@ sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep,
3982 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, 3973 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3983 SCTP_CHUNK(err_chunk)); 3974 SCTP_CHUNK(err_chunk));
3984 } 3975 }
3976
3977 /* Discard the packet. */
3978 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3985 return SCTP_DISPOSITION_CONSUME; 3979 return SCTP_DISPOSITION_CONSUME;
3986 break; 3980 break;
3987 case SCTP_CID_ACTION_SKIP: 3981 case SCTP_CID_ACTION_SKIP:
@@ -5899,12 +5893,6 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5899 return SCTP_IERROR_NO_DATA; 5893 return SCTP_IERROR_NO_DATA;
5900 } 5894 }
5901 5895
5902 /* If definately accepting the DATA chunk, record its TSN, otherwise
5903 * wait for renege processing.
5904 */
5905 if (SCTP_CMD_CHUNK_ULP == deliver)
5906 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
5907
5908 chunk->data_accepted = 1; 5896 chunk->data_accepted = 1;
5909 5897
5910 /* Note: Some chunks may get overcounted (if we drop) or overcounted 5898 /* Note: Some chunks may get overcounted (if we drop) or overcounted
@@ -5924,6 +5912,9 @@ static int sctp_eat_data(const struct sctp_association *asoc,
5924 * and discard the DATA chunk. 5912 * and discard the DATA chunk.
5925 */ 5913 */
5926 if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) { 5914 if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) {
5915 /* Mark tsn as received even though we drop it */
5916 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
5917
5927 err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM, 5918 err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM,
5928 &data_hdr->stream, 5919 &data_hdr->stream,
5929 sizeof(data_hdr->stream)); 5920 sizeof(data_hdr->stream));
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index e7e3baf7009e..5ffb9dec1c3f 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -116,7 +116,7 @@ static int sctp_memory_pressure;
116static atomic_t sctp_memory_allocated; 116static atomic_t sctp_memory_allocated;
117static atomic_t sctp_sockets_allocated; 117static atomic_t sctp_sockets_allocated;
118 118
119static void sctp_enter_memory_pressure(void) 119static void sctp_enter_memory_pressure(struct sock *sk)
120{ 120{
121 sctp_memory_pressure = 1; 121 sctp_memory_pressure = 1;
122} 122}
@@ -308,9 +308,16 @@ static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
308 if (len < sizeof (struct sockaddr)) 308 if (len < sizeof (struct sockaddr))
309 return NULL; 309 return NULL;
310 310
311 /* Does this PF support this AF? */ 311 /* V4 mapped address are really of AF_INET family */
312 if (!opt->pf->af_supported(addr->sa.sa_family, opt)) 312 if (addr->sa.sa_family == AF_INET6 &&
313 return NULL; 313 ipv6_addr_v4mapped(&addr->v6.sin6_addr)) {
314 if (!opt->pf->af_supported(AF_INET, opt))
315 return NULL;
316 } else {
317 /* Does this PF support this AF? */
318 if (!opt->pf->af_supported(addr->sa.sa_family, opt))
319 return NULL;
320 }
314 321
315 /* If we get this far, af is valid. */ 322 /* If we get this far, af is valid. */
316 af = sctp_get_af_specific(addr->sa.sa_family); 323 af = sctp_get_af_specific(addr->sa.sa_family);
@@ -370,18 +377,19 @@ SCTP_STATIC int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
370 if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE)) 377 if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
371 return -EACCES; 378 return -EACCES;
372 379
380 /* See if the address matches any of the addresses we may have
381 * already bound before checking against other endpoints.
382 */
383 if (sctp_bind_addr_match(bp, addr, sp))
384 return -EINVAL;
385
373 /* Make sure we are allowed to bind here. 386 /* Make sure we are allowed to bind here.
374 * The function sctp_get_port_local() does duplicate address 387 * The function sctp_get_port_local() does duplicate address
375 * detection. 388 * detection.
376 */ 389 */
377 addr->v4.sin_port = htons(snum); 390 addr->v4.sin_port = htons(snum);
378 if ((ret = sctp_get_port_local(sk, addr))) { 391 if ((ret = sctp_get_port_local(sk, addr))) {
379 if (ret == (long) sk) { 392 return -EADDRINUSE;
380 /* This endpoint has a conflicting address. */
381 return -EINVAL;
382 } else {
383 return -EADDRINUSE;
384 }
385 } 393 }
386 394
387 /* Refresh ephemeral port. */ 395 /* Refresh ephemeral port. */
@@ -956,7 +964,8 @@ out:
956 */ 964 */
957static int __sctp_connect(struct sock* sk, 965static int __sctp_connect(struct sock* sk,
958 struct sockaddr *kaddrs, 966 struct sockaddr *kaddrs,
959 int addrs_size) 967 int addrs_size,
968 sctp_assoc_t *assoc_id)
960{ 969{
961 struct sctp_sock *sp; 970 struct sctp_sock *sp;
962 struct sctp_endpoint *ep; 971 struct sctp_endpoint *ep;
@@ -1111,6 +1120,8 @@ static int __sctp_connect(struct sock* sk,
1111 timeo = sock_sndtimeo(sk, f_flags & O_NONBLOCK); 1120 timeo = sock_sndtimeo(sk, f_flags & O_NONBLOCK);
1112 1121
1113 err = sctp_wait_for_connect(asoc, &timeo); 1122 err = sctp_wait_for_connect(asoc, &timeo);
1123 if (!err && assoc_id)
1124 *assoc_id = asoc->assoc_id;
1114 1125
1115 /* Don't free association on exit. */ 1126 /* Don't free association on exit. */
1116 asoc = NULL; 1127 asoc = NULL;
@@ -1128,7 +1139,8 @@ out_free:
1128/* Helper for tunneling sctp_connectx() requests through sctp_setsockopt() 1139/* Helper for tunneling sctp_connectx() requests through sctp_setsockopt()
1129 * 1140 *
1130 * API 8.9 1141 * API 8.9
1131 * int sctp_connectx(int sd, struct sockaddr *addrs, int addrcnt); 1142 * int sctp_connectx(int sd, struct sockaddr *addrs, int addrcnt,
1143 * sctp_assoc_t *asoc);
1132 * 1144 *
1133 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses. 1145 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
1134 * If the sd is an IPv6 socket, the addresses passed can either be IPv4 1146 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
@@ -1144,8 +1156,10 @@ out_free:
1144 * representation is termed a "packed array" of addresses). The caller 1156 * representation is termed a "packed array" of addresses). The caller
1145 * specifies the number of addresses in the array with addrcnt. 1157 * specifies the number of addresses in the array with addrcnt.
1146 * 1158 *
1147 * On success, sctp_connectx() returns 0. On failure, sctp_connectx() returns 1159 * On success, sctp_connectx() returns 0. It also sets the assoc_id to
1148 * -1, and sets errno to the appropriate error code. 1160 * the association id of the new association. On failure, sctp_connectx()
1161 * returns -1, and sets errno to the appropriate error code. The assoc_id
1162 * is not touched by the kernel.
1149 * 1163 *
1150 * For SCTP, the port given in each socket address must be the same, or 1164 * For SCTP, the port given in each socket address must be the same, or
1151 * sctp_connectx() will fail, setting errno to EINVAL. 1165 * sctp_connectx() will fail, setting errno to EINVAL.
@@ -1182,11 +1196,12 @@ out_free:
1182 * addrs The pointer to the addresses in user land 1196 * addrs The pointer to the addresses in user land
1183 * addrssize Size of the addrs buffer 1197 * addrssize Size of the addrs buffer
1184 * 1198 *
1185 * Returns 0 if ok, <0 errno code on error. 1199 * Returns >=0 if ok, <0 errno code on error.
1186 */ 1200 */
1187SCTP_STATIC int sctp_setsockopt_connectx(struct sock* sk, 1201SCTP_STATIC int __sctp_setsockopt_connectx(struct sock* sk,
1188 struct sockaddr __user *addrs, 1202 struct sockaddr __user *addrs,
1189 int addrs_size) 1203 int addrs_size,
1204 sctp_assoc_t *assoc_id)
1190{ 1205{
1191 int err = 0; 1206 int err = 0;
1192 struct sockaddr *kaddrs; 1207 struct sockaddr *kaddrs;
@@ -1209,13 +1224,46 @@ SCTP_STATIC int sctp_setsockopt_connectx(struct sock* sk,
1209 if (__copy_from_user(kaddrs, addrs, addrs_size)) { 1224 if (__copy_from_user(kaddrs, addrs, addrs_size)) {
1210 err = -EFAULT; 1225 err = -EFAULT;
1211 } else { 1226 } else {
1212 err = __sctp_connect(sk, kaddrs, addrs_size); 1227 err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id);
1213 } 1228 }
1214 1229
1215 kfree(kaddrs); 1230 kfree(kaddrs);
1231
1216 return err; 1232 return err;
1217} 1233}
1218 1234
1235/*
1236 * This is an older interface. It's kept for backward compatibility
1237 * to the option that doesn't provide association id.
1238 */
1239SCTP_STATIC int sctp_setsockopt_connectx_old(struct sock* sk,
1240 struct sockaddr __user *addrs,
1241 int addrs_size)
1242{
1243 return __sctp_setsockopt_connectx(sk, addrs, addrs_size, NULL);
1244}
1245
1246/*
1247 * New interface for the API. The since the API is done with a socket
1248 * option, to make it simple we feed back the association id is as a return
1249 * indication to the call. Error is always negative and association id is
1250 * always positive.
1251 */
1252SCTP_STATIC int sctp_setsockopt_connectx(struct sock* sk,
1253 struct sockaddr __user *addrs,
1254 int addrs_size)
1255{
1256 sctp_assoc_t assoc_id = 0;
1257 int err = 0;
1258
1259 err = __sctp_setsockopt_connectx(sk, addrs, addrs_size, &assoc_id);
1260
1261 if (err)
1262 return err;
1263 else
1264 return assoc_id;
1265}
1266
1219/* API 3.1.4 close() - UDP Style Syntax 1267/* API 3.1.4 close() - UDP Style Syntax
1220 * Applications use close() to perform graceful shutdown (as described in 1268 * Applications use close() to perform graceful shutdown (as described in
1221 * Section 10.1 of [SCTP]) on ALL the associations currently represented 1269 * Section 10.1 of [SCTP]) on ALL the associations currently represented
@@ -2305,74 +2353,98 @@ static int sctp_setsockopt_peer_addr_params(struct sock *sk,
2305 return 0; 2353 return 0;
2306} 2354}
2307 2355
2308/* 7.1.23. Delayed Ack Timer (SCTP_DELAYED_ACK_TIME) 2356/*
2309 * 2357 * 7.1.23. Get or set delayed ack timer (SCTP_DELAYED_SACK)
2310 * This options will get or set the delayed ack timer. The time is set 2358 *
2311 * in milliseconds. If the assoc_id is 0, then this sets or gets the 2359 * This option will effect the way delayed acks are performed. This
2312 * endpoints default delayed ack timer value. If the assoc_id field is 2360 * option allows you to get or set the delayed ack time, in
2313 * non-zero, then the set or get effects the specified association. 2361 * milliseconds. It also allows changing the delayed ack frequency.
2314 * 2362 * Changing the frequency to 1 disables the delayed sack algorithm. If
2315 * struct sctp_assoc_value { 2363 * the assoc_id is 0, then this sets or gets the endpoints default
2316 * sctp_assoc_t assoc_id; 2364 * values. If the assoc_id field is non-zero, then the set or get
2317 * uint32_t assoc_value; 2365 * effects the specified association for the one to many model (the
2318 * }; 2366 * assoc_id field is ignored by the one to one model). Note that if
2367 * sack_delay or sack_freq are 0 when setting this option, then the
2368 * current values will remain unchanged.
2369 *
2370 * struct sctp_sack_info {
2371 * sctp_assoc_t sack_assoc_id;
2372 * uint32_t sack_delay;
2373 * uint32_t sack_freq;
2374 * };
2319 * 2375 *
2320 * assoc_id - This parameter, indicates which association the 2376 * sack_assoc_id - This parameter, indicates which association the user
2321 * user is preforming an action upon. Note that if 2377 * is performing an action upon. Note that if this field's value is
2322 * this field's value is zero then the endpoints 2378 * zero then the endpoints default value is changed (effecting future
2323 * default value is changed (effecting future 2379 * associations only).
2324 * associations only).
2325 * 2380 *
2326 * assoc_value - This parameter contains the number of milliseconds 2381 * sack_delay - This parameter contains the number of milliseconds that
2327 * that the user is requesting the delayed ACK timer 2382 * the user is requesting the delayed ACK timer be set to. Note that
2328 * be set to. Note that this value is defined in 2383 * this value is defined in the standard to be between 200 and 500
2329 * the standard to be between 200 and 500 milliseconds. 2384 * milliseconds.
2330 * 2385 *
2331 * Note: a value of zero will leave the value alone, 2386 * sack_freq - This parameter contains the number of packets that must
2332 * but disable SACK delay. A non-zero value will also 2387 * be received before a sack is sent without waiting for the delay
2333 * enable SACK delay. 2388 * timer to expire. The default value for this is 2, setting this
2389 * value to 1 will disable the delayed sack algorithm.
2334 */ 2390 */
2335 2391
2336static int sctp_setsockopt_delayed_ack_time(struct sock *sk, 2392static int sctp_setsockopt_delayed_ack(struct sock *sk,
2337 char __user *optval, int optlen) 2393 char __user *optval, int optlen)
2338{ 2394{
2339 struct sctp_assoc_value params; 2395 struct sctp_sack_info params;
2340 struct sctp_transport *trans = NULL; 2396 struct sctp_transport *trans = NULL;
2341 struct sctp_association *asoc = NULL; 2397 struct sctp_association *asoc = NULL;
2342 struct sctp_sock *sp = sctp_sk(sk); 2398 struct sctp_sock *sp = sctp_sk(sk);
2343 2399
2344 if (optlen != sizeof(struct sctp_assoc_value)) 2400 if (optlen == sizeof(struct sctp_sack_info)) {
2345 return - EINVAL; 2401 if (copy_from_user(&params, optval, optlen))
2402 return -EFAULT;
2346 2403
2347 if (copy_from_user(&params, optval, optlen)) 2404 if (params.sack_delay == 0 && params.sack_freq == 0)
2348 return -EFAULT; 2405 return 0;
2406 } else if (optlen == sizeof(struct sctp_assoc_value)) {
2407 printk(KERN_WARNING "SCTP: Use of struct sctp_sack_info "
2408 "in delayed_ack socket option deprecated\n");
2409 printk(KERN_WARNING "SCTP: struct sctp_sack_info instead\n");
2410 if (copy_from_user(&params, optval, optlen))
2411 return -EFAULT;
2412
2413 if (params.sack_delay == 0)
2414 params.sack_freq = 1;
2415 else
2416 params.sack_freq = 0;
2417 } else
2418 return - EINVAL;
2349 2419
2350 /* Validate value parameter. */ 2420 /* Validate value parameter. */
2351 if (params.assoc_value > 500) 2421 if (params.sack_delay > 500)
2352 return -EINVAL; 2422 return -EINVAL;
2353 2423
2354 /* Get association, if assoc_id != 0 and the socket is a one 2424 /* Get association, if sack_assoc_id != 0 and the socket is a one
2355 * to many style socket, and an association was not found, then 2425 * to many style socket, and an association was not found, then
2356 * the id was invalid. 2426 * the id was invalid.
2357 */ 2427 */
2358 asoc = sctp_id2assoc(sk, params.assoc_id); 2428 asoc = sctp_id2assoc(sk, params.sack_assoc_id);
2359 if (!asoc && params.assoc_id && sctp_style(sk, UDP)) 2429 if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP))
2360 return -EINVAL; 2430 return -EINVAL;
2361 2431
2362 if (params.assoc_value) { 2432 if (params.sack_delay) {
2363 if (asoc) { 2433 if (asoc) {
2364 asoc->sackdelay = 2434 asoc->sackdelay =
2365 msecs_to_jiffies(params.assoc_value); 2435 msecs_to_jiffies(params.sack_delay);
2366 asoc->param_flags = 2436 asoc->param_flags =
2367 (asoc->param_flags & ~SPP_SACKDELAY) | 2437 (asoc->param_flags & ~SPP_SACKDELAY) |
2368 SPP_SACKDELAY_ENABLE; 2438 SPP_SACKDELAY_ENABLE;
2369 } else { 2439 } else {
2370 sp->sackdelay = params.assoc_value; 2440 sp->sackdelay = params.sack_delay;
2371 sp->param_flags = 2441 sp->param_flags =
2372 (sp->param_flags & ~SPP_SACKDELAY) | 2442 (sp->param_flags & ~SPP_SACKDELAY) |
2373 SPP_SACKDELAY_ENABLE; 2443 SPP_SACKDELAY_ENABLE;
2374 } 2444 }
2375 } else { 2445 }
2446
2447 if (params.sack_freq == 1) {
2376 if (asoc) { 2448 if (asoc) {
2377 asoc->param_flags = 2449 asoc->param_flags =
2378 (asoc->param_flags & ~SPP_SACKDELAY) | 2450 (asoc->param_flags & ~SPP_SACKDELAY) |
@@ -2382,22 +2454,40 @@ static int sctp_setsockopt_delayed_ack_time(struct sock *sk,
2382 (sp->param_flags & ~SPP_SACKDELAY) | 2454 (sp->param_flags & ~SPP_SACKDELAY) |
2383 SPP_SACKDELAY_DISABLE; 2455 SPP_SACKDELAY_DISABLE;
2384 } 2456 }
2457 } else if (params.sack_freq > 1) {
2458 if (asoc) {
2459 asoc->sackfreq = params.sack_freq;
2460 asoc->param_flags =
2461 (asoc->param_flags & ~SPP_SACKDELAY) |
2462 SPP_SACKDELAY_ENABLE;
2463 } else {
2464 sp->sackfreq = params.sack_freq;
2465 sp->param_flags =
2466 (sp->param_flags & ~SPP_SACKDELAY) |
2467 SPP_SACKDELAY_ENABLE;
2468 }
2385 } 2469 }
2386 2470
2387 /* If change is for association, also apply to each transport. */ 2471 /* If change is for association, also apply to each transport. */
2388 if (asoc) { 2472 if (asoc) {
2389 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 2473 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
2390 transports) { 2474 transports) {
2391 if (params.assoc_value) { 2475 if (params.sack_delay) {
2392 trans->sackdelay = 2476 trans->sackdelay =
2393 msecs_to_jiffies(params.assoc_value); 2477 msecs_to_jiffies(params.sack_delay);
2394 trans->param_flags = 2478 trans->param_flags =
2395 (trans->param_flags & ~SPP_SACKDELAY) | 2479 (trans->param_flags & ~SPP_SACKDELAY) |
2396 SPP_SACKDELAY_ENABLE; 2480 SPP_SACKDELAY_ENABLE;
2397 } else { 2481 }
2482 if (params.sack_freq == 1) {
2398 trans->param_flags = 2483 trans->param_flags =
2399 (trans->param_flags & ~SPP_SACKDELAY) | 2484 (trans->param_flags & ~SPP_SACKDELAY) |
2400 SPP_SACKDELAY_DISABLE; 2485 SPP_SACKDELAY_DISABLE;
2486 } else if (params.sack_freq > 1) {
2487 trans->sackfreq = params.sack_freq;
2488 trans->param_flags =
2489 (trans->param_flags & ~SPP_SACKDELAY) |
2490 SPP_SACKDELAY_ENABLE;
2401 } 2491 }
2402 } 2492 }
2403 } 2493 }
@@ -2965,6 +3055,9 @@ static int sctp_setsockopt_auth_chunk(struct sock *sk,
2965{ 3055{
2966 struct sctp_authchunk val; 3056 struct sctp_authchunk val;
2967 3057
3058 if (!sctp_auth_enable)
3059 return -EACCES;
3060
2968 if (optlen != sizeof(struct sctp_authchunk)) 3061 if (optlen != sizeof(struct sctp_authchunk))
2969 return -EINVAL; 3062 return -EINVAL;
2970 if (copy_from_user(&val, optval, optlen)) 3063 if (copy_from_user(&val, optval, optlen))
@@ -2993,8 +3086,12 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,
2993 int optlen) 3086 int optlen)
2994{ 3087{
2995 struct sctp_hmacalgo *hmacs; 3088 struct sctp_hmacalgo *hmacs;
3089 u32 idents;
2996 int err; 3090 int err;
2997 3091
3092 if (!sctp_auth_enable)
3093 return -EACCES;
3094
2998 if (optlen < sizeof(struct sctp_hmacalgo)) 3095 if (optlen < sizeof(struct sctp_hmacalgo))
2999 return -EINVAL; 3096 return -EINVAL;
3000 3097
@@ -3007,8 +3104,9 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,
3007 goto out; 3104 goto out;
3008 } 3105 }
3009 3106
3010 if (hmacs->shmac_num_idents == 0 || 3107 idents = hmacs->shmac_num_idents;
3011 hmacs->shmac_num_idents > SCTP_AUTH_NUM_HMACS) { 3108 if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS ||
3109 (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) {
3012 err = -EINVAL; 3110 err = -EINVAL;
3013 goto out; 3111 goto out;
3014 } 3112 }
@@ -3033,6 +3131,9 @@ static int sctp_setsockopt_auth_key(struct sock *sk,
3033 struct sctp_association *asoc; 3131 struct sctp_association *asoc;
3034 int ret; 3132 int ret;
3035 3133
3134 if (!sctp_auth_enable)
3135 return -EACCES;
3136
3036 if (optlen <= sizeof(struct sctp_authkey)) 3137 if (optlen <= sizeof(struct sctp_authkey))
3037 return -EINVAL; 3138 return -EINVAL;
3038 3139
@@ -3045,6 +3146,11 @@ static int sctp_setsockopt_auth_key(struct sock *sk,
3045 goto out; 3146 goto out;
3046 } 3147 }
3047 3148
3149 if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) {
3150 ret = -EINVAL;
3151 goto out;
3152 }
3153
3048 asoc = sctp_id2assoc(sk, authkey->sca_assoc_id); 3154 asoc = sctp_id2assoc(sk, authkey->sca_assoc_id);
3049 if (!asoc && authkey->sca_assoc_id && sctp_style(sk, UDP)) { 3155 if (!asoc && authkey->sca_assoc_id && sctp_style(sk, UDP)) {
3050 ret = -EINVAL; 3156 ret = -EINVAL;
@@ -3070,6 +3176,9 @@ static int sctp_setsockopt_active_key(struct sock *sk,
3070 struct sctp_authkeyid val; 3176 struct sctp_authkeyid val;
3071 struct sctp_association *asoc; 3177 struct sctp_association *asoc;
3072 3178
3179 if (!sctp_auth_enable)
3180 return -EACCES;
3181
3073 if (optlen != sizeof(struct sctp_authkeyid)) 3182 if (optlen != sizeof(struct sctp_authkeyid))
3074 return -EINVAL; 3183 return -EINVAL;
3075 if (copy_from_user(&val, optval, optlen)) 3184 if (copy_from_user(&val, optval, optlen))
@@ -3095,6 +3204,9 @@ static int sctp_setsockopt_del_key(struct sock *sk,
3095 struct sctp_authkeyid val; 3204 struct sctp_authkeyid val;
3096 struct sctp_association *asoc; 3205 struct sctp_association *asoc;
3097 3206
3207 if (!sctp_auth_enable)
3208 return -EACCES;
3209
3098 if (optlen != sizeof(struct sctp_authkeyid)) 3210 if (optlen != sizeof(struct sctp_authkeyid))
3099 return -EINVAL; 3211 return -EINVAL;
3100 if (copy_from_user(&val, optval, optlen)) 3212 if (copy_from_user(&val, optval, optlen))
@@ -3164,10 +3276,18 @@ SCTP_STATIC int sctp_setsockopt(struct sock *sk, int level, int optname,
3164 optlen, SCTP_BINDX_REM_ADDR); 3276 optlen, SCTP_BINDX_REM_ADDR);
3165 break; 3277 break;
3166 3278
3279 case SCTP_SOCKOPT_CONNECTX_OLD:
3280 /* 'optlen' is the size of the addresses buffer. */
3281 retval = sctp_setsockopt_connectx_old(sk,
3282 (struct sockaddr __user *)optval,
3283 optlen);
3284 break;
3285
3167 case SCTP_SOCKOPT_CONNECTX: 3286 case SCTP_SOCKOPT_CONNECTX:
3168 /* 'optlen' is the size of the addresses buffer. */ 3287 /* 'optlen' is the size of the addresses buffer. */
3169 retval = sctp_setsockopt_connectx(sk, (struct sockaddr __user *)optval, 3288 retval = sctp_setsockopt_connectx(sk,
3170 optlen); 3289 (struct sockaddr __user *)optval,
3290 optlen);
3171 break; 3291 break;
3172 3292
3173 case SCTP_DISABLE_FRAGMENTS: 3293 case SCTP_DISABLE_FRAGMENTS:
@@ -3186,8 +3306,8 @@ SCTP_STATIC int sctp_setsockopt(struct sock *sk, int level, int optname,
3186 retval = sctp_setsockopt_peer_addr_params(sk, optval, optlen); 3306 retval = sctp_setsockopt_peer_addr_params(sk, optval, optlen);
3187 break; 3307 break;
3188 3308
3189 case SCTP_DELAYED_ACK_TIME: 3309 case SCTP_DELAYED_ACK:
3190 retval = sctp_setsockopt_delayed_ack_time(sk, optval, optlen); 3310 retval = sctp_setsockopt_delayed_ack(sk, optval, optlen);
3191 break; 3311 break;
3192 case SCTP_PARTIAL_DELIVERY_POINT: 3312 case SCTP_PARTIAL_DELIVERY_POINT:
3193 retval = sctp_setsockopt_partial_delivery_point(sk, optval, optlen); 3313 retval = sctp_setsockopt_partial_delivery_point(sk, optval, optlen);
@@ -3294,7 +3414,7 @@ SCTP_STATIC int sctp_connect(struct sock *sk, struct sockaddr *addr,
3294 /* Pass correct addr len to common routine (so it knows there 3414 /* Pass correct addr len to common routine (so it knows there
3295 * is only one address being passed. 3415 * is only one address being passed.
3296 */ 3416 */
3297 err = __sctp_connect(sk, addr, af->sockaddr_len); 3417 err = __sctp_connect(sk, addr, af->sockaddr_len, NULL);
3298 } 3418 }
3299 3419
3300 sctp_release_sock(sk); 3420 sctp_release_sock(sk);
@@ -3446,6 +3566,7 @@ SCTP_STATIC int sctp_init_sock(struct sock *sk)
3446 sp->pathmaxrxt = sctp_max_retrans_path; 3566 sp->pathmaxrxt = sctp_max_retrans_path;
3447 sp->pathmtu = 0; // allow default discovery 3567 sp->pathmtu = 0; // allow default discovery
3448 sp->sackdelay = sctp_sack_timeout; 3568 sp->sackdelay = sctp_sack_timeout;
3569 sp->sackfreq = 2;
3449 sp->param_flags = SPP_HB_ENABLE | 3570 sp->param_flags = SPP_HB_ENABLE |
3450 SPP_PMTUD_ENABLE | 3571 SPP_PMTUD_ENABLE |
3451 SPP_SACKDELAY_ENABLE; 3572 SPP_SACKDELAY_ENABLE;
@@ -3497,7 +3618,7 @@ SCTP_STATIC int sctp_init_sock(struct sock *sk)
3497} 3618}
3498 3619
3499/* Cleanup any SCTP per socket resources. */ 3620/* Cleanup any SCTP per socket resources. */
3500SCTP_STATIC int sctp_destroy_sock(struct sock *sk) 3621SCTP_STATIC void sctp_destroy_sock(struct sock *sk)
3501{ 3622{
3502 struct sctp_endpoint *ep; 3623 struct sctp_endpoint *ep;
3503 3624
@@ -3507,7 +3628,6 @@ SCTP_STATIC int sctp_destroy_sock(struct sock *sk)
3507 ep = sctp_sk(sk)->ep; 3628 ep = sctp_sk(sk)->ep;
3508 sctp_endpoint_free(ep); 3629 sctp_endpoint_free(ep);
3509 atomic_dec(&sctp_sockets_allocated); 3630 atomic_dec(&sctp_sockets_allocated);
3510 return 0;
3511} 3631}
3512 3632
3513/* API 4.1.7 shutdown() - TCP Style Syntax 3633/* API 4.1.7 shutdown() - TCP Style Syntax
@@ -3812,7 +3932,7 @@ static int sctp_getsockopt_peeloff(struct sock *sk, int len, char __user *optval
3812 goto out; 3932 goto out;
3813 3933
3814 /* Map the socket to an unused fd that can be returned to the user. */ 3934 /* Map the socket to an unused fd that can be returned to the user. */
3815 retval = sock_map_fd(newsock); 3935 retval = sock_map_fd(newsock, 0);
3816 if (retval < 0) { 3936 if (retval < 0) {
3817 sock_release(newsock); 3937 sock_release(newsock);
3818 goto out; 3938 goto out;
@@ -3999,70 +4119,91 @@ static int sctp_getsockopt_peer_addr_params(struct sock *sk, int len,
3999 return 0; 4119 return 0;
4000} 4120}
4001 4121
4002/* 7.1.23. Delayed Ack Timer (SCTP_DELAYED_ACK_TIME) 4122/*
4003 * 4123 * 7.1.23. Get or set delayed ack timer (SCTP_DELAYED_SACK)
4004 * This options will get or set the delayed ack timer. The time is set 4124 *
4005 * in milliseconds. If the assoc_id is 0, then this sets or gets the 4125 * This option will effect the way delayed acks are performed. This
4006 * endpoints default delayed ack timer value. If the assoc_id field is 4126 * option allows you to get or set the delayed ack time, in
4007 * non-zero, then the set or get effects the specified association. 4127 * milliseconds. It also allows changing the delayed ack frequency.
4008 * 4128 * Changing the frequency to 1 disables the delayed sack algorithm. If
4009 * struct sctp_assoc_value { 4129 * the assoc_id is 0, then this sets or gets the endpoints default
4010 * sctp_assoc_t assoc_id; 4130 * values. If the assoc_id field is non-zero, then the set or get
4011 * uint32_t assoc_value; 4131 * effects the specified association for the one to many model (the
4012 * }; 4132 * assoc_id field is ignored by the one to one model). Note that if
4133 * sack_delay or sack_freq are 0 when setting this option, then the
4134 * current values will remain unchanged.
4135 *
4136 * struct sctp_sack_info {
4137 * sctp_assoc_t sack_assoc_id;
4138 * uint32_t sack_delay;
4139 * uint32_t sack_freq;
4140 * };
4013 * 4141 *
4014 * assoc_id - This parameter, indicates which association the 4142 * sack_assoc_id - This parameter, indicates which association the user
4015 * user is preforming an action upon. Note that if 4143 * is performing an action upon. Note that if this field's value is
4016 * this field's value is zero then the endpoints 4144 * zero then the endpoints default value is changed (effecting future
4017 * default value is changed (effecting future 4145 * associations only).
4018 * associations only).
4019 * 4146 *
4020 * assoc_value - This parameter contains the number of milliseconds 4147 * sack_delay - This parameter contains the number of milliseconds that
4021 * that the user is requesting the delayed ACK timer 4148 * the user is requesting the delayed ACK timer be set to. Note that
4022 * be set to. Note that this value is defined in 4149 * this value is defined in the standard to be between 200 and 500
4023 * the standard to be between 200 and 500 milliseconds. 4150 * milliseconds.
4024 * 4151 *
4025 * Note: a value of zero will leave the value alone, 4152 * sack_freq - This parameter contains the number of packets that must
4026 * but disable SACK delay. A non-zero value will also 4153 * be received before a sack is sent without waiting for the delay
4027 * enable SACK delay. 4154 * timer to expire. The default value for this is 2, setting this
4155 * value to 1 will disable the delayed sack algorithm.
4028 */ 4156 */
4029static int sctp_getsockopt_delayed_ack_time(struct sock *sk, int len, 4157static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
4030 char __user *optval, 4158 char __user *optval,
4031 int __user *optlen) 4159 int __user *optlen)
4032{ 4160{
4033 struct sctp_assoc_value params; 4161 struct sctp_sack_info params;
4034 struct sctp_association *asoc = NULL; 4162 struct sctp_association *asoc = NULL;
4035 struct sctp_sock *sp = sctp_sk(sk); 4163 struct sctp_sock *sp = sctp_sk(sk);
4036 4164
4037 if (len < sizeof(struct sctp_assoc_value)) 4165 if (len >= sizeof(struct sctp_sack_info)) {
4038 return - EINVAL; 4166 len = sizeof(struct sctp_sack_info);
4039 4167
4040 len = sizeof(struct sctp_assoc_value); 4168 if (copy_from_user(&params, optval, len))
4041 4169 return -EFAULT;
4042 if (copy_from_user(&params, optval, len)) 4170 } else if (len == sizeof(struct sctp_assoc_value)) {
4043 return -EFAULT; 4171 printk(KERN_WARNING "SCTP: Use of struct sctp_sack_info "
4172 "in delayed_ack socket option deprecated\n");
4173 printk(KERN_WARNING "SCTP: struct sctp_sack_info instead\n");
4174 if (copy_from_user(&params, optval, len))
4175 return -EFAULT;
4176 } else
4177 return - EINVAL;
4044 4178
4045 /* Get association, if assoc_id != 0 and the socket is a one 4179 /* Get association, if sack_assoc_id != 0 and the socket is a one
4046 * to many style socket, and an association was not found, then 4180 * to many style socket, and an association was not found, then
4047 * the id was invalid. 4181 * the id was invalid.
4048 */ 4182 */
4049 asoc = sctp_id2assoc(sk, params.assoc_id); 4183 asoc = sctp_id2assoc(sk, params.sack_assoc_id);
4050 if (!asoc && params.assoc_id && sctp_style(sk, UDP)) 4184 if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP))
4051 return -EINVAL; 4185 return -EINVAL;
4052 4186
4053 if (asoc) { 4187 if (asoc) {
4054 /* Fetch association values. */ 4188 /* Fetch association values. */
4055 if (asoc->param_flags & SPP_SACKDELAY_ENABLE) 4189 if (asoc->param_flags & SPP_SACKDELAY_ENABLE) {
4056 params.assoc_value = jiffies_to_msecs( 4190 params.sack_delay = jiffies_to_msecs(
4057 asoc->sackdelay); 4191 asoc->sackdelay);
4058 else 4192 params.sack_freq = asoc->sackfreq;
4059 params.assoc_value = 0; 4193
4194 } else {
4195 params.sack_delay = 0;
4196 params.sack_freq = 1;
4197 }
4060 } else { 4198 } else {
4061 /* Fetch socket values. */ 4199 /* Fetch socket values. */
4062 if (sp->param_flags & SPP_SACKDELAY_ENABLE) 4200 if (sp->param_flags & SPP_SACKDELAY_ENABLE) {
4063 params.assoc_value = sp->sackdelay; 4201 params.sack_delay = sp->sackdelay;
4064 else 4202 params.sack_freq = sp->sackfreq;
4065 params.assoc_value = 0; 4203 } else {
4204 params.sack_delay = 0;
4205 params.sack_freq = 1;
4206 }
4066 } 4207 }
4067 4208
4068 if (copy_to_user(optval, &params, len)) 4209 if (copy_to_user(optval, &params, len))
@@ -4112,6 +4253,8 @@ static int sctp_getsockopt_peer_addrs_num_old(struct sock *sk, int len,
4112 if (copy_from_user(&id, optval, sizeof(sctp_assoc_t))) 4253 if (copy_from_user(&id, optval, sizeof(sctp_assoc_t)))
4113 return -EFAULT; 4254 return -EFAULT;
4114 4255
4256 printk(KERN_WARNING "SCTP: Use of SCTP_GET_PEER_ADDRS_NUM_OLD "
4257 "socket option deprecated\n");
4115 /* For UDP-style sockets, id specifies the association to query. */ 4258 /* For UDP-style sockets, id specifies the association to query. */
4116 asoc = sctp_id2assoc(sk, id); 4259 asoc = sctp_id2assoc(sk, id);
4117 if (!asoc) 4260 if (!asoc)
@@ -4151,6 +4294,9 @@ static int sctp_getsockopt_peer_addrs_old(struct sock *sk, int len,
4151 4294
4152 if (getaddrs.addr_num <= 0) return -EINVAL; 4295 if (getaddrs.addr_num <= 0) return -EINVAL;
4153 4296
4297 printk(KERN_WARNING "SCTP: Use of SCTP_GET_PEER_ADDRS_OLD "
4298 "socket option deprecated\n");
4299
4154 /* For UDP-style sockets, id specifies the association to query. */ 4300 /* For UDP-style sockets, id specifies the association to query. */
4155 asoc = sctp_id2assoc(sk, getaddrs.assoc_id); 4301 asoc = sctp_id2assoc(sk, getaddrs.assoc_id);
4156 if (!asoc) 4302 if (!asoc)
@@ -4244,6 +4390,9 @@ static int sctp_getsockopt_local_addrs_num_old(struct sock *sk, int len,
4244 if (copy_from_user(&id, optval, sizeof(sctp_assoc_t))) 4390 if (copy_from_user(&id, optval, sizeof(sctp_assoc_t)))
4245 return -EFAULT; 4391 return -EFAULT;
4246 4392
4393 printk(KERN_WARNING "SCTP: Use of SCTP_GET_LOCAL_ADDRS_NUM_OLD "
4394 "socket option deprecated\n");
4395
4247 /* 4396 /*
4248 * For UDP-style sockets, id specifies the association to query. 4397 * For UDP-style sockets, id specifies the association to query.
4249 * If the id field is set to the value '0' then the locally bound 4398 * If the id field is set to the value '0' then the locally bound
@@ -4276,6 +4425,11 @@ static int sctp_getsockopt_local_addrs_num_old(struct sock *sk, int len,
4276 (AF_INET6 == addr->a.sa.sa_family)) 4425 (AF_INET6 == addr->a.sa.sa_family))
4277 continue; 4426 continue;
4278 4427
4428 if ((PF_INET6 == sk->sk_family) &&
4429 inet_v6_ipv6only(sk) &&
4430 (AF_INET == addr->a.sa.sa_family))
4431 continue;
4432
4279 cnt++; 4433 cnt++;
4280 } 4434 }
4281 rcu_read_unlock(); 4435 rcu_read_unlock();
@@ -4316,6 +4470,10 @@ static int sctp_copy_laddrs_old(struct sock *sk, __u16 port,
4316 if ((PF_INET == sk->sk_family) && 4470 if ((PF_INET == sk->sk_family) &&
4317 (AF_INET6 == addr->a.sa.sa_family)) 4471 (AF_INET6 == addr->a.sa.sa_family))
4318 continue; 4472 continue;
4473 if ((PF_INET6 == sk->sk_family) &&
4474 inet_v6_ipv6only(sk) &&
4475 (AF_INET == addr->a.sa.sa_family))
4476 continue;
4319 memcpy(&temp, &addr->a, sizeof(temp)); 4477 memcpy(&temp, &addr->a, sizeof(temp));
4320 if (!temp.v4.sin_port) 4478 if (!temp.v4.sin_port)
4321 temp.v4.sin_port = htons(port); 4479 temp.v4.sin_port = htons(port);
@@ -4351,6 +4509,10 @@ static int sctp_copy_laddrs(struct sock *sk, __u16 port, void *to,
4351 if ((PF_INET == sk->sk_family) && 4509 if ((PF_INET == sk->sk_family) &&
4352 (AF_INET6 == addr->a.sa.sa_family)) 4510 (AF_INET6 == addr->a.sa.sa_family))
4353 continue; 4511 continue;
4512 if ((PF_INET6 == sk->sk_family) &&
4513 inet_v6_ipv6only(sk) &&
4514 (AF_INET == addr->a.sa.sa_family))
4515 continue;
4354 memcpy(&temp, &addr->a, sizeof(temp)); 4516 memcpy(&temp, &addr->a, sizeof(temp));
4355 if (!temp.v4.sin_port) 4517 if (!temp.v4.sin_port)
4356 temp.v4.sin_port = htons(port); 4518 temp.v4.sin_port = htons(port);
@@ -4401,7 +4563,13 @@ static int sctp_getsockopt_local_addrs_old(struct sock *sk, int len,
4401 if (copy_from_user(&getaddrs, optval, len)) 4563 if (copy_from_user(&getaddrs, optval, len))
4402 return -EFAULT; 4564 return -EFAULT;
4403 4565
4404 if (getaddrs.addr_num <= 0) return -EINVAL; 4566 if (getaddrs.addr_num <= 0 ||
4567 getaddrs.addr_num >= (INT_MAX / sizeof(union sctp_addr)))
4568 return -EINVAL;
4569
4570 printk(KERN_WARNING "SCTP: Use of SCTP_GET_LOCAL_ADDRS_OLD "
4571 "socket option deprecated\n");
4572
4405 /* 4573 /*
4406 * For UDP-style sockets, id specifies the association to query. 4574 * For UDP-style sockets, id specifies the association to query.
4407 * If the id field is set to the value '0' then the locally bound 4575 * If the id field is set to the value '0' then the locally bound
@@ -5051,19 +5219,29 @@ static int sctp_getsockopt_maxburst(struct sock *sk, int len,
5051static int sctp_getsockopt_hmac_ident(struct sock *sk, int len, 5219static int sctp_getsockopt_hmac_ident(struct sock *sk, int len,
5052 char __user *optval, int __user *optlen) 5220 char __user *optval, int __user *optlen)
5053{ 5221{
5222 struct sctp_hmacalgo __user *p = (void __user *)optval;
5054 struct sctp_hmac_algo_param *hmacs; 5223 struct sctp_hmac_algo_param *hmacs;
5055 __u16 param_len; 5224 __u16 data_len = 0;
5225 u32 num_idents;
5226
5227 if (!sctp_auth_enable)
5228 return -EACCES;
5056 5229
5057 hmacs = sctp_sk(sk)->ep->auth_hmacs_list; 5230 hmacs = sctp_sk(sk)->ep->auth_hmacs_list;
5058 param_len = ntohs(hmacs->param_hdr.length); 5231 data_len = ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t);
5059 5232
5060 if (len < param_len) 5233 if (len < sizeof(struct sctp_hmacalgo) + data_len)
5061 return -EINVAL; 5234 return -EINVAL;
5235
5236 len = sizeof(struct sctp_hmacalgo) + data_len;
5237 num_idents = data_len / sizeof(u16);
5238
5062 if (put_user(len, optlen)) 5239 if (put_user(len, optlen))
5063 return -EFAULT; 5240 return -EFAULT;
5064 if (copy_to_user(optval, hmacs->hmac_ids, len)) 5241 if (put_user(num_idents, &p->shmac_num_idents))
5242 return -EFAULT;
5243 if (copy_to_user(p->shmac_idents, hmacs->hmac_ids, data_len))
5065 return -EFAULT; 5244 return -EFAULT;
5066
5067 return 0; 5245 return 0;
5068} 5246}
5069 5247
@@ -5073,6 +5251,9 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len,
5073 struct sctp_authkeyid val; 5251 struct sctp_authkeyid val;
5074 struct sctp_association *asoc; 5252 struct sctp_association *asoc;
5075 5253
5254 if (!sctp_auth_enable)
5255 return -EACCES;
5256
5076 if (len < sizeof(struct sctp_authkeyid)) 5257 if (len < sizeof(struct sctp_authkeyid))
5077 return -EINVAL; 5258 return -EINVAL;
5078 if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) 5259 if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid)))
@@ -5087,6 +5268,12 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len,
5087 else 5268 else
5088 val.scact_keynumber = sctp_sk(sk)->ep->active_key_id; 5269 val.scact_keynumber = sctp_sk(sk)->ep->active_key_id;
5089 5270
5271 len = sizeof(struct sctp_authkeyid);
5272 if (put_user(len, optlen))
5273 return -EFAULT;
5274 if (copy_to_user(optval, &val, len))
5275 return -EFAULT;
5276
5090 return 0; 5277 return 0;
5091} 5278}
5092 5279
@@ -5097,13 +5284,16 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
5097 struct sctp_authchunks val; 5284 struct sctp_authchunks val;
5098 struct sctp_association *asoc; 5285 struct sctp_association *asoc;
5099 struct sctp_chunks_param *ch; 5286 struct sctp_chunks_param *ch;
5100 u32 num_chunks; 5287 u32 num_chunks = 0;
5101 char __user *to; 5288 char __user *to;
5102 5289
5103 if (len <= sizeof(struct sctp_authchunks)) 5290 if (!sctp_auth_enable)
5291 return -EACCES;
5292
5293 if (len < sizeof(struct sctp_authchunks))
5104 return -EINVAL; 5294 return -EINVAL;
5105 5295
5106 if (copy_from_user(&val, p, sizeof(struct sctp_authchunks))) 5296 if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
5107 return -EFAULT; 5297 return -EFAULT;
5108 5298
5109 to = p->gauth_chunks; 5299 to = p->gauth_chunks;
@@ -5112,20 +5302,21 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
5112 return -EINVAL; 5302 return -EINVAL;
5113 5303
5114 ch = asoc->peer.peer_chunks; 5304 ch = asoc->peer.peer_chunks;
5305 if (!ch)
5306 goto num;
5115 5307
5116 /* See if the user provided enough room for all the data */ 5308 /* See if the user provided enough room for all the data */
5117 num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t); 5309 num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t);
5118 if (len < num_chunks) 5310 if (len < num_chunks)
5119 return -EINVAL; 5311 return -EINVAL;
5120 5312
5121 len = num_chunks; 5313 if (copy_to_user(to, ch->chunks, num_chunks))
5122 if (put_user(len, optlen))
5123 return -EFAULT; 5314 return -EFAULT;
5315num:
5316 len = sizeof(struct sctp_authchunks) + num_chunks;
5317 if (put_user(len, optlen)) return -EFAULT;
5124 if (put_user(num_chunks, &p->gauth_number_of_chunks)) 5318 if (put_user(num_chunks, &p->gauth_number_of_chunks))
5125 return -EFAULT; 5319 return -EFAULT;
5126 if (copy_to_user(to, ch->chunks, len))
5127 return -EFAULT;
5128
5129 return 0; 5320 return 0;
5130} 5321}
5131 5322
@@ -5136,13 +5327,16 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
5136 struct sctp_authchunks val; 5327 struct sctp_authchunks val;
5137 struct sctp_association *asoc; 5328 struct sctp_association *asoc;
5138 struct sctp_chunks_param *ch; 5329 struct sctp_chunks_param *ch;
5139 u32 num_chunks; 5330 u32 num_chunks = 0;
5140 char __user *to; 5331 char __user *to;
5141 5332
5142 if (len <= sizeof(struct sctp_authchunks)) 5333 if (!sctp_auth_enable)
5334 return -EACCES;
5335
5336 if (len < sizeof(struct sctp_authchunks))
5143 return -EINVAL; 5337 return -EINVAL;
5144 5338
5145 if (copy_from_user(&val, p, sizeof(struct sctp_authchunks))) 5339 if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
5146 return -EFAULT; 5340 return -EFAULT;
5147 5341
5148 to = p->gauth_chunks; 5342 to = p->gauth_chunks;
@@ -5155,17 +5349,21 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
5155 else 5349 else
5156 ch = sctp_sk(sk)->ep->auth_chunk_list; 5350 ch = sctp_sk(sk)->ep->auth_chunk_list;
5157 5351
5352 if (!ch)
5353 goto num;
5354
5158 num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t); 5355 num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t);
5159 if (len < num_chunks) 5356 if (len < sizeof(struct sctp_authchunks) + num_chunks)
5160 return -EINVAL; 5357 return -EINVAL;
5161 5358
5162 len = num_chunks; 5359 if (copy_to_user(to, ch->chunks, num_chunks))
5360 return -EFAULT;
5361num:
5362 len = sizeof(struct sctp_authchunks) + num_chunks;
5163 if (put_user(len, optlen)) 5363 if (put_user(len, optlen))
5164 return -EFAULT; 5364 return -EFAULT;
5165 if (put_user(num_chunks, &p->gauth_number_of_chunks)) 5365 if (put_user(num_chunks, &p->gauth_number_of_chunks))
5166 return -EFAULT; 5366 return -EFAULT;
5167 if (copy_to_user(to, ch->chunks, len))
5168 return -EFAULT;
5169 5367
5170 return 0; 5368 return 0;
5171} 5369}
@@ -5218,8 +5416,8 @@ SCTP_STATIC int sctp_getsockopt(struct sock *sk, int level, int optname,
5218 retval = sctp_getsockopt_peer_addr_params(sk, len, optval, 5416 retval = sctp_getsockopt_peer_addr_params(sk, len, optval,
5219 optlen); 5417 optlen);
5220 break; 5418 break;
5221 case SCTP_DELAYED_ACK_TIME: 5419 case SCTP_DELAYED_ACK:
5222 retval = sctp_getsockopt_delayed_ack_time(sk, len, optval, 5420 retval = sctp_getsockopt_delayed_ack(sk, len, optval,
5223 optlen); 5421 optlen);
5224 break; 5422 break;
5225 case SCTP_INITMSG: 5423 case SCTP_INITMSG:
@@ -5439,12 +5637,13 @@ pp_found:
5439 struct sctp_endpoint *ep2; 5637 struct sctp_endpoint *ep2;
5440 ep2 = sctp_sk(sk2)->ep; 5638 ep2 = sctp_sk(sk2)->ep;
5441 5639
5442 if (reuse && sk2->sk_reuse && 5640 if (sk == sk2 ||
5443 sk2->sk_state != SCTP_SS_LISTENING) 5641 (reuse && sk2->sk_reuse &&
5642 sk2->sk_state != SCTP_SS_LISTENING))
5444 continue; 5643 continue;
5445 5644
5446 if (sctp_bind_addr_match(&ep2->base.bind_addr, addr, 5645 if (sctp_bind_addr_conflict(&ep2->base.bind_addr, addr,
5447 sctp_sk(sk))) { 5646 sctp_sk(sk2), sctp_sk(sk))) {
5448 ret = (long)sk2; 5647 ret = (long)sk2;
5449 goto fail_unlock; 5648 goto fail_unlock;
5450 } 5649 }
@@ -5557,8 +5756,13 @@ SCTP_STATIC int sctp_seqpacket_listen(struct sock *sk, int backlog)
5557 if (!ep->base.bind_addr.port) { 5756 if (!ep->base.bind_addr.port) {
5558 if (sctp_autobind(sk)) 5757 if (sctp_autobind(sk))
5559 return -EAGAIN; 5758 return -EAGAIN;
5560 } else 5759 } else {
5760 if (sctp_get_port(sk, inet_sk(sk)->num)) {
5761 sk->sk_state = SCTP_SS_CLOSED;
5762 return -EADDRINUSE;
5763 }
5561 sctp_sk(sk)->bind_hash->fastreuse = 0; 5764 sctp_sk(sk)->bind_hash->fastreuse = 0;
5765 }
5562 5766
5563 sctp_hash_endpoint(ep); 5767 sctp_hash_endpoint(ep);
5564 return 0; 5768 return 0;
@@ -5628,7 +5832,7 @@ int sctp_inet_listen(struct socket *sock, int backlog)
5628 goto out; 5832 goto out;
5629 5833
5630 /* Allocate HMAC for generating cookie. */ 5834 /* Allocate HMAC for generating cookie. */
5631 if (sctp_hmac_alg) { 5835 if (!sctp_sk(sk)->hmac && sctp_hmac_alg) {
5632 tfm = crypto_alloc_hash(sctp_hmac_alg, 0, CRYPTO_ALG_ASYNC); 5836 tfm = crypto_alloc_hash(sctp_hmac_alg, 0, CRYPTO_ALG_ASYNC);
5633 if (IS_ERR(tfm)) { 5837 if (IS_ERR(tfm)) {
5634 if (net_ratelimit()) { 5838 if (net_ratelimit()) {
@@ -5656,7 +5860,8 @@ int sctp_inet_listen(struct socket *sock, int backlog)
5656 goto cleanup; 5860 goto cleanup;
5657 5861
5658 /* Store away the transform reference. */ 5862 /* Store away the transform reference. */
5659 sctp_sk(sk)->hmac = tfm; 5863 if (!sctp_sk(sk)->hmac)
5864 sctp_sk(sk)->hmac = tfm;
5660out: 5865out:
5661 sctp_release_sock(sk); 5866 sctp_release_sock(sk);
5662 return err; 5867 return err;
diff --git a/net/sctp/transport.c b/net/sctp/transport.c
index f4938f6c5abe..e745c118f239 100644
--- a/net/sctp/transport.c
+++ b/net/sctp/transport.c
@@ -79,6 +79,7 @@ static struct sctp_transport *sctp_transport_init(struct sctp_transport *peer,
79 peer->rttvar = 0; 79 peer->rttvar = 0;
80 peer->srtt = 0; 80 peer->srtt = 0;
81 peer->rto_pending = 0; 81 peer->rto_pending = 0;
82 peer->fast_recovery = 0;
82 83
83 peer->last_time_heard = jiffies; 84 peer->last_time_heard = jiffies;
84 peer->last_time_used = jiffies; 85 peer->last_time_used = jiffies;
@@ -99,6 +100,9 @@ static struct sctp_transport *sctp_transport_init(struct sctp_transport *peer,
99 INIT_LIST_HEAD(&peer->send_ready); 100 INIT_LIST_HEAD(&peer->send_ready);
100 INIT_LIST_HEAD(&peer->transports); 101 INIT_LIST_HEAD(&peer->transports);
101 102
103 peer->T3_rtx_timer.expires = 0;
104 peer->hb_timer.expires = 0;
105
102 setup_timer(&peer->T3_rtx_timer, sctp_generate_t3_rtx_event, 106 setup_timer(&peer->T3_rtx_timer, sctp_generate_t3_rtx_event,
103 (unsigned long)peer); 107 (unsigned long)peer);
104 setup_timer(&peer->hb_timer, sctp_generate_heartbeat_event, 108 setup_timer(&peer->hb_timer, sctp_generate_heartbeat_event,
@@ -190,7 +194,7 @@ static void sctp_transport_destroy(struct sctp_transport *transport)
190/* Start T3_rtx timer if it is not already running and update the heartbeat 194/* Start T3_rtx timer if it is not already running and update the heartbeat
191 * timer. This routine is called every time a DATA chunk is sent. 195 * timer. This routine is called every time a DATA chunk is sent.
192 */ 196 */
193void sctp_transport_reset_timers(struct sctp_transport *transport) 197void sctp_transport_reset_timers(struct sctp_transport *transport, int force)
194{ 198{
195 /* RFC 2960 6.3.2 Retransmission Timer Rules 199 /* RFC 2960 6.3.2 Retransmission Timer Rules
196 * 200 *
@@ -200,7 +204,7 @@ void sctp_transport_reset_timers(struct sctp_transport *transport)
200 * address. 204 * address.
201 */ 205 */
202 206
203 if (!timer_pending(&transport->T3_rtx_timer)) 207 if (force || !timer_pending(&transport->T3_rtx_timer))
204 if (!mod_timer(&transport->T3_rtx_timer, 208 if (!mod_timer(&transport->T3_rtx_timer,
205 jiffies + transport->rto)) 209 jiffies + transport->rto))
206 sctp_transport_hold(transport); 210 sctp_transport_hold(transport);
@@ -291,7 +295,7 @@ void sctp_transport_route(struct sctp_transport *transport,
291 if (saddr) 295 if (saddr)
292 memcpy(&transport->saddr, saddr, sizeof(union sctp_addr)); 296 memcpy(&transport->saddr, saddr, sizeof(union sctp_addr));
293 else 297 else
294 af->get_saddr(asoc, dst, daddr, &transport->saddr); 298 af->get_saddr(opt, asoc, dst, daddr, &transport->saddr);
295 299
296 transport->dst = dst; 300 transport->dst = dst;
297 if ((transport->param_flags & SPP_PMTUD_DISABLE) && transport->pathmtu) { 301 if ((transport->param_flags & SPP_PMTUD_DISABLE) && transport->pathmtu) {
@@ -403,11 +407,16 @@ void sctp_transport_raise_cwnd(struct sctp_transport *transport,
403 cwnd = transport->cwnd; 407 cwnd = transport->cwnd;
404 flight_size = transport->flight_size; 408 flight_size = transport->flight_size;
405 409
410 /* See if we need to exit Fast Recovery first */
411 if (transport->fast_recovery &&
412 TSN_lte(transport->fast_recovery_exit, sack_ctsn))
413 transport->fast_recovery = 0;
414
406 /* The appropriate cwnd increase algorithm is performed if, and only 415 /* The appropriate cwnd increase algorithm is performed if, and only
407 * if the cumulative TSN has advanced and the congestion window is 416 * if the cumulative TSN whould advanced and the congestion window is
408 * being fully utilized. 417 * being fully utilized.
409 */ 418 */
410 if ((transport->asoc->ctsn_ack_point >= sack_ctsn) || 419 if (TSN_lte(sack_ctsn, transport->asoc->ctsn_ack_point) ||
411 (flight_size < cwnd)) 420 (flight_size < cwnd))
412 return; 421 return;
413 422
@@ -416,17 +425,23 @@ void sctp_transport_raise_cwnd(struct sctp_transport *transport,
416 pmtu = transport->asoc->pathmtu; 425 pmtu = transport->asoc->pathmtu;
417 426
418 if (cwnd <= ssthresh) { 427 if (cwnd <= ssthresh) {
419 /* RFC 2960 7.2.1, sctpimpguide-05 2.14.2 When cwnd is less 428 /* RFC 4960 7.2.1
420 * than or equal to ssthresh an SCTP endpoint MUST use the 429 * o When cwnd is less than or equal to ssthresh, an SCTP
421 * slow start algorithm to increase cwnd only if the current 430 * endpoint MUST use the slow-start algorithm to increase
422 * congestion window is being fully utilized and an incoming 431 * cwnd only if the current congestion window is being fully
423 * SACK advances the Cumulative TSN Ack Point. Only when these 432 * utilized, an incoming SACK advances the Cumulative TSN
424 * two conditions are met can the cwnd be increased otherwise 433 * Ack Point, and the data sender is not in Fast Recovery.
425 * the cwnd MUST not be increased. If these conditions are met 434 * Only when these three conditions are met can the cwnd be
426 * then cwnd MUST be increased by at most the lesser of 435 * increased; otherwise, the cwnd MUST not be increased.
427 * 1) the total size of the previously outstanding DATA 436 * If these conditions are met, then cwnd MUST be increased
428 * chunk(s) acknowledged, and 2) the destination's path MTU. 437 * by, at most, the lesser of 1) the total size of the
438 * previously outstanding DATA chunk(s) acknowledged, and
439 * 2) the destination's path MTU. This upper bound protects
440 * against the ACK-Splitting attack outlined in [SAVAGE99].
429 */ 441 */
442 if (transport->fast_recovery)
443 return;
444
430 if (bytes_acked > pmtu) 445 if (bytes_acked > pmtu)
431 cwnd += pmtu; 446 cwnd += pmtu;
432 else 447 else
@@ -502,6 +517,13 @@ void sctp_transport_lower_cwnd(struct sctp_transport *transport,
502 * cwnd = ssthresh 517 * cwnd = ssthresh
503 * partial_bytes_acked = 0 518 * partial_bytes_acked = 0
504 */ 519 */
520 if (transport->fast_recovery)
521 return;
522
523 /* Mark Fast recovery */
524 transport->fast_recovery = 1;
525 transport->fast_recovery_exit = transport->asoc->next_tsn - 1;
526
505 transport->ssthresh = max(transport->cwnd/2, 527 transport->ssthresh = max(transport->cwnd/2,
506 4*transport->asoc->pathmtu); 528 4*transport->asoc->pathmtu);
507 transport->cwnd = transport->ssthresh; 529 transport->cwnd = transport->ssthresh;
@@ -586,6 +608,7 @@ void sctp_transport_reset(struct sctp_transport *t)
586 t->flight_size = 0; 608 t->flight_size = 0;
587 t->error_count = 0; 609 t->error_count = 0;
588 t->rto_pending = 0; 610 t->rto_pending = 0;
611 t->fast_recovery = 0;
589 612
590 /* Initialize the state information for SFR-CACC */ 613 /* Initialize the state information for SFR-CACC */
591 t->cacc.changeover_active = 0; 614 t->cacc.changeover_active = 0;
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index ce6cda6b6994..a1f654aea268 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -710,6 +710,11 @@ struct sctp_ulpevent *sctp_ulpevent_make_rcvmsg(struct sctp_association *asoc,
710 if (!skb) 710 if (!skb)
711 goto fail; 711 goto fail;
712 712
713 /* Now that all memory allocations for this chunk succeeded, we
714 * can mark it as received so the tsn_map is updated correctly.
715 */
716 sctp_tsnmap_mark(&asoc->peer.tsn_map, ntohl(chunk->subh.data_hdr->tsn));
717
713 /* First calculate the padding, so we don't inadvertently 718 /* First calculate the padding, so we don't inadvertently
714 * pass up the wrong length to the user. 719 * pass up the wrong length to the user.
715 * 720 *
diff --git a/net/socket.c b/net/socket.c
index 66c4a8cf6db9..8ef8ba81b9e2 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -63,11 +63,13 @@
63#include <linux/file.h> 63#include <linux/file.h>
64#include <linux/net.h> 64#include <linux/net.h>
65#include <linux/interrupt.h> 65#include <linux/interrupt.h>
66#include <linux/thread_info.h>
66#include <linux/rcupdate.h> 67#include <linux/rcupdate.h>
67#include <linux/netdevice.h> 68#include <linux/netdevice.h>
68#include <linux/proc_fs.h> 69#include <linux/proc_fs.h>
69#include <linux/seq_file.h> 70#include <linux/seq_file.h>
70#include <linux/mutex.h> 71#include <linux/mutex.h>
72#include <linux/thread_info.h>
71#include <linux/wanrouter.h> 73#include <linux/wanrouter.h>
72#include <linux/if_bridge.h> 74#include <linux/if_bridge.h>
73#include <linux/if_frad.h> 75#include <linux/if_frad.h>
@@ -90,6 +92,7 @@
90#include <asm/unistd.h> 92#include <asm/unistd.h>
91 93
92#include <net/compat.h> 94#include <net/compat.h>
95#include <net/wext.h>
93 96
94#include <net/sock.h> 97#include <net/sock.h>
95#include <linux/netfilter.h> 98#include <linux/netfilter.h>
@@ -179,9 +182,9 @@ static DEFINE_PER_CPU(int, sockets_in_use) = 0;
179 * invalid addresses -EFAULT is returned. On a success 0 is returned. 182 * invalid addresses -EFAULT is returned. On a success 0 is returned.
180 */ 183 */
181 184
182int move_addr_to_kernel(void __user *uaddr, int ulen, void *kaddr) 185int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr *kaddr)
183{ 186{
184 if (ulen < 0 || ulen > MAX_SOCK_ADDR) 187 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
185 return -EINVAL; 188 return -EINVAL;
186 if (ulen == 0) 189 if (ulen == 0)
187 return 0; 190 return 0;
@@ -207,7 +210,7 @@ int move_addr_to_kernel(void __user *uaddr, int ulen, void *kaddr)
207 * specified. Zero is returned for a success. 210 * specified. Zero is returned for a success.
208 */ 211 */
209 212
210int move_addr_to_user(void *kaddr, int klen, void __user *uaddr, 213int move_addr_to_user(struct sockaddr *kaddr, int klen, void __user *uaddr,
211 int __user *ulen) 214 int __user *ulen)
212{ 215{
213 int err; 216 int err;
@@ -218,7 +221,7 @@ int move_addr_to_user(void *kaddr, int klen, void __user *uaddr,
218 return err; 221 return err;
219 if (len > klen) 222 if (len > klen)
220 len = klen; 223 len = klen;
221 if (len < 0 || len > MAX_SOCK_ADDR) 224 if (len < 0 || len > sizeof(struct sockaddr_storage))
222 return -EINVAL; 225 return -EINVAL;
223 if (len) { 226 if (len) {
224 if (audit_sockaddr(klen, kaddr)) 227 if (audit_sockaddr(klen, kaddr))
@@ -262,7 +265,7 @@ static void sock_destroy_inode(struct inode *inode)
262 container_of(inode, struct socket_alloc, vfs_inode)); 265 container_of(inode, struct socket_alloc, vfs_inode));
263} 266}
264 267
265static void init_once(struct kmem_cache *cachep, void *foo) 268static void init_once(void *foo)
266{ 269{
267 struct socket_alloc *ei = (struct socket_alloc *)foo; 270 struct socket_alloc *ei = (struct socket_alloc *)foo;
268 271
@@ -348,11 +351,11 @@ static struct dentry_operations sockfs_dentry_operations = {
348 * but we take care of internal coherence yet. 351 * but we take care of internal coherence yet.
349 */ 352 */
350 353
351static int sock_alloc_fd(struct file **filep) 354static int sock_alloc_fd(struct file **filep, int flags)
352{ 355{
353 int fd; 356 int fd;
354 357
355 fd = get_unused_fd(); 358 fd = get_unused_fd_flags(flags);
356 if (likely(fd >= 0)) { 359 if (likely(fd >= 0)) {
357 struct file *file = get_empty_filp(); 360 struct file *file = get_empty_filp();
358 361
@@ -366,7 +369,7 @@ static int sock_alloc_fd(struct file **filep)
366 return fd; 369 return fd;
367} 370}
368 371
369static int sock_attach_fd(struct socket *sock, struct file *file) 372static int sock_attach_fd(struct socket *sock, struct file *file, int flags)
370{ 373{
371 struct dentry *dentry; 374 struct dentry *dentry;
372 struct qstr name = { .name = "" }; 375 struct qstr name = { .name = "" };
@@ -388,20 +391,20 @@ static int sock_attach_fd(struct socket *sock, struct file *file)
388 init_file(file, sock_mnt, dentry, FMODE_READ | FMODE_WRITE, 391 init_file(file, sock_mnt, dentry, FMODE_READ | FMODE_WRITE,
389 &socket_file_ops); 392 &socket_file_ops);
390 SOCK_INODE(sock)->i_fop = &socket_file_ops; 393 SOCK_INODE(sock)->i_fop = &socket_file_ops;
391 file->f_flags = O_RDWR; 394 file->f_flags = O_RDWR | (flags & O_NONBLOCK);
392 file->f_pos = 0; 395 file->f_pos = 0;
393 file->private_data = sock; 396 file->private_data = sock;
394 397
395 return 0; 398 return 0;
396} 399}
397 400
398int sock_map_fd(struct socket *sock) 401int sock_map_fd(struct socket *sock, int flags)
399{ 402{
400 struct file *newfile; 403 struct file *newfile;
401 int fd = sock_alloc_fd(&newfile); 404 int fd = sock_alloc_fd(&newfile, flags);
402 405
403 if (likely(fd >= 0)) { 406 if (likely(fd >= 0)) {
404 int err = sock_attach_fd(sock, newfile); 407 int err = sock_attach_fd(sock, newfile, flags);
405 408
406 if (unlikely(err < 0)) { 409 if (unlikely(err < 0)) {
407 put_filp(newfile); 410 put_filp(newfile);
@@ -1217,12 +1220,27 @@ asmlinkage long sys_socket(int family, int type, int protocol)
1217{ 1220{
1218 int retval; 1221 int retval;
1219 struct socket *sock; 1222 struct socket *sock;
1223 int flags;
1224
1225 /* Check the SOCK_* constants for consistency. */
1226 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1227 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1228 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1229 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1230
1231 flags = type & ~SOCK_TYPE_MASK;
1232 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1233 return -EINVAL;
1234 type &= SOCK_TYPE_MASK;
1235
1236 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1237 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1220 1238
1221 retval = sock_create(family, type, protocol, &sock); 1239 retval = sock_create(family, type, protocol, &sock);
1222 if (retval < 0) 1240 if (retval < 0)
1223 goto out; 1241 goto out;
1224 1242
1225 retval = sock_map_fd(sock); 1243 retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1226 if (retval < 0) 1244 if (retval < 0)
1227 goto out_release; 1245 goto out_release;
1228 1246
@@ -1245,6 +1263,15 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1245 struct socket *sock1, *sock2; 1263 struct socket *sock1, *sock2;
1246 int fd1, fd2, err; 1264 int fd1, fd2, err;
1247 struct file *newfile1, *newfile2; 1265 struct file *newfile1, *newfile2;
1266 int flags;
1267
1268 flags = type & ~SOCK_TYPE_MASK;
1269 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1270 return -EINVAL;
1271 type &= SOCK_TYPE_MASK;
1272
1273 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1274 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1248 1275
1249 /* 1276 /*
1250 * Obtain the first socket and check if the underlying protocol 1277 * Obtain the first socket and check if the underlying protocol
@@ -1263,13 +1290,13 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1263 if (err < 0) 1290 if (err < 0)
1264 goto out_release_both; 1291 goto out_release_both;
1265 1292
1266 fd1 = sock_alloc_fd(&newfile1); 1293 fd1 = sock_alloc_fd(&newfile1, flags & O_CLOEXEC);
1267 if (unlikely(fd1 < 0)) { 1294 if (unlikely(fd1 < 0)) {
1268 err = fd1; 1295 err = fd1;
1269 goto out_release_both; 1296 goto out_release_both;
1270 } 1297 }
1271 1298
1272 fd2 = sock_alloc_fd(&newfile2); 1299 fd2 = sock_alloc_fd(&newfile2, flags & O_CLOEXEC);
1273 if (unlikely(fd2 < 0)) { 1300 if (unlikely(fd2 < 0)) {
1274 err = fd2; 1301 err = fd2;
1275 put_filp(newfile1); 1302 put_filp(newfile1);
@@ -1277,12 +1304,12 @@ asmlinkage long sys_socketpair(int family, int type, int protocol,
1277 goto out_release_both; 1304 goto out_release_both;
1278 } 1305 }
1279 1306
1280 err = sock_attach_fd(sock1, newfile1); 1307 err = sock_attach_fd(sock1, newfile1, flags & O_NONBLOCK);
1281 if (unlikely(err < 0)) { 1308 if (unlikely(err < 0)) {
1282 goto out_fd2; 1309 goto out_fd2;
1283 } 1310 }
1284 1311
1285 err = sock_attach_fd(sock2, newfile2); 1312 err = sock_attach_fd(sock2, newfile2, flags & O_NONBLOCK);
1286 if (unlikely(err < 0)) { 1313 if (unlikely(err < 0)) {
1287 fput(newfile1); 1314 fput(newfile1);
1288 goto out_fd1; 1315 goto out_fd1;
@@ -1341,20 +1368,20 @@ out_fd:
1341asmlinkage long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) 1368asmlinkage long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1342{ 1369{
1343 struct socket *sock; 1370 struct socket *sock;
1344 char address[MAX_SOCK_ADDR]; 1371 struct sockaddr_storage address;
1345 int err, fput_needed; 1372 int err, fput_needed;
1346 1373
1347 sock = sockfd_lookup_light(fd, &err, &fput_needed); 1374 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1348 if (sock) { 1375 if (sock) {
1349 err = move_addr_to_kernel(umyaddr, addrlen, address); 1376 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
1350 if (err >= 0) { 1377 if (err >= 0) {
1351 err = security_socket_bind(sock, 1378 err = security_socket_bind(sock,
1352 (struct sockaddr *)address, 1379 (struct sockaddr *)&address,
1353 addrlen); 1380 addrlen);
1354 if (!err) 1381 if (!err)
1355 err = sock->ops->bind(sock, 1382 err = sock->ops->bind(sock,
1356 (struct sockaddr *) 1383 (struct sockaddr *)
1357 address, addrlen); 1384 &address, addrlen);
1358 } 1385 }
1359 fput_light(sock->file, fput_needed); 1386 fput_light(sock->file, fput_needed);
1360 } 1387 }
@@ -1400,13 +1427,19 @@ asmlinkage long sys_listen(int fd, int backlog)
1400 * clean when we restucture accept also. 1427 * clean when we restucture accept also.
1401 */ 1428 */
1402 1429
1403asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, 1430long do_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1404 int __user *upeer_addrlen) 1431 int __user *upeer_addrlen, int flags)
1405{ 1432{
1406 struct socket *sock, *newsock; 1433 struct socket *sock, *newsock;
1407 struct file *newfile; 1434 struct file *newfile;
1408 int err, len, newfd, fput_needed; 1435 int err, len, newfd, fput_needed;
1409 char address[MAX_SOCK_ADDR]; 1436 struct sockaddr_storage address;
1437
1438 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1439 return -EINVAL;
1440
1441 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1442 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1410 1443
1411 sock = sockfd_lookup_light(fd, &err, &fput_needed); 1444 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1412 if (!sock) 1445 if (!sock)
@@ -1425,14 +1458,14 @@ asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1425 */ 1458 */
1426 __module_get(newsock->ops->owner); 1459 __module_get(newsock->ops->owner);
1427 1460
1428 newfd = sock_alloc_fd(&newfile); 1461 newfd = sock_alloc_fd(&newfile, flags & O_CLOEXEC);
1429 if (unlikely(newfd < 0)) { 1462 if (unlikely(newfd < 0)) {
1430 err = newfd; 1463 err = newfd;
1431 sock_release(newsock); 1464 sock_release(newsock);
1432 goto out_put; 1465 goto out_put;
1433 } 1466 }
1434 1467
1435 err = sock_attach_fd(newsock, newfile); 1468 err = sock_attach_fd(newsock, newfile, flags & O_NONBLOCK);
1436 if (err < 0) 1469 if (err < 0)
1437 goto out_fd_simple; 1470 goto out_fd_simple;
1438 1471
@@ -1445,13 +1478,13 @@ asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1445 goto out_fd; 1478 goto out_fd;
1446 1479
1447 if (upeer_sockaddr) { 1480 if (upeer_sockaddr) {
1448 if (newsock->ops->getname(newsock, (struct sockaddr *)address, 1481 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
1449 &len, 2) < 0) { 1482 &len, 2) < 0) {
1450 err = -ECONNABORTED; 1483 err = -ECONNABORTED;
1451 goto out_fd; 1484 goto out_fd;
1452 } 1485 }
1453 err = move_addr_to_user(address, len, upeer_sockaddr, 1486 err = move_addr_to_user((struct sockaddr *)&address,
1454 upeer_addrlen); 1487 len, upeer_sockaddr, upeer_addrlen);
1455 if (err < 0) 1488 if (err < 0)
1456 goto out_fd; 1489 goto out_fd;
1457 } 1490 }
@@ -1478,6 +1511,66 @@ out_fd:
1478 goto out_put; 1511 goto out_put;
1479} 1512}
1480 1513
1514#ifdef HAVE_SET_RESTORE_SIGMASK
1515asmlinkage long sys_paccept(int fd, struct sockaddr __user *upeer_sockaddr,
1516 int __user *upeer_addrlen,
1517 const sigset_t __user *sigmask,
1518 size_t sigsetsize, int flags)
1519{
1520 sigset_t ksigmask, sigsaved;
1521 int ret;
1522
1523 if (sigmask) {
1524 /* XXX: Don't preclude handling different sized sigset_t's. */
1525 if (sigsetsize != sizeof(sigset_t))
1526 return -EINVAL;
1527 if (copy_from_user(&ksigmask, sigmask, sizeof(ksigmask)))
1528 return -EFAULT;
1529
1530 sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP));
1531 sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
1532 }
1533
1534 ret = do_accept(fd, upeer_sockaddr, upeer_addrlen, flags);
1535
1536 if (ret < 0 && signal_pending(current)) {
1537 /*
1538 * Don't restore the signal mask yet. Let do_signal() deliver
1539 * the signal on the way back to userspace, before the signal
1540 * mask is restored.
1541 */
1542 if (sigmask) {
1543 memcpy(&current->saved_sigmask, &sigsaved,
1544 sizeof(sigsaved));
1545 set_restore_sigmask();
1546 }
1547 } else if (sigmask)
1548 sigprocmask(SIG_SETMASK, &sigsaved, NULL);
1549
1550 return ret;
1551}
1552#else
1553asmlinkage long sys_paccept(int fd, struct sockaddr __user *upeer_sockaddr,
1554 int __user *upeer_addrlen,
1555 const sigset_t __user *sigmask,
1556 size_t sigsetsize, int flags)
1557{
1558 /* The platform does not support restoring the signal mask in the
1559 * return path. So we do not allow using paccept() with a signal
1560 * mask. */
1561 if (sigmask)
1562 return -EINVAL;
1563
1564 return do_accept(fd, upeer_sockaddr, upeer_addrlen, flags);
1565}
1566#endif
1567
1568asmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
1569 int __user *upeer_addrlen)
1570{
1571 return do_accept(fd, upeer_sockaddr, upeer_addrlen, 0);
1572}
1573
1481/* 1574/*
1482 * Attempt to connect to a socket with the server address. The address 1575 * Attempt to connect to a socket with the server address. The address
1483 * is in user space so we verify it is OK and move it to kernel space. 1576 * is in user space so we verify it is OK and move it to kernel space.
@@ -1494,22 +1587,22 @@ asmlinkage long sys_connect(int fd, struct sockaddr __user *uservaddr,
1494 int addrlen) 1587 int addrlen)
1495{ 1588{
1496 struct socket *sock; 1589 struct socket *sock;
1497 char address[MAX_SOCK_ADDR]; 1590 struct sockaddr_storage address;
1498 int err, fput_needed; 1591 int err, fput_needed;
1499 1592
1500 sock = sockfd_lookup_light(fd, &err, &fput_needed); 1593 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1501 if (!sock) 1594 if (!sock)
1502 goto out; 1595 goto out;
1503 err = move_addr_to_kernel(uservaddr, addrlen, address); 1596 err = move_addr_to_kernel(uservaddr, addrlen, (struct sockaddr *)&address);
1504 if (err < 0) 1597 if (err < 0)
1505 goto out_put; 1598 goto out_put;
1506 1599
1507 err = 1600 err =
1508 security_socket_connect(sock, (struct sockaddr *)address, addrlen); 1601 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1509 if (err) 1602 if (err)
1510 goto out_put; 1603 goto out_put;
1511 1604
1512 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen, 1605 err = sock->ops->connect(sock, (struct sockaddr *)&address, addrlen,
1513 sock->file->f_flags); 1606 sock->file->f_flags);
1514out_put: 1607out_put:
1515 fput_light(sock->file, fput_needed); 1608 fput_light(sock->file, fput_needed);
@@ -1526,7 +1619,7 @@ asmlinkage long sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1526 int __user *usockaddr_len) 1619 int __user *usockaddr_len)
1527{ 1620{
1528 struct socket *sock; 1621 struct socket *sock;
1529 char address[MAX_SOCK_ADDR]; 1622 struct sockaddr_storage address;
1530 int len, err, fput_needed; 1623 int len, err, fput_needed;
1531 1624
1532 sock = sockfd_lookup_light(fd, &err, &fput_needed); 1625 sock = sockfd_lookup_light(fd, &err, &fput_needed);
@@ -1537,10 +1630,10 @@ asmlinkage long sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1537 if (err) 1630 if (err)
1538 goto out_put; 1631 goto out_put;
1539 1632
1540 err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 0); 1633 err = sock->ops->getname(sock, (struct sockaddr *)&address, &len, 0);
1541 if (err) 1634 if (err)
1542 goto out_put; 1635 goto out_put;
1543 err = move_addr_to_user(address, len, usockaddr, usockaddr_len); 1636 err = move_addr_to_user((struct sockaddr *)&address, len, usockaddr, usockaddr_len);
1544 1637
1545out_put: 1638out_put:
1546 fput_light(sock->file, fput_needed); 1639 fput_light(sock->file, fput_needed);
@@ -1557,7 +1650,7 @@ asmlinkage long sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1557 int __user *usockaddr_len) 1650 int __user *usockaddr_len)
1558{ 1651{
1559 struct socket *sock; 1652 struct socket *sock;
1560 char address[MAX_SOCK_ADDR]; 1653 struct sockaddr_storage address;
1561 int len, err, fput_needed; 1654 int len, err, fput_needed;
1562 1655
1563 sock = sockfd_lookup_light(fd, &err, &fput_needed); 1656 sock = sockfd_lookup_light(fd, &err, &fput_needed);
@@ -1569,10 +1662,10 @@ asmlinkage long sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1569 } 1662 }
1570 1663
1571 err = 1664 err =
1572 sock->ops->getname(sock, (struct sockaddr *)address, &len, 1665 sock->ops->getname(sock, (struct sockaddr *)&address, &len,
1573 1); 1666 1);
1574 if (!err) 1667 if (!err)
1575 err = move_addr_to_user(address, len, usockaddr, 1668 err = move_addr_to_user((struct sockaddr *)&address, len, usockaddr,
1576 usockaddr_len); 1669 usockaddr_len);
1577 fput_light(sock->file, fput_needed); 1670 fput_light(sock->file, fput_needed);
1578 } 1671 }
@@ -1590,7 +1683,7 @@ asmlinkage long sys_sendto(int fd, void __user *buff, size_t len,
1590 int addr_len) 1683 int addr_len)
1591{ 1684{
1592 struct socket *sock; 1685 struct socket *sock;
1593 char address[MAX_SOCK_ADDR]; 1686 struct sockaddr_storage address;
1594 int err; 1687 int err;
1595 struct msghdr msg; 1688 struct msghdr msg;
1596 struct iovec iov; 1689 struct iovec iov;
@@ -1609,10 +1702,10 @@ asmlinkage long sys_sendto(int fd, void __user *buff, size_t len,
1609 msg.msg_controllen = 0; 1702 msg.msg_controllen = 0;
1610 msg.msg_namelen = 0; 1703 msg.msg_namelen = 0;
1611 if (addr) { 1704 if (addr) {
1612 err = move_addr_to_kernel(addr, addr_len, address); 1705 err = move_addr_to_kernel(addr, addr_len, (struct sockaddr *)&address);
1613 if (err < 0) 1706 if (err < 0)
1614 goto out_put; 1707 goto out_put;
1615 msg.msg_name = address; 1708 msg.msg_name = (struct sockaddr *)&address;
1616 msg.msg_namelen = addr_len; 1709 msg.msg_namelen = addr_len;
1617 } 1710 }
1618 if (sock->file->f_flags & O_NONBLOCK) 1711 if (sock->file->f_flags & O_NONBLOCK)
@@ -1648,7 +1741,7 @@ asmlinkage long sys_recvfrom(int fd, void __user *ubuf, size_t size,
1648 struct socket *sock; 1741 struct socket *sock;
1649 struct iovec iov; 1742 struct iovec iov;
1650 struct msghdr msg; 1743 struct msghdr msg;
1651 char address[MAX_SOCK_ADDR]; 1744 struct sockaddr_storage address;
1652 int err, err2; 1745 int err, err2;
1653 int fput_needed; 1746 int fput_needed;
1654 1747
@@ -1662,14 +1755,15 @@ asmlinkage long sys_recvfrom(int fd, void __user *ubuf, size_t size,
1662 msg.msg_iov = &iov; 1755 msg.msg_iov = &iov;
1663 iov.iov_len = size; 1756 iov.iov_len = size;
1664 iov.iov_base = ubuf; 1757 iov.iov_base = ubuf;
1665 msg.msg_name = address; 1758 msg.msg_name = (struct sockaddr *)&address;
1666 msg.msg_namelen = MAX_SOCK_ADDR; 1759 msg.msg_namelen = sizeof(address);
1667 if (sock->file->f_flags & O_NONBLOCK) 1760 if (sock->file->f_flags & O_NONBLOCK)
1668 flags |= MSG_DONTWAIT; 1761 flags |= MSG_DONTWAIT;
1669 err = sock_recvmsg(sock, &msg, size, flags); 1762 err = sock_recvmsg(sock, &msg, size, flags);
1670 1763
1671 if (err >= 0 && addr != NULL) { 1764 if (err >= 0 && addr != NULL) {
1672 err2 = move_addr_to_user(address, msg.msg_namelen, addr, addr_len); 1765 err2 = move_addr_to_user((struct sockaddr *)&address,
1766 msg.msg_namelen, addr, addr_len);
1673 if (err2 < 0) 1767 if (err2 < 0)
1674 err = err2; 1768 err = err2;
1675 } 1769 }
@@ -1789,7 +1883,7 @@ asmlinkage long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
1789 struct compat_msghdr __user *msg_compat = 1883 struct compat_msghdr __user *msg_compat =
1790 (struct compat_msghdr __user *)msg; 1884 (struct compat_msghdr __user *)msg;
1791 struct socket *sock; 1885 struct socket *sock;
1792 char address[MAX_SOCK_ADDR]; 1886 struct sockaddr_storage address;
1793 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1887 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1794 unsigned char ctl[sizeof(struct cmsghdr) + 20] 1888 unsigned char ctl[sizeof(struct cmsghdr) + 20]
1795 __attribute__ ((aligned(sizeof(__kernel_size_t)))); 1889 __attribute__ ((aligned(sizeof(__kernel_size_t))));
@@ -1827,9 +1921,13 @@ asmlinkage long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
1827 1921
1828 /* This will also move the address data into kernel space */ 1922 /* This will also move the address data into kernel space */
1829 if (MSG_CMSG_COMPAT & flags) { 1923 if (MSG_CMSG_COMPAT & flags) {
1830 err = verify_compat_iovec(&msg_sys, iov, address, VERIFY_READ); 1924 err = verify_compat_iovec(&msg_sys, iov,
1925 (struct sockaddr *)&address,
1926 VERIFY_READ);
1831 } else 1927 } else
1832 err = verify_iovec(&msg_sys, iov, address, VERIFY_READ); 1928 err = verify_iovec(&msg_sys, iov,
1929 (struct sockaddr *)&address,
1930 VERIFY_READ);
1833 if (err < 0) 1931 if (err < 0)
1834 goto out_freeiov; 1932 goto out_freeiov;
1835 total_len = err; 1933 total_len = err;
@@ -1900,7 +1998,7 @@ asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg,
1900 int fput_needed; 1998 int fput_needed;
1901 1999
1902 /* kernel mode address */ 2000 /* kernel mode address */
1903 char addr[MAX_SOCK_ADDR]; 2001 struct sockaddr_storage addr;
1904 2002
1905 /* user mode address pointers */ 2003 /* user mode address pointers */
1906 struct sockaddr __user *uaddr; 2004 struct sockaddr __user *uaddr;
@@ -1938,9 +2036,13 @@ asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg,
1938 uaddr = (__force void __user *)msg_sys.msg_name; 2036 uaddr = (__force void __user *)msg_sys.msg_name;
1939 uaddr_len = COMPAT_NAMELEN(msg); 2037 uaddr_len = COMPAT_NAMELEN(msg);
1940 if (MSG_CMSG_COMPAT & flags) { 2038 if (MSG_CMSG_COMPAT & flags) {
1941 err = verify_compat_iovec(&msg_sys, iov, addr, VERIFY_WRITE); 2039 err = verify_compat_iovec(&msg_sys, iov,
2040 (struct sockaddr *)&addr,
2041 VERIFY_WRITE);
1942 } else 2042 } else
1943 err = verify_iovec(&msg_sys, iov, addr, VERIFY_WRITE); 2043 err = verify_iovec(&msg_sys, iov,
2044 (struct sockaddr *)&addr,
2045 VERIFY_WRITE);
1944 if (err < 0) 2046 if (err < 0)
1945 goto out_freeiov; 2047 goto out_freeiov;
1946 total_len = err; 2048 total_len = err;
@@ -1956,7 +2058,8 @@ asmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg,
1956 len = err; 2058 len = err;
1957 2059
1958 if (uaddr != NULL) { 2060 if (uaddr != NULL) {
1959 err = move_addr_to_user(addr, msg_sys.msg_namelen, uaddr, 2061 err = move_addr_to_user((struct sockaddr *)&addr,
2062 msg_sys.msg_namelen, uaddr,
1960 uaddr_len); 2063 uaddr_len);
1961 if (err < 0) 2064 if (err < 0)
1962 goto out_freeiov; 2065 goto out_freeiov;
@@ -1988,10 +2091,11 @@ out:
1988 2091
1989/* Argument list sizes for sys_socketcall */ 2092/* Argument list sizes for sys_socketcall */
1990#define AL(x) ((x) * sizeof(unsigned long)) 2093#define AL(x) ((x) * sizeof(unsigned long))
1991static const unsigned char nargs[18]={ 2094static const unsigned char nargs[19]={
1992 AL(0),AL(3),AL(3),AL(3),AL(2),AL(3), 2095 AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
1993 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6), 2096 AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
1994 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3) 2097 AL(6),AL(2),AL(5),AL(5),AL(3),AL(3),
2098 AL(6)
1995}; 2099};
1996 2100
1997#undef AL 2101#undef AL
@@ -2010,7 +2114,7 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2010 unsigned long a0, a1; 2114 unsigned long a0, a1;
2011 int err; 2115 int err;
2012 2116
2013 if (call < 1 || call > SYS_RECVMSG) 2117 if (call < 1 || call > SYS_PACCEPT)
2014 return -EINVAL; 2118 return -EINVAL;
2015 2119
2016 /* copy_from_user should be SMP safe. */ 2120 /* copy_from_user should be SMP safe. */
@@ -2039,8 +2143,8 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2039 break; 2143 break;
2040 case SYS_ACCEPT: 2144 case SYS_ACCEPT:
2041 err = 2145 err =
2042 sys_accept(a0, (struct sockaddr __user *)a1, 2146 do_accept(a0, (struct sockaddr __user *)a1,
2043 (int __user *)a[2]); 2147 (int __user *)a[2], 0);
2044 break; 2148 break;
2045 case SYS_GETSOCKNAME: 2149 case SYS_GETSOCKNAME:
2046 err = 2150 err =
@@ -2087,6 +2191,13 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
2087 case SYS_RECVMSG: 2191 case SYS_RECVMSG:
2088 err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]); 2192 err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]);
2089 break; 2193 break;
2194 case SYS_PACCEPT:
2195 err =
2196 sys_paccept(a0, (struct sockaddr __user *)a1,
2197 (int __user *)a[2],
2198 (const sigset_t __user *) a[3],
2199 a[4], a[5]);
2200 break;
2090 default: 2201 default:
2091 err = -EINVAL; 2202 err = -EINVAL;
2092 break; 2203 break;
@@ -2210,10 +2321,19 @@ static long compat_sock_ioctl(struct file *file, unsigned cmd,
2210{ 2321{
2211 struct socket *sock = file->private_data; 2322 struct socket *sock = file->private_data;
2212 int ret = -ENOIOCTLCMD; 2323 int ret = -ENOIOCTLCMD;
2324 struct sock *sk;
2325 struct net *net;
2326
2327 sk = sock->sk;
2328 net = sock_net(sk);
2213 2329
2214 if (sock->ops->compat_ioctl) 2330 if (sock->ops->compat_ioctl)
2215 ret = sock->ops->compat_ioctl(sock, cmd, arg); 2331 ret = sock->ops->compat_ioctl(sock, cmd, arg);
2216 2332
2333 if (ret == -ENOIOCTLCMD &&
2334 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
2335 ret = compat_wext_handle_ioctl(net, cmd, arg);
2336
2217 return ret; 2337 return ret;
2218} 2338}
2219#endif 2339#endif
diff --git a/net/sunrpc/auth_gss/Makefile b/net/sunrpc/auth_gss/Makefile
index f3431a7e33da..4de8bcf26fa7 100644
--- a/net/sunrpc/auth_gss/Makefile
+++ b/net/sunrpc/auth_gss/Makefile
@@ -5,12 +5,12 @@
5obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o 5obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o
6 6
7auth_rpcgss-objs := auth_gss.o gss_generic_token.o \ 7auth_rpcgss-objs := auth_gss.o gss_generic_token.o \
8 gss_mech_switch.o svcauth_gss.o gss_krb5_crypto.o 8 gss_mech_switch.o svcauth_gss.o
9 9
10obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o 10obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o
11 11
12rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \ 12rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \
13 gss_krb5_seqnum.o gss_krb5_wrap.o 13 gss_krb5_seqnum.o gss_krb5_wrap.o gss_krb5_crypto.o
14 14
15obj-$(CONFIG_RPCSEC_GSS_SPKM3) += rpcsec_gss_spkm3.o 15obj-$(CONFIG_RPCSEC_GSS_SPKM3) += rpcsec_gss_spkm3.o
16 16
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index cc12d5f5d5da..853a4142cea1 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -33,8 +33,6 @@
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 *
37 * $Id$
38 */ 36 */
39 37
40 38
@@ -63,22 +61,11 @@ static const struct rpc_credops gss_nullops;
63# define RPCDBG_FACILITY RPCDBG_AUTH 61# define RPCDBG_FACILITY RPCDBG_AUTH
64#endif 62#endif
65 63
66#define NFS_NGROUPS 16 64#define GSS_CRED_SLACK 1024
67
68#define GSS_CRED_SLACK 1024 /* XXX: unused */
69/* length of a krb5 verifier (48), plus data added before arguments when 65/* length of a krb5 verifier (48), plus data added before arguments when
70 * using integrity (two 4-byte integers): */ 66 * using integrity (two 4-byte integers): */
71#define GSS_VERF_SLACK 100 67#define GSS_VERF_SLACK 100
72 68
73/* XXX this define must match the gssd define
74* as it is passed to gssd to signal the use of
75* machine creds should be part of the shared rpc interface */
76
77#define CA_RUN_AS_MACHINE 0x00000200
78
79/* dump the buffer in `emacs-hexl' style */
80#define isprint(c) ((c > 0x1f) && (c < 0x7f))
81
82struct gss_auth { 69struct gss_auth {
83 struct kref kref; 70 struct kref kref;
84 struct rpc_auth rpc_auth; 71 struct rpc_auth rpc_auth;
@@ -146,7 +133,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
146 q = (const void *)((const char *)p + len); 133 q = (const void *)((const char *)p + len);
147 if (unlikely(q > end || q < p)) 134 if (unlikely(q > end || q < p))
148 return ERR_PTR(-EFAULT); 135 return ERR_PTR(-EFAULT);
149 dest->data = kmemdup(p, len, GFP_KERNEL); 136 dest->data = kmemdup(p, len, GFP_NOFS);
150 if (unlikely(dest->data == NULL)) 137 if (unlikely(dest->data == NULL))
151 return ERR_PTR(-ENOMEM); 138 return ERR_PTR(-ENOMEM);
152 dest->len = len; 139 dest->len = len;
@@ -171,7 +158,7 @@ gss_alloc_context(void)
171{ 158{
172 struct gss_cl_ctx *ctx; 159 struct gss_cl_ctx *ctx;
173 160
174 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 161 ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
175 if (ctx != NULL) { 162 if (ctx != NULL) {
176 ctx->gc_proc = RPC_GSS_PROC_DATA; 163 ctx->gc_proc = RPC_GSS_PROC_DATA;
177 ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ 164 ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */
@@ -272,7 +259,7 @@ __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
272 return NULL; 259 return NULL;
273} 260}
274 261
275/* Try to add a upcall to the pipefs queue. 262/* Try to add an upcall to the pipefs queue.
276 * If an upcall owned by our uid already exists, then we return a reference 263 * If an upcall owned by our uid already exists, then we return a reference
277 * to that upcall instead of adding the new upcall. 264 * to that upcall instead of adding the new upcall.
278 */ 265 */
@@ -341,7 +328,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
341{ 328{
342 struct gss_upcall_msg *gss_msg; 329 struct gss_upcall_msg *gss_msg;
343 330
344 gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL); 331 gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
345 if (gss_msg != NULL) { 332 if (gss_msg != NULL) {
346 INIT_LIST_HEAD(&gss_msg->list); 333 INIT_LIST_HEAD(&gss_msg->list);
347 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); 334 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
@@ -493,7 +480,6 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
493{ 480{
494 const void *p, *end; 481 const void *p, *end;
495 void *buf; 482 void *buf;
496 struct rpc_clnt *clnt;
497 struct gss_upcall_msg *gss_msg; 483 struct gss_upcall_msg *gss_msg;
498 struct inode *inode = filp->f_path.dentry->d_inode; 484 struct inode *inode = filp->f_path.dentry->d_inode;
499 struct gss_cl_ctx *ctx; 485 struct gss_cl_ctx *ctx;
@@ -503,11 +489,10 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
503 if (mlen > MSG_BUF_MAXSIZE) 489 if (mlen > MSG_BUF_MAXSIZE)
504 goto out; 490 goto out;
505 err = -ENOMEM; 491 err = -ENOMEM;
506 buf = kmalloc(mlen, GFP_KERNEL); 492 buf = kmalloc(mlen, GFP_NOFS);
507 if (!buf) 493 if (!buf)
508 goto out; 494 goto out;
509 495
510 clnt = RPC_I(inode)->private;
511 err = -EFAULT; 496 err = -EFAULT;
512 if (copy_from_user(buf, src, mlen)) 497 if (copy_from_user(buf, src, mlen))
513 goto err; 498 goto err;
@@ -806,7 +791,7 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
806 dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", 791 dprintk("RPC: gss_create_cred for uid %d, flavor %d\n",
807 acred->uid, auth->au_flavor); 792 acred->uid, auth->au_flavor);
808 793
809 if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL))) 794 if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
810 goto out_err; 795 goto out_err;
811 796
812 rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops); 797 rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index 1d52308ca324..c93fca204558 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -83,8 +83,6 @@ out:
83 return ret; 83 return ret;
84} 84}
85 85
86EXPORT_SYMBOL(krb5_encrypt);
87
88u32 86u32
89krb5_decrypt( 87krb5_decrypt(
90 struct crypto_blkcipher *tfm, 88 struct crypto_blkcipher *tfm,
@@ -118,8 +116,6 @@ out:
118 return ret; 116 return ret;
119} 117}
120 118
121EXPORT_SYMBOL(krb5_decrypt);
122
123static int 119static int
124checksummer(struct scatterlist *sg, void *data) 120checksummer(struct scatterlist *sg, void *data)
125{ 121{
@@ -161,8 +157,6 @@ out:
161 return err ? GSS_S_FAILURE : 0; 157 return err ? GSS_S_FAILURE : 0;
162} 158}
163 159
164EXPORT_SYMBOL(make_checksum);
165
166struct encryptor_desc { 160struct encryptor_desc {
167 u8 iv[8]; /* XXX hard-coded blocksize */ 161 u8 iv[8]; /* XXX hard-coded blocksize */
168 struct blkcipher_desc desc; 162 struct blkcipher_desc desc;
@@ -262,8 +256,6 @@ gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *buf,
262 return ret; 256 return ret;
263} 257}
264 258
265EXPORT_SYMBOL(gss_encrypt_xdr_buf);
266
267struct decryptor_desc { 259struct decryptor_desc {
268 u8 iv[8]; /* XXX hard-coded blocksize */ 260 u8 iv[8]; /* XXX hard-coded blocksize */
269 struct blkcipher_desc desc; 261 struct blkcipher_desc desc;
@@ -334,5 +326,3 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *buf,
334 326
335 return xdr_process_buf(buf, offset, buf->len - offset, decryptor, &desc); 327 return xdr_process_buf(buf, offset, buf->len - offset, decryptor, &desc);
336} 328}
337
338EXPORT_SYMBOL(gss_decrypt_xdr_buf);
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 60c3dba545d7..ef45eba22485 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -70,7 +70,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res)
70 q = (const void *)((const char *)p + len); 70 q = (const void *)((const char *)p + len);
71 if (unlikely(q > end || q < p)) 71 if (unlikely(q > end || q < p))
72 return ERR_PTR(-EFAULT); 72 return ERR_PTR(-EFAULT);
73 res->data = kmemdup(p, len, GFP_KERNEL); 73 res->data = kmemdup(p, len, GFP_NOFS);
74 if (unlikely(res->data == NULL)) 74 if (unlikely(res->data == NULL))
75 return ERR_PTR(-ENOMEM); 75 return ERR_PTR(-ENOMEM);
76 res->len = len; 76 res->len = len;
@@ -131,7 +131,7 @@ gss_import_sec_context_kerberos(const void *p,
131 struct krb5_ctx *ctx; 131 struct krb5_ctx *ctx;
132 int tmp; 132 int tmp;
133 133
134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) 134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS)))
135 goto out_err; 135 goto out_err;
136 136
137 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); 137 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 5f1d36dfbcf7..b8f42ef7178e 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -78,7 +78,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
78 struct krb5_ctx *ctx = gss_ctx->internal_ctx_id; 78 struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
79 char cksumdata[16]; 79 char cksumdata[16];
80 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; 80 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
81 unsigned char *ptr, *krb5_hdr, *msg_start; 81 unsigned char *ptr, *msg_start;
82 s32 now; 82 s32 now;
83 u32 seq_send; 83 u32 seq_send;
84 84
@@ -87,36 +87,36 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
87 87
88 now = get_seconds(); 88 now = get_seconds();
89 89
90 token->len = g_token_size(&ctx->mech_used, 24); 90 token->len = g_token_size(&ctx->mech_used, GSS_KRB5_TOK_HDR_LEN + 8);
91 91
92 ptr = token->data; 92 ptr = token->data;
93 g_make_token_header(&ctx->mech_used, 24, &ptr); 93 g_make_token_header(&ctx->mech_used, GSS_KRB5_TOK_HDR_LEN + 8, &ptr);
94 94
95 *ptr++ = (unsigned char) ((KG_TOK_MIC_MSG>>8)&0xff); 95 /* ptr now at header described in rfc 1964, section 1.2.1: */
96 *ptr++ = (unsigned char) (KG_TOK_MIC_MSG&0xff); 96 ptr[0] = (unsigned char) ((KG_TOK_MIC_MSG >> 8) & 0xff);
97 ptr[1] = (unsigned char) (KG_TOK_MIC_MSG & 0xff);
97 98
98 /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ 99 msg_start = ptr + GSS_KRB5_TOK_HDR_LEN + 8;
99 krb5_hdr = ptr - 2;
100 msg_start = krb5_hdr + 24;
101 100
102 *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5); 101 *(__be16 *)(ptr + 2) = htons(SGN_ALG_DES_MAC_MD5);
103 memset(krb5_hdr + 4, 0xff, 4); 102 memset(ptr + 4, 0xff, 4);
104 103
105 if (make_checksum("md5", krb5_hdr, 8, text, 0, &md5cksum)) 104 if (make_checksum("md5", ptr, 8, text, 0, &md5cksum))
106 return GSS_S_FAILURE; 105 return GSS_S_FAILURE;
107 106
108 if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, 107 if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
109 md5cksum.data, md5cksum.len)) 108 md5cksum.data, md5cksum.len))
110 return GSS_S_FAILURE; 109 return GSS_S_FAILURE;
111 110
112 memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - 8, 8); 111 memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data + md5cksum.len - 8, 8);
113 112
114 spin_lock(&krb5_seq_lock); 113 spin_lock(&krb5_seq_lock);
115 seq_send = ctx->seq_send++; 114 seq_send = ctx->seq_send++;
116 spin_unlock(&krb5_seq_lock); 115 spin_unlock(&krb5_seq_lock);
117 116
118 if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, 117 if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
119 seq_send, krb5_hdr + 16, krb5_hdr + 8)) 118 seq_send, ptr + GSS_KRB5_TOK_HDR_LEN,
119 ptr + 8))
120 return GSS_S_FAILURE; 120 return GSS_S_FAILURE;
121 121
122 return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; 122 return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index d91a5d004803..066ec73c84d6 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -92,30 +92,30 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
92 read_token->len)) 92 read_token->len))
93 return GSS_S_DEFECTIVE_TOKEN; 93 return GSS_S_DEFECTIVE_TOKEN;
94 94
95 if ((*ptr++ != ((KG_TOK_MIC_MSG>>8)&0xff)) || 95 if ((ptr[0] != ((KG_TOK_MIC_MSG >> 8) & 0xff)) ||
96 (*ptr++ != ( KG_TOK_MIC_MSG &0xff)) ) 96 (ptr[1] != (KG_TOK_MIC_MSG & 0xff)))
97 return GSS_S_DEFECTIVE_TOKEN; 97 return GSS_S_DEFECTIVE_TOKEN;
98 98
99 /* XXX sanity-check bodysize?? */ 99 /* XXX sanity-check bodysize?? */
100 100
101 signalg = ptr[0] + (ptr[1] << 8); 101 signalg = ptr[2] + (ptr[3] << 8);
102 if (signalg != SGN_ALG_DES_MAC_MD5) 102 if (signalg != SGN_ALG_DES_MAC_MD5)
103 return GSS_S_DEFECTIVE_TOKEN; 103 return GSS_S_DEFECTIVE_TOKEN;
104 104
105 sealalg = ptr[2] + (ptr[3] << 8); 105 sealalg = ptr[4] + (ptr[5] << 8);
106 if (sealalg != SEAL_ALG_NONE) 106 if (sealalg != SEAL_ALG_NONE)
107 return GSS_S_DEFECTIVE_TOKEN; 107 return GSS_S_DEFECTIVE_TOKEN;
108 108
109 if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) 109 if ((ptr[6] != 0xff) || (ptr[7] != 0xff))
110 return GSS_S_DEFECTIVE_TOKEN; 110 return GSS_S_DEFECTIVE_TOKEN;
111 111
112 if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum)) 112 if (make_checksum("md5", ptr, 8, message_buffer, 0, &md5cksum))
113 return GSS_S_FAILURE; 113 return GSS_S_FAILURE;
114 114
115 if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16)) 115 if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16))
116 return GSS_S_FAILURE; 116 return GSS_S_FAILURE;
117 117
118 if (memcmp(md5cksum.data + 8, ptr + 14, 8)) 118 if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, 8))
119 return GSS_S_BAD_SIG; 119 return GSS_S_BAD_SIG;
120 120
121 /* it got through unscathed. Make sure the context is unexpired */ 121 /* it got through unscathed. Make sure the context is unexpired */
@@ -127,7 +127,7 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
127 127
128 /* do sequencing checks */ 128 /* do sequencing checks */
129 129
130 if (krb5_get_seq_num(ctx->seq, ptr + 14, ptr + 6, &direction, &seqnum)) 130 if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))
131 return GSS_S_FAILURE; 131 return GSS_S_FAILURE;
132 132
133 if ((ctx->initiate && direction != 0xff) || 133 if ((ctx->initiate && direction != 0xff) ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index b00b1b426301..ae8e69b59c4c 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -87,8 +87,8 @@ out:
87 return 0; 87 return 0;
88} 88}
89 89
90static inline void 90static void
91make_confounder(char *p, int blocksize) 91make_confounder(char *p, u32 conflen)
92{ 92{
93 static u64 i = 0; 93 static u64 i = 0;
94 u64 *q = (u64 *)p; 94 u64 *q = (u64 *)p;
@@ -102,8 +102,22 @@ make_confounder(char *p, int blocksize)
102 * uniqueness would mean worrying about atomicity and rollover, and I 102 * uniqueness would mean worrying about atomicity and rollover, and I
103 * don't care enough. */ 103 * don't care enough. */
104 104
105 BUG_ON(blocksize != 8); 105 /* initialize to random value */
106 *q = i++; 106 if (i == 0) {
107 i = random32();
108 i = (i << 32) | random32();
109 }
110
111 switch (conflen) {
112 case 16:
113 *q++ = i++;
114 /* fall through */
115 case 8:
116 *q++ = i++;
117 break;
118 default:
119 BUG();
120 }
107} 121}
108 122
109/* Assumptions: the head and tail of inbuf are ours to play with. 123/* Assumptions: the head and tail of inbuf are ours to play with.
@@ -122,7 +136,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
122 char cksumdata[16]; 136 char cksumdata[16];
123 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; 137 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
124 int blocksize = 0, plainlen; 138 int blocksize = 0, plainlen;
125 unsigned char *ptr, *krb5_hdr, *msg_start; 139 unsigned char *ptr, *msg_start;
126 s32 now; 140 s32 now;
127 int headlen; 141 int headlen;
128 struct page **tmp_pages; 142 struct page **tmp_pages;
@@ -149,26 +163,26 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
149 buf->len += headlen; 163 buf->len += headlen;
150 BUG_ON((buf->len - offset - headlen) % blocksize); 164 BUG_ON((buf->len - offset - headlen) % blocksize);
151 165
152 g_make_token_header(&kctx->mech_used, 24 + plainlen, &ptr); 166 g_make_token_header(&kctx->mech_used,
167 GSS_KRB5_TOK_HDR_LEN + 8 + plainlen, &ptr);
153 168
154 169
155 *ptr++ = (unsigned char) ((KG_TOK_WRAP_MSG>>8)&0xff); 170 /* ptr now at header described in rfc 1964, section 1.2.1: */
156 *ptr++ = (unsigned char) (KG_TOK_WRAP_MSG&0xff); 171 ptr[0] = (unsigned char) ((KG_TOK_WRAP_MSG >> 8) & 0xff);
172 ptr[1] = (unsigned char) (KG_TOK_WRAP_MSG & 0xff);
157 173
158 /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ 174 msg_start = ptr + 24;
159 krb5_hdr = ptr - 2;
160 msg_start = krb5_hdr + 24;
161 175
162 *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5); 176 *(__be16 *)(ptr + 2) = htons(SGN_ALG_DES_MAC_MD5);
163 memset(krb5_hdr + 4, 0xff, 4); 177 memset(ptr + 4, 0xff, 4);
164 *(__be16 *)(krb5_hdr + 4) = htons(SEAL_ALG_DES); 178 *(__be16 *)(ptr + 4) = htons(SEAL_ALG_DES);
165 179
166 make_confounder(msg_start, blocksize); 180 make_confounder(msg_start, blocksize);
167 181
168 /* XXXJBF: UGH!: */ 182 /* XXXJBF: UGH!: */
169 tmp_pages = buf->pages; 183 tmp_pages = buf->pages;
170 buf->pages = pages; 184 buf->pages = pages;
171 if (make_checksum("md5", krb5_hdr, 8, buf, 185 if (make_checksum("md5", ptr, 8, buf,
172 offset + headlen - blocksize, &md5cksum)) 186 offset + headlen - blocksize, &md5cksum))
173 return GSS_S_FAILURE; 187 return GSS_S_FAILURE;
174 buf->pages = tmp_pages; 188 buf->pages = tmp_pages;
@@ -176,7 +190,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
176 if (krb5_encrypt(kctx->seq, NULL, md5cksum.data, 190 if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
177 md5cksum.data, md5cksum.len)) 191 md5cksum.data, md5cksum.len))
178 return GSS_S_FAILURE; 192 return GSS_S_FAILURE;
179 memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - 8, 8); 193 memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data + md5cksum.len - 8, 8);
180 194
181 spin_lock(&krb5_seq_lock); 195 spin_lock(&krb5_seq_lock);
182 seq_send = kctx->seq_send++; 196 seq_send = kctx->seq_send++;
@@ -185,7 +199,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
185 /* XXX would probably be more efficient to compute checksum 199 /* XXX would probably be more efficient to compute checksum
186 * and encrypt at the same time: */ 200 * and encrypt at the same time: */
187 if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, 201 if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
188 seq_send, krb5_hdr + 16, krb5_hdr + 8))) 202 seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))
189 return GSS_S_FAILURE; 203 return GSS_S_FAILURE;
190 204
191 if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - blocksize, 205 if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - blocksize,
@@ -219,38 +233,38 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
219 buf->len - offset)) 233 buf->len - offset))
220 return GSS_S_DEFECTIVE_TOKEN; 234 return GSS_S_DEFECTIVE_TOKEN;
221 235
222 if ((*ptr++ != ((KG_TOK_WRAP_MSG>>8)&0xff)) || 236 if ((ptr[0] != ((KG_TOK_WRAP_MSG >> 8) & 0xff)) ||
223 (*ptr++ != (KG_TOK_WRAP_MSG &0xff)) ) 237 (ptr[1] != (KG_TOK_WRAP_MSG & 0xff)))
224 return GSS_S_DEFECTIVE_TOKEN; 238 return GSS_S_DEFECTIVE_TOKEN;
225 239
226 /* XXX sanity-check bodysize?? */ 240 /* XXX sanity-check bodysize?? */
227 241
228 /* get the sign and seal algorithms */ 242 /* get the sign and seal algorithms */
229 243
230 signalg = ptr[0] + (ptr[1] << 8); 244 signalg = ptr[2] + (ptr[3] << 8);
231 if (signalg != SGN_ALG_DES_MAC_MD5) 245 if (signalg != SGN_ALG_DES_MAC_MD5)
232 return GSS_S_DEFECTIVE_TOKEN; 246 return GSS_S_DEFECTIVE_TOKEN;
233 247
234 sealalg = ptr[2] + (ptr[3] << 8); 248 sealalg = ptr[4] + (ptr[5] << 8);
235 if (sealalg != SEAL_ALG_DES) 249 if (sealalg != SEAL_ALG_DES)
236 return GSS_S_DEFECTIVE_TOKEN; 250 return GSS_S_DEFECTIVE_TOKEN;
237 251
238 if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) 252 if ((ptr[6] != 0xff) || (ptr[7] != 0xff))
239 return GSS_S_DEFECTIVE_TOKEN; 253 return GSS_S_DEFECTIVE_TOKEN;
240 254
241 if (gss_decrypt_xdr_buf(kctx->enc, buf, 255 if (gss_decrypt_xdr_buf(kctx->enc, buf,
242 ptr + 22 - (unsigned char *)buf->head[0].iov_base)) 256 ptr + GSS_KRB5_TOK_HDR_LEN + 8 - (unsigned char *)buf->head[0].iov_base))
243 return GSS_S_DEFECTIVE_TOKEN; 257 return GSS_S_DEFECTIVE_TOKEN;
244 258
245 if (make_checksum("md5", ptr - 2, 8, buf, 259 if (make_checksum("md5", ptr, 8, buf,
246 ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum)) 260 ptr + GSS_KRB5_TOK_HDR_LEN + 8 - (unsigned char *)buf->head[0].iov_base, &md5cksum))
247 return GSS_S_FAILURE; 261 return GSS_S_FAILURE;
248 262
249 if (krb5_encrypt(kctx->seq, NULL, md5cksum.data, 263 if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
250 md5cksum.data, md5cksum.len)) 264 md5cksum.data, md5cksum.len))
251 return GSS_S_FAILURE; 265 return GSS_S_FAILURE;
252 266
253 if (memcmp(md5cksum.data + 8, ptr + 14, 8)) 267 if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, 8))
254 return GSS_S_BAD_SIG; 268 return GSS_S_BAD_SIG;
255 269
256 /* it got through unscathed. Make sure the context is unexpired */ 270 /* it got through unscathed. Make sure the context is unexpired */
@@ -262,8 +276,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
262 276
263 /* do sequencing checks */ 277 /* do sequencing checks */
264 278
265 if (krb5_get_seq_num(kctx->seq, ptr + 14, ptr + 6, &direction, 279 if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
266 &seqnum)) 280 &direction, &seqnum))
267 return GSS_S_BAD_SIG; 281 return GSS_S_BAD_SIG;
268 282
269 if ((kctx->initiate && direction != 0xff) || 283 if ((kctx->initiate && direction != 0xff) ||
@@ -274,7 +288,7 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
274 * better to copy and encrypt at the same time. */ 288 * better to copy and encrypt at the same time. */
275 289
276 blocksize = crypto_blkcipher_blocksize(kctx->enc); 290 blocksize = crypto_blkcipher_blocksize(kctx->enc);
277 data_start = ptr + 22 + blocksize; 291 data_start = ptr + GSS_KRB5_TOK_HDR_LEN + 8 + blocksize;
278 orig_start = buf->head[0].iov_base + offset; 292 orig_start = buf->head[0].iov_base + offset;
279 data_len = (buf->head[0].iov_base + buf->head[0].iov_len) - data_start; 293 data_len = (buf->head[0].iov_base + buf->head[0].iov_len) - data_start;
280 memmove(orig_start, data_start, data_len); 294 memmove(orig_start, data_start, data_len);
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 5deb4b6e4514..035e1dd6af1b 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -76,7 +76,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res)
76 q = (const void *)((const char *)p + len); 76 q = (const void *)((const char *)p + len);
77 if (unlikely(q > end || q < p)) 77 if (unlikely(q > end || q < p))
78 return ERR_PTR(-EFAULT); 78 return ERR_PTR(-EFAULT);
79 res->data = kmemdup(p, len, GFP_KERNEL); 79 res->data = kmemdup(p, len, GFP_NOFS);
80 if (unlikely(res->data == NULL)) 80 if (unlikely(res->data == NULL))
81 return ERR_PTR(-ENOMEM); 81 return ERR_PTR(-ENOMEM);
82 return q; 82 return q;
@@ -90,7 +90,7 @@ gss_import_sec_context_spkm3(const void *p, size_t len,
90 struct spkm3_ctx *ctx; 90 struct spkm3_ctx *ctx;
91 int version; 91 int version;
92 92
93 if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) 93 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS)))
94 goto out_err; 94 goto out_err;
95 95
96 p = simple_get_bytes(p, end, &version, sizeof(version)); 96 p = simple_get_bytes(p, end, &version, sizeof(version));
diff --git a/net/sunrpc/auth_gss/gss_spkm3_token.c b/net/sunrpc/auth_gss/gss_spkm3_token.c
index 6cdd241ad267..3308157436d2 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_token.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_token.c
@@ -90,7 +90,7 @@ asn1_bitstring_len(struct xdr_netobj *in, int *enclen, int *zerobits)
90int 90int
91decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen) 91decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen)
92{ 92{
93 if (!(out->data = kzalloc(explen,GFP_KERNEL))) 93 if (!(out->data = kzalloc(explen,GFP_NOFS)))
94 return 0; 94 return 0;
95 out->len = explen; 95 out->len = explen;
96 memcpy(out->data, in, enclen); 96 memcpy(out->data, in, enclen);
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 5905d56737d6..81ae3d62a0cc 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1144,20 +1144,20 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1144 case RPC_GSS_SVC_NONE: 1144 case RPC_GSS_SVC_NONE:
1145 break; 1145 break;
1146 case RPC_GSS_SVC_INTEGRITY: 1146 case RPC_GSS_SVC_INTEGRITY:
1147 /* placeholders for length and seq. number: */
1148 svc_putnl(resv, 0);
1149 svc_putnl(resv, 0);
1147 if (unwrap_integ_data(&rqstp->rq_arg, 1150 if (unwrap_integ_data(&rqstp->rq_arg,
1148 gc->gc_seq, rsci->mechctx)) 1151 gc->gc_seq, rsci->mechctx))
1149 goto garbage_args; 1152 goto garbage_args;
1153 break;
1154 case RPC_GSS_SVC_PRIVACY:
1150 /* placeholders for length and seq. number: */ 1155 /* placeholders for length and seq. number: */
1151 svc_putnl(resv, 0); 1156 svc_putnl(resv, 0);
1152 svc_putnl(resv, 0); 1157 svc_putnl(resv, 0);
1153 break;
1154 case RPC_GSS_SVC_PRIVACY:
1155 if (unwrap_priv_data(rqstp, &rqstp->rq_arg, 1158 if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
1156 gc->gc_seq, rsci->mechctx)) 1159 gc->gc_seq, rsci->mechctx))
1157 goto garbage_args; 1160 goto garbage_args;
1158 /* placeholders for length and seq. number: */
1159 svc_putnl(resv, 0);
1160 svc_putnl(resv, 0);
1161 break; 1161 break;
1162 default: 1162 default:
1163 goto auth_err; 1163 goto auth_err;
@@ -1170,8 +1170,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1170 goto out; 1170 goto out;
1171 } 1171 }
1172garbage_args: 1172garbage_args:
1173 /* Restore write pointer to its original value: */
1174 xdr_ressize_check(rqstp, reject_stat);
1175 ret = SVC_GARBAGE; 1173 ret = SVC_GARBAGE;
1176 goto out; 1174 goto out;
1177auth_err: 1175auth_err:
diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c
index 44920b90bdc4..46b2647c5bd2 100644
--- a/net/sunrpc/auth_unix.c
+++ b/net/sunrpc/auth_unix.c
@@ -66,7 +66,7 @@ unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
66 dprintk("RPC: allocating UNIX cred for uid %d gid %d\n", 66 dprintk("RPC: allocating UNIX cred for uid %d gid %d\n",
67 acred->uid, acred->gid); 67 acred->uid, acred->gid);
68 68
69 if (!(cred = kmalloc(sizeof(*cred), GFP_KERNEL))) 69 if (!(cred = kmalloc(sizeof(*cred), GFP_NOFS)))
70 return ERR_PTR(-ENOMEM); 70 return ERR_PTR(-ENOMEM);
71 71
72 rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops); 72 rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 8945307556ec..76739e928d0d 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -25,6 +25,7 @@
25 25
26#include <linux/module.h> 26#include <linux/module.h>
27#include <linux/types.h> 27#include <linux/types.h>
28#include <linux/kallsyms.h>
28#include <linux/mm.h> 29#include <linux/mm.h>
29#include <linux/slab.h> 30#include <linux/slab.h>
30#include <linux/smp_lock.h> 31#include <linux/smp_lock.h>
@@ -58,7 +59,6 @@ static void call_start(struct rpc_task *task);
58static void call_reserve(struct rpc_task *task); 59static void call_reserve(struct rpc_task *task);
59static void call_reserveresult(struct rpc_task *task); 60static void call_reserveresult(struct rpc_task *task);
60static void call_allocate(struct rpc_task *task); 61static void call_allocate(struct rpc_task *task);
61static void call_encode(struct rpc_task *task);
62static void call_decode(struct rpc_task *task); 62static void call_decode(struct rpc_task *task);
63static void call_bind(struct rpc_task *task); 63static void call_bind(struct rpc_task *task);
64static void call_bind_status(struct rpc_task *task); 64static void call_bind_status(struct rpc_task *task);
@@ -70,9 +70,9 @@ static void call_refreshresult(struct rpc_task *task);
70static void call_timeout(struct rpc_task *task); 70static void call_timeout(struct rpc_task *task);
71static void call_connect(struct rpc_task *task); 71static void call_connect(struct rpc_task *task);
72static void call_connect_status(struct rpc_task *task); 72static void call_connect_status(struct rpc_task *task);
73static __be32 * call_header(struct rpc_task *task);
74static __be32 * call_verify(struct rpc_task *task);
75 73
74static __be32 *rpc_encode_header(struct rpc_task *task);
75static __be32 *rpc_verify_header(struct rpc_task *task);
76static int rpc_ping(struct rpc_clnt *clnt, int flags); 76static int rpc_ping(struct rpc_clnt *clnt, int flags);
77 77
78static void rpc_register_client(struct rpc_clnt *clnt) 78static void rpc_register_client(struct rpc_clnt *clnt)
@@ -324,6 +324,8 @@ struct rpc_clnt *rpc_create(struct rpc_create_args *args)
324 clnt->cl_autobind = 1; 324 clnt->cl_autobind = 1;
325 if (args->flags & RPC_CLNT_CREATE_DISCRTRY) 325 if (args->flags & RPC_CLNT_CREATE_DISCRTRY)
326 clnt->cl_discrtry = 1; 326 clnt->cl_discrtry = 1;
327 if (!(args->flags & RPC_CLNT_CREATE_QUIET))
328 clnt->cl_chatty = 1;
327 329
328 return clnt; 330 return clnt;
329} 331}
@@ -690,6 +692,21 @@ rpc_restart_call(struct rpc_task *task)
690} 692}
691EXPORT_SYMBOL_GPL(rpc_restart_call); 693EXPORT_SYMBOL_GPL(rpc_restart_call);
692 694
695#ifdef RPC_DEBUG
696static const char *rpc_proc_name(const struct rpc_task *task)
697{
698 const struct rpc_procinfo *proc = task->tk_msg.rpc_proc;
699
700 if (proc) {
701 if (proc->p_name)
702 return proc->p_name;
703 else
704 return "NULL";
705 } else
706 return "no proc";
707}
708#endif
709
693/* 710/*
694 * 0. Initial state 711 * 0. Initial state
695 * 712 *
@@ -701,9 +718,9 @@ call_start(struct rpc_task *task)
701{ 718{
702 struct rpc_clnt *clnt = task->tk_client; 719 struct rpc_clnt *clnt = task->tk_client;
703 720
704 dprintk("RPC: %5u call_start %s%d proc %d (%s)\n", task->tk_pid, 721 dprintk("RPC: %5u call_start %s%d proc %s (%s)\n", task->tk_pid,
705 clnt->cl_protname, clnt->cl_vers, 722 clnt->cl_protname, clnt->cl_vers,
706 task->tk_msg.rpc_proc->p_proc, 723 rpc_proc_name(task),
707 (RPC_IS_ASYNC(task) ? "async" : "sync")); 724 (RPC_IS_ASYNC(task) ? "async" : "sync"));
708 725
709 /* Increment call count */ 726 /* Increment call count */
@@ -861,7 +878,7 @@ rpc_xdr_buf_init(struct xdr_buf *buf, void *start, size_t len)
861 * 3. Encode arguments of an RPC call 878 * 3. Encode arguments of an RPC call
862 */ 879 */
863static void 880static void
864call_encode(struct rpc_task *task) 881rpc_xdr_encode(struct rpc_task *task)
865{ 882{
866 struct rpc_rqst *req = task->tk_rqstp; 883 struct rpc_rqst *req = task->tk_rqstp;
867 kxdrproc_t encode; 884 kxdrproc_t encode;
@@ -876,23 +893,19 @@ call_encode(struct rpc_task *task)
876 (char *)req->rq_buffer + req->rq_callsize, 893 (char *)req->rq_buffer + req->rq_callsize,
877 req->rq_rcvsize); 894 req->rq_rcvsize);
878 895
879 /* Encode header and provided arguments */ 896 p = rpc_encode_header(task);
880 encode = task->tk_msg.rpc_proc->p_encode; 897 if (p == NULL) {
881 if (!(p = call_header(task))) { 898 printk(KERN_INFO "RPC: couldn't encode RPC header, exit EIO\n");
882 printk(KERN_INFO "RPC: call_header failed, exit EIO\n");
883 rpc_exit(task, -EIO); 899 rpc_exit(task, -EIO);
884 return; 900 return;
885 } 901 }
902
903 encode = task->tk_msg.rpc_proc->p_encode;
886 if (encode == NULL) 904 if (encode == NULL)
887 return; 905 return;
888 906
889 task->tk_status = rpcauth_wrap_req(task, encode, req, p, 907 task->tk_status = rpcauth_wrap_req(task, encode, req, p,
890 task->tk_msg.rpc_argp); 908 task->tk_msg.rpc_argp);
891 if (task->tk_status == -ENOMEM) {
892 /* XXX: Is this sane? */
893 rpc_delay(task, 3*HZ);
894 task->tk_status = -EAGAIN;
895 }
896} 909}
897 910
898/* 911/*
@@ -929,11 +942,9 @@ call_bind_status(struct rpc_task *task)
929 } 942 }
930 943
931 switch (task->tk_status) { 944 switch (task->tk_status) {
932 case -EAGAIN: 945 case -ENOMEM:
933 dprintk("RPC: %5u rpcbind waiting for another request " 946 dprintk("RPC: %5u rpcbind out of memory\n", task->tk_pid);
934 "to finish\n", task->tk_pid); 947 rpc_delay(task, HZ >> 2);
935 /* avoid busy-waiting here -- could be a network outage. */
936 rpc_delay(task, 5*HZ);
937 goto retry_timeout; 948 goto retry_timeout;
938 case -EACCES: 949 case -EACCES:
939 dprintk("RPC: %5u remote rpcbind: RPC program/version " 950 dprintk("RPC: %5u remote rpcbind: RPC program/version "
@@ -1046,10 +1057,16 @@ call_transmit(struct rpc_task *task)
1046 /* Encode here so that rpcsec_gss can use correct sequence number. */ 1057 /* Encode here so that rpcsec_gss can use correct sequence number. */
1047 if (rpc_task_need_encode(task)) { 1058 if (rpc_task_need_encode(task)) {
1048 BUG_ON(task->tk_rqstp->rq_bytes_sent != 0); 1059 BUG_ON(task->tk_rqstp->rq_bytes_sent != 0);
1049 call_encode(task); 1060 rpc_xdr_encode(task);
1050 /* Did the encode result in an error condition? */ 1061 /* Did the encode result in an error condition? */
1051 if (task->tk_status != 0) 1062 if (task->tk_status != 0) {
1063 /* Was the error nonfatal? */
1064 if (task->tk_status == -EAGAIN)
1065 rpc_delay(task, HZ >> 4);
1066 else
1067 rpc_exit(task, task->tk_status);
1052 return; 1068 return;
1069 }
1053 } 1070 }
1054 xprt_transmit(task); 1071 xprt_transmit(task);
1055 if (task->tk_status < 0) 1072 if (task->tk_status < 0)
@@ -1132,7 +1149,8 @@ call_status(struct rpc_task *task)
1132 rpc_exit(task, status); 1149 rpc_exit(task, status);
1133 break; 1150 break;
1134 default: 1151 default:
1135 printk("%s: RPC call returned error %d\n", 1152 if (clnt->cl_chatty)
1153 printk("%s: RPC call returned error %d\n",
1136 clnt->cl_protname, -status); 1154 clnt->cl_protname, -status);
1137 rpc_exit(task, status); 1155 rpc_exit(task, status);
1138 } 1156 }
@@ -1157,7 +1175,8 @@ call_timeout(struct rpc_task *task)
1157 task->tk_timeouts++; 1175 task->tk_timeouts++;
1158 1176
1159 if (RPC_IS_SOFT(task)) { 1177 if (RPC_IS_SOFT(task)) {
1160 printk(KERN_NOTICE "%s: server %s not responding, timed out\n", 1178 if (clnt->cl_chatty)
1179 printk(KERN_NOTICE "%s: server %s not responding, timed out\n",
1161 clnt->cl_protname, clnt->cl_server); 1180 clnt->cl_protname, clnt->cl_server);
1162 rpc_exit(task, -EIO); 1181 rpc_exit(task, -EIO);
1163 return; 1182 return;
@@ -1165,7 +1184,8 @@ call_timeout(struct rpc_task *task)
1165 1184
1166 if (!(task->tk_flags & RPC_CALL_MAJORSEEN)) { 1185 if (!(task->tk_flags & RPC_CALL_MAJORSEEN)) {
1167 task->tk_flags |= RPC_CALL_MAJORSEEN; 1186 task->tk_flags |= RPC_CALL_MAJORSEEN;
1168 printk(KERN_NOTICE "%s: server %s not responding, still trying\n", 1187 if (clnt->cl_chatty)
1188 printk(KERN_NOTICE "%s: server %s not responding, still trying\n",
1169 clnt->cl_protname, clnt->cl_server); 1189 clnt->cl_protname, clnt->cl_server);
1170 } 1190 }
1171 rpc_force_rebind(clnt); 1191 rpc_force_rebind(clnt);
@@ -1196,8 +1216,9 @@ call_decode(struct rpc_task *task)
1196 task->tk_pid, task->tk_status); 1216 task->tk_pid, task->tk_status);
1197 1217
1198 if (task->tk_flags & RPC_CALL_MAJORSEEN) { 1218 if (task->tk_flags & RPC_CALL_MAJORSEEN) {
1199 printk(KERN_NOTICE "%s: server %s OK\n", 1219 if (clnt->cl_chatty)
1200 clnt->cl_protname, clnt->cl_server); 1220 printk(KERN_NOTICE "%s: server %s OK\n",
1221 clnt->cl_protname, clnt->cl_server);
1201 task->tk_flags &= ~RPC_CALL_MAJORSEEN; 1222 task->tk_flags &= ~RPC_CALL_MAJORSEEN;
1202 } 1223 }
1203 1224
@@ -1224,8 +1245,7 @@ call_decode(struct rpc_task *task)
1224 goto out_retry; 1245 goto out_retry;
1225 } 1246 }
1226 1247
1227 /* Verify the RPC header */ 1248 p = rpc_verify_header(task);
1228 p = call_verify(task);
1229 if (IS_ERR(p)) { 1249 if (IS_ERR(p)) {
1230 if (p == ERR_PTR(-EAGAIN)) 1250 if (p == ERR_PTR(-EAGAIN))
1231 goto out_retry; 1251 goto out_retry;
@@ -1243,7 +1263,7 @@ call_decode(struct rpc_task *task)
1243 return; 1263 return;
1244out_retry: 1264out_retry:
1245 task->tk_status = 0; 1265 task->tk_status = 0;
1246 /* Note: call_verify() may have freed the RPC slot */ 1266 /* Note: rpc_verify_header() may have freed the RPC slot */
1247 if (task->tk_rqstp == req) { 1267 if (task->tk_rqstp == req) {
1248 req->rq_received = req->rq_rcv_buf.len = 0; 1268 req->rq_received = req->rq_rcv_buf.len = 0;
1249 if (task->tk_client->cl_discrtry) 1269 if (task->tk_client->cl_discrtry)
@@ -1290,11 +1310,8 @@ call_refreshresult(struct rpc_task *task)
1290 return; 1310 return;
1291} 1311}
1292 1312
1293/*
1294 * Call header serialization
1295 */
1296static __be32 * 1313static __be32 *
1297call_header(struct rpc_task *task) 1314rpc_encode_header(struct rpc_task *task)
1298{ 1315{
1299 struct rpc_clnt *clnt = task->tk_client; 1316 struct rpc_clnt *clnt = task->tk_client;
1300 struct rpc_rqst *req = task->tk_rqstp; 1317 struct rpc_rqst *req = task->tk_rqstp;
@@ -1314,11 +1331,8 @@ call_header(struct rpc_task *task)
1314 return p; 1331 return p;
1315} 1332}
1316 1333
1317/*
1318 * Reply header verification
1319 */
1320static __be32 * 1334static __be32 *
1321call_verify(struct rpc_task *task) 1335rpc_verify_header(struct rpc_task *task)
1322{ 1336{
1323 struct kvec *iov = &task->tk_rqstp->rq_rcv_buf.head[0]; 1337 struct kvec *iov = &task->tk_rqstp->rq_rcv_buf.head[0];
1324 int len = task->tk_rqstp->rq_rcv_buf.len >> 2; 1338 int len = task->tk_rqstp->rq_rcv_buf.len >> 2;
@@ -1392,7 +1406,7 @@ call_verify(struct rpc_task *task)
1392 task->tk_action = call_bind; 1406 task->tk_action = call_bind;
1393 goto out_retry; 1407 goto out_retry;
1394 case RPC_AUTH_TOOWEAK: 1408 case RPC_AUTH_TOOWEAK:
1395 printk(KERN_NOTICE "call_verify: server %s requires stronger " 1409 printk(KERN_NOTICE "RPC: server %s requires stronger "
1396 "authentication.\n", task->tk_client->cl_server); 1410 "authentication.\n", task->tk_client->cl_server);
1397 break; 1411 break;
1398 default: 1412 default:
@@ -1431,10 +1445,10 @@ call_verify(struct rpc_task *task)
1431 error = -EPROTONOSUPPORT; 1445 error = -EPROTONOSUPPORT;
1432 goto out_err; 1446 goto out_err;
1433 case RPC_PROC_UNAVAIL: 1447 case RPC_PROC_UNAVAIL:
1434 dprintk("RPC: %5u %s: proc %p unsupported by program %u, " 1448 dprintk("RPC: %5u %s: proc %s unsupported by program %u, "
1435 "version %u on server %s\n", 1449 "version %u on server %s\n",
1436 task->tk_pid, __func__, 1450 task->tk_pid, __func__,
1437 task->tk_msg.rpc_proc, 1451 rpc_proc_name(task),
1438 task->tk_client->cl_prog, 1452 task->tk_client->cl_prog,
1439 task->tk_client->cl_vers, 1453 task->tk_client->cl_vers,
1440 task->tk_client->cl_server); 1454 task->tk_client->cl_server);
@@ -1517,44 +1531,53 @@ struct rpc_task *rpc_call_null(struct rpc_clnt *clnt, struct rpc_cred *cred, int
1517EXPORT_SYMBOL_GPL(rpc_call_null); 1531EXPORT_SYMBOL_GPL(rpc_call_null);
1518 1532
1519#ifdef RPC_DEBUG 1533#ifdef RPC_DEBUG
1534static void rpc_show_header(void)
1535{
1536 printk(KERN_INFO "-pid- flgs status -client- --rqstp- "
1537 "-timeout ---ops--\n");
1538}
1539
1540static void rpc_show_task(const struct rpc_clnt *clnt,
1541 const struct rpc_task *task)
1542{
1543 const char *rpc_waitq = "none";
1544 char *p, action[KSYM_SYMBOL_LEN];
1545
1546 if (RPC_IS_QUEUED(task))
1547 rpc_waitq = rpc_qname(task->tk_waitqueue);
1548
1549 /* map tk_action pointer to a function name; then trim off
1550 * the "+0x0 [sunrpc]" */
1551 sprint_symbol(action, (unsigned long)task->tk_action);
1552 p = strchr(action, '+');
1553 if (p)
1554 *p = '\0';
1555
1556 printk(KERN_INFO "%5u %04x %6d %8p %8p %8ld %8p %sv%u %s a:%s q:%s\n",
1557 task->tk_pid, task->tk_flags, task->tk_status,
1558 clnt, task->tk_rqstp, task->tk_timeout, task->tk_ops,
1559 clnt->cl_protname, clnt->cl_vers, rpc_proc_name(task),
1560 action, rpc_waitq);
1561}
1562
1520void rpc_show_tasks(void) 1563void rpc_show_tasks(void)
1521{ 1564{
1522 struct rpc_clnt *clnt; 1565 struct rpc_clnt *clnt;
1523 struct rpc_task *t; 1566 struct rpc_task *task;
1567 int header = 0;
1524 1568
1525 spin_lock(&rpc_client_lock); 1569 spin_lock(&rpc_client_lock);
1526 if (list_empty(&all_clients))
1527 goto out;
1528 printk("-pid- proc flgs status -client- -prog- --rqstp- -timeout "
1529 "-rpcwait -action- ---ops--\n");
1530 list_for_each_entry(clnt, &all_clients, cl_clients) { 1570 list_for_each_entry(clnt, &all_clients, cl_clients) {
1531 if (list_empty(&clnt->cl_tasks))
1532 continue;
1533 spin_lock(&clnt->cl_lock); 1571 spin_lock(&clnt->cl_lock);
1534 list_for_each_entry(t, &clnt->cl_tasks, tk_task) { 1572 list_for_each_entry(task, &clnt->cl_tasks, tk_task) {
1535 const char *rpc_waitq = "none"; 1573 if (!header) {
1536 int proc; 1574 rpc_show_header();
1537 1575 header++;
1538 if (t->tk_msg.rpc_proc) 1576 }
1539 proc = t->tk_msg.rpc_proc->p_proc; 1577 rpc_show_task(clnt, task);
1540 else
1541 proc = -1;
1542
1543 if (RPC_IS_QUEUED(t))
1544 rpc_waitq = rpc_qname(t->tk_waitqueue);
1545
1546 printk("%5u %04d %04x %6d %8p %6d %8p %8ld %8s %8p %8p\n",
1547 t->tk_pid, proc,
1548 t->tk_flags, t->tk_status,
1549 t->tk_client,
1550 (t->tk_client ? t->tk_client->cl_prog : 0),
1551 t->tk_rqstp, t->tk_timeout,
1552 rpc_waitq,
1553 t->tk_action, t->tk_ops);
1554 } 1578 }
1555 spin_unlock(&clnt->cl_lock); 1579 spin_unlock(&clnt->cl_lock);
1556 } 1580 }
1557out:
1558 spin_unlock(&rpc_client_lock); 1581 spin_unlock(&rpc_client_lock);
1559} 1582}
1560#endif 1583#endif
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 5a9b0e7828cd..23a2b8f6dc49 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -897,7 +897,7 @@ static struct file_system_type rpc_pipe_fs_type = {
897}; 897};
898 898
899static void 899static void
900init_once(struct kmem_cache * cachep, void *foo) 900init_once(void *foo)
901{ 901{
902 struct rpc_inode *rpci = (struct rpc_inode *) foo; 902 struct rpc_inode *rpci = (struct rpc_inode *) foo;
903 903
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index 0517967a68bf..24db2b4d12d3 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -32,6 +32,10 @@
32#define RPCBIND_PROGRAM (100000u) 32#define RPCBIND_PROGRAM (100000u)
33#define RPCBIND_PORT (111u) 33#define RPCBIND_PORT (111u)
34 34
35#define RPCBVERS_2 (2u)
36#define RPCBVERS_3 (3u)
37#define RPCBVERS_4 (4u)
38
35enum { 39enum {
36 RPCBPROC_NULL, 40 RPCBPROC_NULL,
37 RPCBPROC_SET, 41 RPCBPROC_SET,
@@ -64,6 +68,7 @@ enum {
64#define RPCB_MAXOWNERLEN sizeof(RPCB_OWNER_STRING) 68#define RPCB_MAXOWNERLEN sizeof(RPCB_OWNER_STRING)
65 69
66static void rpcb_getport_done(struct rpc_task *, void *); 70static void rpcb_getport_done(struct rpc_task *, void *);
71static void rpcb_map_release(void *data);
67static struct rpc_program rpcb_program; 72static struct rpc_program rpcb_program;
68 73
69struct rpcbind_args { 74struct rpcbind_args {
@@ -76,41 +81,73 @@ struct rpcbind_args {
76 const char * r_netid; 81 const char * r_netid;
77 const char * r_addr; 82 const char * r_addr;
78 const char * r_owner; 83 const char * r_owner;
84
85 int r_status;
79}; 86};
80 87
81static struct rpc_procinfo rpcb_procedures2[]; 88static struct rpc_procinfo rpcb_procedures2[];
82static struct rpc_procinfo rpcb_procedures3[]; 89static struct rpc_procinfo rpcb_procedures3[];
90static struct rpc_procinfo rpcb_procedures4[];
83 91
84struct rpcb_info { 92struct rpcb_info {
85 int rpc_vers; 93 u32 rpc_vers;
86 struct rpc_procinfo * rpc_proc; 94 struct rpc_procinfo * rpc_proc;
87}; 95};
88 96
89static struct rpcb_info rpcb_next_version[]; 97static struct rpcb_info rpcb_next_version[];
90static struct rpcb_info rpcb_next_version6[]; 98static struct rpcb_info rpcb_next_version6[];
91 99
100static const struct rpc_call_ops rpcb_getport_ops = {
101 .rpc_call_done = rpcb_getport_done,
102 .rpc_release = rpcb_map_release,
103};
104
105static void rpcb_wake_rpcbind_waiters(struct rpc_xprt *xprt, int status)
106{
107 xprt_clear_binding(xprt);
108 rpc_wake_up_status(&xprt->binding, status);
109}
110
92static void rpcb_map_release(void *data) 111static void rpcb_map_release(void *data)
93{ 112{
94 struct rpcbind_args *map = data; 113 struct rpcbind_args *map = data;
95 114
115 rpcb_wake_rpcbind_waiters(map->r_xprt, map->r_status);
96 xprt_put(map->r_xprt); 116 xprt_put(map->r_xprt);
97 kfree(map); 117 kfree(map);
98} 118}
99 119
100static const struct rpc_call_ops rpcb_getport_ops = { 120static const struct sockaddr_in rpcb_inaddr_loopback = {
101 .rpc_call_done = rpcb_getport_done, 121 .sin_family = AF_INET,
102 .rpc_release = rpcb_map_release, 122 .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
123 .sin_port = htons(RPCBIND_PORT),
103}; 124};
104 125
105static void rpcb_wake_rpcbind_waiters(struct rpc_xprt *xprt, int status) 126static const struct sockaddr_in6 rpcb_in6addr_loopback = {
127 .sin6_family = AF_INET6,
128 .sin6_addr = IN6ADDR_LOOPBACK_INIT,
129 .sin6_port = htons(RPCBIND_PORT),
130};
131
132static struct rpc_clnt *rpcb_create_local(struct sockaddr *addr,
133 size_t addrlen, u32 version)
106{ 134{
107 xprt_clear_binding(xprt); 135 struct rpc_create_args args = {
108 rpc_wake_up_status(&xprt->binding, status); 136 .protocol = XPRT_TRANSPORT_UDP,
137 .address = addr,
138 .addrsize = addrlen,
139 .servername = "localhost",
140 .program = &rpcb_program,
141 .version = version,
142 .authflavor = RPC_AUTH_UNIX,
143 .flags = RPC_CLNT_CREATE_NOPING,
144 };
145
146 return rpc_create(&args);
109} 147}
110 148
111static struct rpc_clnt *rpcb_create(char *hostname, struct sockaddr *srvaddr, 149static struct rpc_clnt *rpcb_create(char *hostname, struct sockaddr *srvaddr,
112 size_t salen, int proto, u32 version, 150 size_t salen, int proto, u32 version)
113 int privileged)
114{ 151{
115 struct rpc_create_args args = { 152 struct rpc_create_args args = {
116 .protocol = proto, 153 .protocol = proto,
@@ -120,7 +157,8 @@ static struct rpc_clnt *rpcb_create(char *hostname, struct sockaddr *srvaddr,
120 .program = &rpcb_program, 157 .program = &rpcb_program,
121 .version = version, 158 .version = version,
122 .authflavor = RPC_AUTH_UNIX, 159 .authflavor = RPC_AUTH_UNIX,
123 .flags = RPC_CLNT_CREATE_NOPING, 160 .flags = (RPC_CLNT_CREATE_NOPING |
161 RPC_CLNT_CREATE_NONPRIVPORT),
124 }; 162 };
125 163
126 switch (srvaddr->sa_family) { 164 switch (srvaddr->sa_family) {
@@ -134,29 +172,72 @@ static struct rpc_clnt *rpcb_create(char *hostname, struct sockaddr *srvaddr,
134 return NULL; 172 return NULL;
135 } 173 }
136 174
137 if (!privileged)
138 args.flags |= RPC_CLNT_CREATE_NONPRIVPORT;
139 return rpc_create(&args); 175 return rpc_create(&args);
140} 176}
141 177
178static int rpcb_register_call(struct sockaddr *addr, size_t addrlen,
179 u32 version, struct rpc_message *msg,
180 int *result)
181{
182 struct rpc_clnt *rpcb_clnt;
183 int error = 0;
184
185 *result = 0;
186
187 rpcb_clnt = rpcb_create_local(addr, addrlen, version);
188 if (!IS_ERR(rpcb_clnt)) {
189 error = rpc_call_sync(rpcb_clnt, msg, 0);
190 rpc_shutdown_client(rpcb_clnt);
191 } else
192 error = PTR_ERR(rpcb_clnt);
193
194 if (error < 0)
195 printk(KERN_WARNING "RPC: failed to contact local rpcbind "
196 "server (errno %d).\n", -error);
197 dprintk("RPC: registration status %d/%d\n", error, *result);
198
199 return error;
200}
201
142/** 202/**
143 * rpcb_register - set or unset a port registration with the local rpcbind svc 203 * rpcb_register - set or unset a port registration with the local rpcbind svc
144 * @prog: RPC program number to bind 204 * @prog: RPC program number to bind
145 * @vers: RPC version number to bind 205 * @vers: RPC version number to bind
146 * @prot: transport protocol to use to make this request 206 * @prot: transport protocol to register
147 * @port: port value to register 207 * @port: port value to register
148 * @okay: result code 208 * @okay: OUT: result code
209 *
210 * RPC services invoke this function to advertise their contact
211 * information via the system's rpcbind daemon. RPC services
212 * invoke this function once for each [program, version, transport]
213 * tuple they wish to advertise.
214 *
215 * Callers may also unregister RPC services that are no longer
216 * available by setting the passed-in port to zero. This removes
217 * all registered transports for [program, version] from the local
218 * rpcbind database.
219 *
220 * Returns zero if the registration request was dispatched
221 * successfully and a reply was received. The rpcbind daemon's
222 * boolean result code is stored in *okay.
223 *
224 * Returns an errno value and sets *result to zero if there was
225 * some problem that prevented the rpcbind request from being
226 * dispatched, or if the rpcbind daemon did not respond within
227 * the timeout.
149 * 228 *
150 * port == 0 means unregister, port != 0 means register. 229 * This function uses rpcbind protocol version 2 to contact the
230 * local rpcbind daemon.
151 * 231 *
152 * This routine supports only rpcbind version 2. 232 * Registration works over both AF_INET and AF_INET6, and services
233 * registered via this function are advertised as available for any
234 * address. If the local rpcbind daemon is listening on AF_INET6,
235 * services registered via this function will be advertised on
236 * IN6ADDR_ANY (ie available for all AF_INET and AF_INET6
237 * addresses).
153 */ 238 */
154int rpcb_register(u32 prog, u32 vers, int prot, unsigned short port, int *okay) 239int rpcb_register(u32 prog, u32 vers, int prot, unsigned short port, int *okay)
155{ 240{
156 struct sockaddr_in sin = {
157 .sin_family = AF_INET,
158 .sin_addr.s_addr = htonl(INADDR_LOOPBACK),
159 };
160 struct rpcbind_args map = { 241 struct rpcbind_args map = {
161 .r_prog = prog, 242 .r_prog = prog,
162 .r_vers = vers, 243 .r_vers = vers,
@@ -164,32 +245,159 @@ int rpcb_register(u32 prog, u32 vers, int prot, unsigned short port, int *okay)
164 .r_port = port, 245 .r_port = port,
165 }; 246 };
166 struct rpc_message msg = { 247 struct rpc_message msg = {
167 .rpc_proc = &rpcb_procedures2[port ?
168 RPCBPROC_SET : RPCBPROC_UNSET],
169 .rpc_argp = &map, 248 .rpc_argp = &map,
170 .rpc_resp = okay, 249 .rpc_resp = okay,
171 }; 250 };
172 struct rpc_clnt *rpcb_clnt;
173 int error = 0;
174 251
175 dprintk("RPC: %sregistering (%u, %u, %d, %u) with local " 252 dprintk("RPC: %sregistering (%u, %u, %d, %u) with local "
176 "rpcbind\n", (port ? "" : "un"), 253 "rpcbind\n", (port ? "" : "un"),
177 prog, vers, prot, port); 254 prog, vers, prot, port);
178 255
179 rpcb_clnt = rpcb_create("localhost", (struct sockaddr *) &sin, 256 msg.rpc_proc = &rpcb_procedures2[RPCBPROC_UNSET];
180 sizeof(sin), XPRT_TRANSPORT_UDP, 2, 1); 257 if (port)
181 if (IS_ERR(rpcb_clnt)) 258 msg.rpc_proc = &rpcb_procedures2[RPCBPROC_SET];
182 return PTR_ERR(rpcb_clnt);
183 259
184 error = rpc_call_sync(rpcb_clnt, &msg, 0); 260 return rpcb_register_call((struct sockaddr *)&rpcb_inaddr_loopback,
261 sizeof(rpcb_inaddr_loopback),
262 RPCBVERS_2, &msg, okay);
263}
185 264
186 rpc_shutdown_client(rpcb_clnt); 265/*
187 if (error < 0) 266 * Fill in AF_INET family-specific arguments to register
188 printk(KERN_WARNING "RPC: failed to contact local rpcbind " 267 */
189 "server (errno %d).\n", -error); 268static int rpcb_register_netid4(struct sockaddr_in *address_to_register,
190 dprintk("RPC: registration status %d/%d\n", error, *okay); 269 struct rpc_message *msg)
270{
271 struct rpcbind_args *map = msg->rpc_argp;
272 unsigned short port = ntohs(address_to_register->sin_port);
273 char buf[32];
274
275 /* Construct AF_INET universal address */
276 snprintf(buf, sizeof(buf),
277 NIPQUAD_FMT".%u.%u",
278 NIPQUAD(address_to_register->sin_addr.s_addr),
279 port >> 8, port & 0xff);
280 map->r_addr = buf;
281
282 dprintk("RPC: %sregistering [%u, %u, %s, '%s'] with "
283 "local rpcbind\n", (port ? "" : "un"),
284 map->r_prog, map->r_vers,
285 map->r_addr, map->r_netid);
286
287 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET];
288 if (port)
289 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_SET];
290
291 return rpcb_register_call((struct sockaddr *)&rpcb_inaddr_loopback,
292 sizeof(rpcb_inaddr_loopback),
293 RPCBVERS_4, msg, msg->rpc_resp);
294}
191 295
192 return error; 296/*
297 * Fill in AF_INET6 family-specific arguments to register
298 */
299static int rpcb_register_netid6(struct sockaddr_in6 *address_to_register,
300 struct rpc_message *msg)
301{
302 struct rpcbind_args *map = msg->rpc_argp;
303 unsigned short port = ntohs(address_to_register->sin6_port);
304 char buf[64];
305
306 /* Construct AF_INET6 universal address */
307 snprintf(buf, sizeof(buf),
308 NIP6_FMT".%u.%u",
309 NIP6(address_to_register->sin6_addr),
310 port >> 8, port & 0xff);
311 map->r_addr = buf;
312
313 dprintk("RPC: %sregistering [%u, %u, %s, '%s'] with "
314 "local rpcbind\n", (port ? "" : "un"),
315 map->r_prog, map->r_vers,
316 map->r_addr, map->r_netid);
317
318 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_UNSET];
319 if (port)
320 msg->rpc_proc = &rpcb_procedures4[RPCBPROC_SET];
321
322 return rpcb_register_call((struct sockaddr *)&rpcb_in6addr_loopback,
323 sizeof(rpcb_in6addr_loopback),
324 RPCBVERS_4, msg, msg->rpc_resp);
325}
326
327/**
328 * rpcb_v4_register - set or unset a port registration with the local rpcbind
329 * @program: RPC program number of service to (un)register
330 * @version: RPC version number of service to (un)register
331 * @address: address family, IP address, and port to (un)register
332 * @netid: netid of transport protocol to (un)register
333 * @result: result code from rpcbind RPC call
334 *
335 * RPC services invoke this function to advertise their contact
336 * information via the system's rpcbind daemon. RPC services
337 * invoke this function once for each [program, version, address,
338 * netid] tuple they wish to advertise.
339 *
340 * Callers may also unregister RPC services that are no longer
341 * available by setting the port number in the passed-in address
342 * to zero. Callers pass a netid of "" to unregister all
343 * transport netids associated with [program, version, address].
344 *
345 * Returns zero if the registration request was dispatched
346 * successfully and a reply was received. The rpcbind daemon's
347 * result code is stored in *result.
348 *
349 * Returns an errno value and sets *result to zero if there was
350 * some problem that prevented the rpcbind request from being
351 * dispatched, or if the rpcbind daemon did not respond within
352 * the timeout.
353 *
354 * This function uses rpcbind protocol version 4 to contact the
355 * local rpcbind daemon. The local rpcbind daemon must support
356 * version 4 of the rpcbind protocol in order for these functions
357 * to register a service successfully.
358 *
359 * Supported netids include "udp" and "tcp" for UDP and TCP over
360 * IPv4, and "udp6" and "tcp6" for UDP and TCP over IPv6,
361 * respectively.
362 *
363 * The contents of @address determine the address family and the
364 * port to be registered. The usual practice is to pass INADDR_ANY
365 * as the raw address, but specifying a non-zero address is also
366 * supported by this API if the caller wishes to advertise an RPC
367 * service on a specific network interface.
368 *
369 * Note that passing in INADDR_ANY does not create the same service
370 * registration as IN6ADDR_ANY. The former advertises an RPC
371 * service on any IPv4 address, but not on IPv6. The latter
372 * advertises the service on all IPv4 and IPv6 addresses.
373 */
374int rpcb_v4_register(const u32 program, const u32 version,
375 const struct sockaddr *address, const char *netid,
376 int *result)
377{
378 struct rpcbind_args map = {
379 .r_prog = program,
380 .r_vers = version,
381 .r_netid = netid,
382 .r_owner = RPCB_OWNER_STRING,
383 };
384 struct rpc_message msg = {
385 .rpc_argp = &map,
386 .rpc_resp = result,
387 };
388
389 *result = 0;
390
391 switch (address->sa_family) {
392 case AF_INET:
393 return rpcb_register_netid4((struct sockaddr_in *)address,
394 &msg);
395 case AF_INET6:
396 return rpcb_register_netid6((struct sockaddr_in6 *)address,
397 &msg);
398 }
399
400 return -EAFNOSUPPORT;
193} 401}
194 402
195/** 403/**
@@ -227,7 +435,7 @@ int rpcb_getport_sync(struct sockaddr_in *sin, u32 prog, u32 vers, int prot)
227 __func__, NIPQUAD(sin->sin_addr.s_addr), prog, vers, prot); 435 __func__, NIPQUAD(sin->sin_addr.s_addr), prog, vers, prot);
228 436
229 rpcb_clnt = rpcb_create(NULL, (struct sockaddr *)sin, 437 rpcb_clnt = rpcb_create(NULL, (struct sockaddr *)sin,
230 sizeof(*sin), prot, 2, 0); 438 sizeof(*sin), prot, RPCBVERS_2);
231 if (IS_ERR(rpcb_clnt)) 439 if (IS_ERR(rpcb_clnt))
232 return PTR_ERR(rpcb_clnt); 440 return PTR_ERR(rpcb_clnt);
233 441
@@ -243,10 +451,10 @@ int rpcb_getport_sync(struct sockaddr_in *sin, u32 prog, u32 vers, int prot)
243} 451}
244EXPORT_SYMBOL_GPL(rpcb_getport_sync); 452EXPORT_SYMBOL_GPL(rpcb_getport_sync);
245 453
246static struct rpc_task *rpcb_call_async(struct rpc_clnt *rpcb_clnt, struct rpcbind_args *map, int version) 454static struct rpc_task *rpcb_call_async(struct rpc_clnt *rpcb_clnt, struct rpcbind_args *map, struct rpc_procinfo *proc)
247{ 455{
248 struct rpc_message msg = { 456 struct rpc_message msg = {
249 .rpc_proc = rpcb_next_version[version].rpc_proc, 457 .rpc_proc = proc,
250 .rpc_argp = map, 458 .rpc_argp = map,
251 .rpc_resp = &map->r_port, 459 .rpc_resp = &map->r_port,
252 }; 460 };
@@ -271,6 +479,7 @@ static struct rpc_task *rpcb_call_async(struct rpc_clnt *rpcb_clnt, struct rpcbi
271void rpcb_getport_async(struct rpc_task *task) 479void rpcb_getport_async(struct rpc_task *task)
272{ 480{
273 struct rpc_clnt *clnt = task->tk_client; 481 struct rpc_clnt *clnt = task->tk_client;
482 struct rpc_procinfo *proc;
274 u32 bind_version; 483 u32 bind_version;
275 struct rpc_xprt *xprt = task->tk_xprt; 484 struct rpc_xprt *xprt = task->tk_xprt;
276 struct rpc_clnt *rpcb_clnt; 485 struct rpc_clnt *rpcb_clnt;
@@ -280,7 +489,6 @@ void rpcb_getport_async(struct rpc_task *task)
280 struct sockaddr *sap = (struct sockaddr *)&addr; 489 struct sockaddr *sap = (struct sockaddr *)&addr;
281 size_t salen; 490 size_t salen;
282 int status; 491 int status;
283 struct rpcb_info *info;
284 492
285 dprintk("RPC: %5u %s(%s, %u, %u, %d)\n", 493 dprintk("RPC: %5u %s(%s, %u, %u, %d)\n",
286 task->tk_pid, __func__, 494 task->tk_pid, __func__,
@@ -289,17 +497,16 @@ void rpcb_getport_async(struct rpc_task *task)
289 /* Autobind on cloned rpc clients is discouraged */ 497 /* Autobind on cloned rpc clients is discouraged */
290 BUG_ON(clnt->cl_parent != clnt); 498 BUG_ON(clnt->cl_parent != clnt);
291 499
500 /* Put self on the wait queue to ensure we get notified if
501 * some other task is already attempting to bind the port */
502 rpc_sleep_on(&xprt->binding, task, NULL);
503
292 if (xprt_test_and_set_binding(xprt)) { 504 if (xprt_test_and_set_binding(xprt)) {
293 status = -EAGAIN; /* tell caller to check again */
294 dprintk("RPC: %5u %s: waiting for another binder\n", 505 dprintk("RPC: %5u %s: waiting for another binder\n",
295 task->tk_pid, __func__); 506 task->tk_pid, __func__);
296 goto bailout_nowake; 507 return;
297 } 508 }
298 509
299 /* Put self on queue before sending rpcbind request, in case
300 * rpcb_getport_done completes before we return from rpc_run_task */
301 rpc_sleep_on(&xprt->binding, task, NULL);
302
303 /* Someone else may have bound if we slept */ 510 /* Someone else may have bound if we slept */
304 if (xprt_bound(xprt)) { 511 if (xprt_bound(xprt)) {
305 status = 0; 512 status = 0;
@@ -313,10 +520,12 @@ void rpcb_getport_async(struct rpc_task *task)
313 /* Don't ever use rpcbind v2 for AF_INET6 requests */ 520 /* Don't ever use rpcbind v2 for AF_INET6 requests */
314 switch (sap->sa_family) { 521 switch (sap->sa_family) {
315 case AF_INET: 522 case AF_INET:
316 info = rpcb_next_version; 523 proc = rpcb_next_version[xprt->bind_index].rpc_proc;
524 bind_version = rpcb_next_version[xprt->bind_index].rpc_vers;
317 break; 525 break;
318 case AF_INET6: 526 case AF_INET6:
319 info = rpcb_next_version6; 527 proc = rpcb_next_version6[xprt->bind_index].rpc_proc;
528 bind_version = rpcb_next_version6[xprt->bind_index].rpc_vers;
320 break; 529 break;
321 default: 530 default:
322 status = -EAFNOSUPPORT; 531 status = -EAFNOSUPPORT;
@@ -324,20 +533,19 @@ void rpcb_getport_async(struct rpc_task *task)
324 task->tk_pid, __func__); 533 task->tk_pid, __func__);
325 goto bailout_nofree; 534 goto bailout_nofree;
326 } 535 }
327 if (info[xprt->bind_index].rpc_proc == NULL) { 536 if (proc == NULL) {
328 xprt->bind_index = 0; 537 xprt->bind_index = 0;
329 status = -EPFNOSUPPORT; 538 status = -EPFNOSUPPORT;
330 dprintk("RPC: %5u %s: no more getport versions available\n", 539 dprintk("RPC: %5u %s: no more getport versions available\n",
331 task->tk_pid, __func__); 540 task->tk_pid, __func__);
332 goto bailout_nofree; 541 goto bailout_nofree;
333 } 542 }
334 bind_version = info[xprt->bind_index].rpc_vers;
335 543
336 dprintk("RPC: %5u %s: trying rpcbind version %u\n", 544 dprintk("RPC: %5u %s: trying rpcbind version %u\n",
337 task->tk_pid, __func__, bind_version); 545 task->tk_pid, __func__, bind_version);
338 546
339 rpcb_clnt = rpcb_create(clnt->cl_server, sap, salen, xprt->prot, 547 rpcb_clnt = rpcb_create(clnt->cl_server, sap, salen, xprt->prot,
340 bind_version, 0); 548 bind_version);
341 if (IS_ERR(rpcb_clnt)) { 549 if (IS_ERR(rpcb_clnt)) {
342 status = PTR_ERR(rpcb_clnt); 550 status = PTR_ERR(rpcb_clnt);
343 dprintk("RPC: %5u %s: rpcb_create failed, error %ld\n", 551 dprintk("RPC: %5u %s: rpcb_create failed, error %ld\n",
@@ -360,26 +568,23 @@ void rpcb_getport_async(struct rpc_task *task)
360 map->r_netid = rpc_peeraddr2str(clnt, RPC_DISPLAY_NETID); 568 map->r_netid = rpc_peeraddr2str(clnt, RPC_DISPLAY_NETID);
361 map->r_addr = rpc_peeraddr2str(rpcb_clnt, RPC_DISPLAY_UNIVERSAL_ADDR); 569 map->r_addr = rpc_peeraddr2str(rpcb_clnt, RPC_DISPLAY_UNIVERSAL_ADDR);
362 map->r_owner = RPCB_OWNER_STRING; /* ignored for GETADDR */ 570 map->r_owner = RPCB_OWNER_STRING; /* ignored for GETADDR */
571 map->r_status = -EIO;
363 572
364 child = rpcb_call_async(rpcb_clnt, map, xprt->bind_index); 573 child = rpcb_call_async(rpcb_clnt, map, proc);
365 rpc_release_client(rpcb_clnt); 574 rpc_release_client(rpcb_clnt);
366 if (IS_ERR(child)) { 575 if (IS_ERR(child)) {
367 status = -EIO; 576 /* rpcb_map_release() has freed the arguments */
368 dprintk("RPC: %5u %s: rpc_run_task failed\n", 577 dprintk("RPC: %5u %s: rpc_run_task failed\n",
369 task->tk_pid, __func__); 578 task->tk_pid, __func__);
370 goto bailout; 579 return;
371 } 580 }
372 rpc_put_task(child); 581 rpc_put_task(child);
373 582
374 task->tk_xprt->stat.bind_count++; 583 task->tk_xprt->stat.bind_count++;
375 return; 584 return;
376 585
377bailout:
378 kfree(map);
379 xprt_put(xprt);
380bailout_nofree: 586bailout_nofree:
381 rpcb_wake_rpcbind_waiters(xprt, status); 587 rpcb_wake_rpcbind_waiters(xprt, status);
382bailout_nowake:
383 task->tk_status = status; 588 task->tk_status = status;
384} 589}
385EXPORT_SYMBOL_GPL(rpcb_getport_async); 590EXPORT_SYMBOL_GPL(rpcb_getport_async);
@@ -418,9 +623,13 @@ static void rpcb_getport_done(struct rpc_task *child, void *data)
418 dprintk("RPC: %5u rpcb_getport_done(status %d, port %u)\n", 623 dprintk("RPC: %5u rpcb_getport_done(status %d, port %u)\n",
419 child->tk_pid, status, map->r_port); 624 child->tk_pid, status, map->r_port);
420 625
421 rpcb_wake_rpcbind_waiters(xprt, status); 626 map->r_status = status;
422} 627}
423 628
629/*
630 * XDR functions for rpcbind
631 */
632
424static int rpcb_encode_mapping(struct rpc_rqst *req, __be32 *p, 633static int rpcb_encode_mapping(struct rpc_rqst *req, __be32 *p,
425 struct rpcbind_args *rpcb) 634 struct rpcbind_args *rpcb)
426{ 635{
@@ -439,7 +648,7 @@ static int rpcb_decode_getport(struct rpc_rqst *req, __be32 *p,
439 unsigned short *portp) 648 unsigned short *portp)
440{ 649{
441 *portp = (unsigned short) ntohl(*p++); 650 *portp = (unsigned short) ntohl(*p++);
442 dprintk("RPC: rpcb_decode_getport result %u\n", 651 dprintk("RPC: rpcb_decode_getport result %u\n",
443 *portp); 652 *portp);
444 return 0; 653 return 0;
445} 654}
@@ -448,8 +657,8 @@ static int rpcb_decode_set(struct rpc_rqst *req, __be32 *p,
448 unsigned int *boolp) 657 unsigned int *boolp)
449{ 658{
450 *boolp = (unsigned int) ntohl(*p++); 659 *boolp = (unsigned int) ntohl(*p++);
451 dprintk("RPC: rpcb_decode_set result %u\n", 660 dprintk("RPC: rpcb_decode_set: call %s\n",
452 *boolp); 661 (*boolp ? "succeeded" : "failed"));
453 return 0; 662 return 0;
454} 663}
455 664
@@ -572,52 +781,60 @@ out_err:
572static struct rpc_procinfo rpcb_procedures2[] = { 781static struct rpc_procinfo rpcb_procedures2[] = {
573 PROC(SET, mapping, set), 782 PROC(SET, mapping, set),
574 PROC(UNSET, mapping, set), 783 PROC(UNSET, mapping, set),
575 PROC(GETADDR, mapping, getport), 784 PROC(GETPORT, mapping, getport),
576}; 785};
577 786
578static struct rpc_procinfo rpcb_procedures3[] = { 787static struct rpc_procinfo rpcb_procedures3[] = {
579 PROC(SET, mapping, set), 788 PROC(SET, getaddr, set),
580 PROC(UNSET, mapping, set), 789 PROC(UNSET, getaddr, set),
581 PROC(GETADDR, getaddr, getaddr), 790 PROC(GETADDR, getaddr, getaddr),
582}; 791};
583 792
584static struct rpc_procinfo rpcb_procedures4[] = { 793static struct rpc_procinfo rpcb_procedures4[] = {
585 PROC(SET, mapping, set), 794 PROC(SET, getaddr, set),
586 PROC(UNSET, mapping, set), 795 PROC(UNSET, getaddr, set),
796 PROC(GETADDR, getaddr, getaddr),
587 PROC(GETVERSADDR, getaddr, getaddr), 797 PROC(GETVERSADDR, getaddr, getaddr),
588}; 798};
589 799
590static struct rpcb_info rpcb_next_version[] = { 800static struct rpcb_info rpcb_next_version[] = {
591#ifdef CONFIG_SUNRPC_BIND34 801 {
592 { 4, &rpcb_procedures4[RPCBPROC_GETVERSADDR] }, 802 .rpc_vers = RPCBVERS_2,
593 { 3, &rpcb_procedures3[RPCBPROC_GETADDR] }, 803 .rpc_proc = &rpcb_procedures2[RPCBPROC_GETPORT],
594#endif 804 },
595 { 2, &rpcb_procedures2[RPCBPROC_GETPORT] }, 805 {
596 { 0, NULL }, 806 .rpc_proc = NULL,
807 },
597}; 808};
598 809
599static struct rpcb_info rpcb_next_version6[] = { 810static struct rpcb_info rpcb_next_version6[] = {
600#ifdef CONFIG_SUNRPC_BIND34 811 {
601 { 4, &rpcb_procedures4[RPCBPROC_GETVERSADDR] }, 812 .rpc_vers = RPCBVERS_4,
602 { 3, &rpcb_procedures3[RPCBPROC_GETADDR] }, 813 .rpc_proc = &rpcb_procedures4[RPCBPROC_GETADDR],
603#endif 814 },
604 { 0, NULL }, 815 {
816 .rpc_vers = RPCBVERS_3,
817 .rpc_proc = &rpcb_procedures3[RPCBPROC_GETADDR],
818 },
819 {
820 .rpc_proc = NULL,
821 },
605}; 822};
606 823
607static struct rpc_version rpcb_version2 = { 824static struct rpc_version rpcb_version2 = {
608 .number = 2, 825 .number = RPCBVERS_2,
609 .nrprocs = RPCB_HIGHPROC_2, 826 .nrprocs = RPCB_HIGHPROC_2,
610 .procs = rpcb_procedures2 827 .procs = rpcb_procedures2
611}; 828};
612 829
613static struct rpc_version rpcb_version3 = { 830static struct rpc_version rpcb_version3 = {
614 .number = 3, 831 .number = RPCBVERS_3,
615 .nrprocs = RPCB_HIGHPROC_3, 832 .nrprocs = RPCB_HIGHPROC_3,
616 .procs = rpcb_procedures3 833 .procs = rpcb_procedures3
617}; 834};
618 835
619static struct rpc_version rpcb_version4 = { 836static struct rpc_version rpcb_version4 = {
620 .number = 4, 837 .number = RPCBVERS_4,
621 .nrprocs = RPCB_HIGHPROC_4, 838 .nrprocs = RPCB_HIGHPROC_4,
622 .procs = rpcb_procedures4 839 .procs = rpcb_procedures4
623}; 840};
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index 6eab9bf94baf..385f427bedad 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -576,9 +576,7 @@ EXPORT_SYMBOL_GPL(rpc_delay);
576 */ 576 */
577static void rpc_prepare_task(struct rpc_task *task) 577static void rpc_prepare_task(struct rpc_task *task)
578{ 578{
579 lock_kernel();
580 task->tk_ops->rpc_call_prepare(task, task->tk_calldata); 579 task->tk_ops->rpc_call_prepare(task, task->tk_calldata);
581 unlock_kernel();
582} 580}
583 581
584/* 582/*
@@ -588,9 +586,7 @@ void rpc_exit_task(struct rpc_task *task)
588{ 586{
589 task->tk_action = NULL; 587 task->tk_action = NULL;
590 if (task->tk_ops->rpc_call_done != NULL) { 588 if (task->tk_ops->rpc_call_done != NULL) {
591 lock_kernel();
592 task->tk_ops->rpc_call_done(task, task->tk_calldata); 589 task->tk_ops->rpc_call_done(task, task->tk_calldata);
593 unlock_kernel();
594 if (task->tk_action != NULL) { 590 if (task->tk_action != NULL) {
595 WARN_ON(RPC_ASSASSINATED(task)); 591 WARN_ON(RPC_ASSASSINATED(task));
596 /* Always release the RPC slot and buffer memory */ 592 /* Always release the RPC slot and buffer memory */
@@ -602,11 +598,8 @@ EXPORT_SYMBOL_GPL(rpc_exit_task);
602 598
603void rpc_release_calldata(const struct rpc_call_ops *ops, void *calldata) 599void rpc_release_calldata(const struct rpc_call_ops *ops, void *calldata)
604{ 600{
605 if (ops->rpc_release != NULL) { 601 if (ops->rpc_release != NULL)
606 lock_kernel();
607 ops->rpc_release(calldata); 602 ops->rpc_release(calldata);
608 unlock_kernel();
609 }
610} 603}
611 604
612/* 605/*
@@ -626,19 +619,15 @@ static void __rpc_execute(struct rpc_task *task)
626 /* 619 /*
627 * Execute any pending callback. 620 * Execute any pending callback.
628 */ 621 */
629 if (RPC_DO_CALLBACK(task)) { 622 if (task->tk_callback) {
630 /* Define a callback save pointer */
631 void (*save_callback)(struct rpc_task *); 623 void (*save_callback)(struct rpc_task *);
632 624
633 /* 625 /*
634 * If a callback exists, save it, reset it, 626 * We set tk_callback to NULL before calling it,
635 * call it. 627 * in case it sets the tk_callback field itself:
636 * The save is needed to stop from resetting
637 * another callback set within the callback handler
638 * - Dave
639 */ 628 */
640 save_callback=task->tk_callback; 629 save_callback = task->tk_callback;
641 task->tk_callback=NULL; 630 task->tk_callback = NULL;
642 save_callback(task); 631 save_callback(task);
643 } 632 }
644 633
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 01c7e311b904..5a32cb7c4bb4 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -18,6 +18,7 @@
18#include <linux/mm.h> 18#include <linux/mm.h>
19#include <linux/interrupt.h> 19#include <linux/interrupt.h>
20#include <linux/module.h> 20#include <linux/module.h>
21#include <linux/kthread.h>
21 22
22#include <linux/sunrpc/types.h> 23#include <linux/sunrpc/types.h>
23#include <linux/sunrpc/xdr.h> 24#include <linux/sunrpc/xdr.h>
@@ -291,15 +292,14 @@ svc_pool_map_put(void)
291 292
292 293
293/* 294/*
294 * Set the current thread's cpus_allowed mask so that it 295 * Set the given thread's cpus_allowed mask so that it
295 * will only run on cpus in the given pool. 296 * will only run on cpus in the given pool.
296 *
297 * Returns 1 and fills in oldmask iff a cpumask was applied.
298 */ 297 */
299static inline int 298static inline void
300svc_pool_map_set_cpumask(unsigned int pidx, cpumask_t *oldmask) 299svc_pool_map_set_cpumask(struct task_struct *task, unsigned int pidx)
301{ 300{
302 struct svc_pool_map *m = &svc_pool_map; 301 struct svc_pool_map *m = &svc_pool_map;
302 unsigned int node = m->pool_to[pidx];
303 303
304 /* 304 /*
305 * The caller checks for sv_nrpools > 1, which 305 * The caller checks for sv_nrpools > 1, which
@@ -307,26 +307,17 @@ svc_pool_map_set_cpumask(unsigned int pidx, cpumask_t *oldmask)
307 */ 307 */
308 BUG_ON(m->count == 0); 308 BUG_ON(m->count == 0);
309 309
310 switch (m->mode) 310 switch (m->mode) {
311 {
312 default:
313 return 0;
314 case SVC_POOL_PERCPU: 311 case SVC_POOL_PERCPU:
315 { 312 {
316 unsigned int cpu = m->pool_to[pidx]; 313 set_cpus_allowed_ptr(task, &cpumask_of_cpu(node));
317 314 break;
318 *oldmask = current->cpus_allowed;
319 set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
320 return 1;
321 } 315 }
322 case SVC_POOL_PERNODE: 316 case SVC_POOL_PERNODE:
323 { 317 {
324 unsigned int node = m->pool_to[pidx];
325 node_to_cpumask_ptr(nodecpumask, node); 318 node_to_cpumask_ptr(nodecpumask, node);
326 319 set_cpus_allowed_ptr(task, nodecpumask);
327 *oldmask = current->cpus_allowed; 320 break;
328 set_cpus_allowed_ptr(current, nodecpumask);
329 return 1;
330 } 321 }
331 } 322 }
332} 323}
@@ -443,7 +434,7 @@ EXPORT_SYMBOL(svc_create);
443struct svc_serv * 434struct svc_serv *
444svc_create_pooled(struct svc_program *prog, unsigned int bufsize, 435svc_create_pooled(struct svc_program *prog, unsigned int bufsize,
445 void (*shutdown)(struct svc_serv *serv), 436 void (*shutdown)(struct svc_serv *serv),
446 svc_thread_fn func, int sig, struct module *mod) 437 svc_thread_fn func, struct module *mod)
447{ 438{
448 struct svc_serv *serv; 439 struct svc_serv *serv;
449 unsigned int npools = svc_pool_map_get(); 440 unsigned int npools = svc_pool_map_get();
@@ -452,7 +443,6 @@ svc_create_pooled(struct svc_program *prog, unsigned int bufsize,
452 443
453 if (serv != NULL) { 444 if (serv != NULL) {
454 serv->sv_function = func; 445 serv->sv_function = func;
455 serv->sv_kill_signal = sig;
456 serv->sv_module = mod; 446 serv->sv_module = mod;
457 } 447 }
458 448
@@ -461,7 +451,8 @@ svc_create_pooled(struct svc_program *prog, unsigned int bufsize,
461EXPORT_SYMBOL(svc_create_pooled); 451EXPORT_SYMBOL(svc_create_pooled);
462 452
463/* 453/*
464 * Destroy an RPC service. Should be called with the BKL held 454 * Destroy an RPC service. Should be called with appropriate locking to
455 * protect the sv_nrthreads, sv_permsocks and sv_tempsocks.
465 */ 456 */
466void 457void
467svc_destroy(struct svc_serv *serv) 458svc_destroy(struct svc_serv *serv)
@@ -578,46 +569,6 @@ out_enomem:
578EXPORT_SYMBOL(svc_prepare_thread); 569EXPORT_SYMBOL(svc_prepare_thread);
579 570
580/* 571/*
581 * Create a thread in the given pool. Caller must hold BKL.
582 * On a NUMA or SMP machine, with a multi-pool serv, the thread
583 * will be restricted to run on the cpus belonging to the pool.
584 */
585static int
586__svc_create_thread(svc_thread_fn func, struct svc_serv *serv,
587 struct svc_pool *pool)
588{
589 struct svc_rqst *rqstp;
590 int error = -ENOMEM;
591 int have_oldmask = 0;
592 cpumask_t uninitialized_var(oldmask);
593
594 rqstp = svc_prepare_thread(serv, pool);
595 if (IS_ERR(rqstp)) {
596 error = PTR_ERR(rqstp);
597 goto out;
598 }
599
600 if (serv->sv_nrpools > 1)
601 have_oldmask = svc_pool_map_set_cpumask(pool->sp_id, &oldmask);
602
603 error = kernel_thread((int (*)(void *)) func, rqstp, 0);
604
605 if (have_oldmask)
606 set_cpus_allowed(current, oldmask);
607
608 if (error < 0)
609 goto out_thread;
610 svc_sock_update_bufs(serv);
611 error = 0;
612out:
613 return error;
614
615out_thread:
616 svc_exit_thread(rqstp);
617 goto out;
618}
619
620/*
621 * Choose a pool in which to create a new thread, for svc_set_num_threads 572 * Choose a pool in which to create a new thread, for svc_set_num_threads
622 */ 573 */
623static inline struct svc_pool * 574static inline struct svc_pool *
@@ -674,7 +625,7 @@ found_pool:
674 * of threads the given number. If `pool' is non-NULL, applies 625 * of threads the given number. If `pool' is non-NULL, applies
675 * only to threads in that pool, otherwise round-robins between 626 * only to threads in that pool, otherwise round-robins between
676 * all pools. Must be called with a svc_get() reference and 627 * all pools. Must be called with a svc_get() reference and
677 * the BKL held. 628 * the BKL or another lock to protect access to svc_serv fields.
678 * 629 *
679 * Destroying threads relies on the service threads filling in 630 * Destroying threads relies on the service threads filling in
680 * rqstp->rq_task, which only the nfs ones do. Assumes the serv 631 * rqstp->rq_task, which only the nfs ones do. Assumes the serv
@@ -686,7 +637,9 @@ found_pool:
686int 637int
687svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) 638svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
688{ 639{
689 struct task_struct *victim; 640 struct svc_rqst *rqstp;
641 struct task_struct *task;
642 struct svc_pool *chosen_pool;
690 int error = 0; 643 int error = 0;
691 unsigned int state = serv->sv_nrthreads-1; 644 unsigned int state = serv->sv_nrthreads-1;
692 645
@@ -702,18 +655,34 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
702 /* create new threads */ 655 /* create new threads */
703 while (nrservs > 0) { 656 while (nrservs > 0) {
704 nrservs--; 657 nrservs--;
658 chosen_pool = choose_pool(serv, pool, &state);
659
660 rqstp = svc_prepare_thread(serv, chosen_pool);
661 if (IS_ERR(rqstp)) {
662 error = PTR_ERR(rqstp);
663 break;
664 }
665
705 __module_get(serv->sv_module); 666 __module_get(serv->sv_module);
706 error = __svc_create_thread(serv->sv_function, serv, 667 task = kthread_create(serv->sv_function, rqstp, serv->sv_name);
707 choose_pool(serv, pool, &state)); 668 if (IS_ERR(task)) {
708 if (error < 0) { 669 error = PTR_ERR(task);
709 module_put(serv->sv_module); 670 module_put(serv->sv_module);
671 svc_exit_thread(rqstp);
710 break; 672 break;
711 } 673 }
674
675 rqstp->rq_task = task;
676 if (serv->sv_nrpools > 1)
677 svc_pool_map_set_cpumask(task, chosen_pool->sp_id);
678
679 svc_sock_update_bufs(serv);
680 wake_up_process(task);
712 } 681 }
713 /* destroy old threads */ 682 /* destroy old threads */
714 while (nrservs < 0 && 683 while (nrservs < 0 &&
715 (victim = choose_victim(serv, pool, &state)) != NULL) { 684 (task = choose_victim(serv, pool, &state)) != NULL) {
716 send_sig(serv->sv_kill_signal, victim, 1); 685 send_sig(SIGINT, task, 1);
717 nrservs++; 686 nrservs++;
718 } 687 }
719 688
@@ -722,7 +691,8 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
722EXPORT_SYMBOL(svc_set_num_threads); 691EXPORT_SYMBOL(svc_set_num_threads);
723 692
724/* 693/*
725 * Called from a server thread as it's exiting. Caller must hold BKL. 694 * Called from a server thread as it's exiting. Caller must hold the BKL or
695 * the "service mutex", whichever is appropriate for the service.
726 */ 696 */
727void 697void
728svc_exit_thread(struct svc_rqst *rqstp) 698svc_exit_thread(struct svc_rqst *rqstp)
diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
index 0f8c439b848a..5231f7aaac0e 100644
--- a/net/sunrpc/sysctl.c
+++ b/net/sunrpc/sysctl.c
@@ -60,24 +60,14 @@ static int proc_do_xprt(ctl_table *table, int write, struct file *file,
60 void __user *buffer, size_t *lenp, loff_t *ppos) 60 void __user *buffer, size_t *lenp, loff_t *ppos)
61{ 61{
62 char tmpbuf[256]; 62 char tmpbuf[256];
63 int len; 63 size_t len;
64
64 if ((*ppos && !write) || !*lenp) { 65 if ((*ppos && !write) || !*lenp) {
65 *lenp = 0; 66 *lenp = 0;
66 return 0; 67 return 0;
67 } 68 }
68 if (write) 69 len = svc_print_xprts(tmpbuf, sizeof(tmpbuf));
69 return -EINVAL; 70 return simple_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
70 else {
71 len = svc_print_xprts(tmpbuf, sizeof(tmpbuf));
72 if (!access_ok(VERIFY_WRITE, buffer, len))
73 return -EFAULT;
74
75 if (__copy_to_user(buffer, tmpbuf, len))
76 return -EFAULT;
77 }
78 *lenp -= len;
79 *ppos += len;
80 return 0;
81} 71}
82 72
83static int 73static int
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index e1770f7ba0b3..99a52aabe332 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -690,7 +690,7 @@ static void xprt_connect_status(struct rpc_task *task)
690{ 690{
691 struct rpc_xprt *xprt = task->tk_xprt; 691 struct rpc_xprt *xprt = task->tk_xprt;
692 692
693 if (task->tk_status >= 0) { 693 if (task->tk_status == 0) {
694 xprt->stat.connect_count++; 694 xprt->stat.connect_count++;
695 xprt->stat.connect_time += (long)jiffies - xprt->stat.connect_start; 695 xprt->stat.connect_time += (long)jiffies - xprt->stat.connect_start;
696 dprintk("RPC: %5u xprt_connect_status: connection established\n", 696 dprintk("RPC: %5u xprt_connect_status: connection established\n",
@@ -699,12 +699,6 @@ static void xprt_connect_status(struct rpc_task *task)
699 } 699 }
700 700
701 switch (task->tk_status) { 701 switch (task->tk_status) {
702 case -ECONNREFUSED:
703 case -ECONNRESET:
704 dprintk("RPC: %5u xprt_connect_status: server %s refused "
705 "connection\n", task->tk_pid,
706 task->tk_client->cl_server);
707 break;
708 case -ENOTCONN: 702 case -ENOTCONN:
709 dprintk("RPC: %5u xprt_connect_status: connection broken\n", 703 dprintk("RPC: %5u xprt_connect_status: connection broken\n",
710 task->tk_pid); 704 task->tk_pid);
@@ -878,6 +872,7 @@ void xprt_transmit(struct rpc_task *task)
878 return; 872 return;
879 873
880 req->rq_connect_cookie = xprt->connect_cookie; 874 req->rq_connect_cookie = xprt->connect_cookie;
875 req->rq_xtime = jiffies;
881 status = xprt->ops->send_request(task); 876 status = xprt->ops->send_request(task);
882 if (status == 0) { 877 if (status == 0) {
883 dprintk("RPC: %5u xmit complete\n", task->tk_pid); 878 dprintk("RPC: %5u xmit complete\n", task->tk_pid);
diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
index 88c0ca20bb1e..87101177825b 100644
--- a/net/sunrpc/xprtrdma/svc_rdma.c
+++ b/net/sunrpc/xprtrdma/svc_rdma.c
@@ -69,6 +69,10 @@ atomic_t rdma_stat_rq_prod;
69atomic_t rdma_stat_sq_poll; 69atomic_t rdma_stat_sq_poll;
70atomic_t rdma_stat_sq_prod; 70atomic_t rdma_stat_sq_prod;
71 71
72/* Temporary NFS request map and context caches */
73struct kmem_cache *svc_rdma_map_cachep;
74struct kmem_cache *svc_rdma_ctxt_cachep;
75
72/* 76/*
73 * This function implements reading and resetting an atomic_t stat 77 * This function implements reading and resetting an atomic_t stat
74 * variable through read/write to a proc file. Any write to the file 78 * variable through read/write to a proc file. Any write to the file
@@ -236,11 +240,14 @@ static ctl_table svcrdma_root_table[] = {
236void svc_rdma_cleanup(void) 240void svc_rdma_cleanup(void)
237{ 241{
238 dprintk("SVCRDMA Module Removed, deregister RPC RDMA transport\n"); 242 dprintk("SVCRDMA Module Removed, deregister RPC RDMA transport\n");
243 flush_scheduled_work();
239 if (svcrdma_table_header) { 244 if (svcrdma_table_header) {
240 unregister_sysctl_table(svcrdma_table_header); 245 unregister_sysctl_table(svcrdma_table_header);
241 svcrdma_table_header = NULL; 246 svcrdma_table_header = NULL;
242 } 247 }
243 svc_unreg_xprt_class(&svc_rdma_class); 248 svc_unreg_xprt_class(&svc_rdma_class);
249 kmem_cache_destroy(svc_rdma_map_cachep);
250 kmem_cache_destroy(svc_rdma_ctxt_cachep);
244} 251}
245 252
246int svc_rdma_init(void) 253int svc_rdma_init(void)
@@ -255,9 +262,37 @@ int svc_rdma_init(void)
255 svcrdma_table_header = 262 svcrdma_table_header =
256 register_sysctl_table(svcrdma_root_table); 263 register_sysctl_table(svcrdma_root_table);
257 264
265 /* Create the temporary map cache */
266 svc_rdma_map_cachep = kmem_cache_create("svc_rdma_map_cache",
267 sizeof(struct svc_rdma_req_map),
268 0,
269 SLAB_HWCACHE_ALIGN,
270 NULL);
271 if (!svc_rdma_map_cachep) {
272 printk(KERN_INFO "Could not allocate map cache.\n");
273 goto err0;
274 }
275
276 /* Create the temporary context cache */
277 svc_rdma_ctxt_cachep =
278 kmem_cache_create("svc_rdma_ctxt_cache",
279 sizeof(struct svc_rdma_op_ctxt),
280 0,
281 SLAB_HWCACHE_ALIGN,
282 NULL);
283 if (!svc_rdma_ctxt_cachep) {
284 printk(KERN_INFO "Could not allocate WR ctxt cache.\n");
285 goto err1;
286 }
287
258 /* Register RDMA with the SVC transport switch */ 288 /* Register RDMA with the SVC transport switch */
259 svc_reg_xprt_class(&svc_rdma_class); 289 svc_reg_xprt_class(&svc_rdma_class);
260 return 0; 290 return 0;
291 err1:
292 kmem_cache_destroy(svc_rdma_map_cachep);
293 err0:
294 unregister_sysctl_table(svcrdma_table_header);
295 return -ENOMEM;
261} 296}
262MODULE_AUTHOR("Tom Tucker <tom@opengridcomputing.com>"); 297MODULE_AUTHOR("Tom Tucker <tom@opengridcomputing.com>");
263MODULE_DESCRIPTION("SVC RDMA Transport"); 298MODULE_DESCRIPTION("SVC RDMA Transport");
diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
index 06ab4841537b..74de31a06616 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
@@ -112,11 +112,6 @@ static void rdma_build_arg_xdr(struct svc_rqst *rqstp,
112 rqstp->rq_arg.tail[0].iov_len = 0; 112 rqstp->rq_arg.tail[0].iov_len = 0;
113} 113}
114 114
115struct chunk_sge {
116 int start; /* sge no for this chunk */
117 int count; /* sge count for this chunk */
118};
119
120/* Encode a read-chunk-list as an array of IB SGE 115/* Encode a read-chunk-list as an array of IB SGE
121 * 116 *
122 * Assumptions: 117 * Assumptions:
@@ -134,8 +129,8 @@ static int rdma_rcl_to_sge(struct svcxprt_rdma *xprt,
134 struct svc_rqst *rqstp, 129 struct svc_rqst *rqstp,
135 struct svc_rdma_op_ctxt *head, 130 struct svc_rdma_op_ctxt *head,
136 struct rpcrdma_msg *rmsgp, 131 struct rpcrdma_msg *rmsgp,
137 struct ib_sge *sge, 132 struct svc_rdma_req_map *rpl_map,
138 struct chunk_sge *ch_sge_ary, 133 struct svc_rdma_req_map *chl_map,
139 int ch_count, 134 int ch_count,
140 int byte_count) 135 int byte_count)
141{ 136{
@@ -156,22 +151,18 @@ static int rdma_rcl_to_sge(struct svcxprt_rdma *xprt,
156 head->arg.head[0] = rqstp->rq_arg.head[0]; 151 head->arg.head[0] = rqstp->rq_arg.head[0];
157 head->arg.tail[0] = rqstp->rq_arg.tail[0]; 152 head->arg.tail[0] = rqstp->rq_arg.tail[0];
158 head->arg.pages = &head->pages[head->count]; 153 head->arg.pages = &head->pages[head->count];
159 head->sge[0].length = head->count; /* save count of hdr pages */ 154 head->hdr_count = head->count; /* save count of hdr pages */
160 head->arg.page_base = 0; 155 head->arg.page_base = 0;
161 head->arg.page_len = ch_bytes; 156 head->arg.page_len = ch_bytes;
162 head->arg.len = rqstp->rq_arg.len + ch_bytes; 157 head->arg.len = rqstp->rq_arg.len + ch_bytes;
163 head->arg.buflen = rqstp->rq_arg.buflen + ch_bytes; 158 head->arg.buflen = rqstp->rq_arg.buflen + ch_bytes;
164 head->count++; 159 head->count++;
165 ch_sge_ary[0].start = 0; 160 chl_map->ch[0].start = 0;
166 while (byte_count) { 161 while (byte_count) {
162 rpl_map->sge[sge_no].iov_base =
163 page_address(rqstp->rq_arg.pages[page_no]) + page_off;
167 sge_bytes = min_t(int, PAGE_SIZE-page_off, ch_bytes); 164 sge_bytes = min_t(int, PAGE_SIZE-page_off, ch_bytes);
168 sge[sge_no].addr = 165 rpl_map->sge[sge_no].iov_len = sge_bytes;
169 ib_dma_map_page(xprt->sc_cm_id->device,
170 rqstp->rq_arg.pages[page_no],
171 page_off, sge_bytes,
172 DMA_FROM_DEVICE);
173 sge[sge_no].length = sge_bytes;
174 sge[sge_no].lkey = xprt->sc_phys_mr->lkey;
175 /* 166 /*
176 * Don't bump head->count here because the same page 167 * Don't bump head->count here because the same page
177 * may be used by multiple SGE. 168 * may be used by multiple SGE.
@@ -187,11 +178,11 @@ static int rdma_rcl_to_sge(struct svcxprt_rdma *xprt,
187 * SGE, move to the next SGE 178 * SGE, move to the next SGE
188 */ 179 */
189 if (ch_bytes == 0) { 180 if (ch_bytes == 0) {
190 ch_sge_ary[ch_no].count = 181 chl_map->ch[ch_no].count =
191 sge_no - ch_sge_ary[ch_no].start; 182 sge_no - chl_map->ch[ch_no].start;
192 ch_no++; 183 ch_no++;
193 ch++; 184 ch++;
194 ch_sge_ary[ch_no].start = sge_no; 185 chl_map->ch[ch_no].start = sge_no;
195 ch_bytes = ch->rc_target.rs_length; 186 ch_bytes = ch->rc_target.rs_length;
196 /* If bytes remaining account for next chunk */ 187 /* If bytes remaining account for next chunk */
197 if (byte_count) { 188 if (byte_count) {
@@ -220,18 +211,25 @@ static int rdma_rcl_to_sge(struct svcxprt_rdma *xprt,
220 return sge_no; 211 return sge_no;
221} 212}
222 213
223static void rdma_set_ctxt_sge(struct svc_rdma_op_ctxt *ctxt, 214static void rdma_set_ctxt_sge(struct svcxprt_rdma *xprt,
224 struct ib_sge *sge, 215 struct svc_rdma_op_ctxt *ctxt,
216 struct kvec *vec,
225 u64 *sgl_offset, 217 u64 *sgl_offset,
226 int count) 218 int count)
227{ 219{
228 int i; 220 int i;
229 221
230 ctxt->count = count; 222 ctxt->count = count;
223 ctxt->direction = DMA_FROM_DEVICE;
231 for (i = 0; i < count; i++) { 224 for (i = 0; i < count; i++) {
232 ctxt->sge[i].addr = sge[i].addr; 225 atomic_inc(&xprt->sc_dma_used);
233 ctxt->sge[i].length = sge[i].length; 226 ctxt->sge[i].addr =
234 *sgl_offset = *sgl_offset + sge[i].length; 227 ib_dma_map_single(xprt->sc_cm_id->device,
228 vec[i].iov_base, vec[i].iov_len,
229 DMA_FROM_DEVICE);
230 ctxt->sge[i].length = vec[i].iov_len;
231 ctxt->sge[i].lkey = xprt->sc_phys_mr->lkey;
232 *sgl_offset = *sgl_offset + vec[i].iov_len;
235 } 233 }
236} 234}
237 235
@@ -282,34 +280,29 @@ static int rdma_read_xdr(struct svcxprt_rdma *xprt,
282 struct ib_send_wr read_wr; 280 struct ib_send_wr read_wr;
283 int err = 0; 281 int err = 0;
284 int ch_no; 282 int ch_no;
285 struct ib_sge *sge;
286 int ch_count; 283 int ch_count;
287 int byte_count; 284 int byte_count;
288 int sge_count; 285 int sge_count;
289 u64 sgl_offset; 286 u64 sgl_offset;
290 struct rpcrdma_read_chunk *ch; 287 struct rpcrdma_read_chunk *ch;
291 struct svc_rdma_op_ctxt *ctxt = NULL; 288 struct svc_rdma_op_ctxt *ctxt = NULL;
292 struct svc_rdma_op_ctxt *tmp_sge_ctxt; 289 struct svc_rdma_req_map *rpl_map;
293 struct svc_rdma_op_ctxt *tmp_ch_ctxt; 290 struct svc_rdma_req_map *chl_map;
294 struct chunk_sge *ch_sge_ary;
295 291
296 /* If no read list is present, return 0 */ 292 /* If no read list is present, return 0 */
297 ch = svc_rdma_get_read_chunk(rmsgp); 293 ch = svc_rdma_get_read_chunk(rmsgp);
298 if (!ch) 294 if (!ch)
299 return 0; 295 return 0;
300 296
301 /* Allocate temporary contexts to keep SGE */ 297 /* Allocate temporary reply and chunk maps */
302 BUG_ON(sizeof(struct ib_sge) < sizeof(struct chunk_sge)); 298 rpl_map = svc_rdma_get_req_map();
303 tmp_sge_ctxt = svc_rdma_get_context(xprt); 299 chl_map = svc_rdma_get_req_map();
304 sge = tmp_sge_ctxt->sge;
305 tmp_ch_ctxt = svc_rdma_get_context(xprt);
306 ch_sge_ary = (struct chunk_sge *)tmp_ch_ctxt->sge;
307 300
308 svc_rdma_rcl_chunk_counts(ch, &ch_count, &byte_count); 301 svc_rdma_rcl_chunk_counts(ch, &ch_count, &byte_count);
309 if (ch_count > RPCSVC_MAXPAGES) 302 if (ch_count > RPCSVC_MAXPAGES)
310 return -EINVAL; 303 return -EINVAL;
311 sge_count = rdma_rcl_to_sge(xprt, rqstp, hdr_ctxt, rmsgp, 304 sge_count = rdma_rcl_to_sge(xprt, rqstp, hdr_ctxt, rmsgp,
312 sge, ch_sge_ary, 305 rpl_map, chl_map,
313 ch_count, byte_count); 306 ch_count, byte_count);
314 sgl_offset = 0; 307 sgl_offset = 0;
315 ch_no = 0; 308 ch_no = 0;
@@ -331,14 +324,15 @@ next_sge:
331 read_wr.wr.rdma.remote_addr = 324 read_wr.wr.rdma.remote_addr =
332 get_unaligned(&(ch->rc_target.rs_offset)) + 325 get_unaligned(&(ch->rc_target.rs_offset)) +
333 sgl_offset; 326 sgl_offset;
334 read_wr.sg_list = &sge[ch_sge_ary[ch_no].start]; 327 read_wr.sg_list = ctxt->sge;
335 read_wr.num_sge = 328 read_wr.num_sge =
336 rdma_read_max_sge(xprt, ch_sge_ary[ch_no].count); 329 rdma_read_max_sge(xprt, chl_map->ch[ch_no].count);
337 rdma_set_ctxt_sge(ctxt, &sge[ch_sge_ary[ch_no].start], 330 rdma_set_ctxt_sge(xprt, ctxt,
331 &rpl_map->sge[chl_map->ch[ch_no].start],
338 &sgl_offset, 332 &sgl_offset,
339 read_wr.num_sge); 333 read_wr.num_sge);
340 if (((ch+1)->rc_discrim == 0) && 334 if (((ch+1)->rc_discrim == 0) &&
341 (read_wr.num_sge == ch_sge_ary[ch_no].count)) { 335 (read_wr.num_sge == chl_map->ch[ch_no].count)) {
342 /* 336 /*
343 * Mark the last RDMA_READ with a bit to 337 * Mark the last RDMA_READ with a bit to
344 * indicate all RPC data has been fetched from 338 * indicate all RPC data has been fetched from
@@ -358,9 +352,9 @@ next_sge:
358 } 352 }
359 atomic_inc(&rdma_stat_read); 353 atomic_inc(&rdma_stat_read);
360 354
361 if (read_wr.num_sge < ch_sge_ary[ch_no].count) { 355 if (read_wr.num_sge < chl_map->ch[ch_no].count) {
362 ch_sge_ary[ch_no].count -= read_wr.num_sge; 356 chl_map->ch[ch_no].count -= read_wr.num_sge;
363 ch_sge_ary[ch_no].start += read_wr.num_sge; 357 chl_map->ch[ch_no].start += read_wr.num_sge;
364 goto next_sge; 358 goto next_sge;
365 } 359 }
366 sgl_offset = 0; 360 sgl_offset = 0;
@@ -368,8 +362,8 @@ next_sge:
368 } 362 }
369 363
370 out: 364 out:
371 svc_rdma_put_context(tmp_sge_ctxt, 0); 365 svc_rdma_put_req_map(rpl_map);
372 svc_rdma_put_context(tmp_ch_ctxt, 0); 366 svc_rdma_put_req_map(chl_map);
373 367
374 /* Detach arg pages. svc_recv will replenish them */ 368 /* Detach arg pages. svc_recv will replenish them */
375 for (ch_no = 0; &rqstp->rq_pages[ch_no] < rqstp->rq_respages; ch_no++) 369 for (ch_no = 0; &rqstp->rq_pages[ch_no] < rqstp->rq_respages; ch_no++)
@@ -399,7 +393,7 @@ static int rdma_read_complete(struct svc_rqst *rqstp,
399 rqstp->rq_pages[page_no] = head->pages[page_no]; 393 rqstp->rq_pages[page_no] = head->pages[page_no];
400 } 394 }
401 /* Point rq_arg.pages past header */ 395 /* Point rq_arg.pages past header */
402 rqstp->rq_arg.pages = &rqstp->rq_pages[head->sge[0].length]; 396 rqstp->rq_arg.pages = &rqstp->rq_pages[head->hdr_count];
403 rqstp->rq_arg.page_len = head->arg.page_len; 397 rqstp->rq_arg.page_len = head->arg.page_len;
404 rqstp->rq_arg.page_base = head->arg.page_base; 398 rqstp->rq_arg.page_base = head->arg.page_base;
405 399
@@ -449,18 +443,18 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp)
449 443
450 dprintk("svcrdma: rqstp=%p\n", rqstp); 444 dprintk("svcrdma: rqstp=%p\n", rqstp);
451 445
452 spin_lock_bh(&rdma_xprt->sc_read_complete_lock); 446 spin_lock_bh(&rdma_xprt->sc_rq_dto_lock);
453 if (!list_empty(&rdma_xprt->sc_read_complete_q)) { 447 if (!list_empty(&rdma_xprt->sc_read_complete_q)) {
454 ctxt = list_entry(rdma_xprt->sc_read_complete_q.next, 448 ctxt = list_entry(rdma_xprt->sc_read_complete_q.next,
455 struct svc_rdma_op_ctxt, 449 struct svc_rdma_op_ctxt,
456 dto_q); 450 dto_q);
457 list_del_init(&ctxt->dto_q); 451 list_del_init(&ctxt->dto_q);
458 } 452 }
459 spin_unlock_bh(&rdma_xprt->sc_read_complete_lock); 453 if (ctxt) {
460 if (ctxt) 454 spin_unlock_bh(&rdma_xprt->sc_rq_dto_lock);
461 return rdma_read_complete(rqstp, ctxt); 455 return rdma_read_complete(rqstp, ctxt);
456 }
462 457
463 spin_lock_bh(&rdma_xprt->sc_rq_dto_lock);
464 if (!list_empty(&rdma_xprt->sc_rq_dto_q)) { 458 if (!list_empty(&rdma_xprt->sc_rq_dto_q)) {
465 ctxt = list_entry(rdma_xprt->sc_rq_dto_q.next, 459 ctxt = list_entry(rdma_xprt->sc_rq_dto_q.next,
466 struct svc_rdma_op_ctxt, 460 struct svc_rdma_op_ctxt,
diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
index fb82b1b683f8..84d328329d98 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
@@ -63,52 +63,44 @@
63 * SGE[2..sge_count-2] data from xdr->pages[] 63 * SGE[2..sge_count-2] data from xdr->pages[]
64 * SGE[sge_count-1] data from xdr->tail. 64 * SGE[sge_count-1] data from xdr->tail.
65 * 65 *
66 * The max SGE we need is the length of the XDR / pagesize + one for
67 * head + one for tail + one for RPCRDMA header. Since RPCSVC_MAXPAGES
68 * reserves a page for both the request and the reply header, and this
69 * array is only concerned with the reply we are assured that we have
70 * on extra page for the RPCRMDA header.
66 */ 71 */
67static struct ib_sge *xdr_to_sge(struct svcxprt_rdma *xprt, 72static void xdr_to_sge(struct svcxprt_rdma *xprt,
68 struct xdr_buf *xdr, 73 struct xdr_buf *xdr,
69 struct ib_sge *sge, 74 struct svc_rdma_req_map *vec)
70 int *sge_count)
71{ 75{
72 /* Max we need is the length of the XDR / pagesize + one for
73 * head + one for tail + one for RPCRDMA header
74 */
75 int sge_max = (xdr->len+PAGE_SIZE-1) / PAGE_SIZE + 3; 76 int sge_max = (xdr->len+PAGE_SIZE-1) / PAGE_SIZE + 3;
76 int sge_no; 77 int sge_no;
77 u32 byte_count = xdr->len;
78 u32 sge_bytes; 78 u32 sge_bytes;
79 u32 page_bytes; 79 u32 page_bytes;
80 int page_off; 80 u32 page_off;
81 int page_no; 81 int page_no;
82 82
83 BUG_ON(xdr->len !=
84 (xdr->head[0].iov_len + xdr->page_len + xdr->tail[0].iov_len));
85
83 /* Skip the first sge, this is for the RPCRDMA header */ 86 /* Skip the first sge, this is for the RPCRDMA header */
84 sge_no = 1; 87 sge_no = 1;
85 88
86 /* Head SGE */ 89 /* Head SGE */
87 sge[sge_no].addr = ib_dma_map_single(xprt->sc_cm_id->device, 90 vec->sge[sge_no].iov_base = xdr->head[0].iov_base;
88 xdr->head[0].iov_base, 91 vec->sge[sge_no].iov_len = xdr->head[0].iov_len;
89 xdr->head[0].iov_len,
90 DMA_TO_DEVICE);
91 sge_bytes = min_t(u32, byte_count, xdr->head[0].iov_len);
92 byte_count -= sge_bytes;
93 sge[sge_no].length = sge_bytes;
94 sge[sge_no].lkey = xprt->sc_phys_mr->lkey;
95 sge_no++; 92 sge_no++;
96 93
97 /* pages SGE */ 94 /* pages SGE */
98 page_no = 0; 95 page_no = 0;
99 page_bytes = xdr->page_len; 96 page_bytes = xdr->page_len;
100 page_off = xdr->page_base; 97 page_off = xdr->page_base;
101 while (byte_count && page_bytes) { 98 while (page_bytes) {
102 sge_bytes = min_t(u32, byte_count, (PAGE_SIZE-page_off)); 99 vec->sge[sge_no].iov_base =
103 sge[sge_no].addr = 100 page_address(xdr->pages[page_no]) + page_off;
104 ib_dma_map_page(xprt->sc_cm_id->device, 101 sge_bytes = min_t(u32, page_bytes, (PAGE_SIZE - page_off));
105 xdr->pages[page_no], page_off,
106 sge_bytes, DMA_TO_DEVICE);
107 sge_bytes = min(sge_bytes, page_bytes);
108 byte_count -= sge_bytes;
109 page_bytes -= sge_bytes; 102 page_bytes -= sge_bytes;
110 sge[sge_no].length = sge_bytes; 103 vec->sge[sge_no].iov_len = sge_bytes;
111 sge[sge_no].lkey = xprt->sc_phys_mr->lkey;
112 104
113 sge_no++; 105 sge_no++;
114 page_no++; 106 page_no++;
@@ -116,36 +108,24 @@ static struct ib_sge *xdr_to_sge(struct svcxprt_rdma *xprt,
116 } 108 }
117 109
118 /* Tail SGE */ 110 /* Tail SGE */
119 if (byte_count && xdr->tail[0].iov_len) { 111 if (xdr->tail[0].iov_len) {
120 sge[sge_no].addr = 112 vec->sge[sge_no].iov_base = xdr->tail[0].iov_base;
121 ib_dma_map_single(xprt->sc_cm_id->device, 113 vec->sge[sge_no].iov_len = xdr->tail[0].iov_len;
122 xdr->tail[0].iov_base,
123 xdr->tail[0].iov_len,
124 DMA_TO_DEVICE);
125 sge_bytes = min_t(u32, byte_count, xdr->tail[0].iov_len);
126 byte_count -= sge_bytes;
127 sge[sge_no].length = sge_bytes;
128 sge[sge_no].lkey = xprt->sc_phys_mr->lkey;
129 sge_no++; 114 sge_no++;
130 } 115 }
131 116
132 BUG_ON(sge_no > sge_max); 117 BUG_ON(sge_no > sge_max);
133 BUG_ON(byte_count != 0); 118 vec->count = sge_no;
134
135 *sge_count = sge_no;
136 return sge;
137} 119}
138 120
139
140/* Assumptions: 121/* Assumptions:
141 * - The specified write_len can be represented in sc_max_sge * PAGE_SIZE 122 * - The specified write_len can be represented in sc_max_sge * PAGE_SIZE
142 */ 123 */
143static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp, 124static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp,
144 u32 rmr, u64 to, 125 u32 rmr, u64 to,
145 u32 xdr_off, int write_len, 126 u32 xdr_off, int write_len,
146 struct ib_sge *xdr_sge, int sge_count) 127 struct svc_rdma_req_map *vec)
147{ 128{
148 struct svc_rdma_op_ctxt *tmp_sge_ctxt;
149 struct ib_send_wr write_wr; 129 struct ib_send_wr write_wr;
150 struct ib_sge *sge; 130 struct ib_sge *sge;
151 int xdr_sge_no; 131 int xdr_sge_no;
@@ -154,25 +134,23 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp,
154 int sge_off; 134 int sge_off;
155 int bc; 135 int bc;
156 struct svc_rdma_op_ctxt *ctxt; 136 struct svc_rdma_op_ctxt *ctxt;
157 int ret = 0;
158 137
159 BUG_ON(sge_count > RPCSVC_MAXPAGES); 138 BUG_ON(vec->count > RPCSVC_MAXPAGES);
160 dprintk("svcrdma: RDMA_WRITE rmr=%x, to=%llx, xdr_off=%d, " 139 dprintk("svcrdma: RDMA_WRITE rmr=%x, to=%llx, xdr_off=%d, "
161 "write_len=%d, xdr_sge=%p, sge_count=%d\n", 140 "write_len=%d, vec->sge=%p, vec->count=%lu\n",
162 rmr, (unsigned long long)to, xdr_off, 141 rmr, (unsigned long long)to, xdr_off,
163 write_len, xdr_sge, sge_count); 142 write_len, vec->sge, vec->count);
164 143
165 ctxt = svc_rdma_get_context(xprt); 144 ctxt = svc_rdma_get_context(xprt);
166 ctxt->count = 0; 145 ctxt->direction = DMA_TO_DEVICE;
167 tmp_sge_ctxt = svc_rdma_get_context(xprt); 146 sge = ctxt->sge;
168 sge = tmp_sge_ctxt->sge;
169 147
170 /* Find the SGE associated with xdr_off */ 148 /* Find the SGE associated with xdr_off */
171 for (bc = xdr_off, xdr_sge_no = 1; bc && xdr_sge_no < sge_count; 149 for (bc = xdr_off, xdr_sge_no = 1; bc && xdr_sge_no < vec->count;
172 xdr_sge_no++) { 150 xdr_sge_no++) {
173 if (xdr_sge[xdr_sge_no].length > bc) 151 if (vec->sge[xdr_sge_no].iov_len > bc)
174 break; 152 break;
175 bc -= xdr_sge[xdr_sge_no].length; 153 bc -= vec->sge[xdr_sge_no].iov_len;
176 } 154 }
177 155
178 sge_off = bc; 156 sge_off = bc;
@@ -180,21 +158,29 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp,
180 sge_no = 0; 158 sge_no = 0;
181 159
182 /* Copy the remaining SGE */ 160 /* Copy the remaining SGE */
183 while (bc != 0 && xdr_sge_no < sge_count) { 161 while (bc != 0 && xdr_sge_no < vec->count) {
184 sge[sge_no].addr = xdr_sge[xdr_sge_no].addr + sge_off; 162 sge[sge_no].lkey = xprt->sc_phys_mr->lkey;
185 sge[sge_no].lkey = xdr_sge[xdr_sge_no].lkey;
186 sge_bytes = min((size_t)bc, 163 sge_bytes = min((size_t)bc,
187 (size_t)(xdr_sge[xdr_sge_no].length-sge_off)); 164 (size_t)(vec->sge[xdr_sge_no].iov_len-sge_off));
188 sge[sge_no].length = sge_bytes; 165 sge[sge_no].length = sge_bytes;
189 166 atomic_inc(&xprt->sc_dma_used);
167 sge[sge_no].addr =
168 ib_dma_map_single(xprt->sc_cm_id->device,
169 (void *)
170 vec->sge[xdr_sge_no].iov_base + sge_off,
171 sge_bytes, DMA_TO_DEVICE);
172 if (dma_mapping_error(xprt->sc_cm_id->device->dma_device,
173 sge[sge_no].addr))
174 goto err;
190 sge_off = 0; 175 sge_off = 0;
191 sge_no++; 176 sge_no++;
177 ctxt->count++;
192 xdr_sge_no++; 178 xdr_sge_no++;
193 bc -= sge_bytes; 179 bc -= sge_bytes;
194 } 180 }
195 181
196 BUG_ON(bc != 0); 182 BUG_ON(bc != 0);
197 BUG_ON(xdr_sge_no > sge_count); 183 BUG_ON(xdr_sge_no > vec->count);
198 184
199 /* Prepare WRITE WR */ 185 /* Prepare WRITE WR */
200 memset(&write_wr, 0, sizeof write_wr); 186 memset(&write_wr, 0, sizeof write_wr);
@@ -209,21 +195,20 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp,
209 195
210 /* Post It */ 196 /* Post It */
211 atomic_inc(&rdma_stat_write); 197 atomic_inc(&rdma_stat_write);
212 if (svc_rdma_send(xprt, &write_wr)) { 198 if (svc_rdma_send(xprt, &write_wr))
213 svc_rdma_put_context(ctxt, 1); 199 goto err;
214 /* Fatal error, close transport */ 200 return 0;
215 ret = -EIO; 201 err:
216 } 202 svc_rdma_put_context(ctxt, 0);
217 svc_rdma_put_context(tmp_sge_ctxt, 0); 203 /* Fatal error, close transport */
218 return ret; 204 return -EIO;
219} 205}
220 206
221static int send_write_chunks(struct svcxprt_rdma *xprt, 207static int send_write_chunks(struct svcxprt_rdma *xprt,
222 struct rpcrdma_msg *rdma_argp, 208 struct rpcrdma_msg *rdma_argp,
223 struct rpcrdma_msg *rdma_resp, 209 struct rpcrdma_msg *rdma_resp,
224 struct svc_rqst *rqstp, 210 struct svc_rqst *rqstp,
225 struct ib_sge *sge, 211 struct svc_rdma_req_map *vec)
226 int sge_count)
227{ 212{
228 u32 xfer_len = rqstp->rq_res.page_len + rqstp->rq_res.tail[0].iov_len; 213 u32 xfer_len = rqstp->rq_res.page_len + rqstp->rq_res.tail[0].iov_len;
229 int write_len; 214 int write_len;
@@ -269,8 +254,7 @@ static int send_write_chunks(struct svcxprt_rdma *xprt,
269 rs_offset + chunk_off, 254 rs_offset + chunk_off,
270 xdr_off, 255 xdr_off,
271 this_write, 256 this_write,
272 sge, 257 vec);
273 sge_count);
274 if (ret) { 258 if (ret) {
275 dprintk("svcrdma: RDMA_WRITE failed, ret=%d\n", 259 dprintk("svcrdma: RDMA_WRITE failed, ret=%d\n",
276 ret); 260 ret);
@@ -292,8 +276,7 @@ static int send_reply_chunks(struct svcxprt_rdma *xprt,
292 struct rpcrdma_msg *rdma_argp, 276 struct rpcrdma_msg *rdma_argp,
293 struct rpcrdma_msg *rdma_resp, 277 struct rpcrdma_msg *rdma_resp,
294 struct svc_rqst *rqstp, 278 struct svc_rqst *rqstp,
295 struct ib_sge *sge, 279 struct svc_rdma_req_map *vec)
296 int sge_count)
297{ 280{
298 u32 xfer_len = rqstp->rq_res.len; 281 u32 xfer_len = rqstp->rq_res.len;
299 int write_len; 282 int write_len;
@@ -341,8 +324,7 @@ static int send_reply_chunks(struct svcxprt_rdma *xprt,
341 rs_offset + chunk_off, 324 rs_offset + chunk_off,
342 xdr_off, 325 xdr_off,
343 this_write, 326 this_write,
344 sge, 327 vec);
345 sge_count);
346 if (ret) { 328 if (ret) {
347 dprintk("svcrdma: RDMA_WRITE failed, ret=%d\n", 329 dprintk("svcrdma: RDMA_WRITE failed, ret=%d\n",
348 ret); 330 ret);
@@ -380,7 +362,7 @@ static int send_reply(struct svcxprt_rdma *rdma,
380 struct page *page, 362 struct page *page,
381 struct rpcrdma_msg *rdma_resp, 363 struct rpcrdma_msg *rdma_resp,
382 struct svc_rdma_op_ctxt *ctxt, 364 struct svc_rdma_op_ctxt *ctxt,
383 int sge_count, 365 struct svc_rdma_req_map *vec,
384 int byte_count) 366 int byte_count)
385{ 367{
386 struct ib_send_wr send_wr; 368 struct ib_send_wr send_wr;
@@ -405,6 +387,7 @@ static int send_reply(struct svcxprt_rdma *rdma,
405 ctxt->count = 1; 387 ctxt->count = 1;
406 388
407 /* Prepare the SGE for the RPCRDMA Header */ 389 /* Prepare the SGE for the RPCRDMA Header */
390 atomic_inc(&rdma->sc_dma_used);
408 ctxt->sge[0].addr = 391 ctxt->sge[0].addr =
409 ib_dma_map_page(rdma->sc_cm_id->device, 392 ib_dma_map_page(rdma->sc_cm_id->device,
410 page, 0, PAGE_SIZE, DMA_TO_DEVICE); 393 page, 0, PAGE_SIZE, DMA_TO_DEVICE);
@@ -413,10 +396,16 @@ static int send_reply(struct svcxprt_rdma *rdma,
413 ctxt->sge[0].lkey = rdma->sc_phys_mr->lkey; 396 ctxt->sge[0].lkey = rdma->sc_phys_mr->lkey;
414 397
415 /* Determine how many of our SGE are to be transmitted */ 398 /* Determine how many of our SGE are to be transmitted */
416 for (sge_no = 1; byte_count && sge_no < sge_count; sge_no++) { 399 for (sge_no = 1; byte_count && sge_no < vec->count; sge_no++) {
417 sge_bytes = min((size_t)ctxt->sge[sge_no].length, 400 sge_bytes = min_t(size_t, vec->sge[sge_no].iov_len, byte_count);
418 (size_t)byte_count);
419 byte_count -= sge_bytes; 401 byte_count -= sge_bytes;
402 atomic_inc(&rdma->sc_dma_used);
403 ctxt->sge[sge_no].addr =
404 ib_dma_map_single(rdma->sc_cm_id->device,
405 vec->sge[sge_no].iov_base,
406 sge_bytes, DMA_TO_DEVICE);
407 ctxt->sge[sge_no].length = sge_bytes;
408 ctxt->sge[sge_no].lkey = rdma->sc_phys_mr->lkey;
420 } 409 }
421 BUG_ON(byte_count != 0); 410 BUG_ON(byte_count != 0);
422 411
@@ -428,8 +417,10 @@ static int send_reply(struct svcxprt_rdma *rdma,
428 ctxt->pages[page_no+1] = rqstp->rq_respages[page_no]; 417 ctxt->pages[page_no+1] = rqstp->rq_respages[page_no];
429 ctxt->count++; 418 ctxt->count++;
430 rqstp->rq_respages[page_no] = NULL; 419 rqstp->rq_respages[page_no] = NULL;
420 /* If there are more pages than SGE, terminate SGE list */
421 if (page_no+1 >= sge_no)
422 ctxt->sge[page_no+1].length = 0;
431 } 423 }
432
433 BUG_ON(sge_no > rdma->sc_max_sge); 424 BUG_ON(sge_no > rdma->sc_max_sge);
434 memset(&send_wr, 0, sizeof send_wr); 425 memset(&send_wr, 0, sizeof send_wr);
435 ctxt->wr_op = IB_WR_SEND; 426 ctxt->wr_op = IB_WR_SEND;
@@ -473,20 +464,20 @@ int svc_rdma_sendto(struct svc_rqst *rqstp)
473 enum rpcrdma_proc reply_type; 464 enum rpcrdma_proc reply_type;
474 int ret; 465 int ret;
475 int inline_bytes; 466 int inline_bytes;
476 struct ib_sge *sge;
477 int sge_count = 0;
478 struct page *res_page; 467 struct page *res_page;
479 struct svc_rdma_op_ctxt *ctxt; 468 struct svc_rdma_op_ctxt *ctxt;
469 struct svc_rdma_req_map *vec;
480 470
481 dprintk("svcrdma: sending response for rqstp=%p\n", rqstp); 471 dprintk("svcrdma: sending response for rqstp=%p\n", rqstp);
482 472
483 /* Get the RDMA request header. */ 473 /* Get the RDMA request header. */
484 rdma_argp = xdr_start(&rqstp->rq_arg); 474 rdma_argp = xdr_start(&rqstp->rq_arg);
485 475
486 /* Build an SGE for the XDR */ 476 /* Build an req vec for the XDR */
487 ctxt = svc_rdma_get_context(rdma); 477 ctxt = svc_rdma_get_context(rdma);
488 ctxt->direction = DMA_TO_DEVICE; 478 ctxt->direction = DMA_TO_DEVICE;
489 sge = xdr_to_sge(rdma, &rqstp->rq_res, ctxt->sge, &sge_count); 479 vec = svc_rdma_get_req_map();
480 xdr_to_sge(rdma, &rqstp->rq_res, vec);
490 481
491 inline_bytes = rqstp->rq_res.len; 482 inline_bytes = rqstp->rq_res.len;
492 483
@@ -503,7 +494,7 @@ int svc_rdma_sendto(struct svc_rqst *rqstp)
503 494
504 /* Send any write-chunk data and build resp write-list */ 495 /* Send any write-chunk data and build resp write-list */
505 ret = send_write_chunks(rdma, rdma_argp, rdma_resp, 496 ret = send_write_chunks(rdma, rdma_argp, rdma_resp,
506 rqstp, sge, sge_count); 497 rqstp, vec);
507 if (ret < 0) { 498 if (ret < 0) {
508 printk(KERN_ERR "svcrdma: failed to send write chunks, rc=%d\n", 499 printk(KERN_ERR "svcrdma: failed to send write chunks, rc=%d\n",
509 ret); 500 ret);
@@ -513,7 +504,7 @@ int svc_rdma_sendto(struct svc_rqst *rqstp)
513 504
514 /* Send any reply-list data and update resp reply-list */ 505 /* Send any reply-list data and update resp reply-list */
515 ret = send_reply_chunks(rdma, rdma_argp, rdma_resp, 506 ret = send_reply_chunks(rdma, rdma_argp, rdma_resp,
516 rqstp, sge, sge_count); 507 rqstp, vec);
517 if (ret < 0) { 508 if (ret < 0) {
518 printk(KERN_ERR "svcrdma: failed to send reply chunks, rc=%d\n", 509 printk(KERN_ERR "svcrdma: failed to send reply chunks, rc=%d\n",
519 ret); 510 ret);
@@ -521,11 +512,13 @@ int svc_rdma_sendto(struct svc_rqst *rqstp)
521 } 512 }
522 inline_bytes -= ret; 513 inline_bytes -= ret;
523 514
524 ret = send_reply(rdma, rqstp, res_page, rdma_resp, ctxt, sge_count, 515 ret = send_reply(rdma, rqstp, res_page, rdma_resp, ctxt, vec,
525 inline_bytes); 516 inline_bytes);
517 svc_rdma_put_req_map(vec);
526 dprintk("svcrdma: send_reply returns %d\n", ret); 518 dprintk("svcrdma: send_reply returns %d\n", ret);
527 return ret; 519 return ret;
528 error: 520 error:
521 svc_rdma_put_req_map(vec);
529 svc_rdma_put_context(ctxt, 0); 522 svc_rdma_put_context(ctxt, 0);
530 put_page(res_page); 523 put_page(res_page);
531 return ret; 524 return ret;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c
index e132509d1db0..900cb69728c6 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c
@@ -84,70 +84,37 @@ struct svc_xprt_class svc_rdma_class = {
84 .xcl_max_payload = RPCSVC_MAXPAYLOAD_TCP, 84 .xcl_max_payload = RPCSVC_MAXPAYLOAD_TCP,
85}; 85};
86 86
87static int rdma_bump_context_cache(struct svcxprt_rdma *xprt) 87/* WR context cache. Created in svc_rdma.c */
88extern struct kmem_cache *svc_rdma_ctxt_cachep;
89
90struct svc_rdma_op_ctxt *svc_rdma_get_context(struct svcxprt_rdma *xprt)
88{ 91{
89 int target;
90 int at_least_one = 0;
91 struct svc_rdma_op_ctxt *ctxt; 92 struct svc_rdma_op_ctxt *ctxt;
92 93
93 target = min(xprt->sc_ctxt_cnt + xprt->sc_ctxt_bump, 94 while (1) {
94 xprt->sc_ctxt_max); 95 ctxt = kmem_cache_alloc(svc_rdma_ctxt_cachep, GFP_KERNEL);
95 96 if (ctxt)
96 spin_lock_bh(&xprt->sc_ctxt_lock);
97 while (xprt->sc_ctxt_cnt < target) {
98 xprt->sc_ctxt_cnt++;
99 spin_unlock_bh(&xprt->sc_ctxt_lock);
100
101 ctxt = kmalloc(sizeof(*ctxt), GFP_KERNEL);
102
103 spin_lock_bh(&xprt->sc_ctxt_lock);
104 if (ctxt) {
105 at_least_one = 1;
106 INIT_LIST_HEAD(&ctxt->free_list);
107 list_add(&ctxt->free_list, &xprt->sc_ctxt_free);
108 } else {
109 /* kmalloc failed...give up for now */
110 xprt->sc_ctxt_cnt--;
111 break; 97 break;
112 } 98 schedule_timeout_uninterruptible(msecs_to_jiffies(500));
113 } 99 }
114 spin_unlock_bh(&xprt->sc_ctxt_lock); 100 ctxt->xprt = xprt;
115 dprintk("svcrdma: sc_ctxt_max=%d, sc_ctxt_cnt=%d\n", 101 INIT_LIST_HEAD(&ctxt->dto_q);
116 xprt->sc_ctxt_max, xprt->sc_ctxt_cnt); 102 ctxt->count = 0;
117 return at_least_one; 103 atomic_inc(&xprt->sc_ctxt_used);
104 return ctxt;
118} 105}
119 106
120struct svc_rdma_op_ctxt *svc_rdma_get_context(struct svcxprt_rdma *xprt) 107static void svc_rdma_unmap_dma(struct svc_rdma_op_ctxt *ctxt)
121{ 108{
122 struct svc_rdma_op_ctxt *ctxt; 109 struct svcxprt_rdma *xprt = ctxt->xprt;
123 110 int i;
124 while (1) { 111 for (i = 0; i < ctxt->count && ctxt->sge[i].length; i++) {
125 spin_lock_bh(&xprt->sc_ctxt_lock); 112 atomic_dec(&xprt->sc_dma_used);
126 if (unlikely(list_empty(&xprt->sc_ctxt_free))) { 113 ib_dma_unmap_single(xprt->sc_cm_id->device,
127 /* Try to bump my cache. */ 114 ctxt->sge[i].addr,
128 spin_unlock_bh(&xprt->sc_ctxt_lock); 115 ctxt->sge[i].length,
129 116 ctxt->direction);
130 if (rdma_bump_context_cache(xprt))
131 continue;
132
133 printk(KERN_INFO "svcrdma: sleeping waiting for "
134 "context memory on xprt=%p\n",
135 xprt);
136 schedule_timeout_uninterruptible(msecs_to_jiffies(500));
137 continue;
138 }
139 ctxt = list_entry(xprt->sc_ctxt_free.next,
140 struct svc_rdma_op_ctxt,
141 free_list);
142 list_del_init(&ctxt->free_list);
143 spin_unlock_bh(&xprt->sc_ctxt_lock);
144 ctxt->xprt = xprt;
145 INIT_LIST_HEAD(&ctxt->dto_q);
146 ctxt->count = 0;
147 atomic_inc(&xprt->sc_ctxt_used);
148 break;
149 } 117 }
150 return ctxt;
151} 118}
152 119
153void svc_rdma_put_context(struct svc_rdma_op_ctxt *ctxt, int free_pages) 120void svc_rdma_put_context(struct svc_rdma_op_ctxt *ctxt, int free_pages)
@@ -161,18 +128,36 @@ void svc_rdma_put_context(struct svc_rdma_op_ctxt *ctxt, int free_pages)
161 for (i = 0; i < ctxt->count; i++) 128 for (i = 0; i < ctxt->count; i++)
162 put_page(ctxt->pages[i]); 129 put_page(ctxt->pages[i]);
163 130
164 for (i = 0; i < ctxt->count; i++) 131 kmem_cache_free(svc_rdma_ctxt_cachep, ctxt);
165 ib_dma_unmap_single(xprt->sc_cm_id->device,
166 ctxt->sge[i].addr,
167 ctxt->sge[i].length,
168 ctxt->direction);
169
170 spin_lock_bh(&xprt->sc_ctxt_lock);
171 list_add(&ctxt->free_list, &xprt->sc_ctxt_free);
172 spin_unlock_bh(&xprt->sc_ctxt_lock);
173 atomic_dec(&xprt->sc_ctxt_used); 132 atomic_dec(&xprt->sc_ctxt_used);
174} 133}
175 134
135/* Temporary NFS request map cache. Created in svc_rdma.c */
136extern struct kmem_cache *svc_rdma_map_cachep;
137
138/*
139 * Temporary NFS req mappings are shared across all transport
140 * instances. These are short lived and should be bounded by the number
141 * of concurrent server threads * depth of the SQ.
142 */
143struct svc_rdma_req_map *svc_rdma_get_req_map(void)
144{
145 struct svc_rdma_req_map *map;
146 while (1) {
147 map = kmem_cache_alloc(svc_rdma_map_cachep, GFP_KERNEL);
148 if (map)
149 break;
150 schedule_timeout_uninterruptible(msecs_to_jiffies(500));
151 }
152 map->count = 0;
153 return map;
154}
155
156void svc_rdma_put_req_map(struct svc_rdma_req_map *map)
157{
158 kmem_cache_free(svc_rdma_map_cachep, map);
159}
160
176/* ib_cq event handler */ 161/* ib_cq event handler */
177static void cq_event_handler(struct ib_event *event, void *context) 162static void cq_event_handler(struct ib_event *event, void *context)
178{ 163{
@@ -302,6 +287,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
302 ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; 287 ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id;
303 ctxt->wc_status = wc.status; 288 ctxt->wc_status = wc.status;
304 ctxt->byte_len = wc.byte_len; 289 ctxt->byte_len = wc.byte_len;
290 svc_rdma_unmap_dma(ctxt);
305 if (wc.status != IB_WC_SUCCESS) { 291 if (wc.status != IB_WC_SUCCESS) {
306 /* Close the transport */ 292 /* Close the transport */
307 dprintk("svcrdma: transport closing putting ctxt %p\n", ctxt); 293 dprintk("svcrdma: transport closing putting ctxt %p\n", ctxt);
@@ -351,6 +337,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
351 ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; 337 ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id;
352 xprt = ctxt->xprt; 338 xprt = ctxt->xprt;
353 339
340 svc_rdma_unmap_dma(ctxt);
354 if (wc.status != IB_WC_SUCCESS) 341 if (wc.status != IB_WC_SUCCESS)
355 /* Close the transport */ 342 /* Close the transport */
356 set_bit(XPT_CLOSE, &xprt->sc_xprt.xpt_flags); 343 set_bit(XPT_CLOSE, &xprt->sc_xprt.xpt_flags);
@@ -361,19 +348,22 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
361 348
362 switch (ctxt->wr_op) { 349 switch (ctxt->wr_op) {
363 case IB_WR_SEND: 350 case IB_WR_SEND:
364 case IB_WR_RDMA_WRITE:
365 svc_rdma_put_context(ctxt, 1); 351 svc_rdma_put_context(ctxt, 1);
366 break; 352 break;
367 353
354 case IB_WR_RDMA_WRITE:
355 svc_rdma_put_context(ctxt, 0);
356 break;
357
368 case IB_WR_RDMA_READ: 358 case IB_WR_RDMA_READ:
369 if (test_bit(RDMACTXT_F_LAST_CTXT, &ctxt->flags)) { 359 if (test_bit(RDMACTXT_F_LAST_CTXT, &ctxt->flags)) {
370 struct svc_rdma_op_ctxt *read_hdr = ctxt->read_hdr; 360 struct svc_rdma_op_ctxt *read_hdr = ctxt->read_hdr;
371 BUG_ON(!read_hdr); 361 BUG_ON(!read_hdr);
362 spin_lock_bh(&xprt->sc_rq_dto_lock);
372 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags); 363 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags);
373 spin_lock_bh(&xprt->sc_read_complete_lock);
374 list_add_tail(&read_hdr->dto_q, 364 list_add_tail(&read_hdr->dto_q,
375 &xprt->sc_read_complete_q); 365 &xprt->sc_read_complete_q);
376 spin_unlock_bh(&xprt->sc_read_complete_lock); 366 spin_unlock_bh(&xprt->sc_rq_dto_lock);
377 svc_xprt_enqueue(&xprt->sc_xprt); 367 svc_xprt_enqueue(&xprt->sc_xprt);
378 } 368 }
379 svc_rdma_put_context(ctxt, 0); 369 svc_rdma_put_context(ctxt, 0);
@@ -423,40 +413,6 @@ static void sq_comp_handler(struct ib_cq *cq, void *cq_context)
423 tasklet_schedule(&dto_tasklet); 413 tasklet_schedule(&dto_tasklet);
424} 414}
425 415
426static void create_context_cache(struct svcxprt_rdma *xprt,
427 int ctxt_count, int ctxt_bump, int ctxt_max)
428{
429 struct svc_rdma_op_ctxt *ctxt;
430 int i;
431
432 xprt->sc_ctxt_max = ctxt_max;
433 xprt->sc_ctxt_bump = ctxt_bump;
434 xprt->sc_ctxt_cnt = 0;
435 atomic_set(&xprt->sc_ctxt_used, 0);
436
437 INIT_LIST_HEAD(&xprt->sc_ctxt_free);
438 for (i = 0; i < ctxt_count; i++) {
439 ctxt = kmalloc(sizeof(*ctxt), GFP_KERNEL);
440 if (ctxt) {
441 INIT_LIST_HEAD(&ctxt->free_list);
442 list_add(&ctxt->free_list, &xprt->sc_ctxt_free);
443 xprt->sc_ctxt_cnt++;
444 }
445 }
446}
447
448static void destroy_context_cache(struct svcxprt_rdma *xprt)
449{
450 while (!list_empty(&xprt->sc_ctxt_free)) {
451 struct svc_rdma_op_ctxt *ctxt;
452 ctxt = list_entry(xprt->sc_ctxt_free.next,
453 struct svc_rdma_op_ctxt,
454 free_list);
455 list_del_init(&ctxt->free_list);
456 kfree(ctxt);
457 }
458}
459
460static struct svcxprt_rdma *rdma_create_xprt(struct svc_serv *serv, 416static struct svcxprt_rdma *rdma_create_xprt(struct svc_serv *serv,
461 int listener) 417 int listener)
462{ 418{
@@ -472,8 +428,6 @@ static struct svcxprt_rdma *rdma_create_xprt(struct svc_serv *serv,
472 init_waitqueue_head(&cma_xprt->sc_send_wait); 428 init_waitqueue_head(&cma_xprt->sc_send_wait);
473 429
474 spin_lock_init(&cma_xprt->sc_lock); 430 spin_lock_init(&cma_xprt->sc_lock);
475 spin_lock_init(&cma_xprt->sc_read_complete_lock);
476 spin_lock_init(&cma_xprt->sc_ctxt_lock);
477 spin_lock_init(&cma_xprt->sc_rq_dto_lock); 431 spin_lock_init(&cma_xprt->sc_rq_dto_lock);
478 432
479 cma_xprt->sc_ord = svcrdma_ord; 433 cma_xprt->sc_ord = svcrdma_ord;
@@ -482,21 +436,9 @@ static struct svcxprt_rdma *rdma_create_xprt(struct svc_serv *serv,
482 cma_xprt->sc_max_requests = svcrdma_max_requests; 436 cma_xprt->sc_max_requests = svcrdma_max_requests;
483 cma_xprt->sc_sq_depth = svcrdma_max_requests * RPCRDMA_SQ_DEPTH_MULT; 437 cma_xprt->sc_sq_depth = svcrdma_max_requests * RPCRDMA_SQ_DEPTH_MULT;
484 atomic_set(&cma_xprt->sc_sq_count, 0); 438 atomic_set(&cma_xprt->sc_sq_count, 0);
439 atomic_set(&cma_xprt->sc_ctxt_used, 0);
485 440
486 if (!listener) { 441 if (listener)
487 int reqs = cma_xprt->sc_max_requests;
488 create_context_cache(cma_xprt,
489 reqs << 1, /* starting size */
490 reqs, /* bump amount */
491 reqs +
492 cma_xprt->sc_sq_depth +
493 RPCRDMA_MAX_THREADS + 1); /* max */
494 if (list_empty(&cma_xprt->sc_ctxt_free)) {
495 kfree(cma_xprt);
496 return NULL;
497 }
498 clear_bit(XPT_LISTENER, &cma_xprt->sc_xprt.xpt_flags);
499 } else
500 set_bit(XPT_LISTENER, &cma_xprt->sc_xprt.xpt_flags); 442 set_bit(XPT_LISTENER, &cma_xprt->sc_xprt.xpt_flags);
501 443
502 return cma_xprt; 444 return cma_xprt;
@@ -532,6 +474,7 @@ int svc_rdma_post_recv(struct svcxprt_rdma *xprt)
532 BUG_ON(sge_no >= xprt->sc_max_sge); 474 BUG_ON(sge_no >= xprt->sc_max_sge);
533 page = svc_rdma_get_page(); 475 page = svc_rdma_get_page();
534 ctxt->pages[sge_no] = page; 476 ctxt->pages[sge_no] = page;
477 atomic_inc(&xprt->sc_dma_used);
535 pa = ib_dma_map_page(xprt->sc_cm_id->device, 478 pa = ib_dma_map_page(xprt->sc_cm_id->device,
536 page, 0, PAGE_SIZE, 479 page, 0, PAGE_SIZE,
537 DMA_FROM_DEVICE); 480 DMA_FROM_DEVICE);
@@ -566,7 +509,7 @@ int svc_rdma_post_recv(struct svcxprt_rdma *xprt)
566 * will call the recvfrom method on the listen xprt which will accept the new 509 * will call the recvfrom method on the listen xprt which will accept the new
567 * connection. 510 * connection.
568 */ 511 */
569static void handle_connect_req(struct rdma_cm_id *new_cma_id) 512static void handle_connect_req(struct rdma_cm_id *new_cma_id, size_t client_ird)
570{ 513{
571 struct svcxprt_rdma *listen_xprt = new_cma_id->context; 514 struct svcxprt_rdma *listen_xprt = new_cma_id->context;
572 struct svcxprt_rdma *newxprt; 515 struct svcxprt_rdma *newxprt;
@@ -583,6 +526,9 @@ static void handle_connect_req(struct rdma_cm_id *new_cma_id)
583 dprintk("svcrdma: Creating newxprt=%p, cm_id=%p, listenxprt=%p\n", 526 dprintk("svcrdma: Creating newxprt=%p, cm_id=%p, listenxprt=%p\n",
584 newxprt, newxprt->sc_cm_id, listen_xprt); 527 newxprt, newxprt->sc_cm_id, listen_xprt);
585 528
529 /* Save client advertised inbound read limit for use later in accept. */
530 newxprt->sc_ord = client_ird;
531
586 /* Set the local and remote addresses in the transport */ 532 /* Set the local and remote addresses in the transport */
587 sa = (struct sockaddr *)&newxprt->sc_cm_id->route.addr.dst_addr; 533 sa = (struct sockaddr *)&newxprt->sc_cm_id->route.addr.dst_addr;
588 svc_xprt_set_remote(&newxprt->sc_xprt, sa, svc_addr_len(sa)); 534 svc_xprt_set_remote(&newxprt->sc_xprt, sa, svc_addr_len(sa));
@@ -619,7 +565,8 @@ static int rdma_listen_handler(struct rdma_cm_id *cma_id,
619 case RDMA_CM_EVENT_CONNECT_REQUEST: 565 case RDMA_CM_EVENT_CONNECT_REQUEST:
620 dprintk("svcrdma: Connect request on cma_id=%p, xprt = %p, " 566 dprintk("svcrdma: Connect request on cma_id=%p, xprt = %p, "
621 "event=%d\n", cma_id, cma_id->context, event->event); 567 "event=%d\n", cma_id, cma_id->context, event->event);
622 handle_connect_req(cma_id); 568 handle_connect_req(cma_id,
569 event->param.conn.responder_resources);
623 break; 570 break;
624 571
625 case RDMA_CM_EVENT_ESTABLISHED: 572 case RDMA_CM_EVENT_ESTABLISHED:
@@ -793,8 +740,12 @@ static struct svc_xprt *svc_rdma_accept(struct svc_xprt *xprt)
793 (size_t)svcrdma_max_requests); 740 (size_t)svcrdma_max_requests);
794 newxprt->sc_sq_depth = RPCRDMA_SQ_DEPTH_MULT * newxprt->sc_max_requests; 741 newxprt->sc_sq_depth = RPCRDMA_SQ_DEPTH_MULT * newxprt->sc_max_requests;
795 742
796 newxprt->sc_ord = min((size_t)devattr.max_qp_rd_atom, 743 /*
797 (size_t)svcrdma_ord); 744 * Limit ORD based on client limit, local device limit, and
745 * configured svcrdma limit.
746 */
747 newxprt->sc_ord = min_t(size_t, devattr.max_qp_rd_atom, newxprt->sc_ord);
748 newxprt->sc_ord = min_t(size_t, svcrdma_ord, newxprt->sc_ord);
798 749
799 newxprt->sc_pd = ib_alloc_pd(newxprt->sc_cm_id->device); 750 newxprt->sc_pd = ib_alloc_pd(newxprt->sc_cm_id->device);
800 if (IS_ERR(newxprt->sc_pd)) { 751 if (IS_ERR(newxprt->sc_pd)) {
@@ -987,7 +938,6 @@ static void __svc_rdma_free(struct work_struct *work)
987 * cm_id because the device ptr is needed to unmap the dma in 938 * cm_id because the device ptr is needed to unmap the dma in
988 * svc_rdma_put_context. 939 * svc_rdma_put_context.
989 */ 940 */
990 spin_lock_bh(&rdma->sc_read_complete_lock);
991 while (!list_empty(&rdma->sc_read_complete_q)) { 941 while (!list_empty(&rdma->sc_read_complete_q)) {
992 struct svc_rdma_op_ctxt *ctxt; 942 struct svc_rdma_op_ctxt *ctxt;
993 ctxt = list_entry(rdma->sc_read_complete_q.next, 943 ctxt = list_entry(rdma->sc_read_complete_q.next,
@@ -996,10 +946,8 @@ static void __svc_rdma_free(struct work_struct *work)
996 list_del_init(&ctxt->dto_q); 946 list_del_init(&ctxt->dto_q);
997 svc_rdma_put_context(ctxt, 1); 947 svc_rdma_put_context(ctxt, 1);
998 } 948 }
999 spin_unlock_bh(&rdma->sc_read_complete_lock);
1000 949
1001 /* Destroy queued, but not processed recv completions */ 950 /* Destroy queued, but not processed recv completions */
1002 spin_lock_bh(&rdma->sc_rq_dto_lock);
1003 while (!list_empty(&rdma->sc_rq_dto_q)) { 951 while (!list_empty(&rdma->sc_rq_dto_q)) {
1004 struct svc_rdma_op_ctxt *ctxt; 952 struct svc_rdma_op_ctxt *ctxt;
1005 ctxt = list_entry(rdma->sc_rq_dto_q.next, 953 ctxt = list_entry(rdma->sc_rq_dto_q.next,
@@ -1008,10 +956,10 @@ static void __svc_rdma_free(struct work_struct *work)
1008 list_del_init(&ctxt->dto_q); 956 list_del_init(&ctxt->dto_q);
1009 svc_rdma_put_context(ctxt, 1); 957 svc_rdma_put_context(ctxt, 1);
1010 } 958 }
1011 spin_unlock_bh(&rdma->sc_rq_dto_lock);
1012 959
1013 /* Warn if we leaked a resource or under-referenced */ 960 /* Warn if we leaked a resource or under-referenced */
1014 WARN_ON(atomic_read(&rdma->sc_ctxt_used) != 0); 961 WARN_ON(atomic_read(&rdma->sc_ctxt_used) != 0);
962 WARN_ON(atomic_read(&rdma->sc_dma_used) != 0);
1015 963
1016 /* Destroy the QP if present (not a listener) */ 964 /* Destroy the QP if present (not a listener) */
1017 if (rdma->sc_qp && !IS_ERR(rdma->sc_qp)) 965 if (rdma->sc_qp && !IS_ERR(rdma->sc_qp))
@@ -1032,7 +980,6 @@ static void __svc_rdma_free(struct work_struct *work)
1032 /* Destroy the CM ID */ 980 /* Destroy the CM ID */
1033 rdma_destroy_id(rdma->sc_cm_id); 981 rdma_destroy_id(rdma->sc_cm_id);
1034 982
1035 destroy_context_cache(rdma);
1036 kfree(rdma); 983 kfree(rdma);
1037} 984}
1038 985
@@ -1132,6 +1079,7 @@ void svc_rdma_send_error(struct svcxprt_rdma *xprt, struct rpcrdma_msg *rmsgp,
1132 length = svc_rdma_xdr_encode_error(xprt, rmsgp, err, va); 1079 length = svc_rdma_xdr_encode_error(xprt, rmsgp, err, va);
1133 1080
1134 /* Prepare SGE for local address */ 1081 /* Prepare SGE for local address */
1082 atomic_inc(&xprt->sc_dma_used);
1135 sge.addr = ib_dma_map_page(xprt->sc_cm_id->device, 1083 sge.addr = ib_dma_map_page(xprt->sc_cm_id->device,
1136 p, 0, PAGE_SIZE, DMA_FROM_DEVICE); 1084 p, 0, PAGE_SIZE, DMA_FROM_DEVICE);
1137 sge.lkey = xprt->sc_phys_mr->lkey; 1085 sge.lkey = xprt->sc_phys_mr->lkey;
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index ddbe981ab516..4486c59c3aca 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -579,7 +579,6 @@ static int xs_udp_send_request(struct rpc_task *task)
579 req->rq_svec->iov_base, 579 req->rq_svec->iov_base,
580 req->rq_svec->iov_len); 580 req->rq_svec->iov_len);
581 581
582 req->rq_xtime = jiffies;
583 status = xs_sendpages(transport->sock, 582 status = xs_sendpages(transport->sock,
584 xs_addr(xprt), 583 xs_addr(xprt),
585 xprt->addrlen, xdr, 584 xprt->addrlen, xdr,
@@ -671,7 +670,6 @@ static int xs_tcp_send_request(struct rpc_task *task)
671 * to cope with writespace callbacks arriving _after_ we have 670 * to cope with writespace callbacks arriving _after_ we have
672 * called sendmsg(). */ 671 * called sendmsg(). */
673 while (1) { 672 while (1) {
674 req->rq_xtime = jiffies;
675 status = xs_sendpages(transport->sock, 673 status = xs_sendpages(transport->sock,
676 NULL, 0, xdr, req->rq_bytes_sent); 674 NULL, 0, xdr, req->rq_bytes_sent);
677 675
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index b4f0525f91af..972201cd5fa7 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -4,7 +4,6 @@
4 * Begun April 1, 1996, Mike Shaver. 4 * Begun April 1, 1996, Mike Shaver.
5 * Added /proc/sys/net directories for each protocol family. [MS] 5 * Added /proc/sys/net directories for each protocol family. [MS]
6 * 6 *
7 * $Log: sysctl_net.c,v $
8 * Revision 1.2 1996/05/08 20:24:40 shaver 7 * Revision 1.2 1996/05/08 20:24:40 shaver
9 * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and 8 * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and
10 * NET_IPV4_IP_FORWARD. 9 * NET_IPV4_IP_FORWARD.
@@ -30,25 +29,59 @@
30#include <linux/if_tr.h> 29#include <linux/if_tr.h>
31#endif 30#endif
32 31
33static struct list_head * 32static struct ctl_table_set *
34net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces) 33net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
35{ 34{
36 return &namespaces->net_ns->sysctl_table_headers; 35 return &namespaces->net_ns->sysctls;
36}
37
38static int is_seen(struct ctl_table_set *set)
39{
40 return &current->nsproxy->net_ns->sysctls == set;
41}
42
43/* Return standard mode bits for table entry. */
44static int net_ctl_permissions(struct ctl_table_root *root,
45 struct nsproxy *nsproxy,
46 struct ctl_table *table)
47{
48 /* Allow network administrator to have same access as root. */
49 if (capable(CAP_NET_ADMIN)) {
50 int mode = (table->mode >> 6) & 7;
51 return (mode << 6) | (mode << 3) | mode;
52 }
53 return table->mode;
37} 54}
38 55
39static struct ctl_table_root net_sysctl_root = { 56static struct ctl_table_root net_sysctl_root = {
40 .lookup = net_ctl_header_lookup, 57 .lookup = net_ctl_header_lookup,
58 .permissions = net_ctl_permissions,
59};
60
61static int net_ctl_ro_header_perms(struct ctl_table_root *root,
62 struct nsproxy *namespaces, struct ctl_table *table)
63{
64 if (namespaces->net_ns == &init_net)
65 return table->mode;
66 else
67 return table->mode & ~0222;
68}
69
70static struct ctl_table_root net_sysctl_ro_root = {
71 .permissions = net_ctl_ro_header_perms,
41}; 72};
42 73
43static int sysctl_net_init(struct net *net) 74static int sysctl_net_init(struct net *net)
44{ 75{
45 INIT_LIST_HEAD(&net->sysctl_table_headers); 76 setup_sysctl_set(&net->sysctls,
77 &net_sysctl_ro_root.default_set,
78 is_seen);
46 return 0; 79 return 0;
47} 80}
48 81
49static void sysctl_net_exit(struct net *net) 82static void sysctl_net_exit(struct net *net)
50{ 83{
51 WARN_ON(!list_empty(&net->sysctl_table_headers)); 84 WARN_ON(!list_empty(&net->sysctls.list));
52 return; 85 return;
53} 86}
54 87
@@ -64,6 +97,8 @@ static __init int sysctl_init(void)
64 if (ret) 97 if (ret)
65 goto out; 98 goto out;
66 register_sysctl_root(&net_sysctl_root); 99 register_sysctl_root(&net_sysctl_root);
100 setup_sysctl_set(&net_sysctl_ro_root.default_set, NULL, NULL);
101 register_sysctl_root(&net_sysctl_ro_root);
67out: 102out:
68 return ret; 103 return ret;
69} 104}
@@ -80,6 +115,14 @@ struct ctl_table_header *register_net_sysctl_table(struct net *net,
80} 115}
81EXPORT_SYMBOL_GPL(register_net_sysctl_table); 116EXPORT_SYMBOL_GPL(register_net_sysctl_table);
82 117
118struct ctl_table_header *register_net_sysctl_rotable(const
119 struct ctl_path *path, struct ctl_table *table)
120{
121 return __register_sysctl_paths(&net_sysctl_ro_root,
122 &init_nsproxy, path, table);
123}
124EXPORT_SYMBOL_GPL(register_net_sysctl_rotable);
125
83void unregister_net_sysctl_table(struct ctl_table_header *header) 126void unregister_net_sysctl_table(struct ctl_table_header *header)
84{ 127{
85 unregister_sysctl_table(header); 128 unregister_sysctl_table(header);
diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c
index e7880172ef19..3ddaff42d1bb 100644
--- a/net/tipc/bcast.c
+++ b/net/tipc/bcast.c
@@ -96,8 +96,8 @@ struct bcbearer {
96 struct media media; 96 struct media media;
97 struct bcbearer_pair bpairs[MAX_BEARERS]; 97 struct bcbearer_pair bpairs[MAX_BEARERS];
98 struct bcbearer_pair bpairs_temp[TIPC_MAX_LINK_PRI + 1]; 98 struct bcbearer_pair bpairs_temp[TIPC_MAX_LINK_PRI + 1];
99 struct node_map remains; 99 struct tipc_node_map remains;
100 struct node_map remains_new; 100 struct tipc_node_map remains_new;
101}; 101};
102 102
103/** 103/**
@@ -110,7 +110,7 @@ struct bcbearer {
110 110
111struct bclink { 111struct bclink {
112 struct link link; 112 struct link link;
113 struct node node; 113 struct tipc_node node;
114}; 114};
115 115
116 116
@@ -149,7 +149,7 @@ static void bcbuf_decr_acks(struct sk_buff *buf)
149 * Called with 'node' locked, bc_lock unlocked 149 * Called with 'node' locked, bc_lock unlocked
150 */ 150 */
151 151
152static void bclink_set_gap(struct node *n_ptr) 152static void bclink_set_gap(struct tipc_node *n_ptr)
153{ 153{
154 struct sk_buff *buf = n_ptr->bclink.deferred_head; 154 struct sk_buff *buf = n_ptr->bclink.deferred_head;
155 155
@@ -202,7 +202,7 @@ static void bclink_retransmit_pkt(u32 after, u32 to)
202 * Node is locked, bc_lock unlocked. 202 * Node is locked, bc_lock unlocked.
203 */ 203 */
204 204
205void tipc_bclink_acknowledge(struct node *n_ptr, u32 acked) 205void tipc_bclink_acknowledge(struct tipc_node *n_ptr, u32 acked)
206{ 206{
207 struct sk_buff *crs; 207 struct sk_buff *crs;
208 struct sk_buff *next; 208 struct sk_buff *next;
@@ -250,7 +250,7 @@ void tipc_bclink_acknowledge(struct node *n_ptr, u32 acked)
250 * tipc_net_lock and node lock set 250 * tipc_net_lock and node lock set
251 */ 251 */
252 252
253static void bclink_send_ack(struct node *n_ptr) 253static void bclink_send_ack(struct tipc_node *n_ptr)
254{ 254{
255 struct link *l_ptr = n_ptr->active_links[n_ptr->addr & 1]; 255 struct link *l_ptr = n_ptr->active_links[n_ptr->addr & 1];
256 256
@@ -264,7 +264,7 @@ static void bclink_send_ack(struct node *n_ptr)
264 * tipc_net_lock and node lock set 264 * tipc_net_lock and node lock set
265 */ 265 */
266 266
267static void bclink_send_nack(struct node *n_ptr) 267static void bclink_send_nack(struct tipc_node *n_ptr)
268{ 268{
269 struct sk_buff *buf; 269 struct sk_buff *buf;
270 struct tipc_msg *msg; 270 struct tipc_msg *msg;
@@ -276,7 +276,7 @@ static void bclink_send_nack(struct node *n_ptr)
276 if (buf) { 276 if (buf) {
277 msg = buf_msg(buf); 277 msg = buf_msg(buf);
278 msg_init(msg, BCAST_PROTOCOL, STATE_MSG, 278 msg_init(msg, BCAST_PROTOCOL, STATE_MSG,
279 TIPC_OK, INT_H_SIZE, n_ptr->addr); 279 INT_H_SIZE, n_ptr->addr);
280 msg_set_mc_netid(msg, tipc_net_id); 280 msg_set_mc_netid(msg, tipc_net_id);
281 msg_set_bcast_ack(msg, mod(n_ptr->bclink.last_in)); 281 msg_set_bcast_ack(msg, mod(n_ptr->bclink.last_in));
282 msg_set_bcgap_after(msg, n_ptr->bclink.gap_after); 282 msg_set_bcgap_after(msg, n_ptr->bclink.gap_after);
@@ -308,7 +308,7 @@ static void bclink_send_nack(struct node *n_ptr)
308 * tipc_net_lock and node lock set 308 * tipc_net_lock and node lock set
309 */ 309 */
310 310
311void tipc_bclink_check_gap(struct node *n_ptr, u32 last_sent) 311void tipc_bclink_check_gap(struct tipc_node *n_ptr, u32 last_sent)
312{ 312{
313 if (!n_ptr->bclink.supported || 313 if (!n_ptr->bclink.supported ||
314 less_eq(last_sent, mod(n_ptr->bclink.last_in))) 314 less_eq(last_sent, mod(n_ptr->bclink.last_in)))
@@ -328,7 +328,7 @@ void tipc_bclink_check_gap(struct node *n_ptr, u32 last_sent)
328 328
329static void tipc_bclink_peek_nack(u32 dest, u32 sender_tag, u32 gap_after, u32 gap_to) 329static void tipc_bclink_peek_nack(u32 dest, u32 sender_tag, u32 gap_after, u32 gap_to)
330{ 330{
331 struct node *n_ptr = tipc_node_find(dest); 331 struct tipc_node *n_ptr = tipc_node_find(dest);
332 u32 my_after, my_to; 332 u32 my_after, my_to;
333 333
334 if (unlikely(!n_ptr || !tipc_node_is_up(n_ptr))) 334 if (unlikely(!n_ptr || !tipc_node_is_up(n_ptr)))
@@ -418,7 +418,7 @@ void tipc_bclink_recv_pkt(struct sk_buff *buf)
418 static int rx_count = 0; 418 static int rx_count = 0;
419#endif 419#endif
420 struct tipc_msg *msg = buf_msg(buf); 420 struct tipc_msg *msg = buf_msg(buf);
421 struct node* node = tipc_node_find(msg_prevnode(msg)); 421 struct tipc_node* node = tipc_node_find(msg_prevnode(msg));
422 u32 next_in; 422 u32 next_in;
423 u32 seqno; 423 u32 seqno;
424 struct sk_buff *deferred; 424 struct sk_buff *deferred;
@@ -538,7 +538,7 @@ u32 tipc_bclink_get_last_sent(void)
538 return last_sent; 538 return last_sent;
539} 539}
540 540
541u32 tipc_bclink_acks_missing(struct node *n_ptr) 541u32 tipc_bclink_acks_missing(struct tipc_node *n_ptr)
542{ 542{
543 return (n_ptr->bclink.supported && 543 return (n_ptr->bclink.supported &&
544 (tipc_bclink_get_last_sent() != n_ptr->bclink.acked)); 544 (tipc_bclink_get_last_sent() != n_ptr->bclink.acked));
@@ -571,7 +571,7 @@ static int tipc_bcbearer_send(struct sk_buff *buf,
571 assert(tipc_cltr_bcast_nodes.count != 0); 571 assert(tipc_cltr_bcast_nodes.count != 0);
572 bcbuf_set_acks(buf, tipc_cltr_bcast_nodes.count); 572 bcbuf_set_acks(buf, tipc_cltr_bcast_nodes.count);
573 msg = buf_msg(buf); 573 msg = buf_msg(buf);
574 msg_set_non_seq(msg); 574 msg_set_non_seq(msg, 1);
575 msg_set_mc_netid(msg, tipc_net_id); 575 msg_set_mc_netid(msg, tipc_net_id);
576 } 576 }
577 577
@@ -611,7 +611,7 @@ swap:
611 bcbearer->bpairs[bp_index].secondary = p; 611 bcbearer->bpairs[bp_index].secondary = p;
612update: 612update:
613 if (bcbearer->remains_new.count == 0) 613 if (bcbearer->remains_new.count == 0)
614 return TIPC_OK; 614 return 0;
615 615
616 bcbearer->remains = bcbearer->remains_new; 616 bcbearer->remains = bcbearer->remains_new;
617 } 617 }
@@ -620,7 +620,7 @@ update:
620 620
621 bcbearer->bearer.publ.blocked = 1; 621 bcbearer->bearer.publ.blocked = 1;
622 bcl->stats.bearer_congs++; 622 bcl->stats.bearer_congs++;
623 return ~TIPC_OK; 623 return 1;
624} 624}
625 625
626/** 626/**
@@ -756,7 +756,7 @@ int tipc_bclink_reset_stats(void)
756 spin_lock_bh(&bc_lock); 756 spin_lock_bh(&bc_lock);
757 memset(&bcl->stats, 0, sizeof(bcl->stats)); 757 memset(&bcl->stats, 0, sizeof(bcl->stats));
758 spin_unlock_bh(&bc_lock); 758 spin_unlock_bh(&bc_lock);
759 return TIPC_OK; 759 return 0;
760} 760}
761 761
762int tipc_bclink_set_queue_limits(u32 limit) 762int tipc_bclink_set_queue_limits(u32 limit)
@@ -769,7 +769,7 @@ int tipc_bclink_set_queue_limits(u32 limit)
769 spin_lock_bh(&bc_lock); 769 spin_lock_bh(&bc_lock);
770 tipc_link_set_queue_limits(bcl, limit); 770 tipc_link_set_queue_limits(bcl, limit);
771 spin_unlock_bh(&bc_lock); 771 spin_unlock_bh(&bc_lock);
772 return TIPC_OK; 772 return 0;
773} 773}
774 774
775int tipc_bclink_init(void) 775int tipc_bclink_init(void)
@@ -810,7 +810,7 @@ int tipc_bclink_init(void)
810 tipc_printbuf_init(&bcl->print_buf, pb, BCLINK_LOG_BUF_SIZE); 810 tipc_printbuf_init(&bcl->print_buf, pb, BCLINK_LOG_BUF_SIZE);
811 } 811 }
812 812
813 return TIPC_OK; 813 return 0;
814} 814}
815 815
816void tipc_bclink_stop(void) 816void tipc_bclink_stop(void)
diff --git a/net/tipc/bcast.h b/net/tipc/bcast.h
index a2416fa6b906..5aa024b99c55 100644
--- a/net/tipc/bcast.h
+++ b/net/tipc/bcast.h
@@ -41,12 +41,12 @@
41#define WSIZE 32 41#define WSIZE 32
42 42
43/** 43/**
44 * struct node_map - set of node identifiers 44 * struct tipc_node_map - set of node identifiers
45 * @count: # of nodes in set 45 * @count: # of nodes in set
46 * @map: bitmap of node identifiers that are in the set 46 * @map: bitmap of node identifiers that are in the set
47 */ 47 */
48 48
49struct node_map { 49struct tipc_node_map {
50 u32 count; 50 u32 count;
51 u32 map[MAX_NODES / WSIZE]; 51 u32 map[MAX_NODES / WSIZE];
52}; 52};
@@ -68,7 +68,7 @@ struct port_list {
68}; 68};
69 69
70 70
71struct node; 71struct tipc_node;
72 72
73extern char tipc_bclink_name[]; 73extern char tipc_bclink_name[];
74 74
@@ -77,7 +77,7 @@ extern char tipc_bclink_name[];
77 * nmap_add - add a node to a node map 77 * nmap_add - add a node to a node map
78 */ 78 */
79 79
80static inline void tipc_nmap_add(struct node_map *nm_ptr, u32 node) 80static inline void tipc_nmap_add(struct tipc_node_map *nm_ptr, u32 node)
81{ 81{
82 int n = tipc_node(node); 82 int n = tipc_node(node);
83 int w = n / WSIZE; 83 int w = n / WSIZE;
@@ -93,7 +93,7 @@ static inline void tipc_nmap_add(struct node_map *nm_ptr, u32 node)
93 * nmap_remove - remove a node from a node map 93 * nmap_remove - remove a node from a node map
94 */ 94 */
95 95
96static inline void tipc_nmap_remove(struct node_map *nm_ptr, u32 node) 96static inline void tipc_nmap_remove(struct tipc_node_map *nm_ptr, u32 node)
97{ 97{
98 int n = tipc_node(node); 98 int n = tipc_node(node);
99 int w = n / WSIZE; 99 int w = n / WSIZE;
@@ -109,7 +109,7 @@ static inline void tipc_nmap_remove(struct node_map *nm_ptr, u32 node)
109 * nmap_equal - test for equality of node maps 109 * nmap_equal - test for equality of node maps
110 */ 110 */
111 111
112static inline int tipc_nmap_equal(struct node_map *nm_a, struct node_map *nm_b) 112static inline int tipc_nmap_equal(struct tipc_node_map *nm_a, struct tipc_node_map *nm_b)
113{ 113{
114 return !memcmp(nm_a, nm_b, sizeof(*nm_a)); 114 return !memcmp(nm_a, nm_b, sizeof(*nm_a));
115} 115}
@@ -121,8 +121,8 @@ static inline int tipc_nmap_equal(struct node_map *nm_a, struct node_map *nm_b)
121 * @nm_diff: output node map A-B (i.e. nodes of A that are not in B) 121 * @nm_diff: output node map A-B (i.e. nodes of A that are not in B)
122 */ 122 */
123 123
124static inline void tipc_nmap_diff(struct node_map *nm_a, struct node_map *nm_b, 124static inline void tipc_nmap_diff(struct tipc_node_map *nm_a, struct tipc_node_map *nm_b,
125 struct node_map *nm_diff) 125 struct tipc_node_map *nm_diff)
126{ 126{
127 int stop = sizeof(nm_a->map) / sizeof(u32); 127 int stop = sizeof(nm_a->map) / sizeof(u32);
128 int w; 128 int w;
@@ -195,12 +195,12 @@ static inline void tipc_port_list_free(struct port_list *pl_ptr)
195 195
196int tipc_bclink_init(void); 196int tipc_bclink_init(void);
197void tipc_bclink_stop(void); 197void tipc_bclink_stop(void);
198void tipc_bclink_acknowledge(struct node *n_ptr, u32 acked); 198void tipc_bclink_acknowledge(struct tipc_node *n_ptr, u32 acked);
199int tipc_bclink_send_msg(struct sk_buff *buf); 199int tipc_bclink_send_msg(struct sk_buff *buf);
200void tipc_bclink_recv_pkt(struct sk_buff *buf); 200void tipc_bclink_recv_pkt(struct sk_buff *buf);
201u32 tipc_bclink_get_last_sent(void); 201u32 tipc_bclink_get_last_sent(void);
202u32 tipc_bclink_acks_missing(struct node *n_ptr); 202u32 tipc_bclink_acks_missing(struct tipc_node *n_ptr);
203void tipc_bclink_check_gap(struct node *n_ptr, u32 seqno); 203void tipc_bclink_check_gap(struct tipc_node *n_ptr, u32 seqno);
204int tipc_bclink_stats(char *stats_buf, const u32 buf_size); 204int tipc_bclink_stats(char *stats_buf, const u32 buf_size);
205int tipc_bclink_reset_stats(void); 205int tipc_bclink_reset_stats(void);
206int tipc_bclink_set_queue_limits(u32 limit); 206int tipc_bclink_set_queue_limits(u32 limit);
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 271a375b49b7..a7a36779b9b3 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -370,7 +370,7 @@ void tipc_bearer_remove_dest(struct bearer *b_ptr, u32 dest)
370 */ 370 */
371static int bearer_push(struct bearer *b_ptr) 371static int bearer_push(struct bearer *b_ptr)
372{ 372{
373 u32 res = TIPC_OK; 373 u32 res = 0;
374 struct link *ln, *tln; 374 struct link *ln, *tln;
375 375
376 if (b_ptr->publ.blocked) 376 if (b_ptr->publ.blocked)
@@ -599,7 +599,7 @@ int tipc_block_bearer(const char *name)
599 spin_lock_bh(&b_ptr->publ.lock); 599 spin_lock_bh(&b_ptr->publ.lock);
600 b_ptr->publ.blocked = 1; 600 b_ptr->publ.blocked = 1;
601 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) { 601 list_for_each_entry_safe(l_ptr, temp_l_ptr, &b_ptr->links, link_list) {
602 struct node *n_ptr = l_ptr->owner; 602 struct tipc_node *n_ptr = l_ptr->owner;
603 603
604 spin_lock_bh(&n_ptr->lock); 604 spin_lock_bh(&n_ptr->lock);
605 tipc_link_reset(l_ptr); 605 tipc_link_reset(l_ptr);
@@ -607,7 +607,7 @@ int tipc_block_bearer(const char *name)
607 } 607 }
608 spin_unlock_bh(&b_ptr->publ.lock); 608 spin_unlock_bh(&b_ptr->publ.lock);
609 read_unlock_bh(&tipc_net_lock); 609 read_unlock_bh(&tipc_net_lock);
610 return TIPC_OK; 610 return 0;
611} 611}
612 612
613/** 613/**
@@ -645,7 +645,7 @@ static int bearer_disable(const char *name)
645 } 645 }
646 spin_unlock_bh(&b_ptr->publ.lock); 646 spin_unlock_bh(&b_ptr->publ.lock);
647 memset(b_ptr, 0, sizeof(struct bearer)); 647 memset(b_ptr, 0, sizeof(struct bearer));
648 return TIPC_OK; 648 return 0;
649} 649}
650 650
651int tipc_disable_bearer(const char *name) 651int tipc_disable_bearer(const char *name)
@@ -668,7 +668,7 @@ int tipc_bearer_init(void)
668 tipc_bearers = kcalloc(MAX_BEARERS, sizeof(struct bearer), GFP_ATOMIC); 668 tipc_bearers = kcalloc(MAX_BEARERS, sizeof(struct bearer), GFP_ATOMIC);
669 media_list = kcalloc(MAX_MEDIA, sizeof(struct media), GFP_ATOMIC); 669 media_list = kcalloc(MAX_MEDIA, sizeof(struct media), GFP_ATOMIC);
670 if (tipc_bearers && media_list) { 670 if (tipc_bearers && media_list) {
671 res = TIPC_OK; 671 res = 0;
672 } else { 672 } else {
673 kfree(tipc_bearers); 673 kfree(tipc_bearers);
674 kfree(media_list); 674 kfree(media_list);
diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h
index 6a36b6600e6c..ca5734892713 100644
--- a/net/tipc/bearer.h
+++ b/net/tipc/bearer.h
@@ -104,7 +104,7 @@ struct bearer {
104 u32 continue_count; 104 u32 continue_count;
105 int active; 105 int active;
106 char net_plane; 106 char net_plane;
107 struct node_map nodes; 107 struct tipc_node_map nodes;
108}; 108};
109 109
110struct bearer_name { 110struct bearer_name {
diff --git a/net/tipc/cluster.c b/net/tipc/cluster.c
index 4bb3404f610b..689fdefe9d04 100644
--- a/net/tipc/cluster.c
+++ b/net/tipc/cluster.c
@@ -48,8 +48,8 @@ static void tipc_cltr_multicast(struct cluster *c_ptr, struct sk_buff *buf,
48 u32 lower, u32 upper); 48 u32 lower, u32 upper);
49static struct sk_buff *tipc_cltr_prepare_routing_msg(u32 data_size, u32 dest); 49static struct sk_buff *tipc_cltr_prepare_routing_msg(u32 data_size, u32 dest);
50 50
51struct node **tipc_local_nodes = NULL; 51struct tipc_node **tipc_local_nodes = NULL;
52struct node_map tipc_cltr_bcast_nodes = {0,{0,}}; 52struct tipc_node_map tipc_cltr_bcast_nodes = {0,{0,}};
53u32 tipc_highest_allowed_slave = 0; 53u32 tipc_highest_allowed_slave = 0;
54 54
55struct cluster *tipc_cltr_create(u32 addr) 55struct cluster *tipc_cltr_create(u32 addr)
@@ -115,7 +115,7 @@ void tipc_cltr_delete(struct cluster *c_ptr)
115 115
116u32 tipc_cltr_next_node(struct cluster *c_ptr, u32 addr) 116u32 tipc_cltr_next_node(struct cluster *c_ptr, u32 addr)
117{ 117{
118 struct node *n_ptr; 118 struct tipc_node *n_ptr;
119 u32 n_num = tipc_node(addr) + 1; 119 u32 n_num = tipc_node(addr) + 1;
120 120
121 if (!c_ptr) 121 if (!c_ptr)
@@ -133,7 +133,7 @@ u32 tipc_cltr_next_node(struct cluster *c_ptr, u32 addr)
133 return 0; 133 return 0;
134} 134}
135 135
136void tipc_cltr_attach_node(struct cluster *c_ptr, struct node *n_ptr) 136void tipc_cltr_attach_node(struct cluster *c_ptr, struct tipc_node *n_ptr)
137{ 137{
138 u32 n_num = tipc_node(n_ptr->addr); 138 u32 n_num = tipc_node(n_ptr->addr);
139 u32 max_n_num = tipc_max_nodes; 139 u32 max_n_num = tipc_max_nodes;
@@ -196,7 +196,7 @@ u32 tipc_cltr_select_router(struct cluster *c_ptr, u32 ref)
196 * Uses deterministic and fair algorithm. 196 * Uses deterministic and fair algorithm.
197 */ 197 */
198 198
199struct node *tipc_cltr_select_node(struct cluster *c_ptr, u32 selector) 199struct tipc_node *tipc_cltr_select_node(struct cluster *c_ptr, u32 selector)
200{ 200{
201 u32 n_num; 201 u32 n_num;
202 u32 mask = tipc_max_nodes; 202 u32 mask = tipc_max_nodes;
@@ -238,7 +238,7 @@ static struct sk_buff *tipc_cltr_prepare_routing_msg(u32 data_size, u32 dest)
238 if (buf) { 238 if (buf) {
239 msg = buf_msg(buf); 239 msg = buf_msg(buf);
240 memset((char *)msg, 0, size); 240 memset((char *)msg, 0, size);
241 msg_init(msg, ROUTE_DISTRIBUTOR, 0, TIPC_OK, INT_H_SIZE, dest); 241 msg_init(msg, ROUTE_DISTRIBUTOR, 0, INT_H_SIZE, dest);
242 } 242 }
243 return buf; 243 return buf;
244} 244}
@@ -379,7 +379,7 @@ void tipc_cltr_recv_routing_table(struct sk_buff *buf)
379{ 379{
380 struct tipc_msg *msg = buf_msg(buf); 380 struct tipc_msg *msg = buf_msg(buf);
381 struct cluster *c_ptr; 381 struct cluster *c_ptr;
382 struct node *n_ptr; 382 struct tipc_node *n_ptr;
383 unchar *node_table; 383 unchar *node_table;
384 u32 table_size; 384 u32 table_size;
385 u32 router; 385 u32 router;
@@ -499,7 +499,7 @@ static void tipc_cltr_multicast(struct cluster *c_ptr, struct sk_buff *buf,
499 u32 lower, u32 upper) 499 u32 lower, u32 upper)
500{ 500{
501 struct sk_buff *buf_copy; 501 struct sk_buff *buf_copy;
502 struct node *n_ptr; 502 struct tipc_node *n_ptr;
503 u32 n_num; 503 u32 n_num;
504 u32 tstop; 504 u32 tstop;
505 505
@@ -534,7 +534,7 @@ void tipc_cltr_broadcast(struct sk_buff *buf)
534{ 534{
535 struct sk_buff *buf_copy; 535 struct sk_buff *buf_copy;
536 struct cluster *c_ptr; 536 struct cluster *c_ptr;
537 struct node *n_ptr; 537 struct tipc_node *n_ptr;
538 u32 n_num; 538 u32 n_num;
539 u32 tstart; 539 u32 tstart;
540 u32 tstop; 540 u32 tstop;
@@ -571,6 +571,6 @@ exit:
571int tipc_cltr_init(void) 571int tipc_cltr_init(void)
572{ 572{
573 tipc_highest_allowed_slave = LOWEST_SLAVE + tipc_max_slaves; 573 tipc_highest_allowed_slave = LOWEST_SLAVE + tipc_max_slaves;
574 return tipc_cltr_create(tipc_own_addr) ? TIPC_OK : -ENOMEM; 574 return tipc_cltr_create(tipc_own_addr) ? 0 : -ENOMEM;
575} 575}
576 576
diff --git a/net/tipc/cluster.h b/net/tipc/cluster.h
index 62df074afaec..333efb0b9c44 100644
--- a/net/tipc/cluster.h
+++ b/net/tipc/cluster.h
@@ -54,24 +54,24 @@
54struct cluster { 54struct cluster {
55 u32 addr; 55 u32 addr;
56 struct _zone *owner; 56 struct _zone *owner;
57 struct node **nodes; 57 struct tipc_node **nodes;
58 u32 highest_node; 58 u32 highest_node;
59 u32 highest_slave; 59 u32 highest_slave;
60}; 60};
61 61
62 62
63extern struct node **tipc_local_nodes; 63extern struct tipc_node **tipc_local_nodes;
64extern u32 tipc_highest_allowed_slave; 64extern u32 tipc_highest_allowed_slave;
65extern struct node_map tipc_cltr_bcast_nodes; 65extern struct tipc_node_map tipc_cltr_bcast_nodes;
66 66
67void tipc_cltr_remove_as_router(struct cluster *c_ptr, u32 router); 67void tipc_cltr_remove_as_router(struct cluster *c_ptr, u32 router);
68void tipc_cltr_send_ext_routes(struct cluster *c_ptr, u32 dest); 68void tipc_cltr_send_ext_routes(struct cluster *c_ptr, u32 dest);
69struct node *tipc_cltr_select_node(struct cluster *c_ptr, u32 selector); 69struct tipc_node *tipc_cltr_select_node(struct cluster *c_ptr, u32 selector);
70u32 tipc_cltr_select_router(struct cluster *c_ptr, u32 ref); 70u32 tipc_cltr_select_router(struct cluster *c_ptr, u32 ref);
71void tipc_cltr_recv_routing_table(struct sk_buff *buf); 71void tipc_cltr_recv_routing_table(struct sk_buff *buf);
72struct cluster *tipc_cltr_create(u32 addr); 72struct cluster *tipc_cltr_create(u32 addr);
73void tipc_cltr_delete(struct cluster *c_ptr); 73void tipc_cltr_delete(struct cluster *c_ptr);
74void tipc_cltr_attach_node(struct cluster *c_ptr, struct node *n_ptr); 74void tipc_cltr_attach_node(struct cluster *c_ptr, struct tipc_node *n_ptr);
75void tipc_cltr_send_slave_routes(struct cluster *c_ptr, u32 dest); 75void tipc_cltr_send_slave_routes(struct cluster *c_ptr, u32 dest);
76void tipc_cltr_broadcast(struct sk_buff *buf); 76void tipc_cltr_broadcast(struct sk_buff *buf);
77int tipc_cltr_init(void); 77int tipc_cltr_init(void);
diff --git a/net/tipc/config.c b/net/tipc/config.c
index c71337a22d33..ca3544d030c7 100644
--- a/net/tipc/config.c
+++ b/net/tipc/config.c
@@ -2,7 +2,7 @@
2 * net/tipc/config.c: TIPC configuration management code 2 * net/tipc/config.c: TIPC configuration management code
3 * 3 *
4 * Copyright (c) 2002-2006, Ericsson AB 4 * Copyright (c) 2002-2006, Ericsson AB
5 * Copyright (c) 2004-2006, Wind River Systems 5 * Copyright (c) 2004-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -293,7 +293,6 @@ static struct sk_buff *cfg_set_own_addr(void)
293 if (tipc_mode == TIPC_NET_MODE) 293 if (tipc_mode == TIPC_NET_MODE)
294 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED 294 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
295 " (cannot change node address once assigned)"); 295 " (cannot change node address once assigned)");
296 tipc_own_addr = addr;
297 296
298 /* 297 /*
299 * Must release all spinlocks before calling start_net() because 298 * Must release all spinlocks before calling start_net() because
@@ -306,7 +305,7 @@ static struct sk_buff *cfg_set_own_addr(void)
306 */ 305 */
307 306
308 spin_unlock_bh(&config_lock); 307 spin_unlock_bh(&config_lock);
309 tipc_core_start_net(); 308 tipc_core_start_net(addr);
310 spin_lock_bh(&config_lock); 309 spin_lock_bh(&config_lock);
311 return tipc_cfg_reply_none(); 310 return tipc_cfg_reply_none();
312} 311}
@@ -529,7 +528,7 @@ struct sk_buff *tipc_cfg_do_cmd(u32 orig_node, u16 cmd, const void *request_area
529 break; 528 break;
530#endif 529#endif
531 case TIPC_CMD_SET_LOG_SIZE: 530 case TIPC_CMD_SET_LOG_SIZE:
532 rep_tlv_buf = tipc_log_resize(req_tlv_area, req_tlv_space); 531 rep_tlv_buf = tipc_log_resize_cmd(req_tlv_area, req_tlv_space);
533 break; 532 break;
534 case TIPC_CMD_DUMP_LOG: 533 case TIPC_CMD_DUMP_LOG:
535 rep_tlv_buf = tipc_log_dump(); 534 rep_tlv_buf = tipc_log_dump();
@@ -602,6 +601,10 @@ struct sk_buff *tipc_cfg_do_cmd(u32 orig_node, u16 cmd, const void *request_area
602 case TIPC_CMD_GET_NETID: 601 case TIPC_CMD_GET_NETID:
603 rep_tlv_buf = tipc_cfg_reply_unsigned(tipc_net_id); 602 rep_tlv_buf = tipc_cfg_reply_unsigned(tipc_net_id);
604 break; 603 break;
604 case TIPC_CMD_NOT_NET_ADMIN:
605 rep_tlv_buf =
606 tipc_cfg_reply_error_string(TIPC_CFG_NOT_NET_ADMIN);
607 break;
605 default: 608 default:
606 rep_tlv_buf = tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED 609 rep_tlv_buf = tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
607 " (unknown command)"); 610 " (unknown command)");
diff --git a/net/tipc/core.c b/net/tipc/core.c
index 740aac5cdfb6..3256bd7d398f 100644
--- a/net/tipc/core.c
+++ b/net/tipc/core.c
@@ -49,7 +49,7 @@
49#include "config.h" 49#include "config.h"
50 50
51 51
52#define TIPC_MOD_VER "1.6.3" 52#define TIPC_MOD_VER "1.6.4"
53 53
54#ifndef CONFIG_TIPC_ZONES 54#ifndef CONFIG_TIPC_ZONES
55#define CONFIG_TIPC_ZONES 3 55#define CONFIG_TIPC_ZONES 3
@@ -117,11 +117,11 @@ void tipc_core_stop_net(void)
117 * start_net - start TIPC networking sub-systems 117 * start_net - start TIPC networking sub-systems
118 */ 118 */
119 119
120int tipc_core_start_net(void) 120int tipc_core_start_net(unsigned long addr)
121{ 121{
122 int res; 122 int res;
123 123
124 if ((res = tipc_net_start()) || 124 if ((res = tipc_net_start(addr)) ||
125 (res = tipc_eth_media_start())) { 125 (res = tipc_eth_media_start())) {
126 tipc_core_stop_net(); 126 tipc_core_stop_net();
127 } 127 }
@@ -164,8 +164,7 @@ int tipc_core_start(void)
164 tipc_mode = TIPC_NODE_MODE; 164 tipc_mode = TIPC_NODE_MODE;
165 165
166 if ((res = tipc_handler_start()) || 166 if ((res = tipc_handler_start()) ||
167 (res = tipc_ref_table_init(tipc_max_ports + tipc_max_subscriptions, 167 (res = tipc_ref_table_init(tipc_max_ports, tipc_random)) ||
168 tipc_random)) ||
169 (res = tipc_reg_start()) || 168 (res = tipc_reg_start()) ||
170 (res = tipc_nametbl_init()) || 169 (res = tipc_nametbl_init()) ||
171 (res = tipc_k_signal((Handler)tipc_subscr_start, 0)) || 170 (res = tipc_k_signal((Handler)tipc_subscr_start, 0)) ||
@@ -182,7 +181,7 @@ static int __init tipc_init(void)
182{ 181{
183 int res; 182 int res;
184 183
185 tipc_log_reinit(CONFIG_TIPC_LOG); 184 tipc_log_resize(CONFIG_TIPC_LOG);
186 info("Activated (version " TIPC_MOD_VER 185 info("Activated (version " TIPC_MOD_VER
187 " compiled " __DATE__ " " __TIME__ ")\n"); 186 " compiled " __DATE__ " " __TIME__ ")\n");
188 187
@@ -209,7 +208,7 @@ static void __exit tipc_exit(void)
209 tipc_core_stop_net(); 208 tipc_core_stop_net();
210 tipc_core_stop(); 209 tipc_core_stop();
211 info("Deactivated\n"); 210 info("Deactivated\n");
212 tipc_log_stop(); 211 tipc_log_resize(0);
213} 212}
214 213
215module_init(tipc_init); 214module_init(tipc_init);
diff --git a/net/tipc/core.h b/net/tipc/core.h
index 5a0e4878d3b7..a881f92a8537 100644
--- a/net/tipc/core.h
+++ b/net/tipc/core.h
@@ -2,7 +2,7 @@
2 * net/tipc/core.h: Include file for TIPC global declarations 2 * net/tipc/core.h: Include file for TIPC global declarations
3 * 3 *
4 * Copyright (c) 2005-2006, Ericsson AB 4 * Copyright (c) 2005-2006, Ericsson AB
5 * Copyright (c) 2005-2006, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -59,84 +59,108 @@
59#include <linux/vmalloc.h> 59#include <linux/vmalloc.h>
60 60
61/* 61/*
62 * TIPC debugging code 62 * TIPC sanity test macros
63 */ 63 */
64 64
65#define assert(i) BUG_ON(!(i)) 65#define assert(i) BUG_ON(!(i))
66 66
67struct tipc_msg;
68extern struct print_buf *TIPC_NULL, *TIPC_CONS, *TIPC_LOG;
69extern struct print_buf *TIPC_TEE(struct print_buf *, struct print_buf *);
70void tipc_msg_print(struct print_buf*,struct tipc_msg *,const char*);
71void tipc_printf(struct print_buf *, const char *fmt, ...);
72void tipc_dump(struct print_buf*,const char *fmt, ...);
73
74#ifdef CONFIG_TIPC_DEBUG
75
76/* 67/*
77 * TIPC debug support included: 68 * TIPC system monitoring code
78 * - system messages are printed to TIPC_OUTPUT print buffer
79 * - debug messages are printed to DBG_OUTPUT print buffer
80 */ 69 */
81 70
82#define err(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_ERR "TIPC: " fmt, ## arg) 71/*
83#define warn(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_WARNING "TIPC: " fmt, ## arg) 72 * TIPC's print buffer subsystem supports the following print buffers:
84#define info(fmt, arg...) tipc_printf(TIPC_OUTPUT, KERN_NOTICE "TIPC: " fmt, ## arg) 73 *
74 * TIPC_NULL : null buffer (i.e. print nowhere)
75 * TIPC_CONS : system console
76 * TIPC_LOG : TIPC log buffer
77 * &buf : user-defined buffer (struct print_buf *)
78 *
79 * Note: TIPC_LOG is configured to echo its output to the system console;
80 * user-defined buffers can be configured to do the same thing.
81 */
85 82
86#define dbg(fmt, arg...) do {if (DBG_OUTPUT != TIPC_NULL) tipc_printf(DBG_OUTPUT, fmt, ## arg);} while(0) 83extern struct print_buf *const TIPC_NULL;
87#define msg_dbg(msg, txt) do {if (DBG_OUTPUT != TIPC_NULL) tipc_msg_print(DBG_OUTPUT, msg, txt);} while(0) 84extern struct print_buf *const TIPC_CONS;
88#define dump(fmt, arg...) do {if (DBG_OUTPUT != TIPC_NULL) tipc_dump(DBG_OUTPUT, fmt, ##arg);} while(0) 85extern struct print_buf *const TIPC_LOG;
89 86
87void tipc_printf(struct print_buf *, const char *fmt, ...);
90 88
91/* 89/*
92 * By default, TIPC_OUTPUT is defined to be system console and TIPC log buffer, 90 * TIPC_OUTPUT is the destination print buffer for system messages.
93 * while DBG_OUTPUT is the null print buffer. These defaults can be changed
94 * here, or on a per .c file basis, by redefining these symbols. The following
95 * print buffer options are available:
96 *
97 * TIPC_NULL : null buffer (i.e. print nowhere)
98 * TIPC_CONS : system console
99 * TIPC_LOG : TIPC log buffer
100 * &buf : user-defined buffer (struct print_buf *)
101 * TIPC_TEE(&buf_a,&buf_b) : list of buffers (eg. TIPC_TEE(TIPC_CONS,TIPC_LOG))
102 */ 91 */
103 92
104#ifndef TIPC_OUTPUT 93#ifndef TIPC_OUTPUT
105#define TIPC_OUTPUT TIPC_TEE(TIPC_CONS,TIPC_LOG) 94#define TIPC_OUTPUT TIPC_LOG
106#endif
107
108#ifndef DBG_OUTPUT
109#define DBG_OUTPUT TIPC_NULL
110#endif 95#endif
111 96
112#else
113
114/* 97/*
115 * TIPC debug support not included: 98 * TIPC can be configured to send system messages to TIPC_OUTPUT
116 * - system messages are printed to system console 99 * or to the system console only.
117 * - debug messages are not printed
118 */ 100 */
119 101
102#ifdef CONFIG_TIPC_DEBUG
103
104#define err(fmt, arg...) tipc_printf(TIPC_OUTPUT, \
105 KERN_ERR "TIPC: " fmt, ## arg)
106#define warn(fmt, arg...) tipc_printf(TIPC_OUTPUT, \
107 KERN_WARNING "TIPC: " fmt, ## arg)
108#define info(fmt, arg...) tipc_printf(TIPC_OUTPUT, \
109 KERN_NOTICE "TIPC: " fmt, ## arg)
110
111#else
112
120#define err(fmt, arg...) printk(KERN_ERR "TIPC: " fmt , ## arg) 113#define err(fmt, arg...) printk(KERN_ERR "TIPC: " fmt , ## arg)
121#define info(fmt, arg...) printk(KERN_INFO "TIPC: " fmt , ## arg) 114#define info(fmt, arg...) printk(KERN_INFO "TIPC: " fmt , ## arg)
122#define warn(fmt, arg...) printk(KERN_WARNING "TIPC: " fmt , ## arg) 115#define warn(fmt, arg...) printk(KERN_WARNING "TIPC: " fmt , ## arg)
123 116
124#define dbg(fmt, arg...) do {} while (0) 117#endif
125#define msg_dbg(msg,txt) do {} while (0)
126#define dump(fmt,arg...) do {} while (0)
127 118
119/*
120 * DBG_OUTPUT is the destination print buffer for debug messages.
121 * It defaults to the the null print buffer, but can be redefined
122 * (typically in the individual .c files being debugged) to allow
123 * selected debug messages to be generated where needed.
124 */
125
126#ifndef DBG_OUTPUT
127#define DBG_OUTPUT TIPC_NULL
128#endif
128 129
129/* 130/*
130 * TIPC_OUTPUT is defined to be the system console, while DBG_OUTPUT is 131 * TIPC can be configured to send debug messages to the specified print buffer
131 * the null print buffer. Thes ensures that any system or debug messages 132 * (typically DBG_OUTPUT) or to suppress them entirely.
132 * that are generated without using the above macros are handled correctly.
133 */ 133 */
134 134
135#undef TIPC_OUTPUT 135#ifdef CONFIG_TIPC_DEBUG
136#define TIPC_OUTPUT TIPC_CONS
137 136
138#undef DBG_OUTPUT 137#define dbg(fmt, arg...) \
139#define DBG_OUTPUT TIPC_NULL 138 do { \
139 if (DBG_OUTPUT != TIPC_NULL) \
140 tipc_printf(DBG_OUTPUT, fmt, ## arg); \
141 } while (0)
142#define msg_dbg(msg, txt) \
143 do { \
144 if (DBG_OUTPUT != TIPC_NULL) \
145 tipc_msg_dbg(DBG_OUTPUT, msg, txt); \
146 } while (0)
147#define dump(fmt, arg...) \
148 do { \
149 if (DBG_OUTPUT != TIPC_NULL) \
150 tipc_dump_dbg(DBG_OUTPUT, fmt, ##arg); \
151 } while (0)
152
153void tipc_msg_dbg(struct print_buf *, struct tipc_msg *, const char *);
154void tipc_dump_dbg(struct print_buf *, const char *fmt, ...);
155
156#else
157
158#define dbg(fmt, arg...) do {} while (0)
159#define msg_dbg(msg, txt) do {} while (0)
160#define dump(fmt, arg...) do {} while (0)
161
162#define tipc_msg_dbg(...) do {} while (0)
163#define tipc_dump_dbg(...) do {} while (0)
140 164
141#endif 165#endif
142 166
@@ -178,7 +202,7 @@ extern atomic_t tipc_user_count;
178 202
179extern int tipc_core_start(void); 203extern int tipc_core_start(void);
180extern void tipc_core_stop(void); 204extern void tipc_core_stop(void);
181extern int tipc_core_start_net(void); 205extern int tipc_core_start_net(unsigned long addr);
182extern void tipc_core_stop_net(void); 206extern void tipc_core_stop_net(void);
183extern int tipc_handler_start(void); 207extern int tipc_handler_start(void);
184extern void tipc_handler_stop(void); 208extern void tipc_handler_stop(void);
diff --git a/net/tipc/dbg.c b/net/tipc/dbg.c
index e809d2a2ce06..29ecae851668 100644
--- a/net/tipc/dbg.c
+++ b/net/tipc/dbg.c
@@ -2,7 +2,7 @@
2 * net/tipc/dbg.c: TIPC print buffer routines for debugging 2 * net/tipc/dbg.c: TIPC print buffer routines for debugging
3 * 3 *
4 * Copyright (c) 1996-2006, Ericsson AB 4 * Copyright (c) 1996-2006, Ericsson AB
5 * Copyright (c) 2005-2006, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -38,17 +38,43 @@
38#include "config.h" 38#include "config.h"
39#include "dbg.h" 39#include "dbg.h"
40 40
41static char print_string[TIPC_PB_MAX_STR]; 41/*
42static DEFINE_SPINLOCK(print_lock); 42 * TIPC pre-defines the following print buffers:
43 *
44 * TIPC_NULL : null buffer (i.e. print nowhere)
45 * TIPC_CONS : system console
46 * TIPC_LOG : TIPC log buffer
47 *
48 * Additional user-defined print buffers are also permitted.
49 */
43 50
44static struct print_buf null_buf = { NULL, 0, NULL, NULL }; 51static struct print_buf null_buf = { NULL, 0, NULL, 0 };
45struct print_buf *TIPC_NULL = &null_buf; 52struct print_buf *const TIPC_NULL = &null_buf;
46 53
47static struct print_buf cons_buf = { NULL, 0, NULL, NULL }; 54static struct print_buf cons_buf = { NULL, 0, NULL, 1 };
48struct print_buf *TIPC_CONS = &cons_buf; 55struct print_buf *const TIPC_CONS = &cons_buf;
49 56
50static struct print_buf log_buf = { NULL, 0, NULL, NULL }; 57static struct print_buf log_buf = { NULL, 0, NULL, 1 };
51struct print_buf *TIPC_LOG = &log_buf; 58struct print_buf *const TIPC_LOG = &log_buf;
59
60/*
61 * Locking policy when using print buffers.
62 *
63 * 1) tipc_printf() uses 'print_lock' to protect against concurrent access to
64 * 'print_string' when writing to a print buffer. This also protects against
65 * concurrent writes to the print buffer being written to.
66 *
67 * 2) tipc_dump() and tipc_log_XXX() leverage the aforementioned
68 * use of 'print_lock' to protect against all types of concurrent operations
69 * on their associated print buffer (not just write operations).
70 *
71 * Note: All routines of the form tipc_printbuf_XXX() are lock-free, and rely
72 * on the caller to prevent simultaneous use of the print buffer(s) being
73 * manipulated.
74 */
75
76static char print_string[TIPC_PB_MAX_STR];
77static DEFINE_SPINLOCK(print_lock);
52 78
53 79
54#define FORMAT(PTR,LEN,FMT) \ 80#define FORMAT(PTR,LEN,FMT) \
@@ -60,27 +86,14 @@ struct print_buf *TIPC_LOG = &log_buf;
60 *(PTR + LEN) = '\0';\ 86 *(PTR + LEN) = '\0';\
61} 87}
62 88
63/*
64 * Locking policy when using print buffers.
65 *
66 * The following routines use 'print_lock' for protection:
67 * 1) tipc_printf() - to protect its print buffer(s) and 'print_string'
68 * 2) TIPC_TEE() - to protect its print buffer(s)
69 * 3) tipc_dump() - to protect its print buffer(s) and 'print_string'
70 * 4) tipc_log_XXX() - to protect TIPC_LOG
71 *
72 * All routines of the form tipc_printbuf_XXX() rely on the caller to prevent
73 * simultaneous use of the print buffer(s) being manipulated.
74 */
75
76/** 89/**
77 * tipc_printbuf_init - initialize print buffer to empty 90 * tipc_printbuf_init - initialize print buffer to empty
78 * @pb: pointer to print buffer structure 91 * @pb: pointer to print buffer structure
79 * @raw: pointer to character array used by print buffer 92 * @raw: pointer to character array used by print buffer
80 * @size: size of character array 93 * @size: size of character array
81 * 94 *
82 * Makes the print buffer a null device that discards anything written to it 95 * Note: If the character array is too small (or absent), the print buffer
83 * if the character array is too small (or absent). 96 * becomes a null device that discards anything written to it.
84 */ 97 */
85 98
86void tipc_printbuf_init(struct print_buf *pb, char *raw, u32 size) 99void tipc_printbuf_init(struct print_buf *pb, char *raw, u32 size)
@@ -88,13 +101,13 @@ void tipc_printbuf_init(struct print_buf *pb, char *raw, u32 size)
88 pb->buf = raw; 101 pb->buf = raw;
89 pb->crs = raw; 102 pb->crs = raw;
90 pb->size = size; 103 pb->size = size;
91 pb->next = NULL; 104 pb->echo = 0;
92 105
93 if (size < TIPC_PB_MIN_SIZE) { 106 if (size < TIPC_PB_MIN_SIZE) {
94 pb->buf = NULL; 107 pb->buf = NULL;
95 } else if (raw) { 108 } else if (raw) {
96 pb->buf[0] = 0; 109 pb->buf[0] = 0;
97 pb->buf[size-1] = ~0; 110 pb->buf[size - 1] = ~0;
98 } 111 }
99} 112}
100 113
@@ -105,7 +118,11 @@ void tipc_printbuf_init(struct print_buf *pb, char *raw, u32 size)
105 118
106void tipc_printbuf_reset(struct print_buf *pb) 119void tipc_printbuf_reset(struct print_buf *pb)
107{ 120{
108 tipc_printbuf_init(pb, pb->buf, pb->size); 121 if (pb->buf) {
122 pb->crs = pb->buf;
123 pb->buf[0] = 0;
124 pb->buf[pb->size - 1] = ~0;
125 }
109} 126}
110 127
111/** 128/**
@@ -141,7 +158,7 @@ int tipc_printbuf_validate(struct print_buf *pb)
141 158
142 if (pb->buf[pb->size - 1] == 0) { 159 if (pb->buf[pb->size - 1] == 0) {
143 cp_buf = kmalloc(pb->size, GFP_ATOMIC); 160 cp_buf = kmalloc(pb->size, GFP_ATOMIC);
144 if (cp_buf != NULL){ 161 if (cp_buf) {
145 tipc_printbuf_init(&cb, cp_buf, pb->size); 162 tipc_printbuf_init(&cb, cp_buf, pb->size);
146 tipc_printbuf_move(&cb, pb); 163 tipc_printbuf_move(&cb, pb);
147 tipc_printbuf_move(pb, &cb); 164 tipc_printbuf_move(pb, &cb);
@@ -179,15 +196,16 @@ void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from)
179 } 196 }
180 197
181 if (pb_to->size < pb_from->size) { 198 if (pb_to->size < pb_from->size) {
182 tipc_printbuf_reset(pb_to); 199 strcpy(pb_to->buf, "*** PRINT BUFFER MOVE ERROR ***");
183 tipc_printf(pb_to, "*** PRINT BUFFER MOVE ERROR ***"); 200 pb_to->buf[pb_to->size - 1] = ~0;
201 pb_to->crs = strchr(pb_to->buf, 0);
184 return; 202 return;
185 } 203 }
186 204
187 /* Copy data from char after cursor to end (if used) */ 205 /* Copy data from char after cursor to end (if used) */
188 206
189 len = pb_from->buf + pb_from->size - pb_from->crs - 2; 207 len = pb_from->buf + pb_from->size - pb_from->crs - 2;
190 if ((pb_from->buf[pb_from->size-1] == 0) && (len > 0)) { 208 if ((pb_from->buf[pb_from->size - 1] == 0) && (len > 0)) {
191 strcpy(pb_to->buf, pb_from->crs + 1); 209 strcpy(pb_to->buf, pb_from->crs + 1);
192 pb_to->crs = pb_to->buf + len; 210 pb_to->crs = pb_to->buf + len;
193 } else 211 } else
@@ -203,8 +221,8 @@ void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from)
203} 221}
204 222
205/** 223/**
206 * tipc_printf - append formatted output to print buffer chain 224 * tipc_printf - append formatted output to print buffer
207 * @pb: pointer to chain of print buffers (may be NULL) 225 * @pb: pointer to print buffer
208 * @fmt: formatted info to be printed 226 * @fmt: formatted info to be printed
209 */ 227 */
210 228
@@ -213,68 +231,40 @@ void tipc_printf(struct print_buf *pb, const char *fmt, ...)
213 int chars_to_add; 231 int chars_to_add;
214 int chars_left; 232 int chars_left;
215 char save_char; 233 char save_char;
216 struct print_buf *pb_next;
217 234
218 spin_lock_bh(&print_lock); 235 spin_lock_bh(&print_lock);
236
219 FORMAT(print_string, chars_to_add, fmt); 237 FORMAT(print_string, chars_to_add, fmt);
220 if (chars_to_add >= TIPC_PB_MAX_STR) 238 if (chars_to_add >= TIPC_PB_MAX_STR)
221 strcpy(print_string, "*** PRINT BUFFER STRING TOO LONG ***"); 239 strcpy(print_string, "*** PRINT BUFFER STRING TOO LONG ***");
222 240
223 while (pb) { 241 if (pb->buf) {
224 if (pb == TIPC_CONS) 242 chars_left = pb->buf + pb->size - pb->crs - 1;
225 printk(print_string); 243 if (chars_to_add <= chars_left) {
226 else if (pb->buf) { 244 strcpy(pb->crs, print_string);
227 chars_left = pb->buf + pb->size - pb->crs - 1; 245 pb->crs += chars_to_add;
228 if (chars_to_add <= chars_left) { 246 } else if (chars_to_add >= (pb->size - 1)) {
229 strcpy(pb->crs, print_string); 247 strcpy(pb->buf, print_string + chars_to_add + 1
230 pb->crs += chars_to_add; 248 - pb->size);
231 } else if (chars_to_add >= (pb->size - 1)) { 249 pb->crs = pb->buf + pb->size - 1;
232 strcpy(pb->buf, print_string + chars_to_add + 1 250 } else {
233 - pb->size); 251 strcpy(pb->buf, print_string + chars_left);
234 pb->crs = pb->buf + pb->size - 1; 252 save_char = print_string[chars_left];
235 } else { 253 print_string[chars_left] = 0;
236 strcpy(pb->buf, print_string + chars_left); 254 strcpy(pb->crs, print_string);
237 save_char = print_string[chars_left]; 255 print_string[chars_left] = save_char;
238 print_string[chars_left] = 0; 256 pb->crs = pb->buf + chars_to_add - chars_left;
239 strcpy(pb->crs, print_string);
240 print_string[chars_left] = save_char;
241 pb->crs = pb->buf + chars_to_add - chars_left;
242 }
243 } 257 }
244 pb_next = pb->next;
245 pb->next = NULL;
246 pb = pb_next;
247 } 258 }
248 spin_unlock_bh(&print_lock);
249}
250 259
251/** 260 if (pb->echo)
252 * TIPC_TEE - perform next output operation on both print buffers 261 printk(print_string);
253 * @b0: pointer to chain of print buffers (may be NULL)
254 * @b1: pointer to print buffer to add to chain
255 *
256 * Returns pointer to print buffer chain.
257 */
258 262
259struct print_buf *TIPC_TEE(struct print_buf *b0, struct print_buf *b1)
260{
261 struct print_buf *pb = b0;
262
263 if (!b0 || (b0 == b1))
264 return b1;
265
266 spin_lock_bh(&print_lock);
267 while (pb->next) {
268 if ((pb->next == b1) || (pb->next == b0))
269 pb->next = pb->next->next;
270 else
271 pb = pb->next;
272 }
273 pb->next = b1;
274 spin_unlock_bh(&print_lock); 263 spin_unlock_bh(&print_lock);
275 return b0;
276} 264}
277 265
266#ifdef CONFIG_TIPC_DEBUG
267
278/** 268/**
279 * print_to_console - write string of bytes to console in multiple chunks 269 * print_to_console - write string of bytes to console in multiple chunks
280 */ 270 */
@@ -321,72 +311,66 @@ static void printbuf_dump(struct print_buf *pb)
321} 311}
322 312
323/** 313/**
324 * tipc_dump - dump non-console print buffer(s) to console 314 * tipc_dump_dbg - dump (non-console) print buffer to console
325 * @pb: pointer to chain of print buffers 315 * @pb: pointer to print buffer
326 */ 316 */
327 317
328void tipc_dump(struct print_buf *pb, const char *fmt, ...) 318void tipc_dump_dbg(struct print_buf *pb, const char *fmt, ...)
329{ 319{
330 struct print_buf *pb_next;
331 int len; 320 int len;
332 321
322 if (pb == TIPC_CONS)
323 return;
324
333 spin_lock_bh(&print_lock); 325 spin_lock_bh(&print_lock);
326
334 FORMAT(print_string, len, fmt); 327 FORMAT(print_string, len, fmt);
335 printk(print_string); 328 printk(print_string);
336 329
337 for (; pb; pb = pb->next) { 330 printk("\n---- Start of %s log dump ----\n\n",
338 if (pb != TIPC_CONS) { 331 (pb == TIPC_LOG) ? "global" : "local");
339 printk("\n---- Start of %s log dump ----\n\n", 332 printbuf_dump(pb);
340 (pb == TIPC_LOG) ? "global" : "local"); 333 tipc_printbuf_reset(pb);
341 printbuf_dump(pb); 334 printk("\n---- End of dump ----\n");
342 tipc_printbuf_reset(pb); 335
343 printk("\n---- End of dump ----\n");
344 }
345 pb_next = pb->next;
346 pb->next = NULL;
347 pb = pb_next;
348 }
349 spin_unlock_bh(&print_lock); 336 spin_unlock_bh(&print_lock);
350} 337}
351 338
339#endif
340
352/** 341/**
353 * tipc_log_stop - free up TIPC log print buffer 342 * tipc_log_resize - change the size of the TIPC log buffer
343 * @log_size: print buffer size to use
354 */ 344 */
355 345
356void tipc_log_stop(void) 346int tipc_log_resize(int log_size)
357{ 347{
348 int res = 0;
349
358 spin_lock_bh(&print_lock); 350 spin_lock_bh(&print_lock);
359 if (TIPC_LOG->buf) { 351 if (TIPC_LOG->buf) {
360 kfree(TIPC_LOG->buf); 352 kfree(TIPC_LOG->buf);
361 TIPC_LOG->buf = NULL; 353 TIPC_LOG->buf = NULL;
362 } 354 }
363 spin_unlock_bh(&print_lock);
364}
365
366/**
367 * tipc_log_reinit - (re)initialize TIPC log print buffer
368 * @log_size: print buffer size to use
369 */
370
371void tipc_log_reinit(int log_size)
372{
373 tipc_log_stop();
374
375 if (log_size) { 355 if (log_size) {
376 if (log_size < TIPC_PB_MIN_SIZE) 356 if (log_size < TIPC_PB_MIN_SIZE)
377 log_size = TIPC_PB_MIN_SIZE; 357 log_size = TIPC_PB_MIN_SIZE;
378 spin_lock_bh(&print_lock); 358 res = TIPC_LOG->echo;
379 tipc_printbuf_init(TIPC_LOG, kmalloc(log_size, GFP_ATOMIC), 359 tipc_printbuf_init(TIPC_LOG, kmalloc(log_size, GFP_ATOMIC),
380 log_size); 360 log_size);
381 spin_unlock_bh(&print_lock); 361 TIPC_LOG->echo = res;
362 res = !TIPC_LOG->buf;
382 } 363 }
364 spin_unlock_bh(&print_lock);
365
366 return res;
383} 367}
384 368
385/** 369/**
386 * tipc_log_resize - reconfigure size of TIPC log buffer 370 * tipc_log_resize_cmd - reconfigure size of TIPC log buffer
387 */ 371 */
388 372
389struct sk_buff *tipc_log_resize(const void *req_tlv_area, int req_tlv_space) 373struct sk_buff *tipc_log_resize_cmd(const void *req_tlv_area, int req_tlv_space)
390{ 374{
391 u32 value; 375 u32 value;
392 376
@@ -397,7 +381,9 @@ struct sk_buff *tipc_log_resize(const void *req_tlv_area, int req_tlv_space)
397 if (value != delimit(value, 0, 32768)) 381 if (value != delimit(value, 0, 32768))
398 return tipc_cfg_reply_error_string(TIPC_CFG_INVALID_VALUE 382 return tipc_cfg_reply_error_string(TIPC_CFG_INVALID_VALUE
399 " (log size must be 0-32768)"); 383 " (log size must be 0-32768)");
400 tipc_log_reinit(value); 384 if (tipc_log_resize(value))
385 return tipc_cfg_reply_error_string(
386 "unable to create specified log (log size is now 0)");
401 return tipc_cfg_reply_none(); 387 return tipc_cfg_reply_none();
402} 388}
403 389
@@ -410,27 +396,32 @@ struct sk_buff *tipc_log_dump(void)
410 struct sk_buff *reply; 396 struct sk_buff *reply;
411 397
412 spin_lock_bh(&print_lock); 398 spin_lock_bh(&print_lock);
413 if (!TIPC_LOG->buf) 399 if (!TIPC_LOG->buf) {
400 spin_unlock_bh(&print_lock);
414 reply = tipc_cfg_reply_ultra_string("log not activated\n"); 401 reply = tipc_cfg_reply_ultra_string("log not activated\n");
415 else if (tipc_printbuf_empty(TIPC_LOG)) 402 } else if (tipc_printbuf_empty(TIPC_LOG)) {
403 spin_unlock_bh(&print_lock);
416 reply = tipc_cfg_reply_ultra_string("log is empty\n"); 404 reply = tipc_cfg_reply_ultra_string("log is empty\n");
405 }
417 else { 406 else {
418 struct tlv_desc *rep_tlv; 407 struct tlv_desc *rep_tlv;
419 struct print_buf pb; 408 struct print_buf pb;
420 int str_len; 409 int str_len;
421 410
422 str_len = min(TIPC_LOG->size, 32768u); 411 str_len = min(TIPC_LOG->size, 32768u);
412 spin_unlock_bh(&print_lock);
423 reply = tipc_cfg_reply_alloc(TLV_SPACE(str_len)); 413 reply = tipc_cfg_reply_alloc(TLV_SPACE(str_len));
424 if (reply) { 414 if (reply) {
425 rep_tlv = (struct tlv_desc *)reply->data; 415 rep_tlv = (struct tlv_desc *)reply->data;
426 tipc_printbuf_init(&pb, TLV_DATA(rep_tlv), str_len); 416 tipc_printbuf_init(&pb, TLV_DATA(rep_tlv), str_len);
417 spin_lock_bh(&print_lock);
427 tipc_printbuf_move(&pb, TIPC_LOG); 418 tipc_printbuf_move(&pb, TIPC_LOG);
419 spin_unlock_bh(&print_lock);
428 str_len = strlen(TLV_DATA(rep_tlv)) + 1; 420 str_len = strlen(TLV_DATA(rep_tlv)) + 1;
429 skb_put(reply, TLV_SPACE(str_len)); 421 skb_put(reply, TLV_SPACE(str_len));
430 TLV_SET(rep_tlv, TIPC_TLV_ULTRA_STRING, NULL, str_len); 422 TLV_SET(rep_tlv, TIPC_TLV_ULTRA_STRING, NULL, str_len);
431 } 423 }
432 } 424 }
433 spin_unlock_bh(&print_lock);
434 return reply; 425 return reply;
435} 426}
436 427
diff --git a/net/tipc/dbg.h b/net/tipc/dbg.h
index c01b085000e0..5ef1bc8f64ef 100644
--- a/net/tipc/dbg.h
+++ b/net/tipc/dbg.h
@@ -2,7 +2,7 @@
2 * net/tipc/dbg.h: Include file for TIPC print buffer routines 2 * net/tipc/dbg.h: Include file for TIPC print buffer routines
3 * 3 *
4 * Copyright (c) 1997-2006, Ericsson AB 4 * Copyright (c) 1997-2006, Ericsson AB
5 * Copyright (c) 2005-2006, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -42,14 +42,14 @@
42 * @buf: pointer to character array containing print buffer contents 42 * @buf: pointer to character array containing print buffer contents
43 * @size: size of character array 43 * @size: size of character array
44 * @crs: pointer to first unused space in character array (i.e. final NUL) 44 * @crs: pointer to first unused space in character array (i.e. final NUL)
45 * @next: used to link print buffers when printing to more than one at a time 45 * @echo: echo output to system console if non-zero
46 */ 46 */
47 47
48struct print_buf { 48struct print_buf {
49 char *buf; 49 char *buf;
50 u32 size; 50 u32 size;
51 char *crs; 51 char *crs;
52 struct print_buf *next; 52 int echo;
53}; 53};
54 54
55#define TIPC_PB_MIN_SIZE 64 /* minimum size for a print buffer's array */ 55#define TIPC_PB_MIN_SIZE 64 /* minimum size for a print buffer's array */
@@ -61,10 +61,10 @@ int tipc_printbuf_empty(struct print_buf *pb);
61int tipc_printbuf_validate(struct print_buf *pb); 61int tipc_printbuf_validate(struct print_buf *pb);
62void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from); 62void tipc_printbuf_move(struct print_buf *pb_to, struct print_buf *pb_from);
63 63
64void tipc_log_reinit(int log_size); 64int tipc_log_resize(int log_size);
65void tipc_log_stop(void);
66 65
67struct sk_buff *tipc_log_resize(const void *req_tlv_area, int req_tlv_space); 66struct sk_buff *tipc_log_resize_cmd(const void *req_tlv_area,
67 int req_tlv_space);
68struct sk_buff *tipc_log_dump(void); 68struct sk_buff *tipc_log_dump(void);
69 69
70#endif 70#endif
diff --git a/net/tipc/discover.c b/net/tipc/discover.c
index 5d643e5721eb..74b7d1e28aec 100644
--- a/net/tipc/discover.c
+++ b/net/tipc/discover.c
@@ -120,9 +120,8 @@ static struct sk_buff *tipc_disc_init_msg(u32 type,
120 120
121 if (buf) { 121 if (buf) {
122 msg = buf_msg(buf); 122 msg = buf_msg(buf);
123 msg_init(msg, LINK_CONFIG, type, TIPC_OK, DSC_H_SIZE, 123 msg_init(msg, LINK_CONFIG, type, DSC_H_SIZE, dest_domain);
124 dest_domain); 124 msg_set_non_seq(msg, 1);
125 msg_set_non_seq(msg);
126 msg_set_req_links(msg, req_links); 125 msg_set_req_links(msg, req_links);
127 msg_set_dest_domain(msg, dest_domain); 126 msg_set_dest_domain(msg, dest_domain);
128 msg_set_bc_netid(msg, tipc_net_id); 127 msg_set_bc_netid(msg, tipc_net_id);
@@ -156,11 +155,11 @@ static void disc_dupl_alert(struct bearer *b_ptr, u32 node_addr,
156/** 155/**
157 * tipc_disc_recv_msg - handle incoming link setup message (request or response) 156 * tipc_disc_recv_msg - handle incoming link setup message (request or response)
158 * @buf: buffer containing message 157 * @buf: buffer containing message
158 * @b_ptr: bearer that message arrived on
159 */ 159 */
160 160
161void tipc_disc_recv_msg(struct sk_buff *buf) 161void tipc_disc_recv_msg(struct sk_buff *buf, struct bearer *b_ptr)
162{ 162{
163 struct bearer *b_ptr = (struct bearer *)TIPC_SKB_CB(buf)->handle;
164 struct link *link; 163 struct link *link;
165 struct tipc_media_addr media_addr; 164 struct tipc_media_addr media_addr;
166 struct tipc_msg *msg = buf_msg(buf); 165 struct tipc_msg *msg = buf_msg(buf);
@@ -194,15 +193,14 @@ void tipc_disc_recv_msg(struct sk_buff *buf)
194 /* Always accept link here */ 193 /* Always accept link here */
195 struct sk_buff *rbuf; 194 struct sk_buff *rbuf;
196 struct tipc_media_addr *addr; 195 struct tipc_media_addr *addr;
197 struct node *n_ptr = tipc_node_find(orig); 196 struct tipc_node *n_ptr = tipc_node_find(orig);
198 int link_fully_up; 197 int link_fully_up;
199 198
200 dbg(" in own cluster\n"); 199 dbg(" in own cluster\n");
201 if (n_ptr == NULL) { 200 if (n_ptr == NULL) {
202 n_ptr = tipc_node_create(orig); 201 n_ptr = tipc_node_create(orig);
203 } 202 if (!n_ptr)
204 if (n_ptr == NULL) { 203 return;
205 return;
206 } 204 }
207 spin_lock_bh(&n_ptr->lock); 205 spin_lock_bh(&n_ptr->lock);
208 link = n_ptr->links[b_ptr->identity]; 206 link = n_ptr->links[b_ptr->identity];
diff --git a/net/tipc/discover.h b/net/tipc/discover.h
index 9fd7587b143a..c36eaeb7d5d0 100644
--- a/net/tipc/discover.h
+++ b/net/tipc/discover.h
@@ -48,7 +48,7 @@ struct link_req *tipc_disc_init_link_req(struct bearer *b_ptr,
48void tipc_disc_update_link_req(struct link_req *req); 48void tipc_disc_update_link_req(struct link_req *req);
49void tipc_disc_stop_link_req(struct link_req *req); 49void tipc_disc_stop_link_req(struct link_req *req);
50 50
51void tipc_disc_recv_msg(struct sk_buff *buf); 51void tipc_disc_recv_msg(struct sk_buff *buf, struct bearer *b_ptr);
52 52
53void tipc_disc_link_event(u32 addr, char *name, int up); 53void tipc_disc_link_event(u32 addr, char *name, int up);
54#if 0 54#if 0
diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c
index 9cd35eec3e7f..fe43ef7dd7e3 100644
--- a/net/tipc/eth_media.c
+++ b/net/tipc/eth_media.c
@@ -82,7 +82,7 @@ static int send_msg(struct sk_buff *buf, struct tipc_bearer *tb_ptr,
82 dev->dev_addr, clone->len); 82 dev->dev_addr, clone->len);
83 dev_queue_xmit(clone); 83 dev_queue_xmit(clone);
84 } 84 }
85 return TIPC_OK; 85 return 0;
86} 86}
87 87
88/** 88/**
@@ -101,7 +101,7 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev,
101 struct eth_bearer *eb_ptr = (struct eth_bearer *)pt->af_packet_priv; 101 struct eth_bearer *eb_ptr = (struct eth_bearer *)pt->af_packet_priv;
102 u32 size; 102 u32 size;
103 103
104 if (dev_net(dev) != &init_net) { 104 if (!net_eq(dev_net(dev), &init_net)) {
105 kfree_skb(buf); 105 kfree_skb(buf);
106 return 0; 106 return 0;
107 } 107 }
@@ -113,12 +113,12 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev,
113 if (likely(buf->len == size)) { 113 if (likely(buf->len == size)) {
114 buf->next = NULL; 114 buf->next = NULL;
115 tipc_recv_msg(buf, eb_ptr->bearer); 115 tipc_recv_msg(buf, eb_ptr->bearer);
116 return TIPC_OK; 116 return 0;
117 } 117 }
118 } 118 }
119 } 119 }
120 kfree_skb(buf); 120 kfree_skb(buf);
121 return TIPC_OK; 121 return 0;
122} 122}
123 123
124/** 124/**
@@ -198,7 +198,7 @@ static int recv_notification(struct notifier_block *nb, unsigned long evt,
198 struct eth_bearer *eb_ptr = &eth_bearers[0]; 198 struct eth_bearer *eb_ptr = &eth_bearers[0];
199 struct eth_bearer *stop = &eth_bearers[MAX_ETH_BEARERS]; 199 struct eth_bearer *stop = &eth_bearers[MAX_ETH_BEARERS];
200 200
201 if (dev_net(dev) != &init_net) 201 if (!net_eq(dev_net(dev), &init_net))
202 return NOTIFY_DONE; 202 return NOTIFY_DONE;
203 203
204 while ((eb_ptr->dev != dev)) { 204 while ((eb_ptr->dev != dev)) {
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 2a26a16e269f..dd4c18b9a35b 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -51,6 +51,12 @@
51 51
52 52
53/* 53/*
54 * Out-of-range value for link session numbers
55 */
56
57#define INVALID_SESSION 0x10000
58
59/*
54 * Limit for deferred reception queue: 60 * Limit for deferred reception queue:
55 */ 61 */
56 62
@@ -147,9 +153,21 @@ static void link_print(struct link *l_ptr, struct print_buf *buf,
147 153
148#define LINK_LOG_BUF_SIZE 0 154#define LINK_LOG_BUF_SIZE 0
149 155
150#define dbg_link(fmt, arg...) do {if (LINK_LOG_BUF_SIZE) tipc_printf(&l_ptr->print_buf, fmt, ## arg); } while(0) 156#define dbg_link(fmt, arg...) \
151#define dbg_link_msg(msg, txt) do {if (LINK_LOG_BUF_SIZE) tipc_msg_print(&l_ptr->print_buf, msg, txt); } while(0) 157 do { \
152#define dbg_link_state(txt) do {if (LINK_LOG_BUF_SIZE) link_print(l_ptr, &l_ptr->print_buf, txt); } while(0) 158 if (LINK_LOG_BUF_SIZE) \
159 tipc_printf(&l_ptr->print_buf, fmt, ## arg); \
160 } while (0)
161#define dbg_link_msg(msg, txt) \
162 do { \
163 if (LINK_LOG_BUF_SIZE) \
164 tipc_msg_dbg(&l_ptr->print_buf, msg, txt); \
165 } while (0)
166#define dbg_link_state(txt) \
167 do { \
168 if (LINK_LOG_BUF_SIZE) \
169 link_print(l_ptr, &l_ptr->print_buf, txt); \
170 } while (0)
153#define dbg_link_dump() do { \ 171#define dbg_link_dump() do { \
154 if (LINK_LOG_BUF_SIZE) { \ 172 if (LINK_LOG_BUF_SIZE) { \
155 tipc_printf(LOG, "\n\nDumping link <%s>:\n", l_ptr->name); \ 173 tipc_printf(LOG, "\n\nDumping link <%s>:\n", l_ptr->name); \
@@ -450,9 +468,9 @@ struct link *tipc_link_create(struct bearer *b_ptr, const u32 peer,
450 468
451 l_ptr->pmsg = (struct tipc_msg *)&l_ptr->proto_msg; 469 l_ptr->pmsg = (struct tipc_msg *)&l_ptr->proto_msg;
452 msg = l_ptr->pmsg; 470 msg = l_ptr->pmsg;
453 msg_init(msg, LINK_PROTOCOL, RESET_MSG, TIPC_OK, INT_H_SIZE, l_ptr->addr); 471 msg_init(msg, LINK_PROTOCOL, RESET_MSG, INT_H_SIZE, l_ptr->addr);
454 msg_set_size(msg, sizeof(l_ptr->proto_msg)); 472 msg_set_size(msg, sizeof(l_ptr->proto_msg));
455 msg_set_session(msg, tipc_random); 473 msg_set_session(msg, (tipc_random & 0xffff));
456 msg_set_bearer_id(msg, b_ptr->identity); 474 msg_set_bearer_id(msg, b_ptr->identity);
457 strcpy((char *)msg_data(msg), if_name); 475 strcpy((char *)msg_data(msg), if_name);
458 476
@@ -693,10 +711,10 @@ void tipc_link_reset(struct link *l_ptr)
693 u32 checkpoint = l_ptr->next_in_no; 711 u32 checkpoint = l_ptr->next_in_no;
694 int was_active_link = tipc_link_is_active(l_ptr); 712 int was_active_link = tipc_link_is_active(l_ptr);
695 713
696 msg_set_session(l_ptr->pmsg, msg_session(l_ptr->pmsg) + 1); 714 msg_set_session(l_ptr->pmsg, ((msg_session(l_ptr->pmsg) + 1) & 0xffff));
697 715
698 /* Link is down, accept any session: */ 716 /* Link is down, accept any session */
699 l_ptr->peer_session = 0; 717 l_ptr->peer_session = INVALID_SESSION;
700 718
701 /* Prepare for max packet size negotiation */ 719 /* Prepare for max packet size negotiation */
702 link_init_max_pkt(l_ptr); 720 link_init_max_pkt(l_ptr);
@@ -1110,7 +1128,7 @@ int tipc_link_send_buf(struct link *l_ptr, struct sk_buff *buf)
1110 1128
1111 if (bundler) { 1129 if (bundler) {
1112 msg_init(&bundler_hdr, MSG_BUNDLER, OPEN_MSG, 1130 msg_init(&bundler_hdr, MSG_BUNDLER, OPEN_MSG,
1113 TIPC_OK, INT_H_SIZE, l_ptr->addr); 1131 INT_H_SIZE, l_ptr->addr);
1114 skb_copy_to_linear_data(bundler, &bundler_hdr, 1132 skb_copy_to_linear_data(bundler, &bundler_hdr,
1115 INT_H_SIZE); 1133 INT_H_SIZE);
1116 skb_trim(bundler, INT_H_SIZE); 1134 skb_trim(bundler, INT_H_SIZE);
@@ -1137,7 +1155,7 @@ int tipc_link_send_buf(struct link *l_ptr, struct sk_buff *buf)
1137int tipc_link_send(struct sk_buff *buf, u32 dest, u32 selector) 1155int tipc_link_send(struct sk_buff *buf, u32 dest, u32 selector)
1138{ 1156{
1139 struct link *l_ptr; 1157 struct link *l_ptr;
1140 struct node *n_ptr; 1158 struct tipc_node *n_ptr;
1141 int res = -ELINKCONG; 1159 int res = -ELINKCONG;
1142 1160
1143 read_lock_bh(&tipc_net_lock); 1161 read_lock_bh(&tipc_net_lock);
@@ -1208,7 +1226,7 @@ static int link_send_buf_fast(struct link *l_ptr, struct sk_buff *buf,
1208int tipc_send_buf_fast(struct sk_buff *buf, u32 destnode) 1226int tipc_send_buf_fast(struct sk_buff *buf, u32 destnode)
1209{ 1227{
1210 struct link *l_ptr; 1228 struct link *l_ptr;
1211 struct node *n_ptr; 1229 struct tipc_node *n_ptr;
1212 int res; 1230 int res;
1213 u32 selector = msg_origport(buf_msg(buf)) & 1; 1231 u32 selector = msg_origport(buf_msg(buf)) & 1;
1214 u32 dummy; 1232 u32 dummy;
@@ -1252,7 +1270,7 @@ int tipc_link_send_sections_fast(struct port *sender,
1252 struct tipc_msg *hdr = &sender->publ.phdr; 1270 struct tipc_msg *hdr = &sender->publ.phdr;
1253 struct link *l_ptr; 1271 struct link *l_ptr;
1254 struct sk_buff *buf; 1272 struct sk_buff *buf;
1255 struct node *node; 1273 struct tipc_node *node;
1256 int res; 1274 int res;
1257 u32 selector = msg_origport(hdr) & 1; 1275 u32 selector = msg_origport(hdr) & 1;
1258 1276
@@ -1346,7 +1364,7 @@ static int link_send_sections_long(struct port *sender,
1346 u32 destaddr) 1364 u32 destaddr)
1347{ 1365{
1348 struct link *l_ptr; 1366 struct link *l_ptr;
1349 struct node *node; 1367 struct tipc_node *node;
1350 struct tipc_msg *hdr = &sender->publ.phdr; 1368 struct tipc_msg *hdr = &sender->publ.phdr;
1351 u32 dsz = msg_data_sz(hdr); 1369 u32 dsz = msg_data_sz(hdr);
1352 u32 max_pkt,fragm_sz,rest; 1370 u32 max_pkt,fragm_sz,rest;
@@ -1374,7 +1392,7 @@ again:
1374 1392
1375 msg_dbg(hdr, ">FRAGMENTING>"); 1393 msg_dbg(hdr, ">FRAGMENTING>");
1376 msg_init(&fragm_hdr, MSG_FRAGMENTER, FIRST_FRAGMENT, 1394 msg_init(&fragm_hdr, MSG_FRAGMENTER, FIRST_FRAGMENT,
1377 TIPC_OK, INT_H_SIZE, msg_destnode(hdr)); 1395 INT_H_SIZE, msg_destnode(hdr));
1378 msg_set_link_selector(&fragm_hdr, sender->publ.ref); 1396 msg_set_link_selector(&fragm_hdr, sender->publ.ref);
1379 msg_set_size(&fragm_hdr, max_pkt); 1397 msg_set_size(&fragm_hdr, max_pkt);
1380 msg_set_fragm_no(&fragm_hdr, 1); 1398 msg_set_fragm_no(&fragm_hdr, 1);
@@ -1543,7 +1561,7 @@ u32 tipc_link_push_packet(struct link *l_ptr)
1543 l_ptr->retransm_queue_head = mod(++r_q_head); 1561 l_ptr->retransm_queue_head = mod(++r_q_head);
1544 l_ptr->retransm_queue_size = --r_q_size; 1562 l_ptr->retransm_queue_size = --r_q_size;
1545 l_ptr->stats.retransmitted++; 1563 l_ptr->stats.retransmitted++;
1546 return TIPC_OK; 1564 return 0;
1547 } else { 1565 } else {
1548 l_ptr->stats.bearer_congs++; 1566 l_ptr->stats.bearer_congs++;
1549 msg_dbg(buf_msg(buf), "|>DEF-RETR>"); 1567 msg_dbg(buf_msg(buf), "|>DEF-RETR>");
@@ -1562,7 +1580,7 @@ u32 tipc_link_push_packet(struct link *l_ptr)
1562 l_ptr->unacked_window = 0; 1580 l_ptr->unacked_window = 0;
1563 buf_discard(buf); 1581 buf_discard(buf);
1564 l_ptr->proto_msg_queue = NULL; 1582 l_ptr->proto_msg_queue = NULL;
1565 return TIPC_OK; 1583 return 0;
1566 } else { 1584 } else {
1567 msg_dbg(buf_msg(buf), "|>DEF-PROT>"); 1585 msg_dbg(buf_msg(buf), "|>DEF-PROT>");
1568 l_ptr->stats.bearer_congs++; 1586 l_ptr->stats.bearer_congs++;
@@ -1586,7 +1604,7 @@ u32 tipc_link_push_packet(struct link *l_ptr)
1586 msg_set_type(msg, CLOSED_MSG); 1604 msg_set_type(msg, CLOSED_MSG);
1587 msg_dbg(msg, ">PUSH-DATA>"); 1605 msg_dbg(msg, ">PUSH-DATA>");
1588 l_ptr->next_out = buf->next; 1606 l_ptr->next_out = buf->next;
1589 return TIPC_OK; 1607 return 0;
1590 } else { 1608 } else {
1591 msg_dbg(msg, "|PUSH-DATA|"); 1609 msg_dbg(msg, "|PUSH-DATA|");
1592 l_ptr->stats.bearer_congs++; 1610 l_ptr->stats.bearer_congs++;
@@ -1610,15 +1628,15 @@ void tipc_link_push_queue(struct link *l_ptr)
1610 1628
1611 do { 1629 do {
1612 res = tipc_link_push_packet(l_ptr); 1630 res = tipc_link_push_packet(l_ptr);
1613 } 1631 } while (!res);
1614 while (res == TIPC_OK); 1632
1615 if (res == PUSH_FAILED) 1633 if (res == PUSH_FAILED)
1616 tipc_bearer_schedule(l_ptr->b_ptr, l_ptr); 1634 tipc_bearer_schedule(l_ptr->b_ptr, l_ptr);
1617} 1635}
1618 1636
1619static void link_reset_all(unsigned long addr) 1637static void link_reset_all(unsigned long addr)
1620{ 1638{
1621 struct node *n_ptr; 1639 struct tipc_node *n_ptr;
1622 char addr_string[16]; 1640 char addr_string[16];
1623 u32 i; 1641 u32 i;
1624 1642
@@ -1651,7 +1669,7 @@ static void link_retransmit_failure(struct link *l_ptr, struct sk_buff *buf)
1651 struct tipc_msg *msg = buf_msg(buf); 1669 struct tipc_msg *msg = buf_msg(buf);
1652 1670
1653 warn("Retransmission failure on link <%s>\n", l_ptr->name); 1671 warn("Retransmission failure on link <%s>\n", l_ptr->name);
1654 tipc_msg_print(TIPC_OUTPUT, msg, ">RETR-FAIL>"); 1672 tipc_msg_dbg(TIPC_OUTPUT, msg, ">RETR-FAIL>");
1655 1673
1656 if (l_ptr->addr) { 1674 if (l_ptr->addr) {
1657 1675
@@ -1664,7 +1682,7 @@ static void link_retransmit_failure(struct link *l_ptr, struct sk_buff *buf)
1664 1682
1665 /* Handle failure on broadcast link */ 1683 /* Handle failure on broadcast link */
1666 1684
1667 struct node *n_ptr; 1685 struct tipc_node *n_ptr;
1668 char addr_string[16]; 1686 char addr_string[16];
1669 1687
1670 tipc_printf(TIPC_OUTPUT, "Msg seq number: %u, ", msg_seqno(msg)); 1688 tipc_printf(TIPC_OUTPUT, "Msg seq number: %u, ", msg_seqno(msg));
@@ -1748,21 +1766,6 @@ void tipc_link_retransmit(struct link *l_ptr, struct sk_buff *buf,
1748 l_ptr->retransm_queue_head = l_ptr->retransm_queue_size = 0; 1766 l_ptr->retransm_queue_head = l_ptr->retransm_queue_size = 0;
1749} 1767}
1750 1768
1751/*
1752 * link_recv_non_seq: Receive packets which are outside
1753 * the link sequence flow
1754 */
1755
1756static void link_recv_non_seq(struct sk_buff *buf)
1757{
1758 struct tipc_msg *msg = buf_msg(buf);
1759
1760 if (msg_user(msg) == LINK_CONFIG)
1761 tipc_disc_recv_msg(buf);
1762 else
1763 tipc_bclink_recv_pkt(buf);
1764}
1765
1766/** 1769/**
1767 * link_insert_deferred_queue - insert deferred messages back into receive chain 1770 * link_insert_deferred_queue - insert deferred messages back into receive chain
1768 */ 1771 */
@@ -1839,8 +1842,8 @@ void tipc_recv_msg(struct sk_buff *head, struct tipc_bearer *tb_ptr)
1839{ 1842{
1840 read_lock_bh(&tipc_net_lock); 1843 read_lock_bh(&tipc_net_lock);
1841 while (head) { 1844 while (head) {
1842 struct bearer *b_ptr; 1845 struct bearer *b_ptr = (struct bearer *)tb_ptr;
1843 struct node *n_ptr; 1846 struct tipc_node *n_ptr;
1844 struct link *l_ptr; 1847 struct link *l_ptr;
1845 struct sk_buff *crs; 1848 struct sk_buff *crs;
1846 struct sk_buff *buf = head; 1849 struct sk_buff *buf = head;
@@ -1850,9 +1853,6 @@ void tipc_recv_msg(struct sk_buff *head, struct tipc_bearer *tb_ptr)
1850 u32 released = 0; 1853 u32 released = 0;
1851 int type; 1854 int type;
1852 1855
1853 b_ptr = (struct bearer *)tb_ptr;
1854 TIPC_SKB_CB(buf)->handle = b_ptr;
1855
1856 head = head->next; 1856 head = head->next;
1857 1857
1858 /* Ensure message is well-formed */ 1858 /* Ensure message is well-formed */
@@ -1871,7 +1871,10 @@ void tipc_recv_msg(struct sk_buff *head, struct tipc_bearer *tb_ptr)
1871 msg = buf_msg(buf); 1871 msg = buf_msg(buf);
1872 1872
1873 if (unlikely(msg_non_seq(msg))) { 1873 if (unlikely(msg_non_seq(msg))) {
1874 link_recv_non_seq(buf); 1874 if (msg_user(msg) == LINK_CONFIG)
1875 tipc_disc_recv_msg(buf, b_ptr);
1876 else
1877 tipc_bclink_recv_pkt(buf);
1875 continue; 1878 continue;
1876 } 1879 }
1877 1880
@@ -1978,8 +1981,6 @@ deliver:
1978 if (link_recv_changeover_msg(&l_ptr, &buf)) { 1981 if (link_recv_changeover_msg(&l_ptr, &buf)) {
1979 msg = buf_msg(buf); 1982 msg = buf_msg(buf);
1980 seq_no = msg_seqno(msg); 1983 seq_no = msg_seqno(msg);
1981 TIPC_SKB_CB(buf)->handle
1982 = b_ptr;
1983 if (type == ORIGINAL_MSG) 1984 if (type == ORIGINAL_MSG)
1984 goto deliver; 1985 goto deliver;
1985 goto protocol_check; 1986 goto protocol_check;
@@ -2263,7 +2264,8 @@ static void link_recv_proto_msg(struct link *l_ptr, struct sk_buff *buf)
2263 switch (msg_type(msg)) { 2264 switch (msg_type(msg)) {
2264 2265
2265 case RESET_MSG: 2266 case RESET_MSG:
2266 if (!link_working_unknown(l_ptr) && l_ptr->peer_session) { 2267 if (!link_working_unknown(l_ptr) &&
2268 (l_ptr->peer_session != INVALID_SESSION)) {
2267 if (msg_session(msg) == l_ptr->peer_session) { 2269 if (msg_session(msg) == l_ptr->peer_session) {
2268 dbg("Duplicate RESET: %u<->%u\n", 2270 dbg("Duplicate RESET: %u<->%u\n",
2269 msg_session(msg), l_ptr->peer_session); 2271 msg_session(msg), l_ptr->peer_session);
@@ -2424,7 +2426,7 @@ void tipc_link_changeover(struct link *l_ptr)
2424 } 2426 }
2425 2427
2426 msg_init(&tunnel_hdr, CHANGEOVER_PROTOCOL, 2428 msg_init(&tunnel_hdr, CHANGEOVER_PROTOCOL,
2427 ORIGINAL_MSG, TIPC_OK, INT_H_SIZE, l_ptr->addr); 2429 ORIGINAL_MSG, INT_H_SIZE, l_ptr->addr);
2428 msg_set_bearer_id(&tunnel_hdr, l_ptr->peer_bearer_id); 2430 msg_set_bearer_id(&tunnel_hdr, l_ptr->peer_bearer_id);
2429 msg_set_msgcnt(&tunnel_hdr, msgcount); 2431 msg_set_msgcnt(&tunnel_hdr, msgcount);
2430 dbg("Link changeover requires %u tunnel messages\n", msgcount); 2432 dbg("Link changeover requires %u tunnel messages\n", msgcount);
@@ -2479,7 +2481,7 @@ void tipc_link_send_duplicate(struct link *l_ptr, struct link *tunnel)
2479 struct tipc_msg tunnel_hdr; 2481 struct tipc_msg tunnel_hdr;
2480 2482
2481 msg_init(&tunnel_hdr, CHANGEOVER_PROTOCOL, 2483 msg_init(&tunnel_hdr, CHANGEOVER_PROTOCOL,
2482 DUPLICATE_MSG, TIPC_OK, INT_H_SIZE, l_ptr->addr); 2484 DUPLICATE_MSG, INT_H_SIZE, l_ptr->addr);
2483 msg_set_msgcnt(&tunnel_hdr, l_ptr->out_queue_size); 2485 msg_set_msgcnt(&tunnel_hdr, l_ptr->out_queue_size);
2484 msg_set_bearer_id(&tunnel_hdr, l_ptr->peer_bearer_id); 2486 msg_set_bearer_id(&tunnel_hdr, l_ptr->peer_bearer_id);
2485 iter = l_ptr->first_out; 2487 iter = l_ptr->first_out;
@@ -2672,10 +2674,12 @@ int tipc_link_send_long_buf(struct link *l_ptr, struct sk_buff *buf)
2672 u32 pack_sz = link_max_pkt(l_ptr); 2674 u32 pack_sz = link_max_pkt(l_ptr);
2673 u32 fragm_sz = pack_sz - INT_H_SIZE; 2675 u32 fragm_sz = pack_sz - INT_H_SIZE;
2674 u32 fragm_no = 1; 2676 u32 fragm_no = 1;
2675 u32 destaddr = msg_destnode(inmsg); 2677 u32 destaddr;
2676 2678
2677 if (msg_short(inmsg)) 2679 if (msg_short(inmsg))
2678 destaddr = l_ptr->addr; 2680 destaddr = l_ptr->addr;
2681 else
2682 destaddr = msg_destnode(inmsg);
2679 2683
2680 if (msg_routed(inmsg)) 2684 if (msg_routed(inmsg))
2681 msg_set_prevnode(inmsg, tipc_own_addr); 2685 msg_set_prevnode(inmsg, tipc_own_addr);
@@ -2683,7 +2687,7 @@ int tipc_link_send_long_buf(struct link *l_ptr, struct sk_buff *buf)
2683 /* Prepare reusable fragment header: */ 2687 /* Prepare reusable fragment header: */
2684 2688
2685 msg_init(&fragm_hdr, MSG_FRAGMENTER, FIRST_FRAGMENT, 2689 msg_init(&fragm_hdr, MSG_FRAGMENTER, FIRST_FRAGMENT,
2686 TIPC_OK, INT_H_SIZE, destaddr); 2690 INT_H_SIZE, destaddr);
2687 msg_set_link_selector(&fragm_hdr, msg_link_selector(inmsg)); 2691 msg_set_link_selector(&fragm_hdr, msg_link_selector(inmsg));
2688 msg_set_long_msgno(&fragm_hdr, mod(l_ptr->long_msg_seq_no++)); 2692 msg_set_long_msgno(&fragm_hdr, mod(l_ptr->long_msg_seq_no++));
2689 msg_set_fragm_no(&fragm_hdr, fragm_no); 2693 msg_set_fragm_no(&fragm_hdr, fragm_no);
@@ -2931,7 +2935,7 @@ void tipc_link_set_queue_limits(struct link *l_ptr, u32 window)
2931 * Returns pointer to link (or 0 if invalid link name). 2935 * Returns pointer to link (or 0 if invalid link name).
2932 */ 2936 */
2933 2937
2934static struct link *link_find_link(const char *name, struct node **node) 2938static struct link *link_find_link(const char *name, struct tipc_node **node)
2935{ 2939{
2936 struct link_name link_name_parts; 2940 struct link_name link_name_parts;
2937 struct bearer *b_ptr; 2941 struct bearer *b_ptr;
@@ -2961,7 +2965,7 @@ struct sk_buff *tipc_link_cmd_config(const void *req_tlv_area, int req_tlv_space
2961 struct tipc_link_config *args; 2965 struct tipc_link_config *args;
2962 u32 new_value; 2966 u32 new_value;
2963 struct link *l_ptr; 2967 struct link *l_ptr;
2964 struct node *node; 2968 struct tipc_node *node;
2965 int res; 2969 int res;
2966 2970
2967 if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_LINK_CONFIG)) 2971 if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_LINK_CONFIG))
@@ -2994,7 +2998,7 @@ struct sk_buff *tipc_link_cmd_config(const void *req_tlv_area, int req_tlv_space
2994 link_set_supervision_props(l_ptr, new_value); 2998 link_set_supervision_props(l_ptr, new_value);
2995 tipc_link_send_proto_msg(l_ptr, STATE_MSG, 2999 tipc_link_send_proto_msg(l_ptr, STATE_MSG,
2996 0, 0, new_value, 0, 0); 3000 0, 0, new_value, 0, 0);
2997 res = TIPC_OK; 3001 res = 0;
2998 } 3002 }
2999 break; 3003 break;
3000 case TIPC_CMD_SET_LINK_PRI: 3004 case TIPC_CMD_SET_LINK_PRI:
@@ -3003,14 +3007,14 @@ struct sk_buff *tipc_link_cmd_config(const void *req_tlv_area, int req_tlv_space
3003 l_ptr->priority = new_value; 3007 l_ptr->priority = new_value;
3004 tipc_link_send_proto_msg(l_ptr, STATE_MSG, 3008 tipc_link_send_proto_msg(l_ptr, STATE_MSG,
3005 0, 0, 0, new_value, 0); 3009 0, 0, 0, new_value, 0);
3006 res = TIPC_OK; 3010 res = 0;
3007 } 3011 }
3008 break; 3012 break;
3009 case TIPC_CMD_SET_LINK_WINDOW: 3013 case TIPC_CMD_SET_LINK_WINDOW:
3010 if ((new_value >= TIPC_MIN_LINK_WIN) && 3014 if ((new_value >= TIPC_MIN_LINK_WIN) &&
3011 (new_value <= TIPC_MAX_LINK_WIN)) { 3015 (new_value <= TIPC_MAX_LINK_WIN)) {
3012 tipc_link_set_queue_limits(l_ptr, new_value); 3016 tipc_link_set_queue_limits(l_ptr, new_value);
3013 res = TIPC_OK; 3017 res = 0;
3014 } 3018 }
3015 break; 3019 break;
3016 } 3020 }
@@ -3039,7 +3043,7 @@ struct sk_buff *tipc_link_cmd_reset_stats(const void *req_tlv_area, int req_tlv_
3039{ 3043{
3040 char *link_name; 3044 char *link_name;
3041 struct link *l_ptr; 3045 struct link *l_ptr;
3042 struct node *node; 3046 struct tipc_node *node;
3043 3047
3044 if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_LINK_NAME)) 3048 if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_LINK_NAME))
3045 return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); 3049 return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR);
@@ -3087,7 +3091,7 @@ static int tipc_link_stats(const char *name, char *buf, const u32 buf_size)
3087{ 3091{
3088 struct print_buf pb; 3092 struct print_buf pb;
3089 struct link *l_ptr; 3093 struct link *l_ptr;
3090 struct node *node; 3094 struct tipc_node *node;
3091 char *status; 3095 char *status;
3092 u32 profile_total = 0; 3096 u32 profile_total = 0;
3093 3097
@@ -3203,7 +3207,7 @@ int link_control(const char *name, u32 op, u32 val)
3203 int res = -EINVAL; 3207 int res = -EINVAL;
3204 struct link *l_ptr; 3208 struct link *l_ptr;
3205 u32 bearer_id; 3209 u32 bearer_id;
3206 struct node * node; 3210 struct tipc_node * node;
3207 u32 a; 3211 u32 a;
3208 3212
3209 a = link_name2addr(name, &bearer_id); 3213 a = link_name2addr(name, &bearer_id);
@@ -3226,7 +3230,7 @@ int link_control(const char *name, u32 op, u32 val)
3226 if (op == TIPC_CMD_UNBLOCK_LINK) { 3230 if (op == TIPC_CMD_UNBLOCK_LINK) {
3227 l_ptr->blocked = 0; 3231 l_ptr->blocked = 0;
3228 } 3232 }
3229 res = TIPC_OK; 3233 res = 0;
3230 } 3234 }
3231 tipc_node_unlock(node); 3235 tipc_node_unlock(node);
3232 } 3236 }
@@ -3245,7 +3249,7 @@ int link_control(const char *name, u32 op, u32 val)
3245 3249
3246u32 tipc_link_get_max_pkt(u32 dest, u32 selector) 3250u32 tipc_link_get_max_pkt(u32 dest, u32 selector)
3247{ 3251{
3248 struct node *n_ptr; 3252 struct tipc_node *n_ptr;
3249 struct link *l_ptr; 3253 struct link *l_ptr;
3250 u32 res = MAX_PKT_DEFAULT; 3254 u32 res = MAX_PKT_DEFAULT;
3251 3255
diff --git a/net/tipc/link.h b/net/tipc/link.h
index 52f3e7c1871f..6a51e38ad25c 100644
--- a/net/tipc/link.h
+++ b/net/tipc/link.h
@@ -116,7 +116,7 @@ struct link {
116 char name[TIPC_MAX_LINK_NAME]; 116 char name[TIPC_MAX_LINK_NAME];
117 struct tipc_media_addr media_addr; 117 struct tipc_media_addr media_addr;
118 struct timer_list timer; 118 struct timer_list timer;
119 struct node *owner; 119 struct tipc_node *owner;
120 struct list_head link_list; 120 struct list_head link_list;
121 121
122 /* Management and link supervision data */ 122 /* Management and link supervision data */
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index 696a8633df75..73dcd00d674e 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -41,7 +41,9 @@
41#include "bearer.h" 41#include "bearer.h"
42 42
43 43
44void tipc_msg_print(struct print_buf *buf, struct tipc_msg *msg, const char *str) 44#ifdef CONFIG_TIPC_DEBUG
45
46void tipc_msg_dbg(struct print_buf *buf, struct tipc_msg *msg, const char *str)
45{ 47{
46 u32 usr = msg_user(msg); 48 u32 usr = msg_user(msg);
47 tipc_printf(buf, str); 49 tipc_printf(buf, str);
@@ -228,13 +230,10 @@ void tipc_msg_print(struct print_buf *buf, struct tipc_msg *msg, const char *str
228 230
229 switch (usr) { 231 switch (usr) {
230 case CONN_MANAGER: 232 case CONN_MANAGER:
231 case NAME_DISTRIBUTOR:
232 case TIPC_LOW_IMPORTANCE: 233 case TIPC_LOW_IMPORTANCE:
233 case TIPC_MEDIUM_IMPORTANCE: 234 case TIPC_MEDIUM_IMPORTANCE:
234 case TIPC_HIGH_IMPORTANCE: 235 case TIPC_HIGH_IMPORTANCE:
235 case TIPC_CRITICAL_IMPORTANCE: 236 case TIPC_CRITICAL_IMPORTANCE:
236 if (msg_short(msg))
237 break; /* No error */
238 switch (msg_errcode(msg)) { 237 switch (msg_errcode(msg)) {
239 case TIPC_OK: 238 case TIPC_OK:
240 break; 239 break;
@@ -315,9 +314,11 @@ void tipc_msg_print(struct print_buf *buf, struct tipc_msg *msg, const char *str
315 } 314 }
316 tipc_printf(buf, "\n"); 315 tipc_printf(buf, "\n");
317 if ((usr == CHANGEOVER_PROTOCOL) && (msg_msgcnt(msg))) { 316 if ((usr == CHANGEOVER_PROTOCOL) && (msg_msgcnt(msg))) {
318 tipc_msg_print(buf,msg_get_wrapped(msg)," /"); 317 tipc_msg_dbg(buf, msg_get_wrapped(msg), " /");
319 } 318 }
320 if ((usr == MSG_FRAGMENTER) && (msg_type(msg) == FIRST_FRAGMENT)) { 319 if ((usr == MSG_FRAGMENTER) && (msg_type(msg) == FIRST_FRAGMENT)) {
321 tipc_msg_print(buf,msg_get_wrapped(msg)," /"); 320 tipc_msg_dbg(buf, msg_get_wrapped(msg), " /");
322 } 321 }
323} 322}
323
324#endif
diff --git a/net/tipc/msg.h b/net/tipc/msg.h
index ad487e8abcc2..7ee6ae238147 100644
--- a/net/tipc/msg.h
+++ b/net/tipc/msg.h
@@ -2,7 +2,7 @@
2 * net/tipc/msg.h: Include file for TIPC message header routines 2 * net/tipc/msg.h: Include file for TIPC message header routines
3 * 3 *
4 * Copyright (c) 2000-2007, Ericsson AB 4 * Copyright (c) 2000-2007, Ericsson AB
5 * Copyright (c) 2005-2007, Wind River Systems 5 * Copyright (c) 2005-2008, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -75,6 +75,14 @@ static inline void msg_set_bits(struct tipc_msg *m, u32 w,
75 m->hdr[w] |= htonl(val); 75 m->hdr[w] |= htonl(val);
76} 76}
77 77
78static inline void msg_swap_words(struct tipc_msg *msg, u32 a, u32 b)
79{
80 u32 temp = msg->hdr[a];
81
82 msg->hdr[a] = msg->hdr[b];
83 msg->hdr[b] = temp;
84}
85
78/* 86/*
79 * Word 0 87 * Word 0
80 */ 88 */
@@ -119,9 +127,9 @@ static inline int msg_non_seq(struct tipc_msg *m)
119 return msg_bits(m, 0, 20, 1); 127 return msg_bits(m, 0, 20, 1);
120} 128}
121 129
122static inline void msg_set_non_seq(struct tipc_msg *m) 130static inline void msg_set_non_seq(struct tipc_msg *m, u32 n)
123{ 131{
124 msg_set_bits(m, 0, 20, 1, 1); 132 msg_set_bits(m, 0, 20, 1, n);
125} 133}
126 134
127static inline int msg_dest_droppable(struct tipc_msg *m) 135static inline int msg_dest_droppable(struct tipc_msg *m)
@@ -224,6 +232,25 @@ static inline void msg_set_seqno(struct tipc_msg *m, u32 n)
224 msg_set_bits(m, 2, 0, 0xffff, n); 232 msg_set_bits(m, 2, 0, 0xffff, n);
225} 233}
226 234
235/*
236 * TIPC may utilize the "link ack #" and "link seq #" fields of a short
237 * message header to hold the destination node for the message, since the
238 * normal "dest node" field isn't present. This cache is only referenced
239 * when required, so populating the cache of a longer message header is
240 * harmless (as long as the header has the two link sequence fields present).
241 *
242 * Note: Host byte order is OK here, since the info never goes off-card.
243 */
244
245static inline u32 msg_destnode_cache(struct tipc_msg *m)
246{
247 return m->hdr[2];
248}
249
250static inline void msg_set_destnode_cache(struct tipc_msg *m, u32 dnode)
251{
252 m->hdr[2] = dnode;
253}
227 254
228/* 255/*
229 * Words 3-10 256 * Words 3-10
@@ -325,7 +352,7 @@ static inline struct tipc_msg *msg_get_wrapped(struct tipc_msg *m)
325 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
326 w0:|vers |msg usr|hdr sz |n|resrv| packet size | 353 w0:|vers |msg usr|hdr sz |n|resrv| packet size |
327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
328 w1:|m typ|rsv=0| sequence gap | broadcast ack no | 355 w1:|m typ| sequence gap | broadcast ack no |
329 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
330 w2:| link level ack no/bc_gap_from | seq no / bcast_gap_to | 357 w2:| link level ack no/bc_gap_from | seq no / bcast_gap_to |
331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -388,12 +415,12 @@ static inline struct tipc_msg *msg_get_wrapped(struct tipc_msg *m)
388 415
389static inline u32 msg_seq_gap(struct tipc_msg *m) 416static inline u32 msg_seq_gap(struct tipc_msg *m)
390{ 417{
391 return msg_bits(m, 1, 16, 0xff); 418 return msg_bits(m, 1, 16, 0x1fff);
392} 419}
393 420
394static inline void msg_set_seq_gap(struct tipc_msg *m, u32 n) 421static inline void msg_set_seq_gap(struct tipc_msg *m, u32 n)
395{ 422{
396 msg_set_bits(m, 1, 16, 0xff, n); 423 msg_set_bits(m, 1, 16, 0x1fff, n);
397} 424}
398 425
399static inline u32 msg_req_links(struct tipc_msg *m) 426static inline u32 msg_req_links(struct tipc_msg *m)
@@ -696,7 +723,7 @@ static inline u32 msg_tot_importance(struct tipc_msg *m)
696 723
697 724
698static inline void msg_init(struct tipc_msg *m, u32 user, u32 type, 725static inline void msg_init(struct tipc_msg *m, u32 user, u32 type,
699 u32 err, u32 hsize, u32 destnode) 726 u32 hsize, u32 destnode)
700{ 727{
701 memset(m, 0, hsize); 728 memset(m, 0, hsize);
702 msg_set_version(m); 729 msg_set_version(m);
@@ -705,7 +732,6 @@ static inline void msg_init(struct tipc_msg *m, u32 user, u32 type,
705 msg_set_size(m, hsize); 732 msg_set_size(m, hsize);
706 msg_set_prevnode(m, tipc_own_addr); 733 msg_set_prevnode(m, tipc_own_addr);
707 msg_set_type(m, type); 734 msg_set_type(m, type);
708 msg_set_errcode(m, err);
709 if (!msg_short(m)) { 735 if (!msg_short(m)) {
710 msg_set_orignode(m, tipc_own_addr); 736 msg_set_orignode(m, tipc_own_addr);
711 msg_set_destnode(m, destnode); 737 msg_set_destnode(m, destnode);
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index 39fd1619febf..10a69894e2fd 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -41,9 +41,6 @@
41#include "msg.h" 41#include "msg.h"
42#include "name_distr.h" 42#include "name_distr.h"
43 43
44#undef DBG_OUTPUT
45#define DBG_OUTPUT NULL
46
47#define ITEM_SIZE sizeof(struct distr_item) 44#define ITEM_SIZE sizeof(struct distr_item)
48 45
49/** 46/**
@@ -106,8 +103,7 @@ static struct sk_buff *named_prepare_buf(u32 type, u32 size, u32 dest)
106 103
107 if (buf != NULL) { 104 if (buf != NULL) {
108 msg = buf_msg(buf); 105 msg = buf_msg(buf);
109 msg_init(msg, NAME_DISTRIBUTOR, type, TIPC_OK, 106 msg_init(msg, NAME_DISTRIBUTOR, type, LONG_H_SIZE, dest);
110 LONG_H_SIZE, dest);
111 msg_set_size(msg, LONG_H_SIZE + size); 107 msg_set_size(msg, LONG_H_SIZE + size);
112 } 108 }
113 return buf; 109 return buf;
diff --git a/net/tipc/name_table.c b/net/tipc/name_table.c
index ac7dfdda7973..cd72e22b132b 100644
--- a/net/tipc/name_table.c
+++ b/net/tipc/name_table.c
@@ -2,7 +2,7 @@
2 * net/tipc/name_table.c: TIPC name table code 2 * net/tipc/name_table.c: TIPC name table code
3 * 3 *
4 * Copyright (c) 2000-2006, Ericsson AB 4 * Copyright (c) 2000-2006, Ericsson AB
5 * Copyright (c) 2004-2005, Wind River Systems 5 * Copyright (c) 2004-2008, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -52,9 +52,16 @@ static int tipc_nametbl_size = 1024; /* must be a power of 2 */
52 * struct sub_seq - container for all published instances of a name sequence 52 * struct sub_seq - container for all published instances of a name sequence
53 * @lower: name sequence lower bound 53 * @lower: name sequence lower bound
54 * @upper: name sequence upper bound 54 * @upper: name sequence upper bound
55 * @node_list: circular list of matching publications with >= node scope 55 * @node_list: circular list of publications made by own node
56 * @cluster_list: circular list of matching publications with >= cluster scope 56 * @cluster_list: circular list of publications made by own cluster
57 * @zone_list: circular list of matching publications with >= zone scope 57 * @zone_list: circular list of publications made by own zone
58 * @node_list_size: number of entries in "node_list"
59 * @cluster_list_size: number of entries in "cluster_list"
60 * @zone_list_size: number of entries in "zone_list"
61 *
62 * Note: The zone list always contains at least one entry, since all
63 * publications of the associated name sequence belong to it.
64 * (The cluster and node lists may be empty.)
58 */ 65 */
59 66
60struct sub_seq { 67struct sub_seq {
@@ -63,6 +70,9 @@ struct sub_seq {
63 struct publication *node_list; 70 struct publication *node_list;
64 struct publication *cluster_list; 71 struct publication *cluster_list;
65 struct publication *zone_list; 72 struct publication *zone_list;
73 u32 node_list_size;
74 u32 cluster_list_size;
75 u32 zone_list_size;
66}; 76};
67 77
68/** 78/**
@@ -74,7 +84,7 @@ struct sub_seq {
74 * @first_free: array index of first unused sub-sequence entry 84 * @first_free: array index of first unused sub-sequence entry
75 * @ns_list: links to adjacent name sequences in hash chain 85 * @ns_list: links to adjacent name sequences in hash chain
76 * @subscriptions: list of subscriptions for this 'type' 86 * @subscriptions: list of subscriptions for this 'type'
77 * @lock: spinlock controlling access to name sequence structure 87 * @lock: spinlock controlling access to publication lists of all sub-sequences
78 */ 88 */
79 89
80struct name_seq { 90struct name_seq {
@@ -317,6 +327,7 @@ static struct publication *tipc_nameseq_insert_publ(struct name_seq *nseq,
317 dbg("inserting publ %p, node=0x%x publ->node=0x%x, subscr->node=%p\n", 327 dbg("inserting publ %p, node=0x%x publ->node=0x%x, subscr->node=%p\n",
318 publ, node, publ->node, publ->subscr.node); 328 publ, node, publ->node, publ->subscr.node);
319 329
330 sseq->zone_list_size++;
320 if (!sseq->zone_list) 331 if (!sseq->zone_list)
321 sseq->zone_list = publ->zone_list_next = publ; 332 sseq->zone_list = publ->zone_list_next = publ;
322 else { 333 else {
@@ -325,6 +336,7 @@ static struct publication *tipc_nameseq_insert_publ(struct name_seq *nseq,
325 } 336 }
326 337
327 if (in_own_cluster(node)) { 338 if (in_own_cluster(node)) {
339 sseq->cluster_list_size++;
328 if (!sseq->cluster_list) 340 if (!sseq->cluster_list)
329 sseq->cluster_list = publ->cluster_list_next = publ; 341 sseq->cluster_list = publ->cluster_list_next = publ;
330 else { 342 else {
@@ -335,6 +347,7 @@ static struct publication *tipc_nameseq_insert_publ(struct name_seq *nseq,
335 } 347 }
336 348
337 if (node == tipc_own_addr) { 349 if (node == tipc_own_addr) {
350 sseq->node_list_size++;
338 if (!sseq->node_list) 351 if (!sseq->node_list)
339 sseq->node_list = publ->node_list_next = publ; 352 sseq->node_list = publ->node_list_next = publ;
340 else { 353 else {
@@ -411,6 +424,7 @@ static struct publication *tipc_nameseq_remove_publ(struct name_seq *nseq, u32 i
411 } else { 424 } else {
412 sseq->zone_list = NULL; 425 sseq->zone_list = NULL;
413 } 426 }
427 sseq->zone_list_size--;
414 428
415 /* Remove publication from cluster scope list, if present */ 429 /* Remove publication from cluster scope list, if present */
416 430
@@ -439,6 +453,7 @@ static struct publication *tipc_nameseq_remove_publ(struct name_seq *nseq, u32 i
439 } else { 453 } else {
440 sseq->cluster_list = NULL; 454 sseq->cluster_list = NULL;
441 } 455 }
456 sseq->cluster_list_size--;
442 } 457 }
443end_cluster: 458end_cluster:
444 459
@@ -469,6 +484,7 @@ end_cluster:
469 } else { 484 } else {
470 sseq->node_list = NULL; 485 sseq->node_list = NULL;
471 } 486 }
487 sseq->node_list_size--;
472 } 488 }
473end_node: 489end_node:
474 490
@@ -709,15 +725,18 @@ int tipc_nametbl_mc_translate(u32 type, u32 lower, u32 upper, u32 limit,
709 725
710 if (sseq->lower > upper) 726 if (sseq->lower > upper)
711 break; 727 break;
712 publ = sseq->cluster_list; 728
713 if (publ && (publ->scope <= limit)) 729 publ = sseq->node_list;
730 if (publ) {
714 do { 731 do {
715 if (publ->node == tipc_own_addr) 732 if (publ->scope <= limit)
716 tipc_port_list_add(dports, publ->ref); 733 tipc_port_list_add(dports, publ->ref);
717 else 734 publ = publ->node_list_next;
718 res = 1; 735 } while (publ != sseq->node_list);
719 publ = publ->cluster_list_next; 736 }
720 } while (publ != sseq->cluster_list); 737
738 if (sseq->cluster_list_size != sseq->node_list_size)
739 res = 1;
721 } 740 }
722 741
723 spin_unlock_bh(&seq->lock); 742 spin_unlock_bh(&seq->lock);
@@ -905,6 +924,9 @@ static void nameseq_list(struct name_seq *seq, struct print_buf *buf, u32 depth,
905 struct sub_seq *sseq; 924 struct sub_seq *sseq;
906 char typearea[11]; 925 char typearea[11];
907 926
927 if (seq->first_free == 0)
928 return;
929
908 sprintf(typearea, "%-10u", seq->type); 930 sprintf(typearea, "%-10u", seq->type);
909 931
910 if (depth == 1) { 932 if (depth == 1) {
@@ -915,7 +937,9 @@ static void nameseq_list(struct name_seq *seq, struct print_buf *buf, u32 depth,
915 for (sseq = seq->sseqs; sseq != &seq->sseqs[seq->first_free]; sseq++) { 937 for (sseq = seq->sseqs; sseq != &seq->sseqs[seq->first_free]; sseq++) {
916 if ((lowbound <= sseq->upper) && (upbound >= sseq->lower)) { 938 if ((lowbound <= sseq->upper) && (upbound >= sseq->lower)) {
917 tipc_printf(buf, "%s ", typearea); 939 tipc_printf(buf, "%s ", typearea);
940 spin_lock_bh(&seq->lock);
918 subseq_list(sseq, buf, depth, index); 941 subseq_list(sseq, buf, depth, index);
942 spin_unlock_bh(&seq->lock);
919 sprintf(typearea, "%10s", " "); 943 sprintf(typearea, "%10s", " ");
920 } 944 }
921 } 945 }
@@ -1050,15 +1074,12 @@ void tipc_nametbl_dump(void)
1050 1074
1051int tipc_nametbl_init(void) 1075int tipc_nametbl_init(void)
1052{ 1076{
1053 int array_size = sizeof(struct hlist_head) * tipc_nametbl_size; 1077 table.types = kcalloc(tipc_nametbl_size, sizeof(struct hlist_head),
1054 1078 GFP_ATOMIC);
1055 table.types = kzalloc(array_size, GFP_ATOMIC);
1056 if (!table.types) 1079 if (!table.types)
1057 return -ENOMEM; 1080 return -ENOMEM;
1058 1081
1059 write_lock_bh(&tipc_nametbl_lock);
1060 table.local_publ_count = 0; 1082 table.local_publ_count = 0;
1061 write_unlock_bh(&tipc_nametbl_lock);
1062 return 0; 1083 return 0;
1063} 1084}
1064 1085
diff --git a/net/tipc/name_table.h b/net/tipc/name_table.h
index b9e7cd336d76..139882d4ed00 100644
--- a/net/tipc/name_table.h
+++ b/net/tipc/name_table.h
@@ -76,7 +76,7 @@ struct publication {
76 u32 node; 76 u32 node;
77 u32 ref; 77 u32 ref;
78 u32 key; 78 u32 key;
79 struct node_subscr subscr; 79 struct tipc_node_subscr subscr;
80 struct list_head local_list; 80 struct list_head local_list;
81 struct list_head pport_list; 81 struct list_head pport_list;
82 struct publication *node_list_next; 82 struct publication *node_list_next;
diff --git a/net/tipc/net.c b/net/tipc/net.c
index c39c76201e8e..7906608bf510 100644
--- a/net/tipc/net.c
+++ b/net/tipc/net.c
@@ -118,7 +118,7 @@
118DEFINE_RWLOCK(tipc_net_lock); 118DEFINE_RWLOCK(tipc_net_lock);
119struct network tipc_net = { NULL }; 119struct network tipc_net = { NULL };
120 120
121struct node *tipc_net_select_remote_node(u32 addr, u32 ref) 121struct tipc_node *tipc_net_select_remote_node(u32 addr, u32 ref)
122{ 122{
123 return tipc_zone_select_remote_node(tipc_net.zones[tipc_zone(addr)], addr, ref); 123 return tipc_zone_select_remote_node(tipc_net.zones[tipc_zone(addr)], addr, ref);
124} 124}
@@ -165,7 +165,7 @@ static int net_init(void)
165 if (!tipc_net.zones) { 165 if (!tipc_net.zones) {
166 return -ENOMEM; 166 return -ENOMEM;
167 } 167 }
168 return TIPC_OK; 168 return 0;
169} 169}
170 170
171static void net_stop(void) 171static void net_stop(void)
@@ -266,7 +266,7 @@ void tipc_net_route_msg(struct sk_buff *buf)
266 tipc_link_send(buf, dnode, msg_link_selector(msg)); 266 tipc_link_send(buf, dnode, msg_link_selector(msg));
267} 267}
268 268
269int tipc_net_start(void) 269int tipc_net_start(u32 addr)
270{ 270{
271 char addr_string[16]; 271 char addr_string[16];
272 int res; 272 int res;
@@ -274,6 +274,10 @@ int tipc_net_start(void)
274 if (tipc_mode != TIPC_NODE_MODE) 274 if (tipc_mode != TIPC_NODE_MODE)
275 return -ENOPROTOOPT; 275 return -ENOPROTOOPT;
276 276
277 tipc_subscr_stop();
278 tipc_cfg_stop();
279
280 tipc_own_addr = addr;
277 tipc_mode = TIPC_NET_MODE; 281 tipc_mode = TIPC_NET_MODE;
278 tipc_named_reinit(); 282 tipc_named_reinit();
279 tipc_port_reinit(); 283 tipc_port_reinit();
@@ -284,14 +288,14 @@ int tipc_net_start(void)
284 (res = tipc_bclink_init())) { 288 (res = tipc_bclink_init())) {
285 return res; 289 return res;
286 } 290 }
287 tipc_subscr_stop(); 291
288 tipc_cfg_stop();
289 tipc_k_signal((Handler)tipc_subscr_start, 0); 292 tipc_k_signal((Handler)tipc_subscr_start, 0);
290 tipc_k_signal((Handler)tipc_cfg_init, 0); 293 tipc_k_signal((Handler)tipc_cfg_init, 0);
294
291 info("Started in network mode\n"); 295 info("Started in network mode\n");
292 info("Own node address %s, network identity %u\n", 296 info("Own node address %s, network identity %u\n",
293 addr_string_fill(addr_string, tipc_own_addr), tipc_net_id); 297 addr_string_fill(addr_string, tipc_own_addr), tipc_net_id);
294 return TIPC_OK; 298 return 0;
295} 299}
296 300
297void tipc_net_stop(void) 301void tipc_net_stop(void)
diff --git a/net/tipc/net.h b/net/tipc/net.h
index a6a0e9976ac9..de2b9ad8f646 100644
--- a/net/tipc/net.h
+++ b/net/tipc/net.h
@@ -55,10 +55,10 @@ extern rwlock_t tipc_net_lock;
55void tipc_net_remove_as_router(u32 router); 55void tipc_net_remove_as_router(u32 router);
56void tipc_net_send_external_routes(u32 dest); 56void tipc_net_send_external_routes(u32 dest);
57void tipc_net_route_msg(struct sk_buff *buf); 57void tipc_net_route_msg(struct sk_buff *buf);
58struct node *tipc_net_select_remote_node(u32 addr, u32 ref); 58struct tipc_node *tipc_net_select_remote_node(u32 addr, u32 ref);
59u32 tipc_net_select_router(u32 addr, u32 ref); 59u32 tipc_net_select_router(u32 addr, u32 ref);
60 60
61int tipc_net_start(void); 61int tipc_net_start(u32 addr);
62void tipc_net_stop(void); 62void tipc_net_stop(void);
63 63
64#endif 64#endif
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 6a7f7b4c2595..c387217bb230 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -2,7 +2,7 @@
2 * net/tipc/netlink.c: TIPC configuration handling 2 * net/tipc/netlink.c: TIPC configuration handling
3 * 3 *
4 * Copyright (c) 2005-2006, Ericsson AB 4 * Copyright (c) 2005-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -45,15 +45,17 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
45 struct nlmsghdr *req_nlh = info->nlhdr; 45 struct nlmsghdr *req_nlh = info->nlhdr;
46 struct tipc_genlmsghdr *req_userhdr = info->userhdr; 46 struct tipc_genlmsghdr *req_userhdr = info->userhdr;
47 int hdr_space = NLMSG_SPACE(GENL_HDRLEN + TIPC_GENL_HDRLEN); 47 int hdr_space = NLMSG_SPACE(GENL_HDRLEN + TIPC_GENL_HDRLEN);
48 u16 cmd;
48 49
49 if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN))) 50 if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN)))
50 rep_buf = tipc_cfg_reply_error_string(TIPC_CFG_NOT_NET_ADMIN); 51 cmd = TIPC_CMD_NOT_NET_ADMIN;
51 else 52 else
52 rep_buf = tipc_cfg_do_cmd(req_userhdr->dest, 53 cmd = req_userhdr->cmd;
53 req_userhdr->cmd, 54
54 NLMSG_DATA(req_nlh) + GENL_HDRLEN + TIPC_GENL_HDRLEN, 55 rep_buf = tipc_cfg_do_cmd(req_userhdr->dest, cmd,
55 NLMSG_PAYLOAD(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN), 56 NLMSG_DATA(req_nlh) + GENL_HDRLEN + TIPC_GENL_HDRLEN,
56 hdr_space); 57 NLMSG_PAYLOAD(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN),
58 hdr_space);
57 59
58 if (rep_buf) { 60 if (rep_buf) {
59 skb_push(rep_buf, hdr_space); 61 skb_push(rep_buf, hdr_space);
diff --git a/net/tipc/node.c b/net/tipc/node.c
index 598f4d3a0098..20d98c56e152 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -46,22 +46,46 @@
46#include "bearer.h" 46#include "bearer.h"
47#include "name_distr.h" 47#include "name_distr.h"
48 48
49void node_print(struct print_buf *buf, struct node *n_ptr, char *str); 49void node_print(struct print_buf *buf, struct tipc_node *n_ptr, char *str);
50static void node_lost_contact(struct node *n_ptr); 50static void node_lost_contact(struct tipc_node *n_ptr);
51static void node_established_contact(struct node *n_ptr); 51static void node_established_contact(struct tipc_node *n_ptr);
52 52
53struct node *tipc_nodes = NULL; /* sorted list of nodes within cluster */ 53struct tipc_node *tipc_nodes = NULL; /* sorted list of nodes within cluster */
54
55static DEFINE_SPINLOCK(node_create_lock);
54 56
55u32 tipc_own_tag = 0; 57u32 tipc_own_tag = 0;
56 58
57struct node *tipc_node_create(u32 addr) 59/**
60 * tipc_node_create - create neighboring node
61 *
62 * Currently, this routine is called by neighbor discovery code, which holds
63 * net_lock for reading only. We must take node_create_lock to ensure a node
64 * isn't created twice if two different bearers discover the node at the same
65 * time. (It would be preferable to switch to holding net_lock in write mode,
66 * but this is a non-trivial change.)
67 */
68
69struct tipc_node *tipc_node_create(u32 addr)
58{ 70{
59 struct cluster *c_ptr; 71 struct cluster *c_ptr;
60 struct node *n_ptr; 72 struct tipc_node *n_ptr;
61 struct node **curr_node; 73 struct tipc_node **curr_node;
74
75 spin_lock_bh(&node_create_lock);
76
77 for (n_ptr = tipc_nodes; n_ptr; n_ptr = n_ptr->next) {
78 if (addr < n_ptr->addr)
79 break;
80 if (addr == n_ptr->addr) {
81 spin_unlock_bh(&node_create_lock);
82 return n_ptr;
83 }
84 }
62 85
63 n_ptr = kzalloc(sizeof(*n_ptr),GFP_ATOMIC); 86 n_ptr = kzalloc(sizeof(*n_ptr),GFP_ATOMIC);
64 if (!n_ptr) { 87 if (!n_ptr) {
88 spin_unlock_bh(&node_create_lock);
65 warn("Node creation failed, no memory\n"); 89 warn("Node creation failed, no memory\n");
66 return NULL; 90 return NULL;
67 } 91 }
@@ -71,6 +95,7 @@ struct node *tipc_node_create(u32 addr)
71 c_ptr = tipc_cltr_create(addr); 95 c_ptr = tipc_cltr_create(addr);
72 } 96 }
73 if (!c_ptr) { 97 if (!c_ptr) {
98 spin_unlock_bh(&node_create_lock);
74 kfree(n_ptr); 99 kfree(n_ptr);
75 return NULL; 100 return NULL;
76 } 101 }
@@ -91,10 +116,11 @@ struct node *tipc_node_create(u32 addr)
91 } 116 }
92 } 117 }
93 (*curr_node) = n_ptr; 118 (*curr_node) = n_ptr;
119 spin_unlock_bh(&node_create_lock);
94 return n_ptr; 120 return n_ptr;
95} 121}
96 122
97void tipc_node_delete(struct node *n_ptr) 123void tipc_node_delete(struct tipc_node *n_ptr)
98{ 124{
99 if (!n_ptr) 125 if (!n_ptr)
100 return; 126 return;
@@ -120,7 +146,7 @@ void tipc_node_delete(struct node *n_ptr)
120 * Link becomes active (alone or shared) or standby, depending on its priority. 146 * Link becomes active (alone or shared) or standby, depending on its priority.
121 */ 147 */
122 148
123void tipc_node_link_up(struct node *n_ptr, struct link *l_ptr) 149void tipc_node_link_up(struct tipc_node *n_ptr, struct link *l_ptr)
124{ 150{
125 struct link **active = &n_ptr->active_links[0]; 151 struct link **active = &n_ptr->active_links[0];
126 152
@@ -154,7 +180,7 @@ void tipc_node_link_up(struct node *n_ptr, struct link *l_ptr)
154 * node_select_active_links - select active link 180 * node_select_active_links - select active link
155 */ 181 */
156 182
157static void node_select_active_links(struct node *n_ptr) 183static void node_select_active_links(struct tipc_node *n_ptr)
158{ 184{
159 struct link **active = &n_ptr->active_links[0]; 185 struct link **active = &n_ptr->active_links[0];
160 u32 i; 186 u32 i;
@@ -182,7 +208,7 @@ static void node_select_active_links(struct node *n_ptr)
182 * tipc_node_link_down - handle loss of link 208 * tipc_node_link_down - handle loss of link
183 */ 209 */
184 210
185void tipc_node_link_down(struct node *n_ptr, struct link *l_ptr) 211void tipc_node_link_down(struct tipc_node *n_ptr, struct link *l_ptr)
186{ 212{
187 struct link **active; 213 struct link **active;
188 214
@@ -209,30 +235,30 @@ void tipc_node_link_down(struct node *n_ptr, struct link *l_ptr)
209 node_lost_contact(n_ptr); 235 node_lost_contact(n_ptr);
210} 236}
211 237
212int tipc_node_has_active_links(struct node *n_ptr) 238int tipc_node_has_active_links(struct tipc_node *n_ptr)
213{ 239{
214 return (n_ptr && 240 return (n_ptr &&
215 ((n_ptr->active_links[0]) || (n_ptr->active_links[1]))); 241 ((n_ptr->active_links[0]) || (n_ptr->active_links[1])));
216} 242}
217 243
218int tipc_node_has_redundant_links(struct node *n_ptr) 244int tipc_node_has_redundant_links(struct tipc_node *n_ptr)
219{ 245{
220 return (n_ptr->working_links > 1); 246 return (n_ptr->working_links > 1);
221} 247}
222 248
223static int tipc_node_has_active_routes(struct node *n_ptr) 249static int tipc_node_has_active_routes(struct tipc_node *n_ptr)
224{ 250{
225 return (n_ptr && (n_ptr->last_router >= 0)); 251 return (n_ptr && (n_ptr->last_router >= 0));
226} 252}
227 253
228int tipc_node_is_up(struct node *n_ptr) 254int tipc_node_is_up(struct tipc_node *n_ptr)
229{ 255{
230 return (tipc_node_has_active_links(n_ptr) || tipc_node_has_active_routes(n_ptr)); 256 return (tipc_node_has_active_links(n_ptr) || tipc_node_has_active_routes(n_ptr));
231} 257}
232 258
233struct node *tipc_node_attach_link(struct link *l_ptr) 259struct tipc_node *tipc_node_attach_link(struct link *l_ptr)
234{ 260{
235 struct node *n_ptr = tipc_node_find(l_ptr->addr); 261 struct tipc_node *n_ptr = tipc_node_find(l_ptr->addr);
236 262
237 if (!n_ptr) 263 if (!n_ptr)
238 n_ptr = tipc_node_create(l_ptr->addr); 264 n_ptr = tipc_node_create(l_ptr->addr);
@@ -259,7 +285,7 @@ struct node *tipc_node_attach_link(struct link *l_ptr)
259 return NULL; 285 return NULL;
260} 286}
261 287
262void tipc_node_detach_link(struct node *n_ptr, struct link *l_ptr) 288void tipc_node_detach_link(struct tipc_node *n_ptr, struct link *l_ptr)
263{ 289{
264 n_ptr->links[l_ptr->b_ptr->identity] = NULL; 290 n_ptr->links[l_ptr->b_ptr->identity] = NULL;
265 tipc_net.zones[tipc_zone(l_ptr->addr)]->links--; 291 tipc_net.zones[tipc_zone(l_ptr->addr)]->links--;
@@ -312,7 +338,7 @@ void tipc_node_detach_link(struct node *n_ptr, struct link *l_ptr)
312 * 338 *
313 */ 339 */
314 340
315static void node_established_contact(struct node *n_ptr) 341static void node_established_contact(struct tipc_node *n_ptr)
316{ 342{
317 struct cluster *c_ptr; 343 struct cluster *c_ptr;
318 344
@@ -358,10 +384,10 @@ static void node_established_contact(struct node *n_ptr)
358 tipc_highest_allowed_slave); 384 tipc_highest_allowed_slave);
359} 385}
360 386
361static void node_lost_contact(struct node *n_ptr) 387static void node_lost_contact(struct tipc_node *n_ptr)
362{ 388{
363 struct cluster *c_ptr; 389 struct cluster *c_ptr;
364 struct node_subscr *ns, *tns; 390 struct tipc_node_subscr *ns, *tns;
365 char addr_string[16]; 391 char addr_string[16];
366 u32 i; 392 u32 i;
367 393
@@ -440,9 +466,9 @@ static void node_lost_contact(struct node *n_ptr)
440 * Called by when cluster local lookup has failed. 466 * Called by when cluster local lookup has failed.
441 */ 467 */
442 468
443struct node *tipc_node_select_next_hop(u32 addr, u32 selector) 469struct tipc_node *tipc_node_select_next_hop(u32 addr, u32 selector)
444{ 470{
445 struct node *n_ptr; 471 struct tipc_node *n_ptr;
446 u32 router_addr; 472 u32 router_addr;
447 473
448 if (!tipc_addr_domain_valid(addr)) 474 if (!tipc_addr_domain_valid(addr))
@@ -487,7 +513,7 @@ struct node *tipc_node_select_next_hop(u32 addr, u32 selector)
487 * Uses a deterministic and fair algorithm for selecting router node. 513 * Uses a deterministic and fair algorithm for selecting router node.
488 */ 514 */
489 515
490u32 tipc_node_select_router(struct node *n_ptr, u32 ref) 516u32 tipc_node_select_router(struct tipc_node *n_ptr, u32 ref)
491{ 517{
492 u32 ulim; 518 u32 ulim;
493 u32 mask; 519 u32 mask;
@@ -525,7 +551,7 @@ u32 tipc_node_select_router(struct node *n_ptr, u32 ref)
525 return tipc_addr(own_zone(), own_cluster(), r); 551 return tipc_addr(own_zone(), own_cluster(), r);
526} 552}
527 553
528void tipc_node_add_router(struct node *n_ptr, u32 router) 554void tipc_node_add_router(struct tipc_node *n_ptr, u32 router)
529{ 555{
530 u32 r_num = tipc_node(router); 556 u32 r_num = tipc_node(router);
531 557
@@ -536,7 +562,7 @@ void tipc_node_add_router(struct node *n_ptr, u32 router)
536 !n_ptr->routers[n_ptr->last_router]); 562 !n_ptr->routers[n_ptr->last_router]);
537} 563}
538 564
539void tipc_node_remove_router(struct node *n_ptr, u32 router) 565void tipc_node_remove_router(struct tipc_node *n_ptr, u32 router)
540{ 566{
541 u32 r_num = tipc_node(router); 567 u32 r_num = tipc_node(router);
542 568
@@ -554,7 +580,7 @@ void tipc_node_remove_router(struct node *n_ptr, u32 router)
554} 580}
555 581
556#if 0 582#if 0
557void node_print(struct print_buf *buf, struct node *n_ptr, char *str) 583void node_print(struct print_buf *buf, struct tipc_node *n_ptr, char *str)
558{ 584{
559 u32 i; 585 u32 i;
560 586
@@ -571,15 +597,17 @@ void node_print(struct print_buf *buf, struct node *n_ptr, char *str)
571 597
572u32 tipc_available_nodes(const u32 domain) 598u32 tipc_available_nodes(const u32 domain)
573{ 599{
574 struct node *n_ptr; 600 struct tipc_node *n_ptr;
575 u32 cnt = 0; 601 u32 cnt = 0;
576 602
603 read_lock_bh(&tipc_net_lock);
577 for (n_ptr = tipc_nodes; n_ptr; n_ptr = n_ptr->next) { 604 for (n_ptr = tipc_nodes; n_ptr; n_ptr = n_ptr->next) {
578 if (!in_scope(domain, n_ptr->addr)) 605 if (!in_scope(domain, n_ptr->addr))
579 continue; 606 continue;
580 if (tipc_node_is_up(n_ptr)) 607 if (tipc_node_is_up(n_ptr))
581 cnt++; 608 cnt++;
582 } 609 }
610 read_unlock_bh(&tipc_net_lock);
583 return cnt; 611 return cnt;
584} 612}
585 613
@@ -587,7 +615,7 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space)
587{ 615{
588 u32 domain; 616 u32 domain;
589 struct sk_buff *buf; 617 struct sk_buff *buf;
590 struct node *n_ptr; 618 struct tipc_node *n_ptr;
591 struct tipc_node_info node_info; 619 struct tipc_node_info node_info;
592 u32 payload_size; 620 u32 payload_size;
593 621
@@ -599,19 +627,26 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space)
599 return tipc_cfg_reply_error_string(TIPC_CFG_INVALID_VALUE 627 return tipc_cfg_reply_error_string(TIPC_CFG_INVALID_VALUE
600 " (network address)"); 628 " (network address)");
601 629
602 if (!tipc_nodes) 630 read_lock_bh(&tipc_net_lock);
631 if (!tipc_nodes) {
632 read_unlock_bh(&tipc_net_lock);
603 return tipc_cfg_reply_none(); 633 return tipc_cfg_reply_none();
634 }
604 635
605 /* For now, get space for all other nodes 636 /* For now, get space for all other nodes
606 (will need to modify this when slave nodes are supported */ 637 (will need to modify this when slave nodes are supported */
607 638
608 payload_size = TLV_SPACE(sizeof(node_info)) * (tipc_max_nodes - 1); 639 payload_size = TLV_SPACE(sizeof(node_info)) * (tipc_max_nodes - 1);
609 if (payload_size > 32768u) 640 if (payload_size > 32768u) {
641 read_unlock_bh(&tipc_net_lock);
610 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED 642 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
611 " (too many nodes)"); 643 " (too many nodes)");
644 }
612 buf = tipc_cfg_reply_alloc(payload_size); 645 buf = tipc_cfg_reply_alloc(payload_size);
613 if (!buf) 646 if (!buf) {
647 read_unlock_bh(&tipc_net_lock);
614 return NULL; 648 return NULL;
649 }
615 650
616 /* Add TLVs for all nodes in scope */ 651 /* Add TLVs for all nodes in scope */
617 652
@@ -624,6 +659,7 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space)
624 &node_info, sizeof(node_info)); 659 &node_info, sizeof(node_info));
625 } 660 }
626 661
662 read_unlock_bh(&tipc_net_lock);
627 return buf; 663 return buf;
628} 664}
629 665
@@ -631,7 +667,7 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space)
631{ 667{
632 u32 domain; 668 u32 domain;
633 struct sk_buff *buf; 669 struct sk_buff *buf;
634 struct node *n_ptr; 670 struct tipc_node *n_ptr;
635 struct tipc_link_info link_info; 671 struct tipc_link_info link_info;
636 u32 payload_size; 672 u32 payload_size;
637 673
@@ -646,16 +682,22 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space)
646 if (tipc_mode != TIPC_NET_MODE) 682 if (tipc_mode != TIPC_NET_MODE)
647 return tipc_cfg_reply_none(); 683 return tipc_cfg_reply_none();
648 684
685 read_lock_bh(&tipc_net_lock);
686
649 /* Get space for all unicast links + multicast link */ 687 /* Get space for all unicast links + multicast link */
650 688
651 payload_size = TLV_SPACE(sizeof(link_info)) * 689 payload_size = TLV_SPACE(sizeof(link_info)) *
652 (tipc_net.zones[tipc_zone(tipc_own_addr)]->links + 1); 690 (tipc_net.zones[tipc_zone(tipc_own_addr)]->links + 1);
653 if (payload_size > 32768u) 691 if (payload_size > 32768u) {
692 read_unlock_bh(&tipc_net_lock);
654 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED 693 return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED
655 " (too many links)"); 694 " (too many links)");
695 }
656 buf = tipc_cfg_reply_alloc(payload_size); 696 buf = tipc_cfg_reply_alloc(payload_size);
657 if (!buf) 697 if (!buf) {
698 read_unlock_bh(&tipc_net_lock);
658 return NULL; 699 return NULL;
700 }
659 701
660 /* Add TLV for broadcast link */ 702 /* Add TLV for broadcast link */
661 703
@@ -671,6 +713,7 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space)
671 713
672 if (!in_scope(domain, n_ptr->addr)) 714 if (!in_scope(domain, n_ptr->addr))
673 continue; 715 continue;
716 tipc_node_lock(n_ptr);
674 for (i = 0; i < MAX_BEARERS; i++) { 717 for (i = 0; i < MAX_BEARERS; i++) {
675 if (!n_ptr->links[i]) 718 if (!n_ptr->links[i])
676 continue; 719 continue;
@@ -680,7 +723,9 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space)
680 tipc_cfg_append_tlv(buf, TIPC_TLV_LINK_INFO, 723 tipc_cfg_append_tlv(buf, TIPC_TLV_LINK_INFO,
681 &link_info, sizeof(link_info)); 724 &link_info, sizeof(link_info));
682 } 725 }
726 tipc_node_unlock(n_ptr);
683 } 727 }
684 728
729 read_unlock_bh(&tipc_net_lock);
685 return buf; 730 return buf;
686} 731}
diff --git a/net/tipc/node.h b/net/tipc/node.h
index cd1882654bbb..6f990da5d143 100644
--- a/net/tipc/node.h
+++ b/net/tipc/node.h
@@ -43,7 +43,7 @@
43#include "bearer.h" 43#include "bearer.h"
44 44
45/** 45/**
46 * struct node - TIPC node structure 46 * struct tipc_node - TIPC node structure
47 * @addr: network address of node 47 * @addr: network address of node
48 * @lock: spinlock governing access to structure 48 * @lock: spinlock governing access to structure
49 * @owner: pointer to cluster that node belongs to 49 * @owner: pointer to cluster that node belongs to
@@ -68,11 +68,11 @@
68 * @defragm: list of partially reassembled b'cast message fragments from node 68 * @defragm: list of partially reassembled b'cast message fragments from node
69 */ 69 */
70 70
71struct node { 71struct tipc_node {
72 u32 addr; 72 u32 addr;
73 spinlock_t lock; 73 spinlock_t lock;
74 struct cluster *owner; 74 struct cluster *owner;
75 struct node *next; 75 struct tipc_node *next;
76 struct list_head nsub; 76 struct list_head nsub;
77 struct link *active_links[2]; 77 struct link *active_links[2];
78 struct link *links[MAX_BEARERS]; 78 struct link *links[MAX_BEARERS];
@@ -94,26 +94,26 @@ struct node {
94 } bclink; 94 } bclink;
95}; 95};
96 96
97extern struct node *tipc_nodes; 97extern struct tipc_node *tipc_nodes;
98extern u32 tipc_own_tag; 98extern u32 tipc_own_tag;
99 99
100struct node *tipc_node_create(u32 addr); 100struct tipc_node *tipc_node_create(u32 addr);
101void tipc_node_delete(struct node *n_ptr); 101void tipc_node_delete(struct tipc_node *n_ptr);
102struct node *tipc_node_attach_link(struct link *l_ptr); 102struct tipc_node *tipc_node_attach_link(struct link *l_ptr);
103void tipc_node_detach_link(struct node *n_ptr, struct link *l_ptr); 103void tipc_node_detach_link(struct tipc_node *n_ptr, struct link *l_ptr);
104void tipc_node_link_down(struct node *n_ptr, struct link *l_ptr); 104void tipc_node_link_down(struct tipc_node *n_ptr, struct link *l_ptr);
105void tipc_node_link_up(struct node *n_ptr, struct link *l_ptr); 105void tipc_node_link_up(struct tipc_node *n_ptr, struct link *l_ptr);
106int tipc_node_has_active_links(struct node *n_ptr); 106int tipc_node_has_active_links(struct tipc_node *n_ptr);
107int tipc_node_has_redundant_links(struct node *n_ptr); 107int tipc_node_has_redundant_links(struct tipc_node *n_ptr);
108u32 tipc_node_select_router(struct node *n_ptr, u32 ref); 108u32 tipc_node_select_router(struct tipc_node *n_ptr, u32 ref);
109struct node *tipc_node_select_next_hop(u32 addr, u32 selector); 109struct tipc_node *tipc_node_select_next_hop(u32 addr, u32 selector);
110int tipc_node_is_up(struct node *n_ptr); 110int tipc_node_is_up(struct tipc_node *n_ptr);
111void tipc_node_add_router(struct node *n_ptr, u32 router); 111void tipc_node_add_router(struct tipc_node *n_ptr, u32 router);
112void tipc_node_remove_router(struct node *n_ptr, u32 router); 112void tipc_node_remove_router(struct tipc_node *n_ptr, u32 router);
113struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space); 113struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space);
114struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space); 114struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space);
115 115
116static inline struct node *tipc_node_find(u32 addr) 116static inline struct tipc_node *tipc_node_find(u32 addr)
117{ 117{
118 if (likely(in_own_cluster(addr))) 118 if (likely(in_own_cluster(addr)))
119 return tipc_local_nodes[tipc_node(addr)]; 119 return tipc_local_nodes[tipc_node(addr)];
@@ -126,19 +126,19 @@ static inline struct node *tipc_node_find(u32 addr)
126 return NULL; 126 return NULL;
127} 127}
128 128
129static inline struct node *tipc_node_select(u32 addr, u32 selector) 129static inline struct tipc_node *tipc_node_select(u32 addr, u32 selector)
130{ 130{
131 if (likely(in_own_cluster(addr))) 131 if (likely(in_own_cluster(addr)))
132 return tipc_local_nodes[tipc_node(addr)]; 132 return tipc_local_nodes[tipc_node(addr)];
133 return tipc_node_select_next_hop(addr, selector); 133 return tipc_node_select_next_hop(addr, selector);
134} 134}
135 135
136static inline void tipc_node_lock(struct node *n_ptr) 136static inline void tipc_node_lock(struct tipc_node *n_ptr)
137{ 137{
138 spin_lock_bh(&n_ptr->lock); 138 spin_lock_bh(&n_ptr->lock);
139} 139}
140 140
141static inline void tipc_node_unlock(struct node *n_ptr) 141static inline void tipc_node_unlock(struct tipc_node *n_ptr)
142{ 142{
143 spin_unlock_bh(&n_ptr->lock); 143 spin_unlock_bh(&n_ptr->lock);
144} 144}
diff --git a/net/tipc/node_subscr.c b/net/tipc/node_subscr.c
index 8ecbd0fb6103..19194d476a9e 100644
--- a/net/tipc/node_subscr.c
+++ b/net/tipc/node_subscr.c
@@ -44,7 +44,7 @@
44 * tipc_nodesub_subscribe - create "node down" subscription for specified node 44 * tipc_nodesub_subscribe - create "node down" subscription for specified node
45 */ 45 */
46 46
47void tipc_nodesub_subscribe(struct node_subscr *node_sub, u32 addr, 47void tipc_nodesub_subscribe(struct tipc_node_subscr *node_sub, u32 addr,
48 void *usr_handle, net_ev_handler handle_down) 48 void *usr_handle, net_ev_handler handle_down)
49{ 49{
50 if (addr == tipc_own_addr) { 50 if (addr == tipc_own_addr) {
@@ -69,7 +69,7 @@ void tipc_nodesub_subscribe(struct node_subscr *node_sub, u32 addr,
69 * tipc_nodesub_unsubscribe - cancel "node down" subscription (if any) 69 * tipc_nodesub_unsubscribe - cancel "node down" subscription (if any)
70 */ 70 */
71 71
72void tipc_nodesub_unsubscribe(struct node_subscr *node_sub) 72void tipc_nodesub_unsubscribe(struct tipc_node_subscr *node_sub)
73{ 73{
74 if (!node_sub->node) 74 if (!node_sub->node)
75 return; 75 return;
diff --git a/net/tipc/node_subscr.h b/net/tipc/node_subscr.h
index 5f3f5859b84c..006ed739f515 100644
--- a/net/tipc/node_subscr.h
+++ b/net/tipc/node_subscr.h
@@ -42,22 +42,22 @@
42typedef void (*net_ev_handler) (void *usr_handle); 42typedef void (*net_ev_handler) (void *usr_handle);
43 43
44/** 44/**
45 * struct node_subscr - "node down" subscription entry 45 * struct tipc_node_subscr - "node down" subscription entry
46 * @node: ptr to node structure of interest (or NULL, if none) 46 * @node: ptr to node structure of interest (or NULL, if none)
47 * @handle_node_down: routine to invoke when node fails 47 * @handle_node_down: routine to invoke when node fails
48 * @usr_handle: argument to pass to routine when node fails 48 * @usr_handle: argument to pass to routine when node fails
49 * @nodesub_list: adjacent entries in list of subscriptions for the node 49 * @nodesub_list: adjacent entries in list of subscriptions for the node
50 */ 50 */
51 51
52struct node_subscr { 52struct tipc_node_subscr {
53 struct node *node; 53 struct tipc_node *node;
54 net_ev_handler handle_node_down; 54 net_ev_handler handle_node_down;
55 void *usr_handle; 55 void *usr_handle;
56 struct list_head nodesub_list; 56 struct list_head nodesub_list;
57}; 57};
58 58
59void tipc_nodesub_subscribe(struct node_subscr *node_sub, u32 addr, 59void tipc_nodesub_subscribe(struct tipc_node_subscr *node_sub, u32 addr,
60 void *usr_handle, net_ev_handler handle_down); 60 void *usr_handle, net_ev_handler handle_down);
61void tipc_nodesub_unsubscribe(struct node_subscr *node_sub); 61void tipc_nodesub_unsubscribe(struct tipc_node_subscr *node_sub);
62 62
63#endif 63#endif
diff --git a/net/tipc/port.c b/net/tipc/port.c
index 2f5806410c64..e70d27ea6578 100644
--- a/net/tipc/port.c
+++ b/net/tipc/port.c
@@ -2,7 +2,7 @@
2 * net/tipc/port.c: TIPC port code 2 * net/tipc/port.c: TIPC port code
3 * 3 *
4 * Copyright (c) 1992-2007, Ericsson AB 4 * Copyright (c) 1992-2007, Ericsson AB
5 * Copyright (c) 2004-2007, Wind River Systems 5 * Copyright (c) 2004-2008, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -211,12 +211,12 @@ exit:
211} 211}
212 212
213/** 213/**
214 * tipc_createport_raw - create a native TIPC port 214 * tipc_createport_raw - create a generic TIPC port
215 * 215 *
216 * Returns local port reference 216 * Returns pointer to (locked) TIPC port, or NULL if unable to create it
217 */ 217 */
218 218
219u32 tipc_createport_raw(void *usr_handle, 219struct tipc_port *tipc_createport_raw(void *usr_handle,
220 u32 (*dispatcher)(struct tipc_port *, struct sk_buff *), 220 u32 (*dispatcher)(struct tipc_port *, struct sk_buff *),
221 void (*wakeup)(struct tipc_port *), 221 void (*wakeup)(struct tipc_port *),
222 const u32 importance) 222 const u32 importance)
@@ -228,26 +228,21 @@ u32 tipc_createport_raw(void *usr_handle,
228 p_ptr = kzalloc(sizeof(*p_ptr), GFP_ATOMIC); 228 p_ptr = kzalloc(sizeof(*p_ptr), GFP_ATOMIC);
229 if (!p_ptr) { 229 if (!p_ptr) {
230 warn("Port creation failed, no memory\n"); 230 warn("Port creation failed, no memory\n");
231 return 0; 231 return NULL;
232 } 232 }
233 ref = tipc_ref_acquire(p_ptr, &p_ptr->publ.lock); 233 ref = tipc_ref_acquire(p_ptr, &p_ptr->publ.lock);
234 if (!ref) { 234 if (!ref) {
235 warn("Port creation failed, reference table exhausted\n"); 235 warn("Port creation failed, reference table exhausted\n");
236 kfree(p_ptr); 236 kfree(p_ptr);
237 return 0; 237 return NULL;
238 } 238 }
239 239
240 tipc_port_lock(ref);
241 p_ptr->publ.usr_handle = usr_handle; 240 p_ptr->publ.usr_handle = usr_handle;
242 p_ptr->publ.max_pkt = MAX_PKT_DEFAULT; 241 p_ptr->publ.max_pkt = MAX_PKT_DEFAULT;
243 p_ptr->publ.ref = ref; 242 p_ptr->publ.ref = ref;
244 msg = &p_ptr->publ.phdr; 243 msg = &p_ptr->publ.phdr;
245 msg_init(msg, TIPC_LOW_IMPORTANCE, TIPC_NAMED_MSG, TIPC_OK, LONG_H_SIZE, 244 msg_init(msg, importance, TIPC_NAMED_MSG, LONG_H_SIZE, 0);
246 0);
247 msg_set_orignode(msg, tipc_own_addr);
248 msg_set_prevnode(msg, tipc_own_addr);
249 msg_set_origport(msg, ref); 245 msg_set_origport(msg, ref);
250 msg_set_importance(msg,importance);
251 p_ptr->last_in_seqno = 41; 246 p_ptr->last_in_seqno = 41;
252 p_ptr->sent = 1; 247 p_ptr->sent = 1;
253 INIT_LIST_HEAD(&p_ptr->wait_list); 248 INIT_LIST_HEAD(&p_ptr->wait_list);
@@ -262,8 +257,7 @@ u32 tipc_createport_raw(void *usr_handle,
262 INIT_LIST_HEAD(&p_ptr->port_list); 257 INIT_LIST_HEAD(&p_ptr->port_list);
263 list_add_tail(&p_ptr->port_list, &ports); 258 list_add_tail(&p_ptr->port_list, &ports);
264 spin_unlock_bh(&tipc_port_list_lock); 259 spin_unlock_bh(&tipc_port_list_lock);
265 tipc_port_unlock(p_ptr); 260 return &(p_ptr->publ);
266 return ref;
267} 261}
268 262
269int tipc_deleteport(u32 ref) 263int tipc_deleteport(u32 ref)
@@ -297,7 +291,7 @@ int tipc_deleteport(u32 ref)
297 kfree(p_ptr); 291 kfree(p_ptr);
298 dbg("Deleted port %u\n", ref); 292 dbg("Deleted port %u\n", ref);
299 tipc_net_route_msg(buf); 293 tipc_net_route_msg(buf);
300 return TIPC_OK; 294 return 0;
301} 295}
302 296
303/** 297/**
@@ -342,7 +336,7 @@ int tipc_portunreliable(u32 ref, unsigned int *isunreliable)
342 return -EINVAL; 336 return -EINVAL;
343 *isunreliable = port_unreliable(p_ptr); 337 *isunreliable = port_unreliable(p_ptr);
344 tipc_port_unlock(p_ptr); 338 tipc_port_unlock(p_ptr);
345 return TIPC_OK; 339 return 0;
346} 340}
347 341
348int tipc_set_portunreliable(u32 ref, unsigned int isunreliable) 342int tipc_set_portunreliable(u32 ref, unsigned int isunreliable)
@@ -354,7 +348,7 @@ int tipc_set_portunreliable(u32 ref, unsigned int isunreliable)
354 return -EINVAL; 348 return -EINVAL;
355 msg_set_src_droppable(&p_ptr->publ.phdr, (isunreliable != 0)); 349 msg_set_src_droppable(&p_ptr->publ.phdr, (isunreliable != 0));
356 tipc_port_unlock(p_ptr); 350 tipc_port_unlock(p_ptr);
357 return TIPC_OK; 351 return 0;
358} 352}
359 353
360static int port_unreturnable(struct port *p_ptr) 354static int port_unreturnable(struct port *p_ptr)
@@ -371,7 +365,7 @@ int tipc_portunreturnable(u32 ref, unsigned int *isunrejectable)
371 return -EINVAL; 365 return -EINVAL;
372 *isunrejectable = port_unreturnable(p_ptr); 366 *isunrejectable = port_unreturnable(p_ptr);
373 tipc_port_unlock(p_ptr); 367 tipc_port_unlock(p_ptr);
374 return TIPC_OK; 368 return 0;
375} 369}
376 370
377int tipc_set_portunreturnable(u32 ref, unsigned int isunrejectable) 371int tipc_set_portunreturnable(u32 ref, unsigned int isunrejectable)
@@ -383,7 +377,7 @@ int tipc_set_portunreturnable(u32 ref, unsigned int isunrejectable)
383 return -EINVAL; 377 return -EINVAL;
384 msg_set_dest_droppable(&p_ptr->publ.phdr, (isunrejectable != 0)); 378 msg_set_dest_droppable(&p_ptr->publ.phdr, (isunrejectable != 0));
385 tipc_port_unlock(p_ptr); 379 tipc_port_unlock(p_ptr);
386 return TIPC_OK; 380 return 0;
387} 381}
388 382
389/* 383/*
@@ -402,10 +396,10 @@ static struct sk_buff *port_build_proto_msg(u32 destport, u32 destnode,
402 buf = buf_acquire(LONG_H_SIZE); 396 buf = buf_acquire(LONG_H_SIZE);
403 if (buf) { 397 if (buf) {
404 msg = buf_msg(buf); 398 msg = buf_msg(buf);
405 msg_init(msg, usr, type, err, LONG_H_SIZE, destnode); 399 msg_init(msg, usr, type, LONG_H_SIZE, destnode);
400 msg_set_errcode(msg, err);
406 msg_set_destport(msg, destport); 401 msg_set_destport(msg, destport);
407 msg_set_origport(msg, origport); 402 msg_set_origport(msg, origport);
408 msg_set_destnode(msg, destnode);
409 msg_set_orignode(msg, orignode); 403 msg_set_orignode(msg, orignode);
410 msg_set_transp_seqno(msg, seqno); 404 msg_set_transp_seqno(msg, seqno);
411 msg_set_msgcnt(msg, ack); 405 msg_set_msgcnt(msg, ack);
@@ -446,17 +440,19 @@ int tipc_reject_msg(struct sk_buff *buf, u32 err)
446 return data_sz; 440 return data_sz;
447 } 441 }
448 rmsg = buf_msg(rbuf); 442 rmsg = buf_msg(rbuf);
449 msg_init(rmsg, imp, msg_type(msg), err, hdr_sz, msg_orignode(msg)); 443 msg_init(rmsg, imp, msg_type(msg), hdr_sz, msg_orignode(msg));
444 msg_set_errcode(rmsg, err);
450 msg_set_destport(rmsg, msg_origport(msg)); 445 msg_set_destport(rmsg, msg_origport(msg));
451 msg_set_prevnode(rmsg, tipc_own_addr);
452 msg_set_origport(rmsg, msg_destport(msg)); 446 msg_set_origport(rmsg, msg_destport(msg));
453 if (msg_short(msg)) 447 if (msg_short(msg)) {
454 msg_set_orignode(rmsg, tipc_own_addr); 448 msg_set_orignode(rmsg, tipc_own_addr);
455 else 449 /* leave name type & instance as zeroes */
450 } else {
456 msg_set_orignode(rmsg, msg_destnode(msg)); 451 msg_set_orignode(rmsg, msg_destnode(msg));
452 msg_set_nametype(rmsg, msg_nametype(msg));
453 msg_set_nameinst(rmsg, msg_nameinst(msg));
454 }
457 msg_set_size(rmsg, data_sz + hdr_sz); 455 msg_set_size(rmsg, data_sz + hdr_sz);
458 msg_set_nametype(rmsg, msg_nametype(msg));
459 msg_set_nameinst(rmsg, msg_nameinst(msg));
460 skb_copy_to_linear_data_offset(rbuf, hdr_sz, msg_data(msg), data_sz); 456 skb_copy_to_linear_data_offset(rbuf, hdr_sz, msg_data(msg), data_sz);
461 457
462 /* send self-abort message when rejecting on a connected port */ 458 /* send self-abort message when rejecting on a connected port */
@@ -778,6 +774,7 @@ void tipc_port_reinit(void)
778 msg = &p_ptr->publ.phdr; 774 msg = &p_ptr->publ.phdr;
779 if (msg_orignode(msg) == tipc_own_addr) 775 if (msg_orignode(msg) == tipc_own_addr)
780 break; 776 break;
777 msg_set_prevnode(msg, tipc_own_addr);
781 msg_set_orignode(msg, tipc_own_addr); 778 msg_set_orignode(msg, tipc_own_addr);
782 } 779 }
783 spin_unlock_bh(&tipc_port_list_lock); 780 spin_unlock_bh(&tipc_port_list_lock);
@@ -838,16 +835,13 @@ static void port_dispatcher_sigh(void *dummy)
838 u32 peer_node = port_peernode(p_ptr); 835 u32 peer_node = port_peernode(p_ptr);
839 836
840 tipc_port_unlock(p_ptr); 837 tipc_port_unlock(p_ptr);
838 if (unlikely(!cb))
839 goto reject;
841 if (unlikely(!connected)) { 840 if (unlikely(!connected)) {
842 if (unlikely(published)) 841 if (tipc_connect2port(dref, &orig))
843 goto reject; 842 goto reject;
844 tipc_connect2port(dref,&orig); 843 } else if ((msg_origport(msg) != peer_port) ||
845 } 844 (msg_orignode(msg) != peer_node))
846 if (unlikely(msg_origport(msg) != peer_port))
847 goto reject;
848 if (unlikely(msg_orignode(msg) != peer_node))
849 goto reject;
850 if (unlikely(!cb))
851 goto reject; 845 goto reject;
852 if (unlikely(++p_ptr->publ.conn_unacked >= 846 if (unlikely(++p_ptr->publ.conn_unacked >=
853 TIPC_FLOW_CONTROL_WIN)) 847 TIPC_FLOW_CONTROL_WIN))
@@ -862,9 +856,7 @@ static void port_dispatcher_sigh(void *dummy)
862 tipc_msg_event cb = up_ptr->msg_cb; 856 tipc_msg_event cb = up_ptr->msg_cb;
863 857
864 tipc_port_unlock(p_ptr); 858 tipc_port_unlock(p_ptr);
865 if (unlikely(connected)) 859 if (unlikely(!cb || connected))
866 goto reject;
867 if (unlikely(!cb))
868 goto reject; 860 goto reject;
869 skb_pull(buf, msg_hdr_sz(msg)); 861 skb_pull(buf, msg_hdr_sz(msg));
870 cb(usr_handle, dref, &buf, msg_data(msg), 862 cb(usr_handle, dref, &buf, msg_data(msg),
@@ -877,11 +869,7 @@ static void port_dispatcher_sigh(void *dummy)
877 tipc_named_msg_event cb = up_ptr->named_msg_cb; 869 tipc_named_msg_event cb = up_ptr->named_msg_cb;
878 870
879 tipc_port_unlock(p_ptr); 871 tipc_port_unlock(p_ptr);
880 if (unlikely(connected)) 872 if (unlikely(!cb || connected || !published))
881 goto reject;
882 if (unlikely(!cb))
883 goto reject;
884 if (unlikely(!published))
885 goto reject; 873 goto reject;
886 dseq.type = msg_nametype(msg); 874 dseq.type = msg_nametype(msg);
887 dseq.lower = msg_nameinst(msg); 875 dseq.lower = msg_nameinst(msg);
@@ -908,11 +896,10 @@ err:
908 u32 peer_node = port_peernode(p_ptr); 896 u32 peer_node = port_peernode(p_ptr);
909 897
910 tipc_port_unlock(p_ptr); 898 tipc_port_unlock(p_ptr);
911 if (!connected || !cb) 899 if (!cb || !connected)
912 break;
913 if (msg_origport(msg) != peer_port)
914 break; 900 break;
915 if (msg_orignode(msg) != peer_node) 901 if ((msg_origport(msg) != peer_port) ||
902 (msg_orignode(msg) != peer_node))
916 break; 903 break;
917 tipc_disconnect(dref); 904 tipc_disconnect(dref);
918 skb_pull(buf, msg_hdr_sz(msg)); 905 skb_pull(buf, msg_hdr_sz(msg));
@@ -924,7 +911,7 @@ err:
924 tipc_msg_err_event cb = up_ptr->err_cb; 911 tipc_msg_err_event cb = up_ptr->err_cb;
925 912
926 tipc_port_unlock(p_ptr); 913 tipc_port_unlock(p_ptr);
927 if (connected || !cb) 914 if (!cb || connected)
928 break; 915 break;
929 skb_pull(buf, msg_hdr_sz(msg)); 916 skb_pull(buf, msg_hdr_sz(msg));
930 cb(usr_handle, dref, &buf, msg_data(msg), 917 cb(usr_handle, dref, &buf, msg_data(msg),
@@ -937,7 +924,7 @@ err:
937 up_ptr->named_err_cb; 924 up_ptr->named_err_cb;
938 925
939 tipc_port_unlock(p_ptr); 926 tipc_port_unlock(p_ptr);
940 if (connected || !cb) 927 if (!cb || connected)
941 break; 928 break;
942 dseq.type = msg_nametype(msg); 929 dseq.type = msg_nametype(msg);
943 dseq.lower = msg_nameinst(msg); 930 dseq.lower = msg_nameinst(msg);
@@ -976,7 +963,7 @@ static u32 port_dispatcher(struct tipc_port *dummy, struct sk_buff *buf)
976 tipc_k_signal((Handler)port_dispatcher_sigh, 0); 963 tipc_k_signal((Handler)port_dispatcher_sigh, 0);
977 } 964 }
978 spin_unlock_bh(&queue_lock); 965 spin_unlock_bh(&queue_lock);
979 return TIPC_OK; 966 return 0;
980} 967}
981 968
982/* 969/*
@@ -1053,15 +1040,14 @@ int tipc_createport(u32 user_ref,
1053{ 1040{
1054 struct user_port *up_ptr; 1041 struct user_port *up_ptr;
1055 struct port *p_ptr; 1042 struct port *p_ptr;
1056 u32 ref;
1057 1043
1058 up_ptr = kmalloc(sizeof(*up_ptr), GFP_ATOMIC); 1044 up_ptr = kmalloc(sizeof(*up_ptr), GFP_ATOMIC);
1059 if (!up_ptr) { 1045 if (!up_ptr) {
1060 warn("Port creation failed, no memory\n"); 1046 warn("Port creation failed, no memory\n");
1061 return -ENOMEM; 1047 return -ENOMEM;
1062 } 1048 }
1063 ref = tipc_createport_raw(NULL, port_dispatcher, port_wakeup, importance); 1049 p_ptr = (struct port *)tipc_createport_raw(NULL, port_dispatcher,
1064 p_ptr = tipc_port_lock(ref); 1050 port_wakeup, importance);
1065 if (!p_ptr) { 1051 if (!p_ptr) {
1066 kfree(up_ptr); 1052 kfree(up_ptr);
1067 return -ENOMEM; 1053 return -ENOMEM;
@@ -1081,16 +1067,15 @@ int tipc_createport(u32 user_ref,
1081 INIT_LIST_HEAD(&up_ptr->uport_list); 1067 INIT_LIST_HEAD(&up_ptr->uport_list);
1082 tipc_reg_add_port(up_ptr); 1068 tipc_reg_add_port(up_ptr);
1083 *portref = p_ptr->publ.ref; 1069 *portref = p_ptr->publ.ref;
1084 dbg(" tipc_createport: %x with ref %u\n", p_ptr, p_ptr->publ.ref);
1085 tipc_port_unlock(p_ptr); 1070 tipc_port_unlock(p_ptr);
1086 return TIPC_OK; 1071 return 0;
1087} 1072}
1088 1073
1089int tipc_ownidentity(u32 ref, struct tipc_portid *id) 1074int tipc_ownidentity(u32 ref, struct tipc_portid *id)
1090{ 1075{
1091 id->ref = ref; 1076 id->ref = ref;
1092 id->node = tipc_own_addr; 1077 id->node = tipc_own_addr;
1093 return TIPC_OK; 1078 return 0;
1094} 1079}
1095 1080
1096int tipc_portimportance(u32 ref, unsigned int *importance) 1081int tipc_portimportance(u32 ref, unsigned int *importance)
@@ -1102,7 +1087,7 @@ int tipc_portimportance(u32 ref, unsigned int *importance)
1102 return -EINVAL; 1087 return -EINVAL;
1103 *importance = (unsigned int)msg_importance(&p_ptr->publ.phdr); 1088 *importance = (unsigned int)msg_importance(&p_ptr->publ.phdr);
1104 tipc_port_unlock(p_ptr); 1089 tipc_port_unlock(p_ptr);
1105 return TIPC_OK; 1090 return 0;
1106} 1091}
1107 1092
1108int tipc_set_portimportance(u32 ref, unsigned int imp) 1093int tipc_set_portimportance(u32 ref, unsigned int imp)
@@ -1117,7 +1102,7 @@ int tipc_set_portimportance(u32 ref, unsigned int imp)
1117 return -EINVAL; 1102 return -EINVAL;
1118 msg_set_importance(&p_ptr->publ.phdr, (u32)imp); 1103 msg_set_importance(&p_ptr->publ.phdr, (u32)imp);
1119 tipc_port_unlock(p_ptr); 1104 tipc_port_unlock(p_ptr);
1120 return TIPC_OK; 1105 return 0;
1121} 1106}
1122 1107
1123 1108
@@ -1152,7 +1137,7 @@ int tipc_publish(u32 ref, unsigned int scope, struct tipc_name_seq const *seq)
1152 list_add(&publ->pport_list, &p_ptr->publications); 1137 list_add(&publ->pport_list, &p_ptr->publications);
1153 p_ptr->pub_count++; 1138 p_ptr->pub_count++;
1154 p_ptr->publ.published = 1; 1139 p_ptr->publ.published = 1;
1155 res = TIPC_OK; 1140 res = 0;
1156 } 1141 }
1157exit: 1142exit:
1158 tipc_port_unlock(p_ptr); 1143 tipc_port_unlock(p_ptr);
@@ -1175,7 +1160,7 @@ int tipc_withdraw(u32 ref, unsigned int scope, struct tipc_name_seq const *seq)
1175 tipc_nametbl_withdraw(publ->type, publ->lower, 1160 tipc_nametbl_withdraw(publ->type, publ->lower,
1176 publ->ref, publ->key); 1161 publ->ref, publ->key);
1177 } 1162 }
1178 res = TIPC_OK; 1163 res = 0;
1179 } else { 1164 } else {
1180 list_for_each_entry_safe(publ, tpubl, 1165 list_for_each_entry_safe(publ, tpubl,
1181 &p_ptr->publications, pport_list) { 1166 &p_ptr->publications, pport_list) {
@@ -1189,7 +1174,7 @@ int tipc_withdraw(u32 ref, unsigned int scope, struct tipc_name_seq const *seq)
1189 break; 1174 break;
1190 tipc_nametbl_withdraw(publ->type, publ->lower, 1175 tipc_nametbl_withdraw(publ->type, publ->lower,
1191 publ->ref, publ->key); 1176 publ->ref, publ->key);
1192 res = TIPC_OK; 1177 res = 0;
1193 break; 1178 break;
1194 } 1179 }
1195 } 1180 }
@@ -1233,7 +1218,7 @@ int tipc_connect2port(u32 ref, struct tipc_portid const *peer)
1233 tipc_nodesub_subscribe(&p_ptr->subscription,peer->node, 1218 tipc_nodesub_subscribe(&p_ptr->subscription,peer->node,
1234 (void *)(unsigned long)ref, 1219 (void *)(unsigned long)ref,
1235 (net_ev_handler)port_handle_node_down); 1220 (net_ev_handler)port_handle_node_down);
1236 res = TIPC_OK; 1221 res = 0;
1237exit: 1222exit:
1238 tipc_port_unlock(p_ptr); 1223 tipc_port_unlock(p_ptr);
1239 p_ptr->publ.max_pkt = tipc_link_get_max_pkt(peer->node, ref); 1224 p_ptr->publ.max_pkt = tipc_link_get_max_pkt(peer->node, ref);
@@ -1255,7 +1240,7 @@ int tipc_disconnect_port(struct tipc_port *tp_ptr)
1255 /* let timer expire on it's own to avoid deadlock! */ 1240 /* let timer expire on it's own to avoid deadlock! */
1256 tipc_nodesub_unsubscribe( 1241 tipc_nodesub_unsubscribe(
1257 &((struct port *)tp_ptr)->subscription); 1242 &((struct port *)tp_ptr)->subscription);
1258 res = TIPC_OK; 1243 res = 0;
1259 } else { 1244 } else {
1260 res = -ENOTCONN; 1245 res = -ENOTCONN;
1261 } 1246 }
@@ -1320,7 +1305,7 @@ int tipc_isconnected(u32 ref, int *isconnected)
1320 return -EINVAL; 1305 return -EINVAL;
1321 *isconnected = p_ptr->publ.connected; 1306 *isconnected = p_ptr->publ.connected;
1322 tipc_port_unlock(p_ptr); 1307 tipc_port_unlock(p_ptr);
1323 return TIPC_OK; 1308 return 0;
1324} 1309}
1325 1310
1326int tipc_peer(u32 ref, struct tipc_portid *peer) 1311int tipc_peer(u32 ref, struct tipc_portid *peer)
@@ -1334,7 +1319,7 @@ int tipc_peer(u32 ref, struct tipc_portid *peer)
1334 if (p_ptr->publ.connected) { 1319 if (p_ptr->publ.connected) {
1335 peer->ref = port_peerport(p_ptr); 1320 peer->ref = port_peerport(p_ptr);
1336 peer->node = port_peernode(p_ptr); 1321 peer->node = port_peernode(p_ptr);
1337 res = TIPC_OK; 1322 res = 0;
1338 } else 1323 } else
1339 res = -ENOTCONN; 1324 res = -ENOTCONN;
1340 tipc_port_unlock(p_ptr); 1325 tipc_port_unlock(p_ptr);
diff --git a/net/tipc/port.h b/net/tipc/port.h
index e5f8c16429bd..ff31ee4a1dc3 100644
--- a/net/tipc/port.h
+++ b/net/tipc/port.h
@@ -105,7 +105,7 @@ struct port {
105 u32 probing_interval; 105 u32 probing_interval;
106 u32 last_in_seqno; 106 u32 last_in_seqno;
107 struct timer_list timer; 107 struct timer_list timer;
108 struct node_subscr subscription; 108 struct tipc_node_subscr subscription;
109}; 109};
110 110
111extern spinlock_t tipc_port_list_lock; 111extern spinlock_t tipc_port_list_lock;
diff --git a/net/tipc/ref.c b/net/tipc/ref.c
index 89cbab24d08f..414fc34b8bea 100644
--- a/net/tipc/ref.c
+++ b/net/tipc/ref.c
@@ -123,7 +123,7 @@ int tipc_ref_table_init(u32 requested_size, u32 start)
123 tipc_ref_table.index_mask = actual_size - 1; 123 tipc_ref_table.index_mask = actual_size - 1;
124 tipc_ref_table.start_mask = start & ~tipc_ref_table.index_mask; 124 tipc_ref_table.start_mask = start & ~tipc_ref_table.index_mask;
125 125
126 return TIPC_OK; 126 return 0;
127} 127}
128 128
129/** 129/**
@@ -142,9 +142,13 @@ void tipc_ref_table_stop(void)
142/** 142/**
143 * tipc_ref_acquire - create reference to an object 143 * tipc_ref_acquire - create reference to an object
144 * 144 *
145 * Return a unique reference value which can be translated back to the pointer 145 * Register an object pointer in reference table and lock the object.
146 * 'object' at a later time. Also, pass back a pointer to the lock protecting 146 * Returns a unique reference value that is used from then on to retrieve the
147 * the object, but without locking it. 147 * object pointer, or to determine that the object has been deregistered.
148 *
149 * Note: The object is returned in the locked state so that the caller can
150 * register a partially initialized object, without running the risk that
151 * the object will be accessed before initialization is complete.
148 */ 152 */
149 153
150u32 tipc_ref_acquire(void *object, spinlock_t **lock) 154u32 tipc_ref_acquire(void *object, spinlock_t **lock)
@@ -178,13 +182,13 @@ u32 tipc_ref_acquire(void *object, spinlock_t **lock)
178 ref = (next_plus_upper & ~index_mask) + index; 182 ref = (next_plus_upper & ~index_mask) + index;
179 entry->ref = ref; 183 entry->ref = ref;
180 entry->object = object; 184 entry->object = object;
181 spin_unlock_bh(&entry->lock);
182 *lock = &entry->lock; 185 *lock = &entry->lock;
183 } 186 }
184 else if (tipc_ref_table.init_point < tipc_ref_table.capacity) { 187 else if (tipc_ref_table.init_point < tipc_ref_table.capacity) {
185 index = tipc_ref_table.init_point++; 188 index = tipc_ref_table.init_point++;
186 entry = &(tipc_ref_table.entries[index]); 189 entry = &(tipc_ref_table.entries[index]);
187 spin_lock_init(&entry->lock); 190 spin_lock_init(&entry->lock);
191 spin_lock_bh(&entry->lock);
188 ref = tipc_ref_table.start_mask + index; 192 ref = tipc_ref_table.start_mask + index;
189 entry->ref = ref; 193 entry->ref = ref;
190 entry->object = object; 194 entry->object = object;
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 230f9ca2ad6b..1848693ebb82 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2,7 +2,7 @@
2 * net/tipc/socket.c: TIPC socket API 2 * net/tipc/socket.c: TIPC socket API
3 * 3 *
4 * Copyright (c) 2001-2007, Ericsson AB 4 * Copyright (c) 2001-2007, Ericsson AB
5 * Copyright (c) 2004-2007, Wind River Systems 5 * Copyright (c) 2004-2008, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -63,6 +63,7 @@
63struct tipc_sock { 63struct tipc_sock {
64 struct sock sk; 64 struct sock sk;
65 struct tipc_port *p; 65 struct tipc_port *p;
66 struct tipc_portid peer_name;
66}; 67};
67 68
68#define tipc_sk(sk) ((struct tipc_sock *)(sk)) 69#define tipc_sk(sk) ((struct tipc_sock *)(sk))
@@ -188,7 +189,7 @@ static int tipc_create(struct net *net, struct socket *sock, int protocol)
188 const struct proto_ops *ops; 189 const struct proto_ops *ops;
189 socket_state state; 190 socket_state state;
190 struct sock *sk; 191 struct sock *sk;
191 u32 portref; 192 struct tipc_port *tp_ptr;
192 193
193 /* Validate arguments */ 194 /* Validate arguments */
194 195
@@ -224,9 +225,9 @@ static int tipc_create(struct net *net, struct socket *sock, int protocol)
224 225
225 /* Allocate TIPC port for socket to use */ 226 /* Allocate TIPC port for socket to use */
226 227
227 portref = tipc_createport_raw(sk, &dispatch, &wakeupdispatch, 228 tp_ptr = tipc_createport_raw(sk, &dispatch, &wakeupdispatch,
228 TIPC_LOW_IMPORTANCE); 229 TIPC_LOW_IMPORTANCE);
229 if (unlikely(portref == 0)) { 230 if (unlikely(!tp_ptr)) {
230 sk_free(sk); 231 sk_free(sk);
231 return -ENOMEM; 232 return -ENOMEM;
232 } 233 }
@@ -239,12 +240,14 @@ static int tipc_create(struct net *net, struct socket *sock, int protocol)
239 sock_init_data(sock, sk); 240 sock_init_data(sock, sk);
240 sk->sk_rcvtimeo = msecs_to_jiffies(CONN_TIMEOUT_DEFAULT); 241 sk->sk_rcvtimeo = msecs_to_jiffies(CONN_TIMEOUT_DEFAULT);
241 sk->sk_backlog_rcv = backlog_rcv; 242 sk->sk_backlog_rcv = backlog_rcv;
242 tipc_sk(sk)->p = tipc_get_port(portref); 243 tipc_sk(sk)->p = tp_ptr;
244
245 spin_unlock_bh(tp_ptr->lock);
243 246
244 if (sock->state == SS_READY) { 247 if (sock->state == SS_READY) {
245 tipc_set_portunreturnable(portref, 1); 248 tipc_set_portunreturnable(tp_ptr->ref, 1);
246 if (sock->type == SOCK_DGRAM) 249 if (sock->type == SOCK_DGRAM)
247 tipc_set_portunreliable(portref, 1); 250 tipc_set_portunreliable(tp_ptr->ref, 1);
248 } 251 }
249 252
250 atomic_inc(&tipc_user_count); 253 atomic_inc(&tipc_user_count);
@@ -375,27 +378,29 @@ static int bind(struct socket *sock, struct sockaddr *uaddr, int uaddr_len)
375 * @sock: socket structure 378 * @sock: socket structure
376 * @uaddr: area for returned socket address 379 * @uaddr: area for returned socket address
377 * @uaddr_len: area for returned length of socket address 380 * @uaddr_len: area for returned length of socket address
378 * @peer: 0 to obtain socket name, 1 to obtain peer socket name 381 * @peer: 0 = own ID, 1 = current peer ID, 2 = current/former peer ID
379 * 382 *
380 * Returns 0 on success, errno otherwise 383 * Returns 0 on success, errno otherwise
381 * 384 *
382 * NOTE: This routine doesn't need to take the socket lock since it doesn't 385 * NOTE: This routine doesn't need to take the socket lock since it only
383 * access any non-constant socket information. 386 * accesses socket information that is unchanging (or which changes in
387 * a completely predictable manner).
384 */ 388 */
385 389
386static int get_name(struct socket *sock, struct sockaddr *uaddr, 390static int get_name(struct socket *sock, struct sockaddr *uaddr,
387 int *uaddr_len, int peer) 391 int *uaddr_len, int peer)
388{ 392{
389 struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr; 393 struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr;
390 u32 portref = tipc_sk_port(sock->sk)->ref; 394 struct tipc_sock *tsock = tipc_sk(sock->sk);
391 u32 res;
392 395
393 if (peer) { 396 if (peer) {
394 res = tipc_peer(portref, &addr->addr.id); 397 if ((sock->state != SS_CONNECTED) &&
395 if (res) 398 ((peer != 2) || (sock->state != SS_DISCONNECTING)))
396 return res; 399 return -ENOTCONN;
400 addr->addr.id.ref = tsock->peer_name.ref;
401 addr->addr.id.node = tsock->peer_name.node;
397 } else { 402 } else {
398 tipc_ownidentity(portref, &addr->addr.id); 403 tipc_ownidentity(tsock->p->ref, &addr->addr.id);
399 } 404 }
400 405
401 *uaddr_len = sizeof(*addr); 406 *uaddr_len = sizeof(*addr);
@@ -764,18 +769,17 @@ exit:
764 769
765static int auto_connect(struct socket *sock, struct tipc_msg *msg) 770static int auto_connect(struct socket *sock, struct tipc_msg *msg)
766{ 771{
767 struct tipc_port *tport = tipc_sk_port(sock->sk); 772 struct tipc_sock *tsock = tipc_sk(sock->sk);
768 struct tipc_portid peer;
769 773
770 if (msg_errcode(msg)) { 774 if (msg_errcode(msg)) {
771 sock->state = SS_DISCONNECTING; 775 sock->state = SS_DISCONNECTING;
772 return -ECONNREFUSED; 776 return -ECONNREFUSED;
773 } 777 }
774 778
775 peer.ref = msg_origport(msg); 779 tsock->peer_name.ref = msg_origport(msg);
776 peer.node = msg_orignode(msg); 780 tsock->peer_name.node = msg_orignode(msg);
777 tipc_connect2port(tport->ref, &peer); 781 tipc_connect2port(tsock->p->ref, &tsock->peer_name);
778 tipc_set_portimportance(tport->ref, msg_importance(msg)); 782 tipc_set_portimportance(tsock->p->ref, msg_importance(msg));
779 sock->state = SS_CONNECTED; 783 sock->state = SS_CONNECTED;
780 return 0; 784 return 0;
781} 785}
@@ -1131,7 +1135,7 @@ restart:
1131 /* Loop around if more data is required */ 1135 /* Loop around if more data is required */
1132 1136
1133 if ((sz_copied < buf_len) /* didn't get all requested data */ 1137 if ((sz_copied < buf_len) /* didn't get all requested data */
1134 && (!skb_queue_empty(&sock->sk->sk_receive_queue) || 1138 && (!skb_queue_empty(&sk->sk_receive_queue) ||
1135 (flags & MSG_WAITALL)) 1139 (flags & MSG_WAITALL))
1136 /* ... and more is ready or required */ 1140 /* ... and more is ready or required */
1137 && (!(flags & MSG_PEEK)) /* ... and aren't just peeking at data */ 1141 && (!(flags & MSG_PEEK)) /* ... and aren't just peeking at data */
@@ -1527,9 +1531,9 @@ static int accept(struct socket *sock, struct socket *new_sock, int flags)
1527 res = tipc_create(sock_net(sock->sk), new_sock, 0); 1531 res = tipc_create(sock_net(sock->sk), new_sock, 0);
1528 if (!res) { 1532 if (!res) {
1529 struct sock *new_sk = new_sock->sk; 1533 struct sock *new_sk = new_sock->sk;
1530 struct tipc_port *new_tport = tipc_sk_port(new_sk); 1534 struct tipc_sock *new_tsock = tipc_sk(new_sk);
1535 struct tipc_port *new_tport = new_tsock->p;
1531 u32 new_ref = new_tport->ref; 1536 u32 new_ref = new_tport->ref;
1532 struct tipc_portid id;
1533 struct tipc_msg *msg = buf_msg(buf); 1537 struct tipc_msg *msg = buf_msg(buf);
1534 1538
1535 lock_sock(new_sk); 1539 lock_sock(new_sk);
@@ -1543,9 +1547,9 @@ static int accept(struct socket *sock, struct socket *new_sock, int flags)
1543 1547
1544 /* Connect new socket to it's peer */ 1548 /* Connect new socket to it's peer */
1545 1549
1546 id.ref = msg_origport(msg); 1550 new_tsock->peer_name.ref = msg_origport(msg);
1547 id.node = msg_orignode(msg); 1551 new_tsock->peer_name.node = msg_orignode(msg);
1548 tipc_connect2port(new_ref, &id); 1552 tipc_connect2port(new_ref, &new_tsock->peer_name);
1549 new_sock->state = SS_CONNECTED; 1553 new_sock->state = SS_CONNECTED;
1550 1554
1551 tipc_set_portimportance(new_ref, msg_importance(msg)); 1555 tipc_set_portimportance(new_ref, msg_importance(msg));
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
index 8c01ccd3626c..0747d8a9232f 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
@@ -1,8 +1,8 @@
1/* 1/*
2 * net/tipc/subscr.c: TIPC subscription service 2 * net/tipc/subscr.c: TIPC network topology service
3 * 3 *
4 * Copyright (c) 2000-2006, Ericsson AB 4 * Copyright (c) 2000-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -36,27 +36,24 @@
36 36
37#include "core.h" 37#include "core.h"
38#include "dbg.h" 38#include "dbg.h"
39#include "subscr.h"
40#include "name_table.h" 39#include "name_table.h"
40#include "port.h"
41#include "ref.h" 41#include "ref.h"
42#include "subscr.h"
42 43
43/** 44/**
44 * struct subscriber - TIPC network topology subscriber 45 * struct subscriber - TIPC network topology subscriber
45 * @ref: object reference to subscriber object itself 46 * @port_ref: object reference to server port connecting to subscriber
46 * @lock: pointer to spinlock controlling access to subscriber object 47 * @lock: pointer to spinlock controlling access to subscriber's server port
47 * @subscriber_list: adjacent subscribers in top. server's list of subscribers 48 * @subscriber_list: adjacent subscribers in top. server's list of subscribers
48 * @subscription_list: list of subscription objects for this subscriber 49 * @subscription_list: list of subscription objects for this subscriber
49 * @port_ref: object reference to port used to communicate with subscriber
50 * @swap: indicates if subscriber uses opposite endianness in its messages
51 */ 50 */
52 51
53struct subscriber { 52struct subscriber {
54 u32 ref; 53 u32 port_ref;
55 spinlock_t *lock; 54 spinlock_t *lock;
56 struct list_head subscriber_list; 55 struct list_head subscriber_list;
57 struct list_head subscription_list; 56 struct list_head subscription_list;
58 u32 port_ref;
59 int swap;
60}; 57};
61 58
62/** 59/**
@@ -88,13 +85,14 @@ static struct top_srv topsrv = { 0 };
88 85
89static u32 htohl(u32 in, int swap) 86static u32 htohl(u32 in, int swap)
90{ 87{
91 char *c = (char *)&in; 88 return swap ? swab32(in) : in;
92
93 return swap ? ((c[3] << 3) + (c[2] << 2) + (c[1] << 1) + c[0]) : in;
94} 89}
95 90
96/** 91/**
97 * subscr_send_event - send a message containing a tipc_event to the subscriber 92 * subscr_send_event - send a message containing a tipc_event to the subscriber
93 *
94 * Note: Must not hold subscriber's server port lock, since tipc_send() will
95 * try to take the lock if the message is rejected and returned!
98 */ 96 */
99 97
100static void subscr_send_event(struct subscription *sub, 98static void subscr_send_event(struct subscription *sub,
@@ -109,12 +107,12 @@ static void subscr_send_event(struct subscription *sub,
109 msg_sect.iov_base = (void *)&sub->evt; 107 msg_sect.iov_base = (void *)&sub->evt;
110 msg_sect.iov_len = sizeof(struct tipc_event); 108 msg_sect.iov_len = sizeof(struct tipc_event);
111 109
112 sub->evt.event = htohl(event, sub->owner->swap); 110 sub->evt.event = htohl(event, sub->swap);
113 sub->evt.found_lower = htohl(found_lower, sub->owner->swap); 111 sub->evt.found_lower = htohl(found_lower, sub->swap);
114 sub->evt.found_upper = htohl(found_upper, sub->owner->swap); 112 sub->evt.found_upper = htohl(found_upper, sub->swap);
115 sub->evt.port.ref = htohl(port_ref, sub->owner->swap); 113 sub->evt.port.ref = htohl(port_ref, sub->swap);
116 sub->evt.port.node = htohl(node, sub->owner->swap); 114 sub->evt.port.node = htohl(node, sub->swap);
117 tipc_send(sub->owner->port_ref, 1, &msg_sect); 115 tipc_send(sub->server_ref, 1, &msg_sect);
118} 116}
119 117
120/** 118/**
@@ -151,13 +149,12 @@ void tipc_subscr_report_overlap(struct subscription *sub,
151 u32 node, 149 u32 node,
152 int must) 150 int must)
153{ 151{
154 dbg("Rep overlap %u:%u,%u<->%u,%u\n", sub->seq.type, sub->seq.lower,
155 sub->seq.upper, found_lower, found_upper);
156 if (!tipc_subscr_overlap(sub, found_lower, found_upper)) 152 if (!tipc_subscr_overlap(sub, found_lower, found_upper))
157 return; 153 return;
158 if (!must && !(sub->filter & TIPC_SUB_PORTS)) 154 if (!must && !(sub->filter & TIPC_SUB_PORTS))
159 return; 155 return;
160 subscr_send_event(sub, found_lower, found_upper, event, port_ref, node); 156
157 sub->event_cb(sub, found_lower, found_upper, event, port_ref, node);
161} 158}
162 159
163/** 160/**
@@ -166,20 +163,18 @@ void tipc_subscr_report_overlap(struct subscription *sub,
166 163
167static void subscr_timeout(struct subscription *sub) 164static void subscr_timeout(struct subscription *sub)
168{ 165{
169 struct subscriber *subscriber; 166 struct port *server_port;
170 u32 subscriber_ref;
171 167
172 /* Validate subscriber reference (in case subscriber is terminating) */ 168 /* Validate server port reference (in case subscriber is terminating) */
173 169
174 subscriber_ref = sub->owner->ref; 170 server_port = tipc_port_lock(sub->server_ref);
175 subscriber = (struct subscriber *)tipc_ref_lock(subscriber_ref); 171 if (server_port == NULL)
176 if (subscriber == NULL)
177 return; 172 return;
178 173
179 /* Validate timeout (in case subscription is being cancelled) */ 174 /* Validate timeout (in case subscription is being cancelled) */
180 175
181 if (sub->timeout == TIPC_WAIT_FOREVER) { 176 if (sub->timeout == TIPC_WAIT_FOREVER) {
182 tipc_ref_unlock(subscriber_ref); 177 tipc_port_unlock(server_port);
183 return; 178 return;
184 } 179 }
185 180
@@ -187,19 +182,21 @@ static void subscr_timeout(struct subscription *sub)
187 182
188 tipc_nametbl_unsubscribe(sub); 183 tipc_nametbl_unsubscribe(sub);
189 184
190 /* Notify subscriber of timeout, then unlink subscription */ 185 /* Unlink subscription from subscriber */
191 186
192 subscr_send_event(sub,
193 sub->evt.s.seq.lower,
194 sub->evt.s.seq.upper,
195 TIPC_SUBSCR_TIMEOUT,
196 0,
197 0);
198 list_del(&sub->subscription_list); 187 list_del(&sub->subscription_list);
199 188
189 /* Release subscriber's server port */
190
191 tipc_port_unlock(server_port);
192
193 /* Notify subscriber of timeout */
194
195 subscr_send_event(sub, sub->evt.s.seq.lower, sub->evt.s.seq.upper,
196 TIPC_SUBSCR_TIMEOUT, 0, 0);
197
200 /* Now destroy subscription */ 198 /* Now destroy subscription */
201 199
202 tipc_ref_unlock(subscriber_ref);
203 k_term_timer(&sub->timer); 200 k_term_timer(&sub->timer);
204 kfree(sub); 201 kfree(sub);
205 atomic_dec(&topsrv.subscription_count); 202 atomic_dec(&topsrv.subscription_count);
@@ -208,7 +205,7 @@ static void subscr_timeout(struct subscription *sub)
208/** 205/**
209 * subscr_del - delete a subscription within a subscription list 206 * subscr_del - delete a subscription within a subscription list
210 * 207 *
211 * Called with subscriber locked. 208 * Called with subscriber port locked.
212 */ 209 */
213 210
214static void subscr_del(struct subscription *sub) 211static void subscr_del(struct subscription *sub)
@@ -222,7 +219,7 @@ static void subscr_del(struct subscription *sub)
222/** 219/**
223 * subscr_terminate - terminate communication with a subscriber 220 * subscr_terminate - terminate communication with a subscriber
224 * 221 *
225 * Called with subscriber locked. Routine must temporarily release this lock 222 * Called with subscriber port locked. Routine must temporarily release lock
226 * to enable subscription timeout routine(s) to finish without deadlocking; 223 * to enable subscription timeout routine(s) to finish without deadlocking;
227 * the lock is then reclaimed to allow caller to release it upon return. 224 * the lock is then reclaimed to allow caller to release it upon return.
228 * (This should work even in the unlikely event some other thread creates 225 * (This should work even in the unlikely event some other thread creates
@@ -232,14 +229,21 @@ static void subscr_del(struct subscription *sub)
232 229
233static void subscr_terminate(struct subscriber *subscriber) 230static void subscr_terminate(struct subscriber *subscriber)
234{ 231{
232 u32 port_ref;
235 struct subscription *sub; 233 struct subscription *sub;
236 struct subscription *sub_temp; 234 struct subscription *sub_temp;
237 235
238 /* Invalidate subscriber reference */ 236 /* Invalidate subscriber reference */
239 237
240 tipc_ref_discard(subscriber->ref); 238 port_ref = subscriber->port_ref;
239 subscriber->port_ref = 0;
241 spin_unlock_bh(subscriber->lock); 240 spin_unlock_bh(subscriber->lock);
242 241
242 /* Sever connection to subscriber */
243
244 tipc_shutdown(port_ref);
245 tipc_deleteport(port_ref);
246
243 /* Destroy any existing subscriptions for subscriber */ 247 /* Destroy any existing subscriptions for subscriber */
244 248
245 list_for_each_entry_safe(sub, sub_temp, &subscriber->subscription_list, 249 list_for_each_entry_safe(sub, sub_temp, &subscriber->subscription_list,
@@ -253,27 +257,25 @@ static void subscr_terminate(struct subscriber *subscriber)
253 subscr_del(sub); 257 subscr_del(sub);
254 } 258 }
255 259
256 /* Sever connection to subscriber */
257
258 tipc_shutdown(subscriber->port_ref);
259 tipc_deleteport(subscriber->port_ref);
260
261 /* Remove subscriber from topology server's subscriber list */ 260 /* Remove subscriber from topology server's subscriber list */
262 261
263 spin_lock_bh(&topsrv.lock); 262 spin_lock_bh(&topsrv.lock);
264 list_del(&subscriber->subscriber_list); 263 list_del(&subscriber->subscriber_list);
265 spin_unlock_bh(&topsrv.lock); 264 spin_unlock_bh(&topsrv.lock);
266 265
267 /* Now destroy subscriber */ 266 /* Reclaim subscriber lock */
268 267
269 spin_lock_bh(subscriber->lock); 268 spin_lock_bh(subscriber->lock);
269
270 /* Now destroy subscriber */
271
270 kfree(subscriber); 272 kfree(subscriber);
271} 273}
272 274
273/** 275/**
274 * subscr_cancel - handle subscription cancellation request 276 * subscr_cancel - handle subscription cancellation request
275 * 277 *
276 * Called with subscriber locked. Routine must temporarily release this lock 278 * Called with subscriber port locked. Routine must temporarily release lock
277 * to enable the subscription timeout routine to finish without deadlocking; 279 * to enable the subscription timeout routine to finish without deadlocking;
278 * the lock is then reclaimed to allow caller to release it upon return. 280 * the lock is then reclaimed to allow caller to release it upon return.
279 * 281 *
@@ -316,27 +318,25 @@ static void subscr_cancel(struct tipc_subscr *s,
316/** 318/**
317 * subscr_subscribe - create subscription for subscriber 319 * subscr_subscribe - create subscription for subscriber
318 * 320 *
319 * Called with subscriber locked 321 * Called with subscriber port locked.
320 */ 322 */
321 323
322static void subscr_subscribe(struct tipc_subscr *s, 324static struct subscription *subscr_subscribe(struct tipc_subscr *s,
323 struct subscriber *subscriber) 325 struct subscriber *subscriber)
324{ 326{
325 struct subscription *sub; 327 struct subscription *sub;
328 int swap;
326 329
327 /* Determine/update subscriber's endianness */ 330 /* Determine subscriber's endianness */
328 331
329 if (s->filter & (TIPC_SUB_PORTS | TIPC_SUB_SERVICE)) 332 swap = !(s->filter & (TIPC_SUB_PORTS | TIPC_SUB_SERVICE));
330 subscriber->swap = 0;
331 else
332 subscriber->swap = 1;
333 333
334 /* Detect & process a subscription cancellation request */ 334 /* Detect & process a subscription cancellation request */
335 335
336 if (s->filter & htohl(TIPC_SUB_CANCEL, subscriber->swap)) { 336 if (s->filter & htohl(TIPC_SUB_CANCEL, swap)) {
337 s->filter &= ~htohl(TIPC_SUB_CANCEL, subscriber->swap); 337 s->filter &= ~htohl(TIPC_SUB_CANCEL, swap);
338 subscr_cancel(s, subscriber); 338 subscr_cancel(s, subscriber);
339 return; 339 return NULL;
340 } 340 }
341 341
342 /* Refuse subscription if global limit exceeded */ 342 /* Refuse subscription if global limit exceeded */
@@ -345,63 +345,66 @@ static void subscr_subscribe(struct tipc_subscr *s,
345 warn("Subscription rejected, subscription limit reached (%u)\n", 345 warn("Subscription rejected, subscription limit reached (%u)\n",
346 tipc_max_subscriptions); 346 tipc_max_subscriptions);
347 subscr_terminate(subscriber); 347 subscr_terminate(subscriber);
348 return; 348 return NULL;
349 } 349 }
350 350
351 /* Allocate subscription object */ 351 /* Allocate subscription object */
352 352
353 sub = kzalloc(sizeof(*sub), GFP_ATOMIC); 353 sub = kmalloc(sizeof(*sub), GFP_ATOMIC);
354 if (!sub) { 354 if (!sub) {
355 warn("Subscription rejected, no memory\n"); 355 warn("Subscription rejected, no memory\n");
356 subscr_terminate(subscriber); 356 subscr_terminate(subscriber);
357 return; 357 return NULL;
358 } 358 }
359 359
360 /* Initialize subscription object */ 360 /* Initialize subscription object */
361 361
362 sub->seq.type = htohl(s->seq.type, subscriber->swap); 362 sub->seq.type = htohl(s->seq.type, swap);
363 sub->seq.lower = htohl(s->seq.lower, subscriber->swap); 363 sub->seq.lower = htohl(s->seq.lower, swap);
364 sub->seq.upper = htohl(s->seq.upper, subscriber->swap); 364 sub->seq.upper = htohl(s->seq.upper, swap);
365 sub->timeout = htohl(s->timeout, subscriber->swap); 365 sub->timeout = htohl(s->timeout, swap);
366 sub->filter = htohl(s->filter, subscriber->swap); 366 sub->filter = htohl(s->filter, swap);
367 if ((!(sub->filter & TIPC_SUB_PORTS) 367 if ((!(sub->filter & TIPC_SUB_PORTS)
368 == !(sub->filter & TIPC_SUB_SERVICE)) 368 == !(sub->filter & TIPC_SUB_SERVICE))
369 || (sub->seq.lower > sub->seq.upper)) { 369 || (sub->seq.lower > sub->seq.upper)) {
370 warn("Subscription rejected, illegal request\n"); 370 warn("Subscription rejected, illegal request\n");
371 kfree(sub); 371 kfree(sub);
372 subscr_terminate(subscriber); 372 subscr_terminate(subscriber);
373 return; 373 return NULL;
374 } 374 }
375 memcpy(&sub->evt.s, s, sizeof(struct tipc_subscr)); 375 sub->event_cb = subscr_send_event;
376 INIT_LIST_HEAD(&sub->subscription_list);
377 INIT_LIST_HEAD(&sub->nameseq_list); 376 INIT_LIST_HEAD(&sub->nameseq_list);
378 list_add(&sub->subscription_list, &subscriber->subscription_list); 377 list_add(&sub->subscription_list, &subscriber->subscription_list);
378 sub->server_ref = subscriber->port_ref;
379 sub->swap = swap;
380 memcpy(&sub->evt.s, s, sizeof(struct tipc_subscr));
379 atomic_inc(&topsrv.subscription_count); 381 atomic_inc(&topsrv.subscription_count);
380 if (sub->timeout != TIPC_WAIT_FOREVER) { 382 if (sub->timeout != TIPC_WAIT_FOREVER) {
381 k_init_timer(&sub->timer, 383 k_init_timer(&sub->timer,
382 (Handler)subscr_timeout, (unsigned long)sub); 384 (Handler)subscr_timeout, (unsigned long)sub);
383 k_start_timer(&sub->timer, sub->timeout); 385 k_start_timer(&sub->timer, sub->timeout);
384 } 386 }
385 sub->owner = subscriber; 387
386 tipc_nametbl_subscribe(sub); 388 return sub;
387} 389}
388 390
389/** 391/**
390 * subscr_conn_shutdown_event - handle termination request from subscriber 392 * subscr_conn_shutdown_event - handle termination request from subscriber
393 *
394 * Called with subscriber's server port unlocked.
391 */ 395 */
392 396
393static void subscr_conn_shutdown_event(void *usr_handle, 397static void subscr_conn_shutdown_event(void *usr_handle,
394 u32 portref, 398 u32 port_ref,
395 struct sk_buff **buf, 399 struct sk_buff **buf,
396 unsigned char const *data, 400 unsigned char const *data,
397 unsigned int size, 401 unsigned int size,
398 int reason) 402 int reason)
399{ 403{
400 struct subscriber *subscriber; 404 struct subscriber *subscriber = usr_handle;
401 spinlock_t *subscriber_lock; 405 spinlock_t *subscriber_lock;
402 406
403 subscriber = tipc_ref_lock((u32)(unsigned long)usr_handle); 407 if (tipc_port_lock(port_ref) == NULL)
404 if (subscriber == NULL)
405 return; 408 return;
406 409
407 subscriber_lock = subscriber->lock; 410 subscriber_lock = subscriber->lock;
@@ -411,6 +414,8 @@ static void subscr_conn_shutdown_event(void *usr_handle,
411 414
412/** 415/**
413 * subscr_conn_msg_event - handle new subscription request from subscriber 416 * subscr_conn_msg_event - handle new subscription request from subscriber
417 *
418 * Called with subscriber's server port unlocked.
414 */ 419 */
415 420
416static void subscr_conn_msg_event(void *usr_handle, 421static void subscr_conn_msg_event(void *usr_handle,
@@ -419,20 +424,46 @@ static void subscr_conn_msg_event(void *usr_handle,
419 const unchar *data, 424 const unchar *data,
420 u32 size) 425 u32 size)
421{ 426{
422 struct subscriber *subscriber; 427 struct subscriber *subscriber = usr_handle;
423 spinlock_t *subscriber_lock; 428 spinlock_t *subscriber_lock;
429 struct subscription *sub;
430
431 /*
432 * Lock subscriber's server port (& make a local copy of lock pointer,
433 * in case subscriber is deleted while processing subscription request)
434 */
424 435
425 subscriber = tipc_ref_lock((u32)(unsigned long)usr_handle); 436 if (tipc_port_lock(port_ref) == NULL)
426 if (subscriber == NULL)
427 return; 437 return;
428 438
429 subscriber_lock = subscriber->lock; 439 subscriber_lock = subscriber->lock;
430 if (size != sizeof(struct tipc_subscr))
431 subscr_terminate(subscriber);
432 else
433 subscr_subscribe((struct tipc_subscr *)data, subscriber);
434 440
435 spin_unlock_bh(subscriber_lock); 441 if (size != sizeof(struct tipc_subscr)) {
442 subscr_terminate(subscriber);
443 spin_unlock_bh(subscriber_lock);
444 } else {
445 sub = subscr_subscribe((struct tipc_subscr *)data, subscriber);
446 spin_unlock_bh(subscriber_lock);
447 if (sub != NULL) {
448
449 /*
450 * We must release the server port lock before adding a
451 * subscription to the name table since TIPC needs to be
452 * able to (re)acquire the port lock if an event message
453 * issued by the subscription process is rejected and
454 * returned. The subscription cannot be deleted while
455 * it is being added to the name table because:
456 * a) the single-threading of the native API port code
457 * ensures the subscription cannot be cancelled and
458 * the subscriber connection cannot be broken, and
459 * b) the name table lock ensures the subscription
460 * timeout code cannot delete the subscription,
461 * so the subscription object is still protected.
462 */
463
464 tipc_nametbl_subscribe(sub);
465 }
466 }
436} 467}
437 468
438/** 469/**
@@ -448,16 +479,10 @@ static void subscr_named_msg_event(void *usr_handle,
448 struct tipc_portid const *orig, 479 struct tipc_portid const *orig,
449 struct tipc_name_seq const *dest) 480 struct tipc_name_seq const *dest)
450{ 481{
451 struct subscriber *subscriber; 482 static struct iovec msg_sect = {NULL, 0};
452 struct iovec msg_sect = {NULL, 0};
453 spinlock_t *subscriber_lock;
454 483
455 dbg("subscr_named_msg_event: orig = %x own = %x,\n", 484 struct subscriber *subscriber;
456 orig->node, tipc_own_addr); 485 u32 server_port_ref;
457 if (size && (size != sizeof(struct tipc_subscr))) {
458 warn("Subscriber rejected, invalid subscription size\n");
459 return;
460 }
461 486
462 /* Create subscriber object */ 487 /* Create subscriber object */
463 488
@@ -468,17 +493,11 @@ static void subscr_named_msg_event(void *usr_handle,
468 } 493 }
469 INIT_LIST_HEAD(&subscriber->subscription_list); 494 INIT_LIST_HEAD(&subscriber->subscription_list);
470 INIT_LIST_HEAD(&subscriber->subscriber_list); 495 INIT_LIST_HEAD(&subscriber->subscriber_list);
471 subscriber->ref = tipc_ref_acquire(subscriber, &subscriber->lock);
472 if (subscriber->ref == 0) {
473 warn("Subscriber rejected, reference table exhausted\n");
474 kfree(subscriber);
475 return;
476 }
477 496
478 /* Establish a connection to subscriber */ 497 /* Create server port & establish connection to subscriber */
479 498
480 tipc_createport(topsrv.user_ref, 499 tipc_createport(topsrv.user_ref,
481 (void *)(unsigned long)subscriber->ref, 500 subscriber,
482 importance, 501 importance,
483 NULL, 502 NULL,
484 NULL, 503 NULL,
@@ -490,32 +509,36 @@ static void subscr_named_msg_event(void *usr_handle,
490 &subscriber->port_ref); 509 &subscriber->port_ref);
491 if (subscriber->port_ref == 0) { 510 if (subscriber->port_ref == 0) {
492 warn("Subscriber rejected, unable to create port\n"); 511 warn("Subscriber rejected, unable to create port\n");
493 tipc_ref_discard(subscriber->ref);
494 kfree(subscriber); 512 kfree(subscriber);
495 return; 513 return;
496 } 514 }
497 tipc_connect2port(subscriber->port_ref, orig); 515 tipc_connect2port(subscriber->port_ref, orig);
498 516
517 /* Lock server port (& save lock address for future use) */
518
519 subscriber->lock = tipc_port_lock(subscriber->port_ref)->publ.lock;
499 520
500 /* Add subscriber to topology server's subscriber list */ 521 /* Add subscriber to topology server's subscriber list */
501 522
502 tipc_ref_lock(subscriber->ref);
503 spin_lock_bh(&topsrv.lock); 523 spin_lock_bh(&topsrv.lock);
504 list_add(&subscriber->subscriber_list, &topsrv.subscriber_list); 524 list_add(&subscriber->subscriber_list, &topsrv.subscriber_list);
505 spin_unlock_bh(&topsrv.lock); 525 spin_unlock_bh(&topsrv.lock);
506 526
507 /* 527 /* Unlock server port */
508 * Subscribe now if message contains a subscription,
509 * otherwise send an empty response to complete connection handshaking
510 */
511 528
512 subscriber_lock = subscriber->lock; 529 server_port_ref = subscriber->port_ref;
513 if (size) 530 spin_unlock_bh(subscriber->lock);
514 subscr_subscribe((struct tipc_subscr *)data, subscriber);
515 else
516 tipc_send(subscriber->port_ref, 1, &msg_sect);
517 531
518 spin_unlock_bh(subscriber_lock); 532 /* Send an ACK- to complete connection handshaking */
533
534 tipc_send(server_port_ref, 1, &msg_sect);
535
536 /* Handle optional subscription request */
537
538 if (size != 0) {
539 subscr_conn_msg_event(subscriber, server_port_ref,
540 buf, data, size);
541 }
519} 542}
520 543
521int tipc_subscr_start(void) 544int tipc_subscr_start(void)
@@ -574,8 +597,8 @@ void tipc_subscr_stop(void)
574 list_for_each_entry_safe(subscriber, subscriber_temp, 597 list_for_each_entry_safe(subscriber, subscriber_temp,
575 &topsrv.subscriber_list, 598 &topsrv.subscriber_list,
576 subscriber_list) { 599 subscriber_list) {
577 tipc_ref_lock(subscriber->ref);
578 subscriber_lock = subscriber->lock; 600 subscriber_lock = subscriber->lock;
601 spin_lock_bh(subscriber_lock);
579 subscr_terminate(subscriber); 602 subscr_terminate(subscriber);
580 spin_unlock_bh(subscriber_lock); 603 spin_unlock_bh(subscriber_lock);
581 } 604 }
diff --git a/net/tipc/subscr.h b/net/tipc/subscr.h
index 93a8e674fac1..45d89bf4d202 100644
--- a/net/tipc/subscr.h
+++ b/net/tipc/subscr.h
@@ -1,8 +1,8 @@
1/* 1/*
2 * net/tipc/subscr.h: Include file for TIPC subscription service 2 * net/tipc/subscr.h: Include file for TIPC network topology service
3 * 3 *
4 * Copyright (c) 2003-2006, Ericsson AB 4 * Copyright (c) 2003-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -37,34 +37,44 @@
37#ifndef _TIPC_SUBSCR_H 37#ifndef _TIPC_SUBSCR_H
38#define _TIPC_SUBSCR_H 38#define _TIPC_SUBSCR_H
39 39
40struct subscription;
41
42typedef void (*tipc_subscr_event) (struct subscription *sub,
43 u32 found_lower, u32 found_upper,
44 u32 event, u32 port_ref, u32 node);
45
40/** 46/**
41 * struct subscription - TIPC network topology subscription object 47 * struct subscription - TIPC network topology subscription object
42 * @seq: name sequence associated with subscription 48 * @seq: name sequence associated with subscription
43 * @timeout: duration of subscription (in ms) 49 * @timeout: duration of subscription (in ms)
44 * @filter: event filtering to be done for subscription 50 * @filter: event filtering to be done for subscription
45 * @evt: template for events generated by subscription 51 * @event_cb: routine invoked when a subscription event is detected
46 * @subscription_list: adjacent subscriptions in subscriber's subscription list 52 * @timer: timer governing subscription duration (optional)
47 * @nameseq_list: adjacent subscriptions in name sequence's subscription list 53 * @nameseq_list: adjacent subscriptions in name sequence's subscription list
48 * @timer_ref: reference to timer governing subscription duration (may be NULL) 54 * @subscription_list: adjacent subscriptions in subscriber's subscription list
49 * @owner: pointer to subscriber object associated with this subscription 55 * @server_ref: object reference of server port associated with subscription
56 * @swap: indicates if subscriber uses opposite endianness in its messages
57 * @evt: template for events generated by subscription
50 */ 58 */
51 59
52struct subscription { 60struct subscription {
53 struct tipc_name_seq seq; 61 struct tipc_name_seq seq;
54 u32 timeout; 62 u32 timeout;
55 u32 filter; 63 u32 filter;
56 struct tipc_event evt; 64 tipc_subscr_event event_cb;
57 struct list_head subscription_list;
58 struct list_head nameseq_list;
59 struct timer_list timer; 65 struct timer_list timer;
60 struct subscriber *owner; 66 struct list_head nameseq_list;
67 struct list_head subscription_list;
68 u32 server_ref;
69 int swap;
70 struct tipc_event evt;
61}; 71};
62 72
63int tipc_subscr_overlap(struct subscription * sub, 73int tipc_subscr_overlap(struct subscription *sub,
64 u32 found_lower, 74 u32 found_lower,
65 u32 found_upper); 75 u32 found_upper);
66 76
67void tipc_subscr_report_overlap(struct subscription * sub, 77void tipc_subscr_report_overlap(struct subscription *sub,
68 u32 found_lower, 78 u32 found_lower,
69 u32 found_upper, 79 u32 found_upper,
70 u32 event, 80 u32 event,
diff --git a/net/tipc/user_reg.c b/net/tipc/user_reg.c
index 4146c40cd20b..506928803162 100644
--- a/net/tipc/user_reg.c
+++ b/net/tipc/user_reg.c
@@ -91,7 +91,7 @@ static int reg_init(void)
91 } 91 }
92 } 92 }
93 spin_unlock_bh(&reg_lock); 93 spin_unlock_bh(&reg_lock);
94 return users ? TIPC_OK : -ENOMEM; 94 return users ? 0 : -ENOMEM;
95} 95}
96 96
97/** 97/**
@@ -129,7 +129,7 @@ int tipc_reg_start(void)
129 tipc_k_signal((Handler)reg_callback, 129 tipc_k_signal((Handler)reg_callback,
130 (unsigned long)&users[u]); 130 (unsigned long)&users[u]);
131 } 131 }
132 return TIPC_OK; 132 return 0;
133} 133}
134 134
135/** 135/**
@@ -184,7 +184,7 @@ int tipc_attach(u32 *userid, tipc_mode_event cb, void *usr_handle)
184 184
185 if (cb && (tipc_mode != TIPC_NOT_RUNNING)) 185 if (cb && (tipc_mode != TIPC_NOT_RUNNING))
186 tipc_k_signal((Handler)reg_callback, (unsigned long)user_ptr); 186 tipc_k_signal((Handler)reg_callback, (unsigned long)user_ptr);
187 return TIPC_OK; 187 return 0;
188} 188}
189 189
190/** 190/**
@@ -230,7 +230,7 @@ int tipc_reg_add_port(struct user_port *up_ptr)
230 struct tipc_user *user_ptr; 230 struct tipc_user *user_ptr;
231 231
232 if (up_ptr->user_ref == 0) 232 if (up_ptr->user_ref == 0)
233 return TIPC_OK; 233 return 0;
234 if (up_ptr->user_ref > MAX_USERID) 234 if (up_ptr->user_ref > MAX_USERID)
235 return -EINVAL; 235 return -EINVAL;
236 if ((tipc_mode == TIPC_NOT_RUNNING) || !users ) 236 if ((tipc_mode == TIPC_NOT_RUNNING) || !users )
@@ -240,7 +240,7 @@ int tipc_reg_add_port(struct user_port *up_ptr)
240 user_ptr = &users[up_ptr->user_ref]; 240 user_ptr = &users[up_ptr->user_ref];
241 list_add(&up_ptr->uport_list, &user_ptr->ports); 241 list_add(&up_ptr->uport_list, &user_ptr->ports);
242 spin_unlock_bh(&reg_lock); 242 spin_unlock_bh(&reg_lock);
243 return TIPC_OK; 243 return 0;
244} 244}
245 245
246/** 246/**
@@ -250,7 +250,7 @@ int tipc_reg_add_port(struct user_port *up_ptr)
250int tipc_reg_remove_port(struct user_port *up_ptr) 250int tipc_reg_remove_port(struct user_port *up_ptr)
251{ 251{
252 if (up_ptr->user_ref == 0) 252 if (up_ptr->user_ref == 0)
253 return TIPC_OK; 253 return 0;
254 if (up_ptr->user_ref > MAX_USERID) 254 if (up_ptr->user_ref > MAX_USERID)
255 return -EINVAL; 255 return -EINVAL;
256 if (!users ) 256 if (!users )
@@ -259,6 +259,6 @@ int tipc_reg_remove_port(struct user_port *up_ptr)
259 spin_lock_bh(&reg_lock); 259 spin_lock_bh(&reg_lock);
260 list_del_init(&up_ptr->uport_list); 260 list_del_init(&up_ptr->uport_list);
261 spin_unlock_bh(&reg_lock); 261 spin_unlock_bh(&reg_lock);
262 return TIPC_OK; 262 return 0;
263} 263}
264 264
diff --git a/net/tipc/zone.c b/net/tipc/zone.c
index 3506f8563441..2c01ba2d86bf 100644
--- a/net/tipc/zone.c
+++ b/net/tipc/zone.c
@@ -111,10 +111,10 @@ void tipc_zone_send_external_routes(struct _zone *z_ptr, u32 dest)
111 } 111 }
112} 112}
113 113
114struct node *tipc_zone_select_remote_node(struct _zone *z_ptr, u32 addr, u32 ref) 114struct tipc_node *tipc_zone_select_remote_node(struct _zone *z_ptr, u32 addr, u32 ref)
115{ 115{
116 struct cluster *c_ptr; 116 struct cluster *c_ptr;
117 struct node *n_ptr; 117 struct tipc_node *n_ptr;
118 u32 c_num; 118 u32 c_num;
119 119
120 if (!z_ptr) 120 if (!z_ptr)
diff --git a/net/tipc/zone.h b/net/tipc/zone.h
index 6e7a08df8af5..7bdc3406ba9b 100644
--- a/net/tipc/zone.h
+++ b/net/tipc/zone.h
@@ -54,7 +54,7 @@ struct _zone {
54 u32 links; 54 u32 links;
55}; 55};
56 56
57struct node *tipc_zone_select_remote_node(struct _zone *z_ptr, u32 addr, u32 ref); 57struct tipc_node *tipc_zone_select_remote_node(struct _zone *z_ptr, u32 addr, u32 ref);
58u32 tipc_zone_select_router(struct _zone *z_ptr, u32 addr, u32 ref); 58u32 tipc_zone_select_router(struct _zone *z_ptr, u32 addr, u32 ref);
59void tipc_zone_remove_as_router(struct _zone *z_ptr, u32 router); 59void tipc_zone_remove_as_router(struct _zone *z_ptr, u32 router);
60void tipc_zone_send_external_routes(struct _zone *z_ptr, u32 dest); 60void tipc_zone_send_external_routes(struct _zone *z_ptr, u32 dest);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index e18cd3628db4..015606b54d9b 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -8,8 +8,6 @@
8 * as published by the Free Software Foundation; either version 8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version. 9 * 2 of the License, or (at your option) any later version.
10 * 10 *
11 * Version: $Id: af_unix.c,v 1.133 2002/02/08 03:57:19 davem Exp $
12 *
13 * Fixes: 11 * Fixes:
14 * Linus Torvalds : Assorted bug cures. 12 * Linus Torvalds : Assorted bug cures.
15 * Niibe Yutaka : async I/O support. 13 * Niibe Yutaka : async I/O support.
@@ -169,6 +167,11 @@ static inline int unix_may_send(struct sock *sk, struct sock *osk)
169 return (unix_peer(osk) == NULL || unix_our_peer(sk, osk)); 167 return (unix_peer(osk) == NULL || unix_our_peer(sk, osk));
170} 168}
171 169
170static inline int unix_recvq_full(struct sock const *sk)
171{
172 return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog;
173}
174
172static struct sock *unix_peer_get(struct sock *s) 175static struct sock *unix_peer_get(struct sock *s)
173{ 176{
174 struct sock *peer; 177 struct sock *peer;
@@ -224,7 +227,7 @@ static void __unix_remove_socket(struct sock *sk)
224 227
225static void __unix_insert_socket(struct hlist_head *list, struct sock *sk) 228static void __unix_insert_socket(struct hlist_head *list, struct sock *sk)
226{ 229{
227 BUG_TRAP(sk_unhashed(sk)); 230 WARN_ON(!sk_unhashed(sk));
228 sk_add_node(sk, list); 231 sk_add_node(sk, list);
229} 232}
230 233
@@ -347,9 +350,9 @@ static void unix_sock_destructor(struct sock *sk)
347 350
348 skb_queue_purge(&sk->sk_receive_queue); 351 skb_queue_purge(&sk->sk_receive_queue);
349 352
350 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 353 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
351 BUG_TRAP(sk_unhashed(sk)); 354 WARN_ON(!sk_unhashed(sk));
352 BUG_TRAP(!sk->sk_socket); 355 WARN_ON(sk->sk_socket);
353 if (!sock_flag(sk, SOCK_DEAD)) { 356 if (!sock_flag(sk, SOCK_DEAD)) {
354 printk("Attempt to release alive unix socket: %p\n", sk); 357 printk("Attempt to release alive unix socket: %p\n", sk);
355 return; 358 return;
@@ -482,6 +485,8 @@ static int unix_socketpair(struct socket *, struct socket *);
482static int unix_accept(struct socket *, struct socket *, int); 485static int unix_accept(struct socket *, struct socket *, int);
483static int unix_getname(struct socket *, struct sockaddr *, int *, int); 486static int unix_getname(struct socket *, struct sockaddr *, int *, int);
484static unsigned int unix_poll(struct file *, struct socket *, poll_table *); 487static unsigned int unix_poll(struct file *, struct socket *, poll_table *);
488static unsigned int unix_dgram_poll(struct file *, struct socket *,
489 poll_table *);
485static int unix_ioctl(struct socket *, unsigned int, unsigned long); 490static int unix_ioctl(struct socket *, unsigned int, unsigned long);
486static int unix_shutdown(struct socket *, int); 491static int unix_shutdown(struct socket *, int);
487static int unix_stream_sendmsg(struct kiocb *, struct socket *, 492static int unix_stream_sendmsg(struct kiocb *, struct socket *,
@@ -527,7 +532,7 @@ static const struct proto_ops unix_dgram_ops = {
527 .socketpair = unix_socketpair, 532 .socketpair = unix_socketpair,
528 .accept = sock_no_accept, 533 .accept = sock_no_accept,
529 .getname = unix_getname, 534 .getname = unix_getname,
530 .poll = datagram_poll, 535 .poll = unix_dgram_poll,
531 .ioctl = unix_ioctl, 536 .ioctl = unix_ioctl,
532 .listen = sock_no_listen, 537 .listen = sock_no_listen,
533 .shutdown = unix_shutdown, 538 .shutdown = unix_shutdown,
@@ -548,7 +553,7 @@ static const struct proto_ops unix_seqpacket_ops = {
548 .socketpair = unix_socketpair, 553 .socketpair = unix_socketpair,
549 .accept = unix_accept, 554 .accept = unix_accept,
550 .getname = unix_getname, 555 .getname = unix_getname,
551 .poll = datagram_poll, 556 .poll = unix_dgram_poll,
552 .ioctl = unix_ioctl, 557 .ioctl = unix_ioctl,
553 .listen = unix_listen, 558 .listen = unix_listen,
554 .shutdown = unix_shutdown, 559 .shutdown = unix_shutdown,
@@ -598,7 +603,7 @@ static struct sock * unix_create1(struct net *net, struct socket *sock)
598 u->dentry = NULL; 603 u->dentry = NULL;
599 u->mnt = NULL; 604 u->mnt = NULL;
600 spin_lock_init(&u->lock); 605 spin_lock_init(&u->lock);
601 atomic_set(&u->inflight, 0); 606 atomic_long_set(&u->inflight, 0);
602 INIT_LIST_HEAD(&u->link); 607 INIT_LIST_HEAD(&u->link);
603 mutex_init(&u->readlock); /* single task reading lock */ 608 mutex_init(&u->readlock); /* single task reading lock */
604 init_waitqueue_head(&u->peer_wait); 609 init_waitqueue_head(&u->peer_wait);
@@ -983,8 +988,7 @@ static long unix_wait_for_peer(struct sock *other, long timeo)
983 988
984 sched = !sock_flag(other, SOCK_DEAD) && 989 sched = !sock_flag(other, SOCK_DEAD) &&
985 !(other->sk_shutdown & RCV_SHUTDOWN) && 990 !(other->sk_shutdown & RCV_SHUTDOWN) &&
986 (skb_queue_len(&other->sk_receive_queue) > 991 unix_recvq_full(other);
987 other->sk_max_ack_backlog);
988 992
989 unix_state_unlock(other); 993 unix_state_unlock(other);
990 994
@@ -1058,8 +1062,7 @@ restart:
1058 if (other->sk_state != TCP_LISTEN) 1062 if (other->sk_state != TCP_LISTEN)
1059 goto out_unlock; 1063 goto out_unlock;
1060 1064
1061 if (skb_queue_len(&other->sk_receive_queue) > 1065 if (unix_recvq_full(other)) {
1062 other->sk_max_ack_backlog) {
1063 err = -EAGAIN; 1066 err = -EAGAIN;
1064 if (!timeo) 1067 if (!timeo)
1065 goto out_unlock; 1068 goto out_unlock;
@@ -1428,9 +1431,7 @@ restart:
1428 goto out_unlock; 1431 goto out_unlock;
1429 } 1432 }
1430 1433
1431 if (unix_peer(other) != sk && 1434 if (unix_peer(other) != sk && unix_recvq_full(other)) {
1432 (skb_queue_len(&other->sk_receive_queue) >
1433 other->sk_max_ack_backlog)) {
1434 if (!timeo) { 1435 if (!timeo) {
1435 err = -EAGAIN; 1436 err = -EAGAIN;
1436 goto out_unlock; 1437 goto out_unlock;
@@ -1991,6 +1992,60 @@ static unsigned int unix_poll(struct file * file, struct socket *sock, poll_tabl
1991 return mask; 1992 return mask;
1992} 1993}
1993 1994
1995static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
1996 poll_table *wait)
1997{
1998 struct sock *sk = sock->sk, *other;
1999 unsigned int mask, writable;
2000
2001 poll_wait(file, sk->sk_sleep, wait);
2002 mask = 0;
2003
2004 /* exceptional events? */
2005 if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
2006 mask |= POLLERR;
2007 if (sk->sk_shutdown & RCV_SHUTDOWN)
2008 mask |= POLLRDHUP;
2009 if (sk->sk_shutdown == SHUTDOWN_MASK)
2010 mask |= POLLHUP;
2011
2012 /* readable? */
2013 if (!skb_queue_empty(&sk->sk_receive_queue) ||
2014 (sk->sk_shutdown & RCV_SHUTDOWN))
2015 mask |= POLLIN | POLLRDNORM;
2016
2017 /* Connection-based need to check for termination and startup */
2018 if (sk->sk_type == SOCK_SEQPACKET) {
2019 if (sk->sk_state == TCP_CLOSE)
2020 mask |= POLLHUP;
2021 /* connection hasn't started yet? */
2022 if (sk->sk_state == TCP_SYN_SENT)
2023 return mask;
2024 }
2025
2026 /* writable? */
2027 writable = unix_writable(sk);
2028 if (writable) {
2029 other = unix_peer_get(sk);
2030 if (other) {
2031 if (unix_peer(other) != sk) {
2032 poll_wait(file, &unix_sk(other)->peer_wait,
2033 wait);
2034 if (unix_recvq_full(other))
2035 writable = 0;
2036 }
2037
2038 sock_put(other);
2039 }
2040 }
2041
2042 if (writable)
2043 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
2044 else
2045 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
2046
2047 return mask;
2048}
1994 2049
1995#ifdef CONFIG_PROC_FS 2050#ifdef CONFIG_PROC_FS
1996static struct sock *first_unix_socket(int *i) 2051static struct sock *first_unix_socket(int *i)
diff --git a/net/unix/garbage.c b/net/unix/garbage.c
index ebdff3d877a1..2a27b84f740b 100644
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -127,7 +127,7 @@ void unix_inflight(struct file *fp)
127 if(s) { 127 if(s) {
128 struct unix_sock *u = unix_sk(s); 128 struct unix_sock *u = unix_sk(s);
129 spin_lock(&unix_gc_lock); 129 spin_lock(&unix_gc_lock);
130 if (atomic_inc_return(&u->inflight) == 1) { 130 if (atomic_long_inc_return(&u->inflight) == 1) {
131 BUG_ON(!list_empty(&u->link)); 131 BUG_ON(!list_empty(&u->link));
132 list_add_tail(&u->link, &gc_inflight_list); 132 list_add_tail(&u->link, &gc_inflight_list);
133 } else { 133 } else {
@@ -145,7 +145,7 @@ void unix_notinflight(struct file *fp)
145 struct unix_sock *u = unix_sk(s); 145 struct unix_sock *u = unix_sk(s);
146 spin_lock(&unix_gc_lock); 146 spin_lock(&unix_gc_lock);
147 BUG_ON(list_empty(&u->link)); 147 BUG_ON(list_empty(&u->link));
148 if (atomic_dec_and_test(&u->inflight)) 148 if (atomic_long_dec_and_test(&u->inflight))
149 list_del_init(&u->link); 149 list_del_init(&u->link);
150 unix_tot_inflight--; 150 unix_tot_inflight--;
151 spin_unlock(&unix_gc_lock); 151 spin_unlock(&unix_gc_lock);
@@ -237,17 +237,17 @@ static void scan_children(struct sock *x, void (*func)(struct unix_sock *),
237 237
238static void dec_inflight(struct unix_sock *usk) 238static void dec_inflight(struct unix_sock *usk)
239{ 239{
240 atomic_dec(&usk->inflight); 240 atomic_long_dec(&usk->inflight);
241} 241}
242 242
243static void inc_inflight(struct unix_sock *usk) 243static void inc_inflight(struct unix_sock *usk)
244{ 244{
245 atomic_inc(&usk->inflight); 245 atomic_long_inc(&usk->inflight);
246} 246}
247 247
248static void inc_inflight_move_tail(struct unix_sock *u) 248static void inc_inflight_move_tail(struct unix_sock *u)
249{ 249{
250 atomic_inc(&u->inflight); 250 atomic_long_inc(&u->inflight);
251 /* 251 /*
252 * If this is still a candidate, move it to the end of the 252 * If this is still a candidate, move it to the end of the
253 * list, so that it's checked even if it was already passed 253 * list, so that it's checked even if it was already passed
@@ -288,11 +288,11 @@ void unix_gc(void)
288 * before the detach without atomicity guarantees. 288 * before the detach without atomicity guarantees.
289 */ 289 */
290 list_for_each_entry_safe(u, next, &gc_inflight_list, link) { 290 list_for_each_entry_safe(u, next, &gc_inflight_list, link) {
291 int total_refs; 291 long total_refs;
292 int inflight_refs; 292 long inflight_refs;
293 293
294 total_refs = file_count(u->sk.sk_socket->file); 294 total_refs = file_count(u->sk.sk_socket->file);
295 inflight_refs = atomic_read(&u->inflight); 295 inflight_refs = atomic_long_read(&u->inflight);
296 296
297 BUG_ON(inflight_refs < 1); 297 BUG_ON(inflight_refs < 1);
298 BUG_ON(total_refs < inflight_refs); 298 BUG_ON(total_refs < inflight_refs);
@@ -324,7 +324,7 @@ void unix_gc(void)
324 /* Move cursor to after the current position. */ 324 /* Move cursor to after the current position. */
325 list_move(&cursor, &u->link); 325 list_move(&cursor, &u->link);
326 326
327 if (atomic_read(&u->inflight) > 0) { 327 if (atomic_long_read(&u->inflight) > 0) {
328 list_move_tail(&u->link, &gc_inflight_list); 328 list_move_tail(&u->link, &gc_inflight_list);
329 u->gc_candidate = 0; 329 u->gc_candidate = 0;
330 scan_children(&u->sk, inc_inflight_move_tail, NULL); 330 scan_children(&u->sk, inc_inflight_move_tail, NULL);
diff --git a/net/wanrouter/Kconfig b/net/wanrouter/Kconfig
index 1debe1cb054e..61ceae0b9566 100644
--- a/net/wanrouter/Kconfig
+++ b/net/wanrouter/Kconfig
@@ -20,8 +20,6 @@ config WAN_ROUTER
20 wish to use your Linux box as a WAN router, say Y here and also to 20 wish to use your Linux box as a WAN router, say Y here and also to
21 the WAN driver for your card, below. You will then need the 21 the WAN driver for your card, below. You will then need the
22 wan-tools package which is available from <ftp://ftp.sangoma.com/>. 22 wan-tools package which is available from <ftp://ftp.sangoma.com/>.
23 Read <file:Documentation/networking/wan-router.txt> for more
24 information.
25 23
26 To compile WAN routing support as a module, choose M here: the 24 To compile WAN routing support as a module, choose M here: the
27 module will be called wanrouter. 25 module will be called wanrouter.
diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c
index 9ab31a3ce3ad..7f07152bc109 100644
--- a/net/wanrouter/wanmain.c
+++ b/net/wanrouter/wanmain.c
@@ -57,7 +57,6 @@
57#include <linux/vmalloc.h> /* vmalloc, vfree */ 57#include <linux/vmalloc.h> /* vmalloc, vfree */
58#include <asm/uaccess.h> /* copy_to/from_user */ 58#include <asm/uaccess.h> /* copy_to/from_user */
59#include <linux/init.h> /* __initfunc et al. */ 59#include <linux/init.h> /* __initfunc et al. */
60#include <net/syncppp.h>
61 60
62#define KMEM_SAFETYZONE 8 61#define KMEM_SAFETYZONE 8
63 62
@@ -350,9 +349,9 @@ __be16 wanrouter_type_trans(struct sk_buff *skb, struct net_device *dev)
350 * o execute requested action or pass command to the device driver 349 * o execute requested action or pass command to the device driver
351 */ 350 */
352 351
353int wanrouter_ioctl(struct inode *inode, struct file *file, 352long wanrouter_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
354 unsigned int cmd, unsigned long arg)
355{ 353{
354 struct inode *inode = file->f_path.dentry->d_inode;
356 int err = 0; 355 int err = 0;
357 struct proc_dir_entry *dent; 356 struct proc_dir_entry *dent;
358 struct wan_device *wandev; 357 struct wan_device *wandev;
@@ -372,6 +371,7 @@ int wanrouter_ioctl(struct inode *inode, struct file *file,
372 if (wandev->magic != ROUTER_MAGIC) 371 if (wandev->magic != ROUTER_MAGIC)
373 return -EINVAL; 372 return -EINVAL;
374 373
374 lock_kernel();
375 switch (cmd) { 375 switch (cmd) {
376 case ROUTER_SETUP: 376 case ROUTER_SETUP:
377 err = wanrouter_device_setup(wandev, data); 377 err = wanrouter_device_setup(wandev, data);
@@ -403,6 +403,7 @@ int wanrouter_ioctl(struct inode *inode, struct file *file,
403 err = wandev->ioctl(wandev, cmd, arg); 403 err = wandev->ioctl(wandev, cmd, arg);
404 else err = -EINVAL; 404 else err = -EINVAL;
405 } 405 }
406 unlock_kernel();
406 return err; 407 return err;
407} 408}
408 409
@@ -565,9 +566,6 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
565{ 566{
566 wanif_conf_t *cnf; 567 wanif_conf_t *cnf;
567 struct net_device *dev = NULL; 568 struct net_device *dev = NULL;
568#ifdef CONFIG_WANPIPE_MULTPPP
569 struct ppp_device *pppdev=NULL;
570#endif
571 int err; 569 int err;
572 570
573 if ((wandev->state == WAN_UNCONFIGURED) || (wandev->new_if == NULL)) 571 if ((wandev->state == WAN_UNCONFIGURED) || (wandev->new_if == NULL))
@@ -586,25 +584,10 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
586 goto out; 584 goto out;
587 585
588 if (cnf->config_id == WANCONFIG_MPPP) { 586 if (cnf->config_id == WANCONFIG_MPPP) {
589#ifdef CONFIG_WANPIPE_MULTPPP
590 pppdev = kzalloc(sizeof(struct ppp_device), GFP_KERNEL);
591 err = -ENOBUFS;
592 if (pppdev == NULL)
593 goto out;
594 pppdev->dev = kzalloc(sizeof(struct net_device), GFP_KERNEL);
595 if (pppdev->dev == NULL) {
596 kfree(pppdev);
597 err = -ENOBUFS;
598 goto out;
599 }
600 err = wandev->new_if(wandev, (struct net_device *)pppdev, cnf);
601 dev = pppdev->dev;
602#else
603 printk(KERN_INFO "%s: Wanpipe Mulit-Port PPP support has not been compiled in!\n", 587 printk(KERN_INFO "%s: Wanpipe Mulit-Port PPP support has not been compiled in!\n",
604 wandev->name); 588 wandev->name);
605 err = -EPROTONOSUPPORT; 589 err = -EPROTONOSUPPORT;
606 goto out; 590 goto out;
607#endif
608 } else { 591 } else {
609 dev = kzalloc(sizeof(struct net_device), GFP_KERNEL); 592 dev = kzalloc(sizeof(struct net_device), GFP_KERNEL);
610 err = -ENOBUFS; 593 err = -ENOBUFS;
@@ -659,17 +642,9 @@ static int wanrouter_device_new_if(struct wan_device *wandev,
659 kfree(dev->priv); 642 kfree(dev->priv);
660 dev->priv = NULL; 643 dev->priv = NULL;
661 644
662#ifdef CONFIG_WANPIPE_MULTPPP
663 if (cnf->config_id == WANCONFIG_MPPP)
664 kfree(pppdev);
665 else
666 kfree(dev);
667#else
668 /* Sync PPP is disabled */ 645 /* Sync PPP is disabled */
669 if (cnf->config_id != WANCONFIG_MPPP) 646 if (cnf->config_id != WANCONFIG_MPPP)
670 kfree(dev); 647 kfree(dev);
671#endif
672
673out: 648out:
674 kfree(cnf); 649 kfree(cnf);
675 return err; 650 return err;
diff --git a/net/wanrouter/wanproc.c b/net/wanrouter/wanproc.c
index 5bebe40bf4e6..267f7ff49827 100644
--- a/net/wanrouter/wanproc.c
+++ b/net/wanrouter/wanproc.c
@@ -278,7 +278,7 @@ static const struct file_operations wandev_fops = {
278 .read = seq_read, 278 .read = seq_read,
279 .llseek = seq_lseek, 279 .llseek = seq_lseek,
280 .release = single_release, 280 .release = single_release,
281 .ioctl = wanrouter_ioctl, 281 .unlocked_ioctl = wanrouter_ioctl,
282}; 282};
283 283
284/* 284/*
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index 79270903bda6..833b024f8f66 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -29,3 +29,15 @@ config WIRELESS_EXT
29 29
30 Say N (if you can) unless you know you need wireless 30 Say N (if you can) unless you know you need wireless
31 extensions for external modules. 31 extensions for external modules.
32
33config WIRELESS_EXT_SYSFS
34 bool "Wireless extensions sysfs files"
35 default y
36 depends on WIRELESS_EXT && SYSFS
37 help
38 This option enables the deprecated wireless statistics
39 files in /sys/class/net/*/wireless/. The same information
40 is available via the ioctls as well.
41
42 Say Y if you have programs using it, like old versions of
43 hal.
diff --git a/net/wireless/core.c b/net/wireless/core.c
index 80afacdae46c..f1da0b93bc56 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -143,8 +143,11 @@ void cfg80211_put_dev(struct cfg80211_registered_device *drv)
143int cfg80211_dev_rename(struct cfg80211_registered_device *rdev, 143int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
144 char *newname) 144 char *newname)
145{ 145{
146 struct cfg80211_registered_device *drv;
146 int idx, taken = -1, result, digits; 147 int idx, taken = -1, result, digits;
147 148
149 mutex_lock(&cfg80211_drv_mutex);
150
148 /* prohibit calling the thing phy%d when %d is not its number */ 151 /* prohibit calling the thing phy%d when %d is not its number */
149 sscanf(newname, PHY_NAME "%d%n", &idx, &taken); 152 sscanf(newname, PHY_NAME "%d%n", &idx, &taken);
150 if (taken == strlen(newname) && idx != rdev->idx) { 153 if (taken == strlen(newname) && idx != rdev->idx) {
@@ -156,14 +159,30 @@ int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
156 * deny the name if it is phy<idx> where <idx> is printed 159 * deny the name if it is phy<idx> where <idx> is printed
157 * without leading zeroes. taken == strlen(newname) here 160 * without leading zeroes. taken == strlen(newname) here
158 */ 161 */
162 result = -EINVAL;
159 if (taken == strlen(PHY_NAME) + digits) 163 if (taken == strlen(PHY_NAME) + digits)
160 return -EINVAL; 164 goto out_unlock;
165 }
166
167
168 /* Ignore nop renames */
169 result = 0;
170 if (strcmp(newname, dev_name(&rdev->wiphy.dev)) == 0)
171 goto out_unlock;
172
173 /* Ensure another device does not already have this name. */
174 list_for_each_entry(drv, &cfg80211_drv_list, list) {
175 result = -EINVAL;
176 if (strcmp(newname, dev_name(&drv->wiphy.dev)) == 0)
177 goto out_unlock;
161 } 178 }
162 179
163 /* this will check for collisions */ 180 /* this will only check for collisions in sysfs
181 * which is not even always compiled in.
182 */
164 result = device_rename(&rdev->wiphy.dev, newname); 183 result = device_rename(&rdev->wiphy.dev, newname);
165 if (result) 184 if (result)
166 return result; 185 goto out_unlock;
167 186
168 if (!debugfs_rename(rdev->wiphy.debugfsdir->d_parent, 187 if (!debugfs_rename(rdev->wiphy.debugfsdir->d_parent,
169 rdev->wiphy.debugfsdir, 188 rdev->wiphy.debugfsdir,
@@ -172,9 +191,13 @@ int cfg80211_dev_rename(struct cfg80211_registered_device *rdev,
172 printk(KERN_ERR "cfg80211: failed to rename debugfs dir to %s!\n", 191 printk(KERN_ERR "cfg80211: failed to rename debugfs dir to %s!\n",
173 newname); 192 newname);
174 193
175 nl80211_notify_dev_rename(rdev); 194 result = 0;
195out_unlock:
196 mutex_unlock(&cfg80211_drv_mutex);
197 if (result == 0)
198 nl80211_notify_dev_rename(rdev);
176 199
177 return 0; 200 return result;
178} 201}
179 202
180/* exported functions */ 203/* exported functions */
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 2bdd4dddc0e1..59eb2cf42e5f 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -29,16 +29,16 @@ static struct genl_family nl80211_fam = {
29}; 29};
30 30
31/* internal helper: get drv and dev */ 31/* internal helper: get drv and dev */
32static int get_drv_dev_by_info_ifindex(struct genl_info *info, 32static int get_drv_dev_by_info_ifindex(struct nlattr **attrs,
33 struct cfg80211_registered_device **drv, 33 struct cfg80211_registered_device **drv,
34 struct net_device **dev) 34 struct net_device **dev)
35{ 35{
36 int ifindex; 36 int ifindex;
37 37
38 if (!info->attrs[NL80211_ATTR_IFINDEX]) 38 if (!attrs[NL80211_ATTR_IFINDEX])
39 return -EINVAL; 39 return -EINVAL;
40 40
41 ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 41 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
42 *dev = dev_get_by_index(&init_net, ifindex); 42 *dev = dev_get_by_index(&init_net, ifindex);
43 if (!*dev) 43 if (!*dev)
44 return -ENODEV; 44 return -ENODEV;
@@ -187,7 +187,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
187 return genlmsg_end(msg, hdr); 187 return genlmsg_end(msg, hdr);
188 188
189 nla_put_failure: 189 nla_put_failure:
190 return genlmsg_cancel(msg, hdr); 190 genlmsg_cancel(msg, hdr);
191 return -EMSGSIZE;
191} 192}
192 193
193static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 194static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
@@ -198,12 +199,14 @@ static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
198 199
199 mutex_lock(&cfg80211_drv_mutex); 200 mutex_lock(&cfg80211_drv_mutex);
200 list_for_each_entry(dev, &cfg80211_drv_list, list) { 201 list_for_each_entry(dev, &cfg80211_drv_list, list) {
201 if (++idx < start) 202 if (++idx <= start)
202 continue; 203 continue;
203 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 204 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
204 cb->nlh->nlmsg_seq, NLM_F_MULTI, 205 cb->nlh->nlmsg_seq, NLM_F_MULTI,
205 dev) < 0) 206 dev) < 0) {
207 idx--;
206 break; 208 break;
209 }
207 } 210 }
208 mutex_unlock(&cfg80211_drv_mutex); 211 mutex_unlock(&cfg80211_drv_mutex);
209 212
@@ -273,7 +276,8 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
273 return genlmsg_end(msg, hdr); 276 return genlmsg_end(msg, hdr);
274 277
275 nla_put_failure: 278 nla_put_failure:
276 return genlmsg_cancel(msg, hdr); 279 genlmsg_cancel(msg, hdr);
280 return -EMSGSIZE;
277} 281}
278 282
279static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 283static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
@@ -287,21 +291,31 @@ static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *
287 291
288 mutex_lock(&cfg80211_drv_mutex); 292 mutex_lock(&cfg80211_drv_mutex);
289 list_for_each_entry(dev, &cfg80211_drv_list, list) { 293 list_for_each_entry(dev, &cfg80211_drv_list, list) {
290 if (++wp_idx < wp_start) 294 if (wp_idx < wp_start) {
295 wp_idx++;
291 continue; 296 continue;
297 }
292 if_idx = 0; 298 if_idx = 0;
293 299
294 mutex_lock(&dev->devlist_mtx); 300 mutex_lock(&dev->devlist_mtx);
295 list_for_each_entry(wdev, &dev->netdev_list, list) { 301 list_for_each_entry(wdev, &dev->netdev_list, list) {
296 if (++if_idx < if_start) 302 if (if_idx < if_start) {
303 if_idx++;
297 continue; 304 continue;
305 }
298 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 306 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
299 cb->nlh->nlmsg_seq, NLM_F_MULTI, 307 cb->nlh->nlmsg_seq, NLM_F_MULTI,
300 wdev->netdev) < 0) 308 wdev->netdev) < 0) {
301 break; 309 mutex_unlock(&dev->devlist_mtx);
310 goto out;
311 }
312 if_idx++;
302 } 313 }
303 mutex_unlock(&dev->devlist_mtx); 314 mutex_unlock(&dev->devlist_mtx);
315
316 wp_idx++;
304 } 317 }
318 out:
305 mutex_unlock(&cfg80211_drv_mutex); 319 mutex_unlock(&cfg80211_drv_mutex);
306 320
307 cb->args[0] = wp_idx; 321 cb->args[0] = wp_idx;
@@ -317,7 +331,7 @@ static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
317 struct net_device *netdev; 331 struct net_device *netdev;
318 int err; 332 int err;
319 333
320 err = get_drv_dev_by_info_ifindex(info, &dev, &netdev); 334 err = get_drv_dev_by_info_ifindex(info->attrs, &dev, &netdev);
321 if (err) 335 if (err)
322 return err; 336 return err;
323 337
@@ -388,7 +402,7 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
388 } else 402 } else
389 return -EINVAL; 403 return -EINVAL;
390 404
391 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 405 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
392 if (err) 406 if (err)
393 return err; 407 return err;
394 ifindex = dev->ifindex; 408 ifindex = dev->ifindex;
@@ -473,7 +487,7 @@ static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
473 int ifindex, err; 487 int ifindex, err;
474 struct net_device *dev; 488 struct net_device *dev;
475 489
476 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 490 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
477 if (err) 491 if (err)
478 return err; 492 return err;
479 ifindex = dev->ifindex; 493 ifindex = dev->ifindex;
@@ -541,7 +555,7 @@ static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
541 if (info->attrs[NL80211_ATTR_MAC]) 555 if (info->attrs[NL80211_ATTR_MAC])
542 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 556 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
543 557
544 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 558 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
545 if (err) 559 if (err)
546 return err; 560 return err;
547 561
@@ -614,7 +628,7 @@ static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
614 if (!info->attrs[NL80211_ATTR_KEY_DEFAULT]) 628 if (!info->attrs[NL80211_ATTR_KEY_DEFAULT])
615 return -EINVAL; 629 return -EINVAL;
616 630
617 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 631 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
618 if (err) 632 if (err)
619 return err; 633 return err;
620 634
@@ -695,7 +709,7 @@ static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
695 return -EINVAL; 709 return -EINVAL;
696 } 710 }
697 711
698 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 712 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
699 if (err) 713 if (err)
700 return err; 714 return err;
701 715
@@ -731,7 +745,7 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
731 if (info->attrs[NL80211_ATTR_MAC]) 745 if (info->attrs[NL80211_ATTR_MAC])
732 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 746 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
733 747
734 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 748 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
735 if (err) 749 if (err)
736 return err; 750 return err;
737 751
@@ -760,7 +774,7 @@ static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
760 struct beacon_parameters params; 774 struct beacon_parameters params;
761 int haveinfo = 0; 775 int haveinfo = 0;
762 776
763 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 777 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
764 if (err) 778 if (err)
765 return err; 779 return err;
766 780
@@ -839,7 +853,7 @@ static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
839 int err; 853 int err;
840 struct net_device *dev; 854 struct net_device *dev;
841 855
842 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 856 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
843 if (err) 857 if (err)
844 return err; 858 return err;
845 859
@@ -928,71 +942,83 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
928 return genlmsg_end(msg, hdr); 942 return genlmsg_end(msg, hdr);
929 943
930 nla_put_failure: 944 nla_put_failure:
931 return genlmsg_cancel(msg, hdr); 945 genlmsg_cancel(msg, hdr);
946 return -EMSGSIZE;
932} 947}
933 948
934static int nl80211_dump_station(struct sk_buff *skb, 949static int nl80211_dump_station(struct sk_buff *skb,
935 struct netlink_callback *cb) 950 struct netlink_callback *cb)
936{ 951{
937 int wp_idx = 0;
938 int if_idx = 0;
939 int sta_idx = cb->args[2];
940 int wp_start = cb->args[0];
941 int if_start = cb->args[1];
942 struct station_info sinfo; 952 struct station_info sinfo;
943 struct cfg80211_registered_device *dev; 953 struct cfg80211_registered_device *dev;
944 struct wireless_dev *wdev; 954 struct net_device *netdev;
945 u8 mac_addr[ETH_ALEN]; 955 u8 mac_addr[ETH_ALEN];
956 int ifidx = cb->args[0];
957 int sta_idx = cb->args[1];
946 int err; 958 int err;
947 int exit = 0;
948 959
949 /* TODO: filter by device */ 960 if (!ifidx) {
950 mutex_lock(&cfg80211_drv_mutex); 961 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
951 list_for_each_entry(dev, &cfg80211_drv_list, list) { 962 nl80211_fam.attrbuf, nl80211_fam.maxattr,
952 if (exit) 963 nl80211_policy);
964 if (err)
965 return err;
966
967 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
968 return -EINVAL;
969
970 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
971 if (!ifidx)
972 return -EINVAL;
973 }
974
975 netdev = dev_get_by_index(&init_net, ifidx);
976 if (!netdev)
977 return -ENODEV;
978
979 dev = cfg80211_get_dev_from_ifindex(ifidx);
980 if (IS_ERR(dev)) {
981 err = PTR_ERR(dev);
982 goto out_put_netdev;
983 }
984
985 if (!dev->ops->dump_station) {
986 err = -ENOSYS;
987 goto out_err;
988 }
989
990 rtnl_lock();
991
992 while (1) {
993 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
994 mac_addr, &sinfo);
995 if (err == -ENOENT)
953 break; 996 break;
954 if (++wp_idx < wp_start) 997 if (err)
955 continue; 998 goto out_err_rtnl;
956 if_idx = 0;
957 999
958 mutex_lock(&dev->devlist_mtx); 1000 if (nl80211_send_station(skb,
959 list_for_each_entry(wdev, &dev->netdev_list, list) { 1001 NETLINK_CB(cb->skb).pid,
960 if (exit) 1002 cb->nlh->nlmsg_seq, NLM_F_MULTI,
961 break; 1003 netdev, mac_addr,
962 if (++if_idx < if_start) 1004 &sinfo) < 0)
963 continue; 1005 goto out;
964 if (!dev->ops->dump_station)
965 continue;
966 1006
967 for (;; ++sta_idx) { 1007 sta_idx++;
968 rtnl_lock();
969 err = dev->ops->dump_station(&dev->wiphy,
970 wdev->netdev, sta_idx, mac_addr,
971 &sinfo);
972 rtnl_unlock();
973 if (err) {
974 sta_idx = 0;
975 break;
976 }
977 if (nl80211_send_station(skb,
978 NETLINK_CB(cb->skb).pid,
979 cb->nlh->nlmsg_seq, NLM_F_MULTI,
980 wdev->netdev, mac_addr,
981 &sinfo) < 0) {
982 exit = 1;
983 break;
984 }
985 }
986 }
987 mutex_unlock(&dev->devlist_mtx);
988 } 1008 }
989 mutex_unlock(&cfg80211_drv_mutex);
990 1009
991 cb->args[0] = wp_idx;
992 cb->args[1] = if_idx;
993 cb->args[2] = sta_idx;
994 1010
995 return skb->len; 1011 out:
1012 cb->args[1] = sta_idx;
1013 err = skb->len;
1014 out_err_rtnl:
1015 rtnl_unlock();
1016 out_err:
1017 cfg80211_put_dev(dev);
1018 out_put_netdev:
1019 dev_put(netdev);
1020
1021 return err;
996} 1022}
997 1023
998static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1024static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
@@ -1011,7 +1037,7 @@ static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1011 1037
1012 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1038 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1013 1039
1014 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1040 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1015 if (err) 1041 if (err)
1016 return err; 1042 return err;
1017 1043
@@ -1107,7 +1133,7 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1107 params.plink_action = 1133 params.plink_action =
1108 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 1134 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
1109 1135
1110 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1136 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1111 if (err) 1137 if (err)
1112 return err; 1138 return err;
1113 1139
@@ -1167,7 +1193,7 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1167 &params.station_flags)) 1193 &params.station_flags))
1168 return -EINVAL; 1194 return -EINVAL;
1169 1195
1170 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1196 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1171 if (err) 1197 if (err)
1172 return err; 1198 return err;
1173 1199
@@ -1202,7 +1228,7 @@ static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
1202 if (info->attrs[NL80211_ATTR_MAC]) 1228 if (info->attrs[NL80211_ATTR_MAC])
1203 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1229 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1204 1230
1205 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1231 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1206 if (err) 1232 if (err)
1207 return err; 1233 return err;
1208 1234
@@ -1267,72 +1293,83 @@ static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
1267 return genlmsg_end(msg, hdr); 1293 return genlmsg_end(msg, hdr);
1268 1294
1269 nla_put_failure: 1295 nla_put_failure:
1270 return genlmsg_cancel(msg, hdr); 1296 genlmsg_cancel(msg, hdr);
1297 return -EMSGSIZE;
1271} 1298}
1272 1299
1273static int nl80211_dump_mpath(struct sk_buff *skb, 1300static int nl80211_dump_mpath(struct sk_buff *skb,
1274 struct netlink_callback *cb) 1301 struct netlink_callback *cb)
1275{ 1302{
1276 int wp_idx = 0;
1277 int if_idx = 0;
1278 int sta_idx = cb->args[2];
1279 int wp_start = cb->args[0];
1280 int if_start = cb->args[1];
1281 struct mpath_info pinfo; 1303 struct mpath_info pinfo;
1282 struct cfg80211_registered_device *dev; 1304 struct cfg80211_registered_device *dev;
1283 struct wireless_dev *wdev; 1305 struct net_device *netdev;
1284 u8 dst[ETH_ALEN]; 1306 u8 dst[ETH_ALEN];
1285 u8 next_hop[ETH_ALEN]; 1307 u8 next_hop[ETH_ALEN];
1308 int ifidx = cb->args[0];
1309 int path_idx = cb->args[1];
1286 int err; 1310 int err;
1287 int exit = 0;
1288 1311
1289 /* TODO: filter by device */ 1312 if (!ifidx) {
1290 mutex_lock(&cfg80211_drv_mutex); 1313 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1291 list_for_each_entry(dev, &cfg80211_drv_list, list) { 1314 nl80211_fam.attrbuf, nl80211_fam.maxattr,
1292 if (exit) 1315 nl80211_policy);
1316 if (err)
1317 return err;
1318
1319 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
1320 return -EINVAL;
1321
1322 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
1323 if (!ifidx)
1324 return -EINVAL;
1325 }
1326
1327 netdev = dev_get_by_index(&init_net, ifidx);
1328 if (!netdev)
1329 return -ENODEV;
1330
1331 dev = cfg80211_get_dev_from_ifindex(ifidx);
1332 if (IS_ERR(dev)) {
1333 err = PTR_ERR(dev);
1334 goto out_put_netdev;
1335 }
1336
1337 if (!dev->ops->dump_mpath) {
1338 err = -ENOSYS;
1339 goto out_err;
1340 }
1341
1342 rtnl_lock();
1343
1344 while (1) {
1345 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
1346 dst, next_hop, &pinfo);
1347 if (err == -ENOENT)
1293 break; 1348 break;
1294 if (++wp_idx < wp_start) 1349 if (err)
1295 continue; 1350 goto out_err_rtnl;
1296 if_idx = 0;
1297 1351
1298 mutex_lock(&dev->devlist_mtx); 1352 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
1299 list_for_each_entry(wdev, &dev->netdev_list, list) { 1353 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1300 if (exit) 1354 netdev, dst, next_hop,
1301 break; 1355 &pinfo) < 0)
1302 if (++if_idx < if_start) 1356 goto out;
1303 continue;
1304 if (!dev->ops->dump_mpath)
1305 continue;
1306 1357
1307 for (;; ++sta_idx) { 1358 path_idx++;
1308 rtnl_lock();
1309 err = dev->ops->dump_mpath(&dev->wiphy,
1310 wdev->netdev, sta_idx, dst,
1311 next_hop, &pinfo);
1312 rtnl_unlock();
1313 if (err) {
1314 sta_idx = 0;
1315 break;
1316 }
1317 if (nl80211_send_mpath(skb,
1318 NETLINK_CB(cb->skb).pid,
1319 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1320 wdev->netdev, dst, next_hop,
1321 &pinfo) < 0) {
1322 exit = 1;
1323 break;
1324 }
1325 }
1326 }
1327 mutex_unlock(&dev->devlist_mtx);
1328 } 1359 }
1329 mutex_unlock(&cfg80211_drv_mutex);
1330 1360
1331 cb->args[0] = wp_idx;
1332 cb->args[1] = if_idx;
1333 cb->args[2] = sta_idx;
1334 1361
1335 return skb->len; 1362 out:
1363 cb->args[1] = path_idx;
1364 err = skb->len;
1365 out_err_rtnl:
1366 rtnl_unlock();
1367 out_err:
1368 cfg80211_put_dev(dev);
1369 out_put_netdev:
1370 dev_put(netdev);
1371
1372 return err;
1336} 1373}
1337 1374
1338static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 1375static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
@@ -1352,7 +1389,7 @@ static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
1352 1389
1353 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1390 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1354 1391
1355 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1392 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1356 if (err) 1393 if (err)
1357 return err; 1394 return err;
1358 1395
@@ -1405,7 +1442,7 @@ static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
1405 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1442 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1406 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 1443 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
1407 1444
1408 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1445 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1409 if (err) 1446 if (err)
1410 return err; 1447 return err;
1411 1448
@@ -1440,7 +1477,7 @@ static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
1440 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1477 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1441 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 1478 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
1442 1479
1443 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1480 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1444 if (err) 1481 if (err)
1445 return err; 1482 return err;
1446 1483
@@ -1469,7 +1506,7 @@ static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
1469 if (info->attrs[NL80211_ATTR_MAC]) 1506 if (info->attrs[NL80211_ATTR_MAC])
1470 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 1507 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1471 1508
1472 err = get_drv_dev_by_info_ifindex(info, &drv, &dev); 1509 err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1473 if (err) 1510 if (err)
1474 return err; 1511 return err;
1475 1512
diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c
index 28fbd0b0b568..f591871a7b4f 100644
--- a/net/wireless/radiotap.c
+++ b/net/wireless/radiotap.c
@@ -59,23 +59,21 @@ int ieee80211_radiotap_iterator_init(
59 return -EINVAL; 59 return -EINVAL;
60 60
61 /* sanity check for allowed length and radiotap length field */ 61 /* sanity check for allowed length and radiotap length field */
62 if (max_length < le16_to_cpu(get_unaligned(&radiotap_header->it_len))) 62 if (max_length < get_unaligned_le16(&radiotap_header->it_len))
63 return -EINVAL; 63 return -EINVAL;
64 64
65 iterator->rtheader = radiotap_header; 65 iterator->rtheader = radiotap_header;
66 iterator->max_length = le16_to_cpu(get_unaligned( 66 iterator->max_length = get_unaligned_le16(&radiotap_header->it_len);
67 &radiotap_header->it_len));
68 iterator->arg_index = 0; 67 iterator->arg_index = 0;
69 iterator->bitmap_shifter = le32_to_cpu(get_unaligned( 68 iterator->bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
70 &radiotap_header->it_present));
71 iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header); 69 iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header);
72 iterator->this_arg = NULL; 70 iterator->this_arg = NULL;
73 71
74 /* find payload start allowing for extended bitmap(s) */ 72 /* find payload start allowing for extended bitmap(s) */
75 73
76 if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) { 74 if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) {
77 while (le32_to_cpu(get_unaligned((__le32 *)iterator->arg)) & 75 while (get_unaligned_le32(iterator->arg) &
78 (1<<IEEE80211_RADIOTAP_EXT)) { 76 (1 << IEEE80211_RADIOTAP_EXT)) {
79 iterator->arg += sizeof(u32); 77 iterator->arg += sizeof(u32);
80 78
81 /* 79 /*
@@ -241,8 +239,8 @@ int ieee80211_radiotap_iterator_next(
241 if (iterator->bitmap_shifter & 1) { 239 if (iterator->bitmap_shifter & 1) {
242 /* b31 was set, there is more */ 240 /* b31 was set, there is more */
243 /* move to next u32 bitmap */ 241 /* move to next u32 bitmap */
244 iterator->bitmap_shifter = le32_to_cpu( 242 iterator->bitmap_shifter =
245 get_unaligned(iterator->next_bitmap)); 243 get_unaligned_le32(iterator->next_bitmap);
246 iterator->next_bitmap++; 244 iterator->next_bitmap++;
247 } else 245 } else
248 /* no more bitmaps: end */ 246 /* no more bitmaps: end */
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 185488da2466..855bff4b3250 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -80,6 +80,23 @@ static const struct ieee80211_channel_range ieee80211_JP_channels[] = {
80 IEEE80211_CHAN_RADAR), 80 IEEE80211_CHAN_RADAR),
81}; 81};
82 82
83static const struct ieee80211_channel_range ieee80211_EU_channels[] = {
84 /* IEEE 802.11b/g, channels 1..13 */
85 RANGE_PWR(2412, 2472, 20, 6, 0),
86 /* IEEE 802.11a, channel 36*/
87 RANGE_PWR(5180, 5180, 23, 6, IEEE80211_CHAN_PASSIVE_SCAN),
88 /* IEEE 802.11a, channel 40*/
89 RANGE_PWR(5200, 5200, 23, 6, IEEE80211_CHAN_PASSIVE_SCAN),
90 /* IEEE 802.11a, channel 44*/
91 RANGE_PWR(5220, 5220, 23, 6, IEEE80211_CHAN_PASSIVE_SCAN),
92 /* IEEE 802.11a, channels 48..64 */
93 RANGE_PWR(5240, 5320, 23, 6, IEEE80211_CHAN_NO_IBSS |
94 IEEE80211_CHAN_RADAR),
95 /* IEEE 802.11a, channels 100..140 */
96 RANGE_PWR(5500, 5700, 30, 6, IEEE80211_CHAN_NO_IBSS |
97 IEEE80211_CHAN_RADAR),
98};
99
83#define REGDOM(_code) \ 100#define REGDOM(_code) \
84 { \ 101 { \
85 .code = __stringify(_code), \ 102 .code = __stringify(_code), \
@@ -90,6 +107,7 @@ static const struct ieee80211_channel_range ieee80211_JP_channels[] = {
90static const struct ieee80211_regdomain ieee80211_regdoms[] = { 107static const struct ieee80211_regdomain ieee80211_regdoms[] = {
91 REGDOM(US), 108 REGDOM(US),
92 REGDOM(JP), 109 REGDOM(JP),
110 REGDOM(EU),
93}; 111};
94 112
95 113
diff --git a/net/wireless/wext.c b/net/wireless/wext.c
index 947188a5b937..d98ffb75119a 100644
--- a/net/wireless/wext.c
+++ b/net/wireless/wext.c
@@ -500,7 +500,7 @@ static int call_commit_handler(struct net_device *dev)
500/* 500/*
501 * Calculate size of private arguments 501 * Calculate size of private arguments
502 */ 502 */
503static inline int get_priv_size(__u16 args) 503static int get_priv_size(__u16 args)
504{ 504{
505 int num = args & IW_PRIV_SIZE_MASK; 505 int num = args & IW_PRIV_SIZE_MASK;
506 int type = (args & IW_PRIV_TYPE_MASK) >> 12; 506 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
@@ -512,10 +512,9 @@ static inline int get_priv_size(__u16 args)
512/* 512/*
513 * Re-calculate the size of private arguments 513 * Re-calculate the size of private arguments
514 */ 514 */
515static inline int adjust_priv_size(__u16 args, 515static int adjust_priv_size(__u16 args, struct iw_point *iwp)
516 union iwreq_data * wrqu)
517{ 516{
518 int num = wrqu->data.length; 517 int num = iwp->length;
519 int max = args & IW_PRIV_SIZE_MASK; 518 int max = args & IW_PRIV_SIZE_MASK;
520 int type = (args & IW_PRIV_TYPE_MASK) >> 12; 519 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
521 520
@@ -695,19 +694,150 @@ void wext_proc_exit(struct net *net)
695 */ 694 */
696 695
697/* ---------------------------------------------------------------- */ 696/* ---------------------------------------------------------------- */
697static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
698 const struct iw_ioctl_description *descr,
699 iw_handler handler, struct net_device *dev,
700 struct iw_request_info *info)
701{
702 int err, extra_size, user_length = 0, essid_compat = 0;
703 char *extra;
704
705 /* Calculate space needed by arguments. Always allocate
706 * for max space.
707 */
708 extra_size = descr->max_tokens * descr->token_size;
709
710 /* Check need for ESSID compatibility for WE < 21 */
711 switch (cmd) {
712 case SIOCSIWESSID:
713 case SIOCGIWESSID:
714 case SIOCSIWNICKN:
715 case SIOCGIWNICKN:
716 if (iwp->length == descr->max_tokens + 1)
717 essid_compat = 1;
718 else if (IW_IS_SET(cmd) && (iwp->length != 0)) {
719 char essid[IW_ESSID_MAX_SIZE + 1];
720
721 err = copy_from_user(essid, iwp->pointer,
722 iwp->length *
723 descr->token_size);
724 if (err)
725 return -EFAULT;
726
727 if (essid[iwp->length - 1] == '\0')
728 essid_compat = 1;
729 }
730 break;
731 default:
732 break;
733 }
734
735 iwp->length -= essid_compat;
736
737 /* Check what user space is giving us */
738 if (IW_IS_SET(cmd)) {
739 /* Check NULL pointer */
740 if (!iwp->pointer && iwp->length != 0)
741 return -EFAULT;
742 /* Check if number of token fits within bounds */
743 if (iwp->length > descr->max_tokens)
744 return -E2BIG;
745 if (iwp->length < descr->min_tokens)
746 return -EINVAL;
747 } else {
748 /* Check NULL pointer */
749 if (!iwp->pointer)
750 return -EFAULT;
751 /* Save user space buffer size for checking */
752 user_length = iwp->length;
753
754 /* Don't check if user_length > max to allow forward
755 * compatibility. The test user_length < min is
756 * implied by the test at the end.
757 */
758
759 /* Support for very large requests */
760 if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
761 (user_length > descr->max_tokens)) {
762 /* Allow userspace to GET more than max so
763 * we can support any size GET requests.
764 * There is still a limit : -ENOMEM.
765 */
766 extra_size = user_length * descr->token_size;
767
768 /* Note : user_length is originally a __u16,
769 * and token_size is controlled by us,
770 * so extra_size won't get negative and
771 * won't overflow...
772 */
773 }
774 }
775
776 /* kzalloc() ensures NULL-termination for essid_compat. */
777 extra = kzalloc(extra_size, GFP_KERNEL);
778 if (!extra)
779 return -ENOMEM;
780
781 /* If it is a SET, get all the extra data in here */
782 if (IW_IS_SET(cmd) && (iwp->length != 0)) {
783 if (copy_from_user(extra, iwp->pointer,
784 iwp->length *
785 descr->token_size)) {
786 err = -EFAULT;
787 goto out;
788 }
789 }
790
791 err = handler(dev, info, (union iwreq_data *) iwp, extra);
792
793 iwp->length += essid_compat;
794
795 /* If we have something to return to the user */
796 if (!err && IW_IS_GET(cmd)) {
797 /* Check if there is enough buffer up there */
798 if (user_length < iwp->length) {
799 err = -E2BIG;
800 goto out;
801 }
802
803 if (copy_to_user(iwp->pointer, extra,
804 iwp->length *
805 descr->token_size)) {
806 err = -EFAULT;
807 goto out;
808 }
809 }
810
811 /* Generate an event to notify listeners of the change */
812 if ((descr->flags & IW_DESCR_FLAG_EVENT) && err == -EIWCOMMIT) {
813 union iwreq_data *data = (union iwreq_data *) iwp;
814
815 if (descr->flags & IW_DESCR_FLAG_RESTRICT)
816 /* If the event is restricted, don't
817 * export the payload.
818 */
819 wireless_send_event(dev, cmd, data, NULL);
820 else
821 wireless_send_event(dev, cmd, data, extra);
822 }
823
824out:
825 kfree(extra);
826 return err;
827}
828
698/* 829/*
699 * Wrapper to call a standard Wireless Extension handler. 830 * Wrapper to call a standard Wireless Extension handler.
700 * We do various checks and also take care of moving data between 831 * We do various checks and also take care of moving data between
701 * user space and kernel space. 832 * user space and kernel space.
702 */ 833 */
703static int ioctl_standard_call(struct net_device * dev, 834static int ioctl_standard_call(struct net_device * dev,
704 struct ifreq * ifr, 835 struct iwreq *iwr,
705 unsigned int cmd, 836 unsigned int cmd,
837 struct iw_request_info *info,
706 iw_handler handler) 838 iw_handler handler)
707{ 839{
708 struct iwreq * iwr = (struct iwreq *) ifr;
709 const struct iw_ioctl_description * descr; 840 const struct iw_ioctl_description * descr;
710 struct iw_request_info info;
711 int ret = -EINVAL; 841 int ret = -EINVAL;
712 842
713 /* Get the description of the IOCTL */ 843 /* Get the description of the IOCTL */
@@ -715,145 +845,19 @@ static int ioctl_standard_call(struct net_device * dev,
715 return -EOPNOTSUPP; 845 return -EOPNOTSUPP;
716 descr = &(standard_ioctl[cmd - SIOCIWFIRST]); 846 descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
717 847
718 /* Prepare the call */
719 info.cmd = cmd;
720 info.flags = 0;
721
722 /* Check if we have a pointer to user space data or not */ 848 /* Check if we have a pointer to user space data or not */
723 if (descr->header_type != IW_HEADER_TYPE_POINT) { 849 if (descr->header_type != IW_HEADER_TYPE_POINT) {
724 850
725 /* No extra arguments. Trivial to handle */ 851 /* No extra arguments. Trivial to handle */
726 ret = handler(dev, &info, &(iwr->u), NULL); 852 ret = handler(dev, info, &(iwr->u), NULL);
727 853
728 /* Generate an event to notify listeners of the change */ 854 /* Generate an event to notify listeners of the change */
729 if ((descr->flags & IW_DESCR_FLAG_EVENT) && 855 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
730 ((ret == 0) || (ret == -EIWCOMMIT))) 856 ((ret == 0) || (ret == -EIWCOMMIT)))
731 wireless_send_event(dev, cmd, &(iwr->u), NULL); 857 wireless_send_event(dev, cmd, &(iwr->u), NULL);
732 } else { 858 } else {
733 char * extra; 859 ret = ioctl_standard_iw_point(&iwr->u.data, cmd, descr,
734 int extra_size; 860 handler, dev, info);
735 int user_length = 0;
736 int err;
737 int essid_compat = 0;
738
739 /* Calculate space needed by arguments. Always allocate
740 * for max space. Easier, and won't last long... */
741 extra_size = descr->max_tokens * descr->token_size;
742
743 /* Check need for ESSID compatibility for WE < 21 */
744 switch (cmd) {
745 case SIOCSIWESSID:
746 case SIOCGIWESSID:
747 case SIOCSIWNICKN:
748 case SIOCGIWNICKN:
749 if (iwr->u.data.length == descr->max_tokens + 1)
750 essid_compat = 1;
751 else if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
752 char essid[IW_ESSID_MAX_SIZE + 1];
753
754 err = copy_from_user(essid, iwr->u.data.pointer,
755 iwr->u.data.length *
756 descr->token_size);
757 if (err)
758 return -EFAULT;
759
760 if (essid[iwr->u.data.length - 1] == '\0')
761 essid_compat = 1;
762 }
763 break;
764 default:
765 break;
766 }
767
768 iwr->u.data.length -= essid_compat;
769
770 /* Check what user space is giving us */
771 if (IW_IS_SET(cmd)) {
772 /* Check NULL pointer */
773 if ((iwr->u.data.pointer == NULL) &&
774 (iwr->u.data.length != 0))
775 return -EFAULT;
776 /* Check if number of token fits within bounds */
777 if (iwr->u.data.length > descr->max_tokens)
778 return -E2BIG;
779 if (iwr->u.data.length < descr->min_tokens)
780 return -EINVAL;
781 } else {
782 /* Check NULL pointer */
783 if (iwr->u.data.pointer == NULL)
784 return -EFAULT;
785 /* Save user space buffer size for checking */
786 user_length = iwr->u.data.length;
787
788 /* Don't check if user_length > max to allow forward
789 * compatibility. The test user_length < min is
790 * implied by the test at the end. */
791
792 /* Support for very large requests */
793 if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
794 (user_length > descr->max_tokens)) {
795 /* Allow userspace to GET more than max so
796 * we can support any size GET requests.
797 * There is still a limit : -ENOMEM. */
798 extra_size = user_length * descr->token_size;
799 /* Note : user_length is originally a __u16,
800 * and token_size is controlled by us,
801 * so extra_size won't get negative and
802 * won't overflow... */
803 }
804 }
805
806 /* Create the kernel buffer */
807 /* kzalloc ensures NULL-termination for essid_compat */
808 extra = kzalloc(extra_size, GFP_KERNEL);
809 if (extra == NULL)
810 return -ENOMEM;
811
812 /* If it is a SET, get all the extra data in here */
813 if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
814 err = copy_from_user(extra, iwr->u.data.pointer,
815 iwr->u.data.length *
816 descr->token_size);
817 if (err) {
818 kfree(extra);
819 return -EFAULT;
820 }
821 }
822
823 /* Call the handler */
824 ret = handler(dev, &info, &(iwr->u), extra);
825
826 iwr->u.data.length += essid_compat;
827
828 /* If we have something to return to the user */
829 if (!ret && IW_IS_GET(cmd)) {
830 /* Check if there is enough buffer up there */
831 if (user_length < iwr->u.data.length) {
832 kfree(extra);
833 return -E2BIG;
834 }
835
836 err = copy_to_user(iwr->u.data.pointer, extra,
837 iwr->u.data.length *
838 descr->token_size);
839 if (err)
840 ret = -EFAULT;
841 }
842
843 /* Generate an event to notify listeners of the change */
844 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
845 ((ret == 0) || (ret == -EIWCOMMIT))) {
846 if (descr->flags & IW_DESCR_FLAG_RESTRICT)
847 /* If the event is restricted, don't
848 * export the payload */
849 wireless_send_event(dev, cmd, &(iwr->u), NULL);
850 else
851 wireless_send_event(dev, cmd, &(iwr->u),
852 extra);
853 }
854
855 /* Cleanup - I told you it wasn't that long ;-) */
856 kfree(extra);
857 } 861 }
858 862
859 /* Call commit handler if needed and defined */ 863 /* Call commit handler if needed and defined */
@@ -881,25 +885,22 @@ static int ioctl_standard_call(struct net_device * dev,
881 * a iw_handler but process it in your ioctl handler (i.e. use the 885 * a iw_handler but process it in your ioctl handler (i.e. use the
882 * old driver API). 886 * old driver API).
883 */ 887 */
884static int ioctl_private_call(struct net_device *dev, struct ifreq *ifr, 888static int get_priv_descr_and_size(struct net_device *dev, unsigned int cmd,
885 unsigned int cmd, iw_handler handler) 889 const struct iw_priv_args **descrp)
886{ 890{
887 struct iwreq * iwr = (struct iwreq *) ifr; 891 const struct iw_priv_args *descr;
888 const struct iw_priv_args * descr = NULL; 892 int i, extra_size;
889 struct iw_request_info info;
890 int extra_size = 0;
891 int i;
892 int ret = -EINVAL;
893 893
894 /* Get the description of the IOCTL */ 894 descr = NULL;
895 for (i = 0; i < dev->wireless_handlers->num_private_args; i++) 895 for (i = 0; i < dev->wireless_handlers->num_private_args; i++) {
896 if (cmd == dev->wireless_handlers->private_args[i].cmd) { 896 if (cmd == dev->wireless_handlers->private_args[i].cmd) {
897 descr = &(dev->wireless_handlers->private_args[i]); 897 descr = &dev->wireless_handlers->private_args[i];
898 break; 898 break;
899 } 899 }
900 }
900 901
901 /* Compute the size of the set/get arguments */ 902 extra_size = 0;
902 if (descr != NULL) { 903 if (descr) {
903 if (IW_IS_SET(cmd)) { 904 if (IW_IS_SET(cmd)) {
904 int offset = 0; /* For sub-ioctls */ 905 int offset = 0; /* For sub-ioctls */
905 /* Check for sub-ioctl handler */ 906 /* Check for sub-ioctl handler */
@@ -924,72 +925,77 @@ static int ioctl_private_call(struct net_device *dev, struct ifreq *ifr,
924 extra_size = 0; 925 extra_size = 0;
925 } 926 }
926 } 927 }
928 *descrp = descr;
929 return extra_size;
930}
927 931
928 /* Prepare the call */ 932static int ioctl_private_iw_point(struct iw_point *iwp, unsigned int cmd,
929 info.cmd = cmd; 933 const struct iw_priv_args *descr,
930 info.flags = 0; 934 iw_handler handler, struct net_device *dev,
935 struct iw_request_info *info, int extra_size)
936{
937 char *extra;
938 int err;
931 939
932 /* Check if we have a pointer to user space data or not. */ 940 /* Check what user space is giving us */
933 if (extra_size == 0) { 941 if (IW_IS_SET(cmd)) {
934 /* No extra arguments. Trivial to handle */ 942 if (!iwp->pointer && iwp->length != 0)
935 ret = handler(dev, &info, &(iwr->u), (char *) &(iwr->u)); 943 return -EFAULT;
936 } else {
937 char * extra;
938 int err;
939 944
940 /* Check what user space is giving us */ 945 if (iwp->length > (descr->set_args & IW_PRIV_SIZE_MASK))
941 if (IW_IS_SET(cmd)) { 946 return -E2BIG;
942 /* Check NULL pointer */ 947 } else if (!iwp->pointer)
943 if ((iwr->u.data.pointer == NULL) && 948 return -EFAULT;
944 (iwr->u.data.length != 0))
945 return -EFAULT;
946 949
947 /* Does it fits within bounds ? */ 950 extra = kmalloc(extra_size, GFP_KERNEL);
948 if (iwr->u.data.length > (descr->set_args & 951 if (!extra)
949 IW_PRIV_SIZE_MASK)) 952 return -ENOMEM;
950 return -E2BIG;
951 } else if (iwr->u.data.pointer == NULL)
952 return -EFAULT;
953 953
954 /* Always allocate for max space. Easier, and won't last 954 /* If it is a SET, get all the extra data in here */
955 * long... */ 955 if (IW_IS_SET(cmd) && (iwp->length != 0)) {
956 extra = kmalloc(extra_size, GFP_KERNEL); 956 if (copy_from_user(extra, iwp->pointer, extra_size)) {
957 if (extra == NULL) 957 err = -EFAULT;
958 return -ENOMEM; 958 goto out;
959
960 /* If it is a SET, get all the extra data in here */
961 if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
962 err = copy_from_user(extra, iwr->u.data.pointer,
963 extra_size);
964 if (err) {
965 kfree(extra);
966 return -EFAULT;
967 }
968 } 959 }
960 }
969 961
970 /* Call the handler */ 962 /* Call the handler */
971 ret = handler(dev, &info, &(iwr->u), extra); 963 err = handler(dev, info, (union iwreq_data *) iwp, extra);
972 964
973 /* If we have something to return to the user */ 965 /* If we have something to return to the user */
974 if (!ret && IW_IS_GET(cmd)) { 966 if (!err && IW_IS_GET(cmd)) {
967 /* Adjust for the actual length if it's variable,
968 * avoid leaking kernel bits outside.
969 */
970 if (!(descr->get_args & IW_PRIV_SIZE_FIXED))
971 extra_size = adjust_priv_size(descr->get_args, iwp);
975 972
976 /* Adjust for the actual length if it's variable, 973 if (copy_to_user(iwp->pointer, extra, extra_size))
977 * avoid leaking kernel bits outside. */ 974 err = -EFAULT;
978 if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) { 975 }
979 extra_size = adjust_priv_size(descr->get_args,
980 &(iwr->u));
981 }
982 976
983 err = copy_to_user(iwr->u.data.pointer, extra, 977out:
984 extra_size); 978 kfree(extra);
985 if (err) 979 return err;
986 ret = -EFAULT; 980}
987 }
988 981
989 /* Cleanup - I told you it wasn't that long ;-) */ 982static int ioctl_private_call(struct net_device *dev, struct iwreq *iwr,
990 kfree(extra); 983 unsigned int cmd, struct iw_request_info *info,
991 } 984 iw_handler handler)
985{
986 int extra_size = 0, ret = -EINVAL;
987 const struct iw_priv_args *descr;
992 988
989 extra_size = get_priv_descr_and_size(dev, cmd, &descr);
990
991 /* Check if we have a pointer to user space data or not. */
992 if (extra_size == 0) {
993 /* No extra arguments. Trivial to handle */
994 ret = handler(dev, info, &(iwr->u), (char *) &(iwr->u));
995 } else {
996 ret = ioctl_private_iw_point(&iwr->u.data, cmd, descr,
997 handler, dev, info, extra_size);
998 }
993 999
994 /* Call commit handler if needed and defined */ 1000 /* Call commit handler if needed and defined */
995 if (ret == -EIWCOMMIT) 1001 if (ret == -EIWCOMMIT)
@@ -999,12 +1005,21 @@ static int ioctl_private_call(struct net_device *dev, struct ifreq *ifr,
999} 1005}
1000 1006
1001/* ---------------------------------------------------------------- */ 1007/* ---------------------------------------------------------------- */
1008typedef int (*wext_ioctl_func)(struct net_device *, struct iwreq *,
1009 unsigned int, struct iw_request_info *,
1010 iw_handler);
1011
1002/* 1012/*
1003 * Main IOCTl dispatcher. 1013 * Main IOCTl dispatcher.
1004 * Check the type of IOCTL and call the appropriate wrapper... 1014 * Check the type of IOCTL and call the appropriate wrapper...
1005 */ 1015 */
1006static int wireless_process_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd) 1016static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
1017 unsigned int cmd,
1018 struct iw_request_info *info,
1019 wext_ioctl_func standard,
1020 wext_ioctl_func private)
1007{ 1021{
1022 struct iwreq *iwr = (struct iwreq *) ifr;
1008 struct net_device *dev; 1023 struct net_device *dev;
1009 iw_handler handler; 1024 iw_handler handler;
1010 1025
@@ -1019,12 +1034,12 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr, unsigned i
1019 * Note that 'cmd' is already filtered in dev_ioctl() with 1034 * Note that 'cmd' is already filtered in dev_ioctl() with
1020 * (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) */ 1035 * (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) */
1021 if (cmd == SIOCGIWSTATS) 1036 if (cmd == SIOCGIWSTATS)
1022 return ioctl_standard_call(dev, ifr, cmd, 1037 return standard(dev, iwr, cmd, info,
1023 &iw_handler_get_iwstats); 1038 &iw_handler_get_iwstats);
1024 1039
1025 if (cmd == SIOCGIWPRIV && dev->wireless_handlers) 1040 if (cmd == SIOCGIWPRIV && dev->wireless_handlers)
1026 return ioctl_standard_call(dev, ifr, cmd, 1041 return standard(dev, iwr, cmd, info,
1027 &iw_handler_get_private); 1042 &iw_handler_get_private);
1028 1043
1029 /* Basic check */ 1044 /* Basic check */
1030 if (!netif_device_present(dev)) 1045 if (!netif_device_present(dev))
@@ -1035,9 +1050,9 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr, unsigned i
1035 if (handler) { 1050 if (handler) {
1036 /* Standard and private are not the same */ 1051 /* Standard and private are not the same */
1037 if (cmd < SIOCIWFIRSTPRIV) 1052 if (cmd < SIOCIWFIRSTPRIV)
1038 return ioctl_standard_call(dev, ifr, cmd, handler); 1053 return standard(dev, iwr, cmd, info, handler);
1039 else 1054 else
1040 return ioctl_private_call(dev, ifr, cmd, handler); 1055 return private(dev, iwr, cmd, info, handler);
1041 } 1056 }
1042 /* Old driver API : call driver ioctl handler */ 1057 /* Old driver API : call driver ioctl handler */
1043 if (dev->do_ioctl) 1058 if (dev->do_ioctl)
@@ -1045,27 +1060,154 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr, unsigned i
1045 return -EOPNOTSUPP; 1060 return -EOPNOTSUPP;
1046} 1061}
1047 1062
1048/* entry point from dev ioctl */ 1063/* If command is `set a parameter', or `get the encoding parameters',
1049int wext_handle_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd, 1064 * check if the user has the right to do it.
1050 void __user *arg) 1065 */
1066static int wext_permission_check(unsigned int cmd)
1051{ 1067{
1052 int ret;
1053
1054 /* If command is `set a parameter', or
1055 * `get the encoding parameters', check if
1056 * the user has the right to do it */
1057 if ((IW_IS_SET(cmd) || cmd == SIOCGIWENCODE || cmd == SIOCGIWENCODEEXT) 1068 if ((IW_IS_SET(cmd) || cmd == SIOCGIWENCODE || cmd == SIOCGIWENCODEEXT)
1058 && !capable(CAP_NET_ADMIN)) 1069 && !capable(CAP_NET_ADMIN))
1059 return -EPERM; 1070 return -EPERM;
1060 1071
1072 return 0;
1073}
1074
1075/* entry point from dev ioctl */
1076static int wext_ioctl_dispatch(struct net *net, struct ifreq *ifr,
1077 unsigned int cmd, struct iw_request_info *info,
1078 wext_ioctl_func standard,
1079 wext_ioctl_func private)
1080{
1081 int ret = wext_permission_check(cmd);
1082
1083 if (ret)
1084 return ret;
1085
1061 dev_load(net, ifr->ifr_name); 1086 dev_load(net, ifr->ifr_name);
1062 rtnl_lock(); 1087 rtnl_lock();
1063 ret = wireless_process_ioctl(net, ifr, cmd); 1088 ret = wireless_process_ioctl(net, ifr, cmd, info, standard, private);
1064 rtnl_unlock(); 1089 rtnl_unlock();
1065 if (IW_IS_GET(cmd) && copy_to_user(arg, ifr, sizeof(struct iwreq))) 1090
1091 return ret;
1092}
1093
1094int wext_handle_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd,
1095 void __user *arg)
1096{
1097 struct iw_request_info info = { .cmd = cmd, .flags = 0 };
1098 int ret;
1099
1100 ret = wext_ioctl_dispatch(net, ifr, cmd, &info,
1101 ioctl_standard_call,
1102 ioctl_private_call);
1103 if (ret >= 0 &&
1104 IW_IS_GET(cmd) &&
1105 copy_to_user(arg, ifr, sizeof(struct iwreq)))
1106 return -EFAULT;
1107
1108 return ret;
1109}
1110
1111#ifdef CONFIG_COMPAT
1112static int compat_standard_call(struct net_device *dev,
1113 struct iwreq *iwr,
1114 unsigned int cmd,
1115 struct iw_request_info *info,
1116 iw_handler handler)
1117{
1118 const struct iw_ioctl_description *descr;
1119 struct compat_iw_point *iwp_compat;
1120 struct iw_point iwp;
1121 int err;
1122
1123 descr = standard_ioctl + (cmd - SIOCIWFIRST);
1124
1125 if (descr->header_type != IW_HEADER_TYPE_POINT)
1126 return ioctl_standard_call(dev, iwr, cmd, info, handler);
1127
1128 iwp_compat = (struct compat_iw_point *) &iwr->u.data;
1129 iwp.pointer = compat_ptr(iwp_compat->pointer);
1130 iwp.length = iwp_compat->length;
1131 iwp.flags = iwp_compat->flags;
1132
1133 err = ioctl_standard_iw_point(&iwp, cmd, descr, handler, dev, info);
1134
1135 iwp_compat->pointer = ptr_to_compat(iwp.pointer);
1136 iwp_compat->length = iwp.length;
1137 iwp_compat->flags = iwp.flags;
1138
1139 return err;
1140}
1141
1142static int compat_private_call(struct net_device *dev, struct iwreq *iwr,
1143 unsigned int cmd, struct iw_request_info *info,
1144 iw_handler handler)
1145{
1146 const struct iw_priv_args *descr;
1147 int ret, extra_size;
1148
1149 extra_size = get_priv_descr_and_size(dev, cmd, &descr);
1150
1151 /* Check if we have a pointer to user space data or not. */
1152 if (extra_size == 0) {
1153 /* No extra arguments. Trivial to handle */
1154 ret = handler(dev, info, &(iwr->u), (char *) &(iwr->u));
1155 } else {
1156 struct compat_iw_point *iwp_compat;
1157 struct iw_point iwp;
1158
1159 iwp_compat = (struct compat_iw_point *) &iwr->u.data;
1160 iwp.pointer = compat_ptr(iwp_compat->pointer);
1161 iwp.length = iwp_compat->length;
1162 iwp.flags = iwp_compat->flags;
1163
1164 ret = ioctl_private_iw_point(&iwp, cmd, descr,
1165 handler, dev, info, extra_size);
1166
1167 iwp_compat->pointer = ptr_to_compat(iwp.pointer);
1168 iwp_compat->length = iwp.length;
1169 iwp_compat->flags = iwp.flags;
1170 }
1171
1172 /* Call commit handler if needed and defined */
1173 if (ret == -EIWCOMMIT)
1174 ret = call_commit_handler(dev);
1175
1176 return ret;
1177}
1178
1179int compat_wext_handle_ioctl(struct net *net, unsigned int cmd,
1180 unsigned long arg)
1181{
1182 void __user *argp = (void __user *)arg;
1183 struct iw_request_info info;
1184 struct iwreq iwr;
1185 char *colon;
1186 int ret;
1187
1188 if (copy_from_user(&iwr, argp, sizeof(struct iwreq)))
1189 return -EFAULT;
1190
1191 iwr.ifr_name[IFNAMSIZ-1] = 0;
1192 colon = strchr(iwr.ifr_name, ':');
1193 if (colon)
1194 *colon = 0;
1195
1196 info.cmd = cmd;
1197 info.flags = IW_REQUEST_FLAG_COMPAT;
1198
1199 ret = wext_ioctl_dispatch(net, (struct ifreq *) &iwr, cmd, &info,
1200 compat_standard_call,
1201 compat_private_call);
1202
1203 if (ret >= 0 &&
1204 IW_IS_GET(cmd) &&
1205 copy_to_user(argp, &iwr, sizeof(struct iwreq)))
1066 return -EFAULT; 1206 return -EFAULT;
1207
1067 return ret; 1208 return ret;
1068} 1209}
1210#endif
1069 1211
1070/************************* EVENT PROCESSING *************************/ 1212/************************* EVENT PROCESSING *************************/
1071/* 1213/*
@@ -1135,6 +1277,7 @@ static int rtnetlink_fill_iwinfo(struct sk_buff *skb, struct net_device *dev,
1135 r->ifi_flags = dev_get_flags(dev); 1277 r->ifi_flags = dev_get_flags(dev);
1136 r->ifi_change = 0; /* Wireless changes don't affect those flags */ 1278 r->ifi_change = 0; /* Wireless changes don't affect those flags */
1137 1279
1280 NLA_PUT_STRING(skb, IFLA_IFNAME, dev->name);
1138 /* Add the wireless events in the netlink packet */ 1281 /* Add the wireless events in the netlink packet */
1139 NLA_PUT(skb, IFLA_WIRELESS, event_len, event); 1282 NLA_PUT(skb, IFLA_WIRELESS, event_len, event);
1140 1283
@@ -1157,7 +1300,7 @@ static void rtmsg_iwinfo(struct net_device *dev, char *event, int event_len)
1157 struct sk_buff *skb; 1300 struct sk_buff *skb;
1158 int err; 1301 int err;
1159 1302
1160 if (dev_net(dev) != &init_net) 1303 if (!net_eq(dev_net(dev), &init_net))
1161 return; 1304 return;
1162 1305
1163 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 1306 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 6ba67c523c16..9fc5b023d111 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -191,7 +191,7 @@ static int x25_device_event(struct notifier_block *this, unsigned long event,
191 struct net_device *dev = ptr; 191 struct net_device *dev = ptr;
192 struct x25_neigh *nb; 192 struct x25_neigh *nb;
193 193
194 if (dev_net(dev) != &init_net) 194 if (!net_eq(dev_net(dev), &init_net))
195 return NOTIFY_DONE; 195 return NOTIFY_DONE;
196 196
197 if (dev->type == ARPHRD_X25 197 if (dev->type == ARPHRD_X25
@@ -555,13 +555,11 @@ static struct sock *x25_make_new(struct sock *osk)
555 x25 = x25_sk(sk); 555 x25 = x25_sk(sk);
556 556
557 sk->sk_type = osk->sk_type; 557 sk->sk_type = osk->sk_type;
558 sk->sk_socket = osk->sk_socket;
559 sk->sk_priority = osk->sk_priority; 558 sk->sk_priority = osk->sk_priority;
560 sk->sk_protocol = osk->sk_protocol; 559 sk->sk_protocol = osk->sk_protocol;
561 sk->sk_rcvbuf = osk->sk_rcvbuf; 560 sk->sk_rcvbuf = osk->sk_rcvbuf;
562 sk->sk_sndbuf = osk->sk_sndbuf; 561 sk->sk_sndbuf = osk->sk_sndbuf;
563 sk->sk_state = TCP_ESTABLISHED; 562 sk->sk_state = TCP_ESTABLISHED;
564 sk->sk_sleep = osk->sk_sleep;
565 sk->sk_backlog_rcv = osk->sk_backlog_rcv; 563 sk->sk_backlog_rcv = osk->sk_backlog_rcv;
566 sock_copy_flags(sk, osk); 564 sock_copy_flags(sk, osk);
567 565
@@ -614,8 +612,7 @@ static int x25_release(struct socket *sock)
614 break; 612 break;
615 } 613 }
616 614
617 sock->sk = NULL; 615 sock_orphan(sk);
618 sk->sk_socket = NULL; /* Not used, but we should do this */
619out: 616out:
620 return 0; 617 return 0;
621} 618}
@@ -808,14 +805,12 @@ static int x25_accept(struct socket *sock, struct socket *newsock, int flags)
808 if (!skb->sk) 805 if (!skb->sk)
809 goto out2; 806 goto out2;
810 newsk = skb->sk; 807 newsk = skb->sk;
811 newsk->sk_socket = newsock; 808 sock_graft(newsk, newsock);
812 newsk->sk_sleep = &newsock->wait;
813 809
814 /* Now attach up the new socket */ 810 /* Now attach up the new socket */
815 skb->sk = NULL; 811 skb->sk = NULL;
816 kfree_skb(skb); 812 kfree_skb(skb);
817 sk->sk_ack_backlog--; 813 sk->sk_ack_backlog--;
818 newsock->sk = newsk;
819 newsock->state = SS_CONNECTED; 814 newsock->state = SS_CONNECTED;
820 rc = 0; 815 rc = 0;
821out2: 816out2:
diff --git a/net/x25/x25_dev.c b/net/x25/x25_dev.c
index 3ff206c0ae94..3e1efe534645 100644
--- a/net/x25/x25_dev.c
+++ b/net/x25/x25_dev.c
@@ -95,7 +95,7 @@ int x25_lapb_receive_frame(struct sk_buff *skb, struct net_device *dev,
95 struct sk_buff *nskb; 95 struct sk_buff *nskb;
96 struct x25_neigh *nb; 96 struct x25_neigh *nb;
97 97
98 if (dev_net(dev) != &init_net) 98 if (!net_eq(dev_net(dev), &init_net))
99 goto drop; 99 goto drop;
100 100
101 nskb = skb_copy(skb, GFP_ATOMIC); 101 nskb = skb_copy(skb, GFP_ATOMIC);
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 9201ef8ad90e..6d081674515f 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -46,6 +46,12 @@ config XFRM_STATISTICS
46 46
47 If unsure, say N. 47 If unsure, say N.
48 48
49config XFRM_IPCOMP
50 tristate
51 select XFRM
52 select CRYPTO
53 select CRYPTO_DEFLATE
54
49config NET_KEY 55config NET_KEY
50 tristate "PF_KEY sockets" 56 tristate "PF_KEY sockets"
51 select XFRM 57 select XFRM
diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile
index 332cfb0ff566..0f439a72ccab 100644
--- a/net/xfrm/Makefile
+++ b/net/xfrm/Makefile
@@ -6,4 +6,5 @@ obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
6 xfrm_input.o xfrm_output.o xfrm_algo.o 6 xfrm_input.o xfrm_output.o xfrm_algo.o
7obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o 7obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
8obj-$(CONFIG_XFRM_USER) += xfrm_user.o 8obj-$(CONFIG_XFRM_USER) += xfrm_user.o
9obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
9 10
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index ac765dd9c7f5..96036cf2216d 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -200,8 +200,8 @@ static struct xfrm_algo_desc aalg_list[] = {
200 } 200 }
201}, 201},
202{ 202{
203 .name = "hmac(ripemd160)", 203 .name = "hmac(rmd160)",
204 .compat = "ripemd160", 204 .compat = "rmd160",
205 205
206 .uinfo = { 206 .uinfo = {
207 .auth = { 207 .auth = {
@@ -718,7 +718,7 @@ int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
718 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 718 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
719 int end; 719 int end;
720 720
721 BUG_TRAP(start <= offset + len); 721 WARN_ON(start > offset + len);
722 722
723 end = start + skb_shinfo(skb)->frags[i].size; 723 end = start + skb_shinfo(skb)->frags[i].size;
724 if ((copy = end - offset) > 0) { 724 if ((copy = end - offset) > 0) {
@@ -748,7 +748,7 @@ int skb_icv_walk(const struct sk_buff *skb, struct hash_desc *desc,
748 for (; list; list = list->next) { 748 for (; list; list = list->next) {
749 int end; 749 int end;
750 750
751 BUG_TRAP(start <= offset + len); 751 WARN_ON(start > offset + len);
752 752
753 end = start + list->len; 753 end = start + list->len;
754 if ((copy = end - offset) > 0) { 754 if ((copy = end - offset) > 0) {
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
new file mode 100644
index 000000000000..c609a4b98e15
--- /dev/null
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -0,0 +1,384 @@
1/*
2 * IP Payload Compression Protocol (IPComp) - RFC3173.
3 *
4 * Copyright (c) 2003 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2003-2008 Herbert Xu <herbert@gondor.apana.org.au>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the Free
9 * Software Foundation; either version 2 of the License, or (at your option)
10 * any later version.
11 *
12 * Todo:
13 * - Tunable compression parameters.
14 * - Compression stats.
15 * - Adaptive compression.
16 */
17
18#include <linux/crypto.h>
19#include <linux/err.h>
20#include <linux/gfp.h>
21#include <linux/list.h>
22#include <linux/module.h>
23#include <linux/mutex.h>
24#include <linux/percpu.h>
25#include <linux/smp.h>
26#include <linux/vmalloc.h>
27#include <net/ip.h>
28#include <net/ipcomp.h>
29#include <net/xfrm.h>
30
31struct ipcomp_tfms {
32 struct list_head list;
33 struct crypto_comp **tfms;
34 int users;
35};
36
37static DEFINE_MUTEX(ipcomp_resource_mutex);
38static void **ipcomp_scratches;
39static int ipcomp_scratch_users;
40static LIST_HEAD(ipcomp_tfms_list);
41
42static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
43{
44 struct ipcomp_data *ipcd = x->data;
45 const int plen = skb->len;
46 int dlen = IPCOMP_SCRATCH_SIZE;
47 const u8 *start = skb->data;
48 const int cpu = get_cpu();
49 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
50 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
51 int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
52 int len;
53
54 if (err)
55 goto out;
56
57 if (dlen < (plen + sizeof(struct ip_comp_hdr))) {
58 err = -EINVAL;
59 goto out;
60 }
61
62 len = dlen - plen;
63 if (len > skb_tailroom(skb))
64 len = skb_tailroom(skb);
65
66 skb->truesize += len;
67 __skb_put(skb, len);
68
69 len += plen;
70 skb_copy_to_linear_data(skb, scratch, len);
71
72 while ((scratch += len, dlen -= len) > 0) {
73 skb_frag_t *frag;
74
75 err = -EMSGSIZE;
76 if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS))
77 goto out;
78
79 frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags;
80 frag->page = alloc_page(GFP_ATOMIC);
81
82 err = -ENOMEM;
83 if (!frag->page)
84 goto out;
85
86 len = PAGE_SIZE;
87 if (dlen < len)
88 len = dlen;
89
90 memcpy(page_address(frag->page), scratch, len);
91
92 frag->page_offset = 0;
93 frag->size = len;
94 skb->truesize += len;
95 skb->data_len += len;
96 skb->len += len;
97
98 skb_shinfo(skb)->nr_frags++;
99 }
100
101 err = 0;
102
103out:
104 put_cpu();
105 return err;
106}
107
108int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
109{
110 int nexthdr;
111 int err = -ENOMEM;
112 struct ip_comp_hdr *ipch;
113
114 if (skb_linearize_cow(skb))
115 goto out;
116
117 skb->ip_summed = CHECKSUM_NONE;
118
119 /* Remove ipcomp header and decompress original payload */
120 ipch = (void *)skb->data;
121 nexthdr = ipch->nexthdr;
122
123 skb->transport_header = skb->network_header + sizeof(*ipch);
124 __skb_pull(skb, sizeof(*ipch));
125 err = ipcomp_decompress(x, skb);
126 if (err)
127 goto out;
128
129 err = nexthdr;
130
131out:
132 return err;
133}
134EXPORT_SYMBOL_GPL(ipcomp_input);
135
136static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
137{
138 struct ipcomp_data *ipcd = x->data;
139 const int plen = skb->len;
140 int dlen = IPCOMP_SCRATCH_SIZE;
141 u8 *start = skb->data;
142 const int cpu = get_cpu();
143 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
144 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
145 int err;
146
147 local_bh_disable();
148 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
149 local_bh_enable();
150 if (err)
151 goto out;
152
153 if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
154 err = -EMSGSIZE;
155 goto out;
156 }
157
158 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
159 put_cpu();
160
161 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
162 return 0;
163
164out:
165 put_cpu();
166 return err;
167}
168
169int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
170{
171 int err;
172 struct ip_comp_hdr *ipch;
173 struct ipcomp_data *ipcd = x->data;
174
175 if (skb->len < ipcd->threshold) {
176 /* Don't bother compressing */
177 goto out_ok;
178 }
179
180 if (skb_linearize_cow(skb))
181 goto out_ok;
182
183 err = ipcomp_compress(x, skb);
184
185 if (err) {
186 goto out_ok;
187 }
188
189 /* Install ipcomp header, convert into ipcomp datagram. */
190 ipch = ip_comp_hdr(skb);
191 ipch->nexthdr = *skb_mac_header(skb);
192 ipch->flags = 0;
193 ipch->cpi = htons((u16 )ntohl(x->id.spi));
194 *skb_mac_header(skb) = IPPROTO_COMP;
195out_ok:
196 skb_push(skb, -skb_network_offset(skb));
197 return 0;
198}
199EXPORT_SYMBOL_GPL(ipcomp_output);
200
201static void ipcomp_free_scratches(void)
202{
203 int i;
204 void **scratches;
205
206 if (--ipcomp_scratch_users)
207 return;
208
209 scratches = ipcomp_scratches;
210 if (!scratches)
211 return;
212
213 for_each_possible_cpu(i)
214 vfree(*per_cpu_ptr(scratches, i));
215
216 free_percpu(scratches);
217}
218
219static void **ipcomp_alloc_scratches(void)
220{
221 int i;
222 void **scratches;
223
224 if (ipcomp_scratch_users++)
225 return ipcomp_scratches;
226
227 scratches = alloc_percpu(void *);
228 if (!scratches)
229 return NULL;
230
231 ipcomp_scratches = scratches;
232
233 for_each_possible_cpu(i) {
234 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
235 if (!scratch)
236 return NULL;
237 *per_cpu_ptr(scratches, i) = scratch;
238 }
239
240 return scratches;
241}
242
243static void ipcomp_free_tfms(struct crypto_comp **tfms)
244{
245 struct ipcomp_tfms *pos;
246 int cpu;
247
248 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
249 if (pos->tfms == tfms)
250 break;
251 }
252
253 WARN_ON(!pos);
254
255 if (--pos->users)
256 return;
257
258 list_del(&pos->list);
259 kfree(pos);
260
261 if (!tfms)
262 return;
263
264 for_each_possible_cpu(cpu) {
265 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
266 crypto_free_comp(tfm);
267 }
268 free_percpu(tfms);
269}
270
271static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
272{
273 struct ipcomp_tfms *pos;
274 struct crypto_comp **tfms;
275 int cpu;
276
277 /* This can be any valid CPU ID so we don't need locking. */
278 cpu = raw_smp_processor_id();
279
280 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
281 struct crypto_comp *tfm;
282
283 tfms = pos->tfms;
284 tfm = *per_cpu_ptr(tfms, cpu);
285
286 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
287 pos->users++;
288 return tfms;
289 }
290 }
291
292 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
293 if (!pos)
294 return NULL;
295
296 pos->users = 1;
297 INIT_LIST_HEAD(&pos->list);
298 list_add(&pos->list, &ipcomp_tfms_list);
299
300 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
301 if (!tfms)
302 goto error;
303
304 for_each_possible_cpu(cpu) {
305 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
306 CRYPTO_ALG_ASYNC);
307 if (IS_ERR(tfm))
308 goto error;
309 *per_cpu_ptr(tfms, cpu) = tfm;
310 }
311
312 return tfms;
313
314error:
315 ipcomp_free_tfms(tfms);
316 return NULL;
317}
318
319static void ipcomp_free_data(struct ipcomp_data *ipcd)
320{
321 if (ipcd->tfms)
322 ipcomp_free_tfms(ipcd->tfms);
323 ipcomp_free_scratches();
324}
325
326void ipcomp_destroy(struct xfrm_state *x)
327{
328 struct ipcomp_data *ipcd = x->data;
329 if (!ipcd)
330 return;
331 xfrm_state_delete_tunnel(x);
332 mutex_lock(&ipcomp_resource_mutex);
333 ipcomp_free_data(ipcd);
334 mutex_unlock(&ipcomp_resource_mutex);
335 kfree(ipcd);
336}
337EXPORT_SYMBOL_GPL(ipcomp_destroy);
338
339int ipcomp_init_state(struct xfrm_state *x)
340{
341 int err;
342 struct ipcomp_data *ipcd;
343 struct xfrm_algo_desc *calg_desc;
344
345 err = -EINVAL;
346 if (!x->calg)
347 goto out;
348
349 if (x->encap)
350 goto out;
351
352 err = -ENOMEM;
353 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL);
354 if (!ipcd)
355 goto out;
356
357 mutex_lock(&ipcomp_resource_mutex);
358 if (!ipcomp_alloc_scratches())
359 goto error;
360
361 ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
362 if (!ipcd->tfms)
363 goto error;
364 mutex_unlock(&ipcomp_resource_mutex);
365
366 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
367 BUG_ON(!calg_desc);
368 ipcd->threshold = calg_desc->uinfo.comp.threshold;
369 x->data = ipcd;
370 err = 0;
371out:
372 return err;
373
374error:
375 ipcomp_free_data(ipcd);
376 mutex_unlock(&ipcomp_resource_mutex);
377 kfree(ipcd);
378 goto out;
379}
380EXPORT_SYMBOL_GPL(ipcomp_init_state);
381
382MODULE_LICENSE("GPL");
383MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) - RFC3173");
384MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 3f964db908a7..ac25b4c0e982 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -112,16 +112,13 @@ error_nolock:
112int xfrm_output_resume(struct sk_buff *skb, int err) 112int xfrm_output_resume(struct sk_buff *skb, int err)
113{ 113{
114 while (likely((err = xfrm_output_one(skb, err)) == 0)) { 114 while (likely((err = xfrm_output_one(skb, err)) == 0)) {
115 struct xfrm_state *x;
116
117 nf_reset(skb); 115 nf_reset(skb);
118 116
119 err = skb->dst->ops->local_out(skb); 117 err = skb->dst->ops->local_out(skb);
120 if (unlikely(err != 1)) 118 if (unlikely(err != 1))
121 goto out; 119 goto out;
122 120
123 x = skb->dst->xfrm; 121 if (!skb->dst->xfrm)
124 if (!x)
125 return dst_output(skb); 122 return dst_output(skb);
126 123
127 err = nf_hook(skb->dst->ops->family, 124 err = nf_hook(skb->dst->ops->family,
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index cae9fd815543..46914b79d850 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1731,8 +1731,7 @@ restart:
1731 * We can't enlist stable bundles either. 1731 * We can't enlist stable bundles either.
1732 */ 1732 */
1733 write_unlock_bh(&policy->lock); 1733 write_unlock_bh(&policy->lock);
1734 if (dst) 1734 dst_free(dst);
1735 dst_free(dst);
1736 1735
1737 if (pol_dead) 1736 if (pol_dead)
1738 XFRM_INC_STATS(LINUX_MIB_XFRMOUTPOLDEAD); 1737 XFRM_INC_STATS(LINUX_MIB_XFRMOUTPOLDEAD);
@@ -1748,8 +1747,7 @@ restart:
1748 err = xfrm_dst_update_origin(dst, fl); 1747 err = xfrm_dst_update_origin(dst, fl);
1749 if (unlikely(err)) { 1748 if (unlikely(err)) {
1750 write_unlock_bh(&policy->lock); 1749 write_unlock_bh(&policy->lock);
1751 if (dst) 1750 dst_free(dst);
1752 dst_free(dst);
1753 XFRM_INC_STATS(LINUX_MIB_XFRMOUTBUNDLECHECKERROR); 1751 XFRM_INC_STATS(LINUX_MIB_XFRMOUTBUNDLECHECKERROR);
1754 goto error; 1752 goto error;
1755 } 1753 }
@@ -2360,7 +2358,7 @@ static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void
2360{ 2358{
2361 struct net_device *dev = ptr; 2359 struct net_device *dev = ptr;
2362 2360
2363 if (dev_net(dev) != &init_net) 2361 if (!net_eq(dev_net(dev), &init_net))
2364 return NOTIFY_DONE; 2362 return NOTIFY_DONE;
2365 2363
2366 switch (event) { 2364 switch (event) {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 72fddafd891a..7bd62f61593f 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -538,7 +538,7 @@ EXPORT_SYMBOL(xfrm_state_alloc);
538 538
539void __xfrm_state_destroy(struct xfrm_state *x) 539void __xfrm_state_destroy(struct xfrm_state *x)
540{ 540{
541 BUG_TRAP(x->km.state == XFRM_STATE_DEAD); 541 WARN_ON(x->km.state != XFRM_STATE_DEAD);
542 542
543 spin_lock_bh(&xfrm_state_lock); 543 spin_lock_bh(&xfrm_state_lock);
544 list_del(&x->all); 544 list_del(&x->all);
@@ -780,11 +780,13 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
780{ 780{
781 unsigned int h; 781 unsigned int h;
782 struct hlist_node *entry; 782 struct hlist_node *entry;
783 struct xfrm_state *x, *x0; 783 struct xfrm_state *x, *x0, *to_put;
784 int acquire_in_progress = 0; 784 int acquire_in_progress = 0;
785 int error = 0; 785 int error = 0;
786 struct xfrm_state *best = NULL; 786 struct xfrm_state *best = NULL;
787 787
788 to_put = NULL;
789
788 spin_lock_bh(&xfrm_state_lock); 790 spin_lock_bh(&xfrm_state_lock);
789 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family); 791 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
790 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) { 792 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
@@ -833,7 +835,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
833 if (tmpl->id.spi && 835 if (tmpl->id.spi &&
834 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi, 836 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
835 tmpl->id.proto, family)) != NULL) { 837 tmpl->id.proto, family)) != NULL) {
836 xfrm_state_put(x0); 838 to_put = x0;
837 error = -EEXIST; 839 error = -EEXIST;
838 goto out; 840 goto out;
839 } 841 }
@@ -849,7 +851,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
849 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid); 851 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
850 if (error) { 852 if (error) {
851 x->km.state = XFRM_STATE_DEAD; 853 x->km.state = XFRM_STATE_DEAD;
852 xfrm_state_put(x); 854 to_put = x;
853 x = NULL; 855 x = NULL;
854 goto out; 856 goto out;
855 } 857 }
@@ -870,7 +872,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
870 xfrm_hash_grow_check(x->bydst.next != NULL); 872 xfrm_hash_grow_check(x->bydst.next != NULL);
871 } else { 873 } else {
872 x->km.state = XFRM_STATE_DEAD; 874 x->km.state = XFRM_STATE_DEAD;
873 xfrm_state_put(x); 875 to_put = x;
874 x = NULL; 876 x = NULL;
875 error = -ESRCH; 877 error = -ESRCH;
876 } 878 }
@@ -881,6 +883,8 @@ out:
881 else 883 else
882 *err = acquire_in_progress ? -EAGAIN : error; 884 *err = acquire_in_progress ? -EAGAIN : error;
883 spin_unlock_bh(&xfrm_state_lock); 885 spin_unlock_bh(&xfrm_state_lock);
886 if (to_put)
887 xfrm_state_put(to_put);
884 return x; 888 return x;
885} 889}
886 890
@@ -1067,18 +1071,20 @@ static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1067 1071
1068int xfrm_state_add(struct xfrm_state *x) 1072int xfrm_state_add(struct xfrm_state *x)
1069{ 1073{
1070 struct xfrm_state *x1; 1074 struct xfrm_state *x1, *to_put;
1071 int family; 1075 int family;
1072 int err; 1076 int err;
1073 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1077 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1074 1078
1075 family = x->props.family; 1079 family = x->props.family;
1076 1080
1081 to_put = NULL;
1082
1077 spin_lock_bh(&xfrm_state_lock); 1083 spin_lock_bh(&xfrm_state_lock);
1078 1084
1079 x1 = __xfrm_state_locate(x, use_spi, family); 1085 x1 = __xfrm_state_locate(x, use_spi, family);
1080 if (x1) { 1086 if (x1) {
1081 xfrm_state_put(x1); 1087 to_put = x1;
1082 x1 = NULL; 1088 x1 = NULL;
1083 err = -EEXIST; 1089 err = -EEXIST;
1084 goto out; 1090 goto out;
@@ -1088,7 +1094,7 @@ int xfrm_state_add(struct xfrm_state *x)
1088 x1 = __xfrm_find_acq_byseq(x->km.seq); 1094 x1 = __xfrm_find_acq_byseq(x->km.seq);
1089 if (x1 && ((x1->id.proto != x->id.proto) || 1095 if (x1 && ((x1->id.proto != x->id.proto) ||
1090 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) { 1096 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1091 xfrm_state_put(x1); 1097 to_put = x1;
1092 x1 = NULL; 1098 x1 = NULL;
1093 } 1099 }
1094 } 1100 }
@@ -1110,6 +1116,9 @@ out:
1110 xfrm_state_put(x1); 1116 xfrm_state_put(x1);
1111 } 1117 }
1112 1118
1119 if (to_put)
1120 xfrm_state_put(to_put);
1121
1113 return err; 1122 return err;
1114} 1123}
1115EXPORT_SYMBOL(xfrm_state_add); 1124EXPORT_SYMBOL(xfrm_state_add);
@@ -1269,10 +1278,12 @@ EXPORT_SYMBOL(xfrm_state_migrate);
1269 1278
1270int xfrm_state_update(struct xfrm_state *x) 1279int xfrm_state_update(struct xfrm_state *x)
1271{ 1280{
1272 struct xfrm_state *x1; 1281 struct xfrm_state *x1, *to_put;
1273 int err; 1282 int err;
1274 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1283 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1275 1284
1285 to_put = NULL;
1286
1276 spin_lock_bh(&xfrm_state_lock); 1287 spin_lock_bh(&xfrm_state_lock);
1277 x1 = __xfrm_state_locate(x, use_spi, x->props.family); 1288 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1278 1289
@@ -1281,7 +1292,7 @@ int xfrm_state_update(struct xfrm_state *x)
1281 goto out; 1292 goto out;
1282 1293
1283 if (xfrm_state_kern(x1)) { 1294 if (xfrm_state_kern(x1)) {
1284 xfrm_state_put(x1); 1295 to_put = x1;
1285 err = -EEXIST; 1296 err = -EEXIST;
1286 goto out; 1297 goto out;
1287 } 1298 }
@@ -1295,6 +1306,9 @@ int xfrm_state_update(struct xfrm_state *x)
1295out: 1306out:
1296 spin_unlock_bh(&xfrm_state_lock); 1307 spin_unlock_bh(&xfrm_state_lock);
1297 1308
1309 if (to_put)
1310 xfrm_state_put(to_put);
1311
1298 if (err) 1312 if (err)
1299 return err; 1313 return err;
1300 1314
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b976d9ed10e4..04c41504f84c 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -277,9 +277,8 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *
277 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 277 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr));
278 x->props.flags = p->flags; 278 x->props.flags = p->flags;
279 279
280 if (!x->sel.family) 280 if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC))
281 x->sel.family = p->family; 281 x->sel.family = p->family;
282
283} 282}
284 283
285/* 284/*
generated by cgit v1.2.2 (git 2.25.0) at 2025-06-12 02:12:27 -0400