aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* [NetLabel]: add some missing #includes to various header filesPaul Moore2006-09-22
| | | | | | | Add some missing include files to the NetLabel related header files. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NetLabel]: uninline selinux_netlbl_inode_permission()Paul Moore2006-09-22
| | | | | | | | Uninline the selinux_netlbl_inode_permission() at the request of Andrew Morton. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NetLabel]: Cleanup ebitmap_import()Paul Moore2006-09-22
| | | | | | | Rewrite ebitmap_import() so it is a bit cleaner and easier to read. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NetLabel]: Comment corrections.Paul Moore2006-09-22
| | | | | | | Fix some incorrect comments. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NetLabel]: remove unused function prototypesPaul Moore2006-09-22
| | | | | | | Removed some older function prototypes for functions that no longer exist. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NetLabel]: Correctly initialize the NetLabel fields.Paul Moore2006-09-22
| | | | | | | | Fix a problem where the NetLabel specific fields of the sk_security_struct structure were not being initialized early enough in some cases. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Tidyup CCID3 list handlingIan McDonald2006-09-22
| | | | | | | | | | | | As Arnaldo Carvalho de Melo points out I should be using list_entry in case the structure changes in future. Current code functions but is reliant on position and requires type cast. Noticed when doing this that I have one more variable than I needed so removing that also. Signed off by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] bridge: debug message fixesStephen Hemminger2006-09-22
| | | | | | | | | | If CONFIG_NETFILTER_DEBUG is enabled, it shouldn't change the actions of the filtering. The message about skb->dst being NULL is commonly triggered by dhclient, so it is useless. Make sure all messages end in newline. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] bridge: simplify nf_bridge_padStephen Hemminger2006-09-22
| | | | | | | | | Do some simple optimization on the nf_bridge_pad() function and don't use magic constants. Eliminate a double call and the #ifdef'd code for CONFIG_BRIDGE_NETFILTER. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] bridge: code rearrangement for clarityStephen Hemminger2006-09-22
| | | | | | | | | | | Cleanup and rearrangement for better style and clarity: Split the function nf_bridge_maybe_copy_header into two pieces Move copy portion out of line. Use Ethernet header size macros. Use header file to handle CONFIG_NETFILTER_BRIDGE differences Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Make struct sockaddr_in::sin_port __be16Alexey Dobriyan2006-09-22
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Make struct in_addr::s_addr __be32Alexey Dobriyan2006-09-22
| | | | | | | | | There will be relatively small increase in sparse endian warnings, but this (and sin_port) patch is a first step to make networking code endian clean. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: xt_CONNMARK.c build fixBenoit Boissinot2006-09-22
| | | | | | | | | | | | | | | | | | | | | | | net/netfilter/xt_CONNMARK.c: In function 'target': net/netfilter/xt_CONNMARK.c:59: warning: implicit declaration of function 'nf_conntrack_event_cache' The warning is due to the following .config: CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_CONNTRACK_MARK=y # CONFIG_IP_NF_CONNTRACK_EVENTS is not set CONFIG_IP_NF_CONNTRACK_NETLINK=m This change was introduced by: http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=commit;h=76e4b41009b8a2e9dd246135cf43c7fe39553aa5 Proposed solution (based on the define in include/net/netfilter/nf_conntrack_compat.h: Signed-off-by: Benoit Boissinot <benoit.boissinot@ens-lyon.org> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] ROUTE: Fix dst reference counting in ip6_pol_route_lookup().YOSHIFUJI Hideaki2006-09-22
| | | | | | | | | | In ip6_pol_route_lookup(), when we finish backtracking at the top-level root entry, we need to hold it. Bug noticed by Mitsuru Chinen <CHINEN@jp.ibm.com>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Make use of NLA_STRING/NLA_NUL_STRING attribute validationThomas Graf2006-09-22
| | | | | | | | Converts existing NLA_STRING attributes to use the new validation features, saving a couple of temporary buffers. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Improve string attribute validationThomas Graf2006-09-22
| | | | | | | | | | | | | | | | Introduces a new attribute type NLA_NUL_STRING to support NUL terminated strings. Attributes of this kind require to carry a terminating NUL within the maximum specified in the policy. The `old' NLA_STRING which is not required to be NUL terminated is extended to provide means to specify a maximum length of the string. Aims at easing the pain with using nla_strlcpy() on temporary buffers. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* [UDP]: saddr_cmp function should take const socket pointersDavid S. Miller2006-09-22
| | | | | | | | | This also kills a warning while building ipv6: net/ipv6/udp.c: In function ‘udp_v6_get_port’: net/ipv6/udp.c:66: warning: passing argument 3 of ‘udp_get_port’ from incompatible pointer type Signed-off-by: David S. Miller <davem@davemloft.net>
* [UDP]: Mark udp_port_rover static.David S. Miller2006-09-22
| | | | | | It is not referenced outside of net/ipv4/udp.c any longer. Signed-off-by: David S. Miller <davem@davemloft.net>
* [UDP]: Unify UDPv4 and UDPv6 ->get_port()Gerrit Renker2006-09-22
| | | | | | | | | | | | | | | | | This patch creates one common function which is called by udp_v4_get_port() and udp_v6_get_port(). As a result, * duplicated code is removed * udp_port_rover and local port lookup can now be removed from udp.h * further savings follow since the same function will be used by UDP-Litev4 and UDP-Litev6 In contrast to the patch sent in response to Yoshifujis comments (fixed by this variant), the code below also removes the EXPORT_SYMBOL(udp_port_rover), since udp_port_rover can now remain local to net/ipv4/udp.c. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix nf_conntrack_ftp.c build.David S. Miller2006-09-22
| | | | | | Noticed by Adrian Bunk. Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Use SLAB_PANICAlexey Dobriyan2006-09-22
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: remove third bogus argument from NLA_PUT_FLAGJohannes Berg2006-09-22
| | | | | | | | | This patch removes the 'value' argument from NLA_PUT_FLAG which is unused anyway. The documentation comment was already correct so it doesn't need an update :) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Introduce tx bufferingIan McDonald2006-09-22
| | | | | | | | | This adds transmit buffering to DCCP. I have tested with CCID2/3 and with loss and rate limiting. Signed off by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Shift sysctls into feat.hIan McDonald2006-09-22
| | | | | | | | This shifts further sysctls into feat.h. No change in functionality - shifting code only. Signed off by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Use BUILD_BUG_ON() for checking size of skb->cb.YOSHIFUJI Hideaki2006-09-22
| | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Fix routing by fwmarkPatrick McHardy2006-09-22
| | | | | | | | | Fix mark comparison, also dump the mask to userspace when the mask is zero, but the mark is not (in which case the mark is dumped, so the mask is needed to make sense of it). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ONAlexey Dobriyan2006-09-22
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET_SCHED]: Add mask support to fwmark classifierPatrick McHardy2006-09-22
| | | | | | | | | Support masking the nfmark value before the search. The mask value is global for all filters contained in one instance. It can only be set when a new instance is created, all filters must specify the same mask. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DECNET]: Add support for fwmark masks in routing rulesPatrick McHardy2006-09-22
| | | | | | | | | Add support for fwmark masks. For compatibility a mask of 0xFFFFFFFF is used when a mark value != 0 is sent without a mask. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Steven Whitehouse <steve@chygwyn.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Add support for fwmark masks in routing rulesPatrick McHardy2006-09-22
| | | | | | | | Add a FRA_FWMASK attributes for fwmark masks. For compatibility a mask of 0xFFFFFFFF is used when a mark value != 0 is sent without a mask. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Fix build with fwmark disabled.David S. Miller2006-09-22
| | | | | | Based upon a patch by Brian Haley. Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] ROUTE: Add support for fwmask in routing rules.YOSHIFUJI Hideaki2006-09-22
| | | | | | | | | | Add support for fwmark masks. A mask of 0xFFFFFFFF is used when a mark value != 0 is sent without a mask. Based on patch for net/ipv4/fib_rules.c by Patrick McHardy <kaber@trash.net>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] ROUTE: Fix size of fib6_rule_policy.YOSHIFUJI Hideaki2006-09-22
| | | | | | | It should not be RTA_MAX+1 but FRA_MAX+1. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] ROUTE: Fix FWMARK support.YOSHIFUJI Hideaki2006-09-22
| | | | | | | | - Add missing nla_policy entry. - type of fwmark is u32, not u8. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Respect priority in policy lookups.David S. Miller2006-09-22
| | | | | | | | | | Even if we find an exact match in the hash table, we must inspect the inexact list to look for a match with a better priority. Noticed by Masahide NAKAMURA <nakam@linux-ipv6.org>. Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] tcp_bic: use BUILD_BUG_ONAlexey Dobriyan2006-09-22
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP] tcp_lp: use BUILD_BUG_ONAlexey Dobriyan2006-09-22
| | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] in6_pton: Kill errant printf statement.David S. Miller2006-09-22
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] NF_CONNTRACK_FTP: Use in6_pton() to convert address string.YOSHIFUJI Hideaki2006-09-22
| | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [NET]: Add common helper functions to convert IPv6/IPv4 address string to ↵YOSHIFUJI Hideaki2006-09-22
| | | | | | | | network address structure. These helpers can be used in netfilter, cifs etc. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPV6] ROUTE: Routing by FWMARK.YOSHIFUJI Hideaki2006-09-22
| | | | | | Based on patch by Jean Lorchat <lorchat@sfc.wide.ad.jp>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPV6] ROUTE: Routing by Traffic Class.YOSHIFUJI Hideaki2006-09-22
| | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPV6] MIP6: Several obvious clean-ups.YOSHIFUJI Hideaki2006-09-22
| | | | | | | | | - Remove redundant code. Pointed out by Brian Haley <brian.haley@hp.com>. - Unify code paths with/without CONFIG_IPV6_MIP. - Use NIP6_FMT for IPv6 address textual presentation. - Fold long line. Pointed out by David Miller <davem@davemloft.net>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* [IPSEC] esp: Defer output IV initialization to first use.David S. Miller2006-09-22
| | | | | | | | | | | | | | First of all, if the xfrm_state only gets used for input packets this entropy is a complete waste. Secondly, it is often the case that a configuration loads many rules (perhaps even dynamically) and they don't all necessarily ever get used. This get_random_bytes() call was showing up in the profiles for xfrm_state inserts which is how I noticed this. Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Extract common hashing code into xfrm_hash.[ch]David S. Miller2006-09-22
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Hash policies when non-prefixed.David S. Miller2006-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This idea is from Alexey Kuznetsov. It is common for policies to be non-prefixed. And for that case we can optimize lookups, insert, etc. quite a bit. For each direction, we have a dynamically sized policy hash table for non-prefixed policies. We also have a hash table on policy->index. For prefixed policies, we have a list per-direction which we will consult on lookups when a non-prefix hashtable lookup fails. This still isn't as efficient as I would like it. There are four immediate problems: 1) Lots of excessive refcounting, which can be fixed just like xfrm_state was 2) We do 2 hash probes on insert, one to look for dups and one to allocate a unique policy->index. Althought I wonder how much this matters since xfrm_state inserts do up to 3 hash probes and that seems to perform fine. 3) xfrm_policy_insert() is very complex because of the priority ordering and entry replacement logic. 4) Lots of counter bumping, in addition to policy refcounts, in the form of xfrm_policy_count[]. This is merely used to let code path(s) know that some IPSEC rules exist. So this count is indexed per-direction, maybe that is overkill. Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Hash xfrm_state objects by source address too.David S. Miller2006-09-22
| | | | | | | The source address is always non-prefixed so we should use it to help give entropy to the bydst hash. Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Kill excessive refcounting of xfrm_state objects.David S. Miller2006-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | The refcounting done for timers and hash table insertions are just wasted cycles. We can eliminate all of this refcounting because: 1) The implicit refcount when the xfrm_state object is active will always be held while the object is in the hash tables. We never kfree() the xfrm_state until long after we've made sure that it has been unhashed. 2) Timers are even easier. Once we mark that x->km.state as anything other than XFRM_STATE_VALID (__xfrm_state_delete sets it to XFRM_STATE_DEAD), any timer that fires will do nothing and return without rearming the timer. Therefore we can defer the del_timer calls until when the object is about to be freed up during GC. We have to use del_timer_sync() and defer it to GC because we can't do a del_timer_sync() while holding x->lock which all callers of __xfrm_state_delete hold. This makes SA changes even more light-weight. Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Purge dst references to deleted SAs passively.David S. Miller2006-09-22
| | | | | | | | Just let GC and other normal mechanisms take care of getting rid of DST cache references to deleted xfrm_state objects instead of walking all the policy bundles. Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Do not flush all bundles on SA insert.David S. Miller2006-09-22
| | | | | | | | | | | Instead, simply set all potentially aliasing existing xfrm_state objects to have the current generation counter value. This will make routes get relooked up the next time an existing route mentioning these aliased xfrm_state objects gets used, via xfrm_dst_check(). Signed-off-by: David S. Miller <davem@davemloft.net>