aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
Commit message (Collapse)AuthorAge
* net-sched: change tcf_destroy_chain() to clear start of filter listPatrick McHardy2008-07-01
| | | | | | | | Pass double tcf_proto pointers to tcf_destroy_chain() to make it clear the start of the filter list for more consistency. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: don't accept WEP keys other than WEP40 and WEP104Emmanuel Grumbach2008-06-30
| | | | | | | | | This patch makes mac80211 refuse a WEP key whose length is not WEP40 nor WEP104. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* netns: Don't receive new packets in a dead network namespace.Eric W. Biederman2008-06-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Alexey Dobriyan <adobriyan@gmail.com> writes: > Subject: ICMP sockets destruction vs ICMP packets oops > After icmp_sk_exit() nuked ICMP sockets, we get an interrupt. > icmp_reply() wants ICMP socket. > > Steps to reproduce: > > launch shell in new netns > move real NIC to netns > setup routing > ping -i 0 > exit from shell > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 > IP: [<ffffffff803fce17>] icmp_sk+0x17/0x30 > PGD 17f3cd067 PUD 17f3ce067 PMD 0 > Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC > CPU 0 > Modules linked in: usblp usbcore > Pid: 0, comm: swapper Not tainted 2.6.26-rc6-netns-ct #4 > RIP: 0010:[<ffffffff803fce17>] [<ffffffff803fce17>] icmp_sk+0x17/0x30 > RSP: 0018:ffffffff8057fc30 EFLAGS: 00010286 > RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81017c7db900 > RDX: 0000000000000034 RSI: ffff81017c7db900 RDI: ffff81017dc41800 > RBP: ffffffff8057fc40 R08: 0000000000000001 R09: 000000000000a815 > R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8057fd28 > R13: ffffffff8057fd00 R14: ffff81017c7db938 R15: ffff81017dc41800 > FS: 0000000000000000(0000) GS:ffffffff80525000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b > CR2: 0000000000000000 CR3: 000000017fcda000 CR4: 00000000000006e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Process swapper (pid: 0, threadinfo ffffffff8053a000, task ffffffff804fa4a0) > Stack: 0000000000000000 ffff81017c7db900 ffffffff8057fcf0 ffffffff803fcfe4 > ffffffff804faa38 0000000000000246 0000000000005a40 0000000000000246 > 000000000001ffff ffff81017dd68dc0 0000000000005a40 0000000055342436 > Call Trace: > <IRQ> [<ffffffff803fcfe4>] icmp_reply+0x44/0x1e0 > [<ffffffff803d3a0a>] ? ip_route_input+0x23a/0x1360 > [<ffffffff803fd645>] icmp_echo+0x65/0x70 > [<ffffffff803fd300>] icmp_rcv+0x180/0x1b0 > [<ffffffff803d6d84>] ip_local_deliver+0xf4/0x1f0 > [<ffffffff803d71bb>] ip_rcv+0x33b/0x650 > [<ffffffff803bb16a>] netif_receive_skb+0x27a/0x340 > [<ffffffff803be57d>] process_backlog+0x9d/0x100 > [<ffffffff803bdd4d>] net_rx_action+0x18d/0x250 > [<ffffffff80237be5>] __do_softirq+0x75/0x100 > [<ffffffff8020c97c>] call_softirq+0x1c/0x30 > [<ffffffff8020f085>] do_softirq+0x65/0xa0 > [<ffffffff80237af7>] irq_exit+0x97/0xa0 > [<ffffffff8020f198>] do_IRQ+0xa8/0x130 > [<ffffffff80212ee0>] ? mwait_idle+0x0/0x60 > [<ffffffff8020bc46>] ret_from_intr+0x0/0xf > <EOI> [<ffffffff80212f2c>] ? mwait_idle+0x4c/0x60 > [<ffffffff80212f23>] ? mwait_idle+0x43/0x60 > [<ffffffff8020a217>] ? cpu_idle+0x57/0xa0 > [<ffffffff8040f380>] ? rest_init+0x70/0x80 > Code: 10 5b 41 5c 41 5d 41 5e c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 53 > 48 83 ec 08 48 8b 9f 78 01 00 00 e8 2b c7 f1 ff 89 c0 <48> 8b 04 c3 48 83 c4 08 > 5b c9 c3 66 66 66 66 66 2e 0f 1f 84 00 > RIP [<ffffffff803fce17>] icmp_sk+0x17/0x30 > RSP <ffffffff8057fc30> > CR2: 0000000000000000 > ---[ end trace ea161157b76b33e8 ]--- > Kernel panic - not syncing: Aiee, killing interrupt handler! Receiving packets while we are cleaning up a network namespace is a racy proposition. It is possible when the packet arrives that we have removed some but not all of the state we need to fully process it. We have the choice of either playing wack-a-mole with the cleanup routines or simply dropping packets when we don't have a network namespace to handle them. Since the check looks inexpensive in netif_receive_skb let's just drop the incoming packets. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: Drop packets for loopback address from outside of the box.YOSHIFUJI Hideaki2008-06-19
| | | | | | | | | [ Based upon original report and patch by Karsten Keil. Karsten has verified that this fixes the TAHI test case "ICMPv6 test v6LC.5.1.2 Part F". -DaveM ] Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: nf_nat: fix RCU racesPatrick McHardy2008-06-17
| | | | | | | | | | | | | | | | | | | | Fix three ct_extend/NAT extension related races: - When cleaning up the extension area and removing it from the bysource hash, the nat->ct pointer must not be set to NULL since it may still be used in a RCU read side - When replacing a NAT extension area in the bysource hash, the nat->ct pointer must be assigned before performing the replacement - When reallocating extension storage in ct_extend, the old memory must not be freed immediately since it may still be used by a RCU read side Possibly fixes https://bugzilla.redhat.com/show_bug.cgi?id=449315 and/or http://bugzilla.kernel.org/show_bug.cgi?id=10875 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: Revert 'process defer accept as established' changes.David S. Miller2008-06-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts two changesets, ec3c0982a2dd1e671bad8e9d26c28dcba0039d87 ("[TCP]: TCP_DEFER_ACCEPT updates - process as established") and the follow-on bug fix 9ae27e0adbf471c7a6b80102e38e1d5a346b3b38 ("tcp: Fix slab corruption with ipv6 and tcp6fuzz"). This change causes several problems, first reported by Ingo Molnar as a distcc-over-loopback regression where connections were getting stuck. Ilpo Järvinen first spotted the locking problems. The new function added by this code, tcp_defer_accept_check(), only has the child socket locked, yet it is modifying state of the parent listening socket. Fixing that is non-trivial at best, because we can't simply just grab the parent listening socket lock at this point, because it would create an ABBA deadlock. The normal ordering is parent listening socket --> child socket, but this code path would require the reverse lock ordering. Next is a problem noticed by Vitaliy Gusev, he noted: ---------------------------------------- >--- a/net/ipv4/tcp_timer.c >+++ b/net/ipv4/tcp_timer.c >@@ -481,6 +481,11 @@ static void tcp_keepalive_timer (unsigned long data) > goto death; > } > >+ if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) { >+ tcp_send_active_reset(sk, GFP_ATOMIC); >+ goto death; Here socket sk is not attached to listening socket's request queue. tcp_done() will not call inet_csk_destroy_sock() (and tcp_v4_destroy_sock() which should release this sk) as socket is not DEAD. Therefore socket sk will be lost for freeing. ---------------------------------------- Finally, Alexey Kuznetsov argues that there might not even be any real value or advantage to these new semantics even if we fix all of the bugs: ---------------------------------------- Hiding from accept() sockets with only out-of-order data only is the only thing which is impossible with old approach. Is this really so valuable? My opinion: no, this is nothing but a new loophole to consume memory without control. ---------------------------------------- So revert this thing for now. Signed-off-by: David S. Miller <davem@davemloft.net>
* inet{6}_request_sock: Init ->opt and ->pktopts in the constructorArnaldo Carvalho de Melo2008-06-10
| | | | | | | | | | Wei Yongjun noticed that we may call reqsk_free on request sock objects where the opt fields may not be initialized, fix it by introducing inet_reqsk_alloc where we initialize ->opt to NULL and set ->pktopts to NULL in inet6_reqsk_alloc. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: Remove unused declaration from include/net/tcp.h.Rami Rosen2008-06-10
| | | | | | | | | | | | - The tcp_unhash() method in /include/net/tcp.h is no more needed, as the unhash method in tcp_prot structure is now inet_unhash (instead of tcp_unhash in the past); see tcp_prot structure in net/ipv4/tcp_ipv4.c. - So, this patch removes tcp_unhash() declaration from include/net/tcp.h Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Fix ECN markings for IPv6Vlad Yasevich2008-06-04
| | | | | | | | | | | Commit e9df2e8fd8fbc95c57dbd1d33dada66c4627b44c ("[IPV6]: Use appropriate sock tclass setting for routing lookup.") also changed the way that ECN capable transports mark this capability in IPv6. As a result, SCTP was not marking ECN capablity because the traffic class was never set. This patch brings back the markings for IPv6 traffic. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Start T3-RTX timer when fast retransmitting lowest TSNVlad Yasevich2008-06-04
| | | | | | | | | | When we are trying to fast retransmit the lowest outstanding TSN, we need to restart the T3-RTX timer, so that subsequent timeouts will correctly tag all the packets necessary for retransmissions. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Tested-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Correctly implement Fast Recovery cwnd manipulations.Vlad Yasevich2008-06-04
| | | | | | | | | Correctly keep track of Fast Recovery state and do not reduce congestion window multiple times during sucht state. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Tested-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'net-2.6-misc-20080605a' of ↵David S. Miller2008-06-04
|\ | | | | | | git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-fix
| * [IPV6]: inet_sk(sk)->cork.opt leakDenis V. Lunev2008-06-04
| | | | | | | | | | | | | | | | | | IPv6 UDP sockets wth IPv4 mapped address use udp_sendmsg to send the data actually. In this case ip_flush_pending_frames should be called instead of ip6_flush_pending_frames. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| * [IPV6] NETNS: Handle ancillary data in appropriate namespace.YOSHIFUJI Hideaki2008-06-04
| | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| * [IPV6] ADDRCONF: Allow longer lifetime on 64bit archs.YOSHIFUJI Hideaki2008-06-04
| | | | | | | | | | | | | | | | | | | | - Allow longer lifetimes (>= 0x7fffffff/HZ) on 64bit archs by using unsigned long. - Shadow this arithmetic overflow workaround by introducing helper functions: addrconf_timeout_fixup() and addrconf_finite_timeout(). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| * [SCTP]: Fix NULL dereference of asoc.YOSHIFUJI Hideaki2008-06-04
| | | | | | | | | | | | | | | | | | Commit 7cbca67c073263c179f605bdbbdc565ab29d801d ("[IPV6]: Support Source Address Selection API (RFC5014)") introduced NULL dereference of asoc to sctp_v6_get_saddr in net/sctp/ipv6.c. Pointed out by Johann Felix Soden <johfel@users.sourceforge.net>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | netlink: Improve returned error codesThomas Graf2008-06-03
|/ | | | | | | | | | | Make nlmsg_trim(), nlmsg_cancel(), genlmsg_cancel(), and nla_nest_cancel() void functions. Return -EMSGSIZE instead of -1 if the provided message buffer is not big enough. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* netlink: Fix nla_parse_nested_compat() to call nla_parse() directlyThomas Graf2008-05-22
| | | | | | | | | | | | | | | | | The purpose of nla_parse_nested_compat() is to parse attributes which contain a struct followed by a stream of nested attributes. So far, it called nla_parse_nested() to parse the stream of nested attributes which was wrong, as nla_parse_nested() expects a container attribute as data which holds the attribute stream. It needs to call nla_parse() directly while pointing at the next possible alignment point after the struct in the beginning of the attribute. With this patch, I can no longer reproduce the reported leftover warnings. Signed-off-by: Thomas Graf <tgraf@suug.ch> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2008-05-19
|\ | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6
| * mac80211: Add RTNL version of ieee80211_iterate_active_interfacesIvo van Doorn2008-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit e38bad4766a110b61fa6038f10be16ced8c6cc38 mac80211: make ieee80211_iterate_active_interfaces not need rtnl rt2500usb and rt73usb broke down due to attempting register access in atomic context (which is not possible for USB hardware). This patch restores ieee80211_iterate_active_interfaces() to use RTNL lock, and provides the non-RTNL version under a new name: ieee80211_iterate_active_interfaces_atomic() So far only rt2x00 uses ieee80211_iterate_active_interfaces(), and those drivers require the RTNL version of ieee80211_iterate_active_interfaces(). Since they already call that function directly, this patch will automatically fix the USB rt2x00 drivers. v2: Rename ieee80211_iterate_active_interfaces_rtnl Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | ndisc: Add missing strategies for per-device retrans timer/reachable time ↵YOSHIFUJI Hideaki2008-05-19
|/ | | | | | | | | | settings. Noticed from Al Viro <viro@ftp.linux.org.uk> via David Miller <davem@davemloft.net>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* 9p: fix error path during early mountEric Van Hensbergen2008-05-14
| | | | | | | | | | | | | There was some cleanup issues during early mount which would trigger a kernel bug for certain types of failure. This patch reorganizes the cleanup to get rid of the bad behavior. This also merges the 9pnet and 9pnet_fd modules for the purpose of configuration and initialization. Keeping the fd transport separate from the core 9pnet code seemed like a good idea at the time, but in practice has caused more harm and confusion than good. Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
* 9p: Documentation updatesEric Van Hensbergen2008-05-14
| | | | | | | | The kernel-doc comments of much of the 9p system have been in disarray since reorganization. This patch fixes those problems, adds additional documentation and a template book which collects the 9p information. Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
* irda: Fix a misalign access issue. (v2)Graf Yang2008-05-14
| | | | | | | | Replace u16ho with put/get_unaligned functions Signed-off-by: Graf Yang <graf.yang@analog.com> Signed-off-by: Bryan Wu <cooloney@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* syncppp: Fix crashes.David S. Miller2008-05-12
| | | | | | | | | | | | | | The syncppp layer wants a mid-level netdev private pointer. It was using netdev->priv but that only worked by accident, and thus this scheme was broken when the device private allocation strategy changed. Add a proper mid-layer private pointer for uses like this, update syncppp and all users, and remove the HDLC_PPP broken tag from drivers/net/wan/Kconfig Signed-off-by: David S. Miller <davem@davemloft.net>
* ip: Make use of the inline function dst_metric_locked()Satoru SATOH2008-05-05
| | | | | Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* xfrm: convert empty xfrm_audit_* macros to functionsMarcin Slusarz2008-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it removes these warnings when CONFIG_AUDITSYSCALL is unset: net/xfrm/xfrm_user.c: In function 'xfrm_add_sa': net/xfrm/xfrm_user.c:412: warning: unused variable 'sid' net/xfrm/xfrm_user.c:411: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:410: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_del_sa': net/xfrm/xfrm_user.c:485: warning: unused variable 'sid' net/xfrm/xfrm_user.c:484: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:483: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_add_policy': net/xfrm/xfrm_user.c:1132: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1131: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1130: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_get_policy': net/xfrm/xfrm_user.c:1382: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1381: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1380: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_add_pol_expire': net/xfrm/xfrm_user.c:1620: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1619: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1618: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_add_sa_expire': net/xfrm/xfrm_user.c:1658: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1657: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1656: warning: unused variable 'loginuid' Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2008-04-30
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (53 commits) tcp: Overflow bug in Vegas [IPv4] UFO: prevent generation of chained skb destined to UFO device iwlwifi: move the selects to the tristate drivers ipv4: annotate a few functions __init in ipconfig.c atm: ambassador: vcc_sf semaphore to mutex MAINTAINERS: The socketcan-core list is subscribers-only. netfilter: nf_conntrack: padding breaks conntrack hash on ARM ipv4: Update MTU to all related cache entries in ip_rt_frag_needed() sch_sfq: use del_timer_sync() in sfq_destroy() net: Add compat support for getsockopt (MCAST_MSFILTER) net: Several cleanups for the setsockopt compat support. ipvs: fix oops in backup for fwmark conn templates bridge: kernel panic when unloading bridge module bridge: fix error handling in br_add_if() netfilter: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets netfilter: x_tables: fix net namespace leak when reading /proc/net/xxx_tables_names netfilter: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retval tcp: Limit cwnd growth when deferring for GSO tcp: Allow send-limited cwnd to grow up to max_burst when gso disabled [netdrvr] gianfar: Determine TBIPA value dynamically ...
| * netfilter: nf_conntrack: padding breaks conntrack hash on ARMPhilip Craig2008-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()" results in ARM platforms hashing uninitialised padding. This padding doesn't exist on other architectures. Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure everything is initialised. There were only 4 bytes that NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM). Signed-off-by: Philip Craig <philipc@snapgear.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ipv4: Update MTU to all related cache entries in ip_rt_frag_needed()Timo Teras2008-04-29
| | | | | | | | | | | | | | | | | | Add struct net_device parameter to ip_rt_frag_needed() and update MTU to cache entries where ifindex is specified. This is similar to what is already done in ip_rt_redirect(). Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
| * net: Add compat support for getsockopt (MCAST_MSFILTER)David L Stevens2008-04-29
| | | | | | | | | | | | | | | | | | | | This patch adds support for getsockopt for MCAST_MSFILTER for both IPv4 and IPv6. It depends on the previous setsockopt patch, and uses the same method. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ipvs: fix oops in backup for fwmark conn templatesJulian Anastasov2008-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bug http://bugzilla.kernel.org/show_bug.cgi?id=10556 where conn templates with protocol=IPPROTO_IP can oops backup box. Result from ip_vs_proto_get() should be checked because protocol value can be invalid or unsupported in backup. But for valid message we should not fail for templates which use IPPROTO_IP. Also, add checks to validate message limits and connection state. Show state NONE for templates using IPPROTO_IP. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'audit.b50' of ↵Linus Torvalds2008-04-29
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current * 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] new predicate - AUDIT_FILETYPE [patch 2/2] Use find_task_by_vpid in audit code [patch 1/2] audit: let userspace fully control TTY input auditing [PATCH 2/2] audit: fix sparse shadowed variable warnings [PATCH 1/2] audit: move extern declarations to audit.h Audit: MAINTAINERS update Audit: increase the maximum length of the key field Audit: standardize string audit interfaces Audit: stop deadlock from signals under load Audit: save audit_backlog_limit audit messages in case auditd comes back Audit: collect sessionid in netlink messages Audit: end printk with newline
| * | Audit: collect sessionid in netlink messagesEric Paris2008-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously I added sessionid output to all audit messages where it was available but we still didn't know the sessionid of the sender of netlink messages. This patch adds that information to netlink messages so we can audit who sent netlink messages. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2008-04-28
|\ \ \ | |/ / |/| / | |/ | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: iwlwifi: Allow building iwl3945 without iwl4965. wireless: Fix compile error with wifi & leds tcp: Fix slab corruption with ipv6 and tcp6fuzz ipv4/ipv6 compat: Fix SSM applications on 64bit kernels. [IPSEC]: Use digest_null directly for auth sunrpc: fix missing kernel-doc can: Fix copy_from_user() results interpretation Revert "ipv6: Fix typo in net/ipv6/Kconfig" tipc: endianness annotations ipv6: result of csum_fold() is already 16bit, no need to cast [XFRM] AUDIT: Fix flowlabel text format ambibuity.
| * ipv4/ipv6 compat: Fix SSM applications on 64bit kernels.David L Stevens2008-04-27
| | | | | | | | | | | | | | | | Add support on 64-bit kernels for seting 32-bit compatible MCAST* socket options. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | IPv6 support for NFS server export cachesAurélien Charbon2008-04-23
|/ | | | | | | | | | | | | | | This adds IPv6 support to the interfaces that are used to express nfsd exports. All addressed are stored internally as IPv6; backwards compatibility is maintained using mapped addresses. Thanks to Bruce Fields, Brian Haley, Neil Brown and Hideaki Joshifuji for comments Signed-off-by: Aurelien Charbon <aurelien.charbon@bull.net> Cc: Neil Brown <neilb@suse.de> Cc: Brian Haley <brian.haley@hp.com> Cc: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
* [IPSEC]: Fix catch-22 with algorithm IDs above 31Herbert Xu2008-04-22
| | | | | | | | | | | | | | | | | | | | | | | As it stands it's impossible to use any authentication algorithms with an ID above 31 portably. It just happens to work on x86 but fails miserably on ppc64. The reason is that we're using a bit mask to check the algorithm ID but the mask is only 32 bits wide. After looking at how this is used in the field, I have concluded that in the long term we should phase out state matching by IDs because this is made superfluous by the reqid feature. For current applications, the best solution IMHO is to allow all algorithms when the bit masks are all ~0. The following patch does exactly that. This bug was identified by IBM when testing on the ppc64 platform using the NULL authentication algorithm which has an ID of 251. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Uninline the __inet_inherit_port call.Pavel Emelyanov2008-04-18
| | | | | | | | | | | This deblats ~200 bytes when ipv6 and dccp are 'y'. Besides, this will ease compilation issues for patches I'm working on to make inet hash tables more scalable wrt net namespaces. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Drop the inet_inherit_port() call.Pavel Emelyanov2008-04-18
| | | | | | | | | | | | | | | As I can see from the code, two places (tcp_v6_syn_recv_sock and dccp_v6_request_recv_sock) that call this one already run with BHs disabled, so it's safe to call __inet_inherit_port there. Besides (in case I missed smth with code review) the calltrace tcp_v6_syn_recv_sock `- tcp_v4_syn_recv_sock `- __inet_inherit_port and the similar for DCCP are valid, but assumes BHs to be disabled. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: no BSS changes to driver from beacons processed during scanningReinette Chatre2008-04-16
| | | | | | | | | | | | | | | | | | There is no need to send BSS changes to driver from beacons processed during scanning. We are more interested in beacons from an AP with which we are associated - these will still be used to send updates to driver as the beacons are received without scanning. This change·removes the requirement that bss_info_changed needs to be atomic. The beacons received during scanning are processed from a tasklet, but if we do not call bss_info_changed for these beacons there is no need for it to be atomic. This function (bss_info_changed) is called either from workqueue or ioctl in all other instances. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* [TCP]: Increase the max_burst threshold from 3 to tp->reordering.John Heffner2008-04-16
| | | | | | | | | | | This change is necessary to allow cwnd to grow during persistent reordering. Cwnd moderation is applied when in the disorder state and an ack that fills the hole comes in. If the hole was greater than 3 packets, but less than tp->reordering, cwnd will shrink when it should not have. Signed-off-by: John Heffner <jheffner@napa.(none)> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Add netns refcnt debug to fib rules.Denis V. Lunev2008-04-16
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Add netns refcnt debug for kernel sockets.Denis V. Lunev2008-04-16
| | | | | | | | | Protocol control sockets and netlink kernel sockets should not prevent the namespace stop request. They are initialized and disposed in a special way by sk_change_net/sk_release_kernel. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Make netns refconting debug like a socket one.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | Make release_net/hold_net noop for performance-hungry people. This is a debug staff and should be used in the debug mode only. Add check for net != NULL in hold/release calls. This will be required later on. [ Added minor simplifications suggested by Brian Haley. -DaveM ] Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [RTNL]: Introduce the rtnl_kill_links helper.Pavel Emelyanov2008-04-16
| | | | | | | | | | This one is responsible for calling ->dellink on each net device found in net to help with vlan net_exit hook in the nearest future. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: The generic per-net pointers.Pavel Emelyanov2008-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the elastic array of void * pointer to the struct net. The access rules are simple: 1. register the ops with register_pernet_gen_device to get the id of your private pointer 2. call net_assign_generic() to put the private data on the struct net (most preferably this should be done in the ->init callback of the ops registered) 3. do not store any private reference on the net_generic array; 4. do not change this pointer while the net is alive; 5. use the net_generic() to get the pointer. When adding a new pointer, I copy the old array, replace it with a new one and schedule the old for kfree after an RCU grace period. Since the net_generic explores the net->gen array inside rcu read section and once set the net->gen->ptr[x] pointer never changes, this grants us a safe access to generic pointers. Quoting Paul: "... RCU is protecting -only- the net_generic structure that net_generic() is traversing, and the [pointer] returned by net_generic() is protected by a reference counter in the upper-level struct net." Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: The net-subsys IDs generator.Pavel Emelyanov2008-04-15
| | | | | | | | | | | | | | | | | | | | To make some per-net generic pointers, we need some way to address them, i.e. - IDs. This is simple IDA-based IDs generator for pernet subsystems. Addressing questions about potential checkpoint/restart problems: these IDs are "lite-offsets" within the net structure and are by no means supposed to be exported to the userspace. Since it will be used in the nearest future by devices only (tun, vlan, tunnels, bridge, etc), I make it resemble the functionality of register_pernet_device(). The new ids is stored in the *id pointer _before_ calling the init callback to make this id available in this callback. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IRDA]: Remove irlan_eth_send_gratuitous_arp()Adrian Bunk2008-04-15
| | | | | | | | | | | | | Even kernel 2.2.26 (sic) already contains the #undef CONFIG_IRLAN_SEND_GRATUITOUS_ARP with the comment "but for some reason the machine crashes if you use DHCP". Either someone finally looks into this or it's simply time to remove this dead code. Reported-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TIPC]: Overhaul of socket locking logicAllan Stephens2008-04-15
| | | | | | | | | | | | | | This patch modifies TIPC's socket code to follow the same approach used by other protocols. This change eliminates the need for a mutex in the TIPC-specific portion of the socket protocol data structure -- in its place, the standard Linux socket backlog queue and associated locking routines are utilized. These changes fix a long-standing receive queue bug on SMP systems, and also enable individual read and write threads to utilize a socket without unnecessarily interfering with each other. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>