aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
Commit message (Collapse)AuthorAge
* [AX.25]: Fix potencial memory hole.Ralf Baechle DL5RB2006-03-19
| | | | | | | | | | | | | | | | | | If the AX.25 dialect chosen by the sysadmin is set to DAMA master / 3 (or DAMA slave / 2, if CONFIG_AX25_DAMA_SLAVE=n) ax25_kick() will fall through the switch statement without calling ax25_send_iframe() or any other function that would eventually free skbn thus leaking the packet. Fix by restricting the sysctl inferface to allow only actually supported AX.25 dialects. The system administration mistake needed for this to happen is rather unlikely, so this is an uncritical hole. Coverity #651. Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix race condition in sk_wait_event().Alexey Kuznetsov2006-03-17
| | | | | | | | | | It is broken, the condition is checked out of socket lock. It is wonderful the bug survived for so long time. [ This fixes bugzilla #6233: race condition in tcp_sendmsg when connection became established ] Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Kill post_input hook and do NAT-T in esp_input directlyHerbert Xu2006-02-27
| | | | | | | | | | | | | | | | | | | | | | | The only reason post_input exists at all is that it gives us the potential to adjust the checksums incrementally in future which we ought to do. However, after thinking about it for a bit we can adjust the checksums without using this post_input stuff at all. The crucial point is that only the inner-most NAT-T SA needs to be considered when adjusting checksums. What's more, the checksum adjustment comes down to a single u32 due to the linearity of IP checksums. We just happen to have a spare u32 lying around in our skb structure :) When ip_summed is set to CHECKSUM_NONE on input, the value of skb->csum is currently unused. All we have to do is to make that the checksum adjustment and voila, there goes all the post_input and decap structures! I've left in the decap data structures for now since it's intricately woven into the sec_path stuff. We can kill them later too. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Eliminate refcounting confusion by creating __xfrm_state_put().Herbert Xu2006-02-23
| | | | | | | | | | | | | We often just do an atomic_dec(&x->refcnt) on an xfrm_state object because we know there is more than 1 reference remaining and thus we can elide the heavier xfrm_state_put() call. Do this behind an inline function called __xfrm_state_put() so that is more obvious and also to allow us to more cleanly add refcount debugging later. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Fix SNAT-related crash in xfrm4_output_finishPatrick McHardy2006-02-15
| | | | | | | | | | | | | | | When a packet matching an IPsec policy is SNATed so it doesn't match any policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish crash because of a NULL pointer dereference. This patch directs these packets to the original output path instead. Since the packets have already passed the POST_ROUTING hook, but need to start at the beginning of the original output path which includes another POST_ROUTING invocation, a flag is added to the IPCB to indicate that the packet was rerouted and doesn't need to pass the POST_ROUTING hook again. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6David S. Miller2006-02-13
|\
| * [Bluetooth] Reduce L2CAP MTU for RFCOMM connectionsMarcel Holtmann2006-02-13
| | | | | | | | | | | | | | | | | | This patch reduces the default L2CAP MTU for all RFCOMM connections from 1024 to 1013 to improve the interoperability with some broken RFCOMM implementations. To make this more flexible the L2CAP MTU becomes also a module parameter and so it can changed at runtime. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* | [IRDA]: Ratelimit messages.Joe Perches2006-02-13
|/ | | | | | | | | From: Joe Perches <joe@perches.com> Based upon a patch by Dave Jones. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IRDA]: Set proper IrLAP device address lengthSamuel Ortiz2006-02-09
| | | | | | | | This patch set IrDA's addr_len properly, i.e to 4 bytes, the size of the IrLAP device address. Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_conntrack: check address family when finding protocol moduleYasuyuki Kozakai2006-02-05
| | | | | | | | | | | | __nf_conntrack_{l3}proto_find() doesn't check the passed protocol family, then it's possible to touch out of the array which has only AF_MAX items. Spotted by Pablo Neira Ayuso. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Add CONFIG_NETDEBUG to suppress bad packet messages.Stephen Hemminger2006-02-02
| | | | | | | | | | If you are on a hostile network, or are running protocol tests, you can easily get the logged swamped by messages about bad UDP and ICMP packets. This turns those messages off unless a config option is enabled. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Acked-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Fix 'fast retransmit' to send a TSN only once.Vlad Yasevich2006-02-02
| | | | | | | | | | | | SCTP used to "fast retransmit" a TSN every time we hit the number of missing reports for the TSN. However the Implementers Guide specifies that we should only "fast retransmit" a given TSN once. Subsequent retransmits should be timeouts only. Also change the number of missing reports to 3 as per the latest IG(similar to TCP). Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Always set fl.proto in ip_route_newportsPatrick McHardy2006-01-31
| | | | | | | | | | | ip_route_newports uses the struct flowi from the struct rtable returned by ip_route_connect for the new route lookup and just replaces the port numbers if they have changed. If an IPsec policy exists which doesn't match port 0 the struct flowi won't have the proto field set and no xfrm lookup is done for the changed ports. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] ieee80211: Fix A band min and max channel definitionsZhu Yi2006-01-27
| | | | | | Signed-off-by: Hong Liu <hong.liu@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/sridhar/lksctp-2.6David S. Miller2006-01-19
|\
| * [SCTP]: Fix couple of races between sctp_peeloff() and sctp_rcv().Sridhar Samudrala2006-01-17
| | | | | | | | | | | | | | | | | | | | Validate and update the sk in sctp_rcv() to avoid the race where an assoc/ep could move to a different socket after we get the sk, but before the skb is added to the backlog. Also migrate the skb's in backlog queue to new sk when doing a peeloff. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
| * [SCTP]: Fix machine check/connection hang on IA64.Vlad Yasevich2006-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sctp_unpack_cookie used an on-stack array called digest as a result/out parameter in the call to crypto_hmac. However, hmac code (crypto_hmac_final) assumes that the 'out' argument is in virtual memory (identity mapped region) and can use virt_to_page call on it. This does not work with the on-stack declared digest. The problems observed so far have been: a) incorrect hmac digest b) machine check and hardware reset. Solution is to define the digest in an identity mapped region by kmalloc'ing it. We can do this once as part of the endpoint structure and re-use it when verifying the SCTP cookie. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
| * [SCTP]: Fix bad sysctl formatting of SCTP timeout values on 64-bit m/cs.Vlad Yasevich2006-01-17
| | | | | | | | | | | | | | | | | | Change all the structure members that hold jiffies to be of type unsigned long. This also corrects bad sysctl formating on 64 bit architectures. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
| * [SCTP]: Fix sctp_cookie alignment in the packet.Vlad Yasevich2006-01-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On 64 bit architectures, sctp_cookie sent as part of INIT-ACK is not aligned on a 64 bit boundry and thus causes unaligned access exceptions. The layout of the cookie prameter is this: |<----- Parameter Header --------------------|<--- Cookie DATA -------- ----------------------------------------------------------------------- | param type (16 bits) | param len (16 bits) | sig [32 bytes] | cookie.. ----------------------------------------------------------------------- The cookie data portion contains 64 bit values on 64 bit architechtures (timeval) that fall on a 32 bit alignment boundry when used as part of the on-wire format, but align correctly when used in internal structures. This patch explicitely pads the on-wire format so that it is properly aligned. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
* | [PATCH] hostap: don't #include C files in hostap_main.cAdrian Bunk2006-01-16
| | | | | | | | | | | | | | | | This patch contains an attempt to properly build hostap.o without #include'ing C files. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | [PATCH] iw_handler.h: SIOCSIWNAME -> SIOCSIWCOMMIT in commentPete Zaitcev2006-01-16
|/ | | | | | | The ioctl was renamed from SIOCSIWNAME to SIOCSIWCOMMIT. Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2006-01-13
|\
| * [NET]: Use NIP6_FMT in kernel.hJoe Perches2006-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are errors and inconsistency in the display of NIP6 strings. ie: net/ipv6/ip6_flowlabel.c There are errors and inconsistency in the display of NIPQUAD strings too. ie: net/netfilter/nf_conntrack_ftp.c This patch: adds NIP6_FMT to kernel.h changes all code to use NIP6_FMT fixes net/ipv6/ip6_flowlabel.c adds NIPQUAD_FMT to kernel.h fixes net/netfilter/nf_conntrack_ftp.c changes a few uses of "%u.%u.%u.%u" to NIPQUAD_FMT for symmetry to NIP6_FMT Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [PATCH] genetlink: don't touch module ref countPer Liden2006-01-13
| | | | | | | | | | | | | | | | | | | | | | Increasing the module ref count at registration will block the module from ever being unloaded. In fact, genetlink should not care about the owner at all. This patch removes the owner field from the struct registered with genetlink. Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tablesHarald Welte2006-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This monster-patch tries to do the best job for unifying the data structures and backend interfaces for the three evil clones ip_tables, ip6_tables and arp_tables. In an ideal world we would never have allowed this kind of copy+paste programming... but well, our world isn't (yet?) ideal. o introduce a new x_tables module o {ip,arp,ip6}_tables depend on this x_tables module o registration functions for tables, matches and targets are only wrappers around x_tables provided functions o all matches/targets that are used from ip_tables and ip6_tables are now implemented as xt_FOOBAR.c files and provide module aliases to ipt_FOOBAR and ip6t_FOOBAR o header files for xt_matches are in include/linux/netfilter/, include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers around the xt_FOOBAR.h headers Based on this patchset we're going to further unify the code, gradually getting rid of all the layer 3 specific assumptions. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [TIPC] More updates of file headersPer Liden2006-01-12
| | | | | | | | | | | | | | | | | | Updated copyright notice to include the year the file was actually created. Information about file creation dates was extracted from the files in the old CVS repository at tipc.sourceforge.net. Signed-off-by: Per Liden <per.liden@nospam.ericsson.com>
| * [TIPC] Update of file headersPer Liden2006-01-12
| | | | | | | | | | | | | | The copyright statements from different parts of Ericsson have been merged into one. Signed-off-by: Per Liden <per.liden@nospam.ericsson.com>
| * [TIPC] License header updatePer Liden2006-01-12
| | | | | | | | | | | | | | | | The license header in each file now more clearly state that this code is licensed under a dual BSD/GPL. Before this was only evident if you looked at the MODULE_LICENSE line in core.c. Signed-off-by: Per Liden <per.liden@nospam.ericsson.com>
| * [TIPC] Moved configuration interface into tipc_config.hPer Liden2006-01-12
| | | | | | | | | | | | | | Restored the old tipc_config.h to get a cleaner division between the interfaces used by normal TIPC users and TIPC administration utilities. Signed-off-by: Per Liden <per.liden@nospam.ericsson.com>
| * [TIPC] Initial mergePer Liden2006-01-12
| | | | | | | | | | | | | | | | TIPC (Transparent Inter Process Communication) is a protocol designed for intra cluster communication. For more information see http://tipc.sourceforge.net Signed-off-by: Per Liden <per.liden@nospam.ericsson.com>
* | [PATCH] fix wrong comments in ieee80211.hJohannes Berg2006-01-12
|/ | | | | | | | | | The comments in ieee80211.h claim that one doesn't need to set the len parameter of the stats struct. But if one doesn't, the management frames are read far over the memory they actually occupy causing badness. Signed-Off-By: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
* [INET]: congestion and af_ops can be constStephen Hemminger2006-01-10
| | | | | | | | | The congestion ops and af_ops in the inet_connection_sock can be const. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED]: Convert tc action functions to single skb pointersPatrick McHardy2006-01-09
| | | | | | | | | tcf_action_exec only gets a single skb pointer and doesn't own the skb, but passes double skb pointers (to a local variable) to the action functions. Change to use single skb pointers everywhere. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED]: Use USEC_PER_SECPatrick McHardy2006-01-09
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] Eliminate __attribute__ ((packed)) warnings for gcc-4.1Jan Blunck2006-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | Since version 4.1 the gcc is warning about ignored attributes. This patch is using the equivalent attribute on the struct instead of on each of the structure or union members. GCC Manual: "Specifying Attributes of Types packed This attribute, attached to struct or union type definition, specifies that each member of the structure or union is placed to minimize the memory required. When attached to an enum definition, it indicates that the smallest integral type should be used. Specifying this attribute for struct and union types is equivalent to specifying the packed attribute on each of the structure or union members." Signed-off-by: Jan Blunck <jblunck@suse.de> Cc: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [IPV4]: make ip_fragment() staticAdrian Bunk2006-01-07
| | | | | | | | Since there's no longer any external user of ip_fragment() we can make it static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Redo policy lookups after NAT when neccessaryPatrick McHardy2006-01-07
| | | | | | | | | | When NAT changes the key used for the xfrm lookup it needs to be done again. If a new policy is returned in POST_ROUTING the packet needs to be passed to xfrm4_output_one manually after all hooks were called because POST_ROUTING is called with fixed okfn (ip_finish_output). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harderPatrick McHardy2006-01-07
| | | | | | | | | | | | | | | | | ip_route_me_harder doesn't use the port numbers of the xfrm lookup and uses ip_route_input for non-local addresses which doesn't do a xfrm lookup, ip6_route_me_harder doesn't do a xfrm lookup at all. Use xfrm_decode_session and do the lookup manually, make sure both only do the lookup if the packet hasn't been transformed already. Makeing sure the lookup only happens once needs a new field in the IP6CB, which exceeds the size of skb->cb. The size of skb->cb is increased to 48b. Apparently the IPv6 mobile extensions need some more room anyway. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: reset IPCB flags when neccessaryPatrick McHardy2006-01-07
| | | | | | | | | | | | Reset IPSKB_XFRM_TUNNEL_SIZE flags in ipip and ip_gre hard_start_xmit function before the packet reenters IP. This is neccessary so the encapsulated packets are checked not to be oversized in xfrm4_output.c again. Reset all flags in sit when a packet changes its address family. Also remove some obsolete IPSKB flags. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4/6]: Netfilter IPsec input hooksPatrick McHardy2006-01-07
| | | | | | | | | | When the innermost transform uses transport mode the decapsulated packet is not visible to netfilter. Pass the packet through the PRE_ROUTING and LOCAL_IN hooks again before handing it to upper layer protocols to make netfilter-visibility symetrical to the output path. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Move nextheader offset to the IP6CBPatrick McHardy2006-01-07
| | | | | | | | | | Move nextheader offset to the IP6CB to make it possible to pass a packet to ip6_input_finish multiple times and have it skip already parsed headers. As a nice side effect this gets rid of the manual hopopts skipping in ip6_input_finish. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Netfilter IPsec output hooksPatrick McHardy2006-01-07
| | | | | | | | | | | | | | | | | | | | Call netfilter hooks before IPsec transforms. Packets visit the FORWARD/LOCAL_OUT and POST_ROUTING hook before the first encapsulation and the LOCAL_OUT and POST_ROUTING hook before each following tunnel mode transform. Patch from Herbert Xu <herbert@gondor.apana.org.au>: Move the loop from dst_output into xfrm4_output/xfrm6_output since they're the only ones who need to it. xfrm{4,6}_output_one() processes the first SA all subsequent transport mode SAs and is called in a loop that calls the netfilter hooks between each two calls. In order to avoid the tail call issue, I've added the inline function nf_hook which is nf_hook_slow plus the empty list check. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Change sk_run_filter()'s return type in net/core/filter.cKris Katterjohn2006-01-06
| | | | | | | It should return an unsigned value, and fix sk_filter() as well. Signed-off-by: Kris Katterjohn <kjak@ispwest.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Call POST_ROUTING hook before fragmentationPatrick McHardy2006-01-05
| | | | | | | | | | | | | | Call POST_ROUTING hook before fragmentation to get rid of the okfn use in ip_refrag and save the useless fragmentation/defragmentation step when NAT is used. The patch introduces one user-visible change, the POSTROUTING chain in the mangle table gets entire packets, not fragments, which should simplify use of the MARK and CLASSIFY targets for queueing as a nice side-effect. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Add ctnetlink port for nf_conntrackPablo Neira Ayuso2006-01-05
| | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: less inline'sStephen Hemminger2006-01-03
| | | | | | | | | | | | | | | | | | | | | TCP inline usage cleanup: * get rid of inline in several places * replace __inline__ with inline where possible * move functions used in one file out of tcp.h * let compiler decide on used once cases On x86_64: text data bss dec hex filename 3594701 648348 567400 4810449 4966d1 vmlinux.orig 3593133 648580 567400 4809113 496199 vmlinux On sparc64: text data bss dec hex filename 2538278 406152 530392 3474822 350586 vmlinux.ORIG 2536382 406384 530392 3473158 34ff06 vmlinux Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK] genetlink: fix cmd type in genl_ops to be consistent to u8Per Liden2006-01-03
| | | | | | Signed-off-by: Per Liden <per.liden@ericsson.com> ACKed-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* [AF_UNIX]: Convert to use a spinlock instead of rwlockBenjamin LaHaise2006-01-03
| | | | | | | | | | From: Benjamin LaHaise <bcrl@kvack.org> In af_unix, a rwlock is used to protect internal state. At least on my P4 with HT it is faster to use a spinlock due to the simpler memory barrier used to unlock. This patch raises bw_unix to ~690K/s. Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Don't use __constant_htonl for a non const argArnaldo Carvalho de Melo2006-01-03
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.hArnaldo Carvalho de Melo2006-01-03
| | | | | | | | | | | To help in reducing the number of include dependencies, several files were touched as they were getting needed headers indirectly for stuff they use. Thanks also to Alan Menegotto for pointing out that net/dccp/proto.c had linux/dccp.h include twice. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>