aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAge
...
* [NETNS][IPV6]: Make icmpv6_time sysctl per namespace.Daniel Lezcano2008-01-28
| | | | | | | | | | | This patch moves the icmpv6_time sysctl to the network namespace structure. Because the ipv6 protocol is not yet per namespace, the variable is accessed relatively to the initial network namespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: Make sysctls route per namespace.Daniel Lezcano2008-01-28
| | | | | | | | | | | | All the sysctl concerning the routes are moved to the network namespace structure. A helper function is called to initialize the variables. Because the ipv6 protocol is not yet per namespace, the variables are accessed relatively from the network namespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: Make ip6_frags per namespace.Daniel Lezcano2008-01-28
| | | | | | | | | | | | | The ip6_frags is moved to the network namespace structure. Because there can be multiple instances of the network namespaces, and the ip6_frags is no longer a global static variable, a helper function has been added to facilitate the initialization of the variables. Until the ipv6 protocol is not per namespace, the variables are accessed relatively from the initial network namespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: Make bindv6only sysctl per namespace.Daniel Lezcano2008-01-28
| | | | | | | | | This patch moves the bindv6only sysctl to the network namespace structure. Until the ipv6 protocol is not per namespace, the sysctl variable is always from the initial network namespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: Make multiple instance of sysctl tables.Daniel Lezcano2008-01-28
| | | | | | | | | | | | | Each network namespace wants its own set of sysctl value, eg. we should not be able from a namespace to set a sysctl value for another namespace , especially for the initial network namespace. This patch duplicates the sysctl table when we register a new network namespace for ipv6. The duplicated table are postfixed with the "template" word to notify the developper the table is cloned. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: Add ipv6 structure for netns.Daniel Lezcano2008-01-28
| | | | | | | | | Like the ipv4 part, this patch adds an ipv6 structure in the net structure to aggregate the different resources to make ipv6 per namespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: Make ipv6_sysctl_register to return a value.Daniel Lezcano2008-01-28
| | | | | | | | | This patch makes the function ipv6_sysctl_register to return a value. The af_inet6 init function is now able to handle an error and catch it from the initialization of the sysctl. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Use the ctl paths instead of hand-made analoguePavel Emelyanov2008-01-28
| | | | | | | | | | | | | | | | | | The conntracks subsystem has a similar infrastructure to maintain ctl_paths, but since we already have it on the generic level, I think it's OK to switch to using it. So, basically, this patch just replaces the ctl_table-s with ctl_path-s, nf_register_sysctl_table with register_sysctl_paths() and removes no longer needed code. After this the net/netfilter/nf_sysctl.c file contains the paths only. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Switch to using ctl_paths in nf_queue and conntrack modulesPavel Emelyanov2008-01-28
| | | | | | | | | | | | | | | This includes the most simple cases for netfilter. The first part is tne queue modules for ipv4 and ipv6, on which the net/ipv4/ and net/ipv6/ paths are reused from the appropriate ipv4 and ipv6 code. The conntrack module is also patched, but this hunk is very small and simple. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPVS]: Switch to using ctl_paths.Pavel Emelyanov2008-01-28
| | | | | | | | | | | | | The feature of ipvs ctls is that the net/ipv4/vs path is common for core ipvs ctls and for two schedulers, so I make it exported and re-use it in modules. Two other .c files required linux/sysctl.h to make the extern declaration of this path compile well. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [VLAN]: Avoid expensive dividesEric Dumazet2008-01-28
| | | | | | | | | We can avoid divides (as seen with CONFIG_CC_OPTIMIZE_FOR_SIZE=y on x86) changing vlan_group_get_device()/vlan_group_set_device() id parameter from signed to unsigned. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: Add radio led triggerIvo van Doorn2008-01-28
| | | | | | | | | | | | Some devices have a seperate LED which indicates if the radio is enabled or not. This adds a LED trigger to mac80211 where drivers can hook into when they are interested in radio status changes. v2: Check hw.conf.radio_enabled when calling start(). Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: A-MPDU Rx adding basic functionalityRon Rindjunsky2008-01-28
| | | | | | | | | | | | | | | | This patch adds the basic needed abilities and functions for A-MPDU Rx session changed functions: - ieee80211_sta_process_addba_request - Rx A-MPDU initialization enabled - ieee80211_stop - stops all A-MPDU Rx in case interface goes down added functions: - ieee80211_send_delba - used for sending out Del BA in A-MPDU sessions - ieee80211_sta_stop_rx_BA_session - stopping Rx A-MPDU session - sta_rx_agg_session_timer_expired - stops A-MPDU Rx use if load is too low Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: A-MPDU Rx add low level driver APIRon Rindjunsky2008-01-28
| | | | | | | | | This patch adds the API to perform A-MPDU actions between mac80211 and low level driver. Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Remove unused member of dst_entryRami Rosen2008-01-28
| | | | | | | | The info placeholder member of dst_entry seems to be unused in the network stack. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM] xfrm_policy_destroy: Rename and relative fixes.WANG Cong2008-01-28
| | | | | | | | | | | | | | | Since __xfrm_policy_destroy is used to destory the resources allocated by xfrm_policy_alloc. So using the name __xfrm_policy_destroy is not correspond with xfrm_policy_alloc. Rename it to xfrm_policy_destroy. And along with some instances that call xfrm_policy_alloc but not using xfrm_policy_destroy to destroy the resource, fix them. Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Should build with CONFIG_SYSCTL=nEric Dumazet2008-01-28
| | | | | | | Previous NETNS patches broke CONFIG_SYSCTL=n case Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CONNECTOR]: Cleanup struct cn_callback_entryLi Zefan2008-01-28
| | | | | | | | | | | | | | | - 'cb' is a fake struct member. In a previous patch struct cn_callback was renamed to cn_callback_id, so 'cb' should have been deleted at that time. - 'nls' isn't used and is redundant, we can retrieve this data through cn_callback_entry.pdev->nls. - 'seq' and 'group' should be u32, as they are declared to be u32 in other places. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [CONNECTOR]: Cleanup struct cn_queue_devLi Zefan2008-01-28
| | | | | | | | Struct member netlink_groups is never used, and I don't see how it can be useful. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: prot_inuse cleanups and optimizationsEric Dumazet2008-01-28
| | | | | | | | | | | | | | | | | | | | 1) Cleanups (all functions are prefixed by sock_prot_inuse) sock_prot_inc_use(prot) -> sock_prot_inuse_add(prot,-1) sock_prot_dec_use(prot) -> sock_prot_inuse_add(prot,-1) sock_prot_inuse() -> sock_prot_inuse_get() New functions : sock_prot_inuse_init() and sock_prot_inuse_free() to abstract pcounter use. 2) if CONFIG_PROC_FS=n, we can zap 'inuse' member from "struct proto", since nobody wants to read the inuse value. This saves 1372 bytes on i386/SMP and some cpu cycles. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [LIB] pcounter : unline too big functionsEric Dumazet2008-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | Before pushing pcounter to Linus tree, I would like to make some adjustments. Goal is to reduce kernel text size, by unlining too big functions. When a pcounter is bound to a statically defined per_cpu variable, we define two small helpers functions. (No more folding function using the fat for_each_possible_cpu(cpu) ... ) static DEFINE_PER_CPU(int, NAME##_pcounter_values); static void NAME##_pcounter_add(struct pcounter *self, int val) { __get_cpu_var(NAME##_pcounter_values) += val; } static int NAME##_pcounter_getval(const struct pcounter *self, int cpu) { return per_cpu(NAME##_pcounter_values, cpu); } Fast path is therefore unchanged, while folding/alloc/free is now unlined. This saves 228 bytes on i386 Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPVS]: Remove declaration of unimplemented method and remove unused ↵Rami Rosen2008-01-28
| | | | | | | | | | | definition from include/net/ip_vs.h In include/net/ip_vs.h: - The ip_vs_secure_tcp_set() method is not implemented anywhere. - IP_VS_APP_TYPE_FTP is an unused definition. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Remove three declarations of unimplemented methods and correct a ↵Rami Rosen2008-01-28
| | | | | | | | | | | | | | | | typo in include/net/ip.h These three declarations in include/net/ip.h are not implemented anywhere: ip_mc_dropsocket(), ip_mc_dropdevice() and ip_net_unreachable(). Also, correct a comment to be "Functions provided by ip_fragment.c" (instead of by ip_fragment.o) in consistency with the other comments in this header. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SHAPER]: The scheduled shaper removal.Adrian Bunk2008-01-28
| | | | | | | | This patch contains the scheduled removal of the shaper driver. Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: Alan Cox <alan@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Kill duplicate xfrm_policy_flush prototypeHerbert Xu2008-01-28
| | | | | | | | | For five years we had two xfrm_policy_flush prototypes and every time that function's signature changed people have been diligently updating both of them without noticing :) Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Remove TCPCB_URG & TCPCB_AT_TAIL as unnecessaryIlpo Järvinen2008-01-28
| | | | | | | | | | The snd_up check should be enough. I suspect this has been there to provide a minor optimization in clean_rtx_queue which used to have a small if (!->sacked) block which could skip snd_up check among the other work. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Introduce tcp_wnd_end() to reduce line lengthsIlpo Järvinen2008-01-28
| | | | | Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Remove unused multipath cached routing defintion in net/flow.hRami Rosen2008-01-28
| | | | | Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [UDP]: Add memory accounting.Hideo Aoki2008-01-28
| | | | | | Signed-off-by: Takahiro Yasui <tyasui@redhat.com> Signed-off-by: Hideo Aoki <haoki@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] CORE: Introducing new memory accounting interface.Hideo Aoki2008-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces new memory accounting functions for each network protocol. Most of them are renamed from memory accounting functions for stream protocols. At the same time, some stream memory accounting functions are removed since other functions do same thing. Renaming: sk_stream_free_skb() -> sk_wmem_free_skb() __sk_stream_mem_reclaim() -> __sk_mem_reclaim() sk_stream_mem_reclaim() -> sk_mem_reclaim() sk_stream_mem_schedule -> __sk_mem_schedule() sk_stream_pages() -> sk_mem_pages() sk_stream_rmem_schedule() -> sk_rmem_schedule() sk_stream_wmem_schedule() -> sk_wmem_schedule() sk_charge_skb() -> sk_mem_charge() Removeing sk_stream_rfree(): consolidates into sock_rfree() sk_stream_set_owner_r(): consolidates into skb_set_owner_r() sk_stream_mem_schedule() The following functions are added. sk_has_account(): check if the protocol supports accounting sk_mem_uncharge(): do the opposite of sk_mem_charge() In addition, to achieve consolidation, updating sk_wmem_queued is removed from sk_mem_charge(). Next, to consolidate memory accounting functions, this patch adds memory accounting calls to network core functions. Moreover, present memory accounting call is renamed to new accounting call. Finally we replace present memory accounting calls with new interface in TCP and SCTP. Signed-off-by: Takahiro Yasui <tyasui@redhat.com> Signed-off-by: Hideo Aoki <haoki@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NEIGH]: Remove unused method from include/net/neighbour.hRami Rosen2008-01-28
| | | | | Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Remove unused define in include/net/arp.h (HAVE_ARP_CREATE)Rami Rosen2008-01-28
| | | | | Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: [br2864] whitespace cleanupChas Williams2008-01-28
| | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: [br2864] routed supportEric Kinzie2008-01-28
| | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: Convert struct class_device to struct deviceKay Sievers2008-01-28
| | | | | | Signed-off-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil>
* [ETH]: Combine format_addr() with print_mac().Michael Chan2008-01-28
| | | | | | | | | | | | | | | | | | | print_mac() used many most net drivers and format_addr() used by net-sysfs.c are very similar and they can be intergrated. format_addr() is also identically redefined in the qla4xxx iscsi driver. Export a new function sysfs_format_mac() to be used by net-sysfs, qla4xxx and others in the future. Both print_mac() and sysfs_format_mac() call _format_mac_addr() to do the formatting. Changed print_mac() to use unsigned char * to be consistent with net_device struct's dev_addr. Added buffer length overrun checking as suggested by Joe Perches. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SOCK] Avoid divides in sk_stream_pages() and __sk_stream_mem_reclaim()Eric Dumazet2008-01-28
| | | | | | | | | | | | | | | | sk_forward_alloc being signed, we should take care of divides by SK_STREAM_MEM_QUANTUM we do in sk_stream_pages() and __sk_stream_mem_reclaim() This patchs introduces SK_STREAM_MEM_QUANTUM_SHIFT, defined as ilog2(SK_STREAM_MEM_QUANTUM), to be able to use right shifts instead of plain divides. This should help compiler to choose right shifts instead of expensive divides (as seen with CONFIG_CC_OPTIMIZE_FOR_SIZE=y on x86) Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Modify the neighbour table code so it handles multiple network ↵Eric W. Biederman2008-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | namespaces I'm actually surprised at how much was involved. At first glance it appears that the neighbour table data structures are already split by network device so all that should be needed is to modify the user interface commands to filter the set of neighbours by the network namespace of their devices. However a couple things turned up while I was reading through the code. The proxy neighbour table allows entries with no network device, and the neighbour parms are per network device (except for the defaults) so they now need a per network namespace default. So I updated the two structures (which surprised me) with their very own network namespace parameter. Updated the relevant lookup and destroy routines with a network namespace parameter and modified the code that interacts with users to filter out neighbour table entries for devices of other namespaces. I'm a little concerned that we can modify and display the global table configuration and from all network namespaces. But this appears good enough for now. I keep thinking modifying the neighbour table to have per network namespace instances of each table type would should be cleaner. The hash table is already dynamically sized so there are it is not a limiter. The default parameter would be straight forward to take care of. However when I look at the how the network table is built and used I still find some assumptions that there is only a single neighbour table for each type of table in the kernel. The netlink operations, neigh_seq_start, the non-core network users that call neigh_lookup. So while it might be doable it would require more refactoring than my current approach of just doing a little extra filtering in the code. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: RFC4303 compliant auditingPaul Moore2008-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a number of new IPsec audit events to meet the auditing requirements of RFC4303. This includes audit hooks for the following events: * Could not find a valid SA [sections 2.1, 3.4.2] . xfrm_audit_state_notfound() . xfrm_audit_state_notfound_simple() * Sequence number overflow [section 3.3.3] . xfrm_audit_state_replay_overflow() * Replayed packet [section 3.4.3] . xfrm_audit_state_replay() * Integrity check failure [sections 3.4.4.1, 3.4.4.2] . xfrm_audit_state_icvfail() While RFC4304 deals only with ESP most of the changes in this patch apply to IPsec in general, i.e. both AH and ESP. The one case, integrity check failure, where ESP specific code had to be modified the same was done to the AH code for the sake of consistency. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SOCK] Avoid integer divides where not necessary in include/net/sock.hEric Dumazet2008-01-28
| | | | | | | | | | Because sk_wmem_queued, sk_sndbuf are signed, a divide per two may force compiler to use an integer divide. We can instead use a right shift. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Convert several length variable to unsigned.YOSHIFUJI Hideaki2008-01-28
| | | | | | | | | Several length variables cannot be negative, so convert int to unsigned int. This also allows us to do sane shift operations on those variables. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* cfg80211/nl80211: implement station attribute retrievalJohannes Berg2008-01-28
| | | | | | | | | | | After a station is added to the kernel's structures, userspace has to be able to retrieve statistics about that station, especially whether the station was idle and how much bytes were transferred to and from it. This adds the necessary code to nl80211. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* cfg80211/nl80211: station handlingJohannes Berg2008-01-28
| | | | | | | | This patch adds station handling to cfg80211/nl80211. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* cfg80211/nl80211: add beacon settingsJohannes Berg2008-01-28
| | | | | | | | | This adds the necessary API to cfg80211/nl80211 to allow changing beaconing settings. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: support getting key sequence counters via cfg80211Johannes Berg2008-01-28
| | | | | | | | | | This implements cfg80211's get_key() to allow retrieving the sequence counter for a TKIP or CCMP key from userspace. It also cleans up and documents the associated low-level driver interface. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* cfg80211/nl80211: introduce key handlingJohannes Berg2008-01-28
| | | | | | | | | | This introduces key handling to cfg80211/nl80211. Default and group keys can be added, changed and removed; sequence counters for each key can be retrieved. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: allow easier multicast/broadcast buffering in hardwareJohannes Berg2008-01-28
| | | | | | | | | | | | | | | | | There are various decisions influencing the decision whether to buffer a frame for after the next DTIM beacon. The "do we have stations in PS mode" condition cannot be tested by the driver so mac80211 has to do that. To ease driver writing for hardware that can buffer frames until after the next DTIM beacon, introduce a new txctl flag telling the driver to buffer a specific frame. While at it, restructure and comment the code for multicast buffering and remove spurious "inline" directives. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: clean up eapol handling in TX pathJohannes Berg2008-01-28
| | | | | | | | | | | | | | The previous patch left only one user of the ieee80211_is_eapol() function and that user can be eliminated easily by introducing a new "frame is EAPOL" flag to handle the frame specially (we already have this information) instead of doing the (expensive) ieee80211_is_eapol() all the time. Also, allow unencrypted frames to be sent when they are injected. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Assorted IPsec fixupsPaul Moore2008-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a number of small but potentially troublesome things in the XFRM/IPsec code: * Use the 'audit_enabled' variable already in include/linux/audit.h Removed the need for extern declarations local to each XFRM audit fuction * Convert 'sid' to 'secid' everywhere we can The 'sid' name is specific to SELinux, 'secid' is the common naming convention used by the kernel when refering to tokenized LSM labels, unfortunately we have to leave 'ctx_sid' in 'struct xfrm_sec_ctx' otherwise we risk breaking userspace * Convert address display to use standard NIP* macros Similar to what was recently done with the SPD audit code, this also also includes the removal of some unnecessary memcpy() calls * Move common code to xfrm_audit_common_stateinfo() Code consolidation from the "less is more" book on software development * Proper spacing around commas in function arguments Minor style tweak since I was already touching the code Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [XFRM]: Define packet dropping statistics.Masahide NAKAMURA2008-01-28
| | | | | | | | | | | | This statistics is shown factor dropped by transformation at /proc/net/xfrm_stat for developer. It is a counter designed from current transformation source code and defined as linux private MIB. See Documentation/networking/xfrm_proc.txt for the detail. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>