aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
Commit message (Collapse)AuthorAge
* [IPV6]: Fix dangling references on error in fib6_add().David S. Miller2008-04-18
| | | | | | | | | | | | | | | Fixes bugzilla #8895 If a super-tree leaf has 'rt' assigned to it and we get an error from fib6_add_rt2node(), we'll leave a reference to 'rt' in pn->leaf and then do an unconditional dst_free(). We should prune such references. Based upon a report by Vincent Perrier. Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Drop the inet_inherit_port() call.Pavel Emelyanov2008-04-18
| | | | | | | | | | | | | | | As I can see from the code, two places (tcp_v6_syn_recv_sock and dccp_v6_request_recv_sock) that call this one already run with BHs disabled, so it's safe to call __inet_inherit_port there. Besides (in case I missed smth with code review) the calltrace tcp_v6_syn_recv_sock `- tcp_v4_syn_recv_sock `- __inet_inherit_port and the similar for DCCP are valid, but assumes BHs to be disabled. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Add netns refcnt debug for dst ops.Denis V. Lunev2008-04-16
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Allow to create IP6 tunnels in net namespaces.Pavel Emelyanov2008-04-16
| | | | | | | | | | And no need in some IPPROTO_XXX enabling, since ipv6 code doesn't have any filtering. So, just set proper net and mark device with NETNS_LOCAL. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Use proper net instead of init_net stubs.Pavel Emelyanov2008-04-16
| | | | | | | | | | | All the ip_route_output_key(), dev_get_by_...() and ipv6_chk_addr() calls are now stubbed with init_net. Fortunately, all the places already have where to get the proper net from. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Make tunnels hashes per-net.Pavel Emelyanov2008-04-16
| | | | | | | | Move hashes in the struct ip6_tnl_net, replace tnls_xxx[] with ip6n->tnlx_xxx[] and handle init and exit appropriately. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Make the fallback tunnel device per-net.Pavel Emelyanov2008-04-16
| | | | | | | | | All the code, that reference it already has the ip6_tnl_net pointer, so s/ip6_fb_tnl_dev/ip6n->fb_tnl_dev/ and move creation/releasing code into net init/exit ops. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Use proper net in hash-lookup functions.Pavel Emelyanov2008-04-16
| | | | | | | | Calls to ip6_tnl_lookup were stubbed with init_net - give them a proper one. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Add (ip6_tnl_)net argument to some calls.Pavel Emelyanov2008-04-16
| | | | | | | Hashes and fallback device used in them will be per-net. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IP6TUNNEL]: Introduce empty ip6_tnl_net structure and net ops.Pavel Emelyanov2008-04-16
| | | | | Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Allow to create SIT tunnels in net namespaces.Pavel Emelyanov2008-04-16
| | | | | | | Set proper net and mark a new device as NETNS_LOCAL before registering. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Use proper net in routing calls.Pavel Emelyanov2008-04-16
| | | | | | | I.e. replace init_net stubs in ip_route_output_key() calls. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Make tunnels hashes per-net.Pavel Emelyanov2008-04-16
| | | | | | | | Just move all the hashes on the sit_net structure and patch the rest of the code appropriately. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Make the fallback tunnel device per-netPavel Emelyanov2008-04-16
| | | | | | | | Allocate and register one in sit_init_net, use sitn->fb_tunnel_dev over the code and unregister one in sit_exit_net. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Use proper net in hash-lookup functions.Pavel Emelyanov2008-04-16
| | | | | | | | Replace introduced in the previous patch init_net stubs with the proper net pointer. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Add net/sit_net argument to some functions.Pavel Emelyanov2008-04-16
| | | | | | | | ... to make them prepared for future hashes and fallback device move on the struct sit_net. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SIT]: Introduce empty struct sit_net and init/exit net ops.Pavel Emelyanov2008-04-16
| | | | | Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2008-04-14
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.26
| * [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by ↵Jan Engelhardt2008-04-14
| | | | | | | | | | | | | | | | | | | | function call Directly call IPv4 and IPv6 variants where the address family is easily known. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4protoJan Engelhardt2008-04-14
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3protoJan Engelhardt2008-04-14
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: Add partial checksum validation helperPatrick McHardy2008-04-14
| | | | | | | | | | | | | | | | | | | | Move the UDP-Lite conntrack checksum validation to a generic helper similar to nf_checksum() and make it fall back to nf_checksum() in case the full packet is to be checksummed and hardware checksums are available. This is to be used by DCCP conntrack, which also needs to verify partial checksums. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: {ip,ip6,arp}_tables: return EAGAIN for invalid SO_GET_ENTRIES sizePatrick McHardy2008-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rule dumping is performed in two steps: first userspace gets the ruleset size using getsockopt(SO_GET_INFO) and allocates memory, then it calls getsockopt(SO_GET_ENTRIES) to actually dump the ruleset. When another process changes the ruleset in between the sizes from the first getsockopt call doesn't match anymore and the kernel aborts. Unfortunately it returns EAGAIN, as for multiple other possible errors, so userspace can't distinguish this case from real errors. Return EAGAIN so userspace can retry the operation. Fixes (with current iptables SVN version) netfilter bugzilla #104. Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: annotate rest of nf_conntrack_* with constJan Engelhardt2008-04-14
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: annotate {arp,ip,ip6,x}tables with constJan Engelhardt2008-04-14
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: annotate xtables targets with const and remove castsJan Engelhardt2008-04-14
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: Use non-deprecated __RW_LOCK_UNLOCKED macroRobert P. J. Day2008-04-14
| | | | | | | | | | Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * [NETFILTER]: {ip,ip6}t_LOG: print MARK value in log outputPatrick McHardy2008-04-14
| | | | | | | | | | | | | | | | Dump the mark value in log messages similar to nfnetlink_log. This is useful for debugging complex setups where marks are used for routing or traffic classification. Signed-off-by: Patrick McHardy <kaber@trash.net>
* | [SOCK]: Add some notes about per-bind-bucket sock lookup.Pavel Emelyanov2008-04-14
| | | | | | | | | | | | | | | | | | | | | | I was asked about "why don't we perform a sk_net filtering in bind_conflict calls, like we do in other sock lookup places" for a couple of times. Can we please add a comment about why we do not need one? Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge branch 'master' of ↵David S. Miller2008-04-14
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/ehea/ehea_main.c drivers/net/wireless/iwlwifi/Kconfig drivers/net/wireless/rt2x00/rt61pci.c net/ipv4/inet_timewait_sock.c net/ipv6/raw.c net/mac80211/ieee80211_sta.c
| * [IPV6] ADDRCONF: Don't generate temporary address for ip6-ip6 interface.YOSHIFUJI Hideaki2008-04-14
| | | | | | | | | | | | | | | | | | | | As far as I can remember, I was going to disable privacy extensions on all "tunnel" interfaces. Disable it on ip6-ip6 interface as well. Also, just remove ifdefs for SIT for simplicity. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6] ADDRCONF: Ensure disabling multicast RS even if privacy extensions ↵YOSHIFUJI Hideaki2008-04-14
| | | | | | | | | | | | | | are disabled. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6]: Fix ipv6 address fetching in raw6_icmp_error().David S. Miller2008-04-14
| | | | | | | | | | | | | | | | | | | | | | | | Fixes kernel bugzilla 10437 Based almost entirely upon a patch by Dmitry Butskoy. When deciding what raw sockets to deliver the ICMPv6 to, we should use the addresses in the ICMPv6 quoted IPV6 header, not the top-level one. Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6]: Fix refcounting for anycast dst entries.Denis V. Lunev2008-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Anycast DST entries allocated inside ipv6_dev_ac_inc are leaked when network device is stopped without removing IPv6 addresses from it. The bug has been observed in the reality on 2.6.18-rhel5 kernel. In the above case addrconf_ifdown marks all entries as obsolete and ip6_del_rt called from __ipv6_dev_ac_dec returns ENOENT. The referrence is not dropped. The fix is simple. DST entry should not keep referrence when stored in the FIB6 tree. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6]: inet6_dev on loopback should be kept until namespace stop.Denis V. Lunev2008-04-03
| | | | | | | | | | | | | | | | | | In the other case it will be destroyed when last address will be removed from lo inside a namespace. This will break IPv6 in several places. The most obvious one is ip6_dst_ifdown. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6]: Event type in addrconf_ifdown is mis-used.Denis V. Lunev2008-04-03
| | | | | | | | | | | | | | | | | | | | addrconf_ifdown is broken in respect to the usage of how parameter. This function is called with (event != NETDEV_DOWN) and (2) on the IPv6 stop. It the latter case inet6_dev from loopback device should be destroyed. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [ICMP]: Ensure that ICMP relookup maintains status quoHerbert Xu2008-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ICMP relookup path is only meant to modify behaviour when appropriate IPsec policies are in place and marked as requiring relookups. It is certainly not meant to modify behaviour when IPsec policies don't exist at all. However, due to an oversight on the error paths existing behaviour may in fact change should one of the relookup steps fail. This patch corrects this by redirecting all errors on relookup failures to the previous code path. That is, if the initial xfrm_lookup let the packet pass, we will stand by that decision should the relookup fail due to an error. This should be safe from a security point-of-view because compliant systems must install a default deny policy so the packet would'nt have passed in that case. Many thanks to Julian Anastasov for pointing out this error. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6] MROUTE: Add stats in multicast routing module method ip6_mr_forward().Rami Rosen2008-04-14
| | | | | | | | | | | | | | | | | | | | This patches adds a call to increment IPSTATS_MIB_OUTFORWDATAGRAMS when forwarding the packet in ip6_mr_forward() in the IPv6 multicast routing module (net/ipv6/ip6mr.c). Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Sink IPv6 menuoptions into its own submenuJan Engelhardt2008-04-14
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Share common code-paths for sticky socket options.YOSHIFUJI Hideaki2008-04-14
| | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6] MROUTE: Do not call ipv6_find_idev() directly.YOSHIFUJI Hideaki2008-04-14
| | | | | | | | | | | | | | | | Since NETDEV_REGISTER notifier chain is responsible for creating inet6_dev{}, we do not need to call ipv6_find_idev() directly here. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Remove owner from tcp_seq_afinfo.Denis V. Lunev2008-04-14
| | | | | | | | | | | | | | Move it to tcp_seq_afinfo->seq_fops as should be. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Place file operations directly into tcp_seq_afinfo.Denis V. Lunev2008-04-14
| | | | | | | | | | | | | | No need to have separate never-used variable. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Move seq_ops from tcp_iter_state to tcp_seq_afinfo.Denis V. Lunev2008-04-14
| | | | | | | | | | | | | | No need to create seq_operations for each instance of 'netstat'. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Fix IPV6_RECVERR for connected raw sockets.YOSHIFUJI Hideaki2008-04-12
| | | | | | | | | | | | | | Based on patch from Dmitry Butskoy <buc@odusz.so-cdu.ru>. Closes: 10437 Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [IPv6]: Change IPv6 unspecified destination address to ::1 for raw and ↵Brian Haley2008-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | un-connected sockets This patch fixes a difference between IPv4 and IPv6 when sending packets to the unspecified address (either 0.0.0.0 or ::) when using raw or un-connected UDP sockets. There are two cases where IPv6 either fails to send anything, or sends with the destination address set to ::. For example: --> ping -c1 0.0.0.0 PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.032 ms --> ping6 -c1 :: PING ::(::) 56 data bytes ping: sendmsg: Invalid argument Doing a sendto("0.0.0.0") reveals: 10:55:01.495090 IP localhost.32780 > localhost.7639: UDP, length 100 Doing a sendto("::") reveals: 10:56:13.262478 IP6 fe80::217:8ff:fe7d:4718.32779 > ::.7639: UDP, length 100 If you issue a connect() first in the UDP case, it will be sent to ::1, similar to what happens with TCP. This restores the BSD-ism. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [IPV6] MROUTE: Adjust IPV6 multicast routing module to use mroute6 header ↵Rami Rosen2008-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | declarations. - This patch adjusts IPv6 multicast routing module, net/ipv6/ip6mr.c, to use mroute6 header definitions instead of mroute. (MFC6_LINES instead of MFC_LINES, MAXMIFS instead of MAXVIFS, mifi_t instead of vifi_t.) - In addition, inclusion of some headers was removed as it is not needed. Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [IPV6]: Check length of int/boolean optval provided by user in setsockopt().YOSHIFUJI Hideaki2008-04-12
| | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [IPV6]: Check length of optval provided by user in setsockopt().Wang Chen2008-04-12
| | | | | | | | | | | | | | | | | | Check length of setsockopt's optval, which provided by user, before copy it from user space. For POSIX compliant, return -EINVAL for setsockopt of short lengths. Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [IPV6] MIP6: Use our standard definitions for paddings.YOSHIFUJI Hideaki2008-04-12
| | | | | | | | | | | | | | MIP6_OPT_PAD_X are actually for paddings in destination option header. Replace them with our standard IPV6_TLV_PADX. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>